summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorMartin Nagy <mnagy@redhat.com>2009-02-11 20:37:59 +0100
committerMartin Nagy <mnagy@redhat.com>2009-02-11 20:37:59 +0100
commitf50ae72ec3417cae55dd4e085991c01af9fdc5f1 (patch)
tree0e36c9a3320f6d068df93d3ff6d84b821d23db40 /bin
downloadbind_dynamic-f50ae72ec3417cae55dd4e085991c01af9fdc5f1.tar.gz
bind_dynamic-f50ae72ec3417cae55dd4e085991c01af9fdc5f1.tar.xz
bind_dynamic-f50ae72ec3417cae55dd4e085991c01af9fdc5f1.zip
Initial commitstart
Diffstat (limited to 'bin')
-rw-r--r--bin/Makefile.in25
-rw-r--r--bin/check/Makefile.in98
-rw-r--r--bin/check/check-tool.c663
-rw-r--r--bin/check/check-tool.h55
-rw-r--r--bin/check/named-checkconf.894
-rw-r--r--bin/check/named-checkconf.c504
-rw-r--r--bin/check/named-checkconf.docbook171
-rw-r--r--bin/check/named-checkconf.html96
-rw-r--r--bin/check/named-checkzone.8278
-rw-r--r--bin/check/named-checkzone.c457
-rw-r--r--bin/check/named-checkzone.docbook455
-rw-r--r--bin/check/named-checkzone.html262
-rw-r--r--bin/check/win32/checktool.dsp113
-rw-r--r--bin/check/win32/checktool.dsw29
-rw-r--r--bin/check/win32/namedcheckconf.dsp107
-rw-r--r--bin/check/win32/namedcheckconf.dsw29
-rw-r--r--bin/check/win32/namedcheckconf.mak404
-rw-r--r--bin/check/win32/namedcheckzone.dsp108
-rw-r--r--bin/check/win32/namedcheckzone.dsw29
-rw-r--r--bin/check/win32/namedcheckzone.mak404
-rw-r--r--bin/dig/Makefile.in101
-rw-r--r--bin/dig/dig.1568
-rw-r--r--bin/dig/dig.c1813
-rw-r--r--bin/dig/dig.docbook952
-rw-r--r--bin/dig/dig.html637
-rw-r--r--bin/dig/dighost.c5420
-rw-r--r--bin/dig/host.1219
-rw-r--r--bin/dig/host.c862
-rw-r--r--bin/dig/host.docbook278
-rw-r--r--bin/dig/host.html212
-rw-r--r--bin/dig/include/dig/dig.h406
-rw-r--r--bin/dig/nslookup.1252
-rw-r--r--bin/dig/nslookup.c891
-rw-r--r--bin/dig/nslookup.docbook496
-rw-r--r--bin/dig/nslookup.html307
-rw-r--r--bin/dig/win32/dig.dsp107
-rw-r--r--bin/dig/win32/dig.dsw29
-rw-r--r--bin/dig/win32/dig.mak425
-rw-r--r--bin/dig/win32/dighost.dsp113
-rw-r--r--bin/dig/win32/dighost.dsw29
-rw-r--r--bin/dig/win32/host.dsp103
-rw-r--r--bin/dig/win32/host.dsw29
-rw-r--r--bin/dig/win32/host.mak425
-rw-r--r--bin/dig/win32/nslookup.dsp107
-rw-r--r--bin/dig/win32/nslookup.dsw29
-rw-r--r--bin/dig/win32/nslookup.mak425
-rw-r--r--bin/dnssec/Makefile.in95
-rw-r--r--bin/dnssec/dnssec-dsfromkey.8124
-rw-r--r--bin/dnssec/dnssec-dsfromkey.c388
-rw-r--r--bin/dnssec/dnssec-dsfromkey.docbook214
-rw-r--r--bin/dnssec/dnssec-dsfromkey.html133
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.8149
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.c327
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.docbook265
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.html171
-rw-r--r--bin/dnssec/dnssec-keygen.8200
-rw-r--r--bin/dnssec/dnssec-keygen.c540
-rw-r--r--bin/dnssec/dnssec-keygen.docbook360
-rw-r--r--bin/dnssec/dnssec-keygen.html232
-rw-r--r--bin/dnssec/dnssec-signzone.8287
-rw-r--r--bin/dnssec/dnssec-signzone.c3031
-rw-r--r--bin/dnssec/dnssec-signzone.docbook512
-rw-r--r--bin/dnssec/dnssec-signzone.html302
-rw-r--r--bin/dnssec/dnssectool.c313
-rw-r--r--bin/dnssec/dnssectool.h76
-rw-r--r--bin/dnssec/win32/dnssectool.dsp113
-rw-r--r--bin/dnssec/win32/dnssectool.dsw29
-rw-r--r--bin/dnssec/win32/dsfromkey.dsp103
-rw-r--r--bin/dnssec/win32/dsfromkey.dsw29
-rw-r--r--bin/dnssec/win32/dsfromkey.mak324
-rw-r--r--bin/dnssec/win32/keyfromlabel.dsp103
-rw-r--r--bin/dnssec/win32/keyfromlabel.dsw29
-rw-r--r--bin/dnssec/win32/keyfromlabel.mak324
-rw-r--r--bin/dnssec/win32/keygen.dsp103
-rw-r--r--bin/dnssec/win32/keygen.dsw29
-rw-r--r--bin/dnssec/win32/keygen.mak324
-rw-r--r--bin/dnssec/win32/nsupdate.dsp103
-rw-r--r--bin/dnssec/win32/nsupdate.dsw29
-rw-r--r--bin/dnssec/win32/signzone.dsp103
-rw-r--r--bin/dnssec/win32/signzone.dsw29
-rw-r--r--bin/dnssec/win32/signzone.mak324
-rw-r--r--bin/named/Makefile.in154
-rw-r--r--bin/named/bind9.xsl481
-rw-r--r--bin/named/bind9.xsl.h486
-rw-r--r--bin/named/builtin.c307
-rw-r--r--bin/named/client.c2798
-rw-r--r--bin/named/config.c807
-rw-r--r--bin/named/control.c197
-rw-r--r--bin/named/controlconf.c1459
-rwxr-xr-xbin/named/convertxsl.pl57
-rw-r--r--bin/named/include/named/builtin.h31
-rw-r--r--bin/named/include/named/client.h375
-rw-r--r--bin/named/include/named/config.h79
-rw-r--r--bin/named/include/named/control.h95
-rw-r--r--bin/named/include/named/globals.h139
-rw-r--r--bin/named/include/named/interfacemgr.h176
-rw-r--r--bin/named/include/named/listenlist.h105
-rw-r--r--bin/named/include/named/log.h98
-rw-r--r--bin/named/include/named/logconf.h34
-rw-r--r--bin/named/include/named/lwaddr.h36
-rw-r--r--bin/named/include/named/lwdclient.h234
-rw-r--r--bin/named/include/named/lwresd.h121
-rw-r--r--bin/named/include/named/lwsearch.h112
-rw-r--r--bin/named/include/named/main.h34
-rw-r--r--bin/named/include/named/notify.h55
-rw-r--r--bin/named/include/named/ns_smf_globals.h44
-rw-r--r--bin/named/include/named/query.h87
-rw-r--r--bin/named/include/named/server.h298
-rw-r--r--bin/named/include/named/sortlist.h87
-rw-r--r--bin/named/include/named/statschannel.h61
-rw-r--r--bin/named/include/named/tkeyconf.h53
-rw-r--r--bin/named/include/named/tsigconf.h49
-rw-r--r--bin/named/include/named/types.h46
-rw-r--r--bin/named/include/named/update.h50
-rw-r--r--bin/named/include/named/xfrout.h39
-rw-r--r--bin/named/include/named/zoneconf.h63
-rw-r--r--bin/named/interfacemgr.c974
-rw-r--r--bin/named/listenlist.c138
-rw-r--r--bin/named/log.c235
-rw-r--r--bin/named/logconf.c299
-rw-r--r--bin/named/lwaddr.c94
-rw-r--r--bin/named/lwdclient.c468
-rw-r--r--bin/named/lwderror.c80
-rw-r--r--bin/named/lwdgabn.c657
-rw-r--r--bin/named/lwdgnba.c270
-rw-r--r--bin/named/lwdgrbn.c513
-rw-r--r--bin/named/lwdnoop.c87
-rw-r--r--bin/named/lwresd.8223
-rw-r--r--bin/named/lwresd.c870
-rw-r--r--bin/named/lwresd.docbook373
-rw-r--r--bin/named/lwresd.html225
-rw-r--r--bin/named/lwsearch.c206
-rw-r--r--bin/named/main.c991
-rw-r--r--bin/named/named.8256
-rw-r--r--bin/named/named.conf.5548
-rw-r--r--bin/named/named.conf.docbook629
-rw-r--r--bin/named/named.conf.html585
-rw-r--r--bin/named/named.docbook445
-rw-r--r--bin/named/named.html284
-rw-r--r--bin/named/notify.c174
-rw-r--r--bin/named/query.c5096
-rw-r--r--bin/named/server.c5462
-rw-r--r--bin/named/sortlist.c170
-rw-r--r--bin/named/statschannel.c1257
-rw-r--r--bin/named/tkeyconf.c128
-rw-r--r--bin/named/tsigconf.c181
-rw-r--r--bin/named/unix/Makefile.in36
-rw-r--r--bin/named/unix/include/named/os.h71
-rw-r--r--bin/named/unix/os.c816
-rw-r--r--bin/named/update.c4296
-rw-r--r--bin/named/win32/include/named/ntservice.h35
-rw-r--r--bin/named/win32/include/named/os.h70
-rw-r--r--bin/named/win32/named.dsp327
-rw-r--r--bin/named/win32/named.dsw29
-rw-r--r--bin/named/win32/named.mak1174
-rw-r--r--bin/named/win32/ntservice.c239
-rw-r--r--bin/named/win32/os.c304
-rw-r--r--bin/named/xfrout.c1842
-rw-r--r--bin/named/zoneconf.c1016
-rw-r--r--bin/nsupdate/Makefile.in83
-rw-r--r--bin/nsupdate/nsupdate.1377
-rw-r--r--bin/nsupdate/nsupdate.c2724
-rw-r--r--bin/nsupdate/nsupdate.docbook701
-rw-r--r--bin/nsupdate/nsupdate.html530
-rw-r--r--bin/nsupdate/win32/nsupdate.dsp103
-rw-r--r--bin/nsupdate/win32/nsupdate.dsw29
-rw-r--r--bin/nsupdate/win32/nsupdate.mak373
-rw-r--r--bin/rndc/Makefile.in104
-rw-r--r--bin/rndc/include/rndc/os.h46
-rw-r--r--bin/rndc/rndc-confgen.8211
-rw-r--r--bin/rndc/rndc-confgen.c342
-rw-r--r--bin/rndc/rndc-confgen.docbook286
-rw-r--r--bin/rndc/rndc-confgen.html188
-rw-r--r--bin/rndc/rndc.8148
-rw-r--r--bin/rndc/rndc.c859
-rw-r--r--bin/rndc/rndc.conf47
-rw-r--r--bin/rndc/rndc.conf.5214
-rw-r--r--bin/rndc/rndc.conf.docbook252
-rw-r--r--bin/rndc/rndc.conf.html217
-rw-r--r--bin/rndc/rndc.docbook253
-rw-r--r--bin/rndc/rndc.html165
-rw-r--r--bin/rndc/unix/Makefile.in36
-rw-r--r--bin/rndc/unix/os.c70
-rw-r--r--bin/rndc/util.c57
-rw-r--r--bin/rndc/util.h51
-rw-r--r--bin/rndc/win32/confgen.dsp111
-rw-r--r--bin/rndc/win32/confgen.dsw29
-rw-r--r--bin/rndc/win32/confgen.mak313
-rw-r--r--bin/rndc/win32/os.c65
-rw-r--r--bin/rndc/win32/rndc.dsp107
-rw-r--r--bin/rndc/win32/rndc.dsw29
-rw-r--r--bin/rndc/win32/rndc.mak425
-rw-r--r--bin/rndc/win32/rndcutil.dsp119
-rw-r--r--bin/rndc/win32/rndcutil.dsw29
-rw-r--r--bin/tests/Kchild.example.+003+04017.key1
-rw-r--r--bin/tests/Kchild.example.+003+04017.private7
-rw-r--r--bin/tests/Makefile.in306
-rw-r--r--bin/tests/adb_test.c436
-rw-r--r--bin/tests/b8t.mk63
-rw-r--r--bin/tests/b9t.mk68
-rw-r--r--bin/tests/byaddr_test.c267
-rw-r--r--bin/tests/byname_test.c376
-rw-r--r--bin/tests/cfg_test.c151
-rw-r--r--bin/tests/compress_test.c194
-rw-r--r--bin/tests/db/Makefile.in57
-rw-r--r--bin/tests/db/dns_db_class_1.data11
-rw-r--r--bin/tests/db/dns_db_class_data9
-rw-r--r--bin/tests/db/dns_db_closeversion_1.data11
-rw-r--r--bin/tests/db/dns_db_closeversion_1_data7
-rw-r--r--bin/tests/db/dns_db_closeversion_2.data11
-rw-r--r--bin/tests/db/dns_db_closeversion_2_data7
-rw-r--r--bin/tests/db/dns_db_currentversion.data11
-rw-r--r--bin/tests/db/dns_db_currentversion_data7
-rw-r--r--bin/tests/db/dns_db_expirenode.data11
-rw-r--r--bin/tests/db/dns_db_expirenode_data7
-rw-r--r--bin/tests/db/dns_db_find_1.data12
-rw-r--r--bin/tests/db/dns_db_find_10.data10
-rw-r--r--bin/tests/db/dns_db_find_10_data8
-rw-r--r--bin/tests/db/dns_db_find_1_data7
-rw-r--r--bin/tests/db/dns_db_find_2.data9
-rw-r--r--bin/tests/db/dns_db_find_2_data9
-rw-r--r--bin/tests/db/dns_db_find_3.data10
-rw-r--r--bin/tests/db/dns_db_find_3_data9
-rw-r--r--bin/tests/db/dns_db_find_4.data9
-rw-r--r--bin/tests/db/dns_db_find_4_data7
-rw-r--r--bin/tests/db/dns_db_find_5.data10
-rw-r--r--bin/tests/db/dns_db_find_5_data8
-rw-r--r--bin/tests/db/dns_db_find_6.data10
-rw-r--r--bin/tests/db/dns_db_find_6_data8
-rw-r--r--bin/tests/db/dns_db_find_7.data12
-rw-r--r--bin/tests/db/dns_db_find_7_data7
-rw-r--r--bin/tests/db/dns_db_find_8.data13
-rw-r--r--bin/tests/db/dns_db_find_8_data7
-rw-r--r--bin/tests/db/dns_db_find_9.data13
-rw-r--r--bin/tests/db/dns_db_find_9_data7
-rw-r--r--bin/tests/db/dns_db_findnode_1.data11
-rw-r--r--bin/tests/db/dns_db_findnode_1_data9
-rw-r--r--bin/tests/db/dns_db_findnode_2.data11
-rw-r--r--bin/tests/db/dns_db_findnode_2_data7
-rw-r--r--bin/tests/db/dns_db_iscache_1.data11
-rw-r--r--bin/tests/db/dns_db_iscache_1_data7
-rw-r--r--bin/tests/db/dns_db_iscache_2.data11
-rw-r--r--bin/tests/db/dns_db_iscache_2_data7
-rw-r--r--bin/tests/db/dns_db_iszone_1.data11
-rw-r--r--bin/tests/db/dns_db_iszone_1_data7
-rw-r--r--bin/tests/db/dns_db_iszone_2.data11
-rw-r--r--bin/tests/db/dns_db_iszone_2_data7
-rw-r--r--bin/tests/db/dns_db_load_1.data11
-rw-r--r--bin/tests/db/dns_db_load_25.data6
-rw-r--r--bin/tests/db/dns_db_load_data7
-rw-r--r--bin/tests/db/dns_db_load_soa_not_top7
-rw-r--r--bin/tests/db/dns_db_newversion.data11
-rw-r--r--bin/tests/db/dns_db_newversion_data7
-rw-r--r--bin/tests/db/dns_db_origin_1.data11
-rw-r--r--bin/tests/db/dns_db_origin_data8
-rw-r--r--bin/tests/db/t_db.c3146
-rw-r--r--bin/tests/db_test.c946
-rw-r--r--bin/tests/dst/Kdh.+002+18602.key1
-rw-r--r--bin/tests/dst/Kdh.+002+18602.private6
-rw-r--r--bin/tests/dst/Kdh.+002+48957.key1
-rw-r--r--bin/tests/dst/Kdh.+002+48957.private6
-rw-r--r--bin/tests/dst/Ktest.+001+00002.key1
-rw-r--r--bin/tests/dst/Ktest.+001+54622.key1
-rw-r--r--bin/tests/dst/Ktest.+001+54622.private10
-rw-r--r--bin/tests/dst/Ktest.+003+23616.key1
-rw-r--r--bin/tests/dst/Ktest.+003+23616.private7
-rw-r--r--bin/tests/dst/Ktest.+003+49667.key1
-rw-r--r--bin/tests/dst/Makefile.in65
-rw-r--r--bin/tests/dst/dst_2_data16
-rw-r--r--bin/tests/dst/dst_test.c294
-rwxr-xr-xbin/tests/dst/gsstest.c566
-rw-r--r--bin/tests/dst/t2_data_13077
-rw-r--r--bin/tests/dst/t2_data_23077
-rw-r--r--bin/tests/dst/t2_dsasig3
-rw-r--r--bin/tests/dst/t2_rsasig6
-rw-r--r--bin/tests/dst/t_dst.c933
-rw-r--r--bin/tests/entropy2_test.c175
-rw-r--r--bin/tests/entropy_test.c140
-rw-r--r--bin/tests/fsaccess_test.c60
-rw-r--r--bin/tests/genrandom.c76
-rw-r--r--bin/tests/gxba_test.c98
-rw-r--r--bin/tests/gxbn_test.c86
-rw-r--r--bin/tests/hash_test.c289
-rw-r--r--bin/tests/headerdep_test.sh.in57
-rw-r--r--bin/tests/inter_test.c137
-rw-r--r--bin/tests/journalprint.c86
-rw-r--r--bin/tests/keyboard_test.c75
-rw-r--r--bin/tests/lex_test.c160
-rw-r--r--bin/tests/lfsr_test.c95
-rw-r--r--bin/tests/log_test.c338
-rw-r--r--bin/tests/lwres_test.c304
-rw-r--r--bin/tests/lwresconf_test.c98
-rw-r--r--bin/tests/master/Makefile.in58
-rw-r--r--bin/tests/master/dns_master_load_10_data12
-rw-r--r--bin/tests/master/dns_master_load_11_data12
-rw-r--r--bin/tests/master/dns_master_load_1_data12
-rw-r--r--bin/tests/master/dns_master_load_2_data12
-rw-r--r--bin/tests/master/dns_master_load_3_data12
-rw-r--r--bin/tests/master/dns_master_load_4_data12
-rw-r--r--bin/tests/master/dns_master_load_5_data12
-rw-r--r--bin/tests/master/dns_master_load_6_data12
-rw-r--r--bin/tests/master/dns_master_load_7_data12
-rw-r--r--bin/tests/master/dns_master_load_8_data12
-rw-r--r--bin/tests/master/dns_master_load_9_data12
-rw-r--r--bin/tests/master/master1.data11
-rw-r--r--bin/tests/master/master10.data7
-rw-r--r--bin/tests/master/master11.data6
-rw-r--r--bin/tests/master/master2.data11
-rw-r--r--bin/tests/master/master3.data11
-rw-r--r--bin/tests/master/master4.data11
-rw-r--r--bin/tests/master/master5.data11
-rw-r--r--bin/tests/master/master6.data33
-rw-r--r--bin/tests/master/master7.data17
-rw-r--r--bin/tests/master/master8.data4
-rw-r--r--bin/tests/master/master9.data4
-rw-r--r--bin/tests/master/t_master.c336
-rw-r--r--bin/tests/master_test.c95
-rw-r--r--bin/tests/mem/Makefile.in55
-rw-r--r--bin/tests/mem/t_mem.c208
-rw-r--r--bin/tests/mempool_test.c128
-rw-r--r--bin/tests/name_test.c352
-rw-r--r--bin/tests/named.conf624
-rw-r--r--bin/tests/names/Makefile.in58
-rw-r--r--bin/tests/names/dns_name_compare_data11
-rw-r--r--bin/tests/names/dns_name_countlabels_data10
-rw-r--r--bin/tests/names/dns_name_fromregion_data12
-rw-r--r--bin/tests/names/dns_name_fromtext_data9
-rw-r--r--bin/tests/names/dns_name_fromwire_1_data30
-rw-r--r--bin/tests/names/dns_name_fromwire_2_data30
-rw-r--r--bin/tests/names/dns_name_fromwire_3_data31
-rw-r--r--bin/tests/names/dns_name_fromwire_4_data30
-rw-r--r--bin/tests/names/dns_name_fromwire_5_data30
-rw-r--r--bin/tests/names/dns_name_fromwire_6_data30
-rw-r--r--bin/tests/names/dns_name_fromwire_7_data30
-rw-r--r--bin/tests/names/dns_name_fromwire_8_data30
-rw-r--r--bin/tests/names/dns_name_fullcompare_data10
-rw-r--r--bin/tests/names/dns_name_getlabel_data10
-rw-r--r--bin/tests/names/dns_name_getlabelsequence_data9
-rw-r--r--bin/tests/names/dns_name_hash_data12
-rw-r--r--bin/tests/names/dns_name_isabsolute_data8
-rw-r--r--bin/tests/names/dns_name_issubdomain_data11
-rw-r--r--bin/tests/names/dns_name_rdatacompare_data11
-rw-r--r--bin/tests/names/dns_name_toregion_data8
-rw-r--r--bin/tests/names/dns_name_totext_data9
-rw-r--r--bin/tests/names/dns_name_towire_1_data17
-rw-r--r--bin/tests/names/dns_name_towire_2_data17
-rw-r--r--bin/tests/names/t_names.c2345
-rw-r--r--bin/tests/names/wire_test1.data13
-rw-r--r--bin/tests/names/wire_test2.data13
-rw-r--r--bin/tests/names/wire_test3_1.data11
-rw-r--r--bin/tests/names/wire_test3_2.data12
-rw-r--r--bin/tests/names/wire_test4.data45
-rw-r--r--bin/tests/names/wire_test5.data13
-rw-r--r--bin/tests/names/wire_test6.data13
-rw-r--r--bin/tests/names/wire_test7.data5
-rw-r--r--bin/tests/names/wire_test8.data28
-rw-r--r--bin/tests/ndc.conf36
-rw-r--r--bin/tests/ndc.conf-include25
-rw-r--r--bin/tests/net/Makefile.in53
-rw-r--r--bin/tests/net/driver.c107
-rw-r--r--bin/tests/net/driver.h48
-rw-r--r--bin/tests/net/netaddr_multicast.c112
-rw-r--r--bin/tests/net/sockaddr_multicast.c36
-rw-r--r--bin/tests/net/testsuite.h33
-rw-r--r--bin/tests/nsec3hash.c117
-rw-r--r--bin/tests/nsecify.c216
-rw-r--r--bin/tests/printmsg.c251
-rw-r--r--bin/tests/printmsg.h27
-rw-r--r--bin/tests/ratelimiter_test.c153
-rw-r--r--bin/tests/rbt/Makefile.in58
-rw-r--r--bin/tests/rbt/dns_rbt.data14
-rw-r--r--bin/tests/rbt/dns_rbt_addname_1_data6
-rw-r--r--bin/tests/rbt/dns_rbt_addname_2_data6
-rw-r--r--bin/tests/rbt/dns_rbt_bitstring.data10
-rw-r--r--bin/tests/rbt/dns_rbt_create_1_data7
-rw-r--r--bin/tests/rbt/dns_rbt_deletename_1_data6
-rw-r--r--bin/tests/rbt/dns_rbt_deletename_2_data6
-rw-r--r--bin/tests/rbt/dns_rbt_findname_1_data6
-rw-r--r--bin/tests/rbt/dns_rbt_findname_2_data6
-rw-r--r--bin/tests/rbt/dns_rbt_findname_3_data6
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_first_1.data13
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_first_2.data9
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_first_data7
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_init.data13
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_init_data6
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_last_1.data13
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_last_2.data7
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_last_data7
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_next.data13
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_next_data6
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_prev.data13
-rw-r--r--bin/tests/rbt/dns_rbtnodechain_prev_data6
-rw-r--r--bin/tests/rbt/t_rbt.c1857
-rw-r--r--bin/tests/rbt_test.c457
-rw-r--r--bin/tests/rbt_test.out395
-rw-r--r--bin/tests/rbt_test.txt93
-rw-r--r--bin/tests/rdata_test.c1182
-rw-r--r--bin/tests/resolv.conf.sample38
-rw-r--r--bin/tests/rwlock_test.c142
-rw-r--r--bin/tests/serial_test.c50
-rw-r--r--bin/tests/shutdown_test.c232
-rw-r--r--bin/tests/sig0_test.c305
-rw-r--r--bin/tests/sock_test.c382
-rw-r--r--bin/tests/sockaddr/Makefile.in55
-rw-r--r--bin/tests/sockaddr/t_sockaddr.c137
-rw-r--r--bin/tests/sym_test.c127
-rw-r--r--bin/tests/system/Makefile.in45
-rw-r--r--bin/tests/system/README54
-rw-r--r--bin/tests/system/acl/clean.sh25
-rw-r--r--bin/tests/system/acl/ns2/named1.conf61
-rw-r--r--bin/tests/system/acl/ns2/named2.conf65
-rw-r--r--bin/tests/system/acl/ns2/named3.conf74
-rw-r--r--bin/tests/system/acl/ns2/named4.conf73
-rw-r--r--bin/tests/system/acl/setup.sh21
-rw-r--r--bin/tests/system/acl/tests.sh144
-rw-r--r--bin/tests/system/cacheclean/clean.sh25
-rw-r--r--bin/tests/system/cacheclean/dig.batch924
-rw-r--r--bin/tests/system/cacheclean/knowngood.dig.out953
-rw-r--r--bin/tests/system/cacheclean/ns1/example.db2950
-rw-r--r--bin/tests/system/cacheclean/ns1/named.conf38
-rw-r--r--bin/tests/system/cacheclean/ns2/named.conf38
-rw-r--r--bin/tests/system/cacheclean/tests.sh32
-rw-r--r--bin/tests/system/checkconf/bad.conf52
-rw-r--r--bin/tests/system/checkconf/good.conf56
-rw-r--r--bin/tests/system/checkconf/tests.sh37
-rw-r--r--bin/tests/system/checknames/clean.sh24
-rw-r--r--bin/tests/system/checknames/ns1/fail.example.db.in22
-rw-r--r--bin/tests/system/checknames/ns1/fail.update.db.in21
-rw-r--r--bin/tests/system/checknames/ns1/ignore.example.db.in23
-rw-r--r--bin/tests/system/checknames/ns1/ignore.update.db.in21
-rw-r--r--bin/tests/system/checknames/ns1/named.conf76
-rw-r--r--bin/tests/system/checknames/ns1/root.db35
-rw-r--r--bin/tests/system/checknames/ns1/warn.example.db.in22
-rw-r--r--bin/tests/system/checknames/ns1/warn.update.db.in21
-rw-r--r--bin/tests/system/checknames/ns2/named.conf38
-rw-r--r--bin/tests/system/checknames/ns2/root.hints19
-rw-r--r--bin/tests/system/checknames/ns3/named.conf38
-rw-r--r--bin/tests/system/checknames/ns3/root.hints19
-rw-r--r--bin/tests/system/checknames/setup.sh23
-rw-r--r--bin/tests/system/checknames/tests.sh134
-rw-r--r--bin/tests/system/cleanall.sh38
-rw-r--r--bin/tests/system/common/controls.conf28
-rw-r--r--bin/tests/system/common/rndc.conf27
-rw-r--r--bin/tests/system/common/root.hint20
-rw-r--r--bin/tests/system/conf.sh.in54
-rw-r--r--bin/tests/system/dialup/ns1/example.db25
-rw-r--r--bin/tests/system/dialup/ns1/named.conf45
-rw-r--r--bin/tests/system/dialup/ns1/root.db26
-rw-r--r--bin/tests/system/dialup/ns2/hint.db19
-rw-r--r--bin/tests/system/dialup/ns2/named.conf45
-rw-r--r--bin/tests/system/dialup/ns3/hint.db19
-rw-r--r--bin/tests/system/dialup/ns3/named.conf45
-rw-r--r--bin/tests/system/dialup/setup.sh19
-rw-r--r--bin/tests/system/dialup/tests.sh71
-rw-r--r--bin/tests/system/digcomp.pl111
-rw-r--r--bin/tests/system/dlv/clean.sh28
-rw-r--r--bin/tests/system/dlv/ns1/named.conf35
-rw-r--r--bin/tests/system/dlv/ns1/root.db24
-rw-r--r--bin/tests/system/dlv/ns1/rootservers.utld.db20
-rw-r--r--bin/tests/system/dlv/ns2/hints18
-rw-r--r--bin/tests/system/dlv/ns2/named.conf35
-rw-r--r--bin/tests/system/dlv/ns2/utld.db56
-rw-r--r--bin/tests/system/dlv/ns3/child.db.in22
-rw-r--r--bin/tests/system/dlv/ns3/dlv.db.in20
-rw-r--r--bin/tests/system/dlv/ns3/hints18
-rw-r--r--bin/tests/system/dlv/ns3/named.conf43
-rwxr-xr-xbin/tests/system/dlv/ns3/sign.sh174
-rw-r--r--bin/tests/system/dlv/ns4/child.db41
-rw-r--r--bin/tests/system/dlv/ns4/hints18
-rw-r--r--bin/tests/system/dlv/ns4/named.conf36
-rw-r--r--bin/tests/system/dlv/ns5/hints18
-rw-r--r--bin/tests/system/dlv/ns5/named.conf66
-rw-r--r--bin/tests/system/dlv/ns5/rndc.conf27
-rw-r--r--bin/tests/system/dlv/setup.sh21
-rw-r--r--bin/tests/system/dlv/tests.sh19
-rw-r--r--bin/tests/system/dnssec/README17
-rw-r--r--bin/tests/system/dnssec/clean.sh38
-rw-r--r--bin/tests/system/dnssec/dnssec_update_test.pl105
-rw-r--r--bin/tests/system/dnssec/ns1/named.conf43
-rw-r--r--bin/tests/system/dnssec/ns1/root.db.in32
-rw-r--r--bin/tests/system/dnssec/ns1/sign.sh56
-rw-r--r--bin/tests/system/dnssec/ns2/child.nsec3.example.db25
-rw-r--r--bin/tests/system/dnssec/ns2/child.optout.example.db25
-rw-r--r--bin/tests/system/dnssec/ns2/dlv.db.in26
-rw-r--r--bin/tests/system/dnssec/ns2/dst.example.db.in26
-rw-r--r--bin/tests/system/dnssec/ns2/example.db.in97
-rw-r--r--bin/tests/system/dnssec/ns2/insecure.secure.example.db32
-rw-r--r--bin/tests/system/dnssec/ns2/named.conf83
-rw-r--r--bin/tests/system/dnssec/ns2/private.secure.example.db.in34
-rw-r--r--bin/tests/system/dnssec/ns2/rfc2335.example.db103
-rw-r--r--bin/tests/system/dnssec/ns2/sign.sh68
-rw-r--r--bin/tests/system/dnssec/ns3/bogus.example.db.in32
-rw-r--r--bin/tests/system/dnssec/ns3/dynamic.example.db.in31
-rw-r--r--bin/tests/system/dnssec/ns3/insecure.example.db32
-rw-r--r--bin/tests/system/dnssec/ns3/insecure.nsec3.example.db31
-rw-r--r--bin/tests/system/dnssec/ns3/insecure.optout.example.db31
-rw-r--r--bin/tests/system/dnssec/ns3/keyless.example.db.in29
-rw-r--r--bin/tests/system/dnssec/ns3/multiple.example.db.in34
-rw-r--r--bin/tests/system/dnssec/ns3/named.conf159
-rw-r--r--bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in34
-rw-r--r--bin/tests/system/dnssec/ns3/nsec3.example.db.in43
-rw-r--r--bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in40
-rw-r--r--bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in40
-rw-r--r--bin/tests/system/dnssec/ns3/optout-unknown.example.db.in34
-rw-r--r--bin/tests/system/dnssec/ns3/optout.example.db.in45
-rw-r--r--bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in40
-rw-r--r--bin/tests/system/dnssec/ns3/optout.optout.example.db.in40
-rw-r--r--bin/tests/system/dnssec/ns3/secure.example.db.in41
-rw-r--r--bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in40
-rw-r--r--bin/tests/system/dnssec/ns3/secure.optout.example.db.in40
-rw-r--r--bin/tests/system/dnssec/ns3/sign.sh224
-rw-r--r--bin/tests/system/dnssec/ns4/named.conf44
-rw-r--r--bin/tests/system/dnssec/ns5/named.conf43
-rw-r--r--bin/tests/system/dnssec/ns5/trusted.conf.bad22
-rw-r--r--bin/tests/system/dnssec/ns6/named.conf45
-rw-r--r--bin/tests/system/dnssec/ns7/named.conf72
-rw-r--r--bin/tests/system/dnssec/prereq.sh28
-rw-r--r--bin/tests/system/dnssec/setup.sh26
-rw-r--r--bin/tests/system/dnssec/tests.sh834
-rw-r--r--bin/tests/system/forward/clean.sh22
-rw-r--r--bin/tests/system/forward/ns1/example.db12
-rw-r--r--bin/tests/system/forward/ns1/named.conf61
-rw-r--r--bin/tests/system/forward/ns1/root.db36
-rw-r--r--bin/tests/system/forward/ns2/example.db12
-rw-r--r--bin/tests/system/forward/ns2/named.conf56
-rw-r--r--bin/tests/system/forward/ns2/root.db36
-rw-r--r--bin/tests/system/forward/ns3/named.conf56
-rw-r--r--bin/tests/system/forward/ns3/root.db36
-rw-r--r--bin/tests/system/forward/ns4/named.conf52
-rw-r--r--bin/tests/system/forward/ns4/root.db36
-rw-r--r--bin/tests/system/forward/tests.sh92
-rw-r--r--bin/tests/system/genzone.sh267
-rw-r--r--bin/tests/system/glue/clean.sh25
-rw-r--r--bin/tests/system/glue/fi.good27
-rw-r--r--bin/tests/system/glue/noglue.good14
-rw-r--r--bin/tests/system/glue/ns1/cache.in23
-rw-r--r--bin/tests/system/glue/ns1/mil.db31
-rw-r--r--bin/tests/system/glue/ns1/named.conf53
-rw-r--r--bin/tests/system/glue/ns1/net.db40
-rw-r--r--bin/tests/system/glue/ns1/root-servers.nil.db31
-rw-r--r--bin/tests/system/glue/ns1/root.db76
-rw-r--r--bin/tests/system/glue/setup.sh20
-rw-r--r--bin/tests/system/glue/tests.sh46
-rw-r--r--bin/tests/system/glue/xx.good16
-rw-r--r--bin/tests/system/glue/yy.good17
-rwxr-xr-xbin/tests/system/ifconfig.sh189
-rw-r--r--bin/tests/system/ixfr/ans2/ans.pl157
-rw-r--r--bin/tests/system/ixfr/clean.sh21
-rw-r--r--bin/tests/system/ixfr/prereq.sh26
-rw-r--r--bin/tests/system/ixfr/setup.sh43
-rw-r--r--bin/tests/system/ixfr/tests.sh132
-rw-r--r--bin/tests/system/limits/clean.sh24
-rw-r--r--bin/tests/system/limits/knowngood.dig.out.10001023
-rw-r--r--bin/tests/system/limits/knowngood.dig.out.20002023
-rw-r--r--bin/tests/system/limits/knowngood.dig.out.30003023
-rw-r--r--bin/tests/system/limits/knowngood.dig.out.40004023
-rw-r--r--bin/tests/system/limits/knowngood.dig.out.a-maximum-rrset4114
-rw-r--r--bin/tests/system/limits/ns1/example.db19118
-rw-r--r--bin/tests/system/limits/ns1/named.conf42
-rw-r--r--bin/tests/system/limits/ns1/root.db30
-rw-r--r--bin/tests/system/limits/tests.sh60
-rw-r--r--bin/tests/system/lwresd/Makefile.in56
-rw-r--r--bin/tests/system/lwresd/clean.sh22
-rw-r--r--bin/tests/system/lwresd/lwresd1/lwresd.conf34
-rw-r--r--bin/tests/system/lwresd/lwresd1/resolv.conf21
-rw-r--r--bin/tests/system/lwresd/lwtest.c773
-rw-r--r--bin/tests/system/lwresd/ns1/10.10.10.in-addr.arpa.db29
-rw-r--r--bin/tests/system/lwresd/ns1/e.example1.db54
-rw-r--r--bin/tests/system/lwresd/ns1/example1.db35
-rw-r--r--bin/tests/system/lwresd/ns1/example2.db30
-rw-r--r--bin/tests/system/lwresd/ns1/ip6.arpa.db30
-rw-r--r--bin/tests/system/lwresd/ns1/ip6.int.db29
-rw-r--r--bin/tests/system/lwresd/ns1/named.conf69
-rw-r--r--bin/tests/system/lwresd/ns1/root.db33
-rw-r--r--bin/tests/system/lwresd/resolv.conf21
-rw-r--r--bin/tests/system/lwresd/tests.sh46
-rw-r--r--bin/tests/system/masterfile/clean.sh21
-rw-r--r--bin/tests/system/masterfile/knowngood.dig.out33
-rw-r--r--bin/tests/system/masterfile/ns1/include.db41
-rw-r--r--bin/tests/system/masterfile/ns1/named.conf47
-rw-r--r--bin/tests/system/masterfile/ns1/sub.db21
-rw-r--r--bin/tests/system/masterfile/ns1/ttl1.db33
-rw-r--r--bin/tests/system/masterfile/ns1/ttl2.db36
-rw-r--r--bin/tests/system/masterfile/tests.sh37
-rwxr-xr-xbin/tests/system/masterformat/clean.sh23
-rwxr-xr-xbin/tests/system/masterformat/ns1/compile.sh17
-rw-r--r--bin/tests/system/masterformat/ns1/example.db54
-rw-r--r--bin/tests/system/masterformat/ns1/named.conf36
-rw-r--r--bin/tests/system/masterformat/ns2/named.conf35
-rwxr-xr-xbin/tests/system/masterformat/setup.sh20
-rwxr-xr-xbin/tests/system/masterformat/tests.sh80
-rw-r--r--bin/tests/system/notify/clean.sh26
-rw-r--r--bin/tests/system/notify/ns1/named.conf37
-rw-r--r--bin/tests/system/notify/ns1/root.db30
-rw-r--r--bin/tests/system/notify/ns2/example1.db150
-rw-r--r--bin/tests/system/notify/ns2/example2.db150
-rw-r--r--bin/tests/system/notify/ns2/example3.db150
-rw-r--r--bin/tests/system/notify/ns2/example4.db150
-rw-r--r--bin/tests/system/notify/ns2/named.conf43
-rw-r--r--bin/tests/system/notify/ns3/named.conf46
-rw-r--r--bin/tests/system/notify/setup.sh20
-rw-r--r--bin/tests/system/notify/tests.sh92
-rw-r--r--bin/tests/system/nsupdate/clean.sh28
-rw-r--r--bin/tests/system/nsupdate/knowngood.ns1.after99
-rw-r--r--bin/tests/system/nsupdate/knowngood.ns1.afterstop3
-rw-r--r--bin/tests/system/nsupdate/knowngood.ns1.before98
-rw-r--r--bin/tests/system/nsupdate/ns1/example1.db152
-rw-r--r--bin/tests/system/nsupdate/ns1/named.conf58
-rw-r--r--bin/tests/system/nsupdate/ns2/named.conf49
-rw-r--r--bin/tests/system/nsupdate/setup.sh42
-rw-r--r--bin/tests/system/nsupdate/tests.sh161
-rw-r--r--bin/tests/system/nsupdate/update_test.pl426
-rw-r--r--bin/tests/system/resolver/ans2/ans.pl75
-rw-r--r--bin/tests/system/resolver/ans3/ans.pl60
-rw-r--r--bin/tests/system/resolver/clean.sh22
-rw-r--r--bin/tests/system/resolver/ns1/named.conf38
-rw-r--r--bin/tests/system/resolver/ns1/root.hint20
-rw-r--r--bin/tests/system/resolver/prereq.sh26
-rw-r--r--bin/tests/system/resolver/tests.sh39
-rw-r--r--bin/tests/system/rrsetorder/clean.sh23
-rw-r--r--bin/tests/system/rrsetorder/dig.out.fixed.good4
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good14
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good104
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good114
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good124
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good134
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good144
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good154
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good164
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good174
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good184
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good194
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good24
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good204
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good214
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good224
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good234
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good244
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good34
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good44
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good54
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good64
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good74
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good84
-rw-r--r--bin/tests/system/rrsetorder/dig.out.random.good94
-rw-r--r--bin/tests/system/rrsetorder/ns1/named.conf43
-rw-r--r--bin/tests/system/rrsetorder/ns1/root.db40
-rw-r--r--bin/tests/system/rrsetorder/ns2/named.conf45
-rw-r--r--bin/tests/system/rrsetorder/ns3/named.conf45
-rw-r--r--bin/tests/system/rrsetorder/tests.sh332
-rw-r--r--bin/tests/system/run.sh115
-rw-r--r--bin/tests/system/runall.sh46
-rw-r--r--bin/tests/system/send.pl39
-rw-r--r--bin/tests/system/setup.sh40
-rw-r--r--bin/tests/system/sortlist/clean.sh21
-rw-r--r--bin/tests/system/sortlist/ns1/example.db43
-rw-r--r--bin/tests/system/sortlist/ns1/named.conf53
-rw-r--r--bin/tests/system/sortlist/ns1/root.db30
-rw-r--r--bin/tests/system/sortlist/tests.sh60
-rw-r--r--bin/tests/system/start.pl209
-rw-r--r--bin/tests/system/start.sh21
-rw-r--r--bin/tests/system/stop.pl188
-rw-r--r--bin/tests/system/stop.sh22
-rw-r--r--bin/tests/system/stress/clean.sh29
-rw-r--r--bin/tests/system/stress/ns1/named.conf37
-rw-r--r--bin/tests/system/stress/ns2/named.conf39
-rw-r--r--bin/tests/system/stress/ns3/named.conf56
-rw-r--r--bin/tests/system/stress/ns4/named.conf41
-rw-r--r--bin/tests/system/stress/setup.pl91
-rw-r--r--bin/tests/system/stress/setup.sh24
-rw-r--r--bin/tests/system/stress/tests.sh53
-rw-r--r--bin/tests/system/stress/update.pl107
-rw-r--r--bin/tests/system/stub/clean.sh24
-rw-r--r--bin/tests/system/stub/knowngood.dig.out.norec21
-rw-r--r--bin/tests/system/stub/knowngood.dig.out.rec24
-rw-r--r--bin/tests/system/stub/ns1/named.conf37
-rw-r--r--bin/tests/system/stub/ns1/root.db30
-rw-r--r--bin/tests/system/stub/ns2/child.example.db28
-rw-r--r--bin/tests/system/stub/ns2/named.conf42
-rw-r--r--bin/tests/system/stub/ns3/example.db28
-rw-r--r--bin/tests/system/stub/ns3/named.conf49
-rw-r--r--bin/tests/system/stub/tests.sh39
-rw-r--r--bin/tests/system/testsock.pl51
-rw-r--r--bin/tests/system/tkey/Makefile.in60
-rw-r--r--bin/tests/system/tkey/clean.sh22
-rw-r--r--bin/tests/system/tkey/keycreate.c329
-rw-r--r--bin/tests/system/tkey/keydelete.c267
-rw-r--r--bin/tests/system/tkey/ns1/named.conf.in39
-rw-r--r--bin/tests/system/tkey/ns1/setup.sh25
-rw-r--r--bin/tests/system/tkey/prereq.sh28
-rw-r--r--bin/tests/system/tkey/setup.sh24
-rw-r--r--bin/tests/system/tkey/tests.sh83
-rw-r--r--bin/tests/system/tsig/clean.sh24
-rw-r--r--bin/tests/system/tsig/ns1/example.db151
-rw-r--r--bin/tests/system/tsig/ns1/named.conf96
-rw-r--r--bin/tests/system/tsig/tests.sh218
-rw-r--r--bin/tests/system/unknown/clean.sh21
-rw-r--r--bin/tests/system/unknown/ns1/broken1.db29
-rw-r--r--bin/tests/system/unknown/ns1/broken2.db29
-rw-r--r--bin/tests/system/unknown/ns1/broken3.db29
-rw-r--r--bin/tests/system/unknown/ns1/broken4.db29
-rw-r--r--bin/tests/system/unknown/ns1/broken5.db29
-rw-r--r--bin/tests/system/unknown/ns1/class10.hints19
-rw-r--r--bin/tests/system/unknown/ns1/example-class10.db37
-rw-r--r--bin/tests/system/unknown/ns1/example-in.db52
-rw-r--r--bin/tests/system/unknown/ns1/named.conf76
-rw-r--r--bin/tests/system/unknown/tests.sh119
-rw-r--r--bin/tests/system/upforwd/clean.sh26
-rw-r--r--bin/tests/system/upforwd/knowngood.after110
-rw-r--r--bin/tests/system/upforwd/knowngood.after211
-rw-r--r--bin/tests/system/upforwd/knowngood.before8
-rw-r--r--bin/tests/system/upforwd/knowngood.ns2.before6
-rw-r--r--bin/tests/system/upforwd/ns1/example1.db24
-rw-r--r--bin/tests/system/upforwd/ns1/named.conf44
-rw-r--r--bin/tests/system/upforwd/ns2/named.conf39
-rw-r--r--bin/tests/system/upforwd/ns3/named.conf40
-rw-r--r--bin/tests/system/upforwd/setup.sh21
-rw-r--r--bin/tests/system/upforwd/tests.sh103
-rw-r--r--bin/tests/system/v6synth/clean.sh21
-rw-r--r--bin/tests/system/v6synth/ns1/named.conf37
-rw-r--r--bin/tests/system/v6synth/ns1/root.db33
-rw-r--r--bin/tests/system/v6synth/ns2/example.db38
-rw-r--r--bin/tests/system/v6synth/ns2/ip6.arpa.db24
-rw-r--r--bin/tests/system/v6synth/ns2/ip6.int.db24
-rw-r--r--bin/tests/system/v6synth/ns2/named.conf49
-rw-r--r--bin/tests/system/v6synth/ns3/named.conf39
-rw-r--r--bin/tests/system/v6synth/tests.sh71
-rw-r--r--bin/tests/system/views/clean.sh26
-rw-r--r--bin/tests/system/views/ns1/named.conf37
-rw-r--r--bin/tests/system/views/ns1/root.db30
-rw-r--r--bin/tests/system/views/ns2/example1.db34
-rw-r--r--bin/tests/system/views/ns2/example2.db34
-rw-r--r--bin/tests/system/views/ns2/internal.db36
-rw-r--r--bin/tests/system/views/ns2/named1.conf45
-rw-r--r--bin/tests/system/views/ns2/named2.conf65
-rw-r--r--bin/tests/system/views/ns3/internal.db34
-rw-r--r--bin/tests/system/views/ns3/named1.conf55
-rw-r--r--bin/tests/system/views/ns3/named2.conf54
-rw-r--r--bin/tests/system/views/setup.sh23
-rw-r--r--bin/tests/system/views/tests.sh83
-rw-r--r--bin/tests/system/xfer/clean.sh27
-rw-r--r--bin/tests/system/xfer/dig1.good80
-rw-r--r--bin/tests/system/xfer/dig2.good80
-rw-r--r--bin/tests/system/xfer/ns1/named.conf37
-rw-r--r--bin/tests/system/xfer/ns1/root.db33
-rw-r--r--bin/tests/system/xfer/ns2/named.conf61
-rw-r--r--bin/tests/system/xfer/ns3/named.conf71
-rw-r--r--bin/tests/system/xfer/setup.sh21
-rw-r--r--bin/tests/system/xfer/tests.sh102
-rw-r--r--bin/tests/system/xferquota/clean.sh28
-rw-r--r--bin/tests/system/xferquota/ns1/changing1.db33
-rw-r--r--bin/tests/system/xferquota/ns1/changing2.db33
-rw-r--r--bin/tests/system/xferquota/ns1/named.conf44
-rw-r--r--bin/tests/system/xferquota/ns1/root.db35
-rw-r--r--bin/tests/system/xferquota/ns2/example.db152
-rw-r--r--bin/tests/system/xferquota/ns2/named.conf48
-rw-r--r--bin/tests/system/xferquota/setup.pl46
-rw-r--r--bin/tests/system/xferquota/setup.sh26
-rw-r--r--bin/tests/system/xferquota/tests.sh71
-rw-r--r--bin/tests/system/zonechecks/a.db19
-rw-r--r--bin/tests/system/zonechecks/aaaa.db19
-rw-r--r--bin/tests/system/zonechecks/clean.sh20
-rw-r--r--bin/tests/system/zonechecks/cname.db19
-rw-r--r--bin/tests/system/zonechecks/dname.db19
-rw-r--r--bin/tests/system/zonechecks/noaddress.db19
-rw-r--r--bin/tests/system/zonechecks/nxdomain.db19
-rw-r--r--bin/tests/system/zonechecks/tests.sh164
-rw-r--r--bin/tests/t_api.pl223
-rw-r--r--bin/tests/task_test.c191
-rw-r--r--bin/tests/tasks/Makefile.in55
-rw-r--r--bin/tests/tasks/t_tasks.c2293
-rw-r--r--bin/tests/timer_test.c172
-rw-r--r--bin/tests/timers/Makefile.in55
-rw-r--r--bin/tests/timers/t_timers.c1128
-rw-r--r--bin/tests/wire_test.c284
-rw-r--r--bin/tests/wire_test.data9
-rw-r--r--bin/tests/wire_test.data214
-rw-r--r--bin/tests/wire_test.data314
-rw-r--r--bin/tests/wire_test.data431
-rw-r--r--bin/tests/zone_test.c312
-rw-r--r--bin/win32/BINDInstall/AccountInfo.cpp438
-rw-r--r--bin/win32/BINDInstall/AccountInfo.h48
-rw-r--r--bin/win32/BINDInstall/BINDInstall.cpp106
-rw-r--r--bin/win32/BINDInstall/BINDInstall.dsp177
-rw-r--r--bin/win32/BINDInstall/BINDInstall.dsw29
-rw-r--r--bin/win32/BINDInstall/BINDInstall.h64
-rw-r--r--bin/win32/BINDInstall/BINDInstall.mak428
-rw-r--r--bin/win32/BINDInstall/BINDInstall.rc338
-rw-r--r--bin/win32/BINDInstall/BINDInstallDlg.cpp1290
-rw-r--r--bin/win32/BINDInstall/BINDInstallDlg.h127
-rw-r--r--bin/win32/BINDInstall/DirBrowse.cpp103
-rw-r--r--bin/win32/BINDInstall/DirBrowse.h71
-rw-r--r--bin/win32/BINDInstall/StdAfx.cpp8
-rw-r--r--bin/win32/BINDInstall/StdAfx.h30
-rw-r--r--bin/win32/BINDInstall/VersionInfo.cpp286
-rw-r--r--bin/win32/BINDInstall/VersionInfo.h62
-rw-r--r--bin/win32/BINDInstall/res/BINDInstall.icobin0 -> 1078 bytes
-rw-r--r--bin/win32/BINDInstall/res/BINDInstall.rc213
-rw-r--r--bin/win32/BINDInstall/resource.h103
799 files changed, 174547 insertions, 0 deletions
diff --git a/bin/Makefile.in b/bin/Makefile.in
new file mode 100644
index 0000000..ef28e0c
--- /dev/null
+++ b/bin/Makefile.in
@@ -0,0 +1,25 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.25 2007/06/19 23:46:59 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+SUBDIRS = named rndc dig dnssec tests nsupdate check
+TARGETS =
+
+@BIND9_MAKE_RULES@
diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in
new file mode 100644
index 0000000..06f5541
--- /dev/null
+++ b/bin/check/Makefile.in
@@ -0,0 +1,98 @@
+# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.32 2007/06/19 23:46:59 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
+ ${ISC_INCLUDES}
+
+CDEFINES = -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CWARNINGS =
+
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+
+LIBS = @LIBS@
+
+SUBDIRS =
+
+# Alphabetically
+TARGETS = named-checkconf@EXEEXT@ named-checkzone@EXEEXT@
+
+# Alphabetically
+SRCS = named-checkconf.c named-checkzone.c check-tool.c
+
+MANPAGES = named-checkconf.8 named-checkzone.8
+
+HTMLPAGES = named-checkconf.html named-checkzone.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+named-checkconf.@O@: named-checkconf.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -c ${srcdir}/named-checkconf.c
+
+named-checkzone.@O@: named-checkzone.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -c ${srcdir}/named-checkzone.c
+
+named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
+ ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ named-checkconf.@O@ check-tool.@O@ ${BIND9LIBS} ${ISCCFGLIBS} \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ named-checkzone.@O@ check-tool.@O@ ${ISCCFGLIBS} ${DNSLIBS} \
+ ${ISCLIBS} ${LIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
+ (cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
+ for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+ (cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
+
+clean distclean::
+ rm -f ${TARGETS} r1.htm
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c
new file mode 100644
index 0000000..98bc721
--- /dev/null
+++ b/bin/check/check-tool.c
@@ -0,0 +1,663 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: check-tool.c,v 1.35 2008/10/24 00:28:00 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdio.h>
+
+#include "check-tool.h"
+#include <isc/buffer.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/netdb.h>
+#include <isc/net.h>
+#include <isc/region.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/symtab.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/types.h>
+#include <dns/zone.h>
+
+#include <isccfg/log.h>
+
+#ifndef CHECK_SIBLING
+#define CHECK_SIBLING 1
+#endif
+
+#ifndef CHECK_LOCAL
+#define CHECK_LOCAL 1
+#endif
+
+#ifdef HAVE_ADDRINFO
+#ifdef HAVE_GETADDRINFO
+#ifdef HAVE_GAISTRERROR
+#define USE_GETADDRINFO
+#endif
+#endif
+#endif
+
+#define CHECK(r) \
+ do { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) \
+ goto cleanup; \
+ } while (0)
+
+#define ERR_IS_CNAME 1
+#define ERR_NO_ADDRESSES 2
+#define ERR_LOOKUP_FAILURE 3
+#define ERR_EXTRA_A 4
+#define ERR_EXTRA_AAAA 5
+#define ERR_MISSING_GLUE 5
+#define ERR_IS_MXCNAME 6
+#define ERR_IS_SRVCNAME 7
+
+static const char *dbtype[] = { "rbt" };
+
+int debug = 0;
+isc_boolean_t nomerge = ISC_TRUE;
+#if CHECK_LOCAL
+isc_boolean_t docheckmx = ISC_TRUE;
+isc_boolean_t dochecksrv = ISC_TRUE;
+isc_boolean_t docheckns = ISC_TRUE;
+#else
+isc_boolean_t docheckmx = ISC_FALSE;
+isc_boolean_t dochecksrv = ISC_FALSE;
+isc_boolean_t docheckns = ISC_FALSE;
+#endif
+unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
+ DNS_ZONEOPT_CHECKMX |
+ DNS_ZONEOPT_MANYERRORS |
+ DNS_ZONEOPT_CHECKNAMES |
+ DNS_ZONEOPT_CHECKINTEGRITY |
+#if CHECK_SIBLING
+ DNS_ZONEOPT_CHECKSIBLING |
+#endif
+ DNS_ZONEOPT_CHECKWILDCARD |
+ DNS_ZONEOPT_WARNMXCNAME |
+ DNS_ZONEOPT_WARNSRVCNAME;
+
+/*
+ * This needs to match the list in bin/named/log.c.
+ */
+static isc_logcategory_t categories[] = {
+ { "", 0 },
+ { "client", 0 },
+ { "network", 0 },
+ { "update", 0 },
+ { "queries", 0 },
+ { "unmatched", 0 },
+ { "update-security", 0 },
+ { NULL, 0 }
+};
+
+static isc_symtab_t *symtab = NULL;
+static isc_mem_t *sym_mctx;
+
+static void
+freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
+ UNUSED(type);
+ UNUSED(value);
+ isc_mem_free(userarg, key);
+}
+
+static void
+add(char *key, int value) {
+ isc_result_t result;
+ isc_symvalue_t symvalue;
+
+ if (sym_mctx == NULL) {
+ result = isc_mem_create(0, 0, &sym_mctx);
+ if (result != ISC_R_SUCCESS)
+ return;
+ }
+
+ if (symtab == NULL) {
+ result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
+ ISC_FALSE, &symtab);
+ if (result != ISC_R_SUCCESS)
+ return;
+ }
+
+ key = isc_mem_strdup(sym_mctx, key);
+ if (key == NULL)
+ return;
+
+ symvalue.as_pointer = NULL;
+ result = isc_symtab_define(symtab, key, value, symvalue,
+ isc_symexists_reject);
+ if (result != ISC_R_SUCCESS)
+ isc_mem_free(sym_mctx, key);
+}
+
+static isc_boolean_t
+logged(char *key, int value) {
+ isc_result_t result;
+
+ if (symtab == NULL)
+ return (ISC_FALSE);
+
+ result = isc_symtab_lookup(symtab, key, value, NULL);
+ if (result == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
+
+static isc_boolean_t
+checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
+ dns_rdataset_t *a, dns_rdataset_t *aaaa)
+{
+#ifdef USE_GETADDRINFO
+ dns_rdataset_t *rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ struct addrinfo hints, *ai, *cur;
+ char namebuf[DNS_NAME_FORMATSIZE + 1];
+ char ownerbuf[DNS_NAME_FORMATSIZE];
+ char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
+ isc_boolean_t answer = ISC_TRUE;
+ isc_boolean_t match;
+ const char *type;
+ void *ptr = NULL;
+ int result;
+
+ REQUIRE(a == NULL || !dns_rdataset_isassociated(a) ||
+ a->type == dns_rdatatype_a);
+ REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
+ aaaa->type == dns_rdatatype_aaaa);
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+ /*
+ * Turn off search.
+ */
+ if (dns_name_countlabels(name) > 1U)
+ strcat(namebuf, ".");
+ dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
+
+ result = getaddrinfo(namebuf, NULL, &hints, &ai);
+ dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+ switch (result) {
+ case 0:
+ /*
+ * Work around broken getaddrinfo() implementations that
+ * fail to set ai_canonname on first entry.
+ */
+ cur = ai;
+ while (cur != NULL && cur->ai_canonname == NULL &&
+ cur->ai_next != NULL)
+ cur = cur->ai_next;
+ if (ai != NULL && cur->ai_canonname != NULL &&
+ strcasecmp(ai->ai_canonname, namebuf) != 0 &&
+ !logged(namebuf, ERR_IS_CNAME)) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "%s/NS '%s' (out of zone) "
+ "is a CNAME '%s' (illegal)",
+ ownerbuf, namebuf,
+ cur->ai_canonname);
+ /* XXX950 make fatal for 9.5.0 */
+ /* answer = ISC_FALSE; */
+ add(namebuf, ERR_IS_CNAME);
+ }
+ break;
+ case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+ case EAI_NODATA:
+#endif
+ if (!logged(namebuf, ERR_NO_ADDRESSES)) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "%s/NS '%s' (out of zone) "
+ "has no addresses records (A or AAAA)",
+ ownerbuf, namebuf);
+ add(namebuf, ERR_NO_ADDRESSES);
+ }
+ /* XXX950 make fatal for 9.5.0 */
+ return (ISC_TRUE);
+
+ default:
+ if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
+ dns_zone_log(zone, ISC_LOG_WARNING,
+ "getaddrinfo(%s) failed: %s",
+ namebuf, gai_strerror(result));
+ add(namebuf, ERR_LOOKUP_FAILURE);
+ }
+ return (ISC_TRUE);
+ }
+ if (a == NULL || aaaa == NULL)
+ return (answer);
+ /*
+ * Check that all glue records really exist.
+ */
+ if (!dns_rdataset_isassociated(a))
+ goto checkaaaa;
+ result = dns_rdataset_first(a);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdataset_current(a, &rdata);
+ match = ISC_FALSE;
+ for (cur = ai; cur != NULL; cur = cur->ai_next) {
+ if (cur->ai_family != AF_INET)
+ continue;
+ ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+ if (memcmp(ptr, rdata.data, rdata.length) == 0) {
+ match = ISC_TRUE;
+ break;
+ }
+ }
+ if (!match && !logged(namebuf, ERR_EXTRA_A)) {
+ dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+ "extra GLUE A record (%s)",
+ ownerbuf, namebuf,
+ inet_ntop(AF_INET, rdata.data,
+ addrbuf, sizeof(addrbuf)));
+ add(namebuf, ERR_EXTRA_A);
+ /* XXX950 make fatal for 9.5.0 */
+ /* answer = ISC_FALSE; */
+ }
+ dns_rdata_reset(&rdata);
+ result = dns_rdataset_next(a);
+ }
+
+ checkaaaa:
+ if (!dns_rdataset_isassociated(aaaa))
+ goto checkmissing;
+ result = dns_rdataset_first(aaaa);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdataset_current(aaaa, &rdata);
+ match = ISC_FALSE;
+ for (cur = ai; cur != NULL; cur = cur->ai_next) {
+ if (cur->ai_family != AF_INET6)
+ continue;
+ ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+ if (memcmp(ptr, rdata.data, rdata.length) == 0) {
+ match = ISC_TRUE;
+ break;
+ }
+ }
+ if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
+ dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+ "extra GLUE AAAA record (%s)",
+ ownerbuf, namebuf,
+ inet_ntop(AF_INET6, rdata.data,
+ addrbuf, sizeof(addrbuf)));
+ add(namebuf, ERR_EXTRA_AAAA);
+ /* XXX950 make fatal for 9.5.0. */
+ /* answer = ISC_FALSE; */
+ }
+ dns_rdata_reset(&rdata);
+ result = dns_rdataset_next(aaaa);
+ }
+
+ checkmissing:
+ /*
+ * Check that all addresses appear in the glue.
+ */
+ if (!logged(namebuf, ERR_MISSING_GLUE)) {
+ isc_boolean_t missing_glue = ISC_FALSE;
+ for (cur = ai; cur != NULL; cur = cur->ai_next) {
+ switch (cur->ai_family) {
+ case AF_INET:
+ rdataset = a;
+ ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+ type = "A";
+ break;
+ case AF_INET6:
+ rdataset = aaaa;
+ ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+ type = "AAAA";
+ break;
+ default:
+ continue;
+ }
+ match = ISC_FALSE;
+ if (dns_rdataset_isassociated(rdataset))
+ result = dns_rdataset_first(rdataset);
+ else
+ result = ISC_R_FAILURE;
+ while (result == ISC_R_SUCCESS && !match) {
+ dns_rdataset_current(rdataset, &rdata);
+ if (memcmp(ptr, rdata.data, rdata.length) == 0)
+ match = ISC_TRUE;
+ dns_rdata_reset(&rdata);
+ result = dns_rdataset_next(rdataset);
+ }
+ if (!match) {
+ dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+ "missing GLUE %s record (%s)",
+ ownerbuf, namebuf, type,
+ inet_ntop(cur->ai_family, ptr,
+ addrbuf, sizeof(addrbuf)));
+ /* XXX950 make fatal for 9.5.0. */
+ /* answer = ISC_FALSE; */
+ missing_glue = ISC_TRUE;
+ }
+ }
+ if (missing_glue)
+ add(namebuf, ERR_MISSING_GLUE);
+ }
+ freeaddrinfo(ai);
+ return (answer);
+#else
+ return (ISC_TRUE);
+#endif
+}
+
+static isc_boolean_t
+checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
+#ifdef USE_GETADDRINFO
+ struct addrinfo hints, *ai, *cur;
+ char namebuf[DNS_NAME_FORMATSIZE + 1];
+ char ownerbuf[DNS_NAME_FORMATSIZE];
+ int result;
+ int level = ISC_LOG_ERROR;
+ isc_boolean_t answer = ISC_TRUE;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+ /*
+ * Turn off search.
+ */
+ if (dns_name_countlabels(name) > 1U)
+ strcat(namebuf, ".");
+ dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
+
+ result = getaddrinfo(namebuf, NULL, &hints, &ai);
+ dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+ switch (result) {
+ case 0:
+ /*
+ * Work around broken getaddrinfo() implementations that
+ * fail to set ai_canonname on first entry.
+ */
+ cur = ai;
+ while (cur != NULL && cur->ai_canonname == NULL &&
+ cur->ai_next != NULL)
+ cur = cur->ai_next;
+ if (cur != NULL && cur->ai_canonname != NULL &&
+ strcasecmp(cur->ai_canonname, namebuf) != 0) {
+ if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
+ level = ISC_LOG_WARNING;
+ if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
+ if (!logged(namebuf, ERR_IS_MXCNAME)) {
+ dns_zone_log(zone, level,
+ "%s/MX '%s' (out of zone)"
+ " is a CNAME '%s' "
+ "(illegal)",
+ ownerbuf, namebuf,
+ cur->ai_canonname);
+ add(namebuf, ERR_IS_MXCNAME);
+ }
+ if (level == ISC_LOG_ERROR)
+ answer = ISC_FALSE;
+ }
+ }
+ freeaddrinfo(ai);
+ return (answer);
+
+ case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+ case EAI_NODATA:
+#endif
+ if (!logged(namebuf, ERR_NO_ADDRESSES)) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "%s/MX '%s' (out of zone) "
+ "has no addresses records (A or AAAA)",
+ ownerbuf, namebuf);
+ add(namebuf, ERR_NO_ADDRESSES);
+ }
+ /* XXX950 make fatal for 9.5.0. */
+ return (ISC_TRUE);
+
+ default:
+ if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
+ dns_zone_log(zone, ISC_LOG_WARNING,
+ "getaddrinfo(%s) failed: %s",
+ namebuf, gai_strerror(result));
+ add(namebuf, ERR_LOOKUP_FAILURE);
+ }
+ return (ISC_TRUE);
+ }
+#else
+ return (ISC_TRUE);
+#endif
+}
+
+static isc_boolean_t
+checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
+#ifdef USE_GETADDRINFO
+ struct addrinfo hints, *ai, *cur;
+ char namebuf[DNS_NAME_FORMATSIZE + 1];
+ char ownerbuf[DNS_NAME_FORMATSIZE];
+ int result;
+ int level = ISC_LOG_ERROR;
+ isc_boolean_t answer = ISC_TRUE;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+ /*
+ * Turn off search.
+ */
+ if (dns_name_countlabels(name) > 1U)
+ strcat(namebuf, ".");
+ dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
+
+ result = getaddrinfo(namebuf, NULL, &hints, &ai);
+ dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+ switch (result) {
+ case 0:
+ /*
+ * Work around broken getaddrinfo() implementations that
+ * fail to set ai_canonname on first entry.
+ */
+ cur = ai;
+ while (cur != NULL && cur->ai_canonname == NULL &&
+ cur->ai_next != NULL)
+ cur = cur->ai_next;
+ if (cur != NULL && cur->ai_canonname != NULL &&
+ strcasecmp(cur->ai_canonname, namebuf) != 0) {
+ if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
+ level = ISC_LOG_WARNING;
+ if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
+ if (!logged(namebuf, ERR_IS_SRVCNAME)) {
+ dns_zone_log(zone, level, "%s/SRV '%s'"
+ " (out of zone) is a "
+ "CNAME '%s' (illegal)",
+ ownerbuf, namebuf,
+ cur->ai_canonname);
+ add(namebuf, ERR_IS_SRVCNAME);
+ }
+ if (level == ISC_LOG_ERROR)
+ answer = ISC_FALSE;
+ }
+ }
+ freeaddrinfo(ai);
+ return (answer);
+
+ case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+ case EAI_NODATA:
+#endif
+ if (!logged(namebuf, ERR_NO_ADDRESSES)) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "%s/SRV '%s' (out of zone) "
+ "has no addresses records (A or AAAA)",
+ ownerbuf, namebuf);
+ add(namebuf, ERR_NO_ADDRESSES);
+ }
+ /* XXX950 make fatal for 9.5.0. */
+ return (ISC_TRUE);
+
+ default:
+ if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
+ dns_zone_log(zone, ISC_LOG_WARNING,
+ "getaddrinfo(%s) failed: %s",
+ namebuf, gai_strerror(result));
+ add(namebuf, ERR_LOOKUP_FAILURE);
+ }
+ return (ISC_TRUE);
+ }
+#else
+ return (ISC_TRUE);
+#endif
+}
+
+isc_result_t
+setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
+ isc_logdestination_t destination;
+ isc_logconfig_t *logconfig = NULL;
+ isc_log_t *log = NULL;
+
+ RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
+ isc_log_registercategories(log, categories);
+ isc_log_setcontext(log);
+ dns_log_init(log);
+ dns_log_setcontext(log);
+ cfg_log_init(log);
+
+ destination.file.stream = errout;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+ NULL, NULL) == ISC_R_SUCCESS);
+
+ *logp = log;
+ return (ISC_R_SUCCESS);
+}
+
+/*% load the zone */
+isc_result_t
+load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
+ dns_masterformat_t fileformat, const char *classname,
+ dns_zone_t **zonep)
+{
+ isc_result_t result;
+ dns_rdataclass_t rdclass;
+ isc_textregion_t region;
+ isc_buffer_t buffer;
+ dns_fixedname_t fixorigin;
+ dns_name_t *origin;
+ dns_zone_t *zone = NULL;
+
+ REQUIRE(zonep == NULL || *zonep == NULL);
+
+ if (debug)
+ fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
+ zonename, filename, classname);
+
+ CHECK(dns_zone_create(&zone, mctx));
+
+ dns_zone_settype(zone, dns_zone_master);
+
+ isc_buffer_init(&buffer, zonename, strlen(zonename));
+ isc_buffer_add(&buffer, strlen(zonename));
+ dns_fixedname_init(&fixorigin);
+ origin = dns_fixedname_name(&fixorigin);
+ CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
+ ISC_FALSE, NULL));
+ CHECK(dns_zone_setorigin(zone, origin));
+ CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
+ CHECK(dns_zone_setfile2(zone, filename, fileformat));
+
+ DE_CONST(classname, region.base);
+ region.length = strlen(classname);
+ CHECK(dns_rdataclass_fromtext(&rdclass, &region));
+
+ dns_zone_setclass(zone, rdclass);
+ dns_zone_setoption(zone, zone_options, ISC_TRUE);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
+ if (docheckmx)
+ dns_zone_setcheckmx(zone, checkmx);
+ if (docheckns)
+ dns_zone_setcheckns(zone, checkns);
+ if (dochecksrv)
+ dns_zone_setchecksrv(zone, checksrv);
+
+ CHECK(dns_zone_load(zone));
+ if (zonep != NULL) {
+ *zonep = zone;
+ zone = NULL;
+ }
+
+ cleanup:
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ return (result);
+}
+
+/*% dump the zone */
+isc_result_t
+dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
+ dns_masterformat_t fileformat, const dns_master_style_t *style)
+{
+ isc_result_t result;
+ FILE *output = stdout;
+
+ if (debug) {
+ if (filename != NULL && strcmp(filename, "-") != 0)
+ fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
+ zonename, filename);
+ else
+ fprintf(stderr, "dumping \"%s\"\n", zonename);
+ }
+
+ if (filename != NULL && strcmp(filename, "-") != 0) {
+ result = isc_stdio_open(filename, "w+", &output);
+
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not open output "
+ "file \"%s\" for writing\n", filename);
+ return (ISC_R_FAILURE);
+ }
+ }
+
+ result = dns_zone_dumptostream2(zone, output, fileformat, style);
+
+ if (output != stdout)
+ (void)isc_stdio_close(output);
+
+ return (result);
+}
diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h
new file mode 100644
index 0000000..b0ba7e0
--- /dev/null
+++ b/bin/check/check-tool.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: check-tool.h,v 1.14 2007/06/18 23:47:17 tbox Exp $ */
+
+#ifndef CHECK_TOOL_H
+#define CHECK_TOOL_H
+
+/*! \file */
+
+#include <isc/lang.h>
+#include <isc/stdio.h>
+#include <isc/types.h>
+
+#include <dns/masterdump.h>
+#include <dns/types.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp);
+
+isc_result_t
+load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
+ dns_masterformat_t fileformat, const char *classname,
+ dns_zone_t **zonep);
+
+isc_result_t
+dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
+ dns_masterformat_t fileformat, const dns_master_style_t *style);
+
+extern int debug;
+extern isc_boolean_t nomerge;
+extern isc_boolean_t docheckmx;
+extern isc_boolean_t docheckns;
+extern isc_boolean_t dochecksrv;
+extern unsigned int zone_options;
+
+ISC_LANG_ENDDECLS
+
+#endif
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
new file mode 100644
index 0000000..852b133
--- /dev/null
+++ b/bin/check/named-checkconf.8
@@ -0,0 +1,94 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named-checkconf.8,v 1.30 2007/06/20 02:27:32 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: named\-checkconf
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 14, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkconf \- named configuration file syntax checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
+.SH "DESCRIPTION"
+.PP
+\fBnamed\-checkconf\fR
+checks the syntax, but not the semantics, of a named configuration file.
+.SH "OPTIONS"
+.PP
+\-h
+.RS 4
+Print the usage summary and exit.
+.RE
+.PP
+\-t \fIdirectory\fR
+.RS 4
+Chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
+.RE
+.PP
+\-v
+.RS 4
+Print the version of the
+\fBnamed\-checkconf\fR
+program and exit.
+.RE
+.PP
+\-z
+.RS 4
+Perform a test load of all master zones found in
+\fInamed.conf\fR.
+.RE
+.PP
+\-j
+.RS 4
+When loading a zonefile read the journal if it exists.
+.RE
+.PP
+filename
+.RS 4
+The name of the configuration file to be checked. If not specified, it defaults to
+\fI/etc/named.conf\fR.
+.RE
+.SH "RETURN VALUES"
+.PP
+\fBnamed\-checkconf\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fBnamed\-checkzone\fR(8),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
new file mode 100644
index 0000000..0c6e70f
--- /dev/null
+++ b/bin/check/named-checkconf.c
@@ -0,0 +1,504 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named-checkconf.c,v 1.46 2007/11/26 02:12:45 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/commandline.h>
+#include <isc/dir.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <bind9/check.h>
+
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/result.h>
+#include <dns/zone.h>
+
+#include "check-tool.h"
+
+static const char *program = "named-checkconf";
+
+isc_log_t *logc = NULL;
+
+#define CHECK(r)\
+ do { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) \
+ goto cleanup; \
+ } while (0)
+
+/*% usage */
+static void
+usage(void) {
+ fprintf(stderr, "usage: %s [-h] [-j] [-v] [-z] [-t directory] "
+ "[named.conf]\n", program);
+ exit(1);
+}
+
+/*% directory callback */
+static isc_result_t
+directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
+ isc_result_t result;
+ const char *directory;
+
+ REQUIRE(strcasecmp("directory", clausename) == 0);
+
+ UNUSED(arg);
+ UNUSED(clausename);
+
+ /*
+ * Change directory.
+ */
+ directory = cfg_obj_asstring(obj);
+ result = isc_dir_chdir(directory);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(obj, logc, ISC_LOG_ERROR,
+ "change directory to '%s' failed: %s\n",
+ directory, isc_result_totext(result));
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_boolean_t
+get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
+ int i;
+ for (i = 0;; i++) {
+ if (maps[i] == NULL)
+ return (ISC_FALSE);
+ if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+ }
+}
+
+static isc_boolean_t
+get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
+ const cfg_listelt_t *element;
+ const cfg_obj_t *checknames;
+ const cfg_obj_t *type;
+ const cfg_obj_t *value;
+ isc_result_t result;
+ int i;
+
+ for (i = 0;; i++) {
+ if (maps[i] == NULL)
+ return (ISC_FALSE);
+ checknames = NULL;
+ result = cfg_map_get(maps[i], "check-names", &checknames);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ if (checknames != NULL && !cfg_obj_islist(checknames)) {
+ *obj = checknames;
+ return (ISC_TRUE);
+ }
+ for (element = cfg_list_first(checknames);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ value = cfg_listelt_value(element);
+ type = cfg_tuple_get(value, "type");
+ if (strcasecmp(cfg_obj_asstring(type), "master") != 0)
+ continue;
+ *obj = cfg_tuple_get(value, "mode");
+ return (ISC_TRUE);
+ }
+ }
+}
+
+static isc_result_t
+config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
+ int i;
+
+ for (i = 0;; i++) {
+ if (maps[i] == NULL)
+ return (ISC_R_NOTFOUND);
+ if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
+ return (ISC_R_SUCCESS);
+ }
+}
+
+/*% configure the zone */
+static isc_result_t
+configure_zone(const char *vclass, const char *view,
+ const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
+ const cfg_obj_t *config, isc_mem_t *mctx)
+{
+ int i = 0;
+ isc_result_t result;
+ const char *zclass;
+ const char *zname;
+ const char *zfile;
+ const cfg_obj_t *maps[4];
+ const cfg_obj_t *zoptions = NULL;
+ const cfg_obj_t *classobj = NULL;
+ const cfg_obj_t *typeobj = NULL;
+ const cfg_obj_t *fileobj = NULL;
+ const cfg_obj_t *dbobj = NULL;
+ const cfg_obj_t *obj = NULL;
+ const cfg_obj_t *fmtobj = NULL;
+ dns_masterformat_t masterformat;
+
+ zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS;
+
+ zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
+ classobj = cfg_tuple_get(zconfig, "class");
+ if (!cfg_obj_isstring(classobj))
+ zclass = vclass;
+ else
+ zclass = cfg_obj_asstring(classobj);
+
+ zoptions = cfg_tuple_get(zconfig, "options");
+ maps[i++] = zoptions;
+ if (vconfig != NULL)
+ maps[i++] = cfg_tuple_get(vconfig, "options");
+ if (config != NULL) {
+ cfg_map_get(config, "options", &obj);
+ if (obj != NULL)
+ maps[i++] = obj;
+ }
+ maps[i++] = NULL;
+
+ cfg_map_get(zoptions, "type", &typeobj);
+ if (typeobj == NULL)
+ return (ISC_R_FAILURE);
+ if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
+ return (ISC_R_SUCCESS);
+ cfg_map_get(zoptions, "database", &dbobj);
+ if (dbobj != NULL)
+ return (ISC_R_SUCCESS);
+ cfg_map_get(zoptions, "file", &fileobj);
+ if (fileobj == NULL)
+ return (ISC_R_FAILURE);
+ zfile = cfg_obj_asstring(fileobj);
+
+ obj = NULL;
+ if (get_maps(maps, "check-mx", &obj)) {
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ zone_options |= DNS_ZONEOPT_CHECKMX;
+ zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ zone_options |= DNS_ZONEOPT_CHECKMX;
+ zone_options |= DNS_ZONEOPT_CHECKMXFAIL;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ zone_options &= ~DNS_ZONEOPT_CHECKMX;
+ zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+ } else
+ INSIST(0);
+ } else {
+ zone_options |= DNS_ZONEOPT_CHECKMX;
+ zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+ }
+
+ obj = NULL;
+ if (get_maps(maps, "check-integrity", &obj)) {
+ if (cfg_obj_asboolean(obj))
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+ else
+ zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
+ } else
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+
+ obj = NULL;
+ if (get_maps(maps, "check-mx-cname", &obj)) {
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+ zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
+ } else
+ INSIST(0);
+ } else {
+ zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+ }
+
+ obj = NULL;
+ if (get_maps(maps, "check-srv-cname", &obj)) {
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
+ } else
+ INSIST(0);
+ } else {
+ zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+ }
+
+ obj = NULL;
+ if (get_maps(maps, "check-sibling", &obj)) {
+ if (cfg_obj_asboolean(obj))
+ zone_options |= DNS_ZONEOPT_CHECKSIBLING;
+ else
+ zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
+ }
+
+ obj = NULL;
+ if (get_checknames(maps, &obj)) {
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES;
+ zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES;
+ zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
+ zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
+ } else
+ INSIST(0);
+ } else {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES;
+ zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+ }
+
+ masterformat = dns_masterformat_text;
+ fmtobj = NULL;
+ result = config_get(maps, "masterfile-format", &fmtobj);
+ if (result == ISC_R_SUCCESS) {
+ const char *masterformatstr = cfg_obj_asstring(fmtobj);
+ if (strcasecmp(masterformatstr, "text") == 0)
+ masterformat = dns_masterformat_text;
+ else if (strcasecmp(masterformatstr, "raw") == 0)
+ masterformat = dns_masterformat_raw;
+ else
+ INSIST(0);
+ }
+
+ result = load_zone(mctx, zname, zfile, masterformat, zclass, NULL);
+ if (result != ISC_R_SUCCESS)
+ fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
+ dns_result_totext(result));
+ return(result);
+}
+
+/*% configure a view */
+static isc_result_t
+configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
+ const cfg_obj_t *vconfig, isc_mem_t *mctx)
+{
+ const cfg_listelt_t *element;
+ const cfg_obj_t *voptions;
+ const cfg_obj_t *zonelist;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_result_t tresult;
+
+ voptions = NULL;
+ if (vconfig != NULL)
+ voptions = cfg_tuple_get(vconfig, "options");
+
+ zonelist = NULL;
+ if (voptions != NULL)
+ (void)cfg_map_get(voptions, "zone", &zonelist);
+ else
+ (void)cfg_map_get(config, "zone", &zonelist);
+
+ for (element = cfg_list_first(zonelist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *zconfig = cfg_listelt_value(element);
+ tresult = configure_zone(vclass, view, zconfig, vconfig,
+ config, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+ }
+ return (result);
+}
+
+
+/*% load zones from the configuration */
+static isc_result_t
+load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
+ const cfg_listelt_t *element;
+ const cfg_obj_t *classobj;
+ const cfg_obj_t *views;
+ const cfg_obj_t *vconfig;
+ const char *vclass;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_result_t tresult;
+
+ views = NULL;
+
+ (void)cfg_map_get(config, "view", &views);
+ for (element = cfg_list_first(views);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const char *vname;
+
+ vclass = "IN";
+ vconfig = cfg_listelt_value(element);
+ if (vconfig != NULL) {
+ classobj = cfg_tuple_get(vconfig, "class");
+ if (cfg_obj_isstring(classobj))
+ vclass = cfg_obj_asstring(classobj);
+ }
+ vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
+ tresult = configure_view(vclass, vname, config, vconfig, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+ }
+
+ if (views == NULL) {
+ tresult = configure_view("IN", "_default", config, NULL, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+ }
+ return (result);
+}
+
+/*% The main processing routine */
+int
+main(int argc, char **argv) {
+ int c;
+ cfg_parser_t *parser = NULL;
+ cfg_obj_t *config = NULL;
+ const char *conffile = NULL;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+ int exit_status = 0;
+ isc_entropy_t *ectx = NULL;
+ isc_boolean_t load_zones = ISC_FALSE;
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((c = isc_commandline_parse(argc, argv, "dhjt:vz")) != EOF) {
+ switch (c) {
+ case 'd':
+ debug++;
+ break;
+
+ case 'j':
+ nomerge = ISC_FALSE;
+ break;
+
+ case 't':
+ result = isc_dir_chroot(isc_commandline_argument);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chroot: %s\n",
+ isc_result_totext(result));
+ exit(1);
+ }
+ result = isc_dir_chdir("/");
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chdir: %s\n",
+ isc_result_totext(result));
+ exit(1);
+ }
+ break;
+
+ case 'v':
+ printf(VERSION "\n");
+ exit(0);
+
+ case 'z':
+ load_zones = ISC_TRUE;
+ docheckmx = ISC_FALSE;
+ docheckns = ISC_FALSE;
+ dochecksrv = ISC_FALSE;
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ case 'h':
+ usage();
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ if (isc_commandline_index + 1 < argc)
+ usage();
+ if (argv[isc_commandline_index] != NULL)
+ conffile = argv[isc_commandline_index];
+ if (conffile == NULL || conffile[0] == '\0')
+ conffile = NAMED_CONFFILE;
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+ == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
+
+ cfg_parser_setcallback(parser, directory_callback, NULL);
+
+ if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
+ ISC_R_SUCCESS)
+ exit(1);
+
+ result = bind9_check_namedconf(config, logc, mctx);
+ if (result != ISC_R_SUCCESS)
+ exit_status = 1;
+
+ if (result == ISC_R_SUCCESS && load_zones) {
+ result = load_zones_fromconfig(config, mctx);
+ if (result != ISC_R_SUCCESS)
+ exit_status = 1;
+ }
+
+ cfg_obj_destroy(parser, &config);
+
+ cfg_parser_destroy(&parser);
+
+ dns_name_destroy();
+
+ isc_log_destroy(&logc);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ return (exit_status);
+}
diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook
new file mode 100644
index 0000000..5359239
--- /dev/null
+++ b/bin/check/named-checkconf.docbook
@@ -0,0 +1,171 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named-checkconf.docbook,v 1.19 2007/06/19 06:58:03 marka Exp $ -->
+<refentry id="man.named-checkconf">
+ <refentryinfo>
+ <date>June 14, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>named-checkconf</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refnamediv>
+ <refname><application>named-checkconf</application></refname>
+ <refpurpose>named configuration file syntax checking tool</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named-checkconf</command>
+ <arg><option>-h</option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-j</option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="req">filename</arg>
+ <arg><option>-z</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>named-checkconf</command>
+ checks the syntax, but not the semantics, of a named
+ configuration file.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Print the usage summary and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ Chroot to <filename>directory</filename> so that
+ include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>
+ Print the version of the <command>named-checkconf</command>
+ program and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-z</term>
+ <listitem>
+ <para>
+ Perform a test load of all master zones found in
+ <filename>named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-j</term>
+ <listitem>
+ <para>
+ When loading a zonefile read the journal if it exists.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>filename</term>
+ <listitem>
+ <para>
+ The name of the configuration file to be checked. If not
+ specified, it defaults to <filename>/etc/named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>RETURN VALUES</title>
+ <para><command>named-checkconf</command>
+ returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
new file mode 100644
index 0000000..34bec80
--- /dev/null
+++ b/bin/check/named-checkconf.html
@@ -0,0 +1,96 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: named-checkconf.html,v 1.30 2007/06/20 02:27:32 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkconf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.named-checkconf"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543387"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">named-checkconf</strong></span>
+ checks the syntax, but not the semantics, of a named
+ configuration file.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543399"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Print the usage summary and exit.
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ Chroot to <code class="filename">directory</code> so that
+ include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Print the version of the <span><strong class="command">named-checkconf</strong></span>
+ program and exit.
+ </p></dd>
+<dt><span class="term">-z</span></dt>
+<dd><p>
+ Perform a test load of all master zones found in
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term">-j</span></dt>
+<dd><p>
+ When loading a zonefile read the journal if it exists.
+ </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+ The name of the configuration file to be checked. If not
+ specified, it defaults to <code class="filename">/etc/named.conf</code>.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543507"></a><h2>RETURN VALUES</h2>
+<p><span><strong class="command">named-checkconf</strong></span>
+ returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543518"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543548"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
new file mode 100644
index 0000000..3600755
--- /dev/null
+++ b/bin/check/named-checkzone.8
@@ -0,0 +1,278 @@
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named-checkzone.8,v 1.42 2007/06/20 02:27:32 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: named\-checkzone
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 13, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+.HP 18
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+.SH "DESCRIPTION"
+.PP
+\fBnamed\-checkzone\fR
+checks the syntax and integrity of a zone file. It performs the same checks as
+\fBnamed\fR
+does when loading a zone. This makes
+\fBnamed\-checkzone\fR
+useful for checking zone files before configuring them into a name server.
+.PP
+\fBnamed\-compilezone\fR
+is similar to
+\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
+\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
+\fBnamed\fR
+configuration file.
+.SH "OPTIONS"
+.PP
+\-d
+.RS 4
+Enable debugging.
+.RE
+.PP
+\-h
+.RS 4
+Print the usage summary and exit.
+.RE
+.PP
+\-q
+.RS 4
+Quiet mode \- exit code only.
+.RE
+.PP
+\-v
+.RS 4
+Print the version of the
+\fBnamed\-checkzone\fR
+program and exit.
+.RE
+.PP
+\-j
+.RS 4
+When loading the zone file read the journal if it exists.
+.RE
+.PP
+\-c \fIclass\fR
+.RS 4
+Specify the class of the zone. If not specified "IN" is assumed.
+.RE
+.PP
+\-i \fImode\fR
+.RS 4
+Perform post\-load zone integrity checks. Possible modes are
+\fB"full"\fR
+(default),
+\fB"full\-sibling"\fR,
+\fB"local"\fR,
+\fB"local\-sibling"\fR
+and
+\fB"none"\fR.
+.sp
+Mode
+\fB"full"\fR
+checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
+\fB"local"\fR
+only checks MX records which refer to in\-zone hostnames.
+.sp
+Mode
+\fB"full"\fR
+checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
+\fB"local"\fR
+only checks SRV records which refer to in\-zone hostnames.
+.sp
+Mode
+\fB"full"\fR
+checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
+\fB"local"\fR
+only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
+.sp
+Mode
+\fB"full\-sibling"\fR
+and
+\fB"local\-sibling"\fR
+disable sibling glue checks but are otherwise the same as
+\fB"full"\fR
+and
+\fB"local"\fR
+respectively.
+.sp
+Mode
+\fB"none"\fR
+disables the checks.
+.RE
+.PP
+\-f \fIformat\fR
+.RS 4
+Specify the format of the zone file. Possible formats are
+\fB"text"\fR
+(default) and
+\fB"raw"\fR.
+.RE
+.PP
+\-F \fIformat\fR
+.RS 4
+Specify the format of the output file specified. Possible formats are
+\fB"text"\fR
+(default) and
+\fB"raw"\fR. For
+\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
+.RE
+.PP
+\-k \fImode\fR
+.RS 4
+Perform
+\fB"check\-names"\fR
+checks with the specified failure mode. Possible modes are
+\fB"fail"\fR
+(default for
+\fBnamed\-compilezone\fR),
+\fB"warn"\fR
+(default for
+\fBnamed\-checkzone\fR) and
+\fB"ignore"\fR.
+.RE
+.PP
+\-m \fImode\fR
+.RS 4
+Specify whether MX records should be checked to see if they are addresses. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
+\fB"ignore"\fR.
+.RE
+.PP
+\-M \fImode\fR
+.RS 4
+Check if a MX record refers to a CNAME. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
+\fB"ignore"\fR.
+.RE
+.PP
+\-n \fImode\fR
+.RS 4
+Specify whether NS records should be checked to see if they are addresses. Possible modes are
+\fB"fail"\fR
+(default for
+\fBnamed\-compilezone\fR),
+\fB"warn"\fR
+(default for
+\fBnamed\-checkzone\fR) and
+\fB"ignore"\fR.
+.RE
+.PP
+\-o \fIfilename\fR
+.RS 4
+Write zone output to
+\fIfilename\fR. If
+\fIfilename\fR
+is
+\fI\-\fR
+then write to standard out. This is mandatory for
+\fBnamed\-compilezone\fR.
+.RE
+.PP
+\-s \fIstyle\fR
+.RS 4
+Specify the style of the dumped zone file. Possible styles are
+\fB"full"\fR
+(default) and
+\fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
+\fBnamed\-checkzone\fR
+this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
+.RE
+.PP
+\-S \fImode\fR
+.RS 4
+Check if a SRV record refers to a CNAME. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
+\fB"ignore"\fR.
+.RE
+.PP
+\-t \fIdirectory\fR
+.RS 4
+Chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
+.RE
+.PP
+\-w \fIdirectory\fR
+.RS 4
+chdir to
+\fIdirectory\fR
+so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
+\fInamed.conf\fR.
+.RE
+.PP
+\-D
+.RS 4
+Dump zone file in canonical format. This is always enabled for
+\fBnamed\-compilezone\fR.
+.RE
+.PP
+\-W \fImode\fR
+.RS 4
+Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
+\fB"warn"\fR
+(default) and
+\fB"ignore"\fR.
+.RE
+.PP
+zonename
+.RS 4
+The domain name of the zone being checked.
+.RE
+.PP
+filename
+.RS 4
+The name of the zone file.
+.RE
+.SH "RETURN VALUES"
+.PP
+\fBnamed\-checkzone\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
+RFC 1035,
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
new file mode 100644
index 0000000..60f1ee2
--- /dev/null
+++ b/bin/check/named-checkzone.c
@@ -0,0 +1,457 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named-checkzone.c,v 1.51 2008/10/24 01:44:48 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/dir.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/socket.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/masterdump.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/types.h>
+#include <dns/zone.h>
+
+#include "check-tool.h"
+
+static int quiet = 0;
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+dns_zone_t *zone = NULL;
+dns_zonetype_t zonetype = dns_zone_master;
+static int dumpzone = 0;
+static const char *output_filename;
+static char *prog_name = NULL;
+static const dns_master_style_t *outputstyle = NULL;
+static enum { progmode_check, progmode_compile } progmode;
+
+#define ERRRET(result, function) \
+ do { \
+ if (result != ISC_R_SUCCESS) { \
+ if (!quiet) \
+ fprintf(stderr, "%s() returned %s\n", \
+ function, dns_result_totext(result)); \
+ return (result); \
+ } \
+ } while (0)
+
+static void
+usage(void) {
+ fprintf(stderr,
+ "usage: %s [-djqvD] [-c class] [-o output] "
+ "[-f inputformat] [-F outputformat] "
+ "[-t directory] [-w directory] [-k (ignore|warn|fail)] "
+ "[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
+ "[-i (full|full-sibling|local|local-sibling|none)] "
+ "[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
+ "[-W (ignore|warn)] "
+ "zonename filename\n", prog_name);
+ exit(1);
+}
+
+static void
+destroy(void) {
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ dns_name_destroy();
+}
+
+/*% main processing routine */
+int
+main(int argc, char **argv) {
+ int c;
+ char *origin = NULL;
+ char *filename = NULL;
+ isc_log_t *lctx = NULL;
+ isc_result_t result;
+ char classname_in[] = "IN";
+ char *classname = classname_in;
+ const char *workdir = NULL;
+ const char *inputformatstr = NULL;
+ const char *outputformatstr = NULL;
+ dns_masterformat_t inputformat = dns_masterformat_text;
+ dns_masterformat_t outputformat = dns_masterformat_text;
+ FILE *errout = stdout;
+
+ outputstyle = &dns_master_style_full;
+
+ prog_name = strrchr(argv[0], '/');
+ if (prog_name == NULL)
+ prog_name = strrchr(argv[0], '\\');
+ if (prog_name != NULL)
+ prog_name++;
+ else
+ prog_name = argv[0];
+ /*
+ * Libtool doesn't preserve the program name prior to final
+ * installation. Remove the libtool prefix ("lt-").
+ */
+ if (strncmp(prog_name, "lt-", 3) == 0)
+ prog_name += 3;
+ if (strcmp(prog_name, "named-checkzone") == 0)
+ progmode = progmode_check;
+ else if (strcmp(prog_name, "named-compilezone") == 0)
+ progmode = progmode_compile;
+ else
+ INSIST(0);
+
+ /* Compilation specific defaults */
+ if (progmode == progmode_compile) {
+ zone_options |= (DNS_ZONEOPT_CHECKNS |
+ DNS_ZONEOPT_FATALNS |
+ DNS_ZONEOPT_CHECKNAMES |
+ DNS_ZONEOPT_CHECKNAMESFAIL |
+ DNS_ZONEOPT_CHECKWILDCARD);
+ }
+
+#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((c = isc_commandline_parse(argc, argv,
+ "c:df:hi:jk:m:n:qs:t:o:vw:DF:M:S:W:"))
+ != EOF) {
+ switch (c) {
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+
+ case 'd':
+ debug++;
+ break;
+
+ case 'i':
+ if (ARGCMP("full")) {
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
+ DNS_ZONEOPT_CHECKSIBLING;
+ docheckmx = ISC_TRUE;
+ docheckns = ISC_TRUE;
+ dochecksrv = ISC_TRUE;
+ } else if (ARGCMP("full-sibling")) {
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+ zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
+ docheckmx = ISC_TRUE;
+ docheckns = ISC_TRUE;
+ dochecksrv = ISC_TRUE;
+ } else if (ARGCMP("local")) {
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+ zone_options |= DNS_ZONEOPT_CHECKSIBLING;
+ docheckmx = ISC_FALSE;
+ docheckns = ISC_FALSE;
+ dochecksrv = ISC_FALSE;
+ } else if (ARGCMP("local-sibling")) {
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+ zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
+ docheckmx = ISC_FALSE;
+ docheckns = ISC_FALSE;
+ dochecksrv = ISC_FALSE;
+ } else if (ARGCMP("none")) {
+ zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
+ zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
+ docheckmx = ISC_FALSE;
+ docheckns = ISC_FALSE;
+ dochecksrv = ISC_FALSE;
+ } else {
+ fprintf(stderr, "invalid argument to -i: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'f':
+ inputformatstr = isc_commandline_argument;
+ break;
+
+ case 'F':
+ outputformatstr = isc_commandline_argument;
+ break;
+
+ case 'j':
+ nomerge = ISC_FALSE;
+ break;
+
+ case 'k':
+ if (ARGCMP("warn")) {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES;
+ zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
+ } else if (ARGCMP("fail")) {
+ zone_options |= DNS_ZONEOPT_CHECKNAMES |
+ DNS_ZONEOPT_CHECKNAMESFAIL;
+ } else if (ARGCMP("ignore")) {
+ zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
+ DNS_ZONEOPT_CHECKNAMESFAIL);
+ } else {
+ fprintf(stderr, "invalid argument to -k: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'n':
+ if (ARGCMP("ignore")) {
+ zone_options &= ~(DNS_ZONEOPT_CHECKNS|
+ DNS_ZONEOPT_FATALNS);
+ } else if (ARGCMP("warn")) {
+ zone_options |= DNS_ZONEOPT_CHECKNS;
+ zone_options &= ~DNS_ZONEOPT_FATALNS;
+ } else if (ARGCMP("fail")) {
+ zone_options |= DNS_ZONEOPT_CHECKNS|
+ DNS_ZONEOPT_FATALNS;
+ } else {
+ fprintf(stderr, "invalid argument to -n: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'm':
+ if (ARGCMP("warn")) {
+ zone_options |= DNS_ZONEOPT_CHECKMX;
+ zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+ } else if (ARGCMP("fail")) {
+ zone_options |= DNS_ZONEOPT_CHECKMX |
+ DNS_ZONEOPT_CHECKMXFAIL;
+ } else if (ARGCMP("ignore")) {
+ zone_options &= ~(DNS_ZONEOPT_CHECKMX |
+ DNS_ZONEOPT_CHECKMXFAIL);
+ } else {
+ fprintf(stderr, "invalid argument to -m: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'q':
+ quiet++;
+ break;
+
+ case 't':
+ result = isc_dir_chroot(isc_commandline_argument);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chroot: %s: %s\n",
+ isc_commandline_argument,
+ isc_result_totext(result));
+ exit(1);
+ }
+ result = isc_dir_chdir("/");
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chdir: %s\n",
+ isc_result_totext(result));
+ exit(1);
+ }
+ break;
+
+ case 's':
+ if (ARGCMP("full"))
+ outputstyle = &dns_master_style_full;
+ else if (ARGCMP("relative")) {
+ outputstyle = &dns_master_style_default;
+ } else {
+ fprintf(stderr,
+ "unknown or unsupported style: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'o':
+ output_filename = isc_commandline_argument;
+ break;
+
+ case 'v':
+ printf(VERSION "\n");
+ exit(0);
+
+ case 'w':
+ workdir = isc_commandline_argument;
+ break;
+
+ case 'D':
+ dumpzone++;
+ break;
+
+ case 'M':
+ if (ARGCMP("fail")) {
+ zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+ } else if (ARGCMP("warn")) {
+ zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
+ } else if (ARGCMP("ignore")) {
+ zone_options |= DNS_ZONEOPT_WARNMXCNAME;
+ zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
+ } else {
+ fprintf(stderr, "invalid argument to -M: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'S':
+ if (ARGCMP("fail")) {
+ zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+ } else if (ARGCMP("warn")) {
+ zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
+ } else if (ARGCMP("ignore")) {
+ zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
+ zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
+ } else {
+ fprintf(stderr, "invalid argument to -S: %s\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'W':
+ if (ARGCMP("warn"))
+ zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
+ else if (ARGCMP("ignore"))
+ zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ prog_name, isc_commandline_option);
+ case 'h':
+ usage();
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ prog_name, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ if (workdir != NULL) {
+ result = isc_dir_chdir(workdir);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "isc_dir_chdir: %s: %s\n",
+ workdir, isc_result_totext(result));
+ exit(1);
+ }
+ }
+
+ if (inputformatstr != NULL) {
+ if (strcasecmp(inputformatstr, "text") == 0)
+ inputformat = dns_masterformat_text;
+ else if (strcasecmp(inputformatstr, "raw") == 0)
+ inputformat = dns_masterformat_raw;
+ else {
+ fprintf(stderr, "unknown file format: %s\n",
+ inputformatstr);
+ exit(1);
+ }
+ }
+
+ if (outputformatstr != NULL) {
+ if (strcasecmp(outputformatstr, "text") == 0)
+ outputformat = dns_masterformat_text;
+ else if (strcasecmp(outputformatstr, "raw") == 0)
+ outputformat = dns_masterformat_raw;
+ else {
+ fprintf(stderr, "unknown file format: %s\n",
+ outputformatstr);
+ exit(1);
+ }
+ }
+
+ if (progmode == progmode_compile) {
+ dumpzone = 1; /* always dump */
+ if (output_filename == NULL) {
+ fprintf(stderr,
+ "output file required, but not specified\n");
+ usage();
+ }
+ }
+
+ if (output_filename != NULL)
+ dumpzone = 1;
+
+ /*
+ * If we are outputing to stdout then send the informational
+ * output to stderr.
+ */
+ if (dumpzone &&
+ (output_filename == NULL ||
+ strcmp(output_filename, "-") == 0 ||
+ strcmp(output_filename, "/dev/fd/1") == 0 ||
+ strcmp(output_filename, "/dev/stdout") == 0))
+ errout = stderr;
+
+ if (isc_commandline_index + 2 != argc)
+ usage();
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ if (!quiet)
+ RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
+ == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+ == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ origin = argv[isc_commandline_index++];
+ filename = argv[isc_commandline_index++];
+ result = load_zone(mctx, origin, filename, inputformat, classname,
+ &zone);
+
+ if (result == ISC_R_SUCCESS && dumpzone) {
+ if (!quiet && progmode == progmode_compile) {
+ fprintf(errout, "dump zone to %s...", output_filename);
+ fflush(errout);
+ }
+ result = dump_zone(origin, zone, output_filename,
+ outputformat, outputstyle);
+ if (!quiet && progmode == progmode_compile)
+ fprintf(errout, "done\n");
+ }
+
+ if (!quiet && result == ISC_R_SUCCESS)
+ fprintf(errout, "OK\n");
+ destroy();
+ if (lctx != NULL)
+ isc_log_destroy(&lctx);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return ((result == ISC_R_SUCCESS) ? 0 : 1);
+}
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
new file mode 100644
index 0000000..c5321e2
--- /dev/null
+++ b/bin/check/named-checkzone.docbook
@@ -0,0 +1,455 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named-checkzone.docbook,v 1.34 2007/06/19 06:58:03 marka Exp $ -->
+<refentry id="man.named-checkzone">
+ <refentryinfo>
+ <date>June 13, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>named-checkzone</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refnamediv>
+ <refname><application>named-checkzone</application></refname>
+ <refname><application>named-compilezone</application></refname>
+ <refpurpose>zone file validity checking or converting tool</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named-checkzone</command>
+ <arg><option>-d</option></arg>
+ <arg><option>-h</option></arg>
+ <arg><option>-j</option></arg>
+ <arg><option>-q</option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
+ <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
+ <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
+ <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-D</option></arg>
+ <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="req">zonename</arg>
+ <arg choice="req">filename</arg>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <command>named-compilezone</command>
+ <arg><option>-d</option></arg>
+ <arg><option>-j</option></arg>
+ <arg><option>-q</option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
+ <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
+ <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-D</option></arg>
+ <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="req">zonename</arg>
+ <arg choice="req">filename</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>named-checkzone</command>
+ checks the syntax and integrity of a zone file. It performs the
+ same checks as <command>named</command> does when loading a
+ zone. This makes <command>named-checkzone</command> useful for
+ checking zone files before configuring them into a name server.
+ </para>
+ <para>
+ <command>named-compilezone</command> is similar to
+ <command>named-checkzone</command>, but it always dumps the
+ zone contents to a specified file in a specified format.
+ Additionally, it applies stricter check levels by default,
+ since the dump output will be used as an actual zone file
+ loaded by <command>named</command>.
+ When manually specified otherwise, the check levels must at
+ least be as strict as those specified in the
+ <command>named</command> configuration file.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-d</term>
+ <listitem>
+ <para>
+ Enable debugging.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Print the usage summary and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-q</term>
+ <listitem>
+ <para>
+ Quiet mode - exit code only.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>
+ Print the version of the <command>named-checkzone</command>
+ program and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-j</term>
+ <listitem>
+ <para>
+ When loading the zone file read the journal if it exists.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">class</replaceable></term>
+ <listitem>
+ <para>
+ Specify the class of the zone. If not specified "IN" is assumed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Perform post-load zone integrity checks. Possible modes are
+ <command>"full"</command> (default),
+ <command>"full-sibling"</command>,
+ <command>"local"</command>,
+ <command>"local-sibling"</command> and
+ <command>"none"</command>.
+ </para>
+ <para>
+ Mode <command>"full"</command> checks that MX records
+ refer to A or AAAA record (both in-zone and out-of-zone
+ hostnames). Mode <command>"local"</command> only
+ checks MX records which refer to in-zone hostnames.
+ </para>
+ <para>
+ Mode <command>"full"</command> checks that SRV records
+ refer to A or AAAA record (both in-zone and out-of-zone
+ hostnames). Mode <command>"local"</command> only
+ checks SRV records which refer to in-zone hostnames.
+ </para>
+ <para>
+ Mode <command>"full"</command> checks that delegation NS
+ records refer to A or AAAA record (both in-zone and out-of-zone
+ hostnames). It also checks that glue address records
+ in the zone match those advertised by the child.
+ Mode <command>"local"</command> only checks NS records which
+ refer to in-zone hostnames or that some required glue exists,
+ that is when the nameserver is in a child zone.
+ </para>
+ <para>
+ Mode <command>"full-sibling"</command> and
+ <command>"local-sibling"</command> disable sibling glue
+ checks but are otherwise the same as <command>"full"</command>
+ and <command>"local"</command> respectively.
+ </para>
+ <para>
+ Mode <command>"none"</command> disables the checks.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f <replaceable class="parameter">format</replaceable></term>
+ <listitem>
+ <para>
+ Specify the format of the zone file.
+ Possible formats are <command>"text"</command> (default)
+ and <command>"raw"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-F <replaceable class="parameter">format</replaceable></term>
+ <listitem>
+ <para>
+ Specify the format of the output file specified.
+ Possible formats are <command>"text"</command> (default)
+ and <command>"raw"</command>.
+ For <command>named-checkzone</command>,
+ this does not cause any effects unless it dumps the zone
+ contents.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Perform <command>"check-names"</command> checks with the
+ specified failure mode.
+ Possible modes are <command>"fail"</command>
+ (default for <command>named-compilezone</command>),
+ <command>"warn"</command>
+ (default for <command>named-checkzone</command>) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Specify whether MX records should be checked to see if they
+ are addresses. Possible modes are <command>"fail"</command>,
+ <command>"warn"</command> (default) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-M <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Check if a MX record refers to a CNAME.
+ Possible modes are <command>"fail"</command>,
+ <command>"warn"</command> (default) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Specify whether NS records should be checked to see if they
+ are addresses.
+ Possible modes are <command>"fail"</command>
+ (default for <command>named-compilezone</command>),
+ <command>"warn"</command>
+ (default for <command>named-checkzone</command>) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-o <replaceable class="parameter">filename</replaceable></term>
+ <listitem>
+ <para>
+ Write zone output to <filename>filename</filename>.
+ If <filename>filename</filename> is <filename>-</filename> then
+ write to standard out.
+ This is mandatory for <command>named-compilezone</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">style</replaceable></term>
+ <listitem>
+ <para>
+ Specify the style of the dumped zone file.
+ Possible styles are <command>"full"</command> (default)
+ and <command>"relative"</command>.
+ The full format is most suitable for processing
+ automatically by a separate script.
+ On the other hand, the relative format is more
+ human-readable and is thus suitable for editing by hand.
+ For <command>named-checkzone</command>
+ this does not cause any effects unless it dumps the zone
+ contents.
+ It also does not have any meaning if the output format
+ is not text.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-S <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Check if a SRV record refers to a CNAME.
+ Possible modes are <command>"fail"</command>,
+ <command>"warn"</command> (default) and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ Chroot to <filename>directory</filename> so that
+ include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-w <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ chdir to <filename>directory</filename> so that
+ relative
+ filenames in master file $INCLUDE directives work. This
+ is similar to the directory clause in
+ <filename>named.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D</term>
+ <listitem>
+ <para>
+ Dump zone file in canonical format.
+ This is always enabled for <command>named-compilezone</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-W <replaceable class="parameter">mode</replaceable></term>
+ <listitem>
+ <para>
+ Specify whether to check for non-terminal wildcards.
+ Non-terminal wildcards are almost always the result of a
+ failure to understand the wildcard matching algorithm (RFC 1034).
+ Possible modes are <command>"warn"</command> (default)
+ and
+ <command>"ignore"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>zonename</term>
+ <listitem>
+ <para>
+ The domain name of the zone being checked.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>filename</term>
+ <listitem>
+ <para>
+ The name of the zone file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>RETURN VALUES</title>
+ <para><command>named-checkzone</command>
+ returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>RFC 1035</citetitle>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
new file mode 100644
index 0000000..4e0b5ea
--- /dev/null
+++ b/bin/check/named-checkzone.html
@@ -0,0 +1,262 @@
+<!--
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: named-checkzone.html,v 1.42 2007/06/20 02:27:32 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.named-checkzone"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> &#8212; zone file validity checking or converting tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543669"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">named-checkzone</strong></span>
+ checks the syntax and integrity of a zone file. It performs the
+ same checks as <span><strong class="command">named</strong></span> does when loading a
+ zone. This makes <span><strong class="command">named-checkzone</strong></span> useful for
+ checking zone files before configuring them into a name server.
+ </p>
+<p>
+ <span><strong class="command">named-compilezone</strong></span> is similar to
+ <span><strong class="command">named-checkzone</strong></span>, but it always dumps the
+ zone contents to a specified file in a specified format.
+ Additionally, it applies stricter check levels by default,
+ since the dump output will be used as an actual zone file
+ loaded by <span><strong class="command">named</strong></span>.
+ When manually specified otherwise, the check levels must at
+ least be as strict as those specified in the
+ <span><strong class="command">named</strong></span> configuration file.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543704"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-d</span></dt>
+<dd><p>
+ Enable debugging.
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Print the usage summary and exit.
+ </p></dd>
+<dt><span class="term">-q</span></dt>
+<dd><p>
+ Quiet mode - exit code only.
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Print the version of the <span><strong class="command">named-checkzone</strong></span>
+ program and exit.
+ </p></dd>
+<dt><span class="term">-j</span></dt>
+<dd><p>
+ When loading the zone file read the journal if it exists.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Specify the class of the zone. If not specified "IN" is assumed.
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
+<dd>
+<p>
+ Perform post-load zone integrity checks. Possible modes are
+ <span><strong class="command">"full"</strong></span> (default),
+ <span><strong class="command">"full-sibling"</strong></span>,
+ <span><strong class="command">"local"</strong></span>,
+ <span><strong class="command">"local-sibling"</strong></span> and
+ <span><strong class="command">"none"</strong></span>.
+ </p>
+<p>
+ Mode <span><strong class="command">"full"</strong></span> checks that MX records
+ refer to A or AAAA record (both in-zone and out-of-zone
+ hostnames). Mode <span><strong class="command">"local"</strong></span> only
+ checks MX records which refer to in-zone hostnames.
+ </p>
+<p>
+ Mode <span><strong class="command">"full"</strong></span> checks that SRV records
+ refer to A or AAAA record (both in-zone and out-of-zone
+ hostnames). Mode <span><strong class="command">"local"</strong></span> only
+ checks SRV records which refer to in-zone hostnames.
+ </p>
+<p>
+ Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
+ records refer to A or AAAA record (both in-zone and out-of-zone
+ hostnames). It also checks that glue address records
+ in the zone match those advertised by the child.
+ Mode <span><strong class="command">"local"</strong></span> only checks NS records which
+ refer to in-zone hostnames or that some required glue exists,
+ that is when the nameserver is in a child zone.
+ </p>
+<p>
+ Mode <span><strong class="command">"full-sibling"</strong></span> and
+ <span><strong class="command">"local-sibling"</strong></span> disable sibling glue
+ checks but are otherwise the same as <span><strong class="command">"full"</strong></span>
+ and <span><strong class="command">"local"</strong></span> respectively.
+ </p>
+<p>
+ Mode <span><strong class="command">"none"</strong></span> disables the checks.
+ </p>
+</dd>
+<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
+<dd><p>
+ Specify the format of the zone file.
+ Possible formats are <span><strong class="command">"text"</strong></span> (default)
+ and <span><strong class="command">"raw"</strong></span>.
+ </p></dd>
+<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
+<dd><p>
+ Specify the format of the output file specified.
+ Possible formats are <span><strong class="command">"text"</strong></span> (default)
+ and <span><strong class="command">"raw"</strong></span>.
+ For <span><strong class="command">named-checkzone</strong></span>,
+ this does not cause any effects unless it dumps the zone
+ contents.
+ </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Perform <span><strong class="command">"check-names"</strong></span> checks with the
+ specified failure mode.
+ Possible modes are <span><strong class="command">"fail"</strong></span>
+ (default for <span><strong class="command">named-compilezone</strong></span>),
+ <span><strong class="command">"warn"</strong></span>
+ (default for <span><strong class="command">named-checkzone</strong></span>) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Specify whether MX records should be checked to see if they
+ are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>,
+ <span><strong class="command">"warn"</strong></span> (default) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Check if a MX record refers to a CNAME.
+ Possible modes are <span><strong class="command">"fail"</strong></span>,
+ <span><strong class="command">"warn"</strong></span> (default) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Specify whether NS records should be checked to see if they
+ are addresses.
+ Possible modes are <span><strong class="command">"fail"</strong></span>
+ (default for <span><strong class="command">named-compilezone</strong></span>),
+ <span><strong class="command">"warn"</strong></span>
+ (default for <span><strong class="command">named-checkzone</strong></span>) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
+<dd><p>
+ Write zone output to <code class="filename">filename</code>.
+ If <code class="filename">filename</code> is <code class="filename">-</code> then
+ write to standard out.
+ This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
+<dd><p>
+ Specify the style of the dumped zone file.
+ Possible styles are <span><strong class="command">"full"</strong></span> (default)
+ and <span><strong class="command">"relative"</strong></span>.
+ The full format is most suitable for processing
+ automatically by a separate script.
+ On the other hand, the relative format is more
+ human-readable and is thus suitable for editing by hand.
+ For <span><strong class="command">named-checkzone</strong></span>
+ this does not cause any effects unless it dumps the zone
+ contents.
+ It also does not have any meaning if the output format
+ is not text.
+ </p></dd>
+<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Check if a SRV record refers to a CNAME.
+ Possible modes are <span><strong class="command">"fail"</strong></span>,
+ <span><strong class="command">"warn"</strong></span> (default) and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ Chroot to <code class="filename">directory</code> so that
+ include
+ directives in the configuration file are processed as if
+ run by a similarly chrooted named.
+ </p></dd>
+<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ chdir to <code class="filename">directory</code> so that
+ relative
+ filenames in master file $INCLUDE directives work. This
+ is similar to the directory clause in
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term">-D</span></dt>
+<dd><p>
+ Dump zone file in canonical format.
+ This is always enabled for <span><strong class="command">named-compilezone</strong></span>.
+ </p></dd>
+<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+ Specify whether to check for non-terminal wildcards.
+ Non-terminal wildcards are almost always the result of a
+ failure to understand the wildcard matching algorithm (RFC 1034).
+ Possible modes are <span><strong class="command">"warn"</strong></span> (default)
+ and
+ <span><strong class="command">"ignore"</strong></span>.
+ </p></dd>
+<dt><span class="term">zonename</span></dt>
+<dd><p>
+ The domain name of the zone being checked.
+ </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+ The name of the zone file.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544325"></a><h2>RETURN VALUES</h2>
+<p><span><strong class="command">named-checkzone</strong></span>
+ returns an exit status of 1 if
+ errors were detected and 0 otherwise.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544337"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <em class="citetitle">RFC 1035</em>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544370"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/check/win32/checktool.dsp b/bin/check/win32/checktool.dsp
new file mode 100644
index 0000000..0d0afc5
--- /dev/null
+++ b/bin/check/win32/checktool.dsp
@@ -0,0 +1,113 @@
+# Microsoft Developer Studio Project File - Name="checktool" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=checktool - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "checktool.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "checktool.mak" CFG="checktool - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "checktool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "checktool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "checktool - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /out:"Release/checktool.lib"
+
+!ELSEIF "$(CFG)" == "checktool - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /debug out:"Debug/checktool.lib"
+
+!ENDIF
+
+# Begin Target
+
+# Name "checktool - Win32 Release"
+# Name "checktool - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\check-tool.c
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/bin/check/win32/checktool.dsw b/bin/check/win32/checktool.dsw
new file mode 100644
index 0000000..bb139e7
--- /dev/null
+++ b/bin/check/win32/checktool.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/check/win32/namedcheckconf.dsp b/bin/check/win32/namedcheckconf.dsp
new file mode 100644
index 0000000..b0240d4
--- /dev/null
+++ b/bin/check/win32/namedcheckconf.dsp
@@ -0,0 +1,107 @@
+# Microsoft Developer Studio Project File - Name="namedcheckconf" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=namedcheckconf - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "namedcheckconf.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "namedcheckconf.mak" CFG="namedcheckconf - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "namedcheckconf - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "namedcheckconf - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
+
+!ELSEIF "$(CFG)" == "namedcheckconf - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "namedcheckconf - Win32 Release"
+# Name "namedcheckconf - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\named-checkconf.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE="..\check-tool.h"
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/check/win32/namedcheckconf.dsw b/bin/check/win32/namedcheckconf.dsw
new file mode 100644
index 0000000..d7b794f
--- /dev/null
+++ b/bin/check/win32/namedcheckconf.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "namedcheckconf"=".\namedcheckconf.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/check/win32/namedcheckconf.mak b/bin/check/win32/namedcheckconf.mak
new file mode 100644
index 0000000..3d98e01
--- /dev/null
+++ b/bin/check/win32/namedcheckconf.mak
@@ -0,0 +1,404 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on namedcheckconf.dsp
+!IF "$(CFG)" == ""
+CFG=namedcheckconf - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to namedcheckconf - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "namedcheckconf - Win32 Release" && "$(CFG)" != "namedcheckconf - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "namedcheckconf.mak" CFG="namedcheckconf - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "namedcheckconf - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "namedcheckconf - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
+
+!ELSE
+
+ALL : "libdns - Win32 Release" "libisccfg - Win32 Release" "libisc - Win32 Release" "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libisc - Win32 ReleaseCLEAN" "libisccfg - Win32 ReleaseCLEAN" "libdns - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\check-tool.obj"
+ -@erase "$(INTDIR)\check-tool.sbr"
+ -@erase "$(INTDIR)\named-checkconf.obj"
+ -@erase "$(INTDIR)\named-checkconf.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(OUTDIR)\namedcheckconf.bsc"
+ -@erase "..\..\..\Build\Release\named-checkconf.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\check-tool.sbr" \
+ "$(INTDIR)\named-checkconf.sbr"
+
+"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkconf.pdb" /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\check-tool.obj" \
+ "$(INTDIR)\named-checkconf.obj" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib"
+
+"..\..\..\Build\Release\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "namedcheckconf - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
+
+!ELSE
+
+ALL : "libdns - Win32 Debug" "libisccfg - Win32 Debug" "libisc - Win32 Debug" "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libisc - Win32 DebugCLEAN" "libisccfg - Win32 DebugCLEAN" "libdns - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\check-tool.obj"
+ -@erase "$(INTDIR)\check-tool.sbr"
+ -@erase "$(INTDIR)\named-checkconf.obj"
+ -@erase "$(INTDIR)\named-checkconf.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\named-checkconf.pdb"
+ -@erase "$(OUTDIR)\namedcheckconf.bsc"
+ -@erase "..\..\..\Build\Debug\named-checkconf.exe"
+ -@erase "..\..\..\Build\Debug\named-checkconf.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\check-tool.sbr" \
+ "$(INTDIR)\named-checkconf.sbr"
+
+"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkconf.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\check-tool.obj" \
+ "$(INTDIR)\named-checkconf.obj" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib"
+
+"..\..\..\Build\Debug\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("namedcheckconf.dep")
+!INCLUDE "namedcheckconf.dep"
+!ELSE
+!MESSAGE Warning: cannot find "namedcheckconf.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release" || "$(CFG)" == "namedcheckconf - Win32 Debug"
+SOURCE="..\check-tool.c"
+
+"$(INTDIR)\check-tool.obj" "$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+SOURCE="..\named-checkconf.c"
+
+"$(INTDIR)\named-checkconf.obj" "$(INTDIR)\named-checkconf.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\check\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ELSEIF "$(CFG)" == "namedcheckconf - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\check\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release"
+
+"libisccfg - Win32 Release" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release"
+ cd "..\..\..\bin\check\win32"
+
+"libisccfg - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ELSEIF "$(CFG)" == "namedcheckconf - Win32 Debug"
+
+"libisccfg - Win32 Debug" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug"
+ cd "..\..\..\bin\check\win32"
+
+"libisccfg - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "namedcheckconf - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\check\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ELSEIF "$(CFG)" == "namedcheckconf - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\check\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/check/win32/namedcheckzone.dsp b/bin/check/win32/namedcheckzone.dsp
new file mode 100644
index 0000000..2b64144
--- /dev/null
+++ b/bin/check/win32/namedcheckzone.dsp
@@ -0,0 +1,108 @@
+# Microsoft Developer Studio Project File - Name="namedcheckzone" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=namedcheckzone - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "namedcheckzone.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "namedcheckzone.mak" CFG="namedcheckzone - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "namedcheckzone - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "namedcheckzone - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
+# SUBTRACT CPP /Fr
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
+
+!ELSEIF "$(CFG)" == "namedcheckzone - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "namedcheckzone - Win32 Release"
+# Name "namedcheckzone - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\named-checkzone.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE="..\check-tool.h"
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/check/win32/namedcheckzone.dsw b/bin/check/win32/namedcheckzone.dsw
new file mode 100644
index 0000000..d723eb5
--- /dev/null
+++ b/bin/check/win32/namedcheckzone.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "namedcheckzone"=".\namedcheckzone.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/check/win32/namedcheckzone.mak b/bin/check/win32/namedcheckzone.mak
new file mode 100644
index 0000000..810a60e
--- /dev/null
+++ b/bin/check/win32/namedcheckzone.mak
@@ -0,0 +1,404 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on namedcheckzone.dsp
+!IF "$(CFG)" == ""
+CFG=namedcheckzone - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to namedcheckzone - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "namedcheckzone - Win32 Release" && "$(CFG)" != "namedcheckzone - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "namedcheckzone.mak" CFG="namedcheckzone - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "namedcheckzone - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "namedcheckzone - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\named-checkzone.exe"
+
+!ELSE
+
+ALL : "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\named-checkzone.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\check-tool.obj"
+ -@erase "$(INTDIR)\named-checkzone.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\named-checkzone.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckzone.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkzone.pdb" /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\check-tool.obj" \
+ "$(INTDIR)\named-checkzone.obj" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib" \
+ "..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib"
+
+"..\..\..\Build\Release\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "namedcheckzone - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
+
+!ELSE
+
+ALL : "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\check-tool.obj"
+ -@erase "$(INTDIR)\check-tool.sbr"
+ -@erase "$(INTDIR)\named-checkzone.obj"
+ -@erase "$(INTDIR)\named-checkzone.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\named-checkzone.pdb"
+ -@erase "$(OUTDIR)\namedcheckzone.bsc"
+ -@erase "..\..\..\Build\Debug\named-checkzone.exe"
+ -@erase "..\..\..\Build\Debug\named-checkzone.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckzone.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\check-tool.sbr" \
+ "$(INTDIR)\named-checkzone.sbr"
+
+"$(OUTDIR)\namedcheckzone.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkzone.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\check-tool.obj" \
+ "$(INTDIR)\named-checkzone.obj" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib" \
+ "..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib"
+
+"..\..\..\Build\Debug\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("namedcheckzone.dep")
+!INCLUDE "namedcheckzone.dep"
+!ELSE
+!MESSAGE Warning: cannot find "namedcheckzone.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release" || "$(CFG)" == "namedcheckzone - Win32 Debug"
+SOURCE="..\check-tool.c"
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+
+
+"$(INTDIR)\check-tool.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "namedcheckzone - Win32 Debug"
+
+
+"$(INTDIR)\check-tool.obj" "$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE="..\named-checkzone.c"
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+
+
+"$(INTDIR)\named-checkzone.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "namedcheckzone - Win32 Debug"
+
+
+"$(INTDIR)\named-checkzone.obj" "$(INTDIR)\named-checkzone.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\check\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ELSEIF "$(CFG)" == "namedcheckzone - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\check\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "namedcheckzone - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\check\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ELSEIF "$(CFG)" == "namedcheckzone - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\check\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\check\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
new file mode 100644
index 0000000..bc9d34f
--- /dev/null
+++ b/bin/dig/Makefile.in
@@ -0,0 +1,101 @@
+# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.41 2007/06/19 23:46:59 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISC_INCLUDES} ${LWRES_INCLUDES}
+
+CDEFINES = -DVERSION=\"${VERSION}\"
+CWARNINGS =
+
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+LWRESLIBS = ../../lib/lwres/liblwres.@A@
+
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
+ ${LWRESDEPLIBS}
+
+LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \
+ ${ISCCFGLIBS} @IDNLIBS@ @LIBS@
+
+SUBDIRS =
+
+TARGETS = dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
+
+OBJS = dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
+
+UOBJS =
+
+SRCS = dig.c dighost.c host.c nslookup.c
+
+MANPAGES = dig.1 host.1 nslookup.1
+
+HTMLPAGES = dig.html host.html nslookup.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+
+host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+
+nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+clean distclean maintainer-clean::
+ rm -f ${TARGETS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+
+install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+ dig@EXEEXT@ ${DESTDIR}${bindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+ host@EXEEXT@ ${DESTDIR}${bindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+ nslookup@EXEEXT@ ${DESTDIR}${bindir}
+ for m in ${MANPAGES}; do \
+ ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
+ done
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
new file mode 100644
index 0000000..436740b
--- /dev/null
+++ b/bin/dig/dig.1
@@ -0,0 +1,568 @@
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dig.1,v 1.50 2008/10/14 01:11:35 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: dig
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dig \- DNS lookup utility
+.SH "SYNOPSIS"
+.HP 4
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+.HP 4
+\fBdig\fR [\fB\-h\fR]
+.HP 4
+\fBdig\fR [global\-queryopt...] [query...]
+.SH "DESCRIPTION"
+.PP
+\fBdig\fR
+(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use
+\fBdig\fR
+to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than
+\fBdig\fR.
+.PP
+Although
+\fBdig\fR
+is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
+\fB\-h\fR
+option is given. Unlike earlier versions, the BIND 9 implementation of
+\fBdig\fR
+allows multiple lookups to be issued from the command line.
+.PP
+Unless it is told to query a specific name server,
+\fBdig\fR
+will try each of the servers listed in
+\fI/etc/resolv.conf\fR.
+.PP
+When no command line arguments or options are given,
+\fBdig\fR
+will perform an NS query for "." (the root).
+.PP
+It is possible to set per\-user defaults for
+\fBdig\fR
+via
+\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
+.PP
+The IN and CH class names overlap with the IN and CH top level domains names. Either use the
+\fB\-t\fR
+and
+\fB\-c\fR
+options to specify the type and class, use the
+\fB\-q\fR
+the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
+.SH "SIMPLE USAGE"
+.PP
+A typical invocation of
+\fBdig\fR
+looks like:
+.sp
+.RS 4
+.nf
+ dig @server name type
+.fi
+.RE
+.sp
+where:
+.PP
+\fBserver\fR
+.RS 4
+is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
+\fIserver\fR
+argument is a hostname,
+\fBdig\fR
+resolves that name before querying that name server. If no
+\fIserver\fR
+argument is provided,
+\fBdig\fR
+consults
+\fI/etc/resolv.conf\fR
+and queries the name servers listed there. The reply from the name server that responds is displayed.
+.RE
+.PP
+\fBname\fR
+.RS 4
+is the name of the resource record that is to be looked up.
+.RE
+.PP
+\fBtype\fR
+.RS 4
+indicates what type of query is required \(em ANY, A, MX, SIG, etc.
+\fItype\fR
+can be any valid query type. If no
+\fItype\fR
+argument is supplied,
+\fBdig\fR
+will perform a lookup for an A record.
+.RE
+.SH "OPTIONS"
+.PP
+The
+\fB\-b\fR
+option sets the source IP address of the query to
+\fIaddress\fR. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#<port>"
+.PP
+The default query class (IN for internet) is overridden by the
+\fB\-c\fR
+option.
+\fIclass\fR
+is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
+.PP
+The
+\fB\-f\fR
+option makes
+\fBdig \fR
+operate in batch mode by reading a list of lookup requests to process from the file
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
+\fBdig\fR
+using the command\-line interface.
+.PP
+The
+\fB\-m\fR
+option enables memory usage debugging.
+.PP
+If a non\-standard port number is to be queried, the
+\fB\-p\fR
+option is used.
+\fIport#\fR
+is the port number that
+\fBdig\fR
+will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
+.PP
+The
+\fB\-4\fR
+option forces
+\fBdig\fR
+to only use IPv4 query transport. The
+\fB\-6\fR
+option forces
+\fBdig\fR
+to only use IPv6 query transport.
+.PP
+The
+\fB\-t\fR
+option sets the query type to
+\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
+\fB\-x\fR
+option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
+\fItype\fR
+is set to
+ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
+\fIN\fR.
+.PP
+The
+\fB\-q\fR
+option sets the query name to
+\fIname\fR. This useful do distinguish the
+\fIname\fR
+from other arguments.
+.PP
+Reverse lookups \(em mapping addresses to names \(em are simplified by the
+\fB\-x\fR
+option.
+\fIaddr\fR
+is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the
+\fIname\fR,
+\fIclass\fR
+and
+\fItype\fR
+arguments.
+\fBdig\fR
+automatically performs a lookup for a name like
+11.12.13.10.in\-addr.arpa
+and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the
+\fB\-i\fR
+option. Bit string labels (RFC2874) are now experimental and are not attempted.
+.PP
+To sign the DNS queries sent by
+\fBdig\fR
+and their responses using transaction signatures (TSIG), specify a TSIG key file using the
+\fB\-k\fR
+option. You can also specify the TSIG key itself on the command line using the
+\fB\-y\fR
+option;
+\fIhmac\fR
+is the type of the TSIG, default HMAC\-MD5,
+\fIname\fR
+is the name of the TSIG key and
+\fIkey\fR
+is the actual key. The key is a base\-64 encoded string, typically generated by
+\fBdnssec\-keygen\fR(8). Caution should be taken when using the
+\fB\-y\fR
+option on multi\-user systems as the key can be visible in the output from
+\fBps\fR(1)
+or in the shell's history file. When using TSIG authentication with
+\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
+\fBkey\fR
+and
+\fBserver\fR
+statements in
+\fInamed.conf\fR.
+.SH "QUERY OPTIONS"
+.PP
+\fBdig\fR
+provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
+.PP
+Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
+no
+to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
+\fB+keyword=value\fR. The query options are:
+.PP
+\fB+[no]tcp\fR
+.RS 4
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.RE
+.PP
+\fB+[no]vc\fR
+.RS 4
+Use [do not use] TCP when querying name servers. This alternate syntax to
+\fI+[no]tcp\fR
+is provided for backwards compatibility. The "vc" stands for "virtual circuit".
+.RE
+.PP
+\fB+[no]ignore\fR
+.RS 4
+Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
+.RE
+.PP
+\fB+domain=somename\fR
+.RS 4
+Set the search list to contain the single domain
+\fIsomename\fR, as if specified in a
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR, and enable search list processing as if the
+\fI+search\fR
+option were given.
+.RE
+.PP
+\fB+[no]search\fR
+.RS 4
+Use [do not use] the search list defined by the searchlist or domain directive in
+\fIresolv.conf\fR
+(if any). The search list is not used by default.
+.RE
+.PP
+\fB+[no]showsearch\fR
+.RS 4
+Perform [do not perform] a search showing intermediate results.
+.RE
+.PP
+\fB+[no]defname\fR
+.RS 4
+Deprecated, treated as a synonym for
+\fI+[no]search\fR
+.RE
+.PP
+\fB+[no]aaonly\fR
+.RS 4
+Sets the "aa" flag in the query.
+.RE
+.PP
+\fB+[no]aaflag\fR
+.RS 4
+A synonym for
+\fI+[no]aaonly\fR.
+.RE
+.PP
+\fB+[no]adflag\fR
+.RS 4
+Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
+.RE
+.PP
+\fB+[no]cdflag\fR
+.RS 4
+Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
+.RE
+.PP
+\fB+[no]cl\fR
+.RS 4
+Display [do not display] the CLASS when printing the record.
+.RE
+.PP
+\fB+[no]ttlid\fR
+.RS 4
+Display [do not display] the TTL when printing the record.
+.RE
+.PP
+\fB+[no]recurse\fR
+.RS 4
+Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
+\fBdig\fR
+normally sends recursive queries. Recursion is automatically disabled when the
+\fI+nssearch\fR
+or
+\fI+trace\fR
+query options are used.
+.RE
+.PP
+\fB+[no]nssearch\fR
+.RS 4
+When this option is set,
+\fBdig\fR
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
+.RE
+.PP
+\fB+[no]trace\fR
+.RS 4
+Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
+\fBdig\fR
+makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
+.RE
+.PP
+\fB+[no]cmd\fR
+.RS 4
+Toggles the printing of the initial comment in the output identifying the version of
+\fBdig\fR
+and the query options that have been applied. This comment is printed by default.
+.RE
+.PP
+\fB+[no]short\fR
+.RS 4
+Provide a terse answer. The default is to print the answer in a verbose form.
+.RE
+.PP
+\fB+[no]identify\fR
+.RS 4
+Show [or do not show] the IP address and port number that supplied the answer when the
+\fI+short\fR
+option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
+.RE
+.PP
+\fB+[no]comments\fR
+.RS 4
+Toggle the display of comment lines in the output. The default is to print comments.
+.RE
+.PP
+\fB+[no]stats\fR
+.RS 4
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
+.RE
+.PP
+\fB+[no]qr\fR
+.RS 4
+Print [do not print] the query as it is sent. By default, the query is not printed.
+.RE
+.PP
+\fB+[no]question\fR
+.RS 4
+Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
+.RE
+.PP
+\fB+[no]answer\fR
+.RS 4
+Display [do not display] the answer section of a reply. The default is to display it.
+.RE
+.PP
+\fB+[no]authority\fR
+.RS 4
+Display [do not display] the authority section of a reply. The default is to display it.
+.RE
+.PP
+\fB+[no]additional\fR
+.RS 4
+Display [do not display] the additional section of a reply. The default is to display it.
+.RE
+.PP
+\fB+[no]all\fR
+.RS 4
+Set or clear all display flags.
+.RE
+.PP
+\fB+time=T\fR
+.RS 4
+Sets the timeout for a query to
+\fIT\fR
+seconds. The default timeout is 5 seconds. An attempt to set
+\fIT\fR
+to less than 1 will result in a query timeout of 1 second being applied.
+.RE
+.PP
+\fB+tries=T\fR
+.RS 4
+Sets the number of times to try UDP queries to server to
+\fIT\fR
+instead of the default, 3. If
+\fIT\fR
+is less than or equal to zero, the number of tries is silently rounded up to 1.
+.RE
+.PP
+\fB+retry=T\fR
+.RS 4
+Sets the number of times to retry UDP queries to server to
+\fIT\fR
+instead of the default, 2. Unlike
+\fI+tries\fR, this does not include the initial query.
+.RE
+.PP
+\fB+ndots=D\fR
+.RS 4
+Set the number of dots that have to appear in
+\fIname\fR
+to
+\fID\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR.
+.RE
+.PP
+\fB+bufsize=B\fR
+.RS 4
+Set the UDP message buffer size advertised using EDNS0 to
+\fIB\fR
+bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
+.RE
+.PP
+\fB+edns=#\fR
+.RS 4
+Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
+\fB+noedns\fR
+clears the remembered EDNS version.
+.RE
+.PP
+\fB+[no]multiline\fR
+.RS 4
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
+\fBdig\fR
+output.
+.RE
+.PP
+\fB+[no]fail\fR
+.RS 4
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+.RE
+.PP
+\fB+[no]besteffort\fR
+.RS 4
+Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
+.RE
+.PP
+\fB+[no]dnssec\fR
+.RS 4
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
+.RE
+.PP
+\fB+[no]sigchase\fR
+.RS 4
+Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
+.RE
+.PP
+\fB+trusted\-key=####\fR
+.RS 4
+Specifies a file containing trusted keys to be used with
+\fB+sigchase\fR. Each DNSKEY record must be on its own line.
+.sp
+If not specified
+\fBdig\fR
+will look for
+\fI/etc/trusted\-key.key\fR
+then
+\fItrusted\-key.key\fR
+in the current directory.
+.sp
+Requires dig be compiled with \-DDIG_SIGCHASE.
+.RE
+.PP
+\fB+[no]topdown\fR
+.RS 4
+When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
+.RE
+.PP
+\fB+[no]nsid\fR
+.RS 4
+Include an EDNS name server ID request when sending a query.
+.RE
+.SH "MULTIPLE QUERIES"
+.PP
+The BIND 9 implementation of
+\fBdig \fR
+supports specifying multiple queries on the command line (in addition to supporting the
+\fB\-f\fR
+batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
+.PP
+In this case, each
+\fIquery\fR
+argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
+.PP
+A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
+\fB+[no]cmd\fR
+option) can be overridden by a query\-specific set of query options. For example:
+.sp
+.RS 4
+.nf
+dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
+.fi
+.RE
+.sp
+shows how
+\fBdig\fR
+could be used from the command line to make three lookups: an ANY query for
+www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
+isc.org. A global query option of
+\fI+qr\fR
+is applied, so that
+\fBdig\fR
+shows the initial query it made for each lookup. The final query has a local query option of
+\fI+noqr\fR
+which means that
+\fBdig\fR
+will not print the initial query when it looks up the NS records for
+isc.org.
+.SH "IDN SUPPORT"
+.PP
+If
+\fBdig\fR
+has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
+\fBdig\fR
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
+\fBIDN_DISABLE\fR
+environment variable. The IDN support is disabled if the variable is set when
+\fBdig\fR
+runs.
+.SH "FILES"
+.PP
+\fI/etc/resolv.conf\fR
+.PP
+\fI${HOME}/.digrc\fR
+.SH "SEE ALSO"
+.PP
+\fBhost\fR(1),
+\fBnamed\fR(8),
+\fBdnssec\-keygen\fR(8),
+RFC1035.
+.SH "BUGS"
+.PP
+There are probably too many query options.
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
new file mode 100644
index 0000000..7f9377d
--- /dev/null
+++ b/bin/dig/dig.c
@@ -0,0 +1,1813 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dig.c,v 1.225 2008/10/28 23:47:06 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+#include <stdlib.h>
+#include <time.h>
+#include <ctype.h>
+
+#include <isc/app.h>
+#include <isc/netaddr.h>
+#include <isc/parseint.h>
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/util.h>
+#include <isc/task.h>
+
+#include <dns/byaddr.h>
+#include <dns/fixedname.h>
+#include <dns/masterdump.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataset.h>
+#include <dns/rdatatype.h>
+#include <dns/rdataclass.h>
+#include <dns/result.h>
+#include <dns/tsig.h>
+
+#include <bind9/getaddresses.h>
+
+#include <dig/dig.h>
+
+#define ADD_STRING(b, s) { \
+ if (strlen(s) >= isc_buffer_availablelength(b)) \
+ return (ISC_R_NOSPACE); \
+ else \
+ isc_buffer_putstr(b, s); \
+}
+
+#define DIG_MAX_ADDRESSES 20
+
+dig_lookup_t *default_lookup = NULL;
+
+static char *batchname = NULL;
+static FILE *batchfp = NULL;
+static char *argv0;
+static int addresscount = 0;
+
+static char domainopt[DNS_NAME_MAXTEXT];
+
+static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
+ ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
+ multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE;
+
+/*% opcode text */
+static const char * const opcodetext[] = {
+ "QUERY",
+ "IQUERY",
+ "STATUS",
+ "RESERVED3",
+ "NOTIFY",
+ "UPDATE",
+ "RESERVED6",
+ "RESERVED7",
+ "RESERVED8",
+ "RESERVED9",
+ "RESERVED10",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15"
+};
+
+/*% return code text */
+static const char * const rcodetext[] = {
+ "NOERROR",
+ "FORMERR",
+ "SERVFAIL",
+ "NXDOMAIN",
+ "NOTIMP",
+ "REFUSED",
+ "YXDOMAIN",
+ "YXRRSET",
+ "NXRRSET",
+ "NOTAUTH",
+ "NOTZONE",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15",
+ "BADVERS"
+};
+
+/*% print usage */
+static void
+print_usage(FILE *fp) {
+ fputs(
+"Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}\n"
+" {global-d-opt} host [@local-server] {local-d-opt}\n"
+" [ host [@local-server] {local-d-opt} [...]]\n", fp);
+}
+
+static void
+usage(void) {
+ print_usage(stderr);
+ fputs("\nUse \"dig -h\" (or \"dig -h | more\") "
+ "for complete list of options\n", stderr);
+ exit(1);
+}
+
+/*% version */
+static void
+version(void) {
+ fputs("DiG " VERSION "\n", stderr);
+}
+
+/*% help */
+static void
+help(void) {
+ print_usage(stdout);
+ fputs(
+"Where: domain is in the Domain Name System\n"
+" q-class is one of (in,hs,ch,...) [default: in]\n"
+" q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n"
+" (Use ixfr=version for type ixfr)\n"
+" q-opt is one of:\n"
+" -x dot-notation (shortcut for reverse lookups)\n"
+" -i (use IP6.INT for IPv6 reverse lookups)\n"
+" -f filename (batch mode)\n"
+" -b address[#port] (bind to source address/port)\n"
+" -p port (specify port number)\n"
+" -q name (specify query name)\n"
+" -t type (specify query type)\n"
+" -c class (specify query class)\n"
+" -k keyfile (specify tsig key file)\n"
+" -y [hmac:]name:key (specify named base64 tsig key)\n"
+" -4 (use IPv4 query transport only)\n"
+" -6 (use IPv6 query transport only)\n"
+" -m (enable memory usage debugging)\n"
+" d-opt is of the form +keyword[=value], where keyword is:\n"
+" +[no]vc (TCP mode)\n"
+" +[no]tcp (TCP mode, alternate syntax)\n"
+" +time=### (Set query timeout) [5]\n"
+" +tries=### (Set number of UDP attempts) [3]\n"
+" +retry=### (Set number of UDP retries) [2]\n"
+" +domain=### (Set default domainname)\n"
+" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
+" +ndots=### (Set NDOTS value)\n"
+" +edns=### (Set EDNS version)\n"
+" +[no]search (Set whether to use searchlist)\n"
+" +[no]showsearch (Search with intermediate results)\n"
+" +[no]defname (Ditto)\n"
+" +[no]recurse (Recursive mode)\n"
+" +[no]ignore (Don't revert to TCP for TC responses.)"
+"\n"
+" +[no]fail (Don't try next server on SERVFAIL)\n"
+" +[no]besteffort (Try to parse even illegal messages)\n"
+" +[no]aaonly (Set AA flag in query (+[no]aaflag))\n"
+" +[no]adflag (Set AD flag in query)\n"
+" +[no]cdflag (Set CD flag in query)\n"
+" +[no]cl (Control display of class in records)\n"
+" +[no]cmd (Control display of command line)\n"
+" +[no]comments (Control display of comment lines)\n"
+" +[no]question (Control display of question)\n"
+" +[no]answer (Control display of answer)\n"
+" +[no]authority (Control display of authority)\n"
+" +[no]additional (Control display of additional)\n"
+" +[no]stats (Control display of statistics)\n"
+" +[no]short (Disable everything except short\n"
+" form of answer)\n"
+" +[no]ttlid (Control display of ttls in records)\n"
+" +[no]all (Set or clear all display flags)\n"
+" +[no]qr (Print question before sending)\n"
+" +[no]nssearch (Search all authoritative nameservers)\n"
+" +[no]identify (ID responders in short answers)\n"
+" +[no]trace (Trace delegation down from root)\n"
+" +[no]dnssec (Request DNSSEC records)\n"
+" +[no]nsid (Request Name Server ID)\n"
+#ifdef DIG_SIGCHASE
+" +[no]sigchase (Chase DNSSEC signatures)\n"
+" +trusted-key=#### (Trusted Key when chasing DNSSEC sigs)\n"
+#if DIG_SIGCHASE_TD
+" +[no]topdown (Do DNSSEC validation top down mode)\n"
+#endif
+#endif
+" +[no]multiline (Print records in an expanded format)\n"
+" global d-opts and servers (before host name) affect all queries.\n"
+" local d-opts and servers (after host name) affect only that lookup.\n"
+" -h (print help and exit)\n"
+" -v (print version and exit)\n",
+ stdout);
+}
+
+/*%
+ * Callback from dighost.c to print the received message.
+ */
+void
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+ isc_uint64_t diff;
+ isc_time_t now;
+ time_t tnow;
+ char fromtext[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(from, fromtext, sizeof(fromtext));
+
+ TIME_NOW(&now);
+
+ if (query->lookup->stats && !short_form) {
+ diff = isc_time_microdiff(&now, &query->time_sent);
+ printf(";; Query time: %ld msec\n", (long int)diff/1000);
+ printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
+ time(&tnow);
+ printf(";; WHEN: %s", ctime(&tnow));
+ if (query->lookup->doing_xfr) {
+ printf(";; XFR size: %u records (messages %u, "
+ "bytes %" ISC_PRINT_QUADFORMAT "u)\n",
+ query->rr_count, query->msg_count,
+ query->byte_count);
+ } else {
+ printf(";; MSG SIZE rcvd: %u\n", bytes);
+
+ }
+ if (key != NULL) {
+ if (!validated)
+ puts(";; WARNING -- Some TSIG could not "
+ "be validated");
+ }
+ if ((key == NULL) && (keysecret[0] != 0)) {
+ puts(";; WARNING -- TSIG key was not used.");
+ }
+ puts("");
+ } else if (query->lookup->identify && !short_form) {
+ diff = isc_time_microdiff(&now, &query->time_sent);
+ printf(";; Received %" ISC_PRINT_QUADFORMAT "u bytes "
+ "from %s(%s) in %d ms\n\n",
+ query->lookup->doing_xfr ?
+ query->byte_count : (isc_uint64_t)bytes,
+ fromtext, query->servname,
+ (int)diff/1000);
+ }
+}
+
+/*
+ * Callback from dighost.c to print that it is trying a server.
+ * Not used in dig.
+ * XXX print_trying
+ */
+void
+trying(char *frm, dig_lookup_t *lookup) {
+ UNUSED(frm);
+ UNUSED(lookup);
+}
+
+/*%
+ * Internal print routine used to print short form replies.
+ */
+static isc_result_t
+say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
+ isc_result_t result;
+ isc_uint64_t diff;
+ isc_time_t now;
+ char store[sizeof("12345678901234567890")];
+
+ if (query->lookup->trace || query->lookup->ns_search_only) {
+ result = dns_rdatatype_totext(rdata->type, buf);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ ADD_STRING(buf, " ");
+ }
+ result = dns_rdata_totext(rdata, NULL, buf);
+ check_result(result, "dns_rdata_totext");
+ if (query->lookup->identify) {
+ TIME_NOW(&now);
+ diff = isc_time_microdiff(&now, &query->time_sent);
+ ADD_STRING(buf, " from server ");
+ ADD_STRING(buf, query->servname);
+ snprintf(store, 19, " in %d ms.", (int)diff/1000);
+ ADD_STRING(buf, store);
+ }
+ ADD_STRING(buf, "\n");
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * short_form message print handler. Calls above say_message()
+ */
+static isc_result_t
+short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
+ isc_buffer_t *buf, dig_query_t *query)
+{
+ dns_name_t *name;
+ dns_rdataset_t *rdataset;
+ isc_buffer_t target;
+ isc_result_t result, loopresult;
+ dns_name_t empty_name;
+ char t[4096];
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+
+ UNUSED(flags);
+
+ dns_name_init(&empty_name, NULL);
+ result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
+ if (result == ISC_R_NOMORE)
+ return (ISC_R_SUCCESS);
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (;;) {
+ name = NULL;
+ dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
+
+ isc_buffer_init(&target, t, sizeof(t));
+
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ loopresult = dns_rdataset_first(rdataset);
+ while (loopresult == ISC_R_SUCCESS) {
+ dns_rdataset_current(rdataset, &rdata);
+ result = say_message(&rdata, query,
+ buf);
+ check_result(result, "say_message");
+ loopresult = dns_rdataset_next(rdataset);
+ dns_rdata_reset(&rdata);
+ }
+ }
+ result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
+ if (result == ISC_R_NOMORE)
+ break;
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+#ifdef DIG_SIGCHASE
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+ isc_buffer_t *target)
+{
+ isc_result_t result;
+ dns_master_style_t *style = NULL;
+ unsigned int styleflags = 0;
+
+ if (rdataset == NULL || owner_name == NULL || target == NULL)
+ return(ISC_FALSE);
+
+ styleflags |= DNS_STYLEFLAG_REL_OWNER;
+ if (nottl)
+ styleflags |= DNS_STYLEFLAG_NO_TTL;
+ if (noclass)
+ styleflags |= DNS_STYLEFLAG_NO_CLASS;
+ if (multiline) {
+ styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
+ styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
+ styleflags |= DNS_STYLEFLAG_REL_DATA;
+ styleflags |= DNS_STYLEFLAG_OMIT_TTL;
+ styleflags |= DNS_STYLEFLAG_TTL;
+ styleflags |= DNS_STYLEFLAG_MULTILINE;
+ styleflags |= DNS_STYLEFLAG_COMMENT;
+ }
+ if (multiline || (nottl && noclass))
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 24, 24, 32, 80, 8, mctx);
+ else if (nottl || noclass)
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 24, 32, 40, 80, 8, mctx);
+ else
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 32, 40, 48, 80, 8, mctx);
+ check_result(result, "dns_master_stylecreate");
+
+ result = dns_master_rdatasettotext(owner_name, rdataset, style, target);
+
+ if (style != NULL)
+ dns_master_styledestroy(&style, mctx);
+
+ return(result);
+}
+#endif
+
+/*
+ * Callback from dighost.c to print the reply from a server
+ */
+isc_result_t
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
+ isc_result_t result;
+ dns_messagetextflag_t flags;
+ isc_buffer_t *buf = NULL;
+ unsigned int len = OUTPUTBUF;
+ dns_master_style_t *style = NULL;
+ unsigned int styleflags = 0;
+
+ styleflags |= DNS_STYLEFLAG_REL_OWNER;
+ if (nottl)
+ styleflags |= DNS_STYLEFLAG_NO_TTL;
+ if (noclass)
+ styleflags |= DNS_STYLEFLAG_NO_CLASS;
+ if (multiline) {
+ styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
+ styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
+ styleflags |= DNS_STYLEFLAG_REL_DATA;
+ styleflags |= DNS_STYLEFLAG_OMIT_TTL;
+ styleflags |= DNS_STYLEFLAG_TTL;
+ styleflags |= DNS_STYLEFLAG_MULTILINE;
+ styleflags |= DNS_STYLEFLAG_COMMENT;
+ }
+ if (multiline || (nottl && noclass))
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 24, 24, 32, 80, 8, mctx);
+ else if (nottl || noclass)
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 24, 32, 40, 80, 8, mctx);
+ else
+ result = dns_master_stylecreate(&style, styleflags,
+ 24, 32, 40, 48, 80, 8, mctx);
+ check_result(result, "dns_master_stylecreate");
+
+ if (query->lookup->cmdline[0] != 0) {
+ if (!short_form)
+ fputs(query->lookup->cmdline, stdout);
+ query->lookup->cmdline[0]=0;
+ }
+ debug("printmessage(%s %s %s)", headers ? "headers" : "noheaders",
+ query->lookup->comments ? "comments" : "nocomments",
+ short_form ? "short_form" : "long_form");
+
+ flags = 0;
+ if (!headers) {
+ flags |= DNS_MESSAGETEXTFLAG_NOHEADERS;
+ flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
+ }
+ if (!query->lookup->comments)
+ flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
+
+ result = ISC_R_SUCCESS;
+
+ result = isc_buffer_allocate(mctx, &buf, len);
+ check_result(result, "isc_buffer_allocate");
+
+ if (query->lookup->comments && !short_form) {
+ if (query->lookup->cmdline[0] != 0)
+ printf("; %s\n", query->lookup->cmdline);
+ if (msg == query->lookup->sendmsg)
+ printf(";; Sending:\n");
+ else
+ printf(";; Got answer:\n");
+
+ if (headers) {
+ printf(";; ->>HEADER<<- opcode: %s, status: %s, "
+ "id: %u\n",
+ opcodetext[msg->opcode], rcodetext[msg->rcode],
+ msg->id);
+ printf(";; flags:");
+ if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
+ printf(" qr");
+ if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0)
+ printf(" aa");
+ if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0)
+ printf(" tc");
+ if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0)
+ printf(" rd");
+ if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0)
+ printf(" ra");
+ if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0)
+ printf(" ad");
+ if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0)
+ printf(" cd");
+
+ printf("; QUERY: %u, ANSWER: %u, "
+ "AUTHORITY: %u, ADDITIONAL: %u\n",
+ msg->counts[DNS_SECTION_QUESTION],
+ msg->counts[DNS_SECTION_ANSWER],
+ msg->counts[DNS_SECTION_AUTHORITY],
+ msg->counts[DNS_SECTION_ADDITIONAL]);
+
+ if (msg != query->lookup->sendmsg &&
+ (msg->flags & DNS_MESSAGEFLAG_RD) != 0 &&
+ (msg->flags & DNS_MESSAGEFLAG_RA) == 0)
+ printf(";; WARNING: recursion requested "
+ "but not available\n");
+ }
+ if (msg != query->lookup->sendmsg && extrabytes != 0U)
+ printf(";; WARNING: Messages has %u extra byte%s at "
+ "end\n", extrabytes, extrabytes != 0 ? "s" : "");
+ }
+
+repopulate_buffer:
+
+ if (query->lookup->comments && headers && !short_form) {
+ result = dns_message_pseudosectiontotext(msg,
+ DNS_PSEUDOSECTION_OPT,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE) {
+buftoosmall:
+ len += OUTPUTBUF;
+ isc_buffer_free(&buf);
+ result = isc_buffer_allocate(mctx, &buf, len);
+ if (result == ISC_R_SUCCESS)
+ goto repopulate_buffer;
+ else
+ goto cleanup;
+ }
+ check_result(result,
+ "dns_message_pseudosectiontotext");
+ }
+
+ if (query->lookup->section_question && headers) {
+ if (!short_form) {
+ result = dns_message_sectiontotext(msg,
+ DNS_SECTION_QUESTION,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result, "dns_message_sectiontotext");
+ }
+ }
+ if (query->lookup->section_answer) {
+ if (!short_form) {
+ result = dns_message_sectiontotext(msg,
+ DNS_SECTION_ANSWER,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result, "dns_message_sectiontotext");
+ } else {
+ result = short_answer(msg, flags, buf, query);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result, "short_answer");
+ }
+ }
+ if (query->lookup->section_authority) {
+ if (!short_form) {
+ result = dns_message_sectiontotext(msg,
+ DNS_SECTION_AUTHORITY,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result, "dns_message_sectiontotext");
+ }
+ }
+ if (query->lookup->section_additional) {
+ if (!short_form) {
+ result = dns_message_sectiontotext(msg,
+ DNS_SECTION_ADDITIONAL,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result, "dns_message_sectiontotext");
+ /*
+ * Only print the signature on the first record.
+ */
+ if (headers) {
+ result = dns_message_pseudosectiontotext(
+ msg,
+ DNS_PSEUDOSECTION_TSIG,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result,
+ "dns_message_pseudosectiontotext");
+ result = dns_message_pseudosectiontotext(
+ msg,
+ DNS_PSEUDOSECTION_SIG0,
+ style, flags, buf);
+ if (result == ISC_R_NOSPACE)
+ goto buftoosmall;
+ check_result(result,
+ "dns_message_pseudosectiontotext");
+ }
+ }
+ }
+
+ if (headers && query->lookup->comments && !short_form)
+ printf("\n");
+
+ printf("%.*s", (int)isc_buffer_usedlength(buf),
+ (char *)isc_buffer_base(buf));
+ isc_buffer_free(&buf);
+
+cleanup:
+ if (style != NULL)
+ dns_master_styledestroy(&style, mctx);
+ return (result);
+}
+
+/*%
+ * print the greeting message when the program first starts up.
+ */
+static void
+printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
+ int i;
+ int remaining;
+ static isc_boolean_t first = ISC_TRUE;
+ char append[MXNAME];
+
+ if (printcmd) {
+ lookup->cmdline[sizeof(lookup->cmdline) - 1] = 0;
+ snprintf(lookup->cmdline, sizeof(lookup->cmdline),
+ "%s; <<>> DiG " VERSION " <<>>",
+ first?"\n":"");
+ i = 1;
+ while (i < argc) {
+ snprintf(append, sizeof(append), " %s", argv[i++]);
+ remaining = sizeof(lookup->cmdline) -
+ strlen(lookup->cmdline) - 1;
+ strncat(lookup->cmdline, append, remaining);
+ }
+ remaining = sizeof(lookup->cmdline) -
+ strlen(lookup->cmdline) - 1;
+ strncat(lookup->cmdline, "\n", remaining);
+ if (first && addresscount != 0) {
+ snprintf(append, sizeof(append),
+ "; (%d server%s found)\n",
+ addresscount,
+ addresscount > 1 ? "s" : "");
+ remaining = sizeof(lookup->cmdline) -
+ strlen(lookup->cmdline) - 1;
+ strncat(lookup->cmdline, append, remaining);
+ }
+ if (first) {
+ snprintf(append, sizeof(append),
+ ";; global options:%s%s\n",
+ short_form ? " +short" : "",
+ printcmd ? " +cmd" : "");
+ first = ISC_FALSE;
+ remaining = sizeof(lookup->cmdline) -
+ strlen(lookup->cmdline) - 1;
+ strncat(lookup->cmdline, append, remaining);
+ }
+ }
+}
+
+static isc_uint32_t
+parse_uint(char *arg, const char *desc, isc_uint32_t max) {
+ isc_result_t result;
+ isc_uint32_t tmp;
+
+ result = isc_parse_uint32(&tmp, arg, 10);
+ if (result == ISC_R_SUCCESS && tmp > max)
+ result = ISC_R_RANGE;
+ if (result != ISC_R_SUCCESS)
+ fatal("%s '%s': %s", desc, arg, isc_result_totext(result));
+ return (tmp);
+}
+
+/*%
+ * We're not using isc_commandline_parse() here since the command line
+ * syntax of dig is quite a bit different from that which can be described
+ * by that routine.
+ * XXX doc options
+ */
+
+static void
+plus_option(char *option, isc_boolean_t is_batchfile,
+ dig_lookup_t *lookup)
+{
+ char option_store[256];
+ char *cmd, *value, *ptr;
+ isc_boolean_t state = ISC_TRUE;
+#ifdef DIG_SIGCHASE
+ size_t n;
+#endif
+
+ strncpy(option_store, option, sizeof(option_store));
+ option_store[sizeof(option_store)-1]=0;
+ ptr = option_store;
+ cmd = next_token(&ptr,"=");
+ if (cmd == NULL) {
+ printf(";; Invalid option %s\n", option_store);
+ return;
+ }
+ value = ptr;
+ if (strncasecmp(cmd, "no", 2)==0) {
+ cmd += 2;
+ state = ISC_FALSE;
+ }
+
+#define FULLCHECK(A) \
+ do { \
+ size_t _l = strlen(cmd); \
+ if (_l >= sizeof(A) || strncasecmp(cmd, A, _l) != 0) \
+ goto invalid_option; \
+ } while (0)
+#define FULLCHECK2(A, B) \
+ do { \
+ size_t _l = strlen(cmd); \
+ if ((_l >= sizeof(A) || strncasecmp(cmd, A, _l) != 0) && \
+ (_l >= sizeof(B) || strncasecmp(cmd, B, _l) != 0)) \
+ goto invalid_option; \
+ } while (0)
+
+ switch (cmd[0]) {
+ case 'a':
+ switch (cmd[1]) {
+ case 'a': /* aaonly / aaflag */
+ FULLCHECK2("aaonly", "aaflag");
+ lookup->aaonly = state;
+ break;
+ case 'd':
+ switch (cmd[2]) {
+ case 'd': /* additional */
+ FULLCHECK("additional");
+ lookup->section_additional = state;
+ break;
+ case 'f': /* adflag */
+ FULLCHECK("adflag");
+ lookup->adflag = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'l': /* all */
+ FULLCHECK("all");
+ lookup->section_question = state;
+ lookup->section_authority = state;
+ lookup->section_answer = state;
+ lookup->section_additional = state;
+ lookup->comments = state;
+ lookup->stats = state;
+ printcmd = state;
+ break;
+ case 'n': /* answer */
+ FULLCHECK("answer");
+ lookup->section_answer = state;
+ break;
+ case 'u': /* authority */
+ FULLCHECK("authority");
+ lookup->section_authority = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'b':
+ switch (cmd[1]) {
+ case 'e':/* besteffort */
+ FULLCHECK("besteffort");
+ lookup->besteffort = state;
+ break;
+ case 'u':/* bufsize */
+ FULLCHECK("bufsize");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ lookup->udpsize = (isc_uint16_t) parse_uint(value,
+ "buffer size", COMMSIZE);
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'c':
+ switch (cmd[1]) {
+ case 'd':/* cdflag */
+ FULLCHECK("cdflag");
+ lookup->cdflag = state;
+ break;
+ case 'l': /* cl */
+ FULLCHECK("cl");
+ noclass = ISC_TF(!state);
+ break;
+ case 'm': /* cmd */
+ FULLCHECK("cmd");
+ printcmd = state;
+ break;
+ case 'o': /* comments */
+ FULLCHECK("comments");
+ lookup->comments = state;
+ if (lookup == default_lookup)
+ pluscomm = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'd':
+ switch (cmd[1]) {
+ case 'e': /* defname */
+ FULLCHECK("defname");
+ usesearch = state;
+ break;
+ case 'n': /* dnssec */
+ FULLCHECK("dnssec");
+ if (state && lookup->edns == -1)
+ lookup->edns = 0;
+ lookup->dnssec = state;
+ break;
+ case 'o': /* domain */
+ FULLCHECK("domain");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ strncpy(domainopt, value, sizeof(domainopt));
+ domainopt[sizeof(domainopt)-1] = '\0';
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'e':
+ FULLCHECK("edns");
+ if (!state) {
+ lookup->edns = -1;
+ break;
+ }
+ if (value == NULL)
+ goto need_value;
+ lookup->edns = (isc_int16_t) parse_uint(value, "edns", 255);
+ break;
+ case 'f': /* fail */
+ FULLCHECK("fail");
+ lookup->servfail_stops = state;
+ break;
+ case 'i':
+ switch (cmd[1]) {
+ case 'd': /* identify */
+ FULLCHECK("identify");
+ lookup->identify = state;
+ break;
+ case 'g': /* ignore */
+ default: /* Inherets default for compatibility */
+ FULLCHECK("ignore");
+ lookup->ignore = ISC_TRUE;
+ }
+ break;
+ case 'm': /* multiline */
+ FULLCHECK("multiline");
+ multiline = state;
+ break;
+ case 'n':
+ switch (cmd[1]) {
+ case 'd': /* ndots */
+ FULLCHECK("ndots");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ ndots = parse_uint(value, "ndots", MAXNDOTS);
+ break;
+ case 's':
+ switch (cmd[2]) {
+ case 'i': /* nsid */
+ FULLCHECK("nsid");
+ if (state && lookup->edns == -1)
+ lookup->edns = 0;
+ lookup->nsid = state;
+ break;
+ case 's': /* nssearch */
+ FULLCHECK("nssearch");
+ lookup->ns_search_only = state;
+ if (state) {
+ lookup->trace_root = ISC_TRUE;
+ lookup->recurse = ISC_TRUE;
+ lookup->identify = ISC_TRUE;
+ lookup->stats = ISC_FALSE;
+ lookup->comments = ISC_FALSE;
+ lookup->section_additional = ISC_FALSE;
+ lookup->section_authority = ISC_FALSE;
+ lookup->section_question = ISC_FALSE;
+ lookup->rdtype = dns_rdatatype_ns;
+ lookup->rdtypeset = ISC_TRUE;
+ short_form = ISC_TRUE;
+ }
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'q':
+ switch (cmd[1]) {
+ case 'r': /* qr */
+ FULLCHECK("qr");
+ qr = state;
+ break;
+ case 'u': /* question */
+ FULLCHECK("question");
+ lookup->section_question = state;
+ if (lookup == default_lookup)
+ plusquest = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'r':
+ switch (cmd[1]) {
+ case 'e':
+ switch (cmd[2]) {
+ case 'c': /* recurse */
+ FULLCHECK("recurse");
+ lookup->recurse = state;
+ break;
+ case 't': /* retry / retries */
+ FULLCHECK2("retry", "retries");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ lookup->retries = parse_uint(value, "retries",
+ MAXTRIES - 1);
+ lookup->retries++;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 's':
+ switch (cmd[1]) {
+ case 'e': /* search */
+ FULLCHECK("search");
+ usesearch = state;
+ break;
+ case 'h':
+ if (cmd[2] != 'o')
+ goto invalid_option;
+ switch (cmd[3]) {
+ case 'r': /* short */
+ FULLCHECK("short");
+ short_form = state;
+ if (state) {
+ printcmd = ISC_FALSE;
+ lookup->section_additional = ISC_FALSE;
+ lookup->section_answer = ISC_TRUE;
+ lookup->section_authority = ISC_FALSE;
+ lookup->section_question = ISC_FALSE;
+ lookup->comments = ISC_FALSE;
+ lookup->stats = ISC_FALSE;
+ }
+ break;
+ case 'w': /* showsearch */
+ FULLCHECK("showsearch");
+ showsearch = state;
+ usesearch = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+#ifdef DIG_SIGCHASE
+ case 'i': /* sigchase */
+ FULLCHECK("sigchase");
+ lookup->sigchase = state;
+ if (lookup->sigchase)
+ lookup->dnssec = ISC_TRUE;
+ break;
+#endif
+ case 't': /* stats */
+ FULLCHECK("stats");
+ lookup->stats = state;
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 't':
+ switch (cmd[1]) {
+ case 'c': /* tcp */
+ FULLCHECK("tcp");
+ if (!is_batchfile)
+ lookup->tcp_mode = state;
+ break;
+ case 'i': /* timeout */
+ FULLCHECK("timeout");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ timeout = parse_uint(value, "timeout", MAXTIMEOUT);
+ if (timeout == 0)
+ timeout = 1;
+ break;
+#if DIG_SIGCHASE_TD
+ case 'o': /* topdown */
+ FULLCHECK("topdown");
+ lookup->do_topdown = state;
+ break;
+#endif
+ case 'r':
+ switch (cmd[2]) {
+ case 'a': /* trace */
+ FULLCHECK("trace");
+ lookup->trace = state;
+ lookup->trace_root = state;
+ if (state) {
+ lookup->recurse = ISC_FALSE;
+ lookup->identify = ISC_TRUE;
+ lookup->comments = ISC_FALSE;
+ lookup->stats = ISC_FALSE;
+ lookup->section_additional = ISC_FALSE;
+ lookup->section_authority = ISC_TRUE;
+ lookup->section_question = ISC_FALSE;
+ }
+ break;
+ case 'i': /* tries */
+ FULLCHECK("tries");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ lookup->retries = parse_uint(value, "tries",
+ MAXTRIES);
+ if (lookup->retries == 0)
+ lookup->retries = 1;
+ break;
+#ifdef DIG_SIGCHASE
+ case 'u': /* trusted-key */
+ FULLCHECK("trusted-key");
+ if (value == NULL)
+ goto need_value;
+ if (!state)
+ goto invalid_option;
+ n = strlcpy(trustedkey, ptr,
+ sizeof(trustedkey));
+ if (n >= sizeof(trustedkey))
+ fatal("trusted key too large");
+ break;
+#endif
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 't': /* ttlid */
+ FULLCHECK("ttlid");
+ nottl = ISC_TF(!state);
+ break;
+ default:
+ goto invalid_option;
+ }
+ break;
+ case 'v':
+ FULLCHECK("vc");
+ if (!is_batchfile)
+ lookup->tcp_mode = state;
+ break;
+ default:
+ invalid_option:
+ need_value:
+ fprintf(stderr, "Invalid option: +%s\n",
+ option);
+ usage();
+ }
+ return;
+}
+
+/*%
+ * #ISC_TRUE returned if value was used
+ */
+static const char *single_dash_opts = "46dhimnv";
+static const char *dash_opts = "46bcdfhikmnptvyx";
+static isc_boolean_t
+dash_option(char *option, char *next, dig_lookup_t **lookup,
+ isc_boolean_t *open_type_class, isc_boolean_t *need_clone,
+ isc_boolean_t config_only, int argc, char **argv,
+ isc_boolean_t *firstarg)
+{
+ char opt, *value, *ptr, *ptr2, *ptr3;
+ isc_result_t result;
+ isc_boolean_t value_from_next;
+ isc_textregion_t tr;
+ dns_rdatatype_t rdtype;
+ dns_rdataclass_t rdclass;
+ char textname[MXNAME];
+ struct in_addr in4;
+ struct in6_addr in6;
+ in_port_t srcport;
+ char *hash, *cmd;
+
+ while (strpbrk(option, single_dash_opts) == &option[0]) {
+ /*
+ * Since the -[46dhimnv] options do not take an argument,
+ * account for them (in any number and/or combination)
+ * if they appear as the first character(s) of a q-opt.
+ */
+ opt = option[0];
+ switch (opt) {
+ case '4':
+ if (have_ipv4) {
+ isc_net_disableipv6();
+ have_ipv6 = ISC_FALSE;
+ } else {
+ fatal("can't find IPv4 networking");
+ return (ISC_FALSE);
+ }
+ break;
+ case '6':
+ if (have_ipv6) {
+ isc_net_disableipv4();
+ have_ipv4 = ISC_FALSE;
+ } else {
+ fatal("can't find IPv6 networking");
+ return (ISC_FALSE);
+ }
+ break;
+ case 'd':
+ ptr = strpbrk(&option[1], dash_opts);
+ if (ptr != &option[1]) {
+ cmd = option;
+ FULLCHECK("debug");
+ debugging = ISC_TRUE;
+ return (ISC_FALSE);
+ } else
+ debugging = ISC_TRUE;
+ break;
+ case 'h':
+ help();
+ exit(0);
+ break;
+ case 'i':
+ ip6_int = ISC_TRUE;
+ break;
+ case 'm': /* memdebug */
+ /* memdebug is handled in preparse_args() */
+ break;
+ case 'n':
+ /* deprecated */
+ break;
+ case 'v':
+ version();
+ exit(0);
+ break;
+ }
+ if (strlen(option) > 1U)
+ option = &option[1];
+ else
+ return (ISC_FALSE);
+ }
+ opt = option[0];
+ if (strlen(option) > 1U) {
+ value_from_next = ISC_FALSE;
+ value = &option[1];
+ } else {
+ value_from_next = ISC_TRUE;
+ value = next;
+ }
+ if (value == NULL)
+ goto invalid_option;
+ switch (opt) {
+ case 'b':
+ hash = strchr(value, '#');
+ if (hash != NULL) {
+ srcport = (in_port_t)
+ parse_uint(hash + 1,
+ "port number", MAXPORT);
+ *hash = '\0';
+ } else
+ srcport = 0;
+ if (have_ipv6 && inet_pton(AF_INET6, value, &in6) == 1) {
+ isc_sockaddr_fromin6(&bind_address, &in6, srcport);
+ isc_net_disableipv4();
+ } else if (have_ipv4 && inet_pton(AF_INET, value, &in4) == 1) {
+ isc_sockaddr_fromin(&bind_address, &in4, srcport);
+ isc_net_disableipv6();
+ } else {
+ if (hash != NULL)
+ *hash = '#';
+ fatal("invalid address %s", value);
+ }
+ if (hash != NULL)
+ *hash = '#';
+ specified_source = ISC_TRUE;
+ return (value_from_next);
+ case 'c':
+ if ((*lookup)->rdclassset) {
+ fprintf(stderr, ";; Warning, extra class option\n");
+ }
+ *open_type_class = ISC_FALSE;
+ tr.base = value;
+ tr.length = strlen(value);
+ result = dns_rdataclass_fromtext(&rdclass,
+ (isc_textregion_t *)&tr);
+ if (result == ISC_R_SUCCESS) {
+ (*lookup)->rdclass = rdclass;
+ (*lookup)->rdclassset = ISC_TRUE;
+ } else
+ fprintf(stderr, ";; Warning, ignoring "
+ "invalid class %s\n",
+ value);
+ return (value_from_next);
+ case 'f':
+ batchname = value;
+ return (value_from_next);
+ case 'k':
+ strncpy(keyfile, value, sizeof(keyfile));
+ keyfile[sizeof(keyfile)-1]=0;
+ return (value_from_next);
+ case 'p':
+ port = (in_port_t) parse_uint(value, "port number", MAXPORT);
+ return (value_from_next);
+ case 'q':
+ if (!config_only) {
+ if (*need_clone)
+ (*lookup) = clone_lookup(default_lookup,
+ ISC_TRUE);
+ *need_clone = ISC_TRUE;
+ strncpy((*lookup)->textname, value,
+ sizeof((*lookup)->textname));
+ (*lookup)->textname[sizeof((*lookup)->textname)-1]=0;
+ (*lookup)->trace_root = ISC_TF((*lookup)->trace ||
+ (*lookup)->ns_search_only);
+ (*lookup)->new_search = ISC_TRUE;
+ if (*firstarg) {
+ printgreeting(argc, argv, *lookup);
+ *firstarg = ISC_FALSE;
+ }
+ ISC_LIST_APPEND(lookup_list, (*lookup), link);
+ debug("looking up %s", (*lookup)->textname);
+ }
+ return (value_from_next);
+ case 't':
+ *open_type_class = ISC_FALSE;
+ if (strncasecmp(value, "ixfr=", 5) == 0) {
+ rdtype = dns_rdatatype_ixfr;
+ result = ISC_R_SUCCESS;
+ } else {
+ tr.base = value;
+ tr.length = strlen(value);
+ result = dns_rdatatype_fromtext(&rdtype,
+ (isc_textregion_t *)&tr);
+ if (result == ISC_R_SUCCESS &&
+ rdtype == dns_rdatatype_ixfr) {
+ result = DNS_R_UNKNOWN;
+ }
+ }
+ if (result == ISC_R_SUCCESS) {
+ if ((*lookup)->rdtypeset) {
+ fprintf(stderr, ";; Warning, "
+ "extra type option\n");
+ }
+ if (rdtype == dns_rdatatype_ixfr) {
+ (*lookup)->rdtype = dns_rdatatype_ixfr;
+ (*lookup)->rdtypeset = ISC_TRUE;
+ (*lookup)->ixfr_serial =
+ parse_uint(&value[5], "serial number",
+ MAXSERIAL);
+ (*lookup)->section_question = plusquest;
+ (*lookup)->comments = pluscomm;
+ (*lookup)->tcp_mode = ISC_TRUE;
+ } else {
+ (*lookup)->rdtype = rdtype;
+ (*lookup)->rdtypeset = ISC_TRUE;
+ if (rdtype == dns_rdatatype_axfr) {
+ (*lookup)->section_question = plusquest;
+ (*lookup)->comments = pluscomm;
+ }
+ (*lookup)->ixfr_serial = ISC_FALSE;
+ }
+ } else
+ fprintf(stderr, ";; Warning, ignoring "
+ "invalid type %s\n",
+ value);
+ return (value_from_next);
+ case 'y':
+ ptr = next_token(&value,":"); /* hmac type or name */
+ if (ptr == NULL) {
+ usage();
+ }
+ ptr2 = next_token(&value, ":"); /* name or secret */
+ if (ptr2 == NULL)
+ usage();
+ ptr3 = next_token(&value,":"); /* secret or NULL */
+ if (ptr3 != NULL) {
+ if (strcasecmp(ptr, "hmac-md5") == 0) {
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(ptr, "hmac-md5-", 9) == 0) {
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ digestbits = parse_uint(&ptr[9],
+ "digest-bits [0..128]",
+ 128);
+ digestbits = (digestbits + 7) & ~0x7U;
+ } else if (strcasecmp(ptr, "hmac-sha1") == 0) {
+ hmacname = DNS_TSIG_HMACSHA1_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(ptr, "hmac-sha1-", 10) == 0) {
+ hmacname = DNS_TSIG_HMACSHA1_NAME;
+ digestbits = parse_uint(&ptr[10],
+ "digest-bits [0..160]",
+ 160);
+ digestbits = (digestbits + 7) & ~0x7U;
+ } else if (strcasecmp(ptr, "hmac-sha224") == 0) {
+ hmacname = DNS_TSIG_HMACSHA224_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(ptr, "hmac-sha224-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA224_NAME;
+ digestbits = parse_uint(&ptr[12],
+ "digest-bits [0..224]",
+ 224);
+ digestbits = (digestbits + 7) & ~0x7U;
+ } else if (strcasecmp(ptr, "hmac-sha256") == 0) {
+ hmacname = DNS_TSIG_HMACSHA256_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(ptr, "hmac-sha256-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA256_NAME;
+ digestbits = parse_uint(&ptr[12],
+ "digest-bits [0..256]",
+ 256);
+ digestbits = (digestbits + 7) & ~0x7U;
+ } else if (strcasecmp(ptr, "hmac-sha384") == 0) {
+ hmacname = DNS_TSIG_HMACSHA384_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(ptr, "hmac-sha384-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA384_NAME;
+ digestbits = parse_uint(&ptr[12],
+ "digest-bits [0..384]",
+ 384);
+ digestbits = (digestbits + 7) & ~0x7U;
+ } else if (strcasecmp(ptr, "hmac-sha512") == 0) {
+ hmacname = DNS_TSIG_HMACSHA512_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(ptr, "hmac-sha512-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA512_NAME;
+ digestbits = parse_uint(&ptr[12],
+ "digest-bits [0..512]",
+ 512);
+ digestbits = (digestbits + 7) & ~0x7U;
+ } else {
+ fprintf(stderr, ";; Warning, ignoring "
+ "invalid TSIG algorithm %s\n", ptr);
+ return (value_from_next);
+ }
+ ptr = ptr2;
+ ptr2 = ptr3;
+ } else {
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ digestbits = 0;
+ }
+ strncpy(keynametext, ptr, sizeof(keynametext));
+ keynametext[sizeof(keynametext)-1]=0;
+ strncpy(keysecret, ptr2, sizeof(keysecret));
+ keysecret[sizeof(keysecret)-1]=0;
+ return (value_from_next);
+ case 'x':
+ if (*need_clone)
+ *lookup = clone_lookup(default_lookup, ISC_TRUE);
+ *need_clone = ISC_TRUE;
+ if (get_reverse(textname, sizeof(textname), value,
+ ip6_int, ISC_FALSE) == ISC_R_SUCCESS) {
+ strncpy((*lookup)->textname, textname,
+ sizeof((*lookup)->textname));
+ debug("looking up %s", (*lookup)->textname);
+ (*lookup)->trace_root = ISC_TF((*lookup)->trace ||
+ (*lookup)->ns_search_only);
+ (*lookup)->ip6_int = ip6_int;
+ if (!(*lookup)->rdtypeset)
+ (*lookup)->rdtype = dns_rdatatype_ptr;
+ if (!(*lookup)->rdclassset)
+ (*lookup)->rdclass = dns_rdataclass_in;
+ (*lookup)->new_search = ISC_TRUE;
+ if (*firstarg) {
+ printgreeting(argc, argv, *lookup);
+ *firstarg = ISC_FALSE;
+ }
+ ISC_LIST_APPEND(lookup_list, *lookup, link);
+ } else {
+ fprintf(stderr, "Invalid IP address %s\n", value);
+ exit(1);
+ }
+ return (value_from_next);
+ invalid_option:
+ default:
+ fprintf(stderr, "Invalid option: -%s\n", option);
+ usage();
+ }
+ return (ISC_FALSE);
+}
+
+/*%
+ * Because we may be trying to do memory allocation recording, we're going
+ * to need to parse the arguments for the -m *before* we start the main
+ * argument parsing routine.
+ *
+ * I'd prefer not to have to do this, but I am not quite sure how else to
+ * fix the problem. Argument parsing in dig involves memory allocation
+ * by its nature, so it can't be done in the main argument parser.
+ */
+static void
+preparse_args(int argc, char **argv) {
+ int rc;
+ char **rv;
+ char *option;
+
+ rc = argc;
+ rv = argv;
+ for (rc--, rv++; rc > 0; rc--, rv++) {
+ if (rv[0][0] != '-')
+ continue;
+ option = &rv[0][1];
+ while (strpbrk(option, single_dash_opts) == &option[0]) {
+ if (option[0] == 'm') {
+ memdebugging = ISC_TRUE;
+ isc_mem_debugging = ISC_MEM_DEBUGTRACE |
+ ISC_MEM_DEBUGRECORD;
+ return;
+ }
+ option = &option[1];
+ }
+ }
+}
+
+static void
+getaddresses(dig_lookup_t *lookup, const char *host) {
+ isc_result_t result;
+ isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
+ isc_netaddr_t netaddr;
+ int count, i;
+ dig_server_t *srv;
+ char tmp[ISC_NETADDR_FORMATSIZE];
+
+ result = bind9_getaddresses(host, 0, sockaddrs,
+ DIG_MAX_ADDRESSES, &count);
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+
+ for (i = 0; i < count; i++) {
+ isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+ isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+ srv = make_server(tmp, host);
+ ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+ }
+ addresscount = count;
+}
+
+static void
+parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
+ int argc, char **argv) {
+ isc_result_t result;
+ isc_textregion_t tr;
+ isc_boolean_t firstarg = ISC_TRUE;
+ dig_lookup_t *lookup = NULL;
+ dns_rdatatype_t rdtype;
+ dns_rdataclass_t rdclass;
+ isc_boolean_t open_type_class = ISC_TRUE;
+ char batchline[MXNAME];
+ int bargc;
+ char *bargv[64];
+ int rc;
+ char **rv;
+#ifndef NOPOSIX
+ char *homedir;
+ char rcfile[256];
+#endif
+ char *input;
+ int i;
+ isc_boolean_t need_clone = ISC_TRUE;
+
+ /*
+ * The semantics for parsing the args is a bit complex; if
+ * we don't have a host yet, make the arg apply globally,
+ * otherwise make it apply to the latest host. This is
+ * a bit different than the previous versions, but should
+ * form a consistent user interface.
+ *
+ * First, create a "default lookup" which won't actually be used
+ * anywhere, except for cloning into new lookups
+ */
+
+ debug("parse_args()");
+ if (!is_batchfile) {
+ debug("making new lookup");
+ default_lookup = make_empty_lookup();
+
+#ifndef NOPOSIX
+ /*
+ * Treat ${HOME}/.digrc as a special batchfile
+ */
+ INSIST(batchfp == NULL);
+ homedir = getenv("HOME");
+ if (homedir != NULL) {
+ unsigned int n;
+ n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc",
+ homedir);
+ if (n < sizeof(rcfile))
+ batchfp = fopen(rcfile, "r");
+ }
+ if (batchfp != NULL) {
+ while (fgets(batchline, sizeof(batchline),
+ batchfp) != 0) {
+ debug("config line %s", batchline);
+ bargc = 1;
+ input = batchline;
+ bargv[bargc] = next_token(&input, " \t\r\n");
+ while ((bargv[bargc] != NULL) &&
+ (bargc < 62)) {
+ bargc++;
+ bargv[bargc] =
+ next_token(&input, " \t\r\n");
+ }
+
+ bargv[0] = argv[0];
+ argv0 = argv[0];
+
+ for(i = 0; i < bargc; i++)
+ debug(".digrc argv %d: %s",
+ i, bargv[i]);
+ parse_args(ISC_TRUE, ISC_TRUE, bargc,
+ (char **)bargv);
+ }
+ fclose(batchfp);
+ }
+#endif
+ }
+
+ if (is_batchfile && !config_only) {
+ /* Processing '-f batchfile'. */
+ lookup = clone_lookup(default_lookup, ISC_TRUE);
+ need_clone = ISC_FALSE;
+ } else
+ lookup = default_lookup;
+
+ rc = argc;
+ rv = argv;
+ for (rc--, rv++; rc > 0; rc--, rv++) {
+ debug("main parsing %s", rv[0]);
+ if (strncmp(rv[0], "%", 1) == 0)
+ break;
+ if (strncmp(rv[0], "@", 1) == 0) {
+ getaddresses(lookup, &rv[0][1]);
+ } else if (rv[0][0] == '+') {
+ plus_option(&rv[0][1], is_batchfile,
+ lookup);
+ } else if (rv[0][0] == '-') {
+ if (rc <= 1) {
+ if (dash_option(&rv[0][1], NULL,
+ &lookup, &open_type_class,
+ &need_clone, config_only,
+ argc, argv, &firstarg)) {
+ rc--;
+ rv++;
+ }
+ } else {
+ if (dash_option(&rv[0][1], rv[1],
+ &lookup, &open_type_class,
+ &need_clone, config_only,
+ argc, argv, &firstarg)) {
+ rc--;
+ rv++;
+ }
+ }
+ } else {
+ /*
+ * Anything which isn't an option
+ */
+ if (open_type_class) {
+ if (strncasecmp(rv[0], "ixfr=", 5) == 0) {
+ rdtype = dns_rdatatype_ixfr;
+ result = ISC_R_SUCCESS;
+ } else {
+ tr.base = rv[0];
+ tr.length = strlen(rv[0]);
+ result = dns_rdatatype_fromtext(&rdtype,
+ (isc_textregion_t *)&tr);
+ if (result == ISC_R_SUCCESS &&
+ rdtype == dns_rdatatype_ixfr) {
+ result = DNS_R_UNKNOWN;
+ fprintf(stderr, ";; Warning, "
+ "ixfr requires a "
+ "serial number\n");
+ continue;
+ }
+ }
+ if (result == ISC_R_SUCCESS) {
+ if (lookup->rdtypeset) {
+ fprintf(stderr, ";; Warning, "
+ "extra type option\n");
+ }
+ if (rdtype == dns_rdatatype_ixfr) {
+ lookup->rdtype =
+ dns_rdatatype_ixfr;
+ lookup->rdtypeset = ISC_TRUE;
+ lookup->ixfr_serial =
+ parse_uint(&rv[0][5],
+ "serial number",
+ MAXSERIAL);
+ lookup->section_question =
+ plusquest;
+ lookup->comments = pluscomm;
+ lookup->tcp_mode = ISC_TRUE;
+ } else {
+ lookup->rdtype = rdtype;
+ lookup->rdtypeset = ISC_TRUE;
+ if (rdtype ==
+ dns_rdatatype_axfr) {
+ lookup->section_question =
+ plusquest;
+ lookup->comments = pluscomm;
+ }
+ lookup->ixfr_serial = ISC_FALSE;
+ }
+ continue;
+ }
+ result = dns_rdataclass_fromtext(&rdclass,
+ (isc_textregion_t *)&tr);
+ if (result == ISC_R_SUCCESS) {
+ if (lookup->rdclassset) {
+ fprintf(stderr, ";; Warning, "
+ "extra class option\n");
+ }
+ lookup->rdclass = rdclass;
+ lookup->rdclassset = ISC_TRUE;
+ continue;
+ }
+ }
+
+ if (!config_only) {
+ if (need_clone)
+ lookup = clone_lookup(default_lookup,
+ ISC_TRUE);
+ need_clone = ISC_TRUE;
+ strncpy(lookup->textname, rv[0],
+ sizeof(lookup->textname));
+ lookup->textname[sizeof(lookup->textname)-1]=0;
+ lookup->trace_root = ISC_TF(lookup->trace ||
+ lookup->ns_search_only);
+ lookup->new_search = ISC_TRUE;
+ if (firstarg) {
+ printgreeting(argc, argv, lookup);
+ firstarg = ISC_FALSE;
+ }
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ debug("looking up %s", lookup->textname);
+ }
+ /* XXX Error message */
+ }
+ }
+
+ /*
+ * If we have a batchfile, seed the lookup list with the
+ * first entry, then trust the callback in dighost_shutdown
+ * to get the rest
+ */
+ if ((batchname != NULL) && !(is_batchfile)) {
+ if (strcmp(batchname, "-") == 0)
+ batchfp = stdin;
+ else
+ batchfp = fopen(batchname, "r");
+ if (batchfp == NULL) {
+ perror(batchname);
+ if (exitcode < 8)
+ exitcode = 8;
+ fatal("couldn't open specified batch file");
+ }
+ /* XXX Remove code dup from shutdown code */
+ next_line:
+ if (fgets(batchline, sizeof(batchline), batchfp) != 0) {
+ bargc = 1;
+ debug("batch line %s", batchline);
+ if (batchline[0] == '\r' || batchline[0] == '\n'
+ || batchline[0] == '#' || batchline[0] == ';')
+ goto next_line;
+ input = batchline;
+ bargv[bargc] = next_token(&input, " \t\r\n");
+ while ((bargv[bargc] != NULL) && (bargc < 14)) {
+ bargc++;
+ bargv[bargc] = next_token(&input, " \t\r\n");
+ }
+
+ bargv[0] = argv[0];
+ argv0 = argv[0];
+
+ for(i = 0; i < bargc; i++)
+ debug("batch argv %d: %s", i, bargv[i]);
+ parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
+ return;
+ }
+ return;
+ }
+ /*
+ * If no lookup specified, search for root
+ */
+ if ((lookup_list.head == NULL) && !config_only) {
+ if (need_clone)
+ lookup = clone_lookup(default_lookup, ISC_TRUE);
+ need_clone = ISC_TRUE;
+ lookup->trace_root = ISC_TF(lookup->trace ||
+ lookup->ns_search_only);
+ lookup->new_search = ISC_TRUE;
+ strcpy(lookup->textname, ".");
+ lookup->rdtype = dns_rdatatype_ns;
+ lookup->rdtypeset = ISC_TRUE;
+ if (firstarg) {
+ printgreeting(argc, argv, lookup);
+ firstarg = ISC_FALSE;
+ }
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ }
+ if (!need_clone)
+ destroy_lookup(lookup);
+}
+
+/*
+ * Callback from dighost.c to allow program-specific shutdown code.
+ * Here, we're possibly reading from a batch file, then shutting down
+ * for real if there's nothing in the batch file to read.
+ */
+void
+dighost_shutdown(void) {
+ char batchline[MXNAME];
+ int bargc;
+ char *bargv[16];
+ char *input;
+ int i;
+
+ if (batchname == NULL) {
+ isc_app_shutdown();
+ return;
+ }
+
+ fflush(stdout);
+ if (feof(batchfp)) {
+ batchname = NULL;
+ isc_app_shutdown();
+ if (batchfp != stdin)
+ fclose(batchfp);
+ return;
+ }
+
+ if (fgets(batchline, sizeof(batchline), batchfp) != 0) {
+ debug("batch line %s", batchline);
+ bargc = 1;
+ input = batchline;
+ bargv[bargc] = next_token(&input, " \t\r\n");
+ while ((bargv[bargc] != NULL) && (bargc < 14)) {
+ bargc++;
+ bargv[bargc] = next_token(&input, " \t\r\n");
+ }
+
+ bargv[0] = argv0;
+
+ for(i = 0; i < bargc; i++)
+ debug("batch argv %d: %s", i, bargv[i]);
+ parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
+ start_lookup();
+ } else {
+ batchname = NULL;
+ if (batchfp != stdin)
+ fclose(batchfp);
+ isc_app_shutdown();
+ return;
+ }
+}
+
+/*% Main processing routine for dig */
+int
+main(int argc, char **argv) {
+ isc_result_t result;
+
+ ISC_LIST_INIT(lookup_list);
+ ISC_LIST_INIT(server_list);
+ ISC_LIST_INIT(search_list);
+
+ debug("main()");
+ preparse_args(argc, argv);
+ progname = argv[0];
+ result = isc_app_start();
+ check_result(result, "isc_app_start");
+ setup_libs();
+ parse_args(ISC_FALSE, ISC_FALSE, argc, argv);
+ setup_system();
+ if (domainopt[0] != '\0') {
+ set_search_domain(domainopt);
+ usesearch = ISC_TRUE;
+ }
+ result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
+ check_result(result, "isc_app_onrun");
+ isc_app_run();
+ destroy_lookup(default_lookup);
+ if (batchname != NULL) {
+ if (batchfp != stdin)
+ fclose(batchfp);
+ batchname = NULL;
+ }
+#ifdef DIG_SIGCHASE
+ clean_trustedkey();
+#endif
+ cancel_all();
+ destroy_libs();
+ isc_app_finish();
+ return (exitcode);
+}
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
new file mode 100644
index 0000000..af26d70
--- /dev/null
+++ b/bin/dig/dig.docbook
@@ -0,0 +1,952 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dig.docbook,v 1.42 2008/10/13 21:18:56 jreed Exp $ -->
+<refentry id="man.dig">
+
+ <refentryinfo>
+ <date>Jun 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>dig</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>dig</refname>
+ <refpurpose>DNS lookup utility</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>dig</command>
+ <arg choice="opt">@server</arg>
+ <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg><option>-m</option></arg>
+ <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
+ <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
+ <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
+ <arg><option>-4</option></arg>
+ <arg><option>-6</option></arg>
+ <arg choice="opt">name</arg>
+ <arg choice="opt">type</arg>
+ <arg choice="opt">class</arg>
+ <arg choice="opt" rep="repeat">queryopt</arg>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>dig</command>
+ <arg><option>-h</option></arg>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>dig</command>
+ <arg choice="opt" rep="repeat">global-queryopt</arg>
+ <arg choice="opt" rep="repeat">query</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>dig</command>
+ (domain information groper) is a flexible tool
+ for interrogating DNS name servers. It performs DNS lookups and
+ displays the answers that are returned from the name server(s) that
+ were queried. Most DNS administrators use <command>dig</command> to
+ troubleshoot DNS problems because of its flexibility, ease of use and
+ clarity of output. Other lookup tools tend to have less functionality
+ than <command>dig</command>.
+ </para>
+
+ <para>
+ Although <command>dig</command> is normally used with
+ command-line
+ arguments, it also has a batch mode of operation for reading lookup
+ requests from a file. A brief summary of its command-line arguments
+ and options is printed when the <option>-h</option> option is given.
+ Unlike earlier versions, the BIND 9 implementation of
+ <command>dig</command> allows multiple lookups to be issued
+ from the
+ command line.
+ </para>
+
+ <para>
+ Unless it is told to query a specific name server,
+ <command>dig</command> will try each of the servers listed
+ in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+
+ <para>
+ When no command line arguments or options are given,
+ <command>dig</command> will perform an NS query for "." (the root).
+ </para>
+
+ <para>
+ It is possible to set per-user defaults for <command>dig</command> via
+ <filename>${HOME}/.digrc</filename>. This file is read and
+ any options in it
+ are applied before the command line arguments.
+ </para>
+
+ <para>
+ The IN and CH class names overlap with the IN and CH top level
+ domains names. Either use the <option>-t</option> and
+ <option>-c</option> options to specify the type and class,
+ use the <option>-q</option> the specify the domain name, or
+ use "IN." and "CH." when looking up these top level domains.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>SIMPLE USAGE</title>
+
+ <para>
+ A typical invocation of <command>dig</command> looks like:
+ <programlisting> dig @server name type </programlisting>
+ where:
+
+ <variablelist>
+
+ <varlistentry>
+ <term><constant>server</constant></term>
+ <listitem>
+ <para>
+ is the name or IP address of the name server to query. This can
+ be an IPv4
+ address in dotted-decimal notation or an IPv6
+ address in colon-delimited notation. When the supplied
+ <parameter>server</parameter> argument is a
+ hostname,
+ <command>dig</command> resolves that name before
+ querying that name
+ server. If no <parameter>server</parameter>
+ argument is provided,
+ <command>dig</command> consults <filename>/etc/resolv.conf</filename>
+ and queries the name servers listed there. The reply from the
+ name
+ server that responds is displayed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>name</constant></term>
+ <listitem>
+ <para>
+ is the name of the resource record that is to be looked up.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>type</constant></term>
+ <listitem>
+ <para>
+ indicates what type of query is required &mdash;
+ ANY, A, MX, SIG, etc.
+ <parameter>type</parameter> can be any valid query
+ type. If no
+ <parameter>type</parameter> argument is supplied,
+ <command>dig</command> will perform a lookup for an
+ A record.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <para>
+ The <option>-b</option> option sets the source IP address of the query
+ to <parameter>address</parameter>. This must be a valid
+ address on
+ one of the host's network interfaces or "0.0.0.0" or "::". An optional
+ port
+ may be specified by appending "#&lt;port&gt;"
+ </para>
+
+ <para>
+ The default query class (IN for internet) is overridden by the
+ <option>-c</option> option. <parameter>class</parameter> is
+ any valid
+ class, such as HS for Hesiod records or CH for Chaosnet records.
+ </para>
+
+ <para>
+ The <option>-f</option> option makes <command>dig </command>
+ operate
+ in batch mode by reading a list of lookup requests to process from the
+ file <parameter>filename</parameter>. The file contains a
+ number of
+ queries, one per line. Each entry in the file should be organized in
+ the same way they would be presented as queries to
+ <command>dig</command> using the command-line interface.
+ </para>
+
+ <para>
+ The <option>-m</option> option enables memory usage debugging.
+ <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
+ documented in include/isc/mem.h -->
+ </para>
+
+ <para>
+ If a non-standard port number is to be queried, the
+ <option>-p</option> option is used. <parameter>port#</parameter> is
+ the port number that <command>dig</command> will send its
+ queries
+ instead of the standard DNS port number 53. This option would be used
+ to test a name server that has been configured to listen for queries
+ on a non-standard port number.
+ </para>
+
+ <para>
+ The <option>-4</option> option forces <command>dig</command>
+ to only
+ use IPv4 query transport. The <option>-6</option> option forces
+ <command>dig</command> to only use IPv6 query transport.
+ </para>
+
+ <para>
+ The <option>-t</option> option sets the query type to
+ <parameter>type</parameter>. It can be any valid query type
+ which is
+ supported in BIND 9. The default query type is "A", unless the
+ <option>-x</option> option is supplied to indicate a reverse lookup.
+ A zone transfer can be requested by specifying a type of AXFR. When
+ an incremental zone transfer (IXFR) is required,
+ <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
+ The incremental zone transfer will contain the changes made to the zone
+ since the serial number in the zone's SOA record was
+ <parameter>N</parameter>.
+ </para>
+
+ <para>
+ The <option>-q</option> option sets the query name to
+ <parameter>name</parameter>. This useful do distinguish the
+ <parameter>name</parameter> from other arguments.
+ </para>
+
+ <para>
+ Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
+ <option>-x</option> option. <parameter>addr</parameter> is
+ an IPv4
+ address in dotted-decimal notation, or a colon-delimited IPv6 address.
+ When this option is used, there is no need to provide the
+ <parameter>name</parameter>, <parameter>class</parameter> and
+ <parameter>type</parameter> arguments. <command>dig</command>
+ automatically performs a lookup for a name like
+ <literal>11.12.13.10.in-addr.arpa</literal> and sets the
+ query type and
+ class to PTR and IN respectively. By default, IPv6 addresses are
+ looked up using nibble format under the IP6.ARPA domain.
+ To use the older RFC1886 method using the IP6.INT domain
+ specify the <option>-i</option> option. Bit string labels (RFC2874)
+ are now experimental and are not attempted.
+ </para>
+
+ <para>
+ To sign the DNS queries sent by <command>dig</command> and
+ their
+ responses using transaction signatures (TSIG), specify a TSIG key file
+ using the <option>-k</option> option. You can also specify the TSIG
+ key itself on the command line using the <option>-y</option> option;
+ <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
+ <parameter>name</parameter> is the name of the TSIG key and
+ <parameter>key</parameter> is the actual key. The key is a
+ base-64
+ encoded string, typically generated by
+ <citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+
+ Caution should be taken when using the <option>-y</option> option on
+ multi-user systems as the key can be visible in the output from
+ <citerefentry>
+ <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ or in the shell's history file. When
+ using TSIG authentication with <command>dig</command>, the name
+ server that is queried needs to know the key and algorithm that is
+ being used. In BIND, this is done by providing appropriate
+ <command>key</command> and <command>server</command> statements in
+ <filename>named.conf</filename>.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>QUERY OPTIONS</title>
+
+ <para><command>dig</command>
+ provides a number of query options which affect
+ the way in which lookups are made and the results displayed. Some of
+ these set or reset flag bits in the query header, some determine which
+ sections of the answer get printed, and others determine the timeout
+ and retry strategies.
+ </para>
+
+ <para>
+ Each query option is identified by a keyword preceded by a plus sign
+ (<literal>+</literal>). Some keywords set or reset an
+ option. These may be preceded
+ by the string <literal>no</literal> to negate the meaning of
+ that keyword. Other
+ keywords assign values to options like the timeout interval. They
+ have the form <option>+keyword=value</option>.
+ The query options are:
+
+ <variablelist>
+
+ <varlistentry>
+ <term><option>+[no]tcp</option></term>
+ <listitem>
+ <para>
+ Use [do not use] TCP when querying name servers. The default
+ behavior is to use UDP unless an AXFR or IXFR query is
+ requested, in
+ which case a TCP connection is used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]vc</option></term>
+ <listitem>
+ <para>
+ Use [do not use] TCP when querying name servers. This alternate
+ syntax to <parameter>+[no]tcp</parameter> is
+ provided for backwards
+ compatibility. The "vc" stands for "virtual circuit".
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]ignore</option></term>
+ <listitem>
+ <para>
+ Ignore truncation in UDP responses instead of retrying with TCP.
+ By
+ default, TCP retries are performed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+domain=somename</option></term>
+ <listitem>
+ <para>
+ Set the search list to contain the single domain
+ <parameter>somename</parameter>, as if specified in
+ a
+ <command>domain</command> directive in
+ <filename>/etc/resolv.conf</filename>, and enable
+ search list
+ processing as if the <parameter>+search</parameter>
+ option were given.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]search</option></term>
+ <listitem>
+ <para>
+ Use [do not use] the search list defined by the searchlist or
+ domain
+ directive in <filename>resolv.conf</filename> (if
+ any).
+ The search list is not used by default.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]showsearch</option></term>
+ <listitem>
+ <para>
+ Perform [do not perform] a search showing intermediate
+ results.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]defname</option></term>
+ <listitem>
+ <para>
+ Deprecated, treated as a synonym for <parameter>+[no]search</parameter>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]aaonly</option></term>
+ <listitem>
+ <para>
+ Sets the "aa" flag in the query.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]aaflag</option></term>
+ <listitem>
+ <para>
+ A synonym for <parameter>+[no]aaonly</parameter>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]adflag</option></term>
+ <listitem>
+ <para>
+ Set [do not set] the AD (authentic data) bit in the query. The
+ AD bit
+ currently has a standard meaning only in responses, not in
+ queries,
+ but the ability to set the bit in the query is provided for
+ completeness.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]cdflag</option></term>
+ <listitem>
+ <para>
+ Set [do not set] the CD (checking disabled) bit in the query.
+ This
+ requests the server to not perform DNSSEC validation of
+ responses.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]cl</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the CLASS when printing the record.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]ttlid</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the TTL when printing the record.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]recurse</option></term>
+ <listitem>
+ <para>
+ Toggle the setting of the RD (recursion desired) bit in the
+ query.
+ This bit is set by default, which means <command>dig</command>
+ normally sends recursive queries. Recursion is automatically
+ disabled
+ when the <parameter>+nssearch</parameter> or
+ <parameter>+trace</parameter> query options are
+ used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]nssearch</option></term>
+ <listitem>
+ <para>
+ When this option is set, <command>dig</command>
+ attempts to find the
+ authoritative name servers for the zone containing the name
+ being
+ looked up and display the SOA record that each name server has
+ for the
+ zone.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]trace</option></term>
+ <listitem>
+ <para>
+ Toggle tracing of the delegation path from the root name servers
+ for
+ the name being looked up. Tracing is disabled by default. When
+ tracing is enabled, <command>dig</command> makes
+ iterative queries to
+ resolve the name being looked up. It will follow referrals from
+ the
+ root servers, showing the answer from each server that was used
+ to
+ resolve the lookup.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]cmd</option></term>
+ <listitem>
+ <para>
+ Toggles the printing of the initial comment in the output
+ identifying
+ the version of <command>dig</command> and the query
+ options that have
+ been applied. This comment is printed by default.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]short</option></term>
+ <listitem>
+ <para>
+ Provide a terse answer. The default is to print the answer in a
+ verbose form.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]identify</option></term>
+ <listitem>
+ <para>
+ Show [or do not show] the IP address and port number that
+ supplied the
+ answer when the <parameter>+short</parameter> option
+ is enabled. If
+ short form answers are requested, the default is not to show the
+ source address and port number of the server that provided the
+ answer.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]comments</option></term>
+ <listitem>
+ <para>
+ Toggle the display of comment lines in the output. The default
+ is to
+ print comments.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]stats</option></term>
+ <listitem>
+ <para>
+ This query option toggles the printing of statistics: when the
+ query
+ was made, the size of the reply and so on. The default
+ behavior is
+ to print the query statistics.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]qr</option></term>
+ <listitem>
+ <para>
+ Print [do not print] the query as it is sent.
+ By default, the query is not printed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]question</option></term>
+ <listitem>
+ <para>
+ Print [do not print] the question section of a query when an
+ answer is
+ returned. The default is to print the question section as a
+ comment.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]answer</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the answer section of a reply. The
+ default
+ is to display it.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]authority</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the authority section of a reply. The
+ default is to display it.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]additional</option></term>
+ <listitem>
+ <para>
+ Display [do not display] the additional section of a reply.
+ The default is to display it.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]all</option></term>
+ <listitem>
+ <para>
+ Set or clear all display flags.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+time=T</option></term>
+ <listitem>
+ <para>
+
+ Sets the timeout for a query to
+ <parameter>T</parameter> seconds. The default
+ timeout is 5 seconds.
+ An attempt to set <parameter>T</parameter> to less
+ than 1 will result
+ in a query timeout of 1 second being applied.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+tries=T</option></term>
+ <listitem>
+ <para>
+ Sets the number of times to try UDP queries to server to
+ <parameter>T</parameter> instead of the default, 3.
+ If
+ <parameter>T</parameter> is less than or equal to
+ zero, the number of
+ tries is silently rounded up to 1.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+retry=T</option></term>
+ <listitem>
+ <para>
+ Sets the number of times to retry UDP queries to server to
+ <parameter>T</parameter> instead of the default, 2.
+ Unlike
+ <parameter>+tries</parameter>, this does not include
+ the initial
+ query.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+ndots=D</option></term>
+ <listitem>
+ <para>
+ Set the number of dots that have to appear in
+ <parameter>name</parameter> to <parameter>D</parameter> for it to be
+ considered absolute. The default value is that defined using
+ the
+ ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no
+ ndots statement is present. Names with fewer dots are
+ interpreted as
+ relative names and will be searched for in the domains listed in
+ the
+ <option>search</option> or <option>domain</option> directive in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+bufsize=B</option></term>
+ <listitem>
+ <para>
+ Set the UDP message buffer size advertised using EDNS0 to
+ <parameter>B</parameter> bytes. The maximum and minimum sizes
+ of this buffer are 65535 and 0 respectively. Values outside
+ this range are rounded up or down appropriately.
+ Values other than zero will cause a EDNS query to be sent.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+edns=#</option></term>
+ <listitem>
+ <para>
+ Specify the EDNS version to query with. Valid values
+ are 0 to 255. Setting the EDNS version will cause a
+ EDNS query to be sent. <option>+noedns</option> clears the
+ remembered EDNS version.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]multiline</option></term>
+ <listitem>
+ <para>
+ Print records like the SOA records in a verbose multi-line
+ format with human-readable comments. The default is to print
+ each record on a single line, to facilitate machine parsing
+ of the <command>dig</command> output.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]fail</option></term>
+ <listitem>
+ <para>
+ Do not try the next server if you receive a SERVFAIL. The
+ default is
+ to not try the next server which is the reverse of normal stub
+ resolver
+ behavior.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]besteffort</option></term>
+ <listitem>
+ <para>
+ Attempt to display the contents of messages which are malformed.
+ The default is to not display malformed answers.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]dnssec</option></term>
+ <listitem>
+ <para>
+ Requests DNSSEC records be sent by setting the DNSSEC OK bit
+ (DO)
+ in the OPT record in the additional section of the query.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]sigchase</option></term>
+ <listitem>
+ <para>
+ Chase DNSSEC signature chains. Requires dig be compiled with
+ -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+trusted-key=####</option></term>
+ <listitem>
+ <para>
+ Specifies a file containing trusted keys to be used with
+ <option>+sigchase</option>. Each DNSKEY record must be
+ on its own line.
+ </para>
+ <para>
+ If not specified <command>dig</command> will look for
+ <filename>/etc/trusted-key.key</filename> then
+ <filename>trusted-key.key</filename> in the current directory.
+ </para>
+ <para>
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]topdown</option></term>
+ <listitem>
+ <para>
+ When chasing DNSSEC signature chains perform a top-down
+ validation.
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>+[no]nsid</option></term>
+ <listitem>
+ <para>
+ Include an EDNS name server ID request when sending a query.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ </variablelist>
+
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>MULTIPLE QUERIES</title>
+
+ <para>
+ The BIND 9 implementation of <command>dig </command>
+ supports
+ specifying multiple queries on the command line (in addition to
+ supporting the <option>-f</option> batch file option). Each of those
+ queries can be supplied with its own set of flags, options and query
+ options.
+ </para>
+
+ <para>
+ In this case, each <parameter>query</parameter> argument
+ represent an
+ individual query in the command-line syntax described above. Each
+ consists of any of the standard options and flags, the name to be
+ looked up, an optional query type and class and any query options that
+ should be applied to that query.
+ </para>
+
+ <para>
+ A global set of query options, which should be applied to all queries,
+ can also be supplied. These global query options must precede the
+ first tuple of name, class, type, options, flags, and query options
+ supplied on the command line. Any global query options (except
+ the <option>+[no]cmd</option> option) can be
+ overridden by a query-specific set of query options. For example:
+ <programlisting>
+dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
+</programlisting>
+ shows how <command>dig</command> could be used from the
+ command line
+ to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
+ reverse lookup of 127.0.0.1 and a query for the NS records of
+ <literal>isc.org</literal>.
+
+ A global query option of <parameter>+qr</parameter> is
+ applied, so
+ that <command>dig</command> shows the initial query it made
+ for each
+ lookup. The final query has a local query option of
+ <parameter>+noqr</parameter> which means that <command>dig</command>
+ will not print the initial query when it looks up the NS records for
+ <literal>isc.org</literal>.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>IDN SUPPORT</title>
+ <para>
+ If <command>dig</command> has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ <command>dig</command> appropriately converts character encoding of
+ domain name before sending a request to DNS server or displaying a
+ reply from the server.
+ If you'd like to turn off the IDN support for some reason, defines
+ the <envar>IDN_DISABLE</envar> environment variable.
+ The IDN support is disabled if the variable is set when
+ <command>dig</command> runs.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+ <para><filename>/etc/resolv.conf</filename>
+ </para>
+ <para><filename>${HOME}/.digrc</filename>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>RFC1035</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ There are probably too many query options.
+ </para>
+ </refsect1>
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
new file mode 100644
index 0000000..7c79c6e
--- /dev/null
+++ b/bin/dig/dig.html
@@ -0,0 +1,637 @@
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: dig.html,v 1.45 2008/10/14 01:11:35 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dig</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.dig"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>dig &#8212; DNS lookup utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543515"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">dig</strong></span>
+ (domain information groper) is a flexible tool
+ for interrogating DNS name servers. It performs DNS lookups and
+ displays the answers that are returned from the name server(s) that
+ were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
+ troubleshoot DNS problems because of its flexibility, ease of use and
+ clarity of output. Other lookup tools tend to have less functionality
+ than <span><strong class="command">dig</strong></span>.
+ </p>
+<p>
+ Although <span><strong class="command">dig</strong></span> is normally used with
+ command-line
+ arguments, it also has a batch mode of operation for reading lookup
+ requests from a file. A brief summary of its command-line arguments
+ and options is printed when the <code class="option">-h</code> option is given.
+ Unlike earlier versions, the BIND 9 implementation of
+ <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
+ from the
+ command line.
+ </p>
+<p>
+ Unless it is told to query a specific name server,
+ <span><strong class="command">dig</strong></span> will try each of the servers listed
+ in
+ <code class="filename">/etc/resolv.conf</code>.
+ </p>
+<p>
+ When no command line arguments or options are given,
+ <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
+ </p>
+<p>
+ It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
+ <code class="filename">${HOME}/.digrc</code>. This file is read and
+ any options in it
+ are applied before the command line arguments.
+ </p>
+<p>
+ The IN and CH class names overlap with the IN and CH top level
+ domains names. Either use the <code class="option">-t</code> and
+ <code class="option">-c</code> options to specify the type and class,
+ use the <code class="option">-q</code> the specify the domain name, or
+ use "IN." and "CH." when looking up these top level domains.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543589"></a><h2>SIMPLE USAGE</h2>
+<p>
+ A typical invocation of <span><strong class="command">dig</strong></span> looks like:
+ </p>
+<pre class="programlisting"> dig @server name type </pre>
+<p>
+ where:
+
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">server</code></span></dt>
+<dd><p>
+ is the name or IP address of the name server to query. This can
+ be an IPv4
+ address in dotted-decimal notation or an IPv6
+ address in colon-delimited notation. When the supplied
+ <em class="parameter"><code>server</code></em> argument is a
+ hostname,
+ <span><strong class="command">dig</strong></span> resolves that name before
+ querying that name
+ server. If no <em class="parameter"><code>server</code></em>
+ argument is provided,
+ <span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
+ and queries the name servers listed there. The reply from the
+ name
+ server that responds is displayed.
+ </p></dd>
+<dt><span class="term"><code class="constant">name</code></span></dt>
+<dd><p>
+ is the name of the resource record that is to be looked up.
+ </p></dd>
+<dt><span class="term"><code class="constant">type</code></span></dt>
+<dd><p>
+ indicates what type of query is required &#8212;
+ ANY, A, MX, SIG, etc.
+ <em class="parameter"><code>type</code></em> can be any valid query
+ type. If no
+ <em class="parameter"><code>type</code></em> argument is supplied,
+ <span><strong class="command">dig</strong></span> will perform a lookup for an
+ A record.
+ </p></dd>
+</dl></div>
+<p>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543680"></a><h2>OPTIONS</h2>
+<p>
+ The <code class="option">-b</code> option sets the source IP address of the query
+ to <em class="parameter"><code>address</code></em>. This must be a valid
+ address on
+ one of the host's network interfaces or "0.0.0.0" or "::". An optional
+ port
+ may be specified by appending "#&lt;port&gt;"
+ </p>
+<p>
+ The default query class (IN for internet) is overridden by the
+ <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is
+ any valid
+ class, such as HS for Hesiod records or CH for Chaosnet records.
+ </p>
+<p>
+ The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
+ operate
+ in batch mode by reading a list of lookup requests to process from the
+ file <em class="parameter"><code>filename</code></em>. The file contains a
+ number of
+ queries, one per line. Each entry in the file should be organized in
+ the same way they would be presented as queries to
+ <span><strong class="command">dig</strong></span> using the command-line interface.
+ </p>
+<p>
+ The <code class="option">-m</code> option enables memory usage debugging.
+
+ </p>
+<p>
+ If a non-standard port number is to be queried, the
+ <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
+ the port number that <span><strong class="command">dig</strong></span> will send its
+ queries
+ instead of the standard DNS port number 53. This option would be used
+ to test a name server that has been configured to listen for queries
+ on a non-standard port number.
+ </p>
+<p>
+ The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
+ to only
+ use IPv4 query transport. The <code class="option">-6</code> option forces
+ <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
+ </p>
+<p>
+ The <code class="option">-t</code> option sets the query type to
+ <em class="parameter"><code>type</code></em>. It can be any valid query type
+ which is
+ supported in BIND 9. The default query type is "A", unless the
+ <code class="option">-x</code> option is supplied to indicate a reverse lookup.
+ A zone transfer can be requested by specifying a type of AXFR. When
+ an incremental zone transfer (IXFR) is required,
+ <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
+ The incremental zone transfer will contain the changes made to the zone
+ since the serial number in the zone's SOA record was
+ <em class="parameter"><code>N</code></em>.
+ </p>
+<p>
+ The <code class="option">-q</code> option sets the query name to
+ <em class="parameter"><code>name</code></em>. This useful do distinguish the
+ <em class="parameter"><code>name</code></em> from other arguments.
+ </p>
+<p>
+ Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
+ <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
+ an IPv4
+ address in dotted-decimal notation, or a colon-delimited IPv6 address.
+ When this option is used, there is no need to provide the
+ <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
+ <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
+ automatically performs a lookup for a name like
+ <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
+ query type and
+ class to PTR and IN respectively. By default, IPv6 addresses are
+ looked up using nibble format under the IP6.ARPA domain.
+ To use the older RFC1886 method using the IP6.INT domain
+ specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
+ are now experimental and are not attempted.
+ </p>
+<p>
+ To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
+ their
+ responses using transaction signatures (TSIG), specify a TSIG key file
+ using the <code class="option">-k</code> option. You can also specify the TSIG
+ key itself on the command line using the <code class="option">-y</code> option;
+ <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
+ <em class="parameter"><code>name</code></em> is the name of the TSIG key and
+ <em class="parameter"><code>key</code></em> is the actual key. The key is a
+ base-64
+ encoded string, typically generated by
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
+
+ Caution should be taken when using the <code class="option">-y</code> option on
+ multi-user systems as the key can be visible in the output from
+ <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
+ or in the shell's history file. When
+ using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
+ server that is queried needs to know the key and algorithm that is
+ being used. In BIND, this is done by providing appropriate
+ <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
+ <code class="filename">named.conf</code>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544028"></a><h2>QUERY OPTIONS</h2>
+<p><span><strong class="command">dig</strong></span>
+ provides a number of query options which affect
+ the way in which lookups are made and the results displayed. Some of
+ these set or reset flag bits in the query header, some determine which
+ sections of the answer get printed, and others determine the timeout
+ and retry strategies.
+ </p>
+<p>
+ Each query option is identified by a keyword preceded by a plus sign
+ (<code class="literal">+</code>). Some keywords set or reset an
+ option. These may be preceded
+ by the string <code class="literal">no</code> to negate the meaning of
+ that keyword. Other
+ keywords assign values to options like the timeout interval. They
+ have the form <code class="option">+keyword=value</code>.
+ The query options are:
+
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
+<dd><p>
+ Use [do not use] TCP when querying name servers. The default
+ behavior is to use UDP unless an AXFR or IXFR query is
+ requested, in
+ which case a TCP connection is used.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
+<dd><p>
+ Use [do not use] TCP when querying name servers. This alternate
+ syntax to <em class="parameter"><code>+[no]tcp</code></em> is
+ provided for backwards
+ compatibility. The "vc" stands for "virtual circuit".
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
+<dd><p>
+ Ignore truncation in UDP responses instead of retrying with TCP.
+ By
+ default, TCP retries are performed.
+ </p></dd>
+<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
+<dd><p>
+ Set the search list to contain the single domain
+ <em class="parameter"><code>somename</code></em>, as if specified in
+ a
+ <span><strong class="command">domain</strong></span> directive in
+ <code class="filename">/etc/resolv.conf</code>, and enable
+ search list
+ processing as if the <em class="parameter"><code>+search</code></em>
+ option were given.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]search</code></span></dt>
+<dd><p>
+ Use [do not use] the search list defined by the searchlist or
+ domain
+ directive in <code class="filename">resolv.conf</code> (if
+ any).
+ The search list is not used by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
+<dd><p>
+ Perform [do not perform] a search showing intermediate
+ results.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
+<dd><p>
+ Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
+<dd><p>
+ Sets the "aa" flag in the query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
+<dd><p>
+ A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
+<dd><p>
+ Set [do not set] the AD (authentic data) bit in the query. The
+ AD bit
+ currently has a standard meaning only in responses, not in
+ queries,
+ but the ability to set the bit in the query is provided for
+ completeness.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
+<dd><p>
+ Set [do not set] the CD (checking disabled) bit in the query.
+ This
+ requests the server to not perform DNSSEC validation of
+ responses.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
+<dd><p>
+ Display [do not display] the CLASS when printing the record.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
+<dd><p>
+ Display [do not display] the TTL when printing the record.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
+<dd><p>
+ Toggle the setting of the RD (recursion desired) bit in the
+ query.
+ This bit is set by default, which means <span><strong class="command">dig</strong></span>
+ normally sends recursive queries. Recursion is automatically
+ disabled
+ when the <em class="parameter"><code>+nssearch</code></em> or
+ <em class="parameter"><code>+trace</code></em> query options are
+ used.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
+<dd><p>
+ When this option is set, <span><strong class="command">dig</strong></span>
+ attempts to find the
+ authoritative name servers for the zone containing the name
+ being
+ looked up and display the SOA record that each name server has
+ for the
+ zone.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
+<dd><p>
+ Toggle tracing of the delegation path from the root name servers
+ for
+ the name being looked up. Tracing is disabled by default. When
+ tracing is enabled, <span><strong class="command">dig</strong></span> makes
+ iterative queries to
+ resolve the name being looked up. It will follow referrals from
+ the
+ root servers, showing the answer from each server that was used
+ to
+ resolve the lookup.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
+<dd><p>
+ Toggles the printing of the initial comment in the output
+ identifying
+ the version of <span><strong class="command">dig</strong></span> and the query
+ options that have
+ been applied. This comment is printed by default.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]short</code></span></dt>
+<dd><p>
+ Provide a terse answer. The default is to print the answer in a
+ verbose form.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
+<dd><p>
+ Show [or do not show] the IP address and port number that
+ supplied the
+ answer when the <em class="parameter"><code>+short</code></em> option
+ is enabled. If
+ short form answers are requested, the default is not to show the
+ source address and port number of the server that provided the
+ answer.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
+<dd><p>
+ Toggle the display of comment lines in the output. The default
+ is to
+ print comments.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
+<dd><p>
+ This query option toggles the printing of statistics: when the
+ query
+ was made, the size of the reply and so on. The default
+ behavior is
+ to print the query statistics.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
+<dd><p>
+ Print [do not print] the query as it is sent.
+ By default, the query is not printed.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]question</code></span></dt>
+<dd><p>
+ Print [do not print] the question section of a query when an
+ answer is
+ returned. The default is to print the question section as a
+ comment.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
+<dd><p>
+ Display [do not display] the answer section of a reply. The
+ default
+ is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
+<dd><p>
+ Display [do not display] the authority section of a reply. The
+ default is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
+<dd><p>
+ Display [do not display] the additional section of a reply.
+ The default is to display it.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]all</code></span></dt>
+<dd><p>
+ Set or clear all display flags.
+ </p></dd>
+<dt><span class="term"><code class="option">+time=T</code></span></dt>
+<dd><p>
+
+ Sets the timeout for a query to
+ <em class="parameter"><code>T</code></em> seconds. The default
+ timeout is 5 seconds.
+ An attempt to set <em class="parameter"><code>T</code></em> to less
+ than 1 will result
+ in a query timeout of 1 second being applied.
+ </p></dd>
+<dt><span class="term"><code class="option">+tries=T</code></span></dt>
+<dd><p>
+ Sets the number of times to try UDP queries to server to
+ <em class="parameter"><code>T</code></em> instead of the default, 3.
+ If
+ <em class="parameter"><code>T</code></em> is less than or equal to
+ zero, the number of
+ tries is silently rounded up to 1.
+ </p></dd>
+<dt><span class="term"><code class="option">+retry=T</code></span></dt>
+<dd><p>
+ Sets the number of times to retry UDP queries to server to
+ <em class="parameter"><code>T</code></em> instead of the default, 2.
+ Unlike
+ <em class="parameter"><code>+tries</code></em>, this does not include
+ the initial
+ query.
+ </p></dd>
+<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
+<dd><p>
+ Set the number of dots that have to appear in
+ <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
+ considered absolute. The default value is that defined using
+ the
+ ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
+ ndots statement is present. Names with fewer dots are
+ interpreted as
+ relative names and will be searched for in the domains listed in
+ the
+ <code class="option">search</code> or <code class="option">domain</code> directive in
+ <code class="filename">/etc/resolv.conf</code>.
+ </p></dd>
+<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
+<dd><p>
+ Set the UDP message buffer size advertised using EDNS0 to
+ <em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes
+ of this buffer are 65535 and 0 respectively. Values outside
+ this range are rounded up or down appropriately.
+ Values other than zero will cause a EDNS query to be sent.
+ </p></dd>
+<dt><span class="term"><code class="option">+edns=#</code></span></dt>
+<dd><p>
+ Specify the EDNS version to query with. Valid values
+ are 0 to 255. Setting the EDNS version will cause a
+ EDNS query to be sent. <code class="option">+noedns</code> clears the
+ remembered EDNS version.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
+<dd><p>
+ Print records like the SOA records in a verbose multi-line
+ format with human-readable comments. The default is to print
+ each record on a single line, to facilitate machine parsing
+ of the <span><strong class="command">dig</strong></span> output.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
+<dd><p>
+ Do not try the next server if you receive a SERVFAIL. The
+ default is
+ to not try the next server which is the reverse of normal stub
+ resolver
+ behavior.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
+<dd><p>
+ Attempt to display the contents of messages which are malformed.
+ The default is to not display malformed answers.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
+<dd><p>
+ Requests DNSSEC records be sent by setting the DNSSEC OK bit
+ (DO)
+ in the OPT record in the additional section of the query.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
+<dd><p>
+ Chase DNSSEC signature chains. Requires dig be compiled with
+ -DDIG_SIGCHASE.
+ </p></dd>
+<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
+<dd>
+<p>
+ Specifies a file containing trusted keys to be used with
+ <code class="option">+sigchase</code>. Each DNSKEY record must be
+ on its own line.
+ </p>
+<p>
+ If not specified <span><strong class="command">dig</strong></span> will look for
+ <code class="filename">/etc/trusted-key.key</code> then
+ <code class="filename">trusted-key.key</code> in the current directory.
+ </p>
+<p>
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </p>
+</dd>
+<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
+<dd><p>
+ When chasing DNSSEC signature chains perform a top-down
+ validation.
+ Requires dig be compiled with -DDIG_SIGCHASE.
+ </p></dd>
+<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
+<dd><p>
+ Include an EDNS name server ID request when sending a query.
+ </p></dd>
+</dl></div>
+<p>
+
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545163"></a><h2>MULTIPLE QUERIES</h2>
+<p>
+ The BIND 9 implementation of <span><strong class="command">dig </strong></span>
+ supports
+ specifying multiple queries on the command line (in addition to
+ supporting the <code class="option">-f</code> batch file option). Each of those
+ queries can be supplied with its own set of flags, options and query
+ options.
+ </p>
+<p>
+ In this case, each <em class="parameter"><code>query</code></em> argument
+ represent an
+ individual query in the command-line syntax described above. Each
+ consists of any of the standard options and flags, the name to be
+ looked up, an optional query type and class and any query options that
+ should be applied to that query.
+ </p>
+<p>
+ A global set of query options, which should be applied to all queries,
+ can also be supplied. These global query options must precede the
+ first tuple of name, class, type, options, flags, and query options
+ supplied on the command line. Any global query options (except
+ the <code class="option">+[no]cmd</code> option) can be
+ overridden by a query-specific set of query options. For example:
+ </p>
+<pre class="programlisting">
+dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
+</pre>
+<p>
+ shows how <span><strong class="command">dig</strong></span> could be used from the
+ command line
+ to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
+ reverse lookup of 127.0.0.1 and a query for the NS records of
+ <code class="literal">isc.org</code>.
+
+ A global query option of <em class="parameter"><code>+qr</code></em> is
+ applied, so
+ that <span><strong class="command">dig</strong></span> shows the initial query it made
+ for each
+ lookup. The final query has a local query option of
+ <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
+ will not print the initial query when it looks up the NS records for
+ <code class="literal">isc.org</code>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545225"></a><h2>IDN SUPPORT</h2>
+<p>
+ If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ <span><strong class="command">dig</strong></span> appropriately converts character encoding of
+ domain name before sending a request to DNS server or displaying a
+ reply from the server.
+ If you'd like to turn off the IDN support for some reason, defines
+ the <code class="envar">IDN_DISABLE</code> environment variable.
+ The IDN support is disabled if the variable is set when
+ <span><strong class="command">dig</strong></span> runs.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545248"></a><h2>FILES</h2>
+<p><code class="filename">/etc/resolv.conf</code>
+ </p>
+<p><code class="filename">${HOME}/.digrc</code>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545333"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+ <em class="citetitle">RFC1035</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545370"></a><h2>BUGS</h2>
+<p>
+ There are probably too many query options.
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
new file mode 100644
index 0000000..51c24ea
--- /dev/null
+++ b/bin/dig/dighost.c
@@ -0,0 +1,5420 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dighost.c,v 1.311.70.1 2008/12/10 22:41:07 marka Exp $ */
+
+/*! \file
+ * \note
+ * Notice to programmers: Do not use this code as an example of how to
+ * use the ISC library to perform DNS lookups. Dig and Host both operate
+ * on the request level, since they allow fine-tuning of output and are
+ * intended as debugging tools. As a result, they perform many of the
+ * functions which could be better handled using the dns_resolver
+ * functions in most applications.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <limits.h>
+
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#ifdef WITH_IDN
+#include <idn/result.h>
+#include <idn/log.h>
+#include <idn/resconf.h>
+#include <idn/api.h>
+#endif
+
+#include <dns/byaddr.h>
+#ifdef DIG_SIGCHASE
+#include <dns/dnssec.h>
+#include <dns/ds.h>
+#include <dns/nsec.h>
+#include <isc/random.h>
+#include <ctype.h>
+#endif
+#include <dns/fixedname.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+#include <dns/tsig.h>
+
+#include <dst/dst.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/lang.h>
+#include <isc/netaddr.h>
+#ifdef DIG_SIGCHASE
+#include <isc/netdb.h>
+#endif
+#include <isc/print.h>
+#include <isc/random.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <lwres/lwres.h>
+#include <lwres/net.h>
+
+#include <bind9/getaddresses.h>
+
+#include <dig/dig.h>
+
+#if ! defined(NS_INADDRSZ)
+#define NS_INADDRSZ 4
+#endif
+
+#if ! defined(NS_IN6ADDRSZ)
+#define NS_IN6ADDRSZ 16
+#endif
+
+static lwres_context_t *lwctx = NULL;
+static lwres_conf_t *lwconf;
+
+dig_lookuplist_t lookup_list;
+dig_serverlist_t server_list;
+dig_searchlistlist_t search_list;
+
+isc_boolean_t
+ check_ra = ISC_FALSE,
+ have_ipv4 = ISC_FALSE,
+ have_ipv6 = ISC_FALSE,
+ specified_source = ISC_FALSE,
+ free_now = ISC_FALSE,
+ cancel_now = ISC_FALSE,
+ usesearch = ISC_FALSE,
+ showsearch = ISC_FALSE,
+ qr = ISC_FALSE,
+ is_dst_up = ISC_FALSE;
+in_port_t port = 53;
+unsigned int timeout = 0;
+unsigned int extrabytes;
+isc_mem_t *mctx = NULL;
+isc_taskmgr_t *taskmgr = NULL;
+isc_task_t *global_task = NULL;
+isc_timermgr_t *timermgr = NULL;
+isc_socketmgr_t *socketmgr = NULL;
+isc_sockaddr_t bind_address;
+isc_sockaddr_t bind_any;
+int sendcount = 0;
+int recvcount = 0;
+int sockcount = 0;
+int ndots = -1;
+int tries = 3;
+int lookup_counter = 0;
+
+#ifdef WITH_IDN
+static void initialize_idn(void);
+static isc_result_t output_filter(isc_buffer_t *buffer,
+ unsigned int used_org,
+ isc_boolean_t absolute);
+static idn_result_t append_textname(char *name, const char *origin,
+ size_t namesize);
+static void idn_check_result(idn_result_t r, const char *msg);
+
+#define MAXDLEN 256
+int idnoptions = 0;
+#endif
+
+/*%
+ * Exit Codes:
+ *
+ *\li 0 Everything went well, including things like NXDOMAIN
+ *\li 1 Usage error
+ *\li 7 Got too many RR's or Names
+ *\li 8 Couldn't open batch file
+ *\li 9 No reply from server
+ *\li 10 Internal error
+ */
+int exitcode = 0;
+int fatalexit = 0;
+char keynametext[MXNAME];
+char keyfile[MXNAME] = "";
+char keysecret[MXNAME] = "";
+dns_name_t *hmacname = NULL;
+unsigned int digestbits = 0;
+isc_buffer_t *namebuf = NULL;
+dns_tsigkey_t *key = NULL;
+isc_boolean_t validated = ISC_TRUE;
+isc_entropy_t *entp = NULL;
+isc_mempool_t *commctx = NULL;
+isc_boolean_t debugging = ISC_FALSE;
+isc_boolean_t memdebugging = ISC_FALSE;
+char *progname = NULL;
+isc_mutex_t lookup_lock;
+dig_lookup_t *current_lookup = NULL;
+
+#ifdef DIG_SIGCHASE
+
+isc_result_t get_trusted_key(isc_mem_t *mctx);
+dns_rdataset_t * sigchase_scanname(dns_rdatatype_t type,
+ dns_rdatatype_t covers,
+ isc_boolean_t *lookedup,
+ dns_name_t *rdata_name);
+dns_rdataset_t * chase_scanname_section(dns_message_t *msg,
+ dns_name_t *name,
+ dns_rdatatype_t type,
+ dns_rdatatype_t covers,
+ int section);
+isc_result_t advanced_rrsearch(dns_rdataset_t **rdataset,
+ dns_name_t *name,
+ dns_rdatatype_t type,
+ dns_rdatatype_t covers,
+ isc_boolean_t *lookedup);
+isc_result_t sigchase_verify_sig_key(dns_name_t *name,
+ dns_rdataset_t *rdataset,
+ dst_key_t* dnsseckey,
+ dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx);
+isc_result_t sigchase_verify_sig(dns_name_t *name,
+ dns_rdataset_t *rdataset,
+ dns_rdataset_t *keyrdataset,
+ dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx);
+isc_result_t sigchase_verify_ds(dns_name_t *name,
+ dns_rdataset_t *keyrdataset,
+ dns_rdataset_t *dsrdataset,
+ isc_mem_t *mctx);
+void sigchase(dns_message_t *msg);
+void print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
+void print_rdataset(dns_name_t *name,
+ dns_rdataset_t *rdataset, isc_mem_t *mctx);
+void dup_name(dns_name_t *source, dns_name_t* target,
+ isc_mem_t *mctx);
+void free_name(dns_name_t *name, isc_mem_t *mctx);
+void dump_database(void);
+void dump_database_section(dns_message_t *msg, int section);
+dns_rdataset_t * search_type(dns_name_t *name, dns_rdatatype_t type,
+ dns_rdatatype_t covers);
+isc_result_t contains_trusted_key(dns_name_t *name,
+ dns_rdataset_t *rdataset,
+ dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx);
+void print_type(dns_rdatatype_t type);
+isc_result_t prove_nx_domain(dns_message_t * msg,
+ dns_name_t * name,
+ dns_name_t * rdata_name,
+ dns_rdataset_t ** rdataset,
+ dns_rdataset_t ** sigrdataset);
+isc_result_t prove_nx_type(dns_message_t * msg, dns_name_t *name,
+ dns_rdataset_t *nsec,
+ dns_rdataclass_t class,
+ dns_rdatatype_t type,
+ dns_name_t * rdata_name,
+ dns_rdataset_t ** rdataset,
+ dns_rdataset_t ** sigrdataset);
+isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name,
+ dns_rdataclass_t class,
+ dns_rdatatype_t type,
+ dns_name_t * rdata_name,
+ dns_rdataset_t ** rdataset,
+ dns_rdataset_t ** sigrdataset);
+static void nameFromString(const char *str, dns_name_t *p_ret);
+int inf_name(dns_name_t * name1, dns_name_t * name2);
+isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
+ char **tempp, FILE **fp);
+isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
+void clean_trustedkey(void);
+void insert_trustedkey(dst_key_t * key);
+#if DIG_SIGCHASE_BU
+isc_result_t getneededrr(dns_message_t *msg);
+void sigchase_bottom_up(dns_message_t *msg);
+void sigchase_bu(dns_message_t *msg);
+#endif
+#if DIG_SIGCHASE_TD
+isc_result_t initialization(dns_name_t *name);
+isc_result_t prepare_lookup(dns_name_t *name);
+isc_result_t grandfather_pb_test(dns_name_t * zone_name,
+ dns_rdataset_t *sigrdataset);
+isc_result_t child_of_zone(dns_name_t *name,
+ dns_name_t *zone_name,
+ dns_name_t *child_name);
+void sigchase_td(dns_message_t *msg);
+#endif
+char trustedkey[MXNAME] = "";
+
+dns_rdataset_t *chase_rdataset = NULL;
+dns_rdataset_t *chase_sigrdataset = NULL;
+dns_rdataset_t *chase_dsrdataset = NULL;
+dns_rdataset_t *chase_sigdsrdataset = NULL;
+dns_rdataset_t *chase_keyrdataset = NULL;
+dns_rdataset_t *chase_sigkeyrdataset = NULL;
+dns_rdataset_t *chase_nsrdataset = NULL;
+
+dns_name_t chase_name; /* the query name */
+#if DIG_SIGCHASE_TD
+/*
+ * the current name is the parent name when we follow delegation
+ */
+dns_name_t chase_current_name;
+/*
+ * the child name is used for delegation (NS DS responses in AUTHORITY section)
+ */
+dns_name_t chase_authority_name;
+#endif
+#if DIG_SIGCHASE_BU
+dns_name_t chase_signame;
+#endif
+
+
+isc_boolean_t chase_siglookedup = ISC_FALSE;
+isc_boolean_t chase_keylookedup = ISC_FALSE;
+isc_boolean_t chase_sigkeylookedup = ISC_FALSE;
+isc_boolean_t chase_dslookedup = ISC_FALSE;
+isc_boolean_t chase_sigdslookedup = ISC_FALSE;
+#if DIG_SIGCHASE_TD
+isc_boolean_t chase_nslookedup = ISC_FALSE;
+isc_boolean_t chase_lookedup = ISC_FALSE;
+
+
+isc_boolean_t delegation_follow = ISC_FALSE;
+isc_boolean_t grandfather_pb = ISC_FALSE;
+isc_boolean_t have_response = ISC_FALSE;
+isc_boolean_t have_delegation_ns = ISC_FALSE;
+dns_message_t * error_message = NULL;
+#endif
+
+isc_boolean_t dsvalidating = ISC_FALSE;
+isc_boolean_t chase_name_dup = ISC_FALSE;
+
+ISC_LIST(dig_message_t) chase_message_list;
+ISC_LIST(dig_message_t) chase_message_list2;
+
+
+#define MAX_TRUSTED_KEY 5
+typedef struct struct_trusted_key_list {
+ dst_key_t * key[MAX_TRUSTED_KEY];
+ int nb_tk;
+} struct_tk_list;
+
+struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0};
+
+#endif
+
+#define DIG_MAX_ADDRESSES 20
+
+/*%
+ * Apply and clear locks at the event level in global task.
+ * Can I get rid of these using shutdown events? XXX
+ */
+#define LOCK_LOOKUP {\
+ debug("lock_lookup %s:%d", __FILE__, __LINE__);\
+ check_result(isc_mutex_lock((&lookup_lock)), "isc_mutex_lock");\
+ debug("success");\
+}
+#define UNLOCK_LOOKUP {\
+ debug("unlock_lookup %s:%d", __FILE__, __LINE__);\
+ check_result(isc_mutex_unlock((&lookup_lock)),\
+ "isc_mutex_unlock");\
+}
+
+static void
+cancel_lookup(dig_lookup_t *lookup);
+
+static void
+recv_done(isc_task_t *task, isc_event_t *event);
+
+static void
+send_udp(dig_query_t *query);
+
+static void
+connect_timeout(isc_task_t *task, isc_event_t *event);
+
+static void
+launch_next_query(dig_query_t *query, isc_boolean_t include_question);
+
+
+static void *
+mem_alloc(void *arg, size_t size) {
+ return (isc_mem_get(arg, size));
+}
+
+static void
+mem_free(void *arg, void *mem, size_t size) {
+ isc_mem_put(arg, mem, size);
+}
+
+char *
+next_token(char **stringp, const char *delim) {
+ char *res;
+
+ do {
+ res = strsep(stringp, delim);
+ if (res == NULL)
+ break;
+ } while (*res == '\0');
+ return (res);
+}
+
+static int
+count_dots(char *string) {
+ char *s;
+ int i = 0;
+
+ s = string;
+ while (*s != '\0') {
+ if (*s == '.')
+ i++;
+ s++;
+ }
+ return (i);
+}
+
+static void
+hex_dump(isc_buffer_t *b) {
+ unsigned int len;
+ isc_region_t r;
+
+ isc_buffer_usedregion(b, &r);
+
+ printf("%d bytes\n", r.length);
+ for (len = 0; len < r.length; len++) {
+ printf("%02x ", r.base[len]);
+ if (len % 16 == 15)
+ printf("\n");
+ }
+ if (len % 16 != 0)
+ printf("\n");
+}
+
+/*%
+ * Append 'len' bytes of 'text' at '*p', failing with
+ * ISC_R_NOSPACE if that would advance p past 'end'.
+ */
+static isc_result_t
+append(const char *text, int len, char **p, char *end) {
+ if (len > end - *p)
+ return (ISC_R_NOSPACE);
+ memcpy(*p, text, len);
+ *p += len;
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+reverse_octets(const char *in, char **p, char *end) {
+ char *dot = strchr(in, '.');
+ int len;
+ if (dot != NULL) {
+ isc_result_t result;
+ result = reverse_octets(dot + 1, p, end);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ result = append(".", 1, p, end);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ len = dot - in;
+ } else {
+ len = strlen(in);
+ }
+ return (append(in, len, p, end));
+}
+
+isc_result_t
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
+ isc_boolean_t strict)
+{
+ int r;
+ isc_result_t result;
+ isc_netaddr_t addr;
+
+ addr.family = AF_INET6;
+ r = inet_pton(AF_INET6, value, &addr.type.in6);
+ if (r > 0) {
+ /* This is a valid IPv6 address. */
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ unsigned int options = 0;
+
+ if (ip6_int)
+ options |= DNS_BYADDROPT_IPV6INT;
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ result = dns_byaddr_createptrname2(&addr, options, name);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ dns_name_format(name, reverse, len);
+ return (ISC_R_SUCCESS);
+ } else {
+ /*
+ * Not a valid IPv6 address. Assume IPv4.
+ * If 'strict' is not set, construct the
+ * in-addr.arpa name by blindly reversing
+ * octets whether or not they look like integers,
+ * so that this can be used for RFC2317 names
+ * and such.
+ */
+ char *p = reverse;
+ char *end = reverse + len;
+ if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1)
+ return (DNS_R_BADDOTTEDQUAD);
+ result = reverse_octets(value, &p, end);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ /* Append .in-addr.arpa. and a terminating NUL. */
+ result = append(".in-addr.arpa.", 15, &p, end);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ return (ISC_R_SUCCESS);
+ }
+}
+
+void
+fatal(const char *format, ...) {
+ va_list args;
+
+ fflush(stdout);
+ fprintf(stderr, "%s: ", progname);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ if (exitcode < 10)
+ exitcode = 10;
+ if (fatalexit != 0)
+ exitcode = fatalexit;
+ exit(exitcode);
+}
+
+void
+debug(const char *format, ...) {
+ va_list args;
+
+ if (debugging) {
+ fflush(stdout);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ }
+}
+
+void
+check_result(isc_result_t result, const char *msg) {
+ if (result != ISC_R_SUCCESS) {
+ fatal("%s: %s", msg, isc_result_totext(result));
+ }
+}
+
+/*%
+ * Create a server structure, which is part of the lookup structure.
+ * This is little more than a linked list of servers to query in hopes
+ * of finding the answer the user is looking for
+ */
+dig_server_t *
+make_server(const char *servname, const char *userarg) {
+ dig_server_t *srv;
+
+ REQUIRE(servname != NULL);
+
+ debug("make_server(%s)", servname);
+ srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
+ if (srv == NULL)
+ fatal("memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ strncpy(srv->servername, servname, MXNAME);
+ strncpy(srv->userarg, userarg, MXNAME);
+ srv->servername[MXNAME-1] = 0;
+ srv->userarg[MXNAME-1] = 0;
+ ISC_LINK_INIT(srv, link);
+ return (srv);
+}
+
+static int
+addr2af(int lwresaddrtype)
+{
+ int af = 0;
+
+ switch (lwresaddrtype) {
+ case LWRES_ADDRTYPE_V4:
+ af = AF_INET;
+ break;
+
+ case LWRES_ADDRTYPE_V6:
+ af = AF_INET6;
+ break;
+ }
+
+ return (af);
+}
+
+/*%
+ * Create a copy of the server list from the lwres configuration structure.
+ * The dest list must have already had ISC_LIST_INIT applied.
+ */
+static void
+copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) {
+ dig_server_t *newsrv;
+ char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+ int af;
+ int i;
+
+ debug("copy_server_list()");
+ for (i = 0; i < confdata->nsnext; i++) {
+ af = addr2af(confdata->nameservers[i].family);
+
+ lwres_net_ntop(af, confdata->nameservers[i].address,
+ tmp, sizeof(tmp));
+ newsrv = make_server(tmp, tmp);
+ ISC_LINK_INIT(newsrv, link);
+ ISC_LIST_ENQUEUE(*dest, newsrv, link);
+ }
+}
+
+void
+flush_server_list(void) {
+ dig_server_t *s, *ps;
+
+ debug("flush_server_list()");
+ s = ISC_LIST_HEAD(server_list);
+ while (s != NULL) {
+ ps = s;
+ s = ISC_LIST_NEXT(s, link);
+ ISC_LIST_DEQUEUE(server_list, ps, link);
+ isc_mem_free(mctx, ps);
+ }
+}
+
+void
+set_nameserver(char *opt) {
+ isc_result_t result;
+ isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
+ isc_netaddr_t netaddr;
+ int count, i;
+ dig_server_t *srv;
+ char tmp[ISC_NETADDR_FORMATSIZE];
+
+ if (opt == NULL)
+ return;
+
+ result = bind9_getaddresses(opt, 0, sockaddrs,
+ DIG_MAX_ADDRESSES, &count);
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ opt, isc_result_totext(result));
+
+ flush_server_list();
+
+ for (i = 0; i < count; i++) {
+ isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+ isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+ srv = make_server(tmp, opt);
+ if (srv == NULL)
+ fatal("memory allocation failure");
+ ISC_LIST_APPEND(server_list, srv, link);
+ }
+}
+
+static isc_result_t
+add_nameserver(lwres_conf_t *confdata, const char *addr, int af) {
+
+ int i = confdata->nsnext;
+
+ if (confdata->nsnext >= LWRES_CONFMAXNAMESERVERS)
+ return (ISC_R_FAILURE);
+
+ switch (af) {
+ case AF_INET:
+ confdata->nameservers[i].family = LWRES_ADDRTYPE_V4;
+ confdata->nameservers[i].length = NS_INADDRSZ;
+ break;
+ case AF_INET6:
+ confdata->nameservers[i].family = LWRES_ADDRTYPE_V6;
+ confdata->nameservers[i].length = NS_IN6ADDRSZ;
+ break;
+ default:
+ return (ISC_R_FAILURE);
+ }
+
+ if (lwres_net_pton(af, addr, &confdata->nameservers[i].address) == 1) {
+ confdata->nsnext++;
+ return (ISC_R_SUCCESS);
+ }
+ return (ISC_R_FAILURE);
+}
+
+/*%
+ * Produce a cloned server list. The dest list must have already had
+ * ISC_LIST_INIT applied.
+ */
+void
+clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) {
+ dig_server_t *srv, *newsrv;
+
+ debug("clone_server_list()");
+ srv = ISC_LIST_HEAD(src);
+ while (srv != NULL) {
+ newsrv = make_server(srv->servername, srv->userarg);
+ ISC_LINK_INIT(newsrv, link);
+ ISC_LIST_ENQUEUE(*dest, newsrv, link);
+ srv = ISC_LIST_NEXT(srv, link);
+ }
+}
+
+/*%
+ * Create an empty lookup structure, which holds all the information needed
+ * to get an answer to a user's question. This structure contains two
+ * linked lists: the server list (servers to query) and the query list
+ * (outstanding queries which have been made to the listed servers).
+ */
+dig_lookup_t *
+make_empty_lookup(void) {
+ dig_lookup_t *looknew;
+
+ debug("make_empty_lookup()");
+
+ INSIST(!free_now);
+
+ looknew = isc_mem_allocate(mctx, sizeof(struct dig_lookup));
+ if (looknew == NULL)
+ fatal("memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ looknew->pending = ISC_TRUE;
+ looknew->textname[0] = 0;
+ looknew->cmdline[0] = 0;
+ looknew->rdtype = dns_rdatatype_a;
+ looknew->qrdtype = dns_rdatatype_a;
+ looknew->rdclass = dns_rdataclass_in;
+ looknew->rdtypeset = ISC_FALSE;
+ looknew->rdclassset = ISC_FALSE;
+ looknew->sendspace = NULL;
+ looknew->sendmsg = NULL;
+ looknew->name = NULL;
+ looknew->oname = NULL;
+ looknew->timer = NULL;
+ looknew->xfr_q = NULL;
+ looknew->current_query = NULL;
+ looknew->doing_xfr = ISC_FALSE;
+ looknew->ixfr_serial = ISC_FALSE;
+ looknew->trace = ISC_FALSE;
+ looknew->trace_root = ISC_FALSE;
+ looknew->identify = ISC_FALSE;
+ looknew->identify_previous_line = ISC_FALSE;
+ looknew->ignore = ISC_FALSE;
+ looknew->servfail_stops = ISC_TRUE;
+ looknew->besteffort = ISC_TRUE;
+ looknew->dnssec = ISC_FALSE;
+ looknew->nsid = ISC_FALSE;
+#ifdef DIG_SIGCHASE
+ looknew->sigchase = ISC_FALSE;
+#if DIG_SIGCHASE_TD
+ looknew->do_topdown = ISC_FALSE;
+ looknew->trace_root_sigchase = ISC_FALSE;
+ looknew->rdtype_sigchaseset = ISC_FALSE;
+ looknew->rdtype_sigchase = dns_rdatatype_any;
+ looknew->qrdtype_sigchase = dns_rdatatype_any;
+ looknew->rdclass_sigchase = dns_rdataclass_in;
+ looknew->rdclass_sigchaseset = ISC_FALSE;
+#endif
+#endif
+ looknew->udpsize = 0;
+ looknew->edns = -1;
+ looknew->recurse = ISC_TRUE;
+ looknew->aaonly = ISC_FALSE;
+ looknew->adflag = ISC_FALSE;
+ looknew->cdflag = ISC_FALSE;
+ looknew->ns_search_only = ISC_FALSE;
+ looknew->origin = NULL;
+ looknew->tsigctx = NULL;
+ looknew->querysig = NULL;
+ looknew->retries = tries;
+ looknew->nsfound = 0;
+ looknew->tcp_mode = ISC_FALSE;
+ looknew->ip6_int = ISC_FALSE;
+ looknew->comments = ISC_TRUE;
+ looknew->stats = ISC_TRUE;
+ looknew->section_question = ISC_TRUE;
+ looknew->section_answer = ISC_TRUE;
+ looknew->section_authority = ISC_TRUE;
+ looknew->section_additional = ISC_TRUE;
+ looknew->new_search = ISC_FALSE;
+ looknew->done_as_is = ISC_FALSE;
+ looknew->need_search = ISC_FALSE;
+ ISC_LINK_INIT(looknew, link);
+ ISC_LIST_INIT(looknew->q);
+ ISC_LIST_INIT(looknew->my_server_list);
+ return (looknew);
+}
+
+/*%
+ * Clone a lookup, perhaps copying the server list. This does not clone
+ * the query list, since it will be regenerated by the setup_lookup()
+ * function, nor does it queue up the new lookup for processing.
+ * Caution: If you don't clone the servers, you MUST clone the server
+ * list seperately from somewhere else, or construct it by hand.
+ */
+dig_lookup_t *
+clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
+ dig_lookup_t *looknew;
+
+ debug("clone_lookup()");
+
+ INSIST(!free_now);
+
+ looknew = make_empty_lookup();
+ INSIST(looknew != NULL);
+ strncpy(looknew->textname, lookold->textname, MXNAME);
+#if DIG_SIGCHASE_TD
+ strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
+#endif
+ strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
+ looknew->textname[MXNAME-1] = 0;
+ looknew->rdtype = lookold->rdtype;
+ looknew->qrdtype = lookold->qrdtype;
+ looknew->rdclass = lookold->rdclass;
+ looknew->rdtypeset = lookold->rdtypeset;
+ looknew->rdclassset = lookold->rdclassset;
+ looknew->doing_xfr = lookold->doing_xfr;
+ looknew->ixfr_serial = lookold->ixfr_serial;
+ looknew->trace = lookold->trace;
+ looknew->trace_root = lookold->trace_root;
+ looknew->identify = lookold->identify;
+ looknew->identify_previous_line = lookold->identify_previous_line;
+ looknew->ignore = lookold->ignore;
+ looknew->servfail_stops = lookold->servfail_stops;
+ looknew->besteffort = lookold->besteffort;
+ looknew->dnssec = lookold->dnssec;
+ looknew->nsid = lookold->nsid;
+#ifdef DIG_SIGCHASE
+ looknew->sigchase = lookold->sigchase;
+#if DIG_SIGCHASE_TD
+ looknew->do_topdown = lookold->do_topdown;
+ looknew->trace_root_sigchase = lookold->trace_root_sigchase;
+ looknew->rdtype_sigchaseset = lookold->rdtype_sigchaseset;
+ looknew->rdtype_sigchase = lookold->rdtype_sigchase;
+ looknew->qrdtype_sigchase = lookold->qrdtype_sigchase;
+ looknew->rdclass_sigchase = lookold->rdclass_sigchase;
+ looknew->rdclass_sigchaseset = lookold->rdclass_sigchaseset;
+#endif
+#endif
+ looknew->udpsize = lookold->udpsize;
+ looknew->edns = lookold->edns;
+ looknew->recurse = lookold->recurse;
+ looknew->aaonly = lookold->aaonly;
+ looknew->adflag = lookold->adflag;
+ looknew->cdflag = lookold->cdflag;
+ looknew->ns_search_only = lookold->ns_search_only;
+ looknew->tcp_mode = lookold->tcp_mode;
+ looknew->comments = lookold->comments;
+ looknew->stats = lookold->stats;
+ looknew->section_question = lookold->section_question;
+ looknew->section_answer = lookold->section_answer;
+ looknew->section_authority = lookold->section_authority;
+ looknew->section_additional = lookold->section_additional;
+ looknew->retries = lookold->retries;
+ looknew->tsigctx = NULL;
+ looknew->need_search = lookold->need_search;
+ looknew->done_as_is = lookold->done_as_is;
+
+ if (servers)
+ clone_server_list(lookold->my_server_list,
+ &looknew->my_server_list);
+ return (looknew);
+}
+
+/*%
+ * Requeue a lookup for further processing, perhaps copying the server
+ * list. The new lookup structure is returned to the caller, and is
+ * queued for processing. If servers are not cloned in the requeue, they
+ * must be added before allowing the current event to complete, since the
+ * completion of the event may result in the next entry on the lookup
+ * queue getting run.
+ */
+dig_lookup_t *
+requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
+ dig_lookup_t *looknew;
+
+ debug("requeue_lookup()");
+
+ lookup_counter++;
+ if (lookup_counter > LOOKUP_LIMIT)
+ fatal("too many lookups");
+
+ looknew = clone_lookup(lookold, servers);
+ INSIST(looknew != NULL);
+
+ debug("before insertion, init@%p -> %p, new@%p -> %p",
+ lookold, lookold->link.next, looknew, looknew->link.next);
+ ISC_LIST_PREPEND(lookup_list, looknew, link);
+ debug("after insertion, init -> %p, new = %p, new -> %p",
+ lookold, looknew, looknew->link.next);
+ return (looknew);
+}
+
+
+static void
+setup_text_key(void) {
+ isc_result_t result;
+ dns_name_t keyname;
+ isc_buffer_t secretbuf;
+ int secretsize;
+ unsigned char *secretstore;
+
+ debug("setup_text_key()");
+ result = isc_buffer_allocate(mctx, &namebuf, MXNAME);
+ check_result(result, "isc_buffer_allocate");
+ dns_name_init(&keyname, NULL);
+ check_result(result, "dns_name_init");
+ isc_buffer_putstr(namebuf, keynametext);
+ secretsize = strlen(keysecret) * 3 / 4;
+ secretstore = isc_mem_allocate(mctx, secretsize);
+ if (secretstore == NULL)
+ fatal("memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ isc_buffer_init(&secretbuf, secretstore, secretsize);
+ result = isc_base64_decodestring(keysecret, &secretbuf);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ secretsize = isc_buffer_usedlength(&secretbuf);
+
+ result = dns_name_fromtext(&keyname, namebuf,
+ dns_rootname, ISC_FALSE,
+ namebuf);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ result = dns_tsigkey_create(&keyname, hmacname, secretstore,
+ secretsize, ISC_FALSE, NULL, 0, 0, mctx,
+ NULL, &key);
+ failure:
+ if (result != ISC_R_SUCCESS)
+ printf(";; Couldn't create key %s: %s\n",
+ keynametext, isc_result_totext(result));
+ else
+ dst_key_setbits(key->key, digestbits);
+
+ isc_mem_free(mctx, secretstore);
+ dns_name_invalidate(&keyname);
+ isc_buffer_free(&namebuf);
+}
+
+static void
+setup_file_key(void) {
+ isc_result_t result;
+ dst_key_t *dstkey = NULL;
+
+ debug("setup_file_key()");
+ result = dst_key_fromnamedfile(keyfile, DST_TYPE_PRIVATE | DST_TYPE_KEY,
+ mctx, &dstkey);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "Couldn't read key from %s: %s\n",
+ keyfile, isc_result_totext(result));
+ goto failure;
+ }
+
+ switch (dst_key_alg(dstkey)) {
+ case DST_ALG_HMACMD5:
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ break;
+ case DST_ALG_HMACSHA1:
+ hmacname = DNS_TSIG_HMACSHA1_NAME;
+ break;
+ case DST_ALG_HMACSHA224:
+ hmacname = DNS_TSIG_HMACSHA224_NAME;
+ break;
+ case DST_ALG_HMACSHA256:
+ hmacname = DNS_TSIG_HMACSHA256_NAME;
+ break;
+ case DST_ALG_HMACSHA384:
+ hmacname = DNS_TSIG_HMACSHA384_NAME;
+ break;
+ case DST_ALG_HMACSHA512:
+ hmacname = DNS_TSIG_HMACSHA512_NAME;
+ break;
+ default:
+ printf(";; Couldn't create key %s: bad algorithm\n",
+ keynametext);
+ goto failure;
+ }
+ result = dns_tsigkey_createfromkey(dst_key_name(dstkey), hmacname,
+ dstkey, ISC_FALSE, NULL, 0, 0,
+ mctx, NULL, &key);
+ if (result != ISC_R_SUCCESS) {
+ printf(";; Couldn't create key %s: %s\n",
+ keynametext, isc_result_totext(result));
+ goto failure;
+ }
+ dstkey = NULL;
+ failure:
+ if (dstkey != NULL)
+ dst_key_free(&dstkey);
+}
+
+static dig_searchlist_t *
+make_searchlist_entry(char *domain) {
+ dig_searchlist_t *search;
+ search = isc_mem_allocate(mctx, sizeof(*search));
+ if (search == NULL)
+ fatal("memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ strncpy(search->origin, domain, MXNAME);
+ search->origin[MXNAME-1] = 0;
+ ISC_LINK_INIT(search, link);
+ return (search);
+}
+
+static void
+create_search_list(lwres_conf_t *confdata) {
+ int i;
+ dig_searchlist_t *search;
+
+ debug("create_search_list()");
+ ISC_LIST_INIT(search_list);
+
+ for (i = 0; i < confdata->searchnxt; i++) {
+ search = make_searchlist_entry(confdata->search[i]);
+ ISC_LIST_APPEND(search_list, search, link);
+ }
+}
+
+/*%
+ * Setup the system as a whole, reading key information and resolv.conf
+ * settings.
+ */
+void
+setup_system(void) {
+ dig_searchlist_t *domain = NULL;
+ lwres_result_t lwresult;
+
+ debug("setup_system()");
+
+ lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free, 1);
+ if (lwresult != LWRES_R_SUCCESS)
+ fatal("lwres_context_create failed");
+
+ lwresult = lwres_conf_parse(lwctx, RESOLV_CONF);
+ if (lwresult != LWRES_R_SUCCESS && lwresult != LWRES_R_NOTFOUND)
+ fatal("parse of %s failed", RESOLV_CONF);
+
+ lwconf = lwres_conf_get(lwctx);
+
+ /* Make the search list */
+ if (lwconf->searchnxt > 0)
+ create_search_list(lwconf);
+ else { /* No search list. Use the domain name if any */
+ if (lwconf->domainname != NULL) {
+ domain = make_searchlist_entry(lwconf->domainname);
+ ISC_LIST_INITANDAPPEND(search_list, domain, link);
+ domain = NULL;
+ }
+ }
+
+ if (ndots == -1) {
+ ndots = lwconf->ndots;
+ debug("ndots is %d.", ndots);
+ }
+
+ /* If we don't find a nameserver fall back to localhost */
+ if (lwconf->nsnext == 0) {
+ if (have_ipv4) {
+ lwresult = add_nameserver(lwconf, "127.0.0.1", AF_INET);
+ if (lwresult != ISC_R_SUCCESS)
+ fatal("add_nameserver failed");
+ }
+ if (have_ipv6) {
+ lwresult = add_nameserver(lwconf, "::1", AF_INET6);
+ if (lwresult != ISC_R_SUCCESS)
+ fatal("add_nameserver failed");
+ }
+ }
+
+ if (ISC_LIST_EMPTY(server_list))
+ copy_server_list(lwconf, &server_list);
+
+#ifdef WITH_IDN
+ initialize_idn();
+#endif
+
+ if (keyfile[0] != 0)
+ setup_file_key();
+ else if (keysecret[0] != 0)
+ setup_text_key();
+#ifdef DIG_SIGCHASE
+ /* Setup the list of messages for +sigchase */
+ ISC_LIST_INIT(chase_message_list);
+ ISC_LIST_INIT(chase_message_list2);
+ dns_name_init(&chase_name, NULL);
+#if DIG_SIGCHASE_TD
+ dns_name_init(&chase_current_name, NULL);
+ dns_name_init(&chase_authority_name, NULL);
+#endif
+#if DIG_SIGCHASE_BU
+ dns_name_init(&chase_signame, NULL);
+#endif
+
+#endif
+
+}
+
+static void
+clear_searchlist(void) {
+ dig_searchlist_t *search;
+ while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
+ ISC_LIST_UNLINK(search_list, search, link);
+ isc_mem_free(mctx, search);
+ }
+}
+
+/*%
+ * Override the search list derived from resolv.conf by 'domain'.
+ */
+void
+set_search_domain(char *domain) {
+ dig_searchlist_t *search;
+
+ clear_searchlist();
+ search = make_searchlist_entry(domain);
+ ISC_LIST_APPEND(search_list, search, link);
+}
+
+/*%
+ * Setup the ISC and DNS libraries for use by the system.
+ */
+void
+setup_libs(void) {
+ isc_result_t result;
+
+ debug("setup_libs()");
+
+ result = isc_net_probeipv4();
+ if (result == ISC_R_SUCCESS)
+ have_ipv4 = ISC_TRUE;
+
+ result = isc_net_probeipv6();
+ if (result == ISC_R_SUCCESS)
+ have_ipv6 = ISC_TRUE;
+ if (!have_ipv6 && !have_ipv4)
+ fatal("can't find either v4 or v6 networking");
+
+ result = isc_mem_create(0, 0, &mctx);
+ check_result(result, "isc_mem_create");
+
+ result = isc_taskmgr_create(mctx, 1, 0, &taskmgr);
+ check_result(result, "isc_taskmgr_create");
+
+ result = isc_task_create(taskmgr, 0, &global_task);
+ check_result(result, "isc_task_create");
+
+ result = isc_timermgr_create(mctx, &timermgr);
+ check_result(result, "isc_timermgr_create");
+
+ result = isc_socketmgr_create(mctx, &socketmgr);
+ check_result(result, "isc_socketmgr_create");
+
+ result = isc_entropy_create(mctx, &entp);
+ check_result(result, "isc_entropy_create");
+
+ result = dst_lib_init(mctx, entp, 0);
+ check_result(result, "dst_lib_init");
+ is_dst_up = ISC_TRUE;
+
+ result = isc_mempool_create(mctx, COMMSIZE, &commctx);
+ check_result(result, "isc_mempool_create");
+ isc_mempool_setname(commctx, "COMMPOOL");
+ /*
+ * 6 and 2 set as reasonable parameters for 3 or 4 nameserver
+ * systems.
+ */
+ isc_mempool_setfreemax(commctx, 6);
+ isc_mempool_setfillcount(commctx, 2);
+
+ result = isc_mutex_init(&lookup_lock);
+ check_result(result, "isc_mutex_init");
+
+ dns_result_register();
+}
+
+/*%
+ * Add EDNS0 option record to a message. Currently, the only supported
+ * options are UDP buffer size, the DO bit, and NSID request.
+ */
+static void
+add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns,
+ isc_boolean_t dnssec, isc_boolean_t nsid)
+{
+ dns_rdataset_t *rdataset = NULL;
+ dns_rdatalist_t *rdatalist = NULL;
+ dns_rdata_t *rdata = NULL;
+ isc_result_t result;
+
+ debug("add_opt()");
+ result = dns_message_gettemprdataset(msg, &rdataset);
+ check_result(result, "dns_message_gettemprdataset");
+ dns_rdataset_init(rdataset);
+ result = dns_message_gettemprdatalist(msg, &rdatalist);
+ check_result(result, "dns_message_gettemprdatalist");
+ result = dns_message_gettemprdata(msg, &rdata);
+ check_result(result, "dns_message_gettemprdata");
+
+ debug("setting udp size of %d", udpsize);
+ rdatalist->type = dns_rdatatype_opt;
+ rdatalist->covers = 0;
+ rdatalist->rdclass = udpsize;
+ rdatalist->ttl = edns << 16;
+ if (dnssec)
+ rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
+ if (nsid) {
+ unsigned char data[4];
+ isc_buffer_t buf;
+
+ isc_buffer_init(&buf, data, sizeof(data));
+ isc_buffer_putuint16(&buf, DNS_OPT_NSID);
+ isc_buffer_putuint16(&buf, 0);
+ rdata->data = data;
+ rdata->length = sizeof(data);
+ } else {
+ rdata->data = NULL;
+ rdata->length = 0;
+ }
+ ISC_LIST_INIT(rdatalist->rdata);
+ ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
+ dns_rdatalist_tordataset(rdatalist, rdataset);
+ result = dns_message_setopt(msg, rdataset);
+ check_result(result, "dns_message_setopt");
+}
+
+/*%
+ * Add a question section to a message, asking for the specified name,
+ * type, and class.
+ */
+static void
+add_question(dns_message_t *message, dns_name_t *name,
+ dns_rdataclass_t rdclass, dns_rdatatype_t rdtype)
+{
+ dns_rdataset_t *rdataset;
+ isc_result_t result;
+
+ debug("add_question()");
+ rdataset = NULL;
+ result = dns_message_gettemprdataset(message, &rdataset);
+ check_result(result, "dns_message_gettemprdataset()");
+ dns_rdataset_init(rdataset);
+ dns_rdataset_makequestion(rdataset, rdclass, rdtype);
+ ISC_LIST_APPEND(name->list, rdataset, link);
+}
+
+/*%
+ * Check if we're done with all the queued lookups, which is true iff
+ * all sockets, sends, and recvs are accounted for (counters == 0),
+ * and the lookup list is empty.
+ * If we are done, pass control back out to dighost_shutdown() (which is
+ * part of dig.c, host.c, or nslookup.c) to either shutdown the system as
+ * a whole or reseed the lookup list.
+ */
+static void
+check_if_done(void) {
+ debug("check_if_done()");
+ debug("list %s", ISC_LIST_EMPTY(lookup_list) ? "empty" : "full");
+ if (ISC_LIST_EMPTY(lookup_list) && current_lookup == NULL &&
+ sendcount == 0) {
+ INSIST(sockcount == 0);
+ INSIST(recvcount == 0);
+ debug("shutting down");
+ dighost_shutdown();
+ }
+}
+
+/*%
+ * Clear out a query when we're done with it. WARNING: This routine
+ * WILL invalidate the query pointer.
+ */
+static void
+clear_query(dig_query_t *query) {
+ dig_lookup_t *lookup;
+
+ REQUIRE(query != NULL);
+
+ debug("clear_query(%p)", query);
+
+ lookup = query->lookup;
+
+ if (lookup->current_query == query)
+ lookup->current_query = NULL;
+
+ ISC_LIST_UNLINK(lookup->q, query, link);
+ if (ISC_LINK_LINKED(&query->recvbuf, link))
+ ISC_LIST_DEQUEUE(query->recvlist, &query->recvbuf,
+ link);
+ if (ISC_LINK_LINKED(&query->lengthbuf, link))
+ ISC_LIST_DEQUEUE(query->lengthlist, &query->lengthbuf,
+ link);
+ INSIST(query->recvspace != NULL);
+ if (query->sock != NULL) {
+ isc_socket_detach(&query->sock);
+ sockcount--;
+ debug("sockcount=%d", sockcount);
+ }
+ isc_mempool_put(commctx, query->recvspace);
+ isc_buffer_invalidate(&query->recvbuf);
+ isc_buffer_invalidate(&query->lengthbuf);
+ if (query->waiting_senddone)
+ query->pending_free = ISC_TRUE;
+ else
+ isc_mem_free(mctx, query);
+}
+
+/*%
+ * Try and clear out a lookup if we're done with it. Return ISC_TRUE if
+ * the lookup was successfully cleared. If ISC_TRUE is returned, the
+ * lookup pointer has been invalidated.
+ */
+static isc_boolean_t
+try_clear_lookup(dig_lookup_t *lookup) {
+ dig_query_t *q;
+
+ REQUIRE(lookup != NULL);
+
+ debug("try_clear_lookup(%p)", lookup);
+
+ if (ISC_LIST_HEAD(lookup->q) != NULL) {
+ if (debugging) {
+ q = ISC_LIST_HEAD(lookup->q);
+ while (q != NULL) {
+ debug("query to %s still pending", q->servname);
+ q = ISC_LIST_NEXT(q, link);
+ }
+ }
+ return (ISC_FALSE);
+ }
+
+ /*
+ * At this point, we know there are no queries on the lookup,
+ * so can make it go away also.
+ */
+ destroy_lookup(lookup);
+ return (ISC_TRUE);
+}
+
+void
+destroy_lookup(dig_lookup_t *lookup) {
+ dig_server_t *s;
+ void *ptr;
+
+ debug("destroy");
+ s = ISC_LIST_HEAD(lookup->my_server_list);
+ while (s != NULL) {
+ debug("freeing server %p belonging to %p", s, lookup);
+ ptr = s;
+ s = ISC_LIST_NEXT(s, link);
+ ISC_LIST_DEQUEUE(lookup->my_server_list,
+ (dig_server_t *)ptr, link);
+ isc_mem_free(mctx, ptr);
+ }
+ if (lookup->sendmsg != NULL)
+ dns_message_destroy(&lookup->sendmsg);
+ if (lookup->querysig != NULL) {
+ debug("freeing buffer %p", lookup->querysig);
+ isc_buffer_free(&lookup->querysig);
+ }
+ if (lookup->timer != NULL)
+ isc_timer_detach(&lookup->timer);
+ if (lookup->sendspace != NULL)
+ isc_mempool_put(commctx, lookup->sendspace);
+
+ if (lookup->tsigctx != NULL)
+ dst_context_destroy(&lookup->tsigctx);
+
+ isc_mem_free(mctx, lookup);
+}
+
+/*%
+ * If we can, start the next lookup in the queue running.
+ * This assumes that the lookup on the head of the queue hasn't been
+ * started yet. It also removes the lookup from the head of the queue,
+ * setting the current_lookup pointer pointing to it.
+ */
+void
+start_lookup(void) {
+ debug("start_lookup()");
+ if (cancel_now)
+ return;
+
+ /*
+ * If there's a current lookup running, we really shouldn't get
+ * here.
+ */
+ INSIST(current_lookup == NULL);
+
+ current_lookup = ISC_LIST_HEAD(lookup_list);
+ /*
+ * Put the current lookup somewhere so cancel_all can find it
+ */
+ if (current_lookup != NULL) {
+ ISC_LIST_DEQUEUE(lookup_list, current_lookup, link);
+#if DIG_SIGCHASE_TD
+ if (current_lookup->do_topdown &&
+ !current_lookup->rdtype_sigchaseset) {
+ dst_key_t *trustedkey = NULL;
+ isc_buffer_t *b = NULL;
+ isc_region_t r;
+ isc_result_t result;
+ dns_name_t query_name;
+ dns_name_t *key_name;
+ int i;
+
+ result = get_trusted_key(mctx);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; No trusted key, "
+ "+sigchase option is disabled\n");
+ current_lookup->sigchase = ISC_FALSE;
+ goto novalidation;
+ }
+ dns_name_init(&query_name, NULL);
+ nameFromString(current_lookup->textname, &query_name);
+
+ for (i = 0; i < tk_list.nb_tk; i++) {
+ key_name = dst_key_name(tk_list.key[i]);
+
+ if (dns_name_issubdomain(&query_name,
+ key_name) == ISC_TRUE)
+ trustedkey = tk_list.key[i];
+ /*
+ * Verifier que la temp est bien la plus basse
+ * WARNING
+ */
+ }
+ if (trustedkey == NULL) {
+ printf("\n;; The queried zone: ");
+ dns_name_print(&query_name, stdout);
+ printf(" isn't a subdomain of any Trusted Keys"
+ ": +sigchase option is disable\n");
+ current_lookup->sigchase = ISC_FALSE;
+ free_name(&query_name, mctx);
+ goto novalidation;
+ }
+ free_name(&query_name, mctx);
+
+ current_lookup->rdtype_sigchase
+ = current_lookup->rdtype;
+ current_lookup->rdtype_sigchaseset
+ = current_lookup->rdtypeset;
+ current_lookup->rdtype = dns_rdatatype_ns;
+
+ current_lookup->qrdtype_sigchase
+ = current_lookup->qrdtype;
+ current_lookup->qrdtype = dns_rdatatype_ns;
+
+ current_lookup->rdclass_sigchase
+ = current_lookup->rdclass;
+ current_lookup->rdclass_sigchaseset
+ = current_lookup->rdclassset;
+ current_lookup->rdclass = dns_rdataclass_in;
+
+ strncpy(current_lookup->textnamesigchase,
+ current_lookup->textname, MXNAME);
+
+ current_lookup->trace_root_sigchase = ISC_TRUE;
+
+ result = isc_buffer_allocate(mctx, &b, BUFSIZE);
+ check_result(result, "isc_buffer_allocate");
+ result = dns_name_totext(dst_key_name(trustedkey),
+ ISC_FALSE, b);
+ check_result(result, "dns_name_totext");
+ isc_buffer_usedregion(b, &r);
+ r.base[r.length] = '\0';
+ strncpy(current_lookup->textname, (char*)r.base,
+ MXNAME);
+ isc_buffer_free(&b);
+
+ nameFromString(current_lookup->textnamesigchase,
+ &chase_name);
+
+ dns_name_init(&chase_authority_name, NULL);
+ }
+ novalidation:
+#endif
+ setup_lookup(current_lookup);
+ do_lookup(current_lookup);
+ } else {
+ check_if_done();
+ }
+}
+
+/*%
+ * If we can, clear the current lookup and start the next one running.
+ * This calls try_clear_lookup, so may invalidate the lookup pointer.
+ */
+static void
+check_next_lookup(dig_lookup_t *lookup) {
+
+ INSIST(!free_now);
+
+ debug("check_next_lookup(%p)", lookup);
+
+ if (ISC_LIST_HEAD(lookup->q) != NULL) {
+ debug("still have a worker");
+ return;
+ }
+ if (try_clear_lookup(lookup)) {
+ current_lookup = NULL;
+ start_lookup();
+ }
+}
+
+/*%
+ * Create and queue a new lookup as a followup to the current lookup,
+ * based on the supplied message and section. This is used in trace and
+ * name server search modes to start a new lookup using servers from
+ * NS records in a reply. Returns the number of followup lookups made.
+ */
+static int
+followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
+{
+ dig_lookup_t *lookup = NULL;
+ dig_server_t *srv = NULL;
+ dns_rdataset_t *rdataset = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_name_t *name = NULL;
+ isc_result_t result;
+ isc_boolean_t success = ISC_FALSE;
+ int numLookups = 0;
+ dns_name_t *domain;
+ isc_boolean_t horizontal = ISC_FALSE, bad = ISC_FALSE;
+
+ INSIST(!free_now);
+
+ debug("following up %s", query->lookup->textname);
+
+ for (result = dns_message_firstname(msg, section);
+ result == ISC_R_SUCCESS;
+ result = dns_message_nextname(msg, section)) {
+ name = NULL;
+ dns_message_currentname(msg, section, &name);
+
+ if (section == DNS_SECTION_AUTHORITY) {
+ rdataset = NULL;
+ result = dns_message_findtype(name, dns_rdatatype_soa,
+ 0, &rdataset);
+ if (result == ISC_R_SUCCESS)
+ return (0);
+ }
+ rdataset = NULL;
+ result = dns_message_findtype(name, dns_rdatatype_ns, 0,
+ &rdataset);
+ if (result != ISC_R_SUCCESS)
+ continue;
+
+ debug("found NS set");
+
+ if (query->lookup->trace && !query->lookup->trace_root) {
+ dns_namereln_t namereln;
+ unsigned int nlabels;
+ int order;
+
+ domain = dns_fixedname_name(&query->lookup->fdomain);
+ namereln = dns_name_fullcompare(name, domain,
+ &order, &nlabels);
+ if (namereln == dns_namereln_equal) {
+ if (!horizontal)
+ printf(";; BAD (HORIZONTAL) REFERRAL\n");
+ horizontal = ISC_TRUE;
+ } else if (namereln != dns_namereln_subdomain) {
+ if (!bad)
+ printf(";; BAD REFERRAL\n");
+ bad = ISC_TRUE;
+ continue;
+ }
+ }
+
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset)) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_rdata_ns_t ns;
+
+ if (query->lookup->trace_root &&
+ query->lookup->nsfound >= MXSERV)
+ break;
+
+ dns_rdataset_current(rdataset, &rdata);
+
+ query->lookup->nsfound++;
+ result = dns_rdata_tostruct(&rdata, &ns, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ dns_name_format(&ns.name, namestr, sizeof(namestr));
+ dns_rdata_freestruct(&ns);
+
+ /* Initialize lookup if we've not yet */
+ debug("found NS %d %s", numLookups, namestr);
+ numLookups++;
+ if (!success) {
+ success = ISC_TRUE;
+ lookup_counter++;
+ lookup = requeue_lookup(query->lookup,
+ ISC_FALSE);
+ cancel_lookup(query->lookup);
+ lookup->doing_xfr = ISC_FALSE;
+ if (!lookup->trace_root &&
+ section == DNS_SECTION_ANSWER)
+ lookup->trace = ISC_FALSE;
+ else
+ lookup->trace = query->lookup->trace;
+ lookup->ns_search_only =
+ query->lookup->ns_search_only;
+ lookup->trace_root = ISC_FALSE;
+ if (lookup->ns_search_only)
+ lookup->recurse = ISC_FALSE;
+ dns_fixedname_init(&lookup->fdomain);
+ domain = dns_fixedname_name(&lookup->fdomain);
+ dns_name_copy(name, domain, NULL);
+ }
+ srv = make_server(namestr, namestr);
+ debug("adding server %s", srv->servername);
+ ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+ dns_rdata_reset(&rdata);
+ }
+ }
+
+ if (lookup == NULL &&
+ section == DNS_SECTION_ANSWER &&
+ (query->lookup->trace || query->lookup->ns_search_only))
+ return (followup_lookup(msg, query, DNS_SECTION_AUTHORITY));
+
+ /*
+ * Randomize the order the nameserver will be tried.
+ */
+ if (numLookups > 1) {
+ isc_uint32_t i, j;
+ dig_serverlist_t my_server_list;
+
+ ISC_LIST_INIT(my_server_list);
+
+ for (i = numLookups; i > 0; i--) {
+ isc_random_get(&j);
+ j %= i;
+ srv = ISC_LIST_HEAD(lookup->my_server_list);
+ while (j-- > 0)
+ srv = ISC_LIST_NEXT(srv, link);
+ ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link);
+ ISC_LIST_APPEND(my_server_list, srv, link);
+ }
+ ISC_LIST_APPENDLIST(lookup->my_server_list,
+ my_server_list, link);
+ }
+
+ return (numLookups);
+}
+
+/*%
+ * Create and queue a new lookup using the next origin from the search
+ * list, read in setup_system().
+ *
+ * Return ISC_TRUE iff there was another searchlist entry.
+ */
+static isc_boolean_t
+next_origin(dns_message_t *msg, dig_query_t *query) {
+ dig_lookup_t *lookup;
+ dig_searchlist_t *search;
+
+ UNUSED(msg);
+
+ INSIST(!free_now);
+
+ debug("next_origin()");
+ debug("following up %s", query->lookup->textname);
+
+ if (!usesearch)
+ /*
+ * We're not using a search list, so don't even think
+ * about finding the next entry.
+ */
+ return (ISC_FALSE);
+ if (query->lookup->origin == NULL && !query->lookup->need_search)
+ /*
+ * Then we just did rootorg; there's nothing left.
+ */
+ return (ISC_FALSE);
+ if (query->lookup->origin == NULL && query->lookup->need_search) {
+ lookup = requeue_lookup(query->lookup, ISC_TRUE);
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ } else {
+ search = ISC_LIST_NEXT(query->lookup->origin, link);
+ if (search == NULL && query->lookup->done_as_is)
+ return (ISC_FALSE);
+ lookup = requeue_lookup(query->lookup, ISC_TRUE);
+ lookup->origin = search;
+ }
+ cancel_lookup(query->lookup);
+ return (ISC_TRUE);
+}
+
+/*%
+ * Insert an SOA record into the sendmessage in a lookup. Used for
+ * creating IXFR queries.
+ */
+static void
+insert_soa(dig_lookup_t *lookup) {
+ isc_result_t result;
+ dns_rdata_soa_t soa;
+ dns_rdata_t *rdata = NULL;
+ dns_rdatalist_t *rdatalist = NULL;
+ dns_rdataset_t *rdataset = NULL;
+ dns_name_t *soaname = NULL;
+
+ debug("insert_soa()");
+ soa.mctx = mctx;
+ soa.serial = lookup->ixfr_serial;
+ soa.refresh = 0;
+ soa.retry = 0;
+ soa.expire = 0;
+ soa.minimum = 0;
+ soa.common.rdclass = lookup->rdclass;
+ soa.common.rdtype = dns_rdatatype_soa;
+
+ dns_name_init(&soa.origin, NULL);
+ dns_name_init(&soa.contact, NULL);
+
+ dns_name_clone(dns_rootname, &soa.origin);
+ dns_name_clone(dns_rootname, &soa.contact);
+
+ isc_buffer_init(&lookup->rdatabuf, lookup->rdatastore,
+ sizeof(lookup->rdatastore));
+
+ result = dns_message_gettemprdata(lookup->sendmsg, &rdata);
+ check_result(result, "dns_message_gettemprdata");
+
+ result = dns_rdata_fromstruct(rdata, lookup->rdclass,
+ dns_rdatatype_soa, &soa,
+ &lookup->rdatabuf);
+ check_result(result, "isc_rdata_fromstruct");
+
+ result = dns_message_gettemprdatalist(lookup->sendmsg, &rdatalist);
+ check_result(result, "dns_message_gettemprdatalist");
+
+ result = dns_message_gettemprdataset(lookup->sendmsg, &rdataset);
+ check_result(result, "dns_message_gettemprdataset");
+
+ dns_rdatalist_init(rdatalist);
+ rdatalist->type = dns_rdatatype_soa;
+ rdatalist->rdclass = lookup->rdclass;
+ rdatalist->covers = 0;
+ rdatalist->ttl = 0;
+ ISC_LIST_INIT(rdatalist->rdata);
+ ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
+
+ dns_rdataset_init(rdataset);
+ dns_rdatalist_tordataset(rdatalist, rdataset);
+
+ result = dns_message_gettempname(lookup->sendmsg, &soaname);
+ check_result(result, "dns_message_gettempname");
+ dns_name_init(soaname, NULL);
+ dns_name_clone(lookup->name, soaname);
+ ISC_LIST_INIT(soaname->list);
+ ISC_LIST_APPEND(soaname->list, rdataset, link);
+ dns_message_addname(lookup->sendmsg, soaname, DNS_SECTION_AUTHORITY);
+}
+
+/*%
+ * Setup the supplied lookup structure, making it ready to start sending
+ * queries to servers. Create and initialize the message to be sent as
+ * well as the query structures and buffer space for the replies. If the
+ * server list is empty, clone it from the system default list.
+ */
+void
+setup_lookup(dig_lookup_t *lookup) {
+ isc_result_t result;
+ isc_uint32_t id;
+ int len;
+ dig_server_t *serv;
+ dig_query_t *query;
+ isc_buffer_t b;
+ dns_compress_t cctx;
+ char store[MXNAME];
+#ifdef WITH_IDN
+ idn_result_t mr;
+ char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME];
+#endif
+
+#ifdef WITH_IDN
+ result = dns_name_settotextfilter(output_filter);
+ check_result(result, "dns_name_settotextfilter");
+#endif
+
+ REQUIRE(lookup != NULL);
+ INSIST(!free_now);
+
+ debug("setup_lookup(%p)", lookup);
+
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
+ &lookup->sendmsg);
+ check_result(result, "dns_message_create");
+
+ if (lookup->new_search) {
+ debug("resetting lookup counter.");
+ lookup_counter = 0;
+ }
+
+ if (ISC_LIST_EMPTY(lookup->my_server_list)) {
+ debug("cloning server list");
+ clone_server_list(server_list, &lookup->my_server_list);
+ }
+ result = dns_message_gettempname(lookup->sendmsg, &lookup->name);
+ check_result(result, "dns_message_gettempname");
+ dns_name_init(lookup->name, NULL);
+
+ isc_buffer_init(&lookup->namebuf, lookup->namespace,
+ sizeof(lookup->namespace));
+ isc_buffer_init(&lookup->onamebuf, lookup->onamespace,
+ sizeof(lookup->onamespace));
+
+#ifdef WITH_IDN
+ /*
+ * We cannot convert `textname' and `origin' separately.
+ * `textname' doesn't contain TLD, but local mapping needs
+ * TLD.
+ */
+ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
+ utf8_textname, sizeof(utf8_textname));
+ idn_check_result(mr, "convert textname to UTF-8");
+#endif
+
+ /*
+ * If the name has too many dots, force the origin to be NULL
+ * (which produces an absolute lookup). Otherwise, take the origin
+ * we have if there's one in the struct already. If it's NULL,
+ * take the first entry in the searchlist iff either usesearch
+ * is TRUE or we got a domain line in the resolv.conf file.
+ */
+ if (lookup->new_search) {
+#ifdef WITH_IDN
+ if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
+ lookup->origin = NULL; /* Force abs lookup */
+ lookup->done_as_is = ISC_TRUE;
+ lookup->need_search = usesearch;
+ } else if (lookup->origin == NULL && usesearch) {
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ }
+#else
+ if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
+ lookup->origin = NULL; /* Force abs lookup */
+ lookup->done_as_is = ISC_TRUE;
+ lookup->need_search = usesearch;
+ } else if (lookup->origin == NULL && usesearch) {
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ }
+#endif
+ }
+
+#ifdef WITH_IDN
+ if (lookup->origin != NULL) {
+ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP,
+ lookup->origin->origin, utf8_origin,
+ sizeof(utf8_origin));
+ idn_check_result(mr, "convert origin to UTF-8");
+ mr = append_textname(utf8_textname, utf8_origin,
+ sizeof(utf8_textname));
+ idn_check_result(mr, "append origin to textname");
+ }
+ mr = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP |
+ IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
+ idn_textname, sizeof(idn_textname));
+ idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
+#else
+ if (lookup->origin != NULL) {
+ debug("trying origin %s", lookup->origin->origin);
+ result = dns_message_gettempname(lookup->sendmsg,
+ &lookup->oname);
+ check_result(result, "dns_message_gettempname");
+ dns_name_init(lookup->oname, NULL);
+ /* XXX Helper funct to conv char* to name? */
+ len = strlen(lookup->origin->origin);
+ isc_buffer_init(&b, lookup->origin->origin, len);
+ isc_buffer_add(&b, len);
+ result = dns_name_fromtext(lookup->oname, &b, dns_rootname,
+ ISC_FALSE, &lookup->onamebuf);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->name);
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->oname);
+ fatal("'%s' is not in legal name syntax (%s)",
+ lookup->origin->origin,
+ isc_result_totext(result));
+ }
+ if (lookup->trace && lookup->trace_root) {
+ dns_name_clone(dns_rootname, lookup->name);
+ } else {
+ len = strlen(lookup->textname);
+ isc_buffer_init(&b, lookup->textname, len);
+ isc_buffer_add(&b, len);
+ result = dns_name_fromtext(lookup->name, &b,
+ lookup->oname, ISC_FALSE,
+ &lookup->namebuf);
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->name);
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->oname);
+ fatal("'%s' is not in legal name syntax (%s)",
+ lookup->textname, isc_result_totext(result));
+ }
+ dns_message_puttempname(lookup->sendmsg, &lookup->oname);
+ } else
+#endif
+ {
+ debug("using root origin");
+ if (lookup->trace && lookup->trace_root)
+ dns_name_clone(dns_rootname, lookup->name);
+ else {
+#ifdef WITH_IDN
+ len = strlen(idn_textname);
+ isc_buffer_init(&b, idn_textname, len);
+ isc_buffer_add(&b, len);
+ result = dns_name_fromtext(lookup->name, &b,
+ dns_rootname,
+ ISC_FALSE,
+ &lookup->namebuf);
+#else
+ len = strlen(lookup->textname);
+ isc_buffer_init(&b, lookup->textname, len);
+ isc_buffer_add(&b, len);
+ result = dns_name_fromtext(lookup->name, &b,
+ dns_rootname,
+ ISC_FALSE,
+ &lookup->namebuf);
+#endif
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(lookup->sendmsg,
+ &lookup->name);
+ isc_buffer_init(&b, store, MXNAME);
+ fatal("'%s' is not a legal name "
+ "(%s)", lookup->textname,
+ isc_result_totext(result));
+ }
+ }
+ dns_name_format(lookup->name, store, sizeof(store));
+ trying(store, lookup);
+ INSIST(dns_name_isabsolute(lookup->name));
+
+ isc_random_get(&id);
+ lookup->sendmsg->id = (unsigned short)id & 0xFFFF;
+ lookup->sendmsg->opcode = dns_opcode_query;
+ lookup->msgcounter = 0;
+ /*
+ * If this is a trace request, completely disallow recursion, since
+ * it's meaningless for traces.
+ */
+ if (lookup->trace || (lookup->ns_search_only && !lookup->trace_root))
+ lookup->recurse = ISC_FALSE;
+
+ if (lookup->recurse &&
+ lookup->rdtype != dns_rdatatype_axfr &&
+ lookup->rdtype != dns_rdatatype_ixfr) {
+ debug("recursive query");
+ lookup->sendmsg->flags |= DNS_MESSAGEFLAG_RD;
+ }
+
+ /* XXX aaflag */
+ if (lookup->aaonly) {
+ debug("AA query");
+ lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AA;
+ }
+
+ if (lookup->adflag) {
+ debug("AD query");
+ lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AD;
+ }
+
+ if (lookup->cdflag) {
+ debug("CD query");
+ lookup->sendmsg->flags |= DNS_MESSAGEFLAG_CD;
+ }
+
+ dns_message_addname(lookup->sendmsg, lookup->name,
+ DNS_SECTION_QUESTION);
+
+ if (lookup->trace && lookup->trace_root) {
+ lookup->qrdtype = lookup->rdtype;
+ lookup->rdtype = dns_rdatatype_ns;
+ }
+
+ if ((lookup->rdtype == dns_rdatatype_axfr) ||
+ (lookup->rdtype == dns_rdatatype_ixfr)) {
+ /*
+ * Force TCP mode if we're doing an axfr.
+ */
+ if (lookup->rdtype == dns_rdatatype_axfr) {
+ lookup->doing_xfr = ISC_TRUE;
+ lookup->tcp_mode = ISC_TRUE;
+ } else if (lookup->tcp_mode) {
+ lookup->doing_xfr = ISC_TRUE;
+ }
+ }
+
+ add_question(lookup->sendmsg, lookup->name, lookup->rdclass,
+ lookup->rdtype);
+
+ /* add_soa */
+ if (lookup->rdtype == dns_rdatatype_ixfr)
+ insert_soa(lookup);
+
+ /* XXX Insist this? */
+ lookup->tsigctx = NULL;
+ lookup->querysig = NULL;
+ if (key != NULL) {
+ debug("initializing keys");
+ result = dns_message_settsigkey(lookup->sendmsg, key);
+ check_result(result, "dns_message_settsigkey");
+ }
+
+ lookup->sendspace = isc_mempool_get(commctx);
+ if (lookup->sendspace == NULL)
+ fatal("memory allocation failure");
+
+ result = dns_compress_init(&cctx, -1, mctx);
+ check_result(result, "dns_compress_init");
+
+ debug("starting to render the message");
+ isc_buffer_init(&lookup->renderbuf, lookup->sendspace, COMMSIZE);
+ result = dns_message_renderbegin(lookup->sendmsg, &cctx,
+ &lookup->renderbuf);
+ check_result(result, "dns_message_renderbegin");
+ if (lookup->udpsize > 0 || lookup->dnssec || lookup->edns > -1) {
+ if (lookup->udpsize == 0)
+ lookup->udpsize = 4096;
+ if (lookup->edns < 0)
+ lookup->edns = 0;
+ add_opt(lookup->sendmsg, lookup->udpsize,
+ lookup->edns, lookup->dnssec, lookup->nsid);
+ }
+
+ result = dns_message_rendersection(lookup->sendmsg,
+ DNS_SECTION_QUESTION, 0);
+ check_result(result, "dns_message_rendersection");
+ result = dns_message_rendersection(lookup->sendmsg,
+ DNS_SECTION_AUTHORITY, 0);
+ check_result(result, "dns_message_rendersection");
+ result = dns_message_renderend(lookup->sendmsg);
+ check_result(result, "dns_message_renderend");
+ debug("done rendering");
+
+ dns_compress_invalidate(&cctx);
+
+ /*
+ * Force TCP mode if the request is larger than 512 bytes.
+ */
+ if (isc_buffer_usedlength(&lookup->renderbuf) > 512)
+ lookup->tcp_mode = ISC_TRUE;
+
+ lookup->pending = ISC_FALSE;
+
+ for (serv = ISC_LIST_HEAD(lookup->my_server_list);
+ serv != NULL;
+ serv = ISC_LIST_NEXT(serv, link)) {
+ query = isc_mem_allocate(mctx, sizeof(dig_query_t));
+ if (query == NULL)
+ fatal("memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ debug("create query %p linked to lookup %p",
+ query, lookup);
+ query->lookup = lookup;
+ query->waiting_connect = ISC_FALSE;
+ query->waiting_senddone = ISC_FALSE;
+ query->pending_free = ISC_FALSE;
+ query->recv_made = ISC_FALSE;
+ query->first_pass = ISC_TRUE;
+ query->first_soa_rcvd = ISC_FALSE;
+ query->second_rr_rcvd = ISC_FALSE;
+ query->first_repeat_rcvd = ISC_FALSE;
+ query->warn_id = ISC_TRUE;
+ query->first_rr_serial = 0;
+ query->second_rr_serial = 0;
+ query->servname = serv->servername;
+ query->userarg = serv->userarg;
+ query->rr_count = 0;
+ query->msg_count = 0;
+ query->byte_count = 0;
+ ISC_LINK_INIT(query, link);
+ ISC_LIST_INIT(query->recvlist);
+ ISC_LIST_INIT(query->lengthlist);
+ query->sock = NULL;
+ query->recvspace = isc_mempool_get(commctx);
+ if (query->recvspace == NULL)
+ fatal("memory allocation failure");
+
+ isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
+ isc_buffer_init(&query->lengthbuf, query->lengthspace, 2);
+ isc_buffer_init(&query->slbuf, query->slspace, 2);
+ query->sendbuf = lookup->renderbuf;
+
+ ISC_LINK_INIT(query, link);
+ ISC_LIST_ENQUEUE(lookup->q, query, link);
+ }
+ /* XXX qrflag, print_query, etc... */
+ if (!ISC_LIST_EMPTY(lookup->q) && qr) {
+ extrabytes = 0;
+ printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg,
+ ISC_TRUE);
+ }
+}
+
+/*%
+ * Event handler for send completion. Track send counter, and clear out
+ * the query if the send was canceled.
+ */
+static void
+send_done(isc_task_t *_task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+ isc_buffer_t *b = NULL;
+ dig_query_t *query, *next;
+ dig_lookup_t *l;
+
+ REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
+
+ UNUSED(_task);
+
+ LOCK_LOOKUP;
+
+ debug("send_done()");
+ sendcount--;
+ debug("sendcount=%d", sendcount);
+ INSIST(sendcount >= 0);
+
+ for (b = ISC_LIST_HEAD(sevent->bufferlist);
+ b != NULL;
+ b = ISC_LIST_HEAD(sevent->bufferlist))
+ ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
+
+ query = event->ev_arg;
+ query->waiting_senddone = ISC_FALSE;
+ l = query->lookup;
+
+ if (l->ns_search_only && !l->trace_root) {
+ debug("sending next, since searching");
+ next = ISC_LIST_NEXT(query, link);
+ if (next != NULL)
+ send_udp(next);
+ }
+
+ isc_event_free(&event);
+
+ if (query->pending_free)
+ isc_mem_free(mctx, query);
+
+ check_if_done();
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * Cancel a lookup, sending isc_socket_cancel() requests to all outstanding
+ * IO sockets. The cancel handlers should take care of cleaning up the
+ * query and lookup structures
+ */
+static void
+cancel_lookup(dig_lookup_t *lookup) {
+ dig_query_t *query, *next;
+
+ debug("cancel_lookup()");
+ query = ISC_LIST_HEAD(lookup->q);
+ while (query != NULL) {
+ next = ISC_LIST_NEXT(query, link);
+ if (query->sock != NULL) {
+ isc_socket_cancel(query->sock, global_task,
+ ISC_SOCKCANCEL_ALL);
+ check_if_done();
+ } else {
+ clear_query(query);
+ }
+ query = next;
+ }
+ if (lookup->timer != NULL)
+ isc_timer_detach(&lookup->timer);
+ lookup->pending = ISC_FALSE;
+ lookup->retries = 0;
+}
+
+static void
+bringup_timer(dig_query_t *query, unsigned int default_timeout) {
+ dig_lookup_t *l;
+ unsigned int local_timeout;
+ isc_result_t result;
+
+ debug("bringup_timer()");
+ /*
+ * If the timer already exists, that means we're calling this
+ * a second time (for a retry). Don't need to recreate it,
+ * just reset it.
+ */
+ l = query->lookup;
+ if (ISC_LIST_NEXT(query, link) != NULL)
+ local_timeout = SERVER_TIMEOUT;
+ else {
+ if (timeout == 0)
+ local_timeout = default_timeout;
+ else
+ local_timeout = timeout;
+ }
+ debug("have local timeout of %d", local_timeout);
+ isc_interval_set(&l->interval, local_timeout, 0);
+ if (l->timer != NULL)
+ isc_timer_detach(&l->timer);
+ result = isc_timer_create(timermgr, isc_timertype_once, NULL,
+ &l->interval, global_task, connect_timeout,
+ l, &l->timer);
+ check_result(result, "isc_timer_create");
+}
+
+static void
+connect_done(isc_task_t *task, isc_event_t *event);
+
+/*%
+ * Unlike send_udp, this can't be called multiple times with the same
+ * query. When we retry TCP, we requeue the whole lookup, which should
+ * start anew.
+ */
+static void
+send_tcp_connect(dig_query_t *query) {
+ isc_result_t result;
+ dig_query_t *next;
+ dig_lookup_t *l;
+
+ debug("send_tcp_connect(%p)", query);
+
+ l = query->lookup;
+ query->waiting_connect = ISC_TRUE;
+ query->lookup->current_query = query;
+ get_address(query->servname, port, &query->sockaddr);
+
+ if (specified_source &&
+ (isc_sockaddr_pf(&query->sockaddr) !=
+ isc_sockaddr_pf(&bind_address))) {
+ printf(";; Skipping server %s, incompatible "
+ "address family\n", query->servname);
+ query->waiting_connect = ISC_FALSE;
+ next = ISC_LIST_NEXT(query, link);
+ l = query->lookup;
+ clear_query(query);
+ if (next == NULL) {
+ printf(";; No acceptable nameservers\n");
+ check_next_lookup(l);
+ return;
+ }
+ send_tcp_connect(next);
+ return;
+ }
+ INSIST(query->sock == NULL);
+ result = isc_socket_create(socketmgr,
+ isc_sockaddr_pf(&query->sockaddr),
+ isc_sockettype_tcp, &query->sock);
+ check_result(result, "isc_socket_create");
+ sockcount++;
+ debug("sockcount=%d", sockcount);
+ if (specified_source)
+ result = isc_socket_bind(query->sock, &bind_address,
+ ISC_SOCKET_REUSEADDRESS);
+ else {
+ if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
+ have_ipv4)
+ isc_sockaddr_any(&bind_any);
+ else
+ isc_sockaddr_any6(&bind_any);
+ result = isc_socket_bind(query->sock, &bind_any, 0);
+ }
+ check_result(result, "isc_socket_bind");
+ bringup_timer(query, TCP_TIMEOUT);
+ result = isc_socket_connect(query->sock, &query->sockaddr,
+ global_task, connect_done, query);
+ check_result(result, "isc_socket_connect");
+ /*
+ * If we're at the endgame of a nameserver search, we need to
+ * immediately bring up all the queries. Do it here.
+ */
+ if (l->ns_search_only && !l->trace_root) {
+ debug("sending next, since searching");
+ next = ISC_LIST_NEXT(query, link);
+ if (next != NULL)
+ send_tcp_connect(next);
+ }
+}
+
+/*%
+ * Send a UDP packet to the remote nameserver, possible starting the
+ * recv action as well. Also make sure that the timer is running and
+ * is properly reset.
+ */
+static void
+send_udp(dig_query_t *query) {
+ dig_lookup_t *l = NULL;
+ isc_result_t result;
+
+ debug("send_udp(%p)", query);
+
+ l = query->lookup;
+ bringup_timer(query, UDP_TIMEOUT);
+ l->current_query = query;
+ debug("working on lookup %p, query %p", query->lookup, query);
+ if (!query->recv_made) {
+ /* XXX Check the sense of this, need assertion? */
+ query->waiting_connect = ISC_FALSE;
+ get_address(query->servname, port, &query->sockaddr);
+
+ result = isc_socket_create(socketmgr,
+ isc_sockaddr_pf(&query->sockaddr),
+ isc_sockettype_udp, &query->sock);
+ check_result(result, "isc_socket_create");
+ sockcount++;
+ debug("sockcount=%d", sockcount);
+ if (specified_source) {
+ result = isc_socket_bind(query->sock, &bind_address,
+ ISC_SOCKET_REUSEADDRESS);
+ } else {
+ isc_sockaddr_anyofpf(&bind_any,
+ isc_sockaddr_pf(&query->sockaddr));
+ result = isc_socket_bind(query->sock, &bind_any, 0);
+ }
+ check_result(result, "isc_socket_bind");
+
+ query->recv_made = ISC_TRUE;
+ ISC_LINK_INIT(&query->recvbuf, link);
+ ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf,
+ link);
+ debug("recving with lookup=%p, query=%p, sock=%p",
+ query->lookup, query, query->sock);
+ result = isc_socket_recvv(query->sock, &query->recvlist, 1,
+ global_task, recv_done, query);
+ check_result(result, "isc_socket_recvv");
+ recvcount++;
+ debug("recvcount=%d", recvcount);
+ }
+ ISC_LIST_INIT(query->sendlist);
+ ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
+ debug("sending a request");
+ TIME_NOW(&query->time_sent);
+ INSIST(query->sock != NULL);
+ query->waiting_senddone = ISC_TRUE;
+ result = isc_socket_sendtov(query->sock, &query->sendlist,
+ global_task, send_done, query,
+ &query->sockaddr, NULL);
+ check_result(result, "isc_socket_sendtov");
+ sendcount++;
+}
+
+/*%
+ * IO timeout handler, used for both connect and recv timeouts. If
+ * retries are still allowed, either resend the UDP packet or queue a
+ * new TCP lookup. Otherwise, cancel the lookup.
+ */
+static void
+connect_timeout(isc_task_t *task, isc_event_t *event) {
+ dig_lookup_t *l = NULL;
+ dig_query_t *query = NULL, *cq;
+
+ UNUSED(task);
+ REQUIRE(event->ev_type == ISC_TIMEREVENT_IDLE);
+
+ debug("connect_timeout()");
+
+ LOCK_LOOKUP;
+ l = event->ev_arg;
+ query = l->current_query;
+ isc_event_free(&event);
+
+ INSIST(!free_now);
+
+ if ((query != NULL) && (query->lookup->current_query != NULL) &&
+ (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
+ debug("trying next server...");
+ cq = query->lookup->current_query;
+ if (!l->tcp_mode)
+ send_udp(ISC_LIST_NEXT(cq, link));
+ else
+ send_tcp_connect(ISC_LIST_NEXT(cq, link));
+ UNLOCK_LOOKUP;
+ return;
+ }
+
+ if (l->retries > 1) {
+ if (!l->tcp_mode) {
+ l->retries--;
+ debug("resending UDP request to first server");
+ send_udp(ISC_LIST_HEAD(l->q));
+ } else {
+ debug("making new TCP request, %d tries left",
+ l->retries);
+ l->retries--;
+ requeue_lookup(l, ISC_TRUE);
+ cancel_lookup(l);
+ check_next_lookup(l);
+ }
+ } else {
+ fputs(l->cmdline, stdout);
+ printf(";; connection timed out; no servers could be "
+ "reached\n");
+ cancel_lookup(l);
+ check_next_lookup(l);
+ if (exitcode < 9)
+ exitcode = 9;
+ }
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * Event handler for the TCP recv which gets the length header of TCP
+ * packets. Start the next recv of length bytes.
+ */
+static void
+tcp_length_done(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent;
+ isc_buffer_t *b = NULL;
+ isc_result_t result;
+ dig_query_t *query = NULL;
+ dig_lookup_t *l;
+ isc_uint16_t length;
+
+ REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
+ INSIST(!free_now);
+
+ UNUSED(task);
+
+ debug("tcp_length_done()");
+
+ LOCK_LOOKUP;
+ sevent = (isc_socketevent_t *)event;
+ query = event->ev_arg;
+
+ recvcount--;
+ INSIST(recvcount >= 0);
+
+ b = ISC_LIST_HEAD(sevent->bufferlist);
+ INSIST(b == &query->lengthbuf);
+ ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
+
+ if (sevent->result == ISC_R_CANCELED) {
+ isc_event_free(&event);
+ l = query->lookup;
+ clear_query(query);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ if (sevent->result != ISC_R_SUCCESS) {
+ char sockstr[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_format(&query->sockaddr, sockstr,
+ sizeof(sockstr));
+ printf(";; communications error to %s: %s\n",
+ sockstr, isc_result_totext(sevent->result));
+ l = query->lookup;
+ isc_socket_detach(&query->sock);
+ sockcount--;
+ debug("sockcount=%d", sockcount);
+ INSIST(sockcount >= 0);
+ isc_event_free(&event);
+ clear_query(query);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ length = isc_buffer_getuint16(b);
+ if (length == 0) {
+ isc_event_free(&event);
+ launch_next_query(query, ISC_FALSE);
+ UNLOCK_LOOKUP;
+ return;
+ }
+
+ /*
+ * Even though the buffer was already init'ed, we need
+ * to redo it now, to force the length we want.
+ */
+ isc_buffer_invalidate(&query->recvbuf);
+ isc_buffer_init(&query->recvbuf, query->recvspace, length);
+ ENSURE(ISC_LIST_EMPTY(query->recvlist));
+ ISC_LINK_INIT(&query->recvbuf, link);
+ ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
+ debug("recving with lookup=%p, query=%p", query->lookup, query);
+ result = isc_socket_recvv(query->sock, &query->recvlist, length, task,
+ recv_done, query);
+ check_result(result, "isc_socket_recvv");
+ recvcount++;
+ debug("resubmitted recv request with length %d, recvcount=%d",
+ length, recvcount);
+ isc_event_free(&event);
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * For transfers that involve multiple recvs (XFR's in particular),
+ * launch the next recv.
+ */
+static void
+launch_next_query(dig_query_t *query, isc_boolean_t include_question) {
+ isc_result_t result;
+ dig_lookup_t *l;
+
+ INSIST(!free_now);
+
+ debug("launch_next_query()");
+
+ if (!query->lookup->pending) {
+ debug("ignoring launch_next_query because !pending");
+ isc_socket_detach(&query->sock);
+ sockcount--;
+ debug("sockcount=%d", sockcount);
+ INSIST(sockcount >= 0);
+ query->waiting_connect = ISC_FALSE;
+ l = query->lookup;
+ clear_query(query);
+ check_next_lookup(l);
+ return;
+ }
+
+ isc_buffer_clear(&query->slbuf);
+ isc_buffer_clear(&query->lengthbuf);
+ isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used);
+ ISC_LIST_INIT(query->sendlist);
+ ISC_LINK_INIT(&query->slbuf, link);
+ ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link);
+ if (include_question)
+ ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link);
+ ISC_LINK_INIT(&query->lengthbuf, link);
+ ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link);
+
+ result = isc_socket_recvv(query->sock, &query->lengthlist, 0,
+ global_task, tcp_length_done, query);
+ check_result(result, "isc_socket_recvv");
+ recvcount++;
+ debug("recvcount=%d", recvcount);
+ if (!query->first_soa_rcvd) {
+ debug("sending a request in launch_next_query");
+ TIME_NOW(&query->time_sent);
+ query->waiting_senddone = ISC_TRUE;
+ result = isc_socket_sendv(query->sock, &query->sendlist,
+ global_task, send_done, query);
+ check_result(result, "isc_socket_sendv");
+ sendcount++;
+ debug("sendcount=%d", sendcount);
+ }
+ query->waiting_connect = ISC_FALSE;
+#if 0
+ check_next_lookup(query->lookup);
+#endif
+ return;
+}
+
+/*%
+ * Event handler for TCP connect complete. Make sure the connection was
+ * successful, then pass into launch_next_query to actually send the
+ * question.
+ */
+static void
+connect_done(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = NULL;
+ dig_query_t *query = NULL, *next;
+ dig_lookup_t *l;
+
+ UNUSED(task);
+
+ REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT);
+ INSIST(!free_now);
+
+ debug("connect_done()");
+
+ LOCK_LOOKUP;
+ sevent = (isc_socketevent_t *)event;
+ query = sevent->ev_arg;
+
+ INSIST(query->waiting_connect);
+
+ query->waiting_connect = ISC_FALSE;
+
+ if (sevent->result == ISC_R_CANCELED) {
+ debug("in cancel handler");
+ isc_socket_detach(&query->sock);
+ sockcount--;
+ INSIST(sockcount >= 0);
+ debug("sockcount=%d", sockcount);
+ query->waiting_connect = ISC_FALSE;
+ isc_event_free(&event);
+ l = query->lookup;
+ clear_query(query);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ if (sevent->result != ISC_R_SUCCESS) {
+ char sockstr[ISC_SOCKADDR_FORMATSIZE];
+
+ debug("unsuccessful connection: %s",
+ isc_result_totext(sevent->result));
+ isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
+ if (sevent->result != ISC_R_CANCELED)
+ printf(";; Connection to %s(%s) for %s failed: "
+ "%s.\n", sockstr,
+ query->servname, query->lookup->textname,
+ isc_result_totext(sevent->result));
+ isc_socket_detach(&query->sock);
+ sockcount--;
+ INSIST(sockcount >= 0);
+ /* XXX Clean up exitcodes */
+ if (exitcode < 9)
+ exitcode = 9;
+ debug("sockcount=%d", sockcount);
+ query->waiting_connect = ISC_FALSE;
+ isc_event_free(&event);
+ l = query->lookup;
+ if (l->current_query != NULL)
+ next = ISC_LIST_NEXT(l->current_query, link);
+ else
+ next = NULL;
+ clear_query(query);
+ if (next != NULL) {
+ bringup_timer(next, TCP_TIMEOUT);
+ send_tcp_connect(next);
+ } else {
+ check_next_lookup(l);
+ }
+ UNLOCK_LOOKUP;
+ return;
+ }
+ launch_next_query(query, ISC_TRUE);
+ isc_event_free(&event);
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * Check if the ongoing XFR needs more data before it's complete, using
+ * the semantics of IXFR and AXFR protocols. Much of the complexity of
+ * this routine comes from determining when an IXFR is complete.
+ * ISC_FALSE means more data is on the way, and the recv has been issued.
+ */
+static isc_boolean_t
+check_for_more_data(dig_query_t *query, dns_message_t *msg,
+ isc_socketevent_t *sevent)
+{
+ dns_rdataset_t *rdataset = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_soa_t soa;
+ isc_uint32_t serial;
+ isc_result_t result;
+
+ debug("check_for_more_data()");
+
+ /*
+ * By the time we're in this routine, we know we're doing
+ * either an AXFR or IXFR. If there's no second_rr_type,
+ * then we don't yet know which kind of answer we got back
+ * from the server. Here, we're going to walk through the
+ * rr's in the message, acting as necessary whenever we hit
+ * an SOA rr.
+ */
+
+ query->msg_count++;
+ query->byte_count += sevent->n;
+ result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
+ if (result != ISC_R_SUCCESS) {
+ puts("; Transfer failed.");
+ return (ISC_TRUE);
+ }
+ do {
+ dns_name_t *name;
+ name = NULL;
+ dns_message_currentname(msg, DNS_SECTION_ANSWER,
+ &name);
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ result = dns_rdataset_first(rdataset);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ do {
+ query->rr_count++;
+ dns_rdata_reset(&rdata);
+ dns_rdataset_current(rdataset, &rdata);
+ /*
+ * If this is the first rr, make sure
+ * it's an SOA
+ */
+ if ((!query->first_soa_rcvd) &&
+ (rdata.type != dns_rdatatype_soa)) {
+ puts("; Transfer failed. "
+ "Didn't start with SOA answer.");
+ return (ISC_TRUE);
+ }
+ if ((!query->second_rr_rcvd) &&
+ (rdata.type != dns_rdatatype_soa)) {
+ query->second_rr_rcvd = ISC_TRUE;
+ query->second_rr_serial = 0;
+ debug("got the second rr as nonsoa");
+ goto next_rdata;
+ }
+
+ /*
+ * If the record is anything except an SOA
+ * now, just continue on...
+ */
+ if (rdata.type != dns_rdatatype_soa)
+ goto next_rdata;
+ /* Now we have an SOA. Work with it. */
+ debug("got an SOA");
+ result = dns_rdata_tostruct(&rdata, &soa, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ serial = soa.serial;
+ dns_rdata_freestruct(&soa);
+ if (!query->first_soa_rcvd) {
+ query->first_soa_rcvd = ISC_TRUE;
+ query->first_rr_serial = serial;
+ debug("this is the first %d",
+ query->lookup->ixfr_serial);
+ if (query->lookup->ixfr_serial >=
+ serial)
+ goto doexit;
+ goto next_rdata;
+ }
+ if (query->lookup->rdtype ==
+ dns_rdatatype_axfr) {
+ debug("doing axfr, got second SOA");
+ goto doexit;
+ }
+ if (!query->second_rr_rcvd) {
+ if (query->first_rr_serial == serial) {
+ debug("doing ixfr, got "
+ "empty zone");
+ goto doexit;
+ }
+ debug("this is the second %d",
+ query->lookup->ixfr_serial);
+ query->second_rr_rcvd = ISC_TRUE;
+ query->second_rr_serial = serial;
+ goto next_rdata;
+ }
+ if (query->second_rr_serial == 0) {
+ /*
+ * If the second RR was a non-SOA
+ * record, and we're getting any
+ * other SOA, then this is an
+ * AXFR, and we're done.
+ */
+ debug("done, since axfr");
+ goto doexit;
+ }
+ /*
+ * If we get to this point, we're doing an
+ * IXFR and have to start really looking
+ * at serial numbers.
+ */
+ if (query->first_rr_serial == serial) {
+ debug("got a match for ixfr");
+ if (!query->first_repeat_rcvd) {
+ query->first_repeat_rcvd =
+ ISC_TRUE;
+ goto next_rdata;
+ }
+ debug("done with ixfr");
+ goto doexit;
+ }
+ debug("meaningless soa %d", serial);
+ next_rdata:
+ result = dns_rdataset_next(rdataset);
+ } while (result == ISC_R_SUCCESS);
+ }
+ result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
+ } while (result == ISC_R_SUCCESS);
+ launch_next_query(query, ISC_FALSE);
+ return (ISC_FALSE);
+ doexit:
+ received(sevent->n, &sevent->address, query);
+ return (ISC_TRUE);
+}
+
+/*%
+ * Event handler for recv complete. Perform whatever actions are necessary,
+ * based on the specifics of the user's request.
+ */
+static void
+recv_done(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = NULL;
+ dig_query_t *query = NULL;
+ isc_buffer_t *b = NULL;
+ dns_message_t *msg = NULL;
+#ifdef DIG_SIGCHASE
+ dig_message_t *chase_msg = NULL;
+ dig_message_t *chase_msg2 = NULL;
+#endif
+ isc_result_t result;
+ dig_lookup_t *n, *l;
+ isc_boolean_t docancel = ISC_FALSE;
+ isc_boolean_t match = ISC_TRUE;
+ unsigned int parseflags;
+ dns_messageid_t id;
+ unsigned int msgflags;
+#ifdef DIG_SIGCHASE
+ isc_result_t do_sigchase = ISC_FALSE;
+
+ dns_message_t *msg_temp = NULL;
+ isc_region_t r;
+ isc_buffer_t *buf = NULL;
+#endif
+
+ UNUSED(task);
+ INSIST(!free_now);
+
+ debug("recv_done()");
+
+ LOCK_LOOKUP;
+ recvcount--;
+ debug("recvcount=%d", recvcount);
+ INSIST(recvcount >= 0);
+
+ query = event->ev_arg;
+ debug("lookup=%p, query=%p", query->lookup, query);
+
+ l = query->lookup;
+
+ REQUIRE(event->ev_type == ISC_SOCKEVENT_RECVDONE);
+ sevent = (isc_socketevent_t *)event;
+
+ b = ISC_LIST_HEAD(sevent->bufferlist);
+ INSIST(b == &query->recvbuf);
+ ISC_LIST_DEQUEUE(sevent->bufferlist, &query->recvbuf, link);
+
+ if ((l->tcp_mode) && (l->timer != NULL))
+ isc_timer_touch(l->timer);
+ if ((!l->pending && !l->ns_search_only) || cancel_now) {
+ debug("no longer pending. Got %s",
+ isc_result_totext(sevent->result));
+ query->waiting_connect = ISC_FALSE;
+
+ isc_event_free(&event);
+ clear_query(query);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+
+ if (sevent->result != ISC_R_SUCCESS) {
+ if (sevent->result == ISC_R_CANCELED) {
+ debug("in recv cancel handler");
+ query->waiting_connect = ISC_FALSE;
+ } else {
+ printf(";; communications error: %s\n",
+ isc_result_totext(sevent->result));
+ isc_socket_detach(&query->sock);
+ sockcount--;
+ debug("sockcount=%d", sockcount);
+ INSIST(sockcount >= 0);
+ }
+ isc_event_free(&event);
+ clear_query(query);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+
+ if (!l->tcp_mode &&
+ !isc_sockaddr_compare(&sevent->address, &query->sockaddr,
+ ISC_SOCKADDR_CMPADDR|
+ ISC_SOCKADDR_CMPPORT|
+ ISC_SOCKADDR_CMPSCOPE|
+ ISC_SOCKADDR_CMPSCOPEZERO)) {
+ char buf1[ISC_SOCKADDR_FORMATSIZE];
+ char buf2[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_t any;
+
+ if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
+ isc_sockaddr_any(&any);
+ else
+ isc_sockaddr_any6(&any);
+
+ /*
+ * We don't expect a match when the packet is
+ * sent to 0.0.0.0, :: or to a multicast addresses.
+ * XXXMPA broadcast needs to be handled here as well.
+ */
+ if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
+ !isc_sockaddr_ismulticast(&query->sockaddr)) ||
+ isc_sockaddr_getport(&query->sockaddr) !=
+ isc_sockaddr_getport(&sevent->address)) {
+ isc_sockaddr_format(&sevent->address, buf1,
+ sizeof(buf1));
+ isc_sockaddr_format(&query->sockaddr, buf2,
+ sizeof(buf2));
+ printf(";; reply from unexpected source: %s,"
+ " expected %s\n", buf1, buf2);
+ match = ISC_FALSE;
+ }
+ }
+
+ result = dns_message_peekheader(b, &id, &msgflags);
+ if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
+ match = ISC_FALSE;
+ if (l->tcp_mode) {
+ isc_boolean_t fail = ISC_TRUE;
+ if (result == ISC_R_SUCCESS) {
+ if (!query->first_soa_rcvd ||
+ query->warn_id)
+ printf(";; %s: ID mismatch: "
+ "expected ID %u, got %u\n",
+ query->first_soa_rcvd ?
+ "WARNING" : "ERROR",
+ l->sendmsg->id, id);
+ if (query->first_soa_rcvd)
+ fail = ISC_FALSE;
+ query->warn_id = ISC_FALSE;
+ } else
+ printf(";; ERROR: short "
+ "(< header size) message\n");
+ if (fail) {
+ isc_event_free(&event);
+ clear_query(query);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ match = ISC_TRUE;
+ } else if (result == ISC_R_SUCCESS)
+ printf(";; Warning: ID mismatch: "
+ "expected ID %u, got %u\n", l->sendmsg->id, id);
+ else
+ printf(";; Warning: short "
+ "(< header size) message received\n");
+ }
+
+ if (result == ISC_R_SUCCESS && (msgflags & DNS_MESSAGEFLAG_QR) == 0)
+ printf(";; Warning: query response not set\n");
+
+ if (!match) {
+ isc_buffer_invalidate(&query->recvbuf);
+ isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE);
+ ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link);
+ result = isc_socket_recvv(query->sock, &query->recvlist, 1,
+ global_task, recv_done, query);
+ check_result(result, "isc_socket_recvv");
+ recvcount++;
+ isc_event_free(&event);
+ UNLOCK_LOOKUP;
+ return;
+ }
+
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg);
+ check_result(result, "dns_message_create");
+
+ if (key != NULL) {
+ if (l->querysig == NULL) {
+ debug("getting initial querysig");
+ result = dns_message_getquerytsig(l->sendmsg, mctx,
+ &l->querysig);
+ check_result(result, "dns_message_getquerytsig");
+ }
+ result = dns_message_setquerytsig(msg, l->querysig);
+ check_result(result, "dns_message_setquerytsig");
+ result = dns_message_settsigkey(msg, key);
+ check_result(result, "dns_message_settsigkey");
+ msg->tsigctx = l->tsigctx;
+ l->tsigctx = NULL;
+ if (l->msgcounter != 0)
+ msg->tcp_continuation = 1;
+ l->msgcounter++;
+ }
+
+ debug("before parse starts");
+ parseflags = DNS_MESSAGEPARSE_PRESERVEORDER;
+#ifdef DIG_SIGCHASE
+ if (!l->sigchase) {
+ do_sigchase = ISC_FALSE;
+ } else {
+ parseflags = 0;
+ do_sigchase = ISC_TRUE;
+ }
+#endif
+ if (l->besteffort) {
+ parseflags |= DNS_MESSAGEPARSE_BESTEFFORT;
+ parseflags |= DNS_MESSAGEPARSE_IGNORETRUNCATION;
+ }
+ result = dns_message_parse(msg, b, parseflags);
+ if (result == DNS_R_RECOVERABLE) {
+ printf(";; Warning: Message parser reports malformed "
+ "message packet.\n");
+ result = ISC_R_SUCCESS;
+ }
+ if (result != ISC_R_SUCCESS) {
+ printf(";; Got bad packet: %s\n", isc_result_totext(result));
+ hex_dump(b);
+ query->waiting_connect = ISC_FALSE;
+ dns_message_destroy(&msg);
+ isc_event_free(&event);
+ clear_query(query);
+ cancel_lookup(l);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 &&
+ !l->ignore && !l->tcp_mode) {
+ printf(";; Truncated, retrying in TCP mode.\n");
+ n = requeue_lookup(l, ISC_TRUE);
+ n->tcp_mode = ISC_TRUE;
+ n->origin = query->lookup->origin;
+ dns_message_destroy(&msg);
+ isc_event_free(&event);
+ clear_query(query);
+ cancel_lookup(l);
+ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
+ (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
+ {
+ dig_query_t *next = ISC_LIST_NEXT(query, link);
+ if (l->current_query == query)
+ l->current_query = NULL;
+ if (next != NULL) {
+ debug("sending query %p\n", next);
+ if (l->tcp_mode)
+ send_tcp_connect(next);
+ else
+ send_udp(next);
+ }
+ /*
+ * If our query is at the head of the list and there
+ * is no next, we're the only one left, so fall
+ * through to print the message.
+ */
+ if ((ISC_LIST_HEAD(l->q) != query) ||
+ (ISC_LIST_NEXT(query, link) != NULL)) {
+ if( l->comments == ISC_TRUE )
+ printf(";; Got %s from %s, "
+ "trying next server\n",
+ msg->rcode == dns_rcode_servfail ?
+ "SERVFAIL reply" :
+ "recursion not available",
+ query->servname);
+ clear_query(query);
+ check_next_lookup(l);
+ dns_message_destroy(&msg);
+ isc_event_free(&event);
+ UNLOCK_LOOKUP;
+ return;
+ }
+ }
+
+ if (key != NULL) {
+ result = dns_tsig_verify(&query->recvbuf, msg, NULL, NULL);
+ if (result != ISC_R_SUCCESS) {
+ printf(";; Couldn't verify signature: %s\n",
+ isc_result_totext(result));
+ validated = ISC_FALSE;
+ }
+ l->tsigctx = msg->tsigctx;
+ msg->tsigctx = NULL;
+ if (l->querysig != NULL) {
+ debug("freeing querysig buffer %p", l->querysig);
+ isc_buffer_free(&l->querysig);
+ }
+ result = dns_message_getquerytsig(msg, mctx, &l->querysig);
+ check_result(result,"dns_message_getquerytsig");
+ }
+
+ extrabytes = isc_buffer_remaininglength(b);
+
+ debug("after parse");
+ if (l->doing_xfr && l->xfr_q == NULL) {
+ l->xfr_q = query;
+ /*
+ * Once we are in the XFR message, increase
+ * the timeout to much longer, so brief network
+ * outages won't cause the XFR to abort
+ */
+ if (timeout != INT_MAX && l->timer != NULL) {
+ unsigned int local_timeout;
+
+ if (timeout == 0) {
+ if (l->tcp_mode)
+ local_timeout = TCP_TIMEOUT * 4;
+ else
+ local_timeout = UDP_TIMEOUT * 4;
+ } else {
+ if (timeout < (INT_MAX / 4))
+ local_timeout = timeout * 4;
+ else
+ local_timeout = INT_MAX;
+ }
+ debug("have local timeout of %d", local_timeout);
+ isc_interval_set(&l->interval, local_timeout, 0);
+ result = isc_timer_reset(l->timer,
+ isc_timertype_once,
+ NULL,
+ &l->interval,
+ ISC_FALSE);
+ check_result(result, "isc_timer_reset");
+ }
+ }
+
+ if (!l->doing_xfr || l->xfr_q == query) {
+ if (msg->rcode != dns_rcode_noerror &&
+ (l->origin != NULL || l->need_search)) {
+ if (!next_origin(msg, query) || showsearch) {
+ printmessage(query, msg, ISC_TRUE);
+ received(b->used, &sevent->address, query);
+ }
+ } else if (!l->trace && !l->ns_search_only) {
+#ifdef DIG_SIGCHASE
+ if (!do_sigchase)
+#endif
+ printmessage(query, msg, ISC_TRUE);
+ } else if (l->trace) {
+ int n = 0;
+ int count = msg->counts[DNS_SECTION_ANSWER];
+
+ debug("in TRACE code");
+ if (!l->ns_search_only)
+ printmessage(query, msg, ISC_TRUE);
+
+ l->rdtype = l->qrdtype;
+ if (l->trace_root || (l->ns_search_only && count > 0)) {
+ if (!l->trace_root)
+ l->rdtype = dns_rdatatype_soa;
+ n = followup_lookup(msg, query,
+ DNS_SECTION_ANSWER);
+ l->trace_root = ISC_FALSE;
+ } else if (count == 0)
+ n = followup_lookup(msg, query,
+ DNS_SECTION_AUTHORITY);
+ if (n == 0)
+ docancel = ISC_TRUE;
+ } else {
+ debug("in NSSEARCH code");
+
+ if (l->trace_root) {
+ /*
+ * This is the initial NS query.
+ */
+ int n;
+
+ l->rdtype = dns_rdatatype_soa;
+ n = followup_lookup(msg, query,
+ DNS_SECTION_ANSWER);
+ if (n == 0)
+ docancel = ISC_TRUE;
+ l->trace_root = ISC_FALSE;
+ } else
+#ifdef DIG_SIGCHASE
+ if (!do_sigchase)
+#endif
+ printmessage(query, msg, ISC_TRUE);
+ }
+#ifdef DIG_SIGCHASE
+ if (do_sigchase) {
+ chase_msg = isc_mem_allocate(mctx,
+ sizeof(dig_message_t));
+ if (chase_msg == NULL) {
+ fatal("Memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ }
+ ISC_LIST_INITANDAPPEND(chase_message_list, chase_msg,
+ link);
+ if (dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE,
+ &msg_temp) != ISC_R_SUCCESS) {
+ fatal("dns_message_create in %s:%d",
+ __FILE__, __LINE__);
+ }
+
+ isc_buffer_usedregion(b, &r);
+ result = isc_buffer_allocate(mctx, &buf, r.length);
+
+ check_result(result, "isc_buffer_allocate");
+ result = isc_buffer_copyregion(buf, &r);
+ check_result(result, "isc_buffer_copyregion");
+
+ result = dns_message_parse(msg_temp, buf, 0);
+
+ isc_buffer_free(&buf);
+ chase_msg->msg = msg_temp;
+
+ chase_msg2 = isc_mem_allocate(mctx,
+ sizeof(dig_message_t));
+ if (chase_msg2 == NULL) {
+ fatal("Memory allocation failure in %s:%d",
+ __FILE__, __LINE__);
+ }
+ ISC_LIST_INITANDAPPEND(chase_message_list2, chase_msg2,
+ link);
+ chase_msg2->msg = msg;
+ }
+#endif
+ }
+
+#ifdef DIG_SIGCHASE
+ if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
+ sigchase(msg_temp);
+ }
+#endif
+
+ if (l->pending)
+ debug("still pending.");
+ if (l->doing_xfr) {
+ if (query != l->xfr_q) {
+ dns_message_destroy(&msg);
+ isc_event_free(&event);
+ query->waiting_connect = ISC_FALSE;
+ UNLOCK_LOOKUP;
+ return;
+ }
+ if (!docancel)
+ docancel = check_for_more_data(query, msg, sevent);
+ if (docancel) {
+ dns_message_destroy(&msg);
+ clear_query(query);
+ cancel_lookup(l);
+ check_next_lookup(l);
+ }
+ } else {
+
+ if (msg->rcode == dns_rcode_noerror || l->origin == NULL) {
+
+#ifdef DIG_SIGCHASE
+ if (!l->sigchase)
+#endif
+ received(b->used, &sevent->address, query);
+ }
+
+ if (!query->lookup->ns_search_only)
+ query->lookup->pending = ISC_FALSE;
+ if (!query->lookup->ns_search_only ||
+ query->lookup->trace_root || docancel) {
+#ifdef DIG_SIGCHASE
+ if (!do_sigchase)
+#endif
+ dns_message_destroy(&msg);
+
+ cancel_lookup(l);
+ }
+ clear_query(query);
+ check_next_lookup(l);
+ }
+ if (msg != NULL) {
+#ifdef DIG_SIGCHASE
+ if (do_sigchase)
+ msg = NULL;
+ else
+#endif
+ dns_message_destroy(&msg);
+ }
+ isc_event_free(&event);
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * Turn a name into an address, using system-supplied routines. This is
+ * used in looking up server names, etc... and needs to use system-supplied
+ * routines, since they may be using a non-DNS system for these lookups.
+ */
+void
+get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
+ int count;
+ isc_result_t result;
+
+ isc_app_block();
+ result = bind9_getaddresses(host, port, sockaddr, 1, &count);
+ isc_app_unblock();
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+ INSIST(count == 1);
+}
+
+/*%
+ * Initiate either a TCP or UDP lookup
+ */
+void
+do_lookup(dig_lookup_t *lookup) {
+
+ REQUIRE(lookup != NULL);
+
+ debug("do_lookup()");
+ lookup->pending = ISC_TRUE;
+ if (lookup->tcp_mode)
+ send_tcp_connect(ISC_LIST_HEAD(lookup->q));
+ else
+ send_udp(ISC_LIST_HEAD(lookup->q));
+}
+
+/*%
+ * Start everything in action upon task startup.
+ */
+void
+onrun_callback(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+
+ isc_event_free(&event);
+ LOCK_LOOKUP;
+ start_lookup();
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * Make everything on the lookup queue go away. Mainly used by the
+ * SIGINT handler.
+ */
+void
+cancel_all(void) {
+ dig_lookup_t *l, *n;
+ dig_query_t *q, *nq;
+
+ debug("cancel_all()");
+
+ LOCK_LOOKUP;
+ if (free_now) {
+ UNLOCK_LOOKUP;
+ return;
+ }
+ cancel_now = ISC_TRUE;
+ if (current_lookup != NULL) {
+ if (current_lookup->timer != NULL)
+ isc_timer_detach(&current_lookup->timer);
+ q = ISC_LIST_HEAD(current_lookup->q);
+ while (q != NULL) {
+ debug("cancelling query %p, belonging to %p",
+ q, current_lookup);
+ nq = ISC_LIST_NEXT(q, link);
+ if (q->sock != NULL) {
+ isc_socket_cancel(q->sock, NULL,
+ ISC_SOCKCANCEL_ALL);
+ } else {
+ clear_query(q);
+ }
+ q = nq;
+ }
+ }
+ l = ISC_LIST_HEAD(lookup_list);
+ while (l != NULL) {
+ n = ISC_LIST_NEXT(l, link);
+ ISC_LIST_DEQUEUE(lookup_list, l, link);
+ try_clear_lookup(l);
+ l = n;
+ }
+ UNLOCK_LOOKUP;
+}
+
+/*%
+ * Destroy all of the libs we are using, and get everything ready for a
+ * clean shutdown.
+ */
+void
+destroy_libs(void) {
+#ifdef DIG_SIGCHASE
+ void * ptr;
+ dig_message_t *chase_msg;
+#endif
+#ifdef WITH_IDN
+ isc_result_t result;
+#endif
+
+ debug("destroy_libs()");
+ if (global_task != NULL) {
+ debug("freeing task");
+ isc_task_detach(&global_task);
+ }
+ /*
+ * The taskmgr_destroy() call blocks until all events are cleared
+ * from the task.
+ */
+ if (taskmgr != NULL) {
+ debug("freeing taskmgr");
+ isc_taskmgr_destroy(&taskmgr);
+ }
+ LOCK_LOOKUP;
+ REQUIRE(sockcount == 0);
+ REQUIRE(recvcount == 0);
+ REQUIRE(sendcount == 0);
+
+ INSIST(ISC_LIST_HEAD(lookup_list) == NULL);
+ INSIST(current_lookup == NULL);
+ INSIST(!free_now);
+
+ free_now = ISC_TRUE;
+
+ lwres_conf_clear(lwctx);
+ lwres_context_destroy(&lwctx);
+
+ flush_server_list();
+
+ clear_searchlist();
+
+#ifdef WITH_IDN
+ result = dns_name_settotextfilter(NULL);
+ check_result(result, "dns_name_settotextfilter");
+#endif
+ dns_name_destroy();
+
+ if (commctx != NULL) {
+ debug("freeing commctx");
+ isc_mempool_destroy(&commctx);
+ }
+ if (socketmgr != NULL) {
+ debug("freeing socketmgr");
+ isc_socketmgr_destroy(&socketmgr);
+ }
+ if (timermgr != NULL) {
+ debug("freeing timermgr");
+ isc_timermgr_destroy(&timermgr);
+ }
+ if (key != NULL) {
+ debug("freeing key %p", key);
+ dns_tsigkey_detach(&key);
+ }
+ if (namebuf != NULL)
+ isc_buffer_free(&namebuf);
+
+ if (is_dst_up) {
+ debug("destroy DST lib");
+ dst_lib_destroy();
+ is_dst_up = ISC_FALSE;
+ }
+ if (entp != NULL) {
+ debug("detach from entropy");
+ isc_entropy_detach(&entp);
+ }
+
+ UNLOCK_LOOKUP;
+ DESTROYLOCK(&lookup_lock);
+#ifdef DIG_SIGCHASE
+
+ debug("Destroy the messages kept for sigchase");
+ /* Destroy the messages kept for sigchase */
+ chase_msg = ISC_LIST_HEAD(chase_message_list);
+
+ while (chase_msg != NULL) {
+ INSIST(chase_msg->msg != NULL);
+ dns_message_destroy(&(chase_msg->msg));
+ ptr = chase_msg;
+ chase_msg = ISC_LIST_NEXT(chase_msg, link);
+ isc_mem_free(mctx, ptr);
+ }
+
+ chase_msg = ISC_LIST_HEAD(chase_message_list2);
+
+ while (chase_msg != NULL) {
+ INSIST(chase_msg->msg != NULL);
+ dns_message_destroy(&(chase_msg->msg));
+ ptr = chase_msg;
+ chase_msg = ISC_LIST_NEXT(chase_msg, link);
+ isc_mem_free(mctx, ptr);
+ }
+ if (dns_name_dynamic(&chase_name))
+ free_name(&chase_name, mctx);
+#if DIG_SIGCHASE_TD
+ if (dns_name_dynamic(&chase_current_name))
+ free_name(&chase_current_name, mctx);
+ if (dns_name_dynamic(&chase_authority_name))
+ free_name(&chase_authority_name, mctx);
+#endif
+#if DIG_SIGCHASE_BU
+ if (dns_name_dynamic(&chase_signame))
+ free_name(&chase_signame, mctx);
+#endif
+
+ debug("Destroy memory");
+
+#endif
+ if (memdebugging != 0)
+ isc_mem_stats(mctx, stderr);
+ if (mctx != NULL)
+ isc_mem_destroy(&mctx);
+}
+
+#ifdef WITH_IDN
+static void
+initialize_idn(void) {
+ idn_result_t r;
+ isc_result_t result;
+
+#ifdef HAVE_SETLOCALE
+ /* Set locale */
+ (void)setlocale(LC_ALL, "");
+#endif
+ /* Create configuration context. */
+ r = idn_nameinit(1);
+ if (r != idn_success)
+ fatal("idn api initialization failed: %s",
+ idn_result_tostring(r));
+
+ /* Set domain name -> text post-conversion filter. */
+ result = dns_name_settotextfilter(output_filter);
+ check_result(result, "dns_name_settotextfilter");
+}
+
+static isc_result_t
+output_filter(isc_buffer_t *buffer, unsigned int used_org,
+ isc_boolean_t absolute)
+{
+ char tmp1[MAXDLEN], tmp2[MAXDLEN];
+ size_t fromlen, tolen;
+ isc_boolean_t end_with_dot;
+
+ /*
+ * Copy contents of 'buffer' to 'tmp1', supply trailing dot
+ * if 'absolute' is true, and terminate with NUL.
+ */
+ fromlen = isc_buffer_usedlength(buffer) - used_org;
+ if (fromlen >= MAXDLEN)
+ return (ISC_R_SUCCESS);
+ memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
+ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
+ if (absolute && !end_with_dot) {
+ fromlen++;
+ if (fromlen >= MAXDLEN)
+ return (ISC_R_SUCCESS);
+ tmp1[fromlen - 1] = '.';
+ }
+ tmp1[fromlen] = '\0';
+
+ /*
+ * Convert contents of 'tmp1' to local encoding.
+ */
+ if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success)
+ return (ISC_R_SUCCESS);
+ strcpy(tmp1, tmp2);
+
+ /*
+ * Copy the converted contents in 'tmp1' back to 'buffer'.
+ * If we have appended trailing dot, remove it.
+ */
+ tolen = strlen(tmp1);
+ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
+ tolen--;
+
+ if (isc_buffer_length(buffer) < used_org + tolen)
+ return (ISC_R_NOSPACE);
+
+ isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org);
+ memcpy(isc_buffer_used(buffer), tmp1, tolen);
+ isc_buffer_add(buffer, tolen);
+
+ return (ISC_R_SUCCESS);
+}
+
+static idn_result_t
+append_textname(char *name, const char *origin, size_t namesize) {
+ size_t namelen = strlen(name);
+ size_t originlen = strlen(origin);
+
+ /* Already absolute? */
+ if (namelen > 0 && name[namelen - 1] == '.')
+ return idn_success;
+
+ /* Append dot and origin */
+
+ if (namelen + 1 + originlen >= namesize)
+ return idn_buffer_overflow;
+
+ name[namelen++] = '.';
+ (void)strcpy(name + namelen, origin);
+ return idn_success;
+}
+
+static void
+idn_check_result(idn_result_t r, const char *msg) {
+ if (r != idn_success) {
+ exitcode = 1;
+ fatal("%s: %s", msg, idn_result_tostring(r));
+ }
+}
+#endif /* WITH_IDN */
+
+#ifdef DIG_SIGCHASE
+void
+print_type(dns_rdatatype_t type)
+{
+ isc_buffer_t * b = NULL;
+ isc_result_t result;
+ isc_region_t r;
+
+ result = isc_buffer_allocate(mctx, &b, 4000);
+ check_result(result, "isc_buffer_allocate");
+
+ result = dns_rdatatype_totext(type, b);
+ check_result(result, "print_type");
+
+ isc_buffer_usedregion(b, &r);
+ r.base[r.length] = '\0';
+
+ printf("%s", r.base);
+
+ isc_buffer_free(&b);
+}
+
+void
+dump_database_section(dns_message_t *msg, int section)
+{
+ dns_name_t *msg_name=NULL;
+
+ dns_rdataset_t *rdataset;
+
+ do {
+ dns_message_currentname(msg, section, &msg_name);
+
+ for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ dns_name_print(msg_name, stdout);
+ printf("\n");
+ print_rdataset(msg_name, rdataset, mctx);
+ printf("end\n");
+ }
+ msg_name = NULL;
+ } while (dns_message_nextname(msg, section) == ISC_R_SUCCESS);
+}
+
+void
+dump_database(void) {
+ dig_message_t * msg;
+
+ for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL;
+ msg = ISC_LIST_NEXT(msg, link)) {
+ if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
+ == ISC_R_SUCCESS)
+ dump_database_section(msg->msg, DNS_SECTION_ANSWER);
+
+ if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
+ == ISC_R_SUCCESS)
+ dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
+
+ if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
+ == ISC_R_SUCCESS)
+ dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
+ }
+}
+
+
+dns_rdataset_t *
+search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) {
+ dns_rdataset_t *rdataset;
+ dns_rdata_sig_t siginfo;
+ dns_rdata_t sigrdata = DNS_RDATA_INIT;
+ isc_result_t result;
+
+ for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ if (type == dns_rdatatype_any) {
+ if (rdataset->type != dns_rdatatype_rrsig)
+ return (rdataset);
+ } else if ((type == dns_rdatatype_rrsig) &&
+ (rdataset->type == dns_rdatatype_rrsig)) {
+ result = dns_rdataset_first(rdataset);
+ check_result(result, "empty rdataset");
+ dns_rdataset_current(rdataset, &sigrdata);
+ result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
+ check_result(result, "sigrdata tostruct siginfo");
+
+ if ((siginfo.covered == covers) ||
+ (covers == dns_rdatatype_any)) {
+ dns_rdata_reset(&sigrdata);
+ dns_rdata_freestruct(&siginfo);
+ return (rdataset);
+ }
+ dns_rdata_reset(&sigrdata);
+ dns_rdata_freestruct(&siginfo);
+ } else if (rdataset->type == type)
+ return (rdataset);
+ }
+ return (NULL);
+}
+
+dns_rdataset_t *
+chase_scanname_section(dns_message_t *msg, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers,
+ int section)
+{
+ dns_rdataset_t *rdataset;
+ dns_name_t *msg_name = NULL;
+
+ do {
+ dns_message_currentname(msg, section, &msg_name);
+ if (dns_name_compare(msg_name, name) == 0) {
+ rdataset = search_type(msg_name, type, covers);
+ if (rdataset != NULL)
+ return (rdataset);
+ }
+ msg_name = NULL;
+ } while (dns_message_nextname(msg, section) == ISC_R_SUCCESS);
+
+ return (NULL);
+}
+
+
+dns_rdataset_t *
+chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
+{
+ dns_rdataset_t *rdataset = NULL;
+ dig_message_t * msg;
+
+ for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL;
+ msg = ISC_LIST_NEXT(msg, link)) {
+ if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
+ == ISC_R_SUCCESS)
+ rdataset = chase_scanname_section(msg->msg, name,
+ type, covers,
+ DNS_SECTION_ANSWER);
+ if (rdataset != NULL)
+ return (rdataset);
+ if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
+ == ISC_R_SUCCESS)
+ rdataset =
+ chase_scanname_section(msg->msg, name,
+ type, covers,
+ DNS_SECTION_AUTHORITY);
+ if (rdataset != NULL)
+ return (rdataset);
+ if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
+ == ISC_R_SUCCESS)
+ rdataset =
+ chase_scanname_section(msg->msg, name, type,
+ covers,
+ DNS_SECTION_ADDITIONAL);
+ if (rdataset != NULL)
+ return (rdataset);
+ }
+
+ return (NULL);
+}
+
+dns_rdataset_t *
+sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
+ isc_boolean_t * lookedup, dns_name_t *rdata_name)
+{
+ dig_lookup_t *lookup;
+ isc_buffer_t *b = NULL;
+ isc_region_t r;
+ isc_result_t result;
+ dns_rdataset_t * temp;
+ dns_rdatatype_t querytype;
+
+ temp = chase_scanname(rdata_name, type, covers);
+ if (temp != NULL)
+ return (temp);
+
+ if (*lookedup == ISC_TRUE)
+ return (NULL);
+
+ lookup = clone_lookup(current_lookup, ISC_TRUE);
+ lookup->trace_root = ISC_FALSE;
+ lookup->new_search = ISC_TRUE;
+
+ result = isc_buffer_allocate(mctx, &b, BUFSIZE);
+ check_result(result, "isc_buffer_allocate");
+ result = dns_name_totext(rdata_name, ISC_FALSE, b);
+ check_result(result, "dns_name_totext");
+ isc_buffer_usedregion(b, &r);
+ r.base[r.length] = '\0';
+ strcpy(lookup->textname, (char*)r.base);
+ isc_buffer_free(&b);
+
+ if (type == dns_rdatatype_rrsig)
+ querytype = covers;
+ else
+ querytype = type;
+
+ if (querytype == 0 || querytype == 255) {
+ printf("Error in the queried type: %d\n", querytype);
+ return (NULL);
+ }
+
+ lookup->rdtype = querytype;
+ lookup->rdtypeset = ISC_TRUE;
+ lookup->qrdtype = querytype;
+ *lookedup = ISC_TRUE;
+
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ printf("\n\nLaunch a query to find a RRset of type ");
+ print_type(type);
+ printf(" for zone: %s\n", lookup->textname);
+ return (NULL);
+}
+
+void
+insert_trustedkey(dst_key_t * key)
+{
+ if (key == NULL)
+ return;
+ if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
+ return;
+
+ tk_list.key[tk_list.nb_tk++] = key;
+ return;
+}
+
+void
+clean_trustedkey()
+{
+ int i = 0;
+
+ for (i= 0; i < MAX_TRUSTED_KEY; i++) {
+ if (tk_list.key[i] != NULL) {
+ dst_key_free(&tk_list.key[i]);
+ tk_list.key[i] = NULL;
+ } else
+ break;
+ }
+ tk_list.nb_tk = 0;
+ return;
+}
+
+char alphnum[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+isc_result_t
+removetmpkey(isc_mem_t *mctx, const char *file)
+{
+ char *tempnamekey = NULL;
+ int tempnamekeylen;
+ isc_result_t result;
+
+ tempnamekeylen = strlen(file)+10;
+
+ tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
+ if (tempnamekey == NULL)
+ return (ISC_R_NOMEMORY);
+
+ memset(tempnamekey, 0, tempnamekeylen);
+
+ strcat(tempnamekey, file);
+ strcat(tempnamekey,".key");
+ isc_file_remove(tempnamekey);
+
+ result = isc_file_remove(tempnamekey);
+ isc_mem_free(mctx, tempnamekey);
+ return (result);
+}
+
+isc_result_t
+opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
+ FILE *f = NULL;
+ isc_result_t result;
+ char *tempname = NULL;
+ char *tempnamekey = NULL;
+ int tempnamelen;
+ int tempnamekeylen;
+ char *x;
+ char *cp;
+ isc_uint32_t which;
+
+ while (1) {
+ tempnamelen = strlen(file) + 20;
+ tempname = isc_mem_allocate(mctx, tempnamelen);
+ if (tempname == NULL)
+ return (ISC_R_NOMEMORY);
+ memset(tempname, 0, tempnamelen);
+
+ result = isc_file_mktemplate(file, tempname, tempnamelen);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ cp = tempname;
+ while (*cp != '\0')
+ cp++;
+ if (cp == tempname) {
+ isc_mem_free(mctx, tempname);
+ return (ISC_R_FAILURE);
+ }
+
+ x = cp--;
+ while (cp >= tempname && *cp == 'X') {
+ isc_random_get(&which);
+ *cp = alphnum[which % (sizeof(alphnum) - 1)];
+ x = cp--;
+ }
+
+ tempnamekeylen = tempnamelen+5;
+ tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
+ if (tempnamekey == NULL)
+ return (ISC_R_NOMEMORY);
+
+ memset(tempnamekey, 0, tempnamekeylen);
+ strncpy(tempnamekey, tempname, tempnamelen);
+ strcat(tempnamekey ,".key");
+
+
+ if (isc_file_exists(tempnamekey)) {
+ isc_mem_free(mctx, tempnamekey);
+ isc_mem_free(mctx, tempname);
+ continue;
+ }
+
+ if ((f = fopen(tempnamekey, "w")) == NULL) {
+ printf("get_trusted_key(): trusted key not found %s\n",
+ tempnamekey);
+ return (ISC_R_FAILURE);
+ }
+ break;
+ }
+ isc_mem_free(mctx, tempnamekey);
+ *tempp = tempname;
+ *fp = f;
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ isc_mem_free(mctx, tempname);
+
+ return (result);
+}
+
+
+isc_result_t
+get_trusted_key(isc_mem_t *mctx)
+{
+ isc_result_t result;
+ const char *filename = NULL;
+ char *filetemp = NULL;
+ char buf[1500];
+ FILE *fp, *fptemp;
+ dst_key_t *key = NULL;
+
+ result = isc_file_exists(trustedkey);
+ if (result != ISC_TRUE) {
+ result = isc_file_exists("/etc/trusted-key.key");
+ if (result != ISC_TRUE) {
+ result = isc_file_exists("./trusted-key.key");
+ if (result != ISC_TRUE)
+ return (ISC_R_FAILURE);
+ else
+ filename = "./trusted-key.key";
+ } else
+ filename = "/etc/trusted-key.key";
+ } else
+ filename = trustedkey;
+
+ if (filename == NULL) {
+ printf("No trusted key\n");
+ return (ISC_R_FAILURE);
+ }
+
+ if ((fp = fopen(filename, "r")) == NULL) {
+ printf("get_trusted_key(): trusted key not found %s\n",
+ filename);
+ return (ISC_R_FAILURE);
+ }
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
+ result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
+ if (result != ISC_R_SUCCESS) {
+ fclose(fp);
+ return (ISC_R_FAILURE);
+ }
+ if (fputs(buf, fptemp) < 0) {
+ fclose(fp);
+ fclose(fptemp);
+ return (ISC_R_FAILURE);
+ }
+ fclose(fptemp);
+ result = dst_key_fromnamedfile(filetemp, DST_TYPE_PUBLIC,
+ mctx, &key);
+ removetmpkey(mctx, filetemp);
+ isc_mem_free(mctx, filetemp);
+ if (result != ISC_R_SUCCESS) {
+ fclose(fp);
+ return (ISC_R_FAILURE);
+ }
+ insert_trustedkey(key);
+#if 0
+ dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
+#endif
+ key = NULL;
+ }
+ return (ISC_R_SUCCESS);
+}
+
+
+static void
+nameFromString(const char *str, dns_name_t *p_ret) {
+ size_t len = strlen(str);
+ isc_result_t result;
+ isc_buffer_t buffer;
+ dns_fixedname_t fixedname;
+
+ REQUIRE(p_ret != NULL);
+ REQUIRE(str != NULL);
+
+ isc_buffer_init(&buffer, str, len);
+ isc_buffer_add(&buffer, len);
+
+ dns_fixedname_init(&fixedname);
+ result = dns_name_fromtext(dns_fixedname_name(&fixedname), &buffer,
+ dns_rootname, ISC_TRUE, NULL);
+ check_result(result, "nameFromString");
+
+ if (dns_name_dynamic(p_ret))
+ free_name(p_ret, mctx);
+
+ result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
+ check_result(result, "nameFromString");
+}
+
+
+#if DIG_SIGCHASE_TD
+isc_result_t
+prepare_lookup(dns_name_t *name)
+{
+ isc_result_t result;
+ dig_lookup_t *lookup = NULL;
+ dig_server_t *s;
+ void *ptr;
+
+ lookup = clone_lookup(current_lookup, ISC_TRUE);
+ lookup->trace_root = ISC_FALSE;
+ lookup->new_search = ISC_TRUE;
+ lookup->trace_root_sigchase = ISC_FALSE;
+
+ strncpy(lookup->textname, lookup->textnamesigchase, MXNAME);
+
+ lookup->rdtype = lookup->rdtype_sigchase;
+ lookup->rdtypeset = ISC_TRUE;
+ lookup->qrdtype = lookup->qrdtype_sigchase;
+
+ s = ISC_LIST_HEAD(lookup->my_server_list);
+ while (s != NULL) {
+ debug("freeing server %p belonging to %p",
+ s, lookup);
+ ptr = s;
+ s = ISC_LIST_NEXT(s, link);
+ ISC_LIST_DEQUEUE(lookup->my_server_list,
+ (dig_server_t *)ptr, link);
+ isc_mem_free(mctx, ptr);
+ }
+
+
+ for (result = dns_rdataset_first(chase_nsrdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(chase_nsrdataset)) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_rdata_ns_t ns;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dig_server_t * srv = NULL;
+#define __FOLLOW_GLUE__
+#ifdef __FOLLOW_GLUE__
+ isc_buffer_t *b = NULL;
+ isc_result_t result;
+ isc_region_t r;
+ dns_rdataset_t *rdataset = NULL;
+ isc_boolean_t true = ISC_TRUE;
+#endif
+
+ memset(namestr, 0, DNS_NAME_FORMATSIZE);
+
+ dns_rdataset_current(chase_nsrdataset, &rdata);
+
+ result = dns_rdata_tostruct(&rdata, &ns, NULL);
+ check_result(result, "dns_rdata_tostruct");
+
+#ifdef __FOLLOW_GLUE__
+
+ result = advanced_rrsearch(&rdataset, &ns.name,
+ dns_rdatatype_aaaa,
+ dns_rdatatype_any, &true);
+ if (result == ISC_R_SUCCESS) {
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset)) {
+ dns_rdata_t aaaa = DNS_RDATA_INIT;
+ dns_rdataset_current(rdataset, &aaaa);
+
+ result = isc_buffer_allocate(mctx, &b, 80);
+ check_result(result, "isc_buffer_allocate");
+
+ dns_rdata_totext(&aaaa, &ns.name, b);
+ isc_buffer_usedregion(b, &r);
+ r.base[r.length] = '\0';
+ strncpy(namestr, (char*)r.base,
+ DNS_NAME_FORMATSIZE);
+ isc_buffer_free(&b);
+ dns_rdata_reset(&aaaa);
+
+
+ srv = make_server(namestr, namestr);
+
+ ISC_LIST_APPEND(lookup->my_server_list,
+ srv, link);
+ }
+ }
+
+ rdataset = NULL;
+ result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a,
+ dns_rdatatype_any, &true);
+ if (result == ISC_R_SUCCESS) {
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset)) {
+ dns_rdata_t a = DNS_RDATA_INIT;
+ dns_rdataset_current(rdataset, &a);
+
+ result = isc_buffer_allocate(mctx, &b, 80);
+ check_result(result, "isc_buffer_allocate");
+
+ dns_rdata_totext(&a, &ns.name, b);
+ isc_buffer_usedregion(b, &r);
+ r.base[r.length] = '\0';
+ strncpy(namestr, (char*)r.base,
+ DNS_NAME_FORMATSIZE);
+ isc_buffer_free(&b);
+ dns_rdata_reset(&a);
+ printf("ns name: %s\n", namestr);
+
+
+ srv = make_server(namestr, namestr);
+
+ ISC_LIST_APPEND(lookup->my_server_list,
+ srv, link);
+ }
+ }
+#else
+
+ dns_name_format(&ns.name, namestr, sizeof(namestr));
+ printf("ns name: ");
+ dns_name_print(&ns.name, stdout);
+ printf("\n");
+ srv = make_server(namestr, namestr);
+
+ ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+
+#endif
+ dns_rdata_freestruct(&ns);
+ dns_rdata_reset(&rdata);
+
+ }
+
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ printf("\nLaunch a query to find a RRset of type ");
+ print_type(lookup->rdtype);
+ printf(" for zone: %s", lookup->textname);
+ printf(" with nameservers:");
+ printf("\n");
+ print_rdataset(name, chase_nsrdataset, mctx);
+ return (ISC_R_SUCCESS);
+}
+
+
+isc_result_t
+child_of_zone(dns_name_t * name, dns_name_t * zone_name,
+ dns_name_t * child_name)
+{
+ dns_namereln_t name_reln;
+ int orderp;
+ unsigned int nlabelsp;
+
+ name_reln = dns_name_fullcompare(name, zone_name, &orderp, &nlabelsp);
+ if (name_reln != dns_namereln_subdomain ||
+ dns_name_countlabels(name) <= dns_name_countlabels(zone_name) + 1) {
+ printf("\n;; ERROR : ");
+ dns_name_print(name, stdout);
+ printf(" is not a subdomain of: ");
+ dns_name_print(zone_name, stdout);
+ printf(" FAILED\n\n");
+ return (ISC_R_FAILURE);
+ }
+
+ dns_name_getlabelsequence(name,
+ dns_name_countlabels(name) -
+ dns_name_countlabels(zone_name) -1,
+ dns_name_countlabels(zone_name) +1,
+ child_name);
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
+{
+ isc_result_t result;
+ dns_rdata_t sigrdata = DNS_RDATA_INIT;
+ dns_rdata_sig_t siginfo;
+
+ result = dns_rdataset_first(sigrdataset);
+ check_result(result, "empty RRSIG dataset");
+ dns_rdata_init(&sigrdata);
+
+ do {
+ dns_rdataset_current(sigrdataset, &sigrdata);
+
+ result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
+ check_result(result, "sigrdata tostruct siginfo");
+
+ if (dns_name_compare(&siginfo.signer, zone_name) == 0) {
+ dns_rdata_freestruct(&siginfo);
+ dns_rdata_reset(&sigrdata);
+ return (ISC_R_SUCCESS);
+ }
+
+ dns_rdata_freestruct(&siginfo);
+ dns_rdata_reset(&sigrdata);
+
+ } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
+
+ dns_rdata_reset(&sigrdata);
+
+ return (ISC_R_FAILURE);
+}
+
+
+isc_result_t
+initialization(dns_name_t *name)
+{
+ isc_result_t result;
+ isc_boolean_t true = ISC_TRUE;
+
+ chase_nsrdataset = NULL;
+ result = advanced_rrsearch(&chase_nsrdataset, name, dns_rdatatype_ns,
+ dns_rdatatype_any, &true);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; NS RRset is missing to continue validation:"
+ " FAILED\n\n");
+ return (ISC_R_FAILURE);
+ }
+ INSIST(chase_nsrdataset != NULL);
+ prepare_lookup(name);
+
+ dup_name(name, &chase_current_name, mctx);
+
+ return (ISC_R_SUCCESS);
+}
+#endif
+
+void
+print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
+{
+ isc_buffer_t *b = NULL;
+ isc_result_t result;
+ isc_region_t r;
+
+ result = isc_buffer_allocate(mctx, &b, 9000);
+ check_result(result, "isc_buffer_allocate");
+
+ printrdataset(name, rdataset, b);
+
+ isc_buffer_usedregion(b, &r);
+ r.base[r.length] = '\0';
+
+
+ printf("%s\n", r.base);
+
+ isc_buffer_free(&b);
+}
+
+
+void
+dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
+ isc_result_t result;
+
+ if (dns_name_dynamic(target))
+ free_name(target, mctx);
+ result = dns_name_dup(source, mctx, target);
+ check_result(result, "dns_name_dup");
+}
+
+void
+free_name(dns_name_t *name, isc_mem_t *mctx) {
+ dns_name_free(name, mctx);
+ dns_name_init(name, NULL);
+}
+
+/*
+ *
+ * take a DNSKEY RRset and the RRSIG RRset corresponding in parameter
+ * return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key
+ * and the RRset is valid
+ * return ISC_R_NOTFOUND if not contains trusted key
+ or if the RRset isn't valid
+ * return ISC_R_FAILURE if problem
+ *
+ */
+isc_result_t
+contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
+ dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx)
+{
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dst_key_t *trustedKey = NULL;
+ dst_key_t *dnsseckey = NULL;
+ int i;
+
+ if (name == NULL || rdataset == NULL)
+ return (ISC_R_FAILURE);
+
+ result = dns_rdataset_first(rdataset);
+ check_result(result, "empty rdataset");
+
+ do {
+ dns_rdataset_current(rdataset, &rdata);
+ INSIST(rdata.type == dns_rdatatype_dnskey);
+
+ result = dns_dnssec_keyfromrdata(name, &rdata,
+ mctx, &dnsseckey);
+ check_result(result, "dns_dnssec_keyfromrdata");
+
+
+ for (i = 0; i < tk_list.nb_tk; i++) {
+ if (dst_key_compare(tk_list.key[i], dnsseckey)
+ == ISC_TRUE) {
+ dns_rdata_reset(&rdata);
+
+ printf(";; Ok, find a Trusted Key in the "
+ "DNSKEY RRset: %d\n",
+ dst_key_id(dnsseckey));
+ if (sigchase_verify_sig_key(name, rdataset,
+ dnsseckey,
+ sigrdataset,
+ mctx)
+ == ISC_R_SUCCESS) {
+ dst_key_free(&dnsseckey);
+ dnsseckey = NULL;
+ return (ISC_R_SUCCESS);
+ }
+ }
+ }
+
+ dns_rdata_reset(&rdata);
+ if (dnsseckey != NULL)
+ dst_key_free(&dnsseckey);
+ } while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS);
+
+ if (trustedKey != NULL)
+ dst_key_free(&trustedKey);
+ trustedKey = NULL;
+
+ return (ISC_R_NOTFOUND);
+}
+
+isc_result_t
+sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
+ dns_rdataset_t *keyrdataset,
+ dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx)
+{
+ isc_result_t result;
+ dns_rdata_t keyrdata = DNS_RDATA_INIT;
+ dst_key_t *dnsseckey = NULL;
+
+ result = dns_rdataset_first(keyrdataset);
+ check_result(result, "empty DNSKEY dataset");
+ dns_rdata_init(&keyrdata);
+
+ do {
+ dns_rdataset_current(keyrdataset, &keyrdata);
+ INSIST(keyrdata.type == dns_rdatatype_dnskey);
+
+ result = dns_dnssec_keyfromrdata(name, &keyrdata,
+ mctx, &dnsseckey);
+ check_result(result, "dns_dnssec_keyfromrdata");
+
+ result = sigchase_verify_sig_key(name, rdataset, dnsseckey,
+ sigrdataset, mctx);
+ if (result == ISC_R_SUCCESS) {
+ dns_rdata_reset(&keyrdata);
+ dst_key_free(&dnsseckey);
+ return (ISC_R_SUCCESS);
+ }
+ dst_key_free(&dnsseckey);
+ dns_rdata_reset(&keyrdata);
+ } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
+
+ dns_rdata_reset(&keyrdata);
+
+ return (ISC_R_NOTFOUND);
+}
+
+isc_result_t
+sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
+ dst_key_t *dnsseckey, dns_rdataset_t *sigrdataset,
+ isc_mem_t *mctx)
+{
+ isc_result_t result;
+ dns_rdata_t sigrdata = DNS_RDATA_INIT;
+ dns_rdata_sig_t siginfo;
+
+ result = dns_rdataset_first(sigrdataset);
+ check_result(result, "empty RRSIG dataset");
+ dns_rdata_init(&sigrdata);
+
+ do {
+ dns_rdataset_current(sigrdataset, &sigrdata);
+
+ result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
+ check_result(result, "sigrdata tostruct siginfo");
+
+ /*
+ * Test if the id of the DNSKEY is
+ * the id of the DNSKEY signer's
+ */
+ if (siginfo.keyid == dst_key_id(dnsseckey)) {
+
+ result = dns_rdataset_first(rdataset);
+ check_result(result, "empty DS dataset");
+
+ result = dns_dnssec_verify(name, rdataset, dnsseckey,
+ ISC_FALSE, mctx, &sigrdata);
+
+ printf(";; VERIFYING ");
+ print_type(rdataset->type);
+ printf(" RRset for ");
+ dns_name_print(name, stdout);
+ printf(" with DNSKEY:%d: %s\n", dst_key_id(dnsseckey),
+ isc_result_totext(result));
+
+ if (result == ISC_R_SUCCESS) {
+ dns_rdata_reset(&sigrdata);
+ return (result);
+ }
+ }
+ dns_rdata_freestruct(&siginfo);
+ dns_rdata_reset(&sigrdata);
+
+ } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
+
+ dns_rdata_reset(&sigrdata);
+
+ return (ISC_R_NOTFOUND);
+}
+
+
+isc_result_t
+sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
+ dns_rdataset_t *dsrdataset, isc_mem_t *mctx)
+{
+ isc_result_t result;
+ dns_rdata_t keyrdata = DNS_RDATA_INIT;
+ dns_rdata_t newdsrdata = DNS_RDATA_INIT;
+ dns_rdata_t dsrdata = DNS_RDATA_INIT;
+ dns_rdata_ds_t dsinfo;
+ dst_key_t *dnsseckey = NULL;
+ unsigned char dsbuf[DNS_DS_BUFFERSIZE];
+
+ result = dns_rdataset_first(dsrdataset);
+ check_result(result, "empty DSset dataset");
+ do {
+ dns_rdataset_current(dsrdataset, &dsrdata);
+
+ result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL);
+ check_result(result, "dns_rdata_tostruct for DS");
+
+ result = dns_rdataset_first(keyrdataset);
+ check_result(result, "empty KEY dataset");
+
+ do {
+ dns_rdataset_current(keyrdataset, &keyrdata);
+ INSIST(keyrdata.type == dns_rdatatype_dnskey);
+
+ result = dns_dnssec_keyfromrdata(name, &keyrdata,
+ mctx, &dnsseckey);
+ check_result(result, "dns_dnssec_keyfromrdata");
+
+ /*
+ * Test if the id of the DNSKEY is the
+ * id of DNSKEY referenced by the DS
+ */
+ if (dsinfo.key_tag == dst_key_id(dnsseckey)) {
+
+ result = dns_ds_buildrdata(name, &keyrdata,
+ dsinfo.digest_type,
+ dsbuf, &newdsrdata);
+ dns_rdata_freestruct(&dsinfo);
+
+ if (result != ISC_R_SUCCESS) {
+ dns_rdata_reset(&keyrdata);
+ dns_rdata_reset(&newdsrdata);
+ dns_rdata_reset(&dsrdata);
+ dst_key_free(&dnsseckey);
+ dns_rdata_freestruct(&dsinfo);
+ printf("Oops: impossible to build"
+ " new DS rdata\n");
+ return (result);
+ }
+
+
+ if (dns_rdata_compare(&dsrdata,
+ &newdsrdata) == 0) {
+ printf(";; OK a DS valids a DNSKEY"
+ " in the RRset\n");
+ printf(";; Now verify that this"
+ " DNSKEY validates the "
+ "DNSKEY RRset\n");
+
+ result = sigchase_verify_sig_key(name,
+ keyrdataset,
+ dnsseckey,
+ chase_sigkeyrdataset,
+ mctx);
+ if (result == ISC_R_SUCCESS) {
+ dns_rdata_reset(&keyrdata);
+ dns_rdata_reset(&newdsrdata);
+ dns_rdata_reset(&dsrdata);
+ dst_key_free(&dnsseckey);
+
+ return (result);
+ }
+ } else {
+ printf(";; This DS is NOT the DS for"
+ " the chasing KEY: FAILED\n");
+ }
+
+ dns_rdata_reset(&newdsrdata);
+ }
+ dst_key_free(&dnsseckey);
+ dns_rdata_reset(&keyrdata);
+ dnsseckey = NULL;
+ } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
+ dns_rdata_reset(&dsrdata);
+
+ } while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS);
+
+ dns_rdata_reset(&keyrdata);
+ dns_rdata_reset(&newdsrdata);
+ dns_rdata_reset(&dsrdata);
+
+ return (ISC_R_NOTFOUND);
+}
+
+/*
+ *
+ * take a pointer on a rdataset in parameter and try to resolv it.
+ * the searched rrset is a rrset on 'name' with type 'type'
+ * (and if the type is a rrsig the signature cover 'covers').
+ * the lookedup is to known if you have already done the query on the net.
+ * ISC_R_SUCCESS: if we found the rrset
+ * ISC_R_NOTFOUND: we do not found the rrset in cache
+ * and we do a query on the net
+ * ISC_R_FAILURE: rrset not found
+ */
+isc_result_t
+advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers,
+ isc_boolean_t *lookedup)
+{
+ isc_boolean_t tmplookedup;
+
+ INSIST(rdataset != NULL);
+
+ if (*rdataset != NULL)
+ return (ISC_R_SUCCESS);
+
+ tmplookedup = *lookedup;
+ if ((*rdataset = sigchase_scanname(type, covers,
+ lookedup, name)) == NULL) {
+ if (tmplookedup)
+ return (ISC_R_FAILURE);
+ return (ISC_R_NOTFOUND);
+ }
+ *lookedup = ISC_FALSE;
+ return (ISC_R_SUCCESS);
+}
+
+
+
+#if DIG_SIGCHASE_TD
+void
+sigchase_td(dns_message_t *msg)
+{
+ isc_result_t result;
+ dns_name_t *name = NULL;
+ isc_boolean_t have_answer = ISC_FALSE;
+ isc_boolean_t true = ISC_TRUE;
+
+ if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
+ == ISC_R_SUCCESS) {
+ dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
+ if (current_lookup->trace_root_sigchase) {
+ initialization(name);
+ return;
+ }
+ have_answer = true;
+ } else {
+ if (!current_lookup->trace_root_sigchase) {
+ result = dns_message_firstname(msg,
+ DNS_SECTION_AUTHORITY);
+ if (result == ISC_R_SUCCESS)
+ dns_message_currentname(msg,
+ DNS_SECTION_AUTHORITY,
+ &name);
+ chase_nsrdataset
+ = chase_scanname_section(msg, name,
+ dns_rdatatype_ns,
+ dns_rdatatype_any,
+ DNS_SECTION_AUTHORITY);
+ dup_name(name, &chase_authority_name, mctx);
+ if (chase_nsrdataset != NULL) {
+ have_delegation_ns = ISC_TRUE;
+ printf("no response but there is a delegation"
+ " in authority section:");
+ dns_name_print(name, stdout);
+ printf("\n");
+ } else {
+ printf("no response and no delegation in "
+ "authority section but a reference"
+ " to: ");
+ dns_name_print(name, stdout);
+ printf("\n");
+ error_message = msg;
+ }
+ } else {
+ printf(";; NO ANSWERS: %s\n",
+ isc_result_totext(result));
+ free_name(&chase_name, mctx);
+ clean_trustedkey();
+ return;
+ }
+ }
+
+
+ if (have_answer) {
+ chase_rdataset
+ = chase_scanname_section(msg, &chase_name,
+ current_lookup
+ ->rdtype_sigchase,
+ dns_rdatatype_any,
+ DNS_SECTION_ANSWER);
+ if (chase_rdataset != NULL)
+ have_response = ISC_TRUE;
+ }
+
+ result = advanced_rrsearch(&chase_keyrdataset,
+ &chase_current_name,
+ dns_rdatatype_dnskey,
+ dns_rdatatype_any,
+ &chase_keylookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; DNSKEY is missing to continue validation:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ if (result == ISC_R_NOTFOUND)
+ return;
+ INSIST(chase_keyrdataset != NULL);
+ printf("\n;; DNSKEYset:\n");
+ print_rdataset(&chase_current_name , chase_keyrdataset, mctx);
+
+
+ result = advanced_rrsearch(&chase_sigkeyrdataset,
+ &chase_current_name,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_dnskey,
+ &chase_sigkeylookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; RRSIG of DNSKEY is missing to continue validation:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ if (result == ISC_R_NOTFOUND)
+ return;
+ INSIST(chase_sigkeyrdataset != NULL);
+ printf("\n;; RRSIG of the DNSKEYset:\n");
+ print_rdataset(&chase_current_name , chase_sigkeyrdataset, mctx);
+
+
+ if (!chase_dslookedup && !chase_nslookedup) {
+ if (!delegation_follow) {
+ result = contains_trusted_key(&chase_current_name,
+ chase_keyrdataset,
+ chase_sigkeyrdataset,
+ mctx);
+ } else {
+ INSIST(chase_dsrdataset != NULL);
+ INSIST(chase_sigdsrdataset != NULL);
+ result = sigchase_verify_ds(&chase_current_name,
+ chase_keyrdataset,
+ chase_dsrdataset,
+ mctx);
+ }
+
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; chain of trust can't be validated:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ } else {
+ chase_dsrdataset = NULL;
+ chase_sigdsrdataset = NULL;
+ }
+ }
+
+ if (have_response || (!have_delegation_ns && !have_response)) {
+ /* test if it's a grand father case */
+
+ if (have_response) {
+ result = advanced_rrsearch(&chase_sigrdataset,
+ &chase_name,
+ dns_rdatatype_rrsig,
+ current_lookup
+ ->rdtype_sigchase,
+ &true);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; RRset is missing to continue"
+ " validation SHOULD NOT APPEND:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+
+ } else {
+ result = advanced_rrsearch(&chase_sigrdataset,
+ &chase_authority_name,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_any,
+ &true);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; RRSIG is missing to continue"
+ " validation SHOULD NOT APPEND:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ }
+ result = grandfather_pb_test(&chase_current_name,
+ chase_sigrdataset);
+ if (result != ISC_R_SUCCESS) {
+ dns_name_t tmp_name;
+
+ printf("\n;; We are in a Grand Father Problem:"
+ " See 2.2.1 in RFC 3568\n");
+ chase_rdataset = NULL;
+ chase_sigrdataset = NULL;
+ have_response = ISC_FALSE;
+ have_delegation_ns = ISC_FALSE;
+
+ dns_name_init(&tmp_name, NULL);
+ result = child_of_zone(&chase_name, &chase_current_name,
+ &tmp_name);
+ if (dns_name_dynamic(&chase_authority_name))
+ free_name(&chase_authority_name, mctx);
+ dup_name(&tmp_name, &chase_authority_name, mctx);
+ printf(";; and we try to continue chain of trust"
+ " validation of the zone: ");
+ dns_name_print(&chase_authority_name, stdout);
+ printf("\n");
+ have_delegation_ns = ISC_TRUE;
+ } else {
+ if (have_response)
+ goto finalstep;
+ else
+ chase_sigrdataset = NULL;
+ }
+ }
+
+ if (have_delegation_ns) {
+ chase_nsrdataset = NULL;
+ result = advanced_rrsearch(&chase_nsrdataset,
+ &chase_authority_name,
+ dns_rdatatype_ns,
+ dns_rdatatype_any,
+ &chase_nslookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;;NSset is missing to continue validation:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ if (result == ISC_R_NOTFOUND) {
+ return;
+ }
+ INSIST(chase_nsrdataset != NULL);
+
+ result = advanced_rrsearch(&chase_dsrdataset,
+ &chase_authority_name,
+ dns_rdatatype_ds,
+ dns_rdatatype_any,
+ &chase_dslookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; DSset is missing to continue validation:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ if (result == ISC_R_NOTFOUND)
+ return;
+ INSIST(chase_dsrdataset != NULL);
+ printf("\n;; DSset:\n");
+ print_rdataset(&chase_authority_name , chase_dsrdataset, mctx);
+
+ result = advanced_rrsearch(&chase_sigdsrdataset,
+ &chase_authority_name,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_ds,
+ &true);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; DSset is missing to continue validation:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ printf("\n;; RRSIGset of DSset\n");
+ print_rdataset(&chase_authority_name,
+ chase_sigdsrdataset, mctx);
+ INSIST(chase_sigdsrdataset != NULL);
+
+ result = sigchase_verify_sig(&chase_authority_name,
+ chase_dsrdataset,
+ chase_keyrdataset,
+ chase_sigdsrdataset, mctx);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; Impossible to verify the DSset:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ chase_keyrdataset = NULL;
+ chase_sigkeyrdataset = NULL;
+
+
+ prepare_lookup(&chase_authority_name);
+
+ have_response = ISC_FALSE;
+ have_delegation_ns = ISC_FALSE;
+ delegation_follow = ISC_TRUE;
+ error_message = NULL;
+ dup_name(&chase_authority_name, &chase_current_name, mctx);
+ free_name(&chase_authority_name, mctx);
+ return;
+ }
+
+
+ if (error_message != NULL) {
+ dns_rdataset_t *rdataset;
+ dns_rdataset_t *sigrdataset;
+ dns_name_t rdata_name;
+ isc_result_t ret = ISC_R_FAILURE;
+
+ dns_name_init(&rdata_name, NULL);
+ result = prove_nx(error_message, &chase_name,
+ current_lookup->rdclass_sigchase,
+ current_lookup->rdtype_sigchase, &rdata_name,
+ &rdataset, &sigrdataset);
+ if (rdataset == NULL || sigrdataset == NULL ||
+ dns_name_countlabels(&rdata_name) == 0) {
+ printf("\n;; Impossible to verify the non-existence,"
+ " the NSEC RRset can't be validated:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ }
+ ret = sigchase_verify_sig(&rdata_name, rdataset,
+ chase_keyrdataset,
+ sigrdataset, mctx);
+ if (ret != ISC_R_SUCCESS) {
+ free_name(&rdata_name, mctx);
+ printf("\n;; Impossible to verify the NSEC RR to prove"
+ " the non-existence : FAILED\n\n");
+ goto cleanandgo;
+ }
+ free_name(&rdata_name, mctx);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; Impossible to verify the non-existence:"
+ " FAILED\n\n");
+ goto cleanandgo;
+ } else {
+ printf("\n;; OK the query doesn't have response but"
+ " we have validate this fact : SUCCESS\n\n");
+ goto cleanandgo;
+ }
+ }
+
+ cleanandgo:
+ printf(";; cleanandgo \n");
+ if (dns_name_dynamic(&chase_current_name))
+ free_name(&chase_current_name, mctx);
+ if (dns_name_dynamic(&chase_authority_name))
+ free_name(&chase_authority_name, mctx);
+ clean_trustedkey();
+ return;
+
+ finalstep :
+ result = advanced_rrsearch(&chase_rdataset, &chase_name,
+ current_lookup->rdtype_sigchase,
+ dns_rdatatype_any ,
+ &true);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; RRsig of RRset is missing to continue validation"
+ " SHOULD NOT APPEND: FAILED\n\n");
+ goto cleanandgo;
+ }
+ result = sigchase_verify_sig(&chase_name, chase_rdataset,
+ chase_keyrdataset,
+ chase_sigrdataset, mctx);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; Impossible to verify the RRset : FAILED\n\n");
+ /*
+ printf("RRset:\n");
+ print_rdataset(&chase_name , chase_rdataset, mctx);
+ printf("DNSKEYset:\n");
+ print_rdataset(&chase_name , chase_keyrdataset, mctx);
+ printf("RRSIG of RRset:\n");
+ print_rdataset(&chase_name , chase_sigrdataset, mctx);
+ printf("\n");
+ */
+ goto cleanandgo;
+ } else {
+ printf("\n;; The Answer:\n");
+ print_rdataset(&chase_name , chase_rdataset, mctx);
+
+ printf("\n;; FINISH : we have validate the DNSSEC chain"
+ " of trust: SUCCESS\n\n");
+ goto cleanandgo;
+ }
+}
+
+#endif
+
+
+#if DIG_SIGCHASE_BU
+
+isc_result_t
+getneededrr(dns_message_t *msg)
+{
+ isc_result_t result;
+ dns_name_t *name = NULL;
+ dns_rdata_t sigrdata = DNS_RDATA_INIT;
+ dns_rdata_sig_t siginfo;
+ isc_boolean_t true = ISC_TRUE;
+
+ if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
+ != ISC_R_SUCCESS) {
+ printf(";; NO ANSWERS: %s\n", isc_result_totext(result));
+
+ if (chase_name.ndata == NULL)
+ return (ISC_R_ADDRNOTAVAIL);
+ } else {
+ dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
+ }
+
+ /* What do we chase? */
+ if (chase_rdataset == NULL) {
+ result = advanced_rrsearch(&chase_rdataset, name,
+ dns_rdatatype_any,
+ dns_rdatatype_any, &true);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n;; No Answers: Validation FAILED\n\n");
+ return (ISC_R_NOTFOUND);
+ }
+ dup_name(name, &chase_name, mctx);
+ printf(";; RRset to chase:\n");
+ print_rdataset(&chase_name, chase_rdataset, mctx);
+ }
+ INSIST(chase_rdataset != NULL);
+
+
+ if (chase_sigrdataset == NULL) {
+ result = advanced_rrsearch(&chase_sigrdataset, name,
+ dns_rdatatype_rrsig,
+ chase_rdataset->type,
+ &chase_siglookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; RRSIG is missing for continue validation:"
+ " FAILED\n\n");
+ if (dns_name_dynamic(&chase_name))
+ free_name(&chase_name, mctx);
+ return (ISC_R_NOTFOUND);
+ }
+ if (result == ISC_R_NOTFOUND) {
+ return (ISC_R_NOTFOUND);
+ }
+ printf("\n;; RRSIG of the RRset to chase:\n");
+ print_rdataset(&chase_name, chase_sigrdataset, mctx);
+ }
+ INSIST(chase_sigrdataset != NULL);
+
+
+ /* first find the DNSKEY name */
+ result = dns_rdataset_first(chase_sigrdataset);
+ check_result(result, "empty RRSIG dataset");
+ dns_rdataset_current(chase_sigrdataset, &sigrdata);
+ result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
+ check_result(result, "sigrdata tostruct siginfo");
+ dup_name(&siginfo.signer, &chase_signame, mctx);
+ dns_rdata_freestruct(&siginfo);
+ dns_rdata_reset(&sigrdata);
+
+ /* Do we have a key? */
+ if (chase_keyrdataset == NULL) {
+ result = advanced_rrsearch(&chase_keyrdataset,
+ &chase_signame,
+ dns_rdatatype_dnskey,
+ dns_rdatatype_any,
+ &chase_keylookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; DNSKEY is missing to continue validation:"
+ " FAILED\n\n");
+ free_name(&chase_signame, mctx);
+ if (dns_name_dynamic(&chase_name))
+ free_name(&chase_name, mctx);
+ return (ISC_R_NOTFOUND);
+ }
+ if (result == ISC_R_NOTFOUND) {
+ free_name(&chase_signame, mctx);
+ return (ISC_R_NOTFOUND);
+ }
+ printf("\n;; DNSKEYset that signs the RRset to chase:\n");
+ print_rdataset(&chase_signame, chase_keyrdataset, mctx);
+ }
+ INSIST(chase_keyrdataset != NULL);
+
+ if (chase_sigkeyrdataset == NULL) {
+ result = advanced_rrsearch(&chase_sigkeyrdataset,
+ &chase_signame,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_dnskey,
+ &chase_sigkeylookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; RRSIG for DNSKEY is missing to continue"
+ " validation : FAILED\n\n");
+ free_name(&chase_signame, mctx);
+ if (dns_name_dynamic(&chase_name))
+ free_name(&chase_name, mctx);
+ return (ISC_R_NOTFOUND);
+ }
+ if (result == ISC_R_NOTFOUND) {
+ free_name(&chase_signame, mctx);
+ return (ISC_R_NOTFOUND);
+ }
+ printf("\n;; RRSIG of the DNSKEYset that signs the "
+ "RRset to chase:\n");
+ print_rdataset(&chase_signame, chase_sigkeyrdataset, mctx);
+ }
+ INSIST(chase_sigkeyrdataset != NULL);
+
+
+ if (chase_dsrdataset == NULL) {
+ result = advanced_rrsearch(&chase_dsrdataset, &chase_signame,
+ dns_rdatatype_ds,
+ dns_rdatatype_any,
+ &chase_dslookedup);
+ if (result == ISC_R_FAILURE) {
+ printf("\n;; WARNING There is no DS for the zone: ");
+ dns_name_print(&chase_signame, stdout);
+ printf("\n");
+ }
+ if (result == ISC_R_NOTFOUND) {
+ free_name(&chase_signame, mctx);
+ return (ISC_R_NOTFOUND);
+ }
+ if (chase_dsrdataset != NULL) {
+ printf("\n;; DSset of the DNSKEYset\n");
+ print_rdataset(&chase_signame, chase_dsrdataset, mctx);
+ }
+ }
+
+ if (chase_dsrdataset != NULL) {
+ /*
+ * if there is no RRSIG of DS,
+ * we don't want to search on the network
+ */
+ result = advanced_rrsearch(&chase_sigdsrdataset,
+ &chase_signame,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_ds, &true);
+ if (result == ISC_R_FAILURE) {
+ printf(";; WARNING : NO RRSIG DS : RRSIG DS"
+ " should come with DS\n");
+ /*
+ * We continue even the DS couldn't be validated,
+ * because the DNSKEY could be a Trusted Key.
+ */
+ chase_dsrdataset = NULL;
+ } else {
+ printf("\n;; RRSIG of the DSset of the DNSKEYset\n");
+ print_rdataset(&chase_signame, chase_sigdsrdataset,
+ mctx);
+ }
+ }
+ return (1);
+}
+
+
+
+void
+sigchase_bu(dns_message_t *msg)
+{
+ isc_result_t result;
+ int ret;
+
+ if (tk_list.nb_tk == 0) {
+ result = get_trusted_key(mctx);
+ if (result != ISC_R_SUCCESS) {
+ printf("No trusted keys present\n");
+ return;
+ }
+ }
+
+
+ ret = getneededrr(msg);
+ if (ret == ISC_R_NOTFOUND)
+ return;
+
+ if (ret == ISC_R_ADDRNOTAVAIL) {
+ /* We have no response */
+ dns_rdataset_t *rdataset;
+ dns_rdataset_t *sigrdataset;
+ dns_name_t rdata_name;
+ dns_name_t query_name;
+
+
+ dns_name_init(&query_name, NULL);
+ dns_name_init(&rdata_name, NULL);
+ nameFromString(current_lookup->textname, &query_name);
+
+ result = prove_nx(msg, &query_name, current_lookup->rdclass,
+ current_lookup->rdtype, &rdata_name,
+ &rdataset, &sigrdataset);
+ free_name(&query_name, mctx);
+ if (rdataset == NULL || sigrdataset == NULL ||
+ dns_name_countlabels(&rdata_name) == 0) {
+ printf("\n;; Impossible to verify the Non-existence,"
+ " the NSEC RRset can't be validated: "
+ "FAILED\n\n");
+ clean_trustedkey();
+ return;
+ }
+
+ if (result != ISC_R_SUCCESS) {
+ printf("\n No Answers and impossible to prove the"
+ " unsecurity : Validation FAILED\n\n");
+ clean_trustedkey();
+ return;
+ }
+ printf(";; An NSEC prove the non-existence of a answers,"
+ " Now we want validate this NSEC\n");
+
+ dup_name(&rdata_name, &chase_name, mctx);
+ free_name(&rdata_name, mctx);
+ chase_rdataset = rdataset;
+ chase_sigrdataset = sigrdataset;
+ chase_keyrdataset = NULL;
+ chase_sigkeyrdataset = NULL;
+ chase_dsrdataset = NULL;
+ chase_sigdsrdataset = NULL;
+ chase_siglookedup = ISC_FALSE;
+ chase_keylookedup = ISC_FALSE;
+ chase_dslookedup = ISC_FALSE;
+ chase_sigdslookedup = ISC_FALSE;
+ sigchase(msg);
+ clean_trustedkey();
+ return;
+ }
+
+
+ printf("\n\n\n;; WE HAVE MATERIAL, WE NOW DO VALIDATION\n");
+
+ result = sigchase_verify_sig(&chase_name, chase_rdataset,
+ chase_keyrdataset,
+ chase_sigrdataset, mctx);
+ if (result != ISC_R_SUCCESS) {
+ free_name(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
+ printf(";; No DNSKEY is valid to check the RRSIG"
+ " of the RRset: FAILED\n");
+ clean_trustedkey();
+ return;
+ }
+ printf(";; OK We found DNSKEY (or more) to validate the RRset\n");
+
+ result = contains_trusted_key(&chase_signame, chase_keyrdataset,
+ chase_sigkeyrdataset, mctx);
+ if (result == ISC_R_SUCCESS) {
+ free_name(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
+ printf("\n;; Ok this DNSKEY is a Trusted Key,"
+ " DNSSEC validation is ok: SUCCESS\n\n");
+ clean_trustedkey();
+ return;
+ }
+
+ printf(";; Now, we are going to validate this DNSKEY by the DS\n");
+
+ if (chase_dsrdataset == NULL) {
+ free_name(&chase_name, mctx);
+ free_name(&chase_signame, mctx);
+ printf(";; the DNSKEY isn't trusted-key and there isn't"
+ " DS to validate the DNSKEY: FAILED\n");
+ clean_trustedkey();
+ return;
+ }
+
+ result = sigchase_verify_ds(&chase_signame, chase_keyrdataset,
+ chase_dsrdataset, mctx);
+ if (result != ISC_R_SUCCESS) {
+ free_name(&chase_signame, mctx);
+ free_name(&chase_name, mctx);
+ printf(";; ERROR no DS validates a DNSKEY in the"
+ " DNSKEY RRset: FAILED\n");
+ clean_trustedkey();
+ return;
+ } else
+ printf(";; OK this DNSKEY (validated by the DS) validates"
+ " the RRset of the DNSKEYs, thus the DNSKEY validates"
+ " the RRset\n");
+ INSIST(chase_sigdsrdataset != NULL);
+
+ dup_name(&chase_signame, &chase_name, mctx);
+ free_name(&chase_signame, mctx);
+ chase_rdataset = chase_dsrdataset;
+ chase_sigrdataset = chase_sigdsrdataset;
+ chase_keyrdataset = NULL;
+ chase_sigkeyrdataset = NULL;
+ chase_dsrdataset = NULL;
+ chase_sigdsrdataset = NULL;
+ chase_siglookedup = chase_keylookedup = ISC_FALSE;
+ chase_dslookedup = chase_sigdslookedup = ISC_FALSE;
+
+ printf(";; Now, we want to validate the DS : recursive call\n");
+ sigchase(msg);
+ return;
+}
+#endif
+
+void
+sigchase(dns_message_t *msg) {
+#if DIG_SIGCHASE_TD
+ if (current_lookup->do_topdown) {
+ sigchase_td(msg);
+ return;
+ }
+#endif
+#if DIG_SIGCHASE_BU
+ sigchase_bu(msg);
+ return;
+#endif
+}
+
+
+/*
+ * return 1 if name1 < name2
+ * 0 if name1 == name2
+ * -1 if name1 > name2
+ * and -2 if problem
+ */
+int
+inf_name(dns_name_t *name1, dns_name_t *name2)
+{
+ dns_label_t label1;
+ dns_label_t label2;
+ unsigned int nblabel1;
+ unsigned int nblabel2;
+ int min_lum_label;
+ int i;
+ int ret = -2;
+
+ nblabel1 = dns_name_countlabels(name1);
+ nblabel2 = dns_name_countlabels(name2);
+
+ if (nblabel1 >= nblabel2)
+ min_lum_label = nblabel2;
+ else
+ min_lum_label = nblabel1;
+
+
+ for (i=1 ; i < min_lum_label; i++) {
+ dns_name_getlabel(name1, nblabel1 -1 - i, &label1);
+ dns_name_getlabel(name2, nblabel2 -1 - i, &label2);
+ if ((ret = isc_region_compare(&label1, &label2)) != 0) {
+ if (ret < 0)
+ return (-1);
+ else if (ret > 0)
+ return (1);
+ }
+ }
+ if (nblabel1 == nblabel2)
+ return (0);
+
+ if (nblabel1 < nblabel2)
+ return (-1);
+ else
+ return (1);
+}
+
+/**
+ *
+ *
+ *
+ */
+isc_result_t
+prove_nx_domain(dns_message_t *msg,
+ dns_name_t *name,
+ dns_name_t *rdata_name,
+ dns_rdataset_t **rdataset,
+ dns_rdataset_t **sigrdataset)
+{
+ isc_result_t ret = ISC_R_FAILURE;
+ isc_result_t result = ISC_R_NOTFOUND;
+ dns_rdataset_t *nsecset = NULL;
+ dns_rdataset_t *signsecset = NULL ;
+ dns_rdata_t nsec = DNS_RDATA_INIT;
+ dns_name_t *nsecname;
+ dns_rdata_nsec_t nsecstruct;
+
+ if ((result = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
+ != ISC_R_SUCCESS) {
+ printf(";; nothing in authority section : impossible to"
+ " validate the non-existence : FAILED\n");
+ return (ISC_R_FAILURE);
+ }
+
+ do {
+ nsecname = NULL;
+ dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname);
+ nsecset = search_type(nsecname, dns_rdatatype_nsec,
+ dns_rdatatype_any);
+ if (nsecset == NULL)
+ continue;
+
+ printf("There is a NSEC for this zone in the"
+ " AUTHORITY section:\n");
+ print_rdataset(nsecname, nsecset, mctx);
+
+ for (result = dns_rdataset_first(nsecset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(nsecset)) {
+ dns_rdataset_current(nsecset, &nsec);
+
+
+ signsecset
+ = chase_scanname_section(msg, nsecname,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_nsec,
+ DNS_SECTION_AUTHORITY);
+ if (signsecset == NULL) {
+ printf(";; no RRSIG NSEC in authority section:"
+ " impossible to validate the "
+ "non-existence: FAILED\n");
+ return (ISC_R_FAILURE);
+ }
+
+ ret = dns_rdata_tostruct(&nsec, &nsecstruct, NULL);
+ check_result(ret,"dns_rdata_tostruct");
+
+ if ((inf_name(nsecname, &nsecstruct.next) == 1 &&
+ inf_name(name, &nsecstruct.next) == 1) ||
+ (inf_name(name, nsecname) == 1 &&
+ inf_name(&nsecstruct.next, name) == 1)) {
+ dns_rdata_freestruct(&nsecstruct);
+ *rdataset = nsecset;
+ *sigrdataset = signsecset;
+ dup_name(nsecname, rdata_name, mctx);
+
+ return (ISC_R_SUCCESS);
+ }
+
+ dns_rdata_freestruct(&nsecstruct);
+ dns_rdata_reset(&nsec);
+ }
+ } while (dns_message_nextname(msg, DNS_SECTION_AUTHORITY)
+ == ISC_R_SUCCESS);
+
+ *rdataset = NULL;
+ *sigrdataset = NULL;
+ rdata_name = NULL;
+ return (ISC_R_FAILURE);
+}
+
+/**
+ *
+ *
+ *
+ *
+ *
+ */
+isc_result_t
+prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
+ dns_rdataclass_t class, dns_rdatatype_t type,
+ dns_name_t *rdata_name, dns_rdataset_t **rdataset,
+ dns_rdataset_t **sigrdataset)
+{
+ isc_result_t ret;
+ dns_rdataset_t *signsecset;
+ dns_rdata_t nsec = DNS_RDATA_INIT;
+
+ UNUSED(class);
+
+ ret = dns_rdataset_first(nsecset);
+ check_result(ret,"dns_rdataset_first");
+
+ dns_rdataset_current(nsecset, &nsec);
+
+ ret = dns_nsec_typepresent(&nsec, type);
+ if (ret == ISC_R_SUCCESS)
+ printf("OK the NSEC said that the type doesn't exist \n");
+
+ signsecset = chase_scanname_section(msg, name,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_nsec,
+ DNS_SECTION_AUTHORITY);
+ if (signsecset == NULL) {
+ printf("There isn't RRSIG NSEC for the zone \n");
+ return (ISC_R_FAILURE);
+ }
+ dup_name(name, rdata_name, mctx);
+ *rdataset = nsecset;
+ *sigrdataset = signsecset;
+
+ return (ret);
+}
+
+/**
+ *
+ *
+ *
+ *
+ */
+isc_result_t
+prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class,
+ dns_rdatatype_t type, dns_name_t *rdata_name,
+ dns_rdataset_t **rdataset, dns_rdataset_t **sigrdataset)
+{
+ isc_result_t ret;
+ dns_rdataset_t *nsecset = NULL;
+
+ printf("We want to prove the non-existance of a type of rdata %d"
+ " or of the zone: \n", type);
+
+ if ((ret = dns_message_firstname(msg, DNS_SECTION_AUTHORITY))
+ != ISC_R_SUCCESS) {
+ printf(";; nothing in authority section : impossible to"
+ " validate the non-existence : FAILED\n");
+ return (ISC_R_FAILURE);
+ }
+
+ nsecset = chase_scanname_section(msg, name, dns_rdatatype_nsec,
+ dns_rdatatype_any,
+ DNS_SECTION_AUTHORITY);
+ if (nsecset != NULL) {
+ printf("We have a NSEC for this zone :OK\n");
+ ret = prove_nx_type(msg, name, nsecset, class,
+ type, rdata_name, rdataset,
+ sigrdataset);
+ if (ret != ISC_R_SUCCESS) {
+ printf("prove_nx: ERROR type exist\n");
+ return (ret);
+ } else {
+ printf("prove_nx: OK type does not exist\n");
+ return (ISC_R_SUCCESS);
+ }
+ } else {
+ printf("there is no NSEC for this zone: validating "
+ "that the zone doesn't exist\n");
+ ret = prove_nx_domain(msg, name, rdata_name,
+ rdataset, sigrdataset);
+ return (ret);
+ }
+ /* Never get here */
+}
+#endif
diff --git a/bin/dig/host.1 b/bin/dig/host.1
new file mode 100644
index 0000000..2ec7d17
--- /dev/null
+++ b/bin/dig/host.1
@@ -0,0 +1,219 @@
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: host.1,v 1.29 2008/04/05 01:09:34 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: host
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+host \- DNS lookup utility
+.SH "SYNOPSIS"
+.HP 5
+\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server]
+.SH "DESCRIPTION"
+.PP
+\fBhost\fR
+is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given,
+\fBhost\fR
+prints a short summary of its command line arguments and options.
+.PP
+\fIname\fR
+is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
+\fBhost\fR
+will by default perform a reverse lookup for that address.
+\fIserver\fR
+is an optional argument which is either the name or IP address of the name server that
+\fBhost\fR
+should query instead of the server or servers listed in
+\fI/etc/resolv.conf\fR.
+.PP
+The
+\fB\-a\fR
+(all) option is equivalent to setting the
+\fB\-v\fR
+option and asking
+\fBhost\fR
+to make a query of type ANY.
+.PP
+When the
+\fB\-C\fR
+option is used,
+\fBhost\fR
+will attempt to display the SOA records for zone
+\fIname\fR
+from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
+.PP
+The
+\fB\-c\fR
+option instructs to make a DNS query of class
+\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
+.PP
+Verbose output is generated by
+\fBhost\fR
+when the
+\fB\-d\fR
+or
+\fB\-v\fR
+option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the
+\fB\-d\fR
+option switched on debugging traces and
+\fB\-v\fR
+enabled verbose output.
+.PP
+List mode is selected by the
+\fB\-l\fR
+option. This makes
+\fBhost\fR
+perform a zone transfer for zone
+\fIname\fR. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with
+\fB\-a\fR
+all records will be printed.
+.PP
+The
+\fB\-i\fR
+option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA.
+.PP
+The
+\fB\-N\fR
+option sets the number of dots that have to be in
+\fIname\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR.
+.PP
+The number of UDP retries for a lookup can be changed with the
+\fB\-R\fR
+option.
+\fInumber\fR
+indicates how many times
+\fBhost\fR
+will repeat a query that does not get answered. The default number of retries is 1. If
+\fInumber\fR
+is negative or zero, the number of retries will default to 1.
+.PP
+Non\-recursive queries can be made via the
+\fB\-r\fR
+option. Setting this option clears the
+\fBRD\fR
+\(em recursion desired \(em bit in the query which
+\fBhost\fR
+makes. This should mean that the name server receiving the query will not attempt to resolve
+\fIname\fR. The
+\fB\-r\fR
+option enables
+\fBhost\fR
+to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+.PP
+By default
+\fBhost\fR
+uses UDP when making queries. The
+\fB\-T\fR
+option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
+.PP
+The
+\fB\-4\fR
+option forces
+\fBhost\fR
+to only use IPv4 query transport. The
+\fB\-6\fR
+option forces
+\fBhost\fR
+to only use IPv6 query transport.
+.PP
+The
+\fB\-t\fR
+option is used to select the query type.
+\fItype\fR
+can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+\fBhost\fR
+automatically selects an appropriate query type. By default it looks for A, AAAA, and MX records, but if the
+\fB\-C\fR
+option was given, queries will be made for SOA records, and if
+\fIname\fR
+is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
+\fBhost\fR
+will query for PTR records. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e.g. \-t IXFR=12345678).
+.PP
+The time to wait for a reply can be controlled through the
+\fB\-W\fR
+and
+\fB\-w\fR
+options. The
+\fB\-W\fR
+option makes
+\fBhost\fR
+wait for
+\fIwait\fR
+seconds. If
+\fIwait\fR
+is less than one, the wait interval is set to one second. When the
+\fB\-w\fR
+option is used,
+\fBhost\fR
+will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
+.PP
+The
+\fB\-s\fR
+option tells
+\fBhost\fR
+\fInot\fR
+to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
+.PP
+The
+\fB\-m\fR
+can be used to set the memory usage debugging flags
+\fIrecord\fR,
+\fIusage\fR
+and
+\fItrace\fR.
+.SH "IDN SUPPORT"
+.PP
+If
+\fBhost\fR
+has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
+\fBhost\fR
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
+\fBIDN_DISABLE\fR
+environment variable. The IDN support is disabled if the variable is set when
+\fBhost\fR
+runs.
+.SH "FILES"
+.PP
+\fI/etc/resolv.conf\fR
+.SH "SEE ALSO"
+.PP
+\fBdig\fR(1),
+\fBnamed\fR(8).
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br
diff --git a/bin/dig/host.c b/bin/dig/host.c
new file mode 100644
index 0000000..ac29ae6
--- /dev/null
+++ b/bin/dig/host.c
@@ -0,0 +1,862 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: host.c,v 1.116 2007/12/03 00:21:48 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#ifdef WITH_IDN
+#include <idn/result.h>
+#include <idn/log.h>
+#include <idn/resconf.h>
+#include <idn/api.h>
+#endif
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/netaddr.h>
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/util.h>
+#include <isc/task.h>
+#include <isc/stdlib.h>
+
+#include <dns/byaddr.h>
+#include <dns/fixedname.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/rdatatype.h>
+#include <dns/rdatastruct.h>
+
+#include <dig/dig.h>
+
+static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
+static isc_boolean_t default_lookups = ISC_TRUE;
+static int seen_error = -1;
+static isc_boolean_t list_addresses = ISC_TRUE;
+static dns_rdatatype_t list_type = dns_rdatatype_a;
+static isc_boolean_t printed_server = ISC_FALSE;
+
+static const char *opcodetext[] = {
+ "QUERY",
+ "IQUERY",
+ "STATUS",
+ "RESERVED3",
+ "NOTIFY",
+ "UPDATE",
+ "RESERVED6",
+ "RESERVED7",
+ "RESERVED8",
+ "RESERVED9",
+ "RESERVED10",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15"
+};
+
+static const char *rcodetext[] = {
+ "NOERROR",
+ "FORMERR",
+ "SERVFAIL",
+ "NXDOMAIN",
+ "NOTIMP",
+ "REFUSED",
+ "YXDOMAIN",
+ "YXRRSET",
+ "NXRRSET",
+ "NOTAUTH",
+ "NOTZONE",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15",
+ "BADVERS"
+};
+
+struct rtype {
+ unsigned int type;
+ const char *text;
+};
+
+struct rtype rtypes[] = {
+ { 1, "has address" },
+ { 2, "name server" },
+ { 5, "is an alias for" },
+ { 11, "has well known services" },
+ { 12, "domain name pointer" },
+ { 13, "host information" },
+ { 15, "mail is handled by" },
+ { 16, "descriptive text" },
+ { 19, "x25 address" },
+ { 20, "ISDN address" },
+ { 24, "has signature" },
+ { 25, "has key" },
+ { 28, "has IPv6 address" },
+ { 29, "location" },
+ { 0, NULL }
+};
+
+static void
+show_usage(void) {
+ fputs(
+"Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n"
+" [-R number] [-m flag] hostname [server]\n"
+" -a is equivalent to -v -t ANY\n"
+" -c specifies query class for non-IN data\n"
+" -C compares SOA records on authoritative nameservers\n"
+" -d is equivalent to -v\n"
+" -l lists all hosts in a domain, using AXFR\n"
+" -i IP6.INT reverse lookups\n"
+" -N changes the number of dots allowed before root lookup is done\n"
+" -r disables recursive processing\n"
+" -R specifies number of retries for UDP packets\n"
+" -s a SERVFAIL response should stop query\n"
+" -t specifies the query type\n"
+" -T enables TCP/IP mode\n"
+" -v enables verbose output\n"
+" -w specifies to wait forever for a reply\n"
+" -W specifies how long to wait for a reply\n"
+" -4 use IPv4 query transport only\n"
+" -6 use IPv6 query transport only\n"
+" -m set memory debugging flag (trace|record|usage)\n", stderr);
+ exit(1);
+}
+
+void
+dighost_shutdown(void) {
+ isc_app_shutdown();
+}
+
+void
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+ isc_time_t now;
+ int diff;
+
+ if (!short_form) {
+ char fromtext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_format(from, fromtext, sizeof(fromtext));
+ TIME_NOW(&now);
+ diff = (int) isc_time_microdiff(&now, &query->time_sent);
+ printf("Received %u bytes from %s in %d ms\n",
+ bytes, fromtext, diff/1000);
+ }
+}
+
+void
+trying(char *frm, dig_lookup_t *lookup) {
+ UNUSED(lookup);
+
+ if (!short_form)
+ printf("Trying \"%s\"\n", frm);
+}
+
+static void
+say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
+ dig_query_t *query)
+{
+ isc_buffer_t *b = NULL;
+ char namestr[DNS_NAME_FORMATSIZE];
+ isc_region_t r;
+ isc_result_t result;
+ unsigned int bufsize = BUFSIZ;
+
+ dns_name_format(name, namestr, sizeof(namestr));
+ retry:
+ result = isc_buffer_allocate(mctx, &b, bufsize);
+ check_result(result, "isc_buffer_allocate");
+ result = dns_rdata_totext(rdata, NULL, b);
+ if (result == ISC_R_NOSPACE) {
+ isc_buffer_free(&b);
+ bufsize *= 2;
+ goto retry;
+ }
+ check_result(result, "dns_rdata_totext");
+ isc_buffer_usedregion(b, &r);
+ if (query->lookup->identify_previous_line) {
+ printf("Nameserver %s:\n\t",
+ query->servname);
+ }
+ printf("%s %s %.*s", namestr,
+ msg, (int)r.length, (char *)r.base);
+ if (query->lookup->identify) {
+ printf(" on server %s", query->servname);
+ }
+ printf("\n");
+ isc_buffer_free(&b);
+}
+#ifdef DIG_SIGCHASE
+/* Just for compatibility : not use in host program */
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+ isc_buffer_t *target)
+{
+ UNUSED(owner_name);
+ UNUSED(rdataset);
+ UNUSED(target);
+ return(ISC_FALSE);
+}
+#endif
+static isc_result_t
+printsection(dns_message_t *msg, dns_section_t sectionid,
+ const char *section_name, isc_boolean_t headers,
+ dig_query_t *query)
+{
+ dns_name_t *name, *print_name;
+ dns_rdataset_t *rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_buffer_t target;
+ isc_result_t result, loopresult;
+ isc_region_t r;
+ dns_name_t empty_name;
+ char t[4096];
+ isc_boolean_t first;
+ isc_boolean_t no_rdata;
+
+ if (sectionid == DNS_SECTION_QUESTION)
+ no_rdata = ISC_TRUE;
+ else
+ no_rdata = ISC_FALSE;
+
+ if (headers)
+ printf(";; %s SECTION:\n", section_name);
+
+ dns_name_init(&empty_name, NULL);
+
+ result = dns_message_firstname(msg, sectionid);
+ if (result == ISC_R_NOMORE)
+ return (ISC_R_SUCCESS);
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (;;) {
+ name = NULL;
+ dns_message_currentname(msg, sectionid, &name);
+
+ isc_buffer_init(&target, t, sizeof(t));
+ first = ISC_TRUE;
+ print_name = name;
+
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ if (query->lookup->rdtype == dns_rdatatype_axfr &&
+ !((!list_addresses &&
+ (list_type == dns_rdatatype_any ||
+ rdataset->type == list_type)) ||
+ (list_addresses &&
+ (rdataset->type == dns_rdatatype_a ||
+ rdataset->type == dns_rdatatype_aaaa ||
+ rdataset->type == dns_rdatatype_ns ||
+ rdataset->type == dns_rdatatype_ptr))))
+ continue;
+ if (!short_form) {
+ result = dns_rdataset_totext(rdataset,
+ print_name,
+ ISC_FALSE,
+ no_rdata,
+ &target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+#ifdef USEINITALWS
+ if (first) {
+ print_name = &empty_name;
+ first = ISC_FALSE;
+ }
+#else
+ UNUSED(first); /* Shut up compiler. */
+#endif
+ } else {
+ loopresult = dns_rdataset_first(rdataset);
+ while (loopresult == ISC_R_SUCCESS) {
+ struct rtype *t;
+ const char *rtt;
+ char typebuf[DNS_RDATATYPE_FORMATSIZE];
+ char typebuf2[DNS_RDATATYPE_FORMATSIZE
+ + 20];
+ dns_rdataset_current(rdataset, &rdata);
+
+ for (t = rtypes; t->text != NULL; t++) {
+ if (t->type == rdata.type) {
+ rtt = t->text;
+ goto found;
+ }
+ }
+
+ dns_rdatatype_format(rdata.type,
+ typebuf,
+ sizeof(typebuf));
+ snprintf(typebuf2, sizeof(typebuf2),
+ "has %s record", typebuf);
+ rtt = typebuf2;
+ found:
+ say_message(print_name, rtt,
+ &rdata, query);
+ dns_rdata_reset(&rdata);
+ loopresult =
+ dns_rdataset_next(rdataset);
+ }
+ }
+ }
+ if (!short_form) {
+ isc_buffer_usedregion(&target, &r);
+ if (no_rdata)
+ printf(";%.*s", (int)r.length,
+ (char *)r.base);
+ else
+ printf("%.*s", (int)r.length, (char *)r.base);
+ }
+
+ result = dns_message_nextname(msg, sectionid);
+ if (result == ISC_R_NOMORE)
+ break;
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
+ const char *set_name, isc_boolean_t headers)
+{
+ isc_buffer_t target;
+ isc_result_t result;
+ isc_region_t r;
+ char t[4096];
+
+ UNUSED(msg);
+ if (headers)
+ printf(";; %s SECTION:\n", set_name);
+
+ isc_buffer_init(&target, t, sizeof(t));
+
+ result = dns_rdataset_totext(rdataset, owner, ISC_FALSE, ISC_FALSE,
+ &target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ isc_buffer_usedregion(&target, &r);
+ printf("%.*s", (int)r.length, (char *)r.base);
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
+ isc_result_t result;
+ dns_rdataset_t *rdataset;
+ dns_rdata_cname_t cname;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ unsigned int i = msg->counts[DNS_SECTION_ANSWER];
+
+ while (i-- > 0) {
+ rdataset = NULL;
+ result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+ dns_rdatatype_cname, 0, NULL,
+ &rdataset);
+ if (result != ISC_R_SUCCESS)
+ return;
+ result = dns_rdataset_first(rdataset);
+ check_result(result, "dns_rdataset_first");
+ dns_rdata_reset(&rdata);
+ dns_rdataset_current(rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &cname, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ dns_name_copy(&cname.cname, qname, NULL);
+ dns_rdata_freestruct(&cname);
+ }
+}
+
+isc_result_t
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
+ isc_boolean_t did_flag = ISC_FALSE;
+ dns_rdataset_t *opt, *tsig = NULL;
+ dns_name_t *tsigname;
+ isc_result_t result = ISC_R_SUCCESS;
+ int force_error;
+
+ UNUSED(headers);
+
+ /*
+ * We get called multiple times.
+ * Preserve any existing error status.
+ */
+ force_error = (seen_error == 1) ? 1 : 0;
+ seen_error = 1;
+ if (listed_server && !printed_server) {
+ char sockstr[ISC_SOCKADDR_FORMATSIZE];
+
+ printf("Using domain server:\n");
+ printf("Name: %s\n", query->userarg);
+ isc_sockaddr_format(&query->sockaddr, sockstr,
+ sizeof(sockstr));
+ printf("Address: %s\n", sockstr);
+ printf("Aliases: \n\n");
+ printed_server = ISC_TRUE;
+ }
+
+ if (msg->rcode != 0) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_name_format(query->lookup->name, namestr, sizeof(namestr));
+ printf("Host %s not found: %d(%s)\n",
+ (msg->rcode != dns_rcode_nxdomain) ? namestr :
+ query->lookup->textname, msg->rcode,
+ rcodetext[msg->rcode]);
+ return (ISC_R_SUCCESS);
+ }
+
+ if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dig_lookup_t *lookup;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+
+ /* Add AAAA and MX lookups. */
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ dns_name_copy(query->lookup->name, name, NULL);
+ chase_cnamechain(msg, name);
+ dns_name_format(name, namestr, sizeof(namestr));
+ lookup = clone_lookup(query->lookup, ISC_FALSE);
+ if (lookup != NULL) {
+ strncpy(lookup->textname, namestr,
+ sizeof(lookup->textname));
+ lookup->textname[sizeof(lookup->textname)-1] = 0;
+ lookup->rdtype = dns_rdatatype_aaaa;
+ lookup->rdtypeset = ISC_TRUE;
+ lookup->origin = NULL;
+ lookup->retries = tries;
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ }
+ lookup = clone_lookup(query->lookup, ISC_FALSE);
+ if (lookup != NULL) {
+ strncpy(lookup->textname, namestr,
+ sizeof(lookup->textname));
+ lookup->textname[sizeof(lookup->textname)-1] = 0;
+ lookup->rdtype = dns_rdatatype_mx;
+ lookup->rdtypeset = ISC_TRUE;
+ lookup->origin = NULL;
+ lookup->retries = tries;
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ }
+ }
+
+ if (!short_form) {
+ printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
+ opcodetext[msg->opcode], rcodetext[msg->rcode],
+ msg->id);
+ printf(";; flags: ");
+ if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
+ printf("qr");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) {
+ printf("%saa", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) {
+ printf("%stc", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) {
+ printf("%srd", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) {
+ printf("%sra", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) {
+ printf("%sad", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
+ printf("%scd", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ printf("; QUERY: %u, ANSWER: %u, "
+ "AUTHORITY: %u, ADDITIONAL: %u\n",
+ msg->counts[DNS_SECTION_QUESTION],
+ msg->counts[DNS_SECTION_ANSWER],
+ msg->counts[DNS_SECTION_AUTHORITY],
+ msg->counts[DNS_SECTION_ADDITIONAL]);
+ opt = dns_message_getopt(msg);
+ if (opt != NULL)
+ printf(";; EDNS: version: %u, udp=%u\n",
+ (unsigned int)((opt->ttl & 0x00ff0000) >> 16),
+ (unsigned int)opt->rdclass);
+ tsigname = NULL;
+ tsig = dns_message_gettsig(msg, &tsigname);
+ if (tsig != NULL)
+ printf(";; PSEUDOSECTIONS: TSIG\n");
+ }
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) &&
+ !short_form) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
+ ISC_TRUE, query);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+ if (!short_form)
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
+ ISC_TF(!short_form), query);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
+ !short_form) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
+ ISC_TRUE, query);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
+ !short_form) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_ADDITIONAL,
+ "ADDITIONAL", ISC_TRUE, query);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if ((tsig != NULL) && !short_form) {
+ printf("\n");
+ result = printrdata(msg, tsig, tsigname,
+ "PSEUDOSECTION TSIG", ISC_TRUE);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (!short_form)
+ printf("\n");
+
+ if (short_form && !default_lookups &&
+ ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char typestr[DNS_RDATATYPE_FORMATSIZE];
+ dns_name_format(query->lookup->name, namestr, sizeof(namestr));
+ dns_rdatatype_format(query->lookup->rdtype, typestr,
+ sizeof(typestr));
+ printf("%s has no %s record\n", namestr, typestr);
+ }
+ seen_error = force_error;
+ return (result);
+}
+
+static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:";
+
+static void
+pre_parse_args(int argc, char **argv) {
+ int c;
+
+ while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
+ switch (c) {
+ case 'm':
+ memdebugging = ISC_TRUE;
+ if (strcasecmp("trace", isc_commandline_argument) == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
+ else if (!strcasecmp("record",
+ isc_commandline_argument) == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
+ else if (strcasecmp("usage",
+ isc_commandline_argument) == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
+ break;
+
+ case '4': break;
+ case '6': break;
+ case 'a': break;
+ case 'c': break;
+ case 'd': break;
+ case 'i': break;
+ case 'l': break;
+ case 'n': break;
+ case 'r': break;
+ case 's': break;
+ case 't': break;
+ case 'v': break;
+ case 'w': break;
+ case 'C': break;
+ case 'D': break;
+ case 'N': break;
+ case 'R': break;
+ case 'T': break;
+ case 'W': break;
+ default:
+ show_usage();
+ }
+ }
+ isc_commandline_reset = ISC_TRUE;
+ isc_commandline_index = 1;
+}
+
+static void
+parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
+ char hostname[MXNAME];
+ dig_lookup_t *lookup;
+ int c;
+ char store[MXNAME];
+ isc_textregion_t tr;
+ isc_result_t result = ISC_R_SUCCESS;
+ dns_rdatatype_t rdtype;
+ dns_rdataclass_t rdclass;
+ isc_uint32_t serial = 0;
+
+ UNUSED(is_batchfile);
+
+ lookup = make_empty_lookup();
+
+ lookup->servfail_stops = ISC_FALSE;
+ lookup->comments = ISC_FALSE;
+
+ while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
+ switch (c) {
+ case 'l':
+ lookup->tcp_mode = ISC_TRUE;
+ lookup->rdtype = dns_rdatatype_axfr;
+ lookup->rdtypeset = ISC_TRUE;
+ fatalexit = 3;
+ break;
+ case 'v':
+ case 'd':
+ short_form = ISC_FALSE;
+ break;
+ case 'r':
+ lookup->recurse = ISC_FALSE;
+ break;
+ case 't':
+ if (strncasecmp(isc_commandline_argument,
+ "ixfr=", 5) == 0) {
+ rdtype = dns_rdatatype_ixfr;
+ /* XXXMPA add error checking */
+ serial = strtoul(isc_commandline_argument + 5,
+ NULL, 10);
+ result = ISC_R_SUCCESS;
+ } else {
+ tr.base = isc_commandline_argument;
+ tr.length = strlen(isc_commandline_argument);
+ result = dns_rdatatype_fromtext(&rdtype,
+ (isc_textregion_t *)&tr);
+ }
+
+ if (result != ISC_R_SUCCESS) {
+ fatalexit = 2;
+ fatal("invalid type: %s\n",
+ isc_commandline_argument);
+ }
+ if (!lookup->rdtypeset ||
+ lookup->rdtype != dns_rdatatype_axfr)
+ lookup->rdtype = rdtype;
+ lookup->rdtypeset = ISC_TRUE;
+#ifdef WITH_IDN
+ idnoptions = 0;
+#endif
+ if (rdtype == dns_rdatatype_axfr) {
+ /* -l -t any -v */
+ list_type = dns_rdatatype_any;
+ short_form = ISC_FALSE;
+ lookup->tcp_mode = ISC_TRUE;
+ } else if (rdtype == dns_rdatatype_ixfr) {
+ lookup->ixfr_serial = serial;
+ lookup->tcp_mode = ISC_TRUE;
+ list_type = rdtype;
+#ifdef WITH_IDN
+ } else if (rdtype == dns_rdatatype_a ||
+ rdtype == dns_rdatatype_aaaa ||
+ rdtype == dns_rdatatype_mx) {
+ idnoptions = IDN_ASCCHECK;
+ list_type = rdtype;
+#endif
+ } else
+ list_type = rdtype;
+ list_addresses = ISC_FALSE;
+ default_lookups = ISC_FALSE;
+ break;
+ case 'c':
+ tr.base = isc_commandline_argument;
+ tr.length = strlen(isc_commandline_argument);
+ result = dns_rdataclass_fromtext(&rdclass,
+ (isc_textregion_t *)&tr);
+
+ if (result != ISC_R_SUCCESS) {
+ fatalexit = 2;
+ fatal("invalid class: %s\n",
+ isc_commandline_argument);
+ } else {
+ lookup->rdclass = rdclass;
+ lookup->rdclassset = ISC_TRUE;
+ }
+ default_lookups = ISC_FALSE;
+ break;
+ case 'a':
+ if (!lookup->rdtypeset ||
+ lookup->rdtype != dns_rdatatype_axfr)
+ lookup->rdtype = dns_rdatatype_any;
+ list_type = dns_rdatatype_any;
+ list_addresses = ISC_FALSE;
+ lookup->rdtypeset = ISC_TRUE;
+ short_form = ISC_FALSE;
+ default_lookups = ISC_FALSE;
+ break;
+ case 'i':
+ lookup->ip6_int = ISC_TRUE;
+ break;
+ case 'n':
+ /* deprecated */
+ break;
+ case 'm':
+ /* Handled by pre_parse_args(). */
+ break;
+ case 'w':
+ /*
+ * The timer routines are coded such that
+ * timeout==MAXINT doesn't enable the timer
+ */
+ timeout = INT_MAX;
+ break;
+ case 'W':
+ timeout = atoi(isc_commandline_argument);
+ if (timeout < 1)
+ timeout = 1;
+ break;
+ case 'R':
+ tries = atoi(isc_commandline_argument) + 1;
+ if (tries < 2)
+ tries = 2;
+ break;
+ case 'T':
+ lookup->tcp_mode = ISC_TRUE;
+ break;
+ case 'C':
+ debug("showing all SOAs");
+ lookup->rdtype = dns_rdatatype_ns;
+ lookup->rdtypeset = ISC_TRUE;
+ lookup->rdclass = dns_rdataclass_in;
+ lookup->rdclassset = ISC_TRUE;
+ lookup->ns_search_only = ISC_TRUE;
+ lookup->trace_root = ISC_TRUE;
+ lookup->identify_previous_line = ISC_TRUE;
+ default_lookups = ISC_FALSE;
+ break;
+ case 'N':
+ debug("setting NDOTS to %s",
+ isc_commandline_argument);
+ ndots = atoi(isc_commandline_argument);
+ break;
+ case 'D':
+ debugging = ISC_TRUE;
+ break;
+ case '4':
+ if (have_ipv4) {
+ isc_net_disableipv6();
+ have_ipv6 = ISC_FALSE;
+ } else
+ fatal("can't find IPv4 networking");
+ break;
+ case '6':
+ if (have_ipv6) {
+ isc_net_disableipv4();
+ have_ipv4 = ISC_FALSE;
+ } else
+ fatal("can't find IPv6 networking");
+ break;
+ case 's':
+ lookup->servfail_stops = ISC_TRUE;
+ break;
+ }
+ }
+
+ lookup->retries = tries;
+
+ if (isc_commandline_index >= argc)
+ show_usage();
+
+ strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
+ hostname[sizeof(hostname)-1]=0;
+ if (argc > isc_commandline_index + 1) {
+ set_nameserver(argv[isc_commandline_index+1]);
+ debug("server is %s", argv[isc_commandline_index+1]);
+ listed_server = ISC_TRUE;
+ } else
+ check_ra = ISC_TRUE;
+
+ lookup->pending = ISC_FALSE;
+ if (get_reverse(store, sizeof(store), hostname,
+ lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
+ strncpy(lookup->textname, store, sizeof(lookup->textname));
+ lookup->textname[sizeof(lookup->textname)-1] = 0;
+ lookup->rdtype = dns_rdatatype_ptr;
+ lookup->rdtypeset = ISC_TRUE;
+ default_lookups = ISC_FALSE;
+ } else {
+ strncpy(lookup->textname, hostname, sizeof(lookup->textname));
+ lookup->textname[sizeof(lookup->textname)-1]=0;
+ }
+ lookup->new_search = ISC_TRUE;
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+
+ usesearch = ISC_TRUE;
+}
+
+int
+main(int argc, char **argv) {
+ isc_result_t result;
+
+ tries = 2;
+
+ ISC_LIST_INIT(lookup_list);
+ ISC_LIST_INIT(server_list);
+ ISC_LIST_INIT(search_list);
+
+ fatalexit = 1;
+#ifdef WITH_IDN
+ idnoptions = IDN_ASCCHECK;
+#endif
+
+ debug("main()");
+ progname = argv[0];
+ pre_parse_args(argc, argv);
+ result = isc_app_start();
+ check_result(result, "isc_app_start");
+ setup_libs();
+ parse_args(ISC_FALSE, argc, argv);
+ setup_system();
+ result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
+ check_result(result, "isc_app_onrun");
+ isc_app_run();
+ cancel_all();
+ destroy_libs();
+ isc_app_finish();
+ return ((seen_error == 0) ? 0 : 1);
+}
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
new file mode 100644
index 0000000..bbd8d72
--- /dev/null
+++ b/bin/dig/host.docbook
@@ -0,0 +1,278 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: host.docbook,v 1.18 2008/04/04 23:47:01 tbox Exp $ -->
+<refentry id="man.host">
+
+ <refentryinfo>
+ <date>Jun 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>host</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>host</refname>
+ <refpurpose>DNS lookup utility</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>host</command>
+ <arg><option>-aCdlnrsTwv</option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
+ <arg><option>-R <replaceable class="parameter">number</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
+ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg><option>-4</option></arg>
+ <arg><option>-6</option></arg>
+ <arg choice="req">name</arg>
+ <arg choice="opt">server</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+
+ <para><command>host</command>
+ is a simple utility for performing DNS lookups.
+ It is normally used to convert names to IP addresses and vice versa.
+ When no arguments or options are given,
+ <command>host</command>
+ prints a short summary of its command line arguments and options.
+ </para>
+
+ <para><parameter>name</parameter> is the domain name that is to be
+ looked
+ up. It can also be a dotted-decimal IPv4 address or a colon-delimited
+ IPv6 address, in which case <command>host</command> will by
+ default
+ perform a reverse lookup for that address.
+ <parameter>server</parameter> is an optional argument which
+ is either
+ the name or IP address of the name server that <command>host</command>
+ should query instead of the server or servers listed in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+
+ <para>
+ The <option>-a</option> (all) option is equivalent to setting the
+ <option>-v</option> option and asking <command>host</command> to make
+ a query of type ANY.
+ </para>
+
+ <para>
+ When the <option>-C</option> option is used, <command>host</command>
+ will attempt to display the SOA records for zone
+ <parameter>name</parameter> from all the listed
+ authoritative name
+ servers for that zone. The list of name servers is defined by the NS
+ records that are found for the zone.
+ </para>
+
+ <para>
+ The <option>-c</option> option instructs to make a DNS query of class
+ <parameter>class</parameter>. This can be used to lookup
+ Hesiod or
+ Chaosnet class resource records. The default class is IN (Internet).
+ </para>
+
+ <para>
+ Verbose output is generated by <command>host</command> when
+ the
+ <option>-d</option> or <option>-v</option> option is used. The two
+ options are equivalent. They have been provided for backwards
+ compatibility. In previous versions, the <option>-d</option> option
+ switched on debugging traces and <option>-v</option> enabled verbose
+ output.
+ </para>
+
+ <para>
+ List mode is selected by the <option>-l</option> option. This makes
+ <command>host</command> perform a zone transfer for zone
+ <parameter>name</parameter>. Transfer the zone printing out
+ the NS, PTR
+ and address records (A/AAAA). If combined with <option>-a</option>
+ all records will be printed.
+ </para>
+
+ <para>
+ The <option>-i</option>
+ option specifies that reverse lookups of IPv6 addresses should
+ use the IP6.INT domain as defined in RFC1886.
+ The default is to use IP6.ARPA.
+ </para>
+
+ <para>
+ The <option>-N</option> option sets the number of dots that have to be
+ in <parameter>name</parameter> for it to be considered
+ absolute. The
+ default value is that defined using the ndots statement in
+ <filename>/etc/resolv.conf</filename>, or 1 if no ndots
+ statement is
+ present. Names with fewer dots are interpreted as relative names and
+ will be searched for in the domains listed in the <type>search</type>
+ or <type>domain</type> directive in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+
+ <para>
+ The number of UDP retries for a lookup can be changed with the
+ <option>-R</option> option. <parameter>number</parameter>
+ indicates
+ how many times <command>host</command> will repeat a query
+ that does
+ not get answered. The default number of retries is 1. If
+ <parameter>number</parameter> is negative or zero, the
+ number of
+ retries will default to 1.
+ </para>
+
+ <para>
+ Non-recursive queries can be made via the <option>-r</option> option.
+ Setting this option clears the <type>RD</type> &mdash; recursion
+ desired &mdash; bit in the query which <command>host</command> makes.
+ This should mean that the name server receiving the query will not
+ attempt to resolve <parameter>name</parameter>. The
+ <option>-r</option> option enables <command>host</command>
+ to mimic
+ the behavior of a name server by making non-recursive queries and
+ expecting to receive answers to those queries that are usually
+ referrals to other name servers.
+ </para>
+
+ <para>
+ By default <command>host</command> uses UDP when making
+ queries. The
+ <option>-T</option> option makes it use a TCP connection when querying
+ the name server. TCP will be automatically selected for queries that
+ require it, such as zone transfer (AXFR) requests.
+ </para>
+
+ <para>
+ The <option>-4</option> option forces <command>host</command> to only
+ use IPv4 query transport. The <option>-6</option> option forces
+ <command>host</command> to only use IPv6 query transport.
+ </para>
+
+ <para>
+ The <option>-t</option> option is used to select the query type.
+ <parameter>type</parameter> can be any recognized query
+ type: CNAME,
+ NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+ <command>host</command> automatically selects an appropriate
+ query
+ type. By default it looks for A, AAAA, and MX records, but if the
+ <option>-C</option> option was given, queries will be made for SOA
+ records, and if <parameter>name</parameter> is a
+ dotted-decimal IPv4
+ address or colon-delimited IPv6 address, <command>host</command> will
+ query for PTR records. If a query type of IXFR is chosen the starting
+ serial number can be specified by appending an equal followed by the
+ starting serial number (e.g. -t IXFR=12345678).
+ </para>
+
+ <para>
+ The time to wait for a reply can be controlled through the
+ <option>-W</option> and <option>-w</option> options. The
+ <option>-W</option> option makes <command>host</command>
+ wait for
+ <parameter>wait</parameter> seconds. If <parameter>wait</parameter>
+ is less than one, the wait interval is set to one second. When the
+ <option>-w</option> option is used, <command>host</command>
+ will
+ effectively wait forever for a reply. The time to wait for a response
+ will be set to the number of seconds given by the hardware's maximum
+ value for an integer quantity.
+ </para>
+
+ <para>
+ The <option>-s</option> option tells <command>host</command>
+ <emphasis>not</emphasis> to send the query to the next nameserver
+ if any server responds with a SERVFAIL response, which is the
+ reverse of normal stub resolver behavior.
+ </para>
+
+ <para>
+ The <option>-m</option> can be used to set the memory usage debugging
+ flags
+ <parameter>record</parameter>, <parameter>usage</parameter> and
+ <parameter>trace</parameter>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>IDN SUPPORT</title>
+ <para>
+ If <command>host</command> has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ <command>host</command> appropriately converts character encoding of
+ domain name before sending a request to DNS server or displaying a
+ reply from the server.
+ If you'd like to turn off the IDN support for some reason, defines
+ the <envar>IDN_DISABLE</envar> environment variable.
+ The IDN support is disabled if the variable is set when
+ <command>host</command> runs.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+ <para><filename>/etc/resolv.conf</filename>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+
+ </refsect1>
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dig/host.html b/bin/dig/host.html
new file mode 100644
index 0000000..6d14ef5
--- /dev/null
+++ b/bin/dig/host.html
@@ -0,0 +1,212 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: host.html,v 1.28 2008/04/05 01:09:34 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>host</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.host"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>host &#8212; DNS lookup utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543431"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">host</strong></span>
+ is a simple utility for performing DNS lookups.
+ It is normally used to convert names to IP addresses and vice versa.
+ When no arguments or options are given,
+ <span><strong class="command">host</strong></span>
+ prints a short summary of its command line arguments and options.
+ </p>
+<p><em class="parameter"><code>name</code></em> is the domain name that is to be
+ looked
+ up. It can also be a dotted-decimal IPv4 address or a colon-delimited
+ IPv6 address, in which case <span><strong class="command">host</strong></span> will by
+ default
+ perform a reverse lookup for that address.
+ <em class="parameter"><code>server</code></em> is an optional argument which
+ is either
+ the name or IP address of the name server that <span><strong class="command">host</strong></span>
+ should query instead of the server or servers listed in
+ <code class="filename">/etc/resolv.conf</code>.
+ </p>
+<p>
+ The <code class="option">-a</code> (all) option is equivalent to setting the
+ <code class="option">-v</code> option and asking <span><strong class="command">host</strong></span> to make
+ a query of type ANY.
+ </p>
+<p>
+ When the <code class="option">-C</code> option is used, <span><strong class="command">host</strong></span>
+ will attempt to display the SOA records for zone
+ <em class="parameter"><code>name</code></em> from all the listed
+ authoritative name
+ servers for that zone. The list of name servers is defined by the NS
+ records that are found for the zone.
+ </p>
+<p>
+ The <code class="option">-c</code> option instructs to make a DNS query of class
+ <em class="parameter"><code>class</code></em>. This can be used to lookup
+ Hesiod or
+ Chaosnet class resource records. The default class is IN (Internet).
+ </p>
+<p>
+ Verbose output is generated by <span><strong class="command">host</strong></span> when
+ the
+ <code class="option">-d</code> or <code class="option">-v</code> option is used. The two
+ options are equivalent. They have been provided for backwards
+ compatibility. In previous versions, the <code class="option">-d</code> option
+ switched on debugging traces and <code class="option">-v</code> enabled verbose
+ output.
+ </p>
+<p>
+ List mode is selected by the <code class="option">-l</code> option. This makes
+ <span><strong class="command">host</strong></span> perform a zone transfer for zone
+ <em class="parameter"><code>name</code></em>. Transfer the zone printing out
+ the NS, PTR
+ and address records (A/AAAA). If combined with <code class="option">-a</code>
+ all records will be printed.
+ </p>
+<p>
+ The <code class="option">-i</code>
+ option specifies that reverse lookups of IPv6 addresses should
+ use the IP6.INT domain as defined in RFC1886.
+ The default is to use IP6.ARPA.
+ </p>
+<p>
+ The <code class="option">-N</code> option sets the number of dots that have to be
+ in <em class="parameter"><code>name</code></em> for it to be considered
+ absolute. The
+ default value is that defined using the ndots statement in
+ <code class="filename">/etc/resolv.conf</code>, or 1 if no ndots
+ statement is
+ present. Names with fewer dots are interpreted as relative names and
+ will be searched for in the domains listed in the <span class="type">search</span>
+ or <span class="type">domain</span> directive in
+ <code class="filename">/etc/resolv.conf</code>.
+ </p>
+<p>
+ The number of UDP retries for a lookup can be changed with the
+ <code class="option">-R</code> option. <em class="parameter"><code>number</code></em>
+ indicates
+ how many times <span><strong class="command">host</strong></span> will repeat a query
+ that does
+ not get answered. The default number of retries is 1. If
+ <em class="parameter"><code>number</code></em> is negative or zero, the
+ number of
+ retries will default to 1.
+ </p>
+<p>
+ Non-recursive queries can be made via the <code class="option">-r</code> option.
+ Setting this option clears the <span class="type">RD</span> &#8212; recursion
+ desired &#8212; bit in the query which <span><strong class="command">host</strong></span> makes.
+ This should mean that the name server receiving the query will not
+ attempt to resolve <em class="parameter"><code>name</code></em>. The
+ <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
+ to mimic
+ the behavior of a name server by making non-recursive queries and
+ expecting to receive answers to those queries that are usually
+ referrals to other name servers.
+ </p>
+<p>
+ By default <span><strong class="command">host</strong></span> uses UDP when making
+ queries. The
+ <code class="option">-T</code> option makes it use a TCP connection when querying
+ the name server. TCP will be automatically selected for queries that
+ require it, such as zone transfer (AXFR) requests.
+ </p>
+<p>
+ The <code class="option">-4</code> option forces <span><strong class="command">host</strong></span> to only
+ use IPv4 query transport. The <code class="option">-6</code> option forces
+ <span><strong class="command">host</strong></span> to only use IPv6 query transport.
+ </p>
+<p>
+ The <code class="option">-t</code> option is used to select the query type.
+ <em class="parameter"><code>type</code></em> can be any recognized query
+ type: CNAME,
+ NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+ <span><strong class="command">host</strong></span> automatically selects an appropriate
+ query
+ type. By default it looks for A, AAAA, and MX records, but if the
+ <code class="option">-C</code> option was given, queries will be made for SOA
+ records, and if <em class="parameter"><code>name</code></em> is a
+ dotted-decimal IPv4
+ address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
+ query for PTR records. If a query type of IXFR is chosen the starting
+ serial number can be specified by appending an equal followed by the
+ starting serial number (e.g. -t IXFR=12345678).
+ </p>
+<p>
+ The time to wait for a reply can be controlled through the
+ <code class="option">-W</code> and <code class="option">-w</code> options. The
+ <code class="option">-W</code> option makes <span><strong class="command">host</strong></span>
+ wait for
+ <em class="parameter"><code>wait</code></em> seconds. If <em class="parameter"><code>wait</code></em>
+ is less than one, the wait interval is set to one second. When the
+ <code class="option">-w</code> option is used, <span><strong class="command">host</strong></span>
+ will
+ effectively wait forever for a reply. The time to wait for a response
+ will be set to the number of seconds given by the hardware's maximum
+ value for an integer quantity.
+ </p>
+<p>
+ The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span>
+ <span class="emphasis"><em>not</em></span> to send the query to the next nameserver
+ if any server responds with a SERVFAIL response, which is the
+ reverse of normal stub resolver behavior.
+ </p>
+<p>
+ The <code class="option">-m</code> can be used to set the memory usage debugging
+ flags
+ <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and
+ <em class="parameter"><code>trace</code></em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543797"></a><h2>IDN SUPPORT</h2>
+<p>
+ If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ <span><strong class="command">host</strong></span> appropriately converts character encoding of
+ domain name before sending a request to DNS server or displaying a
+ reply from the server.
+ If you'd like to turn off the IDN support for some reason, defines
+ the <code class="envar">IDN_DISABLE</code> environment variable.
+ The IDN support is disabled if the variable is set when
+ <span><strong class="command">host</strong></span> runs.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543819"></a><h2>FILES</h2>
+<p><code class="filename">/etc/resolv.conf</code>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543831"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
new file mode 100644
index 0000000..ccf9bf1
--- /dev/null
+++ b/bin/dig/include/dig/dig.h
@@ -0,0 +1,406 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dig.h,v 1.107 2008/04/03 06:09:04 tbox Exp $ */
+
+#ifndef DIG_H
+#define DIG_H
+
+/*! \file */
+
+#include <dns/rdatalist.h>
+
+#include <dst/dst.h>
+
+#include <isc/boolean.h>
+#include <isc/buffer.h>
+#include <isc/bufferlist.h>
+#include <isc/formatcheck.h>
+#include <isc/lang.h>
+#include <isc/list.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+
+#define MXSERV 20
+#define MXNAME (DNS_NAME_MAXTEXT+1)
+#define MXRD 32
+/*% Buffer Size */
+#define BUFSIZE 512
+#define COMMSIZE 0xffff
+#ifndef RESOLV_CONF
+/*% location of resolve.conf */
+#define RESOLV_CONF "/etc/resolv.conf"
+#endif
+/*% output buffer */
+#define OUTPUTBUF 32767
+/*% Max RR Limit */
+#define MAXRRLIMIT 0xffffffff
+#define MAXTIMEOUT 0xffff
+/*% Max number of tries */
+#define MAXTRIES 0xffffffff
+/*% Max number of dots */
+#define MAXNDOTS 0xffff
+/*% Max number of ports */
+#define MAXPORT 0xffff
+/*% Max serial number */
+#define MAXSERIAL 0xffffffff
+
+/*% Default TCP Timeout */
+#define TCP_TIMEOUT 10
+/*% Default UDP Timeout */
+#define UDP_TIMEOUT 5
+
+#define SERVER_TIMEOUT 1
+
+#define LOOKUP_LIMIT 64
+/*%
+ * Lookup_limit is just a limiter, keeping too many lookups from being
+ * created. It's job is mainly to prevent the program from running away
+ * in a tight loop of constant lookups. It's value is arbitrary.
+ */
+
+/*
+ * Defaults for the sigchase suboptions. Consolidated here because
+ * these control the layout of dig_lookup_t (among other things).
+ */
+#ifdef DIG_SIGCHASE
+#ifndef DIG_SIGCHASE_BU
+#define DIG_SIGCHASE_BU 1
+#endif
+#ifndef DIG_SIGCHASE_TD
+#define DIG_SIGCHASE_TD 1
+#endif
+#endif
+
+ISC_LANG_BEGINDECLS
+
+typedef struct dig_lookup dig_lookup_t;
+typedef struct dig_query dig_query_t;
+typedef struct dig_server dig_server_t;
+#ifdef DIG_SIGCHASE
+typedef struct dig_message dig_message_t;
+#endif
+typedef ISC_LIST(dig_server_t) dig_serverlist_t;
+typedef struct dig_searchlist dig_searchlist_t;
+
+/*% The dig_lookup structure */
+struct dig_lookup {
+ isc_boolean_t
+ pending, /*%< Pending a successful answer */
+ waiting_connect,
+ doing_xfr,
+ ns_search_only, /*%< dig +nssearch, host -C */
+ identify, /*%< Append an "on server <foo>" message */
+ identify_previous_line, /*% Prepend a "Nameserver <foo>:"
+ message, with newline and tab */
+ ignore,
+ recurse,
+ aaonly,
+ adflag,
+ cdflag,
+ trace, /*% dig +trace */
+ trace_root, /*% initial query for either +trace or +nssearch */
+ tcp_mode,
+ ip6_int,
+ comments,
+ stats,
+ section_question,
+ section_answer,
+ section_authority,
+ section_additional,
+ servfail_stops,
+ new_search,
+ need_search,
+ done_as_is,
+ besteffort,
+ dnssec,
+ nsid; /*% Name Server ID (RFC 5001) */
+#ifdef DIG_SIGCHASE
+isc_boolean_t sigchase;
+#if DIG_SIGCHASE_TD
+ isc_boolean_t do_topdown,
+ trace_root_sigchase,
+ rdtype_sigchaseset,
+ rdclass_sigchaseset;
+ /* Name we are going to validate RRset */
+ char textnamesigchase[MXNAME];
+#endif
+#endif
+
+ char textname[MXNAME]; /*% Name we're going to be looking up */
+ char cmdline[MXNAME];
+ dns_rdatatype_t rdtype;
+ dns_rdatatype_t qrdtype;
+#if DIG_SIGCHASE_TD
+ dns_rdatatype_t rdtype_sigchase;
+ dns_rdatatype_t qrdtype_sigchase;
+ dns_rdataclass_t rdclass_sigchase;
+#endif
+ dns_rdataclass_t rdclass;
+ isc_boolean_t rdtypeset;
+ isc_boolean_t rdclassset;
+ char namespace[BUFSIZE];
+ char onamespace[BUFSIZE];
+ isc_buffer_t namebuf;
+ isc_buffer_t onamebuf;
+ isc_buffer_t renderbuf;
+ char *sendspace;
+ dns_name_t *name;
+ isc_timer_t *timer;
+ isc_interval_t interval;
+ dns_message_t *sendmsg;
+ dns_name_t *oname;
+ ISC_LINK(dig_lookup_t) link;
+ ISC_LIST(dig_query_t) q;
+ dig_query_t *current_query;
+ dig_serverlist_t my_server_list;
+ dig_searchlist_t *origin;
+ dig_query_t *xfr_q;
+ isc_uint32_t retries;
+ int nsfound;
+ isc_uint16_t udpsize;
+ isc_int16_t edns;
+ isc_uint32_t ixfr_serial;
+ isc_buffer_t rdatabuf;
+ char rdatastore[MXNAME];
+ dst_context_t *tsigctx;
+ isc_buffer_t *querysig;
+ isc_uint32_t msgcounter;
+ dns_fixedname_t fdomain;
+};
+
+/*% The dig_query structure */
+struct dig_query {
+ dig_lookup_t *lookup;
+ isc_boolean_t waiting_connect,
+ pending_free,
+ waiting_senddone,
+ first_pass,
+ first_soa_rcvd,
+ second_rr_rcvd,
+ first_repeat_rcvd,
+ recv_made,
+ warn_id;
+ isc_uint32_t first_rr_serial;
+ isc_uint32_t second_rr_serial;
+ isc_uint32_t msg_count;
+ isc_uint32_t rr_count;
+ char *servname;
+ char *userarg;
+ isc_bufferlist_t sendlist,
+ recvlist,
+ lengthlist;
+ isc_buffer_t recvbuf,
+ lengthbuf,
+ slbuf;
+ char *recvspace,
+ lengthspace[4],
+ slspace[4];
+ isc_socket_t *sock;
+ ISC_LINK(dig_query_t) link;
+ isc_sockaddr_t sockaddr;
+ isc_time_t time_sent;
+ isc_uint64_t byte_count;
+ isc_buffer_t sendbuf;
+};
+
+struct dig_server {
+ char servername[MXNAME];
+ char userarg[MXNAME];
+ ISC_LINK(dig_server_t) link;
+};
+
+struct dig_searchlist {
+ char origin[MXNAME];
+ ISC_LINK(dig_searchlist_t) link;
+};
+#ifdef DIG_SIGCHASE
+struct dig_message {
+ dns_message_t *msg;
+ ISC_LINK(dig_message_t) link;
+};
+#endif
+
+typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
+typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
+
+/*
+ * Externals from dighost.c
+ */
+
+extern dig_lookuplist_t lookup_list;
+extern dig_serverlist_t server_list;
+extern dig_searchlistlist_t search_list;
+extern unsigned int extrabytes;
+
+extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
+ usesearch, showsearch, qr;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern dns_messageid_t id;
+extern int sendcount;
+extern int ndots;
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
+extern dns_name_t *hmacname;
+extern unsigned int digestbits;
+#ifdef DIG_SIGCHASE
+extern char trustedkey[MXNAME];
+#endif
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern isc_boolean_t free_now;
+extern isc_boolean_t debugging, memdebugging;
+
+extern char *progname;
+extern int tries;
+extern int fatalexit;
+#ifdef WITH_IDN
+extern int idnoptions;
+#endif
+
+/*
+ * Routines in dighost.c.
+ */
+void
+get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
+
+isc_result_t
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
+ isc_boolean_t strict);
+
+void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+check_result(isc_result_t result, const char *msg);
+
+void
+setup_lookup(dig_lookup_t *lookup);
+
+void
+destroy_lookup(dig_lookup_t *lookup);
+
+void
+do_lookup(dig_lookup_t *lookup);
+
+void
+start_lookup(void);
+
+void
+onrun_callback(isc_task_t *task, isc_event_t *event);
+
+int
+dhmain(int argc, char **argv);
+
+void
+setup_libs(void);
+
+void
+setup_system(void);
+
+dig_lookup_t *
+requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
+
+dig_lookup_t *
+make_empty_lookup(void);
+
+dig_lookup_t *
+clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
+
+dig_server_t *
+make_server(const char *servname, const char *userarg);
+
+void
+flush_server_list(void);
+
+void
+set_nameserver(char *opt);
+
+void
+clone_server_list(dig_serverlist_t src,
+ dig_serverlist_t *dest);
+
+void
+cancel_all(void);
+
+void
+destroy_libs(void);
+
+void
+set_search_domain(char *domain);
+
+#ifdef DIG_SIGCHASE
+void
+clean_trustedkey(void);
+#endif
+
+/*
+ * Routines to be defined in dig.c, host.c, and nslookup.c.
+ */
+#ifdef DIG_SIGCHASE
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+ isc_buffer_t *target);
+#endif
+
+isc_result_t
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
+/*%<
+ * Print the final result of the lookup.
+ */
+
+void
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query);
+/*%<
+ * Print a message about where and when the response
+ * was received from, like the final comment in the
+ * output of "dig".
+ */
+
+void
+trying(char *frm, dig_lookup_t *lookup);
+
+void
+dighost_shutdown(void);
+
+char *
+next_token(char **stringp, const char *delim);
+
+#ifdef DIG_SIGCHASE
+/* Chasing functions */
+dns_rdataset_t *
+chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers);
+void
+chase_sig(dns_message_t *msg);
+#endif
+
+ISC_LANG_ENDDECLS
+
+#endif
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
new file mode 100644
index 0000000..2d19534
--- /dev/null
+++ b/bin/dig/nslookup.1
@@ -0,0 +1,252 @@
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: nslookup.1,v 1.14 2007/05/16 06:12:01 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: nslookup
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+nslookup \- query Internet name servers interactively
+.SH "SYNOPSIS"
+.HP 9
+\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
+.SH "DESCRIPTION"
+.PP
+\fBNslookup\fR
+is a program to query Internet domain name servers.
+\fBNslookup\fR
+has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain.
+.SH "ARGUMENTS"
+.PP
+Interactive mode is entered in the following cases:
+.TP 4
+1.
+when no arguments are given (the default name server will be used)
+.TP 4
+2.
+when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
+.sp
+.RE
+.PP
+Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
+.PP
+Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
+.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
+.SH "INTERACTIVE COMMANDS"
+.PP
+\fBhost\fR [server]
+.RS 4
+Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
+.sp
+To look up a host not in the current domain, append a period to the name.
+.RE
+.PP
+\fBserver\fR \fIdomain\fR
+.RS 4
+.RE
+.PP
+\fBlserver\fR \fIdomain\fR
+.RS 4
+Change the default server to
+\fIdomain\fR;
+\fBlserver\fR
+uses the initial server to look up information about
+\fIdomain\fR, while
+\fBserver\fR
+uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
+.RE
+.PP
+\fBroot\fR
+.RS 4
+not implemented
+.RE
+.PP
+\fBfinger\fR
+.RS 4
+not implemented
+.RE
+.PP
+\fBls\fR
+.RS 4
+not implemented
+.RE
+.PP
+\fBview\fR
+.RS 4
+not implemented
+.RE
+.PP
+\fBhelp\fR
+.RS 4
+not implemented
+.RE
+.PP
+\fB?\fR
+.RS 4
+not implemented
+.RE
+.PP
+\fBexit\fR
+.RS 4
+Exits the program.
+.RE
+.PP
+\fBset\fR \fIkeyword\fR\fI[=value]\fR
+.RS 4
+This command is used to change state information that affects the lookups. Valid keywords are:
+.RS 4
+.PP
+\fBall\fR
+.RS 4
+Prints the current values of the frequently used options to
+\fBset\fR. Information about the current default server and host is also printed.
+.RE
+.PP
+\fBclass=\fR\fIvalue\fR
+.RS 4
+Change the query class to one of:
+.RS 4
+.PP
+\fBIN\fR
+.RS 4
+the Internet class
+.RE
+.PP
+\fBCH\fR
+.RS 4
+the Chaos class
+.RE
+.PP
+\fBHS\fR
+.RS 4
+the Hesiod class
+.RE
+.PP
+\fBANY\fR
+.RS 4
+wildcard
+.RE
+.RE
+.IP "" 4
+The class specifies the protocol group of the information.
+.sp
+(Default = IN; abbreviation = cl)
+.RE
+.PP
+\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
+.RS 4
+Turn on or off the display of the full response packet and any intermediate response packets when searching.
+.sp
+(Default = nodebug; abbreviation =
+[no]deb)
+.RE
+.PP
+\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
+.RS 4
+Turn debugging mode on or off. This displays more about what nslookup is doing.
+.sp
+(Default = nod2)
+.RE
+.PP
+\fBdomain=\fR\fIname\fR
+.RS 4
+Sets the search list to
+\fIname\fR.
+.RE
+.PP
+\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
+.RS 4
+If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
+.sp
+(Default = search)
+.RE
+.PP
+\fBport=\fR\fIvalue\fR
+.RS 4
+Change the default TCP/UDP name server port to
+\fIvalue\fR.
+.sp
+(Default = 53; abbreviation = po)
+.RE
+.PP
+\fBquerytype=\fR\fIvalue\fR
+.RS 4
+.RE
+.PP
+\fBtype=\fR\fIvalue\fR
+.RS 4
+Change the type of the information query.
+.sp
+(Default = A; abbreviations = q, ty)
+.RE
+.PP
+\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
+.RS 4
+Tell the name server to query other servers if it does not have the information.
+.sp
+(Default = recurse; abbreviation = [no]rec)
+.RE
+.PP
+\fBretry=\fR\fInumber\fR
+.RS 4
+Set the number of retries to number.
+.RE
+.PP
+\fBtimeout=\fR\fInumber\fR
+.RS 4
+Change the initial timeout interval for waiting for a reply to number seconds.
+.RE
+.PP
+\fB \fR\fB\fI[no]\fR\fR\fBvc\fR
+.RS 4
+Always use a virtual circuit when sending requests to the server.
+.sp
+(Default = novc)
+.RE
+.PP
+\fB \fR\fB\fI[no]\fR\fR\fBfail\fR
+.RS 4
+Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.
+.sp
+(Default = nofail)
+.RE
+.RE
+.IP "" 4
+.RE
+.SH "FILES"
+.PP
+\fI/etc/resolv.conf\fR
+.SH "SEE ALSO"
+.PP
+\fBdig\fR(1),
+\fBhost\fR(1),
+\fBnamed\fR(8).
+.SH "AUTHOR"
+.PP
+Andrew Cherenson
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
new file mode 100644
index 0000000..31be018
--- /dev/null
+++ b/bin/dig/nslookup.c
@@ -0,0 +1,891 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: nslookup.c,v 1.117 2007/06/18 23:47:17 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/event.h>
+#include <isc/parseint.h>
+#include <isc/string.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+#include <isc/task.h>
+#include <isc/netaddr.h>
+
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/fixedname.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/byaddr.h>
+
+#include <dig/dig.h>
+
+static isc_boolean_t short_form = ISC_TRUE,
+ tcpmode = ISC_FALSE,
+ identify = ISC_FALSE, stats = ISC_TRUE,
+ comments = ISC_TRUE, section_question = ISC_TRUE,
+ section_answer = ISC_TRUE, section_authority = ISC_TRUE,
+ section_additional = ISC_TRUE, recurse = ISC_TRUE,
+ aaonly = ISC_FALSE, nofail = ISC_TRUE;
+
+static isc_boolean_t in_use = ISC_FALSE;
+static char defclass[MXRD] = "IN";
+static char deftype[MXRD] = "A";
+static isc_event_t *global_event = NULL;
+
+static char domainopt[DNS_NAME_MAXTEXT];
+
+static const char *rcodetext[] = {
+ "NOERROR",
+ "FORMERR",
+ "SERVFAIL",
+ "NXDOMAIN",
+ "NOTIMP",
+ "REFUSED",
+ "YXDOMAIN",
+ "YXRRSET",
+ "NXRRSET",
+ "NOTAUTH",
+ "NOTZONE",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15",
+ "BADVERS"
+};
+
+static const char *rtypetext[] = {
+ "rtype_0 = ", /* 0 */
+ "internet address = ", /* 1 */
+ "nameserver = ", /* 2 */
+ "md = ", /* 3 */
+ "mf = ", /* 4 */
+ "canonical name = ", /* 5 */
+ "soa = ", /* 6 */
+ "mb = ", /* 7 */
+ "mg = ", /* 8 */
+ "mr = ", /* 9 */
+ "rtype_10 = ", /* 10 */
+ "protocol = ", /* 11 */
+ "name = ", /* 12 */
+ "hinfo = ", /* 13 */
+ "minfo = ", /* 14 */
+ "mail exchanger = ", /* 15 */
+ "text = ", /* 16 */
+ "rp = ", /* 17 */
+ "afsdb = ", /* 18 */
+ "x25 address = ", /* 19 */
+ "isdn address = ", /* 20 */
+ "rt = ", /* 21 */
+ "nsap = ", /* 22 */
+ "nsap_ptr = ", /* 23 */
+ "signature = ", /* 24 */
+ "key = ", /* 25 */
+ "px = ", /* 26 */
+ "gpos = ", /* 27 */
+ "has AAAA address ", /* 28 */
+ "loc = ", /* 29 */
+ "next = ", /* 30 */
+ "rtype_31 = ", /* 31 */
+ "rtype_32 = ", /* 32 */
+ "service = ", /* 33 */
+ "rtype_34 = ", /* 34 */
+ "naptr = ", /* 35 */
+ "kx = ", /* 36 */
+ "cert = ", /* 37 */
+ "v6 address = ", /* 38 */
+ "dname = ", /* 39 */
+ "rtype_40 = ", /* 40 */
+ "optional = " /* 41 */
+};
+
+#define N_KNOWN_RRTYPES (sizeof(rtypetext) / sizeof(rtypetext[0]))
+
+static void flush_lookup_list(void);
+static void getinput(isc_task_t *task, isc_event_t *event);
+
+void
+dighost_shutdown(void) {
+ isc_event_t *event = global_event;
+
+ flush_lookup_list();
+ debug("dighost_shutdown()");
+
+ if (!in_use) {
+ isc_app_shutdown();
+ return;
+ }
+
+ isc_task_send(global_task, &event);
+}
+
+static void
+printsoa(dns_rdata_t *rdata) {
+ dns_rdata_soa_t soa;
+ isc_result_t result;
+ char namebuf[DNS_NAME_FORMATSIZE];
+
+ result = dns_rdata_tostruct(rdata, &soa, NULL);
+ check_result(result, "dns_rdata_tostruct");
+
+ dns_name_format(&soa.origin, namebuf, sizeof(namebuf));
+ printf("\torigin = %s\n", namebuf);
+ dns_name_format(&soa.contact, namebuf, sizeof(namebuf));
+ printf("\tmail addr = %s\n", namebuf);
+ printf("\tserial = %u\n", soa.serial);
+ printf("\trefresh = %u\n", soa.refresh);
+ printf("\tretry = %u\n", soa.retry);
+ printf("\texpire = %u\n", soa.expire);
+ printf("\tminimum = %u\n", soa.minimum);
+ dns_rdata_freestruct(&soa);
+}
+
+static void
+printa(dns_rdata_t *rdata) {
+ isc_result_t result;
+ char text[sizeof("255.255.255.255")];
+ isc_buffer_t b;
+
+ isc_buffer_init(&b, text, sizeof(text));
+ result = dns_rdata_totext(rdata, NULL, &b);
+ check_result(result, "dns_rdata_totext");
+ printf("Address: %.*s\n", (int)isc_buffer_usedlength(&b),
+ (char *)isc_buffer_base(&b));
+}
+#ifdef DIG_SIGCHASE
+/* Just for compatibility : not use in host program */
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+ isc_buffer_t *target)
+{
+ UNUSED(owner_name);
+ UNUSED(rdataset);
+ UNUSED(target);
+ return(ISC_FALSE);
+}
+#endif
+static void
+printrdata(dns_rdata_t *rdata) {
+ isc_result_t result;
+ isc_buffer_t *b = NULL;
+ unsigned int size = 1024;
+ isc_boolean_t done = ISC_FALSE;
+
+ if (rdata->type < N_KNOWN_RRTYPES)
+ printf("%s", rtypetext[rdata->type]);
+ else
+ printf("rdata_%d = ", rdata->type);
+
+ while (!done) {
+ result = isc_buffer_allocate(mctx, &b, size);
+ if (result != ISC_R_SUCCESS)
+ check_result(result, "isc_buffer_allocate");
+ result = dns_rdata_totext(rdata, NULL, b);
+ if (result == ISC_R_SUCCESS) {
+ printf("%.*s\n", (int)isc_buffer_usedlength(b),
+ (char *)isc_buffer_base(b));
+ done = ISC_TRUE;
+ } else if (result != ISC_R_NOSPACE)
+ check_result(result, "dns_rdata_totext");
+ isc_buffer_free(&b);
+ size *= 2;
+ }
+}
+
+static isc_result_t
+printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
+ dns_section_t section) {
+ isc_result_t result, loopresult;
+ dns_name_t *name;
+ dns_rdataset_t *rdataset = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ char namebuf[DNS_NAME_FORMATSIZE];
+
+ UNUSED(query);
+ UNUSED(headers);
+
+ debug("printsection()");
+
+ result = dns_message_firstname(msg, section);
+ if (result == ISC_R_NOMORE)
+ return (ISC_R_SUCCESS);
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+ for (;;) {
+ name = NULL;
+ dns_message_currentname(msg, section,
+ &name);
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ loopresult = dns_rdataset_first(rdataset);
+ while (loopresult == ISC_R_SUCCESS) {
+ dns_rdataset_current(rdataset, &rdata);
+ switch (rdata.type) {
+ case dns_rdatatype_a:
+ if (section != DNS_SECTION_ANSWER)
+ goto def_short_section;
+ dns_name_format(name, namebuf,
+ sizeof(namebuf));
+ printf("Name:\t%s\n", namebuf);
+ printa(&rdata);
+ break;
+ case dns_rdatatype_soa:
+ dns_name_format(name, namebuf,
+ sizeof(namebuf));
+ printf("%s\n", namebuf);
+ printsoa(&rdata);
+ break;
+ default:
+ def_short_section:
+ dns_name_format(name, namebuf,
+ sizeof(namebuf));
+ printf("%s\t", namebuf);
+ printrdata(&rdata);
+ break;
+ }
+ dns_rdata_reset(&rdata);
+ loopresult = dns_rdataset_next(rdataset);
+ }
+ }
+ result = dns_message_nextname(msg, section);
+ if (result == ISC_R_NOMORE)
+ break;
+ else if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
+ dns_section_t section) {
+ isc_result_t result, loopresult;
+ dns_name_t *name;
+ dns_rdataset_t *rdataset = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ char namebuf[DNS_NAME_FORMATSIZE];
+
+ UNUSED(query);
+
+ debug("detailsection()");
+
+ if (headers) {
+ switch (section) {
+ case DNS_SECTION_QUESTION:
+ puts(" QUESTIONS:");
+ break;
+ case DNS_SECTION_ANSWER:
+ puts(" ANSWERS:");
+ break;
+ case DNS_SECTION_AUTHORITY:
+ puts(" AUTHORITY RECORDS:");
+ break;
+ case DNS_SECTION_ADDITIONAL:
+ puts(" ADDITIONAL RECORDS:");
+ break;
+ }
+ }
+
+ result = dns_message_firstname(msg, section);
+ if (result == ISC_R_NOMORE)
+ return (ISC_R_SUCCESS);
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+ for (;;) {
+ name = NULL;
+ dns_message_currentname(msg, section,
+ &name);
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ if (section == DNS_SECTION_QUESTION) {
+ dns_name_format(name, namebuf,
+ sizeof(namebuf));
+ printf("\t%s, ", namebuf);
+ dns_rdatatype_format(rdataset->type,
+ namebuf,
+ sizeof(namebuf));
+ printf("type = %s, ", namebuf);
+ dns_rdataclass_format(rdataset->rdclass,
+ namebuf,
+ sizeof(namebuf));
+ printf("class = %s\n", namebuf);
+ }
+ loopresult = dns_rdataset_first(rdataset);
+ while (loopresult == ISC_R_SUCCESS) {
+ dns_rdataset_current(rdataset, &rdata);
+
+ dns_name_format(name, namebuf,
+ sizeof(namebuf));
+ printf(" -> %s\n", namebuf);
+
+ switch (rdata.type) {
+ case dns_rdatatype_soa:
+ printsoa(&rdata);
+ break;
+ default:
+ printf("\t");
+ printrdata(&rdata);
+ }
+ dns_rdata_reset(&rdata);
+ loopresult = dns_rdataset_next(rdataset);
+ }
+ }
+ result = dns_message_nextname(msg, section);
+ if (result == ISC_R_NOMORE)
+ break;
+ else if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+ }
+ return (ISC_R_SUCCESS);
+}
+
+void
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query)
+{
+ UNUSED(bytes);
+ UNUSED(from);
+ UNUSED(query);
+}
+
+void
+trying(char *frm, dig_lookup_t *lookup) {
+ UNUSED(frm);
+ UNUSED(lookup);
+
+}
+
+isc_result_t
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
+ char servtext[ISC_SOCKADDR_FORMATSIZE];
+
+ debug("printmessage()");
+
+ isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
+ printf("Server:\t\t%s\n", query->userarg);
+ printf("Address:\t%s\n", servtext);
+
+ puts("");
+
+ if (!short_form) {
+ isc_boolean_t headers = ISC_TRUE;
+ puts("------------");
+ /* detailheader(query, msg);*/
+ detailsection(query, msg, headers, DNS_SECTION_QUESTION);
+ detailsection(query, msg, headers, DNS_SECTION_ANSWER);
+ detailsection(query, msg, headers, DNS_SECTION_AUTHORITY);
+ detailsection(query, msg, headers, DNS_SECTION_ADDITIONAL);
+ puts("------------");
+ }
+
+ if (msg->rcode != 0) {
+ char nametext[DNS_NAME_FORMATSIZE];
+ dns_name_format(query->lookup->name,
+ nametext, sizeof(nametext));
+ printf("** server can't find %s: %s\n",
+ (msg->rcode != dns_rcode_nxdomain) ? nametext :
+ query->lookup->textname, rcodetext[msg->rcode]);
+ debug("returning with rcode == 0");
+ return (ISC_R_SUCCESS);
+ }
+
+ if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0)
+ puts("Non-authoritative answer:");
+ if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
+ printsection(query, msg, headers, DNS_SECTION_ANSWER);
+ else
+ printf("*** Can't find %s: No answer\n",
+ query->lookup->textname);
+
+ if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
+ (query->lookup->rdtype != dns_rdatatype_a)) {
+ puts("\nAuthoritative answers can be found from:");
+ printsection(query, msg, headers,
+ DNS_SECTION_AUTHORITY);
+ printsection(query, msg, headers,
+ DNS_SECTION_ADDITIONAL);
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static void
+show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
+ dig_server_t *srv;
+ isc_sockaddr_t sockaddr;
+ dig_searchlist_t *listent;
+
+ srv = ISC_LIST_HEAD(server_list);
+
+ while (srv != NULL) {
+ char sockstr[ISC_SOCKADDR_FORMATSIZE];
+
+ get_address(srv->servername, port, &sockaddr);
+ isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
+ printf("Default server: %s\nAddress: %s\n",
+ srv->userarg, sockstr);
+ if (!full)
+ return;
+ srv = ISC_LIST_NEXT(srv, link);
+ }
+ if (serv_only)
+ return;
+ printf("\nSet options:\n");
+ printf(" %s\t\t\t%s\t\t%s\n",
+ tcpmode ? "vc" : "novc",
+ short_form ? "nodebug" : "debug",
+ debugging ? "d2" : "nod2");
+ printf(" %s\t\t%s\n",
+ usesearch ? "search" : "nosearch",
+ recurse ? "recurse" : "norecurse");
+ printf(" timeout = %d\t\tretry = %d\tport = %d\n",
+ timeout, tries, port);
+ printf(" querytype = %-8s\tclass = %s\n", deftype, defclass);
+ printf(" srchlist = ");
+ for (listent = ISC_LIST_HEAD(search_list);
+ listent != NULL;
+ listent = ISC_LIST_NEXT(listent, link)) {
+ printf("%s", listent->origin);
+ if (ISC_LIST_NEXT(listent, link) != NULL)
+ printf("/");
+ }
+ printf("\n");
+}
+
+static isc_boolean_t
+testtype(char *typetext) {
+ isc_result_t result;
+ isc_textregion_t tr;
+ dns_rdatatype_t rdtype;
+
+ tr.base = typetext;
+ tr.length = strlen(typetext);
+ result = dns_rdatatype_fromtext(&rdtype, &tr);
+ if (result == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+ else {
+ printf("unknown query type: %s\n", typetext);
+ return (ISC_FALSE);
+ }
+}
+
+static isc_boolean_t
+testclass(char *typetext) {
+ isc_result_t result;
+ isc_textregion_t tr;
+ dns_rdataclass_t rdclass;
+
+ tr.base = typetext;
+ tr.length = strlen(typetext);
+ result = dns_rdataclass_fromtext(&rdclass, &tr);
+ if (result == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+ else {
+ printf("unknown query class: %s\n", typetext);
+ return (ISC_FALSE);
+ }
+}
+
+static void
+safecpy(char *dest, char *src, int size) {
+ strncpy(dest, src, size);
+ dest[size-1] = 0;
+}
+
+static isc_result_t
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
+ const char *desc) {
+ isc_uint32_t n;
+ isc_result_t result = isc_parse_uint32(&n, value, 10);
+ if (result == ISC_R_SUCCESS && n > max)
+ result = ISC_R_RANGE;
+ if (result != ISC_R_SUCCESS) {
+ printf("invalid %s '%s': %s\n", desc,
+ value, isc_result_totext(result));
+ return result;
+ }
+ *uip = n;
+ return (ISC_R_SUCCESS);
+}
+
+static void
+set_port(const char *value) {
+ isc_uint32_t n;
+ isc_result_t result = parse_uint(&n, value, 65535, "port");
+ if (result == ISC_R_SUCCESS)
+ port = (isc_uint16_t) n;
+}
+
+static void
+set_timeout(const char *value) {
+ isc_uint32_t n;
+ isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
+ if (result == ISC_R_SUCCESS)
+ timeout = n;
+}
+
+static void
+set_tries(const char *value) {
+ isc_uint32_t n;
+ isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
+ if (result == ISC_R_SUCCESS)
+ tries = n;
+}
+
+static void
+setoption(char *opt) {
+ if (strncasecmp(opt, "all", 4) == 0) {
+ show_settings(ISC_TRUE, ISC_FALSE);
+ } else if (strncasecmp(opt, "class=", 6) == 0) {
+ if (testclass(&opt[6]))
+ safecpy(defclass, &opt[6], sizeof(defclass));
+ } else if (strncasecmp(opt, "cl=", 3) == 0) {
+ if (testclass(&opt[3]))
+ safecpy(defclass, &opt[3], sizeof(defclass));
+ } else if (strncasecmp(opt, "type=", 5) == 0) {
+ if (testtype(&opt[5]))
+ safecpy(deftype, &opt[5], sizeof(deftype));
+ } else if (strncasecmp(opt, "ty=", 3) == 0) {
+ if (testtype(&opt[3]))
+ safecpy(deftype, &opt[3], sizeof(deftype));
+ } else if (strncasecmp(opt, "querytype=", 10) == 0) {
+ if (testtype(&opt[10]))
+ safecpy(deftype, &opt[10], sizeof(deftype));
+ } else if (strncasecmp(opt, "query=", 6) == 0) {
+ if (testtype(&opt[6]))
+ safecpy(deftype, &opt[6], sizeof(deftype));
+ } else if (strncasecmp(opt, "qu=", 3) == 0) {
+ if (testtype(&opt[3]))
+ safecpy(deftype, &opt[3], sizeof(deftype));
+ } else if (strncasecmp(opt, "q=", 2) == 0) {
+ if (testtype(&opt[2]))
+ safecpy(deftype, &opt[2], sizeof(deftype));
+ } else if (strncasecmp(opt, "domain=", 7) == 0) {
+ safecpy(domainopt, &opt[7], sizeof(domainopt));
+ set_search_domain(domainopt);
+ usesearch = ISC_TRUE;
+ } else if (strncasecmp(opt, "do=", 3) == 0) {
+ safecpy(domainopt, &opt[3], sizeof(domainopt));
+ set_search_domain(domainopt);
+ usesearch = ISC_TRUE;
+ } else if (strncasecmp(opt, "port=", 5) == 0) {
+ set_port(&opt[5]);
+ } else if (strncasecmp(opt, "po=", 3) == 0) {
+ set_port(&opt[3]);
+ } else if (strncasecmp(opt, "timeout=", 8) == 0) {
+ set_timeout(&opt[8]);
+ } else if (strncasecmp(opt, "t=", 2) == 0) {
+ set_timeout(&opt[2]);
+ } else if (strncasecmp(opt, "rec", 3) == 0) {
+ recurse = ISC_TRUE;
+ } else if (strncasecmp(opt, "norec", 5) == 0) {
+ recurse = ISC_FALSE;
+ } else if (strncasecmp(opt, "retry=", 6) == 0) {
+ set_tries(&opt[6]);
+ } else if (strncasecmp(opt, "ret=", 4) == 0) {
+ set_tries(&opt[4]);
+ } else if (strncasecmp(opt, "def", 3) == 0) {
+ usesearch = ISC_TRUE;
+ } else if (strncasecmp(opt, "nodef", 5) == 0) {
+ usesearch = ISC_FALSE;
+ } else if (strncasecmp(opt, "vc", 3) == 0) {
+ tcpmode = ISC_TRUE;
+ } else if (strncasecmp(opt, "novc", 5) == 0) {
+ tcpmode = ISC_FALSE;
+ } else if (strncasecmp(opt, "deb", 3) == 0) {
+ short_form = ISC_FALSE;
+ showsearch = ISC_TRUE;
+ } else if (strncasecmp(opt, "nodeb", 5) == 0) {
+ short_form = ISC_TRUE;
+ showsearch = ISC_FALSE;
+ } else if (strncasecmp(opt, "d2", 2) == 0) {
+ debugging = ISC_TRUE;
+ } else if (strncasecmp(opt, "nod2", 4) == 0) {
+ debugging = ISC_FALSE;
+ } else if (strncasecmp(opt, "search", 3) == 0) {
+ usesearch = ISC_TRUE;
+ } else if (strncasecmp(opt, "nosearch", 5) == 0) {
+ usesearch = ISC_FALSE;
+ } else if (strncasecmp(opt, "sil", 3) == 0) {
+ /* deprecation_msg = ISC_FALSE; */
+ } else if (strncasecmp(opt, "fail", 3) == 0) {
+ nofail=ISC_FALSE;
+ } else if (strncasecmp(opt, "nofail", 3) == 0) {
+ nofail=ISC_TRUE;
+ } else {
+ printf("*** Invalid option: %s\n", opt);
+ }
+}
+
+static void
+addlookup(char *opt) {
+ dig_lookup_t *lookup;
+ isc_result_t result;
+ isc_textregion_t tr;
+ dns_rdatatype_t rdtype;
+ dns_rdataclass_t rdclass;
+ char store[MXNAME];
+
+ debug("addlookup()");
+ tr.base = deftype;
+ tr.length = strlen(deftype);
+ result = dns_rdatatype_fromtext(&rdtype, &tr);
+ if (result != ISC_R_SUCCESS) {
+ printf("unknown query type: %s\n", deftype);
+ rdclass = dns_rdatatype_a;
+ }
+ tr.base = defclass;
+ tr.length = strlen(defclass);
+ result = dns_rdataclass_fromtext(&rdclass, &tr);
+ if (result != ISC_R_SUCCESS) {
+ printf("unknown query class: %s\n", defclass);
+ rdclass = dns_rdataclass_in;
+ }
+ lookup = make_empty_lookup();
+ if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
+ == ISC_R_SUCCESS) {
+ safecpy(lookup->textname, store, sizeof(lookup->textname));
+ lookup->rdtype = dns_rdatatype_ptr;
+ lookup->rdtypeset = ISC_TRUE;
+ } else {
+ safecpy(lookup->textname, opt, sizeof(lookup->textname));
+ lookup->rdtype = rdtype;
+ lookup->rdtypeset = ISC_TRUE;
+ }
+ lookup->rdclass = rdclass;
+ lookup->rdclassset = ISC_TRUE;
+ lookup->trace = ISC_FALSE;
+ lookup->trace_root = lookup->trace;
+ lookup->ns_search_only = ISC_FALSE;
+ lookup->identify = identify;
+ lookup->recurse = recurse;
+ lookup->aaonly = aaonly;
+ lookup->retries = tries;
+ lookup->udpsize = 0;
+ lookup->comments = comments;
+ lookup->tcp_mode = tcpmode;
+ lookup->stats = stats;
+ lookup->section_question = section_question;
+ lookup->section_answer = section_answer;
+ lookup->section_authority = section_authority;
+ lookup->section_additional = section_additional;
+ lookup->new_search = ISC_TRUE;
+ if (nofail)
+ lookup->servfail_stops = ISC_FALSE;
+ ISC_LIST_INIT(lookup->q);
+ ISC_LINK_INIT(lookup, link);
+ ISC_LIST_APPEND(lookup_list, lookup, link);
+ lookup->origin = NULL;
+ ISC_LIST_INIT(lookup->my_server_list);
+ debug("looking up %s", lookup->textname);
+}
+
+static void
+get_next_command(void) {
+ char *buf;
+ char *ptr, *arg;
+ char *input;
+
+ fflush(stdout);
+ buf = isc_mem_allocate(mctx, COMMSIZE);
+ if (buf == NULL)
+ fatal("memory allocation failure");
+ fputs("> ", stderr);
+ fflush(stderr);
+ isc_app_block();
+ ptr = fgets(buf, COMMSIZE, stdin);
+ isc_app_unblock();
+ if (ptr == NULL) {
+ in_use = ISC_FALSE;
+ goto cleanup;
+ }
+ input = buf;
+ ptr = next_token(&input, " \t\r\n");
+ if (ptr == NULL)
+ goto cleanup;
+ arg = next_token(&input, " \t\r\n");
+ if ((strcasecmp(ptr, "set") == 0) &&
+ (arg != NULL))
+ setoption(arg);
+ else if ((strcasecmp(ptr, "server") == 0) ||
+ (strcasecmp(ptr, "lserver") == 0)) {
+ isc_app_block();
+ set_nameserver(arg);
+ check_ra = ISC_FALSE;
+ isc_app_unblock();
+ show_settings(ISC_TRUE, ISC_TRUE);
+ } else if (strcasecmp(ptr, "exit") == 0) {
+ in_use = ISC_FALSE;
+ goto cleanup;
+ } else if (strcasecmp(ptr, "help") == 0 ||
+ strcasecmp(ptr, "?") == 0) {
+ printf("The '%s' command is not yet implemented.\n", ptr);
+ goto cleanup;
+ } else if (strcasecmp(ptr, "finger") == 0 ||
+ strcasecmp(ptr, "root") == 0 ||
+ strcasecmp(ptr, "ls") == 0 ||
+ strcasecmp(ptr, "view") == 0) {
+ printf("The '%s' command is not implemented.\n", ptr);
+ goto cleanup;
+ } else
+ addlookup(ptr);
+ cleanup:
+ isc_mem_free(mctx, buf);
+}
+
+static void
+parse_args(int argc, char **argv) {
+ isc_boolean_t have_lookup = ISC_FALSE;
+
+ usesearch = ISC_TRUE;
+ for (argc--, argv++; argc > 0; argc--, argv++) {
+ debug("main parsing %s", argv[0]);
+ if (argv[0][0] == '-') {
+ if (argv[0][1] != 0)
+ setoption(&argv[0][1]);
+ else
+ have_lookup = ISC_TRUE;
+ } else {
+ if (!have_lookup) {
+ have_lookup = ISC_TRUE;
+ in_use = ISC_TRUE;
+ addlookup(argv[0]);
+ } else {
+ set_nameserver(argv[0]);
+ check_ra = ISC_FALSE;
+ }
+ }
+ }
+}
+
+static void
+flush_lookup_list(void) {
+ dig_lookup_t *l, *lp;
+ dig_query_t *q, *qp;
+ dig_server_t *s, *sp;
+
+ lookup_counter = 0;
+ l = ISC_LIST_HEAD(lookup_list);
+ while (l != NULL) {
+ q = ISC_LIST_HEAD(l->q);
+ while (q != NULL) {
+ if (q->sock != NULL) {
+ isc_socket_cancel(q->sock, NULL,
+ ISC_SOCKCANCEL_ALL);
+ isc_socket_detach(&q->sock);
+ }
+ if (ISC_LINK_LINKED(&q->recvbuf, link))
+ ISC_LIST_DEQUEUE(q->recvlist, &q->recvbuf,
+ link);
+ if (ISC_LINK_LINKED(&q->lengthbuf, link))
+ ISC_LIST_DEQUEUE(q->lengthlist, &q->lengthbuf,
+ link);
+ isc_buffer_invalidate(&q->recvbuf);
+ isc_buffer_invalidate(&q->lengthbuf);
+ qp = q;
+ q = ISC_LIST_NEXT(q, link);
+ ISC_LIST_DEQUEUE(l->q, qp, link);
+ isc_mem_free(mctx, qp);
+ }
+ s = ISC_LIST_HEAD(l->my_server_list);
+ while (s != NULL) {
+ sp = s;
+ s = ISC_LIST_NEXT(s, link);
+ ISC_LIST_DEQUEUE(l->my_server_list, sp, link);
+ isc_mem_free(mctx, sp);
+
+ }
+ if (l->sendmsg != NULL)
+ dns_message_destroy(&l->sendmsg);
+ if (l->timer != NULL)
+ isc_timer_detach(&l->timer);
+ lp = l;
+ l = ISC_LIST_NEXT(l, link);
+ ISC_LIST_DEQUEUE(lookup_list, lp, link);
+ isc_mem_free(mctx, lp);
+ }
+}
+
+static void
+getinput(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+ if (global_event == NULL)
+ global_event = event;
+ while (in_use) {
+ get_next_command();
+ if (ISC_LIST_HEAD(lookup_list) != NULL) {
+ start_lookup();
+ return;
+ }
+ }
+ isc_app_shutdown();
+}
+
+int
+main(int argc, char **argv) {
+ isc_result_t result;
+
+ ISC_LIST_INIT(lookup_list);
+ ISC_LIST_INIT(server_list);
+ ISC_LIST_INIT(search_list);
+
+ check_ra = ISC_TRUE;
+
+ result = isc_app_start();
+ check_result(result, "isc_app_start");
+
+ setup_libs();
+ progname = argv[0];
+
+ parse_args(argc, argv);
+
+ setup_system();
+ if (domainopt[0] != '\0')
+ set_search_domain(domainopt);
+ if (in_use)
+ result = isc_app_onrun(mctx, global_task, onrun_callback,
+ NULL);
+ else
+ result = isc_app_onrun(mctx, global_task, getinput, NULL);
+ check_result(result, "isc_app_onrun");
+ in_use = ISC_TF(!in_use);
+
+ (void)isc_app_run();
+
+ puts("");
+ debug("done, and starting to shut down");
+ if (global_event != NULL)
+ isc_event_free(&global_event);
+ cancel_all();
+ destroy_libs();
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
new file mode 100644
index 0000000..6c94809
--- /dev/null
+++ b/bin/dig/nslookup.docbook
@@ -0,0 +1,496 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: nslookup.docbook,v 1.16 2007/06/18 23:47:17 tbox Exp $ -->
+<!--
+ - Copyright (c) 1985, 1989
+ - The Regents of the University of California. All rights reserved.
+ -
+ - Redistribution and use in source and binary forms, with or without
+ - modification, are permitted provided that the following conditions
+ - are met:
+ - 1. Redistributions of source code must retain the above copyright
+ - notice, this list of conditions and the following disclaimer.
+ - 2. Redistributions in binary form must reproduce the above copyright
+ - notice, this list of conditions and the following disclaimer in the
+ - documentation and/or other materials provided with the distribution.
+ - 3. All advertising materials mentioning features or use of this software
+ - must display the following acknowledgement:
+ - This product includes software developed by the University of
+ - California, Berkeley and its contributors.
+ - 4. Neither the name of the University nor the names of its contributors
+ - may be used to endorse or promote products derived from this software
+ - without specific prior written permission.
+ -
+ - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ - SUCH DAMAGE.
+-->
+<refentry>
+
+ <refentryinfo>
+ <date>Jun 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>nslookup</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>nslookup</refname>
+ <refpurpose>query Internet name servers interactively</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>nslookup</command>
+ <arg><option>-option</option></arg>
+ <arg choice="opt">name | -</arg>
+ <arg choice="opt">server</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>Nslookup</command>
+ is a program to query Internet domain name servers. <command>Nslookup</command>
+ has two modes: interactive and non-interactive. Interactive mode allows
+ the user to query name servers for information about various hosts and
+ domains or to print a list of hosts in a domain. Non-interactive mode
+ is
+ used to print just the name and requested information for a host or
+ domain.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>ARGUMENTS</title>
+ <para>
+ Interactive mode is entered in the following cases:
+ <orderedlist numeration="loweralpha">
+ <listitem>
+ <para>
+ when no arguments are given (the default name server will be used)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ when the first argument is a hyphen (-) and the second argument is
+ the host name or Internet address of a name server.
+ </para>
+ </listitem>
+ </orderedlist>
+ </para>
+
+ <para>
+ Non-interactive mode is used when the name or Internet address of the
+ host to be looked up is given as the first argument. The optional second
+ argument specifies the host name or address of a name server.
+ </para>
+
+ <para>
+ Options can also be specified on the command line if they precede the
+ arguments and are prefixed with a hyphen. For example, to
+ change the default query type to host information, and the initial
+ timeout to 10 seconds, type:
+ <informalexample>
+ <programlisting>
+nslookup -query=hinfo -timeout=10
+</programlisting>
+ </informalexample>
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>INTERACTIVE COMMANDS</title>
+ <variablelist>
+ <varlistentry>
+ <term><constant>host</constant> <optional>server</optional></term>
+ <listitem>
+ <para>
+ Look up information for host using the current default server or
+ using server, if specified. If host is an Internet address and
+ the query type is A or PTR, the name of the host is returned.
+ If host is a name and does not have a trailing period, the
+ search list is used to qualify the name.
+ </para>
+
+ <para>
+ To look up a host not in the current domain, append a period to
+ the name.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>server</constant> <replaceable class="parameter">domain</replaceable></term>
+ <listitem>
+ <para/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><constant>lserver</constant> <replaceable class="parameter">domain</replaceable></term>
+ <listitem>
+ <para>
+ Change the default server to <replaceable>domain</replaceable>; <constant>lserver</constant> uses the initial
+ server to look up information about <replaceable>domain</replaceable>, while <constant>server</constant> uses
+ the current default server. If an authoritative answer can't be
+ found, the names of servers that might have the answer are
+ returned.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>root</constant></term>
+ <listitem>
+ <para>
+ not implemented
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>finger</constant></term>
+ <listitem>
+ <para>
+ not implemented
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>ls</constant></term>
+ <listitem>
+ <para>
+ not implemented
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>view</constant></term>
+ <listitem>
+ <para>
+ not implemented
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>help</constant></term>
+ <listitem>
+ <para>
+ not implemented
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>?</constant></term>
+ <listitem>
+ <para>
+ not implemented
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>exit</constant></term>
+ <listitem>
+ <para>
+ Exits the program.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>set</constant>
+ <replaceable>keyword<optional>=value</optional></replaceable></term>
+ <listitem>
+ <para>
+ This command is used to change state information that affects
+ the lookups. Valid keywords are:
+ <variablelist>
+ <varlistentry>
+ <term><constant>all</constant></term>
+ <listitem>
+ <para>
+ Prints the current values of the frequently used
+ options to <command>set</command>.
+ Information about the current default
+ server and host is also printed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>class=</constant><replaceable>value</replaceable></term>
+ <listitem>
+ <para>
+ Change the query class to one of:
+ <variablelist>
+ <varlistentry>
+ <term><constant>IN</constant></term>
+ <listitem>
+ <para>
+ the Internet class
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><constant>CH</constant></term>
+ <listitem>
+ <para>
+ the Chaos class
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><constant>HS</constant></term>
+ <listitem>
+ <para>
+ the Hesiod class
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><constant>ANY</constant></term>
+ <listitem>
+ <para>
+ wildcard
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ The class specifies the protocol group of the information.
+
+ </para>
+ <para>
+ (Default = IN; abbreviation = cl)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>
+ <replaceable><optional>no</optional></replaceable>debug</constant></term>
+ <listitem>
+ <para>
+ Turn on or off the display of the full response packet and
+ any intermediate response packets when searching.
+ </para>
+ <para>
+ (Default = nodebug; abbreviation = <optional>no</optional>deb)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>
+ <replaceable><optional>no</optional></replaceable>d2</constant></term>
+ <listitem>
+ <para>
+ Turn debugging mode on or off. This displays more about
+ what nslookup is doing.
+ </para>
+ <para>
+ (Default = nod2)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>domain=</constant><replaceable>name</replaceable></term>
+ <listitem>
+ <para>
+ Sets the search list to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>
+ <replaceable><optional>no</optional></replaceable>search</constant></term>
+ <listitem>
+ <para>
+ If the lookup request contains at least one period but
+ doesn't end with a trailing period, append the domain
+ names in the domain search list to the request until an
+ answer is received.
+ </para>
+ <para>
+ (Default = search)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>port=</constant><replaceable>value</replaceable></term>
+ <listitem>
+ <para>
+ Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
+ </para>
+ <para>
+ (Default = 53; abbreviation = po)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>querytype=</constant><replaceable>value</replaceable></term>
+ <listitem>
+ <para/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>type=</constant><replaceable>value</replaceable></term>
+ <listitem>
+ <para>
+ Change the type of the information query.
+ </para>
+ <para>
+ (Default = A; abbreviations = q, ty)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>
+ <replaceable><optional>no</optional></replaceable>recurse</constant></term>
+ <listitem>
+ <para>
+ Tell the name server to query other servers if it does not
+ have the
+ information.
+ </para>
+ <para>
+ (Default = recurse; abbreviation = [no]rec)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>retry=</constant><replaceable>number</replaceable></term>
+ <listitem>
+ <para>
+ Set the number of retries to number.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>timeout=</constant><replaceable>number</replaceable></term>
+ <listitem>
+ <para>
+ Change the initial timeout interval for waiting for a
+ reply to number seconds.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>
+ <replaceable><optional>no</optional></replaceable>vc</constant></term>
+ <listitem>
+ <para>
+ Always use a virtual circuit when sending requests to the
+ server.
+ </para>
+ <para>
+ (Default = novc)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>
+ <replaceable><optional>no</optional></replaceable>fail</constant></term>
+ <listitem>
+ <para>
+ Try the next nameserver if a nameserver responds with
+ SERVFAIL or a referral (nofail) or terminate query
+ (fail) on such a response.
+ </para>
+ <para>
+ (Default = nofail)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+ <para><filename>/etc/resolv.conf</filename>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Author</title>
+ <para>
+ Andrew Cherenson
+ </para>
+ </refsect1>
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
new file mode 100644
index 0000000..0f38176
--- /dev/null
+++ b/bin/dig/nslookup.html
@@ -0,0 +1,307 @@
+<!--
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: nslookup.html,v 1.21 2007/05/16 06:12:01 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>nslookup</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2476276"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>nslookup &#8212; query Internet name servers interactively</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543355"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">Nslookup</strong></span>
+ is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
+ has two modes: interactive and non-interactive. Interactive mode allows
+ the user to query name servers for information about various hosts and
+ domains or to print a list of hosts in a domain. Non-interactive mode
+ is
+ used to print just the name and requested information for a host or
+ domain.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543371"></a><h2>ARGUMENTS</h2>
+<p>
+ Interactive mode is entered in the following cases:
+ </p>
+<div class="orderedlist"><ol type="a">
+<li><p>
+ when no arguments are given (the default name server will be used)
+ </p></li>
+<li><p>
+ when the first argument is a hyphen (-) and the second argument is
+ the host name or Internet address of a name server.
+ </p></li>
+</ol></div>
+<p>
+ </p>
+<p>
+ Non-interactive mode is used when the name or Internet address of the
+ host to be looked up is given as the first argument. The optional second
+ argument specifies the host name or address of a name server.
+ </p>
+<p>
+ Options can also be specified on the command line if they precede the
+ arguments and are prefixed with a hyphen. For example, to
+ change the default query type to host information, and the initial
+ timeout to 10 seconds, type:
+ </p>
+<div class="informalexample"><pre class="programlisting">
+nslookup -query=hinfo -timeout=10
+</pre></div>
+<p>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543413"></a><h2>INTERACTIVE COMMANDS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
+<dd>
+<p>
+ Look up information for host using the current default server or
+ using server, if specified. If host is an Internet address and
+ the query type is A or PTR, the name of the host is returned.
+ If host is a name and does not have a trailing period, the
+ search list is used to qualify the name.
+ </p>
+<p>
+ To look up a host not in the current domain, append a period to
+ the name.
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p>
+ Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
+ server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
+ the current default server. If an authoritative answer can't be
+ found, the names of servers that might have the answer are
+ returned.
+ </p></dd>
+<dt><span class="term"><code class="constant">root</code></span></dt>
+<dd><p>
+ not implemented
+ </p></dd>
+<dt><span class="term"><code class="constant">finger</code></span></dt>
+<dd><p>
+ not implemented
+ </p></dd>
+<dt><span class="term"><code class="constant">ls</code></span></dt>
+<dd><p>
+ not implemented
+ </p></dd>
+<dt><span class="term"><code class="constant">view</code></span></dt>
+<dd><p>
+ not implemented
+ </p></dd>
+<dt><span class="term"><code class="constant">help</code></span></dt>
+<dd><p>
+ not implemented
+ </p></dd>
+<dt><span class="term"><code class="constant">?</code></span></dt>
+<dd><p>
+ not implemented
+ </p></dd>
+<dt><span class="term"><code class="constant">exit</code></span></dt>
+<dd><p>
+ Exits the program.
+ </p></dd>
+<dt><span class="term"><code class="constant">set</code>
+ <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
+<dd>
+<p>
+ This command is used to change state information that affects
+ the lookups. Valid keywords are:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">all</code></span></dt>
+<dd><p>
+ Prints the current values of the frequently used
+ options to <span><strong class="command">set</strong></span>.
+ Information about the current default
+ server and host is also printed.
+ </p></dd>
+<dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+ Change the query class to one of:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">IN</code></span></dt>
+<dd><p>
+ the Internet class
+ </p></dd>
+<dt><span class="term"><code class="constant">CH</code></span></dt>
+<dd><p>
+ the Chaos class
+ </p></dd>
+<dt><span class="term"><code class="constant">HS</code></span></dt>
+<dd><p>
+ the Hesiod class
+ </p></dd>
+<dt><span class="term"><code class="constant">ANY</code></span></dt>
+<dd><p>
+ wildcard
+ </p></dd>
+</dl></div>
+<p>
+ The class specifies the protocol group of the information.
+
+ </p>
+<p>
+ (Default = IN; abbreviation = cl)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">
+ <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
+<dd>
+<p>
+ Turn on or off the display of the full response packet and
+ any intermediate response packets when searching.
+ </p>
+<p>
+ (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">
+ <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
+<dd>
+<p>
+ Turn debugging mode on or off. This displays more about
+ what nslookup is doing.
+ </p>
+<p>
+ (Default = nod2)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
+<dd><p>
+ Sets the search list to <em class="replaceable"><code>name</code></em>.
+ </p></dd>
+<dt><span class="term"><code class="constant">
+ <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
+<dd>
+<p>
+ If the lookup request contains at least one period but
+ doesn't end with a trailing period, append the domain
+ names in the domain search list to the request until an
+ answer is received.
+ </p>
+<p>
+ (Default = search)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+ Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
+ </p>
+<p>
+ (Default = 53; abbreviation = po)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+ Change the type of the information query.
+ </p>
+<p>
+ (Default = A; abbreviations = q, ty)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">
+ <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
+<dd>
+<p>
+ Tell the name server to query other servers if it does not
+ have the
+ information.
+ </p>
+<p>
+ (Default = recurse; abbreviation = [no]rec)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+ Set the number of retries to number.
+ </p></dd>
+<dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+ Change the initial timeout interval for waiting for a
+ reply to number seconds.
+ </p></dd>
+<dt><span class="term"><code class="constant">
+ <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
+<dd>
+<p>
+ Always use a virtual circuit when sending requests to the
+ server.
+ </p>
+<p>
+ (Default = novc)
+ </p>
+</dd>
+<dt><span class="term"><code class="constant">
+ <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
+<dd>
+<p>
+ Try the next nameserver if a nameserver responds with
+ SERVFAIL or a referral (nofail) or terminate query
+ (fail) on such a response.
+ </p>
+<p>
+ (Default = nofail)
+ </p>
+</dd>
+</dl></div>
+<p>
+ </p>
+</dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2546279"></a><h2>FILES</h2>
+<p><code class="filename">/etc/resolv.conf</code>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2546291"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+ <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2546325"></a><h2>Author</h2>
+<p>
+ Andrew Cherenson
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dig/win32/dig.dsp b/bin/dig/win32/dig.dsp
new file mode 100644
index 0000000..4051643
--- /dev/null
+++ b/bin/dig/win32/dig.dsp
@@ -0,0 +1,107 @@
+# Microsoft Developer Studio Project File - Name="dig" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=dig - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "dig.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "dig.mak" CFG="dig - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "dig - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "dig - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /u /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "dig - Win32 Release"
+# Name "dig - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\dig.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\include\dig\dig.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dig/win32/dig.dsw b/bin/dig/win32/dig.dsw
new file mode 100644
index 0000000..ae9c548
--- /dev/null
+++ b/bin/dig/win32/dig.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "dig"=".\dig.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dig/win32/dig.mak b/bin/dig/win32/dig.mak
new file mode 100644
index 0000000..e6eb21c
--- /dev/null
+++ b/bin/dig/win32/dig.mak
@@ -0,0 +1,425 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on dig.dsp
+!IF "$(CFG)" == ""
+CFG=dig - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to dig - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "dig - Win32 Release" && "$(CFG)" != "dig - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "dig.mak" CFG="dig - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "dig - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "dig - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "dig - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\dig.exe"
+
+!ELSE
+
+ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\dig.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\dig.obj"
+ -@erase "$(INTDIR)\dighost.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\dig.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dig.obj" \
+ "$(INTDIR)\dighost.obj" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Release\liblwres.lib"
+
+"..\..\..\Build\Release\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
+
+!ELSE
+
+ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\dig.obj"
+ -@erase "$(INTDIR)\dig.sbr"
+ -@erase "$(INTDIR)\dighost.obj"
+ -@erase "$(INTDIR)\dighost.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\dig.bsc"
+ -@erase "$(OUTDIR)\dig.pdb"
+ -@erase "..\..\..\Build\Debug\dig.exe"
+ -@erase "..\..\..\Build\Debug\dig.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dig.sbr" \
+ "$(INTDIR)\dighost.sbr"
+
+"$(OUTDIR)\dig.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dig.obj" \
+ "$(INTDIR)\dighost.obj" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Debug\liblwres.lib"
+
+"..\..\..\Build\Debug\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("dig.dep")
+!INCLUDE "dig.dep"
+!ELSE
+!MESSAGE Warning: cannot find "dig.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "dig - Win32 Release" || "$(CFG)" == "dig - Win32 Debug"
+SOURCE=..\dig.c
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+
+"$(INTDIR)\dig.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+
+"$(INTDIR)\dig.obj" "$(INTDIR)\dig.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\dighost.c
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+
+"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+
+"$(INTDIR)\dighost.obj" "$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+"libbind9 - Win32 Release" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+"libbind9 - Win32 Debug" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libbind9 - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "dig - Win32 Release"
+
+"liblwres - Win32 Release" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"liblwres - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "dig - Win32 Debug"
+
+"liblwres - Win32 Debug" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"liblwres - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dig/win32/dighost.dsp b/bin/dig/win32/dighost.dsp
new file mode 100644
index 0000000..e37031b
--- /dev/null
+++ b/bin/dig/win32/dighost.dsp
@@ -0,0 +1,113 @@
+# Microsoft Developer Studio Project File - Name="dighost" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=dighost - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "dighost.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "dighost.mak" CFG="dighost - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "dighost - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "dighost - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "dighost - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /out:"Release/dighost.lib"
+
+!ELSEIF "$(CFG)" == "dighost - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /debug out:"Debug/dighost.lib"
+
+!ENDIF
+
+# Begin Target
+
+# Name "dighost - Win32 Release"
+# Name "dighost - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\dighost.c
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/bin/dig/win32/dighost.dsw b/bin/dig/win32/dighost.dsw
new file mode 100644
index 0000000..fdae6d4
--- /dev/null
+++ b/bin/dig/win32/dighost.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dig/win32/host.dsp b/bin/dig/win32/host.dsp
new file mode 100644
index 0000000..4dc4312
--- /dev/null
+++ b/bin/dig/win32/host.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="host" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=host - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "host.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "host.mak" CFG="host - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "host - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "host - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /u /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "host - Win32 Release"
+# Name "host - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\host.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dig/win32/host.dsw b/bin/dig/win32/host.dsw
new file mode 100644
index 0000000..e566e78
--- /dev/null
+++ b/bin/dig/win32/host.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "host"=".\host.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dig/win32/host.mak b/bin/dig/win32/host.mak
new file mode 100644
index 0000000..4a72609
--- /dev/null
+++ b/bin/dig/win32/host.mak
@@ -0,0 +1,425 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on host.dsp
+!IF "$(CFG)" == ""
+CFG=host - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to host - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "host - Win32 Release" && "$(CFG)" != "host - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "host.mak" CFG="host - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "host - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "host - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "host - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\host.exe"
+
+!ELSE
+
+ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\host.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\dighost.obj"
+ -@erase "$(INTDIR)\host.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\host.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dighost.obj" \
+ "$(INTDIR)\host.obj" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Release\liblwres.lib"
+
+"..\..\..\Build\Release\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
+
+!ELSE
+
+ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\dighost.obj"
+ -@erase "$(INTDIR)\dighost.sbr"
+ -@erase "$(INTDIR)\host.obj"
+ -@erase "$(INTDIR)\host.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\host.bsc"
+ -@erase "$(OUTDIR)\host.pdb"
+ -@erase "..\..\..\Build\Debug\host.exe"
+ -@erase "..\..\..\Build\Debug\host.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dighost.sbr" \
+ "$(INTDIR)\host.sbr"
+
+"$(OUTDIR)\host.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dighost.obj" \
+ "$(INTDIR)\host.obj" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Debug\liblwres.lib"
+
+"..\..\..\Build\Debug\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("host.dep")
+!INCLUDE "host.dep"
+!ELSE
+!MESSAGE Warning: cannot find "host.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "host - Win32 Release" || "$(CFG)" == "host - Win32 Debug"
+SOURCE=..\dighost.c
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+
+"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+
+"$(INTDIR)\dighost.obj" "$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\host.c
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+
+"$(INTDIR)\host.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+
+"$(INTDIR)\host.obj" "$(INTDIR)\host.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+"libbind9 - Win32 Release" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+"libbind9 - Win32 Debug" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libbind9 - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "host - Win32 Release"
+
+"liblwres - Win32 Release" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"liblwres - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "host - Win32 Debug"
+
+"liblwres - Win32 Debug" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"liblwres - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dig/win32/nslookup.dsp b/bin/dig/win32/nslookup.dsp
new file mode 100644
index 0000000..cc0f4ab
--- /dev/null
+++ b/bin/dig/win32/nslookup.dsp
@@ -0,0 +1,107 @@
+# Microsoft Developer Studio Project File - Name="nslookup" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=nslookup - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "nslookup.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nslookup.mak" CFG="nslookup - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nslookup - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "nslookup - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /u /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "nslookup - Win32 Release"
+# Name "nslookup - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\dighost.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\nslookup.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dig/win32/nslookup.dsw b/bin/dig/win32/nslookup.dsw
new file mode 100644
index 0000000..0ff8c66
--- /dev/null
+++ b/bin/dig/win32/nslookup.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "nslookup"=".\nslookup.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dig/win32/nslookup.mak b/bin/dig/win32/nslookup.mak
new file mode 100644
index 0000000..6fcbf13
--- /dev/null
+++ b/bin/dig/win32/nslookup.mak
@@ -0,0 +1,425 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on nslookup.dsp
+!IF "$(CFG)" == ""
+CFG=nslookup - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to nslookup - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "nslookup - Win32 Release" && "$(CFG)" != "nslookup - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nslookup.mak" CFG="nslookup - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nslookup - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "nslookup - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\nslookup.exe"
+
+!ELSE
+
+ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\nslookup.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\dighost.obj"
+ -@erase "$(INTDIR)\nslookup.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\nslookup.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dighost.obj" \
+ "$(INTDIR)\nslookup.obj" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Release\liblwres.lib"
+
+"..\..\..\Build\Release\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
+
+!ELSE
+
+ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\dighost.obj"
+ -@erase "$(INTDIR)\dighost.sbr"
+ -@erase "$(INTDIR)\nslookup.obj"
+ -@erase "$(INTDIR)\nslookup.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\nslookup.bsc"
+ -@erase "$(OUTDIR)\nslookup.pdb"
+ -@erase "..\..\..\Build\Debug\nslookup.exe"
+ -@erase "..\..\..\Build\Debug\nslookup.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dighost.sbr" \
+ "$(INTDIR)\nslookup.sbr"
+
+"$(OUTDIR)\nslookup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dighost.obj" \
+ "$(INTDIR)\nslookup.obj" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Debug\liblwres.lib"
+
+"..\..\..\Build\Debug\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("nslookup.dep")
+!INCLUDE "nslookup.dep"
+!ELSE
+!MESSAGE Warning: cannot find "nslookup.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "nslookup - Win32 Release" || "$(CFG)" == "nslookup - Win32 Debug"
+SOURCE=..\dighost.c
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+
+"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+
+"$(INTDIR)\dighost.obj" "$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\nslookup.c
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+
+"$(INTDIR)\nslookup.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+
+"$(INTDIR)\nslookup.obj" "$(INTDIR)\nslookup.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+"libbind9 - Win32 Release" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+"libbind9 - Win32 Debug" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"libbind9 - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "nslookup - Win32 Release"
+
+"liblwres - Win32 Release" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
+ cd "..\..\..\bin\dig\win32"
+
+"liblwres - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
+
+"liblwres - Win32 Debug" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
+ cd "..\..\..\bin\dig\win32"
+
+"liblwres - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\dig\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
new file mode 100644
index 0000000..d59a38f
--- /dev/null
+++ b/bin/dnssec/Makefile.in
@@ -0,0 +1,95 @@
+# Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.35 2008/11/07 02:28:49 marka Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES = -DVERSION=\"${VERSION}\"
+CWARNINGS =
+
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+# Alphabetically
+TARGETS = dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
+ dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@
+
+OBJS = dnssectool.@O@
+
+SRCS = dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
+ dnssec-signzone.c dnssectool.c
+
+MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
+ dnssec-signzone.8
+
+HTMLPAGES = dnssec-dsfromkey.html dnssec-keyfromlabel.html \
+ dnssec-keygen.html dnssec-signzone.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dnssec-dsfromkey.@O@ ${OBJS} ${LIBS}
+
+dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dnssec-keyfromlabel.@O@ ${OBJS} ${LIBS}
+
+dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dnssec-keygen.@O@ ${OBJS} ${LIBS}
+
+dnssec-signzone.@O@: dnssec-signzone.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
+ -c ${srcdir}/dnssec-signzone.c
+
+dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dnssec-signzone.@O@ ${OBJS} ${LIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: ${TARGETS} installdirs
+ for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
+ for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+
+clean distclean::
+ rm -f ${TARGETS}
+
diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8
new file mode 100644
index 0000000..4d4cbc9
--- /dev/null
+++ b/bin/dnssec/dnssec-dsfromkey.8
@@ -0,0 +1,124 @@
+.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+.\"
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dnssec-dsfromkey.8,v 1.5 2008/11/08 01:11:47 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: dnssec\-dsfromkey
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: November 29, 2008
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "DNSSEC\-DSFROMKEY" "8" "November 29, 2008" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-dsfromkey \- DNSSEC DS RR generation tool
+.SH "SYNOPSIS"
+.HP 17
+\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] {keyfile}
+.HP 17
+\fBdnssec\-dsfromkey\fR {\-s} [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdir\fR\fR] {dnsname}
+.SH "DESCRIPTION"
+.PP
+\fBdnssec\-dsfromkey\fR
+outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
+.SH "OPTIONS"
+.PP
+\-1
+.RS 4
+Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
+.RE
+.PP
+\-2
+.RS 4
+Use SHA\-256 as the digest algorithm.
+.RE
+.PP
+\-a \fIalgorithm\fR
+.RS 4
+Select the digest algorithm. The value of
+\fBalgorithm\fR
+must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
+.RE
+.PP
+\-v \fIlevel\fR
+.RS 4
+Sets the debugging level.
+.RE
+.PP
+\-s
+.RS 4
+Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode.
+.RE
+.PP
+\-c \fIclass\fR
+.RS 4
+Specifies the DNS class (default is IN), useful only in the keyset mode.
+.RE
+.PP
+\-d \fIdirectory\fR
+.RS 4
+Look for
+\fIkeyset\fR
+files in
+\fBdirectory\fR
+as the directory, ignored when not in the keyset mode.
+.RE
+.SH "EXAMPLE"
+.PP
+To build the SHA\-256 DS RR from the
+\fBKexample.com.+003+26160\fR
+keyfile name, the following command would be issued:
+.PP
+\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
+.PP
+The command would print something like:
+.PP
+\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
+.SH "FILES"
+.PP
+The keyfile can be designed by the key identification
+\fIKnnnn.+aaa+iiiii\fR
+or the full file name
+\fIKnnnn.+aaa+iiiii.key\fR
+as generated by
+dnssec\-keygen(8).
+.PP
+The keyset file name is built from the
+\fBdirectory\fR, the string
+\fIkeyset\-\fR
+and the
+\fBdnsname\fR.
+.SH "CAVEAT"
+.PP
+A keyfile error can give a "file not found" even if the file exists.
+.SH "SEE ALSO"
+.PP
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 3658,
+RFC 4509.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
new file mode 100644
index 0000000..d3d1d06
--- /dev/null
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -0,0 +1,388 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-dsfromkey.c,v 1.2 2008/11/07 02:28:49 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/ds.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+const char *program = "dnssec-dsfromkey";
+int verbose;
+
+static dns_rdataclass_t rdclass;
+static dns_fixedname_t fixed;
+static dns_name_t *name = NULL;
+static dns_db_t *db = NULL;
+static dns_dbnode_t *node = NULL;
+static dns_rdataset_t keyset;
+static isc_mem_t *mctx = NULL;
+
+static void
+loadkeys(char *dirname, char *setname)
+{
+ isc_result_t result;
+ char filename[1024];
+ isc_buffer_t buf;
+
+ dns_rdataset_init(&keyset);
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+
+ isc_buffer_init(&buf, setname, strlen(setname));
+ isc_buffer_add(&buf, strlen(setname));
+ result = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't convert DNS name %s", setname);
+
+ isc_buffer_init(&buf, filename, sizeof(filename));
+ if (dirname != NULL) {
+ isc_buffer_putstr(&buf, dirname);
+ if (dirname[strlen(dirname) - 1] != '/')
+ isc_buffer_putstr(&buf, "/");
+ }
+ isc_buffer_putstr(&buf, "keyset-");
+ result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
+ check_result(result, "dns_name_tofilenametext()");
+ if (isc_buffer_availablelength(&buf) == 0)
+ fatal("name %s too long", setname);
+ isc_buffer_putuint8(&buf, 0);
+
+ result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+ rdclass, 0, NULL, &db);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't create database");
+
+ result = dns_db_load(db, filename);
+ if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
+ fatal("can't load %s: %s", filename, isc_result_totext(result));
+
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't find %s node in %s", setname, filename);
+
+ result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
+ 0, 0, &keyset, NULL);
+ if (result == ISC_R_NOTFOUND)
+ fatal("no DNSKEY RR for %s in %s", setname, filename);
+ else if (result != ISC_R_SUCCESS)
+ fatal("dns_db_findrdataset");
+}
+
+static void
+loadkey(char *filename, dns_rdata_t *rdata)
+{
+ isc_result_t result;
+ dst_key_t *key = NULL;
+ unsigned char key_buf[DST_KEY_MAXSIZE];
+ isc_buffer_t keyb;
+ isc_region_t r;
+
+ dns_rdataset_init(&keyset);
+ dns_rdata_init(rdata);
+
+ isc_buffer_init(&keyb, key_buf, sizeof(key_buf));
+
+ result = dst_key_fromnamedfile(filename, DST_TYPE_PUBLIC, mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ fatal("invalid keyfile name %s: %s",
+ filename, isc_result_totext(result));
+
+ if (verbose > 2) {
+ char keystr[KEY_FORMATSIZE];
+
+ key_format(key, keystr, sizeof(keystr));
+ fprintf(stderr, "%s: %s\n", program, keystr);
+ }
+
+ result = dst_key_todns(key, &keyb);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't decode key");
+
+ isc_buffer_usedregion(&keyb, &r);
+ dns_rdata_fromregion(rdata, dst_key_class(key),
+ dns_rdatatype_dnskey, &r);
+
+ rdclass = dst_key_class(key);
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ result = dns_name_copy(dst_key_name(key), name, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't copy name");
+
+ dst_key_free(&key);
+}
+
+static void
+logkey(dns_rdata_t *rdata)
+{
+ isc_result_t result;
+ dst_key_t *key = NULL;
+ isc_buffer_t buf;
+ char keystr[KEY_FORMATSIZE];
+
+ isc_buffer_init(&buf, rdata->data, rdata->length);
+ isc_buffer_add(&buf, rdata->length);
+ result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ key_format(key, keystr, sizeof(keystr));
+ fprintf(stderr, "%s: %s\n", program, keystr);
+
+ dst_key_free(&key);
+}
+
+static void
+emitds(unsigned int dtype, dns_rdata_t *rdata)
+{
+ isc_result_t result;
+ unsigned char buf[DNS_DS_BUFFERSIZE];
+ char text_buf[DST_KEY_MAXTEXTSIZE];
+ char class_buf[10];
+ isc_buffer_t textb, classb;
+ isc_region_t r;
+ dns_rdata_t ds;
+
+ isc_buffer_init(&textb, text_buf, sizeof(text_buf));
+ isc_buffer_init(&classb, class_buf, sizeof(class_buf));
+
+ dns_rdata_init(&ds);
+
+ result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't build DS");
+
+ result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't print DS rdata");
+
+ result = dns_rdataclass_totext(rdclass, &classb);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't print DS class");
+
+ result = dns_name_print(name, stdout);
+ if (result != ISC_R_SUCCESS)
+ fatal("can't print DS name");
+
+ putchar(' ');
+
+ isc_buffer_usedregion(&classb, &r);
+ fwrite(r.base, 1, r.length, stdout);
+
+ printf(" DS ");
+
+ isc_buffer_usedregion(&textb, &r);
+ fwrite(r.base, 1, r.length, stdout);
+ putchar('\n');
+}
+
+static void
+usage(void) {
+ fprintf(stderr, "Usage:\n");
+ fprintf(stderr, " %s options keyfile\n\n", program);
+ fprintf(stderr, " %s options [-c class] [-d dir] -s dnsname\n\n",
+ program);
+ fprintf(stderr, "Version: %s\n", VERSION);
+ fprintf(stderr, "Options:\n");
+ fprintf(stderr, " -v <verbose level>\n");
+ fprintf(stderr, " -1: use SHA-1\n");
+ fprintf(stderr, " -2: use SHA-256\n");
+ fprintf(stderr, " -a algorithm: use algorithm\n");
+ fprintf(stderr, "Keyset options:\n");
+ fprintf(stderr, " -s: keyset mode\n");
+ fprintf(stderr, " -c class\n");
+ fprintf(stderr, " -d directory\n");
+ fprintf(stderr, "Output: DS RRs\n");
+
+ exit (-1);
+}
+
+int
+main(int argc, char **argv) {
+ char *algname = NULL, *classname = NULL, *dirname = NULL;
+ char *endp;
+ int ch;
+ unsigned int dtype = DNS_DSDIGEST_SHA1;
+ isc_boolean_t both = ISC_TRUE;
+ isc_boolean_t usekeyset = ISC_FALSE;
+ isc_result_t result;
+ isc_log_t *log = NULL;
+ isc_entropy_t *ectx = NULL;
+ dns_rdata_t rdata;
+
+ dns_rdata_init(&rdata);
+
+ if (argc == 1)
+ usage();
+
+ result = isc_mem_create(0, 0, &mctx);
+ if (result != ISC_R_SUCCESS)
+ fatal("out of memory");
+
+ dns_result_register();
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((ch = isc_commandline_parse(argc, argv,
+ "12a:c:d:sv:h")) != -1) {
+ switch (ch) {
+ case '1':
+ dtype = DNS_DSDIGEST_SHA1;
+ both = ISC_FALSE;
+ break;
+ case '2':
+ dtype = DNS_DSDIGEST_SHA256;
+ both = ISC_FALSE;
+ break;
+ case 'a':
+ algname = isc_commandline_argument;
+ both = ISC_FALSE;
+ break;
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+ case 'd':
+ dirname = isc_commandline_argument;
+ break;
+ case 's':
+ usekeyset = ISC_TRUE;
+ break;
+ case 'v':
+ verbose = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0')
+ fatal("-v must be followed by a number");
+ break;
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ /* Falls into */
+ case 'h':
+ usage();
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ if (algname != NULL) {
+ if (strcasecmp(algname, "SHA1") == 0 ||
+ strcasecmp(algname, "SHA-1") == 0)
+ dtype = DNS_DSDIGEST_SHA1;
+ else if (strcasecmp(algname, "SHA256") == 0 ||
+ strcasecmp(algname, "SHA-256") == 0)
+ dtype = DNS_DSDIGEST_SHA256;
+ else
+ fatal("unknown algorithm %s", algname);
+ }
+
+ rdclass = strtoclass(classname);
+
+ if (argc < isc_commandline_index + 1)
+ fatal("the key file name was not specified");
+ if (argc > isc_commandline_index + 1)
+ fatal("extraneous arguments");
+
+ if (ectx == NULL)
+ setup_entropy(mctx, NULL, &ectx);
+ result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not initialize hash");
+ result = dst_lib_init(mctx, ectx,
+ ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not initialize dst");
+ isc_entropy_stopcallbacksources(ectx);
+
+ setup_logging(verbose, mctx, &log);
+
+ if (usekeyset) {
+ loadkeys(dirname, argv[isc_commandline_index]);
+
+ for (result = dns_rdataset_first(&keyset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&keyset)) {
+ dns_rdata_init(&rdata);
+ dns_rdataset_current(&keyset, &rdata);
+
+ if (verbose > 2)
+ logkey(&rdata);
+
+ if (both) {
+ emitds(DNS_DSDIGEST_SHA1, &rdata);
+ emitds(DNS_DSDIGEST_SHA256, &rdata);
+ } else
+ emitds(dtype, &rdata);
+ }
+ } else {
+ loadkey(argv[isc_commandline_index], &rdata);
+
+ if (both) {
+ emitds(DNS_DSDIGEST_SHA1, &rdata);
+ emitds(DNS_DSDIGEST_SHA256, &rdata);
+ } else
+ emitds(dtype, &rdata);
+ }
+
+ if (dns_rdataset_isassociated(&keyset))
+ dns_rdataset_disassociate(&keyset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (db != NULL)
+ dns_db_detach(&db);
+ cleanup_logging(&log);
+ dst_lib_destroy();
+ isc_hash_destroy();
+ cleanup_entropy(&ectx);
+ dns_name_destroy();
+ if (verbose > 10)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook
new file mode 100644
index 0000000..c2c6b85
--- /dev/null
+++ b/bin/dnssec/dnssec-dsfromkey.docbook
@@ -0,0 +1,214 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-dsfromkey.docbook,v 1.6 2008/11/07 13:54:11 jreed Exp $ -->
+<refentry id="man.dnssec-dsfromkey">
+ <refentryinfo>
+ <date>November 29, 2008</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>dnssec-dsfromkey</application></refname>
+ <refpurpose>DNSSEC DS RR generation tool</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>dnssec-dsfromkey</command>
+ <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg><option>-1</option></arg>
+ <arg><option>-2</option></arg>
+ <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
+ <arg choice="req">keyfile</arg>
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <command>dnssec-dsfromkey</command>
+ <arg choice="req">-s</arg>
+ <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg><option>-1</option></arg>
+ <arg><option>-2</option></arg>
+ <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-d <replaceable class="parameter">dir</replaceable></option></arg>
+ <arg choice="req">dnsname</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>dnssec-dsfromkey</command>
+ outputs the Delegation Signer (DS) resource record (RR), as defined in
+ RFC 3658 and RFC 4509, for the given key(s).
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-1</term>
+ <listitem>
+ <para>
+ Use SHA-1 as the digest algorithm (the default is to use
+ both SHA-1 and SHA-256).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-2</term>
+ <listitem>
+ <para>
+ Use SHA-256 as the digest algorithm.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-a <replaceable class="parameter">algorithm</replaceable></term>
+ <listitem>
+ <para>
+ Select the digest algorithm. The value of
+ <option>algorithm</option> must be one of SHA-1 (SHA1) or
+ SHA-256 (SHA256). These values are case insensitive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v <replaceable class="parameter">level</replaceable></term>
+ <listitem>
+ <para>
+ Sets the debugging level.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s</term>
+ <listitem>
+ <para>
+ Keyset mode: in place of the keyfile name, the argument is
+ the DNS domain name of a keyset file. Following options make sense
+ only in this mode.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">class</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the DNS class (default is IN), useful only
+ in the keyset mode.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-d <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ Look for <filename>keyset</filename> files in
+ <option>directory</option> as the directory, ignored when
+ not in the keyset mode.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLE</title>
+ <para>
+ To build the SHA-256 DS RR from the
+ <userinput>Kexample.com.+003+26160</userinput>
+ keyfile name, the following command would be issued:
+ </para>
+ <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
+ </para>
+ <para>
+ The command would print something like:
+ </para>
+ <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+ <para>
+ The keyfile can be designed by the key identification
+ <filename>Knnnn.+aaa+iiiii</filename> or the full file name
+ <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
+ </para>
+ <para>
+ The keyset file name is built from the <option>directory</option>,
+ the string <filename>keyset-</filename> and the
+ <option>dnsname</option>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>CAVEAT</title>
+ <para>
+ A keyfile error can give a "file not found" even if the file exists.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
+ <citetitle>RFC 3658</citetitle>,
+ <citetitle>RFC 4509</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html
new file mode 100644
index 0000000..72dfd3a
--- /dev/null
+++ b/bin/dnssec/dnssec-dsfromkey.html
@@ -0,0 +1,133 @@
+<!--
+ - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-dsfromkey.html,v 1.5 2008/11/08 01:11:47 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-dsfromkey</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] {keyfile}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543424"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">dnssec-dsfromkey</strong></span>
+ outputs the Delegation Signer (DS) resource record (RR), as defined in
+ RFC 3658 and RFC 4509, for the given key(s).
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543435"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-1</span></dt>
+<dd><p>
+ Use SHA-1 as the digest algorithm (the default is to use
+ both SHA-1 and SHA-256).
+ </p></dd>
+<dt><span class="term">-2</span></dt>
+<dd><p>
+ Use SHA-256 as the digest algorithm.
+ </p></dd>
+<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
+<dd><p>
+ Select the digest algorithm. The value of
+ <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
+ SHA-256 (SHA256). These values are case insensitive.
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+ Sets the debugging level.
+ </p></dd>
+<dt><span class="term">-s</span></dt>
+<dd><p>
+ Keyset mode: in place of the keyfile name, the argument is
+ the DNS domain name of a keyset file. Following options make sense
+ only in this mode.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Specifies the DNS class (default is IN), useful only
+ in the keyset mode.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ Look for <code class="filename">keyset</code> files in
+ <code class="option">directory</code> as the directory, ignored when
+ not in the keyset mode.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543563"></a><h2>EXAMPLE</h2>
+<p>
+ To build the SHA-256 DS RR from the
+ <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
+ keyfile name, the following command would be issued:
+ </p>
+<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
+ </p>
+<p>
+ The command would print something like:
+ </p>
+<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543593"></a><h2>FILES</h2>
+<p>
+ The keyfile can be designed by the key identification
+ <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
+ <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
+ <span class="refentrytitle">dnssec-keygen</span>(8).
+ </p>
+<p>
+ The keyset file name is built from the <code class="option">directory</code>,
+ the string <code class="filename">keyset-</code> and the
+ <code class="option">dnsname</code>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543628"></a><h2>CAVEAT</h2>
+<p>
+ A keyfile error can give a "file not found" even if the file exists.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543638"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 3658</em>,
+ <em class="citetitle">RFC 4509</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543674"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8
new file mode 100644
index 0000000..6222058
--- /dev/null
+++ b/bin/dnssec/dnssec-keyfromlabel.8
@@ -0,0 +1,149 @@
+.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dnssec-keyfromlabel.8,v 1.6 2008/11/08 01:11:47 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: dnssec\-keyfromlabel
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: February 8, 2008
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-keyfromlabel \- DNSSEC key generation tool
+.SH "SYNOPSIS"
+.HP 20
+\fBdnssec\-keyfromlabel\fR {\-a\ \fIalgorithm\fR} {\-l\ \fIlabel\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-k\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
+.SH "DESCRIPTION"
+.PP
+\fBdnssec\-keyfromlabel\fR
+gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
+.SH "OPTIONS"
+.PP
+\-a \fIalgorithm\fR
+.RS 4
+Selects the cryptographic algorithm. The value of
+\fBalgorithm\fR
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman). These values are case insensitive.
+.sp
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
+.sp
+Note 2: DH automatically sets the \-k flag.
+.RE
+.PP
+\-l \fIlabel\fR
+.RS 4
+Specifies the label of keys in the crypto hardware (PKCS#11 device).
+.RE
+.PP
+\-n \fInametype\fR
+.RS 4
+Specifies the owner type of the key. The value of
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
+.RE
+.PP
+\-c \fIclass\fR
+.RS 4
+Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
+.RE
+.PP
+\-f \fIflag\fR
+.RS 4
+Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-keygen\fR.
+.RE
+.PP
+\-k
+.RS 4
+Generate KEY records rather than DNSKEY records.
+.RE
+.PP
+\-p \fIprotocol\fR
+.RS 4
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
+.RE
+.PP
+\-t \fItype\fR
+.RS 4
+Indicates the use of the key.
+\fBtype\fR
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+.RE
+.PP
+\-v \fIlevel\fR
+.RS 4
+Sets the debugging level.
+.RE
+.SH "GENERATED KEY FILES"
+.PP
+When
+\fBdnssec\-keyfromlabel\fR
+completes successfully, it prints a string of the form
+\fIKnnnn.+aaa+iiiii\fR
+to the standard output. This is an identification string for the key files it has generated.
+.TP 4
+\(bu
+\fInnnn\fR
+is the key name.
+.TP 4
+\(bu
+\fIaaa\fR
+is the numeric representation of the algorithm.
+.TP 4
+\(bu
+\fIiiiii\fR
+is the key identifier (or footprint).
+.PP
+\fBdnssec\-keyfromlabel\fR
+creates two files, with names based on the printed string.
+\fIKnnnn.+aaa+iiiii.key\fR
+contains the public key, and
+\fIKnnnn.+aaa+iiiii.private\fR
+contains the private key.
+.PP
+The
+\fI.key\fR
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
+.PP
+The
+\fI.private\fR
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
+.SH "SEE ALSO"
+.PP
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2539,
+RFC 2845,
+RFC 4033.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
new file mode 100644
index 0000000..e7587c3
--- /dev/null
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -0,0 +1,327 @@
+/*
+ * Copyright (C) 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-keyfromlabel.c,v 1.4 2008/09/24 02:46:21 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/region.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+#define MAX_RSA 4096 /* should be long enough... */
+
+const char *program = "dnssec-keyfromlabel";
+int verbose;
+
+static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
+ " NSEC3DSA | NSEC3RSASHA1";
+
+static void
+usage(void) {
+ fprintf(stderr, "Usage:\n");
+ fprintf(stderr, " %s -a alg -l label [options] name\n\n",
+ program);
+ fprintf(stderr, "Version: %s\n", VERSION);
+ fprintf(stderr, "Required options:\n");
+ fprintf(stderr, " -a algorithm: %s\n", algs);
+ fprintf(stderr, " -l label: label of the key\n");
+ fprintf(stderr, " name: owner of the key\n");
+ fprintf(stderr, "Other options:\n");
+ fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+ fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
+ fprintf(stderr, " -c <class> (default: IN)\n");
+ fprintf(stderr, " -f keyflag: KSK\n");
+ fprintf(stderr, " -t <type>: "
+ "AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+ "(default: AUTHCONF)\n");
+ fprintf(stderr, " -p <protocol>: "
+ "default: 3 [dnssec]\n");
+ fprintf(stderr, " -v <verbose level>\n");
+ fprintf(stderr, " -k : generate a TYPE=KEY key\n");
+ fprintf(stderr, "Output:\n");
+ fprintf(stderr, " K<name>+<alg>+<id>.key, "
+ "K<name>+<alg>+<id>.private\n");
+
+ exit (-1);
+}
+
+int
+main(int argc, char **argv) {
+ char *algname = NULL, *nametype = NULL, *type = NULL;
+ char *classname = NULL;
+ char *endp;
+ dst_key_t *key = NULL, *oldkey;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_uint16_t flags = 0, ksk = 0;
+ dns_secalg_t alg;
+ isc_boolean_t null_key = ISC_FALSE;
+ isc_mem_t *mctx = NULL;
+ int ch;
+ int protocol = -1, signatory = 0;
+ isc_result_t ret;
+ isc_textregion_t r;
+ char filename[255];
+ isc_buffer_t buf;
+ isc_log_t *log = NULL;
+ isc_entropy_t *ectx = NULL;
+ dns_rdataclass_t rdclass;
+ int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
+ char *label = NULL;
+
+ if (argc == 1)
+ usage();
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((ch = isc_commandline_parse(argc, argv,
+ "a:c:f:kl:n:p:t:v:h")) != -1)
+ {
+ switch (ch) {
+ case 'a':
+ algname = isc_commandline_argument;
+ break;
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+ case 'f':
+ if (strcasecmp(isc_commandline_argument, "KSK") == 0)
+ ksk = DNS_KEYFLAG_KSK;
+ else
+ fatal("unknown flag '%s'",
+ isc_commandline_argument);
+ break;
+ case 'k':
+ options |= DST_TYPE_KEY;
+ break;
+ case 'l':
+ label = isc_commandline_argument;
+ break;
+ case 'n':
+ nametype = isc_commandline_argument;
+ break;
+ case 'p':
+ protocol = strtol(isc_commandline_argument, &endp, 10);
+ if (*endp != '\0' || protocol < 0 || protocol > 255)
+ fatal("-p must be followed by a number "
+ "[0..255]");
+ break;
+ case 't':
+ type = isc_commandline_argument;
+ break;
+ case 'v':
+ verbose = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0')
+ fatal("-v must be followed by a number");
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ case 'h':
+ usage();
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ if (ectx == NULL)
+ setup_entropy(mctx, NULL, &ectx);
+ ret = dst_lib_init(mctx, ectx,
+ ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ if (ret != ISC_R_SUCCESS)
+ fatal("could not initialize dst");
+
+ setup_logging(verbose, mctx, &log);
+
+ if (label == NULL)
+ fatal("the key label was not specified");
+ if (argc < isc_commandline_index + 1)
+ fatal("the key name was not specified");
+ if (argc > isc_commandline_index + 1)
+ fatal("extraneous arguments");
+
+ if (algname == NULL)
+ fatal("no algorithm was specified");
+ if (strcasecmp(algname, "RSA") == 0) {
+ fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
+ "If you still wish to use RSA (RSAMD5) please "
+ "specify \"-a RSAMD5\"\n");
+ return (1);
+ } else {
+ r.base = algname;
+ r.length = strlen(algname);
+ ret = dns_secalg_fromtext(&alg, &r);
+ if (ret != ISC_R_SUCCESS)
+ fatal("unknown algorithm %s", algname);
+ if (alg == DST_ALG_DH)
+ options |= DST_TYPE_KEY;
+ }
+
+ if (type != NULL && (options & DST_TYPE_KEY) != 0) {
+ if (strcasecmp(type, "NOAUTH") == 0)
+ flags |= DNS_KEYTYPE_NOAUTH;
+ else if (strcasecmp(type, "NOCONF") == 0)
+ flags |= DNS_KEYTYPE_NOCONF;
+ else if (strcasecmp(type, "NOAUTHCONF") == 0) {
+ flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
+ }
+ else if (strcasecmp(type, "AUTHCONF") == 0)
+ /* nothing */;
+ else
+ fatal("invalid type %s", type);
+ }
+
+ if (nametype == NULL) {
+ if ((options & DST_TYPE_KEY) != 0) /* KEY */
+ fatal("no nametype specified");
+ flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */
+ } else if (strcasecmp(nametype, "zone") == 0)
+ flags |= DNS_KEYOWNER_ZONE;
+ else if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+ if (strcasecmp(nametype, "host") == 0 ||
+ strcasecmp(nametype, "entity") == 0)
+ flags |= DNS_KEYOWNER_ENTITY;
+ else if (strcasecmp(nametype, "user") == 0)
+ flags |= DNS_KEYOWNER_USER;
+ else
+ fatal("invalid KEY nametype %s", nametype);
+ } else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
+ fatal("invalid DNSKEY nametype %s", nametype);
+
+ rdclass = strtoclass(classname);
+
+ if ((options & DST_TYPE_KEY) != 0) /* KEY */
+ flags |= signatory;
+ else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
+ flags |= ksk;
+
+ if (protocol == -1)
+ protocol = DNS_KEYPROTO_DNSSEC;
+ else if ((options & DST_TYPE_KEY) == 0 &&
+ protocol != DNS_KEYPROTO_DNSSEC)
+ fatal("invalid DNSKEY protocol: %d", protocol);
+
+ if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+ if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
+ fatal("specified null key with signing authority");
+ }
+
+ if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
+ alg == DNS_KEYALG_DH)
+ fatal("a key with algorithm '%s' cannot be a zone key",
+ algname);
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&buf, argv[isc_commandline_index],
+ strlen(argv[isc_commandline_index]));
+ isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
+ ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
+ if (ret != ISC_R_SUCCESS)
+ fatal("invalid key name %s: %s", argv[isc_commandline_index],
+ isc_result_totext(ret));
+
+ if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
+ null_key = ISC_TRUE;
+
+ isc_buffer_init(&buf, filename, sizeof(filename) - 1);
+
+ /* associate the key */
+ ret = dst_key_fromlabel(name, alg, flags, protocol,
+ rdclass, "", label, NULL, mctx, &key);
+ isc_entropy_stopcallbacksources(ectx);
+
+ if (ret != ISC_R_SUCCESS) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char algstr[ALG_FORMATSIZE];
+ dns_name_format(name, namestr, sizeof(namestr));
+ alg_format(alg, algstr, sizeof(algstr));
+ fatal("failed to generate key %s/%s: %s\n",
+ namestr, algstr, isc_result_totext(ret));
+ exit(-1);
+ }
+
+ /*
+ * Try to read a key with the same name, alg and id from disk.
+ * If there is one we must continue generating a new one
+ * unless we were asked to generate a null key, in which
+ * case we return failure.
+ */
+ ret = dst_key_fromfile(name, dst_key_id(key), alg,
+ DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
+ /* do not overwrite an existing key */
+ if (ret == ISC_R_SUCCESS) {
+ isc_buffer_clear(&buf);
+ ret = dst_key_buildfilename(key, 0, NULL, &buf);
+ fprintf(stderr, "%s: %s already exists\n",
+ program, filename);
+ dst_key_free(&key);
+ exit (1);
+ }
+
+ ret = dst_key_tofile(key, options, NULL);
+ if (ret != ISC_R_SUCCESS) {
+ char keystr[KEY_FORMATSIZE];
+ key_format(key, keystr, sizeof(keystr));
+ fatal("failed to write key %s: %s\n", keystr,
+ isc_result_totext(ret));
+ }
+
+ isc_buffer_clear(&buf);
+ ret = dst_key_buildfilename(key, 0, NULL, &buf);
+ printf("%s\n", filename);
+ dst_key_free(&key);
+
+ cleanup_logging(&log);
+ cleanup_entropy(&ectx);
+ dst_lib_destroy();
+ dns_name_destroy();
+ if (verbose > 10)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook
new file mode 100644
index 0000000..2bcf0a4
--- /dev/null
+++ b/bin/dnssec/dnssec-keyfromlabel.docbook
@@ -0,0 +1,265 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-keyfromlabel.docbook,v 1.6 2008/11/07 13:54:11 jreed Exp $ -->
+<refentry id="man.dnssec-keyfromlabel">
+ <refentryinfo>
+ <date>February 8, 2008</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>dnssec-keyfromlabel</application></refname>
+ <refpurpose>DNSSEC key generation tool</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>dnssec-keyfromlabel</command>
+ <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
+ <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg><option>-k</option></arg>
+ <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="req">name</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>dnssec-keyfromlabel</command>
+ gets keys with the given label from a crypto hardware and builds
+ key files for DNSSEC (Secure DNS), as defined in RFC 2535
+ and RFC 4034.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a <replaceable class="parameter">algorithm</replaceable></term>
+ <listitem>
+ <para>
+ Selects the cryptographic algorithm. The value of
+ <option>algorithm</option> must be one of RSAMD5 (RSA)
+ or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
+ These values are case insensitive.
+ </para>
+ <para>
+ Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+ algorithm, and DSA is recommended.
+ </para>
+ <para>
+ Note 2: DH automatically sets the -k flag.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-l <replaceable class="parameter">label</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the label of keys in the crypto hardware
+ (PKCS#11 device).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">nametype</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the owner type of the key. The value of
+ <option>nametype</option> must either be ZONE (for a DNSSEC
+ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+ a host (KEY)),
+ USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+ These values are
+ case insensitive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">class</replaceable></term>
+ <listitem>
+ <para>
+ Indicates that the DNS record containing the key should have
+ the specified class. If not specified, class IN is used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f <replaceable class="parameter">flag</replaceable></term>
+ <listitem>
+ <para>
+ Set the specified flag in the flag field of the KEY/DNSKEY record.
+ The only recognized flag is KSK (Key Signing Key) DNSKEY.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Prints a short summary of the options and arguments to
+ <command>dnssec-keygen</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k</term>
+ <listitem>
+ <para>
+ Generate KEY records rather than DNSKEY records.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">protocol</replaceable></term>
+ <listitem>
+ <para>
+ Sets the protocol value for the generated key. The protocol
+ is a number between 0 and 255. The default is 3 (DNSSEC).
+ Other possible values for this argument are listed in
+ RFC 2535 and its successors.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">type</replaceable></term>
+ <listitem>
+ <para>
+ Indicates the use of the key. <option>type</option> must be
+ one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
+ is AUTHCONF. AUTH refers to the ability to authenticate
+ data, and CONF the ability to encrypt data.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v <replaceable class="parameter">level</replaceable></term>
+ <listitem>
+ <para>
+ Sets the debugging level.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>GENERATED KEY FILES</title>
+ <para>
+ When <command>dnssec-keyfromlabel</command> completes
+ successfully,
+ it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
+ to the standard output. This is an identification string for
+ the key files it has generated.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para><filename>nnnn</filename> is the key name.
+ </para>
+ </listitem>
+ <listitem>
+ <para><filename>aaa</filename> is the numeric representation
+ of the
+ algorithm.
+ </para>
+ </listitem>
+ <listitem>
+ <para><filename>iiiii</filename> is the key identifier (or
+ footprint).
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para><command>dnssec-keyfromlabel</command>
+ creates two files, with names based
+ on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
+ contains the public key, and
+ <filename>Knnnn.+aaa+iiiii.private</filename> contains the
+ private
+ key.
+ </para>
+ <para>
+ The <filename>.key</filename> file contains a DNS KEY record
+ that
+ can be inserted into a zone file (directly or with a $INCLUDE
+ statement).
+ </para>
+ <para>
+ The <filename>.private</filename> file contains algorithm
+ specific
+ fields. For obvious security reasons, this file does not have
+ general read permission.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
+ <citetitle>RFC 2539</citetitle>,
+ <citetitle>RFC 2845</citetitle>,
+ <citetitle>RFC 4033</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html
new file mode 100644
index 0000000..cbea64b
--- /dev/null
+++ b/bin/dnssec/dnssec-keyfromlabel.html
@@ -0,0 +1,171 @@
+<!--
+ - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: dnssec-keyfromlabel.html,v 1.5 2008/10/15 01:11:35 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-keyfromlabel</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543413"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
+ gets keys with the given label from a crypto hardware and builds
+ key files for DNSSEC (Secure DNS), as defined in RFC 2535
+ and RFC 4034.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543425"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
+<dd>
+<p>
+ Selects the cryptographic algorithm. The value of
+ <code class="option">algorithm</code> must be one of RSAMD5 (RSA)
+ or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
+ These values are case insensitive.
+ </p>
+<p>
+ Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+ algorithm, and DSA is recommended.
+ </p>
+<p>
+ Note 2: DH automatically sets the -k flag.
+ </p>
+</dd>
+<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
+<dd><p>
+ Specifies the label of keys in the crypto hardware
+ (PKCS#11 device).
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
+<dd><p>
+ Specifies the owner type of the key. The value of
+ <code class="option">nametype</code> must either be ZONE (for a DNSSEC
+ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+ a host (KEY)),
+ USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+ These values are
+ case insensitive.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Indicates that the DNS record containing the key should have
+ the specified class. If not specified, class IN is used.
+ </p></dd>
+<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Set the specified flag in the flag field of the KEY/DNSKEY record.
+ The only recognized flag is KSK (Key Signing Key) DNSKEY.
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Prints a short summary of the options and arguments to
+ <span><strong class="command">dnssec-keygen</strong></span>.
+ </p></dd>
+<dt><span class="term">-k</span></dt>
+<dd><p>
+ Generate KEY records rather than DNSKEY records.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
+<dd><p>
+ Sets the protocol value for the generated key. The protocol
+ is a number between 0 and 255. The default is 3 (DNSSEC).
+ Other possible values for this argument are listed in
+ RFC 2535 and its successors.
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
+<dd><p>
+ Indicates the use of the key. <code class="option">type</code> must be
+ one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
+ is AUTHCONF. AUTH refers to the ability to authenticate
+ data, and CONF the ability to encrypt data.
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+ Sets the debugging level.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543619"></a><h2>GENERATED KEY FILES</h2>
+<p>
+ When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
+ successfully,
+ it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
+ to the standard output. This is an identification string for
+ the key files it has generated.
+ </p>
+<div class="itemizedlist"><ul type="disc">
+<li><p><code class="filename">nnnn</code> is the key name.
+ </p></li>
+<li><p><code class="filename">aaa</code> is the numeric representation
+ of the
+ algorithm.
+ </p></li>
+<li><p><code class="filename">iiiii</code> is the key identifier (or
+ footprint).
+ </p></li>
+</ul></div>
+<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
+ creates two files, with names based
+ on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
+ contains the public key, and
+ <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
+ private
+ key.
+ </p>
+<p>
+ The <code class="filename">.key</code> file contains a DNS KEY record
+ that
+ can be inserted into a zone file (directly or with a $INCLUDE
+ statement).
+ </p>
+<p>
+ The <code class="filename">.private</code> file contains algorithm
+ specific
+ fields. For obvious security reasons, this file does not have
+ general read permission.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543691"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 2539</em>,
+ <em class="citetitle">RFC 2845</em>,
+ <em class="citetitle">RFC 4033</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543731"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
new file mode 100644
index 0000000..13db3d9
--- /dev/null
+++ b/bin/dnssec/dnssec-keygen.8
@@ -0,0 +1,200 @@
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dnssec-keygen.8,v 1.40 2008/10/15 01:11:35 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: dnssec\-keygen
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-keygen \- DNSSEC key generation tool
+.SH "SYNOPSIS"
+.HP 14
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
+.SH "DESCRIPTION"
+.PP
+\fBdnssec\-keygen\fR
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
+.SH "OPTIONS"
+.PP
+\-a \fIalgorithm\fR
+.RS 4
+Selects the cryptographic algorithm. The value of
+\fBalgorithm\fR
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
+.sp
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
+.sp
+Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
+.RE
+.PP
+\-b \fIkeysize\fR
+.RS 4
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+.RE
+.PP
+\-n \fInametype\fR
+.RS 4
+Specifies the owner type of the key. The value of
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation.
+.RE
+.PP
+\-c \fIclass\fR
+.RS 4
+Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
+.RE
+.PP
+\-e
+.RS 4
+If generating an RSAMD5/RSASHA1 key, use a large exponent.
+.RE
+.PP
+\-f \fIflag\fR
+.RS 4
+Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
+.RE
+.PP
+\-g \fIgenerator\fR
+.RS 4
+If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-keygen\fR.
+.RE
+.PP
+\-k
+.RS 4
+Generate KEY records rather than DNSKEY records.
+.RE
+.PP
+\-p \fIprotocol\fR
+.RS 4
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
+.RE
+.PP
+\-r \fIrandomdev\fR
+.RS 4
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
+\-s \fIstrength\fR
+.RS 4
+Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
+.RE
+.PP
+\-t \fItype\fR
+.RS 4
+Indicates the use of the key.
+\fBtype\fR
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+.RE
+.PP
+\-v \fIlevel\fR
+.RS 4
+Sets the debugging level.
+.RE
+.SH "GENERATED KEYS"
+.PP
+When
+\fBdnssec\-keygen\fR
+completes successfully, it prints a string of the form
+\fIKnnnn.+aaa+iiiii\fR
+to the standard output. This is an identification string for the key it has generated.
+.TP 4
+\(bu
+\fInnnn\fR
+is the key name.
+.TP 4
+\(bu
+\fIaaa\fR
+is the numeric representation of the algorithm.
+.TP 4
+\(bu
+\fIiiiii\fR
+is the key identifier (or footprint).
+.PP
+\fBdnssec\-keygen\fR
+creates two files, with names based on the printed string.
+\fIKnnnn.+aaa+iiiii.key\fR
+contains the public key, and
+\fIKnnnn.+aaa+iiiii.private\fR
+contains the private key.
+.PP
+The
+\fI.key\fR
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
+.PP
+The
+\fI.private\fR
+file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
+.PP
+Both
+\fI.key\fR
+and
+\fI.private\fR
+files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
+.SH "EXAMPLE"
+.PP
+To generate a 768\-bit DSA key for the domain
+\fBexample.com\fR, the following command would be issued:
+.PP
+\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
+.PP
+The command would print a string of the form:
+.PP
+\fBKexample.com.+003+26160\fR
+.PP
+In this example,
+\fBdnssec\-keygen\fR
+creates the files
+\fIKexample.com.+003+26160.key\fR
+and
+\fIKexample.com.+003+26160.private\fR.
+.SH "SEE ALSO"
+.PP
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2539,
+RFC 2845,
+RFC 4033.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
new file mode 100644
index 0000000..614d388
--- /dev/null
+++ b/bin/dnssec/dnssec-keygen.c
@@ -0,0 +1,540 @@
+/*
+ * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-keygen.c,v 1.81 2008/09/25 04:02:38 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/region.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+#define MAX_RSA 4096 /* should be long enough... */
+
+const char *program = "dnssec-keygen";
+int verbose;
+
+static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | NSEC3DSA |"
+ " NSEC3RSASHA1 | HMAC-MD5 |"
+ " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |"
+ " HMAC-SHA384 | HMAC-SHA512";
+
+static isc_boolean_t
+dsa_size_ok(int size) {
+ return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
+}
+
+static void
+usage(void) {
+ fprintf(stderr, "Usage:\n");
+ fprintf(stderr, " %s -a alg -b bits [-n type] [options] name\n\n",
+ program);
+ fprintf(stderr, "Version: %s\n", VERSION);
+ fprintf(stderr, "Required options:\n");
+ fprintf(stderr, " -a algorithm: %s\n", algs);
+ fprintf(stderr, " -b key size, in bits:\n");
+ fprintf(stderr, " RSAMD5:\t\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " RSASHA1:\t\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " NSEC3RSASHA1:\t\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " DH:\t\t[128..4096]\n");
+ fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
+ fprintf(stderr, " NSEC3DSA:\t\t[512..1024] and divisible by 64\n");
+ fprintf(stderr, " HMAC-MD5:\t[1..512]\n");
+ fprintf(stderr, " HMAC-SHA1:\t[1..160]\n");
+ fprintf(stderr, " HMAC-SHA224:\t[1..224]\n");
+ fprintf(stderr, " HMAC-SHA256:\t[1..256]\n");
+ fprintf(stderr, " HMAC-SHA384:\t[1..384]\n");
+ fprintf(stderr, " HMAC-SHA512:\t[1..512]\n");
+ fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+ fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
+ fprintf(stderr, " name: owner of the key\n");
+ fprintf(stderr, "Other options:\n");
+ fprintf(stderr, " -c <class> (default: IN)\n");
+ fprintf(stderr, " -d <digest bits> (0 => max, default)\n");
+ fprintf(stderr, " -e use large exponent (RSAMD5/RSASHA1 only)\n");
+ fprintf(stderr, " -f keyflag: KSK\n");
+ fprintf(stderr, " -g <generator> use specified generator "
+ "(DH only)\n");
+ fprintf(stderr, " -t <type>: "
+ "AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+ "(default: AUTHCONF)\n");
+ fprintf(stderr, " -p <protocol>: "
+ "default: 3 [dnssec]\n");
+ fprintf(stderr, " -s <strength> strength value this key signs DNS "
+ "records with (default: 0)\n");
+ fprintf(stderr, " -r <randomdev>: a file containing random data\n");
+ fprintf(stderr, " -v <verbose level>\n");
+ fprintf(stderr, " -k : generate a TYPE=KEY key\n");
+ fprintf(stderr, "Output:\n");
+ fprintf(stderr, " K<name>+<alg>+<id>.key, "
+ "K<name>+<alg>+<id>.private\n");
+
+ exit (-1);
+}
+
+int
+main(int argc, char **argv) {
+ char *algname = NULL, *nametype = NULL, *type = NULL;
+ char *classname = NULL;
+ char *endp;
+ dst_key_t *key = NULL, *oldkey;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_uint16_t flags = 0, ksk = 0;
+ dns_secalg_t alg;
+ isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
+ isc_mem_t *mctx = NULL;
+ int ch, rsa_exp = 0, generator = 0, param = 0;
+ int protocol = -1, size = -1, signatory = 0;
+ isc_result_t ret;
+ isc_textregion_t r;
+ char filename[255];
+ isc_buffer_t buf;
+ isc_log_t *log = NULL;
+ isc_entropy_t *ectx = NULL;
+ dns_rdataclass_t rdclass;
+ int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
+ int dbits = 0;
+
+ if (argc == 1)
+ usage();
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((ch = isc_commandline_parse(argc, argv,
+ "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)
+ {
+ switch (ch) {
+ case 'a':
+ algname = isc_commandline_argument;
+ break;
+ case 'b':
+ size = strtol(isc_commandline_argument, &endp, 10);
+ if (*endp != '\0' || size < 0)
+ fatal("-b requires a non-negative number");
+ break;
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+ case 'd':
+ dbits = strtol(isc_commandline_argument, &endp, 10);
+ if (*endp != '\0' || dbits < 0)
+ fatal("-d requires a non-negative number");
+ break;
+ case 'e':
+ rsa_exp = 1;
+ break;
+ case 'f':
+ if (strcasecmp(isc_commandline_argument, "KSK") == 0)
+ ksk = DNS_KEYFLAG_KSK;
+ else
+ fatal("unknown flag '%s'",
+ isc_commandline_argument);
+ break;
+ case 'g':
+ generator = strtol(isc_commandline_argument,
+ &endp, 10);
+ if (*endp != '\0' || generator <= 0)
+ fatal("-g requires a positive number");
+ break;
+ case 'k':
+ options |= DST_TYPE_KEY;
+ break;
+ case 'n':
+ nametype = isc_commandline_argument;
+ break;
+ case 't':
+ type = isc_commandline_argument;
+ break;
+ case 'p':
+ protocol = strtol(isc_commandline_argument, &endp, 10);
+ if (*endp != '\0' || protocol < 0 || protocol > 255)
+ fatal("-p must be followed by a number "
+ "[0..255]");
+ break;
+ case 's':
+ signatory = strtol(isc_commandline_argument,
+ &endp, 10);
+ if (*endp != '\0' || signatory < 0 || signatory > 15)
+ fatal("-s must be followed by a number "
+ "[0..15]");
+ break;
+ case 'r':
+ setup_entropy(mctx, isc_commandline_argument, &ectx);
+ break;
+ case 'v':
+ endp = NULL;
+ verbose = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0')
+ fatal("-v must be followed by a number");
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ case 'h':
+ usage();
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ if (ectx == NULL)
+ setup_entropy(mctx, NULL, &ectx);
+ ret = dst_lib_init(mctx, ectx,
+ ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+ if (ret != ISC_R_SUCCESS)
+ fatal("could not initialize dst");
+
+ setup_logging(verbose, mctx, &log);
+
+ if (argc < isc_commandline_index + 1)
+ fatal("the key name was not specified");
+ if (argc > isc_commandline_index + 1)
+ fatal("extraneous arguments");
+
+ if (algname == NULL)
+ fatal("no algorithm was specified");
+ if (strcasecmp(algname, "RSA") == 0) {
+ fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
+ "If you still wish to use RSA (RSAMD5) please "
+ "specify \"-a RSAMD5\"\n");
+ return (1);
+ } else if (strcasecmp(algname, "HMAC-MD5") == 0) {
+ options |= DST_TYPE_KEY;
+ alg = DST_ALG_HMACMD5;
+ } else if (strcasecmp(algname, "HMAC-SHA1") == 0) {
+ options |= DST_TYPE_KEY;
+ alg = DST_ALG_HMACSHA1;
+ } else if (strcasecmp(algname, "HMAC-SHA224") == 0) {
+ options |= DST_TYPE_KEY;
+ alg = DST_ALG_HMACSHA224;
+ } else if (strcasecmp(algname, "HMAC-SHA256") == 0) {
+ options |= DST_TYPE_KEY;
+ alg = DST_ALG_HMACSHA256;
+ } else if (strcasecmp(algname, "HMAC-SHA384") == 0) {
+ options |= DST_TYPE_KEY;
+ alg = DST_ALG_HMACSHA384;
+ } else if (strcasecmp(algname, "HMAC-SHA512") == 0) {
+ options |= DST_TYPE_KEY;
+ alg = DST_ALG_HMACSHA512;
+ } else {
+ r.base = algname;
+ r.length = strlen(algname);
+ ret = dns_secalg_fromtext(&alg, &r);
+ if (ret != ISC_R_SUCCESS)
+ fatal("unknown algorithm %s", algname);
+ if (alg == DST_ALG_DH)
+ options |= DST_TYPE_KEY;
+ }
+
+ if (type != NULL && (options & DST_TYPE_KEY) != 0) {
+ if (strcasecmp(type, "NOAUTH") == 0)
+ flags |= DNS_KEYTYPE_NOAUTH;
+ else if (strcasecmp(type, "NOCONF") == 0)
+ flags |= DNS_KEYTYPE_NOCONF;
+ else if (strcasecmp(type, "NOAUTHCONF") == 0) {
+ flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
+ if (size < 0)
+ size = 0;
+ }
+ else if (strcasecmp(type, "AUTHCONF") == 0)
+ /* nothing */;
+ else
+ fatal("invalid type %s", type);
+ }
+
+ if (size < 0)
+ fatal("key size not specified (-b option)");
+
+ switch (alg) {
+ case DNS_KEYALG_RSAMD5:
+ case DNS_KEYALG_RSASHA1:
+ case DNS_KEYALG_NSEC3RSASHA1:
+ if (size != 0 && (size < 512 || size > MAX_RSA))
+ fatal("RSA key size %d out of range", size);
+ break;
+ case DNS_KEYALG_DH:
+ if (size != 0 && (size < 128 || size > 4096))
+ fatal("DH key size %d out of range", size);
+ break;
+ case DNS_KEYALG_DSA:
+ case DNS_KEYALG_NSEC3DSA:
+ if (size != 0 && !dsa_size_ok(size))
+ fatal("invalid DSS key size: %d", size);
+ break;
+ case DST_ALG_HMACMD5:
+ if (size < 1 || size > 512)
+ fatal("HMAC-MD5 key size %d out of range", size);
+ if (dbits != 0 && (dbits < 80 || dbits > 128))
+ fatal("HMAC-MD5 digest bits %d out of range", dbits);
+ if ((dbits % 8) != 0)
+ fatal("HMAC-MD5 digest bits %d not divisible by 8",
+ dbits);
+ break;
+ case DST_ALG_HMACSHA1:
+ if (size < 1 || size > 160)
+ fatal("HMAC-SHA1 key size %d out of range", size);
+ if (dbits != 0 && (dbits < 80 || dbits > 160))
+ fatal("HMAC-SHA1 digest bits %d out of range", dbits);
+ if ((dbits % 8) != 0)
+ fatal("HMAC-SHA1 digest bits %d not divisible by 8",
+ dbits);
+ break;
+ case DST_ALG_HMACSHA224:
+ if (size < 1 || size > 224)
+ fatal("HMAC-SHA224 key size %d out of range", size);
+ if (dbits != 0 && (dbits < 112 || dbits > 224))
+ fatal("HMAC-SHA224 digest bits %d out of range", dbits);
+ if ((dbits % 8) != 0)
+ fatal("HMAC-SHA224 digest bits %d not divisible by 8",
+ dbits);
+ break;
+ case DST_ALG_HMACSHA256:
+ if (size < 1 || size > 256)
+ fatal("HMAC-SHA256 key size %d out of range", size);
+ if (dbits != 0 && (dbits < 128 || dbits > 256))
+ fatal("HMAC-SHA256 digest bits %d out of range", dbits);
+ if ((dbits % 8) != 0)
+ fatal("HMAC-SHA256 digest bits %d not divisible by 8",
+ dbits);
+ break;
+ case DST_ALG_HMACSHA384:
+ if (size < 1 || size > 384)
+ fatal("HMAC-384 key size %d out of range", size);
+ if (dbits != 0 && (dbits < 192 || dbits > 384))
+ fatal("HMAC-SHA384 digest bits %d out of range", dbits);
+ if ((dbits % 8) != 0)
+ fatal("HMAC-SHA384 digest bits %d not divisible by 8",
+ dbits);
+ break;
+ case DST_ALG_HMACSHA512:
+ if (size < 1 || size > 512)
+ fatal("HMAC-SHA512 key size %d out of range", size);
+ if (dbits != 0 && (dbits < 256 || dbits > 512))
+ fatal("HMAC-SHA512 digest bits %d out of range", dbits);
+ if ((dbits % 8) != 0)
+ fatal("HMAC-SHA512 digest bits %d not divisible by 8",
+ dbits);
+ break;
+ }
+
+ if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
+ alg == DNS_KEYALG_NSEC3RSASHA1) && rsa_exp != 0)
+ fatal("specified RSA exponent for a non-RSA key");
+
+ if (alg != DNS_KEYALG_DH && generator != 0)
+ fatal("specified DH generator for a non-DH key");
+
+ if (nametype == NULL) {
+ if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
+ fatal("no nametype specified");
+ flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */
+ } else if (strcasecmp(nametype, "zone") == 0)
+ flags |= DNS_KEYOWNER_ZONE;
+ else if ((options & DST_TYPE_KEY) != 0) { /* KEY / HMAC */
+ if (strcasecmp(nametype, "host") == 0 ||
+ strcasecmp(nametype, "entity") == 0)
+ flags |= DNS_KEYOWNER_ENTITY;
+ else if (strcasecmp(nametype, "user") == 0)
+ flags |= DNS_KEYOWNER_USER;
+ else
+ fatal("invalid KEY nametype %s", nametype);
+ } else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
+ fatal("invalid DNSKEY nametype %s", nametype);
+
+ rdclass = strtoclass(classname);
+
+ if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
+ flags |= signatory;
+ else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
+ flags |= ksk;
+
+ if (protocol == -1)
+ protocol = DNS_KEYPROTO_DNSSEC;
+ else if ((options & DST_TYPE_KEY) == 0 &&
+ protocol != DNS_KEYPROTO_DNSSEC)
+ fatal("invalid DNSKEY protocol: %d", protocol);
+
+ if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+ if (size > 0)
+ fatal("specified null key with non-zero size");
+ if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
+ fatal("specified null key with signing authority");
+ }
+
+ if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
+ (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5 ||
+ alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 ||
+ alg == DST_ALG_HMACSHA256 || alg == DST_ALG_HMACSHA384 ||
+ alg == DST_ALG_HMACSHA512))
+ fatal("a key with algorithm '%s' cannot be a zone key",
+ algname);
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&buf, argv[isc_commandline_index],
+ strlen(argv[isc_commandline_index]));
+ isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
+ ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
+ if (ret != ISC_R_SUCCESS)
+ fatal("invalid key name %s: %s", argv[isc_commandline_index],
+ isc_result_totext(ret));
+
+ switch(alg) {
+ case DNS_KEYALG_RSAMD5:
+ case DNS_KEYALG_RSASHA1:
+ param = rsa_exp;
+ break;
+ case DNS_KEYALG_DH:
+ param = generator;
+ break;
+ case DNS_KEYALG_DSA:
+ case DST_ALG_HMACMD5:
+ case DST_ALG_HMACSHA1:
+ case DST_ALG_HMACSHA224:
+ case DST_ALG_HMACSHA256:
+ case DST_ALG_HMACSHA384:
+ case DST_ALG_HMACSHA512:
+ param = 0;
+ break;
+ }
+
+ if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
+ null_key = ISC_TRUE;
+
+ isc_buffer_init(&buf, filename, sizeof(filename) - 1);
+
+ do {
+ conflict = ISC_FALSE;
+ oldkey = NULL;
+
+ /* generate the key */
+ ret = dst_key_generate(name, alg, size, param, flags, protocol,
+ rdclass, mctx, &key);
+ isc_entropy_stopcallbacksources(ectx);
+
+ if (ret != ISC_R_SUCCESS) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char algstr[ALG_FORMATSIZE];
+ dns_name_format(name, namestr, sizeof(namestr));
+ alg_format(alg, algstr, sizeof(algstr));
+ fatal("failed to generate key %s/%s: %s\n",
+ namestr, algstr, isc_result_totext(ret));
+ exit(-1);
+ }
+
+ dst_key_setbits(key, dbits);
+
+ /*
+ * Try to read a key with the same name, alg and id from disk.
+ * If there is one we must continue generating a new one
+ * unless we were asked to generate a null key, in which
+ * case we return failure.
+ */
+ ret = dst_key_fromfile(name, dst_key_id(key), alg,
+ DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
+ /* do not overwrite an existing key */
+ if (ret == ISC_R_SUCCESS) {
+ dst_key_free(&oldkey);
+ conflict = ISC_TRUE;
+ if (null_key)
+ break;
+ }
+ if (conflict == ISC_TRUE) {
+ if (verbose > 0) {
+ isc_buffer_clear(&buf);
+ ret = dst_key_buildfilename(key, 0, NULL, &buf);
+ fprintf(stderr,
+ "%s: %s already exists, "
+ "generating a new key\n",
+ program, filename);
+ }
+ dst_key_free(&key);
+ }
+
+ } while (conflict == ISC_TRUE);
+
+ if (conflict)
+ fatal("cannot generate a null key when a key with id 0 "
+ "already exists");
+
+ ret = dst_key_tofile(key, options, NULL);
+ if (ret != ISC_R_SUCCESS) {
+ char keystr[KEY_FORMATSIZE];
+ key_format(key, keystr, sizeof(keystr));
+ fatal("failed to write key %s: %s\n", keystr,
+ isc_result_totext(ret));
+ }
+
+ isc_buffer_clear(&buf);
+ ret = dst_key_buildfilename(key, 0, NULL, &buf);
+ printf("%s\n", filename);
+ dst_key_free(&key);
+
+ cleanup_logging(&log);
+ cleanup_entropy(&ectx);
+ dst_lib_destroy();
+ dns_name_destroy();
+ if (verbose > 10)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
new file mode 100644
index 0000000..c267a1b
--- /dev/null
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -0,0 +1,360 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-keygen.docbook,v 1.22 2008/10/14 14:32:50 jreed Exp $ -->
+<refentry id="man.dnssec-keygen">
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>dnssec-keygen</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>dnssec-keygen</application></refname>
+ <refpurpose>DNSSEC key generation tool</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>dnssec-keygen</command>
+ <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
+ <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
+ <arg choice="req">-n <replaceable class="parameter">nametype</replaceable></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-e</option></arg>
+ <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
+ <arg><option>-h</option></arg>
+ <arg><option>-k</option></arg>
+ <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
+ <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="req">name</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>dnssec-keygen</command>
+ generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
+ and RFC 4034. It can also generate keys for use with
+ TSIG (Transaction Signatures), as defined in RFC 2845.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a <replaceable class="parameter">algorithm</replaceable></term>
+ <listitem>
+ <para>
+ Selects the cryptographic algorithm. The value of
+ <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
+ DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
+ These values are case insensitive.
+ </para>
+ <para>
+ Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+ algorithm, and DSA is recommended. For TSIG, HMAC-MD5 is
+ mandatory.
+ </para>
+ <para>
+ Note 2: HMAC-MD5 and DH automatically set the -k flag.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-b <replaceable class="parameter">keysize</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the number of bits in the key. The choice of key
+ size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
+ between
+ 512 and 2048 bits. Diffie Hellman keys must be between
+ 128 and 4096 bits. DSA keys must be between 512 and 1024
+ bits and an exact multiple of 64. HMAC-MD5 keys must be
+ between 1 and 512 bits.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">nametype</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the owner type of the key. The value of
+ <option>nametype</option> must either be ZONE (for a DNSSEC
+ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+ a host (KEY)),
+ USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+ These values are case insensitive. Defaults to ZONE for DNSKEY
+ generation.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">class</replaceable></term>
+ <listitem>
+ <para>
+ Indicates that the DNS record containing the key should have
+ the specified class. If not specified, class IN is used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-e</term>
+ <listitem>
+ <para>
+ If generating an RSAMD5/RSASHA1 key, use a large exponent.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f <replaceable class="parameter">flag</replaceable></term>
+ <listitem>
+ <para>
+ Set the specified flag in the flag field of the KEY/DNSKEY record.
+ The only recognized flag is KSK (Key Signing Key) DNSKEY.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-g <replaceable class="parameter">generator</replaceable></term>
+ <listitem>
+ <para>
+ If generating a Diffie Hellman key, use this generator.
+ Allowed values are 2 and 5. If no generator
+ is specified, a known prime from RFC 2539 will be used
+ if possible; otherwise the default is 2.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Prints a short summary of the options and arguments to
+ <command>dnssec-keygen</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k</term>
+ <listitem>
+ <para>
+ Generate KEY records rather than DNSKEY records.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">protocol</replaceable></term>
+ <listitem>
+ <para>
+ Sets the protocol value for the generated key. The protocol
+ is a number between 0 and 255. The default is 3 (DNSSEC).
+ Other possible values for this argument are listed in
+ RFC 2535 and its successors.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r <replaceable class="parameter">randomdev</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the source of randomness. If the operating
+ system does not provide a <filename>/dev/random</filename>
+ or equivalent device, the default source of randomness
+ is keyboard input. <filename>randomdev</filename>
+ specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <filename>keyboard</filename> indicates that keyboard
+ input should be used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">strength</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the strength value of the key. The strength is
+ a number between 0 and 15, and currently has no defined
+ purpose in DNSSEC.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">type</replaceable></term>
+ <listitem>
+ <para>
+ Indicates the use of the key. <option>type</option> must be
+ one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
+ is AUTHCONF. AUTH refers to the ability to authenticate
+ data, and CONF the ability to encrypt data.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v <replaceable class="parameter">level</replaceable></term>
+ <listitem>
+ <para>
+ Sets the debugging level.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>GENERATED KEYS</title>
+ <para>
+ When <command>dnssec-keygen</command> completes
+ successfully,
+ it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
+ to the standard output. This is an identification string for
+ the key it has generated.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para><filename>nnnn</filename> is the key name.
+ </para>
+ </listitem>
+ <listitem>
+ <para><filename>aaa</filename> is the numeric representation
+ of the
+ algorithm.
+ </para>
+ </listitem>
+ <listitem>
+ <para><filename>iiiii</filename> is the key identifier (or
+ footprint).
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para><command>dnssec-keygen</command>
+ creates two files, with names based
+ on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
+ contains the public key, and
+ <filename>Knnnn.+aaa+iiiii.private</filename> contains the
+ private
+ key.
+ </para>
+ <para>
+ The <filename>.key</filename> file contains a DNS KEY record
+ that
+ can be inserted into a zone file (directly or with a $INCLUDE
+ statement).
+ </para>
+ <para>
+ The <filename>.private</filename> file contains
+ algorithm-specific
+ fields. For obvious security reasons, this file does not have
+ general read permission.
+ </para>
+ <para>
+ Both <filename>.key</filename> and <filename>.private</filename>
+ files are generated for symmetric encryption algorithms such as
+ HMAC-MD5, even though the public and private key are equivalent.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLE</title>
+ <para>
+ To generate a 768-bit DSA key for the domain
+ <userinput>example.com</userinput>, the following command would be
+ issued:
+ </para>
+ <para><userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
+ </para>
+ <para>
+ The command would print a string of the form:
+ </para>
+ <para><userinput>Kexample.com.+003+26160</userinput>
+ </para>
+ <para>
+ In this example, <command>dnssec-keygen</command> creates
+ the files <filename>Kexample.com.+003+26160.key</filename>
+ and
+ <filename>Kexample.com.+003+26160.private</filename>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
+ <citetitle>RFC 2539</citetitle>,
+ <citetitle>RFC 2845</citetitle>,
+ <citetitle>RFC 4033</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
new file mode 100644
index 0000000..696ef88
--- /dev/null
+++ b/bin/dnssec/dnssec-keygen.html
@@ -0,0 +1,232 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: dnssec-keygen.html,v 1.32 2008/10/15 01:11:35 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-keygen</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543477"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">dnssec-keygen</strong></span>
+ generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
+ and RFC 4034. It can also generate keys for use with
+ TSIG (Transaction Signatures), as defined in RFC 2845.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543489"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
+<dd>
+<p>
+ Selects the cryptographic algorithm. The value of
+ <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
+ DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
+ These values are case insensitive.
+ </p>
+<p>
+ Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+ algorithm, and DSA is recommended. For TSIG, HMAC-MD5 is
+ mandatory.
+ </p>
+<p>
+ Note 2: HMAC-MD5 and DH automatically set the -k flag.
+ </p>
+</dd>
+<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
+<dd><p>
+ Specifies the number of bits in the key. The choice of key
+ size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be
+ between
+ 512 and 2048 bits. Diffie Hellman keys must be between
+ 128 and 4096 bits. DSA keys must be between 512 and 1024
+ bits and an exact multiple of 64. HMAC-MD5 keys must be
+ between 1 and 512 bits.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
+<dd><p>
+ Specifies the owner type of the key. The value of
+ <code class="option">nametype</code> must either be ZONE (for a DNSSEC
+ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+ a host (KEY)),
+ USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+ These values are case insensitive. Defaults to ZONE for DNSKEY
+ generation.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Indicates that the DNS record containing the key should have
+ the specified class. If not specified, class IN is used.
+ </p></dd>
+<dt><span class="term">-e</span></dt>
+<dd><p>
+ If generating an RSAMD5/RSASHA1 key, use a large exponent.
+ </p></dd>
+<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Set the specified flag in the flag field of the KEY/DNSKEY record.
+ The only recognized flag is KSK (Key Signing Key) DNSKEY.
+ </p></dd>
+<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
+<dd><p>
+ If generating a Diffie Hellman key, use this generator.
+ Allowed values are 2 and 5. If no generator
+ is specified, a known prime from RFC 2539 will be used
+ if possible; otherwise the default is 2.
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Prints a short summary of the options and arguments to
+ <span><strong class="command">dnssec-keygen</strong></span>.
+ </p></dd>
+<dt><span class="term">-k</span></dt>
+<dd><p>
+ Generate KEY records rather than DNSKEY records.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
+<dd><p>
+ Sets the protocol value for the generated key. The protocol
+ is a number between 0 and 255. The default is 3 (DNSSEC).
+ Other possible values for this argument are listed in
+ RFC 2535 and its successors.
+ </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+ Specifies the source of randomness. If the operating
+ system does not provide a <code class="filename">/dev/random</code>
+ or equivalent device, the default source of randomness
+ is keyboard input. <code class="filename">randomdev</code>
+ specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <code class="filename">keyboard</code> indicates that keyboard
+ input should be used.
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
+<dd><p>
+ Specifies the strength value of the key. The strength is
+ a number between 0 and 15, and currently has no defined
+ purpose in DNSSEC.
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
+<dd><p>
+ Indicates the use of the key. <code class="option">type</code> must be
+ one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
+ is AUTHCONF. AUTH refers to the ability to authenticate
+ data, and CONF the ability to encrypt data.
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+ Sets the debugging level.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543824"></a><h2>GENERATED KEYS</h2>
+<p>
+ When <span><strong class="command">dnssec-keygen</strong></span> completes
+ successfully,
+ it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
+ to the standard output. This is an identification string for
+ the key it has generated.
+ </p>
+<div class="itemizedlist"><ul type="disc">
+<li><p><code class="filename">nnnn</code> is the key name.
+ </p></li>
+<li><p><code class="filename">aaa</code> is the numeric representation
+ of the
+ algorithm.
+ </p></li>
+<li><p><code class="filename">iiiii</code> is the key identifier (or
+ footprint).
+ </p></li>
+</ul></div>
+<p><span><strong class="command">dnssec-keygen</strong></span>
+ creates two files, with names based
+ on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
+ contains the public key, and
+ <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
+ private
+ key.
+ </p>
+<p>
+ The <code class="filename">.key</code> file contains a DNS KEY record
+ that
+ can be inserted into a zone file (directly or with a $INCLUDE
+ statement).
+ </p>
+<p>
+ The <code class="filename">.private</code> file contains
+ algorithm-specific
+ fields. For obvious security reasons, this file does not have
+ general read permission.
+ </p>
+<p>
+ Both <code class="filename">.key</code> and <code class="filename">.private</code>
+ files are generated for symmetric encryption algorithms such as
+ HMAC-MD5, even though the public and private key are equivalent.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543906"></a><h2>EXAMPLE</h2>
+<p>
+ To generate a 768-bit DSA key for the domain
+ <strong class="userinput"><code>example.com</code></strong>, the following command would be
+ issued:
+ </p>
+<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
+ </p>
+<p>
+ The command would print a string of the form:
+ </p>
+<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
+ </p>
+<p>
+ In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
+ the files <code class="filename">Kexample.com.+003+26160.key</code>
+ and
+ <code class="filename">Kexample.com.+003+26160.private</code>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543949"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 2539</em>,
+ <em class="citetitle">RFC 2845</em>,
+ <em class="citetitle">RFC 4033</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544049"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
new file mode 100644
index 0000000..ca0ed36
--- /dev/null
+++ b/bin/dnssec/dnssec-signzone.8
@@ -0,0 +1,287 @@
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dnssec-signzone.8,v 1.47 2008/10/15 01:11:35 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: dnssec\-signzone
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-signzone \- DNSSEC zone signing tool
+.SH "SYNOPSIS"
+.HP 16
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+.SH "DESCRIPTION"
+.PP
+\fBdnssec\-signzone\fR
+signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
+\fIkeyset\fR
+file for each child zone.
+.SH "OPTIONS"
+.PP
+\-a
+.RS 4
+Verify all generated signatures.
+.RE
+.PP
+\-c \fIclass\fR
+.RS 4
+Specifies the DNS class of the zone.
+.RE
+.PP
+\-k \fIkey\fR
+.RS 4
+Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
+.RE
+.PP
+\-l \fIdomain\fR
+.RS 4
+Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
+.RE
+.PP
+\-d \fIdirectory\fR
+.RS 4
+Look for
+\fIkeyset\fR
+files in
+\fBdirectory\fR
+as the directory
+.RE
+.PP
+\-g
+.RS 4
+Generate DS records for child zones from keyset files. Existing DS records will be removed.
+.RE
+.PP
+\-s \fIstart\-time\fR
+.RS 4
+Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time minus 1 hour (to allow for clock skew) is used.
+.RE
+.PP
+\-e \fIend\-time\fR
+.RS 4
+Specify the date and time when the generated RRSIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
+.RE
+.PP
+\-f \fIoutput\-file\fR
+.RS 4
+The name of the output file containing the signed zone. The default is to append
+\fI.signed\fR
+to the input filename.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-signzone\fR.
+.RE
+.PP
+\-i \fIinterval\fR
+.RS 4
+When a previously\-signed zone is passed as input, records may be resigned. The
+\fBinterval\fR
+option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
+.sp
+The default cycle interval is one quarter of the difference between the signature end and start times. So if neither
+\fBend\-time\fR
+or
+\fBstart\-time\fR
+are specified,
+\fBdnssec\-signzone\fR
+generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
+.RE
+.PP
+\-I \fIinput\-format\fR
+.RS 4
+The format of the input zone file. Possible formats are
+\fB"text"\fR
+(default) and
+\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
+.RE
+.PP
+\-j \fIjitter\fR
+.RS 4
+When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The
+\fBjitter\fR
+option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time.
+.sp
+Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
+.RE
+.PP
+\-n \fIncpus\fR
+.RS 4
+Specifies the number of threads to use. By default, one thread is started for each detected CPU.
+.RE
+.PP
+\-N \fIsoa\-serial\-format\fR
+.RS 4
+The SOA serial number format of the signed zone. Possible formats are
+\fB"keep"\fR
+(default),
+\fB"increment"\fR
+and
+\fB"unixtime"\fR.
+.RS 4
+.PP
+\fB"keep"\fR
+.RS 4
+Do not modify the SOA serial number.
+.RE
+.PP
+\fB"increment"\fR
+.RS 4
+Increment the SOA serial number using RFC 1982 arithmetics.
+.RE
+.PP
+\fB"unixtime"\fR
+.RS 4
+Set the SOA serial number to the number of seconds since epoch.
+.RE
+.RE
+.RE
+.PP
+\-o \fIorigin\fR
+.RS 4
+The zone origin. If not specified, the name of the zone file is assumed to be the origin.
+.RE
+.PP
+\-O \fIoutput\-format\fR
+.RS 4
+The format of the output file containing the signed zone. Possible formats are
+\fB"text"\fR
+(default) and
+\fB"raw"\fR.
+.RE
+.PP
+\-p
+.RS 4
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
+.RE
+.PP
+\-r \fIrandomdev\fR
+.RS 4
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
+\-t
+.RS 4
+Print statistics at completion.
+.RE
+.PP
+\-v \fIlevel\fR
+.RS 4
+Sets the debugging level.
+.RE
+.PP
+\-z
+.RS 4
+Ignore KSK flag on key when determining what to sign.
+.RE
+.PP
+\-3 \fIsalt\fR
+.RS 4
+Generate a NSEC3 chain with the given hex encoded salt. A dash (\fIsalt\fR) can be used to indicate that no salt is to be used when generating the NSEC3 chain.
+.RE
+.PP
+\-H \fIiterations\fR
+.RS 4
+When generating a NSEC3 chain use this many interations. The default is 100.
+.RE
+.PP
+\-A
+.RS 4
+When generating a NSEC3 chain set the OPTOUT flag on all NSEC3 records and do not generate NSEC3 records for insecure delegations.
+.RE
+.PP
+zonefile
+.RS 4
+The file containing the zone to be signed.
+.RE
+.PP
+key
+.RS 4
+Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
+.RE
+.SH "EXAMPLE"
+.PP
+The following command signs the
+\fBexample.com\fR
+zone with the DSA key generated by
+\fBdnssec\-keygen\fR
+(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
+\fIkeyset\fR
+files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
+.sp
+.RS 4
+.nf
+% dnssec\-signzone \-g \-o example.com db.example.com \\
+Kexample.com.+003+17247
+db.example.com.signed
+%
+.fi
+.RE
+.PP
+In the above example,
+\fBdnssec\-signzone\fR
+creates the file
+\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
+\fInamed.conf\fR
+file.
+.PP
+This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory.
+.sp
+.RS 4
+.nf
+% cp db.example.com.signed db.example.com
+% dnssec\-signzone \-o example.com db.example.com
+db.example.com.signed
+%
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+\fBdnssec\-keygen\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 4033.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
new file mode 100644
index 0000000..f446ef3
--- /dev/null
+++ b/bin/dnssec/dnssec-signzone.c
@@ -0,0 +1,3031 @@
+/*
+ * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-signzone.c,v 1.209 2008/11/14 22:53:46 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <time.h>
+
+#include <isc/app.h>
+#include <isc/base32.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/event.h>
+#include <isc/file.h>
+#include <isc/hash.h>
+#include <isc/hex.h>
+#include <isc/mem.h>
+#include <isc/mutex.h>
+#include <isc/os.h>
+#include <isc/print.h>
+#include <isc/random.h>
+#include <isc/serial.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/diff.h>
+#include <dns/dnssec.h>
+#include <dns/ds.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/log.h>
+#include <dns/master.h>
+#include <dns/masterdump.h>
+#include <dns/nsec.h>
+#include <dns/nsec3.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatasetiter.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+#include <dns/soa.h>
+#include <dns/time.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+const char *program = "dnssec-signzone";
+int verbose;
+
+typedef struct hashlist hashlist_t;
+
+static int nsec_datatype = dns_rdatatype_nsec;
+
+#define IS_NSEC3 (nsec_datatype == dns_rdatatype_nsec3)
+#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
+
+#define BUFSIZE 2048
+#define MAXDSKEYS 8
+
+typedef struct signer_key_struct signer_key_t;
+
+struct signer_key_struct {
+ dst_key_t *key;
+ isc_boolean_t issigningkey;
+ isc_boolean_t isdsk;
+ isc_boolean_t isksk;
+ unsigned int position;
+ ISC_LINK(signer_key_t) link;
+};
+
+#define SIGNER_EVENTCLASS ISC_EVENTCLASS(0x4453)
+#define SIGNER_EVENT_WRITE (SIGNER_EVENTCLASS + 0)
+#define SIGNER_EVENT_WORK (SIGNER_EVENTCLASS + 1)
+
+#define SOA_SERIAL_KEEP 0
+#define SOA_SERIAL_INCREMENT 1
+#define SOA_SERIAL_UNIXTIME 2
+
+typedef struct signer_event sevent_t;
+struct signer_event {
+ ISC_EVENT_COMMON(sevent_t);
+ dns_fixedname_t *fname;
+ dns_dbnode_t *node;
+};
+
+static ISC_LIST(signer_key_t) keylist;
+static unsigned int keycount = 0;
+static isc_stdtime_t starttime = 0, endtime = 0, now;
+static int cycle = -1;
+static int jitter = 0;
+static isc_boolean_t tryverify = ISC_FALSE;
+static isc_boolean_t printstats = ISC_FALSE;
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+static dns_ttl_t zonettl;
+static FILE *fp;
+static char *tempfile = NULL;
+static const dns_master_style_t *masterstyle;
+static dns_masterformat_t inputformat = dns_masterformat_text;
+static dns_masterformat_t outputformat = dns_masterformat_text;
+static unsigned int nsigned = 0, nretained = 0, ndropped = 0;
+static unsigned int nverified = 0, nverifyfailed = 0;
+static const char *directory;
+static isc_mutex_t namelock, statslock;
+static isc_taskmgr_t *taskmgr = NULL;
+static dns_db_t *gdb; /* The database */
+static dns_dbversion_t *gversion; /* The database version */
+static dns_dbiterator_t *gdbiter; /* The database iterator */
+static dns_rdataclass_t gclass; /* The class */
+static dns_name_t *gorigin; /* The database origin */
+static int nsec3flags = 0;
+static isc_task_t *master = NULL;
+static unsigned int ntasks = 0;
+static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE;
+static isc_boolean_t nokeys = ISC_FALSE;
+static isc_boolean_t removefile = ISC_FALSE;
+static isc_boolean_t generateds = ISC_FALSE;
+static isc_boolean_t ignoreksk = ISC_FALSE;
+static dns_name_t *dlv = NULL;
+static dns_fixedname_t dlv_fixed;
+static dns_master_style_t *dsstyle = NULL;
+static unsigned int serialformat = SOA_SERIAL_KEEP;
+static unsigned int hash_length = 0;
+static isc_boolean_t unknownalg = ISC_FALSE;
+
+#define INCSTAT(counter) \
+ if (printstats) { \
+ LOCK(&statslock); \
+ counter++; \
+ UNLOCK(&statslock); \
+ }
+
+static void
+sign(isc_task_t *task, isc_event_t *event);
+
+static isc_boolean_t
+nsec3only(dns_dbnode_t *node);
+
+static void
+dumpnode(dns_name_t *name, dns_dbnode_t *node) {
+ isc_result_t result;
+
+ if (outputformat != dns_masterformat_text)
+ return;
+ result = dns_master_dumpnodetostream(mctx, gdb, gversion, node, name,
+ masterstyle, fp);
+ check_result(result, "dns_master_dumpnodetostream");
+}
+
+static signer_key_t *
+newkeystruct(dst_key_t *dstkey, isc_boolean_t signwithkey) {
+ signer_key_t *key;
+
+ key = isc_mem_get(mctx, sizeof(signer_key_t));
+ if (key == NULL)
+ fatal("out of memory");
+ key->key = dstkey;
+ if ((dst_key_flags(dstkey) & DNS_KEYFLAG_KSK) != 0) {
+ key->issigningkey = signwithkey;
+ key->isksk = ISC_TRUE;
+ key->isdsk = ISC_FALSE;
+ } else {
+ key->issigningkey = signwithkey;
+ key->isksk = ISC_FALSE;
+ key->isdsk = ISC_TRUE;
+ }
+ key->position = keycount++;
+ ISC_LINK_INIT(key, link);
+ return (key);
+}
+
+static void
+signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
+ dst_key_t *key, isc_buffer_t *b)
+{
+ isc_result_t result;
+ isc_stdtime_t jendtime;
+
+ jendtime = (jitter != 0) ? isc_random_jitter(endtime, jitter) : endtime;
+ result = dns_dnssec_sign(name, rdataset, key, &starttime, &jendtime,
+ mctx, b, rdata);
+ isc_entropy_stopcallbacksources(ectx);
+ if (result != ISC_R_SUCCESS) {
+ char keystr[KEY_FORMATSIZE];
+ key_format(key, keystr, sizeof(keystr));
+ fatal("dnskey '%s' failed to sign data: %s",
+ keystr, isc_result_totext(result));
+ }
+ INCSTAT(nsigned);
+
+ if (tryverify) {
+ result = dns_dnssec_verify(name, rdataset, key,
+ ISC_TRUE, mctx, rdata);
+ if (result == ISC_R_SUCCESS) {
+ vbprintf(3, "\tsignature verified\n");
+ INCSTAT(nverified);
+ } else {
+ vbprintf(3, "\tsignature failed to verify\n");
+ INCSTAT(nverifyfailed);
+ }
+ }
+}
+
+static inline isc_boolean_t
+issigningkey(signer_key_t *key) {
+ return (key->issigningkey);
+}
+
+static inline isc_boolean_t
+iszonekey(signer_key_t *key) {
+ return (ISC_TF(dns_name_equal(dst_key_name(key->key), gorigin) &&
+ dst_key_iszonekey(key->key)));
+}
+
+/*%
+ * Finds the key that generated a RRSIG, if possible. First look at the keys
+ * that we've loaded already, and then see if there's a key on disk.
+ */
+static signer_key_t *
+keythatsigned(dns_rdata_rrsig_t *rrsig) {
+ isc_result_t result;
+ dst_key_t *pubkey = NULL, *privkey = NULL;
+ signer_key_t *key;
+
+ key = ISC_LIST_HEAD(keylist);
+ while (key != NULL) {
+ if (rrsig->keyid == dst_key_id(key->key) &&
+ rrsig->algorithm == dst_key_alg(key->key) &&
+ dns_name_equal(&rrsig->signer, dst_key_name(key->key)))
+ return key;
+ key = ISC_LIST_NEXT(key, link);
+ }
+
+ result = dst_key_fromfile(&rrsig->signer, rrsig->keyid,
+ rrsig->algorithm, DST_TYPE_PUBLIC,
+ NULL, mctx, &pubkey);
+ if (result != ISC_R_SUCCESS)
+ return (NULL);
+
+ result = dst_key_fromfile(&rrsig->signer, rrsig->keyid,
+ rrsig->algorithm,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
+ NULL, mctx, &privkey);
+ if (result == ISC_R_SUCCESS) {
+ dst_key_free(&pubkey);
+ key = newkeystruct(privkey, ISC_FALSE);
+ } else
+ key = newkeystruct(pubkey, ISC_FALSE);
+ ISC_LIST_APPEND(keylist, key, link);
+ return (key);
+}
+
+/*%
+ * Check to see if we expect to find a key at this name. If we see a RRSIG
+ * and can't find the signing key that we expect to find, we drop the rrsig.
+ * I'm not sure if this is completely correct, but it seems to work.
+ */
+static isc_boolean_t
+expecttofindkey(dns_name_t *name) {
+ unsigned int options = DNS_DBFIND_NOWILD;
+ dns_fixedname_t fname;
+ isc_result_t result;
+ char namestr[DNS_NAME_FORMATSIZE];
+
+ dns_fixedname_init(&fname);
+ result = dns_db_find(gdb, name, gversion, dns_rdatatype_dnskey, options,
+ 0, NULL, dns_fixedname_name(&fname), NULL, NULL);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ case DNS_R_NXDOMAIN:
+ case DNS_R_NXRRSET:
+ return (ISC_TRUE);
+ case DNS_R_DELEGATION:
+ case DNS_R_CNAME:
+ case DNS_R_DNAME:
+ return (ISC_FALSE);
+ }
+ dns_name_format(name, namestr, sizeof(namestr));
+ fatal("failure looking for '%s DNSKEY' in database: %s",
+ namestr, isc_result_totext(result));
+ return (ISC_FALSE); /* removes a warning */
+}
+
+static inline isc_boolean_t
+setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key,
+ dns_rdata_t *rrsig)
+{
+ isc_result_t result;
+ result = dns_dnssec_verify(name, set, key->key, ISC_FALSE, mctx, rrsig);
+ if (result == ISC_R_SUCCESS) {
+ INCSTAT(nverified);
+ return (ISC_TRUE);
+ } else {
+ INCSTAT(nverifyfailed);
+ return (ISC_FALSE);
+ }
+}
+
+/*%
+ * Signs a set. Goes through contortions to decide if each RRSIG should
+ * be dropped or retained, and then determines if any new SIGs need to
+ * be generated.
+ */
+static void
+signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
+ dns_rdataset_t *set)
+{
+ dns_rdataset_t sigset;
+ dns_rdata_t sigrdata = DNS_RDATA_INIT;
+ dns_rdata_rrsig_t rrsig;
+ signer_key_t *key;
+ isc_result_t result;
+ isc_boolean_t nosigs = ISC_FALSE;
+ isc_boolean_t *wassignedby, *nowsignedby;
+ int arraysize;
+ dns_difftuple_t *tuple;
+ dns_ttl_t ttl;
+ int i;
+ char namestr[DNS_NAME_FORMATSIZE];
+ char typestr[TYPE_FORMATSIZE];
+ char sigstr[SIG_FORMATSIZE];
+
+ dns_name_format(name, namestr, sizeof(namestr));
+ type_format(set->type, typestr, sizeof(typestr));
+
+ ttl = ISC_MIN(set->ttl, endtime - starttime);
+
+ dns_rdataset_init(&sigset);
+ result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_rrsig,
+ set->type, 0, &sigset, NULL);
+ if (result == ISC_R_NOTFOUND) {
+ result = ISC_R_SUCCESS;
+ nosigs = ISC_TRUE;
+ }
+ if (result != ISC_R_SUCCESS)
+ fatal("failed while looking for '%s RRSIG %s': %s",
+ namestr, typestr, isc_result_totext(result));
+
+ vbprintf(1, "%s/%s:\n", namestr, typestr);
+
+ arraysize = keycount;
+ if (!nosigs)
+ arraysize += dns_rdataset_count(&sigset);
+ wassignedby = isc_mem_get(mctx, arraysize * sizeof(isc_boolean_t));
+ nowsignedby = isc_mem_get(mctx, arraysize * sizeof(isc_boolean_t));
+ if (wassignedby == NULL || nowsignedby == NULL)
+ fatal("out of memory");
+
+ for (i = 0; i < arraysize; i++)
+ wassignedby[i] = nowsignedby[i] = ISC_FALSE;
+
+ if (nosigs)
+ result = ISC_R_NOMORE;
+ else
+ result = dns_rdataset_first(&sigset);
+
+ while (result == ISC_R_SUCCESS) {
+ isc_boolean_t expired, future;
+ isc_boolean_t keep = ISC_FALSE, resign = ISC_FALSE;
+
+ dns_rdataset_current(&sigset, &sigrdata);
+
+ result = dns_rdata_tostruct(&sigrdata, &rrsig, NULL);
+ check_result(result, "dns_rdata_tostruct");
+
+ future = isc_serial_lt(now, rrsig.timesigned);
+
+ key = keythatsigned(&rrsig);
+ sig_format(&rrsig, sigstr, sizeof(sigstr));
+ if (key != NULL && issigningkey(key))
+ expired = isc_serial_gt(now + cycle, rrsig.timeexpire);
+ else
+ expired = isc_serial_gt(now, rrsig.timeexpire);
+
+ if (isc_serial_gt(rrsig.timesigned, rrsig.timeexpire)) {
+ /* rrsig is dropped and not replaced */
+ vbprintf(2, "\trrsig by %s dropped - "
+ "invalid validity period\n",
+ sigstr);
+ } else if (key == NULL && !future &&
+ expecttofindkey(&rrsig.signer))
+ {
+ /* rrsig is dropped and not replaced */
+ vbprintf(2, "\trrsig by %s dropped - "
+ "private dnskey not found\n",
+ sigstr);
+ } else if (key == NULL || future) {
+ vbprintf(2, "\trrsig by %s %s - dnskey not found\n",
+ expired ? "retained" : "dropped", sigstr);
+ if (!expired)
+ keep = ISC_TRUE;
+ } else if (issigningkey(key)) {
+ if (!expired && setverifies(name, set, key, &sigrdata))
+ {
+ vbprintf(2, "\trrsig by %s retained\n", sigstr);
+ keep = ISC_TRUE;
+ wassignedby[key->position] = ISC_TRUE;
+ nowsignedby[key->position] = ISC_TRUE;
+ } else {
+ vbprintf(2, "\trrsig by %s dropped - %s\n",
+ sigstr,
+ expired ? "expired" :
+ "failed to verify");
+ wassignedby[key->position] = ISC_TRUE;
+ resign = ISC_TRUE;
+ }
+ } else if (iszonekey(key)) {
+ if (!expired && setverifies(name, set, key, &sigrdata))
+ {
+ vbprintf(2, "\trrsig by %s retained\n", sigstr);
+ keep = ISC_TRUE;
+ wassignedby[key->position] = ISC_TRUE;
+ nowsignedby[key->position] = ISC_TRUE;
+ } else {
+ vbprintf(2, "\trrsig by %s dropped - %s\n",
+ sigstr,
+ expired ? "expired" :
+ "failed to verify");
+ wassignedby[key->position] = ISC_TRUE;
+ }
+ } else if (!expired) {
+ vbprintf(2, "\trrsig by %s retained\n", sigstr);
+ keep = ISC_TRUE;
+ } else {
+ vbprintf(2, "\trrsig by %s expired\n", sigstr);
+ }
+
+ if (keep) {
+ nowsignedby[key->position] = ISC_TRUE;
+ INCSTAT(nretained);
+ if (sigset.ttl != ttl) {
+ vbprintf(2, "\tfixing ttl %s\n", sigstr);
+ tuple = NULL;
+ result = dns_difftuple_create(mctx,
+ DNS_DIFFOP_DEL,
+ name, sigset.ttl,
+ &sigrdata,
+ &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(del, &tuple);
+ result = dns_difftuple_create(mctx,
+ DNS_DIFFOP_ADD,
+ name, ttl,
+ &sigrdata,
+ &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(add, &tuple);
+ }
+ } else {
+ tuple = NULL;
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_DEL,
+ name, sigset.ttl,
+ &sigrdata, &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(del, &tuple);
+ INCSTAT(ndropped);
+ }
+
+ if (resign) {
+ isc_buffer_t b;
+ dns_rdata_t trdata = DNS_RDATA_INIT;
+ unsigned char array[BUFSIZE];
+ char keystr[KEY_FORMATSIZE];
+
+ INSIST(!keep);
+
+ key_format(key->key, keystr, sizeof(keystr));
+ vbprintf(1, "\tresigning with dnskey %s\n", keystr);
+ isc_buffer_init(&b, array, sizeof(array));
+ signwithkey(name, set, &trdata, key->key, &b);
+ nowsignedby[key->position] = ISC_TRUE;
+ tuple = NULL;
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
+ name, ttl, &trdata,
+ &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(add, &tuple);
+ }
+
+ dns_rdata_reset(&sigrdata);
+ dns_rdata_freestruct(&rrsig);
+ result = dns_rdataset_next(&sigset);
+ }
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+
+ check_result(result, "dns_rdataset_first/next");
+ if (dns_rdataset_isassociated(&sigset))
+ dns_rdataset_disassociate(&sigset);
+
+ for (key = ISC_LIST_HEAD(keylist);
+ key != NULL;
+ key = ISC_LIST_NEXT(key, link))
+ {
+ isc_buffer_t b;
+ dns_rdata_t trdata;
+ unsigned char array[BUFSIZE];
+ char keystr[KEY_FORMATSIZE];
+
+ if (nowsignedby[key->position])
+ continue;
+
+ if (!key->issigningkey)
+ continue;
+ if (!(ignoreksk || key->isdsk ||
+ (key->isksk &&
+ set->type == dns_rdatatype_dnskey &&
+ dns_name_equal(name, gorigin))))
+ continue;
+
+ key_format(key->key, keystr, sizeof(keystr));
+ vbprintf(1, "\tsigning with dnskey %s\n", keystr);
+ dns_rdata_init(&trdata);
+ isc_buffer_init(&b, array, sizeof(array));
+ signwithkey(name, set, &trdata, key->key, &b);
+ tuple = NULL;
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
+ ttl, &trdata, &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(add, &tuple);
+ }
+
+ isc_mem_put(mctx, wassignedby, arraysize * sizeof(isc_boolean_t));
+ isc_mem_put(mctx, nowsignedby, arraysize * sizeof(isc_boolean_t));
+}
+
+struct hashlist {
+ unsigned char *hashbuf;
+ size_t entries;
+ size_t size;
+ size_t length;
+};
+
+static void
+hashlist_init(hashlist_t *l, unsigned int nodes, unsigned int length) {
+
+ l->entries = 0;
+ l->length = length + 1;
+
+ if (nodes != 0) {
+ l->size = nodes;
+ l->hashbuf = malloc(l->size * l->length);
+ if (l->hashbuf == NULL)
+ l->size = 0;
+ } else {
+ l->size = 0;
+ l->hashbuf = NULL;
+ }
+}
+
+static void
+hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len)
+{
+
+ REQUIRE(len <= l->length);
+
+ if (l->entries == l->size) {
+ l->size = l->size * 2 + 100;
+ l->hashbuf = realloc(l->hashbuf, l->size * l->length);
+ }
+ memset(l->hashbuf + l->entries * l->length, 0, l->length);
+ memcpy(l->hashbuf + l->entries * l->length, hash, len);
+ l->entries++;
+}
+
+static void
+hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
+ unsigned int hashalg, unsigned int iterations,
+ const unsigned char *salt, size_t salt_length,
+ isc_boolean_t speculative)
+{
+ char nametext[DNS_NAME_FORMATSIZE];
+ unsigned char hash[NSEC3_MAX_HASH_LENGTH + 1];
+ unsigned int len;
+ size_t i;
+
+ len = isc_iterated_hash(hash, hashalg, iterations, salt, salt_length,
+ name->ndata, name->length);
+ if (verbose) {
+ dns_name_format(name, nametext, sizeof nametext);
+ for (i = 0 ; i < len; i++)
+ fprintf(stderr, "%02x", hash[i]);
+ fprintf(stderr, " %s\n", nametext);
+ }
+ hash[len++] = speculative ? 1 : 0;
+ hashlist_add(l, hash, len);
+}
+
+static int
+hashlist_comp(const void *a, const void *b) {
+ return (memcmp(a, b, hash_length + 1));
+}
+
+static void
+hashlist_sort(hashlist_t *l) {
+ qsort(l->hashbuf, l->entries, l->length, hashlist_comp);
+}
+
+static isc_boolean_t
+hashlist_hasdup(hashlist_t *l) {
+ unsigned char *current;
+ unsigned char *next = l->hashbuf;
+ size_t entries = l->entries;
+
+ /*
+ * Skip initial speculative wild card hashs.
+ */
+ while (entries > 0U && next[l->length-1] != 0U) {
+ next += l->length;
+ entries--;
+ }
+
+ current = next;
+ while (entries-- > 1U) {
+ next += l->length;
+ if (next[l->length-1] != 0)
+ continue;
+ if (memcmp(current, next, l->length - 1) == 0)
+ return (ISC_TRUE);
+ current = next;
+ }
+ return (ISC_FALSE);
+}
+
+static const unsigned char *
+hashlist_findnext(const hashlist_t *l,
+ const unsigned char hash[NSEC3_MAX_HASH_LENGTH])
+{
+ unsigned int entries = l->entries;
+ const unsigned char *next = bsearch(hash, l->hashbuf, l->entries,
+ l->length, hashlist_comp);
+ INSIST(next != NULL);
+
+ do {
+ if (next < l->hashbuf + (l->entries - 1) * l->length)
+ next += l->length;
+ else
+ next = l->hashbuf;
+ if (next[l->length - 1] == 0)
+ break;
+ } while (entries-- > 1);
+ INSIST(entries != 0);
+ return (next);
+}
+
+static isc_boolean_t
+hashlist_exists(const hashlist_t *l,
+ const unsigned char hash[NSEC3_MAX_HASH_LENGTH])
+{
+ if (bsearch(hash, l->hashbuf, l->entries, l->length, hashlist_comp))
+ return (ISC_TRUE);
+ else
+ return (ISC_FALSE);
+}
+
+static void
+addnowildcardhash(hashlist_t *l, /*const*/ dns_name_t *name,
+ unsigned int hashalg, unsigned int iterations,
+ const unsigned char *salt, size_t salt_length)
+{
+ dns_fixedname_t fixed;
+ dns_name_t *wild;
+ dns_dbnode_t *node = NULL;
+ isc_result_t result;
+ char namestr[DNS_NAME_FORMATSIZE];
+
+ dns_fixedname_init(&fixed);
+ wild = dns_fixedname_name(&fixed);
+
+ result = dns_name_concatenate(dns_wildcardname, name, wild, NULL);
+ if (result == ISC_R_NOSPACE)
+ return;
+ check_result(result,"addnowildcardhash: dns_name_concatenate()");
+
+ result = dns_db_findnode(gdb, wild, ISC_FALSE, &node);
+ if (result == ISC_R_SUCCESS) {
+ dns_db_detachnode(gdb, &node);
+ return;
+ }
+
+ if (verbose) {
+ dns_name_format(wild, namestr, sizeof(namestr));
+ fprintf(stderr, "adding no-wildcardhash for %s\n", namestr);
+ }
+
+ hashlist_add_dns_name(l, wild, hashalg, iterations, salt, salt_length,
+ ISC_TRUE);
+}
+
+static void
+opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
+ dns_db_t **dbp)
+{
+ char filename[256];
+ isc_buffer_t b;
+ isc_result_t result;
+
+ isc_buffer_init(&b, filename, sizeof(filename));
+ if (directory != NULL) {
+ isc_buffer_putstr(&b, directory);
+ if (directory[strlen(directory) - 1] != '/')
+ isc_buffer_putstr(&b, "/");
+ }
+ isc_buffer_putstr(&b, prefix);
+ result = dns_name_tofilenametext(name, ISC_FALSE, &b);
+ check_result(result, "dns_name_tofilenametext()");
+ if (isc_buffer_availablelength(&b) == 0) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_name_format(name, namestr, sizeof(namestr));
+ fatal("name '%s' is too long", namestr);
+ }
+ isc_buffer_putuint8(&b, 0);
+
+ result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ rdclass, 0, NULL, dbp);
+ check_result(result, "dns_db_create()");
+
+ result = dns_db_load(*dbp, filename);
+ if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
+ dns_db_detach(dbp);
+}
+
+/*%
+ * Loads the key set for a child zone, if there is one, and builds DS records.
+ */
+static isc_result_t
+loadds(dns_name_t *name, isc_uint32_t ttl, dns_rdataset_t *dsset) {
+ dns_db_t *db = NULL;
+ dns_dbversion_t *ver = NULL;
+ dns_dbnode_t *node = NULL;
+ isc_result_t result;
+ dns_rdataset_t keyset;
+ dns_rdata_t key, ds;
+ unsigned char dsbuf[DNS_DS_BUFFERSIZE];
+ dns_diff_t diff;
+ dns_difftuple_t *tuple = NULL;
+
+ opendb("keyset-", name, gclass, &db);
+ if (db == NULL)
+ return (ISC_R_NOTFOUND);
+
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS) {
+ dns_db_detach(&db);
+ return (DNS_R_BADDB);
+ }
+ dns_rdataset_init(&keyset);
+ result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
+ &keyset, NULL);
+ if (result != ISC_R_SUCCESS) {
+ dns_db_detachnode(db, &node);
+ dns_db_detach(&db);
+ return (result);
+ }
+
+ vbprintf(2, "found DNSKEY records\n");
+
+ result = dns_db_newversion(db, &ver);
+ check_result(result, "dns_db_newversion");
+
+ dns_diff_init(mctx, &diff);
+
+ for (result = dns_rdataset_first(&keyset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&keyset))
+ {
+ dns_rdata_init(&key);
+ dns_rdata_init(&ds);
+ dns_rdataset_current(&keyset, &key);
+ result = dns_ds_buildrdata(name, &key, DNS_DSDIGEST_SHA1,
+ dsbuf, &ds);
+ check_result(result, "dns_ds_buildrdata");
+
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
+ ttl, &ds, &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(&diff, &tuple);
+
+ dns_rdata_reset(&ds);
+ result = dns_ds_buildrdata(name, &key, DNS_DSDIGEST_SHA256,
+ dsbuf, &ds);
+ check_result(result, "dns_ds_buildrdata");
+
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
+ ttl, &ds, &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(&diff, &tuple);
+ }
+ result = dns_diff_apply(&diff, db, ver);
+ check_result(result, "dns_diff_apply");
+ dns_diff_clear(&diff);
+
+ dns_db_closeversion(db, &ver, ISC_TRUE);
+
+ result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ds, 0, 0,
+ dsset, NULL);
+ check_result(result, "dns_db_findrdataset");
+
+ dns_rdataset_disassociate(&keyset);
+ dns_db_detachnode(db, &node);
+ dns_db_detach(&db);
+ return (result);
+}
+
+static isc_boolean_t
+delegation(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp) {
+ dns_rdataset_t nsset;
+ isc_result_t result;
+
+ if (dns_name_equal(name, gorigin))
+ return (ISC_FALSE);
+
+ dns_rdataset_init(&nsset);
+ result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_ns,
+ 0, 0, &nsset, NULL);
+ if (dns_rdataset_isassociated(&nsset)) {
+ if (ttlp != NULL)
+ *ttlp = nsset.ttl;
+ dns_rdataset_disassociate(&nsset);
+ }
+
+ return (ISC_TF(result == ISC_R_SUCCESS));
+}
+
+static isc_boolean_t
+secure(dns_name_t *name, dns_dbnode_t *node) {
+ dns_rdataset_t dsset;
+ isc_result_t result;
+
+ if (dns_name_equal(name, gorigin))
+ return (ISC_FALSE);
+
+ dns_rdataset_init(&dsset);
+ result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_ds,
+ 0, 0, &dsset, NULL);
+ if (dns_rdataset_isassociated(&dsset))
+ dns_rdataset_disassociate(&dsset);
+
+ return (ISC_TF(result == ISC_R_SUCCESS));
+}
+
+/*%
+ * Signs all records at a name.
+ */
+static void
+signname(dns_dbnode_t *node, dns_name_t *name) {
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+ dns_rdatasetiter_t *rdsiter;
+ isc_boolean_t isdelegation = ISC_FALSE;
+ dns_diff_t del, add;
+ char namestr[DNS_NAME_FORMATSIZE];
+
+ dns_rdataset_init(&rdataset);
+ dns_name_format(name, namestr, sizeof(namestr));
+
+ /*
+ * Determine if this is a delegation point.
+ */
+ if (delegation(name, node, NULL))
+ isdelegation = ISC_TRUE;
+
+ /*
+ * Now iterate through the rdatasets.
+ */
+ dns_diff_init(mctx, &del);
+ dns_diff_init(mctx, &add);
+ rdsiter = NULL;
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+
+ /* If this is a RRSIG set, skip it. */
+ if (rdataset.type == dns_rdatatype_rrsig)
+ goto skip;
+
+ /*
+ * If this name is a delegation point, skip all records
+ * except NSEC and DS sets. Otherwise check that there
+ * isn't a DS record.
+ */
+ if (isdelegation) {
+ if (rdataset.type != nsec_datatype &&
+ rdataset.type != dns_rdatatype_ds)
+ goto skip;
+ } else if (rdataset.type == dns_rdatatype_ds) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ fatal("'%s': found DS RRset without NS RRset\n",
+ namebuf);
+ }
+
+ signset(&del, &add, node, name, &rdataset);
+
+ skip:
+ dns_rdataset_disassociate(&rdataset);
+ result = dns_rdatasetiter_next(rdsiter);
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration for name '%s' failed: %s",
+ namestr, isc_result_totext(result));
+
+ dns_rdatasetiter_destroy(&rdsiter);
+
+ result = dns_diff_applysilently(&del, gdb, gversion);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to delete SIGs at node '%s': %s",
+ namestr, isc_result_totext(result));
+
+ result = dns_diff_applysilently(&add, gdb, gversion);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to add SIGs at node '%s': %s",
+ namestr, isc_result_totext(result));
+
+ dns_diff_clear(&del);
+ dns_diff_clear(&add);
+}
+
+static inline isc_boolean_t
+active_node(dns_dbnode_t *node) {
+ dns_rdatasetiter_t *rdsiter = NULL;
+ dns_rdatasetiter_t *rdsiter2 = NULL;
+ isc_boolean_t active = ISC_FALSE;
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+ dns_rdatatype_t type;
+ dns_rdatatype_t covers;
+ isc_boolean_t found;
+
+ dns_rdataset_init(&rdataset);
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ if (rdataset.type != dns_rdatatype_nsec &&
+ rdataset.type != dns_rdatatype_nsec3 &&
+ rdataset.type != dns_rdatatype_rrsig)
+ active = ISC_TRUE;
+ dns_rdataset_disassociate(&rdataset);
+ if (!active)
+ result = dns_rdatasetiter_next(rdsiter);
+ else
+ result = ISC_R_NOMORE;
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+
+ if (!active && nsec_datatype == dns_rdatatype_nsec) {
+ /*%
+ * The node is empty of everything but NSEC / RRSIG records.
+ */
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ rdataset.type,
+ rdataset.covers);
+ check_result(result, "dns_db_deleterdataset()");
+ dns_rdataset_disassociate(&rdataset);
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ } else {
+ /*
+ * Delete RRSIGs for types that no longer exist.
+ */
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2);
+ check_result(result, "dns_db_allrdatasets()");
+ for (result = dns_rdatasetiter_first(rdsiter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ dns_rdataset_disassociate(&rdataset);
+ if (type != dns_rdatatype_rrsig)
+ continue;
+ found = ISC_FALSE;
+ for (result = dns_rdatasetiter_first(rdsiter2);
+ !found && result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter2)) {
+ dns_rdatasetiter_current(rdsiter2, &rdataset);
+ if (rdataset.type == covers)
+ found = ISC_TRUE;
+ dns_rdataset_disassociate(&rdataset);
+ }
+ if (!found) {
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ result = dns_db_deleterdataset(gdb, node,
+ gversion, type,
+ covers);
+ check_result(result,
+ "dns_db_deleterdataset(rrsig)");
+ } else if (result != ISC_R_NOMORE &&
+ result != ISC_R_SUCCESS)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ dns_rdatasetiter_destroy(&rdsiter2);
+
+#if 0
+ /*
+ * Delete all NSEC records and RRSIG(NSEC) if we are in
+ * NSEC3 mode and vica versa.
+ */
+ for (result = dns_rdatasetiter_first(rdsiter2);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(rdsiter2)) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ type = rdataset.type;
+ covers = rdataset.covers;
+ if (type == dns_rdatatype_rrsig)
+ type = covers;
+ dns_rdataset_disassociate(&rdataset);
+ if (type == nsec_datatype ||
+ (type != dns_rdatatype_nsec &&
+ type != dns_rdatatype_nsec3))
+ continue;
+ if (covers != 0)
+ type = dns_rdatatype_rrsig;
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ type, covers);
+ check_result(result, "dns_db_deleterdataset()");
+ }
+#endif
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+
+ return (active);
+}
+
+/*%
+ * Extracts the TTL from the SOA.
+ */
+static dns_ttl_t
+soattl(void) {
+ dns_rdataset_t soaset;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_result_t result;
+ dns_ttl_t ttl;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_soa_t soa;
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ dns_rdataset_init(&soaset);
+ result = dns_db_find(gdb, gorigin, gversion, dns_rdatatype_soa,
+ 0, 0, NULL, name, &soaset, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find an SOA at the zone apex: %s",
+ isc_result_totext(result));
+
+ result = dns_rdataset_first(&soaset);
+ check_result(result, "dns_rdataset_first");
+ dns_rdataset_current(&soaset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &soa, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ ttl = soa.minimum;
+ dns_rdataset_disassociate(&soaset);
+ return (ttl);
+}
+
+/*%
+ * Increment (or set if nonzero) the SOA serial
+ */
+static isc_result_t
+setsoaserial(isc_uint32_t serial) {
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_uint32_t old_serial, new_serial;
+
+ result = dns_db_getoriginnode(gdb, &node);
+ if (result != ISC_R_SUCCESS)
+ return result;
+
+ dns_rdataset_init(&rdataset);
+
+ result = dns_db_findrdataset(gdb, node, gversion,
+ dns_rdatatype_soa, 0,
+ 0, &rdataset, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = dns_rdataset_first(&rdataset);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ dns_rdataset_current(&rdataset, &rdata);
+
+ old_serial = dns_soa_getserial(&rdata);
+
+ if (serial) {
+ /* Set SOA serial to the value provided. */
+ new_serial = serial;
+ } else {
+ /* Increment SOA serial using RFC 1982 arithmetics */
+ new_serial = (old_serial + 1) & 0xFFFFFFFF;
+ if (new_serial == 0)
+ new_serial = 1;
+ }
+
+ /* If the new serial is not likely to cause a zone transfer
+ * (a/ixfr) from servers having the old serial, warn the user.
+ *
+ * RFC1982 section 7 defines the maximum increment to be
+ * (2^(32-1))-1. Using u_int32_t arithmetic, we can do a single
+ * comparison. (5 - 6 == (2^32)-1, not negative-one)
+ */
+ if (new_serial == old_serial ||
+ (new_serial - old_serial) > 0x7fffffffU)
+ fprintf(stderr, "%s: warning: Serial number not advanced, "
+ "zone may not transfer\n", program);
+
+ dns_soa_setserial(new_serial, &rdata);
+
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ dns_rdatatype_soa, 0);
+ check_result(result, "dns_db_deleterdataset");
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = dns_db_addrdataset(gdb, node, gversion,
+ 0, &rdataset, 0, NULL);
+ check_result(result, "dns_db_addrdataset");
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+cleanup:
+ dns_rdataset_disassociate(&rdataset);
+ if (node != NULL)
+ dns_db_detachnode(gdb, &node);
+ dns_rdata_reset(&rdata);
+
+ return (result);
+}
+
+/*%
+ * Delete any RRSIG records at a node.
+ */
+static void
+cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
+ dns_rdatasetiter_t *rdsiter = NULL;
+ dns_rdataset_t set;
+ isc_result_t result, dresult;
+
+ if (outputformat != dns_masterformat_text)
+ return;
+
+ dns_rdataset_init(&set);
+ result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets");
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ isc_boolean_t destroy = ISC_FALSE;
+ dns_rdatatype_t covers = 0;
+ dns_rdatasetiter_current(rdsiter, &set);
+ if (set.type == dns_rdatatype_rrsig) {
+ covers = set.covers;
+ destroy = ISC_TRUE;
+ }
+ dns_rdataset_disassociate(&set);
+ result = dns_rdatasetiter_next(rdsiter);
+ if (destroy) {
+ dresult = dns_db_deleterdataset(db, node, version,
+ dns_rdatatype_rrsig,
+ covers);
+ check_result(dresult, "dns_db_deleterdataset");
+ }
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ dns_rdatasetiter_destroy(&rdsiter);
+}
+
+/*%
+ * Set up the iterator and global state before starting the tasks.
+ */
+static void
+presign(void) {
+ isc_result_t result;
+
+ gdbiter = NULL;
+ result = dns_db_createiterator(gdb, 0, &gdbiter);
+ check_result(result, "dns_db_createiterator()");
+}
+
+/*%
+ * Clean up the iterator and global state after the tasks complete.
+ */
+static void
+postsign(void) {
+ dns_dbiterator_destroy(&gdbiter);
+}
+
+/*%
+ * Sign the apex of the zone.
+ * Note the origin may not be the first node if there are out of zone
+ * records.
+ */
+static void
+signapex(void) {
+ dns_dbnode_t *node = NULL;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_result_t result;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ result = dns_dbiterator_seek(gdbiter, gorigin);
+ check_result(result, "dns_dbiterator_seek()");
+ result = dns_dbiterator_current(gdbiter, &node, name);
+ check_result(result, "dns_dbiterator_current()");
+ signname(node, name);
+ dumpnode(name, node);
+ cleannode(gdb, gversion, node);
+ dns_db_detachnode(gdb, &node);
+ result = dns_dbiterator_first(gdbiter);
+ if (result == ISC_R_NOMORE)
+ finished = ISC_TRUE;
+ else if (result != ISC_R_SUCCESS)
+ fatal("failure iterating database: %s",
+ isc_result_totext(result));
+}
+
+/*%
+ * Assigns a node to a worker thread. This is protected by the master task's
+ * lock.
+ */
+static void
+assignwork(isc_task_t *task, isc_task_t *worker) {
+ dns_fixedname_t *fname;
+ dns_name_t *name;
+ dns_dbnode_t *node;
+ sevent_t *sevent;
+ dns_rdataset_t nsec;
+ isc_boolean_t found;
+ isc_result_t result;
+ static dns_name_t *zonecut = NULL; /* Protected by namelock. */
+ static dns_fixedname_t fzonecut; /* Protected by namelock. */
+ static unsigned int ended = 0; /* Protected by namelock. */
+
+ if (shuttingdown)
+ return;
+
+ LOCK(&namelock);
+ if (finished) {
+ ended++;
+ if (ended == ntasks) {
+ isc_task_detach(&task);
+ isc_app_shutdown();
+ }
+ goto unlock;
+ }
+
+ fname = isc_mem_get(mctx, sizeof(dns_fixedname_t));
+ if (fname == NULL)
+ fatal("out of memory");
+ dns_fixedname_init(fname);
+ name = dns_fixedname_name(fname);
+ node = NULL;
+ found = ISC_FALSE;
+ while (!found) {
+ result = dns_dbiterator_current(gdbiter, &node, name);
+ if (result != ISC_R_SUCCESS)
+ fatal("failure iterating database: %s",
+ isc_result_totext(result));
+ /*
+ * The origin was handled by signapex().
+ */
+ if (dns_name_equal(name, gorigin)) {
+ dns_db_detachnode(gdb, &node);
+ goto next;
+ }
+ /*
+ * Sort the zone data from the glue and out-of-zone data.
+ * For NSEC zones nodes with zone data have NSEC records.
+ * For NSEC3 zones the NSEC3 nodes are zone data but
+ * outside of the zone name space. For the rest we need
+ * to track the bottom of zone cuts.
+ * Nodes which don't need to be signed are dumped here.
+ */
+ dns_rdataset_init(&nsec);
+ result = dns_db_findrdataset(gdb, node, gversion,
+ nsec_datatype, 0, 0,
+ &nsec, NULL);
+ if (dns_rdataset_isassociated(&nsec))
+ dns_rdataset_disassociate(&nsec);
+ if (result == ISC_R_SUCCESS) {
+ found = ISC_TRUE;
+ } else if (nsec_datatype == dns_rdatatype_nsec3) {
+ if (dns_name_issubdomain(name, gorigin) &&
+ (zonecut == NULL ||
+ !dns_name_issubdomain(name, zonecut))) {
+ if (delegation(name, node, NULL)) {
+ dns_fixedname_init(&fzonecut);
+ zonecut = dns_fixedname_name(&fzonecut);
+ dns_name_copy(name, zonecut, NULL);
+ if (!OPTOUT(nsec3flags) ||
+ secure(name, node))
+ found = ISC_TRUE;
+ } else
+ found = ISC_TRUE;
+ }
+ }
+
+ if (!found) {
+ dumpnode(name, node);
+ dns_db_detachnode(gdb, &node);
+ }
+
+ next:
+ result = dns_dbiterator_next(gdbiter);
+ if (result == ISC_R_NOMORE) {
+ finished = ISC_TRUE;
+ break;
+ } else if (result != ISC_R_SUCCESS)
+ fatal("failure iterating database: %s",
+ isc_result_totext(result));
+ }
+ if (!found) {
+ ended++;
+ if (ended == ntasks) {
+ isc_task_detach(&task);
+ isc_app_shutdown();
+ }
+ isc_mem_put(mctx, fname, sizeof(dns_fixedname_t));
+ goto unlock;
+ }
+ sevent = (sevent_t *)
+ isc_event_allocate(mctx, task, SIGNER_EVENT_WORK,
+ sign, NULL, sizeof(sevent_t));
+ if (sevent == NULL)
+ fatal("failed to allocate event\n");
+
+ sevent->node = node;
+ sevent->fname = fname;
+ isc_task_send(worker, ISC_EVENT_PTR(&sevent));
+ unlock:
+ UNLOCK(&namelock);
+}
+
+/*%
+ * Start a worker task
+ */
+static void
+startworker(isc_task_t *task, isc_event_t *event) {
+ isc_task_t *worker;
+
+ worker = (isc_task_t *)event->ev_arg;
+ assignwork(task, worker);
+ isc_event_free(&event);
+}
+
+/*%
+ * Write a node to the output file, and restart the worker task.
+ */
+static void
+writenode(isc_task_t *task, isc_event_t *event) {
+ isc_task_t *worker;
+ sevent_t *sevent = (sevent_t *)event;
+
+ worker = (isc_task_t *)event->ev_sender;
+ dumpnode(dns_fixedname_name(sevent->fname), sevent->node);
+ cleannode(gdb, gversion, sevent->node);
+ dns_db_detachnode(gdb, &sevent->node);
+ isc_mem_put(mctx, sevent->fname, sizeof(dns_fixedname_t));
+ assignwork(task, worker);
+ isc_event_free(&event);
+}
+
+/*%
+ * Sign a database node.
+ */
+static void
+sign(isc_task_t *task, isc_event_t *event) {
+ dns_fixedname_t *fname;
+ dns_dbnode_t *node;
+ sevent_t *sevent, *wevent;
+
+ sevent = (sevent_t *)event;
+ node = sevent->node;
+ fname = sevent->fname;
+ isc_event_free(&event);
+
+ signname(node, dns_fixedname_name(fname));
+ wevent = (sevent_t *)
+ isc_event_allocate(mctx, task, SIGNER_EVENT_WRITE,
+ writenode, NULL, sizeof(sevent_t));
+ if (wevent == NULL)
+ fatal("failed to allocate event\n");
+ wevent->node = node;
+ wevent->fname = fname;
+ isc_task_send(master, ISC_EVENT_PTR(&wevent));
+}
+
+/*%
+ * Update / remove the DS RRset. Preserve RRSIG(DS) if possible.
+ */
+static void
+add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) {
+ dns_rdataset_t dsset;
+ dns_rdataset_t sigdsset;
+ isc_result_t result;
+
+ dns_rdataset_init(&dsset);
+ dns_rdataset_init(&sigdsset);
+ result = dns_db_findrdataset(gdb, node, gversion,
+ dns_rdatatype_ds,
+ 0, 0, &dsset, &sigdsset);
+ if (result == ISC_R_SUCCESS) {
+ dns_rdataset_disassociate(&dsset);
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ dns_rdatatype_ds, 0);
+ check_result(result, "dns_db_deleterdataset");
+ }
+ result = loadds(name, nsttl, &dsset);
+ if (result == ISC_R_SUCCESS) {
+ result = dns_db_addrdataset(gdb, node, gversion, 0,
+ &dsset, 0, NULL);
+ check_result(result, "dns_db_addrdataset");
+ dns_rdataset_disassociate(&dsset);
+ if (dns_rdataset_isassociated(&sigdsset))
+ dns_rdataset_disassociate(&sigdsset);
+ } else if (dns_rdataset_isassociated(&sigdsset)) {
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_ds);
+ check_result(result, "dns_db_deleterdataset");
+ dns_rdataset_disassociate(&sigdsset);
+ }
+}
+
+/*%
+ * Generate NSEC records for the zone.
+ */
+static void
+nsecify(void) {
+ dns_dbiterator_t *dbiter = NULL;
+ dns_dbnode_t *node = NULL, *nextnode = NULL;
+ dns_fixedname_t fname, fnextname, fzonecut;
+ dns_name_t *name, *nextname, *zonecut;
+ isc_boolean_t done = ISC_FALSE;
+ isc_result_t result;
+ isc_uint32_t nsttl = 0;
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ dns_fixedname_init(&fnextname);
+ nextname = dns_fixedname_name(&fnextname);
+ dns_fixedname_init(&fzonecut);
+ zonecut = NULL;
+
+ result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ result = dns_dbiterator_first(dbiter);
+ check_result(result, "dns_dbiterator_first()");
+
+ while (!done) {
+ dns_dbiterator_current(dbiter, &node, name);
+ if (delegation(name, node, &nsttl)) {
+ zonecut = dns_fixedname_name(&fzonecut);
+ dns_name_copy(name, zonecut, NULL);
+ if (generateds)
+ add_ds(name, node, nsttl);
+ }
+ result = dns_dbiterator_next(dbiter);
+ nextnode = NULL;
+ while (result == ISC_R_SUCCESS) {
+ isc_boolean_t active = ISC_FALSE;
+ result = dns_dbiterator_current(dbiter, &nextnode,
+ nextname);
+ if (result != ISC_R_SUCCESS)
+ break;
+ active = active_node(nextnode);
+ if (!active) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ if (!dns_name_issubdomain(nextname, gorigin) ||
+ (zonecut != NULL &&
+ dns_name_issubdomain(nextname, zonecut)))
+ {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ dns_db_detachnode(gdb, &nextnode);
+ break;
+ }
+ if (result == ISC_R_NOMORE) {
+ dns_name_clone(gorigin, nextname);
+ done = ISC_TRUE;
+ } else if (result != ISC_R_SUCCESS)
+ fatal("iterating through the database failed: %s",
+ isc_result_totext(result));
+ result = dns_nsec_build(gdb, gversion, node, nextname,
+ zonettl);
+ check_result(result, "dns_nsec_build()");
+ dns_db_detachnode(gdb, &node);
+ }
+
+ dns_dbiterator_destroy(&dbiter);
+}
+
+/*%
+ * Does this node only contain NSEC3 records or RRSIG records or is empty.
+ */
+static isc_boolean_t
+nsec3only(dns_dbnode_t *node) {
+ dns_rdatasetiter_t *rdsiter = NULL;
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+ isc_boolean_t answer = ISC_TRUE;
+
+ dns_rdataset_init(&rdataset);
+ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ if (rdataset.type != dns_rdatatype_nsec3 &&
+ rdataset.type != dns_rdatatype_rrsig) {
+ answer = ISC_FALSE;
+ result = ISC_R_NOMORE;
+ } else
+ result = dns_rdatasetiter_next(rdsiter);
+ dns_rdataset_disassociate(&rdataset);
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed: %s",
+ isc_result_totext(result));
+ dns_rdatasetiter_destroy(&rdsiter);
+ return (answer);
+}
+
+static void
+addnsec3param(const unsigned char *salt, size_t salt_length,
+ unsigned int iterations)
+{
+ dns_dbnode_t *node = NULL;
+ dns_rdata_nsec3param_t nsec3param;
+ unsigned char nsec3parambuf[5 + 255];
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_buffer_t b;
+ isc_result_t result;
+
+ dns_rdataset_init(&rdataset);
+
+ nsec3param.common.rdclass = gclass;
+ nsec3param.common.rdtype = dns_rdatatype_nsec3param;
+ ISC_LINK_INIT(&nsec3param.common, link);
+ nsec3param.mctx = NULL;
+ nsec3param.flags = 0;
+ nsec3param.hash = unknownalg ? DNS_NSEC3_UNKNOWNALG : dns_hash_sha1;
+ nsec3param.iterations = iterations;
+ nsec3param.salt_length = salt_length;
+ DE_CONST(salt, nsec3param.salt);
+
+ isc_buffer_init(&b, nsec3parambuf, sizeof(nsec3parambuf));
+ result = dns_rdata_fromstruct(&rdata, gclass,
+ dns_rdatatype_nsec3param,
+ &nsec3param, &b);
+ rdatalist.rdclass = rdata.rdclass;
+ rdatalist.type = rdata.type;
+ rdatalist.covers = 0;
+ rdatalist.ttl = 0;
+ ISC_LIST_INIT(rdatalist.rdata);
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+ result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ check_result(result, "dns_rdatalist_tordataset()");
+
+ result = dns_db_findnode(gdb, gorigin, ISC_TRUE, &node);
+ check_result(result, "dns_db_find(gorigin)");
+ result = dns_db_addrdataset(gdb, node, gversion, 0, &rdataset,
+ DNS_DBADD_MERGE, NULL);
+ if (result == DNS_R_UNCHANGED)
+ result = ISC_R_SUCCESS;
+ check_result(result, "addnsec3param: dns_db_addrdataset()");
+ dns_db_detachnode(gdb, &node);
+}
+
+static void
+addnsec3(dns_name_t *name, dns_dbnode_t *node,
+ const unsigned char *salt, size_t salt_length,
+ unsigned int iterations, hashlist_t *hashlist,
+ dns_ttl_t ttl)
+{
+ unsigned char hash[NSEC3_MAX_HASH_LENGTH];
+ const unsigned char *nexthash;
+ unsigned char nsec3buffer[DNS_NSEC3_BUFFERSIZE];
+ dns_fixedname_t hashname;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_result_t result;
+ dns_dbnode_t *nsec3node = NULL;
+ char namebuf[DNS_NAME_FORMATSIZE];
+ size_t hash_length;
+
+ dns_name_format(name, namebuf, sizeof(namebuf));
+
+ dns_fixedname_init(&hashname);
+ dns_rdataset_init(&rdataset);
+
+ dns_name_downcase(name, name, NULL);
+ result = dns_nsec3_hashname(&hashname, hash, &hash_length,
+ name, gorigin, dns_hash_sha1, iterations,
+ salt, salt_length);
+ check_result(result, "addnsec3: dns_nsec3_hashname()");
+ nexthash = hashlist_findnext(hashlist, hash);
+ result = dns_nsec3_buildrdata(gdb, gversion, node,
+ unknownalg ?
+ DNS_NSEC3_UNKNOWNALG : dns_hash_sha1,
+ nsec3flags, iterations,
+ salt, salt_length,
+ nexthash, ISC_SHA1_DIGESTLENGTH,
+ nsec3buffer, &rdata);
+ check_result(result, "addnsec3: dns_nsec3_buildrdata()");
+ rdatalist.rdclass = rdata.rdclass;
+ rdatalist.type = rdata.type;
+ rdatalist.covers = 0;
+ rdatalist.ttl = ttl;
+ ISC_LIST_INIT(rdatalist.rdata);
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+ result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ check_result(result, "dns_rdatalist_tordataset()");
+ result = dns_db_findnsec3node(gdb, dns_fixedname_name(&hashname),
+ ISC_TRUE, &nsec3node);
+ check_result(result, "addnsec3: dns_db_findnode()");
+ result = dns_db_addrdataset(gdb, nsec3node, gversion, 0, &rdataset,
+ 0, NULL);
+ if (result == DNS_R_UNCHANGED)
+ result = ISC_R_SUCCESS;
+ check_result(result, "addnsec3: dns_db_addrdataset()");
+ dns_db_detachnode(gdb, &nsec3node);
+}
+
+/*%
+ * Clean out NSEC3 record and RRSIG(NSEC3) that are not in the hash list.
+ *
+ * Extract the hash from the first label of 'name' then see if it
+ * is in hashlist. If 'name' is not in the hashlist then delete the
+ * any NSEC3 records which have the same parameters as the chain we
+ * are building.
+ *
+ * XXXMPA Should we also check that it of the form <hash>.<origin>?
+ */
+static void
+nsec3clean(dns_name_t *name, dns_dbnode_t *node,
+ unsigned int hashalg, unsigned int iterations,
+ const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
+{
+ dns_label_t label;
+ dns_rdata_nsec3_t nsec3;
+ dns_rdata_t rdata, delrdata;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset, delrdataset;
+ isc_boolean_t delete_rrsigs = ISC_FALSE;
+ isc_buffer_t target;
+ isc_result_t result;
+ unsigned char hash[NSEC3_MAX_HASH_LENGTH + 1];
+
+ /*
+ * Get the first label.
+ */
+ dns_name_getlabel(name, 0, &label);
+
+ /*
+ * We want just the label contents.
+ */
+ isc_region_consume(&label, 1);
+
+ /*
+ * Decode base32hex string.
+ */
+ isc_buffer_init(&target, hash, sizeof(hash) - 1);
+ result = isc_base32hex_decoderegion(&label, &target);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ hash[isc_buffer_usedlength(&target)] = 0;
+
+ if (hashlist_exists(hashlist, hash))
+ return;
+
+ /*
+ * Verify that the NSEC3 parameters match the current ones
+ * otherwise we are dealing with a different NSEC3 chain.
+ */
+ dns_rdataset_init(&rdataset);
+ dns_rdataset_init(&delrdataset);
+
+ result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_nsec3,
+ 0, 0, &rdataset, NULL);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ /*
+ * Delete any matching NSEC3 records which have parameters that
+ * match the NSEC3 chain we are building.
+ */
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset)) {
+ dns_rdata_init(&rdata);
+ dns_rdataset_current(&rdataset, &rdata);
+ dns_rdata_tostruct(&rdata, &nsec3, NULL);
+ if (nsec3.hash == hashalg &&
+ nsec3.iterations == iterations &&
+ nsec3.salt_length == salt_length &&
+ !memcmp(nsec3.salt, salt, salt_length))
+ break;
+ rdatalist.rdclass = rdata.rdclass;
+ rdatalist.type = rdata.type;
+ rdatalist.covers = 0;
+ rdatalist.ttl = rdataset.ttl;
+ ISC_LIST_INIT(rdatalist.rdata);
+ dns_rdata_init(&delrdata);
+ dns_rdata_clone(&rdata, &delrdata);
+ ISC_LIST_APPEND(rdatalist.rdata, &delrdata, link);
+ result = dns_rdatalist_tordataset(&rdatalist, &delrdataset);
+ check_result(result, "dns_rdatalist_tordataset()");
+ result = dns_db_subtractrdataset(gdb, node, gversion,
+ &delrdataset, 0, NULL);
+ dns_rdataset_disassociate(&delrdataset);
+ if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED)
+ check_result(result, "dns_db_subtractrdataset(NSEC3)");
+ delete_rrsigs = ISC_TRUE;
+ }
+ dns_rdataset_disassociate(&rdataset);
+ if (result != ISC_R_NOMORE)
+ check_result(result, "dns_rdataset_first/next");
+
+ if (!delete_rrsigs)
+ return;
+ /*
+ * Delete the NSEC3 RRSIGs
+ */
+ result = dns_db_deleterdataset(gdb, node, gversion,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_nsec3);
+ if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED)
+ check_result(result, "dns_db_deleterdataset(RRSIG(NSEC3))");
+}
+
+/*
+ * Generate NSEC3 records for the zone.
+ */
+static void
+nsec3ify(unsigned int hashalg, unsigned int iterations,
+ const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
+{
+ dns_dbiterator_t *dbiter = NULL;
+ dns_dbnode_t *node = NULL, *nextnode = NULL;
+ dns_fixedname_t fname, fnextname, fzonecut;
+ dns_name_t *name, *nextname, *zonecut;
+ isc_boolean_t done = ISC_FALSE;
+ isc_result_t result;
+ isc_boolean_t active;
+ isc_uint32_t nsttl = 0;
+ unsigned int count, nlabels;
+ int order;
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ dns_fixedname_init(&fnextname);
+ nextname = dns_fixedname_name(&fnextname);
+ dns_fixedname_init(&fzonecut);
+ zonecut = NULL;
+
+ /*
+ * Walk the zone generating the hash names.
+ */
+ result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ result = dns_dbiterator_first(dbiter);
+ check_result(result, "dns_dbiterator_first()");
+
+ while (!done) {
+ dns_dbiterator_current(dbiter, &node, name);
+ result = dns_dbiterator_next(dbiter);
+ nextnode = NULL;
+ while (result == ISC_R_SUCCESS) {
+ result = dns_dbiterator_current(dbiter, &nextnode,
+ nextname);
+ if (result != ISC_R_SUCCESS)
+ break;
+ active = active_node(nextnode);
+ if (!active) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ if (!dns_name_issubdomain(nextname, gorigin) ||
+ (zonecut != NULL &&
+ dns_name_issubdomain(nextname, zonecut))) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ if (delegation(nextname, nextnode, &nsttl)) {
+ zonecut = dns_fixedname_name(&fzonecut);
+ dns_name_copy(nextname, zonecut, NULL);
+ if (generateds)
+ add_ds(nextname, nextnode, nsttl);
+ if (OPTOUT(nsec3flags) &&
+ !secure(nextname, nextnode)) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ }
+ dns_db_detachnode(gdb, &nextnode);
+ break;
+ }
+ if (result == ISC_R_NOMORE) {
+ dns_name_copy(gorigin, nextname, NULL);
+ done = ISC_TRUE;
+ } else if (result != ISC_R_SUCCESS)
+ fatal("iterating through the database failed: %s",
+ isc_result_totext(result));
+ dns_name_downcase(name, name, NULL);
+ hashlist_add_dns_name(hashlist, name, hashalg, iterations,
+ salt, salt_length, ISC_FALSE);
+ dns_db_detachnode(gdb, &node);
+ /*
+ * Add hashs for empty nodes. Use closest encloser logic.
+ * The closest encloser either has data or is a empty
+ * node for another <name,nextname> span so we don't add
+ * it here. Empty labels on nextname are within the span.
+ */
+ dns_name_downcase(nextname, nextname, NULL);
+ dns_name_fullcompare(name, nextname, &order, &nlabels);
+ addnowildcardhash(hashlist, name, hashalg, iterations,
+ salt, salt_length);
+ count = dns_name_countlabels(nextname);
+ while (count > nlabels + 1) {
+ count--;
+ dns_name_split(nextname, count, NULL, nextname);
+ hashlist_add_dns_name(hashlist, nextname, hashalg,
+ iterations, salt, salt_length,
+ ISC_FALSE);
+ addnowildcardhash(hashlist, nextname, hashalg,
+ iterations, salt, salt_length);
+ }
+ }
+ dns_dbiterator_destroy(&dbiter);
+
+ /*
+ * We have all the hashes now so we can sort them.
+ */
+ hashlist_sort(hashlist);
+
+ /*
+ * Check for duplicate hashes. If found the salt needs to
+ * be changed.
+ */
+ if (hashlist_hasdup(hashlist))
+ fatal("Duplicate hash detected. Pick a different salt.");
+
+ /*
+ * Generate the nsec3 records.
+ */
+ zonecut = NULL;
+ done = ISC_FALSE;
+
+ addnsec3param(salt, salt_length, iterations);
+
+ result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ result = dns_dbiterator_first(dbiter);
+ check_result(result, "dns_dbiterator_first()");
+
+ while (!done) {
+ dns_dbiterator_current(dbiter, &node, name);
+ result = dns_dbiterator_next(dbiter);
+ nextnode = NULL;
+ while (result == ISC_R_SUCCESS) {
+ result = dns_dbiterator_current(dbiter, &nextnode,
+ nextname);
+ if (result != ISC_R_SUCCESS)
+ break;
+ /*
+ * Cleanout NSEC3 RRsets which don't exist in the
+ * hash table.
+ */
+ nsec3clean(nextname, nextnode, hashalg, iterations,
+ salt, salt_length, hashlist);
+ /*
+ * Skip NSEC3 only nodes when looking for the next
+ * node in the zone. Also skips now empty nodes.
+ */
+ if (nsec3only(nextnode)) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ if (!dns_name_issubdomain(nextname, gorigin) ||
+ (zonecut != NULL &&
+ dns_name_issubdomain(nextname, zonecut))) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ if (delegation(nextname, nextnode, NULL)) {
+ zonecut = dns_fixedname_name(&fzonecut);
+ dns_name_copy(nextname, zonecut, NULL);
+ if (OPTOUT(nsec3flags) &&
+ !secure(nextname, nextnode)) {
+ dns_db_detachnode(gdb, &nextnode);
+ result = dns_dbiterator_next(dbiter);
+ continue;
+ }
+ }
+ dns_db_detachnode(gdb, &nextnode);
+ break;
+ }
+ if (result == ISC_R_NOMORE) {
+ dns_name_copy(gorigin, nextname, NULL);
+ done = ISC_TRUE;
+ } else if (result != ISC_R_SUCCESS)
+ fatal("iterating through the database failed: %s",
+ isc_result_totext(result));
+ /*
+ * We need to pause here to release the lock on the database.
+ */
+ dns_dbiterator_pause(dbiter);
+ addnsec3(name, node, salt, salt_length, iterations,
+ hashlist, zonettl);
+ dns_db_detachnode(gdb, &node);
+ /*
+ * Add NSEC3's for empty nodes. Use closest encloser logic.
+ */
+ dns_name_fullcompare(name, nextname, &order, &nlabels);
+ count = dns_name_countlabels(nextname);
+ while (count > nlabels + 1) {
+ count--;
+ dns_name_split(nextname, count, NULL, nextname);
+ addnsec3(nextname, NULL, salt, salt_length,
+ iterations, hashlist, zonettl);
+ }
+ }
+ dns_dbiterator_destroy(&dbiter);
+}
+
+/*%
+ * Load the zone file from disk
+ */
+static void
+loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
+ isc_buffer_t b;
+ int len;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_result_t result;
+
+ len = strlen(origin);
+ isc_buffer_init(&b, origin, len);
+ isc_buffer_add(&b, len);
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed converting name '%s' to dns format: %s",
+ origin, isc_result_totext(result));
+
+ result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+ rdclass, 0, NULL, db);
+ check_result(result, "dns_db_create()");
+
+ result = dns_db_load2(*db, file, inputformat);
+ if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
+ fatal("failed loading zone from '%s': %s",
+ file, isc_result_totext(result));
+}
+
+/*%
+ * Finds all public zone keys in the zone, and attempts to load the
+ * private keys from disk.
+ */
+static void
+loadzonekeys(dns_db_t *db) {
+ dns_dbnode_t *node;
+ dns_dbversion_t *currentversion;
+ isc_result_t result;
+ dst_key_t *keys[20];
+ unsigned int nkeys, i;
+
+ currentversion = NULL;
+ dns_db_currentversion(db, &currentversion);
+
+ node = NULL;
+ result = dns_db_findnode(db, gorigin, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find the zone's origin: %s",
+ isc_result_totext(result));
+
+ result = dns_dnssec_findzonekeys(db, currentversion, node, gorigin,
+ mctx, 20, keys, &nkeys);
+ if (result == ISC_R_NOTFOUND)
+ result = ISC_R_SUCCESS;
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find the zone keys: %s",
+ isc_result_totext(result));
+
+ for (i = 0; i < nkeys; i++) {
+ signer_key_t *key;
+
+ key = newkeystruct(keys[i], dst_key_isprivate(keys[i]));
+ ISC_LIST_APPEND(keylist, key, link);
+ }
+ dns_db_detachnode(db, &node);
+ dns_db_closeversion(db, &currentversion, ISC_FALSE);
+}
+
+/*%
+ * Finds all public zone keys in the zone.
+ */
+static void
+loadzonepubkeys(dns_db_t *db) {
+ dns_dbversion_t *currentversion = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dst_key_t *pubkey;
+ signer_key_t *key;
+ isc_result_t result;
+
+ dns_db_currentversion(db, &currentversion);
+
+ result = dns_db_findnode(db, gorigin, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find the zone's origin: %s",
+ isc_result_totext(result));
+
+ dns_rdataset_init(&rdataset);
+ result = dns_db_findrdataset(db, node, currentversion,
+ dns_rdatatype_dnskey, 0, 0, &rdataset, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find keys at the zone apex: %s",
+ isc_result_totext(result));
+ result = dns_rdataset_first(&rdataset);
+ check_result(result, "dns_rdataset_first");
+ while (result == ISC_R_SUCCESS) {
+ pubkey = NULL;
+ dns_rdata_reset(&rdata);
+ dns_rdataset_current(&rdataset, &rdata);
+ result = dns_dnssec_keyfromrdata(gorigin, &rdata, mctx,
+ &pubkey);
+ if (result != ISC_R_SUCCESS)
+ goto next;
+ if (!dst_key_iszonekey(pubkey)) {
+ dst_key_free(&pubkey);
+ goto next;
+ }
+
+ key = newkeystruct(pubkey, ISC_FALSE);
+ ISC_LIST_APPEND(keylist, key, link);
+ next:
+ result = dns_rdataset_next(&rdataset);
+ }
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+ dns_db_closeversion(db, &currentversion, ISC_FALSE);
+}
+
+static void
+warnifallksk(dns_db_t *db) {
+ dns_dbversion_t *currentversion = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_result_t result;
+ dns_rdata_key_t key;
+ isc_boolean_t have_non_ksk = ISC_FALSE;
+
+ dns_db_currentversion(db, &currentversion);
+
+ result = dns_db_findnode(db, gorigin, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find the zone's origin: %s",
+ isc_result_totext(result));
+
+ dns_rdataset_init(&rdataset);
+ result = dns_db_findrdataset(db, node, currentversion,
+ dns_rdatatype_dnskey, 0, 0, &rdataset, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to find keys at the zone apex: %s",
+ isc_result_totext(result));
+ result = dns_rdataset_first(&rdataset);
+ check_result(result, "dns_rdataset_first");
+ while (result == ISC_R_SUCCESS) {
+ dns_rdata_reset(&rdata);
+ dns_rdataset_current(&rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &key, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ if ((key.flags & DNS_KEYFLAG_KSK) == 0) {
+ have_non_ksk = ISC_TRUE;
+ result = ISC_R_NOMORE;
+ } else
+ result = dns_rdataset_next(&rdataset);
+ }
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+ dns_db_closeversion(db, &currentversion, ISC_FALSE);
+ if (!have_non_ksk && !ignoreksk)
+ fprintf(stderr, "%s: warning: No non-KSK dnskey found. "
+ "Supply non-KSK dnskey or use '-z'.\n",
+ program);
+}
+
+static void
+writeset(const char *prefix, dns_rdatatype_t type) {
+ char *filename;
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_db_t *db = NULL;
+ dns_dbversion_t *version = NULL;
+ dns_diff_t diff;
+ dns_difftuple_t *tuple = NULL;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ dns_rdata_t rdata, ds;
+ isc_boolean_t have_ksk = ISC_FALSE;
+ isc_boolean_t have_non_ksk = ISC_FALSE;
+ isc_buffer_t b;
+ isc_buffer_t namebuf;
+ isc_region_t r;
+ isc_result_t result;
+ signer_key_t *key;
+ unsigned char dsbuf[DNS_DS_BUFFERSIZE];
+ unsigned char keybuf[DST_KEY_MAXSIZE];
+ unsigned int filenamelen;
+ const dns_master_style_t *style =
+ (type == dns_rdatatype_dnskey) ? masterstyle : dsstyle;
+
+ isc_buffer_init(&namebuf, namestr, sizeof(namestr));
+ result = dns_name_tofilenametext(gorigin, ISC_FALSE, &namebuf);
+ check_result(result, "dns_name_tofilenametext");
+ isc_buffer_putuint8(&namebuf, 0);
+ filenamelen = strlen(prefix) + strlen(namestr);
+ if (directory != NULL)
+ filenamelen += strlen(directory) + 1;
+ filename = isc_mem_get(mctx, filenamelen + 1);
+ if (filename == NULL)
+ fatal("out of memory");
+ if (directory != NULL)
+ sprintf(filename, "%s/", directory);
+ else
+ filename[0] = 0;
+ strcat(filename, prefix);
+ strcat(filename, namestr);
+
+ dns_diff_init(mctx, &diff);
+
+ for (key = ISC_LIST_HEAD(keylist);
+ key != NULL;
+ key = ISC_LIST_NEXT(key, link))
+ if (!key->isksk) {
+ have_non_ksk = ISC_TRUE;
+ break;
+ }
+
+ for (key = ISC_LIST_HEAD(keylist);
+ key != NULL;
+ key = ISC_LIST_NEXT(key, link))
+ if (key->isksk) {
+ have_ksk = ISC_TRUE;
+ break;
+ }
+
+ if (type == dns_rdatatype_dlv) {
+ dns_name_t tname;
+ unsigned int labels;
+
+ dns_name_init(&tname, NULL);
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ labels = dns_name_countlabels(gorigin);
+ dns_name_getlabelsequence(gorigin, 0, labels - 1, &tname);
+ result = dns_name_concatenate(&tname, dlv, name, NULL);
+ check_result(result, "dns_name_concatenate");
+ } else
+ name = gorigin;
+
+ for (key = ISC_LIST_HEAD(keylist);
+ key != NULL;
+ key = ISC_LIST_NEXT(key, link))
+ {
+ if (have_ksk && have_non_ksk && !key->isksk)
+ continue;
+ dns_rdata_init(&rdata);
+ dns_rdata_init(&ds);
+ isc_buffer_init(&b, keybuf, sizeof(keybuf));
+ result = dst_key_todns(key->key, &b);
+ check_result(result, "dst_key_todns");
+ isc_buffer_usedregion(&b, &r);
+ dns_rdata_fromregion(&rdata, gclass, dns_rdatatype_dnskey, &r);
+ if (type != dns_rdatatype_dnskey) {
+ result = dns_ds_buildrdata(gorigin, &rdata,
+ DNS_DSDIGEST_SHA1,
+ dsbuf, &ds);
+ check_result(result, "dns_ds_buildrdata");
+ if (type == dns_rdatatype_dlv)
+ ds.type = dns_rdatatype_dlv;
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
+ name, 0, &ds, &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(&diff, &tuple);
+
+ dns_rdata_reset(&ds);
+ result = dns_ds_buildrdata(gorigin, &rdata,
+ DNS_DSDIGEST_SHA256,
+ dsbuf, &ds);
+ check_result(result, "dns_ds_buildrdata");
+ if (type == dns_rdatatype_dlv)
+ ds.type = dns_rdatatype_dlv;
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
+ name, 0, &ds, &tuple);
+
+ } else
+ result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
+ gorigin, zonettl,
+ &rdata, &tuple);
+ check_result(result, "dns_difftuple_create");
+ dns_diff_append(&diff, &tuple);
+ }
+
+ result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ gclass, 0, NULL, &db);
+ check_result(result, "dns_db_create");
+
+ result = dns_db_newversion(db, &version);
+ check_result(result, "dns_db_newversion");
+
+ result = dns_diff_apply(&diff, db, version);
+ check_result(result, "dns_diff_apply");
+ dns_diff_clear(&diff);
+
+ result = dns_master_dump(mctx, db, version, style, filename);
+ check_result(result, "dns_master_dump");
+
+ isc_mem_put(mctx, filename, filenamelen + 1);
+
+ dns_db_closeversion(db, &version, ISC_FALSE);
+ dns_db_detach(&db);
+}
+
+static void
+print_time(FILE *fp) {
+ time_t currenttime;
+
+ if (outputformat != dns_masterformat_text)
+ return;
+
+ currenttime = time(NULL);
+ fprintf(fp, "; File written on %s", ctime(&currenttime));
+}
+
+static void
+print_version(FILE *fp) {
+ if (outputformat != dns_masterformat_text)
+ return;
+
+ fprintf(fp, "; dnssec_signzone version " VERSION "\n");
+}
+
+static void
+usage(void) {
+ fprintf(stderr, "Usage:\n");
+ fprintf(stderr, "\t%s [options] zonefile [keys]\n", program);
+
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Version: %s\n", VERSION);
+
+ fprintf(stderr, "Options: (default value in parenthesis) \n");
+ fprintf(stderr, "\t-c class (IN)\n");
+ fprintf(stderr, "\t-d directory\n");
+ fprintf(stderr, "\t\tdirectory to find keyset files (.)\n");
+ fprintf(stderr, "\t-g:\t");
+ fprintf(stderr, "generate DS records from keyset files\n");
+ fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n");
+ fprintf(stderr, "\t\tRRSIG start time - absolute|offset (now - 1 hour)\n");
+ fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+ fprintf(stderr, "\t\tRRSIG end time - absolute|from start|from now "
+ "(now + 30 days)\n");
+ fprintf(stderr, "\t-i interval:\n");
+ fprintf(stderr, "\t\tcycle interval - resign "
+ "if < interval from end ( (end-start)/4 )\n");
+ fprintf(stderr, "\t-j jitter:\n");
+ fprintf(stderr, "\t\trandomize signature end time up to jitter seconds\n");
+ fprintf(stderr, "\t-v debuglevel (0)\n");
+ fprintf(stderr, "\t-o origin:\n");
+ fprintf(stderr, "\t\tzone origin (name of zonefile)\n");
+ fprintf(stderr, "\t-f outfile:\n");
+ fprintf(stderr, "\t\tfile the signed zone is written in "
+ "(zonefile + .signed)\n");
+ fprintf(stderr, "\t-I format:\n");
+ fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
+ fprintf(stderr, "\t-O format:\n");
+ fprintf(stderr, "\t\tfile format of signed zone file (text)\n");
+ fprintf(stderr, "\t-N format:\n");
+ fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n");
+ fprintf(stderr, "\t-r randomdev:\n");
+ fprintf(stderr, "\t\ta file containing random data\n");
+ fprintf(stderr, "\t-a:\t");
+ fprintf(stderr, "verify generated signatures\n");
+ fprintf(stderr, "\t-p:\t");
+ fprintf(stderr, "use pseudorandom data (faster but less secure)\n");
+ fprintf(stderr, "\t-t:\t");
+ fprintf(stderr, "print statistics\n");
+ fprintf(stderr, "\t-n ncpus (number of cpus present)\n");
+ fprintf(stderr, "\t-k key_signing_key\n");
+ fprintf(stderr, "\t-l lookasidezone\n");
+ fprintf(stderr, "\t-3 salt (NSEC3 salt)\n");
+ fprintf(stderr, "\t-H interations (NSEC3 interations)\n");
+ fprintf(stderr, "\t-A (NSEC3 optout)\n");
+ fprintf(stderr, "\t-z:\t");
+ fprintf(stderr, "ignore KSK flag in DNSKEYs");
+
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Signing Keys: ");
+ fprintf(stderr, "(default: all zone keys that have private keys)\n");
+ fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
+ exit(0);
+}
+
+static void
+removetempfile(void) {
+ if (removefile)
+ isc_file_remove(tempfile);
+}
+
+static void
+print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
+ isc_uint64_t runtime_us; /* Runtime in microseconds */
+ isc_uint64_t runtime_ms; /* Runtime in milliseconds */
+ isc_uint64_t sig_ms; /* Signatures per millisecond */
+
+ runtime_us = isc_time_microdiff(timer_finish, timer_start);
+
+ printf("Signatures generated: %10d\n", nsigned);
+ printf("Signatures retained: %10d\n", nretained);
+ printf("Signatures dropped: %10d\n", ndropped);
+ printf("Signatures successfully verified: %10d\n", nverified);
+ printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
+ runtime_ms = runtime_us / 1000;
+ printf("Runtime in seconds: %7u.%03u\n",
+ (unsigned int) (runtime_ms / 1000),
+ (unsigned int) (runtime_ms % 1000));
+ if (runtime_us > 0) {
+ sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
+ printf("Signatures per second: %7u.%03u\n",
+ (unsigned int) sig_ms / 1000,
+ (unsigned int) sig_ms % 1000);
+ }
+}
+
+int
+main(int argc, char *argv[]) {
+ int i, ch;
+ char *startstr = NULL, *endstr = NULL, *classname = NULL;
+ char *origin = NULL, *file = NULL, *output = NULL;
+ char *inputformatstr = NULL, *outputformatstr = NULL;
+ char *serialformatstr = NULL;
+ char *dskeyfile[MAXDSKEYS];
+ int ndskeys = 0;
+ char *endp;
+ isc_time_t timer_start, timer_finish;
+ signer_key_t *key;
+ isc_result_t result;
+ isc_log_t *log = NULL;
+ isc_boolean_t pseudorandom = ISC_FALSE;
+ unsigned int eflags;
+ isc_boolean_t free_output = ISC_FALSE;
+ int tempfilelen;
+ dns_rdataclass_t rdclass;
+ isc_task_t **tasks = NULL;
+ isc_buffer_t b;
+ int len;
+ unsigned int iterations = 100U;
+ const unsigned char *salt = NULL;
+ size_t salt_length = 0;
+ unsigned char saltbuf[255];
+ hashlist_t hashlist;
+
+#define CMDLINE_FLAGS "3:aAc:d:e:f:ghH:i:I:j:k:l:m:n:N:o:O:pr:s:StUv:z"
+
+ /*
+ * Process memory debugging arguement first.
+ */
+ while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
+ switch (ch) {
+ case 'm':
+ if (strcasecmp(isc_commandline_argument, "record") == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
+ if (strcasecmp(isc_commandline_argument, "trace") == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
+ if (strcasecmp(isc_commandline_argument, "usage") == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
+ if (strcasecmp(isc_commandline_argument, "size") == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
+ if (strcasecmp(isc_commandline_argument, "mctx") == 0)
+ isc_mem_debugging |= ISC_MEM_DEBUGCTX;
+ break;
+ default:
+ break;
+ }
+ }
+ isc_commandline_reset = ISC_TRUE;
+
+ masterstyle = &dns_master_style_explicitttl;
+
+ check_result(isc_app_start(), "isc_app_start");
+
+ result = isc_mem_create(0, 0, &mctx);
+ if (result != ISC_R_SUCCESS)
+ fatal("out of memory");
+
+ dns_result_register();
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
+ switch (ch) {
+ case '3':
+ if (strcmp(isc_commandline_argument, "-")) {
+ isc_buffer_t target;
+ char *sarg;
+
+ sarg = isc_commandline_argument;
+ isc_buffer_init(&target, saltbuf,
+ sizeof(saltbuf));
+ result = isc_hex_decodestring(sarg, &target);
+ check_result(result,
+ "isc_hex_decodestring(salt)");
+ salt = saltbuf;
+ salt_length = isc_buffer_usedlength(&target);
+ } else {
+ salt = saltbuf;
+ salt_length = 0;
+ }
+ nsec_datatype = dns_rdatatype_nsec3;
+ break;
+
+ case 'A':
+ nsec3flags |= DNS_NSEC3FLAG_OPTOUT;
+ break;
+
+ case 'a':
+ tryverify = ISC_TRUE;
+ break;
+
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+
+ case 'd':
+ directory = isc_commandline_argument;
+ break;
+
+ case 'e':
+ endstr = isc_commandline_argument;
+ break;
+
+ case 'f':
+ output = isc_commandline_argument;
+ break;
+
+ case 'g':
+ generateds = ISC_TRUE;
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ case 'h':
+ usage();
+ break;
+
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+
+ case 'i':
+ endp = NULL;
+ cycle = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0' || cycle < 0)
+ fatal("cycle period must be numeric and "
+ "positive");
+ break;
+
+ case 'I':
+ inputformatstr = isc_commandline_argument;
+ break;
+
+ case 'j':
+ endp = NULL;
+ jitter = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0' || jitter < 0)
+ fatal("jitter must be numeric and positive");
+ break;
+
+ case 'l':
+ dns_fixedname_init(&dlv_fixed);
+ len = strlen(isc_commandline_argument);
+ isc_buffer_init(&b, isc_commandline_argument, len);
+ isc_buffer_add(&b, len);
+
+ dns_fixedname_init(&dlv_fixed);
+ dlv = dns_fixedname_name(&dlv_fixed);
+ result = dns_name_fromtext(dlv, &b, dns_rootname,
+ ISC_FALSE, NULL);
+ check_result(result, "dns_name_fromtext(dlv)");
+ break;
+
+ case 'k':
+ if (ndskeys == MAXDSKEYS)
+ fatal("too many key-signing keys specified");
+ dskeyfile[ndskeys++] = isc_commandline_argument;
+ break;
+
+ case 'm':
+ break;
+
+ case 'n':
+ endp = NULL;
+ ntasks = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0' || ntasks > ISC_INT32_MAX)
+ fatal("number of cpus must be numeric");
+ break;
+
+ case 'N':
+ serialformatstr = isc_commandline_argument;
+ break;
+
+ case 'H':
+ iterations = strtoul(isc_commandline_argument,
+ &endp, 0);
+ if (*endp != '\0')
+ fatal("iterations must be numeric");
+ if (iterations > 0xffffU)
+ fatal("iterations too big");
+ break;
+
+ case 'o':
+ origin = isc_commandline_argument;
+ break;
+
+ case 'O':
+ outputformatstr = isc_commandline_argument;
+ break;
+
+ case 'p':
+ pseudorandom = ISC_TRUE;
+ break;
+
+ case 'r':
+ setup_entropy(mctx, isc_commandline_argument, &ectx);
+ break;
+
+ case 's':
+ startstr = isc_commandline_argument;
+ break;
+
+ case 'S':
+ /* This is intentionally undocumented */
+ /* -S: simple output style */
+ masterstyle = &dns_master_style_simple;
+ break;
+
+ case 't':
+ printstats = ISC_TRUE;
+ break;
+
+ case 'U': /* Undocumented for testing only. */
+ unknownalg = ISC_TRUE;
+ break;
+
+ case 'v':
+ endp = NULL;
+ verbose = strtol(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0')
+ fatal("verbose level must be numeric");
+ break;
+
+ case 'z':
+ ignoreksk = ISC_TRUE;
+ break;
+ }
+ }
+
+ if (ectx == NULL)
+ setup_entropy(mctx, NULL, &ectx);
+ eflags = ISC_ENTROPY_BLOCKING;
+ if (!pseudorandom)
+ eflags |= ISC_ENTROPY_GOODONLY;
+
+ result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not create hash context");
+
+ result = dst_lib_init(mctx, ectx, eflags);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not initialize dst");
+
+ isc_stdtime_get(&now);
+
+ if (startstr != NULL)
+ starttime = strtotime(startstr, now, now);
+ else
+ starttime = now - 3600; /* Allow for some clock skew. */
+
+ if (endstr != NULL)
+ endtime = strtotime(endstr, now, starttime);
+ else
+ endtime = starttime + (30 * 24 * 60 * 60);
+
+ if (cycle == -1)
+ cycle = (endtime - starttime) / 4;
+
+ if (ntasks == 0)
+ ntasks = isc_os_ncpus() * 2;
+ vbprintf(4, "using %d cpus\n", ntasks);
+
+ rdclass = strtoclass(classname);
+
+ setup_logging(verbose, mctx, &log);
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc < 1)
+ usage();
+
+ file = argv[0];
+
+ argc -= 1;
+ argv += 1;
+
+ if (origin == NULL)
+ origin = file;
+
+ if (output == NULL) {
+ free_output = ISC_TRUE;
+ output = isc_mem_allocate(mctx,
+ strlen(file) + strlen(".signed") + 1);
+ if (output == NULL)
+ fatal("out of memory");
+ sprintf(output, "%s.signed", file);
+ }
+
+ if (inputformatstr != NULL) {
+ if (strcasecmp(inputformatstr, "text") == 0)
+ inputformat = dns_masterformat_text;
+ else if (strcasecmp(inputformatstr, "raw") == 0)
+ inputformat = dns_masterformat_raw;
+ else
+ fatal("unknown file format: %s\n", inputformatstr);
+ }
+
+ if (outputformatstr != NULL) {
+ if (strcasecmp(outputformatstr, "text") == 0)
+ outputformat = dns_masterformat_text;
+ else if (strcasecmp(outputformatstr, "raw") == 0)
+ outputformat = dns_masterformat_raw;
+ else
+ fatal("unknown file format: %s\n", outputformatstr);
+ }
+
+ if (serialformatstr != NULL) {
+ if (strcasecmp(serialformatstr, "keep") == 0)
+ serialformat = SOA_SERIAL_KEEP;
+ else if (strcasecmp(serialformatstr, "increment") == 0 ||
+ strcasecmp(serialformatstr, "incr") == 0)
+ serialformat = SOA_SERIAL_INCREMENT;
+ else if (strcasecmp(serialformatstr, "unixtime") == 0)
+ serialformat = SOA_SERIAL_UNIXTIME;
+ else
+ fatal("unknown soa serial format: %s\n", serialformatstr);
+ }
+
+ result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
+ 0, 24, 0, 0, 0, 8, mctx);
+ check_result(result, "dns_master_stylecreate");
+
+ gdb = NULL;
+ TIME_NOW(&timer_start);
+ loadzone(file, origin, rdclass, &gdb);
+ gorigin = dns_db_origin(gdb);
+ gclass = dns_db_class(gdb);
+ zonettl = soattl();
+
+ if (IS_NSEC3) {
+ isc_boolean_t answer;
+ hash_length = dns_nsec3_hashlength(dns_hash_sha1);
+ hashlist_init(&hashlist, dns_db_nodecount(gdb) * 2,
+ hash_length);
+ result = dns_nsec_nseconly(gdb, gversion, &answer);
+ check_result(result, "dns_nsec_nseconly");
+ if (answer)
+ fatal("NSEC3 generation requested with "
+ "NSEC only DNSKEY");
+ }
+
+ ISC_LIST_INIT(keylist);
+
+ if (argc == 0) {
+ loadzonekeys(gdb);
+ } else {
+ for (i = 0; i < argc; i++) {
+ dst_key_t *newkey = NULL;
+
+ result = dst_key_fromnamedfile(argv[i],
+ DST_TYPE_PUBLIC |
+ DST_TYPE_PRIVATE,
+ mctx, &newkey);
+ if (result != ISC_R_SUCCESS)
+ fatal("cannot load dnskey %s: %s", argv[i],
+ isc_result_totext(result));
+
+ if (!dns_name_equal(gorigin, dst_key_name(newkey)))
+ fatal("key %s not at origin\n", argv[i]);
+
+ key = ISC_LIST_HEAD(keylist);
+ while (key != NULL) {
+ dst_key_t *dkey = key->key;
+ if (dst_key_id(dkey) == dst_key_id(newkey) &&
+ dst_key_alg(dkey) == dst_key_alg(newkey) &&
+ dns_name_equal(dst_key_name(dkey),
+ dst_key_name(newkey)))
+ {
+ if (!dst_key_isprivate(dkey))
+ fatal("cannot sign zone with "
+ "non-private dnskey %s",
+ argv[i]);
+ break;
+ }
+ key = ISC_LIST_NEXT(key, link);
+ }
+ if (key == NULL) {
+ key = newkeystruct(newkey, ISC_TRUE);
+ ISC_LIST_APPEND(keylist, key, link);
+ } else
+ dst_key_free(&newkey);
+ }
+
+ loadzonepubkeys(gdb);
+ }
+
+ for (i = 0; i < ndskeys; i++) {
+ dst_key_t *newkey = NULL;
+
+ result = dst_key_fromnamedfile(dskeyfile[i],
+ DST_TYPE_PUBLIC |
+ DST_TYPE_PRIVATE,
+ mctx, &newkey);
+ if (result != ISC_R_SUCCESS)
+ fatal("cannot load dnskey %s: %s", dskeyfile[i],
+ isc_result_totext(result));
+
+ if (!dns_name_equal(gorigin, dst_key_name(newkey)))
+ fatal("key %s not at origin\n", dskeyfile[i]);
+
+ key = ISC_LIST_HEAD(keylist);
+ while (key != NULL) {
+ dst_key_t *dkey = key->key;
+ if (dst_key_id(dkey) == dst_key_id(newkey) &&
+ dst_key_alg(dkey) == dst_key_alg(newkey) &&
+ dns_name_equal(dst_key_name(dkey),
+ dst_key_name(newkey)))
+ {
+ /* Override key flags. */
+ key->issigningkey = ISC_TRUE;
+ key->isksk = ISC_TRUE;
+ key->isdsk = ISC_FALSE;
+ dst_key_free(&dkey);
+ key->key = newkey;
+ break;
+ }
+ key = ISC_LIST_NEXT(key, link);
+ }
+ if (key == NULL) {
+ /* Override dnskey flags. */
+ key = newkeystruct(newkey, ISC_TRUE);
+ key->isksk = ISC_TRUE;
+ key->isdsk = ISC_FALSE;
+ ISC_LIST_APPEND(keylist, key, link);
+ }
+ }
+
+ if (ISC_LIST_EMPTY(keylist)) {
+ fprintf(stderr, "%s: warning: No keys specified or found\n",
+ program);
+ nokeys = ISC_TRUE;
+ }
+
+ if (IS_NSEC3) {
+ unsigned int max;
+ result = dns_nsec3_maxiterations(gdb, NULL, mctx, &max);
+ check_result(result, "dns_nsec3_maxiterations()");
+ if (iterations > max)
+ fatal("NSEC3 interations too big for weakest DNSKEY "
+ "strength. Maximum iterations allowed %u.", max);
+ }
+
+ warnifallksk(gdb);
+
+ gversion = NULL;
+ result = dns_db_newversion(gdb, &gversion);
+ check_result(result, "dns_db_newversion()");
+
+ switch (serialformat) {
+ case SOA_SERIAL_INCREMENT:
+ setsoaserial(0);
+ break;
+ case SOA_SERIAL_UNIXTIME:
+ setsoaserial(now);
+ break;
+ case SOA_SERIAL_KEEP:
+ default:
+ /* do nothing */
+ break;
+ }
+
+ if (IS_NSEC3)
+ nsec3ify(dns_hash_sha1, iterations, salt, salt_length,
+ &hashlist);
+ else
+ nsecify();
+
+ if (!nokeys) {
+ writeset("keyset-", dns_rdatatype_dnskey);
+ writeset("dsset-", dns_rdatatype_ds);
+ if (dlv != NULL) {
+ writeset("dlvset-", dns_rdatatype_dlv);
+ }
+ }
+
+ tempfilelen = strlen(output) + 20;
+ tempfile = isc_mem_get(mctx, tempfilelen);
+ if (tempfile == NULL)
+ fatal("out of memory");
+
+ result = isc_file_mktemplate(output, tempfile, tempfilelen);
+ check_result(result, "isc_file_mktemplate");
+
+ fp = NULL;
+ result = isc_file_openunique(tempfile, &fp);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to open temporary output file: %s",
+ isc_result_totext(result));
+ removefile = ISC_TRUE;
+ setfatalcallback(&removetempfile);
+
+ print_time(fp);
+ print_version(fp);
+
+ result = isc_taskmgr_create(mctx, ntasks, 0, &taskmgr);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to create task manager: %s",
+ isc_result_totext(result));
+
+ master = NULL;
+ result = isc_task_create(taskmgr, 0, &master);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to create task: %s", isc_result_totext(result));
+
+ tasks = isc_mem_get(mctx, ntasks * sizeof(isc_task_t *));
+ if (tasks == NULL)
+ fatal("out of memory");
+ for (i = 0; i < (int)ntasks; i++) {
+ tasks[i] = NULL;
+ result = isc_task_create(taskmgr, 0, &tasks[i]);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to create task: %s",
+ isc_result_totext(result));
+ }
+
+ RUNTIME_CHECK(isc_mutex_init(&namelock) == ISC_R_SUCCESS);
+ if (printstats)
+ RUNTIME_CHECK(isc_mutex_init(&statslock) == ISC_R_SUCCESS);
+
+ presign();
+ signapex();
+ if (!finished) {
+ /*
+ * There is more work to do. Spread it out over multiple
+ * processors if possible.
+ */
+ for (i = 0; i < (int)ntasks; i++) {
+ result = isc_app_onrun(mctx, master, startworker,
+ tasks[i]);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to start task: %s",
+ isc_result_totext(result));
+ }
+ (void)isc_app_run();
+ if (!finished)
+ fatal("process aborted by user");
+ } else
+ isc_task_detach(&master);
+ shuttingdown = ISC_TRUE;
+ for (i = 0; i < (int)ntasks; i++)
+ isc_task_detach(&tasks[i]);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));
+ postsign();
+
+ if (outputformat != dns_masterformat_text) {
+ result = dns_master_dumptostream2(mctx, gdb, gversion,
+ masterstyle, outputformat,
+ fp);
+ check_result(result, "dns_master_dumptostream2");
+ }
+
+ result = isc_stdio_close(fp);
+ check_result(result, "isc_stdio_close");
+ removefile = ISC_FALSE;
+
+ result = isc_file_rename(tempfile, output);
+ if (result != ISC_R_SUCCESS)
+ fatal("failed to rename temp file to %s: %s\n",
+ output, isc_result_totext(result));
+
+ DESTROYLOCK(&namelock);
+ if (printstats)
+ DESTROYLOCK(&statslock);
+
+ printf("%s\n", output);
+
+ dns_db_closeversion(gdb, &gversion, ISC_FALSE);
+ dns_db_detach(&gdb);
+
+ while (!ISC_LIST_EMPTY(keylist)) {
+ key = ISC_LIST_HEAD(keylist);
+ ISC_LIST_UNLINK(keylist, key, link);
+ dst_key_free(&key->key);
+ isc_mem_put(mctx, key, sizeof(signer_key_t));
+ }
+
+ isc_mem_put(mctx, tempfile, tempfilelen);
+
+ if (free_output)
+ isc_mem_free(mctx, output);
+
+ dns_master_styledestroy(&dsstyle, mctx);
+
+ cleanup_logging(&log);
+ dst_lib_destroy();
+ isc_hash_destroy();
+ cleanup_entropy(&ectx);
+ dns_name_destroy();
+ if (verbose > 10)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ (void) isc_app_finish();
+
+ if (printstats) {
+ TIME_NOW(&timer_finish);
+ print_stats(&timer_start, &timer_finish);
+ }
+
+ return (0);
+}
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
new file mode 100644
index 0000000..2f26ba4
--- /dev/null
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -0,0 +1,512 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-signzone.docbook,v 1.31 2008/10/14 14:28:25 jreed Exp $ -->
+<refentry id="man.dnssec-signzone">
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>dnssec-signzone</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>dnssec-signzone</application></refname>
+ <refpurpose>DNSSEC zone signing tool</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>dnssec-signzone</command>
+ <arg><option>-a</option></arg>
+ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
+ <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
+ <arg><option>-g</option></arg>
+ <arg><option>-h</option></arg>
+ <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
+ <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+ <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
+ <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
+ <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
+ <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
+ <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
+ <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
+ <arg><option>-p</option></arg>
+ <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
+ <arg><option>-t</option></arg>
+ <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg><option>-z</option></arg>
+ <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
+ <arg><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
+ <arg><option>-A</option></arg>
+ <arg choice="req">zonefile</arg>
+ <arg rep="repeat">key</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>dnssec-signzone</command>
+ signs a zone. It generates
+ NSEC and RRSIG records and produces a signed version of the
+ zone. The security status of delegations from the signed zone
+ (that is, whether the child zones are secure or not) is
+ determined by the presence or absence of a
+ <filename>keyset</filename> file for each child zone.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a</term>
+ <listitem>
+ <para>
+ Verify all generated signatures.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">class</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the DNS class of the zone.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">key</replaceable></term>
+ <listitem>
+ <para>
+ Treat specified key as a key signing key ignoring any
+ key flags. This option may be specified multiple times.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-l <replaceable class="parameter">domain</replaceable></term>
+ <listitem>
+ <para>
+ Generate a DLV set in addition to the key (DNSKEY) and DS sets.
+ The domain is appended to the name of the records.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-d <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>
+ Look for <filename>keyset</filename> files in
+ <option>directory</option> as the directory
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-g</term>
+ <listitem>
+ <para>
+ Generate DS records for child zones from keyset files.
+ Existing DS records will be removed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">start-time</replaceable></term>
+ <listitem>
+ <para>
+ Specify the date and time when the generated RRSIG records
+ become valid. This can be either an absolute or relative
+ time. An absolute start time is indicated by a number
+ in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+ 14:45:00 UTC on May 30th, 2000. A relative start time is
+ indicated by +N, which is N seconds from the current time.
+ If no <option>start-time</option> is specified, the current
+ time minus 1 hour (to allow for clock skew) is used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-e <replaceable class="parameter">end-time</replaceable></term>
+ <listitem>
+ <para>
+ Specify the date and time when the generated RRSIG records
+ expire. As with <option>start-time</option>, an absolute
+ time is indicated in YYYYMMDDHHMMSS notation. A time relative
+ to the start time is indicated with +N, which is N seconds from
+ the start time. A time relative to the current time is
+ indicated with now+N. If no <option>end-time</option> is
+ specified, 30 days from the start time is used as a default.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f <replaceable class="parameter">output-file</replaceable></term>
+ <listitem>
+ <para>
+ The name of the output file containing the signed zone. The
+ default is to append <filename>.signed</filename> to
+ the
+ input filename.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Prints a short summary of the options and arguments to
+ <command>dnssec-signzone</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i <replaceable class="parameter">interval</replaceable></term>
+ <listitem>
+ <para>
+ When a previously-signed zone is passed as input, records
+ may be resigned. The <option>interval</option> option
+ specifies the cycle interval as an offset from the current
+ time (in seconds). If a RRSIG record expires after the
+ cycle interval, it is retained. Otherwise, it is considered
+ to be expiring soon, and it will be replaced.
+ </para>
+ <para>
+ The default cycle interval is one quarter of the difference
+ between the signature end and start times. So if neither
+ <option>end-time</option> or <option>start-time</option>
+ are specified, <command>dnssec-signzone</command>
+ generates
+ signatures that are valid for 30 days, with a cycle
+ interval of 7.5 days. Therefore, if any existing RRSIG records
+ are due to expire in less than 7.5 days, they would be
+ replaced.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-I <replaceable class="parameter">input-format</replaceable></term>
+ <listitem>
+ <para>
+ The format of the input zone file.
+ Possible formats are <command>"text"</command> (default)
+ and <command>"raw"</command>.
+ This option is primarily intended to be used for dynamic
+ signed zones so that the dumped zone file in a non-text
+ format containing updates can be signed directly.
+ The use of this option does not make much sense for
+ non-dynamic zones.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-j <replaceable class="parameter">jitter</replaceable></term>
+ <listitem>
+ <para>
+ When signing a zone with a fixed signature lifetime, all
+ RRSIG records issued at the time of signing expires
+ simultaneously. If the zone is incrementally signed, i.e.
+ a previously-signed zone is passed as input to the signer,
+ all expired signatures have to be regenerated at about the
+ same time. The <option>jitter</option> option specifies a
+ jitter window that will be used to randomize the signature
+ expire time, thus spreading incremental signature
+ regeneration over time.
+ </para>
+ <para>
+ Signature lifetime jitter also to some extent benefits
+ validators and servers by spreading out cache expiration,
+ i.e. if large numbers of RRSIGs don't expire at the same time
+ from all caches there will be less congestion than if all
+ validators need to refetch at mostly the same time.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">ncpus</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the number of threads to use. By default, one
+ thread is started for each detected CPU.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-N <replaceable class="parameter">soa-serial-format</replaceable></term>
+ <listitem>
+ <para>
+ The SOA serial number format of the signed zone.
+ Possible formats are <command>"keep"</command> (default),
+ <command>"increment"</command> and
+ <command>"unixtime"</command>.
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><command>"keep"</command></term>
+ <listitem>
+ <para>Do not modify the SOA serial number.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>"increment"</command></term>
+ <listitem>
+ <para>Increment the SOA serial number using RFC 1982
+ arithmetics.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>"unixtime"</command></term>
+ <listitem>
+ <para>Set the SOA serial number to the number of seconds
+ since epoch.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-o <replaceable class="parameter">origin</replaceable></term>
+ <listitem>
+ <para>
+ The zone origin. If not specified, the name of the zone file
+ is assumed to be the origin.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-O <replaceable class="parameter">output-format</replaceable></term>
+ <listitem>
+ <para>
+ The format of the output file containing the signed zone.
+ Possible formats are <command>"text"</command> (default)
+ and <command>"raw"</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p</term>
+ <listitem>
+ <para>
+ Use pseudo-random data when signing the zone. This is faster,
+ but less secure, than using real random data. This option
+ may be useful when signing large zones or when the entropy
+ source is limited.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r <replaceable class="parameter">randomdev</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the source of randomness. If the operating
+ system does not provide a <filename>/dev/random</filename>
+ or equivalent device, the default source of randomness
+ is keyboard input. <filename>randomdev</filename>
+ specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <filename>keyboard</filename> indicates that keyboard
+ input should be used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t</term>
+ <listitem>
+ <para>
+ Print statistics at completion.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v <replaceable class="parameter">level</replaceable></term>
+ <listitem>
+ <para>
+ Sets the debugging level.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-z</term>
+ <listitem>
+ <para>
+ Ignore KSK flag on key when determining what to sign.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-3 <replaceable class="parameter">salt</replaceable></term>
+ <listitem>
+ <para>
+ Generate a NSEC3 chain with the given hex encoded salt.
+ A dash (<replaceable class="parameter">salt</replaceable>) can
+ be used to indicate that no salt is to be used when generating the NSEC3 chain.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-H <replaceable class="parameter">iterations</replaceable></term>
+ <listitem>
+ <para>
+ When generating a NSEC3 chain use this many interations. The
+ default is 100.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-A</term>
+ <listitem>
+ <para>
+ When generating a NSEC3 chain set the OPTOUT flag on all
+ NSEC3 records and do not generate NSEC3 records for insecure
+ delegations.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>zonefile</term>
+ <listitem>
+ <para>
+ The file containing the zone to be signed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>key</term>
+ <listitem>
+ <para>
+ Specify which keys should be used to sign the zone. If
+ no keys are specified, then the zone will be examined
+ for DNSKEY records at the zone apex. If these are found and
+ there are matching private keys, in the current directory,
+ then these will be used for signing.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLE</title>
+ <para>
+ The following command signs the <userinput>example.com</userinput>
+ zone with the DSA key generated by <command>dnssec-keygen</command>
+ (Kexample.com.+003+17247). The zone's keys must be in the master
+ file (<filename>db.example.com</filename>). This invocation looks
+ for <filename>keyset</filename> files, in the current directory,
+ so that DS records can be generated from them (<command>-g</command>).
+ </para>
+<programlisting>% dnssec-signzone -g -o example.com db.example.com \
+Kexample.com.+003+17247
+db.example.com.signed
+%</programlisting>
+ <para>
+ In the above example, <command>dnssec-signzone</command> creates
+ the file <filename>db.example.com.signed</filename>. This
+ file should be referenced in a zone statement in a
+ <filename>named.conf</filename> file.
+ </para>
+ <para>
+ This example re-signs a previously signed zone with default parameters.
+ The private keys are assumed to be in the current directory.
+ </para>
+<programlisting>% cp db.example.com.signed db.example.com
+% dnssec-signzone -o example.com db.example.com
+db.example.com.signed
+%</programlisting>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
+ <citetitle>RFC 4033</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
new file mode 100644
index 0000000..6548d84
--- /dev/null
+++ b/bin/dnssec/dnssec-signzone.html
@@ -0,0 +1,302 @@
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: dnssec-signzone.html,v 1.33 2008/10/15 01:11:35 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-signzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.dnssec-signzone"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543550"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">dnssec-signzone</strong></span>
+ signs a zone. It generates
+ NSEC and RRSIG records and produces a signed version of the
+ zone. The security status of delegations from the signed zone
+ (that is, whether the child zones are secure or not) is
+ determined by the presence or absence of a
+ <code class="filename">keyset</code> file for each child zone.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543565"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+ Verify all generated signatures.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+ Specifies the DNS class of the zone.
+ </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
+<dd><p>
+ Treat specified key as a key signing key ignoring any
+ key flags. This option may be specified multiple times.
+ </p></dd>
+<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p>
+ Generate a DLV set in addition to the key (DNSKEY) and DS sets.
+ The domain is appended to the name of the records.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ Look for <code class="filename">keyset</code> files in
+ <code class="option">directory</code> as the directory
+ </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+ Generate DS records for child zones from keyset files.
+ Existing DS records will be removed.
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+ Specify the date and time when the generated RRSIG records
+ become valid. This can be either an absolute or relative
+ time. An absolute start time is indicated by a number
+ in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+ 14:45:00 UTC on May 30th, 2000. A relative start time is
+ indicated by +N, which is N seconds from the current time.
+ If no <code class="option">start-time</code> is specified, the current
+ time minus 1 hour (to allow for clock skew) is used.
+ </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+ Specify the date and time when the generated RRSIG records
+ expire. As with <code class="option">start-time</code>, an absolute
+ time is indicated in YYYYMMDDHHMMSS notation. A time relative
+ to the start time is indicated with +N, which is N seconds from
+ the start time. A time relative to the current time is
+ indicated with now+N. If no <code class="option">end-time</code> is
+ specified, 30 days from the start time is used as a default.
+ </p></dd>
+<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
+<dd><p>
+ The name of the output file containing the signed zone. The
+ default is to append <code class="filename">.signed</code> to
+ the
+ input filename.
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Prints a short summary of the options and arguments to
+ <span><strong class="command">dnssec-signzone</strong></span>.
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+ When a previously-signed zone is passed as input, records
+ may be resigned. The <code class="option">interval</code> option
+ specifies the cycle interval as an offset from the current
+ time (in seconds). If a RRSIG record expires after the
+ cycle interval, it is retained. Otherwise, it is considered
+ to be expiring soon, and it will be replaced.
+ </p>
+<p>
+ The default cycle interval is one quarter of the difference
+ between the signature end and start times. So if neither
+ <code class="option">end-time</code> or <code class="option">start-time</code>
+ are specified, <span><strong class="command">dnssec-signzone</strong></span>
+ generates
+ signatures that are valid for 30 days, with a cycle
+ interval of 7.5 days. Therefore, if any existing RRSIG records
+ are due to expire in less than 7.5 days, they would be
+ replaced.
+ </p>
+</dd>
+<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
+<dd><p>
+ The format of the input zone file.
+ Possible formats are <span><strong class="command">"text"</strong></span> (default)
+ and <span><strong class="command">"raw"</strong></span>.
+ This option is primarily intended to be used for dynamic
+ signed zones so that the dumped zone file in a non-text
+ format containing updates can be signed directly.
+ The use of this option does not make much sense for
+ non-dynamic zones.
+ </p></dd>
+<dt><span class="term">-j <em class="replaceable"><code>jitter</code></em></span></dt>
+<dd>
+<p>
+ When signing a zone with a fixed signature lifetime, all
+ RRSIG records issued at the time of signing expires
+ simultaneously. If the zone is incrementally signed, i.e.
+ a previously-signed zone is passed as input to the signer,
+ all expired signatures have to be regenerated at about the
+ same time. The <code class="option">jitter</code> option specifies a
+ jitter window that will be used to randomize the signature
+ expire time, thus spreading incremental signature
+ regeneration over time.
+ </p>
+<p>
+ Signature lifetime jitter also to some extent benefits
+ validators and servers by spreading out cache expiration,
+ i.e. if large numbers of RRSIGs don't expire at the same time
+ from all caches there will be less congestion than if all
+ validators need to refetch at mostly the same time.
+ </p>
+</dd>
+<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
+<dd><p>
+ Specifies the number of threads to use. By default, one
+ thread is started for each detected CPU.
+ </p></dd>
+<dt><span class="term">-N <em class="replaceable"><code>soa-serial-format</code></em></span></dt>
+<dd>
+<p>
+ The SOA serial number format of the signed zone.
+ Possible formats are <span><strong class="command">"keep"</strong></span> (default),
+ <span><strong class="command">"increment"</strong></span> and
+ <span><strong class="command">"unixtime"</strong></span>.
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><span><strong class="command">"keep"</strong></span></span></dt>
+<dd><p>Do not modify the SOA serial number.</p></dd>
+<dt><span class="term"><span><strong class="command">"increment"</strong></span></span></dt>
+<dd><p>Increment the SOA serial number using RFC 1982
+ arithmetics.</p></dd>
+<dt><span class="term"><span><strong class="command">"unixtime"</strong></span></span></dt>
+<dd><p>Set the SOA serial number to the number of seconds
+ since epoch.</p></dd>
+</dl></div>
+</dd>
+<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
+<dd><p>
+ The zone origin. If not specified, the name of the zone file
+ is assumed to be the origin.
+ </p></dd>
+<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
+<dd><p>
+ The format of the output file containing the signed zone.
+ Possible formats are <span><strong class="command">"text"</strong></span> (default)
+ and <span><strong class="command">"raw"</strong></span>.
+ </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+ Use pseudo-random data when signing the zone. This is faster,
+ but less secure, than using real random data. This option
+ may be useful when signing large zones or when the entropy
+ source is limited.
+ </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+ Specifies the source of randomness. If the operating
+ system does not provide a <code class="filename">/dev/random</code>
+ or equivalent device, the default source of randomness
+ is keyboard input. <code class="filename">randomdev</code>
+ specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <code class="filename">keyboard</code> indicates that keyboard
+ input should be used.
+ </p></dd>
+<dt><span class="term">-t</span></dt>
+<dd><p>
+ Print statistics at completion.
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+ Sets the debugging level.
+ </p></dd>
+<dt><span class="term">-z</span></dt>
+<dd><p>
+ Ignore KSK flag on key when determining what to sign.
+ </p></dd>
+<dt><span class="term">-3 <em class="replaceable"><code>salt</code></em></span></dt>
+<dd><p>
+ Generate a NSEC3 chain with the given hex encoded salt.
+ A dash (<em class="replaceable"><code>salt</code></em>) can
+ be used to indicate that no salt is to be used when generating the NSEC3 chain.
+ </p></dd>
+<dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt>
+<dd><p>
+ When generating a NSEC3 chain use this many interations. The
+ default is 100.
+ </p></dd>
+<dt><span class="term">-A</span></dt>
+<dd><p>
+ When generating a NSEC3 chain set the OPTOUT flag on all
+ NSEC3 records and do not generate NSEC3 records for insecure
+ delegations.
+ </p></dd>
+<dt><span class="term">zonefile</span></dt>
+<dd><p>
+ The file containing the zone to be signed.
+ </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+ Specify which keys should be used to sign the zone. If
+ no keys are specified, then the zone will be examined
+ for DNSKEY records at the zone apex. If these are found and
+ there are matching private keys, in the current directory,
+ then these will be used for signing.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544404"></a><h2>EXAMPLE</h2>
+<p>
+ The following command signs the <strong class="userinput"><code>example.com</code></strong>
+ zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
+ (Kexample.com.+003+17247). The zone's keys must be in the master
+ file (<code class="filename">db.example.com</code>). This invocation looks
+ for <code class="filename">keyset</code> files, in the current directory,
+ so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
+ </p>
+<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
+Kexample.com.+003+17247
+db.example.com.signed
+%</pre>
+<p>
+ In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
+ the file <code class="filename">db.example.com.signed</code>. This
+ file should be referenced in a zone statement in a
+ <code class="filename">named.conf</code> file.
+ </p>
+<p>
+ This example re-signs a previously signed zone with default parameters.
+ The private keys are assumed to be in the current directory.
+ </p>
+<pre class="programlisting">% cp db.example.com.signed db.example.com
+% dnssec-signzone -o example.com db.example.com
+db.example.com.signed
+%</pre>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544523"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 4033</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544548"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
new file mode 100644
index 0000000..e933a06
--- /dev/null
+++ b/bin/dnssec/dnssectool.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssectool.c,v 1.45 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+/*%
+ * DNSSEC Support Routines.
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/entropy.h>
+#include <isc/list.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+#include <isc/print.h>
+
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+#include <dns/time.h>
+
+#include "dnssectool.h"
+
+extern int verbose;
+extern const char *program;
+
+typedef struct entropysource entropysource_t;
+
+struct entropysource {
+ isc_entropysource_t *source;
+ isc_mem_t *mctx;
+ ISC_LINK(entropysource_t) link;
+};
+
+static ISC_LIST(entropysource_t) sources;
+static fatalcallback_t *fatalcallback = NULL;
+
+void
+fatal(const char *format, ...) {
+ va_list args;
+
+ fprintf(stderr, "%s: ", program);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ if (fatalcallback != NULL)
+ (*fatalcallback)();
+ exit(1);
+}
+
+void
+setfatalcallback(fatalcallback_t *callback) {
+ fatalcallback = callback;
+}
+
+void
+check_result(isc_result_t result, const char *message) {
+ if (result != ISC_R_SUCCESS)
+ fatal("%s: %s", message, isc_result_totext(result));
+}
+
+void
+vbprintf(int level, const char *fmt, ...) {
+ va_list ap;
+ if (level > verbose)
+ return;
+ va_start(ap, fmt);
+ fprintf(stderr, "%s: ", program);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+}
+
+void
+type_format(const dns_rdatatype_t type, char *cp, unsigned int size) {
+ isc_buffer_t b;
+ isc_region_t r;
+ isc_result_t result;
+
+ isc_buffer_init(&b, cp, size - 1);
+ result = dns_rdatatype_totext(type, &b);
+ check_result(result, "dns_rdatatype_totext()");
+ isc_buffer_usedregion(&b, &r);
+ r.base[r.length] = 0;
+}
+
+void
+alg_format(const dns_secalg_t alg, char *cp, unsigned int size) {
+ isc_buffer_t b;
+ isc_region_t r;
+ isc_result_t result;
+
+ isc_buffer_init(&b, cp, size - 1);
+ result = dns_secalg_totext(alg, &b);
+ check_result(result, "dns_secalg_totext()");
+ isc_buffer_usedregion(&b, &r);
+ r.base[r.length] = 0;
+}
+
+void
+sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char algstr[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(&sig->signer, namestr, sizeof(namestr));
+ alg_format(sig->algorithm, algstr, sizeof(algstr));
+ snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
+}
+
+void
+key_format(const dst_key_t *key, char *cp, unsigned int size) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char algstr[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
+ alg_format((dns_secalg_t) dst_key_alg(key), algstr, sizeof(algstr));
+ snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
+}
+
+void
+setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
+ isc_result_t result;
+ isc_logdestination_t destination;
+ isc_logconfig_t *logconfig = NULL;
+ isc_log_t *log = NULL;
+ int level;
+
+ if (verbose < 0)
+ verbose = 0;
+ switch (verbose) {
+ case 0:
+ /*
+ * We want to see warnings about things like out-of-zone
+ * data in the master file even when not verbose.
+ */
+ level = ISC_LOG_WARNING;
+ break;
+ case 1:
+ level = ISC_LOG_INFO;
+ break;
+ default:
+ level = ISC_LOG_DEBUG(verbose - 2 + 1);
+ break;
+ }
+
+ RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
+ isc_log_setcontext(log);
+ dns_log_init(log);
+ dns_log_setcontext(log);
+
+ RUNTIME_CHECK(isc_log_settag(logconfig, program) == ISC_R_SUCCESS);
+
+ /*
+ * Set up a channel similar to default_stderr except:
+ * - the logging level is passed in
+ * - the program name and logging level are printed
+ * - no time stamp is printed
+ */
+ destination.file.stream = stderr;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ result = isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC,
+ level,
+ &destination,
+ ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL);
+ check_result(result, "isc_log_createchannel()");
+
+ RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+ NULL, NULL) == ISC_R_SUCCESS);
+
+ *logp = log;
+}
+
+void
+cleanup_logging(isc_log_t **logp) {
+ isc_log_t *log;
+
+ REQUIRE(logp != NULL);
+
+ log = *logp;
+ if (log == NULL)
+ return;
+ isc_log_destroy(&log);
+ isc_log_setcontext(NULL);
+ dns_log_setcontext(NULL);
+ logp = NULL;
+}
+
+void
+setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
+ isc_result_t result;
+ isc_entropysource_t *source = NULL;
+ entropysource_t *elt;
+ int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
+
+ REQUIRE(ectx != NULL);
+
+ if (*ectx == NULL) {
+ result = isc_entropy_create(mctx, ectx);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not create entropy object");
+ ISC_LIST_INIT(sources);
+ }
+
+ if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
+ usekeyboard = ISC_ENTROPY_KEYBOARDYES;
+ randomfile = NULL;
+ }
+
+ result = isc_entropy_usebestsource(*ectx, &source, randomfile,
+ usekeyboard);
+
+ if (result != ISC_R_SUCCESS)
+ fatal("could not initialize entropy source: %s",
+ isc_result_totext(result));
+
+ if (source != NULL) {
+ elt = isc_mem_get(mctx, sizeof(*elt));
+ if (elt == NULL)
+ fatal("out of memory");
+ elt->source = source;
+ elt->mctx = mctx;
+ ISC_LINK_INIT(elt, link);
+ ISC_LIST_APPEND(sources, elt, link);
+ }
+}
+
+void
+cleanup_entropy(isc_entropy_t **ectx) {
+ entropysource_t *source;
+ while (!ISC_LIST_EMPTY(sources)) {
+ source = ISC_LIST_HEAD(sources);
+ ISC_LIST_UNLINK(sources, source, link);
+ isc_entropy_destroysource(&source->source);
+ isc_mem_put(source->mctx, source, sizeof(*source));
+ }
+ isc_entropy_detach(ectx);
+}
+
+isc_stdtime_t
+strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
+ isc_int64_t val, offset;
+ isc_result_t result;
+ char *endp;
+
+ if (str[0] == '+') {
+ offset = strtol(str + 1, &endp, 0);
+ if (*endp != '\0')
+ fatal("time value %s is invalid", str);
+ val = base + offset;
+ } else if (strncmp(str, "now+", 4) == 0) {
+ offset = strtol(str + 4, &endp, 0);
+ if (*endp != '\0')
+ fatal("time value %s is invalid", str);
+ val = now + offset;
+ } else if (strlen(str) == 8U) {
+ char timestr[15];
+ sprintf(timestr, "%s000000", str);
+ result = dns_time64_fromtext(timestr, &val);
+ if (result != ISC_R_SUCCESS)
+ fatal("time value %s is invalid", str);
+ } else {
+ result = dns_time64_fromtext(str, &val);
+ if (result != ISC_R_SUCCESS)
+ fatal("time value %s is invalid", str);
+ }
+
+ return ((isc_stdtime_t) val);
+}
+
+dns_rdataclass_t
+strtoclass(const char *str) {
+ isc_textregion_t r;
+ dns_rdataclass_t rdclass;
+ isc_result_t ret;
+
+ if (str == NULL)
+ return dns_rdataclass_in;
+ DE_CONST(str, r.base);
+ r.length = strlen(str);
+ ret = dns_rdataclass_fromtext(&rdclass, &r);
+ if (ret != ISC_R_SUCCESS)
+ fatal("unknown class %s", str);
+ return (rdclass);
+}
diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h
new file mode 100644
index 0000000..ee476f4
--- /dev/null
+++ b/bin/dnssec/dnssectool.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssectool.h,v 1.22 2008/09/25 04:02:38 tbox Exp $ */
+
+#ifndef DNSSECTOOL_H
+#define DNSSECTOOL_H 1
+
+#include <isc/log.h>
+#include <isc/stdtime.h>
+#include <dns/rdatastruct.h>
+#include <dst/dst.h>
+
+typedef void (fatalcallback_t)(void);
+
+void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+setfatalcallback(fatalcallback_t *callback);
+
+void
+check_result(isc_result_t result, const char *message);
+
+void
+vbprintf(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
+
+void
+type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
+#define TYPE_FORMATSIZE 20
+
+void
+alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
+#define ALG_FORMATSIZE 10
+
+void
+sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
+#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
+
+void
+key_format(const dst_key_t *key, char *cp, unsigned int size);
+#define KEY_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
+
+void
+setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp);
+
+void
+cleanup_logging(isc_log_t **logp);
+
+void
+setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx);
+
+void
+cleanup_entropy(isc_entropy_t **ectx);
+
+isc_stdtime_t
+strtotime(const char *str, isc_int64_t now, isc_int64_t base);
+
+dns_rdataclass_t
+strtoclass(const char *str);
+
+#endif /* DNSSEC_DNSSECTOOL_H */
diff --git a/bin/dnssec/win32/dnssectool.dsp b/bin/dnssec/win32/dnssectool.dsp
new file mode 100644
index 0000000..ebc4b11
--- /dev/null
+++ b/bin/dnssec/win32/dnssectool.dsp
@@ -0,0 +1,113 @@
+# Microsoft Developer Studio Project File - Name="dnssectool" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=dnssectool - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "dnssectool.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "dnssectool.mak" CFG="dnssectool - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "dnssectool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "dnssectool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "dnssectool - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddnssectool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /out:"Release/dnssectool.lib"
+
+!ELSEIF "$(CFG)" == "dnssectool - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddnssectool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /debug out:"Debug/dnssectool.lib"
+
+!ENDIF
+
+# Begin Target
+
+# Name "dnssectool - Win32 Release"
+# Name "dnssectool - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\dnssectool.c
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/bin/dnssec/win32/dnssectool.dsw b/bin/dnssec/win32/dnssectool.dsw
new file mode 100644
index 0000000..1049441
--- /dev/null
+++ b/bin/dnssec/win32/dnssectool.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "dighost"=".\dnssectool.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dnssec/win32/dsfromkey.dsp b/bin/dnssec/win32/dsfromkey.dsp
new file mode 100644
index 0000000..6557bfb
--- /dev/null
+++ b/bin/dnssec/win32/dsfromkey.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="dsfromkey" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=dsfromkey - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "dsfromkey.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "dsfromkey - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe"
+
+!ELSEIF "$(CFG)" == "dsfromkey - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "dsfromkey - Win32 Release"
+# Name "dsfromkey - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\dnssec-dsfromkey.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dnssec/win32/dsfromkey.dsw b/bin/dnssec/win32/dsfromkey.dsw
new file mode 100644
index 0000000..62b5c48
--- /dev/null
+++ b/bin/dnssec/win32/dsfromkey.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "dsfromkey"=".\dsfromkey.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dnssec/win32/dsfromkey.mak b/bin/dnssec/win32/dsfromkey.mak
new file mode 100644
index 0000000..41612d2
--- /dev/null
+++ b/bin/dnssec/win32/dsfromkey.mak
@@ -0,0 +1,324 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on dsfromkey.dsp
+!IF "$(CFG)" == ""
+CFG=dsfromkey - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to dsfromkey - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "dsfromkey - Win32 Release" && "$(CFG)" != "dsfromkey - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "dsfromkey - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "dsfromkey - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\dnssec-dsfromkey.exe"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-dsfromkey.obj"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\dnssec-dsfromkey.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dsfromkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-dsfromkey.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Release\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "dsfromkey - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dnssec-dsfromkey.exe" "$(OUTDIR)\dsfromkey.bsc"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-dsfromkey.obj"
+ -@erase "$(INTDIR)\dnssec-dsfromkey.sbr"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\dnssectool.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\dnssec-dsfromkey.pdb"
+ -@erase "$(OUTDIR)\dsfromkey.bsc"
+ -@erase "..\..\..\Build\Debug\dnssec-dsfromkey.exe"
+ -@erase "..\..\..\Build\Debug\dnssec-dsfromkey.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dnssec-dsfromkey.sbr" \
+ "$(INTDIR)\dnssectool.sbr"
+
+"$(OUTDIR)\dsfromkey.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-dsfromkey.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Debug\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("dsfromkey.dep")
+!INCLUDE "dsfromkey.dep"
+!ELSE
+!MESSAGE Warning: cannot find "dsfromkey.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "dsfromkey - Win32 Release" || "$(CFG)" == "dsfromkey - Win32 Debug"
+SOURCE="..\dnssec-dsfromkey.c"
+
+!IF "$(CFG)" == "dsfromkey - Win32 Release"
+
+
+"$(INTDIR)\dnssec-dsfromkey.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "dsfromkey - Win32 Debug"
+
+
+"$(INTDIR)\dnssec-dsfromkey.obj" "$(INTDIR)\dnssec-dsfromkey.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\dnssectool.c
+
+!IF "$(CFG)" == "dsfromkey - Win32 Release"
+
+
+"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "dsfromkey - Win32 Debug"
+
+
+"$(INTDIR)\dnssectool.obj" "$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dnssec/win32/keyfromlabel.dsp b/bin/dnssec/win32/keyfromlabel.dsp
new file mode 100644
index 0000000..b285b7c
--- /dev/null
+++ b/bin/dnssec/win32/keyfromlabel.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="keyfromlabel" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=keyfromlabel - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "keyfromlabel.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "keyfromlabel - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe"
+
+!ELSEIF "$(CFG)" == "keyfromlabel - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "keyfromlabel - Win32 Release"
+# Name "keyfromlabel - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\dnssec-keyfromlabel.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dnssec/win32/keyfromlabel.dsw b/bin/dnssec/win32/keyfromlabel.dsw
new file mode 100644
index 0000000..085c24d
--- /dev/null
+++ b/bin/dnssec/win32/keyfromlabel.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "keyfromlabel"=".\keyfromlabel.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dnssec/win32/keyfromlabel.mak b/bin/dnssec/win32/keyfromlabel.mak
new file mode 100644
index 0000000..6c5d405
--- /dev/null
+++ b/bin/dnssec/win32/keyfromlabel.mak
@@ -0,0 +1,324 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on keyfromlabel.dsp
+!IF "$(CFG)" == ""
+CFG=keyfromlabel - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to keyfromlabel - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "keyfromlabel - Win32 Release" && "$(CFG)" != "keyfromlabel - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "keyfromlabel - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "keyfromlabel - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keyfromlabel.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-keyfromlabel.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Release\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "keyfromlabel - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dnssec-keyfromlabel.exe" "$(OUTDIR)\keyfromlabel.bsc"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
+ -@erase "$(INTDIR)\dnssec-keyfromlabel.sbr"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\dnssectool.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\dnssec-keyfromlabel.pdb"
+ -@erase "$(OUTDIR)\keyfromlabel.bsc"
+ -@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.exe"
+ -@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dnssec-keyfromlabel.sbr" \
+ "$(INTDIR)\dnssectool.sbr"
+
+"$(OUTDIR)\keyfromlabel.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-keyfromlabel.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Debug\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("keyfromlabel.dep")
+!INCLUDE "keyfromlabel.dep"
+!ELSE
+!MESSAGE Warning: cannot find "keyfromlabel.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "keyfromlabel - Win32 Release" || "$(CFG)" == "keyfromlabel - Win32 Debug"
+SOURCE="..\dnssec-keyfromlabel.c"
+
+!IF "$(CFG)" == "keyfromlabel - Win32 Release"
+
+
+"$(INTDIR)\dnssec-keyfromlabel.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "keyfromlabel - Win32 Debug"
+
+
+"$(INTDIR)\dnssec-keyfromlabel.obj" "$(INTDIR)\dnssec-keyfromlabel.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\dnssectool.c
+
+!IF "$(CFG)" == "keyfromlabel - Win32 Release"
+
+
+"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "keyfromlabel - Win32 Debug"
+
+
+"$(INTDIR)\dnssectool.obj" "$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dnssec/win32/keygen.dsp b/bin/dnssec/win32/keygen.dsp
new file mode 100644
index 0000000..5eb70f0
--- /dev/null
+++ b/bin/dnssec/win32/keygen.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="keygen" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=keygen - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "keygen.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "keygen.mak" CFG="keygen - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "keygen - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "keygen - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "keygen - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
+
+!ELSEIF "$(CFG)" == "keygen - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "keygen - Win32 Release"
+# Name "keygen - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\dnssec-keygen.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dnssec/win32/keygen.dsw b/bin/dnssec/win32/keygen.dsw
new file mode 100644
index 0000000..f988651
--- /dev/null
+++ b/bin/dnssec/win32/keygen.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "keygen"=".\keygen.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dnssec/win32/keygen.mak b/bin/dnssec/win32/keygen.mak
new file mode 100644
index 0000000..faf134a
--- /dev/null
+++ b/bin/dnssec/win32/keygen.mak
@@ -0,0 +1,324 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on keygen.dsp
+!IF "$(CFG)" == ""
+CFG=keygen - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to keygen - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "keygen - Win32 Release" && "$(CFG)" != "keygen - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "keygen.mak" CFG="keygen - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "keygen - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "keygen - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "keygen - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "keygen - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\dnssec-keygen.exe"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-keygen.obj"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\dnssec-keygen.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keygen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\keygen.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-keygen.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-keygen.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Release\dnssec-keygen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "keygen - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dnssec-keygen.exe" "$(OUTDIR)\keygen.bsc"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-keygen.obj"
+ -@erase "$(INTDIR)\dnssec-keygen.sbr"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\dnssectool.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\dnssec-keygen.pdb"
+ -@erase "$(OUTDIR)\keygen.bsc"
+ -@erase "..\..\..\Build\Debug\dnssec-keygen.exe"
+ -@erase "..\..\..\Build\Debug\dnssec-keygen.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\keygen.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dnssec-keygen.sbr" \
+ "$(INTDIR)\dnssectool.sbr"
+
+"$(OUTDIR)\keygen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-keygen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-keygen.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Debug\dnssec-keygen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("keygen.dep")
+!INCLUDE "keygen.dep"
+!ELSE
+!MESSAGE Warning: cannot find "keygen.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "keygen - Win32 Release" || "$(CFG)" == "keygen - Win32 Debug"
+SOURCE="..\dnssec-keygen.c"
+
+!IF "$(CFG)" == "keygen - Win32 Release"
+
+
+"$(INTDIR)\dnssec-keygen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "keygen - Win32 Debug"
+
+
+"$(INTDIR)\dnssec-keygen.obj" "$(INTDIR)\dnssec-keygen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\dnssectool.c
+
+!IF "$(CFG)" == "keygen - Win32 Release"
+
+
+"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "keygen - Win32 Debug"
+
+
+"$(INTDIR)\dnssectool.obj" "$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/dnssec/win32/nsupdate.dsp b/bin/dnssec/win32/nsupdate.dsp
new file mode 100644
index 0000000..a818f42
--- /dev/null
+++ b/bin/dnssec/win32/nsupdate.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="nsupdate" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=nsupdate - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "nsupdate.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nsupdate.mak" CFG="nsupdate - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nsupdate - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "nsupdate - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/lwres/win32/Release/liblwres.lib user32.lib advapi32.lib ws2_32.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nsupdate.exe"
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /u /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/lwres/win32/Debug/liblwres.lib user32.lib advapi32.lib ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nsupdate.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "nsupdate - Win32 Release"
+# Name "nsupdate - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\nsupdate.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dnssec/win32/nsupdate.dsw b/bin/dnssec/win32/nsupdate.dsw
new file mode 100644
index 0000000..5f0ac36
--- /dev/null
+++ b/bin/dnssec/win32/nsupdate.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "nsupdate"=".\nsupdate.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dnssec/win32/signzone.dsp b/bin/dnssec/win32/signzone.dsp
new file mode 100644
index 0000000..6fd45d8
--- /dev/null
+++ b/bin/dnssec/win32/signzone.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="signzone" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=signzone - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "signzone.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "signzone.mak" CFG="signzone - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "signzone - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "signzone - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "signzone - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-signzone.exe"
+
+!ELSEIF "$(CFG)" == "signzone - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signzone.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "signzone - Win32 Release"
+# Name "signzone - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\dnssec-signzone.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/dnssec/win32/signzone.dsw b/bin/dnssec/win32/signzone.dsw
new file mode 100644
index 0000000..f3314b9
--- /dev/null
+++ b/bin/dnssec/win32/signzone.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "signzone"=".\signzone.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/dnssec/win32/signzone.mak b/bin/dnssec/win32/signzone.mak
new file mode 100644
index 0000000..ff4887c
--- /dev/null
+++ b/bin/dnssec/win32/signzone.mak
@@ -0,0 +1,324 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on signzone.dsp
+!IF "$(CFG)" == ""
+CFG=signzone - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to signzone - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "signzone - Win32 Release" && "$(CFG)" != "signzone - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "signzone.mak" CFG="signzone - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "signzone - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "signzone - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+!IF "$(CFG)" == "signzone - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "signzone - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\dnssec-signzone.exe"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-signzone.obj"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\dnssec-signzone.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\signzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\signzone.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-signzone.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-signzone.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-signzone.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Release\dnssec-signzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "signzone - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dnssec-signzone.exe" "$(OUTDIR)\signzone.bsc"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\dnssec-signzone.obj"
+ -@erase "$(INTDIR)\dnssec-signzone.sbr"
+ -@erase "$(INTDIR)\dnssectool.obj"
+ -@erase "$(INTDIR)\dnssectool.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\dnssec-signzone.pdb"
+ -@erase "$(OUTDIR)\signzone.bsc"
+ -@erase "..\..\..\Build\Debug\dnssec-signzone.exe"
+ -@erase "..\..\..\Build\Debug\dnssec-signzone.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\signzone.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\dnssec-signzone.sbr" \
+ "$(INTDIR)\dnssectool.sbr"
+
+"$(OUTDIR)\signzone.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-signzone.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signzone.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\dnssec-signzone.obj" \
+ "$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Debug\dnssec-signzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("signzone.dep")
+!INCLUDE "signzone.dep"
+!ELSE
+!MESSAGE Warning: cannot find "signzone.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "signzone - Win32 Release" || "$(CFG)" == "signzone - Win32 Debug"
+SOURCE="..\dnssec-signzone.c"
+
+!IF "$(CFG)" == "signzone - Win32 Release"
+
+
+"$(INTDIR)\dnssec-signzone.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "signzone - Win32 Debug"
+
+
+"$(INTDIR)\dnssec-signzone.obj" "$(INTDIR)\dnssec-signzone.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\dnssectool.c
+
+!IF "$(CFG)" == "signzone - Win32 Release"
+
+
+"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "signzone - Win32 Debug"
+
+
+"$(INTDIR)\dnssectool.obj" "$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
new file mode 100644
index 0000000..4d800a6
--- /dev/null
+++ b/bin/named/Makefile.in
@@ -0,0 +1,154 @@
+# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.101 2008/09/23 17:25:47 jinmei Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_CONFIGARGS@
+
+@BIND9_MAKE_INCLUDES@
+
+#
+# Add database drivers here.
+#
+DBDRIVER_OBJS =
+DBDRIVER_SRCS =
+DBDRIVER_INCLUDES =
+DBDRIVER_LIBS =
+
+DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
+
+DLZDRIVER_OBJS = @DLZ_DRIVER_OBJS@
+DLZDRIVER_SRCS = @DLZ_DRIVER_SRCS@
+DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
+DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
+
+CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
+ ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
+ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES}
+
+CDEFINES = @USE_DLZ@
+
+CWARNINGS =
+
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCCCLIBS = ../../lib/isccc/libisccc.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+LWRESLIBS = ../../lib/lwres/liblwres.@A@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+
+DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
+ ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
+ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
+ ${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
+
+SUBDIRS = unix
+
+TARGETS = named@EXEEXT@ lwresd@EXEEXT@
+
+OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
+ controlconf.@O@ interfacemgr.@O@ \
+ listenlist.@O@ log.@O@ logconf.@O@ main.@O@ notify.@O@ \
+ query.@O@ server.@O@ sortlist.@O@ statschannel.@O@ \
+ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
+ zoneconf.@O@ \
+ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
+ lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
+ ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+
+UOBJS = unix/os.@O@
+
+SRCS = builtin.c client.c config.c control.c \
+ controlconf.c interfacemgr.c \
+ listenlist.c log.c logconf.c main.c notify.c \
+ query.c server.c sortlist.c statschannel.c \
+ tkeyconf.c tsigconf.c update.c xfrout.c \
+ zoneconf.c \
+ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
+ lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
+ ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+
+MANPAGES = named.8 lwresd.8 named.conf.5
+
+HTMLPAGES = named.html lwresd.html named.conf.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+main.@O@: main.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -DCONFIGARGS="\"${CONFIGARGS}\"" \
+ -DNS_LOCALSTATEDIR=\"${localstatedir}\" \
+ -DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
+
+config.@O@: config.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -DNS_LOCALSTATEDIR=\"${localstatedir}\" \
+ -c ${srcdir}/config.c
+
+named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ ${OBJS} ${UOBJS} ${LIBS}
+
+lwresd@EXEEXT@: named@EXEEXT@
+ rm -f lwresd@EXEEXT@
+ @LN@ named@EXEEXT@ lwresd@EXEEXT@
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+clean distclean maintainer-clean::
+ rm -f ${TARGETS} ${OBJS}
+
+bind9.xsl.h: bind9.xsl convertxsl.pl
+ ${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
+
+depend: bind9.xsl.h
+statschannel.@O@: bind9.xsl.h
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
+ (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
+ ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
+
+@DLZ_DRIVER_RULES@
diff --git a/bin/named/bind9.xsl b/bin/named/bind9.xsl
new file mode 100644
index 0000000..b6562b8
--- /dev/null
+++ b/bin/named/bind9.xsl
@@ -0,0 +1,481 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ - Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: bind9.xsl,v 1.19 2008/07/17 23:43:26 jinmei Exp $ -->
+
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns="http://www.w3.org/1999/xhtml">
+ <xsl:template match="isc/bind/statistics">
+ <html>
+ <head>
+ <style type="text/css">
+body {
+ font-family: sans-serif;
+ background-color: #ffffff;
+ color: #000000;
+}
+
+table {
+ border-collapse: collapse;
+}
+
+tr.rowh {
+ text-align: center;
+ border: 1px solid #000000;
+ background-color: #8080ff;
+ color: #ffffff;
+}
+
+tr.row {
+ text-align: right;
+ border: 1px solid #000000;
+ background-color: teal;
+ color: #ffffff;
+}
+
+tr.lrow {
+ text-align: left;
+ border: 1px solid #000000;
+ background-color: teal;
+ color: #ffffff;
+}
+
+td, th {
+ padding-right: 5px;
+ padding-left: 5px;
+}
+
+.header h1 {
+ background-color: teal;
+ color: #ffffff;
+ padding: 4px;
+}
+
+.content {
+ background-color: #ffffff;
+ color: #000000;
+ padding: 4px;
+}
+
+.item {
+ padding: 4px;
+ align: right;
+}
+
+.value {
+ padding: 4px;
+ font-weight: bold;
+}
+
+div.statcounter h2 {
+ text-align: center;
+ font-size: large;
+ border: 1px solid #000000;
+ background-color: #8080ff;
+ color: #ffffff;
+}
+
+div.statcounter dl {
+ float: left;
+ margin-top: 0;
+ margin-bottom: 0;
+ margin-left: 0;
+ margin-right: 0;
+}
+
+div.statcounter dt {
+ width: 200px;
+ text-align: center;
+ font-weight: bold;
+ border: 0.5px solid #000000;
+ background-color: #8080ff;
+ color: #ffffff;
+}
+
+div.statcounter dd {
+ width: 200px;
+ text-align: right;
+ border: 0.5px solid #000000;
+ background-color: teal;
+ color: #ffffff;
+ margin-left: 0;
+ margin-right: 0;
+}
+
+div.statcounter br {
+ clear: left;
+}
+ </style>
+ <title>BIND 9 Statistics</title>
+ </head>
+ <body>
+ <div class="header">
+ <h1>Bind 9 Configuration and Statistics</h1>
+ </div>
+
+ <br/>
+
+ <table>
+ <tr class="rowh"><th colspan="2">Times</th></tr>
+ <tr class="lrow">
+ <td>boot-time</td>
+ <td><xsl:value-of select="server/boot-time"/></td>
+ </tr>
+ <tr class="lrow">
+ <td>current-time</td>
+ <td><xsl:value-of select="server/current-time"/></td>
+ </tr>
+ </table>
+
+ <br/>
+
+ <table>
+ <tr class="rowh"><th colspan="2">Incoming Requests</th></tr>
+ <xsl:for-each select="server/requests/opcode">
+ <tr class="lrow">
+ <td><xsl:value-of select="name"/></td>
+ <td><xsl:value-of select="counter"/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+
+ <br/>
+
+ <table>
+ <tr class="rowh"><th colspan="2">Incoming Queries</th></tr>
+ <xsl:for-each select="server/queries-in/rdtype">
+ <tr class="lrow">
+ <td><xsl:value-of select="name"/></td>
+ <td><xsl:value-of select="counter"/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+
+ <br/>
+
+ <xsl:for-each select="views/view">
+ <table>
+ <tr class="rowh">
+ <th colspan="2">Outgoing Queries from View <xsl:value-of select="name"/></th>
+ </tr>
+ <xsl:for-each select="rdtype">
+ <tr class="lrow">
+ <td><xsl:value-of select="name"/></td>
+ <td><xsl:value-of select="counter"/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ <br/>
+ </xsl:for-each>
+
+ <br/>
+
+ <div class="statcounter">
+ <h2>Server Statistics</h2>
+ <xsl:for-each select="server/nsstat">
+ <dl>
+ <dt><xsl:value-of select="name"/></dt>
+ <dd><xsl:value-of select="counter"/></dd>
+ </dl>
+ </xsl:for-each>
+ <br/>
+ </div>
+
+ <div class="statcounter">
+ <h2>Zone Maintenance Statistics</h2>
+ <xsl:for-each select="server/zonestat">
+ <dl>
+ <dt><xsl:value-of select="name"/></dt>
+ <dd><xsl:value-of select="counter"/></dd>
+ </dl>
+ </xsl:for-each>
+ <br />
+ </div>
+
+ <div class="statcounter">
+ <h2>Resolver Statistics (Common)</h2>
+ <xsl:for-each select="server/resstat">
+ <dl>
+ <dt><xsl:value-of select="name"/></dt>
+ <dd><xsl:value-of select="counter"/></dd>
+ </dl>
+ </xsl:for-each>
+ <br />
+ </div>
+
+ <xsl:for-each select="views/view">
+ <div class="statcounter">
+ <h2>Resolver Statistics for View <xsl:value-of select="name"/></h2>
+ <xsl:for-each select="resstat">
+ <dl>
+ <dt><xsl:value-of select="name"/></dt>
+ <dd><xsl:value-of select="counter"/></dd>
+ </dl>
+ </xsl:for-each>
+ <br />
+ </div>
+ </xsl:for-each>
+
+ <br />
+
+ <xsl:for-each select="views/view">
+ <table>
+ <tr class="rowh">
+ <th colspan="2">Cache DB RRsets for View <xsl:value-of select="name"/></th>
+ </tr>
+ <xsl:for-each select="cache/rrset">
+ <tr class="lrow">
+ <td><xsl:value-of select="name"/></td>
+ <td><xsl:value-of select="counter"/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ <br/>
+ </xsl:for-each>
+
+ <br/>
+
+ <xsl:for-each select="views/view">
+ <table>
+ <tr class="rowh">
+ <th colspan="10">Zones for View <xsl:value-of select="name"/></th>
+ </tr>
+ <tr class="rowh">
+ <th>Name</th>
+ <th>Class</th>
+ <th>Serial</th>
+ <th>Success</th>
+ <th>Referral</th>
+ <th>NXRRSET</th>
+ <th>NXDOMAIN</th>
+ <th>Failure</th>
+ <th>XfrReqDone</th>
+ <th>XfrRej</th>
+ </tr>
+ <xsl:for-each select="zones/zone">
+ <tr class="lrow">
+ <td>
+ <xsl:value-of select="name"/>
+ </td>
+ <td>
+ <xsl:value-of select="rdataclass"/>
+ </td>
+ <td>
+ <xsl:value-of select="serial"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/QrySuccess"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/QryReferral"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/QryNxrrset"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/QryNXDOMAIN"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/QryFailure"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/XfrReqDone"/>
+ </td>
+ <td>
+ <xsl:value-of select="counters/XfrRej"/>
+ </td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ <br/>
+ </xsl:for-each>
+
+ <br/>
+
+ <table>
+ <tr class="rowh">
+ <th colspan="7">Network Status</th>
+ </tr>
+ <tr class="rowh">
+ <th>ID</th>
+ <th>Name</th>
+ <th>Type</th>
+ <th>References</th>
+ <th>LocalAddress</th>
+ <th>PeerAddress</th>
+ <th>State</th>
+ </tr>
+ <xsl:for-each select="socketmgr/sockets/socket">
+ <tr class="lrow">
+ <td>
+ <xsl:value-of select="id"/>
+ </td>
+ <td>
+ <xsl:value-of select="name"/>
+ </td>
+ <td>
+ <xsl:value-of select="type"/>
+ </td>
+ <td>
+ <xsl:value-of select="references"/>
+ </td>
+ <td>
+ <xsl:value-of select="local-address"/>
+ </td>
+ <td>
+ <xsl:value-of select="peer-address"/>
+ </td>
+ <td>
+ <xsl:for-each select="states">
+ <xsl:value-of select="."/>
+ </xsl:for-each>
+ </td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ <br/>
+ <table>
+ <tr class="rowh">
+ <th colspan="2">Task Manager Configuration</th>
+ </tr>
+ <tr class="lrow">
+ <td>Thread-Model</td>
+ <td>
+ <xsl:value-of select="taskmgr/thread-model/type"/>
+ </td>
+ </tr>
+ <tr class="lrow">
+ <td>Worker Threads</td>
+ <td>
+ <xsl:value-of select="taskmgr/thread-model/worker-threads"/>
+ </td>
+ </tr>
+ <tr class="lrow">
+ <td>Default Quantum</td>
+ <td>
+ <xsl:value-of select="taskmgr/thread-model/default-quantum"/>
+ </td>
+ </tr>
+ <tr class="lrow">
+ <td>Tasks Running</td>
+ <td>
+ <xsl:value-of select="taskmgr/thread-model/tasks-running"/>
+ </td>
+ </tr>
+ </table>
+ <br/>
+ <table>
+ <tr class="rowh">
+ <th colspan="5">Tasks</th>
+ </tr>
+ <tr class="rowh">
+ <th>ID</th>
+ <th>Name</th>
+ <th>References</th>
+ <th>State</th>
+ <th>Quantum</th>
+ </tr>
+ <xsl:for-each select="taskmgr/tasks/task">
+ <tr class="lrow">
+ <td>
+ <xsl:value-of select="id"/>
+ </td>
+ <td>
+ <xsl:value-of select="name"/>
+ </td>
+ <td>
+ <xsl:value-of select="references"/>
+ </td>
+ <td>
+ <xsl:value-of select="state"/>
+ </td>
+ <td>
+ <xsl:value-of select="quantum"/>
+ </td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ <br />
+ <table>
+ <tr class="rowh">
+ <th colspan="4">Memory Usage Summary</th>
+ </tr>
+ <xsl:for-each select="memory/summary/*">
+ <tr class="lrow">
+ <td><xsl:value-of select="name()"/></td>
+ <td><xsl:value-of select="."/></td>
+ </tr>
+ </xsl:for-each>
+ </table>
+ <br />
+ <table>
+ <tr class="rowh">
+ <th colspan="10">Memory Contexts</th>
+ </tr>
+ <tr class="rowh">
+ <th>ID</th>
+ <th>Name</th>
+ <th>References</th>
+ <th>TotalUse</th>
+ <th>InUse</th>
+ <th>MaxUse</th>
+ <th>BlockSize</th>
+ <th>Pools</th>
+ <th>HiWater</th>
+ <th>LoWater</th>
+ </tr>
+ <xsl:for-each select="memory/contexts/context">
+ <tr class="lrow">
+ <td>
+ <xsl:value-of select="id"/>
+ </td>
+ <td>
+ <xsl:value-of select="name"/>
+ </td>
+ <td>
+ <xsl:value-of select="references"/>
+ </td>
+ <td>
+ <xsl:value-of select="total"/>
+ </td>
+ <td>
+ <xsl:value-of select="inuse"/>
+ </td>
+ <td>
+ <xsl:value-of select="maxinuse"/>
+ </td>
+ <td>
+ <xsl:value-of select="blocksize"/>
+ </td>
+ <td>
+ <xsl:value-of select="pools"/>
+ </td>
+ <td>
+ <xsl:value-of select="hiwater"/>
+ </td>
+ <td>
+ <xsl:value-of select="lowater"/>
+ </td>
+ </tr>
+ </xsl:for-each>
+ </table>
+
+ </body>
+ </html>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/bin/named/bind9.xsl.h b/bin/named/bind9.xsl.h
new file mode 100644
index 0000000..d9dc624
--- /dev/null
+++ b/bin/named/bind9.xsl.h
@@ -0,0 +1,486 @@
+/*
+ * Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp
+ * From bind9.xsl 1.19 2008/07/17 23:43:26 jinmei Exp
+ */
+static char xslmsg[] =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<!--\n"
+ " - Copyright (C) 2006-2008 Internet Systems Consortium, Inc. (\"ISC\")\n"
+ " -\n"
+ " - Permission to use, copy, modify, and/or distribute this software for any\n"
+ " - purpose with or without fee is hereby granted, provided that the above\n"
+ " - copyright notice and this permission notice appear in all copies.\n"
+ " -\n"
+ " - THE SOFTWARE IS PROVIDED \"AS IS\" AND ISC DISCLAIMS ALL WARRANTIES WITH\n"
+ " - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\n"
+ " - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,\n"
+ " - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\n"
+ " - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE\n"
+ " - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\n"
+ " - PERFORMANCE OF THIS SOFTWARE.\n"
+ "-->\n"
+ "\n"
+ "<!-- \045Id: bind9.xsl,v 1.19 2008/07/17 23:43:26 jinmei Exp \045 -->\n"
+ "\n"
+ "<xsl:stylesheet version=\"1.0\"\n"
+ " xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n"
+ " xmlns=\"http://www.w3.org/1999/xhtml\">\n"
+ " <xsl:template match=\"isc/bind/statistics\">\n"
+ " <html>\n"
+ " <head>\n"
+ " <style type=\"text/css\">\n"
+ "body {\n"
+ " font-family: sans-serif;\n"
+ " background-color: #ffffff;\n"
+ " color: #000000;\n"
+ "}\n"
+ "\n"
+ "table {\n"
+ " border-collapse: collapse;\n"
+ "}\n"
+ "\n"
+ "tr.rowh {\n"
+ " text-align: center;\n"
+ " border: 1px solid #000000;\n"
+ " background-color: #8080ff;\n"
+ " color: #ffffff;\n"
+ "}\n"
+ "\n"
+ "tr.row {\n"
+ " text-align: right;\n"
+ " border: 1px solid #000000;\n"
+ " background-color: teal;\n"
+ " color: #ffffff;\n"
+ "}\n"
+ "\n"
+ "tr.lrow {\n"
+ " text-align: left;\n"
+ " border: 1px solid #000000;\n"
+ " background-color: teal;\n"
+ " color: #ffffff;\n"
+ "}\n"
+ "\n"
+ "td, th {\n"
+ " padding-right: 5px;\n"
+ " padding-left: 5px;\n"
+ "}\n"
+ "\n"
+ ".header h1 {\n"
+ " background-color: teal;\n"
+ " color: #ffffff;\n"
+ " padding: 4px;\n"
+ "}\n"
+ "\n"
+ ".content {\n"
+ " background-color: #ffffff;\n"
+ " color: #000000;\n"
+ " padding: 4px;\n"
+ "}\n"
+ "\n"
+ ".item {\n"
+ " padding: 4px;\n"
+ " align: right;\n"
+ "}\n"
+ "\n"
+ ".value {\n"
+ " padding: 4px;\n"
+ " font-weight: bold;\n"
+ "}\n"
+ "\n"
+ "div.statcounter h2 {\n"
+ " text-align: center;\n"
+ " font-size: large;\n"
+ " border: 1px solid #000000;\n"
+ " background-color: #8080ff;\n"
+ " color: #ffffff;\n"
+ "}\n"
+ "\n"
+ "div.statcounter dl {\n"
+ " float: left;\n"
+ " margin-top: 0;\n"
+ " margin-bottom: 0;\n"
+ " margin-left: 0;\n"
+ " margin-right: 0;\n"
+ "}\n"
+ "\n"
+ "div.statcounter dt {\n"
+ " width: 200px;\n"
+ " text-align: center;\n"
+ " font-weight: bold;\n"
+ " border: 0.5px solid #000000;\n"
+ " background-color: #8080ff;\n"
+ " color: #ffffff;\n"
+ "}\n"
+ "\n"
+ "div.statcounter dd {\n"
+ " width: 200px;\n"
+ " text-align: right;\n"
+ " border: 0.5px solid #000000;\n"
+ " background-color: teal;\n"
+ " color: #ffffff;\n"
+ " margin-left: 0;\n"
+ " margin-right: 0;\n"
+ "}\n"
+ "\n"
+ "div.statcounter br {\n"
+ " clear: left;\n"
+ "}\n"
+ " </style>\n"
+ " <title>BIND 9 Statistics</title>\n"
+ " </head>\n"
+ " <body>\n"
+ " <div class=\"header\">\n"
+ " <h1>Bind 9 Configuration and Statistics</h1>\n"
+ " </div>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <table>\n"
+ " <tr class=\"rowh\"><th colspan=\"2\">Times</th></tr>\n"
+ " <tr class=\"lrow\">\n"
+ " <td>boot-time</td>\n"
+ " <td><xsl:value-of select=\"server/boot-time\"/></td>\n"
+ " </tr>\n"
+ " <tr class=\"lrow\">\n"
+ " <td>current-time</td>\n"
+ " <td><xsl:value-of select=\"server/current-time\"/></td>\n"
+ " </tr>\n"
+ " </table>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <table>\n"
+ " <tr class=\"rowh\"><th colspan=\"2\">Incoming Requests</th></tr>\n"
+ " <xsl:for-each select=\"server/requests/opcode\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td><xsl:value-of select=\"name\"/></td>\n"
+ " <td><xsl:value-of select=\"counter\"/></td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <table>\n"
+ " <tr class=\"rowh\"><th colspan=\"2\">Incoming Queries</th></tr>\n"
+ " <xsl:for-each select=\"server/queries-in/rdtype\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td><xsl:value-of select=\"name\"/></td>\n"
+ " <td><xsl:value-of select=\"counter\"/></td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <xsl:for-each select=\"views/view\">\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"2\">Outgoing Queries from View <xsl:value-of select=\"name\"/></th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"rdtype\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td><xsl:value-of select=\"name\"/></td>\n"
+ " <td><xsl:value-of select=\"counter\"/></td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ " <br/>\n"
+ " </xsl:for-each>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <div class=\"statcounter\">\n"
+ " <h2>Server Statistics</h2>\n"
+ " <xsl:for-each select=\"server/nsstat\">\n"
+ " <dl>\n"
+ " <dt><xsl:value-of select=\"name\"/></dt>\n"
+ " <dd><xsl:value-of select=\"counter\"/></dd>\n"
+ " </dl>\n"
+ " </xsl:for-each>\n"
+ " <br/>\n"
+ " </div>\n"
+ "\n"
+ " <div class=\"statcounter\">\n"
+ " <h2>Zone Maintenance Statistics</h2>\n"
+ " <xsl:for-each select=\"server/zonestat\">\n"
+ " <dl>\n"
+ " <dt><xsl:value-of select=\"name\"/></dt>\n"
+ " <dd><xsl:value-of select=\"counter\"/></dd>\n"
+ " </dl>\n"
+ " </xsl:for-each>\n"
+ " <br />\n"
+ " </div>\n"
+ "\n"
+ " <div class=\"statcounter\">\n"
+ " <h2>Resolver Statistics (Common)</h2>\n"
+ " <xsl:for-each select=\"server/resstat\">\n"
+ " <dl>\n"
+ " <dt><xsl:value-of select=\"name\"/></dt>\n"
+ " <dd><xsl:value-of select=\"counter\"/></dd>\n"
+ " </dl>\n"
+ " </xsl:for-each>\n"
+ " <br />\n"
+ " </div>\n"
+ "\n"
+ " <xsl:for-each select=\"views/view\">\n"
+ " <div class=\"statcounter\">\n"
+ " <h2>Resolver Statistics for View <xsl:value-of select=\"name\"/></h2>\n"
+ " <xsl:for-each select=\"resstat\">\n"
+ " <dl>\n"
+ " <dt><xsl:value-of select=\"name\"/></dt>\n"
+ " <dd><xsl:value-of select=\"counter\"/></dd>\n"
+ " </dl>\n"
+ " </xsl:for-each>\n"
+ " <br />\n"
+ " </div>\n"
+ " </xsl:for-each>\n"
+ "\n"
+ " <br />\n"
+ "\n"
+ " <xsl:for-each select=\"views/view\">\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"2\">Cache DB RRsets for View <xsl:value-of select=\"name\"/></th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"cache/rrset\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td><xsl:value-of select=\"name\"/></td>\n"
+ " <td><xsl:value-of select=\"counter\"/></td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ " <br/>\n"
+ " </xsl:for-each>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <xsl:for-each select=\"views/view\">\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"10\">Zones for View <xsl:value-of select=\"name\"/></th>\n"
+ " </tr>\n"
+ " <tr class=\"rowh\">\n"
+ " <th>Name</th>\n"
+ " <th>Class</th>\n"
+ " <th>Serial</th>\n"
+ " <th>Success</th>\n"
+ " <th>Referral</th>\n"
+ " <th>NXRRSET</th>\n"
+ " <th>NXDOMAIN</th>\n"
+ " <th>Failure</th>\n"
+ " <th>XfrReqDone</th>\n"
+ " <th>XfrRej</th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"zones/zone\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td>\n"
+ " <xsl:value-of select=\"name\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"rdataclass\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"serial\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/QrySuccess\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/QryReferral\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/QryNxrrset\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/QryNXDOMAIN\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/QryFailure\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/XfrReqDone\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"counters/XfrRej\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ " <br/>\n"
+ " </xsl:for-each>\n"
+ "\n"
+ " <br/>\n"
+ "\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"7\">Network Status</th>\n"
+ " </tr>\n"
+ " <tr class=\"rowh\">\n"
+ " <th>ID</th>\n"
+ " <th>Name</th>\n"
+ " <th>Type</th>\n"
+ " <th>References</th>\n"
+ " <th>LocalAddress</th>\n"
+ " <th>PeerAddress</th>\n"
+ " <th>State</th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"socketmgr/sockets/socket\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td>\n"
+ " <xsl:value-of select=\"id\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"name\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"type\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"references\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"local-address\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"peer-address\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:for-each select=\"states\">\n"
+ " <xsl:value-of select=\".\"/>\n"
+ " </xsl:for-each>\n"
+ " </td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ " <br/>\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"2\">Task Manager Configuration</th>\n"
+ " </tr>\n"
+ " <tr class=\"lrow\">\n"
+ " <td>Thread-Model</td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"taskmgr/thread-model/type\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " <tr class=\"lrow\">\n"
+ " <td>Worker Threads</td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"taskmgr/thread-model/worker-threads\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " <tr class=\"lrow\">\n"
+ " <td>Default Quantum</td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"taskmgr/thread-model/default-quantum\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " <tr class=\"lrow\">\n"
+ " <td>Tasks Running</td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"taskmgr/thread-model/tasks-running\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " </table>\n"
+ " <br/>\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"5\">Tasks</th>\n"
+ " </tr>\n"
+ " <tr class=\"rowh\">\n"
+ " <th>ID</th>\n"
+ " <th>Name</th>\n"
+ " <th>References</th>\n"
+ " <th>State</th>\n"
+ " <th>Quantum</th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"taskmgr/tasks/task\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td>\n"
+ " <xsl:value-of select=\"id\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"name\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"references\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"state\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"quantum\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ " <br />\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"4\">Memory Usage Summary</th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"memory/summary/*\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td><xsl:value-of select=\"name()\"/></td>\n"
+ " <td><xsl:value-of select=\".\"/></td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ " <br />\n"
+ " <table>\n"
+ " <tr class=\"rowh\">\n"
+ " <th colspan=\"10\">Memory Contexts</th>\n"
+ " </tr>\n"
+ " <tr class=\"rowh\">\n"
+ " <th>ID</th>\n"
+ " <th>Name</th>\n"
+ " <th>References</th>\n"
+ " <th>TotalUse</th>\n"
+ " <th>InUse</th>\n"
+ " <th>MaxUse</th>\n"
+ " <th>BlockSize</th>\n"
+ " <th>Pools</th>\n"
+ " <th>HiWater</th>\n"
+ " <th>LoWater</th>\n"
+ " </tr>\n"
+ " <xsl:for-each select=\"memory/contexts/context\">\n"
+ " <tr class=\"lrow\">\n"
+ " <td>\n"
+ " <xsl:value-of select=\"id\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"name\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"references\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"total\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"inuse\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"maxinuse\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"blocksize\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"pools\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"hiwater\"/>\n"
+ " </td>\n"
+ " <td>\n"
+ " <xsl:value-of select=\"lowater\"/>\n"
+ " </td>\n"
+ " </tr>\n"
+ " </xsl:for-each>\n"
+ " </table>\n"
+ "\n"
+ " </body>\n"
+ " </html>\n"
+ " </xsl:template>\n"
+ "</xsl:stylesheet>\n";
diff --git a/bin/named/builtin.c b/bin/named/builtin.c
new file mode 100644
index 0000000..7927737
--- /dev/null
+++ b/bin/named/builtin.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: builtin.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file
+ * \brief
+ * The built-in "version", "hostname", "id", "authors" and "empty" databases.
+ */
+
+#include <config.h>
+
+#include <string.h>
+#include <stdio.h>
+
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/util.h>
+
+#include <dns/result.h>
+#include <dns/sdb.h>
+
+#include <named/builtin.h>
+#include <named/globals.h>
+#include <named/server.h>
+#include <named/os.h>
+
+typedef struct builtin builtin_t;
+
+static isc_result_t do_version_lookup(dns_sdblookup_t *lookup);
+static isc_result_t do_hostname_lookup(dns_sdblookup_t *lookup);
+static isc_result_t do_authors_lookup(dns_sdblookup_t *lookup);
+static isc_result_t do_id_lookup(dns_sdblookup_t *lookup);
+static isc_result_t do_empty_lookup(dns_sdblookup_t *lookup);
+
+/*
+ * We can't use function pointers as the db_data directly
+ * because ANSI C does not guarantee that function pointers
+ * can safely be cast to void pointers and back.
+ */
+
+struct builtin {
+ isc_result_t (*do_lookup)(dns_sdblookup_t *lookup);
+ char *server;
+ char *contact;
+};
+
+static builtin_t version_builtin = { do_version_lookup, NULL, NULL };
+static builtin_t hostname_builtin = { do_hostname_lookup, NULL, NULL };
+static builtin_t authors_builtin = { do_authors_lookup, NULL, NULL };
+static builtin_t id_builtin = { do_id_lookup, NULL, NULL };
+static builtin_t empty_builtin = { do_empty_lookup, NULL, NULL };
+
+static dns_sdbimplementation_t *builtin_impl;
+
+static isc_result_t
+builtin_lookup(const char *zone, const char *name, void *dbdata,
+ dns_sdblookup_t *lookup)
+{
+ builtin_t *b = (builtin_t *) dbdata;
+
+ UNUSED(zone);
+
+ if (strcmp(name, "@") == 0)
+ return (b->do_lookup(lookup));
+ else
+ return (ISC_R_NOTFOUND);
+}
+
+static isc_result_t
+put_txt(dns_sdblookup_t *lookup, const char *text) {
+ unsigned char buf[256];
+ unsigned int len = strlen(text);
+ if (len > 255)
+ len = 255; /* Silently truncate */
+ buf[0] = len;
+ memcpy(&buf[1], text, len);
+ return (dns_sdb_putrdata(lookup, dns_rdatatype_txt, 0, buf, len + 1));
+}
+
+static isc_result_t
+do_version_lookup(dns_sdblookup_t *lookup) {
+ if (ns_g_server->version_set) {
+ if (ns_g_server->version == NULL)
+ return (ISC_R_SUCCESS);
+ else
+ return (put_txt(lookup, ns_g_server->version));
+ } else {
+ return (put_txt(lookup, ns_g_version));
+ }
+}
+
+static isc_result_t
+do_hostname_lookup(dns_sdblookup_t *lookup) {
+ if (ns_g_server->hostname_set) {
+ if (ns_g_server->hostname == NULL)
+ return (ISC_R_SUCCESS);
+ else
+ return (put_txt(lookup, ns_g_server->hostname));
+ } else {
+ char buf[256];
+ isc_result_t result = ns_os_gethostname(buf, sizeof(buf));
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ return (put_txt(lookup, buf));
+ }
+}
+
+static isc_result_t
+do_authors_lookup(dns_sdblookup_t *lookup) {
+ isc_result_t result;
+ const char **p;
+ static const char *authors[] = {
+ "Mark Andrews",
+ "James Brister",
+ "Ben Cottrell",
+ "Michael Graff",
+ "Andreas Gustafsson",
+ "Bob Halley",
+ "David Lawrence",
+ "Danny Mayer",
+ "Damien Neil",
+ "Matt Nelson",
+ "Michael Sawyer",
+ "Brian Wellington",
+ NULL
+ };
+
+ /*
+ * If a version string is specified, disable the authors.bind zone.
+ */
+ if (ns_g_server->version_set)
+ return (ISC_R_SUCCESS);
+
+ for (p = authors; *p != NULL; p++) {
+ result = put_txt(lookup, *p);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+do_id_lookup(dns_sdblookup_t *lookup) {
+
+ if (ns_g_server->server_usehostname) {
+ char buf[256];
+ isc_result_t result = ns_os_gethostname(buf, sizeof(buf));
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ return (put_txt(lookup, buf));
+ }
+
+ if (ns_g_server->server_id == NULL)
+ return (ISC_R_SUCCESS);
+ else
+ return (put_txt(lookup, ns_g_server->server_id));
+}
+
+static isc_result_t
+do_empty_lookup(dns_sdblookup_t *lookup) {
+
+ UNUSED(lookup);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+builtin_authority(const char *zone, void *dbdata, dns_sdblookup_t *lookup) {
+ isc_result_t result;
+ const char *contact = "hostmaster";
+ const char *server = "@";
+ builtin_t *b = (builtin_t *) dbdata;
+
+ UNUSED(zone);
+ UNUSED(dbdata);
+
+ if (b == &empty_builtin) {
+ server = ".";
+ contact = ".";
+ } else {
+ if (b->server != NULL)
+ server = b->server;
+ if (b->contact != NULL)
+ contact = b->contact;
+ }
+
+ result = dns_sdb_putsoa(lookup, server, contact, 0);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_R_FAILURE);
+
+ result = dns_sdb_putrr(lookup, "ns", 0, server);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_R_FAILURE);
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+builtin_create(const char *zone, int argc, char **argv,
+ void *driverdata, void **dbdata)
+{
+ REQUIRE(argc >= 1);
+
+ UNUSED(zone);
+ UNUSED(driverdata);
+
+ if (strcmp(argv[0], "empty") == 0) {
+ if (argc != 3)
+ return (DNS_R_SYNTAX);
+ } else if (argc != 1)
+ return (DNS_R_SYNTAX);
+
+ if (strcmp(argv[0], "version") == 0)
+ *dbdata = &version_builtin;
+ else if (strcmp(argv[0], "hostname") == 0)
+ *dbdata = &hostname_builtin;
+ else if (strcmp(argv[0], "authors") == 0)
+ *dbdata = &authors_builtin;
+ else if (strcmp(argv[0], "id") == 0)
+ *dbdata = &id_builtin;
+ else if (strcmp(argv[0], "empty") == 0) {
+ builtin_t *empty;
+ char *server;
+ char *contact;
+ /*
+ * We don't want built-in zones to fail. Fallback to
+ * the static configuration if memory allocation fails.
+ */
+ empty = isc_mem_get(ns_g_mctx, sizeof(*empty));
+ server = isc_mem_strdup(ns_g_mctx, argv[1]);
+ contact = isc_mem_strdup(ns_g_mctx, argv[2]);
+ if (empty == NULL || server == NULL || contact == NULL) {
+ *dbdata = &empty_builtin;
+ if (server != NULL)
+ isc_mem_free(ns_g_mctx, server);
+ if (contact != NULL)
+ isc_mem_free(ns_g_mctx, contact);
+ if (empty != NULL)
+ isc_mem_put(ns_g_mctx, empty, sizeof (*empty));
+ } else {
+ memcpy(empty, &empty_builtin, sizeof (empty_builtin));
+ empty->server = server;
+ empty->contact = contact;
+ *dbdata = empty;
+ }
+ } else
+ return (ISC_R_NOTIMPLEMENTED);
+ return (ISC_R_SUCCESS);
+}
+
+static void
+builtin_destroy(const char *zone, void *driverdata, void **dbdata) {
+ builtin_t *b = (builtin_t *) *dbdata;
+
+ UNUSED(zone);
+ UNUSED(driverdata);
+
+ /*
+ * Don't free the static versions.
+ */
+ if (*dbdata == &version_builtin || *dbdata == &hostname_builtin ||
+ *dbdata == &authors_builtin || *dbdata == &id_builtin ||
+ *dbdata == &empty_builtin)
+ return;
+
+ isc_mem_free(ns_g_mctx, b->server);
+ isc_mem_free(ns_g_mctx, b->contact);
+ isc_mem_put(ns_g_mctx, b, sizeof (*b));
+}
+
+static dns_sdbmethods_t builtin_methods = {
+ builtin_lookup,
+ builtin_authority,
+ NULL, /* allnodes */
+ builtin_create,
+ builtin_destroy
+};
+
+isc_result_t
+ns_builtin_init(void) {
+ RUNTIME_CHECK(dns_sdb_register("_builtin", &builtin_methods, NULL,
+ DNS_SDBFLAG_RELATIVEOWNER |
+ DNS_SDBFLAG_RELATIVERDATA,
+ ns_g_mctx, &builtin_impl)
+ == ISC_R_SUCCESS);
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_builtin_deinit(void) {
+ dns_sdb_unregister(&builtin_impl);
+}
diff --git a/bin/named/client.c b/bin/named/client.c
new file mode 100644
index 0000000..164af7c
--- /dev/null
+++ b/bin/named/client.c
@@ -0,0 +1,2798 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: client.c,v 1.259 2008/11/16 20:57:54 marka Exp $ */
+
+#include <config.h>
+
+#include <isc/formatcheck.h>
+#include <isc/mutex.h>
+#include <isc/once.h>
+#include <isc/platform.h>
+#include <isc/print.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dispatch.h>
+#include <dns/events.h>
+#include <dns/message.h>
+#include <dns/peer.h>
+#include <dns/rcode.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/resolver.h>
+#include <dns/stats.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+
+#include <named/interfacemgr.h>
+#include <named/log.h>
+#include <named/notify.h>
+#include <named/os.h>
+#include <named/server.h>
+#include <named/update.h>
+
+/***
+ *** Client
+ ***/
+
+/*! \file
+ * Client Routines
+ *
+ * Important note!
+ *
+ * All client state changes, other than that from idle to listening, occur
+ * as a result of events. This guarantees serialization and avoids the
+ * need for locking.
+ *
+ * If a routine is ever created that allows someone other than the client's
+ * task to change the client, then the client will have to be locked.
+ */
+
+#define NS_CLIENT_TRACE
+#ifdef NS_CLIENT_TRACE
+#define CTRACE(m) ns_client_log(client, \
+ NS_LOGCATEGORY_CLIENT, \
+ NS_LOGMODULE_CLIENT, \
+ ISC_LOG_DEBUG(3), \
+ "%s", (m))
+#define MTRACE(m) isc_log_write(ns_g_lctx, \
+ NS_LOGCATEGORY_GENERAL, \
+ NS_LOGMODULE_CLIENT, \
+ ISC_LOG_DEBUG(3), \
+ "clientmgr @%p: %s", manager, (m))
+#else
+#define CTRACE(m) ((void)(m))
+#define MTRACE(m) ((void)(m))
+#endif
+
+#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
+
+#define TCP_BUFFER_SIZE (65535 + 2)
+#define SEND_BUFFER_SIZE 4096
+#define RECV_BUFFER_SIZE 4096
+
+#ifdef ISC_PLATFORM_USETHREADS
+#define NMCTXS 100
+/*%<
+ * Number of 'mctx pools' for clients. (Should this be configurable?)
+ * When enabling threads, we use a pool of memory contexts shared by
+ * client objects, since concurrent access to a shared context would cause
+ * heavy contentions. The above constant is expected to be enough for
+ * completely avoiding contentions among threads for an authoritative-only
+ * server.
+ */
+#else
+#define NMCTXS 0
+/*%<
+ * If named with built without thread, simply share manager's context. Using
+ * a separate context in this case would simply waste memory.
+ */
+#endif
+
+/*% nameserver client manager structure */
+struct ns_clientmgr {
+ /* Unlocked. */
+ unsigned int magic;
+ isc_mem_t * mctx;
+ isc_taskmgr_t * taskmgr;
+ isc_timermgr_t * timermgr;
+ isc_mutex_t lock;
+ /* Locked by lock. */
+ isc_boolean_t exiting;
+ client_list_t active; /*%< Active clients */
+ client_list_t recursing; /*%< Recursing clients */
+ client_list_t inactive; /*%< To be recycled */
+#if NMCTXS > 0
+ /*%< mctx pool for clients. */
+ unsigned int nextmctx;
+ isc_mem_t * mctxpool[NMCTXS];
+#endif
+};
+
+#define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm')
+#define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
+
+/*!
+ * Client object states. Ordering is significant: higher-numbered
+ * states are generally "more active", meaning that the client can
+ * have more dynamically allocated data, outstanding events, etc.
+ * In the list below, any such properties listed for state N
+ * also apply to any state > N.
+ *
+ * To force the client into a less active state, set client->newstate
+ * to that state and call exit_check(). This will cause any
+ * activities defined for higher-numbered states to be aborted.
+ */
+
+#define NS_CLIENTSTATE_FREED 0
+/*%<
+ * The client object no longer exists.
+ */
+
+#define NS_CLIENTSTATE_INACTIVE 1
+/*%<
+ * The client object exists and has a task and timer.
+ * Its "query" struct and sendbuf are initialized.
+ * It is on the client manager's list of inactive clients.
+ * It has a message and OPT, both in the reset state.
+ */
+
+#define NS_CLIENTSTATE_READY 2
+/*%<
+ * The client object is either a TCP or a UDP one, and
+ * it is associated with a network interface. It is on the
+ * client manager's list of active clients.
+ *
+ * If it is a TCP client object, it has a TCP listener socket
+ * and an outstanding TCP listen request.
+ *
+ * If it is a UDP client object, it has a UDP listener socket
+ * and an outstanding UDP receive request.
+ */
+
+#define NS_CLIENTSTATE_READING 3
+/*%<
+ * The client object is a TCP client object that has received
+ * a connection. It has a tcpsocket, tcpmsg, TCP quota, and an
+ * outstanding TCP read request. This state is not used for
+ * UDP client objects.
+ */
+
+#define NS_CLIENTSTATE_WORKING 4
+/*%<
+ * The client object has received a request and is working
+ * on it. It has a view, and it may have any of a non-reset OPT,
+ * recursion quota, and an outstanding write request.
+ */
+
+#define NS_CLIENTSTATE_MAX 9
+/*%<
+ * Sentinel value used to indicate "no state". When client->newstate
+ * has this value, we are not attempting to exit the current state.
+ * Must be greater than any valid state.
+ */
+
+/*
+ * Enable ns_client_dropport() by default.
+ */
+#ifndef NS_CLIENT_DROPPORT
+#define NS_CLIENT_DROPPORT 1
+#endif
+
+unsigned int ns_client_requests;
+
+static void client_read(ns_client_t *client);
+static void client_accept(ns_client_t *client);
+static void client_udprecv(ns_client_t *client);
+static void clientmgr_destroy(ns_clientmgr_t *manager);
+static isc_boolean_t exit_check(ns_client_t *client);
+static void ns_client_endrequest(ns_client_t *client);
+static void ns_client_checkactive(ns_client_t *client);
+static void client_start(isc_task_t *task, isc_event_t *event);
+static void client_request(isc_task_t *task, isc_event_t *event);
+static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+
+void
+ns_client_recursing(ns_client_t *client) {
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ LOCK(&client->manager->lock);
+ ISC_LIST_UNLINK(*client->list, client, link);
+ ISC_LIST_APPEND(client->manager->recursing, client, link);
+ client->list = &client->manager->recursing;
+ UNLOCK(&client->manager->lock);
+}
+
+void
+ns_client_killoldestquery(ns_client_t *client) {
+ ns_client_t *oldest;
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ LOCK(&client->manager->lock);
+ oldest = ISC_LIST_HEAD(client->manager->recursing);
+ if (oldest != NULL) {
+ ns_query_cancel(oldest);
+ ISC_LIST_UNLINK(*oldest->list, oldest, link);
+ ISC_LIST_APPEND(client->manager->active, oldest, link);
+ oldest->list = &client->manager->active;
+ }
+ UNLOCK(&client->manager->lock);
+}
+
+void
+ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+ isc_result_t result;
+ isc_interval_t interval;
+
+ isc_interval_set(&interval, seconds, 0);
+ result = isc_timer_reset(client->timer, isc_timertype_once, NULL,
+ &interval, ISC_FALSE);
+ client->timerset = ISC_TRUE;
+ if (result != ISC_R_SUCCESS) {
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
+ "setting timeout: %s",
+ isc_result_totext(result));
+ /* Continue anyway. */
+ }
+}
+
+/*%
+ * Check for a deactivation or shutdown request and take appropriate
+ * action. Returns ISC_TRUE if either is in progress; in this case
+ * the caller must no longer use the client object as it may have been
+ * freed.
+ */
+static isc_boolean_t
+exit_check(ns_client_t *client) {
+ ns_clientmgr_t *locked_manager = NULL;
+ ns_clientmgr_t *destroy_manager = NULL;
+
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ if (client->state <= client->newstate)
+ return (ISC_FALSE); /* Business as usual. */
+
+ INSIST(client->newstate < NS_CLIENTSTATE_WORKING);
+
+ /*
+ * We need to detach from the view early when shutting down
+ * the server to break the following vicious circle:
+ *
+ * - The resolver will not shut down until the view refcount is zero
+ * - The view refcount does not go to zero until all clients detach
+ * - The client does not detach from the view until references is zero
+ * - references does not go to zero until the resolver has shut down
+ *
+ * Keep the view attached until any outstanding updates complete.
+ */
+ if (client->nupdates == 0 &&
+ client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
+ dns_view_detach(&client->view);
+
+ if (client->state == NS_CLIENTSTATE_WORKING) {
+ INSIST(client->newstate <= NS_CLIENTSTATE_READING);
+ /*
+ * Let the update processing complete.
+ */
+ if (client->nupdates > 0)
+ return (ISC_TRUE);
+ /*
+ * We are trying to abort request processing.
+ */
+ if (client->nsends > 0) {
+ isc_socket_t *socket;
+ if (TCP_CLIENT(client))
+ socket = client->tcpsocket;
+ else
+ socket = client->udpsocket;
+ isc_socket_cancel(socket, client->task,
+ ISC_SOCKCANCEL_SEND);
+ }
+
+ if (! (client->nsends == 0 && client->nrecvs == 0 &&
+ client->references == 0))
+ {
+ /*
+ * Still waiting for I/O cancel completion.
+ * or lingering references.
+ */
+ return (ISC_TRUE);
+ }
+ /*
+ * I/O cancel is complete. Burn down all state
+ * related to the current request. Ensure that
+ * the client is on the active list and not the
+ * recursing list.
+ */
+ LOCK(&client->manager->lock);
+ if (client->list == &client->manager->recursing) {
+ ISC_LIST_UNLINK(*client->list, client, link);
+ ISC_LIST_APPEND(client->manager->active, client, link);
+ client->list = &client->manager->active;
+ }
+ UNLOCK(&client->manager->lock);
+ ns_client_endrequest(client);
+
+ client->state = NS_CLIENTSTATE_READING;
+ INSIST(client->recursionquota == NULL);
+ if (NS_CLIENTSTATE_READING == client->newstate) {
+ client_read(client);
+ client->newstate = NS_CLIENTSTATE_MAX;
+ return (ISC_TRUE); /* We're done. */
+ }
+ }
+
+ if (client->state == NS_CLIENTSTATE_READING) {
+ /*
+ * We are trying to abort the current TCP connection,
+ * if any.
+ */
+ INSIST(client->recursionquota == NULL);
+ INSIST(client->newstate <= NS_CLIENTSTATE_READY);
+ if (client->nreads > 0)
+ dns_tcpmsg_cancelread(&client->tcpmsg);
+ if (! client->nreads == 0) {
+ /* Still waiting for read cancel completion. */
+ return (ISC_TRUE);
+ }
+
+ if (client->tcpmsg_valid) {
+ dns_tcpmsg_invalidate(&client->tcpmsg);
+ client->tcpmsg_valid = ISC_FALSE;
+ }
+ if (client->tcpsocket != NULL) {
+ CTRACE("closetcp");
+ isc_socket_detach(&client->tcpsocket);
+ }
+
+ if (client->tcpquota != NULL)
+ isc_quota_detach(&client->tcpquota);
+
+ if (client->timerset) {
+ (void)isc_timer_reset(client->timer,
+ isc_timertype_inactive,
+ NULL, NULL, ISC_TRUE);
+ client->timerset = ISC_FALSE;
+ }
+
+ client->peeraddr_valid = ISC_FALSE;
+
+ client->state = NS_CLIENTSTATE_READY;
+ INSIST(client->recursionquota == NULL);
+
+ /*
+ * Now the client is ready to accept a new TCP connection
+ * or UDP request, but we may have enough clients doing
+ * that already. Check whether this client needs to remain
+ * active and force it to go inactive if not.
+ */
+ ns_client_checkactive(client);
+
+ if (NS_CLIENTSTATE_READY == client->newstate) {
+ if (TCP_CLIENT(client)) {
+ client_accept(client);
+ } else
+ client_udprecv(client);
+ client->newstate = NS_CLIENTSTATE_MAX;
+ return (ISC_TRUE);
+ }
+ }
+
+ if (client->state == NS_CLIENTSTATE_READY) {
+ INSIST(client->newstate <= NS_CLIENTSTATE_INACTIVE);
+ /*
+ * We are trying to enter the inactive state.
+ */
+ if (client->naccepts > 0)
+ isc_socket_cancel(client->tcplistener, client->task,
+ ISC_SOCKCANCEL_ACCEPT);
+
+ if (! (client->naccepts == 0)) {
+ /* Still waiting for accept cancel completion. */
+ return (ISC_TRUE);
+ }
+ /* Accept cancel is complete. */
+
+ if (client->nrecvs > 0)
+ isc_socket_cancel(client->udpsocket, client->task,
+ ISC_SOCKCANCEL_RECV);
+ if (! (client->nrecvs == 0)) {
+ /* Still waiting for recv cancel completion. */
+ return (ISC_TRUE);
+ }
+ /* Recv cancel is complete. */
+
+ if (client->nctls > 0) {
+ /* Still waiting for control event to be delivered */
+ return (ISC_TRUE);
+ }
+
+ /* Deactivate the client. */
+ if (client->interface)
+ ns_interface_detach(&client->interface);
+
+ INSIST(client->naccepts == 0);
+ INSIST(client->recursionquota == NULL);
+ if (client->tcplistener != NULL)
+ isc_socket_detach(&client->tcplistener);
+
+ if (client->udpsocket != NULL)
+ isc_socket_detach(&client->udpsocket);
+
+ if (client->dispatch != NULL)
+ dns_dispatch_detach(&client->dispatch);
+
+ client->attributes = 0;
+ client->mortal = ISC_FALSE;
+
+ LOCK(&client->manager->lock);
+ /*
+ * Put the client on the inactive list. If we are aiming for
+ * the "freed" state, it will be removed from the inactive
+ * list shortly, and we need to keep the manager locked until
+ * that has been done, lest the manager decide to reactivate
+ * the dying client inbetween.
+ */
+ locked_manager = client->manager;
+ ISC_LIST_UNLINK(*client->list, client, link);
+ ISC_LIST_APPEND(client->manager->inactive, client, link);
+ client->list = &client->manager->inactive;
+ client->state = NS_CLIENTSTATE_INACTIVE;
+ INSIST(client->recursionquota == NULL);
+
+ if (client->state == client->newstate) {
+ client->newstate = NS_CLIENTSTATE_MAX;
+ if (client->needshutdown)
+ isc_task_shutdown(client->task);
+ goto unlock;
+ }
+ }
+
+ if (client->state == NS_CLIENTSTATE_INACTIVE) {
+ INSIST(client->newstate == NS_CLIENTSTATE_FREED);
+ /*
+ * We are trying to free the client.
+ *
+ * When "shuttingdown" is true, either the task has received
+ * its shutdown event or no shutdown event has ever been
+ * set up. Thus, we have no outstanding shutdown
+ * event at this point.
+ */
+ REQUIRE(client->state == NS_CLIENTSTATE_INACTIVE);
+
+ INSIST(client->recursionquota == NULL);
+
+ ns_query_free(client);
+ isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
+ isc_event_free((isc_event_t **)&client->sendevent);
+ isc_event_free((isc_event_t **)&client->recvevent);
+ isc_timer_detach(&client->timer);
+
+ if (client->tcpbuf != NULL)
+ isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
+ if (client->opt != NULL) {
+ INSIST(dns_rdataset_isassociated(client->opt));
+ dns_rdataset_disassociate(client->opt);
+ dns_message_puttemprdataset(client->message, &client->opt);
+ }
+ dns_message_destroy(&client->message);
+ if (client->manager != NULL) {
+ ns_clientmgr_t *manager = client->manager;
+ if (locked_manager == NULL) {
+ LOCK(&manager->lock);
+ locked_manager = manager;
+ }
+ ISC_LIST_UNLINK(*client->list, client, link);
+ client->list = NULL;
+ if (manager->exiting &&
+ ISC_LIST_EMPTY(manager->active) &&
+ ISC_LIST_EMPTY(manager->inactive) &&
+ ISC_LIST_EMPTY(manager->recursing))
+ destroy_manager = manager;
+ }
+ /*
+ * Detaching the task must be done after unlinking from
+ * the manager's lists because the manager accesses
+ * client->task.
+ */
+ if (client->task != NULL)
+ isc_task_detach(&client->task);
+
+ CTRACE("free");
+ client->magic = 0;
+ /*
+ * Check that there are no other external references to
+ * the memory context.
+ */
+ if (ns_g_clienttest && isc_mem_references(client->mctx) != 1) {
+ isc_mem_stats(client->mctx, stderr);
+ INSIST(0);
+ }
+ isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
+
+ goto unlock;
+ }
+
+ unlock:
+ if (locked_manager != NULL) {
+ UNLOCK(&locked_manager->lock);
+ locked_manager = NULL;
+ }
+
+ /*
+ * Only now is it safe to destroy the client manager (if needed),
+ * because we have accessed its lock for the last time.
+ */
+ if (destroy_manager != NULL)
+ clientmgr_destroy(destroy_manager);
+
+ return (ISC_TRUE);
+}
+
+/*%
+ * The client's task has received the client's control event
+ * as part of the startup process.
+ */
+static void
+client_start(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client = (ns_client_t *) event->ev_arg;
+
+ INSIST(task == client->task);
+
+ UNUSED(task);
+
+ INSIST(client->nctls == 1);
+ client->nctls--;
+
+ if (exit_check(client))
+ return;
+
+ if (TCP_CLIENT(client)) {
+ client_accept(client);
+ } else {
+ client_udprecv(client);
+ }
+}
+
+
+/*%
+ * The client's task has received a shutdown event.
+ */
+static void
+client_shutdown(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client;
+
+ REQUIRE(event != NULL);
+ REQUIRE(event->ev_type == ISC_TASKEVENT_SHUTDOWN);
+ client = event->ev_arg;
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(task == client->task);
+
+ UNUSED(task);
+
+ CTRACE("shutdown");
+
+ isc_event_free(&event);
+
+ if (client->shutdown != NULL) {
+ (client->shutdown)(client->shutdown_arg, ISC_R_SHUTTINGDOWN);
+ client->shutdown = NULL;
+ client->shutdown_arg = NULL;
+ }
+
+ client->newstate = NS_CLIENTSTATE_FREED;
+ client->needshutdown = ISC_FALSE;
+ (void)exit_check(client);
+}
+
+static void
+ns_client_endrequest(ns_client_t *client) {
+ INSIST(client->naccepts == 0);
+ INSIST(client->nreads == 0);
+ INSIST(client->nsends == 0);
+ INSIST(client->nrecvs == 0);
+ INSIST(client->nupdates == 0);
+ INSIST(client->state == NS_CLIENTSTATE_WORKING);
+
+ CTRACE("endrequest");
+
+ if (client->next != NULL) {
+ (client->next)(client);
+ client->next = NULL;
+ }
+
+ if (client->view != NULL)
+ dns_view_detach(&client->view);
+ if (client->opt != NULL) {
+ INSIST(dns_rdataset_isassociated(client->opt));
+ dns_rdataset_disassociate(client->opt);
+ dns_message_puttemprdataset(client->message, &client->opt);
+ }
+
+ client->udpsize = 512;
+ client->extflags = 0;
+ client->ednsversion = -1;
+ dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
+
+ if (client->recursionquota != NULL)
+ isc_quota_detach(&client->recursionquota);
+
+ /*
+ * Clear all client attributes that are specific to
+ * the request; that's all except the TCP flag.
+ */
+ client->attributes &= NS_CLIENTATTR_TCP;
+}
+
+static void
+ns_client_checkactive(ns_client_t *client) {
+ if (client->mortal) {
+ /*
+ * This client object should normally go inactive
+ * at this point, but if we have fewer active client
+ * objects than desired due to earlier quota exhaustion,
+ * keep it active to make up for the shortage.
+ */
+ isc_boolean_t need_another_client = ISC_FALSE;
+ if (TCP_CLIENT(client) && !ns_g_clienttest) {
+ LOCK(&client->interface->lock);
+ if (client->interface->ntcpcurrent <
+ client->interface->ntcptarget)
+ need_another_client = ISC_TRUE;
+ UNLOCK(&client->interface->lock);
+ } else {
+ /*
+ * The UDP client quota is enforced by making
+ * requests fail rather than by not listening
+ * for new ones. Therefore, there is always a
+ * full set of UDP clients listening.
+ */
+ }
+ if (! need_another_client) {
+ /*
+ * We don't need this client object. Recycle it.
+ */
+ if (client->newstate >= NS_CLIENTSTATE_INACTIVE)
+ client->newstate = NS_CLIENTSTATE_INACTIVE;
+ }
+ }
+}
+
+void
+ns_client_next(ns_client_t *client, isc_result_t result) {
+ int newstate;
+
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
+ client->state == NS_CLIENTSTATE_READING);
+
+ CTRACE("next");
+
+ if (result != ISC_R_SUCCESS)
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "request failed: %s", isc_result_totext(result));
+
+ /*
+ * An error processing a TCP request may have left
+ * the connection out of sync. To be safe, we always
+ * sever the connection when result != ISC_R_SUCCESS.
+ */
+ if (result == ISC_R_SUCCESS && TCP_CLIENT(client))
+ newstate = NS_CLIENTSTATE_READING;
+ else
+ newstate = NS_CLIENTSTATE_READY;
+
+ if (client->newstate > newstate)
+ client->newstate = newstate;
+ (void)exit_check(client);
+}
+
+
+static void
+client_senddone(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client;
+ isc_socketevent_t *sevent = (isc_socketevent_t *) event;
+
+ REQUIRE(sevent != NULL);
+ REQUIRE(sevent->ev_type == ISC_SOCKEVENT_SENDDONE);
+ client = sevent->ev_arg;
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(task == client->task);
+ REQUIRE(sevent == client->sendevent);
+
+ UNUSED(task);
+
+ CTRACE("senddone");
+
+ if (sevent->result != ISC_R_SUCCESS)
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+ "error sending response: %s",
+ isc_result_totext(sevent->result));
+
+ INSIST(client->nsends > 0);
+ client->nsends--;
+
+ if (client->tcpbuf != NULL) {
+ INSIST(TCP_CLIENT(client));
+ isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
+ client->tcpbuf = NULL;
+ }
+
+ if (exit_check(client))
+ return;
+
+ ns_client_next(client, ISC_R_SUCCESS);
+}
+
+/*%
+ * We only want to fail with ISC_R_NOSPACE when called from
+ * ns_client_sendraw() and not when called from ns_client_send(),
+ * tcpbuffer is NULL when called from ns_client_sendraw() and
+ * length != 0. tcpbuffer != NULL when called from ns_client_send()
+ * and length == 0.
+ */
+
+static isc_result_t
+client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
+ isc_buffer_t *tcpbuffer, isc_uint32_t length,
+ unsigned char *sendbuf, unsigned char **datap)
+{
+ unsigned char *data;
+ isc_uint32_t bufsize;
+ isc_result_t result;
+
+ INSIST(datap != NULL);
+ INSIST((tcpbuffer == NULL && length != 0) ||
+ (tcpbuffer != NULL && length == 0));
+
+ if (TCP_CLIENT(client)) {
+ INSIST(client->tcpbuf == NULL);
+ if (length + 2 > TCP_BUFFER_SIZE) {
+ result = ISC_R_NOSPACE;
+ goto done;
+ }
+ client->tcpbuf = isc_mem_get(client->mctx, TCP_BUFFER_SIZE);
+ if (client->tcpbuf == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto done;
+ }
+ data = client->tcpbuf;
+ if (tcpbuffer != NULL) {
+ isc_buffer_init(tcpbuffer, data, TCP_BUFFER_SIZE);
+ isc_buffer_init(buffer, data + 2, TCP_BUFFER_SIZE - 2);
+ } else {
+ isc_buffer_init(buffer, data, TCP_BUFFER_SIZE);
+ INSIST(length <= 0xffff);
+ isc_buffer_putuint16(buffer, (isc_uint16_t)length);
+ }
+ } else {
+ data = sendbuf;
+ if (client->udpsize < SEND_BUFFER_SIZE)
+ bufsize = client->udpsize;
+ else
+ bufsize = SEND_BUFFER_SIZE;
+ if (length > bufsize) {
+ result = ISC_R_NOSPACE;
+ goto done;
+ }
+ isc_buffer_init(buffer, data, bufsize);
+ }
+ *datap = data;
+ result = ISC_R_SUCCESS;
+
+ done:
+ return (result);
+}
+
+static isc_result_t
+client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
+ struct in6_pktinfo *pktinfo;
+ isc_result_t result;
+ isc_region_t r;
+ isc_sockaddr_t *address;
+ isc_socket_t *socket;
+ isc_netaddr_t netaddr;
+ int match;
+ unsigned int sockflags = ISC_SOCKFLAG_IMMEDIATE;
+
+ if (TCP_CLIENT(client)) {
+ socket = client->tcpsocket;
+ address = NULL;
+ } else {
+ socket = client->udpsocket;
+ address = &client->peeraddr;
+
+ isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+ if (ns_g_server->blackholeacl != NULL &&
+ dns_acl_match(&netaddr, NULL,
+ ns_g_server->blackholeacl,
+ &ns_g_server->aclenv,
+ &match, NULL) == ISC_R_SUCCESS &&
+ match > 0)
+ return (DNS_R_BLACKHOLED);
+ sockflags |= ISC_SOCKFLAG_NORETRY;
+ }
+
+ if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0 &&
+ (client->attributes & NS_CLIENTATTR_MULTICAST) == 0)
+ pktinfo = &client->pktinfo;
+ else
+ pktinfo = NULL;
+
+ isc_buffer_usedregion(buffer, &r);
+
+ CTRACE("sendto");
+
+ result = isc_socket_sendto2(socket, &r, client->task,
+ address, pktinfo,
+ client->sendevent, sockflags);
+ if (result == ISC_R_SUCCESS || result == ISC_R_INPROGRESS) {
+ client->nsends++;
+ if (result == ISC_R_SUCCESS)
+ client_senddone(client->task,
+ (isc_event_t *)client->sendevent);
+ result = ISC_R_SUCCESS;
+ }
+ return (result);
+}
+
+void
+ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
+ isc_result_t result;
+ unsigned char *data;
+ isc_buffer_t buffer;
+ isc_region_t r;
+ isc_region_t *mr;
+ unsigned char sendbuf[SEND_BUFFER_SIZE];
+
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ CTRACE("sendraw");
+
+ mr = dns_message_getrawmessage(message);
+ if (mr == NULL) {
+ result = ISC_R_UNEXPECTEDEND;
+ goto done;
+ }
+
+ result = client_allocsendbuf(client, &buffer, NULL, mr->length,
+ sendbuf, &data);
+ if (result != ISC_R_SUCCESS)
+ goto done;
+
+ /*
+ * Copy message to buffer and fixup id.
+ */
+ isc_buffer_availableregion(&buffer, &r);
+ result = isc_buffer_copyregion(&buffer, mr);
+ if (result != ISC_R_SUCCESS)
+ goto done;
+ r.base[0] = (client->message->id >> 8) & 0xff;
+ r.base[1] = client->message->id & 0xff;
+
+ result = client_sendpkg(client, &buffer);
+ if (result == ISC_R_SUCCESS)
+ return;
+
+ done:
+ if (client->tcpbuf != NULL) {
+ isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
+ client->tcpbuf = NULL;
+ }
+ ns_client_next(client, result);
+}
+
+void
+ns_client_send(ns_client_t *client) {
+ isc_result_t result;
+ unsigned char *data;
+ isc_buffer_t buffer;
+ isc_buffer_t tcpbuffer;
+ isc_region_t r;
+ dns_compress_t cctx;
+ isc_boolean_t cleanup_cctx = ISC_FALSE;
+ unsigned char sendbuf[SEND_BUFFER_SIZE];
+ unsigned int dnssec_opts;
+ unsigned int preferred_glue;
+ isc_boolean_t opt_included = ISC_FALSE;
+
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ CTRACE("send");
+
+ if ((client->attributes & NS_CLIENTATTR_RA) != 0)
+ client->message->flags |= DNS_MESSAGEFLAG_RA;
+
+ if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
+ dnssec_opts = 0;
+ else
+ dnssec_opts = DNS_MESSAGERENDER_OMITDNSSEC;
+
+ preferred_glue = 0;
+ if (client->view != NULL) {
+ if (client->view->preferred_glue == dns_rdatatype_a)
+ preferred_glue = DNS_MESSAGERENDER_PREFER_A;
+ else if (client->view->preferred_glue == dns_rdatatype_aaaa)
+ preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
+ }
+
+ /*
+ * XXXRTH The following doesn't deal with TCP buffer resizing.
+ */
+ result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0,
+ sendbuf, &data);
+ if (result != ISC_R_SUCCESS)
+ goto done;
+
+ result = dns_compress_init(&cctx, -1, client->mctx);
+ if (result != ISC_R_SUCCESS)
+ goto done;
+ cleanup_cctx = ISC_TRUE;
+
+ result = dns_message_renderbegin(client->message, &cctx, &buffer);
+ if (result != ISC_R_SUCCESS)
+ goto done;
+
+ if (client->opt != NULL) {
+ result = dns_message_setopt(client->message, client->opt);
+ opt_included = ISC_TRUE;
+ client->opt = NULL;
+ if (result != ISC_R_SUCCESS)
+ goto done;
+ }
+ result = dns_message_rendersection(client->message,
+ DNS_SECTION_QUESTION, 0);
+ if (result == ISC_R_NOSPACE) {
+ client->message->flags |= DNS_MESSAGEFLAG_TC;
+ goto renderend;
+ }
+ if (result != ISC_R_SUCCESS)
+ goto done;
+ result = dns_message_rendersection(client->message,
+ DNS_SECTION_ANSWER,
+ DNS_MESSAGERENDER_PARTIAL |
+ dnssec_opts);
+ if (result == ISC_R_NOSPACE) {
+ client->message->flags |= DNS_MESSAGEFLAG_TC;
+ goto renderend;
+ }
+ if (result != ISC_R_SUCCESS)
+ goto done;
+ result = dns_message_rendersection(client->message,
+ DNS_SECTION_AUTHORITY,
+ DNS_MESSAGERENDER_PARTIAL |
+ dnssec_opts);
+ if (result == ISC_R_NOSPACE) {
+ client->message->flags |= DNS_MESSAGEFLAG_TC;
+ goto renderend;
+ }
+ if (result != ISC_R_SUCCESS)
+ goto done;
+ result = dns_message_rendersection(client->message,
+ DNS_SECTION_ADDITIONAL,
+ preferred_glue | dnssec_opts);
+ if (result != ISC_R_SUCCESS && result != ISC_R_NOSPACE)
+ goto done;
+ renderend:
+ result = dns_message_renderend(client->message);
+
+ if (result != ISC_R_SUCCESS)
+ goto done;
+
+ if (cleanup_cctx) {
+ dns_compress_invalidate(&cctx);
+ cleanup_cctx = ISC_FALSE;
+ }
+
+ if (TCP_CLIENT(client)) {
+ isc_buffer_usedregion(&buffer, &r);
+ isc_buffer_putuint16(&tcpbuffer, (isc_uint16_t) r.length);
+ isc_buffer_add(&tcpbuffer, r.length);
+ result = client_sendpkg(client, &tcpbuffer);
+ } else
+ result = client_sendpkg(client, &buffer);
+
+ /* update statistics (XXXJT: is it okay to access message->xxxkey?) */
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_response);
+ if (opt_included) {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_edns0out);
+ }
+ if (client->message->tsigkey != NULL) {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_tsigout);
+ }
+ if (client->message->sig0key != NULL) {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_sig0out);
+ }
+ if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_truncatedresp);
+
+ if (result == ISC_R_SUCCESS)
+ return;
+
+ done:
+ if (client->tcpbuf != NULL) {
+ isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
+ client->tcpbuf = NULL;
+ }
+
+ if (cleanup_cctx)
+ dns_compress_invalidate(&cctx);
+
+ ns_client_next(client, result);
+}
+
+#if NS_CLIENT_DROPPORT
+#define DROPPORT_NO 0
+#define DROPPORT_REQUEST 1
+#define DROPPORT_RESPONSE 2
+/*%
+ * ns_client_dropport determines if certain requests / responses
+ * should be dropped based on the port number.
+ *
+ * Returns:
+ * \li 0: Don't drop.
+ * \li 1: Drop request.
+ * \li 2: Drop (error) response.
+ */
+static int
+ns_client_dropport(in_port_t port) {
+ switch (port) {
+ case 7: /* echo */
+ case 13: /* daytime */
+ case 19: /* chargen */
+ case 37: /* time */
+ return (DROPPORT_REQUEST);
+ case 464: /* kpasswd */
+ return (DROPPORT_RESPONSE);
+ }
+ return (DROPPORT_NO);
+}
+#endif
+
+void
+ns_client_error(ns_client_t *client, isc_result_t result) {
+ dns_rcode_t rcode;
+ dns_message_t *message;
+
+ REQUIRE(NS_CLIENT_VALID(client));
+
+ CTRACE("error");
+
+ message = client->message;
+ rcode = dns_result_torcode(result);
+
+#if NS_CLIENT_DROPPORT
+ /*
+ * Don't send FORMERR to ports on the drop port list.
+ */
+ if (rcode == dns_rcode_formerr &&
+ ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
+ DROPPORT_NO) {
+ char buf[64];
+ isc_buffer_t b;
+
+ isc_buffer_init(&b, buf, sizeof(buf) - 1);
+ if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS)
+ isc_buffer_putstr(&b, "UNKNOWN RCODE");
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "dropped error (%.*s) response: suspicious port",
+ (int)isc_buffer_usedlength(&b), buf);
+ ns_client_next(client, ISC_R_SUCCESS);
+ return;
+ }
+#endif
+
+ /*
+ * Message may be an in-progress reply that we had trouble
+ * with, in which case QR will be set. We need to clear QR before
+ * calling dns_message_reply() to avoid triggering an assertion.
+ */
+ message->flags &= ~DNS_MESSAGEFLAG_QR;
+ /*
+ * AA and AD shouldn't be set.
+ */
+ message->flags &= ~(DNS_MESSAGEFLAG_AA | DNS_MESSAGEFLAG_AD);
+ result = dns_message_reply(message, ISC_TRUE);
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * It could be that we've got a query with a good header,
+ * but a bad question section, so we try again with
+ * want_question_section set to ISC_FALSE.
+ */
+ result = dns_message_reply(message, ISC_FALSE);
+ if (result != ISC_R_SUCCESS) {
+ ns_client_next(client, result);
+ return;
+ }
+ }
+ message->rcode = rcode;
+
+ /*
+ * FORMERR loop avoidance: If we sent a FORMERR message
+ * with the same ID to the same client less than two
+ * seconds ago, assume that we are in an infinite error
+ * packet dialog with a server for some protocol whose
+ * error responses look enough like DNS queries to
+ * elicit a FORMERR response. Drop a packet to break
+ * the loop.
+ */
+ if (rcode == dns_rcode_formerr) {
+ if (isc_sockaddr_equal(&client->peeraddr,
+ &client->formerrcache.addr) &&
+ message->id == client->formerrcache.id &&
+ client->requesttime - client->formerrcache.time < 2) {
+ /* Drop packet. */
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
+ "possible error packet loop, "
+ "FORMERR dropped");
+ ns_client_next(client, result);
+ return;
+ }
+ client->formerrcache.addr = client->peeraddr;
+ client->formerrcache.time = client->requesttime;
+ client->formerrcache.id = message->id;
+ }
+ ns_client_send(client);
+}
+
+static inline isc_result_t
+client_addopt(ns_client_t *client) {
+ dns_rdataset_t *rdataset;
+ dns_rdatalist_t *rdatalist;
+ dns_rdata_t *rdata;
+ isc_result_t result;
+ dns_view_t *view;
+ dns_resolver_t *resolver;
+ isc_uint16_t udpsize;
+
+ REQUIRE(client->opt == NULL); /* XXXRTH free old. */
+
+ rdatalist = NULL;
+ result = dns_message_gettemprdatalist(client->message, &rdatalist);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ rdata = NULL;
+ result = dns_message_gettemprdata(client->message, &rdata);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ rdataset = NULL;
+ result = dns_message_gettemprdataset(client->message, &rdataset);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ dns_rdataset_init(rdataset);
+
+ rdatalist->type = dns_rdatatype_opt;
+ rdatalist->covers = 0;
+
+ /*
+ * Set the maximum UDP buffer size.
+ */
+ view = client->view;
+ resolver = (view != NULL) ? view->resolver : NULL;
+ if (resolver != NULL)
+ udpsize = dns_resolver_getudpsize(resolver);
+ else
+ udpsize = ns_g_udpsize;
+ rdatalist->rdclass = udpsize;
+
+ /*
+ * Set EXTENDED-RCODE, VERSION and Z to 0.
+ */
+ rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
+
+ /* Set EDNS options if applicable */
+ if (client->attributes & NS_CLIENTATTR_WANTNSID &&
+ (ns_g_server->server_id != NULL ||
+ ns_g_server->server_usehostname)) {
+ /*
+ * Space required for NSID data:
+ * 2 bytes for opt code
+ * + 2 bytes for NSID length
+ * + NSID itself
+ */
+ char nsid[BUFSIZ], *nsidp;
+ isc_buffer_t *buffer = NULL;
+
+ if (ns_g_server->server_usehostname) {
+ isc_result_t result;
+ result = ns_os_gethostname(nsid, sizeof(nsid));
+ if (result != ISC_R_SUCCESS) {
+ goto no_nsid;
+ }
+ nsidp = nsid;
+ } else
+ nsidp = ns_g_server->server_id;
+
+ rdata->length = strlen(nsidp) + 4;
+ result = isc_buffer_allocate(client->mctx, &buffer,
+ rdata->length);
+ if (result != ISC_R_SUCCESS)
+ goto no_nsid;
+
+ isc_buffer_putuint16(buffer, DNS_OPT_NSID);
+ isc_buffer_putuint16(buffer, strlen(nsidp));
+ isc_buffer_putstr(buffer, nsidp);
+ rdata->data = buffer->base;
+ dns_message_takebuffer(client->message, &buffer);
+ } else {
+no_nsid:
+ rdata->data = NULL;
+ rdata->length = 0;
+ }
+
+ rdata->rdclass = rdatalist->rdclass;
+ rdata->type = rdatalist->type;
+ rdata->flags = 0;
+
+ ISC_LIST_INIT(rdatalist->rdata);
+ ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
+ RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
+ == ISC_R_SUCCESS);
+
+ client->opt = rdataset;
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_boolean_t
+allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl) {
+ int match;
+ isc_result_t result;
+
+ if (acl == NULL)
+ return (ISC_TRUE);
+ result = dns_acl_match(addr, signer, acl, &ns_g_server->aclenv,
+ &match, NULL);
+ if (result == ISC_R_SUCCESS && match > 0)
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
+
+/*
+ * Callback to see if a non-recursive query coming from 'srcaddr' to
+ * 'destaddr', with optional key 'mykey' for class 'rdclass' would be
+ * delivered to 'myview'.
+ *
+ * We run this unlocked as both the view list and the interface list
+ * are updated when the approprite task has exclusivity.
+ */
+isc_boolean_t
+ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
+ isc_sockaddr_t *srcaddr, isc_sockaddr_t *dstaddr,
+ dns_rdataclass_t rdclass, void *arg)
+{
+ dns_view_t *view;
+ dns_tsigkey_t *key = NULL;
+ dns_name_t *tsig = NULL;
+ isc_netaddr_t netsrc;
+ isc_netaddr_t netdst;
+
+ UNUSED(arg);
+
+ if (!ns_interfacemgr_listeningon(ns_g_server->interfacemgr, dstaddr))
+ return (ISC_FALSE);
+
+ isc_netaddr_fromsockaddr(&netsrc, srcaddr);
+ isc_netaddr_fromsockaddr(&netdst, dstaddr);
+
+ for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+
+ if (view->matchrecursiveonly)
+ continue;
+
+ if (rdclass != view->rdclass)
+ continue;
+
+ if (mykey != NULL) {
+ isc_boolean_t match;
+ isc_result_t result;
+
+ result = dns_view_gettsig(view, &mykey->name, &key);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ match = dst_key_compare(mykey->key, key->key);
+ dns_tsigkey_detach(&key);
+ if (!match)
+ continue;
+ tsig = dns_tsigkey_identity(mykey);
+ }
+
+ if (allowed(&netsrc, tsig, view->matchclients) &&
+ allowed(&netdst, tsig, view->matchdestinations))
+ break;
+ }
+ return (ISC_TF(view == myview));
+}
+
+/*
+ * Handle an incoming request event from the socket (UDP case)
+ * or tcpmsg (TCP case).
+ */
+static void
+client_request(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client;
+ isc_socketevent_t *sevent;
+ isc_result_t result;
+ isc_result_t sigresult = ISC_R_SUCCESS;
+ isc_buffer_t *buffer;
+ isc_buffer_t tbuffer;
+ dns_view_t *view;
+ dns_rdataset_t *opt;
+ dns_name_t *signame;
+ isc_boolean_t ra; /* Recursion available. */
+ isc_netaddr_t netaddr;
+ isc_netaddr_t destaddr;
+ int match;
+ dns_messageid_t id;
+ unsigned int flags;
+ isc_boolean_t notimp;
+ dns_rdata_t rdata;
+ isc_uint16_t optcode;
+
+ REQUIRE(event != NULL);
+ client = event->ev_arg;
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(task == client->task);
+
+ INSIST(client->recursionquota == NULL);
+
+ INSIST(client->state ==
+ TCP_CLIENT(client) ?
+ NS_CLIENTSTATE_READING :
+ NS_CLIENTSTATE_READY);
+
+ ns_client_requests++;
+
+ if (event->ev_type == ISC_SOCKEVENT_RECVDONE) {
+ INSIST(!TCP_CLIENT(client));
+ sevent = (isc_socketevent_t *)event;
+ REQUIRE(sevent == client->recvevent);
+ isc_buffer_init(&tbuffer, sevent->region.base, sevent->n);
+ isc_buffer_add(&tbuffer, sevent->n);
+ buffer = &tbuffer;
+ result = sevent->result;
+ if (result == ISC_R_SUCCESS) {
+ client->peeraddr = sevent->address;
+ client->peeraddr_valid = ISC_TRUE;
+ }
+ if ((sevent->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
+ client->attributes |= NS_CLIENTATTR_PKTINFO;
+ client->pktinfo = sevent->pktinfo;
+ }
+ if ((sevent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
+ client->attributes |= NS_CLIENTATTR_MULTICAST;
+ client->nrecvs--;
+ } else {
+ INSIST(TCP_CLIENT(client));
+ REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
+ REQUIRE(event->ev_sender == &client->tcpmsg);
+ buffer = &client->tcpmsg.buffer;
+ result = client->tcpmsg.result;
+ INSIST(client->nreads == 1);
+ /*
+ * client->peeraddr was set when the connection was accepted.
+ */
+ client->nreads--;
+ }
+
+ if (exit_check(client))
+ goto cleanup;
+ client->state = client->newstate = NS_CLIENTSTATE_WORKING;
+
+ isc_task_getcurrenttime(task, &client->requesttime);
+ client->now = client->requesttime;
+
+ if (result != ISC_R_SUCCESS) {
+ if (TCP_CLIENT(client)) {
+ ns_client_next(client, result);
+ } else {
+ if (result != ISC_R_CANCELED)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT,
+ ISC_LOG_ERROR,
+ "UDP client handler shutting "
+ "down due to fatal receive "
+ "error: %s",
+ isc_result_totext(result));
+ isc_task_shutdown(client->task);
+ }
+ goto cleanup;
+ }
+
+ isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+
+#if NS_CLIENT_DROPPORT
+ if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
+ DROPPORT_REQUEST) {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "dropped request: suspicious port");
+ ns_client_next(client, ISC_R_SUCCESS);
+ goto cleanup;
+ }
+#endif
+
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "%s request",
+ TCP_CLIENT(client) ? "TCP" : "UDP");
+
+ /*
+ * Check the blackhole ACL for UDP only, since TCP is done in
+ * client_newconn.
+ */
+ if (!TCP_CLIENT(client)) {
+
+ if (ns_g_server->blackholeacl != NULL &&
+ dns_acl_match(&netaddr, NULL, ns_g_server->blackholeacl,
+ &ns_g_server->aclenv,
+ &match, NULL) == ISC_R_SUCCESS &&
+ match > 0)
+ {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "blackholed UDP datagram");
+ ns_client_next(client, ISC_R_SUCCESS);
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Silently drop multicast requests for the present.
+ * XXXMPA look at when/if mDNS spec stabilizes.
+ */
+ if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
+ "dropping multicast request");
+ ns_client_next(client, DNS_R_REFUSED);
+ goto cleanup;
+ }
+
+ result = dns_message_peekheader(buffer, &id, &flags);
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * There isn't enough header to determine whether
+ * this was a request or a response. Drop it.
+ */
+ ns_client_next(client, result);
+ goto cleanup;
+ }
+
+ /*
+ * The client object handles requests, not responses.
+ * If this is a UDP response, forward it to the dispatcher.
+ * If it's a TCP response, discard it here.
+ */
+ if ((flags & DNS_MESSAGEFLAG_QR) != 0) {
+ if (TCP_CLIENT(client)) {
+ CTRACE("unexpected response");
+ ns_client_next(client, DNS_R_FORMERR);
+ goto cleanup;
+ } else {
+ dns_dispatch_importrecv(client->dispatch, event);
+ ns_client_next(client, ISC_R_SUCCESS);
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Update some statistics counters. Don't count responses.
+ */
+ if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_requestv4);
+ } else {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_requestv6);
+ }
+ if (TCP_CLIENT(client))
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_tcp);
+
+ /*
+ * It's a request. Parse it.
+ */
+ result = dns_message_parse(client->message, buffer, 0);
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * Parsing the request failed. Send a response
+ * (typically FORMERR or SERVFAIL).
+ */
+ ns_client_error(client, result);
+ goto cleanup;
+ }
+
+ dns_opcodestats_increment(ns_g_server->opcodestats,
+ client->message->opcode);
+ switch (client->message->opcode) {
+ case dns_opcode_query:
+ case dns_opcode_update:
+ case dns_opcode_notify:
+ notimp = ISC_FALSE;
+ break;
+ case dns_opcode_iquery:
+ default:
+ notimp = ISC_TRUE;
+ break;
+ }
+
+ client->message->rcode = dns_rcode_noerror;
+
+ /* RFC1123 section 6.1.3.2 */
+ if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0)
+ client->message->flags &= ~DNS_MESSAGEFLAG_RD;
+
+ /*
+ * Deal with EDNS.
+ */
+ opt = dns_message_getopt(client->message);
+ if (opt != NULL) {
+ /*
+ * Set the client's UDP buffer size.
+ */
+ client->udpsize = opt->rdclass;
+
+ /*
+ * If the requested UDP buffer size is less than 512,
+ * ignore it and use 512.
+ */
+ if (client->udpsize < 512)
+ client->udpsize = 512;
+
+ /*
+ * Get the flags out of the OPT record.
+ */
+ client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
+
+ /*
+ * Do we understand this version of EDNS?
+ *
+ * XXXRTH need library support for this!
+ */
+ client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
+ if (client->ednsversion > 0) {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_badednsver);
+ result = client_addopt(client);
+ if (result == ISC_R_SUCCESS)
+ result = DNS_R_BADVERS;
+ ns_client_error(client, result);
+ goto cleanup;
+ }
+
+ /* Check for NSID request */
+ result = dns_rdataset_first(opt);
+ if (result == ISC_R_SUCCESS) {
+ dns_rdata_init(&rdata);
+ dns_rdataset_current(opt, &rdata);
+ if (rdata.length >= 2) {
+ isc_buffer_t nsidbuf;
+ isc_buffer_init(&nsidbuf,
+ rdata.data, rdata.length);
+ isc_buffer_add(&nsidbuf, rdata.length);
+ optcode = isc_buffer_getuint16(&nsidbuf);
+ if (optcode == DNS_OPT_NSID)
+ client->attributes |=
+ NS_CLIENTATTR_WANTNSID;
+ }
+ }
+
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_edns0in);
+
+ /*
+ * Create an OPT for our reply.
+ */
+ result = client_addopt(client);
+ if (result != ISC_R_SUCCESS) {
+ ns_client_error(client, result);
+ goto cleanup;
+ }
+ }
+
+ if (client->message->rdclass == 0) {
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
+ "message class could not be determined");
+ ns_client_dumpmessage(client,
+ "message class could not be determined");
+ ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_FORMERR);
+ goto cleanup;
+ }
+
+ /*
+ * Determine the destination address. If the receiving interface is
+ * bound to a specific address, we simply use it regardless of the
+ * address family. All IPv4 queries should fall into this case.
+ * Otherwise, if this is a TCP query, get the address from the
+ * receiving socket (this needs a system call and can be heavy).
+ * For IPv6 UDP queries, we get this from the pktinfo structure (if
+ * supported).
+ * If all the attempts fail (this can happen due to memory shortage,
+ * etc), we regard this as an error for safety.
+ */
+ if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
+ isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
+ else {
+ result = ISC_R_FAILURE;
+
+ if (TCP_CLIENT(client)) {
+ isc_sockaddr_t destsockaddr;
+
+ result = isc_socket_getsockname(client->tcpsocket,
+ &destsockaddr);
+ if (result == ISC_R_SUCCESS)
+ isc_netaddr_fromsockaddr(&destaddr,
+ &destsockaddr);
+ }
+ if (result != ISC_R_SUCCESS &&
+ client->interface->addr.type.sa.sa_family == AF_INET6 &&
+ (client->attributes & NS_CLIENTATTR_PKTINFO) != 0) {
+ isc_uint32_t zone = 0;
+
+ /*
+ * XXXJT technically, we should convert the receiving
+ * interface ID to a proper scope zone ID. However,
+ * due to the fact there is no standard API for this,
+ * we only handle link-local addresses and use the
+ * interface index as link ID. Despite the assumption,
+ * it should cover most typical cases.
+ */
+ if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
+ zone = (isc_uint32_t)client->pktinfo.ipi6_ifindex;
+
+ isc_netaddr_fromin6(&destaddr,
+ &client->pktinfo.ipi6_addr);
+ isc_netaddr_setzone(&destaddr, zone);
+ result = ISC_R_SUCCESS;
+ }
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "failed to get request's "
+ "destination: %s",
+ isc_result_totext(result));
+ ns_client_next(client, ISC_R_SUCCESS);
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Find a view that matches the client's source address.
+ */
+ for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ if (client->message->rdclass == view->rdclass ||
+ client->message->rdclass == dns_rdataclass_any)
+ {
+ dns_name_t *tsig = NULL;
+
+ sigresult = dns_message_rechecksig(client->message,
+ view);
+ if (sigresult == ISC_R_SUCCESS)
+ tsig = dns_tsigkey_identity(client->message->tsigkey);
+
+ if (allowed(&netaddr, tsig, view->matchclients) &&
+ allowed(&destaddr, tsig, view->matchdestinations) &&
+ !((client->message->flags & DNS_MESSAGEFLAG_RD)
+ == 0 && view->matchrecursiveonly))
+ {
+ dns_view_attach(view, &client->view);
+ break;
+ }
+ }
+ }
+
+ if (view == NULL) {
+ char classname[DNS_RDATACLASS_FORMATSIZE];
+
+ /*
+ * Do a dummy TSIG verification attempt so that the
+ * response will have a TSIG if the query did, as
+ * required by RFC2845.
+ */
+ isc_buffer_t b;
+ isc_region_t *r;
+
+ dns_message_resetsig(client->message);
+
+ r = dns_message_getrawmessage(client->message);
+ isc_buffer_init(&b, r->base, r->length);
+ isc_buffer_add(&b, r->length);
+ (void)dns_tsig_verify(&b, client->message, NULL, NULL);
+
+ dns_rdataclass_format(client->message->rdclass, classname,
+ sizeof(classname));
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
+ "no matching view in class '%s'", classname);
+ ns_client_dumpmessage(client, "no matching view in class");
+ ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_REFUSED);
+ goto cleanup;
+ }
+
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(5),
+ "using view '%s'", view->name);
+
+ /*
+ * Check for a signature. We log bad signatures regardless of
+ * whether they ultimately cause the request to be rejected or
+ * not. We do not log the lack of a signature unless we are
+ * debugging.
+ */
+ client->signer = NULL;
+ dns_name_init(&client->signername, NULL);
+ result = dns_message_signer(client->message, &client->signername);
+ if (result != ISC_R_NOTFOUND) {
+ signame = NULL;
+ if (dns_message_gettsig(client->message, &signame) != NULL) {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_tsigin);
+ } else {
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_sig0in);
+ }
+
+ }
+ if (result == ISC_R_SUCCESS) {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "request has valid signature");
+ client->signer = &client->signername;
+ } else if (result == ISC_R_NOTFOUND) {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "request is not signed");
+ } else if (result == DNS_R_NOIDENTITY) {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "request is signed by a nonauthoritative key");
+ } else {
+ char tsigrcode[64];
+ isc_buffer_t b;
+ dns_rcode_t status;
+ isc_result_t tresult;
+
+ /* There is a signature, but it is bad. */
+ dns_generalstats_increment(ns_g_server->nsstats,
+ dns_nsstatscounter_invalidsig);
+ signame = NULL;
+ if (dns_message_gettsig(client->message, &signame) != NULL) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char cnamebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(signame, namebuf, sizeof(namebuf));
+ status = client->message->tsigstatus;
+ isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
+ tresult = dns_tsigrcode_totext(status, &b);
+ INSIST(tresult == ISC_R_SUCCESS);
+ tsigrcode[isc_buffer_usedlength(&b)] = '\0';
+ if (client->message->tsigkey->generated) {
+ dns_name_format(client->message->tsigkey->creator,
+ cnamebuf, sizeof(cnamebuf));
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT,
+ ISC_LOG_ERROR,
+ "request has invalid signature: "
+ "TSIG %s (%s): %s (%s)", namebuf,
+ cnamebuf,
+ isc_result_totext(result),
+ tsigrcode);
+ } else {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT,
+ ISC_LOG_ERROR,
+ "request has invalid signature: "
+ "TSIG %s: %s (%s)", namebuf,
+ isc_result_totext(result),
+ tsigrcode);
+ }
+ } else {
+ status = client->message->sig0status;
+ isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
+ tresult = dns_tsigrcode_totext(status, &b);
+ INSIST(tresult == ISC_R_SUCCESS);
+ tsigrcode[isc_buffer_usedlength(&b)] = '\0';
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
+ "request has invalid signature: %s (%s)",
+ isc_result_totext(result), tsigrcode);
+ }
+ /*
+ * Accept update messages signed by unknown keys so that
+ * update forwarding works transparently through slaves
+ * that don't have all the same keys as the master.
+ */
+ if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
+ client->message->opcode == dns_opcode_update)) {
+ ns_client_error(client, sigresult);
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Decide whether recursive service is available to this client.
+ * We do this here rather than in the query code so that we can
+ * set the RA bit correctly on all kinds of responses, not just
+ * responses to ordinary queries. Note if you can't query the
+ * cache there is no point in setting RA.
+ */
+ ra = ISC_FALSE;
+ if (client->view->resolver != NULL &&
+ client->view->recursion == ISC_TRUE &&
+ ns_client_checkaclsilent(client, NULL,
+ client->view->recursionacl,
+ ISC_TRUE) == ISC_R_SUCCESS &&
+ ns_client_checkaclsilent(client, NULL,
+ client->view->queryacl,
+ ISC_TRUE) == ISC_R_SUCCESS &&
+ ns_client_checkaclsilent(client, &client->interface->addr,
+ client->view->recursiononacl,
+ ISC_TRUE) == ISC_R_SUCCESS &&
+ ns_client_checkaclsilent(client, &client->interface->addr,
+ client->view->queryonacl,
+ ISC_TRUE) == ISC_R_SUCCESS)
+ ra = ISC_TRUE;
+
+ if (ra == ISC_TRUE)
+ client->attributes |= NS_CLIENTATTR_RA;
+
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
+ ISC_LOG_DEBUG(3), ra ? "recursion available" :
+ "recursion not available");
+
+ /*
+ * Adjust maximum UDP response size for this client.
+ */
+ if (client->udpsize > 512) {
+ dns_peer_t *peer = NULL;
+ isc_uint16_t udpsize = view->maxudp;
+ (void) dns_peerlist_peerbyaddr(view->peers, &netaddr, &peer);
+ if (peer != NULL)
+ dns_peer_getmaxudp(peer, &udpsize);
+ if (client->udpsize > udpsize)
+ client->udpsize = udpsize;
+ }
+
+ /*
+ * Dispatch the request.
+ */
+ switch (client->message->opcode) {
+ case dns_opcode_query:
+ CTRACE("query");
+ ns_query_start(client);
+ break;
+ case dns_opcode_update:
+ CTRACE("update");
+ ns_client_settimeout(client, 60);
+ ns_update_start(client, sigresult);
+ break;
+ case dns_opcode_notify:
+ CTRACE("notify");
+ ns_client_settimeout(client, 60);
+ ns_notify_start(client);
+ break;
+ case dns_opcode_iquery:
+ CTRACE("iquery");
+ ns_client_error(client, DNS_R_NOTIMP);
+ break;
+ default:
+ CTRACE("unknown opcode");
+ ns_client_error(client, DNS_R_NOTIMP);
+ }
+
+ cleanup:
+ return;
+}
+
+static void
+client_timeout(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client;
+
+ REQUIRE(event != NULL);
+ REQUIRE(event->ev_type == ISC_TIMEREVENT_LIFE ||
+ event->ev_type == ISC_TIMEREVENT_IDLE);
+ client = event->ev_arg;
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(task == client->task);
+ REQUIRE(client->timer != NULL);
+
+ UNUSED(task);
+
+ CTRACE("timeout");
+
+ isc_event_free(&event);
+
+ if (client->shutdown != NULL) {
+ (client->shutdown)(client->shutdown_arg, ISC_R_TIMEDOUT);
+ client->shutdown = NULL;
+ client->shutdown_arg = NULL;
+ }
+
+ if (client->newstate > NS_CLIENTSTATE_READY)
+ client->newstate = NS_CLIENTSTATE_READY;
+ (void)exit_check(client);
+}
+
+static isc_result_t
+get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
+ isc_mem_t *clientmctx;
+ isc_result_t result;
+
+ /*
+ * Caller must be holding the manager lock.
+ */
+ if (ns_g_clienttest) {
+ result = isc_mem_create(0, 0, mctxp);
+ if (result == ISC_R_SUCCESS)
+ isc_mem_setname(*mctxp, "client", NULL);
+ return (result);
+ }
+#if NMCTXS > 0
+ INSIST(manager->nextmctx < NMCTXS);
+ clientmctx = manager->mctxpool[manager->nextmctx];
+ if (clientmctx == NULL) {
+ result = isc_mem_create(0, 0, &clientmctx);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ isc_mem_setname(clientmctx, "client", NULL);
+
+ manager->mctxpool[manager->nextmctx] = clientmctx;
+ }
+ manager->nextmctx++;
+ if (manager->nextmctx == NMCTXS)
+ manager->nextmctx = 0;
+#else
+ clientmctx = manager->mctx;
+#endif
+
+ isc_mem_attach(clientmctx, mctxp);
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ ns_client_t *client;
+ isc_result_t result;
+ isc_mem_t *mctx = NULL;
+
+ /*
+ * Caller must be holding the manager lock.
+ *
+ * Note: creating a client does not add the client to the
+ * manager's client list or set the client's manager pointer.
+ * The caller is responsible for that.
+ */
+
+ REQUIRE(clientp != NULL && *clientp == NULL);
+
+ result = get_clientmctx(manager, &mctx);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ client = isc_mem_get(mctx, sizeof(*client));
+ if (client == NULL) {
+ isc_mem_detach(&mctx);
+ return (ISC_R_NOMEMORY);
+ }
+ client->mctx = mctx;
+
+ client->task = NULL;
+ result = isc_task_create(manager->taskmgr, 0, &client->task);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_client;
+ isc_task_setname(client->task, "client", client);
+
+ client->timer = NULL;
+ result = isc_timer_create(manager->timermgr, isc_timertype_inactive,
+ NULL, NULL, client->task, client_timeout,
+ client, &client->timer);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_task;
+ client->timerset = ISC_FALSE;
+
+ client->message = NULL;
+ result = dns_message_create(client->mctx, DNS_MESSAGE_INTENTPARSE,
+ &client->message);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_timer;
+
+ /* XXXRTH Hardwired constants */
+
+ client->sendevent = (isc_socketevent_t *)
+ isc_event_allocate(client->mctx, client,
+ ISC_SOCKEVENT_SENDDONE,
+ client_senddone, client,
+ sizeof(isc_socketevent_t));
+ if (client->sendevent == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup_message;
+ }
+
+ client->recvbuf = isc_mem_get(client->mctx, RECV_BUFFER_SIZE);
+ if (client->recvbuf == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup_sendevent;
+ }
+
+ client->recvevent = (isc_socketevent_t *)
+ isc_event_allocate(client->mctx, client,
+ ISC_SOCKEVENT_RECVDONE,
+ client_request, client,
+ sizeof(isc_socketevent_t));
+ if (client->recvevent == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup_recvbuf;
+ }
+
+ client->magic = NS_CLIENT_MAGIC;
+ client->manager = NULL;
+ client->state = NS_CLIENTSTATE_INACTIVE;
+ client->newstate = NS_CLIENTSTATE_MAX;
+ client->naccepts = 0;
+ client->nreads = 0;
+ client->nsends = 0;
+ client->nrecvs = 0;
+ client->nupdates = 0;
+ client->nctls = 0;
+ client->references = 0;
+ client->attributes = 0;
+ client->view = NULL;
+ client->dispatch = NULL;
+ client->udpsocket = NULL;
+ client->tcplistener = NULL;
+ client->tcpsocket = NULL;
+ client->tcpmsg_valid = ISC_FALSE;
+ client->tcpbuf = NULL;
+ client->opt = NULL;
+ client->udpsize = 512;
+ client->extflags = 0;
+ client->ednsversion = -1;
+ client->next = NULL;
+ client->shutdown = NULL;
+ client->shutdown_arg = NULL;
+ dns_name_init(&client->signername, NULL);
+ client->mortal = ISC_FALSE;
+ client->tcpquota = NULL;
+ client->recursionquota = NULL;
+ client->interface = NULL;
+ client->peeraddr_valid = ISC_FALSE;
+ ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
+ NS_EVENT_CLIENTCONTROL, client_start, client, client,
+ NULL, NULL);
+ /*
+ * Initialize FORMERR cache to sentinel value that will not match
+ * any actual FORMERR response.
+ */
+ isc_sockaddr_any(&client->formerrcache.addr);
+ client->formerrcache.time = 0;
+ client->formerrcache.id = 0;
+ ISC_LINK_INIT(client, link);
+ client->list = NULL;
+
+ /*
+ * We call the init routines for the various kinds of client here,
+ * after we have created an otherwise valid client, because some
+ * of them call routines that REQUIRE(NS_CLIENT_VALID(client)).
+ */
+ result = ns_query_init(client);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_recvevent;
+
+ result = isc_task_onshutdown(client->task, client_shutdown, client);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_query;
+
+ client->needshutdown = ns_g_clienttest;
+
+ CTRACE("create");
+
+ *clientp = client;
+
+ return (ISC_R_SUCCESS);
+
+ cleanup_query:
+ ns_query_free(client);
+
+ cleanup_recvevent:
+ isc_event_free((isc_event_t **)&client->recvevent);
+
+ cleanup_recvbuf:
+ isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
+
+ cleanup_sendevent:
+ isc_event_free((isc_event_t **)&client->sendevent);
+
+ client->magic = 0;
+
+ cleanup_message:
+ dns_message_destroy(&client->message);
+
+ cleanup_timer:
+ isc_timer_detach(&client->timer);
+
+ cleanup_task:
+ isc_task_detach(&client->task);
+
+ cleanup_client:
+ isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
+
+ return (result);
+}
+
+static void
+client_read(ns_client_t *client) {
+ isc_result_t result;
+
+ CTRACE("read");
+
+ result = dns_tcpmsg_readmessage(&client->tcpmsg, client->task,
+ client_request, client);
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+
+ /*
+ * Set a timeout to limit the amount of time we will wait
+ * for a request on this TCP connection.
+ */
+ ns_client_settimeout(client, 30);
+
+ client->state = client->newstate = NS_CLIENTSTATE_READING;
+ INSIST(client->nreads == 0);
+ INSIST(client->recursionquota == NULL);
+ client->nreads++;
+
+ return;
+ fail:
+ ns_client_next(client, result);
+}
+
+static void
+client_newconn(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client = event->ev_arg;
+ isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
+ isc_result_t result;
+
+ REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(client->task == task);
+
+ UNUSED(task);
+
+ INSIST(client->state == NS_CLIENTSTATE_READY);
+
+ INSIST(client->naccepts == 1);
+ client->naccepts--;
+
+ LOCK(&client->interface->lock);
+ INSIST(client->interface->ntcpcurrent > 0);
+ client->interface->ntcpcurrent--;
+ UNLOCK(&client->interface->lock);
+
+ /*
+ * We must take ownership of the new socket before the exit
+ * check to make sure it gets destroyed if we decide to exit.
+ */
+ if (nevent->result == ISC_R_SUCCESS) {
+ client->tcpsocket = nevent->newsocket;
+ isc_socket_setname(client->tcpsocket, "client-tcp", NULL);
+ client->state = NS_CLIENTSTATE_READING;
+ INSIST(client->recursionquota == NULL);
+
+ (void)isc_socket_getpeername(client->tcpsocket,
+ &client->peeraddr);
+ client->peeraddr_valid = ISC_TRUE;
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "new TCP connection");
+ } else {
+ /*
+ * XXXRTH What should we do? We're trying to accept but
+ * it didn't work. If we just give up, then TCP
+ * service may eventually stop.
+ *
+ * For now, we just go idle.
+ *
+ * Going idle is probably the right thing if the
+ * I/O was canceled.
+ */
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "accept failed: %s",
+ isc_result_totext(nevent->result));
+ }
+
+ if (exit_check(client))
+ goto freeevent;
+
+ if (nevent->result == ISC_R_SUCCESS) {
+ int match;
+ isc_netaddr_t netaddr;
+
+ isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+
+ if (ns_g_server->blackholeacl != NULL &&
+ dns_acl_match(&netaddr, NULL,
+ ns_g_server->blackholeacl,
+ &ns_g_server->aclenv,
+ &match, NULL) == ISC_R_SUCCESS &&
+ match > 0)
+ {
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "blackholed connection attempt");
+ client->newstate = NS_CLIENTSTATE_READY;
+ (void)exit_check(client);
+ goto freeevent;
+ }
+
+ INSIST(client->tcpmsg_valid == ISC_FALSE);
+ dns_tcpmsg_init(client->mctx, client->tcpsocket,
+ &client->tcpmsg);
+ client->tcpmsg_valid = ISC_TRUE;
+
+ /*
+ * Let a new client take our place immediately, before
+ * we wait for a request packet. If we don't,
+ * telnetting to port 53 (once per CPU) will
+ * deny service to legititmate TCP clients.
+ */
+ result = isc_quota_attach(&ns_g_server->tcpquota,
+ &client->tcpquota);
+ if (result == ISC_R_SUCCESS)
+ result = ns_client_replace(client);
+ if (result != ISC_R_SUCCESS) {
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+ "no more TCP clients: %s",
+ isc_result_totext(result));
+ }
+
+ client_read(client);
+ }
+
+ freeevent:
+ isc_event_free(&event);
+}
+
+static void
+client_accept(ns_client_t *client) {
+ isc_result_t result;
+
+ CTRACE("accept");
+
+ result = isc_socket_accept(client->tcplistener, client->task,
+ client_newconn, client);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_socket_accept() failed: %s",
+ isc_result_totext(result));
+ /*
+ * XXXRTH What should we do? We're trying to accept but
+ * it didn't work. If we just give up, then TCP
+ * service may eventually stop.
+ *
+ * For now, we just go idle.
+ */
+ return;
+ }
+ INSIST(client->naccepts == 0);
+ client->naccepts++;
+ LOCK(&client->interface->lock);
+ client->interface->ntcpcurrent++;
+ UNLOCK(&client->interface->lock);
+}
+
+static void
+client_udprecv(ns_client_t *client) {
+ isc_result_t result;
+ isc_region_t r;
+
+ CTRACE("udprecv");
+
+ r.base = client->recvbuf;
+ r.length = RECV_BUFFER_SIZE;
+ result = isc_socket_recv2(client->udpsocket, &r, 1,
+ client->task, client->recvevent, 0);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_socket_recv2() failed: %s",
+ isc_result_totext(result));
+ /*
+ * This cannot happen in the current implementation, since
+ * isc_socket_recv2() cannot fail if flags == 0.
+ *
+ * If this does fail, we just go idle.
+ */
+ return;
+ }
+ INSIST(client->nrecvs == 0);
+ client->nrecvs++;
+}
+
+void
+ns_client_attach(ns_client_t *source, ns_client_t **targetp) {
+ REQUIRE(NS_CLIENT_VALID(source));
+ REQUIRE(targetp != NULL && *targetp == NULL);
+
+ source->references++;
+ ns_client_log(source, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "ns_client_attach: ref = %d", source->references);
+ *targetp = source;
+}
+
+void
+ns_client_detach(ns_client_t **clientp) {
+ ns_client_t *client = *clientp;
+
+ client->references--;
+ INSIST(client->references >= 0);
+ *clientp = NULL;
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+ "ns_client_detach: ref = %d", client->references);
+ (void)exit_check(client);
+}
+
+isc_boolean_t
+ns_client_shuttingdown(ns_client_t *client) {
+ return (ISC_TF(client->newstate == NS_CLIENTSTATE_FREED));
+}
+
+isc_result_t
+ns_client_replace(ns_client_t *client) {
+ isc_result_t result;
+
+ CTRACE("replace");
+
+ result = ns_clientmgr_createclients(client->manager,
+ 1, client->interface,
+ (TCP_CLIENT(client) ?
+ ISC_TRUE : ISC_FALSE));
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * The responsibility for listening for new requests is hereby
+ * transferred to the new client. Therefore, the old client
+ * should refrain from listening for any more requests.
+ */
+ client->mortal = ISC_TRUE;
+
+ return (ISC_R_SUCCESS);
+}
+
+/***
+ *** Client Manager
+ ***/
+
+static void
+clientmgr_destroy(ns_clientmgr_t *manager) {
+#if NMCTXS > 0
+ int i;
+#endif
+
+ REQUIRE(ISC_LIST_EMPTY(manager->active));
+ REQUIRE(ISC_LIST_EMPTY(manager->inactive));
+ REQUIRE(ISC_LIST_EMPTY(manager->recursing));
+
+ MTRACE("clientmgr_destroy");
+
+#if NMCTXS > 0
+ for (i = 0; i < NMCTXS; i++) {
+ if (manager->mctxpool[i] != NULL)
+ isc_mem_detach(&manager->mctxpool[i]);
+ }
+#endif
+
+ DESTROYLOCK(&manager->lock);
+ manager->magic = 0;
+ isc_mem_put(manager->mctx, manager, sizeof(*manager));
+}
+
+isc_result_t
+ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
+ isc_timermgr_t *timermgr, ns_clientmgr_t **managerp)
+{
+ ns_clientmgr_t *manager;
+ isc_result_t result;
+#if NMCTXS > 0
+ int i;
+#endif
+
+ manager = isc_mem_get(mctx, sizeof(*manager));
+ if (manager == NULL)
+ return (ISC_R_NOMEMORY);
+
+ result = isc_mutex_init(&manager->lock);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_manager;
+
+ manager->mctx = mctx;
+ manager->taskmgr = taskmgr;
+ manager->timermgr = timermgr;
+ manager->exiting = ISC_FALSE;
+ ISC_LIST_INIT(manager->active);
+ ISC_LIST_INIT(manager->inactive);
+ ISC_LIST_INIT(manager->recursing);
+#if NMCTXS > 0
+ manager->nextmctx = 0;
+ for (i = 0; i < NMCTXS; i++)
+ manager->mctxpool[i] = NULL; /* will be created on-demand */
+#endif
+ manager->magic = MANAGER_MAGIC;
+
+ MTRACE("create");
+
+ *managerp = manager;
+
+ return (ISC_R_SUCCESS);
+
+ cleanup_manager:
+ isc_mem_put(manager->mctx, manager, sizeof(*manager));
+
+ return (result);
+}
+
+void
+ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
+ ns_clientmgr_t *manager;
+ ns_client_t *client;
+ isc_boolean_t need_destroy = ISC_FALSE;
+
+ REQUIRE(managerp != NULL);
+ manager = *managerp;
+ REQUIRE(VALID_MANAGER(manager));
+
+ MTRACE("destroy");
+
+ LOCK(&manager->lock);
+
+ manager->exiting = ISC_TRUE;
+
+ for (client = ISC_LIST_HEAD(manager->recursing);
+ client != NULL;
+ client = ISC_LIST_NEXT(client, link))
+ isc_task_shutdown(client->task);
+
+ for (client = ISC_LIST_HEAD(manager->active);
+ client != NULL;
+ client = ISC_LIST_NEXT(client, link))
+ isc_task_shutdown(client->task);
+
+ for (client = ISC_LIST_HEAD(manager->inactive);
+ client != NULL;
+ client = ISC_LIST_NEXT(client, link))
+ isc_task_shutdown(client->task);
+
+ if (ISC_LIST_EMPTY(manager->active) &&
+ ISC_LIST_EMPTY(manager->inactive) &&
+ ISC_LIST_EMPTY(manager->recursing))
+ need_destroy = ISC_TRUE;
+
+ UNLOCK(&manager->lock);
+
+ if (need_destroy)
+ clientmgr_destroy(manager);
+
+ *managerp = NULL;
+}
+
+isc_result_t
+ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
+ ns_interface_t *ifp, isc_boolean_t tcp)
+{
+ isc_result_t result = ISC_R_SUCCESS;
+ unsigned int i;
+ ns_client_t *client;
+
+ REQUIRE(VALID_MANAGER(manager));
+ REQUIRE(n > 0);
+
+ MTRACE("createclients");
+
+ /*
+ * We MUST lock the manager lock for the entire client creation
+ * process. If we didn't do this, then a client could get a
+ * shutdown event and disappear out from under us.
+ */
+
+ LOCK(&manager->lock);
+
+ for (i = 0; i < n; i++) {
+ isc_event_t *ev;
+ /*
+ * Allocate a client. First try to get a recycled one;
+ * if that fails, make a new one.
+ */
+ client = NULL;
+ if (!ns_g_clienttest)
+ client = ISC_LIST_HEAD(manager->inactive);
+ if (client != NULL) {
+ MTRACE("recycle");
+ ISC_LIST_UNLINK(manager->inactive, client, link);
+ client->list = NULL;
+ } else {
+ MTRACE("create new");
+ result = client_create(manager, &client);
+ if (result != ISC_R_SUCCESS)
+ break;
+ }
+
+ ns_interface_attach(ifp, &client->interface);
+ client->state = NS_CLIENTSTATE_READY;
+ INSIST(client->recursionquota == NULL);
+
+ if (tcp) {
+ client->attributes |= NS_CLIENTATTR_TCP;
+ isc_socket_attach(ifp->tcpsocket,
+ &client->tcplistener);
+ } else {
+ isc_socket_t *sock;
+
+ dns_dispatch_attach(ifp->udpdispatch,
+ &client->dispatch);
+ sock = dns_dispatch_getsocket(client->dispatch);
+ isc_socket_attach(sock, &client->udpsocket);
+ }
+ client->manager = manager;
+ ISC_LIST_APPEND(manager->active, client, link);
+ client->list = &manager->active;
+
+ INSIST(client->nctls == 0);
+ client->nctls++;
+ ev = &client->ctlevent;
+ isc_task_send(client->task, &ev);
+ }
+ if (i != 0) {
+ /*
+ * We managed to create at least one client, so we
+ * declare victory.
+ */
+ result = ISC_R_SUCCESS;
+ }
+
+ UNLOCK(&manager->lock);
+
+ return (result);
+}
+
+isc_sockaddr_t *
+ns_client_getsockaddr(ns_client_t *client) {
+ return (&client->peeraddr);
+}
+
+isc_result_t
+ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
+ dns_acl_t *acl, isc_boolean_t default_allow)
+{
+ isc_result_t result;
+ int match;
+ isc_netaddr_t netaddr;
+
+ if (acl == NULL) {
+ if (default_allow)
+ goto allow;
+ else
+ goto deny;
+ }
+
+
+ if (sockaddr == NULL)
+ isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+ else
+ isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+
+ result = dns_acl_match(&netaddr, client->signer, acl,
+ &ns_g_server->aclenv,
+ &match, NULL);
+
+ if (result != ISC_R_SUCCESS)
+ goto deny; /* Internal error, already logged. */
+ if (match > 0)
+ goto allow;
+ goto deny; /* Negative match or no match. */
+
+ allow:
+ return (ISC_R_SUCCESS);
+
+ deny:
+ return (DNS_R_REFUSED);
+}
+
+isc_result_t
+ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
+ const char *opname, dns_acl_t *acl,
+ isc_boolean_t default_allow, int log_level)
+{
+ isc_result_t result =
+ ns_client_checkaclsilent(client, sockaddr, acl, default_allow);
+
+ if (result == ISC_R_SUCCESS)
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ "%s approved", opname);
+ else
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT,
+ log_level, "%s denied", opname);
+ return (result);
+}
+
+static void
+ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
+ if (client->peeraddr_valid)
+ isc_sockaddr_format(&client->peeraddr, peerbuf, len);
+ else
+ snprintf(peerbuf, len, "@%p", client);
+}
+
+void
+ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
+ isc_logmodule_t *module, int level, const char *fmt, va_list ap)
+{
+ char msgbuf[2048];
+ char peerbuf[ISC_SOCKADDR_FORMATSIZE];
+ const char *name = "";
+ const char *sep = "";
+
+ vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
+ ns_client_name(client, peerbuf, sizeof(peerbuf));
+ if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
+ strcmp(client->view->name, "_default") != 0) {
+ name = client->view->name;
+ sep = ": view ";
+ }
+
+ isc_log_write(ns_g_lctx, category, module, level,
+ "client %s%s%s: %s", peerbuf, sep, name, msgbuf);
+}
+
+void
+ns_client_log(ns_client_t *client, isc_logcategory_t *category,
+ isc_logmodule_t *module, int level, const char *fmt, ...)
+{
+ va_list ap;
+
+ if (! isc_log_wouldlog(ns_g_lctx, level))
+ return;
+
+ va_start(ap, fmt);
+ ns_client_logv(client, category, module, level, fmt, ap);
+ va_end(ap);
+}
+
+void
+ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
+ dns_rdataclass_t rdclass, char *buf, size_t len)
+{
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char typebuf[DNS_RDATATYPE_FORMATSIZE];
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
+
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ dns_rdatatype_format(type, typebuf, sizeof(typebuf));
+ dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
+ (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
+ classbuf);
+}
+
+static void
+ns_client_dumpmessage(ns_client_t *client, const char *reason) {
+ isc_buffer_t buffer;
+ char *buf = NULL;
+ int len = 1024;
+ isc_result_t result;
+
+ /*
+ * Note that these are multiline debug messages. We want a newline
+ * to appear in the log after each message.
+ */
+
+ do {
+ buf = isc_mem_get(client->mctx, len);
+ if (buf == NULL)
+ break;
+ isc_buffer_init(&buffer, buf, len);
+ result = dns_message_totext(client->message,
+ &dns_master_style_debug,
+ 0, &buffer);
+ if (result == ISC_R_NOSPACE) {
+ isc_mem_put(client->mctx, buf, len);
+ len += 1024;
+ } else if (result == ISC_R_SUCCESS)
+ ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
+ "%s\n%.*s", reason,
+ (int)isc_buffer_usedlength(&buffer),
+ buf);
+ } while (result == ISC_R_NOSPACE);
+
+ if (buf != NULL)
+ isc_mem_put(client->mctx, buf, len);
+}
+
+void
+ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
+ ns_client_t *client;
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char peerbuf[ISC_SOCKADDR_FORMATSIZE];
+ const char *name;
+ const char *sep;
+
+ REQUIRE(VALID_MANAGER(manager));
+
+ LOCK(&manager->lock);
+ client = ISC_LIST_HEAD(manager->recursing);
+ while (client != NULL) {
+ ns_client_name(client, peerbuf, sizeof(peerbuf));
+ if (client->view != NULL &&
+ strcmp(client->view->name, "_bind") != 0 &&
+ strcmp(client->view->name, "_default") != 0) {
+ name = client->view->name;
+ sep = ": view ";
+ } else {
+ name = "";
+ sep = "";
+ }
+ dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
+ fprintf(f, "; client %s%s%s: '%s' requesttime %d\n",
+ peerbuf, sep, name, namebuf, client->requesttime);
+ client = ISC_LIST_NEXT(client, link);
+ }
+ UNLOCK(&manager->lock);
+}
+
+void
+ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
+
+ if (client->manager != NULL)
+ LOCK(&client->manager->lock);
+ if (client->query.restarts > 0) {
+ /*
+ * client->query.qname was dynamically allocated.
+ */
+ dns_message_puttempname(client->message,
+ &client->query.qname);
+ }
+ client->query.qname = name;
+ if (client->manager != NULL)
+ UNLOCK(&client->manager->lock);
+}
diff --git a/bin/named/config.c b/bin/named/config.c
new file mode 100644
index 0000000..96b071d
--- /dev/null
+++ b/bin/named/config.c
@@ -0,0 +1,807 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: config.c,v 1.93 2008/11/06 05:30:24 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/parseint.h>
+#include <isc/region.h>
+#include <isc/result.h>
+#include <isc/sockaddr.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+#include <dns/tsig.h>
+#include <dns/zone.h>
+
+#include <named/config.h>
+#include <named/globals.h>
+
+/*% default configuration */
+static char defaultconf[] = "\
+options {\n\
+# blackhole {none;};\n"
+#ifndef WIN32
+" coresize default;\n\
+ datasize default;\n\
+ files unlimited;\n\
+ stacksize default;\n"
+#endif
+" deallocate-on-exit true;\n\
+# directory <none>\n\
+ dump-file \"named_dump.db\";\n\
+ fake-iquery no;\n\
+ has-old-clients false;\n\
+ heartbeat-interval 60;\n\
+ host-statistics no;\n\
+ interface-interval 60;\n\
+ listen-on {any;};\n\
+ listen-on-v6 {none;};\n\
+ match-mapped-addresses no;\n\
+ memstatistics-file \"named.memstats\";\n\
+ multiple-cnames no;\n\
+# named-xfer <obsolete>;\n\
+# pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
+ port 53;\n\
+ recursing-file \"named.recursing\";\n\
+"
+#ifdef PATH_RANDOMDEV
+"\
+ random-device \"" PATH_RANDOMDEV "\";\n\
+"
+#endif
+"\
+ recursive-clients 1000;\n\
+ rrset-order {type NS order random; order cyclic; };\n\
+ serial-queries 20;\n\
+ serial-query-rate 20;\n\
+ server-id none;\n\
+ statistics-file \"named.stats\";\n\
+ statistics-interval 60;\n\
+ tcp-clients 100;\n\
+ tcp-listen-queue 3;\n\
+# tkey-dhkey <none>\n\
+# tkey-gssapi-credential <none>\n\
+# tkey-domain <none>\n\
+ transfers-per-ns 2;\n\
+ transfers-in 10;\n\
+ transfers-out 10;\n\
+ treat-cr-as-space true;\n\
+ use-id-pool true;\n\
+ use-ixfr true;\n\
+ edns-udp-size 4096;\n\
+ max-udp-size 4096;\n\
+ request-nsid false;\n\
+ reserved-sockets 512;\n\
+\n\
+ /* view */\n\
+ allow-notify {none;};\n\
+ allow-update-forwarding {none;};\n\
+ allow-query-cache { localnets; localhost; };\n\
+ allow-query-cache-on { any; };\n\
+ allow-recursion { localnets; localhost; };\n\
+ allow-recursion-on { any; };\n\
+# allow-v6-synthesis <obsolete>;\n\
+# sortlist <none>\n\
+# topology <none>\n\
+ auth-nxdomain false;\n\
+ minimal-responses false;\n\
+ recursion true;\n\
+ provide-ixfr true;\n\
+ request-ixfr true;\n\
+ fetch-glue no;\n\
+ rfc2308-type1 no;\n\
+ additional-from-auth true;\n\
+ additional-from-cache true;\n\
+ query-source address *;\n\
+ query-source-v6 address *;\n\
+ notify-source *;\n\
+ notify-source-v6 *;\n\
+ cleaning-interval 0; /* now meaningless */\n\
+ min-roots 2;\n\
+ lame-ttl 600;\n\
+ max-ncache-ttl 10800; /* 3 hours */\n\
+ max-cache-ttl 604800; /* 1 week */\n\
+ transfer-format many-answers;\n\
+ max-cache-size 0;\n\
+ check-names master fail;\n\
+ check-names slave warn;\n\
+ check-names response ignore;\n\
+ check-mx warn;\n\
+ acache-enable no;\n\
+ acache-cleaning-interval 60;\n\
+ max-acache-size 16M;\n\
+ dnssec-enable yes;\n\
+ dnssec-validation yes; \n\
+ dnssec-accept-expired no;\n\
+ clients-per-query 10;\n\
+ max-clients-per-query 100;\n\
+ zero-no-soa-ttl-cache no;\n\
+ nsec3-test-zone no;\n\
+"
+
+" /* zone */\n\
+ allow-query {any;};\n\
+ allow-query-on {any;};\n\
+ allow-transfer {any;};\n\
+ notify yes;\n\
+# also-notify <none>\n\
+ notify-delay 5;\n\
+ notify-to-soa no;\n\
+ dialup no;\n\
+# forward <none>\n\
+# forwarders <none>\n\
+ maintain-ixfr-base no;\n\
+# max-ixfr-log-size <obsolete>\n\
+ transfer-source *;\n\
+ transfer-source-v6 *;\n\
+ alt-transfer-source *;\n\
+ alt-transfer-source-v6 *;\n\
+ max-transfer-time-in 120;\n\
+ max-transfer-time-out 120;\n\
+ max-transfer-idle-in 60;\n\
+ max-transfer-idle-out 60;\n\
+ max-retry-time 1209600; /* 2 weeks */\n\
+ min-retry-time 500;\n\
+ max-refresh-time 2419200; /* 4 weeks */\n\
+ min-refresh-time 300;\n\
+ multi-master no;\n\
+ sig-validity-interval 30; /* days */\n\
+ sig-signing-nodes 100;\n\
+ sig-signing-signatures 10;\n\
+ sig-signing-type 65535;\n\
+ zone-statistics false;\n\
+ max-journal-size unlimited;\n\
+ ixfr-from-differences false;\n\
+ check-wildcard yes;\n\
+ check-sibling yes;\n\
+ check-integrity yes;\n\
+ check-mx-cname warn;\n\
+ check-srv-cname warn;\n\
+ zero-no-soa-ttl yes;\n\
+ update-check-ksk yes;\n\
+ try-tcp-refresh yes; /* BIND 8 compat */\n\
+};\n\
+"
+
+"#\n\
+# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
+#\n\
+view \"_bind\" chaos {\n\
+ recursion no;\n\
+ notify no;\n\
+\n\
+ zone \"version.bind\" chaos {\n\
+ type master;\n\
+ database \"_builtin version\";\n\
+ };\n\
+\n\
+ zone \"hostname.bind\" chaos {\n\
+ type master;\n\
+ database \"_builtin hostname\";\n\
+ };\n\
+\n\
+ zone \"authors.bind\" chaos {\n\
+ type master;\n\
+ database \"_builtin authors\";\n\
+ };\n\
+ zone \"id.server\" chaos {\n\
+ type master;\n\
+ database \"_builtin id\";\n\
+ };\n\
+};\n\
+";
+
+isc_result_t
+ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
+ isc_buffer_t b;
+
+ isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1);
+ isc_buffer_add(&b, sizeof(defaultconf) - 1);
+ return (cfg_parse_buffer(parser, &b, &cfg_type_namedconf, conf));
+}
+
+isc_result_t
+ns_config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
+ int i;
+
+ for (i = 0;; i++) {
+ if (maps[i] == NULL)
+ return (ISC_R_NOTFOUND);
+ if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
+ return (ISC_R_SUCCESS);
+ }
+}
+
+isc_result_t
+ns_checknames_get(const cfg_obj_t **maps, const char *which,
+ const cfg_obj_t **obj)
+{
+ const cfg_listelt_t *element;
+ const cfg_obj_t *checknames;
+ const cfg_obj_t *type;
+ const cfg_obj_t *value;
+ int i;
+
+ for (i = 0;; i++) {
+ if (maps[i] == NULL)
+ return (ISC_R_NOTFOUND);
+ checknames = NULL;
+ if (cfg_map_get(maps[i], "check-names", &checknames) == ISC_R_SUCCESS) {
+ /*
+ * Zone map entry is not a list.
+ */
+ if (checknames != NULL && !cfg_obj_islist(checknames)) {
+ *obj = checknames;
+ return (ISC_R_SUCCESS);
+ }
+ for (element = cfg_list_first(checknames);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ value = cfg_listelt_value(element);
+ type = cfg_tuple_get(value, "type");
+ if (strcasecmp(cfg_obj_asstring(type), which) == 0) {
+ *obj = cfg_tuple_get(value, "mode");
+ return (ISC_R_SUCCESS);
+ }
+ }
+
+ }
+ }
+}
+
+int
+ns_config_listcount(const cfg_obj_t *list) {
+ const cfg_listelt_t *e;
+ int i = 0;
+
+ for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
+ i++;
+
+ return (i);
+}
+
+isc_result_t
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ dns_rdataclass_t *classp) {
+ isc_textregion_t r;
+ isc_result_t result;
+
+ if (!cfg_obj_isstring(classobj)) {
+ *classp = defclass;
+ return (ISC_R_SUCCESS);
+ }
+ DE_CONST(cfg_obj_asstring(classobj), r.base);
+ r.length = strlen(r.base);
+ result = dns_rdataclass_fromtext(classp, &r);
+ if (result != ISC_R_SUCCESS)
+ cfg_obj_log(classobj, ns_g_lctx, ISC_LOG_ERROR,
+ "unknown class '%s'", r.base);
+ return (result);
+}
+
+isc_result_t
+ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
+ dns_rdatatype_t *typep) {
+ isc_textregion_t r;
+ isc_result_t result;
+
+ if (!cfg_obj_isstring(typeobj)) {
+ *typep = deftype;
+ return (ISC_R_SUCCESS);
+ }
+ DE_CONST(cfg_obj_asstring(typeobj), r.base);
+ r.length = strlen(r.base);
+ result = dns_rdatatype_fromtext(typep, &r);
+ if (result != ISC_R_SUCCESS)
+ cfg_obj_log(typeobj, ns_g_lctx, ISC_LOG_ERROR,
+ "unknown type '%s'", r.base);
+ return (result);
+}
+
+dns_zonetype_t
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
+ dns_zonetype_t ztype = dns_zone_none;
+ const char *str;
+
+ str = cfg_obj_asstring(zonetypeobj);
+ if (strcasecmp(str, "master") == 0)
+ ztype = dns_zone_master;
+ else if (strcasecmp(str, "slave") == 0)
+ ztype = dns_zone_slave;
+ else if (strcasecmp(str, "stub") == 0)
+ ztype = dns_zone_stub;
+ else
+ INSIST(0);
+ return (ztype);
+}
+
+isc_result_t
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
+ in_port_t defport, isc_mem_t *mctx,
+ isc_sockaddr_t **addrsp, isc_uint32_t *countp)
+{
+ int count, i = 0;
+ const cfg_obj_t *addrlist;
+ const cfg_obj_t *portobj;
+ const cfg_listelt_t *element;
+ isc_sockaddr_t *addrs;
+ in_port_t port;
+ isc_result_t result;
+
+ INSIST(addrsp != NULL && *addrsp == NULL);
+ INSIST(countp != NULL);
+
+ addrlist = cfg_tuple_get(list, "addresses");
+ count = ns_config_listcount(addrlist);
+
+ portobj = cfg_tuple_get(list, "port");
+ if (cfg_obj_isuint32(portobj)) {
+ isc_uint32_t val = cfg_obj_asuint32(portobj);
+ if (val > ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
+ "port '%u' out of range", val);
+ return (ISC_R_RANGE);
+ }
+ port = (in_port_t) val;
+ } else if (defport != 0)
+ port = defport;
+ else {
+ result = ns_config_getport(config, &port);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
+ if (addrs == NULL)
+ return (ISC_R_NOMEMORY);
+
+ for (element = cfg_list_first(addrlist);
+ element != NULL;
+ element = cfg_list_next(element), i++)
+ {
+ INSIST(i < count);
+ addrs[i] = *cfg_obj_assockaddr(cfg_listelt_value(element));
+ if (isc_sockaddr_getport(&addrs[i]) == 0)
+ isc_sockaddr_setport(&addrs[i], port);
+ }
+ INSIST(i == count);
+
+ *addrsp = addrs;
+ *countp = count;
+
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ isc_uint32_t count)
+{
+ INSIST(addrsp != NULL && *addrsp != NULL);
+
+ isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
+ *addrsp = NULL;
+}
+
+static isc_result_t
+get_masters_def(const cfg_obj_t *cctx, const char *name,
+ const cfg_obj_t **ret)
+{
+ isc_result_t result;
+ const cfg_obj_t *masters = NULL;
+ const cfg_listelt_t *elt;
+
+ result = cfg_map_get(cctx, "masters", &masters);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ for (elt = cfg_list_first(masters);
+ elt != NULL;
+ elt = cfg_list_next(elt)) {
+ const cfg_obj_t *list;
+ const char *listname;
+
+ list = cfg_listelt_value(elt);
+ listname = cfg_obj_asstring(cfg_tuple_get(list, "name"));
+
+ if (strcasecmp(listname, name) == 0) {
+ *ret = list;
+ return (ISC_R_SUCCESS);
+ }
+ }
+ return (ISC_R_NOTFOUND);
+}
+
+isc_result_t
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+ isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ dns_name_t ***keysp, isc_uint32_t *countp)
+{
+ isc_uint32_t addrcount = 0, keycount = 0, i = 0;
+ isc_uint32_t listcount = 0, l = 0, j;
+ isc_uint32_t stackcount = 0, pushed = 0;
+ isc_result_t result;
+ const cfg_listelt_t *element;
+ const cfg_obj_t *addrlist;
+ const cfg_obj_t *portobj;
+ in_port_t port;
+ dns_fixedname_t fname;
+ isc_sockaddr_t *addrs = NULL;
+ dns_name_t **keys = NULL;
+ struct { const char *name; } *lists = NULL;
+ struct {
+ const cfg_listelt_t *element;
+ in_port_t port;
+ } *stack = NULL;
+
+ REQUIRE(addrsp != NULL && *addrsp == NULL);
+ REQUIRE(keysp != NULL && *keysp == NULL);
+ REQUIRE(countp != NULL);
+
+ newlist:
+ addrlist = cfg_tuple_get(list, "addresses");
+ portobj = cfg_tuple_get(list, "port");
+ if (cfg_obj_isuint32(portobj)) {
+ isc_uint32_t val = cfg_obj_asuint32(portobj);
+ if (val > ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
+ "port '%u' out of range", val);
+ result = ISC_R_RANGE;
+ goto cleanup;
+ }
+ port = (in_port_t) val;
+ } else {
+ result = ns_config_getport(config, &port);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+
+ result = ISC_R_NOMEMORY;
+
+ element = cfg_list_first(addrlist);
+ resume:
+ for ( ;
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *addr;
+ const cfg_obj_t *key;
+ const char *keystr;
+ isc_buffer_t b;
+
+ addr = cfg_tuple_get(cfg_listelt_value(element),
+ "masterselement");
+ key = cfg_tuple_get(cfg_listelt_value(element), "key");
+
+ if (!cfg_obj_issockaddr(addr)) {
+ const char *listname = cfg_obj_asstring(addr);
+ isc_result_t tresult;
+
+ /* Grow lists? */
+ if (listcount == l) {
+ void * new;
+ isc_uint32_t newlen = listcount + 16;
+ size_t newsize, oldsize;
+
+ newsize = newlen * sizeof(*lists);
+ oldsize = listcount * sizeof(*lists);
+ new = isc_mem_get(mctx, newsize);
+ if (new == NULL)
+ goto cleanup;
+ if (listcount != 0) {
+ memcpy(new, lists, oldsize);
+ isc_mem_put(mctx, lists, oldsize);
+ }
+ lists = new;
+ listcount = newlen;
+ }
+ /* Seen? */
+ for (j = 0; j < l; j++)
+ if (strcasecmp(lists[j].name, listname) == 0)
+ break;
+ if (j < l)
+ continue;
+ tresult = get_masters_def(config, listname, &list);
+ if (tresult == ISC_R_NOTFOUND) {
+ cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
+ "masters \"%s\" not found", listname);
+
+ result = tresult;
+ goto cleanup;
+ }
+ if (tresult != ISC_R_SUCCESS)
+ goto cleanup;
+ lists[l++].name = listname;
+ /* Grow stack? */
+ if (stackcount == pushed) {
+ void * new;
+ isc_uint32_t newlen = stackcount + 16;
+ size_t newsize, oldsize;
+
+ newsize = newlen * sizeof(*stack);
+ oldsize = stackcount * sizeof(*stack);
+ new = isc_mem_get(mctx, newsize);
+ if (new == NULL)
+ goto cleanup;
+ if (stackcount != 0) {
+ memcpy(new, stack, oldsize);
+ isc_mem_put(mctx, stack, oldsize);
+ }
+ stack = new;
+ stackcount = newlen;
+ }
+ /*
+ * We want to resume processing this list on the
+ * next element.
+ */
+ stack[pushed].element = cfg_list_next(element);
+ stack[pushed].port = port;
+ pushed++;
+ goto newlist;
+ }
+
+ if (i == addrcount) {
+ void * new;
+ isc_uint32_t newlen = addrcount + 16;
+ size_t newsize, oldsize;
+
+ newsize = newlen * sizeof(isc_sockaddr_t);
+ oldsize = addrcount * sizeof(isc_sockaddr_t);
+ new = isc_mem_get(mctx, newsize);
+ if (new == NULL)
+ goto cleanup;
+ if (addrcount != 0) {
+ memcpy(new, addrs, oldsize);
+ isc_mem_put(mctx, addrs, oldsize);
+ }
+ addrs = new;
+ addrcount = newlen;
+
+ newsize = newlen * sizeof(dns_name_t *);
+ oldsize = keycount * sizeof(dns_name_t *);
+ new = isc_mem_get(mctx, newsize);
+ if (new == NULL)
+ goto cleanup;
+ if (keycount != 0) {
+ memcpy(new, keys, oldsize);
+ isc_mem_put(mctx, keys, oldsize);
+ }
+ keys = new;
+ keycount = newlen;
+ }
+
+ addrs[i] = *cfg_obj_assockaddr(addr);
+ if (isc_sockaddr_getport(&addrs[i]) == 0)
+ isc_sockaddr_setport(&addrs[i], port);
+ keys[i] = NULL;
+ if (!cfg_obj_isstring(key)) {
+ i++;
+ continue;
+ }
+ keys[i] = isc_mem_get(mctx, sizeof(dns_name_t));
+ if (keys[i] == NULL)
+ goto cleanup;
+ dns_name_init(keys[i], NULL);
+
+ keystr = cfg_obj_asstring(key);
+ isc_buffer_init(&b, keystr, strlen(keystr));
+ isc_buffer_add(&b, strlen(keystr));
+ dns_fixedname_init(&fname);
+ result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
+ dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ result = dns_name_dup(dns_fixedname_name(&fname), mctx,
+ keys[i]);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ i++;
+ }
+ if (pushed != 0) {
+ pushed--;
+ element = stack[pushed].element;
+ port = stack[pushed].port;
+ goto resume;
+ }
+ if (i < addrcount) {
+ void * new;
+ size_t newsize, oldsize;
+
+ newsize = i * sizeof(isc_sockaddr_t);
+ oldsize = addrcount * sizeof(isc_sockaddr_t);
+ if (i != 0) {
+ new = isc_mem_get(mctx, newsize);
+ if (new == NULL)
+ goto cleanup;
+ memcpy(new, addrs, newsize);
+ } else
+ new = NULL;
+ isc_mem_put(mctx, addrs, oldsize);
+ addrs = new;
+ addrcount = i;
+
+ newsize = i * sizeof(dns_name_t *);
+ oldsize = keycount * sizeof(dns_name_t *);
+ if (i != 0) {
+ new = isc_mem_get(mctx, newsize);
+ if (new == NULL)
+ goto cleanup;
+ memcpy(new, keys, newsize);
+ } else
+ new = NULL;
+ isc_mem_put(mctx, keys, oldsize);
+ keys = new;
+ keycount = i;
+ }
+
+ if (lists != NULL)
+ isc_mem_put(mctx, lists, listcount * sizeof(*lists));
+ if (stack != NULL)
+ isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
+
+ INSIST(keycount == addrcount);
+
+ *addrsp = addrs;
+ *keysp = keys;
+ *countp = addrcount;
+
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (addrs != NULL)
+ isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
+ if (keys != NULL) {
+ for (j = 0; j <= i; j++) {
+ if (keys[j] == NULL)
+ continue;
+ if (dns_name_dynamic(keys[j]))
+ dns_name_free(keys[j], mctx);
+ isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
+ }
+ isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
+ }
+ if (lists != NULL)
+ isc_mem_put(mctx, lists, listcount * sizeof(*lists));
+ if (stack != NULL)
+ isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
+ return (result);
+}
+
+void
+ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ dns_name_t ***keysp, isc_uint32_t count)
+{
+ unsigned int i;
+ dns_name_t **keys = *keysp;
+
+ INSIST(addrsp != NULL && *addrsp != NULL);
+
+ isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
+ for (i = 0; i < count; i++) {
+ if (keys[i] == NULL)
+ continue;
+ if (dns_name_dynamic(keys[i]))
+ dns_name_free(keys[i], mctx);
+ isc_mem_put(mctx, keys[i], sizeof(dns_name_t));
+ }
+ isc_mem_put(mctx, *keysp, count * sizeof(dns_name_t *));
+ *addrsp = NULL;
+ *keysp = NULL;
+}
+
+isc_result_t
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *options = NULL;
+ const cfg_obj_t *portobj = NULL;
+ isc_result_t result;
+ int i;
+
+ (void)cfg_map_get(config, "options", &options);
+ i = 0;
+ if (options != NULL)
+ maps[i++] = options;
+ maps[i++] = ns_g_defaults;
+ maps[i] = NULL;
+
+ result = ns_config_get(maps, "port", &portobj);
+ INSIST(result == ISC_R_SUCCESS);
+ if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
+ "port '%u' out of range",
+ cfg_obj_asuint32(portobj));
+ return (ISC_R_RANGE);
+ }
+ *portp = (in_port_t)cfg_obj_asuint32(portobj);
+ return (ISC_R_SUCCESS);
+}
+
+struct keyalgorithms {
+ const char *str;
+ enum { hmacnone, hmacmd5, hmacsha1, hmacsha224,
+ hmacsha256, hmacsha384, hmacsha512 } hmac;
+ isc_uint16_t size;
+} algorithms[] = {
+ { "hmac-md5", hmacmd5, 128 },
+ { "hmac-md5.sig-alg.reg.int", hmacmd5, 0 },
+ { "hmac-md5.sig-alg.reg.int.", hmacmd5, 0 },
+ { "hmac-sha1", hmacsha1, 160 },
+ { "hmac-sha224", hmacsha224, 224 },
+ { "hmac-sha256", hmacsha256, 256 },
+ { "hmac-sha384", hmacsha384, 384 },
+ { "hmac-sha512", hmacsha512, 512 },
+ { NULL, hmacnone, 0 }
+};
+
+isc_result_t
+ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
+ isc_uint16_t *digestbits)
+{
+ int i;
+ size_t len = 0;
+ isc_uint16_t bits;
+ isc_result_t result;
+
+ for (i = 0; algorithms[i].str != NULL; i++) {
+ len = strlen(algorithms[i].str);
+ if (strncasecmp(algorithms[i].str, str, len) == 0 &&
+ (str[len] == '\0' ||
+ (algorithms[i].size != 0 && str[len] == '-')))
+ break;
+ }
+ if (algorithms[i].str == NULL)
+ return (ISC_R_NOTFOUND);
+ if (str[len] == '-') {
+ result = isc_parse_uint16(&bits, str + len + 1, 10);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (bits > algorithms[i].size)
+ return (ISC_R_RANGE);
+ } else if (algorithms[i].size == 0)
+ bits = 128;
+ else
+ bits = algorithms[i].size;
+
+ if (name != NULL) {
+ switch (algorithms[i].hmac) {
+ case hmacmd5: *name = dns_tsig_hmacmd5_name; break;
+ case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
+ case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
+ case hmacsha256: *name = dns_tsig_hmacsha256_name; break;
+ case hmacsha384: *name = dns_tsig_hmacsha384_name; break;
+ case hmacsha512: *name = dns_tsig_hmacsha512_name; break;
+ default:
+ INSIST(0);
+ }
+ }
+ if (digestbits != NULL)
+ *digestbits = bits;
+ return (ISC_R_SUCCESS);
+}
diff --git a/bin/named/control.c b/bin/named/control.c
new file mode 100644
index 0000000..8bd8f6c
--- /dev/null
+++ b/bin/named/control.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: control.c,v 1.33 2007/09/13 04:45:18 each Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+
+#include <isc/app.h>
+#include <isc/event.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/result.h>
+
+#include <isccc/alist.h>
+#include <isccc/cc.h>
+#include <isccc/result.h>
+
+#include <named/control.h>
+#include <named/log.h>
+#include <named/os.h>
+#include <named/server.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
+
+static isc_boolean_t
+command_compare(const char *text, const char *command) {
+ unsigned int commandlen = strlen(command);
+ if (strncasecmp(text, command, commandlen) == 0 &&
+ (text[commandlen] == '\0' ||
+ text[commandlen] == ' ' ||
+ text[commandlen] == '\t'))
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
+
+/*%
+ * This function is called to process the incoming command
+ * when a control channel message is received.
+ */
+isc_result_t
+ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
+ isccc_sexpr_t *data;
+ char *command;
+ isc_result_t result;
+ int log_level;
+#ifdef HAVE_LIBSCF
+ ns_smf_want_disable = 0;
+#endif
+
+ data = isccc_alist_lookup(message, "_data");
+ if (data == NULL) {
+ /*
+ * No data section.
+ */
+ return (ISC_R_FAILURE);
+ }
+
+ result = isccc_cc_lookupstring(data, "type", &command);
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * We have no idea what this is.
+ */
+ return (result);
+ }
+
+ /*
+ * Compare the 'command' parameter against all known control commands.
+ */
+ if (command_compare(command, NS_COMMAND_NULL) ||
+ command_compare(command, NS_COMMAND_STATUS)) {
+ log_level = ISC_LOG_DEBUG(1);
+ } else {
+ log_level = ISC_LOG_INFO;
+ }
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, log_level,
+ "received control channel command '%s'",
+ command);
+
+ if (command_compare(command, NS_COMMAND_RELOAD)) {
+ result = ns_server_reloadcommand(ns_g_server, command, text);
+ } else if (command_compare(command, NS_COMMAND_RECONFIG)) {
+ result = ns_server_reconfigcommand(ns_g_server, command);
+ } else if (command_compare(command, NS_COMMAND_REFRESH)) {
+ result = ns_server_refreshcommand(ns_g_server, command, text);
+ } else if (command_compare(command, NS_COMMAND_RETRANSFER)) {
+ result = ns_server_retransfercommand(ns_g_server, command);
+ } else if (command_compare(command, NS_COMMAND_HALT)) {
+#ifdef HAVE_LIBSCF
+ /*
+ * If we are managed by smf(5), AND in chroot, then
+ * we cannot connect to the smf repository, so just
+ * return with an appropriate message back to rndc.
+ */
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
+ result = ns_smf_add_message(text);
+ return (result);
+ }
+ /*
+ * If we are managed by smf(5) but not in chroot,
+ * try to disable ourselves the smf way.
+ */
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
+ ns_smf_want_disable = 1;
+ /*
+ * If ns_smf_got_instance = 0, ns_smf_chroot
+ * is not relevant and we fall through to
+ * isc_app_shutdown below.
+ */
+#endif
+ ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
+ ns_os_shutdownmsg(command, text);
+ isc_app_shutdown();
+ result = ISC_R_SUCCESS;
+ } else if (command_compare(command, NS_COMMAND_STOP)) {
+#ifdef HAVE_LIBSCF
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
+ result = ns_smf_add_message(text);
+ return (result);
+ }
+ if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
+ ns_smf_want_disable = 1;
+#endif
+ ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
+ ns_os_shutdownmsg(command, text);
+ isc_app_shutdown();
+ result = ISC_R_SUCCESS;
+ } else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
+ result = ns_server_dumpstats(ns_g_server);
+ } else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
+ result = ns_server_togglequerylog(ns_g_server);
+ } else if (command_compare(command, NS_COMMAND_DUMPDB)) {
+ ns_server_dumpdb(ns_g_server, command);
+ result = ISC_R_SUCCESS;
+ } else if (command_compare(command, NS_COMMAND_TRACE)) {
+ result = ns_server_setdebuglevel(ns_g_server, command);
+ } else if (command_compare(command, NS_COMMAND_NOTRACE)) {
+ ns_g_debuglevel = 0;
+ isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
+ result = ISC_R_SUCCESS;
+ } else if (command_compare(command, NS_COMMAND_FLUSH)) {
+ result = ns_server_flushcache(ns_g_server, command);
+ } else if (command_compare(command, NS_COMMAND_FLUSHNAME)) {
+ result = ns_server_flushname(ns_g_server, command);
+ } else if (command_compare(command, NS_COMMAND_STATUS)) {
+ result = ns_server_status(ns_g_server, text);
+ } else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
+ result = ns_server_tsiglist(ns_g_server, text);
+ } else if (command_compare(command, NS_COMMAND_TSIGDELETE)) {
+ result = ns_server_tsigdelete(ns_g_server, command, text);
+ } else if (command_compare(command, NS_COMMAND_FREEZE)) {
+ result = ns_server_freeze(ns_g_server, ISC_TRUE, command);
+ } else if (command_compare(command, NS_COMMAND_UNFREEZE) ||
+ command_compare(command, NS_COMMAND_THAW)) {
+ result = ns_server_freeze(ns_g_server, ISC_FALSE, command);
+ } else if (command_compare(command, NS_COMMAND_RECURSING)) {
+ result = ns_server_dumprecursing(ns_g_server);
+ } else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {
+ result = ISC_R_SUCCESS;
+ isc_timermgr_poke(ns_g_timermgr);
+ } else if (command_compare(command, NS_COMMAND_NULL)) {
+ result = ISC_R_SUCCESS;
+ } else if (command_compare(command, NS_COMMAND_NOTIFY)) {
+ result = ns_server_notifycommand(ns_g_server, command, text);
+ } else if (command_compare(command, NS_COMMAND_VALIDATION)) {
+ result = ns_server_validation(ns_g_server, command);
+ } else {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "unknown control channel command '%s'",
+ command);
+ result = DNS_R_UNKNOWNCOMMAND;
+ }
+
+ return (result);
+}
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
new file mode 100644
index 0000000..766f013
--- /dev/null
+++ b/bin/named/controlconf.c
@@ -0,0 +1,1459 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: controlconf.c,v 1.60 2008/07/23 23:27:54 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/event.h>
+#include <isc/mem.h>
+#include <isc/net.h>
+#include <isc/netaddr.h>
+#include <isc/random.h>
+#include <isc/result.h>
+#include <isc/stdtime.h>
+#include <isc/string.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <bind9/check.h>
+
+#include <isccc/alist.h>
+#include <isccc/cc.h>
+#include <isccc/ccmsg.h>
+#include <isccc/events.h>
+#include <isccc/result.h>
+#include <isccc/sexpr.h>
+#include <isccc/symtab.h>
+#include <isccc/util.h>
+
+#include <dns/result.h>
+
+#include <named/config.h>
+#include <named/control.h>
+#include <named/log.h>
+#include <named/server.h>
+
+/*
+ * Note: Listeners and connections are not locked. All event handlers are
+ * executed by the server task, and all callers of exported routines must
+ * be running under the server task.
+ */
+
+typedef struct controlkey controlkey_t;
+typedef ISC_LIST(controlkey_t) controlkeylist_t;
+
+typedef struct controlconnection controlconnection_t;
+typedef ISC_LIST(controlconnection_t) controlconnectionlist_t;
+
+typedef struct controllistener controllistener_t;
+typedef ISC_LIST(controllistener_t) controllistenerlist_t;
+
+struct controlkey {
+ char * keyname;
+ isc_region_t secret;
+ ISC_LINK(controlkey_t) link;
+};
+
+struct controlconnection {
+ isc_socket_t * sock;
+ isccc_ccmsg_t ccmsg;
+ isc_boolean_t ccmsg_valid;
+ isc_boolean_t sending;
+ isc_timer_t * timer;
+ unsigned char buffer[2048];
+ controllistener_t * listener;
+ isc_uint32_t nonce;
+ ISC_LINK(controlconnection_t) link;
+};
+
+struct controllistener {
+ ns_controls_t * controls;
+ isc_mem_t * mctx;
+ isc_task_t * task;
+ isc_sockaddr_t address;
+ isc_socket_t * sock;
+ dns_acl_t * acl;
+ isc_boolean_t listening;
+ isc_boolean_t exiting;
+ controlkeylist_t keys;
+ controlconnectionlist_t connections;
+ isc_sockettype_t type;
+ isc_uint32_t perm;
+ isc_uint32_t owner;
+ isc_uint32_t group;
+ ISC_LINK(controllistener_t) link;
+};
+
+struct ns_controls {
+ ns_server_t *server;
+ controllistenerlist_t listeners;
+ isc_boolean_t shuttingdown;
+ isccc_symtab_t *symtab;
+};
+
+static void control_newconn(isc_task_t *task, isc_event_t *event);
+static void control_recvmessage(isc_task_t *task, isc_event_t *event);
+
+#define CLOCKSKEW 300
+
+static void
+free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
+ if (key->keyname != NULL)
+ isc_mem_free(mctx, key->keyname);
+ if (key->secret.base != NULL)
+ isc_mem_put(mctx, key->secret.base, key->secret.length);
+ isc_mem_put(mctx, key, sizeof(*key));
+}
+
+static void
+free_controlkeylist(controlkeylist_t *keylist, isc_mem_t *mctx) {
+ while (!ISC_LIST_EMPTY(*keylist)) {
+ controlkey_t *key = ISC_LIST_HEAD(*keylist);
+ ISC_LIST_UNLINK(*keylist, key, link);
+ free_controlkey(key, mctx);
+ }
+}
+
+static void
+free_listener(controllistener_t *listener) {
+ INSIST(listener->exiting);
+ INSIST(!listener->listening);
+ INSIST(ISC_LIST_EMPTY(listener->connections));
+
+ if (listener->sock != NULL)
+ isc_socket_detach(&listener->sock);
+
+ free_controlkeylist(&listener->keys, listener->mctx);
+
+ if (listener->acl != NULL)
+ dns_acl_detach(&listener->acl);
+
+ isc_mem_put(listener->mctx, listener, sizeof(*listener));
+}
+
+static void
+maybe_free_listener(controllistener_t *listener) {
+ if (listener->exiting &&
+ !listener->listening &&
+ ISC_LIST_EMPTY(listener->connections))
+ free_listener(listener);
+}
+
+static void
+maybe_free_connection(controlconnection_t *conn) {
+ controllistener_t *listener = conn->listener;
+
+ if (conn->timer != NULL)
+ isc_timer_detach(&conn->timer);
+
+ if (conn->ccmsg_valid) {
+ isccc_ccmsg_cancelread(&conn->ccmsg);
+ return;
+ }
+
+ if (conn->sending) {
+ isc_socket_cancel(conn->sock, listener->task,
+ ISC_SOCKCANCEL_SEND);
+ return;
+ }
+
+ ISC_LIST_UNLINK(listener->connections, conn, link);
+ isc_mem_put(listener->mctx, conn, sizeof(*conn));
+}
+
+static void
+shutdown_listener(controllistener_t *listener) {
+ controlconnection_t *conn;
+ controlconnection_t *next;
+
+ if (!listener->exiting) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+ ISC_LIST_UNLINK(listener->controls->listeners, listener, link);
+
+ isc_sockaddr_format(&listener->address, socktext,
+ sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
+ "stopping command channel on %s", socktext);
+ if (listener->type == isc_sockettype_unix)
+ isc_socket_cleanunix(&listener->address, ISC_TRUE);
+ listener->exiting = ISC_TRUE;
+ }
+
+ for (conn = ISC_LIST_HEAD(listener->connections);
+ conn != NULL;
+ conn = next)
+ {
+ next = ISC_LIST_NEXT(conn, link);
+ maybe_free_connection(conn);
+ }
+
+ if (listener->listening)
+ isc_socket_cancel(listener->sock, listener->task,
+ ISC_SOCKCANCEL_ACCEPT);
+
+ maybe_free_listener(listener);
+}
+
+static isc_boolean_t
+address_ok(isc_sockaddr_t *sockaddr, dns_acl_t *acl) {
+ isc_netaddr_t netaddr;
+ isc_result_t result;
+ int match;
+
+ isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+
+ result = dns_acl_match(&netaddr, NULL, acl,
+ &ns_g_server->aclenv, &match, NULL);
+
+ if (result != ISC_R_SUCCESS || match <= 0)
+ return (ISC_FALSE);
+ else
+ return (ISC_TRUE);
+}
+
+static isc_result_t
+control_accept(controllistener_t *listener) {
+ isc_result_t result;
+ result = isc_socket_accept(listener->sock,
+ listener->task,
+ control_newconn, listener);
+ if (result != ISC_R_SUCCESS)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_socket_accept() failed: %s",
+ isc_result_totext(result));
+ else
+ listener->listening = ISC_TRUE;
+ return (result);
+}
+
+static isc_result_t
+control_listen(controllistener_t *listener) {
+ isc_result_t result;
+
+ result = isc_socket_listen(listener->sock, 0);
+ if (result != ISC_R_SUCCESS)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_socket_listen() failed: %s",
+ isc_result_totext(result));
+ return (result);
+}
+
+static void
+control_next(controllistener_t *listener) {
+ (void)control_accept(listener);
+}
+
+static void
+control_senddone(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *) event;
+ controlconnection_t *conn = event->ev_arg;
+ controllistener_t *listener = conn->listener;
+ isc_socket_t *sock = (isc_socket_t *)sevent->ev_sender;
+ isc_result_t result;
+
+ REQUIRE(conn->sending);
+
+ UNUSED(task);
+
+ conn->sending = ISC_FALSE;
+
+ if (sevent->result != ISC_R_SUCCESS &&
+ sevent->result != ISC_R_CANCELED)
+ {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_t peeraddr;
+
+ (void)isc_socket_getpeername(sock, &peeraddr);
+ isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "error sending command response to %s: %s",
+ socktext, isc_result_totext(sevent->result));
+ }
+ isc_event_free(&event);
+
+ result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
+ control_recvmessage, conn);
+ if (result != ISC_R_SUCCESS) {
+ isc_socket_detach(&conn->sock);
+ maybe_free_connection(conn);
+ maybe_free_listener(listener);
+ }
+}
+
+static inline void
+log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_t peeraddr;
+
+ (void)isc_socket_getpeername(ccmsg->sock, &peeraddr);
+ isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_ERROR,
+ "invalid command from %s: %s",
+ socktext, isc_result_totext(result));
+}
+
+static void
+control_recvmessage(isc_task_t *task, isc_event_t *event) {
+ controlconnection_t *conn;
+ controllistener_t *listener;
+ controlkey_t *key;
+ isccc_sexpr_t *request = NULL;
+ isccc_sexpr_t *response = NULL;
+ isccc_region_t ccregion;
+ isccc_region_t secret;
+ isc_stdtime_t now;
+ isc_buffer_t b;
+ isc_region_t r;
+ isc_uint32_t len;
+ isc_buffer_t text;
+ char textarray[1024];
+ isc_result_t result;
+ isc_result_t eresult;
+ isccc_sexpr_t *_ctrl;
+ isccc_time_t sent;
+ isccc_time_t exp;
+ isc_uint32_t nonce;
+
+ REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG);
+
+ conn = event->ev_arg;
+ listener = conn->listener;
+ secret.rstart = NULL;
+
+ /* Is the server shutting down? */
+ if (listener->controls->shuttingdown)
+ goto cleanup;
+
+ if (conn->ccmsg.result != ISC_R_SUCCESS) {
+ if (conn->ccmsg.result != ISC_R_CANCELED &&
+ conn->ccmsg.result != ISC_R_EOF)
+ log_invalid(&conn->ccmsg, conn->ccmsg.result);
+ goto cleanup;
+ }
+
+ request = NULL;
+
+ for (key = ISC_LIST_HEAD(listener->keys);
+ key != NULL;
+ key = ISC_LIST_NEXT(key, link))
+ {
+ ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
+ ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
+ secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
+ if (secret.rstart == NULL)
+ goto cleanup;
+ memcpy(secret.rstart, key->secret.base, key->secret.length);
+ secret.rend = secret.rstart + key->secret.length;
+ result = isccc_cc_fromwire(&ccregion, &request, &secret);
+ if (result == ISC_R_SUCCESS)
+ break;
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+ if (result == ISCCC_R_BADAUTH) {
+ /*
+ * For some reason, request is non-NULL when
+ * isccc_cc_fromwire returns ISCCC_R_BADAUTH.
+ */
+ if (request != NULL)
+ isccc_sexpr_free(&request);
+ } else {
+ log_invalid(&conn->ccmsg, result);
+ goto cleanup;
+ }
+ }
+
+ if (key == NULL) {
+ log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
+ goto cleanup;
+ }
+
+ /* We shouldn't be getting a reply. */
+ if (isccc_cc_isreply(request)) {
+ log_invalid(&conn->ccmsg, ISC_R_FAILURE);
+ goto cleanup_request;
+ }
+
+ isc_stdtime_get(&now);
+
+ /*
+ * Limit exposure to replay attacks.
+ */
+ _ctrl = isccc_alist_lookup(request, "_ctrl");
+ if (_ctrl == NULL) {
+ log_invalid(&conn->ccmsg, ISC_R_FAILURE);
+ goto cleanup_request;
+ }
+
+ if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
+ if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) {
+ log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
+ goto cleanup_request;
+ }
+ } else {
+ log_invalid(&conn->ccmsg, ISC_R_FAILURE);
+ goto cleanup_request;
+ }
+
+ /*
+ * Expire messages that are too old.
+ */
+ if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
+ now > exp) {
+ log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
+ goto cleanup_request;
+ }
+
+ /*
+ * Duplicate suppression (required for UDP).
+ */
+ isccc_cc_cleansymtab(listener->controls->symtab, now);
+ result = isccc_cc_checkdup(listener->controls->symtab, request, now);
+ if (result != ISC_R_SUCCESS) {
+ if (result == ISC_R_EXISTS)
+ result = ISCCC_R_DUPLICATE;
+ log_invalid(&conn->ccmsg, result);
+ goto cleanup_request;
+ }
+
+ if (conn->nonce != 0 &&
+ (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS ||
+ conn->nonce != nonce)) {
+ log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
+ goto cleanup_request;
+ }
+
+ /*
+ * Establish nonce.
+ */
+ while (conn->nonce == 0)
+ isc_random_get(&conn->nonce);
+
+ isc_buffer_init(&text, textarray, sizeof(textarray));
+ eresult = ns_control_docommand(request, &text);
+
+ result = isccc_cc_createresponse(request, now, now + 60, &response);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_request;
+ if (eresult != ISC_R_SUCCESS) {
+ isccc_sexpr_t *data;
+
+ data = isccc_alist_lookup(response, "_data");
+ if (data != NULL) {
+ const char *estr = isc_result_totext(eresult);
+ if (isccc_cc_definestring(data, "err", estr) == NULL)
+ goto cleanup_response;
+ }
+ }
+
+ if (isc_buffer_usedlength(&text) > 0) {
+ isccc_sexpr_t *data;
+
+ data = isccc_alist_lookup(response, "_data");
+ if (data != NULL) {
+ char *str = (char *)isc_buffer_base(&text);
+ if (isccc_cc_definestring(data, "text", str) == NULL)
+ goto cleanup_response;
+ }
+ }
+
+ _ctrl = isccc_alist_lookup(response, "_ctrl");
+ if (_ctrl == NULL ||
+ isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL)
+ goto cleanup_response;
+
+ ccregion.rstart = conn->buffer + 4;
+ ccregion.rend = conn->buffer + sizeof(conn->buffer);
+ result = isccc_cc_towire(response, &ccregion, &secret);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_response;
+ isc_buffer_init(&b, conn->buffer, 4);
+ len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
+ isc_buffer_putuint32(&b, len - 4);
+ r.base = conn->buffer;
+ r.length = len;
+
+ result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_response;
+ conn->sending = ISC_TRUE;
+
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+ isccc_sexpr_free(&request);
+ isccc_sexpr_free(&response);
+ return;
+
+ cleanup_response:
+ isccc_sexpr_free(&response);
+
+ cleanup_request:
+ isccc_sexpr_free(&request);
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+
+ cleanup:
+ isc_socket_detach(&conn->sock);
+ isccc_ccmsg_invalidate(&conn->ccmsg);
+ conn->ccmsg_valid = ISC_FALSE;
+ maybe_free_connection(conn);
+ maybe_free_listener(listener);
+}
+
+static void
+control_timeout(isc_task_t *task, isc_event_t *event) {
+ controlconnection_t *conn = event->ev_arg;
+
+ UNUSED(task);
+
+ isc_timer_detach(&conn->timer);
+ maybe_free_connection(conn);
+
+ isc_event_free(&event);
+}
+
+static isc_result_t
+newconnection(controllistener_t *listener, isc_socket_t *sock) {
+ controlconnection_t *conn;
+ isc_interval_t interval;
+ isc_result_t result;
+
+ conn = isc_mem_get(listener->mctx, sizeof(*conn));
+ if (conn == NULL)
+ return (ISC_R_NOMEMORY);
+
+ conn->sock = sock;
+ isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
+ conn->ccmsg_valid = ISC_TRUE;
+ conn->sending = ISC_FALSE;
+ conn->timer = NULL;
+ isc_interval_set(&interval, 60, 0);
+ result = isc_timer_create(ns_g_timermgr, isc_timertype_once,
+ NULL, &interval, listener->task,
+ control_timeout, conn, &conn->timer);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ conn->listener = listener;
+ conn->nonce = 0;
+ ISC_LINK_INIT(conn, link);
+
+ result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
+ control_recvmessage, conn);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ isccc_ccmsg_setmaxsize(&conn->ccmsg, 2048);
+
+ ISC_LIST_APPEND(listener->connections, conn, link);
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ isccc_ccmsg_invalidate(&conn->ccmsg);
+ if (conn->timer != NULL)
+ isc_timer_detach(&conn->timer);
+ isc_mem_put(listener->mctx, conn, sizeof(*conn));
+ return (result);
+}
+
+static void
+control_newconn(isc_task_t *task, isc_event_t *event) {
+ isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
+ controllistener_t *listener = event->ev_arg;
+ isc_socket_t *sock;
+ isc_sockaddr_t peeraddr;
+ isc_result_t result;
+
+ UNUSED(task);
+
+ listener->listening = ISC_FALSE;
+
+ if (nevent->result != ISC_R_SUCCESS) {
+ if (nevent->result == ISC_R_CANCELED) {
+ shutdown_listener(listener);
+ goto cleanup;
+ }
+ goto restart;
+ }
+
+ sock = nevent->newsocket;
+ isc_socket_setname(sock, "control", NULL);
+ (void)isc_socket_getpeername(sock, &peeraddr);
+ if (listener->type == isc_sockettype_tcp &&
+ !address_ok(&peeraddr, listener->acl)) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "rejected command channel message from %s",
+ socktext);
+ isc_socket_detach(&sock);
+ goto restart;
+ }
+
+ result = newconnection(listener, sock);
+ if (result != ISC_R_SUCCESS) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "dropped command channel from %s: %s",
+ socktext, isc_result_totext(result));
+ isc_socket_detach(&sock);
+ goto restart;
+ }
+
+ restart:
+ control_next(listener);
+ cleanup:
+ isc_event_free(&event);
+}
+
+static void
+controls_shutdown(ns_controls_t *controls) {
+ controllistener_t *listener;
+ controllistener_t *next;
+
+ for (listener = ISC_LIST_HEAD(controls->listeners);
+ listener != NULL;
+ listener = next)
+ {
+ /*
+ * This is asynchronous. As listeners shut down, they will
+ * call their callbacks.
+ */
+ next = ISC_LIST_NEXT(listener, link);
+ shutdown_listener(listener);
+ }
+}
+
+void
+ns_controls_shutdown(ns_controls_t *controls) {
+ controls_shutdown(controls);
+ controls->shuttingdown = ISC_TRUE;
+}
+
+static isc_result_t
+cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
+ const cfg_obj_t **objp)
+{
+ const cfg_listelt_t *element;
+ const char *str;
+ const cfg_obj_t *obj;
+
+ for (element = cfg_list_first(keylist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ obj = cfg_listelt_value(element);
+ str = cfg_obj_asstring(cfg_map_getname(obj));
+ if (strcasecmp(str, keyname) == 0)
+ break;
+ }
+ if (element == NULL)
+ return (ISC_R_NOTFOUND);
+ obj = cfg_listelt_value(element);
+ *objp = obj;
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
+ controlkeylist_t *keyids)
+{
+ const cfg_listelt_t *element;
+ char *newstr = NULL;
+ const char *str;
+ const cfg_obj_t *obj;
+ controlkey_t *key;
+
+ for (element = cfg_list_first(keylist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ obj = cfg_listelt_value(element);
+ str = cfg_obj_asstring(obj);
+ newstr = isc_mem_strdup(mctx, str);
+ if (newstr == NULL)
+ goto cleanup;
+ key = isc_mem_get(mctx, sizeof(*key));
+ if (key == NULL)
+ goto cleanup;
+ key->keyname = newstr;
+ key->secret.base = NULL;
+ key->secret.length = 0;
+ ISC_LINK_INIT(key, link);
+ ISC_LIST_APPEND(*keyids, key, link);
+ newstr = NULL;
+ }
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (newstr != NULL)
+ isc_mem_free(mctx, newstr);
+ free_controlkeylist(keyids, mctx);
+ return (ISC_R_NOMEMORY);
+}
+
+static void
+register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
+ controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext)
+{
+ controlkey_t *keyid, *next;
+ const cfg_obj_t *keydef;
+ char secret[1024];
+ isc_buffer_t b;
+ isc_result_t result;
+
+ /*
+ * Find the keys corresponding to the keyids used by this listener.
+ */
+ for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) {
+ next = ISC_LIST_NEXT(keyid, link);
+
+ result = cfgkeylist_find(keylist, keyid->keyname, &keydef);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't find key '%s' for use with "
+ "command channel %s",
+ keyid->keyname, socktext);
+ ISC_LIST_UNLINK(*keyids, keyid, link);
+ free_controlkey(keyid, mctx);
+ } else {
+ const cfg_obj_t *algobj = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ const char *algstr = NULL;
+ const char *secretstr = NULL;
+
+ (void)cfg_map_get(keydef, "algorithm", &algobj);
+ (void)cfg_map_get(keydef, "secret", &secretobj);
+ INSIST(algobj != NULL && secretobj != NULL);
+
+ algstr = cfg_obj_asstring(algobj);
+ secretstr = cfg_obj_asstring(secretobj);
+
+ if (ns_config_getkeyalgorithm(algstr, NULL, NULL) !=
+ ISC_R_SUCCESS)
+ {
+ cfg_obj_log(control, ns_g_lctx,
+ ISC_LOG_WARNING,
+ "unsupported algorithm '%s' in "
+ "key '%s' for use with command "
+ "channel %s",
+ algstr, keyid->keyname, socktext);
+ ISC_LIST_UNLINK(*keyids, keyid, link);
+ free_controlkey(keyid, mctx);
+ continue;
+ }
+
+ isc_buffer_init(&b, secret, sizeof(secret));
+ result = isc_base64_decodestring(secretstr, &b);
+
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
+ "secret for key '%s' on "
+ "command channel %s: %s",
+ keyid->keyname, socktext,
+ isc_result_totext(result));
+ ISC_LIST_UNLINK(*keyids, keyid, link);
+ free_controlkey(keyid, mctx);
+ continue;
+ }
+
+ keyid->secret.length = isc_buffer_usedlength(&b);
+ keyid->secret.base = isc_mem_get(mctx,
+ keyid->secret.length);
+ if (keyid->secret.base == NULL) {
+ cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't register key '%s': "
+ "out of memory", keyid->keyname);
+ ISC_LIST_UNLINK(*keyids, keyid, link);
+ free_controlkey(keyid, mctx);
+ break;
+ }
+ memcpy(keyid->secret.base, isc_buffer_base(&b),
+ keyid->secret.length);
+ }
+ }
+}
+
+#define CHECK(x) \
+ do { \
+ result = (x); \
+ if (result != ISC_R_SUCCESS) \
+ goto cleanup; \
+ } while (0)
+
+static isc_result_t
+get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
+ isc_result_t result;
+ cfg_parser_t *pctx = NULL;
+ cfg_obj_t *config = NULL;
+ const cfg_obj_t *key = NULL;
+ const cfg_obj_t *algobj = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ const char *algstr = NULL;
+ const char *secretstr = NULL;
+ controlkey_t *keyid = NULL;
+ char secret[1024];
+ isc_buffer_t b;
+
+ CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx));
+ CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config));
+ CHECK(cfg_map_get(config, "key", &key));
+
+ keyid = isc_mem_get(mctx, sizeof(*keyid));
+ if (keyid == NULL)
+ CHECK(ISC_R_NOMEMORY);
+ keyid->keyname = isc_mem_strdup(mctx,
+ cfg_obj_asstring(cfg_map_getname(key)));
+ keyid->secret.base = NULL;
+ keyid->secret.length = 0;
+ ISC_LINK_INIT(keyid, link);
+ if (keyid->keyname == NULL)
+ CHECK(ISC_R_NOMEMORY);
+
+ CHECK(bind9_check_key(key, ns_g_lctx));
+
+ (void)cfg_map_get(key, "algorithm", &algobj);
+ (void)cfg_map_get(key, "secret", &secretobj);
+ INSIST(algobj != NULL && secretobj != NULL);
+
+ algstr = cfg_obj_asstring(algobj);
+ secretstr = cfg_obj_asstring(secretobj);
+
+ if (ns_config_getkeyalgorithm(algstr, NULL, NULL) != ISC_R_SUCCESS) {
+ cfg_obj_log(key, ns_g_lctx,
+ ISC_LOG_WARNING,
+ "unsupported algorithm '%s' in "
+ "key '%s' for use with command "
+ "channel",
+ algstr, keyid->keyname);
+ goto cleanup;
+ }
+
+ isc_buffer_init(&b, secret, sizeof(secret));
+ result = isc_base64_decodestring(secretstr, &b);
+
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
+ "secret for key '%s' on command channel: %s",
+ keyid->keyname, isc_result_totext(result));
+ CHECK(result);
+ }
+
+ keyid->secret.length = isc_buffer_usedlength(&b);
+ keyid->secret.base = isc_mem_get(mctx,
+ keyid->secret.length);
+ if (keyid->secret.base == NULL) {
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't register key '%s': "
+ "out of memory", keyid->keyname);
+ CHECK(ISC_R_NOMEMORY);
+ }
+ memcpy(keyid->secret.base, isc_buffer_base(&b),
+ keyid->secret.length);
+ ISC_LIST_APPEND(*keyids, keyid, link);
+ keyid = NULL;
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ if (keyid != NULL)
+ free_controlkey(keyid, mctx);
+ if (config != NULL)
+ cfg_obj_destroy(pctx, &config);
+ if (pctx != NULL)
+ cfg_parser_destroy(&pctx);
+ return (result);
+}
+
+/*
+ * Ensures that both '*global_keylistp' and '*control_keylistp' are
+ * valid or both are NULL.
+ */
+static void
+get_key_info(const cfg_obj_t *config, const cfg_obj_t *control,
+ const cfg_obj_t **global_keylistp,
+ const cfg_obj_t **control_keylistp)
+{
+ isc_result_t result;
+ const cfg_obj_t *control_keylist = NULL;
+ const cfg_obj_t *global_keylist = NULL;
+
+ REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
+ REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
+
+ control_keylist = cfg_tuple_get(control, "keys");
+
+ if (!cfg_obj_isvoid(control_keylist) &&
+ cfg_list_first(control_keylist) != NULL) {
+ result = cfg_map_get(config, "key", &global_keylist);
+
+ if (result == ISC_R_SUCCESS) {
+ *global_keylistp = global_keylist;
+ *control_keylistp = control_keylist;
+ }
+ }
+}
+
+static void
+update_listener(ns_controls_t *cp, controllistener_t **listenerp,
+ const cfg_obj_t *control, const cfg_obj_t *config,
+ isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
+ const char *socktext, isc_sockettype_t type)
+{
+ controllistener_t *listener;
+ const cfg_obj_t *allow;
+ const cfg_obj_t *global_keylist = NULL;
+ const cfg_obj_t *control_keylist = NULL;
+ dns_acl_t *new_acl = NULL;
+ controlkeylist_t keys;
+ isc_result_t result = ISC_R_SUCCESS;
+
+ for (listener = ISC_LIST_HEAD(cp->listeners);
+ listener != NULL;
+ listener = ISC_LIST_NEXT(listener, link))
+ if (isc_sockaddr_equal(addr, &listener->address))
+ break;
+
+ if (listener == NULL) {
+ *listenerp = NULL;
+ return;
+ }
+
+ /*
+ * There is already a listener for this sockaddr.
+ * Update the access list and key information.
+ *
+ * First try to deal with the key situation. There are a few
+ * possibilities:
+ * (a) It had an explicit keylist and still has an explicit keylist.
+ * (b) It had an automagic key and now has an explicit keylist.
+ * (c) It had an explicit keylist and now needs an automagic key.
+ * (d) It has an automagic key and still needs the automagic key.
+ *
+ * (c) and (d) are the annoying ones. The caller needs to know
+ * that it should use the automagic configuration for key information
+ * in place of the named.conf configuration.
+ *
+ * XXXDCL There is one other hazard that has not been dealt with,
+ * the problem that if a key change is being caused by a control
+ * channel reload, then the response will be with the new key
+ * and not able to be decrypted by the client.
+ */
+ if (control != NULL)
+ get_key_info(config, control, &global_keylist,
+ &control_keylist);
+
+ if (control_keylist != NULL) {
+ INSIST(global_keylist != NULL);
+
+ ISC_LIST_INIT(keys);
+ result = controlkeylist_fromcfg(control_keylist,
+ listener->mctx, &keys);
+ if (result == ISC_R_SUCCESS) {
+ free_controlkeylist(&listener->keys, listener->mctx);
+ listener->keys = keys;
+ register_keys(control, global_keylist, &listener->keys,
+ listener->mctx, socktext);
+ }
+ } else {
+ free_controlkeylist(&listener->keys, listener->mctx);
+ result = get_rndckey(listener->mctx, &listener->keys);
+ }
+
+ if (result != ISC_R_SUCCESS && global_keylist != NULL) {
+ /*
+ * This message might be a little misleading since the
+ * "new keys" might in fact be identical to the old ones,
+ * but tracking whether they are identical just for the
+ * sake of avoiding this message would be too much trouble.
+ */
+ if (control != NULL)
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't install new keys for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "couldn't install new keys for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+ }
+
+ /*
+ * Now, keep the old access list unless a new one can be made.
+ */
+ if (control != NULL && type == isc_sockettype_tcp) {
+ allow = cfg_tuple_get(control, "allow");
+ result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
+ aclconfctx, listener->mctx, 0,
+ &new_acl);
+ } else {
+ result = dns_acl_any(listener->mctx, &new_acl);
+ }
+
+ if (result == ISC_R_SUCCESS) {
+ dns_acl_detach(&listener->acl);
+ dns_acl_attach(new_acl, &listener->acl);
+ dns_acl_detach(&new_acl);
+ /* XXXDCL say the old acl is still used? */
+ } else if (control != NULL)
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't install new acl for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+ "couldn't install new acl for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+
+ if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
+ isc_uint32_t perm, owner, group;
+ perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
+ owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
+ group = cfg_obj_asuint32(cfg_tuple_get(control, "group"));
+ result = ISC_R_SUCCESS;
+ if (listener->perm != perm || listener->owner != owner ||
+ listener->group != group)
+ result = isc_socket_permunix(&listener->address, perm,
+ owner, group);
+ if (result == ISC_R_SUCCESS) {
+ listener->perm = perm;
+ listener->owner = owner;
+ listener->group = group;
+ } else if (control != NULL)
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't update ownership/permission for "
+ "command channel %s", socktext);
+ }
+
+ *listenerp = listener;
+}
+
+static void
+add_listener(ns_controls_t *cp, controllistener_t **listenerp,
+ const cfg_obj_t *control, const cfg_obj_t *config,
+ isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
+ const char *socktext, isc_sockettype_t type)
+{
+ isc_mem_t *mctx = cp->server->mctx;
+ controllistener_t *listener;
+ const cfg_obj_t *allow;
+ const cfg_obj_t *global_keylist = NULL;
+ const cfg_obj_t *control_keylist = NULL;
+ dns_acl_t *new_acl = NULL;
+ isc_result_t result = ISC_R_SUCCESS;
+
+ listener = isc_mem_get(mctx, sizeof(*listener));
+ if (listener == NULL)
+ result = ISC_R_NOMEMORY;
+
+ if (result == ISC_R_SUCCESS) {
+ listener->controls = cp;
+ listener->mctx = mctx;
+ listener->task = cp->server->task;
+ listener->address = *addr;
+ listener->sock = NULL;
+ listener->listening = ISC_FALSE;
+ listener->exiting = ISC_FALSE;
+ listener->acl = NULL;
+ listener->type = type;
+ listener->perm = 0;
+ listener->owner = 0;
+ listener->group = 0;
+ ISC_LINK_INIT(listener, link);
+ ISC_LIST_INIT(listener->keys);
+ ISC_LIST_INIT(listener->connections);
+
+ /*
+ * Make the acl.
+ */
+ if (control != NULL && type == isc_sockettype_tcp) {
+ allow = cfg_tuple_get(control, "allow");
+ result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
+ aclconfctx, mctx, 0,
+ &new_acl);
+ } else {
+ result = dns_acl_any(mctx, &new_acl);
+ }
+ }
+
+ if (result == ISC_R_SUCCESS) {
+ dns_acl_attach(new_acl, &listener->acl);
+ dns_acl_detach(&new_acl);
+
+ if (config != NULL)
+ get_key_info(config, control, &global_keylist,
+ &control_keylist);
+
+ if (control_keylist != NULL) {
+ result = controlkeylist_fromcfg(control_keylist,
+ listener->mctx,
+ &listener->keys);
+ if (result == ISC_R_SUCCESS)
+ register_keys(control, global_keylist,
+ &listener->keys,
+ listener->mctx, socktext);
+ } else
+ result = get_rndckey(mctx, &listener->keys);
+
+ if (result != ISC_R_SUCCESS && control != NULL)
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't install keys for "
+ "command channel %s: %s",
+ socktext, isc_result_totext(result));
+ }
+
+ if (result == ISC_R_SUCCESS) {
+ int pf = isc_sockaddr_pf(&listener->address);
+ if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
+#ifdef ISC_PLATFORM_HAVESYSUNH
+ (pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) ||
+#endif
+ (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
+ result = ISC_R_FAMILYNOSUPPORT;
+ }
+
+ if (result == ISC_R_SUCCESS && type == isc_sockettype_unix)
+ isc_socket_cleanunix(&listener->address, ISC_FALSE);
+
+ if (result == ISC_R_SUCCESS)
+ result = isc_socket_create(ns_g_socketmgr,
+ isc_sockaddr_pf(&listener->address),
+ type, &listener->sock);
+ if (result == ISC_R_SUCCESS)
+ isc_socket_setname(listener->sock, "control", NULL);
+
+ if (result == ISC_R_SUCCESS)
+ result = isc_socket_bind(listener->sock, &listener->address,
+ ISC_SOCKET_REUSEADDRESS);
+
+ if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
+ listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,
+ "perm"));
+ listener->owner = cfg_obj_asuint32(cfg_tuple_get(control,
+ "owner"));
+ listener->group = cfg_obj_asuint32(cfg_tuple_get(control,
+ "group"));
+ result = isc_socket_permunix(&listener->address, listener->perm,
+ listener->owner, listener->group);
+ }
+ if (result == ISC_R_SUCCESS)
+ result = control_listen(listener);
+
+ if (result == ISC_R_SUCCESS)
+ result = control_accept(listener);
+
+ if (result == ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
+ "command channel listening on %s", socktext);
+ *listenerp = listener;
+
+ } else {
+ if (listener != NULL) {
+ listener->exiting = ISC_TRUE;
+ free_listener(listener);
+ }
+
+ if (control != NULL)
+ cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't add command channel %s: %s",
+ socktext, isc_result_totext(result));
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
+ "couldn't add command channel %s: %s",
+ socktext, isc_result_totext(result));
+
+ *listenerp = NULL;
+ }
+
+ /* XXXDCL return error results? fail hard? */
+}
+
+isc_result_t
+ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
+ cfg_aclconfctx_t *aclconfctx)
+{
+ controllistener_t *listener;
+ controllistenerlist_t new_listeners;
+ const cfg_obj_t *controlslist = NULL;
+ const cfg_listelt_t *element, *element2;
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+ ISC_LIST_INIT(new_listeners);
+
+ /*
+ * Get the list of named.conf 'controls' statements.
+ */
+ (void)cfg_map_get(config, "controls", &controlslist);
+
+ /*
+ * Run through the new control channel list, noting sockets that
+ * are already being listened on and moving them to the new list.
+ *
+ * Identifying duplicate addr/port combinations is left to either
+ * the underlying config code, or to the bind attempt getting an
+ * address-in-use error.
+ */
+ if (controlslist != NULL) {
+ for (element = cfg_list_first(controlslist);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ const cfg_obj_t *controls;
+ const cfg_obj_t *inetcontrols = NULL;
+
+ controls = cfg_listelt_value(element);
+ (void)cfg_map_get(controls, "inet", &inetcontrols);
+ if (inetcontrols == NULL)
+ continue;
+
+ for (element2 = cfg_list_first(inetcontrols);
+ element2 != NULL;
+ element2 = cfg_list_next(element2)) {
+ const cfg_obj_t *control;
+ const cfg_obj_t *obj;
+ isc_sockaddr_t addr;
+
+ /*
+ * The parser handles BIND 8 configuration file
+ * syntax, so it allows unix phrases as well
+ * inet phrases with no keys{} clause.
+ */
+ control = cfg_listelt_value(element2);
+
+ obj = cfg_tuple_get(control, "address");
+ addr = *cfg_obj_assockaddr(obj);
+ if (isc_sockaddr_getport(&addr) == 0)
+ isc_sockaddr_setport(&addr,
+ NS_CONTROL_PORT);
+
+ isc_sockaddr_format(&addr, socktext,
+ sizeof(socktext));
+
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL,
+ ISC_LOG_DEBUG(9),
+ "processing control channel %s",
+ socktext);
+
+ update_listener(cp, &listener, control, config,
+ &addr, aclconfctx, socktext,
+ isc_sockettype_tcp);
+
+ if (listener != NULL)
+ /*
+ * Remove the listener from the old
+ * list, so it won't be shut down.
+ */
+ ISC_LIST_UNLINK(cp->listeners,
+ listener, link);
+ else
+ /*
+ * This is a new listener.
+ */
+ add_listener(cp, &listener, control,
+ config, &addr, aclconfctx,
+ socktext,
+ isc_sockettype_tcp);
+
+ if (listener != NULL)
+ ISC_LIST_APPEND(new_listeners,
+ listener, link);
+ }
+ }
+ for (element = cfg_list_first(controlslist);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ const cfg_obj_t *controls;
+ const cfg_obj_t *unixcontrols = NULL;
+
+ controls = cfg_listelt_value(element);
+ (void)cfg_map_get(controls, "unix", &unixcontrols);
+ if (unixcontrols == NULL)
+ continue;
+
+ for (element2 = cfg_list_first(unixcontrols);
+ element2 != NULL;
+ element2 = cfg_list_next(element2)) {
+ const cfg_obj_t *control;
+ const cfg_obj_t *path;
+ isc_sockaddr_t addr;
+ isc_result_t result;
+
+ /*
+ * The parser handles BIND 8 configuration file
+ * syntax, so it allows unix phrases as well
+ * inet phrases with no keys{} clause.
+ */
+ control = cfg_listelt_value(element2);
+
+ path = cfg_tuple_get(control, "path");
+ result = isc_sockaddr_frompath(&addr,
+ cfg_obj_asstring(path));
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL,
+ ISC_LOG_DEBUG(9),
+ "control channel '%s': %s",
+ cfg_obj_asstring(path),
+ isc_result_totext(result));
+ continue;
+ }
+
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_CONTROL,
+ ISC_LOG_DEBUG(9),
+ "processing control channel '%s'",
+ cfg_obj_asstring(path));
+
+ update_listener(cp, &listener, control, config,
+ &addr, aclconfctx,
+ cfg_obj_asstring(path),
+ isc_sockettype_unix);
+
+ if (listener != NULL)
+ /*
+ * Remove the listener from the old
+ * list, so it won't be shut down.
+ */
+ ISC_LIST_UNLINK(cp->listeners,
+ listener, link);
+ else
+ /*
+ * This is a new listener.
+ */
+ add_listener(cp, &listener, control,
+ config, &addr, aclconfctx,
+ cfg_obj_asstring(path),
+ isc_sockettype_unix);
+
+ if (listener != NULL)
+ ISC_LIST_APPEND(new_listeners,
+ listener, link);
+ }
+ }
+ } else {
+ int i;
+
+ for (i = 0; i < 2; i++) {
+ isc_sockaddr_t addr;
+
+ if (i == 0) {
+ struct in_addr localhost;
+
+ if (isc_net_probeipv4() != ISC_R_SUCCESS)
+ continue;
+ localhost.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&addr, &localhost, 0);
+ } else {
+ if (isc_net_probeipv6() != ISC_R_SUCCESS)
+ continue;
+ isc_sockaddr_fromin6(&addr,
+ &in6addr_loopback, 0);
+ }
+ isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
+
+ isc_sockaddr_format(&addr, socktext, sizeof(socktext));
+
+ update_listener(cp, &listener, NULL, NULL,
+ &addr, NULL, socktext,
+ isc_sockettype_tcp);
+
+ if (listener != NULL)
+ /*
+ * Remove the listener from the old
+ * list, so it won't be shut down.
+ */
+ ISC_LIST_UNLINK(cp->listeners,
+ listener, link);
+ else
+ /*
+ * This is a new listener.
+ */
+ add_listener(cp, &listener, NULL, NULL,
+ &addr, NULL, socktext,
+ isc_sockettype_tcp);
+
+ if (listener != NULL)
+ ISC_LIST_APPEND(new_listeners,
+ listener, link);
+ }
+ }
+
+ /*
+ * ns_control_shutdown() will stop whatever is on the global
+ * listeners list, which currently only has whatever sockaddrs
+ * were in the previous configuration (if any) that do not
+ * remain in the current configuration.
+ */
+ controls_shutdown(cp);
+
+ /*
+ * Put all of the valid listeners on the listeners list.
+ * Anything already on listeners in the process of shutting
+ * down will be taken care of by listen_done().
+ */
+ ISC_LIST_APPENDLIST(cp->listeners, new_listeners, link);
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp) {
+ isc_mem_t *mctx = server->mctx;
+ isc_result_t result;
+ ns_controls_t *controls = isc_mem_get(mctx, sizeof(*controls));
+
+ if (controls == NULL)
+ return (ISC_R_NOMEMORY);
+ controls->server = server;
+ ISC_LIST_INIT(controls->listeners);
+ controls->shuttingdown = ISC_FALSE;
+ controls->symtab = NULL;
+ result = isccc_cc_createsymtab(&controls->symtab);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(server->mctx, controls, sizeof(*controls));
+ return (result);
+ }
+ *ctrlsp = controls;
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_controls_destroy(ns_controls_t **ctrlsp) {
+ ns_controls_t *controls = *ctrlsp;
+
+ REQUIRE(ISC_LIST_EMPTY(controls->listeners));
+
+ isccc_symtab_destroy(&controls->symtab);
+ isc_mem_put(controls->server->mctx, controls, sizeof(*controls));
+ *ctrlsp = NULL;
+}
diff --git a/bin/named/convertxsl.pl b/bin/named/convertxsl.pl
new file mode 100755
index 0000000..87550b3
--- /dev/null
+++ b/bin/named/convertxsl.pl
@@ -0,0 +1,57 @@
+#!/usr/bin/env perl
+#
+# Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $
+
+use strict;
+use warnings;
+
+my $rev = '$Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $';
+$rev =~ s/\$//g;
+$rev =~ s/,v//g;
+$rev =~ s/Id: //;
+
+my $xsl = "unknown";
+my $lines = '';
+
+while (<>) {
+ chomp;
+ # pickout the id for comment.
+ $xsl = $_ if (/<!-- .Id:.* -->/);
+ # convert Id string to a form not recognisable by cvs.
+ $_ =~ s/<!-- .Id:(.*). -->/<!-- \\045Id: $1\\045 -->/;
+ s/[\ \t]+/ /g;
+ s/\>\ \</\>\</g;
+ s/\"/\\\"/g;
+ s/^/\t\"/;
+ s/$/\\n\"/;
+ if ($lines eq "") {
+ $lines .= $_;
+ } else {
+ $lines .= "\n" . $_;
+ }
+}
+
+$xsl =~ s/\$//g;
+$xsl =~ s/<!-- Id: //;
+$xsl =~ s/ -->.*//;
+$xsl =~ s/,v//;
+
+print "/*\n * Generated by $rev \n * From $xsl\n */\n";
+print 'static char xslmsg[] =',"\n";
+print $lines;
+
+print ';', "\n";
diff --git a/bin/named/include/named/builtin.h b/bin/named/include/named/builtin.h
new file mode 100644
index 0000000..a5185ba
--- /dev/null
+++ b/bin/named/include/named/builtin.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: builtin.h,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_BUILTIN_H
+#define NAMED_BUILTIN_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+
+isc_result_t ns_builtin_init(void);
+
+void ns_builtin_deinit(void);
+
+#endif /* NAMED_BUILTIN_H */
diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
new file mode 100644
index 0000000..b4be639
--- /dev/null
+++ b/bin/named/include/named/client.h
@@ -0,0 +1,375 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: client.h,v 1.86 2008/04/03 02:01:08 marka Exp $ */
+
+#ifndef NAMED_CLIENT_H
+#define NAMED_CLIENT_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*! \file
+ * \brief
+ * This module defines two objects, ns_client_t and ns_clientmgr_t.
+ *
+ * An ns_client_t object handles incoming DNS requests from clients
+ * on a given network interface.
+ *
+ * Each ns_client_t object can handle only one TCP connection or UDP
+ * request at a time. Therefore, several ns_client_t objects are
+ * typically created to serve each network interface, e.g., one
+ * for handling TCP requests and a few (one per CPU) for handling
+ * UDP requests.
+ *
+ * Incoming requests are classified as queries, zone transfer
+ * requests, update requests, notify requests, etc, and handed off
+ * to the appropriate request handler. When the request has been
+ * fully handled (which can be much later), the ns_client_t must be
+ * notified of this by calling one of the following functions
+ * exactly once in the context of its task:
+ * \code
+ * ns_client_send() (sending a non-error response)
+ * ns_client_sendraw() (sending a raw response)
+ * ns_client_error() (sending an error response)
+ * ns_client_next() (sending no response)
+ *\endcode
+ * This will release any resources used by the request and
+ * and allow the ns_client_t to listen for the next request.
+ *
+ * A ns_clientmgr_t manages a number of ns_client_t objects.
+ * New ns_client_t objects are created by calling
+ * ns_clientmgr_createclients(). They are destroyed by
+ * destroying their manager.
+ */
+
+/***
+ *** Imports
+ ***/
+
+#include <isc/buffer.h>
+#include <isc/magic.h>
+#include <isc/stdtime.h>
+#include <isc/quota.h>
+
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+#include <dns/tcpmsg.h>
+#include <dns/types.h>
+
+#include <named/types.h>
+#include <named/query.h>
+
+/***
+ *** Types
+ ***/
+
+typedef ISC_LIST(ns_client_t) client_list_t;
+
+/*% nameserver client structure */
+struct ns_client {
+ unsigned int magic;
+ isc_mem_t * mctx;
+ ns_clientmgr_t * manager;
+ int state;
+ int newstate;
+ int naccepts;
+ int nreads;
+ int nsends;
+ int nrecvs;
+ int nupdates;
+ int nctls;
+ int references;
+ isc_boolean_t needshutdown; /*
+ * Used by clienttest to get
+ * the client to go from
+ * inactive to free state
+ * by shutting down the
+ * client's task.
+ */
+ unsigned int attributes;
+ isc_task_t * task;
+ dns_view_t * view;
+ dns_dispatch_t * dispatch;
+ isc_socket_t * udpsocket;
+ isc_socket_t * tcplistener;
+ isc_socket_t * tcpsocket;
+ unsigned char * tcpbuf;
+ dns_tcpmsg_t tcpmsg;
+ isc_boolean_t tcpmsg_valid;
+ isc_timer_t * timer;
+ isc_boolean_t timerset;
+ dns_message_t * message;
+ isc_socketevent_t * sendevent;
+ isc_socketevent_t * recvevent;
+ unsigned char * recvbuf;
+ dns_rdataset_t * opt;
+ isc_uint16_t udpsize;
+ isc_uint16_t extflags;
+ isc_int16_t ednsversion; /* -1 noedns */
+ void (*next)(ns_client_t *);
+ void (*shutdown)(void *arg, isc_result_t result);
+ void *shutdown_arg;
+ ns_query_t query;
+ isc_stdtime_t requesttime;
+ isc_stdtime_t now;
+ dns_name_t signername; /*%< [T]SIG key name */
+ dns_name_t * signer; /*%< NULL if not valid sig */
+ isc_boolean_t mortal; /*%< Die after handling request */
+ isc_quota_t *tcpquota;
+ isc_quota_t *recursionquota;
+ ns_interface_t *interface;
+ isc_sockaddr_t peeraddr;
+ isc_boolean_t peeraddr_valid;
+ struct in6_pktinfo pktinfo;
+ isc_event_t ctlevent;
+ /*%
+ * Information about recent FORMERR response(s), for
+ * FORMERR loop avoidance. This is separate for each
+ * client object rather than global only to avoid
+ * the need for locking.
+ */
+ struct {
+ isc_sockaddr_t addr;
+ isc_stdtime_t time;
+ dns_messageid_t id;
+ } formerrcache;
+ ISC_LINK(ns_client_t) link;
+ /*%
+ * The list 'link' is part of, or NULL if not on any list.
+ */
+ client_list_t *list;
+};
+
+#define NS_CLIENT_MAGIC ISC_MAGIC('N','S','C','c')
+#define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
+
+#define NS_CLIENTATTR_TCP 0x01
+#define NS_CLIENTATTR_RA 0x02 /*%< Client gets recusive service */
+#define NS_CLIENTATTR_PKTINFO 0x04 /*%< pktinfo is valid */
+#define NS_CLIENTATTR_MULTICAST 0x08 /*%< recv'd from multicast */
+#define NS_CLIENTATTR_WANTDNSSEC 0x10 /*%< include dnssec records */
+#define NS_CLIENTATTR_WANTNSID 0x20 /*%< include nameserver ID */
+
+extern unsigned int ns_client_requests;
+
+/***
+ *** Functions
+ ***/
+
+/*%
+ * Note! These ns_client_ routines MUST be called ONLY from the client's
+ * task in order to ensure synchronization.
+ */
+
+void
+ns_client_send(ns_client_t *client);
+/*%
+ * Finish processing the current client request and
+ * send client->message as a response.
+ * \brief
+ * Note! These ns_client_ routines MUST be called ONLY from the client's
+ * task in order to ensure synchronization.
+ */
+
+void
+ns_client_sendraw(ns_client_t *client, dns_message_t *msg);
+/*%
+ * Finish processing the current client request and
+ * send msg as a response using client->message->id for the id.
+ */
+
+void
+ns_client_error(ns_client_t *client, isc_result_t result);
+/*%
+ * Finish processing the current client request and return
+ * an error response to the client. The error response
+ * will have an RCODE determined by 'result'.
+ */
+
+void
+ns_client_next(ns_client_t *client, isc_result_t result);
+/*%
+ * Finish processing the current client request,
+ * return no response to the client.
+ */
+
+isc_boolean_t
+ns_client_shuttingdown(ns_client_t *client);
+/*%
+ * Return ISC_TRUE iff the client is currently shutting down.
+ */
+
+void
+ns_client_attach(ns_client_t *source, ns_client_t **target);
+/*%
+ * Attach '*targetp' to 'source'.
+ */
+
+void
+ns_client_detach(ns_client_t **clientp);
+/*%
+ * Detach '*clientp' from its client.
+ */
+
+isc_result_t
+ns_client_replace(ns_client_t *client);
+/*%
+ * Try to replace the current client with a new one, so that the
+ * current one can go off and do some lengthy work without
+ * leaving the dispatch/socket without service.
+ */
+
+void
+ns_client_settimeout(ns_client_t *client, unsigned int seconds);
+/*%
+ * Set a timer in the client to go off in the specified amount of time.
+ */
+
+isc_result_t
+ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
+ isc_timermgr_t *timermgr, ns_clientmgr_t **managerp);
+/*%
+ * Create a client manager.
+ */
+
+void
+ns_clientmgr_destroy(ns_clientmgr_t **managerp);
+/*%
+ * Destroy a client manager and all ns_client_t objects
+ * managed by it.
+ */
+
+isc_result_t
+ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
+ ns_interface_t *ifp, isc_boolean_t tcp);
+/*%
+ * Create up to 'n' clients listening on interface 'ifp'.
+ * If 'tcp' is ISC_TRUE, the clients will listen for TCP connections,
+ * otherwise for UDP requests.
+ */
+
+isc_sockaddr_t *
+ns_client_getsockaddr(ns_client_t *client);
+/*%
+ * Get the socket address of the client whose request is
+ * currently being processed.
+ */
+
+isc_result_t
+ns_client_checkaclsilent(ns_client_t *client,
+ isc_sockaddr_t *sockaddr,
+ dns_acl_t *acl,
+ isc_boolean_t default_allow);
+
+/*%
+ * Convenience function for client request ACL checking.
+ *
+ * Check the current client request against 'acl'. If 'acl'
+ * is NULL, allow the request iff 'default_allow' is ISC_TRUE.
+ * If netaddr is NULL, check the ACL against client->peeraddr;
+ * otherwise check it against netaddr.
+ *
+ * Notes:
+ *\li This is appropriate for checking allow-update,
+ * allow-query, allow-transfer, etc. It is not appropriate
+ * for checking the blackhole list because we treat positive
+ * matches as "allow" and negative matches as "deny"; in
+ * the case of the blackhole list this would be backwards.
+ *
+ * Requires:
+ *\li 'client' points to a valid client.
+ *\li 'sockaddr' points to a valid address, or is NULL.
+ *\li 'acl' points to a valid ACL, or is NULL.
+ *
+ * Returns:
+ *\li ISC_R_SUCCESS if the request should be allowed
+ * \li ISC_R_REFUSED if the request should be denied
+ *\li No other return values are possible.
+ */
+
+isc_result_t
+ns_client_checkacl(ns_client_t *client,
+ isc_sockaddr_t *sockaddr,
+ const char *opname, dns_acl_t *acl,
+ isc_boolean_t default_allow,
+ int log_level);
+/*%
+ * Like ns_client_checkaclsilent, except the outcome of the check is
+ * logged at log level 'log_level' if denied, and at debug 3 if approved.
+ * Log messages will refer to the request as an 'opname' request.
+ *
+ * Requires:
+ *\li 'client' points to a valid client.
+ *\li 'sockaddr' points to a valid address, or is NULL.
+ *\li 'acl' points to a valid ACL, or is NULL.
+ *\li 'opname' points to a null-terminated string.
+ */
+
+void
+ns_client_log(ns_client_t *client, isc_logcategory_t *category,
+ isc_logmodule_t *module, int level,
+ const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
+
+void
+ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
+ isc_logmodule_t *module, int level, const char *fmt, va_list ap) ISC_FORMAT_PRINTF(5, 0);
+
+void
+ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
+ dns_rdataclass_t rdclass, char *buf, size_t len);
+
+#define NS_CLIENT_ACLMSGSIZE(x) \
+ (DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE + \
+ DNS_RDATACLASS_FORMATSIZE + sizeof(x) + sizeof("'/'"))
+
+void
+ns_client_recursing(ns_client_t *client);
+/*%
+ * Add client to end of th recursing list.
+ */
+
+void
+ns_client_killoldestquery(ns_client_t *client);
+/*%
+ * Kill the oldest recursive query (recursing list head).
+ */
+
+void
+ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
+/*%
+ * Dump the outstanding recursive queries to 'f'.
+ */
+
+void
+ns_client_qnamereplace(ns_client_t *client, dns_name_t *name);
+/*%
+ * Replace the qname.
+ */
+
+isc_boolean_t
+ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
+ isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
+ dns_rdataclass_t rdclass, void *arg);
+/*%
+ * Isself callback.
+ */
+
+#endif /* NAMED_CLIENT_H */
diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h
new file mode 100644
index 0000000..f7ceed8
--- /dev/null
+++ b/bin/named/include/named/config.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: config.h,v 1.14 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_CONFIG_H
+#define NAMED_CONFIG_H 1
+
+/*! \file */
+
+#include <isccfg/cfg.h>
+
+#include <dns/types.h>
+#include <dns/zone.h>
+
+isc_result_t
+ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf);
+
+isc_result_t
+ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj);
+
+isc_result_t
+ns_checknames_get(const cfg_obj_t **maps, const char* name,
+ const cfg_obj_t **obj);
+
+int
+ns_config_listcount(const cfg_obj_t *list);
+
+isc_result_t
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ dns_rdataclass_t *classp);
+
+isc_result_t
+ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
+ dns_rdatatype_t *typep);
+
+dns_zonetype_t
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj);
+
+isc_result_t
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
+ in_port_t defport, isc_mem_t *mctx,
+ isc_sockaddr_t **addrsp, isc_uint32_t *countp);
+
+void
+ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ isc_uint32_t count);
+
+isc_result_t
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+ isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ dns_name_t ***keys, isc_uint32_t *countp);
+
+void
+ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+ dns_name_t ***keys, isc_uint32_t count);
+
+isc_result_t
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp);
+
+isc_result_t
+ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
+ isc_uint16_t *digestbits);
+
+#endif /* NAMED_CONFIG_H */
diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h
new file mode 100644
index 0000000..d382ffe
--- /dev/null
+++ b/bin/named/include/named/control.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: control.h,v 1.25 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_CONTROL_H
+#define NAMED_CONTROL_H 1
+
+/*! \file
+ * \brief
+ * The name server command channel.
+ */
+
+#include <isccc/types.h>
+
+#include <isccfg/aclconf.h>
+
+#include <named/types.h>
+
+#define NS_CONTROL_PORT 953
+
+#define NS_COMMAND_STOP "stop"
+#define NS_COMMAND_HALT "halt"
+#define NS_COMMAND_RELOAD "reload"
+#define NS_COMMAND_RECONFIG "reconfig"
+#define NS_COMMAND_REFRESH "refresh"
+#define NS_COMMAND_RETRANSFER "retransfer"
+#define NS_COMMAND_DUMPSTATS "stats"
+#define NS_COMMAND_QUERYLOG "querylog"
+#define NS_COMMAND_DUMPDB "dumpdb"
+#define NS_COMMAND_TRACE "trace"
+#define NS_COMMAND_NOTRACE "notrace"
+#define NS_COMMAND_FLUSH "flush"
+#define NS_COMMAND_FLUSHNAME "flushname"
+#define NS_COMMAND_STATUS "status"
+#define NS_COMMAND_TSIGLIST "tsig-list"
+#define NS_COMMAND_TSIGDELETE "tsig-delete"
+#define NS_COMMAND_FREEZE "freeze"
+#define NS_COMMAND_UNFREEZE "unfreeze"
+#define NS_COMMAND_THAW "thaw"
+#define NS_COMMAND_TIMERPOKE "timerpoke"
+#define NS_COMMAND_RECURSING "recursing"
+#define NS_COMMAND_NULL "null"
+#define NS_COMMAND_NOTIFY "notify"
+#define NS_COMMAND_VALIDATION "validation"
+
+isc_result_t
+ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
+/*%<
+ * Create an initial, empty set of command channels for 'server'.
+ */
+
+void
+ns_controls_destroy(ns_controls_t **ctrlsp);
+/*%<
+ * Destroy a set of command channels.
+ *
+ * Requires:
+ * Shutdown of the channels has completed.
+ */
+
+isc_result_t
+ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config,
+ cfg_aclconfctx_t *aclconfctx);
+/*%<
+ * Configure zero or more command channels into 'controls'
+ * as defined in the configuration parse tree 'config'.
+ * The channels will evaluate ACLs in the context of
+ * 'aclconfctx'.
+ */
+
+void
+ns_controls_shutdown(ns_controls_t *controls);
+/*%<
+ * Initiate shutdown of all the command channels in 'controls'.
+ */
+
+isc_result_t
+ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text);
+
+#endif /* NAMED_CONTROL_H */
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
new file mode 100644
index 0000000..6040dc3
--- /dev/null
+++ b/bin/named/include/named/globals.h
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: globals.h,v 1.80 2008/11/16 22:49:18 marka Exp $ */
+
+#ifndef NAMED_GLOBALS_H
+#define NAMED_GLOBALS_H 1
+
+/*! \file */
+
+#include <isc/rwlock.h>
+#include <isc/log.h>
+#include <isc/net.h>
+
+#include <isccfg/cfg.h>
+
+#include <dns/zone.h>
+
+#include <named/types.h>
+
+#undef EXTERN
+#undef INIT
+#ifdef NS_MAIN
+#define EXTERN
+#define INIT(v) = (v)
+#else
+#define EXTERN extern
+#define INIT(v)
+#endif
+
+#ifndef NS_RUN_PID_DIR
+#define NS_RUN_PID_DIR 1
+#endif
+
+EXTERN isc_mem_t * ns_g_mctx INIT(NULL);
+EXTERN unsigned int ns_g_cpus INIT(0);
+EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL);
+EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL);
+EXTERN isc_entropy_t * ns_g_entropy INIT(NULL);
+EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL);
+EXTERN unsigned int ns_g_cpus_detected INIT(1);
+
+/*
+ * XXXRTH We're going to want multiple timer managers eventually. One
+ * for really short timers, another for client timers, and one
+ * for zone timers.
+ */
+EXTERN isc_timermgr_t * ns_g_timermgr INIT(NULL);
+EXTERN isc_socketmgr_t * ns_g_socketmgr INIT(NULL);
+EXTERN cfg_parser_t * ns_g_parser INIT(NULL);
+EXTERN const char * ns_g_version INIT(VERSION);
+EXTERN const char * ns_g_configargs INIT(CONFIGARGS);
+EXTERN in_port_t ns_g_port INIT(0);
+EXTERN in_port_t lwresd_g_listenport INIT(0);
+
+EXTERN ns_server_t * ns_g_server INIT(NULL);
+
+EXTERN isc_boolean_t ns_g_lwresdonly INIT(ISC_FALSE);
+
+/*
+ * Logging.
+ */
+EXTERN isc_log_t * ns_g_lctx INIT(NULL);
+EXTERN isc_logcategory_t * ns_g_categories INIT(NULL);
+EXTERN isc_logmodule_t * ns_g_modules INIT(NULL);
+EXTERN unsigned int ns_g_debuglevel INIT(0);
+
+/*
+ * Current configuration information.
+ */
+EXTERN cfg_obj_t * ns_g_config INIT(NULL);
+EXTERN const cfg_obj_t * ns_g_defaults INIT(NULL);
+EXTERN const char * ns_g_conffile INIT(NS_SYSCONFDIR
+ "/named.conf");
+EXTERN const char * ns_g_keyfile INIT(NS_SYSCONFDIR
+ "/rndc.key");
+EXTERN const char * lwresd_g_conffile INIT(NS_SYSCONFDIR
+ "/lwresd.conf");
+EXTERN const char * lwresd_g_resolvconffile INIT("/etc"
+ "/resolv.conf");
+EXTERN isc_boolean_t ns_g_conffileset INIT(ISC_FALSE);
+EXTERN isc_boolean_t lwresd_g_useresolvconf INIT(ISC_FALSE);
+EXTERN isc_uint16_t ns_g_udpsize INIT(4096);
+
+/*
+ * Initial resource limits.
+ */
+EXTERN isc_resourcevalue_t ns_g_initstacksize INIT(0);
+EXTERN isc_resourcevalue_t ns_g_initdatasize INIT(0);
+EXTERN isc_resourcevalue_t ns_g_initcoresize INIT(0);
+EXTERN isc_resourcevalue_t ns_g_initopenfiles INIT(0);
+
+/*
+ * Misc.
+ */
+EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE);
+EXTERN const char * ns_g_chrootdir INIT(NULL);
+EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE);
+EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE);
+
+#if NS_RUN_PID_DIR
+EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR
+ "/run/named/"
+ "named.pid");
+EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
+ "/run/lwresd/"
+ "lwresd.pid");
+#else
+EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR
+ "/run/named.pid");
+EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
+ "/run/lwresd.pid");
+#endif
+
+EXTERN const char * ns_g_username INIT(NULL);
+
+EXTERN int ns_g_listen INIT(3);
+EXTERN isc_time_t ns_g_boottime;
+EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE);
+EXTERN isc_boolean_t ns_g_clienttest INIT(ISC_FALSE);
+
+#undef EXTERN
+#undef INIT
+
+#endif /* NAMED_GLOBALS_H */
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
new file mode 100644
index 0000000..2724c39
--- /dev/null
+++ b/bin/named/include/named/interfacemgr.h
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_INTERFACEMGR_H
+#define NAMED_INTERFACEMGR_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*! \file
+ * \brief
+ * The interface manager monitors the operating system's list
+ * of network interfaces, creating and destroying listeners
+ * as needed.
+ *
+ * Reliability:
+ *\li No impact expected.
+ *
+ * Resources:
+ *
+ * Security:
+ * \li The server will only be able to bind to the DNS port on
+ * newly discovered interfaces if it is running as root.
+ *
+ * Standards:
+ *\li The API for scanning varies greatly among operating systems.
+ * This module attempts to hide the differences.
+ */
+
+/***
+ *** Imports
+ ***/
+
+#include <isc/magic.h>
+#include <isc/mem.h>
+#include <isc/socket.h>
+
+#include <dns/result.h>
+
+#include <named/listenlist.h>
+#include <named/types.h>
+
+/***
+ *** Types
+ ***/
+
+#define IFACE_MAGIC ISC_MAGIC('I',':','-',')')
+#define NS_INTERFACE_VALID(t) ISC_MAGIC_VALID(t, IFACE_MAGIC)
+
+#define NS_INTERFACEFLAG_ANYADDR 0x01U /*%< bound to "any" address */
+
+/*% The nameserver interface structure */
+struct ns_interface {
+ unsigned int magic; /*%< Magic number. */
+ ns_interfacemgr_t * mgr; /*%< Interface manager. */
+ isc_mutex_t lock;
+ int references; /*%< Locked */
+ unsigned int generation; /*%< Generation number. */
+ isc_sockaddr_t addr; /*%< Address and port. */
+ unsigned int flags; /*%< Interface characteristics */
+ char name[32]; /*%< Null terminated. */
+ dns_dispatch_t * udpdispatch; /*%< UDP dispatcher. */
+ isc_socket_t * tcpsocket; /*%< TCP socket. */
+ int ntcptarget; /*%< Desired number of concurrent
+ TCP accepts */
+ int ntcpcurrent; /*%< Current ditto, locked */
+ ns_clientmgr_t * clientmgr; /*%< Client manager. */
+ ISC_LINK(ns_interface_t) link;
+};
+
+/***
+ *** Functions
+ ***/
+
+isc_result_t
+ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
+ isc_socketmgr_t *socketmgr,
+ dns_dispatchmgr_t *dispatchmgr,
+ ns_interfacemgr_t **mgrp);
+/*%
+ * Create a new interface manager.
+ *
+ * Initially, the new manager will not listen on any interfaces.
+ * Call ns_interfacemgr_setlistenon() and/or ns_interfacemgr_setlistenon6()
+ * to set nonempty listen-on lists.
+ */
+
+void
+ns_interfacemgr_attach(ns_interfacemgr_t *source, ns_interfacemgr_t **target);
+
+void
+ns_interfacemgr_detach(ns_interfacemgr_t **targetp);
+
+void
+ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr);
+
+void
+ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose);
+/*%
+ * Scan the operatings system's list of network interfaces
+ * and create listeners when new interfaces are discovered.
+ * Shut down the sockets for interfaces that go away.
+ *
+ * This should be called once on server startup and then
+ * periodically according to the 'interface-interval' option
+ * in named.conf.
+ */
+
+void
+ns_interfacemgr_adjust(ns_interfacemgr_t *mgr, ns_listenlist_t *list,
+ isc_boolean_t verbose);
+/*%
+ * Similar to ns_interfacemgr_scan(), but this function also tries to see the
+ * need for an explicit listen-on when a list element in 'list' is going to
+ * override an already-listening a wildcard interface.
+ *
+ * This function does not update localhost and localnets ACLs.
+ *
+ * This should be called once on server startup, after configuring views and
+ * zones.
+ */
+
+void
+ns_interfacemgr_setlistenon4(ns_interfacemgr_t *mgr, ns_listenlist_t *value);
+/*%
+ * Set the IPv4 "listen-on" list of 'mgr' to 'value'.
+ * The previous IPv4 listen-on list is freed.
+ */
+
+void
+ns_interfacemgr_setlistenon6(ns_interfacemgr_t *mgr, ns_listenlist_t *value);
+/*%
+ * Set the IPv6 "listen-on" list of 'mgr' to 'value'.
+ * The previous IPv6 listen-on list is freed.
+ */
+
+dns_aclenv_t *
+ns_interfacemgr_getaclenv(ns_interfacemgr_t *mgr);
+
+void
+ns_interface_attach(ns_interface_t *source, ns_interface_t **target);
+
+void
+ns_interface_detach(ns_interface_t **targetp);
+
+void
+ns_interface_shutdown(ns_interface_t *ifp);
+/*%
+ * Stop listening for queries on interface 'ifp'.
+ * May safely be called multiple times.
+ */
+
+void
+ns_interfacemgr_dumprecursing(FILE *f, ns_interfacemgr_t *mgr);
+
+isc_boolean_t
+ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr);
+
+#endif /* NAMED_INTERFACEMGR_H */
diff --git a/bin/named/include/named/listenlist.h b/bin/named/include/named/listenlist.h
new file mode 100644
index 0000000..9e65d5d
--- /dev/null
+++ b/bin/named/include/named/listenlist.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: listenlist.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_LISTENLIST_H
+#define NAMED_LISTENLIST_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*! \file
+ * \brief
+ * "Listen lists", as in the "listen-on" configuration statement.
+ */
+
+/***
+ *** Imports
+ ***/
+#include <isc/net.h>
+
+#include <dns/types.h>
+
+/***
+ *** Types
+ ***/
+
+typedef struct ns_listenelt ns_listenelt_t;
+typedef struct ns_listenlist ns_listenlist_t;
+
+struct ns_listenelt {
+ isc_mem_t * mctx;
+ in_port_t port;
+ dns_acl_t * acl;
+ ISC_LINK(ns_listenelt_t) link;
+};
+
+struct ns_listenlist {
+ isc_mem_t * mctx;
+ int refcount;
+ ISC_LIST(ns_listenelt_t) elts;
+};
+
+/***
+ *** Functions
+ ***/
+
+isc_result_t
+ns_listenelt_create(isc_mem_t *mctx, in_port_t port,
+ dns_acl_t *acl, ns_listenelt_t **target);
+/*%
+ * Create a listen-on list element.
+ */
+
+void
+ns_listenelt_destroy(ns_listenelt_t *elt);
+/*%
+ * Destroy a listen-on list element.
+ */
+
+isc_result_t
+ns_listenlist_create(isc_mem_t *mctx, ns_listenlist_t **target);
+/*%
+ * Create a new, empty listen-on list.
+ */
+
+void
+ns_listenlist_attach(ns_listenlist_t *source, ns_listenlist_t **target);
+/*%
+ * Attach '*target' to '*source'.
+ */
+
+void
+ns_listenlist_detach(ns_listenlist_t **listp);
+/*%
+ * Detach 'listp'.
+ */
+
+isc_result_t
+ns_listenlist_default(isc_mem_t *mctx, in_port_t port,
+ isc_boolean_t enabled, ns_listenlist_t **target);
+/*%
+ * Create a listen-on list with default contents, matching
+ * all addresses with port 'port' (if 'enabled' is ISC_TRUE),
+ * or no addresses (if 'enabled' is ISC_FALSE).
+ */
+
+#endif /* NAMED_LISTENLIST_H */
+
+
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
new file mode 100644
index 0000000..e8a4f32
--- /dev/null
+++ b/bin/named/include/named/log.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: log.h,v 1.25 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_LOG_H
+#define NAMED_LOG_H 1
+
+/*! \file */
+
+#include <isc/log.h>
+#include <isc/types.h>
+
+#include <dns/log.h>
+
+#include <named/globals.h> /* Required for ns_g_(categories|modules). */
+
+/* Unused slot 0. */
+#define NS_LOGCATEGORY_CLIENT (&ns_g_categories[1])
+#define NS_LOGCATEGORY_NETWORK (&ns_g_categories[2])
+#define NS_LOGCATEGORY_UPDATE (&ns_g_categories[3])
+#define NS_LOGCATEGORY_QUERIES (&ns_g_categories[4])
+#define NS_LOGCATEGORY_UNMATCHED (&ns_g_categories[5])
+#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])
+
+/*
+ * Backwards compatibility.
+ */
+#define NS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL
+
+#define NS_LOGMODULE_MAIN (&ns_g_modules[0])
+#define NS_LOGMODULE_CLIENT (&ns_g_modules[1])
+#define NS_LOGMODULE_SERVER (&ns_g_modules[2])
+#define NS_LOGMODULE_QUERY (&ns_g_modules[3])
+#define NS_LOGMODULE_INTERFACEMGR (&ns_g_modules[4])
+#define NS_LOGMODULE_UPDATE (&ns_g_modules[5])
+#define NS_LOGMODULE_XFER_IN (&ns_g_modules[6])
+#define NS_LOGMODULE_XFER_OUT (&ns_g_modules[7])
+#define NS_LOGMODULE_NOTIFY (&ns_g_modules[8])
+#define NS_LOGMODULE_CONTROL (&ns_g_modules[9])
+#define NS_LOGMODULE_LWRESD (&ns_g_modules[10])
+
+isc_result_t
+ns_log_init(isc_boolean_t safe);
+/*%
+ * Initialize the logging system and set up an initial default
+ * logging default configuration that will be used until the
+ * config file has been read.
+ *
+ * If 'safe' is true, use a default configuration that refrains
+ * from opening files. This is to avoid creating log files
+ * as root.
+ */
+
+isc_result_t
+ns_log_setdefaultchannels(isc_logconfig_t *lcfg);
+/*%
+ * Set up logging channels according to the named defaults, which
+ * may differ from the logging library defaults. Currently,
+ * this just means setting up default_debug.
+ */
+
+isc_result_t
+ns_log_setsafechannels(isc_logconfig_t *lcfg);
+/*%
+ * Like ns_log_setdefaultchannels(), but omits any logging to files.
+ */
+
+isc_result_t
+ns_log_setdefaultcategory(isc_logconfig_t *lcfg);
+/*%
+ * Set up "category default" to go to the right places.
+ */
+
+isc_result_t
+ns_log_setunmatchedcategory(isc_logconfig_t *lcfg);
+/*%
+ * Set up "category unmatched" to go to the right places.
+ */
+
+void
+ns_log_shutdown(void);
+
+#endif /* NAMED_LOG_H */
diff --git a/bin/named/include/named/logconf.h b/bin/named/include/named/logconf.h
new file mode 100644
index 0000000..0354345
--- /dev/null
+++ b/bin/named/include/named/logconf.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: logconf.h,v 1.17 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_LOGCONF_H
+#define NAMED_LOGCONF_H 1
+
+/*! \file */
+
+#include <isc/log.h>
+
+isc_result_t
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt);
+/*%<
+ * Set up the logging configuration in '*logconf' according to
+ * the named.conf data in 'logstmt'.
+ */
+
+#endif /* NAMED_LOGCONF_H */
diff --git a/bin/named/include/named/lwaddr.h b/bin/named/include/named/lwaddr.h
new file mode 100644
index 0000000..962aa91
--- /dev/null
+++ b/bin/named/include/named/lwaddr.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwaddr.h,v 1.8 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <lwres/lwres.h>
+#include <lwres/net.h>
+
+isc_result_t
+lwaddr_netaddr_fromlwresaddr(isc_netaddr_t *na, lwres_addr_t *la);
+
+isc_result_t
+lwaddr_sockaddr_fromlwresaddr(isc_sockaddr_t *sa, lwres_addr_t *la,
+ in_port_t port);
+
+isc_result_t
+lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na);
+
+isc_result_t
+lwaddr_lwresaddr_fromsockaddr(lwres_addr_t *la, isc_sockaddr_t *sa);
diff --git a/bin/named/include/named/lwdclient.h b/bin/named/include/named/lwdclient.h
new file mode 100644
index 0000000..176134a
--- /dev/null
+++ b/bin/named/include/named/lwdclient.h
@@ -0,0 +1,234 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwdclient.h,v 1.18 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_LWDCLIENT_H
+#define NAMED_LWDCLIENT_H 1
+
+/*! \file */
+
+#include <isc/event.h>
+#include <isc/eventclass.h>
+#include <isc/netaddr.h>
+#include <isc/sockaddr.h>
+#include <isc/types.h>
+
+#include <dns/fixedname.h>
+#include <dns/types.h>
+
+#include <lwres/lwres.h>
+
+#include <named/lwsearch.h>
+
+#define LWRD_EVENTCLASS ISC_EVENTCLASS(4242)
+
+#define LWRD_SHUTDOWN (LWRD_EVENTCLASS + 0x0001)
+
+/*% Lighweight Resolver Daemon Client */
+struct ns_lwdclient {
+ isc_sockaddr_t address; /*%< where to reply */
+ struct in6_pktinfo pktinfo;
+ isc_boolean_t pktinfo_valid;
+ ns_lwdclientmgr_t *clientmgr; /*%< our parent */
+ ISC_LINK(ns_lwdclient_t) link;
+ unsigned int state;
+ void *arg; /*%< packet processing state */
+
+ /*
+ * Received data info.
+ */
+ unsigned char buffer[LWRES_RECVLENGTH]; /*%< receive buffer */
+ isc_uint32_t recvlength; /*%< length recv'd */
+ lwres_lwpacket_t pkt;
+
+ /*%
+ * Send data state. If sendbuf != buffer (that is, the send buffer
+ * isn't our receive buffer) it will be freed to the lwres_context_t.
+ */
+ unsigned char *sendbuf;
+ isc_uint32_t sendlength;
+ isc_buffer_t recv_buffer;
+
+ /*%
+ * gabn (get address by name) state info.
+ */
+ dns_adbfind_t *find;
+ dns_adbfind_t *v4find;
+ dns_adbfind_t *v6find;
+ unsigned int find_wanted; /*%< Addresses we want */
+ dns_fixedname_t query_name;
+ dns_fixedname_t target_name;
+ ns_lwsearchctx_t searchctx;
+ lwres_gabnresponse_t gabn;
+
+ /*%
+ * gnba (get name by address) state info.
+ */
+ lwres_gnbaresponse_t gnba;
+ dns_byaddr_t *byaddr;
+ unsigned int options;
+ isc_netaddr_t na;
+
+ /*%
+ * grbn (get rrset by name) state info.
+ *
+ * Note: this also uses target_name and searchctx.
+ */
+ lwres_grbnresponse_t grbn;
+ dns_lookup_t *lookup;
+ dns_rdatatype_t rdtype;
+
+ /*%
+ * Alias and address info. This is copied up to the gabn/gnba
+ * structures eventually.
+ *
+ * XXXMLG We can keep all of this in a client since we only service
+ * three packet types right now. If we started handling more,
+ * we'd need to use "arg" above and allocate/destroy things.
+ */
+ char *aliases[LWRES_MAX_ALIASES];
+ isc_uint16_t aliaslen[LWRES_MAX_ALIASES];
+ lwres_addr_t addrs[LWRES_MAX_ADDRS];
+};
+
+/*%
+ * Client states.
+ *
+ * _IDLE The client is not doing anything at all.
+ *
+ * _RECV The client is waiting for data after issuing a socket recv().
+ *
+ * _RECVDONE Data has been received, and is being processed.
+ *
+ * _FINDWAIT An adb (or other) request was made that cannot be satisfied
+ * immediately. An event will wake the client up.
+ *
+ * _SEND All data for a response has completed, and a reply was
+ * sent via a socket send() call.
+ *
+ * Badly formatted state table:
+ *
+ * IDLE -> RECV when client has a recv() queued.
+ *
+ * RECV -> RECVDONE when recvdone event received.
+ *
+ * RECVDONE -> SEND if the data for a reply is at hand.
+ * RECVDONE -> FINDWAIT if more searching is needed, and events will
+ * eventually wake us up again.
+ *
+ * FINDWAIT -> SEND when enough data was received to reply.
+ *
+ * SEND -> IDLE when a senddone event was received.
+ *
+ * At any time -> IDLE on error. Sometimes this will be -> SEND
+ * instead, if enough data is on hand to reply with a meaningful
+ * error.
+ *
+ * Packets which are badly formatted may or may not get error returns.
+ */
+#define NS_LWDCLIENT_STATEIDLE 1
+#define NS_LWDCLIENT_STATERECV 2
+#define NS_LWDCLIENT_STATERECVDONE 3
+#define NS_LWDCLIENT_STATEFINDWAIT 4
+#define NS_LWDCLIENT_STATESEND 5
+#define NS_LWDCLIENT_STATESENDDONE 6
+
+#define NS_LWDCLIENT_ISIDLE(c) \
+ ((c)->state == NS_LWDCLIENT_STATEIDLE)
+#define NS_LWDCLIENT_ISRECV(c) \
+ ((c)->state == NS_LWDCLIENT_STATERECV)
+#define NS_LWDCLIENT_ISRECVDONE(c) \
+ ((c)->state == NS_LWDCLIENT_STATERECVDONE)
+#define NS_LWDCLIENT_ISFINDWAIT(c) \
+ ((c)->state == NS_LWDCLIENT_STATEFINDWAIT)
+#define NS_LWDCLIENT_ISSEND(c) \
+ ((c)->state == NS_LWDCLIENT_STATESEND)
+
+/*%
+ * Overall magic test that means we're not idle.
+ */
+#define NS_LWDCLIENT_ISRUNNING(c) (!NS_LWDCLIENT_ISIDLE(c))
+
+#define NS_LWDCLIENT_SETIDLE(c) \
+ ((c)->state = NS_LWDCLIENT_STATEIDLE)
+#define NS_LWDCLIENT_SETRECV(c) \
+ ((c)->state = NS_LWDCLIENT_STATERECV)
+#define NS_LWDCLIENT_SETRECVDONE(c) \
+ ((c)->state = NS_LWDCLIENT_STATERECVDONE)
+#define NS_LWDCLIENT_SETFINDWAIT(c) \
+ ((c)->state = NS_LWDCLIENT_STATEFINDWAIT)
+#define NS_LWDCLIENT_SETSEND(c) \
+ ((c)->state = NS_LWDCLIENT_STATESEND)
+#define NS_LWDCLIENT_SETSENDDONE(c) \
+ ((c)->state = NS_LWDCLIENT_STATESENDDONE)
+
+/*% lightweight daemon client manager */
+struct ns_lwdclientmgr {
+ ns_lwreslistener_t *listener;
+ isc_mem_t *mctx;
+ isc_socket_t *sock; /*%< socket to use */
+ dns_view_t *view;
+ lwres_context_t *lwctx; /*%< lightweight proto context */
+ isc_task_t *task; /*%< owning task */
+ unsigned int flags;
+ ISC_LINK(ns_lwdclientmgr_t) link;
+ ISC_LIST(ns_lwdclient_t) idle; /*%< idle client slots */
+ ISC_LIST(ns_lwdclient_t) running; /*%< running clients */
+};
+
+#define NS_LWDCLIENTMGR_FLAGRECVPENDING 0x00000001
+#define NS_LWDCLIENTMGR_FLAGSHUTTINGDOWN 0x00000002
+
+isc_result_t
+ns_lwdclientmgr_create(ns_lwreslistener_t *, unsigned int, isc_taskmgr_t *);
+
+void
+ns_lwdclient_initialize(ns_lwdclient_t *, ns_lwdclientmgr_t *);
+
+isc_result_t
+ns_lwdclient_startrecv(ns_lwdclientmgr_t *);
+
+void
+ns_lwdclient_stateidle(ns_lwdclient_t *);
+
+void
+ns_lwdclient_recv(isc_task_t *, isc_event_t *);
+
+void
+ns_lwdclient_shutdown(isc_task_t *, isc_event_t *);
+
+void
+ns_lwdclient_send(isc_task_t *, isc_event_t *);
+
+isc_result_t
+ns_lwdclient_sendreply(ns_lwdclient_t *client, isc_region_t *r);
+
+/*
+ * Processing functions of various types.
+ */
+void ns_lwdclient_processgabn(ns_lwdclient_t *, lwres_buffer_t *);
+void ns_lwdclient_processgnba(ns_lwdclient_t *, lwres_buffer_t *);
+void ns_lwdclient_processgrbn(ns_lwdclient_t *, lwres_buffer_t *);
+void ns_lwdclient_processnoop(ns_lwdclient_t *, lwres_buffer_t *);
+
+void ns_lwdclient_errorpktsend(ns_lwdclient_t *, isc_uint32_t);
+
+void ns_lwdclient_log(int level, const char *format, ...)
+ ISC_FORMAT_PRINTF(2, 3);
+
+#endif /* NAMED_LWDCLIENT_H */
diff --git a/bin/named/include/named/lwresd.h b/bin/named/include/named/lwresd.h
new file mode 100644
index 0000000..565e58d
--- /dev/null
+++ b/bin/named/include/named/lwresd.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwresd.h,v 1.19 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_LWRESD_H
+#define NAMED_LWRESD_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+#include <isc/sockaddr.h>
+
+#include <isccfg/cfg.h>
+
+#include <dns/types.h>
+
+struct ns_lwresd {
+ unsigned int magic;
+
+ isc_mutex_t lock;
+ dns_view_t *view;
+ ns_lwsearchlist_t *search;
+ unsigned int ndots;
+ isc_mem_t *mctx;
+ isc_boolean_t shutting_down;
+ unsigned int refs;
+};
+
+struct ns_lwreslistener {
+ unsigned int magic;
+
+ isc_mutex_t lock;
+ isc_mem_t *mctx;
+ isc_sockaddr_t address;
+ ns_lwresd_t *manager;
+ isc_socket_t *sock;
+ unsigned int refs;
+ ISC_LIST(ns_lwdclientmgr_t) cmgrs;
+ ISC_LINK(ns_lwreslistener_t) link;
+};
+
+/*%
+ * Configure lwresd.
+ */
+isc_result_t
+ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config);
+
+isc_result_t
+ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
+ cfg_obj_t **configp);
+
+/*%
+ * Trigger shutdown.
+ */
+void
+ns_lwresd_shutdown(void);
+
+/*
+ * Manager functions
+ */
+/*% create manager */
+isc_result_t
+ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
+ ns_lwresd_t **lwresdp);
+
+/*% attach to manager */
+void
+ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp);
+
+/*% detach from manager */
+void
+ns_lwdmanager_detach(ns_lwresd_t **lwresdp);
+
+/*
+ * Listener functions
+ */
+/*% attach to listener */
+void
+ns_lwreslistener_attach(ns_lwreslistener_t *source,
+ ns_lwreslistener_t **targetp);
+
+/*% detach from lister */
+void
+ns_lwreslistener_detach(ns_lwreslistener_t **listenerp);
+
+/*% link client manager */
+void
+ns_lwreslistener_unlinkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm);
+
+/*% unlink client manager */
+void
+ns_lwreslistener_linkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm);
+
+
+
+
+/*
+ * INTERNAL FUNCTIONS.
+ */
+void *
+ns__lwresd_memalloc(void *arg, size_t size);
+
+void
+ns__lwresd_memfree(void *arg, void *mem, size_t size);
+
+#endif /* NAMED_LWRESD_H */
diff --git a/bin/named/include/named/lwsearch.h b/bin/named/include/named/lwsearch.h
new file mode 100644
index 0000000..c1b4f48
--- /dev/null
+++ b/bin/named/include/named/lwsearch.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwsearch.h,v 1.9 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_LWSEARCH_H
+#define NAMED_LWSEARCH_H 1
+
+#include <isc/mutex.h>
+#include <isc/result.h>
+#include <isc/types.h>
+
+#include <dns/types.h>
+
+#include <named/types.h>
+
+/*! \file
+ * \brief
+ * Lightweight resolver search list types and routines.
+ *
+ * An ns_lwsearchlist_t holds a list of search path elements.
+ *
+ * An ns_lwsearchctx stores the state of search list during a lookup
+ * operation.
+ */
+
+/*% An ns_lwsearchlist_t holds a list of search path elements. */
+struct ns_lwsearchlist {
+ unsigned int magic;
+
+ isc_mutex_t lock;
+ isc_mem_t *mctx;
+ unsigned int refs;
+ dns_namelist_t names;
+};
+/*% An ns_lwsearchctx stores the state of search list during a lookup operation. */
+struct ns_lwsearchctx {
+ dns_name_t *relname;
+ dns_name_t *searchname;
+ unsigned int ndots;
+ ns_lwsearchlist_t *list;
+ isc_boolean_t doneexact;
+ isc_boolean_t exactfirst;
+};
+
+isc_result_t
+ns_lwsearchlist_create(isc_mem_t *mctx, ns_lwsearchlist_t **listp);
+/*%<
+ * Create an empty search list object.
+ */
+
+void
+ns_lwsearchlist_attach(ns_lwsearchlist_t *source, ns_lwsearchlist_t **target);
+/*%<
+ * Attach to a search list object.
+ */
+
+void
+ns_lwsearchlist_detach(ns_lwsearchlist_t **listp);
+/*%<
+ * Detach from a search list object.
+ */
+
+isc_result_t
+ns_lwsearchlist_append(ns_lwsearchlist_t *list, dns_name_t *name);
+/*%<
+ * Append an element to a search list. This creates a copy of the name.
+ */
+
+void
+ns_lwsearchctx_init(ns_lwsearchctx_t *sctx, ns_lwsearchlist_t *list,
+ dns_name_t *name, unsigned int ndots);
+/*%<
+ * Creates a search list context structure.
+ */
+
+void
+ns_lwsearchctx_first(ns_lwsearchctx_t *sctx);
+/*%<
+ * Moves the search list context iterator to the first element, which
+ * is usually the exact name.
+ */
+
+isc_result_t
+ns_lwsearchctx_next(ns_lwsearchctx_t *sctx);
+/*%<
+ * Moves the search list context iterator to the next element.
+ */
+
+isc_result_t
+ns_lwsearchctx_current(ns_lwsearchctx_t *sctx, dns_name_t *absname);
+/*%<
+ * Obtains the current name to be looked up. This involves either
+ * concatenating the name with a search path element, making an
+ * exact name absolute, or doing nothing.
+ */
+
+#endif /* NAMED_LWSEARCH_H */
diff --git a/bin/named/include/named/main.h b/bin/named/include/named/main.h
new file mode 100644
index 0000000..e834539
--- /dev/null
+++ b/bin/named/include/named/main.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: main.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_MAIN_H
+#define NAMED_MAIN_H 1
+
+/*! \file */
+
+void
+ns_main_earlyfatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+ns_main_earlywarning(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+ns_main_setmemstats(const char *);
+
+#endif /* NAMED_MAIN_H */
diff --git a/bin/named/include/named/notify.h b/bin/named/include/named/notify.h
new file mode 100644
index 0000000..6205d7d
--- /dev/null
+++ b/bin/named/include/named/notify.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: notify.h,v 1.14 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_NOTIFY_H
+#define NAMED_NOTIFY_H 1
+
+#include <named/types.h>
+#include <named/client.h>
+
+/***
+ *** Module Info
+ ***/
+
+/*! \file
+ * \brief
+ * RFC1996
+ * A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
+ */
+
+/***
+ *** Functions.
+ ***/
+
+void
+ns_notify_start(ns_client_t *client);
+
+/*%<
+ * Examines the incoming message to determine apporiate zone.
+ * Returns FORMERR if there is not exactly one question.
+ * Returns REFUSED if we do not serve the listed zone.
+ * Pass the message to the zone module for processing
+ * and returns the return status.
+ *
+ * Requires
+ *\li client to be valid.
+ */
+
+#endif /* NAMED_NOTIFY_H */
+
diff --git a/bin/named/include/named/ns_smf_globals.h b/bin/named/include/named/ns_smf_globals.h
new file mode 100644
index 0000000..3a35743
--- /dev/null
+++ b/bin/named/include/named/ns_smf_globals.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ns_smf_globals.h,v 1.7 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NS_SMF_GLOBALS_H
+#define NS_SMF_GLOBALS_H 1
+
+#include <libscf.h>
+
+#undef EXTERN
+#undef INIT
+#ifdef NS_MAIN
+#define EXTERN
+#define INIT(v) = (v)
+#else
+#define EXTERN extern
+#define INIT(v)
+#endif
+
+EXTERN unsigned int ns_smf_got_instance INIT(0);
+EXTERN unsigned int ns_smf_chroot INIT(0);
+EXTERN unsigned int ns_smf_want_disable INIT(0);
+
+isc_result_t ns_smf_add_message(isc_buffer_t *text);
+isc_result_t ns_smf_get_instance(char **name, int debug, isc_mem_t *mctx);
+
+#undef EXTERN
+#undef INIT
+
+#endif /* NS_SMF_GLOBALS_H */
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
new file mode 100644
index 0000000..500b577
--- /dev/null
+++ b/bin/named/include/named/query.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: query.h,v 1.40 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_QUERY_H
+#define NAMED_QUERY_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+#include <isc/buffer.h>
+#include <isc/netaddr.h>
+
+#include <dns/types.h>
+
+#include <named/types.h>
+
+/*% nameserver database version structure */
+typedef struct ns_dbversion {
+ dns_db_t *db;
+ dns_dbversion_t *version;
+ isc_boolean_t queryok;
+ ISC_LINK(struct ns_dbversion) link;
+} ns_dbversion_t;
+
+/*% nameserver query structure */
+struct ns_query {
+ unsigned int attributes;
+ unsigned int restarts;
+ isc_boolean_t timerset;
+ dns_name_t * qname;
+ dns_name_t * origqname;
+ unsigned int dboptions;
+ unsigned int fetchoptions;
+ dns_db_t * gluedb;
+ dns_db_t * authdb;
+ dns_zone_t * authzone;
+ isc_boolean_t authdbset;
+ isc_boolean_t isreferral;
+ isc_mutex_t fetchlock;
+ dns_fetch_t * fetch;
+ isc_bufferlist_t namebufs;
+ ISC_LIST(ns_dbversion_t) activeversions;
+ ISC_LIST(ns_dbversion_t) freeversions;
+};
+
+#define NS_QUERYATTR_RECURSIONOK 0x0001
+#define NS_QUERYATTR_CACHEOK 0x0002
+#define NS_QUERYATTR_PARTIALANSWER 0x0004
+#define NS_QUERYATTR_NAMEBUFUSED 0x0008
+#define NS_QUERYATTR_RECURSING 0x0010
+#define NS_QUERYATTR_CACHEGLUEOK 0x0020
+#define NS_QUERYATTR_QUERYOKVALID 0x0040
+#define NS_QUERYATTR_QUERYOK 0x0080
+#define NS_QUERYATTR_WANTRECURSION 0x0100
+#define NS_QUERYATTR_SECURE 0x0200
+#define NS_QUERYATTR_NOAUTHORITY 0x0400
+#define NS_QUERYATTR_NOADDITIONAL 0x0800
+
+isc_result_t
+ns_query_init(ns_client_t *client);
+
+void
+ns_query_free(ns_client_t *client);
+
+void
+ns_query_start(ns_client_t *client);
+
+void
+ns_query_cancel(ns_client_t *client);
+
+#endif /* NAMED_QUERY_H */
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
new file mode 100644
index 0000000..d3a75fd
--- /dev/null
+++ b/bin/named/include/named/server.h
@@ -0,0 +1,298 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: server.h,v 1.93 2008/04/03 05:55:51 marka Exp $ */
+
+#ifndef NAMED_SERVER_H
+#define NAMED_SERVER_H 1
+
+/*! \file */
+
+#include <isc/log.h>
+#include <isc/magic.h>
+#include <isc/quota.h>
+#include <isc/sockaddr.h>
+#include <isc/types.h>
+#include <isc/xml.h>
+
+#include <dns/acl.h>
+#include <dns/types.h>
+
+#include <named/types.h>
+
+#define NS_EVENTCLASS ISC_EVENTCLASS(0x4E43)
+#define NS_EVENT_RELOAD (NS_EVENTCLASS + 0)
+#define NS_EVENT_CLIENTCONTROL (NS_EVENTCLASS + 1)
+
+/*%
+ * Name server state. Better here than in lots of separate global variables.
+ */
+struct ns_server {
+ unsigned int magic;
+ isc_mem_t * mctx;
+
+ isc_task_t * task;
+
+ /* Configurable data. */
+ isc_quota_t xfroutquota;
+ isc_quota_t tcpquota;
+ isc_quota_t recursionquota;
+ dns_acl_t *blackholeacl;
+ char * statsfile; /*%< Statistics file name */
+ char * dumpfile; /*%< Dump file name */
+ char * recfile; /*%< Recursive file name */
+ isc_boolean_t version_set; /*%< User has set version */
+ char * version; /*%< User-specified version */
+ isc_boolean_t hostname_set; /*%< User has set hostname */
+ char * hostname; /*%< User-specified hostname */
+ /*% Use hostname for server id */
+ isc_boolean_t server_usehostname;
+ char * server_id; /*%< User-specified server id */
+
+ /*%
+ * Current ACL environment. This defines the
+ * current values of the localhost and localnets
+ * ACLs.
+ */
+ dns_aclenv_t aclenv;
+
+ /* Server data structures. */
+ dns_loadmgr_t * loadmgr;
+ dns_zonemgr_t * zonemgr;
+ dns_viewlist_t viewlist;
+ ns_interfacemgr_t * interfacemgr;
+ dns_db_t * in_roothints;
+ dns_tkeyctx_t * tkeyctx;
+
+ isc_timer_t * interface_timer;
+ isc_timer_t * heartbeat_timer;
+ isc_timer_t * pps_timer;
+
+ isc_uint32_t interface_interval;
+ isc_uint32_t heartbeat_interval;
+
+ isc_mutex_t reload_event_lock;
+ isc_event_t * reload_event;
+
+ isc_boolean_t flushonshutdown;
+ isc_boolean_t log_queries; /*%< For BIND 8 compatibility */
+
+ dns_stats_t * nsstats; /*%< Server statistics */
+ dns_stats_t * rcvquerystats; /*% Incoming query statistics */
+ dns_stats_t * opcodestats; /*%< Incoming message statistics */
+ dns_stats_t * zonestats; /*% Zone management statistics */
+ dns_stats_t * resolverstats; /*% Resolver statistics */
+
+ ns_controls_t * controls; /*%< Control channels */
+ unsigned int dispatchgen;
+ ns_dispatchlist_t dispatches;
+
+ dns_acache_t *acache;
+
+ ns_statschannellist_t statschannels;
+};
+
+#define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R')
+#define NS_SERVER_VALID(s) ISC_MAGIC_VALID(s, NS_SERVER_MAGIC)
+
+/*%
+ * Server statistics counters. Used as dns_statscounter_t values.
+ */
+enum {
+ dns_nsstatscounter_requestv4 = 0,
+ dns_nsstatscounter_requestv6 = 1,
+ dns_nsstatscounter_edns0in = 2,
+ dns_nsstatscounter_badednsver = 3,
+ dns_nsstatscounter_tsigin = 4,
+ dns_nsstatscounter_sig0in = 5,
+ dns_nsstatscounter_invalidsig = 6,
+ dns_nsstatscounter_tcp = 7,
+
+ dns_nsstatscounter_authrej = 8,
+ dns_nsstatscounter_recurserej = 9,
+ dns_nsstatscounter_xfrrej = 10,
+ dns_nsstatscounter_updaterej = 11,
+
+ dns_nsstatscounter_response = 12,
+ dns_nsstatscounter_truncatedresp = 13,
+ dns_nsstatscounter_edns0out = 14,
+ dns_nsstatscounter_tsigout = 15,
+ dns_nsstatscounter_sig0out = 16,
+
+ dns_nsstatscounter_success = 17,
+ dns_nsstatscounter_authans = 18,
+ dns_nsstatscounter_nonauthans = 19,
+ dns_nsstatscounter_referral = 20,
+ dns_nsstatscounter_nxrrset = 21,
+ dns_nsstatscounter_servfail = 22,
+ dns_nsstatscounter_formerr = 23,
+ dns_nsstatscounter_nxdomain = 24,
+ dns_nsstatscounter_recursion = 25,
+ dns_nsstatscounter_duplicate = 26,
+ dns_nsstatscounter_dropped = 27,
+ dns_nsstatscounter_failure = 28,
+
+ dns_nsstatscounter_xfrdone = 29,
+
+ dns_nsstatscounter_updatereqfwd = 30,
+ dns_nsstatscounter_updaterespfwd = 31,
+ dns_nsstatscounter_updatefwdfail = 32,
+ dns_nsstatscounter_updatedone = 33,
+ dns_nsstatscounter_updatefail = 34,
+ dns_nsstatscounter_updatebadprereq = 35,
+
+ dns_nsstatscounter_max = 36
+};
+
+void
+ns_server_create(isc_mem_t *mctx, ns_server_t **serverp);
+/*%<
+ * Create a server object with default settings.
+ * This function either succeeds or causes the program to exit
+ * with a fatal error.
+ */
+
+void
+ns_server_destroy(ns_server_t **serverp);
+/*%<
+ * Destroy a server object, freeing its memory.
+ */
+
+void
+ns_server_reloadwanted(ns_server_t *server);
+/*%<
+ * Inform a server that a reload is wanted. This function
+ * may be called asynchronously, from outside the server's task.
+ * If a reload is already scheduled or in progress, the call
+ * is ignored.
+ */
+
+void
+ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush);
+/*%<
+ * Inform the server that the zones should be flushed to disk on shutdown.
+ */
+
+isc_result_t
+ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text);
+/*%<
+ * Act on a "reload" command from the command channel.
+ */
+
+isc_result_t
+ns_server_reconfigcommand(ns_server_t *server, char *args);
+/*%<
+ * Act on a "reconfig" command from the command channel.
+ */
+
+isc_result_t
+ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text);
+/*%<
+ * Act on a "notify" command from the command channel.
+ */
+
+isc_result_t
+ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text);
+/*%<
+ * Act on a "refresh" command from the command channel.
+ */
+
+isc_result_t
+ns_server_retransfercommand(ns_server_t *server, char *args);
+/*%<
+ * Act on a "retransfer" command from the command channel.
+ */
+
+isc_result_t
+ns_server_togglequerylog(ns_server_t *server);
+/*%<
+ * Toggle logging of queries, as in BIND 8.
+ */
+
+/*%
+ * Dump the current statistics to the statistics file.
+ */
+isc_result_t
+ns_server_dumpstats(ns_server_t *server);
+
+/*%
+ * Dump the current cache to the dump file.
+ */
+isc_result_t
+ns_server_dumpdb(ns_server_t *server, char *args);
+
+/*%
+ * Change or increment the server debug level.
+ */
+isc_result_t
+ns_server_setdebuglevel(ns_server_t *server, char *args);
+
+/*%
+ * Flush the server's cache(s)
+ */
+isc_result_t
+ns_server_flushcache(ns_server_t *server, char *args);
+
+/*%
+ * Flush a particular name from the server's cache(s)
+ */
+isc_result_t
+ns_server_flushname(ns_server_t *server, char *args);
+
+/*%
+ * Report the server's status.
+ */
+isc_result_t
+ns_server_status(ns_server_t *server, isc_buffer_t *text);
+
+/*%
+ * Report a list of dynamic and static tsig keys, per view.
+ */
+isc_result_t
+ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text);
+
+/*%
+ * Delete a specific key (with optional view).
+ */
+isc_result_t
+ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text);
+
+/*%
+ * Enable or disable updates for a zone.
+ */
+isc_result_t
+ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args);
+
+/*%
+ * Dump the current recursive queries.
+ */
+isc_result_t
+ns_server_dumprecursing(ns_server_t *server);
+
+/*%
+ * Maintain a list of dispatches that require reserved ports.
+ */
+void
+ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr);
+
+/*%
+ * Enable or disable dnssec validation.
+ */
+isc_result_t
+ns_server_validation(ns_server_t *server, char *args);
+
+#endif /* NAMED_SERVER_H */
diff --git a/bin/named/include/named/sortlist.h b/bin/named/include/named/sortlist.h
new file mode 100644
index 0000000..b9f6076
--- /dev/null
+++ b/bin/named/include/named/sortlist.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sortlist.h,v 1.11 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_SORTLIST_H
+#define NAMED_SORTLIST_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+
+#include <dns/types.h>
+
+/*%
+ * Type for callback functions that rank addresses.
+ */
+typedef int
+(*dns_addressorderfunc_t)(const isc_netaddr_t *address, const void *arg);
+
+/*%
+ * Return value type for setup_sortlist.
+ */
+typedef enum {
+ NS_SORTLISTTYPE_NONE,
+ NS_SORTLISTTYPE_1ELEMENT,
+ NS_SORTLISTTYPE_2ELEMENT
+} ns_sortlisttype_t;
+
+ns_sortlisttype_t
+ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr,
+ const void **argp);
+/*%<
+ * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any.
+ *
+ * If a 1-element sortlist item applies, return NS_SORTLISTTYPE_1ELEMENT and
+ * make '*argp' point to the matching subelement.
+ *
+ * If a 2-element sortlist item applies, return NS_SORTLISTTYPE_2ELEMENT and
+ * make '*argp' point to ACL that forms the second element.
+ *
+ * If no sortlist item applies, return NS_SORTLISTTYPE_NONE and set '*argp'
+ * to NULL.
+ */
+
+int
+ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg);
+/*%<
+ * Find the sort order of 'addr' in 'arg', the matching element
+ * of a 1-element top-level sortlist statement.
+ */
+
+int
+ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg);
+/*%<
+ * Find the sort order of 'addr' in 'arg', a topology-like
+ * ACL forming the second element in a 2-element top-level
+ * sortlist statement.
+ */
+
+void
+ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr,
+ dns_addressorderfunc_t *orderp,
+ const void **argp);
+/*%<
+ * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any.
+ * If a sortlist statement applies, return in '*orderp' a pointer to a function
+ * for ranking network addresses based on that sortlist statement, and in
+ * '*argp' an argument to pass to said function. If no sortlist statement
+ * applies, set '*orderp' and '*argp' to NULL.
+ */
+
+#endif /* NAMED_SORTLIST_H */
diff --git a/bin/named/include/named/statschannel.h b/bin/named/include/named/statschannel.h
new file mode 100644
index 0000000..0c36d8c
--- /dev/null
+++ b/bin/named/include/named/statschannel.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: statschannel.h,v 1.3 2008/04/03 05:55:51 marka Exp $ */
+
+#ifndef NAMED_STATSCHANNEL_H
+#define NAMED_STATSCHANNEL_H 1
+
+/*! \file
+ * \brief
+ * The statistics channels built-in the name server.
+ */
+
+#include <isccc/types.h>
+
+#include <isccfg/aclconf.h>
+
+#include <named/types.h>
+
+#define NS_STATSCHANNEL_HTTPPORT 80
+
+isc_result_t
+ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config,
+ cfg_aclconfctx_t *aclconfctx);
+/*%<
+ * [Re]configure the statistics channels.
+ *
+ * If it is no longer there but was previously configured, destroy
+ * it here.
+ *
+ * If the IP address or port has changed, destroy the old server
+ * and create a new one.
+ */
+
+
+void
+ns_statschannels_shutdown(ns_server_t *server);
+/*%<
+ * Initiate shutdown of all the statistics channel listeners.
+ */
+
+isc_result_t
+ns_stats_dump(ns_server_t *server, FILE *fp);
+/*%<
+ * Dump statistics counters managed by the server to the file fp.
+ */
+
+#endif /* NAMED_STATSCHANNEL_H */
diff --git a/bin/named/include/named/tkeyconf.h b/bin/named/include/named/tkeyconf.h
new file mode 100644
index 0000000..02bd718
--- /dev/null
+++ b/bin/named/include/named/tkeyconf.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: tkeyconf.h,v 1.16 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NS_TKEYCONF_H
+#define NS_TKEYCONF_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+#include <isccfg/cfg.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
+ isc_entropy_t *ectx, dns_tkeyctx_t **tctxp);
+/*%<
+ * Create a TKEY context and configure it, including the default DH key
+ * and default domain, according to 'options'.
+ *
+ * Requires:
+ *\li 'cfg' is a valid configuration options object.
+ *\li 'mctx' is not NULL
+ *\li 'ectx' is not NULL
+ *\li 'tctx' is not NULL
+ *\li '*tctx' is NULL
+ *
+ * Returns:
+ *\li ISC_R_SUCCESS
+ *\li ISC_R_NOMEMORY
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* NS_TKEYCONF_H */
diff --git a/bin/named/include/named/tsigconf.h b/bin/named/include/named/tsigconf.h
new file mode 100644
index 0000000..49ad82a
--- /dev/null
+++ b/bin/named/include/named/tsigconf.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: tsigconf.h,v 1.16 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NS_TSIGCONF_H
+#define NS_TSIGCONF_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+#include <isc/lang.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
+ isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
+/*%<
+ * Create a TSIG key ring and configure it according to the 'key'
+ * statements in the global and view configuration objects.
+ *
+ * Requires:
+ * \li 'config' is not NULL.
+ * \li 'mctx' is not NULL
+ * \li 'ring' is not NULL, and '*ring' is NULL
+ *
+ * Returns:
+ * \li ISC_R_SUCCESS
+ * \li ISC_R_NOMEMORY
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* NS_TSIGCONF_H */
diff --git a/bin/named/include/named/types.h b/bin/named/include/named/types.h
new file mode 100644
index 0000000..eb25520
--- /dev/null
+++ b/bin/named/include/named/types.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: types.h,v 1.29 2008/01/17 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_TYPES_H
+#define NAMED_TYPES_H 1
+
+/*! \file */
+
+#include <dns/types.h>
+
+typedef struct ns_client ns_client_t;
+typedef struct ns_clientmgr ns_clientmgr_t;
+typedef struct ns_query ns_query_t;
+typedef struct ns_server ns_server_t;
+typedef struct ns_xmld ns_xmld_t;
+typedef struct ns_xmldmgr ns_xmldmgr_t;
+typedef struct ns_interface ns_interface_t;
+typedef struct ns_interfacemgr ns_interfacemgr_t;
+typedef struct ns_lwresd ns_lwresd_t;
+typedef struct ns_lwreslistener ns_lwreslistener_t;
+typedef struct ns_lwdclient ns_lwdclient_t;
+typedef struct ns_lwdclientmgr ns_lwdclientmgr_t;
+typedef struct ns_lwsearchlist ns_lwsearchlist_t;
+typedef struct ns_lwsearchctx ns_lwsearchctx_t;
+typedef struct ns_controls ns_controls_t;
+typedef struct ns_dispatch ns_dispatch_t;
+typedef ISC_LIST(ns_dispatch_t) ns_dispatchlist_t;
+typedef struct ns_statschannel ns_statschannel_t;
+typedef ISC_LIST(ns_statschannel_t) ns_statschannellist_t;
+#endif /* NAMED_TYPES_H */
diff --git a/bin/named/include/named/update.h b/bin/named/include/named/update.h
new file mode 100644
index 0000000..a34570c
--- /dev/null
+++ b/bin/named/include/named/update.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: update.h,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_UPDATE_H
+#define NAMED_UPDATE_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*! \file
+ * \brief
+ * RFC2136 Dynamic Update
+ */
+
+/***
+ *** Imports
+ ***/
+
+#include <dns/types.h>
+#include <dns/result.h>
+
+/***
+ *** Types.
+ ***/
+
+/***
+ *** Functions
+ ***/
+
+void
+ns_update_start(ns_client_t *client, isc_result_t sigresult);
+
+#endif /* NAMED_UPDATE_H */
diff --git a/bin/named/include/named/xfrout.h b/bin/named/include/named/xfrout.h
new file mode 100644
index 0000000..4bb79a3
--- /dev/null
+++ b/bin/named/include/named/xfrout.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: xfrout.h,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NAMED_XFROUT_H
+#define NAMED_XFROUT_H 1
+
+/*****
+ ***** Module Info
+ *****/
+
+/*! \file
+ * \brief
+ * Outgoing zone transfers (AXFR + IXFR).
+ */
+
+/***
+ *** Functions
+ ***/
+
+void
+ns_xfr_start(ns_client_t *client, dns_rdatatype_t xfrtype);
+
+#endif /* NAMED_XFROUT_H */
diff --git a/bin/named/include/named/zoneconf.h b/bin/named/include/named/zoneconf.h
new file mode 100644
index 0000000..b973013
--- /dev/null
+++ b/bin/named/include/named/zoneconf.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: zoneconf.h,v 1.26 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NS_ZONECONF_H
+#define NS_ZONECONF_H 1
+
+/*! \file */
+
+#include <isc/lang.h>
+#include <isc/types.h>
+
+#include <isccfg/aclconf.h>
+#include <isccfg/cfg.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_result_t
+ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
+ const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
+ dns_zone_t *zone);
+/*%<
+ * Configure or reconfigure a zone according to the named.conf
+ * data in 'cctx' and 'czone'.
+ *
+ * The zone origin is not configured, it is assumed to have been set
+ * at zone creation time.
+ *
+ * Require:
+ * \li 'lctx' to be initialized or NULL.
+ * \li 'cctx' to be initialized or NULL.
+ * \li 'ac' to point to an initialized ns_aclconfctx_t.
+ * \li 'czone' to be initialized.
+ * \li 'zone' to be initialized.
+ */
+
+isc_boolean_t
+ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig);
+/*%<
+ * If 'zone' can be safely reconfigured according to the configuration
+ * data in 'zconfig', return ISC_TRUE. If the configuration data is so
+ * different from the current zone state that the zone needs to be destroyed
+ * and recreated, return ISC_FALSE.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* NS_ZONECONF_H */
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
new file mode 100644
index 0000000..897de28
--- /dev/null
+++ b/bin/named/interfacemgr.c
@@ -0,0 +1,974 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: interfacemgr.c,v 1.93 2008/07/23 23:27:54 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/interfaceiter.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/util.h>
+
+#include <dns/acl.h>
+#include <dns/dispatch.h>
+
+#include <named/client.h>
+#include <named/log.h>
+#include <named/interfacemgr.h>
+
+#define IFMGR_MAGIC ISC_MAGIC('I', 'F', 'M', 'G')
+#define NS_INTERFACEMGR_VALID(t) ISC_MAGIC_VALID(t, IFMGR_MAGIC)
+
+#define IFMGR_COMMON_LOGARGS \
+ ns_g_lctx, NS_LOGCATEGORY_NETWORK, NS_LOGMODULE_INTERFACEMGR
+
+/*% nameserver interface manager structure */
+struct ns_interfacemgr {
+ unsigned int magic; /*%< Magic number. */
+ int references;
+ isc_mutex_t lock;
+ isc_mem_t * mctx; /*%< Memory context. */
+ isc_taskmgr_t * taskmgr; /*%< Task manager. */
+ isc_socketmgr_t * socketmgr; /*%< Socket manager. */
+ dns_dispatchmgr_t * dispatchmgr;
+ unsigned int generation; /*%< Current generation no. */
+ ns_listenlist_t * listenon4;
+ ns_listenlist_t * listenon6;
+ dns_aclenv_t aclenv; /*%< Localhost/localnets ACLs */
+ ISC_LIST(ns_interface_t) interfaces; /*%< List of interfaces. */
+ ISC_LIST(isc_sockaddr_t) listenon;
+};
+
+static void
+purge_old_interfaces(ns_interfacemgr_t *mgr);
+
+static void
+clearlistenon(ns_interfacemgr_t *mgr);
+
+isc_result_t
+ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
+ isc_socketmgr_t *socketmgr,
+ dns_dispatchmgr_t *dispatchmgr,
+ ns_interfacemgr_t **mgrp)
+{
+ isc_result_t result;
+ ns_interfacemgr_t *mgr;
+
+ REQUIRE(mctx != NULL);
+ REQUIRE(mgrp != NULL);
+ REQUIRE(*mgrp == NULL);
+
+ mgr = isc_mem_get(mctx, sizeof(*mgr));
+ if (mgr == NULL)
+ return (ISC_R_NOMEMORY);
+
+ result = isc_mutex_init(&mgr->lock);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_mem;
+
+ mgr->mctx = mctx;
+ mgr->taskmgr = taskmgr;
+ mgr->socketmgr = socketmgr;
+ mgr->dispatchmgr = dispatchmgr;
+ mgr->generation = 1;
+ mgr->listenon4 = NULL;
+ mgr->listenon6 = NULL;
+
+ ISC_LIST_INIT(mgr->interfaces);
+ ISC_LIST_INIT(mgr->listenon);
+
+ /*
+ * The listen-on lists are initially empty.
+ */
+ result = ns_listenlist_create(mctx, &mgr->listenon4);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_mem;
+ ns_listenlist_attach(mgr->listenon4, &mgr->listenon6);
+
+ result = dns_aclenv_init(mctx, &mgr->aclenv);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_listenon;
+
+ mgr->references = 1;
+ mgr->magic = IFMGR_MAGIC;
+ *mgrp = mgr;
+ return (ISC_R_SUCCESS);
+
+ cleanup_listenon:
+ ns_listenlist_detach(&mgr->listenon4);
+ ns_listenlist_detach(&mgr->listenon6);
+ cleanup_mem:
+ isc_mem_put(mctx, mgr, sizeof(*mgr));
+ return (result);
+}
+
+static void
+ns_interfacemgr_destroy(ns_interfacemgr_t *mgr) {
+ REQUIRE(NS_INTERFACEMGR_VALID(mgr));
+ dns_aclenv_destroy(&mgr->aclenv);
+ ns_listenlist_detach(&mgr->listenon4);
+ ns_listenlist_detach(&mgr->listenon6);
+ clearlistenon(mgr);
+ DESTROYLOCK(&mgr->lock);
+ mgr->magic = 0;
+ isc_mem_put(mgr->mctx, mgr, sizeof(*mgr));
+}
+
+dns_aclenv_t *
+ns_interfacemgr_getaclenv(ns_interfacemgr_t *mgr) {
+ return (&mgr->aclenv);
+}
+
+void
+ns_interfacemgr_attach(ns_interfacemgr_t *source, ns_interfacemgr_t **target) {
+ REQUIRE(NS_INTERFACEMGR_VALID(source));
+ LOCK(&source->lock);
+ INSIST(source->references > 0);
+ source->references++;
+ UNLOCK(&source->lock);
+ *target = source;
+}
+
+void
+ns_interfacemgr_detach(ns_interfacemgr_t **targetp) {
+ isc_result_t need_destroy = ISC_FALSE;
+ ns_interfacemgr_t *target = *targetp;
+ REQUIRE(target != NULL);
+ REQUIRE(NS_INTERFACEMGR_VALID(target));
+ LOCK(&target->lock);
+ REQUIRE(target->references > 0);
+ target->references--;
+ if (target->references == 0)
+ need_destroy = ISC_TRUE;
+ UNLOCK(&target->lock);
+ if (need_destroy)
+ ns_interfacemgr_destroy(target);
+ *targetp = NULL;
+}
+
+void
+ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr) {
+ REQUIRE(NS_INTERFACEMGR_VALID(mgr));
+
+ /*%
+ * Shut down and detach all interfaces.
+ * By incrementing the generation count, we make purge_old_interfaces()
+ * consider all interfaces "old".
+ */
+ mgr->generation++;
+ purge_old_interfaces(mgr);
+}
+
+
+static isc_result_t
+ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ const char *name, ns_interface_t **ifpret)
+{
+ ns_interface_t *ifp;
+ isc_result_t result;
+
+ REQUIRE(NS_INTERFACEMGR_VALID(mgr));
+ ifp = isc_mem_get(mgr->mctx, sizeof(*ifp));
+ if (ifp == NULL)
+ return (ISC_R_NOMEMORY);
+ ifp->mgr = NULL;
+ ifp->generation = mgr->generation;
+ ifp->addr = *addr;
+ ifp->flags = 0;
+ strncpy(ifp->name, name, sizeof(ifp->name));
+ ifp->name[sizeof(ifp->name)-1] = '\0';
+ ifp->clientmgr = NULL;
+
+ result = isc_mutex_init(&ifp->lock);
+ if (result != ISC_R_SUCCESS)
+ goto lock_create_failure;
+
+ result = ns_clientmgr_create(mgr->mctx, mgr->taskmgr,
+ ns_g_timermgr,
+ &ifp->clientmgr);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
+ "ns_clientmgr_create() failed: %s",
+ isc_result_totext(result));
+ goto clientmgr_create_failure;
+ }
+
+ ifp->udpdispatch = NULL;
+
+ ifp->tcpsocket = NULL;
+ /*
+ * Create a single TCP client object. It will replace itself
+ * with a new one as soon as it gets a connection, so the actual
+ * connections will be handled in parallel even though there is
+ * only one client initially.
+ */
+ ifp->ntcptarget = 1;
+ ifp->ntcpcurrent = 0;
+
+ ISC_LINK_INIT(ifp, link);
+
+ ns_interfacemgr_attach(mgr, &ifp->mgr);
+ ISC_LIST_APPEND(mgr->interfaces, ifp, link);
+
+ ifp->references = 1;
+ ifp->magic = IFACE_MAGIC;
+ *ifpret = ifp;
+
+ return (ISC_R_SUCCESS);
+
+ clientmgr_create_failure:
+ DESTROYLOCK(&ifp->lock);
+ lock_create_failure:
+ ifp->magic = 0;
+ isc_mem_put(mgr->mctx, ifp, sizeof(*ifp));
+
+ return (ISC_R_UNEXPECTED);
+}
+
+static isc_result_t
+ns_interface_listenudp(ns_interface_t *ifp) {
+ isc_result_t result;
+ unsigned int attrs;
+ unsigned int attrmask;
+
+ attrs = 0;
+ attrs |= DNS_DISPATCHATTR_UDP;
+ if (isc_sockaddr_pf(&ifp->addr) == AF_INET)
+ attrs |= DNS_DISPATCHATTR_IPV4;
+ else
+ attrs |= DNS_DISPATCHATTR_IPV6;
+ attrs |= DNS_DISPATCHATTR_NOLISTEN;
+ attrmask = 0;
+ attrmask |= DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
+ attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
+ result = dns_dispatch_getudp(ifp->mgr->dispatchmgr, ns_g_socketmgr,
+ ns_g_taskmgr, &ifp->addr,
+ 4096, 1000, 32768, 8219, 8237,
+ attrs, attrmask, &ifp->udpdispatch);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
+ "could not listen on UDP socket: %s",
+ isc_result_totext(result));
+ goto udp_dispatch_failure;
+ }
+
+ result = ns_clientmgr_createclients(ifp->clientmgr, ns_g_cpus,
+ ifp, ISC_FALSE);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "UDP ns_clientmgr_createclients(): %s",
+ isc_result_totext(result));
+ goto addtodispatch_failure;
+ }
+ return (ISC_R_SUCCESS);
+
+ addtodispatch_failure:
+ dns_dispatch_changeattributes(ifp->udpdispatch, 0,
+ DNS_DISPATCHATTR_NOLISTEN);
+ dns_dispatch_detach(&ifp->udpdispatch);
+ udp_dispatch_failure:
+ return (result);
+}
+
+static isc_result_t
+ns_interface_accepttcp(ns_interface_t *ifp) {
+ isc_result_t result;
+
+ /*
+ * Open a TCP socket.
+ */
+ result = isc_socket_create(ifp->mgr->socketmgr,
+ isc_sockaddr_pf(&ifp->addr),
+ isc_sockettype_tcp,
+ &ifp->tcpsocket);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
+ "creating TCP socket: %s",
+ isc_result_totext(result));
+ goto tcp_socket_failure;
+ }
+ isc_socket_setname(ifp->tcpsocket, "dispatcher", NULL);
+#ifndef ISC_ALLOW_MAPPED
+ isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE);
+#endif
+ result = isc_socket_bind(ifp->tcpsocket, &ifp->addr,
+ ISC_SOCKET_REUSEADDRESS);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
+ "binding TCP socket: %s",
+ isc_result_totext(result));
+ goto tcp_bind_failure;
+ }
+ result = isc_socket_listen(ifp->tcpsocket, ns_g_listen);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
+ "listening on TCP socket: %s",
+ isc_result_totext(result));
+ goto tcp_listen_failure;
+ }
+
+ /*
+ * If/when there a multiple filters listen to the
+ * result.
+ */
+ (void)isc_socket_filter(ifp->tcpsocket, "dataready");
+
+ result = ns_clientmgr_createclients(ifp->clientmgr,
+ ifp->ntcptarget, ifp,
+ ISC_TRUE);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "TCP ns_clientmgr_createclients(): %s",
+ isc_result_totext(result));
+ goto accepttcp_failure;
+ }
+ return (ISC_R_SUCCESS);
+
+ accepttcp_failure:
+ tcp_listen_failure:
+ tcp_bind_failure:
+ isc_socket_detach(&ifp->tcpsocket);
+ tcp_socket_failure:
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ const char *name, ns_interface_t **ifpret,
+ isc_boolean_t accept_tcp)
+{
+ isc_result_t result;
+ ns_interface_t *ifp = NULL;
+ REQUIRE(ifpret != NULL && *ifpret == NULL);
+
+ result = ns_interface_create(mgr, addr, name, &ifp);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = ns_interface_listenudp(ifp);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_interface;
+
+ if (accept_tcp == ISC_TRUE) {
+ result = ns_interface_accepttcp(ifp);
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * XXXRTH We don't currently have a way to easily stop
+ * dispatch service, so we currently return
+ * ISC_R_SUCCESS (the UDP stuff will work even if TCP
+ * creation failed). This will be fixed later.
+ */
+ result = ISC_R_SUCCESS;
+ }
+ }
+ *ifpret = ifp;
+ return (ISC_R_SUCCESS);
+
+ cleanup_interface:
+ ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
+ ns_interface_detach(&ifp);
+ return (result);
+}
+
+void
+ns_interface_shutdown(ns_interface_t *ifp) {
+ if (ifp->clientmgr != NULL)
+ ns_clientmgr_destroy(&ifp->clientmgr);
+}
+
+static void
+ns_interface_destroy(ns_interface_t *ifp) {
+ isc_mem_t *mctx = ifp->mgr->mctx;
+ REQUIRE(NS_INTERFACE_VALID(ifp));
+
+ ns_interface_shutdown(ifp);
+
+ if (ifp->udpdispatch != NULL) {
+ dns_dispatch_changeattributes(ifp->udpdispatch, 0,
+ DNS_DISPATCHATTR_NOLISTEN);
+ dns_dispatch_detach(&ifp->udpdispatch);
+ }
+ if (ifp->tcpsocket != NULL)
+ isc_socket_detach(&ifp->tcpsocket);
+
+ DESTROYLOCK(&ifp->lock);
+
+ ns_interfacemgr_detach(&ifp->mgr);
+
+ ifp->magic = 0;
+ isc_mem_put(mctx, ifp, sizeof(*ifp));
+}
+
+void
+ns_interface_attach(ns_interface_t *source, ns_interface_t **target) {
+ REQUIRE(NS_INTERFACE_VALID(source));
+ LOCK(&source->lock);
+ INSIST(source->references > 0);
+ source->references++;
+ UNLOCK(&source->lock);
+ *target = source;
+}
+
+void
+ns_interface_detach(ns_interface_t **targetp) {
+ isc_result_t need_destroy = ISC_FALSE;
+ ns_interface_t *target = *targetp;
+ REQUIRE(target != NULL);
+ REQUIRE(NS_INTERFACE_VALID(target));
+ LOCK(&target->lock);
+ REQUIRE(target->references > 0);
+ target->references--;
+ if (target->references == 0)
+ need_destroy = ISC_TRUE;
+ UNLOCK(&target->lock);
+ if (need_destroy)
+ ns_interface_destroy(target);
+ *targetp = NULL;
+}
+
+/*%
+ * Search the interface list for an interface whose address and port
+ * both match those of 'addr'. Return a pointer to it, or NULL if not found.
+ */
+static ns_interface_t *
+find_matching_interface(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) {
+ ns_interface_t *ifp;
+ for (ifp = ISC_LIST_HEAD(mgr->interfaces); ifp != NULL;
+ ifp = ISC_LIST_NEXT(ifp, link)) {
+ if (isc_sockaddr_equal(&ifp->addr, addr))
+ break;
+ }
+ return (ifp);
+}
+
+/*%
+ * Remove any interfaces whose generation number is not the current one.
+ */
+static void
+purge_old_interfaces(ns_interfacemgr_t *mgr) {
+ ns_interface_t *ifp, *next;
+ for (ifp = ISC_LIST_HEAD(mgr->interfaces); ifp != NULL; ifp = next) {
+ INSIST(NS_INTERFACE_VALID(ifp));
+ next = ISC_LIST_NEXT(ifp, link);
+ if (ifp->generation != mgr->generation) {
+ char sabuf[256];
+ ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
+ isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf));
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_INFO,
+ "no longer listening on %s", sabuf);
+ ns_interface_shutdown(ifp);
+ ns_interface_detach(&ifp);
+ }
+ }
+}
+
+static isc_result_t
+clearacl(isc_mem_t *mctx, dns_acl_t **aclp) {
+ dns_acl_t *newacl = NULL;
+ isc_result_t result;
+ result = dns_acl_create(mctx, 0, &newacl);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ dns_acl_detach(aclp);
+ dns_acl_attach(newacl, aclp);
+ dns_acl_detach(&newacl);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_boolean_t
+listenon_is_ip6_any(ns_listenelt_t *elt) {
+ REQUIRE(elt && elt->acl);
+ return dns_acl_isany(elt->acl);
+}
+
+static isc_result_t
+setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
+ isc_result_t result;
+ unsigned int prefixlen;
+ isc_netaddr_t *netaddr;
+
+ netaddr = &interface->address;
+
+ /* First add localhost address */
+ prefixlen = (netaddr->family == AF_INET) ? 32 : 128;
+ result = dns_iptable_addprefix(mgr->aclenv.localhost->iptable,
+ netaddr, prefixlen, ISC_TRUE);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /* Then add localnets prefix */
+ result = isc_netaddr_masktoprefixlen(&interface->netmask,
+ &prefixlen);
+
+ /* Non contigious netmasks not allowed by IPv6 arch. */
+ if (result != ISC_R_SUCCESS && netaddr->family == AF_INET6)
+ return (result);
+
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_WARNING,
+ "omitting IPv4 interface %s from "
+ "localnets ACL: %s",
+ interface->name,
+ isc_result_totext(result));
+ return (ISC_R_SUCCESS);
+ }
+
+ result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
+ netaddr, prefixlen, ISC_TRUE);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
+ in_port_t port)
+{
+ isc_sockaddr_t *addr;
+ isc_sockaddr_t *old;
+
+ addr = isc_mem_get(mgr->mctx, sizeof(*addr));
+ if (addr == NULL)
+ return;
+
+ isc_sockaddr_fromnetaddr(addr, &interface->address, port);
+
+ for (old = ISC_LIST_HEAD(mgr->listenon);
+ old != NULL;
+ old = ISC_LIST_NEXT(old, link))
+ if (isc_sockaddr_equal(addr, old))
+ break;
+
+ if (old != NULL)
+ isc_mem_put(mgr->mctx, addr, sizeof(*addr));
+ else
+ ISC_LIST_APPEND(mgr->listenon, addr, link);
+}
+
+static void
+clearlistenon(ns_interfacemgr_t *mgr) {
+ isc_sockaddr_t *old;
+
+ old = ISC_LIST_HEAD(mgr->listenon);
+ while (old != NULL) {
+ ISC_LIST_UNLINK(mgr->listenon, old, link);
+ isc_mem_put(mgr->mctx, old, sizeof(*old));
+ old = ISC_LIST_HEAD(mgr->listenon);
+ }
+}
+
+static isc_result_t
+do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
+ isc_boolean_t verbose)
+{
+ isc_interfaceiter_t *iter = NULL;
+ isc_boolean_t scan_ipv4 = ISC_FALSE;
+ isc_boolean_t scan_ipv6 = ISC_FALSE;
+ isc_boolean_t adjusting = ISC_FALSE;
+ isc_boolean_t ipv6only = ISC_TRUE;
+ isc_boolean_t ipv6pktinfo = ISC_TRUE;
+ isc_result_t result;
+ isc_netaddr_t zero_address, zero_address6;
+ ns_listenelt_t *le;
+ isc_sockaddr_t listen_addr;
+ ns_interface_t *ifp;
+ isc_boolean_t log_explicit = ISC_FALSE;
+ isc_boolean_t dolistenon;
+
+ if (ext_listen != NULL)
+ adjusting = ISC_TRUE;
+
+ if (isc_net_probeipv6() == ISC_R_SUCCESS)
+ scan_ipv6 = ISC_TRUE;
+#ifdef WANT_IPV6
+ else
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1),
+ "no IPv6 interfaces found");
+#endif
+
+ if (isc_net_probeipv4() == ISC_R_SUCCESS)
+ scan_ipv4 = ISC_TRUE;
+ else
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1),
+ "no IPv4 interfaces found");
+
+ /*
+ * A special, but typical case; listen-on-v6 { any; }.
+ * When we can make the socket IPv6-only, open a single wildcard
+ * socket for IPv6 communication. Otherwise, make separate socket
+ * for each IPv6 address in order to avoid accepting IPv4 packets
+ * as the form of mapped addresses unintentionally unless explicitly
+ * allowed.
+ */
+#ifndef ISC_ALLOW_MAPPED
+ if (scan_ipv6 == ISC_TRUE &&
+ isc_net_probe_ipv6only() != ISC_R_SUCCESS) {
+ ipv6only = ISC_FALSE;
+ log_explicit = ISC_TRUE;
+ }
+#endif
+ if (scan_ipv6 == ISC_TRUE &&
+ isc_net_probe_ipv6pktinfo() != ISC_R_SUCCESS) {
+ ipv6pktinfo = ISC_FALSE;
+ log_explicit = ISC_TRUE;
+ }
+ if (scan_ipv6 == ISC_TRUE && ipv6only && ipv6pktinfo) {
+ for (le = ISC_LIST_HEAD(mgr->listenon6->elts);
+ le != NULL;
+ le = ISC_LIST_NEXT(le, link)) {
+ struct in6_addr in6a;
+
+ if (!listenon_is_ip6_any(le))
+ continue;
+
+ in6a = in6addr_any;
+ isc_sockaddr_fromin6(&listen_addr, &in6a, le->port);
+
+ ifp = find_matching_interface(mgr, &listen_addr);
+ if (ifp != NULL) {
+ ifp->generation = mgr->generation;
+ } else {
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_INFO,
+ "listening on IPv6 "
+ "interfaces, port %u",
+ le->port);
+ result = ns_interface_setup(mgr, &listen_addr,
+ "<any>", &ifp,
+ ISC_TRUE);
+ if (result == ISC_R_SUCCESS)
+ ifp->flags |= NS_INTERFACEFLAG_ANYADDR;
+ else
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_ERROR,
+ "listening on all IPv6 "
+ "interfaces failed");
+ /* Continue. */
+ }
+ }
+ }
+
+ isc_netaddr_any(&zero_address);
+ isc_netaddr_any6(&zero_address6);
+
+ result = isc_interfaceiter_create(mgr->mctx, &iter);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ if (adjusting == ISC_FALSE) {
+ result = clearacl(mgr->mctx, &mgr->aclenv.localhost);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_iter;
+ result = clearacl(mgr->mctx, &mgr->aclenv.localnets);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_iter;
+ clearlistenon(mgr);
+ }
+
+ for (result = isc_interfaceiter_first(iter);
+ result == ISC_R_SUCCESS;
+ result = isc_interfaceiter_next(iter))
+ {
+ isc_interface_t interface;
+ ns_listenlist_t *ll;
+ unsigned int family;
+
+ result = isc_interfaceiter_current(iter, &interface);
+ if (result != ISC_R_SUCCESS)
+ break;
+
+ family = interface.address.family;
+ if (family != AF_INET && family != AF_INET6)
+ continue;
+ if (scan_ipv4 == ISC_FALSE && family == AF_INET)
+ continue;
+ if (scan_ipv6 == ISC_FALSE && family == AF_INET6)
+ continue;
+
+ /*
+ * Test for the address being nonzero rather than testing
+ * INTERFACE_F_UP, because on some systems the latter
+ * follows the media state and we could end up ignoring
+ * the interface for an entire rescan interval due to
+ * a temporary media glitch at rescan time.
+ */
+ if (family == AF_INET &&
+ isc_netaddr_equal(&interface.address, &zero_address)) {
+ continue;
+ }
+ if (family == AF_INET6 &&
+ isc_netaddr_equal(&interface.address, &zero_address6)) {
+ continue;
+ }
+
+ if (adjusting == ISC_FALSE) {
+ result = setup_locals(mgr, &interface);
+ if (result != ISC_R_SUCCESS)
+ goto ignore_interface;
+ }
+
+ ll = (family == AF_INET) ? mgr->listenon4 : mgr->listenon6;
+ dolistenon = ISC_TRUE;
+ for (le = ISC_LIST_HEAD(ll->elts);
+ le != NULL;
+ le = ISC_LIST_NEXT(le, link))
+ {
+ int match;
+ isc_boolean_t ipv6_wildcard = ISC_FALSE;
+ isc_netaddr_t listen_netaddr;
+ isc_sockaddr_t listen_sockaddr;
+
+ /*
+ * Construct a socket address for this IP/port
+ * combination.
+ */
+ if (family == AF_INET) {
+ isc_netaddr_fromin(&listen_netaddr,
+ &interface.address.type.in);
+ } else {
+ isc_netaddr_fromin6(&listen_netaddr,
+ &interface.address.type.in6);
+ isc_netaddr_setzone(&listen_netaddr,
+ interface.address.zone);
+ }
+ isc_sockaddr_fromnetaddr(&listen_sockaddr,
+ &listen_netaddr,
+ le->port);
+
+ /*
+ * See if the address matches the listen-on statement;
+ * if not, ignore the interface.
+ */
+ (void)dns_acl_match(&listen_netaddr, NULL, le->acl,
+ &mgr->aclenv, &match, NULL);
+ if (match <= 0)
+ continue;
+
+ if (adjusting == ISC_FALSE && dolistenon == ISC_TRUE) {
+ setup_listenon(mgr, &interface, le->port);
+ dolistenon = ISC_FALSE;
+ }
+
+ /*
+ * The case of "any" IPv6 address will require
+ * special considerations later, so remember it.
+ */
+ if (family == AF_INET6 && ipv6only && ipv6pktinfo &&
+ listenon_is_ip6_any(le))
+ ipv6_wildcard = ISC_TRUE;
+
+ /*
+ * When adjusting interfaces with extra a listening
+ * list, see if the address matches the extra list.
+ * If it does, and is also covered by a wildcard
+ * interface, we need to listen on the address
+ * explicitly.
+ */
+ if (adjusting == ISC_TRUE) {
+ ns_listenelt_t *ele;
+
+ match = 0;
+ for (ele = ISC_LIST_HEAD(ext_listen->elts);
+ ele != NULL;
+ ele = ISC_LIST_NEXT(ele, link)) {
+ (void)dns_acl_match(&listen_netaddr,
+ NULL, ele->acl,
+ NULL, &match, NULL);
+ if (match > 0 &&
+ (ele->port == le->port ||
+ ele->port == 0))
+ break;
+ else
+ match = 0;
+ }
+ if (ipv6_wildcard == ISC_TRUE && match == 0)
+ continue;
+ }
+
+ ifp = find_matching_interface(mgr, &listen_sockaddr);
+ if (ifp != NULL) {
+ ifp->generation = mgr->generation;
+ } else {
+ char sabuf[ISC_SOCKADDR_FORMATSIZE];
+
+ if (adjusting == ISC_FALSE &&
+ ipv6_wildcard == ISC_TRUE)
+ continue;
+
+ if (log_explicit && family == AF_INET6 &&
+ !adjusting && listenon_is_ip6_any(le)) {
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ verbose ? ISC_LOG_INFO :
+ ISC_LOG_DEBUG(1),
+ "IPv6 socket API is "
+ "incomplete; explicitly "
+ "binding to each IPv6 "
+ "address separately");
+ log_explicit = ISC_FALSE;
+ }
+ isc_sockaddr_format(&listen_sockaddr,
+ sabuf, sizeof(sabuf));
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_INFO,
+ "%s"
+ "listening on %s interface "
+ "%s, %s",
+ (adjusting == ISC_TRUE) ?
+ "additionally " : "",
+ (family == AF_INET) ?
+ "IPv4" : "IPv6",
+ interface.name, sabuf);
+
+ result = ns_interface_setup(mgr,
+ &listen_sockaddr,
+ interface.name,
+ &ifp,
+ (adjusting == ISC_TRUE) ?
+ ISC_FALSE :
+ ISC_TRUE);
+
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_ERROR,
+ "creating %s interface "
+ "%s failed; interface "
+ "ignored",
+ (family == AF_INET) ?
+ "IPv4" : "IPv6",
+ interface.name);
+ }
+ /* Continue. */
+ }
+
+ }
+ continue;
+
+ ignore_interface:
+ isc_log_write(IFMGR_COMMON_LOGARGS,
+ ISC_LOG_ERROR,
+ "ignoring %s interface %s: %s",
+ (family == AF_INET) ? "IPv4" : "IPv6",
+ interface.name, isc_result_totext(result));
+ continue;
+ }
+ if (result != ISC_R_NOMORE)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "interface iteration failed: %s",
+ isc_result_totext(result));
+ else
+ result = ISC_R_SUCCESS;
+ cleanup_iter:
+ isc_interfaceiter_destroy(&iter);
+ return (result);
+}
+
+static void
+ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
+ isc_boolean_t verbose)
+{
+ isc_boolean_t purge = ISC_TRUE;
+
+ REQUIRE(NS_INTERFACEMGR_VALID(mgr));
+
+ mgr->generation++; /* Increment the generation count. */
+
+ if (do_scan(mgr, ext_listen, verbose) != ISC_R_SUCCESS)
+ purge = ISC_FALSE;
+
+ /*
+ * Now go through the interface list and delete anything that
+ * does not have the current generation number. This is
+ * how we catch interfaces that go away or change their
+ * addresses.
+ */
+ if (purge)
+ purge_old_interfaces(mgr);
+
+ /*
+ * Warn if we are not listening on any interface, unless
+ * we're in lwresd-only mode, in which case that is to
+ * be expected.
+ */
+ if (ext_listen == NULL &&
+ ISC_LIST_EMPTY(mgr->interfaces) && ! ns_g_lwresdonly) {
+ isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING,
+ "not listening on any interfaces");
+ }
+}
+
+void
+ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose) {
+ ns_interfacemgr_scan0(mgr, NULL, verbose);
+}
+
+void
+ns_interfacemgr_adjust(ns_interfacemgr_t *mgr, ns_listenlist_t *list,
+ isc_boolean_t verbose)
+{
+ ns_interfacemgr_scan0(mgr, list, verbose);
+}
+
+void
+ns_interfacemgr_setlistenon4(ns_interfacemgr_t *mgr, ns_listenlist_t *value) {
+ LOCK(&mgr->lock);
+ ns_listenlist_detach(&mgr->listenon4);
+ ns_listenlist_attach(value, &mgr->listenon4);
+ UNLOCK(&mgr->lock);
+}
+
+void
+ns_interfacemgr_setlistenon6(ns_interfacemgr_t *mgr, ns_listenlist_t *value) {
+ LOCK(&mgr->lock);
+ ns_listenlist_detach(&mgr->listenon6);
+ ns_listenlist_attach(value, &mgr->listenon6);
+ UNLOCK(&mgr->lock);
+}
+
+void
+ns_interfacemgr_dumprecursing(FILE *f, ns_interfacemgr_t *mgr) {
+ ns_interface_t *interface;
+
+ LOCK(&mgr->lock);
+ interface = ISC_LIST_HEAD(mgr->interfaces);
+ while (interface != NULL) {
+ if (interface->clientmgr != NULL)
+ ns_client_dumprecursing(f, interface->clientmgr);
+ interface = ISC_LIST_NEXT(interface, link);
+ }
+ UNLOCK(&mgr->lock);
+}
+
+isc_boolean_t
+ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) {
+ isc_sockaddr_t *old;
+
+ old = ISC_LIST_HEAD(mgr->listenon);
+ for (old = ISC_LIST_HEAD(mgr->listenon);
+ old != NULL;
+ old = ISC_LIST_NEXT(old, link))
+ if (isc_sockaddr_equal(old, addr))
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
diff --git a/bin/named/listenlist.c b/bin/named/listenlist.c
new file mode 100644
index 0000000..513fe9c
--- /dev/null
+++ b/bin/named/listenlist.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: listenlist.c,v 1.14 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/acl.h>
+
+#include <named/listenlist.h>
+
+static void
+destroy(ns_listenlist_t *list);
+
+isc_result_t
+ns_listenelt_create(isc_mem_t *mctx, in_port_t port,
+ dns_acl_t *acl, ns_listenelt_t **target)
+{
+ ns_listenelt_t *elt = NULL;
+ REQUIRE(target != NULL && *target == NULL);
+ elt = isc_mem_get(mctx, sizeof(*elt));
+ if (elt == NULL)
+ return (ISC_R_NOMEMORY);
+ elt->mctx = mctx;
+ ISC_LINK_INIT(elt, link);
+ elt->port = port;
+ elt->acl = acl;
+ *target = elt;
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_listenelt_destroy(ns_listenelt_t *elt) {
+ if (elt->acl != NULL)
+ dns_acl_detach(&elt->acl);
+ isc_mem_put(elt->mctx, elt, sizeof(*elt));
+}
+
+isc_result_t
+ns_listenlist_create(isc_mem_t *mctx, ns_listenlist_t **target) {
+ ns_listenlist_t *list = NULL;
+ REQUIRE(target != NULL && *target == NULL);
+ list = isc_mem_get(mctx, sizeof(*list));
+ if (list == NULL)
+ return (ISC_R_NOMEMORY);
+ list->mctx = mctx;
+ list->refcount = 1;
+ ISC_LIST_INIT(list->elts);
+ *target = list;
+ return (ISC_R_SUCCESS);
+}
+
+static void
+destroy(ns_listenlist_t *list) {
+ ns_listenelt_t *elt, *next;
+ for (elt = ISC_LIST_HEAD(list->elts);
+ elt != NULL;
+ elt = next)
+ {
+ next = ISC_LIST_NEXT(elt, link);
+ ns_listenelt_destroy(elt);
+ }
+ isc_mem_put(list->mctx, list, sizeof(*list));
+}
+
+void
+ns_listenlist_attach(ns_listenlist_t *source, ns_listenlist_t **target) {
+ INSIST(source->refcount > 0);
+ source->refcount++;
+ *target = source;
+}
+
+void
+ns_listenlist_detach(ns_listenlist_t **listp) {
+ ns_listenlist_t *list = *listp;
+ INSIST(list->refcount > 0);
+ list->refcount--;
+ if (list->refcount == 0)
+ destroy(list);
+ *listp = NULL;
+}
+
+isc_result_t
+ns_listenlist_default(isc_mem_t *mctx, in_port_t port,
+ isc_boolean_t enabled, ns_listenlist_t **target)
+{
+ isc_result_t result;
+ dns_acl_t *acl = NULL;
+ ns_listenelt_t *elt = NULL;
+ ns_listenlist_t *list = NULL;
+
+ REQUIRE(target != NULL && *target == NULL);
+ if (enabled)
+ result = dns_acl_any(mctx, &acl);
+ else
+ result = dns_acl_none(mctx, &acl);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = ns_listenelt_create(mctx, port, acl, &elt);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_acl;
+
+ result = ns_listenlist_create(mctx, &list);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_listenelt;
+
+ ISC_LIST_APPEND(list->elts, elt, link);
+
+ *target = list;
+ return (ISC_R_SUCCESS);
+
+ cleanup_listenelt:
+ ns_listenelt_destroy(elt);
+ cleanup_acl:
+ dns_acl_detach(&acl);
+ cleanup:
+ return (result);
+}
diff --git a/bin/named/log.c b/bin/named/log.c
new file mode 100644
index 0000000..fdb4e0c
--- /dev/null
+++ b/bin/named/log.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: log.c,v 1.46 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/result.h>
+
+#include <isccfg/log.h>
+
+#include <named/log.h>
+
+#ifndef ISC_FACILITY
+#define ISC_FACILITY LOG_DAEMON
+#endif
+
+/*%
+ * When adding a new category, be sure to add the appropriate
+ * \#define to <named/log.h> and to update the list in
+ * bin/check/check-tool.c.
+ */
+static isc_logcategory_t categories[] = {
+ { "", 0 },
+ { "client", 0 },
+ { "network", 0 },
+ { "update", 0 },
+ { "queries", 0 },
+ { "unmatched", 0 },
+ { "update-security", 0 },
+ { NULL, 0 }
+};
+
+/*%
+ * When adding a new module, be sure to add the appropriate
+ * \#define to <dns/log.h>.
+ */
+static isc_logmodule_t modules[] = {
+ { "main", 0 },
+ { "client", 0 },
+ { "server", 0 },
+ { "query", 0 },
+ { "interfacemgr", 0 },
+ { "update", 0 },
+ { "xfer-in", 0 },
+ { "xfer-out", 0 },
+ { "notify", 0 },
+ { "control", 0 },
+ { "lwresd", 0 },
+ { NULL, 0 }
+};
+
+isc_result_t
+ns_log_init(isc_boolean_t safe) {
+ isc_result_t result;
+ isc_logconfig_t *lcfg = NULL;
+
+ ns_g_categories = categories;
+ ns_g_modules = modules;
+
+ /*
+ * Setup a logging context.
+ */
+ result = isc_log_create(ns_g_mctx, &ns_g_lctx, &lcfg);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * named-checktool.c:setup_logging() needs to be kept in sync.
+ */
+ isc_log_registercategories(ns_g_lctx, ns_g_categories);
+ isc_log_registermodules(ns_g_lctx, ns_g_modules);
+ isc_log_setcontext(ns_g_lctx);
+ dns_log_init(ns_g_lctx);
+ dns_log_setcontext(ns_g_lctx);
+ cfg_log_init(ns_g_lctx);
+
+ if (safe)
+ result = ns_log_setsafechannels(lcfg);
+ else
+ result = ns_log_setdefaultchannels(lcfg);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = ns_log_setdefaultcategory(lcfg);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ isc_log_destroy(&ns_g_lctx);
+ isc_log_setcontext(NULL);
+ dns_log_setcontext(NULL);
+
+ return (result);
+}
+
+isc_result_t
+ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
+ isc_result_t result;
+ isc_logdestination_t destination;
+
+ /*
+ * By default, the logging library makes "default_debug" log to
+ * stderr. In BIND, we want to override this and log to named.run
+ * instead, unless the the -g option was given.
+ */
+ if (! ns_g_logstderr) {
+ destination.file.stream = NULL;
+ destination.file.name = "named.run";
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ result = isc_log_createchannel(lcfg, "default_debug",
+ ISC_LOG_TOFILE,
+ ISC_LOG_DYNAMIC,
+ &destination,
+ ISC_LOG_PRINTTIME|
+ ISC_LOG_DEBUGONLY);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+
+#if ISC_FACILITY != LOG_DAEMON
+ destination.facility = ISC_FACILITY;
+ result = isc_log_createchannel(lcfg, "default_syslog",
+ ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
+ &destination, 0);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+#endif
+
+ /*
+ * Set the initial debug level.
+ */
+ isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ return (result);
+}
+
+isc_result_t
+ns_log_setsafechannels(isc_logconfig_t *lcfg) {
+ isc_result_t result;
+#if ISC_FACILITY != LOG_DAEMON
+ isc_logdestination_t destination;
+#endif
+
+ if (! ns_g_logstderr) {
+ result = isc_log_createchannel(lcfg, "default_debug",
+ ISC_LOG_TONULL,
+ ISC_LOG_DYNAMIC,
+ NULL, 0);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ /*
+ * Setting the debug level to zero should get the output
+ * discarded a bit faster.
+ */
+ isc_log_setdebuglevel(ns_g_lctx, 0);
+ } else {
+ isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
+ }
+
+#if ISC_FACILITY != LOG_DAEMON
+ destination.facility = ISC_FACILITY;
+ result = isc_log_createchannel(lcfg, "default_syslog",
+ ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
+ &destination, 0);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+#endif
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ return (result);
+}
+
+isc_result_t
+ns_log_setdefaultcategory(isc_logconfig_t *lcfg) {
+ isc_result_t result;
+
+ if (! ns_g_logstderr) {
+ result = isc_log_usechannel(lcfg, "default_syslog",
+ ISC_LOGCATEGORY_DEFAULT, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+
+ result = isc_log_usechannel(lcfg, "default_debug",
+ ISC_LOGCATEGORY_DEFAULT, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ return (result);
+}
+
+isc_result_t
+ns_log_setunmatchedcategory(isc_logconfig_t *lcfg) {
+ isc_result_t result;
+
+ result = isc_log_usechannel(lcfg, "null",
+ NS_LOGCATEGORY_UNMATCHED, NULL);
+ return (result);
+}
+
+void
+ns_log_shutdown(void) {
+ isc_log_destroy(&ns_g_lctx);
+ isc_log_setcontext(NULL);
+ dns_log_setcontext(NULL);
+}
diff --git a/bin/named/logconf.c b/bin/named/logconf.c
new file mode 100644
index 0000000..e324965
--- /dev/null
+++ b/bin/named/logconf.c
@@ -0,0 +1,299 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: logconf.c,v 1.42 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/offset.h>
+#include <isc/result.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/syslog.h>
+
+#include <isccfg/cfg.h>
+#include <isccfg/log.h>
+
+#include <named/log.h>
+#include <named/logconf.h>
+
+#define CHECK(op) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) goto cleanup; \
+ } while (0)
+
+/*%
+ * Set up a logging category according to the named.conf data
+ * in 'ccat' and add it to 'lctx'.
+ */
+static isc_result_t
+category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) {
+ isc_result_t result;
+ const char *catname;
+ isc_logcategory_t *category;
+ isc_logmodule_t *module;
+ const cfg_obj_t *destinations = NULL;
+ const cfg_listelt_t *element = NULL;
+
+ catname = cfg_obj_asstring(cfg_tuple_get(ccat, "name"));
+ category = isc_log_categorybyname(ns_g_lctx, catname);
+ if (category == NULL) {
+ cfg_obj_log(ccat, ns_g_lctx, ISC_LOG_ERROR,
+ "unknown logging category '%s' ignored",
+ catname);
+ /*
+ * Allow further processing by returning success.
+ */
+ return (ISC_R_SUCCESS);
+ }
+
+ module = NULL;
+
+ destinations = cfg_tuple_get(ccat, "destinations");
+ for (element = cfg_list_first(destinations);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *channel = cfg_listelt_value(element);
+ const char *channelname = cfg_obj_asstring(channel);
+
+ result = isc_log_usechannel(lctx, channelname, category,
+ module);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "logging channel '%s': %s", channelname,
+ isc_result_totext(result));
+ return (result);
+ }
+ }
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Set up a logging channel according to the named.conf data
+ * in 'cchan' and add it to 'lctx'.
+ */
+static isc_result_t
+channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
+ isc_result_t result;
+ isc_logdestination_t dest;
+ unsigned int type;
+ unsigned int flags = 0;
+ int level;
+ const char *channelname;
+ const cfg_obj_t *fileobj = NULL;
+ const cfg_obj_t *syslogobj = NULL;
+ const cfg_obj_t *nullobj = NULL;
+ const cfg_obj_t *stderrobj = NULL;
+ const cfg_obj_t *severity = NULL;
+ int i;
+
+ channelname = cfg_obj_asstring(cfg_map_getname(channel));
+
+ (void)cfg_map_get(channel, "file", &fileobj);
+ (void)cfg_map_get(channel, "syslog", &syslogobj);
+ (void)cfg_map_get(channel, "null", &nullobj);
+ (void)cfg_map_get(channel, "stderr", &stderrobj);
+
+ i = 0;
+ if (fileobj != NULL)
+ i++;
+ if (syslogobj != NULL)
+ i++;
+ if (nullobj != NULL)
+ i++;
+ if (stderrobj != NULL)
+ i++;
+
+ if (i != 1) {
+ cfg_obj_log(channel, ns_g_lctx, ISC_LOG_ERROR,
+ "channel '%s': exactly one of file, syslog, "
+ "null, and stderr must be present", channelname);
+ return (ISC_R_FAILURE);
+ }
+
+ type = ISC_LOG_TONULL;
+
+ if (fileobj != NULL) {
+ const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
+ const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
+ const cfg_obj_t *versionsobj =
+ cfg_tuple_get(fileobj, "versions");
+ isc_int32_t versions = ISC_LOG_ROLLNEVER;
+ isc_offset_t size = 0;
+
+ type = ISC_LOG_TOFILE;
+
+ if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))
+ versions = cfg_obj_asuint32(versionsobj);
+ if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&
+ strcasecmp(cfg_obj_asstring(versionsobj), "unlimited") == 0)
+ versions = ISC_LOG_ROLLINFINITE;
+ if (sizeobj != NULL &&
+ cfg_obj_isuint64(sizeobj) &&
+ cfg_obj_asuint64(sizeobj) < ISC_OFFSET_MAXIMUM)
+ size = (isc_offset_t)cfg_obj_asuint64(sizeobj);
+ dest.file.stream = NULL;
+ dest.file.name = cfg_obj_asstring(pathobj);
+ dest.file.versions = versions;
+ dest.file.maximum_size = size;
+ } else if (syslogobj != NULL) {
+ int facility = LOG_DAEMON;
+
+ type = ISC_LOG_TOSYSLOG;
+
+ if (cfg_obj_isstring(syslogobj)) {
+ const char *facilitystr = cfg_obj_asstring(syslogobj);
+ (void)isc_syslog_facilityfromstring(facilitystr,
+ &facility);
+ }
+ dest.facility = facility;
+ } else if (stderrobj != NULL) {
+ type = ISC_LOG_TOFILEDESC;
+ dest.file.stream = stderr;
+ dest.file.name = NULL;
+ dest.file.versions = ISC_LOG_ROLLNEVER;
+ dest.file.maximum_size = 0;
+ }
+
+ /*
+ * Munge flags.
+ */
+ {
+ const cfg_obj_t *printcat = NULL;
+ const cfg_obj_t *printsev = NULL;
+ const cfg_obj_t *printtime = NULL;
+
+ (void)cfg_map_get(channel, "print-category", &printcat);
+ (void)cfg_map_get(channel, "print-severity", &printsev);
+ (void)cfg_map_get(channel, "print-time", &printtime);
+
+ if (printcat != NULL && cfg_obj_asboolean(printcat))
+ flags |= ISC_LOG_PRINTCATEGORY;
+ if (printtime != NULL && cfg_obj_asboolean(printtime))
+ flags |= ISC_LOG_PRINTTIME;
+ if (printsev != NULL && cfg_obj_asboolean(printsev))
+ flags |= ISC_LOG_PRINTLEVEL;
+ }
+
+ level = ISC_LOG_INFO;
+ if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) {
+ if (cfg_obj_isstring(severity)) {
+ const char *str = cfg_obj_asstring(severity);
+ if (strcasecmp(str, "critical") == 0)
+ level = ISC_LOG_CRITICAL;
+ else if (strcasecmp(str, "error") == 0)
+ level = ISC_LOG_ERROR;
+ else if (strcasecmp(str, "warning") == 0)
+ level = ISC_LOG_WARNING;
+ else if (strcasecmp(str, "notice") == 0)
+ level = ISC_LOG_NOTICE;
+ else if (strcasecmp(str, "info") == 0)
+ level = ISC_LOG_INFO;
+ else if (strcasecmp(str, "dynamic") == 0)
+ level = ISC_LOG_DYNAMIC;
+ } else
+ /* debug */
+ level = cfg_obj_asuint32(severity);
+ }
+
+ result = isc_log_createchannel(lctx, channelname,
+ type, level, &dest, flags);
+
+ if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
+ FILE *fp;
+
+ /*
+ * Test that the file can be opened, since isc_log_open()
+ * can't effectively report failures when called in
+ * isc_log_doit().
+ */
+ result = isc_stdio_open(dest.file.name, "a", &fp);
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "logging channel '%s' file '%s': %s",
+ channelname, dest.file.name,
+ isc_result_totext(result));
+ else
+ (void)isc_stdio_close(fp);
+
+ /*
+ * Allow named to continue by returning success.
+ */
+ result = ISC_R_SUCCESS;
+ }
+
+ return (result);
+}
+
+isc_result_t
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) {
+ isc_result_t result;
+ const cfg_obj_t *channels = NULL;
+ const cfg_obj_t *categories = NULL;
+ const cfg_listelt_t *element;
+ isc_boolean_t default_set = ISC_FALSE;
+ isc_boolean_t unmatched_set = ISC_FALSE;
+ const cfg_obj_t *catname;
+
+ CHECK(ns_log_setdefaultchannels(logconf));
+
+ (void)cfg_map_get(logstmt, "channel", &channels);
+ for (element = cfg_list_first(channels);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *channel = cfg_listelt_value(element);
+ CHECK(channel_fromconf(channel, logconf));
+ }
+
+ (void)cfg_map_get(logstmt, "category", &categories);
+ for (element = cfg_list_first(categories);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *category = cfg_listelt_value(element);
+ CHECK(category_fromconf(category, logconf));
+ if (!default_set) {
+ catname = cfg_tuple_get(category, "name");
+ if (strcmp(cfg_obj_asstring(catname), "default") == 0)
+ default_set = ISC_TRUE;
+ }
+ if (!unmatched_set) {
+ catname = cfg_tuple_get(category, "name");
+ if (strcmp(cfg_obj_asstring(catname), "unmatched") == 0)
+ unmatched_set = ISC_TRUE;
+ }
+ }
+
+ if (!default_set)
+ CHECK(ns_log_setdefaultcategory(logconf));
+
+ if (!unmatched_set)
+ CHECK(ns_log_setunmatchedcategory(logconf));
+
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (logconf != NULL)
+ isc_logconfig_destroy(&logconf);
+ return (result);
+}
diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c
new file mode 100644
index 0000000..ed7880a
--- /dev/null
+++ b/bin/named/lwaddr.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwaddr.c,v 1.10 2008/01/11 23:46:56 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <string.h>
+
+#include <isc/result.h>
+#include <isc/netaddr.h>
+#include <isc/sockaddr.h>
+
+#include <lwres/lwres.h>
+
+#include <named/lwaddr.h>
+
+/*%
+ * Convert addresses from lwres to isc format.
+ */
+isc_result_t
+lwaddr_netaddr_fromlwresaddr(isc_netaddr_t *na, lwres_addr_t *la) {
+ if (la->family != LWRES_ADDRTYPE_V4 && la->family != LWRES_ADDRTYPE_V6)
+ return (ISC_R_FAMILYNOSUPPORT);
+
+ if (la->family == LWRES_ADDRTYPE_V4) {
+ struct in_addr ina;
+ memcpy(&ina.s_addr, la->address, 4);
+ isc_netaddr_fromin(na, &ina);
+ } else {
+ struct in6_addr ina6;
+ memcpy(&ina6.s6_addr, la->address, 16);
+ isc_netaddr_fromin6(na, &ina6);
+ }
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+lwaddr_sockaddr_fromlwresaddr(isc_sockaddr_t *sa, lwres_addr_t *la,
+ in_port_t port)
+{
+ isc_netaddr_t na;
+ isc_result_t result;
+
+ result = lwaddr_netaddr_fromlwresaddr(&na, la);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ isc_sockaddr_fromnetaddr(sa, &na, port);
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Convert addresses from isc to lwres format.
+ */
+
+isc_result_t
+lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) {
+ if (na->family != AF_INET && na->family != AF_INET6)
+ return (ISC_R_FAMILYNOSUPPORT);
+
+ if (na->family == AF_INET) {
+ la->family = LWRES_ADDRTYPE_V4;
+ la->length = 4;
+ memcpy(la->address, &na->type.in, 4);
+ } else {
+ la->family = LWRES_ADDRTYPE_V6;
+ la->length = 16;
+ memcpy(la->address, &na->type.in6, 16);
+ }
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+lwaddr_lwresaddr_fromsockaddr(lwres_addr_t *la, isc_sockaddr_t *sa) {
+ isc_netaddr_t na;
+ isc_netaddr_fromsockaddr(&na, sa);
+ return (lwaddr_lwresaddr_fromnetaddr(la, &na));
+}
diff --git a/bin/named/lwdclient.c b/bin/named/lwdclient.c
new file mode 100644
index 0000000..a843134
--- /dev/null
+++ b/bin/named/lwdclient.c
@@ -0,0 +1,468 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwdclient.c,v 1.22 2007/06/18 23:47:18 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/view.h>
+#include <dns/log.h>
+
+#include <named/types.h>
+#include <named/log.h>
+#include <named/lwresd.h>
+#include <named/lwdclient.h>
+
+#define SHUTTINGDOWN(cm) ((cm->flags & NS_LWDCLIENTMGR_FLAGSHUTTINGDOWN) != 0)
+
+static void
+lwdclientmgr_shutdown_callback(isc_task_t *task, isc_event_t *ev);
+
+void
+ns_lwdclient_log(int level, const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ isc_log_vwrite(dns_lctx,
+ DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ADB,
+ ISC_LOG_DEBUG(level), format, args);
+ va_end(args);
+}
+
+isc_result_t
+ns_lwdclientmgr_create(ns_lwreslistener_t *listener, unsigned int nclients,
+ isc_taskmgr_t *taskmgr)
+{
+ ns_lwresd_t *lwresd = listener->manager;
+ ns_lwdclientmgr_t *cm;
+ ns_lwdclient_t *client;
+ unsigned int i;
+ isc_result_t result = ISC_R_FAILURE;
+
+ cm = isc_mem_get(lwresd->mctx, sizeof(ns_lwdclientmgr_t));
+ if (cm == NULL)
+ return (ISC_R_NOMEMORY);
+
+ cm->listener = NULL;
+ ns_lwreslistener_attach(listener, &cm->listener);
+ cm->mctx = lwresd->mctx;
+ cm->sock = NULL;
+ isc_socket_attach(listener->sock, &cm->sock);
+ cm->view = lwresd->view;
+ cm->lwctx = NULL;
+ cm->task = NULL;
+ cm->flags = 0;
+ ISC_LINK_INIT(cm, link);
+ ISC_LIST_INIT(cm->idle);
+ ISC_LIST_INIT(cm->running);
+
+ if (lwres_context_create(&cm->lwctx, cm->mctx,
+ ns__lwresd_memalloc, ns__lwresd_memfree,
+ LWRES_CONTEXT_SERVERMODE)
+ != ISC_R_SUCCESS)
+ goto errout;
+
+ for (i = 0; i < nclients; i++) {
+ client = isc_mem_get(lwresd->mctx, sizeof(ns_lwdclient_t));
+ if (client != NULL) {
+ ns_lwdclient_log(50, "created client %p, manager %p",
+ client, cm);
+ ns_lwdclient_initialize(client, cm);
+ }
+ }
+
+ /*
+ * If we could create no clients, clean up and return.
+ */
+ if (ISC_LIST_EMPTY(cm->idle))
+ goto errout;
+
+ result = isc_task_create(taskmgr, 0, &cm->task);
+ if (result != ISC_R_SUCCESS)
+ goto errout;
+ isc_task_setname(cm->task, "lwdclient", NULL);
+
+ /*
+ * This MUST be last, since there is no way to cancel an onshutdown...
+ */
+ result = isc_task_onshutdown(cm->task, lwdclientmgr_shutdown_callback,
+ cm);
+ if (result != ISC_R_SUCCESS)
+ goto errout;
+
+ ns_lwreslistener_linkcm(listener, cm);
+
+ return (ISC_R_SUCCESS);
+
+ errout:
+ client = ISC_LIST_HEAD(cm->idle);
+ while (client != NULL) {
+ ISC_LIST_UNLINK(cm->idle, client, link);
+ isc_mem_put(lwresd->mctx, client, sizeof(*client));
+ client = ISC_LIST_HEAD(cm->idle);
+ }
+
+ if (cm->task != NULL)
+ isc_task_detach(&cm->task);
+
+ if (cm->lwctx != NULL)
+ lwres_context_destroy(&cm->lwctx);
+
+ isc_mem_put(lwresd->mctx, cm, sizeof(*cm));
+ return (result);
+}
+
+static void
+lwdclientmgr_destroy(ns_lwdclientmgr_t *cm) {
+ ns_lwdclient_t *client;
+ ns_lwreslistener_t *listener;
+
+ if (!SHUTTINGDOWN(cm))
+ return;
+
+ /*
+ * run through the idle list and free the clients there. Idle
+ * clients do not have a recv running nor do they have any finds
+ * or similar running.
+ */
+ client = ISC_LIST_HEAD(cm->idle);
+ while (client != NULL) {
+ ns_lwdclient_log(50, "destroying client %p, manager %p",
+ client, cm);
+ ISC_LIST_UNLINK(cm->idle, client, link);
+ isc_mem_put(cm->mctx, client, sizeof(*client));
+ client = ISC_LIST_HEAD(cm->idle);
+ }
+
+ if (!ISC_LIST_EMPTY(cm->running))
+ return;
+
+ lwres_context_destroy(&cm->lwctx);
+ cm->view = NULL;
+ isc_socket_detach(&cm->sock);
+ isc_task_detach(&cm->task);
+
+ listener = cm->listener;
+ ns_lwreslistener_unlinkcm(listener, cm);
+ ns_lwdclient_log(50, "destroying manager %p", cm);
+ isc_mem_put(cm->mctx, cm, sizeof(*cm));
+ ns_lwreslistener_detach(&listener);
+}
+
+static void
+process_request(ns_lwdclient_t *client) {
+ lwres_buffer_t b;
+ isc_result_t result;
+
+ lwres_buffer_init(&b, client->buffer, client->recvlength);
+ lwres_buffer_add(&b, client->recvlength);
+
+ result = lwres_lwpacket_parseheader(&b, &client->pkt);
+ if (result != ISC_R_SUCCESS) {
+ ns_lwdclient_log(50, "invalid packet header received");
+ goto restart;
+ }
+
+ ns_lwdclient_log(50, "opcode %08x", client->pkt.opcode);
+
+ switch (client->pkt.opcode) {
+ case LWRES_OPCODE_GETADDRSBYNAME:
+ ns_lwdclient_processgabn(client, &b);
+ return;
+ case LWRES_OPCODE_GETNAMEBYADDR:
+ ns_lwdclient_processgnba(client, &b);
+ return;
+ case LWRES_OPCODE_GETRDATABYNAME:
+ ns_lwdclient_processgrbn(client, &b);
+ return;
+ case LWRES_OPCODE_NOOP:
+ ns_lwdclient_processnoop(client, &b);
+ return;
+ default:
+ ns_lwdclient_log(50, "unknown opcode %08x", client->pkt.opcode);
+ goto restart;
+ }
+
+ /*
+ * Drop the packet.
+ */
+ restart:
+ ns_lwdclient_log(50, "restarting client %p...", client);
+ ns_lwdclient_stateidle(client);
+}
+
+void
+ns_lwdclient_recv(isc_task_t *task, isc_event_t *ev) {
+ isc_result_t result;
+ ns_lwdclient_t *client = ev->ev_arg;
+ ns_lwdclientmgr_t *cm = client->clientmgr;
+ isc_socketevent_t *dev = (isc_socketevent_t *)ev;
+
+ INSIST(dev->region.base == client->buffer);
+ INSIST(NS_LWDCLIENT_ISRECV(client));
+
+ NS_LWDCLIENT_SETRECVDONE(client);
+
+ INSIST((cm->flags & NS_LWDCLIENTMGR_FLAGRECVPENDING) != 0);
+ cm->flags &= ~NS_LWDCLIENTMGR_FLAGRECVPENDING;
+
+ ns_lwdclient_log(50,
+ "event received: task %p, length %u, result %u (%s)",
+ task, dev->n, dev->result,
+ isc_result_totext(dev->result));
+
+ if (dev->result != ISC_R_SUCCESS) {
+ isc_event_free(&ev);
+ dev = NULL;
+
+ /*
+ * Go idle.
+ */
+ ns_lwdclient_stateidle(client);
+
+ return;
+ }
+
+ client->recvlength = dev->n;
+ client->address = dev->address;
+ if ((dev->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
+ client->pktinfo = dev->pktinfo;
+ client->pktinfo_valid = ISC_TRUE;
+ } else
+ client->pktinfo_valid = ISC_FALSE;
+ isc_event_free(&ev);
+ dev = NULL;
+
+ result = ns_lwdclient_startrecv(cm);
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_ERROR,
+ "could not start lwres "
+ "client handler: %s",
+ isc_result_totext(result));
+
+ process_request(client);
+}
+
+/*
+ * This function will start a new recv() on a socket for this client manager.
+ */
+isc_result_t
+ns_lwdclient_startrecv(ns_lwdclientmgr_t *cm) {
+ ns_lwdclient_t *client;
+ isc_result_t result;
+ isc_region_t r;
+
+ if (SHUTTINGDOWN(cm)) {
+ lwdclientmgr_destroy(cm);
+ return (ISC_R_SUCCESS);
+ }
+
+ /*
+ * If a recv is already running, don't bother.
+ */
+ if ((cm->flags & NS_LWDCLIENTMGR_FLAGRECVPENDING) != 0)
+ return (ISC_R_SUCCESS);
+
+ /*
+ * If we have no idle slots, just return success.
+ */
+ client = ISC_LIST_HEAD(cm->idle);
+ if (client == NULL)
+ return (ISC_R_SUCCESS);
+ INSIST(NS_LWDCLIENT_ISIDLE(client));
+
+ /*
+ * Issue the recv. If it fails, return that it did.
+ */
+ r.base = client->buffer;
+ r.length = LWRES_RECVLENGTH;
+ result = isc_socket_recv(cm->sock, &r, 0, cm->task, ns_lwdclient_recv,
+ client);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * Set the flag to say we've issued a recv() call.
+ */
+ cm->flags |= NS_LWDCLIENTMGR_FLAGRECVPENDING;
+
+ /*
+ * Remove the client from the idle list, and put it on the running
+ * list.
+ */
+ NS_LWDCLIENT_SETRECV(client);
+ ISC_LIST_UNLINK(cm->idle, client, link);
+ ISC_LIST_APPEND(cm->running, client, link);
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+lwdclientmgr_shutdown_callback(isc_task_t *task, isc_event_t *ev) {
+ ns_lwdclientmgr_t *cm = ev->ev_arg;
+ ns_lwdclient_t *client;
+
+ REQUIRE(!SHUTTINGDOWN(cm));
+
+ ns_lwdclient_log(50, "got shutdown event, task %p, lwdclientmgr %p",
+ task, cm);
+
+ /*
+ * run through the idle list and free the clients there. Idle
+ * clients do not have a recv running nor do they have any finds
+ * or similar running.
+ */
+ client = ISC_LIST_HEAD(cm->idle);
+ while (client != NULL) {
+ ns_lwdclient_log(50, "destroying client %p, manager %p",
+ client, cm);
+ ISC_LIST_UNLINK(cm->idle, client, link);
+ isc_mem_put(cm->mctx, client, sizeof(*client));
+ client = ISC_LIST_HEAD(cm->idle);
+ }
+
+ /*
+ * Cancel any pending I/O.
+ */
+ isc_socket_cancel(cm->sock, task, ISC_SOCKCANCEL_ALL);
+
+ /*
+ * Run through the running client list and kill off any finds
+ * in progress.
+ */
+ client = ISC_LIST_HEAD(cm->running);
+ while (client != NULL) {
+ if (client->find != client->v4find
+ && client->find != client->v6find)
+ dns_adb_cancelfind(client->find);
+ if (client->v4find != NULL)
+ dns_adb_cancelfind(client->v4find);
+ if (client->v6find != NULL)
+ dns_adb_cancelfind(client->v6find);
+ client = ISC_LIST_NEXT(client, link);
+ }
+
+ cm->flags |= NS_LWDCLIENTMGR_FLAGSHUTTINGDOWN;
+
+ isc_event_free(&ev);
+}
+
+/*
+ * Do all the crap needed to move a client from the run queue to the idle
+ * queue.
+ */
+void
+ns_lwdclient_stateidle(ns_lwdclient_t *client) {
+ ns_lwdclientmgr_t *cm;
+ isc_result_t result;
+
+ cm = client->clientmgr;
+
+ INSIST(client->sendbuf == NULL);
+ INSIST(client->sendlength == 0);
+ INSIST(client->arg == NULL);
+ INSIST(client->v4find == NULL);
+ INSIST(client->v6find == NULL);
+
+ ISC_LIST_UNLINK(cm->running, client, link);
+ ISC_LIST_PREPEND(cm->idle, client, link);
+
+ NS_LWDCLIENT_SETIDLE(client);
+
+ result = ns_lwdclient_startrecv(cm);
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_ERROR,
+ "could not start lwres "
+ "client handler: %s",
+ isc_result_totext(result));
+}
+
+void
+ns_lwdclient_send(isc_task_t *task, isc_event_t *ev) {
+ ns_lwdclient_t *client = ev->ev_arg;
+ ns_lwdclientmgr_t *cm = client->clientmgr;
+ isc_socketevent_t *dev = (isc_socketevent_t *)ev;
+
+ UNUSED(task);
+ UNUSED(dev);
+
+ INSIST(NS_LWDCLIENT_ISSEND(client));
+ INSIST(client->sendbuf == dev->region.base);
+
+ ns_lwdclient_log(50, "task %p for client %p got send-done event",
+ task, client);
+
+ if (client->sendbuf != client->buffer)
+ lwres_context_freemem(cm->lwctx, client->sendbuf,
+ client->sendlength);
+ client->sendbuf = NULL;
+ client->sendlength = 0;
+
+ ns_lwdclient_stateidle(client);
+
+ isc_event_free(&ev);
+}
+
+isc_result_t
+ns_lwdclient_sendreply(ns_lwdclient_t *client, isc_region_t *r) {
+ struct in6_pktinfo *pktinfo;
+ ns_lwdclientmgr_t *cm = client->clientmgr;
+
+ if (client->pktinfo_valid)
+ pktinfo = &client->pktinfo;
+ else
+ pktinfo = NULL;
+ return (isc_socket_sendto(cm->sock, r, cm->task, ns_lwdclient_send,
+ client, &client->address, pktinfo));
+}
+
+void
+ns_lwdclient_initialize(ns_lwdclient_t *client, ns_lwdclientmgr_t *cmgr) {
+ client->clientmgr = cmgr;
+ ISC_LINK_INIT(client, link);
+ NS_LWDCLIENT_SETIDLE(client);
+ client->arg = NULL;
+
+ client->recvlength = 0;
+
+ client->sendbuf = NULL;
+ client->sendlength = 0;
+
+ client->find = NULL;
+ client->v4find = NULL;
+ client->v6find = NULL;
+ client->find_wanted = 0;
+
+ client->options = 0;
+ client->byaddr = NULL;
+
+ client->lookup = NULL;
+
+ client->pktinfo_valid = ISC_FALSE;
+
+ ISC_LIST_APPEND(cmgr->idle, client, link);
+}
diff --git a/bin/named/lwderror.c b/bin/named/lwderror.c
new file mode 100644
index 0000000..33f247a
--- /dev/null
+++ b/bin/named/lwderror.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwderror.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include <named/types.h>
+#include <named/lwdclient.h>
+
+/*%
+ * Generate an error packet for the client, schedule a send, and put us in
+ * the SEND state.
+ *
+ * The client->pkt structure will be modified to form an error return.
+ * The receiver needs to verify that it is in fact an error, and do the
+ * right thing with it. The opcode will be unchanged. The result needs
+ * to be set before calling this function.
+ *
+ * The only change this code makes is to set the receive buffer size to the
+ * size we use, set the reply bit, and recompute any security information.
+ */
+void
+ns_lwdclient_errorpktsend(ns_lwdclient_t *client, isc_uint32_t _result) {
+ isc_result_t result;
+ int lwres;
+ isc_region_t r;
+ lwres_buffer_t b;
+
+ REQUIRE(NS_LWDCLIENT_ISRUNNING(client));
+
+ /*
+ * Since we are only sending the packet header, we can safely toss
+ * the receive buffer. This means we won't need to allocate space
+ * for sending an error reply. This is a Good Thing.
+ */
+ client->pkt.length = LWRES_LWPACKET_LENGTH;
+ client->pkt.pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
+ client->pkt.recvlength = LWRES_RECVLENGTH;
+ client->pkt.authtype = 0; /* XXXMLG */
+ client->pkt.authlength = 0;
+ client->pkt.result = _result;
+
+ lwres_buffer_init(&b, client->buffer, LWRES_RECVLENGTH);
+ lwres = lwres_lwpacket_renderheader(&b, &client->pkt);
+ if (lwres != LWRES_R_SUCCESS) {
+ ns_lwdclient_stateidle(client);
+ return;
+ }
+
+ r.base = client->buffer;
+ r.length = b.used;
+ client->sendbuf = client->buffer;
+ result = ns_lwdclient_sendreply(client, &r);
+ if (result != ISC_R_SUCCESS) {
+ ns_lwdclient_stateidle(client);
+ return;
+ }
+
+ NS_LWDCLIENT_SETSEND(client);
+}
diff --git a/bin/named/lwdgabn.c b/bin/named/lwdgabn.c
new file mode 100644
index 0000000..dec1e1a
--- /dev/null
+++ b/bin/named/lwdgabn.c
@@ -0,0 +1,657 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwdgabn.c,v 1.22 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/netaddr.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/events.h>
+#include <dns/result.h>
+
+#include <named/types.h>
+#include <named/lwaddr.h>
+#include <named/lwdclient.h>
+#include <named/lwresd.h>
+#include <named/lwsearch.h>
+#include <named/sortlist.h>
+
+#define NEED_V4(c) ((((c)->find_wanted & LWRES_ADDRTYPE_V4) != 0) \
+ && ((c)->v4find == NULL))
+#define NEED_V6(c) ((((c)->find_wanted & LWRES_ADDRTYPE_V6) != 0) \
+ && ((c)->v6find == NULL))
+
+static isc_result_t start_find(ns_lwdclient_t *);
+static void restart_find(ns_lwdclient_t *);
+static void init_gabn(ns_lwdclient_t *);
+
+/*%
+ * Destroy any finds. This can be used to "start over from scratch" and
+ * should only be called when events are _not_ being generated by the finds.
+ */
+static void
+cleanup_gabn(ns_lwdclient_t *client) {
+ ns_lwdclient_log(50, "cleaning up client %p", client);
+
+ if (client->v6find != NULL) {
+ if (client->v6find == client->v4find)
+ client->v6find = NULL;
+ else
+ dns_adb_destroyfind(&client->v6find);
+ }
+ if (client->v4find != NULL)
+ dns_adb_destroyfind(&client->v4find);
+}
+
+static void
+setup_addresses(ns_lwdclient_t *client, dns_adbfind_t *find, unsigned int at) {
+ dns_adbaddrinfo_t *ai;
+ lwres_addr_t *addr;
+ int af;
+ const struct sockaddr *sa;
+ isc_result_t result;
+
+ if (at == DNS_ADBFIND_INET)
+ af = AF_INET;
+ else
+ af = AF_INET6;
+
+ ai = ISC_LIST_HEAD(find->list);
+ while (ai != NULL && client->gabn.naddrs < LWRES_MAX_ADDRS) {
+ sa = &ai->sockaddr.type.sa;
+ if (sa->sa_family != af)
+ goto next;
+
+ addr = &client->addrs[client->gabn.naddrs];
+
+ result = lwaddr_lwresaddr_fromsockaddr(addr, &ai->sockaddr);
+ if (result != ISC_R_SUCCESS)
+ goto next;
+
+ ns_lwdclient_log(50, "adding address %p, family %d, length %d",
+ addr->address, addr->family, addr->length);
+
+ client->gabn.naddrs++;
+ REQUIRE(!LWRES_LINK_LINKED(addr, link));
+ LWRES_LIST_APPEND(client->gabn.addrs, addr, link);
+
+ next:
+ ai = ISC_LIST_NEXT(ai, publink);
+ }
+}
+
+typedef struct {
+ isc_netaddr_t address;
+ int rank;
+} rankedaddress;
+
+static int
+addr_compare(const void *av, const void *bv) {
+ const rankedaddress *a = (const rankedaddress *) av;
+ const rankedaddress *b = (const rankedaddress *) bv;
+ return (a->rank - b->rank);
+}
+
+static void
+sort_addresses(ns_lwdclient_t *client) {
+ unsigned int naddrs;
+ rankedaddress *addrs;
+ isc_netaddr_t remote;
+ dns_addressorderfunc_t order;
+ const void *arg;
+ ns_lwresd_t *lwresd = client->clientmgr->listener->manager;
+ unsigned int i;
+ isc_result_t result;
+
+ naddrs = client->gabn.naddrs;
+
+ if (naddrs <= 1 || lwresd->view->sortlist == NULL)
+ return;
+
+ addrs = isc_mem_get(lwresd->mctx, sizeof(rankedaddress) * naddrs);
+ if (addrs == NULL)
+ return;
+
+ isc_netaddr_fromsockaddr(&remote, &client->address);
+ ns_sortlist_byaddrsetup(lwresd->view->sortlist,
+ &remote, &order, &arg);
+ if (order == NULL) {
+ isc_mem_put(lwresd->mctx, addrs,
+ sizeof(rankedaddress) * naddrs);
+ return;
+ }
+ for (i = 0; i < naddrs; i++) {
+ result = lwaddr_netaddr_fromlwresaddr(&addrs[i].address,
+ &client->addrs[i]);
+ INSIST(result == ISC_R_SUCCESS);
+ addrs[i].rank = (*order)(&addrs[i].address, arg);
+ }
+ qsort(addrs, naddrs, sizeof(rankedaddress), addr_compare);
+ for (i = 0; i < naddrs; i++) {
+ result = lwaddr_lwresaddr_fromnetaddr(&client->addrs[i],
+ &addrs[i].address);
+ INSIST(result == ISC_R_SUCCESS);
+ }
+
+ isc_mem_put(lwresd->mctx, addrs, sizeof(rankedaddress) * naddrs);
+}
+
+static void
+generate_reply(ns_lwdclient_t *client) {
+ isc_result_t result;
+ int lwres;
+ isc_region_t r;
+ lwres_buffer_t lwb;
+ ns_lwdclientmgr_t *cm;
+
+ cm = client->clientmgr;
+ lwb.base = NULL;
+
+ ns_lwdclient_log(50, "generating gabn reply for client %p", client);
+
+ /*
+ * We must make certain the client->find is not still active.
+ * If it is either the v4 or v6 answer, just set it to NULL and
+ * let the cleanup code destroy it. Otherwise, destroy it now.
+ */
+ if (client->find == client->v4find || client->find == client->v6find)
+ client->find = NULL;
+ else
+ if (client->find != NULL)
+ dns_adb_destroyfind(&client->find);
+
+ /*
+ * perhaps there are some here?
+ */
+ if (NEED_V6(client) && client->v4find != NULL)
+ client->v6find = client->v4find;
+
+ /*
+ * Run through the finds we have and wire them up to the gabn
+ * structure.
+ */
+ LWRES_LIST_INIT(client->gabn.addrs);
+ if (client->v4find != NULL)
+ setup_addresses(client, client->v4find, DNS_ADBFIND_INET);
+ if (client->v6find != NULL)
+ setup_addresses(client, client->v6find, DNS_ADBFIND_INET6);
+
+ /*
+ * If there are no addresses, try the next element in the search
+ * path, if there are any more. Otherwise, fall through into
+ * the error handling code below.
+ */
+ if (client->gabn.naddrs == 0) {
+ do {
+ result = ns_lwsearchctx_next(&client->searchctx);
+ if (result == ISC_R_SUCCESS) {
+ cleanup_gabn(client);
+ result = start_find(client);
+ if (result == ISC_R_SUCCESS)
+ return;
+ }
+ } while (result == ISC_R_SUCCESS);
+ }
+
+ /*
+ * Render the packet.
+ */
+ client->pkt.recvlength = LWRES_RECVLENGTH;
+ client->pkt.authtype = 0; /* XXXMLG */
+ client->pkt.authlength = 0;
+
+ /*
+ * If there are no addresses, return failure.
+ */
+ if (client->gabn.naddrs != 0)
+ client->pkt.result = LWRES_R_SUCCESS;
+ else
+ client->pkt.result = LWRES_R_NOTFOUND;
+
+ sort_addresses(client);
+
+ lwres = lwres_gabnresponse_render(cm->lwctx, &client->gabn,
+ &client->pkt, &lwb);
+ if (lwres != LWRES_R_SUCCESS)
+ goto out;
+
+ r.base = lwb.base;
+ r.length = lwb.used;
+ client->sendbuf = r.base;
+ client->sendlength = r.length;
+ result = ns_lwdclient_sendreply(client, &r);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+
+ NS_LWDCLIENT_SETSEND(client);
+
+ /*
+ * All done!
+ */
+ cleanup_gabn(client);
+
+ return;
+
+ out:
+ cleanup_gabn(client);
+
+ if (lwb.base != NULL)
+ lwres_context_freemem(client->clientmgr->lwctx,
+ lwb.base, lwb.length);
+
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
+
+/*
+ * Take the current real name, move it to an alias slot (if any are
+ * open) then put this new name in as the real name for the target.
+ *
+ * Return success if it can be rendered, otherwise failure. Note that
+ * not having enough alias slots open is NOT a failure.
+ */
+static isc_result_t
+add_alias(ns_lwdclient_t *client) {
+ isc_buffer_t b;
+ isc_result_t result;
+ isc_uint16_t naliases;
+
+ b = client->recv_buffer;
+
+ /*
+ * Render the new name to the buffer.
+ */
+ result = dns_name_totext(dns_fixedname_name(&client->target_name),
+ ISC_TRUE, &client->recv_buffer);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * Are there any open slots?
+ */
+ naliases = client->gabn.naliases;
+ if (naliases < LWRES_MAX_ALIASES) {
+ client->gabn.aliases[naliases] = client->gabn.realname;
+ client->gabn.aliaslen[naliases] = client->gabn.realnamelen;
+ client->gabn.naliases++;
+ }
+
+ /*
+ * Save this name away as the current real name.
+ */
+ client->gabn.realname = (char *)(b.base) + b.used;
+ client->gabn.realnamelen = client->recv_buffer.used - b.used;
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+store_realname(ns_lwdclient_t *client) {
+ isc_buffer_t b;
+ isc_result_t result;
+ dns_name_t *tname;
+
+ b = client->recv_buffer;
+
+ tname = dns_fixedname_name(&client->target_name);
+ result = ns_lwsearchctx_current(&client->searchctx, tname);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * Render the new name to the buffer.
+ */
+ result = dns_name_totext(tname, ISC_TRUE, &client->recv_buffer);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * Save this name away as the current real name.
+ */
+ client->gabn.realname = (char *) b.base + b.used;
+ client->gabn.realnamelen = client->recv_buffer.used - b.used;
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+process_gabn_finddone(isc_task_t *task, isc_event_t *ev) {
+ ns_lwdclient_t *client = ev->ev_arg;
+ isc_eventtype_t evtype;
+ isc_boolean_t claimed;
+
+ ns_lwdclient_log(50, "find done for task %p, client %p", task, client);
+
+ evtype = ev->ev_type;
+ isc_event_free(&ev);
+
+ /*
+ * No more info to be had? If so, we have all the good stuff
+ * right now, so we can render things.
+ */
+ claimed = ISC_FALSE;
+ if (evtype == DNS_EVENT_ADBNOMOREADDRESSES) {
+ if (NEED_V4(client)) {
+ client->v4find = client->find;
+ claimed = ISC_TRUE;
+ }
+ if (NEED_V6(client)) {
+ client->v6find = client->find;
+ claimed = ISC_TRUE;
+ }
+ if (client->find != NULL) {
+ if (claimed)
+ client->find = NULL;
+ else
+ dns_adb_destroyfind(&client->find);
+
+ }
+ generate_reply(client);
+ return;
+ }
+
+ /*
+ * We probably don't need this find anymore. We're either going to
+ * reissue it, or an error occurred. Either way, we're done with
+ * it.
+ */
+ if ((client->find != client->v4find)
+ && (client->find != client->v6find)) {
+ dns_adb_destroyfind(&client->find);
+ } else {
+ client->find = NULL;
+ }
+
+ /*
+ * We have some new information we can gather. Run off and fetch
+ * it.
+ */
+ if (evtype == DNS_EVENT_ADBMOREADDRESSES) {
+ restart_find(client);
+ return;
+ }
+
+ /*
+ * An error or other strangeness happened. Drop this query.
+ */
+ cleanup_gabn(client);
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
+
+static void
+restart_find(ns_lwdclient_t *client) {
+ unsigned int options;
+ isc_result_t result;
+ isc_boolean_t claimed;
+
+ ns_lwdclient_log(50, "starting find for client %p", client);
+
+ /*
+ * Issue a find for the name contained in the request. We won't
+ * set the bit that says "anything is good enough" -- we want it
+ * all.
+ */
+ options = 0;
+ options |= DNS_ADBFIND_WANTEVENT;
+ options |= DNS_ADBFIND_RETURNLAME;
+
+ /*
+ * Set the bits up here to mark that we want this address family
+ * and that we do not currently have a find pending. We will
+ * set that bit again below if it turns out we will get an event.
+ */
+ if (NEED_V4(client))
+ options |= DNS_ADBFIND_INET;
+ if (NEED_V6(client))
+ options |= DNS_ADBFIND_INET6;
+
+ find_again:
+ INSIST(client->find == NULL);
+ result = dns_adb_createfind(client->clientmgr->view->adb,
+ client->clientmgr->task,
+ process_gabn_finddone, client,
+ dns_fixedname_name(&client->target_name),
+ dns_rootname, 0, options, 0,
+ dns_fixedname_name(&client->target_name),
+ client->clientmgr->view->dstport,
+ &client->find);
+
+ /*
+ * Did we get an alias? If so, save it and re-issue the query.
+ */
+ if (result == DNS_R_ALIAS) {
+ ns_lwdclient_log(50, "found alias, restarting query");
+ dns_adb_destroyfind(&client->find);
+ cleanup_gabn(client);
+ result = add_alias(client);
+ if (result != ISC_R_SUCCESS) {
+ ns_lwdclient_log(50,
+ "out of buffer space adding alias");
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+ return;
+ }
+ goto find_again;
+ }
+
+ ns_lwdclient_log(50, "find returned %d (%s)", result,
+ isc_result_totext(result));
+
+ /*
+ * Did we get an error?
+ */
+ if (result != ISC_R_SUCCESS) {
+ if (client->find != NULL)
+ dns_adb_destroyfind(&client->find);
+ cleanup_gabn(client);
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+ return;
+ }
+
+ claimed = ISC_FALSE;
+
+ /*
+ * Did we get our answer to V4 addresses?
+ */
+ if (NEED_V4(client)
+ && ((client->find->query_pending & DNS_ADBFIND_INET) == 0)) {
+ ns_lwdclient_log(50, "client %p ipv4 satisfied by find %p",
+ client, client->find);
+ claimed = ISC_TRUE;
+ client->v4find = client->find;
+ }
+
+ /*
+ * Did we get our answer to V6 addresses?
+ */
+ if (NEED_V6(client)
+ && ((client->find->query_pending & DNS_ADBFIND_INET6) == 0)) {
+ ns_lwdclient_log(50, "client %p ipv6 satisfied by find %p",
+ client, client->find);
+ claimed = ISC_TRUE;
+ client->v6find = client->find;
+ }
+
+ /*
+ * If we're going to get an event, set our internal pending flag
+ * and return. When we get an event back we'll do the right
+ * thing, basically by calling this function again, perhaps with a
+ * new target name.
+ *
+ * If we have both v4 and v6, and we are still getting an event,
+ * we have a programming error, so die hard.
+ */
+ if ((client->find->options & DNS_ADBFIND_WANTEVENT) != 0) {
+ ns_lwdclient_log(50, "event will be sent");
+ INSIST(client->v4find == NULL || client->v6find == NULL);
+ return;
+ }
+ ns_lwdclient_log(50, "no event will be sent");
+ if (claimed)
+ client->find = NULL;
+ else
+ dns_adb_destroyfind(&client->find);
+
+ /*
+ * We seem to have everything we asked for, or at least we are
+ * able to respond with things we've learned.
+ */
+
+ generate_reply(client);
+}
+
+static isc_result_t
+start_find(ns_lwdclient_t *client) {
+ isc_result_t result;
+
+ /*
+ * Initialize the real name and alias arrays in the reply we're
+ * going to build up.
+ */
+ init_gabn(client);
+
+ result = store_realname(client);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ restart_find(client);
+ return (ISC_R_SUCCESS);
+
+}
+
+static void
+init_gabn(ns_lwdclient_t *client) {
+ int i;
+
+ /*
+ * Initialize the real name and alias arrays in the reply we're
+ * going to build up.
+ */
+ for (i = 0; i < LWRES_MAX_ALIASES; i++) {
+ client->aliases[i] = NULL;
+ client->aliaslen[i] = 0;
+ }
+ for (i = 0; i < LWRES_MAX_ADDRS; i++) {
+ client->addrs[i].family = 0;
+ client->addrs[i].length = 0;
+ memset(client->addrs[i].address, 0, LWRES_ADDR_MAXLEN);
+ LWRES_LINK_INIT(&client->addrs[i], link);
+ }
+
+ client->gabn.naliases = 0;
+ client->gabn.naddrs = 0;
+ client->gabn.realname = NULL;
+ client->gabn.aliases = client->aliases;
+ client->gabn.realnamelen = 0;
+ client->gabn.aliaslen = client->aliaslen;
+ LWRES_LIST_INIT(client->gabn.addrs);
+ client->gabn.base = NULL;
+ client->gabn.baselen = 0;
+
+ /*
+ * Set up the internal buffer to point to the receive region.
+ */
+ isc_buffer_init(&client->recv_buffer, client->buffer, LWRES_RECVLENGTH);
+}
+
+/*
+ * When we are called, we can be assured that:
+ *
+ * client->sockaddr contains the address we need to reply to,
+ *
+ * client->pkt contains the packet header data,
+ *
+ * the packet "checks out" overall -- any MD5 hashes or crypto
+ * bits have been verified,
+ *
+ * "b" points to the remaining data after the packet header
+ * was parsed off.
+ *
+ * We are in a the RECVDONE state.
+ *
+ * From this state we will enter the SEND state if we happen to have
+ * everything we need or we need to return an error packet, or to the
+ * FINDWAIT state if we need to look things up.
+ */
+void
+ns_lwdclient_processgabn(ns_lwdclient_t *client, lwres_buffer_t *b) {
+ isc_result_t result;
+ lwres_gabnrequest_t *req;
+ ns_lwdclientmgr_t *cm;
+ isc_buffer_t namebuf;
+
+ REQUIRE(NS_LWDCLIENT_ISRECVDONE(client));
+
+ cm = client->clientmgr;
+ req = NULL;
+
+ result = lwres_gabnrequest_parse(client->clientmgr->lwctx,
+ b, &client->pkt, &req);
+ if (result != LWRES_R_SUCCESS)
+ goto out;
+ if (req->name == NULL)
+ goto out;
+
+ isc_buffer_init(&namebuf, req->name, req->namelen);
+ isc_buffer_add(&namebuf, req->namelen);
+
+ dns_fixedname_init(&client->target_name);
+ dns_fixedname_init(&client->query_name);
+ result = dns_name_fromtext(dns_fixedname_name(&client->query_name),
+ &namebuf, NULL, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ ns_lwsearchctx_init(&client->searchctx,
+ cm->listener->manager->search,
+ dns_fixedname_name(&client->query_name),
+ cm->listener->manager->ndots);
+ ns_lwsearchctx_first(&client->searchctx);
+
+ client->find_wanted = req->addrtypes;
+ ns_lwdclient_log(50, "client %p looking for addrtypes %08x",
+ client, client->find_wanted);
+
+ /*
+ * We no longer need to keep this around.
+ */
+ lwres_gabnrequest_free(client->clientmgr->lwctx, &req);
+
+ /*
+ * Start the find.
+ */
+ result = start_find(client);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+
+ return;
+
+ /*
+ * We're screwed. Return an error packet to our caller.
+ */
+ out:
+ if (req != NULL)
+ lwres_gabnrequest_free(client->clientmgr->lwctx, &req);
+
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c
new file mode 100644
index 0000000..dfc2ad6
--- /dev/null
+++ b/bin/named/lwdgnba.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwdgnba.c,v 1.22 2008/01/14 23:46:56 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/byaddr.h>
+#include <dns/result.h>
+
+#include <named/types.h>
+#include <named/lwdclient.h>
+
+static void start_byaddr(ns_lwdclient_t *);
+
+static void
+byaddr_done(isc_task_t *task, isc_event_t *event) {
+ ns_lwdclient_t *client;
+ ns_lwdclientmgr_t *cm;
+ dns_byaddrevent_t *bevent;
+ int lwres;
+ lwres_buffer_t lwb;
+ dns_name_t *name;
+ isc_result_t result;
+ lwres_result_t lwresult;
+ isc_region_t r;
+ isc_buffer_t b;
+ lwres_gnbaresponse_t *gnba;
+ isc_uint16_t naliases;
+
+ UNUSED(task);
+
+ lwb.base = NULL;
+ client = event->ev_arg;
+ cm = client->clientmgr;
+ INSIST(client->byaddr == (dns_byaddr_t *)event->ev_sender);
+
+ bevent = (dns_byaddrevent_t *)event;
+ gnba = &client->gnba;
+
+ ns_lwdclient_log(50, "byaddr event result = %s",
+ isc_result_totext(bevent->result));
+
+ result = bevent->result;
+ if (result != ISC_R_SUCCESS) {
+ dns_byaddr_destroy(&client->byaddr);
+ isc_event_free(&event);
+ bevent = NULL;
+
+ if (client->na.family != AF_INET6 ||
+ (client->options & DNS_BYADDROPT_IPV6INT) != 0) {
+ if (result == DNS_R_NCACHENXDOMAIN ||
+ result == DNS_R_NCACHENXRRSET ||
+ result == DNS_R_NXDOMAIN ||
+ result == DNS_R_NXRRSET)
+ lwresult = LWRES_R_NOTFOUND;
+ else
+ lwresult = LWRES_R_FAILURE;
+ ns_lwdclient_errorpktsend(client, lwresult);
+ return;
+ }
+
+ /*
+ * Fall back to ip6.int reverse if the default ip6.arpa
+ * fails.
+ */
+ client->options |= DNS_BYADDROPT_IPV6INT;
+
+ start_byaddr(client);
+ return;
+ }
+
+ for (name = ISC_LIST_HEAD(bevent->names);
+ name != NULL;
+ name = ISC_LIST_NEXT(name, link))
+ {
+ b = client->recv_buffer;
+
+ result = dns_name_totext(name, ISC_TRUE, &client->recv_buffer);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ ns_lwdclient_log(50, "found name '%.*s'",
+ (int)(client->recv_buffer.used - b.used),
+ (char *)(b.base) + b.used);
+ if (gnba->realname == NULL) {
+ gnba->realname = (char *)(b.base) + b.used;
+ gnba->realnamelen = client->recv_buffer.used - b.used;
+ } else {
+ naliases = gnba->naliases;
+ if (naliases >= LWRES_MAX_ALIASES)
+ break;
+ gnba->aliases[naliases] = (char *)(b.base) + b.used;
+ gnba->aliaslen[naliases] =
+ client->recv_buffer.used - b.used;
+ gnba->naliases++;
+ }
+ }
+
+ dns_byaddr_destroy(&client->byaddr);
+ isc_event_free(&event);
+
+ /*
+ * Render the packet.
+ */
+ client->pkt.recvlength = LWRES_RECVLENGTH;
+ client->pkt.authtype = 0; /* XXXMLG */
+ client->pkt.authlength = 0;
+ client->pkt.result = LWRES_R_SUCCESS;
+
+ lwres = lwres_gnbaresponse_render(cm->lwctx,
+ gnba, &client->pkt, &lwb);
+ if (lwres != LWRES_R_SUCCESS)
+ goto out;
+
+ r.base = lwb.base;
+ r.length = lwb.used;
+ client->sendbuf = r.base;
+ client->sendlength = r.length;
+ result = ns_lwdclient_sendreply(client, &r);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+
+ NS_LWDCLIENT_SETSEND(client);
+
+ return;
+
+ out:
+ if (client->byaddr != NULL)
+ dns_byaddr_destroy(&client->byaddr);
+ if (lwb.base != NULL)
+ lwres_context_freemem(cm->lwctx,
+ lwb.base, lwb.length);
+
+ if (event != NULL)
+ isc_event_free(&event);
+}
+
+static void
+start_byaddr(ns_lwdclient_t *client) {
+ isc_result_t result;
+ ns_lwdclientmgr_t *cm;
+
+ cm = client->clientmgr;
+
+ INSIST(client->byaddr == NULL);
+
+ result = dns_byaddr_create(cm->mctx, &client->na, cm->view,
+ client->options, cm->task, byaddr_done,
+ client, &client->byaddr);
+ if (result != ISC_R_SUCCESS) {
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+ return;
+ }
+}
+
+static void
+init_gnba(ns_lwdclient_t *client) {
+ int i;
+
+ /*
+ * Initialize the real name and alias arrays in the reply we're
+ * going to build up.
+ */
+ for (i = 0; i < LWRES_MAX_ALIASES; i++) {
+ client->aliases[i] = NULL;
+ client->aliaslen[i] = 0;
+ }
+ for (i = 0; i < LWRES_MAX_ADDRS; i++) {
+ client->addrs[i].family = 0;
+ client->addrs[i].length = 0;
+ memset(client->addrs[i].address, 0, LWRES_ADDR_MAXLEN);
+ LWRES_LINK_INIT(&client->addrs[i], link);
+ }
+
+ client->gnba.naliases = 0;
+ client->gnba.realname = NULL;
+ client->gnba.aliases = client->aliases;
+ client->gnba.realnamelen = 0;
+ client->gnba.aliaslen = client->aliaslen;
+ client->gnba.base = NULL;
+ client->gnba.baselen = 0;
+ isc_buffer_init(&client->recv_buffer, client->buffer, LWRES_RECVLENGTH);
+}
+
+void
+ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) {
+ lwres_gnbarequest_t *req;
+ isc_result_t result;
+ isc_sockaddr_t sa;
+ ns_lwdclientmgr_t *cm;
+
+ REQUIRE(NS_LWDCLIENT_ISRECVDONE(client));
+ INSIST(client->byaddr == NULL);
+
+ cm = client->clientmgr;
+ req = NULL;
+
+ result = lwres_gnbarequest_parse(cm->lwctx,
+ b, &client->pkt, &req);
+ if (result != LWRES_R_SUCCESS)
+ goto out;
+
+ client->options = 0;
+ if (req->addr.family == LWRES_ADDRTYPE_V4) {
+ client->na.family = AF_INET;
+ if (req->addr.length != 4)
+ goto out;
+ memcpy(&client->na.type.in, req->addr.address, 4);
+ } else if (req->addr.family == LWRES_ADDRTYPE_V6) {
+ client->na.family = AF_INET6;
+ if (req->addr.length != 16)
+ goto out;
+ memcpy(&client->na.type.in6, req->addr.address, 16);
+ } else {
+ goto out;
+ }
+ isc_sockaddr_fromnetaddr(&sa, &client->na, 53);
+
+ ns_lwdclient_log(50, "client %p looking for addrtype %08x",
+ client, req->addr.family);
+
+ /*
+ * We no longer need to keep this around.
+ */
+ lwres_gnbarequest_free(cm->lwctx, &req);
+
+ /*
+ * Initialize the real name and alias arrays in the reply we're
+ * going to build up.
+ */
+ init_gnba(client);
+ client->options = 0;
+
+ /*
+ * Start the find.
+ */
+ start_byaddr(client);
+
+ return;
+
+ /*
+ * We're screwed. Return an error packet to our caller.
+ */
+ out:
+ if (req != NULL)
+ lwres_gnbarequest_free(cm->lwctx, &req);
+
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c
new file mode 100644
index 0000000..b54e83d
--- /dev/null
+++ b/bin/named/lwdgrbn.c
@@ -0,0 +1,513 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwdgrbn.c,v 1.20 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/mem.h>
+#include <isc/socket.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/lookup.h>
+#include <dns/rdata.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/result.h>
+#include <dns/view.h>
+
+#include <named/types.h>
+#include <named/lwdclient.h>
+#include <named/lwresd.h>
+#include <named/lwsearch.h>
+
+static void start_lookup(ns_lwdclient_t *);
+
+static isc_result_t
+fill_array(int *pos, dns_rdataset_t *rdataset,
+ int size, unsigned char **rdatas, lwres_uint16_t *rdatalen)
+{
+ dns_rdata_t rdata;
+ isc_result_t result;
+ isc_region_t r;
+
+ UNUSED(size);
+
+ dns_rdata_init(&rdata);
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset))
+ {
+ INSIST(*pos < size);
+ dns_rdataset_current(rdataset, &rdata);
+ dns_rdata_toregion(&rdata, &r);
+ rdatas[*pos] = r.base;
+ rdatalen[*pos] = r.length;
+ dns_rdata_reset(&rdata);
+ (*pos)++;
+ }
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+ return (result);
+}
+
+static isc_result_t
+iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
+ isc_mem_t *mctx)
+{
+ int used = 0, count;
+ int size = 8, oldsize = 0;
+ unsigned char **rdatas = NULL, **oldrdatas = NULL, **newrdatas = NULL;
+ lwres_uint16_t *lens = NULL, *oldlens = NULL, *newlens = NULL;
+ dns_rdatasetiter_t *iter = NULL;
+ dns_rdataset_t set;
+ dns_ttl_t ttl = ISC_INT32_MAX;
+ lwres_uint32_t flags = LWRDATA_VALIDATED;
+ isc_result_t result = ISC_R_NOMEMORY;
+
+ result = dns_db_allrdatasets(db, node, NULL, 0, &iter);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+
+ rdatas = isc_mem_get(mctx, size * sizeof(*rdatas));
+ if (rdatas == NULL)
+ goto out;
+ lens = isc_mem_get(mctx, size * sizeof(*lens));
+ if (lens == NULL)
+ goto out;
+
+ for (result = dns_rdatasetiter_first(iter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(iter))
+ {
+ result = ISC_R_NOMEMORY;
+ dns_rdataset_init(&set);
+ dns_rdatasetiter_current(iter, &set);
+
+ if (set.type != dns_rdatatype_rrsig) {
+ dns_rdataset_disassociate(&set);
+ continue;
+ }
+
+ count = dns_rdataset_count(&set);
+ if (used + count > size) {
+ /* copy & reallocate */
+ oldsize = size;
+ oldrdatas = rdatas;
+ oldlens = lens;
+ rdatas = NULL;
+ lens = NULL;
+
+ size *= 2;
+
+ rdatas = isc_mem_get(mctx, size * sizeof(*rdatas));
+ if (rdatas == NULL)
+ goto out;
+ lens = isc_mem_get(mctx, size * sizeof(*lens));
+ if (lens == NULL)
+ goto out;
+ memcpy(rdatas, oldrdatas, used * sizeof(*rdatas));
+ memcpy(lens, oldlens, used * sizeof(*lens));
+ isc_mem_put(mctx, oldrdatas,
+ oldsize * sizeof(*oldrdatas));
+ isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
+ oldrdatas = NULL;
+ oldlens = NULL;
+ }
+ if (set.ttl < ttl)
+ ttl = set.ttl;
+ if (set.trust != dns_trust_secure)
+ flags &= (~LWRDATA_VALIDATED);
+ result = fill_array(&used, &set, size, rdatas, lens);
+ dns_rdataset_disassociate(&set);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ }
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ dns_rdatasetiter_destroy(&iter);
+
+ /*
+ * If necessary, shrink and copy the arrays.
+ */
+ if (size != used) {
+ result = ISC_R_NOMEMORY;
+ newrdatas = isc_mem_get(mctx, used * sizeof(*rdatas));
+ if (newrdatas == NULL)
+ goto out;
+ newlens = isc_mem_get(mctx, used * sizeof(*lens));
+ if (newlens == NULL)
+ goto out;
+ memcpy(newrdatas, rdatas, used * sizeof(*rdatas));
+ memcpy(newlens, lens, used * sizeof(*lens));
+ isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
+ isc_mem_put(mctx, lens, size * sizeof(*lens));
+ grbn->rdatas = newrdatas;
+ grbn->rdatalen = newlens;
+ } else {
+ grbn->rdatas = rdatas;
+ grbn->rdatalen = lens;
+ }
+ grbn->nrdatas = used;
+ grbn->ttl = ttl;
+ grbn->flags = flags;
+ return (ISC_R_SUCCESS);
+
+ out:
+ dns_rdatasetiter_destroy(&iter);
+ if (rdatas != NULL)
+ isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
+ if (lens != NULL)
+ isc_mem_put(mctx, lens, size * sizeof(*lens));
+ if (oldrdatas != NULL)
+ isc_mem_put(mctx, oldrdatas, oldsize * sizeof(*oldrdatas));
+ if (oldlens != NULL)
+ isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
+ if (newrdatas != NULL)
+ isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas));
+ return (result);
+}
+
+static void
+lookup_done(isc_task_t *task, isc_event_t *event) {
+ ns_lwdclient_t *client;
+ ns_lwdclientmgr_t *cm;
+ dns_lookupevent_t *levent;
+ lwres_buffer_t lwb;
+ dns_name_t *name;
+ dns_rdataset_t *rdataset;
+ dns_rdataset_t *sigrdataset;
+ isc_result_t result;
+ lwres_result_t lwresult;
+ isc_region_t r;
+ isc_buffer_t b;
+ lwres_grbnresponse_t *grbn;
+ int i;
+
+ UNUSED(task);
+
+ lwb.base = NULL;
+ client = event->ev_arg;
+ cm = client->clientmgr;
+ INSIST(client->lookup == (dns_lookup_t *)event->ev_sender);
+
+ levent = (dns_lookupevent_t *)event;
+ grbn = &client->grbn;
+
+ ns_lwdclient_log(50, "lookup event result = %s",
+ isc_result_totext(levent->result));
+
+ result = levent->result;
+ if (result != ISC_R_SUCCESS) {
+ dns_lookup_destroy(&client->lookup);
+ isc_event_free(&event);
+ levent = NULL;
+
+ switch (result) {
+ case DNS_R_NXDOMAIN:
+ case DNS_R_NCACHENXDOMAIN:
+ result = ns_lwsearchctx_next(&client->searchctx);
+ if (result != ISC_R_SUCCESS)
+ lwresult = LWRES_R_NOTFOUND;
+ else {
+ start_lookup(client);
+ return;
+ }
+ break;
+ case DNS_R_NXRRSET:
+ case DNS_R_NCACHENXRRSET:
+ lwresult = LWRES_R_TYPENOTFOUND;
+ break;
+ default:
+ lwresult = LWRES_R_FAILURE;
+ }
+ ns_lwdclient_errorpktsend(client, lwresult);
+ return;
+ }
+
+ name = levent->name;
+ b = client->recv_buffer;
+
+ grbn->flags = 0;
+
+ grbn->nrdatas = 0;
+ grbn->rdatas = NULL;
+ grbn->rdatalen = NULL;
+
+ grbn->nsigs = 0;
+ grbn->sigs = NULL;
+ grbn->siglen = NULL;
+
+ result = dns_name_totext(name, ISC_TRUE, &client->recv_buffer);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ grbn->realname = (char *)isc_buffer_used(&b);
+ grbn->realnamelen = isc_buffer_usedlength(&client->recv_buffer) -
+ isc_buffer_usedlength(&b);
+ ns_lwdclient_log(50, "found name '%.*s'", grbn->realnamelen,
+ grbn->realname);
+
+ grbn->rdclass = cm->view->rdclass;
+ grbn->rdtype = client->rdtype;
+
+ rdataset = levent->rdataset;
+ if (rdataset != NULL) {
+ /* The normal case */
+ grbn->nrdatas = dns_rdataset_count(rdataset);
+ grbn->rdatas = isc_mem_get(cm->mctx, grbn->nrdatas *
+ sizeof(unsigned char *));
+ if (grbn->rdatas == NULL)
+ goto out;
+ grbn->rdatalen = isc_mem_get(cm->mctx, grbn->nrdatas *
+ sizeof(lwres_uint16_t));
+ if (grbn->rdatalen == NULL)
+ goto out;
+
+ i = 0;
+ result = fill_array(&i, rdataset, grbn->nrdatas, grbn->rdatas,
+ grbn->rdatalen);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ INSIST(i == grbn->nrdatas);
+ grbn->ttl = rdataset->ttl;
+ if (rdataset->trust == dns_trust_secure)
+ grbn->flags |= LWRDATA_VALIDATED;
+ } else {
+ /* The SIG query case */
+ result = iterate_node(grbn, levent->db, levent->node,
+ cm->mctx);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ }
+ ns_lwdclient_log(50, "filled in %d rdata%s", grbn->nrdatas,
+ (grbn->nrdatas == 1) ? "" : "s");
+
+ sigrdataset = levent->sigrdataset;
+ if (sigrdataset != NULL) {
+ grbn->nsigs = dns_rdataset_count(sigrdataset);
+ grbn->sigs = isc_mem_get(cm->mctx, grbn->nsigs *
+ sizeof(unsigned char *));
+ if (grbn->sigs == NULL)
+ goto out;
+ grbn->siglen = isc_mem_get(cm->mctx, grbn->nsigs *
+ sizeof(lwres_uint16_t));
+ if (grbn->siglen == NULL)
+ goto out;
+
+ i = 0;
+ result = fill_array(&i, sigrdataset, grbn->nsigs, grbn->sigs,
+ grbn->siglen);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ INSIST(i == grbn->nsigs);
+ ns_lwdclient_log(50, "filled in %d signature%s", grbn->nsigs,
+ (grbn->nsigs == 1) ? "" : "s");
+ }
+
+ dns_lookup_destroy(&client->lookup);
+ isc_event_free(&event);
+
+ /*
+ * Render the packet.
+ */
+ client->pkt.recvlength = LWRES_RECVLENGTH;
+ client->pkt.authtype = 0; /* XXXMLG */
+ client->pkt.authlength = 0;
+ client->pkt.result = LWRES_R_SUCCESS;
+
+ lwresult = lwres_grbnresponse_render(cm->lwctx,
+ grbn, &client->pkt, &lwb);
+ if (lwresult != LWRES_R_SUCCESS)
+ goto out;
+
+ isc_mem_put(cm->mctx, grbn->rdatas,
+ grbn->nrdatas * sizeof(unsigned char *));
+ isc_mem_put(cm->mctx, grbn->rdatalen,
+ grbn->nrdatas * sizeof(lwres_uint16_t));
+
+ if (grbn->sigs != NULL)
+ isc_mem_put(cm->mctx, grbn->sigs,
+ grbn->nsigs * sizeof(unsigned char *));
+ if (grbn->siglen != NULL)
+ isc_mem_put(cm->mctx, grbn->siglen,
+ grbn->nsigs * sizeof(lwres_uint16_t));
+
+ r.base = lwb.base;
+ r.length = lwb.used;
+ client->sendbuf = r.base;
+ client->sendlength = r.length;
+ result = ns_lwdclient_sendreply(client, &r);
+ if (result != ISC_R_SUCCESS)
+ goto out2;
+
+ NS_LWDCLIENT_SETSEND(client);
+
+ return;
+
+ out:
+ if (grbn->rdatas != NULL)
+ isc_mem_put(cm->mctx, grbn->rdatas,
+ grbn->nrdatas * sizeof(unsigned char *));
+ if (grbn->rdatalen != NULL)
+ isc_mem_put(cm->mctx, grbn->rdatalen,
+ grbn->nrdatas * sizeof(lwres_uint16_t));
+
+ if (grbn->sigs != NULL)
+ isc_mem_put(cm->mctx, grbn->sigs,
+ grbn->nsigs * sizeof(unsigned char *));
+ if (grbn->siglen != NULL)
+ isc_mem_put(cm->mctx, grbn->siglen,
+ grbn->nsigs * sizeof(lwres_uint16_t));
+ out2:
+ if (client->lookup != NULL)
+ dns_lookup_destroy(&client->lookup);
+ if (lwb.base != NULL)
+ lwres_context_freemem(cm->lwctx, lwb.base, lwb.length);
+
+ if (event != NULL)
+ isc_event_free(&event);
+
+ ns_lwdclient_log(50, "error constructing getrrsetbyname response");
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
+
+static void
+start_lookup(ns_lwdclient_t *client) {
+ isc_result_t result;
+ ns_lwdclientmgr_t *cm;
+ dns_fixedname_t absname;
+
+ cm = client->clientmgr;
+
+ INSIST(client->lookup == NULL);
+
+ dns_fixedname_init(&absname);
+ result = ns_lwsearchctx_current(&client->searchctx,
+ dns_fixedname_name(&absname));
+ /*
+ * This will return failure if relative name + suffix is too long.
+ * In this case, just go on to the next entry in the search path.
+ */
+ if (result != ISC_R_SUCCESS)
+ start_lookup(client);
+
+ result = dns_lookup_create(cm->mctx,
+ dns_fixedname_name(&absname),
+ client->rdtype, cm->view,
+ client->options, cm->task, lookup_done,
+ client, &client->lookup);
+ if (result != ISC_R_SUCCESS) {
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+ return;
+ }
+}
+
+static void
+init_grbn(ns_lwdclient_t *client) {
+ client->grbn.rdclass = 0;
+ client->grbn.rdtype = 0;
+ client->grbn.ttl = 0;
+ client->grbn.nrdatas = 0;
+ client->grbn.realname = NULL;
+ client->grbn.realnamelen = 0;
+ client->grbn.rdatas = 0;
+ client->grbn.rdatalen = 0;
+ client->grbn.base = NULL;
+ client->grbn.baselen = 0;
+ isc_buffer_init(&client->recv_buffer, client->buffer, LWRES_RECVLENGTH);
+}
+
+void
+ns_lwdclient_processgrbn(ns_lwdclient_t *client, lwres_buffer_t *b) {
+ lwres_grbnrequest_t *req;
+ isc_result_t result;
+ ns_lwdclientmgr_t *cm;
+ isc_buffer_t namebuf;
+
+ REQUIRE(NS_LWDCLIENT_ISRECVDONE(client));
+ INSIST(client->byaddr == NULL);
+
+ cm = client->clientmgr;
+ req = NULL;
+
+ result = lwres_grbnrequest_parse(cm->lwctx,
+ b, &client->pkt, &req);
+ if (result != LWRES_R_SUCCESS)
+ goto out;
+ if (req->name == NULL)
+ goto out;
+
+ client->options = 0;
+ if (req->rdclass != cm->view->rdclass)
+ goto out;
+
+ if (req->rdclass == dns_rdataclass_any ||
+ req->rdtype == dns_rdatatype_any)
+ goto out;
+
+ client->rdtype = req->rdtype;
+
+ isc_buffer_init(&namebuf, req->name, req->namelen);
+ isc_buffer_add(&namebuf, req->namelen);
+
+ dns_fixedname_init(&client->query_name);
+ result = dns_name_fromtext(dns_fixedname_name(&client->query_name),
+ &namebuf, NULL, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ ns_lwsearchctx_init(&client->searchctx,
+ cm->listener->manager->search,
+ dns_fixedname_name(&client->query_name),
+ cm->listener->manager->ndots);
+ ns_lwsearchctx_first(&client->searchctx);
+
+ ns_lwdclient_log(50, "client %p looking for type %d",
+ client, client->rdtype);
+
+ /*
+ * We no longer need to keep this around.
+ */
+ lwres_grbnrequest_free(cm->lwctx, &req);
+
+ /*
+ * Initialize the real name and alias arrays in the reply we're
+ * going to build up.
+ */
+ init_grbn(client);
+
+ /*
+ * Start the find.
+ */
+ start_lookup(client);
+
+ return;
+
+ /*
+ * We're screwed. Return an error packet to our caller.
+ */
+ out:
+ if (req != NULL)
+ lwres_grbnrequest_free(cm->lwctx, &req);
+
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
diff --git a/bin/named/lwdnoop.c b/bin/named/lwdnoop.c
new file mode 100644
index 0000000..14d8e0c
--- /dev/null
+++ b/bin/named/lwdnoop.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwdnoop.c,v 1.13 2008/01/22 23:28:04 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include <named/types.h>
+#include <named/lwdclient.h>
+
+void
+ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
+ lwres_nooprequest_t *req;
+ lwres_noopresponse_t resp;
+ isc_result_t result;
+ lwres_result_t lwres;
+ isc_region_t r;
+ lwres_buffer_t lwb;
+
+ REQUIRE(NS_LWDCLIENT_ISRECVDONE(client));
+ INSIST(client->byaddr == NULL);
+
+ req = NULL;
+
+ result = lwres_nooprequest_parse(client->clientmgr->lwctx,
+ b, &client->pkt, &req);
+ if (result != LWRES_R_SUCCESS)
+ goto send_error;
+
+ client->pkt.recvlength = LWRES_RECVLENGTH;
+ client->pkt.authtype = 0; /* XXXMLG */
+ client->pkt.authlength = 0;
+ client->pkt.result = LWRES_R_SUCCESS;
+
+ resp.datalength = req->datalength;
+ resp.data = req->data;
+
+ lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp,
+ &client->pkt, &lwb);
+ if (lwres != LWRES_R_SUCCESS)
+ goto cleanup_req;
+
+ r.base = lwb.base;
+ r.length = lwb.used;
+ client->sendbuf = r.base;
+ client->sendlength = r.length;
+ result = ns_lwdclient_sendreply(client, &r);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_lwb;
+
+ /*
+ * We can now destroy request.
+ */
+ lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+
+ NS_LWDCLIENT_SETSEND(client);
+
+ return;
+
+ cleanup_lwb:
+ lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length);
+
+ cleanup_req:
+ lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+
+ send_error:
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+}
diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
new file mode 100644
index 0000000..2c4e3bc
--- /dev/null
+++ b/bin/named/lwresd.8
@@ -0,0 +1,223 @@
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: lwresd.8,v 1.29 2008/11/07 01:11:19 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: lwresd
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+lwresd \- lightweight resolver daemon
+.SH "SYNOPSIS"
+.HP 7
+\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR]
+.SH "DESCRIPTION"
+.PP
+\fBlwresd\fR
+is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
+.PP
+\fBlwresd\fR
+listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that
+\fBlwresd\fR
+can only be used by processes running on the local machine. By default UDP port number 921 is used for lightweight resolver requests and responses.
+.PP
+Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes,
+\fBlwresd\fR
+encodes the answers in the lightweight resolver format and returns them to the client that made the request.
+.PP
+If
+\fI/etc/resolv.conf\fR
+contains any
+\fBnameserver\fR
+entries,
+\fBlwresd\fR
+sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no
+\fBnameserver\fR
+entries are present, or if forwarding fails,
+\fBlwresd\fR
+resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
+.SH "OPTIONS"
+.PP
+\-4
+.RS 4
+Use IPv4 only even if the host machine is capable of IPv6.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.RE
+.PP
+\-6
+.RS 4
+Use IPv6 only even if the host machine is capable of IPv4.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.RE
+.PP
+\-c \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/lwresd.conf\fR.
+\fB\-c\fR
+can not be used with
+\fB\-C\fR.
+.RE
+.PP
+\-C \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/resolv.conf\fR.
+\fB\-C\fR
+can not be used with
+\fB\-c\fR.
+.RE
+.PP
+\-d \fIdebug\-level\fR
+.RS 4
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBlwresd\fR
+become more verbose as the debug level increases.
+.RE
+.PP
+\-f
+.RS 4
+Run the server in the foreground (i.e. do not daemonize).
+.RE
+.PP
+\-g
+.RS 4
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
+.RE
+.PP
+\-i \fIpid\-file\fR
+.RS 4
+Use
+\fIpid\-file\fR
+as the PID file instead of the default,
+\fI/var/run/lwresd/lwresd.pid\fR.
+.RE
+.PP
+\-m \fIflag\fR
+.RS 4
+Turn on memory usage debugging flags. Possible flags are
+\fIusage\fR,
+\fItrace\fR,
+\fIrecord\fR,
+\fIsize\fR, and
+\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
+\fI<isc/mem.h>\fR.
+.RE
+.PP
+\-n \fI#cpus\fR
+.RS 4
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBlwresd\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
+.RE
+.PP
+\-P \fIport\fR
+.RS 4
+Listen for lightweight resolver queries on port
+\fIport\fR. If not specified, the default is port 921.
+.RE
+.PP
+\-p \fIport\fR
+.RS 4
+Send DNS lookups to port
+\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
+.RE
+.PP
+\-s
+.RS 4
+Write memory usage statistics to
+\fIstdout\fR
+on exit.
+.RS
+.B "Note:"
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
+.RE
+.RE
+.PP
+\-t \fIdirectory\fR
+.RS 4
+Chroot to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
+.RS
+.B "Warning:"
+This option should be used in conjunction with the
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot(2)\fR
+is defined allows a process with root privileges to escape a chroot jail.
+.RE
+.RE
+.PP
+\-u \fIuser\fR
+.RS 4
+Setuid to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
+.RE
+.PP
+\-v
+.RS 4
+Report the version number and exit.
+.RE
+.SH "FILES"
+.PP
+\fI/etc/resolv.conf\fR
+.RS 4
+The default configuration file.
+.RE
+.PP
+\fI/var/run/lwresd.pid\fR
+.RS 4
+The default process\-id file.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fBlwres\fR(3),
+\fBresolver\fR(5).
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
new file mode 100644
index 0000000..4e245fd
--- /dev/null
+++ b/bin/named/lwresd.c
@@ -0,0 +1,870 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwresd.c,v 1.58 2008/07/23 23:27:54 marka Exp $ */
+
+/*! \file
+ * \brief
+ * Main program for the Lightweight Resolver Daemon.
+ *
+ * To paraphrase the old saying about X11, "It's not a lightweight deamon
+ * for resolvers, it's a deamon for lightweight resolvers".
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/list.h>
+#include <isc/magic.h>
+#include <isc/mem.h>
+#include <isc/once.h>
+#include <isc/print.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <dns/log.h>
+#include <dns/result.h>
+#include <dns/view.h>
+
+#include <named/config.h>
+#include <named/globals.h>
+#include <named/log.h>
+#include <named/lwaddr.h>
+#include <named/lwresd.h>
+#include <named/lwdclient.h>
+#include <named/lwsearch.h>
+#include <named/server.h>
+
+#define LWRESD_MAGIC ISC_MAGIC('L', 'W', 'R', 'D')
+#define VALID_LWRESD(l) ISC_MAGIC_VALID(l, LWRESD_MAGIC)
+
+#define LWRESLISTENER_MAGIC ISC_MAGIC('L', 'W', 'R', 'L')
+#define VALID_LWRESLISTENER(l) ISC_MAGIC_VALID(l, LWRESLISTENER_MAGIC)
+
+/*!
+ * The total number of clients we can handle will be NTASKS * NRECVS.
+ */
+#define NTASKS 2 /*%< tasks to create to handle lwres queries */
+#define NRECVS 2 /*%< max clients per task */
+
+typedef ISC_LIST(ns_lwreslistener_t) ns_lwreslistenerlist_t;
+
+static ns_lwreslistenerlist_t listeners;
+static isc_mutex_t listeners_lock;
+static isc_once_t once = ISC_ONCE_INIT;
+
+
+static void
+initialize_mutex(void) {
+ RUNTIME_CHECK(isc_mutex_init(&listeners_lock) == ISC_R_SUCCESS);
+}
+
+
+/*%
+ * Wrappers around our memory management stuff, for the lwres functions.
+ */
+void *
+ns__lwresd_memalloc(void *arg, size_t size) {
+ return (isc_mem_get(arg, size));
+}
+
+void
+ns__lwresd_memfree(void *arg, void *mem, size_t size) {
+ isc_mem_put(arg, mem, size);
+}
+
+
+#define CHECK(op) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) goto cleanup; \
+ } while (0)
+
+static isc_result_t
+buffer_putstr(isc_buffer_t *b, const char *s) {
+ unsigned int len = strlen(s);
+ if (isc_buffer_availablelength(b) <= len)
+ return (ISC_R_NOSPACE);
+ isc_buffer_putmem(b, (const unsigned char *)s, len);
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Convert a resolv.conf file into a config structure.
+ */
+isc_result_t
+ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
+ cfg_obj_t **configp)
+{
+ char text[4096];
+ char str[16];
+ isc_buffer_t b;
+ lwres_context_t *lwctx = NULL;
+ lwres_conf_t *lwc = NULL;
+ isc_sockaddr_t sa;
+ isc_netaddr_t na;
+ int i;
+ isc_result_t result;
+ lwres_result_t lwresult;
+
+ lwctx = NULL;
+ lwresult = lwres_context_create(&lwctx, mctx, ns__lwresd_memalloc,
+ ns__lwresd_memfree,
+ LWRES_CONTEXT_SERVERMODE);
+ if (lwresult != LWRES_R_SUCCESS) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup;
+ }
+
+ lwresult = lwres_conf_parse(lwctx, lwresd_g_resolvconffile);
+ if (lwresult != LWRES_R_SUCCESS) {
+ result = DNS_R_SYNTAX;
+ goto cleanup;
+ }
+
+ lwc = lwres_conf_get(lwctx);
+ INSIST(lwc != NULL);
+
+ isc_buffer_init(&b, text, sizeof(text));
+
+ CHECK(buffer_putstr(&b, "options {\n"));
+
+ /*
+ * Build the list of forwarders.
+ */
+ if (lwc->nsnext > 0) {
+ CHECK(buffer_putstr(&b, "\tforwarders {\n"));
+
+ for (i = 0; i < lwc->nsnext; i++) {
+ CHECK(lwaddr_sockaddr_fromlwresaddr(
+ &sa,
+ &lwc->nameservers[i],
+ ns_g_port));
+ isc_netaddr_fromsockaddr(&na, &sa);
+ CHECK(buffer_putstr(&b, "\t\t"));
+ CHECK(isc_netaddr_totext(&na, &b));
+ CHECK(buffer_putstr(&b, ";\n"));
+ }
+ CHECK(buffer_putstr(&b, "\t};\n"));
+ }
+
+ /*
+ * Build the sortlist
+ */
+ if (lwc->sortlistnxt > 0) {
+ CHECK(buffer_putstr(&b, "\tsortlist {\n"));
+ CHECK(buffer_putstr(&b, "\t\t{\n"));
+ CHECK(buffer_putstr(&b, "\t\t\tany;\n"));
+ CHECK(buffer_putstr(&b, "\t\t\t{\n"));
+ for (i = 0; i < lwc->sortlistnxt; i++) {
+ lwres_addr_t *lwaddr = &lwc->sortlist[i].addr;
+ lwres_addr_t *lwmask = &lwc->sortlist[i].mask;
+ unsigned int mask;
+
+ CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, lwmask, 0));
+ isc_netaddr_fromsockaddr(&na, &sa);
+ result = isc_netaddr_masktoprefixlen(&na, &mask);
+ if (result != ISC_R_SUCCESS) {
+ char addrtext[ISC_NETADDR_FORMATSIZE];
+ isc_netaddr_format(&na, addrtext,
+ sizeof(addrtext));
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD,
+ ISC_LOG_ERROR,
+ "processing sortlist: '%s' is "
+ "not a valid netmask",
+ addrtext);
+ goto cleanup;
+ }
+
+ CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, lwaddr, 0));
+ isc_netaddr_fromsockaddr(&na, &sa);
+
+ CHECK(buffer_putstr(&b, "\t\t\t\t"));
+ CHECK(isc_netaddr_totext(&na, &b));
+ snprintf(str, sizeof(str), "%u", mask);
+ CHECK(buffer_putstr(&b, "/"));
+ CHECK(buffer_putstr(&b, str));
+ CHECK(buffer_putstr(&b, ";\n"));
+ }
+ CHECK(buffer_putstr(&b, "\t\t\t};\n"));
+ CHECK(buffer_putstr(&b, "\t\t};\n"));
+ CHECK(buffer_putstr(&b, "\t};\n"));
+ }
+
+ CHECK(buffer_putstr(&b, "};\n\n"));
+
+ CHECK(buffer_putstr(&b, "lwres {\n"));
+
+ /*
+ * Build the search path
+ */
+ if (lwc->searchnxt > 0) {
+ if (lwc->searchnxt > 0) {
+ CHECK(buffer_putstr(&b, "\tsearch {\n"));
+ for (i = 0; i < lwc->searchnxt; i++) {
+ CHECK(buffer_putstr(&b, "\t\t\""));
+ CHECK(buffer_putstr(&b, lwc->search[i]));
+ CHECK(buffer_putstr(&b, "\";\n"));
+ }
+ CHECK(buffer_putstr(&b, "\t};\n"));
+ }
+ }
+
+ /*
+ * Build the ndots line
+ */
+ if (lwc->ndots != 1) {
+ CHECK(buffer_putstr(&b, "\tndots "));
+ snprintf(str, sizeof(str), "%u", lwc->ndots);
+ CHECK(buffer_putstr(&b, str));
+ CHECK(buffer_putstr(&b, ";\n"));
+ }
+
+ /*
+ * Build the listen-on line
+ */
+ if (lwc->lwnext > 0) {
+ CHECK(buffer_putstr(&b, "\tlisten-on {\n"));
+
+ for (i = 0; i < lwc->lwnext; i++) {
+ CHECK(lwaddr_sockaddr_fromlwresaddr(&sa,
+ &lwc->lwservers[i],
+ 0));
+ isc_netaddr_fromsockaddr(&na, &sa);
+ CHECK(buffer_putstr(&b, "\t\t"));
+ CHECK(isc_netaddr_totext(&na, &b));
+ CHECK(buffer_putstr(&b, ";\n"));
+ }
+ CHECK(buffer_putstr(&b, "\t};\n"));
+ }
+
+ CHECK(buffer_putstr(&b, "};\n"));
+
+#if 0
+ printf("%.*s\n",
+ (int)isc_buffer_usedlength(&b),
+ (char *)isc_buffer_base(&b));
+#endif
+
+ lwres_conf_clear(lwctx);
+ lwres_context_destroy(&lwctx);
+
+ return (cfg_parse_buffer(pctx, &b, &cfg_type_namedconf, configp));
+
+ cleanup:
+
+ if (lwctx != NULL) {
+ lwres_conf_clear(lwctx);
+ lwres_context_destroy(&lwctx);
+ }
+
+ return (result);
+}
+
+
+/*
+ * Handle lwresd manager objects
+ */
+isc_result_t
+ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
+ ns_lwresd_t **lwresdp)
+{
+ ns_lwresd_t *lwresd;
+ const char *vname;
+ dns_rdataclass_t vclass;
+ const cfg_obj_t *obj, *viewobj, *searchobj;
+ const cfg_listelt_t *element;
+ isc_result_t result;
+
+ INSIST(lwresdp != NULL && *lwresdp == NULL);
+
+ lwresd = isc_mem_get(mctx, sizeof(ns_lwresd_t));
+ if (lwresd == NULL)
+ return (ISC_R_NOMEMORY);
+
+ lwresd->mctx = NULL;
+ isc_mem_attach(mctx, &lwresd->mctx);
+ lwresd->view = NULL;
+ lwresd->search = NULL;
+ lwresd->refs = 1;
+
+ obj = NULL;
+ (void)cfg_map_get(lwres, "ndots", &obj);
+ if (obj != NULL)
+ lwresd->ndots = cfg_obj_asuint32(obj);
+ else
+ lwresd->ndots = 1;
+
+ RUNTIME_CHECK(isc_mutex_init(&lwresd->lock) == ISC_R_SUCCESS);
+
+ lwresd->shutting_down = ISC_FALSE;
+
+ viewobj = NULL;
+ (void)cfg_map_get(lwres, "view", &viewobj);
+ if (viewobj != NULL) {
+ vname = cfg_obj_asstring(cfg_tuple_get(viewobj, "name"));
+ obj = cfg_tuple_get(viewobj, "class");
+ result = ns_config_getclass(obj, dns_rdataclass_in, &vclass);
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+ } else {
+ vname = "_default";
+ vclass = dns_rdataclass_in;
+ }
+
+ result = dns_viewlist_find(&ns_g_server->viewlist, vname, vclass,
+ &lwresd->view);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
+ "couldn't find view %s", vname);
+ goto fail;
+ }
+
+ searchobj = NULL;
+ (void)cfg_map_get(lwres, "search", &searchobj);
+ if (searchobj != NULL) {
+ lwresd->search = NULL;
+ result = ns_lwsearchlist_create(lwresd->mctx,
+ &lwresd->search);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
+ "couldn't create searchlist");
+ goto fail;
+ }
+ for (element = cfg_list_first(searchobj);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *search;
+ const char *searchstr;
+ isc_buffer_t namebuf;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ search = cfg_listelt_value(element);
+ searchstr = cfg_obj_asstring(search);
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&namebuf, searchstr,
+ strlen(searchstr));
+ isc_buffer_add(&namebuf, strlen(searchstr));
+ result = dns_name_fromtext(name, &namebuf,
+ dns_rootname, ISC_FALSE,
+ NULL);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD,
+ ISC_LOG_WARNING,
+ "invalid name %s in searchlist",
+ searchstr);
+ continue;
+ }
+
+ result = ns_lwsearchlist_append(lwresd->search, name);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD,
+ ISC_LOG_WARNING,
+ "couldn't update searchlist");
+ goto fail;
+ }
+ }
+ }
+
+ lwresd->magic = LWRESD_MAGIC;
+
+ *lwresdp = lwresd;
+ return (ISC_R_SUCCESS);
+
+ fail:
+ if (lwresd->view != NULL)
+ dns_view_detach(&lwresd->view);
+ if (lwresd->search != NULL)
+ ns_lwsearchlist_detach(&lwresd->search);
+ if (lwresd->mctx != NULL)
+ isc_mem_detach(&lwresd->mctx);
+ isc_mem_put(mctx, lwresd, sizeof(ns_lwresd_t));
+ return (result);
+}
+
+void
+ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp) {
+ INSIST(VALID_LWRESD(source));
+ INSIST(targetp != NULL && *targetp == NULL);
+
+ LOCK(&source->lock);
+ source->refs++;
+ UNLOCK(&source->lock);
+
+ *targetp = source;
+}
+
+void
+ns_lwdmanager_detach(ns_lwresd_t **lwresdp) {
+ ns_lwresd_t *lwresd;
+ isc_mem_t *mctx;
+ isc_boolean_t done = ISC_FALSE;
+
+ INSIST(lwresdp != NULL && *lwresdp != NULL);
+ INSIST(VALID_LWRESD(*lwresdp));
+
+ lwresd = *lwresdp;
+ *lwresdp = NULL;
+
+ LOCK(&lwresd->lock);
+ INSIST(lwresd->refs > 0);
+ lwresd->refs--;
+ if (lwresd->refs == 0)
+ done = ISC_TRUE;
+ UNLOCK(&lwresd->lock);
+
+ if (!done)
+ return;
+
+ dns_view_detach(&lwresd->view);
+ if (lwresd->search != NULL)
+ ns_lwsearchlist_detach(&lwresd->search);
+ mctx = lwresd->mctx;
+ lwresd->magic = 0;
+ isc_mem_put(mctx, lwresd, sizeof(*lwresd));
+ isc_mem_detach(&mctx);
+}
+
+
+/*
+ * Handle listener objects
+ */
+void
+ns_lwreslistener_attach(ns_lwreslistener_t *source,
+ ns_lwreslistener_t **targetp)
+{
+ INSIST(VALID_LWRESLISTENER(source));
+ INSIST(targetp != NULL && *targetp == NULL);
+
+ LOCK(&source->lock);
+ source->refs++;
+ UNLOCK(&source->lock);
+
+ *targetp = source;
+}
+
+void
+ns_lwreslistener_detach(ns_lwreslistener_t **listenerp) {
+ ns_lwreslistener_t *listener;
+ isc_mem_t *mctx;
+ isc_boolean_t done = ISC_FALSE;
+
+ INSIST(listenerp != NULL && *listenerp != NULL);
+ INSIST(VALID_LWRESLISTENER(*listenerp));
+
+ listener = *listenerp;
+
+ LOCK(&listener->lock);
+ INSIST(listener->refs > 0);
+ listener->refs--;
+ if (listener->refs == 0)
+ done = ISC_TRUE;
+ UNLOCK(&listener->lock);
+
+ if (!done)
+ return;
+
+ if (listener->manager != NULL)
+ ns_lwdmanager_detach(&listener->manager);
+
+ if (listener->sock != NULL)
+ isc_socket_detach(&listener->sock);
+
+ listener->magic = 0;
+ mctx = listener->mctx;
+ isc_mem_put(mctx, listener, sizeof(*listener));
+ isc_mem_detach(&mctx);
+ listenerp = NULL;
+}
+
+static isc_result_t
+listener_create(isc_mem_t *mctx, ns_lwresd_t *lwresd,
+ ns_lwreslistener_t **listenerp)
+{
+ ns_lwreslistener_t *listener;
+ isc_result_t result;
+
+ REQUIRE(listenerp != NULL && *listenerp == NULL);
+
+ listener = isc_mem_get(mctx, sizeof(ns_lwreslistener_t));
+ if (listener == NULL)
+ return (ISC_R_NOMEMORY);
+
+ result = isc_mutex_init(&listener->lock);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(mctx, listener, sizeof(ns_lwreslistener_t));
+ return (result);
+ }
+
+ listener->magic = LWRESLISTENER_MAGIC;
+ listener->refs = 1;
+
+ listener->sock = NULL;
+
+ listener->manager = NULL;
+ ns_lwdmanager_attach(lwresd, &listener->manager);
+
+ listener->mctx = NULL;
+ isc_mem_attach(mctx, &listener->mctx);
+
+ ISC_LINK_INIT(listener, link);
+ ISC_LIST_INIT(listener->cmgrs);
+
+ *listenerp = listener;
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
+ isc_socket_t *sock = NULL;
+ isc_result_t result = ISC_R_SUCCESS;
+ int pf;
+
+ pf = isc_sockaddr_pf(address);
+ if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
+ (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
+ return (ISC_R_FAMILYNOSUPPORT);
+
+ listener->address = *address;
+
+ if (isc_sockaddr_getport(&listener->address) == 0) {
+ in_port_t port;
+ port = lwresd_g_listenport;
+ if (port == 0)
+ port = LWRES_UDP_PORT;
+ isc_sockaddr_setport(&listener->address, port);
+ }
+
+ sock = NULL;
+ result = isc_socket_create(ns_g_socketmgr, pf,
+ isc_sockettype_udp, &sock);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
+ "failed to create lwres socket: %s",
+ isc_result_totext(result));
+ return (result);
+ }
+
+ result = isc_socket_bind(sock, &listener->address,
+ ISC_SOCKET_REUSEADDRESS);
+ if (result != ISC_R_SUCCESS) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_format(&listener->address, socktext,
+ sizeof(socktext));
+ isc_socket_detach(&sock);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
+ "failed to add lwres socket: %s: %s",
+ socktext, isc_result_totext(result));
+ return (result);
+ }
+ listener->sock = sock;
+ return (ISC_R_SUCCESS);
+}
+
+static void
+listener_copysock(ns_lwreslistener_t *oldlistener,
+ ns_lwreslistener_t *newlistener)
+{
+ newlistener->address = oldlistener->address;
+ isc_socket_attach(oldlistener->sock, &newlistener->sock);
+}
+
+static isc_result_t
+listener_startclients(ns_lwreslistener_t *listener) {
+ ns_lwdclientmgr_t *cm;
+ unsigned int i;
+ isc_result_t result;
+
+ /*
+ * Create the client managers.
+ */
+ result = ISC_R_SUCCESS;
+ for (i = 0; i < NTASKS && result == ISC_R_SUCCESS; i++)
+ result = ns_lwdclientmgr_create(listener, NRECVS,
+ ns_g_taskmgr);
+
+ /*
+ * Ensure that we have created at least one.
+ */
+ if (ISC_LIST_EMPTY(listener->cmgrs))
+ return (result);
+
+ /*
+ * Walk the list of clients and start each one up.
+ */
+ LOCK(&listener->lock);
+ cm = ISC_LIST_HEAD(listener->cmgrs);
+ while (cm != NULL) {
+ result = ns_lwdclient_startrecv(cm);
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_ERROR,
+ "could not start lwres "
+ "client handler: %s",
+ isc_result_totext(result));
+ cm = ISC_LIST_NEXT(cm, link);
+ }
+ UNLOCK(&listener->lock);
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+listener_shutdown(ns_lwreslistener_t *listener) {
+ ns_lwdclientmgr_t *cm;
+
+ cm = ISC_LIST_HEAD(listener->cmgrs);
+ while (cm != NULL) {
+ isc_task_shutdown(cm->task);
+ cm = ISC_LIST_NEXT(cm, link);
+ }
+}
+
+static isc_result_t
+find_listener(isc_sockaddr_t *address, ns_lwreslistener_t **listenerp) {
+ ns_lwreslistener_t *listener;
+
+ INSIST(listenerp != NULL && *listenerp == NULL);
+
+ for (listener = ISC_LIST_HEAD(listeners);
+ listener != NULL;
+ listener = ISC_LIST_NEXT(listener, link))
+ {
+ if (!isc_sockaddr_equal(address, &listener->address))
+ continue;
+ *listenerp = listener;
+ return (ISC_R_SUCCESS);
+ }
+ return (ISC_R_NOTFOUND);
+}
+
+void
+ns_lwreslistener_unlinkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm)
+{
+ REQUIRE(VALID_LWRESLISTENER(listener));
+
+ LOCK(&listener->lock);
+ ISC_LIST_UNLINK(listener->cmgrs, cm, link);
+ UNLOCK(&listener->lock);
+}
+
+void
+ns_lwreslistener_linkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm) {
+ REQUIRE(VALID_LWRESLISTENER(listener));
+
+ /*
+ * This does no locking, since it's called early enough that locking
+ * isn't needed.
+ */
+ ISC_LIST_APPEND(listener->cmgrs, cm, link);
+}
+
+static isc_result_t
+configure_listener(isc_sockaddr_t *address, ns_lwresd_t *lwresd,
+ isc_mem_t *mctx, ns_lwreslistenerlist_t *newlisteners)
+{
+ ns_lwreslistener_t *listener, *oldlistener = NULL;
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_result_t result;
+
+ (void)find_listener(address, &oldlistener);
+ listener = NULL;
+ result = listener_create(mctx, lwresd, &listener);
+ if (result != ISC_R_SUCCESS) {
+ isc_sockaddr_format(address, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
+ "lwres failed to configure %s: %s",
+ socktext, isc_result_totext(result));
+ return (result);
+ }
+
+ /*
+ * If there's already a listener, don't rebind the socket.
+ */
+ if (oldlistener == NULL) {
+ result = listener_bind(listener, address);
+ if (result != ISC_R_SUCCESS) {
+ ns_lwreslistener_detach(&listener);
+ return (ISC_R_SUCCESS);
+ }
+ } else
+ listener_copysock(oldlistener, listener);
+
+ result = listener_startclients(listener);
+ if (result != ISC_R_SUCCESS) {
+ isc_sockaddr_format(address, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
+ "lwres: failed to start %s: %s", socktext,
+ isc_result_totext(result));
+ ns_lwreslistener_detach(&listener);
+ return (ISC_R_SUCCESS);
+ }
+
+ if (oldlistener != NULL) {
+ /*
+ * Remove the old listener from the old list and shut it down.
+ */
+ ISC_LIST_UNLINK(listeners, oldlistener, link);
+ listener_shutdown(oldlistener);
+ ns_lwreslistener_detach(&oldlistener);
+ } else {
+ isc_sockaddr_format(address, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_NOTICE,
+ "lwres listening on %s", socktext);
+ }
+
+ ISC_LIST_APPEND(*newlisteners, listener, link);
+ return (result);
+}
+
+isc_result_t
+ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config) {
+ const cfg_obj_t *lwreslist = NULL;
+ const cfg_obj_t *lwres = NULL;
+ const cfg_obj_t *listenerslist = NULL;
+ const cfg_listelt_t *element = NULL;
+ ns_lwreslistener_t *listener;
+ ns_lwreslistenerlist_t newlisteners;
+ isc_result_t result;
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_t *addrs = NULL;
+ ns_lwresd_t *lwresd = NULL;
+ isc_uint32_t count = 0;
+
+ REQUIRE(mctx != NULL);
+ REQUIRE(config != NULL);
+
+ RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
+
+ ISC_LIST_INIT(newlisteners);
+
+ result = cfg_map_get(config, "lwres", &lwreslist);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_R_SUCCESS);
+
+ LOCK(&listeners_lock);
+ /*
+ * Run through the new lwres address list, noting sockets that
+ * are already being listened on and moving them to the new list.
+ *
+ * Identifying duplicates addr/port combinations is left to either
+ * the underlying config code, or to the bind attempt getting an
+ * address-in-use error.
+ */
+ for (element = cfg_list_first(lwreslist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ in_port_t port;
+
+ lwres = cfg_listelt_value(element);
+ CHECK(ns_lwdmanager_create(mctx, lwres, &lwresd));
+
+ port = lwresd_g_listenport;
+ if (port == 0)
+ port = LWRES_UDP_PORT;
+
+ listenerslist = NULL;
+ (void)cfg_map_get(lwres, "listen-on", &listenerslist);
+ if (listenerslist == NULL) {
+ struct in_addr localhost;
+ isc_sockaddr_t address;
+
+ localhost.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&address, &localhost, port);
+ CHECK(configure_listener(&address, lwresd, mctx,
+ &newlisteners));
+ } else {
+ isc_uint32_t i;
+
+ CHECK(ns_config_getiplist(config, listenerslist,
+ port, mctx, &addrs, &count));
+ for (i = 0; i < count; i++)
+ CHECK(configure_listener(&addrs[i], lwresd,
+ mctx, &newlisteners));
+ ns_config_putiplist(mctx, &addrs, count);
+ }
+ ns_lwdmanager_detach(&lwresd);
+ }
+
+ /*
+ * Shutdown everything on the listeners list, and remove them from
+ * the list. Then put all of the new listeners on it.
+ */
+
+ while (!ISC_LIST_EMPTY(listeners)) {
+ listener = ISC_LIST_HEAD(listeners);
+ ISC_LIST_UNLINK(listeners, listener, link);
+
+ isc_sockaddr_format(&listener->address,
+ socktext, sizeof(socktext));
+
+ listener_shutdown(listener);
+ ns_lwreslistener_detach(&listener);
+
+ isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_LWRESD, ISC_LOG_NOTICE,
+ "lwres no longer listening on %s", socktext);
+ }
+
+ cleanup:
+ ISC_LIST_APPENDLIST(listeners, newlisteners, link);
+
+ if (addrs != NULL)
+ ns_config_putiplist(mctx, &addrs, count);
+
+ if (lwresd != NULL)
+ ns_lwdmanager_detach(&lwresd);
+
+ UNLOCK(&listeners_lock);
+
+ return (result);
+}
+
+void
+ns_lwresd_shutdown(void) {
+ ns_lwreslistener_t *listener;
+
+ RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
+
+ while (!ISC_LIST_EMPTY(listeners)) {
+ listener = ISC_LIST_HEAD(listeners);
+ ISC_LIST_UNLINK(listeners, listener, link);
+ ns_lwreslistener_detach(&listener);
+ }
+}
diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook
new file mode 100644
index 0000000..3e72fd3
--- /dev/null
+++ b/bin/named/lwresd.docbook
@@ -0,0 +1,373 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: lwresd.docbook,v 1.18 2008/11/06 05:30:24 marka Exp $ -->
+<refentry>
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>lwresd</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>lwresd</application></refname>
+ <refpurpose>lightweight resolver daemon</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>lwresd</command>
+ <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
+ <arg><option>-f</option></arg>
+ <arg><option>-g</option></arg>
+ <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>
+ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
+ <arg><option>-P <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-s</option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-4</option></arg>
+ <arg><option>-6</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+
+ <para><command>lwresd</command>
+ is the daemon providing name lookup
+ services to clients that use the BIND 9 lightweight resolver
+ library. It is essentially a stripped-down, caching-only name
+ server that answers queries using the BIND 9 lightweight
+ resolver protocol rather than the DNS protocol.
+ </para>
+
+ <para><command>lwresd</command>
+ listens for resolver queries on a
+ UDP port on the IPv4 loopback interface, 127.0.0.1. This
+ means that <command>lwresd</command> can only be used by
+ processes running on the local machine. By default UDP port
+ number 921 is used for lightweight resolver requests and
+ responses.
+ </para>
+ <para>
+ Incoming lightweight resolver requests are decoded by the
+ server which then resolves them using the DNS protocol. When
+ the DNS lookup completes, <command>lwresd</command> encodes
+ the answers in the lightweight resolver format and returns
+ them to the client that made the request.
+ </para>
+ <para>
+ If <filename>/etc/resolv.conf</filename> contains any
+ <option>nameserver</option> entries, <command>lwresd</command>
+ sends recursive DNS queries to those servers. This is similar
+ to the use of forwarders in a caching name server. If no
+ <option>nameserver</option> entries are present, or if
+ forwarding fails, <command>lwresd</command> resolves the
+ queries autonomously starting at the root name servers, using
+ a built-in list of root server hints.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>-4</term>
+ <listitem>
+ <para>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <option>-4</option> and <option>-6</option> are mutually
+ exclusive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-6</term>
+ <listitem>
+ <para>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <option>-4</option> and <option>-6</option> are mutually
+ exclusive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <!-- this is in source but not mentioned? does this matter? -->
+ <varlistentry>
+ <term>-c <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/lwresd.conf</filename>.
+ <!-- Should this be an absolute path name? -->
+ <option>-c</option> can not be used with <option>-C</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-C <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/resolv.conf</filename>.
+ <option>-C</option> can not be used with <option>-c</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-d <replaceable class="parameter">debug-level</replaceable></term>
+ <listitem>
+ <para>
+ Set the daemon's debug level to <replaceable class="parameter">debug-level</replaceable>.
+ Debugging traces from <command>lwresd</command> become
+ more verbose as the debug level increases.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f</term>
+ <listitem>
+ <para>
+ Run the server in the foreground (i.e. do not daemonize).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-g</term>
+ <listitem>
+ <para>
+ Run the server in the foreground and force all logging
+ to <filename>stderr</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-i <replaceable class="parameter">pid-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">pid-file</replaceable> as the
+ PID file instead of the default,
+ <filename>/var/run/lwresd/lwresd.pid</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m <replaceable class="parameter">flag</replaceable></term>
+ <listitem>
+ <para>
+ Turn on memory usage debugging flags. Possible flags are
+ <replaceable class="parameter">usage</replaceable>,
+ <replaceable class="parameter">trace</replaceable>,
+ <replaceable class="parameter">record</replaceable>,
+ <replaceable class="parameter">size</replaceable>, and
+ <replaceable class="parameter">mctx</replaceable>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <filename>&lt;isc/mem.h&gt;</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">#cpus</replaceable></term>
+ <listitem>
+ <para>
+ Create <replaceable class="parameter">#cpus</replaceable> worker threads
+ to take advantage of multiple CPUs. If not specified,
+ <command>lwresd</command> will try to determine the
+ number of CPUs present and create one thread per CPU.
+ If it is unable to determine the number of CPUs, a
+ single worker thread will be created.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-P <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Listen for lightweight resolver queries on port
+ <replaceable class="parameter">port</replaceable>. If
+ not specified, the default is port 921.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Send DNS lookups to port <replaceable class="parameter">port</replaceable>. If not
+ specified, the default is port 53. This provides a
+ way of testing the lightweight resolver daemon with a
+ name server that listens for queries on a non-standard
+ port number.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s</term>
+ <listitem>
+ <para>
+ Write memory usage statistics to <filename>stdout</filename>
+ on exit.
+ </para>
+ <note>
+ <para>
+ This option is mainly of interest to BIND 9 developers
+ and may be removed or changed in a future release.
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>Chroot
+ to <replaceable class="parameter">directory</replaceable> after
+ processing the command line arguments, but before
+ reading the configuration file.
+ </para>
+ <warning>
+ <para>
+ This option should be used in conjunction with the
+ <option>-u</option> option, as chrooting a process
+ running as root doesn't enhance security on most
+ systems; the way <function>chroot(2)</function> is
+ defined allows a process with root privileges to
+ escape a chroot jail.
+ </para>
+ </warning>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-u <replaceable class="parameter">user</replaceable></term>
+ <listitem>
+ <para>Setuid
+ to <replaceable class="parameter">user</replaceable> after completing
+ privileged operations, such as creating sockets that
+ listen on privileged ports.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>
+ Report the version number and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><filename>/etc/resolv.conf</filename></term>
+ <listitem>
+ <para>
+ The default configuration file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><filename>/var/run/lwresd.pid</filename></term>
+ <listitem>
+ <para>
+ The default process-id file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>resolver</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
new file mode 100644
index 0000000..65f65e3
--- /dev/null
+++ b/bin/named/lwresd.html
@@ -0,0 +1,225 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: lwresd.html,v 1.25 2008/11/07 01:11:19 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>lwresd</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2476275"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543464"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">lwresd</strong></span>
+ is the daemon providing name lookup
+ services to clients that use the BIND 9 lightweight resolver
+ library. It is essentially a stripped-down, caching-only name
+ server that answers queries using the BIND 9 lightweight
+ resolver protocol rather than the DNS protocol.
+ </p>
+<p><span><strong class="command">lwresd</strong></span>
+ listens for resolver queries on a
+ UDP port on the IPv4 loopback interface, 127.0.0.1. This
+ means that <span><strong class="command">lwresd</strong></span> can only be used by
+ processes running on the local machine. By default UDP port
+ number 921 is used for lightweight resolver requests and
+ responses.
+ </p>
+<p>
+ Incoming lightweight resolver requests are decoded by the
+ server which then resolves them using the DNS protocol. When
+ the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes
+ the answers in the lightweight resolver format and returns
+ them to the client that made the request.
+ </p>
+<p>
+ If <code class="filename">/etc/resolv.conf</code> contains any
+ <code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span>
+ sends recursive DNS queries to those servers. This is similar
+ to the use of forwarders in a caching name server. If no
+ <code class="option">nameserver</code> entries are present, or if
+ forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the
+ queries autonomously starting at the root name servers, using
+ a built-in list of root server hints.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543511"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-4</span></dt>
+<dd><p>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-6</span></dt>
+<dd><p>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/lwresd.conf</code>.
+
+ <code class="option">-c</code> can not be used with <code class="option">-C</code>.
+ </p></dd>
+<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/resolv.conf</code>.
+ <code class="option">-C</code> can not be used with <code class="option">-c</code>.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
+<dd><p>
+ Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
+ Debugging traces from <span><strong class="command">lwresd</strong></span> become
+ more verbose as the debug level increases.
+ </p></dd>
+<dt><span class="term">-f</span></dt>
+<dd><p>
+ Run the server in the foreground (i.e. do not daemonize).
+ </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+ Run the server in the foreground and force all logging
+ to <code class="filename">stderr</code>.
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>pid-file</code></em> as the
+ PID file instead of the default,
+ <code class="filename">/var/run/lwresd/lwresd.pid</code>.
+ </p></dd>
+<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Turn on memory usage debugging flags. Possible flags are
+ <em class="replaceable"><code>usage</code></em>,
+ <em class="replaceable"><code>trace</code></em>,
+ <em class="replaceable"><code>record</code></em>,
+ <em class="replaceable"><code>size</code></em>, and
+ <em class="replaceable"><code>mctx</code></em>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <code class="filename">&lt;isc/mem.h&gt;</code>.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
+<dd><p>
+ Create <em class="replaceable"><code>#cpus</code></em> worker threads
+ to take advantage of multiple CPUs. If not specified,
+ <span><strong class="command">lwresd</strong></span> will try to determine the
+ number of CPUs present and create one thread per CPU.
+ If it is unable to determine the number of CPUs, a
+ single worker thread will be created.
+ </p></dd>
+<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Listen for lightweight resolver queries on port
+ <em class="replaceable"><code>port</code></em>. If
+ not specified, the default is port 921.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
+ specified, the default is port 53. This provides a
+ way of testing the lightweight resolver daemon with a
+ name server that listens for queries on a non-standard
+ port number.
+ </p></dd>
+<dt><span class="term">-s</span></dt>
+<dd>
+<p>
+ Write memory usage statistics to <code class="filename">stdout</code>
+ on exit.
+ </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+ This option is mainly of interest to BIND 9 developers
+ and may be removed or changed in a future release.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+<p>Chroot
+ to <em class="replaceable"><code>directory</code></em> after
+ processing the command line arguments, but before
+ reading the configuration file.
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option should be used in conjunction with the
+ <code class="option">-u</code> option, as chrooting a process
+ running as root doesn't enhance security on most
+ systems; the way <code class="function">chroot(2)</code> is
+ defined allows a process with root privileges to
+ escape a chroot jail.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd><p>Setuid
+ to <em class="replaceable"><code>user</code></em> after completing
+ privileged operations, such as creating sockets that
+ listen on privileged ports.
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Report the version number and exit.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543928"></a><h2>FILES</h2>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
+<dd><p>
+ The default configuration file.
+ </p></dd>
+<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
+<dd><p>
+ The default process-id file.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543968"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
+ <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544002"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/named/lwsearch.c b/bin/named/lwsearch.c
new file mode 100644
index 0000000..6754c98
--- /dev/null
+++ b/bin/named/lwsearch.c
@@ -0,0 +1,206 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwsearch.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/magic.h>
+#include <isc/mem.h>
+#include <isc/mutex.h>
+#include <isc/result.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/name.h>
+#include <dns/types.h>
+
+#include <named/lwsearch.h>
+#include <named/types.h>
+
+#define LWSEARCHLIST_MAGIC ISC_MAGIC('L', 'W', 'S', 'L')
+#define VALID_LWSEARCHLIST(l) ISC_MAGIC_VALID(l, LWSEARCHLIST_MAGIC)
+
+isc_result_t
+ns_lwsearchlist_create(isc_mem_t *mctx, ns_lwsearchlist_t **listp) {
+ ns_lwsearchlist_t *list;
+ isc_result_t result;
+
+ REQUIRE(mctx != NULL);
+ REQUIRE(listp != NULL && *listp == NULL);
+
+ list = isc_mem_get(mctx, sizeof(ns_lwsearchlist_t));
+ if (list == NULL)
+ return (ISC_R_NOMEMORY);
+
+ result = isc_mutex_init(&list->lock);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(mctx, list, sizeof(ns_lwsearchlist_t));
+ return (result);
+ }
+ list->mctx = NULL;
+ isc_mem_attach(mctx, &list->mctx);
+ list->refs = 1;
+ ISC_LIST_INIT(list->names);
+ list->magic = LWSEARCHLIST_MAGIC;
+
+ *listp = list;
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_lwsearchlist_attach(ns_lwsearchlist_t *source, ns_lwsearchlist_t **target) {
+ REQUIRE(VALID_LWSEARCHLIST(source));
+ REQUIRE(target != NULL && *target == NULL);
+
+ LOCK(&source->lock);
+ INSIST(source->refs > 0);
+ source->refs++;
+ INSIST(source->refs != 0);
+ UNLOCK(&source->lock);
+
+ *target = source;
+}
+
+void
+ns_lwsearchlist_detach(ns_lwsearchlist_t **listp) {
+ ns_lwsearchlist_t *list;
+ isc_mem_t *mctx;
+
+ REQUIRE(listp != NULL);
+ list = *listp;
+ REQUIRE(VALID_LWSEARCHLIST(list));
+
+ LOCK(&list->lock);
+ INSIST(list->refs > 0);
+ list->refs--;
+ UNLOCK(&list->lock);
+
+ *listp = NULL;
+ if (list->refs != 0)
+ return;
+
+ mctx = list->mctx;
+ while (!ISC_LIST_EMPTY(list->names)) {
+ dns_name_t *name = ISC_LIST_HEAD(list->names);
+ ISC_LIST_UNLINK(list->names, name, link);
+ dns_name_free(name, list->mctx);
+ isc_mem_put(list->mctx, name, sizeof(dns_name_t));
+ }
+ list->magic = 0;
+ isc_mem_put(mctx, list, sizeof(ns_lwsearchlist_t));
+ isc_mem_detach(&mctx);
+}
+
+isc_result_t
+ns_lwsearchlist_append(ns_lwsearchlist_t *list, dns_name_t *name) {
+ dns_name_t *newname;
+ isc_result_t result;
+
+ REQUIRE(VALID_LWSEARCHLIST(list));
+ REQUIRE(name != NULL);
+
+ newname = isc_mem_get(list->mctx, sizeof(dns_name_t));
+ if (newname == NULL)
+ return (ISC_R_NOMEMORY);
+ dns_name_init(newname, NULL);
+ result = dns_name_dup(name, list->mctx, newname);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(list->mctx, newname, sizeof(dns_name_t));
+ return (result);
+ }
+ ISC_LINK_INIT(newname, link);
+ ISC_LIST_APPEND(list->names, newname, link);
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_lwsearchctx_init(ns_lwsearchctx_t *sctx, ns_lwsearchlist_t *list,
+ dns_name_t *name, unsigned int ndots)
+{
+ INSIST(sctx != NULL);
+ sctx->relname = name;
+ sctx->searchname = NULL;
+ sctx->doneexact = ISC_FALSE;
+ sctx->exactfirst = ISC_FALSE;
+ sctx->ndots = ndots;
+ if (dns_name_isabsolute(name) || list == NULL) {
+ sctx->list = NULL;
+ return;
+ }
+ sctx->list = list;
+ sctx->searchname = ISC_LIST_HEAD(sctx->list->names);
+ if (dns_name_countlabels(name) > ndots)
+ sctx->exactfirst = ISC_TRUE;
+}
+
+void
+ns_lwsearchctx_first(ns_lwsearchctx_t *sctx) {
+ REQUIRE(sctx != NULL);
+ UNUSED(sctx);
+}
+
+isc_result_t
+ns_lwsearchctx_next(ns_lwsearchctx_t *sctx) {
+ REQUIRE(sctx != NULL);
+
+ if (sctx->list == NULL)
+ return (ISC_R_NOMORE);
+
+ if (sctx->searchname == NULL) {
+ INSIST (!sctx->exactfirst || sctx->doneexact);
+ if (sctx->exactfirst || sctx->doneexact)
+ return (ISC_R_NOMORE);
+ sctx->doneexact = ISC_TRUE;
+ } else {
+ if (sctx->exactfirst && !sctx->doneexact)
+ sctx->doneexact = ISC_TRUE;
+ else {
+ sctx->searchname = ISC_LIST_NEXT(sctx->searchname,
+ link);
+ if (sctx->searchname == NULL && sctx->doneexact)
+ return (ISC_R_NOMORE);
+ }
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_lwsearchctx_current(ns_lwsearchctx_t *sctx, dns_name_t *absname) {
+ dns_name_t *tname;
+ isc_boolean_t useexact = ISC_FALSE;
+
+ REQUIRE(sctx != NULL);
+
+ if (sctx->list == NULL ||
+ sctx->searchname == NULL ||
+ (sctx->exactfirst && !sctx->doneexact))
+ useexact = ISC_TRUE;
+
+ if (useexact) {
+ if (dns_name_isabsolute(sctx->relname))
+ tname = NULL;
+ else
+ tname = dns_rootname;
+ } else
+ tname = sctx->searchname;
+
+ return (dns_name_concatenate(sctx->relname, tname, absname, NULL));
+}
diff --git a/bin/named/main.c b/bin/named/main.c
new file mode 100644
index 0000000..aa6575a
--- /dev/null
+++ b/bin/named/main.c
@@ -0,0 +1,991 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: main.c,v 1.166 2008/10/24 01:24:54 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/dir.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/hash.h>
+#include <isc/os.h>
+#include <isc/platform.h>
+#include <isc/print.h>
+#include <isc/resource.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <isccc/result.h>
+
+#include <dns/dispatch.h>
+#include <dns/name.h>
+#include <dns/result.h>
+#include <dns/view.h>
+
+#include <dst/result.h>
+
+/*
+ * Defining NS_MAIN provides storage declarations (rather than extern)
+ * for variables in named/globals.h.
+ */
+#define NS_MAIN 1
+
+#include <named/builtin.h>
+#include <named/control.h>
+#include <named/globals.h> /* Explicit, though named/log.h includes it. */
+#include <named/interfacemgr.h>
+#include <named/log.h>
+#include <named/os.h>
+#include <named/server.h>
+#include <named/lwresd.h>
+#include <named/main.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
+
+/*
+ * Include header files for database drivers here.
+ */
+/* #include "xxdb.h" */
+
+/*
+ * Include DLZ drivers if appropriate.
+ */
+#ifdef DLZ
+#include <dlz/dlz_drivers.h>
+#endif
+
+static isc_boolean_t want_stats = ISC_FALSE;
+static char program_name[ISC_DIR_NAMEMAX] = "named";
+static char absolute_conffile[ISC_DIR_PATHMAX];
+static char saved_command_line[512];
+static char version[512];
+static unsigned int maxsocks = 0;
+
+void
+ns_main_earlywarning(const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ if (ns_g_lctx != NULL) {
+ isc_log_vwrite(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_WARNING,
+ format, args);
+ } else {
+ fprintf(stderr, "%s: ", program_name);
+ vfprintf(stderr, format, args);
+ fprintf(stderr, "\n");
+ fflush(stderr);
+ }
+ va_end(args);
+}
+
+void
+ns_main_earlyfatal(const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ if (ns_g_lctx != NULL) {
+ isc_log_vwrite(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ format, args);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ "exiting (due to early fatal error)");
+ } else {
+ fprintf(stderr, "%s: ", program_name);
+ vfprintf(stderr, format, args);
+ fprintf(stderr, "\n");
+ fflush(stderr);
+ }
+ va_end(args);
+
+ exit(1);
+}
+
+static void
+assertion_failed(const char *file, int line, isc_assertiontype_t type,
+ const char *cond)
+{
+ /*
+ * Handle assertion failures.
+ */
+
+ if (ns_g_lctx != NULL) {
+ /*
+ * Reset the assetion callback in case it is the log
+ * routines causing the assertion.
+ */
+ isc_assertion_setcallback(NULL);
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ "%s:%d: %s(%s) failed", file, line,
+ isc_assertion_typetotext(type), cond);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ "exiting (due to assertion failure)");
+ } else {
+ fprintf(stderr, "%s:%d: %s(%s) failed\n",
+ file, line, isc_assertion_typetotext(type), cond);
+ fflush(stderr);
+ }
+
+ if (ns_g_coreok)
+ abort();
+ exit(1);
+}
+
+static void
+library_fatal_error(const char *file, int line, const char *format,
+ va_list args) ISC_FORMAT_PRINTF(3, 0);
+
+static void
+library_fatal_error(const char *file, int line, const char *format,
+ va_list args)
+{
+ /*
+ * Handle isc_error_fatal() calls from our libraries.
+ */
+
+ if (ns_g_lctx != NULL) {
+ /*
+ * Reset the error callback in case it is the log
+ * routines causing the assertion.
+ */
+ isc_error_setfatal(NULL);
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ "%s:%d: fatal error:", file, line);
+ isc_log_vwrite(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ format, args);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_CRITICAL,
+ "exiting (due to fatal error in library)");
+ } else {
+ fprintf(stderr, "%s:%d: fatal error: ", file, line);
+ vfprintf(stderr, format, args);
+ fprintf(stderr, "\n");
+ fflush(stderr);
+ }
+
+ if (ns_g_coreok)
+ abort();
+ exit(1);
+}
+
+static void
+library_unexpected_error(const char *file, int line, const char *format,
+ va_list args) ISC_FORMAT_PRINTF(3, 0);
+
+static void
+library_unexpected_error(const char *file, int line, const char *format,
+ va_list args)
+{
+ /*
+ * Handle isc_error_unexpected() calls from our libraries.
+ */
+
+ if (ns_g_lctx != NULL) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_ERROR,
+ "%s:%d: unexpected error:", file, line);
+ isc_log_vwrite(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_ERROR,
+ format, args);
+ } else {
+ fprintf(stderr, "%s:%d: fatal error: ", file, line);
+ vfprintf(stderr, format, args);
+ fprintf(stderr, "\n");
+ fflush(stderr);
+ }
+}
+
+static void
+lwresd_usage(void) {
+ fprintf(stderr,
+ "usage: lwresd [-4|-6] [-c conffile | -C resolvconffile] "
+ "[-d debuglevel]\n"
+ " [-f|-g] [-n number_of_cpus] [-p port] "
+ "[-P listen-port] [-s]\n"
+ " [-t chrootdir] [-u username] [-i pidfile]\n"
+ " [-m {usage|trace|record|size|mctx}]\n");
+}
+
+static void
+usage(void) {
+ if (ns_g_lwresdonly) {
+ lwresd_usage();
+ return;
+ }
+ fprintf(stderr,
+ "usage: named [-4|-6] [-c conffile] [-d debuglevel] "
+ "[-f|-g] [-n number_of_cpus]\n"
+ " [-p port] [-s] [-t chrootdir] [-u username]\n"
+ " [-m {usage|trace|record|size|mctx}]\n");
+}
+
+static void
+save_command_line(int argc, char *argv[]) {
+ int i;
+ char *src;
+ char *dst;
+ char *eob;
+ const char truncated[] = "...";
+ isc_boolean_t quoted = ISC_FALSE;
+
+ dst = saved_command_line;
+ eob = saved_command_line + sizeof(saved_command_line);
+
+ for (i = 1; i < argc && dst < eob; i++) {
+ *dst++ = ' ';
+
+ src = argv[i];
+ while (*src != '\0' && dst < eob) {
+ /*
+ * This won't perfectly produce a shell-independent
+ * pastable command line in all circumstances, but
+ * comes close, and for practical purposes will
+ * nearly always be fine.
+ */
+ if (quoted || isalnum(*src & 0xff) ||
+ *src == '-' || *src == '_' ||
+ *src == '.' || *src == '/') {
+ *dst++ = *src++;
+ quoted = ISC_FALSE;
+ } else {
+ *dst++ = '\\';
+ quoted = ISC_TRUE;
+ }
+ }
+ }
+
+ INSIST(sizeof(saved_command_line) >= sizeof(truncated));
+
+ if (dst == eob)
+ strcpy(eob - sizeof(truncated), truncated);
+ else
+ *dst = '\0';
+}
+
+static int
+parse_int(char *arg, const char *desc) {
+ char *endp;
+ int tmp;
+ long int ltmp;
+
+ ltmp = strtol(arg, &endp, 10);
+ tmp = (int) ltmp;
+ if (*endp != '\0')
+ ns_main_earlyfatal("%s '%s' must be numeric", desc, arg);
+ if (tmp < 0 || tmp != ltmp)
+ ns_main_earlyfatal("%s '%s' out of range", desc, arg);
+ return (tmp);
+}
+
+static struct flag_def {
+ const char *name;
+ unsigned int value;
+} mem_debug_flags[] = {
+ { "trace", ISC_MEM_DEBUGTRACE },
+ { "record", ISC_MEM_DEBUGRECORD },
+ { "usage", ISC_MEM_DEBUGUSAGE },
+ { "size", ISC_MEM_DEBUGSIZE },
+ { "mctx", ISC_MEM_DEBUGCTX },
+ { NULL, 0 }
+};
+
+static void
+set_flags(const char *arg, struct flag_def *defs, unsigned int *ret) {
+ for (;;) {
+ const struct flag_def *def;
+ const char *end = strchr(arg, ',');
+ int arglen;
+ if (end == NULL)
+ end = arg + strlen(arg);
+ arglen = end - arg;
+ for (def = defs; def->name != NULL; def++) {
+ if (arglen == (int)strlen(def->name) &&
+ memcmp(arg, def->name, arglen) == 0) {
+ *ret |= def->value;
+ goto found;
+ }
+ }
+ ns_main_earlyfatal("unrecognized flag '%.*s'", arglen, arg);
+ found:
+ if (*end == '\0')
+ break;
+ arg = end + 1;
+ }
+}
+
+static void
+parse_command_line(int argc, char *argv[]) {
+ int ch;
+ int port;
+ isc_boolean_t disable6 = ISC_FALSE;
+ isc_boolean_t disable4 = ISC_FALSE;
+
+ save_command_line(argc, argv);
+
+ isc_commandline_errprint = ISC_FALSE;
+ while ((ch = isc_commandline_parse(argc, argv,
+ "46c:C:d:fgi:lm:n:N:p:P:"
+ "sS:t:T:u:vVx:")) != -1) {
+ switch (ch) {
+ case '4':
+ if (disable4)
+ ns_main_earlyfatal("cannot specify -4 and -6");
+ if (isc_net_probeipv4() != ISC_R_SUCCESS)
+ ns_main_earlyfatal("IPv4 not supported by OS");
+ isc_net_disableipv6();
+ disable6 = ISC_TRUE;
+ break;
+ case '6':
+ if (disable6)
+ ns_main_earlyfatal("cannot specify -4 and -6");
+ if (isc_net_probeipv6() != ISC_R_SUCCESS)
+ ns_main_earlyfatal("IPv6 not supported by OS");
+ isc_net_disableipv4();
+ disable4 = ISC_TRUE;
+ break;
+ case 'c':
+ ns_g_conffile = isc_commandline_argument;
+ lwresd_g_conffile = isc_commandline_argument;
+ if (lwresd_g_useresolvconf)
+ ns_main_earlyfatal("cannot specify -c and -C");
+ ns_g_conffileset = ISC_TRUE;
+ break;
+ case 'C':
+ lwresd_g_resolvconffile = isc_commandline_argument;
+ if (ns_g_conffileset)
+ ns_main_earlyfatal("cannot specify -c and -C");
+ lwresd_g_useresolvconf = ISC_TRUE;
+ break;
+ case 'd':
+ ns_g_debuglevel = parse_int(isc_commandline_argument,
+ "debug level");
+ break;
+ case 'f':
+ ns_g_foreground = ISC_TRUE;
+ break;
+ case 'g':
+ ns_g_foreground = ISC_TRUE;
+ ns_g_logstderr = ISC_TRUE;
+ break;
+ /* XXXBEW -i should be removed */
+ case 'i':
+ lwresd_g_defaultpidfile = isc_commandline_argument;
+ break;
+ case 'l':
+ ns_g_lwresdonly = ISC_TRUE;
+ break;
+ case 'm':
+ set_flags(isc_commandline_argument, mem_debug_flags,
+ &isc_mem_debugging);
+ break;
+ case 'N': /* Deprecated. */
+ case 'n':
+ ns_g_cpus = parse_int(isc_commandline_argument,
+ "number of cpus");
+ if (ns_g_cpus == 0)
+ ns_g_cpus = 1;
+ break;
+ case 'p':
+ port = parse_int(isc_commandline_argument, "port");
+ if (port < 1 || port > 65535)
+ ns_main_earlyfatal("port '%s' out of range",
+ isc_commandline_argument);
+ ns_g_port = port;
+ break;
+ /* XXXBEW Should -P be removed? */
+ case 'P':
+ port = parse_int(isc_commandline_argument, "port");
+ if (port < 1 || port > 65535)
+ ns_main_earlyfatal("port '%s' out of range",
+ isc_commandline_argument);
+ lwresd_g_listenport = port;
+ break;
+ case 's':
+ /* XXXRTH temporary syntax */
+ want_stats = ISC_TRUE;
+ break;
+ case 'S':
+ maxsocks = parse_int(isc_commandline_argument,
+ "max number of sockets");
+ break;
+ case 't':
+ /* XXXJAB should we make a copy? */
+ ns_g_chrootdir = isc_commandline_argument;
+ break;
+ case 'T':
+ /*
+ * clienttest: make clients single shot with their
+ * own memory context.
+ */
+ if (strcmp(isc_commandline_argument, "clienttest") == 0)
+ ns_g_clienttest = ISC_TRUE;
+ else
+ fprintf(stderr, "unknown -T flag '%s\n",
+ isc_commandline_argument);
+ break;
+ case 'u':
+ ns_g_username = isc_commandline_argument;
+ break;
+ case 'v':
+ printf("BIND %s\n", ns_g_version);
+ exit(0);
+ case 'V':
+ printf("BIND %s built with %s\n", ns_g_version,
+ ns_g_configargs);
+ exit(0);
+ case '?':
+ usage();
+ if (isc_commandline_option == '?')
+ exit(0);
+ ns_main_earlyfatal("unknown option '-%c'",
+ isc_commandline_option);
+ default:
+ ns_main_earlyfatal("parsing options returned %d", ch);
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 0) {
+ usage();
+ ns_main_earlyfatal("extra command line arguments");
+ }
+}
+
+static isc_result_t
+create_managers(void) {
+ isc_result_t result;
+ unsigned int socks;
+
+#ifdef ISC_PLATFORM_USETHREADS
+ if (ns_g_cpus == 0)
+ ns_g_cpus = ns_g_cpus_detected;
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s",
+ ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s",
+ ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
+#else
+ ns_g_cpus = 1;
+#endif
+ result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_taskmgr_create() failed: %s",
+ isc_result_totext(result));
+ return (ISC_R_UNEXPECTED);
+ }
+
+ result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_timermgr_create() failed: %s",
+ isc_result_totext(result));
+ return (ISC_R_UNEXPECTED);
+ }
+
+ result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_socketmgr_create() failed: %s",
+ isc_result_totext(result));
+ return (ISC_R_UNEXPECTED);
+ }
+ result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
+ if (result == ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "using up to %u sockets", socks);
+ }
+
+ result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_entropy_create() failed: %s",
+ isc_result_totext(result));
+ return (ISC_R_UNEXPECTED);
+ }
+
+ result = isc_hash_create(ns_g_mctx, ns_g_entropy, DNS_NAME_MAXWIRE);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_hash_create() failed: %s",
+ isc_result_totext(result));
+ return (ISC_R_UNEXPECTED);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+destroy_managers(void) {
+ ns_lwresd_shutdown();
+
+ isc_entropy_detach(&ns_g_entropy);
+ if (ns_g_fallbackentropy != NULL)
+ isc_entropy_detach(&ns_g_fallbackentropy);
+
+ /*
+ * isc_taskmgr_destroy() will block until all tasks have exited,
+ */
+ isc_taskmgr_destroy(&ns_g_taskmgr);
+ isc_timermgr_destroy(&ns_g_timermgr);
+ isc_socketmgr_destroy(&ns_g_socketmgr);
+
+ /*
+ * isc_hash_destroy() cannot be called as long as a resolver may be
+ * running. Calling this after isc_taskmgr_destroy() ensures the
+ * call is safe.
+ */
+ isc_hash_destroy();
+}
+
+static void
+setup(void) {
+ isc_result_t result;
+ isc_resourcevalue_t old_openfiles;
+#ifdef HAVE_LIBSCF
+ char *instance = NULL;
+#endif
+
+ /*
+ * Get the user and group information before changing the root
+ * directory, so the administrator does not need to keep a copy
+ * of the user and group databases in the chroot'ed environment.
+ */
+ ns_os_inituserinfo(ns_g_username);
+
+ /*
+ * Initialize time conversion information
+ */
+ ns_os_tzset();
+
+ ns_os_opendevnull();
+
+#ifdef HAVE_LIBSCF
+ /* Check if named is under smf control, before chroot. */
+ result = ns_smf_get_instance(&instance, 0, ns_g_mctx);
+ /* We don't care about instance, just check if we got one. */
+ if (result == ISC_R_SUCCESS)
+ ns_smf_got_instance = 1;
+ else
+ ns_smf_got_instance = 0;
+ if (instance != NULL)
+ isc_mem_free(ns_g_mctx, instance);
+#endif /* HAVE_LIBSCF */
+
+#ifdef PATH_RANDOMDEV
+ /*
+ * Initialize system's random device as fallback entropy source
+ * if running chroot'ed.
+ */
+ if (ns_g_chrootdir != NULL) {
+ result = isc_entropy_create(ns_g_mctx, &ns_g_fallbackentropy);
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("isc_entropy_create() failed: %s",
+ isc_result_totext(result));
+
+ result = isc_entropy_createfilesource(ns_g_fallbackentropy,
+ PATH_RANDOMDEV);
+ if (result != ISC_R_SUCCESS) {
+ ns_main_earlywarning("could not open pre-chroot "
+ "entropy source %s: %s",
+ PATH_RANDOMDEV,
+ isc_result_totext(result));
+ isc_entropy_detach(&ns_g_fallbackentropy);
+ }
+ }
+#endif
+
+#ifdef ISC_PLATFORM_USETHREADS
+ /*
+ * Check for the number of cpu's before ns_os_chroot().
+ */
+ ns_g_cpus_detected = isc_os_ncpus();
+#endif
+
+ ns_os_chroot(ns_g_chrootdir);
+
+ /*
+ * For operating systems which have a capability mechanism, now
+ * is the time to switch to minimal privs and change our user id.
+ * On traditional UNIX systems, this call will be a no-op, and we
+ * will change the user ID after reading the config file the first
+ * time. (We need to read the config file to know which possibly
+ * privileged ports to bind() to.)
+ */
+ ns_os_minprivs();
+
+ result = ns_log_init(ISC_TF(ns_g_username != NULL));
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("ns_log_init() failed: %s",
+ isc_result_totext(result));
+
+ /*
+ * Now is the time to daemonize (if we're not running in the
+ * foreground). We waited until now because we wanted to get
+ * a valid logging context setup. We cannot daemonize any later,
+ * because calling create_managers() will create threads, which
+ * would be lost after fork().
+ */
+ if (!ns_g_foreground)
+ ns_os_daemonize();
+
+ /*
+ * We call isc_app_start() here as some versions of FreeBSD's fork()
+ * destroys all the signal handling it sets up.
+ */
+ result = isc_app_start();
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("isc_app_start() failed: %s",
+ isc_result_totext(result));
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
+ ISC_LOG_NOTICE, "starting BIND %s%s", ns_g_version,
+ saved_command_line);
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
+ ISC_LOG_NOTICE, "built with %s", ns_g_configargs);
+
+ /*
+ * Get the initial resource limits.
+ */
+ (void)isc_resource_getlimit(isc_resource_stacksize,
+ &ns_g_initstacksize);
+ (void)isc_resource_getlimit(isc_resource_datasize,
+ &ns_g_initdatasize);
+ (void)isc_resource_getlimit(isc_resource_coresize,
+ &ns_g_initcoresize);
+ (void)isc_resource_getlimit(isc_resource_openfiles,
+ &ns_g_initopenfiles);
+
+ /*
+ * System resources cannot effectively be tuned on some systems.
+ * Raise the limit in such cases for safety.
+ */
+ old_openfiles = ns_g_initopenfiles;
+ ns_os_adjustnofile();
+ (void)isc_resource_getlimit(isc_resource_openfiles,
+ &ns_g_initopenfiles);
+ if (old_openfiles != ns_g_initopenfiles) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+ "adjusted limit on open files from "
+ "%" ISC_PRINT_QUADFORMAT "u to "
+ "%" ISC_PRINT_QUADFORMAT "u",
+ old_openfiles, ns_g_initopenfiles);
+ }
+
+ /*
+ * If the named configuration filename is relative, prepend the current
+ * directory's name before possibly changing to another directory.
+ */
+ if (! isc_file_isabsolute(ns_g_conffile)) {
+ result = isc_file_absolutepath(ns_g_conffile,
+ absolute_conffile,
+ sizeof(absolute_conffile));
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("could not construct absolute path of "
+ "configuration file: %s",
+ isc_result_totext(result));
+ ns_g_conffile = absolute_conffile;
+ }
+
+ /*
+ * Record the server's startup time.
+ */
+ result = isc_time_now(&ns_g_boottime);
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("isc_time_now() failed: %s",
+ isc_result_totext(result));
+
+ result = create_managers();
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("create_managers() failed: %s",
+ isc_result_totext(result));
+
+ ns_builtin_init();
+
+ /*
+ * Add calls to register sdb drivers here.
+ */
+ /* xxdb_init(); */
+
+#ifdef DLZ
+ /*
+ * Registyer any DLZ drivers.
+ */
+ result = dlz_drivers_init();
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("dlz_drivers_init() failed: %s",
+ isc_result_totext(result));
+#endif
+
+ ns_server_create(ns_g_mctx, &ns_g_server);
+}
+
+static void
+cleanup(void) {
+ destroy_managers();
+
+ ns_server_destroy(&ns_g_server);
+
+ ns_builtin_deinit();
+
+ /*
+ * Add calls to unregister sdb drivers here.
+ */
+ /* xxdb_clear(); */
+
+#ifdef DLZ
+ /*
+ * Unregister any DLZ drivers.
+ */
+ dlz_drivers_clear();
+#endif
+
+ dns_name_destroy();
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
+ ISC_LOG_NOTICE, "exiting");
+ ns_log_shutdown();
+}
+
+static char *memstats = NULL;
+
+void
+ns_main_setmemstats(const char *filename) {
+ /*
+ * Caller has to ensure locking.
+ */
+
+ if (memstats != NULL) {
+ free(memstats);
+ memstats = NULL;
+ }
+ if (filename == NULL)
+ return;
+ memstats = malloc(strlen(filename) + 1);
+ if (memstats)
+ strcpy(memstats, filename);
+}
+
+#ifdef HAVE_LIBSCF
+/*
+ * Get FMRI for the named process.
+ */
+isc_result_t
+ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) {
+ scf_handle_t *h = NULL;
+ int namelen;
+ char *instance;
+
+ REQUIRE(ins_name != NULL && *ins_name == NULL);
+
+ if ((h = scf_handle_create(SCF_VERSION)) == NULL) {
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_handle_create() failed: %s",
+ scf_strerror(scf_error()));
+ return (ISC_R_FAILURE);
+ }
+
+ if (scf_handle_bind(h) == -1) {
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_handle_bind() failed: %s",
+ scf_strerror(scf_error()));
+ scf_handle_destroy(h);
+ return (ISC_R_FAILURE);
+ }
+
+ if ((namelen = scf_myname(h, NULL, 0)) == -1) {
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_myname() failed: %s",
+ scf_strerror(scf_error()));
+ scf_handle_destroy(h);
+ return (ISC_R_FAILURE);
+ }
+
+ if ((instance = isc_mem_allocate(mctx, namelen + 1)) == NULL) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "ns_smf_get_instance memory "
+ "allocation failed: %s",
+ isc_result_totext(ISC_R_NOMEMORY));
+ scf_handle_destroy(h);
+ return (ISC_R_FAILURE);
+ }
+
+ if (scf_myname(h, instance, namelen + 1) == -1) {
+ if (debug)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "scf_myname() failed: %s",
+ scf_strerror(scf_error()));
+ scf_handle_destroy(h);
+ isc_mem_free(mctx, instance);
+ return (ISC_R_FAILURE);
+ }
+
+ scf_handle_destroy(h);
+ *ins_name = instance;
+ return (ISC_R_SUCCESS);
+}
+#endif /* HAVE_LIBSCF */
+
+int
+main(int argc, char *argv[]) {
+ isc_result_t result;
+#ifdef HAVE_LIBSCF
+ char *instance = NULL;
+#endif
+
+ /*
+ * Record version in core image.
+ * strings named.core | grep "named version:"
+ */
+ strlcat(version,
+#ifdef __DATE__
+ "named version: BIND " VERSION " (" __DATE__ ")",
+#else
+ "named version: BIND " VERSION,
+#endif
+ sizeof(version));
+ result = isc_file_progname(*argv, program_name, sizeof(program_name));
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("program name too long");
+
+ if (strcmp(program_name, "lwresd") == 0)
+ ns_g_lwresdonly = ISC_TRUE;
+
+ isc_assertion_setcallback(assertion_failed);
+ isc_error_setfatal(library_fatal_error);
+ isc_error_setunexpected(library_unexpected_error);
+
+ ns_os_init(program_name);
+
+ dns_result_register();
+ dst_result_register();
+ isccc_result_register();
+
+ parse_command_line(argc, argv);
+
+ /*
+ * Warn about common configuration error.
+ */
+ if (ns_g_chrootdir != NULL) {
+ int len = strlen(ns_g_chrootdir);
+ if (strncmp(ns_g_chrootdir, ns_g_conffile, len) == 0 &&
+ (ns_g_conffile[len] == '/' || ns_g_conffile[len] == '\\'))
+ ns_main_earlywarning("config filename (-c %s) contains "
+ "chroot path (-t %s)",
+ ns_g_conffile, ns_g_chrootdir);
+ }
+
+ result = isc_mem_create(0, 0, &ns_g_mctx);
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("isc_mem_create() failed: %s",
+ isc_result_totext(result));
+ isc_mem_setname(ns_g_mctx, "main", NULL);
+
+ setup();
+
+ /*
+ * Start things running and then wait for a shutdown request
+ * or reload.
+ */
+ do {
+ result = isc_app_run();
+
+ if (result == ISC_R_RELOAD) {
+ ns_server_reloadwanted(ns_g_server);
+ } else if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_app_run(): %s",
+ isc_result_totext(result));
+ /*
+ * Force exit.
+ */
+ result = ISC_R_SUCCESS;
+ }
+ } while (result != ISC_R_SUCCESS);
+
+#ifdef HAVE_LIBSCF
+ if (ns_smf_want_disable == 1) {
+ result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
+ if (result == ISC_R_SUCCESS && instance != NULL) {
+ if (smf_disable_instance(instance, 0) != 0)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "smf_disable_instance() "
+ "failed for %s : %s",
+ instance,
+ scf_strerror(scf_error()));
+ }
+ if (instance != NULL)
+ isc_mem_free(ns_g_mctx, instance);
+ }
+#endif /* HAVE_LIBSCF */
+
+ cleanup();
+
+ if (want_stats) {
+ isc_mem_stats(ns_g_mctx, stdout);
+ isc_mutex_stats(stdout);
+ }
+
+ if (ns_g_memstatistics && memstats != NULL) {
+ FILE *fp = NULL;
+ result = isc_stdio_open(memstats, "w", &fp);
+ if (result == ISC_R_SUCCESS) {
+ isc_mem_stats(ns_g_mctx, fp);
+ isc_mutex_stats(fp);
+ isc_stdio_close(fp);
+ }
+ }
+ isc_mem_destroy(&ns_g_mctx);
+ isc_mem_checkdestroyed(stderr);
+
+ ns_main_setmemstats(NULL);
+
+ isc_app_finish();
+
+ ns_os_closedevnull();
+
+ ns_os_shutdown();
+
+ return (0);
+}
diff --git a/bin/named/named.8 b/bin/named/named.8
new file mode 100644
index 0000000..3408403
--- /dev/null
+++ b/bin/named/named.8
@@ -0,0 +1,256 @@
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named.8,v 1.38 2008/11/07 01:11:19 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: named
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named \- Internet domain name server
+.SH "SYNOPSIS"
+.HP 6
+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
+.SH "DESCRIPTION"
+.PP
+\fBnamed\fR
+is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035.
+.PP
+When invoked without arguments,
+\fBnamed\fR
+will read the default configuration file
+\fI/etc/named.conf\fR, read any initial data, and listen for queries.
+.SH "OPTIONS"
+.PP
+\-4
+.RS 4
+Use IPv4 only even if the host machine is capable of IPv6.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.RE
+.PP
+\-6
+.RS 4
+Use IPv6 only even if the host machine is capable of IPv4.
+\fB\-4\fR
+and
+\fB\-6\fR
+are mutually exclusive.
+.RE
+.PP
+\-c \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+\fBdirectory\fR
+option in the configuration file,
+\fIconfig\-file\fR
+should be an absolute pathname.
+.RE
+.PP
+\-d \fIdebug\-level\fR
+.RS 4
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBnamed\fR
+become more verbose as the debug level increases.
+.RE
+.PP
+\-f
+.RS 4
+Run the server in the foreground (i.e. do not daemonize).
+.RE
+.PP
+\-g
+.RS 4
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
+.RE
+.PP
+\-m \fIflag\fR
+.RS 4
+Turn on memory usage debugging flags. Possible flags are
+\fIusage\fR,
+\fItrace\fR,
+\fIrecord\fR,
+\fIsize\fR, and
+\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
+\fI<isc/mem.h>\fR.
+.RE
+.PP
+\-n \fI#cpus\fR
+.RS 4
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBnamed\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
+.RE
+.PP
+\-p \fIport\fR
+.RS 4
+Listen for queries on port
+\fIport\fR. If not specified, the default is port 53.
+.RE
+.PP
+\-s
+.RS 4
+Write memory usage statistics to
+\fIstdout\fR
+on exit.
+.RS
+.B "Note:"
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
+.RE
+.RE
+.PP
+\-S \fI#max\-socks\fR
+.RS 4
+Allow
+\fBnamed\fR
+to use up to
+\fI#max\-socks\fR
+sockets.
+.RS
+.B "Warning:"
+This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because
+\fBnamed\fR
+reserves some file descriptors for its internal use.
+.RE
+.RE
+.PP
+\-t \fIdirectory\fR
+.RS 4
+Chroot to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
+.RS
+.B "Warning:"
+This option should be used in conjunction with the
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot(2)\fR
+is defined allows a process with root privileges to escape a chroot jail.
+.RE
+.RE
+.PP
+\-u \fIuser\fR
+.RS 4
+Setuid to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
+.RS
+.B "Note:"
+On Linux,
+\fBnamed\fR
+uses the kernel's capability mechanism to drop all root privileges except the ability to
+\fBbind(2)\fR
+to a privileged port and set process resource limits. Unfortunately, this means that the
+\fB\-u\fR
+option only works when
+\fBnamed\fR
+is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
+\fBsetuid(2)\fR.
+.RE
+.RE
+.PP
+\-v
+.RS 4
+Report the version number and exit.
+.RE
+.PP
+\-V
+.RS 4
+Report the version number and build options, and exit.
+.RE
+.PP
+\-x \fIcache\-file\fR
+.RS 4
+Load data from
+\fIcache\-file\fR
+into the cache of the default view.
+.RS
+.B "Warning:"
+This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
+.RE
+.RE
+.SH "SIGNALS"
+.PP
+In routine operation, signals should not be used to control the nameserver;
+\fBrndc\fR
+should be used instead.
+.PP
+SIGHUP
+.RS 4
+Force a reload of the server.
+.RE
+.PP
+SIGINT, SIGTERM
+.RS 4
+Shut down the server.
+.RE
+.PP
+The result of sending any other signals to the server is undefined.
+.SH "CONFIGURATION"
+.PP
+The
+\fBnamed\fR
+configuration file is too complex to describe in detail here. A complete description is provided in the
+BIND 9 Administrator Reference Manual.
+.SH "FILES"
+.PP
+\fI/etc/named.conf\fR
+.RS 4
+The default configuration file.
+.RE
+.PP
+\fI/var/run/named/named.pid\fR
+.RS 4
+The default process\-id file.
+.RE
+.SH "SEE ALSO"
+.PP
+RFC 1033,
+RFC 1034,
+RFC 1035,
+\fBnamed\-checkconf\fR(8),
+\fBnamed\-checkzone\fR(8),
+\fBrndc\fR(8),
+\fBlwresd\fR(8),
+\fBnamed.conf\fR(5),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
new file mode 100644
index 0000000..039c795
--- /dev/null
+++ b/bin/named/named.conf.5
@@ -0,0 +1,548 @@
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named.conf.5,v 1.36 2008/09/25 04:45:04 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: \fInamed.conf\fR
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Aug 13, 2004
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named.conf \- configuration file for named
+.SH "SYNOPSIS"
+.HP 11
+\fBnamed.conf\fR
+.SH "DESCRIPTION"
+.PP
+\fInamed.conf\fR
+is the configuration file for
+\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
+.PP
+C style: /* */
+.PP
+C++ style: // to end of line
+.PP
+Unix style: # to end of line
+.SH "ACL"
+.sp
+.RS 4
+.nf
+acl \fIstring\fR { \fIaddress_match_element\fR; ... };
+.fi
+.RE
+.SH "KEY"
+.sp
+.RS 4
+.nf
+key \fIdomain_name\fR {
+ algorithm \fIstring\fR;
+ secret \fIstring\fR;
+};
+.fi
+.RE
+.SH "MASTERS"
+.sp
+.RS 4
+.nf
+masters \fIstring\fR [ port \fIinteger\fR ] {
+ ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
+ \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
+};
+.fi
+.RE
+.SH "SERVER"
+.sp
+.RS 4
+.nf
+server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
+ bogus \fIboolean\fR;
+ edns \fIboolean\fR;
+ edns\-udp\-size \fIinteger\fR;
+ max\-udp\-size \fIinteger\fR;
+ provide\-ixfr \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
+ keys \fIserver_key\fR;
+ transfers \fIinteger\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ support\-ixfr \fIboolean\fR; // obsolete
+};
+.fi
+.RE
+.SH "TRUSTED\-KEYS"
+.sp
+.RS 4
+.nf
+trusted\-keys {
+ \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
+};
+.fi
+.RE
+.SH "CONTROLS"
+.sp
+.RS 4
+.nf
+controls {
+ inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ]
+ allow { \fIaddress_match_element\fR; ... }
+ [ keys { \fIstring\fR; ... } ];
+ unix \fIunsupported\fR; // not implemented
+};
+.fi
+.RE
+.SH "LOGGING"
+.sp
+.RS 4
+.nf
+logging {
+ channel \fIstring\fR {
+ file \fIlog_file\fR;
+ syslog \fIoptional_facility\fR;
+ null;
+ stderr;
+ severity \fIlog_severity\fR;
+ print\-time \fIboolean\fR;
+ print\-severity \fIboolean\fR;
+ print\-category \fIboolean\fR;
+ };
+ category \fIstring\fR { \fIstring\fR; ... };
+};
+.fi
+.RE
+.SH "LWRES"
+.sp
+.RS 4
+.nf
+lwres {
+ listen\-on [ port \fIinteger\fR ] {
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ };
+ view \fIstring\fR \fIoptional_class\fR;
+ search { \fIstring\fR; ... };
+ ndots \fIinteger\fR;
+};
+.fi
+.RE
+.SH "OPTIONS"
+.sp
+.RS 4
+.nf
+options {
+ avoid\-v4\-udp\-ports { \fIport\fR; ... };
+ avoid\-v6\-udp\-ports { \fIport\fR; ... };
+ blackhole { \fIaddress_match_element\fR; ... };
+ coresize \fIsize\fR;
+ datasize \fIsize\fR;
+ directory \fIquoted_string\fR;
+ dump\-file \fIquoted_string\fR;
+ files \fIsize\fR;
+ heartbeat\-interval \fIinteger\fR;
+ host\-statistics \fIboolean\fR; // not implemented
+ host\-statistics\-max \fInumber\fR; // not implemented
+ hostname ( \fIquoted_string\fR | none );
+ interface\-interval \fIinteger\fR;
+ listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+ listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+ match\-mapped\-addresses \fIboolean\fR;
+ memstatistics\-file \fIquoted_string\fR;
+ pid\-file ( \fIquoted_string\fR | none );
+ port \fIinteger\fR;
+ querylog \fIboolean\fR;
+ recursing\-file \fIquoted_string\fR;
+ reserved\-sockets \fIinteger\fR;
+ random\-device \fIquoted_string\fR;
+ recursive\-clients \fIinteger\fR;
+ serial\-query\-rate \fIinteger\fR;
+ server\-id ( \fIquoted_string\fR | none |;
+ stacksize \fIsize\fR;
+ statistics\-file \fIquoted_string\fR;
+ statistics\-interval \fIinteger\fR; // not yet implemented
+ tcp\-clients \fIinteger\fR;
+ tcp\-listen\-queue \fIinteger\fR;
+ tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
+ tkey\-gssapi\-credential \fIquoted_string\fR;
+ tkey\-domain \fIquoted_string\fR;
+ transfers\-per\-ns \fIinteger\fR;
+ transfers\-in \fIinteger\fR;
+ transfers\-out \fIinteger\fR;
+ use\-ixfr \fIboolean\fR;
+ version ( \fIquoted_string\fR | none );
+ allow\-recursion { \fIaddress_match_element\fR; ... };
+ allow\-recursion\-on { \fIaddress_match_element\fR; ... };
+ sortlist { \fIaddress_match_element\fR; ... };
+ topology { \fIaddress_match_element\fR; ... }; // not implemented
+ auth\-nxdomain \fIboolean\fR; // default changed
+ minimal\-responses \fIboolean\fR;
+ recursion \fIboolean\fR;
+ rrset\-order {
+ [ class \fIstring\fR ] [ type \fIstring\fR ]
+ [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
+ };
+ provide\-ixfr \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
+ rfc2308\-type1 \fIboolean\fR; // not yet implemented
+ additional\-from\-auth \fIboolean\fR;
+ additional\-from\-cache \fIboolean\fR;
+ query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
+ query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
+ use\-queryport\-pool \fIboolean\fR;
+ queryport\-pool\-ports \fIinteger\fR;
+ queryport\-pool\-updateinterval \fIinteger\fR;
+ cleaning\-interval \fIinteger\fR;
+ min\-roots \fIinteger\fR; // not implemented
+ lame\-ttl \fIinteger\fR;
+ max\-ncache\-ttl \fIinteger\fR;
+ max\-cache\-ttl \fIinteger\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ max\-cache\-size \fIsize\fR;
+ max\-acache\-size \fIsize\fR;
+ clients\-per\-query \fInumber\fR;
+ max\-clients\-per\-query \fInumber\fR;
+ check\-names ( master | slave | response )
+ ( fail | warn | ignore );
+ check\-mx ( fail | warn | ignore );
+ check\-integrity \fIboolean\fR;
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ cache\-file \fIquoted_string\fR; // test option
+ suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+ preferred\-glue \fIstring\fR;
+ dual\-stack\-servers [ port \fIinteger\fR ] {
+ ( \fIquoted_string\fR [port \fIinteger\fR] |
+ \fIipv4_address\fR [port \fIinteger\fR] |
+ \fIipv6_address\fR [port \fIinteger\fR] ); ...
+ };
+ edns\-udp\-size \fIinteger\fR;
+ max\-udp\-size \fIinteger\fR;
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+ disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+ dnssec\-enable \fIboolean\fR;
+ dnssec\-validation \fIboolean\fR;
+ dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+ dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
+ dnssec\-accept\-expired \fIboolean\fR;
+ empty\-server \fIstring\fR;
+ empty\-contact \fIstring\fR;
+ empty\-zones\-enable \fIboolean\fR;
+ disable\-empty\-zone \fIstring\fR;
+ dialup \fIdialuptype\fR;
+ ixfr\-from\-differences \fIixfrdiff\fR;
+ allow\-query { \fIaddress_match_element\fR; ... };
+ allow\-query\-on { \fIaddress_match_element\fR; ... };
+ allow\-query\-cache { \fIaddress_match_element\fR; ... };
+ allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
+ allow\-transfer { \fIaddress_match_element\fR; ... };
+ allow\-update { \fIaddress_match_element\fR; ... };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ update\-check\-ksk \fIboolean\fR;
+ masterfile\-format ( text | raw );
+ notify \fInotifytype\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-delay \fIseconds\fR;
+ notify\-to\-soa \fIboolean\fR;
+ also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+ [ port \fIinteger\fR ]; ... };
+ allow\-notify { \fIaddress_match_element\fR; ... };
+ forward ( first | only );
+ forwarders [ port \fIinteger\fR ] {
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ };
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ min\-refresh\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ sig\-validity\-interval \fIinteger\fR;
+ sig\-re\-signing\-interval \fIinteger\fR;
+ sig\-signing\-nodes \fIinteger\fR;
+ sig\-signing\-signatures \fIinteger\fR;
+ sig\-signing\-type \fIinteger\fR;
+ transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ alt\-transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zone\-statistics \fIboolean\fR;
+ key\-directory \fIquoted_string\fR;
+ try\-tcp\-refresh \fIboolean\fR;
+ zero\-no\-soa\-ttl \fIboolean\fR;
+ zero\-no\-soa\-ttl\-cache \fIboolean\fR;
+ nsec3\-test\-zone \fIboolean\fR; // testing only
+ allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+ deallocate\-on\-exit \fIboolean\fR; // obsolete
+ fake\-iquery \fIboolean\fR; // obsolete
+ fetch\-glue \fIboolean\fR; // obsolete
+ has\-old\-clients \fIboolean\fR; // obsolete
+ maintain\-ixfr\-base \fIboolean\fR; // obsolete
+ max\-ixfr\-log\-size \fIsize\fR; // obsolete
+ multiple\-cnames \fIboolean\fR; // obsolete
+ named\-xfer \fIquoted_string\fR; // obsolete
+ serial\-queries \fIinteger\fR; // obsolete
+ treat\-cr\-as\-space \fIboolean\fR; // obsolete
+ use\-id\-pool \fIboolean\fR; // obsolete
+};
+.fi
+.RE
+.SH "VIEW"
+.sp
+.RS 4
+.nf
+view \fIstring\fR \fIoptional_class\fR {
+ match\-clients { \fIaddress_match_element\fR; ... };
+ match\-destinations { \fIaddress_match_element\fR; ... };
+ match\-recursive\-only \fIboolean\fR;
+ key \fIstring\fR {
+ algorithm \fIstring\fR;
+ secret \fIstring\fR;
+ };
+ zone \fIstring\fR \fIoptional_class\fR {
+ ...
+ };
+ server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
+ ...
+ };
+ trusted\-keys {
+ \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
+ };
+ allow\-recursion { \fIaddress_match_element\fR; ... };
+ allow\-recursion\-on { \fIaddress_match_element\fR; ... };
+ sortlist { \fIaddress_match_element\fR; ... };
+ topology { \fIaddress_match_element\fR; ... }; // not implemented
+ auth\-nxdomain \fIboolean\fR; // default changed
+ minimal\-responses \fIboolean\fR;
+ recursion \fIboolean\fR;
+ rrset\-order {
+ [ class \fIstring\fR ] [ type \fIstring\fR ]
+ [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
+ };
+ provide\-ixfr \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
+ rfc2308\-type1 \fIboolean\fR; // not yet implemented
+ additional\-from\-auth \fIboolean\fR;
+ additional\-from\-cache \fIboolean\fR;
+ query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
+ query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
+ use\-queryport\-pool \fIboolean\fR;
+ queryport\-pool\-ports \fIinteger\fR;
+ queryport\-pool\-updateinterval \fIinteger\fR;
+ cleaning\-interval \fIinteger\fR;
+ min\-roots \fIinteger\fR; // not implemented
+ lame\-ttl \fIinteger\fR;
+ max\-ncache\-ttl \fIinteger\fR;
+ max\-cache\-ttl \fIinteger\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ max\-cache\-size \fIsize\fR;
+ max\-acache\-size \fIsize\fR;
+ clients\-per\-query \fInumber\fR;
+ max\-clients\-per\-query \fInumber\fR;
+ check\-names ( master | slave | response )
+ ( fail | warn | ignore );
+ check\-mx ( fail | warn | ignore );
+ check\-integrity \fIboolean\fR;
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ cache\-file \fIquoted_string\fR; // test option
+ suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+ preferred\-glue \fIstring\fR;
+ dual\-stack\-servers [ port \fIinteger\fR ] {
+ ( \fIquoted_string\fR [port \fIinteger\fR] |
+ \fIipv4_address\fR [port \fIinteger\fR] |
+ \fIipv6_address\fR [port \fIinteger\fR] ); ...
+ };
+ edns\-udp\-size \fIinteger\fR;
+ max\-udp\-size \fIinteger\fR;
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+ disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+ dnssec\-enable \fIboolean\fR;
+ dnssec\-validation \fIboolean\fR;
+ dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+ dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
+ dnssec\-accept\-expired \fIboolean\fR;
+ empty\-server \fIstring\fR;
+ empty\-contact \fIstring\fR;
+ empty\-zones\-enable \fIboolean\fR;
+ disable\-empty\-zone \fIstring\fR;
+ dialup \fIdialuptype\fR;
+ ixfr\-from\-differences \fIixfrdiff\fR;
+ allow\-query { \fIaddress_match_element\fR; ... };
+ allow\-query\-on { \fIaddress_match_element\fR; ... };
+ allow\-query\-cache { \fIaddress_match_element\fR; ... };
+ allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
+ allow\-transfer { \fIaddress_match_element\fR; ... };
+ allow\-update { \fIaddress_match_element\fR; ... };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ update\-check\-ksk \fIboolean\fR;
+ masterfile\-format ( text | raw );
+ notify \fInotifytype\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-delay \fIseconds\fR;
+ notify\-to\-soa \fIboolean\fR;
+ also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+ [ port \fIinteger\fR ]; ... };
+ allow\-notify { \fIaddress_match_element\fR; ... };
+ forward ( first | only );
+ forwarders [ port \fIinteger\fR ] {
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ };
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ min\-refresh\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ sig\-validity\-interval \fIinteger\fR;
+ transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ alt\-transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zone\-statistics \fIboolean\fR;
+ try\-tcp\-refresh \fIboolean\fR;
+ key\-directory \fIquoted_string\fR;
+ zero\-no\-soa\-ttl \fIboolean\fR;
+ zero\-no\-soa\-ttl\-cache \fIboolean\fR;
+ allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+ fetch\-glue \fIboolean\fR; // obsolete
+ maintain\-ixfr\-base \fIboolean\fR; // obsolete
+ max\-ixfr\-log\-size \fIsize\fR; // obsolete
+};
+.fi
+.RE
+.SH "ZONE"
+.sp
+.RS 4
+.nf
+zone \fIstring\fR \fIoptional_class\fR {
+ type ( master | slave | stub | hint |
+ forward | delegation\-only );
+ file \fIquoted_string\fR;
+ masters [ port \fIinteger\fR ] {
+ ( \fImasters\fR |
+ \fIipv4_address\fR [port \fIinteger\fR] |
+ \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
+ };
+ database \fIstring\fR;
+ delegation\-only \fIboolean\fR;
+ check\-names ( fail | warn | ignore );
+ check\-mx ( fail | warn | ignore );
+ check\-integrity \fIboolean\fR;
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ dialup \fIdialuptype\fR;
+ ixfr\-from\-differences \fIboolean\fR;
+ journal \fIquoted_string\fR;
+ zero\-no\-soa\-ttl \fIboolean\fR;
+ allow\-query { \fIaddress_match_element\fR; ... };
+ allow\-query\-on { \fIaddress_match_element\fR; ... };
+ allow\-transfer { \fIaddress_match_element\fR; ... };
+ allow\-update { \fIaddress_match_element\fR; ... };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ update\-policy {
+ ( grant | deny ) \fIstring\fR
+ ( name | subdomain | wildcard | self | selfsub | selfwild |
+ krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
+ tcp\-self | 6to4\-self ) \fIstring\fR
+ \fIrrtypelist\fR; ...
+ };
+ update\-check\-ksk \fIboolean\fR;
+ masterfile\-format ( text | raw );
+ notify \fInotifytype\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+ notify\-delay \fIseconds\fR;
+ notify\-to\-soa \fIboolean\fR;
+ also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+ [ port \fIinteger\fR ]; ... };
+ allow\-notify { \fIaddress_match_element\fR; ... };
+ forward ( first | only );
+ forwarders [ port \fIinteger\fR ] {
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ };
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ min\-refresh\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ sig\-validity\-interval \fIinteger\fR;
+ transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ alt\-transfer\-source ( \fIipv4_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
+ [ port ( \fIinteger\fR | * ) ];
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zone\-statistics \fIboolean\fR;
+ try\-tcp\-refresh \fIboolean\fR;
+ key\-directory \fIquoted_string\fR;
+ nsec3\-test\-zone \fIboolean\fR; // testing only
+ ixfr\-base \fIquoted_string\fR; // obsolete
+ ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
+ maintain\-ixfr\-base \fIboolean\fR; // obsolete
+ max\-ixfr\-log\-size \fIsize\fR; // obsolete
+ pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
+};
+.fi
+.RE
+.SH "FILES"
+.PP
+\fI/etc/named.conf\fR
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
+\fBrndc\fR(8),
+BIND 9 Administrator Reference Manual.
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
new file mode 100644
index 0000000..a4a8044
--- /dev/null
+++ b/bin/named/named.conf.docbook
@@ -0,0 +1,629 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named.conf.docbook,v 1.39 2008/09/24 02:46:21 marka Exp $ -->
+<refentry>
+ <refentryinfo>
+ <date>Aug 13, 2004</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><filename>named.conf</filename></refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><filename>named.conf</filename></refname>
+ <refpurpose>configuration file for named</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named.conf</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><filename>named.conf</filename> is the configuration file
+ for
+ <command>named</command>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </para>
+ <para>
+ C style: /* */
+ </para>
+ <para>
+ C++ style: // to end of line
+ </para>
+ <para>
+ Unix style: # to end of line
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>ACL</title>
+ <literallayout>
+acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
+
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>KEY</title>
+ <literallayout>
+key <replaceable>domain_name</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>MASTERS</title>
+ <literallayout>
+masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>SERVER</title>
+ <literallayout>
+server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
+ bogus <replaceable>boolean</replaceable>;
+ edns <replaceable>boolean</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ provide-ixfr <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ keys <replaceable>server_key</replaceable>;
+ transfers <replaceable>integer</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ support-ixfr <replaceable>boolean</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>TRUSTED-KEYS</title>
+ <literallayout>
+trusted-keys {
+ <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>CONTROLS</title>
+ <literallayout>
+controls {
+ inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+ allow { <replaceable>address_match_element</replaceable>; ... }
+ <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
+ unix <replaceable>unsupported</replaceable>; // not implemented
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>LOGGING</title>
+ <literallayout>
+logging {
+ channel <replaceable>string</replaceable> {
+ file <replaceable>log_file</replaceable>;
+ syslog <replaceable>optional_facility</replaceable>;
+ null;
+ stderr;
+ severity <replaceable>log_severity</replaceable>;
+ print-time <replaceable>boolean</replaceable>;
+ print-severity <replaceable>boolean</replaceable>;
+ print-category <replaceable>boolean</replaceable>;
+ };
+ category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>LWRES</title>
+ <literallayout>
+lwres {
+ listen-on <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
+ search { <replaceable>string</replaceable>; ... };
+ ndots <replaceable>integer</replaceable>;
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+ <literallayout>
+options {
+ avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
+ avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
+ blackhole { <replaceable>address_match_element</replaceable>; ... };
+ coresize <replaceable>size</replaceable>;
+ datasize <replaceable>size</replaceable>;
+ directory <replaceable>quoted_string</replaceable>;
+ dump-file <replaceable>quoted_string</replaceable>;
+ files <replaceable>size</replaceable>;
+ heartbeat-interval <replaceable>integer</replaceable>;
+ host-statistics <replaceable>boolean</replaceable>; // not implemented
+ host-statistics-max <replaceable>number</replaceable>; // not implemented
+ hostname ( <replaceable>quoted_string</replaceable> | none );
+ interface-interval <replaceable>integer</replaceable>;
+ listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+ listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+ match-mapped-addresses <replaceable>boolean</replaceable>;
+ memstatistics-file <replaceable>quoted_string</replaceable>;
+ pid-file ( <replaceable>quoted_string</replaceable> | none );
+ port <replaceable>integer</replaceable>;
+ querylog <replaceable>boolean</replaceable>;
+ recursing-file <replaceable>quoted_string</replaceable>;
+ reserved-sockets <replaceable>integer</replaceable>;
+ random-device <replaceable>quoted_string</replaceable>;
+ recursive-clients <replaceable>integer</replaceable>;
+ serial-query-rate <replaceable>integer</replaceable>;
+ server-id ( <replaceable>quoted_string</replaceable> | none |;
+ stacksize <replaceable>size</replaceable>;
+ statistics-file <replaceable>quoted_string</replaceable>;
+ statistics-interval <replaceable>integer</replaceable>; // not yet implemented
+ tcp-clients <replaceable>integer</replaceable>;
+ tcp-listen-queue <replaceable>integer</replaceable>;
+ tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
+ tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
+ tkey-domain <replaceable>quoted_string</replaceable>;
+ transfers-per-ns <replaceable>integer</replaceable>;
+ transfers-in <replaceable>integer</replaceable>;
+ transfers-out <replaceable>integer</replaceable>;
+ use-ixfr <replaceable>boolean</replaceable>;
+ version ( <replaceable>quoted_string</replaceable> | none );
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ minimal-responses <replaceable>boolean</replaceable>;
+ recursion <replaceable>boolean</replaceable>;
+ rrset-order {
+ <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
+ <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
+ };
+ provide-ixfr <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-queryport-pool <replaceable>boolean</replaceable>;
+ queryport-pool-ports <replaceable>integer</replaceable>;
+ queryport-pool-updateinterval <replaceable>integer</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ min-roots <replaceable>integer</replaceable>; // not implemented
+ lame-ttl <replaceable>integer</replaceable>;
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-cache-ttl <replaceable>integer</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ max-cache-size <replaceable>size</replaceable>;
+ max-acache-size <replaceable>size</replaceable>;
+ clients-per-query <replaceable>number</replaceable>;
+ max-clients-per-query <replaceable>number</replaceable>;
+ check-names ( master | slave | response )
+ ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ cache-file <replaceable>quoted_string</replaceable>; // test option
+ suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
+ preferred-glue <replaceable>string</replaceable>;
+ dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
+ };
+ edns-udp-size <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-validation <replaceable>boolean</replaceable>;
+ dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+
+ empty-server <replaceable>string</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ disable-empty-zone <replaceable>string</replaceable>;
+
+ dialup <replaceable>dialuptype</replaceable>;
+ ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
+
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ update-check-ksk <replaceable>boolean</replaceable>;
+
+ masterfile-format ( text | raw );
+ notify <replaceable>notifytype</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-delay <replaceable>seconds</replaceable>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+ <optional> port <replaceable>integer</replaceable> </optional>; ... };
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+
+ max-journal-size <replaceable>size_no_default</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+
+ sig-validity-interval <replaceable>integer</replaceable>;
+ sig-re-signing-interval <replaceable>integer</replaceable>;
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+
+ zone-statistics <replaceable>boolean</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+
+ nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
+
+ allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
+ deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
+ fake-iquery <replaceable>boolean</replaceable>; // obsolete
+ fetch-glue <replaceable>boolean</replaceable>; // obsolete
+ has-old-clients <replaceable>boolean</replaceable>; // obsolete
+ maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+ max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+ multiple-cnames <replaceable>boolean</replaceable>; // obsolete
+ named-xfer <replaceable>quoted_string</replaceable>; // obsolete
+ serial-queries <replaceable>integer</replaceable>; // obsolete
+ treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
+ use-id-pool <replaceable>boolean</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>VIEW</title>
+ <literallayout>
+view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+ match-clients { <replaceable>address_match_element</replaceable>; ... };
+ match-destinations { <replaceable>address_match_element</replaceable>; ... };
+ match-recursive-only <replaceable>boolean</replaceable>;
+
+ key <replaceable>string</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
+ };
+
+ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+ ...
+ };
+
+ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
+ ...
+ };
+
+ trusted-keys {
+ <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ...
+ };
+
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ minimal-responses <replaceable>boolean</replaceable>;
+ recursion <replaceable>boolean</replaceable>;
+ rrset-order {
+ <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
+ <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
+ };
+ provide-ixfr <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-queryport-pool <replaceable>boolean</replaceable>;
+ queryport-pool-ports <replaceable>integer</replaceable>;
+ queryport-pool-updateinterval <replaceable>integer</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ min-roots <replaceable>integer</replaceable>; // not implemented
+ lame-ttl <replaceable>integer</replaceable>;
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-cache-ttl <replaceable>integer</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ max-cache-size <replaceable>size</replaceable>;
+ max-acache-size <replaceable>size</replaceable>;
+ clients-per-query <replaceable>number</replaceable>;
+ max-clients-per-query <replaceable>number</replaceable>;
+ check-names ( master | slave | response )
+ ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ cache-file <replaceable>quoted_string</replaceable>; // test option
+ suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
+ preferred-glue <replaceable>string</replaceable>;
+ dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
+ };
+ edns-udp-size <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-validation <replaceable>boolean</replaceable>;
+ dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+
+ empty-server <replaceable>string</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ disable-empty-zone <replaceable>string</replaceable>;
+
+ dialup <replaceable>dialuptype</replaceable>;
+ ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
+
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ update-check-ksk <replaceable>boolean</replaceable>;
+
+ masterfile-format ( text | raw );
+ notify <replaceable>notifytype</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-delay <replaceable>seconds</replaceable>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+ <optional> port <replaceable>integer</replaceable> </optional>; ... };
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+
+ max-journal-size <replaceable>size_no_default</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable>;
+
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+
+ zone-statistics <replaceable>boolean</replaceable>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+
+ allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
+ fetch-glue <replaceable>boolean</replaceable>; // obsolete
+ maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+ max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>ZONE</title>
+ <literallayout>
+zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+ type ( master | slave | stub | hint |
+ forward | delegation-only );
+ file <replaceable>quoted_string</replaceable>;
+
+ masters <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
+ };
+
+ database <replaceable>string</replaceable>;
+ delegation-only <replaceable>boolean</replaceable>;
+ check-names ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ dialup <replaceable>dialuptype</replaceable>;
+ ixfr-from-differences <replaceable>boolean</replaceable>;
+ journal <replaceable>quoted_string</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ update-policy {
+ ( grant | deny ) <replaceable>string</replaceable>
+ ( name | subdomain | wildcard | self | selfsub | selfwild |
+ krb5-self | ms-self | krb5-subdomain | ms-subdomain |
+ tcp-self | 6to4-self ) <replaceable>string</replaceable>
+ <replaceable>rrtypelist</replaceable>; ...
+ };
+ update-check-ksk <replaceable>boolean</replaceable>;
+
+ masterfile-format ( text | raw );
+ notify <replaceable>notifytype</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-delay <replaceable>seconds</replaceable>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+ <optional> port <replaceable>integer</replaceable> </optional>; ... };
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+
+ max-journal-size <replaceable>size_no_default</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable>;
+
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+
+ zone-statistics <replaceable>boolean</replaceable>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+
+ nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
+
+ ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
+ ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
+ maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+ max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+ pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+ <para><filename>/etc/named.conf</filename>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
new file mode 100644
index 0000000..7bbbd0a
--- /dev/null
+++ b/bin/named/named.conf.html
@@ -0,0 +1,585 @@
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: named.conf.html,v 1.45 2008/09/25 04:45:04 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2476275"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543342"></a><h2>DESCRIPTION</h2>
+<p><code class="filename">named.conf</code> is the configuration file
+ for
+ <span><strong class="command">named</strong></span>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </p>
+<p>
+ C style: /* */
+ </p>
+<p>
+ C++ style: // to end of line
+ </p>
+<p>
+ Unix style: # to end of line
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543370"></a><h2>ACL</h2>
+<div class="literallayout"><p><br>
+acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543386"></a><h2>KEY</h2>
+<div class="literallayout"><p><br>
+key <em class="replaceable"><code>domain_name</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543405"></a><h2>MASTERS</h2>
+<div class="literallayout"><p><br>
+masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543451"></a><h2>SERVER</h2>
+<div class="literallayout"><p><br>
+server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
+ bogus <em class="replaceable"><code>boolean</code></em>;<br>
+ edns <em class="replaceable"><code>boolean</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ keys <em class="replaceable"><code>server_key</code></em>;<br>
+ transfers <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543520"></a><h2>TRUSTED-KEYS</h2>
+<div class="literallayout"><p><br>
+trusted-keys {<br>
+ <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543545"></a><h2>CONTROLS</h2>
+<div class="literallayout"><p><br>
+controls {<br>
+ inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
+ [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
+ unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543580"></a><h2>LOGGING</h2>
+<div class="literallayout"><p><br>
+logging {<br>
+ channel <em class="replaceable"><code>string</code></em> {<br>
+ file <em class="replaceable"><code>log_file</code></em>;<br>
+ syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
+ null;<br>
+ stderr;<br>
+ severity <em class="replaceable"><code>log_severity</code></em>;<br>
+ print-time <em class="replaceable"><code>boolean</code></em>;<br>
+ print-severity <em class="replaceable"><code>boolean</code></em>;<br>
+ print-category <em class="replaceable"><code>boolean</code></em>;<br>
+ };<br>
+ category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543619"></a><h2>LWRES</h2>
+<div class="literallayout"><p><br>
+lwres {<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
+ search { <em class="replaceable"><code>string</code></em>; ... };<br>
+ ndots <em class="replaceable"><code>integer</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543660"></a><h2>OPTIONS</h2>
+<div class="literallayout"><p><br>
+options {<br>
+ avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+ avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+ blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ coresize <em class="replaceable"><code>size</code></em>;<br>
+ datasize <em class="replaceable"><code>size</code></em>;<br>
+ directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ files <em class="replaceable"><code>size</code></em>;<br>
+ heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
+ host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
+ host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
+ hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ interface-interval <em class="replaceable"><code>integer</code></em>;<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
+ memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ port <em class="replaceable"><code>integer</code></em>;<br>
+ querylog <em class="replaceable"><code>boolean</code></em>;<br>
+ recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
+ random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
+ recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
+ serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
+ server-id ( <em class="replaceable"><code>quoted_string</code></em> | none |;<br>
+ stacksize <em class="replaceable"><code>size</code></em>;<br>
+ statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
+ tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
+ tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
+ tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
+ tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
+ tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
+ transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+ transfers-in <em class="replaceable"><code>integer</code></em>;<br>
+ transfers-out <em class="replaceable"><code>integer</code></em>;<br>
+ use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
+ rrset-order {<br>
+ [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+ [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
+ };<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
+ queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
+ queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ max-cache-size <em class="replaceable"><code>size</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ check-names ( master | slave | response )<br>
+ ( fail | warn | ignore );<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
+ suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
+ };<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
+ empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+<br>
+ dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
+<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ masterfile-format ( text | raw );<br>
+ notify <em class="replaceable"><code>notifytype</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+ [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+ sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
+<br>
+ allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+ deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+ multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
+ treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544452"></a><h2>VIEW</h2>
+<div class="literallayout"><p><br>
+view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+ match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ key <em class="replaceable"><code>string</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
+ };<br>
+<br>
+ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+ ...<br>
+ };<br>
+<br>
+ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
+ ...<br>
+ };<br>
+<br>
+ trusted-keys {<br>
+ <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ...<br>
+ };<br>
+<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
+ rrset-order {<br>
+ [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+ [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
+ };<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
+ queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
+ queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ max-cache-size <em class="replaceable"><code>size</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ check-names ( master | slave | response )<br>
+ ( fail | warn | ignore );<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
+ suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
+ };<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
+ empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+<br>
+ dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
+<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ masterfile-format ( text | raw );<br>
+ notify <em class="replaceable"><code>notifytype</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+ [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+ fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545113"></a><h2>ZONE</h2>
+<div class="literallayout"><p><br>
+zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+ type ( master | slave | stub | hint |<br>
+ forward | delegation-only );<br>
+ file <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+ masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+ check-names ( fail | warn | ignore );<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+ journal <em class="replaceable"><code>quoted_string</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ update-policy {<br>
+ ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
+ ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
+                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
+   tcp-self | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
+ <em class="replaceable"><code>rrtypelist</code></em>; ...<br>
+ };<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ masterfile-format ( text | raw );<br>
+ notify <em class="replaceable"><code>notifytype</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+ [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
+<br>
+ ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+ pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545410"></a><h2>FILES</h2>
+<p><code class="filename">/etc/named.conf</code>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2545421"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
new file mode 100644
index 0000000..f47eae1
--- /dev/null
+++ b/bin/named/named.docbook
@@ -0,0 +1,445 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named.docbook,v 1.23 2008/11/06 05:30:24 marka Exp $ -->
+<refentry id="man.named">
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>named</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>named</application></refname>
+ <refpurpose>Internet domain name server</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named</command>
+ <arg><option>-4</option></arg>
+ <arg><option>-6</option></arg>
+ <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
+ <arg><option>-f</option></arg>
+ <arg><option>-g</option></arg>
+ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-s</option></arg>
+ <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ <arg><option>-v</option></arg>
+ <arg><option>-V</option></arg>
+ <arg><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>named</command>
+ is a Domain Name System (DNS) server,
+ part of the BIND 9 distribution from ISC. For more
+ information on the DNS, see RFCs 1033, 1034, and 1035.
+ </para>
+ <para>
+ When invoked without arguments, <command>named</command>
+ will
+ read the default configuration file
+ <filename>/etc/named.conf</filename>, read any initial
+ data, and listen for queries.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-4</term>
+ <listitem>
+ <para>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <option>-4</option> and <option>-6</option> are mutually
+ exclusive.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-6</term>
+ <listitem>
+ <para>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <option>-4</option> and <option>-6</option> are mutually
+ exclusive.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>-c <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/named.conf</filename>. To
+ ensure that reloading the configuration file continues
+ to work after the server has changed its working
+ directory due to to a possible
+ <option>directory</option> option in the configuration
+ file, <replaceable class="parameter">config-file</replaceable> should be
+ an absolute pathname.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-d <replaceable class="parameter">debug-level</replaceable></term>
+ <listitem>
+ <para>
+ Set the daemon's debug level to <replaceable class="parameter">debug-level</replaceable>.
+ Debugging traces from <command>named</command> become
+ more verbose as the debug level increases.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-f</term>
+ <listitem>
+ <para>
+ Run the server in the foreground (i.e. do not daemonize).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-g</term>
+ <listitem>
+ <para>
+ Run the server in the foreground and force all logging
+ to <filename>stderr</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m <replaceable class="parameter">flag</replaceable></term>
+ <listitem>
+ <para>
+ Turn on memory usage debugging flags. Possible flags are
+ <replaceable class="parameter">usage</replaceable>,
+ <replaceable class="parameter">trace</replaceable>,
+ <replaceable class="parameter">record</replaceable>,
+ <replaceable class="parameter">size</replaceable>, and
+ <replaceable class="parameter">mctx</replaceable>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <filename>&lt;isc/mem.h&gt;</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-n <replaceable class="parameter">#cpus</replaceable></term>
+ <listitem>
+ <para>
+ Create <replaceable class="parameter">#cpus</replaceable> worker threads
+ to take advantage of multiple CPUs. If not specified,
+ <command>named</command> will try to determine the
+ number of CPUs present and create one thread per CPU.
+ If it is unable to determine the number of CPUs, a
+ single worker thread will be created.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Listen for queries on port <replaceable class="parameter">port</replaceable>. If not
+ specified, the default is port 53.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s</term>
+ <listitem>
+ <para>
+ Write memory usage statistics to <filename>stdout</filename> on exit.
+ </para>
+ <note>
+ <para>
+ This option is mainly of interest to BIND 9 developers
+ and may be removed or changed in a future release.
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-S <replaceable class="parameter">#max-socks</replaceable></term>
+ <listitem>
+ <para>
+ Allow <command>named</command> to use up to
+ <replaceable class="parameter">#max-socks</replaceable> sockets.
+ </para>
+ <warning>
+ <para>
+ This option should be unnecessary for the vast majority
+ of users.
+ The use of this option could even be harmful because the
+ specified value may exceed the limitation of the
+ underlying system API.
+ It is therefore set only when the default configuration
+ causes exhaustion of file descriptors and the
+ operational environment is known to support the
+ specified number of sockets.
+ Note also that the actual maximum number is normally a little
+ fewer than the specified value because
+ <command>named</command> reserves some file descriptors
+ for its internal use.
+ </para>
+ </warning>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">directory</replaceable></term>
+ <listitem>
+ <para>Chroot
+ to <replaceable class="parameter">directory</replaceable> after
+ processing the command line arguments, but before
+ reading the configuration file.
+ </para>
+ <warning>
+ <para>
+ This option should be used in conjunction with the
+ <option>-u</option> option, as chrooting a process
+ running as root doesn't enhance security on most
+ systems; the way <function>chroot(2)</function> is
+ defined allows a process with root privileges to
+ escape a chroot jail.
+ </para>
+ </warning>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-u <replaceable class="parameter">user</replaceable></term>
+ <listitem>
+ <para>Setuid
+ to <replaceable class="parameter">user</replaceable> after completing
+ privileged operations, such as creating sockets that
+ listen on privileged ports.
+ </para>
+ <note>
+ <para>
+ On Linux, <command>named</command> uses the kernel's
+ capability mechanism to drop all root privileges
+ except the ability to <function>bind(2)</function> to
+ a
+ privileged port and set process resource limits.
+ Unfortunately, this means that the <option>-u</option>
+ option only works when <command>named</command> is
+ run
+ on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
+ later, since previous kernels did not allow privileges
+ to be retained after <function>setuid(2)</function>.
+ </para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem>
+ <para>
+ Report the version number and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-V</term>
+ <listitem>
+ <para>
+ Report the version number and build options, and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-x <replaceable class="parameter">cache-file</replaceable></term>
+ <listitem>
+ <para>
+ Load data from <replaceable class="parameter">cache-file</replaceable> into the
+ cache of the default view.
+ </para>
+ <warning>
+ <para>
+ This option must not be used. It is only of interest
+ to BIND 9 developers and may be removed or changed in a
+ future release.
+ </para>
+ </warning>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>SIGNALS</title>
+ <para>
+ In routine operation, signals should not be used to control
+ the nameserver; <command>rndc</command> should be used
+ instead.
+ </para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>SIGHUP</term>
+ <listitem>
+ <para>
+ Force a reload of the server.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>SIGINT, SIGTERM</term>
+ <listitem>
+ <para>
+ Shut down the server.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ <para>
+ The result of sending any other signals to the server is undefined.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>CONFIGURATION</title>
+ <para>
+ The <command>named</command> configuration file is too complex
+ to describe in detail here. A complete description is provided
+ in the
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><filename>/etc/named.conf</filename></term>
+ <listitem>
+ <para>
+ The default configuration file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><filename>/var/run/named/named.pid</filename></term>
+ <listitem>
+ <para>
+ The default process-id file.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citetitle>RFC 1033</citetitle>,
+ <citetitle>RFC 1034</citetitle>,
+ <citetitle>RFC 1035</citetitle>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkzone</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>lwresd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/named/named.html b/bin/named/named.html
new file mode 100644
index 0000000..23c9a7c
--- /dev/null
+++ b/bin/named/named.html
@@ -0,0 +1,284 @@
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: named.html,v 1.30 2008/11/07 01:11:19 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.named"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named</span> &#8212; Internet domain name server</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543468"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">named</strong></span>
+ is a Domain Name System (DNS) server,
+ part of the BIND 9 distribution from ISC. For more
+ information on the DNS, see RFCs 1033, 1034, and 1035.
+ </p>
+<p>
+ When invoked without arguments, <span><strong class="command">named</strong></span>
+ will
+ read the default configuration file
+ <code class="filename">/etc/named.conf</code>, read any initial
+ data, and listen for queries.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543493"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-4</span></dt>
+<dd><p>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-6</span></dt>
+<dd><p>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/named.conf</code>. To
+ ensure that reloading the configuration file continues
+ to work after the server has changed its working
+ directory due to to a possible
+ <code class="option">directory</code> option in the configuration
+ file, <em class="replaceable"><code>config-file</code></em> should be
+ an absolute pathname.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
+<dd><p>
+ Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
+ Debugging traces from <span><strong class="command">named</strong></span> become
+ more verbose as the debug level increases.
+ </p></dd>
+<dt><span class="term">-f</span></dt>
+<dd><p>
+ Run the server in the foreground (i.e. do not daemonize).
+ </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+ Run the server in the foreground and force all logging
+ to <code class="filename">stderr</code>.
+ </p></dd>
+<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Turn on memory usage debugging flags. Possible flags are
+ <em class="replaceable"><code>usage</code></em>,
+ <em class="replaceable"><code>trace</code></em>,
+ <em class="replaceable"><code>record</code></em>,
+ <em class="replaceable"><code>size</code></em>, and
+ <em class="replaceable"><code>mctx</code></em>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <code class="filename">&lt;isc/mem.h&gt;</code>.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
+<dd><p>
+ Create <em class="replaceable"><code>#cpus</code></em> worker threads
+ to take advantage of multiple CPUs. If not specified,
+ <span><strong class="command">named</strong></span> will try to determine the
+ number of CPUs present and create one thread per CPU.
+ If it is unable to determine the number of CPUs, a
+ single worker thread will be created.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Listen for queries on port <em class="replaceable"><code>port</code></em>. If not
+ specified, the default is port 53.
+ </p></dd>
+<dt><span class="term">-s</span></dt>
+<dd>
+<p>
+ Write memory usage statistics to <code class="filename">stdout</code> on exit.
+ </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+ This option is mainly of interest to BIND 9 developers
+ and may be removed or changed in a future release.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
+<dd>
+<p>
+ Allow <span><strong class="command">named</strong></span> to use up to
+ <em class="replaceable"><code>#max-socks</code></em> sockets.
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option should be unnecessary for the vast majority
+ of users.
+ The use of this option could even be harmful because the
+ specified value may exceed the limitation of the
+ underlying system API.
+ It is therefore set only when the default configuration
+ causes exhaustion of file descriptors and the
+ operational environment is known to support the
+ specified number of sockets.
+ Note also that the actual maximum number is normally a little
+ fewer than the specified value because
+ <span><strong class="command">named</strong></span> reserves some file descriptors
+ for its internal use.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+<p>Chroot
+ to <em class="replaceable"><code>directory</code></em> after
+ processing the command line arguments, but before
+ reading the configuration file.
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option should be used in conjunction with the
+ <code class="option">-u</code> option, as chrooting a process
+ running as root doesn't enhance security on most
+ systems; the way <code class="function">chroot(2)</code> is
+ defined allows a process with root privileges to
+ escape a chroot jail.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd>
+<p>Setuid
+ to <em class="replaceable"><code>user</code></em> after completing
+ privileged operations, such as creating sockets that
+ listen on privileged ports.
+ </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+ On Linux, <span><strong class="command">named</strong></span> uses the kernel's
+ capability mechanism to drop all root privileges
+ except the ability to <code class="function">bind(2)</code> to
+ a
+ privileged port and set process resource limits.
+ Unfortunately, this means that the <code class="option">-u</code>
+ option only works when <span><strong class="command">named</strong></span> is
+ run
+ on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
+ later, since previous kernels did not allow privileges
+ to be retained after <code class="function">setuid(2)</code>.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Report the version number and exit.
+ </p></dd>
+<dt><span class="term">-V</span></dt>
+<dd><p>
+ Report the version number and build options, and exit.
+ </p></dd>
+<dt><span class="term">-x <em class="replaceable"><code>cache-file</code></em></span></dt>
+<dd>
+<p>
+ Load data from <em class="replaceable"><code>cache-file</code></em> into the
+ cache of the default view.
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option must not be used. It is only of interest
+ to BIND 9 developers and may be removed or changed in a
+ future release.
+ </p>
+</div>
+</dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543928"></a><h2>SIGNALS</h2>
+<p>
+ In routine operation, signals should not be used to control
+ the nameserver; <span><strong class="command">rndc</strong></span> should be used
+ instead.
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term">SIGHUP</span></dt>
+<dd><p>
+ Force a reload of the server.
+ </p></dd>
+<dt><span class="term">SIGINT, SIGTERM</span></dt>
+<dd><p>
+ Shut down the server.
+ </p></dd>
+</dl></div>
+<p>
+ The result of sending any other signals to the server is undefined.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543976"></a><h2>CONFIGURATION</h2>
+<p>
+ The <span><strong class="command">named</strong></span> configuration file is too complex
+ to describe in detail here. A complete description is provided
+ in the
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543993"></a><h2>FILES</h2>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
+<dd><p>
+ The default configuration file.
+ </p></dd>
+<dt><span class="term"><code class="filename">/var/run/named/named.pid</code></span></dt>
+<dd><p>
+ The default process-id file.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544033"></a><h2>SEE ALSO</h2>
+<p><em class="citetitle">RFC 1033</em>,
+ <em class="citetitle">RFC 1034</em>,
+ <em class="citetitle">RFC 1035</em>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544171"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/named/notify.c b/bin/named/notify.c
new file mode 100644
index 0000000..de52b8c
--- /dev/null
+++ b/bin/named/notify.c
@@ -0,0 +1,174 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: notify.c,v 1.37 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <isc/log.h>
+#include <isc/print.h>
+
+#include <dns/message.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+#include <dns/zt.h>
+
+#include <named/log.h>
+#include <named/notify.h>
+
+/*! \file
+ * \brief
+ * This module implements notify as in RFC1996.
+ */
+
+static void
+notify_log(ns_client_t *client, int level, const char *fmt, ...) {
+ va_list ap;
+
+ va_start(ap, fmt);
+ ns_client_logv(client, DNS_LOGCATEGORY_NOTIFY, NS_LOGMODULE_NOTIFY,
+ level, fmt, ap);
+ va_end(ap);
+}
+
+static void
+respond(ns_client_t *client, isc_result_t result) {
+ dns_rcode_t rcode;
+ dns_message_t *message;
+ isc_result_t msg_result;
+
+ message = client->message;
+ rcode = dns_result_torcode(result);
+
+ msg_result = dns_message_reply(message, ISC_TRUE);
+ if (msg_result != ISC_R_SUCCESS)
+ msg_result = dns_message_reply(message, ISC_FALSE);
+ if (msg_result != ISC_R_SUCCESS) {
+ ns_client_next(client, msg_result);
+ return;
+ }
+ message->rcode = rcode;
+ if (rcode == dns_rcode_noerror)
+ message->flags |= DNS_MESSAGEFLAG_AA;
+ else
+ message->flags &= ~DNS_MESSAGEFLAG_AA;
+ ns_client_send(client);
+}
+
+void
+ns_notify_start(ns_client_t *client) {
+ dns_message_t *request = client->message;
+ isc_result_t result;
+ dns_name_t *zonename;
+ dns_rdataset_t *zone_rdataset;
+ dns_zone_t *zone = NULL;
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char tsigbuf[DNS_NAME_FORMATSIZE + sizeof(": TSIG ''")];
+ dns_tsigkey_t *tsigkey;
+
+ /*
+ * Interpret the question section.
+ */
+ result = dns_message_firstname(request, DNS_SECTION_QUESTION);
+ if (result != ISC_R_SUCCESS) {
+ notify_log(client, ISC_LOG_NOTICE,
+ "notify question section empty");
+ goto formerr;
+ }
+
+ /*
+ * The question section must contain exactly one question.
+ */
+ zonename = NULL;
+ dns_message_currentname(request, DNS_SECTION_QUESTION, &zonename);
+ zone_rdataset = ISC_LIST_HEAD(zonename->list);
+ if (ISC_LIST_NEXT(zone_rdataset, link) != NULL) {
+ notify_log(client, ISC_LOG_NOTICE,
+ "notify question section contains multiple RRs");
+ goto formerr;
+ }
+
+ /* The zone section must have exactly one name. */
+ result = dns_message_nextname(request, DNS_SECTION_ZONE);
+ if (result != ISC_R_NOMORE) {
+ notify_log(client, ISC_LOG_NOTICE,
+ "notify question section contains multiple RRs");
+ goto formerr;
+ }
+
+ /* The one rdataset must be an SOA. */
+ if (zone_rdataset->type != dns_rdatatype_soa) {
+ notify_log(client, ISC_LOG_NOTICE,
+ "notify question section contains no SOA");
+ goto formerr;
+ }
+
+ tsigkey = dns_message_gettsigkey(request);
+ if (tsigkey != NULL) {
+ dns_name_format(&tsigkey->name, namebuf, sizeof(namebuf));
+
+ if (tsigkey->generated) {
+ char cnamebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(tsigkey->creator, cnamebuf,
+ sizeof(cnamebuf));
+ snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s' (%s)",
+ namebuf, cnamebuf);
+ } else {
+ snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s'",
+ namebuf);
+ }
+ } else
+ tsigbuf[0] = '\0';
+ dns_name_format(zonename, namebuf, sizeof(namebuf));
+ result = dns_zt_find(client->view->zonetable, zonename, 0, NULL,
+ &zone);
+ if (result != ISC_R_SUCCESS)
+ goto notauth;
+
+ switch (dns_zone_gettype(zone)) {
+ case dns_zone_master:
+ case dns_zone_slave:
+ case dns_zone_stub: /* Allow dialup passive to work. */
+ notify_log(client, ISC_LOG_INFO,
+ "received notify for zone '%s'%s", namebuf, tsigbuf);
+ respond(client, dns_zone_notifyreceive(zone,
+ ns_client_getsockaddr(client), request));
+ break;
+ default:
+ goto notauth;
+ }
+ dns_zone_detach(&zone);
+ return;
+
+ notauth:
+ notify_log(client, ISC_LOG_NOTICE,
+ "received notify for zone '%s'%s: not authoritative",
+ namebuf, tsigbuf);
+ result = DNS_R_NOTAUTH;
+ goto failure;
+
+ formerr:
+ result = DNS_R_FORMERR;
+
+ failure:
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ respond(client, result);
+}
diff --git a/bin/named/query.c b/bin/named/query.c
new file mode 100644
index 0000000..cacd70a
--- /dev/null
+++ b/bin/named/query.c
@@ -0,0 +1,5096 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: query.c,v 1.313 2008/11/03 23:57:22 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <string.h>
+
+#include <isc/mem.h>
+#include <isc/util.h>
+#include <isc/hex.h>
+
+#include <dns/adb.h>
+#include <dns/byaddr.h>
+#include <dns/db.h>
+#ifdef DLZ
+#include <dns/dlz.h>
+#endif
+#include <dns/dnssec.h>
+#include <dns/events.h>
+#include <dns/message.h>
+#include <dns/ncache.h>
+#include <dns/nsec3.h>
+#include <dns/order.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/resolver.h>
+#include <dns/result.h>
+#include <dns/stats.h>
+#include <dns/tkey.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+#include <dns/zt.h>
+
+#include <named/client.h>
+#include <named/log.h>
+#include <named/server.h>
+#include <named/sortlist.h>
+#include <named/xfrout.h>
+
+/*% Partial answer? */
+#define PARTIALANSWER(c) (((c)->query.attributes & \
+ NS_QUERYATTR_PARTIALANSWER) != 0)
+/*% Use Cache? */
+#define USECACHE(c) (((c)->query.attributes & \
+ NS_QUERYATTR_CACHEOK) != 0)
+/*% Recursion OK? */
+#define RECURSIONOK(c) (((c)->query.attributes & \
+ NS_QUERYATTR_RECURSIONOK) != 0)
+/*% Recursing? */
+#define RECURSING(c) (((c)->query.attributes & \
+ NS_QUERYATTR_RECURSING) != 0)
+/*% Cache glue ok? */
+#define CACHEGLUEOK(c) (((c)->query.attributes & \
+ NS_QUERYATTR_CACHEGLUEOK) != 0)
+/*% Want Recursion? */
+#define WANTRECURSION(c) (((c)->query.attributes & \
+ NS_QUERYATTR_WANTRECURSION) != 0)
+/*% Want DNSSEC? */
+#define WANTDNSSEC(c) (((c)->attributes & \
+ NS_CLIENTATTR_WANTDNSSEC) != 0)
+/*% No authority? */
+#define NOAUTHORITY(c) (((c)->query.attributes & \
+ NS_QUERYATTR_NOAUTHORITY) != 0)
+/*% No additional? */
+#define NOADDITIONAL(c) (((c)->query.attributes & \
+ NS_QUERYATTR_NOADDITIONAL) != 0)
+/*% Secure? */
+#define SECURE(c) (((c)->query.attributes & \
+ NS_QUERYATTR_SECURE) != 0)
+
+/*% No QNAME Proof? */
+#define NOQNAME(r) (((r)->attributes & \
+ DNS_RDATASETATTR_NOQNAME) != 0)
+
+#if 0
+#define CTRACE(m) isc_log_write(ns_g_lctx, \
+ NS_LOGCATEGORY_CLIENT, \
+ NS_LOGMODULE_QUERY, \
+ ISC_LOG_DEBUG(3), \
+ "client %p: %s", client, (m))
+#define QTRACE(m) isc_log_write(ns_g_lctx, \
+ NS_LOGCATEGORY_GENERAL, \
+ NS_LOGMODULE_QUERY, \
+ ISC_LOG_DEBUG(3), \
+ "query %p: %s", query, (m))
+#else
+#define CTRACE(m) ((void)m)
+#define QTRACE(m) ((void)m)
+#endif
+
+#define DNS_GETDB_NOEXACT 0x01U
+#define DNS_GETDB_NOLOG 0x02U
+#define DNS_GETDB_PARTIAL 0x04U
+
+typedef struct client_additionalctx {
+ ns_client_t *client;
+ dns_rdataset_t *rdataset;
+} client_additionalctx_t;
+
+static void
+query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
+
+static isc_boolean_t
+validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
+ dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
+
+static void
+query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
+ dns_dbversion_t *version, ns_client_t *client,
+ dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
+ dns_name_t *fname, isc_boolean_t exact,
+ dns_name_t *found);
+
+/*%
+ * Increment query statistics counters.
+ */
+static inline void
+inc_stats(ns_client_t *client, dns_statscounter_t counter) {
+ dns_zone_t *zone = client->query.authzone;
+
+ dns_generalstats_increment(ns_g_server->nsstats, counter);
+
+ if (zone != NULL) {
+ dns_stats_t *zonestats = dns_zone_getrequeststats(zone);
+ if (zonestats != NULL)
+ dns_generalstats_increment(zonestats, counter);
+ }
+}
+
+static void
+query_send(ns_client_t *client) {
+ dns_statscounter_t counter;
+ if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0)
+ inc_stats(client, dns_nsstatscounter_nonauthans);
+ else
+ inc_stats(client, dns_nsstatscounter_authans);
+ if (client->message->rcode == dns_rcode_noerror) {
+ if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) {
+ if (client->query.isreferral) {
+ counter = dns_nsstatscounter_referral;
+ } else {
+ counter = dns_nsstatscounter_nxrrset;
+ }
+ } else {
+ counter = dns_nsstatscounter_success;
+ }
+ } else if (client->message->rcode == dns_rcode_nxdomain) {
+ counter = dns_nsstatscounter_nxdomain;
+ } else {
+ /* We end up here in case of YXDOMAIN, and maybe others */
+ counter = dns_nsstatscounter_failure;
+ }
+ inc_stats(client, counter);
+ ns_client_send(client);
+}
+
+static void
+query_error(ns_client_t *client, isc_result_t result) {
+ switch (result) {
+ case DNS_R_SERVFAIL:
+ inc_stats(client, dns_nsstatscounter_servfail);
+ break;
+ case DNS_R_FORMERR:
+ inc_stats(client, dns_nsstatscounter_formerr);
+ break;
+ default:
+ inc_stats(client, dns_nsstatscounter_failure);
+ break;
+ }
+ ns_client_error(client, result);
+}
+
+static void
+query_next(ns_client_t *client, isc_result_t result) {
+ if (result == DNS_R_DUPLICATE)
+ inc_stats(client, dns_nsstatscounter_duplicate);
+ else if (result == DNS_R_DROP)
+ inc_stats(client, dns_nsstatscounter_dropped);
+ else
+ inc_stats(client, dns_nsstatscounter_failure);
+ ns_client_next(client, result);
+}
+
+static inline void
+query_freefreeversions(ns_client_t *client, isc_boolean_t everything) {
+ ns_dbversion_t *dbversion, *dbversion_next;
+ unsigned int i;
+
+ for (dbversion = ISC_LIST_HEAD(client->query.freeversions), i = 0;
+ dbversion != NULL;
+ dbversion = dbversion_next, i++)
+ {
+ dbversion_next = ISC_LIST_NEXT(dbversion, link);
+ /*
+ * If we're not freeing everything, we keep the first three
+ * dbversions structures around.
+ */
+ if (i > 3 || everything) {
+ ISC_LIST_UNLINK(client->query.freeversions, dbversion,
+ link);
+ isc_mem_put(client->mctx, dbversion,
+ sizeof(*dbversion));
+ }
+ }
+}
+
+void
+ns_query_cancel(ns_client_t *client) {
+ LOCK(&client->query.fetchlock);
+ if (client->query.fetch != NULL) {
+ dns_resolver_cancelfetch(client->query.fetch);
+
+ client->query.fetch = NULL;
+ }
+ UNLOCK(&client->query.fetchlock);
+}
+
+static inline void
+query_reset(ns_client_t *client, isc_boolean_t everything) {
+ isc_buffer_t *dbuf, *dbuf_next;
+ ns_dbversion_t *dbversion, *dbversion_next;
+
+ /*%
+ * Reset the query state of a client to its default state.
+ */
+
+ /*
+ * Cancel the fetch if it's running.
+ */
+ ns_query_cancel(client);
+
+ /*
+ * Cleanup any active versions.
+ */
+ for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
+ dbversion != NULL;
+ dbversion = dbversion_next) {
+ dbversion_next = ISC_LIST_NEXT(dbversion, link);
+ dns_db_closeversion(dbversion->db, &dbversion->version,
+ ISC_FALSE);
+ dns_db_detach(&dbversion->db);
+ ISC_LIST_INITANDAPPEND(client->query.freeversions,
+ dbversion, link);
+ }
+ ISC_LIST_INIT(client->query.activeversions);
+
+ if (client->query.authdb != NULL)
+ dns_db_detach(&client->query.authdb);
+ if (client->query.authzone != NULL)
+ dns_zone_detach(&client->query.authzone);
+
+ query_freefreeversions(client, everything);
+
+ for (dbuf = ISC_LIST_HEAD(client->query.namebufs);
+ dbuf != NULL;
+ dbuf = dbuf_next) {
+ dbuf_next = ISC_LIST_NEXT(dbuf, link);
+ if (dbuf_next != NULL || everything) {
+ ISC_LIST_UNLINK(client->query.namebufs, dbuf, link);
+ isc_buffer_free(&dbuf);
+ }
+ }
+
+ if (client->query.restarts > 0) {
+ /*
+ * client->query.qname was dynamically allocated.
+ */
+ dns_message_puttempname(client->message,
+ &client->query.qname);
+ }
+ client->query.qname = NULL;
+ client->query.attributes = (NS_QUERYATTR_RECURSIONOK |
+ NS_QUERYATTR_CACHEOK |
+ NS_QUERYATTR_SECURE);
+ client->query.restarts = 0;
+ client->query.timerset = ISC_FALSE;
+ client->query.origqname = NULL;
+ client->query.qname = NULL;
+ client->query.dboptions = 0;
+ client->query.fetchoptions = 0;
+ client->query.gluedb = NULL;
+ client->query.authdbset = ISC_FALSE;
+ client->query.isreferral = ISC_FALSE;
+}
+
+static void
+query_next_callback(ns_client_t *client) {
+ query_reset(client, ISC_FALSE);
+}
+
+void
+ns_query_free(ns_client_t *client) {
+ query_reset(client, ISC_TRUE);
+}
+
+static inline isc_result_t
+query_newnamebuf(ns_client_t *client) {
+ isc_buffer_t *dbuf;
+ isc_result_t result;
+
+ CTRACE("query_newnamebuf");
+ /*%
+ * Allocate a name buffer.
+ */
+
+ dbuf = NULL;
+ result = isc_buffer_allocate(client->mctx, &dbuf, 1024);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_newnamebuf: isc_buffer_allocate failed: done");
+ return (result);
+ }
+ ISC_LIST_APPEND(client->query.namebufs, dbuf, link);
+
+ CTRACE("query_newnamebuf: done");
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_buffer_t *
+query_getnamebuf(ns_client_t *client) {
+ isc_buffer_t *dbuf;
+ isc_result_t result;
+ isc_region_t r;
+
+ CTRACE("query_getnamebuf");
+ /*%
+ * Return a name buffer with space for a maximal name, allocating
+ * a new one if necessary.
+ */
+
+ if (ISC_LIST_EMPTY(client->query.namebufs)) {
+ result = query_newnamebuf(client);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_getnamebuf: query_newnamebuf failed: done");
+ return (NULL);
+ }
+ }
+
+ dbuf = ISC_LIST_TAIL(client->query.namebufs);
+ INSIST(dbuf != NULL);
+ isc_buffer_availableregion(dbuf, &r);
+ if (r.length < 255) {
+ result = query_newnamebuf(client);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_getnamebuf: query_newnamebuf failed: done");
+ return (NULL);
+
+ }
+ dbuf = ISC_LIST_TAIL(client->query.namebufs);
+ isc_buffer_availableregion(dbuf, &r);
+ INSIST(r.length >= 255);
+ }
+ CTRACE("query_getnamebuf: done");
+ return (dbuf);
+}
+
+static inline void
+query_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) {
+ isc_region_t r;
+
+ CTRACE("query_keepname");
+ /*%
+ * 'name' is using space in 'dbuf', but 'dbuf' has not yet been
+ * adjusted to take account of that. We do the adjustment.
+ */
+
+ REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
+
+ dns_name_toregion(name, &r);
+ isc_buffer_add(dbuf, r.length);
+ dns_name_setbuffer(name, NULL);
+ client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
+}
+
+static inline void
+query_releasename(ns_client_t *client, dns_name_t **namep) {
+ dns_name_t *name = *namep;
+
+ /*%
+ * 'name' is no longer needed. Return it to our pool of temporary
+ * names. If it is using a name buffer, relinquish its exclusive
+ * rights on the buffer.
+ */
+
+ CTRACE("query_releasename");
+ if (dns_name_hasbuffer(name)) {
+ INSIST((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
+ != 0);
+ client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
+ }
+ dns_message_puttempname(client->message, namep);
+ CTRACE("query_releasename: done");
+}
+
+static inline dns_name_t *
+query_newname(ns_client_t *client, isc_buffer_t *dbuf,
+ isc_buffer_t *nbuf)
+{
+ dns_name_t *name;
+ isc_region_t r;
+ isc_result_t result;
+
+ REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
+
+ CTRACE("query_newname");
+ name = NULL;
+ result = dns_message_gettempname(client->message, &name);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_newname: dns_message_gettempname failed: done");
+ return (NULL);
+ }
+ isc_buffer_availableregion(dbuf, &r);
+ isc_buffer_init(nbuf, r.base, r.length);
+ dns_name_init(name, NULL);
+ dns_name_setbuffer(name, nbuf);
+ client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
+
+ CTRACE("query_newname: done");
+ return (name);
+}
+
+static inline dns_rdataset_t *
+query_newrdataset(ns_client_t *client) {
+ dns_rdataset_t *rdataset;
+ isc_result_t result;
+
+ CTRACE("query_newrdataset");
+ rdataset = NULL;
+ result = dns_message_gettemprdataset(client->message, &rdataset);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_newrdataset: "
+ "dns_message_gettemprdataset failed: done");
+ return (NULL);
+ }
+ dns_rdataset_init(rdataset);
+
+ CTRACE("query_newrdataset: done");
+ return (rdataset);
+}
+
+static inline void
+query_putrdataset(ns_client_t *client, dns_rdataset_t **rdatasetp) {
+ dns_rdataset_t *rdataset = *rdatasetp;
+
+ CTRACE("query_putrdataset");
+ if (rdataset != NULL) {
+ if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+ dns_message_puttemprdataset(client->message, rdatasetp);
+ }
+ CTRACE("query_putrdataset: done");
+}
+
+
+static inline isc_result_t
+query_newdbversion(ns_client_t *client, unsigned int n) {
+ unsigned int i;
+ ns_dbversion_t *dbversion;
+
+ for (i = 0; i < n; i++) {
+ dbversion = isc_mem_get(client->mctx, sizeof(*dbversion));
+ if (dbversion != NULL) {
+ dbversion->db = NULL;
+ dbversion->version = NULL;
+ ISC_LIST_INITANDAPPEND(client->query.freeversions,
+ dbversion, link);
+ } else {
+ /*
+ * We only return ISC_R_NOMEMORY if we couldn't
+ * allocate anything.
+ */
+ if (i == 0)
+ return (ISC_R_NOMEMORY);
+ else
+ return (ISC_R_SUCCESS);
+ }
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline ns_dbversion_t *
+query_getdbversion(ns_client_t *client) {
+ isc_result_t result;
+ ns_dbversion_t *dbversion;
+
+ if (ISC_LIST_EMPTY(client->query.freeversions)) {
+ result = query_newdbversion(client, 1);
+ if (result != ISC_R_SUCCESS)
+ return (NULL);
+ }
+ dbversion = ISC_LIST_HEAD(client->query.freeversions);
+ INSIST(dbversion != NULL);
+ ISC_LIST_UNLINK(client->query.freeversions, dbversion, link);
+
+ return (dbversion);
+}
+
+isc_result_t
+ns_query_init(ns_client_t *client) {
+ isc_result_t result;
+
+ ISC_LIST_INIT(client->query.namebufs);
+ ISC_LIST_INIT(client->query.activeversions);
+ ISC_LIST_INIT(client->query.freeversions);
+ client->query.restarts = 0;
+ client->query.timerset = ISC_FALSE;
+ client->query.qname = NULL;
+ result = isc_mutex_init(&client->query.fetchlock);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ client->query.fetch = NULL;
+ client->query.authdb = NULL;
+ client->query.authzone = NULL;
+ client->query.authdbset = ISC_FALSE;
+ client->query.isreferral = ISC_FALSE;
+ query_reset(client, ISC_FALSE);
+ result = query_newdbversion(client, 3);
+ if (result != ISC_R_SUCCESS) {
+ DESTROYLOCK(&client->query.fetchlock);
+ return (result);
+ }
+ result = query_newnamebuf(client);
+ if (result != ISC_R_SUCCESS)
+ query_freefreeversions(client, ISC_TRUE);
+
+ return (result);
+}
+
+static inline ns_dbversion_t *
+query_findversion(ns_client_t *client, dns_db_t *db,
+ isc_boolean_t *newzonep)
+{
+ ns_dbversion_t *dbversion;
+
+ /*%
+ * We may already have done a query related to this
+ * database. If so, we must be sure to make subsequent
+ * queries from the same version.
+ */
+ for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
+ dbversion != NULL;
+ dbversion = ISC_LIST_NEXT(dbversion, link)) {
+ if (dbversion->db == db)
+ break;
+ }
+
+ if (dbversion == NULL) {
+ /*
+ * This is a new zone for this query. Add it to
+ * the active list.
+ */
+ dbversion = query_getdbversion(client);
+ if (dbversion == NULL)
+ return (NULL);
+ dns_db_attach(db, &dbversion->db);
+ dns_db_currentversion(db, &dbversion->version);
+ dbversion->queryok = ISC_FALSE;
+ ISC_LIST_APPEND(client->query.activeversions,
+ dbversion, link);
+ *newzonep = ISC_TRUE;
+ } else
+ *newzonep = ISC_FALSE;
+
+ return (dbversion);
+}
+
+static inline isc_result_t
+query_validatezonedb(ns_client_t *client, dns_name_t *name,
+ dns_rdatatype_t qtype, unsigned int options,
+ dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t **versionp)
+{
+ isc_result_t result;
+ isc_boolean_t check_acl, new_zone;
+ dns_acl_t *queryacl;
+ ns_dbversion_t *dbversion;
+
+ REQUIRE(zone != NULL);
+ REQUIRE(db != NULL);
+
+ /*
+ * This limits our searching to the zone where the first name
+ * (the query target) was looked for. This prevents following
+ * CNAMES or DNAMES into other zones and prevents returning
+ * additional data from other zones.
+ */
+ if (!client->view->additionalfromauth &&
+ client->query.authdbset &&
+ db != client->query.authdb)
+ goto refuse;
+
+ /*
+ * If the zone has an ACL, we'll check it, otherwise
+ * we use the view's "allow-query" ACL. Each ACL is only checked
+ * once per query.
+ *
+ * Also, get the database version to use.
+ */
+
+ check_acl = ISC_TRUE; /* Keep compiler happy. */
+ queryacl = NULL;
+
+ /*
+ * Get the current version of this database.
+ */
+ dbversion = query_findversion(client, db, &new_zone);
+ if (dbversion == NULL) {
+ result = DNS_R_SERVFAIL;
+ goto fail;
+ }
+ if (new_zone) {
+ check_acl = ISC_TRUE;
+ } else if (!dbversion->queryok) {
+ goto refuse;
+ } else {
+ check_acl = ISC_FALSE;
+ }
+
+ queryacl = dns_zone_getqueryacl(zone);
+ if (queryacl == NULL) {
+ queryacl = client->view->queryacl;
+ if ((client->query.attributes &
+ NS_QUERYATTR_QUERYOKVALID) != 0) {
+ /*
+ * We've evaluated the view's queryacl already. If
+ * NS_QUERYATTR_QUERYOK is set, then the client is
+ * allowed to make queries, otherwise the query should
+ * be refused.
+ */
+ check_acl = ISC_FALSE;
+ if ((client->query.attributes &
+ NS_QUERYATTR_QUERYOK) == 0)
+ goto refuse;
+ } else {
+ /*
+ * We haven't evaluated the view's queryacl yet.
+ */
+ check_acl = ISC_TRUE;
+ }
+ }
+
+ if (check_acl) {
+ isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0);
+
+ result = ns_client_checkaclsilent(client, NULL, queryacl,
+ ISC_TRUE);
+ if (log) {
+ char msg[NS_CLIENT_ACLMSGSIZE("query")];
+ if (result == ISC_R_SUCCESS) {
+ if (isc_log_wouldlog(ns_g_lctx,
+ ISC_LOG_DEBUG(3)))
+ {
+ ns_client_aclmsg("query", name, qtype,
+ client->view->rdclass,
+ msg, sizeof(msg));
+ ns_client_log(client,
+ DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_DEBUG(3),
+ "%s approved", msg);
+ }
+ } else {
+ ns_client_aclmsg("query", name, qtype,
+ client->view->rdclass,
+ msg, sizeof(msg));
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY, ISC_LOG_INFO,
+ "%s denied", msg);
+ }
+ }
+
+ if (queryacl == client->view->queryacl) {
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * We were allowed by the default
+ * "allow-query" ACL. Remember this so we
+ * don't have to check again.
+ */
+ client->query.attributes |=
+ NS_QUERYATTR_QUERYOK;
+ }
+ /*
+ * We've now evaluated the view's query ACL, and
+ * the NS_QUERYATTR_QUERYOK attribute is now valid.
+ */
+ client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
+ }
+
+ if (result != ISC_R_SUCCESS)
+ goto refuse;
+ }
+
+ /* Approved. */
+
+ /*
+ * Remember the result of the ACL check so we
+ * don't have to check again.
+ */
+ dbversion->queryok = ISC_TRUE;
+
+ /* Transfer ownership, if necessary. */
+ if (versionp != NULL)
+ *versionp = dbversion->version;
+
+ return (ISC_R_SUCCESS);
+
+ refuse:
+ return (DNS_R_REFUSED);
+
+ fail:
+ return (result);
+}
+
+static inline isc_result_t
+query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
+ unsigned int options, dns_zone_t **zonep, dns_db_t **dbp,
+ dns_dbversion_t **versionp)
+{
+ isc_result_t result;
+ unsigned int ztoptions;
+ dns_zone_t *zone = NULL;
+ dns_db_t *db = NULL;
+ isc_boolean_t partial = ISC_FALSE;
+
+ REQUIRE(zonep != NULL && *zonep == NULL);
+ REQUIRE(dbp != NULL && *dbp == NULL);
+
+ /*%
+ * Find a zone database to answer the query.
+ */
+ ztoptions = ((options & DNS_GETDB_NOEXACT) != 0) ?
+ DNS_ZTFIND_NOEXACT : 0;
+
+ result = dns_zt_find(client->view->zonetable, name, ztoptions, NULL,
+ &zone);
+ if (result == DNS_R_PARTIALMATCH)
+ partial = ISC_TRUE;
+ if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
+ result = dns_zone_getdb(zone, &db);
+
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+
+ result = query_validatezonedb(client, name, qtype, options, zone, db,
+ versionp);
+
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+
+ /* Transfer ownership. */
+ *zonep = zone;
+ *dbp = db;
+
+ if (partial && (options & DNS_GETDB_PARTIAL) != 0)
+ return (DNS_R_PARTIALMATCH);
+ return (ISC_R_SUCCESS);
+
+ fail:
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ if (db != NULL)
+ dns_db_detach(&db);
+
+ return (result);
+}
+
+static inline isc_result_t
+query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
+ dns_db_t **dbp, unsigned int options)
+{
+ isc_result_t result;
+ isc_boolean_t check_acl;
+ dns_db_t *db = NULL;
+
+ REQUIRE(dbp != NULL && *dbp == NULL);
+
+ /*%
+ * Find a cache database to answer the query.
+ * This may fail with DNS_R_REFUSED if the client
+ * is not allowed to use the cache.
+ */
+
+ if (!USECACHE(client))
+ return (DNS_R_REFUSED);
+ dns_db_attach(client->view->cachedb, &db);
+
+ if ((client->query.attributes &
+ NS_QUERYATTR_QUERYOKVALID) != 0) {
+ /*
+ * We've evaluated the view's queryacl already. If
+ * NS_QUERYATTR_QUERYOK is set, then the client is
+ * allowed to make queries, otherwise the query should
+ * be refused.
+ */
+ check_acl = ISC_FALSE;
+ if ((client->query.attributes &
+ NS_QUERYATTR_QUERYOK) == 0)
+ goto refuse;
+ } else {
+ /*
+ * We haven't evaluated the view's queryacl yet.
+ */
+ check_acl = ISC_TRUE;
+ }
+
+ if (check_acl) {
+ isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0);
+ char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")];
+
+ result = ns_client_checkaclsilent(client, NULL,
+ client->view->queryacl,
+ ISC_TRUE);
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * We were allowed by the default
+ * "allow-query" ACL. Remember this so we
+ * don't have to check again.
+ */
+ client->query.attributes |=
+ NS_QUERYATTR_QUERYOK;
+ if (log && isc_log_wouldlog(ns_g_lctx,
+ ISC_LOG_DEBUG(3)))
+ {
+ ns_client_aclmsg("query (cache)", name, qtype,
+ client->view->rdclass,
+ msg, sizeof(msg));
+ ns_client_log(client,
+ DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_DEBUG(3),
+ "%s approved", msg);
+ }
+ } else if (log) {
+ ns_client_aclmsg("query (cache)", name, qtype,
+ client->view->rdclass, msg,
+ sizeof(msg));
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY, ISC_LOG_INFO,
+ "%s denied", msg);
+ }
+ /*
+ * We've now evaluated the view's query ACL, and
+ * the NS_QUERYATTR_QUERYOK attribute is now valid.
+ */
+ client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
+
+ if (result != ISC_R_SUCCESS)
+ goto refuse;
+ }
+
+ /* Approved. */
+
+ /* Transfer ownership. */
+ *dbp = db;
+
+ return (ISC_R_SUCCESS);
+
+ refuse:
+ result = DNS_R_REFUSED;
+
+ if (db != NULL)
+ dns_db_detach(&db);
+
+ return (result);
+}
+
+
+static inline isc_result_t
+query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
+ unsigned int options, dns_zone_t **zonep, dns_db_t **dbp,
+ dns_dbversion_t **versionp, isc_boolean_t *is_zonep)
+{
+ isc_result_t result;
+
+#ifdef DLZ
+ isc_result_t tresult;
+ unsigned int namelabels;
+ unsigned int zonelabels;
+ dns_zone_t *zone = NULL;
+ dns_db_t *tdbp;
+
+ REQUIRE(zonep != NULL && *zonep == NULL);
+
+ tdbp = NULL;
+
+ /* Calculate how many labels are in name. */
+ namelabels = dns_name_countlabels(name);
+ zonelabels = 0;
+
+ /* Try to find name in bind's standard database. */
+ result = query_getzonedb(client, name, qtype, options, &zone,
+ dbp, versionp);
+
+ /* See how many labels are in the zone's name. */
+ if (result == ISC_R_SUCCESS && zone != NULL)
+ zonelabels = dns_name_countlabels(dns_zone_getorigin(zone));
+ /*
+ * If # zone labels < # name labels, try to find an even better match
+ * Only try if a DLZ driver is loaded for this view
+ */
+ if (zonelabels < namelabels && client->view->dlzdatabase != NULL) {
+ tresult = dns_dlzfindzone(client->view, name,
+ zonelabels, &tdbp);
+ /* If we successful, we found a better match. */
+ if (tresult == ISC_R_SUCCESS) {
+ /*
+ * If the previous search returned a zone, detach it.
+ */
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+
+ /*
+ * If the previous search returned a database,
+ * detach it.
+ */
+ if (*dbp != NULL)
+ dns_db_detach(dbp);
+
+ /*
+ * If the previous search returned a version, clear it.
+ */
+ *versionp = NULL;
+
+ /*
+ * Get our database version.
+ */
+ dns_db_currentversion(tdbp, versionp);
+
+ /*
+ * Be sure to return our database.
+ */
+ *dbp = tdbp;
+
+ /*
+ * We return a null zone, No stats for DLZ zones.
+ */
+ zone = NULL;
+ result = tresult;
+ }
+ }
+#else
+ result = query_getzonedb(client, name, qtype, options,
+ zonep, dbp, versionp);
+#endif
+
+ /* If successfull, Transfer ownership of zone. */
+ if (result == ISC_R_SUCCESS) {
+#ifdef DLZ
+ *zonep = zone;
+#endif
+ /*
+ * If neither attempt above succeeded, return the cache instead
+ */
+ *is_zonep = ISC_TRUE;
+ } else if (result == ISC_R_NOTFOUND) {
+ result = query_getcachedb(client, name, qtype, dbp, options);
+ *is_zonep = ISC_FALSE;
+ }
+ return (result);
+}
+
+static inline isc_boolean_t
+query_isduplicate(ns_client_t *client, dns_name_t *name,
+ dns_rdatatype_t type, dns_name_t **mnamep)
+{
+ dns_section_t section;
+ dns_name_t *mname = NULL;
+ isc_result_t result;
+
+ CTRACE("query_isduplicate");
+
+ for (section = DNS_SECTION_ANSWER;
+ section <= DNS_SECTION_ADDITIONAL;
+ section++) {
+ result = dns_message_findname(client->message, section,
+ name, type, 0, &mname, NULL);
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * We've already got this RRset in the response.
+ */
+ CTRACE("query_isduplicate: true: done");
+ return (ISC_TRUE);
+ } else if (result == DNS_R_NXRRSET) {
+ /*
+ * The name exists, but the rdataset does not.
+ */
+ if (section == DNS_SECTION_ADDITIONAL)
+ break;
+ } else
+ RUNTIME_CHECK(result == DNS_R_NXDOMAIN);
+ mname = NULL;
+ }
+
+ /*
+ * If the dns_name_t we're looking up is already in the message,
+ * we don't want to trigger the caller's name replacement logic.
+ */
+ if (name == mname)
+ mname = NULL;
+
+ *mnamep = mname;
+
+ CTRACE("query_isduplicate: false: done");
+ return (ISC_FALSE);
+}
+
+static isc_result_t
+query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
+ ns_client_t *client = arg;
+ isc_result_t result, eresult;
+ dns_dbnode_t *node;
+ dns_db_t *db;
+ dns_name_t *fname, *mname;
+ dns_rdataset_t *rdataset, *sigrdataset, *trdataset;
+ isc_buffer_t *dbuf;
+ isc_buffer_t b;
+ dns_dbversion_t *version;
+ isc_boolean_t added_something, need_addname;
+ dns_zone_t *zone;
+ dns_rdatatype_t type;
+
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(qtype != dns_rdatatype_any);
+
+ if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype))
+ return (ISC_R_SUCCESS);
+
+ CTRACE("query_addadditional");
+
+ /*
+ * Initialization.
+ */
+ eresult = ISC_R_SUCCESS;
+ fname = NULL;
+ rdataset = NULL;
+ sigrdataset = NULL;
+ trdataset = NULL;
+ db = NULL;
+ version = NULL;
+ node = NULL;
+ added_something = ISC_FALSE;
+ need_addname = ISC_FALSE;
+ zone = NULL;
+
+ /*
+ * We treat type A additional section processing as if it
+ * were "any address type" additional section processing.
+ * To avoid multiple lookups, we do an 'any' database
+ * lookup and iterate over the node.
+ */
+ if (qtype == dns_rdatatype_a)
+ type = dns_rdatatype_any;
+ else
+ type = qtype;
+
+ /*
+ * Get some resources.
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ rdataset = query_newrdataset(client);
+ if (fname == NULL || rdataset == NULL)
+ goto cleanup;
+ if (WANTDNSSEC(client)) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL)
+ goto cleanup;
+ }
+
+ /*
+ * Look for a zone database that might contain authoritative
+ * additional data.
+ */
+ result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG,
+ &zone, &db, &version);
+ if (result != ISC_R_SUCCESS)
+ goto try_cache;
+
+ CTRACE("query_addadditional: db_find");
+
+ /*
+ * Since we are looking for authoritative data, we do not set
+ * the GLUEOK flag. Glue will be looked for later, but not
+ * necessarily in the same database.
+ */
+ node = NULL;
+ result = dns_db_find(db, name, version, type, client->query.dboptions,
+ client->now, &node, fname, rdataset,
+ sigrdataset);
+ if (result == ISC_R_SUCCESS) {
+ if (sigrdataset != NULL && !dns_db_issecure(db) &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ goto found;
+ }
+
+ if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ version = NULL;
+ dns_db_detach(&db);
+
+ /*
+ * No authoritative data was found. The cache is our next best bet.
+ */
+
+ try_cache:
+ result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG);
+ if (result != ISC_R_SUCCESS)
+ /*
+ * Most likely the client isn't allowed to query the cache.
+ */
+ goto try_glue;
+ /*
+ * Attempt to validate glue.
+ */
+ if (sigrdataset == NULL) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL)
+ goto cleanup;
+ }
+ result = dns_db_find(db, name, version, type,
+ client->query.dboptions | DNS_DBFIND_GLUEOK,
+ client->now, &node, fname, rdataset,
+ sigrdataset);
+ if (result == DNS_R_GLUE &&
+ validate(client, db, fname, rdataset, sigrdataset))
+ result = ISC_R_SUCCESS;
+ if (!WANTDNSSEC(client))
+ query_putrdataset(client, &sigrdataset);
+ if (result == ISC_R_SUCCESS)
+ goto found;
+
+ if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ dns_db_detach(&db);
+
+ try_glue:
+ /*
+ * No cached data was found. Glue is our last chance.
+ * RFC1035 sayeth:
+ *
+ * NS records cause both the usual additional section
+ * processing to locate a type A record, and, when used
+ * in a referral, a special search of the zone in which
+ * they reside for glue information.
+ *
+ * This is the "special search". Note that we must search
+ * the zone where the NS record resides, not the zone it
+ * points to, and that we only do the search in the delegation
+ * case (identified by client->query.gluedb being set).
+ */
+
+ if (client->query.gluedb == NULL)
+ goto cleanup;
+
+ /*
+ * Don't poision caches using the bailiwick protection model.
+ */
+ if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb)))
+ goto cleanup;
+
+ dns_db_attach(client->query.gluedb, &db);
+ result = dns_db_find(db, name, version, type,
+ client->query.dboptions | DNS_DBFIND_GLUEOK,
+ client->now, &node, fname, rdataset,
+ sigrdataset);
+ if (!(result == ISC_R_SUCCESS ||
+ result == DNS_R_ZONECUT ||
+ result == DNS_R_GLUE))
+ goto cleanup;
+
+ found:
+ /*
+ * We have found a potential additional data rdataset, or
+ * at least a node to iterate over.
+ */
+ query_keepname(client, fname, dbuf);
+
+ /*
+ * If we have an rdataset, add it to the additional data
+ * section.
+ */
+ mname = NULL;
+ if (dns_rdataset_isassociated(rdataset) &&
+ !query_isduplicate(client, fname, type, &mname)) {
+ if (mname != NULL) {
+ query_releasename(client, &fname);
+ fname = mname;
+ } else
+ need_addname = ISC_TRUE;
+ ISC_LIST_APPEND(fname->list, rdataset, link);
+ trdataset = rdataset;
+ rdataset = NULL;
+ added_something = ISC_TRUE;
+ /*
+ * Note: we only add SIGs if we've added the type they cover,
+ * so we do not need to check if the SIG rdataset is already
+ * in the response.
+ */
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ {
+ ISC_LIST_APPEND(fname->list, sigrdataset, link);
+ sigrdataset = NULL;
+ }
+ }
+
+ if (qtype == dns_rdatatype_a) {
+ /*
+ * We now go looking for A and AAAA records, along with
+ * their signatures.
+ *
+ * XXXRTH This code could be more efficient.
+ */
+ if (rdataset != NULL) {
+ if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+ } else {
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL)
+ goto addname;
+ }
+ if (sigrdataset != NULL) {
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ } else if (WANTDNSSEC(client)) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL)
+ goto addname;
+ }
+ result = dns_db_findrdataset(db, node, version,
+ dns_rdatatype_a, 0,
+ client->now, rdataset,
+ sigrdataset);
+ if (result == DNS_R_NCACHENXDOMAIN)
+ goto addname;
+ if (result == DNS_R_NCACHENXRRSET) {
+ dns_rdataset_disassociate(rdataset);
+ /*
+ * Negative cache entries don't have sigrdatasets.
+ */
+ INSIST(sigrdataset == NULL ||
+ ! dns_rdataset_isassociated(sigrdataset));
+ }
+ if (result == ISC_R_SUCCESS) {
+ mname = NULL;
+ if (!query_isduplicate(client, fname,
+ dns_rdatatype_a, &mname)) {
+ if (mname != NULL) {
+ query_releasename(client, &fname);
+ fname = mname;
+ } else
+ need_addname = ISC_TRUE;
+ ISC_LIST_APPEND(fname->list, rdataset, link);
+ added_something = ISC_TRUE;
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ {
+ ISC_LIST_APPEND(fname->list,
+ sigrdataset, link);
+ sigrdataset =
+ query_newrdataset(client);
+ }
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL)
+ goto addname;
+ if (WANTDNSSEC(client) && sigrdataset == NULL)
+ goto addname;
+ } else {
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ }
+ }
+ result = dns_db_findrdataset(db, node, version,
+ dns_rdatatype_aaaa, 0,
+ client->now, rdataset,
+ sigrdataset);
+ if (result == DNS_R_NCACHENXDOMAIN)
+ goto addname;
+ if (result == DNS_R_NCACHENXRRSET) {
+ dns_rdataset_disassociate(rdataset);
+ INSIST(sigrdataset == NULL ||
+ ! dns_rdataset_isassociated(sigrdataset));
+ }
+ if (result == ISC_R_SUCCESS) {
+ mname = NULL;
+ if (!query_isduplicate(client, fname,
+ dns_rdatatype_aaaa, &mname)) {
+ if (mname != NULL) {
+ query_releasename(client, &fname);
+ fname = mname;
+ } else
+ need_addname = ISC_TRUE;
+ ISC_LIST_APPEND(fname->list, rdataset, link);
+ added_something = ISC_TRUE;
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ {
+ ISC_LIST_APPEND(fname->list,
+ sigrdataset, link);
+ sigrdataset = NULL;
+ }
+ rdataset = NULL;
+ }
+ }
+ }
+
+ addname:
+ CTRACE("query_addadditional: addname");
+ /*
+ * If we haven't added anything, then we're done.
+ */
+ if (!added_something)
+ goto cleanup;
+
+ /*
+ * We may have added our rdatasets to an existing name, if so, then
+ * need_addname will be ISC_FALSE. Whether we used an existing name
+ * or a new one, we must set fname to NULL to prevent cleanup.
+ */
+ if (need_addname)
+ dns_message_addname(client->message, fname,
+ DNS_SECTION_ADDITIONAL);
+ fname = NULL;
+
+ /*
+ * In a few cases, we want to add additional data for additional
+ * data. It's simpler to just deal with special cases here than
+ * to try to create a general purpose mechanism and allow the
+ * rdata implementations to do it themselves.
+ *
+ * This involves recursion, but the depth is limited. The
+ * most complex case is adding a SRV rdataset, which involves
+ * recursing to add address records, which in turn can cause
+ * recursion to add KEYs.
+ */
+ if (type == dns_rdatatype_srv && trdataset != NULL) {
+ /*
+ * If we're adding SRV records to the additional data
+ * section, it's helpful if we add the SRV additional data
+ * as well.
+ */
+ eresult = dns_rdataset_additionaldata(trdataset,
+ query_addadditional,
+ client);
+ }
+
+ cleanup:
+ CTRACE("query_addadditional: cleanup");
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+
+ CTRACE("query_addadditional: done");
+ return (eresult);
+}
+
+static inline void
+query_discardcache(ns_client_t *client, dns_rdataset_t *rdataset_base,
+ dns_rdatasetadditional_t additionaltype,
+ dns_rdatatype_t type, dns_zone_t **zonep, dns_db_t **dbp,
+ dns_dbversion_t **versionp, dns_dbnode_t **nodep,
+ dns_name_t *fname)
+{
+ dns_rdataset_t *rdataset;
+
+ while ((rdataset = ISC_LIST_HEAD(fname->list)) != NULL) {
+ ISC_LIST_UNLINK(fname->list, rdataset, link);
+ query_putrdataset(client, &rdataset);
+ }
+ if (*versionp != NULL)
+ dns_db_closeversion(*dbp, versionp, ISC_FALSE);
+ if (*nodep != NULL)
+ dns_db_detachnode(*dbp, nodep);
+ if (*dbp != NULL)
+ dns_db_detach(dbp);
+ if (*zonep != NULL)
+ dns_zone_detach(zonep);
+ (void)dns_rdataset_putadditional(client->view->acache, rdataset_base,
+ additionaltype, type);
+}
+
+static inline isc_result_t
+query_iscachevalid(dns_zone_t *zone, dns_db_t *db, dns_db_t *db0,
+ dns_dbversion_t *version)
+{
+ isc_result_t result = ISC_R_SUCCESS;
+ dns_dbversion_t *version_current = NULL;
+ dns_db_t *db_current = db0;
+
+ if (db_current == NULL) {
+ result = dns_zone_getdb(zone, &db_current);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ dns_db_currentversion(db_current, &version_current);
+ if (db_current != db || version_current != version) {
+ result = ISC_R_FAILURE;
+ goto cleanup;
+ }
+
+ cleanup:
+ dns_db_closeversion(db_current, &version_current, ISC_FALSE);
+ if (db0 == NULL && db_current != NULL)
+ dns_db_detach(&db_current);
+
+ return (result);
+}
+
+static isc_result_t
+query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
+ client_additionalctx_t *additionalctx = arg;
+ dns_rdataset_t *rdataset_base;
+ ns_client_t *client;
+ isc_result_t result, eresult;
+ dns_dbnode_t *node, *cnode;
+ dns_db_t *db, *cdb;
+ dns_name_t *fname, *mname0, cfname;
+ dns_rdataset_t *rdataset, *sigrdataset;
+ dns_rdataset_t *crdataset, *crdataset_next;
+ isc_buffer_t *dbuf;
+ isc_buffer_t b;
+ dns_dbversion_t *version, *cversion;
+ isc_boolean_t added_something, need_addname, needadditionalcache;
+ isc_boolean_t need_sigrrset;
+ dns_zone_t *zone;
+ dns_rdatatype_t type;
+ dns_rdatasetadditional_t additionaltype;
+
+ if (qtype != dns_rdatatype_a) {
+ /*
+ * This function is optimized for "address" types. For other
+ * types, use a generic routine.
+ * XXX: ideally, this function should be generic enough.
+ */
+ return (query_addadditional(additionalctx->client,
+ name, qtype));
+ }
+
+ /*
+ * Initialization.
+ */
+ rdataset_base = additionalctx->rdataset;
+ client = additionalctx->client;
+ REQUIRE(NS_CLIENT_VALID(client));
+ eresult = ISC_R_SUCCESS;
+ fname = NULL;
+ rdataset = NULL;
+ sigrdataset = NULL;
+ db = NULL;
+ cdb = NULL;
+ version = NULL;
+ cversion = NULL;
+ node = NULL;
+ cnode = NULL;
+ added_something = ISC_FALSE;
+ need_addname = ISC_FALSE;
+ zone = NULL;
+ needadditionalcache = ISC_FALSE;
+ additionaltype = dns_rdatasetadditional_fromauth;
+ dns_name_init(&cfname, NULL);
+
+ CTRACE("query_addadditional2");
+
+ /*
+ * We treat type A additional section processing as if it
+ * were "any address type" additional section processing.
+ * To avoid multiple lookups, we do an 'any' database
+ * lookup and iterate over the node.
+ * XXXJT: this approach can cause a suboptimal result when the cache
+ * DB only has partial address types and the glue DB has remaining
+ * ones.
+ */
+ type = dns_rdatatype_any;
+
+ /*
+ * Get some resources.
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ if (fname == NULL)
+ goto cleanup;
+ dns_name_setbuffer(&cfname, &b); /* share the buffer */
+
+ /* Check additional cache */
+ result = dns_rdataset_getadditional(rdataset_base, additionaltype,
+ type, client->view->acache, &zone,
+ &cdb, &cversion, &cnode, &cfname,
+ client->message, client->now);
+ if (result != ISC_R_SUCCESS)
+ goto findauthdb;
+ if (zone == NULL) {
+ CTRACE("query_addadditional2: auth zone not found");
+ goto try_cache;
+ }
+
+ /* Is the cached DB up-to-date? */
+ result = query_iscachevalid(zone, cdb, NULL, cversion);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_addadditional2: old auth additional cache");
+ query_discardcache(client, rdataset_base, additionaltype,
+ type, &zone, &cdb, &cversion, &cnode,
+ &cfname);
+ goto findauthdb;
+ }
+
+ if (cnode == NULL) {
+ /*
+ * We have a negative cache. We don't have to check the zone
+ * ACL, since the result (not using this zone) would be same
+ * regardless of the result.
+ */
+ CTRACE("query_addadditional2: negative auth additional cache");
+ dns_db_closeversion(cdb, &cversion, ISC_FALSE);
+ dns_db_detach(&cdb);
+ dns_zone_detach(&zone);
+ goto try_cache;
+ }
+
+ result = query_validatezonedb(client, name, qtype, DNS_GETDB_NOLOG,
+ zone, cdb, NULL);
+ if (result != ISC_R_SUCCESS) {
+ query_discardcache(client, rdataset_base, additionaltype,
+ type, &zone, &cdb, &cversion, &cnode,
+ &cfname);
+ goto try_cache;
+ }
+
+ /* We've got an active cache. */
+ CTRACE("query_addadditional2: auth additional cache");
+ dns_db_closeversion(cdb, &cversion, ISC_FALSE);
+ db = cdb;
+ node = cnode;
+ dns_name_clone(&cfname, fname);
+ query_keepname(client, fname, dbuf);
+ goto foundcache;
+
+ /*
+ * Look for a zone database that might contain authoritative
+ * additional data.
+ */
+ findauthdb:
+ result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG,
+ &zone, &db, &version);
+ if (result != ISC_R_SUCCESS) {
+ /* Cache the negative result */
+ (void)dns_rdataset_setadditional(rdataset_base, additionaltype,
+ type, client->view->acache,
+ NULL, NULL, NULL, NULL,
+ NULL);
+ goto try_cache;
+ }
+
+ CTRACE("query_addadditional2: db_find");
+
+ /*
+ * Since we are looking for authoritative data, we do not set
+ * the GLUEOK flag. Glue will be looked for later, but not
+ * necessarily in the same database.
+ */
+ node = NULL;
+ result = dns_db_find(db, name, version, type, client->query.dboptions,
+ client->now, &node, fname, NULL, NULL);
+ if (result == ISC_R_SUCCESS)
+ goto found;
+
+ /* Cache the negative result */
+ (void)dns_rdataset_setadditional(rdataset_base, additionaltype,
+ type, client->view->acache, zone, db,
+ version, NULL, fname);
+
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ version = NULL;
+ dns_db_detach(&db);
+
+ /*
+ * No authoritative data was found. The cache is our next best bet.
+ */
+
+ try_cache:
+ additionaltype = dns_rdatasetadditional_fromcache;
+ result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG);
+ if (result != ISC_R_SUCCESS)
+ /*
+ * Most likely the client isn't allowed to query the cache.
+ */
+ goto try_glue;
+
+ result = dns_db_find(db, name, version, type,
+ client->query.dboptions | DNS_DBFIND_GLUEOK,
+ client->now, &node, fname, NULL, NULL);
+ if (result == ISC_R_SUCCESS)
+ goto found;
+
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ dns_db_detach(&db);
+
+ try_glue:
+ /*
+ * No cached data was found. Glue is our last chance.
+ * RFC1035 sayeth:
+ *
+ * NS records cause both the usual additional section
+ * processing to locate a type A record, and, when used
+ * in a referral, a special search of the zone in which
+ * they reside for glue information.
+ *
+ * This is the "special search". Note that we must search
+ * the zone where the NS record resides, not the zone it
+ * points to, and that we only do the search in the delegation
+ * case (identified by client->query.gluedb being set).
+ */
+ if (client->query.gluedb == NULL)
+ goto cleanup;
+
+ /*
+ * Don't poision caches using the bailiwick protection model.
+ */
+ if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb)))
+ goto cleanup;
+
+ /* Check additional cache */
+ additionaltype = dns_rdatasetadditional_fromglue;
+ result = dns_rdataset_getadditional(rdataset_base, additionaltype,
+ type, client->view->acache, NULL,
+ &cdb, &cversion, &cnode, &cfname,
+ client->message, client->now);
+ if (result != ISC_R_SUCCESS)
+ goto findglue;
+
+ result = query_iscachevalid(zone, cdb, client->query.gluedb, cversion);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_addadditional2: old glue additional cache");
+ query_discardcache(client, rdataset_base, additionaltype,
+ type, &zone, &cdb, &cversion, &cnode,
+ &cfname);
+ goto findglue;
+ }
+
+ if (cnode == NULL) {
+ /* We have a negative cache. */
+ CTRACE("query_addadditional2: negative glue additional cache");
+ dns_db_closeversion(cdb, &cversion, ISC_FALSE);
+ dns_db_detach(&cdb);
+ goto cleanup;
+ }
+
+ /* Cache hit. */
+ CTRACE("query_addadditional2: glue additional cache");
+ dns_db_closeversion(cdb, &cversion, ISC_FALSE);
+ db = cdb;
+ node = cnode;
+ dns_name_clone(&cfname, fname);
+ query_keepname(client, fname, dbuf);
+ goto foundcache;
+
+ findglue:
+ dns_db_attach(client->query.gluedb, &db);
+ result = dns_db_find(db, name, version, type,
+ client->query.dboptions | DNS_DBFIND_GLUEOK,
+ client->now, &node, fname, NULL, NULL);
+ if (!(result == ISC_R_SUCCESS ||
+ result == DNS_R_ZONECUT ||
+ result == DNS_R_GLUE)) {
+ /* cache the negative result */
+ (void)dns_rdataset_setadditional(rdataset_base, additionaltype,
+ type, client->view->acache,
+ NULL, db, version, NULL,
+ fname);
+ goto cleanup;
+ }
+
+ found:
+ /*
+ * We have found a DB node to iterate over from a DB.
+ * We are going to look for address RRsets (i.e., A and AAAA) in the DB
+ * node we've just found. We'll then store the complete information
+ * in the additional data cache.
+ */
+ dns_name_clone(fname, &cfname);
+ query_keepname(client, fname, dbuf);
+ needadditionalcache = ISC_TRUE;
+
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL)
+ goto cleanup;
+
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL)
+ goto cleanup;
+
+ /*
+ * Find A RRset with sig RRset. Even if we don't find a sig RRset
+ * for a client using DNSSEC, we'll continue the process to make a
+ * complete list to be cached. However, we need to cancel the
+ * caching when something unexpected happens, in order to avoid
+ * caching incomplete information.
+ */
+ result = dns_db_findrdataset(db, node, version, dns_rdatatype_a, 0,
+ client->now, rdataset, sigrdataset);
+ /*
+ * If we can't promote glue/pending from the cache to secure
+ * then drop it.
+ */
+ if (result == ISC_R_SUCCESS &&
+ additionaltype == dns_rdatasetadditional_fromcache &&
+ (rdataset->trust == dns_trust_pending ||
+ rdataset->trust == dns_trust_glue) &&
+ !validate(client, db, fname, rdataset, sigrdataset)) {
+ dns_rdataset_disassociate(rdataset);
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ result = ISC_R_NOTFOUND;
+ }
+ if (result == DNS_R_NCACHENXDOMAIN)
+ goto setcache;
+ if (result == DNS_R_NCACHENXRRSET) {
+ dns_rdataset_disassociate(rdataset);
+ /*
+ * Negative cache entries don't have sigrdatasets.
+ */
+ INSIST(! dns_rdataset_isassociated(sigrdataset));
+ }
+ if (result == ISC_R_SUCCESS) {
+ /* Remember the result as a cache */
+ ISC_LIST_APPEND(cfname.list, rdataset, link);
+ if (dns_rdataset_isassociated(sigrdataset)) {
+ ISC_LIST_APPEND(cfname.list, sigrdataset, link);
+ sigrdataset = query_newrdataset(client);
+ }
+ rdataset = query_newrdataset(client);
+ if (sigrdataset == NULL || rdataset == NULL) {
+ /* do not cache incomplete information */
+ goto foundcache;
+ }
+ }
+
+ /* Find AAAA RRset with sig RRset */
+ result = dns_db_findrdataset(db, node, version, dns_rdatatype_aaaa,
+ 0, client->now, rdataset, sigrdataset);
+ /*
+ * If we can't promote glue/pending from the cache to secure
+ * then drop it.
+ */
+ if (result == ISC_R_SUCCESS &&
+ additionaltype == dns_rdatasetadditional_fromcache &&
+ (rdataset->trust == dns_trust_pending ||
+ rdataset->trust == dns_trust_glue) &&
+ !validate(client, db, fname, rdataset, sigrdataset)) {
+ dns_rdataset_disassociate(rdataset);
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ result = ISC_R_NOTFOUND;
+ }
+ if (result == ISC_R_SUCCESS) {
+ ISC_LIST_APPEND(cfname.list, rdataset, link);
+ rdataset = NULL;
+ if (dns_rdataset_isassociated(sigrdataset)) {
+ ISC_LIST_APPEND(cfname.list, sigrdataset, link);
+ sigrdataset = NULL;
+ }
+ }
+
+ setcache:
+ /*
+ * Set the new result in the cache if required. We do not support
+ * caching additional data from a cache DB.
+ */
+ if (needadditionalcache == ISC_TRUE &&
+ (additionaltype == dns_rdatasetadditional_fromauth ||
+ additionaltype == dns_rdatasetadditional_fromglue)) {
+ (void)dns_rdataset_setadditional(rdataset_base, additionaltype,
+ type, client->view->acache,
+ zone, db, version, node,
+ &cfname);
+ }
+
+ foundcache:
+ need_sigrrset = ISC_FALSE;
+ mname0 = NULL;
+ for (crdataset = ISC_LIST_HEAD(cfname.list);
+ crdataset != NULL;
+ crdataset = crdataset_next) {
+ dns_name_t *mname;
+
+ crdataset_next = ISC_LIST_NEXT(crdataset, link);
+
+ mname = NULL;
+ if (crdataset->type == dns_rdatatype_a ||
+ crdataset->type == dns_rdatatype_aaaa) {
+ if (!query_isduplicate(client, fname, crdataset->type,
+ &mname)) {
+ if (mname != NULL) {
+ /*
+ * A different type of this name is
+ * already stored in the additional
+ * section. We'll reuse the name.
+ * Note that this should happen at most
+ * once. Otherwise, fname->link could
+ * leak below.
+ */
+ INSIST(mname0 == NULL);
+
+ query_releasename(client, &fname);
+ fname = mname;
+ mname0 = mname;
+ } else
+ need_addname = ISC_TRUE;
+ ISC_LIST_UNLINK(cfname.list, crdataset, link);
+ ISC_LIST_APPEND(fname->list, crdataset, link);
+ added_something = ISC_TRUE;
+ need_sigrrset = ISC_TRUE;
+ } else
+ need_sigrrset = ISC_FALSE;
+ } else if (crdataset->type == dns_rdatatype_rrsig &&
+ need_sigrrset && WANTDNSSEC(client)) {
+ ISC_LIST_UNLINK(cfname.list, crdataset, link);
+ ISC_LIST_APPEND(fname->list, crdataset, link);
+ added_something = ISC_TRUE; /* just in case */
+ need_sigrrset = ISC_FALSE;
+ }
+ }
+
+ CTRACE("query_addadditional2: addname");
+
+ /*
+ * If we haven't added anything, then we're done.
+ */
+ if (!added_something)
+ goto cleanup;
+
+ /*
+ * We may have added our rdatasets to an existing name, if so, then
+ * need_addname will be ISC_FALSE. Whether we used an existing name
+ * or a new one, we must set fname to NULL to prevent cleanup.
+ */
+ if (need_addname)
+ dns_message_addname(client->message, fname,
+ DNS_SECTION_ADDITIONAL);
+ fname = NULL;
+
+ cleanup:
+ CTRACE("query_addadditional2: cleanup");
+
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ while ((crdataset = ISC_LIST_HEAD(cfname.list)) != NULL) {
+ ISC_LIST_UNLINK(cfname.list, crdataset, link);
+ query_putrdataset(client, &crdataset);
+ }
+ if (fname != NULL)
+ query_releasename(client, &fname);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+
+ CTRACE("query_addadditional2: done");
+ return (eresult);
+}
+
+static inline void
+query_addrdataset(ns_client_t *client, dns_name_t *fname,
+ dns_rdataset_t *rdataset)
+{
+ client_additionalctx_t additionalctx;
+
+ /*
+ * Add 'rdataset' and any pertinent additional data to
+ * 'fname', a name in the response message for 'client'.
+ */
+
+ CTRACE("query_addrdataset");
+
+ ISC_LIST_APPEND(fname->list, rdataset, link);
+
+ if (client->view->order != NULL)
+ rdataset->attributes |= dns_order_find(client->view->order,
+ fname, rdataset->type,
+ rdataset->rdclass);
+ rdataset->attributes |= DNS_RDATASETATTR_LOADORDER;
+
+ if (NOADDITIONAL(client))
+ return;
+
+ /*
+ * Add additional data.
+ *
+ * We don't care if dns_rdataset_additionaldata() fails.
+ */
+ additionalctx.client = client;
+ additionalctx.rdataset = rdataset;
+ (void)dns_rdataset_additionaldata(rdataset, query_addadditional2,
+ &additionalctx);
+ CTRACE("query_addrdataset: done");
+}
+
+static void
+query_addrrset(ns_client_t *client, dns_name_t **namep,
+ dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp,
+ isc_buffer_t *dbuf, dns_section_t section)
+{
+ dns_name_t *name, *mname;
+ dns_rdataset_t *rdataset, *mrdataset, *sigrdataset;
+ isc_result_t result;
+
+ /*%
+ * To the current response for 'client', add the answer RRset
+ * '*rdatasetp' and an optional signature set '*sigrdatasetp', with
+ * owner name '*namep', to section 'section', unless they are
+ * already there. Also add any pertinent additional data.
+ *
+ * If 'dbuf' is not NULL, then '*namep' is the name whose data is
+ * stored in 'dbuf'. In this case, query_addrrset() guarantees that
+ * when it returns the name will either have been kept or released.
+ */
+ CTRACE("query_addrrset");
+ name = *namep;
+ rdataset = *rdatasetp;
+ if (sigrdatasetp != NULL)
+ sigrdataset = *sigrdatasetp;
+ else
+ sigrdataset = NULL;
+ mname = NULL;
+ mrdataset = NULL;
+ result = dns_message_findname(client->message, section,
+ name, rdataset->type, rdataset->covers,
+ &mname, &mrdataset);
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * We've already got an RRset of the given name and type.
+ * There's nothing else to do;
+ */
+ CTRACE("query_addrrset: dns_message_findname succeeded: done");
+ if (dbuf != NULL)
+ query_releasename(client, namep);
+ return;
+ } else if (result == DNS_R_NXDOMAIN) {
+ /*
+ * The name doesn't exist.
+ */
+ if (dbuf != NULL)
+ query_keepname(client, name, dbuf);
+ dns_message_addname(client->message, name, section);
+ *namep = NULL;
+ mname = name;
+ } else {
+ RUNTIME_CHECK(result == DNS_R_NXRRSET);
+ if (dbuf != NULL)
+ query_releasename(client, namep);
+ }
+
+ if (rdataset->trust != dns_trust_secure &&
+ (section == DNS_SECTION_ANSWER ||
+ section == DNS_SECTION_AUTHORITY))
+ client->query.attributes &= ~NS_QUERYATTR_SECURE;
+ /*
+ * Note: we only add SIGs if we've added the type they cover, so
+ * we do not need to check if the SIG rdataset is already in the
+ * response.
+ */
+ query_addrdataset(client, mname, rdataset);
+ *rdatasetp = NULL;
+ if (sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset)) {
+ /*
+ * We have a signature. Add it to the response.
+ */
+ ISC_LIST_APPEND(mname->list, sigrdataset, link);
+ *sigrdatasetp = NULL;
+ }
+ CTRACE("query_addrrset: done");
+}
+
+static inline isc_result_t
+query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
+ isc_boolean_t zero_ttl)
+{
+ dns_name_t *name;
+ dns_dbnode_t *node;
+ isc_result_t result, eresult;
+ dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
+ dns_rdataset_t **sigrdatasetp = NULL;
+
+ CTRACE("query_addsoa");
+ /*
+ * Initialization.
+ */
+ eresult = ISC_R_SUCCESS;
+ name = NULL;
+ rdataset = NULL;
+ node = NULL;
+
+ /*
+ * Get resources and make 'name' be the database origin.
+ */
+ result = dns_message_gettempname(client->message, &name);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ dns_name_init(name, NULL);
+ dns_name_clone(dns_db_origin(db), name);
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL) {
+ eresult = DNS_R_SERVFAIL;
+ goto cleanup;
+ }
+ if (WANTDNSSEC(client) && dns_db_issecure(db)) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL) {
+ eresult = DNS_R_SERVFAIL;
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Find the SOA.
+ */
+ result = dns_db_getoriginnode(db, &node);
+ if (result == ISC_R_SUCCESS) {
+ result = dns_db_findrdataset(db, node, version,
+ dns_rdatatype_soa,
+ 0, client->now, rdataset,
+ sigrdataset);
+ } else {
+ dns_fixedname_t foundname;
+ dns_name_t *fname;
+
+ dns_fixedname_init(&foundname);
+ fname = dns_fixedname_name(&foundname);
+
+ result = dns_db_find(db, name, version, dns_rdatatype_soa,
+ client->query.dboptions, 0, &node,
+ fname, rdataset, sigrdataset);
+ }
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * This is bad. We tried to get the SOA RR at the zone top
+ * and it didn't work!
+ */
+ eresult = DNS_R_SERVFAIL;
+ } else {
+ /*
+ * Extract the SOA MINIMUM.
+ */
+ dns_rdata_soa_t soa;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ result = dns_rdataset_first(rdataset);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ dns_rdataset_current(rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &soa, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ if (zero_ttl) {
+ rdataset->ttl = 0;
+ if (sigrdataset != NULL)
+ sigrdataset->ttl = 0;
+ }
+
+ /*
+ * Add the SOA and its SIG to the response, with the
+ * TTLs adjusted per RFC2308 section 3.
+ */
+ if (rdataset->ttl > soa.minimum)
+ rdataset->ttl = soa.minimum;
+ if (sigrdataset != NULL && sigrdataset->ttl > soa.minimum)
+ sigrdataset->ttl = soa.minimum;
+
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
+ DNS_SECTION_AUTHORITY);
+ }
+
+ cleanup:
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (name != NULL)
+ query_releasename(client, &name);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+
+ return (eresult);
+}
+
+static inline isc_result_t
+query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
+ dns_name_t *name, *fname;
+ dns_dbnode_t *node;
+ isc_result_t result, eresult;
+ dns_fixedname_t foundname;
+ dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
+ dns_rdataset_t **sigrdatasetp = NULL;
+
+ CTRACE("query_addns");
+ /*
+ * Initialization.
+ */
+ eresult = ISC_R_SUCCESS;
+ name = NULL;
+ rdataset = NULL;
+ node = NULL;
+ dns_fixedname_init(&foundname);
+ fname = dns_fixedname_name(&foundname);
+
+ /*
+ * Get resources and make 'name' be the database origin.
+ */
+ result = dns_message_gettempname(client->message, &name);
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_addns: dns_message_gettempname failed: done");
+ return (result);
+ }
+ dns_name_init(name, NULL);
+ dns_name_clone(dns_db_origin(db), name);
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL) {
+ CTRACE("query_addns: query_newrdataset failed");
+ eresult = DNS_R_SERVFAIL;
+ goto cleanup;
+ }
+ if (WANTDNSSEC(client) && dns_db_issecure(db)) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL) {
+ CTRACE("query_addns: query_newrdataset failed");
+ eresult = DNS_R_SERVFAIL;
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Find the NS rdataset.
+ */
+ result = dns_db_getoriginnode(db, &node);
+ if (result == ISC_R_SUCCESS) {
+ result = dns_db_findrdataset(db, node, version,
+ dns_rdatatype_ns,
+ 0, client->now, rdataset,
+ sigrdataset);
+ } else {
+ CTRACE("query_addns: calling dns_db_find");
+ result = dns_db_find(db, name, NULL, dns_rdatatype_ns,
+ client->query.dboptions, 0, &node,
+ fname, rdataset, sigrdataset);
+ CTRACE("query_addns: dns_db_find complete");
+ }
+ if (result != ISC_R_SUCCESS) {
+ CTRACE("query_addns: "
+ "dns_db_findrdataset or dns_db_find failed");
+ /*
+ * This is bad. We tried to get the NS rdataset at the zone
+ * top and it didn't work!
+ */
+ eresult = DNS_R_SERVFAIL;
+ } else {
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
+ DNS_SECTION_AUTHORITY);
+ }
+
+ cleanup:
+ CTRACE("query_addns: cleanup");
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (name != NULL)
+ query_releasename(client, &name);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+
+ CTRACE("query_addns: done");
+ return (eresult);
+}
+
+static inline isc_result_t
+query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
+ dns_trust_t trust, dns_name_t **anamep, dns_rdatatype_t type)
+{
+ dns_rdataset_t *rdataset;
+ dns_rdatalist_t *rdatalist;
+ dns_rdata_t *rdata;
+ isc_result_t result;
+ isc_region_t r;
+
+ /*
+ * We assume the name data referred to by tname won't go away.
+ */
+
+ REQUIRE(anamep != NULL);
+
+ rdatalist = NULL;
+ result = dns_message_gettemprdatalist(client->message, &rdatalist);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ rdata = NULL;
+ result = dns_message_gettemprdata(client->message, &rdata);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ rdataset = NULL;
+ result = dns_message_gettemprdataset(client->message, &rdataset);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ dns_rdataset_init(rdataset);
+ result = dns_name_dup(qname, client->mctx, *anamep);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttemprdataset(client->message, &rdataset);
+ return (result);
+ }
+
+ rdatalist->type = type;
+ rdatalist->covers = 0;
+ rdatalist->rdclass = client->message->rdclass;
+ rdatalist->ttl = 0;
+
+ dns_name_toregion(tname, &r);
+ rdata->data = r.base;
+ rdata->length = r.length;
+ rdata->rdclass = client->message->rdclass;
+ rdata->type = type;
+
+ ISC_LIST_INIT(rdatalist->rdata);
+ ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
+ RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
+ == ISC_R_SUCCESS);
+ rdataset->trust = trust;
+
+ query_addrrset(client, anamep, &rdataset, NULL, NULL,
+ DNS_SECTION_ANSWER);
+
+ if (rdataset != NULL) {
+ if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+ dns_message_puttemprdataset(client->message, &rdataset);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Mark the RRsets as secure. Update the cache (db) to reflect the
+ * change in trust level.
+ */
+static void
+mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
+ isc_uint32_t ttl, dns_rdataset_t *rdataset,
+ dns_rdataset_t *sigrdataset)
+{
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+
+ rdataset->trust = dns_trust_secure;
+ sigrdataset->trust = dns_trust_secure;
+
+ /*
+ * Save the updated secure state. Ignore failures.
+ */
+ result = dns_db_findnode(db, name, ISC_TRUE, &node);
+ if (result != ISC_R_SUCCESS)
+ return;
+ /*
+ * Bound the validated ttls then minimise.
+ */
+ if (sigrdataset->ttl > ttl)
+ sigrdataset->ttl = ttl;
+ if (rdataset->ttl > ttl)
+ rdataset->ttl = ttl;
+ if (rdataset->ttl > sigrdataset->ttl)
+ rdataset->ttl = sigrdataset->ttl;
+ else
+ sigrdataset->ttl = rdataset->ttl;
+
+ (void)dns_db_addrdataset(db, node, NULL, client->now, rdataset,
+ 0, NULL);
+ (void)dns_db_addrdataset(db, node, NULL, client->now, sigrdataset,
+ 0, NULL);
+ dns_db_detachnode(db, &node);
+}
+
+/*
+ * Find the secure key that corresponds to rrsig.
+ * Note: 'keyrdataset' maintains state between sucessive calls,
+ * there may be multiple keys with the same keyid.
+ * Return ISC_FALSE if we have exhausted all the possible keys.
+ */
+static isc_boolean_t
+get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
+ dns_rdataset_t *keyrdataset, dst_key_t **keyp)
+{
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ isc_boolean_t secure = ISC_FALSE;
+
+ if (!dns_rdataset_isassociated(keyrdataset)) {
+ result = dns_db_findnode(db, &rrsig->signer, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_FALSE);
+
+ result = dns_db_findrdataset(db, node, NULL,
+ dns_rdatatype_dnskey, 0,
+ client->now, keyrdataset, NULL);
+ dns_db_detachnode(db, &node);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_FALSE);
+
+ if (keyrdataset->trust != dns_trust_secure)
+ return (ISC_FALSE);
+
+ result = dns_rdataset_first(keyrdataset);
+ } else
+ result = dns_rdataset_next(keyrdataset);
+
+ for ( ; result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(keyrdataset)) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_buffer_t b;
+
+ dns_rdataset_current(keyrdataset, &rdata);
+ isc_buffer_init(&b, rdata.data, rdata.length);
+ isc_buffer_add(&b, rdata.length);
+ result = dst_key_fromdns(&rrsig->signer, rdata.rdclass, &b,
+ client->mctx, keyp);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ if (rrsig->algorithm == (dns_secalg_t)dst_key_alg(*keyp) &&
+ rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) &&
+ dst_key_iszonekey(*keyp)) {
+ secure = ISC_TRUE;
+ break;
+ }
+ dst_key_free(keyp);
+ }
+ return (secure);
+}
+
+static isc_boolean_t
+verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
+ dns_rdata_t *rdata, isc_mem_t *mctx, isc_boolean_t acceptexpired)
+{
+ isc_result_t result;
+ dns_fixedname_t fixed;
+ isc_boolean_t ignore = ISC_FALSE;
+
+ dns_fixedname_init(&fixed);
+
+again:
+ result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx,
+ rdata, NULL);
+ if (result == DNS_R_SIGEXPIRED && acceptexpired) {
+ ignore = ISC_TRUE;
+ goto again;
+ }
+ if (result == ISC_R_SUCCESS || result == DNS_R_FROMWILDCARD)
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
+
+/*
+ * Validate the rdataset if possible with available records.
+ */
+static isc_boolean_t
+validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
+ dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
+{
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_rrsig_t rrsig;
+ dst_key_t *key = NULL;
+ dns_rdataset_t keyrdataset;
+
+ if (sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset))
+ return (ISC_FALSE);
+
+ for (result = dns_rdataset_first(sigrdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(sigrdataset)) {
+
+ dns_rdata_reset(&rdata);
+ dns_rdataset_current(sigrdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (ISC_FALSE);
+ if (!dns_resolver_algorithm_supported(client->view->resolver,
+ name, rrsig.algorithm))
+ continue;
+ if (!dns_name_issubdomain(name, &rrsig.signer))
+ continue;
+ dns_rdataset_init(&keyrdataset);
+ do {
+ if (!get_key(client, db, &rrsig, &keyrdataset, &key))
+ break;
+ if (verify(key, name, rdataset, &rdata, client->mctx,
+ client->view->acceptexpired)) {
+ dst_key_free(&key);
+ dns_rdataset_disassociate(&keyrdataset);
+ mark_secure(client, db, name,
+ rrsig.originalttl,
+ rdataset, sigrdataset);
+ return (ISC_TRUE);
+ }
+ dst_key_free(&key);
+ } while (1);
+ if (dns_rdataset_isassociated(&keyrdataset))
+ dns_rdataset_disassociate(&keyrdataset);
+ }
+ return (ISC_FALSE);
+}
+
+static void
+query_addbestns(ns_client_t *client) {
+ dns_db_t *db, *zdb;
+ dns_dbnode_t *node;
+ dns_name_t *fname, *zfname;
+ dns_rdataset_t *rdataset, *sigrdataset, *zrdataset, *zsigrdataset;
+ isc_boolean_t is_zone, use_zone;
+ isc_buffer_t *dbuf;
+ isc_result_t result;
+ dns_dbversion_t *version;
+ dns_zone_t *zone;
+ isc_buffer_t b;
+
+ CTRACE("query_addbestns");
+ fname = NULL;
+ zfname = NULL;
+ rdataset = NULL;
+ zrdataset = NULL;
+ sigrdataset = NULL;
+ zsigrdataset = NULL;
+ node = NULL;
+ db = NULL;
+ zdb = NULL;
+ version = NULL;
+ zone = NULL;
+ is_zone = ISC_FALSE;
+ use_zone = ISC_FALSE;
+
+ /*
+ * Find the right database.
+ */
+ result = query_getdb(client, client->query.qname, dns_rdatatype_ns, 0,
+ &zone, &db, &version, &is_zone);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ db_find:
+ /*
+ * We'll need some resources...
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ rdataset = query_newrdataset(client);
+ if (fname == NULL || rdataset == NULL)
+ goto cleanup;
+ /*
+ * Get the RRSIGs if the client requested them or if we may
+ * need to validate answers from the cache.
+ */
+ if (WANTDNSSEC(client) || !is_zone) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL)
+ goto cleanup;
+ }
+
+ /*
+ * Now look for the zonecut.
+ */
+ if (is_zone) {
+ result = dns_db_find(db, client->query.qname, version,
+ dns_rdatatype_ns, client->query.dboptions,
+ client->now, &node, fname,
+ rdataset, sigrdataset);
+ if (result != DNS_R_DELEGATION)
+ goto cleanup;
+ if (USECACHE(client)) {
+ query_keepname(client, fname, dbuf);
+ zdb = db;
+ zfname = fname;
+ fname = NULL;
+ zrdataset = rdataset;
+ rdataset = NULL;
+ zsigrdataset = sigrdataset;
+ sigrdataset = NULL;
+ dns_db_detachnode(db, &node);
+ version = NULL;
+ db = NULL;
+ dns_db_attach(client->view->cachedb, &db);
+ is_zone = ISC_FALSE;
+ goto db_find;
+ }
+ } else {
+ result = dns_db_findzonecut(db, client->query.qname,
+ client->query.dboptions,
+ client->now, &node, fname,
+ rdataset, sigrdataset);
+ if (result == ISC_R_SUCCESS) {
+ if (zfname != NULL &&
+ !dns_name_issubdomain(fname, zfname)) {
+ /*
+ * We found a zonecut in the cache, but our
+ * zone delegation is better.
+ */
+ use_zone = ISC_TRUE;
+ }
+ } else if (result == ISC_R_NOTFOUND && zfname != NULL) {
+ /*
+ * We didn't find anything in the cache, but we
+ * have a zone delegation, so use it.
+ */
+ use_zone = ISC_TRUE;
+ } else
+ goto cleanup;
+ }
+
+ if (use_zone) {
+ query_releasename(client, &fname);
+ fname = zfname;
+ zfname = NULL;
+ /*
+ * We've already done query_keepname() on
+ * zfname, so we must set dbuf to NULL to
+ * prevent query_addrrset() from trying to
+ * call query_keepname() again.
+ */
+ dbuf = NULL;
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ rdataset = zrdataset;
+ zrdataset = NULL;
+ sigrdataset = zsigrdataset;
+ zsigrdataset = NULL;
+ }
+
+ /*
+ * Attempt to validate RRsets that are pending or that are glue.
+ */
+ if ((rdataset->trust == dns_trust_pending ||
+ (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
+ && !validate(client, db, fname, rdataset, sigrdataset) &&
+ (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
+ goto cleanup;
+
+ if ((rdataset->trust == dns_trust_glue ||
+ (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
+ !validate(client, db, fname, rdataset, sigrdataset) &&
+ SECURE(client) && WANTDNSSEC(client))
+ goto cleanup;
+
+ /*
+ * If the client doesn't want DNSSEC we can discard the sigrdataset
+ * now.
+ */
+ if (!WANTDNSSEC(client))
+ query_putrdataset(client, &sigrdataset);
+ query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
+ DNS_SECTION_AUTHORITY);
+
+ cleanup:
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ if (zdb != NULL) {
+ query_putrdataset(client, &zrdataset);
+ if (zsigrdataset != NULL)
+ query_putrdataset(client, &zsigrdataset);
+ if (zfname != NULL)
+ query_releasename(client, &zfname);
+ dns_db_detach(&zdb);
+ }
+}
+
+static void
+fixrdataset(ns_client_t *client, dns_rdataset_t **rdataset) {
+ if (*rdataset == NULL)
+ *rdataset = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(*rdataset))
+ dns_rdataset_disassociate(*rdataset);
+}
+
+static void
+fixfname(ns_client_t *client, dns_name_t **fname, isc_buffer_t **dbuf,
+ isc_buffer_t *nbuf)
+{
+ if (*fname == NULL) {
+ *dbuf = query_getnamebuf(client);
+ if (*dbuf == NULL)
+ return;
+ *fname = query_newname(client, *dbuf, nbuf);
+ }
+}
+
+static void
+query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
+ dns_dbversion_t *version, dns_name_t *name)
+{
+ dns_fixedname_t fixed;
+ dns_name_t *fname = NULL;
+ dns_name_t *rname;
+ dns_rdataset_t *rdataset, *sigrdataset;
+ isc_buffer_t *dbuf, b;
+ isc_result_t result;
+ unsigned int count;
+
+ CTRACE("query_addds");
+ rname = NULL;
+ rdataset = NULL;
+ sigrdataset = NULL;
+
+ /*
+ * We'll need some resources...
+ */
+ rdataset = query_newrdataset(client);
+ sigrdataset = query_newrdataset(client);
+ if (rdataset == NULL || sigrdataset == NULL)
+ goto cleanup;
+
+ /*
+ * Look for the DS record, which may or may not be present.
+ */
+ result = dns_db_findrdataset(db, node, version, dns_rdatatype_ds, 0,
+ client->now, rdataset, sigrdataset);
+ /*
+ * If we didn't find it, look for an NSEC.
+ */
+ if (result == ISC_R_NOTFOUND)
+ result = dns_db_findrdataset(db, node, version,
+ dns_rdatatype_nsec, 0, client->now,
+ rdataset, sigrdataset);
+ if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+ goto addnsec3;
+ if (!dns_rdataset_isassociated(rdataset) ||
+ !dns_rdataset_isassociated(sigrdataset))
+ goto addnsec3;
+
+ /*
+ * We've already added the NS record, so if the name's not there,
+ * we have other problems. Use this name rather than calling
+ * query_addrrset().
+ */
+ result = dns_message_firstname(client->message, DNS_SECTION_AUTHORITY);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ rname = NULL;
+ dns_message_currentname(client->message, DNS_SECTION_AUTHORITY,
+ &rname);
+ result = dns_message_findtype(rname, dns_rdatatype_ns, 0, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ ISC_LIST_APPEND(rname->list, rdataset, link);
+ ISC_LIST_APPEND(rname->list, sigrdataset, link);
+ rdataset = NULL;
+ sigrdataset = NULL;
+ return;
+
+ addnsec3:
+ if (dns_db_iscache(db))
+ goto cleanup;
+ /*
+ * Add the NSEC3 which proves the DS does not exist.
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ dns_fixedname_init(&fixed);
+ query_findclosestnsec3(name, db, version, client, rdataset,
+ sigrdataset, fname, ISC_TRUE,
+ dns_fixedname_name(&fixed));
+ if (!dns_rdataset_isassociated(rdataset))
+ goto cleanup;
+ query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
+ DNS_SECTION_AUTHORITY);
+ /*
+ * Did we find the closest provable encloser instead?
+ * If so add the nearest to the closest provable encloser.
+ */
+ if (!dns_name_equal(name, dns_fixedname_name(&fixed))) {
+ count = dns_name_countlabels(dns_fixedname_name(&fixed)) + 1;
+ dns_name_getlabelsequence(name,
+ dns_name_countlabels(name) - count,
+ count, dns_fixedname_name(&fixed));
+ fixfname(client, &fname, &dbuf, &b);
+ fixrdataset(client, &rdataset);
+ fixrdataset(client, &sigrdataset);
+ if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
+ goto cleanup;
+ query_findclosestnsec3(dns_fixedname_name(&fixed), db, version,
+ client, rdataset, sigrdataset, fname,
+ ISC_FALSE, NULL);
+ if (!dns_rdataset_isassociated(rdataset))
+ goto cleanup;
+ query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
+ DNS_SECTION_AUTHORITY);
+ }
+
+ cleanup:
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+}
+
+static void
+query_addwildcardproof(ns_client_t *client, dns_db_t *db,
+ dns_dbversion_t *version, dns_name_t *name,
+ isc_boolean_t ispositive)
+{
+ isc_buffer_t *dbuf, b;
+ dns_name_t *fname;
+ dns_rdataset_t *rdataset, *sigrdataset;
+ dns_fixedname_t wfixed;
+ dns_name_t *wname;
+ dns_dbnode_t *node;
+ unsigned int options;
+ unsigned int olabels, nlabels, labels;
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_nsec_t nsec;
+ isc_boolean_t have_wname;
+ int order;
+ dns_fixedname_t cfixed;
+ dns_name_t *cname;
+
+ CTRACE("query_addwildcardproof");
+ fname = NULL;
+ rdataset = NULL;
+ sigrdataset = NULL;
+ node = NULL;
+
+ /*
+ * Get the NOQNAME proof then if !ispositve
+ * get the NOWILDCARD proof.
+ *
+ * DNS_DBFIND_NOWILD finds the NSEC records that covers the
+ * name ignoring any wildcard. From the owner and next names
+ * of this record you can compute which wildcard (if it exists)
+ * will match by finding the longest common suffix of the
+ * owner name and next names with the qname and prefixing that
+ * with the wildcard label.
+ *
+ * e.g.
+ * Given:
+ * example SOA
+ * example NSEC b.example
+ * b.example A
+ * b.example NSEC a.d.example
+ * a.d.example A
+ * a.d.example NSEC g.f.example
+ * g.f.example A
+ * g.f.example NSEC z.i.example
+ * z.i.example A
+ * z.i.example NSEC example
+ *
+ * QNAME:
+ * a.example -> example NSEC b.example
+ * owner common example
+ * next common example
+ * wild *.example
+ * d.b.example -> b.example NSEC a.d.example
+ * owner common b.example
+ * next common example
+ * wild *.b.example
+ * a.f.example -> a.d.example NSEC g.f.example
+ * owner common example
+ * next common f.example
+ * wild *.f.example
+ * j.example -> z.i.example NSEC example
+ * owner common example
+ * next common example
+ * wild *.f.example
+ */
+ options = client->query.dboptions | DNS_DBFIND_NOWILD;
+ dns_fixedname_init(&wfixed);
+ wname = dns_fixedname_name(&wfixed);
+ again:
+ have_wname = ISC_FALSE;
+ /*
+ * We'll need some resources...
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ rdataset = query_newrdataset(client);
+ sigrdataset = query_newrdataset(client);
+ if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
+ goto cleanup;
+
+ result = dns_db_find(db, name, version, dns_rdatatype_nsec, options,
+ 0, &node, fname, rdataset, sigrdataset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+
+ if (!dns_rdataset_isassociated(rdataset)) {
+ /*
+ * No NSEC proof available, return NSEC3 proofs instead.
+ */
+ dns_fixedname_init(&cfixed);
+ cname = dns_fixedname_name(&cfixed);
+ /*
+ * Find the closest encloser.
+ */
+ dns_name_copy(name, cname, NULL);
+ while (result == DNS_R_NXDOMAIN) {
+ labels = dns_name_countlabels(cname) - 1;
+ dns_name_split(cname, labels, NULL, cname);
+ result = dns_db_find(db, cname, version,
+ dns_rdatatype_nsec,
+ options, 0, NULL, fname,
+ NULL, NULL);
+ }
+ /*
+ * Add closest (provable) encloser NSEC3.
+ */
+ query_findclosestnsec3(cname, db, NULL, client, rdataset,
+ sigrdataset, fname, ISC_TRUE, cname);
+ if (!dns_rdataset_isassociated(rdataset))
+ goto cleanup;
+ query_addrrset(client, &fname, &rdataset, &sigrdataset,
+ dbuf, DNS_SECTION_AUTHORITY);
+
+ /*
+ * Replace resources which were consumed by query_addrrset.
+ */
+ if (fname == NULL) {
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ }
+
+ if (rdataset == NULL)
+ rdataset = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+
+ if (sigrdataset == NULL)
+ sigrdataset = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+
+ if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
+ goto cleanup;
+ /*
+ * Add no qname proof.
+ */
+ labels = dns_name_countlabels(cname) + 1;
+ if (dns_name_countlabels(name) == labels)
+ dns_name_copy(name, wname, NULL);
+ else
+ dns_name_split(name, labels, NULL, wname);
+
+ query_findclosestnsec3(wname, db, NULL, client, rdataset,
+ sigrdataset, fname, ISC_FALSE, NULL);
+ if (!dns_rdataset_isassociated(rdataset))
+ goto cleanup;
+ query_addrrset(client, &fname, &rdataset, &sigrdataset,
+ dbuf, DNS_SECTION_AUTHORITY);
+
+ if (ispositive)
+ goto cleanup;
+
+ /*
+ * Replace resources which were consumed by query_addrrset.
+ */
+ if (fname == NULL) {
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ }
+
+ if (rdataset == NULL)
+ rdataset = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+
+ if (sigrdataset == NULL)
+ sigrdataset = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+
+ if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
+ goto cleanup;
+ /*
+ * Add the no wildcard proof.
+ */
+ result = dns_name_concatenate(dns_wildcardname,
+ cname, wname, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ query_findclosestnsec3(wname, db, NULL, client, rdataset,
+ sigrdataset, fname, ISC_FALSE, NULL);
+ if (!dns_rdataset_isassociated(rdataset))
+ goto cleanup;
+ query_addrrset(client, &fname, &rdataset, &sigrdataset,
+ dbuf, DNS_SECTION_AUTHORITY);
+
+ goto cleanup;
+ } else if (result == DNS_R_NXDOMAIN) {
+ if (!ispositive)
+ result = dns_rdataset_first(rdataset);
+ if (result == ISC_R_SUCCESS) {
+ dns_rdataset_current(rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &nsec, NULL);
+ }
+ if (result == ISC_R_SUCCESS) {
+ (void)dns_name_fullcompare(name, fname, &order,
+ &olabels);
+ (void)dns_name_fullcompare(name, &nsec.next, &order,
+ &nlabels);
+ /*
+ * Check for a pathological condition created when
+ * serving some malformed signed zones and bail out.
+ */
+ if (dns_name_countlabels(name) == nlabels)
+ goto cleanup;
+
+ if (olabels > nlabels)
+ dns_name_split(name, olabels, NULL, wname);
+ else
+ dns_name_split(name, nlabels, NULL, wname);
+ result = dns_name_concatenate(dns_wildcardname,
+ wname, wname, NULL);
+ if (result == ISC_R_SUCCESS)
+ have_wname = ISC_TRUE;
+ dns_rdata_freestruct(&nsec);
+ }
+ query_addrrset(client, &fname, &rdataset, &sigrdataset,
+ dbuf, DNS_SECTION_AUTHORITY);
+ }
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+ if (have_wname) {
+ ispositive = ISC_TRUE; /* prevent loop */
+ if (!dns_name_equal(name, wname)) {
+ name = wname;
+ goto again;
+ }
+ }
+ cleanup:
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+}
+
+static void
+query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db,
+ dns_dbversion_t *version, dns_name_t **namep,
+ dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp)
+{
+ dns_name_t *name;
+ dns_rdataset_t *sigrdataset;
+ dns_rdata_t sigrdata;
+ dns_rdata_rrsig_t sig;
+ unsigned int labels;
+ isc_buffer_t *dbuf, b;
+ dns_name_t *fname;
+ isc_result_t result;
+
+ name = *namep;
+ if ((name->attributes & DNS_NAMEATTR_WILDCARD) == 0) {
+ query_addrrset(client, namep, rdatasetp, sigrdatasetp,
+ NULL, DNS_SECTION_AUTHORITY);
+ return;
+ }
+
+ if (sigrdatasetp == NULL)
+ return;
+
+ sigrdataset = *sigrdatasetp;
+ if (sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset))
+ return;
+ result = dns_rdataset_first(sigrdataset);
+ if (result != ISC_R_SUCCESS)
+ return;
+ dns_rdata_init(&sigrdata);
+ dns_rdataset_current(sigrdataset, &sigrdata);
+ result = dns_rdata_tostruct(&sigrdata, &sig, NULL);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ labels = dns_name_countlabels(name);
+ if ((unsigned int)sig.labels + 1 >= labels)
+ return;
+
+ /* XXX */
+ query_addwildcardproof(client, db, version, client->query.qname,
+ ISC_TRUE);
+
+ /*
+ * We'll need some resources...
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ return;
+ fname = query_newname(client, dbuf, &b);
+ if (fname == NULL)
+ return;
+ dns_name_split(name, sig.labels + 1, NULL, fname);
+ /* This will succeed, since we've stripped labels. */
+ RUNTIME_CHECK(dns_name_concatenate(dns_wildcardname, fname, fname,
+ NULL) == ISC_R_SUCCESS);
+ query_addrrset(client, &fname, rdatasetp, sigrdatasetp,
+ dbuf, DNS_SECTION_AUTHORITY);
+}
+
+static void
+query_resume(isc_task_t *task, isc_event_t *event) {
+ dns_fetchevent_t *devent = (dns_fetchevent_t *)event;
+ ns_client_t *client;
+ isc_boolean_t fetch_cancelled, client_shuttingdown;
+
+ /*
+ * Resume a query after recursion.
+ */
+
+ UNUSED(task);
+
+ REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
+ client = devent->ev_arg;
+ REQUIRE(NS_CLIENT_VALID(client));
+ REQUIRE(task == client->task);
+ REQUIRE(RECURSING(client));
+
+ LOCK(&client->query.fetchlock);
+ if (client->query.fetch != NULL) {
+ /*
+ * This is the fetch we've been waiting for.
+ */
+ INSIST(devent->fetch == client->query.fetch);
+ client->query.fetch = NULL;
+ fetch_cancelled = ISC_FALSE;
+ /*
+ * Update client->now.
+ */
+ isc_stdtime_get(&client->now);
+ } else {
+ /*
+ * This is a fetch completion event for a cancelled fetch.
+ * Clean up and don't resume the find.
+ */
+ fetch_cancelled = ISC_TRUE;
+ }
+ UNLOCK(&client->query.fetchlock);
+ INSIST(client->query.fetch == NULL);
+
+ client->query.attributes &= ~NS_QUERYATTR_RECURSING;
+ dns_resolver_destroyfetch(&devent->fetch);
+
+ /*
+ * If this client is shutting down, or this transaction
+ * has timed out, do not resume the find.
+ */
+ client_shuttingdown = ns_client_shuttingdown(client);
+ if (fetch_cancelled || client_shuttingdown) {
+ if (devent->node != NULL)
+ dns_db_detachnode(devent->db, &devent->node);
+ if (devent->db != NULL)
+ dns_db_detach(&devent->db);
+ query_putrdataset(client, &devent->rdataset);
+ if (devent->sigrdataset != NULL)
+ query_putrdataset(client, &devent->sigrdataset);
+ isc_event_free(&event);
+ if (fetch_cancelled)
+ query_error(client, DNS_R_SERVFAIL);
+ else
+ query_next(client, ISC_R_CANCELED);
+ /*
+ * This may destroy the client.
+ */
+ ns_client_detach(&client);
+ } else {
+ query_find(client, devent, 0);
+ }
+}
+
+static isc_result_t
+query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
+ dns_rdataset_t *nameservers, isc_boolean_t resuming)
+{
+ isc_result_t result;
+ dns_rdataset_t *rdataset, *sigrdataset;
+ isc_sockaddr_t *peeraddr;
+
+ if (!resuming)
+ inc_stats(client, dns_nsstatscounter_recursion);
+
+ /*
+ * We are about to recurse, which means that this client will
+ * be unavailable for serving new requests for an indeterminate
+ * amount of time. If this client is currently responsible
+ * for handling incoming queries, set up a new client
+ * object to handle them while we are waiting for a
+ * response. There is no need to replace TCP clients
+ * because those have already been replaced when the
+ * connection was accepted (if allowed by the TCP quota).
+ */
+ if (client->recursionquota == NULL) {
+ result = isc_quota_attach(&ns_g_server->recursionquota,
+ &client->recursionquota);
+ if (result == ISC_R_SOFTQUOTA) {
+ static isc_stdtime_t last = 0;
+ isc_stdtime_t now;
+ isc_stdtime_get(&now);
+ if (now != last) {
+ last = now;
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_WARNING,
+ "recursive-clients soft limit "
+ "exceeded, aborting oldest query");
+ }
+ ns_client_killoldestquery(client);
+ result = ISC_R_SUCCESS;
+ } else if (result == ISC_R_QUOTA) {
+ static isc_stdtime_t last = 0;
+ isc_stdtime_t now;
+ isc_stdtime_get(&now);
+ if (now != last) {
+ last = now;
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_WARNING,
+ "no more recursive clients: %s",
+ isc_result_totext(result));
+ }
+ ns_client_killoldestquery(client);
+ }
+ if (result == ISC_R_SUCCESS && !client->mortal &&
+ (client->attributes & NS_CLIENTATTR_TCP) == 0) {
+ result = ns_client_replace(client);
+ if (result != ISC_R_SUCCESS) {
+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_WARNING,
+ "ns_client_replace() failed: %s",
+ isc_result_totext(result));
+ isc_quota_detach(&client->recursionquota);
+ }
+ }
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ ns_client_recursing(client);
+ }
+
+ /*
+ * Invoke the resolver.
+ */
+ REQUIRE(nameservers == NULL || nameservers->type == dns_rdatatype_ns);
+ REQUIRE(client->query.fetch == NULL);
+
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL)
+ return (ISC_R_NOMEMORY);
+ if (WANTDNSSEC(client)) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL) {
+ query_putrdataset(client, &rdataset);
+ return (ISC_R_NOMEMORY);
+ }
+ } else
+ sigrdataset = NULL;
+
+ if (client->query.timerset == ISC_FALSE)
+ ns_client_settimeout(client, 60);
+ if ((client->attributes & NS_CLIENTATTR_TCP) == 0)
+ peeraddr = &client->peeraddr;
+ else
+ peeraddr = NULL;
+ result = dns_resolver_createfetch2(client->view->resolver,
+ client->query.qname,
+ qtype, qdomain, nameservers,
+ NULL, peeraddr, client->message->id,
+ client->query.fetchoptions,
+ client->task,
+ query_resume, client,
+ rdataset, sigrdataset,
+ &client->query.fetch);
+
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * Record that we're waiting for an event. A client which
+ * is shutting down will not be destroyed until all the
+ * events have been received.
+ */
+ } else {
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ }
+
+ return (result);
+}
+
+#define MAX_RESTARTS 16
+
+#define QUERY_ERROR(r) \
+do { \
+ eresult = r; \
+ want_restart = ISC_FALSE; \
+} while (0)
+
+/*
+ * Extract a network address from the RDATA of an A or AAAA
+ * record.
+ *
+ * Returns:
+ * ISC_R_SUCCESS
+ * ISC_R_NOTIMPLEMENTED The rdata is not a known address type.
+ */
+static isc_result_t
+rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) {
+ struct in_addr ina;
+ struct in6_addr in6a;
+
+ switch (rdata->type) {
+ case dns_rdatatype_a:
+ INSIST(rdata->length == 4);
+ memcpy(&ina.s_addr, rdata->data, 4);
+ isc_netaddr_fromin(netaddr, &ina);
+ return (ISC_R_SUCCESS);
+ case dns_rdatatype_aaaa:
+ INSIST(rdata->length == 16);
+ memcpy(in6a.s6_addr, rdata->data, 16);
+ isc_netaddr_fromin6(netaddr, &in6a);
+ return (ISC_R_SUCCESS);
+ default:
+ return (ISC_R_NOTIMPLEMENTED);
+ }
+}
+
+/*
+ * Find the sort order of 'rdata' in the topology-like
+ * ACL forming the second element in a 2-element top-level
+ * sortlist statement.
+ */
+static int
+query_sortlist_order_2element(const dns_rdata_t *rdata, const void *arg) {
+ isc_netaddr_t netaddr;
+
+ if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS)
+ return (INT_MAX);
+ return (ns_sortlist_addrorder2(&netaddr, arg));
+}
+
+/*
+ * Find the sort order of 'rdata' in the matching element
+ * of a 1-element top-level sortlist statement.
+ */
+static int
+query_sortlist_order_1element(const dns_rdata_t *rdata, const void *arg) {
+ isc_netaddr_t netaddr;
+
+ if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS)
+ return (INT_MAX);
+ return (ns_sortlist_addrorder1(&netaddr, arg));
+}
+
+/*
+ * Find the sortlist statement that applies to 'client' and set up
+ * the sortlist info in in client->message appropriately.
+ */
+static void
+setup_query_sortlist(ns_client_t *client) {
+ isc_netaddr_t netaddr;
+ dns_rdatasetorderfunc_t order = NULL;
+ const void *order_arg = NULL;
+
+ isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+ switch (ns_sortlist_setup(client->view->sortlist,
+ &netaddr, &order_arg)) {
+ case NS_SORTLISTTYPE_1ELEMENT:
+ order = query_sortlist_order_1element;
+ break;
+ case NS_SORTLISTTYPE_2ELEMENT:
+ order = query_sortlist_order_2element;
+ break;
+ case NS_SORTLISTTYPE_NONE:
+ order = NULL;
+ break;
+ default:
+ INSIST(0);
+ break;
+ }
+ dns_message_setsortorder(client->message, order, order_arg);
+}
+
+static void
+query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) {
+ isc_buffer_t *dbuf, b;
+ dns_name_t *fname;
+ dns_rdataset_t *neg, *negsig;
+ isc_result_t result = ISC_R_NOMEMORY;
+
+ CTRACE("query_addnoqnameproof");
+
+ fname = NULL;
+ neg = NULL;
+ negsig = NULL;
+
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ neg = query_newrdataset(client);
+ negsig = query_newrdataset(client);
+ if (fname == NULL || neg == NULL || negsig == NULL)
+ goto cleanup;
+
+ result = dns_rdataset_getnoqname(rdataset, fname, neg, negsig);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ query_addrrset(client, &fname, &neg, &negsig, dbuf,
+ DNS_SECTION_AUTHORITY);
+
+ if ((rdataset->attributes & DNS_RDATASETATTR_CLOSEST) == 0)
+ goto cleanup;
+
+ if (fname == NULL) {
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL)
+ goto cleanup;
+ fname = query_newname(client, dbuf, &b);
+ }
+ if (neg == NULL)
+ neg = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(neg))
+ dns_rdataset_disassociate(neg);
+ if (negsig == NULL)
+ negsig = query_newrdataset(client);
+ else if (dns_rdataset_isassociated(negsig))
+ dns_rdataset_disassociate(negsig);
+ if (fname == NULL || neg == NULL || negsig == NULL)
+ goto cleanup;
+ result = dns_rdataset_getclosest(rdataset, fname, neg, negsig);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ query_addrrset(client, &fname, &neg, &negsig, dbuf,
+ DNS_SECTION_AUTHORITY);
+
+ cleanup:
+ if (neg != NULL)
+ query_putrdataset(client, &neg);
+ if (negsig != NULL)
+ query_putrdataset(client, &negsig);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+}
+
+static inline void
+answer_in_glue(ns_client_t *client, dns_rdatatype_t qtype) {
+ dns_name_t *name;
+ dns_message_t *msg;
+ dns_section_t section = DNS_SECTION_ADDITIONAL;
+ dns_rdataset_t *rdataset = NULL;
+
+ msg = client->message;
+ for (name = ISC_LIST_HEAD(msg->sections[section]);
+ name != NULL;
+ name = ISC_LIST_NEXT(name, link))
+ if (dns_name_equal(name, client->query.qname)) {
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link))
+ if (rdataset->type == qtype)
+ break;
+ break;
+ }
+ if (rdataset != NULL) {
+ ISC_LIST_UNLINK(msg->sections[section], name, link);
+ ISC_LIST_PREPEND(msg->sections[section], name, link);
+ ISC_LIST_UNLINK(name->list, rdataset, link);
+ ISC_LIST_PREPEND(name->list, rdataset, link);
+ rdataset->attributes |= DNS_RDATASETATTR_REQUIREDGLUE;
+ }
+}
+
+#define NS_NAME_INIT(A,B) \
+ { \
+ DNS_NAME_MAGIC, \
+ A, sizeof(A), sizeof(B), \
+ DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, \
+ B, NULL, { (void *)-1, (void *)-1}, \
+ {NULL, NULL} \
+ }
+
+static unsigned char inaddr10_offsets[] = { 0, 3, 11, 16 };
+static unsigned char inaddr172_offsets[] = { 0, 3, 7, 15, 20 };
+static unsigned char inaddr192_offsets[] = { 0, 4, 8, 16, 21 };
+
+static unsigned char inaddr10[] = "\00210\007IN-ADDR\004ARPA";
+
+static unsigned char inaddr16172[] = "\00216\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr17172[] = "\00217\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr18172[] = "\00218\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr19172[] = "\00219\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr20172[] = "\00220\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr21172[] = "\00221\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr22172[] = "\00222\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr23172[] = "\00223\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr24172[] = "\00224\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr25172[] = "\00225\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr26172[] = "\00226\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr27172[] = "\00227\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr28172[] = "\00228\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr29172[] = "\00229\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr30172[] = "\00230\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr31172[] = "\00231\003172\007IN-ADDR\004ARPA";
+
+static unsigned char inaddr168192[] = "\003168\003192\007IN-ADDR\004ARPA";
+
+static dns_name_t rfc1918names[] = {
+ NS_NAME_INIT(inaddr10, inaddr10_offsets),
+ NS_NAME_INIT(inaddr16172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr17172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr18172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr19172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr20172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr21172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr22172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr23172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr24172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr25172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr26172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr27172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr28172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr29172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr30172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr31172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr168192, inaddr192_offsets)
+};
+
+
+static unsigned char prisoner_data[] = "\010prisoner\004iana\003org";
+static unsigned char hostmaster_data[] = "\012hostmaster\014root-servers\003org";
+
+static unsigned char prisoner_offsets[] = { 0, 9, 14, 18 };
+static unsigned char hostmaster_offsets[] = { 0, 11, 24, 28 };
+
+static dns_name_t prisoner = NS_NAME_INIT(prisoner_data, prisoner_offsets);
+static dns_name_t hostmaster = NS_NAME_INIT(hostmaster_data, hostmaster_offsets);
+
+static void
+warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) {
+ unsigned int i;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_soa_t soa;
+ dns_rdataset_t found;
+ isc_result_t result;
+
+ for (i = 0; i < (sizeof(rfc1918names)/sizeof(*rfc1918names)); i++) {
+ if (dns_name_issubdomain(fname, &rfc1918names[i])) {
+ dns_rdataset_init(&found);
+ result = dns_ncache_getrdataset(rdataset,
+ &rfc1918names[i],
+ dns_rdatatype_soa,
+ &found);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ result = dns_rdataset_first(&found);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ dns_rdataset_current(&found, &rdata);
+ result = dns_rdata_tostruct(&rdata, &soa, NULL);
+ if (result != ISC_R_SUCCESS)
+ return;
+ if (dns_name_equal(&soa.origin, &prisoner) &&
+ dns_name_equal(&soa.contact, &hostmaster)) {
+ char buf[DNS_NAME_FORMATSIZE];
+ dns_name_format(fname, buf, sizeof(buf));
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY,
+ ISC_LOG_WARNING,
+ "RFC 1918 response from "
+ "Internet for %s", buf);
+ }
+ dns_rdataset_disassociate(&found);
+ return;
+ }
+ }
+}
+
+static void
+query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
+ dns_dbversion_t *version, ns_client_t *client,
+ dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
+ dns_name_t *fname, isc_boolean_t exact,
+ dns_name_t *found)
+{
+ unsigned char salt[256];
+ size_t salt_length = sizeof(salt);
+ isc_uint16_t iterations;
+ isc_result_t result;
+ unsigned int dboptions;
+ dns_fixedname_t fixed;
+ dns_hash_t hash;
+ dns_name_t name;
+ int order;
+ unsigned int count;
+ dns_rdata_nsec3_t nsec3;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_boolean_t optout;
+
+ salt_length = sizeof(salt);
+ result = dns_db_getnsec3parameters(db, version, &hash, NULL,
+ &iterations, salt, &salt_length);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ dns_name_init(&name, NULL);
+ dns_name_clone(qname, &name);
+
+ /*
+ * Map unknown algorithm to known value.
+ */
+ if (hash == DNS_NSEC3_UNKNOWNALG)
+ hash = 1;
+
+ again:
+ dns_fixedname_init(&fixed);
+ result = dns_nsec3_hashname(&fixed, NULL, NULL, &name,
+ dns_db_origin(db), hash,
+ iterations, salt, salt_length);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ dboptions = client->query.dboptions | DNS_DBFIND_FORCENSEC3;
+ result = dns_db_find(db, dns_fixedname_name(&fixed), version,
+ dns_rdatatype_nsec3, dboptions, client->now,
+ NULL, fname, rdataset, sigrdataset);
+
+ if (result == DNS_R_NXDOMAIN) {
+ if (!dns_rdataset_isassociated(rdataset)) {
+ return;
+ }
+ result = dns_rdataset_first(rdataset);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_rdataset_current(rdataset, &rdata);
+ dns_rdata_tostruct(&rdata, &nsec3, NULL);
+ dns_rdata_reset(&rdata);
+ optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
+ if (found != NULL && optout &&
+ dns_name_fullcompare(&name, dns_db_origin(db), &order,
+ &count) == dns_namereln_subdomain) {
+ dns_rdataset_disassociate(rdataset);
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ count = dns_name_countlabels(&name) - 1;
+ dns_name_getlabelsequence(&name, 1, count, &name);
+ ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
+ NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3),
+ "looking for closest provable encloser");
+ goto again;
+ }
+ if (exact)
+ ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
+ NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
+ "expected a exact match NSEC3, got "
+ "a covering record");
+
+ } else if (result != ISC_R_SUCCESS) {
+ return;
+ } else if (!exact)
+ ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
+ NS_LOGMODULE_QUERY, ISC_LOG_WARNING,
+ "expected covering NSEC3, got an exact match");
+ if (found != NULL)
+ dns_name_copy(&name, found, NULL);
+ return;
+}
+
+/*
+ * Do the bulk of query processing for the current query of 'client'.
+ * If 'event' is non-NULL, we are returning from recursion and 'qtype'
+ * is ignored. Otherwise, 'qtype' is the query type.
+ */
+static void
+query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
+{
+ dns_db_t *db, *zdb;
+ dns_dbnode_t *node;
+ dns_rdatatype_t type;
+ dns_name_t *fname, *zfname, *tname, *prefix;
+ dns_rdataset_t *rdataset, *trdataset;
+ dns_rdataset_t *sigrdataset, *zrdataset, *zsigrdataset;
+ dns_rdataset_t **sigrdatasetp;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdatasetiter_t *rdsiter;
+ isc_boolean_t want_restart, authoritative, is_zone, need_wildcardproof;
+ unsigned int n, nlabels;
+ dns_namereln_t namereln;
+ int order;
+ isc_buffer_t *dbuf;
+ isc_buffer_t b;
+ isc_result_t result, eresult;
+ dns_fixedname_t fixed;
+ dns_fixedname_t wildcardname;
+ dns_dbversion_t *version, *zversion;
+ dns_zone_t *zone;
+ dns_rdata_cname_t cname;
+ dns_rdata_dname_t dname;
+ unsigned int options;
+ isc_boolean_t empty_wild;
+ dns_rdataset_t *noqname;
+ isc_boolean_t resuming;
+
+ CTRACE("query_find");
+
+ /*
+ * One-time initialization.
+ *
+ * It's especially important to initialize anything that the cleanup
+ * code might cleanup.
+ */
+
+ eresult = ISC_R_SUCCESS;
+ fname = NULL;
+ zfname = NULL;
+ rdataset = NULL;
+ zrdataset = NULL;
+ sigrdataset = NULL;
+ zsigrdataset = NULL;
+ zversion = NULL;
+ node = NULL;
+ db = NULL;
+ zdb = NULL;
+ version = NULL;
+ zone = NULL;
+ need_wildcardproof = ISC_FALSE;
+ empty_wild = ISC_FALSE;
+ options = 0;
+ resuming = ISC_FALSE;
+ is_zone = ISC_FALSE;
+
+ if (event != NULL) {
+ /*
+ * We're returning from recursion. Restore the query context
+ * and resume.
+ */
+
+ want_restart = ISC_FALSE;
+ authoritative = ISC_FALSE;
+
+ qtype = event->qtype;
+ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
+ type = dns_rdatatype_any;
+ else
+ type = qtype;
+ db = event->db;
+ node = event->node;
+ rdataset = event->rdataset;
+ sigrdataset = event->sigrdataset;
+
+ /*
+ * We'll need some resources...
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ fname = query_newname(client, dbuf, &b);
+ if (fname == NULL) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ tname = dns_fixedname_name(&event->foundname);
+ result = dns_name_copy(tname, fname, NULL);
+ if (result != ISC_R_SUCCESS) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+
+ result = event->result;
+ resuming = ISC_TRUE;
+
+ goto resume;
+ }
+
+ /*
+ * Not returning from recursion.
+ */
+
+ /*
+ * If it's a SIG query, we'll iterate the node.
+ */
+ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
+ type = dns_rdatatype_any;
+ else
+ type = qtype;
+
+ restart:
+ CTRACE("query_find: restart");
+ want_restart = ISC_FALSE;
+ authoritative = ISC_FALSE;
+ version = NULL;
+ need_wildcardproof = ISC_FALSE;
+
+ if (client->view->checknames &&
+ !dns_rdata_checkowner(client->query.qname,
+ client->message->rdclass,
+ qtype, ISC_FALSE)) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char typename[DNS_RDATATYPE_FORMATSIZE];
+ char classname[DNS_RDATACLASS_FORMATSIZE];
+
+ dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
+ dns_rdatatype_format(qtype, typename, sizeof(typename));
+ dns_rdataclass_format(client->message->rdclass, classname,
+ sizeof(classname));
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_QUERY, ISC_LOG_ERROR,
+ "check-names failure %s/%s/%s", namebuf,
+ typename, classname);
+ QUERY_ERROR(DNS_R_REFUSED);
+ goto cleanup;
+ }
+
+ /*
+ * First we must find the right database.
+ */
+ options &= DNS_GETDB_NOLOG; /* Preserve DNS_GETDB_NOLOG. */
+ if (dns_rdatatype_atparent(qtype) &&
+ !dns_name_equal(client->query.qname, dns_rootname))
+ options |= DNS_GETDB_NOEXACT;
+ result = query_getdb(client, client->query.qname, qtype, options,
+ &zone, &db, &version, &is_zone);
+ if ((result != ISC_R_SUCCESS || !is_zone) && !RECURSIONOK(client) &&
+ (options & DNS_GETDB_NOEXACT) != 0 && qtype == dns_rdatatype_ds) {
+ /*
+ * Look to see if we are authoritative for the
+ * child zone if the query type is DS.
+ */
+ dns_db_t *tdb = NULL;
+ dns_zone_t *tzone = NULL;
+ dns_dbversion_t *tversion = NULL;
+ isc_result_t tresult;
+
+ tresult = query_getzonedb(client, client->query.qname, qtype,
+ DNS_GETDB_PARTIAL, &tzone, &tdb,
+ &tversion);
+ if (tresult == ISC_R_SUCCESS) {
+ options &= ~DNS_GETDB_NOEXACT;
+ query_putrdataset(client, &rdataset);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ version = tversion;
+ db = tdb;
+ zone = tzone;
+ is_zone = ISC_TRUE;
+ result = ISC_R_SUCCESS;
+ } else {
+ if (tdb != NULL)
+ dns_db_detach(&tdb);
+ if (tzone != NULL)
+ dns_zone_detach(&tzone);
+ }
+ }
+ if (result != ISC_R_SUCCESS) {
+ if (result == DNS_R_REFUSED) {
+ if (WANTRECURSION(client)) {
+ inc_stats(client,
+ dns_nsstatscounter_recurserej);
+ } else
+ inc_stats(client, dns_nsstatscounter_authrej);
+ if (!PARTIALANSWER(client))
+ QUERY_ERROR(DNS_R_REFUSED);
+ } else
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+
+ if (is_zone)
+ authoritative = ISC_TRUE;
+
+ if (event == NULL && client->query.restarts == 0) {
+ if (is_zone) {
+#ifdef DLZ
+ if (zone != NULL) {
+ /*
+ * if is_zone = true, zone = NULL then this is
+ * a DLZ zone. Don't attempt to attach zone.
+ */
+#endif
+ dns_zone_attach(zone, &client->query.authzone);
+#ifdef DLZ
+ }
+#endif
+ dns_db_attach(db, &client->query.authdb);
+ }
+ client->query.authdbset = ISC_TRUE;
+ }
+
+ db_find:
+ CTRACE("query_find: db_find");
+ /*
+ * We'll need some resources...
+ */
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ fname = query_newname(client, dbuf, &b);
+ rdataset = query_newrdataset(client);
+ if (fname == NULL || rdataset == NULL) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ if (WANTDNSSEC(client) && (!is_zone || dns_db_issecure(db))) {
+ sigrdataset = query_newrdataset(client);
+ if (sigrdataset == NULL) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ }
+
+ /*
+ * Now look for an answer in the database.
+ */
+ result = dns_db_find(db, client->query.qname, version, type,
+ client->query.dboptions, client->now,
+ &node, fname, rdataset, sigrdataset);
+
+ resume:
+ CTRACE("query_find: resume");
+ switch (result) {
+ case ISC_R_SUCCESS:
+ /*
+ * This case is handled in the main line below.
+ */
+ break;
+ case DNS_R_GLUE:
+ case DNS_R_ZONECUT:
+ /*
+ * These cases are handled in the main line below.
+ */
+ INSIST(is_zone);
+ authoritative = ISC_FALSE;
+ break;
+ case ISC_R_NOTFOUND:
+ /*
+ * The cache doesn't even have the root NS. Get them from
+ * the hints DB.
+ */
+ INSIST(!is_zone);
+ if (db != NULL)
+ dns_db_detach(&db);
+
+ if (client->view->hints == NULL) {
+ /* We have no hints. */
+ result = ISC_R_FAILURE;
+ } else {
+ dns_db_attach(client->view->hints, &db);
+ result = dns_db_find(db, dns_rootname,
+ NULL, dns_rdatatype_ns,
+ 0, client->now, &node, fname,
+ rdataset, sigrdataset);
+ }
+ if (result != ISC_R_SUCCESS) {
+ /*
+ * Nonsensical root hints may require cleanup.
+ */
+ if (dns_rdataset_isassociated(rdataset))
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+
+ /*
+ * We don't have any root server hints, but
+ * we may have working forwarders, so try to
+ * recurse anyway.
+ */
+ if (RECURSIONOK(client)) {
+ result = query_recurse(client, qtype,
+ NULL, NULL, resuming);
+ if (result == ISC_R_SUCCESS)
+ client->query.attributes |=
+ NS_QUERYATTR_RECURSING;
+ else if (result == DNS_R_DUPLICATE ||
+ result == DNS_R_DROP) {
+ /* Duplicate query. */
+ QUERY_ERROR(result);
+ } else {
+ /* Unable to recurse. */
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ }
+ goto cleanup;
+ } else {
+ /* Unable to give root server referral. */
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ }
+ /*
+ * XXXRTH We should trigger root server priming here.
+ */
+ /* FALLTHROUGH */
+ case DNS_R_DELEGATION:
+ authoritative = ISC_FALSE;
+ if (is_zone) {
+ /*
+ * Look to see if we are authoritative for the
+ * child zone if the query type is DS.
+ */
+ if (!RECURSIONOK(client) &&
+ (options & DNS_GETDB_NOEXACT) != 0 &&
+ qtype == dns_rdatatype_ds) {
+ dns_db_t *tdb = NULL;
+ dns_zone_t *tzone = NULL;
+ dns_dbversion_t *tversion = NULL;
+ result = query_getzonedb(client,
+ client->query.qname,
+ qtype,
+ DNS_GETDB_PARTIAL,
+ &tzone, &tdb,
+ &tversion);
+ if (result == ISC_R_SUCCESS) {
+ options &= ~DNS_GETDB_NOEXACT;
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client,
+ &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client,
+ &fname);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ version = tversion;
+ db = tdb;
+ zone = tzone;
+ authoritative = ISC_TRUE;
+ goto db_find;
+ }
+ if (tdb != NULL)
+ dns_db_detach(&tdb);
+ if (tzone != NULL)
+ dns_zone_detach(&tzone);
+ }
+ /*
+ * We're authoritative for an ancestor of QNAME.
+ */
+ if (!USECACHE(client) || !RECURSIONOK(client)) {
+ dns_fixedname_t fixed;
+
+ dns_fixedname_init(&fixed);
+ dns_name_copy(fname,
+ dns_fixedname_name(&fixed), NULL);
+
+ /*
+ * If we don't have a cache, this is the best
+ * answer.
+ *
+ * If the client is making a nonrecursive
+ * query we always give out the authoritative
+ * delegation. This way even if we get
+ * junk in our cache, we won't fail in our
+ * role as the delegating authority if another
+ * nameserver asks us about a delegated
+ * subzone.
+ *
+ * We enable the retrieval of glue for this
+ * database by setting client->query.gluedb.
+ */
+ client->query.gluedb = db;
+ client->query.isreferral = ISC_TRUE;
+ /*
+ * We must ensure NOADDITIONAL is off,
+ * because the generation of
+ * additional data is required in
+ * delegations.
+ */
+ client->query.attributes &=
+ ~NS_QUERYATTR_NOADDITIONAL;
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ query_addrrset(client, &fname,
+ &rdataset, sigrdatasetp,
+ dbuf, DNS_SECTION_AUTHORITY);
+ client->query.gluedb = NULL;
+ if (WANTDNSSEC(client))
+ query_addds(client, db, node, version,
+ dns_fixedname_name(&fixed));
+ } else {
+ /*
+ * We might have a better answer or delegation
+ * in the cache. We'll remember the current
+ * values of fname, rdataset, and sigrdataset.
+ * We'll then go looking for QNAME in the
+ * cache. If we find something better, we'll
+ * use it instead.
+ */
+ query_keepname(client, fname, dbuf);
+ zdb = db;
+ zfname = fname;
+ fname = NULL;
+ zrdataset = rdataset;
+ rdataset = NULL;
+ zsigrdataset = sigrdataset;
+ sigrdataset = NULL;
+ dns_db_detachnode(db, &node);
+ zversion = version;
+ version = NULL;
+ db = NULL;
+ dns_db_attach(client->view->cachedb, &db);
+ is_zone = ISC_FALSE;
+ goto db_find;
+ }
+ } else {
+ if (zfname != NULL &&
+ !dns_name_issubdomain(fname, zfname)) {
+ /*
+ * We've already got a delegation from
+ * authoritative data, and it is better
+ * than what we found in the cache. Use
+ * it instead of the cache delegation.
+ */
+ query_releasename(client, &fname);
+ fname = zfname;
+ zfname = NULL;
+ /*
+ * We've already done query_keepname() on
+ * zfname, so we must set dbuf to NULL to
+ * prevent query_addrrset() from trying to
+ * call query_keepname() again.
+ */
+ dbuf = NULL;
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client,
+ &sigrdataset);
+ rdataset = zrdataset;
+ zrdataset = NULL;
+ sigrdataset = zsigrdataset;
+ zsigrdataset = NULL;
+ version = zversion;
+ zversion = NULL;
+ /*
+ * We don't clean up zdb here because we
+ * may still need it. It will get cleaned
+ * up by the main cleanup code.
+ */
+ }
+
+ if (RECURSIONOK(client)) {
+ /*
+ * Recurse!
+ */
+ if (dns_rdatatype_atparent(type))
+ result = query_recurse(client, qtype,
+ NULL, NULL,
+ resuming);
+ else
+ result = query_recurse(client, qtype,
+ fname, rdataset,
+ resuming);
+ if (result == ISC_R_SUCCESS)
+ client->query.attributes |=
+ NS_QUERYATTR_RECURSING;
+ else if (result == DNS_R_DUPLICATE ||
+ result == DNS_R_DROP)
+ QUERY_ERROR(result);
+ else
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ } else {
+ dns_fixedname_t fixed;
+
+ dns_fixedname_init(&fixed);
+ dns_name_copy(fname,
+ dns_fixedname_name(&fixed), NULL);
+ /*
+ * This is the best answer.
+ */
+ client->query.attributes |=
+ NS_QUERYATTR_CACHEGLUEOK;
+ client->query.gluedb = zdb;
+ client->query.isreferral = ISC_TRUE;
+ /*
+ * We must ensure NOADDITIONAL is off,
+ * because the generation of
+ * additional data is required in
+ * delegations.
+ */
+ client->query.attributes &=
+ ~NS_QUERYATTR_NOADDITIONAL;
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ query_addrrset(client, &fname,
+ &rdataset, sigrdatasetp,
+ dbuf, DNS_SECTION_AUTHORITY);
+ client->query.gluedb = NULL;
+ client->query.attributes &=
+ ~NS_QUERYATTR_CACHEGLUEOK;
+ if (WANTDNSSEC(client))
+ query_addds(client, db, node, version,
+ dns_fixedname_name(&fixed));
+ }
+ }
+ goto cleanup;
+ case DNS_R_EMPTYNAME:
+ result = DNS_R_NXRRSET;
+ /* FALLTHROUGH */
+ case DNS_R_NXRRSET:
+ INSIST(is_zone);
+ /*
+ * Look for a NSEC3 record if we don't have a NSEC record.
+ */
+ if (!dns_rdataset_isassociated(rdataset) &&
+ WANTDNSSEC(client)) {
+ if ((fname->attributes & DNS_NAMEATTR_WILDCARD) == 0) {
+ dns_name_t *found;
+ dns_name_t *qname;
+
+ dns_fixedname_init(&fixed);
+ found = dns_fixedname_name(&fixed);
+ qname = client->query.qname;
+
+ query_findclosestnsec3(qname, db, version,
+ client, rdataset,
+ sigrdataset, fname,
+ ISC_TRUE, found);
+ /*
+ * Did we find the closest provable encloser
+ * instead? If so add the nearest to the
+ * closest provable encloser.
+ */
+ if (found &&
+ dns_rdataset_isassociated(rdataset) &&
+ !dns_name_equal(qname, found))
+ {
+ unsigned int count;
+ unsigned int skip;
+
+ /*
+ * Add the closest provable encloser.
+ */
+ query_addrrset(client, &fname,
+ &rdataset, &sigrdataset,
+ dbuf,
+ DNS_SECTION_AUTHORITY);
+
+ count = dns_name_countlabels(found)
+ + 1;
+ skip = dns_name_countlabels(qname) -
+ count;
+ dns_name_getlabelsequence(qname, skip,
+ count,
+ found);
+
+ fixfname(client, &fname, &dbuf, &b);
+ fixrdataset(client, &rdataset);
+ fixrdataset(client, &sigrdataset);
+ if (fname == NULL ||
+ rdataset == NULL ||
+ sigrdataset == NULL) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ /*
+ * 'nearest' doesn't exist so
+ * 'exist' is set to ISC_FALSE.
+ */
+ query_findclosestnsec3(found, db,
+ version,
+ client,
+ rdataset,
+ sigrdataset,
+ fname,
+ ISC_FALSE,
+ NULL);
+ }
+ } else {
+ query_releasename(client, &fname);
+ query_addwildcardproof(client, db, version,
+ client->query.qname,
+ ISC_FALSE);
+ }
+ }
+ if (dns_rdataset_isassociated(rdataset)) {
+ /*
+ * If we've got a NSEC record, we need to save the
+ * name now because we're going call query_addsoa()
+ * below, and it needs to use the name buffer.
+ */
+ query_keepname(client, fname, dbuf);
+ } else if (fname != NULL) {
+ /*
+ * We're not going to use fname, and need to release
+ * our hold on the name buffer so query_addsoa()
+ * may use it.
+ */
+ query_releasename(client, &fname);
+ }
+ /*
+ * Add SOA.
+ */
+ result = query_addsoa(client, db, version, ISC_FALSE);
+ if (result != ISC_R_SUCCESS) {
+ QUERY_ERROR(result);
+ goto cleanup;
+ }
+ /*
+ * Add NSEC record if we found one.
+ */
+ if (WANTDNSSEC(client)) {
+ if (dns_rdataset_isassociated(rdataset))
+ query_addnxrrsetnsec(client, db, version,
+ &fname, &rdataset,
+ &sigrdataset);
+ }
+ goto cleanup;
+
+ case DNS_R_EMPTYWILD:
+ empty_wild = ISC_TRUE;
+ /* FALLTHROUGH */
+
+ case DNS_R_NXDOMAIN:
+ INSIST(is_zone);
+ if (dns_rdataset_isassociated(rdataset)) {
+ /*
+ * If we've got a NSEC record, we need to save the
+ * name now because we're going call query_addsoa()
+ * below, and it needs to use the name buffer.
+ */
+ query_keepname(client, fname, dbuf);
+ } else if (fname != NULL) {
+ /*
+ * We're not going to use fname, and need to release
+ * our hold on the name buffer so query_addsoa()
+ * may use it.
+ */
+ query_releasename(client, &fname);
+ }
+ /*
+ * Add SOA. If the query was for a SOA record force the
+ * ttl to zero so that it is possible for clients to find
+ * the containing zone of an arbitrary name with a stub
+ * resolver and not have it cached.
+ */
+ if (qtype == dns_rdatatype_soa &&
+#ifdef DLZ
+ zone != NULL &&
+#endif
+ dns_zone_getzeronosoattl(zone))
+ result = query_addsoa(client, db, version, ISC_TRUE);
+ else
+ result = query_addsoa(client, db, version, ISC_FALSE);
+ if (result != ISC_R_SUCCESS) {
+ QUERY_ERROR(result);
+ goto cleanup;
+ }
+
+ if (WANTDNSSEC(client)) {
+ /*
+ * Add NSEC record if we found one.
+ */
+ if (dns_rdataset_isassociated(rdataset))
+ query_addrrset(client, &fname, &rdataset,
+ &sigrdataset,
+ NULL, DNS_SECTION_AUTHORITY);
+ query_addwildcardproof(client, db, version,
+ client->query.qname, ISC_FALSE);
+ }
+
+ /*
+ * Set message rcode.
+ */
+ if (empty_wild)
+ client->message->rcode = dns_rcode_noerror;
+ else
+ client->message->rcode = dns_rcode_nxdomain;
+ goto cleanup;
+
+ case DNS_R_NCACHENXDOMAIN:
+ case DNS_R_NCACHENXRRSET:
+ INSIST(!is_zone);
+ authoritative = ISC_FALSE;
+ /*
+ * Set message rcode, if required.
+ */
+ if (result == DNS_R_NCACHENXDOMAIN)
+ client->message->rcode = dns_rcode_nxdomain;
+ /*
+ * Look for RFC 1918 leakage from Internet.
+ */
+ if (result == DNS_R_NCACHENXDOMAIN &&
+ qtype == dns_rdatatype_ptr &&
+ client->message->rdclass == dns_rdataclass_in &&
+ dns_name_countlabels(fname) == 7)
+ warn_rfc1918(client, fname, rdataset);
+ /*
+ * We don't call query_addrrset() because we don't need any
+ * of its extra features (and things would probably break!).
+ */
+ query_keepname(client, fname, dbuf);
+ dns_message_addname(client->message, fname,
+ DNS_SECTION_AUTHORITY);
+ ISC_LIST_APPEND(fname->list, rdataset, link);
+ fname = NULL;
+ rdataset = NULL;
+ goto cleanup;
+
+ case DNS_R_CNAME:
+ /*
+ * Keep a copy of the rdataset. We have to do this because
+ * query_addrrset may clear 'rdataset' (to prevent the
+ * cleanup code from cleaning it up).
+ */
+ trdataset = rdataset;
+ /*
+ * Add the CNAME to the answer section.
+ */
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ if (WANTDNSSEC(client) &&
+ (fname->attributes & DNS_NAMEATTR_WILDCARD) != 0)
+ {
+ dns_fixedname_init(&wildcardname);
+ dns_name_copy(fname, dns_fixedname_name(&wildcardname),
+ NULL);
+ need_wildcardproof = ISC_TRUE;
+ }
+ if (NOQNAME(rdataset) && WANTDNSSEC(client))
+ noqname = rdataset;
+ else
+ noqname = NULL;
+ query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
+ DNS_SECTION_ANSWER);
+ if (noqname != NULL)
+ query_addnoqnameproof(client, noqname);
+ /*
+ * We set the PARTIALANSWER attribute so that if anything goes
+ * wrong later on, we'll return what we've got so far.
+ */
+ client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+ /*
+ * Reset qname to be the target name of the CNAME and restart
+ * the query.
+ */
+ tname = NULL;
+ result = dns_message_gettempname(client->message, &tname);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ result = dns_rdataset_first(trdataset);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(client->message, &tname);
+ goto cleanup;
+ }
+ dns_rdataset_current(trdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &cname, NULL);
+ dns_rdata_reset(&rdata);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(client->message, &tname);
+ goto cleanup;
+ }
+ dns_name_init(tname, NULL);
+ result = dns_name_dup(&cname.cname, client->mctx, tname);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(client->message, &tname);
+ dns_rdata_freestruct(&cname);
+ goto cleanup;
+ }
+ dns_rdata_freestruct(&cname);
+ ns_client_qnamereplace(client, tname);
+ want_restart = ISC_TRUE;
+ if (!WANTRECURSION(client))
+ options |= DNS_GETDB_NOLOG;
+ goto addauth;
+ case DNS_R_DNAME:
+ /*
+ * Compare the current qname to the found name. We need
+ * to know how many labels and bits are in common because
+ * we're going to have to split qname later on.
+ */
+ namereln = dns_name_fullcompare(client->query.qname, fname,
+ &order, &nlabels);
+ INSIST(namereln == dns_namereln_subdomain);
+ /*
+ * Keep a copy of the rdataset. We have to do this because
+ * query_addrrset may clear 'rdataset' (to prevent the
+ * cleanup code from cleaning it up).
+ */
+ trdataset = rdataset;
+ /*
+ * Add the DNAME to the answer section.
+ */
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ if (WANTDNSSEC(client) &&
+ (fname->attributes & DNS_NAMEATTR_WILDCARD) != 0)
+ {
+ dns_fixedname_init(&wildcardname);
+ dns_name_copy(fname, dns_fixedname_name(&wildcardname),
+ NULL);
+ need_wildcardproof = ISC_TRUE;
+ }
+ query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
+ DNS_SECTION_ANSWER);
+ /*
+ * We set the PARTIALANSWER attribute so that if anything goes
+ * wrong later on, we'll return what we've got so far.
+ */
+ client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+ /*
+ * Get the target name of the DNAME.
+ */
+ tname = NULL;
+ result = dns_message_gettempname(client->message, &tname);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ result = dns_rdataset_first(trdataset);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(client->message, &tname);
+ goto cleanup;
+ }
+ dns_rdataset_current(trdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &dname, NULL);
+ dns_rdata_reset(&rdata);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(client->message, &tname);
+ goto cleanup;
+ }
+ dns_name_init(tname, NULL);
+ dns_name_clone(&dname.dname, tname);
+ dns_rdata_freestruct(&dname);
+ /*
+ * Construct the new qname.
+ */
+ dns_fixedname_init(&fixed);
+ prefix = dns_fixedname_name(&fixed);
+ dns_name_split(client->query.qname, nlabels, prefix, NULL);
+ INSIST(fname == NULL);
+ dbuf = query_getnamebuf(client);
+ if (dbuf == NULL) {
+ dns_message_puttempname(client->message, &tname);
+ goto cleanup;
+ }
+ fname = query_newname(client, dbuf, &b);
+ if (fname == NULL) {
+ dns_message_puttempname(client->message, &tname);
+ goto cleanup;
+ }
+ result = dns_name_concatenate(prefix, tname, fname, NULL);
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(client->message, &tname);
+ if (result == ISC_R_NOSPACE) {
+ /*
+ * RFC2672, section 4.1, subsection 3c says
+ * we should return YXDOMAIN if the constructed
+ * name would be too long.
+ */
+ client->message->rcode = dns_rcode_yxdomain;
+ }
+ goto cleanup;
+ }
+ query_keepname(client, fname, dbuf);
+ /*
+ * Synthesize a CNAME for this DNAME.
+ *
+ * We want to synthesize a CNAME since if we don't
+ * then older software that doesn't understand DNAME
+ * will not chain like it should.
+ *
+ * We do not try to synthesize a signature because we hope
+ * that security aware servers will understand DNAME. Also,
+ * even if we had an online key, making a signature
+ * on-the-fly is costly, and not really legitimate anyway
+ * since the synthesized CNAME is NOT in the zone.
+ */
+ dns_name_init(tname, NULL);
+ (void)query_addcnamelike(client, client->query.qname, fname,
+ trdataset->trust, &tname,
+ dns_rdatatype_cname);
+ if (tname != NULL)
+ dns_message_puttempname(client->message, &tname);
+ /*
+ * Switch to the new qname and restart.
+ */
+ ns_client_qnamereplace(client, fname);
+ fname = NULL;
+ want_restart = ISC_TRUE;
+ if (!WANTRECURSION(client))
+ options |= DNS_GETDB_NOLOG;
+ goto addauth;
+ default:
+ /*
+ * Something has gone wrong.
+ */
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+
+ if (WANTDNSSEC(client) &&
+ (fname->attributes & DNS_NAMEATTR_WILDCARD) != 0)
+ {
+ dns_fixedname_init(&wildcardname);
+ dns_name_copy(fname, dns_fixedname_name(&wildcardname), NULL);
+ need_wildcardproof = ISC_TRUE;
+ }
+
+ if (type == dns_rdatatype_any) {
+ /*
+ * XXXRTH Need to handle zonecuts with special case
+ * code.
+ */
+ n = 0;
+ rdsiter = NULL;
+ result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
+ if (result != ISC_R_SUCCESS) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ /*
+ * Calling query_addrrset() with a non-NULL dbuf is going
+ * to either keep or release the name. We don't want it to
+ * release fname, since we may have to call query_addrrset()
+ * more than once. That means we have to call query_keepname()
+ * now, and pass a NULL dbuf to query_addrrset().
+ *
+ * If we do a query_addrrset() below, we must set fname to
+ * NULL before leaving this block, otherwise we might try to
+ * cleanup fname even though we're using it!
+ */
+ query_keepname(client, fname, dbuf);
+ tname = fname;
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, rdataset);
+ if (is_zone && qtype == dns_rdatatype_any &&
+ !dns_db_issecure(db) &&
+ dns_rdatatype_isdnssec(rdataset->type)) {
+ /*
+ * The zone is transitioning from insecure
+ * to secure. Hide the dnssec records from
+ * ANY queries.
+ */
+ dns_rdataset_disassociate(rdataset);
+ } else if ((qtype == dns_rdatatype_any ||
+ rdataset->type == qtype) && rdataset->type != 0) {
+ if (NOQNAME(rdataset) && WANTDNSSEC(client))
+ noqname = rdataset;
+ else
+ noqname = NULL;
+ query_addrrset(client,
+ fname != NULL ? &fname : &tname,
+ &rdataset, NULL,
+ NULL, DNS_SECTION_ANSWER);
+ if (noqname != NULL)
+ query_addnoqnameproof(client, noqname);
+ n++;
+ INSIST(tname != NULL);
+ /*
+ * rdataset is non-NULL only in certain
+ * pathological cases involving DNAMEs.
+ */
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ rdataset = query_newrdataset(client);
+ if (rdataset == NULL)
+ break;
+ } else {
+ /*
+ * We're not interested in this rdataset.
+ */
+ dns_rdataset_disassociate(rdataset);
+ }
+ result = dns_rdatasetiter_next(rdsiter);
+ }
+
+ if (fname != NULL)
+ dns_message_puttempname(client->message, &fname);
+
+ if (n == 0 && is_zone) {
+ /*
+ * We didn't match any rdatasets.
+ */
+ if (qtype == dns_rdatatype_rrsig &&
+ result == ISC_R_NOMORE) {
+ /*
+ * XXXRTH If this is a secure zone and we
+ * didn't find any SIGs, we should generate
+ * an error unless we were searching for
+ * glue. Ugh.
+ */
+ if (!is_zone) {
+ authoritative = ISC_FALSE;
+ dns_rdatasetiter_destroy(&rdsiter);
+ if (RECURSIONOK(client)) {
+ result = query_recurse(client,
+ qtype,
+ NULL,
+ NULL,
+ resuming);
+ if (result == ISC_R_SUCCESS)
+ client->query.attributes |=
+ NS_QUERYATTR_RECURSING;
+ else
+ QUERY_ERROR(DNS_R_SERVFAIL); }
+ goto addauth;
+ }
+ /*
+ * We were searching for SIG records in
+ * a nonsecure zone. Send a "no error,
+ * no data" response.
+ */
+ /*
+ * Add SOA.
+ */
+ result = query_addsoa(client, db, version,
+ ISC_FALSE);
+ if (result == ISC_R_SUCCESS)
+ result = ISC_R_NOMORE;
+ } else {
+ /*
+ * Something went wrong.
+ */
+ result = DNS_R_SERVFAIL;
+ }
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+ if (result != ISC_R_NOMORE) {
+ QUERY_ERROR(DNS_R_SERVFAIL);
+ goto cleanup;
+ }
+ } else {
+ /*
+ * This is the "normal" case -- an ordinary question to which
+ * we know the answer.
+ */
+ if (sigrdataset != NULL)
+ sigrdatasetp = &sigrdataset;
+ else
+ sigrdatasetp = NULL;
+ if (NOQNAME(rdataset) && WANTDNSSEC(client))
+ noqname = rdataset;
+ else
+ noqname = NULL;
+ /*
+ * BIND 8 priming queries need the additional section.
+ */
+ if (is_zone && qtype == dns_rdatatype_ns &&
+ dns_name_equal(client->query.qname, dns_rootname))
+ client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
+
+ query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
+ DNS_SECTION_ANSWER);
+ if (noqname != NULL)
+ query_addnoqnameproof(client, noqname);
+ /*
+ * We shouldn't ever fail to add 'rdataset'
+ * because it's already in the answer.
+ */
+ INSIST(rdataset == NULL);
+ }
+
+ addauth:
+ CTRACE("query_find: addauth");
+ /*
+ * Add NS records to the authority section (if we haven't already
+ * added them to the answer section).
+ */
+ if (!want_restart && !NOAUTHORITY(client)) {
+ if (is_zone) {
+ if (!((qtype == dns_rdatatype_ns ||
+ qtype == dns_rdatatype_any) &&
+ dns_name_equal(client->query.qname,
+ dns_db_origin(db))))
+ (void)query_addns(client, db, version);
+ } else if (qtype != dns_rdatatype_ns) {
+ if (fname != NULL)
+ query_releasename(client, &fname);
+ query_addbestns(client);
+ }
+ }
+
+ /*
+ * Add NSEC records to the authority section if they're needed for
+ * DNSSEC wildcard proofs.
+ */
+ if (need_wildcardproof && dns_db_issecure(db))
+ query_addwildcardproof(client, db, version,
+ dns_fixedname_name(&wildcardname),
+ ISC_TRUE);
+ cleanup:
+ CTRACE("query_find: cleanup");
+ /*
+ * General cleanup.
+ */
+ if (rdataset != NULL)
+ query_putrdataset(client, &rdataset);
+ if (sigrdataset != NULL)
+ query_putrdataset(client, &sigrdataset);
+ if (fname != NULL)
+ query_releasename(client, &fname);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ if (zdb != NULL) {
+ query_putrdataset(client, &zrdataset);
+ if (zsigrdataset != NULL)
+ query_putrdataset(client, &zsigrdataset);
+ if (zfname != NULL)
+ query_releasename(client, &zfname);
+ dns_db_detach(&zdb);
+ }
+ if (event != NULL)
+ isc_event_free(ISC_EVENT_PTR(&event));
+
+ /*
+ * AA bit.
+ */
+ if (client->query.restarts == 0 && !authoritative) {
+ /*
+ * We're not authoritative, so we must ensure the AA bit
+ * isn't set.
+ */
+ client->message->flags &= ~DNS_MESSAGEFLAG_AA;
+ }
+
+ /*
+ * Restart the query?
+ */
+ if (want_restart && client->query.restarts < MAX_RESTARTS) {
+ client->query.restarts++;
+ goto restart;
+ }
+
+ if (eresult != ISC_R_SUCCESS &&
+ (!PARTIALANSWER(client) || WANTRECURSION(client))) {
+ if (eresult == DNS_R_DUPLICATE || eresult == DNS_R_DROP) {
+ /*
+ * This was a duplicate query that we are
+ * recursing on. Don't send a response now.
+ * The original query will still cause a response.
+ */
+ query_next(client, eresult);
+ } else {
+ /*
+ * If we don't have any answer to give the client,
+ * or if the client requested recursion and thus wanted
+ * the complete answer, send an error response.
+ */
+ query_error(client, eresult);
+ }
+ ns_client_detach(&client);
+ } else if (!RECURSING(client)) {
+ /*
+ * We are done. Set up sortlist data for the message
+ * rendering code, make a final tweak to the AA bit if the
+ * auth-nxdomain config option says so, then render and
+ * send the response.
+ */
+ setup_query_sortlist(client);
+
+ /*
+ * If this is a referral and the answer to the question
+ * is in the glue sort it to the start of the additional
+ * section.
+ */
+ if (client->message->counts[DNS_SECTION_ANSWER] == 0 &&
+ client->message->rcode == dns_rcode_noerror &&
+ (qtype == dns_rdatatype_a || qtype == dns_rdatatype_aaaa))
+ answer_in_glue(client, qtype);
+
+ if (client->message->rcode == dns_rcode_nxdomain &&
+ client->view->auth_nxdomain == ISC_TRUE)
+ client->message->flags |= DNS_MESSAGEFLAG_AA;
+
+ query_send(client);
+ ns_client_detach(&client);
+ }
+ CTRACE("query_find: done");
+}
+
+static inline void
+log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char typename[DNS_RDATATYPE_FORMATSIZE];
+ char classname[DNS_RDATACLASS_FORMATSIZE];
+ dns_rdataset_t *rdataset;
+ int level = ISC_LOG_INFO;
+
+ if (! isc_log_wouldlog(ns_g_lctx, level))
+ return;
+
+ rdataset = ISC_LIST_HEAD(client->query.qname->list);
+ INSIST(rdataset != NULL);
+ dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
+ dns_rdataclass_format(rdataset->rdclass, classname, sizeof(classname));
+ dns_rdatatype_format(rdataset->type, typename, sizeof(typename));
+
+ ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY,
+ level, "query: %s %s %s %s%s%s%s%s", namebuf, classname,
+ typename, WANTRECURSION(client) ? "+" : "-",
+ (client->signer != NULL) ? "S": "",
+ (client->opt != NULL) ? "E" : "",
+ ((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) ? "D" : "",
+ ((flags & DNS_MESSAGEFLAG_CD) != 0) ? "C" : "");
+}
+
+void
+ns_query_start(ns_client_t *client) {
+ isc_result_t result;
+ dns_message_t *message = client->message;
+ dns_rdataset_t *rdataset;
+ ns_client_t *qclient;
+ dns_rdatatype_t qtype;
+ unsigned int saved_extflags = client->extflags;
+ unsigned int saved_flags = client->message->flags;
+ isc_boolean_t want_ad;
+
+ CTRACE("ns_query_start");
+
+ /*
+ * Test only.
+ */
+ if (ns_g_clienttest && (client->attributes & NS_CLIENTATTR_TCP) == 0)
+ RUNTIME_CHECK(ns_client_replace(client) == ISC_R_SUCCESS);
+
+ /*
+ * Ensure that appropriate cleanups occur.
+ */
+ client->next = query_next_callback;
+
+ /*
+ * Behave as if we don't support DNSSEC if not enabled.
+ */
+ if (!client->view->enablednssec) {
+ message->flags &= ~DNS_MESSAGEFLAG_CD;
+ client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
+ if (client->opt != NULL)
+ client->opt->ttl &= ~DNS_MESSAGEEXTFLAG_DO;
+ }
+
+ if ((message->flags & DNS_MESSAGEFLAG_RD) != 0)
+ client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
+
+ if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0)
+ client->attributes |= NS_CLIENTATTR_WANTDNSSEC;
+
+ if (client->view->minimalresponses)
+ client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
+ NS_QUERYATTR_NOADDITIONAL);
+
+ if ((client->view->cachedb == NULL)
+ || (!client->view->additionalfromcache)) {
+ /*
+ * We don't have a cache. Turn off cache support and
+ * recursion.
+ */
+ client->query.attributes &=
+ ~(NS_QUERYATTR_RECURSIONOK|NS_QUERYATTR_CACHEOK);
+ } else if ((client->attributes & NS_CLIENTATTR_RA) == 0 ||
+ (message->flags & DNS_MESSAGEFLAG_RD) == 0) {
+ /*
+ * If the client isn't allowed to recurse (due to
+ * "recursion no", the allow-recursion ACL, or the
+ * lack of a resolver in this view), or if it
+ * doesn't want recursion, turn recursion off.
+ */
+ client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
+ }
+
+ /*
+ * Get the question name.
+ */
+ result = dns_message_firstname(message, DNS_SECTION_QUESTION);
+ if (result != ISC_R_SUCCESS) {
+ query_error(client, result);
+ return;
+ }
+ dns_message_currentname(message, DNS_SECTION_QUESTION,
+ &client->query.qname);
+ client->query.origqname = client->query.qname;
+ result = dns_message_nextname(message, DNS_SECTION_QUESTION);
+ if (result != ISC_R_NOMORE) {
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * There's more than one QNAME in the question
+ * section.
+ */
+ query_error(client, DNS_R_FORMERR);
+ } else
+ query_error(client, result);
+ return;
+ }
+
+ if (ns_g_server->log_queries)
+ log_query(client, saved_flags, saved_extflags);
+
+ /*
+ * Check for multiple question queries, since edns1 is dead.
+ */
+ if (message->counts[DNS_SECTION_QUESTION] > 1) {
+ query_error(client, DNS_R_FORMERR);
+ return;
+ }
+
+ /*
+ * Check for meta-queries like IXFR and AXFR.
+ */
+ rdataset = ISC_LIST_HEAD(client->query.qname->list);
+ INSIST(rdataset != NULL);
+ qtype = rdataset->type;
+ dns_rdatatypestats_increment(ns_g_server->rcvquerystats, qtype);
+ if (dns_rdatatype_ismeta(qtype)) {
+ switch (qtype) {
+ case dns_rdatatype_any:
+ break; /* Let query_find handle it. */
+ case dns_rdatatype_ixfr:
+ case dns_rdatatype_axfr:
+ ns_xfr_start(client, rdataset->type);
+ return;
+ case dns_rdatatype_maila:
+ case dns_rdatatype_mailb:
+ query_error(client, DNS_R_NOTIMP);
+ return;
+ case dns_rdatatype_tkey:
+ result = dns_tkey_processquery(client->message,
+ ns_g_server->tkeyctx,
+ client->view->dynamickeys);
+ if (result == ISC_R_SUCCESS)
+ query_send(client);
+ else
+ query_error(client, result);
+ return;
+ default: /* TSIG, etc. */
+ query_error(client, DNS_R_FORMERR);
+ return;
+ }
+ }
+
+ /*
+ * Turn on minimal response for DNSKEY queries.
+ */
+ if (qtype == dns_rdatatype_dnskey)
+ client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
+ NS_QUERYATTR_NOADDITIONAL);
+
+ /*
+ * If the client has requested that DNSSEC checking be disabled,
+ * allow lookups to return pending data and instruct the resolver
+ * to return data before validation has completed.
+ *
+ * We don't need to set DNS_DBFIND_PENDINGOK when validation is
+ * disabled as there will be no pending data.
+ */
+ if (message->flags & DNS_MESSAGEFLAG_CD ||
+ qtype == dns_rdatatype_rrsig)
+ {
+ client->query.dboptions |= DNS_DBFIND_PENDINGOK;
+ client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
+ } else if (!client->view->enablevalidation)
+ client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
+
+ /*
+ * Allow glue NS records to be added to the authority section
+ * if the answer is secure.
+ */
+ if (message->flags & DNS_MESSAGEFLAG_CD)
+ client->query.attributes &= ~NS_QUERYATTR_SECURE;
+
+ /*
+ * Set 'want_ad' if the client has set AD in the query.
+ * This allows AD to be returned on queries without DO set.
+ */
+ if ((message->flags & DNS_MESSAGEFLAG_AD) != 0)
+ want_ad = ISC_TRUE;
+ else
+ want_ad = ISC_FALSE;
+
+ /*
+ * This is an ordinary query.
+ */
+ result = dns_message_reply(message, ISC_TRUE);
+ if (result != ISC_R_SUCCESS) {
+ query_next(client, result);
+ return;
+ }
+
+ /*
+ * Assume authoritative response until it is known to be
+ * otherwise.
+ */
+ message->flags |= DNS_MESSAGEFLAG_AA;
+
+ /*
+ * Set AD. We must clear it if we add non-validated data to a
+ * response.
+ */
+ if (WANTDNSSEC(client) || want_ad)
+ message->flags |= DNS_MESSAGEFLAG_AD;
+
+ qclient = NULL;
+ ns_client_attach(client, &qclient);
+ query_find(qclient, NULL, qtype);
+}
diff --git a/bin/named/server.c b/bin/named/server.c
new file mode 100644
index 0000000..31b2761
--- /dev/null
+++ b/bin/named/server.c
@@ -0,0 +1,5462 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: server.c,v 1.520 2008/11/14 23:47:32 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/dir.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/hash.h>
+#include <isc/httpd.h>
+#include <isc/lex.h>
+#include <isc/parseint.h>
+#include <isc/portset.h>
+#include <isc/print.h>
+#include <isc/resource.h>
+#include <isc/socket.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+#include <isc/xml.h>
+
+#include <isccfg/namedconf.h>
+
+#include <bind9/check.h>
+
+#include <dns/acache.h>
+#include <dns/adb.h>
+#include <dns/cache.h>
+#include <dns/db.h>
+#include <dns/dispatch.h>
+#ifdef DLZ
+#include <dns/dlz.h>
+#endif
+#include <dns/forward.h>
+#include <dns/journal.h>
+#include <dns/keytable.h>
+#include <dns/lib.h>
+#include <dns/master.h>
+#include <dns/masterdump.h>
+#include <dns/order.h>
+#include <dns/peer.h>
+#include <dns/portlist.h>
+#include <dns/rbt.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+#include <dns/resolver.h>
+#include <dns/rootns.h>
+#include <dns/secalg.h>
+#include <dns/stats.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+#include <dns/zt.h>
+
+#include <dst/dst.h>
+#include <dst/result.h>
+
+#include <named/client.h>
+#include <named/config.h>
+#include <named/control.h>
+#include <named/interfacemgr.h>
+#include <named/log.h>
+#include <named/logconf.h>
+#include <named/lwresd.h>
+#include <named/main.h>
+#include <named/os.h>
+#include <named/server.h>
+#include <named/statschannel.h>
+#include <named/tkeyconf.h>
+#include <named/tsigconf.h>
+#include <named/zoneconf.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#include <stdlib.h>
+#endif
+
+/*%
+ * Check an operation for failure. Assumes that the function
+ * using it has a 'result' variable and a 'cleanup' label.
+ */
+#define CHECK(op) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) goto cleanup; \
+ } while (0)
+
+#define CHECKM(op, msg) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) { \
+ isc_log_write(ns_g_lctx, \
+ NS_LOGCATEGORY_GENERAL, \
+ NS_LOGMODULE_SERVER, \
+ ISC_LOG_ERROR, \
+ "%s: %s", msg, \
+ isc_result_totext(result)); \
+ goto cleanup; \
+ } \
+ } while (0) \
+
+#define CHECKMF(op, msg, file) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) { \
+ isc_log_write(ns_g_lctx, \
+ NS_LOGCATEGORY_GENERAL, \
+ NS_LOGMODULE_SERVER, \
+ ISC_LOG_ERROR, \
+ "%s '%s': %s", msg, file, \
+ isc_result_totext(result)); \
+ goto cleanup; \
+ } \
+ } while (0) \
+
+#define CHECKFATAL(op, msg) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) \
+ fatal(msg, result); \
+ } while (0) \
+
+struct ns_dispatch {
+ isc_sockaddr_t addr;
+ unsigned int dispatchgen;
+ dns_dispatch_t *dispatch;
+ ISC_LINK(struct ns_dispatch) link;
+};
+
+struct dumpcontext {
+ isc_mem_t *mctx;
+ isc_boolean_t dumpcache;
+ isc_boolean_t dumpzones;
+ FILE *fp;
+ ISC_LIST(struct viewlistentry) viewlist;
+ struct viewlistentry *view;
+ struct zonelistentry *zone;
+ dns_dumpctx_t *mdctx;
+ dns_db_t *db;
+ dns_db_t *cache;
+ isc_task_t *task;
+ dns_dbversion_t *version;
+};
+
+struct viewlistentry {
+ dns_view_t *view;
+ ISC_LINK(struct viewlistentry) link;
+ ISC_LIST(struct zonelistentry) zonelist;
+};
+
+struct zonelistentry {
+ dns_zone_t *zone;
+ ISC_LINK(struct zonelistentry) link;
+};
+
+/*
+ * These zones should not leak onto the Internet.
+ */
+static const struct {
+ const char *zone;
+ isc_boolean_t rfc1918;
+} empty_zones[] = {
+#ifdef notyet
+ /* RFC 1918 */
+ { "10.IN-ADDR.ARPA", ISC_TRUE },
+ { "16.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "17.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "18.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "19.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "20.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "21.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "22.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "23.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "24.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "25.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "26.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "27.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "28.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "29.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "30.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "31.172.IN-ADDR.ARPA", ISC_TRUE },
+ { "168.192.IN-ADDR.ARPA", ISC_TRUE },
+#endif
+
+ /* RFC 3330 */
+ { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
+ { "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
+ { "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */
+ { "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */
+ { "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE }, /* BROADCAST */
+
+ /* Local IPv6 Unicast Addresses */
+ { "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE },
+ { "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE },
+ /* LOCALLY ASSIGNED LOCAL ADDRES S SCOPE */
+ { "D.F.IP6.ARPA", ISC_FALSE },
+ { "8.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
+ { "9.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
+ { "A.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
+ { "B.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */
+
+ { NULL, ISC_FALSE }
+};
+
+static void
+fatal(const char *msg, isc_result_t result);
+
+static void
+ns_server_reload(isc_task_t *task, isc_event_t *event);
+
+static isc_result_t
+ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx,
+ isc_mem_t *mctx, ns_listenelt_t **target);
+static isc_result_t
+ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx,
+ isc_mem_t *mctx, ns_listenlist_t **target);
+
+static isc_result_t
+configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
+ const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype);
+
+static isc_result_t
+configure_alternates(const cfg_obj_t *config, dns_view_t *view,
+ const cfg_obj_t *alternates);
+
+static isc_result_t
+configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
+ const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view,
+ cfg_aclconfctx_t *aclconf);
+
+static void
+end_reserved_dispatches(ns_server_t *server, isc_boolean_t all);
+
+/*%
+ * Configure a single view ACL at '*aclp'. Get its configuration by
+ * calling 'getvcacl' (for per-view configuration) and maybe 'getscacl'
+ * (for a global default).
+ */
+static isc_result_t
+configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config,
+ const char *aclname, cfg_aclconfctx_t *actx,
+ isc_mem_t *mctx, dns_acl_t **aclp)
+{
+ isc_result_t result;
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *aclobj = NULL;
+ int i = 0;
+
+ if (*aclp != NULL)
+ dns_acl_detach(aclp);
+ if (vconfig != NULL)
+ maps[i++] = cfg_tuple_get(vconfig, "options");
+ if (config != NULL) {
+ const cfg_obj_t *options = NULL;
+ (void)cfg_map_get(config, "options", &options);
+ if (options != NULL)
+ maps[i++] = options;
+ }
+ maps[i] = NULL;
+
+ (void)ns_config_get(maps, aclname, &aclobj);
+ if (aclobj == NULL)
+ /*
+ * No value available. *aclp == NULL.
+ */
+ return (ISC_R_SUCCESS);
+
+ result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx,
+ actx, mctx, 0, aclp);
+
+ return (result);
+}
+
+
+/*%
+ * Configure a sortlist at '*aclp'. Essentially the same as
+ * configure_view_acl() except it calls cfg_acl_fromconfig with a
+ * nest_level value of 2.
+ */
+static isc_result_t
+configure_view_sortlist(const cfg_obj_t *vconfig, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx,
+ dns_acl_t **aclp)
+{
+ isc_result_t result;
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *aclobj = NULL;
+ int i = 0;
+
+ if (*aclp != NULL)
+ dns_acl_detach(aclp);
+ if (vconfig != NULL)
+ maps[i++] = cfg_tuple_get(vconfig, "options");
+ if (config != NULL) {
+ const cfg_obj_t *options = NULL;
+ (void)cfg_map_get(config, "options", &options);
+ if (options != NULL)
+ maps[i++] = options;
+ }
+ maps[i] = NULL;
+
+ (void)ns_config_get(maps, "sortlist", &aclobj);
+ if (aclobj == NULL)
+ return (ISC_R_SUCCESS);
+
+ /*
+ * Use a nest level of 3 for the "top level" of the sortlist;
+ * this means each entry in the top three levels will be stored
+ * as lists of separate, nested ACLs, rather than merged together
+ * into IP tables as is usually done with ACLs.
+ */
+ result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx,
+ actx, mctx, 3, aclp);
+
+ return (result);
+}
+
+static isc_result_t
+configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key,
+ dns_keytable_t *keytable, isc_mem_t *mctx)
+{
+ dns_rdataclass_t viewclass;
+ dns_rdata_dnskey_t keystruct;
+ isc_uint32_t flags, proto, alg;
+ const char *keystr, *keynamestr;
+ unsigned char keydata[4096];
+ isc_buffer_t keydatabuf;
+ unsigned char rrdata[4096];
+ isc_buffer_t rrdatabuf;
+ isc_region_t r;
+ dns_fixedname_t fkeyname;
+ dns_name_t *keyname;
+ isc_buffer_t namebuf;
+ isc_result_t result;
+ dst_key_t *dstkey = NULL;
+
+ flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
+ proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol"));
+ alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm"));
+ keyname = dns_fixedname_name(&fkeyname);
+ keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
+
+ if (vconfig == NULL)
+ viewclass = dns_rdataclass_in;
+ else {
+ const cfg_obj_t *classobj = cfg_tuple_get(vconfig, "class");
+ CHECK(ns_config_getclass(classobj, dns_rdataclass_in,
+ &viewclass));
+ }
+ keystruct.common.rdclass = viewclass;
+ keystruct.common.rdtype = dns_rdatatype_dnskey;
+ /*
+ * The key data in keystruct is not dynamically allocated.
+ */
+ keystruct.mctx = NULL;
+
+ ISC_LINK_INIT(&keystruct.common, link);
+
+ if (flags > 0xffff)
+ CHECKM(ISC_R_RANGE, "key flags");
+ if (proto > 0xff)
+ CHECKM(ISC_R_RANGE, "key protocol");
+ if (alg > 0xff)
+ CHECKM(ISC_R_RANGE, "key algorithm");
+ keystruct.flags = (isc_uint16_t)flags;
+ keystruct.protocol = (isc_uint8_t)proto;
+ keystruct.algorithm = (isc_uint8_t)alg;
+
+ isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
+ isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
+
+ keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
+ CHECK(isc_base64_decodestring(keystr, &keydatabuf));
+ isc_buffer_usedregion(&keydatabuf, &r);
+ keystruct.datalen = r.length;
+ keystruct.data = r.base;
+
+ if ((keystruct.algorithm == DST_ALG_RSASHA1 ||
+ keystruct.algorithm == DST_ALG_RSAMD5) &&
+ r.length > 1 && r.base[0] == 1 && r.base[1] == 3)
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
+ "trusted key '%s' has a weak exponent",
+ keynamestr);
+
+ CHECK(dns_rdata_fromstruct(NULL,
+ keystruct.common.rdclass,
+ keystruct.common.rdtype,
+ &keystruct, &rrdatabuf));
+ dns_fixedname_init(&fkeyname);
+ isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
+ isc_buffer_add(&namebuf, strlen(keynamestr));
+ CHECK(dns_name_fromtext(keyname, &namebuf,
+ dns_rootname, ISC_FALSE,
+ NULL));
+ CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
+ mctx, &dstkey));
+
+ CHECK(dns_keytable_add(keytable, &dstkey));
+ INSIST(dstkey == NULL);
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (result == DST_R_NOCRYPTO) {
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
+ "ignoring trusted key for '%s': no crypto support",
+ keynamestr);
+ result = ISC_R_SUCCESS;
+ } else {
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
+ "configuring trusted key for '%s': %s",
+ keynamestr, isc_result_totext(result));
+ result = ISC_R_FAILURE;
+ }
+
+ if (dstkey != NULL)
+ dst_key_free(&dstkey);
+
+ return (result);
+}
+
+/*%
+ * Configure DNSSEC keys for a view. Currently used only for
+ * the security roots.
+ *
+ * The per-view configuration values and the server-global defaults are read
+ * from 'vconfig' and 'config'. The variable to be configured is '*target'.
+ */
+static isc_result_t
+configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config,
+ isc_mem_t *mctx, dns_keytable_t **target)
+{
+ isc_result_t result;
+ const cfg_obj_t *keys = NULL;
+ const cfg_obj_t *voptions = NULL;
+ const cfg_listelt_t *element, *element2;
+ const cfg_obj_t *keylist;
+ const cfg_obj_t *key;
+ dns_keytable_t *keytable = NULL;
+
+ CHECK(dns_keytable_create(mctx, &keytable));
+
+ if (vconfig != NULL)
+ voptions = cfg_tuple_get(vconfig, "options");
+
+ keys = NULL;
+ if (voptions != NULL)
+ (void)cfg_map_get(voptions, "trusted-keys", &keys);
+ if (keys == NULL)
+ (void)cfg_map_get(config, "trusted-keys", &keys);
+
+ for (element = cfg_list_first(keys);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ keylist = cfg_listelt_value(element);
+ for (element2 = cfg_list_first(keylist);
+ element2 != NULL;
+ element2 = cfg_list_next(element2))
+ {
+ key = cfg_listelt_value(element2);
+ CHECK(configure_view_dnsseckey(vconfig, key,
+ keytable, mctx));
+ }
+ }
+
+ dns_keytable_detach(target);
+ *target = keytable; /* Transfer ownership. */
+ keytable = NULL;
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ return (result);
+}
+
+static isc_result_t
+mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
+{
+ const cfg_listelt_t *element;
+ const cfg_obj_t *obj;
+ const char *str;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_boolean_t value;
+ isc_result_t result;
+ isc_buffer_t b;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ for (element = cfg_list_first(mbs);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ obj = cfg_listelt_value(element);
+ str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ CHECK(dns_name_fromtext(name, &b, dns_rootname,
+ ISC_FALSE, NULL));
+ value = cfg_obj_asboolean(cfg_tuple_get(obj, "value"));
+ CHECK(dns_resolver_setmustbesecure(resolver, name, value));
+ }
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ return (result);
+}
+
+/*%
+ * Get a dispatch appropriate for the resolver of a given view.
+ */
+static isc_result_t
+get_view_querysource_dispatch(const cfg_obj_t **maps,
+ int af, dns_dispatch_t **dispatchp,
+ isc_boolean_t is_firstview)
+{
+ isc_result_t result;
+ dns_dispatch_t *disp;
+ isc_sockaddr_t sa;
+ unsigned int attrs, attrmask;
+ const cfg_obj_t *obj = NULL;
+ unsigned int maxdispatchbuffers;
+
+ /*
+ * Make compiler happy.
+ */
+ result = ISC_R_FAILURE;
+
+ switch (af) {
+ case AF_INET:
+ result = ns_config_get(maps, "query-source", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ break;
+ case AF_INET6:
+ result = ns_config_get(maps, "query-source-v6", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ break;
+ default:
+ INSIST(0);
+ }
+
+ sa = *(cfg_obj_assockaddr(obj));
+ INSIST(isc_sockaddr_pf(&sa) == af);
+
+ /*
+ * If we don't support this address family, we're done!
+ */
+ switch (af) {
+ case AF_INET:
+ result = isc_net_probeipv4();
+ break;
+ case AF_INET6:
+ result = isc_net_probeipv6();
+ break;
+ default:
+ INSIST(0);
+ }
+ if (result != ISC_R_SUCCESS)
+ return (ISC_R_SUCCESS);
+
+ /*
+ * Try to find a dispatcher that we can share.
+ */
+ attrs = 0;
+ attrs |= DNS_DISPATCHATTR_UDP;
+ switch (af) {
+ case AF_INET:
+ attrs |= DNS_DISPATCHATTR_IPV4;
+ break;
+ case AF_INET6:
+ attrs |= DNS_DISPATCHATTR_IPV6;
+ break;
+ }
+ if (isc_sockaddr_getport(&sa) == 0) {
+ attrs |= DNS_DISPATCHATTR_EXCLUSIVE;
+ maxdispatchbuffers = 4096;
+ } else {
+ INSIST(obj != NULL);
+ if (is_firstview) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
+ "using specific query-source port "
+ "suppresses port randomization and can be "
+ "insecure.");
+ }
+ maxdispatchbuffers = 1000;
+ }
+
+ attrmask = 0;
+ attrmask |= DNS_DISPATCHATTR_UDP;
+ attrmask |= DNS_DISPATCHATTR_TCP;
+ attrmask |= DNS_DISPATCHATTR_IPV4;
+ attrmask |= DNS_DISPATCHATTR_IPV6;
+
+ disp = NULL;
+ result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
+ ns_g_taskmgr, &sa, 4096,
+ maxdispatchbuffers, 32768, 16411, 16433,
+ attrs, attrmask, &disp);
+ if (result != ISC_R_SUCCESS) {
+ isc_sockaddr_t any;
+ char buf[ISC_SOCKADDR_FORMATSIZE];
+
+ switch (af) {
+ case AF_INET:
+ isc_sockaddr_any(&any);
+ break;
+ case AF_INET6:
+ isc_sockaddr_any6(&any);
+ break;
+ }
+ if (isc_sockaddr_equal(&sa, &any))
+ return (ISC_R_SUCCESS);
+ isc_sockaddr_format(&sa, buf, sizeof(buf));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "could not get query source dispatcher (%s)",
+ buf);
+ return (result);
+ }
+
+ *dispatchp = disp;
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+configure_order(dns_order_t *order, const cfg_obj_t *ent) {
+ dns_rdataclass_t rdclass;
+ dns_rdatatype_t rdtype;
+ const cfg_obj_t *obj;
+ dns_fixedname_t fixed;
+ unsigned int mode = 0;
+ const char *str;
+ isc_buffer_t b;
+ isc_result_t result;
+ isc_boolean_t addroot;
+
+ result = ns_config_getclass(cfg_tuple_get(ent, "class"),
+ dns_rdataclass_any, &rdclass);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = ns_config_gettype(cfg_tuple_get(ent, "type"),
+ dns_rdatatype_any, &rdtype);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ obj = cfg_tuple_get(ent, "name");
+ if (cfg_obj_isstring(obj))
+ str = cfg_obj_asstring(obj);
+ else
+ str = "*";
+ addroot = ISC_TF(strcmp(str, "*") == 0);
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ dns_fixedname_init(&fixed);
+ result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
+ dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ obj = cfg_tuple_get(ent, "ordering");
+ INSIST(cfg_obj_isstring(obj));
+ str = cfg_obj_asstring(obj);
+ if (!strcasecmp(str, "fixed"))
+ mode = DNS_RDATASETATTR_FIXEDORDER;
+ else if (!strcasecmp(str, "random"))
+ mode = DNS_RDATASETATTR_RANDOMIZE;
+ else if (!strcasecmp(str, "cyclic"))
+ mode = 0;
+ else
+ INSIST(0);
+
+ /*
+ * "*" should match everything including the root (BIND 8 compat).
+ * As dns_name_matcheswildcard(".", "*.") returns FALSE add a
+ * explicit entry for "." when the name is "*".
+ */
+ if (addroot) {
+ result = dns_order_add(order, dns_rootname,
+ rdtype, rdclass, mode);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ return (dns_order_add(order, dns_fixedname_name(&fixed),
+ rdtype, rdclass, mode));
+}
+
+static isc_result_t
+configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
+ isc_netaddr_t na;
+ dns_peer_t *peer;
+ const cfg_obj_t *obj;
+ const char *str;
+ isc_result_t result;
+ unsigned int prefixlen;
+
+ cfg_obj_asnetprefix(cfg_map_getname(cpeer), &na, &prefixlen);
+
+ peer = NULL;
+ result = dns_peer_newprefix(mctx, &na, prefixlen, &peer);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "bogus", &obj);
+ if (obj != NULL)
+ CHECK(dns_peer_setbogus(peer, cfg_obj_asboolean(obj)));
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "provide-ixfr", &obj);
+ if (obj != NULL)
+ CHECK(dns_peer_setprovideixfr(peer, cfg_obj_asboolean(obj)));
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "request-ixfr", &obj);
+ if (obj != NULL)
+ CHECK(dns_peer_setrequestixfr(peer, cfg_obj_asboolean(obj)));
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "request-nsid", &obj);
+ if (obj != NULL)
+ CHECK(dns_peer_setrequestnsid(peer, cfg_obj_asboolean(obj)));
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "edns", &obj);
+ if (obj != NULL)
+ CHECK(dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj)));
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "edns-udp-size", &obj);
+ if (obj != NULL) {
+ isc_uint32_t udpsize = cfg_obj_asuint32(obj);
+ if (udpsize < 512)
+ udpsize = 512;
+ if (udpsize > 4096)
+ udpsize = 4096;
+ CHECK(dns_peer_setudpsize(peer, (isc_uint16_t)udpsize));
+ }
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "max-udp-size", &obj);
+ if (obj != NULL) {
+ isc_uint32_t udpsize = cfg_obj_asuint32(obj);
+ if (udpsize < 512)
+ udpsize = 512;
+ if (udpsize > 4096)
+ udpsize = 4096;
+ CHECK(dns_peer_setmaxudp(peer, (isc_uint16_t)udpsize));
+ }
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "transfers", &obj);
+ if (obj != NULL)
+ CHECK(dns_peer_settransfers(peer, cfg_obj_asuint32(obj)));
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "transfer-format", &obj);
+ if (obj != NULL) {
+ str = cfg_obj_asstring(obj);
+ if (strcasecmp(str, "many-answers") == 0)
+ CHECK(dns_peer_settransferformat(peer,
+ dns_many_answers));
+ else if (strcasecmp(str, "one-answer") == 0)
+ CHECK(dns_peer_settransferformat(peer,
+ dns_one_answer));
+ else
+ INSIST(0);
+ }
+
+ obj = NULL;
+ (void)cfg_map_get(cpeer, "keys", &obj);
+ if (obj != NULL) {
+ result = dns_peer_setkeybycharp(peer, cfg_obj_asstring(obj));
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+
+ obj = NULL;
+ if (na.family == AF_INET)
+ (void)cfg_map_get(cpeer, "transfer-source", &obj);
+ else
+ (void)cfg_map_get(cpeer, "transfer-source-v6", &obj);
+ if (obj != NULL) {
+ result = dns_peer_settransfersource(peer,
+ cfg_obj_assockaddr(obj));
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+ }
+
+ obj = NULL;
+ if (na.family == AF_INET)
+ (void)cfg_map_get(cpeer, "notify-source", &obj);
+ else
+ (void)cfg_map_get(cpeer, "notify-source-v6", &obj);
+ if (obj != NULL) {
+ result = dns_peer_setnotifysource(peer,
+ cfg_obj_assockaddr(obj));
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+ }
+
+ obj = NULL;
+ if (na.family == AF_INET)
+ (void)cfg_map_get(cpeer, "query-source", &obj);
+ else
+ (void)cfg_map_get(cpeer, "query-source-v6", &obj);
+ if (obj != NULL) {
+ result = dns_peer_setquerysource(peer,
+ cfg_obj_assockaddr(obj));
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+ }
+
+ *peerp = peer;
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ dns_peer_detach(&peer);
+ return (result);
+}
+
+static isc_result_t
+disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
+ isc_result_t result;
+ const cfg_obj_t *algorithms;
+ const cfg_listelt_t *element;
+ const char *str;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_buffer_t b;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ CHECK(dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL));
+
+ algorithms = cfg_tuple_get(disabled, "algorithms");
+ for (element = cfg_list_first(algorithms);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ isc_textregion_t r;
+ dns_secalg_t alg;
+
+ DE_CONST(cfg_obj_asstring(cfg_listelt_value(element)), r.base);
+ r.length = strlen(r.base);
+
+ result = dns_secalg_fromtext(&alg, &r);
+ if (result != ISC_R_SUCCESS) {
+ isc_uint8_t ui;
+ result = isc_parse_uint8(&ui, r.base, 10);
+ alg = ui;
+ }
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(cfg_listelt_value(element),
+ ns_g_lctx, ISC_LOG_ERROR,
+ "invalid algorithm");
+ CHECK(result);
+ }
+ CHECK(dns_resolver_disable_algorithm(resolver, name, alg));
+ }
+ cleanup:
+ return (result);
+}
+
+static isc_boolean_t
+on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
+ const cfg_listelt_t *element;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_result_t result;
+ const cfg_obj_t *value;
+ const char *str;
+ isc_buffer_t b;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+
+ for (element = cfg_list_first(disablelist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ value = cfg_listelt_value(element);
+ str = cfg_obj_asstring(value);
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ result = dns_name_fromtext(name, &b, dns_rootname,
+ ISC_TRUE, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ if (dns_name_equal(name, zonename))
+ return (ISC_TRUE);
+ }
+ return (ISC_FALSE);
+}
+
+static void
+check_dbtype(dns_zone_t **zonep, unsigned int dbtypec, const char **dbargv,
+ isc_mem_t *mctx)
+{
+ char **argv = NULL;
+ unsigned int i;
+ isc_result_t result;
+
+ result = dns_zone_getdbtype(*zonep, &argv, mctx);
+ if (result != ISC_R_SUCCESS) {
+ dns_zone_detach(zonep);
+ return;
+ }
+
+ /*
+ * Check that all the arguments match.
+ */
+ for (i = 0; i < dbtypec; i++)
+ if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) {
+ dns_zone_detach(zonep);
+ break;
+ }
+
+ /*
+ * Check that there are not extra arguments.
+ */
+ if (i == dbtypec && argv[i] != NULL)
+ dns_zone_detach(zonep);
+ isc_mem_free(mctx, argv);
+}
+
+static isc_result_t
+setquerystats(dns_zone_t *zone, isc_mem_t *mctx, isc_boolean_t on) {
+ isc_result_t result;
+ dns_stats_t *zoneqrystats;
+
+ zoneqrystats = NULL;
+ if (on) {
+ result = dns_generalstats_create(mctx, &zoneqrystats,
+ dns_nsstatscounter_max);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ dns_zone_setrequeststats(zone, zoneqrystats);
+ if (zoneqrystats != NULL)
+ dns_stats_detach(&zoneqrystats);
+
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Configure 'view' according to 'vconfig', taking defaults from 'config'
+ * where values are missing in 'vconfig'.
+ *
+ * When configuring the default view, 'vconfig' will be NULL and the
+ * global defaults in 'config' used exclusively.
+ */
+static isc_result_t
+configure_view(dns_view_t *view, const cfg_obj_t *config,
+ const cfg_obj_t *vconfig, isc_mem_t *mctx,
+ cfg_aclconfctx_t *actx, isc_boolean_t need_hints)
+{
+ const cfg_obj_t *maps[4];
+ const cfg_obj_t *cfgmaps[3];
+ const cfg_obj_t *options = NULL;
+ const cfg_obj_t *voptions = NULL;
+ const cfg_obj_t *forwardtype;
+ const cfg_obj_t *forwarders;
+ const cfg_obj_t *alternates;
+ const cfg_obj_t *zonelist;
+#ifdef DLZ
+ const cfg_obj_t *dlz;
+ unsigned int dlzargc;
+ char **dlzargv;
+#endif
+ const cfg_obj_t *disabled;
+ const cfg_obj_t *obj;
+ const cfg_listelt_t *element;
+ in_port_t port;
+ dns_cache_t *cache = NULL;
+ isc_result_t result;
+ isc_uint32_t max_adb_size;
+ isc_uint32_t max_cache_size;
+ isc_uint32_t max_acache_size;
+ isc_uint32_t lame_ttl;
+ dns_tsig_keyring_t *ring;
+ dns_view_t *pview = NULL; /* Production view */
+ isc_mem_t *cmctx;
+ dns_dispatch_t *dispatch4 = NULL;
+ dns_dispatch_t *dispatch6 = NULL;
+ isc_boolean_t reused_cache = ISC_FALSE;
+ int i;
+ const char *str;
+ dns_order_t *order = NULL;
+ isc_uint32_t udpsize;
+ unsigned int resopts = 0;
+ dns_zone_t *zone = NULL;
+ isc_uint32_t max_clients_per_query;
+ const char *sep = ": view ";
+ const char *viewname = view->name;
+ const char *forview = " for view ";
+ isc_boolean_t rfc1918;
+ isc_boolean_t empty_zones_enable;
+ const cfg_obj_t *disablelist = NULL;
+ dns_stats_t *resstats = NULL;
+ dns_stats_t *resquerystats = NULL;
+
+ REQUIRE(DNS_VIEW_VALID(view));
+
+ cmctx = NULL;
+
+ if (config != NULL)
+ (void)cfg_map_get(config, "options", &options);
+
+ i = 0;
+ if (vconfig != NULL) {
+ voptions = cfg_tuple_get(vconfig, "options");
+ maps[i++] = voptions;
+ }
+ if (options != NULL)
+ maps[i++] = options;
+ maps[i++] = ns_g_defaults;
+ maps[i] = NULL;
+
+ i = 0;
+ if (voptions != NULL)
+ cfgmaps[i++] = voptions;
+ if (config != NULL)
+ cfgmaps[i++] = config;
+ cfgmaps[i] = NULL;
+
+ if (!strcmp(viewname, "_default")) {
+ sep = "";
+ viewname = "";
+ forview = "";
+ }
+
+ /*
+ * Set the view's port number for outgoing queries.
+ */
+ CHECKM(ns_config_getport(config, &port), "port");
+ dns_view_setdstport(view, port);
+
+ /*
+ * Create additional cache for this view and zones under the view
+ * if explicitly enabled.
+ * XXX950 default to on.
+ */
+ obj = NULL;
+ (void)ns_config_get(maps, "acache-enable", &obj);
+ if (obj != NULL && cfg_obj_asboolean(obj)) {
+ cmctx = NULL;
+ CHECK(isc_mem_create(0, 0, &cmctx));
+ CHECK(dns_acache_create(&view->acache, cmctx, ns_g_taskmgr,
+ ns_g_timermgr));
+ isc_mem_setname(cmctx, "acache", NULL);
+ isc_mem_detach(&cmctx);
+ }
+ if (view->acache != NULL) {
+ obj = NULL;
+ result = ns_config_get(maps, "acache-cleaning-interval", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_acache_setcleaninginterval(view->acache,
+ cfg_obj_asuint32(obj) * 60);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-acache-size", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ if (cfg_obj_isstring(obj)) {
+ str = cfg_obj_asstring(obj);
+ INSIST(strcasecmp(str, "unlimited") == 0);
+ max_acache_size = ISC_UINT32_MAX;
+ } else {
+ isc_resourcevalue_t value;
+
+ value = cfg_obj_asuint64(obj);
+ if (value > ISC_UINT32_MAX) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
+ "'max-acache-size "
+ "%" ISC_PRINT_QUADFORMAT
+ "d' is too large",
+ value);
+ result = ISC_R_RANGE;
+ goto cleanup;
+ }
+ max_acache_size = (isc_uint32_t)value;
+ }
+ dns_acache_setcachesize(view->acache, max_acache_size);
+ }
+
+ /*
+ * Configure the zones.
+ */
+ zonelist = NULL;
+ if (voptions != NULL)
+ (void)cfg_map_get(voptions, "zone", &zonelist);
+ else
+ (void)cfg_map_get(config, "zone", &zonelist);
+ for (element = cfg_list_first(zonelist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *zconfig = cfg_listelt_value(element);
+ CHECK(configure_zone(config, zconfig, vconfig, mctx, view,
+ actx));
+ }
+
+#ifdef DLZ
+ /*
+ * Create Dynamically Loadable Zone driver.
+ */
+ dlz = NULL;
+ if (voptions != NULL)
+ (void)cfg_map_get(voptions, "dlz", &dlz);
+ else
+ (void)cfg_map_get(config, "dlz", &dlz);
+
+ obj = NULL;
+ if (dlz != NULL) {
+ (void)cfg_map_get(cfg_tuple_get(dlz, "options"),
+ "database", &obj);
+ if (obj != NULL) {
+ char *s = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
+ if (s == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup;
+ }
+
+ result = dns_dlzstrtoargv(mctx, s, &dlzargc, &dlzargv);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_free(mctx, s);
+ goto cleanup;
+ }
+
+ obj = cfg_tuple_get(dlz, "name");
+ result = dns_dlzcreate(mctx, cfg_obj_asstring(obj),
+ dlzargv[0], dlzargc, dlzargv,
+ &view->dlzdatabase);
+ isc_mem_free(mctx, s);
+ isc_mem_put(mctx, dlzargv, dlzargc * sizeof(*dlzargv));
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+ }
+#endif
+
+ /*
+ * Configure the view's cache. Try to reuse an existing
+ * cache if possible, otherwise create a new cache.
+ * Note that the ADB is not preserved in either case.
+ * When a matching view is found, the associated statistics are
+ * also retrieved and reused.
+ *
+ * XXX Determining when it is safe to reuse a cache is
+ * tricky. When the view's configuration changes, the cached
+ * data may become invalid because it reflects our old
+ * view of the world. As more view attributes become
+ * configurable, we will have to add code here to check
+ * whether they have changed in ways that could
+ * invalidate the cache.
+ */
+ result = dns_viewlist_find(&ns_g_server->viewlist,
+ view->name, view->rdclass,
+ &pview);
+ if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
+ goto cleanup;
+ if (pview != NULL) {
+ INSIST(pview->cache != NULL);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(3),
+ "reusing existing cache");
+ reused_cache = ISC_TRUE;
+ dns_cache_attach(pview->cache, &cache);
+ dns_view_getresstats(pview, &resstats);
+ dns_view_getresquerystats(pview, &resquerystats);
+ dns_view_detach(&pview);
+ } else {
+ CHECK(isc_mem_create(0, 0, &cmctx));
+ CHECK(dns_cache_create(cmctx, ns_g_taskmgr, ns_g_timermgr,
+ view->rdclass, "rbt", 0, NULL, &cache));
+ isc_mem_setname(cmctx, "cache", NULL);
+ }
+ dns_view_setcache(view, cache);
+
+ /*
+ * cache-file cannot be inherited if views are present, but this
+ * should be caught by the configuration checking stage.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "cache-file", &obj);
+ if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") != 0) {
+ CHECK(dns_cache_setfilename(cache, cfg_obj_asstring(obj)));
+ if (!reused_cache)
+ CHECK(dns_cache_load(cache));
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "cleaning-interval", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_cache_setcleaninginterval(cache, cfg_obj_asuint32(obj) * 60);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-cache-size", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ if (cfg_obj_isstring(obj)) {
+ str = cfg_obj_asstring(obj);
+ INSIST(strcasecmp(str, "unlimited") == 0);
+ max_cache_size = ISC_UINT32_MAX;
+ } else {
+ isc_resourcevalue_t value;
+ value = cfg_obj_asuint64(obj);
+ if (value > ISC_UINT32_MAX) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
+ "'max-cache-size "
+ "%" ISC_PRINT_QUADFORMAT "d' is too large",
+ value);
+ result = ISC_R_RANGE;
+ goto cleanup;
+ }
+ max_cache_size = (isc_uint32_t)value;
+ }
+ dns_cache_setcachesize(cache, max_cache_size);
+
+ dns_cache_detach(&cache);
+
+ /*
+ * Check-names.
+ */
+ obj = NULL;
+ result = ns_checknames_get(maps, "response", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+
+ str = cfg_obj_asstring(obj);
+ if (strcasecmp(str, "fail") == 0) {
+ resopts |= DNS_RESOLVER_CHECKNAMES |
+ DNS_RESOLVER_CHECKNAMESFAIL;
+ view->checknames = ISC_TRUE;
+ } else if (strcasecmp(str, "warn") == 0) {
+ resopts |= DNS_RESOLVER_CHECKNAMES;
+ view->checknames = ISC_FALSE;
+ } else if (strcasecmp(str, "ignore") == 0) {
+ view->checknames = ISC_FALSE;
+ } else
+ INSIST(0);
+
+ /*
+ * Resolver.
+ *
+ * XXXRTH Hardwired number of tasks.
+ */
+ CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4,
+ ISC_TF(ISC_LIST_PREV(view, link)
+ == NULL)));
+ CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6,
+ ISC_TF(ISC_LIST_PREV(view, link)
+ == NULL)));
+ if (dispatch4 == NULL && dispatch6 == NULL) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "unable to obtain neither an IPv4 nor"
+ " an IPv6 dispatch");
+ result = ISC_R_UNEXPECTED;
+ goto cleanup;
+ }
+ CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31,
+ ns_g_socketmgr, ns_g_timermgr,
+ resopts, ns_g_dispatchmgr,
+ dispatch4, dispatch6));
+
+ if (resstats == NULL) {
+ CHECK(dns_generalstats_create(mctx, &resstats,
+ dns_resstatscounter_max));
+ }
+ dns_view_setresstats(view, resstats);
+ if (resquerystats == NULL)
+ CHECK(dns_rdatatypestats_create(mctx, &resquerystats));
+ dns_view_setresquerystats(view, resquerystats);
+
+ /*
+ * Set the ADB cache size to 1/8th of the max-cache-size.
+ */
+ max_adb_size = 0;
+ if (max_cache_size != 0) {
+ max_adb_size = max_cache_size / 8;
+ if (max_adb_size == 0)
+ max_adb_size = 1; /* Force minimum. */
+ }
+ dns_adb_setadbsize(view->adb, max_adb_size);
+
+ /*
+ * Set resolver's lame-ttl.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "lame-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ lame_ttl = cfg_obj_asuint32(obj);
+ if (lame_ttl > 1800)
+ lame_ttl = 1800;
+ dns_resolver_setlamettl(view->resolver, lame_ttl);
+
+ obj = NULL;
+ result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj));
+
+ /*
+ * Set the resolver's EDNS UDP size.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "edns-udp-size", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ udpsize = cfg_obj_asuint32(obj);
+ if (udpsize < 512)
+ udpsize = 512;
+ if (udpsize > 4096)
+ udpsize = 4096;
+ dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
+
+ /*
+ * Set the maximum UDP response size.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "max-udp-size", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ udpsize = cfg_obj_asuint32(obj);
+ if (udpsize < 512)
+ udpsize = 512;
+ if (udpsize > 4096)
+ udpsize = 4096;
+ view->maxudp = udpsize;
+
+ /*
+ * Set supported DNSSEC algorithms.
+ */
+ dns_resolver_reset_algorithms(view->resolver);
+ disabled = NULL;
+ (void)ns_config_get(maps, "disable-algorithms", &disabled);
+ if (disabled != NULL) {
+ for (element = cfg_list_first(disabled);
+ element != NULL;
+ element = cfg_list_next(element))
+ CHECK(disable_algorithms(cfg_listelt_value(element),
+ view->resolver));
+ }
+
+ /*
+ * A global or view "forwarders" option, if present,
+ * creates an entry for "." in the forwarding table.
+ */
+ forwardtype = NULL;
+ forwarders = NULL;
+ (void)ns_config_get(maps, "forward", &forwardtype);
+ (void)ns_config_get(maps, "forwarders", &forwarders);
+ if (forwarders != NULL)
+ CHECK(configure_forward(config, view, dns_rootname,
+ forwarders, forwardtype));
+
+ /*
+ * Dual Stack Servers.
+ */
+ alternates = NULL;
+ (void)ns_config_get(maps, "dual-stack-servers", &alternates);
+ if (alternates != NULL)
+ CHECK(configure_alternates(config, view, alternates));
+
+ /*
+ * We have default hints for class IN if we need them.
+ */
+ if (view->rdclass == dns_rdataclass_in && view->hints == NULL)
+ dns_view_sethints(view, ns_g_server->in_roothints);
+
+ /*
+ * If we still have no hints, this is a non-IN view with no
+ * "hints zone" configured. Issue a warning, except if this
+ * is a root server. Root servers never need to consult
+ * their hints, so it's no point requiring users to configure
+ * them.
+ */
+ if (view->hints == NULL) {
+ dns_zone_t *rootzone = NULL;
+ (void)dns_view_findzone(view, dns_rootname, &rootzone);
+ if (rootzone != NULL) {
+ dns_zone_detach(&rootzone);
+ need_hints = ISC_FALSE;
+ }
+ if (need_hints)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "no root hints for view '%s'",
+ view->name);
+ }
+
+ /*
+ * Configure the view's TSIG keys.
+ */
+ ring = NULL;
+ CHECK(ns_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring));
+ dns_view_setkeyring(view, ring);
+
+ /*
+ * Configure the view's peer list.
+ */
+ {
+ const cfg_obj_t *peers = NULL;
+ const cfg_listelt_t *element;
+ dns_peerlist_t *newpeers = NULL;
+
+ (void)ns_config_get(cfgmaps, "server", &peers);
+ CHECK(dns_peerlist_new(mctx, &newpeers));
+ for (element = cfg_list_first(peers);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *cpeer = cfg_listelt_value(element);
+ dns_peer_t *peer;
+
+ CHECK(configure_peer(cpeer, mctx, &peer));
+ dns_peerlist_addpeer(newpeers, peer);
+ dns_peer_detach(&peer);
+ }
+ dns_peerlist_detach(&view->peers);
+ view->peers = newpeers; /* Transfer ownership. */
+ }
+
+ /*
+ * Configure the views rrset-order.
+ */
+ {
+ const cfg_obj_t *rrsetorder = NULL;
+ const cfg_listelt_t *element;
+
+ (void)ns_config_get(maps, "rrset-order", &rrsetorder);
+ CHECK(dns_order_create(mctx, &order));
+ for (element = cfg_list_first(rrsetorder);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *ent = cfg_listelt_value(element);
+
+ CHECK(configure_order(order, ent));
+ }
+ if (view->order != NULL)
+ dns_order_detach(&view->order);
+ dns_order_attach(order, &view->order);
+ dns_order_detach(&order);
+ }
+ /*
+ * Copy the aclenv object.
+ */
+ dns_aclenv_copy(&view->aclenv, &ns_g_server->aclenv);
+
+ /*
+ * Configure the "match-clients" and "match-destinations" ACL.
+ */
+ CHECK(configure_view_acl(vconfig, config, "match-clients", actx,
+ ns_g_mctx, &view->matchclients));
+ CHECK(configure_view_acl(vconfig, config, "match-destinations", actx,
+ ns_g_mctx, &view->matchdestinations));
+
+ /*
+ * Configure the "match-recursive-only" option.
+ */
+ obj = NULL;
+ (void)ns_config_get(maps, "match-recursive-only", &obj);
+ if (obj != NULL && cfg_obj_asboolean(obj))
+ view->matchrecursiveonly = ISC_TRUE;
+ else
+ view->matchrecursiveonly = ISC_FALSE;
+
+ /*
+ * Configure other configurable data.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "recursion", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->recursion = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "auth-nxdomain", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->auth_nxdomain = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "minimal-responses", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->minimalresponses = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "transfer-format", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ str = cfg_obj_asstring(obj);
+ if (strcasecmp(str, "many-answers") == 0)
+ view->transfer_format = dns_many_answers;
+ else if (strcasecmp(str, "one-answer") == 0)
+ view->transfer_format = dns_one_answer;
+ else
+ INSIST(0);
+
+ /*
+ * Set sources where additional data and CNAME/DNAME
+ * targets for authoritative answers may be found.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "additional-from-auth", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->additionalfromauth = cfg_obj_asboolean(obj);
+ if (view->recursion && ! view->additionalfromauth) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+ "'additional-from-auth no' is only supported "
+ "with 'recursion no'");
+ view->additionalfromauth = ISC_TRUE;
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "additional-from-cache", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->additionalfromcache = cfg_obj_asboolean(obj);
+ if (view->recursion && ! view->additionalfromcache) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+ "'additional-from-cache no' is only supported "
+ "with 'recursion no'");
+ view->additionalfromcache = ISC_TRUE;
+ }
+
+ /*
+ * Set "allow-query-cache", "allow-query-cache-on",
+ * "allow-recursion", and "allow-recursion-on" acls if
+ * configured in named.conf.
+ */
+ CHECK(configure_view_acl(vconfig, config, "allow-query-cache",
+ actx, ns_g_mctx, &view->queryacl));
+ CHECK(configure_view_acl(vconfig, config, "allow-query-cache-on",
+ actx, ns_g_mctx, &view->queryonacl));
+ if (view->queryonacl == NULL)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-query-cache-on", actx,
+ ns_g_mctx, &view->queryonacl));
+ if (strcmp(view->name, "_bind") != 0) {
+ CHECK(configure_view_acl(vconfig, config, "allow-recursion",
+ actx, ns_g_mctx,
+ &view->recursionacl));
+ CHECK(configure_view_acl(vconfig, config, "allow-recursion-on",
+ actx, ns_g_mctx,
+ &view->recursiononacl));
+ }
+
+ /*
+ * "allow-query-cache" inherits from "allow-recursion" if set,
+ * otherwise from "allow-query" if set.
+ * "allow-recursion" inherits from "allow-query-cache" if set,
+ * otherwise from "allow-query" if set.
+ */
+ if (view->queryacl == NULL && view->recursionacl != NULL)
+ dns_acl_attach(view->recursionacl, &view->queryacl);
+ if (view->queryacl == NULL)
+ CHECK(configure_view_acl(vconfig, config, "allow-query",
+ actx, ns_g_mctx, &view->queryacl));
+ if (view->recursionacl == NULL && view->queryacl != NULL)
+ dns_acl_attach(view->queryacl, &view->recursionacl);
+
+ /*
+ * Set default "allow-recursion", "allow-recursion-on" and
+ * "allow-query-cache" acls.
+ */
+ if (view->recursionacl == NULL && view->recursion)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-recursion",
+ actx, ns_g_mctx,
+ &view->recursionacl));
+ if (view->recursiononacl == NULL && view->recursion)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-recursion-on",
+ actx, ns_g_mctx,
+ &view->recursiononacl));
+ if (view->queryacl == NULL)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-query-cache", actx,
+ ns_g_mctx, &view->queryacl));
+
+ /*
+ * Configure sortlist, if set
+ */
+ CHECK(configure_view_sortlist(vconfig, config, actx, ns_g_mctx,
+ &view->sortlist));
+
+ /*
+ * Configure default allow-transfer, allow-notify, allow-update
+ * and allow-update-forwarding ACLs, if set, so they can be
+ * inherited by zones.
+ */
+ if (view->notifyacl == NULL)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-notify", actx,
+ ns_g_mctx, &view->notifyacl));
+ if (view->transferacl == NULL)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-transfer", actx,
+ ns_g_mctx, &view->transferacl));
+ if (view->updateacl == NULL)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-update", actx,
+ ns_g_mctx, &view->updateacl));
+ if (view->upfwdacl == NULL)
+ CHECK(configure_view_acl(NULL, ns_g_config,
+ "allow-update-forwarding", actx,
+ ns_g_mctx, &view->upfwdacl));
+
+ obj = NULL;
+ result = ns_config_get(maps, "request-ixfr", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->requestixfr = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "provide-ixfr", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->provideixfr = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "request-nsid", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->requestnsid = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-clients-per-query", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ max_clients_per_query = cfg_obj_asuint32(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "clients-per-query", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_resolver_setclientsperquery(view->resolver,
+ cfg_obj_asuint32(obj),
+ max_clients_per_query);
+
+ obj = NULL;
+ result = ns_config_get(maps, "dnssec-enable", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->enablednssec = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "dnssec-accept-expired", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->acceptexpired = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "dnssec-validation", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->enablevalidation = cfg_obj_asboolean(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "dnssec-lookaside", &obj);
+ if (result == ISC_R_SUCCESS) {
+ for (element = cfg_list_first(obj);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const char *str;
+ isc_buffer_t b;
+ dns_name_t *dlv;
+
+ obj = cfg_listelt_value(element);
+#if 0
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+
+ /*
+ * When we support multiple dnssec-lookaside
+ * entries this is how to find the domain to be
+ * checked. XXXMPA
+ */
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ str = cfg_obj_asstring(cfg_tuple_get(obj,
+ "domain"));
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ CHECK(dns_name_fromtext(name, &b, dns_rootname,
+ ISC_TRUE, NULL));
+#endif
+ str = cfg_obj_asstring(cfg_tuple_get(obj,
+ "trust-anchor"));
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ dlv = dns_fixedname_name(&view->dlv_fixed);
+ CHECK(dns_name_fromtext(dlv, &b, dns_rootname,
+ ISC_TRUE, NULL));
+ view->dlv = dns_fixedname_name(&view->dlv_fixed);
+ }
+ } else
+ view->dlv = NULL;
+
+ /*
+ * For now, there is only one kind of trusted keys, the
+ * "security roots".
+ */
+ CHECK(configure_view_dnsseckeys(vconfig, config, mctx,
+ &view->secroots));
+ dns_resolver_resetmustbesecure(view->resolver);
+ obj = NULL;
+ result = ns_config_get(maps, "dnssec-must-be-secure", &obj);
+ if (result == ISC_R_SUCCESS)
+ CHECK(mustbesecure(obj, view->resolver));
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-cache-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->maxcachettl = cfg_obj_asuint32(obj);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-ncache-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->maxncachettl = cfg_obj_asuint32(obj);
+ if (view->maxncachettl > 7 * 24 * 3600)
+ view->maxncachettl = 7 * 24 * 3600;
+
+ obj = NULL;
+ result = ns_config_get(maps, "preferred-glue", &obj);
+ if (result == ISC_R_SUCCESS) {
+ str = cfg_obj_asstring(obj);
+ if (strcasecmp(str, "a") == 0)
+ view->preferred_glue = dns_rdatatype_a;
+ else if (strcasecmp(str, "aaaa") == 0)
+ view->preferred_glue = dns_rdatatype_aaaa;
+ else
+ view->preferred_glue = 0;
+ } else
+ view->preferred_glue = 0;
+
+ obj = NULL;
+ result = ns_config_get(maps, "root-delegation-only", &obj);
+ if (result == ISC_R_SUCCESS) {
+ dns_view_setrootdelonly(view, ISC_TRUE);
+ if (!cfg_obj_isvoid(obj)) {
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_buffer_t b;
+ const char *str;
+ const cfg_obj_t *exclude;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ for (element = cfg_list_first(obj);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ exclude = cfg_listelt_value(element);
+ str = cfg_obj_asstring(exclude);
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ CHECK(dns_name_fromtext(name, &b, dns_rootname,
+ ISC_FALSE, NULL));
+ CHECK(dns_view_excludedelegationonly(view,
+ name));
+ }
+ }
+ } else
+ dns_view_setrootdelonly(view, ISC_FALSE);
+
+ /*
+ * Setup automatic empty zones. If recursion is off then
+ * they are disabled by default.
+ */
+ obj = NULL;
+ (void)ns_config_get(maps, "empty-zones-enable", &obj);
+ (void)ns_config_get(maps, "disable-empty-zone", &disablelist);
+ if (obj == NULL && disablelist == NULL &&
+ view->rdclass == dns_rdataclass_in) {
+ rfc1918 = ISC_FALSE;
+ empty_zones_enable = view->recursion;
+ } else if (view->rdclass == dns_rdataclass_in) {
+ rfc1918 = ISC_TRUE;
+ if (obj != NULL)
+ empty_zones_enable = cfg_obj_asboolean(obj);
+ else
+ empty_zones_enable = view->recursion;
+ } else {
+ rfc1918 = ISC_FALSE;
+ empty_zones_enable = ISC_FALSE;
+ }
+ if (empty_zones_enable) {
+ const char *empty;
+ int empty_zone = 0;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_buffer_t buffer;
+ const char *str;
+ char server[DNS_NAME_FORMATSIZE + 1];
+ char contact[DNS_NAME_FORMATSIZE + 1];
+ isc_boolean_t logit;
+ const char *empty_dbtype[4] =
+ { "_builtin", "empty", NULL, NULL };
+ int empty_dbtypec = 4;
+ isc_boolean_t zonestats_on;
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+
+ obj = NULL;
+ result = ns_config_get(maps, "empty-server", &obj);
+ if (result == ISC_R_SUCCESS) {
+ str = cfg_obj_asstring(obj);
+ isc_buffer_init(&buffer, str, strlen(str));
+ isc_buffer_add(&buffer, strlen(str));
+ CHECK(dns_name_fromtext(name, &buffer, dns_rootname,
+ ISC_FALSE, NULL));
+ isc_buffer_init(&buffer, server, sizeof(server) - 1);
+ CHECK(dns_name_totext(name, ISC_FALSE, &buffer));
+ server[isc_buffer_usedlength(&buffer)] = 0;
+ empty_dbtype[2] = server;
+ } else
+ empty_dbtype[2] = "@";
+
+ obj = NULL;
+ result = ns_config_get(maps, "empty-contact", &obj);
+ if (result == ISC_R_SUCCESS) {
+ str = cfg_obj_asstring(obj);
+ isc_buffer_init(&buffer, str, strlen(str));
+ isc_buffer_add(&buffer, strlen(str));
+ CHECK(dns_name_fromtext(name, &buffer, dns_rootname,
+ ISC_FALSE, NULL));
+ isc_buffer_init(&buffer, contact, sizeof(contact) - 1);
+ CHECK(dns_name_totext(name, ISC_FALSE, &buffer));
+ contact[isc_buffer_usedlength(&buffer)] = 0;
+ empty_dbtype[3] = contact;
+ } else
+ empty_dbtype[3] = ".";
+
+ obj = NULL;
+ result = ns_config_get(maps, "zone-statistics", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ zonestats_on = cfg_obj_asboolean(obj);
+
+ logit = ISC_TRUE;
+ for (empty = empty_zones[empty_zone].zone;
+ empty != NULL;
+ empty = empty_zones[++empty_zone].zone)
+ {
+ dns_forwarders_t *forwarders = NULL;
+ dns_view_t *pview = NULL;
+
+ isc_buffer_init(&buffer, empty, strlen(empty));
+ isc_buffer_add(&buffer, strlen(empty));
+ /*
+ * Look for zone on drop list.
+ */
+ CHECK(dns_name_fromtext(name, &buffer, dns_rootname,
+ ISC_FALSE, NULL));
+ if (disablelist != NULL &&
+ on_disable_list(disablelist, name))
+ continue;
+
+ /*
+ * This zone already exists.
+ */
+ (void)dns_view_findzone(view, name, &zone);
+ if (zone != NULL) {
+ CHECK(setquerystats(zone, mctx, zonestats_on));
+ dns_zone_detach(&zone);
+ continue;
+ }
+
+ /*
+ * If we would forward this name don't add a
+ * empty zone for it.
+ */
+ result = dns_fwdtable_find(view->fwdtable, name,
+ &forwarders);
+ if (result == ISC_R_SUCCESS &&
+ forwarders->fwdpolicy == dns_fwdpolicy_only)
+ continue;
+
+ if (!rfc1918 && empty_zones[empty_zone].rfc1918) {
+ if (logit) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_WARNING,
+ "Warning%s%s: "
+ "'empty-zones-enable/"
+ "disable-empty-zone' "
+ "not set: disabling "
+ "RFC 1918 empty zones",
+ sep, viewname);
+ logit = ISC_FALSE;
+ }
+ continue;
+ }
+
+ /*
+ * See if we can re-use a existing zone.
+ */
+ result = dns_viewlist_find(&ns_g_server->viewlist,
+ view->name, view->rdclass,
+ &pview);
+ if (result != ISC_R_NOTFOUND &&
+ result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ if (pview != NULL) {
+ (void)dns_view_findzone(pview, name, &zone);
+ dns_view_detach(&pview);
+ if (zone != NULL)
+ check_dbtype(&zone, empty_dbtypec,
+ empty_dbtype, mctx);
+ if (zone != NULL) {
+ dns_zone_setview(zone, view);
+ CHECK(dns_view_addzone(view, zone));
+ CHECK(setquerystats(zone, mctx,
+ zonestats_on));
+ dns_zone_detach(&zone);
+ continue;
+ }
+ }
+
+ CHECK(dns_zone_create(&zone, mctx));
+ CHECK(dns_zone_setorigin(zone, name));
+ dns_zone_setview(zone, view);
+ CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
+ dns_zone_setclass(zone, view->rdclass);
+ dns_zone_settype(zone, dns_zone_master);
+ dns_zone_setstats(zone, ns_g_server->zonestats);
+ CHECK(dns_zone_setdbtype(zone, empty_dbtypec,
+ empty_dbtype));
+ if (view->queryacl != NULL)
+ dns_zone_setqueryacl(zone, view->queryacl);
+ if (view->queryonacl != NULL)
+ dns_zone_setqueryonacl(zone, view->queryonacl);
+ dns_zone_setdialup(zone, dns_dialuptype_no);
+ dns_zone_setnotifytype(zone, dns_notifytype_no);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS,
+ ISC_TRUE);
+ CHECK(setquerystats(zone, mctx, zonestats_on));
+ CHECK(dns_view_addzone(view, zone));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "automatic empty zone%s%s: %s",
+ sep, viewname, empty);
+ dns_zone_detach(&zone);
+ }
+ }
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ if (dispatch4 != NULL)
+ dns_dispatch_detach(&dispatch4);
+ if (dispatch6 != NULL)
+ dns_dispatch_detach(&dispatch6);
+ if (resstats != NULL)
+ dns_stats_detach(&resstats);
+ if (resquerystats != NULL)
+ dns_stats_detach(&resquerystats);
+ if (order != NULL)
+ dns_order_detach(&order);
+ if (cmctx != NULL)
+ isc_mem_detach(&cmctx);
+
+ if (cache != NULL)
+ dns_cache_detach(&cache);
+
+ return (result);
+}
+
+static isc_result_t
+configure_hints(dns_view_t *view, const char *filename) {
+ isc_result_t result;
+ dns_db_t *db;
+
+ db = NULL;
+ result = dns_rootns_create(view->mctx, view->rdclass, filename, &db);
+ if (result == ISC_R_SUCCESS) {
+ dns_view_sethints(view, db);
+ dns_db_detach(&db);
+ }
+
+ return (result);
+}
+
+static isc_result_t
+configure_alternates(const cfg_obj_t *config, dns_view_t *view,
+ const cfg_obj_t *alternates)
+{
+ const cfg_obj_t *portobj;
+ const cfg_obj_t *addresses;
+ const cfg_listelt_t *element;
+ isc_result_t result = ISC_R_SUCCESS;
+ in_port_t port;
+
+ /*
+ * Determine which port to send requests to.
+ */
+ if (ns_g_lwresdonly && ns_g_port != 0)
+ port = ns_g_port;
+ else
+ CHECKM(ns_config_getport(config, &port), "port");
+
+ if (alternates != NULL) {
+ portobj = cfg_tuple_get(alternates, "port");
+ if (cfg_obj_isuint32(portobj)) {
+ isc_uint32_t val = cfg_obj_asuint32(portobj);
+ if (val > ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
+ "port '%u' out of range", val);
+ return (ISC_R_RANGE);
+ }
+ port = (in_port_t) val;
+ }
+ }
+
+ addresses = NULL;
+ if (alternates != NULL)
+ addresses = cfg_tuple_get(alternates, "addresses");
+
+ for (element = cfg_list_first(addresses);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *alternate = cfg_listelt_value(element);
+ isc_sockaddr_t sa;
+
+ if (!cfg_obj_issockaddr(alternate)) {
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ const char *str = cfg_obj_asstring(cfg_tuple_get(
+ alternate, "name"));
+ isc_buffer_t buffer;
+ in_port_t myport = port;
+
+ isc_buffer_init(&buffer, str, strlen(str));
+ isc_buffer_add(&buffer, strlen(str));
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ CHECK(dns_name_fromtext(name, &buffer, dns_rootname,
+ ISC_FALSE, NULL));
+
+ portobj = cfg_tuple_get(alternate, "port");
+ if (cfg_obj_isuint32(portobj)) {
+ isc_uint32_t val = cfg_obj_asuint32(portobj);
+ if (val > ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx,
+ ISC_LOG_ERROR,
+ "port '%u' out of range",
+ val);
+ return (ISC_R_RANGE);
+ }
+ myport = (in_port_t) val;
+ }
+ CHECK(dns_resolver_addalternate(view->resolver, NULL,
+ name, myport));
+ continue;
+ }
+
+ sa = *cfg_obj_assockaddr(alternate);
+ if (isc_sockaddr_getport(&sa) == 0)
+ isc_sockaddr_setport(&sa, port);
+ CHECK(dns_resolver_addalternate(view->resolver, &sa,
+ NULL, 0));
+ }
+
+ cleanup:
+ return (result);
+}
+
+static isc_result_t
+configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
+ const cfg_obj_t *forwarders, const cfg_obj_t *forwardtype)
+{
+ const cfg_obj_t *portobj;
+ const cfg_obj_t *faddresses;
+ const cfg_listelt_t *element;
+ dns_fwdpolicy_t fwdpolicy = dns_fwdpolicy_none;
+ isc_sockaddrlist_t addresses;
+ isc_sockaddr_t *sa;
+ isc_result_t result;
+ in_port_t port;
+
+ ISC_LIST_INIT(addresses);
+
+ /*
+ * Determine which port to send forwarded requests to.
+ */
+ if (ns_g_lwresdonly && ns_g_port != 0)
+ port = ns_g_port;
+ else
+ CHECKM(ns_config_getport(config, &port), "port");
+
+ if (forwarders != NULL) {
+ portobj = cfg_tuple_get(forwarders, "port");
+ if (cfg_obj_isuint32(portobj)) {
+ isc_uint32_t val = cfg_obj_asuint32(portobj);
+ if (val > ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
+ "port '%u' out of range", val);
+ return (ISC_R_RANGE);
+ }
+ port = (in_port_t) val;
+ }
+ }
+
+ faddresses = NULL;
+ if (forwarders != NULL)
+ faddresses = cfg_tuple_get(forwarders, "addresses");
+
+ for (element = cfg_list_first(faddresses);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *forwarder = cfg_listelt_value(element);
+ sa = isc_mem_get(view->mctx, sizeof(isc_sockaddr_t));
+ if (sa == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup;
+ }
+ *sa = *cfg_obj_assockaddr(forwarder);
+ if (isc_sockaddr_getport(sa) == 0)
+ isc_sockaddr_setport(sa, port);
+ ISC_LINK_INIT(sa, link);
+ ISC_LIST_APPEND(addresses, sa, link);
+ }
+
+ if (ISC_LIST_EMPTY(addresses)) {
+ if (forwardtype != NULL)
+ cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
+ "no forwarders seen; disabling "
+ "forwarding");
+ fwdpolicy = dns_fwdpolicy_none;
+ } else {
+ if (forwardtype == NULL)
+ fwdpolicy = dns_fwdpolicy_first;
+ else {
+ const char *forwardstr = cfg_obj_asstring(forwardtype);
+ if (strcasecmp(forwardstr, "first") == 0)
+ fwdpolicy = dns_fwdpolicy_first;
+ else if (strcasecmp(forwardstr, "only") == 0)
+ fwdpolicy = dns_fwdpolicy_only;
+ else
+ INSIST(0);
+ }
+ }
+
+ result = dns_fwdtable_add(view->fwdtable, origin, &addresses,
+ fwdpolicy);
+ if (result != ISC_R_SUCCESS) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(origin, namebuf, sizeof(namebuf));
+ cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
+ "could not set up forwarding for domain '%s': %s",
+ namebuf, isc_result_totext(result));
+ goto cleanup;
+ }
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+
+ while (!ISC_LIST_EMPTY(addresses)) {
+ sa = ISC_LIST_HEAD(addresses);
+ ISC_LIST_UNLINK(addresses, sa, link);
+ isc_mem_put(view->mctx, sa, sizeof(isc_sockaddr_t));
+ }
+
+ return (result);
+}
+
+/*
+ * Create a new view and add it to the list.
+ *
+ * If 'vconfig' is NULL, create the default view.
+ *
+ * The view created is attached to '*viewp'.
+ */
+static isc_result_t
+create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
+ dns_view_t **viewp)
+{
+ isc_result_t result;
+ const char *viewname;
+ dns_rdataclass_t viewclass;
+ dns_view_t *view = NULL;
+
+ if (vconfig != NULL) {
+ const cfg_obj_t *classobj = NULL;
+
+ viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
+ classobj = cfg_tuple_get(vconfig, "class");
+ result = ns_config_getclass(classobj, dns_rdataclass_in,
+ &viewclass);
+ } else {
+ viewname = "_default";
+ viewclass = dns_rdataclass_in;
+ }
+ result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
+ if (result == ISC_R_SUCCESS)
+ return (ISC_R_EXISTS);
+ if (result != ISC_R_NOTFOUND)
+ return (result);
+ INSIST(view == NULL);
+
+ result = dns_view_create(ns_g_mctx, viewclass, viewname, &view);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ ISC_LIST_APPEND(*viewlist, view, link);
+ dns_view_attach(view, viewp);
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Configure or reconfigure a zone.
+ */
+static isc_result_t
+configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
+ const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view,
+ cfg_aclconfctx_t *aclconf)
+{
+ dns_view_t *pview = NULL; /* Production view */
+ dns_zone_t *zone = NULL; /* New or reused zone */
+ dns_zone_t *dupzone = NULL;
+ const cfg_obj_t *options = NULL;
+ const cfg_obj_t *zoptions = NULL;
+ const cfg_obj_t *typeobj = NULL;
+ const cfg_obj_t *forwarders = NULL;
+ const cfg_obj_t *forwardtype = NULL;
+ const cfg_obj_t *only = NULL;
+ isc_result_t result;
+ isc_result_t tresult;
+ isc_buffer_t buffer;
+ dns_fixedname_t fixorigin;
+ dns_name_t *origin;
+ const char *zname;
+ dns_rdataclass_t zclass;
+ const char *ztypestr;
+
+ options = NULL;
+ (void)cfg_map_get(config, "options", &options);
+
+ zoptions = cfg_tuple_get(zconfig, "options");
+
+ /*
+ * Get the zone origin as a dns_name_t.
+ */
+ zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
+ isc_buffer_init(&buffer, zname, strlen(zname));
+ isc_buffer_add(&buffer, strlen(zname));
+ dns_fixedname_init(&fixorigin);
+ CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
+ &buffer, dns_rootname, ISC_FALSE, NULL));
+ origin = dns_fixedname_name(&fixorigin);
+
+ CHECK(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
+ view->rdclass, &zclass));
+ if (zclass != view->rdclass) {
+ const char *vname = NULL;
+ if (vconfig != NULL)
+ vname = cfg_obj_asstring(cfg_tuple_get(vconfig,
+ "name"));
+ else
+ vname = "<default view>";
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "zone '%s': wrong class for view '%s'",
+ zname, vname);
+ result = ISC_R_FAILURE;
+ goto cleanup;
+ }
+
+ (void)cfg_map_get(zoptions, "type", &typeobj);
+ if (typeobj == NULL) {
+ cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
+ "zone '%s' 'type' not specified", zname);
+ return (ISC_R_FAILURE);
+ }
+ ztypestr = cfg_obj_asstring(typeobj);
+
+ /*
+ * "hints zones" aren't zones. If we've got one,
+ * configure it and return.
+ */
+ if (strcasecmp(ztypestr, "hint") == 0) {
+ const cfg_obj_t *fileobj = NULL;
+ if (cfg_map_get(zoptions, "file", &fileobj) != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "zone '%s': 'file' not specified",
+ zname);
+ result = ISC_R_FAILURE;
+ goto cleanup;
+ }
+ if (dns_name_equal(origin, dns_rootname)) {
+ const char *hintsfile = cfg_obj_asstring(fileobj);
+
+ result = configure_hints(view, hintsfile);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_ERROR,
+ "could not configure root hints "
+ "from '%s': %s", hintsfile,
+ isc_result_totext(result));
+ goto cleanup;
+ }
+ /*
+ * Hint zones may also refer to delegation only points.
+ */
+ only = NULL;
+ tresult = cfg_map_get(zoptions, "delegation-only",
+ &only);
+ if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only))
+ CHECK(dns_view_adddelegationonly(view, origin));
+ } else {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "ignoring non-root hint zone '%s'",
+ zname);
+ result = ISC_R_SUCCESS;
+ }
+ /* Skip ordinary zone processing. */
+ goto cleanup;
+ }
+
+ /*
+ * "forward zones" aren't zones either. Translate this syntax into
+ * the appropriate selective forwarding configuration and return.
+ */
+ if (strcasecmp(ztypestr, "forward") == 0) {
+ forwardtype = NULL;
+ forwarders = NULL;
+
+ (void)cfg_map_get(zoptions, "forward", &forwardtype);
+ (void)cfg_map_get(zoptions, "forwarders", &forwarders);
+ result = configure_forward(config, view, origin, forwarders,
+ forwardtype);
+ goto cleanup;
+ }
+
+ /*
+ * "delegation-only zones" aren't zones either.
+ */
+ if (strcasecmp(ztypestr, "delegation-only") == 0) {
+ result = dns_view_adddelegationonly(view, origin);
+ goto cleanup;
+ }
+
+ /*
+ * Check for duplicates in the new zone table.
+ */
+ result = dns_view_findzone(view, origin, &dupzone);
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * We already have this zone!
+ */
+ cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
+ "zone '%s' already exists", zname);
+ dns_zone_detach(&dupzone);
+ result = ISC_R_EXISTS;
+ goto cleanup;
+ }
+ INSIST(dupzone == NULL);
+
+ /*
+ * See if we can reuse an existing zone. This is
+ * only possible if all of these are true:
+ * - The zone's view exists
+ * - A zone with the right name exists in the view
+ * - The zone is compatible with the config
+ * options (e.g., an existing master zone cannot
+ * be reused if the options specify a slave zone)
+ */
+ result = dns_viewlist_find(&ns_g_server->viewlist,
+ view->name, view->rdclass,
+ &pview);
+ if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
+ goto cleanup;
+ if (pview != NULL)
+ result = dns_view_findzone(pview, origin, &zone);
+ if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS)
+ goto cleanup;
+ if (zone != NULL && !ns_zone_reusable(zone, zconfig))
+ dns_zone_detach(&zone);
+
+ if (zone != NULL) {
+ /*
+ * We found a reusable zone. Make it use the
+ * new view.
+ */
+ dns_zone_setview(zone, view);
+ if (view->acache != NULL)
+ dns_zone_setacache(zone, view->acache);
+ } else {
+ /*
+ * We cannot reuse an existing zone, we have
+ * to create a new one.
+ */
+ CHECK(dns_zone_create(&zone, mctx));
+ CHECK(dns_zone_setorigin(zone, origin));
+ dns_zone_setview(zone, view);
+ if (view->acache != NULL)
+ dns_zone_setacache(zone, view->acache);
+ CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone));
+ dns_zone_setstats(zone, ns_g_server->zonestats);
+ }
+
+ /*
+ * If the zone contains a 'forwarders' statement, configure
+ * selective forwarding.
+ */
+ forwarders = NULL;
+ if (cfg_map_get(zoptions, "forwarders", &forwarders) == ISC_R_SUCCESS)
+ {
+ forwardtype = NULL;
+ (void)cfg_map_get(zoptions, "forward", &forwardtype);
+ CHECK(configure_forward(config, view, origin, forwarders,
+ forwardtype));
+ }
+
+ /*
+ * Stub and forward zones may also refer to delegation only points.
+ */
+ only = NULL;
+ if (cfg_map_get(zoptions, "delegation-only", &only) == ISC_R_SUCCESS)
+ {
+ if (cfg_obj_asboolean(only))
+ CHECK(dns_view_adddelegationonly(view, origin));
+ }
+
+ /*
+ * Configure the zone.
+ */
+ CHECK(ns_zone_configure(config, vconfig, zconfig, aclconf, zone));
+
+ /*
+ * Add the zone to its view in the new view list.
+ */
+ CHECK(dns_view_addzone(view, zone));
+
+ cleanup:
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ if (pview != NULL)
+ dns_view_detach(&pview);
+
+ return (result);
+}
+
+/*
+ * Configure a single server quota.
+ */
+static void
+configure_server_quota(const cfg_obj_t **maps, const char *name,
+ isc_quota_t *quota)
+{
+ const cfg_obj_t *obj = NULL;
+ isc_result_t result;
+
+ result = ns_config_get(maps, name, &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ isc_quota_max(quota, cfg_obj_asuint32(obj));
+}
+
+/*
+ * This function is called as soon as the 'directory' statement has been
+ * parsed. This can be extended to support other options if necessary.
+ */
+static isc_result_t
+directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
+ isc_result_t result;
+ const char *directory;
+
+ REQUIRE(strcasecmp("directory", clausename) == 0);
+
+ UNUSED(arg);
+ UNUSED(clausename);
+
+ /*
+ * Change directory.
+ */
+ directory = cfg_obj_asstring(obj);
+
+ if (! isc_file_ischdiridempotent(directory))
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
+ "option 'directory' contains relative path '%s'",
+ directory);
+
+ result = isc_dir_chdir(directory);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
+ "change directory to '%s' failed: %s",
+ directory, isc_result_totext(result));
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+scan_interfaces(ns_server_t *server, isc_boolean_t verbose) {
+ isc_boolean_t match_mapped = server->aclenv.match_mapped;
+
+ ns_interfacemgr_scan(server->interfacemgr, verbose);
+ /*
+ * Update the "localhost" and "localnets" ACLs to match the
+ * current set of network interfaces.
+ */
+ dns_aclenv_copy(&server->aclenv,
+ ns_interfacemgr_getaclenv(server->interfacemgr));
+
+ server->aclenv.match_mapped = match_mapped;
+}
+
+static isc_result_t
+add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr,
+ isc_boolean_t wcardport_ok)
+{
+ ns_listenelt_t *lelt = NULL;
+ dns_acl_t *src_acl = NULL;
+ isc_result_t result;
+ isc_sockaddr_t any_sa6;
+ isc_netaddr_t netaddr;
+
+ REQUIRE(isc_sockaddr_pf(addr) == AF_INET6);
+
+ isc_sockaddr_any6(&any_sa6);
+ if (!isc_sockaddr_equal(&any_sa6, addr) &&
+ (wcardport_ok || isc_sockaddr_getport(addr) != 0)) {
+ isc_netaddr_fromin6(&netaddr, &addr->type.sin6.sin6_addr);
+
+ result = dns_acl_create(mctx, 0, &src_acl);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = dns_iptable_addprefix(src_acl->iptable,
+ &netaddr, 128, ISC_TRUE);
+ if (result != ISC_R_SUCCESS)
+ goto clean;
+
+ result = ns_listenelt_create(mctx, isc_sockaddr_getport(addr),
+ src_acl, &lelt);
+ if (result != ISC_R_SUCCESS)
+ goto clean;
+ ISC_LIST_APPEND(list->elts, lelt, link);
+ }
+
+ return (ISC_R_SUCCESS);
+
+ clean:
+ INSIST(lelt == NULL);
+ dns_acl_detach(&src_acl);
+
+ return (result);
+}
+
+/*
+ * Make a list of xxx-source addresses and call ns_interfacemgr_adjust()
+ * to update the listening interfaces accordingly.
+ * We currently only consider IPv6, because this only affects IPv6 wildcard
+ * sockets.
+ */
+static void
+adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
+ isc_result_t result;
+ ns_listenlist_t *list = NULL;
+ dns_view_t *view;
+ dns_zone_t *zone, *next;
+ isc_sockaddr_t addr, *addrp;
+
+ result = ns_listenlist_create(mctx, &list);
+ if (result != ISC_R_SUCCESS)
+ return;
+
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ dns_dispatch_t *dispatch6;
+
+ dispatch6 = dns_resolver_dispatchv6(view->resolver);
+ if (dispatch6 == NULL)
+ continue;
+ result = dns_dispatch_getlocaladdress(dispatch6, &addr);
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+
+ /*
+ * We always add non-wildcard address regardless of whether
+ * the port is 'any' (the fourth arg is TRUE): if the port is
+ * specific, we need to add it since it may conflict with a
+ * listening interface; if it's zero, we'll dynamically open
+ * query ports, and some of them may override an existing
+ * wildcard IPv6 port.
+ */
+ result = add_listenelt(mctx, list, &addr, ISC_TRUE);
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+ }
+
+ zone = NULL;
+ for (result = dns_zone_first(server->zonemgr, &zone);
+ result == ISC_R_SUCCESS;
+ next = NULL, result = dns_zone_next(zone, &next), zone = next) {
+ dns_view_t *zoneview;
+
+ /*
+ * At this point the zone list may contain a stale zone
+ * just removed from the configuration. To see the validity,
+ * check if the corresponding view is in our current view list.
+ * There may also be old zones that are still in the process
+ * of shutting down and have detached from their old view
+ * (zoneview == NULL).
+ */
+ zoneview = dns_zone_getview(zone);
+ if (zoneview == NULL)
+ continue;
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL && view != zoneview;
+ view = ISC_LIST_NEXT(view, link))
+ ;
+ if (view == NULL)
+ continue;
+
+ addrp = dns_zone_getnotifysrc6(zone);
+ result = add_listenelt(mctx, list, addrp, ISC_FALSE);
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+
+ addrp = dns_zone_getxfrsource6(zone);
+ result = add_listenelt(mctx, list, addrp, ISC_FALSE);
+ if (result != ISC_R_SUCCESS)
+ goto fail;
+ }
+
+ ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
+
+ clean:
+ ns_listenlist_detach(&list);
+ return;
+
+ fail:
+ /*
+ * Even when we failed the procedure, most of other interfaces
+ * should work correctly. We therefore just warn it.
+ */
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "could not adjust the listen-on list; "
+ "some interfaces may not work");
+ goto clean;
+}
+
+/*
+ * This event callback is invoked to do periodic network
+ * interface scanning.
+ */
+static void
+interface_timer_tick(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ ns_server_t *server = (ns_server_t *) event->ev_arg;
+ INSIST(task == server->task);
+ UNUSED(task);
+ isc_event_free(&event);
+ /*
+ * XXX should scan interfaces unlocked and get exclusive access
+ * only to replace ACLs.
+ */
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ scan_interfaces(server, ISC_FALSE);
+ isc_task_endexclusive(server->task);
+}
+
+static void
+heartbeat_timer_tick(isc_task_t *task, isc_event_t *event) {
+ ns_server_t *server = (ns_server_t *) event->ev_arg;
+ dns_view_t *view;
+
+ UNUSED(task);
+ isc_event_free(&event);
+ view = ISC_LIST_HEAD(server->viewlist);
+ while (view != NULL) {
+ dns_view_dialup(view);
+ view = ISC_LIST_NEXT(view, link);
+ }
+}
+
+static void
+pps_timer_tick(isc_task_t *task, isc_event_t *event) {
+ static unsigned int oldrequests = 0;
+ unsigned int requests = ns_client_requests;
+
+ UNUSED(task);
+ isc_event_free(&event);
+
+ /*
+ * Don't worry about wrapping as the overflow result will be right.
+ */
+ dns_pps = (requests - oldrequests) / 1200;
+ oldrequests = requests;
+}
+
+/*
+ * Replace the current value of '*field', a dynamically allocated
+ * string or NULL, with a dynamically allocated copy of the
+ * null-terminated string pointed to by 'value', or NULL.
+ */
+static isc_result_t
+setstring(ns_server_t *server, char **field, const char *value) {
+ char *copy;
+
+ if (value != NULL) {
+ copy = isc_mem_strdup(server->mctx, value);
+ if (copy == NULL)
+ return (ISC_R_NOMEMORY);
+ } else {
+ copy = NULL;
+ }
+
+ if (*field != NULL)
+ isc_mem_free(server->mctx, *field);
+
+ *field = copy;
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Replace the current value of '*field', a dynamically allocated
+ * string or NULL, with another dynamically allocated string
+ * or NULL if whether 'obj' is a string or void value, respectively.
+ */
+static isc_result_t
+setoptstring(ns_server_t *server, char **field, const cfg_obj_t *obj) {
+ if (cfg_obj_isvoid(obj))
+ return (setstring(server, field, NULL));
+ else
+ return (setstring(server, field, cfg_obj_asstring(obj)));
+}
+
+static void
+set_limit(const cfg_obj_t **maps, const char *configname,
+ const char *description, isc_resource_t resourceid,
+ isc_resourcevalue_t defaultvalue)
+{
+ const cfg_obj_t *obj = NULL;
+ const char *resource;
+ isc_resourcevalue_t value;
+ isc_result_t result;
+
+ if (ns_config_get(maps, configname, &obj) != ISC_R_SUCCESS)
+ return;
+
+ if (cfg_obj_isstring(obj)) {
+ resource = cfg_obj_asstring(obj);
+ if (strcasecmp(resource, "unlimited") == 0)
+ value = ISC_RESOURCE_UNLIMITED;
+ else {
+ INSIST(strcasecmp(resource, "default") == 0);
+ value = defaultvalue;
+ }
+ } else
+ value = cfg_obj_asuint64(obj);
+
+ result = isc_resource_setlimit(resourceid, value);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ result == ISC_R_SUCCESS ?
+ ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
+ "set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
+ description, value, isc_result_totext(result));
+}
+
+#define SETLIMIT(cfgvar, resource, description) \
+ set_limit(maps, cfgvar, description, isc_resource_ ## resource, \
+ ns_g_init ## resource)
+
+static void
+set_limits(const cfg_obj_t **maps) {
+ SETLIMIT("stacksize", stacksize, "stack size");
+ SETLIMIT("datasize", datasize, "data size");
+ SETLIMIT("coresize", coresize, "core size");
+ SETLIMIT("files", openfiles, "open files");
+}
+
+static void
+portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
+ isc_boolean_t positive)
+{
+ const cfg_listelt_t *element;
+
+ for (element = cfg_list_first(ports);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ const cfg_obj_t *obj = cfg_listelt_value(element);
+
+ if (cfg_obj_isuint32(obj)) {
+ in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
+
+ if (positive)
+ isc_portset_add(portset, port);
+ else
+ isc_portset_remove(portset, port);
+ } else {
+ const cfg_obj_t *obj_loport, *obj_hiport;
+ in_port_t loport, hiport;
+
+ obj_loport = cfg_tuple_get(obj, "loport");
+ loport = (in_port_t)cfg_obj_asuint32(obj_loport);
+ obj_hiport = cfg_tuple_get(obj, "hiport");
+ hiport = (in_port_t)cfg_obj_asuint32(obj_hiport);
+
+ if (positive)
+ isc_portset_addrange(portset, loport, hiport);
+ else {
+ isc_portset_removerange(portset, loport,
+ hiport);
+ }
+ }
+ }
+}
+
+static isc_result_t
+removed(dns_zone_t *zone, void *uap) {
+ const char *type;
+
+ if (dns_zone_getview(zone) != uap)
+ return (ISC_R_SUCCESS);
+
+ switch (dns_zone_gettype(zone)) {
+ case dns_zone_master:
+ type = "master";
+ break;
+ case dns_zone_slave:
+ type = "slave";
+ break;
+ case dns_zone_stub:
+ type = "stub";
+ break;
+ default:
+ type = "other";
+ break;
+ }
+ dns_zone_log(zone, ISC_LOG_INFO, "(%s) removed", type);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+load_configuration(const char *filename, ns_server_t *server,
+ isc_boolean_t first_time)
+{
+ cfg_aclconfctx_t aclconfctx;
+ cfg_obj_t *config;
+ cfg_parser_t *parser = NULL;
+ const cfg_listelt_t *element;
+ const cfg_obj_t *builtin_views;
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *obj;
+ const cfg_obj_t *options;
+ const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports;
+ const cfg_obj_t *views;
+ dns_view_t *view = NULL;
+ dns_view_t *view_next;
+ dns_viewlist_t tmpviewlist;
+ dns_viewlist_t viewlist;
+ in_port_t listen_port, udpport_low, udpport_high;
+ int i;
+ isc_interval_t interval;
+ isc_portset_t *v4portset = NULL;
+ isc_portset_t *v6portset = NULL;
+ isc_resourcevalue_t nfiles;
+ isc_result_t result;
+ isc_uint32_t heartbeat_interval;
+ isc_uint32_t interface_interval;
+ isc_uint32_t reserved;
+ isc_uint32_t udpsize;
+ unsigned int maxsocks;
+
+ cfg_aclconfctx_init(&aclconfctx);
+ ISC_LIST_INIT(viewlist);
+
+ /* Ensure exclusive access to configuration data. */
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ /*
+ * Parse the global default pseudo-config file.
+ */
+ if (first_time) {
+ CHECK(ns_config_parsedefaults(ns_g_parser, &ns_g_config));
+ RUNTIME_CHECK(cfg_map_get(ns_g_config, "options",
+ &ns_g_defaults) ==
+ ISC_R_SUCCESS);
+ }
+
+ /*
+ * Parse the configuration file using the new config code.
+ */
+ result = ISC_R_FAILURE;
+ config = NULL;
+
+ /*
+ * Unless this is lwresd with the -C option, parse the config file.
+ */
+ if (!(ns_g_lwresdonly && lwresd_g_useresolvconf)) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "loading configuration from '%s'",
+ filename);
+ CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx, &parser));
+ cfg_parser_setcallback(parser, directory_callback, NULL);
+ result = cfg_parse_file(parser, filename, &cfg_type_namedconf,
+ &config);
+ }
+
+ /*
+ * If this is lwresd with the -C option, or lwresd with no -C or -c
+ * option where the above parsing failed, parse resolv.conf.
+ */
+ if (ns_g_lwresdonly &&
+ (lwresd_g_useresolvconf ||
+ (!ns_g_conffileset && result == ISC_R_FILENOTFOUND)))
+ {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "loading configuration from '%s'",
+ lwresd_g_resolvconffile);
+ if (parser != NULL)
+ cfg_parser_destroy(&parser);
+ CHECK(cfg_parser_create(ns_g_mctx, ns_g_lctx, &parser));
+ result = ns_lwresd_parseeresolvconf(ns_g_mctx, parser,
+ &config);
+ }
+ CHECK(result);
+
+ /*
+ * Check the validity of the configuration.
+ */
+ CHECK(bind9_check_namedconf(config, ns_g_lctx, ns_g_mctx));
+
+ /*
+ * Fill in the maps array, used for resolving defaults.
+ */
+ i = 0;
+ options = NULL;
+ result = cfg_map_get(config, "options", &options);
+ if (result == ISC_R_SUCCESS)
+ maps[i++] = options;
+ maps[i++] = ns_g_defaults;
+ maps[i++] = NULL;
+
+ /*
+ * Set process limits, which (usually) needs to be done as root.
+ */
+ set_limits(maps);
+
+ /*
+ * Check if max number of open sockets that the system allows is
+ * sufficiently large. Failing this condition is not necessarily fatal,
+ * but may cause subsequent runtime failures for a busy recursive
+ * server.
+ */
+ result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks);
+ if (result != ISC_R_SUCCESS)
+ maxsocks = 0;
+ result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles);
+ if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "max open files (%" ISC_PRINT_QUADFORMAT "u)"
+ " is smaller than max sockets (%u)",
+ nfiles, maxsocks);
+ }
+
+ /*
+ * Set the number of socket reserved for TCP, stdio etc.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "reserved-sockets", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ reserved = cfg_obj_asuint32(obj);
+ if (maxsocks != 0) {
+ if (maxsocks < 128U) /* Prevent underflow. */
+ reserved = 0;
+ else if (reserved > maxsocks - 128U) /* Minimum UDP space. */
+ reserved = maxsocks - 128;
+ }
+ /* Minimum TCP/stdio space. */
+ if (reserved < 128U)
+ reserved = 128;
+ if (reserved + 128U > maxsocks && maxsocks != 0) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "less than 128 UDP sockets available after "
+ "applying 'reserved-sockets' and 'maxsockets'");
+ }
+ isc__socketmgr_setreserved(ns_g_socketmgr, reserved);
+
+ /*
+ * Configure various server options.
+ */
+ configure_server_quota(maps, "transfers-out", &server->xfroutquota);
+ configure_server_quota(maps, "tcp-clients", &server->tcpquota);
+ configure_server_quota(maps, "recursive-clients",
+ &server->recursionquota);
+ if (server->recursionquota.max > 1000)
+ isc_quota_soft(&server->recursionquota,
+ server->recursionquota.max - 100);
+ else
+ isc_quota_soft(&server->recursionquota, 0);
+
+ CHECK(configure_view_acl(NULL, config, "blackhole", &aclconfctx,
+ ns_g_mctx, &server->blackholeacl));
+ if (server->blackholeacl != NULL)
+ dns_dispatchmgr_setblackhole(ns_g_dispatchmgr,
+ server->blackholeacl);
+
+ obj = NULL;
+ result = ns_config_get(maps, "match-mapped-addresses", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ server->aclenv.match_mapped = cfg_obj_asboolean(obj);
+
+ CHECKM(ns_statschannels_configure(ns_g_server, config, &aclconfctx),
+ "configuring statistics server(s)");
+
+ /*
+ * Configure sets of UDP query source ports.
+ */
+ CHECKM(isc_portset_create(ns_g_mctx, &v4portset),
+ "creating UDP port set");
+ CHECKM(isc_portset_create(ns_g_mctx, &v6portset),
+ "creating UDP port set");
+
+ usev4ports = NULL;
+ usev6ports = NULL;
+ avoidv4ports = NULL;
+ avoidv6ports = NULL;
+
+ (void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports);
+ if (usev4ports != NULL)
+ portset_fromconf(v4portset, usev4ports, ISC_TRUE);
+ else {
+ CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low,
+ &udpport_high),
+ "get the default UDP/IPv4 port range");
+ if (udpport_low == udpport_high)
+ isc_portset_add(v4portset, udpport_low);
+ else {
+ isc_portset_addrange(v4portset, udpport_low,
+ udpport_high);
+ }
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "using default UDP/IPv4 port range: [%d, %d]",
+ udpport_low, udpport_high);
+ }
+ (void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports);
+ if (avoidv4ports != NULL)
+ portset_fromconf(v4portset, avoidv4ports, ISC_FALSE);
+
+ (void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports);
+ if (usev6ports != NULL)
+ portset_fromconf(v6portset, usev6ports, ISC_TRUE);
+ else {
+ CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low,
+ &udpport_high),
+ "get the default UDP/IPv6 port range");
+ if (udpport_low == udpport_high)
+ isc_portset_add(v6portset, udpport_low);
+ else {
+ isc_portset_addrange(v6portset, udpport_low,
+ udpport_high);
+ }
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "using default UDP/IPv6 port range: [%d, %d]",
+ udpport_low, udpport_high);
+ }
+ (void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports);
+ if (avoidv6ports != NULL)
+ portset_fromconf(v6portset, avoidv6ports, ISC_FALSE);
+
+ dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset);
+
+ /*
+ * Set the EDNS UDP size when we don't match a view.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "edns-udp-size", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ udpsize = cfg_obj_asuint32(obj);
+ if (udpsize < 512)
+ udpsize = 512;
+ if (udpsize > 4096)
+ udpsize = 4096;
+ ns_g_udpsize = (isc_uint16_t)udpsize;
+
+ /*
+ * Configure the zone manager.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "transfers-in", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zonemgr_settransfersin(server->zonemgr, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "transfers-per-ns", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zonemgr_settransfersperns(server->zonemgr, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "serial-query-rate", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zonemgr_setserialqueryrate(server->zonemgr, cfg_obj_asuint32(obj));
+
+ /*
+ * Determine which port to use for listening for incoming connections.
+ */
+ if (ns_g_port != 0)
+ listen_port = ns_g_port;
+ else
+ CHECKM(ns_config_getport(config, &listen_port), "port");
+
+ /*
+ * Find the listen queue depth.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "tcp-listen-queue", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ ns_g_listen = cfg_obj_asuint32(obj);
+ if (ns_g_listen < 3)
+ ns_g_listen = 3;
+
+ /*
+ * Configure the interface manager according to the "listen-on"
+ * statement.
+ */
+ {
+ const cfg_obj_t *clistenon = NULL;
+ ns_listenlist_t *listenon = NULL;
+
+ clistenon = NULL;
+ /*
+ * Even though listen-on is present in the default
+ * configuration, we can't use it here, since it isn't
+ * used if we're in lwresd mode. This way is easier.
+ */
+ if (options != NULL)
+ (void)cfg_map_get(options, "listen-on", &clistenon);
+ if (clistenon != NULL) {
+ result = ns_listenlist_fromconfig(clistenon,
+ config,
+ &aclconfctx,
+ ns_g_mctx,
+ &listenon);
+ } else if (!ns_g_lwresdonly) {
+ /*
+ * Not specified, use default.
+ */
+ CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
+ ISC_TRUE, &listenon));
+ }
+ if (listenon != NULL) {
+ ns_interfacemgr_setlistenon4(server->interfacemgr,
+ listenon);
+ ns_listenlist_detach(&listenon);
+ }
+ }
+ /*
+ * Ditto for IPv6.
+ */
+ {
+ const cfg_obj_t *clistenon = NULL;
+ ns_listenlist_t *listenon = NULL;
+
+ if (options != NULL)
+ (void)cfg_map_get(options, "listen-on-v6", &clistenon);
+ if (clistenon != NULL) {
+ result = ns_listenlist_fromconfig(clistenon,
+ config,
+ &aclconfctx,
+ ns_g_mctx,
+ &listenon);
+ } else if (!ns_g_lwresdonly) {
+ isc_boolean_t enable;
+ /*
+ * Not specified, use default.
+ */
+ enable = ISC_TF(isc_net_probeipv4() != ISC_R_SUCCESS);
+ CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
+ enable, &listenon));
+ }
+ if (listenon != NULL) {
+ ns_interfacemgr_setlistenon6(server->interfacemgr,
+ listenon);
+ ns_listenlist_detach(&listenon);
+ }
+ }
+
+ /*
+ * Rescan the interface list to pick up changes in the
+ * listen-on option. It's important that we do this before we try
+ * to configure the query source, since the dispatcher we use might
+ * be shared with an interface.
+ */
+ scan_interfaces(server, ISC_TRUE);
+
+ /*
+ * Arrange for further interface scanning to occur periodically
+ * as specified by the "interface-interval" option.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "interface-interval", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ interface_interval = cfg_obj_asuint32(obj) * 60;
+ if (interface_interval == 0) {
+ CHECK(isc_timer_reset(server->interface_timer,
+ isc_timertype_inactive,
+ NULL, NULL, ISC_TRUE));
+ } else if (server->interface_interval != interface_interval) {
+ isc_interval_set(&interval, interface_interval, 0);
+ CHECK(isc_timer_reset(server->interface_timer,
+ isc_timertype_ticker,
+ NULL, &interval, ISC_FALSE));
+ }
+ server->interface_interval = interface_interval;
+
+ /*
+ * Configure the dialup heartbeat timer.
+ */
+ obj = NULL;
+ result = ns_config_get(maps, "heartbeat-interval", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ heartbeat_interval = cfg_obj_asuint32(obj) * 60;
+ if (heartbeat_interval == 0) {
+ CHECK(isc_timer_reset(server->heartbeat_timer,
+ isc_timertype_inactive,
+ NULL, NULL, ISC_TRUE));
+ } else if (server->heartbeat_interval != heartbeat_interval) {
+ isc_interval_set(&interval, heartbeat_interval, 0);
+ CHECK(isc_timer_reset(server->heartbeat_timer,
+ isc_timertype_ticker,
+ NULL, &interval, ISC_FALSE));
+ }
+ server->heartbeat_interval = heartbeat_interval;
+
+ isc_interval_set(&interval, 1200, 0);
+ CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL,
+ &interval, ISC_FALSE));
+
+ /*
+ * Configure and freeze all explicit views. Explicit
+ * views that have zones were already created at parsing
+ * time, but views with no zones must be created here.
+ */
+ views = NULL;
+ (void)cfg_map_get(config, "view", &views);
+ for (element = cfg_list_first(views);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *vconfig = cfg_listelt_value(element);
+ view = NULL;
+
+ CHECK(create_view(vconfig, &viewlist, &view));
+ INSIST(view != NULL);
+ CHECK(configure_view(view, config, vconfig,
+ ns_g_mctx, &aclconfctx, ISC_TRUE));
+ dns_view_freeze(view);
+ dns_view_detach(&view);
+ }
+
+ /*
+ * Make sure we have a default view if and only if there
+ * were no explicit views.
+ */
+ if (views == NULL) {
+ /*
+ * No explicit views; there ought to be a default view.
+ * There may already be one created as a side effect
+ * of zone statements, or we may have to create one.
+ * In either case, we need to configure and freeze it.
+ */
+ CHECK(create_view(NULL, &viewlist, &view));
+ CHECK(configure_view(view, config, NULL, ns_g_mctx,
+ &aclconfctx, ISC_TRUE));
+ dns_view_freeze(view);
+ dns_view_detach(&view);
+ }
+
+ /*
+ * Create (or recreate) the built-in views. Currently
+ * there is only one, the _bind view.
+ */
+ builtin_views = NULL;
+ RUNTIME_CHECK(cfg_map_get(ns_g_config, "view",
+ &builtin_views) == ISC_R_SUCCESS);
+ for (element = cfg_list_first(builtin_views);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *vconfig = cfg_listelt_value(element);
+ CHECK(create_view(vconfig, &viewlist, &view));
+ CHECK(configure_view(view, config, vconfig, ns_g_mctx,
+ &aclconfctx, ISC_FALSE));
+ dns_view_freeze(view);
+ dns_view_detach(&view);
+ view = NULL;
+ }
+
+ /*
+ * Swap our new view list with the production one.
+ */
+ tmpviewlist = server->viewlist;
+ server->viewlist = viewlist;
+ viewlist = tmpviewlist;
+
+ /*
+ * Load the TKEY information from the configuration.
+ */
+ if (options != NULL) {
+ dns_tkeyctx_t *t = NULL;
+ CHECKM(ns_tkeyctx_fromconfig(options, ns_g_mctx, ns_g_entropy,
+ &t),
+ "configuring TKEY");
+ if (server->tkeyctx != NULL)
+ dns_tkeyctx_destroy(&server->tkeyctx);
+ server->tkeyctx = t;
+ }
+
+ /*
+ * Bind the control port(s).
+ */
+ CHECKM(ns_controls_configure(ns_g_server->controls, config,
+ &aclconfctx),
+ "binding control channel(s)");
+
+ /*
+ * Bind the lwresd port(s).
+ */
+ CHECKM(ns_lwresd_configure(ns_g_mctx, config),
+ "binding lightweight resolver ports");
+
+ /*
+ * Open the source of entropy.
+ */
+ if (first_time) {
+ obj = NULL;
+ result = ns_config_get(maps, "random-device", &obj);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "no source of entropy found");
+ } else {
+ const char *randomdev = cfg_obj_asstring(obj);
+ result = isc_entropy_createfilesource(ns_g_entropy,
+ randomdev);
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO,
+ "could not open entropy source "
+ "%s: %s",
+ randomdev,
+ isc_result_totext(result));
+#ifdef PATH_RANDOMDEV
+ if (ns_g_fallbackentropy != NULL) {
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO,
+ "using pre-chroot entropy source "
+ "%s",
+ PATH_RANDOMDEV);
+ isc_entropy_detach(&ns_g_entropy);
+ isc_entropy_attach(ns_g_fallbackentropy,
+ &ns_g_entropy);
+ }
+ isc_entropy_detach(&ns_g_fallbackentropy);
+ }
+#endif
+ }
+ }
+
+ /*
+ * Relinquish root privileges.
+ */
+ if (first_time)
+ ns_os_changeuser();
+
+ /*
+ * Check that the working directory is writable.
+ */
+ if (access(".", W_OK) != 0) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "the working directory is not writable");
+ }
+
+ /*
+ * Configure the logging system.
+ *
+ * Do this after changing UID to make sure that any log
+ * files specified in named.conf get created by the
+ * unprivileged user, not root.
+ */
+ if (ns_g_logstderr) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "ignoring config file logging "
+ "statement due to -g option");
+ } else {
+ const cfg_obj_t *logobj = NULL;
+ isc_logconfig_t *logc = NULL;
+
+ CHECKM(isc_logconfig_create(ns_g_lctx, &logc),
+ "creating new logging configuration");
+
+ logobj = NULL;
+ (void)cfg_map_get(config, "logging", &logobj);
+ if (logobj != NULL) {
+ CHECKM(ns_log_configure(logc, logobj),
+ "configuring logging");
+ } else {
+ CHECKM(ns_log_setdefaultchannels(logc),
+ "setting up default logging channels");
+ CHECKM(ns_log_setunmatchedcategory(logc),
+ "setting up default 'category unmatched'");
+ CHECKM(ns_log_setdefaultcategory(logc),
+ "setting up default 'category default'");
+ }
+
+ result = isc_logconfig_use(ns_g_lctx, logc);
+ if (result != ISC_R_SUCCESS) {
+ isc_logconfig_destroy(&logc);
+ CHECKM(result, "installing logging configuration");
+ }
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
+ "now using logging configuration from "
+ "config file");
+ }
+
+ /*
+ * Set the default value of the query logging flag depending
+ * whether a "queries" category has been defined. This is
+ * a disgusting hack, but we need to do this for BIND 8
+ * compatibility.
+ */
+ if (first_time) {
+ const cfg_obj_t *logobj = NULL;
+ const cfg_obj_t *categories = NULL;
+
+ obj = NULL;
+ if (ns_config_get(maps, "querylog", &obj) == ISC_R_SUCCESS) {
+ server->log_queries = cfg_obj_asboolean(obj);
+ } else {
+
+ (void)cfg_map_get(config, "logging", &logobj);
+ if (logobj != NULL)
+ (void)cfg_map_get(logobj, "category",
+ &categories);
+ if (categories != NULL) {
+ const cfg_listelt_t *element;
+ for (element = cfg_list_first(categories);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *catobj;
+ const char *str;
+
+ obj = cfg_listelt_value(element);
+ catobj = cfg_tuple_get(obj, "name");
+ str = cfg_obj_asstring(catobj);
+ if (strcasecmp(str, "queries") == 0)
+ server->log_queries = ISC_TRUE;
+ }
+ }
+ }
+ }
+
+ obj = NULL;
+ if (ns_config_get(maps, "pid-file", &obj) == ISC_R_SUCCESS)
+ if (cfg_obj_isvoid(obj))
+ ns_os_writepidfile(NULL, first_time);
+ else
+ ns_os_writepidfile(cfg_obj_asstring(obj), first_time);
+ else if (ns_g_lwresdonly)
+ ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
+ else
+ ns_os_writepidfile(ns_g_defaultpidfile, first_time);
+
+ obj = NULL;
+ if (options != NULL &&
+ cfg_map_get(options, "memstatistics", &obj) == ISC_R_SUCCESS)
+ ns_g_memstatistics = cfg_obj_asboolean(obj);
+ else
+ ns_g_memstatistics =
+ ISC_TF((isc_mem_debugging & ISC_MEM_DEBUGRECORD) != 0);
+
+ obj = NULL;
+ if (ns_config_get(maps, "memstatistics-file", &obj) == ISC_R_SUCCESS)
+ ns_main_setmemstats(cfg_obj_asstring(obj));
+ else if (ns_g_memstatistics)
+ ns_main_setmemstats("named.memstats");
+ else
+ ns_main_setmemstats(NULL);
+
+ obj = NULL;
+ result = ns_config_get(maps, "statistics-file", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ CHECKM(setstring(server, &server->statsfile, cfg_obj_asstring(obj)),
+ "strdup");
+
+ obj = NULL;
+ result = ns_config_get(maps, "dump-file", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ CHECKM(setstring(server, &server->dumpfile, cfg_obj_asstring(obj)),
+ "strdup");
+
+ obj = NULL;
+ result = ns_config_get(maps, "recursing-file", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ CHECKM(setstring(server, &server->recfile, cfg_obj_asstring(obj)),
+ "strdup");
+
+ obj = NULL;
+ result = ns_config_get(maps, "version", &obj);
+ if (result == ISC_R_SUCCESS) {
+ CHECKM(setoptstring(server, &server->version, obj), "strdup");
+ server->version_set = ISC_TRUE;
+ } else {
+ server->version_set = ISC_FALSE;
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "hostname", &obj);
+ if (result == ISC_R_SUCCESS) {
+ CHECKM(setoptstring(server, &server->hostname, obj), "strdup");
+ server->hostname_set = ISC_TRUE;
+ } else {
+ server->hostname_set = ISC_FALSE;
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "server-id", &obj);
+ server->server_usehostname = ISC_FALSE;
+ if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) {
+ /* The parser translates "hostname" to ISC_TRUE */
+ server->server_usehostname = cfg_obj_asboolean(obj);
+ result = setstring(server, &server->server_id, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ } else if (result == ISC_R_SUCCESS) {
+ /* Found a quoted string */
+ CHECKM(setoptstring(server, &server->server_id, obj), "strdup");
+ } else {
+ result = setstring(server, &server->server_id, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "flush-zones-on-shutdown", &obj);
+ if (result == ISC_R_SUCCESS) {
+ server->flushonshutdown = cfg_obj_asboolean(obj);
+ } else {
+ server->flushonshutdown = ISC_FALSE;
+ }
+
+ result = ISC_R_SUCCESS;
+
+ cleanup:
+ if (v4portset != NULL)
+ isc_portset_destroy(ns_g_mctx, &v4portset);
+
+ if (v6portset != NULL)
+ isc_portset_destroy(ns_g_mctx, &v6portset);
+
+ cfg_aclconfctx_destroy(&aclconfctx);
+
+ if (parser != NULL) {
+ if (config != NULL)
+ cfg_obj_destroy(parser, &config);
+ cfg_parser_destroy(&parser);
+ }
+
+ if (view != NULL)
+ dns_view_detach(&view);
+
+ /*
+ * This cleans up either the old production view list
+ * or our temporary list depending on whether they
+ * were swapped above or not.
+ */
+ for (view = ISC_LIST_HEAD(viewlist);
+ view != NULL;
+ view = view_next) {
+ view_next = ISC_LIST_NEXT(view, link);
+ ISC_LIST_UNLINK(viewlist, view, link);
+ if (result == ISC_R_SUCCESS &&
+ strcmp(view->name, "_bind") != 0)
+ (void)dns_zt_apply(view->zonetable, ISC_FALSE,
+ removed, view);
+ dns_view_detach(&view);
+ }
+
+ /*
+ * Adjust the listening interfaces in accordance with the source
+ * addresses specified in views and zones.
+ */
+ if (isc_net_probeipv6() == ISC_R_SUCCESS)
+ adjust_interfaces(server, ns_g_mctx);
+
+ /* Relinquish exclusive access to configuration data. */
+ isc_task_endexclusive(server->task);
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_DEBUG(1), "load_configuration: %s",
+ isc_result_totext(result));
+
+ return (result);
+}
+
+static isc_result_t
+load_zones(ns_server_t *server, isc_boolean_t stop) {
+ isc_result_t result;
+ dns_view_t *view;
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ /*
+ * Load zone data from disk.
+ */
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ CHECK(dns_view_load(view, stop));
+ }
+
+ /*
+ * Force zone maintenance. Do this after loading
+ * so that we know when we need to force AXFR of
+ * slave zones whose master files are missing.
+ */
+ CHECK(dns_zonemgr_forcemaint(server->zonemgr));
+ cleanup:
+ isc_task_endexclusive(server->task);
+ return (result);
+}
+
+static isc_result_t
+load_new_zones(ns_server_t *server, isc_boolean_t stop) {
+ isc_result_t result;
+ dns_view_t *view;
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ /*
+ * Load zone data from disk.
+ */
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ CHECK(dns_view_loadnew(view, stop));
+ }
+ /*
+ * Force zone maintenance. Do this after loading
+ * so that we know when we need to force AXFR of
+ * slave zones whose master files are missing.
+ */
+ dns_zonemgr_resumexfrs(server->zonemgr);
+ cleanup:
+ isc_task_endexclusive(server->task);
+ return (result);
+}
+
+static void
+run_server(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ ns_server_t *server = (ns_server_t *)event->ev_arg;
+
+ INSIST(task == server->task);
+
+ isc_event_free(&event);
+
+ CHECKFATAL(dns_dispatchmgr_create(ns_g_mctx, ns_g_entropy,
+ &ns_g_dispatchmgr),
+ "creating dispatch manager");
+
+ dns_dispatchmgr_setstats(ns_g_dispatchmgr, server->resolverstats);
+
+ CHECKFATAL(ns_interfacemgr_create(ns_g_mctx, ns_g_taskmgr,
+ ns_g_socketmgr, ns_g_dispatchmgr,
+ &server->interfacemgr),
+ "creating interface manager");
+
+ CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
+ NULL, NULL, server->task,
+ interface_timer_tick,
+ server, &server->interface_timer),
+ "creating interface timer");
+
+ CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
+ NULL, NULL, server->task,
+ heartbeat_timer_tick,
+ server, &server->heartbeat_timer),
+ "creating heartbeat timer");
+
+ CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive,
+ NULL, NULL, server->task, pps_timer_tick,
+ server, &server->pps_timer),
+ "creating pps timer");
+
+ CHECKFATAL(cfg_parser_create(ns_g_mctx, NULL, &ns_g_parser),
+ "creating default configuration parser");
+
+ if (ns_g_lwresdonly)
+ CHECKFATAL(load_configuration(lwresd_g_conffile, server,
+ ISC_TRUE),
+ "loading configuration");
+ else
+ CHECKFATAL(load_configuration(ns_g_conffile, server, ISC_TRUE),
+ "loading configuration");
+
+ isc_hash_init();
+
+ CHECKFATAL(load_zones(server, ISC_FALSE), "loading zones");
+
+ ns_os_started();
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_NOTICE, "running");
+}
+
+void
+ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) {
+
+ REQUIRE(NS_SERVER_VALID(server));
+
+ server->flushonshutdown = flush;
+}
+
+static void
+shutdown_server(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ dns_view_t *view, *view_next;
+ ns_server_t *server = (ns_server_t *)event->ev_arg;
+ isc_boolean_t flush = server->flushonshutdown;
+
+ UNUSED(task);
+ INSIST(task == server->task);
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "shutting down%s",
+ flush ? ": flushing changes" : "");
+
+ ns_statschannels_shutdown(server);
+ ns_controls_shutdown(server->controls);
+ end_reserved_dispatches(server, ISC_TRUE);
+
+ cfg_obj_destroy(ns_g_parser, &ns_g_config);
+ cfg_parser_destroy(&ns_g_parser);
+
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = view_next) {
+ view_next = ISC_LIST_NEXT(view, link);
+ ISC_LIST_UNLINK(server->viewlist, view, link);
+ if (flush)
+ dns_view_flushanddetach(&view);
+ else
+ dns_view_detach(&view);
+ }
+
+ isc_timer_detach(&server->interface_timer);
+ isc_timer_detach(&server->heartbeat_timer);
+ isc_timer_detach(&server->pps_timer);
+
+ ns_interfacemgr_shutdown(server->interfacemgr);
+ ns_interfacemgr_detach(&server->interfacemgr);
+
+ dns_dispatchmgr_destroy(&ns_g_dispatchmgr);
+
+ dns_zonemgr_shutdown(server->zonemgr);
+
+ if (server->blackholeacl != NULL)
+ dns_acl_detach(&server->blackholeacl);
+
+ dns_db_detach(&server->in_roothints);
+
+ isc_task_endexclusive(server->task);
+
+ isc_task_detach(&server->task);
+
+ isc_event_free(&event);
+}
+
+void
+ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
+ isc_result_t result;
+
+ ns_server_t *server = isc_mem_get(mctx, sizeof(*server));
+ if (server == NULL)
+ fatal("allocating server object", ISC_R_NOMEMORY);
+
+ server->mctx = mctx;
+ server->task = NULL;
+
+ /* Initialize configuration data with default values. */
+
+ result = isc_quota_init(&server->xfroutquota, 10);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ result = isc_quota_init(&server->tcpquota, 10);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ result = isc_quota_init(&server->recursionquota, 100);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ result = dns_aclenv_init(mctx, &server->aclenv);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
+ /* Initialize server data structures. */
+ server->zonemgr = NULL;
+ server->interfacemgr = NULL;
+ ISC_LIST_INIT(server->viewlist);
+ server->in_roothints = NULL;
+ server->blackholeacl = NULL;
+
+ CHECKFATAL(dns_rootns_create(mctx, dns_rdataclass_in, NULL,
+ &server->in_roothints),
+ "setting up root hints");
+
+ CHECKFATAL(isc_mutex_init(&server->reload_event_lock),
+ "initializing reload event lock");
+ server->reload_event =
+ isc_event_allocate(ns_g_mctx, server,
+ NS_EVENT_RELOAD,
+ ns_server_reload,
+ server,
+ sizeof(isc_event_t));
+ CHECKFATAL(server->reload_event == NULL ?
+ ISC_R_NOMEMORY : ISC_R_SUCCESS,
+ "allocating reload event");
+
+ CHECKFATAL(dst_lib_init(ns_g_mctx, ns_g_entropy, ISC_ENTROPY_GOODONLY),
+ "initializing DST");
+
+ server->tkeyctx = NULL;
+ CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
+ &server->tkeyctx),
+ "creating TKEY context");
+
+ /*
+ * Setup the server task, which is responsible for coordinating
+ * startup and shutdown of the server.
+ */
+ CHECKFATAL(isc_task_create(ns_g_taskmgr, 0, &server->task),
+ "creating server task");
+ isc_task_setname(server->task, "server", server);
+ CHECKFATAL(isc_task_onshutdown(server->task, shutdown_server, server),
+ "isc_task_onshutdown");
+ CHECKFATAL(isc_app_onrun(ns_g_mctx, server->task, run_server, server),
+ "isc_app_onrun");
+
+ server->interface_timer = NULL;
+ server->heartbeat_timer = NULL;
+ server->pps_timer = NULL;
+
+ server->interface_interval = 0;
+ server->heartbeat_interval = 0;
+
+ CHECKFATAL(dns_zonemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_timermgr,
+ ns_g_socketmgr, &server->zonemgr),
+ "dns_zonemgr_create");
+
+ server->statsfile = isc_mem_strdup(server->mctx, "named.stats");
+ CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
+ "isc_mem_strdup");
+ server->nsstats = NULL;
+ server->rcvquerystats = NULL;
+ server->opcodestats = NULL;
+ server->zonestats = NULL;
+ server->resolverstats = NULL;
+
+ server->dumpfile = isc_mem_strdup(server->mctx, "named_dump.db");
+ CHECKFATAL(server->dumpfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
+ "isc_mem_strdup");
+
+ server->recfile = isc_mem_strdup(server->mctx, "named.recursing");
+ CHECKFATAL(server->recfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
+ "isc_mem_strdup");
+
+ server->hostname_set = ISC_FALSE;
+ server->hostname = NULL;
+ server->version_set = ISC_FALSE;
+ server->version = NULL;
+ server->server_usehostname = ISC_FALSE;
+ server->server_id = NULL;
+
+ CHECKFATAL(dns_generalstats_create(ns_g_mctx, &server->nsstats,
+ dns_nsstatscounter_max),
+ "dns_stats_create (server)");
+
+ CHECKFATAL(dns_rdatatypestats_create(ns_g_mctx,
+ &server->rcvquerystats),
+ "dns_stats_create (rcvquery)");
+
+ CHECKFATAL(dns_opcodestats_create(ns_g_mctx, &server->opcodestats),
+ "dns_stats_create (opcode)");
+
+ CHECKFATAL(dns_generalstats_create(ns_g_mctx, &server->zonestats,
+ dns_zonestatscounter_max),
+ "dns_stats_create (zone)");
+
+ CHECKFATAL(dns_generalstats_create(ns_g_mctx, &server->resolverstats,
+ dns_resstatscounter_max),
+ "dns_stats_create (resolver)");
+
+ server->flushonshutdown = ISC_FALSE;
+ server->log_queries = ISC_FALSE;
+
+ server->controls = NULL;
+ CHECKFATAL(ns_controls_create(server, &server->controls),
+ "ns_controls_create");
+ server->dispatchgen = 0;
+ ISC_LIST_INIT(server->dispatches);
+
+ ISC_LIST_INIT(server->statschannels);
+
+ server->magic = NS_SERVER_MAGIC;
+ *serverp = server;
+}
+
+void
+ns_server_destroy(ns_server_t **serverp) {
+ ns_server_t *server = *serverp;
+ REQUIRE(NS_SERVER_VALID(server));
+
+ ns_controls_destroy(&server->controls);
+
+ dns_stats_detach(&server->nsstats);
+ dns_stats_detach(&server->rcvquerystats);
+ dns_stats_detach(&server->opcodestats);
+ dns_stats_detach(&server->zonestats);
+ dns_stats_detach(&server->resolverstats);
+
+ isc_mem_free(server->mctx, server->statsfile);
+ isc_mem_free(server->mctx, server->dumpfile);
+ isc_mem_free(server->mctx, server->recfile);
+
+ if (server->version != NULL)
+ isc_mem_free(server->mctx, server->version);
+ if (server->hostname != NULL)
+ isc_mem_free(server->mctx, server->hostname);
+ if (server->server_id != NULL)
+ isc_mem_free(server->mctx, server->server_id);
+
+ dns_zonemgr_detach(&server->zonemgr);
+
+ if (server->tkeyctx != NULL)
+ dns_tkeyctx_destroy(&server->tkeyctx);
+
+ dst_lib_destroy();
+
+ isc_event_free(&server->reload_event);
+
+ INSIST(ISC_LIST_EMPTY(server->viewlist));
+
+ dns_aclenv_destroy(&server->aclenv);
+
+ isc_quota_destroy(&server->recursionquota);
+ isc_quota_destroy(&server->tcpquota);
+ isc_quota_destroy(&server->xfroutquota);
+
+ server->magic = 0;
+ isc_mem_put(server->mctx, server, sizeof(*server));
+ *serverp = NULL;
+}
+
+static void
+fatal(const char *msg, isc_result_t result) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_CRITICAL, "%s: %s", msg,
+ isc_result_totext(result));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
+ ISC_LOG_CRITICAL, "exiting (due to fatal error)");
+ exit(1);
+}
+
+static void
+start_reserved_dispatches(ns_server_t *server) {
+
+ REQUIRE(NS_SERVER_VALID(server));
+
+ server->dispatchgen++;
+}
+
+static void
+end_reserved_dispatches(ns_server_t *server, isc_boolean_t all) {
+ ns_dispatch_t *dispatch, *nextdispatch;
+
+ REQUIRE(NS_SERVER_VALID(server));
+
+ for (dispatch = ISC_LIST_HEAD(server->dispatches);
+ dispatch != NULL;
+ dispatch = nextdispatch) {
+ nextdispatch = ISC_LIST_NEXT(dispatch, link);
+ if (!all && server->dispatchgen == dispatch-> dispatchgen)
+ continue;
+ ISC_LIST_UNLINK(server->dispatches, dispatch, link);
+ dns_dispatch_detach(&dispatch->dispatch);
+ isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
+ }
+}
+
+void
+ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) {
+ ns_dispatch_t *dispatch;
+ in_port_t port;
+ char addrbuf[ISC_SOCKADDR_FORMATSIZE];
+ isc_result_t result;
+ unsigned int attrs, attrmask;
+
+ REQUIRE(NS_SERVER_VALID(server));
+
+ port = isc_sockaddr_getport(addr);
+ if (port == 0 || port >= 1024)
+ return;
+
+ for (dispatch = ISC_LIST_HEAD(server->dispatches);
+ dispatch != NULL;
+ dispatch = ISC_LIST_NEXT(dispatch, link)) {
+ if (isc_sockaddr_equal(&dispatch->addr, addr))
+ break;
+ }
+ if (dispatch != NULL) {
+ dispatch->dispatchgen = server->dispatchgen;
+ return;
+ }
+
+ dispatch = isc_mem_get(server->mctx, sizeof(*dispatch));
+ if (dispatch == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup;
+ }
+
+ dispatch->addr = *addr;
+ dispatch->dispatchgen = server->dispatchgen;
+ dispatch->dispatch = NULL;
+
+ attrs = 0;
+ attrs |= DNS_DISPATCHATTR_UDP;
+ switch (isc_sockaddr_pf(addr)) {
+ case AF_INET:
+ attrs |= DNS_DISPATCHATTR_IPV4;
+ break;
+ case AF_INET6:
+ attrs |= DNS_DISPATCHATTR_IPV6;
+ break;
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ goto cleanup;
+ }
+ attrmask = 0;
+ attrmask |= DNS_DISPATCHATTR_UDP;
+ attrmask |= DNS_DISPATCHATTR_TCP;
+ attrmask |= DNS_DISPATCHATTR_IPV4;
+ attrmask |= DNS_DISPATCHATTR_IPV6;
+
+ result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
+ ns_g_taskmgr, &dispatch->addr, 4096,
+ 1000, 32768, 16411, 16433,
+ attrs, attrmask, &dispatch->dispatch);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ ISC_LIST_INITANDPREPEND(server->dispatches, dispatch, link);
+
+ return;
+
+ cleanup:
+ if (dispatch != NULL)
+ isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
+ isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "unable to create dispatch for reserved port %s: %s",
+ addrbuf, isc_result_totext(result));
+}
+
+
+static isc_result_t
+loadconfig(ns_server_t *server) {
+ isc_result_t result;
+ start_reserved_dispatches(server);
+ result = load_configuration(ns_g_lwresdonly ?
+ lwresd_g_conffile : ns_g_conffile,
+ server, ISC_FALSE);
+ if (result == ISC_R_SUCCESS) {
+ end_reserved_dispatches(server, ISC_FALSE);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "reloading configuration succeeded");
+ } else {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "reloading configuration failed: %s",
+ isc_result_totext(result));
+ }
+ return (result);
+}
+
+static isc_result_t
+reload(ns_server_t *server) {
+ isc_result_t result;
+ CHECK(loadconfig(server));
+
+ result = load_zones(server, ISC_FALSE);
+ if (result == ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "reloading zones succeeded");
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "reloading zones failed: %s",
+ isc_result_totext(result));
+
+ cleanup:
+ return (result);
+}
+
+static void
+reconfig(ns_server_t *server) {
+ isc_result_t result;
+ CHECK(loadconfig(server));
+
+ result = load_new_zones(server, ISC_FALSE);
+ if (result == ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "any newly configured zones are now loaded");
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "loading new zones failed: %s",
+ isc_result_totext(result));
+
+ cleanup: ;
+}
+
+/*
+ * Handle a reload event (from SIGHUP).
+ */
+static void
+ns_server_reload(isc_task_t *task, isc_event_t *event) {
+ ns_server_t *server = (ns_server_t *)event->ev_arg;
+
+ INSIST(task = server->task);
+ UNUSED(task);
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "received SIGHUP signal to reload zones");
+ (void)reload(server);
+
+ LOCK(&server->reload_event_lock);
+ INSIST(server->reload_event == NULL);
+ server->reload_event = event;
+ UNLOCK(&server->reload_event_lock);
+}
+
+void
+ns_server_reloadwanted(ns_server_t *server) {
+ LOCK(&server->reload_event_lock);
+ if (server->reload_event != NULL)
+ isc_task_send(server->task, &server->reload_event);
+ UNLOCK(&server->reload_event_lock);
+}
+
+static char *
+next_token(char **stringp, const char *delim) {
+ char *res;
+
+ do {
+ res = strsep(stringp, delim);
+ if (res == NULL)
+ break;
+ } while (*res == '\0');
+ return (res);
+}
+
+/*
+ * Find the zone specified in the control channel command 'args',
+ * if any. If a zone is specified, point '*zonep' at it, otherwise
+ * set '*zonep' to NULL.
+ */
+static isc_result_t
+zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
+ char *input, *ptr;
+ const char *zonetxt;
+ char *classtxt;
+ const char *viewtxt = NULL;
+ dns_fixedname_t name;
+ isc_result_t result;
+ isc_buffer_t buf;
+ dns_view_t *view = NULL;
+ dns_rdataclass_t rdclass;
+
+ REQUIRE(zonep != NULL && *zonep == NULL);
+
+ input = args;
+
+ /* Skip the command name. */
+ ptr = next_token(&input, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ /* Look for the zone name. */
+ zonetxt = next_token(&input, " \t");
+ if (zonetxt == NULL)
+ return (ISC_R_SUCCESS);
+
+ /* Look for the optional class name. */
+ classtxt = next_token(&input, " \t");
+ if (classtxt != NULL) {
+ /* Look for the optional view name. */
+ viewtxt = next_token(&input, " \t");
+ }
+
+ isc_buffer_init(&buf, zonetxt, strlen(zonetxt));
+ isc_buffer_add(&buf, strlen(zonetxt));
+ dns_fixedname_init(&name);
+ result = dns_name_fromtext(dns_fixedname_name(&name),
+ &buf, dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto fail1;
+
+ if (classtxt != NULL) {
+ isc_textregion_t r;
+ r.base = classtxt;
+ r.length = strlen(classtxt);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
+ if (result != ISC_R_SUCCESS)
+ goto fail1;
+ } else
+ rdclass = dns_rdataclass_in;
+
+ if (viewtxt == NULL) {
+ result = dns_viewlist_findzone(&server->viewlist,
+ dns_fixedname_name(&name),
+ ISC_TF(classtxt == NULL),
+ rdclass, zonep);
+ } else {
+ result = dns_viewlist_find(&server->viewlist, viewtxt,
+ rdclass, &view);
+ if (result != ISC_R_SUCCESS)
+ goto fail1;
+
+ result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
+ 0, NULL, zonep);
+ dns_view_detach(&view);
+ }
+
+ /* Partial match? */
+ if (result != ISC_R_SUCCESS && *zonep != NULL)
+ dns_zone_detach(zonep);
+ fail1:
+ return (result);
+}
+
+/*
+ * Act on a "retransfer" command from the command channel.
+ */
+isc_result_t
+ns_server_retransfercommand(ns_server_t *server, char *args) {
+ isc_result_t result;
+ dns_zone_t *zone = NULL;
+ dns_zonetype_t type;
+
+ result = zone_from_args(server, args, &zone);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (zone == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+ type = dns_zone_gettype(zone);
+ if (type == dns_zone_slave || type == dns_zone_stub)
+ dns_zone_forcereload(zone);
+ else
+ result = ISC_R_NOTFOUND;
+ dns_zone_detach(&zone);
+ return (result);
+}
+
+/*
+ * Act on a "reload" command from the command channel.
+ */
+isc_result_t
+ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
+ isc_result_t result;
+ dns_zone_t *zone = NULL;
+ dns_zonetype_t type;
+ const char *msg = NULL;
+
+ result = zone_from_args(server, args, &zone);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (zone == NULL) {
+ result = reload(server);
+ if (result == ISC_R_SUCCESS)
+ msg = "server reload successful";
+ } else {
+ type = dns_zone_gettype(zone);
+ if (type == dns_zone_slave || type == dns_zone_stub) {
+ dns_zone_refresh(zone);
+ dns_zone_detach(&zone);
+ msg = "zone refresh queued";
+ } else {
+ result = dns_zone_load(zone);
+ dns_zone_detach(&zone);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ msg = "zone reload successful";
+ break;
+ case DNS_R_CONTINUE:
+ msg = "zone reload queued";
+ result = ISC_R_SUCCESS;
+ break;
+ case DNS_R_UPTODATE:
+ msg = "zone reload up-to-date";
+ result = ISC_R_SUCCESS;
+ break;
+ default:
+ /* failure message will be generated by rndc */
+ break;
+ }
+ }
+ }
+ if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text))
+ isc_buffer_putmem(text, (const unsigned char *)msg,
+ strlen(msg) + 1);
+ return (result);
+}
+
+/*
+ * Act on a "reconfig" command from the command channel.
+ */
+isc_result_t
+ns_server_reconfigcommand(ns_server_t *server, char *args) {
+ UNUSED(args);
+
+ reconfig(server);
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Act on a "notify" command from the command channel.
+ */
+isc_result_t
+ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
+ isc_result_t result;
+ dns_zone_t *zone = NULL;
+ const unsigned char msg[] = "zone notify queued";
+
+ result = zone_from_args(server, args, &zone);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (zone == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ dns_zone_notify(zone);
+ dns_zone_detach(&zone);
+ if (sizeof(msg) <= isc_buffer_availablelength(text))
+ isc_buffer_putmem(text, msg, sizeof(msg));
+
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Act on a "refresh" command from the command channel.
+ */
+isc_result_t
+ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
+ isc_result_t result;
+ dns_zone_t *zone = NULL;
+ const unsigned char msg1[] = "zone refresh queued";
+ const unsigned char msg2[] = "not a slave or stub zone";
+ dns_zonetype_t type;
+
+ result = zone_from_args(server, args, &zone);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (zone == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ type = dns_zone_gettype(zone);
+ if (type == dns_zone_slave || type == dns_zone_stub) {
+ dns_zone_refresh(zone);
+ dns_zone_detach(&zone);
+ if (sizeof(msg1) <= isc_buffer_availablelength(text))
+ isc_buffer_putmem(text, msg1, sizeof(msg1));
+ return (ISC_R_SUCCESS);
+ }
+
+ dns_zone_detach(&zone);
+ if (sizeof(msg2) <= isc_buffer_availablelength(text))
+ isc_buffer_putmem(text, msg2, sizeof(msg2));
+ return (ISC_R_FAILURE);
+}
+
+isc_result_t
+ns_server_togglequerylog(ns_server_t *server) {
+ server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE;
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "query logging is now %s",
+ server->log_queries ? "on" : "off");
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx,
+ isc_mem_t *mctx, ns_listenlist_t **target)
+{
+ isc_result_t result;
+ const cfg_listelt_t *element;
+ ns_listenlist_t *dlist = NULL;
+
+ REQUIRE(target != NULL && *target == NULL);
+
+ result = ns_listenlist_create(mctx, &dlist);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (element = cfg_list_first(listenlist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ ns_listenelt_t *delt = NULL;
+ const cfg_obj_t *listener = cfg_listelt_value(element);
+ result = ns_listenelt_fromconfig(listener, config, actx,
+ mctx, &delt);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ ISC_LIST_APPEND(dlist->elts, delt, link);
+ }
+ *target = dlist;
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ ns_listenlist_detach(&dlist);
+ return (result);
+}
+
+/*
+ * Create a listen list from the corresponding configuration
+ * data structure.
+ */
+static isc_result_t
+ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx,
+ isc_mem_t *mctx, ns_listenelt_t **target)
+{
+ isc_result_t result;
+ const cfg_obj_t *portobj;
+ in_port_t port;
+ ns_listenelt_t *delt = NULL;
+ REQUIRE(target != NULL && *target == NULL);
+
+ portobj = cfg_tuple_get(listener, "port");
+ if (!cfg_obj_isuint32(portobj)) {
+ if (ns_g_port != 0) {
+ port = ns_g_port;
+ } else {
+ result = ns_config_getport(config, &port);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ } else {
+ if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
+ cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
+ "port value '%u' is out of range",
+ cfg_obj_asuint32(portobj));
+ return (ISC_R_RANGE);
+ }
+ port = (in_port_t)cfg_obj_asuint32(portobj);
+ }
+
+ result = ns_listenelt_create(mctx, port, NULL, &delt);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = cfg_acl_fromconfig(cfg_tuple_get(listener, "acl"),
+ config, ns_g_lctx, actx, mctx, 0,
+ &delt->acl);
+ if (result != ISC_R_SUCCESS) {
+ ns_listenelt_destroy(delt);
+ return (result);
+ }
+ *target = delt;
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_server_dumpstats(ns_server_t *server) {
+ isc_result_t result;
+ FILE *fp = NULL;
+
+ CHECKMF(isc_stdio_open(server->statsfile, "a", &fp),
+ "could not open statistics dump file", server->statsfile);
+
+ result = ns_stats_dump(server, fp);
+ CHECK(result);
+
+ cleanup:
+ if (fp != NULL)
+ (void)isc_stdio_close(fp);
+ if (result == ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "dumpstats complete");
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "dumpstats failed: %s",
+ dns_result_totext(result));
+ return (result);
+}
+
+static isc_result_t
+add_zone_tolist(dns_zone_t *zone, void *uap) {
+ struct dumpcontext *dctx = uap;
+ struct zonelistentry *zle;
+
+ zle = isc_mem_get(dctx->mctx, sizeof *zle);
+ if (zle == NULL)
+ return (ISC_R_NOMEMORY);
+ zle->zone = NULL;
+ dns_zone_attach(zone, &zle->zone);
+ ISC_LINK_INIT(zle, link);
+ ISC_LIST_APPEND(ISC_LIST_TAIL(dctx->viewlist)->zonelist, zle, link);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) {
+ struct viewlistentry *vle;
+ isc_result_t result = ISC_R_SUCCESS;
+
+ /*
+ * Prevent duplicate views.
+ */
+ for (vle = ISC_LIST_HEAD(dctx->viewlist);
+ vle != NULL;
+ vle = ISC_LIST_NEXT(vle, link))
+ if (vle->view == view)
+ return (ISC_R_SUCCESS);
+
+ vle = isc_mem_get(dctx->mctx, sizeof *vle);
+ if (vle == NULL)
+ return (ISC_R_NOMEMORY);
+ vle->view = NULL;
+ dns_view_attach(view, &vle->view);
+ ISC_LINK_INIT(vle, link);
+ ISC_LIST_INIT(vle->zonelist);
+ ISC_LIST_APPEND(dctx->viewlist, vle, link);
+ if (dctx->dumpzones)
+ result = dns_zt_apply(view->zonetable, ISC_TRUE,
+ add_zone_tolist, dctx);
+ return (result);
+}
+
+static void
+dumpcontext_destroy(struct dumpcontext *dctx) {
+ struct viewlistentry *vle;
+ struct zonelistentry *zle;
+
+ vle = ISC_LIST_HEAD(dctx->viewlist);
+ while (vle != NULL) {
+ ISC_LIST_UNLINK(dctx->viewlist, vle, link);
+ zle = ISC_LIST_HEAD(vle->zonelist);
+ while (zle != NULL) {
+ ISC_LIST_UNLINK(vle->zonelist, zle, link);
+ dns_zone_detach(&zle->zone);
+ isc_mem_put(dctx->mctx, zle, sizeof *zle);
+ zle = ISC_LIST_HEAD(vle->zonelist);
+ }
+ dns_view_detach(&vle->view);
+ isc_mem_put(dctx->mctx, vle, sizeof *vle);
+ vle = ISC_LIST_HEAD(dctx->viewlist);
+ }
+ if (dctx->version != NULL)
+ dns_db_closeversion(dctx->db, &dctx->version, ISC_FALSE);
+ if (dctx->db != NULL)
+ dns_db_detach(&dctx->db);
+ if (dctx->cache != NULL)
+ dns_db_detach(&dctx->cache);
+ if (dctx->task != NULL)
+ isc_task_detach(&dctx->task);
+ if (dctx->fp != NULL)
+ (void)isc_stdio_close(dctx->fp);
+ if (dctx->mdctx != NULL)
+ dns_dumpctx_detach(&dctx->mdctx);
+ isc_mem_put(dctx->mctx, dctx, sizeof *dctx);
+}
+
+static void
+dumpdone(void *arg, isc_result_t result) {
+ struct dumpcontext *dctx = arg;
+ char buf[1024+32];
+ const dns_master_style_t *style;
+
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ if (dctx->mdctx != NULL)
+ dns_dumpctx_detach(&dctx->mdctx);
+ if (dctx->view == NULL) {
+ dctx->view = ISC_LIST_HEAD(dctx->viewlist);
+ if (dctx->view == NULL)
+ goto done;
+ INSIST(dctx->zone == NULL);
+ } else
+ goto resume;
+ nextview:
+ fprintf(dctx->fp, ";\n; Start view %s\n;\n", dctx->view->view->name);
+ resume:
+ if (dctx->zone == NULL && dctx->cache == NULL && dctx->dumpcache) {
+ style = &dns_master_style_cache;
+ /* start cache dump */
+ if (dctx->view->view->cachedb != NULL)
+ dns_db_attach(dctx->view->view->cachedb, &dctx->cache);
+ if (dctx->cache != NULL) {
+
+ fprintf(dctx->fp, ";\n; Cache dump of view '%s'\n;\n",
+ dctx->view->view->name);
+ result = dns_master_dumptostreaminc(dctx->mctx,
+ dctx->cache, NULL,
+ style, dctx->fp,
+ dctx->task,
+ dumpdone, dctx,
+ &dctx->mdctx);
+ if (result == DNS_R_CONTINUE)
+ return;
+ if (result == ISC_R_NOTIMPLEMENTED)
+ fprintf(dctx->fp, "; %s\n",
+ dns_result_totext(result));
+ else if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+ }
+ if (dctx->cache != NULL) {
+ dns_adb_dump(dctx->view->view->adb, dctx->fp);
+ dns_db_detach(&dctx->cache);
+ }
+ if (dctx->dumpzones) {
+ style = &dns_master_style_full;
+ nextzone:
+ if (dctx->version != NULL)
+ dns_db_closeversion(dctx->db, &dctx->version,
+ ISC_FALSE);
+ if (dctx->db != NULL)
+ dns_db_detach(&dctx->db);
+ if (dctx->zone == NULL)
+ dctx->zone = ISC_LIST_HEAD(dctx->view->zonelist);
+ else
+ dctx->zone = ISC_LIST_NEXT(dctx->zone, link);
+ if (dctx->zone != NULL) {
+ /* start zone dump */
+ dns_zone_name(dctx->zone->zone, buf, sizeof(buf));
+ fprintf(dctx->fp, ";\n; Zone dump of '%s'\n;\n", buf);
+ result = dns_zone_getdb(dctx->zone->zone, &dctx->db);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(dctx->fp, "; %s\n",
+ dns_result_totext(result));
+ goto nextzone;
+ }
+ dns_db_currentversion(dctx->db, &dctx->version);
+ result = dns_master_dumptostreaminc(dctx->mctx,
+ dctx->db,
+ dctx->version,
+ style, dctx->fp,
+ dctx->task,
+ dumpdone, dctx,
+ &dctx->mdctx);
+ if (result == DNS_R_CONTINUE)
+ return;
+ if (result == ISC_R_NOTIMPLEMENTED) {
+ fprintf(dctx->fp, "; %s\n",
+ dns_result_totext(result));
+ result = ISC_R_SUCCESS;
+ goto nextzone;
+ }
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ }
+ }
+ if (dctx->view != NULL)
+ dctx->view = ISC_LIST_NEXT(dctx->view, link);
+ if (dctx->view != NULL)
+ goto nextview;
+ done:
+ fprintf(dctx->fp, "; Dump complete\n");
+ result = isc_stdio_flush(dctx->fp);
+ if (result == ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "dumpdb complete");
+ cleanup:
+ if (result != ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "dumpdb failed: %s", dns_result_totext(result));
+ dumpcontext_destroy(dctx);
+}
+
+isc_result_t
+ns_server_dumpdb(ns_server_t *server, char *args) {
+ struct dumpcontext *dctx = NULL;
+ dns_view_t *view;
+ isc_result_t result;
+ char *ptr;
+ const char *sep;
+
+ /* Skip the command name. */
+ ptr = next_token(&args, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ dctx = isc_mem_get(server->mctx, sizeof(*dctx));
+ if (dctx == NULL)
+ return (ISC_R_NOMEMORY);
+
+ dctx->mctx = server->mctx;
+ dctx->dumpcache = ISC_TRUE;
+ dctx->dumpzones = ISC_FALSE;
+ dctx->fp = NULL;
+ ISC_LIST_INIT(dctx->viewlist);
+ dctx->view = NULL;
+ dctx->zone = NULL;
+ dctx->cache = NULL;
+ dctx->mdctx = NULL;
+ dctx->db = NULL;
+ dctx->cache = NULL;
+ dctx->task = NULL;
+ dctx->version = NULL;
+ isc_task_attach(server->task, &dctx->task);
+
+ CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp),
+ "could not open dump file", server->dumpfile);
+
+ sep = (args == NULL) ? "" : ": ";
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "dumpdb started%s%s", sep, (args != NULL) ? args : "");
+
+ ptr = next_token(&args, " \t");
+ if (ptr != NULL && strcmp(ptr, "-all") == 0) {
+ dctx->dumpzones = ISC_TRUE;
+ dctx->dumpcache = ISC_TRUE;
+ ptr = next_token(&args, " \t");
+ } else if (ptr != NULL && strcmp(ptr, "-cache") == 0) {
+ dctx->dumpzones = ISC_FALSE;
+ dctx->dumpcache = ISC_TRUE;
+ ptr = next_token(&args, " \t");
+ } else if (ptr != NULL && strcmp(ptr, "-zones") == 0) {
+ dctx->dumpzones = ISC_TRUE;
+ dctx->dumpcache = ISC_FALSE;
+ ptr = next_token(&args, " \t");
+ }
+
+ nextview:
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ if (ptr != NULL && strcmp(view->name, ptr) != 0)
+ continue;
+ CHECK(add_view_tolist(dctx, view));
+ }
+ if (ptr != NULL) {
+ ptr = next_token(&args, " \t");
+ if (ptr != NULL)
+ goto nextview;
+ }
+ dumpdone(dctx, ISC_R_SUCCESS);
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (dctx != NULL)
+ dumpcontext_destroy(dctx);
+ return (result);
+}
+
+isc_result_t
+ns_server_dumprecursing(ns_server_t *server) {
+ FILE *fp = NULL;
+ isc_result_t result;
+
+ CHECKMF(isc_stdio_open(server->recfile, "w", &fp),
+ "could not open dump file", server->recfile);
+ fprintf(fp,";\n; Recursing Queries\n;\n");
+ ns_interfacemgr_dumprecursing(fp, server->interfacemgr);
+ fprintf(fp, "; Dump complete\n");
+
+ cleanup:
+ if (fp != NULL)
+ result = isc_stdio_close(fp);
+ if (result == ISC_R_SUCCESS)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "dumprecursing complete");
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "dumprecursing failed: %s",
+ dns_result_totext(result));
+ return (result);
+}
+
+isc_result_t
+ns_server_setdebuglevel(ns_server_t *server, char *args) {
+ char *ptr;
+ char *levelstr;
+ char *endp;
+ long newlevel;
+
+ UNUSED(server);
+
+ /* Skip the command name. */
+ ptr = next_token(&args, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ /* Look for the new level name. */
+ levelstr = next_token(&args, " \t");
+ if (levelstr == NULL) {
+ if (ns_g_debuglevel < 99)
+ ns_g_debuglevel++;
+ } else {
+ newlevel = strtol(levelstr, &endp, 10);
+ if (*endp != '\0' || newlevel < 0 || newlevel > 99)
+ return (ISC_R_RANGE);
+ ns_g_debuglevel = (unsigned int)newlevel;
+ }
+ isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "debug level is now %d", ns_g_debuglevel);
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_server_validation(ns_server_t *server, char *args) {
+ char *ptr, *viewname;
+ dns_view_t *view;
+ isc_boolean_t changed = ISC_FALSE;
+ isc_result_t result;
+ isc_boolean_t enable;
+
+ /* Skip the command name. */
+ ptr = next_token(&args, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ /* Find out what we are to do. */
+ ptr = next_token(&args, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ if (!strcasecmp(ptr, "on") || !strcasecmp(ptr, "yes") ||
+ !strcasecmp(ptr, "enable") || !strcasecmp(ptr, "true"))
+ enable = ISC_TRUE;
+ else if (!strcasecmp(ptr, "off") || !strcasecmp(ptr, "no") ||
+ !strcasecmp(ptr, "disable") || !strcasecmp(ptr, "false"))
+ enable = ISC_FALSE;
+ else
+ return (DNS_R_SYNTAX);
+
+ /* Look for the view name. */
+ viewname = next_token(&args, " \t");
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
+ continue;
+ result = dns_view_flushcache(view);
+ if (result != ISC_R_SUCCESS)
+ goto out;
+ view->enablevalidation = enable;
+ changed = ISC_TRUE;
+ }
+ if (changed)
+ result = ISC_R_SUCCESS;
+ else
+ result = ISC_R_FAILURE;
+ out:
+ isc_task_endexclusive(server->task);
+ return (result);
+}
+
+isc_result_t
+ns_server_flushcache(ns_server_t *server, char *args) {
+ char *ptr, *viewname;
+ dns_view_t *view;
+ isc_boolean_t flushed;
+ isc_boolean_t found;
+ isc_result_t result;
+
+ /* Skip the command name. */
+ ptr = next_token(&args, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ /* Look for the view name. */
+ viewname = next_token(&args, " \t");
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ flushed = ISC_TRUE;
+ found = ISC_FALSE;
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
+ continue;
+ found = ISC_TRUE;
+ result = dns_view_flushcache(view);
+ if (result != ISC_R_SUCCESS) {
+ flushed = ISC_FALSE;
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "flushing cache in view '%s' failed: %s",
+ view->name, isc_result_totext(result));
+ }
+ }
+ if (flushed && found) {
+ if (viewname != NULL)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "flushing cache in view '%s' succeeded",
+ viewname);
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "flushing caches in all views succeeded");
+ result = ISC_R_SUCCESS;
+ } else {
+ if (!found) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "flushing cache in view '%s' failed: "
+ "view not found", viewname);
+ result = ISC_R_NOTFOUND;
+ } else
+ result = ISC_R_FAILURE;
+ }
+ isc_task_endexclusive(server->task);
+ return (result);
+}
+
+isc_result_t
+ns_server_flushname(ns_server_t *server, char *args) {
+ char *ptr, *target, *viewname;
+ dns_view_t *view;
+ isc_boolean_t flushed;
+ isc_boolean_t found;
+ isc_result_t result;
+ isc_buffer_t b;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+
+ /* Skip the command name. */
+ ptr = next_token(&args, " \t");
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ /* Find the domain name to flush. */
+ target = next_token(&args, " \t");
+ if (target == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+
+ isc_buffer_init(&b, target, strlen(target));
+ isc_buffer_add(&b, strlen(target));
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /* Look for the view name. */
+ viewname = next_token(&args, " \t");
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ flushed = ISC_TRUE;
+ found = ISC_FALSE;
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
+ continue;
+ found = ISC_TRUE;
+ result = dns_view_flushname(view, name);
+ if (result != ISC_R_SUCCESS) {
+ flushed = ISC_FALSE;
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "flushing name '%s' in cache view '%s' "
+ "failed: %s", target, view->name,
+ isc_result_totext(result));
+ }
+ }
+ if (flushed && found) {
+ if (viewname != NULL)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "flushing name '%s' in cache view '%s' "
+ "succeeded", target, viewname);
+ else
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "flushing name '%s' in all cache views "
+ "succeeded", target);
+ result = ISC_R_SUCCESS;
+ } else {
+ if (!found)
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "flushing name '%s' in cache view '%s' "
+ "failed: view not found", target,
+ viewname);
+ result = ISC_R_FAILURE;
+ }
+ isc_task_endexclusive(server->task);
+ return (result);
+}
+
+isc_result_t
+ns_server_status(ns_server_t *server, isc_buffer_t *text) {
+ int zonecount, xferrunning, xferdeferred, soaqueries;
+ unsigned int n;
+ const char *ob = "", *cb = "", *alt = "";
+
+ if (ns_g_server->version_set) {
+ ob = " (";
+ cb = ")";
+ if (ns_g_server->version == NULL)
+ alt = "version.bind/txt/ch disabled";
+ else
+ alt = ns_g_server->version;
+ }
+ zonecount = dns_zonemgr_getcount(server->zonemgr, DNS_ZONESTATE_ANY);
+ xferrunning = dns_zonemgr_getcount(server->zonemgr,
+ DNS_ZONESTATE_XFERRUNNING);
+ xferdeferred = dns_zonemgr_getcount(server->zonemgr,
+ DNS_ZONESTATE_XFERDEFERRED);
+ soaqueries = dns_zonemgr_getcount(server->zonemgr,
+ DNS_ZONESTATE_SOAQUERY);
+
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "version: %s%s%s%s\n"
+#ifdef ISC_PLATFORM_USETHREADS
+ "CPUs found: %u\n"
+ "worker threads: %u\n"
+#endif
+ "number of zones: %u\n"
+ "debug level: %d\n"
+ "xfers running: %u\n"
+ "xfers deferred: %u\n"
+ "soa queries in progress: %u\n"
+ "query logging is %s\n"
+ "recursive clients: %d/%d/%d\n"
+ "tcp clients: %d/%d\n"
+ "server is up and running",
+ ns_g_version, ob, alt, cb,
+#ifdef ISC_PLATFORM_USETHREADS
+ ns_g_cpus_detected, ns_g_cpus,
+#endif
+ zonecount, ns_g_debuglevel, xferrunning, xferdeferred,
+ soaqueries, server->log_queries ? "ON" : "OFF",
+ server->recursionquota.used, server->recursionquota.soft,
+ server->recursionquota.max,
+ server->tcpquota.used, server->tcpquota.max);
+ if (n >= isc_buffer_availablelength(text))
+ return (ISC_R_NOSPACE);
+ isc_buffer_add(text, n);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+delete_keynames(dns_tsig_keyring_t *ring, char *target,
+ unsigned int *foundkeys)
+{
+ char namestr[DNS_NAME_FORMATSIZE];
+ isc_result_t result;
+ dns_rbtnodechain_t chain;
+ dns_name_t foundname;
+ dns_fixedname_t fixedorigin;
+ dns_name_t *origin;
+ dns_rbtnode_t *node;
+ dns_tsigkey_t *tkey;
+
+ dns_name_init(&foundname, NULL);
+ dns_fixedname_init(&fixedorigin);
+ origin = dns_fixedname_name(&fixedorigin);
+
+ again:
+ dns_rbtnodechain_init(&chain, ring->mctx);
+ result = dns_rbtnodechain_first(&chain, ring->keys, &foundname,
+ origin);
+ if (result == ISC_R_NOTFOUND) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (ISC_R_SUCCESS);
+ }
+ if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (result);
+ }
+
+ for (;;) {
+ node = NULL;
+ dns_rbtnodechain_current(&chain, &foundname, origin, &node);
+ tkey = node->data;
+
+ if (tkey != NULL) {
+ if (!tkey->generated)
+ goto nextkey;
+
+ dns_name_format(&tkey->name, namestr, sizeof(namestr));
+ if (strcmp(namestr, target) == 0) {
+ (*foundkeys)++;
+ dns_rbtnodechain_invalidate(&chain);
+ (void)dns_rbt_deletename(ring->keys,
+ &tkey->name,
+ ISC_FALSE);
+ goto again;
+ }
+ }
+
+ nextkey:
+ result = dns_rbtnodechain_next(&chain, &foundname, origin);
+ if (result == ISC_R_NOMORE)
+ break;
+ if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (result);
+ }
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text) {
+ isc_result_t result;
+ unsigned int n;
+ dns_view_t *view;
+ unsigned int foundkeys = 0;
+ char *target;
+ char *viewname;
+
+ (void)next_token(&command, " \t"); /* skip command name */
+ target = next_token(&command, " \t");
+ if (target == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+ viewname = next_token(&command, " \t");
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ if (viewname == NULL || strcmp(view->name, viewname) == 0) {
+ RWLOCK(&view->dynamickeys->lock, isc_rwlocktype_write);
+ result = delete_keynames(view->dynamickeys, target,
+ &foundkeys);
+ RWUNLOCK(&view->dynamickeys->lock,
+ isc_rwlocktype_write);
+ if (result != ISC_R_SUCCESS) {
+ isc_task_endexclusive(server->task);
+ return (result);
+ }
+ }
+ }
+ isc_task_endexclusive(server->task);
+
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "%d tsig keys deleted.\n", foundkeys);
+ if (n >= isc_buffer_availablelength(text)) {
+ isc_task_endexclusive(server->task);
+ return (ISC_R_NOSPACE);
+ }
+ isc_buffer_add(text, n);
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+list_keynames(dns_view_t *view, dns_tsig_keyring_t *ring, isc_buffer_t *text,
+ unsigned int *foundkeys)
+{
+ char namestr[DNS_NAME_FORMATSIZE];
+ char creatorstr[DNS_NAME_FORMATSIZE];
+ isc_result_t result;
+ dns_rbtnodechain_t chain;
+ dns_name_t foundname;
+ dns_fixedname_t fixedorigin;
+ dns_name_t *origin;
+ dns_rbtnode_t *node;
+ dns_tsigkey_t *tkey;
+ unsigned int n;
+ const char *viewname;
+
+ if (view != NULL)
+ viewname = view->name;
+ else
+ viewname = "(global)";
+
+ dns_name_init(&foundname, NULL);
+ dns_fixedname_init(&fixedorigin);
+ origin = dns_fixedname_name(&fixedorigin);
+ dns_rbtnodechain_init(&chain, ring->mctx);
+ result = dns_rbtnodechain_first(&chain, ring->keys, &foundname,
+ origin);
+ if (result == ISC_R_NOTFOUND) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (ISC_R_SUCCESS);
+ }
+ if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (result);
+ }
+
+ for (;;) {
+ node = NULL;
+ dns_rbtnodechain_current(&chain, &foundname, origin, &node);
+ tkey = node->data;
+
+ if (tkey != NULL) {
+ (*foundkeys)++;
+ dns_name_format(&tkey->name, namestr, sizeof(namestr));
+ if (tkey->generated) {
+ dns_name_format(tkey->creator, creatorstr,
+ sizeof(creatorstr));
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "view \"%s\"; type \"dynamic\"; key \"%s\"; creator \"%s\";\n",
+ viewname, namestr, creatorstr);
+ } else {
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "view \"%s\"; type \"static\"; key \"%s\";\n",
+ viewname, namestr);
+ }
+ if (n >= isc_buffer_availablelength(text)) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (ISC_R_NOSPACE);
+ }
+ isc_buffer_add(text, n);
+ }
+ result = dns_rbtnodechain_next(&chain, &foundname, origin);
+ if (result == ISC_R_NOMORE)
+ break;
+ if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
+ dns_rbtnodechain_invalidate(&chain);
+ return (result);
+ }
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) {
+ isc_result_t result;
+ unsigned int n;
+ dns_view_t *view;
+ unsigned int foundkeys = 0;
+
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ RWLOCK(&view->statickeys->lock, isc_rwlocktype_read);
+ result = list_keynames(view, view->statickeys, text,
+ &foundkeys);
+ RWUNLOCK(&view->statickeys->lock, isc_rwlocktype_read);
+ if (result != ISC_R_SUCCESS) {
+ isc_task_endexclusive(server->task);
+ return (result);
+ }
+ RWLOCK(&view->dynamickeys->lock, isc_rwlocktype_read);
+ result = list_keynames(view, view->dynamickeys, text,
+ &foundkeys);
+ RWUNLOCK(&view->dynamickeys->lock, isc_rwlocktype_read);
+ if (result != ISC_R_SUCCESS) {
+ isc_task_endexclusive(server->task);
+ return (result);
+ }
+ }
+ isc_task_endexclusive(server->task);
+
+ if (foundkeys == 0) {
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "no tsig keys found.\n");
+ if (n >= isc_buffer_availablelength(text)) {
+ isc_task_endexclusive(server->task);
+ return (ISC_R_NOSPACE);
+ }
+ isc_buffer_add(text, n);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Act on a "freeze" or "thaw" command from the command channel.
+ */
+isc_result_t
+ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
+ isc_result_t result, tresult;
+ dns_zone_t *zone = NULL;
+ dns_zonetype_t type;
+ char classstr[DNS_RDATACLASS_FORMATSIZE];
+ char zonename[DNS_NAME_FORMATSIZE];
+ dns_view_t *view;
+ char *journal;
+ const char *vname, *sep;
+ isc_boolean_t frozen;
+
+ result = zone_from_args(server, args, &zone);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ if (zone == NULL) {
+ result = isc_task_beginexclusive(server->task);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ tresult = ISC_R_SUCCESS;
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ result = dns_view_freezezones(view, freeze);
+ if (result != ISC_R_SUCCESS &&
+ tresult == ISC_R_SUCCESS)
+ tresult = result;
+ }
+ isc_task_endexclusive(server->task);
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "%s all zones: %s",
+ freeze ? "freezing" : "thawing",
+ isc_result_totext(tresult));
+ return (tresult);
+ }
+ type = dns_zone_gettype(zone);
+ if (type != dns_zone_master) {
+ dns_zone_detach(&zone);
+ return (ISC_R_NOTFOUND);
+ }
+
+ frozen = dns_zone_getupdatedisabled(zone);
+ if (freeze) {
+ if (frozen)
+ result = DNS_R_FROZEN;
+ if (result == ISC_R_SUCCESS)
+ result = dns_zone_flush(zone);
+ if (result == ISC_R_SUCCESS) {
+ journal = dns_zone_getjournal(zone);
+ if (journal != NULL)
+ (void)isc_file_remove(journal);
+ }
+ } else {
+ if (frozen) {
+ result = dns_zone_load(zone);
+ if (result == DNS_R_CONTINUE ||
+ result == DNS_R_UPTODATE)
+ result = ISC_R_SUCCESS;
+ }
+ }
+ if (result == ISC_R_SUCCESS)
+ dns_zone_setupdatedisabled(zone, freeze);
+
+ view = dns_zone_getview(zone);
+ if (strcmp(view->name, "_bind") == 0 ||
+ strcmp(view->name, "_default") == 0)
+ {
+ vname = "";
+ sep = "";
+ } else {
+ vname = view->name;
+ sep = " ";
+ }
+ dns_rdataclass_format(dns_zone_getclass(zone), classstr,
+ sizeof(classstr));
+ dns_name_format(dns_zone_getorigin(zone),
+ zonename, sizeof(zonename));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "%s zone '%s/%s'%s%s: %s",
+ freeze ? "freezing" : "thawing",
+ zonename, classstr, sep, vname,
+ isc_result_totext(result));
+ dns_zone_detach(&zone);
+ return (result);
+}
+
+#ifdef HAVE_LIBSCF
+/*
+ * This function adds a message for rndc to echo if named
+ * is managed by smf and is also running chroot.
+ */
+isc_result_t
+ns_smf_add_message(isc_buffer_t *text) {
+ unsigned int n;
+
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "use svcadm(1M) to manage named");
+ if (n >= isc_buffer_availablelength(text))
+ return (ISC_R_NOSPACE);
+ isc_buffer_add(text, n);
+ return (ISC_R_SUCCESS);
+}
+#endif /* HAVE_LIBSCF */
diff --git a/bin/named/sortlist.c b/bin/named/sortlist.c
new file mode 100644
index 0000000..daefa07
--- /dev/null
+++ b/bin/named/sortlist.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sortlist.c,v 1.17 2007/09/14 01:46:05 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/acl.h>
+#include <dns/result.h>
+
+#include <named/globals.h>
+#include <named/server.h>
+#include <named/sortlist.h>
+
+ns_sortlisttype_t
+ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr,
+ const void **argp)
+{
+ unsigned int i;
+
+ if (acl == NULL)
+ goto dont_sort;
+
+ for (i = 0; i < acl->length; i++) {
+ /*
+ * 'e' refers to the current 'top level statement'
+ * in the sortlist (see ARM).
+ */
+ dns_aclelement_t *e = &acl->elements[i];
+ dns_aclelement_t *try_elt;
+ dns_aclelement_t *order_elt = NULL;
+ const dns_aclelement_t *matched_elt = NULL;
+
+ if (e->type == dns_aclelementtype_nestedacl) {
+ dns_acl_t *inner = e->nestedacl;
+
+ if (inner->length == 0)
+ try_elt = e;
+ else if (inner->length > 2)
+ goto dont_sort;
+ else if (inner->elements[0].negative)
+ goto dont_sort;
+ else {
+ try_elt = &inner->elements[0];
+ if (inner->length == 2)
+ order_elt = &inner->elements[1];
+ }
+ } else {
+ /*
+ * BIND 8 allows bare elements at the top level
+ * as an undocumented feature.
+ */
+ try_elt = e;
+ }
+
+ if (dns_aclelement_match(clientaddr, NULL, try_elt,
+ &ns_g_server->aclenv,
+ &matched_elt)) {
+ if (order_elt != NULL) {
+ if (order_elt->type ==
+ dns_aclelementtype_nestedacl) {
+ *argp = order_elt->nestedacl;
+ return (NS_SORTLISTTYPE_2ELEMENT);
+ } else if (order_elt->type ==
+ dns_aclelementtype_localhost &&
+ ns_g_server->aclenv.localhost != NULL) {
+ *argp = ns_g_server->aclenv.localhost;
+ return (NS_SORTLISTTYPE_2ELEMENT);
+ } else if (order_elt->type ==
+ dns_aclelementtype_localnets &&
+ ns_g_server->aclenv.localnets != NULL) {
+ *argp = ns_g_server->aclenv.localnets;
+ return (NS_SORTLISTTYPE_2ELEMENT);
+ } else {
+ /*
+ * BIND 8 allows a bare IP prefix as
+ * the 2nd element of a 2-element
+ * sortlist statement.
+ */
+ *argp = order_elt;
+ return (NS_SORTLISTTYPE_1ELEMENT);
+ }
+ } else {
+ INSIST(matched_elt != NULL);
+ *argp = matched_elt;
+ return (NS_SORTLISTTYPE_1ELEMENT);
+ }
+ }
+ }
+
+ /* No match; don't sort. */
+ dont_sort:
+ *argp = NULL;
+ return (NS_SORTLISTTYPE_NONE);
+}
+
+int
+ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg) {
+ const dns_acl_t *sortacl = (const dns_acl_t *) arg;
+ int match;
+
+ (void)dns_acl_match(addr, NULL, sortacl,
+ &ns_g_server->aclenv,
+ &match, NULL);
+ if (match > 0)
+ return (match);
+ else if (match < 0)
+ return (INT_MAX - (-match));
+ else
+ return (INT_MAX / 2);
+}
+
+int
+ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg) {
+ const dns_aclelement_t *matchelt = (const dns_aclelement_t *) arg;
+ if (dns_aclelement_match(addr, NULL, matchelt,
+ &ns_g_server->aclenv,
+ NULL)) {
+ return (0);
+ } else {
+ return (INT_MAX);
+ }
+}
+
+void
+ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr,
+ dns_addressorderfunc_t *orderp,
+ const void **argp)
+{
+ ns_sortlisttype_t sortlisttype;
+
+ sortlisttype = ns_sortlist_setup(sortlist_acl, client_addr, argp);
+
+ switch (sortlisttype) {
+ case NS_SORTLISTTYPE_1ELEMENT:
+ *orderp = ns_sortlist_addrorder1;
+ break;
+ case NS_SORTLISTTYPE_2ELEMENT:
+ *orderp = ns_sortlist_addrorder2;
+ break;
+ case NS_SORTLISTTYPE_NONE:
+ *orderp = NULL;
+ break;
+ default:
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "unexpected return from ns_sortlist_setup(): "
+ "%d", sortlisttype);
+ break;
+ }
+}
+
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
new file mode 100644
index 0000000..634a50d
--- /dev/null
+++ b/bin/named/statschannel.c
@@ -0,0 +1,1257 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: statschannel.c,v 1.14.64.1 2008/12/18 02:40:35 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/buffer.h>
+#include <isc/httpd.h>
+#include <isc/mem.h>
+#include <isc/once.h>
+#include <isc/print.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+
+#include <dns/db.h>
+#include <dns/opcode.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+#include <dns/stats.h>
+#include <dns/view.h>
+#include <dns/zt.h>
+
+#include <named/log.h>
+#include <named/server.h>
+#include <named/statschannel.h>
+
+#include "bind9.xsl.h"
+
+struct ns_statschannel {
+ /* Unlocked */
+ isc_httpdmgr_t *httpdmgr;
+ isc_sockaddr_t address;
+ isc_mem_t *mctx;
+
+ /*
+ * Locked by channel lock: can be refererenced and modified by both
+ * the server task and the channel task.
+ */
+ isc_mutex_t lock;
+ dns_acl_t *acl;
+
+ /* Locked by server task */
+ ISC_LINK(struct ns_statschannel) link;
+};
+
+typedef enum { statsformat_file, statsformat_xml } statsformat_t;
+
+typedef struct
+stats_dumparg {
+ statsformat_t type;
+ void *arg; /* type dependent argument */
+ const char *category; /* used for general statistics */
+ const char **desc; /* used for general statistics */
+ int ncounters; /* used for general statistics */
+} stats_dumparg_t;
+
+static isc_once_t once = ISC_ONCE_INIT;
+
+/*%
+ * Statistics descriptions. These could be statistically initialized at
+ * compile time, but we configure them run time in the init_desc() function
+ * below so that they'll be less susceptible to counter name changes.
+ */
+static const char *nsstats_desc[dns_nsstatscounter_max];
+static const char *resstats_desc[dns_resstatscounter_max];
+static const char *zonestats_desc[dns_zonestatscounter_max];
+#ifdef HAVE_LIBXML2
+static const char *nsstats_xmldesc[dns_nsstatscounter_max];
+static const char *resstats_xmldesc[dns_resstatscounter_max];
+static const char *zonestats_xmldesc[dns_zonestatscounter_max];
+#else
+#define nsstats_xmldesc NULL
+#define resstats_xmldesc NULL
+#define zonestats_xmldesc NULL
+#endif /* HAVE_LIBXML2 */
+
+static inline void
+set_desc(int counter, int maxcounter, const char *fdesc, const char **fdescs,
+ const char *xdesc, const char **xdescs)
+{
+ REQUIRE(counter < maxcounter);
+ REQUIRE(fdescs[counter] == NULL);
+#ifdef HAVE_LIBXML2
+ REQUIRE(xdescs[counter] == NULL);
+#endif
+
+ fdescs[counter] = fdesc;
+#ifdef HAVE_LIBXML2
+ xdescs[counter] = xdesc;
+#else
+ UNUSED(xdesc);
+ UNUSED(xdescs);
+#endif
+}
+
+static void
+init_desc(void) {
+ int i;
+
+ /* Initialize name server statistics */
+ memset(nsstats_desc, 0,
+ dns_nsstatscounter_max * sizeof(nsstats_desc[0]));
+#ifdef HAVE_LIBXML2
+ memset(nsstats_xmldesc, 0,
+ dns_nsstatscounter_max * sizeof(nsstats_xmldesc[0]));
+#endif
+ set_desc(dns_nsstatscounter_requestv4, dns_nsstatscounter_max,
+ "IPv4 requests received", nsstats_desc,
+ "Requestv4", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_requestv6, dns_nsstatscounter_max,
+ "IPv6 requests received", nsstats_desc,
+ "Requestv6", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_edns0in, dns_nsstatscounter_max,
+ "requests with EDNS(0) received", nsstats_desc,
+ "ReqEdns0", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_badednsver, dns_nsstatscounter_max,
+ "requests with unsupported EDNS version received",
+ nsstats_desc,
+ "ReqBadEDNSVer", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_tsigin, dns_nsstatscounter_max,
+ "requests with TSIG received", nsstats_desc,
+ "ReqTSIG", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_sig0in, dns_nsstatscounter_max,
+ "requests with SIG(0) received", nsstats_desc,
+ "ReqSIG0", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_invalidsig, dns_nsstatscounter_max,
+ "requests with invalid signature", nsstats_desc,
+ "ReqBadSIG", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_tcp, dns_nsstatscounter_max,
+ "TCP requests received", nsstats_desc,
+ "ReqTCP", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_authrej, dns_nsstatscounter_max,
+ "auth queries rejected", nsstats_desc,
+ "AuthQryRej", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_recurserej, dns_nsstatscounter_max,
+ "recursive queries rejected", nsstats_desc,
+ "RecQryRej", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_xfrrej, dns_nsstatscounter_max,
+ "transfer requests rejected", nsstats_desc,
+ "XfrRej", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updaterej, dns_nsstatscounter_max,
+ "update requests rejected", nsstats_desc,
+ "UpdateRej", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_response, dns_nsstatscounter_max,
+ "responses sent", nsstats_desc,
+ "Response", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_truncatedresp, dns_nsstatscounter_max,
+ "truncated responses sent", nsstats_desc,
+ "TruncatedResp", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_edns0out, dns_nsstatscounter_max,
+ "responses with EDNS(0) sent", nsstats_desc,
+ "RespEDNS0", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_tsigout, dns_nsstatscounter_max,
+ "responses with TSIG sent", nsstats_desc,
+ "RespTSIG", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_sig0out, dns_nsstatscounter_max,
+ "responses with SIG(0) sent", nsstats_desc,
+ "RespSIG0", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_success, dns_nsstatscounter_max,
+ "queries resulted in successful answer", nsstats_desc,
+ "QrySuccess", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_authans, dns_nsstatscounter_max,
+ "queries resulted in authoritative answer", nsstats_desc,
+ "QryAuthAns", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_nonauthans, dns_nsstatscounter_max,
+ "queries resulted in non authoritative answer", nsstats_desc,
+ "QryNoauthAns", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_referral, dns_nsstatscounter_max,
+ "queries resulted in referral answer", nsstats_desc,
+ "QryReferral", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_nxrrset, dns_nsstatscounter_max,
+ "queries resulted in nxrrset", nsstats_desc,
+ "QryNxrrset", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_servfail, dns_nsstatscounter_max,
+ "queries resulted in SERVFAIL", nsstats_desc,
+ "QrySERVFAIL", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_formerr, dns_nsstatscounter_max,
+ "queries resulted in FORMERR", nsstats_desc,
+ "QryFORMERR", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_nxdomain, dns_nsstatscounter_max,
+ "queries resulted in NXDOMAIN", nsstats_desc,
+ "QryNXDOMAIN", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_recursion, dns_nsstatscounter_max,
+ "queries caused recursion", nsstats_desc,
+ "QryRecursion", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_duplicate, dns_nsstatscounter_max,
+ "duplicate queries received", nsstats_desc,
+ "QryDuplicate", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_dropped, dns_nsstatscounter_max,
+ "queries dropped", nsstats_desc,
+ "QryDropped", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_failure, dns_nsstatscounter_max,
+ "other query failures", nsstats_desc,
+ "QryFailure", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_xfrdone, dns_nsstatscounter_max,
+ "requested transfers completed", nsstats_desc,
+ "XfrReqDone", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updatereqfwd, dns_nsstatscounter_max,
+ "update requests forwarded", nsstats_desc,
+ "UpdateReqFwd", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updaterespfwd, dns_nsstatscounter_max,
+ "update responses forwarded", nsstats_desc,
+ "UpdateRespFwd", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updatefwdfail, dns_nsstatscounter_max,
+ "update forward failed", nsstats_desc,
+ "UpdateFwdFail", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updatedone, dns_nsstatscounter_max,
+ "updates completed", nsstats_desc,
+ "UpdateDone", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updatefail, dns_nsstatscounter_max,
+ "updates failed", nsstats_desc,
+ "UpdateFail", nsstats_xmldesc);
+ set_desc(dns_nsstatscounter_updatebadprereq, dns_nsstatscounter_max,
+ "updates rejected due to prerequisite failure", nsstats_desc,
+ "UpdateBadPrereq", nsstats_xmldesc);
+
+ /* Initialize resolver statistics */
+ memset(resstats_desc, 0,
+ dns_resstatscounter_max * sizeof(resstats_desc[0]));
+#ifdef HAVE_LIBXML2
+ memset(resstats_xmldesc, 0,
+ dns_resstatscounter_max * sizeof(resstats_xmldesc[0]));
+#endif
+ set_desc(dns_resstatscounter_queryv4, dns_resstatscounter_max,
+ "IPv4 queries sent", resstats_desc,
+ "Queryv4", resstats_xmldesc);
+ set_desc(dns_resstatscounter_queryv6, dns_resstatscounter_max,
+ "IPv6 queries sent", resstats_desc,
+ "Queryv6", resstats_xmldesc);
+ set_desc(dns_resstatscounter_responsev4, dns_resstatscounter_max,
+ "IPv4 responses received", resstats_desc,
+ "Responsev4", resstats_xmldesc);
+ set_desc(dns_resstatscounter_responsev6, dns_resstatscounter_max,
+ "IPv6 responses received", resstats_desc,
+ "Responsev6", resstats_xmldesc);
+ set_desc(dns_resstatscounter_nxdomain, dns_resstatscounter_max,
+ "NXDOMAIN received", resstats_desc,
+ "NXDOMAIN", resstats_xmldesc);
+ set_desc(dns_resstatscounter_servfail, dns_resstatscounter_max,
+ "SERVFAIL received", resstats_desc,
+ "SERVFAIL", resstats_xmldesc);
+ set_desc(dns_resstatscounter_formerr, dns_resstatscounter_max,
+ "FORMERR received", resstats_desc,
+ "FORMERR", resstats_xmldesc);
+ set_desc(dns_resstatscounter_othererror, dns_resstatscounter_max,
+ "other errors received", resstats_desc,
+ "OtherError", resstats_xmldesc);
+ set_desc(dns_resstatscounter_edns0fail, dns_resstatscounter_max,
+ "EDNS(0) query failures", resstats_desc,
+ "EDNS0Fail", resstats_xmldesc);
+ set_desc(dns_resstatscounter_mismatch, dns_resstatscounter_max,
+ "mismatch responses received", resstats_desc,
+ "Mismatch", resstats_xmldesc);
+ set_desc(dns_resstatscounter_truncated, dns_resstatscounter_max,
+ "truncated responses received", resstats_desc,
+ "Truncated", resstats_xmldesc);
+ set_desc(dns_resstatscounter_lame, dns_resstatscounter_max,
+ "lame delegations received", resstats_desc,
+ "Lame", resstats_xmldesc);
+ set_desc(dns_resstatscounter_retry, dns_resstatscounter_max,
+ "query retries", resstats_desc,
+ "Retry", resstats_xmldesc);
+ set_desc(dns_resstatscounter_gluefetchv4, dns_resstatscounter_max,
+ "IPv4 NS address fetches", resstats_desc,
+ "GlueFetchv4", resstats_xmldesc);
+ set_desc(dns_resstatscounter_gluefetchv6, dns_resstatscounter_max,
+ "IPv6 NS address fetches", resstats_desc,
+ "GlueFetchv6", resstats_xmldesc);
+ set_desc(dns_resstatscounter_gluefetchv4fail, dns_resstatscounter_max,
+ "IPv4 NS address fetch failed", resstats_desc,
+ "GlueFetchv4Fail", resstats_xmldesc);
+ set_desc(dns_resstatscounter_gluefetchv6fail, dns_resstatscounter_max,
+ "IPv6 NS address fetch failed", resstats_desc,
+ "GlueFetchv6Fail", resstats_xmldesc);
+ set_desc(dns_resstatscounter_val, dns_resstatscounter_max,
+ "DNSSEC validation attempted", resstats_desc,
+ "ValAttempt", resstats_xmldesc);
+ set_desc(dns_resstatscounter_valsuccess, dns_resstatscounter_max,
+ "DNSSEC validation succeeded", resstats_desc,
+ "ValOk", resstats_xmldesc);
+ set_desc(dns_resstatscounter_valnegsuccess, dns_resstatscounter_max,
+ "DNSSEC NX validation succeeded", resstats_desc,
+ "ValNegOk", resstats_xmldesc);
+ set_desc(dns_resstatscounter_valfail, dns_resstatscounter_max,
+ "DNSSEC validation failed", resstats_desc,
+ "ValFail", resstats_xmldesc);
+
+ /* Initialize zone statistics */
+ memset(zonestats_desc, 0,
+ dns_zonestatscounter_max * sizeof(zonestats_desc[0]));
+#ifdef HAVE_LIBXML2
+ memset(zonestats_xmldesc, 0,
+ dns_zonestatscounter_max * sizeof(zonestats_xmldesc[0]));
+#endif
+ set_desc(dns_zonestatscounter_notifyoutv4, dns_zonestatscounter_max,
+ "IPv4 notifies sent", zonestats_desc,
+ "NotifyOutv4", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_notifyoutv6, dns_zonestatscounter_max,
+ "IPv6 notifies sent", zonestats_desc,
+ "NotifyOutv6", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_notifyinv4, dns_zonestatscounter_max,
+ "IPv4 notifies received", zonestats_desc,
+ "NotifyInv4", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_notifyinv6, dns_zonestatscounter_max,
+ "IPv6 notifies received", zonestats_desc,
+ "NotifyInv6", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_notifyrej, dns_zonestatscounter_max,
+ "notifies rejected", zonestats_desc,
+ "NotifyRej", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_soaoutv4, dns_zonestatscounter_max,
+ "IPv4 SOA queries sent", zonestats_desc,
+ "SOAOutv4", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_soaoutv6, dns_zonestatscounter_max,
+ "IPv6 SOA queries sent", zonestats_desc,
+ "SOAOutv6", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_axfrreqv4, dns_zonestatscounter_max,
+ "IPv4 AXFR requested", zonestats_desc,
+ "AXFRReqv4", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_axfrreqv6, dns_zonestatscounter_max,
+ "IPv6 AXFR requested", zonestats_desc,
+ "AXFRReqv6", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_ixfrreqv4, dns_zonestatscounter_max,
+ "IPv4 IXFR requested", zonestats_desc,
+ "IXFRReqv4", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_ixfrreqv6, dns_zonestatscounter_max,
+ "IPv6 IXFR requested", zonestats_desc,
+ "IXFRReqv6", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_xfrsuccess, dns_zonestatscounter_max,
+ "transfer requests succeeded", zonestats_desc,
+ "XfrSuccess", zonestats_xmldesc);
+ set_desc(dns_zonestatscounter_xfrfail, dns_zonestatscounter_max,
+ "transfer requests failed", zonestats_desc,
+ "XfrFail", zonestats_xmldesc);
+
+ /* Sanity check */
+ for (i = 0; i < dns_nsstatscounter_max; i++)
+ INSIST(nsstats_desc[i] != NULL);
+ for (i = 0; i < dns_resstatscounter_max; i++)
+ INSIST(resstats_desc[i] != NULL);
+ for (i = 0; i < dns_zonestatscounter_max; i++)
+ INSIST(zonestats_desc[i] != NULL);
+#ifdef HAVE_LIBXML2
+ for (i = 0; i < dns_nsstatscounter_max; i++)
+ INSIST(nsstats_xmldesc[i] != NULL);
+ for (i = 0; i < dns_resstatscounter_max; i++)
+ INSIST(resstats_xmldesc[i] != NULL);
+ for (i = 0; i < dns_zonestatscounter_max; i++)
+ INSIST(zonestats_xmldesc[i] != NULL);
+#endif
+}
+
+/*%
+ * Dump callback functions.
+ */
+static void
+generalstat_dump(dns_statscounter_t counter, isc_uint64_t val, void *arg) {
+ stats_dumparg_t *dumparg = arg;
+ FILE *fp;
+#ifdef HAVE_LIBXML2
+ xmlTextWriterPtr writer;
+#endif
+
+ REQUIRE(counter < dumparg->ncounters);
+
+ switch (dumparg->type) {
+ case statsformat_file:
+ fp = dumparg->arg;
+ fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val,
+ dumparg->desc[counter]);
+ break;
+ case statsformat_xml:
+#ifdef HAVE_LIBXML2
+ writer = dumparg->arg;
+
+ if (dumparg->category != NULL) {
+ xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR
+ dumparg->category);
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR
+ dumparg->desc[counter]);
+ xmlTextWriterEndElement(writer); /* name */
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR
+ "counter");
+ } else {
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR
+ dumparg->desc[counter]);
+ }
+ xmlTextWriterWriteFormatString(writer,
+ "%" ISC_PRINT_QUADFORMAT "u",
+ val);
+ xmlTextWriterEndElement(writer); /* counter */
+ if (dumparg->category != NULL)
+ xmlTextWriterEndElement(writer); /* category */
+#endif
+ break;
+ }
+}
+
+static void
+rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
+ char typebuf[64];
+ const char *typestr;
+ stats_dumparg_t *dumparg = arg;
+ FILE *fp;
+#ifdef HAVE_LIBXML2
+ xmlTextWriterPtr writer;
+#endif
+
+ if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE)
+ == 0) {
+ dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf,
+ sizeof(typebuf));
+ typestr = typebuf;
+ } else
+ typestr = "Others";
+
+ switch (dumparg->type) {
+ case statsformat_file:
+ fp = dumparg->arg;
+ fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, typestr);
+ break;
+ case statsformat_xml:
+#ifdef HAVE_LIBXML2
+ writer = dumparg->arg;
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype");
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr);
+ xmlTextWriterEndElement(writer); /* name */
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
+ xmlTextWriterWriteFormatString(writer,
+ "%" ISC_PRINT_QUADFORMAT "u",
+ val);
+ xmlTextWriterEndElement(writer); /* counter */
+
+ xmlTextWriterEndElement(writer); /* rdtype */
+#endif
+ break;
+ }
+}
+
+static void
+rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
+ stats_dumparg_t *dumparg = arg;
+ FILE *fp;
+ char typebuf[64];
+ const char *typestr;
+ isc_boolean_t nxrrset = ISC_FALSE;
+#ifdef HAVE_LIBXML2
+ xmlTextWriterPtr writer;
+#endif
+
+ if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXDOMAIN)
+ != 0) {
+ typestr = "NXDOMAIN";
+ } else if ((DNS_RDATASTATSTYPE_ATTR(type) &
+ DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) != 0) {
+ typestr = "Others";
+ } else {
+ dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf,
+ sizeof(typebuf));
+ typestr = typebuf;
+ }
+
+ if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXRRSET)
+ != 0)
+ nxrrset = ISC_TRUE;
+
+ switch (dumparg->type) {
+ case statsformat_file:
+ fp = dumparg->arg;
+ fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s%s\n", val,
+ nxrrset ? "!" : "", typestr);
+ break;
+ case statsformat_xml:
+#ifdef HAVE_LIBXML2
+ writer = dumparg->arg;
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset");
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+ xmlTextWriterWriteFormatString(writer, "%s%s",
+ nxrrset ? "!" : "", typestr);
+ xmlTextWriterEndElement(writer); /* name */
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
+ xmlTextWriterWriteFormatString(writer,
+ "%" ISC_PRINT_QUADFORMAT "u",
+ val);
+ xmlTextWriterEndElement(writer); /* counter */
+
+ xmlTextWriterEndElement(writer); /* rrset */
+#endif
+ break;
+ }
+}
+
+static void
+opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
+ FILE *fp = arg;
+ isc_buffer_t b;
+ char codebuf[64];
+ stats_dumparg_t *dumparg = arg;
+#ifdef HAVE_LIBXML2
+ xmlTextWriterPtr writer;
+#endif
+
+ isc_buffer_init(&b, codebuf, sizeof(codebuf) - 1);
+ dns_opcode_totext(code, &b);
+ codebuf[isc_buffer_usedlength(&b)] = '\0';
+
+ switch (dumparg->type) {
+ case statsformat_file:
+ fp = dumparg->arg;
+ fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, codebuf);
+ break;
+ case statsformat_xml:
+#ifdef HAVE_LIBXML2
+ writer = dumparg->arg;
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "opcode");
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR codebuf);
+ xmlTextWriterEndElement(writer); /* name */
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
+ xmlTextWriterWriteFormatString(writer,
+ "%" ISC_PRINT_QUADFORMAT "u",
+ val);
+ xmlTextWriterEndElement(writer); /* counter */
+
+ xmlTextWriterEndElement(writer); /* opcode */
+#endif
+ break;
+ }
+}
+
+#ifdef HAVE_LIBXML2
+
+/* XXXMLG below here sucks. */
+
+#define TRY(a) do { result = (a); INSIST(result == ISC_R_SUCCESS); } while(0);
+#define TRY0(a) do { xmlrc = (a); INSIST(xmlrc >= 0); } while(0);
+
+static isc_result_t
+zone_xmlrender(dns_zone_t *zone, void *arg) {
+ char buf[1024 + 32]; /* sufficiently large for zone name and class */
+ dns_rdataclass_t rdclass;
+ isc_uint32_t serial;
+ xmlTextWriterPtr writer = arg;
+ stats_dumparg_t dumparg;
+ dns_stats_t *zonestats;
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone");
+
+ dns_zone_name(zone, buf, sizeof(buf));
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR buf);
+ xmlTextWriterEndElement(writer);
+
+ rdclass = dns_zone_getclass(zone);
+ dns_rdataclass_format(rdclass, buf, sizeof(buf));
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdataclass");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR buf);
+ xmlTextWriterEndElement(writer);
+
+ serial = dns_zone_getserial(zone);
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial");
+ xmlTextWriterWriteFormatString(writer, "%u", serial);
+ xmlTextWriterEndElement(writer);
+
+ dumparg.type = statsformat_xml;
+ dumparg.arg = writer;
+ dumparg.category = NULL;
+ dumparg.desc = nsstats_xmldesc;
+ dumparg.ncounters = dns_nsstatscounter_max;
+
+ zonestats = dns_zone_getrequeststats(zone);
+ if (zonestats != NULL) {
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters");
+ dns_generalstats_dump(zonestats, generalstat_dump,
+ &dumparg, DNS_STATSDUMP_VERBOSE);
+ xmlTextWriterEndElement(writer); /* counters */
+ }
+
+ xmlTextWriterEndElement(writer); /* zone */
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
+ char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
+ char nowstr[sizeof "yyyy-mm-ddThh:mm:ssZ"];
+ isc_time_t now;
+ xmlTextWriterPtr writer;
+ xmlDocPtr doc;
+ int xmlrc;
+ dns_view_t *view;
+ stats_dumparg_t dumparg;
+ dns_stats_t *cachestats;
+
+ isc_time_now(&now);
+ isc_time_formatISO8601(&ns_g_boottime, boottime, sizeof boottime);
+ isc_time_formatISO8601(&now, nowstr, sizeof nowstr);
+
+ writer = xmlNewTextWriterDoc(&doc, 0);
+ TRY0(xmlTextWriterStartDocument(writer, NULL, "UTF-8", NULL));
+ TRY0(xmlTextWriterWritePI(writer, ISC_XMLCHAR "xml-stylesheet",
+ ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.xsl\""));
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "isc"));
+ TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
+ ISC_XMLCHAR "1.0"));
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "bind"));
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
+ TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
+ ISC_XMLCHAR "2.0"));
+
+ /* Set common fields for statistics dump */
+ dumparg.type = statsformat_xml;
+ dumparg.arg = writer;
+
+ /*
+ * Start by rendering the views we know of here. For each view we
+ * know of, call its rendering function.
+ */
+ view = ISC_LIST_HEAD(server->viewlist);
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "views"));
+ while (view != NULL) {
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "view");
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR view->name);
+ xmlTextWriterEndElement(writer);
+
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones");
+ dns_zt_apply(view->zonetable, ISC_FALSE, zone_xmlrender,
+ writer);
+ xmlTextWriterEndElement(writer);
+
+ if (view->resquerystats != NULL) {
+ dns_rdatatypestats_dump(view->resquerystats,
+ rdtypestat_dump, &dumparg, 0);
+ }
+
+ if (view->resstats != NULL) {
+ dumparg.ncounters = dns_resstatscounter_max;
+ dumparg.category = "resstat";
+ dumparg.desc = resstats_xmldesc;
+ dns_generalstats_dump(view->resstats, generalstat_dump,
+ &dumparg, DNS_STATSDUMP_VERBOSE);
+ }
+
+ cachestats = dns_db_getrrsetstats(view->cachedb);
+ if (cachestats != NULL) {
+ xmlTextWriterStartElement(writer,
+ ISC_XMLCHAR "cache");
+ dns_rdatasetstats_dump(cachestats, rdatasetstats_dump,
+ &dumparg, 0);
+ xmlTextWriterEndElement(writer); /* cache */
+ }
+
+ xmlTextWriterEndElement(writer); /* view */
+
+ view = ISC_LIST_NEXT(view, link);
+ }
+ TRY0(xmlTextWriterEndElement(writer)); /* views */
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "socketmgr"));
+ isc_socketmgr_renderxml(ns_g_socketmgr, writer);
+ TRY0(xmlTextWriterEndElement(writer)); /* socketmgr */
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "taskmgr"));
+ isc_taskmgr_renderxml(ns_g_taskmgr, writer);
+ TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime);
+ xmlTextWriterEndElement(writer);
+ xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time");
+ xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr);
+ xmlTextWriterEndElement(writer);
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "requests"));
+ dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg,
+ 0);
+ xmlTextWriterEndElement(writer); /* requests */
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "queries-in"));
+ dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump,
+ &dumparg, 0);
+ xmlTextWriterEndElement(writer); /* queries-in */
+
+ dumparg.category = "nsstat";
+ dumparg.desc = nsstats_xmldesc;
+ dumparg.ncounters = dns_nsstatscounter_max;
+ dns_generalstats_dump(server->nsstats, generalstat_dump, &dumparg,
+ DNS_STATSDUMP_VERBOSE);
+
+ dumparg.category = "zonestat";
+ dumparg.desc = zonestats_xmldesc;
+ dumparg.ncounters = dns_zonestatscounter_max;
+ dns_generalstats_dump(server->zonestats, generalstat_dump, &dumparg,
+ DNS_STATSDUMP_VERBOSE);
+
+ /*
+ * Most of the common resolver statistics entries are 0, so we don't
+ * use the verbose dump here.
+ */
+ dumparg.category = "resstat";
+ dumparg.ncounters = dns_resstatscounter_max;
+ dumparg.desc = resstats_xmldesc;
+ dns_generalstats_dump(server->resolverstats, generalstat_dump,
+ &dumparg, 0);
+
+ xmlTextWriterEndElement(writer); /* server */
+
+ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
+ isc_mem_renderxml(writer);
+ TRY0(xmlTextWriterEndElement(writer)); /* memory */
+
+ TRY0(xmlTextWriterEndElement(writer)); /* statistics */
+ TRY0(xmlTextWriterEndElement(writer)); /* bind */
+ TRY0(xmlTextWriterEndElement(writer)); /* isc */
+
+ TRY0(xmlTextWriterEndDocument(writer));
+
+ xmlFreeTextWriter(writer);
+
+ xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 1);
+ xmlFreeDoc(doc);
+}
+
+static void
+wrap_xmlfree(isc_buffer_t *buffer, void *arg) {
+ UNUSED(arg);
+
+ xmlFree(isc_buffer_base(buffer));
+}
+
+static isc_result_t
+render_index(const char *url, const char *querystring, void *arg,
+ unsigned int *retcode, const char **retmsg, const char **mimetype,
+ isc_buffer_t *b, isc_httpdfree_t **freecb,
+ void **freecb_args)
+{
+ unsigned char *msg;
+ int msglen;
+ ns_server_t *server = arg;
+
+ UNUSED(url);
+ UNUSED(querystring);
+
+ generatexml(server, &msglen, &msg);
+
+ *retcode = 200;
+ *retmsg = "OK";
+ *mimetype = "text/xml";
+ isc_buffer_reinit(b, msg, msglen);
+ isc_buffer_add(b, msglen);
+ *freecb = wrap_xmlfree;
+ *freecb_args = NULL;
+
+ return (ISC_R_SUCCESS);
+}
+
+#endif /* HAVE_LIBXML2 */
+
+static isc_result_t
+render_xsl(const char *url, const char *querystring, void *args,
+ unsigned int *retcode, const char **retmsg, const char **mimetype,
+ isc_buffer_t *b, isc_httpdfree_t **freecb,
+ void **freecb_args)
+{
+ UNUSED(url);
+ UNUSED(querystring);
+ UNUSED(args);
+
+ *retcode = 200;
+ *retmsg = "OK";
+ *mimetype = "text/xslt+xml";
+ isc_buffer_reinit(b, xslmsg, strlen(xslmsg));
+ isc_buffer_add(b, strlen(xslmsg));
+ *freecb = NULL;
+ *freecb_args = NULL;
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+shutdown_listener(ns_statschannel_t *listener) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_sockaddr_format(&listener->address, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,NS_LOGMODULE_SERVER,
+ ISC_LOG_NOTICE, "stopping statistics channel on %s",
+ socktext);
+
+ isc_httpdmgr_shutdown(&listener->httpdmgr);
+}
+
+static isc_boolean_t
+client_ok(const isc_sockaddr_t *fromaddr, void *arg) {
+ ns_statschannel_t *listener = arg;
+ isc_netaddr_t netaddr;
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ int match;
+
+ REQUIRE(listener != NULL);
+
+ isc_netaddr_fromsockaddr(&netaddr, fromaddr);
+
+ LOCK(&listener->lock);
+ if (dns_acl_match(&netaddr, NULL, listener->acl, &ns_g_server->aclenv,
+ &match, NULL) == ISC_R_SUCCESS && match > 0) {
+ UNLOCK(&listener->lock);
+ return (ISC_TRUE);
+ }
+ UNLOCK(&listener->lock);
+
+ isc_sockaddr_format(fromaddr, socktext, sizeof(socktext));
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "rejected statistics connection from %s", socktext);
+
+ return (ISC_FALSE);
+}
+
+static void
+destroy_listener(void *arg) {
+ ns_statschannel_t *listener = arg;
+
+ REQUIRE(listener != NULL);
+ REQUIRE(!ISC_LINK_LINKED(listener, link));
+
+ /* We don't have to acquire the lock here since it's already unlinked */
+ dns_acl_detach(&listener->acl);
+
+ DESTROYLOCK(&listener->lock);
+ isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener));
+}
+
+static isc_result_t
+add_listener(ns_server_t *server, ns_statschannel_t **listenerp,
+ const cfg_obj_t *listen_params, const cfg_obj_t *config,
+ isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
+ const char *socktext)
+{
+ isc_result_t result;
+ ns_statschannel_t *listener;
+ isc_task_t *task = NULL;
+ isc_socket_t *sock = NULL;
+ const cfg_obj_t *allow;
+ dns_acl_t *new_acl = NULL;
+
+ listener = isc_mem_get(server->mctx, sizeof(*listener));
+ if (listener == NULL)
+ return (ISC_R_NOMEMORY);
+
+ listener->httpdmgr = NULL;
+ listener->address = *addr;
+ listener->acl = NULL;
+ listener->mctx = NULL;
+ ISC_LINK_INIT(listener, link);
+
+ result = isc_mutex_init(&listener->lock);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(server->mctx, listener, sizeof(*listener));
+ return (ISC_R_FAILURE);
+ }
+
+ isc_mem_attach(server->mctx, &listener->mctx);
+
+ allow = cfg_tuple_get(listen_params, "allow");
+ if (allow != NULL && cfg_obj_islist(allow)) {
+ result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
+ aclconfctx, listener->mctx, 0,
+ &new_acl);
+ } else
+ result = dns_acl_any(listener->mctx, &new_acl);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ dns_acl_attach(new_acl, &listener->acl);
+ dns_acl_detach(&new_acl);
+
+ result = isc_task_create(ns_g_taskmgr, 0, &task);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ isc_task_setname(task, "statchannel", NULL);
+
+ result = isc_socket_create(ns_g_socketmgr, isc_sockaddr_pf(addr),
+ isc_sockettype_tcp, &sock);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ isc_socket_setname(sock, "statchannel", NULL);
+
+#ifndef ISC_ALLOW_MAPPED
+ isc_socket_ipv6only(sock, ISC_TRUE);
+#endif
+
+ result = isc_socket_bind(sock, addr, ISC_SOCKET_REUSEADDRESS);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = isc_httpdmgr_create(server->mctx, sock, task, client_ok,
+ destroy_listener, listener, ns_g_timermgr,
+ &listener->httpdmgr);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+#ifdef HAVE_LIBXML2
+ isc_httpdmgr_addurl(listener->httpdmgr, "/", render_index, server);
+#endif
+ isc_httpdmgr_addurl(listener->httpdmgr, "/bind9.xsl", render_xsl,
+ server);
+
+ *listenerp = listener;
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_NOTICE,
+ "statistics channel listening on %s", socktext);
+
+cleanup:
+ if (result != ISC_R_SUCCESS) {
+ if (listener->acl != NULL)
+ dns_acl_detach(&listener->acl);
+ DESTROYLOCK(&listener->lock);
+ isc_mem_putanddetach(&listener->mctx, listener,
+ sizeof(*listener));
+ }
+ if (task != NULL)
+ isc_task_detach(&task);
+ if (sock != NULL)
+ isc_socket_detach(&sock);
+
+ return (result);
+}
+
+static void
+update_listener(ns_server_t *server, ns_statschannel_t **listenerp,
+ const cfg_obj_t *listen_params, const cfg_obj_t *config,
+ isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
+ const char *socktext)
+{
+ ns_statschannel_t *listener;
+ const cfg_obj_t *allow = NULL;
+ dns_acl_t *new_acl = NULL;
+ isc_result_t result = ISC_R_SUCCESS;
+
+ for (listener = ISC_LIST_HEAD(server->statschannels);
+ listener != NULL;
+ listener = ISC_LIST_NEXT(listener, link))
+ if (isc_sockaddr_equal(addr, &listener->address))
+ break;
+
+ if (listener == NULL) {
+ *listenerp = NULL;
+ return;
+ }
+
+ /*
+ * Now, keep the old access list unless a new one can be made.
+ */
+ allow = cfg_tuple_get(listen_params, "allow");
+ if (allow != NULL && cfg_obj_islist(allow)) {
+ result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
+ aclconfctx, listener->mctx, 0,
+ &new_acl);
+ } else
+ result = dns_acl_any(listener->mctx, &new_acl);
+
+ if (result == ISC_R_SUCCESS) {
+ LOCK(&listener->lock);
+
+ dns_acl_detach(&listener->acl);
+ dns_acl_attach(new_acl, &listener->acl);
+ dns_acl_detach(&new_acl);
+
+ UNLOCK(&listener->lock);
+ } else {
+ cfg_obj_log(listen_params, ns_g_lctx, ISC_LOG_WARNING,
+ "couldn't install new acl for "
+ "statistics channel %s: %s",
+ socktext, isc_result_totext(result));
+ }
+
+ *listenerp = listener;
+}
+
+isc_result_t
+ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config,
+ cfg_aclconfctx_t *aclconfctx)
+{
+ ns_statschannel_t *listener, *listener_next;
+ ns_statschannellist_t new_listeners;
+ const cfg_obj_t *statschannellist = NULL;
+ const cfg_listelt_t *element, *element2;
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+ RUNTIME_CHECK(isc_once_do(&once, init_desc) == ISC_R_SUCCESS);
+
+ ISC_LIST_INIT(new_listeners);
+
+ /*
+ * Get the list of named.conf 'statistics-channels' statements.
+ */
+ (void)cfg_map_get(config, "statistics-channels", &statschannellist);
+
+ /*
+ * Run through the new address/port list, noting sockets that are
+ * already being listened on and moving them to the new list.
+ *
+ * Identifying duplicate addr/port combinations is left to either
+ * the underlying config code, or to the bind attempt getting an
+ * address-in-use error.
+ */
+ if (statschannellist != NULL) {
+#ifndef HAVE_LIBXML2
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "statistics-channels specified but not effective "
+ "due to missing XML library");
+#endif
+
+ for (element = cfg_list_first(statschannellist);
+ element != NULL;
+ element = cfg_list_next(element)) {
+ const cfg_obj_t *statschannel;
+ const cfg_obj_t *listenercfg = NULL;
+
+ statschannel = cfg_listelt_value(element);
+ (void)cfg_map_get(statschannel, "inet",
+ &listenercfg);
+ if (listenercfg == NULL)
+ continue;
+
+ for (element2 = cfg_list_first(listenercfg);
+ element2 != NULL;
+ element2 = cfg_list_next(element2)) {
+ const cfg_obj_t *listen_params;
+ const cfg_obj_t *obj;
+ isc_sockaddr_t addr;
+
+ listen_params = cfg_listelt_value(element2);
+
+ obj = cfg_tuple_get(listen_params, "address");
+ addr = *cfg_obj_assockaddr(obj);
+ if (isc_sockaddr_getport(&addr) == 0)
+ isc_sockaddr_setport(&addr, NS_STATSCHANNEL_HTTPPORT);
+
+ isc_sockaddr_format(&addr, socktext,
+ sizeof(socktext));
+
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_DEBUG(9),
+ "processing statistics "
+ "channel %s",
+ socktext);
+
+ update_listener(server, &listener,
+ listen_params, config, &addr,
+ aclconfctx, socktext);
+
+ if (listener != NULL) {
+ /*
+ * Remove the listener from the old
+ * list, so it won't be shut down.
+ */
+ ISC_LIST_UNLINK(server->statschannels,
+ listener, link);
+ } else {
+ /*
+ * This is a new listener.
+ */
+ isc_result_t r;
+
+ r = add_listener(server, &listener,
+ listen_params, config,
+ &addr, aclconfctx,
+ socktext);
+ if (r != ISC_R_SUCCESS) {
+ cfg_obj_log(listen_params,
+ ns_g_lctx,
+ ISC_LOG_WARNING,
+ "couldn't allocate "
+ "statistics channel"
+ " %s: %s",
+ socktext,
+ isc_result_totext(r));
+ }
+ }
+
+ if (listener != NULL)
+ ISC_LIST_APPEND(new_listeners, listener,
+ link);
+ }
+ }
+ }
+
+ for (listener = ISC_LIST_HEAD(server->statschannels);
+ listener != NULL;
+ listener = listener_next) {
+ listener_next = ISC_LIST_NEXT(listener, link);
+ ISC_LIST_UNLINK(server->statschannels, listener, link);
+ shutdown_listener(listener);
+ }
+
+ ISC_LIST_APPENDLIST(server->statschannels, new_listeners, link);
+ return (ISC_R_SUCCESS);
+}
+
+void
+ns_statschannels_shutdown(ns_server_t *server) {
+ ns_statschannel_t *listener;
+
+ while ((listener = ISC_LIST_HEAD(server->statschannels)) != NULL) {
+ ISC_LIST_UNLINK(server->statschannels, listener, link);
+ shutdown_listener(listener);
+ }
+}
+
+isc_result_t
+ns_stats_dump(ns_server_t *server, FILE *fp) {
+ isc_stdtime_t now;
+ isc_result_t result;
+ dns_view_t *view;
+ dns_zone_t *zone, *next;
+ stats_dumparg_t dumparg;
+
+ RUNTIME_CHECK(isc_once_do(&once, init_desc) == ISC_R_SUCCESS);
+
+ /* Set common fields */
+ dumparg.type = statsformat_file;
+ dumparg.arg = fp;
+ dumparg.category = NULL; /* unused */
+
+ isc_stdtime_get(&now);
+ fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now);
+
+ fprintf(fp, "++ Incoming Requests ++\n");
+ dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg, 0);
+
+ fprintf(fp, "++ Incoming Queries ++\n");
+ dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump,
+ &dumparg, 0);
+
+ fprintf(fp, "++ Outgoing Queries ++\n");
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ if (view->resquerystats == NULL)
+ continue;
+ if (strcmp(view->name, "_default") == 0)
+ fprintf(fp, "[View: default]\n");
+ else
+ fprintf(fp, "[View: %s]\n", view->name);
+ dns_rdatatypestats_dump(view->resquerystats, rdtypestat_dump,
+ &dumparg, 0);
+ }
+
+ fprintf(fp, "++ Name Server Statistics ++\n");
+ dumparg.desc = nsstats_desc;
+ dumparg.ncounters = dns_nsstatscounter_max;
+ dns_generalstats_dump(server->nsstats, generalstat_dump, &dumparg, 0);
+ fprintf(fp, "++ Zone Maintenance Statistics ++\n");
+ dumparg.desc = zonestats_desc;
+ dumparg.ncounters = dns_zonestatscounter_max;
+ dns_generalstats_dump(server->zonestats, generalstat_dump, &dumparg, 0);
+
+ fprintf(fp, "++ Resolver Statistics ++\n");
+ fprintf(fp, "[Common]\n");
+ dumparg.desc = resstats_desc;
+ dumparg.ncounters = dns_resstatscounter_max;
+ dns_generalstats_dump(server->resolverstats, generalstat_dump, &dumparg,
+ 0);
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ if (view->resstats == NULL)
+ continue;
+ if (strcmp(view->name, "_default") == 0)
+ fprintf(fp, "[View: default]\n");
+ else
+ fprintf(fp, "[View: %s]\n", view->name);
+ dns_generalstats_dump(view->resstats, generalstat_dump,
+ &dumparg, 0);
+ }
+
+ fprintf(fp, "++ Cache DB RRsets ++\n");
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link)) {
+ dns_stats_t *cachestats;
+
+ cachestats = dns_db_getrrsetstats(view->cachedb);
+ if (cachestats == NULL)
+ continue;
+ if (strcmp(view->name, "_default") == 0)
+ fprintf(fp, "[View: default]\n");
+ else
+ fprintf(fp, "[View: %s]\n", view->name);
+ dns_rdatasetstats_dump(cachestats, rdatasetstats_dump, &dumparg,
+ 0);
+ }
+
+ fprintf(fp, "++ Per Zone Query Statistics ++\n");
+ zone = NULL;
+ for (result = dns_zone_first(server->zonemgr, &zone);
+ result == ISC_R_SUCCESS;
+ next = NULL, result = dns_zone_next(zone, &next), zone = next)
+ {
+ dns_stats_t *zonestats = dns_zone_getrequeststats(zone);
+ if (zonestats != NULL) {
+ char zonename[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(dns_zone_getorigin(zone),
+ zonename, sizeof(zonename));
+ view = dns_zone_getview(zone);
+
+ fprintf(fp, "[%s", zonename);
+ if (strcmp(view->name, "_default") != 0)
+ fprintf(fp, " (view: %s)", view->name);
+ fprintf(fp, "]\n");
+
+ dumparg.desc = nsstats_desc;
+ dumparg.ncounters = dns_nsstatscounter_max;
+ dns_generalstats_dump(zonestats, generalstat_dump,
+ &dumparg, 0);
+ }
+ }
+
+ fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now);
+
+ return (ISC_R_SUCCESS); /* this function currently always succeeds */
+}
diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c
new file mode 100644
index 0000000..82cf573
--- /dev/null
+++ b/bin/named/tkeyconf.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: tkeyconf.c,v 1.29 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/buffer.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+#include <isc/mem.h>
+
+#include <isccfg/cfg.h>
+
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+#include <dns/tkey.h>
+
+#include <dst/gssapi.h>
+
+#include <named/tkeyconf.h>
+
+#define RETERR(x) do { \
+ result = (x); \
+ if (result != ISC_R_SUCCESS) \
+ goto failure; \
+ } while (0)
+
+#include<named/log.h>
+#define LOG(msg) \
+ isc_log_write(ns_g_lctx, \
+ NS_LOGCATEGORY_GENERAL, \
+ NS_LOGMODULE_SERVER, \
+ ISC_LOG_ERROR, \
+ "%s", msg)
+
+isc_result_t
+ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
+ isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
+{
+ isc_result_t result;
+ dns_tkeyctx_t *tctx = NULL;
+ const char *s;
+ isc_uint32_t n;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_buffer_t b;
+ const cfg_obj_t *obj;
+ int type;
+
+ result = dns_tkeyctx_create(mctx, ectx, &tctx);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ obj = NULL;
+ result = cfg_map_get(options, "tkey-dhkey", &obj);
+ if (result == ISC_R_SUCCESS) {
+ s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
+ n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
+ isc_buffer_init(&b, s, strlen(s));
+ isc_buffer_add(&b, strlen(s));
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ RETERR(dns_name_fromtext(name, &b, dns_rootname,
+ ISC_FALSE, NULL));
+ type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
+ RETERR(dst_key_fromfile(name, (dns_keytag_t) n, DNS_KEYALG_DH,
+ type, NULL, mctx, &tctx->dhkey));
+ }
+
+ obj = NULL;
+ result = cfg_map_get(options, "tkey-domain", &obj);
+ if (result == ISC_R_SUCCESS) {
+ s = cfg_obj_asstring(obj);
+ isc_buffer_init(&b, s, strlen(s));
+ isc_buffer_add(&b, strlen(s));
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ RETERR(dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE,
+ NULL));
+ tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t));
+ if (tctx->domain == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto failure;
+ }
+ dns_name_init(tctx->domain, NULL);
+ RETERR(dns_name_dup(name, mctx, tctx->domain));
+ }
+
+ obj = NULL;
+ result = cfg_map_get(options, "tkey-gssapi-credential", &obj);
+ if (result == ISC_R_SUCCESS) {
+ s = cfg_obj_asstring(obj);
+
+ isc_buffer_init(&b, s, strlen(s));
+ isc_buffer_add(&b, strlen(s));
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ RETERR(dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE,
+ NULL));
+ RETERR(dst_gssapi_acquirecred(name, ISC_FALSE,
+ &tctx->gsscred));
+ }
+
+ *tctxp = tctx;
+ return (ISC_R_SUCCESS);
+
+ failure:
+ dns_tkeyctx_destroy(&tctx);
+ return (result);
+}
+
diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c
new file mode 100644
index 0000000..b3c6e02
--- /dev/null
+++ b/bin/named/tsigconf.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: tsigconf.c,v 1.30 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+
+#include <isccfg/cfg.h>
+
+#include <dns/tsig.h>
+#include <dns/result.h>
+
+#include <named/log.h>
+
+#include <named/config.h>
+#include <named/tsigconf.h>
+
+static isc_result_t
+add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
+ isc_mem_t *mctx)
+{
+ dns_tsigkey_t *tsigkey = NULL;
+ const cfg_listelt_t *element;
+ const cfg_obj_t *key = NULL;
+ const char *keyid = NULL;
+ unsigned char *secret = NULL;
+ int secretalloc = 0;
+ int secretlen = 0;
+ isc_result_t ret;
+ isc_stdtime_t now;
+ isc_uint16_t bits;
+
+ for (element = cfg_list_first(list);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *algobj = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ dns_name_t keyname;
+ dns_name_t *alg;
+ const char *algstr;
+ char keynamedata[1024];
+ isc_buffer_t keynamesrc, keynamebuf;
+ const char *secretstr;
+ isc_buffer_t secretbuf;
+
+ key = cfg_listelt_value(element);
+ keyid = cfg_obj_asstring(cfg_map_getname(key));
+
+ algobj = NULL;
+ secretobj = NULL;
+ (void)cfg_map_get(key, "algorithm", &algobj);
+ (void)cfg_map_get(key, "secret", &secretobj);
+ INSIST(algobj != NULL && secretobj != NULL);
+
+ /*
+ * Create the key name.
+ */
+ dns_name_init(&keyname, NULL);
+ isc_buffer_init(&keynamesrc, keyid, strlen(keyid));
+ isc_buffer_add(&keynamesrc, strlen(keyid));
+ isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
+ ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
+ ISC_TRUE, &keynamebuf);
+ if (ret != ISC_R_SUCCESS)
+ goto failure;
+
+ /*
+ * Create the algorithm.
+ */
+ algstr = cfg_obj_asstring(algobj);
+ if (ns_config_getkeyalgorithm(algstr, &alg, &bits)
+ != ISC_R_SUCCESS) {
+ cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR,
+ "key '%s': has a unsupported algorithm '%s'",
+ keyid, algstr);
+ ret = DNS_R_BADALG;
+ goto failure;
+ }
+
+ secretstr = cfg_obj_asstring(secretobj);
+ secretalloc = secretlen = strlen(secretstr) * 3 / 4;
+ secret = isc_mem_get(mctx, secretlen);
+ if (secret == NULL) {
+ ret = ISC_R_NOMEMORY;
+ goto failure;
+ }
+ isc_buffer_init(&secretbuf, secret, secretlen);
+ ret = isc_base64_decodestring(secretstr, &secretbuf);
+ if (ret != ISC_R_SUCCESS)
+ goto failure;
+ secretlen = isc_buffer_usedlength(&secretbuf);
+
+ isc_stdtime_get(&now);
+ ret = dns_tsigkey_create(&keyname, alg, secret, secretlen,
+ ISC_FALSE, NULL, now, now,
+ mctx, ring, &tsigkey);
+ isc_mem_put(mctx, secret, secretalloc);
+ secret = NULL;
+ if (ret != ISC_R_SUCCESS)
+ goto failure;
+ /*
+ * Set digest bits.
+ */
+ dst_key_setbits(tsigkey->key, bits);
+ dns_tsigkey_detach(&tsigkey);
+ }
+
+ return (ISC_R_SUCCESS);
+
+ failure:
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
+ "configuring key '%s': %s", keyid,
+ isc_result_totext(ret));
+
+ if (secret != NULL)
+ isc_mem_put(mctx, secret, secretalloc);
+ return (ret);
+}
+
+isc_result_t
+ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
+ isc_mem_t *mctx, dns_tsig_keyring_t **ringp)
+{
+ const cfg_obj_t *maps[3];
+ const cfg_obj_t *keylist;
+ dns_tsig_keyring_t *ring = NULL;
+ isc_result_t result;
+ int i;
+
+ i = 0;
+ if (config != NULL)
+ maps[i++] = config;
+ if (vconfig != NULL)
+ maps[i++] = cfg_tuple_get(vconfig, "options");
+ maps[i] = NULL;
+
+ result = dns_tsigkeyring_create(mctx, &ring);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (i = 0; ; i++) {
+ if (maps[i] == NULL)
+ break;
+ keylist = NULL;
+ result = cfg_map_get(maps[i], "key", &keylist);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ result = add_initial_keys(keylist, ring, mctx);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ }
+
+ *ringp = ring;
+ return (ISC_R_SUCCESS);
+
+ failure:
+ dns_tsigkeyring_destroy(&ring);
+ return (result);
+}
diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in
new file mode 100644
index 0000000..5092834
--- /dev/null
+++ b/bin/named/unix/Makefile.in
@@ -0,0 +1,36 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.10 2007/06/19 23:46:59 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
+ ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+OBJS = os.@O@
+
+SRCS = os.c
+
+TARGETS = ${OBJS}
+
+@BIND9_MAKE_RULES@
diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h
new file mode 100644
index 0000000..d03bf75
--- /dev/null
+++ b/bin/named/unix/include/named/os.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.h,v 1.29 2008/10/24 01:44:48 tbox Exp $ */
+
+#ifndef NS_OS_H
+#define NS_OS_H 1
+
+/*! \file */
+
+#include <isc/types.h>
+
+void
+ns_os_init(const char *progname);
+
+void
+ns_os_daemonize(void);
+
+void
+ns_os_opendevnull(void);
+
+void
+ns_os_closedevnull(void);
+
+void
+ns_os_chroot(const char *root);
+
+void
+ns_os_inituserinfo(const char *username);
+
+void
+ns_os_changeuser(void);
+
+void
+ns_os_adjustnofile(void);
+
+void
+ns_os_minprivs(void);
+
+void
+ns_os_writepidfile(const char *filename, isc_boolean_t first_time);
+void
+ns_os_shutdown(void);
+
+isc_result_t
+ns_os_gethostname(char *buf, size_t len);
+
+void
+ns_os_shutdownmsg(char *command, isc_buffer_t *text);
+
+void
+ns_os_tzset(void);
+
+void
+ns_os_started(void);
+
+#endif /* NS_OS_H */
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
new file mode 100644
index 0000000..d3b2ff3
--- /dev/null
+++ b/bin/named/unix/os.c
@@ -0,0 +1,816 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.89 2008/11/14 05:08:48 marka Exp $ */
+
+/*! \file */
+
+#include <config.h>
+#include <stdarg.h>
+
+#include <sys/types.h> /* dev_t FreeBSD 2.1 */
+#include <sys/stat.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h> /* Required for initgroups() on IRIX. */
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <syslog.h>
+#ifdef HAVE_TZSET
+#include <time.h>
+#endif
+#include <unistd.h>
+
+#include <isc/buffer.h>
+#include <isc/file.h>
+#include <isc/print.h>
+#include <isc/resource.h>
+#include <isc/result.h>
+#include <isc/strerror.h>
+#include <isc/string.h>
+
+#include <named/main.h>
+#include <named/os.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
+
+static char *pidfile = NULL;
+static int devnullfd = -1;
+
+#ifndef ISC_FACILITY
+#define ISC_FACILITY LOG_DAEMON
+#endif
+
+/*
+ * If there's no <linux/capability.h>, we don't care about <sys/prctl.h>
+ */
+#ifndef HAVE_LINUX_CAPABILITY_H
+#undef HAVE_SYS_PRCTL_H
+#endif
+
+/*
+ * Linux defines:
+ * (T) HAVE_LINUXTHREADS
+ * (C) HAVE_SYS_CAPABILITY_H (or HAVE_LINUX_CAPABILITY_H)
+ * (P) HAVE_SYS_PRCTL_H
+ * The possible cases are:
+ * none: setuid() normally
+ * T: no setuid()
+ * C: setuid() normally, drop caps (keep CAP_SETUID)
+ * T+C: no setuid(), drop caps (don't keep CAP_SETUID)
+ * T+C+P: setuid() early, drop caps (keep CAP_SETUID)
+ * C+P: setuid() normally, drop caps (keep CAP_SETUID)
+ * P: not possible
+ * T+P: not possible
+ *
+ * if (C)
+ * caps = BIND_SERVICE + CHROOT + SETGID
+ * if ((T && C && P) || !T)
+ * caps += SETUID
+ * endif
+ * capset(caps)
+ * endif
+ * if (T && C && P && -u)
+ * setuid()
+ * else if (T && -u)
+ * fail
+ * --> start threads
+ * if (!T && -u)
+ * setuid()
+ * if (C && (P || !-u))
+ * caps = BIND_SERVICE
+ * capset(caps)
+ * endif
+ *
+ * It will be nice when Linux threads work properly with setuid().
+ */
+
+#ifdef HAVE_LINUXTHREADS
+static pid_t mainpid = 0;
+#endif
+
+static struct passwd *runas_pw = NULL;
+static isc_boolean_t done_setuid = ISC_FALSE;
+static int dfd[2] = { -1, -1 };
+
+#ifdef HAVE_LINUX_CAPABILITY_H
+
+static isc_boolean_t non_root = ISC_FALSE;
+static isc_boolean_t non_root_caps = ISC_FALSE;
+
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#else
+/*%
+ * We define _LINUX_FS_H to prevent it from being included. We don't need
+ * anything from it, and the files it includes cause warnings with 2.2
+ * kernels, and compilation failures (due to conflicts between <linux/string.h>
+ * and <string.h>) on 2.3 kernels.
+ */
+#define _LINUX_FS_H
+#include <linux/capability.h>
+#include <syscall.h>
+#ifndef SYS_capset
+#ifndef __NR_capset
+#include <asm/unistd.h> /* Slackware 4.0 needs this. */
+#endif /* __NR_capset */
+#define SYS_capset __NR_capset
+#endif /* SYS_capset */
+#endif /* HAVE_SYS_CAPABILITY_H */
+
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h> /* Required for prctl(). */
+
+/*
+ * If the value of PR_SET_KEEPCAPS is not in <sys/prctl.h>, define it
+ * here. This allows setuid() to work on systems running a new enough
+ * kernel but with /usr/include/linux pointing to "standard" kernel
+ * headers.
+ */
+#ifndef PR_SET_KEEPCAPS
+#define PR_SET_KEEPCAPS 8
+#endif
+
+#endif /* HAVE_SYS_PRCTL_H */
+
+#ifdef HAVE_LIBCAP
+#define SETCAPS_FUNC "cap_set_proc "
+#else
+typedef unsigned int cap_t;
+#define SETCAPS_FUNC "syscall(capset) "
+#endif /* HAVE_LIBCAP */
+
+static void
+linux_setcaps(cap_t caps) {
+#ifndef HAVE_LIBCAP
+ struct __user_cap_header_struct caphead;
+ struct __user_cap_data_struct cap;
+#endif
+ char strbuf[ISC_STRERRORSIZE];
+
+ if ((getuid() != 0 && !non_root_caps) || non_root)
+ return;
+#ifndef HAVE_LIBCAP
+ memset(&caphead, 0, sizeof(caphead));
+ caphead.version = _LINUX_CAPABILITY_VERSION;
+ caphead.pid = 0;
+ memset(&cap, 0, sizeof(cap));
+ cap.effective = caps;
+ cap.permitted = caps;
+ cap.inheritable = 0;
+#endif
+#ifdef HAVE_LIBCAP
+ if (cap_set_proc(caps) < 0) {
+#else
+ if (syscall(SYS_capset, &caphead, &cap) < 0) {
+#endif
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal(SETCAPS_FUNC "failed: %s:"
+ " please ensure that the capset kernel"
+ " module is loaded. see insmod(8)",
+ strbuf);
+ }
+}
+
+#ifdef HAVE_LIBCAP
+#define SET_CAP(flag) \
+ do { \
+ capval = (flag); \
+ cap_flag_value_t curval; \
+ err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \
+ if (err != -1 && curval) { \
+ err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
+ if (err == -1) { \
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
+ ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
+ } \
+ \
+ err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \
+ if (err == -1) { \
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
+ ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
+ } \
+ } \
+ } while (0)
+#define INIT_CAP \
+ do { \
+ caps = cap_init(); \
+ if (caps == NULL) { \
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
+ ns_main_earlyfatal("cap_init failed: %s", strbuf); \
+ } \
+ curcaps = cap_get_proc(); \
+ if (curcaps == NULL) { \
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
+ ns_main_earlyfatal("cap_get_proc failed: %s", strbuf); \
+ } \
+ } while (0)
+#define FREE_CAP \
+ { \
+ cap_free(caps); \
+ cap_free(curcaps); \
+ } while (0)
+#else
+#define SET_CAP(flag) do { caps |= (1 << (flag)); } while (0)
+#define INIT_CAP do { caps = 0; } while (0)
+#endif /* HAVE_LIBCAP */
+
+static void
+linux_initialprivs(void) {
+ cap_t caps;
+#ifdef HAVE_LIBCAP
+ cap_t curcaps;
+ cap_value_t capval;
+ char strbuf[ISC_STRERRORSIZE];
+ int err;
+#endif
+
+ /*%
+ * We don't need most privileges, so we drop them right away.
+ * Later on linux_minprivs() will be called, which will drop our
+ * capabilities to the minimum needed to run the server.
+ */
+ INIT_CAP;
+
+ /*
+ * We need to be able to bind() to privileged ports, notably port 53!
+ */
+ SET_CAP(CAP_NET_BIND_SERVICE);
+
+ /*
+ * We need chroot() initially too.
+ */
+ SET_CAP(CAP_SYS_CHROOT);
+
+#if defined(HAVE_SYS_PRCTL_H) || !defined(HAVE_LINUXTHREADS)
+ /*
+ * We can setuid() only if either the kernel supports keeping
+ * capabilities after setuid() (which we don't know until we've
+ * tried) or we're not using threads. If either of these is
+ * true, we want the setuid capability.
+ */
+ SET_CAP(CAP_SETUID);
+#endif
+
+ /*
+ * Since we call initgroups, we need this.
+ */
+ SET_CAP(CAP_SETGID);
+
+ /*
+ * Without this, we run into problems reading a configuration file
+ * owned by a non-root user and non-world-readable on startup.
+ */
+ SET_CAP(CAP_DAC_READ_SEARCH);
+
+ /*
+ * XXX We might want to add CAP_SYS_RESOURCE, though it's not
+ * clear it would work right given the way linuxthreads work.
+ * XXXDCL But since we need to be able to set the maximum number
+ * of files, the stack size, data size, and core dump size to
+ * support named.conf options, this is now being added to test.
+ */
+ SET_CAP(CAP_SYS_RESOURCE);
+
+ linux_setcaps(caps);
+
+#ifdef HAVE_LIBCAP
+ FREE_CAP;
+#endif
+}
+
+static void
+linux_minprivs(void) {
+ cap_t caps;
+#ifdef HAVE_LIBCAP
+ cap_t curcaps;
+ cap_value_t capval;
+ char strbuf[ISC_STRERRORSIZE];
+ int err;
+#endif
+
+ INIT_CAP;
+ /*%
+ * Drop all privileges except the ability to bind() to privileged
+ * ports.
+ *
+ * It's important that we drop CAP_SYS_CHROOT. If we didn't, it
+ * chroot() could be used to escape from the chrooted area.
+ */
+
+ SET_CAP(CAP_NET_BIND_SERVICE);
+
+ /*
+ * XXX We might want to add CAP_SYS_RESOURCE, though it's not
+ * clear it would work right given the way linuxthreads work.
+ * XXXDCL But since we need to be able to set the maximum number
+ * of files, the stack size, data size, and core dump size to
+ * support named.conf options, this is now being added to test.
+ */
+ SET_CAP(CAP_SYS_RESOURCE);
+
+ linux_setcaps(caps);
+
+#ifdef HAVE_LIBCAP
+ FREE_CAP;
+#endif
+}
+
+#ifdef HAVE_SYS_PRCTL_H
+static void
+linux_keepcaps(void) {
+ char strbuf[ISC_STRERRORSIZE];
+ /*%
+ * Ask the kernel to allow us to keep our capabilities after we
+ * setuid().
+ */
+
+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
+ if (errno != EINVAL) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("prctl() failed: %s", strbuf);
+ }
+ } else {
+ non_root_caps = ISC_TRUE;
+ if (getuid() != 0)
+ non_root = ISC_TRUE;
+ }
+}
+#endif
+
+#endif /* HAVE_LINUX_CAPABILITY_H */
+
+
+static void
+setup_syslog(const char *progname) {
+ int options;
+
+ options = LOG_PID;
+#ifdef LOG_NDELAY
+ options |= LOG_NDELAY;
+#endif
+ openlog(isc_file_basename(progname), options, ISC_FACILITY);
+}
+
+void
+ns_os_init(const char *progname) {
+ setup_syslog(progname);
+#ifdef HAVE_LINUX_CAPABILITY_H
+ linux_initialprivs();
+#endif
+#ifdef HAVE_LINUXTHREADS
+ mainpid = getpid();
+#endif
+#ifdef SIGXFSZ
+ signal(SIGXFSZ, SIG_IGN);
+#endif
+}
+
+void
+ns_os_daemonize(void) {
+ pid_t pid;
+ char strbuf[ISC_STRERRORSIZE];
+
+ if (pipe(dfd) == -1) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("pipe(): %s", strbuf);
+ }
+
+ pid = fork();
+ if (pid == -1) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("fork(): %s", strbuf);
+ }
+ if (pid != 0) {
+ int n;
+ /*
+ * Wait for the child to finish loading for the first time.
+ * This would be so much simpler if fork() worked once we
+ * were multi-threaded.
+ */
+ (void)close(dfd[1]);
+ do {
+ char buf;
+ n = read(dfd[0], &buf, 1);
+ if (n == 1)
+ _exit(0);
+ } while (n == -1 && errno == EINTR);
+ _exit(1);
+ }
+ (void)close(dfd[0]);
+
+ /*
+ * We're the child.
+ */
+
+#ifdef HAVE_LINUXTHREADS
+ mainpid = getpid();
+#endif
+
+ if (setsid() == -1) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("setsid(): %s", strbuf);
+ }
+
+ /*
+ * Try to set stdin, stdout, and stderr to /dev/null, but press
+ * on even if it fails.
+ *
+ * XXXMLG The close() calls here are unneeded on all but NetBSD, but
+ * are harmless to include everywhere. dup2() is supposed to close
+ * the FD if it is in use, but unproven-pthreads-0.16 is broken
+ * and will end up closing the wrong FD. This will be fixed eventually,
+ * and these calls will be removed.
+ */
+ if (devnullfd != -1) {
+ if (devnullfd != STDIN_FILENO) {
+ (void)close(STDIN_FILENO);
+ (void)dup2(devnullfd, STDIN_FILENO);
+ }
+ if (devnullfd != STDOUT_FILENO) {
+ (void)close(STDOUT_FILENO);
+ (void)dup2(devnullfd, STDOUT_FILENO);
+ }
+ if (devnullfd != STDERR_FILENO) {
+ (void)close(STDERR_FILENO);
+ (void)dup2(devnullfd, STDERR_FILENO);
+ }
+ }
+}
+
+void
+ns_os_started(void) {
+ char buf = 0;
+
+ /*
+ * Signal to the parent that we stated successfully.
+ */
+ if (dfd[0] != -1 && dfd[1] != -1) {
+ write(dfd[1], &buf, 1);
+ close(dfd[1]);
+ dfd[0] = dfd[1] = -1;
+ }
+}
+
+void
+ns_os_opendevnull(void) {
+ devnullfd = open("/dev/null", O_RDWR, 0);
+}
+
+void
+ns_os_closedevnull(void) {
+ if (devnullfd != STDIN_FILENO &&
+ devnullfd != STDOUT_FILENO &&
+ devnullfd != STDERR_FILENO) {
+ close(devnullfd);
+ devnullfd = -1;
+ }
+}
+
+static isc_boolean_t
+all_digits(const char *s) {
+ if (*s == '\0')
+ return (ISC_FALSE);
+ while (*s != '\0') {
+ if (!isdigit((*s)&0xff))
+ return (ISC_FALSE);
+ s++;
+ }
+ return (ISC_TRUE);
+}
+
+void
+ns_os_chroot(const char *root) {
+ char strbuf[ISC_STRERRORSIZE];
+#ifdef HAVE_LIBSCF
+ ns_smf_chroot = 0;
+#endif
+ if (root != NULL) {
+ if (chroot(root) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("chroot(): %s", strbuf);
+ }
+ if (chdir("/") < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("chdir(/): %s", strbuf);
+ }
+#ifdef HAVE_LIBSCF
+ /* Set ns_smf_chroot flag on successful chroot. */
+ ns_smf_chroot = 1;
+#endif
+ }
+}
+
+void
+ns_os_inituserinfo(const char *username) {
+ char strbuf[ISC_STRERRORSIZE];
+ if (username == NULL)
+ return;
+
+ if (all_digits(username))
+ runas_pw = getpwuid((uid_t)atoi(username));
+ else
+ runas_pw = getpwnam(username);
+ endpwent();
+
+ if (runas_pw == NULL)
+ ns_main_earlyfatal("user '%s' unknown", username);
+
+ if (getuid() == 0) {
+ if (initgroups(runas_pw->pw_name, runas_pw->pw_gid) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("initgroups(): %s", strbuf);
+ }
+ }
+
+}
+
+void
+ns_os_changeuser(void) {
+ char strbuf[ISC_STRERRORSIZE];
+ if (runas_pw == NULL || done_setuid)
+ return;
+
+ done_setuid = ISC_TRUE;
+
+#ifdef HAVE_LINUXTHREADS
+#ifdef HAVE_LINUX_CAPABILITY_H
+ if (!non_root_caps)
+ ns_main_earlyfatal("-u with Linux threads not supported: "
+ "requires kernel support for "
+ "prctl(PR_SET_KEEPCAPS)");
+#else
+ ns_main_earlyfatal("-u with Linux threads not supported: "
+ "no capabilities support or capabilities "
+ "disabled at build time");
+#endif
+#endif
+
+ if (setgid(runas_pw->pw_gid) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("setgid(): %s", strbuf);
+ }
+
+ if (setuid(runas_pw->pw_uid) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("setuid(): %s", strbuf);
+ }
+
+#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
+ /*
+ * Restore the ability of named to drop core after the setuid()
+ * call has disabled it.
+ */
+ if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s",
+ strbuf);
+ }
+#endif
+#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
+ linux_minprivs();
+#endif
+}
+
+void
+ns_os_adjustnofile() {
+#ifdef HAVE_LINUXTHREADS
+ isc_result_t result;
+ isc_resourcevalue_t newvalue;
+
+ /*
+ * Linux: max number of open files specified by one thread doesn't seem
+ * to apply to other threads on Linux.
+ */
+ newvalue = ISC_RESOURCE_UNLIMITED;
+
+ result = isc_resource_setlimit(isc_resource_openfiles, newvalue);
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlywarning("couldn't adjust limit on open files");
+#endif
+}
+
+void
+ns_os_minprivs(void) {
+#ifdef HAVE_SYS_PRCTL_H
+ linux_keepcaps();
+#endif
+
+#ifdef HAVE_LINUXTHREADS
+ ns_os_changeuser(); /* Call setuid() before threads are started */
+#endif
+
+#if defined(HAVE_LINUX_CAPABILITY_H) && defined(HAVE_LINUXTHREADS)
+ linux_minprivs();
+#endif
+}
+
+static int
+safe_open(const char *filename, isc_boolean_t append) {
+ int fd;
+ struct stat sb;
+
+ if (stat(filename, &sb) == -1) {
+ if (errno != ENOENT)
+ return (-1);
+ } else if ((sb.st_mode & S_IFREG) == 0) {
+ errno = EOPNOTSUPP;
+ return (-1);
+ }
+
+ if (append)
+ fd = open(filename, O_WRONLY|O_CREAT|O_APPEND,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ else {
+ (void)unlink(filename);
+ fd = open(filename, O_WRONLY|O_CREAT|O_EXCL,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ }
+ return (fd);
+}
+
+static void
+cleanup_pidfile(void) {
+ if (pidfile != NULL) {
+ (void)unlink(pidfile);
+ free(pidfile);
+ }
+ pidfile = NULL;
+}
+
+void
+ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
+ int fd;
+ FILE *lockfile;
+ size_t len;
+ pid_t pid;
+ char strbuf[ISC_STRERRORSIZE];
+ void (*report)(const char *, ...);
+ unsigned int mode;
+ char *slash;
+ int n;
+
+ /*
+ * The caller must ensure any required synchronization.
+ */
+
+ report = first_time ? ns_main_earlyfatal : ns_main_earlywarning;
+
+ cleanup_pidfile();
+
+ if (filename == NULL)
+ return;
+
+ len = strlen(filename);
+ pidfile = malloc(len + 1);
+ if (pidfile == NULL) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("couldn't malloc '%s': %s", filename, strbuf);
+ return;
+ }
+ /* This is safe. */
+ strcpy(pidfile, filename);
+
+ /*
+ * Make the containing directory if it doesn't exist.
+ */
+ slash = strrchr(pidfile, '/');
+ if (slash != NULL && slash != pidfile) {
+ *slash = '\0';
+ mode = S_IRUSR | S_IWUSR | S_IXUSR; /* u=rwx */
+ mode |= S_IRGRP | S_IXGRP; /* g=rx */
+ mode |= S_IROTH | S_IXOTH; /* o=rx */
+ n = mkdir(pidfile, mode);
+ if (n == -1 && errno != EEXIST) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("couldn't mkdir %s': %s", filename,
+ strbuf);
+ free(pidfile);
+ pidfile = NULL;
+ return;
+ }
+ *slash = '/';
+ }
+
+ fd = safe_open(filename, ISC_FALSE);
+ if (fd < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("couldn't open pid file '%s': %s", filename, strbuf);
+ free(pidfile);
+ pidfile = NULL;
+ return;
+ }
+ lockfile = fdopen(fd, "w");
+ if (lockfile == NULL) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("could not fdopen() pid file '%s': %s",
+ filename, strbuf);
+ (void)close(fd);
+ cleanup_pidfile();
+ return;
+ }
+#ifdef HAVE_LINUXTHREADS
+ pid = mainpid;
+#else
+ pid = getpid();
+#endif
+ if (fprintf(lockfile, "%ld\n", (long)pid) < 0) {
+ (*report)("fprintf() to pid file '%s' failed", filename);
+ (void)fclose(lockfile);
+ cleanup_pidfile();
+ return;
+ }
+ if (fflush(lockfile) == EOF) {
+ (*report)("fflush() to pid file '%s' failed", filename);
+ (void)fclose(lockfile);
+ cleanup_pidfile();
+ return;
+ }
+ (void)fclose(lockfile);
+}
+
+void
+ns_os_shutdown(void) {
+ closelog();
+ cleanup_pidfile();
+}
+
+isc_result_t
+ns_os_gethostname(char *buf, size_t len) {
+ int n;
+
+ n = gethostname(buf, len);
+ return ((n == 0) ? ISC_R_SUCCESS : ISC_R_FAILURE);
+}
+
+static char *
+next_token(char **stringp, const char *delim) {
+ char *res;
+
+ do {
+ res = strsep(stringp, delim);
+ if (res == NULL)
+ break;
+ } while (*res == '\0');
+ return (res);
+}
+
+void
+ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
+ char *input, *ptr;
+ unsigned int n;
+ pid_t pid;
+
+ input = command;
+
+ /* Skip the command name. */
+ ptr = next_token(&input, " \t");
+ if (ptr == NULL)
+ return;
+
+ ptr = next_token(&input, " \t");
+ if (ptr == NULL)
+ return;
+
+ if (strcmp(ptr, "-p") != 0)
+ return;
+
+#ifdef HAVE_LINUXTHREADS
+ pid = mainpid;
+#else
+ pid = getpid();
+#endif
+
+ n = snprintf((char *)isc_buffer_used(text),
+ isc_buffer_availablelength(text),
+ "pid: %ld", (long)pid);
+ /* Only send a message if it is complete. */
+ if (n < isc_buffer_availablelength(text))
+ isc_buffer_add(text, n);
+}
+
+void
+ns_os_tzset(void) {
+#ifdef HAVE_TZSET
+ tzset();
+#endif
+}
diff --git a/bin/named/update.c b/bin/named/update.c
new file mode 100644
index 0000000..4285e2c
--- /dev/null
+++ b/bin/named/update.c
@@ -0,0 +1,4296 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: update.c,v 1.151 2008/11/19 06:21:45 marka Exp $ */
+
+#include <config.h>
+
+#include <isc/netaddr.h>
+#include <isc/print.h>
+#include <isc/serial.h>
+#include <isc/string.h>
+#include <isc/taskpool.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/diff.h>
+#include <dns/dnssec.h>
+#include <dns/events.h>
+#include <dns/fixedname.h>
+#include <dns/journal.h>
+#include <dns/keyvalues.h>
+#include <dns/message.h>
+#include <dns/nsec.h>
+#include <dns/nsec3.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/soa.h>
+#include <dns/ssu.h>
+#include <dns/stats.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+#include <dns/zt.h>
+
+#include <named/client.h>
+#include <named/log.h>
+#include <named/server.h>
+#include <named/update.h>
+
+/*! \file
+ * \brief
+ * This module implements dynamic update as in RFC2136.
+ */
+
+/*
+ * XXX TODO:
+ * - document strict minimality
+ */
+
+/**************************************************************************/
+
+/*%
+ * Log level for tracing dynamic update protocol requests.
+ */
+#define LOGLEVEL_PROTOCOL ISC_LOG_INFO
+
+/*%
+ * Log level for low-level debug tracing.
+ */
+#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
+
+/*%
+ * Check an operation for failure. These macros all assume that
+ * the function using them has a 'result' variable and a 'failure'
+ * label.
+ */
+#define CHECK(op) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+
+/*%
+ * Fail unconditionally with result 'code', which must not
+ * be ISC_R_SUCCESS. The reason for failure presumably has
+ * been logged already.
+ *
+ * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
+ * from complaining about "end-of-loop code not reached".
+ */
+
+#define FAIL(code) \
+ do { \
+ result = (code); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+
+/*%
+ * Fail unconditionally and log as a client error.
+ * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
+ * from complaining about "end-of-loop code not reached".
+ */
+#define FAILC(code, msg) \
+ do { \
+ const char *_what = "failed"; \
+ result = (code); \
+ switch (result) { \
+ case DNS_R_NXDOMAIN: \
+ case DNS_R_YXDOMAIN: \
+ case DNS_R_YXRRSET: \
+ case DNS_R_NXRRSET: \
+ _what = "unsuccessful"; \
+ } \
+ update_log(client, zone, LOGLEVEL_PROTOCOL, \
+ "update %s: %s (%s)", _what, \
+ msg, isc_result_totext(result)); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+#define PREREQFAILC(code, msg) \
+ do { \
+ inc_stats(zone, dns_nsstatscounter_updatebadprereq); \
+ FAILC(code, msg); \
+ } while (0)
+
+#define FAILN(code, name, msg) \
+ do { \
+ const char *_what = "failed"; \
+ result = (code); \
+ switch (result) { \
+ case DNS_R_NXDOMAIN: \
+ case DNS_R_YXDOMAIN: \
+ case DNS_R_YXRRSET: \
+ case DNS_R_NXRRSET: \
+ _what = "unsuccessful"; \
+ } \
+ if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \
+ char _nbuf[DNS_NAME_FORMATSIZE]; \
+ dns_name_format(name, _nbuf, sizeof(_nbuf)); \
+ update_log(client, zone, LOGLEVEL_PROTOCOL, \
+ "update %s: %s: %s (%s)", _what, _nbuf, \
+ msg, isc_result_totext(result)); \
+ } \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+#define PREREQFAILN(code, name, msg) \
+ do { \
+ inc_stats(zone, dns_nsstatscounter_updatebadprereq); \
+ FAILN(code, name, msg); \
+ } while (0)
+
+#define FAILNT(code, name, type, msg) \
+ do { \
+ const char *_what = "failed"; \
+ result = (code); \
+ switch (result) { \
+ case DNS_R_NXDOMAIN: \
+ case DNS_R_YXDOMAIN: \
+ case DNS_R_YXRRSET: \
+ case DNS_R_NXRRSET: \
+ _what = "unsuccessful"; \
+ } \
+ if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \
+ char _nbuf[DNS_NAME_FORMATSIZE]; \
+ char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \
+ dns_name_format(name, _nbuf, sizeof(_nbuf)); \
+ dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \
+ update_log(client, zone, LOGLEVEL_PROTOCOL, \
+ "update %s: %s/%s: %s (%s)", \
+ _what, _nbuf, _tbuf, msg, \
+ isc_result_totext(result)); \
+ } \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+#define PREREQFAILNT(code, name, type, msg) \
+ do { \
+ inc_stats(zone, dns_nsstatscounter_updatebadprereq); \
+ FAILNT(code, name, type, msg); \
+ } while (0)
+
+/*%
+ * Fail unconditionally and log as a server error.
+ * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
+ * from complaining about "end-of-loop code not reached".
+ */
+#define FAILS(code, msg) \
+ do { \
+ result = (code); \
+ update_log(client, zone, LOGLEVEL_PROTOCOL, \
+ "error: %s: %s", \
+ msg, isc_result_totext(result)); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+
+/*
+ * Return TRUE if NS_CLIENTATTR_TCP is set in the attibutes other FALSE.
+ */
+#define TCPCLIENT(client) (((client)->attributes & NS_CLIENTATTR_TCP) != 0)
+
+/**************************************************************************/
+
+typedef struct rr rr_t;
+
+struct rr {
+ /* dns_name_t name; */
+ isc_uint32_t ttl;
+ dns_rdata_t rdata;
+};
+
+typedef struct update_event update_event_t;
+
+struct update_event {
+ ISC_EVENT_COMMON(update_event_t);
+ dns_zone_t *zone;
+ isc_result_t result;
+ dns_message_t *answer;
+};
+
+/**************************************************************************/
+/*
+ * Forward declarations.
+ */
+
+static void update_action(isc_task_t *task, isc_event_t *event);
+static void updatedone_action(isc_task_t *task, isc_event_t *event);
+static isc_result_t send_forward_event(ns_client_t *client, dns_zone_t *zone);
+static void forward_done(isc_task_t *task, isc_event_t *event);
+
+/**************************************************************************/
+
+static void
+update_log(ns_client_t *client, dns_zone_t *zone,
+ int level, const char *fmt, ...) ISC_FORMAT_PRINTF(4, 5);
+
+static void
+update_log(ns_client_t *client, dns_zone_t *zone,
+ int level, const char *fmt, ...)
+{
+ va_list ap;
+ char message[4096];
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
+
+ if (client == NULL || zone == NULL)
+ return;
+
+ if (isc_log_wouldlog(ns_g_lctx, level) == ISC_FALSE)
+ return;
+
+ dns_name_format(dns_zone_getorigin(zone), namebuf,
+ sizeof(namebuf));
+ dns_rdataclass_format(dns_zone_getclass(zone), classbuf,
+ sizeof(classbuf));
+
+ va_start(ap, fmt);
+ vsnprintf(message, sizeof(message), fmt, ap);
+ va_end(ap);
+
+ ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE,
+ level, "updating zone '%s/%s': %s",
+ namebuf, classbuf, message);
+}
+
+/*%
+ * Increment updated-related statistics counters.
+ */
+static inline void
+inc_stats(dns_zone_t *zone, dns_statscounter_t counter) {
+ dns_generalstats_increment(ns_g_server->nsstats, counter);
+
+ if (zone != NULL) {
+ dns_stats_t *zonestats = dns_zone_getrequeststats(zone);
+ if (zonestats != NULL)
+ dns_generalstats_increment(zonestats, counter);
+ }
+}
+
+/*%
+ * Override the default acl logging when checking whether a client
+ * can update the zone or whether we can forward the request to the
+ * master based on IP address.
+ *
+ * 'message' contains the type of operation that is being attempted.
+ * 'slave' indicates if this is a slave zone. If 'acl' is NULL then
+ * log at debug=3.
+ * If the zone has no access controls configured ('acl' == NULL &&
+ * 'has_ssutable == ISC_FALS) log the attempt at info, otherwise
+ * at error.
+ *
+ * If the request was signed log that we received it.
+ */
+static isc_result_t
+checkupdateacl(ns_client_t *client, dns_acl_t *acl, const char *message,
+ dns_name_t *zonename, isc_boolean_t slave,
+ isc_boolean_t has_ssutable)
+{
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
+ int level = ISC_LOG_ERROR;
+ const char *msg = "denied";
+ isc_result_t result;
+
+ if (slave && acl == NULL) {
+ result = DNS_R_NOTIMP;
+ level = ISC_LOG_DEBUG(3);
+ msg = "disabled";
+ } else {
+ result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE);
+ if (result == ISC_R_SUCCESS) {
+ level = ISC_LOG_DEBUG(3);
+ msg = "approved";
+ } else if (acl == NULL && !has_ssutable) {
+ level = ISC_LOG_INFO;
+ }
+ }
+
+ if (client->signer != NULL) {
+ dns_name_format(client->signer, namebuf, sizeof(namebuf));
+ ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
+ NS_LOGMODULE_UPDATE, ISC_LOG_INFO,
+ "signer \"%s\" %s", namebuf, msg);
+ }
+
+ dns_name_format(zonename, namebuf, sizeof(namebuf));
+ dns_rdataclass_format(client->view->rdclass, classbuf,
+ sizeof(classbuf));
+
+ ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
+ NS_LOGMODULE_UPDATE, level, "%s '%s/%s' %s",
+ message, namebuf, classbuf, msg);
+ return (result);
+}
+
+/*%
+ * Update a single RR in version 'ver' of 'db' and log the
+ * update in 'diff'.
+ *
+ * Ensures:
+ * \li '*tuple' == NULL. Either the tuple is freed, or its
+ * ownership has been transferred to the diff.
+ */
+static isc_result_t
+do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver,
+ dns_diff_t *diff)
+{
+ dns_diff_t temp_diff;
+ isc_result_t result;
+
+ /*
+ * Create a singleton diff.
+ */
+ dns_diff_init(diff->mctx, &temp_diff);
+ temp_diff.resign = diff->resign;
+ ISC_LIST_APPEND(temp_diff.tuples, *tuple, link);
+
+ /*
+ * Apply it to the database.
+ */
+ result = dns_diff_apply(&temp_diff, db, ver);
+ ISC_LIST_UNLINK(temp_diff.tuples, *tuple, link);
+ if (result != ISC_R_SUCCESS) {
+ dns_difftuple_free(tuple);
+ return (result);
+ }
+
+ /*
+ * Merge it into the current pending journal entry.
+ */
+ dns_diff_appendminimal(diff, tuple);
+
+ /*
+ * Do not clear temp_diff.
+ */
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Perform the updates in 'updates' in version 'ver' of 'db' and log the
+ * update in 'diff'.
+ *
+ * Ensures:
+ * \li 'updates' is empty.
+ */
+static isc_result_t
+do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver,
+ dns_diff_t *diff)
+{
+ isc_result_t result;
+ while (! ISC_LIST_EMPTY(updates->tuples)) {
+ dns_difftuple_t *t = ISC_LIST_HEAD(updates->tuples);
+ ISC_LIST_UNLINK(updates->tuples, t, link);
+ CHECK(do_one_tuple(&t, db, ver, diff));
+ }
+ return (ISC_R_SUCCESS);
+
+ failure:
+ dns_diff_clear(diff);
+ return (result);
+}
+
+static isc_result_t
+update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
+ dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl,
+ dns_rdata_t *rdata)
+{
+ dns_difftuple_t *tuple = NULL;
+ isc_result_t result;
+ result = dns_difftuple_create(diff->mctx, op,
+ name, ttl, rdata, &tuple);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ return (do_one_tuple(&tuple, db, ver, diff));
+}
+
+/**************************************************************************/
+/*
+ * Callback-style iteration over rdatasets and rdatas.
+ *
+ * foreach_rrset() can be used to iterate over the RRsets
+ * of a name and call a callback function with each
+ * one. Similarly, foreach_rr() can be used to iterate
+ * over the individual RRs at name, optionally restricted
+ * to RRs of a given type.
+ *
+ * The callback functions are called "actions" and take
+ * two arguments: a void pointer for passing arbitrary
+ * context information, and a pointer to the current RRset
+ * or RR. By convention, their names end in "_action".
+ */
+
+/*
+ * XXXRTH We might want to make this public somewhere in libdns.
+ */
+
+/*%
+ * Function type for foreach_rrset() iterator actions.
+ */
+typedef isc_result_t rrset_func(void *data, dns_rdataset_t *rrset);
+
+/*%
+ * Function type for foreach_rr() iterator actions.
+ */
+typedef isc_result_t rr_func(void *data, rr_t *rr);
+
+/*%
+ * Internal context struct for foreach_node_rr().
+ */
+typedef struct {
+ rr_func * rr_action;
+ void * rr_action_data;
+} foreach_node_rr_ctx_t;
+
+/*%
+ * Internal helper function for foreach_node_rr().
+ */
+static isc_result_t
+foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) {
+ isc_result_t result;
+ foreach_node_rr_ctx_t *ctx = data;
+ for (result = dns_rdataset_first(rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(rdataset))
+ {
+ rr_t rr = { 0, DNS_RDATA_INIT };
+
+ dns_rdataset_current(rdataset, &rr.rdata);
+ rr.ttl = rdataset->ttl;
+ result = (*ctx->rr_action)(ctx->rr_action_data, &rr);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (result != ISC_R_NOMORE)
+ return (result);
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * For each rdataset of 'name' in 'ver' of 'db', call 'action'
+ * with the rdataset and 'action_data' as arguments. If the name
+ * does not exist, do nothing.
+ *
+ * If 'action' returns an error, abort iteration and return the error.
+ */
+static isc_result_t
+foreach_rrset(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ rrset_func *action, void *action_data)
+{
+ isc_result_t result;
+ dns_dbnode_t *node;
+ dns_rdatasetiter_t *iter;
+
+ node = NULL;
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result == ISC_R_NOTFOUND)
+ return (ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ iter = NULL;
+ result = dns_db_allrdatasets(db, node, ver,
+ (isc_stdtime_t) 0, &iter);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_node;
+
+ for (result = dns_rdatasetiter_first(iter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(iter))
+ {
+ dns_rdataset_t rdataset;
+
+ dns_rdataset_init(&rdataset);
+ dns_rdatasetiter_current(iter, &rdataset);
+
+ result = (*action)(action_data, &rdataset);
+
+ dns_rdataset_disassociate(&rdataset);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_iterator;
+ }
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+
+ cleanup_iterator:
+ dns_rdatasetiter_destroy(&iter);
+
+ cleanup_node:
+ dns_db_detachnode(db, &node);
+
+ return (result);
+}
+
+/*%
+ * For each RR of 'name' in 'ver' of 'db', call 'action'
+ * with the RR and 'action_data' as arguments. If the name
+ * does not exist, do nothing.
+ *
+ * If 'action' returns an error, abort iteration
+ * and return the error.
+ */
+static isc_result_t
+foreach_node_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ rr_func *rr_action, void *rr_action_data)
+{
+ foreach_node_rr_ctx_t ctx;
+ ctx.rr_action = rr_action;
+ ctx.rr_action_data = rr_action_data;
+ return (foreach_rrset(db, ver, name,
+ foreach_node_rr_action, &ctx));
+}
+
+
+/*%
+ * For each of the RRs specified by 'db', 'ver', 'name', 'type',
+ * (which can be dns_rdatatype_any to match any type), and 'covers', call
+ * 'action' with the RR and 'action_data' as arguments. If the name
+ * does not exist, or if no RRset of the given type exists at the name,
+ * do nothing.
+ *
+ * If 'action' returns an error, abort iteration and return the error.
+ */
+static isc_result_t
+foreach_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers, rr_func *rr_action,
+ void *rr_action_data)
+{
+
+ isc_result_t result;
+ dns_dbnode_t *node;
+ dns_rdataset_t rdataset;
+
+ if (type == dns_rdatatype_any)
+ return (foreach_node_rr(db, ver, name,
+ rr_action, rr_action_data));
+
+ node = NULL;
+ if (type == dns_rdatatype_nsec3 ||
+ (type == dns_rdatatype_rrsig && covers == dns_rdatatype_nsec3))
+ result = dns_db_findnsec3node(db, name, ISC_FALSE, &node);
+ else
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result == ISC_R_NOTFOUND)
+ return (ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ dns_rdataset_init(&rdataset);
+ result = dns_db_findrdataset(db, node, ver, type, covers,
+ (isc_stdtime_t) 0, &rdataset, NULL);
+ if (result == ISC_R_NOTFOUND) {
+ result = ISC_R_SUCCESS;
+ goto cleanup_node;
+ }
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_node;
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset))
+ {
+ rr_t rr = { 0, DNS_RDATA_INIT };
+ dns_rdataset_current(&rdataset, &rr.rdata);
+ rr.ttl = rdataset.ttl;
+ result = (*rr_action)(rr_action_data, &rr);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_rdataset;
+ }
+ if (result != ISC_R_NOMORE)
+ goto cleanup_rdataset;
+ result = ISC_R_SUCCESS;
+
+ cleanup_rdataset:
+ dns_rdataset_disassociate(&rdataset);
+ cleanup_node:
+ dns_db_detachnode(db, &node);
+
+ return (result);
+}
+
+/**************************************************************************/
+/*
+ * Various tests on the database contents (for prerequisites, etc).
+ */
+
+/*%
+ * Function type for predicate functions that compare a database RR 'db_rr'
+ * against an update RR 'update_rr'.
+ */
+typedef isc_boolean_t rr_predicate(dns_rdata_t *update_rr, dns_rdata_t *db_rr);
+
+/*%
+ * Helper function for rrset_exists().
+ */
+static isc_result_t
+rrset_exists_action(void *data, rr_t *rr) {
+ UNUSED(data);
+ UNUSED(rr);
+ return (ISC_R_EXISTS);
+}
+
+/*%
+ * Utility macro for RR existence checking functions.
+ *
+ * If the variable 'result' has the value ISC_R_EXISTS or
+ * ISC_R_SUCCESS, set *exists to ISC_TRUE or ISC_FALSE,
+ * respectively, and return success.
+ *
+ * If 'result' has any other value, there was a failure.
+ * Return the failure result code and do not set *exists.
+ *
+ * This would be more readable as "do { if ... } while(0)",
+ * but that form generates tons of warnings on Solaris 2.6.
+ */
+#define RETURN_EXISTENCE_FLAG \
+ return ((result == ISC_R_EXISTS) ? \
+ (*exists = ISC_TRUE, ISC_R_SUCCESS) : \
+ ((result == ISC_R_SUCCESS) ? \
+ (*exists = ISC_FALSE, ISC_R_SUCCESS) : \
+ result))
+
+/*%
+ * Set '*exists' to true iff an rrset of the given type exists,
+ * to false otherwise.
+ */
+static isc_result_t
+rrset_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers,
+ isc_boolean_t *exists)
+{
+ isc_result_t result;
+ result = foreach_rr(db, ver, name, type, covers,
+ rrset_exists_action, NULL);
+ RETURN_EXISTENCE_FLAG;
+}
+
+/*%
+ * Set '*visible' to true if the RRset exists and is part of the
+ * visible zone. Otherwise '*visible' is set to false unless a
+ * error occurs.
+ */
+static isc_result_t
+rrset_visible(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_rdatatype_t type, isc_boolean_t *visible)
+{
+ isc_result_t result;
+ dns_fixedname_t fixed;
+
+ dns_fixedname_init(&fixed);
+ result = dns_db_find(db, name, ver, type, DNS_DBFIND_NOWILD,
+ (isc_stdtime_t) 0, NULL,
+ dns_fixedname_name(&fixed), NULL, NULL);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ *visible = ISC_TRUE;
+ break;
+ /*
+ * Glue, obsured, deleted or replaced records.
+ */
+ case DNS_R_DELEGATION:
+ case DNS_R_DNAME:
+ case DNS_R_CNAME:
+ case DNS_R_NXDOMAIN:
+ case DNS_R_NXRRSET:
+ case DNS_R_EMPTYNAME:
+ case DNS_R_COVERINGNSEC:
+ *visible = ISC_FALSE;
+ result = ISC_R_SUCCESS;
+ break;
+ default:
+ break;
+ }
+ return (result);
+}
+
+/*%
+ * Helper function for cname_incompatible_rrset_exists.
+ */
+static isc_result_t
+cname_compatibility_action(void *data, dns_rdataset_t *rrset) {
+ UNUSED(data);
+ if (rrset->type != dns_rdatatype_cname &&
+ ! dns_rdatatype_isdnssec(rrset->type))
+ return (ISC_R_EXISTS);
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Check whether there is an rrset incompatible with adding a CNAME RR,
+ * i.e., anything but another CNAME (which can be replaced) or a
+ * DNSSEC RR (which can coexist).
+ *
+ * If such an incompatible rrset exists, set '*exists' to ISC_TRUE.
+ * Otherwise, set it to ISC_FALSE.
+ */
+static isc_result_t
+cname_incompatible_rrset_exists(dns_db_t *db, dns_dbversion_t *ver,
+ dns_name_t *name, isc_boolean_t *exists) {
+ isc_result_t result;
+ result = foreach_rrset(db, ver, name,
+ cname_compatibility_action, NULL);
+ RETURN_EXISTENCE_FLAG;
+}
+
+/*%
+ * Helper function for rr_count().
+ */
+static isc_result_t
+count_rr_action(void *data, rr_t *rr) {
+ int *countp = data;
+ UNUSED(rr);
+ (*countp)++;
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Count the number of RRs of 'type' belonging to 'name' in 'ver' of 'db'.
+ */
+static isc_result_t
+rr_count(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_rdatatype_t type, dns_rdatatype_t covers, int *countp)
+{
+ *countp = 0;
+ return (foreach_rr(db, ver, name, type, covers,
+ count_rr_action, countp));
+}
+
+/*%
+ * Context struct and helper function for name_exists().
+ */
+
+static isc_result_t
+name_exists_action(void *data, dns_rdataset_t *rrset) {
+ UNUSED(data);
+ UNUSED(rrset);
+ return (ISC_R_EXISTS);
+}
+
+/*%
+ * Set '*exists' to true iff the given name exists, to false otherwise.
+ */
+static isc_result_t
+name_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ isc_boolean_t *exists)
+{
+ isc_result_t result;
+ result = foreach_rrset(db, ver, name,
+ name_exists_action, NULL);
+ RETURN_EXISTENCE_FLAG;
+}
+
+/*
+ * 'ssu_check_t' is used to pass the arguements to
+ * dns_ssutable_checkrules() to the callback function
+ * ssu_checkrule().
+ */
+typedef struct {
+ /* The ownername of the record to be updated. */
+ dns_name_t *name;
+
+ /* The signature's name if the request was signed. */
+ dns_name_t *signer;
+
+ /* The address of the client if the request was received via TCP. */
+ isc_netaddr_t *tcpaddr;
+
+ /* The ssu table to check against. */
+ dns_ssutable_t *table;
+} ssu_check_t;
+
+static isc_result_t
+ssu_checkrule(void *data, dns_rdataset_t *rrset) {
+ ssu_check_t *ssuinfo = data;
+ isc_boolean_t result;
+
+ /*
+ * If we're deleting all records, it's ok to delete RRSIG and NSEC even
+ * if we're normally not allowed to.
+ */
+ if (rrset->type == dns_rdatatype_rrsig ||
+ rrset->type == dns_rdatatype_nsec)
+ return (ISC_R_SUCCESS);
+ result = dns_ssutable_checkrules(ssuinfo->table, ssuinfo->signer,
+ ssuinfo->name, ssuinfo->tcpaddr,
+ rrset->type);
+ return (result == ISC_TRUE ? ISC_R_SUCCESS : ISC_R_FAILURE);
+}
+
+static isc_boolean_t
+ssu_checkall(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_ssutable_t *ssutable, dns_name_t *signer,
+ isc_netaddr_t *tcpaddr)
+{
+ isc_result_t result;
+ ssu_check_t ssuinfo;
+
+ ssuinfo.name = name;
+ ssuinfo.table = ssutable;
+ ssuinfo.signer = signer;
+ ssuinfo.tcpaddr = tcpaddr;
+ result = foreach_rrset(db, ver, name, ssu_checkrule, &ssuinfo);
+ return (ISC_TF(result == ISC_R_SUCCESS));
+}
+
+/**************************************************************************/
+/*
+ * Checking of "RRset exists (value dependent)" prerequisites.
+ *
+ * In the RFC2136 section 3.2.5, this is the pseudocode involving
+ * a variable called "temp", a mapping of <name, type> tuples to rrsets.
+ *
+ * Here, we represent the "temp" data structure as (non-minimial) "dns_diff_t"
+ * where each typle has op==DNS_DIFFOP_EXISTS.
+ */
+
+
+/*%
+ * Append a tuple asserting the existence of the RR with
+ * 'name' and 'rdata' to 'diff'.
+ */
+static isc_result_t
+temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) {
+ isc_result_t result;
+ dns_difftuple_t *tuple = NULL;
+
+ REQUIRE(DNS_DIFF_VALID(diff));
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS,
+ name, 0, rdata, &tuple));
+ ISC_LIST_APPEND(diff->tuples, tuple, link);
+ failure:
+ return (result);
+}
+
+/*%
+ * Compare two rdatasets represented as sorted lists of tuples.
+ * All list elements must have the same owner name and type.
+ * Return ISC_R_SUCCESS if the rdatasets are equal, rcode(dns_rcode_nxrrset)
+ * if not.
+ */
+static isc_result_t
+temp_check_rrset(dns_difftuple_t *a, dns_difftuple_t *b) {
+ for (;;) {
+ if (a == NULL || b == NULL)
+ break;
+ INSIST(a->op == DNS_DIFFOP_EXISTS &&
+ b->op == DNS_DIFFOP_EXISTS);
+ INSIST(a->rdata.type == b->rdata.type);
+ INSIST(dns_name_equal(&a->name, &b->name));
+ if (dns_rdata_compare(&a->rdata, &b->rdata) != 0)
+ return (DNS_R_NXRRSET);
+ a = ISC_LIST_NEXT(a, link);
+ b = ISC_LIST_NEXT(b, link);
+ }
+ if (a != NULL || b != NULL)
+ return (DNS_R_NXRRSET);
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * A comparison function defining the sorting order for the entries
+ * in the "temp" data structure. The major sort key is the owner name,
+ * followed by the type and rdata.
+ */
+static int
+temp_order(const void *av, const void *bv) {
+ dns_difftuple_t const * const *ap = av;
+ dns_difftuple_t const * const *bp = bv;
+ dns_difftuple_t const *a = *ap;
+ dns_difftuple_t const *b = *bp;
+ int r;
+ r = dns_name_compare(&a->name, &b->name);
+ if (r != 0)
+ return (r);
+ r = (b->rdata.type - a->rdata.type);
+ if (r != 0)
+ return (r);
+ r = dns_rdata_compare(&a->rdata, &b->rdata);
+ return (r);
+}
+
+/*%
+ * Check the "RRset exists (value dependent)" prerequisite information
+ * in 'temp' against the contents of the database 'db'.
+ *
+ * Return ISC_R_SUCCESS if the prerequisites are satisfied,
+ * rcode(dns_rcode_nxrrset) if not.
+ *
+ * 'temp' must be pre-sorted.
+ */
+
+static isc_result_t
+temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
+ dns_dbversion_t *ver, dns_name_t *tmpname, dns_rdatatype_t *typep)
+{
+ isc_result_t result;
+ dns_name_t *name;
+ dns_dbnode_t *node;
+ dns_difftuple_t *t;
+ dns_diff_t trash;
+
+ dns_diff_init(mctx, &trash);
+
+ /*
+ * For each name and type in the prerequisites,
+ * construct a sorted rdata list of the corresponding
+ * database contents, and compare the lists.
+ */
+ t = ISC_LIST_HEAD(temp->tuples);
+ while (t != NULL) {
+ name = &t->name;
+ (void)dns_name_copy(name, tmpname, NULL);
+ *typep = t->rdata.type;
+
+ /* A new unique name begins here. */
+ node = NULL;
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result == ISC_R_NOTFOUND) {
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_diff_clear(&trash);
+ return (result);
+ }
+
+ /* A new unique type begins here. */
+ while (t != NULL && dns_name_equal(&t->name, name)) {
+ dns_rdatatype_t type, covers;
+ dns_rdataset_t rdataset;
+ dns_diff_t d_rrs; /* Database RRs with
+ this name and type */
+ dns_diff_t u_rrs; /* Update RRs with
+ this name and type */
+
+ *typep = type = t->rdata.type;
+ if (type == dns_rdatatype_rrsig ||
+ type == dns_rdatatype_sig)
+ covers = dns_rdata_covers(&t->rdata);
+ else
+ covers = 0;
+
+ /*
+ * Collect all database RRs for this name and type
+ * onto d_rrs and sort them.
+ */
+ dns_rdataset_init(&rdataset);
+ result = dns_db_findrdataset(db, node, ver, type,
+ covers, (isc_stdtime_t) 0,
+ &rdataset, NULL);
+ if (result != ISC_R_SUCCESS) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ }
+
+ dns_diff_init(mctx, &d_rrs);
+ dns_diff_init(mctx, &u_rrs);
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset))
+ {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_current(&rdataset, &rdata);
+ result = temp_append(&d_rrs, name, &rdata);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ }
+ if (result != ISC_R_NOMORE)
+ goto failure;
+ result = dns_diff_sort(&d_rrs, temp_order);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ /*
+ * Collect all update RRs for this name and type
+ * onto u_rrs. No need to sort them here -
+ * they are already sorted.
+ */
+ while (t != NULL &&
+ dns_name_equal(&t->name, name) &&
+ t->rdata.type == type)
+ {
+ dns_difftuple_t *next =
+ ISC_LIST_NEXT(t, link);
+ ISC_LIST_UNLINK(temp->tuples, t, link);
+ ISC_LIST_APPEND(u_rrs.tuples, t, link);
+ t = next;
+ }
+
+ /* Compare the two sorted lists. */
+ result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
+ ISC_LIST_HEAD(d_rrs.tuples));
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ /*
+ * We are done with the tuples, but we can't free
+ * them yet because "name" still points into one
+ * of them. Move them on a temporary list.
+ */
+ ISC_LIST_APPENDLIST(trash.tuples, u_rrs.tuples, link);
+ ISC_LIST_APPENDLIST(trash.tuples, d_rrs.tuples, link);
+ dns_rdataset_disassociate(&rdataset);
+
+ continue;
+
+ failure:
+ dns_diff_clear(&d_rrs);
+ dns_diff_clear(&u_rrs);
+ dns_diff_clear(&trash);
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+ return (result);
+ }
+
+ dns_db_detachnode(db, &node);
+ }
+
+ dns_diff_clear(&trash);
+ return (ISC_R_SUCCESS);
+}
+
+/**************************************************************************/
+/*
+ * Conditional deletion of RRs.
+ */
+
+/*%
+ * Context structure for delete_if().
+ */
+
+typedef struct {
+ rr_predicate *predicate;
+ dns_db_t *db;
+ dns_dbversion_t *ver;
+ dns_diff_t *diff;
+ dns_name_t *name;
+ dns_rdata_t *update_rr;
+} conditional_delete_ctx_t;
+
+/*%
+ * Predicate functions for delete_if().
+ */
+
+/*%
+ * Return true iff 'db_rr' is neither a SOA nor an NS RR nor
+ * an RRSIG nor an NSEC3PARAM nor a NSEC.
+ */
+static isc_boolean_t
+type_not_soa_nor_ns_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
+ UNUSED(update_rr);
+ return ((db_rr->type != dns_rdatatype_soa &&
+ db_rr->type != dns_rdatatype_ns &&
+ db_rr->type != dns_rdatatype_nsec3param &&
+ db_rr->type != dns_rdatatype_rrsig &&
+ db_rr->type != dns_rdatatype_nsec) ?
+ ISC_TRUE : ISC_FALSE);
+}
+
+/*%
+ * Return true iff 'db_rr' is neither a RRSIG nor a NSEC.
+ */
+static isc_boolean_t
+type_not_dnssec(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
+ UNUSED(update_rr);
+ return ((db_rr->type != dns_rdatatype_rrsig &&
+ db_rr->type != dns_rdatatype_nsec) ?
+ ISC_TRUE : ISC_FALSE);
+}
+
+/*%
+ * Return true always.
+ */
+static isc_boolean_t
+true_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
+ UNUSED(update_rr);
+ UNUSED(db_rr);
+ return (ISC_TRUE);
+}
+
+/*%
+ * Return true if the record is a RRSIG.
+ */
+static isc_boolean_t
+rrsig_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
+ UNUSED(update_rr);
+ return ((db_rr->type == dns_rdatatype_rrsig) ?
+ ISC_TRUE : ISC_FALSE);
+}
+
+/*%
+ * Return true iff the two RRs have identical rdata.
+ */
+static isc_boolean_t
+rr_equal_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
+ /*
+ * XXXRTH This is not a problem, but we should consider creating
+ * dns_rdata_equal() (that used dns_name_equal()), since it
+ * would be faster. Not a priority.
+ */
+ return (dns_rdata_compare(update_rr, db_rr) == 0 ?
+ ISC_TRUE : ISC_FALSE);
+}
+
+/*%
+ * Return true iff 'update_rr' should replace 'db_rr' according
+ * to the special RFC2136 rules for CNAME, SOA, and WKS records.
+ *
+ * RFC2136 does not mention NSEC or DNAME, but multiple NSECs or DNAMEs
+ * make little sense, so we replace those, too.
+ *
+ * Additionally replace RRSIG that have been generated by the same key
+ * for the same type. This simplifies refreshing a offline KSK by not
+ * requiring that the old RRSIG be deleted. It also simpifies key
+ * rollover by only requiring that the new RRSIG be added.
+ */
+static isc_boolean_t
+replaces_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
+ dns_rdata_rrsig_t updatesig, dbsig;
+ isc_result_t result;
+
+ if (db_rr->type != update_rr->type)
+ return (ISC_FALSE);
+ if (db_rr->type == dns_rdatatype_cname)
+ return (ISC_TRUE);
+ if (db_rr->type == dns_rdatatype_dname)
+ return (ISC_TRUE);
+ if (db_rr->type == dns_rdatatype_soa)
+ return (ISC_TRUE);
+ if (db_rr->type == dns_rdatatype_nsec)
+ return (ISC_TRUE);
+ if (db_rr->type == dns_rdatatype_rrsig) {
+ /*
+ * Replace existing RRSIG with the same keyid,
+ * covered and algorithm.
+ */
+ result = dns_rdata_tostruct(db_rr, &dbsig, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ result = dns_rdata_tostruct(update_rr, &updatesig, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ if (dbsig.keyid == updatesig.keyid &&
+ dbsig.covered == updatesig.covered &&
+ dbsig.algorithm == updatesig.algorithm)
+ return (ISC_TRUE);
+ }
+ if (db_rr->type == dns_rdatatype_wks) {
+ /*
+ * Compare the address and protocol fields only. These
+ * form the first five bytes of the RR data. Do a
+ * raw binary comparison; unpacking the WKS RRs using
+ * dns_rdata_tostruct() might be cleaner in some ways.
+ */
+ INSIST(db_rr->length >= 5 && update_rr->length >= 5);
+ return (memcmp(db_rr->data, update_rr->data, 5) == 0 ?
+ ISC_TRUE : ISC_FALSE);
+ }
+
+ if (db_rr->type == dns_rdatatype_nsec3param) {
+ if (db_rr->length != update_rr->length)
+ return (ISC_FALSE);
+ INSIST(db_rr->length >= 4 && update_rr->length >= 4);
+ /*
+ * Replace records added in this UPDATE request.
+ */
+ if (db_rr->data[0] == update_rr->data[0] &&
+ db_rr->data[1] & DNS_NSEC3FLAG_UPDATE &&
+ update_rr->data[1] & DNS_NSEC3FLAG_UPDATE &&
+ memcmp(db_rr->data+2, update_rr->data+2,
+ update_rr->length - 2) == 0)
+ return (ISC_TRUE);
+ }
+ return (ISC_FALSE);
+}
+
+/*%
+ * Internal helper function for delete_if().
+ */
+static isc_result_t
+delete_if_action(void *data, rr_t *rr) {
+ conditional_delete_ctx_t *ctx = data;
+ if ((*ctx->predicate)(ctx->update_rr, &rr->rdata)) {
+ isc_result_t result;
+ result = update_one_rr(ctx->db, ctx->ver, ctx->diff,
+ DNS_DIFFOP_DEL, ctx->name,
+ rr->ttl, &rr->rdata);
+ return (result);
+ } else {
+ return (ISC_R_SUCCESS);
+ }
+}
+
+/*%
+ * Conditionally delete RRs. Apply 'predicate' to the RRs
+ * specified by 'db', 'ver', 'name', and 'type' (which can
+ * be dns_rdatatype_any to match any type). Delete those
+ * RRs for which the predicate returns true, and log the
+ * deletions in 'diff'.
+ */
+static isc_result_t
+delete_if(rr_predicate *predicate, dns_db_t *db, dns_dbversion_t *ver,
+ dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers,
+ dns_rdata_t *update_rr, dns_diff_t *diff)
+{
+ conditional_delete_ctx_t ctx;
+ ctx.predicate = predicate;
+ ctx.db = db;
+ ctx.ver = ver;
+ ctx.diff = diff;
+ ctx.name = name;
+ ctx.update_rr = update_rr;
+ return (foreach_rr(db, ver, name, type, covers,
+ delete_if_action, &ctx));
+}
+
+/**************************************************************************/
+/*%
+ * Prepare an RR for the addition of the new RR 'ctx->update_rr',
+ * with TTL 'ctx->update_rr_ttl', to its rdataset, by deleting
+ * the RRs if it is replaced by the new RR or has a conflicting TTL.
+ * The necessary changes are appended to ctx->del_diff and ctx->add_diff;
+ * we need to do all deletions before any additions so that we don't run
+ * into transient states with conflicting TTLs.
+ */
+
+typedef struct {
+ dns_db_t *db;
+ dns_dbversion_t *ver;
+ dns_diff_t *diff;
+ dns_name_t *name;
+ dns_rdata_t *update_rr;
+ dns_ttl_t update_rr_ttl;
+ isc_boolean_t ignore_add;
+ dns_diff_t del_diff;
+ dns_diff_t add_diff;
+} add_rr_prepare_ctx_t;
+
+static isc_result_t
+add_rr_prepare_action(void *data, rr_t *rr) {
+ isc_result_t result = ISC_R_SUCCESS;
+ add_rr_prepare_ctx_t *ctx = data;
+ dns_difftuple_t *tuple = NULL;
+ isc_boolean_t equal;
+
+ /*
+ * If the update RR is a "duplicate" of the update RR,
+ * the update should be silently ignored.
+ */
+ equal = ISC_TF(dns_rdata_compare(&rr->rdata, ctx->update_rr) == 0);
+ if (equal && rr->ttl == ctx->update_rr_ttl) {
+ ctx->ignore_add = ISC_TRUE;
+ return (ISC_R_SUCCESS);
+ }
+
+ /*
+ * If this RR is "equal" to the update RR, it should
+ * be deleted before the update RR is added.
+ */
+ if (replaces_p(ctx->update_rr, &rr->rdata)) {
+ CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL,
+ ctx->name, rr->ttl, &rr->rdata,
+ &tuple));
+ dns_diff_append(&ctx->del_diff, &tuple);
+ return (ISC_R_SUCCESS);
+ }
+
+ /*
+ * If this RR differs in TTL from the update RR,
+ * its TTL must be adjusted.
+ */
+ if (rr->ttl != ctx->update_rr_ttl) {
+ CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL,
+ ctx->name, rr->ttl, &rr->rdata,
+ &tuple));
+ dns_diff_append(&ctx->del_diff, &tuple);
+ if (!equal) {
+ CHECK(dns_difftuple_create(ctx->add_diff.mctx,
+ DNS_DIFFOP_ADD, ctx->name,
+ ctx->update_rr_ttl,
+ &rr->rdata, &tuple));
+ dns_diff_append(&ctx->add_diff, &tuple);
+ }
+ }
+ failure:
+ return (result);
+}
+
+/**************************************************************************/
+/*
+ * Miscellaneous subroutines.
+ */
+
+/*%
+ * Extract a single update RR from 'section' of dynamic update message
+ * 'msg', with consistency checking.
+ *
+ * Stores the owner name, rdata, and TTL of the update RR at 'name',
+ * 'rdata', and 'ttl', respectively.
+ */
+static void
+get_current_rr(dns_message_t *msg, dns_section_t section,
+ dns_rdataclass_t zoneclass, dns_name_t **name,
+ dns_rdata_t *rdata, dns_rdatatype_t *covers,
+ dns_ttl_t *ttl, dns_rdataclass_t *update_class)
+{
+ dns_rdataset_t *rdataset;
+ isc_result_t result;
+ dns_message_currentname(msg, section, name);
+ rdataset = ISC_LIST_HEAD((*name)->list);
+ INSIST(rdataset != NULL);
+ INSIST(ISC_LIST_NEXT(rdataset, link) == NULL);
+ *covers = rdataset->covers;
+ *ttl = rdataset->ttl;
+ result = dns_rdataset_first(rdataset);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_rdataset_current(rdataset, rdata);
+ INSIST(dns_rdataset_next(rdataset) == ISC_R_NOMORE);
+ *update_class = rdata->rdclass;
+ rdata->rdclass = zoneclass;
+}
+
+/*%
+ * Increment the SOA serial number of database 'db', version 'ver'.
+ * Replace the SOA record in the database, and log the
+ * change in 'diff'.
+ */
+
+ /*
+ * XXXRTH Failures in this routine will be worth logging, when
+ * we have a logging system. Failure to find the zonename
+ * or the SOA rdataset warrant at least an UNEXPECTED_ERROR().
+ */
+
+static isc_result_t
+increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver,
+ dns_diff_t *diff, isc_mem_t *mctx)
+{
+ dns_difftuple_t *deltuple = NULL;
+ dns_difftuple_t *addtuple = NULL;
+ isc_uint32_t serial;
+ isc_result_t result;
+
+ CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_DEL, &deltuple));
+ CHECK(dns_difftuple_copy(deltuple, &addtuple));
+ addtuple->op = DNS_DIFFOP_ADD;
+
+ serial = dns_soa_getserial(&addtuple->rdata);
+
+ /* RFC1982 */
+ serial = (serial + 1) & 0xFFFFFFFF;
+ if (serial == 0)
+ serial = 1;
+
+ dns_soa_setserial(serial, &addtuple->rdata);
+ CHECK(do_one_tuple(&deltuple, db, ver, diff));
+ CHECK(do_one_tuple(&addtuple, db, ver, diff));
+ result = ISC_R_SUCCESS;
+
+ failure:
+ if (addtuple != NULL)
+ dns_difftuple_free(&addtuple);
+ if (deltuple != NULL)
+ dns_difftuple_free(&deltuple);
+ return (result);
+}
+
+/*%
+ * Check that the new SOA record at 'update_rdata' does not
+ * illegally cause the SOA serial number to decrease or stay
+ * unchanged relative to the existing SOA in 'db'.
+ *
+ * Sets '*ok' to ISC_TRUE if the update is legal, ISC_FALSE if not.
+ *
+ * William King points out that RFC2136 is inconsistent about
+ * the case where the serial number stays unchanged:
+ *
+ * section 3.4.2.2 requires a server to ignore a SOA update request
+ * if the serial number on the update SOA is less_than_or_equal to
+ * the zone SOA serial.
+ *
+ * section 3.6 requires a server to ignore a SOA update request if
+ * the serial is less_than the zone SOA serial.
+ *
+ * Paul says 3.4.2.2 is correct.
+ *
+ */
+static isc_result_t
+check_soa_increment(dns_db_t *db, dns_dbversion_t *ver,
+ dns_rdata_t *update_rdata, isc_boolean_t *ok)
+{
+ isc_uint32_t db_serial;
+ isc_uint32_t update_serial;
+ isc_result_t result;
+
+ update_serial = dns_soa_getserial(update_rdata);
+
+ result = dns_db_getsoaserial(db, ver, &db_serial);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ if (DNS_SERIAL_GE(db_serial, update_serial)) {
+ *ok = ISC_FALSE;
+ } else {
+ *ok = ISC_TRUE;
+ }
+
+ return (ISC_R_SUCCESS);
+
+}
+
+/**************************************************************************/
+/*
+ * Incremental updating of NSECs and RRSIGs.
+ */
+
+#define MAXZONEKEYS 32 /*%< Maximum number of zone keys supported. */
+
+/*%
+ * We abuse the dns_diff_t type to represent a set of domain names
+ * affected by the update.
+ */
+static isc_result_t
+namelist_append_name(dns_diff_t *list, dns_name_t *name) {
+ isc_result_t result;
+ dns_difftuple_t *tuple = NULL;
+ static dns_rdata_t dummy_rdata = DNS_RDATA_INIT;
+
+ CHECK(dns_difftuple_create(list->mctx, DNS_DIFFOP_EXISTS, name, 0,
+ &dummy_rdata, &tuple));
+ dns_diff_append(list, &tuple);
+ failure:
+ return (result);
+}
+
+static isc_result_t
+namelist_append_subdomain(dns_db_t *db, dns_name_t *name, dns_diff_t *affected)
+{
+ isc_result_t result;
+ dns_fixedname_t fixedname;
+ dns_name_t *child;
+ dns_dbiterator_t *dbit = NULL;
+
+ dns_fixedname_init(&fixedname);
+ child = dns_fixedname_name(&fixedname);
+
+ CHECK(dns_db_createiterator(db, DNS_DB_NONSEC3, &dbit));
+
+ for (result = dns_dbiterator_seek(dbit, name);
+ result == ISC_R_SUCCESS;
+ result = dns_dbiterator_next(dbit))
+ {
+ dns_dbnode_t *node = NULL;
+ CHECK(dns_dbiterator_current(dbit, &node, child));
+ dns_db_detachnode(db, &node);
+ if (! dns_name_issubdomain(child, name))
+ break;
+ CHECK(namelist_append_name(affected, child));
+ }
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+ failure:
+ if (dbit != NULL)
+ dns_dbiterator_destroy(&dbit);
+ return (result);
+}
+
+
+
+/*%
+ * Helper function for non_nsec_rrset_exists().
+ */
+static isc_result_t
+is_non_nsec_action(void *data, dns_rdataset_t *rrset) {
+ UNUSED(data);
+ if (!(rrset->type == dns_rdatatype_nsec ||
+ rrset->type == dns_rdatatype_nsec3 ||
+ (rrset->type == dns_rdatatype_rrsig &&
+ (rrset->covers == dns_rdatatype_nsec ||
+ rrset->covers == dns_rdatatype_nsec3))))
+ return (ISC_R_EXISTS);
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Check whether there is an rrset other than a NSEC or RRSIG NSEC,
+ * i.e., anything that justifies the continued existence of a name
+ * after a secure update.
+ *
+ * If such an rrset exists, set '*exists' to ISC_TRUE.
+ * Otherwise, set it to ISC_FALSE.
+ */
+static isc_result_t
+non_nsec_rrset_exists(dns_db_t *db, dns_dbversion_t *ver,
+ dns_name_t *name, isc_boolean_t *exists)
+{
+ isc_result_t result;
+ result = foreach_rrset(db, ver, name, is_non_nsec_action, NULL);
+ RETURN_EXISTENCE_FLAG;
+}
+
+/*%
+ * A comparison function for sorting dns_diff_t:s by name.
+ */
+static int
+name_order(const void *av, const void *bv) {
+ dns_difftuple_t const * const *ap = av;
+ dns_difftuple_t const * const *bp = bv;
+ dns_difftuple_t const *a = *ap;
+ dns_difftuple_t const *b = *bp;
+ return (dns_name_compare(&a->name, &b->name));
+}
+
+static isc_result_t
+uniqify_name_list(dns_diff_t *list) {
+ isc_result_t result;
+ dns_difftuple_t *p, *q;
+
+ CHECK(dns_diff_sort(list, name_order));
+
+ p = ISC_LIST_HEAD(list->tuples);
+ while (p != NULL) {
+ do {
+ q = ISC_LIST_NEXT(p, link);
+ if (q == NULL || ! dns_name_equal(&p->name, &q->name))
+ break;
+ ISC_LIST_UNLINK(list->tuples, q, link);
+ dns_difftuple_free(&q);
+ } while (1);
+ p = ISC_LIST_NEXT(p, link);
+ }
+ failure:
+ return (result);
+}
+
+static isc_result_t
+is_active(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ isc_boolean_t *flag, isc_boolean_t *cut, isc_boolean_t *unsecure)
+{
+ isc_result_t result;
+ dns_fixedname_t foundname;
+ dns_fixedname_init(&foundname);
+ result = dns_db_find(db, name, ver, dns_rdatatype_any,
+ DNS_DBFIND_GLUEOK | DNS_DBFIND_NOWILD,
+ (isc_stdtime_t) 0, NULL,
+ dns_fixedname_name(&foundname),
+ NULL, NULL);
+ if (result == ISC_R_SUCCESS || result == DNS_R_EMPTYNAME) {
+ *flag = ISC_TRUE;
+ *cut = ISC_FALSE;
+ if (unsecure != NULL)
+ *unsecure = ISC_FALSE;
+ return (ISC_R_SUCCESS);
+ } else if (result == DNS_R_ZONECUT) {
+ *flag = ISC_TRUE;
+ *cut = ISC_TRUE;
+ if (unsecure != NULL) {
+ /*
+ * We are at the zonecut. Check to see if there
+ * is a DS RRset.
+ */
+ if (dns_db_find(db, name, ver, dns_rdatatype_ds, 0,
+ (isc_stdtime_t) 0, NULL,
+ dns_fixedname_name(&foundname),
+ NULL, NULL) == DNS_R_NXRRSET)
+ *unsecure = ISC_TRUE;
+ else
+ *unsecure = ISC_FALSE;
+ }
+ return (ISC_R_SUCCESS);
+ } else if (result == DNS_R_GLUE || result == DNS_R_DNAME ||
+ result == DNS_R_DELEGATION || result == DNS_R_NXDOMAIN) {
+ *flag = ISC_FALSE;
+ *cut = ISC_FALSE;
+ if (unsecure != NULL)
+ *unsecure = ISC_FALSE;
+ return (ISC_R_SUCCESS);
+ } else {
+ /*
+ * Silence compiler.
+ */
+ *flag = ISC_FALSE;
+ *cut = ISC_FALSE;
+ if (unsecure != NULL)
+ *unsecure = ISC_FALSE;
+ return (result);
+ }
+}
+
+/*%
+ * Find the next/previous name that has a NSEC record.
+ * In other words, skip empty database nodes and names that
+ * have had their NSECs removed because they are obscured by
+ * a zone cut.
+ */
+static isc_result_t
+next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *ver, dns_name_t *oldname, dns_name_t *newname,
+ isc_boolean_t forward)
+{
+ isc_result_t result;
+ dns_dbiterator_t *dbit = NULL;
+ isc_boolean_t has_nsec;
+ unsigned int wraps = 0;
+ isc_boolean_t secure = dns_db_issecure(db);
+
+ CHECK(dns_db_createiterator(db, 0, &dbit));
+
+ CHECK(dns_dbiterator_seek(dbit, oldname));
+ do {
+ dns_dbnode_t *node = NULL;
+
+ if (forward)
+ result = dns_dbiterator_next(dbit);
+ else
+ result = dns_dbiterator_prev(dbit);
+ if (result == ISC_R_NOMORE) {
+ /*
+ * Wrap around.
+ */
+ if (forward)
+ CHECK(dns_dbiterator_first(dbit));
+ else
+ CHECK(dns_dbiterator_last(dbit));
+ wraps++;
+ if (wraps == 2) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "secure zone with no NSECs");
+ result = DNS_R_BADZONE;
+ goto failure;
+ }
+ }
+ CHECK(dns_dbiterator_current(dbit, &node, newname));
+ dns_db_detachnode(db, &node);
+
+ /*
+ * The iterator may hold the tree lock, and
+ * rrset_exists() calls dns_db_findnode() which
+ * may try to reacquire it. To avoid deadlock
+ * we must pause the iterator first.
+ */
+ CHECK(dns_dbiterator_pause(dbit));
+ if (secure) {
+ CHECK(rrset_exists(db, ver, newname,
+ dns_rdatatype_nsec, 0, &has_nsec));
+ } else {
+ dns_fixedname_t ffound;
+ dns_name_t *found;
+ dns_fixedname_init(&ffound);
+ found = dns_fixedname_name(&ffound);
+ result = dns_db_find(db, newname, ver,
+ dns_rdatatype_soa,
+ DNS_DBFIND_NOWILD, 0, NULL, found,
+ NULL, NULL);
+ if (result == ISC_R_SUCCESS ||
+ result == DNS_R_EMPTYNAME ||
+ result == DNS_R_NXRRSET ||
+ result == DNS_R_CNAME ||
+ (result == DNS_R_DELEGATION &&
+ dns_name_equal(newname, found))) {
+ has_nsec = ISC_TRUE;
+ result = ISC_R_SUCCESS;
+ } else if (result != DNS_R_NXDOMAIN)
+ break;
+ }
+ } while (! has_nsec);
+ failure:
+ if (dbit != NULL)
+ dns_dbiterator_destroy(&dbit);
+
+ return (result);
+}
+
+static isc_boolean_t
+has_opt_bit(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_t rdataset;
+ isc_boolean_t has_bit = ISC_FALSE;
+
+ dns_rdataset_init(&rdataset);
+ CHECK(dns_db_findrdataset(db, node, version, dns_rdatatype_nsec,
+ dns_rdatatype_none, 0, &rdataset, NULL));
+ CHECK(dns_rdataset_first(&rdataset));
+ dns_rdataset_current(&rdataset, &rdata);
+ has_bit = dns_nsec_typepresent(&rdata, dns_rdatatype_opt);
+ failure:
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ return (has_bit);
+}
+
+static void
+set_bit(unsigned char *array, unsigned int index) {
+ unsigned int shift, bit;
+
+ shift = 7 - (index % 8);
+ bit = 1 << shift;
+
+ array[index / 8] |= bit;
+}
+
+/*%
+ * Add a NSEC record for "name", recording the change in "diff".
+ * The existing NSEC is removed.
+ */
+static isc_result_t
+add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl,
+ dns_diff_t *diff)
+{
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ unsigned char buffer[DNS_NSEC_BUFFERSIZE];
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_difftuple_t *tuple = NULL;
+ dns_fixedname_t fixedname;
+ dns_name_t *target;
+
+ dns_fixedname_init(&fixedname);
+ target = dns_fixedname_name(&fixedname);
+
+ /*
+ * Find the successor name, aka NSEC target.
+ */
+ CHECK(next_active(client, zone, db, ver, name, target, ISC_TRUE));
+
+ /*
+ * Create the NSEC RDATA.
+ */
+ CHECK(dns_db_findnode(db, name, ISC_FALSE, &node));
+ dns_rdata_init(&rdata);
+ CHECK(dns_nsec_buildrdata(db, ver, node, target, buffer, &rdata));
+ /*
+ * Preserve the status of the OPT bit in the origin's NSEC record.
+ */
+ if (dns_name_equal(dns_db_origin(db), name) &&
+ has_opt_bit(db, ver, node))
+ {
+ isc_region_t region;
+ dns_name_t next;
+
+ dns_name_init(&next, NULL);
+ dns_rdata_toregion(&rdata, &region);
+ dns_name_fromregion(&next, &region);
+ isc_region_consume(&region, next.length);
+ INSIST(region.length > (2 + dns_rdatatype_opt / 8) &&
+ region.base[0] == 0 &&
+ region.base[1] > dns_rdatatype_opt / 8);
+ set_bit(region.base + 2, dns_rdatatype_opt);
+ }
+ dns_db_detachnode(db, &node);
+
+ /*
+ * Delete the old NSEC and record the change.
+ */
+ CHECK(delete_if(true_p, db, ver, name, dns_rdatatype_nsec, 0,
+ NULL, diff));
+ /*
+ * Add the new NSEC and record the change.
+ */
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name,
+ nsecttl, &rdata, &tuple));
+ CHECK(do_one_tuple(&tuple, db, ver, diff));
+ INSIST(tuple == NULL);
+
+ failure:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+/*%
+ * Add a placeholder NSEC record for "name", recording the change in "diff".
+ */
+static isc_result_t
+add_placeholder_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_diff_t *diff)
+{
+ isc_result_t result;
+ dns_difftuple_t *tuple = NULL;
+ isc_region_t r;
+ unsigned char data[1] = { 0 }; /* The root domain, no bits. */
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+
+ r.base = data;
+ r.length = sizeof(data);
+ dns_rdata_fromregion(&rdata, dns_db_class(db), dns_rdatatype_nsec, &r);
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, 0,
+ &rdata, &tuple));
+ CHECK(do_one_tuple(&tuple, db, ver, diff));
+ failure:
+ return (result);
+}
+
+static isc_result_t
+find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
+ isc_mem_t *mctx, unsigned int maxkeys,
+ dst_key_t **keys, unsigned int *nkeys)
+{
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ const char *directory = dns_zone_getkeydirectory(zone);
+ CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
+ CHECK(dns_dnssec_findzonekeys2(db, ver, node, dns_db_origin(db),
+ directory, mctx, maxkeys, keys, nkeys));
+ failure:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+static isc_boolean_t
+ksk_sanity(dns_db_t *db, dns_dbversion_t *ver) {
+ isc_boolean_t ret = ISC_FALSE;
+ isc_boolean_t have_ksk = ISC_FALSE, have_nonksk = ISC_FALSE;
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_dnskey_t dnskey;
+
+ dns_rdataset_init(&rdataset);
+ CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
+ CHECK(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
+ &rdataset, NULL));
+ CHECK(dns_rdataset_first(&rdataset));
+ while (result == ISC_R_SUCCESS && (!have_ksk || !have_nonksk)) {
+ dns_rdataset_current(&rdataset, &rdata);
+ CHECK(dns_rdata_tostruct(&rdata, &dnskey, NULL));
+ if ((dnskey.flags & (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
+ == DNS_KEYOWNER_ZONE) {
+ if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0)
+ have_ksk = ISC_TRUE;
+ else
+ have_nonksk = ISC_TRUE;
+ }
+ dns_rdata_reset(&rdata);
+ result = dns_rdataset_next(&rdataset);
+ }
+ if (have_ksk && have_nonksk)
+ ret = ISC_TRUE;
+ failure:
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (ret);
+}
+
+/*%
+ * Add RRSIG records for an RRset, recording the change in "diff".
+ */
+static isc_result_t
+add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type,
+ dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys,
+ isc_stdtime_t inception, isc_stdtime_t expire,
+ isc_boolean_t check_ksk)
+{
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+ dns_rdata_t sig_rdata = DNS_RDATA_INIT;
+ isc_buffer_t buffer;
+ unsigned char data[1024]; /* XXX */
+ unsigned int i;
+ isc_boolean_t added_sig = ISC_FALSE;
+ isc_mem_t *mctx = client->mctx;
+
+ dns_rdataset_init(&rdataset);
+ isc_buffer_init(&buffer, data, sizeof(data));
+
+ /* Get the rdataset to sign. */
+ if (type == dns_rdatatype_nsec3)
+ CHECK(dns_db_findnsec3node(db, name, ISC_FALSE, &node));
+ else
+ CHECK(dns_db_findnode(db, name, ISC_FALSE, &node));
+ CHECK(dns_db_findrdataset(db, node, ver, type, 0,
+ (isc_stdtime_t) 0, &rdataset, NULL));
+ dns_db_detachnode(db, &node);
+
+ for (i = 0; i < nkeys; i++) {
+
+ if (check_ksk && type != dns_rdatatype_dnskey &&
+ (dst_key_flags(keys[i]) & DNS_KEYFLAG_KSK) != 0)
+ continue;
+
+ if (!dst_key_isprivate(keys[i]))
+ continue;
+
+ /* Calculate the signature, creating a RRSIG RDATA. */
+ CHECK(dns_dnssec_sign(name, &rdataset, keys[i],
+ &inception, &expire,
+ mctx, &buffer, &sig_rdata));
+
+ /* Update the database and journal with the RRSIG. */
+ /* XXX inefficient - will cause dataset merging */
+ CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADDRESIGN, name,
+ rdataset.ttl, &sig_rdata));
+ dns_rdata_reset(&sig_rdata);
+ added_sig = ISC_TRUE;
+ }
+ if (!added_sig) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "found no private keys, "
+ "unable to generate any signatures");
+ result = ISC_R_NOTFOUND;
+ }
+
+ failure:
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+/*
+ * Delete expired RRsigs and any RRsigs we are about to re-sign.
+ * See also zone.c:del_sigs().
+ */
+static isc_result_t
+del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys)
+{
+ isc_result_t result;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ unsigned int i;
+ dns_rdata_rrsig_t rrsig;
+ isc_boolean_t found;
+
+ dns_rdataset_init(&rdataset);
+
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result == ISC_R_NOTFOUND)
+ return (ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig,
+ dns_rdatatype_dnskey, (isc_stdtime_t) 0,
+ &rdataset, NULL);
+ dns_db_detachnode(db, &node);
+
+ if (result == ISC_R_NOTFOUND)
+ return (ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset)) {
+ dns_rdataset_current(&rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ found = ISC_FALSE;
+ for (i = 0; i < nkeys; i++) {
+ if (rrsig.keyid == dst_key_id(keys[i])) {
+ found = ISC_TRUE;
+ if (!dst_key_isprivate(keys[i])) {
+ /*
+ * The re-signing code in zone.c
+ * will mark this as offline.
+ * Just skip the record for now.
+ */
+ break;
+ }
+ result = update_one_rr(db, ver, diff,
+ DNS_DIFFOP_DEL, name,
+ rdataset.ttl, &rdata);
+ break;
+ }
+ }
+ /*
+ * If there is not a matching DNSKEY then delete the RRSIG.
+ */
+ if (!found)
+ result = update_one_rr(db, ver, diff, DNS_DIFFOP_DEL,
+ name, rdataset.ttl, &rdata);
+ dns_rdata_reset(&rdata);
+ if (result != ISC_R_SUCCESS)
+ break;
+ }
+ dns_rdataset_disassociate(&rdataset);
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+failure:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+static isc_result_t
+add_exposed_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t cut,
+ dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys,
+ isc_stdtime_t inception, isc_stdtime_t expire,
+ isc_boolean_t check_ksk)
+{
+ isc_result_t result;
+ dns_dbnode_t *node;
+ dns_rdatasetiter_t *iter;
+
+ node = NULL;
+ result = dns_db_findnode(db, name, ISC_FALSE, &node);
+ if (result == ISC_R_NOTFOUND)
+ return (ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ iter = NULL;
+ result = dns_db_allrdatasets(db, node, ver,
+ (isc_stdtime_t) 0, &iter);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_node;
+
+ for (result = dns_rdatasetiter_first(iter);
+ result == ISC_R_SUCCESS;
+ result = dns_rdatasetiter_next(iter))
+ {
+ dns_rdataset_t rdataset;
+ dns_rdatatype_t type;
+ isc_boolean_t flag;
+
+ dns_rdataset_init(&rdataset);
+ dns_rdatasetiter_current(iter, &rdataset);
+ type = rdataset.type;
+ dns_rdataset_disassociate(&rdataset);
+
+ /*
+ * We don't need to sign unsigned NSEC records at the cut
+ * as they are handled elsewhere.
+ */
+ if ((type == dns_rdatatype_rrsig) ||
+ (cut && type != dns_rdatatype_ds))
+ continue;
+ result = rrset_exists(db, ver, name, dns_rdatatype_rrsig,
+ type, &flag);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_iterator;
+ if (flag)
+ continue;;
+ result = add_sigs(client, zone, db, ver, name, type, diff,
+ keys, nkeys, inception, expire, check_ksk);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_iterator;
+ }
+ if (result == ISC_R_NOMORE)
+ result = ISC_R_SUCCESS;
+
+ cleanup_iterator:
+ dns_rdatasetiter_destroy(&iter);
+
+ cleanup_node:
+ dns_db_detachnode(db, &node);
+
+ return (result);
+}
+
+/*%
+ * Update RRSIG, NSEC and NSEC3 records affected by an update. The original
+ * update, including the SOA serial update but exluding the RRSIG & NSEC
+ * changes, is in "diff" and has already been applied to "newver" of "db".
+ * The database version prior to the update is "oldver".
+ *
+ * The necessary RRSIG, NSEC and NSEC3 changes will be applied to "newver"
+ * and added (as a minimal diff) to "diff".
+ *
+ * The RRSIGs generated will be valid for 'sigvalidityinterval' seconds.
+ */
+static isc_result_t
+update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *oldver, dns_dbversion_t *newver,
+ dns_diff_t *diff, isc_uint32_t sigvalidityinterval,
+ isc_boolean_t *deleted_zsk)
+{
+ isc_result_t result;
+ dns_difftuple_t *t;
+ dns_diff_t diffnames;
+ dns_diff_t affected;
+ dns_diff_t sig_diff;
+ dns_diff_t nsec_diff;
+ dns_diff_t nsec_mindiff;
+ isc_boolean_t flag;
+ dst_key_t *zone_keys[MAXZONEKEYS];
+ unsigned int nkeys = 0;
+ unsigned int i;
+ isc_stdtime_t now, inception, expire;
+ dns_ttl_t nsecttl;
+ dns_rdata_soa_t soa;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_t rdataset;
+ dns_dbnode_t *node = NULL;
+ isc_boolean_t check_ksk;
+ isc_boolean_t unsecure;
+ isc_boolean_t cut;
+
+ dns_diff_init(client->mctx, &diffnames);
+ dns_diff_init(client->mctx, &affected);
+
+ dns_diff_init(client->mctx, &sig_diff);
+ sig_diff.resign = dns_zone_getsigresigninginterval(zone);
+ dns_diff_init(client->mctx, &nsec_diff);
+ dns_diff_init(client->mctx, &nsec_mindiff);
+
+ result = find_zone_keys(zone, db, newver, client->mctx,
+ MAXZONEKEYS, zone_keys, &nkeys);
+ if (result != ISC_R_SUCCESS) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "could not get zone keys for secure dynamic update");
+ goto failure;
+ }
+
+ isc_stdtime_get(&now);
+ inception = now - 3600; /* Allow for some clock skew. */
+ expire = now + sigvalidityinterval;
+
+ /*
+ * Do we look at the KSK flag on the DNSKEY to determining which
+ * keys sign which RRsets? First check the zone option then
+ * check the keys flags to make sure atleast one has a ksk set
+ * and one doesn't.
+ */
+ check_ksk = ISC_TF((dns_zone_getoptions(zone) &
+ DNS_ZONEOPT_UPDATECHECKKSK) != 0);
+ /*
+ * If we are not checking the ZSK flag then all DNSKEY's are
+ * already signing all RRsets so we don't need to trigger special
+ * changes.
+ */
+ if (*deleted_zsk && (!check_ksk || !ksk_sanity(db, oldver)))
+ *deleted_zsk = ISC_FALSE;
+
+ if (check_ksk) {
+ check_ksk = ksk_sanity(db, newver);
+ if (!check_ksk && ksk_sanity(db, oldver))
+ update_log(client, zone, ISC_LOG_WARNING,
+ "disabling update-check-ksk");
+ }
+
+ /*
+ * If we have deleted a ZSK and we we still have some ZSK's
+ * we don't need to convert the KSK's to a ZSK's.
+ */
+ if (*deleted_zsk && check_ksk)
+ *deleted_zsk = ISC_FALSE;
+
+ /*
+ * Get the NSEC/NSEC3 TTL from the SOA MINIMUM field.
+ */
+ CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
+ dns_rdataset_init(&rdataset);
+ CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0,
+ (isc_stdtime_t) 0, &rdataset, NULL));
+ CHECK(dns_rdataset_first(&rdataset));
+ dns_rdataset_current(&rdataset, &rdata);
+ CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
+ nsecttl = soa.minimum;
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+
+ /*
+ * Find all RRsets directly affected by the update, and
+ * update their RRSIGs. Also build a list of names affected
+ * by the update in "diffnames".
+ */
+ CHECK(dns_diff_sort(diff, temp_order));
+
+ t = ISC_LIST_HEAD(diff->tuples);
+ while (t != NULL) {
+ dns_name_t *name = &t->name;
+ /* Now "name" is a new, unique name affected by the update. */
+
+ CHECK(namelist_append_name(&diffnames, name));
+
+ while (t != NULL && dns_name_equal(&t->name, name)) {
+ dns_rdatatype_t type;
+ type = t->rdata.type;
+
+ /*
+ * Now "name" and "type" denote a new unique RRset
+ * affected by the update.
+ */
+
+ /* Don't sign RRSIGs. */
+ if (type == dns_rdatatype_rrsig)
+ goto skip;
+
+ /*
+ * Delete all old RRSIGs covering this type, since they
+ * are all invalid when the signed RRset has changed.
+ * We may not be able to recreate all of them - tough.
+ * Special case changes to the zone's DNSKEY records
+ * to support offline KSKs.
+ */
+ if (type == dns_rdatatype_dnskey)
+ del_keysigs(db, newver, name, &sig_diff,
+ zone_keys, nkeys);
+ else
+ CHECK(delete_if(true_p, db, newver, name,
+ dns_rdatatype_rrsig, type,
+ NULL, &sig_diff));
+
+ /*
+ * If this RRset is still visible after the update,
+ * add a new signature for it.
+ */
+ CHECK(rrset_visible(db, newver, name, type, &flag));
+ if (flag) {
+ CHECK(add_sigs(client, zone, db, newver, name,
+ type, &sig_diff, zone_keys,
+ nkeys, inception, expire,
+ check_ksk));
+ }
+ skip:
+ /* Skip any other updates to the same RRset. */
+ while (t != NULL &&
+ dns_name_equal(&t->name, name) &&
+ t->rdata.type == type)
+ {
+ t = ISC_LIST_NEXT(t, link);
+ }
+ }
+ }
+ update_log(client, zone, ISC_LOG_DEBUG(3), "updated data signatures");
+
+ /* Remove orphaned NSECs and RRSIG NSECs. */
+ for (t = ISC_LIST_HEAD(diffnames.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ CHECK(non_nsec_rrset_exists(db, newver, &t->name, &flag));
+ if (! flag) {
+ CHECK(delete_if(true_p, db, newver, &t->name,
+ dns_rdatatype_any, 0,
+ NULL, &sig_diff));
+ }
+ }
+ update_log(client, zone, ISC_LOG_DEBUG(3),
+ "removed any orphaned NSEC records");
+
+ /*
+ * If we don't have a NSEC record at the origin then we need to
+ * update the NSEC3 records.
+ */
+ CHECK(rrset_exists(db, newver, dns_db_origin(db), dns_rdatatype_nsec,
+ 0, &flag));
+ if (!flag)
+ goto update_nsec3;
+
+ update_log(client, zone, ISC_LOG_DEBUG(3), "rebuilding NSEC chain");
+
+ /*
+ * When a name is created or deleted, its predecessor needs to
+ * have its NSEC updated.
+ */
+ for (t = ISC_LIST_HEAD(diffnames.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ isc_boolean_t existed, exists;
+ dns_fixedname_t fixedname;
+ dns_name_t *prevname;
+
+ dns_fixedname_init(&fixedname);
+ prevname = dns_fixedname_name(&fixedname);
+
+ CHECK(name_exists(db, oldver, &t->name, &existed));
+ CHECK(name_exists(db, newver, &t->name, &exists));
+ if (exists == existed)
+ continue;
+
+ /*
+ * Find the predecessor.
+ * When names become obscured or unobscured in this update
+ * transaction, we may find the wrong predecessor because
+ * the NSECs have not yet been updated to reflect the delegation
+ * change. This should not matter because in this case,
+ * the correct predecessor is either the delegation node or
+ * a newly unobscured node, and those nodes are on the
+ * "affected" list in any case.
+ */
+ CHECK(next_active(client, zone, db, newver,
+ &t->name, prevname, ISC_FALSE));
+ CHECK(namelist_append_name(&affected, prevname));
+ }
+
+ /*
+ * Find names potentially affected by delegation changes
+ * (obscured by adding an NS or DNAME, or unobscured by
+ * removing one).
+ */
+ for (t = ISC_LIST_HEAD(diffnames.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ isc_boolean_t ns_existed, dname_existed;
+ isc_boolean_t ns_exists, dname_exists;
+
+ CHECK(rrset_exists(db, oldver, &t->name, dns_rdatatype_ns, 0,
+ &ns_existed));
+ CHECK(rrset_exists(db, oldver, &t->name, dns_rdatatype_dname, 0,
+ &dname_existed));
+ CHECK(rrset_exists(db, newver, &t->name, dns_rdatatype_ns, 0,
+ &ns_exists));
+ CHECK(rrset_exists(db, newver, &t->name, dns_rdatatype_dname, 0,
+ &dname_exists));
+ if ((ns_exists || dname_exists) == (ns_existed || dname_existed))
+ continue;
+ /*
+ * There was a delegation change. Mark all subdomains
+ * of t->name as potentially needing a NSEC update.
+ */
+ CHECK(namelist_append_subdomain(db, &t->name, &affected));
+ }
+
+ ISC_LIST_APPENDLIST(affected.tuples, diffnames.tuples, link);
+ INSIST(ISC_LIST_EMPTY(diffnames.tuples));
+
+ CHECK(uniqify_name_list(&affected));
+
+ /*
+ * Determine which names should have NSECs, and delete/create
+ * NSECs to make it so. We don't know the final NSEC targets yet,
+ * so we just create placeholder NSECs with arbitrary contents
+ * to indicate that their respective owner names should be part of
+ * the NSEC chain.
+ */
+ for (t = ISC_LIST_HEAD(affected.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ isc_boolean_t exists;
+ dns_name_t *name = &t->name;
+
+ CHECK(name_exists(db, newver, name, &exists));
+ if (! exists)
+ continue;
+ CHECK(is_active(db, newver, name, &flag, &cut, NULL));
+ if (!flag) {
+ /*
+ * This name is obscured. Delete any
+ * existing NSEC record.
+ */
+ CHECK(delete_if(true_p, db, newver, name,
+ dns_rdatatype_nsec, 0,
+ NULL, &nsec_diff));
+ CHECK(delete_if(rrsig_p, db, newver, name,
+ dns_rdatatype_any, 0, NULL, diff));
+ } else {
+ /*
+ * This name is not obscured. It should have a NSEC.
+ */
+ CHECK(rrset_exists(db, newver, name,
+ dns_rdatatype_nsec, 0, &flag));
+ if (! flag)
+ CHECK(add_placeholder_nsec(db, newver, name,
+ diff));
+ CHECK(add_exposed_sigs(client, zone, db, newver, name,
+ cut, diff, zone_keys, nkeys,
+ inception, expire, check_ksk));
+ }
+ }
+
+ /*
+ * Now we know which names are part of the NSEC chain.
+ * Make them all point at their correct targets.
+ */
+ for (t = ISC_LIST_HEAD(affected.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ CHECK(rrset_exists(db, newver, &t->name,
+ dns_rdatatype_nsec, 0, &flag));
+ if (flag) {
+ /*
+ * There is a NSEC, but we don't know if it is correct.
+ * Delete it and create a correct one to be sure.
+ * If the update was unnecessary, the diff minimization
+ * will take care of eliminating it from the journal,
+ * IXFRs, etc.
+ *
+ * The RRSIG bit should always be set in the NSECs
+ * we generate, because they will all get RRSIG NSECs.
+ * (XXX what if the zone keys are missing?).
+ * Because the RRSIG NSECs have not necessarily been
+ * created yet, the correctness of the bit mask relies
+ * on the assumption that NSECs are only created if
+ * there is other data, and if there is other data,
+ * there are other RRSIGs.
+ */
+ CHECK(add_nsec(client, zone, db, newver, &t->name,
+ nsecttl, &nsec_diff));
+ }
+ }
+
+ /*
+ * Minimize the set of NSEC updates so that we don't
+ * have to regenerate the RRSIG NSECs for NSECs that were
+ * replaced with identical ones.
+ */
+ while ((t = ISC_LIST_HEAD(nsec_diff.tuples)) != NULL) {
+ ISC_LIST_UNLINK(nsec_diff.tuples, t, link);
+ dns_diff_appendminimal(&nsec_mindiff, &t);
+ }
+
+ update_log(client, zone, ISC_LOG_DEBUG(3),
+ "signing rebuilt NSEC chain");
+
+ /* Update RRSIG NSECs. */
+ for (t = ISC_LIST_HEAD(nsec_mindiff.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ if (t->op == DNS_DIFFOP_DEL) {
+ CHECK(delete_if(true_p, db, newver, &t->name,
+ dns_rdatatype_rrsig, dns_rdatatype_nsec,
+ NULL, &sig_diff));
+ } else if (t->op == DNS_DIFFOP_ADD) {
+ CHECK(add_sigs(client, zone, db, newver, &t->name,
+ dns_rdatatype_nsec, &sig_diff,
+ zone_keys, nkeys, inception, expire,
+ check_ksk));
+ } else {
+ INSIST(0);
+ }
+ }
+
+ update_nsec3:
+
+ /* Record our changes for the journal. */
+ while ((t = ISC_LIST_HEAD(sig_diff.tuples)) != NULL) {
+ ISC_LIST_UNLINK(sig_diff.tuples, t, link);
+ dns_diff_appendminimal(diff, &t);
+ }
+ while ((t = ISC_LIST_HEAD(nsec_mindiff.tuples)) != NULL) {
+ ISC_LIST_UNLINK(nsec_mindiff.tuples, t, link);
+ dns_diff_appendminimal(diff, &t);
+ }
+
+ INSIST(ISC_LIST_EMPTY(sig_diff.tuples));
+ INSIST(ISC_LIST_EMPTY(nsec_diff.tuples));
+ INSIST(ISC_LIST_EMPTY(nsec_mindiff.tuples));
+
+ /*
+ * Check if we have any active NSEC3 chains by looking for a
+ * NSEC3PARAM RRset.
+ */
+ CHECK(rrset_exists(db, newver, dns_db_origin(db),
+ dns_rdatatype_nsec3param, 0, &flag));
+ if (!flag) {
+ update_log(client, zone, ISC_LOG_DEBUG(3),
+ "no NSEC3 chains to rebuild");
+ goto failure;
+ }
+
+ update_log(client, zone, ISC_LOG_DEBUG(3), "rebuilding NSEC3 chains");
+
+ dns_diff_clear(&diffnames);
+ dns_diff_clear(&affected);
+
+ CHECK(dns_diff_sort(diff, temp_order));
+
+ /*
+ * Find names potentially affected by delegation changes
+ * (obscured by adding an NS or DNAME, or unobscured by
+ * removing one).
+ */
+ t = ISC_LIST_HEAD(diff->tuples);
+ while (t != NULL) {
+ dns_name_t *name = &t->name;
+
+ isc_boolean_t ns_existed, dname_existed;
+ isc_boolean_t ns_exists, dname_exists;
+
+ if (t->rdata.type == dns_rdatatype_nsec ||
+ t->rdata.type == dns_rdatatype_rrsig) {
+ t = ISC_LIST_NEXT(t, link);
+ continue;
+ }
+
+ CHECK(namelist_append_name(&affected, name));
+
+ CHECK(rrset_exists(db, oldver, name, dns_rdatatype_ns, 0,
+ &ns_existed));
+ CHECK(rrset_exists(db, oldver, name, dns_rdatatype_dname, 0,
+ &dname_existed));
+ CHECK(rrset_exists(db, newver, name, dns_rdatatype_ns, 0,
+ &ns_exists));
+ CHECK(rrset_exists(db, newver, name, dns_rdatatype_dname, 0,
+ &dname_exists));
+
+ if ((ns_exists || dname_exists) == (ns_existed || dname_existed))
+ goto nextname;
+ /*
+ * There was a delegation change. Mark all subdomains
+ * of t->name as potentially needing a NSEC3 update.
+ */
+ CHECK(namelist_append_subdomain(db, name, &affected));
+
+ nextname:
+ while (t != NULL && dns_name_equal(&t->name, name))
+ t = ISC_LIST_NEXT(t, link);
+ }
+
+ for (t = ISC_LIST_HEAD(affected.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link)) {
+ dns_name_t *name = &t->name;
+
+ unsecure = ISC_FALSE; /* Silence compiler warning. */
+ CHECK(is_active(db, newver, name, &flag, &cut, &unsecure));
+
+ if (!flag) {
+ CHECK(delete_if(rrsig_p, db, newver, name,
+ dns_rdatatype_any, 0, NULL, diff));
+ CHECK(dns_nsec3_delnsec3s(db, newver, name,
+ &nsec_diff));
+ } else {
+ CHECK(add_exposed_sigs(client, zone, db, newver, name,
+ cut, diff, zone_keys, nkeys,
+ inception, expire, check_ksk));
+ CHECK(dns_nsec3_addnsec3s(db, newver, name, nsecttl,
+ unsecure, &nsec_diff));
+ }
+ }
+
+ /*
+ * Minimize the set of NSEC3 updates so that we don't
+ * have to regenerate the RRSIG NSEC3s for NSEC3s that were
+ * replaced with identical ones.
+ */
+ while ((t = ISC_LIST_HEAD(nsec_diff.tuples)) != NULL) {
+ ISC_LIST_UNLINK(nsec_diff.tuples, t, link);
+ dns_diff_appendminimal(&nsec_mindiff, &t);
+ }
+
+ update_log(client, zone, ISC_LOG_DEBUG(3),
+ "signing rebuilt NSEC3 chain");
+
+ /* Update RRSIG NSEC3s. */
+ for (t = ISC_LIST_HEAD(nsec_mindiff.tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link))
+ {
+ if (t->op == DNS_DIFFOP_DEL) {
+ CHECK(delete_if(true_p, db, newver, &t->name,
+ dns_rdatatype_rrsig,
+ dns_rdatatype_nsec3,
+ NULL, &sig_diff));
+ } else if (t->op == DNS_DIFFOP_ADD) {
+ CHECK(add_sigs(client, zone, db, newver, &t->name,
+ dns_rdatatype_nsec3,
+ &sig_diff, zone_keys, nkeys,
+ inception, expire, check_ksk));
+ } else {
+ INSIST(0);
+ }
+ }
+
+ /* Record our changes for the journal. */
+ while ((t = ISC_LIST_HEAD(sig_diff.tuples)) != NULL) {
+ ISC_LIST_UNLINK(sig_diff.tuples, t, link);
+ dns_diff_appendminimal(diff, &t);
+ }
+ while ((t = ISC_LIST_HEAD(nsec_mindiff.tuples)) != NULL) {
+ ISC_LIST_UNLINK(nsec_mindiff.tuples, t, link);
+ dns_diff_appendminimal(diff, &t);
+ }
+
+ INSIST(ISC_LIST_EMPTY(sig_diff.tuples));
+ INSIST(ISC_LIST_EMPTY(nsec_diff.tuples));
+ INSIST(ISC_LIST_EMPTY(nsec_mindiff.tuples));
+
+ failure:
+ dns_diff_clear(&sig_diff);
+ dns_diff_clear(&nsec_diff);
+ dns_diff_clear(&nsec_mindiff);
+
+ dns_diff_clear(&affected);
+ dns_diff_clear(&diffnames);
+
+ for (i = 0; i < nkeys; i++)
+ dst_key_free(&zone_keys[i]);
+
+ return (result);
+}
+
+
+/**************************************************************************/
+/*%
+ * The actual update code in all its glory. We try to follow
+ * the RFC2136 pseudocode as closely as possible.
+ */
+
+static isc_result_t
+send_update_event(ns_client_t *client, dns_zone_t *zone) {
+ isc_result_t result = ISC_R_SUCCESS;
+ update_event_t *event = NULL;
+ isc_task_t *zonetask = NULL;
+ ns_client_t *evclient;
+
+ event = (update_event_t *)
+ isc_event_allocate(client->mctx, client, DNS_EVENT_UPDATE,
+ update_action, NULL, sizeof(*event));
+ if (event == NULL)
+ FAIL(ISC_R_NOMEMORY);
+ event->zone = zone;
+ event->result = ISC_R_SUCCESS;
+
+ evclient = NULL;
+ ns_client_attach(client, &evclient);
+ INSIST(client->nupdates == 0);
+ client->nupdates++;
+ event->ev_arg = evclient;
+
+ dns_zone_gettask(zone, &zonetask);
+ isc_task_send(zonetask, ISC_EVENT_PTR(&event));
+
+ failure:
+ if (event != NULL)
+ isc_event_free(ISC_EVENT_PTR(&event));
+ return (result);
+}
+
+static void
+respond(ns_client_t *client, isc_result_t result) {
+ isc_result_t msg_result;
+
+ msg_result = dns_message_reply(client->message, ISC_TRUE);
+ if (msg_result != ISC_R_SUCCESS)
+ goto msg_failure;
+ client->message->rcode = dns_result_torcode(result);
+
+ ns_client_send(client);
+ return;
+
+ msg_failure:
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE,
+ ISC_LOG_ERROR,
+ "could not create update response message: %s",
+ isc_result_totext(msg_result));
+ ns_client_next(client, msg_result);
+}
+
+void
+ns_update_start(ns_client_t *client, isc_result_t sigresult) {
+ dns_message_t *request = client->message;
+ isc_result_t result;
+ dns_name_t *zonename;
+ dns_rdataset_t *zone_rdataset;
+ dns_zone_t *zone = NULL;
+
+ /*
+ * Interpret the zone section.
+ */
+ result = dns_message_firstname(request, DNS_SECTION_ZONE);
+ if (result != ISC_R_SUCCESS)
+ FAILC(DNS_R_FORMERR, "update zone section empty");
+
+ /*
+ * The zone section must contain exactly one "question", and
+ * it must be of type SOA.
+ */
+ zonename = NULL;
+ dns_message_currentname(request, DNS_SECTION_ZONE, &zonename);
+ zone_rdataset = ISC_LIST_HEAD(zonename->list);
+ if (zone_rdataset->type != dns_rdatatype_soa)
+ FAILC(DNS_R_FORMERR,
+ "update zone section contains non-SOA");
+ if (ISC_LIST_NEXT(zone_rdataset, link) != NULL)
+ FAILC(DNS_R_FORMERR,
+ "update zone section contains multiple RRs");
+
+ /* The zone section must have exactly one name. */
+ result = dns_message_nextname(request, DNS_SECTION_ZONE);
+ if (result != ISC_R_NOMORE)
+ FAILC(DNS_R_FORMERR,
+ "update zone section contains multiple RRs");
+
+ result = dns_zt_find(client->view->zonetable, zonename, 0, NULL,
+ &zone);
+ if (result != ISC_R_SUCCESS)
+ FAILC(DNS_R_NOTAUTH, "not authoritative for update zone");
+
+ switch(dns_zone_gettype(zone)) {
+ case dns_zone_master:
+ /*
+ * We can now fail due to a bad signature as we now know
+ * that we are the master.
+ */
+ if (sigresult != ISC_R_SUCCESS)
+ FAIL(sigresult);
+ CHECK(send_update_event(client, zone));
+ break;
+ case dns_zone_slave:
+ CHECK(checkupdateacl(client, dns_zone_getforwardacl(zone),
+ "update forwarding", zonename, ISC_TRUE,
+ ISC_FALSE));
+ CHECK(send_forward_event(client, zone));
+ break;
+ default:
+ FAILC(DNS_R_NOTAUTH, "not authoritative for update zone");
+ }
+ return;
+
+ failure:
+ if (result == DNS_R_REFUSED) {
+ INSIST(dns_zone_gettype(zone) == dns_zone_slave);
+ inc_stats(zone, dns_nsstatscounter_updaterej);
+ }
+ /*
+ * We failed without having sent an update event to the zone.
+ * We are still in the client task context, so we can
+ * simply give an error response without switching tasks.
+ */
+ respond(client, result);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+}
+
+/*%
+ * DS records are not allowed to exist without corresponding NS records,
+ * RFC 3658, 2.2 Protocol Change,
+ * "DS RRsets MUST NOT appear at non-delegation points or at a zone's apex".
+ */
+
+static isc_result_t
+remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) {
+ isc_result_t result;
+ isc_boolean_t ns_exists;
+ dns_difftuple_t *t;
+
+ for (t = ISC_LIST_HEAD(diff->tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link)) {
+ if (!((t->op == DNS_DIFFOP_DEL &&
+ t->rdata.type == dns_rdatatype_ns) ||
+ (t->op == DNS_DIFFOP_ADD &&
+ t->rdata.type == dns_rdatatype_ds)))
+ continue;
+ CHECK(rrset_exists(db, newver, &t->name, dns_rdatatype_ns, 0,
+ &ns_exists));
+ if (ns_exists && !dns_name_equal(&t->name, dns_db_origin(db)))
+ continue;
+ CHECK(delete_if(true_p, db, newver, &t->name,
+ dns_rdatatype_ds, 0, NULL, diff));
+ }
+ return (ISC_R_SUCCESS);
+
+ failure:
+ return (result);
+}
+
+/*
+ * This implements the post load integrity checks for mx records.
+ */
+static isc_result_t
+check_mx(ns_client_t *client, dns_zone_t *zone,
+ dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff)
+{
+ char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123.")];
+ char ownerbuf[DNS_NAME_FORMATSIZE];
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char altbuf[DNS_NAME_FORMATSIZE];
+ dns_difftuple_t *t;
+ dns_fixedname_t fixed;
+ dns_name_t *foundname;
+ dns_rdata_mx_t mx;
+ dns_rdata_t rdata;
+ isc_boolean_t ok = ISC_TRUE;
+ isc_boolean_t isaddress;
+ isc_result_t result;
+ struct in6_addr addr6;
+ struct in_addr addr;
+ unsigned int options;
+
+ dns_fixedname_init(&fixed);
+ foundname = dns_fixedname_name(&fixed);
+ dns_rdata_init(&rdata);
+ options = dns_zone_getoptions(zone);
+
+ for (t = ISC_LIST_HEAD(diff->tuples);
+ t != NULL;
+ t = ISC_LIST_NEXT(t, link)) {
+ if (t->op != DNS_DIFFOP_ADD ||
+ t->rdata.type != dns_rdatatype_mx)
+ continue;
+
+ result = dns_rdata_tostruct(&t->rdata, &mx, NULL);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ /*
+ * Check if we will error out if we attempt to reload the
+ * zone.
+ */
+ dns_name_format(&mx.mx, namebuf, sizeof(namebuf));
+ dns_name_format(&t->name, ownerbuf, sizeof(ownerbuf));
+ isaddress = ISC_FALSE;
+ if ((options & DNS_RDATA_CHECKMX) != 0 &&
+ strlcpy(tmp, namebuf, sizeof(tmp)) < sizeof(tmp)) {
+ if (tmp[strlen(tmp) - 1] == '.')
+ tmp[strlen(tmp) - 1] = '\0';
+ if (inet_aton(tmp, &addr) == 1 ||
+ inet_pton(AF_INET6, tmp, &addr6) == 1)
+ isaddress = ISC_TRUE;
+ }
+
+ if (isaddress && (options & DNS_RDATA_CHECKMXFAIL) != 0) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "%s/MX: '%s': %s",
+ ownerbuf, namebuf,
+ dns_result_totext(DNS_R_MXISADDRESS));
+ ok = ISC_FALSE;
+ } else if (isaddress) {
+ update_log(client, zone, ISC_LOG_WARNING,
+ "%s/MX: warning: '%s': %s",
+ ownerbuf, namebuf,
+ dns_result_totext(DNS_R_MXISADDRESS));
+ }
+
+ /*
+ * Check zone integrity checks.
+ */
+ if ((options & DNS_ZONEOPT_CHECKINTEGRITY) == 0)
+ continue;
+ result = dns_db_find(db, &mx.mx, newver, dns_rdatatype_a,
+ 0, 0, NULL, foundname, NULL, NULL);
+ if (result == ISC_R_SUCCESS)
+ continue;
+
+ if (result == DNS_R_NXRRSET) {
+ result = dns_db_find(db, &mx.mx, newver,
+ dns_rdatatype_aaaa,
+ 0, 0, NULL, foundname,
+ NULL, NULL);
+ if (result == ISC_R_SUCCESS)
+ continue;
+ }
+
+ if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "%s/MX '%s' has no address records "
+ "(A or AAAA)", ownerbuf, namebuf);
+ ok = ISC_FALSE;
+ } else if (result == DNS_R_CNAME) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "%s/MX '%s' is a CNAME (illegal)",
+ ownerbuf, namebuf);
+ ok = ISC_FALSE;
+ } else if (result == DNS_R_DNAME) {
+ dns_name_format(foundname, altbuf, sizeof altbuf);
+ update_log(client, zone, ISC_LOG_ERROR,
+ "%s/MX '%s' is below a DNAME '%s' (illegal)",
+ ownerbuf, namebuf, altbuf);
+ ok = ISC_FALSE;
+ }
+ }
+ return (ok ? ISC_R_SUCCESS : DNS_R_REFUSED);
+}
+
+static isc_result_t
+rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
+ const dns_rdata_t *rdata, isc_boolean_t *flag)
+{
+ dns_rdataset_t rdataset;
+ dns_dbnode_t *node = NULL;
+ isc_result_t result;
+
+ dns_rdataset_init(&rdataset);
+ if (rdata->type == dns_rdatatype_nsec3)
+ CHECK(dns_db_findnsec3node(db, name, ISC_FALSE, &node));
+ else
+ CHECK(dns_db_findnode(db, name, ISC_FALSE, &node));
+ result = dns_db_findrdataset(db, node, ver, rdata->type, 0,
+ (isc_stdtime_t) 0, &rdataset, NULL);
+ if (result == ISC_R_NOTFOUND) {
+ *flag = ISC_FALSE;
+ result = ISC_R_SUCCESS;
+ goto failure;
+ }
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset)) {
+ dns_rdata_t myrdata = DNS_RDATA_INIT;
+ dns_rdataset_current(&rdataset, &myrdata);
+ if (!dns_rdata_compare(&myrdata, rdata))
+ break;
+ }
+ dns_rdataset_disassociate(&rdataset);
+ if (result == ISC_R_SUCCESS) {
+ *flag = ISC_TRUE;
+ } else if (result == ISC_R_NOMORE) {
+ *flag = ISC_FALSE;
+ result = ISC_R_SUCCESS;
+ }
+
+ failure:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+
+static isc_result_t
+get_iterations(dns_db_t *db, dns_dbversion_t *ver, unsigned int *iterationsp) {
+ dns_dbnode_t *node = NULL;
+ dns_rdata_nsec3param_t nsec3param;
+ dns_rdataset_t rdataset;
+ isc_result_t result;
+ unsigned int iterations = 0;
+
+ dns_rdataset_init(&rdataset);
+
+ result = dns_db_getoriginnode(db, &node);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param,
+ 0, (isc_stdtime_t) 0, &rdataset, NULL);
+ dns_db_detachnode(db, &node);
+ if (result == ISC_R_NOTFOUND)
+ goto success;
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset)) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_current(&rdataset, &rdata);
+ CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
+ if ((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0)
+ continue;
+ if (nsec3param.iterations > iterations)
+ iterations = nsec3param.iterations;
+ }
+ if (result != ISC_R_NOMORE)
+ goto failure;
+
+ success:
+ *iterationsp = iterations;
+ result = ISC_R_SUCCESS;
+
+ failure:
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ return (result);
+}
+
+/*
+ * Prevent the zone entering a inconsistant state where
+ * NSEC only DNSKEYs are present with NSEC3 chains.
+ */
+static isc_result_t
+check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *ver, dns_diff_t *diff)
+{
+ dns_diff_t temp_diff;
+ dns_diffop_t op;
+ dns_difftuple_t *tuple, *newtuple = NULL, *next;
+ isc_boolean_t flag;
+ isc_result_t result;
+ unsigned int iterations = 0, max;
+
+ dns_diff_init(diff->mctx, &temp_diff);
+
+ CHECK(dns_nsec_nseconly(db, ver, &flag));
+
+ if (flag)
+ CHECK(dns_nsec3_active(db, ver, ISC_FALSE, &flag));
+ if (flag) {
+ update_log(client, zone, ISC_LOG_WARNING,
+ "NSEC only DNSKEYs and NSEC3 chains not allowed");
+ } else {
+ CHECK(get_iterations(db, ver, &iterations));
+ CHECK(dns_nsec3_maxiterations(db, ver, client->mctx, &max));
+ if (iterations > max) {
+ flag = ISC_TRUE;
+ update_log(client, zone, ISC_LOG_WARNING,
+ "too many NSEC3 iterations (%u) for "
+ "weakest DNSKEY (%u)", iterations, max);
+ }
+ }
+ if (flag) {
+ for (tuple = ISC_LIST_HEAD(diff->tuples);
+ tuple != NULL;
+ tuple = next) {
+ next = ISC_LIST_NEXT(tuple, link);
+ if (tuple->rdata.type != dns_rdatatype_dnskey &&
+ tuple->rdata.type != dns_rdatatype_nsec3param)
+ continue;
+ op = (tuple->op == DNS_DIFFOP_DEL) ?
+ DNS_DIFFOP_ADD : DNS_DIFFOP_DEL;
+ CHECK(dns_difftuple_create(temp_diff.mctx, op,
+ &tuple->name, tuple->ttl,
+ &tuple->rdata, &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, &temp_diff));
+ INSIST(newtuple == NULL);
+ }
+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);
+ tuple != NULL;
+ tuple = ISC_LIST_HEAD(temp_diff.tuples)) {
+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
+ dns_diff_appendminimal(diff, &tuple);
+ }
+ }
+
+
+ failure:
+ dns_diff_clear(&temp_diff);
+ return (result);
+}
+
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+/*
+ * Delay NSEC3PARAM changes as they need to be applied to the whole zone.
+ */
+static isc_result_t
+add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_name_t *name, dns_dbversion_t *ver, dns_diff_t *diff)
+{
+ isc_result_t result = ISC_R_SUCCESS;
+ dns_difftuple_t *tuple, *newtuple = NULL, *next;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
+ dns_diff_t temp_diff;
+ dns_diffop_t op;
+ isc_boolean_t flag;
+
+ update_log(client, zone, ISC_LOG_DEBUG(3),
+ "checking for NSEC3PARAM changes");
+
+ dns_diff_init(diff->mctx, &temp_diff);
+
+ /*
+ * Extract NSEC3PARAM tuples from list.
+ */
+ for (tuple = ISC_LIST_HEAD(diff->tuples);
+ tuple != NULL;
+ tuple = next) {
+
+ next = ISC_LIST_NEXT(tuple, link);
+
+ if (tuple->rdata.type != dns_rdatatype_nsec3param ||
+ !dns_name_equal(name, &tuple->name))
+ continue;
+ ISC_LIST_UNLINK(diff->tuples, tuple, link);
+ ISC_LIST_APPEND(temp_diff.tuples, tuple, link);
+ }
+
+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);
+ tuple != NULL; tuple = next) {
+
+ if (tuple->op == DNS_DIFFOP_ADD) {
+ next = ISC_LIST_NEXT(tuple, link);
+ while (next != NULL) {
+ unsigned char *next_data = next->rdata.data;
+ unsigned char *tuple_data = tuple->rdata.data;
+ if (next_data[0] != tuple_data[0] ||
+ /* Ignore flags. */
+ next_data[2] != tuple_data[2] ||
+ next_data[3] != tuple_data[3] ||
+ next_data[4] != tuple_data[4] ||
+ !memcmp(&next_data[5], &tuple_data[5],
+ tuple_data[4])) {
+ next = ISC_LIST_NEXT(next, link);
+ continue;
+ }
+ op = (next->op == DNS_DIFFOP_DEL) ?
+ DNS_DIFFOP_ADD : DNS_DIFFOP_DEL;
+ CHECK(dns_difftuple_create(diff->mctx, op,
+ name, next->ttl,
+ &next->rdata,
+ &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ ISC_LIST_UNLINK(temp_diff.tuples, next, link);
+ dns_diff_appendminimal(diff, &next);
+ next = ISC_LIST_NEXT(tuple, link);
+ }
+
+ INSIST(tuple->rdata.data[1] & DNS_NSEC3FLAG_UPDATE);
+
+ /*
+ * See if we already have a CREATE request in progress.
+ */
+ dns_rdata_clone(&tuple->rdata, &rdata);
+ INSIST(rdata.length <= sizeof(buf));
+ memcpy(buf, rdata.data, rdata.length);
+ buf[1] |= DNS_NSEC3FLAG_CREATE;
+ buf[1] &= ~DNS_NSEC3FLAG_UPDATE;
+ rdata.data = buf;
+
+ CHECK(rr_exists(db, ver, name, &rdata, &flag));
+
+ if (!flag) {
+ CHECK(dns_difftuple_create(diff->mctx,
+ DNS_DIFFOP_ADD,
+ name, tuple->ttl,
+ &rdata,
+ &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ }
+ /*
+ * Remove the temporary add record.
+ */
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL,
+ name, tuple->ttl,
+ &tuple->rdata, &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ next = ISC_LIST_NEXT(tuple, link);
+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
+ dns_diff_appendminimal(diff, &tuple);
+ dns_rdata_reset(&rdata);
+ } else
+ next = ISC_LIST_NEXT(tuple, link);
+ }
+
+ /*
+ * Reverse any pending changes.
+ */
+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);
+ tuple != NULL; tuple = next) {
+ next = ISC_LIST_NEXT(tuple, link);
+ if ((tuple->rdata.data[1] & ~DNS_NSEC3FLAG_OPTOUT) != 0) {
+ op = (tuple->op == DNS_DIFFOP_DEL) ?
+ DNS_DIFFOP_ADD : DNS_DIFFOP_DEL;
+ CHECK(dns_difftuple_create(diff->mctx, op, name,
+ tuple->ttl, &tuple->rdata,
+ &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
+ dns_diff_appendminimal(diff, &tuple);
+ }
+ }
+
+ /*
+ * Convert deletions into delayed deletions.
+ */
+ for (tuple = ISC_LIST_HEAD(temp_diff.tuples);
+ tuple != NULL; tuple = next) {
+ next = ISC_LIST_NEXT(tuple, link);
+ /*
+ * See if we already have a REMOVE request in progress.
+ */
+ dns_rdata_clone(&tuple->rdata, &rdata);
+ INSIST(rdata.length <= sizeof(buf));
+ memcpy(buf, rdata.data, rdata.length);
+ buf[1] |= DNS_NSEC3FLAG_REMOVE;
+ rdata.data = buf;
+
+ CHECK(rr_exists(db, ver, name, &rdata, &flag));
+
+ if (!flag) {
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD,
+ name, tuple->ttl, &rdata,
+ &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ }
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name,
+ tuple->ttl, &tuple->rdata,
+ &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
+ dns_diff_appendminimal(diff, &tuple);
+ dns_rdata_reset(&rdata);
+ }
+
+ result = ISC_R_SUCCESS;
+ failure:
+ dns_diff_clear(&temp_diff);
+ return (result);
+}
+#endif
+
+/*
+ * Add records to cause the delayed signing of the zone by added DNSKEY
+ * to remove the RRSIG records generated by a deleted DNSKEY.
+ */
+static isc_result_t
+add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,
+ dns_rdatatype_t privatetype, dns_diff_t *diff)
+{
+ dns_difftuple_t *tuple, *newtuple = NULL;
+ dns_rdata_dnskey_t dnskey;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_boolean_t flag;
+ isc_region_t r;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_uint16_t keyid;
+ unsigned char buf[5];
+
+ for (tuple = ISC_LIST_HEAD(diff->tuples);
+ tuple != NULL;
+ tuple = ISC_LIST_NEXT(tuple, link)) {
+ if (tuple->rdata.type != dns_rdatatype_dnskey)
+ continue;
+
+ dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+ if ((dnskey.flags &
+ (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
+ != DNS_KEYOWNER_ZONE)
+ continue;
+
+ dns_rdata_toregion(&tuple->rdata, &r);
+ keyid = dst_region_computeid(&r, dnskey.algorithm);
+
+ buf[0] = dnskey.algorithm;
+ buf[1] = (keyid & 0xff00) >> 8;
+ buf[2] = (keyid & 0xff);
+ buf[3] = (tuple->op == DNS_DIFFOP_ADD) ? 0 : 1;
+ buf[4] = 0;
+ rdata.data = buf;
+ rdata.length = sizeof(buf);
+ rdata.type = privatetype;
+ rdata.rdclass = tuple->rdata.rdclass;
+
+ CHECK(rr_exists(db, ver, name, &rdata, &flag));
+ if (flag)
+ continue;
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD,
+ name, 0, &rdata, &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ INSIST(newtuple == NULL);
+ /*
+ * Remove any record which says this operation has already
+ * completed.
+ */
+ buf[4] = 1;
+ CHECK(rr_exists(db, ver, name, &rdata, &flag));
+ if (flag) {
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL,
+ name, 0, &rdata, &newtuple));
+ CHECK(do_one_tuple(&newtuple, db, ver, diff));
+ INSIST(newtuple == NULL);
+ }
+ }
+ failure:
+ return (result);
+}
+
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+/*
+ * Mark all NSEC3 chains for deletion without creating a NSEC chain as
+ * a side effect of deleting the last chain.
+ */
+static isc_result_t
+delete_chains(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin,
+ dns_diff_t *diff)
+{
+ dns_dbnode_t *node = NULL;
+ dns_difftuple_t *tuple = NULL;
+ dns_name_t next;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_t rdataset;
+ isc_boolean_t flag;
+ isc_result_t result = ISC_R_SUCCESS;
+ unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
+
+ dns_name_init(&next, NULL);
+ dns_rdataset_init(&rdataset);
+
+ result = dns_db_getoriginnode(db, &node);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ /*
+ * Cause all NSEC3 chains to be deleted.
+ */
+ result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param,
+ 0, (isc_stdtime_t) 0, &rdataset, NULL);
+ if (result == ISC_R_NOTFOUND)
+ goto success;
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset)) {
+ dns_rdataset_current(&rdataset, &rdata);
+ INSIST(rdata.length <= sizeof(buf));
+ memcpy(buf, rdata.data, rdata.length);
+
+ if (buf[1] == (DNS_NSEC3FLAG_REMOVE | DNS_NSEC3FLAG_NONSEC)) {
+ dns_rdata_reset(&rdata);
+ continue;
+ }
+
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL,
+ origin, 0, &rdata, &tuple));
+ CHECK(do_one_tuple(&tuple, db, ver, diff));
+ INSIST(tuple == NULL);
+
+ buf[1] = DNS_NSEC3FLAG_REMOVE | DNS_NSEC3FLAG_NONSEC;
+ rdata.data = buf;
+
+ CHECK(rr_exists(db, ver, origin, &rdata, &flag));
+
+ if (!flag) {
+ CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD,
+ origin, 0, &rdata, &tuple));
+ CHECK(do_one_tuple(&tuple, db, ver, diff));
+ INSIST(tuple == NULL);
+ }
+ dns_rdata_reset(&rdata);
+ }
+ if (result != ISC_R_NOMORE)
+ goto failure;
+ success:
+ result = ISC_R_SUCCESS;
+
+ failure:
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+ return (result);
+}
+#endif
+
+static void
+update_action(isc_task_t *task, isc_event_t *event) {
+ update_event_t *uev = (update_event_t *) event;
+ dns_zone_t *zone = uev->zone;
+ ns_client_t *client = (ns_client_t *)event->ev_arg;
+
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbversion_t *oldver = NULL;
+ dns_dbversion_t *ver = NULL;
+ dns_diff_t diff; /* Pending updates. */
+ dns_diff_t temp; /* Pending RR existence assertions. */
+ isc_boolean_t soa_serial_changed = ISC_FALSE;
+ isc_mem_t *mctx = client->mctx;
+ dns_rdatatype_t covers;
+ dns_message_t *request = client->message;
+ dns_rdataclass_t zoneclass;
+ dns_name_t *zonename;
+ dns_ssutable_t *ssutable = NULL;
+ dns_fixedname_t tmpnamefixed;
+ dns_name_t *tmpname = NULL;
+ unsigned int options;
+ isc_boolean_t deleted_zsk;
+ dns_difftuple_t *tuple;
+ dns_rdata_dnskey_t dnskey;
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+ unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
+#endif
+#if !defined(ALLOW_SECURE_TO_INSECURE) || !defined(ALLOW_INSECURE_TO_SECURE)
+ isc_boolean_t had_dnskey;
+#endif
+
+ INSIST(event->ev_type == DNS_EVENT_UPDATE);
+
+ dns_diff_init(mctx, &diff);
+ dns_diff_init(mctx, &temp);
+
+ CHECK(dns_zone_getdb(zone, &db));
+ zonename = dns_db_origin(db);
+ zoneclass = dns_db_class(db);
+ dns_zone_getssutable(zone, &ssutable);
+ dns_db_currentversion(db, &oldver);
+ CHECK(dns_db_newversion(db, &ver));
+
+ /*
+ * Check prerequisites.
+ */
+
+ for (result = dns_message_firstname(request, DNS_SECTION_PREREQUISITE);
+ result == ISC_R_SUCCESS;
+ result = dns_message_nextname(request, DNS_SECTION_PREREQUISITE))
+ {
+ dns_name_t *name = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_ttl_t ttl;
+ dns_rdataclass_t update_class;
+ isc_boolean_t flag;
+
+ get_current_rr(request, DNS_SECTION_PREREQUISITE, zoneclass,
+ &name, &rdata, &covers, &ttl, &update_class);
+
+ if (ttl != 0)
+ PREREQFAILC(DNS_R_FORMERR,
+ "prerequisite TTL is not zero");
+
+ if (! dns_name_issubdomain(name, zonename))
+ PREREQFAILN(DNS_R_NOTZONE, name,
+ "prerequisite name is out of zone");
+
+ if (update_class == dns_rdataclass_any) {
+ if (rdata.length != 0)
+ PREREQFAILC(DNS_R_FORMERR,
+ "class ANY prerequisite "
+ "RDATA is not empty");
+ if (rdata.type == dns_rdatatype_any) {
+ CHECK(name_exists(db, ver, name, &flag));
+ if (! flag) {
+ PREREQFAILN(DNS_R_NXDOMAIN, name,
+ "'name in use' "
+ "prerequisite not "
+ "satisfied");
+ }
+ } else {
+ CHECK(rrset_exists(db, ver, name,
+ rdata.type, covers, &flag));
+ if (! flag) {
+ /* RRset does not exist. */
+ PREREQFAILNT(DNS_R_NXRRSET, name, rdata.type,
+ "'rrset exists (value independent)' "
+ "prerequisite not satisfied");
+ }
+ }
+ } else if (update_class == dns_rdataclass_none) {
+ if (rdata.length != 0)
+ PREREQFAILC(DNS_R_FORMERR,
+ "class NONE prerequisite "
+ "RDATA is not empty");
+ if (rdata.type == dns_rdatatype_any) {
+ CHECK(name_exists(db, ver, name, &flag));
+ if (flag) {
+ PREREQFAILN(DNS_R_YXDOMAIN, name,
+ "'name not in use' "
+ "prerequisite not "
+ "satisfied");
+ }
+ } else {
+ CHECK(rrset_exists(db, ver, name,
+ rdata.type, covers, &flag));
+ if (flag) {
+ /* RRset exists. */
+ PREREQFAILNT(DNS_R_YXRRSET, name,
+ rdata.type,
+ "'rrset does not exist' "
+ "prerequisite not "
+ "satisfied");
+ }
+ }
+ } else if (update_class == zoneclass) {
+ /* "temp<rr.name, rr.type> += rr;" */
+ result = temp_append(&temp, name, &rdata);
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "temp entry creation failed: %s",
+ dns_result_totext(result));
+ FAIL(ISC_R_UNEXPECTED);
+ }
+ } else {
+ PREREQFAILC(DNS_R_FORMERR, "malformed prerequisite");
+ }
+ }
+ if (result != ISC_R_NOMORE)
+ FAIL(result);
+
+
+ /*
+ * Perform the final check of the "rrset exists (value dependent)"
+ * prerequisites.
+ */
+ if (ISC_LIST_HEAD(temp.tuples) != NULL) {
+ dns_rdatatype_t type;
+
+ /*
+ * Sort the prerequisite records by owner name,
+ * type, and rdata.
+ */
+ result = dns_diff_sort(&temp, temp_order);
+ if (result != ISC_R_SUCCESS)
+ FAILC(result, "'RRset exists (value dependent)' "
+ "prerequisite not satisfied");
+
+ dns_fixedname_init(&tmpnamefixed);
+ tmpname = dns_fixedname_name(&tmpnamefixed);
+ result = temp_check(mctx, &temp, db, ver, tmpname, &type);
+ if (result != ISC_R_SUCCESS)
+ FAILNT(result, tmpname, type,
+ "'RRset exists (value dependent)' "
+ "prerequisite not satisfied");
+ }
+
+ update_log(client, zone, LOGLEVEL_DEBUG,
+ "prerequisites are OK");
+
+ /*
+ * Check Requestor's Permissions. It seems a bit silly to do this
+ * only after prerequisite testing, but that is what RFC2136 says.
+ */
+ result = ISC_R_SUCCESS;
+ if (ssutable == NULL)
+ CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),
+ "update", zonename, ISC_FALSE, ISC_FALSE));
+ else if (client->signer == NULL && !TCPCLIENT(client))
+ CHECK(checkupdateacl(client, NULL, "update", zonename,
+ ISC_FALSE, ISC_TRUE));
+
+ if (dns_zone_getupdatedisabled(zone))
+ FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled "
+ "because the zone is frozen. Use "
+ "'rndc thaw' to re-enable updates.");
+
+ /*
+ * Perform the Update Section Prescan.
+ */
+
+ for (result = dns_message_firstname(request, DNS_SECTION_UPDATE);
+ result == ISC_R_SUCCESS;
+ result = dns_message_nextname(request, DNS_SECTION_UPDATE))
+ {
+ dns_name_t *name = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_ttl_t ttl;
+ dns_rdataclass_t update_class;
+ get_current_rr(request, DNS_SECTION_UPDATE, zoneclass,
+ &name, &rdata, &covers, &ttl, &update_class);
+
+ if (! dns_name_issubdomain(name, zonename))
+ FAILC(DNS_R_NOTZONE,
+ "update RR is outside zone");
+ if (update_class == zoneclass) {
+ /*
+ * Check for meta-RRs. The RFC2136 pseudocode says
+ * check for ANY|AXFR|MAILA|MAILB, but the text adds
+ * "or any other QUERY metatype"
+ */
+ if (dns_rdatatype_ismeta(rdata.type)) {
+ FAILC(DNS_R_FORMERR,
+ "meta-RR in update");
+ }
+ result = dns_zone_checknames(zone, name, &rdata);
+ if (result != ISC_R_SUCCESS)
+ FAIL(DNS_R_REFUSED);
+ } else if (update_class == dns_rdataclass_any) {
+ if (ttl != 0 || rdata.length != 0 ||
+ (dns_rdatatype_ismeta(rdata.type) &&
+ rdata.type != dns_rdatatype_any))
+ FAILC(DNS_R_FORMERR,
+ "meta-RR in update");
+ } else if (update_class == dns_rdataclass_none) {
+ if (ttl != 0 ||
+ dns_rdatatype_ismeta(rdata.type))
+ FAILC(DNS_R_FORMERR,
+ "meta-RR in update");
+ } else {
+ update_log(client, zone, ISC_LOG_WARNING,
+ "update RR has incorrect class %d",
+ update_class);
+ FAIL(DNS_R_FORMERR);
+ }
+ /*
+ * draft-ietf-dnsind-simple-secure-update-01 says
+ * "Unlike traditional dynamic update, the client
+ * is forbidden from updating NSEC records."
+ */
+ if (dns_db_issecure(db)) {
+ if (rdata.type == dns_rdatatype_nsec3) {
+ FAILC(DNS_R_REFUSED,
+ "explicit NSEC3 updates are not allowed "
+ "in secure zones");
+ } else if (rdata.type == dns_rdatatype_nsec) {
+ FAILC(DNS_R_REFUSED,
+ "explicit NSEC updates are not allowed "
+ "in secure zones");
+ } else if (rdata.type == dns_rdatatype_rrsig &&
+ !dns_name_equal(name, zonename)) {
+ FAILC(DNS_R_REFUSED,
+ "explicit RRSIG updates are currently "
+ "not supported in secure zones except "
+ "at the apex");
+ }
+ }
+
+ if (ssutable != NULL) {
+ isc_netaddr_t *tcpaddr, netaddr;
+ /*
+ * If this is a TCP connection then pass the
+ * address of the client through for tcp-self
+ * and 6to4-self otherwise pass NULL. This
+ * provides weak address based authentication.
+ */
+ if (TCPCLIENT(client)) {
+ isc_netaddr_fromsockaddr(&netaddr,
+ &client->peeraddr);
+ tcpaddr = &netaddr;
+ } else
+ tcpaddr = NULL;
+ if (rdata.type != dns_rdatatype_any) {
+ if (!dns_ssutable_checkrules(ssutable,
+ client->signer,
+ name, tcpaddr,
+ rdata.type))
+ FAILC(DNS_R_REFUSED,
+ "rejected by secure update");
+ } else {
+ if (!ssu_checkall(db, ver, name, ssutable,
+ client->signer, tcpaddr))
+ FAILC(DNS_R_REFUSED,
+ "rejected by secure update");
+ }
+ }
+ }
+ if (result != ISC_R_NOMORE)
+ FAIL(result);
+
+ update_log(client, zone, LOGLEVEL_DEBUG,
+ "update section prescan OK");
+
+ /*
+ * Process the Update Section.
+ */
+
+ options = dns_zone_getoptions(zone);
+ for (result = dns_message_firstname(request, DNS_SECTION_UPDATE);
+ result == ISC_R_SUCCESS;
+ result = dns_message_nextname(request, DNS_SECTION_UPDATE))
+ {
+ dns_name_t *name = NULL;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_ttl_t ttl;
+ dns_rdataclass_t update_class;
+ isc_boolean_t flag;
+
+ get_current_rr(request, DNS_SECTION_UPDATE, zoneclass,
+ &name, &rdata, &covers, &ttl, &update_class);
+
+ if (update_class == zoneclass) {
+
+ /*
+ * RFC1123 doesn't allow MF and MD in master zones. */
+ if (rdata.type == dns_rdatatype_md ||
+ rdata.type == dns_rdatatype_mf) {
+ char typebuf[DNS_RDATATYPE_FORMATSIZE];
+
+ dns_rdatatype_format(rdata.type, typebuf,
+ sizeof(typebuf));
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "attempt to add %s ignored",
+ typebuf);
+ continue;
+ }
+ if ((rdata.type == dns_rdatatype_ns ||
+ rdata.type == dns_rdatatype_dname) &&
+ dns_name_iswildcard(name)) {
+ char typebuf[DNS_RDATATYPE_FORMATSIZE];
+
+ dns_rdatatype_format(rdata.type, typebuf,
+ sizeof(typebuf));
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to add wildcard %s record "
+ "ignored", typebuf);
+ continue;
+ }
+ if (rdata.type == dns_rdatatype_cname) {
+ CHECK(cname_incompatible_rrset_exists(db, ver,
+ name,
+ &flag));
+ if (flag) {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to add CNAME "
+ "alongside non-CNAME "
+ "ignored");
+ continue;
+ }
+ } else {
+ CHECK(rrset_exists(db, ver, name,
+ dns_rdatatype_cname, 0,
+ &flag));
+ if (flag &&
+ ! dns_rdatatype_isdnssec(rdata.type))
+ {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to add non-CNAME "
+ "alongside CNAME ignored");
+ continue;
+ }
+ }
+ if (rdata.type == dns_rdatatype_soa) {
+ isc_boolean_t ok;
+ CHECK(rrset_exists(db, ver, name,
+ dns_rdatatype_soa, 0,
+ &flag));
+ if (! flag) {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to create 2nd "
+ "SOA ignored");
+ continue;
+ }
+ CHECK(check_soa_increment(db, ver, &rdata,
+ &ok));
+ if (! ok) {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "SOA update failed to "
+ "increment serial, "
+ "ignoring it");
+ continue;
+ }
+ soa_serial_changed = ISC_TRUE;
+ }
+
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+ if (rdata.type == dns_rdatatype_nsec3param) {
+ /*
+ * Ignore attempts to add NSEC3PARAM records
+ * with any flags other than OPTOUT.
+ */
+ if ((rdata.data[1] & ~DNS_NSEC3FLAG_OPTOUT) != 0) {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to add NSEC3PARAM "
+ "record with non OPTOUT "
+ "flag");
+ continue;
+ }
+
+ /*
+ * Set the NSEC3CHAIN creation flag.
+ */
+ INSIST(rdata.length <= sizeof(buf));
+ memcpy(buf, rdata.data, rdata.length);
+ buf[1] |= DNS_NSEC3FLAG_UPDATE;
+ rdata.data = buf;
+ /*
+ * Force the TTL to zero for NSEC3PARAM records.
+ */
+ ttl = 0;
+ }
+#else
+ if (rdata.type == dns_rdatatype_nsec3param) {
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "attempt to add NSEC3PARAM "
+ "record ignored");
+ continue;
+ };
+#endif
+
+ if ((options & DNS_ZONEOPT_CHECKWILDCARD) != 0 &&
+ dns_name_internalwildcard(name)) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_name_format(name, namestr,
+ sizeof(namestr));
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "warning: ownername '%s' contains "
+ "a non-terminal wildcard", namestr);
+ }
+
+ if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char typestr[DNS_RDATATYPE_FORMATSIZE];
+ dns_name_format(name, namestr,
+ sizeof(namestr));
+ dns_rdatatype_format(rdata.type, typestr,
+ sizeof(typestr));
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "adding an RR at '%s' %s",
+ namestr, typestr);
+ }
+
+ /* Prepare the affected RRset for the addition. */
+ {
+ add_rr_prepare_ctx_t ctx;
+ ctx.db = db;
+ ctx.ver = ver;
+ ctx.diff = &diff;
+ ctx.name = name;
+ ctx.update_rr = &rdata;
+ ctx.update_rr_ttl = ttl;
+ ctx.ignore_add = ISC_FALSE;
+ dns_diff_init(mctx, &ctx.del_diff);
+ dns_diff_init(mctx, &ctx.add_diff);
+ CHECK(foreach_rr(db, ver, name, rdata.type,
+ covers, add_rr_prepare_action,
+ &ctx));
+
+ if (ctx.ignore_add) {
+ dns_diff_clear(&ctx.del_diff);
+ dns_diff_clear(&ctx.add_diff);
+ } else {
+ CHECK(do_diff(&ctx.del_diff, db, ver,
+ &diff));
+ CHECK(do_diff(&ctx.add_diff, db, ver,
+ &diff));
+ CHECK(update_one_rr(db, ver, &diff,
+ DNS_DIFFOP_ADD,
+ name, ttl, &rdata));
+ }
+ }
+ } else if (update_class == dns_rdataclass_any) {
+ if (rdata.type == dns_rdatatype_any) {
+ if (isc_log_wouldlog(ns_g_lctx,
+ LOGLEVEL_PROTOCOL))
+ {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_name_format(name, namestr,
+ sizeof(namestr));
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "delete all rrsets from "
+ "name '%s'", namestr);
+ }
+ if (dns_name_equal(name, zonename)) {
+ CHECK(delete_if(type_not_soa_nor_ns_p,
+ db, ver, name,
+ dns_rdatatype_any, 0,
+ &rdata, &diff));
+ } else {
+ CHECK(delete_if(type_not_dnssec,
+ db, ver, name,
+ dns_rdatatype_any, 0,
+ &rdata, &diff));
+ }
+#ifndef ALLOW_NSEC3PARAM_UPDATE
+ } else if (rdata.type == dns_rdatatype_nsec3param) {
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "attempt to delete a NSEC3PARAM "
+ "records ignored");
+ continue;
+#endif
+ } else if (dns_name_equal(name, zonename) &&
+ (rdata.type == dns_rdatatype_soa ||
+ rdata.type == dns_rdatatype_ns)) {
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "attempt to delete all SOA "
+ "or NS records ignored");
+ continue;
+ } else {
+ if (isc_log_wouldlog(ns_g_lctx,
+ LOGLEVEL_PROTOCOL))
+ {
+ char namestr[DNS_NAME_FORMATSIZE];
+ char typestr[DNS_RDATATYPE_FORMATSIZE];
+ dns_name_format(name, namestr,
+ sizeof(namestr));
+ dns_rdatatype_format(rdata.type,
+ typestr,
+ sizeof(typestr));
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "deleting rrset at '%s' %s",
+ namestr, typestr);
+ }
+ CHECK(delete_if(true_p, db, ver, name,
+ rdata.type, covers, &rdata,
+ &diff));
+ }
+ } else if (update_class == dns_rdataclass_none) {
+ /*
+ * The (name == zonename) condition appears in
+ * RFC2136 3.4.2.4 but is missing from the pseudocode.
+ */
+ if (dns_name_equal(name, zonename)) {
+ if (rdata.type == dns_rdatatype_soa) {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to delete SOA "
+ "ignored");
+ continue;
+ }
+ if (rdata.type == dns_rdatatype_ns) {
+ int count;
+ CHECK(rr_count(db, ver, name,
+ dns_rdatatype_ns,
+ 0, &count));
+ if (count == 1) {
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "attempt to "
+ "delete last "
+ "NS ignored");
+ continue;
+ }
+ }
+ }
+ update_log(client, zone,
+ LOGLEVEL_PROTOCOL,
+ "deleting an RR");
+ CHECK(delete_if(rr_equal_p, db, ver, name,
+ rdata.type, covers, &rdata, &diff));
+ }
+ }
+ if (result != ISC_R_NOMORE)
+ FAIL(result);
+
+ /*
+ * Check that any changes to DNSKEY/NSEC3PARAM records make sense.
+ * If they don't then back out all changes to DNSKEY/NSEC3PARAM
+ * records.
+ */
+ if (! ISC_LIST_EMPTY(diff.tuples))
+ CHECK(check_dnssec(client, zone, db, ver, &diff));
+
+ /*
+ * If any changes were made, increment the SOA serial number,
+ * update RRSIGs and NSECs (if zone is secure), and write the update
+ * to the journal.
+ */
+ if (! ISC_LIST_EMPTY(diff.tuples)) {
+ char *journalfile;
+ dns_journal_t *journal;
+ isc_boolean_t has_dnskey;
+
+ /*
+ * Increment the SOA serial, but only if it was not
+ * changed as a result of an update operation.
+ */
+ if (! soa_serial_changed) {
+ CHECK(increment_soa_serial(db, ver, &diff, mctx));
+ }
+
+ CHECK(check_mx(client, zone, db, ver, &diff));
+
+ CHECK(remove_orphaned_ds(db, ver, &diff));
+
+ CHECK(rrset_exists(db, ver, zonename, dns_rdatatype_dnskey,
+ 0, &has_dnskey));
+
+#if !defined(ALLOW_SECURE_TO_INSECURE) || !defined(ALLOW_INSECURE_TO_SECURE)
+ CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey,
+ 0, &had_dnskey));
+
+#ifndef ALLOW_SECURE_TO_INSECURE
+ if (had_dnskey && !has_dnskey) {
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "update rejected: all DNSKEY records "
+ "removed");
+ result = DNS_R_REFUSED;
+ goto failure;
+ }
+#endif
+#ifndef ALLOW_INSECURE_TO_SECURE
+ if (had_dnskey && !has_dnskey) {
+ update_log(client, zone, LOGLEVEL_PROTOCOL,
+ "update rejected: DNSKEY record added");
+ result = DNS_R_REFUSED;
+ goto failure;
+ }
+#endif
+#endif
+
+ CHECK(add_signing_records(db, zonename, ver,
+ dns_zone_getprivatetype(zone),
+ &diff));
+
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+ CHECK(add_nsec3param_records(client, zone, db, zonename,
+ ver, &diff));
+#endif
+
+ if (!has_dnskey) {
+ /*
+ * We are transitioning from secure to insecure.
+ * Cause all NSEC3 chains to be deleted. When the
+ * the last signature for the DNSKEY records are
+ * remove any NSEC chain present will also be removed.
+ */
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+ CHECK(delete_chains(db, ver, zonename, &diff));
+#endif
+ } else if (has_dnskey && dns_db_isdnssec(db)) {
+ isc_uint32_t interval;
+ interval = dns_zone_getsigvalidityinterval(zone);
+ result = update_signatures(client, zone, db, oldver,
+ ver, &diff, interval,
+ &deleted_zsk);
+ if (result != ISC_R_SUCCESS) {
+ update_log(client, zone,
+ ISC_LOG_ERROR,
+ "RRSIG/NSEC/NSEC3 update failed: %s",
+ isc_result_totext(result));
+ goto failure;
+ }
+ }
+
+ journalfile = dns_zone_getjournal(zone);
+ if (journalfile != NULL) {
+ update_log(client, zone, LOGLEVEL_DEBUG,
+ "writing journal %s", journalfile);
+
+ journal = NULL;
+ result = dns_journal_open(mctx, journalfile,
+ ISC_TRUE, &journal);
+ if (result != ISC_R_SUCCESS)
+ FAILS(result, "journal open failed");
+
+ result = dns_journal_write_transaction(journal, &diff);
+ if (result != ISC_R_SUCCESS) {
+ dns_journal_destroy(&journal);
+ FAILS(result, "journal write failed");
+ }
+
+ dns_journal_destroy(&journal);
+ }
+
+ /*
+ * XXXRTH Just a note that this committing code will have
+ * to change to handle databases that need two-phase
+ * commit, but this isn't a priority.
+ */
+ update_log(client, zone, LOGLEVEL_DEBUG,
+ "committing update transaction");
+
+ dns_db_closeversion(db, &ver, ISC_TRUE);
+
+ /*
+ * Mark the zone as dirty so that it will be written to disk.
+ */
+ dns_zone_markdirty(zone);
+
+ /*
+ * Notify slaves of the change we just made.
+ */
+ dns_zone_notify(zone);
+
+ /*
+ * Cause the zone to be signed with the key that we
+ * have just added or have the corresponding signatures
+ * deleted.
+ *
+ * Note: we are already committed to this course of action.
+ */
+ for (tuple = ISC_LIST_HEAD(diff.tuples);
+ tuple != NULL;
+ tuple = ISC_LIST_NEXT(tuple, link)) {
+ isc_region_t r;
+ dns_secalg_t algorithm;
+ isc_uint16_t keyid;
+
+ if (tuple->rdata.type != dns_rdatatype_dnskey)
+ continue;
+
+ dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
+ if ((dnskey.flags &
+ (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
+ != DNS_KEYOWNER_ZONE)
+ continue;
+
+ dns_rdata_toregion(&tuple->rdata, &r);
+ algorithm = dnskey.algorithm;
+ keyid = dst_region_computeid(&r, algorithm);
+
+ result = dns_zone_signwithkey(zone, algorithm, keyid,
+ ISC_TF(tuple->op == DNS_DIFFOP_DEL));
+ if (result != ISC_R_SUCCESS) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "dns_zone_signwithkey failed: %s",
+ dns_result_totext(result));
+ }
+ }
+
+#ifdef ALLOW_NSEC3PARAM_UPDATE
+ /*
+ * Cause the zone to add/delete NSEC3 chains for the
+ * defered NSEC3PARAM changes.
+ *
+ * Note: we are already committed to this course of action.
+ */
+ for (tuple = ISC_LIST_HEAD(diff.tuples);
+ tuple != NULL;
+ tuple = ISC_LIST_NEXT(tuple, link)) {
+ dns_rdata_nsec3param_t nsec3param;
+
+ if (tuple->rdata.type != dns_rdatatype_nsec3param ||
+ tuple->op != DNS_DIFFOP_ADD)
+ continue;
+
+ dns_rdata_tostruct(&tuple->rdata, &nsec3param, NULL);
+ if (nsec3param.flags == 0)
+ continue;
+
+ result = dns_zone_addnsec3chain(zone, &nsec3param);
+ if (result != ISC_R_SUCCESS) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "dns_zone_addnsec3chain failed: %s",
+ dns_result_totext(result));
+ }
+ }
+#endif
+ } else {
+ update_log(client, zone, LOGLEVEL_DEBUG, "redundant request");
+ dns_db_closeversion(db, &ver, ISC_TRUE);
+ }
+ result = ISC_R_SUCCESS;
+ goto common;
+
+ failure:
+ if (result == DNS_R_REFUSED)
+ inc_stats(zone, dns_nsstatscounter_updaterej);
+
+ /*
+ * The reason for failure should have been logged at this point.
+ */
+ if (ver != NULL) {
+ update_log(client, zone, LOGLEVEL_DEBUG,
+ "rolling back");
+ dns_db_closeversion(db, &ver, ISC_FALSE);
+ }
+
+ common:
+ dns_diff_clear(&temp);
+ dns_diff_clear(&diff);
+
+ if (oldver != NULL)
+ dns_db_closeversion(db, &oldver, ISC_FALSE);
+
+ if (db != NULL)
+ dns_db_detach(&db);
+
+ if (ssutable != NULL)
+ dns_ssutable_detach(&ssutable);
+
+ isc_task_detach(&task);
+ uev->result = result;
+ if (zone != NULL)
+ INSIST(uev->zone == zone); /* we use this later */
+ uev->ev_type = DNS_EVENT_UPDATEDONE;
+ uev->ev_action = updatedone_action;
+ isc_task_send(client->task, &event);
+ INSIST(event == NULL);
+}
+
+static void
+updatedone_action(isc_task_t *task, isc_event_t *event) {
+ update_event_t *uev = (update_event_t *) event;
+ ns_client_t *client = (ns_client_t *) event->ev_arg;
+
+ UNUSED(task);
+
+ INSIST(event->ev_type == DNS_EVENT_UPDATEDONE);
+ INSIST(task == client->task);
+
+ INSIST(client->nupdates > 0);
+ switch (uev->result) {
+ case ISC_R_SUCCESS:
+ inc_stats(uev->zone, dns_nsstatscounter_updatedone);
+ break;
+ case DNS_R_REFUSED:
+ inc_stats(uev->zone, dns_nsstatscounter_updaterej);
+ break;
+ default:
+ inc_stats(uev->zone, dns_nsstatscounter_updatefail);
+ break;
+ }
+ if (uev->zone != NULL)
+ dns_zone_detach(&uev->zone);
+ client->nupdates--;
+ respond(client, uev->result);
+ isc_event_free(&event);
+ ns_client_detach(&client);
+}
+
+/*%
+ * Update forwarding support.
+ */
+
+static void
+forward_fail(isc_task_t *task, isc_event_t *event) {
+ ns_client_t *client = (ns_client_t *)event->ev_arg;
+
+ UNUSED(task);
+
+ INSIST(client->nupdates > 0);
+ client->nupdates--;
+ respond(client, DNS_R_SERVFAIL);
+ isc_event_free(&event);
+ ns_client_detach(&client);
+}
+
+
+static void
+forward_callback(void *arg, isc_result_t result, dns_message_t *answer) {
+ update_event_t *uev = arg;
+ ns_client_t *client = uev->ev_arg;
+ dns_zone_t *zone = uev->zone;
+
+ if (result != ISC_R_SUCCESS) {
+ INSIST(answer == NULL);
+ uev->ev_type = DNS_EVENT_UPDATEDONE;
+ uev->ev_action = forward_fail;
+ inc_stats(zone, dns_nsstatscounter_updatefwdfail);
+ } else {
+ uev->ev_type = DNS_EVENT_UPDATEDONE;
+ uev->ev_action = forward_done;
+ uev->answer = answer;
+ inc_stats(zone, dns_nsstatscounter_updaterespfwd);
+ }
+ isc_task_send(client->task, ISC_EVENT_PTR(&uev));
+ dns_zone_detach(&zone);
+}
+
+static void
+forward_done(isc_task_t *task, isc_event_t *event) {
+ update_event_t *uev = (update_event_t *) event;
+ ns_client_t *client = (ns_client_t *)event->ev_arg;
+
+ UNUSED(task);
+
+ INSIST(client->nupdates > 0);
+ client->nupdates--;
+ ns_client_sendraw(client, uev->answer);
+ dns_message_destroy(&uev->answer);
+ isc_event_free(&event);
+ ns_client_detach(&client);
+}
+
+static void
+forward_action(isc_task_t *task, isc_event_t *event) {
+ update_event_t *uev = (update_event_t *) event;
+ dns_zone_t *zone = uev->zone;
+ ns_client_t *client = (ns_client_t *)event->ev_arg;
+ isc_result_t result;
+
+ result = dns_zone_forwardupdate(zone, client->message,
+ forward_callback, event);
+ if (result != ISC_R_SUCCESS) {
+ uev->ev_type = DNS_EVENT_UPDATEDONE;
+ uev->ev_action = forward_fail;
+ isc_task_send(client->task, &event);
+ inc_stats(zone, dns_nsstatscounter_updatefwdfail);
+ dns_zone_detach(&zone);
+ } else
+ inc_stats(zone, dns_nsstatscounter_updatereqfwd);
+ isc_task_detach(&task);
+}
+
+static isc_result_t
+send_forward_event(ns_client_t *client, dns_zone_t *zone) {
+ isc_result_t result = ISC_R_SUCCESS;
+ update_event_t *event = NULL;
+ isc_task_t *zonetask = NULL;
+ ns_client_t *evclient;
+
+ event = (update_event_t *)
+ isc_event_allocate(client->mctx, client, DNS_EVENT_UPDATE,
+ forward_action, NULL, sizeof(*event));
+ if (event == NULL)
+ FAIL(ISC_R_NOMEMORY);
+ event->zone = zone;
+ event->result = ISC_R_SUCCESS;
+
+ evclient = NULL;
+ ns_client_attach(client, &evclient);
+ INSIST(client->nupdates == 0);
+ client->nupdates++;
+ event->ev_arg = evclient;
+
+ dns_zone_gettask(zone, &zonetask);
+ isc_task_send(zonetask, ISC_EVENT_PTR(&event));
+
+ failure:
+ if (event != NULL)
+ isc_event_free(ISC_EVENT_PTR(&event));
+ return (result);
+}
diff --git a/bin/named/win32/include/named/ntservice.h b/bin/named/win32/include/named/ntservice.h
new file mode 100644
index 0000000..0298388
--- /dev/null
+++ b/bin/named/win32/include/named/ntservice.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ntservice.h,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef NTSERVICE_H
+#define NTSERVICE_H
+
+#include <winsvc.h>
+
+#define BIND_DISPLAY_NAME "ISC BIND"
+#define BIND_SERVICE_NAME "named"
+
+void
+ntservice_init();
+void UpdateSCM(DWORD);
+void ServiceControl(DWORD dwCtrlCode);
+void
+ntservice_shutdown();
+BOOL ntservice_isservice();
+#endif
diff --git a/bin/named/win32/include/named/os.h b/bin/named/win32/include/named/os.h
new file mode 100644
index 0000000..c00e973
--- /dev/null
+++ b/bin/named/win32/include/named/os.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.h,v 1.14 2008/10/24 01:44:48 tbox Exp $ */
+
+#ifndef NS_OS_H
+#define NS_OS_H 1
+
+#include <isc/types.h>
+
+void
+ns_os_init(const char *progname);
+
+void
+ns_os_daemonize(void);
+
+void
+ns_os_opendevnull(void);
+
+void
+ns_os_closedevnull(void);
+
+void
+ns_os_chroot(const char *root);
+
+void
+ns_os_inituserinfo(const char *username);
+
+void
+ns_os_changeuser(void);
+
+void
+ns_os_adjustnofile(void);
+
+void
+ns_os_minprivs(void);
+
+void
+ns_os_writepidfile(const char *filename, isc_boolean_t first_time);
+
+void
+ns_os_shutdown(void);
+
+isc_result_t
+ns_os_gethostname(char *buf, size_t len);
+
+void
+ns_os_shutdownmsg(char *command, isc_buffer_t *text);
+
+void
+ns_os_tzset(void);
+
+void
+ns_os_started(void);
+
+#endif /* NS_OS_H */
diff --git a/bin/named/win32/named.dsp b/bin/named/win32/named.dsp
new file mode 100644
index 0000000..c7dec7d
--- /dev/null
+++ b/bin/named/win32/named.dsp
@@ -0,0 +1,327 @@
+# Microsoft Developer Studio Project File - Name="named" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=named - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "named.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "named.mak" CFG="named - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "named - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "named - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../win32/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib kernel32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/lwres/win32/Release/liblwres.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named.exe"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../win32/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /D "i386" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib kernel32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/lwres/win32/Debug/liblwres.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /map /debug /machine:I386 /out:"../../../Build/Debug/named.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "named - Win32 Release"
+# Name "named - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\builtin.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\client.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\config.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\control.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\controlconf.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\interfacemgr.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\listenlist.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\log.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\logconf.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwaddr.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwdclient.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwderror.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwdgabn.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwdgnba.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwdgrbn.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwdnoop.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwresd.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\lwsearch.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\main.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\notify.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ntservice.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\os.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\query.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\server.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\sortlist.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\statschannel.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\tkeyconf.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\tsigconf.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\update.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\xfrout.c
+# End Source File
+# Begin Source File
+
+SOURCE=..\zoneconf.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\include\named\client.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\config.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\globals.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\interfacemgr.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\listenlist.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\log.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\logconf.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\lwaddr.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\lwdclient.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\lwresd.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\lwsearch.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\main.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\notify.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\include\named\ntservice.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\omapi.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\include\named\os.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\query.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\server.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\sortlist.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\statschannel.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\tkeyconf.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\tsigconf.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\types.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\update.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\xfrout.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\include\named\zoneconf.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/named/win32/named.dsw b/bin/named/win32/named.dsw
new file mode 100644
index 0000000..c2913ef
--- /dev/null
+++ b/bin/named/win32/named.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "named"=".\named.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/named/win32/named.mak b/bin/named/win32/named.mak
new file mode 100644
index 0000000..8f006c3
--- /dev/null
+++ b/bin/named/win32/named.mak
@@ -0,0 +1,1174 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on named.dsp
+!IF "$(CFG)" == ""
+CFG=named - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to named - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "named - Win32 Release" && "$(CFG)" != "named - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "named.mak" CFG="named - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "named - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "named - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "named - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\named.exe"
+
+!ELSE
+
+ALL : "libisccfg - Win32 Release" "libisccc - Win32 Release" "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\named.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" "libisccc - Win32 ReleaseCLEAN" "libisccfg - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\builtin.obj"
+ -@erase "$(INTDIR)\client.obj"
+ -@erase "$(INTDIR)\config.obj"
+ -@erase "$(INTDIR)\control.obj"
+ -@erase "$(INTDIR)\controlconf.obj"
+ -@erase "$(INTDIR)\interfacemgr.obj"
+ -@erase "$(INTDIR)\listenlist.obj"
+ -@erase "$(INTDIR)\log.obj"
+ -@erase "$(INTDIR)\logconf.obj"
+ -@erase "$(INTDIR)\lwaddr.obj"
+ -@erase "$(INTDIR)\lwdclient.obj"
+ -@erase "$(INTDIR)\lwderror.obj"
+ -@erase "$(INTDIR)\lwdgabn.obj"
+ -@erase "$(INTDIR)\lwdgnba.obj"
+ -@erase "$(INTDIR)\lwdgrbn.obj"
+ -@erase "$(INTDIR)\lwdnoop.obj"
+ -@erase "$(INTDIR)\lwresd.obj"
+ -@erase "$(INTDIR)\lwsearch.obj"
+ -@erase "$(INTDIR)\main.obj"
+ -@erase "$(INTDIR)\notify.obj"
+ -@erase "$(INTDIR)\ntservice.obj"
+ -@erase "$(INTDIR)\os.obj"
+ -@erase "$(INTDIR)\query.obj"
+ -@erase "$(INTDIR)\server.obj"
+ -@erase "$(INTDIR)\sortlist.obj"
+ -@erase "$(INTDIR)\statschannel.obj"
+ -@erase "$(INTDIR)\tkeyconf.obj"
+ -@erase "$(INTDIR)\tsigconf.obj"
+ -@erase "$(INTDIR)\update.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\xfrout.obj"
+ -@erase "$(INTDIR)\zoneconf.obj"
+ -@erase "..\..\..\Build\Release\named.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../win32/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\named.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\named.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib kernel32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/lwres/win32/Release/liblwres.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named.pdb" /machine:I386 /out:"../../../Build/Release/named.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\client.obj" \
+ "$(INTDIR)\config.obj" \
+ "$(INTDIR)\control.obj" \
+ "$(INTDIR)\controlconf.obj" \
+ "$(INTDIR)\interfacemgr.obj" \
+ "$(INTDIR)\listenlist.obj" \
+ "$(INTDIR)\log.obj" \
+ "$(INTDIR)\logconf.obj" \
+ "$(INTDIR)\lwaddr.obj" \
+ "$(INTDIR)\lwdclient.obj" \
+ "$(INTDIR)\lwderror.obj" \
+ "$(INTDIR)\lwdgabn.obj" \
+ "$(INTDIR)\lwdgnba.obj" \
+ "$(INTDIR)\lwdgrbn.obj" \
+ "$(INTDIR)\lwdnoop.obj" \
+ "$(INTDIR)\lwresd.obj" \
+ "$(INTDIR)\lwsearch.obj" \
+ "$(INTDIR)\main.obj" \
+ "$(INTDIR)\notify.obj" \
+ "$(INTDIR)\ntservice.obj" \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\query.obj" \
+ "$(INTDIR)\server.obj" \
+ "$(INTDIR)\sortlist.obj" \
+ "$(INTDIR)\statschannel.obj" \
+ "$(INTDIR)\tkeyconf.obj" \
+ "$(INTDIR)\tsigconf.obj" \
+ "$(INTDIR)\update.obj" \
+ "$(INTDIR)\xfrout.obj" \
+ "$(INTDIR)\zoneconf.obj" \
+ "$(INTDIR)\builtin.obj" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Release\liblwres.lib" \
+ "..\..\..\lib\isccc\win32\Release\libisccc.lib" \
+ "..\..\..\lib\isccfg\win32\Release\libisccfg.lib"
+
+"..\..\..\Build\Release\named.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\named.exe" "$(OUTDIR)\named.bsc"
+
+!ELSE
+
+ALL : "libisccfg - Win32 Debug" "libisccc - Win32 Debug" "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\named.exe" "$(OUTDIR)\named.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" "libisccc - Win32 DebugCLEAN" "libisccfg - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\builtin.obj"
+ -@erase "$(INTDIR)\builtin.sbr"
+ -@erase "$(INTDIR)\client.obj"
+ -@erase "$(INTDIR)\client.sbr"
+ -@erase "$(INTDIR)\config.obj"
+ -@erase "$(INTDIR)\config.sbr"
+ -@erase "$(INTDIR)\control.obj"
+ -@erase "$(INTDIR)\control.sbr"
+ -@erase "$(INTDIR)\controlconf.obj"
+ -@erase "$(INTDIR)\controlconf.sbr"
+ -@erase "$(INTDIR)\interfacemgr.obj"
+ -@erase "$(INTDIR)\interfacemgr.sbr"
+ -@erase "$(INTDIR)\listenlist.obj"
+ -@erase "$(INTDIR)\listenlist.sbr"
+ -@erase "$(INTDIR)\log.obj"
+ -@erase "$(INTDIR)\log.sbr"
+ -@erase "$(INTDIR)\logconf.obj"
+ -@erase "$(INTDIR)\logconf.sbr"
+ -@erase "$(INTDIR)\lwaddr.obj"
+ -@erase "$(INTDIR)\lwaddr.sbr"
+ -@erase "$(INTDIR)\lwdclient.obj"
+ -@erase "$(INTDIR)\lwdclient.sbr"
+ -@erase "$(INTDIR)\lwderror.obj"
+ -@erase "$(INTDIR)\lwderror.sbr"
+ -@erase "$(INTDIR)\lwdgabn.obj"
+ -@erase "$(INTDIR)\lwdgabn.sbr"
+ -@erase "$(INTDIR)\lwdgnba.obj"
+ -@erase "$(INTDIR)\lwdgnba.sbr"
+ -@erase "$(INTDIR)\lwdgrbn.obj"
+ -@erase "$(INTDIR)\lwdgrbn.sbr"
+ -@erase "$(INTDIR)\lwdnoop.obj"
+ -@erase "$(INTDIR)\lwdnoop.sbr"
+ -@erase "$(INTDIR)\lwresd.obj"
+ -@erase "$(INTDIR)\lwresd.sbr"
+ -@erase "$(INTDIR)\lwsearch.obj"
+ -@erase "$(INTDIR)\lwsearch.sbr"
+ -@erase "$(INTDIR)\main.obj"
+ -@erase "$(INTDIR)\main.sbr"
+ -@erase "$(INTDIR)\notify.obj"
+ -@erase "$(INTDIR)\notify.sbr"
+ -@erase "$(INTDIR)\ntservice.obj"
+ -@erase "$(INTDIR)\ntservice.sbr"
+ -@erase "$(INTDIR)\os.obj"
+ -@erase "$(INTDIR)\os.sbr"
+ -@erase "$(INTDIR)\query.obj"
+ -@erase "$(INTDIR)\query.sbr"
+ -@erase "$(INTDIR)\server.obj"
+ -@erase "$(INTDIR)\server.sbr"
+ -@erase "$(INTDIR)\sortlist.obj"
+ -@erase "$(INTDIR)\sortlist.sbr"
+ -@erase "$(INTDIR)\statschannel.obj"
+ -@erase "$(INTDIR)\statschannel.sbr"
+ -@erase "$(INTDIR)\tkeyconf.obj"
+ -@erase "$(INTDIR)\tkeyconf.sbr"
+ -@erase "$(INTDIR)\tsigconf.obj"
+ -@erase "$(INTDIR)\tsigconf.sbr"
+ -@erase "$(INTDIR)\update.obj"
+ -@erase "$(INTDIR)\update.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(INTDIR)\xfrout.obj"
+ -@erase "$(INTDIR)\xfrout.sbr"
+ -@erase "$(INTDIR)\zoneconf.obj"
+ -@erase "$(INTDIR)\zoneconf.sbr"
+ -@erase "$(OUTDIR)\named.bsc"
+ -@erase "$(OUTDIR)\named.map"
+ -@erase "$(OUTDIR)\named.pdb"
+ -@erase "..\..\..\Build\Debug\named.exe"
+ -@erase "..\..\..\Build\Debug\named.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../win32/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /D "i386" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\named.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\client.sbr" \
+ "$(INTDIR)\config.sbr" \
+ "$(INTDIR)\control.sbr" \
+ "$(INTDIR)\controlconf.sbr" \
+ "$(INTDIR)\interfacemgr.sbr" \
+ "$(INTDIR)\listenlist.sbr" \
+ "$(INTDIR)\log.sbr" \
+ "$(INTDIR)\logconf.sbr" \
+ "$(INTDIR)\lwaddr.sbr" \
+ "$(INTDIR)\lwdclient.sbr" \
+ "$(INTDIR)\lwderror.sbr" \
+ "$(INTDIR)\lwdgabn.sbr" \
+ "$(INTDIR)\lwdgnba.sbr" \
+ "$(INTDIR)\lwdgrbn.sbr" \
+ "$(INTDIR)\lwdnoop.sbr" \
+ "$(INTDIR)\lwresd.sbr" \
+ "$(INTDIR)\lwsearch.sbr" \
+ "$(INTDIR)\main.sbr" \
+ "$(INTDIR)\notify.sbr" \
+ "$(INTDIR)\ntservice.sbr" \
+ "$(INTDIR)\os.sbr" \
+ "$(INTDIR)\query.sbr" \
+ "$(INTDIR)\server.sbr" \
+ "$(INTDIR)\sortlist.sbr" \
+ "$(INTDIR)\statschannel.sbr" \
+ "$(INTDIR)\tkeyconf.sbr" \
+ "$(INTDIR)\tsigconf.sbr" \
+ "$(INTDIR)\update.sbr" \
+ "$(INTDIR)\xfrout.sbr" \
+ "$(INTDIR)\zoneconf.sbr" \
+ "$(INTDIR)\builtin.sbr"
+
+"$(OUTDIR)\named.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib kernel32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/lwres/win32/Debug/liblwres.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named.pdb" /map:"$(INTDIR)\named.map" /debug /machine:I386 /out:"../../../Build/Debug/named.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\client.obj" \
+ "$(INTDIR)\config.obj" \
+ "$(INTDIR)\control.obj" \
+ "$(INTDIR)\controlconf.obj" \
+ "$(INTDIR)\interfacemgr.obj" \
+ "$(INTDIR)\listenlist.obj" \
+ "$(INTDIR)\log.obj" \
+ "$(INTDIR)\logconf.obj" \
+ "$(INTDIR)\lwaddr.obj" \
+ "$(INTDIR)\lwdclient.obj" \
+ "$(INTDIR)\lwderror.obj" \
+ "$(INTDIR)\lwdgabn.obj" \
+ "$(INTDIR)\lwdgnba.obj" \
+ "$(INTDIR)\lwdgrbn.obj" \
+ "$(INTDIR)\lwdnoop.obj" \
+ "$(INTDIR)\lwresd.obj" \
+ "$(INTDIR)\lwsearch.obj" \
+ "$(INTDIR)\main.obj" \
+ "$(INTDIR)\notify.obj" \
+ "$(INTDIR)\ntservice.obj" \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\query.obj" \
+ "$(INTDIR)\server.obj" \
+ "$(INTDIR)\sortlist.obj" \
+ "$(INTDIR)\statschannel.obj" \
+ "$(INTDIR)\tkeyconf.obj" \
+ "$(INTDIR)\tsigconf.obj" \
+ "$(INTDIR)\update.obj" \
+ "$(INTDIR)\xfrout.obj" \
+ "$(INTDIR)\zoneconf.obj" \
+ "$(INTDIR)\builtin.obj" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
+ "..\..\..\lib\lwres\win32\Debug\liblwres.lib" \
+ "..\..\..\lib\isccc\win32\Debug\libisccc.lib" \
+ "..\..\..\lib\isccfg\win32\Debug\libisccfg.lib"
+
+"..\..\..\Build\Debug\named.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("named.dep")
+!INCLUDE "named.dep"
+!ELSE
+!MESSAGE Warning: cannot find "named.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "named - Win32 Release" || "$(CFG)" == "named - Win32 Debug"
+SOURCE=..\builtin.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\builtin.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\builtin.obj" "$(INTDIR)\builtin.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\client.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\client.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\client.obj" "$(INTDIR)\client.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\config.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\config.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\config.obj" "$(INTDIR)\config.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\control.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\control.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\control.obj" "$(INTDIR)\control.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\controlconf.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\controlconf.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\controlconf.obj" "$(INTDIR)\controlconf.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\interfacemgr.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\interfacemgr.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\interfacemgr.obj" "$(INTDIR)\interfacemgr.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\listenlist.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\listenlist.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\listenlist.obj" "$(INTDIR)\listenlist.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\log.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\log.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\log.obj" "$(INTDIR)\log.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\logconf.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\logconf.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\logconf.obj" "$(INTDIR)\logconf.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwaddr.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwaddr.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwaddr.obj" "$(INTDIR)\lwaddr.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwdclient.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwdclient.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwdclient.obj" "$(INTDIR)\lwdclient.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwderror.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwderror.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwderror.obj" "$(INTDIR)\lwderror.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwdgabn.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwdgabn.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwdgabn.obj" "$(INTDIR)\lwdgabn.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwdgnba.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwdgnba.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwdgnba.obj" "$(INTDIR)\lwdgnba.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwdgrbn.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwdgrbn.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwdgrbn.obj" "$(INTDIR)\lwdgrbn.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwdnoop.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwdnoop.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwdnoop.obj" "$(INTDIR)\lwdnoop.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwresd.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwresd.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwresd.obj" "$(INTDIR)\lwresd.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\lwsearch.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\lwsearch.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\lwsearch.obj" "$(INTDIR)\lwsearch.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\main.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\main.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\main.obj" "$(INTDIR)\main.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\notify.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\notify.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\notify.obj" "$(INTDIR)\notify.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=.\ntservice.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\ntservice.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\ntservice.obj" "$(INTDIR)\ntservice.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
+SOURCE=.\os.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\os.obj" "$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
+SOURCE=..\query.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\query.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\query.obj" "$(INTDIR)\query.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\server.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\server.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\server.obj" "$(INTDIR)\server.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\sortlist.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\sortlist.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\sortlist.obj" "$(INTDIR)\sortlist.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\statschannel.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\statschannel.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\statschannel.obj" "$(INTDIR)\statschannel.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\tkeyconf.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\tkeyconf.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\tkeyconf.obj" "$(INTDIR)\tkeyconf.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\tsigconf.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\tsigconf.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\tsigconf.obj" "$(INTDIR)\tsigconf.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\update.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\update.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\update.obj" "$(INTDIR)\update.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\xfrout.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\xfrout.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\xfrout.obj" "$(INTDIR)\xfrout.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\zoneconf.c
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+
+"$(INTDIR)\zoneconf.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+
+"$(INTDIR)\zoneconf.obj" "$(INTDIR)\zoneconf.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\named\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\named\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\named\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\named\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+"libbind9 - Win32 Release" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
+ cd "..\..\..\bin\named\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+"libbind9 - Win32 Debug" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
+ cd "..\..\..\bin\named\win32"
+
+"libbind9 - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+"liblwres - Win32 Release" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
+ cd "..\..\..\bin\named\win32"
+
+"liblwres - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+"liblwres - Win32 Debug" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
+ cd "..\..\..\bin\named\win32"
+
+"liblwres - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\lwres\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+"libisccc - Win32 Release" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Release"
+ cd "..\..\..\bin\named\win32"
+
+"libisccc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+"libisccc - Win32 Debug" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Debug"
+ cd "..\..\..\bin\named\win32"
+
+"libisccc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "named - Win32 Release"
+
+"libisccfg - Win32 Release" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release"
+ cd "..\..\..\bin\named\win32"
+
+"libisccfg - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ELSEIF "$(CFG)" == "named - Win32 Debug"
+
+"libisccfg - Win32 Debug" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug"
+ cd "..\..\..\bin\named\win32"
+
+"libisccfg - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\named\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/named/win32/ntservice.c b/bin/named/win32/ntservice.c
new file mode 100644
index 0000000..74570cf
--- /dev/null
+++ b/bin/named/win32/ntservice.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ntservice.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+#include <stdio.h>
+
+#include <isc/app.h>
+#include <isc/log.h>
+
+#include <named/globals.h>
+#include <named/ntservice.h>
+#include <named/main.h>
+#include <named/server.h>
+
+/* Handle to SCM for updating service status */
+static SERVICE_STATUS_HANDLE hServiceStatus = 0;
+static BOOL foreground = FALSE;
+static char ConsoleTitle[128];
+
+/*
+ * Forward declarations
+ */
+void ServiceControl(DWORD dwCtrlCode);
+void GetArgs(int *, char ***, char ***);
+int main(int, char *[], char *[]); /* From ns_main.c */
+
+/*
+ * Here we change the entry point for the executable to bindmain() from main()
+ * This allows us to invoke as a service or from the command line easily.
+ */
+#pragma comment(linker, "/entry:bindmain")
+
+/*
+ * This is the entry point for the executable
+ * We can now call main() explicitly or via StartServiceCtrlDispatcher()
+ * as we need to.
+ */
+int bindmain()
+{
+ int rc,
+ i = 1;
+
+ int argc;
+ char **envp, **argv;
+
+ /*
+ * We changed the entry point function, so we must initialize argv,
+ * etc. ourselves. Ick.
+ */
+ GetArgs(&argc, &argv, &envp);
+
+ /* Command line users should put -f in the options */
+ while (argv[i]) {
+ if (!strcmp(argv[i], "-f") || !strcmp(argv[i], "-g")) {
+ foreground = TRUE;
+ break;
+ }
+ i++;
+ }
+
+ if (foreground) {
+ /* run in console window */
+ exit(main(argc, argv, envp));
+ } else {
+ /* Start up as service */
+ char *SERVICE_NAME = BIND_SERVICE_NAME;
+
+ SERVICE_TABLE_ENTRY dispatchTable[] = {
+ { TEXT(SERVICE_NAME), (LPSERVICE_MAIN_FUNCTION)main },
+ { NULL, NULL }
+ };
+
+ rc = StartServiceCtrlDispatcher(dispatchTable);
+ if (!rc) {
+ fprintf(stderr, "Use -f to run from the command line.\n");
+ exit(GetLastError());
+ }
+ }
+ exit(0);
+}
+
+/*
+ * Initialize the Service by registering it.
+ */
+void
+ntservice_init() {
+ if (!foreground) {
+ /* Register handler with the SCM */
+ hServiceStatus = RegisterServiceCtrlHandler(BIND_SERVICE_NAME,
+ (LPHANDLER_FUNCTION)ServiceControl);
+ if (!hServiceStatus) {
+ ns_main_earlyfatal(
+ "could not register service control handler");
+ UpdateSCM(SERVICE_STOPPED);
+ exit(1);
+ }
+ UpdateSCM(SERVICE_RUNNING);
+ } else {
+ strcpy(ConsoleTitle, "BIND Version ");
+ strcat(ConsoleTitle, VERSION);
+ SetConsoleTitle(ConsoleTitle);
+ }
+}
+
+void
+ntservice_shutdown() {
+ UpdateSCM(SERVICE_STOPPED);
+}
+/*
+ * Routine to check if this is a service or a foreground program
+ */
+BOOL
+ntservice_isservice() {
+ return(!foreground);
+}
+/*
+ * ServiceControl(): Handles requests from the SCM and passes them on
+ * to named.
+ */
+void
+ServiceControl(DWORD dwCtrlCode) {
+ /* Handle the requested control code */
+ switch(dwCtrlCode) {
+ case SERVICE_CONTROL_INTERROGATE:
+ UpdateSCM(0);
+ break;
+
+ case SERVICE_CONTROL_SHUTDOWN:
+ case SERVICE_CONTROL_STOP:
+ ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
+ isc_app_shutdown();
+ UpdateSCM(SERVICE_STOPPED);
+ break;
+ default:
+ break;
+ }
+}
+
+/*
+ * Tell the Service Control Manager the state of the service.
+ */
+void UpdateSCM(DWORD state) {
+ SERVICE_STATUS ss;
+ static DWORD dwState = SERVICE_STOPPED;
+
+ if (hServiceStatus) {
+ if (state)
+ dwState = state;
+
+ memset(&ss, 0, sizeof(SERVICE_STATUS));
+ ss.dwServiceType |= SERVICE_WIN32_OWN_PROCESS;
+ ss.dwCurrentState = dwState;
+ ss.dwControlsAccepted = SERVICE_ACCEPT_STOP |
+ SERVICE_ACCEPT_SHUTDOWN;
+ ss.dwCheckPoint = 0;
+ ss.dwServiceSpecificExitCode = 0;
+ ss.dwWin32ExitCode = NO_ERROR;
+ ss.dwWaitHint = dwState == SERVICE_STOP_PENDING ? 10000 : 1000;
+
+ if (!SetServiceStatus(hServiceStatus, &ss)) {
+ ss.dwCurrentState = SERVICE_STOPPED;
+ SetServiceStatus(hServiceStatus, &ss);
+ }
+ }
+}
+
+/*
+ * C-runtime stuff used to initialize the app and
+ * get argv, argc, envp.
+ */
+
+typedef struct
+{
+ int newmode;
+} _startupinfo;
+
+_CRTIMP void __cdecl __set_app_type(int);
+_CRTIMP void __cdecl __getmainargs(int *, char ***, char ***, int,
+ _startupinfo *);
+void __cdecl _setargv(void);
+
+#ifdef _M_IX86
+/* Pentium FDIV adjustment */
+extern int _adjust_fdiv;
+extern int * _imp___adjust_fdiv;
+/* Floating point precision */
+extern void _setdefaultprecision();
+#endif
+
+extern int _newmode; /* malloc new() handler mode */
+extern int _dowildcard; /* passed to __getmainargs() */
+
+typedef void (__cdecl *_PVFV)(void);
+extern void __cdecl _initterm(_PVFV *, _PVFV *);
+extern _PVFV *__onexitbegin;
+extern _PVFV *__onexitend;
+extern _CRTIMP char **__initenv;
+
+/*
+ * Do the work that mainCRTStartup() would normally do
+ */
+void GetArgs(int *argc, char ***argv, char ***envp)
+{
+ _startupinfo startinfo;
+
+ /*
+ * Set the app type to Console (check CRT/SRC/INTERNAL.H:
+ * \#define _CONSOLE_APP 1)
+ */
+ __set_app_type(1);
+
+ /* Mark this module as an EXE file */
+ __onexitbegin = __onexitend = (_PVFV *)(-1);
+
+ startinfo.newmode = _newmode;
+ __getmainargs(argc, argv, envp, _dowildcard, &startinfo);
+ __initenv = *envp;
+
+#ifdef _M_IX86
+ _adjust_fdiv = * _imp___adjust_fdiv;
+ _setdefaultprecision();
+#endif
+}
diff --git a/bin/named/win32/os.c b/bin/named/win32/os.c
new file mode 100644
index 0000000..4df4443
--- /dev/null
+++ b/bin/named/win32/os.c
@@ -0,0 +1,304 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.31 2008/11/17 05:41:10 marka Exp $ */
+
+#include <config.h>
+#include <stdarg.h>
+
+#include <sys/stat.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <io.h>
+#include <process.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/strerror.h>
+#include <isc/string.h>
+#include <isc/ntpaths.h>
+#include <isc/util.h>
+#include <isc/win32os.h>
+
+#include <named/main.h>
+#include <named/log.h>
+#include <named/os.h>
+#include <named/globals.h>
+#include <named/ntservice.h>
+
+
+static char *pidfile = NULL;
+static int devnullfd = -1;
+
+static BOOL Initialized = FALSE;
+
+static char *version_error =
+ "named requires Windows 2000 Service Pack 2 or later to run correctly";
+
+void
+ns_paths_init() {
+ if (!Initialized)
+ isc_ntpaths_init();
+
+ ns_g_conffile = isc_ntpaths_get(NAMED_CONF_PATH);
+ lwresd_g_conffile = isc_ntpaths_get(LWRES_CONF_PATH);
+ lwresd_g_resolvconffile = isc_ntpaths_get(RESOLV_CONF_PATH);
+ ns_g_conffile = isc_ntpaths_get(NAMED_CONF_PATH);
+ ns_g_defaultpidfile = isc_ntpaths_get(NAMED_PID_PATH);
+ lwresd_g_defaultpidfile = isc_ntpaths_get(LWRESD_PID_PATH);
+ ns_g_keyfile = isc_ntpaths_get(RNDC_KEY_PATH);
+
+ Initialized = TRUE;
+}
+
+/*
+ * Due to Knowledge base article Q263823 we need to make sure that
+ * Windows 2000 systems have Service Pack 2 or later installed and
+ * warn when it isn't.
+ */
+static void
+version_check(const char *progname) {
+
+ if(isc_win32os_majorversion() < 5)
+ return; /* No problem with Version 4.0 */
+ if(isc_win32os_versioncheck(5, 0, 2, 0) < 0)
+ if (ntservice_isservice())
+ NTReportError(progname, version_error);
+ else
+ fprintf(stderr, "%s\n", version_error);
+}
+
+static void
+setup_syslog(const char *progname) {
+ int options;
+
+ options = LOG_PID;
+#ifdef LOG_NDELAY
+ options |= LOG_NDELAY;
+#endif
+
+ openlog(progname, options, LOG_DAEMON);
+}
+
+void
+ns_os_init(const char *progname) {
+ ns_paths_init();
+ setup_syslog(progname);
+ /*
+ * XXXMPA. We may need to split ntservice_init() in two and
+ * just mark as running in ns_os_started(). If we do that
+ * this is where the first part of ntservice_init() should be
+ * called from.
+ *
+ * XXX970 Remove comment if no problems by 9.7.0.
+ *
+ * ntservice_init();
+ */
+ version_check(progname);
+}
+
+void
+ns_os_daemonize(void) {
+ /*
+ * Try to set stdin, stdout, and stderr to /dev/null, but press
+ * on even if it fails.
+ */
+ if (devnullfd != -1) {
+ if (devnullfd != _fileno(stdin)) {
+ close(_fileno(stdin));
+ (void)_dup2(devnullfd, _fileno(stdin));
+ }
+ if (devnullfd != _fileno(stdout)) {
+ close(_fileno(stdout));
+ (void)_dup2(devnullfd, _fileno(stdout));
+ }
+ if (devnullfd != _fileno(stderr)) {
+ close(_fileno(stderr));
+ (void)_dup2(devnullfd, _fileno(stderr));
+ }
+ }
+}
+
+void
+ns_os_opendevnull(void) {
+ devnullfd = open("NUL", O_RDWR, 0);
+}
+
+void
+ns_os_closedevnull(void) {
+ if (devnullfd != _fileno(stdin) &&
+ devnullfd != _fileno(stdout) &&
+ devnullfd != _fileno(stderr)) {
+ close(devnullfd);
+ devnullfd = -1;
+ }
+}
+
+void
+ns_os_chroot(const char *root) {
+ if (root != NULL)
+ ns_main_earlyfatal("chroot(): isn't supported by Win32 API");
+}
+
+void
+ns_os_inituserinfo(const char *username) {
+}
+
+void
+ns_os_changeuser(void) {
+}
+
+void
+ns_os_adjustnofile(void) {
+}
+
+void
+ns_os_minprivs(void) {
+}
+
+static int
+safe_open(const char *filename, isc_boolean_t append) {
+ int fd;
+ struct stat sb;
+
+ if (stat(filename, &sb) == -1) {
+ if (errno != ENOENT)
+ return (-1);
+ } else if ((sb.st_mode & S_IFREG) == 0)
+ return (-1);
+
+ if (append)
+ fd = open(filename, O_WRONLY|O_CREAT|O_APPEND,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ else {
+ (void)unlink(filename);
+ fd = open(filename, O_WRONLY|O_CREAT|O_EXCL,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ }
+ return (fd);
+}
+
+static void
+cleanup_pidfile(void) {
+ if (pidfile != NULL) {
+ (void)unlink(pidfile);
+ free(pidfile);
+ }
+ pidfile = NULL;
+}
+
+void
+ns_os_writepidfile(const char *filename, isc_boolean_t first_time) {
+ int fd;
+ FILE *lockfile;
+ size_t len;
+ pid_t pid;
+ char strbuf[ISC_STRERRORSIZE];
+ void (*report)(const char *, ...);
+
+ /*
+ * The caller must ensure any required synchronization.
+ */
+
+ report = first_time ? ns_main_earlyfatal : ns_main_earlywarning;
+
+ cleanup_pidfile();
+
+ if (filename == NULL)
+ return;
+ len = strlen(filename);
+ pidfile = malloc(len + 1);
+ if (pidfile == NULL) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("couldn't malloc '%s': %s", filename, strbuf);
+ return;
+ }
+ /* This is safe. */
+ strcpy(pidfile, filename);
+
+ fd = safe_open(filename, ISC_FALSE);
+ if (fd < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("couldn't open pid file '%s': %s", filename, strbuf);
+ free(pidfile);
+ pidfile = NULL;
+ return;
+ }
+ lockfile = fdopen(fd, "w");
+ if (lockfile == NULL) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ (*report)("could not fdopen() pid file '%s': %s",
+ filename, strbuf);
+ (void)close(fd);
+ cleanup_pidfile();
+ return;
+ }
+
+ pid = getpid();
+
+ if (fprintf(lockfile, "%ld\n", (long)pid) < 0) {
+ (*report)("fprintf() to pid file '%s' failed", filename);
+ (void)fclose(lockfile);
+ cleanup_pidfile();
+ return;
+ }
+ if (fflush(lockfile) == EOF) {
+ (*report)("fflush() to pid file '%s' failed", filename);
+ (void)fclose(lockfile);
+ cleanup_pidfile();
+ return;
+ }
+ (void)fclose(lockfile);
+}
+
+void
+ns_os_shutdown(void) {
+ closelog();
+ cleanup_pidfile();
+ ntservice_shutdown(); /* This MUST be the last thing done */
+}
+
+isc_result_t
+ns_os_gethostname(char *buf, size_t len) {
+ int n;
+
+ n = gethostname(buf, len);
+ return ((n == 0) ? ISC_R_SUCCESS : ISC_R_FAILURE);
+}
+
+void
+ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
+ UNUSED(command);
+ UNUSED(text);
+}
+
+void
+ns_os_tzset(void) {
+#ifdef HAVE_TZSET
+ tzset();
+#endif
+}
+
+void
+ns_os_started(void) {
+ ntservice_init();
+}
diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c
new file mode 100644
index 0000000..55b19f0
--- /dev/null
+++ b/bin/named/xfrout.c
@@ -0,0 +1,1842 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: xfrout.c,v 1.131 2008/10/29 02:54:20 marka Exp $ */
+
+#include <config.h>
+
+#include <isc/formatcheck.h>
+#include <isc/mem.h>
+#include <isc/timer.h>
+#include <isc/print.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#ifdef DLZ
+#include <dns/dlz.h>
+#endif
+#include <dns/fixedname.h>
+#include <dns/journal.h>
+#include <dns/message.h>
+#include <dns/peer.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/result.h>
+#include <dns/soa.h>
+#include <dns/stats.h>
+#include <dns/timer.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+#include <dns/zt.h>
+
+#include <named/client.h>
+#include <named/log.h>
+#include <named/server.h>
+#include <named/xfrout.h>
+
+/*! \file
+ * \brief
+ * Outgoing AXFR and IXFR.
+ */
+
+/*
+ * TODO:
+ * - IXFR over UDP
+ */
+
+#define XFROUT_COMMON_LOGARGS \
+ ns_g_lctx, DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT
+
+#define XFROUT_PROTOCOL_LOGARGS \
+ XFROUT_COMMON_LOGARGS, ISC_LOG_INFO
+
+#define XFROUT_DEBUG_LOGARGS(n) \
+ XFROUT_COMMON_LOGARGS, ISC_LOG_DEBUG(n)
+
+#define XFROUT_RR_LOGARGS \
+ XFROUT_COMMON_LOGARGS, XFROUT_RR_LOGLEVEL
+
+#define XFROUT_RR_LOGLEVEL ISC_LOG_DEBUG(8)
+
+/*%
+ * Fail unconditionally and log as a client error.
+ * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
+ * from complaining about "end-of-loop code not reached".
+ */
+#define FAILC(code, msg) \
+ do { \
+ result = (code); \
+ ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \
+ NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \
+ "bad zone transfer request: %s (%s)", \
+ msg, isc_result_totext(code)); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+
+#define FAILQ(code, msg, question, rdclass) \
+ do { \
+ char _buf1[DNS_NAME_FORMATSIZE]; \
+ char _buf2[DNS_RDATACLASS_FORMATSIZE]; \
+ result = (code); \
+ dns_name_format(question, _buf1, sizeof(_buf1)); \
+ dns_rdataclass_format(rdclass, _buf2, sizeof(_buf2)); \
+ ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \
+ NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \
+ "bad zone transfer request: '%s/%s': %s (%s)", \
+ _buf1, _buf2, msg, isc_result_totext(code)); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+
+#define CHECK(op) \
+ do { result = (op); \
+ if (result != ISC_R_SUCCESS) goto failure; \
+ } while (0)
+
+/**************************************************************************/
+/*%
+ * A db_rr_iterator_t is an iterator that iterates over an entire database,
+ * returning one RR at a time, in some arbitrary order.
+ */
+
+typedef struct db_rr_iterator db_rr_iterator_t;
+
+/*% db_rr_iterator structure */
+struct db_rr_iterator {
+ isc_result_t result;
+ dns_db_t *db;
+ dns_dbiterator_t *dbit;
+ dns_dbversion_t *ver;
+ isc_stdtime_t now;
+ dns_dbnode_t *node;
+ dns_fixedname_t fixedname;
+ dns_rdatasetiter_t *rdatasetit;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata;
+};
+
+static isc_result_t
+db_rr_iterator_init(db_rr_iterator_t *it, dns_db_t *db, dns_dbversion_t *ver,
+ isc_stdtime_t now);
+
+static isc_result_t
+db_rr_iterator_first(db_rr_iterator_t *it);
+
+static isc_result_t
+db_rr_iterator_next(db_rr_iterator_t *it);
+
+static void
+db_rr_iterator_current(db_rr_iterator_t *it, dns_name_t **name,
+ isc_uint32_t *ttl, dns_rdata_t **rdata);
+
+static void
+db_rr_iterator_destroy(db_rr_iterator_t *it);
+
+static inline void
+inc_stats(dns_zone_t *zone, dns_statscounter_t counter) {
+ dns_generalstats_increment(ns_g_server->nsstats, counter);
+ if (zone != NULL) {
+ dns_stats_t *zonestats = dns_zone_getrequeststats(zone);
+ if (zonestats != NULL)
+ dns_generalstats_increment(zonestats, counter);
+ }
+}
+
+static isc_result_t
+db_rr_iterator_init(db_rr_iterator_t *it, dns_db_t *db, dns_dbversion_t *ver,
+ isc_stdtime_t now)
+{
+ isc_result_t result;
+ it->db = db;
+ it->dbit = NULL;
+ it->ver = ver;
+ it->now = now;
+ it->node = NULL;
+ result = dns_db_createiterator(it->db, 0, &it->dbit);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ it->rdatasetit = NULL;
+ dns_rdata_init(&it->rdata);
+ dns_rdataset_init(&it->rdataset);
+ dns_fixedname_init(&it->fixedname);
+ INSIST(! dns_rdataset_isassociated(&it->rdataset));
+ it->result = ISC_R_SUCCESS;
+ return (it->result);
+}
+
+static isc_result_t
+db_rr_iterator_first(db_rr_iterator_t *it) {
+ it->result = dns_dbiterator_first(it->dbit);
+ /*
+ * The top node may be empty when out of zone glue exists.
+ * Walk the tree to find the first node with data.
+ */
+ while (it->result == ISC_R_SUCCESS) {
+ it->result = dns_dbiterator_current(it->dbit, &it->node,
+ dns_fixedname_name(&it->fixedname));
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+
+ it->result = dns_db_allrdatasets(it->db, it->node,
+ it->ver, it->now,
+ &it->rdatasetit);
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+
+ it->result = dns_rdatasetiter_first(it->rdatasetit);
+ if (it->result != ISC_R_SUCCESS) {
+ /*
+ * This node is empty. Try next node.
+ */
+ dns_rdatasetiter_destroy(&it->rdatasetit);
+ dns_db_detachnode(it->db, &it->node);
+ it->result = dns_dbiterator_next(it->dbit);
+ continue;
+ }
+ dns_rdatasetiter_current(it->rdatasetit, &it->rdataset);
+ it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER;
+ it->result = dns_rdataset_first(&it->rdataset);
+ return (it->result);
+ }
+ return (it->result);
+}
+
+
+static isc_result_t
+db_rr_iterator_next(db_rr_iterator_t *it) {
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+
+ INSIST(it->dbit != NULL);
+ INSIST(it->node != NULL);
+ INSIST(it->rdatasetit != NULL);
+
+ it->result = dns_rdataset_next(&it->rdataset);
+ if (it->result == ISC_R_NOMORE) {
+ dns_rdataset_disassociate(&it->rdataset);
+ it->result = dns_rdatasetiter_next(it->rdatasetit);
+ /*
+ * The while loop body is executed more than once
+ * only when an empty dbnode needs to be skipped.
+ */
+ while (it->result == ISC_R_NOMORE) {
+ dns_rdatasetiter_destroy(&it->rdatasetit);
+ dns_db_detachnode(it->db, &it->node);
+ it->result = dns_dbiterator_next(it->dbit);
+ if (it->result == ISC_R_NOMORE) {
+ /* We are at the end of the entire database. */
+ return (it->result);
+ }
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+ it->result = dns_dbiterator_current(it->dbit,
+ &it->node,
+ dns_fixedname_name(&it->fixedname));
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+ it->result = dns_db_allrdatasets(it->db, it->node,
+ it->ver, it->now,
+ &it->rdatasetit);
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+ it->result = dns_rdatasetiter_first(it->rdatasetit);
+ }
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+ dns_rdatasetiter_current(it->rdatasetit, &it->rdataset);
+ it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER;
+ it->result = dns_rdataset_first(&it->rdataset);
+ if (it->result != ISC_R_SUCCESS)
+ return (it->result);
+ }
+ return (it->result);
+}
+
+static void
+db_rr_iterator_pause(db_rr_iterator_t *it) {
+ RUNTIME_CHECK(dns_dbiterator_pause(it->dbit) == ISC_R_SUCCESS);
+}
+
+static void
+db_rr_iterator_destroy(db_rr_iterator_t *it) {
+ if (dns_rdataset_isassociated(&it->rdataset))
+ dns_rdataset_disassociate(&it->rdataset);
+ if (it->rdatasetit != NULL)
+ dns_rdatasetiter_destroy(&it->rdatasetit);
+ if (it->node != NULL)
+ dns_db_detachnode(it->db, &it->node);
+ dns_dbiterator_destroy(&it->dbit);
+}
+
+static void
+db_rr_iterator_current(db_rr_iterator_t *it, dns_name_t **name,
+ isc_uint32_t *ttl, dns_rdata_t **rdata)
+{
+ REQUIRE(name != NULL && *name == NULL);
+ REQUIRE(it->result == ISC_R_SUCCESS);
+ *name = dns_fixedname_name(&it->fixedname);
+ *ttl = it->rdataset.ttl;
+ dns_rdata_reset(&it->rdata);
+ dns_rdataset_current(&it->rdataset, &it->rdata);
+ *rdata = &it->rdata;
+}
+
+/**************************************************************************/
+
+/*% Log an RR (for debugging) */
+
+static void
+log_rr(dns_name_t *name, dns_rdata_t *rdata, isc_uint32_t ttl) {
+ isc_result_t result;
+ isc_buffer_t buf;
+ char mem[2000];
+ dns_rdatalist_t rdl;
+ dns_rdataset_t rds;
+ dns_rdata_t rd = DNS_RDATA_INIT;
+
+ rdl.type = rdata->type;
+ rdl.rdclass = rdata->rdclass;
+ rdl.ttl = ttl;
+ if (rdata->type == dns_rdatatype_sig ||
+ rdata->type == dns_rdatatype_rrsig)
+ rdl.covers = dns_rdata_covers(rdata);
+ else
+ rdl.covers = dns_rdatatype_none;
+ ISC_LIST_INIT(rdl.rdata);
+ ISC_LINK_INIT(&rdl, link);
+ dns_rdataset_init(&rds);
+ dns_rdata_init(&rd);
+ dns_rdata_clone(rdata, &rd);
+ ISC_LIST_APPEND(rdl.rdata, &rd, link);
+ RUNTIME_CHECK(dns_rdatalist_tordataset(&rdl, &rds) == ISC_R_SUCCESS);
+
+ isc_buffer_init(&buf, mem, sizeof(mem));
+ result = dns_rdataset_totext(&rds, name,
+ ISC_FALSE, ISC_FALSE, &buf);
+
+ /*
+ * We could use xfrout_log(), but that would produce
+ * very long lines with a repetitive prefix.
+ */
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * Get rid of final newline.
+ */
+ INSIST(buf.used >= 1 &&
+ ((char *) buf.base)[buf.used - 1] == '\n');
+ buf.used--;
+
+ isc_log_write(XFROUT_RR_LOGARGS, "%.*s",
+ (int)isc_buffer_usedlength(&buf),
+ (char *)isc_buffer_base(&buf));
+ } else {
+ isc_log_write(XFROUT_RR_LOGARGS, "<RR too large to print>");
+ }
+}
+
+/**************************************************************************/
+/*
+ * An 'rrstream_t' is a polymorphic iterator that returns
+ * a stream of resource records. There are multiple implementations,
+ * e.g. for generating AXFR and IXFR records streams.
+ */
+
+typedef struct rrstream_methods rrstream_methods_t;
+
+typedef struct rrstream {
+ isc_mem_t *mctx;
+ rrstream_methods_t *methods;
+} rrstream_t;
+
+struct rrstream_methods {
+ isc_result_t (*first)(rrstream_t *);
+ isc_result_t (*next)(rrstream_t *);
+ void (*current)(rrstream_t *,
+ dns_name_t **,
+ isc_uint32_t *,
+ dns_rdata_t **);
+ void (*pause)(rrstream_t *);
+ void (*destroy)(rrstream_t **);
+};
+
+static void
+rrstream_noop_pause(rrstream_t *rs) {
+ UNUSED(rs);
+}
+
+/**************************************************************************/
+/*
+ * An 'ixfr_rrstream_t' is an 'rrstream_t' that returns
+ * an IXFR-like RR stream from a journal file.
+ *
+ * The SOA at the beginning of each sequence of additions
+ * or deletions are included in the stream, but the extra
+ * SOAs at the beginning and end of the entire transfer are
+ * not included.
+ */
+
+typedef struct ixfr_rrstream {
+ rrstream_t common;
+ dns_journal_t *journal;
+} ixfr_rrstream_t;
+
+/* Forward declarations. */
+static void
+ixfr_rrstream_destroy(rrstream_t **sp);
+
+static rrstream_methods_t ixfr_rrstream_methods;
+
+/*
+ * Returns: anything dns_journal_open() or dns_journal_iter_init()
+ * may return.
+ */
+
+static isc_result_t
+ixfr_rrstream_create(isc_mem_t *mctx,
+ const char *journal_filename,
+ isc_uint32_t begin_serial,
+ isc_uint32_t end_serial,
+ rrstream_t **sp)
+{
+ ixfr_rrstream_t *s;
+ isc_result_t result;
+
+ INSIST(sp != NULL && *sp == NULL);
+
+ s = isc_mem_get(mctx, sizeof(*s));
+ if (s == NULL)
+ return (ISC_R_NOMEMORY);
+ s->common.mctx = mctx;
+ s->common.methods = &ixfr_rrstream_methods;
+ s->journal = NULL;
+
+ CHECK(dns_journal_open(mctx, journal_filename,
+ ISC_FALSE, &s->journal));
+ CHECK(dns_journal_iter_init(s->journal, begin_serial, end_serial));
+
+ *sp = (rrstream_t *) s;
+ return (ISC_R_SUCCESS);
+
+ failure:
+ ixfr_rrstream_destroy((rrstream_t **) (void *)&s);
+ return (result);
+}
+
+static isc_result_t
+ixfr_rrstream_first(rrstream_t *rs) {
+ ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
+ return (dns_journal_first_rr(s->journal));
+}
+
+static isc_result_t
+ixfr_rrstream_next(rrstream_t *rs) {
+ ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
+ return (dns_journal_next_rr(s->journal));
+}
+
+static void
+ixfr_rrstream_current(rrstream_t *rs,
+ dns_name_t **name, isc_uint32_t *ttl,
+ dns_rdata_t **rdata)
+{
+ ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
+ dns_journal_current_rr(s->journal, name, ttl, rdata);
+}
+
+static void
+ixfr_rrstream_destroy(rrstream_t **rsp) {
+ ixfr_rrstream_t *s = (ixfr_rrstream_t *) *rsp;
+ if (s->journal != 0)
+ dns_journal_destroy(&s->journal);
+ isc_mem_put(s->common.mctx, s, sizeof(*s));
+}
+
+static rrstream_methods_t ixfr_rrstream_methods = {
+ ixfr_rrstream_first,
+ ixfr_rrstream_next,
+ ixfr_rrstream_current,
+ rrstream_noop_pause,
+ ixfr_rrstream_destroy
+};
+
+/**************************************************************************/
+/*
+ * An 'axfr_rrstream_t' is an 'rrstream_t' that returns
+ * an AXFR-like RR stream from a database.
+ *
+ * The SOAs at the beginning and end of the transfer are
+ * not included in the stream.
+ */
+
+typedef struct axfr_rrstream {
+ rrstream_t common;
+ db_rr_iterator_t it;
+ isc_boolean_t it_valid;
+} axfr_rrstream_t;
+
+/*
+ * Forward declarations.
+ */
+static void
+axfr_rrstream_destroy(rrstream_t **rsp);
+
+static rrstream_methods_t axfr_rrstream_methods;
+
+static isc_result_t
+axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
+ rrstream_t **sp)
+{
+ axfr_rrstream_t *s;
+ isc_result_t result;
+
+ INSIST(sp != NULL && *sp == NULL);
+
+ s = isc_mem_get(mctx, sizeof(*s));
+ if (s == NULL)
+ return (ISC_R_NOMEMORY);
+ s->common.mctx = mctx;
+ s->common.methods = &axfr_rrstream_methods;
+ s->it_valid = ISC_FALSE;
+
+ CHECK(db_rr_iterator_init(&s->it, db, ver, 0));
+ s->it_valid = ISC_TRUE;
+
+ *sp = (rrstream_t *) s;
+ return (ISC_R_SUCCESS);
+
+ failure:
+ axfr_rrstream_destroy((rrstream_t **) (void *)&s);
+ return (result);
+}
+
+static isc_result_t
+axfr_rrstream_first(rrstream_t *rs) {
+ axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
+ isc_result_t result;
+ result = db_rr_iterator_first(&s->it);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ /* Skip SOA records. */
+ for (;;) {
+ dns_name_t *name_dummy = NULL;
+ isc_uint32_t ttl_dummy;
+ dns_rdata_t *rdata = NULL;
+ db_rr_iterator_current(&s->it, &name_dummy,
+ &ttl_dummy, &rdata);
+ if (rdata->type != dns_rdatatype_soa)
+ break;
+ result = db_rr_iterator_next(&s->it);
+ if (result != ISC_R_SUCCESS)
+ break;
+ }
+ return (result);
+}
+
+static isc_result_t
+axfr_rrstream_next(rrstream_t *rs) {
+ axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
+ isc_result_t result;
+
+ /* Skip SOA records. */
+ for (;;) {
+ dns_name_t *name_dummy = NULL;
+ isc_uint32_t ttl_dummy;
+ dns_rdata_t *rdata = NULL;
+ result = db_rr_iterator_next(&s->it);
+ if (result != ISC_R_SUCCESS)
+ break;
+ db_rr_iterator_current(&s->it, &name_dummy,
+ &ttl_dummy, &rdata);
+ if (rdata->type != dns_rdatatype_soa)
+ break;
+ }
+ return (result);
+}
+
+static void
+axfr_rrstream_current(rrstream_t *rs, dns_name_t **name, isc_uint32_t *ttl,
+ dns_rdata_t **rdata)
+{
+ axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
+ db_rr_iterator_current(&s->it, name, ttl, rdata);
+}
+
+static void
+axfr_rrstream_pause(rrstream_t *rs) {
+ axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
+ db_rr_iterator_pause(&s->it);
+}
+
+static void
+axfr_rrstream_destroy(rrstream_t **rsp) {
+ axfr_rrstream_t *s = (axfr_rrstream_t *) *rsp;
+ if (s->it_valid)
+ db_rr_iterator_destroy(&s->it);
+ isc_mem_put(s->common.mctx, s, sizeof(*s));
+}
+
+static rrstream_methods_t axfr_rrstream_methods = {
+ axfr_rrstream_first,
+ axfr_rrstream_next,
+ axfr_rrstream_current,
+ axfr_rrstream_pause,
+ axfr_rrstream_destroy
+};
+
+/**************************************************************************/
+/*
+ * An 'soa_rrstream_t' is a degenerate 'rrstream_t' that returns
+ * a single SOA record.
+ */
+
+typedef struct soa_rrstream {
+ rrstream_t common;
+ dns_difftuple_t *soa_tuple;
+} soa_rrstream_t;
+
+/*
+ * Forward declarations.
+ */
+static void
+soa_rrstream_destroy(rrstream_t **rsp);
+
+static rrstream_methods_t soa_rrstream_methods;
+
+static isc_result_t
+soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
+ rrstream_t **sp)
+{
+ soa_rrstream_t *s;
+ isc_result_t result;
+
+ INSIST(sp != NULL && *sp == NULL);
+
+ s = isc_mem_get(mctx, sizeof(*s));
+ if (s == NULL)
+ return (ISC_R_NOMEMORY);
+ s->common.mctx = mctx;
+ s->common.methods = &soa_rrstream_methods;
+ s->soa_tuple = NULL;
+
+ CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
+ &s->soa_tuple));
+
+ *sp = (rrstream_t *) s;
+ return (ISC_R_SUCCESS);
+
+ failure:
+ soa_rrstream_destroy((rrstream_t **) (void *)&s);
+ return (result);
+}
+
+static isc_result_t
+soa_rrstream_first(rrstream_t *rs) {
+ UNUSED(rs);
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+soa_rrstream_next(rrstream_t *rs) {
+ UNUSED(rs);
+ return (ISC_R_NOMORE);
+}
+
+static void
+soa_rrstream_current(rrstream_t *rs, dns_name_t **name, isc_uint32_t *ttl,
+ dns_rdata_t **rdata)
+{
+ soa_rrstream_t *s = (soa_rrstream_t *) rs;
+ *name = &s->soa_tuple->name;
+ *ttl = s->soa_tuple->ttl;
+ *rdata = &s->soa_tuple->rdata;
+}
+
+static void
+soa_rrstream_destroy(rrstream_t **rsp) {
+ soa_rrstream_t *s = (soa_rrstream_t *) *rsp;
+ if (s->soa_tuple != NULL)
+ dns_difftuple_free(&s->soa_tuple);
+ isc_mem_put(s->common.mctx, s, sizeof(*s));
+}
+
+static rrstream_methods_t soa_rrstream_methods = {
+ soa_rrstream_first,
+ soa_rrstream_next,
+ soa_rrstream_current,
+ rrstream_noop_pause,
+ soa_rrstream_destroy
+};
+
+/**************************************************************************/
+/*
+ * A 'compound_rrstream_t' objects owns a soa_rrstream
+ * and another rrstream, the "data stream". It returns
+ * a concatenated stream consisting of the soa_rrstream, then
+ * the data stream, then the soa_rrstream again.
+ *
+ * The component streams are owned by the compound_rrstream_t
+ * and are destroyed with it.
+ */
+
+typedef struct compound_rrstream {
+ rrstream_t common;
+ rrstream_t *components[3];
+ int state;
+ isc_result_t result;
+} compound_rrstream_t;
+
+/*
+ * Forward declarations.
+ */
+static void
+compound_rrstream_destroy(rrstream_t **rsp);
+
+static isc_result_t
+compound_rrstream_next(rrstream_t *rs);
+
+static rrstream_methods_t compound_rrstream_methods;
+
+/*
+ * Requires:
+ * soa_stream != NULL && *soa_stream != NULL
+ * data_stream != NULL && *data_stream != NULL
+ * sp != NULL && *sp == NULL
+ *
+ * Ensures:
+ * *soa_stream == NULL
+ * *data_stream == NULL
+ * *sp points to a valid compound_rrstream_t
+ * The soa and data streams will be destroyed
+ * when the compound_rrstream_t is destroyed.
+ */
+static isc_result_t
+compound_rrstream_create(isc_mem_t *mctx, rrstream_t **soa_stream,
+ rrstream_t **data_stream, rrstream_t **sp)
+{
+ compound_rrstream_t *s;
+
+ INSIST(sp != NULL && *sp == NULL);
+
+ s = isc_mem_get(mctx, sizeof(*s));
+ if (s == NULL)
+ return (ISC_R_NOMEMORY);
+ s->common.mctx = mctx;
+ s->common.methods = &compound_rrstream_methods;
+ s->components[0] = *soa_stream;
+ s->components[1] = *data_stream;
+ s->components[2] = *soa_stream;
+ s->state = -1;
+ s->result = ISC_R_FAILURE;
+
+ *soa_stream = NULL;
+ *data_stream = NULL;
+ *sp = (rrstream_t *) s;
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+compound_rrstream_first(rrstream_t *rs) {
+ compound_rrstream_t *s = (compound_rrstream_t *) rs;
+ s->state = 0;
+ do {
+ rrstream_t *curstream = s->components[s->state];
+ s->result = curstream->methods->first(curstream);
+ } while (s->result == ISC_R_NOMORE && s->state < 2);
+ return (s->result);
+}
+
+static isc_result_t
+compound_rrstream_next(rrstream_t *rs) {
+ compound_rrstream_t *s = (compound_rrstream_t *) rs;
+ rrstream_t *curstream = s->components[s->state];
+ s->result = curstream->methods->next(curstream);
+ while (s->result == ISC_R_NOMORE) {
+ /*
+ * Make sure locks held by the current stream
+ * are released before we switch streams.
+ */
+ curstream->methods->pause(curstream);
+ if (s->state == 2)
+ return (ISC_R_NOMORE);
+ s->state++;
+ curstream = s->components[s->state];
+ s->result = curstream->methods->first(curstream);
+ }
+ return (s->result);
+}
+
+static void
+compound_rrstream_current(rrstream_t *rs, dns_name_t **name, isc_uint32_t *ttl,
+ dns_rdata_t **rdata)
+{
+ compound_rrstream_t *s = (compound_rrstream_t *) rs;
+ rrstream_t *curstream;
+ INSIST(0 <= s->state && s->state < 3);
+ INSIST(s->result == ISC_R_SUCCESS);
+ curstream = s->components[s->state];
+ curstream->methods->current(curstream, name, ttl, rdata);
+}
+
+static void
+compound_rrstream_pause(rrstream_t *rs)
+{
+ compound_rrstream_t *s = (compound_rrstream_t *) rs;
+ rrstream_t *curstream;
+ INSIST(0 <= s->state && s->state < 3);
+ curstream = s->components[s->state];
+ curstream->methods->pause(curstream);
+}
+
+static void
+compound_rrstream_destroy(rrstream_t **rsp) {
+ compound_rrstream_t *s = (compound_rrstream_t *) *rsp;
+ s->components[0]->methods->destroy(&s->components[0]);
+ s->components[1]->methods->destroy(&s->components[1]);
+ s->components[2] = NULL; /* Copy of components[0]. */
+ isc_mem_put(s->common.mctx, s, sizeof(*s));
+}
+
+static rrstream_methods_t compound_rrstream_methods = {
+ compound_rrstream_first,
+ compound_rrstream_next,
+ compound_rrstream_current,
+ compound_rrstream_pause,
+ compound_rrstream_destroy
+};
+
+/**************************************************************************/
+/*
+ * An 'xfrout_ctx_t' contains the state of an outgoing AXFR or IXFR
+ * in progress.
+ */
+
+typedef struct {
+ isc_mem_t *mctx;
+ ns_client_t *client;
+ unsigned int id; /* ID of request */
+ dns_name_t *qname; /* Question name of request */
+ dns_rdatatype_t qtype; /* dns_rdatatype_{a,i}xfr */
+ dns_rdataclass_t qclass;
+ dns_zone_t *zone; /* (necessary for stats) */
+ dns_db_t *db;
+ dns_dbversion_t *ver;
+ isc_quota_t *quota;
+ rrstream_t *stream; /* The XFR RR stream */
+ isc_boolean_t end_of_stream; /* EOS has been reached */
+ isc_buffer_t buf; /* Buffer for message owner
+ names and rdatas */
+ isc_buffer_t txlenbuf; /* Transmit length buffer */
+ isc_buffer_t txbuf; /* Transmit message buffer */
+ void *txmem;
+ unsigned int txmemlen;
+ unsigned int nmsg; /* Number of messages sent */
+ dns_tsigkey_t *tsigkey; /* Key used to create TSIG */
+ isc_buffer_t *lasttsig; /* the last TSIG */
+ isc_boolean_t many_answers;
+ int sends; /* Send in progress */
+ isc_boolean_t shuttingdown;
+ const char *mnemonic; /* Style of transfer */
+} xfrout_ctx_t;
+
+static isc_result_t
+xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client,
+ unsigned int id, dns_name_t *qname, dns_rdatatype_t qtype,
+ dns_rdataclass_t qclass, dns_zone_t *zone,
+ dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota,
+ rrstream_t *stream, dns_tsigkey_t *tsigkey,
+ isc_buffer_t *lasttsig,
+ unsigned int maxtime,
+ unsigned int idletime,
+ isc_boolean_t many_answers,
+ xfrout_ctx_t **xfrp);
+
+static void
+sendstream(xfrout_ctx_t *xfr);
+
+static void
+xfrout_senddone(isc_task_t *task, isc_event_t *event);
+
+static void
+xfrout_fail(xfrout_ctx_t *xfr, isc_result_t result, const char *msg);
+
+static void
+xfrout_maybe_destroy(xfrout_ctx_t *xfr);
+
+static void
+xfrout_ctx_destroy(xfrout_ctx_t **xfrp);
+
+static void
+xfrout_client_shutdown(void *arg, isc_result_t result);
+
+static void
+xfrout_log1(ns_client_t *client, dns_name_t *zonename,
+ dns_rdataclass_t rdclass, int level,
+ const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
+
+static void
+xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...)
+ ISC_FORMAT_PRINTF(3, 4);
+
+/**************************************************************************/
+
+void
+ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
+ isc_result_t result;
+ dns_name_t *question_name;
+ dns_rdataset_t *question_rdataset;
+ dns_zone_t *zone = NULL;
+ dns_db_t *db = NULL;
+ dns_dbversion_t *ver = NULL;
+ dns_rdataclass_t question_class;
+ rrstream_t *soa_stream = NULL;
+ rrstream_t *data_stream = NULL;
+ rrstream_t *stream = NULL;
+ dns_difftuple_t *current_soa_tuple = NULL;
+ dns_name_t *soa_name;
+ dns_rdataset_t *soa_rdataset;
+ dns_rdata_t soa_rdata = DNS_RDATA_INIT;
+ isc_boolean_t have_soa = ISC_FALSE;
+ const char *mnemonic = NULL;
+ isc_mem_t *mctx = client->mctx;
+ dns_message_t *request = client->message;
+ xfrout_ctx_t *xfr = NULL;
+ isc_quota_t *quota = NULL;
+ dns_transfer_format_t format = client->view->transfer_format;
+ isc_netaddr_t na;
+ dns_peer_t *peer = NULL;
+ isc_buffer_t *tsigbuf = NULL;
+ char *journalfile;
+ char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")];
+ char keyname[DNS_NAME_FORMATSIZE];
+ isc_boolean_t is_poll = ISC_FALSE;
+#ifdef DLZ
+ isc_boolean_t is_dlz = ISC_FALSE;
+#endif
+
+ switch (reqtype) {
+ case dns_rdatatype_axfr:
+ mnemonic = "AXFR";
+ break;
+ case dns_rdatatype_ixfr:
+ mnemonic = "IXFR";
+ break;
+ default:
+ INSIST(0);
+ break;
+ }
+
+ ns_client_log(client,
+ DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT,
+ ISC_LOG_DEBUG(6), "%s request", mnemonic);
+ /*
+ * Apply quota.
+ */
+ result = isc_quota_attach(&ns_g_server->xfroutquota, &quota);
+ if (result != ISC_R_SUCCESS) {
+ isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING,
+ "%s request denied: %s", mnemonic,
+ isc_result_totext(result));
+ goto failure;
+ }
+
+ /*
+ * Interpret the question section.
+ */
+ result = dns_message_firstname(request, DNS_SECTION_QUESTION);
+ INSIST(result == ISC_R_SUCCESS);
+
+ /*
+ * The question section must contain exactly one question, and
+ * it must be for AXFR/IXFR as appropriate.
+ */
+ question_name = NULL;
+ dns_message_currentname(request, DNS_SECTION_QUESTION, &question_name);
+ question_rdataset = ISC_LIST_HEAD(question_name->list);
+ question_class = question_rdataset->rdclass;
+ INSIST(question_rdataset->type == reqtype);
+ if (ISC_LIST_NEXT(question_rdataset, link) != NULL)
+ FAILC(DNS_R_FORMERR, "multiple questions");
+ result = dns_message_nextname(request, DNS_SECTION_QUESTION);
+ if (result != ISC_R_NOMORE)
+ FAILC(DNS_R_FORMERR, "multiple questions");
+
+ result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
+ &zone);
+
+ if (result != ISC_R_SUCCESS)
+#ifdef DLZ
+ {
+ /*
+ * Normal zone table does not have a match. Try the DLZ database
+ */
+ if (client->view->dlzdatabase != NULL) {
+ result = dns_dlzallowzonexfr(client->view,
+ question_name, &client->peeraddr,
+ &db);
+
+ if (result == ISC_R_NOPERM) {
+ char _buf1[DNS_NAME_FORMATSIZE];
+ char _buf2[DNS_RDATACLASS_FORMATSIZE];
+
+ result = DNS_R_REFUSED;
+ dns_name_format(question_name, _buf1,
+ sizeof(_buf1));
+ dns_rdataclass_format(question_class,
+ _buf2, sizeof(_buf2));
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_XFER_OUT,
+ ISC_LOG_ERROR,
+ "zone transfer '%s/%s' denied",
+ _buf1, _buf2);
+ goto failure;
+ }
+ if (result != ISC_R_SUCCESS)
+#endif
+ FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
+ question_name, question_class);
+#ifdef DLZ
+ is_dlz = ISC_TRUE;
+ /*
+ * DLZ only support full zone transfer, not incremental
+ */
+ if (reqtype != dns_rdatatype_axfr) {
+ mnemonic = "AXFR-style IXFR";
+ reqtype = dns_rdatatype_axfr;
+ }
+
+ } else {
+ /*
+ * not DLZ and not in normal zone table, we are
+ * not authoritative
+ */
+ FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
+ question_name, question_class);
+ }
+ } else {
+ /* zone table has a match */
+#endif
+ switch(dns_zone_gettype(zone)) {
+ case dns_zone_master:
+ case dns_zone_slave:
+ break; /* Master and slave zones are OK for transfer. */
+ default:
+ FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class);
+ }
+ CHECK(dns_zone_getdb(zone, &db));
+ dns_db_currentversion(db, &ver);
+#ifdef DLZ
+ }
+#endif
+
+ xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
+ "%s question section OK", mnemonic);
+
+ /*
+ * Check the authority section. Look for a SOA record with
+ * the same name and class as the question.
+ */
+ for (result = dns_message_firstname(request, DNS_SECTION_AUTHORITY);
+ result == ISC_R_SUCCESS;
+ result = dns_message_nextname(request, DNS_SECTION_AUTHORITY))
+ {
+ soa_name = NULL;
+ dns_message_currentname(request, DNS_SECTION_AUTHORITY,
+ &soa_name);
+
+ /*
+ * Ignore data whose owner name is not the zone apex.
+ */
+ if (! dns_name_equal(soa_name, question_name))
+ continue;
+
+ for (soa_rdataset = ISC_LIST_HEAD(soa_name->list);
+ soa_rdataset != NULL;
+ soa_rdataset = ISC_LIST_NEXT(soa_rdataset, link))
+ {
+ /*
+ * Ignore non-SOA data.
+ */
+ if (soa_rdataset->type != dns_rdatatype_soa)
+ continue;
+ if (soa_rdataset->rdclass != question_class)
+ continue;
+
+ CHECK(dns_rdataset_first(soa_rdataset));
+ dns_rdataset_current(soa_rdataset, &soa_rdata);
+ result = dns_rdataset_next(soa_rdataset);
+ if (result == ISC_R_SUCCESS)
+ FAILC(DNS_R_FORMERR,
+ "IXFR authority section "
+ "has multiple SOAs");
+ have_soa = ISC_TRUE;
+ goto got_soa;
+ }
+ }
+ got_soa:
+ if (result != ISC_R_NOMORE)
+ CHECK(result);
+
+ xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
+ "%s authority section OK", mnemonic);
+
+ /*
+ * Decide whether to allow this transfer.
+ */
+#ifdef DLZ
+ /*
+ * if not a DLZ zone decide whether to allow this transfer.
+ */
+ if (!is_dlz) {
+#endif
+ ns_client_aclmsg("zone transfer", question_name, reqtype,
+ client->view->rdclass, msg, sizeof(msg));
+ CHECK(ns_client_checkacl(client, NULL, msg,
+ dns_zone_getxfracl(zone),
+ ISC_TRUE, ISC_LOG_ERROR));
+#ifdef DLZ
+ }
+#endif
+
+ /*
+ * AXFR over UDP is not possible.
+ */
+ if (reqtype == dns_rdatatype_axfr &&
+ (client->attributes & NS_CLIENTATTR_TCP) == 0)
+ FAILC(DNS_R_FORMERR, "attempted AXFR over UDP");
+
+ /*
+ * Look up the requesting server in the peer table.
+ */
+ isc_netaddr_fromsockaddr(&na, &client->peeraddr);
+ (void)dns_peerlist_peerbyaddr(client->view->peers, &na, &peer);
+
+ /*
+ * Decide on the transfer format (one-answer or many-answers).
+ */
+ if (peer != NULL)
+ (void)dns_peer_gettransferformat(peer, &format);
+
+ /*
+ * Get a dynamically allocated copy of the current SOA.
+ */
+#ifdef DLZ
+ if (is_dlz)
+ dns_db_currentversion(db, &ver);
+#endif
+ CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
+ &current_soa_tuple));
+
+ if (reqtype == dns_rdatatype_ixfr) {
+ isc_uint32_t begin_serial, current_serial;
+ isc_boolean_t provide_ixfr;
+
+ /*
+ * Outgoing IXFR may have been disabled for this peer
+ * or globally.
+ */
+ provide_ixfr = client->view->provideixfr;
+ if (peer != NULL)
+ (void) dns_peer_getprovideixfr(peer, &provide_ixfr);
+ if (provide_ixfr == ISC_FALSE)
+ goto axfr_fallback;
+
+ if (! have_soa)
+ FAILC(DNS_R_FORMERR,
+ "IXFR request missing SOA");
+
+ begin_serial = dns_soa_getserial(&soa_rdata);
+ current_serial = dns_soa_getserial(&current_soa_tuple->rdata);
+
+ /*
+ * RFC1995 says "If an IXFR query with the same or
+ * newer version number than that of the server
+ * is received, it is replied to with a single SOA
+ * record of the server's current version, just as
+ * in AXFR". The claim about AXFR is incorrect,
+ * but other than that, we do as the RFC says.
+ *
+ * Sending a single SOA record is also how we refuse
+ * IXFR over UDP (currently, we always do).
+ */
+ if (DNS_SERIAL_GE(begin_serial, current_serial) ||
+ (client->attributes & NS_CLIENTATTR_TCP) == 0)
+ {
+ CHECK(soa_rrstream_create(mctx, db, ver, &stream));
+ is_poll = ISC_TRUE;
+ goto have_stream;
+ }
+ journalfile = dns_zone_getjournal(zone);
+ if (journalfile != NULL)
+ result = ixfr_rrstream_create(mctx,
+ journalfile,
+ begin_serial,
+ current_serial,
+ &data_stream);
+ else
+ result = ISC_R_NOTFOUND;
+ if (result == ISC_R_NOTFOUND ||
+ result == ISC_R_RANGE) {
+ xfrout_log1(client, question_name, question_class,
+ ISC_LOG_DEBUG(4),
+ "IXFR version not in journal, "
+ "falling back to AXFR");
+ mnemonic = "AXFR-style IXFR";
+ goto axfr_fallback;
+ }
+ CHECK(result);
+ } else {
+ axfr_fallback:
+ CHECK(axfr_rrstream_create(mctx, db, ver,
+ &data_stream));
+ }
+
+ /*
+ * Bracket the the data stream with SOAs.
+ */
+ CHECK(soa_rrstream_create(mctx, db, ver, &soa_stream));
+ CHECK(compound_rrstream_create(mctx, &soa_stream, &data_stream,
+ &stream));
+ soa_stream = NULL;
+ data_stream = NULL;
+
+ have_stream:
+ CHECK(dns_message_getquerytsig(request, mctx, &tsigbuf));
+ /*
+ * Create the xfrout context object. This transfers the ownership
+ * of "stream", "db", "ver", and "quota" to the xfrout context object.
+ */
+
+
+
+#ifdef DLZ
+ if (is_dlz)
+ CHECK(xfrout_ctx_create(mctx, client, request->id, question_name,
+ reqtype, question_class, zone, db, ver,
+ quota, stream,
+ dns_message_gettsigkey(request),
+ tsigbuf,
+ 3600,
+ 3600,
+ (format == dns_many_answers) ?
+ ISC_TRUE : ISC_FALSE,
+ &xfr));
+ else
+#endif
+ CHECK(xfrout_ctx_create(mctx, client, request->id, question_name,
+ reqtype, question_class, zone, db, ver,
+ quota, stream,
+ dns_message_gettsigkey(request),
+ tsigbuf,
+ dns_zone_getmaxxfrout(zone),
+ dns_zone_getidleout(zone),
+ (format == dns_many_answers) ?
+ ISC_TRUE : ISC_FALSE,
+ &xfr));
+
+ xfr->mnemonic = mnemonic;
+ stream = NULL;
+ quota = NULL;
+
+ CHECK(xfr->stream->methods->first(xfr->stream));
+
+ if (xfr->tsigkey != NULL) {
+ dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname));
+ } else
+ keyname[0] = '\0';
+ if (is_poll)
+ xfrout_log1(client, question_name, question_class,
+ ISC_LOG_DEBUG(1), "IXFR poll up to date%s%s",
+ (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname);
+ else
+ xfrout_log1(client, question_name, question_class,
+ ISC_LOG_INFO, "%s started%s%s", mnemonic,
+ (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname);
+
+ /*
+ * Hand the context over to sendstream(). Set xfr to NULL;
+ * sendstream() is responsible for either passing the
+ * context on to a later event handler or destroying it.
+ */
+ sendstream(xfr);
+ xfr = NULL;
+
+ result = ISC_R_SUCCESS;
+
+ failure:
+ if (result == DNS_R_REFUSED)
+ inc_stats(zone, dns_nsstatscounter_xfrrej);
+ if (quota != NULL)
+ isc_quota_detach(&quota);
+ if (current_soa_tuple != NULL)
+ dns_difftuple_free(&current_soa_tuple);
+ if (stream != NULL)
+ stream->methods->destroy(&stream);
+ if (soa_stream != NULL)
+ soa_stream->methods->destroy(&soa_stream);
+ if (data_stream != NULL)
+ data_stream->methods->destroy(&data_stream);
+ if (ver != NULL)
+ dns_db_closeversion(db, &ver, ISC_FALSE);
+ if (db != NULL)
+ dns_db_detach(&db);
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ /* XXX kludge */
+ if (xfr != NULL) {
+ xfrout_fail(xfr, result, "setting up zone transfer");
+ } else if (result != ISC_R_SUCCESS) {
+ ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
+ NS_LOGMODULE_XFER_OUT,
+ ISC_LOG_DEBUG(3), "zone transfer setup failed");
+ ns_client_error(client, result);
+ }
+}
+
+static isc_result_t
+xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
+ dns_name_t *qname, dns_rdatatype_t qtype,
+ dns_rdataclass_t qclass, dns_zone_t *zone,
+ dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota,
+ rrstream_t *stream, dns_tsigkey_t *tsigkey,
+ isc_buffer_t *lasttsig, unsigned int maxtime,
+ unsigned int idletime, isc_boolean_t many_answers,
+ xfrout_ctx_t **xfrp)
+{
+ xfrout_ctx_t *xfr;
+ isc_result_t result;
+ unsigned int len;
+ void *mem;
+
+ INSIST(xfrp != NULL && *xfrp == NULL);
+ xfr = isc_mem_get(mctx, sizeof(*xfr));
+ if (xfr == NULL)
+ return (ISC_R_NOMEMORY);
+ xfr->mctx = mctx;
+ xfr->client = NULL;
+ ns_client_attach(client, &xfr->client);
+ xfr->id = id;
+ xfr->qname = qname;
+ xfr->qtype = qtype;
+ xfr->qclass = qclass;
+ xfr->zone = NULL;
+ xfr->db = NULL;
+ xfr->ver = NULL;
+ if (zone != NULL) /* zone will be NULL if it's DLZ */
+ dns_zone_attach(zone, &xfr->zone);
+ dns_db_attach(db, &xfr->db);
+ dns_db_attachversion(db, ver, &xfr->ver);
+ xfr->end_of_stream = ISC_FALSE;
+ xfr->tsigkey = tsigkey;
+ xfr->lasttsig = lasttsig;
+ xfr->txmem = NULL;
+ xfr->txmemlen = 0;
+ xfr->nmsg = 0;
+ xfr->many_answers = many_answers,
+ xfr->sends = 0;
+ xfr->shuttingdown = ISC_FALSE;
+ xfr->mnemonic = NULL;
+ xfr->buf.base = NULL;
+ xfr->buf.length = 0;
+ xfr->txmem = NULL;
+ xfr->txmemlen = 0;
+ xfr->stream = NULL;
+ xfr->quota = NULL;
+
+ /*
+ * Allocate a temporary buffer for the uncompressed response
+ * message data. The size should be no more than 65535 bytes
+ * so that the compressed data will fit in a TCP message,
+ * and no less than 65535 bytes so that an almost maximum-sized
+ * RR will fit. Note that although 65535-byte RRs are allowed
+ * in principle, they cannot be zone-transferred (at least not
+ * if uncompressible), because the message and RR headers would
+ * push the size of the TCP message over the 65536 byte limit.
+ */
+ len = 65535;
+ mem = isc_mem_get(mctx, len);
+ if (mem == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto failure;
+ }
+ isc_buffer_init(&xfr->buf, mem, len);
+
+ /*
+ * Allocate another temporary buffer for the compressed
+ * response message and its TCP length prefix.
+ */
+ len = 2 + 65535;
+ mem = isc_mem_get(mctx, len);
+ if (mem == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto failure;
+ }
+ isc_buffer_init(&xfr->txlenbuf, mem, 2);
+ isc_buffer_init(&xfr->txbuf, (char *) mem + 2, len - 2);
+ xfr->txmem = mem;
+ xfr->txmemlen = len;
+
+ CHECK(dns_timer_setidle(xfr->client->timer,
+ maxtime, idletime, ISC_FALSE));
+
+ /*
+ * Register a shutdown callback with the client, so that we
+ * can stop the transfer immediately when the client task
+ * gets a shutdown event.
+ */
+ xfr->client->shutdown = xfrout_client_shutdown;
+ xfr->client->shutdown_arg = xfr;
+ /*
+ * These MUST be after the last "goto failure;" / CHECK to
+ * prevent a double free by the caller.
+ */
+ xfr->quota = quota;
+ xfr->stream = stream;
+
+ *xfrp = xfr;
+ return (ISC_R_SUCCESS);
+
+failure:
+ xfrout_ctx_destroy(&xfr);
+ return (result);
+}
+
+
+/*
+ * Arrange to send as much as we can of "stream" without blocking.
+ *
+ * Requires:
+ * The stream iterator is initialized and points at an RR,
+ * or possiby at the end of the stream (that is, the
+ * _first method of the iterator has been called).
+ */
+static void
+sendstream(xfrout_ctx_t *xfr) {
+ dns_message_t *tcpmsg = NULL;
+ dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */
+ isc_result_t result;
+ isc_region_t used;
+ isc_region_t region;
+ dns_rdataset_t *qrdataset;
+ dns_name_t *msgname = NULL;
+ dns_rdata_t *msgrdata = NULL;
+ dns_rdatalist_t *msgrdl = NULL;
+ dns_rdataset_t *msgrds = NULL;
+ dns_compress_t cctx;
+ isc_boolean_t cleanup_cctx = ISC_FALSE;
+
+ int n_rrs;
+
+ isc_buffer_clear(&xfr->buf);
+ isc_buffer_clear(&xfr->txlenbuf);
+ isc_buffer_clear(&xfr->txbuf);
+
+ if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) {
+ /*
+ * In the UDP case, we put the response data directly into
+ * the client message.
+ */
+ msg = xfr->client->message;
+ CHECK(dns_message_reply(msg, ISC_TRUE));
+ } else {
+ /*
+ * TCP. Build a response dns_message_t, temporarily storing
+ * the raw, uncompressed owner names and RR data contiguously
+ * in xfr->buf. We know that if the uncompressed data fits
+ * in xfr->buf, the compressed data will surely fit in a TCP
+ * message.
+ */
+
+ CHECK(dns_message_create(xfr->mctx,
+ DNS_MESSAGE_INTENTRENDER, &tcpmsg));
+ msg = tcpmsg;
+
+ msg->id = xfr->id;
+ msg->rcode = dns_rcode_noerror;
+ msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
+ if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
+ msg->flags |= DNS_MESSAGEFLAG_RA;
+ CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
+ CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
+ if (xfr->lasttsig != NULL)
+ isc_buffer_free(&xfr->lasttsig);
+
+ /*
+ * Include a question section in the first message only.
+ * BIND 8.2.1 will not recognize an IXFR if it does not
+ * have a question section.
+ */
+ if (xfr->nmsg == 0) {
+ dns_name_t *qname = NULL;
+ isc_region_t r;
+
+ /*
+ * Reserve space for the 12-byte message header
+ * and 4 bytes of question.
+ */
+ isc_buffer_add(&xfr->buf, 12 + 4);
+
+ qrdataset = NULL;
+ result = dns_message_gettemprdataset(msg, &qrdataset);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ dns_rdataset_init(qrdataset);
+ dns_rdataset_makequestion(qrdataset,
+ xfr->client->message->rdclass,
+ xfr->qtype);
+
+ result = dns_message_gettempname(msg, &qname);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ dns_name_init(qname, NULL);
+ isc_buffer_availableregion(&xfr->buf, &r);
+ INSIST(r.length >= xfr->qname->length);
+ r.length = xfr->qname->length;
+ isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
+ xfr->qname->length);
+ dns_name_fromregion(qname, &r);
+ ISC_LIST_INIT(qname->list);
+ ISC_LIST_APPEND(qname->list, qrdataset, link);
+
+ dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
+ }
+ else
+ msg->tcp_continuation = 1;
+ }
+
+ /*
+ * Try to fit in as many RRs as possible, unless "one-answer"
+ * format has been requested.
+ */
+ for (n_rrs = 0; ; n_rrs++) {
+ dns_name_t *name = NULL;
+ isc_uint32_t ttl;
+ dns_rdata_t *rdata = NULL;
+
+ unsigned int size;
+ isc_region_t r;
+
+ msgname = NULL;
+ msgrdata = NULL;
+ msgrdl = NULL;
+ msgrds = NULL;
+
+ xfr->stream->methods->current(xfr->stream,
+ &name, &ttl, &rdata);
+ size = name->length + 10 + rdata->length;
+ isc_buffer_availableregion(&xfr->buf, &r);
+ if (size >= r.length) {
+ /*
+ * RR would not fit. If there are other RRs in the
+ * buffer, send them now and leave this RR to the
+ * next message. If this RR overflows the buffer
+ * all by itself, fail.
+ *
+ * In theory some RRs might fit in a TCP message
+ * when compressed even if they do not fit when
+ * uncompressed, but surely we don't want
+ * to send such monstrosities to an unsuspecting
+ * slave.
+ */
+ if (n_rrs == 0) {
+ xfrout_log(xfr, ISC_LOG_WARNING,
+ "RR too large for zone transfer "
+ "(%d bytes)", size);
+ /* XXX DNS_R_RRTOOLARGE? */
+ result = ISC_R_NOSPACE;
+ goto failure;
+ }
+ break;
+ }
+
+ if (isc_log_wouldlog(ns_g_lctx, XFROUT_RR_LOGLEVEL))
+ log_rr(name, rdata, ttl); /* XXX */
+
+ result = dns_message_gettempname(msg, &msgname);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ dns_name_init(msgname, NULL);
+ isc_buffer_availableregion(&xfr->buf, &r);
+ INSIST(r.length >= name->length);
+ r.length = name->length;
+ isc_buffer_putmem(&xfr->buf, name->ndata, name->length);
+ dns_name_fromregion(msgname, &r);
+
+ /* Reserve space for RR header. */
+ isc_buffer_add(&xfr->buf, 10);
+
+ result = dns_message_gettemprdata(msg, &msgrdata);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ isc_buffer_availableregion(&xfr->buf, &r);
+ r.length = rdata->length;
+ isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length);
+ dns_rdata_init(msgrdata);
+ dns_rdata_fromregion(msgrdata,
+ rdata->rdclass, rdata->type, &r);
+
+ result = dns_message_gettemprdatalist(msg, &msgrdl);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ msgrdl->type = rdata->type;
+ msgrdl->rdclass = rdata->rdclass;
+ msgrdl->ttl = ttl;
+ if (rdata->type == dns_rdatatype_sig ||
+ rdata->type == dns_rdatatype_rrsig)
+ msgrdl->covers = dns_rdata_covers(rdata);
+ else
+ msgrdl->covers = dns_rdatatype_none;
+ ISC_LINK_INIT(msgrdl, link);
+ ISC_LIST_INIT(msgrdl->rdata);
+ ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link);
+
+ result = dns_message_gettemprdataset(msg, &msgrds);
+ if (result != ISC_R_SUCCESS)
+ goto failure;
+ dns_rdataset_init(msgrds);
+ result = dns_rdatalist_tordataset(msgrdl, msgrds);
+ INSIST(result == ISC_R_SUCCESS);
+
+ ISC_LIST_APPEND(msgname->list, msgrds, link);
+
+ dns_message_addname(msg, msgname, DNS_SECTION_ANSWER);
+ msgname = NULL;
+
+ result = xfr->stream->methods->next(xfr->stream);
+ if (result == ISC_R_NOMORE) {
+ xfr->end_of_stream = ISC_TRUE;
+ break;
+ }
+ CHECK(result);
+
+ if (! xfr->many_answers)
+ break;
+ }
+
+ if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) {
+ CHECK(dns_compress_init(&cctx, -1, xfr->mctx));
+ dns_compress_setsensitive(&cctx, ISC_TRUE);
+ cleanup_cctx = ISC_TRUE;
+ CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf));
+ CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
+ CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
+ CHECK(dns_message_renderend(msg));
+ dns_compress_invalidate(&cctx);
+ cleanup_cctx = ISC_FALSE;
+
+ isc_buffer_usedregion(&xfr->txbuf, &used);
+ isc_buffer_putuint16(&xfr->txlenbuf,
+ (isc_uint16_t)used.length);
+ region.base = xfr->txlenbuf.base;
+ region.length = 2 + used.length;
+ xfrout_log(xfr, ISC_LOG_DEBUG(8),
+ "sending TCP message of %d bytes",
+ used.length);
+ CHECK(isc_socket_send(xfr->client->tcpsocket, /* XXX */
+ &region, xfr->client->task,
+ xfrout_senddone,
+ xfr));
+ xfr->sends++;
+ } else {
+ xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response");
+ ns_client_send(xfr->client);
+ xfr->stream->methods->pause(xfr->stream);
+ xfrout_ctx_destroy(&xfr);
+ return;
+ }
+
+ /* Advance lasttsig to be the last TSIG generated */
+ CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
+
+ xfr->nmsg++;
+
+ failure:
+ if (msgname != NULL) {
+ if (msgrds != NULL) {
+ if (dns_rdataset_isassociated(msgrds))
+ dns_rdataset_disassociate(msgrds);
+ dns_message_puttemprdataset(msg, &msgrds);
+ }
+ if (msgrdl != NULL) {
+ ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
+ dns_message_puttemprdatalist(msg, &msgrdl);
+ }
+ if (msgrdata != NULL)
+ dns_message_puttemprdata(msg, &msgrdata);
+ dns_message_puttempname(msg, &msgname);
+ }
+
+ if (tcpmsg != NULL)
+ dns_message_destroy(&tcpmsg);
+
+ if (cleanup_cctx)
+ dns_compress_invalidate(&cctx);
+ /*
+ * Make sure to release any locks held by database
+ * iterators before returning from the event handler.
+ */
+ xfr->stream->methods->pause(xfr->stream);
+
+ if (result == ISC_R_SUCCESS)
+ return;
+
+ xfrout_fail(xfr, result, "sending zone data");
+}
+
+static void
+xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
+ xfrout_ctx_t *xfr = *xfrp;
+
+ INSIST(xfr->sends == 0);
+
+ xfr->client->shutdown = NULL;
+ xfr->client->shutdown_arg = NULL;
+
+ if (xfr->stream != NULL)
+ xfr->stream->methods->destroy(&xfr->stream);
+ if (xfr->buf.base != NULL)
+ isc_mem_put(xfr->mctx, xfr->buf.base, xfr->buf.length);
+ if (xfr->txmem != NULL)
+ isc_mem_put(xfr->mctx, xfr->txmem, xfr->txmemlen);
+ if (xfr->lasttsig != NULL)
+ isc_buffer_free(&xfr->lasttsig);
+ if (xfr->quota != NULL)
+ isc_quota_detach(&xfr->quota);
+ if (xfr->ver != NULL)
+ dns_db_closeversion(xfr->db, &xfr->ver, ISC_FALSE);
+ if (xfr->zone != NULL)
+ dns_zone_detach(&xfr->zone);
+ if (xfr->db != NULL)
+ dns_db_detach(&xfr->db);
+
+ ns_client_detach(&xfr->client);
+
+ isc_mem_put(xfr->mctx, xfr, sizeof(*xfr));
+
+ *xfrp = NULL;
+}
+
+static void
+xfrout_senddone(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sev = (isc_socketevent_t *)event;
+ xfrout_ctx_t *xfr = (xfrout_ctx_t *)event->ev_arg;
+ isc_result_t evresult = sev->result;
+
+ UNUSED(task);
+
+ INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
+
+ isc_event_free(&event);
+ xfr->sends--;
+ INSIST(xfr->sends == 0);
+
+ (void)isc_timer_touch(xfr->client->timer);
+ if (xfr->shuttingdown == ISC_TRUE) {
+ xfrout_maybe_destroy(xfr);
+ } else if (evresult != ISC_R_SUCCESS) {
+ xfrout_fail(xfr, evresult, "send");
+ } else if (xfr->end_of_stream == ISC_FALSE) {
+ sendstream(xfr);
+ } else {
+ /* End of zone transfer stream. */
+ inc_stats(xfr->zone, dns_nsstatscounter_xfrdone);
+ xfrout_log(xfr, ISC_LOG_INFO, "%s ended", xfr->mnemonic);
+ ns_client_next(xfr->client, ISC_R_SUCCESS);
+ xfrout_ctx_destroy(&xfr);
+ }
+}
+
+static void
+xfrout_fail(xfrout_ctx_t *xfr, isc_result_t result, const char *msg) {
+ xfr->shuttingdown = ISC_TRUE;
+ xfrout_log(xfr, ISC_LOG_ERROR, "%s: %s",
+ msg, isc_result_totext(result));
+ xfrout_maybe_destroy(xfr);
+}
+
+static void
+xfrout_maybe_destroy(xfrout_ctx_t *xfr) {
+ INSIST(xfr->shuttingdown == ISC_TRUE);
+ if (xfr->sends > 0) {
+ /*
+ * If we are currently sending, cancel it and wait for
+ * cancel event before destroying the context.
+ */
+ isc_socket_cancel(xfr->client->tcpsocket, xfr->client->task,
+ ISC_SOCKCANCEL_SEND);
+ } else {
+ ns_client_next(xfr->client, ISC_R_CANCELED);
+ xfrout_ctx_destroy(&xfr);
+ }
+}
+
+static void
+xfrout_client_shutdown(void *arg, isc_result_t result) {
+ xfrout_ctx_t *xfr = (xfrout_ctx_t *) arg;
+ xfrout_fail(xfr, result, "aborted");
+}
+
+/*
+ * Log outgoing zone transfer messages in a format like
+ * <client>: transfer of <zone>: <message>
+ */
+
+static void
+xfrout_logv(ns_client_t *client, dns_name_t *zonename,
+ dns_rdataclass_t rdclass, int level, const char *fmt, va_list ap)
+ ISC_FORMAT_PRINTF(5, 0);
+
+static void
+xfrout_logv(ns_client_t *client, dns_name_t *zonename,
+ dns_rdataclass_t rdclass, int level, const char *fmt, va_list ap)
+{
+ char msgbuf[2048];
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
+
+ dns_name_format(zonename, namebuf, sizeof(namebuf));
+ dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
+ vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
+ ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
+ NS_LOGMODULE_XFER_OUT, level,
+ "transfer of '%s/%s': %s", namebuf, classbuf, msgbuf);
+}
+
+/*
+ * Logging function for use when a xfrout_ctx_t has not yet been created.
+ */
+static void
+xfrout_log1(ns_client_t *client, dns_name_t *zonename,
+ dns_rdataclass_t rdclass, int level, const char *fmt, ...) {
+ va_list ap;
+ va_start(ap, fmt);
+ xfrout_logv(client, zonename, rdclass, level, fmt, ap);
+ va_end(ap);
+}
+
+/*
+ * Logging function for use when there is a xfrout_ctx_t.
+ */
+static void
+xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...) {
+ va_list ap;
+ va_start(ap, fmt);
+ xfrout_logv(xfr->client, xfr->qname, xfr->qclass, level, fmt, ap);
+ va_end(ap);
+}
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
new file mode 100644
index 0000000..7a420b5
--- /dev/null
+++ b/bin/named/zoneconf.c
@@ -0,0 +1,1016 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: zoneconf.c,v 1.147 2008/09/24 02:46:21 marka Exp $ */
+
+/*% */
+
+#include <config.h>
+
+#include <isc/buffer.h>
+#include <isc/file.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/acl.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdatatype.h>
+#include <dns/ssu.h>
+#include <dns/stats.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+
+#include <named/client.h>
+#include <named/config.h>
+#include <named/globals.h>
+#include <named/log.h>
+#include <named/server.h>
+#include <named/zoneconf.h>
+
+/* ACLs associated with zone */
+typedef enum {
+ allow_notify,
+ allow_query,
+ allow_transfer,
+ allow_update,
+ allow_update_forwarding
+} acl_type_t;
+
+/*%
+ * These are BIND9 server defaults, not necessarily identical to the
+ * library defaults defined in zone.c.
+ */
+#define RETERR(x) do { \
+ isc_result_t _r = (x); \
+ if (_r != ISC_R_SUCCESS) \
+ return (_r); \
+ } while (0)
+
+/*%
+ * Convenience function for configuring a single zone ACL.
+ */
+static isc_result_t
+configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
+ const cfg_obj_t *config, acl_type_t acltype,
+ cfg_aclconfctx_t *actx, dns_zone_t *zone,
+ void (*setzacl)(dns_zone_t *, dns_acl_t *),
+ void (*clearzacl)(dns_zone_t *))
+{
+ isc_result_t result;
+ const cfg_obj_t *maps[5] = {NULL, NULL, NULL, NULL, NULL};
+ const cfg_obj_t *aclobj = NULL;
+ int i = 0;
+ dns_acl_t **aclp = NULL, *acl = NULL;
+ const char *aclname;
+ dns_view_t *view;
+
+ view = dns_zone_getview(zone);
+
+ switch (acltype) {
+ case allow_notify:
+ if (view != NULL)
+ aclp = &view->notifyacl;
+ aclname = "allow-notify";
+ break;
+ case allow_query:
+ if (view != NULL)
+ aclp = &view->queryacl;
+ aclname = "allow-query";
+ break;
+ case allow_transfer:
+ if (view != NULL)
+ aclp = &view->transferacl;
+ aclname = "allow-transfer";
+ break;
+ case allow_update:
+ if (view != NULL)
+ aclp = &view->updateacl;
+ aclname = "allow-update";
+ break;
+ case allow_update_forwarding:
+ if (view != NULL)
+ aclp = &view->upfwdacl;
+ aclname = "allow-update-forwarding";
+ break;
+ default:
+ INSIST(0);
+ return (ISC_R_FAILURE);
+ }
+
+ /* First check to see if ACL is defined within the zone */
+ if (zconfig != NULL) {
+ maps[0] = cfg_tuple_get(zconfig, "options");
+ ns_config_get(maps, aclname, &aclobj);
+ if (aclobj != NULL) {
+ aclp = NULL;
+ goto parse_acl;
+ }
+ }
+
+ /* Failing that, see if there's a default ACL already in the view */
+ if (aclp != NULL && *aclp != NULL) {
+ (*setzacl)(zone, *aclp);
+ return (ISC_R_SUCCESS);
+ }
+
+ /* Check for default ACLs that haven't been parsed yet */
+ if (vconfig != NULL)
+ maps[i++] = cfg_tuple_get(vconfig, "options");
+ if (config != NULL) {
+ const cfg_obj_t *options = NULL;
+ (void)cfg_map_get(config, "options", &options);
+ if (options != NULL)
+ maps[i++] = options;
+ }
+ maps[i++] = ns_g_defaults;
+ maps[i] = NULL;
+
+ result = ns_config_get(maps, aclname, &aclobj);
+ if (aclobj == NULL) {
+ (*clearzacl)(zone);
+ return (ISC_R_SUCCESS);
+ }
+
+parse_acl:
+ result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx,
+ dns_zone_getmctx(zone), 0, &acl);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ (*setzacl)(zone, acl);
+
+ /* Set the view default now */
+ if (aclp != NULL)
+ dns_acl_attach(acl, aclp);
+
+ dns_acl_detach(&acl);
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Parse the zone update-policy statement.
+ */
+static isc_result_t
+configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone) {
+ const cfg_obj_t *updatepolicy = NULL;
+ const cfg_listelt_t *element, *element2;
+ dns_ssutable_t *table = NULL;
+ isc_mem_t *mctx = dns_zone_getmctx(zone);
+ isc_result_t result;
+
+ (void)cfg_map_get(zconfig, "update-policy", &updatepolicy);
+ if (updatepolicy == NULL) {
+ dns_zone_setssutable(zone, NULL);
+ return (ISC_R_SUCCESS);
+ }
+
+ result = dns_ssutable_create(mctx, &table);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (element = cfg_list_first(updatepolicy);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *stmt = cfg_listelt_value(element);
+ const cfg_obj_t *mode = cfg_tuple_get(stmt, "mode");
+ const cfg_obj_t *identity = cfg_tuple_get(stmt, "identity");
+ const cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype");
+ const cfg_obj_t *dname = cfg_tuple_get(stmt, "name");
+ const cfg_obj_t *typelist = cfg_tuple_get(stmt, "types");
+ const char *str;
+ isc_boolean_t grant = ISC_FALSE;
+ unsigned int mtype = DNS_SSUMATCHTYPE_NAME;
+ dns_fixedname_t fname, fident;
+ isc_buffer_t b;
+ dns_rdatatype_t *types;
+ unsigned int i, n;
+
+ str = cfg_obj_asstring(mode);
+ if (strcasecmp(str, "grant") == 0)
+ grant = ISC_TRUE;
+ else if (strcasecmp(str, "deny") == 0)
+ grant = ISC_FALSE;
+ else
+ INSIST(0);
+
+ str = cfg_obj_asstring(matchtype);
+ if (strcasecmp(str, "name") == 0)
+ mtype = DNS_SSUMATCHTYPE_NAME;
+ else if (strcasecmp(str, "subdomain") == 0)
+ mtype = DNS_SSUMATCHTYPE_SUBDOMAIN;
+ else if (strcasecmp(str, "wildcard") == 0)
+ mtype = DNS_SSUMATCHTYPE_WILDCARD;
+ else if (strcasecmp(str, "self") == 0)
+ mtype = DNS_SSUMATCHTYPE_SELF;
+ else if (strcasecmp(str, "selfsub") == 0)
+ mtype = DNS_SSUMATCHTYPE_SELFSUB;
+ else if (strcasecmp(str, "selfwild") == 0)
+ mtype = DNS_SSUMATCHTYPE_SELFWILD;
+ else if (strcasecmp(str, "ms-self") == 0)
+ mtype = DNS_SSUMATCHTYPE_SELFMS;
+ else if (strcasecmp(str, "krb5-self") == 0)
+ mtype = DNS_SSUMATCHTYPE_SELFKRB5;
+ else if (strcasecmp(str, "ms-subdomain") == 0)
+ mtype = DNS_SSUMATCHTYPE_SUBDOMAINMS;
+ else if (strcasecmp(str, "krb5-subdomain") == 0)
+ mtype = DNS_SSUMATCHTYPE_SUBDOMAINKRB5;
+ else if (strcasecmp(str, "tcp-self") == 0)
+ mtype = DNS_SSUMATCHTYPE_TCPSELF;
+ else if (strcasecmp(str, "6to4-self") == 0)
+ mtype = DNS_SSUMATCHTYPE_6TO4SELF;
+ else
+ INSIST(0);
+
+ dns_fixedname_init(&fident);
+ str = cfg_obj_asstring(identity);
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ result = dns_name_fromtext(dns_fixedname_name(&fident), &b,
+ dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
+ "'%s' is not a valid name", str);
+ goto cleanup;
+ }
+
+ dns_fixedname_init(&fname);
+ str = cfg_obj_asstring(dname);
+ isc_buffer_init(&b, str, strlen(str));
+ isc_buffer_add(&b, strlen(str));
+ result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
+ dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
+ "'%s' is not a valid name", str);
+ goto cleanup;
+ }
+
+ n = ns_config_listcount(typelist);
+ if (n == 0)
+ types = NULL;
+ else {
+ types = isc_mem_get(mctx, n * sizeof(dns_rdatatype_t));
+ if (types == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto cleanup;
+ }
+ }
+
+ i = 0;
+ for (element2 = cfg_list_first(typelist);
+ element2 != NULL;
+ element2 = cfg_list_next(element2))
+ {
+ const cfg_obj_t *typeobj;
+ isc_textregion_t r;
+
+ INSIST(i < n);
+
+ typeobj = cfg_listelt_value(element2);
+ str = cfg_obj_asstring(typeobj);
+ DE_CONST(str, r.base);
+ r.length = strlen(str);
+
+ result = dns_rdatatype_fromtext(&types[i++], &r);
+ if (result != ISC_R_SUCCESS) {
+ cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
+ "'%s' is not a valid type", str);
+ isc_mem_put(mctx, types,
+ n * sizeof(dns_rdatatype_t));
+ goto cleanup;
+ }
+ }
+ INSIST(i == n);
+
+ result = dns_ssutable_addrule(table, grant,
+ dns_fixedname_name(&fident),
+ mtype,
+ dns_fixedname_name(&fname),
+ n, types);
+ if (types != NULL)
+ isc_mem_put(mctx, types, n * sizeof(dns_rdatatype_t));
+ if (result != ISC_R_SUCCESS) {
+ goto cleanup;
+ }
+
+ }
+
+ result = ISC_R_SUCCESS;
+ dns_zone_setssutable(zone, table);
+
+ cleanup:
+ dns_ssutable_detach(&table);
+ return (result);
+}
+
+/*%
+ * Convert a config file zone type into a server zone type.
+ */
+static inline dns_zonetype_t
+zonetype_fromconfig(const cfg_obj_t *map) {
+ const cfg_obj_t *obj = NULL;
+ isc_result_t result;
+
+ result = cfg_map_get(map, "type", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ return (ns_config_getzonetype(obj));
+}
+
+/*%
+ * Helper function for strtoargv(). Pardon the gratuitous recursion.
+ */
+static isc_result_t
+strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp,
+ char ***argvp, unsigned int n)
+{
+ isc_result_t result;
+
+ /* Discard leading whitespace. */
+ while (*s == ' ' || *s == '\t')
+ s++;
+
+ if (*s == '\0') {
+ /* We have reached the end of the string. */
+ *argcp = n;
+ *argvp = isc_mem_get(mctx, n * sizeof(char *));
+ if (*argvp == NULL)
+ return (ISC_R_NOMEMORY);
+ } else {
+ char *p = s;
+ while (*p != ' ' && *p != '\t' && *p != '\0')
+ p++;
+ if (*p != '\0')
+ *p++ = '\0';
+
+ result = strtoargvsub(mctx, p, argcp, argvp, n + 1);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ (*argvp)[n] = s;
+ }
+ return (ISC_R_SUCCESS);
+}
+
+/*%
+ * Tokenize the string "s" into whitespace-separated words,
+ * return the number of words in '*argcp' and an array
+ * of pointers to the words in '*argvp'. The caller
+ * must free the array using isc_mem_put(). The string
+ * is modified in-place.
+ */
+static isc_result_t
+strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
+ return (strtoargvsub(mctx, s, argcp, argvp, 0));
+}
+
+static void
+checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
+ const cfg_obj_t **objp)
+{
+ const char *zone = NULL;
+ isc_result_t result;
+
+ switch (ztype) {
+ case dns_zone_slave: zone = "slave"; break;
+ case dns_zone_master: zone = "master"; break;
+ default:
+ INSIST(0);
+ }
+ result = ns_checknames_get(maps, zone, objp);
+ INSIST(result == ISC_R_SUCCESS);
+}
+
+isc_result_t
+ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
+ const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
+ dns_zone_t *zone)
+{
+ isc_result_t result;
+ const char *zname;
+ dns_rdataclass_t zclass;
+ dns_rdataclass_t vclass;
+ const cfg_obj_t *maps[5];
+ const cfg_obj_t *zoptions = NULL;
+ const cfg_obj_t *options = NULL;
+ const cfg_obj_t *obj;
+ const char *filename = NULL;
+ dns_notifytype_t notifytype = dns_notifytype_yes;
+ isc_sockaddr_t *addrs;
+ dns_name_t **keynames;
+ isc_uint32_t count;
+ char *cpval;
+ unsigned int dbargc;
+ char **dbargv;
+ static char default_dbtype[] = "rbt";
+ isc_mem_t *mctx = dns_zone_getmctx(zone);
+ dns_dialuptype_t dialup = dns_dialuptype_no;
+ dns_zonetype_t ztype;
+ int i;
+ isc_int32_t journal_size;
+ isc_boolean_t multi;
+ isc_boolean_t alt;
+ dns_view_t *view;
+ isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE;
+ isc_boolean_t warn = ISC_FALSE, ignore = ISC_FALSE;
+ isc_boolean_t ixfrdiff;
+ dns_masterformat_t masterformat;
+ dns_stats_t *zoneqrystats;
+ isc_boolean_t zonestats_on;
+ int seconds;
+
+ i = 0;
+ if (zconfig != NULL) {
+ zoptions = cfg_tuple_get(zconfig, "options");
+ maps[i++] = zoptions;
+ }
+ if (vconfig != NULL)
+ maps[i++] = cfg_tuple_get(vconfig, "options");
+ if (config != NULL) {
+ (void)cfg_map_get(config, "options", &options);
+ if (options != NULL)
+ maps[i++] = options;
+ }
+ maps[i++] = ns_g_defaults;
+ maps[i++] = NULL;
+
+ if (vconfig != NULL)
+ RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),
+ dns_rdataclass_in, &vclass));
+ else
+ vclass = dns_rdataclass_in;
+
+ /*
+ * Configure values common to all zone types.
+ */
+
+ zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
+
+ RETERR(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
+ vclass, &zclass));
+ dns_zone_setclass(zone, zclass);
+
+ ztype = zonetype_fromconfig(zoptions);
+ dns_zone_settype(zone, ztype);
+
+ obj = NULL;
+ result = cfg_map_get(zoptions, "database", &obj);
+ if (result == ISC_R_SUCCESS)
+ cpval = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
+ else
+ cpval = default_dbtype;
+
+ if (cpval == NULL)
+ return(ISC_R_NOMEMORY);
+
+ result = strtoargv(mctx, cpval, &dbargc, &dbargv);
+ if (result != ISC_R_SUCCESS && cpval != default_dbtype) {
+ isc_mem_free(mctx, cpval);
+ return (result);
+ }
+
+ /*
+ * ANSI C is strange here. There is no logical reason why (char **)
+ * cannot be promoted automatically to (const char * const *) by the
+ * compiler w/o generating a warning.
+ */
+ result = dns_zone_setdbtype(zone, dbargc, (const char * const *)dbargv);
+ isc_mem_put(mctx, dbargv, dbargc * sizeof(*dbargv));
+ if (cpval != default_dbtype)
+ isc_mem_free(mctx, cpval);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ obj = NULL;
+ result = cfg_map_get(zoptions, "file", &obj);
+ if (result == ISC_R_SUCCESS)
+ filename = cfg_obj_asstring(obj);
+
+ masterformat = dns_masterformat_text;
+ obj = NULL;
+ result= ns_config_get(maps, "masterfile-format", &obj);
+ if (result == ISC_R_SUCCESS) {
+ const char *masterformatstr = cfg_obj_asstring(obj);
+
+ if (strcasecmp(masterformatstr, "text") == 0)
+ masterformat = dns_masterformat_text;
+ else if (strcasecmp(masterformatstr, "raw") == 0)
+ masterformat = dns_masterformat_raw;
+ else
+ INSIST(0);
+ }
+ RETERR(dns_zone_setfile2(zone, filename, masterformat));
+
+ obj = NULL;
+ result = cfg_map_get(zoptions, "journal", &obj);
+ if (result == ISC_R_SUCCESS)
+ RETERR(dns_zone_setjournal(zone, cfg_obj_asstring(obj)));
+
+ if (ztype == dns_zone_slave)
+ RETERR(configure_zone_acl(zconfig, vconfig, config,
+ allow_notify, ac, zone,
+ dns_zone_setnotifyacl,
+ dns_zone_clearnotifyacl));
+ /*
+ * XXXAG This probably does not make sense for stubs.
+ */
+ RETERR(configure_zone_acl(zconfig, vconfig, config,
+ allow_query, ac, zone,
+ dns_zone_setqueryacl,
+ dns_zone_clearqueryacl));
+
+ obj = NULL;
+ result = ns_config_get(maps, "dialup", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ if (cfg_obj_isboolean(obj)) {
+ if (cfg_obj_asboolean(obj))
+ dialup = dns_dialuptype_yes;
+ else
+ dialup = dns_dialuptype_no;
+ } else {
+ const char *dialupstr = cfg_obj_asstring(obj);
+ if (strcasecmp(dialupstr, "notify") == 0)
+ dialup = dns_dialuptype_notify;
+ else if (strcasecmp(dialupstr, "notify-passive") == 0)
+ dialup = dns_dialuptype_notifypassive;
+ else if (strcasecmp(dialupstr, "refresh") == 0)
+ dialup = dns_dialuptype_refresh;
+ else if (strcasecmp(dialupstr, "passive") == 0)
+ dialup = dns_dialuptype_passive;
+ else
+ INSIST(0);
+ }
+ dns_zone_setdialup(zone, dialup);
+
+ obj = NULL;
+ result = ns_config_get(maps, "zone-statistics", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ zonestats_on = cfg_obj_asboolean(obj);
+ zoneqrystats = NULL;
+ if (zonestats_on) {
+ RETERR(dns_generalstats_create(mctx, &zoneqrystats,
+ dns_nsstatscounter_max));
+ }
+ dns_zone_setrequeststats(zone, zoneqrystats);
+ if (zoneqrystats != NULL)
+ dns_stats_detach(&zoneqrystats);
+
+ /*
+ * Configure master functionality. This applies
+ * to primary masters (type "master") and slaves
+ * acting as masters (type "slave"), but not to stubs.
+ */
+ if (ztype != dns_zone_stub) {
+ obj = NULL;
+ result = ns_config_get(maps, "notify", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ if (cfg_obj_isboolean(obj)) {
+ if (cfg_obj_asboolean(obj))
+ notifytype = dns_notifytype_yes;
+ else
+ notifytype = dns_notifytype_no;
+ } else {
+ const char *notifystr = cfg_obj_asstring(obj);
+ if (strcasecmp(notifystr, "explicit") == 0)
+ notifytype = dns_notifytype_explicit;
+ else if (strcasecmp(notifystr, "master-only") == 0)
+ notifytype = dns_notifytype_masteronly;
+ else
+ INSIST(0);
+ }
+ dns_zone_setnotifytype(zone, notifytype);
+
+ obj = NULL;
+ result = ns_config_get(maps, "also-notify", &obj);
+ if (result == ISC_R_SUCCESS) {
+ isc_sockaddr_t *addrs = NULL;
+ isc_uint32_t addrcount;
+ result = ns_config_getiplist(config, obj, 0, mctx,
+ &addrs, &addrcount);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ result = dns_zone_setalsonotify(zone, addrs,
+ addrcount);
+ ns_config_putiplist(mctx, &addrs, addrcount);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ } else
+ RETERR(dns_zone_setalsonotify(zone, NULL, 0));
+
+ obj = NULL;
+ result = ns_config_get(maps, "notify-source", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "notify-source-v6", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "notify-to-soa", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,
+ cfg_obj_asboolean(obj));
+
+ dns_zone_setisself(zone, ns_client_isself, NULL);
+
+ RETERR(configure_zone_acl(zconfig, vconfig, config,
+ allow_transfer, ac, zone,
+ dns_zone_setxfracl,
+ dns_zone_clearxfracl));
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-transfer-time-out", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-transfer-idle-out", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-journal-size", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setjournalsize(zone, -1);
+ if (cfg_obj_isstring(obj)) {
+ const char *str = cfg_obj_asstring(obj);
+ INSIST(strcasecmp(str, "unlimited") == 0);
+ journal_size = ISC_UINT32_MAX / 2;
+ } else {
+ isc_resourcevalue_t value;
+ value = cfg_obj_asuint64(obj);
+ if (value > ISC_UINT32_MAX / 2) {
+ cfg_obj_log(obj, ns_g_lctx,
+ ISC_LOG_ERROR,
+ "'max-journal-size "
+ "%" ISC_PRINT_QUADFORMAT "d' "
+ "is too large",
+ value);
+ RETERR(ISC_R_RANGE);
+ }
+ journal_size = (isc_uint32_t)value;
+ }
+ dns_zone_setjournalsize(zone, journal_size);
+
+ obj = NULL;
+ result = ns_config_get(maps, "ixfr-from-differences", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ if (cfg_obj_isboolean(obj))
+ ixfrdiff = cfg_obj_asboolean(obj);
+ else if (strcasecmp(cfg_obj_asstring(obj), "master") &&
+ ztype == dns_zone_master)
+ ixfrdiff = ISC_TRUE;
+ else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&
+ ztype == dns_zone_slave)
+ ixfrdiff = ISC_TRUE;
+ else
+ ixfrdiff = ISC_FALSE;
+ dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff);
+
+ checknames(ztype, maps, &obj);
+ INSIST(obj != NULL);
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ fail = ISC_FALSE;
+ check = ISC_TRUE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ fail = check = ISC_TRUE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ fail = check = ISC_FALSE;
+ } else
+ INSIST(0);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, check);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, fail);
+
+ obj = NULL;
+ result = ns_config_get(maps, "notify-delay", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "check-sibling", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
+ cfg_obj_asboolean(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "nsec3-test-zone", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,
+ cfg_obj_asboolean(obj));
+ }
+
+ /*
+ * Configure update-related options. These apply to
+ * primary masters only.
+ */
+ if (ztype == dns_zone_master) {
+ dns_acl_t *updateacl;
+ RETERR(configure_zone_acl(zconfig, vconfig, config,
+ allow_update, ac, zone,
+ dns_zone_setupdateacl,
+ dns_zone_clearupdateacl));
+
+ updateacl = dns_zone_getupdateacl(zone);
+ if (updateacl != NULL && dns_acl_isinsecure(updateacl))
+ isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ "zone '%s' allows updates by IP "
+ "address, which is insecure",
+ zname);
+
+ RETERR(configure_zone_ssutable(zoptions, zone));
+
+ obj = NULL;
+ result = ns_config_get(maps, "sig-validity-interval", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ {
+ const cfg_obj_t *validity, *resign;
+
+ validity = cfg_tuple_get(obj, "validity");
+ seconds = cfg_obj_asuint32(validity) * 86400;
+ dns_zone_setsigvalidityinterval(zone, seconds);
+
+ resign = cfg_tuple_get(obj, "re-sign");
+ if (cfg_obj_isvoid(resign)) {
+ seconds /= 4;
+ } else {
+ if (seconds > 7 * 86400)
+ seconds = cfg_obj_asuint32(resign) *
+ 86400;
+ else
+ seconds = cfg_obj_asuint32(resign) *
+ 3600;
+ }
+ dns_zone_setsigresigninginterval(zone, seconds);
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "key-directory", &obj);
+ if (result == ISC_R_SUCCESS) {
+ filename = cfg_obj_asstring(obj);
+ if (!isc_file_isabsolute(filename)) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
+ "key-directory '%s' "
+ "is not absolute", filename);
+ return (ISC_R_FAILURE);
+ }
+ RETERR(dns_zone_setkeydirectory(zone, filename));
+ }
+
+ obj = NULL;
+ result = ns_config_get(maps, "sig-signing-signatures", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setsignatures(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "sig-signing-nodes", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setnodes(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "sig-signing-type", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "update-check-ksk", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
+ cfg_obj_asboolean(obj));
+
+ } else if (ztype == dns_zone_slave) {
+ RETERR(configure_zone_acl(zconfig, vconfig, config,
+ allow_update_forwarding, ac, zone,
+ dns_zone_setforwardacl,
+ dns_zone_clearforwardacl));
+ }
+
+
+ /*%
+ * Primary master functionality.
+ */
+ if (ztype == dns_zone_master) {
+ obj = NULL;
+ result = ns_config_get(maps, "check-wildcard", &obj);
+ if (result == ISC_R_SUCCESS)
+ check = cfg_obj_asboolean(obj);
+ else
+ check = ISC_FALSE;
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check);
+
+ obj = NULL;
+ result = ns_config_get(maps, "check-mx", &obj);
+ INSIST(obj != NULL);
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ fail = ISC_FALSE;
+ check = ISC_TRUE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ fail = check = ISC_TRUE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ fail = check = ISC_FALSE;
+ } else
+ INSIST(0);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMX, check);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail);
+
+ obj = NULL;
+ result = ns_config_get(maps, "check-integrity", &obj);
+ INSIST(obj != NULL);
+ dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
+ cfg_obj_asboolean(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "check-mx-cname", &obj);
+ INSIST(obj != NULL);
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ warn = ISC_TRUE;
+ ignore = ISC_FALSE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ warn = ignore = ISC_FALSE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ warn = ignore = ISC_TRUE;
+ } else
+ INSIST(0);
+ dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn);
+ dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
+
+ obj = NULL;
+ result = ns_config_get(maps, "check-srv-cname", &obj);
+ INSIST(obj != NULL);
+ if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+ warn = ISC_TRUE;
+ ignore = ISC_FALSE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+ warn = ignore = ISC_FALSE;
+ } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+ warn = ignore = ISC_TRUE;
+ } else
+ INSIST(0);
+ dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn);
+ dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore);
+ }
+
+ /*
+ * Configure slave functionality.
+ */
+ switch (ztype) {
+ case dns_zone_slave:
+ case dns_zone_stub:
+ count = 0;
+ obj = NULL;
+ result = cfg_map_get(zoptions, "masters", &obj);
+ if (obj != NULL) {
+ addrs = NULL;
+ keynames = NULL;
+ RETERR(ns_config_getipandkeylist(config, obj, mctx,
+ &addrs, &keynames,
+ &count));
+ result = dns_zone_setmasterswithkeys(zone, addrs,
+ keynames, count);
+ ns_config_putipandkeylist(mctx, &addrs, &keynames,
+ count);
+ } else
+ result = dns_zone_setmasters(zone, NULL, 0);
+ RETERR(result);
+
+ multi = ISC_FALSE;
+ if (count > 1) {
+ obj = NULL;
+ result = ns_config_get(maps, "multi-master", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ multi = cfg_obj_asboolean(obj);
+ }
+ dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-transfer-time-in", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-transfer-idle-in", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-refresh-time", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "min-refresh-time", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "max-retry-time", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "min-retry-time", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "transfer-source", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "transfer-source-v6", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
+ ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
+
+ obj = NULL;
+ result = ns_config_get(maps, "alt-transfer-source", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
+
+ obj = NULL;
+ result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
+
+ obj = NULL;
+ (void)ns_config_get(maps, "use-alt-transfer-source", &obj);
+ if (obj == NULL) {
+ /*
+ * Default off when views are in use otherwise
+ * on for BIND 8 compatibility.
+ */
+ view = dns_zone_getview(zone);
+ if (view != NULL && strcmp(view->name, "_default") == 0)
+ alt = ISC_TRUE;
+ else
+ alt = ISC_FALSE;
+ } else
+ alt = cfg_obj_asboolean(obj);
+ dns_zone_setoption(zone, DNS_ZONEOPT_USEALTXFRSRC, alt);
+
+ obj = NULL;
+ (void)ns_config_get(maps, "try-tcp-refresh", &obj);
+ dns_zone_setoption(zone, DNS_ZONEOPT_TRYTCPREFRESH,
+ cfg_obj_asboolean(obj));
+ break;
+
+ default:
+ break;
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+isc_boolean_t
+ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
+ const cfg_obj_t *zoptions = NULL;
+ const cfg_obj_t *obj = NULL;
+ const char *cfilename;
+ const char *zfilename;
+
+ zoptions = cfg_tuple_get(zconfig, "options");
+
+ if (zonetype_fromconfig(zoptions) != dns_zone_gettype(zone))
+ return (ISC_FALSE);
+
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "file", &obj);
+ if (obj != NULL)
+ cfilename = cfg_obj_asstring(obj);
+ else
+ cfilename = NULL;
+ zfilename = dns_zone_getfile(zone);
+ if (!((cfilename == NULL && zfilename == NULL) ||
+ (cfilename != NULL && zfilename != NULL &&
+ strcmp(cfilename, zfilename) == 0)))
+ return (ISC_FALSE);
+
+ return (ISC_TRUE);
+}
diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in
new file mode 100644
index 0000000..6d65697
--- /dev/null
+++ b/bin/nsupdate/Makefile.in
@@ -0,0 +1,83 @@
+# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.29 2008/08/29 23:47:22 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISC_INCLUDES} @DST_GSSAPI_INC@
+
+CDEFINES = @USE_GSSAPI@
+CWARNINGS =
+
+LWRESLIBS = ../../lib/lwres/liblwres.@A@
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+
+LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS}
+
+LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} ${ISCCFGLIBS} @LIBS@
+
+SUBDIRS =
+
+TARGETS = nsupdate@EXEEXT@
+
+OBJS = nsupdate.@O@
+
+UOBJS =
+
+SRCS = nsupdate.c
+
+MANPAGES = nsupdate.1
+
+HTMLPAGES = nsupdate.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+nsupdate@EXEEXT@: nsupdate.@O@ ${UOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nsupdate.@O@ ${UOBJS} ${LIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+clean distclean::
+ rm -f ${TARGETS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+
+install:: nsupdate@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsupdate@EXEEXT@ ${DESTDIR}${bindir}
+ ${INSTALL_DATA} ${srcdir}/nsupdate.1 ${DESTDIR}${mandir}/man1
diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
new file mode 100644
index 0000000..19f2889
--- /dev/null
+++ b/bin/nsupdate/nsupdate.1
@@ -0,0 +1,377 @@
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: nsupdate.1,v 1.3 2008/09/25 04:45:04 tbox Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: nsupdate
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+nsupdate \- Dynamic DNS update utility
+.SH "SYNOPSIS"
+.HP 9
+\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
+.SH "DESCRIPTION"
+.PP
+\fBnsupdate\fR
+is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
+.PP
+Zones that are under dynamic control via
+\fBnsupdate\fR
+or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost.
+.PP
+The resource records that are dynamically added or removed with
+\fBnsupdate\fR
+have to be in the same zone. Requests are sent to the zone's master server. This is identified by the MNAME field of the zone's SOA record.
+.PP
+The
+\fB\-d\fR
+option makes
+\fBnsupdate\fR
+operate in debug mode. This provides tracing information about the update requests that are made and the replies received from the name server.
+.PP
+The
+\fB\-D\fR
+option makes
+\fBnsupdate\fR
+report additional debugging information to
+\fB\-d\fR.
+.PP
+Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to
+\fBnsupdate\fR
+and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable
+\fBkey\fR
+and
+\fBserver\fR
+statements would be added to
+\fI/etc/named.conf\fR
+so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server.
+\fBnsupdate\fR
+does not read
+\fI/etc/named.conf\fR.
+.PP
+\fBnsupdate\fR
+uses the
+\fB\-y\fR
+or
+\fB\-k\fR
+option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests, default type HMAC\-MD5. These options are mutually exclusive. With the
+\fB\-k\fR
+option,
+\fBnsupdate\fR
+reads the shared secret from the file
+\fIkeyfile\fR, whose name is of the form
+\fIK{name}.+157.+{random}.private\fR. For historical reasons, the file
+\fIK{name}.+157.+{random}.key\fR
+must also be present. When the
+\fB\-y\fR
+option is used, a signature is generated from
+[\fIhmac:\fR]\fIkeyname:secret.\fR
+\fIkeyname\fR
+is the name of the key, and
+\fIsecret\fR
+is the base64 encoded shared secret. Use of the
+\fB\-y\fR
+option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
+\fBps\fR(1)
+or in a history file maintained by the user's shell.
+.PP
+The
+\fB\-k\fR
+may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key.
+.PP
+By default
+\fBnsupdate\fR
+uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The
+\fB\-v\fR
+option makes
+\fBnsupdate\fR
+use a TCP connection. This may be preferable when a batch of update requests is made.
+.PP
+The
+\fB\-t\fR
+option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout.
+.PP
+The
+\fB\-u\fR
+option sets the UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries.
+.PP
+The
+\fB\-r\fR
+option sets the number of UDP retries. The default is 3. If zero, only one update request will be made.
+.PP
+The
+\fB\-R \fR\fB\fIrandomdev\fR\fR
+option specifies a source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used. This option may be specified multiple times.
+.SH "INPUT FORMAT"
+.PP
+\fBnsupdate\fR
+reads input from
+\fIfilename\fR
+or standard input. Each command is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail.
+.PP
+Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the
+\fBsend\fR
+command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
+.PP
+The command formats and their meaning are as follows:
+.PP
+\fBserver\fR {servername} [port]
+.RS 4
+Sends all dynamic update requests to the name server
+\fIservername\fR. When no server statement is provided,
+\fBnsupdate\fR
+will send updates to the master server of the correct zone. The MNAME field of that zone's SOA record will identify the master server for that zone.
+\fIport\fR
+is the port number on
+\fIservername\fR
+where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
+.RE
+.PP
+\fBlocal\fR {address} [port]
+.RS 4
+Sends all dynamic update requests using the local
+\fIaddress\fR. When no local statement is provided,
+\fBnsupdate\fR
+will send updates using an address and port chosen by the system.
+\fIport\fR
+can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
+.RE
+.PP
+\fBzone\fR {zonename}
+.RS 4
+Specifies that all updates are to be made to the zone
+\fIzonename\fR. If no
+\fIzone\fR
+statement is provided,
+\fBnsupdate\fR
+will attempt determine the correct zone to update based on the rest of the input.
+.RE
+.PP
+\fBclass\fR {classname}
+.RS 4
+Specify the default class. If no
+\fIclass\fR
+is specified, the default class is
+\fIIN\fR.
+.RE
+.PP
+\fBttl\fR {seconds}
+.RS 4
+Specify the default time to live for records to be added. The value
+\fInone\fR
+will clear the default ttl.
+.RE
+.PP
+\fBkey\fR {name} {secret}
+.RS 4
+Specifies that all updates are to be TSIG\-signed using the
+\fIkeyname\fR
+\fIkeysecret\fR
+pair. The
+\fBkey\fR
+command overrides any key specified on the command line via
+\fB\-y\fR
+or
+\fB\-k\fR.
+.RE
+.PP
+\fBprereq nxdomain\fR {domain\-name}
+.RS 4
+Requires that no resource record of any type exists with name
+\fIdomain\-name\fR.
+.RE
+.PP
+\fBprereq yxdomain\fR {domain\-name}
+.RS 4
+Requires that
+\fIdomain\-name\fR
+exists (has as at least one resource record, of any type).
+.RE
+.PP
+\fBprereq nxrrset\fR {domain\-name} [class] {type}
+.RS 4
+Requires that no resource record exists of the specified
+\fItype\fR,
+\fIclass\fR
+and
+\fIdomain\-name\fR. If
+\fIclass\fR
+is omitted, IN (internet) is assumed.
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type}
+.RS 4
+This requires that a resource record of the specified
+\fItype\fR,
+\fIclass\fR
+and
+\fIdomain\-name\fR
+must exist. If
+\fIclass\fR
+is omitted, IN (internet) is assumed.
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+.RS 4
+The
+\fIdata\fR
+from each set of prerequisites of this form sharing a common
+\fItype\fR,
+\fIclass\fR, and
+\fIdomain\-name\fR
+are combined to form a set of RRs. This set of RRs must exactly match the set of RRs existing in the zone at the given
+\fItype\fR,
+\fIclass\fR, and
+\fIdomain\-name\fR. The
+\fIdata\fR
+are written in the standard text representation of the resource record's RDATA.
+.RE
+.PP
+\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+.RS 4
+Deletes any resource records named
+\fIdomain\-name\fR. If
+\fItype\fR
+and
+\fIdata\fR
+is provided, only matching resource records will be removed. The internet class is assumed if
+\fIclass\fR
+is not supplied. The
+\fIttl\fR
+is ignored, and is only allowed for compatibility.
+.RE
+.PP
+\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+.RS 4
+Adds a new resource record with the specified
+\fIttl\fR,
+\fIclass\fR
+and
+\fIdata\fR.
+.RE
+.PP
+\fBshow\fR
+.RS 4
+Displays the current message, containing all of the prerequisites and updates specified since the last send.
+.RE
+.PP
+\fBsend\fR
+.RS 4
+Sends the current message. This is equivalent to entering a blank line.
+.RE
+.PP
+\fBanswer\fR
+.RS 4
+Displays the answer.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+Turn on debugging.
+.RE
+.PP
+Lines beginning with a semicolon are comments and are ignored.
+.SH "EXAMPLES"
+.PP
+The examples below show how
+\fBnsupdate\fR
+could be used to insert and delete resource records from the
+\fBexample.com\fR
+zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
+\fBexample.com\fR.
+.sp
+.RS 4
+.nf
+# nsupdate
+> update delete oldhost.example.com A
+> update add newhost.example.com 86400 A 172.16.1.1
+> send
+.fi
+.RE
+.sp
+.PP
+Any A records for
+\fBoldhost.example.com\fR
+are deleted. And an A record for
+\fBnewhost.example.com\fR
+with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds).
+.sp
+.RS 4
+.nf
+# nsupdate
+> prereq nxdomain nickname.example.com
+> update add nickname.example.com 86400 CNAME somehost.example.com
+> send
+.fi
+.RE
+.sp
+.PP
+The prerequisite condition gets the name server to check that there are no resource records of any type for
+\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.)
+.SH "FILES"
+.PP
+\fB/etc/resolv.conf\fR
+.RS 4
+used to identify default name server
+.RE
+.PP
+\fBK{name}.+157.+{random}.key\fR
+.RS 4
+base\-64 encoding of HMAC\-MD5 key created by
+\fBdnssec\-keygen\fR(8).
+.RE
+.PP
+\fBK{name}.+157.+{random}.private\fR
+.RS 4
+base\-64 encoding of HMAC\-MD5 key created by
+\fBdnssec\-keygen\fR(8).
+.RE
+.SH "SEE ALSO"
+.PP
+\fBRFC2136\fR(),
+\fBRFC3007\fR(),
+\fBRFC2104\fR(),
+\fBRFC2845\fR(),
+\fBRFC1034\fR(),
+\fBRFC2535\fR(),
+\fBRFC2931\fR(),
+\fBnamed\fR(8),
+\fBdnssec\-keygen\fR(8).
+.SH "BUGS"
+.PP
+The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
new file mode 100644
index 0000000..0987638
--- /dev/null
+++ b/bin/nsupdate/nsupdate.c
@@ -0,0 +1,2724 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: nsupdate.c,v 1.163 2008/09/25 04:02:38 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/event.h>
+#include <isc/hash.h>
+#include <isc/lex.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/parseint.h>
+#include <isc/random.h>
+#include <isc/region.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/callbacks.h>
+#include <dns/dispatch.h>
+#include <dns/dnssec.h>
+#include <dns/events.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/masterdump.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rcode.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/request.h>
+#include <dns/result.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+
+#include <dst/dst.h>
+
+#include <lwres/lwres.h>
+#include <lwres/net.h>
+
+#ifdef GSSAPI
+#include <dst/gssapi.h>
+#endif
+#include <bind9/getaddresses.h>
+
+
+#ifdef HAVE_ADDRINFO
+#ifdef HAVE_GETADDRINFO
+#ifdef HAVE_GAISTRERROR
+#define USE_GETADDRINFO
+#endif
+#endif
+#endif
+
+#ifndef USE_GETADDRINFO
+#ifndef ISC_PLATFORM_NONSTDHERRNO
+extern int h_errno;
+#endif
+#endif
+
+#define MAXCMD (4 * 1024)
+#define MAXWIRE (64 * 1024)
+#define PACKETSIZE ((64 * 1024) - 1)
+#define INITTEXT (2 * 1024)
+#define MAXTEXT (128 * 1024)
+#define FIND_TIMEOUT 5
+#define TTL_MAX 2147483647U /* Maximum signed 32 bit integer. */
+
+#define DNSDEFAULTPORT 53
+
+#ifndef RESOLV_CONF
+#define RESOLV_CONF "/etc/resolv.conf"
+#endif
+
+static isc_boolean_t debugging = ISC_FALSE, ddebugging = ISC_FALSE;
+static isc_boolean_t memdebugging = ISC_FALSE;
+static isc_boolean_t have_ipv4 = ISC_FALSE;
+static isc_boolean_t have_ipv6 = ISC_FALSE;
+static isc_boolean_t is_dst_up = ISC_FALSE;
+static isc_boolean_t usevc = ISC_FALSE;
+static isc_boolean_t usegsstsig = ISC_FALSE;
+static isc_boolean_t use_win2k_gsstsig = ISC_FALSE;
+static isc_boolean_t tried_other_gsstsig = ISC_FALSE;
+static isc_taskmgr_t *taskmgr = NULL;
+static isc_task_t *global_task = NULL;
+static isc_event_t *global_event = NULL;
+static isc_log_t *lctx = NULL;
+static isc_mem_t *mctx = NULL;
+static dns_dispatchmgr_t *dispatchmgr = NULL;
+static dns_requestmgr_t *requestmgr = NULL;
+static isc_socketmgr_t *socketmgr = NULL;
+static isc_timermgr_t *timermgr = NULL;
+static dns_dispatch_t *dispatchv4 = NULL;
+static dns_dispatch_t *dispatchv6 = NULL;
+static dns_message_t *updatemsg = NULL;
+static dns_fixedname_t fuserzone;
+static dns_name_t *userzone = NULL;
+static dns_name_t *zonename = NULL;
+static dns_name_t tmpzonename;
+static dns_name_t restart_master;
+static dns_tsig_keyring_t *gssring = NULL;
+static dns_tsigkey_t *tsigkey = NULL;
+static dst_key_t *sig0key;
+static lwres_context_t *lwctx = NULL;
+static lwres_conf_t *lwconf;
+static isc_sockaddr_t *servers;
+static int ns_inuse = 0;
+static int ns_total = 0;
+static isc_sockaddr_t *userserver = NULL;
+static isc_sockaddr_t *localaddr = NULL;
+static isc_sockaddr_t *serveraddr = NULL;
+static isc_sockaddr_t tempaddr;
+static char *keystr = NULL, *keyfile = NULL;
+static isc_entropy_t *entropy = NULL;
+static isc_boolean_t shuttingdown = ISC_FALSE;
+static FILE *input;
+static isc_boolean_t interactive = ISC_TRUE;
+static isc_boolean_t seenerror = ISC_FALSE;
+static const dns_master_style_t *style;
+static int requests = 0;
+static unsigned int logdebuglevel = 0;
+static unsigned int timeout = 300;
+static unsigned int udp_timeout = 3;
+static unsigned int udp_retries = 3;
+static dns_rdataclass_t defaultclass = dns_rdataclass_in;
+static dns_rdataclass_t zoneclass = dns_rdataclass_none;
+static dns_message_t *answer = NULL;
+static isc_uint32_t default_ttl = 0;
+static isc_boolean_t default_ttl_set = ISC_FALSE;
+
+typedef struct nsu_requestinfo {
+ dns_message_t *msg;
+ isc_sockaddr_t *addr;
+} nsu_requestinfo_t;
+
+static void
+sendrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
+ dns_message_t *msg, dns_request_t **request);
+static void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+static void
+debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+static void
+ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+#ifdef GSSAPI
+static dns_fixedname_t fkname;
+static isc_sockaddr_t *kserver = NULL;
+static char servicename[DNS_NAME_FORMATSIZE];
+static dns_name_t *keyname;
+typedef struct nsu_gssinfo {
+ dns_message_t *msg;
+ isc_sockaddr_t *addr;
+ gss_ctx_id_t context;
+} nsu_gssinfo_t;
+
+static void
+start_gssrequest(dns_name_t *master);
+static void
+send_gssrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
+ dns_message_t *msg, dns_request_t **request,
+ gss_ctx_id_t context);
+static void
+recvgss(isc_task_t *task, isc_event_t *event);
+#endif /* GSSAPI */
+
+static void
+error(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+#define STATUS_MORE (isc_uint16_t)0
+#define STATUS_SEND (isc_uint16_t)1
+#define STATUS_QUIT (isc_uint16_t)2
+#define STATUS_SYNTAX (isc_uint16_t)3
+
+typedef struct entropysource entropysource_t;
+
+struct entropysource {
+ isc_entropysource_t *source;
+ isc_mem_t *mctx;
+ ISC_LINK(entropysource_t) link;
+};
+
+static ISC_LIST(entropysource_t) sources;
+
+static void
+setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx)
+{
+ isc_result_t result;
+ isc_entropysource_t *source = NULL;
+ entropysource_t *elt;
+ int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
+
+ REQUIRE(ectx != NULL);
+
+ if (*ectx == NULL) {
+ result = isc_entropy_create(mctx, ectx);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not create entropy object");
+ ISC_LIST_INIT(sources);
+ }
+
+ if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
+ usekeyboard = ISC_ENTROPY_KEYBOARDYES;
+ randomfile = NULL;
+ }
+
+ result = isc_entropy_usebestsource(*ectx, &source, randomfile,
+ usekeyboard);
+
+ if (result != ISC_R_SUCCESS)
+ fatal("could not initialize entropy source: %s",
+ isc_result_totext(result));
+
+ if (source != NULL) {
+ elt = isc_mem_get(mctx, sizeof(*elt));
+ if (elt == NULL)
+ fatal("out of memory");
+ elt->source = source;
+ elt->mctx = mctx;
+ ISC_LINK_INIT(elt, link);
+ ISC_LIST_APPEND(sources, elt, link);
+ }
+}
+
+static void
+cleanup_entropy(isc_entropy_t **ectx) {
+ entropysource_t *source;
+ while (!ISC_LIST_EMPTY(sources)) {
+ source = ISC_LIST_HEAD(sources);
+ ISC_LIST_UNLINK(sources, source, link);
+ isc_entropy_destroysource(&source->source);
+ isc_mem_put(source->mctx, source, sizeof(*source));
+ }
+ isc_entropy_detach(ectx);
+}
+
+
+static dns_rdataclass_t
+getzoneclass(void) {
+ if (zoneclass == dns_rdataclass_none)
+ zoneclass = defaultclass;
+ return (zoneclass);
+}
+
+static isc_boolean_t
+setzoneclass(dns_rdataclass_t rdclass) {
+ if (zoneclass == dns_rdataclass_none ||
+ rdclass == dns_rdataclass_none)
+ zoneclass = rdclass;
+ if (zoneclass != rdclass)
+ return (ISC_FALSE);
+ return (ISC_TRUE);
+}
+
+static void
+fatal(const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ exit(1);
+}
+
+static void
+error(const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+}
+
+static void
+debug(const char *format, ...) {
+ va_list args;
+
+ if (debugging) {
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ }
+}
+
+static void
+ddebug(const char *format, ...) {
+ va_list args;
+
+ if (ddebugging) {
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ }
+}
+
+static inline void
+check_result(isc_result_t result, const char *msg) {
+ if (result != ISC_R_SUCCESS)
+ fatal("%s: %s", msg, isc_result_totext(result));
+}
+
+static void *
+mem_alloc(void *arg, size_t size) {
+ return (isc_mem_get(arg, size));
+}
+
+static void
+mem_free(void *arg, void *mem, size_t size) {
+ isc_mem_put(arg, mem, size);
+}
+
+static char *
+nsu_strsep(char **stringp, const char *delim) {
+ char *string = *stringp;
+ char *s;
+ const char *d;
+ char sc, dc;
+
+ if (string == NULL)
+ return (NULL);
+
+ for (; *string != '\0'; string++) {
+ sc = *string;
+ for (d = delim; (dc = *d) != '\0'; d++) {
+ if (sc == dc)
+ break;
+ }
+ if (dc == 0)
+ break;
+ }
+
+ for (s = string; *s != '\0'; s++) {
+ sc = *s;
+ for (d = delim; (dc = *d) != '\0'; d++) {
+ if (sc == dc) {
+ *s++ = '\0';
+ *stringp = s;
+ return (string);
+ }
+ }
+ }
+ *stringp = NULL;
+ return (string);
+}
+
+static void
+reset_system(void) {
+ isc_result_t result;
+
+ ddebug("reset_system()");
+ /* If the update message is still around, destroy it */
+ if (updatemsg != NULL)
+ dns_message_reset(updatemsg, DNS_MESSAGE_INTENTRENDER);
+ else {
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
+ &updatemsg);
+ check_result(result, "dns_message_create");
+ }
+ updatemsg->opcode = dns_opcode_update;
+ if (usegsstsig) {
+ if (tsigkey != NULL)
+ dns_tsigkey_detach(&tsigkey);
+ if (gssring != NULL)
+ dns_tsigkeyring_destroy(&gssring);
+ tried_other_gsstsig = ISC_FALSE;
+ }
+}
+
+static isc_uint16_t
+parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len) {
+ isc_uint16_t digestbits = 0;
+ isc_result_t result;
+ char buf[20];
+
+ REQUIRE(hmac != NULL && *hmac == NULL);
+ REQUIRE(hmacstr != NULL);
+
+ if (len >= sizeof(buf))
+ fatal("unknown key type '%.*s'", (int)(len), hmacstr);
+
+ strncpy(buf, hmacstr, len);
+ buf[len] = 0;
+
+ if (strcasecmp(buf, "hmac-md5") == 0) {
+ *hmac = DNS_TSIG_HMACMD5_NAME;
+ } else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
+ *hmac = DNS_TSIG_HMACMD5_NAME;
+ result = isc_parse_uint16(&digestbits, &buf[9], 10);
+ if (result != ISC_R_SUCCESS || digestbits > 128)
+ fatal("digest-bits out of range [0..128]");
+ digestbits = (digestbits +7) & ~0x7U;
+ } else if (strcasecmp(buf, "hmac-sha1") == 0) {
+ *hmac = DNS_TSIG_HMACSHA1_NAME;
+ } else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) {
+ *hmac = DNS_TSIG_HMACSHA1_NAME;
+ result = isc_parse_uint16(&digestbits, &buf[10], 10);
+ if (result != ISC_R_SUCCESS || digestbits > 160)
+ fatal("digest-bits out of range [0..160]");
+ digestbits = (digestbits +7) & ~0x7U;
+ } else if (strcasecmp(buf, "hmac-sha224") == 0) {
+ *hmac = DNS_TSIG_HMACSHA224_NAME;
+ } else if (strncasecmp(buf, "hmac-sha224-", 12) == 0) {
+ *hmac = DNS_TSIG_HMACSHA224_NAME;
+ result = isc_parse_uint16(&digestbits, &buf[12], 10);
+ if (result != ISC_R_SUCCESS || digestbits > 224)
+ fatal("digest-bits out of range [0..224]");
+ digestbits = (digestbits +7) & ~0x7U;
+ } else if (strcasecmp(buf, "hmac-sha256") == 0) {
+ *hmac = DNS_TSIG_HMACSHA256_NAME;
+ } else if (strncasecmp(buf, "hmac-sha256-", 12) == 0) {
+ *hmac = DNS_TSIG_HMACSHA256_NAME;
+ result = isc_parse_uint16(&digestbits, &buf[12], 10);
+ if (result != ISC_R_SUCCESS || digestbits > 256)
+ fatal("digest-bits out of range [0..256]");
+ digestbits = (digestbits +7) & ~0x7U;
+ } else if (strcasecmp(buf, "hmac-sha384") == 0) {
+ *hmac = DNS_TSIG_HMACSHA384_NAME;
+ } else if (strncasecmp(buf, "hmac-sha384-", 12) == 0) {
+ *hmac = DNS_TSIG_HMACSHA384_NAME;
+ result = isc_parse_uint16(&digestbits, &buf[12], 10);
+ if (result != ISC_R_SUCCESS || digestbits > 384)
+ fatal("digest-bits out of range [0..384]");
+ digestbits = (digestbits +7) & ~0x7U;
+ } else if (strcasecmp(buf, "hmac-sha512") == 0) {
+ *hmac = DNS_TSIG_HMACSHA512_NAME;
+ } else if (strncasecmp(buf, "hmac-sha512-", 12) == 0) {
+ *hmac = DNS_TSIG_HMACSHA512_NAME;
+ result = isc_parse_uint16(&digestbits, &buf[12], 10);
+ if (result != ISC_R_SUCCESS || digestbits > 512)
+ fatal("digest-bits out of range [0..512]");
+ digestbits = (digestbits +7) & ~0x7U;
+ } else
+ fatal("unknown key type '%s'", buf);
+ return (digestbits);
+}
+
+static void
+setup_keystr(void) {
+ unsigned char *secret = NULL;
+ int secretlen;
+ isc_buffer_t secretbuf;
+ isc_result_t result;
+ isc_buffer_t keynamesrc;
+ char *secretstr;
+ char *s, *n;
+ dns_fixedname_t fkeyname;
+ dns_name_t *keyname;
+ char *name;
+ dns_name_t *hmacname = NULL;
+ isc_uint16_t digestbits = 0;
+
+ dns_fixedname_init(&fkeyname);
+ keyname = dns_fixedname_name(&fkeyname);
+
+ debug("Creating key...");
+
+ s = strchr(keystr, ':');
+ if (s == NULL || s == keystr || s[1] == 0)
+ fatal("key option must specify [hmac:]keyname:secret");
+ secretstr = s + 1;
+ n = strchr(secretstr, ':');
+ if (n != NULL) {
+ if (n == secretstr || n[1] == 0)
+ fatal("key option must specify [hmac:]keyname:secret");
+ name = secretstr;
+ secretstr = n + 1;
+ digestbits = parse_hmac(&hmacname, keystr, s - keystr);
+ } else {
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ name = keystr;
+ n = s;
+ }
+
+ isc_buffer_init(&keynamesrc, name, n - name);
+ isc_buffer_add(&keynamesrc, n - name);
+
+ debug("namefromtext");
+ result = dns_name_fromtext(keyname, &keynamesrc, dns_rootname,
+ ISC_FALSE, NULL);
+ check_result(result, "dns_name_fromtext");
+
+ secretlen = strlen(secretstr) * 3 / 4;
+ secret = isc_mem_allocate(mctx, secretlen);
+ if (secret == NULL)
+ fatal("out of memory");
+
+ isc_buffer_init(&secretbuf, secret, secretlen);
+ result = isc_base64_decodestring(secretstr, &secretbuf);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not create key from %s: %s\n",
+ keystr, isc_result_totext(result));
+ goto failure;
+ }
+
+ secretlen = isc_buffer_usedlength(&secretbuf);
+
+ debug("keycreate");
+ result = dns_tsigkey_create(keyname, hmacname, secret, secretlen,
+ ISC_TRUE, NULL, 0, 0, mctx, NULL, &tsigkey);
+ if (result != ISC_R_SUCCESS)
+ fprintf(stderr, "could not create key from %s: %s\n",
+ keystr, dns_result_totext(result));
+ else
+ dst_key_setbits(tsigkey->key, digestbits);
+ failure:
+ if (secret != NULL)
+ isc_mem_free(mctx, secret);
+}
+
+static void
+setup_keyfile(void) {
+ dst_key_t *dstkey = NULL;
+ isc_result_t result;
+ dns_name_t *hmacname = NULL;
+
+ debug("Creating key...");
+
+ result = dst_key_fromnamedfile(keyfile,
+ DST_TYPE_PRIVATE | DST_TYPE_KEY, mctx,
+ &dstkey);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not read key from %s: %s\n",
+ keyfile, isc_result_totext(result));
+ return;
+ }
+ switch (dst_key_alg(dstkey)) {
+ case DST_ALG_HMACMD5:
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ break;
+ case DST_ALG_HMACSHA1:
+ hmacname = DNS_TSIG_HMACSHA1_NAME;
+ break;
+ case DST_ALG_HMACSHA224:
+ hmacname = DNS_TSIG_HMACSHA224_NAME;
+ break;
+ case DST_ALG_HMACSHA256:
+ hmacname = DNS_TSIG_HMACSHA256_NAME;
+ break;
+ case DST_ALG_HMACSHA384:
+ hmacname = DNS_TSIG_HMACSHA384_NAME;
+ break;
+ case DST_ALG_HMACSHA512:
+ hmacname = DNS_TSIG_HMACSHA512_NAME;
+ break;
+ }
+ if (hmacname != NULL) {
+ result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
+ hmacname, dstkey, ISC_FALSE,
+ NULL, 0, 0, mctx, NULL,
+ &tsigkey);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not create key from %s: %s\n",
+ keyfile, isc_result_totext(result));
+ dst_key_free(&dstkey);
+ return;
+ }
+ } else
+ sig0key = dstkey;
+}
+
+static void
+doshutdown(void) {
+ isc_task_detach(&global_task);
+
+ if (userserver != NULL)
+ isc_mem_put(mctx, userserver, sizeof(isc_sockaddr_t));
+
+ if (localaddr != NULL)
+ isc_mem_put(mctx, localaddr, sizeof(isc_sockaddr_t));
+
+ if (tsigkey != NULL) {
+ ddebug("Freeing TSIG key");
+ dns_tsigkey_detach(&tsigkey);
+ }
+
+ if (sig0key != NULL) {
+ ddebug("Freeing SIG(0) key");
+ dst_key_free(&sig0key);
+ }
+
+ if (updatemsg != NULL)
+ dns_message_destroy(&updatemsg);
+
+ if (is_dst_up) {
+ ddebug("Destroy DST lib");
+ dst_lib_destroy();
+ is_dst_up = ISC_FALSE;
+ }
+
+ cleanup_entropy(&entropy);
+
+ lwres_conf_clear(lwctx);
+ lwres_context_destroy(&lwctx);
+
+ isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t));
+
+ ddebug("Destroying request manager");
+ dns_requestmgr_detach(&requestmgr);
+
+ ddebug("Freeing the dispatchers");
+ if (have_ipv4)
+ dns_dispatch_detach(&dispatchv4);
+ if (have_ipv6)
+ dns_dispatch_detach(&dispatchv6);
+
+ ddebug("Shutting down dispatch manager");
+ dns_dispatchmgr_destroy(&dispatchmgr);
+
+}
+
+static void
+maybeshutdown(void) {
+ ddebug("Shutting down request manager");
+ dns_requestmgr_shutdown(requestmgr);
+
+ if (requests != 0)
+ return;
+
+ doshutdown();
+}
+
+static void
+shutdown_program(isc_task_t *task, isc_event_t *event) {
+ REQUIRE(task == global_task);
+ UNUSED(task);
+
+ ddebug("shutdown_program()");
+ isc_event_free(&event);
+
+ shuttingdown = ISC_TRUE;
+ maybeshutdown();
+}
+
+static void
+setup_system(void) {
+ isc_result_t result;
+ isc_sockaddr_t bind_any, bind_any6;
+ lwres_result_t lwresult;
+ unsigned int attrs, attrmask;
+ int i;
+ isc_logconfig_t *logconfig = NULL;
+
+ ddebug("setup_system()");
+
+ dns_result_register();
+
+ result = isc_net_probeipv4();
+ if (result == ISC_R_SUCCESS)
+ have_ipv4 = ISC_TRUE;
+
+ result = isc_net_probeipv6();
+ if (result == ISC_R_SUCCESS)
+ have_ipv6 = ISC_TRUE;
+
+ if (!have_ipv4 && !have_ipv6)
+ fatal("could not find either IPv4 or IPv6");
+
+ result = isc_log_create(mctx, &lctx, &logconfig);
+ check_result(result, "isc_log_create");
+
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+
+ result = isc_log_usechannel(logconfig, "default_debug", NULL, NULL);
+ check_result(result, "isc_log_usechannel");
+
+ isc_log_setdebuglevel(lctx, logdebuglevel);
+
+ lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free, 1);
+ if (lwresult != LWRES_R_SUCCESS)
+ fatal("lwres_context_create failed");
+
+ (void)lwres_conf_parse(lwctx, RESOLV_CONF);
+ lwconf = lwres_conf_get(lwctx);
+
+ ns_total = lwconf->nsnext;
+ if (ns_total <= 0) {
+ /* No name servers in resolv.conf; default to loopback. */
+ struct in_addr localhost;
+ ns_total = 1;
+ servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t));
+ if (servers == NULL)
+ fatal("out of memory");
+ localhost.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&servers[0], &localhost, DNSDEFAULTPORT);
+ } else {
+ servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t));
+ if (servers == NULL)
+ fatal("out of memory");
+ for (i = 0; i < ns_total; i++) {
+ if (lwconf->nameservers[i].family == LWRES_ADDRTYPE_V4) {
+ struct in_addr in4;
+ memcpy(&in4, lwconf->nameservers[i].address, 4);
+ isc_sockaddr_fromin(&servers[i], &in4, DNSDEFAULTPORT);
+ } else {
+ struct in6_addr in6;
+ memcpy(&in6, lwconf->nameservers[i].address, 16);
+ isc_sockaddr_fromin6(&servers[i], &in6,
+ DNSDEFAULTPORT);
+ }
+ }
+ }
+
+ setup_entropy(mctx, NULL, &entropy);
+
+ result = isc_hash_create(mctx, entropy, DNS_NAME_MAXWIRE);
+ check_result(result, "isc_hash_create");
+ isc_hash_init();
+
+ result = dns_dispatchmgr_create(mctx, entropy, &dispatchmgr);
+ check_result(result, "dns_dispatchmgr_create");
+
+ result = isc_socketmgr_create(mctx, &socketmgr);
+ check_result(result, "dns_socketmgr_create");
+
+ result = isc_timermgr_create(mctx, &timermgr);
+ check_result(result, "dns_timermgr_create");
+
+ result = isc_taskmgr_create(mctx, 1, 0, &taskmgr);
+ check_result(result, "isc_taskmgr_create");
+
+ result = isc_task_create(taskmgr, 0, &global_task);
+ check_result(result, "isc_task_create");
+
+ result = isc_task_onshutdown(global_task, shutdown_program, NULL);
+ check_result(result, "isc_task_onshutdown");
+
+ result = dst_lib_init(mctx, entropy, 0);
+ check_result(result, "dst_lib_init");
+ is_dst_up = ISC_TRUE;
+
+ attrmask = DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
+ attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
+
+ if (have_ipv6) {
+ attrs = DNS_DISPATCHATTR_UDP;
+ attrs |= DNS_DISPATCHATTR_MAKEQUERY;
+ attrs |= DNS_DISPATCHATTR_IPV6;
+ isc_sockaddr_any6(&bind_any6);
+ result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any6, PACKETSIZE,
+ 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv6);
+ check_result(result, "dns_dispatch_getudp (v6)");
+ }
+
+ if (have_ipv4) {
+ attrs = DNS_DISPATCHATTR_UDP;
+ attrs |= DNS_DISPATCHATTR_MAKEQUERY;
+ attrs |= DNS_DISPATCHATTR_IPV4;
+ isc_sockaddr_any(&bind_any);
+ result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any, PACKETSIZE,
+ 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv4);
+ check_result(result, "dns_dispatch_getudp (v4)");
+ }
+
+ result = dns_requestmgr_create(mctx, timermgr,
+ socketmgr, taskmgr, dispatchmgr,
+ dispatchv4, dispatchv6, &requestmgr);
+ check_result(result, "dns_requestmgr_create");
+
+ if (keystr != NULL)
+ setup_keystr();
+ else if (keyfile != NULL)
+ setup_keyfile();
+}
+
+static void
+get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
+ int count;
+ isc_result_t result;
+
+ isc_app_block();
+ result = bind9_getaddresses(host, port, sockaddr, 1, &count);
+ isc_app_unblock();
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+ INSIST(count == 1);
+}
+
+#define PARSE_ARGS_FMT "dDMl:y:govk:rR::t:u:"
+
+static void
+pre_parse_args(int argc, char **argv) {
+ int ch;
+
+ while ((ch = isc_commandline_parse(argc, argv, PARSE_ARGS_FMT)) != -1) {
+ switch (ch) {
+ case 'M': /* was -dm */
+ debugging = ISC_TRUE;
+ ddebugging = ISC_TRUE;
+ memdebugging = ISC_TRUE;
+ isc_mem_debugging = ISC_MEM_DEBUGTRACE |
+ ISC_MEM_DEBUGRECORD;
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?')
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ argv[0], isc_commandline_option);
+ fprintf(stderr, "usage: nsupdate [-d] "
+ "[-g | -o | -y keyname:secret | -k keyfile] "
+ "[-v] [filename]\n");
+ exit(1);
+
+ default:
+ break;
+ }
+ }
+ isc_commandline_reset = ISC_TRUE;
+ isc_commandline_index = 1;
+}
+
+static void
+parse_args(int argc, char **argv, isc_mem_t *mctx, isc_entropy_t **ectx) {
+ int ch;
+ isc_uint32_t i;
+ isc_result_t result;
+
+ debug("parse_args");
+ while ((ch = isc_commandline_parse(argc, argv, PARSE_ARGS_FMT)) != -1) {
+ switch (ch) {
+ case 'd':
+ debugging = ISC_TRUE;
+ break;
+ case 'D': /* was -dd */
+ debugging = ISC_TRUE;
+ ddebugging = ISC_TRUE;
+ break;
+ case 'M':
+ break;
+ case 'l':
+ result = isc_parse_uint32(&i, isc_commandline_argument,
+ 10);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "bad library debug value "
+ "'%s'\n", isc_commandline_argument);
+ exit(1);
+ }
+ logdebuglevel = i;
+ break;
+ case 'y':
+ keystr = isc_commandline_argument;
+ break;
+ case 'v':
+ usevc = ISC_TRUE;
+ break;
+ case 'k':
+ keyfile = isc_commandline_argument;
+ break;
+ case 'g':
+ usegsstsig = ISC_TRUE;
+ use_win2k_gsstsig = ISC_FALSE;
+ break;
+ case 'o':
+ usegsstsig = ISC_TRUE;
+ use_win2k_gsstsig = ISC_TRUE;
+ break;
+ case 't':
+ result = isc_parse_uint32(&timeout,
+ isc_commandline_argument, 10);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "bad timeout '%s'\n", isc_commandline_argument);
+ exit(1);
+ }
+ if (timeout == 0)
+ timeout = UINT_MAX;
+ break;
+ case 'u':
+ result = isc_parse_uint32(&udp_timeout,
+ isc_commandline_argument, 10);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "bad udp timeout '%s'\n", isc_commandline_argument);
+ exit(1);
+ }
+ if (udp_timeout == 0)
+ udp_timeout = UINT_MAX;
+ break;
+ case 'r':
+ result = isc_parse_uint32(&udp_retries,
+ isc_commandline_argument, 10);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "bad udp retries '%s'\n", isc_commandline_argument);
+ exit(1);
+ }
+ break;
+
+ case 'R':
+ setup_entropy(mctx, isc_commandline_argument, ectx);
+ break;
+
+ default:
+ fprintf(stderr, "%s: unhandled option: %c\n",
+ argv[0], isc_commandline_option);
+ exit(1);
+ }
+ }
+ if (keyfile != NULL && keystr != NULL) {
+ fprintf(stderr, "%s: cannot specify both -k and -y\n",
+ argv[0]);
+ exit(1);
+ }
+
+#ifdef GSSAPI
+ if (usegsstsig && (keyfile != NULL || keystr != NULL)) {
+ fprintf(stderr, "%s: cannot specify -g with -k or -y\n",
+ argv[0]);
+ exit(1);
+ }
+#else
+ if (usegsstsig) {
+ fprintf(stderr, "%s: cannot specify -g or -o, " \
+ "program not linked with GSS API Library\n",
+ argv[0]);
+ exit(1);
+ }
+#endif
+
+ if (argv[isc_commandline_index] != NULL) {
+ if (strcmp(argv[isc_commandline_index], "-") == 0) {
+ input = stdin;
+ } else {
+ result = isc_stdio_open(argv[isc_commandline_index],
+ "r", &input);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not open '%s': %s\n",
+ argv[isc_commandline_index],
+ isc_result_totext(result));
+ exit(1);
+ }
+ }
+ interactive = ISC_FALSE;
+ }
+}
+
+static isc_uint16_t
+parse_name(char **cmdlinep, dns_message_t *msg, dns_name_t **namep) {
+ isc_result_t result;
+ char *word;
+ isc_buffer_t *namebuf = NULL;
+ isc_buffer_t source;
+
+ word = nsu_strsep(cmdlinep, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read owner name\n");
+ return (STATUS_SYNTAX);
+ }
+
+ result = dns_message_gettempname(msg, namep);
+ check_result(result, "dns_message_gettempname");
+ result = isc_buffer_allocate(mctx, &namebuf, DNS_NAME_MAXWIRE);
+ check_result(result, "isc_buffer_allocate");
+ dns_name_init(*namep, NULL);
+ dns_name_setbuffer(*namep, namebuf);
+ dns_message_takebuffer(msg, &namebuf);
+ isc_buffer_init(&source, word, strlen(word));
+ isc_buffer_add(&source, strlen(word));
+ result = dns_name_fromtext(*namep, &source, dns_rootname,
+ ISC_FALSE, NULL);
+ check_result(result, "dns_name_fromtext");
+ isc_buffer_invalidate(&source);
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+parse_rdata(char **cmdlinep, dns_rdataclass_t rdataclass,
+ dns_rdatatype_t rdatatype, dns_message_t *msg,
+ dns_rdata_t *rdata)
+{
+ char *cmdline = *cmdlinep;
+ isc_buffer_t source, *buf = NULL, *newbuf = NULL;
+ isc_region_t r;
+ isc_lex_t *lex = NULL;
+ dns_rdatacallbacks_t callbacks;
+ isc_result_t result;
+
+ while (*cmdline != 0 && isspace((unsigned char)*cmdline))
+ cmdline++;
+
+ if (*cmdline != 0) {
+ dns_rdatacallbacks_init(&callbacks);
+ result = isc_lex_create(mctx, strlen(cmdline), &lex);
+ check_result(result, "isc_lex_create");
+ isc_buffer_init(&source, cmdline, strlen(cmdline));
+ isc_buffer_add(&source, strlen(cmdline));
+ result = isc_lex_openbuffer(lex, &source);
+ check_result(result, "isc_lex_openbuffer");
+ result = isc_buffer_allocate(mctx, &buf, MAXWIRE);
+ check_result(result, "isc_buffer_allocate");
+ result = dns_rdata_fromtext(NULL, rdataclass, rdatatype, lex,
+ dns_rootname, 0, mctx, buf,
+ &callbacks);
+ isc_lex_destroy(&lex);
+ if (result == ISC_R_SUCCESS) {
+ isc_buffer_usedregion(buf, &r);
+ result = isc_buffer_allocate(mctx, &newbuf, r.length);
+ check_result(result, "isc_buffer_allocate");
+ isc_buffer_putmem(newbuf, r.base, r.length);
+ isc_buffer_usedregion(newbuf, &r);
+ dns_rdata_fromregion(rdata, rdataclass, rdatatype, &r);
+ isc_buffer_free(&buf);
+ dns_message_takebuffer(msg, &newbuf);
+ } else {
+ fprintf(stderr, "invalid rdata format: %s\n",
+ isc_result_totext(result));
+ isc_buffer_free(&buf);
+ return (STATUS_SYNTAX);
+ }
+ } else {
+ rdata->flags = DNS_RDATA_UPDATE;
+ }
+ *cmdlinep = cmdline;
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+make_prereq(char *cmdline, isc_boolean_t ispositive, isc_boolean_t isrrset) {
+ isc_result_t result;
+ char *word;
+ dns_name_t *name = NULL;
+ isc_textregion_t region;
+ dns_rdataset_t *rdataset = NULL;
+ dns_rdatalist_t *rdatalist = NULL;
+ dns_rdataclass_t rdataclass;
+ dns_rdatatype_t rdatatype;
+ dns_rdata_t *rdata = NULL;
+ isc_uint16_t retval;
+
+ ddebug("make_prereq()");
+
+ /*
+ * Read the owner name
+ */
+ retval = parse_name(&cmdline, updatemsg, &name);
+ if (retval != STATUS_MORE)
+ return (retval);
+
+ /*
+ * If this is an rrset prereq, read the class or type.
+ */
+ if (isrrset) {
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read class or type\n");
+ goto failure;
+ }
+ region.base = word;
+ region.length = strlen(word);
+ result = dns_rdataclass_fromtext(&rdataclass, &region);
+ if (result == ISC_R_SUCCESS) {
+ if (!setzoneclass(rdataclass)) {
+ fprintf(stderr, "class mismatch: %s\n", word);
+ goto failure;
+ }
+ /*
+ * Now read the type.
+ */
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read type\n");
+ goto failure;
+ }
+ region.base = word;
+ region.length = strlen(word);
+ result = dns_rdatatype_fromtext(&rdatatype, &region);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "invalid type: %s\n", word);
+ goto failure;
+ }
+ } else {
+ rdataclass = getzoneclass();
+ result = dns_rdatatype_fromtext(&rdatatype, &region);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "invalid type: %s\n", word);
+ goto failure;
+ }
+ }
+ } else
+ rdatatype = dns_rdatatype_any;
+
+ result = dns_message_gettemprdata(updatemsg, &rdata);
+ check_result(result, "dns_message_gettemprdata");
+
+ dns_rdata_init(rdata);
+
+ if (isrrset && ispositive) {
+ retval = parse_rdata(&cmdline, rdataclass, rdatatype,
+ updatemsg, rdata);
+ if (retval != STATUS_MORE)
+ goto failure;
+ } else
+ rdata->flags = DNS_RDATA_UPDATE;
+
+ result = dns_message_gettemprdatalist(updatemsg, &rdatalist);
+ check_result(result, "dns_message_gettemprdatalist");
+ result = dns_message_gettemprdataset(updatemsg, &rdataset);
+ check_result(result, "dns_message_gettemprdataset");
+ dns_rdatalist_init(rdatalist);
+ rdatalist->type = rdatatype;
+ if (ispositive) {
+ if (isrrset && rdata->data != NULL)
+ rdatalist->rdclass = rdataclass;
+ else
+ rdatalist->rdclass = dns_rdataclass_any;
+ } else
+ rdatalist->rdclass = dns_rdataclass_none;
+ rdatalist->covers = 0;
+ rdatalist->ttl = 0;
+ rdata->rdclass = rdatalist->rdclass;
+ rdata->type = rdatatype;
+ ISC_LIST_INIT(rdatalist->rdata);
+ ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
+ dns_rdataset_init(rdataset);
+ dns_rdatalist_tordataset(rdatalist, rdataset);
+ ISC_LIST_INIT(name->list);
+ ISC_LIST_APPEND(name->list, rdataset, link);
+ dns_message_addname(updatemsg, name, DNS_SECTION_PREREQUISITE);
+ return (STATUS_MORE);
+
+ failure:
+ if (name != NULL)
+ dns_message_puttempname(updatemsg, &name);
+ return (STATUS_SYNTAX);
+}
+
+static isc_uint16_t
+evaluate_prereq(char *cmdline) {
+ char *word;
+ isc_boolean_t ispositive, isrrset;
+
+ ddebug("evaluate_prereq()");
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read operation code\n");
+ return (STATUS_SYNTAX);
+ }
+ if (strcasecmp(word, "nxdomain") == 0) {
+ ispositive = ISC_FALSE;
+ isrrset = ISC_FALSE;
+ } else if (strcasecmp(word, "yxdomain") == 0) {
+ ispositive = ISC_TRUE;
+ isrrset = ISC_FALSE;
+ } else if (strcasecmp(word, "nxrrset") == 0) {
+ ispositive = ISC_FALSE;
+ isrrset = ISC_TRUE;
+ } else if (strcasecmp(word, "yxrrset") == 0) {
+ ispositive = ISC_TRUE;
+ isrrset = ISC_TRUE;
+ } else {
+ fprintf(stderr, "incorrect operation code: %s\n", word);
+ return (STATUS_SYNTAX);
+ }
+ return (make_prereq(cmdline, ispositive, isrrset));
+}
+
+static isc_uint16_t
+evaluate_server(char *cmdline) {
+ char *word, *server;
+ long port;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read server name\n");
+ return (STATUS_SYNTAX);
+ }
+ server = word;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0)
+ port = DNSDEFAULTPORT;
+ else {
+ char *endp;
+ port = strtol(word, &endp, 10);
+ if (*endp != 0) {
+ fprintf(stderr, "port '%s' is not numeric\n", word);
+ return (STATUS_SYNTAX);
+ } else if (port < 1 || port > 65535) {
+ fprintf(stderr, "port '%s' is out of range "
+ "(1 to 65535)\n", word);
+ return (STATUS_SYNTAX);
+ }
+ }
+
+ if (userserver == NULL) {
+ userserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t));
+ if (userserver == NULL)
+ fatal("out of memory");
+ }
+
+ get_address(server, (in_port_t)port, userserver);
+
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+evaluate_local(char *cmdline) {
+ char *word, *local;
+ long port;
+ struct in_addr in4;
+ struct in6_addr in6;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read server name\n");
+ return (STATUS_SYNTAX);
+ }
+ local = word;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0)
+ port = 0;
+ else {
+ char *endp;
+ port = strtol(word, &endp, 10);
+ if (*endp != 0) {
+ fprintf(stderr, "port '%s' is not numeric\n", word);
+ return (STATUS_SYNTAX);
+ } else if (port < 1 || port > 65535) {
+ fprintf(stderr, "port '%s' is out of range "
+ "(1 to 65535)\n", word);
+ return (STATUS_SYNTAX);
+ }
+ }
+
+ if (localaddr == NULL) {
+ localaddr = isc_mem_get(mctx, sizeof(isc_sockaddr_t));
+ if (localaddr == NULL)
+ fatal("out of memory");
+ }
+
+ if (have_ipv6 && inet_pton(AF_INET6, local, &in6) == 1)
+ isc_sockaddr_fromin6(localaddr, &in6, (in_port_t)port);
+ else if (have_ipv4 && inet_pton(AF_INET, local, &in4) == 1)
+ isc_sockaddr_fromin(localaddr, &in4, (in_port_t)port);
+ else {
+ fprintf(stderr, "invalid address %s", local);
+ return (STATUS_SYNTAX);
+ }
+
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+evaluate_key(char *cmdline) {
+ char *namestr;
+ char *secretstr;
+ isc_buffer_t b;
+ isc_result_t result;
+ dns_fixedname_t fkeyname;
+ dns_name_t *keyname;
+ int secretlen;
+ unsigned char *secret = NULL;
+ isc_buffer_t secretbuf;
+ dns_name_t *hmacname = NULL;
+ isc_uint16_t digestbits = 0;
+ char *n;
+
+ namestr = nsu_strsep(&cmdline, " \t\r\n");
+ if (*namestr == 0) {
+ fprintf(stderr, "could not read key name\n");
+ return (STATUS_SYNTAX);
+ }
+
+ dns_fixedname_init(&fkeyname);
+ keyname = dns_fixedname_name(&fkeyname);
+
+ n = strchr(namestr, ':');
+ if (n != NULL) {
+ digestbits = parse_hmac(&hmacname, namestr, n - namestr);
+ namestr = n + 1;
+ } else
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+
+ isc_buffer_init(&b, namestr, strlen(namestr));
+ isc_buffer_add(&b, strlen(namestr));
+ result = dns_name_fromtext(keyname, &b, dns_rootname, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not parse key name\n");
+ return (STATUS_SYNTAX);
+ }
+
+ secretstr = nsu_strsep(&cmdline, "\r\n");
+ if (*secretstr == 0) {
+ fprintf(stderr, "could not read key secret\n");
+ return (STATUS_SYNTAX);
+ }
+ secretlen = strlen(secretstr) * 3 / 4;
+ secret = isc_mem_allocate(mctx, secretlen);
+ if (secret == NULL)
+ fatal("out of memory");
+
+ isc_buffer_init(&secretbuf, secret, secretlen);
+ result = isc_base64_decodestring(secretstr, &secretbuf);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not create key from %s: %s\n",
+ secretstr, isc_result_totext(result));
+ isc_mem_free(mctx, secret);
+ return (STATUS_SYNTAX);
+ }
+ secretlen = isc_buffer_usedlength(&secretbuf);
+
+ if (tsigkey != NULL)
+ dns_tsigkey_detach(&tsigkey);
+ result = dns_tsigkey_create(keyname, hmacname, secret, secretlen,
+ ISC_TRUE, NULL, 0, 0, mctx, NULL,
+ &tsigkey);
+ isc_mem_free(mctx, secret);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not create key from %s %s: %s\n",
+ namestr, secretstr, dns_result_totext(result));
+ return (STATUS_SYNTAX);
+ }
+ dst_key_setbits(tsigkey->key, digestbits);
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+evaluate_zone(char *cmdline) {
+ char *word;
+ isc_buffer_t b;
+ isc_result_t result;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read zone name\n");
+ return (STATUS_SYNTAX);
+ }
+
+ dns_fixedname_init(&fuserzone);
+ userzone = dns_fixedname_name(&fuserzone);
+ isc_buffer_init(&b, word, strlen(word));
+ isc_buffer_add(&b, strlen(word));
+ result = dns_name_fromtext(userzone, &b, dns_rootname, ISC_FALSE,
+ NULL);
+ if (result != ISC_R_SUCCESS) {
+ userzone = NULL; /* Lest it point to an invalid name */
+ fprintf(stderr, "could not parse zone name\n");
+ return (STATUS_SYNTAX);
+ }
+
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+evaluate_ttl(char *cmdline) {
+ char *word;
+ isc_result_t result;
+ isc_uint32_t ttl;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not ttl\n");
+ return (STATUS_SYNTAX);
+ }
+
+ if (!strcasecmp(word, "none")) {
+ default_ttl = 0;
+ default_ttl_set = ISC_FALSE;
+ return (STATUS_MORE);
+ }
+
+ result = isc_parse_uint32(&ttl, word, 10);
+ if (result != ISC_R_SUCCESS)
+ return (STATUS_SYNTAX);
+
+ if (ttl > TTL_MAX) {
+ fprintf(stderr, "ttl '%s' is out of range (0 to %u)\n",
+ word, TTL_MAX);
+ return (STATUS_SYNTAX);
+ }
+ default_ttl = ttl;
+ default_ttl_set = ISC_TRUE;
+
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+evaluate_class(char *cmdline) {
+ char *word;
+ isc_textregion_t r;
+ isc_result_t result;
+ dns_rdataclass_t rdclass;
+
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read class name\n");
+ return (STATUS_SYNTAX);
+ }
+
+ r.base = word;
+ r.length = strlen(word);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not parse class name: %s\n", word);
+ return (STATUS_SYNTAX);
+ }
+ switch (rdclass) {
+ case dns_rdataclass_none:
+ case dns_rdataclass_any:
+ case dns_rdataclass_reserved0:
+ fprintf(stderr, "bad default class: %s\n", word);
+ return (STATUS_SYNTAX);
+ default:
+ defaultclass = rdclass;
+ }
+
+ return (STATUS_MORE);
+}
+
+static isc_uint16_t
+update_addordelete(char *cmdline, isc_boolean_t isdelete) {
+ isc_result_t result;
+ dns_name_t *name = NULL;
+ isc_uint32_t ttl;
+ char *word;
+ dns_rdataclass_t rdataclass;
+ dns_rdatatype_t rdatatype;
+ dns_rdata_t *rdata = NULL;
+ dns_rdatalist_t *rdatalist = NULL;
+ dns_rdataset_t *rdataset = NULL;
+ isc_textregion_t region;
+ isc_uint16_t retval;
+
+ ddebug("update_addordelete()");
+
+ /*
+ * Read the owner name.
+ */
+ retval = parse_name(&cmdline, updatemsg, &name);
+ if (retval != STATUS_MORE)
+ return (retval);
+
+ result = dns_message_gettemprdata(updatemsg, &rdata);
+ check_result(result, "dns_message_gettemprdata");
+
+ dns_rdata_init(rdata);
+
+ /*
+ * If this is an add, read the TTL and verify that it's in range.
+ * If it's a delete, ignore a TTL if present (for compatibility).
+ */
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ if (!isdelete) {
+ fprintf(stderr, "could not read owner ttl\n");
+ goto failure;
+ }
+ else {
+ ttl = 0;
+ rdataclass = dns_rdataclass_any;
+ rdatatype = dns_rdatatype_any;
+ rdata->flags = DNS_RDATA_UPDATE;
+ goto doneparsing;
+ }
+ }
+ result = isc_parse_uint32(&ttl, word, 10);
+ if (result != ISC_R_SUCCESS) {
+ if (isdelete) {
+ ttl = 0;
+ goto parseclass;
+ } else if (default_ttl_set) {
+ ttl = default_ttl;
+ goto parseclass;
+ } else {
+ fprintf(stderr, "ttl '%s': %s\n", word,
+ isc_result_totext(result));
+ goto failure;
+ }
+ }
+
+ if (isdelete)
+ ttl = 0;
+ else if (ttl > TTL_MAX) {
+ fprintf(stderr, "ttl '%s' is out of range (0 to %u)\n",
+ word, TTL_MAX);
+ goto failure;
+ }
+
+ /*
+ * Read the class or type.
+ */
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ parseclass:
+ if (*word == 0) {
+ if (isdelete) {
+ rdataclass = dns_rdataclass_any;
+ rdatatype = dns_rdatatype_any;
+ rdata->flags = DNS_RDATA_UPDATE;
+ goto doneparsing;
+ } else {
+ fprintf(stderr, "could not read class or type\n");
+ goto failure;
+ }
+ }
+ region.base = word;
+ region.length = strlen(word);
+ result = dns_rdataclass_fromtext(&rdataclass, &region);
+ if (result == ISC_R_SUCCESS) {
+ if (!setzoneclass(rdataclass)) {
+ fprintf(stderr, "class mismatch: %s\n", word);
+ goto failure;
+ }
+ /*
+ * Now read the type.
+ */
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ if (isdelete) {
+ rdataclass = dns_rdataclass_any;
+ rdatatype = dns_rdatatype_any;
+ rdata->flags = DNS_RDATA_UPDATE;
+ goto doneparsing;
+ } else {
+ fprintf(stderr, "could not read type\n");
+ goto failure;
+ }
+ }
+ region.base = word;
+ region.length = strlen(word);
+ result = dns_rdatatype_fromtext(&rdatatype, &region);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "'%s' is not a valid type: %s\n",
+ word, isc_result_totext(result));
+ goto failure;
+ }
+ } else {
+ rdataclass = getzoneclass();
+ result = dns_rdatatype_fromtext(&rdatatype, &region);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "'%s' is not a valid class or type: "
+ "%s\n", word, isc_result_totext(result));
+ goto failure;
+ }
+ }
+
+ retval = parse_rdata(&cmdline, rdataclass, rdatatype, updatemsg,
+ rdata);
+ if (retval != STATUS_MORE)
+ goto failure;
+
+ if (isdelete) {
+ if ((rdata->flags & DNS_RDATA_UPDATE) != 0)
+ rdataclass = dns_rdataclass_any;
+ else
+ rdataclass = dns_rdataclass_none;
+ } else {
+ if ((rdata->flags & DNS_RDATA_UPDATE) != 0) {
+ fprintf(stderr, "could not read rdata\n");
+ goto failure;
+ }
+ }
+
+ doneparsing:
+
+ result = dns_message_gettemprdatalist(updatemsg, &rdatalist);
+ check_result(result, "dns_message_gettemprdatalist");
+ result = dns_message_gettemprdataset(updatemsg, &rdataset);
+ check_result(result, "dns_message_gettemprdataset");
+ dns_rdatalist_init(rdatalist);
+ rdatalist->type = rdatatype;
+ rdatalist->rdclass = rdataclass;
+ rdatalist->covers = rdatatype;
+ rdatalist->ttl = (dns_ttl_t)ttl;
+ ISC_LIST_INIT(rdatalist->rdata);
+ ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
+ dns_rdataset_init(rdataset);
+ dns_rdatalist_tordataset(rdatalist, rdataset);
+ ISC_LIST_INIT(name->list);
+ ISC_LIST_APPEND(name->list, rdataset, link);
+ dns_message_addname(updatemsg, name, DNS_SECTION_UPDATE);
+ return (STATUS_MORE);
+
+ failure:
+ if (name != NULL)
+ dns_message_puttempname(updatemsg, &name);
+ dns_message_puttemprdata(updatemsg, &rdata);
+ return (STATUS_SYNTAX);
+}
+
+static isc_uint16_t
+evaluate_update(char *cmdline) {
+ char *word;
+ isc_boolean_t isdelete;
+
+ ddebug("evaluate_update()");
+ word = nsu_strsep(&cmdline, " \t\r\n");
+ if (*word == 0) {
+ fprintf(stderr, "could not read operation code\n");
+ return (STATUS_SYNTAX);
+ }
+ if (strcasecmp(word, "delete") == 0)
+ isdelete = ISC_TRUE;
+ else if (strcasecmp(word, "add") == 0)
+ isdelete = ISC_FALSE;
+ else {
+ fprintf(stderr, "incorrect operation code: %s\n", word);
+ return (STATUS_SYNTAX);
+ }
+ return (update_addordelete(cmdline, isdelete));
+}
+
+static void
+setzone(dns_name_t *zonename) {
+ isc_result_t result;
+ dns_name_t *name = NULL;
+ dns_rdataset_t *rdataset = NULL;
+
+ result = dns_message_firstname(updatemsg, DNS_SECTION_ZONE);
+ if (result == ISC_R_SUCCESS) {
+ dns_message_currentname(updatemsg, DNS_SECTION_ZONE, &name);
+ dns_message_removename(updatemsg, name, DNS_SECTION_ZONE);
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_HEAD(name->list)) {
+ ISC_LIST_UNLINK(name->list, rdataset, link);
+ dns_rdataset_disassociate(rdataset);
+ dns_message_puttemprdataset(updatemsg, &rdataset);
+ }
+ dns_message_puttempname(updatemsg, &name);
+ }
+
+ if (zonename != NULL) {
+ result = dns_message_gettempname(updatemsg, &name);
+ check_result(result, "dns_message_gettempname");
+ dns_name_init(name, NULL);
+ dns_name_clone(zonename, name);
+ result = dns_message_gettemprdataset(updatemsg, &rdataset);
+ check_result(result, "dns_message_gettemprdataset");
+ dns_rdataset_makequestion(rdataset, getzoneclass(),
+ dns_rdatatype_soa);
+ ISC_LIST_INIT(name->list);
+ ISC_LIST_APPEND(name->list, rdataset, link);
+ dns_message_addname(updatemsg, name, DNS_SECTION_ZONE);
+ }
+}
+
+static void
+show_message(FILE *stream, dns_message_t *msg, const char *description) {
+ isc_result_t result;
+ isc_buffer_t *buf = NULL;
+ int bufsz;
+
+ ddebug("show_message()");
+
+ setzone(userzone);
+
+ bufsz = INITTEXT;
+ do {
+ if (bufsz > MAXTEXT) {
+ fprintf(stderr, "could not allocate large enough "
+ "buffer to display message\n");
+ exit(1);
+ }
+ if (buf != NULL)
+ isc_buffer_free(&buf);
+ result = isc_buffer_allocate(mctx, &buf, bufsz);
+ check_result(result, "isc_buffer_allocate");
+ result = dns_message_totext(msg, style, 0, buf);
+ bufsz *= 2;
+ } while (result == ISC_R_NOSPACE);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "could not convert message to text format.\n");
+ isc_buffer_free(&buf);
+ return;
+ }
+ fprintf(stream, "%s\n%.*s", description,
+ (int)isc_buffer_usedlength(buf), (char*)isc_buffer_base(buf));
+ isc_buffer_free(&buf);
+}
+
+
+static isc_uint16_t
+get_next_command(void) {
+ char cmdlinebuf[MAXCMD];
+ char *cmdline;
+ char *word;
+
+ ddebug("get_next_command()");
+ if (interactive) {
+ fprintf(stdout, "> ");
+ fflush(stdout);
+ }
+ isc_app_block();
+ cmdline = fgets(cmdlinebuf, MAXCMD, input);
+ isc_app_unblock();
+ if (cmdline == NULL)
+ return (STATUS_QUIT);
+ word = nsu_strsep(&cmdline, " \t\r\n");
+
+ if (feof(input))
+ return (STATUS_QUIT);
+ if (*word == 0)
+ return (STATUS_SEND);
+ if (word[0] == ';')
+ return (STATUS_MORE);
+ if (strcasecmp(word, "quit") == 0)
+ return (STATUS_QUIT);
+ if (strcasecmp(word, "prereq") == 0)
+ return (evaluate_prereq(cmdline));
+ if (strcasecmp(word, "update") == 0)
+ return (evaluate_update(cmdline));
+ if (strcasecmp(word, "server") == 0)
+ return (evaluate_server(cmdline));
+ if (strcasecmp(word, "local") == 0)
+ return (evaluate_local(cmdline));
+ if (strcasecmp(word, "zone") == 0)
+ return (evaluate_zone(cmdline));
+ if (strcasecmp(word, "class") == 0)
+ return (evaluate_class(cmdline));
+ if (strcasecmp(word, "send") == 0)
+ return (STATUS_SEND);
+ if (strcasecmp(word, "debug") == 0) {
+ if (debugging)
+ ddebugging = ISC_TRUE;
+ else
+ debugging = ISC_TRUE;
+ return (STATUS_MORE);
+ }
+ if (strcasecmp(word, "ttl") == 0)
+ return (evaluate_ttl(cmdline));
+ if (strcasecmp(word, "show") == 0) {
+ show_message(stdout, updatemsg, "Outgoing update query:");
+ return (STATUS_MORE);
+ }
+ if (strcasecmp(word, "answer") == 0) {
+ if (answer != NULL)
+ show_message(stdout, answer, "Answer:");
+ return (STATUS_MORE);
+ }
+ if (strcasecmp(word, "key") == 0) {
+ usegsstsig = ISC_FALSE;
+ return (evaluate_key(cmdline));
+ }
+ if (strcasecmp(word, "gsstsig") == 0) {
+#ifdef GSSAPI
+ usegsstsig = ISC_TRUE;
+ use_win2k_gsstsig = ISC_FALSE;
+#else
+ fprintf(stderr, "gsstsig not supported\n");
+#endif
+ return (STATUS_MORE);
+ }
+ if (strcasecmp(word, "oldgsstsig") == 0) {
+#ifdef GSSAPI
+ usegsstsig = ISC_TRUE;
+ use_win2k_gsstsig = ISC_TRUE;
+#else
+ fprintf(stderr, "gsstsig not supported\n");
+#endif
+ return (STATUS_MORE);
+ }
+ if (strcasecmp(word, "help") == 0) {
+ fprintf(stdout,
+"local address [port] (set local resolver)\n"
+"server address [port] (set master server for zone)\n"
+"send (send the update request)\n"
+"show (show the update request)\n"
+"answer (show the answer to the last request)\n"
+"quit (quit, any pending update is not sent\n"
+"help (display this message_\n"
+"key [hmac:]keyname secret (use TSIG to sign the request)\n"
+"gsstsig (use GSS_TSIG to sign the request)\n"
+"oldgsstsig (use Microsoft's GSS_TSIG to sign the request)\n"
+"zone name (set the zone to be updated)\n"
+"class CLASS (set the zone's DNS class, e.g. IN (default), CH)\n"
+"prereq nxdomain name (does this name not exist)\n"
+"prereq yxdomain name (does this name exist)\n"
+"prereq nxrrset .... (does this RRset exist)\n"
+"prereq yxrrset .... (does this RRset not exist)\n"
+"update add .... (add the given record to the zone)\n"
+"update delete .... (remove the given record(s) from the zone)\n");
+ return (STATUS_MORE);
+ }
+ fprintf(stderr, "incorrect section name: %s\n", word);
+ return (STATUS_SYNTAX);
+}
+
+static isc_boolean_t
+user_interaction(void) {
+ isc_uint16_t result = STATUS_MORE;
+
+ ddebug("user_interaction()");
+ while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) {
+ result = get_next_command();
+ if (!interactive && result == STATUS_SYNTAX)
+ fatal("syntax error");
+ }
+ if (result == STATUS_SEND)
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+
+}
+
+static void
+done_update(void) {
+ isc_event_t *event = global_event;
+ ddebug("done_update()");
+ isc_task_send(global_task, &event);
+}
+
+static void
+check_tsig_error(dns_rdataset_t *rdataset, isc_buffer_t *b) {
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_any_tsig_t tsig;
+
+ result = dns_rdataset_first(rdataset);
+ check_result(result, "dns_rdataset_first");
+ dns_rdataset_current(rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &tsig, NULL);
+ check_result(result, "dns_rdata_tostruct");
+ if (tsig.error != 0) {
+ if (isc_buffer_remaininglength(b) < 1)
+ check_result(ISC_R_NOSPACE, "isc_buffer_remaininglength");
+ isc__buffer_putstr(b, "(" /*)*/);
+ result = dns_tsigrcode_totext(tsig.error, b);
+ check_result(result, "dns_tsigrcode_totext");
+ if (isc_buffer_remaininglength(b) < 1)
+ check_result(ISC_R_NOSPACE, "isc_buffer_remaininglength");
+ isc__buffer_putstr(b, /*(*/ ")");
+ }
+}
+
+static void
+update_completed(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = NULL;
+ isc_result_t result;
+ dns_request_t *request;
+
+ UNUSED(task);
+
+ ddebug("update_completed()");
+
+ requests--;
+
+ REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE);
+ reqev = (dns_requestevent_t *)event;
+ request = reqev->request;
+
+ if (shuttingdown) {
+ dns_request_destroy(&request);
+ isc_event_free(&event);
+ maybeshutdown();
+ return;
+ }
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "; Communication with server failed: %s\n",
+ isc_result_totext(reqev->result));
+ seenerror = ISC_TRUE;
+ goto done;
+ }
+
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &answer);
+ check_result(result, "dns_message_create");
+ result = dns_request_getresponse(request, answer,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ if (answer->verify_attempted)
+ ddebug("tsig verification successful");
+ break;
+ case DNS_R_CLOCKSKEW:
+ case DNS_R_EXPECTEDTSIG:
+ case DNS_R_TSIGERRORSET:
+ case DNS_R_TSIGVERIFYFAILURE:
+ case DNS_R_UNEXPECTEDTSIG:
+ case ISC_R_FAILURE:
+#if 0
+ if (usegsstsig && answer->rcode == dns_rcode_noerror) {
+ /*
+ * For MS DNS that violates RFC 2845, section 4.2
+ */
+ break;
+ }
+#endif
+ fprintf(stderr, "; TSIG error with server: %s\n",
+ isc_result_totext(result));
+ seenerror = ISC_TRUE;
+ break;
+ default:
+ check_result(result, "dns_request_getresponse");
+ }
+
+ if (answer->rcode != dns_rcode_noerror) {
+ seenerror = ISC_TRUE;
+ if (!debugging) {
+ char buf[64];
+ isc_buffer_t b;
+ dns_rdataset_t *rds;
+
+ isc_buffer_init(&b, buf, sizeof(buf) - 1);
+ result = dns_rcode_totext(answer->rcode, &b);
+ check_result(result, "dns_rcode_totext");
+ rds = dns_message_gettsig(answer, NULL);
+ if (rds != NULL)
+ check_tsig_error(rds, &b);
+ fprintf(stderr, "update failed: %.*s\n",
+ (int)isc_buffer_usedlength(&b), buf);
+ }
+ }
+ if (debugging)
+ show_message(stderr, answer, "\nReply from update query:");
+
+ done:
+ dns_request_destroy(&request);
+ if (usegsstsig) {
+ dns_name_free(&tmpzonename, mctx);
+ dns_name_free(&restart_master, mctx);
+ }
+ isc_event_free(&event);
+ done_update();
+}
+
+static void
+send_update(dns_name_t *zonename, isc_sockaddr_t *master,
+ isc_sockaddr_t *srcaddr)
+{
+ isc_result_t result;
+ dns_request_t *request = NULL;
+ unsigned int options = 0;
+
+ ddebug("send_update()");
+
+ setzone(zonename);
+
+ if (usevc)
+ options |= DNS_REQUESTOPT_TCP;
+ if (tsigkey == NULL && sig0key != NULL) {
+ result = dns_message_setsig0key(updatemsg, sig0key);
+ check_result(result, "dns_message_setsig0key");
+ }
+ if (debugging) {
+ char addrbuf[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(master, addrbuf, sizeof(addrbuf));
+ fprintf(stderr, "Sending update to %s\n", addrbuf);
+ }
+
+ result = dns_request_createvia3(requestmgr, updatemsg, srcaddr,
+ master, options, tsigkey, timeout,
+ udp_timeout, udp_retries, global_task,
+ update_completed, NULL, &request);
+ check_result(result, "dns_request_createvia3");
+
+ if (debugging)
+ show_message(stdout, updatemsg, "Outgoing update query:");
+
+ requests++;
+}
+
+static void
+recvsoa(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = NULL;
+ dns_request_t *request = NULL;
+ isc_result_t result, eresult;
+ dns_message_t *rcvmsg = NULL;
+ dns_section_t section;
+ dns_name_t *name = NULL;
+ dns_rdataset_t *soaset = NULL;
+ dns_rdata_soa_t soa;
+ dns_rdata_t soarr = DNS_RDATA_INIT;
+ int pass = 0;
+ dns_name_t master;
+ nsu_requestinfo_t *reqinfo;
+ dns_message_t *soaquery = NULL;
+ isc_sockaddr_t *addr;
+ isc_boolean_t seencname = ISC_FALSE;
+ dns_name_t tname;
+ unsigned int nlabels;
+
+ UNUSED(task);
+
+ ddebug("recvsoa()");
+
+ requests--;
+
+ REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE);
+ reqev = (dns_requestevent_t *)event;
+ request = reqev->request;
+ eresult = reqev->result;
+ reqinfo = reqev->ev_arg;
+ soaquery = reqinfo->msg;
+ addr = reqinfo->addr;
+
+ if (shuttingdown) {
+ dns_request_destroy(&request);
+ dns_message_destroy(&soaquery);
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ isc_event_free(&event);
+ maybeshutdown();
+ return;
+ }
+
+ if (eresult != ISC_R_SUCCESS) {
+ char addrbuf[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
+ fprintf(stderr, "; Communication with %s failed: %s\n",
+ addrbuf, isc_result_totext(eresult));
+ if (userserver != NULL)
+ fatal("could not talk to specified name server");
+ else if (++ns_inuse >= lwconf->nsnext)
+ fatal("could not talk to any default name server");
+ ddebug("Destroying request [%p]", request);
+ dns_request_destroy(&request);
+ dns_message_renderreset(soaquery);
+ dns_message_settsigkey(soaquery, NULL);
+ sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ isc_event_free(&event);
+ setzoneclass(dns_rdataclass_none);
+ return;
+ }
+
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ reqinfo = NULL;
+ isc_event_free(&event);
+ reqev = NULL;
+
+ ddebug("About to create rcvmsg");
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &rcvmsg);
+ check_result(result, "dns_message_create");
+ result = dns_request_getresponse(request, rcvmsg,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ if (result == DNS_R_TSIGERRORSET && userserver != NULL) {
+ dns_message_destroy(&rcvmsg);
+ ddebug("Destroying request [%p]", request);
+ dns_request_destroy(&request);
+ reqinfo = isc_mem_get(mctx, sizeof(nsu_requestinfo_t));
+ if (reqinfo == NULL)
+ fatal("out of memory");
+ reqinfo->msg = soaquery;
+ reqinfo->addr = addr;
+ dns_message_renderreset(soaquery);
+ ddebug("retrying soa request without TSIG");
+ result = dns_request_createvia3(requestmgr, soaquery,
+ localaddr, addr, 0, NULL,
+ FIND_TIMEOUT * 20,
+ FIND_TIMEOUT, 3,
+ global_task, recvsoa, reqinfo,
+ &request);
+ check_result(result, "dns_request_createvia");
+ requests++;
+ return;
+ }
+ check_result(result, "dns_request_getresponse");
+ section = DNS_SECTION_ANSWER;
+ if (debugging)
+ show_message(stderr, rcvmsg, "Reply from SOA query:");
+
+ if (rcvmsg->rcode != dns_rcode_noerror &&
+ rcvmsg->rcode != dns_rcode_nxdomain)
+ fatal("response to SOA query was unsuccessful");
+
+ if (userzone != NULL && rcvmsg->rcode == dns_rcode_nxdomain) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(userzone, namebuf, sizeof(namebuf));
+ error("specified zone '%s' does not exist (NXDOMAIN)",
+ namebuf);
+ dns_message_destroy(&rcvmsg);
+ dns_request_destroy(&request);
+ dns_message_destroy(&soaquery);
+ ddebug("Out of recvsoa");
+ done_update();
+ return;
+ }
+
+ lookforsoa:
+ if (pass == 0)
+ section = DNS_SECTION_ANSWER;
+ else if (pass == 1)
+ section = DNS_SECTION_AUTHORITY;
+ else
+ goto droplabel;
+
+ result = dns_message_firstname(rcvmsg, section);
+ if (result != ISC_R_SUCCESS) {
+ pass++;
+ goto lookforsoa;
+ }
+ while (result == ISC_R_SUCCESS) {
+ name = NULL;
+ dns_message_currentname(rcvmsg, section, &name);
+ soaset = NULL;
+ result = dns_message_findtype(name, dns_rdatatype_soa, 0,
+ &soaset);
+ if (result == ISC_R_SUCCESS)
+ break;
+ if (section == DNS_SECTION_ANSWER) {
+ dns_rdataset_t *tset = NULL;
+ if (dns_message_findtype(name, dns_rdatatype_cname, 0,
+ &tset) == ISC_R_SUCCESS ||
+ dns_message_findtype(name, dns_rdatatype_dname, 0,
+ &tset) == ISC_R_SUCCESS ) {
+ seencname = ISC_TRUE;
+ break;
+ }
+ }
+
+ result = dns_message_nextname(rcvmsg, section);
+ }
+
+ if (soaset == NULL && !seencname) {
+ pass++;
+ goto lookforsoa;
+ }
+
+ if (seencname)
+ goto droplabel;
+
+ if (debugging) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_name_format(name, namestr, sizeof(namestr));
+ fprintf(stderr, "Found zone name: %s\n", namestr);
+ }
+
+ result = dns_rdataset_first(soaset);
+ check_result(result, "dns_rdataset_first");
+
+ dns_rdata_init(&soarr);
+ dns_rdataset_current(soaset, &soarr);
+ result = dns_rdata_tostruct(&soarr, &soa, NULL);
+ check_result(result, "dns_rdata_tostruct");
+
+ dns_name_init(&master, NULL);
+ dns_name_clone(&soa.origin, &master);
+
+ if (userzone != NULL)
+ zonename = userzone;
+ else
+ zonename = name;
+
+ if (debugging) {
+ char namestr[DNS_NAME_FORMATSIZE];
+ dns_name_format(&master, namestr, sizeof(namestr));
+ fprintf(stderr, "The master is: %s\n", namestr);
+ }
+
+ if (userserver != NULL)
+ serveraddr = userserver;
+ else {
+ char serverstr[DNS_NAME_MAXTEXT+1];
+ isc_buffer_t buf;
+
+ isc_buffer_init(&buf, serverstr, sizeof(serverstr));
+ result = dns_name_totext(&master, ISC_TRUE, &buf);
+ check_result(result, "dns_name_totext");
+ serverstr[isc_buffer_usedlength(&buf)] = 0;
+ get_address(serverstr, DNSDEFAULTPORT, &tempaddr);
+ serveraddr = &tempaddr;
+ }
+ dns_rdata_freestruct(&soa);
+
+#ifdef GSSAPI
+ if (usegsstsig) {
+ dns_name_init(&tmpzonename, NULL);
+ dns_name_dup(zonename, mctx, &tmpzonename);
+ dns_name_init(&restart_master, NULL);
+ dns_name_dup(&master, mctx, &restart_master);
+ start_gssrequest(&master);
+ } else {
+ send_update(zonename, serveraddr, localaddr);
+ setzoneclass(dns_rdataclass_none);
+ }
+#else
+ send_update(zonename, serveraddr, localaddr);
+ setzoneclass(dns_rdataclass_none);
+#endif
+
+ dns_message_destroy(&soaquery);
+ dns_request_destroy(&request);
+
+ out:
+ dns_message_destroy(&rcvmsg);
+ ddebug("Out of recvsoa");
+ return;
+
+ droplabel:
+ result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION);
+ INSIST(result == ISC_R_SUCCESS);
+ name = NULL;
+ dns_message_currentname(soaquery, DNS_SECTION_QUESTION, &name);
+ nlabels = dns_name_countlabels(name);
+ if (nlabels == 1)
+ fatal("could not find enclosing zone");
+ dns_name_init(&tname, NULL);
+ dns_name_getlabelsequence(name, 1, nlabels - 1, &tname);
+ dns_name_clone(&tname, name);
+ dns_request_destroy(&request);
+ dns_message_renderreset(soaquery);
+ dns_message_settsigkey(soaquery, NULL);
+ if (userserver != NULL)
+ sendrequest(localaddr, userserver, soaquery, &request);
+ else
+ sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
+ goto out;
+}
+
+static void
+sendrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
+ dns_message_t *msg, dns_request_t **request)
+{
+ isc_result_t result;
+ nsu_requestinfo_t *reqinfo;
+
+ reqinfo = isc_mem_get(mctx, sizeof(nsu_requestinfo_t));
+ if (reqinfo == NULL)
+ fatal("out of memory");
+ reqinfo->msg = msg;
+ reqinfo->addr = destaddr;
+ result = dns_request_createvia3(requestmgr, msg, srcaddr, destaddr, 0,
+ (userserver != NULL) ? tsigkey : NULL,
+ FIND_TIMEOUT * 20, FIND_TIMEOUT, 3,
+ global_task, recvsoa, reqinfo, request);
+ check_result(result, "dns_request_createvia");
+ requests++;
+}
+
+#ifdef GSSAPI
+static void
+start_gssrequest(dns_name_t *master)
+{
+ gss_ctx_id_t context;
+ isc_buffer_t buf;
+ isc_result_t result;
+ isc_uint32_t val = 0;
+ dns_message_t *rmsg;
+ dns_request_t *request = NULL;
+ dns_name_t *servname;
+ dns_fixedname_t fname;
+ char namestr[DNS_NAME_FORMATSIZE];
+ char keystr[DNS_NAME_FORMATSIZE];
+
+ debug("start_gssrequest");
+ usevc = ISC_TRUE;
+
+ if (gssring != NULL)
+ dns_tsigkeyring_destroy(&gssring);
+ gssring = NULL;
+ result = dns_tsigkeyring_create(mctx, &gssring);
+
+ if (result != ISC_R_SUCCESS)
+ fatal("dns_tsigkeyring_create failed: %s",
+ isc_result_totext(result));
+
+ dns_name_format(master, namestr, sizeof(namestr));
+ if (kserver == NULL) {
+ kserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t));
+ if (kserver == NULL)
+ fatal("out of memory");
+ }
+ if (userserver == NULL)
+ get_address(namestr, DNSDEFAULTPORT, kserver);
+ else
+ (void)memcpy(kserver, userserver, sizeof(isc_sockaddr_t));
+
+ dns_fixedname_init(&fname);
+ servname = dns_fixedname_name(&fname);
+
+ result = isc_string_printf(servicename, sizeof(servicename),
+ "DNS/%s", namestr);
+ if (result != ISC_R_SUCCESS)
+ fatal("isc_string_printf(servicename) failed: %s",
+ isc_result_totext(result));
+ isc_buffer_init(&buf, servicename, strlen(servicename));
+ isc_buffer_add(&buf, strlen(servicename));
+ result = dns_name_fromtext(servname, &buf, dns_rootname,
+ ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("dns_name_fromtext(servname) failed: %s",
+ isc_result_totext(result));
+
+ dns_fixedname_init(&fkname);
+ keyname = dns_fixedname_name(&fkname);
+
+ isc_random_get(&val);
+ result = isc_string_printf(keystr, sizeof(keystr), "%u.sig-%s",
+ val, namestr);
+ if (result != ISC_R_SUCCESS)
+ fatal("isc_string_printf(keystr) failed: %s",
+ isc_result_totext(result));
+ isc_buffer_init(&buf, keystr, strlen(keystr));
+ isc_buffer_add(&buf, strlen(keystr));
+
+ result = dns_name_fromtext(keyname, &buf, dns_rootname,
+ ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ fatal("dns_name_fromtext(keyname) failed: %s",
+ isc_result_totext(result));
+
+ /* Windows doesn't recognize name compression in the key name. */
+ keyname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
+
+ rmsg = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &rmsg);
+ if (result != ISC_R_SUCCESS)
+ fatal("dns_message_create failed: %s",
+ isc_result_totext(result));
+
+ /* Build first request. */
+
+ context = GSS_C_NO_CONTEXT;
+ result = dns_tkey_buildgssquery(rmsg, keyname, servname, NULL, 0,
+ &context, use_win2k_gsstsig);
+ if (result == ISC_R_FAILURE)
+ fatal("Check your Kerberos ticket, it may have expired.");
+ if (result != ISC_R_SUCCESS)
+ fatal("dns_tkey_buildgssquery failed: %s",
+ isc_result_totext(result));
+
+ send_gssrequest(localaddr, kserver, rmsg, &request, context);
+}
+
+static void
+send_gssrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
+ dns_message_t *msg, dns_request_t **request,
+ gss_ctx_id_t context)
+{
+ isc_result_t result;
+ nsu_gssinfo_t *reqinfo;
+ unsigned int options = 0;
+
+ debug("send_gssrequest");
+ reqinfo = isc_mem_get(mctx, sizeof(nsu_gssinfo_t));
+ if (reqinfo == NULL)
+ fatal("out of memory");
+ reqinfo->msg = msg;
+ reqinfo->addr = destaddr;
+ reqinfo->context = context;
+
+ options |= DNS_REQUESTOPT_TCP;
+ result = dns_request_createvia3(requestmgr, msg, srcaddr, destaddr,
+ options, tsigkey, FIND_TIMEOUT * 20,
+ FIND_TIMEOUT, 3, global_task, recvgss,
+ reqinfo, request);
+ check_result(result, "dns_request_createvia3");
+ if (debugging)
+ show_message(stdout, msg, "Outgoing update query:");
+ requests++;
+}
+
+static void
+recvgss(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = NULL;
+ dns_request_t *request = NULL;
+ isc_result_t result, eresult;
+ dns_message_t *rcvmsg = NULL;
+ nsu_gssinfo_t *reqinfo;
+ dns_message_t *tsigquery = NULL;
+ isc_sockaddr_t *addr;
+ gss_ctx_id_t context;
+ isc_buffer_t buf;
+ dns_name_t *servname;
+ dns_fixedname_t fname;
+
+ UNUSED(task);
+
+ ddebug("recvgss()");
+
+ requests--;
+
+ REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE);
+ reqev = (dns_requestevent_t *)event;
+ request = reqev->request;
+ eresult = reqev->result;
+ reqinfo = reqev->ev_arg;
+ tsigquery = reqinfo->msg;
+ context = reqinfo->context;
+ addr = reqinfo->addr;
+
+ if (shuttingdown) {
+ dns_request_destroy(&request);
+ dns_message_destroy(&tsigquery);
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t));
+ isc_event_free(&event);
+ maybeshutdown();
+ return;
+ }
+
+ if (eresult != ISC_R_SUCCESS) {
+ char addrbuf[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
+ fprintf(stderr, "; Communication with %s failed: %s\n",
+ addrbuf, isc_result_totext(eresult));
+ if (userserver != NULL)
+ fatal("could not talk to specified name server");
+ else if (++ns_inuse >= lwconf->nsnext)
+ fatal("could not talk to any default name server");
+ ddebug("Destroying request [%p]", request);
+ dns_request_destroy(&request);
+ dns_message_renderreset(tsigquery);
+ sendrequest(localaddr, &servers[ns_inuse], tsigquery,
+ &request);
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t));
+ isc_event_free(&event);
+ return;
+ }
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t));
+
+ isc_event_free(&event);
+ reqev = NULL;
+
+ ddebug("recvgss creating rcvmsg");
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &rcvmsg);
+ check_result(result, "dns_message_create");
+
+ result = dns_request_getresponse(request, rcvmsg,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ check_result(result, "dns_request_getresponse");
+
+ if (debugging)
+ show_message(stderr, rcvmsg,
+ "recvmsg reply from GSS-TSIG query");
+
+ if (rcvmsg->rcode == dns_rcode_formerr && !tried_other_gsstsig) {
+ ddebug("recvgss trying %s GSS-TSIG",
+ use_win2k_gsstsig ? "Standard" : "Win2k");
+ if (use_win2k_gsstsig)
+ use_win2k_gsstsig = ISC_FALSE;
+ else
+ use_win2k_gsstsig = ISC_TRUE;
+ tried_other_gsstsig = ISC_TRUE;
+ start_gssrequest(&restart_master);
+ goto done;
+ }
+
+ if (rcvmsg->rcode != dns_rcode_noerror &&
+ rcvmsg->rcode != dns_rcode_nxdomain)
+ fatal("response to GSS-TSIG query was unsuccessful");
+
+
+ dns_fixedname_init(&fname);
+ servname = dns_fixedname_name(&fname);
+ isc_buffer_init(&buf, servicename, strlen(servicename));
+ isc_buffer_add(&buf, strlen(servicename));
+ result = dns_name_fromtext(servname, &buf, dns_rootname,
+ ISC_FALSE, NULL);
+ check_result(result, "dns_name_fromtext");
+
+ tsigkey = NULL;
+ result = dns_tkey_gssnegotiate(tsigquery, rcvmsg, servname,
+ &context, &tsigkey, gssring,
+ use_win2k_gsstsig);
+ switch (result) {
+
+ case DNS_R_CONTINUE:
+ send_gssrequest(localaddr, kserver, tsigquery, &request,
+ context);
+ break;
+
+ case ISC_R_SUCCESS:
+ /*
+ * XXXSRA Waaay too much fun here. There's no good
+ * reason why we need a TSIG here (the people who put
+ * it into the spec admitted at the time that it was
+ * not a security issue), and Windows clients don't
+ * seem to work if named complies with the spec and
+ * includes the gratuitous TSIG. So we're in the
+ * bizzare situation of having to choose between
+ * complying with a useless requirement in the spec
+ * and interoperating. This is nuts. If we can
+ * confirm this behavior, we should ask the WG to
+ * consider removing the requirement for the
+ * gratuitous TSIG here. For the moment, we ignore
+ * the TSIG -- this too is a spec violation, but it's
+ * the least insane thing to do.
+ */
+#if 0
+ /*
+ * Verify the signature.
+ */
+ rcvmsg->state = DNS_SECTION_ANY;
+ dns_message_setquerytsig(rcvmsg, NULL);
+ result = dns_message_settsigkey(rcvmsg, tsigkey);
+ check_result(result, "dns_message_settsigkey");
+ result = dns_message_checksig(rcvmsg, NULL);
+ ddebug("tsig verification: %s", dns_result_totext(result));
+ check_result(result, "dns_message_checksig");
+#endif /* 0 */
+
+ send_update(&tmpzonename, serveraddr, localaddr);
+ setzoneclass(dns_rdataclass_none);
+ break;
+
+ default:
+ fatal("dns_tkey_negotiategss: %s", isc_result_totext(result));
+ }
+
+ done:
+ dns_request_destroy(&request);
+ dns_message_destroy(&tsigquery);
+
+ dns_message_destroy(&rcvmsg);
+ ddebug("Out of recvgss");
+}
+#endif
+
+static void
+start_update(void) {
+ isc_result_t result;
+ dns_rdataset_t *rdataset = NULL;
+ dns_name_t *name = NULL;
+ dns_request_t *request = NULL;
+ dns_message_t *soaquery = NULL;
+ dns_name_t *firstname;
+ dns_section_t section = DNS_SECTION_UPDATE;
+
+ ddebug("start_update()");
+
+ if (answer != NULL)
+ dns_message_destroy(&answer);
+
+ if (userzone != NULL && userserver != NULL && ! usegsstsig) {
+ send_update(userzone, userserver, localaddr);
+ setzoneclass(dns_rdataclass_none);
+ return;
+ }
+
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
+ &soaquery);
+ check_result(result, "dns_message_create");
+
+ if (userserver == NULL)
+ soaquery->flags |= DNS_MESSAGEFLAG_RD;
+
+ result = dns_message_gettempname(soaquery, &name);
+ check_result(result, "dns_message_gettempname");
+
+ result = dns_message_gettemprdataset(soaquery, &rdataset);
+ check_result(result, "dns_message_gettemprdataset");
+
+ dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa);
+
+ if (userzone != NULL) {
+ dns_name_init(name, NULL);
+ dns_name_clone(userzone, name);
+ } else {
+ result = dns_message_firstname(updatemsg, section);
+ if (result == ISC_R_NOMORE) {
+ section = DNS_SECTION_PREREQUISITE;
+ result = dns_message_firstname(updatemsg, section);
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_message_puttempname(soaquery, &name);
+ dns_rdataset_disassociate(rdataset);
+ dns_message_puttemprdataset(soaquery, &rdataset);
+ dns_message_destroy(&soaquery);
+ done_update();
+ return;
+ }
+ firstname = NULL;
+ dns_message_currentname(updatemsg, section, &firstname);
+ dns_name_init(name, NULL);
+ dns_name_clone(firstname, name);
+ }
+
+ ISC_LIST_INIT(name->list);
+ ISC_LIST_APPEND(name->list, rdataset, link);
+ dns_message_addname(soaquery, name, DNS_SECTION_QUESTION);
+
+ if (userserver != NULL)
+ sendrequest(localaddr, userserver, soaquery, &request);
+ else {
+ ns_inuse = 0;
+ sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
+ }
+}
+
+static void
+cleanup(void) {
+ ddebug("cleanup()");
+
+ if (answer != NULL)
+ dns_message_destroy(&answer);
+
+#ifdef GSSAPI
+ if (tsigkey != NULL) {
+ ddebug("detach tsigkey x%p", tsigkey);
+ dns_tsigkey_detach(&tsigkey);
+ }
+ if (gssring != NULL) {
+ ddebug("Destroying GSS-TSIG keyring");
+ dns_tsigkeyring_destroy(&gssring);
+ }
+ if (kserver != NULL) {
+ isc_mem_put(mctx, kserver, sizeof(isc_sockaddr_t));
+ kserver = NULL;
+ }
+#endif
+
+ ddebug("Shutting down task manager");
+ isc_taskmgr_destroy(&taskmgr);
+
+ ddebug("Destroying event");
+ isc_event_free(&global_event);
+
+ ddebug("Shutting down socket manager");
+ isc_socketmgr_destroy(&socketmgr);
+
+ ddebug("Shutting down timer manager");
+ isc_timermgr_destroy(&timermgr);
+
+ ddebug("Destroying hash context");
+ isc_hash_destroy();
+
+ ddebug("Destroying name state");
+ dns_name_destroy();
+
+ ddebug("Removing log context");
+ isc_log_destroy(&lctx);
+
+ ddebug("Destroying memory context");
+ if (memdebugging)
+ isc_mem_stats(mctx, stderr);
+ isc_mem_destroy(&mctx);
+}
+
+static void
+getinput(isc_task_t *task, isc_event_t *event) {
+ isc_boolean_t more;
+
+ UNUSED(task);
+
+ if (shuttingdown) {
+ maybeshutdown();
+ return;
+ }
+
+ if (global_event == NULL)
+ global_event = event;
+
+ reset_system();
+ more = user_interaction();
+ if (!more) {
+ isc_app_shutdown();
+ return;
+ }
+ start_update();
+ return;
+}
+
+int
+main(int argc, char **argv) {
+ isc_result_t result;
+ style = &dns_master_style_debug;
+
+ input = stdin;
+
+ interactive = ISC_TF(isatty(0));
+
+ isc_app_start();
+
+ pre_parse_args(argc, argv);
+
+ result = isc_mem_create(0, 0, &mctx);
+ check_result(result, "isc_mem_create");
+
+ parse_args(argc, argv, mctx, &entropy);
+
+ setup_system();
+
+ result = isc_app_onrun(mctx, global_task, getinput, NULL);
+ check_result(result, "isc_app_onrun");
+
+ (void)isc_app_run();
+
+ cleanup();
+
+ isc_app_finish();
+
+ if (seenerror)
+ return (2);
+ else
+ return (0);
+}
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
new file mode 100644
index 0000000..9787758
--- /dev/null
+++ b/bin/nsupdate/nsupdate.docbook
@@ -0,0 +1,701 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: nsupdate.docbook,v 1.34 2008/09/25 02:20:27 marka Exp $ -->
+<refentry id="man.nsupdate">
+ <refentryinfo>
+ <date>Jun 30, 2000</date>
+ </refentryinfo>
+ <refmeta>
+ <refentrytitle><application>nsupdate</application></refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+ <refnamediv>
+ <refname><application>nsupdate</application></refname>
+ <refpurpose>Dynamic DNS update utility</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>nsupdate</command>
+ <arg><option>-d</option></arg>
+ <arg><option>-D</option></arg>
+ <group>
+ <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
+ </group>
+ <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
+ <arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
+ <arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
+ <arg><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
+ <arg><option>-v</option></arg>
+ <arg>filename</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>nsupdate</command>
+ is used to submit Dynamic DNS Update requests as defined in RFC2136
+ to a name server.
+ This allows resource records to be added or removed from a zone
+ without manually editing the zone file.
+ A single update request can contain requests to add or remove more than
+ one
+ resource record.
+ </para>
+ <para>
+ Zones that are under dynamic control via
+ <command>nsupdate</command>
+ or a DHCP server should not be edited by hand.
+ Manual edits could
+ conflict with dynamic updates and cause data to be lost.
+ </para>
+ <para>
+ The resource records that are dynamically added or removed with
+ <command>nsupdate</command>
+ have to be in the same zone.
+ Requests are sent to the zone's master server.
+ This is identified by the MNAME field of the zone's SOA record.
+ </para>
+ <para>
+ The
+ <option>-d</option>
+ option makes
+ <command>nsupdate</command>
+ operate in debug mode.
+ This provides tracing information about the update requests that are
+ made and the replies received from the name server.
+ </para>
+ <para>
+ The <option>-D</option> option makes <command>nsupdate</command>
+ report additional debugging information to <option>-d</option>.
+ </para>
+ <para>
+ Transaction signatures can be used to authenticate the Dynamic DNS
+ updates.
+ These use the TSIG resource record type described in RFC2845 or the
+ SIG(0) record described in RFC3535 and RFC2931.
+ TSIG relies on a shared secret that should only be known to
+ <command>nsupdate</command> and the name server.
+ Currently, the only supported encryption algorithm for TSIG is
+ HMAC-MD5, which is defined in RFC 2104.
+ Once other algorithms are defined for TSIG, applications will need to
+ ensure they select the appropriate algorithm as well as the key when
+ authenticating each other.
+ For instance, suitable
+ <type>key</type>
+ and
+ <type>server</type>
+ statements would be added to
+ <filename>/etc/named.conf</filename>
+ so that the name server can associate the appropriate secret key
+ and algorithm with the IP address of the
+ client application that will be using TSIG authentication.
+ SIG(0) uses public key cryptography. To use a SIG(0) key, the public
+ key must be stored in a KEY record in a zone served by the name server.
+ <command>nsupdate</command>
+ does not read
+ <filename>/etc/named.conf</filename>.
+ </para>
+ <para><command>nsupdate</command>
+ uses the <option>-y</option> or <option>-k</option> option
+ to provide the shared secret needed to generate a TSIG record
+ for authenticating Dynamic DNS update requests, default type
+ HMAC-MD5. These options are mutually exclusive. With the
+ <option>-k</option> option, <command>nsupdate</command> reads
+ the shared secret from the file <parameter>keyfile</parameter>,
+ whose name is of the form
+ <filename>K{name}.+157.+{random}.private</filename>. For
+ historical reasons, the file
+ <filename>K{name}.+157.+{random}.key</filename> must also be
+ present. When the <option>-y</option> option is used, a
+ signature is generated from
+ <optional><parameter>hmac:</parameter></optional><parameter>keyname:secret.</parameter>
+ <parameter>keyname</parameter> is the name of the key, and
+ <parameter>secret</parameter> is the base64 encoded shared
+ secret. Use of the <option>-y</option> option is discouraged
+ because the shared secret is supplied as a command line
+ argument in clear text. This may be visible in the output
+ from
+ <citerefentry>
+ <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry> or in a history file maintained by the user's
+ shell.
+ </para>
+ <para>
+ The <option>-k</option> may also be used to specify a SIG(0) key used
+ to authenticate Dynamic DNS update requests. In this case, the key
+ specified is not an HMAC-MD5 key.
+ </para>
+ <para>
+ By default
+ <command>nsupdate</command>
+ uses UDP to send update requests to the name server unless they are too
+ large to fit in a UDP request in which case TCP will be used.
+ The
+ <option>-v</option>
+ option makes
+ <command>nsupdate</command>
+ use a TCP connection.
+ This may be preferable when a batch of update requests is made.
+ </para>
+ <para>
+ The <option>-t</option> option sets the maximum time an update request
+ can
+ take before it is aborted. The default is 300 seconds. Zero can be
+ used
+ to disable the timeout.
+ </para>
+ <para>
+ The <option>-u</option> option sets the UDP retry interval. The default
+ is
+ 3 seconds. If zero, the interval will be computed from the timeout
+ interval
+ and number of UDP retries.
+ </para>
+ <para>
+ The <option>-r</option> option sets the number of UDP retries. The
+ default is
+ 3. If zero, only one update request will be made.
+ </para>
+ <para>
+ The <option>-R <replaceable
+ class="parameter">randomdev</replaceable></option> option
+ specifies a source of randomness. If the operating system
+ does not provide a <filename>/dev/random</filename> or
+ equivalent device, the default source of randomness is keyboard
+ input. <filename>randomdev</filename> specifies the name of
+ a character device or file containing random data to be used
+ instead of the default. The special value
+ <filename>keyboard</filename> indicates that keyboard input
+ should be used. This option may be specified multiple times.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>INPUT FORMAT</title>
+ <para><command>nsupdate</command>
+ reads input from
+ <parameter>filename</parameter>
+ or standard input.
+ Each command is supplied on exactly one line of input.
+ Some commands are for administrative purposes.
+ The others are either update instructions or prerequisite checks on the
+ contents of the zone.
+ These checks set conditions that some name or set of
+ resource records (RRset) either exists or is absent from the zone.
+ These conditions must be met if the entire update request is to succeed.
+ Updates will be rejected if the tests for the prerequisite conditions
+ fail.
+ </para>
+ <para>
+ Every update request consists of zero or more prerequisites
+ and zero or more updates.
+ This allows a suitably authenticated update request to proceed if some
+ specified resource records are present or missing from the zone.
+ A blank input line (or the <command>send</command> command)
+ causes the
+ accumulated commands to be sent as one Dynamic DNS update request to the
+ name server.
+ </para>
+ <para>
+ The command formats and their meaning are as follows:
+ <variablelist>
+
+ <varlistentry>
+ <term>
+ <command>server</command>
+ <arg choice="req">servername</arg>
+ <arg choice="opt">port</arg>
+ </term>
+ <listitem>
+ <para>
+ Sends all dynamic update requests to the name server
+ <parameter>servername</parameter>.
+ When no server statement is provided,
+ <command>nsupdate</command>
+ will send updates to the master server of the correct zone.
+ The MNAME field of that zone's SOA record will identify the
+ master
+ server for that zone.
+ <parameter>port</parameter>
+ is the port number on
+ <parameter>servername</parameter>
+ where the dynamic update requests get sent.
+ If no port number is specified, the default DNS port number of
+ 53 is
+ used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>local</command>
+ <arg choice="req">address</arg>
+ <arg choice="opt">port</arg>
+ </term>
+ <listitem>
+ <para>
+ Sends all dynamic update requests using the local
+ <parameter>address</parameter>.
+
+ When no local statement is provided,
+ <command>nsupdate</command>
+ will send updates using an address and port chosen by the
+ system.
+ <parameter>port</parameter>
+ can additionally be used to make requests come from a specific
+ port.
+ If no port number is specified, the system will assign one.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>zone</command>
+ <arg choice="req">zonename</arg>
+ </term>
+ <listitem>
+ <para>
+ Specifies that all updates are to be made to the zone
+ <parameter>zonename</parameter>.
+ If no
+ <parameter>zone</parameter>
+ statement is provided,
+ <command>nsupdate</command>
+ will attempt determine the correct zone to update based on the
+ rest of the input.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>class</command>
+ <arg choice="req">classname</arg>
+ </term>
+ <listitem>
+ <para>
+ Specify the default class.
+ If no <parameter>class</parameter> is specified, the
+ default class is
+ <parameter>IN</parameter>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>ttl</command>
+ <arg choice="req">seconds</arg>
+ </term>
+ <listitem>
+ <para>
+ Specify the default time to live for records to be added.
+ The value <parameter>none</parameter> will clear the default
+ ttl.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>key</command>
+ <arg choice="req">name</arg>
+ <arg choice="req">secret</arg>
+ </term>
+ <listitem>
+ <para>
+ Specifies that all updates are to be TSIG-signed using the
+ <parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
+ The <command>key</command> command
+ overrides any key specified on the command line via
+ <option>-y</option> or <option>-k</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>prereq nxdomain</command>
+ <arg choice="req">domain-name</arg>
+ </term>
+ <listitem>
+ <para>
+ Requires that no resource record of any type exists with name
+ <parameter>domain-name</parameter>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>
+ <command>prereq yxdomain</command>
+ <arg choice="req">domain-name</arg>
+ </term>
+ <listitem>
+ <para>
+ Requires that
+ <parameter>domain-name</parameter>
+ exists (has as at least one resource record, of any type).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>prereq nxrrset</command>
+ <arg choice="req">domain-name</arg>
+ <arg choice="opt">class</arg>
+ <arg choice="req">type</arg>
+ </term>
+ <listitem>
+ <para>
+ Requires that no resource record exists of the specified
+ <parameter>type</parameter>,
+ <parameter>class</parameter>
+ and
+ <parameter>domain-name</parameter>.
+ If
+ <parameter>class</parameter>
+ is omitted, IN (internet) is assumed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>
+ <command>prereq yxrrset</command>
+ <arg choice="req">domain-name</arg>
+ <arg choice="opt">class</arg>
+ <arg choice="req">type</arg>
+ </term>
+ <listitem>
+ <para>
+ This requires that a resource record of the specified
+ <parameter>type</parameter>,
+ <parameter>class</parameter>
+ and
+ <parameter>domain-name</parameter>
+ must exist.
+ If
+ <parameter>class</parameter>
+ is omitted, IN (internet) is assumed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>prereq yxrrset</command>
+ <arg choice="req">domain-name</arg>
+ <arg choice="opt">class</arg>
+ <arg choice="req">type</arg>
+ <arg choice="req" rep="repeat">data</arg>
+ </term>
+ <listitem>
+ <para>
+ The
+ <parameter>data</parameter>
+ from each set of prerequisites of this form
+ sharing a common
+ <parameter>type</parameter>,
+ <parameter>class</parameter>,
+ and
+ <parameter>domain-name</parameter>
+ are combined to form a set of RRs. This set of RRs must
+ exactly match the set of RRs existing in the zone at the
+ given
+ <parameter>type</parameter>,
+ <parameter>class</parameter>,
+ and
+ <parameter>domain-name</parameter>.
+ The
+ <parameter>data</parameter>
+ are written in the standard text representation of the resource
+ record's
+ RDATA.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>update delete</command>
+ <arg choice="req">domain-name</arg>
+ <arg choice="opt">ttl</arg>
+ <arg choice="opt">class</arg>
+ <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
+ </term>
+ <listitem>
+ <para>
+ Deletes any resource records named
+ <parameter>domain-name</parameter>.
+ If
+ <parameter>type</parameter>
+ and
+ <parameter>data</parameter>
+ is provided, only matching resource records will be removed.
+ The internet class is assumed if
+ <parameter>class</parameter>
+ is not supplied. The
+ <parameter>ttl</parameter>
+ is ignored, and is only allowed for compatibility.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>update add</command>
+ <arg choice="req">domain-name</arg>
+ <arg choice="req">ttl</arg>
+ <arg choice="opt">class</arg>
+ <arg choice="req">type</arg>
+ <arg choice="req" rep="repeat">data</arg>
+ </term>
+ <listitem>
+ <para>
+ Adds a new resource record with the specified
+ <parameter>ttl</parameter>,
+ <parameter>class</parameter>
+ and
+ <parameter>data</parameter>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>show</command>
+ </term>
+ <listitem>
+ <para>
+ Displays the current message, containing all of the
+ prerequisites and
+ updates specified since the last send.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>send</command>
+ </term>
+ <listitem>
+ <para>
+ Sends the current message. This is equivalent to entering a
+ blank line.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>answer</command>
+ </term>
+ <listitem>
+ <para>
+ Displays the answer.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <command>debug</command>
+ </term>
+ <listitem>
+ <para>
+ Turn on debugging.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+
+ <para>
+ Lines beginning with a semicolon are comments and are ignored.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLES</title>
+ <para>
+ The examples below show how
+ <command>nsupdate</command>
+ could be used to insert and delete resource records from the
+ <type>example.com</type>
+ zone.
+ Notice that the input in each example contains a trailing blank line so
+ that
+ a group of commands are sent as one dynamic update request to the
+ master name server for
+ <type>example.com</type>.
+
+ <programlisting>
+# nsupdate
+&gt; update delete oldhost.example.com A
+&gt; update add newhost.example.com 86400 A 172.16.1.1
+&gt; send
+</programlisting>
+ </para>
+ <para>
+ Any A records for
+ <type>oldhost.example.com</type>
+ are deleted.
+ And an A record for
+ <type>newhost.example.com</type>
+ with IP address 172.16.1.1 is added.
+ The newly-added record has a 1 day TTL (86400 seconds).
+ <programlisting>
+# nsupdate
+&gt; prereq nxdomain nickname.example.com
+&gt; update add nickname.example.com 86400 CNAME somehost.example.com
+&gt; send
+</programlisting>
+ </para>
+ <para>
+ The prerequisite condition gets the name server to check that there
+ are no resource records of any type for
+ <type>nickname.example.com</type>.
+
+ If there are, the update request fails.
+ If this name does not exist, a CNAME for it is added.
+ This ensures that when the CNAME is added, it cannot conflict with the
+ long-standing rule in RFC1034 that a name must not exist as any other
+ record type if it exists as a CNAME.
+ (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
+ RRSIG, DNSKEY and NSEC records.)
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><constant>/etc/resolv.conf</constant></term>
+ <listitem>
+ <para>
+ used to identify default name server
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>K{name}.+157.+{random}.key</constant></term>
+ <listitem>
+ <para>
+ base-64 encoding of HMAC-MD5 key created by
+ <citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>K{name}.+157.+{random}.private</constant></term>
+ <listitem>
+ <para>
+ base-64 encoding of HMAC-MD5 key created by
+ <citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>RFC2136</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>RFC3007</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>RFC2104</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>RFC2845</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>RFC1034</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>RFC2535</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>RFC2931</refentrytitle>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>.
+ </para>
+
+ </refsect1>
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ The TSIG key is redundantly stored in two separate files.
+ This is a consequence of nsupdate using the DST library
+ for its cryptographic operations, and may change in future
+ releases.
+ </para>
+ </refsect1>
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
new file mode 100644
index 0000000..9d29806
--- /dev/null
+++ b/bin/nsupdate/nsupdate.html
@@ -0,0 +1,530 @@
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: nsupdate.html,v 1.40 2008/09/25 04:45:04 tbox Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>nsupdate</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.nsupdate"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">nsupdate</span> &#8212; Dynamic DNS update utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543437"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">nsupdate</strong></span>
+ is used to submit Dynamic DNS Update requests as defined in RFC2136
+ to a name server.
+ This allows resource records to be added or removed from a zone
+ without manually editing the zone file.
+ A single update request can contain requests to add or remove more than
+ one
+ resource record.
+ </p>
+<p>
+ Zones that are under dynamic control via
+ <span><strong class="command">nsupdate</strong></span>
+ or a DHCP server should not be edited by hand.
+ Manual edits could
+ conflict with dynamic updates and cause data to be lost.
+ </p>
+<p>
+ The resource records that are dynamically added or removed with
+ <span><strong class="command">nsupdate</strong></span>
+ have to be in the same zone.
+ Requests are sent to the zone's master server.
+ This is identified by the MNAME field of the zone's SOA record.
+ </p>
+<p>
+ The
+ <code class="option">-d</code>
+ option makes
+ <span><strong class="command">nsupdate</strong></span>
+ operate in debug mode.
+ This provides tracing information about the update requests that are
+ made and the replies received from the name server.
+ </p>
+<p>
+ The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
+ report additional debugging information to <code class="option">-d</code>.
+ </p>
+<p>
+ Transaction signatures can be used to authenticate the Dynamic DNS
+ updates.
+ These use the TSIG resource record type described in RFC2845 or the
+ SIG(0) record described in RFC3535 and RFC2931.
+ TSIG relies on a shared secret that should only be known to
+ <span><strong class="command">nsupdate</strong></span> and the name server.
+ Currently, the only supported encryption algorithm for TSIG is
+ HMAC-MD5, which is defined in RFC 2104.
+ Once other algorithms are defined for TSIG, applications will need to
+ ensure they select the appropriate algorithm as well as the key when
+ authenticating each other.
+ For instance, suitable
+ <span class="type">key</span>
+ and
+ <span class="type">server</span>
+ statements would be added to
+ <code class="filename">/etc/named.conf</code>
+ so that the name server can associate the appropriate secret key
+ and algorithm with the IP address of the
+ client application that will be using TSIG authentication.
+ SIG(0) uses public key cryptography. To use a SIG(0) key, the public
+ key must be stored in a KEY record in a zone served by the name server.
+ <span><strong class="command">nsupdate</strong></span>
+ does not read
+ <code class="filename">/etc/named.conf</code>.
+ </p>
+<p><span><strong class="command">nsupdate</strong></span>
+ uses the <code class="option">-y</code> or <code class="option">-k</code> option
+ to provide the shared secret needed to generate a TSIG record
+ for authenticating Dynamic DNS update requests, default type
+ HMAC-MD5. These options are mutually exclusive. With the
+ <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
+ the shared secret from the file <em class="parameter"><code>keyfile</code></em>,
+ whose name is of the form
+ <code class="filename">K{name}.+157.+{random}.private</code>. For
+ historical reasons, the file
+ <code class="filename">K{name}.+157.+{random}.key</code> must also be
+ present. When the <code class="option">-y</code> option is used, a
+ signature is generated from
+ [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
+ <em class="parameter"><code>keyname</code></em> is the name of the key, and
+ <em class="parameter"><code>secret</code></em> is the base64 encoded shared
+ secret. Use of the <code class="option">-y</code> option is discouraged
+ because the shared secret is supplied as a command line
+ argument in clear text. This may be visible in the output
+ from
+ <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> or in a history file maintained by the user's
+ shell.
+ </p>
+<p>
+ The <code class="option">-k</code> may also be used to specify a SIG(0) key used
+ to authenticate Dynamic DNS update requests. In this case, the key
+ specified is not an HMAC-MD5 key.
+ </p>
+<p>
+ By default
+ <span><strong class="command">nsupdate</strong></span>
+ uses UDP to send update requests to the name server unless they are too
+ large to fit in a UDP request in which case TCP will be used.
+ The
+ <code class="option">-v</code>
+ option makes
+ <span><strong class="command">nsupdate</strong></span>
+ use a TCP connection.
+ This may be preferable when a batch of update requests is made.
+ </p>
+<p>
+ The <code class="option">-t</code> option sets the maximum time an update request
+ can
+ take before it is aborted. The default is 300 seconds. Zero can be
+ used
+ to disable the timeout.
+ </p>
+<p>
+ The <code class="option">-u</code> option sets the UDP retry interval. The default
+ is
+ 3 seconds. If zero, the interval will be computed from the timeout
+ interval
+ and number of UDP retries.
+ </p>
+<p>
+ The <code class="option">-r</code> option sets the number of UDP retries. The
+ default is
+ 3. If zero, only one update request will be made.
+ </p>
+<p>
+ The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
+ specifies a source of randomness. If the operating system
+ does not provide a <code class="filename">/dev/random</code> or
+ equivalent device, the default source of randomness is keyboard
+ input. <code class="filename">randomdev</code> specifies the name of
+ a character device or file containing random data to be used
+ instead of the default. The special value
+ <code class="filename">keyboard</code> indicates that keyboard input
+ should be used. This option may be specified multiple times.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543700"></a><h2>INPUT FORMAT</h2>
+<p><span><strong class="command">nsupdate</strong></span>
+ reads input from
+ <em class="parameter"><code>filename</code></em>
+ or standard input.
+ Each command is supplied on exactly one line of input.
+ Some commands are for administrative purposes.
+ The others are either update instructions or prerequisite checks on the
+ contents of the zone.
+ These checks set conditions that some name or set of
+ resource records (RRset) either exists or is absent from the zone.
+ These conditions must be met if the entire update request is to succeed.
+ Updates will be rejected if the tests for the prerequisite conditions
+ fail.
+ </p>
+<p>
+ Every update request consists of zero or more prerequisites
+ and zero or more updates.
+ This allows a suitably authenticated update request to proceed if some
+ specified resource records are present or missing from the zone.
+ A blank input line (or the <span><strong class="command">send</strong></span> command)
+ causes the
+ accumulated commands to be sent as one Dynamic DNS update request to the
+ name server.
+ </p>
+<p>
+ The command formats and their meaning are as follows:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term">
+ <span><strong class="command">server</strong></span>
+ {servername}
+ [port]
+ </span></dt>
+<dd><p>
+ Sends all dynamic update requests to the name server
+ <em class="parameter"><code>servername</code></em>.
+ When no server statement is provided,
+ <span><strong class="command">nsupdate</strong></span>
+ will send updates to the master server of the correct zone.
+ The MNAME field of that zone's SOA record will identify the
+ master
+ server for that zone.
+ <em class="parameter"><code>port</code></em>
+ is the port number on
+ <em class="parameter"><code>servername</code></em>
+ where the dynamic update requests get sent.
+ If no port number is specified, the default DNS port number of
+ 53 is
+ used.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">local</strong></span>
+ {address}
+ [port]
+ </span></dt>
+<dd><p>
+ Sends all dynamic update requests using the local
+ <em class="parameter"><code>address</code></em>.
+
+ When no local statement is provided,
+ <span><strong class="command">nsupdate</strong></span>
+ will send updates using an address and port chosen by the
+ system.
+ <em class="parameter"><code>port</code></em>
+ can additionally be used to make requests come from a specific
+ port.
+ If no port number is specified, the system will assign one.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">zone</strong></span>
+ {zonename}
+ </span></dt>
+<dd><p>
+ Specifies that all updates are to be made to the zone
+ <em class="parameter"><code>zonename</code></em>.
+ If no
+ <em class="parameter"><code>zone</code></em>
+ statement is provided,
+ <span><strong class="command">nsupdate</strong></span>
+ will attempt determine the correct zone to update based on the
+ rest of the input.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">class</strong></span>
+ {classname}
+ </span></dt>
+<dd><p>
+ Specify the default class.
+ If no <em class="parameter"><code>class</code></em> is specified, the
+ default class is
+ <em class="parameter"><code>IN</code></em>.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">ttl</strong></span>
+ {seconds}
+ </span></dt>
+<dd><p>
+ Specify the default time to live for records to be added.
+ The value <em class="parameter"><code>none</code></em> will clear the default
+ ttl.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">key</strong></span>
+ {name}
+ {secret}
+ </span></dt>
+<dd><p>
+ Specifies that all updates are to be TSIG-signed using the
+ <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
+ The <span><strong class="command">key</strong></span> command
+ overrides any key specified on the command line via
+ <code class="option">-y</code> or <code class="option">-k</code>.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">prereq nxdomain</strong></span>
+ {domain-name}
+ </span></dt>
+<dd><p>
+ Requires that no resource record of any type exists with name
+ <em class="parameter"><code>domain-name</code></em>.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">prereq yxdomain</strong></span>
+ {domain-name}
+ </span></dt>
+<dd><p>
+ Requires that
+ <em class="parameter"><code>domain-name</code></em>
+ exists (has as at least one resource record, of any type).
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">prereq nxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
+ </span></dt>
+<dd><p>
+ Requires that no resource record exists of the specified
+ <em class="parameter"><code>type</code></em>,
+ <em class="parameter"><code>class</code></em>
+ and
+ <em class="parameter"><code>domain-name</code></em>.
+ If
+ <em class="parameter"><code>class</code></em>
+ is omitted, IN (internet) is assumed.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">prereq yxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
+ </span></dt>
+<dd><p>
+ This requires that a resource record of the specified
+ <em class="parameter"><code>type</code></em>,
+ <em class="parameter"><code>class</code></em>
+ and
+ <em class="parameter"><code>domain-name</code></em>
+ must exist.
+ If
+ <em class="parameter"><code>class</code></em>
+ is omitted, IN (internet) is assumed.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">prereq yxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
+ {data...}
+ </span></dt>
+<dd><p>
+ The
+ <em class="parameter"><code>data</code></em>
+ from each set of prerequisites of this form
+ sharing a common
+ <em class="parameter"><code>type</code></em>,
+ <em class="parameter"><code>class</code></em>,
+ and
+ <em class="parameter"><code>domain-name</code></em>
+ are combined to form a set of RRs. This set of RRs must
+ exactly match the set of RRs existing in the zone at the
+ given
+ <em class="parameter"><code>type</code></em>,
+ <em class="parameter"><code>class</code></em>,
+ and
+ <em class="parameter"><code>domain-name</code></em>.
+ The
+ <em class="parameter"><code>data</code></em>
+ are written in the standard text representation of the resource
+ record's
+ RDATA.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">update delete</strong></span>
+ {domain-name}
+ [ttl]
+ [class]
+ [type [data...]]
+ </span></dt>
+<dd><p>
+ Deletes any resource records named
+ <em class="parameter"><code>domain-name</code></em>.
+ If
+ <em class="parameter"><code>type</code></em>
+ and
+ <em class="parameter"><code>data</code></em>
+ is provided, only matching resource records will be removed.
+ The internet class is assumed if
+ <em class="parameter"><code>class</code></em>
+ is not supplied. The
+ <em class="parameter"><code>ttl</code></em>
+ is ignored, and is only allowed for compatibility.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">update add</strong></span>
+ {domain-name}
+ {ttl}
+ [class]
+ {type}
+ {data...}
+ </span></dt>
+<dd><p>
+ Adds a new resource record with the specified
+ <em class="parameter"><code>ttl</code></em>,
+ <em class="parameter"><code>class</code></em>
+ and
+ <em class="parameter"><code>data</code></em>.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">show</strong></span>
+ </span></dt>
+<dd><p>
+ Displays the current message, containing all of the
+ prerequisites and
+ updates specified since the last send.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">send</strong></span>
+ </span></dt>
+<dd><p>
+ Sends the current message. This is equivalent to entering a
+ blank line.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">answer</strong></span>
+ </span></dt>
+<dd><p>
+ Displays the answer.
+ </p></dd>
+<dt><span class="term">
+ <span><strong class="command">debug</strong></span>
+ </span></dt>
+<dd><p>
+ Turn on debugging.
+ </p></dd>
+</dl></div>
+<p>
+ </p>
+<p>
+ Lines beginning with a semicolon are comments and are ignored.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544540"></a><h2>EXAMPLES</h2>
+<p>
+ The examples below show how
+ <span><strong class="command">nsupdate</strong></span>
+ could be used to insert and delete resource records from the
+ <span class="type">example.com</span>
+ zone.
+ Notice that the input in each example contains a trailing blank line so
+ that
+ a group of commands are sent as one dynamic update request to the
+ master name server for
+ <span class="type">example.com</span>.
+
+ </p>
+<pre class="programlisting">
+# nsupdate
+&gt; update delete oldhost.example.com A
+&gt; update add newhost.example.com 86400 A 172.16.1.1
+&gt; send
+</pre>
+<p>
+ </p>
+<p>
+ Any A records for
+ <span class="type">oldhost.example.com</span>
+ are deleted.
+ And an A record for
+ <span class="type">newhost.example.com</span>
+ with IP address 172.16.1.1 is added.
+ The newly-added record has a 1 day TTL (86400 seconds).
+ </p>
+<pre class="programlisting">
+# nsupdate
+&gt; prereq nxdomain nickname.example.com
+&gt; update add nickname.example.com 86400 CNAME somehost.example.com
+&gt; send
+</pre>
+<p>
+ </p>
+<p>
+ The prerequisite condition gets the name server to check that there
+ are no resource records of any type for
+ <span class="type">nickname.example.com</span>.
+
+ If there are, the update request fails.
+ If this name does not exist, a CNAME for it is added.
+ This ensures that when the CNAME is added, it cannot conflict with the
+ long-standing rule in RFC1034 that a name must not exist as any other
+ record type if it exists as a CNAME.
+ (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
+ RRSIG, DNSKEY and NSEC records.)
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544584"></a><h2>FILES</h2>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
+<dd><p>
+ used to identify default name server
+ </p></dd>
+<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
+<dd><p>
+ base-64 encoding of HMAC-MD5 key created by
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
+ </p></dd>
+<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
+<dd><p>
+ base-64 encoding of HMAC-MD5 key created by
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2542128"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">RFC2845</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">RFC1034</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">RFC2535</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">RFC2931</span></span>,
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2544929"></a><h2>BUGS</h2>
+<p>
+ The TSIG key is redundantly stored in two separate files.
+ This is a consequence of nsupdate using the DST library
+ for its cryptographic operations, and may change in future
+ releases.
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/nsupdate/win32/nsupdate.dsp b/bin/nsupdate/win32/nsupdate.dsp
new file mode 100644
index 0000000..028ed55
--- /dev/null
+++ b/bin/nsupdate/win32/nsupdate.dsp
@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="nsupdate" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=nsupdate - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "nsupdate.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nsupdate.mak" CFG="nsupdate - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nsupdate - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "nsupdate - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/lwres/win32/Release/liblwres.lib user32.lib advapi32.lib ws2_32.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nsupdate.exe"
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /u /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/lwres/win32/Debug/liblwres.lib user32.lib advapi32.lib ws2_32.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nsupdate.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "nsupdate - Win32 Release"
+# Name "nsupdate - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\nsupdate.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/nsupdate/win32/nsupdate.dsw b/bin/nsupdate/win32/nsupdate.dsw
new file mode 100644
index 0000000..5f0ac36
--- /dev/null
+++ b/bin/nsupdate/win32/nsupdate.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "nsupdate"=".\nsupdate.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/nsupdate/win32/nsupdate.mak b/bin/nsupdate/win32/nsupdate.mak
new file mode 100644
index 0000000..1e41c29
--- /dev/null
+++ b/bin/nsupdate/win32/nsupdate.mak
@@ -0,0 +1,373 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on nsupdate.dsp
+!IF "$(CFG)" == ""
+CFG=nsupdate - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to nsupdate - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "nsupdate - Win32 Release" && "$(CFG)" != "nsupdate - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "nsupdate.mak" CFG="nsupdate - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "nsupdate - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "nsupdate - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\nsupdate.exe"
+
+!ELSE
+
+ALL : "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\nsupdate.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\nsupdate.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\nsupdate.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nsupdate.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nsupdate.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/lwres/win32/Release/liblwres.lib user32.lib advapi32.lib ws2_32.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nsupdate.pdb" /machine:I386 /out:"../../../Build/Release/nsupdate.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\nsupdate.obj" \
+ "..\..\..\lib\dns\win32\Release\libdns.lib" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Release\libbind9.lib"
+
+"..\..\..\Build\Release\nsupdate.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\nsupdate.exe" "$(OUTDIR)\nsupdate.bsc"
+
+!ELSE
+
+ALL : "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\nsupdate.exe" "$(OUTDIR)\nsupdate.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\nsupdate.obj"
+ -@erase "$(INTDIR)\nsupdate.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\nsupdate.bsc"
+ -@erase "$(OUTDIR)\nsupdate.pdb"
+ -@erase "..\..\..\Build\Debug\nsupdate.exe"
+ -@erase "..\..\..\Build\Debug\nsupdate.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nsupdate.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\nsupdate.sbr"
+
+"$(OUTDIR)\nsupdate.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/lwres/win32/Debug/liblwres.lib user32.lib advapi32.lib ws2_32.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nsupdate.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nsupdate.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\nsupdate.obj" \
+ "..\..\..\lib\dns\win32\Debug\libdns.lib" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\bind9\win32\Debug\libbind9.lib"
+
+"..\..\..\Build\Debug\nsupdate.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("nsupdate.dep")
+!INCLUDE "nsupdate.dep"
+!ELSE
+!MESSAGE Warning: cannot find "nsupdate.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "nsupdate - Win32 Release" || "$(CFG)" == "nsupdate - Win32 Debug"
+SOURCE=..\nsupdate.c
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+
+"$(INTDIR)\nsupdate.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+
+"$(INTDIR)\nsupdate.obj" "$(INTDIR)\nsupdate.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+"libdns - Win32 Release" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
+ cd "..\..\..\bin\nsupdate\win32"
+
+"libdns - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\nsupdate\win32"
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+"libdns - Win32 Debug" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
+ cd "..\..\..\bin\nsupdate\win32"
+
+"libdns - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\dns\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\nsupdate\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\nsupdate\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\nsupdate\win32"
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\nsupdate\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\nsupdate\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "nsupdate - Win32 Release"
+
+"libbind9 - Win32 Release" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
+ cd "..\..\..\bin\nsupdate\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\nsupdate\win32"
+
+!ELSEIF "$(CFG)" == "nsupdate - Win32 Debug"
+
+"libbind9 - Win32 Debug" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
+ cd "..\..\..\bin\nsupdate\win32"
+
+"libbind9 - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\nsupdate\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in
new file mode 100644
index 0000000..9b0e20d
--- /dev/null
+++ b/bin/rndc/Makefile.in
@@ -0,0 +1,104 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.44 2007/06/18 23:47:22 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
+ ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCCCLIBS = ../../lib/isccc/libisccc.@A@
+ISCLIBS = ../../lib/isc/libisc.@A@
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS = ../../lib/bind9/libbind9.@A@
+
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
+
+RNDCLIBS = ${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
+RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+SRCS= rndc.c rndc-confgen.c
+
+SUBDIRS = unix
+
+TARGETS = rndc@EXEEXT@ rndc-confgen@EXEEXT@
+
+MANPAGES = rndc.8 rndc-confgen.8 rndc.conf.5
+
+HTMLPAGES = rndc.html rndc-confgen.html rndc.conf.html
+
+MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
+UOBJS = unix/os.@O@
+
+@BIND9_MAKE_RULES@
+
+rndc.@O@: rndc.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+ -DRNDC_CONFFILE=\"${sysconfdir}/rndc.conf\" \
+ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+ -c ${srcdir}/rndc.c
+
+rndc-confgen.@O@: rndc-confgen.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+ -c ${srcdir}/rndc-confgen.c
+
+rndc@EXEEXT@: rndc.@O@ util.@O@ ${RNDCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc.@O@ util.@O@ \
+ ${RNDCLIBS}
+
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ ${UOBJS} ${CONFDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc-confgen.@O@ util.@O@ \
+ ${UOBJS} ${CONFLIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+ rm -f ${MANOBJS}
+
+installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
+
+install:: rndc@EXEEXT@ rndc-confgen@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+ ${INSTALL_DATA} ${srcdir}/rndc.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/rndc.conf.5 ${DESTDIR}${mandir}/man5
+
+clean distclean maintainer-clean::
+ rm -f ${TARGETS}
diff --git a/bin/rndc/include/rndc/os.h b/bin/rndc/include/rndc/os.h
new file mode 100644
index 0000000..6e3007c
--- /dev/null
+++ b/bin/rndc/include/rndc/os.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.h,v 1.9 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#ifndef RNDC_OS_H
+#define RNDC_OS_H 1
+
+#include <isc/lang.h>
+#include <stdio.h>
+
+ISC_LANG_BEGINDECLS
+
+FILE *safe_create(const char *filename);
+/*%<
+ * Open 'filename' for writing, truncate if necessary. If the file was
+ * created ensure that only the owner can read/write it.
+ */
+
+int set_user(FILE *fd, const char *user);
+/*%<
+ * Set the owner of the file refernced by 'fd' to 'user'.
+ * Returns:
+ * 0 success
+ * -1 insufficient permissions, or 'user' does not exist.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif
diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8
new file mode 100644
index 0000000..440870a
--- /dev/null
+++ b/bin/rndc/rndc-confgen.8
@@ -0,0 +1,211 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc-confgen.8,v 1.20 2007/01/30 00:24:59 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: rndc\-confgen
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Aug 27, 2001
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc\-confgen \- rndc key generation tool
+.SH "SYNOPSIS"
+.HP 13
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
+.SH "DESCRIPTION"
+.PP
+\fBrndc\-confgen\fR
+generates configuration files for
+\fBrndc\fR. It can be used as a convenient alternative to writing the
+\fIrndc.conf\fR
+file and the corresponding
+\fBcontrols\fR
+and
+\fBkey\fR
+statements in
+\fInamed.conf\fR
+by hand. Alternatively, it can be run with the
+\fB\-a\fR
+option to set up a
+\fIrndc.key\fR
+file and avoid the need for a
+\fIrndc.conf\fR
+file and a
+\fBcontrols\fR
+statement altogether.
+.SH "OPTIONS"
+.PP
+\-a
+.RS 4
+Do automatic
+\fBrndc\fR
+configuration. This creates a file
+\fIrndc.key\fR
+in
+\fI/etc\fR
+(or whatever
+\fIsysconfdir\fR
+was specified as when
+BIND
+was built) that is read by both
+\fBrndc\fR
+and
+\fBnamed\fR
+on startup. The
+\fIrndc.key\fR
+file defines a default command channel and authentication key allowing
+\fBrndc\fR
+to communicate with
+\fBnamed\fR
+on the local host with no further configuration.
+.sp
+Running
+\fBrndc\-confgen \-a\fR
+allows BIND 9 and
+\fBrndc\fR
+to be used as drop\-in replacements for BIND 8 and
+\fBndc\fR, with no changes to the existing BIND 8
+\fInamed.conf\fR
+file.
+.sp
+If a more elaborate configuration than that generated by
+\fBrndc\-confgen \-a\fR
+is required, for example if rndc is to be used remotely, you should run
+\fBrndc\-confgen\fR
+without the
+\fB\-a\fR
+option and set up a
+\fIrndc.conf\fR
+and
+\fInamed.conf\fR
+as directed.
+.RE
+.PP
+\-b \fIkeysize\fR
+.RS 4
+Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
+.RE
+.PP
+\-c \fIkeyfile\fR
+.RS 4
+Used with the
+\fB\-a\fR
+option to specify an alternate location for
+\fIrndc.key\fR.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBrndc\-confgen\fR.
+.RE
+.PP
+\-k \fIkeyname\fR
+.RS 4
+Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
+\fBrndc\-key\fR.
+.RE
+.PP
+\-p \fIport\fR
+.RS 4
+Specifies the command channel port where
+\fBnamed\fR
+listens for connections from
+\fBrndc\fR. The default is 953.
+.RE
+.PP
+\-r \fIrandomfile\fR
+.RS 4
+Specifies a source of random data for generating the authorization. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
+\-s \fIaddress\fR
+.RS 4
+Specifies the IP address where
+\fBnamed\fR
+listens for command channel connections from
+\fBrndc\fR. The default is the loopback address 127.0.0.1.
+.RE
+.PP
+\-t \fIchrootdir\fR
+.RS 4
+Used with the
+\fB\-a\fR
+option to specify a directory where
+\fBnamed\fR
+will run chrooted. An additional copy of the
+\fIrndc.key\fR
+will be written relative to this directory so that it will be found by the chrooted
+\fBnamed\fR.
+.RE
+.PP
+\-u \fIuser\fR
+.RS 4
+Used with the
+\fB\-a\fR
+option to set the owner of the
+\fIrndc.key\fR
+file generated. If
+\fB\-t\fR
+is also specified only the file in the chroot area has its owner changed.
+.RE
+.SH "EXAMPLES"
+.PP
+To allow
+\fBrndc\fR
+to be used with no manual configuration, run
+.PP
+\fBrndc\-confgen \-a\fR
+.PP
+To print a sample
+\fIrndc.conf\fR
+file and corresponding
+\fBcontrols\fR
+and
+\fBkey\fR
+statements to be manually inserted into
+\fInamed.conf\fR, run
+.PP
+\fBrndc\-confgen\fR
+.SH "SEE ALSO"
+.PP
+\fBrndc\fR(8),
+\fBrndc.conf\fR(5),
+\fBnamed\fR(8),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc-confgen.c b/bin/rndc/rndc-confgen.c
new file mode 100644
index 0000000..221135e
--- /dev/null
+++ b/bin/rndc/rndc-confgen.c
@@ -0,0 +1,342 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc-confgen.c,v 1.26 2008/10/15 23:47:31 tbox Exp $ */
+
+/*! \file */
+
+/**
+ * rndc-confgen generates configuration files for rndc. It can be used
+ * as a convenient alternative to writing the rndc.conf file and the
+ * corresponding controls and key statements in named.conf by hand.
+ * Alternatively, it can be run with the -a option to set up a
+ * rndc.key file and avoid the need for a rndc.conf file and a
+ * controls statement altogether.
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include <isc/assertions.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/keyboard.h>
+#include <isc/mem.h>
+#include <isc/net.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+
+#include <dst/dst.h>
+#include <rndc/os.h>
+
+#include "util.h"
+
+#define DEFAULT_KEYLENGTH 128 /*% Bits. */
+#define DEFAULT_KEYNAME "rndc-key"
+#define DEFAULT_SERVER "127.0.0.1"
+#define DEFAULT_PORT 953
+
+static char program[256];
+const char *progname;
+
+isc_boolean_t verbose = ISC_FALSE;
+
+const char *keyfile, *keydef;
+
+static void
+usage(int status) {
+
+ fprintf(stderr, "\
+Usage:\n\
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
+[-s addr] [-t chrootdir] [-u user]\n\
+ -a: generate just the key clause and write it to keyfile (%s)\n\
+ -b bits: from 1 through 512, default %d; total length of the secret\n\
+ -c keyfile: specify an alternate key file (requires -a)\n\
+ -k keyname: the name as it will be used in named.conf and rndc.conf\n\
+ -p port: the port named will listen on and rndc will connect to\n\
+ -r randomfile: a file containing random data\n\
+ -s addr: the address to which rndc should connect\n\
+ -t chrootdir: write a keyfile in chrootdir as well (requires -a)\n\
+ -u user: set the keyfile owner to \"user\" (requires -a)\n",
+ progname, keydef, DEFAULT_KEYLENGTH);
+
+ exit (status);
+}
+
+/*%
+ * Write an rndc.key file to 'keyfile'. If 'user' is non-NULL,
+ * make that user the owner of the file. The key will have
+ * the name 'keyname' and the secret in the buffer 'secret'.
+ */
+static void
+write_key_file(const char *keyfile, const char *user,
+ const char *keyname, isc_buffer_t *secret )
+{
+ FILE *fd;
+
+ fd = safe_create(keyfile);
+ if (fd == NULL)
+ fatal( "unable to create \"%s\"\n", keyfile);
+ if (user != NULL) {
+ if (set_user(fd, user) == -1)
+ fatal("unable to set file owner\n");
+ }
+ fprintf(fd, "key \"%s\" {\n\talgorithm hmac-md5;\n"
+ "\tsecret \"%.*s\";\n};\n", keyname,
+ (int)isc_buffer_usedlength(secret),
+ (char *)isc_buffer_base(secret));
+ fflush(fd);
+ if (ferror(fd))
+ fatal("write to %s failed\n", keyfile);
+ if (fclose(fd))
+ fatal("fclose(%s) failed\n", keyfile);
+ fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
+}
+
+int
+main(int argc, char **argv) {
+ isc_boolean_t show_final_mem = ISC_FALSE;
+ isc_buffer_t key_rawbuffer;
+ isc_buffer_t key_txtbuffer;
+ isc_region_t key_rawregion;
+ isc_mem_t *mctx = NULL;
+ isc_entropy_t *ectx = NULL;
+ isc_entropysource_t *entropy_source = NULL;
+ isc_result_t result = ISC_R_SUCCESS;
+ dst_key_t *key = NULL;
+ const char *keyname = NULL;
+ const char *randomfile = NULL;
+ const char *serveraddr = NULL;
+ char key_rawsecret[64];
+ char key_txtsecret[256];
+ char *p;
+ int ch;
+ int port;
+ int keysize;
+ int entropy_flags = 0;
+ int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
+ struct in_addr addr4_dummy;
+ struct in6_addr addr6_dummy;
+ char *chrootdir = NULL;
+ char *user = NULL;
+ isc_boolean_t keyonly = ISC_FALSE;
+ int len;
+
+ keydef = keyfile = RNDC_KEYFILE;
+
+ result = isc_file_progname(*argv, program, sizeof(program));
+ if (result != ISC_R_SUCCESS)
+ memcpy(program, "rndc-confgen", 13);
+ progname = program;
+
+ keyname = DEFAULT_KEYNAME;
+ keysize = DEFAULT_KEYLENGTH;
+ serveraddr = DEFAULT_SERVER;
+ port = DEFAULT_PORT;
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((ch = isc_commandline_parse(argc, argv,
+ "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) {
+ switch (ch) {
+ case 'a':
+ keyonly = ISC_TRUE;
+ break;
+ case 'b':
+ keysize = strtol(isc_commandline_argument, &p, 10);
+ if (*p != '\0' || keysize < 0)
+ fatal("-b requires a non-negative number");
+ if (keysize < 1 || keysize > 512)
+ fatal("-b must be in the range 1 through 512");
+ break;
+ case 'c':
+ keyfile = isc_commandline_argument;
+ break;
+ case 'h':
+ usage(0);
+ case 'k':
+ case 'y': /* Compatible with rndc -y. */
+ keyname = isc_commandline_argument;
+ break;
+ case 'M':
+ isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+ break;
+
+ case 'm':
+ show_final_mem = ISC_TRUE;
+ break;
+ case 'p':
+ port = strtol(isc_commandline_argument, &p, 10);
+ if (*p != '\0' || port < 0 || port > 65535)
+ fatal("port '%s' out of range",
+ isc_commandline_argument);
+ break;
+ case 'r':
+ randomfile = isc_commandline_argument;
+ break;
+ case 's':
+ serveraddr = isc_commandline_argument;
+ if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
+ inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
+ fatal("-s should be an IPv4 or IPv6 address");
+ break;
+ case 't':
+ chrootdir = isc_commandline_argument;
+ break;
+ case 'u':
+ user = isc_commandline_argument;
+ break;
+ case 'V':
+ verbose = ISC_TRUE;
+ break;
+ case '?':
+ if (isc_commandline_option != '?') {
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ usage(1);
+ } else
+ usage(0);
+ break;
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 0)
+ usage(1);
+
+ DO("create memory context", isc_mem_create(0, 0, &mctx));
+
+ DO("create entropy context", isc_entropy_create(mctx, &ectx));
+
+ if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
+ randomfile = NULL;
+ open_keyboard = ISC_ENTROPY_KEYBOARDYES;
+ }
+ DO("start entropy source", isc_entropy_usebestsource(ectx,
+ &entropy_source,
+ randomfile,
+ open_keyboard));
+
+ entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
+
+ DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
+
+ DO("generate key", dst_key_generate(dns_rootname, DST_ALG_HMACMD5,
+ keysize, 0, 0,
+ DNS_KEYPROTO_ANY,
+ dns_rdataclass_in, mctx, &key));
+
+ isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
+
+ DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
+
+ isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
+ isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
+
+ DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
+ &key_txtbuffer));
+
+ /*
+ * Shut down the entropy source now so the "stop typing" message
+ * does not muck with the output.
+ */
+ if (entropy_source != NULL)
+ isc_entropy_destroysource(&entropy_source);
+
+ if (key != NULL)
+ dst_key_free(&key);
+
+ isc_entropy_detach(&ectx);
+ dst_lib_destroy();
+
+ if (keyonly) {
+ write_key_file(keyfile, chrootdir == NULL ? user : NULL,
+ keyname, &key_txtbuffer);
+
+ if (chrootdir != NULL) {
+ char *buf;
+ len = strlen(chrootdir) + strlen(keyfile) + 2;
+ buf = isc_mem_get(mctx, len);
+ if (buf == NULL)
+ fatal("isc_mem_get(%d) failed\n", len);
+ snprintf(buf, len, "%s%s%s", chrootdir,
+ (*keyfile != '/') ? "/" : "", keyfile);
+
+ write_key_file(buf, user, keyname, &key_txtbuffer);
+ isc_mem_put(mctx, buf, len);
+ }
+ } else {
+ printf("\
+# Start of rndc.conf\n\
+key \"%s\" {\n\
+ algorithm hmac-md5;\n\
+ secret \"%.*s\";\n\
+};\n\
+\n\
+options {\n\
+ default-key \"%s\";\n\
+ default-server %s;\n\
+ default-port %d;\n\
+};\n\
+# End of rndc.conf\n\
+\n\
+# Use with the following in named.conf, adjusting the allow list as needed:\n\
+# key \"%s\" {\n\
+# algorithm hmac-md5;\n\
+# secret \"%.*s\";\n\
+# };\n\
+# \n\
+# controls {\n\
+# inet %s port %d\n\
+# allow { %s; } keys { \"%s\"; };\n\
+# };\n\
+# End of named.conf\n",
+ keyname,
+ (int)isc_buffer_usedlength(&key_txtbuffer),
+ (char *)isc_buffer_base(&key_txtbuffer),
+ keyname, serveraddr, port,
+ keyname,
+ (int)isc_buffer_usedlength(&key_txtbuffer),
+ (char *)isc_buffer_base(&key_txtbuffer),
+ serveraddr, port, serveraddr, keyname);
+ }
+
+ if (show_final_mem)
+ isc_mem_stats(mctx, stderr);
+
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook
new file mode 100644
index 0000000..4c51da5
--- /dev/null
+++ b/bin/rndc/rndc-confgen.docbook
@@ -0,0 +1,286 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc-confgen.docbook,v 1.13 2007/06/18 23:47:25 tbox Exp $ -->
+<refentry id="man.rndc-confgen">
+ <refentryinfo>
+ <date>Aug 27, 2001</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>rndc-confgen</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>rndc-confgen</application></refname>
+ <refpurpose>rndc key generation tool</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2001</year>
+ <year>2003</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>rndc-confgen</command>
+ <arg><option>-a</option></arg>
+ <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
+ <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
+ <arg><option>-h</option></arg>
+ <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
+ <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
+ <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>rndc-confgen</command>
+ generates configuration files
+ for <command>rndc</command>. It can be used as a
+ convenient alternative to writing the
+ <filename>rndc.conf</filename> file
+ and the corresponding <command>controls</command>
+ and <command>key</command>
+ statements in <filename>named.conf</filename> by hand.
+ Alternatively, it can be run with the <command>-a</command>
+ option to set up a <filename>rndc.key</filename> file and
+ avoid the need for a <filename>rndc.conf</filename> file
+ and a <command>controls</command> statement altogether.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a</term>
+ <listitem>
+ <para>
+ Do automatic <command>rndc</command> configuration.
+ This creates a file <filename>rndc.key</filename>
+ in <filename>/etc</filename> (or whatever
+ <varname>sysconfdir</varname>
+ was specified as when <acronym>BIND</acronym> was
+ built)
+ that is read by both <command>rndc</command>
+ and <command>named</command> on startup. The
+ <filename>rndc.key</filename> file defines a default
+ command channel and authentication key allowing
+ <command>rndc</command> to communicate with
+ <command>named</command> on the local host
+ with no further configuration.
+ </para>
+ <para>
+ Running <command>rndc-confgen -a</command> allows
+ BIND 9 and <command>rndc</command> to be used as
+ drop-in
+ replacements for BIND 8 and <command>ndc</command>,
+ with no changes to the existing BIND 8
+ <filename>named.conf</filename> file.
+ </para>
+ <para>
+ If a more elaborate configuration than that
+ generated by <command>rndc-confgen -a</command>
+ is required, for example if rndc is to be used remotely,
+ you should run <command>rndc-confgen</command> without
+ the
+ <command>-a</command> option and set up a
+ <filename>rndc.conf</filename> and
+ <filename>named.conf</filename>
+ as directed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-b <replaceable class="parameter">keysize</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the size of the authentication key in bits.
+ Must be between 1 and 512 bits; the default is 128.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">keyfile</replaceable></term>
+ <listitem>
+ <para>
+ Used with the <command>-a</command> option to specify
+ an alternate location for <filename>rndc.key</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem>
+ <para>
+ Prints a short summary of the options and arguments to
+ <command>rndc-confgen</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">keyname</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the key name of the rndc authentication key.
+ This must be a valid domain name.
+ The default is <constant>rndc-key</constant>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the command channel port where <command>named</command>
+ listens for connections from <command>rndc</command>.
+ The default is 953.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r <replaceable class="parameter">randomfile</replaceable></term>
+ <listitem>
+ <para>
+ Specifies a source of random data for generating the
+ authorization. If the operating
+ system does not provide a <filename>/dev/random</filename>
+ or equivalent device, the default source of randomness
+ is keyboard input. <filename>randomdev</filename>
+ specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <filename>keyboard</filename> indicates that keyboard
+ input should be used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">address</replaceable></term>
+ <listitem>
+ <para>
+ Specifies the IP address where <command>named</command>
+ listens for command channel connections from
+ <command>rndc</command>. The default is the loopback
+ address 127.0.0.1.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
+ <listitem>
+ <para>
+ Used with the <command>-a</command> option to specify
+ a directory where <command>named</command> will run
+ chrooted. An additional copy of the <filename>rndc.key</filename>
+ will be written relative to this directory so that
+ it will be found by the chrooted <command>named</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-u <replaceable class="parameter">user</replaceable></term>
+ <listitem>
+ <para>
+ Used with the <command>-a</command> option to set the
+ owner
+ of the <filename>rndc.key</filename> file generated.
+ If
+ <command>-t</command> is also specified only the file
+ in
+ the chroot area has its owner changed.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLES</title>
+ <para>
+ To allow <command>rndc</command> to be used with
+ no manual configuration, run
+ </para>
+ <para><userinput>rndc-confgen -a</userinput>
+ </para>
+ <para>
+ To print a sample <filename>rndc.conf</filename> file and
+ corresponding <command>controls</command> and <command>key</command>
+ statements to be manually inserted into <filename>named.conf</filename>,
+ run
+ </para>
+ <para><userinput>rndc-confgen</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html
new file mode 100644
index 0000000..4be87af
--- /dev/null
+++ b/bin/rndc/rndc-confgen.html
@@ -0,0 +1,188 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: rndc-confgen.html,v 1.25 2007/01/30 00:24:59 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>rndc-confgen</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.rndc-confgen"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543429"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">rndc-confgen</strong></span>
+ generates configuration files
+ for <span><strong class="command">rndc</strong></span>. It can be used as a
+ convenient alternative to writing the
+ <code class="filename">rndc.conf</code> file
+ and the corresponding <span><strong class="command">controls</strong></span>
+ and <span><strong class="command">key</strong></span>
+ statements in <code class="filename">named.conf</code> by hand.
+ Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
+ option to set up a <code class="filename">rndc.key</code> file and
+ avoid the need for a <code class="filename">rndc.conf</code> file
+ and a <span><strong class="command">controls</strong></span> statement altogether.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543474"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd>
+<p>
+ Do automatic <span><strong class="command">rndc</strong></span> configuration.
+ This creates a file <code class="filename">rndc.key</code>
+ in <code class="filename">/etc</code> (or whatever
+ <code class="varname">sysconfdir</code>
+ was specified as when <acronym class="acronym">BIND</acronym> was
+ built)
+ that is read by both <span><strong class="command">rndc</strong></span>
+ and <span><strong class="command">named</strong></span> on startup. The
+ <code class="filename">rndc.key</code> file defines a default
+ command channel and authentication key allowing
+ <span><strong class="command">rndc</strong></span> to communicate with
+ <span><strong class="command">named</strong></span> on the local host
+ with no further configuration.
+ </p>
+<p>
+ Running <span><strong class="command">rndc-confgen -a</strong></span> allows
+ BIND 9 and <span><strong class="command">rndc</strong></span> to be used as
+ drop-in
+ replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
+ with no changes to the existing BIND 8
+ <code class="filename">named.conf</code> file.
+ </p>
+<p>
+ If a more elaborate configuration than that
+ generated by <span><strong class="command">rndc-confgen -a</strong></span>
+ is required, for example if rndc is to be used remotely,
+ you should run <span><strong class="command">rndc-confgen</strong></span> without
+ the
+ <span><strong class="command">-a</strong></span> option and set up a
+ <code class="filename">rndc.conf</code> and
+ <code class="filename">named.conf</code>
+ as directed.
+ </p>
+</dd>
+<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
+<dd><p>
+ Specifies the size of the authentication key in bits.
+ Must be between 1 and 512 bits; the default is 128.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
+<dd><p>
+ Used with the <span><strong class="command">-a</strong></span> option to specify
+ an alternate location for <code class="filename">rndc.key</code>.
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Prints a short summary of the options and arguments to
+ <span><strong class="command">rndc-confgen</strong></span>.
+ </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
+<dd><p>
+ Specifies the key name of the rndc authentication key.
+ This must be a valid domain name.
+ The default is <code class="constant">rndc-key</code>.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Specifies the command channel port where <span><strong class="command">named</strong></span>
+ listens for connections from <span><strong class="command">rndc</strong></span>.
+ The default is 953.
+ </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
+<dd><p>
+ Specifies a source of random data for generating the
+ authorization. If the operating
+ system does not provide a <code class="filename">/dev/random</code>
+ or equivalent device, the default source of randomness
+ is keyboard input. <code class="filename">randomdev</code>
+ specifies
+ the name of a character device or file containing random
+ data to be used instead of the default. The special value
+ <code class="filename">keyboard</code> indicates that keyboard
+ input should be used.
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
+<dd><p>
+ Specifies the IP address where <span><strong class="command">named</strong></span>
+ listens for command channel connections from
+ <span><strong class="command">rndc</strong></span>. The default is the loopback
+ address 127.0.0.1.
+ </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
+<dd><p>
+ Used with the <span><strong class="command">-a</strong></span> option to specify
+ a directory where <span><strong class="command">named</strong></span> will run
+ chrooted. An additional copy of the <code class="filename">rndc.key</code>
+ will be written relative to this directory so that
+ it will be found by the chrooted <span><strong class="command">named</strong></span>.
+ </p></dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd><p>
+ Used with the <span><strong class="command">-a</strong></span> option to set the
+ owner
+ of the <code class="filename">rndc.key</code> file generated.
+ If
+ <span><strong class="command">-t</strong></span> is also specified only the file
+ in
+ the chroot area has its owner changed.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543787"></a><h2>EXAMPLES</h2>
+<p>
+ To allow <span><strong class="command">rndc</strong></span> to be used with
+ no manual configuration, run
+ </p>
+<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
+ </p>
+<p>
+ To print a sample <code class="filename">rndc.conf</code> file and
+ corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span>
+ statements to be manually inserted into <code class="filename">named.conf</code>,
+ run
+ </p>
+<p><strong class="userinput"><code>rndc-confgen</code></strong>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543829"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543867"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
new file mode 100644
index 0000000..7f0dea1
--- /dev/null
+++ b/bin/rndc/rndc.8
@@ -0,0 +1,148 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc.8,v 1.42 2007/12/14 22:37:22 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: rndc
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc \- name server control utility
+.SH "SYNOPSIS"
+.HP 5
+\fBrndc\fR [\fB\-b\ \fR\fB\fIsource\-address\fR\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command}
+.SH "DESCRIPTION"
+.PP
+\fBrndc\fR
+controls the operation of a name server. It supersedes the
+\fBndc\fR
+utility that was provided in old BIND releases. If
+\fBrndc\fR
+is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments.
+.PP
+\fBrndc\fR
+communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
+\fBrndc\fR
+and
+\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
+.PP
+\fBrndc\fR
+reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
+.SH "OPTIONS"
+.PP
+\-b \fIsource\-address\fR
+.RS 4
+Use
+\fIsource\-address\fR
+as the source address for the connection to the server. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses.
+.RE
+.PP
+\-c \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/rndc.conf\fR.
+.RE
+.PP
+\-k \fIkey\-file\fR
+.RS 4
+Use
+\fIkey\-file\fR
+as the key file instead of the default,
+\fI/etc/rndc.key\fR. The key in
+\fI/etc/rndc.key\fR
+will be used to authenticate commands sent to the server if the
+\fIconfig\-file\fR
+does not exist.
+.RE
+.PP
+\-s \fIserver\fR
+.RS 4
+\fIserver\fR
+is the name or address of the server which matches a server statement in the configuration file for
+\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the
+\fBrndc\fR
+configuration file will be used.
+.RE
+.PP
+\-p \fIport\fR
+.RS 4
+Send commands to TCP port
+\fIport\fR
+instead of BIND 9's default control channel port, 953.
+.RE
+.PP
+\-V
+.RS 4
+Enable verbose logging.
+.RE
+.PP
+\-y \fIkey_id\fR
+.RS 4
+Use the key
+\fIkey_id\fR
+from the configuration file.
+\fIkey_id\fR
+must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no
+\fIkey_id\fR
+is specified,
+\fBrndc\fR
+will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
+.RE
+.PP
+For the complete set of commands supported by
+\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run
+\fBrndc\fR
+without arguments to see its help message.
+.SH "LIMITATIONS"
+.PP
+\fBrndc\fR
+does not yet support all the commands of the BIND 8
+\fBndc\fR
+utility.
+.PP
+There is currently no way to provide the shared secret for a
+\fBkey_id\fR
+without using the configuration file.
+.PP
+Several error messages could be clearer.
+.SH "SEE ALSO"
+.PP
+\fBrndc.conf\fR(5),
+\fBrndc\-confgen\fR(8),
+\fBnamed\fR(8),
+\fBnamed.conf\fR(5),
+\fBndc\fR(8),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
new file mode 100644
index 0000000..cdebf3d
--- /dev/null
+++ b/bin/rndc/rndc.c
@@ -0,0 +1,859 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.c,v 1.122 2008/10/15 03:01:59 marka Exp $ */
+
+/*! \file */
+
+/*
+ * Principal Author: DCL
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/file.h>
+#include <isc/log.h>
+#include <isc/net.h>
+#include <isc/mem.h>
+#include <isc/random.h>
+#include <isc/socket.h>
+#include <isc/stdtime.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/thread.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <isccc/alist.h>
+#include <isccc/base64.h>
+#include <isccc/cc.h>
+#include <isccc/ccmsg.h>
+#include <isccc/result.h>
+#include <isccc/sexpr.h>
+#include <isccc/types.h>
+#include <isccc/util.h>
+
+#include <dns/name.h>
+
+#include <bind9/getaddresses.h>
+
+#include "util.h"
+
+#define SERVERADDRS 10
+
+const char *progname;
+isc_boolean_t verbose;
+
+static const char *admin_conffile;
+static const char *admin_keyfile;
+static const char *version = VERSION;
+static const char *servername = NULL;
+static isc_sockaddr_t serveraddrs[SERVERADDRS];
+static isc_sockaddr_t local4, local6;
+static isc_boolean_t local4set = ISC_FALSE, local6set = ISC_FALSE;
+static int nserveraddrs;
+static int currentaddr = 0;
+static unsigned int remoteport = 0;
+static isc_socketmgr_t *socketmgr = NULL;
+static unsigned char databuf[2048];
+static isccc_ccmsg_t ccmsg;
+static isccc_region_t secret;
+static isc_boolean_t failed = ISC_FALSE;
+static isc_mem_t *mctx;
+static int sends, recvs, connects;
+static char *command;
+static char *args;
+static char program[256];
+static isc_socket_t *sock = NULL;
+static isc_uint32_t serial;
+
+static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task);
+
+static void
+usage(int status) {
+ fprintf(stderr, "\
+Usage: %s [-c config] [-s server] [-p port]\n\
+ [-k key-file ] [-y key] [-V] command\n\
+\n\
+command is one of the following:\n\
+\n\
+ reload Reload configuration file and zones.\n\
+ reload zone [class [view]]\n\
+ Reload a single zone.\n\
+ refresh zone [class [view]]\n\
+ Schedule immediate maintenance for a zone.\n\
+ retransfer zone [class [view]]\n\
+ Retransfer a single zone without checking serial number.\n\
+ freeze Suspend updates to all dynamic zones.\n\
+ freeze zone [class [view]]\n\
+ Suspend updates to a dynamic zone.\n\
+ thaw Enable updates to all dynamic zones and reload them.\n\
+ thaw zone [class [view]]\n\
+ Enable updates to a frozen dynamic zone and reload it.\n\
+ notify zone [class [view]]\n\
+ Resend NOTIFY messages for the zone.\n\
+ reconfig Reload configuration file and new zones only.\n\
+ stats Write server statistics to the statistics file.\n\
+ querylog Toggle query logging.\n\
+ dumpdb [-all|-cache|-zones] [view ...]\n\
+ Dump cache(s) to the dump file (named_dump.db).\n\
+ stop Save pending updates to master files and stop the server.\n\
+ stop -p Save pending updates to master files and stop the server\n\
+ reporting process id.\n\
+ halt Stop the server without saving pending updates.\n\
+ halt -p Stop the server without saving pending updates reporting\n\
+ process id.\n\
+ trace Increment debugging level by one.\n\
+ trace level Change the debugging level.\n\
+ notrace Set debugging level to 0.\n\
+ flush Flushes all of the server's caches.\n\
+ flush [view] Flushes the server's cache for a view.\n\
+ flushname name [view]\n\
+ Flush the given name from the server's cache(s)\n\
+ status Display status of the server.\n\
+ recursing Dump the queries that are currently recursing (named.recursing)\n\
+ validation newstate [view]\n\
+ Enable / disable DNSSEC validation.\n\
+ *restart Restart the server.\n\
+\n\
+* == not yet implemented\n\
+Version: %s\n",
+ progname, version);
+
+ exit(status);
+}
+
+static void
+get_addresses(const char *host, in_port_t port) {
+ isc_result_t result;
+ int found = 0, count;
+
+ if (*host == '/') {
+ result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs],
+ host);
+ if (result == ISC_R_SUCCESS)
+ nserveraddrs++;
+ } else {
+ count = SERVERADDRS - nserveraddrs;
+ result = bind9_getaddresses(host, port,
+ &serveraddrs[nserveraddrs],
+ count, &found);
+ nserveraddrs += found;
+ }
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+ INSIST(nserveraddrs > 0);
+}
+
+static void
+rndc_senddone(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+
+ UNUSED(task);
+
+ sends--;
+ if (sevent->result != ISC_R_SUCCESS)
+ fatal("send failed: %s", isc_result_totext(sevent->result));
+ isc_event_free(&event);
+ if (sends == 0 && recvs == 0) {
+ isc_socket_detach(&sock);
+ isc_task_shutdown(task);
+ RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS);
+ }
+}
+
+static void
+rndc_recvdone(isc_task_t *task, isc_event_t *event) {
+ isccc_sexpr_t *response = NULL;
+ isccc_sexpr_t *data;
+ isccc_region_t source;
+ char *errormsg = NULL;
+ char *textmsg = NULL;
+ isc_result_t result;
+
+ recvs--;
+
+ if (ccmsg.result == ISC_R_EOF)
+ fatal("connection to remote host closed\n"
+ "This may indicate that\n"
+ "* the remote server is using an older version of"
+ " the command protocol,\n"
+ "* this host is not authorized to connect,\n"
+ "* the clocks are not syncronized, or\n"
+ "* the key is invalid.");
+
+ if (ccmsg.result != ISC_R_SUCCESS)
+ fatal("recv failed: %s", isc_result_totext(ccmsg.result));
+
+ source.rstart = isc_buffer_base(&ccmsg.buffer);
+ source.rend = isc_buffer_used(&ccmsg.buffer);
+
+ DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+ data = isccc_alist_lookup(response, "_data");
+ if (data == NULL)
+ fatal("no data section in response");
+ result = isccc_cc_lookupstring(data, "err", &errormsg);
+ if (result == ISC_R_SUCCESS) {
+ failed = ISC_TRUE;
+ fprintf(stderr, "%s: '%s' failed: %s\n",
+ progname, command, errormsg);
+ }
+ else if (result != ISC_R_NOTFOUND)
+ fprintf(stderr, "%s: parsing response failed: %s\n",
+ progname, isc_result_totext(result));
+
+ result = isccc_cc_lookupstring(data, "text", &textmsg);
+ if (result == ISC_R_SUCCESS)
+ printf("%s\n", textmsg);
+ else if (result != ISC_R_NOTFOUND)
+ fprintf(stderr, "%s: parsing response failed: %s\n",
+ progname, isc_result_totext(result));
+
+ isc_event_free(&event);
+ isccc_sexpr_free(&response);
+ if (sends == 0 && recvs == 0) {
+ isc_socket_detach(&sock);
+ isc_task_shutdown(task);
+ RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS);
+ }
+}
+
+static void
+rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
+ isccc_sexpr_t *response = NULL;
+ isccc_sexpr_t *_ctrl;
+ isccc_region_t source;
+ isc_result_t result;
+ isc_uint32_t nonce;
+ isccc_sexpr_t *request = NULL;
+ isccc_time_t now;
+ isc_region_t r;
+ isccc_sexpr_t *data;
+ isccc_region_t message;
+ isc_uint32_t len;
+ isc_buffer_t b;
+
+ recvs--;
+
+ if (ccmsg.result == ISC_R_EOF)
+ fatal("connection to remote host closed\n"
+ "This may indicate that\n"
+ "* the remote server is using an older version of"
+ " the command protocol,\n"
+ "* this host is not authorized to connect,\n"
+ "* the clocks are not syncronized, or\n"
+ "* the key is invalid.");
+
+ if (ccmsg.result != ISC_R_SUCCESS)
+ fatal("recv failed: %s", isc_result_totext(ccmsg.result));
+
+ source.rstart = isc_buffer_base(&ccmsg.buffer);
+ source.rend = isc_buffer_used(&ccmsg.buffer);
+
+ DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+ _ctrl = isccc_alist_lookup(response, "_ctrl");
+ if (_ctrl == NULL)
+ fatal("_ctrl section missing");
+ nonce = 0;
+ if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
+ nonce = 0;
+
+ isc_stdtime_get(&now);
+
+ DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
+ now, now + 60, &request));
+ data = isccc_alist_lookup(request, "_data");
+ if (data == NULL)
+ fatal("_data section missing");
+ if (isccc_cc_definestring(data, "type", args) == NULL)
+ fatal("out of memory");
+ if (nonce != 0) {
+ _ctrl = isccc_alist_lookup(request, "_ctrl");
+ if (_ctrl == NULL)
+ fatal("_ctrl section missing");
+ if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL)
+ fatal("out of memory");
+ }
+ message.rstart = databuf + 4;
+ message.rend = databuf + sizeof(databuf);
+ DO("render message", isccc_cc_towire(request, &message, &secret));
+ len = sizeof(databuf) - REGION_SIZE(message);
+ isc_buffer_init(&b, databuf, 4);
+ isc_buffer_putuint32(&b, len - 4);
+ r.length = len;
+ r.base = databuf;
+
+ isccc_ccmsg_cancelread(&ccmsg);
+ DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
+ rndc_recvdone, NULL));
+ recvs++;
+ DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
+ NULL));
+ sends++;
+
+ isc_event_free(&event);
+ isccc_sexpr_free(&response);
+ return;
+}
+
+static void
+rndc_connected(isc_task_t *task, isc_event_t *event) {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+ isccc_sexpr_t *request = NULL;
+ isccc_sexpr_t *data;
+ isccc_time_t now;
+ isccc_region_t message;
+ isc_region_t r;
+ isc_uint32_t len;
+ isc_buffer_t b;
+ isc_result_t result;
+
+ connects--;
+
+ if (sevent->result != ISC_R_SUCCESS) {
+ isc_sockaddr_format(&serveraddrs[currentaddr], socktext,
+ sizeof(socktext));
+ if (sevent->result != ISC_R_CANCELED &&
+ ++currentaddr < nserveraddrs)
+ {
+ notify("connection failed: %s: %s", socktext,
+ isc_result_totext(sevent->result));
+ isc_socket_detach(&sock);
+ isc_event_free(&event);
+ rndc_startconnect(&serveraddrs[currentaddr], task);
+ return;
+ } else
+ fatal("connect failed: %s: %s", socktext,
+ isc_result_totext(sevent->result));
+ }
+
+ isc_stdtime_get(&now);
+ DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
+ now, now + 60, &request));
+ data = isccc_alist_lookup(request, "_data");
+ if (data == NULL)
+ fatal("_data section missing");
+ if (isccc_cc_definestring(data, "type", "null") == NULL)
+ fatal("out of memory");
+ message.rstart = databuf + 4;
+ message.rend = databuf + sizeof(databuf);
+ DO("render message", isccc_cc_towire(request, &message, &secret));
+ len = sizeof(databuf) - REGION_SIZE(message);
+ isc_buffer_init(&b, databuf, 4);
+ isc_buffer_putuint32(&b, len - 4);
+ r.length = len;
+ r.base = databuf;
+
+ isccc_ccmsg_init(mctx, sock, &ccmsg);
+ isccc_ccmsg_setmaxsize(&ccmsg, 1024 * 1024);
+
+ DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
+ rndc_recvnonce, NULL));
+ recvs++;
+ DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
+ NULL));
+ sends++;
+ isc_event_free(&event);
+}
+
+static void
+rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
+ isc_result_t result;
+ int pf;
+ isc_sockettype_t type;
+
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(addr, socktext, sizeof(socktext));
+
+ notify("using server %s (%s)", servername, socktext);
+
+ pf = isc_sockaddr_pf(addr);
+ if (pf == AF_INET || pf == AF_INET6)
+ type = isc_sockettype_tcp;
+ else
+ type = isc_sockettype_unix;
+ DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
+ switch (isc_sockaddr_pf(addr)) {
+ case AF_INET:
+ DO("bind socket", isc_socket_bind(sock, &local4, 0));
+ break;
+ case AF_INET6:
+ DO("bind socket", isc_socket_bind(sock, &local6, 0));
+ break;
+ default:
+ break;
+ }
+ DO("connect", isc_socket_connect(sock, addr, task, rndc_connected,
+ NULL));
+ connects++;
+}
+
+static void
+rndc_start(isc_task_t *task, isc_event_t *event) {
+ isc_event_free(&event);
+
+ currentaddr = 0;
+ rndc_startconnect(&serveraddrs[currentaddr], task);
+}
+
+static void
+parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
+ cfg_parser_t **pctxp, cfg_obj_t **configp)
+{
+ isc_result_t result;
+ const char *conffile = admin_conffile;
+ const cfg_obj_t *addresses = NULL;
+ const cfg_obj_t *defkey = NULL;
+ const cfg_obj_t *options = NULL;
+ const cfg_obj_t *servers = NULL;
+ const cfg_obj_t *server = NULL;
+ const cfg_obj_t *keys = NULL;
+ const cfg_obj_t *key = NULL;
+ const cfg_obj_t *defport = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ const cfg_obj_t *algorithmobj = NULL;
+ cfg_obj_t *config = NULL;
+ const cfg_obj_t *address = NULL;
+ const cfg_listelt_t *elt;
+ const char *secretstr;
+ const char *algorithm;
+ static char secretarray[1024];
+ const cfg_type_t *conftype = &cfg_type_rndcconf;
+ isc_boolean_t key_only = ISC_FALSE;
+ const cfg_listelt_t *element;
+
+ if (! isc_file_exists(conffile)) {
+ conffile = admin_keyfile;
+ conftype = &cfg_type_rndckey;
+
+ if (! isc_file_exists(conffile))
+ fatal("neither %s nor %s was found",
+ admin_conffile, admin_keyfile);
+ key_only = ISC_TRUE;
+ }
+
+ DO("create parser", cfg_parser_create(mctx, log, pctxp));
+
+ /*
+ * The parser will output its own errors, so DO() is not used.
+ */
+ result = cfg_parse_file(*pctxp, conffile, conftype, &config);
+ if (result != ISC_R_SUCCESS)
+ fatal("could not load rndc configuration");
+
+ if (!key_only)
+ (void)cfg_map_get(config, "options", &options);
+
+ if (key_only && servername == NULL)
+ servername = "127.0.0.1";
+ else if (servername == NULL && options != NULL) {
+ const cfg_obj_t *defserverobj = NULL;
+ (void)cfg_map_get(options, "default-server", &defserverobj);
+ if (defserverobj != NULL)
+ servername = cfg_obj_asstring(defserverobj);
+ }
+
+ if (servername == NULL)
+ fatal("no server specified and no default");
+
+ if (!key_only) {
+ (void)cfg_map_get(config, "server", &servers);
+ if (servers != NULL) {
+ for (elt = cfg_list_first(servers);
+ elt != NULL;
+ elt = cfg_list_next(elt))
+ {
+ const char *name;
+ server = cfg_listelt_value(elt);
+ name = cfg_obj_asstring(cfg_map_getname(server));
+ if (strcasecmp(name, servername) == 0)
+ break;
+ server = NULL;
+ }
+ }
+ }
+
+ /*
+ * Look for the name of the key to use.
+ */
+ if (keyname != NULL)
+ ; /* Was set on command line, do nothing. */
+ else if (server != NULL) {
+ DO("get key for server", cfg_map_get(server, "key", &defkey));
+ keyname = cfg_obj_asstring(defkey);
+ } else if (options != NULL) {
+ DO("get default key", cfg_map_get(options, "default-key",
+ &defkey));
+ keyname = cfg_obj_asstring(defkey);
+ } else if (!key_only)
+ fatal("no key for server and no default");
+
+ /*
+ * Get the key's definition.
+ */
+ if (key_only)
+ DO("get key", cfg_map_get(config, "key", &key));
+ else {
+ DO("get config key list", cfg_map_get(config, "key", &keys));
+ for (elt = cfg_list_first(keys);
+ elt != NULL;
+ elt = cfg_list_next(elt))
+ {
+ key = cfg_listelt_value(elt);
+ if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)),
+ keyname) == 0)
+ break;
+ }
+ if (elt == NULL)
+ fatal("no key definition for name %s", keyname);
+ }
+ (void)cfg_map_get(key, "secret", &secretobj);
+ (void)cfg_map_get(key, "algorithm", &algorithmobj);
+ if (secretobj == NULL || algorithmobj == NULL)
+ fatal("key must have algorithm and secret");
+
+ secretstr = cfg_obj_asstring(secretobj);
+ algorithm = cfg_obj_asstring(algorithmobj);
+
+ if (strcasecmp(algorithm, "hmac-md5") != 0)
+ fatal("unsupported algorithm: %s", algorithm);
+
+ secret.rstart = (unsigned char *)secretarray;
+ secret.rend = (unsigned char *)secretarray + sizeof(secretarray);
+ DO("decode base64 secret", isccc_base64_decode(secretstr, &secret));
+ secret.rend = secret.rstart;
+ secret.rstart = (unsigned char *)secretarray;
+
+ /*
+ * Find the port to connect to.
+ */
+ if (remoteport != 0)
+ ; /* Was set on command line, do nothing. */
+ else {
+ if (server != NULL)
+ (void)cfg_map_get(server, "port", &defport);
+ if (defport == NULL && options != NULL)
+ (void)cfg_map_get(options, "default-port", &defport);
+ }
+ if (defport != NULL) {
+ remoteport = cfg_obj_asuint32(defport);
+ if (remoteport > 65535 || remoteport == 0)
+ fatal("port %u out of range", remoteport);
+ } else if (remoteport == 0)
+ remoteport = NS_CONTROL_PORT;
+
+ if (server != NULL)
+ result = cfg_map_get(server, "addresses", &addresses);
+ else
+ result = ISC_R_NOTFOUND;
+ if (result == ISC_R_SUCCESS) {
+ for (element = cfg_list_first(addresses);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ isc_sockaddr_t sa;
+
+ address = cfg_listelt_value(element);
+ if (!cfg_obj_issockaddr(address)) {
+ unsigned int myport;
+ const char *name;
+ const cfg_obj_t *obj;
+
+ obj = cfg_tuple_get(address, "name");
+ name = cfg_obj_asstring(obj);
+ obj = cfg_tuple_get(address, "port");
+ if (cfg_obj_isuint32(obj)) {
+ myport = cfg_obj_asuint32(obj);
+ if (myport > ISC_UINT16_MAX ||
+ myport == 0)
+ fatal("port %u out of range",
+ myport);
+ } else
+ myport = remoteport;
+ if (nserveraddrs < SERVERADDRS)
+ get_addresses(name, (in_port_t) myport);
+ else
+ fprintf(stderr, "too many address: "
+ "%s: dropped\n", name);
+ continue;
+ }
+ sa = *cfg_obj_assockaddr(address);
+ if (isc_sockaddr_getport(&sa) == 0)
+ isc_sockaddr_setport(&sa, remoteport);
+ if (nserveraddrs < SERVERADDRS)
+ serveraddrs[nserveraddrs++] = sa;
+ else {
+ char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+ isc_sockaddr_format(&sa, socktext,
+ sizeof(socktext));
+ fprintf(stderr,
+ "too many address: %s: dropped\n",
+ socktext);
+ }
+ }
+ }
+
+ if (!local4set && server != NULL) {
+ address = NULL;
+ cfg_map_get(server, "source-address", &address);
+ if (address != NULL) {
+ local4 = *cfg_obj_assockaddr(address);
+ local4set = ISC_TRUE;
+ }
+ }
+ if (!local4set && options != NULL) {
+ address = NULL;
+ cfg_map_get(options, "default-source-address", &address);
+ if (address != NULL) {
+ local4 = *cfg_obj_assockaddr(address);
+ local4set = ISC_TRUE;
+ }
+ }
+
+ if (!local6set && server != NULL) {
+ address = NULL;
+ cfg_map_get(server, "source-address-v6", &address);
+ if (address != NULL) {
+ local6 = *cfg_obj_assockaddr(address);
+ local6set = ISC_TRUE;
+ }
+ }
+ if (!local6set && options != NULL) {
+ address = NULL;
+ cfg_map_get(options, "default-source-address-v6", &address);
+ if (address != NULL) {
+ local6 = *cfg_obj_assockaddr(address);
+ local6set = ISC_TRUE;
+ }
+ }
+
+ *configp = config;
+}
+
+int
+main(int argc, char **argv) {
+ isc_boolean_t show_final_mem = ISC_FALSE;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_taskmgr_t *taskmgr = NULL;
+ isc_task_t *task = NULL;
+ isc_log_t *log = NULL;
+ isc_logconfig_t *logconfig = NULL;
+ isc_logdestination_t logdest;
+ cfg_parser_t *pctx = NULL;
+ cfg_obj_t *config = NULL;
+ const char *keyname = NULL;
+ struct in_addr in;
+ struct in6_addr in6;
+ char *p;
+ size_t argslen;
+ int ch;
+ int i;
+
+ result = isc_file_progname(*argv, program, sizeof(program));
+ if (result != ISC_R_SUCCESS)
+ memcpy(program, "rndc", 5);
+ progname = program;
+
+ admin_conffile = RNDC_CONFFILE;
+ admin_keyfile = RNDC_KEYFILE;
+
+ isc_sockaddr_any(&local4);
+ isc_sockaddr_any6(&local6);
+
+ result = isc_app_start();
+ if (result != ISC_R_SUCCESS)
+ fatal("isc_app_start() failed: %s", isc_result_totext(result));
+
+ isc_commandline_errprint = ISC_FALSE;
+
+ while ((ch = isc_commandline_parse(argc, argv, "b:c:hk:Mmp:s:Vy:"))
+ != -1) {
+ switch (ch) {
+ case 'b':
+ if (inet_pton(AF_INET, isc_commandline_argument,
+ &in) == 1) {
+ isc_sockaddr_fromin(&local4, &in, 0);
+ local4set = ISC_TRUE;
+ } else if (inet_pton(AF_INET6, isc_commandline_argument,
+ &in6) == 1) {
+ isc_sockaddr_fromin6(&local6, &in6, 0);
+ local6set = ISC_TRUE;
+ }
+ break;
+
+ case 'c':
+ admin_conffile = isc_commandline_argument;
+ break;
+
+ case 'k':
+ admin_keyfile = isc_commandline_argument;
+ break;
+
+ case 'M':
+ isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+ break;
+
+ case 'm':
+ show_final_mem = ISC_TRUE;
+ break;
+
+ case 'p':
+ remoteport = atoi(isc_commandline_argument);
+ if (remoteport > 65535 || remoteport == 0)
+ fatal("port '%s' out of range",
+ isc_commandline_argument);
+ break;
+
+ case 's':
+ servername = isc_commandline_argument;
+ break;
+
+ case 'V':
+ verbose = ISC_TRUE;
+ break;
+
+ case 'y':
+ keyname = isc_commandline_argument;
+ break;
+
+ case '?':
+ if (isc_commandline_option != '?') {
+ fprintf(stderr, "%s: invalid argument -%c\n",
+ program, isc_commandline_option);
+ usage(1);
+ }
+ case 'h':
+ usage(0);
+ break;
+ default:
+ fprintf(stderr, "%s: unhandled option -%c\n",
+ program, isc_commandline_option);
+ exit(1);
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc < 1)
+ usage(1);
+
+ isc_random_get(&serial);
+
+ DO("create memory context", isc_mem_create(0, 0, &mctx));
+ DO("create socket manager", isc_socketmgr_create(mctx, &socketmgr));
+ DO("create task manager", isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ DO("create task", isc_task_create(taskmgr, 0, &task));
+
+ DO("create logging context", isc_log_create(mctx, &log, &logconfig));
+ isc_log_setcontext(log);
+ DO("setting log tag", isc_log_settag(logconfig, progname));
+ logdest.file.stream = stderr;
+ logdest.file.name = NULL;
+ logdest.file.versions = ISC_LOG_ROLLNEVER;
+ logdest.file.maximum_size = 0;
+ DO("creating log channel",
+ isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
+ ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL));
+ DO("enabling log channel", isc_log_usechannel(logconfig, "stderr",
+ NULL, NULL));
+
+ parse_config(mctx, log, keyname, &pctx, &config);
+
+ isccc_result_register();
+
+ command = *argv;
+
+ /*
+ * Convert argc/argv into a space-delimited command string
+ * similar to what the user might enter in interactive mode
+ * (if that were implemented).
+ */
+ argslen = 0;
+ for (i = 0; i < argc; i++)
+ argslen += strlen(argv[i]) + 1;
+
+ args = isc_mem_get(mctx, argslen);
+ if (args == NULL)
+ DO("isc_mem_get", ISC_R_NOMEMORY);
+
+ p = args;
+ for (i = 0; i < argc; i++) {
+ size_t len = strlen(argv[i]);
+ memcpy(p, argv[i], len);
+ p += len;
+ *p++ = ' ';
+ }
+
+ p--;
+ *p++ = '\0';
+ INSIST(p == args + argslen);
+
+ notify("%s", command);
+
+ if (strcmp(command, "restart") == 0)
+ fatal("'%s' is not implemented", command);
+
+ if (nserveraddrs == 0)
+ get_addresses(servername, (in_port_t) remoteport);
+
+ DO("post event", isc_app_onrun(mctx, task, rndc_start, NULL));
+
+ result = isc_app_run();
+ if (result != ISC_R_SUCCESS)
+ fatal("isc_app_run() failed: %s", isc_result_totext(result));
+
+ if (connects > 0 || sends > 0 || recvs > 0)
+ isc_socket_cancel(sock, task, ISC_SOCKCANCEL_ALL);
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_log_destroy(&log);
+ isc_log_setcontext(NULL);
+
+ cfg_obj_destroy(pctx, &config);
+ cfg_parser_destroy(&pctx);
+
+ isc_mem_put(mctx, args, argslen);
+ isccc_ccmsg_invalidate(&ccmsg);
+
+ dns_name_destroy();
+
+ if (show_final_mem)
+ isc_mem_stats(mctx, stderr);
+
+ isc_mem_destroy(&mctx);
+
+ if (failed)
+ return (1);
+
+ return (0);
+}
diff --git a/bin/rndc/rndc.conf b/bin/rndc/rndc.conf
new file mode 100644
index 0000000..67542b9
--- /dev/null
+++ b/bin/rndc/rndc.conf
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */
+
+/*
+ * Sample rndc configuration file.
+ */
+
+options {
+ default-server localhost;
+ default-key "key";
+};
+
+server localhost {
+ key "key";
+};
+
+key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
+ algorithm hmac-md5;
+ secret "34f88008d07deabbe65bd01f1d233d47";
+};
+
+server "test1" {
+ key "cc64b3d1db63fc88d7cb5d2f9f57d258";
+ port 5353;
+ addresses { 10.53.0.1; };
+};
+
+key "key" {
+ algorithm hmac-md5;
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+};
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
new file mode 100644
index 0000000..9e9bad4
--- /dev/null
+++ b/bin/rndc/rndc.conf.5
@@ -0,0 +1,214 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc.conf.5,v 1.38 2007/05/09 13:35:57 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" Title: \fIrndc.conf\fR
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc.conf \- rndc configuration file
+.SH "SYNOPSIS"
+.HP 10
+\fBrndc.conf\fR
+.SH "DESCRIPTION"
+.PP
+\fIrndc.conf\fR
+is the configuration file for
+\fBrndc\fR, the BIND 9 name server control utility. This file has a similar structure and syntax to
+\fInamed.conf\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
+.PP
+C style: /* */
+.PP
+C++ style: // to end of line
+.PP
+Unix style: # to end of line
+.PP
+\fIrndc.conf\fR
+is much simpler than
+\fInamed.conf\fR. The file uses three statements: an options statement, a server statement and a key statement.
+.PP
+The
+\fBoptions\fR
+statement contains five clauses. The
+\fBdefault\-server\fR
+clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to
+\fBrndc\fR. The
+\fBdefault\-key\fR
+clause is followed by the name of a key which is identified by a
+\fBkey\fR
+statement. If no
+\fBkeyid\fR
+is provided on the rndc command line, and no
+\fBkey\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default key will be used to authenticate the server's commands and responses. The
+\fBdefault\-port\fR
+clause is followed by the port to connect to on the remote name server. If no
+\fBport\fR
+option is provided on the rndc command line, and no
+\fBport\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default port will be used to connect. The
+\fBdefault\-source\-address\fR
+and
+\fBdefault\-source\-address\-v6\fR
+clauses which can be used to set the IPv4 and IPv6 source addresses respectively.
+.PP
+After the
+\fBserver\fR
+keyword, the server statement includes a string which is the hostname or address for a name server. The statement has three possible clauses:
+\fBkey\fR,
+\fBport\fR
+and
+\fBaddresses\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. If an
+\fBaddresses\fR
+clause is supplied these addresses will be used instead of the server name. Each address can take an optional port. If an
+\fBsource\-address\fR
+or
+\fBsource\-address\-v6\fR
+of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively.
+.PP
+The
+\fBkey\fR
+statement begins with an identifying string, the name of the key. The statement has two clauses.
+\fBalgorithm\fR
+identifies the encryption algorithm for
+\fBrndc\fR
+to use; currently only HMAC\-MD5 is supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key. The base\-64 string is enclosed in double quotes.
+.PP
+There are two common ways to generate the base\-64 string for the secret. The BIND 9 program
+\fBrndc\-confgen\fR
+can be used to generate a random key, or the
+\fBmmencode\fR
+program, also known as
+\fBmimencode\fR, can be used to generate a base\-64 string from known input.
+\fBmmencode\fR
+does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
+.SH "EXAMPLE"
+.PP
+.RS 4
+.nf
+ options {
+ default\-server localhost;
+ default\-key samplekey;
+ };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+ server localhost {
+ key samplekey;
+ };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+ server testserver {
+ key testkey;
+ addresses { localhost port 5353; };
+ };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+ key samplekey {
+ algorithm hmac\-md5;
+ secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+ };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+ key testkey {
+ algorithm hmac\-md5;
+ secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
+ };
+.fi
+.RE
+.sp
+.PP
+In the above example,
+\fBrndc\fR
+will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes.
+.PP
+If
+\fBrndc \-s testserver\fR
+is used then
+\fBrndc\fR
+will connect to server on localhost port 5353 using the key testkey.
+.PP
+To generate a random secret with
+\fBrndc\-confgen\fR:
+.PP
+\fBrndc\-confgen\fR
+.PP
+A complete
+\fIrndc.conf\fR
+file, including the randomly generated key, will be written to the standard output. Commented\-out
+\fBkey\fR
+and
+\fBcontrols\fR
+statements for
+\fInamed.conf\fR
+are also printed.
+.PP
+To generate a base\-64 secret with
+\fBmmencode\fR:
+.PP
+\fBecho "known plaintext for a secret" | mmencode\fR
+.SH "NAME SERVER CONFIGURATION"
+.PP
+The name server must be configured to accept rndc connections and to recognize the key specified in the
+\fIrndc.conf\fR
+file, using the controls statement in
+\fInamed.conf\fR. See the sections on the
+\fBcontrols\fR
+statement in the BIND 9 Administrator Reference Manual for details.
+.SH "SEE ALSO"
+.PP
+\fBrndc\fR(8),
+\fBrndc\-confgen\fR(8),
+\fBmmencode\fR(1),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook
new file mode 100644
index 0000000..9de1995
--- /dev/null
+++ b/bin/rndc/rndc.conf.docbook
@@ -0,0 +1,252 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.conf.docbook,v 1.17 2007/06/18 23:47:25 tbox Exp $ -->
+<refentry id="man.rndc.conf">
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><filename>rndc.conf</filename></refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><filename>rndc.conf</filename></refname>
+ <refpurpose>rndc configuration file</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>rndc.conf</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><filename>rndc.conf</filename> is the configuration file
+ for <command>rndc</command>, the BIND 9 name server control
+ utility. This file has a similar structure and syntax to
+ <filename>named.conf</filename>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </para>
+ <para>
+ C style: /* */
+ </para>
+ <para>
+ C++ style: // to end of line
+ </para>
+ <para>
+ Unix style: # to end of line
+ </para>
+ <para><filename>rndc.conf</filename> is much simpler than
+ <filename>named.conf</filename>. The file uses three
+ statements: an options statement, a server statement
+ and a key statement.
+ </para>
+ <para>
+ The <option>options</option> statement contains five clauses.
+ The <option>default-server</option> clause is followed by the
+ name or address of a name server. This host will be used when
+ no name server is given as an argument to
+ <command>rndc</command>. The <option>default-key</option>
+ clause is followed by the name of a key which is identified by
+ a <option>key</option> statement. If no
+ <option>keyid</option> is provided on the rndc command line,
+ and no <option>key</option> clause is found in a matching
+ <option>server</option> statement, this default key will be
+ used to authenticate the server's commands and responses. The
+ <option>default-port</option> clause is followed by the port
+ to connect to on the remote name server. If no
+ <option>port</option> option is provided on the rndc command
+ line, and no <option>port</option> clause is found in a
+ matching <option>server</option> statement, this default port
+ will be used to connect.
+ The <option>default-source-address</option> and
+ <option>default-source-address-v6</option> clauses which
+ can be used to set the IPv4 and IPv6 source addresses
+ respectively.
+ </para>
+ <para>
+ After the <option>server</option> keyword, the server
+ statement includes a string which is the hostname or address
+ for a name server. The statement has three possible clauses:
+ <option>key</option>, <option>port</option> and
+ <option>addresses</option>. The key name must match the
+ name of a key statement in the file. The port number
+ specifies the port to connect to. If an <option>addresses</option>
+ clause is supplied these addresses will be used instead of
+ the server name. Each address can take an optional port.
+ If an <option>source-address</option> or <option>source-address-v6</option>
+ of supplied then these will be used to specify the IPv4 and IPv6
+ source addresses respectively.
+ </para>
+ <para>
+ The <option>key</option> statement begins with an identifying
+ string, the name of the key. The statement has two clauses.
+ <option>algorithm</option> identifies the encryption algorithm
+ for <command>rndc</command> to use; currently only HMAC-MD5
+ is
+ supported. This is followed by a secret clause which contains
+ the base-64 encoding of the algorithm's encryption key. The
+ base-64 string is enclosed in double quotes.
+ </para>
+ <para>
+ There are two common ways to generate the base-64 string for the
+ secret. The BIND 9 program <command>rndc-confgen</command>
+ can
+ be used to generate a random key, or the
+ <command>mmencode</command> program, also known as
+ <command>mimencode</command>, can be used to generate a
+ base-64
+ string from known input. <command>mmencode</command> does
+ not
+ ship with BIND 9 but is available on many systems. See the
+ EXAMPLE section for sample command lines for each.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLE</title>
+
+ <para><programlisting>
+ options {
+ default-server localhost;
+ default-key samplekey;
+ };
+</programlisting>
+ </para>
+ <para><programlisting>
+ server localhost {
+ key samplekey;
+ };
+</programlisting>
+ </para>
+ <para><programlisting>
+ server testserver {
+ key testkey;
+ addresses { localhost port 5353; };
+ };
+</programlisting>
+ </para>
+ <para><programlisting>
+ key samplekey {
+ algorithm hmac-md5;
+ secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+ };
+</programlisting>
+ </para>
+ <para><programlisting>
+ key testkey {
+ algorithm hmac-md5;
+ secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
+ };
+ </programlisting>
+ </para>
+
+ <para>
+ In the above example, <command>rndc</command> will by
+ default use
+ the server at localhost (127.0.0.1) and the key called samplekey.
+ Commands to the localhost server will use the samplekey key, which
+ must also be defined in the server's configuration file with the
+ same name and secret. The key statement indicates that samplekey
+ uses the HMAC-MD5 algorithm and its secret clause contains the
+ base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+ </para>
+ <para>
+ If <command>rndc -s testserver</command> is used then <command>rndc</command> will
+ connect to server on localhost port 5353 using the key testkey.
+ </para>
+ <para>
+ To generate a random secret with <command>rndc-confgen</command>:
+ </para>
+ <para><userinput>rndc-confgen</userinput>
+ </para>
+ <para>
+ A complete <filename>rndc.conf</filename> file, including
+ the
+ randomly generated key, will be written to the standard
+ output. Commented-out <option>key</option> and
+ <option>controls</option> statements for
+ <filename>named.conf</filename> are also printed.
+ </para>
+ <para>
+ To generate a base-64 secret with <command>mmencode</command>:
+ </para>
+ <para><userinput>echo "known plaintext for a secret" | mmencode</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>NAME SERVER CONFIGURATION</title>
+ <para>
+ The name server must be configured to accept rndc connections and
+ to recognize the key specified in the <filename>rndc.conf</filename>
+ file, using the controls statement in <filename>named.conf</filename>.
+ See the sections on the <option>controls</option> statement in the
+ BIND 9 Administrator Reference Manual for details.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>mmencode</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
new file mode 100644
index 0000000..144cd1c
--- /dev/null
+++ b/bin/rndc/rndc.conf.html
@@ -0,0 +1,217 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: rndc.conf.html,v 1.29 2007/05/09 13:35:57 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>rndc.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.rndc.conf"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">rndc.conf</code> &#8212; rndc configuration file</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543352"></a><h2>DESCRIPTION</h2>
+<p><code class="filename">rndc.conf</code> is the configuration file
+ for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
+ utility. This file has a similar structure and syntax to
+ <code class="filename">named.conf</code>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </p>
+<p>
+ C style: /* */
+ </p>
+<p>
+ C++ style: // to end of line
+ </p>
+<p>
+ Unix style: # to end of line
+ </p>
+<p><code class="filename">rndc.conf</code> is much simpler than
+ <code class="filename">named.conf</code>. The file uses three
+ statements: an options statement, a server statement
+ and a key statement.
+ </p>
+<p>
+ The <code class="option">options</code> statement contains five clauses.
+ The <code class="option">default-server</code> clause is followed by the
+ name or address of a name server. This host will be used when
+ no name server is given as an argument to
+ <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>
+ clause is followed by the name of a key which is identified by
+ a <code class="option">key</code> statement. If no
+ <code class="option">keyid</code> is provided on the rndc command line,
+ and no <code class="option">key</code> clause is found in a matching
+ <code class="option">server</code> statement, this default key will be
+ used to authenticate the server's commands and responses. The
+ <code class="option">default-port</code> clause is followed by the port
+ to connect to on the remote name server. If no
+ <code class="option">port</code> option is provided on the rndc command
+ line, and no <code class="option">port</code> clause is found in a
+ matching <code class="option">server</code> statement, this default port
+ will be used to connect.
+ The <code class="option">default-source-address</code> and
+ <code class="option">default-source-address-v6</code> clauses which
+ can be used to set the IPv4 and IPv6 source addresses
+ respectively.
+ </p>
+<p>
+ After the <code class="option">server</code> keyword, the server
+ statement includes a string which is the hostname or address
+ for a name server. The statement has three possible clauses:
+ <code class="option">key</code>, <code class="option">port</code> and
+ <code class="option">addresses</code>. The key name must match the
+ name of a key statement in the file. The port number
+ specifies the port to connect to. If an <code class="option">addresses</code>
+ clause is supplied these addresses will be used instead of
+ the server name. Each address can take an optional port.
+ If an <code class="option">source-address</code> or <code class="option">source-address-v6</code>
+ of supplied then these will be used to specify the IPv4 and IPv6
+ source addresses respectively.
+ </p>
+<p>
+ The <code class="option">key</code> statement begins with an identifying
+ string, the name of the key. The statement has two clauses.
+ <code class="option">algorithm</code> identifies the encryption algorithm
+ for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
+ is
+ supported. This is followed by a secret clause which contains
+ the base-64 encoding of the algorithm's encryption key. The
+ base-64 string is enclosed in double quotes.
+ </p>
+<p>
+ There are two common ways to generate the base-64 string for the
+ secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
+ can
+ be used to generate a random key, or the
+ <span><strong class="command">mmencode</strong></span> program, also known as
+ <span><strong class="command">mimencode</strong></span>, can be used to generate a
+ base-64
+ string from known input. <span><strong class="command">mmencode</strong></span> does
+ not
+ ship with BIND 9 but is available on many systems. See the
+ EXAMPLE section for sample command lines for each.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543500"></a><h2>EXAMPLE</h2>
+<pre class="programlisting">
+ options {
+ default-server localhost;
+ default-key samplekey;
+ };
+</pre>
+<p>
+ </p>
+<pre class="programlisting">
+ server localhost {
+ key samplekey;
+ };
+</pre>
+<p>
+ </p>
+<pre class="programlisting">
+ server testserver {
+ key testkey;
+ addresses { localhost port 5353; };
+ };
+</pre>
+<p>
+ </p>
+<pre class="programlisting">
+ key samplekey {
+ algorithm hmac-md5;
+ secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+ };
+</pre>
+<p>
+ </p>
+<pre class="programlisting">
+ key testkey {
+ algorithm hmac-md5;
+ secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
+ };
+ </pre>
+<p>
+ </p>
+<p>
+ In the above example, <span><strong class="command">rndc</strong></span> will by
+ default use
+ the server at localhost (127.0.0.1) and the key called samplekey.
+ Commands to the localhost server will use the samplekey key, which
+ must also be defined in the server's configuration file with the
+ same name and secret. The key statement indicates that samplekey
+ uses the HMAC-MD5 algorithm and its secret clause contains the
+ base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+ </p>
+<p>
+ If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will
+ connect to server on localhost port 5353 using the key testkey.
+ </p>
+<p>
+ To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:
+ </p>
+<p><strong class="userinput"><code>rndc-confgen</code></strong>
+ </p>
+<p>
+ A complete <code class="filename">rndc.conf</code> file, including
+ the
+ randomly generated key, will be written to the standard
+ output. Commented-out <code class="option">key</code> and
+ <code class="option">controls</code> statements for
+ <code class="filename">named.conf</code> are also printed.
+ </p>
+<p>
+ To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>:
+ </p>
+<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong>
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543592"></a><h2>NAME SERVER CONFIGURATION</h2>
+<p>
+ The name server must be configured to accept rndc connections and
+ to recognize the key specified in the <code class="filename">rndc.conf</code>
+ file, using the controls statement in <code class="filename">named.conf</code>.
+ See the sections on the <code class="option">controls</code> statement in the
+ BIND 9 Administrator Reference Manual for details.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543613"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543652"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
new file mode 100644
index 0000000..d407f2b
--- /dev/null
+++ b/bin/rndc/rndc.docbook
@@ -0,0 +1,253 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ -->
+<refentry id="man.rndc">
+ <refentryinfo>
+ <date>June 30, 2000</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><application>rndc</application></refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><application>rndc</application></refname>
+ <refpurpose>name server control utility</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2007</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <holder>Internet Software Consortium.</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>rndc</command>
+ <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
+ <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
+ <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
+ <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg><option>-V</option></arg>
+ <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
+ <arg choice="req">command</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><command>rndc</command>
+ controls the operation of a name
+ server. It supersedes the <command>ndc</command> utility
+ that was provided in old BIND releases. If
+ <command>rndc</command> is invoked with no command line
+ options or arguments, it prints a short summary of the
+ supported commands and the available options and their
+ arguments.
+ </para>
+ <para><command>rndc</command>
+ communicates with the name server
+ over a TCP connection, sending commands authenticated with
+ digital signatures. In the current versions of
+ <command>rndc</command> and <command>named</command>,
+ the only supported authentication algorithm is HMAC-MD5,
+ which uses a shared secret on each end of the connection.
+ This provides TSIG-style authentication for the command
+ request and the name server's response. All commands sent
+ over the channel must be signed by a key_id known to the
+ server.
+ </para>
+ <para><command>rndc</command>
+ reads a configuration file to
+ determine how to contact the name server and decide what
+ algorithm and key it should use.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-b <replaceable class="parameter">source-address</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">source-address</replaceable>
+ as the source address for the connection to the server.
+ Multiple instances are permitted to allow setting of both
+ the IPv4 and IPv6 source addresses.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable>
+ as the configuration file instead of the default,
+ <filename>/etc/rndc.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-k <replaceable class="parameter">key-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">key-file</replaceable>
+ as the key file instead of the default,
+ <filename>/etc/rndc.key</filename>. The key in
+ <filename>/etc/rndc.key</filename> will be used to
+ authenticate
+ commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
+ does not exist.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s <replaceable class="parameter">server</replaceable></term>
+ <listitem>
+ <para><replaceable class="parameter">server</replaceable> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <command>rndc</command>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the options statement of the <command>rndc</command>
+ configuration file will be used.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p <replaceable class="parameter">port</replaceable></term>
+ <listitem>
+ <para>
+ Send commands to TCP port
+ <replaceable class="parameter">port</replaceable>
+ instead
+ of BIND 9's default control channel port, 953.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-V</term>
+ <listitem>
+ <para>
+ Enable verbose logging.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-y <replaceable class="parameter">key_id</replaceable></term>
+ <listitem>
+ <para>
+ Use the key <replaceable class="parameter">key_id</replaceable>
+ from the configuration file.
+ <replaceable class="parameter">key_id</replaceable>
+ must be
+ known by named with the same algorithm and secret string
+ in order for control message validation to succeed.
+ If no <replaceable class="parameter">key_id</replaceable>
+ is specified, <command>rndc</command> will first look
+ for a key clause in the server statement of the server
+ being used, or if no server statement is present for that
+ host, then the default-key clause of the options statement.
+ Note that the configuration file contains shared secrets
+ which are used to send authenticated control commands
+ to name servers. It should therefore not have general read
+ or write access.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ <para>
+ For the complete set of commands supported by <command>rndc</command>,
+ see the BIND 9 Administrator Reference Manual or run
+ <command>rndc</command> without arguments to see its help
+ message.
+ </para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>LIMITATIONS</title>
+ <para><command>rndc</command>
+ does not yet support all the commands of
+ the BIND 8 <command>ndc</command> utility.
+ </para>
+ <para>
+ There is currently no way to provide the shared secret for a
+ <option>key_id</option> without using the configuration file.
+ </para>
+ <para>
+ Several error messages could be clearer.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para><corpauthor>Internet Systems Consortium</corpauthor>
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
new file mode 100644
index 0000000..a8d11c4
--- /dev/null
+++ b/bin/rndc/rndc.html
@@ -0,0 +1,165 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: rndc.html,v 1.31 2007/12/14 22:37:22 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>rndc</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.rndc"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">rndc</span> &#8212; name server control utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543413"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">rndc</strong></span>
+ controls the operation of a name
+ server. It supersedes the <span><strong class="command">ndc</strong></span> utility
+ that was provided in old BIND releases. If
+ <span><strong class="command">rndc</strong></span> is invoked with no command line
+ options or arguments, it prints a short summary of the
+ supported commands and the available options and their
+ arguments.
+ </p>
+<p><span><strong class="command">rndc</strong></span>
+ communicates with the name server
+ over a TCP connection, sending commands authenticated with
+ digital signatures. In the current versions of
+ <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
+ the only supported authentication algorithm is HMAC-MD5,
+ which uses a shared secret on each end of the connection.
+ This provides TSIG-style authentication for the command
+ request and the name server's response. All commands sent
+ over the channel must be signed by a key_id known to the
+ server.
+ </p>
+<p><span><strong class="command">rndc</strong></span>
+ reads a configuration file to
+ determine how to contact the name server and decide what
+ algorithm and key it should use.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543448"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>source-address</code></em>
+ as the source address for the connection to the server.
+ Multiple instances are permitted to allow setting of both
+ the IPv4 and IPv6 source addresses.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em>
+ as the configuration file instead of the default,
+ <code class="filename">/etc/rndc.conf</code>.
+ </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>key-file</code></em>
+ as the key file instead of the default,
+ <code class="filename">/etc/rndc.key</code>. The key in
+ <code class="filename">/etc/rndc.key</code> will be used to
+ authenticate
+ commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
+ does not exist.
+ </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
+<dd><p><em class="replaceable"><code>server</code></em> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <span><strong class="command">rndc</strong></span>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the options statement of the <span><strong class="command">rndc</strong></span>
+ configuration file will be used.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Send commands to TCP port
+ <em class="replaceable"><code>port</code></em>
+ instead
+ of BIND 9's default control channel port, 953.
+ </p></dd>
+<dt><span class="term">-V</span></dt>
+<dd><p>
+ Enable verbose logging.
+ </p></dd>
+<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
+<dd><p>
+ Use the key <em class="replaceable"><code>key_id</code></em>
+ from the configuration file.
+ <em class="replaceable"><code>key_id</code></em>
+ must be
+ known by named with the same algorithm and secret string
+ in order for control message validation to succeed.
+ If no <em class="replaceable"><code>key_id</code></em>
+ is specified, <span><strong class="command">rndc</strong></span> will first look
+ for a key clause in the server statement of the server
+ being used, or if no server statement is present for that
+ host, then the default-key clause of the options statement.
+ Note that the configuration file contains shared secrets
+ which are used to send authenticated control commands
+ to name servers. It should therefore not have general read
+ or write access.
+ </p></dd>
+</dl></div>
+<p>
+ For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
+ see the BIND 9 Administrator Reference Manual or run
+ <span><strong class="command">rndc</strong></span> without arguments to see its help
+ message.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543656"></a><h2>LIMITATIONS</h2>
+<p><span><strong class="command">rndc</strong></span>
+ does not yet support all the commands of
+ the BIND 8 <span><strong class="command">ndc</strong></span> utility.
+ </p>
+<p>
+ There is currently no way to provide the shared secret for a
+ <code class="option">key_id</code> without using the configuration file.
+ </p>
+<p>
+ Several error messages could be clearer.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543683"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
+ <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543738"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+ </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/rndc/unix/Makefile.in b/bin/rndc/unix/Makefile.in
new file mode 100644
index 0000000..31a0532
--- /dev/null
+++ b/bin/rndc/unix/Makefile.in
@@ -0,0 +1,36 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.5 2007/06/19 23:46:59 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
+ ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+OBJS = os.@O@
+
+SRCS = os.c
+
+TARGETS = ${OBJS}
+
+@BIND9_MAKE_RULES@
diff --git a/bin/rndc/unix/os.c b/bin/rndc/unix/os.c
new file mode 100644
index 0000000..ddf8259
--- /dev/null
+++ b/bin/rndc/unix/os.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.10 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <rndc/os.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <sys/stat.h>
+
+int
+set_user(FILE *fd, const char *user) {
+ struct passwd *pw;
+
+ pw = getpwnam(user);
+ if (pw == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+ return (fchown(fileno(fd), pw->pw_uid, -1));
+}
+
+FILE *
+safe_create(const char *filename) {
+ int fd;
+ FILE *f;
+ struct stat sb;
+ int flags = O_WRONLY;
+
+ if (stat(filename, &sb) == -1) {
+ if (errno != ENOENT)
+ return (NULL);
+ flags = O_WRONLY | O_CREAT | O_EXCL;
+ } else if ((sb.st_mode & S_IFREG) == 0) {
+ errno = EOPNOTSUPP;
+ return (NULL);
+ } else
+ flags = O_WRONLY | O_TRUNC;
+
+ fd = open(filename, flags, S_IRUSR | S_IWUSR);
+ if (fd == -1)
+ return (NULL);
+ f = fdopen(fd, "w");
+ if (f == NULL)
+ close(fd);
+ return (f);
+}
diff --git a/bin/rndc/util.c b/bin/rndc/util.c
new file mode 100644
index 0000000..c654462
--- /dev/null
+++ b/bin/rndc/util.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: util.c,v 1.7 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/boolean.h>
+
+#include "util.h"
+
+extern isc_boolean_t verbose;
+extern const char *progname;
+
+void
+notify(const char *fmt, ...) {
+ va_list ap;
+
+ if (verbose) {
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fputs("\n", stderr);
+ }
+}
+
+void
+fatal(const char *format, ...) {
+ va_list args;
+
+ fprintf(stderr, "%s: ", progname);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ exit(1);
+}
diff --git a/bin/rndc/util.h b/bin/rndc/util.h
new file mode 100644
index 0000000..7adcaa5
--- /dev/null
+++ b/bin/rndc/util.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: util.h,v 1.10 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef RNDC_UTIL_H
+#define RNDC_UTIL_H 1
+
+/*! \file */
+
+#include <isc/lang.h>
+
+#include <isc/formatcheck.h>
+
+#define NS_CONTROL_PORT 953
+
+#undef DO
+#define DO(name, function) \
+ do { \
+ result = function; \
+ if (result != ISC_R_SUCCESS) \
+ fatal("%s: %s", name, isc_result_totext(result)); \
+ else \
+ notify("%s", name); \
+ } while (0)
+
+ISC_LANG_BEGINDECLS
+
+void
+notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+ISC_LANG_ENDDECLS
+
+#endif /* RNDC_UTIL_H */
diff --git a/bin/rndc/win32/confgen.dsp b/bin/rndc/win32/confgen.dsp
new file mode 100644
index 0000000..3cdd722
--- /dev/null
+++ b/bin/rndc/win32/confgen.dsp
@@ -0,0 +1,111 @@
+# Microsoft Developer Studio Project File - Name="rndcconfgen" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=rndcconfgen - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "confgen.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "confgen.mak" CFG="rndcconfgen - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/util.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe"
+
+!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/util.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "rndcconfgen - Win32 Release"
+# Name "rndcconfgen - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\os.c
+# End Source File
+# Begin Source File
+
+SOURCE="..\rndc-confgen.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\util.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/rndc/win32/confgen.dsw b/bin/rndc/win32/confgen.dsw
new file mode 100644
index 0000000..1b1f888
--- /dev/null
+++ b/bin/rndc/win32/confgen.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "confgen"=".\confgen.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/rndc/win32/confgen.mak b/bin/rndc/win32/confgen.mak
new file mode 100644
index 0000000..02299e2
--- /dev/null
+++ b/bin/rndc/win32/confgen.mak
@@ -0,0 +1,313 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on confgen.dsp
+!IF "$(CFG)" == ""
+CFG=rndcconfgen - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to rndcconfgen - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "rndcconfgen - Win32 Release" && "$(CFG)" != "rndcconfgen - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "confgen.mak" CFG="rndcconfgen - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\rndc-confgen.exe"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\os.obj"
+ -@erase "$(INTDIR)\rndc-confgen.obj"
+ -@erase "$(INTDIR)\util.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\rndc-confgen.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\confgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\rndc-confgen.pdb" /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\rndc-confgen.obj" \
+ "$(INTDIR)\util.obj"
+
+"..\..\..\Build\Release\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\rndc-confgen.exe" "$(OUTDIR)\confgen.bsc"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\os.obj"
+ -@erase "$(INTDIR)\os.sbr"
+ -@erase "$(INTDIR)\rndc-confgen.obj"
+ -@erase "$(INTDIR)\rndc-confgen.sbr"
+ -@erase "$(INTDIR)\util.obj"
+ -@erase "$(INTDIR)\util.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\confgen.bsc"
+ -@erase "$(OUTDIR)\rndc-confgen.pdb"
+ -@erase "..\..\..\Build\Debug\rndc-confgen.exe"
+ -@erase "..\..\..\Build\Debug\rndc-confgen.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\os.sbr" \
+ "$(INTDIR)\rndc-confgen.sbr" \
+ "$(INTDIR)\util.sbr"
+
+"$(OUTDIR)\confgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\os.obj" \
+ "$(INTDIR)\rndc-confgen.obj" \
+ "$(INTDIR)\util.obj"
+
+"..\..\..\Build\Debug\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("confgen.dep")
+!INCLUDE "confgen.dep"
+!ELSE
+!MESSAGE Warning: cannot find "confgen.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release" || "$(CFG)" == "rndcconfgen - Win32 Debug"
+SOURCE=.\os.c
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release"
+
+
+"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+
+"$(INTDIR)\os.obj" "$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
+SOURCE="..\rndc-confgen.c"
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release"
+
+
+"$(INTDIR)\rndc-confgen.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+
+"$(INTDIR)\rndc-confgen.obj" "$(INTDIR)\rndc-confgen.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\util.c
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release"
+
+
+"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+
+"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/rndc/win32/os.c b/bin/rndc/win32/os.c
new file mode 100644
index 0000000..cf9d311
--- /dev/null
+++ b/bin/rndc/win32/os.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <rndc/os.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <io.h>
+#include <sys/stat.h>
+
+int
+set_user(FILE *fd, const char *user) {
+ return (0);
+}
+
+/*
+ * Note that the error code EOPNOTSUPP does not exist
+ * on win32 so we are forced to fall back to using
+ * ENOENT for now. WSAEOPNOTSUPP does exist but it
+ * should only be used for sockets.
+ */
+
+FILE *
+safe_create(const char *filename) {
+ int fd;
+ FILE *f;
+ struct stat sb;
+
+ if (stat(filename, &sb) == -1) {
+ if (errno != ENOENT)
+ return (NULL);
+ } else if ((sb.st_mode & S_IFREG) == 0) {
+ errno = ENOENT;
+ return (NULL);
+ }
+
+ fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+ if (fd == -1)
+ return (NULL);
+ f = fdopen(fd, "w");
+ if (f == NULL)
+ close(fd);
+ return (f);
+}
diff --git a/bin/rndc/win32/rndc.dsp b/bin/rndc/win32/rndc.dsp
new file mode 100644
index 0000000..ba153e4
--- /dev/null
+++ b/bin/rndc/win32/rndc.dsp
@@ -0,0 +1,107 @@
+# Microsoft Developer Studio Project File - Name="rndc" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=rndc - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "rndc.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "rndc.mak" CFG="rndc - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndc - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndc - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/util.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /profile /machine:I386 /out:"../../../Build/Release/rndc.exe"
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/util.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/rndc.exe" /pdbtype:sept
+
+!ENDIF
+
+# Begin Target
+
+# Name "rndc - Win32 Release"
+# Name "rndc - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\rndc.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\util.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/rndc/win32/rndc.dsw b/bin/rndc/win32/rndc.dsw
new file mode 100644
index 0000000..97d3e43
--- /dev/null
+++ b/bin/rndc/win32/rndc.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "rndc"=".\rndc.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/rndc/win32/rndc.mak b/bin/rndc/win32/rndc.mak
new file mode 100644
index 0000000..8220048
--- /dev/null
+++ b/bin/rndc/win32/rndc.mak
@@ -0,0 +1,425 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on rndc.dsp
+!IF "$(CFG)" == ""
+CFG=rndc - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to rndc - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "rndc - Win32 Release" && "$(CFG)" != "rndc - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "rndc.mak" CFG="rndc - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndc - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndc - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Release\rndc.exe"
+
+!ELSE
+
+ALL : "libbind9 - Win32 Release" "libisccfg - Win32 Release" "libisccc - Win32 Release" "libisc - Win32 Release" "..\..\..\Build\Release\rndc.exe"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libisc - Win32 ReleaseCLEAN" "libisccc - Win32 ReleaseCLEAN" "libisccfg - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\rndc.obj"
+ -@erase "$(INTDIR)\util.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "..\..\..\Build\Release\rndc.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\rndc.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\rndc.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /profile /machine:I386 /out:"../../../Build/Release/rndc.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\rndc.obj" \
+ "$(INTDIR)\util.obj" \
+ "..\..\..\lib\isc\win32\Release\libisc.lib" \
+ "..\..\..\lib\isccc\win32\Release\libisccc.lib" \
+ "..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
+ "..\..\..\lib\bind9\win32\Release\libbind9.lib"
+
+"..\..\..\Build\Release\rndc.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0"
+
+ALL : "..\..\..\Build\Debug\rndc.exe" "$(OUTDIR)\rndc.bsc"
+
+!ELSE
+
+ALL : "libbind9 - Win32 Debug" "libisccfg - Win32 Debug" "libisccc - Win32 Debug" "libisc - Win32 Debug" "..\..\..\Build\Debug\rndc.exe" "$(OUTDIR)\rndc.bsc"
+
+!ENDIF
+
+!IF "$(RECURSE)" == "1"
+CLEAN :"libisc - Win32 DebugCLEAN" "libisccc - Win32 DebugCLEAN" "libisccfg - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN"
+!ELSE
+CLEAN :
+!ENDIF
+ -@erase "$(INTDIR)\rndc.obj"
+ -@erase "$(INTDIR)\rndc.sbr"
+ -@erase "$(INTDIR)\util.obj"
+ -@erase "$(INTDIR)\util.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(OUTDIR)\rndc.bsc"
+ -@erase "$(OUTDIR)\rndc.pdb"
+ -@erase "..\..\..\Build\Debug\rndc.exe"
+ -@erase "..\..\..\Build\Debug\rndc.ilk"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\rndc.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\rndc.sbr" \
+ "$(INTDIR)\util.sbr"
+
+"$(OUTDIR)\rndc.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc.pdb" /debug /machine:I386 /out:"../../../Build/Debug/rndc.exe" /pdbtype:sept
+LINK32_OBJS= \
+ "$(INTDIR)\rndc.obj" \
+ "$(INTDIR)\util.obj" \
+ "..\..\..\lib\isc\win32\Debug\libisc.lib" \
+ "..\..\..\lib\isccc\win32\Debug\libisccc.lib" \
+ "..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
+ "..\..\..\lib\bind9\win32\Debug\libbind9.lib"
+
+"..\..\..\Build\Debug\rndc.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("rndc.dep")
+!INCLUDE "rndc.dep"
+!ELSE
+!MESSAGE Warning: cannot find "rndc.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "rndc - Win32 Release" || "$(CFG)" == "rndc - Win32 Debug"
+SOURCE=..\rndc.c
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+
+"$(INTDIR)\rndc.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+
+"$(INTDIR)\rndc.obj" "$(INTDIR)\rndc.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+SOURCE=..\util.c
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+
+"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+
+"$(INTDIR)\util.obj" "$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+"libisc - Win32 Release" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
+ cd "..\..\..\bin\rndc\win32"
+
+"libisc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+"libisc - Win32 Debug" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
+ cd "..\..\..\bin\rndc\win32"
+
+"libisc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+"libisccc - Win32 Release" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Release"
+ cd "..\..\..\bin\rndc\win32"
+
+"libisccc - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+"libisccc - Win32 Debug" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Debug"
+ cd "..\..\..\bin\rndc\win32"
+
+"libisccc - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isccc\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+"libisccfg - Win32 Release" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release"
+ cd "..\..\..\bin\rndc\win32"
+
+"libisccfg - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+"libisccfg - Win32 Debug" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug"
+ cd "..\..\..\bin\rndc\win32"
+
+"libisccfg - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\isccfg\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ENDIF
+
+!IF "$(CFG)" == "rndc - Win32 Release"
+
+"libbind9 - Win32 Release" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
+ cd "..\..\..\bin\rndc\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF "$(CFG)" == "rndc - Win32 Debug"
+
+"libbind9 - Win32 Debug" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
+ cd "..\..\..\bin\rndc\win32"
+
+"libbind9 - Win32 DebugCLEAN" :
+ cd "..\..\..\lib\bind9\win32"
+ $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
+ cd "..\..\..\bin\rndc\win32"
+
+!ENDIF
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/rndc/win32/rndcutil.dsp b/bin/rndc/win32/rndcutil.dsp
new file mode 100644
index 0000000..8827e09
--- /dev/null
+++ b/bin/rndc/win32/rndcutil.dsp
@@ -0,0 +1,119 @@
+# Microsoft Developer Studio Project File - Name="rndcutil" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=rndcutil - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "rndcutil.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "rndcutil.mak" CFG="rndcutil - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "rndcutil - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "rndcutil - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "rndcutil - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdutil
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /out:"Release/util.lib"
+LIB32=lib.exe
+# ADD BASE LIB32
+# ADD LIB32 /out:"Release/util.lib"
+
+!ELSEIF "$(CFG)" == "rndcutil - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdutil
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32
+# ADD LINK32 /debug /out:"Debug/util.lib"
+LIB32=lib.exe
+# ADD BASE LIB32
+# ADD LIB32 /out:"Debug/util.lib"
+
+!ENDIF
+
+# Begin Target
+
+# Name "rndcutil - Win32 Release"
+# Name "rndcutil - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\util.c
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/bin/rndc/win32/rndcutil.dsw b/bin/rndc/win32/rndcutil.dsw
new file mode 100644
index 0000000..c6d981a
--- /dev/null
+++ b/bin/rndc/win32/rndcutil.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "rndcutil"=".\rndcutil.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/tests/Kchild.example.+003+04017.key b/bin/tests/Kchild.example.+003+04017.key
new file mode 100644
index 0000000..9f5cbac
--- /dev/null
+++ b/bin/tests/Kchild.example.+003+04017.key
@@ -0,0 +1 @@
+child.example. IN KEY 256 3 3 ALeiYGFXbil6PgHnkm5ZE67ygEVDvGT/gqZmLH7tGboofcPSfyhh1hpw dxZgJ26d/gynWMGVSYzaXfzsxpPoNeYn+qeevQoJOaxXXlfcy8Ik52Rm eW0J9mWlf9hsD7ShIhh1+0kRYGCOCaU25wIe3SLVkN3HgqiCBDYnBY0u nMkqRadiUnoEa3Tcvc9kJx9r9gDstR2A9A5sBhFLI/XQ0gViHHLVpQ4x hz+rTLb/xrBoAb5sQJT3xUjhhdNo9HuL6kwdLdSu//PCl1QnY9NpYPVV SKUo
diff --git a/bin/tests/Kchild.example.+003+04017.private b/bin/tests/Kchild.example.+003+04017.private
new file mode 100644
index 0000000..176ff98
--- /dev/null
+++ b/bin/tests/Kchild.example.+003+04017.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): vGT/gqZmLH7tGboofcPSfyhh1hpwdxZgJ26d/gynWMGVSYzaXfzsxpPoNeYn+qeevQoJOaxXXlfcy8Ik52RmeQ==
+Subprime(q): t6JgYVduKXo+AeeSblkTrvKARUM=
+Base(g): bQn2ZaV/2GwPtKEiGHX7SRFgYI4JpTbnAh7dItWQ3ceCqIIENicFjS6cySpFp2JSegRrdNy9z2QnH2v2AOy1HQ==
+Private_value(x): J1Ctez8+w1PTR56Hze3pGoe0Wag=
+Public_value(y): gPQObAYRSyP10NIFYhxy1aUOMYc/q0y2/8awaAG+bECU98VI4YXTaPR7i+pMHS3Urv/zwpdUJ2PTaWD1VUilKA==
diff --git a/bin/tests/Makefile.in b/bin/tests/Makefile.in
new file mode 100644
index 0000000..93b63f1
--- /dev/null
+++ b/bin/tests/Makefile.in
@@ -0,0 +1,306 @@
+# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.131 2008/09/25 04:02:38 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
+ ${LWRES_INCLUDES} ${OMAPI_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../lib/isc/libisc.@A@
+ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
+LWRESLIBS = ../../lib/lwres/liblwres.@A@
+
+DNSDEPLIBS = ../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
+LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
+
+LIBS = @LIBS@
+
+SUBDIRS = db dst master mem names net rbt sockaddr tasks timers system
+
+# A few of the test programs are built by default:
+# cfg_test is needed for regenerating doc/misc/options;
+# genrandom is needed by the system tests
+
+# Alphabetically
+TARGETS = cfg_test@EXEEXT@ \
+ genrandom@EXEEXT@
+
+# All the other tests are optional and not built by default.
+
+# Alphabetically
+XTARGETS = adb_test@EXEEXT@ \
+ byaddr_test@EXEEXT@ \
+ byname_test@EXEEXT@ \
+ compress_test@EXEEXT@ \
+ db_test@EXEEXT@ \
+ entropy_test@EXEEXT@ \
+ entropy2_test@EXEEXT@ \
+ gxba_test@EXEEXT@ \
+ gxbn_test@EXEEXT@ \
+ hash_test@EXEEXT@ \
+ nsec3hash@EXEEXT@ \
+ fsaccess_test@EXEEXT@ \
+ inter_test@EXEEXT@ \
+ journalprint@EXEEXT@ \
+ keyboard_test@EXEEXT@ \
+ lex_test@EXEEXT@ \
+ lfsr_test@EXEEXT@ \
+ log_test@EXEEXT@ \
+ lwres_test@EXEEXT@ \
+ lwresconf_test@EXEEXT@ \
+ master_test@EXEEXT@ \
+ mempool_test@EXEEXT@ \
+ name_test@EXEEXT@ \
+ nsecify@EXEEXT@ \
+ ratelimiter_test@EXEEXT@ \
+ rbt_test@EXEEXT@ \
+ rdata_test@EXEEXT@ \
+ rwlock_test@EXEEXT@ \
+ serial_test@EXEEXT@ \
+ shutdown_test@EXEEXT@ \
+ sig0_test@EXEEXT@ \
+ sock_test@EXEEXT@ \
+ sym_test@EXEEXT@ \
+ task_test@EXEEXT@ \
+ timer_test@EXEEXT@ \
+ wire_test@EXEEXT@ \
+ zone_test@EXEEXT@
+
+# Alphabetically
+SRCS = cfg_test.c genrandom.c ${XSRCS}
+
+XSRCS = adb_test.c \
+ byaddr_test.c \
+ byname_test.c \
+ compress_test.c \
+ db_test.c \
+ entropy_test.c \
+ entropy2_test.c \
+ gxba_test.c \
+ gxbn_test.c \
+ hash_test.c \
+ fsaccess_test.c \
+ inter_test.c \
+ journalprint.c \
+ keyboard_test.c \
+ lex_test.c \
+ lfsr_test.c \
+ log_test.c \
+ lwres_test.c \
+ lwresconf_test.c \
+ master_test.c \
+ mempool_test.c \
+ name_test.c \
+ nsecify.c \
+ printmsg.c \
+ ratelimiter_test.c \
+ rbt_test.c \
+ rdata_test.c \
+ rwlock_test.c \
+ serial_test.c \
+ shutdown_test.c \
+ sig0_test.c \
+ sock_test.c \
+ sym_test.c \
+ task_test.c \
+ timer_test.c \
+ wire_test.c \
+ zone_test.c
+
+@BIND9_MAKE_RULES@
+
+all_tests: ${XTARGETS}
+
+genrandom@EXEEXT@: genrandom.@O@
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ genrandom.@O@ @GENRANDOMLIB@ ${LIBS}
+
+adb_test@EXEEXT@: adb_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ adb_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+nsecify@EXEEXT@: nsecify.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nsecify.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+byaddr_test@EXEEXT@: byaddr_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ byaddr_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+byname_test@EXEEXT@: byname_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ byname_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+lex_test@EXEEXT@: lex_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ lex_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+lfsr_test@EXEEXT@: lfsr_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ lfsr_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+log_test@EXEEXT@: log_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ log_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+name_test@EXEEXT@: name_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ name_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+hash_test@EXEEXT@: hash_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ hash_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+entropy_test@EXEEXT@: entropy_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+entropy2_test@EXEEXT@: entropy2_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy2_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+sock_test@EXEEXT@: sock_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ sock_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+sym_test@EXEEXT@: sym_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ sym_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+task_test@EXEEXT@: task_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ task_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+shutdown_test@EXEEXT@: shutdown_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ shutdown_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+timer_test@EXEEXT@: timer_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ timer_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+ratelimiter_test@EXEEXT@: ratelimiter_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ratelimiter_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rbt_test@EXEEXT@: rbt_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rbt_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rdata_test@EXEEXT@: rdata_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rdata_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rwlock_test@EXEEXT@: rwlock_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rwlock_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+wire_test@EXEEXT@: wire_test.@O@ printmsg.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ wire_test.@O@ printmsg.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+master_test@EXEEXT@: master_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ master_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+db_test@EXEEXT@: db_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ db_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+compress_test@EXEEXT@: compress_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ compress_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+mempool_test@EXEEXT@: mempool_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ mempool_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+serial_test@EXEEXT@: serial_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ serial_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+zone_test@EXEEXT@: zone_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+fsaccess_test@EXEEXT@: fsaccess_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ fsaccess_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+inter_test@EXEEXT@: inter_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ inter_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+keyboard_test@EXEEXT@: keyboard_test.@O@ ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ keyboard_test.@O@ \
+ ${ISCLIBS} ${LIBS}
+
+lwresconf_test@EXEEXT@: lwresconf_test.@O@ ${ISCDEPLIBS} ${LWRESDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ lwresconf_test.@O@ \
+ ${LWRESLIBS} ${ISCLIBS} ${LIBS}
+
+lwres_test@EXEEXT@: lwres_test.@O@ ${ISCDEPLIBS} ${LWRESDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ lwres_test.@O@ \
+ ${LWRESLIBS} ${ISCLIBS} ${LIBS}
+
+gxbn_test@EXEEXT@: gxbn_test.@O@ ${LWRESDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ gxbn_test.@O@ \
+ ${LWRESLIBS} ${ISCLIBS} ${LIBS}
+
+gxba_test@EXEEXT@: gxba_test.@O@ ${LWRESDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ gxba_test.@O@ \
+ ${LWRESLIBS} ${ISCLIBS} ${LIBS}
+
+sig0_test@EXEEXT@: sig0_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ sig0_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+journalprint@EXEEXT@: journalprint.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ journalprint.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+cfg_test@EXEEXT@: cfg_test.@O@ ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ cfg_test.@O@ \
+ ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+nsec3hash@EXEEXT@: nsec3hash.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nsec3hash.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+distclean::
+ rm -f headerdep_test.sh
+
+clean distclean::
+ rm -f ${TARGETS} ${XTARGETS}
+ rm -f t_journal
+
+check: test
+
+test:
+ @for dir in $(SUBDIRS) ;\
+ do \
+ ( cd $$dir; $(MAKE) test ) ;\
+ done
diff --git a/bin/tests/adb_test.c b/bin/tests/adb_test.c
new file mode 100644
index 0000000..2ef812d
--- /dev/null
+++ b/bin/tests/adb_test.c
@@ -0,0 +1,436 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: adb_test.c,v 1.68 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/cache.h>
+#include <dns/dispatch.h>
+#include <dns/db.h>
+#include <dns/log.h>
+#include <dns/rootns.h>
+#include <dns/result.h>
+
+typedef struct client client_t;
+struct client {
+ dns_name_t name;
+ const char *target;
+ ISC_LINK(client_t) link;
+ dns_adbfind_t *find;
+};
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+static isc_mempool_t *cmp;
+static isc_log_t *lctx;
+static isc_logconfig_t *lcfg;
+static isc_taskmgr_t *taskmgr;
+static isc_socketmgr_t *socketmgr;
+static isc_timermgr_t *timermgr;
+static dns_dispatchmgr_t *dispatchmgr;
+static isc_task_t *t1, *t2;
+static dns_view_t *view;
+static dns_db_t *rootdb;
+static ISC_LIST(client_t) clients;
+static isc_mutex_t client_lock;
+static isc_stdtime_t now;
+static dns_adb_t *adb;
+
+static void
+check_result(isc_result_t result, const char *format, ...)
+ ISC_FORMAT_PRINTF(2, 3);
+
+static void
+check_result(isc_result_t result, const char *format, ...) {
+ va_list args;
+
+ if (result == ISC_R_SUCCESS)
+ return;
+
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, ": %s\n", isc_result_totext(result));
+ exit(1);
+}
+
+static client_t *
+new_client(void) {
+ client_t *client;
+
+ client = isc_mempool_get(cmp);
+ INSIST(client != NULL);
+ dns_name_init(&client->name, NULL);
+ ISC_LINK_INIT(client, link);
+ client->find = NULL;
+
+ return (client);
+}
+
+static void
+free_client(client_t **c) {
+ client_t *client;
+
+ INSIST(c != NULL);
+ client = *c;
+ *c = NULL;
+ INSIST(client != NULL);
+ dns_name_free(&client->name, mctx);
+ INSIST(!ISC_LINK_LINKED(client, link));
+ INSIST(client->find == NULL);
+
+ isc_mempool_put(cmp, client);
+}
+
+static inline void
+CLOCK(void) {
+ RUNTIME_CHECK(isc_mutex_lock(&client_lock) == ISC_R_SUCCESS);
+}
+
+static inline void
+CUNLOCK(void) {
+ RUNTIME_CHECK(isc_mutex_unlock(&client_lock) == ISC_R_SUCCESS);
+}
+
+static void
+lookup_callback(isc_task_t *task, isc_event_t *ev) {
+ client_t *client;
+
+ client = ev->ev_arg;
+ INSIST(client->find == ev->ev_sender);
+
+ printf("NAME %s:\n\tTask %p got event %p type %08x from %p, client %p\n\terr4: %s err6: %s\n",
+ client->target,
+ task, ev, ev->ev_type, client->find, client,
+ isc_result_totext(client->find->result_v4),
+ isc_result_totext(client->find->result_v6));
+
+ isc_event_free(&ev);
+ ev = NULL;
+
+ CLOCK();
+
+ dns_adb_dumpfind(client->find, stderr);
+ dns_adb_destroyfind(&client->find);
+
+ ISC_LIST_UNLINK(clients, client, link);
+ free_client(&client);
+
+ CUNLOCK();
+}
+
+static void
+create_managers(void) {
+ isc_result_t result;
+
+ taskmgr = NULL;
+ result = isc_taskmgr_create(mctx, 5, 0, &taskmgr);
+ check_result(result, "isc_taskmgr_create");
+
+ timermgr = NULL;
+ result = isc_timermgr_create(mctx, &timermgr);
+ check_result(result, "isc_timermgr_create");
+
+ socketmgr = NULL;
+ result = isc_socketmgr_create(mctx, &socketmgr);
+ check_result(result, "isc_socketmgr_create");
+
+ dispatchmgr = NULL;
+ result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+ check_result(result, "dns_dispatchmgr_create");
+}
+
+static void
+create_view(void) {
+ dns_cache_t *cache;
+ isc_result_t result;
+
+ /*
+ * View.
+ */
+ view = NULL;
+ result = dns_view_create(mctx, dns_rdataclass_in, "_default", &view);
+ check_result(result, "dns_view_create");
+
+ /*
+ * Cache.
+ */
+ cache = NULL;
+ result = dns_cache_create(mctx, taskmgr, timermgr, dns_rdataclass_in,
+ "rbt", 0, NULL, &cache);
+ check_result(result, "dns_cache_create");
+ dns_view_setcache(view, cache);
+ dns_cache_detach(&cache);
+
+ {
+ unsigned int attrs;
+ isc_sockaddr_t any4, any6;
+ dns_dispatch_t *disp4 = NULL;
+ dns_dispatch_t *disp6 = NULL;
+
+ isc_sockaddr_any(&any4);
+ isc_sockaddr_any6(&any6);
+
+ attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+ RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr, socketmgr,
+ taskmgr, &any4, 512, 6, 1024,
+ 17, 19, attrs, attrs, &disp4)
+ == ISC_R_SUCCESS);
+ INSIST(disp4 != NULL);
+
+ attrs = DNS_DISPATCHATTR_IPV6 | DNS_DISPATCHATTR_UDP;
+ RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr, socketmgr,
+ taskmgr, &any6, 512, 6, 1024,
+ 17, 19, attrs, attrs, &disp6)
+ == ISC_R_SUCCESS);
+ INSIST(disp6 != NULL);
+
+ RUNTIME_CHECK(dns_view_createresolver(view, taskmgr, 10,
+ socketmgr,
+ timermgr, 0,
+ dispatchmgr,
+ disp4, disp6) ==
+ ISC_R_SUCCESS);
+ }
+
+ rootdb = NULL;
+ result = dns_rootns_create(mctx, dns_rdataclass_in, NULL, &rootdb);
+ check_result(result, "dns_rootns_create()");
+ dns_view_sethints(view, rootdb);
+ dns_db_detach(&rootdb);
+
+ dns_view_freeze(view);
+}
+
+static void
+lookup(const char *target) {
+ dns_name_t name;
+ unsigned char namedata[256];
+ client_t *client;
+ isc_buffer_t t, namebuf;
+ isc_result_t result;
+ unsigned int options;
+
+ INSIST(target != NULL);
+
+ client = new_client();
+ isc_buffer_init(&t, target, strlen(target));
+ isc_buffer_add(&t, strlen(target));
+ isc_buffer_init(&namebuf, namedata, sizeof(namedata));
+ dns_name_init(&name, NULL);
+ result = dns_name_fromtext(&name, &t, dns_rootname, ISC_FALSE,
+ &namebuf);
+ check_result(result, "dns_name_fromtext %s", target);
+
+ result = dns_name_dup(&name, mctx, &client->name);
+ check_result(result, "dns_name_dup %s", target);
+
+ options = 0;
+ options |= DNS_ADBFIND_INET;
+ options |= DNS_ADBFIND_INET6;
+ options |= DNS_ADBFIND_WANTEVENT;
+ options |= DNS_ADBFIND_HINTOK;
+ options |= DNS_ADBFIND_GLUEOK;
+ result = dns_adb_createfind(adb, t2, lookup_callback, client,
+ &client->name, dns_rootname, 0, options,
+ now, NULL, view->dstport, &client->find);
+#if 0
+ check_result(result, "dns_adb_createfind()");
+#endif
+ dns_adb_dumpfind(client->find, stderr);
+
+ if ((client->find->options & DNS_ADBFIND_WANTEVENT) != 0) {
+ client->target = target;
+ ISC_LIST_APPEND(clients, client, link);
+ } else {
+ printf("NAME %s: err4 %s, err6 %s\n",
+ target, isc_result_totext(client->find->result_v4),
+ isc_result_totext(client->find->result_v6));
+
+ dns_adb_destroyfind(&client->find);
+ free_client(&client);
+ }
+}
+
+int
+main(int argc, char **argv) {
+ isc_result_t result;
+ isc_logdestination_t destination;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ dns_result_register();
+ result = isc_app_start();
+ check_result(result, "isc_app_start()");
+
+ isc_stdtime_get(&now);
+
+ result = isc_mutex_init(&client_lock);
+ check_result(result, "isc_mutex_init(&client_lock)");
+ ISC_LIST_INIT(clients);
+
+ /*
+ * EVERYTHING needs a memory context.
+ */
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ cmp = NULL;
+ RUNTIME_CHECK(isc_mempool_create(mctx, sizeof(client_t), &cmp)
+ == ISC_R_SUCCESS);
+ isc_mempool_setname(cmp, "adb test clients");
+
+ result = isc_entropy_create(mctx, &ectx);
+ check_result(result, "isc_entropy_create()");
+ result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ check_result(result, "isc_hash_create()");
+
+ result = isc_log_create(mctx, &lctx, &lcfg);
+ check_result(result, "isc_log_create()");
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+
+ /*
+ * Create and install the default channel.
+ */
+ destination.file.stream = stderr;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ result = isc_log_createchannel(lcfg, "_default",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, ISC_LOG_PRINTTIME);
+ check_result(result, "isc_log_createchannel()");
+ result = isc_log_usechannel(lcfg, "_default", NULL, NULL);
+ check_result(result, "isc_log_usechannel()");
+
+ /*
+ * Set the initial debug level.
+ */
+ isc_log_setdebuglevel(lctx, 2);
+
+ create_managers();
+
+ t1 = NULL;
+ result = isc_task_create(taskmgr, 0, &t1);
+ check_result(result, "isc_task_create t1");
+ t2 = NULL;
+ result = isc_task_create(taskmgr, 0, &t2);
+ check_result(result, "isc_task_create t2");
+
+ printf("task 1 = %p\n", t1);
+ printf("task 2 = %p\n", t2);
+
+ create_view();
+
+ adb = view->adb;
+
+ /*
+ * Lock the entire client list here. This will cause all events
+ * for found names to block as well.
+ */
+ CLOCK();
+ lookup("f.root-servers.net."); /* Should be in hints */
+ lookup("www.iengines.com"); /* should fetch */
+ lookup("www.isc.org"); /* should fetch */
+ lookup("www.flame.org"); /* should fetch */
+ lookup("kechara.flame.org."); /* should fetch */
+ lookup("moghedien.flame.org."); /* should fetch */
+ lookup("mailrelay.flame.org."); /* should fetch */
+ lookup("ipv4v6.flame.org."); /* should fetch */
+ lookup("nonexistant.flame.org."); /* should fail to be found */
+ lookup("foobar.badns.flame.org."); /* should fail utterly (NS) */
+ lookup("i.root-servers.net."); /* Should be in hints */
+ lookup("www.firstcard.com.");
+ lookup("dns04.flame.org.");
+ CUNLOCK();
+
+ sleep(10);
+
+ dns_adb_dump(adb, stderr);
+
+ sleep(10);
+
+ CLOCK();
+ lookup("f.root-servers.net."); /* Should be in hints */
+ lookup("www.iengines.com"); /* should fetch */
+ lookup("www.isc.org"); /* should fetch */
+ lookup("www.flame.org"); /* should fetch */
+ lookup("kechara.flame.org."); /* should fetch */
+ lookup("moghedien.flame.org."); /* should fetch */
+ lookup("mailrelay.flame.org."); /* should fetch */
+ lookup("ipv4v6.flame.org."); /* should fetch */
+ lookup("nonexistant.flame.org."); /* should fail to be found */
+ lookup("foobar.badns.flame.org."); /* should fail utterly (NS) */
+ lookup("i.root-servers.net."); /* Should be in hints */
+ CUNLOCK();
+
+ sleep(20);
+
+ dns_adb_dump(adb, stderr);
+
+ isc_task_detach(&t1);
+ isc_task_detach(&t2);
+
+ isc_mem_stats(mctx, stdout);
+ dns_adb_dump(adb, stderr);
+
+ isc_app_run();
+
+ dns_adb_dump(adb, stderr);
+
+ dns_view_detach(&view);
+ adb = NULL;
+
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ fprintf(stderr, "Destroying task manager\n");
+ isc_taskmgr_destroy(&taskmgr);
+
+ isc_log_destroy(&lctx);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mempool_destroy(&cmp);
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/b8t.mk b/bin/tests/b8t.mk
new file mode 100644
index 0000000..55923dc
--- /dev/null
+++ b/bin/tests/b8t.mk
@@ -0,0 +1,63 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: b8t.mk,v 1.11 2007/06/19 23:46:59 tbox Exp $
+
+#
+# bind 8 multi-host make
+# PLATFORM set in the environment by cron
+#
+
+MODULE = bind
+BASE = /build
+BDIR = $(BASE)/$(MODULE)
+RDIR = /proj/build-reports/bind8/hosts/$(PLATFORM)
+SDIR = $(HOME)/b8t/src
+CVSROOT = /proj/cvs/isc
+
+all: clobber populate config build
+
+clobber:
+ @echo "CLOBBBER `date`"
+ @if test ! -d $(BASE) ; then mkdir -p $(BASE) ; fi
+ @rm -fr $(BDIR)
+ @echo "DONE `date`"
+
+populate:
+ @echo "POPULATE `date`"
+ @( cd $(BASE) && tar -xvf $(SDIR)/$(MODULE).tar ) > $(RDIR)/.populate 2>&1
+ @echo "DONE `date`"
+
+tarsrc:
+ @echo "TARSRC `date`"
+ @rm -fr $(SDIR)/$(MODULE)
+ @( cd $(SDIR) && cvs -d $(CVSROOT) checkout $(MODULE) )
+ @( cd $(SDIR) && tar -cvf $(MODULE).tar $(MODULE) )
+ @echo "DONE `date`"
+
+config:
+ @echo "CONFIG `date`"
+ @( cd $(BDIR)/src && make SRC=$(BDIR)/src DST=$(BDIR)/dst links ) > $(RDIR)/.config 2>&1
+ @echo "DONE `date`"
+
+build:
+ @echo "BUILD `date`"
+ @( cd $(BDIR)/dst && make -k clean depend all ) > $(RDIR)/.build 2>&1
+ @echo "DONE `date`"
+
+test:
+ @echo "TEST `date`"
+ @touch $(RDIR)/.test
+ @echo "DONE `date`"
diff --git a/bin/tests/b9t.mk b/bin/tests/b9t.mk
new file mode 100644
index 0000000..96f04fb
--- /dev/null
+++ b/bin/tests/b9t.mk
@@ -0,0 +1,68 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: b9t.mk,v 1.13 2007/06/19 23:46:59 tbox Exp $
+
+#
+# makefile to configure, build and test bind9
+# this is run by cron (user wpk) on aa, sol, irix, hp and aix
+# $PLATFORM is set in the environment by cron
+#
+
+BASE = /build
+BDIR = $(BASE)
+MODULE = bind9
+SDIR = $(HOME)/b9t/src
+
+# as it says
+CVSROOT = /proj/cvs/isc
+
+# where the config, build and test output goes
+RDIR = /proj/build-reports/$(MODULE)/hosts/$(PLATFORM)
+
+all: clobber populate config build test
+
+clobber:
+ @echo "CLOBBBER `date`"
+ @if test ! -d $(BDIR) ; then mkdir -p $(BDIR) > /dev/null 2>&1 ; fi
+ @( cd $(BDIR) && rm -fr $(MODULE) )
+ @echo "DONE `date`"
+
+populate:
+ @echo "POPULATE `date`"
+ @( cd $(BDIR) && tar -xvf $(SDIR)/$(MODULE).tar ) > $(RDIR)/.populate 2>&1
+ @echo "DONE `date`"
+
+config:
+ @echo "CONFIG `date`"
+ @( cd $(BDIR)/$(MODULE) && ./configure ) > $(RDIR)/.config 2>&1
+ @echo "DONE `date`"
+
+build:
+ @echo "BUILD `date`"
+ @( cd $(BDIR)/$(MODULE) && $(MAKE) -k all ) > $(RDIR)/.build 2>&1
+ @echo "DONE `date`"
+
+test:
+ @echo "TEST `date`"
+ -@( cd $(BDIR)/$(MODULE)/bin/tests && $(MAKE) test ) > $(RDIR)/.test 2>&1
+ @echo "DONE `date`"
+
+tarsrc:
+ @echo "TARSRC `date`"
+ @rm -fr $(SDIR)/$(MODULE)
+ @( cd $(SDIR) && cvs -d $(CVSROOT) checkout $(MODULE) && tar -cvf $(MODULE).tar $(MODULE) )
+ @echo "DONE `date`"
+
diff --git a/bin/tests/byaddr_test.c b/bin/tests/byaddr_test.c
new file mode 100644
index 0000000..773b528
--- /dev/null
+++ b/bin/tests/byaddr_test.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: byaddr_test.c,v 1.28 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file
+ * \author
+ * Principal Author: Bob Halley
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/netaddr.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/byaddr.h>
+#include <dns/cache.h>
+#include <dns/dispatch.h>
+#include <dns/events.h>
+#include <dns/forward.h>
+#include <dns/resolver.h>
+#include <dns/result.h>
+#include <dns/view.h>
+
+static void
+done(isc_task_t *task, isc_event_t *event) {
+ dns_byaddrevent_t *bevent;
+ dns_byaddr_t *byaddr;
+ dns_name_t *name;
+
+ REQUIRE(event->ev_type == DNS_EVENT_BYADDRDONE);
+ bevent = (dns_byaddrevent_t *)event;
+
+ UNUSED(task);
+
+ printf("byaddr event result = %s\n",
+ isc_result_totext(bevent->result));
+
+ if (bevent->result == ISC_R_SUCCESS) {
+ for (name = ISC_LIST_HEAD(bevent->names);
+ name != NULL;
+ name = ISC_LIST_NEXT(name, link)) {
+ char text[DNS_NAME_FORMATSIZE];
+ dns_name_format(name, text, sizeof(text));
+ printf("%s\n", text);
+ }
+ }
+
+ byaddr = event->ev_sender;
+ dns_byaddr_destroy(&byaddr);
+ isc_event_free(&event);
+
+ isc_app_shutdown();
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_mem_t *mctx;
+ isc_boolean_t verbose = ISC_FALSE;
+ unsigned int workers = 2;
+ isc_taskmgr_t *taskmgr;
+ isc_task_t *task;
+ isc_timermgr_t *timermgr;
+ dns_view_t *view;
+ int ch;
+ isc_socketmgr_t *socketmgr;
+ dns_dispatchmgr_t *dispatchmgr;
+ isc_netaddr_t na;
+ dns_byaddr_t *byaddr;
+ isc_result_t result;
+ unsigned int options = 0;
+ dns_cache_t *cache;
+
+ RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ while ((ch = isc_commandline_parse(argc, argv, "nvw:")) != -1) {
+ switch (ch) {
+ case 'n':
+ /*
+ * We only try nibbles, so do nothing for this option.
+ */
+ break;
+ case 'v':
+ verbose = ISC_TRUE;
+ break;
+ case 'w':
+ workers = (unsigned int)atoi(isc_commandline_argument);
+ break;
+ }
+ }
+
+ if (verbose) {
+ printf("%u workers\n", workers);
+ printf("IPv4: %s\n", isc_result_totext(isc_net_probeipv4()));
+ printf("IPv6: %s\n", isc_result_totext(isc_net_probeipv6()));
+ }
+
+ taskmgr = NULL;
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, workers, 0, &taskmgr)
+ == ISC_R_SUCCESS);
+ task = NULL;
+ RUNTIME_CHECK(isc_task_create(taskmgr, 0, &task)
+ == ISC_R_SUCCESS);
+ isc_task_setname(task, "byaddr", NULL);
+
+ dispatchmgr = NULL;
+ RUNTIME_CHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)
+ == ISC_R_SUCCESS);
+
+ timermgr = NULL;
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) == ISC_R_SUCCESS);
+ socketmgr = NULL;
+ RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
+
+ cache = NULL;
+ RUNTIME_CHECK(dns_cache_create(mctx, taskmgr, timermgr,
+ dns_rdataclass_in, "rbt", 0, NULL,
+ &cache) == ISC_R_SUCCESS);
+
+ view = NULL;
+ RUNTIME_CHECK(dns_view_create(mctx, dns_rdataclass_in, "default",
+ &view) == ISC_R_SUCCESS);
+
+ {
+ unsigned int attrs;
+ dns_dispatch_t *disp4 = NULL;
+ dns_dispatch_t *disp6 = NULL;
+
+ if (isc_net_probeipv4() == ISC_R_SUCCESS) {
+ isc_sockaddr_t any4;
+
+ isc_sockaddr_any(&any4);
+
+ attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+ RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr,
+ socketmgr,
+ taskmgr, &any4,
+ 512, 6, 1024,
+ 17, 19, attrs,
+ attrs, &disp4)
+ == ISC_R_SUCCESS);
+ INSIST(disp4 != NULL);
+ }
+
+ if (isc_net_probeipv6() == ISC_R_SUCCESS) {
+ isc_sockaddr_t any6;
+
+ isc_sockaddr_any6(&any6);
+
+ attrs = DNS_DISPATCHATTR_IPV6 | DNS_DISPATCHATTR_UDP;
+ RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr,
+ socketmgr,
+ taskmgr, &any6,
+ 512, 6, 1024,
+ 17, 19, attrs,
+ attrs, &disp6)
+ == ISC_R_SUCCESS);
+ INSIST(disp6 != NULL);
+ }
+
+ RUNTIME_CHECK(dns_view_createresolver(view, taskmgr, 10,
+ socketmgr,
+ timermgr, 0,
+ dispatchmgr,
+ disp4, disp6) ==
+ ISC_R_SUCCESS);
+
+ if (disp4 != NULL)
+ dns_dispatch_detach(&disp4);
+ if (disp6 != NULL)
+ dns_dispatch_detach(&disp6);
+ }
+
+ {
+ struct in_addr ina;
+ isc_sockaddr_t sa;
+ isc_sockaddrlist_t sal;
+
+ ISC_LIST_INIT(sal);
+ ina.s_addr = inet_addr("127.0.0.1");
+ isc_sockaddr_fromin(&sa, &ina, 53);
+ ISC_LIST_APPEND(sal, &sa, link);
+
+ RUNTIME_CHECK(dns_fwdtable_add(view->fwdtable, dns_rootname,
+ &sal, dns_fwdpolicy_only)
+ == ISC_R_SUCCESS);
+ }
+
+ dns_view_setcache(view, cache);
+ dns_view_freeze(view);
+
+ dns_cache_detach(&cache);
+
+ printf("address = %s\n", argv[isc_commandline_index]);
+ na.family = AF_INET;
+ if (inet_pton(AF_INET, argv[isc_commandline_index],
+ (char *)&na.type.in) != 1) {
+ na.family = AF_INET6;
+ if (inet_pton(AF_INET6, argv[isc_commandline_index],
+ (char *)&na.type.in6) != 1) {
+ printf("unknown address format\n");
+ exit(1);
+ }
+ }
+
+ result = dns_byaddr_create(mctx, &na, view, options, task,
+ done, NULL, &byaddr);
+ if (result != ISC_R_SUCCESS) {
+ printf("dns_byaddr_create() returned %s\n",
+ isc_result_totext(result));
+ RUNTIME_CHECK(0);
+ }
+
+ (void)isc_app_run();
+
+ /*
+ * XXXRTH if we get a control-C before we get to isc_app_run(),
+ * we're in trouble (because we might try to destroy things before
+ * they've been created.
+ */
+
+ dns_view_detach(&view);
+
+ isc_task_shutdown(task);
+ isc_task_detach(&task);
+
+ dns_dispatchmgr_destroy(&dispatchmgr);
+
+ isc_taskmgr_destroy(&taskmgr);
+
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ if (verbose)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/byname_test.c b/bin/tests/byname_test.c
new file mode 100644
index 0000000..fdf45a9
--- /dev/null
+++ b/bin/tests/byname_test.c
@@ -0,0 +1,376 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: byname_test.c,v 1.31 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file
+ * \author
+ * Principal Author: Bob Halley
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/netaddr.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/cache.h>
+#include <dns/dispatch.h>
+#include <dns/events.h>
+#include <dns/forward.h>
+#include <dns/log.h>
+#include <dns/resolver.h>
+#include <dns/result.h>
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+static isc_taskmgr_t *taskmgr;
+static dns_view_t *view = NULL;
+static dns_adbfind_t *find = NULL;
+static isc_task_t *task = NULL;
+static dns_fixedname_t name;
+static dns_fixedname_t target;
+static isc_log_t *lctx;
+static isc_logconfig_t *lcfg;
+static unsigned int level = 0;
+
+static void adb_callback(isc_task_t *task, isc_event_t *event);
+
+static void
+log_init(void) {
+ isc_logdestination_t destination;
+ unsigned int flags;
+
+ /*
+ * Setup a logging context.
+ */
+ RUNTIME_CHECK(isc_log_create(mctx, &lctx, &lcfg) == ISC_R_SUCCESS);
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+
+ /*
+ * Create and install the default channel.
+ */
+ destination.file.stream = stderr;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ flags = ISC_LOG_PRINTTIME;
+ RUNTIME_CHECK(isc_log_createchannel(lcfg, "_default",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, flags) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_log_usechannel(lcfg, "_default", NULL, NULL) ==
+ ISC_R_SUCCESS);
+ isc_log_setdebuglevel(lctx, level);
+}
+
+static void
+print_addresses(dns_adbfind_t *find) {
+ dns_adbaddrinfo_t *address;
+
+ for (address = ISC_LIST_HEAD(find->list);
+ address != NULL;
+ address = ISC_LIST_NEXT(address, publink)) {
+ isc_netaddr_t netaddr;
+ char text[ISC_NETADDR_FORMATSIZE];
+ isc_netaddr_fromsockaddr(&netaddr, &address->sockaddr);
+ isc_netaddr_format(&netaddr, text, sizeof(text));
+ printf("%s\n", text);
+ }
+}
+
+static void
+print_name(dns_name_t *name) {
+ char text[DNS_NAME_FORMATSIZE];
+
+ dns_name_format(name, text, sizeof(text));
+ printf("%s\n", text);
+}
+
+static void
+do_find(isc_boolean_t want_event) {
+ isc_result_t result;
+ isc_boolean_t done = ISC_FALSE;
+ unsigned int options;
+
+ options = DNS_ADBFIND_INET | DNS_ADBFIND_INET6;
+ if (want_event)
+ options |= DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_EMPTYEVENT;
+ dns_fixedname_init(&target);
+ result = dns_adb_createfind(view->adb, task, adb_callback, NULL,
+ dns_fixedname_name(&name),
+ dns_rootname, 0, options, 0,
+ dns_fixedname_name(&target), 0,
+ &find);
+ if (result == ISC_R_SUCCESS) {
+ if (!ISC_LIST_EMPTY(find->list)) {
+ /*
+ * We have at least some of the addresses for the
+ * name.
+ */
+ INSIST((find->options & DNS_ADBFIND_WANTEVENT) == 0);
+ print_addresses(find);
+ done = ISC_TRUE;
+ } else {
+ /*
+ * We don't know any of the addresses for this
+ * name.
+ */
+ if ((find->options & DNS_ADBFIND_WANTEVENT) == 0) {
+ /*
+ * And ADB isn't going to send us any events
+ * either. This query loses.
+ */
+ done = ISC_TRUE;
+ }
+ /*
+ * If the DNS_ADBFIND_WANTEVENT flag was set, we'll
+ * get an event when something happens.
+ */
+ }
+ } else if (result == DNS_R_ALIAS) {
+ print_name(dns_fixedname_name(&target));
+ done = ISC_TRUE;
+ } else {
+ printf("dns_adb_createfind() returned %s\n",
+ isc_result_totext(result));
+ done = ISC_TRUE;
+ }
+
+ if (done) {
+ if (find != NULL)
+ dns_adb_destroyfind(&find);
+ isc_app_shutdown();
+ }
+}
+
+static void
+adb_callback(isc_task_t *etask, isc_event_t *event) {
+ unsigned int type = event->ev_type;
+
+ REQUIRE(etask == task);
+
+ isc_event_free(&event);
+ dns_adb_destroyfind(&find);
+
+ if (type == DNS_EVENT_ADBMOREADDRESSES)
+ do_find(ISC_FALSE);
+ else if (type == DNS_EVENT_ADBNOMOREADDRESSES) {
+ printf("no more addresses\n");
+ isc_app_shutdown();
+ } else {
+ printf("unexpected ADB event type %u\n", type);
+ isc_app_shutdown();
+ }
+}
+
+static void
+run(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+ do_find(ISC_TRUE);
+ isc_event_free(&event);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_boolean_t verbose = ISC_FALSE;
+ unsigned int workers = 2;
+ isc_timermgr_t *timermgr;
+ int ch;
+ isc_socketmgr_t *socketmgr;
+ dns_dispatchmgr_t *dispatchmgr;
+ dns_cache_t *cache;
+ isc_buffer_t b;
+
+ RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
+
+ dns_result_register();
+
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+ == ISC_R_SUCCESS);
+
+ while ((ch = isc_commandline_parse(argc, argv, "d:vw:")) != -1) {
+ switch (ch) {
+ case 'd':
+ level = (unsigned int)atoi(isc_commandline_argument);
+ break;
+ case 'v':
+ verbose = ISC_TRUE;
+ break;
+ case 'w':
+ workers = (unsigned int)atoi(isc_commandline_argument);
+ break;
+ }
+ }
+
+ log_init();
+
+ if (verbose) {
+ printf("%u workers\n", workers);
+ printf("IPv4: %s\n", isc_result_totext(isc_net_probeipv4()));
+ printf("IPv6: %s\n", isc_result_totext(isc_net_probeipv6()));
+ }
+
+ taskmgr = NULL;
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, workers, 0, &taskmgr) ==
+ ISC_R_SUCCESS);
+ task = NULL;
+ RUNTIME_CHECK(isc_task_create(taskmgr, 0, &task) ==
+ ISC_R_SUCCESS);
+ isc_task_setname(task, "byname", NULL);
+
+ dispatchmgr = NULL;
+ RUNTIME_CHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)
+ == ISC_R_SUCCESS);
+
+ timermgr = NULL;
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) == ISC_R_SUCCESS);
+ socketmgr = NULL;
+ RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
+
+ cache = NULL;
+ RUNTIME_CHECK(dns_cache_create(mctx, taskmgr, timermgr,
+ dns_rdataclass_in, "rbt", 0, NULL,
+ &cache) == ISC_R_SUCCESS);
+
+ view = NULL;
+ RUNTIME_CHECK(dns_view_create(mctx, dns_rdataclass_in, "default",
+ &view) == ISC_R_SUCCESS);
+
+ {
+ unsigned int attrs;
+ dns_dispatch_t *disp4 = NULL;
+ dns_dispatch_t *disp6 = NULL;
+
+ if (isc_net_probeipv4() == ISC_R_SUCCESS) {
+ isc_sockaddr_t any4;
+ isc_sockaddr_any(&any4);
+
+ attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+ RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr,
+ socketmgr,
+ taskmgr, &any4,
+ 512, 6, 1024,
+ 17, 19, attrs,
+ attrs, &disp4)
+ == ISC_R_SUCCESS);
+ INSIST(disp4 != NULL);
+ }
+
+ if (isc_net_probeipv6() == ISC_R_SUCCESS) {
+ isc_sockaddr_t any6;
+
+ isc_sockaddr_any6(&any6);
+
+ attrs = DNS_DISPATCHATTR_IPV6 | DNS_DISPATCHATTR_UDP;
+ RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr,
+ socketmgr,
+ taskmgr, &any6,
+ 512, 6, 1024,
+ 17, 19, attrs,
+ attrs, &disp6)
+ == ISC_R_SUCCESS);
+ INSIST(disp6 != NULL);
+ }
+
+ RUNTIME_CHECK(dns_view_createresolver(view, taskmgr, 10,
+ socketmgr,
+ timermgr, 0,
+ dispatchmgr,
+ disp4, disp6) ==
+ ISC_R_SUCCESS);
+
+ if (disp4 != NULL)
+ dns_dispatch_detach(&disp4);
+ if (disp6 != NULL)
+ dns_dispatch_detach(&disp6);
+ }
+
+ {
+ struct in_addr ina;
+ isc_sockaddr_t sa;
+ isc_sockaddrlist_t sal;
+
+ ISC_LIST_INIT(sal);
+ ina.s_addr = inet_addr("127.0.0.1");
+ isc_sockaddr_fromin(&sa, &ina, 53);
+ ISC_LIST_APPEND(sal, &sa, link);
+
+ RUNTIME_CHECK(dns_fwdtable_add(view->fwdtable, dns_rootname,
+ &sal, dns_fwdpolicy_only)
+ == ISC_R_SUCCESS);
+ }
+
+ dns_view_setcache(view, cache);
+ dns_view_freeze(view);
+
+ dns_cache_detach(&cache);
+
+ printf("name = %s\n", argv[isc_commandline_index]);
+ isc_buffer_init(&b, argv[isc_commandline_index],
+ strlen(argv[isc_commandline_index]));
+ isc_buffer_add(&b, strlen(argv[isc_commandline_index]));
+ dns_fixedname_init(&name);
+ dns_fixedname_init(&target);
+ RUNTIME_CHECK(dns_name_fromtext(dns_fixedname_name(&name), &b,
+ dns_rootname, ISC_FALSE, NULL) ==
+ ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_app_onrun(mctx, task, run, NULL) == ISC_R_SUCCESS);
+
+ (void)isc_app_run();
+
+ dns_view_detach(&view);
+ isc_task_shutdown(task);
+ isc_task_detach(&task);
+
+ dns_dispatchmgr_destroy(&dispatchmgr);
+
+ isc_taskmgr_destroy(&taskmgr);
+
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ isc_log_destroy(&lctx);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ if (verbose)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/cfg_test.c b/bin/tests/cfg_test.c
new file mode 100644
index 0000000..77c9712
--- /dev/null
+++ b/bin/tests/cfg_test.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: cfg_test.c,v 1.19 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <errno.h>
+#include <stdlib.h>
+
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <dns/log.h>
+
+static void
+check_result(isc_result_t result, const char *format, ...) {
+ va_list args;
+
+ if (result == ISC_R_SUCCESS)
+ return;
+
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, ": %s\n", isc_result_totext(result));
+ exit(1);
+}
+
+static void
+output(void *closure, const char *text, int textlen) {
+ UNUSED(closure);
+ (void) fwrite(text, 1, textlen, stdout);
+}
+
+static void
+usage(void) {
+ fprintf(stderr, "usage: cfg_test --rndc|--named "
+ "[--grammar] [--memstats] conffile\n");
+ exit(1);
+}
+
+int
+main(int argc, char **argv) {
+ isc_result_t result;
+ isc_mem_t *mctx = NULL;
+ isc_log_t *lctx = NULL;
+ isc_logconfig_t *lcfg = NULL;
+ isc_logdestination_t destination;
+ cfg_parser_t *pctx = NULL;
+ cfg_obj_t *cfg = NULL;
+ cfg_type_t *type = NULL;
+ isc_boolean_t grammar = ISC_FALSE;
+ isc_boolean_t memstats = ISC_FALSE;
+ char *filename = NULL;
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ result = isc_log_create(mctx, &lctx, &lcfg);
+ check_result(result, "isc_log_create()");
+ isc_log_setcontext(lctx);
+
+ /*
+ * Create and install the default channel.
+ */
+ destination.file.stream = stderr;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ result = isc_log_createchannel(lcfg, "_default",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, ISC_LOG_PRINTTIME);
+ check_result(result, "isc_log_createchannel()");
+ result = isc_log_usechannel(lcfg, "_default", NULL, NULL);
+ check_result(result, "isc_log_usechannel()");
+
+ /*
+ * Set the initial debug level.
+ */
+ isc_log_setdebuglevel(lctx, 2);
+
+ if (argc < 3)
+ usage();
+
+ while (argc > 1) {
+ if (strcmp(argv[1], "--grammar") == 0) {
+ grammar = ISC_TRUE;
+ } else if (strcmp(argv[1], "--memstats") == 0) {
+ memstats = ISC_TRUE;
+ } else if (strcmp(argv[1], "--named") == 0) {
+ type = &cfg_type_namedconf;
+ } else if (strcmp(argv[1], "--rndc") == 0) {
+ type = &cfg_type_rndcconf;
+ } else if (argv[1][0] == '-') {
+ usage();
+ } else {
+ filename = argv[1];
+ }
+ argv++, argc--;
+ }
+
+ if (grammar) {
+ if (type == NULL)
+ usage();
+ cfg_print_grammar(type, output, NULL);
+ } else {
+ if (type == NULL || filename == NULL)
+ usage();
+ RUNTIME_CHECK(cfg_parser_create(mctx, lctx, &pctx) == ISC_R_SUCCESS);
+
+ result = cfg_parse_file(pctx, filename, type, &cfg);
+
+ fprintf(stderr, "read config: %s\n", isc_result_totext(result));
+
+ if (result != ISC_R_SUCCESS)
+ exit(1);
+
+ cfg_print(cfg, output, NULL);
+
+ cfg_obj_destroy(pctx, &cfg);
+
+ cfg_parser_destroy(&pctx);
+ }
+
+ isc_log_destroy(&lctx);
+ if (memstats)
+ isc_mem_stats(mctx, stderr);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/compress_test.c b/bin/tests/compress_test.c
new file mode 100644
index 0000000..8284dc1
--- /dev/null
+++ b/bin/tests/compress_test.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: compress_test.c,v 1.34 2007/06/18 23:47:26 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/compress.h>
+#include <dns/name.h>
+
+unsigned char plain1[] = "\003yyy\003foo";
+unsigned char plain2[] = "\003bar\003yyy\003foo";
+unsigned char plain3[] = "\003xxx\003bar\003foo";
+unsigned char plain[] = "\003yyy\003foo\0\003bar\003yyy\003foo\0\003"
+ "bar\003yyy\003foo\0\003xxx\003bar\003foo";
+
+/*
+ * Result concatenate (plain1, plain2, plain2, plain3).
+ */
+int raw = 0;
+int verbose = 0;
+
+void
+test(unsigned int, dns_name_t *, dns_name_t *, dns_name_t *,
+ unsigned char *, unsigned int);
+
+int
+main(int argc, char *argv[]) {
+ dns_name_t name1;
+ dns_name_t name2;
+ dns_name_t name3;
+ isc_region_t region;
+ int c;
+
+ while ((c = isc_commandline_parse(argc, argv, "rv")) != -1) {
+ switch (c) {
+ case 'r':
+ raw++;
+ break;
+ case 'v':
+ verbose++;
+ break;
+ }
+ }
+
+ dns_name_init(&name1, NULL);
+ region.base = plain1;
+ region.length = sizeof(plain1);
+ dns_name_fromregion(&name1, &region);
+
+ dns_name_init(&name2, NULL);
+ region.base = plain2;
+ region.length = sizeof(plain2);
+ dns_name_fromregion(&name2, &region);
+
+ dns_name_init(&name3, NULL);
+ region.base = plain3;
+ region.length = sizeof(plain3);
+ dns_name_fromregion(&name3, &region);
+
+ test(DNS_COMPRESS_NONE, &name1, &name2, &name3, plain, sizeof(plain));
+ test(DNS_COMPRESS_GLOBAL14, &name1, &name2, &name3, plain,
+ sizeof(plain));
+ test(DNS_COMPRESS_ALL, &name1, &name2, &name3, plain, sizeof(plain));
+
+ return (0);
+}
+
+void
+test(unsigned int allowed, dns_name_t *name1, dns_name_t *name2,
+ dns_name_t *name3, unsigned char *result, unsigned int length)
+{
+ isc_mem_t *mctx = NULL;
+ dns_compress_t cctx;
+ dns_decompress_t dctx;
+ isc_buffer_t source;
+ isc_buffer_t target;
+ dns_name_t name;
+ unsigned char buf1[1024];
+ unsigned char buf2[1024];
+
+ if (verbose) {
+ const char *s;
+ switch (allowed) {
+ case DNS_COMPRESS_NONE: s = "DNS_COMPRESS_NONE"; break;
+ case DNS_COMPRESS_GLOBAL14: s = "DNS_COMPRESS_GLOBAL14"; break;
+ /* case DNS_COMPRESS_ALL: s = "DNS_COMPRESS_ALL"; break; */
+ default: s = "UNKNOWN"; break;
+ }
+ fprintf(stdout, "Allowed = %s\n", s);
+ }
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ isc_buffer_init(&source, buf1, sizeof(buf1));
+ RUNTIME_CHECK(dns_compress_init(&cctx, -1, mctx) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(dns_name_towire(name1, &cctx, &source) == ISC_R_SUCCESS);
+
+ /*
+ RUNTIME_CHECK(dns_compress_localinit(&cctx, name1, &source) ==
+ ISC_R_SUCCESS);
+ */
+ dns_compress_setmethods(&cctx, allowed);
+ RUNTIME_CHECK(dns_name_towire(name2, &cctx, &source) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_towire(name2, &cctx, &source) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_towire(name3, &cctx, &source) == ISC_R_SUCCESS);
+
+ /*
+ dns_compress_localinvalidate(&cctx);
+ */
+ dns_compress_rollback(&cctx, 0); /* testing only */
+ dns_compress_invalidate(&cctx);
+
+ if (raw) {
+ unsigned int i;
+ for (i = 0; i < source.used; /* */ ) {
+ fprintf(stdout, "%02x",
+ ((unsigned char *)source.base)[i]);
+ if ((++i % 20) == 0)
+ fputs("\n", stdout);
+ else
+ if (i == source.used)
+ fputs("\n", stdout);
+ else
+ fputs(" ", stdout);
+ }
+ }
+
+ isc_buffer_setactive(&source, source.used);
+ isc_buffer_init(&target, buf2, sizeof(buf2));
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+
+ dns_name_init(&name, NULL);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, &dctx, ISC_FALSE,
+ &target) == ISC_R_SUCCESS);
+ dns_decompress_setmethods(&dctx, allowed);
+ /*
+ dns_decompress_localinit(&dctx, &name, &source);
+ */
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, &dctx, ISC_FALSE,
+ &target) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, &dctx, ISC_FALSE,
+ &target) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, &dctx, ISC_FALSE,
+ &target) == ISC_R_SUCCESS);
+ /*
+ dns_decompress_localinvalidate(&dctx);
+ */
+ dns_decompress_invalidate(&dctx);
+
+ if (raw) {
+ unsigned int i;
+ for (i = 0; i < target.used; /* */ ) {
+ fprintf(stdout, "%02x",
+ ((unsigned char *)target.base)[i]);
+ if ((++i % 20) == 0)
+ fputs("\n", stdout);
+ else
+ if (i == target.used)
+ fputs("\n", stdout);
+ else
+ fputs(" ", stdout);
+ }
+ fputs("\n", stdout);
+ fflush(stdout);
+ }
+
+ RUNTIME_CHECK(target.used == length);
+ RUNTIME_CHECK(memcmp(target.base, result, target.used) == 0);
+ isc_mem_destroy(&mctx);
+}
diff --git a/bin/tests/db/Makefile.in b/bin/tests/db/Makefile.in
new file mode 100644
index 0000000..13ebad2
--- /dev/null
+++ b/bin/tests/db/Makefile.in
@@ -0,0 +1,57 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.29 2007/06/19 23:46:59 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TLIB = ../../../lib/tests/libt_api.@A@
+
+SRCS = t_db.c
+
+TARGETS = t_db@EXEEXT@
+
+@BIND9_MAKE_RULES@
+
+t_db@EXEEXT@: t_db.@O@ ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_db.@O@ ${TLIB} ${LIBS}
+
+test: t_db@EXEEXT@
+ -@./t_db@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -a
+
+testhelp:
+ @./t_db -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/db/dns_db_class_1.data b/bin/tests/db/dns_db_class_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_class_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_class_data b/bin/tests/db/dns_db_class_data
new file mode 100644
index 0000000..55a0cf8
--- /dev/null
+++ b/bin/tests/db/dns_db_class_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_db_class
+#
+# format:
+# filename class
+#
+#
+dns_db_class_1.data in
+# dns_db_class_1.data any
diff --git a/bin/tests/db/dns_db_closeversion_1.data b/bin/tests/db/dns_db_closeversion_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_closeversion_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_closeversion_1_data b/bin/tests/db/dns_db_closeversion_1_data
new file mode 100644
index 0000000..7bfd5b0
--- /dev/null
+++ b/bin/tests/db/dns_db_closeversion_1_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_closeversion test 1
+#
+# format:
+# filename type origin class cache new_name new_type existing_name existing_type
+#
+dns_db_closeversion_1.data rbt vix.com. in zone a.b.c.vix.com. A a.vix.com. NS
diff --git a/bin/tests/db/dns_db_closeversion_2.data b/bin/tests/db/dns_db_closeversion_2.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_closeversion_2.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_closeversion_2_data b/bin/tests/db/dns_db_closeversion_2_data
new file mode 100644
index 0000000..e5bcf4d
--- /dev/null
+++ b/bin/tests/db/dns_db_closeversion_2_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_closeversion test 2
+#
+# format:
+# filename type origin class cache new_name new_type existing_name existing_type
+#
+dns_db_closeversion_1.data rbt vix.com. in zone a.b.c.vix.com. A a.vix.com. NS
diff --git a/bin/tests/db/dns_db_currentversion.data b/bin/tests/db/dns_db_currentversion.data
new file mode 100644
index 0000000..b7cb868
--- /dev/null
+++ b/bin/tests/db/dns_db_currentversion.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a.b.c.vix.com. a 1.2.3.4
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_currentversion_data b/bin/tests/db/dns_db_currentversion_data
new file mode 100644
index 0000000..e4a095e
--- /dev/null
+++ b/bin/tests/db/dns_db_currentversion_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_currentversion
+#
+# format:
+# filename findname findtype
+#
+dns_db_currentversion.data rbt vix.com. IN zone a.b.c.vix.com. A
diff --git a/bin/tests/db/dns_db_expirenode.data b/bin/tests/db/dns_db_expirenode.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_expirenode.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_expirenode_data b/bin/tests/db/dns_db_expirenode_data
new file mode 100644
index 0000000..f51858a
--- /dev/null
+++ b/bin/tests/db/dns_db_expirenode_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_expirenode
+#
+# format:
+# filename type origin class existing_name existing_type
+#
+dns_db_expirenode.data rbt vix.com. in a.vix.com. 10000 0 ISC_R_NOTFOUND
diff --git a/bin/tests/db/dns_db_find_1.data b/bin/tests/db/dns_db_find_1.data
new file mode 100644
index 0000000..8cfc69c
--- /dev/null
+++ b/bin/tests/db/dns_db_find_1.data
@@ -0,0 +1,12 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
+a.b.c in ns b
diff --git a/bin/tests/db/dns_db_find_10.data b/bin/tests/db/dns_db_find_10.data
new file mode 100644
index 0000000..ca1fc5e
--- /dev/null
+++ b/bin/tests/db/dns_db_find_10.data
@@ -0,0 +1,10 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+a.b.c in NS ns1.vix.com.
+a.b.c in A 1.2.3.4
diff --git a/bin/tests/db/dns_db_find_10_data b/bin/tests/db/dns_db_find_10_data
new file mode 100644
index 0000000..d1ab1d3
--- /dev/null
+++ b/bin/tests/db/dns_db_find_10_data
@@ -0,0 +1,8 @@
+#
+# test data for dns_db_find expiration time handling
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_10.data rbt vix.com. in cache a.b.c.vix.com. NS 0 1010 ISC_R_NOTFOUND
+dns_db_find_10.data rbt vix.com. in cache a.b.c.vix.com. NS 0 0 ISC_R_SUCCESS
diff --git a/bin/tests/db/dns_db_find_1_data b/bin/tests/db/dns_db_find_1_data
new file mode 100644
index 0000000..e1664cf
--- /dev/null
+++ b/bin/tests/db/dns_db_find_1_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_find best match
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_1.data rbt vix.com. in zone a.b.c.vix.com. NS DNS_DB_GLUEOK 0 DNS_R_DELEGATION
diff --git a/bin/tests/db/dns_db_find_2.data b/bin/tests/db/dns_db_find_2.data
new file mode 100644
index 0000000..ab4b435
--- /dev/null
+++ b/bin/tests/db/dns_db_find_2.data
@@ -0,0 +1,9 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+fx in ns a.fx.vix.com.
+a.fx in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_find_2_data b/bin/tests/db/dns_db_find_2_data
new file mode 100644
index 0000000..0e3ffca
--- /dev/null
+++ b/bin/tests/db/dns_db_find_2_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_db_find DNS_R_GLUE
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_2.data rbt vix.com. in zone a.fx.vix.com. A DNS_DBFIND_GLUEOK 0 DNS_R_GLUE
+dns_db_find_2.data rbt vix.com. in zone fx.vix.com. NS DNS_DBFIND_GLUEOK 0 DNS_R_GLUE
+dns_db_find_2.data rbt vix.com. in zone a.fx.vix.com. NS DNS_DBFIND_GLUEOK 0 DNS_R_DELEGATION
diff --git a/bin/tests/db/dns_db_find_3.data b/bin/tests/db/dns_db_find_3.data
new file mode 100644
index 0000000..d126e91
--- /dev/null
+++ b/bin/tests/db/dns_db_find_3.data
@@ -0,0 +1,10 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a.b.c in ns b
+a.a.b.c in a 10.0.0.1
+b in a 10.0.0.2
diff --git a/bin/tests/db/dns_db_find_3_data b/bin/tests/db/dns_db_find_3_data
new file mode 100644
index 0000000..a8e1223
--- /dev/null
+++ b/bin/tests/db/dns_db_find_3_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_db_find DNS_R_DELAGATION
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_3.data rbt vix.com. in zone a.b.c.vix.com. NS DNS_DB_GLUEOK 0 DNS_R_DELEGATION
+dns_db_find_3.data rbt vix.com. in zone a.a.b.c.vix.com. NS DNS_DB_GLUEOK 0 DNS_R_DELEGATION
+dns_db_find_3.data rbt vix.com. in zone a.a.b.c.vix.com. A DNS_DB_GLUEOK 0 DNS_R_DELEGATION
diff --git a/bin/tests/db/dns_db_find_4.data b/bin/tests/db/dns_db_find_4.data
new file mode 100644
index 0000000..4c3b5e9
--- /dev/null
+++ b/bin/tests/db/dns_db_find_4.data
@@ -0,0 +1,9 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a.b.c in ns b
+b.a.b.c in a 10.0.0.2
diff --git a/bin/tests/db/dns_db_find_4_data b/bin/tests/db/dns_db_find_4_data
new file mode 100644
index 0000000..b0326a6
--- /dev/null
+++ b/bin/tests/db/dns_db_find_4_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_find DNS_R_DELEGATION
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_4.data rbt vix.com. in zone a.b.c.vix.com. ANY 0 0 DNS_R_DELEGATION
diff --git a/bin/tests/db/dns_db_find_5.data b/bin/tests/db/dns_db_find_5.data
new file mode 100644
index 0000000..e33f631
--- /dev/null
+++ b/bin/tests/db/dns_db_find_5.data
@@ -0,0 +1,10 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a.b.c in DNAME x.y.z
+a.x.y.z in A 1.2.3.4
+
diff --git a/bin/tests/db/dns_db_find_5_data b/bin/tests/db/dns_db_find_5_data
new file mode 100644
index 0000000..dab47c8
--- /dev/null
+++ b/bin/tests/db/dns_db_find_5_data
@@ -0,0 +1,8 @@
+#
+# test data for dns_db_find DNS_R_DNAME
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_5.data rbt vix.com. in zone x.a.b.c.vix.com. ANY 0 0 DNS_R_DNAME
+dns_db_find_5.data rbt vix.com. in zone a.a.b.c.vix.com. ANY 0 0 DNS_R_DNAME
diff --git a/bin/tests/db/dns_db_find_6.data b/bin/tests/db/dns_db_find_6.data
new file mode 100644
index 0000000..108f043
--- /dev/null
+++ b/bin/tests/db/dns_db_find_6.data
@@ -0,0 +1,10 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+exploder in CNAME mx
+mx in A 1.2.3.4
+
diff --git a/bin/tests/db/dns_db_find_6_data b/bin/tests/db/dns_db_find_6_data
new file mode 100644
index 0000000..47de0e6
--- /dev/null
+++ b/bin/tests/db/dns_db_find_6_data
@@ -0,0 +1,8 @@
+#
+# test data for dns_db_find DNS_R_CNAME
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_6.data rbt vix.com. in zone exploder.vix.com. A 0 0 DNS_R_CNAME
+dns_db_find_6.data rbt vix.com. in zone exploder.vix.com. ANY 0 0 ISC_R_SUCCESS
diff --git a/bin/tests/db/dns_db_find_7.data b/bin/tests/db/dns_db_find_7.data
new file mode 100644
index 0000000..f0ec22b
--- /dev/null
+++ b/bin/tests/db/dns_db_find_7.data
@@ -0,0 +1,12 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+a.b.c.d in A 1.2.3.4
+a.b in A 1.2.3.4
+a in NS ns1.vix.com.
+
diff --git a/bin/tests/db/dns_db_find_7_data b/bin/tests/db/dns_db_find_7_data
new file mode 100644
index 0000000..6592758
--- /dev/null
+++ b/bin/tests/db/dns_db_find_7_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_find DNS_R_NXDOMAIN
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_7.data rbt vix.com. in zone a.b.c.vix.com. ANY 0 0 DNS_R_NXDOMAIN
diff --git a/bin/tests/db/dns_db_find_8.data b/bin/tests/db/dns_db_find_8.data
new file mode 100644
index 0000000..66e61ff
--- /dev/null
+++ b/bin/tests/db/dns_db_find_8.data
@@ -0,0 +1,13 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+a.b.c.d in A 1.2.3.4
+a.b.c in A 1.2.3.4
+a.b in A 1.2.3.4
+a in NS ns1.vix.com.
+
diff --git a/bin/tests/db/dns_db_find_8_data b/bin/tests/db/dns_db_find_8_data
new file mode 100644
index 0000000..4ad0c83
--- /dev/null
+++ b/bin/tests/db/dns_db_find_8_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_find DNS_R_NXRRSET
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_8.data rbt vix.com. in zone a.b.c.vix.com. NS 0 0 DNS_R_NXRRSET
diff --git a/bin/tests/db/dns_db_find_9.data b/bin/tests/db/dns_db_find_9.data
new file mode 100644
index 0000000..54a6d5f
--- /dev/null
+++ b/bin/tests/db/dns_db_find_9.data
@@ -0,0 +1,13 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+a.b.c.d in NS ns1.vix.com.
+a.b.c in A 1.2.3.4
+a.b in NS ns1.vix.com.
+a in NS ns1.vix.com.
+
diff --git a/bin/tests/db/dns_db_find_9_data b/bin/tests/db/dns_db_find_9_data
new file mode 100644
index 0000000..d80795c
--- /dev/null
+++ b/bin/tests/db/dns_db_find_9_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_find ISC_R_NOTFOUND
+#
+# format:
+# dbfile dbtype dborigin dbclass dbcache findname findtype findopts findtime expected_results
+#
+dns_db_find_9.data rbt vix.com. in cache a.b.c.vix.com. NS 0 0 ISC_R_NOTFOUND
diff --git a/bin/tests/db/dns_db_findnode_1.data b/bin/tests/db/dns_db_findnode_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_findnode_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_findnode_1_data b/bin/tests/db/dns_db_findnode_1_data
new file mode 100644
index 0000000..a73c425
--- /dev/null
+++ b/bin/tests/db/dns_db_findnode_1_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_db_findnode, case ISC_R_SUCCESS
+#
+# format:
+# filename type origin class cache existingname rdatatype
+#
+dns_db_findnode_1.data rbt vix.com. in zone a.vix.com. NS ISC_R_SUCCESS
+dns_db_findnode_1.data rbt vix.com. in zone b.vix.com. A ISC_R_SUCCESS
+dns_db_findnode_1.data rbt vix.com. in zone c.vix.com. A ISC_R_NOTFOUND
diff --git a/bin/tests/db/dns_db_findnode_2.data b/bin/tests/db/dns_db_findnode_2.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_findnode_2.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_findnode_2_data b/bin/tests/db/dns_db_findnode_2_data
new file mode 100644
index 0000000..db69d20
--- /dev/null
+++ b/bin/tests/db/dns_db_findnode_2_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_findnode 2
+#
+# format:
+# filename type origin class cache newname
+#
+dns_db_findnode_2.data rbt vix.com. in zone a.b.c.vix.com.
diff --git a/bin/tests/db/dns_db_iscache_1.data b/bin/tests/db/dns_db_iscache_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_iscache_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_iscache_1_data b/bin/tests/db/dns_db_iscache_1_data
new file mode 100644
index 0000000..af591f9
--- /dev/null
+++ b/bin/tests/db/dns_db_iscache_1_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_iscache test 1
+#
+# format:
+# filename db_type origin class
+#
+dns_db_iscache_1.data rbt . in
diff --git a/bin/tests/db/dns_db_iscache_2.data b/bin/tests/db/dns_db_iscache_2.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_iscache_2.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_iscache_2_data b/bin/tests/db/dns_db_iscache_2_data
new file mode 100644
index 0000000..e859ef7
--- /dev/null
+++ b/bin/tests/db/dns_db_iscache_2_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_iscache test 1
+#
+# format:
+# filename db_type origin class
+#
+dns_db_iscache_2.data rbt . in
diff --git a/bin/tests/db/dns_db_iszone_1.data b/bin/tests/db/dns_db_iszone_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_iszone_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_iszone_1_data b/bin/tests/db/dns_db_iszone_1_data
new file mode 100644
index 0000000..02862d7
--- /dev/null
+++ b/bin/tests/db/dns_db_iszone_1_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_iszone test 1
+#
+# format:
+# filename db_type origin class
+#
+dns_db_iszone_1.data rbt . in
diff --git a/bin/tests/db/dns_db_iszone_2.data b/bin/tests/db/dns_db_iszone_2.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_iszone_2.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_iszone_2_data b/bin/tests/db/dns_db_iszone_2_data
new file mode 100644
index 0000000..02d3dc2
--- /dev/null
+++ b/bin/tests/db/dns_db_iszone_2_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_iszone test 2
+#
+# format:
+# filename db_type origin class
+#
+dns_db_iszone_2.data rbt . in
diff --git a/bin/tests/db/dns_db_load_1.data b/bin/tests/db/dns_db_load_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_load_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_load_25.data b/bin/tests/db/dns_db_load_25.data
new file mode 100644
index 0000000..6e21bda
--- /dev/null
+++ b/bin/tests/db/dns_db_load_25.data
@@ -0,0 +1,6 @@
+$TTL 5
+@ IN SOA ns1 hostmaster 1 3600 1200 3600000 3600
+@ IN NS ns1
+ns1 IN A 10.0.0.1
+sub IN SOA ns2 hostmaster 1 3600 1200 3600000 3600
+ns2 IN A 10.0.0.2
diff --git a/bin/tests/db/dns_db_load_data b/bin/tests/db/dns_db_load_data
new file mode 100644
index 0000000..0684c62
--- /dev/null
+++ b/bin/tests/db/dns_db_load_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_load
+#
+# format:
+# filename type origin cache class findname expected_result
+#
+dns_db_load_1.data rbt . zone in ISC_R_SUCCESS a. A DNS_R_DELEGATION
diff --git a/bin/tests/db/dns_db_load_soa_not_top b/bin/tests/db/dns_db_load_soa_not_top
new file mode 100644
index 0000000..fbb8dcc
--- /dev/null
+++ b/bin/tests/db/dns_db_load_soa_not_top
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_load_soa_not_top
+#
+# format:
+# filename type origin cache class findname expected_result
+#
+dns_db_load_25.data rbt . zone in DNS_R_NOTZONETOP a. A DNS_R_DELEGATION
diff --git a/bin/tests/db/dns_db_newversion.data b/bin/tests/db/dns_db_newversion.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_newversion.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_newversion_data b/bin/tests/db/dns_db_newversion_data
new file mode 100644
index 0000000..be0c042
--- /dev/null
+++ b/bin/tests/db/dns_db_newversion_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_db_newversion
+#
+# format:
+# filename type origin class cache newname newtype
+#
+dns_db_newversion.data rbt vix.com. in zone a.b.c.vix.com. A
diff --git a/bin/tests/db/dns_db_origin_1.data b/bin/tests/db/dns_db_origin_1.data
new file mode 100644
index 0000000..ab61c95
--- /dev/null
+++ b/bin/tests/db/dns_db_origin_1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/db/dns_db_origin_data b/bin/tests/db/dns_db_origin_data
new file mode 100644
index 0000000..9c3b458
--- /dev/null
+++ b/bin/tests/db/dns_db_origin_data
@@ -0,0 +1,8 @@
+#
+# test data for dns_db_origin
+#
+# format:
+# filename origin
+#
+dns_db_origin_1.data .
+dns_db_origin_1.data vix.com.
diff --git a/bin/tests/db/t_db.c b/bin/tests/db/t_db.c
new file mode 100644
index 0000000..727c49e
--- /dev/null
+++ b/bin/tests/db/t_db.c
@@ -0,0 +1,3146 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_db.c,v 1.36 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <stdlib.h>
+
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/fixedname.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+
+#include <tests/t_api.h>
+
+static isc_result_t
+t_create(const char *db_type, const char *origin, const char *class,
+ const char *model, isc_mem_t *mctx, dns_db_t **db)
+{
+ int len;
+ isc_result_t dns_result;
+ dns_dbtype_t dbtype;
+ isc_textregion_t region;
+ isc_buffer_t origin_buffer;
+ dns_fixedname_t dns_origin;
+ dns_rdataclass_t rdataclass;
+
+
+ dbtype = dns_dbtype_zone;
+ if (strcasecmp(model, "cache") == 0)
+ dbtype = dns_dbtype_cache;
+
+ dns_fixedname_init(&dns_origin);
+ len = strlen(origin);
+ isc_buffer_init(&origin_buffer, origin, len);
+ isc_buffer_add(&origin_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_origin),
+ &origin_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(dns_result);
+ }
+
+ DE_CONST(class, region.base);
+ region.length = strlen(class);
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &region);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(dns_result);
+ }
+
+ dns_result = dns_db_create(mctx, db_type,
+ dns_fixedname_name(&dns_origin),
+ dbtype, rdataclass, 0, NULL, db);
+ if (dns_result != ISC_R_SUCCESS)
+ t_info("dns_db_create failed %s\n",
+ dns_result_totext(dns_result));
+
+ return(dns_result);
+
+}
+
+static int
+t_dns_db_load(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *model;
+ char *class;
+ char *expected_load_result;
+ char *findname;
+ char *find_type;
+ char *expected_find_result;
+
+ int result;
+ int len;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_textregion_t textregion;
+ isc_buffer_t findname_buffer;
+ dns_fixedname_t dns_findname;
+ dns_fixedname_t dns_foundname;
+ dns_rdataset_t rdataset;
+ dns_rdatatype_t rdatatype;
+ dns_dbversion_t *versionp;
+ isc_result_t exp_load_result;
+ isc_result_t exp_find_result;
+
+ result = T_UNRESOLVED;
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ model = T_ARG(3);
+ class = T_ARG(4);
+ expected_load_result = T_ARG(5);
+ findname = T_ARG(6);
+ find_type = T_ARG(7);
+ expected_find_result = T_ARG(8);
+
+ t_info("testing using file %s and name %s\n", filename, findname);
+
+ exp_load_result = t_dns_result_fromtext(expected_load_result);
+ exp_find_result = t_dns_result_fromtext(expected_find_result);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != exp_load_result) {
+ t_info("dns_db_load returned %s, expected %s\n",
+ dns_result_totext(dns_result),
+ dns_result_totext(exp_load_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+ if (dns_result != ISC_R_SUCCESS) {
+ result = T_PASS;
+ goto cleanup_db;
+ }
+
+ dns_fixedname_init(&dns_findname);
+ len = strlen(findname);
+ isc_buffer_init(&findname_buffer, findname, len);
+ isc_buffer_add(&findname_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_findname),
+ &findname_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = find_type;
+ textregion.length = strlen(find_type);
+ dns_result = dns_rdatatype_fromtext(&rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ find_type,
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ versionp = NULL;
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&rdataset);
+ if (dns_db_iszone(db))
+ dns_db_currentversion(db, &versionp);
+ nodep = NULL;
+
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_findname),
+ versionp,
+ rdatatype,
+ DNS_DBFIND_GLUEOK,
+ 0,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+
+ if (dns_result != exp_find_result) {
+ t_info("dns_db_find returned %s, expected %s\n",
+ dns_result_totext(dns_result),
+ dns_result_totext(exp_find_result));
+ result = T_FAIL;
+ } else {
+ result = T_PASS;
+ }
+
+ if (dns_result != ISC_R_NOTFOUND) {
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ }
+
+ if (dns_db_iszone(db))
+ dns_db_closeversion(db, &versionp, ISC_FALSE);
+ cleanup_db:
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+}
+
+static const char *a1 =
+ "A call to dns_db_load(db, filename) loads the contents of "
+ "the database in filename into db.";
+
+static void
+t1(void) {
+ int result;
+
+ t_assert("dns_db_load", 1, T_REQUIRED, a1);
+ result = t_eval("dns_db_load_data", t_dns_db_load, 9);
+ t_result(result);
+}
+
+
+static const char *a2 =
+ "When the database db has cache semantics, a call to "
+ "dns_db_iscache(db) returns ISC_TRUE.";
+
+static int
+t_dns_db_zc_x(char *filename, char *db_type, char *origin, char *class,
+ dns_dbtype_t dbtype, isc_boolean_t(*cf)(dns_db_t *),
+ isc_boolean_t exp_result)
+{
+ int result;
+ int len;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_rdataclass_t rdataclass;
+ isc_textregion_t textregion;
+ isc_buffer_t origin_buffer;
+ dns_fixedname_t dns_origin;
+
+ result = T_UNRESOLVED;
+
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ t_info("testing using file %s\n", filename);
+
+ dns_fixedname_init(&dns_origin);
+ len = strlen(origin);
+ isc_buffer_init(&origin_buffer, origin, len);
+ isc_buffer_add(&origin_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_origin),
+ &origin_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = class;
+ textregion.length = strlen(class);
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_create(mctx, db_type,
+ dns_fixedname_name(&dns_origin),
+ dbtype, rdataclass, 0, NULL, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_create failed %s\n",
+ dns_result_totext(dns_result));
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result == ISC_R_SUCCESS) {
+ if ((*cf)(db) == exp_result)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ } else {
+ t_info("dns_db_load failed %s\n",
+ dns_result_totext(dns_result));
+ result = T_FAIL;
+ }
+
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+}
+
+static int
+test_dns_db_zc_x(const char *filename, dns_dbtype_t dbtype,
+ isc_boolean_t(*cf)(dns_db_t *), isc_boolean_t exp_result)
+{
+
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+ char *tokens[T_MAXTOKS];
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = t_bustline(p, tokens);
+ if (cnt == 4) {
+ result = t_dns_db_zc_x(tokens[0], /* file */
+ tokens[1], /* type */
+ tokens[2], /* origin */
+ tokens[3], /* class */
+ dbtype, /* cache */
+ cf, /* check func */
+ exp_result);/* expect */
+ if (result != T_PASS) {
+ if (result == T_FAIL)
+ ++nfails;
+ else
+ ++nprobs;
+ }
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if (nfails == 0 && nprobs == 0)
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static void
+t2(void) {
+ int result;
+
+ t_assert("dns_db_iscache", 2, T_REQUIRED, a2);
+ result = test_dns_db_zc_x("dns_db_iscache_1_data",
+ dns_dbtype_cache, dns_db_iscache, ISC_TRUE);
+ t_result(result);
+}
+
+
+static const char *a3 =
+ "When the database db has zone semantics, a call to "
+ "dns_db_iscache(db) returns ISC_FALSE.";
+
+
+static void
+t3(void) {
+ int result;
+
+ t_assert("dns_db_iscache", 3, T_REQUIRED, a3);
+ result = test_dns_db_zc_x("dns_db_iscache_2_data",
+ dns_dbtype_zone, dns_db_iscache, ISC_FALSE);
+ t_result(result);
+}
+
+
+static const char *a4 =
+ "When the database db has zone semantics, a call to "
+ "dns_db_iszone(db) returns ISC_TRUE.";
+
+
+static void
+t4(void) {
+ int result;
+
+ t_assert("dns_db_iszone", 4, T_REQUIRED, a4);
+ result = test_dns_db_zc_x("dns_db_iszone_1_data",
+ dns_dbtype_zone, dns_db_iszone, ISC_TRUE);
+ t_result(result);
+}
+
+
+static const char *a5 =
+ "When the database db has cache semantics, a call to "
+ "dns_db_iszone(db) returns ISC_FALSE.";
+
+static void
+t5(void) {
+ int result;
+
+ t_assert("dns_db_iszone", 5, T_REQUIRED, a5);
+ result = test_dns_db_zc_x("dns_db_iszone_2_data",
+ dns_dbtype_cache, dns_db_iszone, ISC_FALSE);
+ t_result(result);
+}
+
+static int
+t_dns_db_origin(char **av) {
+
+ char *filename;
+ char *origin;
+
+ int result;
+ int len;
+ int order;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_db_t *db;
+ dns_fixedname_t dns_origin;
+ dns_fixedname_t dns_dborigin;
+ isc_buffer_t origin_buffer;
+
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ filename = T_ARG(0);
+ origin = T_ARG(1);
+
+ t_info("testing with database %s and origin %s\n",
+ filename, origin);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create("rbt", origin, "in", "isc_true", mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("t_create failed %s\n",
+ dns_result_totext(dns_result));
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+ dns_fixedname_init(&dns_origin);
+ dns_fixedname_init(&dns_dborigin);
+
+ len = strlen(origin);
+ isc_buffer_init(&origin_buffer, origin, len);
+ isc_buffer_add(&origin_buffer, len);
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_origin),
+ &origin_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+ order = dns_name_compare(dns_fixedname_name(&dns_origin),
+ dns_db_origin(db));
+ if (order == 0) {
+ result = T_PASS;
+ } else {
+ t_info("dns_name_compare returned %d\n", order);
+ result = T_FAIL;
+ }
+
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+
+}
+
+static const char *a6 =
+ "A call to dns_db_origin(db) returns the origin of the database.";
+
+static void
+t6(void) {
+ int result;
+
+ t_assert("dns_db_origin", 6, T_REQUIRED, a6);
+ result = t_eval("dns_db_origin_data", t_dns_db_origin, 2);
+ t_result(result);
+}
+
+
+static const char *a7 =
+ "A call to dns_db_class(db) returns the class of the database.";
+
+
+#define CLASSBUFLEN 256
+
+static int
+t_dns_db_class(char **av) {
+
+ char *filename;
+ char *class;
+
+ int result;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_db_t *db;
+ dns_rdataclass_t rdataclass;
+ dns_rdataclass_t db_rdataclass;
+ isc_textregion_t textregion;
+
+ filename = T_ARG(0);
+ class = T_ARG(1);
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ t_info("testing with database %s and class %s\n",
+ filename, class);
+
+ textregion.base = class;
+ textregion.length = strlen(class);
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create("rbt", ".", class, "isc_true", mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("t_create failed %s\n",
+ dns_result_totext(dns_result));
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ db_rdataclass = dns_db_class(db);
+ if (db_rdataclass == rdataclass)
+ result = T_PASS;
+ else {
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
+ dns_rdataclass_format(db_rdataclass,
+ classbuf, sizeof(classbuf));
+ t_info("dns_db_class returned %s, expected %s\n",
+ classbuf, class);
+ result = T_FAIL;
+ }
+
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+
+}
+static void
+t7(void) {
+ int result;
+
+ t_assert("dns_db_class", 7, T_REQUIRED, a7);
+ result = t_eval("dns_db_class_data", t_dns_db_class, 2);
+ t_result(result);
+}
+
+
+static const char *a8 =
+ "A call to dns_db_currentversion() opens the current "
+ "version for reading.";
+
+static int
+t_dns_db_currentversion(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *model;
+ char *findname;
+ char *findtype;
+
+ int result;
+ int len;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_textregion_t textregion;
+ isc_buffer_t findname_buffer;
+ dns_fixedname_t dns_findname;
+ dns_fixedname_t dns_foundname;
+ dns_rdataset_t rdataset;
+ dns_rdatatype_t rdatatype;
+ dns_dbversion_t *cversionp;
+ dns_dbversion_t *nversionp;
+
+ result = T_UNRESOLVED;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ model = T_ARG(4);
+ findname = T_ARG(5);
+ findtype = T_ARG(6);
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ t_info("testing using file %s and name %s\n", filename, findname);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_fixedname_init(&dns_findname);
+ len = strlen(findname);
+ isc_buffer_init(&findname_buffer, findname, len);
+ isc_buffer_add(&findname_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_findname),
+ &findname_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = findtype;
+ textregion.length = strlen(findtype);
+ dns_result = dns_rdatatype_fromtext(&rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ findtype,
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * find a name we know is there
+ */
+
+ cversionp = NULL;
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&rdataset);
+ dns_db_currentversion(db, &cversionp);
+ nodep = NULL;
+
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_findname),
+ cversionp,
+ rdatatype,
+ 0,
+ 0,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("unable to find %s using current version\n", findname);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * create a new version
+ * delete the found rdataset in the new version
+ * attempt to find the rdataset again and expect the find to fail
+ * close/commit the new version
+ * attempt to find the rdataset in the current version and
+ * expect the find to succeed
+ */
+
+ nversionp = NULL;
+ dns_result = dns_db_newversion(db, &nversionp);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_newversion failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Delete the found rdataset in the new version.
+ */
+ dns_result = dns_db_deleterdataset(db, nodep, nversionp, rdatatype, 0);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_deleterdataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &nodep);
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Don't need these now.
+ */
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+
+ /*
+ * Find the deleted rdataset and expect it to fail.
+ */
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_findname),
+ nversionp,
+ rdatatype,
+ 0,
+ 0,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+
+ if ((dns_result != ISC_R_NOTFOUND) && (dns_result != DNS_R_NXDOMAIN)) {
+ t_info("unexpectedly found %s using current version\n",
+ findname);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * Close/commit the new version.
+ */
+ dns_db_closeversion(db, &nversionp, ISC_TRUE);
+
+ /*
+ * Find the deleted rdata in the current version.
+ */
+ dns_result = dns_db_find(db, dns_fixedname_name(&dns_findname),
+ cversionp, rdatatype, DNS_DBFIND_GLUEOK,
+ 0, &nodep, dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+
+ /*
+ * And expect it to succeed.
+ */
+ if (dns_result == ISC_R_SUCCESS) {
+ result = T_PASS;
+ } else {
+ t_info("cound not find %s using current version\n", findname);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ result = T_FAIL;
+ }
+
+ dns_db_detachnode(db, &nodep);
+ dns_rdataset_disassociate(&rdataset);
+
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static void
+t8(void) {
+ int result;
+
+ t_assert("dns_db_currentversion", 8, T_REQUIRED, a8);
+ result = t_eval("dns_db_currentversion_data",
+ t_dns_db_currentversion, 7);
+ t_result(result);
+}
+
+static const char *a9 =
+ "A call to dns_db_newversion() opens a new version for "
+ "reading and writing.";
+
+static int
+t_dns_db_newversion(char **av) {
+
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *model;
+ char *newname;
+ char *newtype;
+
+ int result;
+ int len;
+ int rval;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ dns_dbnode_t *found_nodep;
+ isc_textregion_t textregion;
+ isc_buffer_t newname_buffer;
+ dns_fixedname_t dns_newname;
+ dns_fixedname_t dns_foundname;
+ dns_rdata_t added_rdata = DNS_RDATA_INIT;
+ const char * added_rdata_data;
+ dns_rdataset_t added_rdataset;
+ dns_rdata_t found_rdata = DNS_RDATA_INIT;
+ dns_rdataset_t found_rdataset;
+ dns_rdatatype_t rdatatype;
+ dns_rdataclass_t rdataclass;
+ dns_dbversion_t *nversionp;
+ dns_rdatalist_t rdatalist;
+
+ result = T_UNRESOLVED;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ model = T_ARG(4);
+ newname = T_ARG(5);
+ newtype = T_ARG(6);
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ /*
+ * Open a new version, add some data, commit it,
+ * close it, open a new version, and check that changes
+ * are present.
+ */
+
+ t_info("testing using file %s and name %s\n", filename, newname);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Add a new name.
+ */
+
+ dns_fixedname_init(&dns_newname);
+ len = strlen(newname);
+ isc_buffer_init(&newname_buffer, newname, len);
+ isc_buffer_add(&newname_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_newname),
+ &newname_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nodep = NULL;
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_newname),
+ ISC_TRUE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Open a new version and associate some rdata with the new name.
+ */
+
+ textregion.base = newtype;
+ textregion.length = strlen(newtype);
+ dns_result = dns_rdatatype_fromtext(&rdatatype, &textregion);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ newtype,
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = class;
+ textregion.length = strlen(class);
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rdata_init(&added_rdata);
+ added_rdata_data = "\x10\x00\x00\x01";
+ DE_CONST(added_rdata_data, added_rdata.data);
+ added_rdata.length = 4;
+ added_rdata.rdclass = rdataclass;
+ added_rdata.type = rdatatype;
+
+ dns_rdataset_init(&added_rdataset);
+ rdatalist.type = rdatatype;
+ rdatalist.covers = 0;
+ rdatalist.rdclass = rdataclass;
+ rdatalist.ttl = 0;
+ ISC_LIST_INIT(rdatalist.rdata);
+ ISC_LIST_APPEND(rdatalist.rdata, &added_rdata, link);
+
+ dns_result = dns_rdatalist_tordataset(&rdatalist, &added_rdataset);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatalist_tordataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nversionp = NULL;
+ dns_result = dns_db_newversion(db, &nversionp);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_newversion failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_addrdataset(db, nodep, nversionp, 0,
+ &added_rdataset, 0, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_addrdataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Close and commit the version.
+ */
+ dns_db_closeversion(db, &nversionp, ISC_TRUE);
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&added_rdataset))
+ dns_rdataset_disassociate(&added_rdataset);
+ nodep = NULL;
+
+ /*
+ * Open a new version and find the data we added.
+ */
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&found_rdataset);
+ nversionp = NULL;
+ found_nodep = NULL;
+ dns_db_newversion(db, &nversionp);
+
+ /*
+ * Find the recently added name and rdata.
+ */
+ dns_result = dns_db_find(db, dns_fixedname_name(&dns_newname),
+ nversionp, rdatatype, 0, 0, &found_nodep,
+ dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ /* XXXWPK - NXRRSET ??? reference counts ??? */
+ t_info("dns_db_find failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &found_nodep);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ dns_result = dns_rdataset_first(&found_rdataset);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataset_first failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * Now make sure its what we expect.
+ */
+ dns_rdata_init(&found_rdata);
+ dns_rdataset_current(&found_rdataset, &found_rdata);
+ rval = dns_rdata_compare(&added_rdata, &found_rdata);
+ if (rval == 0) {
+ result = T_PASS;
+ } else {
+ t_info("dns_rdata_compare returned %d\n", rval);
+ result = T_FAIL;
+ }
+
+ /*
+ * Don't need these now.
+ */
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detachnode(db, &found_nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static void
+t9(void) {
+ int result;
+
+ t_assert("dns_db_newversion", 9, T_REQUIRED, a9);
+ result = t_eval("dns_db_newversion_data", t_dns_db_newversion, 7);
+ t_result(result);
+}
+
+static const char *a10 =
+ "When versionp points to a read-write version and commit is "
+ "ISC_TRUE, a call to dns_db_closeversion(db, versionp, commit) "
+ "causes all changes made in the version to take effect, "
+ "and returns ISC_R_SUCCESS.";
+
+static int
+t_dns_db_closeversion_1(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *model;
+ char *new_name;
+ char *new_type;
+ char *existing_name;
+ char *existing_type;
+
+ int result;
+ int len;
+ int rval;
+ int nfails;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_textregion_t textregion;
+ isc_buffer_t name_buffer;
+ dns_fixedname_t dns_newname;
+ dns_fixedname_t dns_foundname;
+ dns_fixedname_t dns_existingname;
+ dns_rdata_t added_rdata = DNS_RDATA_INIT;
+ const char * added_rdata_data;
+ dns_rdataset_t added_rdataset;
+ dns_rdata_t found_rdata = DNS_RDATA_INIT;
+ dns_rdataset_t found_rdataset;
+ dns_rdatatype_t new_rdatatype;
+ dns_rdatatype_t existing_rdatatype;
+ dns_rdataclass_t rdataclass;
+ dns_dbversion_t *nversionp;
+ dns_dbversion_t *cversionp;
+ dns_rdatalist_t rdatalist;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ model = T_ARG(4);
+ new_name = T_ARG(5);
+ new_type = T_ARG(6);
+ existing_name = T_ARG(7);
+ existing_type = T_ARG(8);
+
+ nfails = 0;
+ result = T_UNRESOLVED;
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ /*
+ * Open a new version, add some data,
+ * remove some data, close with commit, open the current
+ * version and check that changes are present.
+ */
+
+ t_info("testing using file %s and name %s\n", filename, new_name);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Remove all rdata for an existing name.
+ */
+
+ dns_fixedname_init(&dns_existingname);
+ len = strlen(existing_name);
+ isc_buffer_init(&name_buffer, existing_name, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_existingname),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = existing_type;
+ textregion.length = strlen(existing_type);
+ dns_result = dns_rdatatype_fromtext(&existing_rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ existing_type,
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nodep = NULL;
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_existingname),
+ ISC_FALSE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_findnode %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /* open a new version */
+ nversionp = NULL;
+ dns_result = dns_db_newversion(db, &nversionp);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_newversion failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_deleterdataset(db, nodep, nversionp,
+ existing_rdatatype, 0);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_deleterdataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * add a new name and associate some rdata with it
+ */
+
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+
+ dns_fixedname_init(&dns_newname);
+ len = strlen(new_name);
+ isc_buffer_init(&name_buffer, new_name, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_newname),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_newname),
+ ISC_TRUE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * associate some rdata with the new name
+ */
+
+ textregion.base = new_type;
+ textregion.length = strlen(new_type);
+ dns_result = dns_rdatatype_fromtext(&new_rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ new_type,
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = class;
+ textregion.length = strlen(class);
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rdata_init(&added_rdata);
+ added_rdata_data = "\x10\x00\x00\x01";
+ DE_CONST(added_rdata_data, added_rdata.data);
+ added_rdata.length = 4;
+ added_rdata.rdclass = rdataclass;
+ added_rdata.type = new_rdatatype;
+
+ dns_rdataset_init(&added_rdataset);
+ rdatalist.type = new_rdatatype;
+ rdatalist.covers = 0;
+ rdatalist.rdclass = rdataclass;
+ rdatalist.ttl = 0;
+ ISC_LIST_INIT(rdatalist.rdata);
+ ISC_LIST_APPEND(rdatalist.rdata, &added_rdata, link);
+
+ dns_result = dns_rdatalist_tordataset(&rdatalist, &added_rdataset);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatalist_tordataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_addrdataset(db, nodep, nversionp, 0,
+ &added_rdataset, 0, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_addrdataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /* close and commit the version */
+ dns_db_closeversion(db, &nversionp, ISC_TRUE);
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+
+ /* open the current version and check changes */
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&found_rdataset);
+ cversionp = NULL;
+ dns_db_currentversion(db, &cversionp);
+
+ /* find the recently added name and rdata */
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_newname),
+ cversionp,
+ new_rdatatype,
+ 0,
+ 0,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ /* XXXWPK NXRRSET ??? reference counting ??? */
+ t_info("dns_db_find failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ dns_result = dns_rdataset_first(&found_rdataset);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataset_first failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * Now make sure its what we expect.
+ */
+ dns_rdata_init(&found_rdata);
+ dns_rdataset_current(&found_rdataset, &found_rdata);
+ rval = dns_rdata_compare(&added_rdata, &found_rdata);
+ if (rval != 0) {
+ t_info("dns_rdata_compare returned %d\n", rval);
+ ++nfails;
+ }
+
+ /*
+ * Now check the rdata deletion.
+ */
+
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_rdataset_init(&found_rdataset);
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+ dns_fixedname_init(&dns_foundname);
+
+ dns_result = dns_db_find(db, dns_fixedname_name(&dns_existingname),
+ cversionp, existing_rdatatype,
+ 0, 0, &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+
+ if ((dns_result != ISC_R_NOTFOUND) && (dns_result != DNS_R_NXDOMAIN)) {
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detachnode(db, &nodep);
+ t_info("dns_db_find %s returned %s\n", existing_name,
+ dns_result_totext(dns_result));
+ ++nfails;
+ }
+
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ if (nfails == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+
+ return(result);
+}
+
+static void
+t10(void) {
+ int result;
+
+ t_assert("dns_db_closeversion", 10, T_REQUIRED, a10);
+ result = t_eval("dns_db_closeversion_1_data",
+ t_dns_db_closeversion_1, 9);
+ t_result(result);
+}
+
+static const char *a11 =
+ "When versionp points to a read-write version and commit is "
+ "ISC_FALSE, a call to dns_db_closeversion(db, versionp, commit) "
+ "causes all changes made in the version to to be rolled back, "
+ "and returns ISC_R_SUCCESS.";
+
+static int
+t_dns_db_closeversion_2(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *model;
+ char *new_name;
+ char *new_type;
+ char *existing_name;
+ char *existing_type;
+
+ int result;
+ int len;
+ int rval;
+ int nfails;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_textregion_t textregion;
+ isc_buffer_t name_buffer;
+ dns_fixedname_t dns_newname;
+ dns_fixedname_t dns_foundname;
+ dns_fixedname_t dns_existingname;
+ dns_rdata_t added_rdata = DNS_RDATA_INIT;
+ const char * added_rdata_data;
+ dns_rdataset_t added_rdataset;
+ dns_rdata_t found_rdata = DNS_RDATA_INIT;
+ dns_rdataset_t found_rdataset;
+ dns_rdatatype_t new_rdatatype;
+ dns_rdatatype_t existing_rdatatype;
+ dns_rdataclass_t rdataclass;
+ dns_dbversion_t *nversionp;
+ dns_dbversion_t *cversionp;
+ dns_rdatalist_t rdatalist;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ model = T_ARG(4);
+ new_name = T_ARG(5);
+ new_type = T_ARG(6);
+ existing_name = T_ARG(7);
+ existing_type = T_ARG(8);
+
+ nfails = 0;
+ result = T_UNRESOLVED;
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+
+ /*
+ * Open a new version, add some data,
+ * remove some data, close with commit, open the current
+ * version and check that changes are present.
+ */
+
+ t_info("testing using file %s and name %s\n", filename, new_name);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Remove all rdata for an existing name.
+ */
+
+ dns_fixedname_init(&dns_existingname);
+ len = strlen(existing_name);
+ isc_buffer_init(&name_buffer, existing_name, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_existingname),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = existing_type;
+ textregion.length = strlen(existing_type);
+ dns_result = dns_rdatatype_fromtext(&existing_rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ existing_type,
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nodep = NULL;
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_existingname),
+ ISC_FALSE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_findnode %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Open a new version.
+ */
+ nversionp = NULL;
+ dns_result = dns_db_newversion(db, &nversionp);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_newversion failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_deleterdataset(db, nodep, nversionp,
+ existing_rdatatype, 0);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_deleterdataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * add a new name and associate some rdata with it
+ */
+
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+
+ dns_fixedname_init(&dns_newname);
+ len = strlen(new_name);
+ isc_buffer_init(&name_buffer, new_name, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_newname),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_newname),
+ ISC_TRUE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = new_type;
+ textregion.length = strlen(new_type);
+ dns_result = dns_rdatatype_fromtext(&new_rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ new_type, dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = class;
+ textregion.length = strlen(class);
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rdata_init(&added_rdata);
+ added_rdata_data = "\x10\x00\x00\x01";
+ DE_CONST(added_rdata_data, added_rdata.data);
+ added_rdata.length = 4;
+ added_rdata.rdclass = rdataclass;
+ added_rdata.type = new_rdatatype;
+
+ dns_rdataset_init(&added_rdataset);
+ rdatalist.type = new_rdatatype;
+ rdatalist.covers = 0;
+ rdatalist.rdclass = rdataclass;
+ rdatalist.ttl = 0;
+ ISC_LIST_INIT(rdatalist.rdata);
+ ISC_LIST_APPEND(rdatalist.rdata, &added_rdata, link);
+
+ dns_result = dns_rdatalist_tordataset(&rdatalist, &added_rdataset);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatalist_tordataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_addrdataset(db, nodep, nversionp, 0,
+ &added_rdataset, 0, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_addrdataset failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Check that our changes took.
+ */
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&found_rdataset);
+
+ /*
+ * Find the recently added name and rdata.
+ */
+ dns_result = dns_db_find(db, dns_fixedname_name(&dns_newname),
+ nversionp, new_rdatatype, 0, 0, &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+ if ((dns_result == ISC_R_NOTFOUND) ||
+ (dns_result == DNS_R_NXDOMAIN) ||
+ (dns_result == DNS_R_NXRRSET)) {
+
+ t_info("dns_db_find failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ dns_result = dns_rdataset_first(&found_rdataset);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataset_first failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * Now make sure its what we expect.
+ */
+ dns_rdata_init(&found_rdata);
+ dns_rdataset_current(&found_rdataset, &found_rdata);
+ rval = dns_rdata_compare(&added_rdata, &found_rdata);
+ if (rval != 0) {
+ t_info("dns_rdata_compare returned %d\n", rval);
+ ++nfails;
+ }
+
+ /*
+ * Now check the rdata deletion.
+ */
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_rdataset_init(&found_rdataset);
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+ dns_fixedname_init(&dns_foundname);
+
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_existingname),
+ nversionp,
+ existing_rdatatype,
+ 0,
+ 0,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+
+ if ((dns_result != ISC_R_NOTFOUND) && (dns_result != DNS_R_NXDOMAIN)) {
+ t_info("dns_db_find %s returned %s\n", existing_name,
+ dns_result_totext(dns_result));
+ if (dns_rdataset_isassociated(&found_rdataset))
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detachnode(db, &nodep);
+ ++nfails;
+ }
+
+
+ /*
+ * Close the version without a commit.
+ */
+ dns_db_closeversion(db, &nversionp, ISC_FALSE);
+
+ /*
+ * Open the current version and check changes.
+ */
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&found_rdataset);
+ cversionp = NULL;
+ dns_db_currentversion(db, &cversionp);
+
+ /*
+ * Find the recently added name and rdata.
+ */
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_newname),
+ cversionp,
+ new_rdatatype,
+ 0,
+ 0,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+ if ((dns_result != ISC_R_NOTFOUND) && (dns_result != DNS_R_NXDOMAIN)) {
+ t_info("dns_db_find %s returned %s\n", new_name,
+ dns_result_totext(dns_result));
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detachnode(db, &nodep);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * Now check the rdata deletion.
+ */
+ nodep = NULL;
+ dns_rdataset_init(&found_rdataset);
+ dns_fixedname_init(&dns_foundname);
+
+ dns_result = dns_db_find(db, dns_fixedname_name(&dns_existingname),
+ cversionp, existing_rdatatype, 0, 0,
+ &nodep, dns_fixedname_name(&dns_foundname),
+ &found_rdataset, NULL);
+
+
+ if ((dns_result == ISC_R_NOTFOUND) ||
+ (dns_result == DNS_R_NXDOMAIN) ||
+ (dns_result == DNS_R_NXRRSET)) {
+
+ t_info("dns_db_find %s returned %s\n", existing_name,
+ dns_result_totext(dns_result));
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_detachnode(db, &nodep);
+ ++nfails;
+ }
+
+ dns_db_detachnode(db, &nodep);
+ dns_rdataset_disassociate(&found_rdataset);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ if (nfails == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+
+ return(result);
+}
+
+static void
+t11(void) {
+ int result;
+
+ t_assert("dns_db_closeversion", 11, T_REQUIRED, a11);
+ result = t_eval("dns_db_closeversion_2_data",
+ t_dns_db_closeversion_2, 9);
+ t_result(result);
+}
+
+static const char *a12 =
+ "A call to dns_db_expirenode() marks as stale all records at node "
+ "which expire at or before 'now'. If 'now' is zero, then the current "
+ "time will be used.";
+
+static int
+t_dns_db_expirenode(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *existing_name;
+ char *node_xtime;
+ char *find_xtime;
+ char *exp_find_result;
+
+ int result;
+ int len;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t exp_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_buffer_t name_buffer;
+ dns_fixedname_t dns_foundname;
+ dns_fixedname_t dns_existingname;
+ isc_stdtime_t node_expire_time;
+ isc_stdtime_t find_expire_time;
+ isc_stdtime_t now;
+ dns_rdataset_t rdataset;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ existing_name = T_ARG(4);
+ node_xtime = T_ARG(5);
+ find_xtime = T_ARG(6);
+ exp_find_result = T_ARG(7);
+ mctx = NULL;
+ ectx = NULL;
+
+ result = T_UNRESOLVED;
+
+ /*
+ * Find a node, mark it as stale, do a dns_db_find on the name and
+ * expect it to fail.
+ */
+
+ t_info("testing using file %s and name %s\n", filename, existing_name);
+
+ node_expire_time = (isc_stdtime_t) strtol(node_xtime, NULL, 10);
+ find_expire_time = (isc_stdtime_t) strtol(find_xtime, NULL, 10);
+ exp_result = t_dns_result_fromtext(exp_find_result);
+
+ isc_stdtime_get(&now);
+
+ dns_fixedname_init(&dns_existingname);
+ len = strlen(existing_name);
+ isc_buffer_init(&name_buffer, existing_name, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_existingname),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ db = NULL;
+ dns_result = t_create(db_type, origin, class, "cache", mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nodep = NULL;
+
+ /*
+ * Check that the node is there.
+ */
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_existingname),
+ ISC_FALSE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("unable to find %s\n", existing_name);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Expire it.
+ */
+ if (node_expire_time != 0)
+ node_expire_time += now;
+
+ dns_result = dns_db_expirenode(db, nodep, node_expire_time);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_expirenode failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&rdataset);
+ dns_db_detachnode(db, &nodep);
+ nodep = NULL;
+
+ if (find_expire_time != 0)
+ find_expire_time += now;
+
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_existingname),
+ NULL,
+ dns_rdatatype_any,
+ 0,
+ find_expire_time,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+
+ if (dns_result == exp_result) {
+ result = T_PASS;
+ } else {
+ t_info("dns_db_find %s returned %s\n", existing_name,
+ dns_result_totext(dns_result));
+ result = T_FAIL;
+ }
+
+ if ((dns_result != ISC_R_NOTFOUND) &&
+ (dns_result != DNS_R_NXDOMAIN) &&
+ (dns_result != DNS_R_NXRRSET)) {
+
+ /*
+ * Don't need to disassociate the rdataset because
+ * we're searching with dns_rdatatype_any.
+ */
+ dns_db_detachnode(db, &nodep);
+ }
+
+
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static void
+t12(void) {
+ int result;
+
+ t_assert("dns_db_expirenode", 12, T_REQUIRED, a12);
+ result = t_eval("dns_db_expirenode_data", t_dns_db_expirenode, 8);
+ t_result(result);
+}
+
+static const char *a13 =
+ "If the node name exists, then a call to "
+ "dns_db_findnode(db, name, ISC_FALSE, nodep) initializes nodep "
+ "to point to the node and returns ISC_R_SUCCESS, otherwise "
+ "it returns ISC_R_NOTFOUND.";
+
+static int
+t_dns_db_findnode_1(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *model;
+ char *find_name;
+ char *find_type;
+ char *expected_result;
+
+ int result;
+ int len;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_buffer_t name_buffer;
+ dns_rdataset_t rdataset;
+ dns_rdatatype_t rdatatype;
+ isc_textregion_t textregion;
+ dns_fixedname_t dns_name;
+ dns_dbversion_t *cversionp;
+ isc_result_t exp_result;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ model = T_ARG(4);
+ find_name = T_ARG(5);
+ find_type = T_ARG(6);
+ expected_result = T_ARG(7);
+
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+ result = T_UNRESOLVED;
+
+ t_info("testing using file %s and name %s\n", filename, find_name);
+
+ exp_result = t_dns_result_fromtext(expected_result);
+
+ textregion.base = find_type;
+ textregion.length = strlen(find_type);
+ dns_result = dns_rdatatype_fromtext(&rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ find_type,
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nodep = NULL;
+ dns_fixedname_init(&dns_name);
+
+ len = strlen(find_name);
+ isc_buffer_init(&name_buffer, find_name, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_name),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_name),
+ ISC_FALSE, &nodep);
+ if (dns_result != exp_result) {
+ t_info("dns_db_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ if (dns_result == ISC_R_SUCCESS)
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * if we're expecting the find to succeed and it did,
+ * check that the node has been initialized
+ * by checking for the specified type of rdata
+ * and expecting the search to succeed
+ */
+
+ if (dns_result == ISC_R_SUCCESS) {
+ cversionp = NULL;
+ dns_db_currentversion(db, &cversionp);
+ dns_rdataset_init(&rdataset);
+
+ dns_result = dns_db_findrdataset(db, nodep, cversionp,
+ rdatatype, 0,
+ 0, &rdataset, NULL);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_rdataset_disassociate(&rdataset);
+ result = T_PASS;
+ } else {
+ t_info("dns_db_findrdataset failed %s\n",
+ dns_result_totext(dns_result));
+ result = T_FAIL;
+ }
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detachnode(db, &nodep);
+ } else {
+ result = T_PASS;
+ }
+
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static void
+t13(void) {
+ int result;
+
+ t_assert("dns_db_findnode", 13, T_REQUIRED, a13);
+ result = t_eval("dns_db_findnode_1_data", t_dns_db_findnode_1, 8);
+ t_result(result);
+}
+
+static const char *a14 =
+ "If the node name does not exist and create is ISC_TRUE, "
+ "then a call to dns_db_findnode(db, name, create, nodep) "
+ "creates the node, initializes nodep to point to the node, "
+ "and returns ISC_R_SUCCESS.";
+
+static int
+t_dns_db_findnode_2(char **av) {
+ char *filename;
+ char *db_type;
+ char *origin;
+ char *class;
+ char *model;
+ char *newname;
+
+ int nfails;
+ int result;
+ int len;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ dns_dbnode_t *newnodep;
+ isc_buffer_t name_buffer;
+ dns_rdataset_t rdataset;
+ dns_fixedname_t dns_name;
+ dns_fixedname_t dns_foundname;
+ dns_dbversion_t *cversionp;
+
+ filename = T_ARG(0);
+ db_type = T_ARG(1);
+ origin = T_ARG(2);
+ class = T_ARG(3);
+ model = T_ARG(4);
+ newname = T_ARG(5);
+
+ result = T_UNRESOLVED;
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+ nfails = 0;
+
+ t_info("testing using file %s and name %s\n", filename, newname);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(db_type, origin, class, model, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, filename);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ nodep = NULL;
+ dns_fixedname_init(&dns_name);
+
+ /*
+ * Make sure the name isn't there
+ */
+ len = strlen(newname);
+ isc_buffer_init(&name_buffer, newname, len);
+ isc_buffer_add(&name_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_name),
+ &name_buffer, NULL, ISC_FALSE, NULL);
+
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_name),
+ ISC_FALSE, &nodep);
+ if ((dns_result != ISC_R_NOTFOUND) &&
+ (dns_result != DNS_R_NXDOMAIN) &&
+ (dns_result != DNS_R_NXRRSET)) {
+ t_info("dns_db_findnode %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detachnode(db, &nodep);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Add it.
+ */
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_name),
+ ISC_TRUE, &nodep);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_findnode %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ /*
+ * Check it.
+ */
+ newnodep = NULL;
+ dns_rdataset_init(&rdataset);
+ dns_fixedname_init(&dns_foundname);
+ cversionp = NULL;
+ dns_db_currentversion(db, &cversionp);
+
+ /*
+ * First try dns_db_find DNS_R_NXDOMAIN.
+ */
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_name),
+ cversionp,
+ dns_rdatatype_any,
+ 0,
+ 0,
+ &newnodep,
+ dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+ if ((dns_result != ISC_R_NOTFOUND) && (dns_result != DNS_R_NXDOMAIN)) {
+ dns_db_detachnode(db, &newnodep);
+ }
+
+ if (dns_result != DNS_R_NXDOMAIN) {
+ t_info("dns_db_find %s\n",
+ dns_result_totext(dns_result));
+ ++nfails;
+ }
+
+ /*
+ * Then try dns_db_findnode ISC_R_SUCCESS.
+ */
+ dns_result = dns_db_findnode(db, dns_fixedname_name(&dns_name),
+ ISC_FALSE, &newnodep);
+ t_info("dns_db_findnode %s\n", dns_result_totext(dns_result));
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_db_detachnode(db, &newnodep);
+ } else {
+ t_info("dns_db_findnode %s failed %s\n", newname,
+ dns_result_totext(dns_result));
+ ++nfails;
+ }
+
+
+ dns_db_detachnode(db, &nodep);
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ if (nfails == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+
+ return(result);
+}
+
+static void
+t14(void) {
+ int result;
+
+ t_assert("dns_db_findnode", 14, T_REQUIRED, a14);
+ result = t_eval("dns_db_findnode_2_data", t_dns_db_findnode_2, 6);
+ t_result(result);
+}
+
+static int
+t_dns_db_find_x(char **av) {
+ char *dbfile;
+ char *dbtype;
+ char *dborigin;
+ char *dbclass;
+ char *dbmodel;
+ char *findname;
+ char *findtype;
+ char *findopts;
+ char *findtime;
+ char *expected_result;
+
+ int result;
+ int len;
+ int opts;
+ dns_db_t *db;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ isc_stdtime_t ftime;
+ isc_stdtime_t now;
+ isc_result_t exp_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_dbnode_t *nodep;
+ isc_textregion_t textregion;
+ isc_buffer_t findname_buffer;
+ dns_fixedname_t dns_findname;
+ dns_fixedname_t dns_foundname;
+ dns_rdataset_t rdataset;
+ dns_rdatatype_t rdatatype;
+ dns_dbversion_t *cversionp;
+
+ result = T_UNRESOLVED;
+
+ dbfile = T_ARG(0);
+ dbtype = T_ARG(1);
+ dborigin = T_ARG(2);
+ dbclass = T_ARG(3);
+ dbmodel = T_ARG(4);
+ findname = T_ARG(5);
+ findtype = T_ARG(6);
+ findopts = T_ARG(7);
+ findtime = T_ARG(8);
+ expected_result = T_ARG(9);
+ db = NULL;
+ mctx = NULL;
+ ectx = NULL;
+ opts = 0;
+
+ t_info("testing using %s, name %s, type %s\n", dbfile, findname,
+ findtype);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = t_create(dbtype, dborigin, dbclass, dbmodel, mctx, &db);
+ if (dns_result != ISC_R_SUCCESS) {
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_db_load(db, dbfile);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_db_load returned %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ exp_result = t_dns_result_fromtext(expected_result);
+
+ dns_fixedname_init(&dns_findname);
+ len = strlen(findname);
+ isc_buffer_init(&findname_buffer, findname, len);
+ isc_buffer_add(&findname_buffer, len);
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_findname),
+ &findname_buffer, NULL, ISC_FALSE, NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ textregion.base = findtype;
+ textregion.length = strlen(findtype);
+ dns_result = dns_rdatatype_fromtext(&rdatatype, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdatatype_fromtext %s failed %s\n",
+ findtype,
+ dns_result_totext(dns_result));
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ if (strstr(findopts, "DNS_DBFIND_GLUEOK"))
+ opts |= DNS_DBFIND_GLUEOK;
+ if (strstr(findopts, "DNS_DBFIND_VALIDATEGLUE"))
+ opts |= DNS_DBFIND_VALIDATEGLUE;
+
+ isc_stdtime_get(&now);
+
+ ftime = strtol(findtime, NULL, 10);
+ if (ftime != 0)
+ ftime += now;
+
+ cversionp = NULL;
+ dns_fixedname_init(&dns_foundname);
+ dns_rdataset_init(&rdataset);
+ if (dns_db_iszone(db))
+ dns_db_currentversion(db, &cversionp);
+ nodep = NULL;
+
+ dns_result = dns_db_find(db,
+ dns_fixedname_name(&dns_findname),
+ cversionp,
+ rdatatype,
+ opts,
+ ftime,
+ &nodep,
+ dns_fixedname_name(&dns_foundname),
+ &rdataset, NULL);
+
+ if (dns_result != exp_result) {
+ t_info("dns_db_find %s %s unexpectedly returned %s, "
+ "expected %s\n",
+ findname, findtype, dns_result_totext(dns_result),
+ dns_result_totext(exp_result));
+ result = T_FAIL;
+ } else {
+ result = T_PASS;
+ }
+
+ if ((dns_result != ISC_R_NOTFOUND) && (dns_result != DNS_R_NXDOMAIN)) {
+
+ if ((dns_result != DNS_R_NXRRSET) &&
+ (dns_result != DNS_R_ZONECUT))
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &nodep);
+ }
+
+ if (dns_db_iszone(db))
+ dns_db_closeversion(db, &cversionp, ISC_FALSE);
+ dns_db_detach(&db);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static const char *a15 =
+ "A call to dns_db_find(db, name, version, type, options, now, ...) "
+ "finds the best match for 'name' and 'type' in version 'version' "
+ "of 'db'.";
+
+static void
+t15(void) {
+ int result;
+
+ t_assert("dns_db_find", 15, T_REQUIRED, a15);
+ result = t_eval("dns_db_find_1_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+
+static const char *a16 =
+ "When the desired node and type were found, but are glue, "
+ "and the DNS_DBFIND_GLUEOK option is set, a call to "
+ "dns_db_find(db, name, version, type, options, now, ...) "
+ "returns DNS_R_GLUE.";
+
+static void
+t16(void) {
+ int result;
+
+ t_assert("dns_db_find", 16, T_REQUIRED, a16);
+ result = t_eval("dns_db_find_2_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a17 =
+ "A call to dns_db_find() returns DNS_R_DELEGATION when the data "
+ "requested is beneath a zone cut.";
+
+static void
+t17(void) {
+ int result;
+
+ t_assert("dns_db_find", 17, T_REQUIRED, a17);
+ result = t_eval("dns_db_find_3_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a18 =
+ "A call to dns_db_find() returns DNS_R_DELEGATION when type is "
+ "dns_rdatatype_any and the desired node is a zone cut.";
+
+static void
+t18(void) {
+ int result;
+
+ t_assert("dns_db_find", 18, T_REQUIRED, a18);
+ result = t_eval("dns_db_find_4_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a19 =
+ "A call to dns_db_find() returns DNS_R_DNAME when the data "
+ "requested is beneath a DNAME.";
+
+static void
+t19(void) {
+ int result;
+
+ t_assert("dns_db_find", 19, T_REQUIRED, a19);
+ result = t_eval("dns_db_find_5_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a20 =
+ "A call to dns_db_find() returns DNS_R_CNAME when the requested "
+ "rdataset was not found but there is a CNAME at the desired name.";
+
+static void
+t20(void) {
+ int result;
+
+ t_assert("dns_db_find", 20, T_REQUIRED, a20);
+ result = t_eval("dns_db_find_6_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a21 =
+ "A call to dns_db_find() returns DNS_R_NXDOMAIN when name "
+ "does not exist.";
+
+static void
+t21(void) {
+ int result;
+
+ t_assert("dns_db_find", 21, T_REQUIRED, a21);
+ result = t_eval("dns_db_find_7_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a22 =
+ "A call to dns_db_find() returns DNS_R_NXRRSET when "
+ "the desired name exists, but the desired type does not.";
+
+static void
+t22(void) {
+ int result;
+
+ t_assert("dns_db_find", 22, T_REQUIRED, a22);
+ result = t_eval("dns_db_find_8_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a23 =
+ "When db is a cache database, a call to dns_db_find() "
+ "returns ISC_R_NOTFOUND when the desired name does not exist, "
+ "and no delegation could be found.";
+
+static void
+t23(void) {
+ int result;
+
+ t_assert("dns_db_find", 23, T_REQUIRED, a23);
+ result = t_eval("dns_db_find_9_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a24 =
+ "When db is a cache database, an rdataset will be found only "
+ "if at least one rdataset at the found node expires after 'now'.";
+
+static void
+t24(void) {
+ int result;
+
+ t_assert("dns_db_find", 24, T_REQUIRED, a24);
+ result = t_eval("dns_db_find_10_data", t_dns_db_find_x, 10);
+ t_result(result);
+}
+
+static const char *a25 =
+ "A call to dns_db_load(db, filename) returns DNS_R_NOTZONETOP "
+ "when the zone data contains a SOA not at the zone apex.";
+
+static void
+t25(void) {
+ int result;
+
+ t_assert("dns_db_load", 25, T_REQUIRED, a25);
+ result = t_eval("dns_db_load_soa_not_top", t_dns_db_load, 9);
+ t_result(result);
+}
+
+testspec_t T_testlist[] = {
+ { t1, "dns_db_load" },
+ { t2, "dns_db_iscache" },
+ { t3, "dns_db_iscache" },
+ { t4, "dns_db_iszone" },
+ { t5, "dns_db_iszone" },
+ { t6, "dns_db_origin" },
+ { t7, "dns_db_class" },
+ { t8, "dns_db_currentversion" },
+ { t9, "dns_db_newversion" },
+ { t10, "dns_db_closeversion" },
+ { t11, "dns_db_closeversion" },
+ { t12, "dns_db_expirenode" },
+ { t13, "dns_db_findnode" },
+ { t14, "dns_db_findnode" },
+ { t15, "dns_db_find" },
+ { t16, "dns_db_find" },
+ { t17, "dns_db_find" },
+ { t18, "dns_db_find" },
+ { t19, "dns_db_find" },
+ { t20, "dns_db_find" },
+ { t21, "dns_db_find" },
+ { t22, "dns_db_find" },
+ { t23, "dns_db_find" },
+ { t24, "dns_db_find" },
+ { t25, "dns_db_load" },
+ { NULL, NULL }
+};
diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c
new file mode 100644
index 0000000..9b0d90d
--- /dev/null
+++ b/bin/tests/db_test.c
@@ -0,0 +1,946 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: db_test.c,v 1.66 2008/09/25 04:02:38 tbox Exp $ */
+
+/*! \file
+ * \author
+ * Principal Author: Bob Halley
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/commandline.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/time.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/dbtable.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/result.h>
+
+#define MAXHOLD 100
+#define MAXVERSIONS 100
+
+typedef struct dbinfo {
+ dns_db_t * db;
+ dns_dbversion_t * version;
+ dns_dbversion_t * wversion;
+ dns_dbversion_t * rversions[MAXVERSIONS];
+ int rcount;
+ dns_dbnode_t * hold_nodes[MAXHOLD];
+ int hold_count;
+ dns_dbiterator_t * dbiterator;
+ dns_dbversion_t * iversion;
+ int pause_every;
+ isc_boolean_t ascending;
+ ISC_LINK(struct dbinfo) link;
+} dbinfo;
+
+static isc_mem_t * mctx = NULL;
+static char dbtype[128];
+static dns_dbtable_t * dbtable;
+static ISC_LIST(dbinfo) dbs;
+static dbinfo * cache_dbi = NULL;
+static int pause_every = 0;
+static isc_boolean_t ascending = ISC_TRUE;
+
+static void
+print_result(const char *message, isc_result_t result) {
+ size_t len;
+
+ if (message == NULL) {
+ len = 0;
+ message = "";
+ }
+ len = strlen(message);
+ printf("%s%sresult %08x: %s\n", message, (len == 0U) ? "" : " ",
+ result, isc_result_totext(result));
+}
+
+static void
+print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset) {
+ isc_buffer_t text;
+ char t[1000];
+ isc_result_t result;
+ isc_region_t r;
+
+ isc_buffer_init(&text, t, sizeof(t));
+ result = dns_rdataset_totext(rdataset, name, ISC_FALSE, ISC_FALSE,
+ &text);
+ isc_buffer_usedregion(&text, &r);
+ if (result == ISC_R_SUCCESS)
+ printf("%.*s", (int)r.length, (char *)r.base);
+ else
+ print_result("", result);
+}
+
+static void
+print_rdatasets(dns_name_t *name, dns_rdatasetiter_t *rdsiter) {
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+
+ dns_rdataset_init(&rdataset);
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ print_rdataset(name, &rdataset);
+ dns_rdataset_disassociate(&rdataset);
+ result = dns_rdatasetiter_next(rdsiter);
+ }
+ if (result != ISC_R_NOMORE)
+ print_result("", result);
+}
+
+static dbinfo *
+select_db(char *origintext) {
+ dns_fixedname_t forigin;
+ dns_name_t *origin;
+ isc_buffer_t source;
+ size_t len;
+ dbinfo *dbi;
+ isc_result_t result;
+
+ if (strcasecmp(origintext, "cache") == 0) {
+ if (cache_dbi == NULL)
+ printf("the cache does not exist\n");
+ return (cache_dbi);
+ }
+ len = strlen(origintext);
+ isc_buffer_init(&source, origintext, len);
+ isc_buffer_add(&source, len);
+ dns_fixedname_init(&forigin);
+ origin = dns_fixedname_name(&forigin);
+ result = dns_name_fromtext(origin, &source, dns_rootname, ISC_FALSE,
+ NULL);
+ if (result != ISC_R_SUCCESS) {
+ print_result("bad name", result);
+ return (NULL);
+ }
+
+ for (dbi = ISC_LIST_HEAD(dbs);
+ dbi != NULL;
+ dbi = ISC_LIST_NEXT(dbi, link)) {
+ if (dns_name_compare(dns_db_origin(dbi->db), origin) == 0)
+ break;
+ }
+
+ return (dbi);
+}
+
+static void
+list(dbinfo *dbi, char *seektext) {
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ dns_dbnode_t *node;
+ dns_rdatasetiter_t *rdsiter;
+ isc_result_t result;
+ int i;
+ size_t len;
+ dns_fixedname_t fseekname;
+ dns_name_t *seekname;
+ isc_buffer_t source;
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+
+ if (dbi->dbiterator == NULL) {
+ INSIST(dbi->iversion == NULL);
+ if (dns_db_iszone(dbi->db)) {
+ if (dbi->version != NULL)
+ dns_db_attachversion(dbi->db, dbi->version,
+ &dbi->iversion);
+ else
+ dns_db_currentversion(dbi->db, &dbi->iversion);
+ }
+
+ result = dns_db_createiterator(dbi->db, 0, &dbi->dbiterator);
+ if (result == ISC_R_SUCCESS) {
+ if (seektext != NULL) {
+ len = strlen(seektext);
+ isc_buffer_init(&source, seektext, len);
+ isc_buffer_add(&source, len);
+ dns_fixedname_init(&fseekname);
+ seekname = dns_fixedname_name(&fseekname);
+ result = dns_name_fromtext(seekname, &source,
+ dns_db_origin(
+ dbi->db),
+ ISC_FALSE,
+ NULL);
+ if (result == ISC_R_SUCCESS)
+ result = dns_dbiterator_seek(
+ dbi->dbiterator,
+ seekname);
+ } else if (dbi->ascending)
+ result = dns_dbiterator_first(dbi->dbiterator);
+ else
+ result = dns_dbiterator_last(dbi->dbiterator);
+ }
+ } else
+ result = ISC_R_SUCCESS;
+
+ node = NULL;
+ rdsiter = NULL;
+ i = 0;
+ while (result == ISC_R_SUCCESS) {
+ result = dns_dbiterator_current(dbi->dbiterator, &node, name);
+ if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN)
+ break;
+ result = dns_db_allrdatasets(dbi->db, node, dbi->iversion, 0,
+ &rdsiter);
+ if (result != ISC_R_SUCCESS) {
+ dns_db_detachnode(dbi->db, &node);
+ break;
+ }
+ print_rdatasets(name, rdsiter);
+ dns_rdatasetiter_destroy(&rdsiter);
+ dns_db_detachnode(dbi->db, &node);
+ if (dbi->ascending)
+ result = dns_dbiterator_next(dbi->dbiterator);
+ else
+ result = dns_dbiterator_prev(dbi->dbiterator);
+ i++;
+ if (result == ISC_R_SUCCESS && i == dbi->pause_every) {
+ printf("[more...]\n");
+ result = dns_dbiterator_pause(dbi->dbiterator);
+ if (result == ISC_R_SUCCESS)
+ return;
+ }
+ }
+ if (result != ISC_R_NOMORE)
+ print_result("", result);
+
+ dns_dbiterator_destroy(&dbi->dbiterator);
+ if (dbi->iversion != NULL)
+ dns_db_closeversion(dbi->db, &dbi->iversion, ISC_FALSE);
+}
+
+static isc_result_t
+load(const char *filename, const char *origintext, isc_boolean_t cache) {
+ dns_fixedname_t forigin;
+ dns_name_t *origin;
+ isc_result_t result;
+ isc_buffer_t source;
+ size_t len;
+ dbinfo *dbi;
+ unsigned int i;
+
+ dbi = isc_mem_get(mctx, sizeof(*dbi));
+ if (dbi == NULL)
+ return (ISC_R_NOMEMORY);
+
+ dbi->db = NULL;
+ dbi->version = NULL;
+ dbi->wversion = NULL;
+ for (i = 0; i < MAXVERSIONS; i++)
+ dbi->rversions[i] = NULL;
+ dbi->hold_count = 0;
+ for (i = 0; i < MAXHOLD; i++)
+ dbi->hold_nodes[i] = NULL;
+ dbi->dbiterator = NULL;
+ dbi->iversion = NULL;
+ dbi->pause_every = pause_every;
+ dbi->ascending = ascending;
+ ISC_LINK_INIT(dbi, link);
+
+ len = strlen(origintext);
+ isc_buffer_init(&source, origintext, len);
+ isc_buffer_add(&source, len);
+ dns_fixedname_init(&forigin);
+ origin = dns_fixedname_name(&forigin);
+ result = dns_name_fromtext(origin, &source, dns_rootname, ISC_FALSE,
+ NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = dns_db_create(mctx, dbtype, origin,
+ cache ? dns_dbtype_cache : dns_dbtype_zone,
+ dns_rdataclass_in,
+ 0, NULL, &dbi->db);
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(mctx, dbi, sizeof(*dbi));
+ return (result);
+ }
+
+ printf("loading %s (%s)\n", filename, origintext);
+ result = dns_db_load(dbi->db, filename);
+ if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
+ dns_db_detach(&dbi->db);
+ isc_mem_put(mctx, dbi, sizeof(*dbi));
+ return (result);
+ }
+ printf("loaded\n");
+
+ if (cache) {
+ INSIST(cache_dbi == NULL);
+ dns_dbtable_adddefault(dbtable, dbi->db);
+ cache_dbi = dbi;
+ } else {
+ if (dns_dbtable_add(dbtable, dbi->db) != ISC_R_SUCCESS) {
+ dns_db_detach(&dbi->db);
+ isc_mem_put(mctx, dbi, sizeof(*dbi));
+ return (result);
+ }
+ }
+ ISC_LIST_APPEND(dbs, dbi, link);
+
+ return (ISC_R_SUCCESS);
+}
+
+static void
+unload_all(void) {
+ dbinfo *dbi, *dbi_next;
+
+ for (dbi = ISC_LIST_HEAD(dbs); dbi != NULL; dbi = dbi_next) {
+ dbi_next = ISC_LIST_NEXT(dbi, link);
+ if (dns_db_iszone(dbi->db))
+ dns_dbtable_remove(dbtable, dbi->db);
+ else {
+ INSIST(dbi == cache_dbi);
+ dns_dbtable_removedefault(dbtable);
+ cache_dbi = NULL;
+ }
+ dns_db_detach(&dbi->db);
+ ISC_LIST_UNLINK(dbs, dbi, link);
+ isc_mem_put(mctx, dbi, sizeof(*dbi));
+ }
+}
+
+#define DBI_CHECK(dbi) \
+if ((dbi) == NULL) { \
+ printf("You must first select a database with !DB\n"); \
+ continue; \
+}
+
+int
+main(int argc, char *argv[]) {
+ dns_db_t *db;
+ dns_dbnode_t *node;
+ isc_result_t result;
+ dns_name_t name;
+ dns_offsets_t offsets;
+ size_t len;
+ isc_buffer_t source, target;
+ char s[1000];
+ char b[255];
+ dns_rdataset_t rdataset, sigrdataset;
+ int ch;
+ dns_rdatatype_t type = 1;
+ isc_boolean_t printnode = ISC_FALSE;
+ isc_boolean_t addmode = ISC_FALSE;
+ isc_boolean_t delmode = ISC_FALSE;
+ isc_boolean_t holdmode = ISC_FALSE;
+ isc_boolean_t verbose = ISC_FALSE;
+ isc_boolean_t done = ISC_FALSE;
+ isc_boolean_t quiet = ISC_FALSE;
+ isc_boolean_t time_lookups = ISC_FALSE;
+ isc_boolean_t found_as;
+ isc_boolean_t find_zonecut = ISC_FALSE;
+ isc_boolean_t noexact_zonecut = ISC_FALSE;
+ int i, v;
+ dns_rdatasetiter_t *rdsiter;
+ char t1[256];
+ char t2[256];
+ isc_buffer_t tb1, tb2;
+ isc_region_t r1, r2;
+ dns_fixedname_t foundname;
+ dns_name_t *fname;
+ unsigned int options = 0, zcoptions;
+ isc_time_t start, finish;
+ char *origintext;
+ dbinfo *dbi;
+ dns_dbversion_t *version;
+ dns_name_t *origin;
+ size_t memory_quota = 0;
+ dns_trust_t trust = 0;
+ unsigned int addopts;
+ isc_log_t *lctx = NULL;
+
+ dns_result_register();
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) ==
+ ISC_R_SUCCESS);
+
+
+
+ strcpy(dbtype, "rbt");
+ while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT"))
+ != -1) {
+ switch (ch) {
+ case 'c':
+ result = load(isc_commandline_argument, ".", ISC_TRUE);
+ if (result != ISC_R_SUCCESS)
+ printf("cache load(%s) %08x: %s\n",
+ isc_commandline_argument, result,
+ isc_result_totext(result));
+ break;
+ case 'd':
+ strcpy(dbtype, isc_commandline_argument);
+ break;
+ case 'g':
+ options |= (DNS_DBFIND_GLUEOK|DNS_DBFIND_VALIDATEGLUE);
+ break;
+ case 'l':
+ RUNTIME_CHECK(isc_log_create(mctx, &lctx,
+ NULL) == ISC_R_SUCCESS);
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+ break;
+ case 'q':
+ quiet = ISC_TRUE;
+ verbose = ISC_FALSE;
+ break;
+ case 'p':
+ printnode = ISC_TRUE;
+ break;
+ case 'P':
+ pause_every = atoi(isc_commandline_argument);
+ break;
+ case 'Q':
+ memory_quota = atoi(isc_commandline_argument);
+ isc_mem_setquota(mctx, memory_quota);
+ break;
+ case 't':
+ type = atoi(isc_commandline_argument);
+ break;
+ case 'T':
+ time_lookups = ISC_TRUE;
+ break;
+ case 'v':
+ verbose = ISC_TRUE;
+ break;
+ case 'z':
+ origintext = strrchr(isc_commandline_argument, '/');
+ if (origintext == NULL)
+ origintext = isc_commandline_argument;
+ else
+ origintext++; /* Skip '/'. */
+ result = load(isc_commandline_argument, origintext,
+ ISC_FALSE);
+ if (result != ISC_R_SUCCESS)
+ printf("zone load(%s) %08x: %s\n",
+ isc_commandline_argument, result,
+ isc_result_totext(result));
+ break;
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc != 0)
+ printf("ignoring trailing arguments\n");
+
+ /*
+ * Some final initialization...
+ */
+ dns_fixedname_init(&foundname);
+ fname = dns_fixedname_name(&foundname);
+ dbi = NULL;
+ origin = dns_rootname;
+ version = NULL;
+
+ if (time_lookups) {
+ TIME_NOW(&start);
+ }
+
+ while (!done) {
+ if (!quiet)
+ printf("\n");
+ if (fgets(s, sizeof(s), stdin) == NULL) {
+ done = ISC_TRUE;
+ continue;
+ }
+ len = strlen(s);
+ if (len > 0U && s[len - 1] == '\n') {
+ s[len - 1] = '\0';
+ len--;
+ }
+ if (verbose && dbi != NULL) {
+ if (dbi->wversion != NULL)
+ printf("future version (%p)\n", dbi->wversion);
+ for (i = 0; i < dbi->rcount; i++)
+ if (dbi->rversions[i] != NULL)
+ printf("open version %d (%p)\n", i,
+ dbi->rversions[i]);
+ }
+ dns_name_init(&name, offsets);
+ if (strcmp(s, "!R") == 0) {
+ DBI_CHECK(dbi);
+ if (dbi->rcount == MAXVERSIONS) {
+ printf("too many open versions\n");
+ continue;
+ }
+ dns_db_currentversion(dbi->db,
+ &dbi->rversions[dbi->rcount]);
+ printf("opened version %d\n", dbi->rcount);
+ dbi->version = dbi->rversions[dbi->rcount];
+ version = dbi->version;
+ dbi->rcount++;
+ continue;
+ } else if (strcmp(s, "!W") == 0) {
+ DBI_CHECK(dbi);
+ if (dbi->wversion != NULL) {
+ printf("using existing future version\n");
+ dbi->version = dbi->wversion;
+ version = dbi->version;
+ continue;
+ }
+ result = dns_db_newversion(dbi->db, &dbi->wversion);
+ if (result != ISC_R_SUCCESS)
+ print_result("", result);
+ else
+ printf("newversion\n");
+ dbi->version = dbi->wversion;
+ version = dbi->version;
+ continue;
+ } else if (strcmp(s, "!C") == 0) {
+ DBI_CHECK(dbi);
+ addmode = ISC_FALSE;
+ delmode = ISC_FALSE;
+ if (dbi->version == NULL)
+ continue;
+ if (dbi->version == dbi->wversion) {
+ printf("closing future version\n");
+ dbi->wversion = NULL;
+ } else {
+ for (i = 0; i < dbi->rcount; i++) {
+ if (dbi->version ==
+ dbi->rversions[i]) {
+ dbi->rversions[i] = NULL;
+ printf("closing open version %d\n",
+ i);
+ break;
+ }
+ }
+ }
+ dns_db_closeversion(dbi->db, &dbi->version, ISC_TRUE);
+ version = NULL;
+ continue;
+ } else if (strcmp(s, "!X") == 0) {
+ DBI_CHECK(dbi);
+ addmode = ISC_FALSE;
+ delmode = ISC_FALSE;
+ if (dbi->version == NULL)
+ continue;
+ if (dbi->version == dbi->wversion) {
+ printf("aborting future version\n");
+ dbi->wversion = NULL;
+ } else {
+ for (i = 0; i < dbi->rcount; i++) {
+ if (dbi->version ==
+ dbi->rversions[i]) {
+ dbi->rversions[i] = NULL;
+ printf("closing open version %d\n",
+ i);
+ break;
+ }
+ }
+ }
+ dns_db_closeversion(dbi->db, &dbi->version, ISC_FALSE);
+ version = NULL;
+ continue;
+ } else if (strcmp(s, "!A") == 0) {
+ DBI_CHECK(dbi);
+ delmode = ISC_FALSE;
+ if (addmode)
+ addmode = ISC_FALSE;
+ else
+ addmode = ISC_TRUE;
+ printf("addmode = %s\n", addmode ? "TRUE" : "FALSE");
+ continue;
+ } else if (strcmp(s, "!D") == 0) {
+ DBI_CHECK(dbi);
+ addmode = ISC_FALSE;
+ if (delmode)
+ delmode = ISC_FALSE;
+ else
+ delmode = ISC_TRUE;
+ printf("delmode = %s\n", delmode ? "TRUE" : "FALSE");
+ continue;
+ } else if (strcmp(s, "!H") == 0) {
+ DBI_CHECK(dbi);
+ if (holdmode)
+ holdmode = ISC_FALSE;
+ else
+ holdmode = ISC_TRUE;
+ printf("holdmode = %s\n", holdmode ? "TRUE" : "FALSE");
+ continue;
+ } else if (strcmp(s, "!HR") == 0) {
+ DBI_CHECK(dbi);
+ for (i = 0; i < dbi->hold_count; i++)
+ dns_db_detachnode(dbi->db,
+ &dbi->hold_nodes[i]);
+ dbi->hold_count = 0;
+ holdmode = ISC_FALSE;
+ printf("held nodes have been detached\n");
+ continue;
+ } else if (strcmp(s, "!VC") == 0) {
+ DBI_CHECK(dbi);
+ printf("switching to current version\n");
+ dbi->version = NULL;
+ version = NULL;
+ continue;
+ } else if (strstr(s, "!V") == s) {
+ DBI_CHECK(dbi);
+ v = atoi(&s[2]);
+ if (v >= dbi->rcount) {
+ printf("unknown open version %d\n", v);
+ continue;
+ } else if (dbi->rversions[v] == NULL) {
+ printf("version %d is not open\n", v);
+ continue;
+ }
+ printf("switching to open version %d\n", v);
+ dbi->version = dbi->rversions[v];
+ version = dbi->version;
+ continue;
+ } else if (strstr(s, "!TR") == s) {
+ trust = (unsigned int)atoi(&s[3]);
+ printf("trust level is now %u\n", (unsigned int)trust);
+ continue;
+ } else if (strstr(s, "!T") == s) {
+ type = (unsigned int)atoi(&s[2]);
+ printf("now searching for type %u\n", type);
+ continue;
+ } else if (strcmp(s, "!G") == 0) {
+ if ((options & DNS_DBFIND_GLUEOK) != 0)
+ options &= ~DNS_DBFIND_GLUEOK;
+ else
+ options |= DNS_DBFIND_GLUEOK;
+ printf("glue ok = %s\n",
+ ((options & DNS_DBFIND_GLUEOK) != 0) ?
+ "TRUE" : "FALSE");
+ continue;
+ } else if (strcmp(s, "!GV") == 0) {
+ if ((options & DNS_DBFIND_VALIDATEGLUE) != 0)
+ options &= ~DNS_DBFIND_VALIDATEGLUE;
+ else
+ options |= DNS_DBFIND_VALIDATEGLUE;
+ printf("validate glue = %s\n",
+ ((options & DNS_DBFIND_VALIDATEGLUE) != 0) ?
+ "TRUE" : "FALSE");
+ continue;
+ } else if (strcmp(s, "!WC") == 0) {
+ if ((options & DNS_DBFIND_NOWILD) != 0)
+ options &= ~DNS_DBFIND_NOWILD;
+ else
+ options |= DNS_DBFIND_NOWILD;
+ printf("wildcard matching = %s\n",
+ ((options & DNS_DBFIND_NOWILD) == 0) ?
+ "TRUE" : "FALSE");
+ continue;
+ } else if (strstr(s, "!LS ") == s) {
+ DBI_CHECK(dbi);
+ list(dbi, &s[4]);
+ continue;
+ } else if (strcmp(s, "!LS") == 0) {
+ DBI_CHECK(dbi);
+ list(dbi, NULL);
+ continue;
+ } else if (strstr(s, "!DU ") == s) {
+ DBI_CHECK(dbi);
+ result = dns_db_dump(dbi->db, dbi->version, s+4);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n");
+ print_result("", result);
+ }
+ continue;
+ } else if (strcmp(s, "!PN") == 0) {
+ if (printnode)
+ printnode = ISC_FALSE;
+ else
+ printnode = ISC_TRUE;
+ printf("printnode = %s\n",
+ printnode ? "TRUE" : "FALSE");
+ continue;
+ } else if (strstr(s, "!P") == s) {
+ DBI_CHECK(dbi);
+ v = atoi(&s[2]);
+ dbi->pause_every = v;
+ continue;
+ } else if (strcmp(s, "!+") == 0) {
+ DBI_CHECK(dbi);
+ dbi->ascending = ISC_TRUE;
+ continue;
+ } else if (strcmp(s, "!-") == 0) {
+ DBI_CHECK(dbi);
+ dbi->ascending = ISC_FALSE;
+ continue;
+ } else if (strcmp(s, "!DB") == 0) {
+ dbi = NULL;
+ origin = dns_rootname;
+ version = NULL;
+ printf("now searching all databases\n");
+ continue;
+ } else if (strncmp(s, "!DB ", 4) == 0) {
+ dbi = select_db(s+4);
+ if (dbi != NULL) {
+ db = dbi->db;
+ origin = dns_db_origin(dbi->db);
+ version = dbi->version;
+ addmode = ISC_FALSE;
+ delmode = ISC_FALSE;
+ holdmode = ISC_FALSE;
+ } else {
+ db = NULL;
+ version = NULL;
+ origin = dns_rootname;
+ printf("database not found; "
+ "now searching all databases\n");
+ }
+ continue;
+ } else if (strcmp(s, "!ZC") == 0) {
+ if (find_zonecut)
+ find_zonecut = ISC_FALSE;
+ else
+ find_zonecut = ISC_TRUE;
+ printf("find_zonecut = %s\n",
+ find_zonecut ? "TRUE" : "FALSE");
+ continue;
+ } else if (strcmp(s, "!NZ") == 0) {
+ if (noexact_zonecut)
+ noexact_zonecut = ISC_FALSE;
+ else
+ noexact_zonecut = ISC_TRUE;
+ printf("noexact_zonecut = %s\n",
+ noexact_zonecut ? "TRUE" : "FALSE");
+ continue;
+ }
+
+ isc_buffer_init(&source, s, len);
+ isc_buffer_add(&source, len);
+ isc_buffer_init(&target, b, sizeof(b));
+ result = dns_name_fromtext(&name, &source, origin,
+ ISC_FALSE, &target);
+ if (result != ISC_R_SUCCESS) {
+ print_result("bad name: ", result);
+ continue;
+ }
+
+ if (dbi == NULL) {
+ zcoptions = 0;
+ if (noexact_zonecut)
+ zcoptions |= DNS_DBTABLEFIND_NOEXACT;
+ db = NULL;
+ result = dns_dbtable_find(dbtable, &name, zcoptions,
+ &db);
+ if (result != ISC_R_SUCCESS &&
+ result != DNS_R_PARTIALMATCH) {
+ if (!quiet) {
+ printf("\n");
+ print_result("", result);
+ }
+ continue;
+ }
+ isc_buffer_init(&tb1, t1, sizeof(t1));
+ result = dns_name_totext(dns_db_origin(db), ISC_FALSE,
+ &tb1);
+ if (result != ISC_R_SUCCESS) {
+ printf("\n");
+ print_result("", result);
+ dns_db_detach(&db);
+ continue;
+ }
+ isc_buffer_usedregion(&tb1, &r1);
+ printf("\ndatabase = %.*s (%s)\n",
+ (int)r1.length, r1.base,
+ (dns_db_iszone(db)) ? "zone" : "cache");
+ }
+ node = NULL;
+ dns_rdataset_init(&rdataset);
+ dns_rdataset_init(&sigrdataset);
+
+ if (find_zonecut && dns_db_iscache(db)) {
+ zcoptions = options;
+ if (noexact_zonecut)
+ zcoptions |= DNS_DBFIND_NOEXACT;
+ result = dns_db_findzonecut(db, &name, zcoptions,
+ 0, &node, fname,
+ &rdataset, &sigrdataset);
+ } else {
+ result = dns_db_find(db, &name, version, type,
+ options, 0, &node, fname,
+ &rdataset, &sigrdataset);
+ }
+
+ if (!quiet) {
+ if (dbi != NULL)
+ printf("\n");
+ print_result("", result);
+ }
+
+ found_as = ISC_FALSE;
+ switch (result) {
+ case ISC_R_SUCCESS:
+ case DNS_R_GLUE:
+ case DNS_R_CNAME:
+ case DNS_R_ZONECUT:
+ break;
+ case DNS_R_DNAME:
+ case DNS_R_DELEGATION:
+ found_as = ISC_TRUE;
+ break;
+ case DNS_R_NXRRSET:
+ if (dns_rdataset_isassociated(&rdataset))
+ break;
+ if (dbi != NULL) {
+ if (holdmode) {
+ RUNTIME_CHECK(dbi->hold_count <
+ MAXHOLD);
+ dbi->hold_nodes[dbi->hold_count++] =
+ node;
+ node = NULL;
+ } else
+ dns_db_detachnode(db, &node);
+ } else {
+ dns_db_detachnode(db, &node);
+ dns_db_detach(&db);
+ }
+ continue;
+ case DNS_R_NXDOMAIN:
+ if (dns_rdataset_isassociated(&rdataset))
+ break;
+ /* FALLTHROUGH */
+ default:
+ if (dbi == NULL)
+ dns_db_detach(&db);
+ if (quiet)
+ print_result("", result);
+ continue;
+ }
+ if (found_as && !quiet) {
+ isc_buffer_init(&tb1, t1, sizeof(t1));
+ isc_buffer_init(&tb2, t2, sizeof(t2));
+ result = dns_name_totext(&name, ISC_FALSE, &tb1);
+ if (result != ISC_R_SUCCESS) {
+ print_result("", result);
+ dns_db_detachnode(db, &node);
+ if (dbi == NULL)
+ dns_db_detach(&db);
+ continue;
+ }
+ result = dns_name_totext(fname, ISC_FALSE, &tb2);
+ if (result != ISC_R_SUCCESS) {
+ print_result("", result);
+ dns_db_detachnode(db, &node);
+ if (dbi == NULL)
+ dns_db_detach(&db);
+ continue;
+ }
+ isc_buffer_usedregion(&tb1, &r1);
+ isc_buffer_usedregion(&tb2, &r2);
+ printf("found %.*s as %.*s\n",
+ (int)r1.length, r1.base,
+ (int)r2.length, r2.base);
+ }
+
+ if (printnode)
+ dns_db_printnode(db, node, stdout);
+
+ if (!found_as && type == dns_rdatatype_any) {
+ rdsiter = NULL;
+ result = dns_db_allrdatasets(db, node, version, 0,
+ &rdsiter);
+ if (result == ISC_R_SUCCESS) {
+ if (!quiet)
+ print_rdatasets(fname, rdsiter);
+ dns_rdatasetiter_destroy(&rdsiter);
+ } else
+ print_result("", result);
+ } else {
+ if (!quiet)
+ print_rdataset(fname, &rdataset);
+ if (dns_rdataset_isassociated(&sigrdataset)) {
+ if (!quiet)
+ print_rdataset(fname, &sigrdataset);
+ dns_rdataset_disassociate(&sigrdataset);
+ }
+ if (dbi != NULL && addmode && !found_as) {
+ rdataset.ttl++;
+ rdataset.trust = trust;
+ if (dns_db_iszone(db))
+ addopts = DNS_DBADD_MERGE;
+ else
+ addopts = 0;
+ result = dns_db_addrdataset(db, node, version,
+ 0, &rdataset,
+ addopts, NULL);
+ if (result != ISC_R_SUCCESS)
+ print_result("", result);
+ if (printnode)
+ dns_db_printnode(db, node, stdout);
+ } else if (dbi != NULL && delmode && !found_as) {
+ result = dns_db_deleterdataset(db, node,
+ version, type,
+ 0);
+ if (result != ISC_R_SUCCESS)
+ print_result("", result);
+ if (printnode)
+ dns_db_printnode(db, node, stdout);
+ }
+ dns_rdataset_disassociate(&rdataset);
+ }
+
+ if (dbi != NULL) {
+ if (holdmode) {
+ RUNTIME_CHECK(dbi->hold_count < MAXHOLD);
+ dbi->hold_nodes[dbi->hold_count++] = node;
+ node = NULL;
+ } else
+ dns_db_detachnode(db, &node);
+ } else {
+ dns_db_detachnode(db, &node);
+ dns_db_detach(&db);
+ }
+ }
+
+ if (time_lookups) {
+ isc_uint64_t usec;
+
+ TIME_NOW(&finish);
+
+ usec = isc_time_microdiff(&finish, &start);
+
+ printf("elapsed time: %lu.%06lu seconds\n",
+ (unsigned long)(usec / 1000000),
+ (unsigned long)(usec % 1000000));
+ }
+
+ unload_all();
+
+ dns_dbtable_detach(&dbtable);
+
+ if (lctx != NULL)
+ isc_log_destroy(&lctx);
+
+ if (!quiet)
+ isc_mem_stats(mctx, stdout);
+
+ return (0);
+}
diff --git a/bin/tests/dst/Kdh.+002+18602.key b/bin/tests/dst/Kdh.+002+18602.key
new file mode 100644
index 0000000..09b4cf5
--- /dev/null
+++ b/bin/tests/dst/Kdh.+002+18602.key
@@ -0,0 +1 @@
+dh. IN KEY 0 2 2 AAEBAAAAYIHI/wjtOagNga9GILSoS02IVelgLilPE/TfhtvShsiDAXqb IfxQcj2JkuOnNLs5ttb2WZXWl5/jsSjIxHMwMF2XY4gwt/lwHBf/vgYH r7aIxnKXov1jk9rymTLHGKIOtg==
diff --git a/bin/tests/dst/Kdh.+002+18602.private b/bin/tests/dst/Kdh.+002+18602.private
new file mode 100644
index 0000000..a2245bf
--- /dev/null
+++ b/bin/tests/dst/Kdh.+002+18602.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.2
+Algorithm: 2 (DH)
+Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//////////
+Generator(g): Ag==
+Private_value(x): bpdsGQ1jbV3f2CGN/0Pk5KM1MlkFmMryPO1J1zoGn585fRmc9Ygw6l/HKmi2ViiDNorvd9/eV9uyYO6lYZC82R3D7rST1mAqCwbg/8gNE5dXBRbRIIq3qIl6GUYYs8mK
+Public_value(y): gcj/CO05qA2Br0YgtKhLTYhV6WAuKU8T9N+G29KGyIMBepsh/FByPYmS46c0uzm21vZZldaXn+OxKMjEczAwXZdjiDC3+XAcF/++BgevtojGcpei/WOT2vKZMscYog62
diff --git a/bin/tests/dst/Kdh.+002+48957.key b/bin/tests/dst/Kdh.+002+48957.key
new file mode 100644
index 0000000..9838829
--- /dev/null
+++ b/bin/tests/dst/Kdh.+002+48957.key
@@ -0,0 +1 @@
+dh. IN KEY 0 2 2 AAEBAAAAYOuaKjyMXYame2F6/ZFdEmXv0a2edB+69PEZgrExA6SJlivn 4KqAsfBHr/+0BCb+7nfWeMDSh2BXnSzWkXF1wMaCHMuz9EleG1gKFKeV Q9gKli88Cb8/jbovWChrGBNp2w==
diff --git a/bin/tests/dst/Kdh.+002+48957.private b/bin/tests/dst/Kdh.+002+48957.private
new file mode 100644
index 0000000..e191235
--- /dev/null
+++ b/bin/tests/dst/Kdh.+002+48957.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.2
+Algorithm: 2 (DH)
+Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//////////
+Generator(g): Ag==
+Private_value(x): WJG0moh+QoZV+DYhqW7Z6O6TYpYGtSlN0Ym6JV6VRnzeH69OqMUFivqZorj3a3ofR/4zogNVyy5KLLj2NFTaLGP4Hcvt7uETJik6HrjLMhGf40QPXYgVK57Im0rv88Ca
+Public_value(y): 65oqPIxdhqZ7YXr9kV0SZe/RrZ50H7r08RmCsTEDpImWK+fgqoCx8Eev/7QEJv7ud9Z4wNKHYFedLNaRcXXAxoIcy7P0SV4bWAoUp5VD2AqWLzwJvz+Nui9YKGsYE2nb
diff --git a/bin/tests/dst/Ktest.+001+00002.key b/bin/tests/dst/Ktest.+001+00002.key
new file mode 100644
index 0000000..a8b4b4d
--- /dev/null
+++ b/bin/tests/dst/Ktest.+001+00002.key
@@ -0,0 +1 @@
+test. IN DNSKEY 49152 2 1
diff --git a/bin/tests/dst/Ktest.+001+54622.key b/bin/tests/dst/Ktest.+001+54622.key
new file mode 100644
index 0000000..b0277e3
--- /dev/null
+++ b/bin/tests/dst/Ktest.+001+54622.key
@@ -0,0 +1 @@
+test. IN DNSKEY 257 3 1 AQPQjwSpaVzxIgRCpiUoozUQKGh2oX8NIFKDOvtxK+tn536OZg2cROKTlgGEHXJK9YHfW/6nzQULTVpb63P+SQMmjCCidb8IYyhItixRztVeJQ==
diff --git a/bin/tests/dst/Ktest.+001+54622.private b/bin/tests/dst/Ktest.+001+54622.private
new file mode 100644
index 0000000..c97ac30
--- /dev/null
+++ b/bin/tests/dst/Ktest.+001+54622.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 0I8EqWlc8SIEQqYlKKM1EChodqF/DSBSgzr7cSvrZ+d+jmYNnETik5YBhB1ySvWB31v+p80FC01aW+tz/kkDJowgonW/CGMoSLYsUc7VXiU=
+PublicExponent: Aw==
+PrivateExponent: iwoDG5uTS2wC1xluGxd4tXBFpGuqCMA3AidSS3Kc7++ptEQJEtiXC9kfCJMvZhGfQLaujft2OgrmkcuDVtPIbQWEENhyJhb4Lk82kFXbfus=
+Prime1: /rSKuzcZY7R5cY2YWD4CiBNyj9WJMq1wWmBnb9+5M08nTl5E9NW5qQ==
+Prime2: 0Z5shXQYd16E2Gs6e5WxtO0Oqlly2KkSqXohwTQWDWTb8Pw0WTZmHQ==
+Exponent1: qc2x0iS7l82mS7O65X6sWrehtTkGIcj1kZWaSpUmIjTE3umDTePRGw==
+Exponent2: i77zA6K6+j8DOvIm/Q52eJ4JxuZMkHC3G6bBK3gOs5iSoKgi5iREEw==
+Coefficient: 3+wYZB0SJad7z2EsjzgbSlg6CawoaOvrROGSbwSiW5DCsMFROudOTw==
diff --git a/bin/tests/dst/Ktest.+003+23616.key b/bin/tests/dst/Ktest.+003+23616.key
new file mode 100644
index 0000000..958d585
--- /dev/null
+++ b/bin/tests/dst/Ktest.+003+23616.key
@@ -0,0 +1 @@
+test. IN DNSKEY 16641 3 3 ANp1//lqDlEfTavcFI+cyudNfgEz73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mbEGl6zwve9wq5z7IoTY5/J4l7XLCKftg/wGvrzXQhggIkRvEh3myhxd+ouILcpfvTIthWlTKiH59tSJpmgmiSMTE7nDYaf10iVRWN6DMSprgejiH05/fpmyZAt44tyAh4m1wXS5u4tam1PXDJYJozn7EfQ8e2weIv1yC+t6PHSx
diff --git a/bin/tests/dst/Ktest.+003+23616.private b/bin/tests/dst/Ktest.+003+23616.private
new file mode 100644
index 0000000..5781c9d
--- /dev/null
+++ b/bin/tests/dst/Ktest.+003+23616.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): 73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mQ==
+Subprime(q): 2nX/+WoOUR9Nq9wUj5zK501+ATM=
+Base(g): sQaXrPC973CrnPsihNjn8niXtcsIp+2D/Aa+vNdCGCAiRG8SHebKHF36i4gtyl+9Mi2FaVMqIfn21ImmaCaJIw==
+Private_value(x): Nky4tvIwg6xlcyeHXr4k2DEZg0E=
+Public_value(y): ExO5w2Gn9dIlUVjegzEqa4Ho4h9Of36ZsmQLeOLcgIeJtcF0ubuLWptT1wyWCaM5+xH0PHtsHiL9cgvrejx0sQ==
diff --git a/bin/tests/dst/Ktest.+003+49667.key b/bin/tests/dst/Ktest.+003+49667.key
new file mode 100644
index 0000000..fb73f57
--- /dev/null
+++ b/bin/tests/dst/Ktest.+003+49667.key
@@ -0,0 +1 @@
+test. IN DNSKEY 49152 2 3
diff --git a/bin/tests/dst/Makefile.in b/bin/tests/dst/Makefile.in
new file mode 100644
index 0000000..9b317fc
--- /dev/null
+++ b/bin/tests/dst/Makefile.in
@@ -0,0 +1,65 @@
+# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.46 2008/05/19 23:47:03 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} \
+ ${ISC_INCLUDES} @DST_GSSAPI_INC@
+
+CDEFINES =
+CWARNINGS =
+
+DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TLIB = ../../../lib/tests/libt_api.@A@
+
+TARGETS = dst_test@EXEEXT@ t_dst@EXEEXT@ gsstest@EXEEXT@
+
+SRCS = dst_test.c t_dst.c gsstest.c
+
+@BIND9_MAKE_RULES@
+
+dst_test@EXEEXT@: dst_test.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ dst_test.@O@ ${LIBS}
+
+t_dst@EXEEXT@: t_dst.@O@ ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ t_dst.@O@ ${TLIB} ${LIBS}
+
+gsstest@EXEEXT@: gsstest.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+ gsstest.@O@ ${LIBS}
+
+test: t_dst@EXEEXT@
+ ../genrandom@EXEEXT@ 100 randomfile
+ -@ ./t_dst@EXEEXT@ -b @srcdir@ -q 1800 -a
+
+clean distclean::
+ rm -f ${TARGETS} randomfile
diff --git a/bin/tests/dst/dst_2_data b/bin/tests/dst/dst_2_data
new file mode 100644
index 0000000..a303065
--- /dev/null
+++ b/bin/tests/dst/dst_2_data
@@ -0,0 +1,16 @@
+#
+# data for signature verification test
+#
+# format:
+# datafile, sigpath, keyname, keyid, alg, exp_result
+#
+t2_data_1 t2_dsasig test. 23616 DST_ALG_DSA ISC_R_SUCCESS
+t2_data_1 t2_rsasig test. 54622 DST_ALG_RSAMD5 ISC_R_SUCCESS
+# wrong sig
+t2_data_1 t2_dsasig test. 54622 DST_ALG_RSAMD5 !ISC_R_SUCCESS
+# wrong key
+#t2_data_1 t2_dsasig test. 54622 DST_ALG_DSA !ISC_R_SUCCESS
+# wrong alg
+#t2_data_1 t2_dsasig test. 23616 DST_ALG_RSAMD5 !ISC_R_SUCCESS
+# wrong data
+t2_data_2 t2_dsasig test. 23616 DST_ALG_DSA !ISC_R_SUCCESS
diff --git a/bin/tests/dst/dst_test.c b/bin/tests/dst/dst_test.c
new file mode 100644
index 0000000..8347a7d
--- /dev/null
+++ b/bin/tests/dst/dst_test.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dst_test.c,v 1.43 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <unistd.h> /* XXX */
+
+#include <isc/buffer.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/region.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/result.h>
+
+#include <dst/dst.h>
+#include <dst/result.h>
+
+char *current;
+const char *tmp = "/tmp";
+
+static void
+use(dst_key_t *key, isc_mem_t *mctx) {
+ isc_result_t ret;
+ const char *data = "This is some data";
+ unsigned char sig[512];
+ isc_buffer_t databuf, sigbuf;
+ isc_region_t datareg, sigreg;
+ dst_context_t *ctx = NULL;
+
+ isc_buffer_init(&sigbuf, sig, sizeof(sig));
+ /*
+ * Advance 1 byte for fun.
+ */
+ isc_buffer_add(&sigbuf, 1);
+
+ isc_buffer_init(&databuf, data, strlen(data));
+ isc_buffer_add(&databuf, strlen(data));
+ isc_buffer_usedregion(&databuf, &datareg);
+
+ ret = dst_context_create(key, mctx, &ctx);
+ if (ret != ISC_R_SUCCESS) {
+ printf("contextcreate(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ return;
+ }
+ ret = dst_context_adddata(ctx, &datareg);
+ if (ret != ISC_R_SUCCESS) {
+ printf("adddata(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ dst_context_destroy(&ctx);
+ return;
+ }
+ ret = dst_context_sign(ctx, &sigbuf);
+ printf("sign(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ dst_context_destroy(&ctx);
+
+ isc_buffer_forward(&sigbuf, 1);
+ isc_buffer_remainingregion(&sigbuf, &sigreg);
+ ret = dst_context_create(key, mctx, &ctx);
+ if (ret != ISC_R_SUCCESS) {
+ printf("contextcreate(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ return;
+ }
+ ret = dst_context_adddata(ctx, &datareg);
+ if (ret != ISC_R_SUCCESS) {
+ printf("adddata(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ dst_context_destroy(&ctx);
+ return;
+ }
+ ret = dst_context_verify(ctx, &sigreg);
+ printf("verify(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ dst_context_destroy(&ctx);
+}
+
+static void
+dns(dst_key_t *key, isc_mem_t *mctx) {
+ unsigned char buffer1[2048];
+ unsigned char buffer2[2048];
+ isc_buffer_t buf1, buf2;
+ isc_region_t r1, r2;
+ dst_key_t *newkey = NULL;
+ isc_result_t ret;
+ isc_boolean_t match;
+
+ isc_buffer_init(&buf1, buffer1, sizeof(buffer1));
+ ret = dst_key_todns(key, &buf1);
+ printf("todns(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ if (ret != ISC_R_SUCCESS)
+ return;
+ ret = dst_key_fromdns(dst_key_name(key), dns_rdataclass_in,
+ &buf1, mctx, &newkey);
+ printf("fromdns(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ if (ret != ISC_R_SUCCESS)
+ return;
+ isc_buffer_init(&buf2, buffer2, sizeof(buffer2));
+ ret = dst_key_todns(newkey, &buf2);
+ printf("todns2(%d) returned: %s\n", dst_key_alg(key),
+ isc_result_totext(ret));
+ if (ret != ISC_R_SUCCESS)
+ return;
+ isc_buffer_usedregion(&buf1, &r1);
+ isc_buffer_usedregion(&buf2, &r2);
+ match = ISC_TF(r1.length == r2.length &&
+ memcmp(r1.base, r2.base, r1.length) == 0);
+ printf("compare(%d): %s\n", dst_key_alg(key),
+ match ? "true" : "false");
+ dst_key_free(&newkey);
+}
+
+static void
+io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx) {
+ dst_key_t *key = NULL;
+ isc_result_t ret;
+
+ ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key);
+ printf("read(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != 0)
+ return;
+ ret = dst_key_tofile(key, type, tmp);
+ printf("write(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != 0)
+ return;
+ use(key, mctx);
+ dns(key, mctx);
+ dst_key_free(&key);
+}
+
+static void
+dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx) {
+ dst_key_t *key1 = NULL, *key2 = NULL;
+ isc_result_t ret;
+ isc_buffer_t b1, b2;
+ isc_region_t r1, r2;
+ unsigned char array1[1024], array2[1024];
+ int alg = DST_ALG_DH;
+ int type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
+
+ ret = dst_key_fromfile(name1, id1, alg, type, current, mctx, &key1);
+ printf("read(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != 0)
+ return;
+ ret = dst_key_fromfile(name2, id2, alg, type, current, mctx, &key2);
+ printf("read(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != 0)
+ return;
+
+ ret = dst_key_tofile(key1, type, tmp);
+ printf("write(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != 0)
+ return;
+ ret = dst_key_tofile(key2, type, tmp);
+ printf("write(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != 0)
+ return;
+
+ isc_buffer_init(&b1, array1, sizeof(array1));
+ ret = dst_key_computesecret(key1, key2, &b1);
+ printf("computesecret() returned: %s\n", isc_result_totext(ret));
+ if (ret != 0)
+ return;
+
+ isc_buffer_init(&b2, array2, sizeof(array2));
+ ret = dst_key_computesecret(key2, key1, &b2);
+ printf("computesecret() returned: %s\n", isc_result_totext(ret));
+ if (ret != 0)
+ return;
+
+ isc_buffer_usedregion(&b1, &r1);
+ isc_buffer_usedregion(&b2, &r2);
+
+ if (r1.length != r2.length || memcmp(r1.base, r2.base, r1.length) != 0)
+ {
+ int i;
+ printf("secrets don't match\n");
+ printf("secret 1: %d bytes\n", r1.length);
+ for (i = 0; i < (int) r1.length; i++)
+ printf("%02x ", r1.base[i]);
+ printf("\n");
+ printf("secret 2: %d bytes\n", r2.length);
+ for (i = 0; i < (int) r2.length; i++)
+ printf("%02x ", r2.base[i]);
+ printf("\n");
+ }
+ dst_key_free(&key1);
+ dst_key_free(&key2);
+}
+
+static void
+generate(int alg, isc_mem_t *mctx) {
+ isc_result_t ret;
+ dst_key_t *key = NULL;
+
+ ret = dst_key_generate(dns_rootname, alg, 512, 0, 0, 0,
+ dns_rdataclass_in, mctx, &key);
+ printf("generate(%d) returned: %s\n", alg, isc_result_totext(ret));
+ if (ret != ISC_R_SUCCESS)
+ return;
+
+ if (alg != DST_ALG_DH)
+ use(key, mctx);
+
+ dst_key_free(&key);
+}
+
+int
+main(void) {
+ isc_mem_t *mctx = NULL;
+ isc_entropy_t *ectx = NULL;
+ isc_buffer_t b;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_result_t result;
+
+ result = isc_mem_create(0, 0, &mctx);
+ if (result != ISC_R_SUCCESS)
+ return (1);
+
+ current = isc_mem_get(mctx, 256);
+ if (current == NULL)
+ return (1);
+ getcwd(current, 256);
+
+ dns_result_register();
+
+ result = isc_entropy_create(mctx, &ectx);
+ if (result != ISC_R_SUCCESS)
+ return (1);
+ result = isc_entropy_createfilesource(ectx, "randomfile");
+ if (result != ISC_R_SUCCESS)
+ return (1);
+ dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING|ISC_ENTROPY_GOODONLY);
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&b, "test.", 5);
+ isc_buffer_add(&b, 5);
+ result = dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (1);
+ io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ mctx);
+
+ io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+ io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
+
+ isc_buffer_init(&b, "dh.", 3);
+ isc_buffer_add(&b, 3);
+ result = dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
+ if (result != ISC_R_SUCCESS)
+ return (1);
+ dh(name, 18602, name, 48957, mctx);
+
+ generate(DST_ALG_RSAMD5, mctx);
+ generate(DST_ALG_DH, mctx);
+ generate(DST_ALG_DSA, mctx);
+ generate(DST_ALG_HMACMD5, mctx);
+
+ dst_lib_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_put(mctx, current, 256);
+/* isc_mem_stats(mctx, stdout);*/
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/dst/gsstest.c b/bin/tests/dst/gsstest.c
new file mode 100755
index 0000000..98e16d2
--- /dev/null
+++ b/bin/tests/dst/gsstest.c
@@ -0,0 +1,566 @@
+/*
+ * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: gsstest.c,v 1.6 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/entropy.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/dispatch.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/log.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/request.h>
+#include <dns/result.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+
+#include <dns/dnssec.h>
+#include <dns/events.h>
+#include <dns/masterdump.h>
+#include <dns/rdataset.h>
+#include <dns/resolver.h>
+#include <dns/types.h>
+
+#include <dst/result.h>
+
+#ifdef GSSAPI
+#include ISC_PLATFORM_GSSAPIHEADER
+
+struct dst_context {
+ unsigned int magic;
+ dst_key_t *key;
+ isc_mem_t *mctx;
+ void *opaque;
+};
+
+#define CHECK(str, x) { \
+ if ((x) != ISC_R_SUCCESS) { \
+ fprintf(stderr, "I:%d:%s: %s\n", __LINE__, (str), isc_result_totext(x)); \
+ goto end; \
+ } \
+}
+
+static char contextname[512];
+static char gssid[512];
+static char serveraddress[512];
+static dns_fixedname_t servername, gssname;
+
+static isc_mem_t *mctx;
+static dns_requestmgr_t *requestmgr;
+static isc_sockaddr_t address;
+
+static dns_tsig_keyring_t *ring;
+static dns_tsigkey_t *tsigkey = NULL;
+static gss_ctx_id_t gssctx;
+static gss_ctx_id_t *gssctxp = &gssctx;
+
+#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
+
+#define PORT 53
+#define TIMEOUT 30
+
+static void initctx1(isc_task_t *task, isc_event_t *event);
+static void sendquery(isc_task_t *task, isc_event_t *event);
+static void setup();
+
+static void
+console(isc_task_t *task, isc_event_t *event)
+{
+ char buf[32];
+ isc_event_t *ev = NULL;
+
+ isc_event_free(&event);
+
+ while(1) {
+ printf("\nCommand => ");
+ scanf("%s", buf);
+
+ if(strcmp(buf, "quit") == 0) {
+ isc_app_shutdown();
+ return;
+ }
+
+ if(strcmp(buf, "initctx") == 0) {
+ ev = isc_event_allocate(mctx, (void *)1, 1, initctx1,
+ NULL, sizeof(*event));
+ isc_task_send(task, &ev);
+ return;
+ }
+
+ if(strcmp(buf, "query") == 0) {
+ ev = isc_event_allocate(mctx, (void *)1, 1, sendquery,
+ NULL, sizeof(*event));
+ isc_task_send(task, &ev);
+ return;
+ }
+
+ printf("Unknown command\n");
+ }
+}
+
+static void
+recvresponse(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = (dns_requestevent_t *)event;
+ isc_result_t result, result2;
+ dns_message_t *query, *response = NULL;
+ isc_buffer_t outtoken;
+ isc_buffer_t outbuf;
+ char output[10 * 1024];
+
+ unsigned char array[DNS_NAME_MAXTEXT + 1];
+ isc_buffer_init(&outtoken, array, sizeof(array));
+
+ UNUSED(task);
+
+ REQUIRE(reqev != NULL);
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "I:request event result: %s\n",
+ isc_result_totext(reqev->result));
+ goto end;
+ }
+
+ query = reqev->ev_arg;
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+
+ printf("\nReceived Response:\n");
+
+ result2 = dns_request_getresponse(reqev->request, response,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ isc_buffer_init(&outbuf, output, sizeof(output));
+ result = dns_message_totext(response, &dns_master_style_debug, 0,
+ &outbuf);
+ CHECK("dns_message_totext", result);
+ printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
+ (char *)isc_buffer_base(&outbuf));
+
+ CHECK("dns_request_getresponse", result2);
+
+ if (response)
+ dns_message_destroy(&response);
+
+end:
+ if (query)
+ dns_message_destroy(&query);
+
+ if (reqev->request)
+ dns_request_destroy(&reqev->request);
+
+ isc_event_free(&event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, console, NULL,
+ sizeof(*event));
+ isc_task_send(task, &event);
+ return;
+}
+
+
+static void
+sendquery(isc_task_t *task, isc_event_t *event)
+{
+ dns_request_t *request = NULL;
+ dns_message_t *message = NULL;
+ dns_name_t *qname = NULL;
+ dns_rdataset_t *qrdataset = NULL;
+ isc_result_t result;
+ dns_fixedname_t queryname;
+ isc_buffer_t buf;
+ isc_buffer_t outbuf;
+ char output[10 * 1024];
+
+ static char host[256];
+
+ isc_event_free(&event);
+
+ printf("Query => ");
+ scanf("%s", host);
+
+ dns_fixedname_init(&queryname);
+ isc_buffer_init(&buf, host, strlen(host));
+ isc_buffer_add(&buf, strlen(host));
+ result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
+ dns_rootname, ISC_FALSE, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message);
+
+ message->opcode = dns_opcode_query;
+ message->rdclass = dns_rdataclass_in;
+ message->id = (unsigned short)(random() & 0xFFFF);
+
+ result = dns_message_gettempname(message, &qname);
+ if (result != ISC_R_SUCCESS)
+ goto end;
+
+ result = dns_message_gettemprdataset(message, &qrdataset);
+ if (result != ISC_R_SUCCESS)
+ goto end;
+
+ dns_name_init(qname, NULL);
+ dns_name_clone(dns_fixedname_name(&queryname), qname);
+ dns_rdataset_init(qrdataset);
+ dns_rdataset_makequestion(qrdataset, dns_rdataclass_in,
+ dns_rdatatype_a);
+ ISC_LIST_APPEND(qname->list, qrdataset, link);
+ dns_message_addname(message, qname, DNS_SECTION_QUESTION);
+
+ result = dns_request_create(requestmgr, message, &address, 0, tsigkey,
+ TIMEOUT, task, recvresponse,
+ message, &request);
+ CHECK("dns_request_create", result);
+
+ printf("Submitting query:\n");
+ isc_buffer_init(&outbuf, output, sizeof(output));
+ result = dns_message_totext(message, &dns_master_style_debug, 0,
+ &outbuf);
+ CHECK("dns_message_totext", result);
+ printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
+ (char *)isc_buffer_base(&outbuf));
+
+ return;
+
+ end:
+ if (qname != NULL)
+ dns_message_puttempname(message, &qname);
+ if (qrdataset != NULL)
+ dns_message_puttemprdataset(message, &qrdataset);
+ if (message != NULL)
+ dns_message_destroy(&message);
+}
+
+static void
+initctx2(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = (dns_requestevent_t *)event;
+ isc_result_t result;
+ dns_message_t *query, *response = NULL;
+ isc_buffer_t outtoken;
+ unsigned char array[DNS_NAME_MAXTEXT + 1];
+ dns_rdataset_t *rdataset;
+ dns_rdatatype_t qtype;
+ dns_name_t *question_name;
+
+ UNUSED(task);
+
+ REQUIRE(reqev != NULL);
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "I:request event result: %s\n",
+ isc_result_totext(reqev->result));
+ goto end;
+ }
+
+ query = reqev->ev_arg;
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+
+ result = dns_request_getresponse(reqev->request, response,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ CHECK("dns_request_getresponse", result);
+
+ if (response->rcode != dns_rcode_noerror) {
+ result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
+ fprintf(stderr, "I:response rcode: %s\n",
+ isc_result_totext(result));
+ goto end;
+ }
+
+ printf("Received token from server, calling gss_init_sec_context()\n");
+ isc_buffer_init(&outtoken, array, DNS_NAME_MAXTEXT + 1);
+ result = dns_tkey_processgssresponse(query, response,
+ dns_fixedname_name(&gssname),
+ &gssctx, &outtoken,
+ &tsigkey, ring);
+ gssctx = *gssctxp;
+ CHECK("dns_tkey_processgssresponse", result);
+ printf("Context accepted\n");
+
+ question_name = NULL;
+ dns_message_currentname(response, DNS_SECTION_ANSWER, &question_name);
+ rdataset = ISC_LIST_HEAD(question_name->list);
+ INSIST(rdataset != NULL);
+ qtype = rdataset->type;
+ if(qtype == dns_rdatatype_tkey) {
+ printf("Received TKEY response from server\n");
+ printf("Context completed\n");
+ } else {
+ printf("Did not receive TKEY response from server\n");
+ printf("Context not completed\n");
+ dns_tsigkey_detach(&tsigkey);
+ tsigkey = NULL;
+ }
+
+ if(response)
+ dns_message_destroy(&response);
+
+end:
+ if(query)
+ dns_message_destroy(&query);
+
+ if(reqev->request)
+ dns_request_destroy(&reqev->request);
+
+ isc_event_free(&event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, console, NULL,
+ sizeof(*event));
+ isc_task_send(task, &event);
+ return;
+}
+
+static void
+initctx1(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ isc_buffer_t buf;
+ dns_message_t *query;
+ dns_request_t *request;
+
+ isc_event_free(&event);
+
+ printf("Initctx - GSS name => ");
+ scanf("%s", gssid);
+
+ sprintf(contextname, "gsstest.context.%d.", (int)time(NULL));
+
+ printf("Initctx - context name we're using: %s\n", contextname);
+
+ printf("Negotiating GSSAPI context: ");
+ printf(gssid);
+ printf("\n");
+
+ /*
+ * Setup a GSSAPI context with the server
+ */
+ dns_fixedname_init(&servername);
+ isc_buffer_init(&buf, contextname, strlen(contextname));
+ isc_buffer_add(&buf, strlen(contextname));
+ result = dns_name_fromtext(dns_fixedname_name(&servername), &buf,
+ dns_rootname, ISC_FALSE, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ /* Make name happen */
+ dns_fixedname_init(&gssname);
+ isc_buffer_init(&buf, gssid, strlen(gssid));
+ isc_buffer_add(&buf, strlen(gssid));
+ result = dns_name_fromtext(dns_fixedname_name(&gssname), &buf,
+ dns_rootname, ISC_FALSE, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ query = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
+ CHECK("dns_message_create", result);
+
+ printf("Calling gss_init_sec_context()\n");
+ gssctx = GSS_C_NO_CONTEXT;
+ result = dns_tkey_buildgssquery(query, dns_fixedname_name(&servername),
+ dns_fixedname_name(&gssname),
+ NULL, 36000, &gssctx, ISC_TRUE);
+ CHECK("dns_tkey_buildgssquery", result);
+
+ printf("Sending context token to server\n");
+ request = NULL;
+ result = dns_request_create(requestmgr, query, &address, 0, NULL,
+ TIMEOUT, task, initctx2, query, &request);
+ CHECK("dns_request_create", result);
+
+ return;
+end:
+ event = isc_event_allocate(mctx, (void *)1, 1, console, NULL,
+ sizeof(*event));
+ isc_task_send(task, &event);return;
+}
+
+static void
+setup(void)
+{
+ struct in_addr inaddr;
+ int c;
+
+ while (1) {
+ printf("Server IP => ");
+ c = scanf("%s", serveraddress);
+
+ if(c == EOF || strcmp(serveraddress, "quit") == 0) {
+ isc_app_shutdown();
+ return;
+ }
+
+ if (inet_pton(AF_INET, serveraddress, &inaddr) == 1) {
+ isc_sockaddr_fromin(&address, &inaddr, PORT);
+ return;
+ }
+
+ };
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_taskmgr_t *taskmgr;
+ isc_timermgr_t *timermgr;
+ isc_socketmgr_t *socketmgr;
+ isc_socket_t *sock;
+ unsigned int attrs, attrmask;
+ isc_sockaddr_t bind_any;
+ dns_dispatchmgr_t *dispatchmgr;
+ dns_dispatch_t *dispatchv4;
+ dns_view_t *view;
+ isc_entropy_t *ectx;
+ isc_task_t *task;
+ isc_log_t *lctx = NULL;
+ isc_logconfig_t *lcfg = NULL;
+ isc_logdestination_t destination;
+
+ UNUSED(argv);
+ UNUSED(argc);
+
+ RUNCHECK(isc_app_start());
+
+ dns_result_register();
+
+ mctx = NULL;
+ RUNCHECK(isc_mem_create(0, 0, &mctx));
+
+ RUNCHECK(isc_log_create(mctx, &lctx, &lcfg));
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+
+ /*
+ * Create and install the default channel.
+ */
+ destination.file.stream = stderr;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ RUNCHECK(isc_log_createchannel(lcfg, "_default",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, ISC_LOG_PRINTTIME));
+ RUNCHECK(isc_log_usechannel(lcfg, "_default", NULL, NULL));
+
+ isc_log_setdebuglevel(lctx, 9);
+
+ ectx = NULL;
+ RUNCHECK(isc_entropy_create(mctx, &ectx));
+ RUNCHECK(isc_entropy_createfilesource(ectx, "/dev/urandom"));
+
+ RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY));
+
+ taskmgr = NULL;
+ RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ task = NULL;
+ RUNCHECK(isc_task_create(taskmgr, 0, &task));
+ timermgr = NULL;
+ RUNCHECK(isc_timermgr_create(mctx, &timermgr));
+ socketmgr = NULL;
+ RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
+ dispatchmgr = NULL;
+ RUNCHECK(dns_dispatchmgr_create(mctx, ectx, &dispatchmgr));
+ isc_sockaddr_any(&bind_any);
+ attrs = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_MAKEQUERY |
+ DNS_DISPATCHATTR_IPV4;
+ attrmask = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_TCP |
+ DNS_DISPATCHATTR_IPV4 |
+ DNS_DISPATCHATTR_IPV6;
+ dispatchv4 = NULL;
+ RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any, 4096, 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv4));
+ requestmgr = NULL;
+ RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr,
+ dispatchmgr, dispatchv4, NULL,
+ &requestmgr));
+
+ ring = NULL;
+ RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
+
+ view = NULL;
+ RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
+ dns_view_setkeyring(view, ring);
+
+ sock = NULL;
+ RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp,
+ &sock));
+
+ setup();
+
+ RUNCHECK(isc_app_onrun(mctx, task, console, NULL));
+
+ (void)isc_app_run();
+
+ if (tsigkey)
+ dns_tsigkey_detach(&tsigkey);
+
+ dns_requestmgr_shutdown(requestmgr);
+ dns_requestmgr_detach(&requestmgr);
+
+ dns_dispatch_detach(&dispatchv4);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+
+ isc_timermgr_destroy(&timermgr);
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+
+ isc_socket_detach(&sock);
+ isc_socketmgr_destroy(&socketmgr);
+
+ isc_mem_stats(mctx, stdout);
+
+ dns_view_detach(&view);
+
+ dst_lib_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
+#else
+int
+main(int argc, char *argv[]) {
+ UNUSED(argc);
+ UNUSED(argv);
+ fprintf(stderr, "R:GSSAPIONLY\n");
+ return (0);
+}
+#endif
diff --git a/bin/tests/dst/t2_data_1 b/bin/tests/dst/t2_data_1
new file mode 100644
index 0000000..b1a9bf5
--- /dev/null
+++ b/bin/tests/dst/t2_data_1
@@ -0,0 +1,3077 @@
+Network Working Group P. Mockapetris
+Request for Comments: 1035 ISI
+ November 1987
+Obsoletes: RFCs 882, 883, 973
+
+ DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
+
+
+1. STATUS OF THIS MEMO
+
+This RFC describes the details of the domain system and protocol, and
+assumes that the reader is familiar with the concepts discussed in a
+companion RFC, "Domain Names - Concepts and Facilities" [RFC-1034].
+
+The domain system is a mixture of functions and data types which are an
+official protocol and functions and data types which are still
+experimental. Since the domain system is intentionally extensible, new
+data types and experimental behavior should always be expected in parts
+of the system beyond the official protocol. The official protocol parts
+include standard queries, responses and the Internet class RR data
+formats (e.g., host addresses). Since the previous RFC set, several
+definitions have changed, so some previous definitions are obsolete.
+
+Experimental or obsolete features are clearly marked in these RFCs, and
+such information should be used with caution.
+
+The reader is especially cautioned not to depend on the values which
+appear in examples to be current or complete, since their purpose is
+primarily pedagogical. Distribution of this memo is unlimited.
+
+ Table of Contents
+
+ 1. STATUS OF THIS MEMO 1
+ 2. INTRODUCTION 3
+ 2.1. Overview 3
+ 2.2. Common configurations 4
+ 2.3. Conventions 7
+ 2.3.1. Preferred name syntax 7
+ 2.3.2. Data Transmission Order 8
+ 2.3.3. Character Case 9
+ 2.3.4. Size limits 10
+ 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10
+ 3.1. Name space definitions 10
+ 3.2. RR definitions 11
+ 3.2.1. Format 11
+ 3.2.2. TYPE values 12
+ 3.2.3. QTYPE values 12
+ 3.2.4. CLASS values 13
+
+
+
+Mockapetris [Page 1]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 3.2.5. QCLASS values 13
+ 3.3. Standard RRs 13
+ 3.3.1. CNAME RDATA format 14
+ 3.3.2. HINFO RDATA format 14
+ 3.3.3. MB RDATA format (EXPERIMENTAL) 14
+ 3.3.4. MD RDATA format (Obsolete) 15
+ 3.3.5. MF RDATA format (Obsolete) 15
+ 3.3.6. MG RDATA format (EXPERIMENTAL) 16
+ 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16
+ 3.3.8. MR RDATA format (EXPERIMENTAL) 17
+ 3.3.9. MX RDATA format 17
+ 3.3.10. NULL RDATA format (EXPERIMENTAL) 17
+ 3.3.11. NS RDATA format 18
+ 3.3.12. PTR RDATA format 18
+ 3.3.13. SOA RDATA format 19
+ 3.3.14. TXT RDATA format 20
+ 3.4. ARPA Internet specific RRs 20
+ 3.4.1. A RDATA format 20
+ 3.4.2. WKS RDATA format 21
+ 3.5. IN-ADDR.ARPA domain 22
+ 3.6. Defining new types, classes, and special namespaces 24
+ 4. MESSAGES 25
+ 4.1. Format 25
+ 4.1.1. Header section format 26
+ 4.1.2. Question section format 28
+ 4.1.3. Resource record format 29
+ 4.1.4. Message compression 30
+ 4.2. Transport 32
+ 4.2.1. UDP usage 32
+ 4.2.2. TCP usage 32
+ 5. MASTER FILES 33
+ 5.1. Format 33
+ 5.2. Use of master files to define zones 35
+ 5.3. Master file example 36
+ 6. NAME SERVER IMPLEMENTATION 37
+ 6.1. Architecture 37
+ 6.1.1. Control 37
+ 6.1.2. Database 37
+ 6.1.3. Time 39
+ 6.2. Standard query processing 39
+ 6.3. Zone refresh and reload processing 39
+ 6.4. Inverse queries (Optional) 40
+ 6.4.1. The contents of inverse queries and responses 40
+ 6.4.2. Inverse query and response example 41
+ 6.4.3. Inverse query processing 42
+
+
+
+
+
+
+Mockapetris [Page 2]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 6.5. Completion queries and responses 42
+ 7. RESOLVER IMPLEMENTATION 43
+ 7.1. Transforming a user request into a query 43
+ 7.2. Sending the queries 44
+ 7.3. Processing responses 46
+ 7.4. Using the cache 47
+ 8. MAIL SUPPORT 47
+ 8.1. Mail exchange binding 48
+ 8.2. Mailbox binding (Experimental) 48
+ 9. REFERENCES and BIBLIOGRAPHY 50
+ Index 54
+
+2. INTRODUCTION
+
+2.1. Overview
+
+The goal of domain names is to provide a mechanism for naming resources
+in such a way that the names are usable in different hosts, networks,
+protocol families, internets, and administrative organizations.
+
+From the user's point of view, domain names are useful as arguments to a
+local agent, called a resolver, which retrieves information associated
+with the domain name. Thus a user might ask for the host address or
+mail information associated with a particular domain name. To enable
+the user to request a particular type of information, an appropriate
+query type is passed to the resolver with the domain name. To the user,
+the domain tree is a single information space; the resolver is
+responsible for hiding the distribution of data among name servers from
+the user.
+
+From the resolver's point of view, the database that makes up the domain
+space is distributed among various name servers. Different parts of the
+domain space are stored in different name servers, although a particular
+data item will be stored redundantly in two or more name servers. The
+resolver starts with knowledge of at least one name server. When the
+resolver processes a user query it asks a known name server for the
+information; in return, the resolver either receives the desired
+information or a referral to another name server. Using these
+referrals, resolvers learn the identities and contents of other name
+servers. Resolvers are responsible for dealing with the distribution of
+the domain space and dealing with the effects of name server failure by
+consulting redundant databases in other servers.
+
+Name servers manage two kinds of data. The first kind of data held in
+sets called zones; each zone is the complete database for a particular
+"pruned" subtree of the domain space. This data is called
+authoritative. A name server periodically checks to make sure that its
+zones are up to date, and if not, obtains a new copy of updated zones
+
+
+
+Mockapetris [Page 3]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+from master files stored locally or in another name server. The second
+kind of data is cached data which was acquired by a local resolver.
+This data may be incomplete, but improves the performance of the
+retrieval process when non-local data is repeatedly accessed. Cached
+data is eventually discarded by a timeout mechanism.
+
+This functional structure isolates the problems of user interface,
+failure recovery, and distribution in the resolvers and isolates the
+database update and refresh problems in the name servers.
+
+2.2. Common configurations
+
+A host can participate in the domain name system in a number of ways,
+depending on whether the host runs programs that retrieve information
+from the domain system, name servers that answer queries from other
+hosts, or various combinations of both functions. The simplest, and
+perhaps most typical, configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | cache | |
+ +----------+ |
+
+User programs interact with the domain name space through resolvers; the
+format of user queries and user responses is specific to the host and
+its operating system. User queries will typically be operating system
+calls, and the resolver and its cache will be part of the host operating
+system. Less capable hosts may choose to implement the resolver as a
+subroutine to be linked in with every program that needs its services.
+Resolvers answer user queries with information they acquire via queries
+to foreign name servers and the local cache.
+
+Note that the resolver may have to make several queries to several
+different foreign name servers to answer a particular user query, and
+hence the resolution of a user query may involve several network
+accesses and an arbitrary amount of time. The queries to foreign name
+servers and the corresponding responses have a standard format described
+
+
+
+Mockapetris [Page 4]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in this memo, and may be datagrams.
+
+Depending on its capabilities, a name server could be a stand alone
+program on a dedicated machine or a process or processes on a large
+timeshared host. A simple configuration might be:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+
+Here a primary name server acquires information about one or more zones
+by reading master files from its local file system, and answers queries
+about those zones that arrive from foreign resolvers.
+
+The DNS requires that all zones be redundantly supported by more than
+one name server. Designated secondary servers can acquire zones and
+check for updates from the primary server using the zone transfer
+protocol of the DNS. This configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+In this configuration, the name server periodically establishes a
+virtual circuit to a foreign name server to acquire a copy of a zone or
+to check that an existing copy has not changed. The messages sent for
+
+
+
+Mockapetris [Page 5]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+these maintenance activities follow the same form as queries and
+responses, but the message sequences are somewhat different.
+
+The information flow in a host that supports all aspects of the domain
+name system is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | Shared | |
+ | database | |
+ +----------+ |
+ A | |
+ +---------+ refreshes | | references |
+ / /| | V |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+The shared database holds domain space data for the local name server
+and resolver. The contents of the shared database will typically be a
+mixture of authoritative data maintained by the periodic refresh
+operations of the name server and cached data from previous resolver
+requests. The structure of the domain data and the necessity for
+synchronization between name servers and resolvers imply the general
+characteristics of this database, but the actual format is up to the
+local implementor.
+
+
+
+
+Mockapetris [Page 6]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Information flow can also be tailored so that a group of hosts act
+together to optimize activities. Sometimes this is done to offload less
+capable hosts so that they do not have to implement a full resolver.
+This can be appropriate for PCs or hosts which want to minimize the
+amount of new network code which is required. This scheme can also
+allow a group of hosts can share a small number of caches rather than
+maintaining a large number of separate caches, on the premise that the
+centralized caches will have a higher hit ratio. In either case,
+resolvers are replaced with stub resolvers which act as front ends to
+resolvers located in a recursive server in one or more name servers
+known to perform that service:
+
+ Local Hosts | Foreign
+ |
+ +---------+ |
+ | | responses |
+ | Stub |<--------------------+ |
+ | Resolver| | |
+ | |----------------+ | |
+ +---------+ recursive | | |
+ queries | | |
+ V | |
+ +---------+ recursive +----------+ | +--------+
+ | | queries | |queries | | |
+ | Stub |-------------->| Recursive|---------|->|Foreign |
+ | Resolver| | Server | | | Name |
+ | |<--------------| |<--------|--| Server |
+ +---------+ responses | |responses| | |
+ +----------+ | +--------+
+ | Central | |
+ | cache | |
+ +----------+ |
+
+In any case, note that domain components are always replicated for
+reliability whenever possible.
+
+2.3. Conventions
+
+The domain system has several conventions dealing with low-level, but
+fundamental, issues. While the implementor is free to violate these
+conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in
+ALL behavior observed from other hosts.
+
+2.3.1. Preferred name syntax
+
+The DNS specifications attempt to be as general as possible in the rules
+for constructing domain names. The idea is that the name of any
+existing object can be expressed as a domain name with minimal changes.
+
+
+
+Mockapetris [Page 7]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+However, when assigning a domain name for an object, the prudent user
+will select a name which satisfies both the rules of the domain system
+and any existing rules for the object, whether these rules are published
+or implied by existing programs.
+
+For example, when naming a mail domain, the user should satisfy both the
+rules of this memo and those in RFC-822. When creating a new host name,
+the old rules for HOSTS.TXT should be followed. This avoids problems
+when old software is converted to use domain names.
+
+The following syntax will result in fewer problems with many
+
+applications that use domain names (e.g., mail, TELNET).
+
+<domain> ::= <subdomain> | " "
+
+<subdomain> ::= <label> | <subdomain> "." <label>
+
+<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
+
+<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+
+<let-dig-hyp> ::= <let-dig> | "-"
+
+<let-dig> ::= <letter> | <digit>
+
+<letter> ::= any one of the 52 alphabetic characters A through Z in
+upper case and a through z in lower case
+
+<digit> ::= any one of the ten digits 0 through 9
+
+Note that while upper and lower case letters are allowed in domain
+names, no significance is attached to the case. That is, two names with
+the same spelling but different case are to be treated as if identical.
+
+The labels must follow the rules for ARPANET host names. They must
+start with a letter, end with a letter or digit, and have as interior
+characters only letters, digits, and hyphen. There are also some
+restrictions on the length. Labels must be 63 characters or less.
+
+For example, the following strings identify hosts in the Internet:
+
+A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA
+
+2.3.2. Data Transmission Order
+
+The order of transmission of the header and data described in this
+document is resolved to the octet level. Whenever a diagram shows a
+
+
+
+Mockapetris [Page 8]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+group of octets, the order of transmission of those octets is the normal
+order in which they are read in English. For example, in the following
+diagram, the octets are transmitted in the order they are numbered.
+
+ 0 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 1 | 2 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 3 | 4 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 5 | 6 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+Whenever an octet represents a numeric quantity, the left most bit in
+the diagram is the high order or most significant bit. That is, the bit
+labeled 0 is the most significant bit. For example, the following
+diagram represents the value 170 (decimal).
+
+ 0 1 2 3 4 5 6 7
+ +-+-+-+-+-+-+-+-+
+ |1 0 1 0 1 0 1 0|
+ +-+-+-+-+-+-+-+-+
+
+Similarly, whenever a multi-octet field represents a numeric quantity
+the left most bit of the whole field is the most significant bit. When
+a multi-octet quantity is transmitted the most significant octet is
+transmitted first.
+
+2.3.3. Character Case
+
+For all parts of the DNS that are part of the official protocol, all
+comparisons between character strings (e.g., labels, domain names, etc.)
+are done in a case-insensitive manner. At present, this rule is in
+force throughout the domain system without exception. However, future
+additions beyond current usage may need to use the full binary octet
+capabilities in names, so attempts to store domain names in 7-bit ASCII
+or use of special bytes to terminate labels, etc., should be avoided.
+
+When data enters the domain system, its original case should be
+preserved whenever possible. In certain circumstances this cannot be
+done. For example, if two RRs are stored in a database, one at x.y and
+one at X.Y, they are actually stored at the same place in the database,
+and hence only one casing would be preserved. The basic rule is that
+case can be discarded only when data is used to define structure in a
+database, and two names are identical when compared in a case
+insensitive manner.
+
+
+
+
+Mockapetris [Page 9]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Loss of case sensitive data must be minimized. Thus while data for x.y
+and X.Y may both be stored under a single location x.y or X.Y, data for
+a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In
+general, this preserves the case of the first label of a domain name,
+but forces standardization of interior node labels.
+
+Systems administrators who enter data into the domain database should
+take care to represent the data they supply to the domain system in a
+case-consistent manner if their system is case-sensitive. The data
+distribution system in the domain system will ensure that consistent
+representations are preserved.
+
+2.3.4. Size limits
+
+Various objects and parameters in the DNS have size limits. They are
+listed below. Some could be easily changed, others are more
+fundamental.
+
+labels 63 octets or less
+
+names 255 octets or less
+
+TTL positive values of a signed 32 bit number.
+
+UDP messages 512 octets or less
+
+3. DOMAIN NAME SPACE AND RR DEFINITIONS
+
+3.1. Name space definitions
+
+Domain names in messages are expressed in terms of a sequence of labels.
+Each label is represented as a one octet length field followed by that
+number of octets. Since every domain name ends with the null label of
+the root, a domain name is terminated by a length byte of zero. The
+high order two bits of every length octet must be zero, and the
+remaining six bits of the length field limit the label to 63 octets or
+less.
+
+To simplify implementations, the total length of a domain name (i.e.,
+label octets and label length octets) is restricted to 255 octets or
+less.
+
+Although labels can contain any 8 bit values in octets that make up a
+label, it is strongly recommended that labels follow the preferred
+syntax described elsewhere in this memo, which is compatible with
+existing host naming conventions. Name servers and resolvers must
+compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII
+with zero parity. Non-alphabetic codes must match exactly.
+
+
+
+Mockapetris [Page 10]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.2. RR definitions
+
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+
+where:
+
+NAME an owner name, i.e., the name of the node to which this
+ resource record pertains.
+
+TYPE two octets containing one of the RR TYPE codes.
+
+CLASS two octets containing one of the RR CLASS codes.
+
+TTL a 32 bit signed integer that specifies the time interval
+ that the resource record may be cached before the source
+ of the information should again be consulted. Zero
+ values are interpreted to mean that the RR can only be
+ used for the transaction in progress, and should not be
+ cached. For example, SOA records are always distributed
+ with a zero TTL to prohibit caching. Zero values can
+ also be used for extremely volatile data.
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+
+
+Mockapetris [Page 11]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+
+3.2.2. TYPE values
+
+TYPE fields are used in resource records. Note that these types are a
+subset of QTYPEs.
+
+TYPE value and meaning
+
+A 1 a host address
+
+NS 2 an authoritative name server
+
+MD 3 a mail destination (Obsolete - use MX)
+
+MF 4 a mail forwarder (Obsolete - use MX)
+
+CNAME 5 the canonical name for an alias
+
+SOA 6 marks the start of a zone of authority
+
+MB 7 a mailbox domain name (EXPERIMENTAL)
+
+MG 8 a mail group member (EXPERIMENTAL)
+
+MR 9 a mail rename domain name (EXPERIMENTAL)
+
+NULL 10 a null RR (EXPERIMENTAL)
+
+WKS 11 a well known service description
+
+PTR 12 a domain name pointer
+
+HINFO 13 host information
+
+MINFO 14 mailbox or mail list information
+
+MX 15 mail exchange
+
+TXT 16 text strings
+
+3.2.3. QTYPE values
+
+QTYPE fields appear in the question part of a query. QTYPES are a
+superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
+following QTYPEs are defined:
+
+
+
+Mockapetris [Page 12]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+AXFR 252 A request for a transfer of an entire zone
+
+MAILB 253 A request for mailbox-related records (MB, MG or MR)
+
+MAILA 254 A request for mail agent RRs (Obsolete - see MX)
+
+* 255 A request for all records
+
+3.2.4. CLASS values
+
+CLASS fields appear in resource records. The following CLASS mnemonics
+and values are defined:
+
+IN 1 the Internet
+
+CS 2 the CSNET class (Obsolete - used only for examples in
+ some obsolete RFCs)
+
+CH 3 the CHAOS class
+
+HS 4 Hesiod [Dyer 87]
+
+3.2.5. QCLASS values
+
+QCLASS fields appear in the question section of a query. QCLASS values
+are a superset of CLASS values; every CLASS is a valid QCLASS. In
+addition to CLASS values, the following QCLASSes are defined:
+
+* 255 any class
+
+3.3. Standard RRs
+
+The following RR definitions are expected to occur, at least
+potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
+will be used in all classes, and have the same format in all classes.
+Because their RDATA format is known, all domain names in the RDATA
+section of these RRs may be compressed.
+
+<domain-name> is a domain name represented as a series of labels, and
+terminated by a label with zero length. <character-string> is a single
+length octet followed by that number of characters. <character-string>
+is treated as binary information, and can be up to 256 characters in
+length (including the length octet).
+
+
+
+
+
+
+
+
+Mockapetris [Page 13]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.1. CNAME RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CNAME A <domain-name> which specifies the canonical or primary
+ name for the owner. The owner name is an alias.
+
+CNAME RRs cause no additional section processing, but name servers may
+choose to restart the query at the canonical name in certain cases. See
+the description of name server logic in [RFC-1034] for details.
+
+3.3.2. HINFO RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CPU /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / OS /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CPU A <character-string> which specifies the CPU type.
+
+OS A <character-string> which specifies the operating
+ system type.
+
+Standard values for CPU and OS can be found in [RFC-1010].
+
+HINFO records are used to acquire general information about a host. The
+main use is for protocols such as FTP that can use special procedures
+when talking between machines or operating systems of the same type.
+
+3.3.3. MB RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has the
+ specified mailbox.
+
+
+
+Mockapetris [Page 14]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MB records cause additional section processing which looks up an A type
+RRs corresponding to MADNAME.
+
+3.3.4. MD RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which should be able to deliver
+ mail for the domain.
+
+MD records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MD is obsolete. See the definition of MX and [RFC-974] for details of
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 0.
+
+3.3.5. MF RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which will accept mail for
+ forwarding to the domain.
+
+MF records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MF is obsolete. See the definition of MX and [RFC-974] for details ofw
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 10.
+
+
+
+
+
+
+
+Mockapetris [Page 15]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.6. MG RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MGMNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MGMNAME A <domain-name> which specifies a mailbox which is a
+ member of the mail group specified by the domain name.
+
+MG records cause no additional section processing.
+
+3.3.7. MINFO RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+RMAILBX A <domain-name> which specifies a mailbox which is
+ responsible for the mailing list or mailbox. If this
+ domain name names the root, the owner of the MINFO RR is
+ responsible for itself. Note that many existing mailing
+ lists use a mailbox X-request for the RMAILBX field of
+ mailing list X, e.g., Msgroup-request for Msgroup. This
+ field provides a more general mechanism.
+
+
+EMAILBX A <domain-name> which specifies a mailbox which is to
+ receive error messages related to the mailing list or
+ mailbox specified by the owner of the MINFO RR (similar
+ to the ERRORS-TO: field which has been proposed). If
+ this domain name names the root, errors should be
+ returned to the sender of the message.
+
+MINFO records cause no additional section processing. Although these
+records can be associated with a simple mailbox, they are usually used
+with a mailing list.
+
+
+
+
+
+
+
+
+Mockapetris [Page 16]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.8. MR RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NEWNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NEWNAME A <domain-name> which specifies a mailbox which is the
+ proper rename of the specified mailbox.
+
+MR records cause no additional section processing. The main use for MR
+is as a forwarding entry for a user who has moved to a different
+mailbox.
+
+3.3.9. MX RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PREFERENCE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EXCHANGE /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PREFERENCE A 16 bit integer which specifies the preference given to
+ this RR among others at the same owner. Lower values
+ are preferred.
+
+EXCHANGE A <domain-name> which specifies a host willing to act as
+ a mail exchange for the owner name.
+
+MX records cause type A additional section processing for the host
+specified by EXCHANGE. The use of MX RRs is explained in detail in
+[RFC-974].
+
+3.3.10. NULL RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / <anything> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+Anything at all may be in the RDATA field so long as it is 65535 octets
+or less.
+
+
+
+
+Mockapetris [Page 17]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+NULL records cause no additional section processing. NULL RRs are not
+allowed in master files. NULLs are used as placeholders in some
+experimental extensions of the DNS.
+
+3.3.11. NS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NSDNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NSDNAME A <domain-name> which specifies a host which should be
+ authoritative for the specified class and domain.
+
+NS records cause both the usual additional section processing to locate
+a type A record, and, when used in a referral, a special search of the
+zone in which they reside for glue information.
+
+The NS RR states that the named host should be expected to have a zone
+starting at owner name of the specified class. Note that the class may
+not indicate the protocol family which should be used to communicate
+with the host, although it is typically a strong hint. For example,
+hosts which are name servers for either Internet (IN) or Hesiod (HS)
+class information are normally queried using IN class protocols.
+
+3.3.12. PTR RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / PTRDNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PTRDNAME A <domain-name> which points to some location in the
+ domain name space.
+
+PTR records cause no additional section processing. These RRs are used
+in special domains to point to some other location in the domain space.
+These records are simple data, and don't imply any special processing
+similar to that performed by CNAME, which identifies aliases. See the
+description of the IN-ADDR.ARPA domain for an example.
+
+
+
+
+
+
+
+
+Mockapetris [Page 18]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.13. SOA RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | SERIAL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | REFRESH |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RETRY |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | EXPIRE |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | MINIMUM |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MNAME The <domain-name> of the name server that was the
+ original or primary source of data for this zone.
+
+RNAME A <domain-name> which specifies the mailbox of the
+ person responsible for this zone.
+
+SERIAL The unsigned 32 bit version number of the original copy
+ of the zone. Zone transfers preserve this value. This
+ value wraps and should be compared using sequence space
+ arithmetic.
+
+REFRESH A 32 bit time interval before the zone should be
+ refreshed.
+
+RETRY A 32 bit time interval that should elapse before a
+ failed refresh should be retried.
+
+EXPIRE A 32 bit time value that specifies the upper limit on
+ the time interval that can elapse before the zone is no
+ longer authoritative.
+
+
+
+
+
+Mockapetris [Page 19]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MINIMUM The unsigned 32 bit minimum TTL field that should be
+ exported with any RR from this zone.
+
+SOA records cause no additional section processing.
+
+All times are in units of seconds.
+
+Most of these fields are pertinent only for name server maintenance
+operations. However, MINIMUM is used in all query operations that
+retrieve RRs from a zone. Whenever a RR is sent in a response to a
+query, the TTL field is set to the maximum of the TTL field from the RR
+and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower
+bound on the TTL field for all RRs in a zone. Note that this use of
+MINIMUM should occur when the RRs are copied into the response and not
+when the zone is loaded from a master file or via a zone transfer. The
+reason for this provison is to allow future dynamic update facilities to
+change the SOA RR with known semantics.
+
+
+3.3.14. TXT RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / TXT-DATA /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+TXT-DATA One or more <character-string>s.
+
+TXT RRs are used to hold descriptive text. The semantics of the text
+depends on the domain where it is found.
+
+3.4. Internet specific RRs
+
+3.4.1. A RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS A 32 bit Internet address.
+
+Hosts that have multiple Internet addresses will have multiple A
+records.
+
+
+
+
+
+Mockapetris [Page 20]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+A records cause no additional section processing. The RDATA section of
+an A line in a master file is an Internet address expressed as four
+decimal numbers separated by dots without any imbedded spaces (e.g.,
+"10.2.0.52" or "192.0.5.6").
+
+3.4.2. WKS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PROTOCOL | |
+ +--+--+--+--+--+--+--+--+ |
+ | |
+ / <BIT MAP> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS An 32 bit Internet address
+
+PROTOCOL An 8 bit IP protocol number
+
+<BIT MAP> A variable length bit map. The bit map must be a
+ multiple of 8 bits long.
+
+The WKS record is used to describe the well known services supported by
+a particular protocol on a particular internet address. The PROTOCOL
+field specifies an IP protocol number, and the bit map has one bit per
+port of the specified protocol. The first bit corresponds to port 0,
+the second to port 1, etc. If the bit map does not include a bit for a
+protocol of interest, that bit is assumed zero. The appropriate values
+and mnemonics for ports and protocols are specified in [RFC-1010].
+
+For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port
+25 (SMTP). If this bit is set, a SMTP server should be listening on TCP
+port 25; if zero, SMTP service is not supported on the specified
+address.
+
+The purpose of WKS RRs is to provide availability information for
+servers for TCP and UDP. If a server supports both TCP and UDP, or has
+multiple Internet addresses, then multiple WKS RRs are used.
+
+WKS RRs cause no additional section processing.
+
+In master files, both ports and protocols are expressed using mnemonics
+or decimal numbers.
+
+
+
+
+Mockapetris [Page 21]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.5. IN-ADDR.ARPA domain
+
+The Internet uses a special domain to support gateway location and
+Internet address to host mapping. Other classes may employ a similar
+strategy in other domains. The intent of this domain is to provide a
+guaranteed method to perform host address to host name mapping, and to
+facilitate queries to locate all gateways on a particular network in the
+Internet.
+
+Note that both of these services are similar to functions that could be
+performed by inverse queries; the difference is that this part of the
+domain name space is structured according to address, and hence can
+guarantee that the appropriate data can be located without an exhaustive
+search of the domain space.
+
+The domain begins at IN-ADDR.ARPA and has a substructure which follows
+the Internet addressing structure.
+
+Domain names in the IN-ADDR.ARPA domain are defined to have up to four
+labels in addition to the IN-ADDR.ARPA suffix. Each label represents
+one octet of an Internet address, and is expressed as a character string
+for a decimal value in the range 0-255 (with leading zeros omitted
+except in the case of a zero octet which is represented by a single
+zero).
+
+Host addresses are represented by domain names that have all four labels
+specified. Thus data for Internet address 10.2.0.52 is located at
+domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to
+read, allows zones to be delegated which are exactly one network of
+address space. For example, 10.IN-ADDR.ARPA can be a zone containing
+data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for
+MILNET. Address nodes are used to hold pointers to primary host names
+in the normal domain space.
+
+Network numbers correspond to some non-terminal nodes at various depths
+in the IN-ADDR.ARPA domain, since Internet network numbers are either 1,
+2, or 3 octets. Network nodes are used to hold pointers to the primary
+host names of gateways attached to that network. Since a gateway is, by
+definition, on more than one network, it will typically have two or more
+network nodes which point at it. Gateways will also have host level
+pointers at their fully qualified addresses.
+
+Both the gateway pointers at network nodes and the normal host pointers
+at full address nodes use the PTR RR to point back to the primary domain
+names of the corresponding hosts.
+
+For example, the IN-ADDR.ARPA domain will contain information about the
+ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's
+
+
+
+Mockapetris [Page 22]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI
+gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET-
+GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4
+and a name GW.LCS.MIT.EDU, the domain database would contain:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU.
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Thus a program which wanted to locate gateways on net 10 would originate
+a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It
+would receive two RRs in response:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+
+The program could then originate QTYPE=A, QCLASS=IN queries for MILNET-
+GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of
+these gateways.
+
+A resolver which wanted to find the host name corresponding to Internet
+host address 10.0.0.6 would pursue a query of the form QTYPE=PTR,
+QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive:
+
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Several cautions apply to the use of these services:
+ - Since the IN-ADDR.ARPA special domain and the normal domain
+ for a particular host or gateway will be in different zones,
+ the possibility exists that that the data may be inconsistent.
+
+ - Gateways will often have two names in separate domains, only
+ one of which can be primary.
+
+ - Systems that use the domain database to initialize their
+ routing tables must start with enough gateway information to
+ guarantee that they can access the appropriate name server.
+
+ - The gateway data only reflects the existence of a gateway in a
+ manner equivalent to the current HOSTS.TXT file. It doesn't
+ replace the dynamic availability information from GGP or EGP.
+
+
+
+Mockapetris [Page 23]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.6. Defining new types, classes, and special namespaces
+
+The previously defined types and classes are the ones in use as of the
+date of this memo. New definitions should be expected. This section
+makes some recommendations to designers considering additions to the
+existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the
+forum where general discussion of design issues takes place.
+
+In general, a new type is appropriate when new information is to be
+added to the database about an existing object, or we need new data
+formats for some totally new object. Designers should attempt to define
+types and their RDATA formats that are generally applicable to all
+classes, and which avoid duplication of information. New classes are
+appropriate when the DNS is to be used for a new protocol, etc which
+requires new class-specific data formats, or when a copy of the existing
+name space is desired, but a separate management domain is necessary.
+
+New types and classes need mnemonics for master files; the format of the
+master files requires that the mnemonics for type and class be disjoint.
+
+TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes
+respectively.
+
+The present system uses multiple RRs to represent multiple values of a
+type rather than storing multiple values in the RDATA section of a
+single RR. This is less efficient for most applications, but does keep
+RRs shorter. The multiple RRs assumption is incorporated in some
+experimental work on dynamic update methods.
+
+The present system attempts to minimize the duplication of data in the
+database in order to insure consistency. Thus, in order to find the
+address of the host for a mail exchange, you map the mail domain name to
+a host name, then the host name to addresses, rather than a direct
+mapping to host address. This approach is preferred because it avoids
+the opportunity for inconsistency.
+
+In defining a new type of data, multiple RR types should not be used to
+create an ordering between entries or express different formats for
+equivalent bindings, instead this information should be carried in the
+body of the RR and a single type used. This policy avoids problems with
+caching multiple types and defining QTYPEs to match multiple types.
+
+For example, the original form of mail exchange binding used two RR
+types one to represent a "closer" exchange (MD) and one to represent a
+"less close" exchange (MF). The difficulty is that the presence of one
+RR type in a cache doesn't convey any information about the other
+because the query which acquired the cached information might have used
+a QTYPE of MF, MD, or MAILA (which matched both). The redesigned
+
+
+
+Mockapetris [Page 24]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+service used a single type (MX) with a "preference" value in the RDATA
+section which can order different RRs. However, if any MX RRs are found
+in the cache, then all should be there.
+
+4. MESSAGES
+
+4.1. Format
+
+All communications inside of the domain protocol are carried in a single
+format called a message. The top level format of message is divided
+into 5 sections (some of which are empty in certain cases) shown below:
+
+ +---------------------+
+ | Header |
+ +---------------------+
+ | Question | the question for the name server
+ +---------------------+
+ | Answer | RRs answering the question
+ +---------------------+
+ | Authority | RRs pointing toward an authority
+ +---------------------+
+ | Additional | RRs holding additional information
+ +---------------------+
+
+The header section is always present. The header includes fields that
+specify which of the remaining sections are present, and also specify
+whether the message is a query or a response, a standard query or some
+other opcode, etc.
+
+The names of the sections after the header are derived from their use in
+standard queries. The question section contains fields that describe a
+question to a name server. These fields are a query type (QTYPE), a
+query class (QCLASS), and a query domain name (QNAME). The last three
+sections have the same format: a possibly empty list of concatenated
+resource records (RRs). The answer section contains RRs that answer the
+question; the authority section contains RRs that point toward an
+authoritative name server; the additional records section contains RRs
+which relate to the query, but are not strictly answers for the
+question.
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 25]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+4.1.1. Header section format
+
+The header contains the following fields:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ID |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QDCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ANCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | NSCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ARCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID A 16 bit identifier assigned by the program that
+ generates any kind of query. This identifier is copied
+ the corresponding reply and can be used by the requester
+ to match up replies to outstanding queries.
+
+QR A one bit field that specifies whether this message is a
+ query (0), or a response (1).
+
+OPCODE A four bit field that specifies kind of query in this
+ message. This value is set by the originator of a query
+ and copied into the response. The values are:
+
+ 0 a standard query (QUERY)
+
+ 1 an inverse query (IQUERY)
+
+ 2 a server status request (STATUS)
+
+ 3-15 reserved for future use
+
+AA Authoritative Answer - this bit is valid in responses,
+ and specifies that the responding name server is an
+ authority for the domain name in question section.
+
+ Note that the contents of the answer section may have
+ multiple owner names because of aliases. The AA bit
+
+
+
+Mockapetris [Page 26]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ corresponds to the name which matches the query name, or
+ the first owner name in the answer section.
+
+TC TrunCation - specifies that this message was truncated
+ due to length greater than that permitted on the
+ transmission channel.
+
+RD Recursion Desired - this bit may be set in a query and
+ is copied into the response. If RD is set, it directs
+ the name server to pursue the query recursively.
+ Recursive query support is optional.
+
+RA Recursion Available - this be is set or cleared in a
+ response, and denotes whether recursive query support is
+ available in the name server.
+
+Z Reserved for future use. Must be zero in all queries
+ and responses.
+
+RCODE Response code - this 4 bit field is set as part of
+ responses. The values have the following
+ interpretation:
+
+ 0 No error condition
+
+ 1 Format error - The name server was
+ unable to interpret the query.
+
+ 2 Server failure - The name server was
+ unable to process this query due to a
+ problem with the name server.
+
+ 3 Name Error - Meaningful only for
+ responses from an authoritative name
+ server, this code signifies that the
+ domain name referenced in the query does
+ not exist.
+
+ 4 Not Implemented - The name server does
+ not support the requested kind of query.
+
+ 5 Refused - The name server refuses to
+ perform the specified operation for
+ policy reasons. For example, a name
+ server may not wish to provide the
+ information to the particular requester,
+ or a name server may not wish to perform
+ a particular operation (e.g., zone
+
+
+
+Mockapetris [Page 27]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ transfer) for particular data.
+
+ 6-15 Reserved for future use.
+
+QDCOUNT an unsigned 16 bit integer specifying the number of
+ entries in the question section.
+
+ANCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the answer section.
+
+NSCOUNT an unsigned 16 bit integer specifying the number of name
+ server resource records in the authority records
+ section.
+
+ARCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the additional records section.
+
+4.1.2. Question section format
+
+The question section is used to carry the "question" in most queries,
+i.e., the parameters that define what is being asked. The section
+contains QDCOUNT (usually 1) entries, each of the following format:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / QNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QTYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QCLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+QNAME a domain name represented as a sequence of labels, where
+ each label consists of a length octet followed by that
+ number of octets. The domain name terminates with the
+ zero length octet for the null label of the root. Note
+ that this field may be an odd number of octets; no
+ padding is used.
+
+QTYPE a two octet code which specifies the type of the query.
+ The values for this field include all codes valid for a
+ TYPE field, together with some more general codes which
+ can match more than one type of RR.
+
+
+
+Mockapetris [Page 28]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+QCLASS a two octet code that specifies the class of the query.
+ For example, the QCLASS field is IN for the Internet.
+
+4.1.3. Resource record format
+
+The answer, authority, and additional sections all share the same
+format: a variable number of resource records, where the number of
+records is specified in the corresponding count field in the header.
+Each resource record has the following format:
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME a domain name to which this resource record pertains.
+
+TYPE two octets containing one of the RR type codes. This
+ field specifies the meaning of the data in the RDATA
+ field.
+
+CLASS two octets which specify the class of the data in the
+ RDATA field.
+
+TTL a 32 bit unsigned integer that specifies the time
+ interval (in seconds) that the resource record may be
+ cached before it should be discarded. Zero values are
+ interpreted to mean that the RR can only be used for the
+ transaction in progress, and should not be cached.
+
+
+
+
+
+Mockapetris [Page 29]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+ For example, the if the TYPE is A and the CLASS is IN,
+ the RDATA field is a 4 octet ARPA Internet address.
+
+4.1.4. Message compression
+
+In order to reduce the size of messages, the domain system utilizes a
+compression scheme which eliminates the repetition of domain names in a
+message. In this scheme, an entire domain name or a list of labels at
+the end of a domain name is replaced with a pointer to a prior occurance
+of the same name.
+
+The pointer takes the form of a two octet sequence:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | 1 1| OFFSET |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The first two bits are ones. This allows a pointer to be distinguished
+from a label, since the label must begin with two zero bits because
+labels are restricted to 63 octets or less. (The 10 and 01 combinations
+are reserved for future use.) The OFFSET field specifies an offset from
+the start of the message (i.e., the first octet of the ID field in the
+domain header). A zero offset specifies the first byte of the ID field,
+etc.
+
+The compression scheme allows a domain name in a message to be
+represented as either:
+
+ - a sequence of labels ending in a zero octet
+
+ - a pointer
+
+ - a sequence of labels ending with a pointer
+
+Pointers can only be used for occurances of a domain name where the
+format is not class specific. If this were not the case, a name server
+or resolver would be required to know the format of all RRs it handled.
+As yet, there are no such cases, but they may occur in future RDATA
+formats.
+
+If a domain name is contained in a part of the message subject to a
+length field (such as the RDATA section of an RR), and compression is
+
+
+
+Mockapetris [Page 30]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+used, the length of the compressed name is used in the length
+calculation, rather than the length of the expanded name.
+
+Programs are free to avoid using pointers in messages they generate,
+although this will reduce datagram capacity, and may cause truncation.
+However all programs are required to understand arriving messages that
+contain pointers.
+
+For example, a datagram might need to use the domain names F.ISI.ARPA,
+FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the
+message, these domain names might be represented as:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 20 | 1 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 22 | 3 | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 24 | S | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 26 | 4 | A |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 28 | R | P |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 30 | A | 0 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 40 | 3 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 42 | O | O |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 44 | 1 1| 20 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 64 | 1 1| 26 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 92 | 0 | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The domain name for F.ISI.ARPA is shown at offset 20. The domain name
+FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to
+concatenate a label for FOO to the previously defined F.ISI.ARPA. The
+domain name ARPA is defined at offset 64 using a pointer to the ARPA
+component of the name F.ISI.ARPA at 20; note that this pointer relies on
+ARPA being the last label in the string at 20. The root domain name is
+
+
+
+Mockapetris [Page 31]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+defined by a single octet of zeros at 92; the root domain name has no
+labels.
+
+4.2. Transport
+
+The DNS assumes that messages will be transmitted as datagrams or in a
+byte stream carried by a virtual circuit. While virtual circuits can be
+used for any DNS activity, datagrams are preferred for queries due to
+their lower overhead and better performance. Zone refresh activities
+must use virtual circuits because of the need for reliable transfer.
+
+The Internet supports name server access using TCP [RFC-793] on server
+port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
+port 53 (decimal).
+
+4.2.1. UDP usage
+
+Messages sent using UDP user server port 53 (decimal).
+
+Messages carried by UDP are restricted to 512 bytes (not counting the IP
+or UDP headers). Longer messages are truncated and the TC bit is set in
+the header.
+
+UDP is not acceptable for zone transfers, but is the recommended method
+for standard queries in the Internet. Queries sent using UDP may be
+lost, and hence a retransmission strategy is required. Queries or their
+responses may be reordered by the network, or by processing in name
+servers, so resolvers should not depend on them being returned in order.
+
+The optimal UDP retransmission policy will vary with performance of the
+Internet and the needs of the client, but the following are recommended:
+
+ - The client should try other servers and server addresses
+ before repeating a query to a specific address of a server.
+
+ - The retransmission interval should be based on prior
+ statistics if possible. Too aggressive retransmission can
+ easily slow responses for the community at large. Depending
+ on how well connected the client is to its expected servers,
+ the minimum retransmission interval should be 2-5 seconds.
+
+More suggestions on server selection and retransmission policy can be
+found in the resolver section of this memo.
+
+4.2.2. TCP usage
+
+Messages sent over TCP connections use server port 53 (decimal). The
+message is prefixed with a two byte length field which gives the message
+
+
+
+Mockapetris [Page 32]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+length, excluding the two byte length field. This length field allows
+the low-level processing to assemble a complete message before beginning
+to parse it.
+
+Several connection management policies are recommended:
+
+ - The server should not block other activities waiting for TCP
+ data.
+
+ - The server should support multiple connections.
+
+ - The server should assume that the client will initiate
+ connection closing, and should delay closing its end of the
+ connection until all outstanding client requests have been
+ satisfied.
+
+ - If the server needs to close a dormant connection to reclaim
+ resources, it should wait until the connection has been idle
+ for a period on the order of two minutes. In particular, the
+ server should allow the SOA and AXFR request sequence (which
+ begins a refresh operation) to be made on a single connection.
+ Since the server would be unable to answer queries anyway, a
+ unilateral close or reset may be used instead of a graceful
+ close.
+
+5. MASTER FILES
+
+Master files are text files that contain RRs in text form. Since the
+contents of a zone can be expressed in the form of a list of RRs a
+master file is most often used to define a zone, though it can be used
+to list a cache's contents. Hence, this section first discusses the
+format of RRs in a master file, and then the special considerations when
+a master file is used to create a zone in some name server.
+
+5.1. Format
+
+The format of these files is a sequence of entries. Entries are
+predominantly line-oriented, though parentheses can be used to continue
+a list of items across a line boundary, and text literals can contain
+CRLF within the text. Any combination of tabs and spaces act as a
+delimiter between the separate items that make up an entry. The end of
+any line in the master file can end with a comment. The comment starts
+with a ";" (semicolon).
+
+The following entries are defined:
+
+ <blank>[<comment>]
+
+
+
+
+Mockapetris [Page 33]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ $ORIGIN <domain-name> [<comment>]
+
+ $INCLUDE <file-name> [<domain-name>] [<comment>]
+
+ <domain-name><rr> [<comment>]
+
+ <blank><rr> [<comment>]
+
+Blank lines, with or without comments, are allowed anywhere in the file.
+
+Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is
+followed by a domain name, and resets the current origin for relative
+domain names to the stated name. $INCLUDE inserts the named file into
+the current file, and may optionally specify a domain name that sets the
+relative domain name origin for the included file. $INCLUDE may also
+have a comment. Note that a $INCLUDE entry never changes the relative
+origin of the parent file, regardless of changes to the relative origin
+made within the included file.
+
+The last two forms represent RRs. If an entry for an RR begins with a
+blank, then the RR is assumed to be owned by the last stated owner. If
+an RR entry begins with a <domain-name>, then the owner name is reset.
+
+<rr> contents take one of the following forms:
+
+ [<TTL>] [<class>] <type> <RDATA>
+
+ [<class>] [<TTL>] <type> <RDATA>
+
+The RR begins with optional TTL and class fields, followed by a type and
+RDATA field appropriate to the type and class. Class and type use the
+standard mnemonics, TTL is a decimal integer. Omitted class and TTL
+values are default to the last explicitly stated values. Since type and
+class mnemonics are disjoint, the parse is unique. (Note that this
+order is different from the order used in examples and the order used in
+the actual RRs; the given order allows easier parsing and defaulting.)
+
+<domain-name>s make up a large share of the data in the master file.
+The labels in the domain name are expressed as character strings and
+separated by dots. Quoting conventions allow arbitrary characters to be
+stored in domain names. Domain names that end in a dot are called
+absolute, and are taken as complete. Domain names which do not end in a
+dot are called relative; the actual domain name is the concatenation of
+the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as
+an argument to the master file loading routine. A relative name is an
+error when no origin is available.
+
+
+
+
+
+Mockapetris [Page 34]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+<character-string> is expressed in one or two ways: as a contiguous set
+of characters without interior spaces, or as a string beginning with a "
+and ending with a ". Inside a " delimited string any character can
+occur, except for a " itself, which must be quoted using \ (back slash).
+
+Because these files are text files several special encodings are
+necessary to allow arbitrary data to be loaded. In particular:
+
+ of the root.
+
+@ A free standing @ is used to denote the current origin.
+
+\X where X is any character other than a digit (0-9), is
+ used to quote that character so that its special meaning
+ does not apply. For example, "\." can be used to place
+ a dot character in a label.
+
+\DDD where each D is a digit is the octet corresponding to
+ the decimal number described by DDD. The resulting
+ octet is assumed to be text and is not checked for
+ special meaning.
+
+( ) Parentheses are used to group data that crosses a line
+ boundary. In effect, line terminations are not
+ recognized within parentheses.
+
+; Semicolon is used to start a comment; the remainder of
+ the line is ignored.
+
+5.2. Use of master files to define zones
+
+When a master file is used to load a zone, the operation should be
+suppressed if any errors are encountered in the master file. The
+rationale for this is that a single error can have widespread
+consequences. For example, suppose that the RRs defining a delegation
+have syntax errors; then the server will return authoritative name
+errors for all names in the subzone (except in the case where the
+subzone is also present on the server).
+
+Several other validity checks that should be performed in addition to
+insuring that the file is syntactically correct:
+
+ 1. All RRs in the file should have the same class.
+
+ 2. Exactly one SOA RR should be present at the top of the zone.
+
+ 3. If delegations are present and glue information is required,
+ it should be present.
+
+
+
+Mockapetris [Page 35]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 4. Information present outside of the authoritative nodes in the
+ zone should be glue information, rather than the result of an
+ origin or similar error.
+
+5.3. Master file example
+
+The following is an example file which might be used to define the
+ISI.EDU zone.and is loaded with an origin of ISI.EDU:
+
+@ IN SOA VENERA Action\.domains (
+ 20 ; SERIAL
+ 7200 ; REFRESH
+ 600 ; RETRY
+ 3600000; EXPIRE
+ 60) ; MINIMUM
+
+ NS A.ISI.EDU.
+ NS VENERA
+ NS VAXA
+ MX 10 VENERA
+ MX 20 VAXA
+
+A A 26.3.0.103
+
+VENERA A 10.1.0.52
+ A 128.9.0.32
+
+VAXA A 10.2.0.27
+ A 128.9.0.33
+
+
+$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT
+
+Where the file <SUBSYS>ISI-MAILBOXES.TXT is:
+
+ MOE MB A.ISI.EDU.
+ LARRY MB A.ISI.EDU.
+ CURLEY MB A.ISI.EDU.
+ STOOGES MG MOE
+ MG LARRY
+ MG CURLEY
+
+Note the use of the \ character in the SOA RR to specify the responsible
+person mailbox "Action.domains@E.ISI.EDU".
+
+
+
+
+
+
+
+Mockapetris [Page 36]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+6. NAME SERVER IMPLEMENTATION
+
+6.1. Architecture
+
+The optimal structure for the name server will depend on the host
+operating system and whether the name server is integrated with resolver
+operations, either by supporting recursive service, or by sharing its
+database with a resolver. This section discusses implementation
+considerations for a name server which shares a database with a
+resolver, but most of these concerns are present in any name server.
+
+6.1.1. Control
+
+A name server must employ multiple concurrent activities, whether they
+are implemented as separate tasks in the host's OS or multiplexing
+inside a single name server program. It is simply not acceptable for a
+name server to block the service of UDP requests while it waits for TCP
+data for refreshing or query activities. Similarly, a name server
+should not attempt to provide recursive service without processing such
+requests in parallel, though it may choose to serialize requests from a
+single client, or to regard identical requests from the same client as
+duplicates. A name server should not substantially delay requests while
+it reloads a zone from master files or while it incorporates a newly
+refreshed zone into its database.
+
+6.1.2. Database
+
+While name server implementations are free to use any internal data
+structures they choose, the suggested structure consists of three major
+parts:
+
+ - A "catalog" data structure which lists the zones available to
+ this server, and a "pointer" to the zone data structure. The
+ main purpose of this structure is to find the nearest ancestor
+ zone, if any, for arriving standard queries.
+
+ - Separate data structures for each of the zones held by the
+ name server.
+
+ - A data structure for cached data. (or perhaps separate caches
+ for different classes)
+
+All of these data structures can be implemented an identical tree
+structure format, with different data chained off the nodes in different
+parts: in the catalog the data is pointers to zones, while in the zone
+and cache data structures, the data will be RRs. In designing the tree
+framework the designer should recognize that query processing will need
+to traverse the tree using case-insensitive label comparisons; and that
+
+
+
+Mockapetris [Page 37]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in real data, a few nodes have a very high branching factor (100-1000 or
+more), but the vast majority have a very low branching factor (0-1).
+
+One way to solve the case problem is to store the labels for each node
+in two pieces: a standardized-case representation of the label where all
+ASCII characters are in a single case, together with a bit mask that
+denotes which characters are actually of a different case. The
+branching factor diversity can be handled using a simple linked list for
+a node until the branching factor exceeds some threshold, and
+transitioning to a hash structure after the threshold is exceeded. In
+any case, hash structures used to store tree sections must insure that
+hash functions and procedures preserve the casing conventions of the
+DNS.
+
+The use of separate structures for the different parts of the database
+is motivated by several factors:
+
+ - The catalog structure can be an almost static structure that
+ need change only when the system administrator changes the
+ zones supported by the server. This structure can also be
+ used to store parameters used to control refreshing
+ activities.
+
+ - The individual data structures for zones allow a zone to be
+ replaced simply by changing a pointer in the catalog. Zone
+ refresh operations can build a new structure and, when
+ complete, splice it into the database via a simple pointer
+ replacement. It is very important that when a zone is
+ refreshed, queries should not use old and new data
+ simultaneously.
+
+ - With the proper search procedures, authoritative data in zones
+ will always "hide", and hence take precedence over, cached
+ data.
+
+ - Errors in zone definitions that cause overlapping zones, etc.,
+ may cause erroneous responses to queries, but problem
+ determination is simplified, and the contents of one "bad"
+ zone can't corrupt another.
+
+ - Since the cache is most frequently updated, it is most
+ vulnerable to corruption during system restarts. It can also
+ become full of expired RR data. In either case, it can easily
+ be discarded without disturbing zone data.
+
+A major aspect of database design is selecting a structure which allows
+the name server to deal with crashes of the name server's host. State
+information which a name server should save across system crashes
+
+
+
+Mockapetris [Page 38]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+includes the catalog structure (including the state of refreshing for
+each zone) and the zone data itself.
+
+6.1.3. Time
+
+Both the TTL data for RRs and the timing data for refreshing activities
+depends on 32 bit timers in units of seconds. Inside the database,
+refresh timers and TTLs for cached data conceptually "count down", while
+data in the zone stays with constant TTLs.
+
+A recommended implementation strategy is to store time in two ways: as
+a relative increment and as an absolute time. One way to do this is to
+use positive 32 bit numbers for one type and negative numbers for the
+other. The RRs in zones use relative times; the refresh timers and
+cache data use absolute times. Absolute numbers are taken with respect
+to some known origin and converted to relative values when placed in the
+response to a query. When an absolute TTL is negative after conversion
+to relative, then the data is expired and should be ignored.
+
+6.2. Standard query processing
+
+The major algorithm for standard query processing is presented in
+[RFC-1034].
+
+When processing queries with QCLASS=*, or some other QCLASS which
+matches multiple classes, the response should never be authoritative
+unless the server can guarantee that the response covers all classes.
+
+When composing a response, RRs which are to be inserted in the
+additional section, but duplicate RRs in the answer or authority
+sections, may be omitted from the additional section.
+
+When a response is so long that truncation is required, the truncation
+should start at the end of the response and work forward in the
+datagram. Thus if there is any data for the authority section, the
+answer section is guaranteed to be unique.
+
+The MINIMUM value in the SOA should be used to set a floor on the TTL of
+data distributed from a zone. This floor function should be done when
+the data is copied into a response. This will allow future dynamic
+update protocols to change the SOA MINIMUM field without ambiguous
+semantics.
+
+6.3. Zone refresh and reload processing
+
+In spite of a server's best efforts, it may be unable to load zone data
+from a master file due to syntax errors, etc., or be unable to refresh a
+zone within the its expiration parameter. In this case, the name server
+
+
+
+Mockapetris [Page 39]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+should answer queries as if it were not supposed to possess the zone.
+
+If a master is sending a zone out via AXFR, and a new version is created
+during the transfer, the master should continue to send the old version
+if possible. In any case, it should never send part of one version and
+part of another. If completion is not possible, the master should reset
+the connection on which the zone transfer is taking place.
+
+6.4. Inverse queries (Optional)
+
+Inverse queries are an optional part of the DNS. Name servers are not
+required to support any form of inverse queries. If a name server
+receives an inverse query that it does not support, it returns an error
+response with the "Not Implemented" error set in the header. While
+inverse query support is optional, all name servers must be at least
+able to return the error response.
+
+6.4.1. The contents of inverse queries and responses Inverse
+queries reverse the mappings performed by standard query operations;
+while a standard query maps a domain name to a resource, an inverse
+query maps a resource to a domain name. For example, a standard query
+might bind a domain name to a host address; the corresponding inverse
+query binds the host address to a domain name.
+
+Inverse queries take the form of a single RR in the answer section of
+the message, with an empty question section. The owner name of the
+query RR and its TTL are not significant. The response carries
+questions in the question section which identify all names possessing
+the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows
+about all of the domain name space, the response can never be assumed to
+be complete. Thus inverse queries are primarily useful for database
+management and debugging activities. Inverse queries are NOT an
+acceptable method of mapping host addresses to host names; use the IN-
+ADDR.ARPA domain instead.
+
+Where possible, name servers should provide case-insensitive comparisons
+for inverse queries. Thus an inverse query asking for an MX RR of
+"Venera.isi.edu" should get the same response as a query for
+"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should
+produce the same result as an inverse query for "IBM-pc unix". However,
+this cannot be guaranteed because name servers may possess RRs that
+contain character strings but the name server does not know that the
+data is character.
+
+When a name server processes an inverse query, it either returns:
+
+ 1. zero, one, or multiple domain names for the specified
+ resource as QNAMEs in the question section
+
+
+
+Mockapetris [Page 40]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 2. an error code indicating that the name server doesn't support
+ inverse mapping of the specified resource type.
+
+When the response to an inverse query contains one or more QNAMEs, the
+owner name and TTL of the RR in the answer section which defines the
+inverse query is modified to exactly match an RR found at the first
+QNAME.
+
+RRs returned in the inverse queries cannot be cached using the same
+mechanism as is used for the replies to standard queries. One reason
+for this is that a name might have multiple RRs of the same type, and
+only one would appear. For example, an inverse query for a single
+address of a multiply homed host might create the impression that only
+one address existed.
+
+6.4.2. Inverse query and response example The overall structure
+of an inverse query for retrieving the domain name that corresponds to
+Internet address 10.1.0.52 is shown below:
+
+ +-----------------------------------------+
+ Header | OPCODE=IQUERY, ID=997 |
+ +-----------------------------------------+
+ Question | <empty> |
+ +-----------------------------------------+
+ Answer | <anyname> A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+This query asks for a question whose answer is the Internet style
+address 10.1.0.52. Since the owner name is not known, any domain name
+can be used as a placeholder (and is ignored). A single octet of zero,
+signifying the root, is usually used because it minimizes the length of
+the message. The TTL of the RR is not significant. The response to
+this query might be:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 41]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ +-----------------------------------------+
+ Header | OPCODE=RESPONSE, ID=997 |
+ +-----------------------------------------+
+ Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
+ +-----------------------------------------+
+ Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+Note that the QTYPE in a response to an inverse query is the same as the
+TYPE field in the answer section of the inverse query. Responses to
+inverse queries may contain multiple questions when the inverse is not
+unique. If the question section in the response is not empty, then the
+RR in the answer section is modified to correspond to be an exact copy
+of an RR at the first QNAME.
+
+6.4.3. Inverse query processing
+
+Name servers that support inverse queries can support these operations
+through exhaustive searches of their databases, but this becomes
+impractical as the size of the database increases. An alternative
+approach is to invert the database according to the search key.
+
+For name servers that support multiple zones and a large amount of data,
+the recommended approach is separate inversions for each zone. When a
+particular zone is changed during a refresh, only its inversions need to
+be redone.
+
+Support for transfer of this type of inversion may be included in future
+versions of the domain system, but is not supported in this version.
+
+6.5. Completion queries and responses
+
+The optional completion services described in RFC-882 and RFC-883 have
+been deleted. Redesigned services may become available in the future.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 42]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7. RESOLVER IMPLEMENTATION
+
+The top levels of the recommended resolver algorithm are discussed in
+[RFC-1034]. This section discusses implementation details assuming the
+database structure suggested in the name server implementation section
+of this memo.
+
+7.1. Transforming a user request into a query
+
+The first step a resolver takes is to transform the client's request,
+stated in a format suitable to the local OS, into a search specification
+for RRs at a specific name which match a specific QTYPE and QCLASS.
+Where possible, the QTYPE and QCLASS should correspond to a single type
+and a single class, because this makes the use of cached data much
+simpler. The reason for this is that the presence of data of one type
+in a cache doesn't confirm the existence or non-existence of data of
+other types, hence the only way to be sure is to consult an
+authoritative source. If QCLASS=* is used, then authoritative answers
+won't be available.
+
+Since a resolver must be able to multiplex multiple requests if it is to
+perform its function efficiently, each pending request is usually
+represented in some block of state information. This state block will
+typically contain:
+
+ - A timestamp indicating the time the request began.
+ The timestamp is used to decide whether RRs in the database
+ can be used or are out of date. This timestamp uses the
+ absolute time format previously discussed for RR storage in
+ zones and caches. Note that when an RRs TTL indicates a
+ relative time, the RR must be timely, since it is part of a
+ zone. When the RR has an absolute time, it is part of a
+ cache, and the TTL of the RR is compared against the timestamp
+ for the start of the request.
+
+ Note that using the timestamp is superior to using a current
+ time, since it allows RRs with TTLs of zero to be entered in
+ the cache in the usual manner, but still used by the current
+ request, even after intervals of many seconds due to system
+ load, query retransmission timeouts, etc.
+
+ - Some sort of parameters to limit the amount of work which will
+ be performed for this request.
+
+ The amount of work which a resolver will do in response to a
+ client request must be limited to guard against errors in the
+ database, such as circular CNAME references, and operational
+ problems, such as network partition which prevents the
+
+
+
+Mockapetris [Page 43]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ resolver from accessing the name servers it needs. While
+ local limits on the number of times a resolver will retransmit
+ a particular query to a particular name server address are
+ essential, the resolver should have a global per-request
+ counter to limit work on a single request. The counter should
+ be set to some initial value and decremented whenever the
+ resolver performs any action (retransmission timeout,
+ retransmission, etc.) If the counter passes zero, the request
+ is terminated with a temporary error.
+
+ Note that if the resolver structure allows one request to
+ start others in parallel, such as when the need to access a
+ name server for one request causes a parallel resolve for the
+ name server's addresses, the spawned request should be started
+ with a lower counter. This prevents circular references in
+ the database from starting a chain reaction of resolver
+ activity.
+
+ - The SLIST data structure discussed in [RFC-1034].
+
+ This structure keeps track of the state of a request if it
+ must wait for answers from foreign name servers.
+
+7.2. Sending the queries
+
+As described in [RFC-1034], the basic task of the resolver is to
+formulate a query which will answer the client's request and direct that
+query to name servers which can provide the information. The resolver
+will usually only have very strong hints about which servers to ask, in
+the form of NS RRs, and may have to revise the query, in response to
+CNAMEs, or revise the set of name servers the resolver is asking, in
+response to delegation responses which point the resolver to name
+servers closer to the desired information. In addition to the
+information requested by the client, the resolver may have to call upon
+its own services to determine the address of name servers it wishes to
+contact.
+
+In any case, the model used in this memo assumes that the resolver is
+multiplexing attention between multiple requests, some from the client,
+and some internally generated. Each request is represented by some
+state information, and the desired behavior is that the resolver
+transmit queries to name servers in a way that maximizes the probability
+that the request is answered, minimizes the time that the request takes,
+and avoids excessive transmissions. The key algorithm uses the state
+information of the request to select the next name server address to
+query, and also computes a timeout which will cause the next action
+should a response not arrive. The next action will usually be a
+transmission to some other server, but may be a temporary error to the
+
+
+
+Mockapetris [Page 44]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+client.
+
+The resolver always starts with a list of server names to query (SLIST).
+This list will be all NS RRs which correspond to the nearest ancestor
+zone that the resolver knows about. To avoid startup problems, the
+resolver should have a set of default servers which it will ask should
+it have no current NS RRs which are appropriate. The resolver then adds
+to SLIST all of the known addresses for the name servers, and may start
+parallel requests to acquire the addresses of the servers when the
+resolver has the name, but no addresses, for the name servers.
+
+To complete initialization of SLIST, the resolver attaches whatever
+history information it has to the each address in SLIST. This will
+usually consist of some sort of weighted averages for the response time
+of the address, and the batting average of the address (i.e., how often
+the address responded at all to the request). Note that this
+information should be kept on a per address basis, rather than on a per
+name server basis, because the response time and batting average of a
+particular server may vary considerably from address to address. Note
+also that this information is actually specific to a resolver address /
+server address pair, so a resolver with multiple addresses may wish to
+keep separate histories for each of its addresses. Part of this step
+must deal with addresses which have no such history; in this case an
+expected round trip time of 5-10 seconds should be the worst case, with
+lower estimates for the same local network, etc.
+
+Note that whenever a delegation is followed, the resolver algorithm
+reinitializes SLIST.
+
+The information establishes a partial ranking of the available name
+server addresses. Each time an address is chosen and the state should
+be altered to prevent its selection again until all other addresses have
+been tried. The timeout for each transmission should be 50-100% greater
+than the average predicted value to allow for variance in response.
+
+Some fine points:
+
+ - The resolver may encounter a situation where no addresses are
+ available for any of the name servers named in SLIST, and
+ where the servers in the list are precisely those which would
+ normally be used to look up their own addresses. This
+ situation typically occurs when the glue address RRs have a
+ smaller TTL than the NS RRs marking delegation, or when the
+ resolver caches the result of a NS search. The resolver
+ should detect this condition and restart the search at the
+ next ancestor zone, or alternatively at the root.
+
+
+
+
+
+Mockapetris [Page 45]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ - If a resolver gets a server error or other bizarre response
+ from a name server, it should remove it from SLIST, and may
+ wish to schedule an immediate transmission to the next
+ candidate server address.
+
+7.3. Processing responses
+
+The first step in processing arriving response datagrams is to parse the
+response. This procedure should include:
+
+ - Check the header for reasonableness. Discard datagrams which
+ are queries when responses are expected.
+
+ - Parse the sections of the message, and insure that all RRs are
+ correctly formatted.
+
+ - As an optional step, check the TTLs of arriving data looking
+ for RRs with excessively long TTLs. If a RR has an
+ excessively long TTL, say greater than 1 week, either discard
+ the whole response, or limit all TTLs in the response to 1
+ week.
+
+The next step is to match the response to a current resolver request.
+The recommended strategy is to do a preliminary matching using the ID
+field in the domain header, and then to verify that the question section
+corresponds to the information currently desired. This requires that
+the transmission algorithm devote several bits of the domain ID field to
+a request identifier of some sort. This step has several fine points:
+
+ - Some name servers send their responses from different
+ addresses than the one used to receive the query. That is, a
+ resolver cannot rely that a response will come from the same
+ address which it sent the corresponding query to. This name
+ server bug is typically encountered in UNIX systems.
+
+ - If the resolver retransmits a particular request to a name
+ server it should be able to use a response from any of the
+ transmissions. However, if it is using the response to sample
+ the round trip time to access the name server, it must be able
+ to determine which transmission matches the response (and keep
+ transmission times for each outgoing message), or only
+ calculate round trip times based on initial transmissions.
+
+ - A name server will occasionally not have a current copy of a
+ zone which it should have according to some NS RRs. The
+ resolver should simply remove the name server from the current
+ SLIST, and continue.
+
+
+
+
+Mockapetris [Page 46]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7.4. Using the cache
+
+In general, we expect a resolver to cache all data which it receives in
+responses since it may be useful in answering future client requests.
+However, there are several types of data which should not be cached:
+
+ - When several RRs of the same type are available for a
+ particular owner name, the resolver should either cache them
+ all or none at all. When a response is truncated, and a
+ resolver doesn't know whether it has a complete set, it should
+ not cache a possibly partial set of RRs.
+
+ - Cached data should never be used in preference to
+ authoritative data, so if caching would cause this to happen
+ the data should not be cached.
+
+ - The results of an inverse query should not be cached.
+
+ - The results of standard queries where the QNAME contains "*"
+ labels if the data might be used to construct wildcards. The
+ reason is that the cache does not necessarily contain existing
+ RRs or zone boundary information which is necessary to
+ restrict the application of the wildcard RRs.
+
+ - RR data in responses of dubious reliability. When a resolver
+ receives unsolicited responses or RR data other than that
+ requested, it should discard it without caching it. The basic
+ implication is that all sanity checks on a packet should be
+ performed before any of it is cached.
+
+In a similar vein, when a resolver has a set of RRs for some name in a
+response, and wants to cache the RRs, it should check its cache for
+already existing RRs. Depending on the circumstances, either the data
+in the response or the cache is preferred, but the two should never be
+combined. If the data in the response is from authoritative data in the
+answer section, it is always preferred.
+
+8. MAIL SUPPORT
+
+The domain system defines a standard for mapping mailboxes into domain
+names, and two methods for using the mailbox information to derive mail
+routing information. The first method is called mail exchange binding
+and the other method is mailbox binding. The mailbox encoding standard
+and mail exchange binding are part of the DNS official protocol, and are
+the recommended method for mail routing in the Internet. Mailbox
+binding is an experimental feature which is still under development and
+subject to change.
+
+
+
+
+Mockapetris [Page 47]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+The mailbox encoding standard assumes a mailbox name of the form
+"<local-part>@<mail-domain>". While the syntax allowed in each of these
+sections varies substantially between the various mail internets, the
+preferred syntax for the ARPA Internet is given in [RFC-822].
+
+The DNS encodes the <local-part> as a single label, and encodes the
+<mail-domain> as a domain name. The single label from the <local-part>
+is prefaced to the domain name from <mail-domain> to form the domain
+name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI-
+NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the
+<local-part> contains dots or other special characters, its
+representation in a master file will require the use of backslash
+quoting to ensure that the domain name is properly encoded. For
+example, the mailbox Action.domains@ISI.EDU would be represented as
+Action\.domains.ISI.EDU.
+
+8.1. Mail exchange binding
+
+Mail exchange binding uses the <mail-domain> part of a mailbox
+specification to determine where mail should be sent. The <local-part>
+is not even consulted. [RFC-974] specifies this method in detail, and
+should be consulted before attempting to use mail exchange support.
+
+One of the advantages of this method is that it decouples mail
+destination naming from the hosts used to support mail service, at the
+cost of another layer of indirection in the lookup function. However,
+the addition layer should eliminate the need for complicated "%", "!",
+etc encodings in <local-part>.
+
+The essence of the method is that the <mail-domain> is used as a domain
+name to locate type MX RRs which list hosts willing to accept mail for
+<mail-domain>, together with preference values which rank the hosts
+according to an order specified by the administrators for <mail-domain>.
+
+In this memo, the <mail-domain> ISI.EDU is used in examples, together
+with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for
+ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would
+route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name
+VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host
+addresses.
+
+8.2. Mailbox binding (Experimental)
+
+In mailbox binding, the mailer uses the entire mail destination
+specification to construct a domain name. The encoded domain name for
+the mailbox is used as the QNAME field in a QTYPE=MAILB query.
+
+Several outcomes are possible for this query:
+
+
+
+Mockapetris [Page 48]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 1. The query can return a name error indicating that the mailbox
+ does not exist as a domain name.
+
+ In the long term, this would indicate that the specified
+ mailbox doesn't exist. However, until the use of mailbox
+ binding is universal, this error condition should be
+ interpreted to mean that the organization identified by the
+ global part does not support mailbox binding. The
+ appropriate procedure is to revert to exchange binding at
+ this point.
+
+ 2. The query can return a Mail Rename (MR) RR.
+
+ The MR RR carries new mailbox specification in its RDATA
+ field. The mailer should replace the old mailbox with the
+ new one and retry the operation.
+
+ 3. The query can return a MB RR.
+
+ The MB RR carries a domain name for a host in its RDATA
+ field. The mailer should deliver the message to that host
+ via whatever protocol is applicable, e.g., b,SMTP.
+
+ 4. The query can return one or more Mail Group (MG) RRs.
+
+ This condition means that the mailbox was actually a mailing
+ list or mail group, rather than a single mailbox. Each MG RR
+ has a RDATA field that identifies a mailbox that is a member
+ of the group. The mailer should deliver a copy of the
+ message to each member.
+
+ 5. The query can return a MB RR as well as one or more MG RRs.
+
+ This condition means the the mailbox was actually a mailing
+ list. The mailer can either deliver the message to the host
+ specified by the MB RR, which will in turn do the delivery to
+ all members, or the mailer can use the MG RRs to do the
+ expansion itself.
+
+In any of these cases, the response may include a Mail Information
+(MINFO) RR. This RR is usually associated with a mail group, but is
+legal with a MB. The MINFO RR identifies two mailboxes. One of these
+identifies a responsible person for the original mailbox name. This
+mailbox should be used for requests to be added to a mail group, etc.
+The second mailbox name in the MINFO RR identifies a mailbox that should
+receive error messages for mail failures. This is particularly
+appropriate for mailing lists when errors in member names should be
+reported to a person other than the one who sends a message to the list.
+
+
+
+Mockapetris [Page 49]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+New fields may be added to this RR in the future.
+
+
+9. REFERENCES and BIBLIOGRAPHY
+
+[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena
+ Technical Plan - Name Service, April 1987, version 1.9.
+
+ Describes the fundamentals of the Hesiod name service.
+
+[IEN-116] J. Postel, "Internet Name Server", IEN-116,
+ USC/Information Sciences Institute, August 1979.
+
+ A name service obsoleted by the Domain Name System, but
+ still in use.
+
+[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks",
+ Communications of the ACM, October 1986, volume 29, number
+ 10.
+
+[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network
+ Information Center, SRI International, December 1977.
+
+[RFC-768] J. Postel, "User Datagram Protocol", RFC-768,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793,
+ USC/Information Sciences Institute, September 1981.
+
+[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT,
+ September 1981.
+
+ Suggests introduction of a hierarchy in place of a flat
+ name space for the Internet.
+
+[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805,
+ USC/Information Sciences Institute, February 1982.
+
+[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD
+ Internet Host Table Specification", RFC-810, Network
+ Information Center, SRI International, March 1982.
+
+ Obsolete. See RFC-952.
+
+[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames
+ Server", RFC-811, Network Information Center, SRI
+ International, March 1982.
+
+
+
+
+Mockapetris [Page 50]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Obsolete. See RFC-953.
+
+[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812,
+ Network Information Center, SRI International, March
+ 1982.
+
+[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for
+ Internet User Applications", RFC-819, Network
+ Information Center, SRI International, August 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-830] Z. Su, "A Distributed System for Internet Name Service",
+ RFC-830, Network Information Center, SRI International,
+ October 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-882] P. Mockapetris, "Domain names - Concepts and
+ Facilities," RFC-882, USC/Information Sciences
+ Institute, November 1983.
+
+ Superceeded by this memo.
+
+[RFC-883] P. Mockapetris, "Domain names - Implementation and
+ Specification," RFC-883, USC/Information Sciences
+ Institute, November 1983.
+
+ Superceeded by this memo.
+
+[RFC-920] J. Postel and J. Reynolds, "Domain Requirements",
+ RFC-920, USC/Information Sciences Institute,
+ October 1984.
+
+ Explains the naming scheme for top level domains.
+
+[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host
+ Table Specification", RFC-952, SRI, October 1985.
+
+ Specifies the format of HOSTS.TXT, the host/address
+ table replaced by the DNS.
+
+
+
+
+
+Mockapetris [Page 51]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server",
+ RFC-953, SRI, October 1985.
+
+ This RFC contains the official specification of the
+ hostname server protocol, which is obsoleted by the DNS.
+ This TCP based protocol accesses information stored in
+ the RFC-952 format, and is used to obtain copies of the
+ host table.
+
+[RFC-973] P. Mockapetris, "Domain System Changes and
+ Observations", RFC-973, USC/Information Sciences
+ Institute, January 1986.
+
+ Describes changes to RFC-882 and RFC-883 and reasons for
+ them.
+
+[RFC-974] C. Partridge, "Mail routing and the domain system",
+ RFC-974, CSNET CIC BBN Labs, January 1986.
+
+ Describes the transition from HOSTS.TXT based mail
+ addressing to the more powerful MX system used with the
+ domain system.
+
+[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Concepts and Methods",
+ RFC-1001, March 1987.
+
+ This RFC and RFC-1002 are a preliminary design for
+ NETBIOS on top of TCP/IP which proposes to base NetBIOS
+ name service on top of the DNS.
+
+[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Detailed
+ Specifications", RFC-1002, March 1987.
+
+[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010,
+ USC/Information Sciences Institute, May 1987.
+
+ Contains socket numbers and mnemonics for host names,
+ operating systems, etc.
+
+[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031,
+ November 1987.
+
+ Describes a plan for converting the MILNET to the DNS.
+
+[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for
+ Administrators", RFC-1032, November 1987.
+
+
+
+Mockapetris [Page 52]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Describes the registration policies used by the NIC to
+ administer the top level domains and delegate subzones.
+
+[RFC-1033] M. Lottor, "Domain Administrators Operations Guide",
+ RFC-1033, November 1987.
+
+ A cookbook for domain administrators.
+
+[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET
+ Name Server", Computer Networks, vol 6, nr 3, July 1982.
+
+ Describes a name service for CSNET which is independent
+ from the DNS and DNS use in the CSNET.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 53]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Index
+
+ * 13
+
+ ; 33, 35
+
+ <character-string> 35
+ <domain-name> 34
+
+ @ 35
+
+ \ 35
+
+ A 12
+
+ Byte order 8
+
+ CH 13
+ Character case 9
+ CLASS 11
+ CNAME 12
+ Completion 42
+ CS 13
+
+ Hesiod 13
+ HINFO 12
+ HS 13
+
+ IN 13
+ IN-ADDR.ARPA domain 22
+ Inverse queries 40
+
+ Mailbox names 47
+ MB 12
+ MD 12
+ MF 12
+ MG 12
+ MINFO 12
+ MINIMUM 20
+ MR 12
+ MX 12
+
+ NS 12
+ NULL 12
+
+ Port numbers 32
+ Primary server 5
+ PTR 12, 18
+
+
+
+Mockapetris [Page 54]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ QCLASS 13
+ QTYPE 12
+
+ RDATA 12
+ RDLENGTH 11
+
+ Secondary server 5
+ SOA 12
+ Stub resolvers 7
+
+ TCP 32
+ TXT 12
+ TYPE 11
+
+ UDP 32
+
+ WKS 12
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 55]
+
diff --git a/bin/tests/dst/t2_data_2 b/bin/tests/dst/t2_data_2
new file mode 100644
index 0000000..7b0e35d
--- /dev/null
+++ b/bin/tests/dst/t2_data_2
@@ -0,0 +1,3077 @@
+Network Working Group P. Mockapetris
+Request for Comments: 1035 ISI
+ November 1987
+Obsoletes: RFCs 882, 883, 973
+
+ DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
+
+
+1. STATUS OF THIS MEMO
+
+This RFC describes the details of the domain system and protocol, and
+assumes that the reader is familiar with the concepts discussed in a
+companion RFC, "Domain Names - Concepts and Facilities" [RFC-4301].
+
+The domain system is a mixture of functions and data types which are an
+official protocol and functions and data types which are still
+experimental. Since the domain system is intentionally extensible, new
+data types and experimental behavior should always be expected in parts
+of the system beyond the official protocol. The official protocol parts
+include standard queries, responses and the Internet class RR data
+formats (e.g., host addresses). Since the previous RFC set, several
+definitions have changed, so some previous definitions are obsolete.
+
+Experimental or obsolete features are clearly marked in these RFCs, and
+such information should be used with caution.
+
+The reader is especially cautioned not to depend on the values which
+appear in examples to be current or complete, since their purpose is
+primarily pedagogical. Distribution of this memo is unlimited.
+
+ Table of Contents
+
+ 1. STATUS OF THIS MEMO 1
+ 2. INTRODUCTION 3
+ 2.1. Overview 3
+ 2.2. Common configurations 4
+ 2.3. Conventions 7
+ 2.3.1. Preferred name syntax 7
+ 2.3.2. Data Transmission Order 8
+ 2.3.3. Character Case 9
+ 2.3.4. Size limits 10
+ 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10
+ 3.1. Name space definitions 10
+ 3.2. RR definitions 11
+ 3.2.1. Format 11
+ 3.2.2. TYPE values 12
+ 3.2.3. QTYPE values 12
+ 3.2.4. CLASS values 13
+
+
+
+Mockapetris [Page 1]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 3.2.5. QCLASS values 13
+ 3.3. Standard RRs 13
+ 3.3.1. CNAME RDATA format 14
+ 3.3.2. HINFO RDATA format 14
+ 3.3.3. MB RDATA format (EXPERIMENTAL) 14
+ 3.3.4. MD RDATA format (Obsolete) 15
+ 3.3.5. MF RDATA format (Obsolete) 15
+ 3.3.6. MG RDATA format (EXPERIMENTAL) 16
+ 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16
+ 3.3.8. MR RDATA format (EXPERIMENTAL) 17
+ 3.3.9. MX RDATA format 17
+ 3.3.10. NULL RDATA format (EXPERIMENTAL) 17
+ 3.3.11. NS RDATA format 18
+ 3.3.12. PTR RDATA format 18
+ 3.3.13. SOA RDATA format 19
+ 3.3.14. TXT RDATA format 20
+ 3.4. ARPA Internet specific RRs 20
+ 3.4.1. A RDATA format 20
+ 3.4.2. WKS RDATA format 21
+ 3.5. IN-ADDR.ARPA domain 22
+ 3.6. Defining new types, classes, and special namespaces 24
+ 4. MESSAGES 25
+ 4.1. Format 25
+ 4.1.1. Header section format 26
+ 4.1.2. Question section format 28
+ 4.1.3. Resource record format 29
+ 4.1.4. Message compression 30
+ 4.2. Transport 32
+ 4.2.1. UDP usage 32
+ 4.2.2. TCP usage 32
+ 5. MASTER FILES 33
+ 5.1. Format 33
+ 5.2. Use of master files to define zones 35
+ 5.3. Master file example 36
+ 6. NAME SERVER IMPLEMENTATION 37
+ 6.1. Architecture 37
+ 6.1.1. Control 37
+ 6.1.2. Database 37
+ 6.1.3. Time 39
+ 6.2. Standard query processing 39
+ 6.3. Zone refresh and reload processing 39
+ 6.4. Inverse queries (Optional) 40
+ 6.4.1. The contents of inverse queries and responses 40
+ 6.4.2. Inverse query and response example 41
+ 6.4.3. Inverse query processing 42
+
+
+
+
+
+
+Mockapetris [Page 2]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 6.5. Completion queries and responses 42
+ 7. RESOLVER IMPLEMENTATION 43
+ 7.1. Transforming a user request into a query 43
+ 7.2. Sending the queries 44
+ 7.3. Processing responses 46
+ 7.4. Using the cache 47
+ 8. MAIL SUPPORT 47
+ 8.1. Mail exchange binding 48
+ 8.2. Mailbox binding (Experimental) 48
+ 9. REFERENCES and BIBLIOGRAPHY 50
+ Index 54
+
+2. INTRODUCTION
+
+2.1. Overview
+
+The goal of domain names is to provide a mechanism for naming resources
+in such a way that the names are usable in different hosts, networks,
+protocol families, internets, and administrative organizations.
+
+From the user's point of view, domain names are useful as arguments to a
+local agent, called a resolver, which retrieves information associated
+with the domain name. Thus a user might ask for the host address or
+mail information associated with a particular domain name. To enable
+the user to request a particular type of information, an appropriate
+query type is passed to the resolver with the domain name. To the user,
+the domain tree is a single information space; the resolver is
+responsible for hiding the distribution of data among name servers from
+the user.
+
+From the resolver's point of view, the database that makes up the domain
+space is distributed among various name servers. Different parts of the
+domain space are stored in different name servers, although a particular
+data item will be stored redundantly in two or more name servers. The
+resolver starts with knowledge of at least one name server. When the
+resolver processes a user query it asks a known name server for the
+information; in return, the resolver either receives the desired
+information or a referral to another name server. Using these
+referrals, resolvers learn the identities and contents of other name
+servers. Resolvers are responsible for dealing with the distribution of
+the domain space and dealing with the effects of name server failure by
+consulting redundant databases in other servers.
+
+Name servers manage two kinds of data. The first kind of data held in
+sets called zones; each zone is the complete database for a particular
+"pruned" subtree of the domain space. This data is called
+authoritative. A name server periodically checks to make sure that its
+zones are up to date, and if not, obtains a new copy of updated zones
+
+
+
+Mockapetris [Page 3]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+from master files stored locally or in another name server. The second
+kind of data is cached data which was acquired by a local resolver.
+This data may be incomplete, but improves the performance of the
+retrieval process when non-local data is repeatedly accessed. Cached
+data is eventually discarded by a timeout mechanism.
+
+This functional structure isolates the problems of user interface,
+failure recovery, and distribution in the resolvers and isolates the
+database update and refresh problems in the name servers.
+
+2.2. Common configurations
+
+A host can participate in the domain name system in a number of ways,
+depending on whether the host runs programs that retrieve information
+from the domain system, name servers that answer queries from other
+hosts, or various combinations of both functions. The simplest, and
+perhaps most typical, configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | cache | |
+ +----------+ |
+
+User programs interact with the domain name space through resolvers; the
+format of user queries and user responses is specific to the host and
+its operating system. User queries will typically be operating system
+calls, and the resolver and its cache will be part of the host operating
+system. Less capable hosts may choose to implement the resolver as a
+subroutine to be linked in with every program that needs its services.
+Resolvers answer user queries with information they acquire via queries
+to foreign name servers and the local cache.
+
+Note that the resolver may have to make several queries to several
+different foreign name servers to answer a particular user query, and
+hence the resolution of a user query may involve several network
+accesses and an arbitrary amount of time. The queries to foreign name
+servers and the corresponding responses have a standard format described
+
+
+
+Mockapetris [Page 4]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in this memo, and may be datagrams.
+
+Depending on its capabilities, a name server could be a stand alone
+program on a dedicated machine or a process or processes on a large
+timeshared host. A simple configuration might be:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+
+Here a primary name server acquires information about one or more zones
+by reading master files from its local file system, and answers queries
+about those zones that arrive from foreign resolvers.
+
+The DNS requires that all zones be redundantly supported by more than
+one name server. Designated secondary servers can acquire zones and
+check for updates from the primary server using the zone transfer
+protocol of the DNS. This configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+In this configuration, the name server periodically establishes a
+virtual circuit to a foreign name server to acquire a copy of a zone or
+to check that an existing copy has not changed. The messages sent for
+
+
+
+Mockapetris [Page 5]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+these maintenance activities follow the same form as queries and
+responses, but the message sequences are somewhat different.
+
+The information flow in a host that supports all aspects of the domain
+name system is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | Shared | |
+ | database | |
+ +----------+ |
+ A | |
+ +---------+ refreshes | | references |
+ / /| | V |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+The shared database holds domain space data for the local name server
+and resolver. The contents of the shared database will typically be a
+mixture of authoritative data maintained by the periodic refresh
+operations of the name server and cached data from previous resolver
+requests. The structure of the domain data and the necessity for
+synchronization between name servers and resolvers imply the general
+characteristics of this database, but the actual format is up to the
+local implementor.
+
+
+
+
+Mockapetris [Page 6]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Information flow can also be tailored so that a group of hosts act
+together to optimize activities. Sometimes this is done to offload less
+capable hosts so that they do not have to implement a full resolver.
+This can be appropriate for PCs or hosts which want to minimize the
+amount of new network code which is required. This scheme can also
+allow a group of hosts can share a small number of caches rather than
+maintaining a large number of separate caches, on the premise that the
+centralized caches will have a higher hit ratio. In either case,
+resolvers are replaced with stub resolvers which act as front ends to
+resolvers located in a recursive server in one or more name servers
+known to perform that service:
+
+ Local Hosts | Foreign
+ |
+ +---------+ |
+ | | responses |
+ | Stub |<--------------------+ |
+ | Resolver| | |
+ | |----------------+ | |
+ +---------+ recursive | | |
+ queries | | |
+ V | |
+ +---------+ recursive +----------+ | +--------+
+ | | queries | |queries | | |
+ | Stub |-------------->| Recursive|---------|->|Foreign |
+ | Resolver| | Server | | | Name |
+ | |<--------------| |<--------|--| Server |
+ +---------+ responses | |responses| | |
+ +----------+ | +--------+
+ | Central | |
+ | cache | |
+ +----------+ |
+
+In any case, note that domain components are always replicated for
+reliability whenever possible.
+
+2.3. Conventions
+
+The domain system has several conventions dealing with low-level, but
+fundamental, issues. While the implementor is free to violate these
+conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in
+ALL behavior observed from other hosts.
+
+2.3.1. Preferred name syntax
+
+The DNS specifications attempt to be as general as possible in the rules
+for constructing domain names. The idea is that the name of any
+existing object can be expressed as a domain name with minimal changes.
+
+
+
+Mockapetris [Page 7]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+However, when assigning a domain name for an object, the prudent user
+will select a name which satisfies both the rules of the domain system
+and any existing rules for the object, whether these rules are published
+or implied by existing programs.
+
+For example, when naming a mail domain, the user should satisfy both the
+rules of this memo and those in RFC-822. When creating a new host name,
+the old rules for HOSTS.TXT should be followed. This avoids problems
+when old software is converted to use domain names.
+
+The following syntax will result in fewer problems with many
+
+applications that use domain names (e.g., mail, TELNET).
+
+<domain> ::= <subdomain> | " "
+
+<subdomain> ::= <label> | <subdomain> "." <label>
+
+<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
+
+<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+
+<let-dig-hyp> ::= <let-dig> | "-"
+
+<let-dig> ::= <letter> | <digit>
+
+<letter> ::= any one of the 52 alphabetic characters A through Z in
+upper case and a through z in lower case
+
+<digit> ::= any one of the ten digits 0 through 9
+
+Note that while upper and lower case letters are allowed in domain
+names, no significance is attached to the case. That is, two names with
+the same spelling but different case are to be treated as if identical.
+
+The labels must follow the rules for ARPANET host names. They must
+start with a letter, end with a letter or digit, and have as interior
+characters only letters, digits, and hyphen. There are also some
+restrictions on the length. Labels must be 63 characters or less.
+
+For example, the following strings identify hosts in the Internet:
+
+A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA
+
+2.3.2. Data Transmission Order
+
+The order of transmission of the header and data described in this
+document is resolved to the octet level. Whenever a diagram shows a
+
+
+
+Mockapetris [Page 8]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+group of octets, the order of transmission of those octets is the normal
+order in which they are read in English. For example, in the following
+diagram, the octets are transmitted in the order they are numbered.
+
+ 0 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 1 | 2 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 3 | 4 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 5 | 6 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+Whenever an octet represents a numeric quantity, the left most bit in
+the diagram is the high order or most significant bit. That is, the bit
+labeled 0 is the most significant bit. For example, the following
+diagram represents the value 170 (decimal).
+
+ 0 1 2 3 4 5 6 7
+ +-+-+-+-+-+-+-+-+
+ |1 0 1 0 1 0 1 0|
+ +-+-+-+-+-+-+-+-+
+
+Similarly, whenever a multi-octet field represents a numeric quantity
+the left most bit of the whole field is the most significant bit. When
+a multi-octet quantity is transmitted the most significant octet is
+transmitted first.
+
+2.3.3. Character Case
+
+For all parts of the DNS that are part of the official protocol, all
+comparisons between character strings (e.g., labels, domain names, etc.)
+are done in a case-insensitive manner. At present, this rule is in
+force throughout the domain system without exception. However, future
+additions beyond current usage may need to use the full binary octet
+capabilities in names, so attempts to store domain names in 7-bit ASCII
+or use of special bytes to terminate labels, etc., should be avoided.
+
+When data enters the domain system, its original case should be
+preserved whenever possible. In certain circumstances this cannot be
+done. For example, if two RRs are stored in a database, one at x.y and
+one at X.Y, they are actually stored at the same place in the database,
+and hence only one casing would be preserved. The basic rule is that
+case can be discarded only when data is used to define structure in a
+database, and two names are identical when compared in a case
+insensitive manner.
+
+
+
+
+Mockapetris [Page 9]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Loss of case sensitive data must be minimized. Thus while data for x.y
+and X.Y may both be stored under a single location x.y or X.Y, data for
+a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In
+general, this preserves the case of the first label of a domain name,
+but forces standardization of interior node labels.
+
+Systems administrators who enter data into the domain database should
+take care to represent the data they supply to the domain system in a
+case-consistent manner if their system is case-sensitive. The data
+distribution system in the domain system will ensure that consistent
+representations are preserved.
+
+2.3.4. Size limits
+
+Various objects and parameters in the DNS have size limits. They are
+listed below. Some could be easily changed, others are more
+fundamental.
+
+labels 63 octets or less
+
+names 255 octets or less
+
+TTL positive values of a signed 32 bit number.
+
+UDP messages 512 octets or less
+
+3. DOMAIN NAME SPACE AND RR DEFINITIONS
+
+3.1. Name space definitions
+
+Domain names in messages are expressed in terms of a sequence of labels.
+Each label is represented as a one octet length field followed by that
+number of octets. Since every domain name ends with the null label of
+the root, a domain name is terminated by a length byte of zero. The
+high order two bits of every length octet must be zero, and the
+remaining six bits of the length field limit the label to 63 octets or
+less.
+
+To simplify implementations, the total length of a domain name (i.e.,
+label octets and label length octets) is restricted to 255 octets or
+less.
+
+Although labels can contain any 8 bit values in octets that make up a
+label, it is strongly recommended that labels follow the preferred
+syntax described elsewhere in this memo, which is compatible with
+existing host naming conventions. Name servers and resolvers must
+compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII
+with zero parity. Non-alphabetic codes must match exactly.
+
+
+
+Mockapetris [Page 10]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.2. RR definitions
+
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+
+where:
+
+NAME an owner name, i.e., the name of the node to which this
+ resource record pertains.
+
+TYPE two octets containing one of the RR TYPE codes.
+
+CLASS two octets containing one of the RR CLASS codes.
+
+TTL a 32 bit signed integer that specifies the time interval
+ that the resource record may be cached before the source
+ of the information should again be consulted. Zero
+ values are interpreted to mean that the RR can only be
+ used for the transaction in progress, and should not be
+ cached. For example, SOA records are always distributed
+ with a zero TTL to prohibit caching. Zero values can
+ also be used for extremely volatile data.
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+
+
+Mockapetris [Page 11]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+
+3.2.2. TYPE values
+
+TYPE fields are used in resource records. Note that these types are a
+subset of QTYPEs.
+
+TYPE value and meaning
+
+A 1 a host address
+
+NS 2 an authoritative name server
+
+MD 3 a mail destination (Obsolete - use MX)
+
+MF 4 a mail forwarder (Obsolete - use MX)
+
+CNAME 5 the canonical name for an alias
+
+SOA 6 marks the start of a zone of authority
+
+MB 7 a mailbox domain name (EXPERIMENTAL)
+
+MG 8 a mail group member (EXPERIMENTAL)
+
+MR 9 a mail rename domain name (EXPERIMENTAL)
+
+NULL 10 a null RR (EXPERIMENTAL)
+
+WKS 11 a well known service description
+
+PTR 12 a domain name pointer
+
+HINFO 13 host information
+
+MINFO 14 mailbox or mail list information
+
+MX 15 mail exchange
+
+TXT 16 text strings
+
+3.2.3. QTYPE values
+
+QTYPE fields appear in the question part of a query. QTYPES are a
+superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
+following QTYPEs are defined:
+
+
+
+Mockapetris [Page 12]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+AXFR 252 A request for a transfer of an entire zone
+
+MAILB 253 A request for mailbox-related records (MB, MG or MR)
+
+MAILA 254 A request for mail agent RRs (Obsolete - see MX)
+
+* 255 A request for all records
+
+3.2.4. CLASS values
+
+CLASS fields appear in resource records. The following CLASS mnemonics
+and values are defined:
+
+IN 1 the Internet
+
+CS 2 the CSNET class (Obsolete - used only for examples in
+ some obsolete RFCs)
+
+CH 3 the CHAOS class
+
+HS 4 Hesiod [Dyer 87]
+
+3.2.5. QCLASS values
+
+QCLASS fields appear in the question section of a query. QCLASS values
+are a superset of CLASS values; every CLASS is a valid QCLASS. In
+addition to CLASS values, the following QCLASSes are defined:
+
+* 255 any class
+
+3.3. Standard RRs
+
+The following RR definitions are expected to occur, at least
+potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
+will be used in all classes, and have the same format in all classes.
+Because their RDATA format is known, all domain names in the RDATA
+section of these RRs may be compressed.
+
+<domain-name> is a domain name represented as a series of labels, and
+terminated by a label with zero length. <character-string> is a single
+length octet followed by that number of characters. <character-string>
+is treated as binary information, and can be up to 256 characters in
+length (including the length octet).
+
+
+
+
+
+
+
+
+Mockapetris [Page 13]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.1. CNAME RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CNAME A <domain-name> which specifies the canonical or primary
+ name for the owner. The owner name is an alias.
+
+CNAME RRs cause no additional section processing, but name servers may
+choose to restart the query at the canonical name in certain cases. See
+the description of name server logic in [RFC-1034] for details.
+
+3.3.2. HINFO RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CPU /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / OS /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CPU A <character-string> which specifies the CPU type.
+
+OS A <character-string> which specifies the operating
+ system type.
+
+Standard values for CPU and OS can be found in [RFC-1010].
+
+HINFO records are used to acquire general information about a host. The
+main use is for protocols such as FTP that can use special procedures
+when talking between machines or operating systems of the same type.
+
+3.3.3. MB RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has the
+ specified mailbox.
+
+
+
+Mockapetris [Page 14]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MB records cause additional section processing which looks up an A type
+RRs corresponding to MADNAME.
+
+3.3.4. MD RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which should be able to deliver
+ mail for the domain.
+
+MD records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MD is obsolete. See the definition of MX and [RFC-974] for details of
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 0.
+
+3.3.5. MF RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which will accept mail for
+ forwarding to the domain.
+
+MF records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MF is obsolete. See the definition of MX and [RFC-974] for details ofw
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 10.
+
+
+
+
+
+
+
+Mockapetris [Page 15]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.6. MG RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MGMNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MGMNAME A <domain-name> which specifies a mailbox which is a
+ member of the mail group specified by the domain name.
+
+MG records cause no additional section processing.
+
+3.3.7. MINFO RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+RMAILBX A <domain-name> which specifies a mailbox which is
+ responsible for the mailing list or mailbox. If this
+ domain name names the root, the owner of the MINFO RR is
+ responsible for itself. Note that many existing mailing
+ lists use a mailbox X-request for the RMAILBX field of
+ mailing list X, e.g., Msgroup-request for Msgroup. This
+ field provides a more general mechanism.
+
+
+EMAILBX A <domain-name> which specifies a mailbox which is to
+ receive error messages related to the mailing list or
+ mailbox specified by the owner of the MINFO RR (similar
+ to the ERRORS-TO: field which has been proposed). If
+ this domain name names the root, errors should be
+ returned to the sender of the message.
+
+MINFO records cause no additional section processing. Although these
+records can be associated with a simple mailbox, they are usually used
+with a mailing list.
+
+
+
+
+
+
+
+
+Mockapetris [Page 16]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.8. MR RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NEWNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NEWNAME A <domain-name> which specifies a mailbox which is the
+ proper rename of the specified mailbox.
+
+MR records cause no additional section processing. The main use for MR
+is as a forwarding entry for a user who has moved to a different
+mailbox.
+
+3.3.9. MX RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PREFERENCE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EXCHANGE /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PREFERENCE A 16 bit integer which specifies the preference given to
+ this RR among others at the same owner. Lower values
+ are preferred.
+
+EXCHANGE A <domain-name> which specifies a host willing to act as
+ a mail exchange for the owner name.
+
+MX records cause type A additional section processing for the host
+specified by EXCHANGE. The use of MX RRs is explained in detail in
+[RFC-974].
+
+3.3.10. NULL RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / <anything> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+Anything at all may be in the RDATA field so long as it is 65535 octets
+or less.
+
+
+
+
+Mockapetris [Page 17]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+NULL records cause no additional section processing. NULL RRs are not
+allowed in master files. NULLs are used as placeholders in some
+experimental extensions of the DNS.
+
+3.3.11. NS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NSDNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NSDNAME A <domain-name> which specifies a host which should be
+ authoritative for the specified class and domain.
+
+NS records cause both the usual additional section processing to locate
+a type A record, and, when used in a referral, a special search of the
+zone in which they reside for glue information.
+
+The NS RR states that the named host should be expected to have a zone
+starting at owner name of the specified class. Note that the class may
+not indicate the protocol family which should be used to communicate
+with the host, although it is typically a strong hint. For example,
+hosts which are name servers for either Internet (IN) or Hesiod (HS)
+class information are normally queried using IN class protocols.
+
+3.3.12. PTR RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / PTRDNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PTRDNAME A <domain-name> which points to some location in the
+ domain name space.
+
+PTR records cause no additional section processing. These RRs are used
+in special domains to point to some other location in the domain space.
+These records are simple data, and don't imply any special processing
+similar to that performed by CNAME, which identifies aliases. See the
+description of the IN-ADDR.ARPA domain for an example.
+
+
+
+
+
+
+
+
+Mockapetris [Page 18]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.13. SOA RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | SERIAL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | REFRESH |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RETRY |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | EXPIRE |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | MINIMUM |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MNAME The <domain-name> of the name server that was the
+ original or primary source of data for this zone.
+
+RNAME A <domain-name> which specifies the mailbox of the
+ person responsible for this zone.
+
+SERIAL The unsigned 32 bit version number of the original copy
+ of the zone. Zone transfers preserve this value. This
+ value wraps and should be compared using sequence space
+ arithmetic.
+
+REFRESH A 32 bit time interval before the zone should be
+ refreshed.
+
+RETRY A 32 bit time interval that should elapse before a
+ failed refresh should be retried.
+
+EXPIRE A 32 bit time value that specifies the upper limit on
+ the time interval that can elapse before the zone is no
+ longer authoritative.
+
+
+
+
+
+Mockapetris [Page 19]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MINIMUM The unsigned 32 bit minimum TTL field that should be
+ exported with any RR from this zone.
+
+SOA records cause no additional section processing.
+
+All times are in units of seconds.
+
+Most of these fields are pertinent only for name server maintenance
+operations. However, MINIMUM is used in all query operations that
+retrieve RRs from a zone. Whenever a RR is sent in a response to a
+query, the TTL field is set to the maximum of the TTL field from the RR
+and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower
+bound on the TTL field for all RRs in a zone. Note that this use of
+MINIMUM should occur when the RRs are copied into the response and not
+when the zone is loaded from a master file or via a zone transfer. The
+reason for this provison is to allow future dynamic update facilities to
+change the SOA RR with known semantics.
+
+
+3.3.14. TXT RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / TXT-DATA /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+TXT-DATA One or more <character-string>s.
+
+TXT RRs are used to hold descriptive text. The semantics of the text
+depends on the domain where it is found.
+
+3.4. Internet specific RRs
+
+3.4.1. A RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS A 32 bit Internet address.
+
+Hosts that have multiple Internet addresses will have multiple A
+records.
+
+
+
+
+
+Mockapetris [Page 20]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+A records cause no additional section processing. The RDATA section of
+an A line in a master file is an Internet address expressed as four
+decimal numbers separated by dots without any imbedded spaces (e.g.,
+"10.2.0.52" or "192.0.5.6").
+
+3.4.2. WKS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PROTOCOL | |
+ +--+--+--+--+--+--+--+--+ |
+ | |
+ / <BIT MAP> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS An 32 bit Internet address
+
+PROTOCOL An 8 bit IP protocol number
+
+<BIT MAP> A variable length bit map. The bit map must be a
+ multiple of 8 bits long.
+
+The WKS record is used to describe the well known services supported by
+a particular protocol on a particular internet address. The PROTOCOL
+field specifies an IP protocol number, and the bit map has one bit per
+port of the specified protocol. The first bit corresponds to port 0,
+the second to port 1, etc. If the bit map does not include a bit for a
+protocol of interest, that bit is assumed zero. The appropriate values
+and mnemonics for ports and protocols are specified in [RFC-1010].
+
+For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port
+25 (SMTP). If this bit is set, a SMTP server should be listening on TCP
+port 25; if zero, SMTP service is not supported on the specified
+address.
+
+The purpose of WKS RRs is to provide availability information for
+servers for TCP and UDP. If a server supports both TCP and UDP, or has
+multiple Internet addresses, then multiple WKS RRs are used.
+
+WKS RRs cause no additional section processing.
+
+In master files, both ports and protocols are expressed using mnemonics
+or decimal numbers.
+
+
+
+
+Mockapetris [Page 21]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.5. IN-ADDR.ARPA domain
+
+The Internet uses a special domain to support gateway location and
+Internet address to host mapping. Other classes may employ a similar
+strategy in other domains. The intent of this domain is to provide a
+guaranteed method to perform host address to host name mapping, and to
+facilitate queries to locate all gateways on a particular network in the
+Internet.
+
+Note that both of these services are similar to functions that could be
+performed by inverse queries; the difference is that this part of the
+domain name space is structured according to address, and hence can
+guarantee that the appropriate data can be located without an exhaustive
+search of the domain space.
+
+The domain begins at IN-ADDR.ARPA and has a substructure which follows
+the Internet addressing structure.
+
+Domain names in the IN-ADDR.ARPA domain are defined to have up to four
+labels in addition to the IN-ADDR.ARPA suffix. Each label represents
+one octet of an Internet address, and is expressed as a character string
+for a decimal value in the range 0-255 (with leading zeros omitted
+except in the case of a zero octet which is represented by a single
+zero).
+
+Host addresses are represented by domain names that have all four labels
+specified. Thus data for Internet address 10.2.0.52 is located at
+domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to
+read, allows zones to be delegated which are exactly one network of
+address space. For example, 10.IN-ADDR.ARPA can be a zone containing
+data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for
+MILNET. Address nodes are used to hold pointers to primary host names
+in the normal domain space.
+
+Network numbers correspond to some non-terminal nodes at various depths
+in the IN-ADDR.ARPA domain, since Internet network numbers are either 1,
+2, or 3 octets. Network nodes are used to hold pointers to the primary
+host names of gateways attached to that network. Since a gateway is, by
+definition, on more than one network, it will typically have two or more
+network nodes which point at it. Gateways will also have host level
+pointers at their fully qualified addresses.
+
+Both the gateway pointers at network nodes and the normal host pointers
+at full address nodes use the PTR RR to point back to the primary domain
+names of the corresponding hosts.
+
+For example, the IN-ADDR.ARPA domain will contain information about the
+ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's
+
+
+
+Mockapetris [Page 22]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI
+gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET-
+GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4
+and a name GW.LCS.MIT.EDU, the domain database would contain:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU.
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Thus a program which wanted to locate gateways on net 10 would originate
+a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It
+would receive two RRs in response:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+
+The program could then originate QTYPE=A, QCLASS=IN queries for MILNET-
+GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of
+these gateways.
+
+A resolver which wanted to find the host name corresponding to Internet
+host address 10.0.0.6 would pursue a query of the form QTYPE=PTR,
+QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive:
+
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Several cautions apply to the use of these services:
+ - Since the IN-ADDR.ARPA special domain and the normal domain
+ for a particular host or gateway will be in different zones,
+ the possibility exists that that the data may be inconsistent.
+
+ - Gateways will often have two names in separate domains, only
+ one of which can be primary.
+
+ - Systems that use the domain database to initialize their
+ routing tables must start with enough gateway information to
+ guarantee that they can access the appropriate name server.
+
+ - The gateway data only reflects the existence of a gateway in a
+ manner equivalent to the current HOSTS.TXT file. It doesn't
+ replace the dynamic availability information from GGP or EGP.
+
+
+
+Mockapetris [Page 23]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.6. Defining new types, classes, and special namespaces
+
+The previously defined types and classes are the ones in use as of the
+date of this memo. New definitions should be expected. This section
+makes some recommendations to designers considering additions to the
+existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the
+forum where general discussion of design issues takes place.
+
+In general, a new type is appropriate when new information is to be
+added to the database about an existing object, or we need new data
+formats for some totally new object. Designers should attempt to define
+types and their RDATA formats that are generally applicable to all
+classes, and which avoid duplication of information. New classes are
+appropriate when the DNS is to be used for a new protocol, etc which
+requires new class-specific data formats, or when a copy of the existing
+name space is desired, but a separate management domain is necessary.
+
+New types and classes need mnemonics for master files; the format of the
+master files requires that the mnemonics for type and class be disjoint.
+
+TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes
+respectively.
+
+The present system uses multiple RRs to represent multiple values of a
+type rather than storing multiple values in the RDATA section of a
+single RR. This is less efficient for most applications, but does keep
+RRs shorter. The multiple RRs assumption is incorporated in some
+experimental work on dynamic update methods.
+
+The present system attempts to minimize the duplication of data in the
+database in order to insure consistency. Thus, in order to find the
+address of the host for a mail exchange, you map the mail domain name to
+a host name, then the host name to addresses, rather than a direct
+mapping to host address. This approach is preferred because it avoids
+the opportunity for inconsistency.
+
+In defining a new type of data, multiple RR types should not be used to
+create an ordering between entries or express different formats for
+equivalent bindings, instead this information should be carried in the
+body of the RR and a single type used. This policy avoids problems with
+caching multiple types and defining QTYPEs to match multiple types.
+
+For example, the original form of mail exchange binding used two RR
+types one to represent a "closer" exchange (MD) and one to represent a
+"less close" exchange (MF). The difficulty is that the presence of one
+RR type in a cache doesn't convey any information about the other
+because the query which acquired the cached information might have used
+a QTYPE of MF, MD, or MAILA (which matched both). The redesigned
+
+
+
+Mockapetris [Page 24]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+service used a single type (MX) with a "preference" value in the RDATA
+section which can order different RRs. However, if any MX RRs are found
+in the cache, then all should be there.
+
+4. MESSAGES
+
+4.1. Format
+
+All communications inside of the domain protocol are carried in a single
+format called a message. The top level format of message is divided
+into 5 sections (some of which are empty in certain cases) shown below:
+
+ +---------------------+
+ | Header |
+ +---------------------+
+ | Question | the question for the name server
+ +---------------------+
+ | Answer | RRs answering the question
+ +---------------------+
+ | Authority | RRs pointing toward an authority
+ +---------------------+
+ | Additional | RRs holding additional information
+ +---------------------+
+
+The header section is always present. The header includes fields that
+specify which of the remaining sections are present, and also specify
+whether the message is a query or a response, a standard query or some
+other opcode, etc.
+
+The names of the sections after the header are derived from their use in
+standard queries. The question section contains fields that describe a
+question to a name server. These fields are a query type (QTYPE), a
+query class (QCLASS), and a query domain name (QNAME). The last three
+sections have the same format: a possibly empty list of concatenated
+resource records (RRs). The answer section contains RRs that answer the
+question; the authority section contains RRs that point toward an
+authoritative name server; the additional records section contains RRs
+which relate to the query, but are not strictly answers for the
+question.
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 25]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+4.1.1. Header section format
+
+The header contains the following fields:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ID |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QDCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ANCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | NSCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ARCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID A 16 bit identifier assigned by the program that
+ generates any kind of query. This identifier is copied
+ the corresponding reply and can be used by the requester
+ to match up replies to outstanding queries.
+
+QR A one bit field that specifies whether this message is a
+ query (0), or a response (1).
+
+OPCODE A four bit field that specifies kind of query in this
+ message. This value is set by the originator of a query
+ and copied into the response. The values are:
+
+ 0 a standard query (QUERY)
+
+ 1 an inverse query (IQUERY)
+
+ 2 a server status request (STATUS)
+
+ 3-15 reserved for future use
+
+AA Authoritative Answer - this bit is valid in responses,
+ and specifies that the responding name server is an
+ authority for the domain name in question section.
+
+ Note that the contents of the answer section may have
+ multiple owner names because of aliases. The AA bit
+
+
+
+Mockapetris [Page 26]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ corresponds to the name which matches the query name, or
+ the first owner name in the answer section.
+
+TC TrunCation - specifies that this message was truncated
+ due to length greater than that permitted on the
+ transmission channel.
+
+RD Recursion Desired - this bit may be set in a query and
+ is copied into the response. If RD is set, it directs
+ the name server to pursue the query recursively.
+ Recursive query support is optional.
+
+RA Recursion Available - this be is set or cleared in a
+ response, and denotes whether recursive query support is
+ available in the name server.
+
+Z Reserved for future use. Must be zero in all queries
+ and responses.
+
+RCODE Response code - this 4 bit field is set as part of
+ responses. The values have the following
+ interpretation:
+
+ 0 No error condition
+
+ 1 Format error - The name server was
+ unable to interpret the query.
+
+ 2 Server failure - The name server was
+ unable to process this query due to a
+ problem with the name server.
+
+ 3 Name Error - Meaningful only for
+ responses from an authoritative name
+ server, this code signifies that the
+ domain name referenced in the query does
+ not exist.
+
+ 4 Not Implemented - The name server does
+ not support the requested kind of query.
+
+ 5 Refused - The name server refuses to
+ perform the specified operation for
+ policy reasons. For example, a name
+ server may not wish to provide the
+ information to the particular requester,
+ or a name server may not wish to perform
+ a particular operation (e.g., zone
+
+
+
+Mockapetris [Page 27]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ transfer) for particular data.
+
+ 6-15 Reserved for future use.
+
+QDCOUNT an unsigned 16 bit integer specifying the number of
+ entries in the question section.
+
+ANCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the answer section.
+
+NSCOUNT an unsigned 16 bit integer specifying the number of name
+ server resource records in the authority records
+ section.
+
+ARCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the additional records section.
+
+4.1.2. Question section format
+
+The question section is used to carry the "question" in most queries,
+i.e., the parameters that define what is being asked. The section
+contains QDCOUNT (usually 1) entries, each of the following format:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / QNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QTYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QCLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+QNAME a domain name represented as a sequence of labels, where
+ each label consists of a length octet followed by that
+ number of octets. The domain name terminates with the
+ zero length octet for the null label of the root. Note
+ that this field may be an odd number of octets; no
+ padding is used.
+
+QTYPE a two octet code which specifies the type of the query.
+ The values for this field include all codes valid for a
+ TYPE field, together with some more general codes which
+ can match more than one type of RR.
+
+
+
+Mockapetris [Page 28]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+QCLASS a two octet code that specifies the class of the query.
+ For example, the QCLASS field is IN for the Internet.
+
+4.1.3. Resource record format
+
+The answer, authority, and additional sections all share the same
+format: a variable number of resource records, where the number of
+records is specified in the corresponding count field in the header.
+Each resource record has the following format:
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME a domain name to which this resource record pertains.
+
+TYPE two octets containing one of the RR type codes. This
+ field specifies the meaning of the data in the RDATA
+ field.
+
+CLASS two octets which specify the class of the data in the
+ RDATA field.
+
+TTL a 32 bit unsigned integer that specifies the time
+ interval (in seconds) that the resource record may be
+ cached before it should be discarded. Zero values are
+ interpreted to mean that the RR can only be used for the
+ transaction in progress, and should not be cached.
+
+
+
+
+
+Mockapetris [Page 29]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+ For example, the if the TYPE is A and the CLASS is IN,
+ the RDATA field is a 4 octet ARPA Internet address.
+
+4.1.4. Message compression
+
+In order to reduce the size of messages, the domain system utilizes a
+compression scheme which eliminates the repetition of domain names in a
+message. In this scheme, an entire domain name or a list of labels at
+the end of a domain name is replaced with a pointer to a prior occurance
+of the same name.
+
+The pointer takes the form of a two octet sequence:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | 1 1| OFFSET |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The first two bits are ones. This allows a pointer to be distinguished
+from a label, since the label must begin with two zero bits because
+labels are restricted to 63 octets or less. (The 10 and 01 combinations
+are reserved for future use.) The OFFSET field specifies an offset from
+the start of the message (i.e., the first octet of the ID field in the
+domain header). A zero offset specifies the first byte of the ID field,
+etc.
+
+The compression scheme allows a domain name in a message to be
+represented as either:
+
+ - a sequence of labels ending in a zero octet
+
+ - a pointer
+
+ - a sequence of labels ending with a pointer
+
+Pointers can only be used for occurances of a domain name where the
+format is not class specific. If this were not the case, a name server
+or resolver would be required to know the format of all RRs it handled.
+As yet, there are no such cases, but they may occur in future RDATA
+formats.
+
+If a domain name is contained in a part of the message subject to a
+length field (such as the RDATA section of an RR), and compression is
+
+
+
+Mockapetris [Page 30]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+used, the length of the compressed name is used in the length
+calculation, rather than the length of the expanded name.
+
+Programs are free to avoid using pointers in messages they generate,
+although this will reduce datagram capacity, and may cause truncation.
+However all programs are required to understand arriving messages that
+contain pointers.
+
+For example, a datagram might need to use the domain names F.ISI.ARPA,
+FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the
+message, these domain names might be represented as:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 20 | 1 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 22 | 3 | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 24 | S | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 26 | 4 | A |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 28 | R | P |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 30 | A | 0 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 40 | 3 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 42 | O | O |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 44 | 1 1| 20 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 64 | 1 1| 26 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 92 | 0 | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The domain name for F.ISI.ARPA is shown at offset 20. The domain name
+FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to
+concatenate a label for FOO to the previously defined F.ISI.ARPA. The
+domain name ARPA is defined at offset 64 using a pointer to the ARPA
+component of the name F.ISI.ARPA at 20; note that this pointer relies on
+ARPA being the last label in the string at 20. The root domain name is
+
+
+
+Mockapetris [Page 31]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+defined by a single octet of zeros at 92; the root domain name has no
+labels.
+
+4.2. Transport
+
+The DNS assumes that messages will be transmitted as datagrams or in a
+byte stream carried by a virtual circuit. While virtual circuits can be
+used for any DNS activity, datagrams are preferred for queries due to
+their lower overhead and better performance. Zone refresh activities
+must use virtual circuits because of the need for reliable transfer.
+
+The Internet supports name server access using TCP [RFC-793] on server
+port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
+port 53 (decimal).
+
+4.2.1. UDP usage
+
+Messages sent using UDP user server port 53 (decimal).
+
+Messages carried by UDP are restricted to 512 bytes (not counting the IP
+or UDP headers). Longer messages are truncated and the TC bit is set in
+the header.
+
+UDP is not acceptable for zone transfers, but is the recommended method
+for standard queries in the Internet. Queries sent using UDP may be
+lost, and hence a retransmission strategy is required. Queries or their
+responses may be reordered by the network, or by processing in name
+servers, so resolvers should not depend on them being returned in order.
+
+The optimal UDP retransmission policy will vary with performance of the
+Internet and the needs of the client, but the following are recommended:
+
+ - The client should try other servers and server addresses
+ before repeating a query to a specific address of a server.
+
+ - The retransmission interval should be based on prior
+ statistics if possible. Too aggressive retransmission can
+ easily slow responses for the community at large. Depending
+ on how well connected the client is to its expected servers,
+ the minimum retransmission interval should be 2-5 seconds.
+
+More suggestions on server selection and retransmission policy can be
+found in the resolver section of this memo.
+
+4.2.2. TCP usage
+
+Messages sent over TCP connections use server port 53 (decimal). The
+message is prefixed with a two byte length field which gives the message
+
+
+
+Mockapetris [Page 32]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+length, excluding the two byte length field. This length field allows
+the low-level processing to assemble a complete message before beginning
+to parse it.
+
+Several connection management policies are recommended:
+
+ - The server should not block other activities waiting for TCP
+ data.
+
+ - The server should support multiple connections.
+
+ - The server should assume that the client will initiate
+ connection closing, and should delay closing its end of the
+ connection until all outstanding client requests have been
+ satisfied.
+
+ - If the server needs to close a dormant connection to reclaim
+ resources, it should wait until the connection has been idle
+ for a period on the order of two minutes. In particular, the
+ server should allow the SOA and AXFR request sequence (which
+ begins a refresh operation) to be made on a single connection.
+ Since the server would be unable to answer queries anyway, a
+ unilateral close or reset may be used instead of a graceful
+ close.
+
+5. MASTER FILES
+
+Master files are text files that contain RRs in text form. Since the
+contents of a zone can be expressed in the form of a list of RRs a
+master file is most often used to define a zone, though it can be used
+to list a cache's contents. Hence, this section first discusses the
+format of RRs in a master file, and then the special considerations when
+a master file is used to create a zone in some name server.
+
+5.1. Format
+
+The format of these files is a sequence of entries. Entries are
+predominantly line-oriented, though parentheses can be used to continue
+a list of items across a line boundary, and text literals can contain
+CRLF within the text. Any combination of tabs and spaces act as a
+delimiter between the separate items that make up an entry. The end of
+any line in the master file can end with a comment. The comment starts
+with a ";" (semicolon).
+
+The following entries are defined:
+
+ <blank>[<comment>]
+
+
+
+
+Mockapetris [Page 33]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ $ORIGIN <domain-name> [<comment>]
+
+ $INCLUDE <file-name> [<domain-name>] [<comment>]
+
+ <domain-name><rr> [<comment>]
+
+ <blank><rr> [<comment>]
+
+Blank lines, with or without comments, are allowed anywhere in the file.
+
+Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is
+followed by a domain name, and resets the current origin for relative
+domain names to the stated name. $INCLUDE inserts the named file into
+the current file, and may optionally specify a domain name that sets the
+relative domain name origin for the included file. $INCLUDE may also
+have a comment. Note that a $INCLUDE entry never changes the relative
+origin of the parent file, regardless of changes to the relative origin
+made within the included file.
+
+The last two forms represent RRs. If an entry for an RR begins with a
+blank, then the RR is assumed to be owned by the last stated owner. If
+an RR entry begins with a <domain-name>, then the owner name is reset.
+
+<rr> contents take one of the following forms:
+
+ [<TTL>] [<class>] <type> <RDATA>
+
+ [<class>] [<TTL>] <type> <RDATA>
+
+The RR begins with optional TTL and class fields, followed by a type and
+RDATA field appropriate to the type and class. Class and type use the
+standard mnemonics, TTL is a decimal integer. Omitted class and TTL
+values are default to the last explicitly stated values. Since type and
+class mnemonics are disjoint, the parse is unique. (Note that this
+order is different from the order used in examples and the order used in
+the actual RRs; the given order allows easier parsing and defaulting.)
+
+<domain-name>s make up a large share of the data in the master file.
+The labels in the domain name are expressed as character strings and
+separated by dots. Quoting conventions allow arbitrary characters to be
+stored in domain names. Domain names that end in a dot are called
+absolute, and are taken as complete. Domain names which do not end in a
+dot are called relative; the actual domain name is the concatenation of
+the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as
+an argument to the master file loading routine. A relative name is an
+error when no origin is available.
+
+
+
+
+
+Mockapetris [Page 34]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+<character-string> is expressed in one or two ways: as a contiguous set
+of characters without interior spaces, or as a string beginning with a "
+and ending with a ". Inside a " delimited string any character can
+occur, except for a " itself, which must be quoted using \ (back slash).
+
+Because these files are text files several special encodings are
+necessary to allow arbitrary data to be loaded. In particular:
+
+ of the root.
+
+@ A free standing @ is used to denote the current origin.
+
+\X where X is any character other than a digit (0-9), is
+ used to quote that character so that its special meaning
+ does not apply. For example, "\." can be used to place
+ a dot character in a label.
+
+\DDD where each D is a digit is the octet corresponding to
+ the decimal number described by DDD. The resulting
+ octet is assumed to be text and is not checked for
+ special meaning.
+
+( ) Parentheses are used to group data that crosses a line
+ boundary. In effect, line terminations are not
+ recognized within parentheses.
+
+; Semicolon is used to start a comment; the remainder of
+ the line is ignored.
+
+5.2. Use of master files to define zones
+
+When a master file is used to load a zone, the operation should be
+suppressed if any errors are encountered in the master file. The
+rationale for this is that a single error can have widespread
+consequences. For example, suppose that the RRs defining a delegation
+have syntax errors; then the server will return authoritative name
+errors for all names in the subzone (except in the case where the
+subzone is also present on the server).
+
+Several other validity checks that should be performed in addition to
+insuring that the file is syntactically correct:
+
+ 1. All RRs in the file should have the same class.
+
+ 2. Exactly one SOA RR should be present at the top of the zone.
+
+ 3. If delegations are present and glue information is required,
+ it should be present.
+
+
+
+Mockapetris [Page 35]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 4. Information present outside of the authoritative nodes in the
+ zone should be glue information, rather than the result of an
+ origin or similar error.
+
+5.3. Master file example
+
+The following is an example file which might be used to define the
+ISI.EDU zone.and is loaded with an origin of ISI.EDU:
+
+@ IN SOA VENERA Action\.domains (
+ 20 ; SERIAL
+ 7200 ; REFRESH
+ 600 ; RETRY
+ 3600000; EXPIRE
+ 60) ; MINIMUM
+
+ NS A.ISI.EDU.
+ NS VENERA
+ NS VAXA
+ MX 10 VENERA
+ MX 20 VAXA
+
+A A 26.3.0.103
+
+VENERA A 10.1.0.52
+ A 128.9.0.32
+
+VAXA A 10.2.0.27
+ A 128.9.0.33
+
+
+$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT
+
+Where the file <SUBSYS>ISI-MAILBOXES.TXT is:
+
+ MOE MB A.ISI.EDU.
+ LARRY MB A.ISI.EDU.
+ CURLEY MB A.ISI.EDU.
+ STOOGES MG MOE
+ MG LARRY
+ MG CURLEY
+
+Note the use of the \ character in the SOA RR to specify the responsible
+person mailbox "Action.domains@E.ISI.EDU".
+
+
+
+
+
+
+
+Mockapetris [Page 36]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+6. NAME SERVER IMPLEMENTATION
+
+6.1. Architecture
+
+The optimal structure for the name server will depend on the host
+operating system and whether the name server is integrated with resolver
+operations, either by supporting recursive service, or by sharing its
+database with a resolver. This section discusses implementation
+considerations for a name server which shares a database with a
+resolver, but most of these concerns are present in any name server.
+
+6.1.1. Control
+
+A name server must employ multiple concurrent activities, whether they
+are implemented as separate tasks in the host's OS or multiplexing
+inside a single name server program. It is simply not acceptable for a
+name server to block the service of UDP requests while it waits for TCP
+data for refreshing or query activities. Similarly, a name server
+should not attempt to provide recursive service without processing such
+requests in parallel, though it may choose to serialize requests from a
+single client, or to regard identical requests from the same client as
+duplicates. A name server should not substantially delay requests while
+it reloads a zone from master files or while it incorporates a newly
+refreshed zone into its database.
+
+6.1.2. Database
+
+While name server implementations are free to use any internal data
+structures they choose, the suggested structure consists of three major
+parts:
+
+ - A "catalog" data structure which lists the zones available to
+ this server, and a "pointer" to the zone data structure. The
+ main purpose of this structure is to find the nearest ancestor
+ zone, if any, for arriving standard queries.
+
+ - Separate data structures for each of the zones held by the
+ name server.
+
+ - A data structure for cached data. (or perhaps separate caches
+ for different classes)
+
+All of these data structures can be implemented an identical tree
+structure format, with different data chained off the nodes in different
+parts: in the catalog the data is pointers to zones, while in the zone
+and cache data structures, the data will be RRs. In designing the tree
+framework the designer should recognize that query processing will need
+to traverse the tree using case-insensitive label comparisons; and that
+
+
+
+Mockapetris [Page 37]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in real data, a few nodes have a very high branching factor (100-1000 or
+more), but the vast majority have a very low branching factor (0-1).
+
+One way to solve the case problem is to store the labels for each node
+in two pieces: a standardized-case representation of the label where all
+ASCII characters are in a single case, together with a bit mask that
+denotes which characters are actually of a different case. The
+branching factor diversity can be handled using a simple linked list for
+a node until the branching factor exceeds some threshold, and
+transitioning to a hash structure after the threshold is exceeded. In
+any case, hash structures used to store tree sections must insure that
+hash functions and procedures preserve the casing conventions of the
+DNS.
+
+The use of separate structures for the different parts of the database
+is motivated by several factors:
+
+ - The catalog structure can be an almost static structure that
+ need change only when the system administrator changes the
+ zones supported by the server. This structure can also be
+ used to store parameters used to control refreshing
+ activities.
+
+ - The individual data structures for zones allow a zone to be
+ replaced simply by changing a pointer in the catalog. Zone
+ refresh operations can build a new structure and, when
+ complete, splice it into the database via a simple pointer
+ replacement. It is very important that when a zone is
+ refreshed, queries should not use old and new data
+ simultaneously.
+
+ - With the proper search procedures, authoritative data in zones
+ will always "hide", and hence take precedence over, cached
+ data.
+
+ - Errors in zone definitions that cause overlapping zones, etc.,
+ may cause erroneous responses to queries, but problem
+ determination is simplified, and the contents of one "bad"
+ zone can't corrupt another.
+
+ - Since the cache is most frequently updated, it is most
+ vulnerable to corruption during system restarts. It can also
+ become full of expired RR data. In either case, it can easily
+ be discarded without disturbing zone data.
+
+A major aspect of database design is selecting a structure which allows
+the name server to deal with crashes of the name server's host. State
+information which a name server should save across system crashes
+
+
+
+Mockapetris [Page 38]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+includes the catalog structure (including the state of refreshing for
+each zone) and the zone data itself.
+
+6.1.3. Time
+
+Both the TTL data for RRs and the timing data for refreshing activities
+depends on 32 bit timers in units of seconds. Inside the database,
+refresh timers and TTLs for cached data conceptually "count down", while
+data in the zone stays with constant TTLs.
+
+A recommended implementation strategy is to store time in two ways: as
+a relative increment and as an absolute time. One way to do this is to
+use positive 32 bit numbers for one type and negative numbers for the
+other. The RRs in zones use relative times; the refresh timers and
+cache data use absolute times. Absolute numbers are taken with respect
+to some known origin and converted to relative values when placed in the
+response to a query. When an absolute TTL is negative after conversion
+to relative, then the data is expired and should be ignored.
+
+6.2. Standard query processing
+
+The major algorithm for standard query processing is presented in
+[RFC-1034].
+
+When processing queries with QCLASS=*, or some other QCLASS which
+matches multiple classes, the response should never be authoritative
+unless the server can guarantee that the response covers all classes.
+
+When composing a response, RRs which are to be inserted in the
+additional section, but duplicate RRs in the answer or authority
+sections, may be omitted from the additional section.
+
+When a response is so long that truncation is required, the truncation
+should start at the end of the response and work forward in the
+datagram. Thus if there is any data for the authority section, the
+answer section is guaranteed to be unique.
+
+The MINIMUM value in the SOA should be used to set a floor on the TTL of
+data distributed from a zone. This floor function should be done when
+the data is copied into a response. This will allow future dynamic
+update protocols to change the SOA MINIMUM field without ambiguous
+semantics.
+
+6.3. Zone refresh and reload processing
+
+In spite of a server's best efforts, it may be unable to load zone data
+from a master file due to syntax errors, etc., or be unable to refresh a
+zone within the its expiration parameter. In this case, the name server
+
+
+
+Mockapetris [Page 39]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+should answer queries as if it were not supposed to possess the zone.
+
+If a master is sending a zone out via AXFR, and a new version is created
+during the transfer, the master should continue to send the old version
+if possible. In any case, it should never send part of one version and
+part of another. If completion is not possible, the master should reset
+the connection on which the zone transfer is taking place.
+
+6.4. Inverse queries (Optional)
+
+Inverse queries are an optional part of the DNS. Name servers are not
+required to support any form of inverse queries. If a name server
+receives an inverse query that it does not support, it returns an error
+response with the "Not Implemented" error set in the header. While
+inverse query support is optional, all name servers must be at least
+able to return the error response.
+
+6.4.1. The contents of inverse queries and responses Inverse
+queries reverse the mappings performed by standard query operations;
+while a standard query maps a domain name to a resource, an inverse
+query maps a resource to a domain name. For example, a standard query
+might bind a domain name to a host address; the corresponding inverse
+query binds the host address to a domain name.
+
+Inverse queries take the form of a single RR in the answer section of
+the message, with an empty question section. The owner name of the
+query RR and its TTL are not significant. The response carries
+questions in the question section which identify all names possessing
+the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows
+about all of the domain name space, the response can never be assumed to
+be complete. Thus inverse queries are primarily useful for database
+management and debugging activities. Inverse queries are NOT an
+acceptable method of mapping host addresses to host names; use the IN-
+ADDR.ARPA domain instead.
+
+Where possible, name servers should provide case-insensitive comparisons
+for inverse queries. Thus an inverse query asking for an MX RR of
+"Venera.isi.edu" should get the same response as a query for
+"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should
+produce the same result as an inverse query for "IBM-pc unix". However,
+this cannot be guaranteed because name servers may possess RRs that
+contain character strings but the name server does not know that the
+data is character.
+
+When a name server processes an inverse query, it either returns:
+
+ 1. zero, one, or multiple domain names for the specified
+ resource as QNAMEs in the question section
+
+
+
+Mockapetris [Page 40]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 2. an error code indicating that the name server doesn't support
+ inverse mapping of the specified resource type.
+
+When the response to an inverse query contains one or more QNAMEs, the
+owner name and TTL of the RR in the answer section which defines the
+inverse query is modified to exactly match an RR found at the first
+QNAME.
+
+RRs returned in the inverse queries cannot be cached using the same
+mechanism as is used for the replies to standard queries. One reason
+for this is that a name might have multiple RRs of the same type, and
+only one would appear. For example, an inverse query for a single
+address of a multiply homed host might create the impression that only
+one address existed.
+
+6.4.2. Inverse query and response example The overall structure
+of an inverse query for retrieving the domain name that corresponds to
+Internet address 10.1.0.52 is shown below:
+
+ +-----------------------------------------+
+ Header | OPCODE=IQUERY, ID=997 |
+ +-----------------------------------------+
+ Question | <empty> |
+ +-----------------------------------------+
+ Answer | <anyname> A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+This query asks for a question whose answer is the Internet style
+address 10.1.0.52. Since the owner name is not known, any domain name
+can be used as a placeholder (and is ignored). A single octet of zero,
+signifying the root, is usually used because it minimizes the length of
+the message. The TTL of the RR is not significant. The response to
+this query might be:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 41]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ +-----------------------------------------+
+ Header | OPCODE=RESPONSE, ID=997 |
+ +-----------------------------------------+
+ Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
+ +-----------------------------------------+
+ Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+Note that the QTYPE in a response to an inverse query is the same as the
+TYPE field in the answer section of the inverse query. Responses to
+inverse queries may contain multiple questions when the inverse is not
+unique. If the question section in the response is not empty, then the
+RR in the answer section is modified to correspond to be an exact copy
+of an RR at the first QNAME.
+
+6.4.3. Inverse query processing
+
+Name servers that support inverse queries can support these operations
+through exhaustive searches of their databases, but this becomes
+impractical as the size of the database increases. An alternative
+approach is to invert the database according to the search key.
+
+For name servers that support multiple zones and a large amount of data,
+the recommended approach is separate inversions for each zone. When a
+particular zone is changed during a refresh, only its inversions need to
+be redone.
+
+Support for transfer of this type of inversion may be included in future
+versions of the domain system, but is not supported in this version.
+
+6.5. Completion queries and responses
+
+The optional completion services described in RFC-882 and RFC-883 have
+been deleted. Redesigned services may become available in the future.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 42]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7. RESOLVER IMPLEMENTATION
+
+The top levels of the recommended resolver algorithm are discussed in
+[RFC-1034]. This section discusses implementation details assuming the
+database structure suggested in the name server implementation section
+of this memo.
+
+7.1. Transforming a user request into a query
+
+The first step a resolver takes is to transform the client's request,
+stated in a format suitable to the local OS, into a search specification
+for RRs at a specific name which match a specific QTYPE and QCLASS.
+Where possible, the QTYPE and QCLASS should correspond to a single type
+and a single class, because this makes the use of cached data much
+simpler. The reason for this is that the presence of data of one type
+in a cache doesn't confirm the existence or non-existence of data of
+other types, hence the only way to be sure is to consult an
+authoritative source. If QCLASS=* is used, then authoritative answers
+won't be available.
+
+Since a resolver must be able to multiplex multiple requests if it is to
+perform its function efficiently, each pending request is usually
+represented in some block of state information. This state block will
+typically contain:
+
+ - A timestamp indicating the time the request began.
+ The timestamp is used to decide whether RRs in the database
+ can be used or are out of date. This timestamp uses the
+ absolute time format previously discussed for RR storage in
+ zones and caches. Note that when an RRs TTL indicates a
+ relative time, the RR must be timely, since it is part of a
+ zone. When the RR has an absolute time, it is part of a
+ cache, and the TTL of the RR is compared against the timestamp
+ for the start of the request.
+
+ Note that using the timestamp is superior to using a current
+ time, since it allows RRs with TTLs of zero to be entered in
+ the cache in the usual manner, but still used by the current
+ request, even after intervals of many seconds due to system
+ load, query retransmission timeouts, etc.
+
+ - Some sort of parameters to limit the amount of work which will
+ be performed for this request.
+
+ The amount of work which a resolver will do in response to a
+ client request must be limited to guard against errors in the
+ database, such as circular CNAME references, and operational
+ problems, such as network partition which prevents the
+
+
+
+Mockapetris [Page 43]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ resolver from accessing the name servers it needs. While
+ local limits on the number of times a resolver will retransmit
+ a particular query to a particular name server address are
+ essential, the resolver should have a global per-request
+ counter to limit work on a single request. The counter should
+ be set to some initial value and decremented whenever the
+ resolver performs any action (retransmission timeout,
+ retransmission, etc.) If the counter passes zero, the request
+ is terminated with a temporary error.
+
+ Note that if the resolver structure allows one request to
+ start others in parallel, such as when the need to access a
+ name server for one request causes a parallel resolve for the
+ name server's addresses, the spawned request should be started
+ with a lower counter. This prevents circular references in
+ the database from starting a chain reaction of resolver
+ activity.
+
+ - The SLIST data structure discussed in [RFC-1034].
+
+ This structure keeps track of the state of a request if it
+ must wait for answers from foreign name servers.
+
+7.2. Sending the queries
+
+As described in [RFC-1034], the basic task of the resolver is to
+formulate a query which will answer the client's request and direct that
+query to name servers which can provide the information. The resolver
+will usually only have very strong hints about which servers to ask, in
+the form of NS RRs, and may have to revise the query, in response to
+CNAMEs, or revise the set of name servers the resolver is asking, in
+response to delegation responses which point the resolver to name
+servers closer to the desired information. In addition to the
+information requested by the client, the resolver may have to call upon
+its own services to determine the address of name servers it wishes to
+contact.
+
+In any case, the model used in this memo assumes that the resolver is
+multiplexing attention between multiple requests, some from the client,
+and some internally generated. Each request is represented by some
+state information, and the desired behavior is that the resolver
+transmit queries to name servers in a way that maximizes the probability
+that the request is answered, minimizes the time that the request takes,
+and avoids excessive transmissions. The key algorithm uses the state
+information of the request to select the next name server address to
+query, and also computes a timeout which will cause the next action
+should a response not arrive. The next action will usually be a
+transmission to some other server, but may be a temporary error to the
+
+
+
+Mockapetris [Page 44]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+client.
+
+The resolver always starts with a list of server names to query (SLIST).
+This list will be all NS RRs which correspond to the nearest ancestor
+zone that the resolver knows about. To avoid startup problems, the
+resolver should have a set of default servers which it will ask should
+it have no current NS RRs which are appropriate. The resolver then adds
+to SLIST all of the known addresses for the name servers, and may start
+parallel requests to acquire the addresses of the servers when the
+resolver has the name, but no addresses, for the name servers.
+
+To complete initialization of SLIST, the resolver attaches whatever
+history information it has to the each address in SLIST. This will
+usually consist of some sort of weighted averages for the response time
+of the address, and the batting average of the address (i.e., how often
+the address responded at all to the request). Note that this
+information should be kept on a per address basis, rather than on a per
+name server basis, because the response time and batting average of a
+particular server may vary considerably from address to address. Note
+also that this information is actually specific to a resolver address /
+server address pair, so a resolver with multiple addresses may wish to
+keep separate histories for each of its addresses. Part of this step
+must deal with addresses which have no such history; in this case an
+expected round trip time of 5-10 seconds should be the worst case, with
+lower estimates for the same local network, etc.
+
+Note that whenever a delegation is followed, the resolver algorithm
+reinitializes SLIST.
+
+The information establishes a partial ranking of the available name
+server addresses. Each time an address is chosen and the state should
+be altered to prevent its selection again until all other addresses have
+been tried. The timeout for each transmission should be 50-100% greater
+than the average predicted value to allow for variance in response.
+
+Some fine points:
+
+ - The resolver may encounter a situation where no addresses are
+ available for any of the name servers named in SLIST, and
+ where the servers in the list are precisely those which would
+ normally be used to look up their own addresses. This
+ situation typically occurs when the glue address RRs have a
+ smaller TTL than the NS RRs marking delegation, or when the
+ resolver caches the result of a NS search. The resolver
+ should detect this condition and restart the search at the
+ next ancestor zone, or alternatively at the root.
+
+
+
+
+
+Mockapetris [Page 45]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ - If a resolver gets a server error or other bizarre response
+ from a name server, it should remove it from SLIST, and may
+ wish to schedule an immediate transmission to the next
+ candidate server address.
+
+7.3. Processing responses
+
+The first step in processing arriving response datagrams is to parse the
+response. This procedure should include:
+
+ - Check the header for reasonableness. Discard datagrams which
+ are queries when responses are expected.
+
+ - Parse the sections of the message, and insure that all RRs are
+ correctly formatted.
+
+ - As an optional step, check the TTLs of arriving data looking
+ for RRs with excessively long TTLs. If a RR has an
+ excessively long TTL, say greater than 1 week, either discard
+ the whole response, or limit all TTLs in the response to 1
+ week.
+
+The next step is to match the response to a current resolver request.
+The recommended strategy is to do a preliminary matching using the ID
+field in the domain header, and then to verify that the question section
+corresponds to the information currently desired. This requires that
+the transmission algorithm devote several bits of the domain ID field to
+a request identifier of some sort. This step has several fine points:
+
+ - Some name servers send their responses from different
+ addresses than the one used to receive the query. That is, a
+ resolver cannot rely that a response will come from the same
+ address which it sent the corresponding query to. This name
+ server bug is typically encountered in UNIX systems.
+
+ - If the resolver retransmits a particular request to a name
+ server it should be able to use a response from any of the
+ transmissions. However, if it is using the response to sample
+ the round trip time to access the name server, it must be able
+ to determine which transmission matches the response (and keep
+ transmission times for each outgoing message), or only
+ calculate round trip times based on initial transmissions.
+
+ - A name server will occasionally not have a current copy of a
+ zone which it should have according to some NS RRs. The
+ resolver should simply remove the name server from the current
+ SLIST, and continue.
+
+
+
+
+Mockapetris [Page 46]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7.4. Using the cache
+
+In general, we expect a resolver to cache all data which it receives in
+responses since it may be useful in answering future client requests.
+However, there are several types of data which should not be cached:
+
+ - When several RRs of the same type are available for a
+ particular owner name, the resolver should either cache them
+ all or none at all. When a response is truncated, and a
+ resolver doesn't know whether it has a complete set, it should
+ not cache a possibly partial set of RRs.
+
+ - Cached data should never be used in preference to
+ authoritative data, so if caching would cause this to happen
+ the data should not be cached.
+
+ - The results of an inverse query should not be cached.
+
+ - The results of standard queries where the QNAME contains "*"
+ labels if the data might be used to construct wildcards. The
+ reason is that the cache does not necessarily contain existing
+ RRs or zone boundary information which is necessary to
+ restrict the application of the wildcard RRs.
+
+ - RR data in responses of dubious reliability. When a resolver
+ receives unsolicited responses or RR data other than that
+ requested, it should discard it without caching it. The basic
+ implication is that all sanity checks on a packet should be
+ performed before any of it is cached.
+
+In a similar vein, when a resolver has a set of RRs for some name in a
+response, and wants to cache the RRs, it should check its cache for
+already existing RRs. Depending on the circumstances, either the data
+in the response or the cache is preferred, but the two should never be
+combined. If the data in the response is from authoritative data in the
+answer section, it is always preferred.
+
+8. MAIL SUPPORT
+
+The domain system defines a standard for mapping mailboxes into domain
+names, and two methods for using the mailbox information to derive mail
+routing information. The first method is called mail exchange binding
+and the other method is mailbox binding. The mailbox encoding standard
+and mail exchange binding are part of the DNS official protocol, and are
+the recommended method for mail routing in the Internet. Mailbox
+binding is an experimental feature which is still under development and
+subject to change.
+
+
+
+
+Mockapetris [Page 47]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+The mailbox encoding standard assumes a mailbox name of the form
+"<local-part>@<mail-domain>". While the syntax allowed in each of these
+sections varies substantially between the various mail internets, the
+preferred syntax for the ARPA Internet is given in [RFC-822].
+
+The DNS encodes the <local-part> as a single label, and encodes the
+<mail-domain> as a domain name. The single label from the <local-part>
+is prefaced to the domain name from <mail-domain> to form the domain
+name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI-
+NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the
+<local-part> contains dots or other special characters, its
+representation in a master file will require the use of backslash
+quoting to ensure that the domain name is properly encoded. For
+example, the mailbox Action.domains@ISI.EDU would be represented as
+Action\.domains.ISI.EDU.
+
+8.1. Mail exchange binding
+
+Mail exchange binding uses the <mail-domain> part of a mailbox
+specification to determine where mail should be sent. The <local-part>
+is not even consulted. [RFC-974] specifies this method in detail, and
+should be consulted before attempting to use mail exchange support.
+
+One of the advantages of this method is that it decouples mail
+destination naming from the hosts used to support mail service, at the
+cost of another layer of indirection in the lookup function. However,
+the addition layer should eliminate the need for complicated "%", "!",
+etc encodings in <local-part>.
+
+The essence of the method is that the <mail-domain> is used as a domain
+name to locate type MX RRs which list hosts willing to accept mail for
+<mail-domain>, together with preference values which rank the hosts
+according to an order specified by the administrators for <mail-domain>.
+
+In this memo, the <mail-domain> ISI.EDU is used in examples, together
+with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for
+ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would
+route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name
+VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host
+addresses.
+
+8.2. Mailbox binding (Experimental)
+
+In mailbox binding, the mailer uses the entire mail destination
+specification to construct a domain name. The encoded domain name for
+the mailbox is used as the QNAME field in a QTYPE=MAILB query.
+
+Several outcomes are possible for this query:
+
+
+
+Mockapetris [Page 48]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 1. The query can return a name error indicating that the mailbox
+ does not exist as a domain name.
+
+ In the long term, this would indicate that the specified
+ mailbox doesn't exist. However, until the use of mailbox
+ binding is universal, this error condition should be
+ interpreted to mean that the organization identified by the
+ global part does not support mailbox binding. The
+ appropriate procedure is to revert to exchange binding at
+ this point.
+
+ 2. The query can return a Mail Rename (MR) RR.
+
+ The MR RR carries new mailbox specification in its RDATA
+ field. The mailer should replace the old mailbox with the
+ new one and retry the operation.
+
+ 3. The query can return a MB RR.
+
+ The MB RR carries a domain name for a host in its RDATA
+ field. The mailer should deliver the message to that host
+ via whatever protocol is applicable, e.g., b,SMTP.
+
+ 4. The query can return one or more Mail Group (MG) RRs.
+
+ This condition means that the mailbox was actually a mailing
+ list or mail group, rather than a single mailbox. Each MG RR
+ has a RDATA field that identifies a mailbox that is a member
+ of the group. The mailer should deliver a copy of the
+ message to each member.
+
+ 5. The query can return a MB RR as well as one or more MG RRs.
+
+ This condition means the the mailbox was actually a mailing
+ list. The mailer can either deliver the message to the host
+ specified by the MB RR, which will in turn do the delivery to
+ all members, or the mailer can use the MG RRs to do the
+ expansion itself.
+
+In any of these cases, the response may include a Mail Information
+(MINFO) RR. This RR is usually associated with a mail group, but is
+legal with a MB. The MINFO RR identifies two mailboxes. One of these
+identifies a responsible person for the original mailbox name. This
+mailbox should be used for requests to be added to a mail group, etc.
+The second mailbox name in the MINFO RR identifies a mailbox that should
+receive error messages for mail failures. This is particularly
+appropriate for mailing lists when errors in member names should be
+reported to a person other than the one who sends a message to the list.
+
+
+
+Mockapetris [Page 49]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+New fields may be added to this RR in the future.
+
+
+9. REFERENCES and BIBLIOGRAPHY
+
+[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena
+ Technical Plan - Name Service, April 1987, version 1.9.
+
+ Describes the fundamentals of the Hesiod name service.
+
+[IEN-116] J. Postel, "Internet Name Server", IEN-116,
+ USC/Information Sciences Institute, August 1979.
+
+ A name service obsoleted by the Domain Name System, but
+ still in use.
+
+[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks",
+ Communications of the ACM, October 1986, volume 29, number
+ 10.
+
+[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network
+ Information Center, SRI International, December 1977.
+
+[RFC-768] J. Postel, "User Datagram Protocol", RFC-768,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793,
+ USC/Information Sciences Institute, September 1981.
+
+[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT,
+ September 1981.
+
+ Suggests introduction of a hierarchy in place of a flat
+ name space for the Internet.
+
+[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805,
+ USC/Information Sciences Institute, February 1982.
+
+[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD
+ Internet Host Table Specification", RFC-810, Network
+ Information Center, SRI International, March 1982.
+
+ Obsolete. See RFC-952.
+
+[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames
+ Server", RFC-811, Network Information Center, SRI
+ International, March 1982.
+
+
+
+
+Mockapetris [Page 50]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Obsolete. See RFC-953.
+
+[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812,
+ Network Information Center, SRI International, March
+ 1982.
+
+[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for
+ Internet User Applications", RFC-819, Network
+ Information Center, SRI International, August 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-830] Z. Su, "A Distributed System for Internet Name Service",
+ RFC-830, Network Information Center, SRI International,
+ October 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-882] P. Mockapetris, "Domain names - Concepts and
+ Facilities," RFC-882, USC/Information Sciences
+ Institute, November 1983.
+
+ Superceeded by this memo.
+
+[RFC-883] P. Mockapetris, "Domain names - Implementation and
+ Specification," RFC-883, USC/Information Sciences
+ Institute, November 1983.
+
+ Superceeded by this memo.
+
+[RFC-920] J. Postel and J. Reynolds, "Domain Requirements",
+ RFC-920, USC/Information Sciences Institute,
+ October 1984.
+
+ Explains the naming scheme for top level domains.
+
+[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host
+ Table Specification", RFC-952, SRI, October 1985.
+
+ Specifies the format of HOSTS.TXT, the host/address
+ table replaced by the DNS.
+
+
+
+
+
+Mockapetris [Page 51]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server",
+ RFC-953, SRI, October 1985.
+
+ This RFC contains the official specification of the
+ hostname server protocol, which is obsoleted by the DNS.
+ This TCP based protocol accesses information stored in
+ the RFC-952 format, and is used to obtain copies of the
+ host table.
+
+[RFC-973] P. Mockapetris, "Domain System Changes and
+ Observations", RFC-973, USC/Information Sciences
+ Institute, January 1986.
+
+ Describes changes to RFC-882 and RFC-883 and reasons for
+ them.
+
+[RFC-974] C. Partridge, "Mail routing and the domain system",
+ RFC-974, CSNET CIC BBN Labs, January 1986.
+
+ Describes the transition from HOSTS.TXT based mail
+ addressing to the more powerful MX system used with the
+ domain system.
+
+[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Concepts and Methods",
+ RFC-1001, March 1987.
+
+ This RFC and RFC-1002 are a preliminary design for
+ NETBIOS on top of TCP/IP which proposes to base NetBIOS
+ name service on top of the DNS.
+
+[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Detailed
+ Specifications", RFC-1002, March 1987.
+
+[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010,
+ USC/Information Sciences Institute, May 1987.
+
+ Contains socket numbers and mnemonics for host names,
+ operating systems, etc.
+
+[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031,
+ November 1987.
+
+ Describes a plan for converting the MILNET to the DNS.
+
+[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for
+ Administrators", RFC-1032, November 1987.
+
+
+
+Mockapetris [Page 52]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Describes the registration policies used by the NIC to
+ administer the top level domains and delegate subzones.
+
+[RFC-1033] M. Lottor, "Domain Administrators Operations Guide",
+ RFC-1033, November 1987.
+
+ A cookbook for domain administrators.
+
+[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET
+ Name Server", Computer Networks, vol 6, nr 3, July 1982.
+
+ Describes a name service for CSNET which is independent
+ from the DNS and DNS use in the CSNET.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 53]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Index
+
+ * 13
+
+ ; 33, 35
+
+ <character-string> 35
+ <domain-name> 34
+
+ @ 35
+
+ \ 35
+
+ A 12
+
+ Byte order 8
+
+ CH 13
+ Character case 9
+ CLASS 11
+ CNAME 12
+ Completion 42
+ CS 13
+
+ Hesiod 13
+ HINFO 12
+ HS 13
+
+ IN 13
+ IN-ADDR.ARPA domain 22
+ Inverse queries 40
+
+ Mailbox names 47
+ MB 12
+ MD 12
+ MF 12
+ MG 12
+ MINFO 12
+ MINIMUM 20
+ MR 12
+ MX 12
+
+ NS 12
+ NULL 12
+
+ Port numbers 32
+ Primary server 5
+ PTR 12, 18
+
+
+
+Mockapetris [Page 54]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ QCLASS 13
+ QTYPE 12
+
+ RDATA 12
+ RDLENGTH 11
+
+ Secondary server 5
+ SOA 12
+ Stub resolvers 7
+
+ TCP 32
+ TXT 12
+ TYPE 11
+
+ UDP 32
+
+ WKS 12
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 55]
+
diff --git a/bin/tests/dst/t2_dsasig b/bin/tests/dst/t2_dsasig
new file mode 100644
index 0000000..5dd12e1
--- /dev/null
+++ b/bin/tests/dst/t2_dsasig
@@ -0,0 +1,3 @@
+0009B55FDB62034326278C9371F32D92
+3D0E1161A32D491BEC38546FC452D903
+A91D806345B2F7F22E
diff --git a/bin/tests/dst/t2_rsasig b/bin/tests/dst/t2_rsasig
new file mode 100644
index 0000000..5f59ef3
--- /dev/null
+++ b/bin/tests/dst/t2_rsasig
@@ -0,0 +1,6 @@
+A8A20D2F26F792B3CE76DD0E12A85DFE
+FF66AB866EF0BDB0F515001E234E699B
+F5CD6FB41FB15D4213705ABE9B563896
+2196228648E0F8AA7F2F4EED3C19165C
+1B4C70C9D69B93A1F2BE5B2F948CE023
+
diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c
new file mode 100644
index 0000000..d5e5db7
--- /dev/null
+++ b/bin/tests/dst/t_dst.c
@@ -0,0 +1,933 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_dst.c,v 1.55 2008/01/12 23:47:13 tbox Exp $ */
+
+#include <config.h>
+
+#include <sys/types.h> /* Required for dirent.h */
+#include <sys/stat.h>
+
+#include <dirent.h> /* XXX */
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdlib.h>
+
+#include <unistd.h> /* XXX */
+
+#include <isc/buffer.h>
+#include <isc/dir.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/mem.h>
+#include <isc/region.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/fixedname.h>
+#include <dns/name.h>
+
+#include <dst/dst.h>
+#include <dst/result.h>
+
+#include <tests/t_api.h>
+
+#ifndef PATH_MAX
+#define PATH_MAX 256
+#endif
+
+/*
+ * Adapted from the original dst_test.c program.
+ * XXXDCL should use isc_dir_*.
+ */
+
+static void
+cleandir(char *path) {
+ DIR *dirp;
+ struct dirent *pe;
+ char fullname[PATH_MAX + 1];
+
+ dirp = opendir(path);
+ if (dirp == NULL) {
+ t_info("opendir(%s) failed %d\n", path, errno);
+ return;
+ }
+
+ while ((pe = readdir(dirp)) != NULL) {
+ if (! strcmp(pe->d_name, "."))
+ continue;
+ if (! strcmp(pe->d_name, ".."))
+ continue;
+ strcpy(fullname, path);
+ strcat(fullname, "/");
+ strcat(fullname, pe->d_name);
+ if (remove(fullname))
+ t_info("remove(%s) failed %d\n", fullname, errno);
+
+ }
+ (void)closedir(dirp);
+ if (rmdir(path))
+ t_info("rmdir(%s) failed %d\n", path, errno);
+
+ return;
+}
+
+static void
+use(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) {
+
+ isc_result_t ret;
+ const char *data = "This is some data";
+ unsigned char sig[512];
+ isc_buffer_t databuf, sigbuf;
+ isc_region_t datareg, sigreg;
+ dst_context_t *ctx = NULL;
+
+ isc_buffer_init(&sigbuf, sig, sizeof(sig));
+ isc_buffer_init(&databuf, data, strlen(data));
+ isc_buffer_add(&databuf, strlen(data));
+ isc_buffer_usedregion(&databuf, &datareg);
+
+ ret = dst_context_create(key, mctx, &ctx);
+ if (ret != exp_result) {
+ t_info("dst_context_create(%d) returned (%s) expected (%s)\n",
+ dst_key_alg(key), dst_result_totext(ret),
+ dst_result_totext(exp_result));
+ ++*nfails;
+ return;
+ }
+ if (exp_result != ISC_R_SUCCESS)
+ return;
+ ret = dst_context_adddata(ctx, &datareg);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_context_adddata(%d) returned (%s)\n",
+ dst_key_alg(key), dst_result_totext(ret));
+ ++*nfails;
+ dst_context_destroy(&ctx);
+ return;
+ }
+ ret = dst_context_sign(ctx, &sigbuf);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_context_sign(%d) returned (%s)\n",
+ dst_key_alg(key), dst_result_totext(ret));
+ ++*nfails;
+ dst_context_destroy(&ctx);
+ return;
+ }
+ dst_context_destroy(&ctx);
+
+ isc_buffer_remainingregion(&sigbuf, &sigreg);
+ ret = dst_context_create(key, mctx, &ctx);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_context_create(%d) returned (%s)\n",
+ dst_key_alg(key), dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+ ret = dst_context_adddata(ctx, &datareg);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_context_adddata(%d) returned (%s)\n",
+ dst_key_alg(key), dst_result_totext(ret));
+ ++*nfails;
+ dst_context_destroy(&ctx);
+ return;
+ }
+ ret = dst_context_verify(ctx, &sigreg);
+ if (ret != exp_result) {
+ t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
+ dst_key_alg(key), dst_result_totext(ret),
+ dst_result_totext(exp_result));
+ ++*nfails;
+ dst_context_destroy(&ctx);
+ return;
+ }
+ dst_context_destroy(&ctx);
+}
+
+static void
+dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx,
+ isc_result_t exp_result, int *nfails, int *nprobs)
+{
+ dst_key_t *key1 = NULL, *key2 = NULL;
+ isc_result_t ret;
+ char current[PATH_MAX + 1];
+ char tmp[PATH_MAX + 1];
+ char *p;
+ int alg = DST_ALG_DH;
+ int type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
+ unsigned char array1[1024], array2[1024];
+ isc_buffer_t b1, b2;
+ isc_region_t r1, r2;
+
+ UNUSED(exp_result);
+
+ p = getcwd(current, PATH_MAX);;
+ if (p == NULL) {
+ t_info("getcwd failed %d\n", errno);
+ ++*nprobs;
+ return;
+ }
+
+ ret = dst_key_fromfile(name1, id1, alg, type, current, mctx, &key1);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_key_fromfile(%d) returned: %s\n",
+ alg, dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ ret = dst_key_fromfile(name2, id2, alg, type, current, mctx, &key2);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_key_fromfile(%d) returned: %s\n",
+ alg, dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
+ if (ret != ISC_R_SUCCESS) {
+ t_info("isc_file_mktemplate failed %s\n",
+ isc_result_totext(ret));
+ ++*nprobs;
+ return;
+ }
+
+ ret = isc_dir_createunique(tmp);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("isc_dir_createunique failed %s\n",
+ isc_result_totext(ret));
+ ++*nprobs;
+ return;
+ }
+
+ ret = dst_key_tofile(key1, type, tmp);
+ if (ret != 0) {
+ t_info("dst_key_tofile(%d) returned: %s\n",
+ alg, dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ ret = dst_key_tofile(key2, type, tmp);
+ if (ret != 0) {
+ t_info("dst_key_tofile(%d) returned: %s\n",
+ alg, dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ cleandir(tmp);
+
+ isc_buffer_init(&b1, array1, sizeof(array1));
+ ret = dst_key_computesecret(key1, key2, &b1);
+ if (ret != 0) {
+ t_info("dst_computesecret() returned: %s\n",
+ dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ isc_buffer_init(&b2, array2, sizeof(array2));
+ ret = dst_key_computesecret(key2, key1, &b2);
+ if (ret != 0) {
+ t_info("dst_computesecret() returned: %s\n",
+ dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ isc_buffer_usedregion(&b1, &r1);
+ isc_buffer_usedregion(&b2, &r2);
+ if (r1.length != r2.length || memcmp(r1.base, r2.base, r1.length) != 0)
+ {
+ t_info("computed secrets don't match\n");
+ ++*nfails;
+ return;
+ }
+
+ dst_key_free(&key1);
+ dst_key_free(&key2);
+}
+
+static void
+io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
+ isc_result_t exp_result, int *nfails, int *nprobs)
+{
+ dst_key_t *key = NULL;
+ isc_result_t ret;
+ char current[PATH_MAX + 1];
+ char tmp[PATH_MAX + 1];
+ char *p;
+
+ p = getcwd(current, PATH_MAX);;
+ if (p == NULL) {
+ t_info("getcwd failed %d\n", errno);
+ ++*nprobs;
+ return;
+ }
+
+ ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_key_fromfile(%d) returned: %s\n",
+ alg, dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
+ if (ret != ISC_R_SUCCESS) {
+ t_info("isc_file_mktemplate failed %s\n",
+ isc_result_totext(ret));
+ ++*nprobs;
+ return;
+ }
+
+ ret = isc_dir_createunique(tmp);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("mkdir failed %d\n", errno);
+ ++*nprobs;
+ return;
+ }
+
+ ret = dst_key_tofile(key, type, tmp);
+ if (ret != 0) {
+ t_info("dst_key_tofile(%d) returned: %s\n",
+ alg, dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ if (dst_key_alg(key) != DST_ALG_DH)
+ use(key, mctx, exp_result, nfails);
+
+ cleandir(tmp);
+
+ dst_key_free(&key);
+}
+
+static void
+generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
+ isc_result_t ret;
+ dst_key_t *key = NULL;
+
+ ret = dst_key_generate(dns_rootname, alg, size, 0, 0, 0,
+ dns_rdataclass_in, mctx, &key);
+ if (ret != ISC_R_SUCCESS) {
+ t_info("dst_key_generate(%d) returned: %s\n", alg,
+ dst_result_totext(ret));
+ ++*nfails;
+ return;
+ }
+
+ if (alg != DST_ALG_DH)
+ use(key, mctx, ISC_R_SUCCESS, nfails);
+ dst_key_free(&key);
+}
+
+#define DBUFSIZ 25
+
+static const char *a1 =
+ "the dst module provides the capability to "
+ "generate, store and retrieve public and private keys, "
+ "sign and verify data using the RSA, DSA and MD5 algorithms, "
+ "and compute Diffie-Hellman shared secrets.";
+static void
+t1(void) {
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ int nfails;
+ int nprobs;
+ int result;
+ isc_result_t isc_result;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_buffer_t b;
+
+ t_assert("dst", 1, T_REQUIRED, a1);
+
+ nfails = 0;
+ nprobs = 0;
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ t_result(T_UNRESOLVED);
+ return;
+ }
+ ectx = NULL;
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ t_result(T_UNRESOLVED);
+ return;
+ }
+ isc_result = isc_entropy_createfilesource(ectx, "randomfile");
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ t_result(T_UNRESOLVED);
+ return;
+ }
+ isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_lib_init failed %s\n",
+ isc_result_totext(isc_result));
+ t_result(T_UNRESOLVED);
+ return;
+ }
+
+ if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
+ dst_lib_destroy();
+ t_info("library built without crypto support\n");
+ t_result(T_UNTESTED);
+ return;
+ }
+
+ t_info("testing use of stored keys [1]\n");
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&b, "test.", 5);
+ isc_buffer_add(&b, 5);
+ isc_result = dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ isc_result_totext(isc_result));
+ t_result(T_UNRESOLVED);
+ return;
+ }
+ io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ mctx, ISC_R_SUCCESS, &nfails, &nprobs);
+ t_info("testing use of stored keys [2]\n");
+ io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ mctx, ISC_R_SUCCESS, &nfails, &nprobs);
+
+ t_info("testing use of stored keys [3]\n");
+ io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ mctx, DST_R_NULLKEY, &nfails, &nprobs);
+ t_info("testing use of stored keys [4]\n");
+ io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ mctx, DST_R_NULLKEY, &nfails, &nprobs);
+
+ isc_buffer_init(&b, "dh.", 3);
+ isc_buffer_add(&b, 3);
+ isc_result = dns_name_fromtext(name, &b, NULL, ISC_FALSE, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ isc_result_totext(isc_result));
+ t_result(T_UNRESOLVED);
+ return;
+ }
+
+ dh(name, 18602, name, 48957, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
+
+ t_info("testing use of generated keys\n");
+ generate(DST_ALG_RSAMD5, mctx, 512, &nfails);
+ generate(DST_ALG_DSA, mctx, 512, &nfails);
+ generate(DST_ALG_DH, mctx, 512, &nfails);
+ /*
+ * This one uses a constant.
+ */
+ generate(DST_ALG_DH, mctx, 768, &nfails);
+ generate(DST_ALG_HMACMD5, mctx, 512, &nfails);
+
+ dst_lib_destroy();
+
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ result = T_UNRESOLVED;
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+ t_result(result);
+
+}
+
+#define T_SIGMAX 512
+
+#undef NEWSIG /* Define NEWSIG to generate the original signature file. */
+
+#ifdef NEWSIG
+
+/*
+ * Write a sig in buf to file at path.
+ */
+static int
+sig_tofile(char *path, isc_buffer_t *buf) {
+ int rval;
+ int fd;
+ int len;
+ int nprobs;
+ int cnt;
+ unsigned char c;
+ unsigned char val;
+
+ cnt = 0;
+ nprobs = 0;
+ len = buf->used - buf->current;
+
+ t_info("buf: current %d used %d len %d\n",
+ buf->current, buf->used, len);
+
+ fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRWXU|S_IRWXO|S_IRWXG);
+ if (fd < 0) {
+ t_info("open %s failed %d\n", path, errno);
+ return(1);
+ }
+
+ while (len) {
+ c = (unsigned char) isc_buffer_getuint8(buf);
+ val = ((c >> 4 ) & 0x0f);
+ if ((0 <= val) && (val <= 9))
+ val = '0' + val;
+ else
+ val = 'A' + val - 10;
+ rval = write(fd, &val, 1);
+ if (rval != 1) {
+ ++nprobs;
+ t_info("write failed %d %d\n", rval, errno);
+ break;
+ }
+ val = (c & 0x0f);
+ if ((0 <= val) && (val <= 9))
+ val = '0' + val;
+ else
+ val = 'A' + val - 10;
+ rval = write(fd, &val, 1);
+ if (rval != 1) {
+ ++nprobs;
+ t_info("write failed %d %d\n", rval, errno);
+ break;
+ }
+ --len;
+ ++cnt;
+ if ((cnt % 16) == 0) {
+ val = '\n';
+ rval = write(fd, &val, 1);
+ if (rval != 1) {
+ ++nprobs;
+ t_info("write failed %d %d\n", rval, errno);
+ break;
+ }
+ }
+ }
+ val = '\n';
+ rval = write(fd, &val, 1);
+ if (rval != 1) {
+ ++nprobs;
+ t_info("write failed %d %d\n", rval, errno);
+ }
+ (void) close(fd);
+ return(nprobs);
+}
+
+#endif /* NEWSIG */
+
+/*
+ * Read sig in file at path to buf.
+ */
+static int
+sig_fromfile(char *path, isc_buffer_t *iscbuf) {
+ int rval;
+ int len;
+ int fd;
+ unsigned char val;
+ struct stat sb;
+ char *p;
+ char *buf;
+
+ rval = stat(path, &sb);
+ if (rval != 0) {
+ t_info("stat %s failed, errno == %d\n", path, errno);
+ return(1);
+ }
+
+ buf = (char *) malloc((sb.st_size + 1) * sizeof(unsigned char));
+ if (buf == NULL) {
+ t_info("malloc failed, errno == %d\n", errno);
+ return(1);
+ }
+
+ fd = open(path, O_RDONLY);
+ if (fd < 0) {
+ t_info("open failed, errno == %d\n", errno);
+ (void) free(buf);
+ return(1);
+ }
+
+ len = sb.st_size;
+ p = buf;
+ while (len) {
+ rval = read(fd, p, len);
+ if (rval > 0) {
+ len -= rval;
+ p += rval;
+ }
+ else {
+ t_info("read failed %d, errno == %d\n", rval, errno);
+ (void) free(buf);
+ (void) close(fd);
+ return(1);
+ }
+ }
+ close(fd);
+
+ p = buf;
+ len = sb.st_size;
+ while(len) {
+ if (*p == '\n') {
+ ++p;
+ --len;
+ continue;
+ }
+ if (('0' <= *p) && (*p <= '9'))
+ val = *p - '0';
+ else
+ val = *p - 'A' + 10;
+ ++p;
+ val <<= 4;
+ --len;
+ if (('0' <= *p) && (*p <= '9'))
+ val |= (*p - '0');
+ else
+ val |= (*p - 'A' + 10);
+ ++p;
+ --len;
+ isc_buffer_putuint8(iscbuf, val);
+ }
+ (void) free(buf);
+ return(0);
+}
+
+static void
+t2_sigchk(char *datapath, char *sigpath, char *keyname,
+ int id, int alg, int type,
+ isc_mem_t *mctx, char *expected_result,
+ int *nfails, int *nprobs)
+{
+ int rval;
+ int len;
+ int fd;
+ int exp_res;
+ dst_key_t *key = NULL;
+ unsigned char sig[T_SIGMAX];
+ unsigned char *p;
+ unsigned char *data;
+ struct stat sb;
+ isc_result_t isc_result;
+ isc_buffer_t databuf;
+ isc_buffer_t sigbuf;
+ isc_region_t datareg;
+ isc_region_t sigreg;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_buffer_t b;
+ dst_context_t *ctx = NULL;
+
+ /*
+ * Read data from file in a form usable by dst_verify.
+ */
+ rval = stat(datapath, &sb);
+ if (rval != 0) {
+ t_info("t2_sigchk: stat (%s) failed %d\n", datapath, errno);
+ ++*nprobs;
+ return;
+ }
+
+ data = (unsigned char *) malloc(sb.st_size * sizeof(char));
+ if (data == NULL) {
+ t_info("t2_sigchk: malloc failed %d\n", errno);
+ ++*nprobs;
+ return;
+ }
+
+ fd = open(datapath, O_RDONLY);
+ if (fd < 0) {
+ t_info("t2_sigchk: open failed %d\n", errno);
+ (void) free(data);
+ ++*nprobs;
+ return;
+ }
+
+ p = data;
+ len = sb.st_size;
+ do {
+ rval = read(fd, p, len);
+ if (rval > 0) {
+ len -= rval;
+ p += rval;
+ }
+ } while (len);
+ (void) close(fd);
+
+ /*
+ * Read key from file in a form usable by dst_verify.
+ */
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&b, keyname, strlen(keyname));
+ isc_buffer_add(&b, strlen(keyname));
+ isc_result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ isc_result_totext(isc_result));
+ (void) free(data);
+ ++*nprobs;
+ return;
+ }
+ isc_result = dst_key_fromfile(name, id, alg, type, NULL, mctx, &key);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_key_fromfile failed %s\n",
+ isc_result_totext(isc_result));
+ (void) free(data);
+ ++*nprobs;
+ return;
+ }
+
+ isc_buffer_init(&databuf, data, sb.st_size);
+ isc_buffer_add(&databuf, sb.st_size);
+ isc_buffer_usedregion(&databuf, &datareg);
+
+#ifdef NEWSIG
+
+ /*
+ * If we're generating a signature for the first time,
+ * sign the data and save the signature to a file
+ */
+
+ memset(sig, 0, sizeof(sig));
+ isc_buffer_init(&sigbuf, sig, sizeof(sig));
+
+ isc_result = dst_context_create(key, mctx, &ctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_context_create(%d) failed %s\n",
+ dst_result_totext(isc_result));
+ (void) free(data);
+ dst_key_free(&key);
+ ++*nprobs;
+ return;
+ }
+ isc_result = dst_context_adddata(ctx, &datareg);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_context_adddata(%d) failed %s\n",
+ dst_result_totext(isc_result));
+ (void) free(data);
+ dst_key_free(&key);
+ dst_context_destroy(&ctx);
+ ++*nprobs;
+ return;
+ }
+ isc_result = dst_context_sign(ctx, &sigbuf);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_sign(%d) failed %s\n",
+ dst_result_totext(isc_result));
+ (void) free(data);
+ dst_key_free(&key);
+ dst_context_destroy(&ctx);
+ ++*nprobs;
+ return;
+ }
+ dst_context_destroy(&ctx);
+
+ rval = sig_tofile(sigpath, &sigbuf);
+ if (rval != 0) {
+ t_info("sig_tofile failed\n");
+ ++*nprobs;
+ (void) free(data);
+ dst_key_free(&key);
+ return;
+ }
+
+#endif /* NEWSIG */
+
+ memset(sig, 0, sizeof(sig));
+ isc_buffer_init(&sigbuf, sig, sizeof(sig));
+
+ /*
+ * Read precomputed signature from file in a form usable by dst_verify.
+ */
+ rval = sig_fromfile(sigpath, &sigbuf);
+ if (rval != 0) {
+ t_info("sig_fromfile failed\n");
+ (void) free(data);
+ dst_key_free(&key);
+ ++*nprobs;
+ return;
+ }
+
+ /*
+ * Verify that the key signed the data.
+ */
+ isc_buffer_remainingregion(&sigbuf, &sigreg);
+
+ exp_res = 0;
+ if (strstr(expected_result, "!"))
+ exp_res = 1;
+
+ isc_result = dst_context_create(key, mctx, &ctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_context_create returned %s\n",
+ isc_result_totext(isc_result));
+ ++*nfails;
+ }
+ isc_result = dst_context_adddata(ctx, &datareg);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_context_adddata returned %s\n",
+ isc_result_totext(isc_result));
+ dst_context_destroy(&ctx);
+ ++*nfails;
+ }
+ isc_result = dst_context_verify(ctx, &sigreg);
+ if ( ((exp_res == 0) && (isc_result != ISC_R_SUCCESS)) ||
+ ((exp_res != 0) && (isc_result == ISC_R_SUCCESS))) {
+
+ t_info("dst_context_verify returned %s, expected %s\n",
+ isc_result_totext(isc_result),
+ expected_result);
+ dst_context_destroy(&ctx);
+ ++*nfails;
+ }
+
+ (void) free(data);
+ dst_context_destroy(&ctx);
+ dst_key_free(&key);
+ return;
+}
+
+/*
+ * The astute observer will note that t1() signs then verifies data
+ * during the test but that t2() verifies data that has been
+ * signed at some earlier time, possibly with an entire different
+ * version or implementation of the DSA and RSA algorithms
+ */
+static const char *a2 =
+ "the dst module provides the capability to "
+ "verify data signed with the RSA and DSA algorithms";
+
+/*
+ * av == datafile, sigpath, keyname, keyid, alg, exp_result.
+ */
+static int
+t2_vfy(char **av) {
+ char *datapath;
+ char *sigpath;
+ char *keyname;
+ char *key;
+ int keyid;
+ char *alg;
+ int algid;
+ char *exp_result;
+ int nfails;
+ int nprobs;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ isc_result_t isc_result;
+ int result;
+
+ datapath = *av++;
+ sigpath = *av++;
+ keyname = *av++;
+ key = *av++;
+ keyid = atoi(key);
+ alg = *av++;
+ exp_result = *av++;
+ nfails = 0;
+ nprobs = 0;
+
+ if (! strcasecmp(alg, "DST_ALG_DSA"))
+ algid = DST_ALG_DSA;
+ else if (! strcasecmp(alg, "DST_ALG_RSAMD5"))
+ algid = DST_ALG_RSAMD5;
+ else {
+ t_info("Unknown algorithm %s\n", alg);
+ return(T_UNRESOLVED);
+ }
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+ ectx = NULL;
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+ isc_result = isc_entropy_createfilesource(ectx, "randomfile");
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+ isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("dst_lib_init failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
+ dst_lib_destroy();
+ t_info("library built without crypto support\n");
+ return (T_UNTESTED);
+ }
+
+ t_info("testing %s, %s, %s, %s, %s, %s\n",
+ datapath, sigpath, keyname, key, alg, exp_result);
+ t2_sigchk(datapath, sigpath, keyname, keyid,
+ algid, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+ mctx, exp_result,
+ &nfails, &nprobs);
+
+ dst_lib_destroy();
+
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ result = T_UNRESOLVED;
+ if (nfails)
+ result = T_FAIL;
+ else if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+
+ return(result);
+}
+
+static void
+t2(void) {
+ int result;
+ t_assert("dst", 2, T_REQUIRED, a2);
+ result = t_eval("dst_2_data", t2_vfy, 6);
+ t_result(result);
+}
+
+testspec_t T_testlist[] = {
+ { t1, "basic dst module verification" },
+ { t2, "signature ineffability" },
+ { NULL, NULL }
+};
+
diff --git a/bin/tests/entropy2_test.c b/bin/tests/entropy2_test.c
new file mode 100644
index 0000000..3561a4c
--- /dev/null
+++ b/bin/tests/entropy2_test.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: entropy2_test.c,v 1.16 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <isc/entropy.h>
+#include <isc/keyboard.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+static void
+hex_dump(const char *msg, void *data, unsigned int length) {
+ unsigned int len;
+ unsigned char *base;
+ isc_boolean_t first = ISC_TRUE;
+
+ base = data;
+
+ printf("DUMP of %d bytes: %s\n\t", length, msg);
+ for (len = 0; len < length; len++) {
+ if (len % 16 == 0 && !first)
+ printf("\n\t");
+ printf("%02x ", base[len]);
+ first = ISC_FALSE;
+ }
+ printf("\n");
+}
+
+static void
+CHECK(const char *msg, isc_result_t result) {
+ if (result != ISC_R_SUCCESS) {
+ printf("FAILURE: %s: %s\n", msg, isc_result_totext(result));
+ exit(1);
+ }
+}
+
+static isc_result_t
+start(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
+ isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+
+ UNUSED(source);
+
+ if (blocking)
+ printf("start called, blocking mode.\n");
+ else
+ printf("start called, non-blocking mode.\n");
+
+ return (isc_keyboard_open(kbd));
+}
+
+static void
+stop(isc_entropysource_t *source, void *arg) {
+ isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+
+ UNUSED(source);
+
+ printf("ENOUGH! Stop typing, please.\r\n");
+
+ (void)isc_keyboard_close(kbd, 3);
+ printf("stop called\n");
+}
+
+static isc_result_t
+get(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
+ isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+ isc_result_t result;
+ isc_time_t t;
+ isc_uint32_t sample;
+ isc_uint32_t extra;
+ unsigned char c;
+
+ if (!blocking)
+ return (ISC_R_NOENTROPY);
+
+ result = isc_keyboard_getchar(kbd, &c);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ TIME_NOW(&t);
+
+ sample = isc_time_nanoseconds(&t);
+ extra = c;
+
+ result = isc_entropy_addcallbacksample(source, sample, extra);
+ if (result != ISC_R_SUCCESS) {
+ printf("\r\n");
+ return (result);
+ }
+
+ printf(".");
+ fflush(stdout);
+
+ return (result);
+}
+
+int
+main(int argc, char **argv) {
+ isc_mem_t *mctx;
+ unsigned char buffer[512];
+ isc_entropy_t *ent;
+ isc_entropysource_t *source;
+ unsigned int returned;
+ unsigned int flags;
+ isc_result_t result;
+ isc_keyboard_t kbd;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ mctx = NULL;
+ CHECK("isc_mem_create()",
+ isc_mem_create(0, 0, &mctx));
+
+ ent = NULL;
+ CHECK("isc_entropy_create()",
+ isc_entropy_create(mctx, &ent));
+
+ isc_entropy_stats(ent, stderr);
+
+ source = NULL;
+ result = isc_entropy_createcallbacksource(ent, start, get, stop, &kbd,
+ &source);
+ CHECK("isc_entropy_createcallbacksource()", result);
+
+ fprintf(stderr,
+ "Reading 32 bytes of GOOD random data only, partial OK\n");
+
+ flags = 0;
+ flags |= ISC_ENTROPY_GOODONLY;
+ flags |= ISC_ENTROPY_PARTIAL;
+ flags |= ISC_ENTROPY_BLOCKING;
+ returned = 0;
+ result = isc_entropy_getdata(ent, buffer, 32, &returned, flags);
+ if (result == ISC_R_NOENTROPY) {
+ fprintf(stderr, "No entropy.\r\n");
+ }
+
+ isc_entropy_stopcallbacksources(ent);
+
+ hex_dump("good data only:", buffer, returned);
+
+ isc_entropy_stats(ent, stderr);
+
+ isc_entropy_destroysource(&source);
+ isc_entropy_detach(&ent);
+
+ isc_mem_stats(mctx, stderr);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
+
diff --git a/bin/tests/entropy_test.c b/bin/tests/entropy_test.c
new file mode 100644
index 0000000..94b1804
--- /dev/null
+++ b/bin/tests/entropy_test.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: entropy_test.c,v 1.23 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+#include <isc/string.h>
+
+static void
+hex_dump(const char *msg, void *data, unsigned int length) {
+ unsigned int len;
+ unsigned char *base;
+ isc_boolean_t first = ISC_TRUE;
+
+ base = data;
+
+ printf("DUMP of %d bytes: %s\n\t", length, msg);
+ for (len = 0; len < length; len++) {
+ if (len % 16 == 0 && !first)
+ printf("\n\t");
+ printf("%02x ", base[len]);
+ first = ISC_FALSE;
+ }
+ printf("\n");
+}
+
+static void
+CHECK(const char *msg, isc_result_t result) {
+ if (result != ISC_R_SUCCESS) {
+ printf("FAILURE: %s: %s\n", msg, isc_result_totext(result));
+ exit(1);
+ }
+}
+
+int
+main(int argc, char **argv) {
+ isc_mem_t *mctx;
+ unsigned char buffer[512];
+ isc_entropy_t *ent;
+ unsigned int returned;
+ unsigned int flags;
+ isc_result_t result;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ mctx = NULL;
+ CHECK("isc_mem_create()",
+ isc_mem_create(0, 0, &mctx));
+
+ ent = NULL;
+ CHECK("isc_entropy_create()",
+ isc_entropy_create(mctx, &ent));
+
+ isc_entropy_stats(ent, stderr);
+
+#if 1
+ CHECK("isc_entropy_createfilesource() 1",
+ isc_entropy_createfilesource(ent, "/dev/random"));
+ CHECK("isc_entropy_createfilesource() 2",
+ isc_entropy_createfilesource(ent, "/dev/random"));
+#else
+ CHECK("isc_entropy_createfilesource() 3",
+ isc_entropy_createfilesource(ent, "/tmp/foo"));
+#endif
+
+ fprintf(stderr,
+ "Reading 32 bytes of GOOD random data only, partial OK\n");
+
+ flags = 0;
+ flags |= ISC_ENTROPY_GOODONLY;
+ flags |= ISC_ENTROPY_PARTIAL;
+ result = isc_entropy_getdata(ent, buffer, 32, &returned, flags);
+ if (result == ISC_R_NOENTROPY) {
+ fprintf(stderr, "No entropy.\n");
+ goto any;
+ }
+ hex_dump("good data only:", buffer, returned);
+
+ any:
+ isc_entropy_stats(ent, stderr);
+ CHECK("isc_entropy_getdata() pseudorandom",
+ isc_entropy_getdata(ent, buffer, 128, NULL, 0));
+ hex_dump("pseudorandom data", buffer, 128);
+
+ isc_entropy_stats(ent, stderr);
+ flags = 0;
+ flags |= ISC_ENTROPY_GOODONLY;
+ flags |= ISC_ENTROPY_BLOCKING;
+ result = isc_entropy_getdata(ent, buffer, sizeof(buffer), &returned,
+ flags);
+ CHECK("good data only, blocking mode", result);
+ hex_dump("blocking mode data", buffer, sizeof(buffer));
+
+ {
+ isc_entropy_t *entcopy1 = NULL;
+ isc_entropy_t *entcopy2 = NULL;
+ isc_entropy_t *entcopy3 = NULL;
+
+ isc_entropy_attach(ent, &entcopy1);
+ isc_entropy_attach(ent, &entcopy2);
+ isc_entropy_attach(ent, &entcopy3);
+
+ isc_entropy_stats(ent, stderr);
+
+ isc_entropy_detach(&entcopy1);
+ isc_entropy_detach(&entcopy2);
+ isc_entropy_detach(&entcopy3);
+ }
+
+ isc_entropy_detach(&ent);
+ isc_mem_stats(mctx, stderr);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
+
diff --git a/bin/tests/fsaccess_test.c b/bin/tests/fsaccess_test.c
new file mode 100644
index 0000000..e6147b2
--- /dev/null
+++ b/bin/tests/fsaccess_test.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: fsaccess_test.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdio.h>
+
+#include <sys/types.h> /* Non-portable. */
+#include <sys/stat.h> /* Non-portable. */
+
+#include <isc/fsaccess.h>
+#include <isc/result.h>
+
+#define PATH "/tmp/fsaccess"
+
+int
+main(void) {
+ isc_fsaccess_t access;
+ isc_result_t result;
+
+ remove(PATH);
+ fopen(PATH, "w");
+ chmod(PATH, 0);
+
+ access = 0;
+
+ isc_fsaccess_add(ISC_FSACCESS_OWNER | ISC_FSACCESS_GROUP,
+ ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
+ &access);
+
+ printf("fsaccess=%d\n", access);
+
+ isc_fsaccess_add(ISC_FSACCESS_OTHER, ISC_FSACCESS_READ, &access);
+
+ printf("fsaccess=%d\n", access);
+
+ result = isc_fsaccess_set(PATH, access);
+ if (result != ISC_R_SUCCESS)
+ fprintf(stderr, "result = %s\n", isc_result_totext(result));
+
+ return (0);
+}
diff --git a/bin/tests/genrandom.c b/bin/tests/genrandom.c
new file mode 100644
index 0000000..34f6ac0
--- /dev/null
+++ b/bin/tests/genrandom.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: genrandom.c,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdio.h>
+#include <time.h>
+
+#include <isc/stdlib.h>
+
+int
+main(int argc, char **argv) {
+ unsigned int bytes;
+ unsigned int k;
+ char *endp;
+ FILE *fp;
+
+ if (argc != 3) {
+ printf("usage: genrandom k file\n");
+ exit(1);
+ }
+ k = strtoul(argv[1], &endp, 10);
+ if (*endp != 0) {
+ printf("usage: genrandom k file\n");
+ exit(1);
+ }
+ bytes = k << 10;
+
+ fp = fopen(argv[2], "w");
+ if (fp == NULL) {
+ printf("failed to open %s\n", argv[2]);
+ exit(1);
+ }
+
+#ifndef HAVE_ARC4RANDOM
+ srand(0x12345678);
+#endif
+ while (bytes > 0) {
+#ifndef HAVE_ARC4RANDOM
+ unsigned short int x = (rand() & 0xFFFF);
+#else
+ unsigned short int x = (arc4random() & 0xFFFF);
+#endif
+ unsigned char c = x & 0xFF;
+ if (putc(c, fp) == EOF) {
+ printf("error writing to file\n");
+ exit(1);
+ }
+ c = x >> 8;
+ if (putc(c, fp) == EOF) {
+ printf("error writing to file\n");
+ exit(1);
+ }
+ bytes -= 2;
+ }
+ fclose(fp);
+
+ return (0);
+}
diff --git a/bin/tests/gxba_test.c b/bin/tests/gxba_test.c
new file mode 100644
index 0000000..8c5558f
--- /dev/null
+++ b/bin/tests/gxba_test.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: gxba_test.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdio.h>
+
+#include <isc/net.h>
+
+#include <lwres/netdb.h>
+
+static void
+print_he(struct hostent *he, int error, const char *fun, const char *name) {
+ char **c;
+ int i;
+
+ if (he != NULL) {
+ printf("%s(%s):\n", fun, name);
+ printf("\tname = %s\n", he->h_name);
+ printf("\taddrtype = %d\n", he->h_addrtype);
+ printf("\tlength = %d\n", he->h_length);
+ c = he->h_aliases;
+ i = 1;
+ while (*c != NULL) {
+ printf("\talias[%d] = %s\n", i, *c);
+ i++;
+ c++;
+ }
+ c = he->h_addr_list;
+ i = 1;
+ while (*c != NULL) {
+ char buf[128];
+ inet_ntop(he->h_addrtype, *c, buf, sizeof(buf));
+ printf("\taddress[%d] = %s\n", i, buf);
+ c++;
+ i++;
+ }
+ } else {
+ printf("%s(%s): error = %d (%s)\n", fun, name, error,
+ hstrerror(error));
+ }
+}
+
+int
+main(int argc, char **argv) {
+ struct hostent *he;
+ int error;
+ struct in_addr in_addr;
+ struct in6_addr in6_addr;
+ void *addr;
+ int af;
+ size_t len;
+
+ (void)argc;
+
+ while (argv[1] != NULL) {
+ if (inet_pton(AF_INET, argv[1], &in_addr) == 1) {
+ af = AF_INET;
+ addr = &in_addr;
+ len = sizeof(in_addr);
+ } else if (inet_pton(AF_INET6, argv[1], &in6_addr) == 1) {
+ af = AF_INET6;
+ addr = &in6_addr;
+ len = sizeof(in6_addr);
+ } else {
+ printf("unable to convert \"%s\" to an address\n",
+ argv[1]);
+ argv++;
+ continue;
+ }
+ he = gethostbyaddr(addr, len, af);
+ print_he(he, h_errno, "gethostbyaddr", argv[1]);
+
+ he = getipnodebyaddr(addr, len, af, &error);
+ print_he(he, error, "getipnodebyaddr", argv[1]);
+ if (he != NULL)
+ freehostent(he);
+ argv++;
+ }
+ return (0);
+}
diff --git a/bin/tests/gxbn_test.c b/bin/tests/gxbn_test.c
new file mode 100644
index 0000000..28ca115
--- /dev/null
+++ b/bin/tests/gxbn_test.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: gxbn_test.c,v 1.16 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdio.h>
+
+#include <isc/net.h>
+
+#include <lwres/netdb.h>
+
+static void
+print_he(struct hostent *he, int error, const char *fun, const char *name) {
+ char **c;
+ int i;
+
+ if (he != NULL) {
+ printf("%s(%s):\n", fun, name);
+ printf("\tname = %s\n", he->h_name);
+ printf("\taddrtype = %d\n", he->h_addrtype);
+ printf("\tlength = %d\n", he->h_length);
+ c = he->h_aliases;
+ i = 1;
+ while (*c != NULL) {
+ printf("\talias[%d] = %s\n", i, *c);
+ i++;
+ c++;
+ }
+ c = he->h_addr_list;
+ i = 1;
+ while (*c != NULL) {
+ char buf[128];
+ inet_ntop(he->h_addrtype, *c, buf, sizeof(buf));
+ printf("\taddress[%d] = %s\n", i, buf);
+ c++;
+ i++;
+ }
+ } else {
+ printf("%s(%s): error = %d (%s)\n", fun, name, error,
+ hstrerror(error));
+ }
+}
+
+int
+main(int argc, char **argv) {
+ struct hostent *he;
+ int error;
+
+ (void)argc;
+
+ while (argv[1] != NULL) {
+ he = gethostbyname(argv[1]);
+ print_he(he, h_errno, "gethostbyname", argv[1]);
+
+ he = getipnodebyname(argv[1], AF_INET6, AI_DEFAULT|AI_ALL,
+ &error);
+ print_he(he, error, "getipnodebyname", argv[1]);
+ if (he != NULL)
+ freehostent(he);
+
+ he = getipnodebyname(argv[1], AF_INET6, AI_DEFAULT,
+ &error);
+ print_he(he, error, "getipnodebyname", argv[1]);
+ if (he != NULL)
+ freehostent(he);
+ argv++;
+ }
+ return (0);
+}
diff --git a/bin/tests/hash_test.c b/bin/tests/hash_test.c
new file mode 100644
index 0000000..73d397b
--- /dev/null
+++ b/bin/tests/hash_test.c
@@ -0,0 +1,289 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: hash_test.c,v 1.19 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <isc/hmacmd5.h>
+#include <isc/hmacsha.h>
+#include <isc/md5.h>
+#include <isc/sha1.h>
+#include <isc/util.h>
+#include <isc/string.h>
+
+static void
+print_digest(const char *s, const char *hash, unsigned char *d,
+ unsigned int words)
+{
+ unsigned int i, j;
+
+ printf("hash (%s) %s:\n\t", hash, s);
+ for (i = 0; i < words; i++) {
+ printf(" ");
+ for (j = 0; j < 4; j++)
+ printf("%02x", d[i * 4 + j]);
+ }
+ printf("\n");
+}
+
+int
+main(int argc, char **argv) {
+ isc_sha1_t sha1;
+ isc_sha224_t sha224;
+ isc_md5_t md5;
+ isc_hmacmd5_t hmacmd5;
+ isc_hmacsha1_t hmacsha1;
+ isc_hmacsha224_t hmacsha224;
+ isc_hmacsha256_t hmacsha256;
+ isc_hmacsha384_t hmacsha384;
+ isc_hmacsha512_t hmacsha512;
+ unsigned char digest[ISC_SHA512_DIGESTLENGTH];
+ unsigned char buffer[1024];
+ const char *s;
+ unsigned char key[20];
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ s = "abc";
+ isc_sha1_init(&sha1);
+ memcpy(buffer, s, strlen(s));
+ isc_sha1_update(&sha1, buffer, strlen(s));
+ isc_sha1_final(&sha1, digest);
+ print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+ s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+ isc_sha1_init(&sha1);
+ memcpy(buffer, s, strlen(s));
+ isc_sha1_update(&sha1, buffer, strlen(s));
+ isc_sha1_final(&sha1, digest);
+ print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+ s = "abc";
+ isc_sha224_init(&sha224);
+ memcpy(buffer, s, strlen(s));
+ isc_sha224_update(&sha224, buffer, strlen(s));
+ isc_sha224_final(digest, &sha224);
+ print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+ s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+ isc_sha224_init(&sha224);
+ memcpy(buffer, s, strlen(s));
+ isc_sha224_update(&sha224, buffer, strlen(s));
+ isc_sha224_final(digest, &sha224);
+ print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+ s = "abc";
+ isc_md5_init(&md5);
+ memcpy(buffer, s, strlen(s));
+ isc_md5_update(&md5, buffer, strlen(s));
+ isc_md5_final(&md5, digest);
+ print_digest(s, "md5", digest, 4);
+
+ /*
+ * The 3 HMAC-MD5 examples from RFC2104
+ */
+ s = "Hi There";
+ memset(key, 0x0b, 16);
+ isc_hmacmd5_init(&hmacmd5, key, 16);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
+ isc_hmacmd5_sign(&hmacmd5, digest);
+ print_digest(s, "hmacmd5", digest, 4);
+
+ s = "what do ya want for nothing?";
+ strcpy((char *)key, "Jefe");
+ isc_hmacmd5_init(&hmacmd5, key, 4);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
+ isc_hmacmd5_sign(&hmacmd5, digest);
+ print_digest(s, "hmacmd5", digest, 4);
+
+ s = "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335";
+ memset(key, 0xaa, 16);
+ isc_hmacmd5_init(&hmacmd5, key, 16);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
+ isc_hmacmd5_sign(&hmacmd5, digest);
+ print_digest(s, "hmacmd5", digest, 4);
+
+ /*
+ * The 3 HMAC-SHA1 examples from RFC4634.
+ */
+ s = "Hi There";
+ memset(key, 0x0b, 20);
+ isc_hmacsha1_init(&hmacsha1, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
+ isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
+ print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+ s = "what do ya want for nothing?";
+ strcpy((char *)key, "Jefe");
+ isc_hmacsha1_init(&hmacsha1, key, 4);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
+ isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
+ print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+ s = "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335";
+ memset(key, 0xaa, 20);
+ isc_hmacsha1_init(&hmacsha1, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
+ isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
+ print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
+
+ /*
+ * The 3 HMAC-SHA224 examples from RFC4634.
+ */
+ s = "Hi There";
+ memset(key, 0x0b, 20);
+ isc_hmacsha224_init(&hmacsha224, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
+ isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
+ print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+ s = "what do ya want for nothing?";
+ strcpy((char *)key, "Jefe");
+ isc_hmacsha224_init(&hmacsha224, key, 4);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
+ isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
+ print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+ s = "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335";
+ memset(key, 0xaa, 20);
+ isc_hmacsha224_init(&hmacsha224, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
+ isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
+ print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
+
+ /*
+ * The 3 HMAC-SHA256 examples from RFC4634.
+ */
+ s = "Hi There";
+ memset(key, 0x0b, 20);
+ isc_hmacsha256_init(&hmacsha256, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
+ isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
+ print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
+
+ s = "what do ya want for nothing?";
+ strcpy((char *)key, "Jefe");
+ isc_hmacsha256_init(&hmacsha256, key, 4);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
+ isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
+ print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
+
+ s = "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335";
+ memset(key, 0xaa, 20);
+ isc_hmacsha256_init(&hmacsha256, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
+ isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
+ print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
+
+ /*
+ * The 3 HMAC-SHA384 examples from RFC4634.
+ */
+ s = "Hi There";
+ memset(key, 0x0b, 20);
+ isc_hmacsha384_init(&hmacsha384, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
+ isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
+ print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
+
+ s = "what do ya want for nothing?";
+ strcpy((char *)key, "Jefe");
+ isc_hmacsha384_init(&hmacsha384, key, 4);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
+ isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
+ print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
+
+ s = "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335";
+ memset(key, 0xaa, 20);
+ isc_hmacsha384_init(&hmacsha384, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
+ isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
+ print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
+
+ /*
+ * The 3 HMAC-SHA512 examples from RFC4634.
+ */
+ s = "Hi There";
+ memset(key, 0x0b, 20);
+ isc_hmacsha512_init(&hmacsha512, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
+ isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
+ print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
+
+ s = "what do ya want for nothing?";
+ strcpy((char *)key, "Jefe");
+ isc_hmacsha512_init(&hmacsha512, key, 4);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
+ isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
+ print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
+
+ s = "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335"
+ "\335\335\335\335\335\335\335\335\335\335";
+ memset(key, 0xaa, 20);
+ isc_hmacsha512_init(&hmacsha512, key, 20);
+ memcpy(buffer, s, strlen(s));
+ isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
+ isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
+ print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
+
+ return (0);
+}
diff --git a/bin/tests/headerdep_test.sh.in b/bin/tests/headerdep_test.sh.in
new file mode 100644
index 0000000..3f951de
--- /dev/null
+++ b/bin/tests/headerdep_test.sh.in
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: headerdep_test.sh.in,v 1.8 2007/06/19 23:46:59 tbox Exp $
+
+#
+# Check the installed bind9 headers to make sure that no header
+# depends on another header having been included first.
+#
+
+prefix=@prefix@
+tmp=/tmp/thdr$$.tmp
+
+status=0
+
+echo "Checking for header interdependencies..."
+
+# Make a list of header files.
+(cd $prefix/include; find . -name '*.h' -print | sed 's!^./!!') > $tmp
+
+# Check each header.
+while read h
+do
+ echo " - <$h>"
+
+ # Build a test program.
+ cat <<EOF >test.c
+#include <$h>
+EOF
+
+ # Compile the test program.
+ if
+ gcc @STD_CWARNINGS@ @STD_CINCLUDES@ -I$prefix/include -c test.c 2>&1
+ then
+ :
+ else
+ status=1
+ fi
+done <$tmp
+
+rm -f test.c test.o $tmp
+
+exit $status
diff --git a/bin/tests/inter_test.c b/bin/tests/inter_test.c
new file mode 100644
index 0000000..141467c
--- /dev/null
+++ b/bin/tests/inter_test.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: inter_test.c,v 1.16 2008/03/20 23:47:00 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/interfaceiter.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+int
+main(int argc, char **argv) {
+ isc_mem_t *mctx = NULL;
+ isc_interfaceiter_t *iter = NULL;
+ isc_interface_t ifdata;
+ isc_result_t result;
+ const char * res;
+ char buf[128];
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ result = isc_interfaceiter_create(mctx, &iter);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ result = isc_interfaceiter_first(iter);
+ while (result == ISC_R_SUCCESS) {
+ result = isc_interfaceiter_current(iter, &ifdata);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout, "isc_interfaceiter_current: %s",
+ isc_result_totext(result));
+ continue;
+ }
+ fprintf(stdout, "%s %d %x\n", ifdata.name, ifdata.af,
+ ifdata.flags);
+ INSIST(ifdata.af == AF_INET || ifdata.af == AF_INET6);
+ res = inet_ntop(ifdata.af, &ifdata.address.type, buf,
+ sizeof(buf));
+ if (ifdata.address.zone != 0)
+ fprintf(stdout, "address = %s (zone %u)\n",
+ res == NULL ? "BAD" : res,
+ ifdata.address.zone);
+ else
+ fprintf(stdout, "address = %s\n",
+ res == NULL ? "BAD" : res);
+ INSIST(ifdata.address.family == ifdata.af);
+ res = inet_ntop(ifdata.af, &ifdata.netmask.type, buf,
+ sizeof(buf));
+ fprintf(stdout, "netmask = %s\n", res == NULL ? "BAD" : res);
+ INSIST(ifdata.netmask.family == ifdata.af);
+ if ((ifdata.flags & INTERFACE_F_POINTTOPOINT) != 0) {
+ res = inet_ntop(ifdata.af, &ifdata.dstaddress.type,
+ buf, sizeof(buf));
+ fprintf(stdout, "dstaddress = %s\n",
+ res == NULL ? "BAD" : res);
+
+ INSIST(ifdata.dstaddress.family == ifdata.af);
+ }
+ result = isc_interfaceiter_next(iter);
+ if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) {
+ fprintf(stdout, "isc_interfaceiter_next: %s",
+ isc_result_totext(result));
+ continue;
+ }
+ }
+ isc_interfaceiter_destroy(&iter);
+
+ fprintf(stdout, "\nPass 2\n\n");
+
+ result = isc_interfaceiter_create(mctx, &iter);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+ result = isc_interfaceiter_first(iter);
+ while (result == ISC_R_SUCCESS) {
+ result = isc_interfaceiter_current(iter, &ifdata);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout, "isc_interfaceiter_current: %s",
+ isc_result_totext(result));
+ continue;
+ }
+ fprintf(stdout, "%s %d %x\n", ifdata.name, ifdata.af,
+ ifdata.flags);
+ INSIST(ifdata.af == AF_INET || ifdata.af == AF_INET6);
+ res = inet_ntop(ifdata.af, &ifdata.address.type, buf,
+ sizeof(buf));
+ if (ifdata.address.zone != 0)
+ fprintf(stdout, "address = %s (zone %u)\n",
+ res == NULL ? "BAD" : res,
+ ifdata.address.zone);
+ else
+ fprintf(stdout, "address = %s\n",
+ res == NULL ? "BAD" : res);
+ INSIST(ifdata.address.family == ifdata.af);
+ res = inet_ntop(ifdata.af, &ifdata.netmask.type, buf,
+ sizeof(buf));
+ fprintf(stdout, "netmask = %s\n", res == NULL ? "BAD" : res);
+ INSIST(ifdata.netmask.family == ifdata.af);
+ if ((ifdata.flags & INTERFACE_F_POINTTOPOINT) != 0) {
+ res = inet_ntop(ifdata.af, &ifdata.dstaddress.type,
+ buf, sizeof(buf));
+ fprintf(stdout, "dstaddress = %s\n",
+ res == NULL ? "BAD" : res);
+
+ INSIST(ifdata.dstaddress.family == ifdata.af);
+ }
+ result = isc_interfaceiter_next(iter);
+ if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) {
+ fprintf(stdout, "isc_interfaceiter_next: %s",
+ isc_result_totext(result));
+ continue;
+ }
+ }
+ isc_interfaceiter_destroy(&iter);
+ cleanup:
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/journalprint.c b/bin/tests/journalprint.c
new file mode 100644
index 0000000..d8bd72b
--- /dev/null
+++ b/bin/tests/journalprint.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: journalprint.c,v 1.14 2008/09/25 04:02:38 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/journal.h>
+#include <dns/log.h>
+#include <dns/result.h>
+#include <dns/types.h>
+
+#include <stdlib.h>
+
+/*
+ * Setup logging to use stderr.
+ */
+static isc_result_t
+setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
+ isc_logdestination_t destination;
+ isc_logconfig_t *logconfig = NULL;
+ isc_log_t *log = NULL;
+
+ RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
+ isc_log_setcontext(log);
+ dns_log_init(log);
+ dns_log_setcontext(log);
+
+ destination.file.stream = errout;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC,
+ &destination, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+ NULL, NULL) == ISC_R_SUCCESS);
+
+ *logp = log;
+ return (ISC_R_SUCCESS);
+}
+
+int
+main(int argc, char **argv) {
+ char *file;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+ isc_log_t *lctx = NULL;
+
+ if (argc != 2) {
+ printf("usage: %s journal\n", argv[0]);
+ return(1);
+ }
+
+ file = argv[1];
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(setup_logging(mctx, stderr, &lctx) == ISC_R_SUCCESS);
+
+ result = dns_journal_print(mctx, file, stdout);
+ if (result == DNS_R_NOJOURNAL)
+ fprintf(stderr, "%s\n", dns_result_totext(result));
+ isc_log_destroy(&lctx);
+ isc_mem_detach(&mctx);
+ return(result != ISC_R_SUCCESS ? 1 : 0);
+}
diff --git a/bin/tests/keyboard_test.c b/bin/tests/keyboard_test.c
new file mode 100644
index 0000000..f278a2d
--- /dev/null
+++ b/bin/tests/keyboard_test.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: keyboard_test.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <isc/keyboard.h>
+#include <isc/util.h>
+
+static void
+CHECK(const char *msg, isc_result_t result) {
+ if (result != ISC_R_SUCCESS) {
+ printf("FAILURE: %s: %s\n", msg, isc_result_totext(result));
+ exit(1);
+ }
+}
+
+int
+main(int argc, char **argv) {
+ isc_keyboard_t kbd;
+ unsigned char c;
+ isc_result_t res;
+ unsigned int count;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ printf("Type Q to exit.\n");
+
+ res = isc_keyboard_open(&kbd);
+ CHECK("isc_keyboard_open()", res);
+
+ c = 'x';
+ count = 0;
+ while (res == ISC_R_SUCCESS && c != 'Q') {
+ res = isc_keyboard_getchar(&kbd, &c);
+ printf(".");
+ fflush(stdout);
+ count++;
+ if (count % 64 == 0)
+ printf("\r\n");
+ }
+ printf("\r\n");
+ if (res != ISC_R_SUCCESS) {
+ printf("FAILURE: keyboard getchar failed: %s\r\n",
+ isc_result_totext(res));
+ goto errout;
+ }
+
+ errout:
+ res = isc_keyboard_close(&kbd, 3);
+ CHECK("isc_keyboard_close()", res);
+
+ return (0);
+}
+
diff --git a/bin/tests/lex_test.c b/bin/tests/lex_test.c
new file mode 100644
index 0000000..8eba536
--- /dev/null
+++ b/bin/tests/lex_test.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lex_test.c,v 1.23 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <isc/commandline.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+isc_mem_t *mctx;
+isc_lex_t *lex;
+
+isc_lexspecials_t specials;
+
+static void
+print_token(isc_token_t *tokenp, FILE *stream) {
+ switch (tokenp->type) {
+ case isc_tokentype_unknown:
+ fprintf(stream, "UNKNOWN");
+ break;
+ case isc_tokentype_string:
+ fprintf(stream, "STRING %.*s",
+ (int)tokenp->value.as_region.length,
+ tokenp->value.as_region.base);
+ break;
+ case isc_tokentype_number:
+ fprintf(stream, "NUMBER %lu", tokenp->value.as_ulong);
+ break;
+ case isc_tokentype_qstring:
+ fprintf(stream, "QSTRING \"%.*s\"",
+ (int)tokenp->value.as_region.length,
+ tokenp->value.as_region.base);
+ break;
+ case isc_tokentype_eol:
+ fprintf(stream, "EOL");
+ break;
+ case isc_tokentype_eof:
+ fprintf(stream, "EOF");
+ break;
+ case isc_tokentype_initialws:
+ fprintf(stream, "INITIALWS");
+ break;
+ case isc_tokentype_special:
+ fprintf(stream, "SPECIAL %c", tokenp->value.as_char);
+ break;
+ case isc_tokentype_nomore:
+ fprintf(stream, "NOMORE");
+ break;
+ default:
+ FATAL_ERROR(__FILE__, __LINE__, "Unexpected type %d",
+ tokenp->type);
+ }
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_token_t token;
+ isc_result_t result;
+ int quiet = 0;
+ int c;
+ int masterfile = 1;
+ int stats = 0;
+ unsigned int options = 0;
+ int done = 0;
+
+ while ((c = isc_commandline_parse(argc, argv, "qmcs")) != -1) {
+ switch (c) {
+ case 'q':
+ quiet = 1;
+ break;
+ case 'm':
+ masterfile = 1;
+ break;
+ case 'c':
+ masterfile = 0;
+ break;
+ case 's':
+ stats = 1;
+ break;
+ }
+ }
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_lex_create(mctx, 256, &lex) == ISC_R_SUCCESS);
+
+ if (masterfile) {
+ /* Set up to lex DNS master file. */
+
+ specials['('] = 1;
+ specials[')'] = 1;
+ specials['"'] = 1;
+ isc_lex_setspecials(lex, specials);
+ options = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE |
+ ISC_LEXOPT_EOF |
+ ISC_LEXOPT_QSTRING | ISC_LEXOPT_NOMORE;
+ isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
+ } else {
+ /* Set up to lex DNS config file. */
+
+ specials['{'] = 1;
+ specials['}'] = 1;
+ specials[';'] = 1;
+ specials['/'] = 1;
+ specials['"'] = 1;
+ specials['!'] = 1;
+ specials['*'] = 1;
+ isc_lex_setspecials(lex, specials);
+ options = ISC_LEXOPT_EOF |
+ ISC_LEXOPT_QSTRING |
+ ISC_LEXOPT_NUMBER | ISC_LEXOPT_NOMORE;
+ isc_lex_setcomments(lex, (ISC_LEXCOMMENT_C|
+ ISC_LEXCOMMENT_CPLUSPLUS|
+ ISC_LEXCOMMENT_SHELL));
+ }
+
+ RUNTIME_CHECK(isc_lex_openstream(lex, stdin) == ISC_R_SUCCESS);
+
+ while ((result = isc_lex_gettoken(lex, options, &token)) ==
+ ISC_R_SUCCESS && !done) {
+ if (!quiet) {
+ char *name = isc_lex_getsourcename(lex);
+ print_token(&token, stdout);
+ printf(" line = %lu file = %s\n",
+ isc_lex_getsourceline(lex),
+ (name == NULL) ? "<none>" : name);
+ }
+ if (token.type == isc_tokentype_eof)
+ isc_lex_close(lex);
+ if (token.type == isc_tokentype_nomore)
+ done = 1;
+ }
+ if (result != ISC_R_SUCCESS)
+ printf("Result: %s\n", isc_result_totext(result));
+
+ isc_lex_close(lex);
+ isc_lex_destroy(&lex);
+ if (!quiet && stats)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/lfsr_test.c b/bin/tests/lfsr_test.c
new file mode 100644
index 0000000..4150b2d
--- /dev/null
+++ b/bin/tests/lfsr_test.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lfsr_test.c,v 1.16 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+#include <config.h>
+
+#include <stdio.h>
+
+#include <isc/lfsr.h>
+#include <isc/util.h>
+
+isc_uint32_t state[1024 * 64];
+
+int
+main(int argc, char **argv) {
+ isc_lfsr_t lfsr1, lfsr2;
+ int i;
+ isc_uint32_t temp;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ /*
+ * Verify that returned values are reproducable.
+ */
+ isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
+ for (i = 0; i < 32; i++) {
+ isc_lfsr_generate(&lfsr1, &state[i], 4);
+ printf("lfsr1: state[%2d] = %08x\n", i, state[i]);
+ }
+ isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
+ for (i = 0; i < 32; i++) {
+ isc_lfsr_generate(&lfsr1, &temp, 4);
+ if (state[i] != temp)
+ printf("lfsr1: state[%2d] = %08x, "
+ "but new state is %08x\n",
+ i, state[i], temp);
+ }
+
+ /*
+ * Now do the same with skipping.
+ */
+ isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
+ for (i = 0; i < 32; i++) {
+ isc_lfsr_generate(&lfsr1, &state[i], 4);
+ isc_lfsr_skip(&lfsr1, 32);
+ printf("lfsr1: state[%2d] = %08x\n", i, state[i]);
+ }
+ isc_lfsr_init(&lfsr1, 0, 32, 0x80000057U, 0, NULL, NULL);
+ for (i = 0; i < 32; i++) {
+ isc_lfsr_generate(&lfsr1, &temp, 4);
+ isc_lfsr_skip(&lfsr1, 32);
+ if (state[i] != temp)
+ printf("lfsr1: state[%2d] = %08x, "
+ "but new state is %08x\n",
+ i, state[i], temp);
+ }
+
+ /*
+ * Try to find the period of the LFSR.
+ *
+ * x^16 + x^5 + x^3 + x^2 + 1
+ */
+ isc_lfsr_init(&lfsr2, 0, 16, 0x00008016U, 0, NULL, NULL);
+ for (i = 0; i < 32; i++) {
+ isc_lfsr_generate(&lfsr2, &state[i], 4);
+ printf("lfsr2: state[%2d] = %08x\n", i, state[i]);
+ }
+ isc_lfsr_init(&lfsr2, 0, 16, 0x00008016U, 0, NULL, NULL);
+ for (i = 0; i < 32; i++) {
+ isc_lfsr_generate(&lfsr2, &temp, 4);
+ if (state[i] != temp)
+ printf("lfsr2: state[%2d] = %08x, "
+ "but new state is %08x\n",
+ i, state[i], temp);
+ }
+
+ return (0);
+}
diff --git a/bin/tests/log_test.c b/bin/tests/log_test.c
new file mode 100644
index 0000000..09b5fec
--- /dev/null
+++ b/bin/tests/log_test.c
@@ -0,0 +1,338 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: log_test.c,v 1.26 2007/06/19 23:46:59 tbox Exp $ */
+
+/* Principal Authors: DCL */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+
+#include <dns/log.h>
+
+#define TEST_FILE "/tmp/test_log"
+#define SYSLOG_FILE "/var/log/daemon.log"
+#define FILE_VERSIONS 10
+
+char usage[] = "Usage: %s [-m] [-s syslog_logfile] [-r file_versions]\n";
+
+#define CHECK(expr) result = expr; \
+ if (result != ISC_R_SUCCESS) { \
+ fprintf(stderr, "%s: " #expr "%s: exiting\n", \
+ progname, isc_result_totext(result)); \
+ }
+
+int
+main(int argc, char **argv) {
+ const char *progname, *syslog_file, *message;
+ int ch, i, file_versions, stderr_line;
+ isc_boolean_t show_final_mem = ISC_FALSE;
+ isc_log_t *lctx;
+ isc_logconfig_t *lcfg;
+ isc_mem_t *mctx;
+ isc_result_t result;
+ isc_logdestination_t destination;
+ const isc_logcategory_t *category;
+ const isc_logmodule_t *module;
+
+ progname = strrchr(*argv, '/');
+ if (progname != NULL)
+ progname++;
+ else
+ progname = *argv;
+
+ syslog_file = SYSLOG_FILE;
+ file_versions = FILE_VERSIONS;
+
+ while ((ch = isc_commandline_parse(argc, argv, "ms:r:")) != -1) {
+ switch (ch) {
+ case 'm':
+ show_final_mem = ISC_TRUE;
+ break;
+ case 's':
+ syslog_file = isc_commandline_argument;
+ break;
+ case 'r':
+ file_versions = atoi(isc_commandline_argument);
+ if (file_versions < 0 &&
+ file_versions != ISC_LOG_ROLLNEVER &&
+ file_versions != ISC_LOG_ROLLINFINITE) {
+ fprintf(stderr, "%s: file rotations must be "
+ "%d (ISC_LOG_ROLLNEVER),\n\t"
+ "%d (ISC_LOG_ROLLINFINITE) "
+ "or > 0\n", progname,
+ ISC_LOG_ROLLNEVER,
+ ISC_LOG_ROLLINFINITE);
+ exit(1);
+ }
+ break;
+ case '?':
+ fprintf(stderr, usage, progname);
+ exit(1);
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 0) {
+ fprintf(stderr, usage, progname);
+ exit(1);
+ }
+
+ fprintf(stderr, "EXPECT:\n%s%d%s%s%s",
+ "8 lines to stderr (first 4 numbered, #3 repeated)\n",
+ file_versions == 0 || file_versions == ISC_LOG_ROLLNEVER ? 1 :
+ file_versions > 0 ? file_versions + 1 : FILE_VERSIONS + 1,
+ " " TEST_FILE " files, and\n",
+ "2 lines to syslog\n",
+ "lines ending with exclamation marks are errors\n\n");
+
+ isc_log_opensyslog(progname, LOG_PID, LOG_DAEMON);
+
+ mctx = NULL;
+ lctx = NULL;
+ lcfg = NULL;
+
+ CHECK(isc_mem_create(0, 0, &mctx));
+ CHECK(isc_log_create(mctx, &lctx, &lcfg));
+
+ CHECK(isc_log_settag(lcfg, progname));
+
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+
+ /*
+ * Test isc_log_categorybyname and isc_log_modulebyname.
+ */
+ category = isc_log_categorybyname(lctx, "notify");
+ if (category != NULL)
+ fprintf(stderr, "%s category found. (expected)\n",
+ category->name);
+ else
+ fprintf(stderr, "notify category not found!\n");
+
+ module = isc_log_modulebyname(lctx, "xyzzy");
+ if (module != NULL)
+ fprintf(stderr, "%s module found!\n", module->name);
+ else
+ fprintf(stderr, "xyzzy module not found. (expected)\n");
+
+ /*
+ * Create a file channel to test file opening, size limiting and
+ * version rolling.
+ */
+
+ destination.file.name = TEST_FILE;
+ destination.file.maximum_size = 1;
+ destination.file.versions = file_versions;
+
+ CHECK(isc_log_createchannel(lcfg, "file_test", ISC_LOG_TOFILE,
+ ISC_LOG_INFO, &destination,
+ ISC_LOG_PRINTTIME|
+ ISC_LOG_PRINTTAG|
+ ISC_LOG_PRINTLEVEL|
+ ISC_LOG_PRINTCATEGORY|
+ ISC_LOG_PRINTMODULE));
+
+ /*
+ * Create a dynamic debugging channel to a file descriptor.
+ */
+ destination.file.stream = stderr;
+
+ CHECK(isc_log_createchannel(lcfg, "debug_test", ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC, &destination,
+ ISC_LOG_PRINTTIME|
+ ISC_LOG_PRINTLEVEL|
+ ISC_LOG_DEBUGONLY));
+
+ /*
+ * Test the usability of the four predefined logging channels.
+ */
+ CHECK(isc_log_usechannel(lcfg, "default_syslog",
+ DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_CACHE));
+ CHECK(isc_log_usechannel(lcfg, "default_stderr",
+ DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_CACHE));
+ CHECK(isc_log_usechannel(lcfg, "default_debug",
+ DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_CACHE));
+ CHECK(isc_log_usechannel(lcfg, "null",
+ DNS_LOGCATEGORY_DATABASE,
+ NULL));
+
+ /*
+ * Use the custom channels.
+ */
+ CHECK(isc_log_usechannel(lcfg, "file_test",
+ DNS_LOGCATEGORY_GENERAL,
+ DNS_LOGMODULE_DB));
+
+ CHECK(isc_log_usechannel(lcfg, "debug_test",
+ DNS_LOGCATEGORY_GENERAL,
+ DNS_LOGMODULE_RBTDB));
+
+ fprintf(stderr, "\n==> stderr begin\n");
+
+ /*
+ * Write to the internal default by testing both a category for which
+ * no channel has been specified and a category which was specified
+ * but not with the named module.
+ */
+ stderr_line = 1;
+
+ isc_log_write(lctx, DNS_LOGCATEGORY_SECURITY, DNS_LOGMODULE_RBT,
+ ISC_LOG_CRITICAL, "%s (%d)",
+ "Unspecified category and unspecified module to stderr",
+ stderr_line++);
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBT,
+ ISC_LOG_CRITICAL, "%s (%d)",
+ "Specified category and unspecified module to stderr",
+ stderr_line++);
+
+ /*
+ * Write to default_syslog, default_stderr and default_debug.
+ */
+ isc_log_write(lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE,
+ ISC_LOG_WARNING, "%s (%d twice)",
+ "Using the predefined channels to syslog+stderr",
+ stderr_line++);
+
+ /*
+ * Write to predefined null channel.
+ */
+ isc_log_write(lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_INFO, "This is to null and should not appear!");
+
+ /*
+ * Reset the internal default to use syslog instead of stderr,
+ * and test it.
+ */
+ CHECK(isc_log_usechannel(lcfg, "default_syslog",
+ ISC_LOGCATEGORY_DEFAULT, NULL));
+ isc_log_write(lctx, DNS_LOGCATEGORY_SECURITY, DNS_LOGMODULE_RBT,
+ ISC_LOG_ERROR, "%s%s",
+ "This message to the redefined default category should ",
+ "be second in syslog");
+ /*
+ * Write to the file channel.
+ */
+ if (file_versions >= 0 || file_versions == ISC_LOG_ROLLINFINITE) {
+
+ /*
+ * If file_versions is 0 or ISC_LOG_ROLLINFINITE, write
+ * the "should not appear" and "should be in file" messages
+ * to ensure they get rolled.
+ */
+ if (file_versions <= 0)
+ file_versions = FILE_VERSIONS;
+
+ else
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL,
+ DNS_LOGMODULE_DB, ISC_LOG_NOTICE,
+ "This should be rolled over "
+ "and not appear!");
+
+ for (i = file_versions - 1; i >= 0; i--)
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL,
+ DNS_LOGMODULE_DB, ISC_LOG_NOTICE,
+ "should be in file %d/%d", i,
+ file_versions - 1);
+
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL,
+ DNS_LOGMODULE_DB, ISC_LOG_NOTICE,
+ "should be in base file");
+ } else {
+ file_versions = FILE_VERSIONS;
+ for (i = 1; i <= file_versions; i++)
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL,
+ DNS_LOGMODULE_DB, ISC_LOG_NOTICE,
+ "This is message %d in the log file", i);
+ }
+
+
+ /*
+ * Write a debugging message to a category that has no
+ * debugging channels for the named module.
+ */
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DB,
+ ISC_LOG_DEBUG(1),
+ "This debug message should not appear!");
+
+ /*
+ * Write debugging messages to a dynamic debugging channel.
+ */
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_CRITICAL, "This critical message should "
+ "not appear because the debug level is 0!");
+
+ isc_log_setdebuglevel(lctx, 3);
+
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_DEBUG(1), "%s (%d)",
+ "Dynamic debugging to stderr", stderr_line++);
+ isc_log_write(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_DEBUG(5),
+ "This debug level is too high and should not appear!");
+
+ /*
+ * Test out the duplicate filtering using the debug_test channel.
+ */
+ isc_log_setduplicateinterval(lcfg, 10);
+ message = "This message should appear only once on stderr";
+
+ isc_log_write1(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_CRITICAL, "%s", message);
+ isc_log_write1(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_CRITICAL, message);
+
+ isc_log_setduplicateinterval(lcfg, 1);
+ message = "This message should appear twice on stderr";
+
+ isc_log_write1(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_CRITICAL, message);
+ sleep(2);
+ isc_log_write1(lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_RBTDB,
+ ISC_LOG_CRITICAL, message);
+
+ /*
+ * Review where everything went.
+ * XXXDCL NT
+ */
+ fputc('\n', stderr);
+ system("head " TEST_FILE "*; rm -f " TEST_FILE "*");
+
+ freopen(syslog_file, "r", stdin);
+ fprintf(stderr, "\n==> %s <==\n", syslog_file);
+ system("tail -2");
+ fputc('\n', stderr);
+
+ isc_log_destroy(&lctx);
+
+ if (show_final_mem)
+ isc_mem_stats(mctx, stderr);
+
+ return (0);
+}
diff --git a/bin/tests/lwres_test.c b/bin/tests/lwres_test.c
new file mode 100644
index 0000000..9620258
--- /dev/null
+++ b/bin/tests/lwres_test.c
@@ -0,0 +1,304 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwres_test.c,v 1.31 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/mem.h>
+#include <isc/netaddr.h>
+#include <isc/util.h>
+
+#include <lwres/lwres.h>
+
+#define USE_ISC_MEM
+
+static inline void
+CHECK(int val, const char *msg) {
+ if (val != 0) {
+ fprintf(stderr, "%s returned %d\n", msg, val);
+ exit(1);
+ }
+}
+
+static void
+hexdump(const char *msg, void *base, size_t len) {
+ unsigned char *p;
+ unsigned int cnt;
+
+ p = base;
+ cnt = 0;
+
+ printf("*** %s (%lu bytes @ %p)\n", msg, (unsigned long)len, base);
+
+ while (cnt < len) {
+ if (cnt % 16 == 0)
+ printf("%p: ", p);
+ else if (cnt % 8 == 0)
+ printf(" |");
+ printf(" %02x", *p++);
+ cnt++;
+
+ if (cnt % 16 == 0)
+ printf("\n");
+ }
+
+ if (cnt % 16 != 0)
+ printf("\n");
+}
+
+static const char *TESTSTRING = "This is a test. This is only a test. !!!";
+static lwres_context_t *ctx;
+
+static void
+test_noop(void) {
+ int ret;
+ lwres_lwpacket_t pkt, pkt2;
+ lwres_nooprequest_t nooprequest, *nooprequest2;
+ lwres_noopresponse_t noopresponse, *noopresponse2;
+ lwres_buffer_t b;
+
+ pkt.pktflags = 0;
+ pkt.serial = 0x11223344;
+ pkt.recvlength = 0x55667788;
+ pkt.result = 0;
+
+ nooprequest.datalength = strlen(TESTSTRING);
+ /* XXXDCL maybe "nooprequest.data" should be const. */
+ DE_CONST(TESTSTRING, nooprequest.data);
+ ret = lwres_nooprequest_render(ctx, &nooprequest, &pkt, &b);
+ CHECK(ret, "lwres_nooprequest_render");
+
+ hexdump("rendered noop request", b.base, b.used);
+
+ /*
+ * Now, parse it into a new structure.
+ */
+ lwres_buffer_first(&b);
+ ret = lwres_lwpacket_parseheader(&b, &pkt2);
+ CHECK(ret, "lwres_lwpacket_parseheader");
+
+ hexdump("parsed pkt2", &pkt2, sizeof(pkt2));
+
+ nooprequest2 = NULL;
+ ret = lwres_nooprequest_parse(ctx, &b, &pkt2, &nooprequest2);
+ CHECK(ret, "lwres_nooprequest_parse");
+
+ assert(nooprequest.datalength == nooprequest2->datalength);
+ assert(memcmp(nooprequest.data, nooprequest2->data,
+ nooprequest.datalength) == 0);
+
+ lwres_nooprequest_free(ctx, &nooprequest2);
+
+ lwres_context_freemem(ctx, b.base, b.length);
+ b.base = NULL;
+ b.length = 0;
+
+ pkt.pktflags = 0;
+ pkt.serial = 0x11223344;
+ pkt.recvlength = 0x55667788;
+ pkt.result = 0xdeadbeef;
+
+ noopresponse.datalength = strlen(TESTSTRING);
+ /* XXXDCL maybe "noopresponse.data" should be const. */
+ DE_CONST(TESTSTRING, noopresponse.data);
+ ret = lwres_noopresponse_render(ctx, &noopresponse, &pkt, &b);
+ CHECK(ret, "lwres_noopresponse_render");
+
+ hexdump("rendered noop response", b.base, b.used);
+
+ /*
+ * Now, parse it into a new structure.
+ */
+ lwres_buffer_first(&b);
+ ret = lwres_lwpacket_parseheader(&b, &pkt2);
+ CHECK(ret, "lwres_lwpacket_parseheader");
+
+ hexdump("parsed pkt2", &pkt2, sizeof(pkt2));
+
+ noopresponse2 = NULL;
+ ret = lwres_noopresponse_parse(ctx, &b, &pkt2, &noopresponse2);
+ CHECK(ret, "lwres_noopresponse_parse");
+
+ assert(noopresponse.datalength == noopresponse2->datalength);
+ assert(memcmp(noopresponse.data, noopresponse2->data,
+ noopresponse.datalength) == 0);
+
+ lwres_noopresponse_free(ctx, &noopresponse2);
+
+ lwres_context_freemem(ctx, b.base, b.length);
+ b.base = NULL;
+ b.length = 0;
+}
+
+static void
+test_gabn(const char *target) {
+ lwres_gabnresponse_t *res;
+ lwres_addr_t *addr;
+ int ret;
+ unsigned int i;
+ char outbuf[64];
+
+ res = NULL;
+ ret = lwres_getaddrsbyname(ctx, target,
+ LWRES_ADDRTYPE_V4 | LWRES_ADDRTYPE_V6,
+ &res);
+ printf("gabn %s ret == %d\n", target, ret);
+ if (ret != 0) {
+ printf("FAILURE!\n");
+ if (res != NULL)
+ lwres_gabnresponse_free(ctx, &res);
+ return;
+ }
+
+ printf("Returned real name: (%u, %s)\n",
+ res->realnamelen, res->realname);
+ printf("%u aliases:\n", res->naliases);
+ for (i = 0; i < res->naliases; i++)
+ printf("\t(%u, %s)\n", res->aliaslen[i], res->aliases[i]);
+ printf("%u addresses:\n", res->naddrs);
+ addr = LWRES_LIST_HEAD(res->addrs);
+ for (i = 0; i < res->naddrs; i++) {
+ INSIST(addr != NULL);
+
+ if (addr->family == LWRES_ADDRTYPE_V4)
+ (void)inet_ntop(AF_INET, addr->address,
+ outbuf, sizeof(outbuf));
+ else
+ (void)inet_ntop(AF_INET6, addr->address,
+ outbuf, sizeof(outbuf));
+ printf("\tAddr len %u family %08x %s\n",
+ addr->length, addr->family, outbuf);
+ addr = LWRES_LIST_NEXT(addr, link);
+ }
+
+ lwres_gabnresponse_free(ctx, &res);
+}
+
+static void
+test_gnba(const char *target, lwres_uint32_t af) {
+ lwres_gnbaresponse_t *res;
+ int ret;
+ unsigned int i;
+ unsigned char addrbuf[16];
+ unsigned int len;
+
+ if (af == LWRES_ADDRTYPE_V4) {
+ len = 4;
+ ret = inet_pton(AF_INET, target, addrbuf);
+ assert(ret == 1);
+ } else {
+ len = 16;
+ ret = inet_pton(AF_INET6, target, addrbuf);
+ assert(ret == 1);
+ }
+
+ res = NULL;
+ ret = lwres_getnamebyaddr(ctx, af, len, addrbuf, &res);
+ printf("gnba %s ret == %d\n", target, ret);
+ assert(ret == 0);
+ assert(res != NULL);
+
+ printf("Returned real name: (%u, %s)\n",
+ res->realnamelen, res->realname);
+ printf("%u aliases:\n", res->naliases);
+ for (i = 0; i < res->naliases; i++)
+ printf("\t(%u, %s)\n", res->aliaslen[i], res->aliases[i]);
+
+ lwres_gnbaresponse_free(ctx, &res);
+}
+
+#ifdef USE_ISC_MEM
+/*
+ * Wrappers around our memory management stuff, for the lwres functions.
+ */
+static void *
+mem_alloc(void *arg, size_t size) {
+ return (isc_mem_get(arg, size));
+}
+
+static void
+mem_free(void *arg, void *mem, size_t size) {
+ isc_mem_put(arg, mem, size);
+}
+#endif
+
+int
+main(int argc, char *argv[]) {
+ int ret;
+#ifdef USE_ISC_MEM
+ isc_mem_t *mem;
+ isc_result_t result;
+#endif
+
+ (void)argc;
+ (void)argv;
+
+#ifdef USE_ISC_MEM
+ mem = NULL;
+ result = isc_mem_create(0, 0, &mem);
+ INSIST(result == ISC_R_SUCCESS);
+#endif
+
+ ctx = NULL;
+#ifdef USE_ISC_MEM
+ ret = lwres_context_create(&ctx, mem, mem_alloc, mem_free, 0);
+#else
+ ret = lwres_context_create(&ctx, NULL, NULL, NULL, 0);
+#endif
+
+ CHECK(ret, "lwres_context_create");
+
+ ret = lwres_conf_parse(ctx, "/etc/resolv.conf");
+ CHECK(ret, "lwres_conf_parse");
+
+ lwres_conf_print(ctx, stdout);
+
+ test_noop();
+
+ /*
+ * The following comments about tests all assume your search path is
+ * nominum.com isc.org flame.org
+ * and ndots is the default of 1.
+ */
+ test_gabn("alias-05.test"); /* exact, then search. */
+ test_gabn("f.root-servers.net.");
+ test_gabn("poofball.flame.org.");
+ test_gabn("foo.ip6.int.");
+ test_gabn("notthereatall.flame.org"); /* exact, then search (!found)*/
+ test_gabn("shell"); /* search (found in nominum.com), then exact */
+ test_gabn("kechara"); /* search (found in flame.org), then exact */
+ test_gabn("lkasdjlaksjdlkasjdlkasjdlkasjd"); /* search, exact(!found)*/
+
+ test_gnba("198.133.199.1", LWRES_ADDRTYPE_V4);
+ test_gnba("204.152.184.79", LWRES_ADDRTYPE_V4);
+ test_gnba("3ffe:8050:201:1860:42::1", LWRES_ADDRTYPE_V6);
+
+ lwres_conf_clear(ctx);
+ lwres_context_destroy(&ctx);
+
+#ifdef USE_ISC_MEM
+ isc_mem_stats(mem, stdout);
+ isc_mem_destroy(&mem);
+#endif
+
+ return (0);
+}
diff --git a/bin/tests/lwresconf_test.c b/bin/tests/lwresconf_test.c
new file mode 100644
index 0000000..48e839f
--- /dev/null
+++ b/bin/tests/lwresconf_test.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwresconf_test.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <lwres/lwres.h>
+
+#define USE_ISC_MEM
+
+static inline void
+CHECK(int val, const char *msg) {
+ if (val != 0) {
+ fprintf(stderr, "%s returned %d\n", msg, val);
+ exit(1);
+ }
+}
+
+#ifdef USE_ISC_MEM
+/*
+ * Wrappers around our memory management stuff, for the lwres functions.
+ */
+static void *
+mem_alloc(void *arg, size_t size) {
+ return (isc_mem_get(arg, size));
+}
+
+static void
+mem_free(void *arg, void *mem, size_t size) {
+ isc_mem_put(arg, mem, size);
+}
+#endif
+
+int
+main(int argc, char *argv[]) {
+ lwres_context_t *ctx;
+ const char *file = "/etc/resolv.conf";
+ int ret;
+#ifdef USE_ISC_MEM
+ isc_mem_t *mem;
+ isc_result_t result;
+#endif
+
+ if (argc > 1) {
+ file = argv[1];
+ }
+
+#ifdef USE_ISC_MEM
+ mem = NULL;
+ result = isc_mem_create(0, 0, &mem);
+ INSIST(result == ISC_R_SUCCESS);
+#endif
+
+ ctx = NULL;
+#ifdef USE_ISC_MEM
+ ret = lwres_context_create(&ctx, mem, mem_alloc, mem_free, 0);
+#else
+ ret = lwres_context_create(&ctx, NULL, NULL, NULL, 0);
+#endif
+ CHECK(ret, "lwres_context_create");
+
+ lwres_conf_init(ctx);
+ if (lwres_conf_parse(ctx, file) == 0) {
+ lwres_conf_print(ctx, stderr);
+ } else {
+ perror("lwres_conf_parse");
+ }
+
+ lwres_conf_clear(ctx);
+ lwres_context_destroy(&ctx);
+
+#ifdef USE_ISC_MEM
+ isc_mem_stats(mem, stdout);
+ isc_mem_destroy(&mem);
+#endif
+
+ return (0);
+}
diff --git a/bin/tests/master/Makefile.in b/bin/tests/master/Makefile.in
new file mode 100644
index 0000000..03125da
--- /dev/null
+++ b/bin/tests/master/Makefile.in
@@ -0,0 +1,58 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.28 2007/06/19 23:47:00 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+# Note that we do not want to use libtool for libt_api
+DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TLIB = ../../../lib/tests/libt_api.@A@
+
+TARGETS = t_master@EXEEXT@
+
+SRCS = t_master.c
+
+@BIND9_MAKE_RULES@
+
+t_master@EXEEXT@: t_master.@O@ ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_master.@O@ ${TLIB} ${LIBS}
+
+test: t_master@EXEEXT@
+ -@ ./t_master@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -a
+
+testhelp:
+ @ ./t_master@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/master/dns_master_load_10_data b/bin/tests/master/dns_master_load_10_data
new file mode 100644
index 0000000..cfaa3fb
--- /dev/null
+++ b/bin/tests/master/dns_master_load_10_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 9
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master10.data test in ISC_R_SUCCESS
diff --git a/bin/tests/master/dns_master_load_11_data b/bin/tests/master/dns_master_load_11_data
new file mode 100644
index 0000000..7b667b2
--- /dev/null
+++ b/bin/tests/master/dns_master_load_11_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 11
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master11.data test in ISC_R_SUCCESS
diff --git a/bin/tests/master/dns_master_load_1_data b/bin/tests/master/dns_master_load_1_data
new file mode 100644
index 0000000..fc92c74
--- /dev/null
+++ b/bin/tests/master/dns_master_load_1_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 1
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master1.data test in ISC_R_SUCCESS
diff --git a/bin/tests/master/dns_master_load_2_data b/bin/tests/master/dns_master_load_2_data
new file mode 100644
index 0000000..a6e44b3
--- /dev/null
+++ b/bin/tests/master/dns_master_load_2_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 2
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master2.data test in ISC_R_UNEXPECTEDEND
diff --git a/bin/tests/master/dns_master_load_3_data b/bin/tests/master/dns_master_load_3_data
new file mode 100644
index 0000000..9dbdfb2
--- /dev/null
+++ b/bin/tests/master/dns_master_load_3_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 3
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master3.data test in DNS_R_NOOWNER
diff --git a/bin/tests/master/dns_master_load_4_data b/bin/tests/master/dns_master_load_4_data
new file mode 100644
index 0000000..66ad1ff
--- /dev/null
+++ b/bin/tests/master/dns_master_load_4_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 4
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master4.data test in ISC_R_SUCCESS
diff --git a/bin/tests/master/dns_master_load_5_data b/bin/tests/master/dns_master_load_5_data
new file mode 100644
index 0000000..56e33ba
--- /dev/null
+++ b/bin/tests/master/dns_master_load_5_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 5
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master5.data test in DNS_R_BADCLASS
diff --git a/bin/tests/master/dns_master_load_6_data b/bin/tests/master/dns_master_load_6_data
new file mode 100644
index 0000000..d14aa88
--- /dev/null
+++ b/bin/tests/master/dns_master_load_6_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 6
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master6.data test in ISC_R_SUCCESS
diff --git a/bin/tests/master/dns_master_load_7_data b/bin/tests/master/dns_master_load_7_data
new file mode 100644
index 0000000..dbe7ef9
--- /dev/null
+++ b/bin/tests/master/dns_master_load_7_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 7
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master7.data test in ISC_R_SUCCESS
diff --git a/bin/tests/master/dns_master_load_8_data b/bin/tests/master/dns_master_load_8_data
new file mode 100644
index 0000000..b109d43
--- /dev/null
+++ b/bin/tests/master/dns_master_load_8_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 8
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master8.data test in DNS_R_SEENINCLUDE
diff --git a/bin/tests/master/dns_master_load_9_data b/bin/tests/master/dns_master_load_9_data
new file mode 100644
index 0000000..af36072
--- /dev/null
+++ b/bin/tests/master/dns_master_load_9_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_master_load test 9
+#
+# format is:
+# masterfile origin class expected_result
+# where
+# masterfile name is the name of a file containing master data
+# origin is the origin
+# class is the zone's class
+# expected_result is a text representation of a dns_result_t
+#
+master9.data test in DNS_R_BADCLASS
diff --git a/bin/tests/master/master1.data b/bin/tests/master/master1.data
new file mode 100644
index 0000000..9b81474
--- /dev/null
+++ b/bin/tests/master/master1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/master/master10.data b/bin/tests/master/master10.data
new file mode 100644
index 0000000..9ee052f
--- /dev/null
+++ b/bin/tests/master/master10.data
@@ -0,0 +1,7 @@
+;
+; the following black line contains spaces
+
+;
+@ 300 IN A 10.0.0.1
+ ;
+;
diff --git a/bin/tests/master/master11.data b/bin/tests/master/master11.data
new file mode 100644
index 0000000..0aaec25
--- /dev/null
+++ b/bin/tests/master/master11.data
@@ -0,0 +1,6 @@
+;
+; The following serial number contains a leading 0 and a 9 so the
+; we can catch cases where it is incorrectly treated as a octal
+; number.
+;
+@ 300 IN SOA ns hostmaster 00090000 1200 3600 604800 300
diff --git a/bin/tests/master/master2.data b/bin/tests/master/master2.data
new file mode 100644
index 0000000..b8ca38d
--- /dev/null
+++ b/bin/tests/master/master2.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/master/master3.data b/bin/tests/master/master3.data
new file mode 100644
index 0000000..7283af6
--- /dev/null
+++ b/bin/tests/master/master3.data
@@ -0,0 +1,11 @@
+$TTL 1000
+ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.vix.com
+ in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/master/master4.data b/bin/tests/master/master4.data
new file mode 100644
index 0000000..3a694ea
--- /dev/null
+++ b/bin/tests/master/master4.data
@@ -0,0 +1,11 @@
+
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/master/master5.data b/bin/tests/master/master5.data
new file mode 100644
index 0000000..95234bd
--- /dev/null
+++ b/bin/tests/master/master5.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a any ns ns.vix.com.
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/bin/tests/master/master6.data b/bin/tests/master/master6.data
new file mode 100644
index 0000000..a9a37bb
--- /dev/null
+++ b/bin/tests/master/master6.data
@@ -0,0 +1,33 @@
+
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+secure1 3600 IN DNSKEY (
+ FLAG2|FLAG4|FLAG5|NTYP3|FLAG8|FLAG9|FLAG10|FLAG11|SIG15
+ 3 3
+ ArT0a8FtOZWEONG2YQVl9+RA34op30JPz4NPEroCxm2yImT2
+ 2OYggnPIzrgayyepgKU1PfTTypnJDTwrSrtISyEsj7tjM7/n
+ 03DP8VWSn0aLwpUuc7Sx9vtM1Wi+YeiA4Bv2Oz1VB9de4qql
+ sIq+KLn8J4wz95bGnJ0mHUB7oTDJ3Hl1zeaCMdX69Kr46yAY
+ AvGJJdGGDYxYgxzx2zNdzypkYSkxpdsNqUt38tabSfdvCn12
+ pnmSWjlVJsjHhsaYnrPhouN5acOXMNbxNVbGU5LZ8Es6EYbV
+ /7YMt8VUkA8/8UCszBBT7XAJ3OFjiMO8mvxrZZFzvwJlPBQ1
+ oFq/TNZlSe+N )
+
+secure2 3600 in DNSKEY (
+ flag2|flag4|flag5|ntyp3|flag8|flag9|flag10|flag11|sig15
+ 3 3
+ ArT0a8FtOZWEONG2YQVl9+RA34op30JPz4NPEroCxm2yImT2
+ 2OYggnPIzrgayyepgKU1PfTTypnJDTwrSrtISyEsj7tjM7/n
+ 03DP8VWSn0aLwpUuc7Sx9vtM1Wi+YeiA4Bv2Oz1VB9de4qql
+ sIq+KLn8J4wz95bGnJ0mHUB7oTDJ3Hl1zeaCMdX69Kr46yAY
+ AvGJJdGGDYxYgxzx2zNdzypkYSkxpdsNqUt38tabSfdvCn12
+ pnmSWjlVJsjHhsaYnrPhouN5acOXMNbxNVbGU5LZ8Es6EYbV
+ /7YMt8VUkA8/8UCszBBT7XAJ3OFjiMO8mvxrZZFzvwJlPBQ1
+ oFq/TNZlSe+N )
+
diff --git a/bin/tests/master/master7.data b/bin/tests/master/master7.data
new file mode 100644
index 0000000..2638b5d
--- /dev/null
+++ b/bin/tests/master/master7.data
@@ -0,0 +1,17 @@
+
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+secure1 3600 IN DNSKEY (
+ NOKEY|FLAG2|FLAG4|FLAG5|NTYP3|FLAG8|FLAG9|FLAG10|FLAG11|SIG15
+ 3 3 )
+
+secure2 3600 in DNSKEY (
+ nokey|flag2|flag4|flag5|ntyp3|flag8|flag9|flag10|flag11|sig15
+ 3 3 )
+
diff --git a/bin/tests/master/master8.data b/bin/tests/master/master8.data
new file mode 100644
index 0000000..58bded9
--- /dev/null
+++ b/bin/tests/master/master8.data
@@ -0,0 +1,4 @@
+;
+; master7.data contains a good zone file
+;
+$include master7.data
diff --git a/bin/tests/master/master9.data b/bin/tests/master/master9.data
new file mode 100644
index 0000000..e7bcf7e
--- /dev/null
+++ b/bin/tests/master/master9.data
@@ -0,0 +1,4 @@
+;
+; master5.data is bad
+;
+$include master5.data
diff --git a/bin/tests/master/t_master.c b/bin/tests/master/t_master.c
new file mode 100644
index 0000000..4693114
--- /dev/null
+++ b/bin/tests/master/t_master.c
@@ -0,0 +1,336 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_master.c,v 1.36 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/mem.h>
+#include <isc/string.h> /* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/callbacks.h>
+#include <dns/master.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+
+#include <tests/t_api.h>
+
+#define BUFLEN 255
+#define BIGBUFLEN (64 * 1024)
+
+static isc_result_t
+t1_add_callback(void *arg, dns_name_t *owner, dns_rdataset_t *dataset);
+
+isc_mem_t *T1_mctx;
+char *Tokens[T_MAXTOKS + 1];
+
+static isc_result_t
+t1_add_callback(void *arg, dns_name_t *owner, dns_rdataset_t *dataset) {
+ char buf[BIGBUFLEN];
+ isc_buffer_t target;
+ isc_result_t result;
+
+ UNUSED(arg);
+
+ isc_buffer_init(&target, buf, BIGBUFLEN);
+ result = dns_rdataset_totext(dataset, owner, ISC_FALSE, ISC_FALSE,
+ &target);
+ if (result != ISC_R_SUCCESS)
+ t_info("dns_rdataset_totext: %s\n", dns_result_totext(result));
+
+ return(result);
+}
+
+static int
+test_master(char *testfile, char *origin, char *class, isc_result_t exp_result)
+{
+ int result;
+ int len;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ dns_name_t dns_origin;
+ isc_buffer_t source;
+ isc_buffer_t target;
+ unsigned char name_buf[BUFLEN];
+ dns_rdatacallbacks_t callbacks;
+ dns_rdataclass_t rdataclass;
+ isc_textregion_t textregion;
+
+ result = T_UNRESOLVED;
+ if (T1_mctx == NULL)
+ isc_result = isc_mem_create(0, 0, &T1_mctx);
+ else
+ isc_result = ISC_R_SUCCESS;
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ len = strlen(origin);
+ isc_buffer_init(&source, origin, len);
+ isc_buffer_add(&source, len);
+ isc_buffer_setactive(&source, len);
+ isc_buffer_init(&target, name_buf, BUFLEN);
+ dns_name_init(&dns_origin, NULL);
+ dns_result = dns_name_fromtext(&dns_origin, &source, dns_rootname,
+ ISC_FALSE, &target);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ dns_rdatacallbacks_init_stdio(&callbacks);
+ callbacks.add = t1_add_callback;
+
+ textregion.base = class;
+ textregion.length = strlen(class);
+
+ dns_result = dns_rdataclass_fromtext(&rdataclass, &textregion);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rdataclass_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(T_UNRESOLVED);
+ }
+
+ dns_result = dns_master_loadfile( testfile,
+ &dns_origin,
+ &dns_origin,
+ rdataclass,
+ ISC_TRUE,
+ &callbacks,
+ T1_mctx);
+
+ if (dns_result == exp_result)
+ result = T_PASS;
+ else {
+ t_info("dns_master_loadfile: got %s, expected %s\n",
+ dns_result_totext(dns_result),
+ dns_result_totext(exp_result));
+ result = T_FAIL;
+ }
+ return(result);
+}
+
+static int
+test_master_x(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+
+ result = T_UNRESOLVED;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace(*p & 0xff)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ /*
+ * Name of data file, origin, zclass, expected result.
+ */
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 4) {
+ result = test_master(Tokens[0], Tokens[1],
+ Tokens[2],
+ t_dns_result_fromtext(Tokens[3]));
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ }
+ return(result);
+}
+
+static const char *a1 = "dns_master_loadfile loads a valid master file and "
+ "returns ISC_R_SUCCESS";
+static void
+t1(void) {
+ int result;
+ t_assert("dns_master_loadfile", 1, T_REQUIRED, a1);
+ result = test_master_x("dns_master_load_1_data");
+ t_result(result);
+}
+
+static const char *a2 =
+ "dns_master_loadfile returns ISC_R_UNEXPECTEDEND when the "
+ "masterfile input ends unexpectedly";
+
+static void
+t2(void) {
+ int result;
+ t_assert("dns_master_loadfile", 2, T_REQUIRED, a2);
+ result = test_master_x("dns_master_load_2_data");
+ t_result(result);
+}
+
+static const char *a3 = "dns_master_loadfile returns DNS_R_NOOWNER when the "
+ "an ownername is not specified";
+
+static void
+t3() {
+ int result;
+ t_assert("dns_master_loadfile", 3, T_REQUIRED, a3);
+ result = test_master_x("dns_master_load_3_data");
+ t_result(result);
+}
+
+static const char *a4 = "dns_master_loadfile accepts broken zone files "
+ "where the first record has an undefined TTL, "
+ "as long as it is a SOA";
+
+static void
+t4() {
+ int result;
+ t_assert("dns_master_loadfile", 4, T_REQUIRED, a4);
+ result = test_master_x("dns_master_load_4_data");
+ t_result(result);
+}
+
+static const char *a5 = "dns_master_loadfile returns DNS_R_BADCLASS when the "
+ "the record class did not match the zone class";
+
+static void
+t5() {
+ int result;
+
+ t_assert("dns_master_loadfile", 5, T_REQUIRED, a5);
+ result = test_master_x("dns_master_load_5_data");
+
+ t_result(result);
+}
+
+static const char *a6 =
+ "dns_master_loadfile understands DNSKEY RR specifications "
+ "containing key material";
+
+static void
+t6() {
+ int result;
+
+ t_assert("dns_master_loadfile", 6, T_REQUIRED, a6);
+ result = test_master_x("dns_master_load_6_data");
+
+ t_result(result);
+}
+
+static const char *a7 =
+ "dns_master_loadfile understands DNSKEY RR specifications "
+ "containing no key material";
+
+static void
+t7() {
+ int result;
+
+ t_assert("dns_master_loadfile", 7, T_REQUIRED, a7);
+ result = test_master_x("dns_master_load_7_data");
+
+ t_result(result);
+}
+
+static const char *a8 =
+ "dns_master_loadfile understands $INCLUDE";
+
+static void
+t8() {
+ int result;
+
+ t_assert("dns_master_loadfile", 8, T_REQUIRED, a8);
+ result = test_master_x("dns_master_load_8_data");
+
+ t_result(result);
+}
+
+static const char *a9 =
+ "dns_master_loadfile understands $INCLUDE with failure";
+
+static void
+t9() {
+ int result;
+
+ t_assert("dns_master_loadfile", 9, T_REQUIRED, a9);
+ result = test_master_x("dns_master_load_9_data");
+
+ t_result(result);
+}
+
+static const char *a10 =
+ "dns_master_loadfile non-empty blank lines";
+
+static void
+t10() {
+ int result;
+
+ t_assert("dns_master_loadfile", 10, T_REQUIRED, a10);
+ result = test_master_x("dns_master_load_10_data");
+
+ t_result(result);
+}
+
+static const char *a11 =
+ "dns_master_loadfile allow leading zeros in SOA";
+
+static void
+t11() {
+ int result;
+
+ t_assert("dns_master_loadfile", 11, T_REQUIRED, a11);
+ result = test_master_x("dns_master_load_11_data");
+
+ t_result(result);
+}
+
+
+testspec_t T_testlist[] = {
+ { t1, "ISC_R_SUCCESS" },
+ { t2, "ISC_R_UNEXPECTEDEND" },
+ { t3, "DNS_NOOWNER" },
+ { t4, "DNS_NOTTL" },
+ { t5, "DNS_BADCLASS" },
+ { t6, "DNSKEY RR 1" },
+ { t7, "DNSKEY RR 2" },
+ { t8, "$INCLUDE" },
+ { t9, "$INCLUDE w/ DNS_BADCLASS" },
+ { t10, "non empty blank lines" },
+ { t11, "leading zeros in serial" },
+ { NULL, NULL }
+};
+
diff --git a/bin/tests/master_test.c b/bin/tests/master_test.c
new file mode 100644
index 0000000..f77c8f6
--- /dev/null
+++ b/bin/tests/master_test.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: master_test.c,v 1.30 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/buffer.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/callbacks.h>
+#include <dns/master.h>
+#include <dns/name.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+
+isc_mem_t *mctx;
+
+static isc_result_t
+print_dataset(void *arg, dns_name_t *owner, dns_rdataset_t *dataset) {
+ char buf[64*1024];
+ isc_buffer_t target;
+ isc_result_t result;
+
+ UNUSED(arg);
+
+ isc_buffer_init(&target, buf, 64*1024);
+ result = dns_rdataset_totext(dataset, owner, ISC_FALSE, ISC_FALSE,
+ &target);
+ if (result == ISC_R_SUCCESS)
+ fprintf(stdout, "%.*s\n", (int)target.used,
+ (char*)target.base);
+ else
+ fprintf(stdout, "dns_rdataset_totext: %s\n",
+ dns_result_totext(result));
+
+ return (ISC_R_SUCCESS);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_result_t result;
+ dns_name_t origin;
+ isc_buffer_t source;
+ isc_buffer_t target;
+ unsigned char name_buf[255];
+ dns_rdatacallbacks_t callbacks;
+
+ UNUSED(argc);
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ if (argv[1]) {
+ isc_buffer_init(&source, argv[1], strlen(argv[1]));
+ isc_buffer_add(&source, strlen(argv[1]));
+ isc_buffer_setactive(&source, strlen(argv[1]));
+ isc_buffer_init(&target, name_buf, 255);
+ dns_name_init(&origin, NULL);
+ result = dns_name_fromtext(&origin, &source, dns_rootname,
+ ISC_FALSE, &target);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout, "dns_name_fromtext: %s\n",
+ dns_result_totext(result));
+ exit(1);
+ }
+
+ dns_rdatacallbacks_init_stdio(&callbacks);
+ callbacks.add = print_dataset;
+
+ result = dns_master_loadfile(argv[1], &origin, &origin,
+ dns_rdataclass_in, 0,
+ &callbacks, mctx);
+ fprintf(stdout, "dns_master_loadfile: %s\n",
+ dns_result_totext(result));
+ }
+ return (0);
+}
diff --git a/bin/tests/mem/Makefile.in b/bin/tests/mem/Makefile.in
new file mode 100644
index 0000000..135a8e3
--- /dev/null
+++ b/bin/tests/mem/Makefile.in
@@ -0,0 +1,55 @@
+# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.34 2007/06/19 23:47:00 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCLIBS = ../../../lib/isc/libisc.@A@
+TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
+
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+TAPILIBS = ../../../lib/tests/libt_api.@A@
+
+DEPLIBS = ${TAPIDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${TAPILIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = t_mem@EXEEXT@
+
+SRCS = t_mem.c
+
+@BIND9_MAKE_RULES@
+
+t_mem@EXEEXT@: t_mem.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_mem.@O@ ${LIBS}
+
+test: t_mem@EXEEXT@
+ -@./t_mem@EXEEXT@ -b @srcdir@ -q 450 -a
+
+testhelp:
+ @./t_mem@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/mem/t_mem.c b/bin/tests/mem/t_mem.c
new file mode 100644
index 0000000..7313637
--- /dev/null
+++ b/bin/tests/mem/t_mem.c
@@ -0,0 +1,208 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_mem.c,v 1.13 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <isc/mem.h>
+
+#include <tests/t_api.h>
+
+/*
+ * Adapted from the original mempool_test.c program.
+ */
+isc_mem_t *mctx;
+
+#define MP1_FREEMAX 10
+#define MP1_FILLCNT 10
+#define MP1_MAXALLOC 30
+
+#define MP2_FREEMAX 25
+#define MP2_FILLCNT 25
+
+static int
+memtest(void) {
+ int nfails;
+ void *items1[50];
+ void *items2[50];
+ void *tmp;
+ isc_mempool_t *mp1, *mp2;
+ isc_result_t isc_result;
+ unsigned int i, j;
+ int rval;
+
+
+ nfails = 0;
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ ++nfails;
+ return(nfails);
+ }
+
+ mp1 = NULL;
+ isc_result = isc_mempool_create(mctx, 24, &mp1);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mempool_create failed %s\n",
+ isc_result_totext(isc_result));
+ ++nfails;
+ return(nfails);
+ }
+
+ mp2 = NULL;
+ isc_result = isc_mempool_create(mctx, 31, &mp2);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mempool_create failed %s\n",
+ isc_result_totext(isc_result));
+ ++nfails;
+ return(nfails);
+ }
+
+ if (T_debug)
+ isc_mem_stats(mctx, stderr);
+
+ t_info("setting freemax to %d\n", MP1_FREEMAX);
+ isc_mempool_setfreemax(mp1, MP1_FREEMAX);
+ t_info("setting fillcount to %d\n", MP1_FILLCNT);
+ isc_mempool_setfillcount(mp1, MP1_FILLCNT);
+ t_info("setting maxalloc to %d\n", MP1_MAXALLOC);
+ isc_mempool_setmaxalloc(mp1, MP1_MAXALLOC);
+
+ /*
+ * Allocate MP1_MAXALLOC items from the pool. This is our max.
+ */
+ for (i = 0; i < MP1_MAXALLOC; i++) {
+ items1[i] = isc_mempool_get(mp1);
+ if (items1[i] == NULL) {
+ t_info("isc_mempool_get unexpectedly failed\n");
+ ++nfails;
+ }
+ }
+
+ /*
+ * Try to allocate one more. This should fail.
+ */
+ tmp = isc_mempool_get(mp1);
+ if (tmp != NULL) {
+ t_info("isc_mempool_get unexpectedly succeeded\n");
+ ++nfails;
+ }
+
+ /*
+ * Free the first 11 items. Verify that there are 10 free items on
+ * the free list (which is our max).
+ */
+
+ for (i = 0; i < 11; i++) {
+ isc_mempool_put(mp1, items1[i]);
+ items1[i] = NULL;
+ }
+
+ rval = isc_mempool_getfreecount(mp1);
+ if (rval != 10) {
+ t_info("isc_mempool_getfreecount returned %d, expected %d\n",
+ rval, MP1_FREEMAX);
+ ++nfails;
+ }
+
+ rval = isc_mempool_getallocated(mp1);
+ if (rval != 19) {
+ t_info("isc_mempool_getallocated returned %d, expected %d\n",
+ rval, MP1_MAXALLOC - 11);
+ ++nfails;
+ }
+
+ if (T_debug)
+ isc_mem_stats(mctx, stderr);
+
+ /*
+ * Now, beat up on mp2 for a while. Allocate 50 items, then free
+ * them, then allocate 50 more, etc.
+ */
+
+ t_info("setting freemax to %d\n", MP2_FREEMAX);
+ isc_mempool_setfreemax(mp2, 25);
+ t_info("setting fillcount to %d\n", MP2_FILLCNT);
+ isc_mempool_setfillcount(mp2, 25);
+
+ t_info("exercising the memory pool\n");
+ for (j = 0; j < 500000; j++) {
+ for (i = 0; i < 50; i++) {
+ items2[i] = isc_mempool_get(mp2);
+ if (items2[i] == NULL) {
+ t_info("items2[%d] is unexpectedly null\n", i);
+ ++nfails;
+ }
+ }
+ for (i = 0; i < 50; i++) {
+ isc_mempool_put(mp2, items2[i]);
+ items2[i] = NULL;
+ }
+ if (j % 50000 == 0)
+ t_info("...\n");
+ }
+
+ /*
+ * Free all the other items and blow away this pool.
+ */
+ for (i = 11; i < MP1_MAXALLOC; i++) {
+ isc_mempool_put(mp1, items1[i]);
+ items1[i] = NULL;
+ }
+
+ isc_mempool_destroy(&mp1);
+
+ if (T_debug)
+ isc_mem_stats(mctx, stderr);
+
+ isc_mempool_destroy(&mp2);
+
+ if (T_debug)
+ isc_mem_stats(mctx, stderr);
+
+ isc_mem_destroy(&mctx);
+
+ return(0);
+}
+
+static const char *a1 =
+ "the memory module supports the creation of memory contexts "
+ "and the management of memory pools.";
+static void
+t1(void) {
+ int rval;
+ int result;
+
+ t_assert("mem", 1, T_REQUIRED, a1);
+
+ rval = memtest();
+
+ if (rval == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ t_result(result);
+}
+
+testspec_t T_testlist[] = {
+ { t1, "basic memory subsystem" },
+ { NULL, NULL }
+};
+
diff --git a/bin/tests/mempool_test.c b/bin/tests/mempool_test.c
new file mode 100644
index 0000000..9423b3a
--- /dev/null
+++ b/bin/tests/mempool_test.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: mempool_test.c,v 1.17 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <isc/mem.h>
+#include <isc/util.h>
+
+isc_mem_t *mctx;
+
+int
+main(int argc, char *argv[]) {
+ void *items1[50];
+ void *items2[50];
+ void *tmp;
+ isc_mempool_t *mp1, *mp2;
+ unsigned int i, j;
+ isc_mutex_t lock;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ RUNTIME_CHECK(isc_mutex_init(&lock) == ISC_R_SUCCESS);
+
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ mp1 = NULL;
+ RUNTIME_CHECK(isc_mempool_create(mctx, 24, &mp1) == ISC_R_SUCCESS);
+
+ mp2 = NULL;
+ RUNTIME_CHECK(isc_mempool_create(mctx, 31, &mp2) == ISC_R_SUCCESS);
+
+ isc_mempool_associatelock(mp1, &lock);
+ isc_mempool_associatelock(mp2, &lock);
+
+ isc_mem_stats(mctx, stderr);
+
+ isc_mempool_setfreemax(mp1, 10);
+ isc_mempool_setfillcount(mp1, 10);
+ isc_mempool_setmaxalloc(mp1, 30);
+
+ /*
+ * Allocate 30 items from the pool. This is our max.
+ */
+ for (i = 0; i < 30; i++) {
+ items1[i] = isc_mempool_get(mp1);
+ RUNTIME_CHECK(items1[i] != NULL);
+ }
+
+ /*
+ * Try to allocate one more. This should fail.
+ */
+ tmp = isc_mempool_get(mp1);
+ RUNTIME_CHECK(tmp == NULL);
+
+ /*
+ * Free the first 11 items. Verify that there are 10 free items on
+ * the free list (which is our max).
+ */
+
+ for (i = 0; i < 11; i++) {
+ isc_mempool_put(mp1, items1[i]);
+ items1[i] = NULL;
+ }
+
+ RUNTIME_CHECK(isc_mempool_getfreecount(mp1) == 10);
+ RUNTIME_CHECK(isc_mempool_getallocated(mp1) == 19);
+
+ isc_mem_stats(mctx, stderr);
+
+ /*
+ * Now, beat up on mp2 for a while. Allocate 50 items, then free
+ * them, then allocate 50 more, etc.
+ */
+ isc_mempool_setfreemax(mp2, 25);
+ isc_mempool_setfillcount(mp2, 25);
+ for (j = 0; j < 5000; j++) {
+ for (i = 0; i < 50; i++) {
+ items2[i] = isc_mempool_get(mp2);
+ RUNTIME_CHECK(items2[i] != NULL);
+ }
+ for (i = 0; i < 50; i++) {
+ isc_mempool_put(mp2, items2[i]);
+ items2[i] = NULL;
+ }
+ }
+
+ /*
+ * Free all the other items and blow away this pool.
+ */
+ for (i = 11; i < 30; i++) {
+ isc_mempool_put(mp1, items1[i]);
+ items1[i] = NULL;
+ }
+
+ isc_mempool_destroy(&mp1);
+
+ isc_mem_stats(mctx, stderr);
+
+ isc_mempool_destroy(&mp2);
+
+ isc_mem_stats(mctx, stderr);
+
+ isc_mem_destroy(&mctx);
+
+ DESTROYLOCK(&lock);
+
+ return (0);
+}
diff --git a/bin/tests/name_test.c b/bin/tests/name_test.c
new file mode 100644
index 0000000..799115f
--- /dev/null
+++ b/bin/tests/name_test.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: name_test.c,v 1.41 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/commandline.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/fixedname.h>
+#include <dns/result.h>
+
+static void
+print_wirename(isc_region_t *name) {
+ unsigned char *ccurr, *cend;
+
+ if (name->length == 0) {
+ printf("<empty wire name>\n");
+ return;
+ }
+ ccurr = name->base;
+ cend = ccurr + name->length;
+ while (ccurr != cend)
+ printf("%02x ", *ccurr++);
+ printf("\n");
+}
+
+static void
+print_name(dns_name_t *name) {
+ isc_result_t result;
+ isc_buffer_t source;
+ isc_region_t r;
+ char s[1000];
+
+ isc_buffer_init(&source, s, sizeof(s));
+ if (dns_name_countlabels(name) > 0)
+ result = dns_name_totext(name, ISC_FALSE, &source);
+ else
+ result = ISC_R_SUCCESS;
+ if (result == ISC_R_SUCCESS) {
+ isc_buffer_usedregion(&source, &r);
+ if (r.length > 0)
+ printf("%.*s\n", (int)r.length, r.base);
+ else
+ printf("<empty text name>\n");
+ } else
+ printf("error: %s\n", dns_result_totext(result));
+}
+
+int
+main(int argc, char *argv[]) {
+ char s[1000];
+ isc_result_t result;
+ dns_fixedname_t wname, wname2, oname, compname, downname;
+ isc_buffer_t source;
+ isc_region_t r;
+ dns_name_t *name, *origin, *comp, *down;
+ isc_boolean_t downcase = ISC_FALSE;
+ size_t len;
+ isc_boolean_t quiet = ISC_FALSE;
+ isc_boolean_t concatenate = ISC_FALSE;
+ isc_boolean_t got_name = ISC_FALSE;
+ isc_boolean_t check_absolute = ISC_FALSE;
+ isc_boolean_t check_wildcard = ISC_FALSE;
+ isc_boolean_t test_downcase = ISC_FALSE;
+ isc_boolean_t inplace = ISC_FALSE;
+ isc_boolean_t want_split = ISC_FALSE;
+ unsigned int labels, split_label = 0;
+ dns_fixedname_t fprefix, fsuffix;
+ dns_name_t *prefix, *suffix;
+ int ch;
+
+ while ((ch = isc_commandline_parse(argc, argv, "acdiqs:w")) != -1) {
+ switch (ch) {
+ case 'a':
+ check_absolute = ISC_TRUE;
+ break;
+ case 'c':
+ concatenate = ISC_TRUE;
+ break;
+ case 'd':
+ test_downcase = ISC_TRUE;
+ break;
+ case 'i':
+ inplace = ISC_TRUE;
+ break;
+ case 'q':
+ quiet = ISC_TRUE;
+ break;
+ case 's':
+ want_split = ISC_TRUE;
+ split_label = atoi(isc_commandline_argument);
+ break;
+ case 'w':
+ check_wildcard = ISC_TRUE;
+ break;
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 0) {
+ if (strcasecmp("none", argv[0]) == 0)
+ origin = NULL;
+ else {
+ len = strlen(argv[0]);
+ isc_buffer_init(&source, argv[0], len);
+ isc_buffer_add(&source, len);
+ dns_fixedname_init(&oname);
+ origin = &oname.name;
+ result = dns_name_fromtext(origin, &source,
+ dns_rootname, ISC_FALSE,
+ NULL);
+ if (result != 0) {
+ fprintf(stderr,
+ "dns_name_fromtext() failed: %d\n",
+ result);
+ exit(1);
+ }
+ }
+ } else if (concatenate)
+ origin = NULL;
+ else
+ origin = dns_rootname;
+
+ if (argc >= 1) {
+ if (strcasecmp("none", argv[1]) == 0)
+ comp = NULL;
+ else {
+ len = strlen(argv[1]);
+ isc_buffer_init(&source, argv[1], len);
+ isc_buffer_add(&source, len);
+ dns_fixedname_init(&compname);
+ comp = &compname.name;
+ result = dns_name_fromtext(comp, &source,
+ origin, ISC_FALSE, NULL);
+ if (result != 0) {
+ fprintf(stderr,
+ "dns_name_fromtext() failed: %d\n",
+ result);
+ exit(1);
+ }
+ }
+ } else
+ comp = NULL;
+
+ dns_fixedname_init(&wname);
+ name = dns_fixedname_name(&wname);
+ dns_fixedname_init(&wname2);
+ while (fgets(s, sizeof(s), stdin) != NULL) {
+ len = strlen(s);
+ if (len > 0U && s[len - 1] == '\n') {
+ s[len - 1] = '\0';
+ len--;
+ }
+ isc_buffer_init(&source, s, len);
+ isc_buffer_add(&source, len);
+
+ if (len > 0U)
+ result = dns_name_fromtext(name, &source, origin,
+ downcase, NULL);
+ else {
+ if (name == dns_fixedname_name(&wname))
+ dns_fixedname_init(&wname);
+ else
+ dns_fixedname_init(&wname2);
+ result = ISC_R_SUCCESS;
+ }
+
+ if (result != ISC_R_SUCCESS) {
+ printf("%s\n", dns_result_totext(result));
+ if (name == dns_fixedname_name(&wname))
+ dns_fixedname_init(&wname);
+ else
+ dns_fixedname_init(&wname2);
+ continue;
+ }
+
+ if (check_absolute && dns_name_countlabels(name) > 0) {
+ if (dns_name_isabsolute(name))
+ printf("absolute\n");
+ else
+ printf("relative\n");
+ }
+ if (check_wildcard && dns_name_countlabels(name) > 0) {
+ if (dns_name_iswildcard(name))
+ printf("wildcard\n");
+ else
+ printf("not wildcard\n");
+ }
+ dns_name_toregion(name, &r);
+ if (!quiet) {
+ print_wirename(&r);
+ printf("%u labels, %u bytes.\n",
+ dns_name_countlabels(name), r.length);
+ }
+
+ if (concatenate) {
+ if (got_name) {
+ printf("Concatenating.\n");
+ result = dns_name_concatenate(&wname.name,
+ &wname2.name,
+ &wname2.name,
+ NULL);
+ name = &wname2.name;
+ if (result == ISC_R_SUCCESS) {
+ if (check_absolute &&
+ dns_name_countlabels(name) > 0) {
+ if (dns_name_isabsolute(name))
+ printf("absolute\n");
+ else
+ printf("relative\n");
+ }
+ if (check_wildcard &&
+ dns_name_countlabels(name) > 0) {
+ if (dns_name_iswildcard(name))
+ printf("wildcard\n");
+ else
+ printf("not "
+ "wildcard\n");
+ }
+ dns_name_toregion(name, &r);
+ if (!quiet) {
+ print_wirename(&r);
+ printf("%u labels, "
+ "%u bytes.\n",
+ dns_name_countlabels(name),
+ r.length);
+ }
+ } else
+ printf("%s\n",
+ dns_result_totext(result));
+ got_name = ISC_FALSE;
+ } else
+ got_name = ISC_TRUE;
+ }
+ isc_buffer_init(&source, s, sizeof(s));
+ if (dns_name_countlabels(name) > 0)
+ result = dns_name_totext(name, ISC_FALSE, &source);
+ else
+ result = ISC_R_SUCCESS;
+ if (result == ISC_R_SUCCESS) {
+ isc_buffer_usedregion(&source, &r);
+ if (r.length > 0)
+ printf("%.*s\n", (int)r.length, r.base);
+ else
+ printf("<empty text name>\n");
+ if (!quiet) {
+ printf("%u bytes.\n", source.used);
+ }
+ } else
+ printf("%s\n", dns_result_totext(result));
+
+ if (test_downcase) {
+ if (inplace) {
+ down = name;
+ } else {
+ dns_fixedname_init(&downname);
+ down = dns_fixedname_name(&downname);
+ }
+ result = dns_name_downcase(name, down, NULL);
+ INSIST(result == ISC_R_SUCCESS);
+ if (!quiet) {
+ dns_name_toregion(down, &r);
+ print_wirename(&r);
+ printf("%u labels, %u bytes.\n",
+ dns_name_countlabels(down),
+ r.length);
+ }
+ isc_buffer_init(&source, s, sizeof(s));
+ print_name(down);
+ }
+
+ if (comp != NULL && dns_name_countlabels(name) > 0) {
+ int order;
+ unsigned int nlabels;
+ dns_namereln_t namereln;
+
+ namereln = dns_name_fullcompare(name, comp, &order,
+ &nlabels);
+ if (!quiet) {
+ if (order < 0)
+ printf("<");
+ else if (order > 0)
+ printf(">");
+ else
+ printf("=");
+ switch (namereln) {
+ case dns_namereln_contains:
+ printf(", contains");
+ break;
+ case dns_namereln_subdomain:
+ printf(", subdomain");
+ break;
+ case dns_namereln_commonancestor:
+ printf(", common ancestor");
+ break;
+ default:
+ break;
+ }
+ if (namereln != dns_namereln_none &&
+ namereln != dns_namereln_equal)
+ printf(", nlabels = %u", nlabels);
+ printf("\n");
+ }
+ printf("dns_name_equal() returns %s\n",
+ dns_name_equal(name, comp) ? "TRUE" : "FALSE");
+ }
+
+ labels = dns_name_countlabels(name);
+ if (want_split && split_label < labels) {
+ dns_fixedname_init(&fprefix);
+ prefix = dns_fixedname_name(&fprefix);
+ dns_fixedname_init(&fsuffix);
+ suffix = dns_fixedname_name(&fsuffix);
+ printf("splitting at label %u: ", split_label);
+ dns_name_split(name, split_label, prefix, suffix);
+ printf("\n prefix = ");
+ print_name(prefix);
+ printf(" suffix = ");
+ print_name(suffix);
+ }
+
+ if (concatenate) {
+ if (got_name)
+ name = &wname2.name;
+ else
+ name = &wname.name;
+ }
+ }
+
+ return (0);
+}
diff --git a/bin/tests/named.conf b/bin/tests/named.conf
new file mode 100644
index 0000000..1f96981
--- /dev/null
+++ b/bin/tests/named.conf
@@ -0,0 +1,624 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.58 2007/06/19 23:46:59 tbox Exp $ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use. We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+# So are shell-style comments
+
+// watch out for ";" -- it's important!
+
+options {
+ additional-from-auth true;
+ additional-from-cache false;
+
+ version "my version string";
+ random-device "/dev/random";
+ directory "/tmp";
+
+ port 666;
+
+ sig-validity-interval 33;
+
+# Obsolete
+ named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+ dump-file "named_dump.db"; // _PATH_DUMPFILE
+ pid-file "/var/run/named.pid"; // _PATH_PIDFILE
+ statistics-file "named.stats"; // _PATH_STATS
+ memstatistics-file "named.memstats"; // _PATH_MEMSTATS
+
+ max-cache-ttl 999;
+ auth-nxdomain yes; // always set AA on NXDOMAIN.
+ // don't set this to 'no' unless
+ // you know what you're doing -- older
+ // servers won't like it.
+
+# Obsolete
+ deallocate-on-exit no;
+
+ dialup yes;
+
+# Obsolete
+ fake-iquery no;
+
+ fetch-glue yes;
+ has-old-clients yes;
+ host-statistics no;
+
+# Obsolete
+ multiple-cnames no; // if yes, then a name my have more
+ // than one CNAME RR. This use
+ // is non-standard and is not
+ // recommended, but it is available
+ // because previous releases supported
+ // it and it was used by large sites
+ // for load balancing.
+
+ notify yes; // send NOTIFY messages. You can set
+ // notify on a zone-by-zone
+ // basis in the "zone" statement
+ // see (below)
+ recursion yes;
+ rfc2308-type1 no;
+
+# Obsolete
+ use-id-pool yes;
+
+# Obsolete
+ treat-cr-as-space yes;
+
+ also-notify { 10.0.2.3; };
+
+ // The "forward" option is only meaningful if you've defined
+ // forwarders. "first" gives the normal BIND
+ // forwarding behavior, i.e. ask the forwarders first, and if that
+ // doesn't work then do the full lookup. You can also say
+ // "forward only;" which is what used to be specified with
+ // "slave" or "options forward-only". "only" will never attempt
+ // a full lookup; only the forwarders will be used.
+ forward first;
+ forwarders {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+
+ check-names master fail;
+ check-names slave warn;
+ check-names response ignore;
+
+ allow-query { any; };
+ allow-transfer { any; };
+ allow-recursion { !any; };
+ blackhole { 45/24; };
+
+ listen-on {
+ 10/24;
+ 10.0.0.3;
+ };
+
+ listen-on port 53 { any; };
+
+ listen-on { 5.6.7.8; };
+
+ listen-on port 1234 {
+ !1.2.3.4;
+ 1.2.3/24;
+ };
+
+ listen-on-v6 {
+ 1:1:1:1:1:1:1:1;
+ };
+
+ listen-on-v6 port 777 {
+ 2:2:2:2:2:2:2:2;
+ };
+
+ query-source-v6 address 8:7:6:5:4:3:2:1 port *;
+ query-source port * address 10.0.0.54 ;
+
+ lame-ttl 444;
+
+ max-transfer-time-in 300;
+ max-transfer-time-out 10;
+ max-transfer-idle-in 100;
+ max-transfer-idle-out 11;
+
+ max-retry-time 1234;
+ min-retry-time 1111;
+ max-refresh-time 888;
+ min-refresh-time 777;
+
+ max-ncache-ttl 333;
+ min-roots 15;
+ serial-queries 34;
+
+ transfer-format one-answer;
+
+ transfers-in 10;
+ transfers-per-ns 2;
+ transfers-out 0;
+
+ transfer-source 10.0.0.5;
+ transfer-source-v6 4:3:2:1:5:6:7:8;
+
+ request-ixfr yes;
+ provide-ixfr yes;
+
+# Now called 'provide-ixfr'
+# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR
+
+ max-ixfr-log-size 20m;
+ coresize 100;
+ datasize 101;
+ files 230;
+ max-cache-size 1m;
+ stacksize 231;
+ cleaning-interval 1000;
+ heartbeat-interval 1001;
+ interface-interval 1002;
+ statistics-interval 1003;
+
+ topology {
+ 10/8;
+
+ !1.2.3/24;
+
+ { 1.2/16; 3/8; };
+
+
+ };
+
+ sortlist { 10/8; 11/8; };
+
+ tkey-domain "foo.com";
+ tkey-dhkey "xyz" 666 ;
+
+ rrset-order {
+ class IN type A name "foo" order random;
+ order cyclic;
+ };
+};
+
+/*
+ * Control listeners, for "ndc". Every nameserver needs at least one.
+ */
+controls {
+ // 'inet' lines without a 'port' defaults to 'port 953'
+ // 'keys' must be used and the list must have at least one entry
+ inet * port 52 allow { any; } keys { "key2"; };
+ unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+ inet 10.0.0.1 allow { any; key foo; } keys { "key4";};
+ inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; };
+ inet 10.0.0.2 allow { none; };
+};
+
+zone "master.demo.zone" {
+ type master; // what used to be called "primary"
+ database "somedb -option1 -option2 arg1 arg2 arg3";
+ file "master.demo.zone";
+ check-names fail;
+ allow-update { none; };
+ allow-update-forwarding { 10.0.0.5; !any; };
+ allow-transfer { any; };
+ allow-query { any; };
+ sig-validity-interval 990;
+ notify explicit;
+ also-notify { 1.0.0.1; }; // don't notify any nameservers other
+ // than those on the NS list for this
+ // zone
+ forward first;
+ forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
+};
+
+zone "slave.demo.zone" {
+ type slave; // what used to be called "secondary"
+ file "slave.demo.zone";
+ ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file
+ masters {
+ 1.2.3.4 port 10 key "foo"; // where to zone transfer from
+ 5.6.7.8;
+ 6.7.8.9 key "zippo";
+ };
+ transfer-source 10.0.0.53; // fixes multihoming problems
+ check-names warn;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-update-forwarding { any; };
+ allow-query { any; };
+ max-transfer-time-in 120; // if not set, global option is used.
+ max-transfer-time-out 1; // if not set, global option is used.
+ max-transfer-idle-in 2; // if not set, global option is used.
+ max-transfer-idle-out 3; // if not set, global option is used.
+ also-notify { 1.0.0.2; };
+ forward only;
+ forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
+};
+
+key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; };
+
+view "test-view" in {
+ key "viewkey" { algorithm "xxx" ; secret "eXl5" ; };
+ also-notify { 10.2.2.3; };
+ trusted-keys {
+ foo.com. 4 3 2 "abdefghijklmnopqrstuvwxyz";
+ };
+ sig-validity-interval 45;
+ max-cache-size 100000;
+ allow-query { 10.0.0.30;};
+ additional-from-cache false;
+ additional-from-auth no;
+ match-clients { 10.0.0.1 ; };
+ check-names master warn;
+ check-names slave ignore;
+ check-names response fail;
+ auth-nxdomain false;
+ recursion true;
+ provide-ixfr false;
+ request-ixfr true;
+ fetch-glue true;
+ notify false;
+ rfc2308-type1 false;
+ transfer-source 10.0.0.55;
+ transfer-source-v6 4:3:8:1:5:6:7:8;
+ query-source port * address 10.0.0.54 ;
+ query-source-v6 address 6:6:6:6:6:6:6:6 port *;
+ max-transfer-time-out 45;
+ max-transfer-idle-out 55;
+ cleaning-interval 100;
+ min-roots 3;
+ lame-ttl 477;
+ max-ncache-ttl 333;
+ max-cache-ttl 777;
+ transfer-format many-answers;
+ max-retry-time 7;
+ min-retry-time 4;
+ max-refresh-time 999;
+ min-refresh-time 111;
+
+ zone "view-zone.com" {
+ type master;
+ allow-update-forwarding { 10.0.0.34;};
+ file "view-zone-master";
+ };
+
+ server 5.6.7.8 {
+ keys "viewkey";
+ };
+
+ server 10.9.8.7 {
+ keys "non-viewkey";
+ };
+ dialup yes;
+};
+
+
+zone "stub.demo.zone" {
+ type stub; // stub zones are like slave zones,
+ // except that only the NS records
+ // are transferred.
+ dialup yes;
+ file "stub.demo.zone";
+ masters {
+ 1.2.3.4 ; // where to zone transfer from
+ 5.6.7.8 port 999;
+ };
+ check-names warn;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-query { any; };
+
+ max-retry-time 10;
+ min-retry-time 11;
+ max-refresh-time 12;
+ min-refresh-time 13;
+
+ max-transfer-time-in 120; // if not set, global option is used.
+ pubkey 257 255 1 "a useless key";
+ pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+ type hint; // used to be specified w/ "cache"
+ file "cache.db";
+// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+trusted-keys {
+ "." 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+
+acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0
+ // is disallowed; rest are OK
+acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed
+ // by can_query are OK
+
+zone "disabled-zone.com" {
+ type master;
+ file "bar";
+
+ max-retry-time 100;
+ min-retry-time 110;
+ max-refresh-time 120;
+ min-refresh-time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+ type master;
+ file "foo";
+ allow-query { can_query; };
+ allow-transfer { can_axfr; };
+ allow-update {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+ pubkey 666 665 664 "key of the beast";
+ // Errors trapped by parser:
+ // identity or name not absolute
+ // 'wildcard' match type and no wildcard character in name
+ //
+ // issues:
+ // - certain rdatatype values (such as "key") are config file keywords and
+ // must be quoted or a syntax error will occur.
+ //
+
+ update-policy {
+ grant root.domain. subdomain host.domain. A MX CNAME;
+ grant sub.root.domain. wildcard *.host.domain. A;
+ grant root.domain. name host.domain. a ns md mf cname soa mb mg
+ mr "null" wks ptr hinfo minfo mx txt rp afsdb x25
+ isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+ cert a6 dname opt unspec tkey tsig ;
+ grant foo.bar.com. self foo.bar.com. a;
+ };
+};
+
+key sample_key { // for TSIG; supported by parser
+ algorithm hmac-md5; // but not yet implemented in the
+ secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+ algorithm hmac-md5;
+ secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+ request-ixfr no;
+ provide-ixfr no;
+ bogus no; // if yes, we won't query or listen
+ // to this server
+ transfer-format one-answer; // set transfer format for this
+ // server (see the description of
+ // 'transfer-format' above)
+ // if not specified, the global option
+ // will be used
+ transfers 0; // not implemented
+ keys { "sample_key" }; // for TSIG; supported by the parser
+ // but not yet implemented in the
+ // rest of the server
+# Now called 'request-ixfr'
+# support-ixfr yes; // for IXFR supported by server
+ // if yes, the listed server talks IXFR
+};
+
+logging {
+ /*
+ * All log output goes to one or more "channels"; you can make as
+ * many of them as you want.
+ */
+
+ channel syslog_errors { // this channel will send errors or
+ syslog user; // or worse to syslog (user facility)
+ severity error;
+ };
+
+ channel stderr_errors {
+ stderr;
+ };
+
+ /*
+ * Channels have a severity level. Messages at severity levels
+ * greater than or equal to the channel's level will be logged on
+ * the channel. In order of decreasing severity, the levels are:
+ *
+ * critical a fatal error
+ * error
+ * warning
+ * notice a normal, but significant event
+ * info an informational message
+ * debug 1 the least detailed debugging info
+ * ...
+ * debug 99 the most detailed debugging info
+ */
+
+ /*
+ * Here are the built-in channels:
+ *
+ * channel default_syslog {
+ * syslog daemon;
+ * severity info;
+ * };
+ *
+ * channel default_debug {
+ * file "named.run"; // note: stderr is used instead
+ * // of "named.run" if the server
+ * // is started with the "-f"
+ * // option.
+ * severity dynamic; // this means log debugging
+ * // at whatever debugging level
+ * // the server is at, and don't
+ * // log anything if not
+ * // debugging.
+ * };
+ *
+ * channel null { // this is the bit bucket;
+ * file "/dev/null"; // any logging to this channel
+ * // is discarded.
+ * };
+ *
+ * channel default_stderr { // writes to stderr
+ * file "<stderr>"; // this is illustrative only;
+ * // there's currently no way
+ * // of saying "stderr" in the
+ * // configuration language.
+ * // i.e. don't try this at home.
+ * severity info;
+ * };
+ *
+ * default_stderr only works before the server daemonizes (i.e.
+ * during initial startup) or when it is running in foreground
+ * mode (-f command line option).
+ */
+
+ /*
+ * There are many categories, so you can send the logs
+ * you want to see wherever you want, without seeing logs you
+ * don't want. Right now the categories are
+ *
+ * default the catch-all. many things still
+ * aren't classified into categories, and
+ * they all end up here. also, if you
+ * don't specify any channels for a
+ * category, the default category is used
+ * instead.
+ * config high-level configuration file
+ * processing
+ * parser low-level configuration file processing
+ * queries what used to be called "query logging"
+ * lame-servers messages like "Lame server on ..."
+ * statistics
+ * panic if the server has to shut itself
+ * down due to an internal problem, it
+ * logs the problem here (as well as
+ * in the problem's native category)
+ * update dynamic update
+ * ncache negative caching
+ * xfer-in zone transfers we're receiving
+ * xfer-out zone transfers we're sending
+ * db all database operations
+ * eventlib debugging info from the event system
+ * (see below)
+ * packet dumps of packets received and sent
+ * (see below)
+ * notify the NOTIFY protocol
+ * cname messages like "XX points to a CNAME"
+ * security approved/unapproved requests
+ * os operating system problems
+ * insist consistency check failures
+ * maintenance periodic maintenance
+ * load zone loading
+ * response-checks messages like
+ * "Malformed response ..."
+ * "wrong ans. name ..."
+ * "unrelated additional info ..."
+ * "invalid RR type ..."
+ * "bad referral ..."
+ */
+
+ category parser {
+ syslog_errors; // you can log to as many channels
+ default_syslog; // as you want
+ };
+
+ category lame-servers { null; }; // don't log these at all
+
+ channel moderate_debug {
+ file "foo"; // foo
+ severity debug 3; // level 3 debugging to file
+ print-time yes; // timestamp log entries
+ print-category yes; // print category name
+ print-severity yes; // print severity level
+ /*
+ * Note that debugging must have been turned on either
+ * on the command line or with a signal to get debugging
+ * output (non-debugging output will still be written to
+ * this channel).
+ */
+ };
+
+ channel another {
+ file "bar" versions 99 size 10M;
+ severity info;
+ };
+
+ channel third {
+ file "bar" size 100000 versions unlimited;
+ severity debug; // use default debug level
+ };
+
+ /*
+ * If you don't want to see "zone XXXX loaded" messages but do
+ * want to see any problems, you could do the following.
+ */
+ channel no_info_messages {
+ syslog;
+ severity notice;
+ };
+
+ category load { no_info_messages; };
+
+ /*
+ * You can also define category "default"; it gets used when no
+ * "category" statement has been given for a category.
+ */
+ category default {
+ default_syslog;
+ moderate_debug;
+ };
+
+ /*
+ * If you don't define category default yourself, the default
+ * default category will be used. It is
+ *
+ * category default { default_syslog; default_debug; };
+ */
+
+ /*
+ * If you don't define category panic yourself, the default
+ * panic category will be used. It is
+ *
+ * category panic { default_syslog; default_stderr; };
+ */
+
+ /*
+ * Two categories, 'packet' and 'eventlib', are special. Only one
+ * channel may be assigned to each of them, and it must be a
+ * file channel. If you don't define them yourself, they default to
+ *
+ * category eventlib { default_debug; };
+ *
+ * category packet { default_debug; };
+ */
+};
+
+#include "filename"; // can't do within a statement
+
diff --git a/bin/tests/names/Makefile.in b/bin/tests/names/Makefile.in
new file mode 100644
index 0000000..31b12fe
--- /dev/null
+++ b/bin/tests/names/Makefile.in
@@ -0,0 +1,58 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.28 2007/06/19 23:47:00 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+# Note that we do not want to use libtool for libt_api
+DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TLIB = ../../../lib/tests/libt_api.@A@
+
+TARGETS = t_names@EXEEXT@
+
+SRCS = t_names.c
+
+@BIND9_MAKE_RULES@
+
+t_names@EXEEXT@: t_names.@O@ ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_names.@O@ ${TLIB} ${LIBS}
+
+test: t_names@EXEEXT@
+ -@./t_names@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -a
+
+testhelp:
+ @./t_names@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/names/dns_name_compare_data b/bin/tests/names/dns_name_compare_data
new file mode 100644
index 0000000..0467fcf
--- /dev/null
+++ b/bin/tests/names/dns_name_compare_data
@@ -0,0 +1,11 @@
+#
+# test data for dns_name_compare
+# format:
+# <name1> <tab> <name2> <tab> <exp_order>
+# where: exp_order may be one of: -1, 0, 1
+#
+# and where: exp_nlabels and exp_nbits are not tested if < 0
+#
+c.d a.b.c.d -1
+a.b.c.d c.d 1
+a.b.c a.b.c 0
diff --git a/bin/tests/names/dns_name_countlabels_data b/bin/tests/names/dns_name_countlabels_data
new file mode 100644
index 0000000..f11c387
--- /dev/null
+++ b/bin/tests/names/dns_name_countlabels_data
@@ -0,0 +1,10 @@
+#
+# test data for dns_name_countlabels
+# format:
+# <name> <tab> <nlabels>
+#
+c.d 2
+c.d. 3
+a.b.c.d 4
+a.b.c 3
+. 1
diff --git a/bin/tests/names/dns_name_fromregion_data b/bin/tests/names/dns_name_fromregion_data
new file mode 100644
index 0000000..32b4220
--- /dev/null
+++ b/bin/tests/names/dns_name_fromregion_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_name_fromregion
+# format:
+# <test_name>
+# where: exp_order may be one of: -1, 0, 1
+#
+# and where: exp_nlabels and exp_nbits are not tested if < 0
+#
+a.b.c.d.
+a.b.c.d.[A].[aaa.
+Ba\x\aa.b.c\[\[o\\.Z
+Ba\x\aa.b.c\[\[o\\\..\.Z
diff --git a/bin/tests/names/dns_name_fromtext_data b/bin/tests/names/dns_name_fromtext_data
new file mode 100644
index 0000000..16554a5
--- /dev/null
+++ b/bin/tests/names/dns_name_fromtext_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_name_fromtext
+# format:
+# <name1> <tab> <name2> <tab> <origin> <tab> <downcase>
+#
+a.b a.b.c.d C.d 1
+a.b a.b.c.d C.d 1
+a.b a.b.C.d C.d 0
+a.b. a.b. C.d 0
diff --git a/bin/tests/names/dns_name_fromwire_1_data b/bin/tests/names/dns_name_fromwire_1_data
new file mode 100644
index 0000000..b7ae69b
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_1_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_1
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test1.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_SUCCESS
diff --git a/bin/tests/names/dns_name_fromwire_2_data b/bin/tests/names/dns_name_fromwire_2_data
new file mode 100644
index 0000000..90dfec4
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_2_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_2
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test2.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_NOSPACE
diff --git a/bin/tests/names/dns_name_fromwire_3_data b/bin/tests/names/dns_name_fromwire_3_data
new file mode 100644
index 0000000..f4253b4
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_3_data
@@ -0,0 +1,31 @@
+#
+# test data for dns_name_fromwire_3
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test3_1.data 25 1 DNS_COMPRESS_ALL vix.com. DNS_R_BADLABELTYPE
+wire_test3_2.data 25 1 DNS_COMPRESS_ALL vix.com. DNS_R_BADLABELTYPE
diff --git a/bin/tests/names/dns_name_fromwire_4_data b/bin/tests/names/dns_name_fromwire_4_data
new file mode 100644
index 0000000..b76b326
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_4_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_4
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test4.data 550 1 DNS_COMPRESS_ALL vix.com. DNS_R_NAMETOOLONG
diff --git a/bin/tests/names/dns_name_fromwire_5_data b/bin/tests/names/dns_name_fromwire_5_data
new file mode 100644
index 0000000..1a4221b
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_5_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_5
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test5.data 25 1 DNS_COMPRESS_NONE vix.com. DNS_R_DISALLOWED
diff --git a/bin/tests/names/dns_name_fromwire_6_data b/bin/tests/names/dns_name_fromwire_6_data
new file mode 100644
index 0000000..e4460ce
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_6_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_6
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test6.data 25 1 DNS_COMPRESS_ALL vix.com. DNS_R_BADPOINTER
diff --git a/bin/tests/names/dns_name_fromwire_7_data b/bin/tests/names/dns_name_fromwire_7_data
new file mode 100644
index 0000000..5828bfc
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_7_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_7
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test7.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_UNEXPECTEDEND
diff --git a/bin/tests/names/dns_name_fromwire_8_data b/bin/tests/names/dns_name_fromwire_8_data
new file mode 100644
index 0000000..9ddd3f3
--- /dev/null
+++ b/bin/tests/names/dns_name_fromwire_8_data
@@ -0,0 +1,30 @@
+#
+# test data for dns_name_fromwire_9
+# format:
+# <msgfile> <testname_offset> <downcase>
+# <dc_method> <exp_name> <exp_result>
+#
+# where msgfile contains a DNS message in hex form
+#
+# and where testname_offset is the byte offset in this message of
+# the start of a name
+#
+# and where downcase is 1 or 0
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_name is the expected name after any decompression
+# or case conversion
+#
+# and where exp_result may be one of
+# ISC_R_NOSPACE
+# DNS_R_BADLABELTYPE
+# DNS_R_DISALLOWED
+# DNS_R_BADPOINTER
+# ISC_R_UNEXPECTEDEND
+# DNS_R_TOOMANYHOPS
+#
+wire_test8.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_NOSPACE
diff --git a/bin/tests/names/dns_name_fullcompare_data b/bin/tests/names/dns_name_fullcompare_data
new file mode 100644
index 0000000..f40e7e6
--- /dev/null
+++ b/bin/tests/names/dns_name_fullcompare_data
@@ -0,0 +1,10 @@
+#
+# test data for dns_name_fullcompare
+# format:
+# <name1> <tab> <name2> <tab> <exp_reln> <tab> <exp_order> <tab> <exp_nlabels> <tab> <exp_nbits>
+# where: exp_reln may be one of:
+# none, equal, contains, subdomain, commonancestor
+# and where: exp_nlabels and exp_nbits are not tested if < 0
+#
+c.d a.b.c.d contains -1 2 0
+a.b.c.d c.d subdomain 1 2 0
diff --git a/bin/tests/names/dns_name_getlabel_data b/bin/tests/names/dns_name_getlabel_data
new file mode 100644
index 0000000..d8dc880
--- /dev/null
+++ b/bin/tests/names/dns_name_getlabel_data
@@ -0,0 +1,10 @@
+#
+# test data for dns_name_compare
+# format:
+# <name1> <tab> <label1_pos> <tab> <name2> <tab> <label2_pos>
+# where: label1_pos and label2_pos identify the label position of
+# the common label shared by name1 and name2 respectively
+#
+c.d 1 a.b.c.d 3
+a.b.c.d 3 c.d 1
+a.b.c. 3 a.b.c. 3
diff --git a/bin/tests/names/dns_name_getlabelsequence_data b/bin/tests/names/dns_name_getlabelsequence_data
new file mode 100644
index 0000000..339604a
--- /dev/null
+++ b/bin/tests/names/dns_name_getlabelsequence_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_name_getlabelsequence
+# format:
+# <name1> <tab> <label1_start> <tab> <name2> <tab> <label2_start> <tab> <extent>
+#
+#
+c.d 1 a.b.c.d 3 1
+a.b.c.d.e 2 c.d 0 2
+a.b.c 0 a.b.c 0 3
diff --git a/bin/tests/names/dns_name_hash_data b/bin/tests/names/dns_name_hash_data
new file mode 100644
index 0000000..093ba45
--- /dev/null
+++ b/bin/tests/names/dns_name_hash_data
@@ -0,0 +1,12 @@
+#
+# test data for dns_name_hash
+# format:
+# <testname1> <tab> <testname2> <tab> <cshm> <tab> <cishm>
+# where:
+# cshm is 0 if a case sensitive hash of testname1 should match a
+# case sensitive hash of testname2, otherwise cshm != 0
+# and:
+# cishm is 0 if a case insensitive hash of testname1 should match a
+# case insensitive hash of testname2, otherwise cishm != 0
+#
+a.b.c.d a.b.c.d. 0 0
diff --git a/bin/tests/names/dns_name_isabsolute_data b/bin/tests/names/dns_name_isabsolute_data
new file mode 100644
index 0000000..a17c9b8
--- /dev/null
+++ b/bin/tests/names/dns_name_isabsolute_data
@@ -0,0 +1,8 @@
+#
+# test data for dns_name_isabsolute
+# format is:
+# <testname> <tab> <expected value>
+#
+x. 1
+a.b.c.d 0
+x.z. 1
diff --git a/bin/tests/names/dns_name_issubdomain_data b/bin/tests/names/dns_name_issubdomain_data
new file mode 100644
index 0000000..102b072
--- /dev/null
+++ b/bin/tests/names/dns_name_issubdomain_data
@@ -0,0 +1,11 @@
+#
+# test data for dns_name_issubdomain
+# format:
+# <name1> <tab> <name2> <tab> <issubdomain>
+# where: issubdomain is 0 if false, else non-zero
+#
+# and where: exp_nlabels and exp_nbits are not tested if < 0
+#
+c.d a.b.c.d 0
+a.b.c.d c.d 1
+a.b.c. a.b.c. 1
diff --git a/bin/tests/names/dns_name_rdatacompare_data b/bin/tests/names/dns_name_rdatacompare_data
new file mode 100644
index 0000000..7f0c6a2
--- /dev/null
+++ b/bin/tests/names/dns_name_rdatacompare_data
@@ -0,0 +1,11 @@
+#
+# test data for dns_name_rdatacompare
+# format:
+# <name1> <tab> <name2> <tab> <exp_order>
+# where: exp_order may be one of: -1, 0, 1
+#
+# and where: exp_nlabels and exp_nbits are not tested if < 0
+#
+c.d. a.b.c.d. 1
+a.b.c.d. c.d. -1
+a.b.c. a.b.c. 0
diff --git a/bin/tests/names/dns_name_toregion_data b/bin/tests/names/dns_name_toregion_data
new file mode 100644
index 0000000..00c10f4
--- /dev/null
+++ b/bin/tests/names/dns_name_toregion_data
@@ -0,0 +1,8 @@
+#
+# test data for dns_name_toregion
+# format:
+# <test_name>
+#
+a.b.c.d.
+a.b.c.d.[A].[aaa.
+Ba\x\aa.b.c\[\[o\\.Z
diff --git a/bin/tests/names/dns_name_totext_data b/bin/tests/names/dns_name_totext_data
new file mode 100644
index 0000000..9db22aa
--- /dev/null
+++ b/bin/tests/names/dns_name_totext_data
@@ -0,0 +1,9 @@
+#
+# test data for dns_name_totext
+# format:
+# <name1> <tab> <omit_final_dot>
+#
+a.b.c.d 1
+a.\\[\[.c.d 1
+a.b.C.d 0
+a.b. 0
diff --git a/bin/tests/names/dns_name_towire_1_data b/bin/tests/names/dns_name_towire_1_data
new file mode 100644
index 0000000..a45d80a
--- /dev/null
+++ b/bin/tests/names/dns_name_towire_1_data
@@ -0,0 +1,17 @@
+# test data for dns_name_towire_1
+# format:
+# <testname> <dc_method> <exp_data>
+# <exp_data_len> <exp_result>
+#
+# where testname is the test name to be converted to wire format
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_data is the expected wire format data in hex format
+# and where exp_data_len is the length of the expected data in decimal format
+# and where exp_result is the expected return value of dns_name_towire
+#
+a.vix.com. DNS_COMPRESS_NONE 01610376697803636f6d00 11 ISC_R_SUCCESS
diff --git a/bin/tests/names/dns_name_towire_2_data b/bin/tests/names/dns_name_towire_2_data
new file mode 100644
index 0000000..35479be
--- /dev/null
+++ b/bin/tests/names/dns_name_towire_2_data
@@ -0,0 +1,17 @@
+# test data for dns_name_towire_1
+# format:
+# <testname> <dc_method> <exp_data>
+# <exp_data_len> <exp_result>
+#
+# where testname is the test name to be converted to wire format
+#
+# and where dc_method is one of
+# DNS_COMPRESS_ALL
+# DNS_COMPRESS_GLOBAL14
+# DNS_COMPRESS_NONE
+#
+# and where exp_data is the expected wire format data in hex format
+# and where exp_data_len is the length of the expected data in decimal format
+# and where exp_result is the expected return value of dns_name_towire
+#
+a.vix.com DNS_COMPRESS_NONE 01610376697803636f6d 10 ISC_R_NOSPACE
diff --git a/bin/tests/names/t_names.c b/bin/tests/names/t_names.c
new file mode 100644
index 0000000..68ce53b
--- /dev/null
+++ b/bin/tests/names/t_names.c
@@ -0,0 +1,2345 @@
+/*
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_names.c,v 1.46 2008/01/18 23:46:57 tbox Exp $ */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+
+#include <dns/compress.h>
+#include <dns/name.h>
+#include <dns/result.h>
+
+#include <tests/t_api.h>
+
+#define MAXTOKS 16
+#define BUFLEN 256
+#define BIGBUFLEN 4096
+
+static char *Tokens[MAXTOKS + 1];
+
+
+#ifdef NEED_PBUF
+
+/*%
+ * get a hex formatted dns message from a data
+ * file into an isc_buffer_t
+ * caller supplies data storage and the isc_buffer
+ * we read the file, convert, setup the buffer
+ * and return the data length
+ */
+
+static char *
+ctoh(unsigned char c) {
+ int val;
+ static char buf[3];
+
+ val = (c >> 4) & 0x0f;
+ if ((0 <= val) && (val <= 9))
+ buf[0] = '0' + val;
+ else if ((10 <= val) && (val <= 16))
+ buf[0] = 'a' + val - 10;
+ val = c & 0x0f;
+ if ((0 <= val) && (val <= 9))
+ buf[1] = '0' + val;
+ else if ((10 <= val) && (val <= 16))
+ buf[1] = 'a' + val - 10;
+ buf[2] = '\0';
+ return (buf);
+}
+
+static void
+pbuf(isc_buffer_t *pbuf) {
+ size_t len;
+ unsigned char *p;
+
+ len = 0;
+ p = pbuf->base;
+ while (len < pbuf->length) {
+ printf("%s", ctoh(*p));
+ ++p;
+ ++len;
+ if ((len % 40) == 0)
+ printf("\n");
+ }
+}
+
+#endif /* NEED_PBUF */
+
+/*%
+ * Compare data at buf with data in hex representation at exp_data,
+ * of length exp_data_len, for equality.
+ * Return 0 if equal, else non-zero.
+ */
+
+static int
+chkdata(unsigned char *buf, size_t buflen, char *exp_data,
+ size_t exp_data_len)
+{
+ int result;
+ unsigned char *p;
+ unsigned char *v;
+ char *q;
+ unsigned char *data;
+ size_t cnt;
+
+ if (buflen == exp_data_len) {
+ data = (unsigned char *)malloc(exp_data_len *
+ sizeof(unsigned char));
+ if (data == NULL) {
+ t_info("malloc failed unexpectedly\n");
+ return (-1);
+ }
+
+ /*
+ * First convert exp_data from hex format.
+ */
+ p = data;
+ q = exp_data;
+ cnt = 0;
+ while (cnt < exp_data_len) {
+
+ if (('0' <= *q) && (*q <= '9'))
+ *p = *q - '0';
+ else if (('a' <= *q) && (*q <= 'z'))
+ *p = *q - 'a' + 10;
+ else if (('A' <= *q) && (*q <= 'Z'))
+ *p = *q - 'A' + 10;
+ ++q;
+
+ *p <<= 4;
+
+ if (('0' <= *q) && (*q <= '9'))
+ *p |= ((*q - '0') & 0x0f);
+ else if (('a' <= *q) && (*q <= 'z'))
+ *p |= ((*q - 'a' + 10) & 0x0f);
+ else if (('A' <= *q) && (*q <= 'Z'))
+ *p |= ((*q - 'A' + 10) & 0x0f);
+ ++p;
+ ++q;
+ ++cnt;
+ }
+
+ /*
+ * Now compare data.
+ */
+ p = buf;
+ v = data;
+ for (cnt = 0; cnt < exp_data_len; ++cnt) {
+ if (*p != *v)
+ break;
+ ++p;
+ ++v;
+ }
+ if (cnt == exp_data_len)
+ result = 0;
+ else {
+ t_info("bad data at position %lu, "
+ "got 0x%.2x, expected 0x%.2x\n",
+ (unsigned long)cnt, *p, *q);
+ result = cnt + 1;
+ }
+ (void)free(data);
+ } else {
+ t_info("data length error, expected %lu, got %lu\n",
+ (unsigned long)exp_data_len, (unsigned long)buflen);
+ result = exp_data_len - buflen;
+ }
+ return (result);
+}
+
+/*%
+ * Get a hex formatted dns message from a data file into an isc_buffer_t.
+ * Caller supplies data storage and the isc_buffer. We read the file, convert,
+ * setup the buffer and return the data length.
+ */
+static int
+getmsg(char *datafile_name, unsigned char *buf, int buflen, isc_buffer_t *pbuf)
+{
+ int c;
+ int len;
+ int cnt;
+ unsigned int val;
+ unsigned char *p;
+ FILE *fp;
+
+ fp = fopen(datafile_name, "r");
+ if (fp == NULL) {
+ t_info("No such file %s\n", datafile_name);
+ return (0);
+ }
+
+ p = buf;
+ cnt = 0;
+ len = 0;
+ val = 0;
+ while ((c = getc(fp)) != EOF) {
+ if ( (c == ' ') || (c == '\t') ||
+ (c == '\r') || (c == '\n'))
+ continue;
+ if (c == '#') {
+ while ((c = getc(fp)) != '\n')
+ ;
+ continue;
+ }
+ if (('0' <= c) && (c <= '9'))
+ val = c - '0';
+ else if (('a' <= c) && (c <= 'z'))
+ val = c - 'a' + 10;
+ else if (('A' <= c) && (c <= 'Z'))
+ val = c - 'A'+ 10;
+ else {
+ (void)fclose(fp);
+ t_info("Bad format in datafile\n");
+ return (0);
+ }
+ if ((len % 2) == 0) {
+ *p = (val << 4);
+ } else {
+ *p += val;
+ ++p;
+ ++cnt;
+ if (cnt >= buflen) {
+ /*
+ * Buffer too small.
+ */
+ (void)fclose(fp);
+ t_info("Buffer overflow error\n");
+ return (0);
+ }
+ }
+ ++len;
+ }
+ (void)fclose(fp);
+
+ if (len % 2) {
+ t_info("Bad format in %s\n", datafile_name);
+ return (0);
+ }
+
+ *p = '\0';
+ isc_buffer_init(pbuf, buf, cnt);
+ isc_buffer_add(pbuf, cnt);
+ return (cnt);
+}
+
+static int
+bustline(char *line, char **toks) {
+ int cnt;
+ char *p;
+
+ cnt = 0;
+ if (line && *line) {
+ while ((p = strtok(line, "\t")) && (cnt < MAXTOKS)) {
+ *toks++ = p;
+ line = NULL;
+ ++cnt;
+ }
+ }
+ return (cnt);
+}
+
+
+#ifdef NEED_HNAME_TO_TNAME
+
+/*%
+ * convert a name from hex representation to text form
+ * format of hex notation is:
+ * %xXXXXXXXX
+ */
+
+static int
+hname_to_tname(char *src, char *target, size_t len) {
+ int i;
+ int c;
+ unsigned int val;
+ size_t srclen;
+ char *p;
+ char *q;
+
+ p = src;
+ srclen = strlen(p);
+ if ((srclen >= 2) && ((*p != '%') || (*(p+1) != 'x'))) {
+ /*
+ * No conversion needed.
+ */
+ if (srclen >= len)
+ return (1);
+ memcpy(target, src, srclen + 1);
+ return (0);
+ }
+
+ i = 0;
+ p += 2;
+ q = target;
+ while (*p) {
+ c = *p;
+ if (('0' < c) && (c <= '9'))
+ val = c - '0';
+ else if (('a' <= c) && (c <= 'z'))
+ val = c + 10 - 'a';
+ else if (('A' <= c) && (c <= 'Z'))
+ val = c + 10 - 'A';
+ else {
+ return (1);
+ }
+ if (i % 2) {
+ *q |= val;
+ ++q;
+ } else
+ *q = (val << 4);
+ ++i;
+ ++p;
+ }
+ if (i % 2) {
+ return (1);
+ } else {
+ *q = '\0';
+ return (0);
+ }
+}
+
+#endif /* NEED_HNAME_TO_TNAME */
+
+/*%
+ * initialize a dns_name_t from a text name, hiding all
+ * buffer and other object initialization from the caller
+ *
+ */
+
+static isc_result_t
+dname_from_tname(char *name, dns_name_t *dns_name) {
+ int len;
+ isc_buffer_t txtbuf;
+ isc_buffer_t *binbuf;
+ unsigned char *junk;
+ isc_result_t result;
+
+ len = strlen(name);
+ isc_buffer_init(&txtbuf, name, len);
+ isc_buffer_add(&txtbuf, len);
+ junk = (unsigned char *)malloc(sizeof(unsigned char) * BUFLEN);
+ binbuf = (isc_buffer_t *)malloc(sizeof(isc_buffer_t));
+ if ((junk != NULL) && (binbuf != NULL)) {
+ isc_buffer_init(binbuf, junk, BUFLEN);
+ dns_name_init(dns_name, NULL);
+ dns_name_setbuffer(dns_name, binbuf);
+ result = dns_name_fromtext(dns_name, &txtbuf,
+ NULL, ISC_FALSE, NULL);
+ } else {
+ result = ISC_R_NOSPACE;
+ if (junk != NULL)
+ (void)free(junk);
+ if (binbuf != NULL)
+ (void)free(binbuf);
+ }
+ return (result);
+}
+
+static const char *a3 = "dns_name_init initializes 'name' to the empty name";
+
+static void
+t_dns_name_init(void) {
+ int rval;
+ int result;
+ dns_name_t name;
+ unsigned char offsets[1];
+
+ rval = 0;
+ t_assert("dns_name_init", 1, T_REQUIRED, a3);
+
+ dns_name_init(&name, offsets);
+ /* magic is hidden in name.c ...
+ if (name.magic != NAME_MAGIC) {
+ t_info("name.magic is not set to NAME_MAGIC\n");
+ ++rval;
+ }
+ */
+ if (name.ndata != NULL) {
+ t_info("name.ndata is not NULL\n");
+ ++rval;
+ }
+ if (name.length != 0) {
+ t_info("name.length is not 0\n");
+ ++rval;
+ }
+ if (name.labels != 0) {
+ t_info("name.labels is not 0\n");
+ ++rval;
+ }
+ if (name.attributes != 0) {
+ t_info("name.attributes is not 0\n");
+ ++rval;
+ }
+ if (name.offsets != offsets) {
+ t_info("name.offsets is incorrect\n");
+ ++rval;
+ }
+ if (name.buffer != NULL) {
+ t_info("name.buffer is not NULL\n");
+ ++rval;
+ }
+
+ if (rval == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ t_result(result);
+}
+
+static const char *a4 = "dns_name_invalidate invalidates 'name'";
+
+static void
+t_dns_name_invalidate(void) {
+ int rval;
+ int result;
+ dns_name_t name;
+ unsigned char offsets[1];
+
+ t_assert("dns_name_invalidate", 1, T_REQUIRED, a4);
+
+ rval = 0;
+ dns_name_init(&name, offsets);
+ dns_name_invalidate(&name);
+
+ /* magic is hidden in name.c ...
+ if (name.magic != 0) {
+ t_info("name.magic is not set to NAME_MAGIC\n");
+ ++rval;
+ }
+ */
+ if (name.ndata != NULL) {
+ t_info("name.ndata is not NULL\n");
+ ++rval;
+ }
+ if (name.length != 0) {
+ t_info("name.length is not 0\n");
+ ++rval;
+ }
+ if (name.labels != 0) {
+ t_info("name.labels is not 0\n");
+ ++rval;
+ }
+ if (name.attributes != 0) {
+ t_info("name.attributes is not 0\n");
+ ++rval;
+ }
+ if (name.offsets != NULL) {
+ t_info("name.offsets is not NULL\n");
+ ++rval;
+ }
+ if (name.buffer != NULL) {
+ t_info("name.buffer is not NULL\n");
+ ++rval;
+ }
+
+ if (rval == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ t_result(result);
+}
+
+static const char *a5 = "dns_name_setbuffer dedicates a buffer for use "
+ "with 'name'";
+
+static void
+t_dns_name_setbuffer(void) {
+ int result;
+ unsigned char junk[BUFLEN];
+ dns_name_t name;
+ isc_buffer_t buffer;
+
+ t_assert("dns_name_setbuffer", 1, T_REQUIRED, a5);
+
+ isc_buffer_init(&buffer, junk, BUFLEN);
+ dns_name_init(&name, NULL);
+ dns_name_setbuffer(&name, &buffer);
+ if (name.buffer == &buffer)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+
+ t_result(result);
+}
+
+static const char *a6 = "dns_name_hasbuffer returns ISC_TRUE if 'name' has a "
+ "dedicated buffer, otherwise it returns ISC_FALSE";
+
+static void
+t_dns_name_hasbuffer(void) {
+ int result;
+ int rval;
+ unsigned char junk[BUFLEN];
+ dns_name_t name;
+ isc_buffer_t buffer;
+
+ t_assert("dns_name_hasbuffer", 1, T_REQUIRED, a6);
+
+ rval = 0;
+ isc_buffer_init(&buffer, junk, BUFLEN);
+ dns_name_init(&name, NULL);
+ if (dns_name_hasbuffer(&name) != ISC_FALSE)
+ ++rval;
+ dns_name_setbuffer(&name, &buffer);
+ if (dns_name_hasbuffer(&name) != ISC_TRUE)
+ ++rval;
+ if (rval == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+
+ t_result(result);
+}
+
+static const char *a7 = "dns_name_isabsolute returns ISC_TRUE if 'name' ends "
+ "in the root label";
+
+static int
+test_dns_name_isabsolute(char *test_name, isc_boolean_t expected) {
+ dns_name_t name;
+ isc_buffer_t buf;
+ isc_buffer_t binbuf;
+ unsigned char junk[BUFLEN];
+ int len;
+ int rval;
+ isc_boolean_t isabs_p;
+ isc_result_t result;
+
+ rval = T_UNRESOLVED;
+
+ t_info("testing name %s\n", test_name);
+ len = strlen(test_name);
+ isc_buffer_init(&buf, test_name, len);
+ isc_buffer_add(&buf, len);
+ isc_buffer_init(&binbuf, &junk[0], BUFLEN);
+ dns_name_init(&name, NULL);
+ dns_name_setbuffer(&name, &binbuf);
+ result = dns_name_fromtext(&name, &buf, NULL, ISC_FALSE, NULL);
+ if (result == ISC_R_SUCCESS) {
+ isabs_p = dns_name_isabsolute(&name);
+ if (isabs_p == expected)
+ rval = T_PASS;
+ else
+ rval = T_FAIL;
+ } else {
+ t_info("dns_name_fromtext %s failed, result = %s\n",
+ test_name, dns_result_totext(result));
+ }
+ return (rval);
+}
+
+static void
+t_dns_name_isabsolute(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_isabsolute", 1, T_REQUIRED, a7);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_isabsolute_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 2) {
+ /*
+ * label, bitpos, expected value.
+ */
+ result = test_dns_name_isabsolute(Tokens[0],
+ atoi(Tokens[1])
+ == 0 ?
+ ISC_FALSE :
+ ISC_TRUE);
+ } else {
+ t_info("bad datafile format at line %d\n",
+ line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_isabsolute_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a8 = "dns_name_hash(name, case_sensitive) returns "
+ "a hash of 'name' which is case_sensitive if case_sensitive "
+ "is true";
+
+/*%
+ * a9 merged with a8.
+ */
+
+static int
+test_dns_name_hash(char *test_name1, char *test_name2,
+ isc_boolean_t csh_match, isc_boolean_t cish_match) {
+ int rval;
+ int failures;
+ isc_boolean_t match;
+ unsigned int hash1;
+ unsigned int hash2;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ isc_result_t result;
+
+ rval = T_UNRESOLVED;
+ failures = 0;
+
+ t_info("testing names %s and %s\n", test_name1, test_name2);
+
+ result = dname_from_tname(test_name1, &dns_name1);
+ if (result == ISC_R_SUCCESS) {
+ result = dname_from_tname(test_name2, &dns_name2);
+ if (result == ISC_R_SUCCESS) {
+ hash1 = dns_name_hash(&dns_name1, ISC_TRUE);
+ hash2 = dns_name_hash(&dns_name2, ISC_TRUE);
+ match = ISC_FALSE;
+ if (hash1 == hash2)
+ match = ISC_TRUE;
+ if (match != csh_match) {
+ ++failures;
+ t_info("hash mismatch when ISC_TRUE\n");
+ }
+ hash1 = dns_name_hash(&dns_name1, ISC_FALSE);
+ hash2 = dns_name_hash(&dns_name2, ISC_FALSE);
+ match = ISC_FALSE;
+ if (hash1 == hash2)
+ match = ISC_TRUE;
+ if (match != cish_match) {
+ ++failures;
+ t_info("hash mismatch when ISC_FALSE\n");
+ }
+ if (failures == 0)
+ rval = T_PASS;
+ else
+ rval = T_FAIL;
+ } else {
+ t_info("dns_fromtext %s failed, result = %s\n",
+ test_name2, dns_result_totext(result));
+ }
+ } else {
+ t_info("dns_fromtext %s failed, result = %s\n",
+ test_name1, dns_result_totext(result));
+ }
+ return (rval);
+}
+
+static void
+t_dns_name_hash(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_hash", 1, T_REQUIRED, a8);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_hash_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 4) {
+ /*
+ * name1, name2, exp match value if
+ * case_sensitive true,
+ * exp match value of case_sensitive false
+ */
+ result = test_dns_name_hash(
+ Tokens[0],
+ Tokens[1],
+ atoi(Tokens[2]) == 0 ?
+ ISC_FALSE : ISC_TRUE,
+ atoi(Tokens[3]) == 0 ?
+ ISC_FALSE : ISC_TRUE);
+ } else {
+ t_info("bad datafile format at line %d\n",
+ line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_hash_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a10 =
+ "dns_name_fullcompare(name1, name2, orderp, nlabelsp) "
+ "returns the DNSSEC ordering relationship between name1 and "
+ "name2, sets orderp to -1 if name1 < name2, to 0 if "
+ "name1 == name2, or to 1 if name1 > name2, sets nlabelsp "
+ "to the number of labels name1 and name2 have in common, "
+ "and sets nbitsp to the number of bits name1 and name2 "
+ "have in common";
+
+/*%
+ * a11 thru a22 merged into a10.
+ */
+static const char *
+dns_namereln_to_text(dns_namereln_t reln) {
+ const char *p;
+
+ if (reln == dns_namereln_contains)
+ p = "contains";
+ else if (reln == dns_namereln_subdomain)
+ p = "subdomain";
+ else if (reln == dns_namereln_equal)
+ p = "equal";
+ else if (reln == dns_namereln_none)
+ p = "none";
+ else if (reln == dns_namereln_commonancestor)
+ p = "commonancestor";
+ else
+ p = "unknown";
+
+ return (p);
+}
+
+static int
+test_dns_name_fullcompare(char *name1, char *name2,
+ dns_namereln_t exp_dns_reln,
+ int exp_order, int exp_nlabels)
+{
+ int result;
+ int nfails;
+ int order;
+ unsigned int nlabels;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ isc_result_t dns_result;
+ dns_namereln_t dns_reln;
+
+ nfails = 0;
+ result = T_UNRESOLVED;
+
+
+ t_info("testing names %s and %s for relation %s\n", name1, name2,
+ dns_namereln_to_text(exp_dns_reln));
+
+ dns_result = dname_from_tname(name1, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_result = dname_from_tname(name2, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_reln = dns_name_fullcompare(&dns_name1, &dns_name2,
+ &order, &nlabels);
+
+ if (dns_reln != exp_dns_reln) {
+ ++nfails;
+ t_info("expected relationship of %s, got %s\n",
+ dns_namereln_to_text(exp_dns_reln),
+ dns_namereln_to_text(dns_reln));
+ }
+ /*
+ * Normalize order.
+ */
+ if (order < 0)
+ order = -1;
+ else if (order > 0)
+ order = 1;
+ if (order != exp_order) {
+ ++nfails;
+ t_info("expected ordering %d, got %d\n",
+ exp_order, order);
+ }
+ if ((exp_nlabels >= 0) &&
+ (nlabels != (unsigned int)exp_nlabels)) {
+ ++nfails;
+ t_info("expecting %d labels, got %d\n",
+ exp_nlabels, nlabels);
+ }
+ if (nfails == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_fullcompare(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+ dns_namereln_t reln;
+
+ t_assert("dns_name_fullcompare", 1, T_REQUIRED, a10);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_fullcompare_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 6) {
+ /*
+ * name1, name2, exp_reln, exp_order,
+ * exp_nlabels
+ */
+ if (!strcmp(Tokens[2], "none"))
+ reln = dns_namereln_none;
+ else if (!strcmp(Tokens[2], "contains"))
+ reln = dns_namereln_contains;
+ else if (!strcmp(Tokens[2], "subdomain"))
+ reln = dns_namereln_subdomain;
+ else if (!strcmp(Tokens[2], "equal"))
+ reln = dns_namereln_equal;
+ else if (!strcmp(Tokens[2], "commonancestor"))
+ reln = dns_namereln_commonancestor;
+ else {
+ t_info("bad format at line %d\n",
+ line);
+ continue;
+ }
+ result = test_dns_name_fullcompare(
+ Tokens[0],
+ Tokens[1],
+ reln,
+ atoi(Tokens[3]),
+ atoi(Tokens[4]));
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_fullcompare_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a23 =
+ "dns_name_compare(name1, name2) returns information about "
+ "the relative ordering under the DNSSEC ordering relationship "
+ "of name1 and name2";
+
+/*%
+ * a24 thru a29 merged into a23.
+ */
+
+static int
+test_dns_name_compare(char *name1, char *name2, int exp_order) {
+ int result;
+ int order;
+ isc_result_t dns_result;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s %s %s\n", name1,
+ exp_order == 0 ? "==": (exp_order == -1 ? "<" : ">"),
+ name2);
+
+ dns_result = dname_from_tname(name1, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_result = dname_from_tname(name2, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ order = dns_name_compare(&dns_name1, &dns_name2);
+ /*
+ * Normalize order.
+ */
+ if (order < 0)
+ order = -1;
+ else if (order > 0)
+ order = 1;
+ if (order != exp_order) {
+ t_info("expected order of %d, got %d\n",
+ exp_order, order);
+ result = T_FAIL;
+ } else
+ result = T_PASS;
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_compare(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_compare", 1, T_REQUIRED, a23);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_compare_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 3) {
+ /*
+ * name1, name2, order.
+ */
+ result = test_dns_name_compare(
+ Tokens[0],
+ Tokens[1],
+ atoi(Tokens[2]));
+ } else {
+ t_info("bad datafile format at line %d\n",
+ line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_compare_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a30 =
+ "dns_name_rdatacompare(name1, name2) returns information "
+ "about the relative ordering of name1 and name2 as if they "
+ "are part of rdata in DNSSEC canonical form";
+
+/*%
+ * a31, a32 merged into a30.
+ */
+
+static int
+test_dns_name_rdatacompare(char *name1, char *name2, int exp_order) {
+ int result;
+ int order;
+ isc_result_t dns_result;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s %s %s\n", name1,
+ exp_order == 0 ? "==": (exp_order == -1 ? "<" : ">"), name2);
+
+ dns_result = dname_from_tname(name1, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_result = dname_from_tname(name2, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ order = dns_name_rdatacompare(&dns_name1, &dns_name2);
+ /*
+ * Normalize order.
+ */
+ if (order < 0)
+ order = -1;
+ else if (order > 0)
+ order = 1;
+ if (order != exp_order) {
+ t_info("expected order of %d, got %d\n",
+ exp_order, order);
+ result = T_FAIL;
+ } else
+ result = T_PASS;
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_rdatacompare(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_rdatacompare", 1, T_REQUIRED, a30);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_rdatacompare_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 3) {
+ /*
+ * name1, name2, order.
+ */
+ result = test_dns_name_rdatacompare(
+ Tokens[0],
+ Tokens[1],
+ atoi(Tokens[2]));
+ } else {
+ t_info("bad datafile format at line %d\n",
+ line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_rdatacompare_data\n");
+ t_result(result);
+ }
+}
+
+
+static const char *a33 =
+ "when name1 is a subdomain of name2, "
+ "dns_name_issubdomain(name1, name2) returns true, "
+ "otherwise it returns false.";
+
+/*%
+ * a34 merged into a33.
+ */
+
+static int
+test_dns_name_issubdomain(char *name1, char *name2, isc_boolean_t exp_rval) {
+ int result;
+ isc_boolean_t rval;
+ isc_result_t dns_result;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s %s a subdomain of %s\n", name1,
+ exp_rval == 0 ? "is not" : "is", name2);
+
+ dns_result = dname_from_tname(name1, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_result = dname_from_tname(name2, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ rval = dns_name_issubdomain(&dns_name1, &dns_name2);
+
+ if (rval != exp_rval) {
+ t_info("expected return value of %s, got %s\n",
+ exp_rval == ISC_TRUE ? "true" : "false",
+ rval == ISC_TRUE ? "true" : "false");
+ result = T_FAIL;
+ } else
+ result = T_PASS;
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_issubdomain(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_issubdomain", 1, T_REQUIRED, a33);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_issubdomain_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 3) {
+ /*
+ * name1, name2, issubdomain_p.
+ */
+ result = test_dns_name_issubdomain(
+ Tokens[0],
+ Tokens[1],
+ atoi(Tokens[2]) == 0 ?
+ ISC_FALSE : ISC_TRUE);
+ } else {
+ t_info("bad datafile format at line %d\n",
+ line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_issubdomain_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a35 =
+ "dns_name_countlabels(name) returns the number "
+ "of labels in name";
+
+static int
+test_dns_name_countlabels(char *test_name, unsigned int exp_nlabels) {
+ int result;
+ unsigned int nlabels;
+ isc_result_t dns_result;
+ dns_name_t dns_name;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s\n", test_name);
+
+ dns_result = dname_from_tname(test_name, &dns_name);
+ if (dns_result == ISC_R_SUCCESS) {
+ nlabels = dns_name_countlabels(&dns_name);
+
+ if (nlabels != exp_nlabels) {
+ t_info("expected %d, got %d\n", exp_nlabels, nlabels);
+ result = T_FAIL;
+ } else
+ result = T_PASS;
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(dns_result));
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_countlabels(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_countlabels", 1, T_REQUIRED, a35);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_countlabels_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 2) {
+ /*
+ * name, nlabels.
+ */
+ result = test_dns_name_countlabels(Tokens[0],
+ atoi(Tokens[1]));
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_countlabels_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a36 =
+ "when n is less than the number of labels in name, "
+ "dns_name_getlabel(name, n, labelp) initializes labelp "
+ "to point to the nth label in name";
+
+/*%
+ * The strategy here is two take two dns names with a shared label in
+ * different positions, get the two labels and compare them for equality.
+ * If they don't match, dns_name_getlabel failed.
+ */
+
+static int
+test_dns_name_getlabel(char *test_name1, int label1_pos, char *test_name2,
+ int label2_pos)
+{
+ int result;
+ int nfails;
+ unsigned int cnt;
+ unsigned char *p;
+ unsigned char *q;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ dns_label_t dns_label1;
+ dns_label_t dns_label2;
+ isc_result_t dns_result;
+
+ nfails = 0;
+ result = T_UNRESOLVED;
+
+ t_info("testing with %s and %s\n", test_name1, test_name2);
+
+ dns_result = dname_from_tname(test_name1, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_result = dname_from_tname(test_name2, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_name_getlabel(&dns_name1, label1_pos, &dns_label1);
+ dns_name_getlabel(&dns_name2, label2_pos, &dns_label2);
+ if (dns_label1.length != dns_label2.length) {
+ t_info("label lengths differ\n");
+ ++nfails;
+ }
+ p = dns_label1.base;
+ q = dns_label2.base;
+ for (cnt = 0; cnt < dns_label1.length; ++cnt) {
+ if (*p++ != *q++) {
+ t_info("labels differ at position %d",
+ cnt);
+ ++nfails;
+ }
+ }
+ if (nfails == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ } else {
+ t_info("dname_from_tname failed, result == %s",
+ dns_result_totext(result));
+ }
+ } else {
+ t_info("dname_from_tname failed, result == %s",
+ dns_result_totext(result));
+ }
+ return (result);
+}
+
+static void
+t_dns_name_getlabel(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_getlabel", 1, T_REQUIRED, a36);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_getlabel_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 4) {
+ /*
+ * name1, name2, nlabels.
+ */
+ result = test_dns_name_getlabel(Tokens[0],
+ atoi(Tokens[1]),
+ Tokens[2],
+ atoi(Tokens[3]));
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_getlabel_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a37 =
+ "when source contains at least first + n labels, "
+ "dns_name_getlabelsequence(source, first, n, target) "
+ "initializes target to point to the n label sequence of "
+ "labels in source starting with first";
+
+/*%
+ * We adopt a similiar strategy to that used by the dns_name_getlabel test.
+ */
+
+static int
+test_dns_name_getlabelsequence(char *test_name1, int label1_start,
+ char *test_name2, int label2_start, int range)
+{
+ int result;
+ int nfails;
+ unsigned int cnt;
+ unsigned char *p;
+ unsigned char *q;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ dns_name_t dns_targetname1;
+ dns_name_t dns_targetname2;
+ isc_result_t dns_result;
+ isc_buffer_t buffer1;
+ isc_buffer_t buffer2;
+ unsigned char junk1[BUFLEN];
+ unsigned char junk2[BUFLEN];
+
+ nfails = 0;
+ result = T_UNRESOLVED;
+ dns_result = dname_from_tname(test_name1, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_result = dname_from_tname(test_name2, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ t_info("testing %s %s\n", test_name1, test_name2);
+ dns_name_init(&dns_targetname1, NULL);
+ dns_name_init(&dns_targetname2, NULL);
+ dns_name_getlabelsequence(&dns_name1, label1_start,
+ range, &dns_targetname1);
+ dns_name_getlabelsequence(&dns_name2, label2_start,
+ range, &dns_targetname2);
+
+ /*
+ * Now convert both targets to text for comparison.
+ */
+ isc_buffer_init(&buffer1, junk1, BUFLEN);
+ isc_buffer_init(&buffer2, junk2, BUFLEN);
+ dns_name_totext(&dns_targetname1, ISC_TRUE, &buffer1);
+ dns_name_totext(&dns_targetname2, ISC_TRUE, &buffer2);
+ if (buffer1.used == buffer2.used) {
+ p = buffer1.base;
+ q = buffer2.base;
+ for (cnt = 0; cnt < buffer1.used; ++cnt) {
+ if (*p != *q) {
+ ++nfails;
+ t_info("names differ at %d\n",
+ cnt);
+ break;
+ }
+ ++p; ++q;
+ }
+ } else {
+ ++nfails;
+ t_info("lengths differ\n");
+ }
+ if (nfails == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ } else {
+ t_info("dname_from_tname failed, result == %s",
+ dns_result_totext(dns_result));
+ }
+ } else {
+ t_info("dname_from_tname failed, result == %s",
+ dns_result_totext(dns_result));
+ }
+ return (result);
+}
+
+static void
+t_dns_name_getlabelsequence(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_getlabelsequence", 1, T_REQUIRED, a37);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_getlabelsequence_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 5) {
+ /*
+ * name1, name2, nlabels.
+ */
+ result = test_dns_name_getlabelsequence(
+ Tokens[0],
+ atoi(Tokens[1]),
+ Tokens[2],
+ atoi(Tokens[3]),
+ atoi(Tokens[4]));
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_getlabelsequence_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a38 =
+ "dns_name_fromregion(name, region) converts a DNS name "
+ "from a region representation to a name representation";
+
+static int
+test_dns_name_fromregion(char *test_name) {
+ int result;
+ int order;
+ unsigned int nlabels;
+ isc_result_t dns_result;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ dns_namereln_t dns_namereln;
+ isc_region_t region;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s\n", test_name);
+
+ dns_result = dname_from_tname(test_name, &dns_name1);
+ if (dns_result == ISC_R_SUCCESS) {
+
+ dns_name_toregion(&dns_name1, &region);
+
+ dns_name_init(&dns_name2, NULL);
+ dns_name_fromregion(&dns_name2, &region);
+ dns_namereln = dns_name_fullcompare(&dns_name1, &dns_name2,
+ &order, &nlabels);
+ if (dns_namereln == dns_namereln_equal)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ } else {
+ t_info("dname_from_tname failed, result == %s\n",
+ dns_result_totext(result));
+ }
+ return (result);
+}
+
+static void
+t_dns_name_fromregion(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_fromregion", 1, T_REQUIRED, a38);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_fromregion_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 1) {
+ /*
+ * test_name.
+ */
+ result = test_dns_name_fromregion(Tokens[0]);
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_fromregion_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a39 =
+ "dns_name_toregion(name, region) converts a DNS name "
+ "from a region representation to a name representation";
+
+static void
+t_dns_name_toregion(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_toregion", 1, T_REQUIRED, a39);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_toregion_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 1) {
+ /*
+ * test_name.
+ */
+ result = test_dns_name_fromregion(Tokens[0]);
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_toregion_data\n");
+ t_result(result);
+ }
+}
+
+static const char *a40 =
+ "dns_name_fromtext(name, source, origin, downcase, target) "
+ "converts the textual representation of a DNS name at source "
+ "into uncompressed wire form at target, appending origin to "
+ "the converted name if origin is non-NULL and converting "
+ "upper case to lower case during conversion "
+ "if downcase is true.";
+
+static int
+test_dns_name_fromtext(char *test_name1, char *test_name2, char *test_origin,
+ isc_boolean_t downcase)
+{
+ int result;
+ int order;
+ unsigned int nlabels;
+ unsigned char junk1[BUFLEN];
+ unsigned char junk2[BUFLEN];
+ unsigned char junk3[BUFLEN];
+ isc_buffer_t binbuf1;
+ isc_buffer_t binbuf2;
+ isc_buffer_t binbuf3;
+ isc_buffer_t txtbuf1;
+ isc_buffer_t txtbuf2;
+ isc_buffer_t txtbuf3;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ dns_name_t dns_name3;
+ isc_result_t dns_result;
+ dns_namereln_t dns_namereln;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s %s %s\n", test_name1, test_name2, test_origin);
+
+ isc_buffer_init(&binbuf1, junk1, BUFLEN);
+ isc_buffer_init(&binbuf2, junk2, BUFLEN);
+ isc_buffer_init(&binbuf3, junk3, BUFLEN);
+
+ isc_buffer_init(&txtbuf1, test_name1, strlen(test_name1));
+ isc_buffer_add(&txtbuf1, strlen(test_name1));
+
+ isc_buffer_init(&txtbuf2, test_name2, strlen(test_name2));
+ isc_buffer_add(&txtbuf2, strlen(test_name2));
+
+ isc_buffer_init(&txtbuf3, test_origin, strlen(test_origin));
+ isc_buffer_add(&txtbuf3, strlen(test_origin));
+ dns_name_init(&dns_name1, NULL);
+ dns_name_init(&dns_name2, NULL);
+ dns_name_init(&dns_name3, NULL);
+ dns_name_setbuffer(&dns_name1, &binbuf1);
+ dns_name_setbuffer(&dns_name2, &binbuf2);
+ dns_name_setbuffer(&dns_name3, &binbuf3);
+
+ dns_result = dns_name_fromtext(&dns_name3, &txtbuf3, NULL,
+ ISC_FALSE, &binbuf3);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext(dns_name3) failed, result == %s\n",
+ dns_result_totext(dns_result));
+ return (T_FAIL);
+ }
+
+ dns_result = dns_name_fromtext(&dns_name1, &txtbuf1, &dns_name3,
+ downcase, &binbuf1);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext(dns_name1) failed, result == %s\n",
+ dns_result_totext(dns_result));
+ return (T_FAIL);
+ }
+
+ dns_result = dns_name_fromtext(&dns_name2, &txtbuf2, NULL,
+ ISC_FALSE, &binbuf2);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext(dns_name2) failed, result == %s\n",
+ dns_result_totext(dns_result));
+ return (T_FAIL);
+ }
+
+ dns_namereln = dns_name_fullcompare(&dns_name1, &dns_name2, &order,
+ &nlabels);
+
+ if (dns_namereln == dns_namereln_equal)
+ result = T_PASS;
+ else {
+ t_info("dns_name_fullcompare returned %s\n",
+ dns_namereln_to_text(dns_namereln));
+ result = T_FAIL;
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_fromtext(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_fromtext", 1, T_REQUIRED, a40);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_fromtext_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 4) {
+ /*
+ * test_name1, test_name2, test_origin,
+ * downcase.
+ */
+ result = test_dns_name_fromtext(Tokens[0],
+ Tokens[1],
+ Tokens[2],
+ atoi(Tokens[3])
+ == 0 ?
+ ISC_FALSE :
+ ISC_TRUE);
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_fromtext\n");
+ t_result(result);
+ }
+}
+
+static const char *a41 =
+ "dns_name_totext(name, omit_final_dot, target) converts "
+ "the DNS name 'name' in wire format to textual format "
+ "at target, and adds a final '.' to the name if "
+ "omit_final_dot is false";
+
+static int
+test_dns_name_totext(char *test_name, isc_boolean_t omit_final) {
+ int result;
+ int len;
+ int order;
+ unsigned int nlabels;
+ unsigned char junk1[BUFLEN];
+ unsigned char junk2[BUFLEN];
+ unsigned char junk3[BUFLEN];
+ isc_buffer_t buf1;
+ isc_buffer_t buf2;
+ isc_buffer_t buf3;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ isc_result_t dns_result;
+ dns_namereln_t dns_namereln;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing %s\n", test_name);
+
+ len = strlen(test_name);
+ isc_buffer_init(&buf1, test_name, len);
+ isc_buffer_add(&buf1, len);
+
+ dns_name_init(&dns_name1, NULL);
+ isc_buffer_init(&buf2, junk2, BUFLEN);
+
+ /*
+ * Out of the data file to dns_name1.
+ */
+ dns_result = dns_name_fromtext(&dns_name1, &buf1, NULL, ISC_FALSE,
+ &buf2);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed, result == %s\n",
+ dns_result_totext(dns_result));
+ return (T_UNRESOLVED);
+ }
+
+ /*
+ * From dns_name1 into a text buffer.
+ */
+ isc_buffer_invalidate(&buf1);
+ isc_buffer_init(&buf1, junk1, BUFLEN);
+ dns_result = dns_name_totext(&dns_name1, omit_final, &buf1);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_totext failed, result == %s\n",
+ dns_result_totext(dns_result));
+ return (T_FAIL);
+ }
+
+ /*
+ * From the text buffer into dns_name2.
+ */
+ dns_name_init(&dns_name2, NULL);
+ isc_buffer_init(&buf3, junk3, BUFLEN);
+ dns_result = dns_name_fromtext(&dns_name2, &buf1, NULL, ISC_FALSE,
+ &buf3);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed, result == %s\n",
+ dns_result_totext(dns_result));
+ return (T_UNRESOLVED);
+ }
+
+ dns_namereln = dns_name_fullcompare(&dns_name1, &dns_name2,
+ &order, &nlabels);
+ if (dns_namereln == dns_namereln_equal)
+ result = T_PASS;
+ else {
+ t_info("dns_name_fullcompare returned %s\n",
+ dns_namereln_to_text(dns_namereln));
+ result = T_FAIL;
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_totext(void) {
+ int line;
+ int cnt;
+ int result;
+ char *p;
+ FILE *fp;
+
+ t_assert("dns_name_totext", 1, T_REQUIRED, a41);
+
+ result = T_UNRESOLVED;
+ fp = fopen("dns_name_totext_data", "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 2) {
+ /*
+ * test_name, omit_final.
+ */
+ result = test_dns_name_totext(Tokens[0],
+ atoi(Tokens[1]) == 0 ?
+ ISC_FALSE :
+ ISC_TRUE);
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile dns_name_totext\n");
+ t_result(result);
+ }
+}
+
+static const char *a42 =
+ "dns_name_fromwire(name, source, dctx, downcase, target) "
+ "converts the possibly compressed DNS name 'name' in wire "
+ "format to canonicalized form at target, performing upper to "
+ "lower case conversion if downcase is true, and returns "
+ "ISC_R_SUCCESS";
+
+#if 0
+ /*
+ * XXXRTH these tests appear to be broken, so I have
+ * disabled them.
+ */
+static const char *a43 =
+ "when a label length is invalid, dns_name_fromwire() "
+ "returns DNS_R_FORMERR";
+
+static const char *a44 =
+ "when a label type is invalid, dns_name_fromwire() "
+ "returns DNS_R_BADLABELTYPE";
+#endif
+
+static const char *a45 =
+ "when a name length is invalid, dns_name_fromwire() "
+ "returns DNS_R_FORMERR";
+
+static const char *a46 =
+ "when a compression type is invalid, dns_name_fromwire() "
+ "returns DNS_R_DISALLOWED";
+
+static const char *a47 =
+ "when a bad compression pointer is encountered, "
+ "dns_name_fromwire() returns DNS_R_BADPOINTER";
+
+static const char *a48 =
+ "when input ends unexpected, dns_name_fromwire() "
+ "returns ISC_R_UNEXPECTEDEND";
+
+static const char *a49 =
+ "when there is not enough space in target, "
+ "dns_name_fromwire(name, source, dcts, downcase, target) "
+ "returns ISC_R_NOSPACE";
+
+static int
+test_dns_name_fromwire(char *datafile_name, int testname_offset, int downcase,
+ unsigned int dc_method, char *exp_name,
+ isc_result_t exp_result, size_t buflen)
+{
+ int result;
+ int order;
+ unsigned int nlabels;
+ int len;
+ unsigned char buf1[BIGBUFLEN];
+ char buf2[BUFLEN];
+ isc_buffer_t iscbuf1;
+ isc_buffer_t iscbuf2;
+ dns_name_t dns_name1;
+ dns_name_t dns_name2;
+ isc_result_t dns_result;
+ dns_namereln_t dns_namereln;
+ dns_decompress_t dctx;
+
+ result = T_UNRESOLVED;
+
+ t_info("testing using %s\n", datafile_name);
+ len = getmsg(datafile_name, buf1, BIGBUFLEN, &iscbuf1);
+
+ isc_buffer_setactive(&iscbuf1, len);
+ iscbuf1.current = testname_offset;
+
+ isc_buffer_init(&iscbuf2, buf2, buflen);
+ dns_name_init(&dns_name1, NULL);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, dc_method);
+ dns_result = dns_name_fromwire(&dns_name1, &iscbuf1,
+ &dctx, downcase ? ISC_TRUE : ISC_FALSE,
+ &iscbuf2);
+
+ if ((dns_result == exp_result) && (exp_result == ISC_R_SUCCESS)) {
+
+ dns_result = dname_from_tname(exp_name, &dns_name2);
+ if (dns_result == ISC_R_SUCCESS) {
+ dns_namereln = dns_name_fullcompare(&dns_name1,
+ &dns_name2,
+ &order, &nlabels);
+ if (dns_namereln != dns_namereln_equal) {
+ t_info("dns_name_fullcompare returned %s\n",
+ dns_namereln_to_text(dns_namereln));
+ result = T_FAIL;
+ } else {
+ result = T_PASS;
+ }
+ } else {
+ t_info("dns_name_fromtext %s failed, result = %s\n",
+ exp_name, dns_result_totext(dns_result));
+ result = T_UNRESOLVED;
+ }
+ } else if (dns_result == exp_result) {
+ result = T_PASS;
+ } else {
+ t_info("dns_name_fromwire returned %s\n",
+ dns_result_totext(dns_result));
+ result = T_FAIL;
+ }
+
+ return (result);
+}
+
+static void
+t_dns_name_fromwire_x(const char *testfile, size_t buflen) {
+ int line;
+ int cnt;
+ int result;
+ unsigned int dc_method;
+ isc_result_t exp_result;
+ char *p;
+ char *tok;
+ FILE *fp;
+
+ result = T_UNRESOLVED;
+ fp = fopen(testfile, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 6) {
+ /*
+ * datafile_name, testname_offset,
+ * downcase, dc_method,
+ * exp_name, exp_result.
+ */
+
+ tok = Tokens[5];
+ exp_result = ISC_R_SUCCESS;
+ if (! strcmp(tok, "ISC_R_SUCCESS"))
+ exp_result = ISC_R_SUCCESS;
+ else if (! strcmp(tok, "ISC_R_NOSPACE"))
+ exp_result = ISC_R_NOSPACE;
+ else if (! strcmp(tok, "DNS_R_BADLABELTYPE"))
+ exp_result = DNS_R_BADLABELTYPE;
+ else if (! strcmp(tok, "DNS_R_FORMERR"))
+ exp_result = DNS_R_FORMERR;
+ else if (! strcmp(tok, "DNS_R_BADPOINTER"))
+ exp_result = DNS_R_BADPOINTER;
+ else if (! strcmp(tok, "ISC_R_UNEXPECTEDEND"))
+ exp_result = ISC_R_UNEXPECTEDEND;
+ else if (! strcmp(tok, "DNS_R_TOOMANYHOPS"))
+ exp_result = DNS_R_TOOMANYHOPS;
+ else if (! strcmp(tok, "DNS_R_DISALLOWED"))
+ exp_result = DNS_R_DISALLOWED;
+ else if (! strcmp(tok, "DNS_R_NAMETOOLONG"))
+ exp_result = DNS_R_NAMETOOLONG;
+
+ tok = Tokens[3];
+ dc_method = DNS_COMPRESS_NONE;
+ if (! strcmp(tok, "DNS_COMPRESS_GLOBAL14"))
+ dc_method = DNS_COMPRESS_GLOBAL14;
+ else if (! strcmp(tok, "DNS_COMPRESS_ALL"))
+ dc_method = DNS_COMPRESS_ALL;
+
+ result = test_dns_name_fromwire(Tokens[0],
+ atoi(Tokens[1]),
+ atoi(Tokens[2]),
+ dc_method,
+ Tokens[4],
+ exp_result,
+ buflen);
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", testfile);
+ t_result(result);
+ }
+}
+
+static void
+t_dns_name_fromwire(void) {
+ t_assert("dns_name_fromwire", 1, T_REQUIRED, a42);
+ t_dns_name_fromwire_x("dns_name_fromwire_1_data", BUFLEN);
+
+#if 0
+ /*
+ * XXXRTH these tests appear to be broken, so I have
+ * disabled them.
+ */
+ t_assert("dns_name_fromwire", 2, T_REQUIRED, a43);
+ t_dns_name_fromwire_x("dns_name_fromwire_2_data", BUFLEN);
+
+ t_assert("dns_name_fromwire", 3, T_REQUIRED, a44);
+ t_dns_name_fromwire_x("dns_name_fromwire_3_data", BUFLEN);
+#endif
+
+ t_assert("dns_name_fromwire", 4, T_REQUIRED, a45);
+ t_dns_name_fromwire_x("dns_name_fromwire_4_data", BUFLEN);
+
+ t_assert("dns_name_fromwire", 5, T_REQUIRED, a46);
+ t_dns_name_fromwire_x("dns_name_fromwire_5_data", BUFLEN);
+
+ t_assert("dns_name_fromwire", 6, T_REQUIRED, a47);
+ t_dns_name_fromwire_x("dns_name_fromwire_6_data", BUFLEN);
+
+ t_assert("dns_name_fromwire", 7, T_REQUIRED, a48);
+ t_dns_name_fromwire_x("dns_name_fromwire_7_data", BUFLEN);
+
+ t_assert("dns_name_fromwire", 9, T_REQUIRED, a49);
+ t_dns_name_fromwire_x("dns_name_fromwire_8_data", 2);
+}
+
+
+static const char *a51 =
+ "dns_name_towire(name, cctx, target) converts the DNS name "
+ "'name' into wire format, compresses it as specified "
+ "by the compression context cctx, stores the result in "
+ "target and returns DNS_SUCCESS";
+
+static const char *a52 =
+ "when not enough space exists in target, "
+ "dns_name_towire(name, cctx, target) returns ISC_R_NOSPACE";
+
+static int
+test_dns_name_towire(char *testname, unsigned int dc_method, char *exp_data,
+ int exp_data_len, isc_result_t exp_result, size_t buflen)
+{
+ int result;
+ int val;
+ int len;
+ unsigned char buf2[BUFLEN];
+ unsigned char buf3[BUFLEN];
+ isc_buffer_t iscbuf1;
+ isc_buffer_t iscbuf2;
+ isc_buffer_t iscbuf3;
+ dns_name_t dns_name;
+ isc_result_t dns_result;
+ isc_result_t isc_result;
+ dns_compress_t cctx;
+ isc_mem_t *mctx;
+
+ t_info("testing using %s\n", testname);
+
+ result = T_UNRESOLVED;
+ mctx = NULL;
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed\n");
+ return (result);
+ }
+ dns_compress_init(&cctx, -1, mctx);
+ dns_compress_setmethods(&cctx, dc_method);
+ dns_name_init(&dns_name, NULL);
+ len = strlen(testname);
+ isc_buffer_init(&iscbuf1, testname, len);
+ isc_buffer_add(&iscbuf1, len);
+ isc_buffer_init(&iscbuf2, buf2, BUFLEN);
+ dns_result = dns_name_fromtext(&dns_name, &iscbuf1, NULL, ISC_FALSE,
+ &iscbuf2);
+ if (dns_result == ISC_R_SUCCESS) {
+ isc_buffer_init(&iscbuf3, buf3, buflen);
+ dns_result = dns_name_towire(&dns_name, &cctx, &iscbuf3);
+ if (dns_result == exp_result) {
+ if (exp_result == ISC_R_SUCCESS) {
+ /*
+ * Compare results with expected data.
+ */
+ val = chkdata(buf3, iscbuf3.used, exp_data,
+ exp_data_len);
+ if (val == 0)
+ result = T_PASS;
+ else
+ result = T_FAIL;
+ } else
+ result = T_PASS;
+ } else {
+ t_info("dns_name_towire unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ result = T_FAIL;
+ }
+ } else {
+ t_info("dns_name_fromtext %s failed, result = %s\n",
+ testname, dns_result_totext(dns_result));
+ }
+ return (result);
+}
+
+static void
+t_dns_name_towire_x(const char *testfile, size_t buflen) {
+ int line;
+ int cnt;
+ int result;
+ unsigned int dc_method;
+ isc_result_t exp_result;
+ char *p;
+ FILE *fp;
+
+ result = T_UNRESOLVED;
+ fp = fopen(testfile, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = bustline(p, Tokens);
+ if (cnt == 5) {
+ /*
+ * testname, dc_method,
+ * exp_data, exp_data_len,
+ * exp_result.
+ */
+
+ dc_method = t_dc_method_fromtext(Tokens[3]);
+ exp_result = t_dns_result_fromtext(Tokens[4]);
+
+ result = test_dns_name_towire(Tokens[0],
+ dc_method,
+ Tokens[2],
+ atoi(Tokens[3]),
+ exp_result,
+ buflen);
+ } else {
+ t_info("bad format at line %d\n", line);
+ }
+
+ (void)free(p);
+ t_result(result);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", testfile);
+ t_result(result);
+ }
+}
+
+static void
+t_dns_name_towire_1(void) {
+ t_assert("dns_name_towire", 1, T_REQUIRED, a51);
+ t_dns_name_towire_x("dns_name_towire_1_data", BUFLEN);
+}
+
+static void
+t_dns_name_towire_2(void) {
+ t_assert("dns_name_towire", 2, T_REQUIRED, a52);
+ t_dns_name_towire_x("dns_name_towire_2_data", 2);
+}
+
+static void
+t_dns_name_towire(void) {
+ t_dns_name_towire_1();
+ t_dns_name_towire_2();
+}
+
+#if 0 /* This is silly. A test should either exist, or not, but not
+ * one that just returns "UNTESTED."
+ */
+static const char *a53 =
+ "dns_name_concatenate(prefix, suffix, name, target) "
+ "concatenates prefix and suffix, stores the result "
+ "in target, canonicalizes any bitstring labels "
+ "and returns ISC_R_SUCCESS";
+
+static void
+t_dns_name_concatenate(void) {
+ t_assert("dns_name_concatenate", 1, T_REQUIRED, a53);
+ t_result(T_UNTESTED);
+}
+#endif
+
+testspec_t T_testlist[] = {
+ { t_dns_name_init, "dns_name_init" },
+ { t_dns_name_invalidate, "dns_name_invalidate" },
+ { t_dns_name_setbuffer, "dns_name_setbuffer" },
+ { t_dns_name_hasbuffer, "dns_name_hasbuffer" },
+ { t_dns_name_isabsolute, "dns_name_isabsolute" },
+ { t_dns_name_hash, "dns_name_hash" },
+ { t_dns_name_fullcompare, "dns_name_fullcompare" },
+ { t_dns_name_compare, "dns_name_compare" },
+ { t_dns_name_rdatacompare, "dns_name_rdatacompare" },
+ { t_dns_name_issubdomain, "dns_name_issubdomain" },
+ { t_dns_name_countlabels, "dns_name_countlabels" },
+ { t_dns_name_getlabel, "dns_name_getlabel" },
+ { t_dns_name_getlabelsequence, "dns_name_getlabelsequence" },
+ { t_dns_name_fromregion, "dns_name_fromregion" },
+ { t_dns_name_toregion, "dns_name_toregion" },
+ { t_dns_name_fromwire, "dns_name_fromwire" },
+ { t_dns_name_towire, "dns_name_towire" },
+ { t_dns_name_fromtext, "dns_name_fromtext" },
+ { t_dns_name_totext, "dns_name_totext" },
+#if 0
+ { t_dns_name_concatenate, "dns_name_concatenate" },
+#endif
+ { NULL, NULL }
+
+};
+
diff --git a/bin/tests/names/wire_test1.data b/bin/tests/names/wire_test1.data
new file mode 100644
index 0000000..505134a
--- /dev/null
+++ b/bin/tests/names/wire_test1.data
@@ -0,0 +1,13 @@
+#
+# a global14 compression pointer
+#
+000a85800001000300000003
+0376697803636f6d0000020001c00c00
+02000100000e10000b05697372763102
+7061c00cc00c0002000100000e100009
+066e732d657874c00cc00c0002000100
+000e10000e036e733104676e61630363
+6f6d00c0250001000100000e100004cc
+98b886c03c0001000100000e100004cc
+98b840c051000100010002a14a0004c6
+97f8f6
diff --git a/bin/tests/names/wire_test2.data b/bin/tests/names/wire_test2.data
new file mode 100644
index 0000000..ea03557
--- /dev/null
+++ b/bin/tests/names/wire_test2.data
@@ -0,0 +1,13 @@
+#
+# a global14 compression pointer
+#
+000a85800001000300000003
+8376697803636f6d0000020001c00c00
+02000100000e10000b05697372763102
+7061c00cc00c0002000100000e100009
+066e732d657874c00cc00c0002000100
+000e10000e036e733104676e61630363
+6f6d00c0250001000100000e100004cc
+98b886c03c0001000100000e100004cc
+98b840c051000100010002a14a0004c6
+97f8f6
diff --git a/bin/tests/names/wire_test3_1.data b/bin/tests/names/wire_test3_1.data
new file mode 100644
index 0000000..5f5ec59
--- /dev/null
+++ b/bin/tests/names/wire_test3_1.data
@@ -0,0 +1,11 @@
+#
+# a bad compression pointer starting with the bits 1111
+#
+000a85800001000300000003
+03766978 03636f6d 00 0002 0001
+f00c 0002 0001 0000 0e10 000b 056973727631 027061 c00c
+c00c 0002 0001 0000 0e10 0009 066e732d657874 c00c
+c00c 0002 0001 0000 0e10 000e 036e7331 04676e6163 03636f6d 00
+c025 0001 0001 0000 0e10 0004 cc98b886
+c03c 0001 0001 0000 0e10 0004 cc98b840
+c051 0001 0001 0002 a14a 0004 c697f8f6
diff --git a/bin/tests/names/wire_test3_2.data b/bin/tests/names/wire_test3_2.data
new file mode 100644
index 0000000..fae2fe2
--- /dev/null
+++ b/bin/tests/names/wire_test3_2.data
@@ -0,0 +1,12 @@
+#
+# a bad compression pointer due to forward reference of 0x30 to
+# another compression pointer with a valid backreference
+#
+000a85800001000300000003
+03766978 03636f6d 00 0002 0001
+c030 0002 0001 0000 0e10 000b 056973727631 027061 c00c
+c00c 0002 0001 0000 0e10 0009 066e732d657874 c00c
+c00c 0002 0001 0000 0e10 000e 036e7331 04676e6163 03636f6d 00
+c025 0001 0001 0000 0e10 0004 cc98b886
+c03c 0001 0001 0000 0e10 0004 cc98b840
+c051 0001 0001 0002 a14a 0004 c697f8f6
diff --git a/bin/tests/names/wire_test4.data b/bin/tests/names/wire_test4.data
new file mode 100644
index 0000000..dba6035
--- /dev/null
+++ b/bin/tests/names/wire_test4.data
@@ -0,0 +1,45 @@
+#
+# invalid name length, pointer at offset 0x0226 points to
+# long name at offset 0x25
+#
+000a 8580 0001 0003 0000 0001
+03 766978 03 636f6d 00 0002 0001
+c00c 0002 0001 00000e10
+0101
+# long name starts here
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a
+03616263 0358595a 03616263 0358595a
+03414243 0378797a 03414243 0378797a 00
+# compression pointer start here and refers back to long name
+c023 0002 0001 00000e10 0009 066e732d657874 c00c
+c00c 0002 0001 00000e10 000e 036e733104676e616303636f6d00
+c025 0001 0001 00000e10 0004 cc98b886
diff --git a/bin/tests/names/wire_test5.data b/bin/tests/names/wire_test5.data
new file mode 100644
index 0000000..505134a
--- /dev/null
+++ b/bin/tests/names/wire_test5.data
@@ -0,0 +1,13 @@
+#
+# a global14 compression pointer
+#
+000a85800001000300000003
+0376697803636f6d0000020001c00c00
+02000100000e10000b05697372763102
+7061c00cc00c0002000100000e100009
+066e732d657874c00cc00c0002000100
+000e10000e036e733104676e61630363
+6f6d00c0250001000100000e100004cc
+98b886c03c0001000100000e100004cc
+98b840c051000100010002a14a0004c6
+97f8f6
diff --git a/bin/tests/names/wire_test6.data b/bin/tests/names/wire_test6.data
new file mode 100644
index 0000000..1a05d26
--- /dev/null
+++ b/bin/tests/names/wire_test6.data
@@ -0,0 +1,13 @@
+#
+# a bad pointer
+#
+000a85800001000300000003
+0376697803636f6d0000020001f00c00
+02000100000e10000b05697372763102
+7061c00cc00c0002000100000e100009
+066e732d657874c00cc00c0002000100
+000e10000e036e733104676e61630363
+6f6d00c0250001000100000e100004cc
+98b886c03c0001000100000e100004cc
+98b840c051000100010002a14a0004c6
+97f8f6
diff --git a/bin/tests/names/wire_test7.data b/bin/tests/names/wire_test7.data
new file mode 100644
index 0000000..40fbbed
--- /dev/null
+++ b/bin/tests/names/wire_test7.data
@@ -0,0 +1,5 @@
+#
+# input ends unexpectedly
+#
+000a85800001000300000003
+0376697803636f6d0000020001c0
diff --git a/bin/tests/names/wire_test8.data b/bin/tests/names/wire_test8.data
new file mode 100644
index 0000000..beabbf7
--- /dev/null
+++ b/bin/tests/names/wire_test8.data
@@ -0,0 +1,28 @@
+#
+# too many hops DNS_POINTER_MAXHOPS is defined as 16
+# in lib/dns/include/dns/name.h
+#
+000a85800001000300000013
+03 766978 03 636f6d 00 0002 0001
+c00c 0002 0001 00000e10 000b 056973727631027061 c00c
+c019 0002 0001 00000e10 0009 066e732d657874 c00c
+c030 0002 0001 00000e10 000e 036e7331 04676e6163 03636f6d 00
+c045 0001 0001 00000e10 0004 cc98b886
+c05f 0001 0001 00000e10 0004 cc98b840
+c06f 0001 0001 0002a14a 0004 c697f8f6
+c07f 0001 0001 0002a14a 0004 c697f8f6
+c08f 0001 0001 0002a14a 0004 c697f8f6
+c09f 0001 0001 0002a14a 0004 c697f8f6
+c0af 0001 0001 0002a14a 0004 c697f8f6
+c0bf 0001 0001 0002a14a 0004 c697f8f6
+c0cf 0001 0001 0002a14a 0004 c697f8f6
+c0df 0001 0001 0002a14a 0004 c697f8f6
+c0ef 0001 0001 0002a14a 0004 c697f8f6
+c0ff 0001 0001 0002a14a 0004 c697f8f6
+c10f 0001 0001 0002a14a 0004 c697f8f6
+c11f 0001 0001 0002a14a 0004 c697f8f6
+c12f 0001 0001 0002a14a 0004 c697f8f6
+c13f 0001 0001 0002a14a 0004 c697f8f6
+c14f 0001 0001 0002a14a 0004 c697f8f6
+c15f 0001 0001 0002a14a 0004 c697f8f6
+c16f 0001 0001 0002a14a 0004 c697f8f6
diff --git a/bin/tests/ndc.conf b/bin/tests/ndc.conf
new file mode 100644
index 0000000..bc2c0c6
--- /dev/null
+++ b/bin/tests/ndc.conf
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */
+
+options {
+ default-server "velo.jab.fr" ;
+# [ default-key key_name; ]
+};
+
+server "velo.jab.fr" {
+ key "akey";
+ host "1.2.3.4";
+};
+
+include "ndc.conf-include";
+
+key "akey" {
+ algorithm "algo";
+ secret "c2Vj";
+};
+
diff --git a/bin/tests/ndc.conf-include b/bin/tests/ndc.conf-include
new file mode 100644
index 0000000..58d1534
--- /dev/null
+++ b/bin/tests/ndc.conf-include
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ndc.conf-include,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
+
+key "another-key" {
+ algorithm "al-gore-rhythm";
+ secret "R29yZSBpbiAyMDA0IQo"; # "Gore in 2004!"
+};
+
+
diff --git a/bin/tests/net/Makefile.in b/bin/tests/net/Makefile.in
new file mode 100644
index 0000000..0c75c28
--- /dev/null
+++ b/bin/tests/net/Makefile.in
@@ -0,0 +1,53 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.16 2007/06/19 23:47:00 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${ISCDEPLIBS}
+
+LIBS = ${ISCLIBS} @LIBS@
+
+TARGETS = t_net@EXEEXT@
+
+SRCS = driver.c netaddr_multicast.c sockaddr_multicast.c
+
+OBJS = driver.@O@ netaddr_multicast.@O@ sockaddr_multicast.@O@
+
+@BIND9_MAKE_RULES@
+
+t_net@EXEEXT@: ${OBJS} ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${TLIB} ${LIBS}
+
+test: t_net@EXEEXT@
+ -@./t_net@EXEEXT@
+
+clean distclean::
+ rm -f ${TARGETS}
+ rm -f ${OBJS}
diff --git a/bin/tests/net/driver.c b/bin/tests/net/driver.c
new file mode 100644
index 0000000..a8b3bf7
--- /dev/null
+++ b/bin/tests/net/driver.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: driver.c,v 1.11 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include "driver.h"
+
+#include "testsuite.h"
+
+#define NTESTS (sizeof(tests) / sizeof(test_t))
+
+const char *gettime(void);
+const char *test_result_totext(test_result_t);
+
+/*
+ * Not thread safe.
+ */
+const char *
+gettime(void) {
+ static char now[512];
+ time_t t;
+
+ (void)time(&t);
+
+ strftime(now, sizeof(now) - 1,
+ "%A %d %B %H:%M:%S %Y",
+ localtime(&t));
+
+ return (now);
+}
+
+const char *
+test_result_totext(test_result_t result) {
+ const char *s;
+ switch (result) {
+ case PASSED:
+ s = "PASS";
+ break;
+ case FAILED:
+ s = "FAIL";
+ break;
+ case UNTESTED:
+ s = "UNTESTED";
+ break;
+ case UNKNOWN:
+ default:
+ s = "UNKNOWN";
+ break;
+ }
+
+ return (s);
+}
+
+int
+main(int argc, char **argv) {
+ test_t *test;
+ test_result_t result;
+ unsigned int n_failed;
+ unsigned int testno;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ printf("S:%s:%s\n", SUITENAME, gettime());
+
+ n_failed = 0;
+ for (testno = 0; testno < NTESTS; testno++) {
+ test = &tests[testno];
+ printf("T:%s:%u:A\n", test->tag, testno + 1);
+ printf("A:%s\n", test->description);
+ result = test->func();
+ printf("R:%s\n", test_result_totext(result));
+ if (result != PASSED)
+ n_failed++;
+ }
+
+ printf("E:%s:%s\n", SUITENAME, gettime());
+
+ if (n_failed > 0)
+ exit(1);
+
+ return (0);
+}
+
diff --git a/bin/tests/net/driver.h b/bin/tests/net/driver.h
new file mode 100644
index 0000000..1121efc
--- /dev/null
+++ b/bin/tests/net/driver.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: driver.h,v 1.8 2007/06/19 23:47:00 tbox Exp $ */
+
+/*
+ * PASSED and FAILED mean the particular test passed or failed.
+ *
+ * UNKNOWN means that for one reason or another, the test process itself
+ * failed. For instance, missing files, error when parsing files or
+ * IP addresses, etc. That is, the test itself is broken, not what is
+ * being tested.
+ *
+ * UNTESTED means the test was unable to be run because a prerequisite test
+ * failed, the test is disabled, or the test needs a system component
+ * (for instance, Perl) and cannot run.
+ */
+typedef enum {
+ PASSED = 0,
+ FAILED = 1,
+ UNKNOWN = 2,
+ UNTESTED = 3
+} test_result_t;
+
+typedef test_result_t (*test_func_t)(void);
+
+typedef struct {
+ const char *tag;
+ const char *description;
+ test_func_t func;
+} test_t;
+
+#define TESTDECL(name) test_result_t name(void)
+
diff --git a/bin/tests/net/netaddr_multicast.c b/bin/tests/net/netaddr_multicast.c
new file mode 100644
index 0000000..79f260b
--- /dev/null
+++ b/bin/tests/net/netaddr_multicast.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: netaddr_multicast.c,v 1.12 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/net.h>
+#include <isc/netaddr.h>
+#include <isc/string.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include "driver.h"
+
+TESTDECL(netaddr_multicast);
+
+typedef struct {
+ int family;
+ const char *addr;
+ isc_boolean_t is_multicast;
+} t_addr_t;
+
+static t_addr_t addrs[] = {
+ { AF_INET, "1.2.3.4", ISC_FALSE },
+ { AF_INET, "4.3.2.1", ISC_FALSE },
+ { AF_INET, "224.1.1.1", ISC_TRUE },
+ { AF_INET, "1.1.1.244", ISC_FALSE },
+ { AF_INET6, "::1", ISC_FALSE },
+ { AF_INET6, "ff02::1", ISC_TRUE }
+};
+#define NADDRS (sizeof(addrs) / sizeof(t_addr_t))
+
+static isc_result_t to_netaddr(t_addr_t *, isc_netaddr_t *);
+
+static isc_result_t
+to_netaddr(t_addr_t *addr, isc_netaddr_t *na) {
+ int r;
+ struct in_addr in;
+ struct in6_addr in6;
+
+ switch (addr->family) {
+ case AF_INET:
+ r = inet_pton(AF_INET, addr->addr, (unsigned char *)&in);
+ if (r != 1)
+ return (ISC_R_FAILURE);
+ isc_netaddr_fromin(na, &in);
+ break;
+ case AF_INET6:
+ r = inet_pton(AF_INET6, addr->addr, (unsigned char *)&in6);
+ if (r != 1)
+ return (ISC_R_FAILURE);
+ isc_netaddr_fromin6(na, &in6);
+ break;
+ default:
+ return (ISC_R_UNEXPECTED);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+test_result_t
+netaddr_multicast(void) {
+ isc_netaddr_t na;
+ unsigned int n_fail;
+ t_addr_t *addr;
+ unsigned int i;
+ isc_result_t result;
+ isc_boolean_t tf;
+
+ n_fail = 0;
+ for (i = 0; i < NADDRS; i++) {
+ addr = &addrs[i];
+ result = to_netaddr(addr, &na);
+ if (result != ISC_R_SUCCESS) {
+ printf("I:to_netaddr() returned %s on item %u\n",
+ isc_result_totext(result), i);
+ return (UNKNOWN);
+ }
+ tf = isc_netaddr_ismulticast(&na);
+ if (tf == addr->is_multicast) {
+ printf("I:%s is%s multicast (PASSED)\n",
+ (addr->addr), (tf ? "" : " not"));
+ } else {
+ printf("I:%s is%s multicast (FAILED)\n",
+ (addr->addr), (tf ? "" : " not"));
+ n_fail++;
+ }
+ }
+
+ if (n_fail > 0)
+ return (FAILED);
+
+ return (PASSED);
+}
diff --git a/bin/tests/net/sockaddr_multicast.c b/bin/tests/net/sockaddr_multicast.c
new file mode 100644
index 0000000..cfe04dc
--- /dev/null
+++ b/bin/tests/net/sockaddr_multicast.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sockaddr_multicast.c,v 1.8 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include "driver.h"
+
+TESTDECL(sockaddr_multicast);
+
+test_result_t
+sockaddr_multicast(void) {
+
+ return (PASSED);
+}
diff --git a/bin/tests/net/testsuite.h b/bin/tests/net/testsuite.h
new file mode 100644
index 0000000..68a214c
--- /dev/null
+++ b/bin/tests/net/testsuite.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: testsuite.h,v 1.7 2007/06/19 23:47:00 tbox Exp $ */
+
+#define SUITENAME "net"
+
+TESTDECL(netaddr_multicast);
+TESTDECL(sockaddr_multicast);
+
+static test_t tests[] = {
+ { "isc_netaddr_ismulticast",
+ "Checking to see if multicast addresses are detected properly",
+ netaddr_multicast },
+ { "isc_sockaddr_ismulticast",
+ "Checking to see if multicast addresses are detected properly",
+ sockaddr_multicast },
+
+};
diff --git a/bin/tests/nsec3hash.c b/bin/tests/nsec3hash.c
new file mode 100644
index 0000000..4a4a782
--- /dev/null
+++ b/bin/tests/nsec3hash.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: nsec3hash.c,v 1.4 2008/09/26 01:31:19 marka Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include <isc/base32.h>
+#include <isc/buffer.h>
+#include <isc/hex.h>
+#include <isc/iterated_hash.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/types.h>
+
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/types.h>
+
+const char *program = "nsec3hash";
+
+static void
+fatal(const char *format, ...) {
+ va_list args;
+
+ fprintf(stderr, "%s: ", program);
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ exit(1);
+}
+
+static void
+check_result(isc_result_t result, const char *message) {
+ if (result != ISC_R_SUCCESS)
+ fatal("%s: %s", message, isc_result_totext(result));
+}
+
+static void
+usage() {
+ fatal("salt hash iterations domain");
+}
+
+int
+main(int argc, char **argv) {
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_buffer_t buffer;
+ isc_region_t region;
+ isc_result_t result;
+ unsigned char hash[NSEC3_MAX_HASH_LENGTH];
+ unsigned char salt[255];
+ unsigned char text[1024];
+ unsigned int hash_alg;
+ unsigned int length;
+ unsigned int iterations;
+ unsigned int salt_length;
+
+ if (argc != 5)
+ usage();
+
+ if (strcmp(argv[1], "-") == 0) {
+ salt_length = 0;
+ salt[0] = 0;
+ } else {
+ isc_buffer_init(&buffer, salt, sizeof(salt));
+ result = isc_hex_decodestring(argv[1], &buffer);
+ check_result(result, "isc_hex_decodestring(salt)");
+ salt_length = isc_buffer_usedlength(&buffer);
+ if (salt_length > 255U)
+ fatal("salt too long");
+ }
+ hash_alg = atoi(argv[2]);
+ if (hash_alg > 255U)
+ fatal("hash algorithm too large");
+ iterations = atoi(argv[3]);
+ if (iterations > 0xffffU)
+ fatal("iterations to large");
+
+ dns_fixedname_init(&fixed);
+ name = dns_fixedname_name(&fixed);
+ isc_buffer_init(&buffer, argv[4], strlen(argv[4]));
+ isc_buffer_add(&buffer, strlen(argv[4]));
+ result = dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL);
+ check_result(result, "dns_name_fromtext() failed");
+
+ dns_name_downcase(name, name, NULL);
+ length = isc_iterated_hash(hash, hash_alg, iterations, salt,
+ salt_length, name->ndata, name->length);
+ if (length == 0)
+ fatal("isc_iterated_hash failed");
+ region.base = hash;
+ region.length = length;
+ isc_buffer_init(&buffer, text, sizeof(text));
+ isc_base32hex_totext(&region, 1, "", &buffer);
+ fprintf(stdout, "%.*s (salt=%s, hash=%u, iterations=%u)\n",
+ (int)isc_buffer_usedlength(&buffer), text, argv[1], hash_alg, iterations);
+ return(0);
+}
diff --git a/bin/tests/nsecify.c b/bin/tests/nsecify.c
new file mode 100644
index 0000000..2e055c6
--- /dev/null
+++ b/bin/tests/nsecify.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: nsecify.c,v 1.8 2008/09/25 04:02:38 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/string.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/fixedname.h>
+#include <dns/nsec.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/result.h>
+
+static isc_mem_t *mctx = NULL;
+
+static inline void
+fatal(const char *message) {
+ fprintf(stderr, "%s\n", message);
+ exit(1);
+}
+
+static inline void
+check_result(isc_result_t result, const char *message) {
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "%s: %s\n", message,
+ isc_result_totext(result));
+ exit(1);
+ }
+}
+
+static inline isc_boolean_t
+active_node(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
+ dns_rdatasetiter_t *rdsiter;
+ isc_boolean_t active = ISC_FALSE;
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+
+ dns_rdataset_init(&rdataset);
+ rdsiter = NULL;
+ result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets()");
+ result = dns_rdatasetiter_first(rdsiter);
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ if (rdataset.type != dns_rdatatype_nsec)
+ active = ISC_TRUE;
+ dns_rdataset_disassociate(&rdataset);
+ if (!active)
+ result = dns_rdatasetiter_next(rdsiter);
+ else
+ result = ISC_R_NOMORE;
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("rdataset iteration failed");
+ dns_rdatasetiter_destroy(&rdsiter);
+
+ if (!active) {
+ /*
+ * Make sure there is no NSEC record for this node.
+ */
+ result = dns_db_deleterdataset(db, node, version,
+ dns_rdatatype_nsec, 0);
+ if (result == DNS_R_UNCHANGED)
+ result = ISC_R_SUCCESS;
+ check_result(result, "dns_db_deleterdataset");
+ }
+
+ return (active);
+}
+
+static inline isc_result_t
+next_active(dns_db_t *db, dns_dbversion_t *version, dns_dbiterator_t *dbiter,
+ dns_name_t *name, dns_dbnode_t **nodep)
+{
+ isc_result_t result;
+ isc_boolean_t active;
+
+ do {
+ active = ISC_FALSE;
+ result = dns_dbiterator_current(dbiter, nodep, name);
+ if (result == ISC_R_SUCCESS) {
+ active = active_node(db, version, *nodep);
+ if (!active) {
+ dns_db_detachnode(db, nodep);
+ result = dns_dbiterator_next(dbiter);
+ }
+ }
+ } while (result == ISC_R_SUCCESS && !active);
+
+ return (result);
+}
+
+static void
+nsecify(char *filename) {
+ isc_result_t result;
+ dns_db_t *db;
+ dns_dbversion_t *wversion;
+ dns_dbnode_t *node, *nextnode;
+ char *origintext;
+ dns_fixedname_t fname, fnextname;
+ dns_name_t *name, *nextname, *target;
+ isc_buffer_t b;
+ size_t len;
+ dns_dbiterator_t *dbiter;
+ char newfilename[1024];
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ dns_fixedname_init(&fnextname);
+ nextname = dns_fixedname_name(&fnextname);
+
+ origintext = strrchr(filename, '/');
+ if (origintext == NULL)
+ origintext = filename;
+ else
+ origintext++; /* Skip '/'. */
+ len = strlen(origintext);
+ isc_buffer_init(&b, origintext, len);
+ isc_buffer_add(&b, len);
+ result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
+ check_result(result, "dns_name_fromtext()");
+
+ db = NULL;
+ result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ check_result(result, "dns_db_create()");
+ result = dns_db_load(db, filename);
+ if (result == DNS_R_SEENINCLUDE)
+ result = ISC_R_SUCCESS;
+ check_result(result, "dns_db_load()");
+ wversion = NULL;
+ result = dns_db_newversion(db, &wversion);
+ check_result(result, "dns_db_newversion()");
+ dbiter = NULL;
+ result = dns_db_createiterator(db, 0, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+ result = dns_dbiterator_first(dbiter);
+ node = NULL;
+ result = next_active(db, wversion, dbiter, name, &node);
+ while (result == ISC_R_SUCCESS) {
+ nextnode = NULL;
+ result = dns_dbiterator_next(dbiter);
+ if (result == ISC_R_SUCCESS)
+ result = next_active(db, wversion, dbiter, nextname,
+ &nextnode);
+ if (result == ISC_R_SUCCESS)
+ target = nextname;
+ else if (result == ISC_R_NOMORE)
+ target = dns_db_origin(db);
+ else {
+ target = NULL; /* Make compiler happy. */
+ fatal("db iteration failed");
+ }
+ dns_nsec_build(db, wversion, node, target, 3600); /* XXX BEW */
+ dns_db_detachnode(db, &node);
+ node = nextnode;
+ }
+ if (result != ISC_R_NOMORE)
+ fatal("db iteration failed");
+ dns_dbiterator_destroy(&dbiter);
+ /*
+ * XXXRTH For now, we don't increment the SOA serial.
+ */
+ dns_db_closeversion(db, &wversion, ISC_TRUE);
+ len = strlen(filename);
+ if (len + 4 + 1 > sizeof(newfilename))
+ fatal("filename too long");
+ sprintf(newfilename, "%s.new", filename);
+ result = dns_db_dump(db, NULL, newfilename);
+ check_result(result, "dns_db_dump");
+ dns_db_detach(&db);
+}
+
+int
+main(int argc, char *argv[]) {
+ int i;
+ isc_result_t result;
+
+ dns_result_register();
+
+ result = isc_mem_create(0, 0, &mctx);
+ check_result(result, "isc_mem_create()");
+
+ argc--;
+ argv++;
+
+ for (i = 0; i < argc; i++)
+ nsecify(argv[i]);
+
+ /* isc_mem_stats(mctx, stdout); */
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/printmsg.c b/bin/tests/printmsg.c
new file mode 100644
index 0000000..c500e85
--- /dev/null
+++ b/bin/tests/printmsg.c
@@ -0,0 +1,251 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: printmsg.c,v 1.29 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <isc/buffer.h>
+#include <isc/util.h>
+
+#include <dns/name.h>
+#include <dns/rdataset.h>
+
+#include "printmsg.h"
+
+static const char *opcodetext[] = {
+ "QUERY",
+ "IQUERY",
+ "STATUS",
+ "RESERVED3",
+ "NOTIFY",
+ "UPDATE",
+ "RESERVED6",
+ "RESERVED7",
+ "RESERVED8",
+ "RESERVED9",
+ "RESERVED10",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15"
+};
+
+static const char *rcodetext[] = {
+ "NOERROR",
+ "FORMERR",
+ "SERVFAIL",
+ "NXDOMAIN",
+ "NOTIMP",
+ "REFUSED",
+ "YXDOMAIN",
+ "YXRRSET",
+ "NXRRSET",
+ "NOTAUTH",
+ "NOTZONE",
+ "RESERVED11",
+ "RESERVED12",
+ "RESERVED13",
+ "RESERVED14",
+ "RESERVED15",
+ "BADVERS"
+};
+
+static isc_result_t
+printsection(dns_message_t *msg, dns_section_t sectionid,
+ const char *section_name)
+{
+ dns_name_t *name, *print_name;
+ dns_rdataset_t *rdataset;
+ isc_buffer_t target;
+ isc_result_t result;
+ isc_region_t r;
+ dns_name_t empty_name;
+ char t[65536];
+ isc_boolean_t first;
+ isc_boolean_t no_rdata;
+
+ if (sectionid == DNS_SECTION_QUESTION)
+ no_rdata = ISC_TRUE;
+ else
+ no_rdata = ISC_FALSE;
+
+ printf(";; %s SECTION:\n", section_name);
+
+ dns_name_init(&empty_name, NULL);
+
+ result = dns_message_firstname(msg, sectionid);
+ if (result == ISC_R_NOMORE)
+ return (ISC_R_SUCCESS);
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+
+ for (;;) {
+ name = NULL;
+ dns_message_currentname(msg, sectionid, &name);
+
+ isc_buffer_init(&target, t, sizeof(t));
+ first = ISC_TRUE;
+ print_name = name;
+
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ result = dns_rdataset_totext(rdataset,
+ print_name,
+ ISC_FALSE,
+ no_rdata,
+ &target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+#ifdef USEINITALWS
+ if (first) {
+ print_name = &empty_name;
+ first = ISC_FALSE;
+ }
+#endif
+ }
+ isc_buffer_usedregion(&target, &r);
+ printf("%.*s", (int)r.length, (char *)r.base);
+
+ result = dns_message_nextname(msg, sectionid);
+ if (result == ISC_R_NOMORE)
+ break;
+ else if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
+ const char *set_name)
+{
+ isc_buffer_t target;
+ isc_result_t result;
+ isc_region_t r;
+ char t[65536];
+
+ UNUSED(msg);
+ printf(";; %s SECTION:\n", set_name);
+
+ isc_buffer_init(&target, t, sizeof(t));
+
+ result = dns_rdataset_totext(rdataset, owner, ISC_FALSE, ISC_FALSE,
+ &target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ isc_buffer_usedregion(&target, &r);
+ printf("%.*s", (int)r.length, (char *)r.base);
+
+ return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+printmessage(dns_message_t *msg) {
+ isc_boolean_t did_flag = ISC_FALSE;
+ isc_result_t result;
+ dns_rdataset_t *opt, *tsig;
+ dns_name_t *tsigname;
+
+ result = ISC_R_SUCCESS;
+
+ printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
+ opcodetext[msg->opcode], rcodetext[msg->rcode], msg->id);
+
+ printf(";; flags: ");
+ if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
+ printf("qr");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) {
+ printf("%saa", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) {
+ printf("%stc", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) {
+ printf("%srd", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) {
+ printf("%sra", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) {
+ printf("%sad", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
+ printf("%scd", did_flag ? " " : "");
+ did_flag = ISC_TRUE;
+ }
+ printf("; QUERY: %u, ANSWER: %u, AUTHORITY: %u, ADDITIONAL: %u\n",
+ msg->counts[DNS_SECTION_QUESTION],
+ msg->counts[DNS_SECTION_ANSWER],
+ msg->counts[DNS_SECTION_AUTHORITY],
+ msg->counts[DNS_SECTION_ADDITIONAL]);
+ opt = dns_message_getopt(msg);
+ if (opt != NULL)
+ printf(";; EDNS: version: %u, udp=%u\n",
+ (unsigned int)((opt->ttl & 0x00ff0000) >> 16),
+ (unsigned int)opt->rdclass);
+
+ tsigname = NULL;
+ tsig = dns_message_gettsig(msg, &tsigname);
+ if (tsig != NULL)
+ printf(";; PSEUDOSECTIONS: TSIG\n");
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION])) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY])) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL])) {
+ printf("\n");
+ result = printsection(msg, DNS_SECTION_ADDITIONAL,
+ "ADDITIONAL");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ if (tsig != NULL) {
+ printf("\n");
+ result = printrdata(msg, tsig, tsigname,
+ "PSEUDOSECTION TSIG");
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
+ printf("\n");
+
+ return (result);
+}
diff --git a/bin/tests/printmsg.h b/bin/tests/printmsg.h
new file mode 100644
index 0000000..c918561
--- /dev/null
+++ b/bin/tests/printmsg.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: printmsg.h,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef TEST_PRINTMSG_H
+#define TEST_PRINTMSG_H
+
+#include <dns/message.h>
+
+isc_result_t printmessage(dns_message_t *message);
+
+#endif /* TEST_PRINTMSG_H */
diff --git a/bin/tests/ratelimiter_test.c b/bin/tests/ratelimiter_test.c
new file mode 100644
index 0000000..9fd4a13
--- /dev/null
+++ b/bin/tests/ratelimiter_test.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ratelimiter_test.c,v 1.18 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <isc/app.h>
+#include <isc/mem.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/ratelimiter.h>
+#include <isc/util.h>
+
+isc_ratelimiter_t *rlim = NULL;
+isc_taskmgr_t *taskmgr = NULL;
+isc_timermgr_t *timermgr = NULL;
+isc_task_t *g_task = NULL;
+isc_mem_t *mctx = NULL;
+
+static void utick(isc_task_t *task, isc_event_t *event);
+static void shutdown_rl(isc_task_t *task, isc_event_t *event);
+static void shutdown_all(isc_task_t *task, isc_event_t *event);
+
+typedef struct {
+ int milliseconds;
+ void (*fun)(isc_task_t *, isc_event_t *);
+} schedule_t;
+
+schedule_t schedule[] = {
+ { 100, utick },
+ { 200, utick },
+ { 300, utick },
+ { 3000, utick },
+ { 3100, utick },
+ { 3200, utick },
+ { 3300, shutdown_rl },
+ { 5000, utick },
+ { 6000, shutdown_all }
+};
+
+#define NEVENTS (int)(sizeof(schedule)/sizeof(schedule[0]))
+
+isc_timer_t *timers[NEVENTS];
+
+static void
+ltick(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+ printf("** ltick%s **\n",
+ (event->ev_attributes & ISC_EVENTATTR_CANCELED) != 0 ?
+ " (canceled)" : "");
+ isc_event_free(&event);
+}
+
+static void
+utick(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ UNUSED(task);
+ event->ev_action = ltick;
+ event->ev_sender = NULL;
+ result = isc_ratelimiter_enqueue(rlim, g_task, &event);
+ printf("enqueue: %s\n",
+ result == ISC_R_SUCCESS ? "ok" : "failed");
+}
+
+static void
+shutdown_rl(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+ UNUSED(event);
+ printf("shutdown ratelimiter\n");
+ isc_ratelimiter_shutdown(rlim);
+}
+
+static void
+shutdown_all(isc_task_t *task, isc_event_t *event) {
+ int i;
+ UNUSED(task);
+ UNUSED(event);
+ printf("shutdown all\n");
+ for (i = 0; i < NEVENTS; i++) {
+ isc_timer_detach(&timers[i]);
+ }
+
+ isc_app_shutdown();
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_interval_t linterval;
+ int i;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ isc_app_start();
+ isc_interval_set(&linterval, 1, 0);
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, 3, 0, &taskmgr) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_create(taskmgr, 0, &g_task) ==
+ ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_ratelimiter_create(mctx, timermgr, g_task,
+ &rlim) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_ratelimiter_setinterval(rlim, &linterval) ==
+ ISC_R_SUCCESS);
+
+ for (i = 0; i < NEVENTS; i++) {
+ isc_interval_t uinterval;
+ int ms = schedule[i].milliseconds;
+ isc_interval_set(&uinterval, ms / 1000,
+ (ms % 1000) * 1000000);
+ timers[i] = NULL;
+ RUNTIME_CHECK(isc_timer_create(timermgr,
+ isc_timertype_once, NULL,
+ &uinterval,
+ g_task, schedule[i].fun, NULL,
+ &timers[i]) == ISC_R_SUCCESS);
+ }
+
+ isc_app_run();
+
+ isc_task_destroy(&g_task);
+
+ isc_ratelimiter_detach(&rlim);
+
+ isc_timermgr_destroy(&timermgr);
+ isc_taskmgr_destroy(&taskmgr);
+
+ isc_mem_stats(mctx, stdout);
+
+ isc_app_finish();
+ return (0);
+}
diff --git a/bin/tests/rbt/Makefile.in b/bin/tests/rbt/Makefile.in
new file mode 100644
index 0000000..d551297
--- /dev/null
+++ b/bin/tests/rbt/Makefile.in
@@ -0,0 +1,58 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.28 2007/06/19 23:47:00 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+# Note that we do not want to use libtool for libt_api
+DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TLIB = ../../../lib/tests/libt_api.@A@
+
+TARGETS = t_rbt@EXEEXT@
+
+SRCS = t_rbt.c
+
+@BIND9_MAKE_RULES@
+
+t_rbt@EXEEXT@: t_rbt.@O@ ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_rbt.@O@ ${TLIB} ${LIBS}
+
+test: t_rbt@EXEEXT@
+ -@./t_rbt@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -a
+
+testhelp:
+ @./t_rbt@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/rbt/dns_rbt.data b/bin/tests/rbt/dns_rbt.data
new file mode 100644
index 0000000..e58eb45
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt.data
@@ -0,0 +1,14 @@
+a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+a.b.c.d.e.f.vix.com
+a.d.e.f.vix.com
+a.vix.com
+b.b.c.d.e.f.vix.com
+b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+b.vix.com
+c.b.c.d.e.f.vix.com
+c.vix.com
+d.e.f.vix.com
+g.h.vix.com
+q.d.e.f.vix.com
+x.a.vix.com
+y.x.a.vix.com
diff --git a/bin/tests/rbt/dns_rbt_addname_1_data b/bin/tests/rbt/dns_rbt_addname_1_data
new file mode 100644
index 0000000..89dca40
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_addname_1_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_addname assertion 1
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data add new.name ISC_R_SUCCESS
diff --git a/bin/tests/rbt/dns_rbt_addname_2_data b/bin/tests/rbt/dns_rbt_addname_2_data
new file mode 100644
index 0000000..762bd8b
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_addname_2_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_addname assertion 2
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data add a.vix.com ISC_R_EXISTS
diff --git a/bin/tests/rbt/dns_rbt_bitstring.data b/bin/tests/rbt/dns_rbt_bitstring.data
new file mode 100644
index 0000000..2b34cc6
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_bitstring.data
@@ -0,0 +1,10 @@
+a.vix.com
+b.vix.com
+c.vix.com
+a.a.vix.com
+a.a.a.vix.com
+a.a.a.a.vix.com
+a.a.a.a.a.vix.com
+a.a.a.a.a.a.vix.com
+a.a.a.a.a.a.a.vix.com
+a.a.a.a.a.a.a.a.vix.com
diff --git a/bin/tests/rbt/dns_rbt_create_1_data b/bin/tests/rbt/dns_rbt_create_1_data
new file mode 100644
index 0000000..72f8dc4
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_create_1_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_rbt_create assertion 1
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data create not.used ISC_R_SUCCESS
+dns_rbt_bitstring.data create not.used ISC_R_SUCCESS
diff --git a/bin/tests/rbt/dns_rbt_deletename_1_data b/bin/tests/rbt/dns_rbt_deletename_1_data
new file mode 100644
index 0000000..2e00e50
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_deletename_1_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_delete assertion 1
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data delete a.vix.com ISC_R_SUCCESS
diff --git a/bin/tests/rbt/dns_rbt_deletename_2_data b/bin/tests/rbt/dns_rbt_deletename_2_data
new file mode 100644
index 0000000..0b1fdb7
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_deletename_2_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_delete assertion 2
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data delete new.name ISC_R_NOTFOUND
diff --git a/bin/tests/rbt/dns_rbt_findname_1_data b/bin/tests/rbt/dns_rbt_findname_1_data
new file mode 100644
index 0000000..2a3728d
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_findname_1_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_findname assertion 1
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data search a.vix.com ISC_R_SUCCESS
diff --git a/bin/tests/rbt/dns_rbt_findname_2_data b/bin/tests/rbt/dns_rbt_findname_2_data
new file mode 100644
index 0000000..eb3d467
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_findname_2_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_findname assertion 2
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data search not.used.here ISC_R_NOTFOUND
diff --git a/bin/tests/rbt/dns_rbt_findname_3_data b/bin/tests/rbt/dns_rbt_findname_3_data
new file mode 100644
index 0000000..4ea2db3
--- /dev/null
+++ b/bin/tests/rbt/dns_rbt_findname_3_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbt_findname assertion 3
+#
+# format is: <dbfile> <command> <testname> <exp_result>
+#
+dns_rbt.data search a.b.vix.com DNS_R_PARTIALMATCH
diff --git a/bin/tests/rbt/dns_rbtnodechain_first_1.data b/bin/tests/rbt/dns_rbtnodechain_first_1.data
new file mode 100644
index 0000000..85bd8c2
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_first_1.data
@@ -0,0 +1,13 @@
+b.com
+a.vix.com
+b.vix.com
+c.vix.com
+a.a.vix.com
+b.a.vix.com
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+iengines.net
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_first_2.data b/bin/tests/rbt/dns_rbtnodechain_first_2.data
new file mode 100644
index 0000000..268376b
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_first_2.data
@@ -0,0 +1,9 @@
+a.a.vix.com
+b.a.vix.com
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+iengines.net
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_first_data b/bin/tests/rbt/dns_rbtnodechain_first_data
new file mode 100644
index 0000000..057a1d6
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_first_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_rbtnodechain_first
+#
+# format is: <dbfile> <firstname> <firstorigin> <nextname> <nextorigin>
+#
+dns_rbtnodechain_first_1.data @ . com .
+dns_rbtnodechain_first_2.data @ . vix.com .
diff --git a/bin/tests/rbt/dns_rbtnodechain_init.data b/bin/tests/rbt/dns_rbtnodechain_init.data
new file mode 100644
index 0000000..1e0bfc9
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_init.data
@@ -0,0 +1,13 @@
+vix.com
+a.vix.com
+b.vix.com
+c.vix.com
+a.a.vix.com
+b.a.vix.com
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+iengines.net
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_init_data b/bin/tests/rbt/dns_rbtnodechain_init_data
new file mode 100644
index 0000000..f1a6aa4
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_init_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbtnodechain_init
+#
+# format is: <dbfile> <findnode> <next> <nextorigin> <prev> <prevorigin> <first> <firstorigin> <last> <lastorigin>
+#
+dns_rbtnodechain_init.data b.vix.com. a b.vix.com. b a.vix.com. @ . isc.org .
diff --git a/bin/tests/rbt/dns_rbtnodechain_last_1.data b/bin/tests/rbt/dns_rbtnodechain_last_1.data
new file mode 100644
index 0000000..1e0bfc9
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_last_1.data
@@ -0,0 +1,13 @@
+vix.com
+a.vix.com
+b.vix.com
+c.vix.com
+a.a.vix.com
+b.a.vix.com
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+iengines.net
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_last_2.data b/bin/tests/rbt/dns_rbtnodechain_last_2.data
new file mode 100644
index 0000000..4d0c76d
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_last_2.data
@@ -0,0 +1,7 @@
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+vayu.com
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_last_data b/bin/tests/rbt/dns_rbtnodechain_last_data
new file mode 100644
index 0000000..bf06a21
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_last_data
@@ -0,0 +1,7 @@
+#
+# test data for dns_rbtnodechain_last
+#
+# format is: <dbfile> <last> <lastorigin> <prev> <prevorigin>
+#
+dns_rbtnodechain_last_1.data isc.org . iengines.net .
+dns_rbtnodechain_last_2.data isc.org . b c.vix.com.
diff --git a/bin/tests/rbt/dns_rbtnodechain_next.data b/bin/tests/rbt/dns_rbtnodechain_next.data
new file mode 100644
index 0000000..1e0bfc9
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_next.data
@@ -0,0 +1,13 @@
+vix.com
+a.vix.com
+b.vix.com
+c.vix.com
+a.a.vix.com
+b.a.vix.com
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+iengines.net
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_next_data b/bin/tests/rbt/dns_rbtnodechain_next_data
new file mode 100644
index 0000000..a69ab37
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_next_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbtnodechain_next
+#
+# format is: <dbfile> <startname> <expected_name> <expected_origin>
+#
+dns_rbtnodechain_next.data c.vix.com. a c.vix.com.
diff --git a/bin/tests/rbt/dns_rbtnodechain_prev.data b/bin/tests/rbt/dns_rbtnodechain_prev.data
new file mode 100644
index 0000000..1e0bfc9
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_prev.data
@@ -0,0 +1,13 @@
+vix.com
+a.vix.com
+b.vix.com
+c.vix.com
+a.a.vix.com
+b.a.vix.com
+a.b.vix.com
+b.b.vix.com
+a.c.vix.com
+b.c.vix.com
+iengines.net
+isc.org
+
diff --git a/bin/tests/rbt/dns_rbtnodechain_prev_data b/bin/tests/rbt/dns_rbtnodechain_prev_data
new file mode 100644
index 0000000..4c8450d
--- /dev/null
+++ b/bin/tests/rbt/dns_rbtnodechain_prev_data
@@ -0,0 +1,6 @@
+#
+# test data for dns_rbtnodechain_prev
+#
+# format is: <dbfile> <startname> <expected_name> <expected_origin>
+#
+dns_rbtnodechain_prev.data a.b.vix.com. b vix.com.
diff --git a/bin/tests/rbt/t_rbt.c b/bin/tests/rbt/t_rbt.c
new file mode 100644
index 0000000..171e633
--- /dev/null
+++ b/bin/tests/rbt/t_rbt.c
@@ -0,0 +1,1857 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_rbt.c,v 1.30 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <stdlib.h>
+
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+#include <isc/hash.h>
+#include <isc/string.h>
+
+#include <dns/fixedname.h>
+#include <dns/rbt.h>
+#include <dns/result.h>
+
+#include <tests/t_api.h>
+
+#define BUFLEN 1024
+#define DNSNAMELEN 255
+
+char *progname;
+char *Tokens[T_MAXTOKS];
+
+static int
+t_dns_rbtnodechain_init(char *dbfile, char *findname,
+ char *firstname, char *firstorigin,
+ char *nextname, char *nextorigin,
+ char *prevname, char *prevorigin,
+ char *lastname, char *lastorigin);
+static char *
+fixedname_totext(dns_fixedname_t *name);
+
+static int
+fixedname_cmp(dns_fixedname_t *dns_name, char *txtname);
+
+static char *
+dnsname_totext(dns_name_t *name);
+
+static int
+t_namechk(isc_result_t dns_result, dns_fixedname_t *dns_name, char *exp_name,
+ dns_fixedname_t *dns_origin, char *exp_origin,
+ isc_result_t exp_result);
+
+/*
+ * Parts adapted from the original rbt_test.c.
+ */
+static int
+fixedname_cmp(dns_fixedname_t *dns_name, char *txtname) {
+ char *name;
+
+ name = dnsname_totext(dns_fixedname_name(dns_name));
+ if (strcmp(txtname, "NULL") == 0) {
+ if ((name == NULL) || (*name == '\0'))
+ return(0);
+ return(1);
+ } else {
+ return(strcmp(name, txtname));
+ }
+}
+
+static char *
+dnsname_totext(dns_name_t *name) {
+ static char buf[BUFLEN];
+ isc_buffer_t target;
+
+ isc_buffer_init(&target, buf, BUFLEN);
+ dns_name_totext(name, ISC_FALSE, &target);
+ *((char *)(target.base) + target.used) = '\0';
+ return(target.base);
+}
+
+static char *
+fixedname_totext(dns_fixedname_t *name) {
+ static char buf[BUFLEN];
+ isc_buffer_t target;
+
+ memset(buf, 0, BUFLEN);
+ isc_buffer_init(&target, buf, BUFLEN);
+ dns_name_totext(dns_fixedname_name(name), ISC_FALSE, &target);
+ *((char *)(target.base) + target.used) = '\0';
+ return(target.base);
+}
+
+#ifdef NEED_PRINT_DATA
+
+static isc_result_t
+print_data(void *data) {
+ isc_result_t dns_result;
+ isc_buffer_t target;
+ char *buffer[DNSNAMELEN];
+
+ isc_buffer_init(&target, buffer, sizeof(buffer));
+
+ dns_result = dns_name_totext(data, ISC_FALSE, &target);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_totext failed %s\n",
+ dns_result_totext(dns_result));
+ }
+ return(dns_result);
+}
+
+#endif /* NEED_PRINT_DATA */
+
+static int
+create_name(char *s, isc_mem_t *mctx, dns_name_t **dns_name) {
+ int nfails;
+ int length;
+ isc_result_t result;
+ isc_buffer_t source;
+ isc_buffer_t target;
+ dns_name_t *name;
+
+ nfails = 0;
+
+ if (s && *s) {
+
+ length = strlen(s);
+
+ isc_buffer_init(&source, s, length);
+ isc_buffer_add(&source, length);
+
+ /*
+ * The buffer for the actual name will immediately follow the
+ * name structure.
+ */
+ name = isc_mem_get(mctx, sizeof(*name) + DNSNAMELEN);
+ if (name == NULL) {
+ t_info("isc_mem_get failed\n");
+ ++nfails;
+ } else {
+
+ dns_name_init(name, NULL);
+ isc_buffer_init(&target, name + 1, DNSNAMELEN);
+
+ result = dns_name_fromtext(name, &source, dns_rootname,
+ ISC_FALSE, &target);
+
+ if (result != ISC_R_SUCCESS) {
+ ++nfails;
+ t_info("dns_name_fromtext(%s) failed %s\n",
+ s, dns_result_totext(result));
+ isc_mem_put(mctx, name,
+ sizeof(*name) + DNSNAMELEN);
+ } else
+ *dns_name = name;
+ }
+ } else {
+ ++nfails;
+ t_info("create_name: empty name\n");
+ }
+
+ return(nfails);
+}
+
+static void
+delete_name(void *data, void *arg) {
+ isc_mem_put((isc_mem_t *)arg, data, sizeof(dns_name_t) + DNSNAMELEN);
+}
+
+
+/*
+ * Adapted from the original rbt_test.c.
+ */
+static int
+t1_add(char *name, dns_rbt_t *rbt, isc_mem_t *mctx, isc_result_t *dns_result) {
+ int nprobs;
+ dns_name_t *dns_name;
+
+ nprobs = 0;
+ if (name && dns_result) {
+ if (create_name(name, mctx, &dns_name) == 0) {
+ if (T_debug)
+ t_info("dns_rbt_addname succeeded\n");
+ *dns_result = dns_rbt_addname(rbt, dns_name, dns_name);
+ if (*dns_result != ISC_R_SUCCESS) {
+ delete_name(dns_name, mctx);
+ t_info("dns_rbt_addname failed %s\n",
+ dns_result_totext(*dns_result));
+ ++nprobs;
+ }
+ } else {
+ ++nprobs;
+ }
+ } else {
+ ++nprobs;
+ }
+ return(nprobs);
+}
+
+static int
+t1_delete(char *name, dns_rbt_t *rbt, isc_mem_t *mctx,
+ isc_result_t *dns_result)
+{
+ int nprobs;
+ dns_name_t *dns_name;
+
+ nprobs = 0;
+ if (name && dns_result) {
+ if (create_name(name, mctx, &dns_name) == 0) {
+ *dns_result = dns_rbt_deletename(rbt, dns_name,
+ ISC_FALSE);
+ delete_name(dns_name, mctx);
+ } else {
+ ++nprobs;
+ }
+ } else {
+ ++nprobs;
+ }
+ return(nprobs);
+}
+
+static int
+t1_search(char *name, dns_rbt_t *rbt, isc_mem_t *mctx,
+ isc_result_t *dns_result)
+{
+ int nprobs;
+ dns_name_t *dns_searchname;
+ dns_name_t *dns_foundname;
+ dns_fixedname_t dns_fixedname;
+ void *data;
+
+ nprobs = 0;
+ if (name && dns_result) {
+ if (create_name(name, mctx, &dns_searchname) == 0) {
+ dns_fixedname_init(&dns_fixedname);
+ dns_foundname = dns_fixedname_name(&dns_fixedname);
+ data = NULL;
+ *dns_result = dns_rbt_findname(rbt, dns_searchname, 0,
+ dns_foundname, &data);
+ delete_name(dns_searchname, mctx);
+ } else {
+ ++nprobs;
+ }
+ } else {
+ ++nprobs;
+ }
+ return(nprobs);
+}
+
+/*
+ * Initialize a database from filename.
+ */
+static int
+rbt_init(char *filename, dns_rbt_t **rbt, isc_mem_t *mctx) {
+ int rval;
+ isc_result_t dns_result;
+ char *p;
+ FILE *fp;
+
+ fp = fopen(filename, "r");
+ if (fp == NULL) {
+ t_info("No such file %s\n", filename);
+ return(1);
+ }
+
+ dns_result = dns_rbt_create(mctx, delete_name, mctx, rbt);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rbt_create failed %s\n",
+ dns_result_totext(dns_result));
+ fclose(fp);
+ return(1);
+ }
+
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ /*
+ * Skip any comment lines.
+ */
+ if ((*p == '#') || (*p == '\0') || (*p == ' ')) {
+ (void)free(p);
+ continue;
+ }
+
+ if (T_debug)
+ t_info("adding name %s to the rbt\n", p);
+
+ rval = t1_add(p, *rbt, mctx, &dns_result);
+ if ((rval != 0) || (dns_result != ISC_R_SUCCESS)) {
+ t_info("add of %s failed\n", p);
+ dns_rbt_destroy(rbt);
+ fclose(fp);
+ return(1);
+ }
+ (void) free(p);
+ }
+ fclose(fp);
+ return(0);
+}
+
+static int
+test_rbt_gen(char *filename, char *command, char *testname,
+ isc_result_t exp_result)
+{
+ int rval;
+ int result;
+ dns_rbt_t *rbt;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ dns_name_t *dns_name;
+
+ result = T_UNRESOLVED;
+
+ if (strcmp(command, "create") != 0)
+ t_info("testing using name %s\n", testname);
+
+ mctx = NULL;
+ ectx = NULL;
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ rbt = NULL;
+ if (rbt_init(filename, &rbt, mctx) != 0) {
+ if (strcmp(command, "create") == 0)
+ result = T_FAIL;
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+ }
+
+ /*
+ * Now try the database command.
+ */
+ if (strcmp(command, "create") == 0) {
+ result = T_PASS;
+ } else if (strcmp(command, "add") == 0) {
+ if (create_name(testname, mctx, &dns_name) == 0) {
+ dns_result = dns_rbt_addname(rbt, dns_name, dns_name);
+
+ if (dns_result != ISC_R_SUCCESS)
+ delete_name(dns_name, mctx);
+
+ if (dns_result == exp_result) {
+ if (dns_result == ISC_R_SUCCESS) {
+ rval = t1_search(testname, rbt, mctx,
+ &dns_result);
+ if (rval == 0) {
+ if (dns_result == ISC_R_SUCCESS) {
+ result = T_PASS;
+ } else {
+ result = T_FAIL;
+ }
+ } else {
+ t_info("t1_search failed\n");
+ result = T_UNRESOLVED;
+ }
+ } else {
+ result = T_PASS;
+ }
+ } else {
+ t_info("dns_rbt_addname returned %s, "
+ "expected %s\n",
+ dns_result_totext(dns_result),
+ dns_result_totext(exp_result));
+ result = T_FAIL;
+ }
+ } else {
+ t_info("create_name failed %s\n",
+ dns_result_totext(dns_result));
+ result = T_UNRESOLVED;
+ }
+ } else if ((strcmp(command, "delete") == 0) ||
+ (strcmp(command, "nuke") == 0)) {
+ rval = t1_delete(testname, rbt, mctx, &dns_result);
+ if (rval == 0) {
+ if (dns_result == exp_result) {
+ rval = t1_search(testname, rbt, mctx,
+ &dns_result);
+ if (rval == 0) {
+ if (dns_result == ISC_R_SUCCESS) {
+ t_info("dns_rbt_deletename "
+ "didn't delete "
+ "the name");
+ result = T_FAIL;
+ } else {
+ result = T_PASS;
+ }
+ }
+ } else {
+ t_info("delete returned %s, expected %s\n",
+ dns_result_totext(dns_result),
+ dns_result_totext(exp_result));
+ result = T_FAIL;
+ }
+ }
+ } else if (strcmp(command, "search") == 0) {
+ rval = t1_search(testname, rbt, mctx, &dns_result);
+ if (rval == 0) {
+ if (dns_result == exp_result) {
+ result = T_PASS;
+ } else {
+ t_info("find returned %s, expected %s\n",
+ dns_result_totext(dns_result),
+ dns_result_totext(exp_result));
+ result = T_FAIL;
+ }
+ }
+ }
+
+ dns_rbt_destroy(&rbt);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+}
+
+static int
+test_dns_rbt_x(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ /*
+ * Name of db file, command, testname,
+ * expected result.
+ */
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 4) {
+ result = test_rbt_gen(Tokens[0], Tokens[1],
+ Tokens[2],
+ t_dns_result_fromtext(Tokens[3]));
+ if (result != T_PASS)
+ ++nfails;
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+
+static const char *a1 = "dns_rbt_create creates a rbt and returns "
+ "ISC_R_SUCCESS on success";
+
+static void
+t1() {
+ int result;
+
+ t_assert("dns_rbt_create", 1, T_REQUIRED, a1);
+ result = test_dns_rbt_x("dns_rbt_create_1_data");
+ t_result(result);
+}
+
+static const char *a2 = "dns_rbt_addname adds a name to a database and "
+ "returns ISC_R_SUCCESS on success";
+
+static void
+t2() {
+ int result;
+
+ t_assert("dns_rbt_addname", 2, T_REQUIRED, a2);
+ result = test_dns_rbt_x("dns_rbt_addname_1_data");
+ t_result(result);
+}
+
+static const char *a3 = "when name already exists, dns_rbt_addname() "
+ "returns ISC_R_EXISTS";
+
+static void
+t3() {
+ int result;
+
+ t_assert("dns_rbt_addname", 3, T_REQUIRED, a3);
+ result = test_dns_rbt_x("dns_rbt_addname_2_data");
+ t_result(result);
+}
+
+static const char *a4 = "when name exists, dns_rbt_deletename() returns "
+ "ISC_R_SUCCESS";
+
+static void
+t4() {
+ int result;
+
+ t_assert("dns_rbt_deletename", 4, T_REQUIRED, a4);
+ result = test_dns_rbt_x("dns_rbt_deletename_1_data");
+ t_result(result);
+}
+
+static const char *a5 = "when name does not exist, dns_rbt_deletename() "
+ "returns ISC_R_NOTFOUND";
+static void
+t5() {
+ int result;
+
+ t_assert("dns_rbt_deletename", 5, T_REQUIRED, a5);
+ result = test_dns_rbt_x("dns_rbt_deletename_2_data");
+ t_result(result);
+}
+
+static const char *a6 = "when name exists and exactly matches the "
+ "search name dns_rbt_findname() returns ISC_R_SUCCESS";
+
+static void
+t6() {
+ int result;
+
+ t_assert("dns_rbt_findname", 6, T_REQUIRED, a6);
+ result = test_dns_rbt_x("dns_rbt_findname_1_data");
+ t_result(result);
+}
+
+static const char *a7 = "when a name does not exist, "
+ "dns_rbt_findname returns ISC_R_NOTFOUND";
+
+static void
+t7() {
+ int result;
+
+ t_assert("dns_rbt_findname", 7, T_REQUIRED, a7);
+ result = test_dns_rbt_x("dns_rbt_findname_2_data");
+ t_result(result);
+}
+
+static const char *a8 = "when a superdomain is found with data matching name, "
+ "dns_rbt_findname returns DNS_R_PARTIALMATCH";
+
+static void
+t8() {
+ int result;
+
+ t_assert("dns_rbt_findname", 8, T_REQUIRED, a8);
+ result = test_dns_rbt_x("dns_rbt_findname_3_data");
+ t_result(result);
+}
+
+
+static const char *a9 = "a call to dns_rbtnodechain_init(chain, mctx) "
+ "initializes chain";
+
+static int
+t9_walkchain(dns_rbtnodechain_t *chain, dns_rbt_t *rbt) {
+ int cnt;
+ int order;
+ unsigned int nlabels;
+ int nprobs;
+ isc_result_t dns_result;
+
+ dns_fixedname_t name;
+ dns_fixedname_t origin;
+ dns_fixedname_t fullname1;
+ dns_fixedname_t fullname2;
+
+ cnt = 0;
+ nprobs = 0;
+
+ do {
+
+ if (cnt == 0) {
+ dns_fixedname_init(&name);
+ dns_fixedname_init(&origin);
+ dns_result = dns_rbtnodechain_first(chain, rbt,
+ dns_fixedname_name(&name),
+ dns_fixedname_name(&origin));
+ if (dns_result != DNS_R_NEWORIGIN) {
+ t_info("dns_rbtnodechain_first returned %s, "
+ "expecting DNS_R_NEWORIGIN\n",
+ dns_result_totext(dns_result));
+ ++nprobs;
+ break;
+ }
+ t_info("first name:\t<%s>\n", fixedname_totext(&name));
+ t_info("first origin:\t<%s>\n",
+ fixedname_totext(&origin));
+ } else {
+ dns_fixedname_init(&fullname1);
+ dns_result = dns_name_concatenate(
+ dns_fixedname_name(&name),
+ dns_name_isabsolute(dns_fixedname_name(&name)) ?
+ NULL : dns_fixedname_name(&origin),
+ dns_fixedname_name(&fullname1), NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_concatenate failed %s\n",
+ dns_result_totext(dns_result));
+ ++nprobs;
+ break;
+ }
+
+ /*
+ * Expecting origin not to get touched if next
+ * doesn't return NEWORIGIN.
+ */
+ dns_fixedname_init(&name);
+ dns_result = dns_rbtnodechain_next(chain,
+ dns_fixedname_name(&name),
+ dns_fixedname_name(&origin));
+ if ((dns_result != ISC_R_SUCCESS) &&
+ (dns_result != DNS_R_NEWORIGIN)) {
+ if (dns_result != ISC_R_NOMORE) {
+ t_info("dns_rbtnodechain_next "
+ "failed %s\n",
+ dns_result_totext(dns_result));
+ ++nprobs;
+ }
+ break;
+ }
+
+ t_info("next name:\t<%s>\n", fixedname_totext(&name));
+ t_info("next origin:\t<%s>\n",
+ fixedname_totext(&origin));
+
+ dns_fixedname_init(&fullname2);
+ dns_result = dns_name_concatenate(
+ dns_fixedname_name(&name),
+ dns_name_isabsolute(dns_fixedname_name(&name)) ?
+ NULL : dns_fixedname_name(&origin),
+ dns_fixedname_name(&fullname2), NULL);
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_concatenate failed %s\n",
+ dns_result_totext(dns_result));
+ ++nprobs;
+ break;
+ }
+
+ t_info("comparing\t<%s>\n",
+ fixedname_totext(&fullname1));
+ t_info("\twith\t<%s>\n", fixedname_totext(&fullname2));
+
+ (void)dns_name_fullcompare(
+ dns_fixedname_name(&fullname1),
+ dns_fixedname_name(&fullname2),
+ &order, &nlabels);
+
+ if (order >= 0) {
+ t_info("unexpected order %s %s %s\n",
+ dnsname_totext(dns_fixedname_name(&fullname1)),
+ order == -1 ? "<" : (order == 0 ? "==" : ">"),
+ dnsname_totext(dns_fixedname_name(&fullname2)));
+ ++nprobs;
+ }
+ }
+
+ ++cnt;
+ } while (1);
+
+ return (nprobs);
+}
+
+/*
+ * Test by exercising the first|last|next|prev funcs in useful ways.
+ */
+
+static int
+t_namechk(isc_result_t dns_result, dns_fixedname_t *dns_name, char *exp_name,
+ dns_fixedname_t *dns_origin, char *exp_origin,
+ isc_result_t exp_result)
+{
+ int nfails;
+
+ nfails = 0;
+
+ if (fixedname_cmp(dns_name, exp_name)) {
+ t_info("\texpected name of %s, got %s\n",
+ exp_name, fixedname_totext(dns_name));
+ ++nfails;
+ }
+ if (exp_origin != NULL) {
+ t_info("checking for DNS_R_NEWORIGIN\n");
+ if (dns_result == exp_result) {
+ if (fixedname_cmp(dns_origin, exp_origin)) {
+ t_info("\torigin %s, expected %s\n",
+ fixedname_totext(dns_origin),
+ exp_origin);
+ ++nfails;
+ }
+ } else {
+ t_info("\tgot %s\n", dns_result_totext(dns_result));
+ ++nfails;
+ }
+ }
+ return(nfails);
+}
+
+static int
+t_dns_rbtnodechain_init(char *dbfile, char *findname,
+ char *nextname, char *nextorigin,
+ char *prevname, char *prevorigin,
+ char *firstname, char *firstorigin,
+ char *lastname, char *lastorigin)
+{
+ int result;
+ int len;
+ int nfails;
+ dns_rbt_t *rbt;
+ dns_rbtnode_t *node;
+ dns_rbtnodechain_t chain;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ dns_fixedname_t dns_findname;
+ dns_fixedname_t dns_foundname;
+ dns_fixedname_t dns_firstname;
+ dns_fixedname_t dns_lastname;
+ dns_fixedname_t dns_prevname;
+ dns_fixedname_t dns_nextname;
+ dns_fixedname_t dns_origin;
+ isc_buffer_t isc_buffer;
+
+ result = T_UNRESOLVED;
+
+ nfails = 0;
+ mctx = NULL;
+ ectx = NULL;
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(result);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ rbt = NULL;
+ if (rbt_init(dbfile, &rbt, mctx)) {
+ t_info("rbt_init %s failed\n", dbfile);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+ }
+
+ len = strlen(findname);
+ isc_buffer_init(&isc_buffer, findname, len);
+ isc_buffer_add(&isc_buffer, len);
+
+ dns_fixedname_init(&dns_foundname);
+ dns_fixedname_init(&dns_findname);
+ dns_fixedname_init(&dns_firstname);
+ dns_fixedname_init(&dns_origin);
+ dns_fixedname_init(&dns_lastname);
+ dns_fixedname_init(&dns_prevname);
+ dns_fixedname_init(&dns_nextname);
+
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_findname),
+ &isc_buffer, NULL, ISC_FALSE, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Set the starting node.
+ */
+ node = NULL;
+ dns_result = dns_rbt_findnode(rbt, dns_fixedname_name(&dns_findname),
+ dns_fixedname_name(&dns_foundname),
+ &node, &chain, DNS_RBTFIND_EMPTYDATA,
+ NULL, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rbt_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Check next.
+ */
+ t_info("checking for next name of %s and new origin of %s\n",
+ nextname, nextorigin);
+ dns_result = dns_rbtnodechain_next(&chain,
+ dns_fixedname_name(&dns_nextname),
+ dns_fixedname_name(&dns_origin));
+
+ if ((dns_result != ISC_R_SUCCESS) &&
+ (dns_result != DNS_R_NEWORIGIN)) {
+ t_info("dns_rbtnodechain_next unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+
+ nfails += t_namechk(dns_result, &dns_nextname, nextname, &dns_origin,
+ nextorigin, DNS_R_NEWORIGIN);
+
+ /*
+ * Set the starting node again.
+ */
+ node = NULL;
+ dns_fixedname_init(&dns_foundname);
+ dns_result = dns_rbt_findnode(rbt, dns_fixedname_name(&dns_findname),
+ dns_fixedname_name(&dns_foundname),
+ &node, &chain, DNS_RBTFIND_EMPTYDATA,
+ NULL, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("\tdns_rbt_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Check previous.
+ */
+ t_info("checking for previous name of %s and new origin of %s\n",
+ prevname, prevorigin);
+ dns_fixedname_init(&dns_origin);
+ dns_result = dns_rbtnodechain_prev(&chain,
+ dns_fixedname_name(&dns_prevname),
+ dns_fixedname_name(&dns_origin));
+
+ if ((dns_result != ISC_R_SUCCESS) &&
+ (dns_result != DNS_R_NEWORIGIN)) {
+ t_info("dns_rbtnodechain_prev unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+ nfails += t_namechk(dns_result, &dns_prevname, prevname, &dns_origin,
+ prevorigin, DNS_R_NEWORIGIN);
+
+ /*
+ * Check first.
+ */
+ t_info("checking for first name of %s and new origin of %s\n",
+ firstname, firstorigin);
+ dns_result = dns_rbtnodechain_first(&chain, rbt,
+ dns_fixedname_name(&dns_firstname),
+ dns_fixedname_name(&dns_origin));
+
+ if (dns_result != DNS_R_NEWORIGIN) {
+ t_info("dns_rbtnodechain_first unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+ nfails += t_namechk(dns_result, &dns_firstname, firstname,
+ &dns_origin, firstorigin, DNS_R_NEWORIGIN);
+
+ /*
+ * Check last.
+ */
+ t_info("checking for last name of %s\n", lastname);
+ dns_result = dns_rbtnodechain_last(&chain, rbt,
+ dns_fixedname_name(&dns_lastname),
+ dns_fixedname_name(&dns_origin));
+
+ if (dns_result != DNS_R_NEWORIGIN) {
+ t_info("dns_rbtnodechain_last unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+ nfails += t_namechk(dns_result, &dns_lastname, lastname, &dns_origin,
+ lastorigin, DNS_R_NEWORIGIN);
+
+ /*
+ * Check node ordering.
+ */
+ t_info("checking node ordering\n");
+ nfails += t9_walkchain(&chain, rbt);
+
+ if (nfails)
+ result = T_FAIL;
+ else
+ result = T_PASS;
+
+ dns_rbtnodechain_invalidate(&chain);
+ dns_rbt_destroy(&rbt);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static int
+test_dns_rbtnodechain_init(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 10) {
+ result = t_dns_rbtnodechain_init(
+ Tokens[0], /* dbfile */
+ Tokens[1], /* startname */
+ Tokens[2], /* nextname */
+ Tokens[3], /* nextorigin */
+ Tokens[4], /* prevname */
+ Tokens[5], /* prevorigin */
+ Tokens[6], /* firstname */
+ Tokens[7], /* firstorigin */
+ Tokens[8], /* lastname */
+ Tokens[9]); /* lastorigin */
+ if (result != T_PASS) {
+ if (result == T_FAIL)
+ ++nfails;
+ else
+ ++nprobs;
+ }
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static void
+t9() {
+ int result;
+
+ t_assert("dns_rbtnodechain_init", 9, T_REQUIRED, a9);
+ result = test_dns_rbtnodechain_init("dns_rbtnodechain_init_data");
+ t_result(result);
+}
+
+static int
+t_dns_rbtnodechain_first(char *dbfile, char *expected_firstname,
+ char *expected_firstorigin,
+ char *expected_nextname,
+ char *expected_nextorigin)
+{
+ int result;
+ int nfails;
+ dns_rbt_t *rbt;
+ dns_rbtnodechain_t chain;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ dns_fixedname_t dns_name;
+ dns_fixedname_t dns_origin;
+ isc_result_t expected_result;
+
+ result = T_UNRESOLVED;
+
+ nfails = 0;
+ mctx = NULL;
+ ectx = NULL;
+
+ dns_fixedname_init(&dns_name);
+ dns_fixedname_init(&dns_origin);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(result);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ rbt = NULL;
+ if (rbt_init(dbfile, &rbt, mctx)) {
+ t_info("rbt_init %s failed\n", dbfile);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+ }
+
+ t_info("testing for first name of %s, origin of %s\n",
+ expected_firstname, expected_firstorigin);
+
+ dns_result = dns_rbtnodechain_first(&chain, rbt,
+ dns_fixedname_name(&dns_name),
+ dns_fixedname_name(&dns_origin));
+
+ if (dns_result != DNS_R_NEWORIGIN)
+ t_info("dns_rbtnodechain_first unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+
+ nfails = t_namechk(dns_result, &dns_name, expected_firstname,
+ &dns_origin, expected_firstorigin, DNS_R_NEWORIGIN);
+
+ dns_fixedname_init(&dns_name);
+ dns_result = dns_rbtnodechain_next(&chain,
+ dns_fixedname_name(&dns_name),
+ dns_fixedname_name(&dns_origin));
+
+ t_info("testing for next name of %s, origin of %s\n",
+ expected_nextname, expected_nextorigin);
+
+ if ((dns_result != ISC_R_SUCCESS) && (dns_result != DNS_R_NEWORIGIN))
+ t_info("dns_rbtnodechain_next unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+
+ if (strcasecmp(expected_firstorigin, expected_nextorigin) == 0)
+ expected_result = ISC_R_SUCCESS;
+ else
+ expected_result = DNS_R_NEWORIGIN;
+ nfails += t_namechk(dns_result, &dns_name, expected_nextname,
+ &dns_origin, expected_nextorigin, expected_result);
+
+ if (nfails)
+ result = T_FAIL;
+ else
+ result = T_PASS;
+
+ dns_rbtnodechain_invalidate(&chain);
+
+ dns_rbt_destroy(&rbt);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+}
+
+static int
+test_dns_rbtnodechain_first(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 5) {
+ result = t_dns_rbtnodechain_first(
+ Tokens[0], /* dbfile */
+ Tokens[1], /* firstname */
+ Tokens[2], /* firstorigin */
+ Tokens[3], /* nextname */
+ Tokens[4]); /* nextorigin */
+ if (result != T_PASS) {
+ if (result == T_FAIL)
+ ++nfails;
+ else
+ ++nprobs;
+ }
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a10 = "a call to "
+ "dns_rbtnodechain_first(chain, rbt, name, origin) "
+ "sets name to point to the root of the tree, "
+ "origin to point to the origin, "
+ "and returns DNS_R_NEWORIGIN";
+
+static void
+t10() {
+ int result;
+
+ t_assert("dns_rbtnodechain_first", 10, T_REQUIRED, a10);
+ result = test_dns_rbtnodechain_first("dns_rbtnodechain_first_data");
+ t_result(result);
+}
+
+static int
+t_dns_rbtnodechain_last(char *dbfile, char *expected_lastname,
+ char *expected_lastorigin,
+ char *expected_prevname,
+ char *expected_prevorigin)
+{
+
+ int result;
+ int nfails;
+ dns_rbt_t *rbt;
+ dns_rbtnodechain_t chain;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ dns_fixedname_t dns_name;
+ dns_fixedname_t dns_origin;
+ isc_result_t expected_result;
+
+ result = T_UNRESOLVED;
+
+ nfails = 0;
+ mctx = NULL;
+ ectx = NULL;
+
+ dns_fixedname_init(&dns_name);
+ dns_fixedname_init(&dns_origin);
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(result);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ rbt = NULL;
+ if (rbt_init(dbfile, &rbt, mctx)) {
+ t_info("rbt_init %s failed\n", dbfile);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+ }
+
+ t_info("testing for last name of %s, origin of %s\n",
+ expected_lastname, expected_lastorigin);
+
+ dns_result = dns_rbtnodechain_last(&chain, rbt,
+ dns_fixedname_name(&dns_name),
+ dns_fixedname_name(&dns_origin));
+
+ if (dns_result != DNS_R_NEWORIGIN) {
+ t_info("dns_rbtnodechain_last unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+ nfails = t_namechk(dns_result, &dns_name, expected_lastname,
+ &dns_origin, expected_lastorigin, DNS_R_NEWORIGIN);
+
+ t_info("testing for previous name of %s, origin of %s\n",
+ expected_prevname, expected_prevorigin);
+
+ dns_fixedname_init(&dns_name);
+ dns_result = dns_rbtnodechain_prev(&chain,
+ dns_fixedname_name(&dns_name),
+ dns_fixedname_name(&dns_origin));
+
+ if ((dns_result != ISC_R_SUCCESS) &&
+ (dns_result != DNS_R_NEWORIGIN)) {
+ t_info("dns_rbtnodechain_prev unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+ if (strcasecmp(expected_lastorigin, expected_prevorigin) == 0)
+ expected_result = ISC_R_SUCCESS;
+ else
+ expected_result = DNS_R_NEWORIGIN;
+ nfails += t_namechk(dns_result, &dns_name, expected_prevname,
+ &dns_origin, expected_prevorigin, expected_result);
+
+ if (nfails)
+ result = T_FAIL;
+ else
+ result = T_PASS;
+
+ dns_rbtnodechain_invalidate(&chain);
+ dns_rbt_destroy(&rbt);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static int
+test_dns_rbtnodechain_last(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 5) {
+ result = t_dns_rbtnodechain_last(
+ Tokens[0], /* dbfile */
+ Tokens[1], /* lastname */
+ Tokens[2], /* lastorigin */
+ Tokens[3], /* prevname */
+ Tokens[4]); /* prevorigin */
+ if (result != T_PASS) {
+ if (result == T_FAIL)
+ ++nfails;
+ else
+ ++nprobs;
+ }
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a11 = "a call to "
+ "dns_rbtnodechain_last(chain, rbt, name, origin) "
+ "sets name to point to the last node of the megatree, "
+ "origin to the name of the level above it, "
+ "and returns DNS_R_NEWORIGIN";
+
+static void
+t11() {
+ int result;
+
+ t_assert("dns_rbtnodechain_last", 11, T_REQUIRED, a11);
+ result = test_dns_rbtnodechain_last("dns_rbtnodechain_last_data");
+ t_result(result);
+}
+
+static int
+t_dns_rbtnodechain_next(char *dbfile, char *findname,
+ char *nextname, char *nextorigin)
+{
+
+ int result;
+ int len;
+ int nfails;
+ dns_rbt_t *rbt;
+ dns_rbtnode_t *node;
+ dns_rbtnodechain_t chain;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ dns_fixedname_t dns_findname;
+ dns_fixedname_t dns_foundname;
+ dns_fixedname_t dns_nextname;
+ dns_fixedname_t dns_origin;
+ isc_buffer_t isc_buffer;
+
+ result = T_UNRESOLVED;
+
+ nfails = 0;
+ mctx = NULL;
+ ectx = NULL;
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(result);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ rbt = NULL;
+ if (rbt_init(dbfile, &rbt, mctx)) {
+ t_info("rbt_init %s failed\n", dbfile);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+ }
+
+ len = strlen(findname);
+ isc_buffer_init(&isc_buffer, findname, len);
+ isc_buffer_add(&isc_buffer, len);
+
+ dns_fixedname_init(&dns_foundname);
+ dns_fixedname_init(&dns_findname);
+ dns_fixedname_init(&dns_nextname);
+ dns_fixedname_init(&dns_origin);
+
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_findname),
+ &isc_buffer, NULL, ISC_FALSE, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Set the starting node.
+ */
+ node = NULL;
+ dns_result = dns_rbt_findnode(rbt, dns_fixedname_name(&dns_findname),
+ dns_fixedname_name(&dns_foundname),
+ &node, &chain, DNS_RBTFIND_EMPTYDATA,
+ NULL, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rbt_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Check next.
+ */
+ t_info("checking for next name of %s and new origin of %s\n",
+ nextname, nextorigin);
+ dns_result = dns_rbtnodechain_next(&chain,
+ dns_fixedname_name(&dns_nextname),
+ dns_fixedname_name(&dns_origin));
+
+ if ((dns_result != ISC_R_SUCCESS) && (dns_result != DNS_R_NEWORIGIN)) {
+ t_info("dns_rbtnodechain_next unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+
+ nfails += t_namechk(dns_result, &dns_nextname, nextname, &dns_origin,
+ nextorigin, DNS_R_NEWORIGIN);
+
+ if (nfails)
+ result = T_FAIL;
+ else
+ result = T_PASS;
+
+ dns_rbtnodechain_invalidate(&chain);
+ dns_rbt_destroy(&rbt);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static int
+test_dns_rbtnodechain_next(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 4) {
+ result = t_dns_rbtnodechain_next(
+ Tokens[0], /* dbfile */
+ Tokens[1], /* findname */
+ Tokens[2], /* nextname */
+ Tokens[3]); /* nextorigin */
+ if (result != T_PASS) {
+ if (result == T_FAIL)
+ ++nfails;
+ else
+ ++nprobs;
+ }
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a12 = "a call to "
+ "dns_rbtnodechain_next(chain, name, origin) "
+ "sets name to point to the next node of the tree "
+ "and returns ISC_R_SUCCESS or "
+ "DNS_R_NEWORIGIN on success";
+
+
+static void
+t12() {
+ int result;
+
+ t_assert("dns_rbtnodechain_next", 12, T_REQUIRED, a12);
+ result = test_dns_rbtnodechain_next("dns_rbtnodechain_next_data");
+ t_result(result);
+}
+
+static int
+t_dns_rbtnodechain_prev(char *dbfile, char *findname, char *prevname,
+ char *prevorigin)
+{
+ int result;
+ int len;
+ int nfails;
+ dns_rbt_t *rbt;
+ dns_rbtnode_t *node;
+ dns_rbtnodechain_t chain;
+ isc_mem_t *mctx;
+ isc_entropy_t *ectx = NULL;
+ isc_result_t isc_result;
+ isc_result_t dns_result;
+ dns_fixedname_t dns_findname;
+ dns_fixedname_t dns_foundname;
+ dns_fixedname_t dns_prevname;
+ dns_fixedname_t dns_origin;
+ isc_buffer_t isc_buffer;
+
+ result = T_UNRESOLVED;
+
+ nfails = 0;
+ mctx = NULL;
+ ectx = NULL;
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(result);
+ }
+
+ isc_result = isc_entropy_create(mctx, &ectx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_entropy_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_hash_create: %s: exiting\n",
+ dns_result_totext(isc_result));
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ rbt = NULL;
+ if (rbt_init(dbfile, &rbt, mctx)) {
+ t_info("rbt_init %s failed\n", dbfile);
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+ return(result);
+ }
+
+ len = strlen(findname);
+ isc_buffer_init(&isc_buffer, findname, len);
+ isc_buffer_add(&isc_buffer, len);
+
+ dns_fixedname_init(&dns_foundname);
+ dns_fixedname_init(&dns_findname);
+ dns_fixedname_init(&dns_prevname);
+ dns_fixedname_init(&dns_origin);
+
+ dns_result = dns_name_fromtext(dns_fixedname_name(&dns_findname),
+ &isc_buffer, NULL, ISC_FALSE, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_name_fromtext failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Set the starting node.
+ */
+ node = NULL;
+ dns_result = dns_rbt_findnode(rbt, dns_fixedname_name(&dns_findname),
+ dns_fixedname_name(&dns_foundname),
+ &node, &chain, DNS_RBTFIND_EMPTYDATA,
+ NULL, NULL);
+
+ if (dns_result != ISC_R_SUCCESS) {
+ t_info("dns_rbt_findnode failed %s\n",
+ dns_result_totext(dns_result));
+ return(result);
+ }
+
+ /*
+ * Check next.
+ */
+ t_info("checking for next name of %s and new origin of %s\n",
+ prevname, prevorigin);
+ dns_result = dns_rbtnodechain_prev(&chain,
+ dns_fixedname_name(&dns_prevname),
+ dns_fixedname_name(&dns_origin));
+
+ if ((dns_result != ISC_R_SUCCESS) && (dns_result != DNS_R_NEWORIGIN)) {
+ t_info("dns_rbtnodechain_prev unexpectedly returned %s\n",
+ dns_result_totext(dns_result));
+ }
+
+ nfails += t_namechk(dns_result, &dns_prevname, prevname, &dns_origin,
+ prevorigin, DNS_R_NEWORIGIN);
+
+ if (nfails)
+ result = T_FAIL;
+ else
+ result = T_PASS;
+
+ dns_rbtnodechain_invalidate(&chain);
+ dns_rbt_destroy(&rbt);
+
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+ isc_mem_destroy(&mctx);
+
+ return(result);
+}
+
+static int
+test_dns_rbtnodechain_prev(const char *filename) {
+ FILE *fp;
+ char *p;
+ int line;
+ int cnt;
+ int result;
+ int nfails;
+ int nprobs;
+
+ nfails = 0;
+ nprobs = 0;
+
+ fp = fopen(filename, "r");
+ if (fp != NULL) {
+ line = 0;
+ while ((p = t_fgetbs(fp)) != NULL) {
+
+ ++line;
+
+ /*
+ * Skip comment lines.
+ */
+ if ((isspace((unsigned char)*p)) || (*p == '#')) {
+ (void)free(p);
+ continue;
+ }
+
+ cnt = t_bustline(p, Tokens);
+ if (cnt == 4) {
+ result = t_dns_rbtnodechain_prev(
+ Tokens[0], /* dbfile */
+ Tokens[1], /* findname */
+ Tokens[2], /* prevname */
+ Tokens[3]); /* prevorigin */
+ if (result != T_PASS) {
+ if (result == T_FAIL)
+ ++nfails;
+ else
+ ++nprobs;
+ }
+ } else {
+ t_info("bad format in %s at line %d\n",
+ filename, line);
+ ++nprobs;
+ }
+
+ (void)free(p);
+ }
+ (void)fclose(fp);
+ } else {
+ t_info("Missing datafile %s\n", filename);
+ ++nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((nfails == 0) && (nprobs == 0))
+ result = T_PASS;
+ else if (nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a13 = "a call to "
+ "dns_rbtnodechain_prev(chain, name, origin) "
+ "sets name to point to the previous node of the tree "
+ "and returns ISC_R_SUCCESS or "
+ "DNS_R_NEWORIGIN on success";
+
+static void
+t13() {
+ int result;
+
+ t_assert("dns_rbtnodechain_prev", 13, T_REQUIRED, a13);
+ result = test_dns_rbtnodechain_prev("dns_rbtnodechain_prev_data");
+ t_result(result);
+}
+
+
+
+testspec_t T_testlist[] = {
+ { t1, "dns_rbt_create" },
+ { t2, "dns_rbt_addname 1" },
+ { t3, "dns_rbt_addname 2" },
+ { t4, "dns_rbt_deletename 1" },
+ { t5, "dns_rbt_deletename 2" },
+ { t6, "dns_rbt_findname 1" },
+ { t7, "dns_rbt_findname 2" },
+ { t8, "dns_rbt_findname 3" },
+ { t9, "dns_rbtnodechain_init" },
+ { t10, "dns_rbtnodechain_first" },
+ { t11, "dns_rbtnodechain_last" },
+ { t12, "dns_rbtnodechain_next" },
+ { t13, "dns_rbtnodechain_prev" },
+ { NULL, NULL }
+};
+
diff --git a/bin/tests/rbt_test.c b/bin/tests/rbt_test.c
new file mode 100644
index 0000000..ac8db14
--- /dev/null
+++ b/bin/tests/rbt_test.c
@@ -0,0 +1,457 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rbt_test.c,v 1.48 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/rbt.h>
+#include <dns/fixedname.h>
+#include <dns/result.h>
+
+char *progname;
+isc_mem_t *mctx;
+
+#define DNSNAMELEN 255
+
+static dns_name_t *
+create_name(char *s) {
+ int length;
+ isc_result_t result;
+ isc_buffer_t source, target;
+ static dns_name_t *name;
+
+ if (s == NULL || *s == '\0') {
+ printf("missing name argument\n");
+ return (NULL);
+ }
+
+ length = strlen(s);
+
+ isc_buffer_init(&source, s, length);
+ isc_buffer_add(&source, length);
+
+ /*
+ * It isn't really necessary in this program to create individual
+ * memory spaces for each name structure and its associated character
+ * string. It is done here to provide a relatively easy way to test
+ * the callback from dns_rbt_deletename that is supposed to free the
+ * data associated with a node.
+ *
+ * The buffer for the actual name will immediately follow the
+ * name structure.
+ */
+ name = isc_mem_get(mctx, sizeof(*name) + DNSNAMELEN);
+ if (name == NULL) {
+ printf("out of memory!\n");
+ return (NULL);
+ }
+
+ dns_name_init(name, NULL);
+ isc_buffer_init(&target, name + 1, DNSNAMELEN);
+
+ result = dns_name_fromtext(name, &source, dns_rootname,
+ ISC_FALSE, &target);
+
+ if (result != ISC_R_SUCCESS) {
+ printf("dns_name_fromtext(%s) failed: %s\n",
+ s, dns_result_totext(result));
+ return (NULL);
+ }
+
+ return (name);
+}
+
+static void
+delete_name(void *data, void *arg) {
+ dns_name_t *name;
+
+ UNUSED(arg);
+ name = data;
+ isc_mem_put(mctx, data, sizeof(dns_name_t) + DNSNAMELEN);
+}
+
+static void
+print_name(dns_name_t *name) {
+ isc_buffer_t target;
+ char buffer[1024];
+
+ isc_buffer_init(&target, buffer, sizeof(buffer));
+
+ /*
+ * ISC_FALSE means absolute names have the final dot added.
+ */
+ dns_name_totext(name, ISC_FALSE, &target);
+
+ printf("%.*s", (int)target.used, (char *)target.base);
+}
+
+static void
+detail(dns_rbt_t *rbt, dns_name_t *name) {
+ dns_name_t *foundname, *origin, *fullname;
+ dns_fixedname_t fixedfoundname, fixedorigin, fixedfullname;
+ dns_rbtnode_t *node1, *node2;
+ dns_rbtnodechain_t chain;
+ isc_result_t result;
+ isc_boolean_t nodes_should_match = ISC_FALSE;
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ dns_fixedname_init(&fixedorigin);
+ dns_fixedname_init(&fixedfullname);
+ dns_fixedname_init(&fixedfoundname);
+
+ origin = dns_fixedname_name(&fixedorigin);
+ fullname = dns_fixedname_name(&fixedfullname);
+ foundname = dns_fixedname_name(&fixedfoundname);
+
+ node1 = node2 = NULL;
+
+ printf("checking chain information for ");
+ print_name(name);
+ printf("\n");
+
+ result = dns_rbt_findnode(rbt, name, foundname, &node1, &chain,
+ DNS_RBTFIND_EMPTYDATA, NULL, NULL);
+
+ switch (result) {
+ case ISC_R_SUCCESS:
+ printf(" found exact.");
+ nodes_should_match = ISC_TRUE;
+ break;
+ case DNS_R_PARTIALMATCH:
+ printf(" found parent.");
+ break;
+ case ISC_R_NOTFOUND:
+ printf(" name not found.");
+ break;
+ default:
+ printf(" unexpected result: %s\n", dns_result_totext(result));
+ return;
+ }
+
+ if (node1 != NULL && node1->data != NULL) {
+ printf(" data at node: ");
+ print_name(node1->data);
+ } else
+ printf(" no data at node.");
+
+ if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
+ printf("\n name from dns_rbt_findnode: ");
+ print_name(foundname);
+ }
+
+ result = dns_rbtnodechain_current(&chain, foundname, origin, &node2);
+
+ if (result == ISC_R_SUCCESS) {
+ printf("\n name from dns_rbtnodechain_current: ");
+
+ result = dns_name_concatenate(foundname, origin,
+ fullname, NULL);
+ if (result == ISC_R_SUCCESS)
+ print_name(fullname);
+ else
+ printf("%s\n", dns_result_totext(result));
+ printf("\n (foundname = ");
+ print_name(foundname);
+ printf(", origin = ");
+ print_name(origin);
+ printf(")\n");
+ if (nodes_should_match && node1 != node2)
+ printf(" nodes returned from each function "
+ "DO NOT match!\n");
+
+ } else
+ printf("\n result from dns_rbtnodechain_current: %s\n",
+ dns_result_totext(result));
+
+ printf(" level_matches = %d, level_count = %d\n",
+ chain.level_matches, chain.level_count);
+}
+
+static void
+iterate(dns_rbt_t *rbt, isc_boolean_t forward) {
+ dns_name_t foundname, *origin;
+ dns_rbtnodechain_t chain;
+ dns_fixedname_t fixedorigin;
+ isc_result_t result;
+ isc_result_t (*move)(dns_rbtnodechain_t *chain, dns_name_t *name,
+ dns_name_t *origin);
+
+ dns_rbtnodechain_init(&chain, mctx);
+
+ dns_name_init(&foundname, NULL);
+ dns_fixedname_init(&fixedorigin);
+ origin = dns_fixedname_name(&fixedorigin);
+
+ if (forward) {
+ printf("iterating forward\n" );
+ move = dns_rbtnodechain_next;
+
+ result = dns_rbtnodechain_first(&chain, rbt, &foundname,
+ origin);
+
+ } else {
+ printf("iterating backward\n" );
+ move = dns_rbtnodechain_prev;
+
+ result = dns_rbtnodechain_last(&chain, rbt, &foundname,
+ origin);
+ }
+
+ if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN)
+ printf("start not found!\n");
+
+ else {
+ for (;;) {
+ if (result == DNS_R_NEWORIGIN) {
+ printf(" new origin: ");
+ print_name(origin);
+ printf("\n");
+ }
+
+ if (result == ISC_R_SUCCESS ||
+ result == DNS_R_NEWORIGIN) {
+ print_name(&foundname);
+ printf("\n");
+
+ } else {
+ if (result != ISC_R_NOMORE)
+ printf("UNEXEPCTED ITERATION ERROR: %s",
+ dns_result_totext(result));
+ break;
+ }
+
+ result = move(&chain, &foundname, origin);
+ }
+ }
+}
+
+
+#define CMDCHECK(s) (strncasecmp(command, (s), length) == 0)
+#define PRINTERR(r) if (r != ISC_R_SUCCESS) \
+ printf("... %s\n", dns_result_totext(r));
+
+int
+main(int argc, char **argv) {
+ char *command, *arg, buffer[1024];
+ const char *whitespace;
+ dns_name_t *name, *foundname;
+ dns_fixedname_t fixedname;
+ dns_rbt_t *rbt = NULL;
+ int length, ch;
+ isc_boolean_t show_final_mem = ISC_FALSE;
+ isc_result_t result;
+ void *data;
+
+ progname = strrchr(*argv, '/');
+ if (progname != NULL)
+ progname++;
+ else
+ progname = *argv;
+
+ while ((ch = isc_commandline_parse(argc, argv, "m")) != -1) {
+ switch (ch) {
+ case 'm':
+ show_final_mem = ISC_TRUE;
+ break;
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 1) {
+ printf("Usage: %s [-m]\n", progname);
+ exit(1);
+ }
+
+ setbuf(stdout, NULL);
+
+ /*
+ * So isc_mem_stats() can report any allocation leaks.
+ */
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ result = isc_mem_create(0, 0, &mctx);
+ if (result != ISC_R_SUCCESS) {
+ printf("isc_mem_create: %s: exiting\n",
+ dns_result_totext(result));
+ exit(1);
+ }
+
+ result = dns_rbt_create(mctx, delete_name, NULL, &rbt);
+ if (result != ISC_R_SUCCESS) {
+ printf("dns_rbt_create: %s: exiting\n",
+ dns_result_totext(result));
+ exit(1);
+ }
+
+ whitespace = " \t";
+
+ while (fgets(buffer, sizeof(buffer), stdin) != NULL) {
+ length = strlen(buffer);
+
+ if (buffer[length - 1] != '\n') {
+ printf("line to long (%lu max), ignored\n",
+ (unsigned long)sizeof(buffer) - 2);
+ continue;
+ }
+
+ buffer[length - 1] = '\0';
+
+ command = buffer + strspn(buffer, whitespace);
+
+ if (*command == '#')
+ continue;
+
+ arg = strpbrk(command, whitespace);
+ if (arg != NULL) {
+ *arg++ = '\0';
+ arg += strspn(arg, whitespace);
+ }
+
+ length = strlen(command);
+ if (*command != '\0') {
+ if (CMDCHECK("add")) {
+ name = create_name(arg);
+ if (name != NULL) {
+ printf("adding name %s\n", arg);
+ result = dns_rbt_addname(rbt,
+ name, name);
+ PRINTERR(result);
+ }
+
+ } else if (CMDCHECK("delete")) {
+ name = create_name(arg);
+ if (name != NULL) {
+ printf("deleting name %s\n", arg);
+ result = dns_rbt_deletename(rbt, name,
+ ISC_FALSE);
+ PRINTERR(result);
+ delete_name(name, NULL);
+ }
+
+ } else if (CMDCHECK("nuke")) {
+ name = create_name(arg);
+ if (name != NULL) {
+ printf("nuking name %s "
+ "and its descendants\n", arg);
+ result = dns_rbt_deletename(rbt, name,
+ ISC_TRUE);
+ PRINTERR(result);
+ delete_name(name, NULL);
+ }
+
+ } else if (CMDCHECK("search")) {
+ name = create_name(arg);
+ if (name != NULL) {
+ printf("searching for name %s ... ",
+ arg);
+
+ dns_fixedname_init(&fixedname);
+ foundname =
+ dns_fixedname_name(&fixedname);
+ data = NULL;
+
+ result = dns_rbt_findname(rbt, name, 0,
+ foundname,
+ &data);
+ switch (result) {
+ case ISC_R_SUCCESS:
+ printf("found exact: ");
+ print_name(data);
+ putchar('\n');
+ break;
+ case DNS_R_PARTIALMATCH:
+ printf("found parent: ");
+ print_name(data);
+ printf("\n\t(foundname: ");
+ print_name(foundname);
+ printf(")\n");
+ break;
+ case ISC_R_NOTFOUND:
+ printf("NOT FOUND!\n");
+ break;
+ case ISC_R_NOMEMORY:
+ printf("OUT OF MEMORY!\n");
+ break;
+ default:
+ printf("UNEXPECTED RESULT\n");
+ }
+
+ delete_name(name, NULL);
+ }
+
+ } else if (CMDCHECK("check")) {
+ /*
+ * Or "chain". I know, I know. Lame name.
+ * I was having a hard time thinking of a
+ * name (especially one that did not have
+ * a conflicting first letter with another
+ * command) that would differentiate this
+ * from the search command.
+ *
+ * But it is just a test program, eh?
+ */
+ name = create_name(arg);
+ if (name != NULL) {
+ detail(rbt, name);
+
+ delete_name(name, NULL);
+ }
+
+ } else if (CMDCHECK("forward")) {
+ iterate(rbt, ISC_TRUE);
+
+ } else if (CMDCHECK("backward")) {
+ iterate(rbt, ISC_FALSE);
+
+ } else if (CMDCHECK("print")) {
+ if (arg == NULL || *arg == '\0')
+ dns_rbt_printall(rbt);
+ else
+ printf("usage: print\n");
+
+ } else if (CMDCHECK("quit")) {
+ if (arg == NULL || *arg == '\0')
+ break;
+ else
+ printf("usage: quit\n");
+ } else {
+ printf("a(dd) NAME, d(elete) NAME, "
+ "s(earch) NAME, p(rint), or q(uit)\n");
+
+ }
+ }
+
+ }
+
+ dns_rbt_destroy(&rbt);
+
+ if (show_final_mem)
+ isc_mem_stats(mctx, stderr);
+
+ return (0);
+}
diff --git a/bin/tests/rbt_test.out b/bin/tests/rbt_test.out
new file mode 100644
index 0000000..95bf4f9
--- /dev/null
+++ b/bin/tests/rbt_test.out
@@ -0,0 +1,395 @@
+adding name a.vix.com
+adding name b.vix.com
+adding name c.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (RED from b)
+ NULL
+ NULL
+ c (RED from b)
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+adding name a.b.c.d.e.f.vix.com
+adding name b.b.c.d.e.f.vix.com
+adding name c.b.c.d.e.f.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (black from b)
+ NULL
+ NULL
+ c (black from b)
+ NULL
+ b.c.d.e.f (RED from c)
+ ++ BEG down from b.c.d.e.f
+ b (black)
+ a (RED from b)
+ NULL
+ NULL
+ c (RED from b)
+ NULL
+ NULL
+ -- END down from b.c.d.e.f
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+adding name a.d.e.f.vix.com
+adding name q.d.e.f.vix.com
+adding name d.e.f.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (black from b)
+ NULL
+ NULL
+ c (black from b)
+ NULL
+ d.e.f (RED from c)
+ ++ BEG down from d.e.f
+ b.c (black)
+ ++ BEG down from b.c
+ b (black)
+ a (RED from b)
+ NULL
+ NULL
+ c (RED from b)
+ NULL
+ NULL
+ -- END down from b.c
+ a (RED from b.c)
+ NULL
+ NULL
+ q (RED from b.c)
+ NULL
+ NULL
+ -- END down from d.e.f
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+adding name g.h.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (black from b)
+ NULL
+ NULL
+ d.e.f (black from b)
+ ++ BEG down from d.e.f
+ b.c (black)
+ ++ BEG down from b.c
+ b (black)
+ a (RED from b)
+ NULL
+ NULL
+ c (RED from b)
+ NULL
+ NULL
+ -- END down from b.c
+ a (RED from b.c)
+ NULL
+ NULL
+ q (RED from b.c)
+ NULL
+ NULL
+ -- END down from d.e.f
+ c (RED from d.e.f)
+ NULL
+ NULL
+ g.h (RED from d.e.f)
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+searching for name q.d.e.f.vix.com ... found exact: q.d.e.f.vix.com.
+searching for name just-parent.a.vix.com ... found parent: a.vix.com.
+ (foundname: a.vix.com.)
+searching for name no-real-parent.vix.com ... NOT FOUND!
+searching for name does.not.exist.at.all ... NOT FOUND!
+iterating forward
+ new origin: .
+vix.com
+ new origin: vix.com.
+a
+b
+c
+d.e.f
+ new origin: d.e.f.vix.com.
+a
+b.c
+ new origin: b.c.d.e.f.vix.com.
+a
+b
+c
+ new origin: d.e.f.vix.com.
+q
+ new origin: vix.com.
+g.h
+iterating backward
+ new origin: vix.com.
+g.h
+ new origin: d.e.f.vix.com.
+q
+ new origin: b.c.d.e.f.vix.com.
+c
+b
+a
+ new origin: d.e.f.vix.com.
+b.c
+a
+ new origin: vix.com.
+d.e.f
+c
+b
+a
+ new origin: .
+vix.com
+checking chain information for vix.com.
+ found exact. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: vix.com.
+ (foundname = vix.com, origin = .)
+ level_matches = 0, level_count = 0
+checking chain information for zzz.com.
+ name not found. no data at node.
+ name from dns_rbtnodechain_current: g.h.vix.com.
+ (foundname = g.h, origin = vix.com.)
+ level_matches = 0, level_count = 1
+checking chain information for 0.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: vix.com.
+ (foundname = vix.com, origin = .)
+ level_matches = 0, level_count = 0
+checking chain information for d.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: c.vix.com.
+ (foundname = c, origin = vix.com.)
+ level_matches = 0, level_count = 1
+checking chain information for f.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: c.vix.com.
+ (foundname = c, origin = vix.com.)
+ level_matches = 0, level_count = 1
+checking chain information for a.e.f.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: c.vix.com.
+ (foundname = c, origin = vix.com.)
+ level_matches = 0, level_count = 1
+checking chain information for z.e.f.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: q.d.e.f.vix.com.
+ (foundname = q, origin = d.e.f.vix.com.)
+ level_matches = 0, level_count = 2
+checking chain information for g.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: q.d.e.f.vix.com.
+ (foundname = q, origin = d.e.f.vix.com.)
+ level_matches = 0, level_count = 2
+checking chain information for i.vix.com.
+ found parent. no data at node.
+ name from dns_rbt_findnode: vix.com.
+ name from dns_rbtnodechain_current: g.h.vix.com.
+ (foundname = g.h, origin = vix.com.)
+ level_matches = 0, level_count = 1
+checking chain information for b.c.vix.com.
+ found parent. data at node: c.vix.com.
+ name from dns_rbt_findnode: c.vix.com.
+ name from dns_rbtnodechain_current: c.vix.com.
+ (foundname = c, origin = vix.com.)
+ level_matches = 1, level_count = 1
+nuking name d.e.f.vix.com and its descendants
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (black from b)
+ NULL
+ NULL
+ g.h (black from b)
+ c (RED from g.h)
+ NULL
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+adding name x.a.vix.com
+adding name y.x.a.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (black from b)
+ ++ BEG down from a
+ x (black)
+ ++ BEG down from x
+ y (black)
+ NULL
+ NULL
+ -- END down from x
+ NULL
+ NULL
+ -- END down from a
+ NULL
+ NULL
+ g.h (black from b)
+ c (RED from g.h)
+ NULL
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+deleting name a.vix.com
+deleting name x.a.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ b (black)
+ a (black from b)
+ ++ BEG down from a
+ x (black)
+ ++ BEG down from x
+ y (black)
+ NULL
+ NULL
+ -- END down from x
+ NULL
+ NULL
+ -- END down from a
+ NULL
+ NULL
+ g.h (black from b)
+ c (RED from g.h)
+ NULL
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+deleting name b.vix.com
+deleting name c.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ g.h (black)
+ a (RED from g.h)
+ ++ BEG down from a
+ x (black)
+ ++ BEG down from x
+ y (black)
+ NULL
+ NULL
+ -- END down from x
+ NULL
+ NULL
+ -- END down from a
+ NULL
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+deleting name y.x.a.vix.com
+vix.com. (black)
+ ++ BEG down from vix.com.
+ g.h (black)
+ a (RED from g.h)
+ ++ BEG down from a
+ x (black)
+ NULL
+ NULL
+ -- END down from a
+ NULL
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+deleting name g.h.vix.com.
+adding name \[b100000].vix.com.
+adding name \[b010000].vix.com.
+adding name \[b001000].vix.com.
+adding name \[b000100].vix.com.
+adding name \[b000010].vix.com.
+adding name \[b000001].vix.com.
+vix.com. (black)
+ ++ BEG down from vix.com.
+ \[x80/6] (black)
+ \[x0/1] (RED from \[x80/6])
+ ++ BEG down from \[x0/1]
+ \[x80/5] (black)
+ \[x0/1] (RED from \[x80/5])
+ ++ BEG down from \[x0/1]
+ \[x8/4] (black)
+ \[x0/1] (RED from \[x8/4])
+ ++ BEG down from \[x0/1]
+ \[x8/3] (black)
+ \[x0/1] (RED from \[x8/3])
+ ++ BEG down from \[x0/1]
+ \[x8/2] (black)
+ \[x4/2] (RED from \[x8/2])
+ NULL
+ NULL
+ NULL
+ -- END down from \[x0/1]
+ NULL
+ NULL
+ NULL
+ -- END down from \[x0/1]
+ NULL
+ NULL
+ NULL
+ -- END down from \[x0/1]
+ NULL
+ NULL
+ NULL
+ -- END down from \[x0/1]
+ NULL
+ NULL
+ a (RED from \[x80/6])
+ ++ BEG down from a
+ x (black)
+ NULL
+ NULL
+ -- END down from a
+ NULL
+ NULL
+ -- END down from vix.com.
+ NULL
+ NULL
+searching for name \[b000100].vix.com. ... found exact: \[x10/6].vix.com.
+adding name vix.com.
+nuking name vix.com. and its descendants
+adding name a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+adding name b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w. (black)
+ ++ BEG down from b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+ a (black)
+ NULL
+ NULL
+ -- END down from b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+ NULL
+ NULL
+adding name .
+nuking name . and its descendants
+adding name \[xFFFF/16].\[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/256].com
+adding name \[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/128].com
+\[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/128].com. (black)
+ ++ BEG down from \[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/128].com.
+ \[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/144] (black)
+ NULL
+ NULL
+ -- END down from \[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/128].com.
+ NULL
+ NULL
diff --git a/bin/tests/rbt_test.txt b/bin/tests/rbt_test.txt
new file mode 100644
index 0000000..bf50b12
--- /dev/null
+++ b/bin/tests/rbt_test.txt
@@ -0,0 +1,93 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: rbt_test.txt,v 1.17 2007/06/19 23:46:59 tbox Exp $
+
+add a.vix.com
+add b.vix.com
+add c.vix.com
+print
+add a.b.c.d.e.f.vix.com
+add b.b.c.d.e.f.vix.com
+add c.b.c.d.e.f.vix.com
+print
+add a.d.e.f.vix.com
+add q.d.e.f.vix.com
+add d.e.f.vix.com
+print
+add g.h.vix.com
+print
+search q.d.e.f.vix.com
+search just-parent.a.vix.com
+search no-real-parent.vix.com
+search does.not.exist.at.all
+forward
+backward
+# existing name
+check vix.com.
+# greater than stop node, which has down pointer
+check zzz.com.
+# less than lowest in level (would be left link from stop node)
+check 0.vix.com
+# greater than stop node, no down pointer
+check d.vix.com
+# superdomain stored in existing node
+check f.vix.com
+# common ancestor stored in existing node; existing is successor
+check a.e.f.vix.com
+# common ancestor stored in existing node; existing is less but not predecessor
+check z.e.f.vix.com
+#
+check g.vix.com
+#
+check i.vix.com
+#
+check b.c.vix.com
+nuke d.e.f.vix.com
+print
+add x.a.vix.com
+add y.x.a.vix.com
+print
+delete a.vix.com
+delete x.a.vix.com
+print
+delete b.vix.com
+delete c.vix.com
+print
+delete y.x.a.vix.com
+print
+delete g.h.vix.com.
+add \[b100000].vix.com.
+add \[b010000].vix.com.
+add \[b001000].vix.com.
+add \[b000100].vix.com.
+add \[b000010].vix.com.
+add \[b000001].vix.com.
+p
+search \[b000100].vix.com.
+# zap the entire tree
+add vix.com.
+nuke vix.com.
+add a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+add b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.
+print
+add .
+# zap it again
+nuke .
+# test splitting of maximal bitstring
+add \[xFFFF/16].\[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/256].com
+add \[xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/128].com
+print
+quit
diff --git a/bin/tests/rdata_test.c b/bin/tests/rdata_test.c
new file mode 100644
index 0000000..7955737
--- /dev/null
+++ b/bin/tests/rdata_test.c
@@ -0,0 +1,1182 @@
+/*
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rdata_test.c,v 1.48 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/rdata.h>
+#include <dns/compress.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+
+isc_mem_t *mctx;
+isc_lex_t *lex;
+
+isc_lexspecials_t specials;
+
+static void
+viastruct(dns_rdata_t *rdata, isc_mem_t *mctx,
+ dns_rdata_t *rdata2, isc_buffer_t *b)
+{
+ isc_result_t result;
+ void *sp = NULL;
+ isc_boolean_t need_free = ISC_FALSE;
+ dns_rdatatype_t rdt;
+ dns_rdataclass_t rdc;
+
+ UNUSED(rdata2); /* XXXMPA remove when fromstruct is ready. */
+ UNUSED(b);
+
+ switch (rdata->type) {
+ case dns_rdatatype_a6: {
+ dns_rdata_in_a6_t in_a6;
+ result = dns_rdata_tostruct(rdata, sp = &in_a6, NULL);
+ break;
+ }
+ case dns_rdatatype_a: {
+ switch (rdata->rdclass) {
+ case dns_rdataclass_hs: {
+ dns_rdata_hs_a_t hs_a;
+ result = dns_rdata_tostruct(rdata, sp = &hs_a, NULL);
+ break;
+ }
+ case dns_rdataclass_in: {
+ dns_rdata_in_a_t in_a;
+ result = dns_rdata_tostruct(rdata, sp = &in_a, NULL);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ break;
+ }
+ case dns_rdatatype_aaaa: {
+ dns_rdata_in_aaaa_t in_aaaa;
+ result = dns_rdata_tostruct(rdata, sp = &in_aaaa, NULL);
+ break;
+ }
+ case dns_rdatatype_afsdb: {
+ dns_rdata_afsdb_t afsdb;
+ result = dns_rdata_tostruct(rdata, sp = &afsdb, NULL);
+ break;
+ }
+ case dns_rdatatype_any: {
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ case dns_rdatatype_apl: {
+ switch (rdata->rdclass) {
+ case dns_rdataclass_in: {
+ dns_rdata_in_apl_t in_apl;
+ result = dns_rdata_tostruct(rdata, sp = &in_apl, NULL);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ break;
+ }
+ case dns_rdatatype_cert: {
+ dns_rdata_cert_t cert;
+ result = dns_rdata_tostruct(rdata, sp = &cert, NULL);
+ break;
+ }
+ case dns_rdatatype_cname: {
+ dns_rdata_cname_t cname;
+ result = dns_rdata_tostruct(rdata, sp = &cname, NULL);
+ break;
+ }
+ case dns_rdatatype_dname: {
+ dns_rdata_dname_t dname;
+ result = dns_rdata_tostruct(rdata, sp = &dname, NULL);
+ break;
+ }
+ case dns_rdatatype_gpos: {
+ dns_rdata_gpos_t gpos;
+ result = dns_rdata_tostruct(rdata, sp = &gpos, NULL);
+ break;
+ }
+ case dns_rdatatype_hinfo: {
+ dns_rdata_hinfo_t hinfo;
+ result = dns_rdata_tostruct(rdata, sp = &hinfo, NULL);
+ break;
+ }
+ case dns_rdatatype_isdn: {
+ dns_rdata_isdn_t isdn;
+ result = dns_rdata_tostruct(rdata, sp = &isdn, NULL);
+ break;
+ }
+ case dns_rdatatype_key: {
+ dns_rdata_key_t key;
+ result = dns_rdata_tostruct(rdata, sp = &key, NULL);
+ break;
+ }
+ case dns_rdatatype_kx: {
+ dns_rdata_in_kx_t in_kx;
+ result = dns_rdata_tostruct(rdata, sp = &in_kx, NULL);
+ break;
+ }
+ case dns_rdatatype_loc: {
+ dns_rdata_loc_t loc;
+ result = dns_rdata_tostruct(rdata, sp = &loc, NULL);
+ break;
+ }
+ case dns_rdatatype_mb: {
+ dns_rdata_mb_t mb;
+ result = dns_rdata_tostruct(rdata, sp = &mb, NULL);
+ break;
+ }
+ case dns_rdatatype_md: {
+ dns_rdata_md_t md;
+ result = dns_rdata_tostruct(rdata, sp = &md, NULL);
+ break;
+ }
+ case dns_rdatatype_mf: {
+ dns_rdata_mf_t mf;
+ result = dns_rdata_tostruct(rdata, sp = &mf, NULL);
+ break;
+ }
+ case dns_rdatatype_mg: {
+ dns_rdata_mg_t mg;
+ result = dns_rdata_tostruct(rdata, sp = &mg, NULL);
+ break;
+ }
+ case dns_rdatatype_minfo: {
+ dns_rdata_minfo_t minfo;
+ result = dns_rdata_tostruct(rdata, sp = &minfo, NULL);
+ break;
+ }
+ case dns_rdatatype_mr: {
+ dns_rdata_mr_t mr;
+ result = dns_rdata_tostruct(rdata, sp = &mr, NULL);
+ break;
+ }
+ case dns_rdatatype_mx: {
+ dns_rdata_mx_t mx;
+ result = dns_rdata_tostruct(rdata, sp = &mx, NULL);
+ break;
+ }
+ case dns_rdatatype_naptr: {
+ dns_rdata_in_naptr_t in_naptr;
+ result = dns_rdata_tostruct(rdata, sp = &in_naptr, NULL);
+ break;
+ }
+ case dns_rdatatype_ns: {
+ dns_rdata_ns_t ns;
+ result = dns_rdata_tostruct(rdata, sp = &ns, NULL);
+ break;
+ }
+ case dns_rdatatype_nsap: {
+ dns_rdata_in_nsap_t in_nsap;
+ result = dns_rdata_tostruct(rdata, sp = &in_nsap, NULL);
+ break;
+ }
+ case dns_rdatatype_nsap_ptr: {
+ dns_rdata_in_nsap_ptr_t in_nsap_ptr;
+ result = dns_rdata_tostruct(rdata, sp = &in_nsap_ptr, NULL);
+ break;
+ }
+ case dns_rdatatype_null: {
+ dns_rdata_null_t null;
+ result = dns_rdata_tostruct(rdata, sp = &null, NULL);
+ break;
+ }
+ case dns_rdatatype_nxt: {
+ dns_rdata_nxt_t nxt;
+ result = dns_rdata_tostruct(rdata, sp = &nxt, NULL);
+ break;
+ }
+ case dns_rdatatype_opt: {
+ dns_rdata_opt_t opt;
+ result = dns_rdata_tostruct(rdata, sp = &opt, NULL);
+ break;
+ }
+ case dns_rdatatype_ptr: {
+ dns_rdata_ptr_t ptr;
+ result = dns_rdata_tostruct(rdata, sp = &ptr, NULL);
+ break;
+ }
+ case dns_rdatatype_px: {
+ dns_rdata_in_px_t in_px;
+ result = dns_rdata_tostruct(rdata, sp = &in_px, NULL);
+ break;
+ }
+ case dns_rdatatype_rp: {
+ dns_rdata_rp_t rp;
+ result = dns_rdata_tostruct(rdata, sp = &rp, NULL);
+ break;
+ }
+ case dns_rdatatype_rt: {
+ dns_rdata_rt_t rt;
+ result = dns_rdata_tostruct(rdata, sp = &rt, NULL);
+ break;
+ }
+ case dns_rdatatype_sig: {
+ dns_rdata_sig_t sig;
+ result = dns_rdata_tostruct(rdata, sp = &sig, NULL);
+ break;
+ }
+ case dns_rdatatype_soa: {
+ dns_rdata_soa_t soa;
+ result = dns_rdata_tostruct(rdata, sp = &soa, NULL);
+ break;
+ }
+ case dns_rdatatype_srv: {
+ dns_rdata_in_srv_t in_srv;
+ result = dns_rdata_tostruct(rdata, sp = &in_srv, NULL);
+ break;
+ }
+ case dns_rdatatype_tkey: {
+ dns_rdata_tkey_t tkey;
+ result = dns_rdata_tostruct(rdata, sp = &tkey, NULL);
+ break;
+ }
+ case dns_rdatatype_tsig: {
+ dns_rdata_any_tsig_t tsig;
+ result = dns_rdata_tostruct(rdata, sp = &tsig, NULL);
+ break;
+ }
+ case dns_rdatatype_txt: {
+ dns_rdata_txt_t txt;
+ result = dns_rdata_tostruct(rdata, sp = &txt, NULL);
+ break;
+ }
+ case dns_rdatatype_spf: {
+ dns_rdata_spf_t spf;
+ result = dns_rdata_tostruct(rdata, sp = &spf, NULL);
+ break;
+ }
+ case dns_rdatatype_unspec: {
+ dns_rdata_unspec_t unspec;
+ result = dns_rdata_tostruct(rdata, sp = &unspec, NULL);
+ break;
+ }
+ case dns_rdatatype_wks: {
+ dns_rdata_in_wks_t in_wks;
+ result = dns_rdata_tostruct(rdata, sp = &in_wks, NULL);
+ break;
+ }
+ case dns_rdatatype_x25: {
+ dns_rdata_x25_t x25;
+ result = dns_rdata_tostruct(rdata, sp = &x25, NULL);
+ break;
+ }
+ case dns_rdatatype_nsec: {
+ dns_rdata_nsec_t nsec;
+ result = dns_rdata_tostruct(rdata, sp = &nsec, NULL);
+ break;
+ }
+ case dns_rdatatype_rrsig: {
+ dns_rdata_rrsig_t rrsig;
+ result = dns_rdata_tostruct(rdata, sp = &rrsig, NULL);
+ break;
+ }
+ case dns_rdatatype_dnskey: {
+ dns_rdata_dnskey_t dnskey;
+ result = dns_rdata_tostruct(rdata, sp = &dnskey, NULL);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ if (result != ISC_R_SUCCESS)
+ fprintf(stdout, "viastruct: tostruct %d %d return %s\n",
+ rdata->type, rdata->rdclass,
+ dns_result_totext(result));
+ else
+ dns_rdata_freestruct(sp);
+
+ switch (rdata->type) {
+ case dns_rdatatype_a6: {
+ dns_rdata_in_a6_t in_a6;
+ result = dns_rdata_tostruct(rdata, sp = &in_a6, mctx);
+ break;
+ }
+ case dns_rdatatype_a: {
+ switch (rdata->rdclass) {
+ case dns_rdataclass_hs: {
+ dns_rdata_hs_a_t hs_a;
+ result = dns_rdata_tostruct(rdata, sp = &hs_a, mctx);
+ break;
+ }
+ case dns_rdataclass_in: {
+ dns_rdata_in_a_t in_a;
+ result = dns_rdata_tostruct(rdata, sp = &in_a, mctx);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ break;
+ }
+ case dns_rdatatype_aaaa: {
+ dns_rdata_in_aaaa_t in_aaaa;
+ result = dns_rdata_tostruct(rdata, sp = &in_aaaa, mctx);
+ break;
+ }
+ case dns_rdatatype_afsdb: {
+ dns_rdata_afsdb_t afsdb;
+ result = dns_rdata_tostruct(rdata, sp = &afsdb, mctx);
+ break;
+ }
+ case dns_rdatatype_any: {
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ case dns_rdatatype_apl: {
+ switch (rdata->rdclass) {
+ case dns_rdataclass_in: {
+ dns_rdata_in_apl_t in_apl;
+ result = dns_rdata_tostruct(rdata, sp = &in_apl, mctx);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ break;
+ }
+ case dns_rdatatype_cert: {
+ dns_rdata_cert_t cert;
+ result = dns_rdata_tostruct(rdata, sp = &cert, mctx);
+ break;
+ }
+ case dns_rdatatype_cname: {
+ dns_rdata_cname_t cname;
+ result = dns_rdata_tostruct(rdata, sp = &cname, mctx);
+ break;
+ }
+ case dns_rdatatype_dname: {
+ dns_rdata_dname_t dname;
+ result = dns_rdata_tostruct(rdata, sp = &dname, mctx);
+ break;
+ }
+ case dns_rdatatype_gpos: {
+ dns_rdata_gpos_t gpos;
+ result = dns_rdata_tostruct(rdata, sp = &gpos, mctx);
+ break;
+ }
+ case dns_rdatatype_hinfo: {
+ dns_rdata_hinfo_t hinfo;
+ result = dns_rdata_tostruct(rdata, sp = &hinfo, mctx);
+ break;
+ }
+ case dns_rdatatype_isdn: {
+ dns_rdata_isdn_t isdn;
+ result = dns_rdata_tostruct(rdata, sp = &isdn, mctx);
+ break;
+ }
+ case dns_rdatatype_key: {
+ dns_rdata_key_t key;
+ result = dns_rdata_tostruct(rdata, sp = &key, mctx);
+ break;
+ }
+ case dns_rdatatype_kx: {
+ dns_rdata_in_kx_t in_kx;
+ result = dns_rdata_tostruct(rdata, sp = &in_kx, mctx);
+ break;
+ }
+ case dns_rdatatype_loc: {
+ dns_rdata_loc_t loc;
+ result = dns_rdata_tostruct(rdata, sp = &loc, mctx);
+ break;
+ }
+ case dns_rdatatype_mb: {
+ dns_rdata_mb_t mb;
+ result = dns_rdata_tostruct(rdata, sp = &mb, mctx);
+ break;
+ }
+ case dns_rdatatype_md: {
+ dns_rdata_md_t md;
+ result = dns_rdata_tostruct(rdata, sp = &md, mctx);
+ break;
+ }
+ case dns_rdatatype_mf: {
+ dns_rdata_mf_t mf;
+ result = dns_rdata_tostruct(rdata, sp = &mf, mctx);
+ break;
+ }
+ case dns_rdatatype_mg: {
+ dns_rdata_mg_t mg;
+ result = dns_rdata_tostruct(rdata, sp = &mg, mctx);
+ break;
+ }
+ case dns_rdatatype_minfo: {
+ dns_rdata_minfo_t minfo;
+ result = dns_rdata_tostruct(rdata, sp = &minfo, mctx);
+ break;
+ }
+ case dns_rdatatype_mr: {
+ dns_rdata_mr_t mr;
+ result = dns_rdata_tostruct(rdata, sp = &mr, mctx);
+ break;
+ }
+ case dns_rdatatype_mx: {
+ dns_rdata_mx_t mx;
+ result = dns_rdata_tostruct(rdata, sp = &mx, mctx);
+ break;
+ }
+ case dns_rdatatype_naptr: {
+ dns_rdata_in_naptr_t in_naptr;
+ result = dns_rdata_tostruct(rdata, sp = &in_naptr, mctx);
+ break;
+ }
+ case dns_rdatatype_ns: {
+ dns_rdata_ns_t ns;
+ result = dns_rdata_tostruct(rdata, sp = &ns, mctx);
+ break;
+ }
+ case dns_rdatatype_nsap: {
+ dns_rdata_in_nsap_t in_nsap;
+ result = dns_rdata_tostruct(rdata, sp = &in_nsap, mctx);
+ break;
+ }
+ case dns_rdatatype_nsap_ptr: {
+ dns_rdata_in_nsap_ptr_t in_nsap_ptr;
+ result = dns_rdata_tostruct(rdata, sp = &in_nsap_ptr, mctx);
+ break;
+ }
+ case dns_rdatatype_null: {
+ dns_rdata_null_t null;
+ result = dns_rdata_tostruct(rdata, sp = &null, mctx);
+ break;
+ }
+ case dns_rdatatype_nxt: {
+ dns_rdata_nxt_t nxt;
+ result = dns_rdata_tostruct(rdata, sp = &nxt, mctx);
+ break;
+ }
+ case dns_rdatatype_opt: {
+ dns_rdata_opt_t opt;
+ result = dns_rdata_tostruct(rdata, sp = &opt, mctx);
+ break;
+ }
+ case dns_rdatatype_ptr: {
+ dns_rdata_ptr_t ptr;
+ result = dns_rdata_tostruct(rdata, sp = &ptr, mctx);
+ break;
+ }
+ case dns_rdatatype_px: {
+ dns_rdata_in_px_t in_px;
+ result = dns_rdata_tostruct(rdata, sp = &in_px, mctx);
+ break;
+ }
+ case dns_rdatatype_rp: {
+ dns_rdata_rp_t rp;
+ result = dns_rdata_tostruct(rdata, sp = &rp, mctx);
+ break;
+ }
+ case dns_rdatatype_rt: {
+ dns_rdata_rt_t rt;
+ result = dns_rdata_tostruct(rdata, sp = &rt, mctx);
+ break;
+ }
+ case dns_rdatatype_sig: {
+ dns_rdata_sig_t sig;
+ result = dns_rdata_tostruct(rdata, sp = &sig, mctx);
+ break;
+ }
+ case dns_rdatatype_soa: {
+ dns_rdata_soa_t soa;
+ result = dns_rdata_tostruct(rdata, sp = &soa, mctx);
+ break;
+ }
+ case dns_rdatatype_srv: {
+ dns_rdata_in_srv_t in_srv;
+ result = dns_rdata_tostruct(rdata, sp = &in_srv, mctx);
+ break;
+ }
+ case dns_rdatatype_tkey: {
+ dns_rdata_tkey_t tkey;
+ result = dns_rdata_tostruct(rdata, sp = &tkey, mctx);
+ break;
+ }
+ case dns_rdatatype_tsig: {
+ dns_rdata_any_tsig_t tsig;
+ result = dns_rdata_tostruct(rdata, sp = &tsig, mctx);
+ break;
+ }
+ case dns_rdatatype_txt: {
+ dns_rdata_txt_t txt;
+ result = dns_rdata_tostruct(rdata, sp = &txt, mctx);
+ break;
+ }
+ case dns_rdatatype_spf: {
+ dns_rdata_spf_t spf;
+ result = dns_rdata_tostruct(rdata, sp = &spf, mctx);
+ break;
+ }
+ case dns_rdatatype_unspec: {
+ dns_rdata_unspec_t unspec;
+ result = dns_rdata_tostruct(rdata, sp = &unspec, mctx);
+ break;
+ }
+ case dns_rdatatype_wks: {
+ dns_rdata_in_wks_t in_wks;
+ result = dns_rdata_tostruct(rdata, sp = &in_wks, mctx);
+ break;
+ }
+ case dns_rdatatype_x25: {
+ dns_rdata_x25_t x25;
+ result = dns_rdata_tostruct(rdata, sp = &x25, mctx);
+ break;
+ }
+ case dns_rdatatype_nsec: {
+ dns_rdata_nsec_t nsec;
+ result = dns_rdata_tostruct(rdata, sp = &nsec, mctx);
+ break;
+ }
+ case dns_rdatatype_rrsig: {
+ dns_rdata_rrsig_t rrsig;
+ result = dns_rdata_tostruct(rdata, sp = &rrsig, mctx);
+ break;
+ }
+ case dns_rdatatype_dnskey: {
+ dns_rdata_dnskey_t dnskey;
+ result = dns_rdata_tostruct(rdata, sp = &dnskey, mctx);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ if (result != ISC_R_SUCCESS)
+ fprintf(stdout, "viastruct: tostruct %d %d return %s\n",
+ rdata->type, rdata->rdclass,
+ dns_result_totext(result));
+ else {
+ need_free = ISC_TRUE;
+
+ rdc = rdata->rdclass;
+ rdt = rdata->type;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, sp, b);
+ if (result != ISC_R_SUCCESS)
+ fprintf(stdout,
+ "viastruct: fromstruct %d %d return %s\n",
+ rdata->type, rdata->rdclass,
+ dns_result_totext(result));
+ else if (rdata->length != rdata2->length ||
+ memcmp(rdata->data, rdata2->data, rdata->length) != 0)
+ {
+ isc_uint32_t i;
+ isc_uint32_t l;
+
+ fprintf(stdout, "viastruct: memcmp failed\n");
+
+ fprintf(stdout, "%d %d\n",
+ rdata->length, rdata2->length);
+ l = rdata->length;
+ if (rdata2->length < l)
+ l = rdata2->length;
+ for (i = 0; i < l; i++)
+ fprintf(stdout, "%02x %02x\n",
+ rdata->data[i], rdata2->data[i]);
+ }
+ }
+#if 0
+ switch (rdata->type) {
+ case dns_rdatatype_a6: {
+ dns_rdata_in_a6_t in_a6;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_a6, b);
+ break;
+ }
+ case dns_rdatatype_a: {
+ switch (rdata->rdclass) {
+ case dns_rdataclass_hs: {
+ dns_rdata_hs_a_t hs_a;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt,
+ &hs_a, b);
+ break;
+ }
+ case dns_rdataclass_in: {
+ dns_rdata_in_a_t in_a;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt,
+ &in_a, b);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ break;
+ }
+ case dns_rdatatype_aaaa: {
+ dns_rdata_in_aaaa_t in_aaaa;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_aaaa, b);
+ break;
+ }
+ case dns_rdatatype_afsdb: {
+ dns_rdata_afsdb_t afsdb;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &afsdb, b);
+ break;
+ }
+ case dns_rdatatype_any: {
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ case dns_rdatatype_apl: {
+ switch (rdata->rdclass) {
+ case dns_rdataclass_in: {
+ dns_rdata_in_apl_t in_apl;
+ result = dns_rdata_fromstruct(rdata, rdc, rdt, &in_apl, b);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+ break;
+ }
+ case dns_rdatatype_cert: {
+ dns_rdata_cert_t cert;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &cert, b);
+ break;
+ }
+ case dns_rdatatype_cname: {
+ dns_rdata_cname_t cname;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &cname, b);
+ break;
+ }
+ case dns_rdatatype_dname: {
+ dns_rdata_dname_t dname;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &dname, b);
+ break;
+ }
+ case dns_rdatatype_gpos: {
+ dns_rdata_gpos_t gpos;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &gpos, b);
+ break;
+ }
+ case dns_rdatatype_hinfo: {
+ dns_rdata_hinfo_t hinfo;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &hinfo, b);
+ break;
+ }
+ case dns_rdatatype_isdn: {
+ dns_rdata_isdn_t isdn;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &isdn, b);
+ break;
+ }
+ case dns_rdatatype_key: {
+ dns_rdata_key_t key;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &key, b);
+ break;
+ }
+ case dns_rdatatype_kx: {
+ dns_rdata_in_kx_t in_kx;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_kx, b);
+ break;
+ }
+ case dns_rdatatype_loc: {
+ dns_rdata_loc_t loc;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &loc, b);
+ break;
+ }
+ case dns_rdatatype_mb: {
+ dns_rdata_mb_t mb;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &mb, b);
+ break;
+ }
+ case dns_rdatatype_md: {
+ dns_rdata_md_t md;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &md, b);
+ break;
+ }
+ case dns_rdatatype_mf: {
+ dns_rdata_mf_t mf;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &mf, b);
+ break;
+ }
+ case dns_rdatatype_mg: {
+ dns_rdata_mg_t mg;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &mg, b);
+ break;
+ }
+ case dns_rdatatype_minfo: {
+ dns_rdata_minfo_t minfo;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &minfo, b);
+ break;
+ }
+ case dns_rdatatype_mr: {
+ dns_rdata_mr_t mr;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &mr, b);
+ break;
+ }
+ case dns_rdatatype_mx: {
+ dns_rdata_mx_t mx;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &mx, b);
+ break;
+ }
+ case dns_rdatatype_naptr: {
+ dns_rdata_in_naptr_t in_naptr;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_naptr, b);
+ break;
+ }
+ case dns_rdatatype_ns: {
+ dns_rdata_ns_t ns;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &ns, b);
+ break;
+ }
+ case dns_rdatatype_nsap: {
+ dns_rdata_in_nsap_t in_nsap;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_nsap, b);
+ break;
+ }
+ case dns_rdatatype_nsap_ptr: {
+ dns_rdata_in_nsap_ptr_t in_nsap_ptr;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_nsap_ptr,
+ b);
+ break;
+ }
+ case dns_rdatatype_null: {
+ dns_rdata_null_t null;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &null, b);
+ break;
+ }
+ case dns_rdatatype_nxt: {
+ dns_rdata_nxt_t nxt;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &nxt, b);
+ break;
+ }
+ case dns_rdatatype_opt: {
+ dns_rdata_opt_t opt;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &opt, b);
+ break;
+ }
+ case dns_rdatatype_ptr: {
+ dns_rdata_ptr_t ptr;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &ptr, b);
+ break;
+ }
+ case dns_rdatatype_px: {
+ dns_rdata_in_px_t in_px;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_px, b);
+ break;
+ }
+ case dns_rdatatype_rp: {
+ dns_rdata_rp_t rp;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &rp, b);
+ break;
+ }
+ case dns_rdatatype_rt: {
+ dns_rdata_rt_t rt;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &rt, b);
+ break;
+ }
+ case dns_rdatatype_sig: {
+ dns_rdata_sig_t sig;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &sig, b);
+ break;
+ }
+ case dns_rdatatype_soa: {
+ dns_rdata_soa_t soa;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &soa, b);
+ break;
+ }
+ case dns_rdatatype_srv: {
+ dns_rdata_in_srv_t in_srv;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_srv, b);
+ break;
+ }
+ case dns_rdatatype_tkey: {
+ dns_rdata_tkey_t tkey;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &tkey, b);
+ break;
+ }
+ case dns_rdatatype_tsig: {
+ dns_rdata_any_tsig_t tsig;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &tsig, b);
+ break;
+ }
+ case dns_rdatatype_txt: {
+ dns_rdata_txt_t txt;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &txt, b);
+ break;
+ }
+ case dns_rdatatype_spf: {
+ dns_rdata_spf_t spf;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &spf, b);
+ break;
+ }
+ case dns_rdatatype_unspec: {
+ dns_rdata_unspec_t unspec;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &unspec, b);
+ break;
+ }
+ case dns_rdatatype_wks: {
+ dns_rdata_in_wks_t in_wks;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_wks, b);
+ break;
+ }
+ case dns_rdatatype_x25: {
+ dns_rdata_x25_t x25;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &x25, b);
+ break;
+ }
+ case dns_rdatatype_nsec: {
+ dns_rdata_nsec_t nsec;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &nsec, b);
+ break;
+ }
+ case dns_rdatatype_rrsig: {
+ dns_rdata_rrsig_t rrsig;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &rrsig, b);
+ break;
+ }
+ case dns_rdatatype_dnskey: {
+ dns_rdata_dnskey_t dnskey;
+ result = dns_rdata_fromstruct(rdata2, rdc, rdt, &dnskey, b);
+ break;
+ }
+ default:
+ result = ISC_R_NOTIMPLEMENTED;
+ break;
+ }
+#endif
+ if (need_free)
+ dns_rdata_freestruct(sp);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_token_t token;
+ isc_result_t result;
+ int quiet = 0;
+ int c;
+ int stats = 0;
+ unsigned int options = 0;
+ dns_rdatatype_t type;
+ dns_rdataclass_t class;
+ dns_rdatatype_t lasttype = 0;
+ char outbuf[16*1024];
+ char inbuf[16*1024];
+ char wirebuf[16*1024];
+ char viabuf[16*1024];
+ isc_buffer_t dbuf;
+ isc_buffer_t tbuf;
+ isc_buffer_t wbuf;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_t last = DNS_RDATA_INIT;
+ int need_eol = 0;
+ int wire = 0;
+ dns_compress_t cctx;
+ dns_decompress_t dctx;
+ int trunc = 0;
+ int add = 0;
+ int len;
+ int zero = 0;
+ int debug = 0;
+ isc_region_t region;
+ int first = 1;
+ int raw = 0;
+ int tostruct = 0;
+
+ while ((c = isc_commandline_parse(argc, argv, "dqswtarzS")) != -1) {
+ switch (c) {
+ case 'd':
+ debug = 1;
+ quiet = 0;
+ break;
+ case 'q':
+ quiet = 1;
+ debug = 0;
+ break;
+ case 's':
+ stats = 1;
+ break;
+ case 'w':
+ wire = 1;
+ break;
+ case 't':
+ trunc = 1;
+ break;
+ case 'a':
+ add = 1;
+ break;
+ case 'z':
+ zero = 1;
+ break;
+ case 'r':
+ raw++;
+ break;
+ case 'S':
+ tostruct++;
+ break;
+ }
+ }
+
+ memset(&dctx, 0, sizeof(dctx));
+ dctx.allowed = DNS_COMPRESS_ALL;
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_lex_create(mctx, 256, &lex) == ISC_R_SUCCESS);
+
+ /*
+ * Set up to lex DNS master file.
+ */
+
+ specials['('] = 1;
+ specials[')'] = 1;
+ specials['"'] = 1;
+ isc_lex_setspecials(lex, specials);
+ options = ISC_LEXOPT_EOL;
+ isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
+
+ RUNTIME_CHECK(isc_lex_openstream(lex, stdin) == ISC_R_SUCCESS);
+
+ dns_rdata_init(&last);
+ while ((result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER,
+ &token)) == ISC_R_SUCCESS) {
+ if (debug) fprintf(stdout, "token.type = %d\n", token.type);
+ if (need_eol) {
+ if (token.type == isc_tokentype_eol)
+ need_eol = 0;
+ continue;
+ }
+ if (token.type == isc_tokentype_eof)
+ break;
+
+ /*
+ * Get type.
+ */
+ if (token.type == isc_tokentype_number) {
+ type = token.value.as_ulong;
+ isc_buffer_init(&tbuf, outbuf, sizeof(outbuf));
+ result = dns_rdatatype_totext(type, &tbuf);
+ fprintf(stdout, "type = %.*s(%d)\n",
+ (int)tbuf.used, (char*)tbuf.base, type);
+ } else if (token.type == isc_tokentype_string) {
+ result = dns_rdatatype_fromtext(&type,
+ &token.value.as_textregion);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout,
+ "dns_rdatatype_fromtext "
+ "returned %s(%d)\n",
+ dns_result_totext(result), result);
+ fflush(stdout);
+ need_eol = 1;
+ continue;
+ }
+ fprintf(stdout, "type = %.*s(%d)\n",
+ (int)token.value.as_textregion.length,
+ token.value.as_textregion.base, type);
+ } else
+ continue;
+
+ result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER,
+ &token);
+ if (result != ISC_R_SUCCESS)
+ break;
+ if (token.type == isc_tokentype_eol)
+ continue;
+ if (token.type == isc_tokentype_eof)
+ break;
+ if (token.type == isc_tokentype_number) {
+ class = token.value.as_ulong;
+ isc_buffer_init(&tbuf, outbuf, sizeof(outbuf));
+ result = dns_rdatatype_totext(class, &tbuf);
+ fprintf(stdout, "class = %.*s(%d)\n",
+ (int)tbuf.used, (char*)tbuf.base, class);
+ } else if (token.type == isc_tokentype_string) {
+ result = dns_rdataclass_fromtext(&class,
+ &token.value.as_textregion);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout, "dns_rdataclass_fromtext "
+ "returned %s(%d)\n",
+ dns_result_totext(result), result);
+ fflush(stdout);
+ need_eol = 1;
+ continue;
+ }
+ fprintf(stdout, "class = %.*s(%d)\n",
+ (int)token.value.as_textregion.length,
+ token.value.as_textregion.base, class);
+ } else
+ continue;
+
+ fflush(stdout);
+ dns_rdata_init(&rdata);
+ isc_buffer_init(&dbuf, inbuf, sizeof(inbuf));
+ result = dns_rdata_fromtext(&rdata, class, type, lex,
+ NULL, 0, mctx, &dbuf,
+ NULL);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout,
+ "dns_rdata_fromtext returned %s(%d)\n",
+ dns_result_totext(result), result);
+ fflush(stdout);
+ continue;
+ }
+ if (raw) {
+ unsigned int i;
+ for (i = 0; i < rdata.length; /* */ ) {
+ fprintf(stdout, "%02x", rdata.data[i]);
+ if ((++i % 20) == 0)
+ fputs("\n", stdout);
+ else
+ if (i == rdata.length)
+ fputs("\n", stdout);
+ else
+ fputs(" ", stdout);
+ }
+ }
+
+ /*
+ * Convert to wire and back?
+ */
+ if (wire) {
+ result = dns_compress_init(&cctx, -1, mctx);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout,
+ "dns_compress_init returned %s(%d)\n",
+ dns_result_totext(result), result);
+ continue;
+ }
+ isc_buffer_init(&wbuf, wirebuf, sizeof(wirebuf));
+ result = dns_rdata_towire(&rdata, &cctx, &wbuf);
+ dns_compress_invalidate(&cctx);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout,
+ "dns_rdata_towire returned %s(%d)\n",
+ dns_result_totext(result), result);
+ continue;
+ }
+ len = wbuf.used - wbuf.current;
+ if (raw > 2) {
+ unsigned int i;
+ fputs("\n", stdout);
+ for (i = 0; i < (unsigned int)len; /* */ ) {
+ fprintf(stdout, "%02x",
+ ((unsigned char*)wbuf.base)[i + wbuf.current]);
+ if ((++i % 20) == 0)
+ fputs("\n", stdout);
+ else
+ if (i == wbuf.used)
+ fputs("\n", stdout);
+ else
+ fputs(" ", stdout);
+ }
+ }
+ if (zero)
+ len = 0;
+ if (trunc)
+ len = (len * 3) / 4;
+ if (add) {
+ isc_buffer_add(&wbuf, len / 4 + 1);
+ len += len / 4 + 1;
+ }
+
+ isc_buffer_setactive(&wbuf, len);
+ dns_rdata_init(&rdata);
+ isc_buffer_init(&dbuf, inbuf, sizeof(inbuf));
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY);
+ result = dns_rdata_fromwire(&rdata, class, type, &wbuf,
+ &dctx, 0, &dbuf);
+ dns_decompress_invalidate(&dctx);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stdout,
+ "dns_rdata_fromwire returned %s(%d)\n",
+ dns_result_totext(result), result);
+ fflush(stdout);
+ continue;
+ }
+ }
+ if (raw > 1) {
+ unsigned int i;
+ fputs("\n", stdout);
+ for (i = 0; i < rdata.length; /* */ ) {
+ fprintf(stdout, "%02x", rdata.data[i]);
+ if ((++i % 20) == 0)
+ fputs("\n", stdout);
+ else
+ if (i == rdata.length)
+ fputs("\n", stdout);
+ else
+ fputs(" ", stdout);
+ }
+ }
+ if (tostruct) {
+ isc_mem_t *mctx2 = NULL;
+ dns_rdata_t rdata2 = DNS_RDATA_INIT;
+ isc_buffer_t vbuf;
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx2)
+ == ISC_R_SUCCESS);
+
+ isc_buffer_init(&vbuf, viabuf, sizeof(viabuf));
+ dns_rdata_init(&rdata2);
+ viastruct(&rdata, mctx2, &rdata2, &vbuf);
+ if (!quiet && stats)
+ isc_mem_stats(mctx2, stdout);
+ isc_mem_destroy(&mctx2);
+ }
+
+ isc_buffer_init(&tbuf, outbuf, sizeof(outbuf));
+ result = dns_rdata_totext(&rdata, NULL, &tbuf);
+ if (result != ISC_R_SUCCESS)
+ fprintf(stdout, "dns_rdata_totext returned %s(%d)\n",
+ dns_result_totext(result), result);
+ else
+ fprintf(stdout, "\"%.*s\"\n",
+ (int)tbuf.used, (char*)tbuf.base);
+ fflush(stdout);
+ if (lasttype == type) {
+ fprintf(stdout, "dns_rdata_compare = %d\n",
+ dns_rdata_compare(&rdata, &last));
+
+ }
+ if (!first) {
+ free(last.data);
+ }
+ dns_rdata_init(&last);
+ region.base = malloc(region.length = rdata.length);
+ if (region.base) {
+ memcpy(region.base, rdata.data, rdata.length);
+ dns_rdata_fromregion(&last, class, type, &region);
+ lasttype = type;
+ first = 0;
+ } else
+ first = 1;
+
+ }
+ if (result != ISC_R_EOF)
+ printf("Result: %s\n", isc_result_totext(result));
+
+ isc_lex_close(lex);
+ isc_lex_destroy(&lex);
+ if (!quiet && stats)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/resolv.conf.sample b/bin/tests/resolv.conf.sample
new file mode 100644
index 0000000..e9e349d
--- /dev/null
+++ b/bin/tests/resolv.conf.sample
@@ -0,0 +1,38 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: resolv.conf.sample,v 1.11 2007/06/19 23:46:59 tbox Exp $
+
+domain jab.fr
+nameserver 194.150.1.2 ; ignore that
+
+; ignore this comment
+
+nameserver 194.150.1.1 # ignore this comment too
+
+a-bad-entry-that-will be ignored
+
+option debug ; foo
+option ndots:10
+
+sortlist 10.0.0.0/255.244.33.0 11.0.0.0
+
+search aaa bbb ccc ddd ; blank stuff
+# search eee fff ggg hhh
+
+#
+# Bar
+### bar bar bar
+#
diff --git a/bin/tests/rwlock_test.c b/bin/tests/rwlock_test.c
new file mode 100644
index 0000000..9aa05b5
--- /dev/null
+++ b/bin/tests/rwlock_test.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rwlock_test.c,v 1.26 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <isc/print.h>
+#include <isc/thread.h>
+#include <isc/rwlock.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#ifdef ISC_PLATFORM_USETHREADS
+
+isc_rwlock_t lock;
+
+static void *
+run1(void *arg) {
+ char *message = arg;
+
+ RUNTIME_CHECK(isc_rwlock_lock(&lock, isc_rwlocktype_read) ==
+ ISC_R_SUCCESS);
+ printf("%s got READ lock\n", message);
+ sleep(1);
+ printf("%s giving up READ lock\n", message);
+ RUNTIME_CHECK(isc_rwlock_unlock(&lock, isc_rwlocktype_read) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_rwlock_lock(&lock, isc_rwlocktype_read) ==
+ ISC_R_SUCCESS);
+ printf("%s got READ lock\n", message);
+ sleep(1);
+ printf("%s giving up READ lock\n", message);
+ RUNTIME_CHECK(isc_rwlock_unlock(&lock, isc_rwlocktype_read) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_rwlock_lock(&lock, isc_rwlocktype_write) ==
+ ISC_R_SUCCESS);
+ printf("%s got WRITE lock\n", message);
+ sleep(1);
+ printf("%s giving up WRITE lock\n", message);
+ RUNTIME_CHECK(isc_rwlock_unlock(&lock, isc_rwlocktype_write) ==
+ ISC_R_SUCCESS);
+ return (NULL);
+}
+
+static void *
+run2(void *arg) {
+ char *message = arg;
+
+ RUNTIME_CHECK(isc_rwlock_lock(&lock, isc_rwlocktype_write) ==
+ ISC_R_SUCCESS);
+ printf("%s got WRITE lock\n", message);
+ sleep(1);
+ printf("%s giving up WRITE lock\n", message);
+ RUNTIME_CHECK(isc_rwlock_unlock(&lock, isc_rwlocktype_write) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_rwlock_lock(&lock, isc_rwlocktype_write) ==
+ ISC_R_SUCCESS);
+ printf("%s got WRITE lock\n", message);
+ sleep(1);
+ printf("%s giving up WRITE lock\n", message);
+ RUNTIME_CHECK(isc_rwlock_unlock(&lock, isc_rwlocktype_write) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_rwlock_lock(&lock, isc_rwlocktype_read) ==
+ ISC_R_SUCCESS);
+ printf("%s got READ lock\n", message);
+ sleep(1);
+ printf("%s giving up READ lock\n", message);
+ RUNTIME_CHECK(isc_rwlock_unlock(&lock, isc_rwlocktype_read) ==
+ ISC_R_SUCCESS);
+ return (NULL);
+}
+
+int
+main(int argc, char *argv[]) {
+ unsigned int nworkers;
+ unsigned int i;
+ isc_thread_t workers[100];
+ char name[100];
+ void *dupname;
+
+ if (argc > 1)
+ nworkers = atoi(argv[1]);
+ else
+ nworkers = 2;
+ if (nworkers > 100)
+ nworkers = 100;
+ printf("%d workers\n", nworkers);
+
+ RUNTIME_CHECK(isc_rwlock_init(&lock, 5, 10) == ISC_R_SUCCESS);
+
+ for (i = 0; i < nworkers; i++) {
+ sprintf(name, "%02u", i);
+ dupname = strdup(name);
+ RUNTIME_CHECK(dupname != NULL);
+ if (i != 0 && i % 3 == 0)
+ RUNTIME_CHECK(isc_thread_create(run1, dupname,
+ &workers[i]) ==
+ ISC_R_SUCCESS);
+ else
+ RUNTIME_CHECK(isc_thread_create(run2, dupname,
+ &workers[i]) ==
+ ISC_R_SUCCESS);
+ }
+
+ for (i = 0; i < nworkers; i++)
+ (void)isc_thread_join(workers[i], NULL);
+
+ isc_rwlock_destroy(&lock);
+
+ return (0);
+}
+
+#else
+
+int
+main(int argc, char *argv[]) {
+ UNUSED(argc);
+ UNUSED(argv);
+ fprintf(stderr, "This test requires threads.\n");
+ return(1);
+}
+
+#endif
diff --git a/bin/tests/serial_test.c b/bin/tests/serial_test.c
new file mode 100644
index 0000000..3cc8ade
--- /dev/null
+++ b/bin/tests/serial_test.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: serial_test.c,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdio.h>
+
+#include <isc/serial.h>
+#include <isc/stdlib.h>
+
+int
+main() {
+ isc_uint32_t a, b;
+ char buf[1024];
+ char *s, *e;
+
+ while (fgets(buf, sizeof(buf), stdin) != NULL) {
+ buf[sizeof(buf) - 1] = '\0';
+ s = buf;
+ a = strtoul(s, &e, 0);
+ if (s == e)
+ continue;
+ s = e;
+ b = strtoul(s, &e, 0);
+ if (s == e)
+ continue;
+ fprintf(stdout, "%u %u gt:%d lt:%d ge:%d le:%d eq:%d ne:%d\n",
+ a, b,
+ isc_serial_gt(a,b), isc_serial_lt(a,b),
+ isc_serial_ge(a,b), isc_serial_le(a,b),
+ isc_serial_eq(a,b), isc_serial_ne(a,b));
+ }
+ return (0);
+}
diff --git a/bin/tests/shutdown_test.c b/bin/tests/shutdown_test.c
new file mode 100644
index 0000000..4b53cd0
--- /dev/null
+++ b/bin/tests/shutdown_test.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: shutdown_test.c,v 1.23 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+typedef struct {
+ isc_mem_t * mctx;
+ isc_task_t * task;
+ isc_timer_t * timer;
+ unsigned int ticks;
+ char name[16];
+ isc_boolean_t exiting;
+ isc_task_t * peer;
+} t_info;
+
+#define MAX_TASKS 3
+#define T2_SHUTDOWNOK (ISC_EVENTCLASS(1024) + 0)
+#define T2_SHUTDOWNDONE (ISC_EVENTCLASS(1024) + 1)
+#define FOO_EVENT (ISC_EVENTCLASS(1024) + 2)
+
+static t_info tasks[MAX_TASKS];
+static unsigned int task_count;
+static isc_taskmgr_t * task_manager;
+static isc_timermgr_t * timer_manager;
+
+static void
+t1_shutdown(isc_task_t *task, isc_event_t *event) {
+ t_info *info = event->ev_arg;
+
+ printf("task %s (%p) t1_shutdown\n", info->name, task);
+ isc_task_detach(&info->task);
+ isc_event_free(&event);
+}
+
+static void
+t2_shutdown(isc_task_t *task, isc_event_t *event) {
+ t_info *info = event->ev_arg;
+
+ printf("task %s (%p) t2_shutdown\n", info->name, task);
+ info->exiting = ISC_TRUE;
+ isc_event_free(&event);
+}
+
+static void
+shutdown_action(isc_task_t *task, isc_event_t *event) {
+ t_info *info = event->ev_arg;
+ isc_event_t *nevent;
+
+ INSIST(event->ev_type == ISC_TASKEVENT_SHUTDOWN);
+
+ printf("task %s (%p) shutdown\n", info->name, task);
+ if (strcmp(info->name, "0") == 0) {
+ isc_timer_detach(&info->timer);
+ nevent = isc_event_allocate(info->mctx, info, T2_SHUTDOWNOK,
+ t2_shutdown, &tasks[1],
+ sizeof(*event));
+ RUNTIME_CHECK(nevent != NULL);
+ info->exiting = ISC_TRUE;
+ isc_task_sendanddetach(&info->peer, &nevent);
+ }
+ isc_event_free(&event);
+}
+
+static void
+foo_event(isc_task_t *task, isc_event_t *event) {
+ printf("task(%p) foo\n", task);
+ isc_event_free(&event);
+}
+
+static void
+tick(isc_task_t *task, isc_event_t *event) {
+ t_info *info = event->ev_arg;
+ isc_event_t *nevent;
+
+ INSIST(event->ev_type == ISC_TIMEREVENT_TICK);
+
+ printf("task %s (%p) tick\n", info->name, task);
+
+ info->ticks++;
+ if (strcmp(info->name, "1") == 0) {
+ if (info->ticks == 10) {
+ RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS);
+ } else if (info->ticks >= 15 && info->exiting) {
+ isc_timer_detach(&info->timer);
+ isc_task_detach(&info->task);
+ nevent = isc_event_allocate(info->mctx, info,
+ T2_SHUTDOWNDONE,
+ t1_shutdown, &tasks[0],
+ sizeof(*event));
+ RUNTIME_CHECK(nevent != NULL);
+ isc_task_send(info->peer, &nevent);
+ isc_task_detach(&info->peer);
+ }
+ } else if (strcmp(info->name, "foo") == 0) {
+ isc_timer_detach(&info->timer);
+ nevent = isc_event_allocate(info->mctx, info,
+ FOO_EVENT,
+ foo_event, task,
+ sizeof(*event));
+ RUNTIME_CHECK(nevent != NULL);
+ isc_task_sendanddetach(&task, &nevent);
+ }
+
+ isc_event_free(&event);
+}
+
+static t_info *
+new_task(isc_mem_t *mctx, const char *name) {
+ t_info *ti;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ RUNTIME_CHECK(task_count < MAX_TASKS);
+ ti = &tasks[task_count];
+ ti->mctx = mctx;
+ ti->task = NULL;
+ ti->timer = NULL;
+ ti->ticks = 0;
+ if (name != NULL) {
+ INSIST(strlen(name) < sizeof(ti->name));
+ strcpy(ti->name, name);
+ } else
+ sprintf(ti->name, "%d", task_count);
+ RUNTIME_CHECK(isc_task_create(task_manager, 0, &ti->task) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(ti->task, shutdown_action, ti) ==
+ ISC_R_SUCCESS);
+
+ isc_time_settoepoch(&expires);
+ isc_interval_set(&interval, 1, 0);
+ RUNTIME_CHECK(isc_timer_create(timer_manager, isc_timertype_ticker,
+ &expires, &interval, ti->task,
+ tick, ti, &ti->timer) ==
+ ISC_R_SUCCESS);
+
+ task_count++;
+
+ return (ti);
+}
+
+int
+main(int argc, char *argv[]) {
+ unsigned int workers;
+ t_info *t1, *t2, *t3;
+ isc_task_t *task;
+ isc_mem_t *mctx, *mctx2;
+
+ RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
+
+ if (argc > 1)
+ workers = atoi(argv[1]);
+ else
+ workers = 2;
+ printf("%d workers\n", workers);
+
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ mctx2 = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx2) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, workers, 0, &task_manager) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timer_manager) ==
+ ISC_R_SUCCESS);
+
+ t1 = new_task(mctx, NULL);
+ t2 = new_task(mctx2, NULL);
+ isc_task_attach(t2->task, &t1->peer);
+ isc_task_attach(t1->task, &t2->peer);
+
+ /*
+ * Test run-triggered shutdown.
+ */
+ t3 = new_task(mctx2, "foo");
+
+ /*
+ * Test implicit shutdown.
+ */
+ task = NULL;
+ RUNTIME_CHECK(isc_task_create(task_manager, 0, &task) ==
+ ISC_R_SUCCESS);
+ isc_task_detach(&task);
+
+ /*
+ * Test anti-zombie code.
+ */
+ RUNTIME_CHECK(isc_task_create(task_manager, 0, &task) ==
+ ISC_R_SUCCESS);
+ isc_task_detach(&task);
+
+ RUNTIME_CHECK(isc_app_run() == ISC_R_SUCCESS);
+
+ isc_taskmgr_destroy(&task_manager);
+ isc_timermgr_destroy(&timer_manager);
+
+ printf("Statistics for mctx:\n");
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+ printf("Statistics for mctx2:\n");
+ isc_mem_stats(mctx2, stdout);
+ isc_mem_destroy(&mctx2);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c
new file mode 100644
index 0000000..f36bbee
--- /dev/null
+++ b/bin/tests/sig0_test.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sig0_test.c,v 1.17 2008/07/22 23:47:04 tbox Exp $ */
+
+#include <config.h>
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/boolean.h>
+#include <isc/assertions.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/error.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/mutex.h>
+#include <isc/net.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include <dns/dnssec.h>
+#include <dns/events.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/masterdump.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rdataset.h>
+#include <dns/resolver.h>
+#include <dns/result.h>
+#include <dns/types.h>
+
+#include <dst/result.h>
+#include <dst/dst.h>
+
+#define CHECK(str, x) { \
+ if ((x) != ISC_R_SUCCESS) { \
+ printf("%s: %s\n", (str), isc_result_totext(x)); \
+ exit(-1); \
+ } \
+}
+
+isc_mutex_t lock;
+dst_key_t *key;
+isc_mem_t *mctx;
+unsigned char qdata[1024], rdata[1024];
+isc_buffer_t qbuffer, rbuffer;
+isc_taskmgr_t *taskmgr;
+isc_entropy_t *ent = NULL;
+isc_task_t *task1;
+isc_log_t *lctx = NULL;
+isc_logconfig_t *logconfig = NULL;
+isc_socket_t *s;
+isc_sockaddr_t address;
+char output[10 * 1024];
+isc_buffer_t outbuf;
+static const dns_master_style_t *style = &dns_master_style_debug;
+
+static void
+senddone(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+
+ REQUIRE(sevent != NULL);
+ REQUIRE(sevent->ev_type == ISC_SOCKEVENT_SENDDONE);
+ REQUIRE(task == task1);
+
+ printf("senddone\n");
+
+ isc_event_free(&event);
+}
+
+static void
+recvdone(isc_task_t *task, isc_event_t *event) {
+ isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+ isc_buffer_t source;
+ isc_result_t result;
+ dns_message_t *response;
+
+ REQUIRE(sevent != NULL);
+ REQUIRE(sevent->ev_type == ISC_SOCKEVENT_RECVDONE);
+ REQUIRE(task == task1);
+
+ printf("recvdone\n");
+ if (sevent->result != ISC_R_SUCCESS) {
+ printf("failed\n");
+ exit(-1);
+ }
+
+ isc_buffer_init(&source, sevent->region.base, sevent->region.length);
+ isc_buffer_add(&source, sevent->n);
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+ result = dns_message_parse(response, &source, 0);
+ CHECK("dns_message_parse", result);
+
+ isc_buffer_init(&outbuf, output, sizeof(output));
+ result = dns_message_totext(response, style, 0, &outbuf);
+ CHECK("dns_message_totext", result);
+ printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
+ (char *)isc_buffer_base(&outbuf));
+
+ dns_message_destroy(&response);
+ isc_event_free(&event);
+
+ isc_app_shutdown();
+}
+
+static void
+buildquery(void) {
+ isc_result_t result;
+ dns_rdataset_t *question = NULL;
+ dns_name_t *qname = NULL;
+ isc_region_t r, inr;
+ dns_message_t *query;
+ char nametext[] = "host.example";
+ isc_buffer_t namesrc, namedst;
+ unsigned char namedata[256];
+ isc_sockaddr_t sa;
+ dns_compress_t cctx;
+
+ query = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
+ CHECK("dns_message_create", result);
+ result = dns_message_setsig0key(query, key);
+ CHECK("dns_message_setsig0key", result);
+
+ result = dns_message_gettemprdataset(query, &question);
+ CHECK("dns_message_gettemprdataset", result);
+ dns_rdataset_init(question);
+ dns_rdataset_makequestion(question, dns_rdataclass_in,
+ dns_rdatatype_a);
+ result = dns_message_gettempname(query, &qname);
+ CHECK("dns_message_gettempname", result);
+ isc_buffer_init(&namesrc, nametext, strlen(nametext));
+ isc_buffer_add(&namesrc, strlen(nametext));
+ isc_buffer_init(&namedst, namedata, sizeof(namedata));
+ dns_name_init(qname, NULL);
+ result = dns_name_fromtext(qname, &namesrc, dns_rootname, ISC_FALSE,
+ &namedst);
+ CHECK("dns_name_fromtext", result);
+ ISC_LIST_APPEND(qname->list, question, link);
+ dns_message_addname(query, qname, DNS_SECTION_QUESTION);
+
+ isc_buffer_init(&qbuffer, qdata, sizeof(qdata));
+
+ result = dns_compress_init(&cctx, -1, mctx);
+ CHECK("dns_compress_init", result);
+ result = dns_message_renderbegin(query, &cctx, &qbuffer);
+ CHECK("dns_message_renderbegin", result);
+ result = dns_message_rendersection(query, DNS_SECTION_QUESTION, 0);
+ CHECK("dns_message_rendersection(question)", result);
+ result = dns_message_rendersection(query, DNS_SECTION_ANSWER, 0);
+ CHECK("dns_message_rendersection(answer)", result);
+ result = dns_message_rendersection(query, DNS_SECTION_AUTHORITY, 0);
+ CHECK("dns_message_rendersection(auth)", result);
+ result = dns_message_rendersection(query, DNS_SECTION_ADDITIONAL, 0);
+ CHECK("dns_message_rendersection(add)", result);
+ result = dns_message_renderend(query);
+ CHECK("dns_message_renderend", result);
+ dns_compress_invalidate(&cctx);
+
+ isc_buffer_init(&outbuf, output, sizeof(output));
+ result = dns_message_totext(query, style, 0, &outbuf);
+ CHECK("dns_message_totext", result);
+ printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
+ (char *)isc_buffer_base(&outbuf));
+
+ isc_buffer_usedregion(&qbuffer, &r);
+ isc_sockaddr_any(&sa);
+ result = isc_socket_bind(s, &sa, 0);
+ CHECK("isc_socket_bind", result);
+ result = isc_socket_sendto(s, &r, task1, senddone, NULL, &address,
+ NULL);
+ CHECK("isc_socket_sendto", result);
+
+ inr.base = rdata;
+ inr.length = sizeof(rdata);
+ result = isc_socket_recv(s, &inr, 1, task1, recvdone, NULL);
+ CHECK("isc_socket_recv", result);
+ dns_message_destroy(&query);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_boolean_t verbose = ISC_FALSE;
+ isc_socketmgr_t *socketmgr;
+ isc_timermgr_t *timermgr;
+ struct in_addr inaddr;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_buffer_t b;
+ int ch;
+ isc_result_t result;
+ in_port_t port = 53;
+
+ RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_mutex_init(&lock) == ISC_R_SUCCESS);
+
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ while ((ch = isc_commandline_parse(argc, argv, "vp:")) != -1) {
+ switch (ch) {
+ case 'v':
+ verbose = ISC_TRUE;
+ break;
+ case 'p':
+ port = (unsigned int)atoi(isc_commandline_argument);
+ break;
+ }
+ }
+
+ RUNTIME_CHECK(isc_entropy_create(mctx, &ent) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dst_lib_init(mctx, ent, 0) == ISC_R_SUCCESS);
+
+ dns_result_register();
+ dst_result_register();
+
+ taskmgr = NULL;
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, 2, 0, &taskmgr) ==
+ ISC_R_SUCCESS);
+ task1 = NULL;
+ RUNTIME_CHECK(isc_task_create(taskmgr, 0, &task1) == ISC_R_SUCCESS);
+
+ timermgr = NULL;
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) == ISC_R_SUCCESS);
+ socketmgr = NULL;
+ RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_log_create(mctx, &lctx, &logconfig) == ISC_R_SUCCESS);
+
+ s = NULL;
+ RUNTIME_CHECK(isc_socket_create(socketmgr, PF_INET,
+ isc_sockettype_udp, &s) ==
+ ISC_R_SUCCESS);
+
+ inaddr.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&address, &inaddr, port);
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&b, "child.example.", strlen("child.example."));
+ isc_buffer_add(&b, strlen("child.example."));
+ result = dns_name_fromtext(name, &b, dns_rootname, ISC_FALSE, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ key = NULL;
+ result = dst_key_fromfile(name, 4017, DNS_KEYALG_DSA,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
+ NULL, mctx, &key);
+ CHECK("dst_key_fromfile", result);
+
+ buildquery();
+
+ (void)isc_app_run();
+
+ isc_task_shutdown(task1);
+ isc_task_detach(&task1);
+ isc_taskmgr_destroy(&taskmgr);
+
+ isc_socket_detach(&s);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ dst_key_free(&key);
+
+ dst_lib_destroy();
+
+ isc_entropy_detach(&ent);
+
+ isc_log_destroy(&lctx);
+
+ if (verbose)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ DESTROYLOCK(&lock);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c
new file mode 100644
index 0000000..c9612f7
--- /dev/null
+++ b/bin/tests/sock_test.c
@@ -0,0 +1,382 @@
+/*
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sock_test.c,v 1.55 2008/07/23 23:27:54 marka Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/task.h>
+#include <isc/socket.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+isc_mem_t *mctx;
+isc_taskmgr_t *manager;
+
+static void
+my_shutdown(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+
+ printf("shutdown %s (%p)\n", name, task);
+ fflush(stdout);
+ isc_event_free(&event);
+}
+
+static void
+my_send(isc_task_t *task, isc_event_t *event) {
+ isc_socket_t *sock;
+ isc_socketevent_t *dev;
+
+ sock = event->ev_sender;
+ dev = (isc_socketevent_t *)event;
+
+ printf("my_send: %s task %p\n\t(sock %p, base %p, length %d, n %d, "
+ "result %d)\n",
+ (char *)(event->ev_arg), task, sock,
+ dev->region.base, dev->region.length,
+ dev->n, dev->result);
+
+ if (dev->result != ISC_R_SUCCESS) {
+ isc_socket_detach(&sock);
+ isc_task_shutdown(task);
+ }
+
+ isc_mem_put(mctx, dev->region.base, dev->region.length);
+
+ isc_event_free(&event);
+}
+
+static void
+my_recv(isc_task_t *task, isc_event_t *event) {
+ isc_socket_t *sock;
+ isc_socketevent_t *dev;
+ isc_region_t region;
+ char buf[1024];
+ char host[256];
+
+ sock = event->ev_sender;
+ dev = (isc_socketevent_t *)event;
+
+ printf("Socket %s (sock %p, base %p, length %d, n %d, result %d)\n",
+ (char *)(event->ev_arg), sock,
+ dev->region.base, dev->region.length,
+ dev->n, dev->result);
+ if (dev->address.type.sa.sa_family == AF_INET6) {
+ inet_ntop(AF_INET6, &dev->address.type.sin6.sin6_addr,
+ host, sizeof(host));
+ printf("\tFrom: %s port %d\n", host,
+ ntohs(dev->address.type.sin6.sin6_port));
+ } else {
+ inet_ntop(AF_INET, &dev->address.type.sin.sin_addr,
+ host, sizeof(host));
+ printf("\tFrom: %s port %d\n", host,
+ ntohs(dev->address.type.sin.sin_port));
+ }
+
+ if (dev->result != ISC_R_SUCCESS) {
+ isc_socket_detach(&sock);
+
+ isc_mem_put(mctx, dev->region.base,
+ dev->region.length);
+ isc_event_free(&event);
+
+ isc_task_shutdown(task);
+ return;
+ }
+
+ /*
+ * Echo the data back.
+ */
+ if (strcmp(event->ev_arg, "so2") != 0) {
+ region = dev->region;
+ sprintf(buf, "\r\nReceived: %.*s\r\n\r\n",
+ (int)dev->n, (char *)region.base);
+ region.base = isc_mem_get(mctx, strlen(buf) + 1);
+ region.length = strlen(buf) + 1;
+ strcpy((char *)region.base, buf); /* strcpy is safe */
+ isc_socket_send(sock, &region, task, my_send, event->ev_arg);
+ } else {
+ region = dev->region;
+ printf("\r\nReceived: %.*s\r\n\r\n",
+ (int)dev->n, (char *)region.base);
+ }
+
+ isc_socket_recv(sock, &dev->region, 1, task, my_recv, event->ev_arg);
+
+ isc_event_free(&event);
+}
+
+static void
+my_http_get(isc_task_t *task, isc_event_t *event) {
+ isc_socket_t *sock;
+ isc_socketevent_t *dev;
+
+ sock = event->ev_sender;
+ dev = (isc_socketevent_t *)event;
+
+ printf("my_http_get: %s task %p\n\t(sock %p, base %p, length %d, "
+ "n %d, result %d)\n",
+ (char *)(event->ev_arg), task, sock,
+ dev->region.base, dev->region.length,
+ dev->n, dev->result);
+
+ if (dev->result != ISC_R_SUCCESS) {
+ isc_socket_detach(&sock);
+ isc_task_shutdown(task);
+ isc_event_free(&event);
+ return;
+ }
+
+ isc_socket_recv(sock, &dev->region, 1, task, my_recv, event->ev_arg);
+
+ isc_event_free(&event);
+}
+
+static void
+my_connect(isc_task_t *task, isc_event_t *event) {
+ isc_socket_t *sock;
+ isc_socket_connev_t *dev;
+ isc_region_t region;
+ char buf[1024];
+
+ sock = event->ev_sender;
+ dev = (isc_socket_connev_t *)event;
+
+ printf("%s: Connection result: %d\n", (char *)(event->ev_arg),
+ dev->result);
+
+ if (dev->result != ISC_R_SUCCESS) {
+ isc_socket_detach(&sock);
+ isc_event_free(&event);
+ isc_task_shutdown(task);
+ return;
+ }
+
+ /*
+ * Send a GET string, and set up to receive (and just display)
+ * the result.
+ */
+ strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
+ "Connection: Close\r\n\r\n");
+ region.base = isc_mem_get(mctx, strlen(buf) + 1);
+ region.length = strlen(buf) + 1;
+ strcpy((char *)region.base, buf); /* This strcpy is safe. */
+
+ isc_socket_send(sock, &region, task, my_http_get, event->ev_arg);
+
+ isc_event_free(&event);
+}
+
+static void
+my_listen(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+ isc_socket_newconnev_t *dev;
+ isc_region_t region;
+ isc_socket_t *oldsock;
+ isc_task_t *newtask;
+
+ dev = (isc_socket_newconnev_t *)event;
+
+ printf("newcon %s (task %p, oldsock %p, newsock %p, result %d)\n",
+ name, task, event->ev_sender, dev->newsocket, dev->result);
+ fflush(stdout);
+
+ if (dev->result == ISC_R_SUCCESS) {
+ /*
+ * Queue another listen on this socket.
+ */
+ isc_socket_accept(event->ev_sender, task, my_listen,
+ event->ev_arg);
+
+ region.base = isc_mem_get(mctx, 20);
+ region.length = 20;
+
+ /*
+ * Create a new task for this socket, and queue up a
+ * recv on it.
+ */
+ newtask = NULL;
+ RUNTIME_CHECK(isc_task_create(manager, 0, &newtask)
+ == ISC_R_SUCCESS);
+ isc_socket_recv(dev->newsocket, &region, 1,
+ newtask, my_recv, event->ev_arg);
+ isc_task_detach(&newtask);
+ } else {
+ printf("detaching from socket %p\n", event->ev_sender);
+ oldsock = event->ev_sender;
+
+ isc_socket_detach(&oldsock);
+
+ isc_event_free(&event);
+ isc_task_shutdown(task);
+ return;
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+timeout(isc_task_t *task, isc_event_t *event) {
+ isc_socket_t *sock = event->ev_arg;
+
+ printf("Timeout, canceling IO on socket %p (task %p)\n", sock, task);
+
+ isc_socket_cancel(sock, NULL, ISC_SOCKCANCEL_ALL);
+ isc_timer_detach((isc_timer_t **)&event->ev_sender);
+ isc_event_free(&event);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_task_t *t1, *t2;
+ isc_timermgr_t *timgr;
+ isc_time_t expires;
+ isc_interval_t interval;
+ isc_timer_t *ti1;
+ unsigned int workers;
+ isc_socketmgr_t *socketmgr;
+ isc_socket_t *so1, *so2;
+ isc_sockaddr_t sockaddr;
+ struct in_addr ina;
+ struct in6_addr in6a;
+ isc_result_t result;
+ int pf;
+
+ if (argc > 1)
+ workers = atoi(argv[1]);
+ else
+ workers = 2;
+ printf("%d workers\n", workers);
+
+ if (isc_net_probeipv6() == ISC_R_SUCCESS)
+ pf = PF_INET6;
+ else
+ pf = PF_INET;
+
+ /*
+ * EVERYTHING needs a memory context.
+ */
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ /*
+ * The task manager is independent (other than memory context)
+ */
+ manager = NULL;
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, workers, 0, &manager) ==
+ ISC_R_SUCCESS);
+
+ /*
+ * Timer manager depends only on the memory context as well.
+ */
+ timgr = NULL;
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timgr) == ISC_R_SUCCESS);
+
+ t1 = NULL;
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t1) == ISC_R_SUCCESS);
+ t2 = NULL;
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t2) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t1, my_shutdown, "1") ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t2, my_shutdown, "2") ==
+ ISC_R_SUCCESS);
+
+ printf("task 1 = %p\n", t1);
+ printf("task 2 = %p\n", t2);
+
+ socketmgr = NULL;
+ RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
+
+ /*
+ * Open up a listener socket.
+ */
+ so1 = NULL;
+
+ if (pf == PF_INET6) {
+ in6a = in6addr_any;
+ isc_sockaddr_fromin6(&sockaddr, &in6a, 5544);
+ } else {
+ ina.s_addr = INADDR_ANY;
+ isc_sockaddr_fromin(&sockaddr, &ina, 5544);
+ }
+ RUNTIME_CHECK(isc_socket_create(socketmgr, pf, isc_sockettype_tcp,
+ &so1) == ISC_R_SUCCESS);
+ result = isc_socket_bind(so1, &sockaddr, ISC_SOCKET_REUSEADDRESS);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_socket_listen(so1, 0) == ISC_R_SUCCESS);
+
+ /*
+ * Queue up the first accept event.
+ */
+ RUNTIME_CHECK(isc_socket_accept(so1, t1, my_listen, "so1")
+ == ISC_R_SUCCESS);
+ isc_time_settoepoch(&expires);
+ isc_interval_set(&interval, 10, 0);
+ ti1 = NULL;
+ RUNTIME_CHECK(isc_timer_create(timgr, isc_timertype_once, &expires,
+ &interval, t1, timeout, so1, &ti1) ==
+ ISC_R_SUCCESS);
+
+ /*
+ * Open up a socket that will connect to www.flame.org, port 80.
+ * Why not. :)
+ */
+ so2 = NULL;
+ ina.s_addr = inet_addr("204.152.184.97");
+ if (0 && pf == PF_INET6)
+ isc_sockaddr_v6fromin(&sockaddr, &ina, 80);
+ else
+ isc_sockaddr_fromin(&sockaddr, &ina, 80);
+ RUNTIME_CHECK(isc_socket_create(socketmgr, isc_sockaddr_pf(&sockaddr),
+ isc_sockettype_tcp,
+ &so2) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_socket_connect(so2, &sockaddr, t2,
+ my_connect, "so2") == ISC_R_SUCCESS);
+
+ /*
+ * Detaching these is safe, since the socket will attach to the
+ * task for any outstanding requests.
+ */
+ isc_task_detach(&t1);
+ isc_task_detach(&t2);
+
+ /*
+ * Wait a short while.
+ */
+ sleep(10);
+
+ fprintf(stderr, "Destroying socket manager\n");
+ isc_socketmgr_destroy(&socketmgr);
+
+ fprintf(stderr, "Destroying timer manager\n");
+ isc_timermgr_destroy(&timgr);
+
+ fprintf(stderr, "Destroying task manager\n");
+ isc_taskmgr_destroy(&manager);
+
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/sockaddr/Makefile.in b/bin/tests/sockaddr/Makefile.in
new file mode 100644
index 0000000..f0dbbfb
--- /dev/null
+++ b/bin/tests/sockaddr/Makefile.in
@@ -0,0 +1,55 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.21 2007/06/19 23:47:00 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCLIBS = ../../../lib/isc/libisc.@A@
+TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
+
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+TAPILIBS = ../../../lib/tests/libt_api.@A@
+
+DEPLIBS = ${TAPIDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${TAPILIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = t_sockaddr@EXEEXT@
+
+SRCS = t_sockaddr.c
+
+@BIND9_MAKE_RULES@
+
+t_sockaddr@EXEEXT@: t_sockaddr.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_sockaddr.@O@ ${LIBS}
+
+test: t_sockaddr@EXEEXT@
+ -@./t_sockaddr@EXEEXT@ -b @srcdir@ -a
+
+testhelp:
+ @./t_sockaddr@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/sockaddr/t_sockaddr.c b/bin/tests/sockaddr/t_sockaddr.c
new file mode 100644
index 0000000..46003f1
--- /dev/null
+++ b/bin/tests/sockaddr/t_sockaddr.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_sockaddr.c,v 1.14 2007/06/19 23:47:00 tbox Exp $ */
+
+#include <config.h>
+
+#include <isc/netaddr.h>
+#include <isc/result.h>
+#include <isc/sockaddr.h>
+
+#include <tests/t_api.h>
+
+static int
+test_isc_sockaddr_eqaddrprefix(void) {
+ struct in_addr ina_a;
+ struct in_addr ina_b;
+ struct in_addr ina_c;
+ isc_sockaddr_t isa_a;
+ isc_sockaddr_t isa_b;
+ isc_sockaddr_t isa_c;
+
+ if (inet_pton(AF_INET, "194.100.32.87", &ina_a) < 0)
+ return T_FAIL;
+ if (inet_pton(AF_INET, "194.100.32.80", &ina_b) < 0)
+ return T_FAIL;
+ if (inet_pton(AF_INET, "194.101.32.87", &ina_c) < 0)
+ return T_FAIL;
+ isc_sockaddr_fromin(&isa_a, &ina_a, 0);
+ isc_sockaddr_fromin(&isa_b, &ina_b, 42);
+ isc_sockaddr_fromin(&isa_c, &ina_c, 0);
+
+ if (isc_sockaddr_eqaddrprefix(&isa_a, &isa_b, 0) != ISC_TRUE)
+ return T_FAIL;
+ if (isc_sockaddr_eqaddrprefix(&isa_a, &isa_b, 29) != ISC_TRUE)
+ return T_FAIL;
+ if (isc_sockaddr_eqaddrprefix(&isa_a, &isa_b, 30) != ISC_FALSE)
+ return T_FAIL;
+ if (isc_sockaddr_eqaddrprefix(&isa_a, &isa_b, 32) != ISC_FALSE)
+ return T_FAIL;
+ if (isc_sockaddr_eqaddrprefix(&isa_a, &isa_c, 8) != ISC_TRUE)
+ return T_FAIL;
+ if (isc_sockaddr_eqaddrprefix(&isa_a, &isa_c, 16) != ISC_FALSE)
+ return T_FAIL;
+
+ return T_PASS;
+}
+
+static void
+t1(void) {
+ int result;
+ t_assert("isc_sockaddr_eqaddrprefix", 1, T_REQUIRED,
+ "isc_sockaddr_eqaddrprefix() returns ISC_TRUE when "
+ "prefixes of a and b are equal, and ISC_FALSE when "
+ "they are not equal");
+ result = test_isc_sockaddr_eqaddrprefix();
+ t_result(result);
+}
+
+static int
+test_isc_netaddr_masktoprefixlen(void) {
+ struct in_addr na_a;
+ struct in_addr na_b;
+ struct in_addr na_c;
+ struct in_addr na_d;
+ isc_netaddr_t ina_a;
+ isc_netaddr_t ina_b;
+ isc_netaddr_t ina_c;
+ isc_netaddr_t ina_d;
+ unsigned int plen;
+
+ if (inet_pton(AF_INET, "0.0.0.0", &na_a) < 0)
+ return T_FAIL;
+ if (inet_pton(AF_INET, "255.255.255.254", &na_b) < 0)
+ return T_FAIL;
+ if (inet_pton(AF_INET, "255.255.255.255", &na_c) < 0)
+ return T_FAIL;
+ if (inet_pton(AF_INET, "255.255.255.0", &na_d) < 0)
+ return T_FAIL;
+ isc_netaddr_fromin(&ina_a, &na_a);
+ isc_netaddr_fromin(&ina_b, &na_b);
+ isc_netaddr_fromin(&ina_c, &na_c);
+ isc_netaddr_fromin(&ina_d, &na_d);
+
+ if (isc_netaddr_masktoprefixlen(&ina_a, &plen) != ISC_R_SUCCESS)
+ return T_FAIL;
+ if (plen != 0)
+ return T_FAIL;
+
+ if (isc_netaddr_masktoprefixlen(&ina_b, &plen) != ISC_R_SUCCESS)
+ return T_FAIL;
+ if (plen != 31)
+ return T_FAIL;
+
+ if (isc_netaddr_masktoprefixlen(&ina_c, &plen) != ISC_R_SUCCESS)
+ return T_FAIL;
+ if (plen != 32)
+ return T_FAIL;
+
+ if (isc_netaddr_masktoprefixlen(&ina_d, &plen) != ISC_R_SUCCESS)
+ return T_FAIL;
+ if (plen != 24)
+ return T_FAIL;
+
+ return T_PASS;
+}
+
+static void
+t2(void) {
+ int result;
+ t_assert("isc_netaddr_masktoprefixlen", 1, T_REQUIRED,
+ "isc_netaddr_masktoprefixlen() calculates "
+ "correct prefix lengths ");
+ result = test_isc_netaddr_masktoprefixlen();
+ t_result(result);
+}
+
+testspec_t T_testlist[] = {
+ { t1, "isc_sockaddr_eqaddrprefix" },
+ { t2, "isc_netaddr_masktoprefixlen" },
+ { NULL, NULL }
+};
+
diff --git a/bin/tests/sym_test.c b/bin/tests/sym_test.c
new file mode 100644
index 0000000..0daa498
--- /dev/null
+++ b/bin/tests/sym_test.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sym_test.c,v 1.28 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <string.h>
+
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/symtab.h>
+#include <isc/util.h>
+
+isc_mem_t *mctx;
+isc_symtab_t *st;
+
+static void
+undefine_action(char *key, unsigned int type, isc_symvalue_t value, void *arg)
+{
+ UNUSED(arg);
+
+ INSIST(type == 1);
+ isc_mem_free(mctx, key);
+ isc_mem_free(mctx, value.as_pointer);
+}
+
+int
+main(int argc, char *argv[]) {
+ char s[1000], *cp, *key;
+ size_t len;
+ isc_result_t result;
+ isc_symvalue_t value;
+ int trace = 0;
+ int c;
+ isc_symexists_t exists_policy = isc_symexists_reject;
+ isc_boolean_t case_sensitive = ISC_FALSE;
+
+ while ((c = isc_commandline_parse(argc, argv, "tarc")) != -1) {
+ switch (c) {
+ case 't':
+ trace = 1;
+ break;
+ case 'a':
+ exists_policy = isc_symexists_add;
+ break;
+ case 'r':
+ exists_policy = isc_symexists_replace;
+ break;
+ case 'c':
+ case_sensitive = ISC_TRUE;
+ break;
+ }
+ }
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_symtab_create(mctx, 691, undefine_action, NULL,
+ case_sensitive, &st) == ISC_R_SUCCESS);
+
+ while (fgets(s, sizeof(s), stdin) != NULL) {
+ len = strlen(s);
+ if (len > 0U && s[len - 1] == '\n') {
+ s[len - 1] = '\0';
+ len--;
+ }
+
+ cp = s;
+
+ if (cp[0] == '!') {
+ cp++;
+ result = isc_symtab_undefine(st, cp, 1);
+ if (trace || result != ISC_R_SUCCESS)
+ printf("undefine('%s'): %s\n", cp,
+ isc_result_totext(result));
+ } else {
+ key = cp;
+ while (*cp != '\0' && *cp != ' ' && *cp != '\t')
+ cp++;
+ if (*cp == '\0') {
+ result = isc_symtab_lookup(st, key, 0, &value);
+ if (trace || result != ISC_R_SUCCESS) {
+ printf("lookup('%s'): %s", key,
+ isc_result_totext(result));
+ if (result == ISC_R_SUCCESS) {
+ cp = value.as_pointer;
+ printf(", value == '%s'", cp);
+ }
+ printf("\n");
+ }
+ } else {
+ *cp++ = '\0';
+ key = isc_mem_strdup(mctx, key);
+ value.as_pointer = isc_mem_strdup(mctx, cp);
+ result = isc_symtab_define(st, key, 1, value,
+ exists_policy);
+ if (trace || result != ISC_R_SUCCESS) {
+ printf("define('%s', '%s'): %s\n",
+ key, cp,
+ isc_result_totext(result));
+ if (result != ISC_R_SUCCESS)
+ undefine_action(key, 1,
+ value, NULL);
+ }
+ }
+ }
+ }
+
+ isc_symtab_destroy(&st);
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in
new file mode 100644
index 0000000..ef8fc58
--- /dev/null
+++ b/bin/tests/system/Makefile.in
@@ -0,0 +1,45 @@
+# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.31 2008/09/25 04:02:38 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+SUBDIRS = lwresd tkey
+TARGETS =
+
+@BIND9_MAKE_RULES@
+
+# Running the scripts below is bypassed when a separate
+# build directory is used.
+
+check: test
+
+test: subdirs
+ if test -f ./runall.sh; then sh ./runall.sh; fi
+
+testclean clean distclean::
+ if test -f ./cleanall.sh; then sh ./cleanall.sh; fi
+
+distclean::
+ rm -f conf.sh
+
+installdirs:
+
+install::
diff --git a/bin/tests/system/README b/bin/tests/system/README
new file mode 100644
index 0000000..be79650
--- /dev/null
+++ b/bin/tests/system/README
@@ -0,0 +1,54 @@
+Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2000, 2001 Internet Software Consortium.
+See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
+
+This is a simple test environment for running bind9 system tests
+involving multiple name servers.
+
+There are multiple test suites, each in a separate subdirectory and
+involving a different DNS setup. They are:
+
+ dnssec/ DNSSEC tests
+ forward/ Forwarding tests
+ glue/ Glue handling tests
+ limits/ Tests of handling of large data (close to server limits)
+ lwresd/ Tests of the lightweight resolver library and daemon
+ notify/ More NOTIFY tests
+ nsupdate/ Dynamic update and IXFR tests
+ resolver/ Regression tests for resolver bugs that have been fixed
+ (not a complete resolver test suite)
+ stub/ Tests of stub zone functionality
+ unknown/ Unknown type and class tests
+ upforwd/ Update forwarding tests
+ views/ Tests of the "views" statement
+ xfer/ Zone transfer tests
+ xferquota/ Zone transfer quota tests
+
+Typically each test suite sets up 2-5 name servers and then performs
+one or more tests against them. Within the test suite subdirectory,
+each name server has a separate subdirectory containing its
+configuration data. By convention, these subdirectories are named
+"ns1", "ns2", etc.
+
+The tests are completely self-contained and do not require access to
+the real DNS. Generally, one of the test servers (ns1) is set up as a
+root name server and is listed in the hints file of the others.
+
+To enable all servers to run on the same machine, they bind to
+separate virtual IP address on the loopback interface. ns1 runs on
+10.53.0.1, ns2 on 10.53.0.2, etc. Before running any tests, you must
+set up these addresses by running "ifconfig.sh up" as root.
+
+The servers use port 5300 instead of the usual port 53, so they can be
+run without root privileges once the interfaces have been set up.
+
+The tests can be run individually like this:
+
+ sh run.sh xfer
+ sh run.sh notify
+ etc.
+
+To run all the tests, just type "make test".
+
+
+$Id: README,v 1.12 2004/03/05 04:59:12 marka Exp $
diff --git a/bin/tests/system/acl/clean.sh b/bin/tests/system/acl/clean.sh
new file mode 100644
index 0000000..80ce516
--- /dev/null
+++ b/bin/tests/system/acl/clean.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.3 2008/01/10 23:47:01 tbox Exp $
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f dig.out
+rm -f ns2/example.db ns2/tsigzone.db ns2/example.db.jnl ns2/named.conf
+rm -f */named.memstats
diff --git a/bin/tests/system/acl/ns2/named1.conf b/bin/tests/system/acl/ns2/named1.conf
new file mode 100644
index 0000000..b70d1dd
--- /dev/null
+++ b/bin/tests/system/acl/ns2/named1.conf
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named1.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ ixfr-from-differences yes;
+ check-integrity no;
+};
+
+include "../../common/controls.conf";
+
+key one {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+key two {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "tsigzone" {
+ type master;
+ file "tsigzone.db";
+ allow-transfer { !key one; any; };
+};
diff --git a/bin/tests/system/acl/ns2/named2.conf b/bin/tests/system/acl/ns2/named2.conf
new file mode 100644
index 0000000..bcd7e0d
--- /dev/null
+++ b/bin/tests/system/acl/ns2/named2.conf
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named2.conf,v 1.3 2008/01/21 20:38:54 each Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ ixfr-from-differences yes;
+ check-integrity no;
+};
+
+include "../../common/controls.conf";
+
+key one {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+key two {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "tsigzone" {
+ type master;
+ file "tsigzone.db";
+ /*
+ * 0a00::/8 and 10/8 are the same bits, but different address
+ * families. This should *not* match IPv4 queries from 10.*.
+ */
+ allow-transfer { 0a00::/8; !10/8; key one; };
+};
diff --git a/bin/tests/system/acl/ns2/named3.conf b/bin/tests/system/acl/ns2/named3.conf
new file mode 100644
index 0000000..ea2cbcb
--- /dev/null
+++ b/bin/tests/system/acl/ns2/named3.conf
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named3.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ ixfr-from-differences yes;
+ check-integrity no;
+};
+
+include "../../common/controls.conf";
+
+key one {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+key two {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+key three {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+acl reject {
+ !key one; !key two; any;
+};
+
+acl accept {
+ 10.53.0.1; 10.53.0.2;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "tsigzone" {
+ type master;
+ file "tsigzone.db";
+ allow-transfer { !reject; accept; };
+};
diff --git a/bin/tests/system/acl/ns2/named4.conf b/bin/tests/system/acl/ns2/named4.conf
new file mode 100644
index 0000000..99edf7e
--- /dev/null
+++ b/bin/tests/system/acl/ns2/named4.conf
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named4.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ ixfr-from-differences yes;
+ check-integrity no;
+};
+
+include "../../common/controls.conf";
+
+key one {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+key two {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+acl rejectkeys {
+ !key one; !key two; any;
+};
+
+acl rejectaddrs {
+ !10.53.0.1; !10.53.0.2; any;
+};
+
+acl check1 { !key one; 10.53.0.1; };
+
+acl check2 { !key two; 10.53.0.2; };
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "tsigzone" {
+ type master;
+ file "tsigzone.db";
+ allow-transfer { !rejectkeys; !rejectaddrs; !check1; !check2; any; };
+};
diff --git a/bin/tests/system/acl/setup.sh b/bin/tests/system/acl/setup.sh
new file mode 100644
index 0000000..9cc07f1
--- /dev/null
+++ b/bin/tests/system/acl/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.3 2008/01/10 23:47:01 tbox Exp $
+
+sh ../genzone.sh 2 3 >ns2/example.db
+sh ../genzone.sh 2 3 >ns2/tsigzone.db
+cp -f ns2/named1.conf ns2/named.conf
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
new file mode 100644
index 0000000..8d2d564
--- /dev/null
+++ b/bin/tests/system/acl/tests.sh
@@ -0,0 +1,144 @@
+#!/bin/sh
+#
+# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+status=0
+t=0
+
+echo "I:testing basic ACL processing"
+# key "one" should fail
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+# any other key should be fine
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+cp -f ns2/named2.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+sleep 5
+
+# prefix 10/8 should fail
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+# any other address should work, as long as it sends key "one"
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+echo "I:testing nested ACL processing"
+# all combinations of 10.53.0.{1|2} with key {one|two}, should succeed
+cp -f ns2/named3.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+sleep 5
+
+# should succeed
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+# should succeed
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+# should succeed
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+# should succeed
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+# but only one or the other should fail
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; }
+
+# and other values? right out
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
+cp -f ns2/named4.conf ns2/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+sleep 5
+
+# should succeed
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+# should succeed
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
+
+# should fail
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+# should fail
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+# should fail
+t=`expr $t + 1`
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/cacheclean/clean.sh b/bin/tests/system/cacheclean/clean.sh
new file mode 100644
index 0000000..10388ba
--- /dev/null
+++ b/bin/tests/system/cacheclean/clean.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:43 marka Exp $
+
+#
+# Clean up after cache cleaner tests.
+#
+
+rm -f dig.out.ns2
+rm -f */named.memstats
diff --git a/bin/tests/system/cacheclean/dig.batch b/bin/tests/system/cacheclean/dig.batch
new file mode 100644
index 0000000..d185204
--- /dev/null
+++ b/bin/tests/system/cacheclean/dig.batch
@@ -0,0 +1,924 @@
+YA.AKAMAI.com. IN A
+UPR1.UPR.CLU.EDU. IN A
+integra.s-integra.co.JP. IN A
+avalon.iks-jena.de. IN A
+NS1.GLOBALDNS.com. IN A
+NS.RDU.BELLSOUTH.net. IN A
+ns.space.net. IN A
+SUN.MHS-RELAY.AC.UK. IN A
+AYAX.UNIANDES.EDU.CO. IN A
+DNS.NIC.CD. IN A
+NS.DNS.PT. IN A
+NS1.INTERNETSHARE.com. IN A
+MASTER.DNS.BE. IN A
+CATAMOUNT.middlebury.EDU. IN A
+FM03.FM. IN A
+NAAMAK.NCST.ERNET.IN. IN A
+gateway2.BFG.com. IN A
+NS3.NS.ESAT.net. IN A
+DNS1.INTUIT.com. IN A
+DEN-NS2.FWIDCSERVICES.net. IN A
+SOL.UNDPBI.TELEPAC.net. IN A
+NS2.tridog.com. IN A
+DNS2.KW. IN A
+NS2.MAIL.com. IN A
+NS.FIRSTCOM.CL. IN A
+DNS4.QUICKEN.com. IN A
+bofh.cid.net. IN A
+NS1.KRNIC.net. IN A
+NS2.SR.net. IN A
+NS1.TELSTRA.net. IN A
+ns.cafax.SE. IN A
+NS1.DNS.NET.NZ. IN A
+NS.CONCOURSE.com. IN A
+35.32/27.110.16.12.IN-ADDR.ARPA. IN PTR
+CCC.champcable.com. IN A
+NS.RIPE.net. IN A
+NS.NIC.NU. IN A
+KIM.CAMNET.CM. IN A
+DOGON.SOTELMA.net. IN A
+DNS02.FLAME.org. IN A
+NS.MIA.BELLSOUTH.net. IN A
+mail.ok.RU. IN A
+NS.NIC.MX. IN A
+NS2.BERKELEY.EDU. IN A
+SHIKHAR.MOS.COM.NP. IN A
+noc.rrz.Uni-Koeln.de. IN A
+NS.KORNET.net. IN A
+keith.gazpacho.org. IN A
+NS2.appliedtheory.com. IN A
+NS.CERNET.net. IN A
+smtp.ELISTX.com. IN A
+NS-AIT.THNIC.net. IN A
+from.PL. IN A
+mailhub.icann.org. IN A
+SEC1.DNS.UK.PSI.net. IN A
+isrv3-i.isc.org. IN A
+PHLOEM.UOREGON.EDU. IN A
+CTINA.AR. IN A
+DNS2.IAM.NET.MA. IN A
+10.126.39.137.IN-ADDR.ARPA. IN PTR
+DNS.PRINCETON.EDU. IN A
+NS.BELLSOUTH.net. IN A
+NS1.SNS-FELB.DEBIS.com. IN A
+localhost. IN A
+hm6.vt.highmeadow.com. IN A
+SYRUP.hill.com. IN A
+NS99.WAIKATO.AC.NZ. IN A
+NS4.CW.net. IN A
+NS2.SLOWMOE.com. IN A
+ns2.hypa.net. IN A
+ns.sxtyptt.NET.CN. IN A
+NS2.MERCHANTWARE.com. IN A
+uunymdgds1.DOUBLECLICK.net. IN A
+e34.co.us.IBM.com. IN A
+kista.dns.swip.net. IN A
+ZEBRA.UEM.MZ. IN A
+NET2.GENDYN.com. IN A
+NS0.UTK.EDU. IN A
+NS.RELCOM.EU.net. IN A
+DNS0.AXION.BT.CO.UK. IN A
+mail.vhv.com. IN A
+DNS4.UK.MSFT.net. IN A
+NS2.ADNS.net. IN A
+NS1.SEATTLE.US.NETDNS.com. IN A
+NS2.UNIVIE.AC.at. IN A
+NS15B.BOCA15-VERIO.com. IN A
+www.BAYAREA.com. IN CNAME
+ns4.onemain.com. IN A
+NS2.EDIGITALS.com. IN A
+MICHAEL.VATICAN.VA. IN A
+AUSTIN.GH.com. IN A
+sld-ns2.CNNIC.NET.CN. IN A
+NS2.CDC.GOV. IN A
+NS.WATSON.IBM.com. IN A
+NS.NIC.SH. IN A
+NS2.BAHNHOF.net. IN A
+NS-AUTH2.cmates.com. IN A
+ISDMNL.WR.USGS.GOV. IN A
+NS2.COBEX.net. IN A
+MERLE.CIRA.CA. IN A
+NS.UVG.EDU.GT. IN A
+NS1.CWVA.DOUBLECLICK.net. IN A
+eliot.diebold.com. IN A
+NS.ALMADEN.IBM.com. IN A
+NS2.INTERNETSQUARE.com. IN A
+mail.QUEST-NET.com. IN A
+Z1.NS.LHR1.GLOBIX.net. IN A
+DNS1.AVANTEL.NET.MX. IN A
+vh80040.vh8.INFI.net. IN A
+NS.LEB.net. IN A
+NS.DCC.UCHILE.CL. IN A
+CLOUSO.RISQ.QC.CA. IN A
+muenster.westfalen.de. IN A
+us.a1.YIMG.com. IN CNAME
+NS.DEMOS.SU. IN A
+south.NAVPOINT.com. IN A
+netconsult.netconx.de. IN A
+DNS2.btinternet.com. IN A
+NS2.CINE.net. IN A
+castor.cmc.ec.gc.CA. IN A
+EX2-DNS0.AVENUEA.com. IN A
+firewall3.glaxowellcome.com. IN A
+MACU.MA.MT.NP.ELS-GMS.att.net. IN A
+NS.PA. IN A
+TGSERV.TELE.GL. IN A
+KYNSE02.MESSAGESECURE.com. IN A
+GORGON.XTRA.CO.NZ. IN A
+DNS.NIC.IT. IN A
+pop.VERMONTEL.net. IN CNAME
+NS2.REGISTRY.HM. IN A
+NAMESERVER1.CONCENTRIC.net. IN A
+47.131.127.204.IN-ADDR.ARPA. IN PTR
+mailhost.tfm.com. IN A
+NS1.MRC.GM. IN A
+NS.WIDE.AD.JP. IN A
+NS.BTA.NET.CN. IN A
+NS2.ISPC.org. IN A
+BOW.RAIN.FR. IN A
+srs.srs.state.vt.us. IN A
+NS4.WEB2010.com. IN A
+NS.TELECOM.NET.ET. IN A
+NS1.DNS.NET.KH. IN A
+GATEN.JARING.MY. IN A
+shell.nominum.com. IN A
+CHEOPS.ANU.EDU.AU. IN A
+VANGOGH.CS.BERKELEY.EDU. IN A
+NS2.NOC.NULLUS.net. IN A
+NIC.LTH.SE. IN A
+ns.farm.net. IN A
+NS.USEC.SUN.com. IN A
+NS2.YOUR-DOMAIN.com. IN A
+DNS-EAST.PREP.net. IN A
+ns.hcr.net. IN A
+NS-RCH.nortelnetworks.com. IN A
+crl.DEC.com. IN A
+NS.PIXAR.ES. IN A
+MEX1-M-213.UNINET.NET.MX. IN A
+NS.ITU.CH. IN A
+matrix.uwm.EDU.PL. IN A
+gateway1.gmcr.com. IN A
+NS2.DNS.BR. IN A
+foxharp.boston.MA.us. IN MX
+Quest-7.symquest.com. IN A
+NS2.VERIO.net. IN A
+NAME.IAD.GBLX.net. IN A
+NS2.EMIRATES.NET.AE. IN A
+supai.oit.UMASS.EDU. IN A
+QUERN.EPILOGUE.com. IN A
+NS3.TOPICA.com. IN A
+NS1.JERKY.net. IN A
+JTB.BRUNET.BN. IN A
+AUTH100.NS.UU.net. IN A
+BOW.INTNET.DJ. IN A
+OSI2.GUA.net. IN A
+AZMODAN.ULA.VE. IN A
+THUMPER.RPSLMC.EDU. IN A
+ICHU.RCP.NET.PE. IN A
+NS.NIC.AC. IN A
+DNS.NETFLIGHT.com. IN A
+ns2.UTORONTO.CA. IN A
+mail.giffordmed.org. IN A
+RATA.VUW.AC.NZ. IN A
+NS-2.ADMONITOR.net. IN A
+NCC.MOC.KW. IN A
+NS.EUNET.ES. IN A
+NS3.best.com. IN A
+zip.MAIL-LIST.com. IN MX
+JATZ.AARNET.EDU.AU. IN A
+DNS2.MAN.LODZ.PL. IN A
+NS.VERITAS.com. IN A
+218.241.103.199.IN-ADDR.ARPA. IN PTR
+BOW.SNPT.KM. IN A
+Z1.NS.SJC1.GLOBIX.net. IN A
+DNS.NIC.TT. IN A
+MAKISIG.IPHIL.net. IN A
+NS.DK.net. IN A
+NS.NI. IN A
+CIUP1.NCC.UP.PT. IN A
+ns2.verisign-grs.com. IN A
+NS1.UMASS.EDU. IN A
+NS.NEWACCOUNT.net. IN A
+UDNS2.ULTRADNS.net. IN A
+NS2.LATNET.LV. IN A
+info-server.surrey.AC.UK. IN A
+NS2.SQUONK.net. IN A
+NS2.DSO.net. IN A
+www.energyenhancement.org. IN A
+DNS1.BD. IN A
+nl.COMPUWARE.com. IN MX
+NS.DHIRAAGU.MV. IN A
+TRANTOR.UMD.EDU. IN A
+NS.ALCANET.NO. IN A
+Z6.MSFT.AKADNS.com. IN A
+NS4.ync.net. IN A
+CMTU.MT.NS.ELS-GMS.att.net. IN A
+vh40099.vh4.INFI.net. IN A
+ns2.secondary.nl. IN A
+abyssinian.sleepycat.com. IN A
+APHEX.MENTOR.BE. IN A
+webmail.fiberia.com. IN A
+localhost.moonmothers.com. IN A
+NS2.DNS.LU. IN A
+NS.VISUALCOM.ES. IN A
+TONIC.TO. IN A
+NS1.CRSNIC.net. IN A
+trurl.ispid.com.PL. IN A
+datingagentur.de. IN A
+NS2.NSIREGISTRY.net. IN A
+ICE.VIA-NET-WORKS.IE. IN A
+sgi1.map.com. IN A
+NS0.HS0.U-NET.net. IN A
+candle.pha.pa.us. IN A
+NS1.PACIFIC.NET.SG. IN A
+NS.CENIAI.NET.CU. IN A
+NS2.UUCP.NE.JP. IN A
+za.akamaitech.net. IN A
+NS.UCR.AC.CR. IN A
+DNS-02.NS.cs.com. IN A
+dns2.primary.net. IN A
+PAPPSRV.PAPP.UNDP.org. IN A
+NS1.REGME.com. IN A
+DNS.CS.KULEUVEN.AC.BE. IN A
+NS1.VERMONTLAW.net. IN A
+mail.garmontusa.com. IN A
+NS2.SAIPAN.com. IN A
+NS.ARICATRA.com. IN A
+ns2.reedmedia.net. IN A
+NS.NETLAB.SK. IN A
+RELAY.GW.tislabs.com. IN A
+b.ns.tmcs.net. IN A
+NS1.IBL.BM. IN A
+ok.RU. IN A
+NS.RICC.ALMA-ATA.SU. IN A
+KITKA.MARNET.MK. IN A
+dasher.dartmouth.EDU. IN A
+NS0.PLANET-THREE.com. IN A
+KNOCK.SER.BBNPLANET.net. IN A
+tornado.webtech.elk.PL. IN A
+AUTH2.NS.IDT.net. IN A
+host3.VTLEGALAID.org. IN A
+NS.EUNET.SK. IN A
+TULKU.NIC.AR. IN A
+RELAY.CDNNET.CA. IN A
+DNS2.TPSA.PL. IN A
+enterprise.wirbel.com. IN A
+ECNET.EC. IN A
+ENGINE1.UNA.net. IN A
+WYCU.WY.BR.NP.ELS-GMS.att.net. IN A
+ARWENA.NASK.WAW.PL. IN A
+PAC2.NIPR.MIL. IN A
+DAISY.EE.UND.AC.ZA. IN A
+odin.ietf.org. IN A
+dns.kaben-net.de. IN A
+NS2.ALTAVISTA.com. IN A
+CASTOR.TELEGLOBE.net. IN A
+CIR.RED.SV. IN A
+PIJIN.COM.SB. IN A
+NS4.CTCCOM.net. IN A
+NS1.SOL.NO. IN A
+DNS2.TK.MSFT.net. IN A
+NS.BSDI.com. IN A
+NS.SVIANED.nl. IN A
+NS.NOVELL.com. IN A
+NS.LUCKY.net. IN A
+SJC-NS2.SJC.LYCOS.com. IN A
+NS1.OP.net. IN A
+worldnet.att.net. IN A
+APIES.FRD.AC.ZA. IN A
+mail.skiinsurance.com. IN A
+NS.BELNET.BE. IN A
+KOMO.INET.GA. IN A
+EARTH.THEPLANET.net. IN A
+VASCO.USMA.AC.PA. IN A
+GODFEVER.DCCSERVER.com. IN A
+BOS-NS2.BOS.LYCOS.com. IN A
+NS2.GOTO.com. IN A
+NS1.overstock.com. IN A
+NS1-PUBLIC.ZMA.COMPAQ.com. IN A
+ns.ilovedomain.com. IN A
+ns1.anycast.net. IN A
+PASCAL.UPRR.PR. IN A
+NS3-AUTH.SPRINTLINK.net. IN A
+NS1-Y.DNS.PIPEX.net. IN A
+prue.eim.surrey.AC.UK. IN A
+TROLL-GW.GATECH.EDU. IN A
+NS.SIERRATEL.SL. IN A
+ns2.PSHIFT.com. IN A
+NS.ERS.IBM.com. IN A
+ASLAN.OPEN-RSC.org. IN A
+NS2.DOMAIN-REGISTRY.nl. IN A
+uranus.lan-ks.de. IN A
+mail.unlisys.net. IN A
+NS.AUSTRIA.EU.net. IN A
+AUTH01.CONNECT.IE. IN A
+SUN.SCSI.GOV.BY. IN A
+NS1.SIGMAHOSTING.com. IN A
+NS.CAST.EDU.JM. IN A
+DS.NIC.NET.SG. IN A
+PRADES.CESCA.ES. IN A
+ns.sta.NET.CN. IN A
+NSE00.excite.com. IN A
+NS3.ABOVE.net. IN A
+CASBAH.ELDJAZAIR.NET.DZ. IN A
+ASKIA.SOTELMA.ML. IN A
+NS.IDT.net. IN A
+FXCLPR02.IS.CHRYSLER.com. IN A
+SVC00.APNIC.net. IN A
+NS5.DCX.YAHOO.com. IN A
+ns1.ray.net. IN A
+NS.NIC.MC. IN A
+ns.runway.CN.net. IN A
+benoni.uit.NO. IN A
+SCRATCHY.MINDSPRING.net. IN A
+ns1.pcode.com. IN A
+ns1.aha.RU. IN A
+ns2.uwaterloo.CA. IN A
+ns2.NIC.AD.JP. IN A
+a.ns.foxharp.boston.MA.us. IN A
+NS.NIC.IO. IN A
+A-GTLD-SERVERS.dot-god.com. IN A
+SMTP.slac.stanford.EDU. IN A
+52.87.198.209.IN-ADDR.ARPA. IN PTR
+BARNEY.ADVSYS.CO.UK. IN A
+NS1.TELEPAC.PT. IN A
+NICOSIA.CCS.UCY.AC.CY. IN A
+NS.PUNCHDOWN.org. IN A
+SYNAESTHESIA.COGNOSCENTI.org. IN A
+NS2.PLANET-THREE.net. IN A
+DNS.CIT.CORNELL.EDU. IN A
+MODOR.VERISIGN.net. IN A
+SUNSTROKE.IS.RPSLMC.EDU. IN A
+NS2.SEG.net. IN A
+NEMUNAS.SC-UNI.KTU.LT. IN A
+MULGA.CS.MU.OZ.AU. IN A
+NS1.NPLUS.GF. IN A
+ns2.centralinfo.net. IN A
+K.GTLD-SERVERS.net. IN A
+ns1.codelocal.com. IN A
+NS2.IPNS.com. IN A
+NS0.DE.NIC.NU. IN A
+NS.USSR.EU.net. IN A
+NS.INTERNET.SK. IN A
+CORREOS.SEKER.ES. IN A
+mx1.buf.ADELPHIA.net. IN A
+aun.UNINETT.NO. IN A
+NS0.NETANET.com. IN A
+www.MANY-PATHS-ENERGY-ENHANCEMENT.com. IN A
+NS2.STARFIRE.DOUGLAS.MA.us. IN A
+NS3.IKP.PL. IN A
+pns.dtag.de. IN A
+NZ.NS.NIC.NU. IN A
+DAVER.bungi.com. IN A
+gutenberg.bucksnet.com. IN A
+DNS2.IT.net. IN A
+NS2.SNS-UT.DEBIS.com. IN A
+ISI.EDU. IN A
+amethyst.xaos.org. IN A
+PAPPILLOMA.WWEBSVS.com. IN A
+NS2.bock.com. IN A
+NS2.OAR.net. IN A
+MINION.NETPOLICY.com. IN A
+Mail.catic1.com. IN A
+NS4.DNS.space.net. IN A
+b.gtld-servers.ORSC. IN A
+bend.madriver.com. IN A
+NS4.IS-FUN.net. IN A
+NS2.JPS.net. IN A
+NS1.IP-PLUS.net. IN A
+rush.cc1.RPSLMC.EDU. IN A
+NS2.GBMTECH.net. IN A
+DNS.MSEN.com. IN A
+DNSSEC2.SINGNET.COM.SG. IN A
+NS2.HOME.net. IN A
+ACCESS.MBNET.MB.CA. IN A
+DNS0.SPIN.AD.JP. IN A
+Filer.PHOTOTRUST.com. IN A
+jpl.NASA.GOV. IN A
+NS2.TECHNOLOGIA.net. IN A
+bparker.CONNACTIVITY.com. IN A
+NS1.uvm.EDU. IN A
+NS.SENET.net. IN A
+DNS2.UTCC.UTORONTO.CA. IN A
+localhost.costorf.com. IN A
+DNS2.AD. IN A
+HYDRA.HELSINKI.FI. IN A
+NAME.PHX.GBLX.net. IN A
+NS2.FOOL.com. IN A
+NS01-SERVER.CURINFO.AN. IN A
+NS.CR. IN A
+mail.pshift.net. IN A
+NS.IRD.FR. IN A
+NS.UZ. IN A
+DNS.INTELCOM.SM. IN A
+DNS2.UNIV-NKC.MR. IN A
+HNS3.hns.com. IN A
+bay.cs.UTORONTO.CA. IN A
+NS0.BT.net. IN A
+BAYONET.SJMERCURY.com. IN A
+PAN.BIJT.net. IN A
+NAVI.SUBTEND.net. IN A
+NS.CIX.CX. IN A
+waldorf.Informatik.Uni-Dortmund.de. IN A
+NS2.ivillage.com. IN A
+DNS.NIC.XLINK.net. IN A
+NS1.MERCHANTWARE.CON. IN A
+NS.TO.GD-ES.com. IN A
+NS-A.RNC.RO. IN A
+REGGAE.NCREN.net. IN A
+SSS-NL.DENIC.de. IN A
+NS1.TDC.TO. IN A
+NS.NIC.HU. IN A
+JOANNA.WILLIAM.org. IN A
+NS0.IIJ.AD.JP. IN A
+maus.spack.org. IN A
+B.NS.VERIO.net. IN A
+SECDNS.EUNET.BE. IN A
+NS3.EUROPE.YAHOO.com. IN A
+A.ROOT-SERVERS.net. IN A
+sherickpm.com. IN MX
+NS2.MEDIASERVICES.net. IN A
+YARDBIRD.CNS.vt.EDU. IN A
+SUNIC.SUNET.SE. IN A
+NS.MT. IN A
+CNDVG001.usa.net. IN A
+NS1.CX.ESCROW.IOCOMM.NET.CX. IN A
+DNS-02.NS.AOL.com. IN A
+ns2.tesserae.com. IN A
+SV10.BATELCO.COM.BH. IN A
+dec.anr.state.vt.us. IN MX
+3.133.188.192.IN-ADDR.ARPA. IN PTR
+NS1.LONDON.UK.NETDNS.com. IN A
+NS.NIC.MG. IN A
+DNS1.VN. IN A
+DENS20.DEN.nps.GOV. IN A
+z.ip6.INT. IN A
+NS3.TRIVALLEY.com. IN A
+isis.imag.FR. IN A
+NS.SOVAM.com. IN A
+NS-SOA.DARENET.DK. IN A
+NS4.NIC.TV. IN A
+DNSSRV1X.mitre.org. IN A
+GATEKEEPER.NYTIMES.com. IN A
+D.I-DNS.net. IN A
+NS.KOLO.net. IN A
+NS4.FIRSTWORLD.net. IN A
+DECST.CERIST.DZ. IN A
+NS4.DNS.WS. IN A
+NS0.GDGSC.com. IN A
+UCTHPX.UCT.AC.ZA. IN A
+NS2.HOTWIRED.com. IN A
+ns02.ca.us.ibm.net. IN A
+NS2.SPEAKEASY.net. IN A
+TELCOM.ZPTC.CO.ZW. IN A
+NS.DK-HOSTMASTER.DK. IN A
+NS.NIC.LK. IN A
+NS2.zama.net. IN A
+CZ.EUNET.CZ. IN A
+NS.AC.ID. IN A
+NS1.CUBE.de. IN A
+NS1.QUASAR.net. IN A
+NS1.OFFSHORE.AI. IN A
+NS5.NRSITE.com. IN A
+NS.AIC.net. IN A
+OWL.NCC.nps.GOV. IN A
+MAXIM.gbch.net. IN A
+BOW.INTNET.TD. IN A
+ns1.cacheware.com. IN A
+NS2.SPEEDHOST.com. IN A
+NS1.COMMIT.GM. IN A
+NAME.ROC.GBLX.net. IN A
+90.198.245.204.IN-ADDR.ARPA. IN PTR
+BOLOGNA.NETTUNO.IT. IN A
+NIC.IBD.com. IN A
+NS.WESTOL.com. IN A
+time.SOVER.net. IN CNAME
+UNIX1.CS.UMASS.EDU. IN A
+AARDVARK.WR.UMIST.AC.UK. IN A
+NS1.NIC.YU. IN A
+mail.velco.com. IN A
+DNSAUTH2.SYS.GTEI.net. IN A
+NS.TELE.FI. IN A
+state.vt.us. IN MX
+NS.NYC.juno.com. IN A
+NS1.g-world.com. IN A
+AUTH2.AMERICA.net. IN A
+KIRA.ECS.UMASS.EDU. IN A
+CONACYT.GOB.SV. IN A
+DNS.SRCE.HR. IN A
+NS00.ns0.com. IN A
+NS2.CL.BELLSOUTH.net. IN A
+jenner.med.HARVARD.EDU. IN A
+p2.cavebear.com. IN A
+NS1.NIC.JE. IN A
+ORCU.OR.BR.NP.ELS-GMS.att.net. IN A
+NS.XBILL.org. IN A
+WRAITH.CS.UOW.EDU.AU. IN A
+12.159.145.204.IN-ADDR.ARPA. IN PTR
+ns1.pr.SUN.com. IN A
+NS.SPIN.OMNES.net. IN A
+smtp.188.net. IN A
+TERMINAL.2GLOBE.net. IN A
+NS2.HARVARD.EDU. IN A
+NAMESERVER.CNR.IT. IN A
+EARTH.SY. IN A
+DNS2.REACCIUN.VE. IN A
+NS.TMX.COM.NI. IN A
+freefour.acs.rpi.EDU. IN A
+242.84.198.209.IN-ADDR.ARPA. IN PTR
+CORREU.STA.AD. IN A
+NS.DRUKNET.NET.BT. IN A
+NS4.US.PRSERV.net. IN A
+KAASASSUK.GH.GL. IN A
+ECUA.NET.EC. IN A
+NS.CONCYT.GOB.GT. IN A
+NS2.NAP.net. IN A
+DNS2.CN.net. IN A
+MX.NSI.NASA.GOV. IN A
+NS.TDS.net. IN A
+tdns-me1.NETSCAPE.com. IN A
+NS2.METU.EDU.TR. IN A
+NS2.SETARNET.AW. IN A
+87.184.152.204.IN-ADDR.ARPA. IN PTR
+DNS.OMNIWAY.SM. IN A
+NS0.U-NET.net. IN A
+elektro.CMHNET.org. IN A
+ns2.HIGGS.net. IN A
+NS2.SKYNETWEB.com. IN A
+MAGIC.MN. IN A
+NS1.YAHOO.com. IN A
+mx1.cdp.ADELPHIA.net. IN A
+SANTO.VANUATU.COM.VU. IN A
+www.mmuuf.org. IN MX
+ns1.timeheart.net. IN A
+NS2.TOGETHER.net. IN A
+NS.AMNIC.net. IN A
+NS.EENET.EE. IN A
+www.ONLINEPHOTOCONTEST.com. IN A
+VIC20.BLIPP.com. IN A
+DNS.FROGHOUSE.org. IN A
+NS2.ELI.net. IN A
+NS.CAIS.com. IN A
+BAABEN.AFRIQ.net. IN A
+NS2.NJ.EXODUS.net. IN A
+DOMREG.NIC.CH. IN A
+NS.EU.net. IN A
+NS1.DIEBOLD.net. IN A
+NS3.CP.net. IN A
+DNS.FUW.EDU.PL. IN A
+www.retro.com. IN A
+NS2.UNI2.net. IN A
+ns1.alcatrazmedia.com. IN A
+dns6.CP.MSFT.net. IN A
+NS1.SEYCHELLES.net. IN A
+NS2.INTERNIC.net. IN A
+front.macrosoft.WAW.PL. IN A
+NISC.JVNC.net. IN A
+AUTH03.NS.DE.UU.net. IN A
+BURDELL.CC.GATECH.EDU. IN A
+NS4.AH.net. IN A
+ns1.sgh-net.de. IN A
+Leland2.stanford.EDU. IN A
+CBRU.BR.NS.ELS-GMS.att.net. IN A
+DENEB.DOMAINNT.net. IN A
+ns1.ivm.net. IN A
+NS0.CWCI.net. IN A
+35.110.16.12.IN-ADDR.ARPA. IN CNAME
+f.trns. IN A
+ODISEJ.TELEKOM.YU. IN A
+FRCU.EUN.EG. IN A
+NS.HHS.net. IN A
+FOO.GRNET.GR. IN A
+mail.WonderWorks.com. IN A
+NS1.IAFRICA.com. IN A
+NS.KACST.EDU.SA. IN A
+srs.state.vt.us. IN A
+OM4.OMANTEL.NET.OM. IN A
+Yeshua.Christ.com. IN A
+NS1.SIMORGH.com. IN A
+OLKETA.SOLOMON.COM.SB. IN A
+BANBA.DOMAINREGISTRY.IE. IN A
+NOC.IOS.com. IN A
+ns.schnism.net. IN A
+e4.ny.us.IBM.com. IN A
+DNS2.SEANET.com. IN A
+doubt.dd.org. IN A
+AMBER.ELEKTRON.PL. IN A
+gw.rge.com. IN A
+NS2.ZTNET.com. IN A
+NS3.INFI.net. IN A
+ZA.AKADNS.net. IN A
+ESTIA.CSI.FORTH.GR. IN A
+vtagr04.agr.state.vt.us. IN A
+NS1-PUBLIC.ZTX.COMPAQ.com. IN A
+ADMII.ARL.MIL. IN A
+NS.NIXU.FI. IN A
+DNS2.PIONEERNET.net. IN A
+NS.NIC.CL. IN A
+NS2.UTZ. IN A
+NS4.LUXNOC.com. IN A
+NS2.PBI.net. IN A
+annwfn.erfurt.thur.de. IN A
+NS1.MW.mediaone.net. IN A
+NS1.ISU.NET.SA. IN A
+pop.SHOREHAM.net. IN CNAME
+DNS2.GUERNSEY.net. IN A
+NS1.BEACHSHORE.net. IN A
+HKUXB.HKU.HK. IN A
+NS.DOLEH.com. IN A
+NS.hactrn.net. IN A
+MALAKULA.BONDY.IRD.FR. IN A
+NS1.mediaone.net. IN A
+NS2.GPG.com. IN A
+noc.BelWue.de. IN A
+NS2.GIP.net. IN A
+RS.ISLES.net. IN A
+BOW.INTNET.GQ. IN A
+A.OPEN.BY. IN A
+us.i1.YIMG.com. IN CNAME
+athome.wetlogic.net. IN CNAME
+NS1.NIST.GOV. IN A
+mail.jerusalem-mail.com. IN A
+ISDSUN.cr.USGS.GOV. IN A
+NS.BOSTON.juno.com. IN A
+NS2.CADABRA.com. IN A
+nps.GOV. IN MX
+RELAY.HUJI.AC.IL. IN A
+styx.tahina.priv.at. IN A
+ISGATE.IS. IN A
+ns0.lux.dot-eu.org. IN A
+BILBO.NASK.ORG.PL. IN A
+MAIL.TARSUS.com. IN A
+SUN.REDIRIS.ES. IN A
+NS2.NEASE.net. IN A
+OHCU.OH.MT.NP.ELS-GMS.att.net. IN A
+NS2.NF. IN A
+MIRAF-SERVER3.HONDUTEL.HN. IN A
+ns3.worldnet.att.net. IN A
+NS2.NETNAMES.net. IN A
+ITGBOX.IAT.CNR.IT. IN A
+NS2.ADELPHIA.net. IN A
+NS2.RIPN.net. IN A
+NS1.cinenet.net. IN A
+jengate.thur.de. IN A
+NOC.ULCC.JA.net. IN A
+NS.NOC.UZ. IN A
+NS0.JA.net. IN A
+NS2.INR.net. IN A
+netsage.org. IN A
+TERI.USP.AC.FJ. IN A
+NS2.NETSOL.com. IN A
+NS2.ABAC.com. IN A
+NS2.NIC.FR. IN A
+KANIN.ARNES.SI. IN A
+NS.EDU.GU. IN A
+DNS.INRIA.FR. IN A
+HEDNS1.GOOGLE.com. IN A
+asylum.sf.ca.us. IN A
+ACT2.ACT2000.net. IN A
+ICM1.ICP.net. IN A
+202.192.103.198.209.IN-ADDR.ARPA. IN PTR
+ECSEL.jhuapl.EDU. IN A
+NS2.DCNY.DOUBLECLICK.net. IN A
+keith.netsage.org. IN A
+MANTA.OUTREMER.com. IN A
+NS2.globalnetisp.net. IN A
+NS2.CCSRS.net. IN A
+NS1.NL.CONCENTRIC.com. IN A
+NS2.VI.net. IN A
+NS2.NEO.net. IN A
+cgi.MERCURYCENTER.com. IN CNAME
+ORSTOM.RIO.net. IN A
+NS2.CONRADPROMOTIONS.com. IN A
+YARRINA.CONNECT.COM.AU. IN A
+dns03.OPS.usa.net. IN A
+APPSRV.HAITIWORLD.com. IN A
+NS.RELCOM.KZ. IN A
+NS1.MAGIC-MOMENTS.com. IN A
+NS.ALCATEL.com. IN A
+ns2.terra.net. IN A
+NS3.hotmail.com. IN A
+vtc.VSC.EDU. IN MX
+www.vmba.org. IN MX
+NAHOURI.ONATEL.BF. IN A
+SERVER2.INFN.IT. IN A
+NS2.AI-R.com. IN A
+NS1.FREE.net. IN A
+vcmr-54.server.rpi.EDU. IN A
+haig.CS.UCL.AC.UK. IN A
+mail.nova-data.com. IN A
+MOEVAX.EDU.TW. IN A
+NS2.LTWCC.org. IN A
+NS.BA. IN A
+noc.HRZ.uni-bielefeld.de. IN A
+VANILLA.WRO.nps.GOV. IN A
+NS2.SZTAKI.HU. IN A
+SECIU.EDU.UY. IN A
+COL2.CARIBSURF.com. IN A
+NS2.QATAR.NET.QA. IN A
+NS2.E-SYNC.net. IN A
+ns1.eu.SUN.com. IN A
+NS1.UUSJ.DOUBLECLICK.net. IN A
+NS2.CUHK.EDU.HK. IN A
+NS1.MEITCA.com. IN A
+NS2.DSL.net. IN A
+techfac.techfak.uni-bielefeld.de. IN A
+listserv.performancediver.com. IN A
+foolusmf.D4P.net. IN CNAME
+pedic-med.vrx.net. IN A
+GRUMPY.NET.NA. IN A
+BK.tifosi.com. IN A
+ns3.PAIR.com. IN A
+ns2.ar.com. IN A
+MASSIRA.ONPT.NET.MA. IN A
+NS.KBFI.EE. IN A
+ns3.Algebra.com. IN A
+faerber.muc.de. IN MX
+9.206.203.192.IN-ADDR.ARPA. IN PTR
+PUKU.UNZA.ZM. IN A
+ATLNET.ATLONLINE.com. IN A
+Z1.NS.NYC1.GLOBIX.net. IN A
+www.hometownbands.com. IN A
+SIMON.CS.CORNELL.EDU. IN A
+EKEKO.RCPIP.net. IN A
+emerald.itnet.com.PL. IN A
+DNS1.ICS.FORTH.GR. IN A
+NS.ATL.BELLSOUTH.net. IN A
+ntp.ctr.COLUMBIA.EDU. IN CNAME
+NS2.GLOBECOMM.net. IN A
+UUNS1DNS1.FLONETWORK.com. IN A
+GRIN.GNOSH.net. IN A
+NS.DIGSYS.BG. IN A
+uunet.UU.net. IN MX
+ns1.vermontel.com. IN A
+NS2.GREENMOUNTAINACCESS.net. IN A
+38.241.5.198.IN-ADDR.ARPA. IN PTR
+NS1.NIC.UK. IN A
+DNS.FCCN.PT. IN A
+NS2.NIC.TJ. IN A
+NS4.NEWACCOUNT.com. IN A
+NS2.IHUG.NET.NZ. IN A
+NS.SIGNALZ.com. IN A
+DNS.NIC.AD. IN A
+3.2.39.137.IN-ADDR.ARPA. IN PTR
+UUCP-GW-2.PA.DEC.com. IN A
+NS.LANDLORDS.com. IN A
+NS2.EXODUS.net. IN A
+NS2.SCRUZ.net. IN A
+NS.PIPEX-SZ.net. IN A
+saturn.SUN.com. IN A
+e24.nc.us.IBM.com. IN A
+NMS.CYFRONET.KRAKOW.PL. IN A
+NS.TWNIC.net. IN A
+ns2.alcatel.NO. IN A
+INPAKSODNS.AKSO.nps.GOV. IN A
+mail.reptiles.org. IN A
+59.187.152.204.IN-ADDR.ARPA. IN PTR
+ns1.mobydark.com. IN A
+NS.KG. IN A
+NS.SPB.SU. IN A
+PENDRAGON.CS.PURDUE.EDU. IN A
+NS1.IGC.APC.org. IN A
+USDNS.NIC.us. IN A
+NS2.WEBTRENDS.com. IN A
+URANUS.DAIMI.AAU.DK. IN A
+ANTANA.IRD.MG. IN A
+NS.JERSEY.juno.com. IN A
+NS2.INTERNET-TOOLS.com. IN A
+ns-tk012.ocn.AD.JP. IN A
+bvt-ext.gdarm.com. IN A
+NS1.ID. IN A
+NS2.MAHNET.net. IN A
+NS.ALCANET.COM.AU. IN A
+UTAMA.BOLNET.BO. IN A
+NS.CNC.AC.CN. IN A
+NS.KREN.NE.KR. IN A
+NS1.REDHAT.com. IN A
+db.rc.VIX.com. IN A
+198.103.198.209.IN-ADDR.ARPA. IN CNAME
+alf.pbks.PL. IN A
+FLAG.EP.net. IN A
+DNS2.IUNET.IT. IN A
+NS2.QUANTIFIED.net. IN A
+INTERNET-SERVER.ZURICH.IBM.com. IN A
+seaipsvcs.idx.com. IN A
+lebanon.valley.net. IN A
+SERVER.NORDU.net. IN A
+NS.NIC.DO. IN A
+isc-01.iscvt.org. IN A
+NAC.NO. IN A
+SAVA.UTIC.NET.BA. IN A
+NS1.TOKYO.JP.NETDNS.com. IN A
+NETSERV2.ITS.rpi.EDU. IN A
+IFI.UIO.NO. IN A
+www.TOAPLAN.com. IN A
+ns2.the-frontier.org. IN A
+NS.UNAM.MX. IN A
+ARISTO.TAU.AC.IL. IN A
+DNS.CS.WISC.EDU. IN A
+NS1.NIC.IR. IN A
+NS1.RETINA.AR. IN A
+mailer.connriver.net. IN A
+NS.ATI.TN. IN A
+NS2.CLEAR.NET.NZ. IN A
+NS4.EARTHLINK.net. IN A
+mejac.palo-alto.ca.us. IN A
+New-York4.NY.ALTER.net. IN A
+falcon.tallship.net. IN A
+ZEUS.CC.UCY.AC.CY. IN A
+NS2.SECURE.net. IN A
+NS0.FLIRBLE.org. IN A
+dns.zenon.net. IN A
+SERVIDOR.MICROASTUR.ES. IN A
+DOWNSTAGE.MCS.VUW.AC.NZ. IN A
+ns2.GNAC.com. IN A
+PRIFI.EUNET.FI. IN A
+ns2.k12.vt.us. IN A
+ns2.nic.mnet. IN A
+NS0.PIPEX.net. IN A
+NS1.SANFRANCISCO.US.NETDNS.com. IN A
+AMRA.NIC.GOV.JO. IN A
+kw.com.CN. IN MX
+SHNS.163.net. IN A
+NS.ER.USGS.GOV. IN A
+FAITH.MYNET.net. IN A
+mail.smuggs.com. IN A
+MIMOS.MY. IN A
+NS.GU. IN A
+mx00.schlund.de. IN A
+CADDSYS.IPTEK.net. IN A
+NS0.TELIA.NIC.NU. IN A
+NS2.GRANITECANYON.com. IN A
+GATEKEEPER.corning.com. IN A
+NS2.2DAY.com. IN A
+1.0.0.127.IN-ADDR.ARPA. IN PTR
+RAIN.PSG.com. IN A
+STRAWB.MIT.EDU. IN A
+NS2.DIGISERVE.com. IN A
+UMACSN2.UMAC.MO. IN A
+NS.JM. IN A
+12.153.66.206.IN-ADDR.ARPA. IN PTR
+EAST.ISI.EDU. IN A
+NS2.UUNET.CA. IN A
+SUNNY.STAT-USA.GOV. IN A
+BOW.INTNET.CF. IN A
+NS4.TELE.DK. IN A
+NS2.sodak.net. IN A
+NS1.NEWYORK.US.NETDNS.com. IN A
+NS2.PSI.net. IN A
+NS.KREONET.RE.KR. IN A
+GIANT.MINDLINK.net. IN A
+NS0.SECTOR001.org. IN A
+DNS.SEABONE.net. IN A
+NS2.MANA.PF. IN A
+NRWEB.CENPAC.NET.NR. IN A
+www.TRAVELPHOTOCONTESTS.com. IN A
+NS1.REGEX.com. IN A
+BIGBIRD.ITD.nps.GOV. IN A
+CUNIXD.CC.COLUMBIA.EDU. IN A
+NS1.CLASSIFIEDMONSTER.com. IN A
+SERVER1.SANS.org. IN A
+BRONZE.COIL.com. IN A
+SCSNMS.SWITCH.CH. IN A
+SCE.CNC.UNA.PY. IN A
+RELAY.LA.TIS.com. IN A
+NS.AUSTIN.IBM.com. IN A
+SERVICE.robert-morris.EDU. IN A
+MERCURY.ML.org. IN A
+proxy.pccf.net. IN A
+DUB-NAME-SVC-1.compuserve.com. IN A
+NS.CNRI.reston.va.us. IN A
+NS.UCAD.SN. IN A
+ns01.ny.us.ibm.net. IN A
+NS4-AUTH.ALASKA.net. IN A
+BOW.INTNET.NE. IN A
+NS-JP.SINET.AD.JP. IN A
+ns.musin.de. IN A
+ip1.romkey.SEG.net. IN A
+DNS2.ITD.UMICH.EDU. IN A
+mail.rpi.EDU. IN A
+INECO.NIC.ES. IN A
+DNS2.FIREHOUSE.net. IN A
+BOW.INTNET.BJ. IN A
+sundown.vtc.VSC.EDU. IN A
+NIC.AIX.GR. IN A
+NIC.AD.JP. IN A
+NS.DC.IGC.org. IN A
+LHR.NS.GDNS.net. IN A
+NS2.WEBMAGIC.net. IN A
+MUNNARI.OZ.AU. IN A
+HIPPO.RU.AC.ZA. IN A
+PEBBLES.IOM.com. IN A
+penpal.dmz.RPSLMC.EDU. IN A
+netnews.HINET.net. IN A
+INS2.TOSA.TWTELECOM.net. IN A
+proxy6.cisco.com. IN A
+NS2.HOST4U.net. IN A
+POIPARAU.OYSTER.NET.CK. IN A
+NS-EXT.VIX.com. IN A
+NS2.NURSAT.net. IN A
+mail2.kw.com.CN. IN A
+NS-02B.ANS.net. IN A
+DNS.RCCN.net. IN A
+B.ROOT-SERVERS.ORSC. IN A
+FIREHOUSE.net. IN A
diff --git a/bin/tests/system/cacheclean/knowngood.dig.out b/bin/tests/system/cacheclean/knowngood.dig.out
new file mode 100644
index 0000000..a0f087e
--- /dev/null
+++ b/bin/tests/system/cacheclean/knowngood.dig.out
@@ -0,0 +1,953 @@
+YA.AKAMAI.com. 604800 IN A 204.178.118.68
+UPR1.UPR.CLU.EDU. 604800 IN A 136.145.1.4
+integra.s-integra.co.JP. 604800 IN A 210.162.202.34
+avalon.iks-jena.de. 604800 IN A 194.221.90.34
+NS1.GLOBALDNS.com. 604800 IN A 206.253.214.11
+NS.RDU.BELLSOUTH.net. 604800 IN A 205.152.32.20
+ns.space.net. 604800 IN A 195.30.0.1
+SUN.MHS-RELAY.AC.UK. 604800 IN A 128.86.8.25
+AYAX.UNIANDES.EDU.CO. 604800 IN A 157.253.50.30
+DNS.NIC.CD. 604800 IN A 194.38.74.11
+NS.DNS.PT. 604800 IN A 193.136.0.1
+NS1.INTERNETSHARE.com. 604800 IN A 63.207.108.53
+MASTER.DNS.BE. 604800 IN A 194.7.171.243
+CATAMOUNT.middlebury.EDU. 604800 IN A 140.233.2.204
+FM03.FM. 604800 IN A 206.49.89.4
+NAAMAK.NCST.ERNET.IN. 604800 IN A 202.41.110.66
+gateway2.BFG.com. 604800 IN A 166.102.214.66
+NS3.NS.ESAT.net. 604800 IN A 192.111.39.100
+DNS1.INTUIT.com. 604800 IN A 208.157.255.4
+DEN-NS2.FWIDCSERVICES.net. 604800 IN A 216.7.160.32
+SOL.UNDPBI.TELEPAC.net. 604800 IN A 194.65.87.2
+NS2.tridog.com. 604800 IN A 206.168.112.51
+DNS2.KW. 604800 IN A 161.252.48.150
+NS2.MAIL.com. 604800 IN A 165.251.1.3
+NS.FIRSTCOM.CL. 604800 IN A 200.27.2.2
+DNS4.QUICKEN.com. 604800 IN A 198.3.99.252
+bofh.cid.net. 604800 IN A 212.172.21.254
+NS1.KRNIC.net. 604800 IN A 202.30.50.51
+NS2.SR.net. 604800 IN A 200.1.156.11
+NS1.TELSTRA.net. 604800 IN A 139.130.4.5
+ns.cafax.SE. 604800 IN A 192.71.228.17
+NS1.DNS.NET.NZ. 604800 IN A 202.46.161.3
+NS.CONCOURSE.com. 604800 IN A 199.218.113.2
+35.32/27.110.16.12.IN-ADDR.ARPA. 604800 IN PTR mail.nova-data.com.
+CCC.champcable.com. 604800 IN A 207.41.53.11
+NS.RIPE.net. 604800 IN A 193.0.0.193
+NS.NIC.NU. 604800 IN A 128.11.47.50
+KIM.CAMNET.CM. 604800 IN A 195.24.192.35
+DOGON.SOTELMA.net. 604800 IN A 208.144.230.1
+DNS02.FLAME.org. 604800 IN A 204.152.184.97
+NS.MIA.BELLSOUTH.net. 604800 IN A 205.152.16.20
+mail.ok.RU. 604800 IN A 195.2.83.162
+NS.NIC.MX. 604800 IN A 200.23.1.1
+NS2.BERKELEY.EDU. 604800 IN A 128.32.136.12
+NS2.BERKELEY.EDU. 604800 IN A 128.32.206.12
+SHIKHAR.MOS.COM.NP. 604800 IN A 202.52.255.5
+noc.rrz.Uni-Koeln.de. 604800 IN A 134.95.100.209
+NS.KORNET.net. 604800 IN A 168.126.63.1
+keith.gazpacho.org. 604800 IN A 209.67.235.37
+NS2.appliedtheory.com. 604800 IN A 168.75.17.11
+NS.CERNET.net. 604800 IN A 202.112.0.44
+smtp.ELISTX.com. 604800 IN A 209.116.252.130
+NS-AIT.THNIC.net. 604800 IN A 192.41.170.219
+from.PL. 604800 IN A 212.160.132.114
+mailhub.icann.org. 604800 IN A 192.0.34.33
+SEC1.DNS.UK.PSI.net. 604800 IN A 154.32.105.34
+isrv3-i.isc.org. 604800 IN A 204.152.184.87
+PHLOEM.UOREGON.EDU. 604800 IN A 128.223.32.35
+CTINA.AR. 604800 IN A 200.16.97.17
+DNS2.IAM.NET.MA. 604800 IN A 212.217.0.12
+10.126.39.137.IN-ADDR.ARPA. 604800 IN PTR Fddi0-0.New-York4.NY.ALTER.NET.
+DNS.PRINCETON.EDU. 604800 IN A 128.112.129.15
+NS.BELLSOUTH.net. 604800 IN A 205.152.0.5
+NS1.SNS-FELB.DEBIS.com. 604800 IN A 53.122.1.10
+localhost. 604800 IN A 127.0.0.1
+hm6.vt.highmeadow.com. 604800 IN A 207.136.209.6
+SYRUP.hill.com. 604800 IN A 208.162.106.3
+NS99.WAIKATO.AC.NZ. 604800 IN A 130.217.76.27
+NS4.CW.net. 604800 IN A 204.70.49.234
+NS2.SLOWMOE.com. 604800 IN A 137.118.8.50
+ns2.hypa.net. 604800 IN A 63.160.181.11
+ns.sxtyptt.NET.CN. 604800 IN A 202.99.192.68
+NS2.MERCHANTWARE.com. 604800 IN A 209.170.142.35
+uunymdgds1.DOUBLECLICK.net. 604800 IN A 206.65.183.21
+e34.co.us.IBM.com. 604800 IN A 32.97.110.132
+kista.dns.swip.net. 604800 IN A 192.71.220.9
+ZEBRA.UEM.MZ. 604800 IN A 196.3.96.67
+NET2.GENDYN.com. 604800 IN A 204.60.171.9
+NS0.UTK.EDU. 604800 IN A 160.36.0.66
+NS.RELCOM.EU.net. 604800 IN A 193.124.23.3
+DNS0.AXION.BT.CO.UK. 604800 IN A 132.146.5.1
+mail.vhv.com. 604800 IN A 208.5.161.11
+DNS4.UK.MSFT.net. 604800 IN A 213.199.144.152
+NS2.ADNS.net. 604800 IN A 199.5.157.3
+NS1.SEATTLE.US.NETDNS.com. 604800 IN A 206.253.214.13
+NS2.UNIVIE.AC.at. 604800 IN A 193.171.255.66
+NS15B.BOCA15-VERIO.com. 604800 IN A 208.55.91.51
+www.BAYAREA.com. 604800 IN CNAME vh80040.vh8.infi.net.
+ns4.onemain.com. 604800 IN A 63.208.210.11
+NS2.EDIGITALS.com. 604800 IN A 211.39.139.36
+MICHAEL.VATICAN.VA. 604800 IN A 212.77.0.2
+AUSTIN.GH.com. 604800 IN A 196.3.64.1
+sld-ns2.CNNIC.NET.CN. 604800 IN A 202.97.16.197
+NS2.CDC.GOV. 604800 IN A 198.246.96.92
+NS.WATSON.IBM.com. 604800 IN A 198.81.209.2
+NS.NIC.SH. 604800 IN A 194.205.62.60
+NS2.BAHNHOF.net. 604800 IN A 212.85.64.4
+NS-AUTH2.cmates.com. 604800 IN A 208.23.213.3
+ISDMNL.WR.USGS.GOV. 604800 IN A 130.118.4.2
+NS2.COBEX.net. 604800 IN A 207.102.129.72
+MERLE.CIRA.CA. 604800 IN A 64.26.149.98
+NS.UVG.EDU.GT. 604800 IN A 168.234.68.2
+NS1.CWVA.DOUBLECLICK.net. 604800 IN A 205.138.3.20
+eliot.diebold.com. 604800 IN A 204.151.249.21
+NS.ALMADEN.IBM.com. 604800 IN A 198.4.83.35
+NS2.INTERNETSQUARE.com. 604800 IN A 205.227.232.9
+mail.QUEST-NET.com. 604800 IN A 207.140.30.11
+Z1.NS.LHR1.GLOBIX.net. 604800 IN A 212.111.32.38
+DNS1.AVANTEL.NET.MX. 604800 IN A 200.33.213.66
+vh80040.vh8.INFI.net. 604800 IN A 209.97.59.245
+NS.LEB.net. 604800 IN A 206.127.55.2
+NS.DCC.UCHILE.CL. 604800 IN A 146.83.5.204
+CLOUSO.RISQ.QC.CA. 604800 IN A 192.26.210.1
+muenster.westfalen.de. 604800 IN A 193.174.5.2
+us.a1.YIMG.com. 604800 IN CNAME a32.g.a.YIMG.com.
+NS.DEMOS.SU. 604800 IN A 194.87.0.8
+NS.DEMOS.SU. 604800 IN A 194.87.0.9
+south.NAVPOINT.com. 604800 IN A 207.106.42.12
+netconsult.netconx.de. 604800 IN A 193.141.75.1
+DNS2.btinternet.com. 604800 IN A 194.73.73.94
+NS2.CINE.net. 604800 IN A 207.168.250.12
+castor.cmc.ec.gc.CA. 604800 IN A 142.135.4.14
+EX2-DNS0.AVENUEA.com. 604800 IN A 216.34.88.20
+firewall3.glaxowellcome.com. 604800 IN A 192.58.204.207
+MACU.MA.MT.NP.ELS-GMS.att.net. 604800 IN A 199.191.145.136
+NS.PA. 604800 IN A 168.77.8.2
+TGSERV.TELE.GL. 604800 IN A 194.177.224.7
+KYNSE02.MESSAGESECURE.com. 604800 IN A 216.142.252.201
+GORGON.XTRA.CO.NZ. 604800 IN A 202.27.158.34
+DNS.NIC.IT. 604800 IN A 193.205.245.5
+pop.VERMONTEL.net. 604800 IN CNAME loomis.VERMONTEL.net.
+NS2.REGISTRY.HM. 604800 IN A 209.54.168.55
+NAMESERVER1.CONCENTRIC.net. 604800 IN A 207.155.183.73
+47.131.127.204.IN-ADDR.ARPA. 604800 IN PTR mtiwmhc22.worldnet.att.net.
+mailhost.tfm.com. 604800 IN A 192.231.224.11
+NS1.MRC.GM. 604800 IN A 212.60.69.1
+NS.WIDE.AD.JP. 604800 IN A 203.178.136.63
+NS.BTA.NET.CN. 604800 IN A 202.96.0.133
+NS2.ISPC.org. 604800 IN A 209.124.64.11
+BOW.RAIN.FR. 604800 IN A 194.51.3.49
+srs.srs.state.vt.us. 604800 IN A 159.105.101.150
+NS4.WEB2010.com. 604800 IN A 216.157.55.6
+NS.TELECOM.NET.ET. 604800 IN A 196.27.22.43
+NS1.DNS.NET.KH. 604800 IN A 203.127.100.21
+GATEN.JARING.MY. 604800 IN A 161.142.227.17
+shell.nominum.com. 604800 IN A 204.152.187.59
+CHEOPS.ANU.EDU.AU. 604800 IN A 150.203.224.24
+VANGOGH.CS.BERKELEY.EDU. 604800 IN A 128.32.33.5
+NS2.NOC.NULLUS.net. 604800 IN A 63.119.253.254
+NIC.LTH.SE. 604800 IN A 130.235.20.3
+ns.farm.net. 604800 IN A 216.112.179.160
+NS.USEC.SUN.com. 604800 IN A 192.9.48.3
+NS2.YOUR-DOMAIN.com. 604800 IN A 216.167.31.177
+DNS-EAST.PREP.net. 604800 IN A 129.250.252.10
+ns.hcr.net. 604800 IN A 208.240.246.4
+NS-RCH.nortelnetworks.com. 604800 IN A 192.135.215.2
+crl.DEC.com. 604800 IN A 192.58.206.2
+NS.PIXAR.ES. 604800 IN A 194.143.196.3
+MEX1-M-213.UNINET.NET.MX. 604800 IN A 200.33.146.213
+NS.ITU.CH. 604800 IN A 156.106.192.121
+matrix.uwm.EDU.PL. 604800 IN A 213.184.3.136
+gateway1.gmcr.com. 604800 IN A 12.34.108.130
+NS2.DNS.BR. 604800 IN A 200.19.119.99
+foxharp.boston.MA.us. 604800 IN MX 10 bparker.connactivity.com.
+Quest-7.symquest.com. 604800 IN A 64.69.102.131
+NS2.VERIO.net. 604800 IN A 129.250.31.190
+NAME.IAD.GBLX.net. 604800 IN A 204.152.166.155
+NS2.EMIRATES.NET.AE. 604800 IN A 194.170.1.7
+supai.oit.UMASS.EDU. 604800 IN A 128.119.175.6
+QUERN.EPILOGUE.com. 604800 IN A 128.224.1.136
+NS3.TOPICA.com. 604800 IN A 206.111.131.72
+NS1.JERKY.net. 604800 IN A 204.57.55.100
+JTB.BRUNET.BN. 604800 IN A 202.160.8.2
+AUTH100.NS.UU.net. 604800 IN A 198.6.1.202
+BOW.INTNET.DJ. 604800 IN A 193.251.143.253
+OSI2.GUA.net. 604800 IN A 205.161.188.3
+AZMODAN.ULA.VE. 604800 IN A 150.185.130.16
+THUMPER.RPSLMC.EDU. 604800 IN A 144.74.22.8
+ICHU.RCP.NET.PE. 604800 IN A 161.132.5.14
+NS.NIC.AC. 604800 IN A 194.205.62.120
+DNS.NETFLIGHT.com. 604800 IN A 207.88.32.2
+ns2.UTORONTO.CA. 604800 IN A 128.100.102.202
+mail.giffordmed.org. 604800 IN A 130.189.100.51
+RATA.VUW.AC.NZ. 604800 IN A 130.195.2.11
+NS-2.ADMONITOR.net. 604800 IN A 216.35.185.40
+NCC.MOC.KW. 604800 IN A 196.1.69.98
+NS.EUNET.ES. 604800 IN A 193.127.1.11
+NS3.best.com. 604800 IN A 209.24.149.42
+zip.MAIL-LIST.com. 604800 IN MX 5 zip.MAIL-LIST.com.
+zip.MAIL-LIST.com. 604800 IN MX 20 sluice.MAIL-LIST.com.
+zip.MAIL-LIST.com. 604800 IN MX 20 pipeline.MAIL-LIST.com.
+zip.MAIL-LIST.com. 604800 IN MX 20 transport.MAIL-LIST.com.
+zip.MAIL-LIST.com. 604800 IN MX 50 brisk.MAIL-LIST.com.
+zip.MAIL-LIST.com. 604800 IN MX 50 swifty.MAIL-LIST.com.
+zip.MAIL-LIST.com. 604800 IN MX 50 velocity.MAIL-LIST.com.
+JATZ.AARNET.EDU.AU. 604800 IN A 139.130.204.4
+DNS2.MAN.LODZ.PL. 604800 IN A 212.51.192.5
+NS.VERITAS.com. 604800 IN A 204.177.156.38
+218.241.103.199.IN-ADDR.ARPA. 604800 IN PTR abyssinian.sleepycat.com.
+BOW.SNPT.KM. 604800 IN A 195.101.19.253
+Z1.NS.SJC1.GLOBIX.net. 604800 IN A 209.10.34.55
+DNS.NIC.TT. 604800 IN A 24.3.198.194
+MAKISIG.IPHIL.net. 604800 IN A 203.176.28.135
+NS.DK.net. 604800 IN A 193.88.44.42
+NS.NI. 604800 IN A 200.30.36.8
+NS.NI. 604800 IN A 165.98.1.2
+CIUP1.NCC.UP.PT. 604800 IN A 193.136.51.52
+ns2.verisign-grs.com. 604800 IN A 198.41.3.108
+NS1.UMASS.EDU. 604800 IN A 128.119.166.14
+NS.NEWACCOUNT.net. 604800 IN A 216.121.96.26
+UDNS2.ULTRADNS.net. 604800 IN A 204.74.101.1
+NS2.LATNET.LV. 604800 IN A 159.148.108.1
+info-server.surrey.AC.UK. 604800 IN A 131.227.102.6
+NS2.SQUONK.net. 604800 IN A 63.84.12.135
+NS2.DSO.net. 604800 IN A 206.16.77.11
+www.energyenhancement.org. 604800 IN A 216.121.175.228
+DNS1.BD. 604800 IN A 209.58.24.5
+nl.COMPUWARE.com. 604800 IN MX 150 uucp.nl.net.
+nl.COMPUWARE.com. 604800 IN MX 50 bitbucket.extern.uniface.nl.
+nl.COMPUWARE.com. 604800 IN MX 100 smtp.nl.net.
+NS.DHIRAAGU.MV. 604800 IN A 202.1.192.196
+TRANTOR.UMD.EDU. 604800 IN A 128.8.10.14
+NS.ALCANET.NO. 604800 IN A 193.213.238.10
+Z6.MSFT.AKADNS.com. 604800 IN A 207.229.152.20
+NS4.ync.net. 604800 IN A 206.185.20.9
+CMTU.MT.NS.ELS-GMS.att.net. 604800 IN A 12.127.16.69
+vh40099.vh4.INFI.net. 604800 IN A 209.97.59.121
+ns2.secondary.nl. 604800 IN A 194.229.138.6
+abyssinian.sleepycat.com. 604800 IN A 199.103.241.218
+APHEX.MENTOR.BE. 604800 IN A 193.121.64.5
+webmail.fiberia.com. 604800 IN A 216.55.147.2
+localhost.moonmothers.com. 604800 IN A 127.0.0.1
+NS2.DNS.LU. 604800 IN A 158.64.229.3
+NS.VISUALCOM.ES. 604800 IN A 194.143.202.202
+TONIC.TO. 604800 IN A 206.184.59.10
+NS1.CRSNIC.net. 604800 IN A 198.41.3.39
+trurl.ispid.com.PL. 604800 IN A 195.150.99.3
+datingagentur.de. 604800 IN A 212.227.216.57
+NS2.NSIREGISTRY.net. 604800 IN A 198.41.3.108
+ICE.VIA-NET-WORKS.IE. 604800 IN A 212.17.32.2
+sgi1.map.com. 604800 IN A 204.71.19.20
+NS0.HS0.U-NET.net. 604800 IN A 194.119.128.70
+candle.pha.pa.us. 604800 IN A 162.33.245.46
+NS1.PACIFIC.NET.SG. 604800 IN A 192.169.33.3
+NS.CENIAI.NET.CU. 604800 IN A 169.158.128.136
+NS2.UUCP.NE.JP. 604800 IN A 210.141.111.69
+za.akamaitech.net. 604800 IN A 204.178.107.226
+NS.UCR.AC.CR. 604800 IN A 163.178.88.2
+DNS-02.NS.cs.com. 604800 IN A 205.188.157.235
+dns2.primary.net. 604800 IN A 205.242.187.235
+PAPPSRV.PAPP.UNDP.org. 604800 IN A 192.115.229.1
+NS1.REGME.com. 604800 IN A 207.153.57.14
+DNS.CS.KULEUVEN.AC.BE. 604800 IN A 134.58.40.4
+NS1.VERMONTLAW.net. 604800 IN A 63.89.26.15
+mail.garmontusa.com. 604800 IN A 64.30.8.178
+NS2.SAIPAN.com. 604800 IN A 202.128.28.2
+NS.ARICATRA.com. 604800 IN A 206.64.112.114
+ns2.reedmedia.net. 604800 IN A 209.241.86.6
+NS.NETLAB.SK. 604800 IN A 195.168.1.4
+RELAY.GW.tislabs.com. 604800 IN A 192.94.214.100
+b.ns.tmcs.net. 604800 IN A 209.104.33.252
+NS1.IBL.BM. 604800 IN A 199.172.192.1
+ok.RU. 604800 IN A 195.2.83.162
+NS.RICC.ALMA-ATA.SU. 604800 IN A 194.87.112.4
+KITKA.MARNET.MK. 604800 IN A 194.149.131.2
+dasher.dartmouth.EDU. 604800 IN A 129.170.208.6
+NS0.PLANET-THREE.com. 604800 IN A 212.49.219.164
+KNOCK.SER.BBNPLANET.net. 604800 IN A 192.239.16.129
+tornado.webtech.elk.PL. 604800 IN A 212.244.162.100
+AUTH2.NS.IDT.net. 604800 IN A 169.132.133.1
+host3.VTLEGALAID.org. 604800 IN A 207.136.208.115
+NS.EUNET.SK. 604800 IN A 192.108.130.33
+TULKU.NIC.AR. 604800 IN A 200.16.97.77
+RELAY.CDNNET.CA. 604800 IN A 192.73.5.1
+DNS2.TPSA.PL. 604800 IN A 194.204.152.34
+enterprise.wirbel.com. 604800 IN A 194.231.54.2
+ECNET.EC. 604800 IN A 157.100.45.2
+ENGINE1.UNA.net. 604800 IN A 208.136.52.74
+WYCU.WY.BR.NP.ELS-GMS.att.net. 604800 IN A 199.191.128.43
+ARWENA.NASK.WAW.PL. 604800 IN A 193.59.201.28
+PAC2.NIPR.MIL. 604800 IN A 199.252.155.234
+DAISY.EE.UND.AC.ZA. 604800 IN A 146.230.192.18
+odin.ietf.org. 604800 IN A 132.151.1.176
+dns.kaben-net.de. 604800 IN A 195.179.28.17
+NS2.ALTAVISTA.com. 604800 IN A 209.73.164.7
+CASTOR.TELEGLOBE.net. 604800 IN A 199.202.55.2
+CIR.RED.SV. 604800 IN A 168.243.254.1
+PIJIN.COM.SB. 604800 IN A 202.139.42.10
+NS4.CTCCOM.net. 604800 IN A 64.69.100.35
+NS1.SOL.NO. 604800 IN A 195.225.2.10
+DNS2.TK.MSFT.net. 604800 IN A 207.46.232.38
+NS.BSDI.com. 604800 IN A 207.174.116.8
+NS.SVIANED.nl. 604800 IN A 143.177.1.3
+NS.NOVELL.com. 604800 IN A 137.65.1.1
+NS.LUCKY.net. 604800 IN A 193.193.193.100
+SJC-NS2.SJC.LYCOS.com. 604800 IN A 206.79.171.40
+NS1.OP.net. 604800 IN A 209.152.193.4
+worldnet.att.net. 604800 IN A 199.70.151.234
+APIES.FRD.AC.ZA. 604800 IN A 137.214.80.1
+mail.skiinsurance.com. 604800 IN A 207.136.205.152
+NS.BELNET.BE. 604800 IN A 193.190.198.2
+NS.BELNET.BE. 604800 IN A 193.190.198.10
+KOMO.INET.GA. 604800 IN A 208.148.44.1
+EARTH.THEPLANET.net. 604800 IN A 195.92.195.222
+VASCO.USMA.AC.PA. 604800 IN A 208.141.92.2
+GODFEVER.DCCSERVER.com. 604800 IN A 208.137.22.6
+BOS-NS2.BOS.LYCOS.com. 604800 IN A 209.67.228.40
+NS2.GOTO.com. 604800 IN A 204.71.128.137
+NS1.overstock.com. 604800 IN A 207.225.194.13
+NS1-PUBLIC.ZMA.COMPAQ.com. 604800 IN A 161.114.64.24
+ns.ilovedomain.com. 604800 IN A 211.175.164.170
+ns1.anycast.net. 604800 IN A 216.196.51.4
+PASCAL.UPRR.PR. 604800 IN A 134.202.1.120
+NS3-AUTH.SPRINTLINK.net. 604800 IN A 144.228.255.10
+NS1-Y.DNS.PIPEX.net. 604800 IN A 158.43.193.89
+prue.eim.surrey.AC.UK. 604800 IN A 131.227.76.5
+TROLL-GW.GATECH.EDU. 604800 IN A 130.207.244.251
+NS.SIERRATEL.SL. 604800 IN A 194.133.124.5
+ns2.PSHIFT.com. 604800 IN A 208.153.85.21
+NS.ERS.IBM.com. 604800 IN A 204.146.173.35
+ASLAN.OPEN-RSC.org. 604800 IN A 199.5.157.128
+NS2.DOMAIN-REGISTRY.nl. 604800 IN A 193.176.144.130
+uranus.lan-ks.de. 604800 IN A 194.45.71.1
+mail.unlisys.net. 604800 IN A 195.21.255.252
+NS.AUSTRIA.EU.net. 604800 IN A 192.92.138.35
+AUTH01.CONNECT.IE. 604800 IN A 194.106.128.50
+SUN.SCSI.GOV.BY. 604800 IN A 195.50.5.103
+NS1.SIGMAHOSTING.com. 604800 IN A 209.241.86.6
+NS.CAST.EDU.JM. 604800 IN A 200.9.115.2
+DS.NIC.NET.SG. 604800 IN A 202.42.194.205
+PRADES.CESCA.ES. 604800 IN A 192.94.163.152
+ns.sta.NET.CN. 604800 IN A 202.96.199.133
+NSE00.excite.com. 604800 IN A 198.3.102.250
+NS3.ABOVE.net. 604800 IN A 207.126.105.146
+CASBAH.ELDJAZAIR.NET.DZ. 604800 IN A 193.194.81.45
+ASKIA.SOTELMA.ML. 604800 IN A 208.144.230.3
+NS.IDT.net. 604800 IN A 198.4.75.100
+FXCLPR02.IS.CHRYSLER.com. 604800 IN A 204.189.94.37
+SVC00.APNIC.net. 604800 IN A 202.12.28.131
+NS5.DCX.YAHOO.com. 604800 IN A 216.32.74.10
+ns1.ray.net. 604800 IN A 195.238.228.131
+NS.NIC.MC. 604800 IN A 195.78.6.131
+ns.runway.CN.net. 604800 IN A 211.101.132.8
+benoni.uit.NO. 604800 IN A 129.242.4.254
+SCRATCHY.MINDSPRING.net. 604800 IN A 207.69.200.211
+ns1.pcode.com. 604800 IN A 216.15.192.135
+ns1.aha.RU. 604800 IN A 195.2.80.142
+ns2.uwaterloo.CA. 604800 IN A 129.97.128.100
+ns2.NIC.AD.JP. 604800 IN A 202.12.30.133
+a.ns.foxharp.boston.MA.us. 604800 IN A 24.147.209.205
+NS.NIC.IO. 604800 IN A 194.205.62.100
+A-GTLD-SERVERS.dot-god.com. 604800 IN A 205.189.73.123
+SMTP.slac.stanford.EDU. 604800 IN A 134.79.18.80
+52.87.198.209.IN-ADDR.ARPA. 604800 IN PTR mqueue0.sover.net.
+BARNEY.ADVSYS.CO.UK. 604800 IN A 194.72.124.2
+NS1.TELEPAC.PT. 604800 IN A 194.65.3.20
+NICOSIA.CCS.UCY.AC.CY. 604800 IN A 194.42.6.97
+NS.PUNCHDOWN.org. 604800 IN A 140.174.131.100
+SYNAESTHESIA.COGNOSCENTI.org. 604800 IN A 207.208.112.4
+NS2.PLANET-THREE.net. 604800 IN A 212.49.219.190
+DNS.CIT.CORNELL.EDU. 604800 IN A 192.35.82.50
+MODOR.VERISIGN.net. 604800 IN A 205.139.94.55
+SUNSTROKE.IS.RPSLMC.EDU. 604800 IN A 144.74.21.8
+NS2.SEG.net. 604800 IN A 206.34.181.16
+NEMUNAS.SC-UNI.KTU.LT. 604800 IN A 193.219.32.13
+MULGA.CS.MU.OZ.AU. 604800 IN A 128.250.1.22
+MULGA.CS.MU.OZ.AU. 604800 IN A 128.250.37.150
+NS1.NPLUS.GF. 604800 IN A 195.6.144.3
+ns2.centralinfo.net. 604800 IN A 63.102.204.130
+K.GTLD-SERVERS.net. 604800 IN A 213.177.194.5
+ns1.codelocal.com. 604800 IN A 216.15.192.130
+NS2.IPNS.com. 604800 IN A 63.230.183.1
+NS0.DE.NIC.NU. 604800 IN A 216.200.116.40
+NS.USSR.EU.net. 604800 IN A 193.124.22.65
+NS.INTERNET.SK. 604800 IN A 192.108.130.91
+CORREOS.SEKER.ES. 604800 IN A 194.179.87.1
+mx1.buf.ADELPHIA.net. 604800 IN A 24.48.36.10
+aun.UNINETT.NO. 604800 IN A 129.241.1.99
+NS0.NETANET.com. 604800 IN A 195.172.127.72
+NS0.NETANET.com. 604800 IN A 194.6.96.218
+www.MANY-PATHS-ENERGY-ENHANCEMENT.com. 604800 IN A 66.33.4.50
+NS2.STARFIRE.DOUGLAS.MA.us. 604800 IN A 216.129.136.9
+NS3.IKP.PL. 604800 IN A 157.25.5.30
+pns.dtag.de. 604800 IN A 194.25.0.125
+NZ.NS.NIC.NU. 604800 IN A 203.97.132.66
+DAVER.bungi.com. 604800 IN A 207.126.97.2
+DAVER.bungi.com. 604800 IN A 206.14.228.2
+gutenberg.bucksnet.com. 604800 IN A 207.113.15.5
+DNS2.IT.net. 604800 IN A 151.1.2.1
+NS2.SNS-UT.DEBIS.com. 604800 IN A 53.122.2.10
+ISI.EDU. 604800 IN A 128.9.176.32
+amethyst.xaos.org. 604800 IN A 204.145.159.12
+PAPPILLOMA.WWEBSVS.com. 604800 IN A 209.233.37.10
+NS2.bock.com. 604800 IN A 64.30.29.4
+NS2.OAR.net. 604800 IN A 192.88.195.10
+MINION.NETPOLICY.com. 604800 IN A 207.87.121.66
+Mail.catic1.com. 604800 IN A 207.190.204.103
+NS4.DNS.space.net. 604800 IN A 195.222.210.93
+b.gtld-servers.ORSC. 604800 IN A 216.13.126.116
+bend.madriver.com. 604800 IN A 207.136.232.15
+NS4.IS-FUN.net. 604800 IN A 212.162.54.34
+NS2.JPS.net. 604800 IN A 216.224.156.252
+NS1.IP-PLUS.net. 604800 IN A 164.128.36.34
+rush.cc1.RPSLMC.EDU. 604800 IN A 144.74.150.23
+NS2.GBMTECH.net. 604800 IN A 208.243.164.3
+DNS.MSEN.com. 604800 IN A 148.59.19.11
+DNSSEC2.SINGNET.COM.SG. 604800 IN A 195.13.10.226
+NS2.HOME.net. 604800 IN A 24.2.0.27
+ACCESS.MBNET.MB.CA. 604800 IN A 130.179.16.143
+DNS0.SPIN.AD.JP. 604800 IN A 165.76.0.98
+Filer.PHOTOTRUST.com. 604800 IN A 64.85.86.172
+jpl.NASA.GOV. 604800 IN A 137.78.160.180
+NS2.TECHNOLOGIA.net. 604800 IN A 207.253.59.4
+bparker.CONNACTIVITY.com. 604800 IN A 206.34.200.200
+NS1.uvm.EDU. 604800 IN A 132.198.201.10
+NS.SENET.net. 604800 IN A 206.155.163.195
+DNS2.UTCC.UTORONTO.CA. 604800 IN A 128.100.102.201
+localhost.costorf.com. 604800 IN A 127.0.0.1
+DNS2.AD. 604800 IN A 194.158.64.8
+HYDRA.HELSINKI.FI. 604800 IN A 128.214.4.29
+NAME.PHX.GBLX.net. 604800 IN A 206.165.6.10
+NS2.FOOL.com. 604800 IN A 208.51.76.222
+NS01-SERVER.CURINFO.AN. 604800 IN A 200.44.117.129
+NS.CR. 604800 IN A 163.178.8.2
+mail.pshift.net. 604800 IN A 208.153.85.30
+NS.IRD.FR. 604800 IN A 195.83.14.1
+NS.UZ. 604800 IN A 213.68.88.11
+DNS.INTELCOM.SM. 604800 IN A 194.183.64.11
+DNS2.UNIV-NKC.MR. 604800 IN A 193.251.145.154
+HNS3.hns.com. 604800 IN A 208.236.67.3
+bay.cs.UTORONTO.CA. 604800 IN A 128.100.1.1
+NS0.BT.net. 604800 IN A 194.72.6.51
+BAYONET.SJMERCURY.com. 604800 IN A 207.1.134.34
+PAN.BIJT.net. 604800 IN A 213.196.2.97
+NAVI.SUBTEND.net. 604800 IN A 208.186.117.224
+NS.CIX.CX. 604800 IN A 195.222.235.216
+waldorf.Informatik.Uni-Dortmund.de. 604800 IN A 129.217.4.42
+NS2.ivillage.com. 604800 IN A 209.185.162.16
+DNS.NIC.XLINK.net. 604800 IN A 193.141.40.42
+NS1.MERCHANTWARE.CON. 604800 IN A 209.170.142.34
+NS.TO.GD-ES.com. 604800 IN A 199.107.240.66
+NS-A.RNC.RO. 604800 IN A 192.162.16.31
+REGGAE.NCREN.net. 604800 IN A 128.109.131.3
+SSS-NL.DENIC.de. 604800 IN A 193.0.0.237
+NS1.TDC.TO. 604800 IN A 206.86.247.250
+NS.NIC.HU. 604800 IN A 193.6.27.62
+JOANNA.WILLIAM.org. 604800 IN A 195.153.6.2
+NS0.IIJ.AD.JP. 604800 IN A 202.232.2.34
+maus.spack.org. 604800 IN A 204.245.198.90
+B.NS.VERIO.net. 604800 IN A 129.250.35.32
+SECDNS.EUNET.BE. 604800 IN A 193.74.208.139
+NS3.EUROPE.YAHOO.com. 604800 IN A 217.12.4.71
+A.ROOT-SERVERS.net. 604800 IN A 198.41.0.4
+sherickpm.com. 604800 IN MX 10 inbound.sherickpm.com.criticalpath.net.
+NS2.MEDIASERVICES.net. 604800 IN A 64.65.16.237
+YARDBIRD.CNS.vt.EDU. 604800 IN A 198.82.247.34
+SUNIC.SUNET.SE. 604800 IN A 192.36.125.2
+NS.MT. 604800 IN A 193.188.47.252
+CNDVG001.usa.net. 604800 IN A 165.212.12.1
+NS1.CX.ESCROW.IOCOMM.NET.CX. 604800 IN A 203.132.96.2
+DNS-02.NS.AOL.com. 604800 IN A 205.188.157.232
+ns2.tesserae.com. 604800 IN A 209.157.194.3
+SV10.BATELCO.COM.BH. 604800 IN A 193.188.124.227
+dec.anr.state.vt.us. 604800 IN MX 0 dec.anr.state.vt.us.
+dec.anr.state.vt.us. 604800 IN MX 10 mx1.state.vt.us.
+dec.anr.state.vt.us. 604800 IN MX 10 mx2.state.vt.us.
+3.133.188.192.IN-ADDR.ARPA. 604800 IN PTR elektro.com.
+NS1.LONDON.UK.NETDNS.com. 604800 IN A 212.62.6.38
+NS.NIC.MG. 604800 IN A 194.214.107.253
+DNS1.VN. 604800 IN A 203.162.3.235
+DENS20.DEN.nps.GOV. 604800 IN A 165.83.24.20
+z.ip6.INT. 604800 IN A 198.32.2.66
+NS3.TRIVALLEY.com. 604800 IN A 206.25.132.30
+isis.imag.FR. 604800 IN A 129.88.32.24
+NS.SOVAM.com. 604800 IN A 194.67.2.97
+NS-SOA.DARENET.DK. 604800 IN A 130.226.1.4
+NS4.NIC.TV. 604800 IN A 207.151.24.23
+DNSSRV1X.mitre.org. 604800 IN A 199.94.97.51
+GATEKEEPER.NYTIMES.com. 604800 IN A 199.181.175.201
+D.I-DNS.net. 604800 IN A 211.169.245.170
+NS.KOLO.net. 604800 IN A 209.66.103.20
+NS4.FIRSTWORLD.net. 604800 IN A 216.7.160.162
+DECST.CERIST.DZ. 604800 IN A 193.194.64.11
+NS4.DNS.WS. 604800 IN A 216.52.234.102
+NS0.GDGSC.com. 604800 IN A 192.160.62.66
+UCTHPX.UCT.AC.ZA. 604800 IN A 137.158.128.1
+NS2.HOTWIRED.com. 604800 IN A 209.185.151.6
+ns02.ca.us.ibm.net. 604800 IN A 165.87.201.243
+NS2.SPEAKEASY.net. 604800 IN A 216.231.41.22
+TELCOM.ZPTC.CO.ZW. 604800 IN A 194.133.122.47
+NS.DK-HOSTMASTER.DK. 604800 IN A 193.163.102.2
+NS.NIC.LK. 604800 IN A 192.248.1.65
+NS2.zama.net. 604800 IN A 203.142.130.5
+CZ.EUNET.CZ. 604800 IN A 193.85.3.130
+NS.AC.ID. 604800 IN A 202.159.124.34
+NS1.CUBE.de. 604800 IN A 212.162.54.243
+NS1.QUASAR.net. 604800 IN A 199.166.31.3
+NS1.OFFSHORE.AI. 604800 IN A 209.88.68.34
+NS5.NRSITE.com. 604800 IN A 208.178.169.4
+NS.AIC.net. 604800 IN A 195.250.64.65
+OWL.NCC.nps.GOV. 604800 IN A 165.83.34.60
+MAXIM.gbch.net. 604800 IN A 203.9.155.249
+BOW.INTNET.TD. 604800 IN A 193.251.147.253
+ns1.cacheware.com. 604800 IN A 64.221.210.242
+NS2.SPEEDHOST.com. 604800 IN A 216.42.31.169
+NS1.COMMIT.GM. 604800 IN A 63.77.152.177
+NAME.ROC.GBLX.net. 604800 IN A 209.130.187.10
+90.198.245.204.IN-ADDR.ARPA. 604800 IN PTR maus.spack.org.
+BOLOGNA.NETTUNO.IT. 604800 IN A 193.43.2.5
+NIC.IBD.com. 604800 IN A 209.249.61.18
+NS.WESTOL.com. 604800 IN A 63.93.137.4
+time.SOVER.net. 604800 IN CNAME garnet.SOVER.net.
+UNIX1.CS.UMASS.EDU. 604800 IN A 128.119.40.12
+AARDVARK.WR.UMIST.AC.UK. 604800 IN A 130.88.146.3
+AARDVARK.WR.UMIST.AC.UK. 604800 IN A 128.16.5.31
+NS1.NIC.YU. 604800 IN A 147.91.8.6
+mail.velco.com. 604800 IN A 198.136.217.106
+DNSAUTH2.SYS.GTEI.net. 604800 IN A 4.2.49.3
+NS.TELE.FI. 604800 IN A 193.210.19.19
+state.vt.us. 604800 IN MX 10 mx1.state.vt.us.
+state.vt.us. 604800 IN MX 10 mx2.state.vt.us.
+NS.NYC.juno.com. 604800 IN A 205.231.108.1
+NS1.g-world.com. 604800 IN A 216.26.39.10
+AUTH2.AMERICA.net. 604800 IN A 209.17.197.18
+KIRA.ECS.UMASS.EDU. 604800 IN A 128.119.91.10
+CONACYT.GOB.SV. 604800 IN A 168.243.64.2
+DNS.SRCE.HR. 604800 IN A 161.53.3.7
+NS00.ns0.com. 604800 IN A 216.92.60.60
+NS2.CL.BELLSOUTH.net. 604800 IN A 205.152.16.8
+jenner.med.HARVARD.EDU. 604800 IN A 134.174.141.2
+p2.cavebear.com. 604800 IN A 199.184.128.35
+NS1.NIC.JE. 604800 IN A 216.110.45.224
+ORCU.OR.BR.NP.ELS-GMS.att.net. 604800 IN A 199.191.129.139
+NS.XBILL.org. 604800 IN A 204.152.186.163
+WRAITH.CS.UOW.EDU.AU. 604800 IN A 130.130.64.1
+12.159.145.204.IN-ADDR.ARPA. 604800 IN PTR amethyst.xaos.org.
+ns1.pr.SUN.com. 604800 IN A 192.18.16.2
+NS.SPIN.OMNES.net. 604800 IN A 192.23.90.196
+smtp.188.net. 604800 IN A 202.96.125.104
+TERMINAL.2GLOBE.net. 604800 IN A 195.178.183.230
+NS2.HARVARD.EDU. 604800 IN A 128.103.1.1
+NAMESERVER.CNR.IT. 604800 IN A 194.119.192.34
+EARTH.SY. 604800 IN A 195.22.198.6
+DNS2.REACCIUN.VE. 604800 IN A 150.188.4.212
+NS.TMX.COM.NI. 604800 IN A 205.218.253.2
+freefour.acs.rpi.EDU. 604800 IN A 128.113.24.91
+242.84.198.209.IN-ADDR.ARPA. 604800 IN PTR dlawren-gw.burl.sover.net.
+CORREU.STA.AD. 604800 IN A 194.158.67.1
+NS.DRUKNET.NET.BT. 604800 IN A 202.144.128.200
+NS4.US.PRSERV.net. 604800 IN A 165.87.201.244
+KAASASSUK.GH.GL. 604800 IN A 194.177.232.3
+ECUA.NET.EC. 604800 IN A 157.100.1.2
+NS.CONCYT.GOB.GT. 604800 IN A 168.234.106.2
+NS2.NAP.net. 604800 IN A 206.54.224.1
+DNS2.CN.net. 604800 IN A 202.97.18.61
+MX.NSI.NASA.GOV. 604800 IN A 128.102.18.31
+NS.TDS.net. 604800 IN A 204.246.1.20
+tdns-me1.NETSCAPE.com. 604800 IN A 205.188.247.67
+NS2.METU.EDU.TR. 604800 IN A 144.122.199.93
+NS2.SETARNET.AW. 604800 IN A 206.48.100.11
+87.184.152.204.IN-ADDR.ARPA. 604800 IN PTR isrv3-i.isc.org.
+DNS.OMNIWAY.SM. 604800 IN A 194.183.64.10
+NS0.U-NET.net. 604800 IN A 194.119.128.65
+elektro.CMHNET.org. 604800 IN A 192.188.133.3
+ns2.HIGGS.net. 604800 IN A 204.80.125.145
+NS2.SKYNETWEB.com. 604800 IN A 208.231.1.35
+MAGIC.MN. 604800 IN A 202.131.0.10
+NS1.YAHOO.com. 604800 IN A 204.71.200.33
+mx1.cdp.ADELPHIA.net. 604800 IN A 24.48.58.221
+SANTO.VANUATU.COM.VU. 604800 IN A 202.139.40.7
+www.mmuuf.org. 604800 IN MX 10 gro.dd.org.
+ns1.timeheart.net. 604800 IN A 63.197.231.203
+NS2.TOGETHER.net. 604800 IN A 204.97.120.31
+NS.AMNIC.net. 604800 IN A 195.250.64.90
+NS.EENET.EE. 604800 IN A 193.40.56.245
+www.ONLINEPHOTOCONTEST.com. 604800 IN A 64.85.86.152
+VIC20.BLIPP.com. 604800 IN A 195.163.165.35
+DNS.FROGHOUSE.org. 604800 IN A 207.121.69.243
+NS2.ELI.net. 604800 IN A 207.173.86.2
+NS.CAIS.com. 604800 IN A 205.177.10.10
+BAABEN.AFRIQ.net. 604800 IN A 165.231.1.3
+NS2.NJ.EXODUS.net. 604800 IN A 209.1.10.234
+DOMREG.NIC.CH. 604800 IN A 130.59.1.80
+NS.EU.net. 604800 IN A 192.16.202.11
+NS1.DIEBOLD.net. 604800 IN A 65.196.80.10
+NS3.CP.net. 604800 IN A 209.228.14.4
+DNS.FUW.EDU.PL. 604800 IN A 193.0.80.11
+www.retro.com. 604800 IN A 205.179.181.195
+NS2.UNI2.net. 604800 IN A 195.82.195.99
+ns1.alcatrazmedia.com. 604800 IN A 167.160.132.2
+dns6.CP.MSFT.net. 604800 IN A 207.46.138.20
+NS1.SEYCHELLES.net. 604800 IN A 202.84.235.33
+NS2.INTERNIC.net. 604800 IN A 198.41.0.11
+front.macrosoft.WAW.PL. 604800 IN A 194.196.86.66
+NISC.JVNC.net. 604800 IN A 128.121.50.7
+AUTH03.NS.DE.UU.net. 604800 IN A 192.76.144.16
+BURDELL.CC.GATECH.EDU. 604800 IN A 130.207.3.207
+NS4.AH.net. 604800 IN A 203.21.205.20
+ns1.sgh-net.de. 604800 IN A 212.86.129.142
+Leland2.stanford.EDU. 604800 IN A 171.64.14.58
+CBRU.BR.NS.ELS-GMS.att.net. 604800 IN A 199.191.128.105
+DENEB.DOMAINNT.net. 604800 IN A 207.211.220.90
+ns1.ivm.net. 604800 IN A 62.204.1.1
+NS0.CWCI.net. 604800 IN A 194.6.79.162
+35.110.16.12.IN-ADDR.ARPA. 604800 IN CNAME 35.32/27.110.16.12.IN-ADDR.ARPA.
+f.trns. 604800 IN A 209.133.38.16
+ODISEJ.TELEKOM.YU. 604800 IN A 195.178.32.2
+FRCU.EUN.EG. 604800 IN A 193.227.1.1
+NS.HHS.net. 604800 IN A 63.93.136.29
+FOO.GRNET.GR. 604800 IN A 194.177.210.211
+mail.WonderWorks.com. 604800 IN A 192.203.206.67
+NS1.IAFRICA.com. 604800 IN A 196.7.0.139
+NS.KACST.EDU.SA. 604800 IN A 212.26.44.3
+srs.state.vt.us. 604800 IN A 159.105.101.150
+OM4.OMANTEL.NET.OM. 604800 IN A 206.49.101.5
+Yeshua.Christ.com. 604800 IN A 207.54.4.5
+NS1.SIMORGH.com. 604800 IN A 209.1.163.10
+OLKETA.SOLOMON.COM.SB. 604800 IN A 202.139.42.4
+BANBA.DOMAINREGISTRY.IE. 604800 IN A 193.1.142.2
+NOC.IOS.com. 604800 IN A 198.4.75.69
+ns.schnism.net. 604800 IN A 195.88.150.3
+e4.ny.us.IBM.com. 604800 IN A 32.97.182.104
+DNS2.SEANET.com. 604800 IN A 199.181.164.2
+doubt.dd.org. 604800 IN A 209.198.103.193
+AMBER.ELEKTRON.PL. 604800 IN A 195.117.6.10
+gw.rge.com. 604800 IN A 157.225.178.11
+NS2.ZTNET.com. 604800 IN A 63.211.17.252
+NS3.INFI.net. 604800 IN A 205.219.239.5
+ZA.AKADNS.net. 604800 IN A 209.185.188.39
+ESTIA.CSI.FORTH.GR. 604800 IN A 139.91.191.3
+vtagr04.agr.state.vt.us. 604800 IN A 159.105.50.4
+NS1-PUBLIC.ZTX.COMPAQ.com. 604800 IN A 161.114.1.204
+ADMII.ARL.MIL. 604800 IN A 128.63.31.4
+ADMII.ARL.MIL. 604800 IN A 128.63.5.4
+NS.NIXU.FI. 604800 IN A 193.209.237.29
+DNS2.PIONEERNET.net. 604800 IN A 208.240.196.10
+NS.NIC.CL. 604800 IN A 146.83.4.11
+NS2.UTZ. 604800 IN A 160.124.112.10
+NS4.LUXNOC.com. 604800 IN A 195.206.104.201
+NS2.PBI.net. 604800 IN A 206.13.29.11
+annwfn.erfurt.thur.de. 604800 IN A 194.122.210.3
+NS1.MW.mediaone.net. 604800 IN A 24.131.1.8
+NS1.ISU.NET.SA. 604800 IN A 212.26.18.3
+pop.SHOREHAM.net. 604800 IN CNAME SHOREHAM.net.
+DNS2.GUERNSEY.net. 604800 IN A 195.226.128.3
+NS1.BEACHSHORE.net. 604800 IN A 199.166.31.250
+HKUXB.HKU.HK. 604800 IN A 147.8.16.15
+NS.DOLEH.com. 604800 IN A 204.255.25.63
+NS.hactrn.net. 604800 IN A 216.254.68.12
+MALAKULA.BONDY.IRD.FR. 604800 IN A 193.50.53.1
+NS1.mediaone.net. 604800 IN A 24.128.1.80
+NS2.GPG.com. 604800 IN A 209.1.163.50
+noc.BelWue.de. 604800 IN A 129.143.2.1
+NS2.GIP.net. 604800 IN A 204.59.1.222
+RS.ISLES.net. 604800 IN A 212.100.224.90
+BOW.INTNET.GQ. 604800 IN A 195.101.152.253
+A.OPEN.BY. 604800 IN A 194.226.121.36
+us.i1.YIMG.com. 604800 IN CNAME a1.g.a.YIMG.com.
+athome.wetlogic.net. 604800 IN CNAME c1059495-a.snvl1.sfba.home.com.
+NS1.NIST.GOV. 604800 IN A 129.6.13.2
+mail.jerusalem-mail.com. 604800 IN A 216.251.232.93
+ISDSUN.cr.USGS.GOV. 604800 IN A 136.177.16.3
+NS.BOSTON.juno.com. 604800 IN A 64.136.25.53
+NS2.CADABRA.com. 604800 IN A 209.157.194.109
+nps.GOV. 604800 IN MX 10 ccmail2.itd.nps.GOV.
+nps.GOV. 604800 IN MX 5 ccmail.itd.nps.GOV.
+RELAY.HUJI.AC.IL. 604800 IN A 128.139.6.1
+styx.tahina.priv.at. 604800 IN A 194.152.163.253
+ISGATE.IS. 604800 IN A 193.4.58.51
+ns0.lux.dot-eu.org. 604800 IN A 195.206.105.102
+BILBO.NASK.ORG.PL. 604800 IN A 195.187.245.51
+BILBO.NASK.ORG.PL. 604800 IN A 148.81.16.51
+MAIL.TARSUS.com. 604800 IN A 208.130.9.252
+SUN.REDIRIS.ES. 604800 IN A 130.206.1.2
+NS2.NEASE.net. 604800 IN A 202.103.134.4
+OHCU.OH.MT.NP.ELS-GMS.att.net. 604800 IN A 199.191.144.75
+NS2.NF. 604800 IN A 203.12.249.101
+MIRAF-SERVER3.HONDUTEL.HN. 604800 IN A 206.48.104.142
+ns3.worldnet.att.net. 604800 IN A 204.127.160.1
+NS2.NETNAMES.net. 604800 IN A 212.53.77.28
+ITGBOX.IAT.CNR.IT. 604800 IN A 146.48.65.46
+NS2.ADELPHIA.net. 604800 IN A 24.48.62.35
+NS2.RIPN.net. 604800 IN A 195.209.0.6
+NS1.cinenet.net. 604800 IN A 198.147.76.65
+jengate.thur.de. 604800 IN A 193.174.15.34
+NOC.ULCC.JA.net. 604800 IN A 193.63.94.25
+NS.NOC.UZ. 604800 IN A 194.67.52.42
+NS0.JA.net. 604800 IN A 128.86.1.20
+NS0.JA.net. 604800 IN A 193.63.94.20
+NS2.INR.net. 604800 IN A 198.77.208.3
+netsage.org. 604800 IN A 209.67.235.38
+TERI.USP.AC.FJ. 604800 IN A 144.120.8.1
+NS2.NETSOL.com. 604800 IN A 198.17.208.71
+NS2.ABAC.com. 604800 IN A 216.55.144.4
+NS2.NIC.FR. 604800 IN A 192.93.0.4
+KANIN.ARNES.SI. 604800 IN A 193.2.1.66
+NS.EDU.GU. 604800 IN A 168.123.2.50
+DNS.INRIA.FR. 604800 IN A 193.51.208.13
+HEDNS1.GOOGLE.com. 604800 IN A 64.209.200.10
+asylum.sf.ca.us. 604800 IN A 192.48.232.17
+ACT2.ACT2000.net. 604800 IN A 207.42.132.227
+ICM1.ICP.net. 604800 IN A 192.94.207.66
+202.192.103.198.209.IN-ADDR.ARPA. 604800 IN PTR fraud.dd.org.
+ECSEL.jhuapl.EDU. 604800 IN A 128.244.65.29
+NS2.DCNY.DOUBLECLICK.net. 604800 IN A 204.253.104.10
+keith.netsage.org. 604800 IN A 209.67.235.37
+MANTA.OUTREMER.com. 604800 IN A 213.16.1.106
+NS2.globalnetisp.net. 604800 IN A 207.136.213.2
+NS2.CCSRS.net. 604800 IN A 206.253.214.73
+NS1.NL.CONCENTRIC.com. 604800 IN A 195.18.114.5
+NS2.VI.net. 604800 IN A 212.78.64.10
+NS2.NEO.net. 604800 IN A 206.109.7.65
+cgi.MERCURYCENTER.com. 604800 IN CNAME vh80167.vh8.infi.net.
+ORSTOM.RIO.net. 604800 IN A 192.33.151.1
+NS2.CONRADPROMOTIONS.com. 604800 IN A 208.24.118.203
+YARRINA.CONNECT.COM.AU. 604800 IN A 192.189.54.17
+dns03.OPS.usa.net. 604800 IN A 204.68.24.136
+APPSRV.HAITIWORLD.com. 604800 IN A 206.152.15.34
+NS.RELCOM.KZ. 604800 IN A 212.110.240.65
+NS1.MAGIC-MOMENTS.com. 604800 IN A 195.224.53.80
+NS.ALCATEL.com. 604800 IN A 192.160.6.91
+ns2.terra.net. 604800 IN A 199.103.128.2
+NS3.hotmail.com. 604800 IN A 209.185.130.68
+vtc.VSC.EDU. 604800 IN MX 0 eve.vtc.VSC.EDU.
+www.vmba.org. 604800 IN MX 10 gro.dd.org.
+NAHOURI.ONATEL.BF. 604800 IN A 206.82.130.195
+SERVER2.INFN.IT. 604800 IN A 131.154.1.3
+NS2.AI-R.com. 604800 IN A 66.33.4.51
+NS1.FREE.net. 604800 IN A 147.45.15.34
+vcmr-54.server.rpi.EDU. 604800 IN A 128.113.113.44
+haig.CS.UCL.AC.UK. 604800 IN A 128.16.6.8
+mail.nova-data.com. 604800 IN A 12.16.110.35
+MOEVAX.EDU.TW. 604800 IN A 140.111.1.2
+NS2.LTWCC.org. 604800 IN A 12.33.66.62
+NS.BA. 604800 IN A 195.130.35.5
+noc.HRZ.uni-bielefeld.de. 604800 IN A 129.70.5.16
+VANILLA.WRO.nps.GOV. 604800 IN A 165.83.71.3
+NS2.SZTAKI.HU. 604800 IN A 193.225.86.1
+SECIU.EDU.UY. 604800 IN A 164.73.128.5
+COL2.CARIBSURF.com. 604800 IN A 205.214.192.202
+NS2.QATAR.NET.QA. 604800 IN A 212.77.192.13
+NS2.E-SYNC.net. 604800 IN A 192.206.57.128
+ns1.eu.SUN.com. 604800 IN A 192.18.240.8
+NS1.UUSJ.DOUBLECLICK.net. 604800 IN A 204.176.177.10
+NS2.CUHK.EDU.HK. 604800 IN A 137.189.6.21
+NS1.MEITCA.com. 604800 IN A 137.203.5.1
+NS2.DSL.net. 604800 IN A 209.87.79.232
+techfac.techfak.uni-bielefeld.de. 604800 IN A 129.70.132.100
+listserv.performancediver.com. 604800 IN A 216.34.185.155
+foolusmf.D4P.net. 604800 IN CNAME a100.g.akamai.net.
+pedic-med.vrx.net. 604800 IN A 199.166.24.2
+GRUMPY.NET.NA. 604800 IN A 196.20.23.1
+BK.tifosi.com. 604800 IN A 208.58.189.13
+ns3.PAIR.com. 604800 IN A 209.68.1.15
+ns2.ar.com. 604800 IN A 64.124.80.42
+MASSIRA.ONPT.NET.MA. 604800 IN A 206.103.26.1
+NS.KBFI.EE. 604800 IN A 192.121.251.13
+ns3.Algebra.com. 604800 IN A 216.254.54.22
+faerber.muc.de. 604800 IN MX 10 slarti.muc.de.
+9.206.203.192.IN-ADDR.ARPA. 604800 IN PTR ice.WonderWorks.COM.
+PUKU.UNZA.ZM. 604800 IN A 196.7.240.1
+ATLNET.ATLONLINE.com. 604800 IN A 207.153.72.193
+Z1.NS.NYC1.GLOBIX.net. 604800 IN A 209.10.66.55
+www.hometownbands.com. 604800 IN A 209.67.235.38
+SIMON.CS.CORNELL.EDU. 604800 IN A 128.84.154.10
+EKEKO.RCPIP.net. 604800 IN A 209.45.127.2
+emerald.itnet.com.PL. 604800 IN A 195.116.64.3
+DNS1.ICS.FORTH.GR. 604800 IN A 139.91.151.70
+NS.ATL.BELLSOUTH.net. 604800 IN A 205.152.0.20
+ntp.ctr.COLUMBIA.EDU. 604800 IN CNAME sirius.ctr.COLUMBIA.EDU.
+NS2.GLOBECOMM.net. 604800 IN A 165.251.1.3
+UUNS1DNS1.FLONETWORK.com. 604800 IN A 209.167.79.5
+GRIN.GNOSH.net. 604800 IN A 216.15.87.207
+NS.DIGSYS.BG. 604800 IN A 192.92.129.1
+uunet.UU.net. 604800 IN MX 10 Mail.UU.net.
+ns1.vermontel.com. 604800 IN A 204.164.106.2
+NS2.GREENMOUNTAINACCESS.net. 604800 IN A 208.144.252.31
+38.241.5.198.IN-ADDR.ARPA. 604800 IN PTR cmr0.ash.ops.us.uu.net.
+NS1.NIC.UK. 604800 IN A 195.66.240.130
+DNS.FCCN.PT. 604800 IN A 193.136.192.10
+NS2.NIC.TJ. 604800 IN A 209.77.224.1
+NS4.NEWACCOUNT.com. 604800 IN A 209.78.16.6
+NS2.IHUG.NET.NZ. 604800 IN A 203.29.160.2
+NS.SIGNALZ.com. 604800 IN A 209.67.230.71
+DNS.NIC.AD. 604800 IN A 194.158.67.251
+3.2.39.137.IN-ADDR.ARPA. 604800 IN PTR New-York4.NY.ALTER.NET.
+UUCP-GW-2.PA.DEC.com. 604800 IN A 16.1.0.19
+NS.LANDLORDS.com. 604800 IN A 63.64.164.68
+NS2.EXODUS.net. 604800 IN A 207.82.198.150
+NS2.SCRUZ.net. 604800 IN A 165.227.2.10
+NS.PIPEX-SZ.net. 604800 IN A 196.15.232.19
+saturn.SUN.com. 604800 IN A 192.9.25.2
+e24.nc.us.IBM.com. 604800 IN A 32.97.136.230
+NMS.CYFRONET.KRAKOW.PL. 604800 IN A 149.156.1.3
+NS.TWNIC.net. 604800 IN A 192.83.166.11
+ns2.alcatel.NO. 604800 IN A 193.213.238.2
+INPAKSODNS.AKSO.nps.GOV. 604800 IN A 165.83.49.9
+mail.reptiles.org. 604800 IN A 198.96.117.157
+59.187.152.204.IN-ADDR.ARPA. 604800 IN PTR shell.nominum.com.
+ns1.mobydark.com. 604800 IN A 216.13.76.21
+NS.KG. 604800 IN A 195.38.160.36
+NS.SPB.SU. 604800 IN A 193.124.83.69
+PENDRAGON.CS.PURDUE.EDU. 604800 IN A 128.10.2.5
+NS1.IGC.APC.org. 604800 IN A 192.82.108.38
+USDNS.NIC.us. 604800 IN A 198.41.3.87
+NS2.WEBTRENDS.com. 604800 IN A 63.88.212.11
+URANUS.DAIMI.AAU.DK. 604800 IN A 130.225.16.40
+ANTANA.IRD.MG. 604800 IN A 194.214.107.1
+NS.JERSEY.juno.com. 604800 IN A 64.136.17.178
+NS2.INTERNET-TOOLS.com. 604800 IN A 206.109.113.140
+ns-tk012.ocn.AD.JP. 604800 IN A 203.139.160.74
+bvt-ext.gdarm.com. 604800 IN A 166.19.32.42
+NS1.ID. 604800 IN A 202.155.30.227
+NS2.MAHNET.net. 604800 IN A 207.219.173.132
+NS.ALCANET.COM.AU. 604800 IN A 203.62.196.10
+UTAMA.BOLNET.BO. 604800 IN A 166.114.1.40
+NS.CNC.AC.CN. 604800 IN A 159.226.1.1
+NS.KREN.NE.KR. 604800 IN A 147.47.1.1
+NS1.REDHAT.com. 604800 IN A 216.148.218.250
+db.rc.VIX.com. 604800 IN A 204.152.187.21
+198.103.198.209.IN-ADDR.ARPA. 604800 IN CNAME 198.192.103.198.209.IN-ADDR.ARPA.
+alf.pbks.PL. 604800 IN A 195.205.33.200
+FLAG.EP.net. 604800 IN A 198.32.4.13
+DNS2.IUNET.IT. 604800 IN A 192.106.1.31
+NS2.QUANTIFIED.net. 604800 IN A 63.212.171.3
+INTERNET-SERVER.ZURICH.IBM.com. 604800 IN A 195.212.119.252
+seaipsvcs.idx.com. 604800 IN A 172.22.64.42
+lebanon.valley.net. 604800 IN A 198.115.160.16
+SERVER.NORDU.net. 604800 IN A 193.10.252.19
+NS.NIC.DO. 604800 IN A 207.176.16.50
+isc-01.iscvt.org. 604800 IN A 207.136.209.131
+NAC.NO. 604800 IN A 129.240.2.40
+SAVA.UTIC.NET.BA. 604800 IN A 195.130.35.3
+NS1.TOKYO.JP.NETDNS.com. 604800 IN A 64.56.164.118
+NETSERV2.ITS.rpi.EDU. 604800 IN A 128.113.1.3
+IFI.UIO.NO. 604800 IN A 129.240.64.2
+www.TOAPLAN.com. 604800 IN A 216.42.31.169
+ns2.the-frontier.org. 604800 IN A 216.86.199.115
+NS.UNAM.MX. 604800 IN A 132.248.253.1
+ARISTO.TAU.AC.IL. 604800 IN A 132.66.32.10
+DNS.CS.WISC.EDU. 604800 IN A 128.105.2.10
+NS1.NIC.IR. 604800 IN A 194.225.70.83
+NS1.RETINA.AR. 604800 IN A 200.10.202.3
+mailer.connriver.net. 604800 IN A 63.93.137.13
+NS.ATI.TN. 604800 IN A 193.95.66.10
+NS2.CLEAR.NET.NZ. 604800 IN A 203.97.37.14
+NS4.EARTHLINK.net. 604800 IN A 209.179.179.19
+mejac.palo-alto.ca.us. 604800 IN A 192.147.236.1
+New-York4.NY.ALTER.net. 604800 IN A 137.39.2.3
+New-York4.NY.ALTER.net. 604800 IN A 137.39.126.10
+falcon.tallship.net. 604800 IN A 208.179.112.2
+ZEUS.CC.UCY.AC.CY. 604800 IN A 194.42.1.1
+NS2.SECURE.net. 604800 IN A 161.58.9.10
+NS0.FLIRBLE.org. 604800 IN A 195.40.6.20
+dns.zenon.net. 604800 IN A 195.2.83.107
+SERVIDOR.MICROASTUR.ES. 604800 IN A 195.76.178.5
+DOWNSTAGE.MCS.VUW.AC.NZ. 604800 IN A 130.195.6.10
+ns2.GNAC.com. 604800 IN A 209.182.195.77
+PRIFI.EUNET.FI. 604800 IN A 193.66.1.146
+ns2.k12.vt.us. 604800 IN A 170.222.64.130
+ns2.nic.mnet. 604800 IN A 208.109.83.110
+NS0.PIPEX.net. 604800 IN A 158.43.128.8
+NS1.SANFRANCISCO.US.NETDNS.com. 604800 IN A 207.82.50.166
+AMRA.NIC.GOV.JO. 604800 IN A 193.188.66.103
+kw.com.CN. 604800 IN MX 15 mail2.kw.com.CN.
+SHNS.163.net. 604800 IN A 61.129.65.108
+NS.ER.USGS.GOV. 604800 IN A 130.11.48.2
+FAITH.MYNET.net. 604800 IN A 207.13.11.2
+mail.smuggs.com. 604800 IN A 209.67.230.71
+MIMOS.MY. 604800 IN A 192.228.128.18
+NS.GU. 604800 IN A 168.123.4.10
+mx00.schlund.de. 604800 IN A 195.20.224.67
+mx00.schlund.de. 604800 IN A 195.20.224.68
+mx00.schlund.de. 604800 IN A 195.20.224.130
+mx00.schlund.de. 604800 IN A 195.20.224.152
+mx00.schlund.de. 604800 IN A 195.20.224.198
+CADDSYS.IPTEK.net. 604800 IN A 202.46.1.2
+NS0.TELIA.NIC.NU. 604800 IN A 212.181.91.4
+NS2.GRANITECANYON.com. 604800 IN A 204.1.217.148
+GATEKEEPER.corning.com. 604800 IN A 149.42.1.2
+NS2.2DAY.com. 604800 IN A 202.89.128.74
+1.0.0.127.IN-ADDR.ARPA. 604800 IN PTR localhost.
+RAIN.PSG.com. 604800 IN A 147.28.0.34
+STRAWB.MIT.EDU. 604800 IN A 18.71.0.151
+NS2.DIGISERVE.com. 604800 IN A 204.91.84.216
+UMACSN2.UMAC.MO. 604800 IN A 161.64.3.2
+NS.JM. 604800 IN A 196.2.1.6
+12.153.66.206.IN-ADDR.ARPA. 604800 IN PTR d.dd.org.
+EAST.ISI.EDU. 604800 IN A 38.245.76.2
+NS2.UUNET.CA. 604800 IN A 142.77.1.5
+SUNNY.STAT-USA.GOV. 604800 IN A 192.239.70.8
+BOW.INTNET.CF. 604800 IN A 194.206.73.253
+NS4.TELE.DK. 604800 IN A 194.239.134.84
+NS2.sodak.net. 604800 IN A 63.65.239.225
+NS1.NEWYORK.US.NETDNS.com. 604800 IN A 216.32.212.86
+NS2.PSI.net. 604800 IN A 38.8.50.2
+NS.KREONET.RE.KR. 604800 IN A 134.75.30.1
+GIANT.MINDLINK.net. 604800 IN A 204.174.18.2
+NS0.SECTOR001.org. 604800 IN A 24.4.49.117
+DNS.SEABONE.net. 604800 IN A 195.22.205.163
+NS2.MANA.PF. 604800 IN A 202.3.225.20
+NRWEB.CENPAC.NET.NR. 604800 IN A 203.98.224.66
+www.TRAVELPHOTOCONTESTS.com. 604800 IN A 64.85.86.156
+NS1.REGEX.com. 604800 IN A 202.152.12.227
+BIGBIRD.ITD.nps.GOV. 604800 IN A 165.83.208.5
+CUNIXD.CC.COLUMBIA.EDU. 604800 IN A 128.59.35.142
+NS1.CLASSIFIEDMONSTER.com. 604800 IN A 216.254.54.22
+SERVER1.SANS.org. 604800 IN A 167.216.133.33
+BRONZE.COIL.com. 604800 IN A 198.4.94.1
+SCSNMS.SWITCH.CH. 604800 IN A 130.59.1.30
+SCSNMS.SWITCH.CH. 604800 IN A 130.59.10.30
+SCE.CNC.UNA.PY. 604800 IN A 200.10.228.133
+RELAY.LA.TIS.com. 604800 IN A 198.51.22.11
+NS.AUSTIN.IBM.com. 604800 IN A 192.35.232.34
+SERVICE.robert-morris.EDU. 604800 IN A 205.146.48.22
+MERCURY.ML.org. 604800 IN A 209.68.0.85
+proxy.pccf.net. 604800 IN A 205.189.73.123
+DUB-NAME-SVC-1.compuserve.com. 604800 IN A 149.174.213.5
+NS.CNRI.reston.va.us. 604800 IN A 132.151.1.1
+NS.UCAD.SN. 604800 IN A 196.1.95.1
+ns01.ny.us.ibm.net. 604800 IN A 165.87.194.244
+NS4-AUTH.ALASKA.net. 604800 IN A 209.112.130.4
+BOW.INTNET.NE. 604800 IN A 194.51.164.253
+NS-JP.SINET.AD.JP. 604800 IN A 150.100.2.3
+ns.musin.de. 604800 IN A 194.113.40.45
+ip1.romkey.SEG.net. 604800 IN A 207.121.69.234
+DNS2.ITD.UMICH.EDU. 604800 IN A 141.211.125.15
+mail.rpi.EDU. 604800 IN A 128.113.100.7
+INECO.NIC.ES. 604800 IN A 194.69.254.2
+DNS2.FIREHOUSE.net. 604800 IN A 63.160.175.18
+BOW.INTNET.BJ. 604800 IN A 194.51.163.253
+sundown.vtc.VSC.EDU. 604800 IN A 155.42.12.12
+NIC.AIX.GR. 604800 IN A 195.130.89.210
+NIC.AD.JP. 604800 IN A 202.12.30.33
+NS.DC.IGC.org. 604800 IN A 199.75.208.10
+LHR.NS.GDNS.net. 604800 IN A 212.250.25.101
+NS2.WEBMAGIC.net. 604800 IN A 64.168.49.66
+MUNNARI.OZ.AU. 604800 IN A 128.250.1.21
+HIPPO.RU.AC.ZA. 604800 IN A 146.231.128.1
+PEBBLES.IOM.com. 604800 IN A 194.72.124.1
+penpal.dmz.RPSLMC.EDU. 604800 IN A 144.74.60.151
+netnews.HINET.net. 604800 IN A 168.95.195.16
+INS2.TOSA.TWTELECOM.net. 604800 IN A 204.95.160.4
+proxy6.cisco.com. 604800 IN A 203.41.198.245
+NS2.HOST4U.net. 604800 IN A 209.150.129.3
+POIPARAU.OYSTER.NET.CK. 604800 IN A 202.65.32.127
+NS-EXT.VIX.com. 604800 IN A 204.152.184.64
+NS2.NURSAT.net. 604800 IN A 212.13.167.1
+mail2.kw.com.CN. 604800 IN A 159.226.25.8
+NS-02B.ANS.net. 604800 IN A 207.24.245.178
+DNS.RCCN.net. 604800 IN A 193.136.7.17
+B.ROOT-SERVERS.ORSC. 604800 IN A 216.13.126.116
+FIREHOUSE.net. 604800 IN A 63.160.175.19
diff --git a/bin/tests/system/cacheclean/ns1/example.db b/bin/tests/system/cacheclean/ns1/example.db
new file mode 100644
index 0000000..54db5a1
--- /dev/null
+++ b/bin/tests/system/cacheclean/ns1/example.db
@@ -0,0 +1,2950 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.5 2007/06/19 23:47:00 tbox Exp $
+
+$TTL 999999
+$ORIGIN .
+. IN SOA hostmaster.nominum.com. a.root-servers.nil. (
+ 2000042100
+ 600
+ 600
+ 1200
+ 600
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil IN A 10.53.0.1
+localhost IN A 127.0.0.1
+$ORIGIN NIC.AC.
+NS IN A 194.205.62.120
+$ORIGIN AD.
+DNS2 IN A 194.158.64.8
+DINIS IN A 194.158.64.7
+$ORIGIN NIC.AD.
+DNS IN A 194.158.67.251
+$ORIGIN STA.AD.
+CORREU IN A 194.158.67.1
+$ORIGIN EMIRATES.NET.AE.
+NS2 IN A 194.170.1.7
+NS1 IN A 194.170.1.6
+$ORIGIN BA.
+NS IN A 195.130.35.5
+$ORIGIN UTIC.NET.BA.
+SAVA IN A 195.130.35.3
+$ORIGIN OFFSHORE.AI.
+NS1 IN A 209.88.68.34
+$ORIGIN BD.
+DNS1 IN A 209.58.24.5
+DNS IN A 209.58.24.3
+$ORIGIN MENTOR.BE.
+APHEX IN A 193.121.64.5
+$ORIGIN EUNET.BE.
+SECDNS IN A 193.74.208.139
+$ORIGIN BELNET.BE.
+NS IN A 193.190.198.10
+ IN A 193.190.198.2
+$ORIGIN DNS.BE.
+MASTER IN A 194.7.171.243
+$ORIGIN CS.KULEUVEN.AC.BE.
+DNS IN A 134.58.40.4
+$ORIGIN CURINFO.AN.
+NS01-SERVER IN A 200.44.117.129
+KADUSHI IN A 200.44.117.130
+$ORIGIN ONATEL.BF.
+NAHOURI IN A 206.82.130.195
+$ORIGIN DIGSYS.BG.
+NS IN A 192.92.129.1
+$ORIGIN BATELCO.COM.BH.
+SV10 IN A 193.188.124.227
+NS2 IN A 193.188.97.212
+NS IN A 193.188.97.197
+$ORIGIN UTORONTO.CA.
+ns2 IN A 128.100.102.202
+ns1 IN A 128.100.100.129
+chime IN A 128.100.102.201
+$ORIGIN cs.UTORONTO.CA.
+bay IN A 128.100.1.1
+$ORIGIN UTCC.UTORONTO.CA.
+DNS2 IN A 128.100.102.201
+$ORIGIN UUNET.CA.
+NS2 IN A 142.77.1.5
+NS IN A 142.77.1.1
+$ORIGIN CIRA.CA.
+MERLE IN A 64.26.149.98
+$ORIGIN cmc.ec.gc.CA.
+castor IN A 142.135.4.14
+$ORIGIN RISQ.QC.CA.
+CLOUSO IN A 192.26.210.1
+$ORIGIN MBNET.MB.CA.
+ACCESS IN A 130.179.16.143
+$ORIGIN CDNNET.CA.
+RELAY IN A 192.73.5.1
+$ORIGIN uwaterloo.CA.
+ns2 IN A 129.97.128.100
+math IN A 129.97.140.144
+ IN A 129.97.216.42
+ IN MX 0 math.uwaterloo.ca.
+ns1 IN A 129.97.128.10
+$ORIGIN AR.
+CTINA IN A 200.16.97.17
+ATHEA IN A 200.16.98.2
+$ORIGIN NIC.AR.
+TULKU IN A 200.16.97.77
+$ORIGIN RETINA.AR.
+NS1 IN A 200.10.202.3
+$ORIGIN INTNET.BJ.
+BOW IN A 194.51.163.253
+$ORIGIN NIC.CD.
+DNS IN A 194.38.74.11
+$ORIGIN tahina.priv.at.
+styx IN A 194.152.163.253
+$ORIGIN UNIVIE.AC.at.
+NS2 IN A 193.171.255.66
+NS7 IN A 194.246.96.192
+NS1 IN A 193.171.255.2
+$ORIGIN OZ.AU.
+MUNNARI IN A 128.250.1.21
+$ORIGIN CS.MU.OZ.AU.
+MULGA IN A 128.250.1.22
+ IN A 128.250.37.150
+$ORIGIN AARNET.EDU.AU.
+JATZ IN A 139.130.204.4
+$ORIGIN ANU.EDU.AU.
+CHEOPS IN A 150.203.224.24
+$ORIGIN CS.UOW.EDU.AU.
+WRAITH IN A 130.130.64.1
+$ORIGIN ALCANET.COM.AU.
+NS IN A 203.62.196.10
+$ORIGIN CONNECT.COM.AU.
+YARRINA IN A 192.189.54.17
+$ORIGIN IBL.BM.
+NS1 IN A 199.172.192.1
+$ORIGIN BRUNET.BN.
+JTB IN A 202.160.8.2
+$ORIGIN INTNET.CF.
+BOW IN A 194.206.73.253
+$ORIGIN SETARNET.AW.
+NS2 IN A 206.48.100.11
+NS1 IN A 206.48.100.5
+$ORIGIN BOLNET.BO.
+UTAMA IN A 166.114.1.40
+$ORIGIN SWITCH.CH.
+SCSNMS IN A 130.59.1.30
+ IN A 130.59.10.30
+MERAPI IN A 130.59.211.10
+$ORIGIN ITU.CH.
+NS IN A 156.106.192.121
+$ORIGIN NIC.CH.
+DOMREG IN A 130.59.1.80
+$ORIGIN ip6.INT.
+z IN A 198.32.2.66
+ IN AAAA 3ffe:0:1::c60:242
+$ORIGIN DNS.BR.
+NS2 IN A 200.19.119.99
+NS1 IN A 200.255.253.234
+NS IN A 143.108.23.2
+$ORIGIN OYSTER.NET.CK.
+POIPARAU IN A 202.65.32.127
+PARAU IN A 202.65.32.128
+$ORIGIN DRUKNET.NET.BT.
+NS IN A 202.144.128.200
+$ORIGIN DCC.UCHILE.CL.
+NS IN A 146.83.5.204
+$ORIGIN NIC.CL.
+NS IN A 146.83.4.11
+$ORIGIN FIRSTCOM.CL.
+NS IN A 200.27.2.2
+$ORIGIN EDU.
+ISI IN A 128.9.176.32
+UMASS IN MX 20 vcmr-54.server.rpi.edu.
+ IN MX 1 mail.rpi.edu.
+dartmouth IN A 129.170.16.6
+ IN MX 10 donner.dartmouth.edu.
+ IN MX 10 prancer.dartmouth.edu.
+ IN MX 10 vixen.dartmouth.edu.
+ IN MX 10 blitzen.dartmouth.edu.
+ IN MX 0 mailhub.dartmouth.edu.
+ IN MX 10 dasher.dartmouth.edu.
+rush IN MX 30 penpal.dmz.rpslmc.edu.
+ IN MX 10 detox.cc1.rpslmc.edu.
+ IN MX 20 rush.cc1.rpslmc.edu.
+NYU IN A 128.122.253.92
+GATECH IN A 130.207.244.244
+ARIZONA IN A 128.196.128.233
+stanford IN A 171.64.14.120
+ IN MX 20 Leland.stanford.edu.
+ IN MX 20 Leland2.stanford.edu.
+ IN MX 20 Leland3.stanford.edu.
+$ORIGIN jhuapl.EDU.
+ECSEL IN A 128.244.65.29
+APLDNS2 IN A 128.244.194.100
+ABACUS IN A 128.244.197.32
+$ORIGIN MIT.EDU.
+STRAWB IN A 18.71.0.151
+W20NS IN A 18.70.0.160
+BITSY IN A 18.72.0.3
+$ORIGIN ITD.UMICH.EDU.
+DNS2 IN A 141.211.125.15
+$ORIGIN ISI.EDU.
+EAST IN A 38.245.76.2
+VENERA IN A 128.9.176.32
+NS IN A 128.9.128.127
+$ORIGIN CS.PURDUE.EDU.
+PENDRAGON IN A 128.10.2.5
+$ORIGIN CS.WISC.EDU.
+DNS IN A 128.105.2.10
+$ORIGIN UMD.EDU.
+TRANTOR IN A 128.8.10.14
+$ORIGIN RPSLMC.EDU.
+THUMPER IN A 144.74.22.8
+$ORIGIN dmz.RPSLMC.EDU.
+penpal IN A 144.74.60.151
+$ORIGIN cc1.RPSLMC.EDU.
+rush IN A 144.74.150.23
+detox IN A 144.74.150.44
+$ORIGIN IS.RPSLMC.EDU.
+SUNSTROKE IN A 144.74.21.8
+$ORIGIN VSC.EDU.
+vtc IN MX 0 eve.vtc.vsc.edu.
+MAZE IN A 155.42.1.89
+ENIGMA IN A 155.42.1.7
+$ORIGIN vtc.VSC.EDU.
+sundown IN A 155.42.12.12
+eve IN A 155.42.12.102
+$ORIGIN UMASS.EDU.
+NS1 IN A 128.119.166.14
+NIC IN A 128.119.175.14
+$ORIGIN oit.UMASS.EDU.
+supai IN A 128.119.175.6
+ponzi IN A 128.119.166.18
+$ORIGIN ECS.UMASS.EDU.
+KIRA IN A 128.119.91.10
+$ORIGIN CS.UMASS.EDU.
+UNIX1 IN A 128.119.40.12
+$ORIGIN UPR.CLU.EDU.
+UPR1 IN A 136.145.1.4
+$ORIGIN PRINCETON.EDU.
+DNS IN A 128.112.129.15
+$ORIGIN rpi.EDU.
+mail IN A 128.113.100.7
+$ORIGIN server.rpi.EDU.
+vcmr-54 IN A 128.113.113.44
+$ORIGIN acs.rpi.EDU.
+freefour IN A 128.113.24.91
+$ORIGIN ITS.rpi.EDU.
+NETSERV2 IN A 128.113.1.3
+NETSERV1 IN A 128.113.1.5
+$ORIGIN uvm.EDU.
+NS1 IN A 132.198.201.10
+NS2 IN A 132.198.202.10
+$ORIGIN dartmouth.EDU.
+dasher IN A 129.170.208.6
+mailhub IN A 129.170.16.6
+donner IN A 129.170.208.3
+prancer IN A 129.170.208.2
+vixen IN A 129.170.208.15
+NS1 IN A 129.170.17.4
+blitzen IN A 129.170.208.4
+NS2 IN A 129.170.16.4
+$ORIGIN middlebury.EDU.
+CATAMOUNT IN A 140.233.2.204
+LION IN A 140.233.1.4
+$ORIGIN CIT.CORNELL.EDU.
+DNS IN A 192.35.82.50
+$ORIGIN CS.CORNELL.EDU.
+SIMON IN A 128.84.154.10
+$ORIGIN BERKELEY.EDU.
+NS2 IN A 128.32.136.12
+ IN A 128.32.206.12
+NS1 IN A 128.32.136.9
+ IN A 128.32.206.9
+$ORIGIN CS.BERKELEY.EDU.
+VANGOGH IN A 128.32.33.5
+$ORIGIN ctr.COLUMBIA.EDU.
+ntp IN CNAME sirius.ctr.columbia.edu.
+sirius IN A 128.59.64.60
+$ORIGIN CC.COLUMBIA.EDU.
+CUNIXD IN A 128.59.35.142
+$ORIGIN UOREGON.EDU.
+PHLOEM IN A 128.223.32.35
+$ORIGIN GATECH.EDU.
+TROLL-GW IN A 130.207.244.251
+$ORIGIN CC.GATECH.EDU.
+BURDELL IN A 130.207.3.207
+$ORIGIN UTK.EDU.
+NS0 IN A 160.36.0.66
+NS1 IN A 160.36.128.66
+$ORIGIN robert-morris.EDU.
+SERVICE IN A 205.146.48.22
+COLONIAL-SERVER IN A 205.146.48.25
+$ORIGIN CNS.vt.EDU.
+YARDBIRD IN A 198.82.247.34
+MILO IN A 198.82.247.98
+$ORIGIN stanford.EDU.
+Leland2 IN A 171.64.14.58
+AVALLONE IN A 171.64.2.210
+ATALANTE IN A 171.64.2.220
+ARGUS IN A 171.64.2.230
+$ORIGIN slac.stanford.EDU.
+SMTP IN A 134.79.18.80
+NS2 IN A 134.79.16.10
+NS1 IN A 134.79.16.9
+$ORIGIN HARVARD.EDU.
+NS2 IN A 128.103.1.1
+ns IN A 128.103.201.100
+NS1 IN A 128.103.200.101
+$ORIGIN med.HARVARD.EDU.
+jenner IN A 134.174.141.2
+knight IN A 134.174.141.46
+eno IN A 134.174.141.50
+heckle IN A 134.174.146.152
+$ORIGIN de.
+datingagentur IN A 212.227.216.57
+ IN MX 10 mx01.schlund.de.
+ IN MX 10 mx00.schlund.de.
+$ORIGIN schlund.de.
+mx00 IN A 195.20.224.130
+ IN A 195.20.224.198
+ IN A 195.20.224.67
+ IN A 195.20.224.68
+ IN A 195.20.224.152
+ns4 IN A 195.20.225.36
+mx01 IN A 195.20.224.131
+ IN A 195.20.224.236
+ IN A 195.20.224.237
+ IN A 195.20.224.238
+ns3 IN A 195.20.224.95
+$ORIGIN Informatik.Uni-Dortmund.de.
+waldorf IN A 129.217.4.42
+$ORIGIN muc.de.
+faerber IN MX 10 slarti.muc.de.
+ IN A 193.149.49.70
+ns2 IN A 193.149.48.2
+slarti IN A 193.149.48.10
+ns1 IN A 193.149.48.11
+$ORIGIN westfalen.de.
+muenster IN A 193.174.5.2
+$ORIGIN lan-ks.de.
+uranus IN A 194.45.71.1
+$ORIGIN kaben-net.de.
+dns IN A 195.179.28.17
+$ORIGIN thur.de.
+jengate IN A 193.174.15.34
+$ORIGIN erfurt.thur.de.
+annwfn IN A 194.122.210.3
+$ORIGIN sgh-net.de.
+ns1 IN A 212.86.129.142
+$ORIGIN DENIC.de.
+SSS-NL IN A 193.0.0.237
+SSS-AT IN A 193.171.255.34
+DNS IN A 194.246.96.79
+$ORIGIN iks-jena.de.
+avalon IN A 194.221.90.34
+$ORIGIN musin.de.
+ns IN A 194.113.40.45
+$ORIGIN rrz.Uni-Koeln.de.
+noc IN A 134.95.100.209
+$ORIGIN BelWue.de.
+noc IN A 129.143.2.1
+$ORIGIN HRZ.uni-bielefeld.de.
+noc IN A 129.70.5.16
+$ORIGIN techfak.uni-bielefeld.de.
+techfac IN A 129.70.132.100
+$ORIGIN CUBE.de.
+NS1 IN A 212.162.54.243
+$ORIGIN dtag.de.
+pns IN A 194.25.0.125
+$ORIGIN netconx.de.
+netconsult IN A 193.141.75.1
+$ORIGIN CAMNET.CM.
+KIM IN A 195.24.192.35
+LOM IN A 195.24.192.34
+SANAGA IN A 195.24.192.17
+$ORIGIN sxtyptt.NET.CN.
+ns IN A 202.99.192.68
+$ORIGIN sta.NET.CN.
+ns IN A 202.96.199.133
+$ORIGIN BTA.NET.CN.
+NS IN A 202.96.0.133
+$ORIGIN CNNIC.NET.CN.
+sld-ns2 IN A 202.97.16.197
+DNS2 IN A 202.97.16.196
+sld-ns1 IN A 159.226.1.3
+$ORIGIN com.CN.
+kw IN MX 15 mail2.kw.com.cn.
+$ORIGIN kw.com.CN.
+mail2 IN A 159.226.25.8
+ns IN A 159.226.25.8
+$ORIGIN CNC.AC.CN.
+NS IN A 159.226.1.1
+$ORIGIN UNIANDES.EDU.CO.
+AYAX IN A 157.253.50.30
+CDCNET IN A 157.253.1.13
+$ORIGIN SCSI.GOV.BY.
+SUN IN A 195.50.5.103
+NS2 IN A 194.67.193.130
+$ORIGIN OPEN.BY.
+A IN A 194.226.121.36
+$ORIGIN CR.
+NS IN A 163.178.8.2
+$ORIGIN UCR.AC.CR.
+NS IN A 163.178.88.2
+$ORIGIN INTNET.DJ.
+BOW IN A 193.251.143.253
+$ORIGIN DARENET.DK.
+NS-SOA IN A 130.226.1.4
+$ORIGIN TELE.DK.
+NS4 IN A 194.239.134.84
+$ORIGIN DAIMI.AAU.DK.
+URANUS IN A 130.225.16.40
+$ORIGIN DK-HOSTMASTER.DK.
+NS IN A 193.163.102.2
+$ORIGIN EC.
+ECNET IN A 157.100.45.2
+$ORIGIN NET.EC.
+ECUA IN A 157.100.1.2
+$ORIGIN CENIAI.NET.CU.
+NS IN A 169.158.128.136
+$ORIGIN EENET.EE.
+NS IN A 193.40.56.245
+$ORIGIN KBFI.EE.
+NS IN A 192.121.251.13
+$ORIGIN NIC.DO.
+NS IN A 207.176.16.50
+$ORIGIN EUN.EG.
+FRCU IN A 193.227.1.1
+$ORIGIN CIX.CX.
+NS IN A 195.222.235.216
+$ORIGIN CX.ESCROW.IOCOMM.NET.CX.
+NS1 IN A 203.132.96.2
+$ORIGIN CCS.UCY.AC.CY.
+NICOSIA IN A 194.42.6.97
+$ORIGIN CC.UCY.AC.CY.
+ZEUS IN A 194.42.1.1
+$ORIGIN EUNET.CZ.
+CZ IN A 193.85.3.130
+$ORIGIN EUNET.FI.
+PRIFI IN A 193.66.1.146
+$ORIGIN NIXU.FI.
+NS IN A 193.209.237.29
+$ORIGIN TELE.FI.
+NS IN A 193.210.19.19
+$ORIGIN HELSINKI.FI.
+HYDRA IN A 128.214.4.29
+$ORIGIN INET.GA.
+KOMO IN A 208.148.44.1
+$ORIGIN CERIST.DZ.
+DECST IN A 193.194.64.11
+$ORIGIN ELDJAZAIR.NET.DZ.
+CASBAH IN A 193.194.81.45
+$ORIGIN USP.AC.FJ.
+TERI IN A 144.120.8.1
+$ORIGIN EUNET.ES.
+NS IN A 193.127.1.11
+$ORIGIN NIC.ES.
+INECO IN A 194.69.254.2
+NS1 IN A 194.69.254.1
+$ORIGIN VISUALCOM.ES.
+NS IN A 194.143.202.202
+$ORIGIN MICROASTUR.ES.
+SERVIDOR IN A 195.76.178.5
+$ORIGIN CESCA.ES.
+PRADES IN A 192.94.163.152
+$ORIGIN PIXAR.ES.
+NS IN A 194.143.196.3
+$ORIGIN REDIRIS.ES.
+SUN IN A 130.206.1.2
+$ORIGIN SEKER.ES.
+CORREOS IN A 194.179.87.1
+$ORIGIN TELECOM.NET.ET.
+NS IN A 196.27.22.43
+$ORIGIN FM.
+FM03 IN A 206.49.89.4
+FM01 IN A 206.49.89.2
+$ORIGIN NPLUS.GF.
+NS1 IN A 195.6.144.3
+$ORIGIN trns.
+f IN A 209.133.38.16
+d IN A 207.112.147.14
+e IN A 145.89.234.7
+c IN A 212.172.21.254
+a IN A 64.6.65.10
+$ORIGIN IRD.FR.
+NS IN A 195.83.14.1
+$ORIGIN BONDY.IRD.FR.
+MALAKULA IN A 193.50.53.1
+$ORIGIN RAIN.FR.
+BOW IN A 194.51.3.49
+$ORIGIN imag.FR.
+isis IN A 129.88.32.24
+imag IN A 129.88.30.1
+$ORIGIN INRIA.FR.
+DNS IN A 193.51.208.13
+$ORIGIN NIC.FR.
+NS2 IN A 192.93.0.4
+NS1 IN A 192.93.0.1
+NS3 IN A 192.134.0.49
+$ORIGIN GH.GL.
+KAASASSUK IN A 194.177.232.3
+$ORIGIN TELE.GL.
+TGSERV IN A 194.177.224.7
+$ORIGIN COMMIT.GM.
+NS1 IN A 63.77.152.177
+$ORIGIN MRC.GM.
+NS1 IN A 212.60.69.1
+$ORIGIN INTNET.GQ.
+BOW IN A 195.101.152.253
+$ORIGIN AIX.GR.
+NIC IN A 195.130.89.210
+$ORIGIN GRNET.GR.
+FOO IN A 194.177.210.211
+NIC IN A 194.177.210.210
+$ORIGIN CSI.FORTH.GR.
+ESTIA IN A 139.91.191.3
+$ORIGIN ICS.FORTH.GR.
+DNS1 IN A 139.91.151.70
+GRDNS IN A 139.91.1.1
+$ORIGIN HKU.HK.
+HKUXB IN A 147.8.16.15
+$ORIGIN CUHK.EDU.HK.
+NS2 IN A 137.189.6.21
+NS1 IN A 137.189.6.1
+$ORIGIN CONCYT.GOB.GT.
+NS IN A 168.234.106.2
+$ORIGIN UVG.EDU.GT.
+NS IN A 168.234.68.2
+$ORIGIN ID.
+NS1 IN A 202.155.30.227
+$ORIGIN AC.ID.
+NS IN A 202.159.124.34
+$ORIGIN GU.
+NS IN A 168.123.4.10
+$ORIGIN EDU.GU.
+NS IN A 168.123.2.50
+$ORIGIN REGISTRY.HM.
+NS2 IN A 209.54.168.55
+NS3 IN A 202.169.102.24
+NS1 IN A 204.144.183.78
+$ORIGIN CONNECT.IE.
+AUTH01 IN A 194.106.128.50
+$ORIGIN DOMAINREGISTRY.IE.
+BANBA IN A 193.1.142.2
+$ORIGIN VIA-NET-WORKS.IE.
+ICE IN A 212.17.32.2
+$ORIGIN HONDUTEL.HN.
+MIRAF-SERVER3 IN A 206.48.104.142
+$ORIGIN SRCE.HR.
+DNS IN A 161.53.3.7
+$ORIGIN HUJI.AC.IL.
+RELAY IN A 128.139.6.1
+$ORIGIN TAU.AC.IL.
+ARISTO IN A 132.66.32.10
+$ORIGIN NIC.JE.
+NS1 IN A 216.110.45.224
+$ORIGIN SZTAKI.HU.
+NS2 IN A 193.225.86.1
+$ORIGIN NIC.HU.
+NS IN A 193.6.27.62
+$ORIGIN NCST.ERNET.IN.
+NAAMAK IN A 202.41.110.66
+SS585 IN A 202.141.150.18
+$ORIGIN NIC.IO.
+NS IN A 194.205.62.100
+$ORIGIN NIC.IR.
+NS1 IN A 194.225.70.83
+$ORIGIN IS.
+ISGATE IN A 193.4.58.51
+$ORIGIN IUNET.IT.
+DNS2 IN A 192.106.1.31
+NS IN A 192.106.1.1
+$ORIGIN INFN.IT.
+SERVER2 IN A 131.154.1.3
+$ORIGIN CNR.IT.
+NAMESERVER IN A 194.119.192.34
+$ORIGIN IAT.CNR.IT.
+ITGBOX IN A 146.48.65.46
+$ORIGIN NETTUNO.IT.
+BOLOGNA IN A 193.43.2.5
+$ORIGIN NIC.IT.
+DNS IN A 193.205.245.5
+$ORIGIN JM.
+NS IN A 196.2.1.6
+$ORIGIN CAST.EDU.JM.
+NS IN A 200.9.115.2
+$ORIGIN NIC.GOV.JO.
+AMRA IN A 193.188.66.103
+PETRA IN A 193.188.66.2
+$ORIGIN KG.
+NS IN A 195.38.160.36
+$ORIGIN AD.JP.
+NIC IN A 202.12.30.33
+$ORIGIN ocn.AD.JP.
+ns-tk012 IN A 203.139.160.74
+$ORIGIN IIJ.AD.JP.
+NS0 IN A 202.232.2.34
+$ORIGIN SINET.AD.JP.
+NS-JP IN A 150.100.2.3
+$ORIGIN SPIN.AD.JP.
+DNS0 IN A 165.76.0.98
+$ORIGIN NIC.AD.JP.
+ns2 IN A 202.12.30.133
+TRF IN A 192.41.192.2
+NS-JP IN A 61.120.151.100
+NS0 IN A 202.12.30.131
+ns1 IN A 202.12.30.33
+$ORIGIN WIDE.AD.JP.
+NS IN A 203.178.136.63
+$ORIGIN co.JP.
+ IN MX 10 integra.s-integra.co.jp.
+$ORIGIN s-integra.co.JP.
+integra IN A 210.162.202.34
+$ORIGIN UUCP.NE.JP.
+NS2 IN A 210.141.111.69
+$ORIGIN DNS.NET.KH.
+NS1 IN A 203.127.100.21
+$ORIGIN org.
+netsage IN A 209.67.235.38
+ietf IN A 132.151.1.19
+ IN MX 10 odin.ietf.org.
+vmba IN MX 10 gro.dd.org.
+bnfinfo IN MX 10 mail.sover.net.
+ IN MX 20 mqueue.sover.net.
+dd IN MX 10 gro.dd.org.
+ IN MX 50 mqueue.sover.net.
+ IN MX 100 mail.uu.net.
+vtvast IN A 207.217.96.38
+ IN A 207.217.96.39
+ IN A 207.217.96.40
+ IN A 207.217.96.41
+ IN A 207.217.96.42
+ IN A 207.217.96.43
+ IN A 207.217.96.44
+ IN A 207.217.96.45
+ IN A 207.217.96.28
+ IN A 207.217.96.29
+ IN A 207.217.96.30
+ IN A 207.217.96.31
+ IN A 207.217.96.32
+ IN A 207.217.96.33
+ IN A 207.217.96.34
+ IN A 207.217.96.35
+ IN A 207.217.96.36
+ IN A 207.217.96.37
+ IN MX 10 vipmailgate.earthlink.net.
+gazpacho IN A 209.67.235.38
+bikeclub IN MX 20 pop.shoreham.net.
+ IN MX 50 smtp.america.net.
+giffordmed IN A 130.189.100.57
+ IN MX 20 quest-net.com.
+ IN MX 10 mail.giffordmed.org.
+isc IN A 204.152.184.101
+icann IN MX 100 mail.icann.org.
+ IN MX 95 mailhub.icann.org.
+xaos IN A 24.93.15.22
+ IN TXT "XAOS Associates Online Services"
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+ IN LOC 43 02 20.000 N 77 43 12.000 W 170.00m 1.00m 30.00m 10.00m
+mmuuf IN MX 10 gro.dd.org.
+reptiles IN A 198.96.117.142
+ IN MX 10 mail2.reptiles.org.
+ IN MX 20 mail.vex.net.
+ IN MX 5 mail.reptiles.org.
+iscvt IN A 207.136.209.132
+ IN MX 10 isc-01.iscvt.org.
+ IN MX 20 mqueue.sover.net.
+mailinglists IN A 63.160.175.18
+lawlinevt IN MX 20 mqueue.sover.net.
+ IN MX 10 host3.vtlegalaid.org.
+mail-abuse IN A 204.152.184.74
+$ORIGIN SECTOR001.org.
+NS0 IN A 24.4.49.117
+NS1 IN A 24.4.49.246
+$ORIGIN ML.org.
+MERCURY IN A 209.68.0.85
+$ORIGIN XBILL.org.
+NS IN A 204.152.186.163
+$ORIGIN spack.org.
+maus IN A 204.245.198.90
+$ORIGIN netsage.org.
+keith IN A 209.67.235.37
+www IN CNAME netsage.org.
+sure IN A 209.67.235.38
+$ORIGIN ietf.org.
+odin IN A 132.151.1.176
+www2 IN A 4.17.168.6
+www IN CNAME www2.ietf.org.
+$ORIGIN lux.dot-eu.org.
+ns0 IN A 195.206.105.102
+$ORIGIN the-frontier.org.
+ns2 IN A 216.86.199.115
+ns1 IN A 216.86.199.114
+$ORIGIN vmba.org.
+www IN MX 10 gro.dd.org.
+ IN A 209.198.103.206
+$ORIGIN WILLIAM.org.
+JOANNA IN A 195.153.6.2
+$ORIGIN FROGHOUSE.org.
+DNS IN A 207.121.69.243
+$ORIGIN VTLEGALAID.org.
+host3 IN A 207.136.208.115
+$ORIGIN dd.org.
+doubt IN A 209.198.103.193
+news IN CNAME gro.dd.org.
+gro IN A 209.198.103.200
+d IN A 209.198.103.199
+workgroup IN A 209.198.103.201
+dhcp1 IN A 209.198.103.194
+go IN A 209.198.103.198
+mail IN CNAME gro.dd.org.
+localhost IN A 127.0.0.1
+dhcp2 IN A 209.198.103.195
+www IN CNAME gro.dd.org.
+dhcp3 IN A 209.198.103.196
+dhcp4 IN A 209.198.103.197
+moderators IN CNAME moderators.isc.org.
+ns IN CNAME gro.dd.org.
+$ORIGIN gazpacho.org.
+keith IN A 209.67.235.37
+sure IN A 209.67.235.38
+$ORIGIN FLAME.org.
+DNS02 IN A 204.152.184.97
+www IN A 204.152.184.97
+DNS01 IN A 204.152.184.80
+$ORIGIN giffordmed.org.
+mail IN A 130.189.100.51
+$ORIGIN isc.org.
+isrv3-i IN A 204.152.184.87
+$ORIGIN energyenhancement.org.
+www IN A 216.121.175.228
+$ORIGIN icann.org.
+mailhub IN A 192.0.34.33
+mail IN A 198.32.1.99
+$ORIGIN PAPP.UNDP.org.
+PAPPSRV IN A 192.115.229.1
+$ORIGIN xaos.org.
+amethyst IN A 204.145.159.12
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+sure IN A 209.67.235.38
+taiyoo IN A 204.145.159.13
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+gw IN A 24.93.15.22
+reimei IN A 204.145.159.17
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+gwi IN A 204.145.159.2
+ IN HINFO "Firewall" "Gateway"
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+keith IN A 209.67.235.37
+axis IN A 204.145.159.20
+mail IN CNAME furii.xaos.org.
+all IN A 24.95.203.33
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+www IN CNAME gw.xaos.org.
+kadou IN A 204.145.159.14
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+furii IN A 204.145.159.11
+ IN MX 0 mail.xaos.org.
+ IN MX 5 gw.xaos.org.
+ftp IN CNAME gw.xaos.org.
+gwe IN CNAME gw.xaos.org.
+$ORIGIN PUNCHDOWN.org.
+NS IN A 140.174.131.100
+$ORIGIN mmuuf.org.
+www IN MX 10 gro.dd.org.
+ IN A 209.198.103.205
+$ORIGIN OPEN-RSC.org.
+ASLAN IN A 199.5.157.128
+UNICORN IN A 207.126.103.16
+$ORIGIN COGNOSCENTI.org.
+SYNAESTHESIA IN A 207.208.112.4
+ANAESTHESIA IN A 207.208.112.3
+$ORIGIN DC.IGC.org.
+NS IN A 199.75.208.10
+$ORIGIN mitre.org.
+DNSSRV1X IN A 199.94.97.51
+mbunix IN A 199.94.97.52
+DNSSRV3X IN A 198.76.173.100
+smtpproxy1 IN A 129.83.20.90
+linus IN A 129.83.10.1
+ IN MX 1 linus.mitre.org.
+ IN MX 5 smtpproxy1.mitre.org.
+ IN MX 10 smtpproxy2.mitre.org.
+smtpproxy2 IN A 128.29.154.90
+mwunix IN A 198.76.173.52
+$ORIGIN reptiles.org.
+mail IN A 198.96.117.157
+NS2 IN A 192.75.253.138
+NS IN A 198.96.117.136
+$ORIGIN ISPC.org.
+NS2 IN A 209.124.64.11
+NS3 IN A 207.230.32.23
+NS1 IN A 207.106.7.7
+$ORIGIN IGC.APC.org.
+NS1 IN A 192.82.108.38
+$ORIGIN iscvt.org.
+isc-01 IN A 207.136.209.131
+$ORIGIN FLIRBLE.org.
+NS0 IN A 195.40.6.20
+$ORIGIN SANS.org.
+SERVER1 IN A 167.216.133.33
+$ORIGIN LTWCC.org.
+NS2 IN A 12.33.66.62
+NS1 IN A 12.33.66.61
+$ORIGIN CMHNET.org.
+elektro IN A 192.188.133.3
+$ORIGIN SNPT.KM.
+BOW IN A 195.101.19.253
+$ORIGIN ONPT.NET.MA.
+MASSIRA IN A 206.103.26.1
+$ORIGIN IAM.NET.MA.
+DNS2 IN A 212.217.0.12
+DNS3 IN A 212.217.1.1
+DNS1 IN A 212.217.0.1
+$ORIGIN KREONET.RE.KR.
+NS IN A 134.75.30.1
+$ORIGIN KREN.NE.KR.
+NS IN A 147.47.1.1
+$ORIGIN NIC.LK.
+NS IN A 192.248.1.65
+$ORIGIN NIC.MC.
+NS IN A 195.78.6.131
+$ORIGIN 110.16.12.IN-ADDR.ARPA.
+35 IN CNAME 35.32/27.110.16.12.in-addr.arpa.
+$ORIGIN 32/27.110.16.12.IN-ADDR.ARPA.
+35 IN PTR mail.nova-data.com.
+$ORIGIN 0.0.127.IN-ADDR.ARPA.
+1 IN PTR localhost.
+$ORIGIN 184.152.204.IN-ADDR.ARPA.
+87 IN PTR isrv3-i.isc.org.
+$ORIGIN 187.152.204.IN-ADDR.ARPA.
+59 IN PTR shell.nominum.com.
+$ORIGIN 131.127.204.IN-ADDR.ARPA.
+47 IN PTR mtiwmhc22.worldnet.att.net.
+$ORIGIN 198.245.204.IN-ADDR.ARPA.
+90 IN PTR maus.spack.org.
+$ORIGIN 159.145.204.IN-ADDR.ARPA.
+12 IN PTR amethyst.xaos.org.
+13 IN PTR taiyoo.xaos.org.
+14 IN PTR kadou.xaos.org.
+17 IN PTR reimei.xaos.org.
+20 IN PTR axis.xaos.org.
+2 IN PTR gwi.xaos.org.
+11 IN PTR furii.xaos.org.
+$ORIGIN 241.5.198.IN-ADDR.ARPA.
+38 IN PTR cmr0.ash.ops.us.uu.net.
+39 IN PTR cmr1.ash.ops.us.uu.net.
+$ORIGIN 241.103.199.IN-ADDR.ARPA.
+218 IN PTR abyssinian.sleepycat.com.
+$ORIGIN 153.66.206.IN-ADDR.ARPA.
+12 IN PTR d.dd.org.
+102 IN PTR gro.dd.org.
+128 IN PTR www.vmba.org.
+1 IN PTR workgroup.dd.org.
+2 IN PTR doubt.dd.org.
+136 IN PTR www.mmuuf.org.
+4 IN PTR nila.dd.org.
+10 IN PTR go.dd.org.
+$ORIGIN 84.198.209.IN-ADDR.ARPA.
+242 IN PTR dlawren-gw.burl.sover.net.
+$ORIGIN 87.198.209.IN-ADDR.ARPA.
+52 IN PTR mqueue0.sover.net.
+$ORIGIN 103.198.209.IN-ADDR.ARPA.
+198 IN CNAME 198.192.103.198.209.in-addr.arpa.
+205 IN CNAME 205.192.103.198.209.in-addr.arpa.
+199 IN CNAME 199.192.103.198.209.in-addr.arpa.
+206 IN CNAME 206.192.103.198.209.in-addr.arpa.
+193 IN CNAME 193.192.103.198.209.in-addr.arpa.
+200 IN CNAME 200.192.103.198.209.in-addr.arpa.
+201 IN CNAME 201.192.103.198.209.in-addr.arpa.
+$ORIGIN 192.103.198.209.IN-ADDR.ARPA.
+202 IN PTR fraud.dd.org.
+195 IN PTR dhcp2.dd.org.
+203 IN PTR fraud.dd.org.
+196 IN PTR dhcp3.dd.org.
+204 IN PTR ppp.dd.org.
+197 IN PTR dhcp4.dd.org.
+205 IN PTR www.mmuuf.org.
+198 IN PTR go.dd.org.
+206 IN PTR www.vmba.org.
+199 IN PTR d.dd.org.
+207 IN PTR broadcast.dd.org.
+200 IN PTR gro.dd.org.
+193 IN PTR doubt.dd.org.
+201 IN PTR workgroup.dd.org.
+194 IN PTR dhcp1.dd.org.
+$ORIGIN 133.188.192.IN-ADDR.ARPA.
+3 IN PTR elektro.com.
+$ORIGIN 206.203.192.IN-ADDR.ARPA.
+9 IN PTR ice.WonderWorks.COM.
+$ORIGIN 2.39.137.IN-ADDR.ARPA.
+3 IN PTR New-York4.NY.ALTER.NET.
+$ORIGIN 126.39.137.IN-ADDR.ARPA.
+10 IN PTR Fddi0-0.New-York4.NY.ALTER.NET.
+$ORIGIN IRD.MG.
+ANTANA IN A 194.214.107.1
+$ORIGIN NIC.MG.
+NS IN A 194.214.107.253
+$ORIGIN KW.
+DNS2 IN A 161.252.48.150
+DNS1 IN A 161.252.48.140
+$ORIGIN MOC.KW.
+NCC IN A 196.1.69.98
+$ORIGIN NET.NA.
+GRUMPY IN A 196.20.23.1
+$ORIGIN RELCOM.KZ.
+NS IN A 212.110.240.65
+$ORIGIN MARNET.MK.
+KITKA IN A 194.149.131.2
+$ORIGIN SC-UNI.KTU.LT.
+NEMUNAS IN A 193.219.32.13
+$ORIGIN SOTELMA.ML.
+ASKIA IN A 208.144.230.3
+$ORIGIN DNS.LU.
+NS2 IN A 158.64.229.3
+NS5 IN A 194.246.96.193
+NS1 IN A 158.64.229.2
+$ORIGIN INTNET.NE.
+BOW IN A 194.51.164.253
+$ORIGIN MN.
+MAGIC IN A 202.131.0.10
+$ORIGIN NF.
+NS2 IN A 203.12.249.101
+NS1 IN A 203.12.249.100
+$ORIGIN LATNET.LV.
+NS2 IN A 159.148.108.1
+NS IN A 159.148.60.2
+$ORIGIN UMAC.MO.
+UMACSN2 IN A 161.64.3.2
+NS2 IN A 161.64.7.2
+UMACSN1 IN A 161.64.3.1
+NS1 IN A 161.64.7.1
+$ORIGIN NI.
+NS IN A 165.98.1.2
+ IN A 200.30.36.8
+$ORIGIN TMX.COM.NI.
+NS IN A 205.218.253.2
+$ORIGIN UNIV-NKC.MR.
+DNS2 IN A 193.251.145.154
+DNS1 IN A 193.251.145.155
+$ORIGIN SVIANED.nl.
+NS IN A 143.177.1.3
+$ORIGIN secondary.nl.
+ns2 IN A 194.229.138.6
+$ORIGIN DOMAIN-REGISTRY.nl.
+NS2 IN A 193.176.144.130
+NS IN A 193.176.144.2
+$ORIGIN MT.
+NS IN A 193.188.47.252
+$ORIGIN DHIRAAGU.MV.
+NS IN A 202.1.192.196
+$ORIGIN NO.
+NAC IN A 129.240.2.40
+ALCANET IN MX 15 tyholt.uninett.no.
+ IN MX 20 nac.no.
+ IN A 158.39.5.5
+$ORIGIN UIO.NO.
+IFI IN A 129.240.64.2
+$ORIGIN SOL.NO.
+NS1 IN A 195.225.2.10
+$ORIGIN uit.NO.
+benoni IN A 129.242.4.254
+$ORIGIN ALCANET.NO.
+NS IN A 193.213.238.10
+$ORIGIN UNINETT.NO.
+aun IN A 129.241.1.99
+tyholt IN A 158.38.60.10
+NN IN A 158.38.0.181
+$ORIGIN alcatel.NO.
+ns2 IN A 193.213.238.2
+$ORIGIN UNINET.NET.MX.
+MEX1-M-213 IN A 200.33.146.213
+$ORIGIN AVANTEL.NET.MX.
+DNS1 IN A 200.33.213.66
+$ORIGIN UNAM.MX.
+NS IN A 132.248.253.1
+$ORIGIN NIC.MX.
+NS IN A 200.23.1.1
+$ORIGIN MOS.COM.NP.
+SHIKHAR IN A 202.52.255.5
+$ORIGIN MY.
+MIMOS IN A 192.228.128.18
+JARING IN A 192.228.128.20
+$ORIGIN JARING.MY.
+GATEN IN A 161.142.227.17
+GATE1 IN A 161.142.2.17
+$ORIGIN PA.
+NS IN A 168.77.8.2
+$ORIGIN USMA.AC.PA.
+VASCO IN A 208.141.92.2
+$ORIGIN UEM.MZ.
+ZEBRA IN A 196.3.96.67
+OCEANO IN A 196.3.96.69
+DZOWO IN A 196.3.96.66
+$ORIGIN CENPAC.NET.NR.
+NRWEB IN A 203.98.224.66
+$ORIGIN NIC.NU.
+NS IN A 128.11.47.50
+$ORIGIN DE.NIC.NU.
+NS0 IN A 216.200.116.40
+$ORIGIN TELIA.NIC.NU.
+NS0 IN A 212.181.91.4
+$ORIGIN NS.NIC.NU.
+NZ IN A 203.97.132.66
+$ORIGIN OMANTEL.NET.OM.
+OM4 IN A 206.49.101.5
+OM10 IN A 206.49.101.6
+$ORIGIN RCP.NET.PE.
+ICHU IN A 161.132.5.14
+$ORIGIN MANA.PF.
+NS2 IN A 202.3.225.20
+NS1 IN A 202.3.225.10
+$ORIGIN QATAR.NET.QA.
+NS2 IN A 212.77.192.13
+NS3 IN A 212.77.192.15
+NS1 IN A 212.77.192.10
+$ORIGIN CLEAR.NET.NZ.
+NS2 IN A 203.97.37.14
+NS1 IN A 203.97.33.14
+$ORIGIN DNS.NET.NZ.
+NS1 IN A 202.46.161.3
+$ORIGIN IHUG.NET.NZ.
+NS2 IN A 203.29.160.2
+$ORIGIN XTRA.CO.NZ.
+GORGON IN A 202.27.158.34
+$ORIGIN WAIKATO.AC.NZ.
+NS99 IN A 130.217.76.27
+$ORIGIN VUW.AC.NZ.
+RATA IN A 130.195.2.11
+$ORIGIN MCS.VUW.AC.NZ.
+DOWNSTAGE IN A 130.195.6.10
+CIRCA IN A 130.195.5.12
+$ORIGIN PL.
+from IN A 212.160.132.114
+$ORIGIN NASK.ORG.PL.
+BILBO IN A 148.81.16.51
+ IN A 195.187.245.51
+$ORIGIN pbks.PL.
+alf IN A 195.205.33.200
+$ORIGIN CYFRONET.KRAKOW.PL.
+NMS IN A 149.156.1.3
+$ORIGIN MAN.LODZ.PL.
+DNS2 IN A 212.51.192.5
+$ORIGIN ispid.com.PL.
+trurl IN A 195.150.99.3
+$ORIGIN itnet.com.PL.
+emerald IN A 195.116.64.3
+$ORIGIN ELEKTRON.PL.
+AMBER IN A 195.117.6.10
+$ORIGIN macrosoft.WAW.PL.
+front IN A 194.196.86.66
+$ORIGIN NASK.WAW.PL.
+ARWENA IN A 193.59.201.28
+$ORIGIN webtech.elk.PL.
+tornado IN A 212.244.162.100
+$ORIGIN IKP.PL.
+NS3 IN A 157.25.5.30
+$ORIGIN TPSA.PL.
+DNS2 IN A 194.204.152.34
+$ORIGIN uwm.EDU.PL.
+matrix IN A 213.184.3.136
+$ORIGIN FUW.EDU.PL.
+DNS IN A 193.0.80.11
+$ORIGIN UPRR.PR.
+PASCAL IN A 134.202.1.120
+DESCARTES IN A 134.202.1.125
+$ORIGIN NCC.UP.PT.
+CIUP1 IN A 193.136.51.52
+$ORIGIN FCCN.PT.
+DNS IN A 193.136.192.10
+$ORIGIN DNS.PT.
+NS IN A 193.136.0.1
+$ORIGIN TELEPAC.PT.
+NS1 IN A 194.65.3.20
+VIVALDI IN A 194.65.3.21
+$ORIGIN CNC.UNA.PY.
+SCE IN A 200.10.228.133
+NS IN A 200.10.228.132
+$ORIGIN ISU.NET.SA.
+NS1 IN A 212.26.18.3
+$ORIGIN KACST.EDU.SA.
+NS IN A 212.26.44.3
+$ORIGIN COM.SB.
+PIJIN IN A 202.139.42.10
+$ORIGIN SOLOMON.COM.SB.
+OLKETA IN A 202.139.42.4
+$ORIGIN cafax.SE.
+ns IN A 192.71.228.17
+$ORIGIN LTH.SE.
+NIC IN A 130.235.20.3
+$ORIGIN SUNET.SE.
+SUNIC IN A 192.36.125.2
+$ORIGIN PACIFIC.NET.SG.
+NS1 IN A 192.169.33.3
+$ORIGIN NIC.NET.SG.
+DS IN A 202.42.194.205
+$ORIGIN SINGNET.COM.SG.
+DNSSEC2 IN A 195.13.10.226
+DNSSEC3 IN A 165.21.100.11
+DNSSEC1 IN A 165.21.83.11
+$ORIGIN RNC.RO.
+NS-A IN A 192.162.16.31
+NS IN A 192.162.16.21
+$ORIGIN NIC.SH.
+NS IN A 194.205.62.60
+$ORIGIN ARNES.SI.
+KANIN IN A 193.2.1.66
+SREBRNJAK IN A 193.2.1.91
+$ORIGIN INTERNET.SK.
+NS IN A 192.108.130.91
+$ORIGIN EUNET.SK.
+NS IN A 192.108.130.33
+$ORIGIN NETLAB.SK.
+NS IN A 195.168.1.4
+$ORIGIN SIERRATEL.SL.
+NS IN A 194.133.124.5
+$ORIGIN INTNET.TD.
+BOW IN A 193.251.147.253
+$ORIGIN RU.
+ok IN A 195.2.83.162
+ IN MX 50 mail.ok.ru.
+ IN MX 100 relay1.aha.ru.
+ IN MX 300 relay3.aha.ru.
+$ORIGIN aha.RU.
+ns1 IN A 195.2.80.142
+$ORIGIN ok.RU.
+mail IN A 195.2.83.162
+ns IN A 195.2.64.36
+$ORIGIN INTELCOM.SM.
+DNS IN A 194.183.64.11
+$ORIGIN OMNIWAY.SM.
+DNS IN A 194.183.64.10
+$ORIGIN UCAD.SN.
+NS IN A 196.1.95.1
+$ORIGIN NIC.TJ.
+NS2 IN A 209.77.224.1
+NS1 IN A 209.77.250.1
+$ORIGIN SPB.SU.
+NS IN A 193.124.83.69
+$ORIGIN RICC.ALMA-ATA.SU.
+NS IN A 194.87.112.4
+$ORIGIN DEMOS.SU.
+NS IN A 194.87.0.8
+ IN A 194.87.0.9
+$ORIGIN RED.SV.
+CIR IN A 168.243.254.1
+$ORIGIN GOB.SV.
+CONACYT IN A 168.243.64.2
+ANTEL IN A 168.243.65.1
+$ORIGIN ATI.TN.
+NS IN A 193.95.66.10
+$ORIGIN TO.
+TONIC IN A 206.184.59.10
+COLO IN A 206.86.247.253
+$ORIGIN TDC.TO.
+NS1 IN A 206.86.247.250
+$ORIGIN SY.
+EARTH IN A 195.22.198.6
+$ORIGIN VATICAN.VA.
+MICHAEL IN A 212.77.0.2
+$ORIGIN METU.EDU.TR.
+NS2 IN A 144.122.199.93
+NS1 IN A 144.122.199.90
+$ORIGIN NIC.UK.
+NS1 IN A 195.66.240.130
+$ORIGIN AXION.BT.CO.UK.
+DNS0 IN A 132.146.5.1
+$ORIGIN ADVSYS.CO.UK.
+BARNEY IN A 194.72.124.2
+$ORIGIN WR.UMIST.AC.UK.
+AARDVARK IN A 130.88.146.3
+$ORIGIN UCL.AC.UK.
+ IN A 128.16.5.31
+ IN MX 10 bells.cs.ucl.ac.uk.
+ IN MX 11 haig.cs.ucl.ac.uk.
+$ORIGIN CS.UCL.AC.UK.
+haig IN A 128.16.6.8
+bells IN A 128.16.5.31
+NS1 IN A 128.16.5.32
+$ORIGIN surrey.AC.UK.
+info-server IN A 131.227.102.6
+eim IN MX 6 phoebe.eim.surrey.ac.uk.
+ IN MX 6 prue.eim.surrey.ac.uk.
+$ORIGIN eim.surrey.AC.UK.
+prue IN A 131.227.76.5
+phoebe IN A 131.227.74.4
+$ORIGIN MHS-RELAY.AC.UK.
+SUN IN A 128.86.8.25
+$ORIGIN NIC.TT.
+DNS IN A 24.3.198.194
+$ORIGIN REACCIUN.VE.
+DNS2 IN A 150.188.4.212
+DNS IN A 150.188.4.210
+$ORIGIN ULA.VE.
+AZMODAN IN A 150.185.130.16
+$ORIGIN UTZ.
+NS2 IN A 160.124.112.10
+NS3 IN A 160.124.147.1
+NS1 IN A 160.124.48.4
+$ORIGIN NIC.TV.
+NS4 IN A 207.151.24.23
+NS2 IN A 208.184.1.167
+NS6 IN A 64.56.165.153
+NS7 IN A 64.69.172.153
+NS1 IN A 209.143.242.138
+$ORIGIN EDU.TW.
+MOEVAX IN A 140.111.1.2
+$ORIGIN vt.us.
+state IN MX 10 mx1.state.vt.us.
+ IN MX 10 mx2.state.vt.us.
+$ORIGIN k12.vt.us.
+ns2 IN A 170.222.64.130
+morristown IN MX 0 mail.k12.vt.us.
+ns1 IN A 170.222.64.130
+jericho IN MX 0 mail.k12.vt.us.
+founders IN MX 0 mail.k12.vt.us.
+$ORIGIN state.vt.us.
+srs IN A 159.105.101.150
+ IN MX 0 srs.srs.state.vt.us.
+ IN MX 10 mx1.state.vt.us.
+ IN MX 10 mx2.state.vt.us.
+defgen IN MX 0 mail.state.vt.us.
+ IN MX 10 mx1.state.vt.us.
+ IN MX 10 mx2.state.vt.us.
+ IN MX 5 vtagr02.agr.state.vt.us.
+ IN MX 15 mx1.state.vt.us.
+ IN MX 20 mx2.state.vt.us.
+mail IN A 170.222.64.134
+ns1 IN A 159.105.23.130
+ns2 IN A 170.222.64.130
+$ORIGIN srs.state.vt.us.
+srs IN A 159.105.101.150
+$ORIGIN agr.state.vt.us.
+vtagr04 IN A 159.105.50.4
+vtagr02 IN A 159.105.50.2
+$ORIGIN anr.state.vt.us.
+dec IN MX 10 mx1.state.vt.us.
+ IN MX 10 mx2.state.vt.us.
+ IN MX 0 dec.anr.state.vt.us.
+ IN A 159.105.46.4
+$ORIGIN pha.pa.us.
+candle IN A 162.33.245.46
+$ORIGIN CNRI.reston.va.us.
+NS IN A 132.151.1.1
+$ORIGIN boston.MA.us.
+foxharp IN MX 10 bparker.connactivity.com.
+$ORIGIN ns.foxharp.boston.MA.us.
+a IN A 24.147.209.205
+$ORIGIN STARFIRE.DOUGLAS.MA.us.
+NS2 IN A 216.129.136.9
+DNS IN A 206.225.44.40
+NS1 IN A 216.129.136.9
+$ORIGIN NIC.us.
+USDNS IN A 198.41.3.87
+$ORIGIN sf.ca.us.
+asylum IN A 192.48.232.17
+$ORIGIN palo-alto.ca.us.
+mejac IN A 192.147.236.1
+$ORIGIN VN.
+DNS1 IN A 203.162.3.235
+$ORIGIN EDU.UY.
+SECIU IN A 164.73.128.5
+$ORIGIN UZ.
+NS IN A 213.68.88.11
+$ORIGIN NOC.UZ.
+NS IN A 194.67.52.42
+$ORIGIN VANUATU.COM.VU.
+SANTO IN A 202.139.40.7
+FUTUNA IN A 202.139.40.3
+EFATE IN A 202.139.40.5
+$ORIGIN nic.mnet.
+ns2 IN A 208.109.83.110
+ns1 IN A 216.61.39.172
+$ORIGIN DNS.WS.
+NS4 IN A 216.52.234.102
+NS2 IN A 216.35.187.250
+NS1 IN A 202.4.48.217
+NS5 IN A 216.35.188.8
+NS3 IN A 216.52.234.99
+$ORIGIN UCT.AC.ZA.
+UCTHPX IN A 137.158.128.1
+$ORIGIN FRD.AC.ZA.
+APIES IN A 137.214.80.1
+$ORIGIN EE.UND.AC.ZA.
+DAISY IN A 146.230.192.18
+$ORIGIN RU.AC.ZA.
+HIPPO IN A 146.231.128.1
+$ORIGIN UNZA.ZM.
+PUKU IN A 196.7.240.1
+$ORIGIN NIC.YU.
+NS1 IN A 147.91.8.6
+$ORIGIN TELEKOM.YU.
+ODISEJ IN A 195.178.32.2
+$ORIGIN gtld-servers.ORSC.
+b IN A 216.13.126.116
+$ORIGIN ROOT-SERVERS.ORSC.
+B IN A 216.13.126.116
+C IN A 65.196.80.102
+A IN A 199.166.24.1
+$ORIGIN ZPTC.CO.ZW.
+TELCOM IN A 194.133.122.47
+$ORIGIN NIPR.MIL.
+PAC2 IN A 199.252.155.234
+EUR2 IN A 199.252.143.234
+CON2 IN A 199.252.173.234
+PAC1 IN A 199.252.180.234
+EUR1 IN A 199.252.154.234
+CON1 IN A 199.252.175.234
+$ORIGIN ARL.MIL.
+ADMII IN A 128.63.31.4
+ IN A 128.63.5.4
+$ORIGIN GOV.
+nps IN MX 5 ccmail.itd.nps.gov.
+ IN MX 10 ccmail2.itd.nps.gov.
+$ORIGIN STAT-USA.GOV.
+SUNNY IN A 192.239.70.8
+$ORIGIN NASA.GOV.
+jpl IN A 137.78.160.180
+NASANS4 IN A 198.116.144.33
+NASANS3 IN A 198.116.144.49
+NASANS1 IN A 192.77.84.32
+$ORIGIN NSI.NASA.GOV.
+MX IN A 128.102.18.31
+$ORIGIN CDC.GOV.
+NS2 IN A 198.246.96.92
+NS1 IN A 198.246.96.61
+$ORIGIN NIST.GOV.
+NS1 IN A 129.6.13.2
+$ORIGIN cr.USGS.GOV.
+ISDSUN IN A 136.177.16.3
+ns IN A 136.177.16.3
+rgfsparc IN A 136.177.164.192
+$ORIGIN ER.USGS.GOV.
+NS IN A 130.11.48.2
+$ORIGIN WR.USGS.GOV.
+ISDMNL IN A 130.118.4.2
+$ORIGIN DEN.nps.GOV.
+DENS20 IN A 165.83.24.20
+$ORIGIN ITD.nps.GOV.
+BIGBIRD IN A 165.83.208.5
+$ORIGIN AKSO.nps.GOV.
+INPAKSODNS IN A 165.83.49.9
+$ORIGIN WRO.nps.GOV.
+VANILLA IN A 165.83.71.3
+$ORIGIN NCC.nps.GOV.
+OWL IN A 165.83.34.60
+$ORIGIN net.
+FIREHOUSE IN A 63.160.175.19
+gbch IN MX 0 maxim.gbch.net.
+VERMONTEL IN A 63.167.45.2
+ IN MX 0 pop.vermontel.net.
+reedmedia IN A 63.145.197.178
+goldstats IN A 66.33.12.17
+zama IN A 203.142.132.46
+helicon IN A 63.93.137.2
+wetlogic IN MX 10 athome.wetlogic.net.
+188 IN A 202.96.125.100
+ IN A 202.96.125.101
+ IN MX 10 mx2.188.net.
+ IN MX 20 smtp.188.net.
+ IN MX 10 mx1.188.net.
+valley IN MX 0 lebanon.valley.net.
+primary IN A 216.87.34.253
+SOVER IN A 209.198.87.53
+ IN A 209.198.87.34
+ IN MX 10 mail.sover.net.
+ IN MX 20 mqueue.sover.net.
+UU IN MX 10 external-mail-router.UU.NET.
+connriver IN A 63.93.137.13
+ IN MX 10 ns.hcr.net.
+ IN MX 1 mailer.connriver.net.
+SHOREHAM IN A 199.170.121.2
+$ORIGIN cinenet.net.
+NS1 IN A 198.147.76.65
+$ORIGIN TOGETHER.net.
+NS2 IN A 204.97.120.31
+NS1 IN A 204.97.120.30
+$ORIGIN IPHIL.net.
+MAKISIG IN A 203.176.28.135
+$ORIGIN PLANET-THREE.net.
+NS2 IN A 212.49.219.190
+$ORIGIN FIREHOUSE.net.
+DNS2 IN A 63.160.175.18
+DNS1 IN A 63.160.175.19
+$ORIGIN space.net.
+ns IN A 195.30.0.1
+$ORIGIN DNS.space.net.
+NS4 IN A 195.222.210.93
+NS3 IN A 193.149.44.49
+$ORIGIN ALASKA.net.
+NS4-AUTH IN A 209.112.130.4
+NS1-AUTH IN A 209.112.160.4
+$ORIGIN FWIDCSERVICES.net.
+DEN-NS2 IN A 216.7.160.32
+IRV-NS1 IN A 216.23.160.51
+DEN-NS1 IN A 216.7.160.31
+NS1 IN A 64.78.224.58
+$ORIGIN BIJT.net.
+PAN IN A 213.196.2.97
+$ORIGIN SEABONE.net.
+DNS IN A 195.22.205.163
+$ORIGIN SPIN.OMNES.net.
+NS IN A 192.23.90.196
+$ORIGIN VERIO.net.
+NS2 IN A 129.250.31.190
+NS0 IN A 129.250.15.61
+NS1 IN A 204.91.99.140
+$ORIGIN NS.VERIO.net.
+B IN A 129.250.35.32
+T IN A 192.67.14.16
+$ORIGIN GNOSH.net.
+GRIN IN A 216.15.87.207
+$ORIGIN NEASE.net.
+NS2 IN A 202.103.134.4
+$ORIGIN CRSNIC.net.
+NS1 IN A 198.41.3.39
+$ORIGIN VERISIGN.net.
+MODOR IN A 205.139.94.55
+CITADEL IN A 205.139.94.15
+PAGOSA IN A 205.139.94.16
+KAOS IN A 208.202.137.126
+$ORIGIN terra.net.
+ns2 IN A 199.103.128.2
+ns1 IN A 199.103.128.1
+$ORIGIN ADMONITOR.net.
+NS-2 IN A 216.35.185.40
+ads IN A 216.35.185.145
+SC-NS1 IN A 64.70.20.85
+$ORIGIN NORDU.net.
+SERVER IN A 193.10.252.19
+$ORIGIN TELEGLOBE.net.
+CASTOR IN A 199.202.55.2
+$ORIGIN sodak.net.
+NS2 IN A 63.65.239.225
+RINGNECK IN A 63.65.238.65
+$ORIGIN gbch.net.
+MAXIM IN A 203.9.155.249
+$ORIGIN VERMONTEL.net.
+pop IN CNAME loomis.vermontel.net.
+NS2 IN A 204.164.106.8
+loomis IN A 204.164.106.19
+NS1 IN A 204.164.106.2
+$ORIGIN farm.net.
+ns IN A 216.112.179.160
+$ORIGIN NAP.net.
+NS2 IN A 206.54.224.1
+$ORIGIN AH.net.
+NS4 IN A 203.21.205.20
+NS2 IN A 203.21.205.1
+$ORIGIN NS.GDNS.net.
+LHR IN A 212.250.25.101
+DCA IN A 209.207.221.1
+$ORIGIN CONCENTRIC.net.
+NAMESERVER1 IN A 207.155.183.73
+NAMESERVER3 IN A 206.173.119.72
+NAMESERVER IN A 207.155.183.72
+NIC2 IN A 207.88.60.5
+NAMESERVER2 IN A 207.155.184.72
+$ORIGIN att.net.
+worldnet IN A 199.70.151.234
+$ORIGIN worldnet.att.net.
+ns3 IN A 204.127.160.1
+ns4 IN A 204.127.160.2
+mtiwmhc22 IN A 204.127.131.47
+ns1 IN A 204.127.129.1
+ns IN A 204.127.160.2
+ IN A 12.102.240.1
+ IN A 12.102.240.2
+ IN A 12.102.244.1
+ IN A 12.102.244.2
+ IN A 204.127.129.1
+ IN A 204.127.129.2
+ IN A 204.127.160.1
+ns2 IN A 204.127.129.2
+$ORIGIN OR.BR.NP.ELS-GMS.att.net.
+ORCU IN A 199.191.129.139
+$ORIGIN WY.BR.NP.ELS-GMS.att.net.
+WYCU IN A 199.191.128.43
+$ORIGIN OH.MT.NP.ELS-GMS.att.net.
+OHCU IN A 199.191.144.75
+$ORIGIN MA.MT.NP.ELS-GMS.att.net.
+MACU IN A 199.191.145.136
+$ORIGIN MT.NS.ELS-GMS.att.net.
+CMTU IN A 12.127.16.69
+DMTU IN A 12.127.16.70
+$ORIGIN BR.NS.ELS-GMS.att.net.
+CBRU IN A 199.191.128.105
+DBRU IN A 199.191.128.106
+$ORIGIN LEB.net.
+NS IN A 206.127.55.2
+$ORIGIN SEG.net.
+NS2 IN A 206.34.181.16
+NS1 IN A 206.34.181.15
+$ORIGIN romkey.SEG.net.
+ip1 IN A 207.121.69.234
+$ORIGIN ync.net.
+NS4 IN A 206.185.20.9
+NS2 IN A 216.34.185.21
+NS5 IN A 206.185.20.10
+NS3 IN A 206.185.20.8
+ns1 IN A 216.34.185.20
+$ORIGIN GLOBECOMM.net.
+NS2 IN A 165.251.1.3
+NS1 IN A 165.251.1.2
+$ORIGIN PREP.net.
+DNS-EAST IN A 129.250.252.10
+$ORIGIN EARTHLINK.net.
+NS4 IN A 209.179.179.19
+DNS2 IN A 207.217.77.12
+DNS3 IN A 207.217.120.13
+DNS4 IN A 209.179.179.18
+NS1 IN A 207.217.126.41
+NS2 IN A 207.217.77.42
+$ORIGIN SPRINTLINK.net.
+NS3-AUTH IN A 144.228.255.10
+NS2-AUTH IN A 144.228.254.10
+NS1-AUTH IN A 206.228.179.10
+$ORIGIN OP.net.
+NS1 IN A 209.152.193.4
+$ORIGIN CERNET.net.
+NS IN A 202.112.0.44
+$ORIGIN zenon.net.
+dns IN A 195.2.83.107
+$ORIGIN INFI.net.
+NS3 IN A 205.219.239.5
+NS4 IN A 216.33.106.19
+NS001 IN A 208.131.160.201
+NS1 IN A 198.22.1.107
+NS2 IN A 198.22.1.108
+$ORIGIN vh8.INFI.net.
+vh80040 IN A 209.97.59.245
+vh80167 IN A 209.97.57.116
+$ORIGIN vh4.INFI.net.
+vh40099 IN A 209.97.59.121
+$ORIGIN SCRUZ.net.
+NS2 IN A 165.227.2.10
+NS IN A 165.227.1.1
+$ORIGIN HINET.net.
+netnews IN A 168.95.195.16
+ IN MX 0 netnews.hinet.net.
+HNTP1 IN A 168.95.192.1
+HNTP3 IN A 168.95.192.2
+DNS IN A 168.95.1.1
+$ORIGIN reedmedia.net.
+ns2 IN A 209.241.86.6
+NS1 IN A 63.145.197.178
+$ORIGIN schnism.net.
+ns IN A 195.88.150.3
+$ORIGIN unlisys.net.
+mail IN A 195.21.255.252
+$ORIGIN AIC.net.
+NS IN A 195.250.64.65
+$ORIGIN PIPEX-SZ.net.
+NS IN A 196.15.232.19
+$ORIGIN DOMAINNT.net.
+DENEB IN A 207.211.220.90
+RIGEL IN A 212.0.205.5
+VEGA IN A 209.26.120.5
+POLARIS IN A 209.26.120.2
+ANTARES IN A 209.26.120.3
+$ORIGIN GUERNSEY.net.
+DNS2 IN A 195.226.128.3
+$ORIGIN usa.net.
+CNDVG001 IN A 165.212.12.1
+$ORIGIN OPS.usa.net.
+dns03 IN A 204.68.24.136
+DNS01 IN A 204.68.24.137
+$ORIGIN INR.net.
+NS2 IN A 198.77.208.3
+NS1 IN A 198.77.208.2
+$ORIGIN CP.MSFT.net.
+dns6 IN A 207.46.138.20
+DNS4 IN A 207.46.138.11
+dns7 IN A 207.46.138.21
+dns IN A 207.46.138.10
+DNS5 IN A 207.46.138.12
+$ORIGIN UK.MSFT.net.
+DNS4 IN A 213.199.144.152
+DNS3 IN A 213.199.144.151
+$ORIGIN TK.MSFT.net.
+DNS2 IN A 207.46.232.38
+DNS1 IN A 207.46.232.37
+$ORIGIN HHS.net.
+NS IN A 63.93.136.29
+$ORIGIN NEWACCOUNT.net.
+NS IN A 216.121.96.26
+$ORIGIN PBI.net.
+NS2 IN A 206.13.29.11
+NS1 IN A 206.13.28.11
+$ORIGIN timeheart.net.
+ns1 IN A 63.197.231.203
+$ORIGIN TOSA.TWTELECOM.net.
+INS2 IN A 204.95.160.4
+INS1 IN A 204.95.160.2
+$ORIGIN zama.net.
+NS2 IN A 203.142.130.5
+NS1 IN A 203.142.130.4
+$ORIGIN MINDLINK.net.
+GIANT IN A 204.174.18.2
+DEEP IN A 204.174.16.4
+$ORIGIN SER.BBNPLANET.net.
+KNOCK IN A 192.239.16.129
+$ORIGIN MEDIASERVICES.net.
+NS2 IN A 64.65.16.237
+NS IN A 64.65.15.147
+$ORIGIN KOLO.net.
+NS IN A 209.66.103.20
+$ORIGIN SEYCHELLES.net.
+NS1 IN A 202.84.235.33
+$ORIGIN BT.net.
+NS0 IN A 194.72.6.51
+$ORIGIN JERKY.net.
+NS1 IN A 204.57.55.100
+$ORIGIN CN.net.
+DNS2 IN A 202.97.18.61
+NS1 IN A 202.97.7.17
+NS IN A 202.97.16.195
+$ORIGIN runway.CN.net.
+ns IN A 211.101.132.8
+$ORIGIN APNIC.net.
+SVC00 IN A 202.12.28.131
+TECKLA IN A 202.12.28.129
+NS IN A 203.37.255.97
+$ORIGIN BELLSOUTH.net.
+NS IN A 205.152.0.5
+$ORIGIN ATL.BELLSOUTH.net.
+NS IN A 205.152.0.20
+$ORIGIN CL.BELLSOUTH.net.
+NS2 IN A 205.152.16.8
+NS3 IN A 205.152.32.8
+$ORIGIN MIA.BELLSOUTH.net.
+NS IN A 205.152.16.20
+$ORIGIN RDU.BELLSOUTH.net.
+NS IN A 205.152.32.20
+$ORIGIN 163.net.
+SHNS IN A 61.129.65.108
+BJNS IN A 202.108.255.202
+NS IN A 202.108.255.201
+$ORIGIN ca.us.ibm.net.
+ns02 IN A 165.87.201.243
+ns01 IN A 165.87.201.244
+$ORIGIN ny.us.ibm.net.
+ns01 IN A 165.87.194.244
+$ORIGIN CP.net.
+NS3 IN A 209.228.14.4
+NS1 IN A 209.228.15.4
+$ORIGIN tallship.net.
+falcon IN A 208.179.112.2
+condor IN A 12.28.140.20
+nomad IN A 204.107.129.2
+satan IN A 204.107.129.3
+rectum IN A 204.107.129.10
+$ORIGIN ns.tmcs.net.
+b IN A 209.104.33.252
+c IN A 209.104.39.252
+a IN A 209.104.63.252
+$ORIGIN pshift.net.
+mail IN A 208.153.85.30
+$ORIGIN CTCCOM.net.
+NS4 IN A 64.69.100.35
+NS3 IN A 64.69.100.67
+$ORIGIN cid.net.
+bofh IN A 212.172.21.254
+$ORIGIN PIPEX.net.
+NS0 IN A 158.43.128.8
+NS1 IN A 158.43.192.7
+$ORIGIN DNS.PIPEX.net.
+NS1-Y IN A 158.43.193.89
+NS0-Y IN A 158.43.129.89
+$ORIGIN SOTELMA.net.
+DOGON IN A 208.144.230.1
+CIWARA IN A 208.144.230.2
+$ORIGIN DK.net.
+NS IN A 193.88.44.42
+$ORIGIN HIGGS.net.
+ns2 IN A 204.80.125.145
+ns3 IN A 204.80.101.94
+ns IN A 204.80.101.90
+ns1 IN A 204.80.125.130
+PINE IN A 204.80.125.130
+$ORIGIN E-SYNC.net.
+NS2 IN A 192.206.57.128
+NS1 IN A 192.206.57.127
+$ORIGIN ABOVE.net.
+NS3 IN A 207.126.105.146
+NS IN A 207.126.96.162
+$ORIGIN COBEX.net.
+NS2 IN A 207.102.129.72
+NS1 IN A 207.102.129.71
+$ORIGIN NEO.net.
+NS2 IN A 206.109.7.65
+NS IN A 206.109.1.1
+$ORIGIN AFRIQ.net.
+BAABEN IN A 165.231.1.3
+NEENE IN A 165.231.1.2
+$ORIGIN CW.net.
+NS4 IN A 204.70.49.234
+NS2 IN A 204.70.57.242
+NS3 IN A 204.70.25.234
+NS IN A 204.70.128.1
+$ORIGIN hactrn.net.
+NS IN A 216.254.68.12
+$ORIGIN QUASAR.net.
+NS1 IN A 199.166.31.3
+$ORIGIN VERMONTLAW.net.
+NS1 IN A 63.89.26.15
+NS IN A 63.89.26.16
+$ORIGIN ICP.net.
+ICM1 IN A 192.94.207.66
+$ORIGIN wetlogic.net.
+athome IN CNAME c1059495-a.snvl1.sfba.home.com.
+$ORIGIN NY.ALTER.net.
+New-York4 IN A 137.39.126.10
+ IN A 137.39.2.3
+$ORIGIN pccf.net.
+proxy IN A 205.189.73.123
+$ORIGIN IS-FUN.net.
+NS4 IN A 212.162.54.34
+$ORIGIN GUA.net.
+OSI2 IN A 205.161.188.3
+$ORIGIN 2GLOBE.net.
+TERMINAL IN A 195.178.183.230
+NS IN A 195.178.183.200
+$ORIGIN SYS.GTEI.net.
+DNSAUTH2 IN A 4.2.49.3
+DNSAUTH3 IN A 4.2.49.4
+DNSAUTH1 IN A 4.2.49.2
+$ORIGIN SPEAKEASY.net.
+NS2 IN A 216.231.41.22
+NS1 IN A 216.254.0.9
+$ORIGIN PSI.net.
+NS2 IN A 38.8.50.2
+$ORIGIN DNS.UK.PSI.net.
+SEC1 IN A 154.32.105.34
+$ORIGIN ray.net.
+ns1 IN A 195.238.228.131
+$ORIGIN anycast.net.
+ns1 IN A 216.196.51.4
+$ORIGIN EP.net.
+FLAG IN A 198.32.4.13
+$ORIGIN SR.net.
+NS2 IN A 200.1.156.11
+NS1 IN A 200.1.157.10
+$ORIGIN IPTEK.net.
+CADDSYS IN A 202.46.1.2
+$ORIGIN NIC.XLINK.net.
+DNS IN A 193.141.40.42
+$ORIGIN NURSAT.net.
+NS2 IN A 212.13.167.1
+NS IN A 194.226.128.1
+$ORIGIN 188.net.
+smtp IN A 202.96.125.104
+mx2 IN A 202.96.125.101
+ns2 IN A 202.103.134.4
+mx1 IN A 202.96.125.100
+NS IN A 202.96.125.106
+$ORIGIN KORNET.net.
+NS IN A 168.126.63.1
+$ORIGIN CCSRS.net.
+NS2 IN A 206.253.214.73
+NS1 IN A 209.237.73.73
+$ORIGIN EU.net.
+NS IN A 192.16.202.11
+$ORIGIN USSR.EU.net.
+NS IN A 193.124.22.65
+$ORIGIN RELCOM.EU.net.
+NS IN A 193.124.23.3
+$ORIGIN AUSTRIA.EU.net.
+NS IN A 192.92.138.35
+NS3 IN A 193.154.160.110
+$ORIGIN hypa.net.
+ns2 IN A 63.160.181.11
+ns1 IN A 63.160.181.10
+ IN A 209.166.167.208
+$ORIGIN IDT.net.
+NS IN A 198.4.75.100
+$ORIGIN NS.IDT.net.
+AUTH2 IN A 169.132.133.1
+$ORIGIN ROOT-SERVERS.net.
+A IN A 198.41.0.4
+B IN A 128.9.0.107
+C IN A 192.33.4.12
+D IN A 128.8.10.90
+E IN A 192.203.230.10
+F IN A 192.5.5.241
+G IN A 192.112.36.4
+H IN A 128.63.2.53
+I IN A 192.36.148.17
+$ORIGIN I-DNS.net.
+D IN A 211.169.245.170
+B IN A 208.184.25.199
+F IN A 216.200.119.128
+E IN A 202.160.253.152
+C IN A 210.189.254.50
+A IN A 208.184.174.7
+$ORIGIN US.PRSERV.net.
+NS4 IN A 165.87.201.244
+NS1 IN A 165.87.194.244
+NS3 IN A 165.87.201.243
+$ORIGIN U-NET.net.
+NS0 IN A 194.119.128.65
+NS1 IN A 194.119.128.66
+$ORIGIN HS0.U-NET.net.
+NS0 IN A 194.119.128.70
+NS1 IN A 194.119.128.71
+$ORIGIN ULTRADNS.net.
+UDNS2 IN A 204.74.101.1
+UDNS1 IN A 204.69.234.1
+$ORIGIN WEBMAGIC.net.
+NS2 IN A 64.168.49.66
+NS1 IN A 209.119.182.2
+$ORIGIN HOST4U.net.
+NS2 IN A 209.150.129.3
+NS IN A 209.150.128.30
+$ORIGIN RCCN.net.
+DNS IN A 193.136.7.17
+$ORIGIN valley.net.
+lebanon IN A 198.115.160.16
+NS2 IN A 198.115.160.16
+DNS IN A 198.115.160.10
+$ORIGIN primary.net.
+dns2 IN A 205.242.187.235
+NS2 IN A 205.242.176.103
+dns1 IN A 205.242.187.234
+NS1 IN A 205.242.92.2
+$ORIGIN SQUONK.net.
+NS2 IN A 63.84.12.135
+NS1 IN A 63.84.12.133
+$ORIGIN IP-PLUS.net.
+NS1 IN A 164.128.36.34
+$ORIGIN TECHNOLOGIA.net.
+NS2 IN A 207.253.59.4
+NS1 IN A 207.253.214.199
+NS3 IN A 195.115.180.67
+$ORIGIN VI.net.
+NS2 IN A 212.78.64.10
+NS1 IN A 194.88.77.1
+$ORIGIN ISLES.net.
+RS IN A 212.100.224.90
+$ORIGIN SOVER.net.
+time IN CNAME garnet.sover.net.
+mqueue IN A 209.198.87.52
+etrn IN A 209.198.87.58
+garnet IN A 209.198.87.53
+MAPLE IN A 209.198.87.41
+CLOVER IN A 209.198.87.40
+mail IN A 209.198.87.53
+ IN A 209.198.87.34
+mqueue0 IN A 209.198.87.52
+$ORIGIN ACT2000.net.
+ACT2 IN A 207.42.132.227
+ACT1 IN A 207.42.132.226
+$ORIGIN AKADNS.net.
+ZA IN A 209.185.188.39
+ZB IN A 216.32.65.105
+ZC IN A 204.178.107.227
+ZD IN A 204.178.110.67
+ZE IN A 216.200.14.118
+ZF IN A 208.5.85.132
+ZG IN A 206.132.160.36
+ZH IN A 63.208.48.42
+$ORIGIN NS.ESAT.net.
+NS3 IN A 192.111.39.100
+$ORIGIN THEPLANET.net.
+EARTH IN A 195.92.195.222
+PLUTO IN A 194.207.6.30
+VENUS IN A 194.152.65.222
+$ORIGIN UU.net.
+uunet IN MX 10 Mail.uu.net.
+external-mail-router IN A 198.5.241.39
+ IN A 198.5.241.38
+ IN A 198.5.241.40
+NS IN A 137.39.1.3
+$ORIGIN NS.DE.UU.net.
+AUTH03 IN A 192.76.144.16
+$ORIGIN NS.UU.net.
+AUTH100 IN A 198.6.1.202
+AUTH00 IN A 198.6.1.65
+AUTH02 IN A 198.6.1.82
+AUTH03 IN A 198.6.1.83
+AUTH60 IN A 198.6.1.181
+AUTH61 IN A 198.6.1.182
+AUTH110 IN A 198.6.1.114
+AUTH50 IN A 198.6.1.161
+AUTH51 IN A 198.6.1.162
+$ORIGIN PIONEERNET.net.
+DNS2 IN A 208.240.196.10
+DNS1 IN A 208.240.196.9
+$ORIGIN HOME.net.
+NS2 IN A 24.2.0.27
+NS1 IN A 24.0.0.27
+$ORIGIN QUANTIFIED.net.
+NS2 IN A 63.212.171.3
+NS1 IN A 63.212.171.2
+$ORIGIN SECURE.net.
+NS2 IN A 161.58.9.10
+NS1 IN A 192.41.1.10
+$ORIGIN DSL.net.
+NS2 IN A 209.87.79.232
+NS1 IN A 209.87.64.70
+$ORIGIN JA.net.
+NS0 IN A 128.86.1.20
+ IN A 193.63.94.20
+$ORIGIN ULCC.JA.net.
+NOC IN A 193.63.94.25
+$ORIGIN CINE.net.
+NS2 IN A 207.168.250.12
+$ORIGIN ANS.net.
+NS-02B IN A 207.24.245.178
+NS-01B IN A 199.221.47.8
+NS-02A IN A 207.24.245.179
+NS-01A IN A 199.221.47.7
+$ORIGIN OAR.net.
+NS2 IN A 192.88.195.10
+NS1 IN A 192.88.193.144
+$ORIGIN MAHNET.net.
+NS2 IN A 207.219.173.132
+NS1 IN A 24.69.168.121
+$ORIGIN NCREN.net.
+REGGAE IN A 128.109.131.3
+NCNOC IN A 192.101.21.1
+$ORIGIN AMERICA.net.
+AUTH2 IN A 209.17.197.18
+AUTH1 IN A 209.17.197.2
+$ORIGIN EXODUS.net.
+NS2 IN A 207.82.198.150
+NS IN A 206.79.230.10
+NS3 IN A 206.79.240.13
+$ORIGIN NJ.EXODUS.net.
+NS2 IN A 209.1.10.234
+NS IN A 206.79.7.50
+$ORIGIN DOUBLECLICK.net.
+uunymdgds1 IN A 206.65.183.21
+dcnymdgds1 IN A 204.253.104.202
+exnjmdgds1 IN A 209.67.38.22
+dcnyadgds1 IN A 204.253.104.11
+bbvamdgds1 IN A 128.11.60.75
+exnjadgds1 IN A 209.67.38.48
+annyadgds1 IN A 208.184.29.250
+annyadgds2 IN A 208.184.29.252
+cwvamdgds1 IN A 205.138.3.240
+uucamdgds1 IN A 204.178.112.124
+cwvaadgds1 IN A 205.138.3.242
+spnjadgds1 IN A 208.32.211.70
+cwvaadgds2 IN A 205.138.3.243
+ctukadgds1 IN A 213.86.246.20
+tlseadgds1 IN A 194.237.107.6
+uusjmdgds1 IN A 204.176.177.20
+uuvamdgds1 IN A 204.178.112.168
+$ORIGIN DCNY.DOUBLECLICK.net.
+NS2 IN A 204.253.104.10
+NS1 IN A 208.211.225.10
+$ORIGIN UUSJ.DOUBLECLICK.net.
+NS1 IN A 204.176.177.10
+$ORIGIN CWVA.DOUBLECLICK.net.
+NS1 IN A 205.138.3.20
+$ORIGIN DSO.net.
+NS2 IN A 206.16.77.11
+NS1 IN A 206.16.77.10
+$ORIGIN GIP.net.
+NS2 IN A 204.59.1.222
+NS1 IN A 204.59.144.222
+NS3 IN A 204.59.64.222
+$ORIGIN AMNIC.net.
+NS IN A 195.250.64.90
+$ORIGIN TELSTRA.net.
+NS1 IN A 139.130.4.5
+$ORIGIN ELI.net.
+NS2 IN A 207.173.86.2
+NS IN A 209.63.0.2
+$ORIGIN TWNIC.net.
+NS IN A 192.83.166.11
+$ORIGIN BAHNHOF.net.
+NS2 IN A 212.85.64.4
+NS1 IN A 195.178.160.2
+$ORIGIN ivm.net.
+ns1 IN A 62.204.1.1
+$ORIGIN BEACHSHORE.net.
+NS1 IN A 199.166.31.250
+$ORIGIN TDS.net.
+NS IN A 204.246.1.20
+$ORIGIN FIRSTWORLD.net.
+NS4 IN A 216.7.160.162
+NS2 IN A 216.127.92.78
+NS1 IN A 216.7.160.75
+NS3 IN A 216.7.160.161
+$ORIGIN centralinfo.net.
+ns2 IN A 63.102.204.130
+ns1 IN A 63.102.200.2
+$ORIGIN NOC.NULLUS.net.
+NS2 IN A 63.119.253.254
+NS3 IN A 63.168.101.254
+NS1 IN A 209.136.161.254
+$ORIGIN FREE.net.
+NS1 IN A 147.45.15.34
+$ORIGIN mediaone.net.
+NS1 IN A 24.128.1.80
+NS2 IN A 24.128.1.81
+$ORIGIN MW.mediaone.net.
+NS1 IN A 24.131.1.8
+$ORIGIN JVNC.net.
+NISC IN A 128.121.50.7
+$ORIGIN NS.NYC1.GLOBIX.net.
+Z1 IN A 209.10.66.55
+$ORIGIN NS.LHR1.GLOBIX.net.
+Z1 IN A 212.111.32.38
+$ORIGIN NS.SJC1.GLOBIX.net.
+Z1 IN A 209.10.34.55
+$ORIGIN akamaitech.net.
+za IN A 204.178.107.226
+n6g IN A 216.52.121.175
+ZB IN A 128.11.47.240
+n2g IN A 216.52.56.47
+ZC IN A 216.32.65.14
+ZD IN A 38.144.120.147
+n5g IN A 216.52.56.33
+ZE IN A 216.200.14.134
+n1g IN A 216.52.56.36
+ZF IN A 204.178.110.73
+n8g IN A 216.52.56.33
+ZG IN A 209.185.188.14
+n4g IN A 216.52.56.33
+ZH IN A 213.161.66.165
+n0g IN A 216.52.56.33
+n7g IN A 216.52.196.5
+n3g IN A 216.52.56.48
+$ORIGIN THNIC.net.
+NS-AIT IN A 192.41.170.219
+NS IN A 202.28.0.1
+$ORIGIN connriver.net.
+mailer IN A 63.93.137.13
+ns2 IN A 208.240.246.5
+netserver IN A 204.249.74.100
+$ORIGIN IT.net.
+DNS2 IN A 151.1.2.1
+DNS IN A 151.1.1.1
+$ORIGIN D4P.net.
+foolusmf IN CNAME a100.g.akamai.net.
+$ORIGIN LUCKY.net.
+NS IN A 193.193.193.100
+$ORIGIN SENET.net.
+NS IN A 206.155.163.195
+$ORIGIN RIPE.net.
+NS IN A 193.0.0.193
+$ORIGIN ADELPHIA.net.
+NS2 IN A 24.48.62.35
+NS3 IN A 208.239.78.134
+NS1 IN A 24.48.43.3
+$ORIGIN cdp.ADELPHIA.net.
+mx1 IN A 24.48.58.221
+$ORIGIN buf.ADELPHIA.net.
+mx1 IN A 24.48.36.10
+$ORIGIN INTERNIC.net.
+NS2 IN A 198.41.0.11
+$ORIGIN UNDPBI.TELEPAC.net.
+SOL IN A 194.65.87.2
+$ORIGIN KRNIC.net.
+NS1 IN A 202.30.50.51
+NS IN A 202.30.50.50
+$ORIGIN UNI2.net.
+NS2 IN A 195.82.195.99
+NS IN A 129.142.7.99
+$ORIGIN GTLD-SERVERS.net.
+K IN A 213.177.194.5
+A IN A 198.41.3.38
+B IN A 203.181.106.5
+M IN A 202.153.114.101
+C IN A 205.188.185.18
+D IN A 208.206.240.5
+E IN A 207.200.81.69
+F IN A 198.17.208.67
+G IN A 198.41.3.101
+I IN A 192.36.144.133
+J IN A 210.132.100.101
+$ORIGIN dns.swip.net.
+kista IN A 192.71.220.9
+$ORIGIN RCPIP.net.
+EKEKO IN A 209.45.127.2
+$ORIGIN UNA.net.
+ENGINE1 IN A 208.136.52.74
+$ORIGIN hcr.net.
+ns IN A 208.240.246.4
+$ORIGIN NSIREGISTRY.net.
+NS2 IN A 198.41.3.108
+$ORIGIN SUBTEND.net.
+NAVI IN A 208.186.117.224
+NS1 IN A 208.186.117.71
+$ORIGIN IAD.GBLX.net.
+NAME IN A 204.152.166.155
+$ORIGIN PHX.GBLX.net.
+NAME IN A 206.165.6.10
+$ORIGIN ROC.GBLX.net.
+NAME IN A 209.130.187.10
+$ORIGIN SHOREHAM.net.
+pop IN CNAME shoreham.net.
+$ORIGIN GREENMOUNTAINACCESS.net.
+NS2 IN A 208.144.252.31
+NS1 IN A 208.144.252.30
+$ORIGIN MINDSPRING.net.
+SCRATCHY IN A 207.69.200.211
+ITCHY IN A 207.69.200.210
+$ORIGIN RIPN.net.
+NS2 IN A 195.209.0.6
+NS IN A 194.85.119.1
+$ORIGIN CWCI.net.
+NS0 IN A 194.6.79.162
+$ORIGIN GBMTECH.net.
+NS2 IN A 208.243.164.3
+NS1 IN A 208.243.164.2
+$ORIGIN vrx.net.
+pedic-med IN A 199.166.24.2
+ns2 IN A 65.196.80.102
+ns3 IN A 199.166.24.3
+ns1 IN A 199.166.24.1
+ IN A 216.13.76.2
+$ORIGIN globalnetisp.net.
+NS2 IN A 207.136.213.2
+NS1 IN A 207.136.213.1
+$ORIGIN MYNET.net.
+FAITH IN A 207.13.11.2
+$ORIGIN ADNS.net.
+NS2 IN A 199.5.157.3
+KOVU IN A 199.5.157.52
+NS1 IN A 199.5.157.2
+$ORIGIN DIEBOLD.net.
+NS1 IN A 65.196.80.10
+$ORIGIN JPS.net.
+NS2 IN A 216.224.156.252
+NS1 IN A 216.119.0.192
+$ORIGIN NETNAMES.net.
+NS2 IN A 212.53.77.28
+NS1 IN A 212.53.64.60
+$ORIGIN RIO.net.
+ORSTOM IN A 192.33.151.1
+$ORIGIN com.
+sherickpm IN MX 10 inbound.sherickpm.com.criticalpath.net.
+ultradevices IN A 209.249.61.20
+verisign IN A 205.139.94.60
+vermontel IN A 204.164.106.2
+ IN MX 0 pop.vermontel.net.
+TOPICA IN A 206.132.75.196
+unknown IN A 168.143.148.168
+vietmercury IN A 207.1.134.34
+moonmothers IN A 24.218.253.157
+ IN MX 10 costorf.ne.mediaone.net.
+vhv IN MX 0 mail.vhv.com.
+BURSTNET IN MX 15 mail.ar.com.
+ IN MX 5 ibd.ar.com.
+velco IN A 207.217.96.41
+ IN A 207.217.96.42
+ IN A 207.217.96.43
+ IN A 207.217.96.44
+ IN A 207.217.96.45
+ IN A 207.217.96.28
+ IN A 207.217.96.29
+ IN A 207.217.96.30
+ IN A 207.217.96.31
+ IN A 207.217.96.32
+ IN A 207.217.96.33
+ IN A 207.217.96.34
+ IN A 207.217.96.35
+ IN A 207.217.96.36
+ IN A 207.217.96.37
+ IN A 207.217.96.38
+ IN A 207.217.96.39
+ IN A 207.217.96.40
+ IN MX 10 mail.velco.com.
+ffic IN A 64.84.58.128
+ IN MX 5 mail.mailconnect.com.
+overstock IN A 64.78.130.251
+madriver IN MX 10 bend.madriver.com.
+catic1 IN MX 10 Mail.catic1.com.
+ IN MX 20 smtp-Relay.CTCCom.net.
+goldstats IN A 66.33.12.17
+nominum IN A 204.152.184.170
+hill IN A 208.162.106.6
+ IN MX 20 mail.hill.com.
+garmontusa IN MX 20 mail.garmontusa.com.
+bt IN A 62.7.244.127
+xraylitho IN MX 10 mail.sover.net.
+ IN MX 20 mqueue.sover.net.
+glaxowellcome IN MX 10 firewall1.glaxowellcome.com.
+ IN MX 10 firewall3.glaxowellcome.com.
+nova-data IN A 64.70.144.14
+ IN MX 10 mail.nova-data.com.
+AVENUEA IN MX 100 mail2.louisdreyfus.co.uk.
+ IN MX 10 ldfwsvr2.l-dreyfus.com.
+ IN MX 50 ldfwsvr02-hme1.l-dreyfus.com.
+ IN MX 75 mail.louisdreyfus.co.uk.
+best IN MX 10 mail1.best.com.
+ IN MX 10 mail2.best.com.
+ IN MX 20 mail3.best.com.
+ IN MX 20 mail4.best.com.
+biketrack IN MX 20 mqueue.sover.net.
+ IN MX 10 mail.sover.net.
+ilovedomain IN A 211.175.164.170
+symquest IN A 64.69.102.131
+ IN MX 10 Quest-7.symquest.com.
+QUEST-NET IN A 207.140.30.11
+ IN MX 5 mail.quest-net.com.
+cacheware IN A 209.128.82.20
+Algebra IN A 208.233.99.160
+gmcr IN A 12.34.108.130
+ IN MX 10 gateway1.gmcr.com.
+YAHOO IN A 216.115.108.243
+ IN A 216.115.108.245
+ogud IN MX 90 smtp.elistx.com.
+ IN MX 10 mail.dc.ogud.com.
+costorf IN A 24.218.253.157
+ IN MX 10 costorf.ne.mediaone.net.
+highmeadow IN A 207.136.209.6
+ IN MX 10 hm6.vt.highmeadow.com.
+ IN MX 20 mqueue.sover.net.
+broadsoft IN A 208.39.36.48
+cmates IN MX 10 popmail.u-net.com.
+mt-mansfield IN A 208.153.85.16
+ IN MX 10 mail.pshift.net.
+ IN MX 30 pomail.pshift.com.
+skiinsurance IN MX 10 mail.skiinsurance.com.
+ IN MX 20 etrn.sover.net.
+map IN A 206.98.40.150
+idx IN MX 30 isdev.idx.com.
+ IN MX 50 drawbridge.idx.com.
+ IN MX 10 idx.idx.com.
+ IN MX 20 bvtsweeper.idx.com.
+msgbox IN A 216.71.82.42
+sleepycat IN A 192.41.61.122
+cisco IN A 198.133.219.25
+ IN MX 10 proxy2.cisco.com.
+ IN MX 10 proxy3.cisco.com.
+ IN MX 20 proxy6.cisco.com.
+ IN MX 20 proxy9.cisco.com.
+ IN MX 10 proxy1.cisco.com.
+TOAPLAN IN A 216.42.31.169
+hometownbands IN A 209.67.235.38
+smuggs IN MX 10 mail.smuggs.com.
+clothncanvas IN A 208.153.85.16
+ IN MX 10 mail.pshift.net.
+ IN MX 30 mail.pshift.com.
+quantified IN A 63.212.171.4
+arabia IN A 216.251.232.40
+bostic IN A 199.103.241.218
+verisign-grs IN A 198.41.3.55
+gdarm IN MX 10 bvt-ext.gdarm.com.
+retro IN A 205.179.181.194
+ IN MX 10 gw.retro.com.
+ IN MX 20 www.retro.com.
+ IN MX 50 mail.scruznet.com.
+vssg IN A 216.157.26.252
+jerusalem-mail IN A 216.251.232.93
+ IN MX 10 mail.jerusalem-mail.com.
+tfm IN MX 50 mtbaker.tfm.com.
+ IN MX 20 mailhost.tfm.com.
+fratfunz IN A 216.226.16.150
+elektro IN A 192.188.133.3
+WonderWorks IN A 192.203.206.65
+ IN MX 50 mail.wonderworks.com.
+fiberia IN MX 10 webmail.fiberia.com.
+tifosi IN MX 10 gutenberg.bucksnet.com.
+ivillage IN A 209.185.162.150
+pwshift IN A 208.153.85.36
+goputney IN MX 10 mail.sover.net.
+ IN MX 20 mqueue.sover.net.
+$ORIGIN IPNS.com.
+NS2 IN A 63.230.183.1
+NS IN A 208.187.190.2
+$ORIGIN appliedtheory.com.
+NS2 IN A 168.75.17.11
+NS1 IN A 204.168.28.9
+ns3 IN A 207.127.101.8
+$ORIGIN COMPUWARE.com.
+nl IN MX 150 uucp.nl.net.
+ IN MX 50 bitbucket.extern.uniface.nl.
+ IN MX 100 smtp.nl.net.
+$ORIGIN YOUR-DOMAIN.com.
+NS2 IN A 216.167.31.177
+NS1 IN A 216.167.31.176
+$ORIGIN nortelnetworks.com.
+NS-RCH IN A 192.135.215.2
+NS-OTT IN A 192.58.194.71
+ns-har IN A 192.100.101.3
+$ORIGIN SJMERCURY.com.
+BAYONET IN A 207.1.134.34
+$ORIGIN excite.com.
+NSE00 IN A 198.3.102.250
+NS00 IN A 198.3.98.250
+NSE01 IN A 198.3.102.251
+NS01 IN A 198.3.98.251
+$ORIGIN PLANET-THREE.com.
+NS0 IN A 212.49.219.164
+$ORIGIN TOKYO.JP.NETDNS.com.
+NS1 IN A 64.56.164.118
+$ORIGIN LONDON.UK.NETDNS.com.
+NS1 IN A 212.62.6.38
+$ORIGIN SANFRANCISCO.US.NETDNS.com.
+NS1 IN A 207.82.50.166
+$ORIGIN NEWYORK.US.NETDNS.com.
+NS1 IN A 216.32.212.86
+$ORIGIN SEATTLE.US.NETDNS.com.
+NS1 IN A 206.253.214.13
+$ORIGIN ARICATRA.com.
+NS IN A 206.64.112.114
+$ORIGIN REGME.com.
+NS1 IN A 207.153.57.14
+$ORIGIN ELISTX.com.
+smtp IN A 209.116.252.130
+NS IN A 209.116.252.130
+$ORIGIN SIGMAHOSTING.com.
+NS1 IN A 209.241.86.6
+$ORIGIN champcable.com.
+CCC IN A 207.41.53.11
+$ORIGIN IAFRICA.com.
+NS1 IN A 196.7.0.139
+NS3 IN A 196.7.0.137
+$ORIGIN dot-god.com.
+A-GTLD-SERVERS IN A 205.189.73.123
+B-GTLD-SERVERS IN A 205.189.71.10
+$ORIGIN CONRADPROMOTIONS.com.
+NS2 IN A 208.24.118.203
+NS1 IN A 208.158.96.118
+$ORIGIN onemain.com.
+ns4 IN A 63.208.210.11
+NS2 IN A 166.90.148.68
+NS1 IN A 166.90.148.67
+ns3 IN A 63.208.210.10
+$ORIGIN SIMORGH.com.
+NS1 IN A 209.1.163.10
+$ORIGIN Christ.com.
+Yeshua IN A 207.54.4.5
+Abba IN A 63.229.15.59
+$ORIGIN TRAVELPHOTOCONTESTS.com.
+www IN A 64.85.86.156
+$ORIGIN WEB2010.com.
+NS4 IN A 216.157.55.6
+NS2 IN A 216.157.79.246
+NS3 IN A 216.157.47.6
+NS IN A 209.235.31.149
+$ORIGIN 2DAY.com.
+NS2 IN A 202.89.128.74
+NS1 IN A 202.37.240.13
+NS3 IN A 209.240.128.25
+$ORIGIN NETSCAPE.com.
+tdns-me1 IN A 205.188.247.67
+tdns-me2 IN A 205.188.247.68
+tdns2 IN A 207.200.77.53
+tdns3 IN A 207.200.73.72
+NS IN A 198.95.251.10
+NS2 IN A 207.200.73.80
+$ORIGIN WWEBSVS.com.
+PAPPILLOMA IN A 209.233.37.10
+$ORIGIN vermontel.com.
+ns1 IN A 204.164.106.2
+$ORIGIN LA.TIS.com.
+RELAY IN A 198.51.22.11
+$ORIGIN MSEN.com.
+DNS IN A 148.59.19.11
+$ORIGIN bungi.com.
+DAVER IN A 206.14.228.2
+ IN A 207.126.97.2
+max IN A 206.14.228.7
+ IN A 207.126.97.7
+$ORIGIN SPEEDHOST.com.
+NS2 IN A 216.42.31.169
+NS3 IN A 216.42.31.130
+$ORIGIN GPG.com.
+NS2 IN A 209.1.163.50
+NS1 IN A 209.1.163.30
+$ORIGIN NL.CONCENTRIC.com.
+NS1 IN A 195.18.114.5
+$ORIGIN SJC.LYCOS.com.
+SJC-NS2 IN A 206.79.171.40
+SJC-NS1 IN A 206.79.171.39
+$ORIGIN BOS.LYCOS.com.
+BOS-NS2 IN A 209.67.228.40
+BOS-NS1 IN A 209.67.228.39
+$ORIGIN TOPICA.com.
+NS3 IN A 206.111.131.72
+ns-ext IN A 206.132.75.195
+inmta011 IN A 206.132.75.197
+inmta009 IN A 206.132.75.226
+dns IN A 206.111.131.72
+outmta004 IN A 206.132.75.201
+inmta001 IN A 206.132.75.197
+ IN A 206.111.131.79
+inmta003 IN A 206.132.75.213
+outmta010 IN A 206.132.75.222
+inmta005 IN A 206.132.75.217
+NS1 IN A 206.132.75.195
+NS2 IN A 208.184.76.200
+$ORIGIN DOLEH.com.
+NS IN A 204.255.25.63
+$ORIGIN BSDI.com.
+NS IN A 207.174.116.8
+$ORIGIN NYTIMES.com.
+GATEKEEPER IN A 199.181.175.201
+$ORIGIN GDGSC.com.
+NS0 IN A 192.160.62.66
+NS2 IN A 204.162.124.66
+$ORIGIN EDIGITALS.com.
+NS2 IN A 211.39.139.36
+NS3 IN A 211.175.164.170
+NS1 IN A 211.39.139.35
+$ORIGIN INTERNETSQUARE.com.
+NS2 IN A 205.227.232.9
+NS1 IN A 216.226.16.146
+$ORIGIN MAIL.com.
+NS2 IN A 165.251.1.3
+GTLD IN A 165.251.1.239
+NS1 IN A 165.251.1.2
+$ORIGIN moonmothers.com.
+localhost IN A 127.0.0.1
+www IN CNAME moonmothers.com.
+$ORIGIN vhv.com.
+mail IN A 208.5.161.11
+$ORIGIN BOCA15-VERIO.com.
+NS15B IN A 208.55.91.51
+NS15A IN A 208.55.91.50
+$ORIGIN ar.com.
+ns2 IN A 64.124.80.42
+ibd IN A 63.194.205.75
+mail IN A 63.194.205.74
+NS1 IN A 63.194.205.74
+$ORIGIN BLIPP.com.
+VIC20 IN A 195.163.165.35
+$ORIGIN CONCOURSE.com.
+NS IN A 199.218.113.2
+$ORIGIN velco.com.
+mail IN A 198.136.217.106
+$ORIGIN FLONETWORK.com.
+UUNS1DNS1 IN A 209.167.79.5
+UUNS1DNS2 IN A 209.167.79.6
+$ORIGIN overstock.com.
+NS1 IN A 207.225.194.13
+$ORIGIN NEWACCOUNT.com.
+NS4 IN A 209.78.16.6
+NS2 IN A 209.78.16.5
+NS3 IN A 216.121.32.205
+NS IN A 216.121.32.10
+$ORIGIN tridog.com.
+NS2 IN A 206.168.112.51
+TRIDOG1 IN A 206.168.112.71
+$ORIGIN madriver.com.
+bend IN A 207.136.232.15
+FUSION IN A 207.136.232.11
+PRIMUS IN A 207.136.232.12
+$ORIGIN catic1.com.
+Mail IN A 207.190.204.103
+$ORIGIN IBD.com.
+NIC IN A 209.249.61.18
+$ORIGIN IOM.com.
+PEBBLES IN A 194.72.124.1
+$ORIGIN nominum.com.
+shell IN A 204.152.187.59
+GNS2 IN A 198.133.199.2
+gns1 IN A 198.133.199.1
+$ORIGIN ATLONLINE.com.
+ATLNET IN A 207.153.72.193
+ATLWEB1 IN A 207.153.72.194
+$ORIGIN hill.com.
+SYRUP IN A 208.162.106.3
+$ORIGIN garmontusa.com.
+mail IN A 64.30.8.178
+$ORIGIN VIX.com.
+NS-EXT IN A 204.152.184.64
+ns-int IN A 204.152.184.65
+$ORIGIN rc.VIX.com.
+db IN A 204.152.187.21
+$ORIGIN SOVAM.com.
+NS IN A 194.67.2.97
+$ORIGIN IOS.com.
+NOC IN A 198.4.75.69
+$ORIGIN BOSTON.juno.com.
+NS IN A 64.136.25.53
+$ORIGIN JERSEY.juno.com.
+NS IN A 64.136.17.178
+$ORIGIN NYC.juno.com.
+NS IN A 205.231.108.1
+$ORIGIN MEITCA.com.
+NS1 IN A 137.203.5.1
+$ORIGIN glaxowellcome.com.
+firewall3 IN A 192.58.204.207
+firewall1 IN A 192.58.204.204
+NS IN A 192.58.204.113
+$ORIGIN EPILOGUE.com.
+QUERN IN A 128.224.1.136
+$ORIGIN CLASSIFIEDMONSTER.com.
+NS1 IN A 216.254.54.22
+$ORIGIN nova-data.com.
+mail IN A 12.16.110.35
+$ORIGIN corning.com.
+GATEKEEPER IN A 149.42.1.2
+$ORIGIN a1.YIMG.com.
+us IN CNAME a32.g.a.yimg.com.
+$ORIGIN i1.YIMG.com.
+us IN CNAME a1.g.a.yimg.com.
+$ORIGIN nc.us.IBM.com.
+e24 IN A 32.97.136.230
+e22 IN A 32.97.136.228
+e23 IN A 32.97.136.229
+e21 IN A 32.97.136.227
+$ORIGIN co.us.IBM.com.
+e34 IN A 32.97.110.132
+e32 IN A 32.97.110.130
+e33 IN A 32.97.110.131
+e31 IN A 32.97.110.129
+$ORIGIN ny.us.IBM.com.
+e4 IN A 32.97.182.104
+e2 IN A 32.97.182.102
+e3 IN A 32.97.182.103
+e1 IN A 32.97.182.101
+$ORIGIN AUSTIN.IBM.com.
+NS IN A 192.35.232.34
+$ORIGIN ZURICH.IBM.com.
+INTERNET-SERVER IN A 195.212.119.252
+$ORIGIN ALMADEN.IBM.com.
+NS IN A 198.4.83.35
+$ORIGIN ERS.IBM.com.
+NS IN A 204.146.173.35
+$ORIGIN WATSON.IBM.com.
+NS IN A 198.81.209.2
+$ORIGIN DCCSERVER.com.
+GODFEVER IN A 208.137.22.6
+$ORIGIN SUN.com.
+saturn IN A 192.9.25.2
+venus IN A 192.9.25.5
+east IN MX 40 mars.sun.com.
+ IN MX 40 mondzo.sun.com.
+ IN MX 5 venus.sun.com.
+ IN MX 5 lukla.sun.com.
+ IN MX 5 saturn.sun.com.
+ IN MX 5 patan.sun.com.
+ IN MX 15 mercury.sun.com.
+mondzo IN A 192.18.100.1
+lukla IN A 192.18.98.31
+NS-BRM IN A 192.18.99.5
+ns-os IN A 192.9.9.6
+patan IN A 192.18.98.43
+mars IN A 192.9.22.1
+mercury IN A 192.9.25.1
+NS IN A 192.9.9.3
+$ORIGIN pr.SUN.com.
+ns1 IN A 192.18.16.2
+$ORIGIN eu.SUN.com.
+ns1 IN A 192.18.240.8
+$ORIGIN USEC.SUN.com.
+NS IN A 192.9.48.3
+$ORIGIN PSHIFT.com.
+ns2 IN A 208.153.85.21
+NS1 IN A 208.153.85.20
+$ORIGIN mobydark.com.
+ns1 IN A 216.13.76.21
+$ORIGIN compuserve.com.
+DUB-NAME-SVC-1 IN A 149.174.213.5
+ARL-NAME-SVC-1 IN A 149.174.211.5
+$ORIGIN NS.cs.com.
+DNS-02 IN A 205.188.157.235
+DNS-01 IN A 152.163.159.235
+$ORIGIN pcode.com.
+ns1 IN A 216.15.192.135
+$ORIGIN AVENUEA.com.
+EX2-DNS0 IN A 216.34.88.20
+SEA2DNS IN A 63.251.8.150
+$ORIGIN PHOTOTRUST.com.
+Filer IN A 64.85.86.172
+NS02 IN A 64.85.86.142
+www IN A 64.85.86.151
+NS01 IN A 64.85.86.141
+$ORIGIN GOOGLE.com.
+HEDNS1 IN A 64.209.200.10
+helbdns IN A 64.209.200.252
+valbdns IN A 216.239.37.252
+exlbdns IN A 64.208.34.252
+sulbdns IN A 64.208.32.252
+NS IN A 209.185.108.134
+sjlbdns IN A 216.239.35.252
+NS2 IN A 209.185.108.135
+$ORIGIN ns0.com.
+NS00 IN A 216.92.60.60
+ns0 IN A 209.197.64.1
+$ORIGIN best.com.
+NS3 IN A 209.24.149.42
+mail2 IN A 206.184.139.12
+ IN A 206.184.139.13
+ IN A 206.184.139.16
+ IN A 206.184.139.18
+mail3 IN A 206.184.139.12
+ IN A 206.184.139.13
+ IN A 206.184.139.16
+ IN A 206.184.139.18
+mail4 IN A 206.184.139.12
+ IN A 206.184.139.13
+ IN A 206.184.139.16
+ IN A 206.184.139.18
+NS1 IN A 209.24.149.41
+mail1 IN A 206.184.139.12
+ IN A 206.184.139.13
+ IN A 206.184.139.16
+ IN A 206.184.139.18
+NS2 IN A 209.157.102.11
+$ORIGIN WESTOL.com.
+NS IN A 63.93.137.4
+$ORIGIN ilovedomain.com.
+ns IN A 211.175.164.170
+$ORIGIN symquest.com.
+Quest-7 IN A 64.69.102.131
+$ORIGIN QUEST-NET.com.
+mail IN A 207.140.30.11
+NS2 IN A 207.140.30.13
+NS1 IN A 207.140.30.11
+$ORIGIN cavebear.com.
+p2 IN A 199.184.128.35
+npax IN A 192.203.17.71
+$ORIGIN cacheware.com.
+ns1 IN A 64.221.210.242
+$ORIGIN Algebra.com.
+ns3 IN A 216.254.54.22
+ns1 IN A 160.79.196.177
+NS5 IN A 208.233.99.161
+$ORIGIN gmcr.com.
+gateway1 IN A 12.34.108.130
+$ORIGIN YAHOO.com.
+NS1 IN A 204.71.200.33
+$ORIGIN EUROPE.YAHOO.com.
+NS3 IN A 217.12.4.71
+$ORIGIN DCX.YAHOO.com.
+NS5 IN A 216.32.74.10
+$ORIGIN GRANITECANYON.com.
+NS2 IN A 204.1.217.148
+NS1 IN A 205.166.226.38
+$ORIGIN costorf.com.
+localhost IN A 127.0.0.1
+www IN CNAME costorf.com.
+$ORIGIN PSG.com.
+RAIN IN A 147.28.0.34
+RIP IN A 147.28.0.39
+$ORIGIN vt.highmeadow.com.
+hm6 IN A 207.136.209.6
+$ORIGIN btinternet.com.
+DNS2 IN A 194.73.73.94
+DNS1 IN A 194.73.73.95
+$ORIGIN INTERNET-TOOLS.com.
+NS2 IN A 206.109.113.140
+NS IN A 208.239.1.2
+NS3 IN A 38.153.179.2
+$ORIGIN CADABRA.com.
+NS2 IN A 209.157.194.109
+NS IN A 209.143.240.148
+$ORIGIN SLOWMOE.com.
+NS2 IN A 137.118.8.50
+NS1 IN A 137.118.8.49
+$ORIGIN ZTNET.com.
+NS2 IN A 63.211.17.252
+NS1 IN A 63.211.17.251
+$ORIGIN HOTWIRED.com.
+NS2 IN A 209.185.151.6
+NS4 IN A 209.185.151.4
+NS1 IN A 216.32.228.8
+NS3 IN A 216.32.228.9
+$ORIGIN g-world.com.
+NS1 IN A 216.26.39.10
+$ORIGIN alcatrazmedia.com.
+ns1 IN A 167.160.132.2
+$ORIGIN MESSAGESECURE.com.
+KYNSE02 IN A 216.142.252.201
+KYNSE01 IN A 216.142.252.199
+$ORIGIN HAITIWORLD.com.
+APPSRV IN A 206.152.15.34
+NS IN A 206.152.15.33
+$ORIGIN NETSOL.com.
+NS2 IN A 198.17.208.71
+RS0 IN A 216.168.224.206
+NS3 IN A 216.168.224.201
+NS1 IN A 216.168.224.200
+$ORIGIN cmates.com.
+NS-AUTH2 IN A 208.23.213.3
+ns-auth1 IN A 208.23.213.2
+$ORIGIN skiinsurance.com.
+mail IN A 207.136.205.152
+$ORIGIN GH.com.
+AUSTIN IN A 196.3.64.1
+$ORIGIN DIGISERVE.com.
+NS2 IN A 204.91.84.216
+NS1 IN A 151.196.69.5
+$ORIGIN map.com.
+sgi1 IN A 204.71.19.20
+WORMHOLE IN A 204.71.19.10
+$ORIGIN SNS-UT.DEBIS.com.
+NS2 IN A 53.122.2.10
+$ORIGIN SNS-FELB.DEBIS.com.
+NS1 IN A 53.122.1.10
+$ORIGIN idx.com.
+seaipsvcs IN A 172.22.64.42
+BOSDOC IN A 198.114.171.109
+drawbridge IN A 204.165.241.2
+IDXNMS IN A 204.165.242.7
+idx IN A 198.114.171.160
+isdev IN A 198.181.234.9
+bvtipsvcs IN A 198.114.172.50
+bosdns IN A 198.114.171.109
+bvtsweeper IN A 198.181.234.69
+$ORIGIN VERITAS.com.
+NS IN A 204.177.156.38
+$ORIGIN BFG.com.
+gateway2 IN A 166.102.214.66
+aisvt IN MX 0 gateway2.bfg.com.
+GATEWAY IN A 131.187.253.2
+$ORIGIN sleepycat.com.
+abyssinian IN A 199.103.241.218
+$ORIGIN cisco.com.
+proxy6 IN A 203.41.198.245
+proxy9 IN A 192.135.250.71
+proxy1 IN A 192.31.7.88
+proxy2 IN A 192.31.7.89
+proxy3 IN A 192.31.7.90
+ns1 IN A 128.107.241.185
+NS2 IN A 192.135.250.69
+$ORIGIN TOAPLAN.com.
+www IN A 216.42.31.169
+$ORIGIN INTUIT.com.
+DNS1 IN A 208.157.255.4
+$ORIGIN REGEX.com.
+NS1 IN A 202.152.12.227
+$ORIGIN DEC.com.
+crl IN A 192.58.206.2
+ns IN A 204.123.2.42
+$ORIGIN PA.DEC.com.
+UUCP-GW-2 IN A 16.1.0.19
+UUCP-GW-1 IN A 16.1.0.18
+ IN A 204.123.2.18
+$ORIGIN LANDLORDS.com.
+NS IN A 63.64.164.68
+$ORIGIN hometownbands.com.
+www IN A 209.67.235.38
+$ORIGIN MSFT.AKADNS.com.
+Z6 IN A 207.229.152.20
+Z2 IN A 32.96.80.17
+Z4 IN A 208.148.96.220
+Z7 IN A 213.161.66.158
+Z3 IN A 63.215.198.67
+Z1 IN A 216.32.118.104
+$ORIGIN smuggs.com.
+mail IN A 209.67.230.71
+$ORIGIN OUTREMER.com.
+MANTA IN A 213.16.1.106
+$ORIGIN hns.com.
+HNS3 IN A 208.236.67.3
+$ORIGIN TRIVALLEY.com.
+NS3 IN A 206.25.132.30
+$ORIGIN AI-R.com.
+NS2 IN A 66.33.4.51
+NS1 IN A 66.33.0.143
+$ORIGIN ALCATEL.com.
+NS IN A 192.160.6.91
+PRIMARY IN A 192.160.6.90
+$ORIGIN GENDYN.com.
+NET2 IN A 204.60.171.9
+NET1 IN A 204.60.171.8
+$ORIGIN ONLINEPHOTOCONTEST.com.
+www IN A 64.85.86.152
+$ORIGIN performancediver.com.
+listserv IN A 216.34.185.155
+$ORIGIN rge.com.
+gw IN A 157.225.178.11
+$ORIGIN NS.AOL.com.
+DNS-02 IN A 205.188.157.232
+DNS-01 IN A 152.163.159.232
+$ORIGIN MANY-PATHS-ENERGY-ENHANCEMENT.com.
+www IN A 66.33.4.50
+$ORIGIN IS.CHRYSLER.com.
+FXCLPR02 IN A 204.189.94.37
+FXIOD01 IN A 204.189.94.70
+$ORIGIN TO.GD-ES.com.
+NS IN A 199.107.240.66
+$ORIGIN GNAC.com.
+ns2 IN A 209.182.195.77
+NS1 IN A 209.182.195.77
+$ORIGIN AKAMAI.com.
+YA IN A 204.178.118.68
+ACCESS IN A 4.17.143.9
+YB IN A 204.212.232.16
+YC IN A 209.246.46.48
+YD IN A 209.189.112.39
+YE IN A 192.215.168.18
+YF IN A 216.32.118.14
+YG IN A 204.178.110.35
+YH IN A 128.11.61.225
+$ORIGIN QUICKEN.com.
+DNS4 IN A 198.3.99.252
+DNS2 IN A 206.154.105.67
+news IN MX 10 mail1.emailpub.com.
+ IN MX 10 mail2.emailpub.com.
+ IN MX 10 mail3.emailpub.com.
+ IN MX 10 mail4.emailpub.com.
+ IN MX 10 mail5.emailpub.com.
+ IN MX 10 mail6.emailpub.com.
+ IN A 207.211.106.100
+DNS3 IN A 198.3.96.252
+DNS1 IN A 206.154.105.66
+$ORIGIN LUXNOC.com.
+NS4 IN A 195.206.104.201
+NS2 IN A 195.206.105.102
+NS0 IN A 195.206.105.1
+NS5 IN A 195.206.104.211
+NS3 IN A 195.206.104.1
+NS1 IN A 195.206.105.101
+$ORIGIN MAGIC-MOMENTS.com.
+NS1 IN A 195.224.53.80
+$ORIGIN ABAC.com.
+NS2 IN A 216.55.144.4
+NS1 IN A 216.55.128.4
+$ORIGIN GOTO.com.
+NS2 IN A 204.71.128.137
+NS1 IN A 206.132.152.241
+$ORIGIN WEBTRENDS.com.
+NS2 IN A 63.88.212.11
+NS1 IN A 63.88.212.10
+$ORIGIN hotmail.com.
+NS3 IN A 209.185.130.68
+NS1 IN A 216.200.206.140
+$ORIGIN MERCHANTWARE.com.
+NS2 IN A 209.170.142.35
+$ORIGIN MERCURYCENTER.com.
+cgi IN CNAME vh80167.vh8.infi.net.
+$ORIGIN CARIBSURF.com.
+COL2 IN A 205.214.192.202
+COL1 IN A 205.214.192.201
+$ORIGIN MAIL-LIST.com.
+zip IN MX 20 sluice.mail-list.com.
+ IN MX 20 pipeline.mail-list.com.
+ IN MX 20 transport.mail-list.com.
+ IN MX 50 swifty.mail-list.com.
+ IN MX 50 velocity.mail-list.com.
+ IN MX 50 brisk.mail-list.com.
+ IN MX 5 zip.mail-list.com.
+$ORIGIN NAVPOINT.com.
+south IN A 207.106.42.12
+north IN A 207.106.42.10
+NS2 IN A 207.106.42.12
+NS IN A 207.106.42.10
+$ORIGIN verisign-grs.com.
+ns2 IN A 198.41.3.108
+ns1 IN A 198.41.3.39
+$ORIGIN gdarm.com.
+bvt-ext IN A 166.19.32.42
+$ORIGIN REDHAT.com.
+NS1 IN A 216.148.218.250
+$ORIGIN SKYNETWEB.com.
+NS2 IN A 208.231.1.35
+NS1 IN A 208.231.1.34
+$ORIGIN COIL.com.
+BRONZE IN A 198.4.94.1
+$ORIGIN ZTX.COMPAQ.com.
+NS1-PUBLIC IN A 161.114.1.204
+$ORIGIN ZMA.COMPAQ.com.
+NS1-PUBLIC IN A 161.114.64.24
+$ORIGIN FOOL.com.
+NS2 IN A 208.51.76.222
+NS1 IN A 208.241.66.222
+$ORIGIN retro.com.
+www IN A 205.179.181.195
+gw IN A 205.179.181.194
+$ORIGIN NRSITE.com.
+NS5 IN A 208.178.169.4
+NS7 IN A 206.41.20.3
+NS3 IN A 199.172.144.20
+$ORIGIN jerusalem-mail.com.
+mail IN A 216.251.232.93
+$ORIGIN PAIR.com.
+ns3 IN A 209.68.1.15
+NS1 IN A 209.68.1.11
+$ORIGIN GLOBALDNS.com.
+NS1 IN A 206.253.214.11
+$ORIGIN tfm.com.
+mailhost IN A 192.231.224.11
+mtbaker IN A 192.231.224.2
+NS2 IN A 208.236.160.42
+NS1 IN A 209.83.142.82
+NS IN A 192.231.224.1
+$ORIGIN bock.com.
+NS2 IN A 64.30.29.4
+NS1 IN A 64.30.29.3
+$ORIGIN TARSUS.com.
+MAIL IN A 208.130.9.252
+BEAR IN A 208.130.9.248
+$ORIGIN NETANET.com.
+NS0 IN A 194.6.96.218
+ IN A 195.172.127.72
+NS1 IN A 194.6.96.218
+$ORIGIN SEANET.com.
+DNS2 IN A 199.181.164.2
+DNS3 IN A 199.181.164.3
+DNS1 IN A 199.181.164.1
+$ORIGIN INTERNETSHARE.com.
+NS1 IN A 63.207.108.53
+$ORIGIN ALTAVISTA.com.
+NS2 IN A 209.73.164.7
+NS3 IN A 209.73.176.204
+NS1 IN A 209.73.164.76
+$ORIGIN NOVELL.com.
+NS IN A 137.65.1.1
+$ORIGIN SAIPAN.com.
+NS2 IN A 202.128.28.2
+NS IN A 202.128.27.2
+$ORIGIN diebold.com.
+eliot IN A 204.151.249.21
+ness IN A 208.228.181.21
+$ORIGIN WonderWorks.com.
+mail IN A 192.203.206.67
+ice IN A 192.203.206.9
+$ORIGIN SIGNALZ.com.
+NS IN A 209.67.230.71
+$ORIGIN GW.tislabs.com.
+RELAY IN A 192.94.214.100
+$ORIGIN CAIS.com.
+NS IN A 205.177.10.10
+$ORIGIN tesserae.com.
+ns2 IN A 209.157.194.3
+NS IN A 209.157.194.2
+$ORIGIN NETPOLICY.com.
+MINION IN A 207.87.121.66
+$ORIGIN wirbel.com.
+enterprise IN A 194.231.54.2
+$ORIGIN fiberia.com.
+webmail IN A 216.55.147.2
+$ORIGIN BAYAREA.com.
+www IN CNAME vh80040.vh8.infi.net.
+$ORIGIN CONNACTIVITY.com.
+bparker IN A 206.34.200.200
+NS2 IN A 206.34.200.3
+CONNACTIVITY IN A 206.34.200.2
+$ORIGIN tifosi.com.
+BK IN A 208.58.189.13
+daytona IN A 192.104.156.3
+$ORIGIN bucksnet.com.
+gutenberg IN A 207.113.15.5
+$ORIGIN ivillage.com.
+NS2 IN A 209.185.162.16
+NS1 IN A 209.185.162.15
+$ORIGIN codelocal.com.
+ns1 IN A 216.15.192.130
+$ORIGIN NETFLIGHT.com.
+DNS IN A 207.88.32.2
+$ORIGIN MERCHANTWARE.CON.
+NS1 IN A 209.170.142.34
diff --git a/bin/tests/system/cacheclean/ns1/named.conf b/bin/tests/system/cacheclean/ns1/named.conf
new file mode 100644
index 0000000..9f34148
--- /dev/null
+++ b/bin/tests/system/cacheclean/ns1/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.9 2007/06/19 23:47:01 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ check-integrity no;
+};
+
+zone "." {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/cacheclean/ns2/named.conf b/bin/tests/system/cacheclean/ns2/named.conf
new file mode 100644
index 0000000..c0d9f44
--- /dev/null
+++ b/bin/tests/system/cacheclean/ns2/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/19 23:47:01 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ notify yes;
+ max-cache-size 10000;
+ disable-empty-zone 127.IN-ADDR.ARPA;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
diff --git a/bin/tests/system/cacheclean/tests.sh b/bin/tests/system/cacheclean/tests.sh
new file mode 100644
index 0000000..7e1ba79
--- /dev/null
+++ b/bin/tests/system/cacheclean/tests.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:00 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+$DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat \
+ -f dig.batch -p 5300 @10.53.0.2 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$PERL ../digcomp.pl dig.out.ns2 knowngood.dig.out || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/checkconf/bad.conf b/bin/tests/system/checkconf/bad.conf
new file mode 100644
index 0000000..79d8832
--- /dev/null
+++ b/bin/tests/system/checkconf/bad.conf
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: bad.conf,v 1.4 2007/06/19 23:47:01 tbox Exp $ */
+
+options {
+ avoid-v4-udp-ports { 100; }
+ avoid-v6-udp-ports { 100; };
+ blackhole { 10.0.0.0/8; };
+ coresize 1G;
+ datasize 100M;
+ deallocate-on-exit yes;
+ directory ".";
+ dump-file "named_dumpdb";
+ fake-iquery yes;
+ files 1000;
+ has-old-clients no;
+ heartbeat-interval 30;
+ host-statistics yes;
+ host-statistics-max 100;
+ hostname none;
+ interface-interval 30;
+ listen-on port 90 { any; };
+ listen-on port 100 { 127.0.0.1; };
+ listen-on-v6 port 53 { none; };
+ match-mapped-addresses yes;
+ memstatistics-file "named.memstats";
+ multiple-cnames no;
+ named-xfer "this is no longer needed";
+ pid-file none;
+ port 5300;
+ querylog yes;
+ recursing-file "named.recursing";
+ random-device "/dev/random";
+ recursive-clients 3000;
+ serial-queries 10;
+ serial-query-rate 100;
+ server-id none;
+};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
new file mode 100644
index 0000000..c810b47
--- /dev/null
+++ b/bin/tests/system/checkconf/good.conf
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: good.conf,v 1.4 2007/06/19 23:47:01 tbox Exp $ */
+
+/*
+ * This is just a random selection of configuration options.
+ */
+
+options {
+ avoid-v4-udp-ports { 100; };
+ avoid-v6-udp-ports { 100; };
+ blackhole { 10.0.0.0/8; };
+ coresize 1G;
+ datasize 100M;
+ deallocate-on-exit yes;
+ directory ".";
+ dump-file "named_dumpdb";
+ fake-iquery yes;
+ files 1000;
+ has-old-clients no;
+ heartbeat-interval 30;
+ host-statistics yes;
+ host-statistics-max 100;
+ hostname none;
+ interface-interval 30;
+ listen-on port 90 { any; };
+ listen-on port 100 { 127.0.0.1; };
+ listen-on-v6 port 53 { none; };
+ match-mapped-addresses yes;
+ memstatistics-file "named.memstats";
+ multiple-cnames no;
+ named-xfer "this is no longer needed";
+ pid-file none;
+ port 5300;
+ querylog yes;
+ recursing-file "named.recursing";
+ random-device "/dev/random";
+ recursive-clients 3000;
+ serial-queries 10;
+ serial-query-rate 100;
+ server-id none;
+};
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
new file mode 100644
index 0000000..8444664
--- /dev/null
+++ b/bin/tests/system/checkconf/tests.sh
@@ -0,0 +1,37 @@
+# Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.3 2007/06/19 23:47:01 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I: checking that named-checkconf handles a known good config"
+
+ret=0
+$CHECKCONF good.conf > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: checking that named-checkconf handles a known bad config"
+
+ret=1
+$CHECKCONF bad.conf > /dev/null 2>&1 || ret=0
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/checknames/clean.sh b/bin/tests/system/checknames/clean.sh
new file mode 100644
index 0000000..f0c46de
--- /dev/null
+++ b/bin/tests/system/checknames/clean.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:43 marka Exp $
+
+rm -f dig.out.ns?.test*
+rm -f nsupdate.out.test*
+rm -f ns1/*.example.db
+rm -f ns1/*.update.db
+rm -f ns1/*.update.db.jnl
+rm -f */named.memstats
diff --git a/bin/tests/system/checknames/ns1/fail.example.db.in b/bin/tests/system/checknames/ns1/fail.example.db.in
new file mode 100644
index 0000000..09a8557
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/fail.example.db.in
@@ -0,0 +1,22 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: fail.example.db.in,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1.fail.example. hostmaster.fail.example. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.fail.example.
+ns1.fail.example. A 10.53.0.1
+xx_xx.fail.example. A 127.0.0.1
diff --git a/bin/tests/system/checknames/ns1/fail.update.db.in b/bin/tests/system/checknames/ns1/fail.update.db.in
new file mode 100644
index 0000000..515f23e
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/fail.update.db.in
@@ -0,0 +1,21 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: fail.update.db.in,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1.fail.update. hostmaster.fail.update. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.fail.update.
+ns1.fail.update. A 10.53.0.1
diff --git a/bin/tests/system/checknames/ns1/ignore.example.db.in b/bin/tests/system/checknames/ns1/ignore.example.db.in
new file mode 100644
index 0000000..5def921
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/ignore.example.db.in
@@ -0,0 +1,23 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ignore.example.db.in,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1.ignore.example. hostmaster.ignore.example. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.ignore.example.
+ns1.ignore.example. A 10.53.0.1
+yy_yy.ignore.example. A 10.53.0.1
+mx.ignore.example. MX 10 zz_zz.ignore.example.
diff --git a/bin/tests/system/checknames/ns1/ignore.update.db.in b/bin/tests/system/checknames/ns1/ignore.update.db.in
new file mode 100644
index 0000000..18826bd
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/ignore.update.db.in
@@ -0,0 +1,21 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ignore.update.db.in,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1.ignore.update. hostmaster.ignore.update. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.ignore.update.
+ns1.ignore.update. A 10.53.0.1
diff --git a/bin/tests/system/checknames/ns1/named.conf b/bin/tests/system/checknames/ns1/named.conf
new file mode 100644
index 0000000..51bf908
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/named.conf
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.9 2007/06/19 23:47:01 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ check-integrity no;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "ignore.example" {
+ type master;
+ file "ignore.example.db";
+ check-names ignore;
+};
+
+zone "warn.example" {
+ type master;
+ file "warn.example.db";
+ check-names warn;
+};
+
+zone "fail.example" {
+ type master;
+ file "fail.example.db";
+ check-names fail;
+};
+
+zone "ignore.update" {
+ type master;
+ file "ignore.update.db";
+ allow-update { any; };
+ check-names ignore;
+};
+
+zone "warn.update" {
+ type master;
+ file "warn.update.db";
+ allow-update { any; };
+ check-names warn;
+};
+
+zone "fail.update" {
+ type master;
+ file "fail.update.db";
+ allow-update { any; };
+ check-names fail;
+};
diff --git a/bin/tests/system/checknames/ns1/root.db b/bin/tests/system/checknames/ns1/root.db
new file mode 100644
index 0000000..0df0677
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/root.db
@@ -0,0 +1,35 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1. hostmaster.warn.example. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.
+ns1. A 10.53.0.1
+;
+ignore.example. NS ns1.ignore.example.
+ns1.ignore.example. A 10.53.0.1
+warn.example. NS ns1.warn.example.
+ns1.warn.example. A 10.53.0.1
+fail.example. NS ns1.fail.example.
+ns1.fail.example. A 10.53.0.1
+;
+ignore.update. NS ns1.ignore.update.
+ns1.ignore.update. A 10.53.0.1
+warn.update. NS ns1.warn.update.
+ns1.warn.update. A 10.53.0.1
+fail.update. NS ns1.fail.update.
+ns1.fail.update. A 10.53.0.1
diff --git a/bin/tests/system/checknames/ns1/warn.example.db.in b/bin/tests/system/checknames/ns1/warn.example.db.in
new file mode 100644
index 0000000..cad0524
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/warn.example.db.in
@@ -0,0 +1,22 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: warn.example.db.in,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1.warn.example. hostmaster.warn.example. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.warn.example.
+ns1.warn.example. A 10.53.0.1
+xx_xx.warn.example. A 10.53.0.1
diff --git a/bin/tests/system/checknames/ns1/warn.update.db.in b/bin/tests/system/checknames/ns1/warn.update.db.in
new file mode 100644
index 0000000..9618d42
--- /dev/null
+++ b/bin/tests/system/checknames/ns1/warn.update.db.in
@@ -0,0 +1,21 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: warn.update.db.in,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+@ SOA ns1.warn.update. hostmaster.warn.update. (
+ 1 3600 1200 604800 3600 )
+ NS ns1.warn.update.
+ns1.warn.update. A 10.53.0.1
diff --git a/bin/tests/system/checknames/ns2/named.conf b/bin/tests/system/checknames/ns2/named.conf
new file mode 100644
index 0000000..fd22e7d
--- /dev/null
+++ b/bin/tests/system/checknames/ns2/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.7 2007/06/18 23:47:27 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ check-names response warn;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "root.hints";
+};
diff --git a/bin/tests/system/checknames/ns2/root.hints b/bin/tests/system/checknames/ns2/root.hints
new file mode 100644
index 0000000..712002b
--- /dev/null
+++ b/bin/tests/system/checknames/ns2/root.hints
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.hints,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+. NS ns1.
+ns1. A 10.53.0.1
diff --git a/bin/tests/system/checknames/ns3/named.conf b/bin/tests/system/checknames/ns3/named.conf
new file mode 100644
index 0000000..2702b5c
--- /dev/null
+++ b/bin/tests/system/checknames/ns3/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.7 2007/06/18 23:47:27 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ check-names response fail;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "root.hints";
+};
diff --git a/bin/tests/system/checknames/ns3/root.hints b/bin/tests/system/checknames/ns3/root.hints
new file mode 100644
index 0000000..712002b
--- /dev/null
+++ b/bin/tests/system/checknames/ns3/root.hints
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.hints,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 300
+. NS ns1.
+ns1. A 10.53.0.1
diff --git a/bin/tests/system/checknames/setup.sh b/bin/tests/system/checknames/setup.sh
new file mode 100644
index 0000000..0027ed3
--- /dev/null
+++ b/bin/tests/system/checknames/setup.sh
@@ -0,0 +1,23 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+cp ns1/ignore.example.db.in ns1/ignore.example.db
+cp ns1/warn.example.db.in ns1/warn.example.db
+cp ns1/fail.example.db.in ns1/fail.example.db
+
+cp ns1/ignore.update.db.in ns1/ignore.update.db
+cp ns1/warn.update.db.in ns1/warn.update.db
+cp ns1/fail.update.db.in ns1/fail.update.db
diff --git a/bin/tests/system/checknames/tests.sh b/bin/tests/system/checknames/tests.sh
new file mode 100644
index 0000000..dffacd2
--- /dev/null
+++ b/bin/tests/system/checknames/tests.sh
@@ -0,0 +1,134 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=1
+
+DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300"
+
+# Entry should exist.
+echo "I: check for failure from on zone load for 'check-names fail;' ($n)"
+ret=0
+$DIG $DIGOPTS fail.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
+grep SERVFAIL dig.out.ns1.test$n > /dev/null || ret=1
+grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+# Entry should exist.
+echo "I: check for warnings from on zone load for 'check-names warn;' ($n)"
+ret=0
+grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+# Entry should not exist.
+echo "I: check for warnings from on zone load for 'check-names ignore;' ($n)"
+ret=1
+grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+# Entry should exist
+echo "I: check that 'check-names response warn;' works ($n)"
+ret=0
+$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
+grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+# Entry should exist
+echo "I: check that 'check-names response (owner) fails;' works ($n)"
+ret=0
+$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
+grep REFUSED dig.out.ns3.test$n > /dev/null || ret=1
+grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+# Entry should exist
+echo "I: check that 'check-names response (rdata) fails;' works ($n)"
+ret=0
+$DIG $DIGOPTS mx.ignore.example. @10.53.0.1 MX > dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS mx.ignore.example. @10.53.0.3 MX > dig.out.ns3.test$n || ret=1
+grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
+grep SERVFAIL dig.out.ns3.test$n > /dev/null || ret=1
+grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+echo "I: check that updates to 'check-names fail;' are rejected ($n)"
+ret=0
+not=1
+$NSUPDATE -d <<END> nsupdate.out.test$n 2>&1 || not=0
+server 10.53.0.1 5300
+update add xxx_xxx.fail.update. 600 A 10.10.10.1
+send
+END
+if [ $not != 0 ]; then ret=1; fi
+$DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
+grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
+grep NXDOMAIN dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+echo "I: check that updates to 'check-names warn;' succeed and are logged ($n)"
+ret=0
+$NSUPDATE -d <<END> nsupdate.out.test$n 2>&1|| ret=1
+server 10.53.0.1 5300
+update add xxx_xxx.warn.update. 600 A 10.10.10.1
+send
+END
+$DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
+grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
+grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+echo "I: check that updates to 'check-names ignore;' succeed and are not logged ($n)"
+ret=0
+not=1
+$NSUPDATE -d <<END> nsupdate.out.test$n 2>&1 || ret=1
+server 10.53.0.1 5300
+update add xxx_xxx.ignore.update. 600 A 10.10.10.1
+send
+END
+grep "xxx_xxx.ignore.update/A.*(check-names)" ns1/named.run > /dev/null || not=0
+if [ $not != 0 ]; then ret=1; fi
+$DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
+grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
+exit $status
diff --git a/bin/tests/system/cleanall.sh b/bin/tests/system/cleanall.sh
new file mode 100644
index 0000000..9b6aa6f
--- /dev/null
+++ b/bin/tests/system/cleanall.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: cleanall.sh,v 1.11 2007/06/19 23:47:00 tbox Exp $
+
+#
+# Clean up after system tests.
+#
+
+SYSTEMTESTTOP=.
+. $SYSTEMTESTTOP/conf.sh
+
+
+find . -type f \( \
+ -name 'K*' -o -name '*~' -o -name '*.core' -o -name '*.log' \
+ -o -name '*.pid' -o -name '*.keyset' -o -name named.run \
+ -o -name lwresd.run -o -name ans.run \) -print | xargs rm -f
+
+status=0
+
+for d in $SUBDIRS
+do
+ test ! -f $d/clean.sh || ( cd $d && sh clean.sh )
+done
diff --git a/bin/tests/system/common/controls.conf b/bin/tests/system/common/controls.conf
new file mode 100644
index 0000000..b5d619e
--- /dev/null
+++ b/bin/tests/system/common/controls.conf
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: controls.conf,v 1.6 2007/06/19 23:47:01 tbox Exp $ */
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
diff --git a/bin/tests/system/common/rndc.conf b/bin/tests/system/common/rndc.conf
new file mode 100644
index 0000000..3704ae7
--- /dev/null
+++ b/bin/tests/system/common/rndc.conf
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.conf,v 1.5 2007/06/19 23:47:01 tbox Exp $ */
+
+options {
+ default-key "rndc_key";
+};
+
+key rndc_key {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
diff --git a/bin/tests/system/common/root.hint b/bin/tests/system/common/root.hint
new file mode 100644
index 0000000..84a8c6b
--- /dev/null
+++ b/bin/tests/system/common/root.hint
@@ -0,0 +1,20 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.hint,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 999999
+. IN NS a.root-servers.nil.
+a.root-servers.nil. IN A 10.53.0.1
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
new file mode 100644
index 0000000..23b31f1
--- /dev/null
+++ b/bin/tests/system/conf.sh.in
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: conf.sh.in,v 1.39 2008/01/10 23:47:01 tbox Exp $
+
+#
+# Common configuration data for system tests, to be sourced into
+# other shell scripts.
+#
+
+# Find the top of the BIND9 tree.
+TOP=${SYSTEMTESTTOP:=.}/../../..
+
+# Make it absolute so that it continues to work after we cd.
+TOP=`cd $TOP && pwd`
+
+NAMED=$TOP/bin/named/named
+# We must use "named -l" instead of "lwresd" because argv[0] is lost
+# if the program is libtoolized.
+LWRESD="$TOP/bin/named/named -l"
+DIG=$TOP/bin/dig/dig
+RNDC=$TOP/bin/rndc/rndc
+NSUPDATE=$TOP/bin/nsupdate/nsupdate
+KEYGEN=$TOP/bin/dnssec/dnssec-keygen
+SIGNER=$TOP/bin/dnssec/dnssec-signzone
+CHECKZONE=$TOP/bin/check/named-checkzone
+CHECKCONF=$TOP/bin/check/named-checkconf
+
+# The "stress" test is not run by default since it creates enough
+# load on the machine to make it unusable to other users.
+# v6synth
+SUBDIRS="acl cacheclean checkconf checknames dnssec forward glue ixfr limits
+ lwresd masterfile masterformat notify nsupdate resolver rrsetorder
+ sortlist stub tkey unknown upforwd views xfer xferquota zonechecks"
+
+# PERL will be an empty string if no perl interpreter was found.
+PERL=@PERL@
+
+export NAMED LWRESD DIG NSUPDATE KEYGEN SIGNER KEYSIGNER KEYSETTOOL PERL \
+ SUBDIRS RNDC CHECKZONE
diff --git a/bin/tests/system/dialup/ns1/example.db b/bin/tests/system/dialup/ns1/example.db
new file mode 100644
index 0000000..262ed5e
--- /dev/null
+++ b/bin/tests/system/dialup/ns1/example.db
@@ -0,0 +1,25 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.6 2007/06/19 23:47:01 tbox Exp $
+
+@ 3600 SOA hostmaster.ns1 ns1 (
+ 1 3600 1200 3600000 1200 )
+ NS ns1.example.
+ NS ns2.example.
+ NS ns3.example.
+ns1 A 10.53.0.1
+ns2 A 10.53.0.2
+ns3 A 10.53.0.3
diff --git a/bin/tests/system/dialup/ns1/named.conf b/bin/tests/system/dialup/ns1/named.conf
new file mode 100644
index 0000000..7d75fc4
--- /dev/null
+++ b/bin/tests/system/dialup/ns1/named.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/19 23:47:01 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ heartbeat-interval 2;
+ recursion no;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "example." {
+ type master;
+ notify explicit;
+ also-notify { 10.53.0.2; };
+ dialup yes;
+ file "example.db";
+};
diff --git a/bin/tests/system/dialup/ns1/root.db b/bin/tests/system/dialup/ns1/root.db
new file mode 100644
index 0000000..eadca60
--- /dev/null
+++ b/bin/tests/system/dialup/ns1/root.db
@@ -0,0 +1,26 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.6 2007/06/19 23:47:01 tbox Exp $
+
+@ 3600 SOA hostmaster.ns1.example ns1.example (
+ 1 3600 1200 3600000 1200 )
+ NS ns1.example
+example NS ns1.example
+ NS ns2.example
+ NS ns3.example
+ns1.example A 10.53.0.1
+ns2.example A 10.53.0.2
+ns3.example A 10.53.0.3
diff --git a/bin/tests/system/dialup/ns2/hint.db b/bin/tests/system/dialup/ns2/hint.db
new file mode 100644
index 0000000..2efbcfa
--- /dev/null
+++ b/bin/tests/system/dialup/ns2/hint.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hint.db,v 1.6 2007/06/19 23:47:01 tbox Exp $
+
+. 1200 NS ns1.example
+ns1.example A 10.53.0.1
diff --git a/bin/tests/system/dialup/ns2/named.conf b/bin/tests/system/dialup/ns2/named.conf
new file mode 100644
index 0000000..c0b1549
--- /dev/null
+++ b/bin/tests/system/dialup/ns2/named.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/19 23:47:02 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ heartbeat-interval 2;
+ recursion no;
+};
+
+zone "." {
+ type hint;
+ file "hint.db";
+};
+
+zone "example." {
+ type slave;
+ dialup passive;
+ notify no;
+ file "example.bk";
+ masters { 10.53.0.1; };
+};
diff --git a/bin/tests/system/dialup/ns3/hint.db b/bin/tests/system/dialup/ns3/hint.db
new file mode 100644
index 0000000..19592f3
--- /dev/null
+++ b/bin/tests/system/dialup/ns3/hint.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hint.db,v 1.6 2007/06/19 23:47:02 tbox Exp $
+
+. 1200 NS ns1.example
+ns1.example A 10.53.0.1
diff --git a/bin/tests/system/dialup/ns3/named.conf b/bin/tests/system/dialup/ns3/named.conf
new file mode 100644
index 0000000..387a716
--- /dev/null
+++ b/bin/tests/system/dialup/ns3/named.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/19 23:47:02 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ heartbeat-interval 2;
+ recursion no;
+};
+
+zone "." {
+ type hint;
+ file "hint.db";
+};
+
+zone "example." {
+ type slave;
+ dialup refresh;
+ notify no;
+ file "example.bk";
+ masters { 10.53.0.2; };
+};
diff --git a/bin/tests/system/dialup/setup.sh b/bin/tests/system/dialup/setup.sh
new file mode 100644
index 0000000..11ce031
--- /dev/null
+++ b/bin/tests/system/dialup/setup.sh
@@ -0,0 +1,19 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.6 2007/06/19 23:47:01 tbox Exp $
+
+rm -f ns2/example.bk
+rm -f ns3/example.bk
diff --git a/bin/tests/system/dialup/tests.sh b/bin/tests/system/dialup/tests.sh
new file mode 100644
index 0000000..e48369f
--- /dev/null
+++ b/bin/tests/system/dialup/tests.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.6 2007/06/19 23:47:01 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+rm -f dig.out.*
+
+DIGOPTS="+norec +tcp +noadd +nosea +nostat +noquest +nocmd -p 5300"
+
+# Check the example. domain
+
+$DIG $DIGOPTS example. @10.53.0.1 soa > dig.out.ns1.test || ret=1
+echo "I:checking that first zone transfer worked"
+ret=0
+try=0
+while test $try -lt 120
+do
+ $DIG $DIGOPTS example. @10.53.0.2 soa > dig.out.ns2.test || ret=1
+ if grep SERVFAIL dig.out.ns2.test > /dev/null
+ then
+ try=`expr $try + 1`
+ sleep 1
+ else
+ $PERL ../digcomp.pl dig.out.ns1.test dig.out.ns2.test || ret=1
+ break;
+ fi
+done
+echo "I:try $try"
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that second zone transfer worked"
+ret=0
+try=0
+while test $try -lt 120
+do
+ $DIG $DIGOPTS example. @10.53.0.3 soa > dig.out.ns3.test || ret=1
+ if grep SERVFAIL dig.out.ns3.test > /dev/null
+ then
+ try=`expr $try + 1`
+ sleep 1
+ else
+ $PERL ../digcomp.pl dig.out.ns1.test dig.out.ns3.test || ret=1
+ break;
+ fi
+done
+echo "I:try $try"
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/digcomp.pl b/bin/tests/system/digcomp.pl
new file mode 100644
index 0000000..87e64cb
--- /dev/null
+++ b/bin/tests/system/digcomp.pl
@@ -0,0 +1,111 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: digcomp.pl,v 1.14 2007/06/19 23:47:00 tbox Exp $
+
+# Compare two files, each with the output from dig, for differences.
+# Ignore "unimportant" differences, like ordering of NS lines, TTL's,
+# etc...
+
+$file1 = $ARGV[0];
+$file2 = $ARGV[1];
+
+$count = 0;
+$firstname = "";
+$status = 0;
+$rcode1 = "none";
+$rcode2 = "none";
+
+open(FILE1, $file1) || die("open: $file1: $!\n");
+while (<FILE1>) {
+ chomp;
+ if (/^;.+status:\s+(\S+).+$/) {
+ $rcode1 = $1;
+ }
+ next if (/^;/);
+ if (/^(\S+)\s+\S+\s+(\S+)\s+(\S+)\s+(.+)$/) {
+ $name = $1;
+ $class = $2;
+ $type = $3;
+ $value = $4;
+ if ($type eq "SOA") {
+ $firstname = $name if ($firstname eq "");
+ if ($name eq $firstname) {
+ $name = "$name$count";
+ $count++;
+ }
+ }
+ if ($entry{"$name ; $class.$type ; $value"} ne "") {
+ $line = $entry{"$name ; $class.$type ; $value"};
+ print("Duplicate entry in $file1:\n> $_\n< $line\n");
+ } else {
+ $entry{"$name ; $class.$type ; $value"} = $_;
+ }
+ }
+}
+close(FILE1);
+
+$printed = 0;
+
+open(FILE2, $file2) || die("open: $file2: $!\n");
+while (<FILE2>) {
+ chomp;
+ if (/^;.+status:\s+(\S+).+$/) {
+ $rcode2 = $1;
+ }
+ next if (/^;/);
+ if (/^(\S+)\s+\S+\s+(\S+)\s+(\S+)\s+(.+)$/) {
+ $name = $1;
+ $class = $2;
+ $type = $3;
+ $value = $4;
+ if (($name eq $firstname) && ($type eq "SOA")) {
+ $count--;
+ $name = "$name$count";
+ }
+ if ($entry{"$name ; $class.$type ; $value"} ne "") {
+ $entry{"$name ; $class.$type ; $value"} = "";
+ } else {
+ print("Only in $file2 (missing from $file1):\n")
+ if ($printed == 0);
+ print("> $_\n");
+ $printed++;
+ $status = 1;
+ }
+ }
+}
+close(FILE2);
+
+$printed = 0;
+
+foreach $key (keys(%entry)) {
+ if ($entry{$key} ne "") {
+ print("Only in $file1 (missing from $file2):\n")
+ if ($printed == 0);
+ print("< $entry{$key}\n");
+ $status = 1;
+ $printed++;
+ }
+}
+
+if ($rcode1 ne $rcode2) {
+ print("< status: $rcode1\n");
+ print("> status: $rcode2\n");
+ $status = 1;
+}
+
+exit($status);
diff --git a/bin/tests/system/dlv/clean.sh b/bin/tests/system/dlv/clean.sh
new file mode 100644
index 0000000..872b14f
--- /dev/null
+++ b/bin/tests/system/dlv/clean.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.5 2007/09/26 03:22:43 marka Exp $
+
+rm -f random.data
+rm -f ns*/named.run
+rm -f ns3/K*
+rm -f ns3/*.db
+rm -f ns3/*.signed
+rm -f ns3/dlvset-*
+rm -f ns3/dsset-*
+rm -f ns3/keyset-*
+rm -f ns3/trusted.conf ns5/trusted.conf
+rm -f */named.memstats
diff --git a/bin/tests/system/dlv/ns1/named.conf b/bin/tests/system/dlv/ns1/named.conf
new file mode 100644
index 0000000..bfb64ed
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/named.conf
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:02 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable no;
+};
+
+zone "." { type master; file "root.db"; };
+zone "rootservers.utld" { type master; file "rootservers.utld.db"; };
diff --git a/bin/tests/system/dlv/ns1/root.db b/bin/tests/system/dlv/ns1/root.db
new file mode 100644
index 0000000..ed7aee3
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/root.db
@@ -0,0 +1,24 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 120
+@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld (
+ 1 3600 1200 604800 60 )
+@ NS ns.rootservers.utld
+ns A 10.53.0.1
+;
+utld NS ns.utld
+ns.utld A 10.53.0.2
diff --git a/bin/tests/system/dlv/ns1/rootservers.utld.db b/bin/tests/system/dlv/ns1/rootservers.utld.db
new file mode 100644
index 0000000..26abb42
--- /dev/null
+++ b/bin/tests/system/dlv/ns1/rootservers.utld.db
@@ -0,0 +1,20 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: rootservers.utld.db,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns2/hints b/bin/tests/system/dlv/ns2/hints
new file mode 100644
index 0000000..a2e549a
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/hints
@@ -0,0 +1,18 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hints,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns2/named.conf b/bin/tests/system/dlv/ns2/named.conf
new file mode 100644
index 0000000..195a46f
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/named.conf
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:02 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable no;
+};
+
+zone "." { type hint; file "hints"; };
+zone "utld" { type master; file "utld.db"; };
diff --git a/bin/tests/system/dlv/ns2/utld.db b/bin/tests/system/dlv/ns2/utld.db
new file mode 100644
index 0000000..ac9c3d0
--- /dev/null
+++ b/bin/tests/system/dlv/ns2/utld.db
@@ -0,0 +1,56 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: utld.db,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.2
+;
+rootservers NS ns.rootservers
+ns.rootservers A 10.53.0.1
+;
+dlv NS ns.dlv
+ns.dlv A 10.53.0.3
+;
+child1 NS ns.child1
+ns.child1 A 10.53.0.3
+;
+child2 NS ns.child2
+ns.child2 A 10.53.0.4
+;
+child3 NS ns.child3
+ns.child3 A 10.53.0.3
+;
+child4 NS ns.child4
+ns.child4 A 10.53.0.3
+;
+child5 NS ns.child5
+ns.child5 A 10.53.0.3
+;
+child6 NS ns.child6
+ns.child6 A 10.53.0.4
+;
+child7 NS ns.child7
+ns.child7 A 10.53.0.3
+;
+child8 NS ns.child8
+ns.child8 A 10.53.0.3
+;
+child9 NS ns.child9
+ns.child9 A 10.53.0.3
+;
+child10 NS ns.child10
+ns.child10 A 10.53.0.3
diff --git a/bin/tests/system/dlv/ns3/child.db.in b/bin/tests/system/dlv/ns3/child.db.in
new file mode 100644
index 0000000..9411c68
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/child.db.in
@@ -0,0 +1,22 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: child.db.in,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.3
+foo TXT foo
+bar TXT bar
diff --git a/bin/tests/system/dlv/ns3/dlv.db.in b/bin/tests/system/dlv/ns3/dlv.db.in
new file mode 100644
index 0000000..3f0ef6b
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/dlv.db.in
@@ -0,0 +1,20 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: dlv.db.in,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.3
diff --git a/bin/tests/system/dlv/ns3/hints b/bin/tests/system/dlv/ns3/hints
new file mode 100644
index 0000000..a2e549a
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/hints
@@ -0,0 +1,18 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hints,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns3/named.conf b/bin/tests/system/dlv/ns3/named.conf
new file mode 100644
index 0000000..a03fb05
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/named.conf
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:02 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+};
+
+zone "." { type hint; file "hints"; };
+zone "dlv.utld" { type master; file "dlv.signed"; };
+zone "child1.utld" { type master; file "child1.signed"; }; // dlv
+zone "child3.utld" { type master; file "child3.signed"; }; // dlv
+zone "child4.utld" { type master; file "child4.signed"; }; // dlv
+zone "child5.utld" { type master; file "child5.signed"; }; // dlv
+zone "child7.utld" { type master; file "child7.signed"; }; // no dlv
+zone "child8.utld" { type master; file "child8.signed"; }; // no dlv
+zone "child9.utld" { type master; file "child9.signed"; }; // dlv
+zone "child10.utld" { type master; file "child.db.in"; }; // dlv unsigned
diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh
new file mode 100755
index 0000000..e3382cf
--- /dev/null
+++ b/bin/tests/system/dlv/ns3/sign.sh
@@ -0,0 +1,174 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+dlvsets=
+
+zone=child1.utld.
+infile=child.db.in
+zonefile=child1.utld.db
+outfile=child1.signed
+dlvzone=dlv.utld.
+dlvsets="$dlvsets dlvset-$zone"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=child3.utld.
+infile=child.db.in
+zonefile=child3.utld.db
+outfile=child3.signed
+dlvzone=dlv.utld.
+dlvsets="$dlvsets dlvset-$zone"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=child4.utld.
+infile=child.db.in
+zonefile=child4.utld.db
+outfile=child4.signed
+dlvzone=dlv.utld.
+dlvsets="$dlvsets dlvset-$zone"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=child5.utld.
+infile=child.db.in
+zonefile=child5.utld.db
+outfile=child5.signed
+dlvzone=dlv.utld.
+dlvsets="$dlvsets dlvset-$zone"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=child7.utld.
+infile=child.db.in
+zonefile=child7.utld.db
+outfile=child7.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=child8.utld.
+infile=child.db.in
+zonefile=child8.utld.db
+outfile=child8.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=child9.utld.
+infile=child.db.in
+zonefile=child9.utld.db
+outfile=child9.signed
+dlvzone=dlv.utld.
+dlvsets="$dlvsets dlvset-$zone"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+zone=child10.utld.
+infile=child.db.in
+zonefile=child10.utld.db
+outfile=child10.signed
+dlvzone=dlv.utld.
+dlvsets="$dlvsets dlvset-$zone"
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+zone=dlv.utld.
+infile=dlv.db.in
+zonefile=dlv.utld.db
+outfile=dlv.signed
+dlvzone=dlv.utld.
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null
+echo "I: signed $zone"
+
+
+cat $keyname2.key | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+trusted-keys {
+ "$dn" $flags $proto $alg "$key";
+};
+EOF
+' > trusted.conf
+cp trusted.conf ../ns5
diff --git a/bin/tests/system/dlv/ns4/child.db b/bin/tests/system/dlv/ns4/child.db
new file mode 100644
index 0000000..b4306f3
--- /dev/null
+++ b/bin/tests/system/dlv/ns4/child.db
@@ -0,0 +1,41 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: child.db,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 120
+@ SOA ns hostmaster.ns 1 3600 1200 604800 60
+@ NS ns
+ns A 10.53.0.3
+;
+rootservers NS ns.rootservers
+ns.rootservers A 10.53.0.1
+;
+child1 NS ns.child1
+ns.child1 A 10.53.0.3
+;
+child2 NS ns.child2
+ns.child2 A 10.53.0.4
+;
+child3 NS ns.child3
+ns.child3 A 10.53.0.3
+;
+child4 NS ns.child4
+ns.child4 A 10.53.0.3
+;
+child5 NS ns.child5
+ns.child5 A 10.53.0.3
+;
+child6 NS ns.child5
+ns.child6 A 10.53.0.4
diff --git a/bin/tests/system/dlv/ns4/hints b/bin/tests/system/dlv/ns4/hints
new file mode 100644
index 0000000..a2e549a
--- /dev/null
+++ b/bin/tests/system/dlv/ns4/hints
@@ -0,0 +1,18 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hints,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns4/named.conf b/bin/tests/system/dlv/ns4/named.conf
new file mode 100644
index 0000000..4fa32c2
--- /dev/null
+++ b/bin/tests/system/dlv/ns4/named.conf
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:02 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.4;
+ notify-source 10.53.0.4;
+ transfer-source 10.53.0.4;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable no;
+};
+
+zone "." { type hint; file "hints"; };
+zone "child2.utld" { type master; file "child.db"; };
+zone "child6.utld" { type master; file "child.db"; };
diff --git a/bin/tests/system/dlv/ns5/hints b/bin/tests/system/dlv/ns5/hints
new file mode 100644
index 0000000..a2e549a
--- /dev/null
+++ b/bin/tests/system/dlv/ns5/hints
@@ -0,0 +1,18 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: hints,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
diff --git a/bin/tests/system/dlv/ns5/named.conf b/bin/tests/system/dlv/ns5/named.conf
new file mode 100644
index 0000000..b35c4a7
--- /dev/null
+++ b/bin/tests/system/dlv/ns5/named.conf
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/18 23:47:28 tbox Exp $ */
+
+/*
+ * Choose a keyname that is unlikely to clash with any real key names.
+ * This allows it to be added to the system's rndc.conf with minimal
+ * likelyhood of collision.
+ *
+ * e.g.
+ * key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
+ * algorithm hmac-md5;
+ * secret "34f88008d07deabbe65bd01f1d233d47";
+ * };
+ *
+ * server "10.53.0.5" {
+ * key cc64b3d1db63fc88d7cb5d2f9f57d258;
+ * port 5353;
+ * };
+ *
+ * rndc -s 10.53.0.5 <command>
+ */
+
+key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
+ algorithm hmac-md5;
+ secret "34f88008d07deabbe65bd01f1d233d47";
+};
+
+controls {
+ inet 10.53.0.5 port 5353 allow { any; }
+ keys { cc64b3d1db63fc88d7cb5d2f9f57d258; };
+};
+
+include "trusted.conf";
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+ dnssec-lookaside "." trust-anchor "dlv.utld";
+};
+
+zone "." { type hint; file "hints"; };
diff --git a/bin/tests/system/dlv/ns5/rndc.conf b/bin/tests/system/dlv/ns5/rndc.conf
new file mode 100644
index 0000000..958ee98
--- /dev/null
+++ b/bin/tests/system/dlv/ns5/rndc.conf
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.conf,v 1.5 2007/06/19 23:47:02 tbox Exp $ */
+
+key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
+ algorithm hmac-md5;
+ secret "34f88008d07deabbe65bd01f1d233d47";
+};
+
+options {
+ default-server 10.53.0.5;
+ default-port 5353;
+};
diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh
new file mode 100644
index 0000000..5f2e5b8
--- /dev/null
+++ b/bin/tests/system/dlv/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+../../genrandom 400 random.data
+
+(cd ns3 && sh -e sign.sh)
diff --git a/bin/tests/system/dlv/tests.sh b/bin/tests/system/dlv/tests.sh
new file mode 100644
index 0000000..8b595a7
--- /dev/null
+++ b/bin/tests/system/dlv/tests.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+exit 0
diff --git a/bin/tests/system/dnssec/README b/bin/tests/system/dnssec/README
new file mode 100644
index 0000000..63ea49a
--- /dev/null
+++ b/bin/tests/system/dnssec/README
@@ -0,0 +1,17 @@
+Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2000-2002 Internet Software Consortium.
+See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
+
+$Id: README,v 1.8 2004/03/05 05:00:08 marka Exp $
+
+The test setup for the DNSSEC tests has a secure root.
+
+ns1 is the root server.
+
+ns2 and ns3 are authoritative servers for the various test domains.
+
+ns4 is a caching-only server, configured with the correct trusted key
+for the root.
+
+ns5 is a caching-only server, configured with the an incorrect trusted
+key for the root. It is used for testing failure cases.
diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh
new file mode 100644
index 0000000..3f207d5
--- /dev/null
+++ b/bin/tests/system/dnssec/clean.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.23 2008/09/25 04:02:38 tbox Exp $
+
+rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
+rm -f ns1/root.db ns2/example.db ns3/secure.example.db
+rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db
+rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl
+rm -f ns2/private.secure.example.db
+rm -f */example.bk
+rm -f dig.out.*
+rm -f random.data
+rm -f ns2/dlv.db
+rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db
+rm -f ns3/optout-unknown.example.db ns3/optout.example.db
+rm -f ns7/multiple.example.bk ns7/nsec3.example.bk ns7/optout.example.bk
+rm -f */named.memstats
+rm -f ns3/nsec3.nsec3.example.db
+rm -f ns3/nsec3.optout.example.db
+rm -f ns3/optout.nsec3.example.db
+rm -f ns3/optout.optout.example.db
+rm -f ns3/secure.nsec3.example.db
+rm -f ns3/secure.optout.example.db
diff --git a/bin/tests/system/dnssec/dnssec_update_test.pl b/bin/tests/system/dnssec/dnssec_update_test.pl
new file mode 100644
index 0000000..3a87242
--- /dev/null
+++ b/bin/tests/system/dnssec/dnssec_update_test.pl
@@ -0,0 +1,105 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+#
+# DNSSEC Dynamic update test suite.
+#
+# Usage:
+#
+# perl update_test.pl [-s server] [-p port] zone
+#
+# The server defaults to 127.0.0.1.
+# The port defaults to 53.
+#
+# Installation notes:
+#
+# This program uses the Net::DNS::Resolver module.
+# You can install it by saying
+#
+# perl -MCPAN -e "install Net::DNS"
+#
+# $Id: dnssec_update_test.pl,v 1.5 2007/06/19 23:47:02 tbox Exp $
+#
+
+use Getopt::Std;
+use Net::DNS;
+use Net::DNS::Update;
+use Net::DNS::Resolver;
+
+$opt_s = "127.0.0.1";
+$opt_p = 53;
+
+getopt('s:p:');
+
+$res = new Net::DNS::Resolver;
+$res->nameservers($opt_s);
+$res->port($opt_p);
+$res->defnames(0); # Do not append default domain.
+
+@ARGV == 1 or die
+ "usage: perl update_test.pl [-s server] [-p port] zone\n";
+
+$zone = shift @ARGV;
+
+my $failures = 0;
+
+sub assert {
+ my ($cond, $explanation) = @_;
+ if (!$cond) {
+ print "I:Test Failed: $explanation ***\n";
+ $failures++
+ }
+}
+
+sub test {
+ my ($expected, @records) = @_;
+
+ my $update = new Net::DNS::Update("$zone");
+
+ foreach $rec (@records) {
+ $update->push(@$rec);
+ }
+
+ $reply = $res->send($update);
+
+ # Did it work?
+ if (defined $reply) {
+ my $rcode = $reply->header->rcode;
+ assert($rcode eq $expected, "expected $expected, got $rcode");
+ } else {
+ print "I:Update failed: ", $res->errorstring, "\n";
+ }
+}
+
+sub section {
+ my ($msg) = @_;
+ print "I:$msg\n";
+}
+
+section("Add a name");
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
+
+section("Delete the name");
+test("NOERROR", ["update", rr_del("a.$zone")]);
+
+if ($failures) {
+ print "I:$failures tests failed.\n";
+} else {
+ print "I:All tests successful.\n";
+}
+
+exit $failures;
diff --git a/bin/tests/system/dnssec/ns1/named.conf b/bin/tests/system/dnssec/ns1/named.conf
new file mode 100644
index 0000000..e6b6b02
--- /dev/null
+++ b/bin/tests/system/dnssec/ns1/named.conf
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.24 2007/06/19 23:47:02 tbox Exp $ */
+
+// NS1
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type master;
+ file "root.db.signed";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns1/root.db.in b/bin/tests/system/dnssec/ns1/root.db.in
new file mode 100644
index 0000000..24c5913
--- /dev/null
+++ b/bin/tests/system/dnssec/ns1/root.db.in
@@ -0,0 +1,32 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db.in,v 1.10 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+dlv. NS ns2.dlv.
+ns2.dlv. A 10.53.0.2
diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh
new file mode 100644
index 0000000..9bc0ddd
--- /dev/null
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.25 2008/09/25 04:02:38 tbox Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+(cd ../ns2 && sh sign.sh )
+
+cp ../ns2/keyset-example. .
+cp ../ns2/keyset-dlv. .
+
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+
+cat $infile $keyname.key > $zonefile
+
+echo $SIGNER -g -r $RANDFILE -o $zone $zonefile
+$SIGNER -g -r $RANDFILE -o $zone $zonefile > /dev/null
+
+# Configure the resolving server with a trusted key.
+
+cat $keyname.key | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+trusted-keys {
+ "$dn" $flags $proto $alg "$key";
+};
+EOF
+' > trusted.conf
+cp trusted.conf ../ns2/trusted.conf
+cp trusted.conf ../ns3/trusted.conf
+cp trusted.conf ../ns4/trusted.conf
+cp trusted.conf ../ns6/trusted.conf
+cp trusted.conf ../ns7/trusted.conf
diff --git a/bin/tests/system/dnssec/ns2/child.nsec3.example.db b/bin/tests/system/dnssec/ns2/child.nsec3.example.db
new file mode 100644
index 0000000..c432b06
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/child.nsec3.example.db
@@ -0,0 +1,25 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: child.nsec3.example.db,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2006081400 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+@ IN NS ns2.example.
diff --git a/bin/tests/system/dnssec/ns2/child.optout.example.db b/bin/tests/system/dnssec/ns2/child.optout.example.db
new file mode 100644
index 0000000..feb73a4
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/child.optout.example.db
@@ -0,0 +1,25 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: child.optout.example.db,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2006081400 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+@ IN NS ns2.example.
diff --git a/bin/tests/system/dnssec/ns2/dlv.db.in b/bin/tests/system/dnssec/ns2/dlv.db.in
new file mode 100644
index 0000000..fa09f21
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/dlv.db.in
@@ -0,0 +1,26 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: dlv.db.in,v 1.5 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns2
+ns2 A 10.53.0.2
diff --git a/bin/tests/system/dnssec/ns2/dst.example.db.in b/bin/tests/system/dnssec/ns2/dst.example.db.in
new file mode 100644
index 0000000..5819636
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/dst.example.db.in
@@ -0,0 +1,26 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: dst.example.db.in,v 1.4 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns2.example.
+a A 10.0.0.1
diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in
new file mode 100644
index 0000000..c2b5e98
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/example.db.in
@@ -0,0 +1,97 @@
+; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db.in,v 1.19 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns2
+ NS ns3
+ns2 A 10.53.0.2
+ns3 A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+
+; Used for testing ANY queries
+foo TXT "testing"
+foo A 10.0.1.0
+
+; Used for testing CNAME queries
+cname1 CNAME cname1-target
+cname1-target TXT "testing cname"
+
+cname2 CNAME cname2-target
+cname2-target TXT "testing cname"
+
+; Used for testing DNAME queries
+dname1 DNAME dname1-target
+foo.dname1-target TXT "testing dname"
+
+dname2 DNAME dname2-target
+foo.dname2-target TXT "testing dname"
+
+; A secure subdomain
+secure NS ns.secure
+ns.secure A 10.53.0.3
+
+; An insecure subdomain
+insecure NS ns.insecure
+ns.insecure A 10.53.0.3
+
+; A secure subdomain we're going to inject bogus data into
+bogus NS ns.bogus
+ns.bogus A 10.53.0.3
+
+; A dynamic secure subdomain
+dynamic NS dynamic
+dynamic A 10.53.0.3
+
+; A insecure subdomain
+mustbesecure NS ns.mustbesecure
+ns.mustbesecure A 10.53.0.3
+
+; A rfc2535 signed zone w/ CNAME
+rfc2535 NS ns.rfc2535
+ns.rfc2535 A 10.53.0.3
+
+z A 10.0.0.26
+
+keyless NS ns.keyless
+ns.keyless A 10.53.0.3
+
+nsec3 NS ns.nsec3
+ns.nsec3 A 10.53.0.3
+
+optout NS ns.optout
+ns.optout A 10.53.0.3
+
+nsec3-unknown NS ns.nsec3-unknown
+ns.nsec3-unknown A 10.53.0.3
+
+optout-unknown NS ns.optout-unknown
+ns.optout-unknown A 10.53.0.3
+
+multiple NS ns.multiple
+ns.multiple A 10.53.0.3
+
+*.wild A 10.0.0.27
diff --git a/bin/tests/system/dnssec/ns2/insecure.secure.example.db b/bin/tests/system/dnssec/ns2/insecure.secure.example.db
new file mode 100644
index 0000000..f16a2cf
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/insecure.secure.example.db
@@ -0,0 +1,32 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: insecure.secure.example.db,v 1.9 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
diff --git a/bin/tests/system/dnssec/ns2/named.conf b/bin/tests/system/dnssec/ns2/named.conf
new file mode 100644
index 0000000..3160413
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/named.conf
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.30 2008/09/25 04:02:38 tbox Exp $ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "dlv" {
+ type master;
+ file "dlv.db.signed";
+};
+
+zone "example" {
+ type master;
+ file "example.db.signed";
+ allow-update { any; };
+};
+
+zone "private.secure.example" {
+ type master;
+ file "private.secure.example.db.signed";
+ allow-update { any; };
+};
+
+zone "insecure.secure.example" {
+ type master;
+ file "insecure.secure.example.db";
+ allow-update { any; };
+};
+
+zone "rfc2335.example" {
+ type master;
+ file "rfc2335.example.db";
+};
+
+zone "child.nsec3.example" {
+ type master;
+ file "child.nsec3.example.db";
+ allow-update { none; };
+};
+
+zone "child.optout.example" {
+ type master;
+ file "child.optout.example.db";
+ allow-update { none; };
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns2/private.secure.example.db.in b/bin/tests/system/dnssec/ns2/private.secure.example.db.in
new file mode 100644
index 0000000..2bf2787
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/private.secure.example.db.in
@@ -0,0 +1,34 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: private.secure.example.db.in,v 1.10 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.2
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+private2secure-nxdomain CNAME r.example.
+*.wild CNAME s.example.
diff --git a/bin/tests/system/dnssec/ns2/rfc2335.example.db b/bin/tests/system/dnssec/ns2/rfc2335.example.db
new file mode 100644
index 0000000..b8b477e
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/rfc2335.example.db
@@ -0,0 +1,103 @@
+; File written on Fri Apr 30 12:19:15 2004
+; dnssec_signzone version 9.2.4rc3
+rfc2335.example. 300 IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ 300 SIG SOA 1 2 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ nGPJKIzF7X/hMJbZURRz59UeEi/6HRxCn9Er
+ GqSnpw0Ea9Yx5Axu6sLKnF7jXlkZ6NHMCIpJ
+ +Lv+FDHXTs/dQg== )
+ 300 NS ns.rfc2335.example.
+ 300 SIG NS 1 2 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ Q234AL9dJYMvxdWG33lpww6AJ3GplKp+ace7
+ MUaj0oqDdkx4DtJF2XaP2xcqq7kTOObdQ8ES
+ vVxNThqOx7LFzg== )
+ 300 KEY 256 3 1 (
+ AQPZhzXIabI8y5ihWUw7F0WxN2MabnYWkOcV
+ Fn11NgaGSdjBSYPRMMwMCasD5N2KYPRUP83W
+ y8mj+ofcoW1FurcZ
+ ) ; key id = 47799
+ 300 NXT a.rfc2335.example. NS SOA SIG KEY NXT
+ 300 SIG NXT 1 2 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ Y587mqNy6pBEfbsU6+weM2XRSqLwLwRT9Sl7
+ oNuOK9kV3TR4R2M54m2S0MgJCXbRAwU+fF8Q
+ UbZkSTVe2N8Nyg== )
+a.rfc2335.example. 300 IN A 10.0.0.1
+ 300 SIG A 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ FnfWrcw5ire8ut25504zti5l///BdDMUAkJZ
+ UCLFiTW4lBGMcq1pqz64zltDZXCgJ3xUeQ2i
+ nRt19/ZxO6Z1KA== )
+ 300 NXT b.rfc2335.example. A SIG NXT
+ 300 SIG NXT 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ R6SpC3ndMVg4u/eZaaUsXSuMHV/hZXeaM/Op
+ bJLAe3KxMiOHfb6XgLy7wflAiC1xt6A9bWpy
+ kTc5T5gfic33kA== )
+b.rfc2335.example. 300 IN A 10.0.0.2
+ 300 SIG A 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ zjRsYXMGyhDI6ipDtu8YXC9XPN+3hGamzzxL
+ 8uPE/LPo+x19MNdbzEgWzlajAf1/mkSGr2jN
+ BDMVBA5NMKpwAA== )
+ 300 NXT d.rfc2335.example. A SIG NXT
+ 300 SIG NXT 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ aV87iZCYsC5Tqop827Zzb18TNqopGt0QynkR
+ gIF/lIHqZasNFRfaS1/nTnXdDKD8JS5IqxKb
+ oTJr5zswDAtCEw== )
+d.rfc2335.example. 300 IN A 10.0.0.4
+ 300 SIG A 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ NsKyvhUYZxTbOTBX4YwxTxevI5iGBpULKwmt
+ +D4l00ME4XRygOVmiqVDTT9dF1EgjDxOdfMT
+ hSjtCh5M1b2f6g== )
+ 300 NXT ns.rfc2335.example. A SIG NXT
+ 300 SIG NXT 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ OGqlvSDZIZdHYigh4UAFzXfPze7vcQfgj7sN
+ +cAeoh4BL1gpa00DqANCxowNCYluDk3ZCDwt
+ UHZEJa8ZjNvv4g== )
+ns.rfc2335.example. 300 IN A 10.53.0.3
+ 300 SIG A 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ T6ZGeUWflLTku8jO23x/TeAPeUl8t0I18FCh
+ qHUZaHomLQasQ2jlZQn6cLpFd2uFJkBNxZ0G
+ I39aG7G1bObXdA== )
+ 300 NXT x.rfc2335.example. A SIG NXT
+ 300 SIG NXT 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ l46mrf3/Ii5iRm3AiDjYeMg4ZXBgitHxXA2y
+ e/NhKpkxRRpCs7UQ94wT/RiSCjjK49E5FBe6
+ 5bRxtWq0GI7zlg== )
+x.rfc2335.example. 300 IN CNAME a.rfc2335.example.
+ 300 SIG CNAME 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ L3IOluq+kboBd2gR2Mu54uJKCUzfmyHRiWKl
+ kfx+vuFr0I8mEHQRmJtouxNDrBzmzGp5vybK
+ SdabLWw0n6uQEA== )
+ 300 NXT z.rfc2335.example. CNAME SIG NXT
+ 300 SIG NXT 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ CBKoJSkZzdpwiON7JS4yPFY5VVeBjfT19x/O
+ vx+5UK1JZUNKhTXWWgW1er+JlLzNf4Ot40+l
+ z9HUTyaeS0eWyw== )
+z.rfc2335.example. 300 IN A 10.0.0.26
+ 300 SIG A 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ ccqjVHnehvVwlNNd4+7n/GzGlRjj+ul0gCT3
+ X3950LTccxHsOFyjNNm8v/Ho/aurSYdqXEjY
+ jwmjC6elwkzB7A== )
+ 300 NXT rfc2335.example. A SIG NXT
+ 300 SIG NXT 1 3 300 20040530021915 (
+ 20040430021915 47799 rfc2335.example.
+ W42WoFyd9erysv8HjKo+CpHIH1x6+pAKwCDO
+ /hHnkEpQI3brewxl7cWOPYeA92Ns80Ody/ui
+ m2E28A5gnmWqPw== )
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
new file mode 100644
index 0000000..4389678
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.30 2008/09/25 04:02:38 tbox Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+# Have the child generate a zone key and pass it to us.
+
+( cd ../ns3 && sh sign.sh )
+
+for subdomain in secure bogus dynamic keyless nsec3 optout nsec3-unknown optout-unknown multiple
+do
+ cp ../ns3/keyset-$subdomain.example. .
+done
+
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+
+# Sign the privately secure file
+
+privzone=private.secure.example.
+privinfile=private.secure.example.db.in
+privzonefile=private.secure.example.db
+
+privkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
+
+cat $privinfile $privkeyname.key >$privzonefile
+
+$SIGNER -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
+
+# Sign the DLV secure zone.
+
+
+dlvzone=dlv.
+dlvinfile=dlv.db.in
+dlvzonefile=dlv.db
+
+dlvkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
+
+cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile
+
+$SIGNER -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null
diff --git a/bin/tests/system/dnssec/ns3/bogus.example.db.in b/bin/tests/system/dnssec/ns3/bogus.example.db.in
new file mode 100644
index 0000000..e83d07b
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/bogus.example.db.in
@@ -0,0 +1,32 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: bogus.example.db.in,v 1.9 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
diff --git a/bin/tests/system/dnssec/ns3/dynamic.example.db.in b/bin/tests/system/dnssec/ns3/dynamic.example.db.in
new file mode 100644
index 0000000..0b5b0b0
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/dynamic.example.db.in
@@ -0,0 +1,31 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: dynamic.example.db.in,v 1.5 2007/06/19 23:47:02 tbox Exp $
+
+; This has the NS and glue at the apex because testing RT #2399
+; requires we have only one name in the zone at a certain point
+; during the test.
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+@ NS @
+@ A 10.53.0.3
diff --git a/bin/tests/system/dnssec/ns3/insecure.example.db b/bin/tests/system/dnssec/ns3/insecure.example.db
new file mode 100644
index 0000000..036adc5
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/insecure.example.db
@@ -0,0 +1,32 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: insecure.example.db,v 1.9 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
diff --git a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db
new file mode 100644
index 0000000..4518c2d
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db
@@ -0,0 +1,31 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: insecure.nsec3.example.db,v 1.2 2008/09/24 02:46:21 marka Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
diff --git a/bin/tests/system/dnssec/ns3/insecure.optout.example.db b/bin/tests/system/dnssec/ns3/insecure.optout.example.db
new file mode 100644
index 0000000..0a3a45d
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/insecure.optout.example.db
@@ -0,0 +1,31 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: insecure.optout.example.db,v 1.2 2008/09/24 02:46:21 marka Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
diff --git a/bin/tests/system/dnssec/ns3/keyless.example.db.in b/bin/tests/system/dnssec/ns3/keyless.example.db.in
new file mode 100644
index 0000000..e2d1ffa
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/keyless.example.db.in
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001, 2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: keyless.example.db.in,v 1.5 2007/06/19 23:47:02 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a.b A 10.0.0.1
diff --git a/bin/tests/system/dnssec/ns3/multiple.example.db.in b/bin/tests/system/dnssec/ns3/multiple.example.db.in
new file mode 100644
index 0000000..c805a3e
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/multiple.example.db.in
@@ -0,0 +1,34 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: multiple.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a A 10.0.0.3
+*.e A 10.0.0.6
+child NS ns2.example.
diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf
new file mode 100644
index 0000000..38f4ad0
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/named.conf
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.33 2008/09/25 04:02:38 tbox Exp $ */
+
+// NS3
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type slave;
+ masters { 10.53.0.2; };
+ file "example.bk";
+};
+
+zone "secure.example" {
+ type master;
+ file "secure.example.db.signed";
+ allow-update { any; };
+};
+
+zone "bogus.example" {
+ type master;
+ file "bogus.example.db.signed";
+ allow-update { any; };
+};
+
+zone "dynamic.example" {
+ type master;
+ file "dynamic.example.db.signed";
+ allow-update { any; };
+};
+
+zone "insecure.example" {
+ type master;
+ file "insecure.example.db";
+ allow-update { any; };
+};
+
+zone "insecure.nsec3.example" {
+ type master;
+ file "insecure.nsec3.example.db";
+ allow-update { any; };
+};
+
+zone "insecure.optout.example" {
+ type master;
+ file "insecure.optout.example.db";
+ allow-update { any; };
+};
+
+zone "keyless.example" {
+ type master;
+ file "keyless.example.db.signed";
+};
+
+zone "nsec3.example" {
+ type master;
+ file "nsec3.example.db.signed";
+};
+
+zone "optout.nsec3.example" {
+ type master;
+ file "optout.nsec3.example.db.signed";
+};
+
+zone "nsec3.nsec3.example" {
+ type master;
+ file "nsec3.nsec3.example.db.signed";
+};
+
+zone "secure.nsec3.example" {
+ type master;
+ file "secure.nsec3.example.db.signed";
+};
+
+zone "optout.example" {
+ type master;
+ file "optout.example.db.signed";
+};
+
+zone "secure.optout.example" {
+ type master;
+ file "secure.optout.example.db.signed";
+};
+
+zone "nsec3.optout.example" {
+ type master;
+ file "nsec3.optout.example.db.signed";
+};
+
+zone "optout.optout.example" {
+ type master;
+ file "optout.optout.example.db.signed";
+};
+
+zone "nsec3-unknown.example" {
+ type master;
+ nsec3-test-zone yes;
+ file "nsec3-unknown.example.db.signed";
+};
+
+zone "optout-unknown.example" {
+ type master;
+ nsec3-test-zone yes;
+ file "optout-unknown.example.db.signed";
+};
+
+zone "multiple.example" {
+ type master;
+ file "multiple.example.db.signed";
+ allow-update { any; };
+};
+
+zone "mustbesecure.example" {
+ type master;
+ file "mustbesecure.example.db";
+};
+
+zone "rfc2335.example" {
+ type slave;
+ masters { 10.53.0.2; };
+ file "rfc2335.example.bk";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in
new file mode 100644
index 0000000..ffdd3e3
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in
@@ -0,0 +1,34 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: nsec3-unknown.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a A 10.0.0.3
+*.e A 10.0.0.6
+child NS ns2.example.
diff --git a/bin/tests/system/dnssec/ns3/nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.example.db.in
new file mode 100644
index 0000000..97ac59c
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/nsec3.example.db.in
@@ -0,0 +1,43 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a A 10.0.0.3
+*.wild A 10.0.0.6
+child NS ns2.example.
+insecure NS ns.insecure
+ns.insecure A 10.53.0.3
+secure NS ns.secure
+ns.secure A 10.53.0.3
+nsec3 NS ns.nsec3
+ns.nsec3 A 10.53.0.3
+optout NS ns.optout
+ns.optout A 10.53.0.3
+02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17
diff --git a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in
new file mode 100644
index 0000000..ca5b6e8
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in
@@ -0,0 +1,40 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: nsec3.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in
new file mode 100644
index 0000000..fd766e7
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in
@@ -0,0 +1,40 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: nsec3.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in
new file mode 100644
index 0000000..b001555
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in
@@ -0,0 +1,34 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: optout-unknown.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a A 10.0.0.3
+*.e A 10.0.0.6
+child NS ns2.example.
diff --git a/bin/tests/system/dnssec/ns3/optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.example.db.in
new file mode 100644
index 0000000..e41d15b
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/optout.example.db.in
@@ -0,0 +1,45 @@
+; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a A 10.0.0.3
+*.wild A 10.0.0.6
+insecure NS ns.insecure
+ns.insecure A 10.53.0.3
+secure NS ns.secure
+ns.secure A 10.53.0.3
+nsec3 NS ns.nsec3
+ns.nsec3 A 10.53.0.3
+optout NS ns.optout
+ns.optout A 10.53.0.3
+child NS ns2.example.
+insecure.empty NS ns.insecure.empty
+ns.insecure.empty A 10.53.0.3
+foo.*.empty-wild NS ns
diff --git a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in
new file mode 100644
index 0000000..150c386
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in
@@ -0,0 +1,40 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: optout.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in
new file mode 100644
index 0000000..91b5b89
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in
@@ -0,0 +1,40 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: optout.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/secure.example.db.in b/bin/tests/system/dnssec/ns3/secure.example.db.in
new file mode 100644
index 0000000..9cd4d6f
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/secure.example.db.in
@@ -0,0 +1,41 @@
+; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: secure.example.db.in,v 1.13 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in
new file mode 100644
index 0000000..92e720b
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in
@@ -0,0 +1,40 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: secure.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in
new file mode 100644
index 0000000..d1ac6af
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in
@@ -0,0 +1,40 @@
+; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: secure.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+d A 10.0.0.4
+z A 10.0.0.26
+a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27
+x CNAME a
+
+private NS ns.private
+ns.private A 10.53.0.2
+
+insecure NS ns.insecure
+ns.insecure A 10.53.0.2
+
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
new file mode 100644
index 0000000..eb362aa
--- /dev/null
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -0,0 +1,224 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.25 2008/09/25 04:02:38 tbox Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data
+
+zone=secure.example.
+infile=secure.example.db.in
+zonefile=secure.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
+zone=bogus.example.
+infile=bogus.example.db.in
+zonefile=bogus.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
+zone=dynamic.example.
+infile=dynamic.example.db.in
+zonefile=dynamic.example.db
+
+keyname1=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname2=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
+zone=keyless.example.
+infile=keyless.example.db.in
+zonefile=keyless.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
+# Change the signer field of the a.b.keyless.example SIG A
+# to point to a provably nonexistent KEY record.
+mv $zonefile.signed $zonefile.tmp
+<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/
+ if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
+rm -f $zonefile.tmp
+
+#
+# NSEC3/NSEC test zone
+#
+zone=secure.nsec3.example.
+infile=secure.nsec3.example.db.in
+zonefile=secure.nsec3.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# NSEC3/NSEC3 test zone
+#
+zone=nsec3.nsec3.example.
+infile=nsec3.nsec3.example.db.in
+zonefile=nsec3.nsec3.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# OPTOUT/NSEC3 test zone
+#
+zone=optout.nsec3.example.
+infile=optout.nsec3.example.db.in
+zonefile=optout.nsec3.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# A nsec3 zone (non-optout).
+#
+zone=nsec3.example.
+infile=nsec3.example.db.in
+zonefile=nsec3.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# OPTOUT/NSEC test zone
+#
+zone=secure.optout.example.
+infile=secure.optout.example.db.in
+zonefile=secure.optout.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# OPTOUT/NSEC3 test zone
+#
+zone=nsec3.optout.example.
+infile=nsec3.optout.example.db.in
+zonefile=nsec3.optout.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# OPTOUT/OPTOUT test zone
+#
+zone=optout.optout.example.
+infile=optout.optout.example.db.in
+zonefile=optout.optout.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# A optout nsec3 zone.
+#
+zone=optout.example.
+infile=optout.example.db.in
+zonefile=optout.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# A nsec3 zone (non-optout) with unknown hash algorithm.
+#
+zone=nsec3-unknown.example.
+infile=nsec3-unknown.example.db.in
+zonefile=nsec3-unknown.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# A optout nsec3 zone.
+#
+zone=optout-unknown.example.
+infile=optout-unknown.example.db.in
+zonefile=optout-unknown.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null
+
+#
+# A multiple parameter nsec3 zone.
+#
+zone=multiple.example.
+infile=multiple.example.db.in
+zonefile=multiple.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+mv $zonefile.signed $zonefile
+$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
+mv $zonefile.signed $zonefile
+$SIGNER -3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null
+mv $zonefile.signed $zonefile
+$SIGNER -3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null
+mv $zonefile.signed $zonefile
+$SIGNER -3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null
+mv $zonefile.signed $zonefile
+$SIGNER -3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null
diff --git a/bin/tests/system/dnssec/ns4/named.conf b/bin/tests/system/dnssec/ns4/named.conf
new file mode 100644
index 0000000..63da89c
--- /dev/null
+++ b/bin/tests/system/dnssec/ns4/named.conf
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.28 2007/06/18 23:47:28 tbox Exp $ */
+
+// NS4
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.4;
+ notify-source 10.53.0.4;
+ transfer-source 10.53.0.4;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+ dnssec-must-be-secure mustbesecure.example yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns5/named.conf b/bin/tests/system/dnssec/ns5/named.conf
new file mode 100644
index 0000000..64892ca
--- /dev/null
+++ b/bin/tests/system/dnssec/ns5/named.conf
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.25 2007/06/18 23:47:28 tbox Exp $ */
+
+// NS5
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
new file mode 100644
index 0000000..b806e40
--- /dev/null
+++ b/bin/tests/system/dnssec/ns5/trusted.conf.bad
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: trusted.conf.bad,v 1.9 2007/06/19 23:47:02 tbox Exp $ */
+
+trusted-keys {
+ "." 256 3 1 "AQO6Cl+slAf+iuieDim9L3kujFHQD7s/IOj03ClMOpKYcTXtK4mRpuULVfvWxDi9Ew/gj0xLnnX7z9OJHIxLI+DSrAHd8Dm0XfBEAtVtJSn70GaPZgnLMw1rk5ap2DsEoWk=";
+};
diff --git a/bin/tests/system/dnssec/ns6/named.conf b/bin/tests/system/dnssec/ns6/named.conf
new file mode 100644
index 0000000..eb35680
--- /dev/null
+++ b/bin/tests/system/dnssec/ns6/named.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.12 2007/06/18 23:47:28 tbox Exp $ */
+
+// NS6
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.6;
+ notify-source 10.53.0.6;
+ transfer-source 10.53.0.6;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.6; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+ disable-algorithms . { DSA; };
+ dnssec-enable yes;
+ dnssec-validation yes;
+ dnssec-lookaside . trust-anchor dlv;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns7/named.conf b/bin/tests/system/dnssec/ns7/named.conf
new file mode 100644
index 0000000..0b5ce89
--- /dev/null
+++ b/bin/tests/system/dnssec/ns7/named.conf
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.3 2008/09/25 04:02:38 tbox Exp $ */
+
+// NS3
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.7;
+ notify-source 10.53.0.7;
+ transfer-source 10.53.0.7;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.7; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "nsec3.example" {
+ type slave;
+ masters { 10.53.0.3; };
+ file "nsec3.example.bk";
+};
+
+zone "optout.example" {
+ type slave;
+ masters { 10.53.0.3; };
+ file "optout.example.bk";
+};
+
+zone "nsec3-unknown.example" {
+ type slave;
+ masters { 10.53.0.3; };
+ file "nsec3-unknown.example.bk";
+};
+
+zone "optout-unknown.example" {
+ type slave;
+ masters { 10.53.0.3; };
+ file "optout-unknown.example.bk";
+};
+
+zone "multiple.example" {
+ type slave;
+ masters { 10.53.0.3; };
+ file "multiple.example.bk";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/dnssec/prereq.sh b/bin/tests/system/dnssec/prereq.sh
new file mode 100644
index 0000000..8d724f9
--- /dev/null
+++ b/bin/tests/system/dnssec/prereq.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: prereq.sh,v 1.10 2007/06/19 23:47:02 tbox Exp $
+
+../../genrandom 400 random.data
+
+if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
+then
+ rm -f Kfoo*
+else
+ echo "I:This test requires that --with-openssl was used." >&2
+ exit 1
+fi
diff --git a/bin/tests/system/dnssec/setup.sh b/bin/tests/system/dnssec/setup.sh
new file mode 100644
index 0000000..43a6c76
--- /dev/null
+++ b/bin/tests/system/dnssec/setup.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.14 2007/06/19 23:47:02 tbox Exp $
+
+../../genrandom 400 random.data
+
+cd ns1 && sh sign.sh
+
+echo "a.bogus.example. A 10.0.0.22" >>../ns3/bogus.example.db.signed
+
+cd ../ns5 && cp -f trusted.conf.bad trusted.conf
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
new file mode 100644
index 0000000..57faa63
--- /dev/null
+++ b/bin/tests/system/dnssec/tests.sh
@@ -0,0 +1,834 @@
+#!/bin/sh
+#
+# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.53 2008/09/25 04:02:38 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+rm -f dig.out.*
+
+DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
+
+# Check the example. domain
+
+echo "I:checking that zone transfer worked ($n)"
+ret=0
+$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns3.test$n || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking positive validation NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking positive validation NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.nsec3.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.nsec3.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking positive validation OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking positive wildcard validation NSEC ($n)"
+ret=0
+$DIG $DIGOPTS a.wild.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS a.wild.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking positive wildcard validation NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking positive wildcard validation OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS a.wild.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS a.wild.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative validation NXDOMAIN NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative validation NXDOMAIN NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth q.nsec3.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth q.nsec3.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative validation NXDOMAIN OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth q.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth q.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative validation NODATA NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative validation NODATA NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.nsec3.example. \
+ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.nsec3.example. \
+ @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative validation NODATA OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.optout.example. \
+ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.optout.example. \
+ @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative wildcard validation NSEC ($n)"
+ret=0
+$DIG $DIGOPTS b.wild.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS b.wild.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative wildcard validation NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS b.wild.nsec3.example. @10.53.0.3 txt > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS b.wild.nsec3.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking negative wildcard validation OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS b.wild.optout.example. \
+ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS b.wild.optout.example. \
+ @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check the insecure.example domain
+
+echo "I:checking 1-server insecurity proof NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server insecurity proof NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.insecure.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.insecure.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server insecurity proof OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.insecure.optout.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.insecure.optout.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server negative insecurity proof NSEC ($n)"
+ret=0
+$DIG $DIGOPTS q.insecure.example. a @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS q.insecure.example. a @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server negative insecurity proof NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS q.insecure.nsec3.example. a @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS q.insecure.nsec3.example. a @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server negative insecurity proof OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS q.insecure.optout.example. a @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS q.insecure.optout.example. a @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server negative insecurity proof with SOA hack NSEC ($n)"
+ret=0
+$DIG $DIGOPTS r.insecure.example. soa @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS r.insecure.example. soa @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server negative insecurity proof with SOA hack NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS r.insecure.nsec3.example. soa @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS r.insecure.nsec3.example. soa @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 1-server negative insecurity proof with SOA hack OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS r.insecure.optout.example. soa @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS r.insecure.optout.example. soa @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check the secure.example domain
+
+echo "I:checking multi-stage positive validation NSEC/NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.secure.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.secure.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation NSEC/NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.nsec3.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.nsec3.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation NSEC/OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation NSEC3/NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.secure.nsec3.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.secure.nsec3.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation NSEC3/NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation NSEC3/OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.optout.nsec3.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.optout.nsec3.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation OPTOUT/NSEC ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.secure.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.secure.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation OPTOUT/NSEC3 ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.nsec3.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.nsec3.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking multi-stage positive validation OPTOUT/OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.optout.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.optout.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking empty NODATA OPTOUT ($n)"
+ret=0
+$DIG $DIGOPTS +noauth empty.optout.example. \
+ @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth empty.optout.example. \
+ @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+#grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check the bogus domain
+
+echo "I:checking failed validation ($n)"
+ret=0
+$DIG $DIGOPTS a.bogus.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Try validating with a bad trusted key.
+# This should fail.
+
+echo "I:checking that validation fails with a misconfigured trusted key ($n)"
+ret=0
+$DIG $DIGOPTS example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that negative validation fails with a misconfigured trusted key ($n)"
+ret=0
+$DIG $DIGOPTS example. ptr @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that insecurity proofs fail with a misconfigured trusted key ($n)"
+ret=0
+$DIG $DIGOPTS a.insecure.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that validation fails when key record is missing ($n)"
+ret=0
+$DIG $DIGOPTS a.b.keyless.example. a @10.53.0.4 > dig.out.ns4.test$n || ret=1
+grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check the insecure.secure.example domain (insecurity proof)
+
+echo "I:checking 2-server insecurity proof ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.2 a \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.4 a \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check a negative response in insecure.secure.example
+
+echo "I:checking 2-server insecurity proof with a negative answer ($n)"
+ret=0
+$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
+ || ret=1
+$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
+ || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking 2-server insecurity proof with a negative answer and SOA hack ($n)"
+ret=0
+$DIG $DIGOPTS r.insecure.secure.example. @10.53.0.2 soa > dig.out.ns2.test$n \
+ || ret=1
+$DIG $DIGOPTS r.insecure.secure.example. @10.53.0.4 soa > dig.out.ns4.test$n \
+ || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check that the query for a security root is successful and has ad set
+
+echo "I:checking security root query ($n)"
+ret=0
+$DIG $DIGOPTS . @10.53.0.4 key > dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check that the setting the cd bit works
+
+echo "I:checking cd bit on a positive answer ($n)"
+ret=0
+$DIG $DIGOPTS +noauth example. soa @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth +cdflag example. soa @10.53.0.5 \
+ > dig.out.ns5.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking cd bit on a negative answer ($n)"
+ret=0
+$DIG $DIGOPTS q.example. soa @10.53.0.4 > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +cdflag q.example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking cd bit on a query that should fail ($n)"
+ret=0
+$DIG $DIGOPTS a.bogus.example. soa @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +cdflag a.bogus.example. soa @10.53.0.5 \
+ > dig.out.ns5.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking cd bit on an insecurity proof ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.insecure.example. soa @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth +cdflag a.insecure.example. soa @10.53.0.5 \
+ > dig.out.ns5.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - these are looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking cd bit on a negative insecurity proof ($n)"
+ret=0
+$DIG $DIGOPTS q.insecure.example. a @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +cdflag q.insecure.example. a @10.53.0.5 \
+ > dig.out.ns5.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - these are looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that validation of an ANY query works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth foo.example. any @10.53.0.2 > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth foo.example. any @10.53.0.4 > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# 2 records in the zone, 1 NXT, 3 SIGs
+grep "ANSWER: 6" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that validation of a query returning a CNAME works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth cname1.example. txt @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth cname1.example. txt @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# the CNAME & its sig, the TXT and its SIG
+grep "ANSWER: 4" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that validation of a query returning a DNAME works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth foo.dname1.example. txt @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth foo.dname1.example. txt @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# The DNAME & its sig, the TXT and its SIG, and the synthesized CNAME.
+# It would be nice to test that the CNAME is being synthesized by the
+# recursive server and not cached, but I don't know how.
+grep "ANSWER: 5" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that validation of an ANY query returning a CNAME works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth cname2.example. any @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth cname2.example. any @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# The CNAME, NXT, and their SIGs
+grep "ANSWER: 4" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that validation of an ANY query returning a DNAME works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth foo.dname2.example. any @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth foo.dname2.example. any @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that positive validation in a privately secure zone works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that negative validation in a privately secure zone works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that lookups succeed after disabling a algorithm works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth example. SOA @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth example. SOA @10.53.0.6 \
+ > dig.out.ns6.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns6.test$n || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking privately secure to nxdomain works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking privately secure wildcard to nxdomain works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.wild.private.secure.example. SOA @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.wild.private.secure.example. SOA @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
+# Note - this is looking for failure, hence the &&
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+#
+# private.secure.example is served by the same server as its
+# grand parent and there is not a secure delegation from secure.example
+# to private.secure.example. In addition secure.example is using a
+# algorithm which the validation does not support.
+#
+echo "I:checking dnssec-lookaside-validation works ($n)"
+ret=0
+$DIG $DIGOPTS private.secure.example. SOA @10.53.0.6 \
+ > dig.out.ns6.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that we can load a rfc2535 signed zone ($n)"
+ret=0
+$DIG $DIGOPTS rfc2535.example. SOA @10.53.0.2 \
+ > dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that we can transfer a rfc2535 signed zone ($n)"
+ret=0
+$DIG $DIGOPTS rfc2535.example. SOA @10.53.0.3 \
+ > dig.out.ns3.test$n || ret=1
+grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Run a minimal update test if possible. This is really just
+# a regression test for RT #2399; more tests should be added.
+
+if $PERL -e 'use Net::DNS;' 2>/dev/null
+then
+ echo "I:running DNSSEC update test"
+ $PERL dnssec_update_test.pl -s 10.53.0.3 -p 5300 dynamic.example. || status=1
+else
+ echo "I:The DNSSEC update test requires the Net::DNS library." >&2
+fi
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/forward/clean.sh b/bin/tests/system/forward/clean.sh
new file mode 100644
index 0000000..b227745
--- /dev/null
+++ b/bin/tests/system/forward/clean.sh
@@ -0,0 +1,22 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:43 marka Exp $
+
+#
+# Clean up after forward tests.
+#
+rm -f dig.out.*
+rm -f */named.memstats
diff --git a/bin/tests/system/forward/ns1/example.db b/bin/tests/system/forward/ns1/example.db
new file mode 100644
index 0000000..ebbc2ae
--- /dev/null
+++ b/bin/tests/system/forward/ns1/example.db
@@ -0,0 +1,12 @@
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+txt TXT "recursed"
diff --git a/bin/tests/system/forward/ns1/named.conf b/bin/tests/system/forward/ns1/named.conf
new file mode 100644
index 0000000..8c3fcfa
--- /dev/null
+++ b/bin/tests/system/forward/ns1/named.conf
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "example1." {
+ type master;
+ file "example.db";
+};
+
+zone "example2." {
+ type master;
+ file "example.db";
+};
+
+zone "example3." {
+ type master;
+ file "example.db";
+};
+
+zone "example4." {
+ type master;
+ file "example.db";
+};
+
+zone "example5." {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/forward/ns1/root.db b/bin/tests/system/forward/ns1/root.db
new file mode 100644
index 0000000..e84e8fb
--- /dev/null
+++ b/bin/tests/system/forward/ns1/root.db
@@ -0,0 +1,36 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns2/example.db b/bin/tests/system/forward/ns2/example.db
new file mode 100644
index 0000000..3a5f46c
--- /dev/null
+++ b/bin/tests/system/forward/ns2/example.db
@@ -0,0 +1,12 @@
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+txt TXT "forwarded"
diff --git a/bin/tests/system/forward/ns2/named.conf b/bin/tests/system/forward/ns2/named.conf
new file mode 100644
index 0000000..d310bf2
--- /dev/null
+++ b/bin/tests/system/forward/ns2/named.conf
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "example1." {
+ type master;
+ file "example.db";
+};
+
+zone "example2." {
+ type master;
+ file "example.db";
+};
+
+zone "example3." {
+ type master;
+ file "example.db";
+};
+
+zone "example4." {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/forward/ns2/root.db b/bin/tests/system/forward/ns2/root.db
new file mode 100644
index 0000000..e84e8fb
--- /dev/null
+++ b/bin/tests/system/forward/ns2/root.db
@@ -0,0 +1,36 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns3/named.conf b/bin/tests/system/forward/ns3/named.conf
new file mode 100644
index 0000000..459c349
--- /dev/null
+++ b/bin/tests/system/forward/ns3/named.conf
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ forwarders { 10.53.0.2; };
+ forward first;
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "example1." {
+ type forward;
+ forward first;
+ forwarders { 10.53.0.2; };
+};
+
+zone "example2." {
+ type forward;
+ forward first;
+ forwarders { };
+};
+
+zone "example3." {
+ type forward;
+ forward only;
+ forwarders { };
+};
+
diff --git a/bin/tests/system/forward/ns3/root.db b/bin/tests/system/forward/ns3/root.db
new file mode 100644
index 0000000..e84e8fb
--- /dev/null
+++ b/bin/tests/system/forward/ns3/root.db
@@ -0,0 +1,36 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns4/named.conf b/bin/tests/system/forward/ns4/named.conf
new file mode 100644
index 0000000..f817b8a
--- /dev/null
+++ b/bin/tests/system/forward/ns4/named.conf
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.4;
+ notify-source 10.53.0.4;
+ transfer-source 10.53.0.4;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "example1." {
+ type forward;
+ forward first;
+ forwarders { 10.53.0.2; };
+};
+
+zone "example3." {
+ type forward;
+ forwarders { 10.53.0.2; };
+};
+
+zone "example5." {
+ type forward;
+ forward only;
+ forwarders { 10.53.0.2; };
+};
diff --git a/bin/tests/system/forward/ns4/root.db b/bin/tests/system/forward/ns4/root.db
new file mode 100644
index 0000000..e84e8fb
--- /dev/null
+++ b/bin/tests/system/forward/ns4/root.db
@@ -0,0 +1,36 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh
new file mode 100644
index 0000000..c3c0bf3
--- /dev/null
+++ b/bin/tests/system/forward/tests.sh
@@ -0,0 +1,92 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.7 2007/06/19 23:47:03 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+root=10.53.0.1
+hidden=10.53.0.2
+f1=10.53.0.3
+f2=10.53.0.4
+
+status=0
+
+echo "I:checking that a forward zone overrides global forwarders"
+ret=0
+$DIG txt.example1. txt @$hidden -p 5300 > dig.out.hidden || ret=1
+$DIG txt.example1. txt @$f1 -p 5300 > dig.out.f1 || ret=1
+$PERL ../digcomp.pl dig.out.hidden dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that a forward first zone no forwarders recurses"
+ret=0
+$DIG txt.example2. txt @$root -p 5300 > dig.out.root || ret=1
+$DIG txt.example2. txt @$f1 -p 5300 > dig.out.f1 || ret=1
+$PERL ../digcomp.pl dig.out.root dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that a forward only zone no forwarders fails"
+ret=0
+$DIG txt.example2. txt @$root -p 5300 > dig.out.root || ret=1
+$DIG txt.example2. txt @$f1 -p 5300 > dig.out.f1 || ret=1
+$PERL ../digcomp.pl dig.out.root dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that global forwarders work"
+ret=0
+$DIG txt.example4. txt @$hidden -p 5300 > dig.out.hidden || ret=1
+$DIG txt.example4. txt @$f1 -p 5300 > dig.out.f1 || ret=1
+$PERL ../digcomp.pl dig.out.hidden dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that a forward zone works"
+ret=0
+$DIG txt.example1. txt @$hidden -p 5300 > dig.out.hidden || ret=1
+$DIG txt.example1. txt @$f2 -p 5300 > dig.out.f2 || ret=1
+$PERL ../digcomp.pl dig.out.hidden dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that forwarding doesn't spontaneously happen"
+ret=0
+$DIG txt.example2. txt @$root -p 5300 > dig.out.root || ret=1
+$DIG txt.example2. txt @$f2 -p 5300 > dig.out.f2 || ret=1
+$PERL ../digcomp.pl dig.out.root dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that a forward zone with no specified policy works"
+ret=0
+$DIG txt.example3. txt @$hidden -p 5300 > dig.out.hidden || ret=1
+$DIG txt.example3. txt @$f2 -p 5300 > dig.out.f2 || ret=1
+$PERL ../digcomp.pl dig.out.hidden dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking that a forward only doesn't recurse"
+ret=0
+$DIG txt.example5. txt @$f2 -p 5300 > dig.out.f2 || ret=1
+grep "SERVFAIL" dig.out.f2 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh
new file mode 100644
index 0000000..bea95e8
--- /dev/null
+++ b/bin/tests/system/genzone.sh
@@ -0,0 +1,267 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: genzone.sh,v 1.8 2007/06/19 23:47:00 tbox Exp $
+
+#
+# Set up a test zone
+#
+# Usage: genzone.sh master-server-number slave-server-number...
+#
+# e.g., "genzone.sh 2 3 4" means ns2 is the master and ns3, ns4
+# are slaves.
+#
+
+master="$1"
+
+cat <<EOF
+\$TTL 3600
+
+@ 86400 IN SOA ns${master} hostmaster (
+ 1397051952 ; "SER0"
+ 5
+ 5
+ 1814400
+ 3600 )
+EOF
+
+for n
+do
+ cat <<EOF
+@ NS ns${n}
+ns${n} A 10.53.0.${n}
+EOF
+done
+
+cat <<\EOF
+
+; type 1
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+
+; type 2
+; see NS records at top of file
+
+; type 3
+; md01 MD madname
+; MD .
+
+; type 4
+; mf01 MF madname
+; mf01 MF .
+
+; type 5
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+
+; type 6
+; see SOA record at top of file
+
+; type 7
+mb01 MG madname
+mb02 MG .
+
+; type 8
+mg01 MG mgmname
+mg02 MG .
+
+; type 9
+mr01 MR mrname
+mr02 MR .
+
+; type 10
+; NULL RRs are not allowed in master files per RFC1035.
+;null01 NULL
+
+; type 11
+wks01 WKS 10.0.0.1 tcp telnet ftp 0 1 2
+wks02 WKS 10.0.0.1 udp domain 0 1 2
+wks03 WKS 10.0.0.2 tcp 65535
+
+; type 12
+ptr01 PTR @
+
+; type 13
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO PC NetBSD
+
+; type 14
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+
+; type 15
+mx01 MX 10 mail
+mx02 MX 10 .
+
+; type 16
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT foo
+txt04 TXT foo bar
+txt05 TXT "foo bar"
+txt06 TXT "foo\032bar"
+txt07 TXT foo\032bar
+txt08 TXT "foo\010bar"
+txt09 TXT foo\010bar
+txt10 TXT foo\ bar
+txt11 TXT "\"foo\""
+txt12 TXT \"foo\"
+
+; type 17
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+
+; type 18
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+
+; type 19
+x2501 X25 123456789
+;x2502 X25 "123456789"
+
+; type 20
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN isdn-address
+isdn04 ISDN isdn-address subaddress
+
+; type 21
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+
+; type 22
+nsap01 NSAP (
+ 0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00 )
+nsap02 NSAP (
+ 0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00. )
+;nsap03 NSAP 0x
+
+; type 23
+nsap-ptr01 NSAP-PTR foo.
+nsap-ptr01 NSAP-PTR .
+
+; type 24
+;sig01 SIG NXT 1 3 ( 3600 20000102030405
+; 19961211100908 2143 foo.nil.
+; MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45I
+; kskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1t
+; VfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= )
+
+; type 25
+;key01 KEY 512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
+; 9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
+; sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
+; a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
+
+; type 26
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+
+; type 27
+gpos01 GPOS -22.6882 116.8652 250.0
+gpos02 GPOS "" "" ""
+
+; type 29
+loc01 LOC 60 9 N 24 39 E 10 20 2000 20
+loc02 LOC 60 09 00.000 N 24 39 00.000 E 10.00m 20.00m (
+ 2000.00m 20.00m )
+
+; type 30
+;nxt01 NXT a.secure.nil. ( NS SOA MX RRSIG KEY LOC NXT )
+;nxt02 NXT . NXT NSAP-PTR
+;nxt03 NXT . 1
+;nxt04 NXT . 127
+
+; type 33
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box
+
+; type 35
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 blurgh blorf blegh foo.
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+
+; type 36
+kx01 KX 10 kdc
+kx02 KX 10 .
+
+; type 37
+cert01 CERT 65534 65535 254 (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45I
+ kskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1t
+ VfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= )
+; type 38
+a601 A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+a601 A6 64 ::ffff:ffff:ffff:ffff foo.
+a601 A6 127 ::1 foo.
+a601 A6 128 .
+
+; type 39
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+
+; type 41
+; OPT is a meta-type and should never occur in master files.
+
+; type 46
+rrsig01 RRSIG NSEC 1 3 ( 3600 20000102030405
+ 19961211100908 2143 foo.nil.
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45I
+ kskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1t
+ VfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= )
+
+; type 47
+nsec01 NSEC a.secure.nil. ( NS SOA MX RRSIG DNSKEY LOC NSEC )
+nsec02 NSEC . NSEC NSAP-PTR
+nsec03 NSEC . TYPE1
+nsec04 NSEC . TYPE127
+
+; type 48
+dnskey01 DNSKEY 512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
+ 9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
+ sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
+ a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
+
+; type 249
+; TKEY is a meta-type and should never occur in master files.
+; The text representation is not specified in the draft.
+; This example was written based on the bind9 RR parsing code.
+;tkey01 TKEY 928321914 928321915 (
+; 255 ; algorithm
+; 65535 ; mode
+; 0 ; error
+; 3 ; key size
+; aaaa ; key data
+; 3 ; other size
+; bbbb ; other data
+; )
+;; A TKEY with empty "other data"
+;tkey02 TKEY 928321914 928321915 (
+; 255 ; algorithm
+; 65535 ; mode
+; 0 ; error
+; 3 ; key size
+; aaaa ; key data
+; 0 ; other size
+; ; other data
+; )
+
+; type 255
+; TSIG is a meta-type and should never occur in master files.
+EOF
diff --git a/bin/tests/system/glue/clean.sh b/bin/tests/system/glue/clean.sh
new file mode 100644
index 0000000..a3bc740
--- /dev/null
+++ b/bin/tests/system/glue/clean.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.9 2007/09/26 03:22:43 marka Exp $
+
+#
+# Clean up after glue tests.
+#
+
+rm -f dig.out ns1/cache
+rm -f */named.memstats
diff --git a/bin/tests/system/glue/fi.good b/bin/tests/system/glue/fi.good
new file mode 100644
index 0000000..a08bc7a
--- /dev/null
+++ b/bin/tests/system/glue/fi.good
@@ -0,0 +1,27 @@
+
+; <<>> DiG 9.0 <<>> +norec @10.53.0.1 -p 5300 foo.bar.fi. A
+;; global options: printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58772
+;; flags: qr ad; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
+
+;; QUESTION SECTION:
+;foo.bar.fi. IN A
+
+;; AUTHORITY SECTION:
+fi. 172800 IN NS NS.EU.NET.
+fi. 172800 IN NS NS.TELE.fi.
+fi. 172800 IN NS PRIFI.EUNET.fi.
+fi. 172800 IN NS NS.UU.NET.
+fi. 172800 IN NS T.NS.VERIO.NET.
+fi. 172800 IN NS HYDRA.HELSINKI.fi.
+
+;; ADDITIONAL SECTION:
+NS.TELE.fi. 172800 IN A 193.210.19.19
+NS.TELE.fi. 172800 IN A 193.210.18.18
+PRIFI.EUNET.fi. 172800 IN A 193.66.1.146
+NS.UU.NET. 172800 IN A 137.39.1.3
+T.NS.VERIO.NET. 172800 IN A 192.67.14.16
+HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29
+NS.EU.NET. 172800 IN A 192.16.202.11
+
diff --git a/bin/tests/system/glue/noglue.good b/bin/tests/system/glue/noglue.good
new file mode 100644
index 0000000..22eca7b
--- /dev/null
+++ b/bin/tests/system/glue/noglue.good
@@ -0,0 +1,14 @@
+
+; <<>> DiG 9.0 <<>> @10.53.0.1 -p 5300 example.net a
+;; global options: printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29409
+;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
+
+;; QUESTION SECTION:
+;example.net. IN A
+
+;; AUTHORITY SECTION:
+example.net. 300 IN NS ns2.example.
+example.net. 300 IN NS ns1.example.
+
diff --git a/bin/tests/system/glue/ns1/cache.in b/bin/tests/system/glue/ns1/cache.in
new file mode 100644
index 0000000..4ccd206
--- /dev/null
+++ b/bin/tests/system/glue/ns1/cache.in
@@ -0,0 +1,23 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: cache.in,v 1.4 2007/06/19 23:47:03 tbox Exp $
+
+; Preloaded cache data for glue test
+
+$TTL 86400
+ns.zz. 3600 IN A 10.0.0.1
+ns.zz. IN AAAA 10::1
+ns.zz. IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
diff --git a/bin/tests/system/glue/ns1/mil.db b/bin/tests/system/glue/ns1/mil.db
new file mode 100644
index 0000000..6e90da8
--- /dev/null
+++ b/bin/tests/system/glue/ns1/mil.db
@@ -0,0 +1,31 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: mil.db,v 1.8 2007/06/19 23:47:03 tbox Exp $
+
+$ORIGIN mil.
+$TTL 300
+@ IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+@ NS a.root-servers.nil.
+
+ARL.MIL. 172800 IN NS NS1.ARL.MIL.
+NS1.arl.mil. 172800 IN A 128.63.16.4
+
diff --git a/bin/tests/system/glue/ns1/named.conf b/bin/tests/system/glue/ns1/named.conf
new file mode 100644
index 0000000..00a740f
--- /dev/null
+++ b/bin/tests/system/glue/ns1/named.conf
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.15 2007/06/19 23:47:03 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+ cache-file "cache";
+ check-integrity no;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "root-servers.nil" {
+ type master;
+ file "root-servers.nil.db";
+};
+zone "net" {
+ type master;
+ file "net.db";
+};
+
+zone "mil" {
+ type master;
+ file "mil.db";
+};
diff --git a/bin/tests/system/glue/ns1/net.db b/bin/tests/system/glue/ns1/net.db
new file mode 100644
index 0000000..e0e718d
--- /dev/null
+++ b/bin/tests/system/glue/ns1/net.db
@@ -0,0 +1,40 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: net.db,v 1.8 2007/06/19 23:47:03 tbox Exp $
+
+$ORIGIN net.
+$TTL 300
+@ IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+@ NS a.root-servers.nil.
+
+; FI. authoritative servers, for the FI. glue test.
+uu.net. NS ns.uu.net.
+NS.UU.NET. 172800 IN A 137.39.1.3
+eu.net. NS ns.eu.net.
+NS.EU.NET. 172800 IN A 192.16.202.11
+
+; Referral outside of server authority, but with glue records present.
+; Don't hand out the glue.
+example.net. NS ns1.example.
+example.net. NS ns2.example.
+ns1.example. 172800 IN A 1.1.1.1
+ns2.example. 172800 IN A 2.2.2.2
diff --git a/bin/tests/system/glue/ns1/root-servers.nil.db b/bin/tests/system/glue/ns1/root-servers.nil.db
new file mode 100644
index 0000000..6c4c0c6
--- /dev/null
+++ b/bin/tests/system/glue/ns1/root-servers.nil.db
@@ -0,0 +1,31 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root-servers.nil.db,v 1.7 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+@ IN SOA ns hostmaster (
+ 1
+ 3600
+ 1800
+ 1814400
+ 3600
+ )
+ NS a
+a A 10.53.0.1
+b A 10.53.0.2
+
+
+
diff --git a/bin/tests/system/glue/ns1/root.db b/bin/tests/system/glue/ns1/root.db
new file mode 100644
index 0000000..679c432
--- /dev/null
+++ b/bin/tests/system/glue/ns1/root.db
@@ -0,0 +1,76 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.7 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+
+root-servers.nil. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+; Delegate some domains that contain name servers for the sample
+; ccTLDs below.
+net. 172800 IN NS a.root-servers.nil.
+mil. 172800 IN NS a.root-servers.nil.
+se. 172800 IN NS ns.uu.net.
+
+;
+; A sample ccTLD
+;
+fi. 172800 IN NS NS.TELE.fi.
+fi. 172800 IN NS PRIFI.EUNET.fi.
+fi. 172800 IN NS NS.UU.NET.
+fi. 172800 IN NS T.NS.VERIO.NET.
+fi. 172800 IN NS HYDRA.HELSINKI.fi.
+fi. 172800 IN NS NS.EU.NET.
+NS.TELE.fi. 172800 IN A 193.210.18.18
+NS.TELE.fi. 172800 IN A 193.210.19.19
+PRIFI.EUNET.fi. 172800 IN A 193.66.1.146
+NS.UU.NET. 172800 IN A 137.39.1.3
+T.NS.VERIO.NET. 172800 IN A 192.67.14.16
+HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29
+NS.EU.NET. 172800 IN A 192.16.202.11
+
+;
+; Another sample ccTLD
+;
+is. 172800 IN NS ISGATE.is.
+is. 172800 IN NS NISC.JVNC.NET.
+is. 172800 IN NS NS.EU.NET.
+is. 172800 IN NS SPARKY.ARL.MIL.
+is. 172800 IN NS SUNIC.SUNET.SE.
+ISGATE.is. 172800 IN A 193.4.58.51
+NISC.JVNC.NET. 172800 IN A 128.121.50.7
+NS.EU.NET. 172800 IN A 192.16.202.11
+SPARKY.ARL.MIL. 172800 IN A 128.63.58.18
+SUNIC.SUNET.SE. 172800 IN A 192.36.125.2
+
+;
+; A hypothetical ccTLD where we are authoritative for the NS glue.
+;
+xx. 172800 IN NS b.root-servers.nil.
+
+;
+; A hypothetical ccTLD where we have cached NS glue.
+;
+yy. 172800 IN NS ns.zz.
diff --git a/bin/tests/system/glue/setup.sh b/bin/tests/system/glue/setup.sh
new file mode 100644
index 0000000..2dbbe03
--- /dev/null
+++ b/bin/tests/system/glue/setup.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.6 2007/06/19 23:47:03 tbox Exp $
+
+cd ns1 && cp -f cache.in cache
diff --git a/bin/tests/system/glue/tests.sh b/bin/tests/system/glue/tests.sh
new file mode 100644
index 0000000..3ecf701
--- /dev/null
+++ b/bin/tests/system/glue/tests.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.9 2007/06/19 23:47:03 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+#
+# Do glue tests.
+#
+
+status=0
+
+echo "I:testing that a ccTLD referral gets a full glue set from the root zone"
+$DIG +norec @10.53.0.1 -p 5300 foo.bar.fi. A >dig.out || status=1
+$PERL ../digcomp.pl fi.good dig.out || status=1
+
+echo "I:testing that we find glue A RRs we are authoritative for"
+$DIG +norec @10.53.0.1 -p 5300 foo.bar.xx. a >dig.out || status=1
+$PERL ../digcomp.pl xx.good dig.out || status=1
+
+echo "I:testing that we find glue A/AAAA RRs in the cache"
+$DIG +norec @10.53.0.1 -p 5300 foo.bar.yy. a >dig.out || status=1
+$PERL ../digcomp.pl yy.good dig.out || status=1
+
+echo "I:testing that we don't find out-of-zone glue"
+$DIG +norec @10.53.0.1 -p 5300 example.net. a > dig.out || status=1
+$PERL ../digcomp.pl noglue.good dig.out || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/glue/xx.good b/bin/tests/system/glue/xx.good
new file mode 100644
index 0000000..19ae1d7
--- /dev/null
+++ b/bin/tests/system/glue/xx.good
@@ -0,0 +1,16 @@
+
+; <<>> DiG 9.0 <<>> +norec @10.53.0.1 -p 5300 foo.bar.xx. a
+;; global options: printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41239
+;; flags: qr ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
+
+;; QUESTION SECTION:
+;foo.bar.xx. IN A
+
+;; AUTHORITY SECTION:
+xx. 172800 IN NS b.root-servers.nil.
+
+;; ADDITIONAL SECTION:
+b.root-servers.nil. 300 IN A 10.53.0.2
+
diff --git a/bin/tests/system/glue/yy.good b/bin/tests/system/glue/yy.good
new file mode 100644
index 0000000..fd97e3d
--- /dev/null
+++ b/bin/tests/system/glue/yy.good
@@ -0,0 +1,17 @@
+
+; <<>> DiG 9.0 <<>> +norec @10.53.0.1 -p 5300 foo.bar.yy. a
+;; global options: printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6172
+;; flags: qr ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 3
+
+;; QUESTION SECTION:
+;foo.bar.yy. IN A
+
+;; AUTHORITY SECTION:
+yy. 172800 IN NS ns.zz.
+
+;; ADDITIONAL SECTION:
+ns.zz. 3463 IN A 10.0.0.1
+ns.zz. 86263 IN AAAA 10::1
+
diff --git a/bin/tests/system/ifconfig.sh b/bin/tests/system/ifconfig.sh
new file mode 100755
index 0000000..779d6f9
--- /dev/null
+++ b/bin/tests/system/ifconfig.sh
@@ -0,0 +1,189 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: ifconfig.sh,v 1.55 2008/09/24 02:46:21 marka Exp $
+
+#
+# Set up interface aliases for bind9 system tests.
+#
+
+config_guess=""
+for f in ./config.guess ../../../config.guess
+do
+ if test -f $f
+ then
+ config_guess=$f
+ fi
+done
+
+if test "X$config_guess" = "X"
+then
+ echo <<EOF >&2
+$0: must be run from the top level source directory or the
+bin/tests/system directory
+EOF
+ exit 1
+fi
+
+# If running on hp-ux, don't even try to run config.guess.
+# It will try to create a temporary file in the current directory,
+# which fails when running as root with the current directory
+# on a NFS mounted disk.
+
+case `uname -a` in
+ *HP-UX*) sys=hpux ;;
+ *) sys=`sh $config_guess` ;;
+esac
+
+case "$2" in
+[0-9]|[1-9][0-9]|[1-9][0-9][0-9]) base=$2;;
+*) base=""
+esac
+
+case "$1" in
+
+ start|up)
+ for ns in 1 2 3 4 5 6 7
+ do
+ if test -n "$base"
+ then
+ int=`expr $ns + $base - 1`
+ else
+ int=$ns
+ fi
+ case "$sys" in
+ *-pc-solaris2.5.1)
+ ifconfig lo0:$int 10.53.0.$ns netmask 0xffffffff up
+ ;;
+ *-sun-solaris2.[6-7])
+ ifconfig lo0:$int 10.53.0.$ns netmask 0xffffffff up
+ ;;
+ *-*-solaris2.[8-9]|*-*-solaris2.1[0-9])
+ /sbin/ifconfig lo0:$int plumb
+ /sbin/ifconfig lo0:$int 10.53.0.$ns up
+ ;;
+ *-*-linux*)
+ ifconfig lo:$int 10.53.0.$ns up netmask 255.255.255.0
+ ;;
+ *-unknown-freebsd*)
+ ifconfig lo0 10.53.0.$ns alias netmask 0xffffffff
+ ;;
+ *-unknown-netbsd*)
+ ifconfig lo0 10.53.0.$ns alias netmask 255.255.255.0
+ ;;
+ *-unknown-openbsd*)
+ ifconfig lo0 10.53.0.$ns alias netmask 255.255.255.0
+ ;;
+ *-*-bsdi[3-5].*)
+ ifconfig lo0 add 10.53.0.$ns netmask 255.255.255.0
+ ;;
+ *-dec-osf[4-5].*)
+ ifconfig lo0 alias 10.53.0.$ns
+ ;;
+ *-sgi-irix6.*)
+ ifconfig lo0 alias 10.53.0.$ns
+ ;;
+ *-*-sysv5uw7*|*-*-sysv*UnixWare*|*-*-sysv*OpenUNIX*)
+ ifconfig lo0 10.53.0.$ns alias netmask 0xffffffff
+ ;;
+ *-ibm-aix4.*|*-ibm-aix5.*)
+ ifconfig lo0 alias 10.53.0.$ns
+ ;;
+ hpux)
+ ifconfig lo0:$int 10.53.0.$ns up
+ ;;
+ *-sco3.2v*)
+ ifconfig lo0 alias 10.53.0.$ns
+ ;;
+ *-darwin*)
+ ifconfig lo0 alias 10.53.0.$ns
+ ;;
+ *)
+ echo "Don't know how to set up interface. Giving up."
+ exit 1
+ esac
+ done
+ ;;
+
+ stop|down)
+ for ns in 7 6 5 4 3 2 1
+ do
+ if test -n "$base"
+ then
+ int=`expr $ns + $base - 1`
+ else
+ int=$ns
+ fi
+ case "$sys" in
+ *-pc-solaris2.5.1)
+ ifconfig lo0:$int 0.0.0.0 down
+ ;;
+ *-sun-solaris2.[6-7])
+ ifconfig lo0:$int 10.53.0.$ns down
+ ;;
+ *-*-solaris2.[8-9]|*-*-solaris2.1[0-9])
+ ifconfig lo0:$int 10.53.0.$ns down
+ ifconfig lo0:$int 10.53.0.$ns unplumb
+ ;;
+ *-*-linux*)
+ ifconfig lo:$int 10.53.0.$ns down
+ ;;
+ *-unknown-freebsd*)
+ ifconfig lo0 10.53.0.$ns delete
+ ;;
+ *-unknown-netbsd*)
+ ifconfig lo0 10.53.0.$ns delete
+ ;;
+ *-unknown-openbsd*)
+ ifconfig lo0 10.53.0.$ns delete
+ ;;
+ *-*-bsdi[3-5].*)
+ ifconfig lo0 remove 10.53.0.$ns
+ ;;
+ *-dec-osf[4-5].*)
+ ifconfig lo0 -alias 10.53.0.$ns
+ ;;
+ *-sgi-irix6.*)
+ ifconfig lo0 -alias 10.53.0.$ns
+ ;;
+ *-*-sysv5uw7*|*-*-sysv*UnixWare*|*-*-sysv*OpenUNIX*)
+ ifconfig lo0 -alias 10.53.0.$ns
+ ;;
+ *-ibm-aix4.*|*-ibm-aix5.*)
+ ifconfig lo0 delete 10.53.0.$ns
+ ;;
+ hpux)
+ ifconfig lo0:$int 10.53.0.$ns down
+ ;;
+ *-sco3.2v*)
+ ifconfig lo0 -alias 10.53.0.$ns
+ ;;
+ *darwin*)
+ ifconfig lo0 -alias 10.53.0.$ns
+ ;;
+ *)
+ echo "Don't know how to destroy interface. Giving up."
+ exit 1
+ esac
+ done
+
+ ;;
+
+ *)
+ echo "Usage: $0 { up | down } [base]"
+ exit 1
+esac
diff --git a/bin/tests/system/ixfr/ans2/ans.pl b/bin/tests/system/ixfr/ans2/ans.pl
new file mode 100644
index 0000000..ef67955
--- /dev/null
+++ b/bin/tests/system/ixfr/ans2/ans.pl
@@ -0,0 +1,157 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: ans.pl,v 1.6 2007/09/24 04:13:25 marka Exp $
+
+#
+# This is the name server from hell. It provides canned
+# responses based on pattern matching the queries, and
+# can be reprogrammed on-the-fly over a TCP connection.
+#
+# The server listens for control connections on port 5301.
+# A control connection is a TCP stream of lines like
+#
+# /pattern/
+# name ttl type rdata
+# name ttl type rdata
+# ...
+# /pattern/
+# name ttl type rdata
+# name ttl type rdata
+# ...
+#
+# There can be any number of patterns, each associated
+# with any number of response RRs. Each pattern is a
+# Perl regular expression.
+#
+# Each incoming query is converted into a string of the form
+# "qname qtype" (the printable query domain name, space,
+# printable query type) and matched against each pattern.
+#
+# The first pattern matching the query is selected, and
+# the RR following the pattern line are sent in the
+# answer section of the response.
+#
+# Each new control connection causes the current set of
+# patterns and responses to be cleared before adding new
+# ones.
+#
+# The server handles UDP and TCP queries. Zone transfer
+# responses work, but must fit in a single 64 k message.
+#
+
+use IO::File;
+use IO::Socket;
+use Net::DNS;
+use Net::DNS::Packet;
+
+my $ctlsock = IO::Socket::INET->new(LocalAddr => "10.53.0.2",
+ LocalPort => 5301, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!";
+
+my $udpsock = IO::Socket::INET->new(LocalAddr => "10.53.0.2",
+ LocalPort => 5300, Proto => "udp", Reuse => 1) or die "$!";
+
+my $tcpsock = IO::Socket::INET->new(LocalAddr => "10.53.0.2",
+ LocalPort => 5300, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!";
+
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
+print $pidf "$$\n" or die "cannot write pid file: $!";
+$pidf->close or die "cannot close pid file: $!";;
+sub rmpid { unlink "ans.pid"; exit 1; };
+
+$SIG{INT} = \&rmpid;
+$SIG{TERM} = \&rmpid;
+
+my @answers = ();
+
+sub handle {
+ my ($buf) = @_;
+
+ my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
+ $err and die $err;
+
+ $packet->header->qr(1);
+ $packet->header->aa(1);
+
+ my @questions = $packet->question;
+ my $qname = $questions[0]->qname;
+ my $qtype = $questions[0]->qtype;
+
+ my $r;
+ foreach $r (@rules) {
+ my $pattern = $r->{pattern};
+ warn "match $qname $qtype == $pattern";
+ if ("$qname $qtype" =~ /$pattern/) {
+ my $a;
+ foreach $a (@{$r->{answer}}) {
+ $packet->push("answer", $a);
+ }
+ last;
+ }
+ }
+
+ # $packet->print;
+
+ return $packet->data;
+}
+
+for (;;) {
+ $rin = '';
+ vec($rin, fileno($ctlsock), 1) = 1;
+ vec($rin, fileno($tcpsock), 1) = 1;
+ vec($rin, fileno($udpsock), 1) = 1;
+
+ select($rout = $rin, undef, undef, undef);
+
+ if (vec($rout, fileno($ctlsock), 1)) {
+ warn "ctl conn";
+ my $conn = $ctlsock->accept;
+ @rules = ();
+ while (my $line = $conn->getline) {
+ chomp $line;
+ if ($line =~ m!^/(.*)/$!) {
+ $rule = { pattern => $1, answer => [] };
+ push(@rules, $rule);
+ } else {
+ push(@{$rule->{answer}},
+ new Net::DNS::RR($line));
+ }
+
+ }
+ $conn->close;
+ } elsif (vec($rout, fileno($udpsock), 1)) {
+ printf "UDP request\n";
+ $udpsock->recv($buf, 512);
+ $response = handle($buf);
+ $udpsock->send($response);
+ } elsif (vec($rout, fileno($tcpsock), 1)) {
+ my $conn = $tcpsock->accept;
+ for (;;) {
+ printf "TCP request\n";
+ my $n = $conn->sysread($lenbuf, 2);
+ last unless $n == 2;
+ my $len = unpack("n", $lenbuf);
+ $n = $conn->sysread($buf, $len);
+ last unless $n == $len;
+ $response = handle($buf);
+ $len = length($response);
+ $n = $conn->syswrite(pack("n", $len), 2);
+ $n = $conn->syswrite($response, $len);
+ }
+ $conn->close;
+ }
+}
diff --git a/bin/tests/system/ixfr/clean.sh b/bin/tests/system/ixfr/clean.sh
new file mode 100644
index 0000000..530f458
--- /dev/null
+++ b/bin/tests/system/ixfr/clean.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:43 marka Exp $
+
+rm -f ns1/named.conf ns1/myftp.db
+rm -f */named.memstats
diff --git a/bin/tests/system/ixfr/prereq.sh b/bin/tests/system/ixfr/prereq.sh
new file mode 100644
index 0000000..aaf349b
--- /dev/null
+++ b/bin/tests/system/ixfr/prereq.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: prereq.sh,v 1.5 2007/06/19 23:47:03 tbox Exp $
+
+if $PERL -e 'use Net::DNS;' 2>/dev/null
+then
+ :
+else
+ echo "I:This test requires the Net::DNS library." >&2
+ exit 1
+fi
diff --git a/bin/tests/system/ixfr/setup.sh b/bin/tests/system/ixfr/setup.sh
new file mode 100644
index 0000000..6e5b8e4
--- /dev/null
+++ b/bin/tests/system/ixfr/setup.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.4 2007/06/19 23:47:03 tbox Exp $
+
+rm -f ns1/*.db ns1/*.jnl
+
+cat <<EOF >ns1/named.conf
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+EOF
diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh
new file mode 100644
index 0000000..109f01e
--- /dev/null
+++ b/bin/tests/system/ixfr/tests.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:03 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
+DIGCMD="$DIG $DIGOPTS @10.53.0.1 -p 5300"
+SENDCMD="$PERL ../send.pl 10.53.0.2 5301"
+RNDCCMD="$RNDC -s 10.53.0.1 -p 9953 -c ../common/rndc.conf"
+
+echo "I:testing initial AXFR"
+
+$SENDCMD <<EOF
+/SOA/
+nil. 300 SOA ns.nil. root.nil. 1 300 300 604800 300
+/AXFR/
+nil. 300 SOA ns.nil. root.nil. 1 300 300 604800 300
+nil. 300 NS ns.nil.
+nil. 300 TXT "initial AXFR"
+a.nil. 60 A 10.0.0.61
+b.nil. 60 A 10.0.0.62
+nil. 300 SOA ns.nil. root.nil. 1 300 300 604800 300
+EOF
+
+sleep 1
+
+# Initially, ns1 is not authoritative for anything (see setup.sh).
+# Now that ans is up and running with the right data, we make it
+# a slave for nil.
+
+cat <<EOF >>ns1/named.conf
+zone "nil" {
+ type slave;
+ file "myftp.db";
+ masters { 10.53.0.2; };
+};
+EOF
+
+$RNDCCMD reload
+
+sleep 2
+
+$DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || {
+ echo "I:failed"
+ status=1
+}
+
+echo "I:testing successful IXFR"
+
+# We change the IP address of a.nil., and the TXT record at the apex.
+# Then we do a SOA-only update.
+
+$SENDCMD <<EOF
+/SOA/
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+/IXFR/
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+nil. 300 SOA ns.nil. root.nil. 1 300 300 604800 300
+a.nil. 60 A 10.0.0.61
+nil. 300 TXT "initial AXFR"
+nil. 300 SOA ns.nil. root.nil. 2 300 300 604800 300
+nil. 300 TXT "successful IXFR"
+a.nil. 60 A 10.0.1.61
+nil. 300 SOA ns.nil. root.nil. 2 300 300 604800 300
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+EOF
+
+sleep 1
+
+$RNDCCMD refresh nil
+
+sleep 2
+
+$DIGCMD nil. TXT | grep 'successful IXFR' >/dev/null || {
+ echo "I:failed"
+ status=1
+}
+
+echo "I:testing AXFR fallback after IXFR failure"
+
+# Provide a broken IXFR response and a working fallback AXFR response
+
+$SENDCMD <<EOF
+/SOA/
+nil. 300 SOA ns.nil. root.nil. 4 300 300 604800 300
+/IXFR/
+nil. 300 SOA ns.nil. root.nil. 4 300 300 604800 300
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+nil. 300 TXT "delete-nonexistent-txt-record"
+nil. 300 SOA ns.nil. root.nil. 4 300 300 604800 300
+nil. 300 TXT "this-txt-record-would-be-added"
+nil. 300 SOA ns.nil. root.nil. 4 300 300 604800 300
+/AXFR/
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+nil. 300 NS ns.nil.
+nil. 300 TXT "fallback AXFR"
+nil. 300 SOA ns.nil. root.nil. 3 300 300 604800 300
+EOF
+
+sleep 1
+
+$RNDCCMD refresh nil
+
+sleep 2
+
+$DIGCMD nil. TXT | grep 'fallback AXFR' >/dev/null || {
+ echo "I:failed"
+ status=1
+}
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/limits/clean.sh b/bin/tests/system/limits/clean.sh
new file mode 100644
index 0000000..bf22607
--- /dev/null
+++ b/bin/tests/system/limits/clean.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.11 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after limits tests.
+#
+rm -f dig.out.*
+rm -f */named.memstats
diff --git a/bin/tests/system/limits/knowngood.dig.out.1000 b/bin/tests/system/limits/knowngood.dig.out.1000
new file mode 100644
index 0000000..3b7e01a
--- /dev/null
+++ b/bin/tests/system/limits/knowngood.dig.out.1000
@@ -0,0 +1,1023 @@
+
+; <<>> DiG 8.2 <<>> 1000.example. @10.53.0.1 a -p
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
+;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1000, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; 1000.example, type = A, class = IN
+
+;; ANSWER SECTION:
+1000.example. 5M IN A 10.0.0.0
+1000.example. 5M IN A 10.0.0.1
+1000.example. 5M IN A 10.0.0.2
+1000.example. 5M IN A 10.0.0.3
+1000.example. 5M IN A 10.0.0.4
+1000.example. 5M IN A 10.0.0.5
+1000.example. 5M IN A 10.0.0.6
+1000.example. 5M IN A 10.0.0.7
+1000.example. 5M IN A 10.0.0.8
+1000.example. 5M IN A 10.0.0.9
+1000.example. 5M IN A 10.0.0.10
+1000.example. 5M IN A 10.0.0.11
+1000.example. 5M IN A 10.0.0.12
+1000.example. 5M IN A 10.0.0.13
+1000.example. 5M IN A 10.0.0.14
+1000.example. 5M IN A 10.0.0.15
+1000.example. 5M IN A 10.0.0.16
+1000.example. 5M IN A 10.0.0.17
+1000.example. 5M IN A 10.0.0.18
+1000.example. 5M IN A 10.0.0.19
+1000.example. 5M IN A 10.0.0.20
+1000.example. 5M IN A 10.0.0.21
+1000.example. 5M IN A 10.0.0.22
+1000.example. 5M IN A 10.0.0.23
+1000.example. 5M IN A 10.0.0.24
+1000.example. 5M IN A 10.0.0.25
+1000.example. 5M IN A 10.0.0.26
+1000.example. 5M IN A 10.0.0.27
+1000.example. 5M IN A 10.0.0.28
+1000.example. 5M IN A 10.0.0.29
+1000.example. 5M IN A 10.0.0.30
+1000.example. 5M IN A 10.0.0.31
+1000.example. 5M IN A 10.0.0.32
+1000.example. 5M IN A 10.0.0.33
+1000.example. 5M IN A 10.0.0.34
+1000.example. 5M IN A 10.0.0.35
+1000.example. 5M IN A 10.0.0.36
+1000.example. 5M IN A 10.0.0.37
+1000.example. 5M IN A 10.0.0.38
+1000.example. 5M IN A 10.0.0.39
+1000.example. 5M IN A 10.0.0.40
+1000.example. 5M IN A 10.0.0.41
+1000.example. 5M IN A 10.0.0.42
+1000.example. 5M IN A 10.0.0.43
+1000.example. 5M IN A 10.0.0.44
+1000.example. 5M IN A 10.0.0.45
+1000.example. 5M IN A 10.0.0.46
+1000.example. 5M IN A 10.0.0.47
+1000.example. 5M IN A 10.0.0.48
+1000.example. 5M IN A 10.0.0.49
+1000.example. 5M IN A 10.0.0.50
+1000.example. 5M IN A 10.0.0.51
+1000.example. 5M IN A 10.0.0.52
+1000.example. 5M IN A 10.0.0.53
+1000.example. 5M IN A 10.0.0.54
+1000.example. 5M IN A 10.0.0.55
+1000.example. 5M IN A 10.0.0.56
+1000.example. 5M IN A 10.0.0.57
+1000.example. 5M IN A 10.0.0.58
+1000.example. 5M IN A 10.0.0.59
+1000.example. 5M IN A 10.0.0.60
+1000.example. 5M IN A 10.0.0.61
+1000.example. 5M IN A 10.0.0.62
+1000.example. 5M IN A 10.0.0.63
+1000.example. 5M IN A 10.0.0.64
+1000.example. 5M IN A 10.0.0.65
+1000.example. 5M IN A 10.0.0.66
+1000.example. 5M IN A 10.0.0.67
+1000.example. 5M IN A 10.0.0.68
+1000.example. 5M IN A 10.0.0.69
+1000.example. 5M IN A 10.0.0.70
+1000.example. 5M IN A 10.0.0.71
+1000.example. 5M IN A 10.0.0.72
+1000.example. 5M IN A 10.0.0.73
+1000.example. 5M IN A 10.0.0.74
+1000.example. 5M IN A 10.0.0.75
+1000.example. 5M IN A 10.0.0.76
+1000.example. 5M IN A 10.0.0.77
+1000.example. 5M IN A 10.0.0.78
+1000.example. 5M IN A 10.0.0.79
+1000.example. 5M IN A 10.0.0.80
+1000.example. 5M IN A 10.0.0.81
+1000.example. 5M IN A 10.0.0.82
+1000.example. 5M IN A 10.0.0.83
+1000.example. 5M IN A 10.0.0.84
+1000.example. 5M IN A 10.0.0.85
+1000.example. 5M IN A 10.0.0.86
+1000.example. 5M IN A 10.0.0.87
+1000.example. 5M IN A 10.0.0.88
+1000.example. 5M IN A 10.0.0.89
+1000.example. 5M IN A 10.0.0.90
+1000.example. 5M IN A 10.0.0.91
+1000.example. 5M IN A 10.0.0.92
+1000.example. 5M IN A 10.0.0.93
+1000.example. 5M IN A 10.0.0.94
+1000.example. 5M IN A 10.0.0.95
+1000.example. 5M IN A 10.0.0.96
+1000.example. 5M IN A 10.0.0.97
+1000.example. 5M IN A 10.0.0.98
+1000.example. 5M IN A 10.0.0.99
+1000.example. 5M IN A 10.0.0.100
+1000.example. 5M IN A 10.0.0.101
+1000.example. 5M IN A 10.0.0.102
+1000.example. 5M IN A 10.0.0.103
+1000.example. 5M IN A 10.0.0.104
+1000.example. 5M IN A 10.0.0.105
+1000.example. 5M IN A 10.0.0.106
+1000.example. 5M IN A 10.0.0.107
+1000.example. 5M IN A 10.0.0.108
+1000.example. 5M IN A 10.0.0.109
+1000.example. 5M IN A 10.0.0.110
+1000.example. 5M IN A 10.0.0.111
+1000.example. 5M IN A 10.0.0.112
+1000.example. 5M IN A 10.0.0.113
+1000.example. 5M IN A 10.0.0.114
+1000.example. 5M IN A 10.0.0.115
+1000.example. 5M IN A 10.0.0.116
+1000.example. 5M IN A 10.0.0.117
+1000.example. 5M IN A 10.0.0.118
+1000.example. 5M IN A 10.0.0.119
+1000.example. 5M IN A 10.0.0.120
+1000.example. 5M IN A 10.0.0.121
+1000.example. 5M IN A 10.0.0.122
+1000.example. 5M IN A 10.0.0.123
+1000.example. 5M IN A 10.0.0.124
+1000.example. 5M IN A 10.0.0.125
+1000.example. 5M IN A 10.0.0.126
+1000.example. 5M IN A 10.0.0.127
+1000.example. 5M IN A 10.0.0.128
+1000.example. 5M IN A 10.0.0.129
+1000.example. 5M IN A 10.0.0.130
+1000.example. 5M IN A 10.0.0.131
+1000.example. 5M IN A 10.0.0.132
+1000.example. 5M IN A 10.0.0.133
+1000.example. 5M IN A 10.0.0.134
+1000.example. 5M IN A 10.0.0.135
+1000.example. 5M IN A 10.0.0.136
+1000.example. 5M IN A 10.0.0.137
+1000.example. 5M IN A 10.0.0.138
+1000.example. 5M IN A 10.0.0.139
+1000.example. 5M IN A 10.0.0.140
+1000.example. 5M IN A 10.0.0.141
+1000.example. 5M IN A 10.0.0.142
+1000.example. 5M IN A 10.0.0.143
+1000.example. 5M IN A 10.0.0.144
+1000.example. 5M IN A 10.0.0.145
+1000.example. 5M IN A 10.0.0.146
+1000.example. 5M IN A 10.0.0.147
+1000.example. 5M IN A 10.0.0.148
+1000.example. 5M IN A 10.0.0.149
+1000.example. 5M IN A 10.0.0.150
+1000.example. 5M IN A 10.0.0.151
+1000.example. 5M IN A 10.0.0.152
+1000.example. 5M IN A 10.0.0.153
+1000.example. 5M IN A 10.0.0.154
+1000.example. 5M IN A 10.0.0.155
+1000.example. 5M IN A 10.0.0.156
+1000.example. 5M IN A 10.0.0.157
+1000.example. 5M IN A 10.0.0.158
+1000.example. 5M IN A 10.0.0.159
+1000.example. 5M IN A 10.0.0.160
+1000.example. 5M IN A 10.0.0.161
+1000.example. 5M IN A 10.0.0.162
+1000.example. 5M IN A 10.0.0.163
+1000.example. 5M IN A 10.0.0.164
+1000.example. 5M IN A 10.0.0.165
+1000.example. 5M IN A 10.0.0.166
+1000.example. 5M IN A 10.0.0.167
+1000.example. 5M IN A 10.0.0.168
+1000.example. 5M IN A 10.0.0.169
+1000.example. 5M IN A 10.0.0.170
+1000.example. 5M IN A 10.0.0.171
+1000.example. 5M IN A 10.0.0.172
+1000.example. 5M IN A 10.0.0.173
+1000.example. 5M IN A 10.0.0.174
+1000.example. 5M IN A 10.0.0.175
+1000.example. 5M IN A 10.0.0.176
+1000.example. 5M IN A 10.0.0.177
+1000.example. 5M IN A 10.0.0.178
+1000.example. 5M IN A 10.0.0.179
+1000.example. 5M IN A 10.0.0.180
+1000.example. 5M IN A 10.0.0.181
+1000.example. 5M IN A 10.0.0.182
+1000.example. 5M IN A 10.0.0.183
+1000.example. 5M IN A 10.0.0.184
+1000.example. 5M IN A 10.0.0.185
+1000.example. 5M IN A 10.0.0.186
+1000.example. 5M IN A 10.0.0.187
+1000.example. 5M IN A 10.0.0.188
+1000.example. 5M IN A 10.0.0.189
+1000.example. 5M IN A 10.0.0.190
+1000.example. 5M IN A 10.0.0.191
+1000.example. 5M IN A 10.0.0.192
+1000.example. 5M IN A 10.0.0.193
+1000.example. 5M IN A 10.0.0.194
+1000.example. 5M IN A 10.0.0.195
+1000.example. 5M IN A 10.0.0.196
+1000.example. 5M IN A 10.0.0.197
+1000.example. 5M IN A 10.0.0.198
+1000.example. 5M IN A 10.0.0.199
+1000.example. 5M IN A 10.0.0.200
+1000.example. 5M IN A 10.0.0.201
+1000.example. 5M IN A 10.0.0.202
+1000.example. 5M IN A 10.0.0.203
+1000.example. 5M IN A 10.0.0.204
+1000.example. 5M IN A 10.0.0.205
+1000.example. 5M IN A 10.0.0.206
+1000.example. 5M IN A 10.0.0.207
+1000.example. 5M IN A 10.0.0.208
+1000.example. 5M IN A 10.0.0.209
+1000.example. 5M IN A 10.0.0.210
+1000.example. 5M IN A 10.0.0.211
+1000.example. 5M IN A 10.0.0.212
+1000.example. 5M IN A 10.0.0.213
+1000.example. 5M IN A 10.0.0.214
+1000.example. 5M IN A 10.0.0.215
+1000.example. 5M IN A 10.0.0.216
+1000.example. 5M IN A 10.0.0.217
+1000.example. 5M IN A 10.0.0.218
+1000.example. 5M IN A 10.0.0.219
+1000.example. 5M IN A 10.0.0.220
+1000.example. 5M IN A 10.0.0.221
+1000.example. 5M IN A 10.0.0.222
+1000.example. 5M IN A 10.0.0.223
+1000.example. 5M IN A 10.0.0.224
+1000.example. 5M IN A 10.0.0.225
+1000.example. 5M IN A 10.0.0.226
+1000.example. 5M IN A 10.0.0.227
+1000.example. 5M IN A 10.0.0.228
+1000.example. 5M IN A 10.0.0.229
+1000.example. 5M IN A 10.0.0.230
+1000.example. 5M IN A 10.0.0.231
+1000.example. 5M IN A 10.0.0.232
+1000.example. 5M IN A 10.0.0.233
+1000.example. 5M IN A 10.0.0.234
+1000.example. 5M IN A 10.0.0.235
+1000.example. 5M IN A 10.0.0.236
+1000.example. 5M IN A 10.0.0.237
+1000.example. 5M IN A 10.0.0.238
+1000.example. 5M IN A 10.0.0.239
+1000.example. 5M IN A 10.0.0.240
+1000.example. 5M IN A 10.0.0.241
+1000.example. 5M IN A 10.0.0.242
+1000.example. 5M IN A 10.0.0.243
+1000.example. 5M IN A 10.0.0.244
+1000.example. 5M IN A 10.0.0.245
+1000.example. 5M IN A 10.0.0.246
+1000.example. 5M IN A 10.0.0.247
+1000.example. 5M IN A 10.0.0.248
+1000.example. 5M IN A 10.0.0.249
+1000.example. 5M IN A 10.0.0.250
+1000.example. 5M IN A 10.0.0.251
+1000.example. 5M IN A 10.0.0.252
+1000.example. 5M IN A 10.0.0.253
+1000.example. 5M IN A 10.0.0.254
+1000.example. 5M IN A 10.0.0.255
+1000.example. 5M IN A 10.0.1.0
+1000.example. 5M IN A 10.0.1.1
+1000.example. 5M IN A 10.0.1.2
+1000.example. 5M IN A 10.0.1.3
+1000.example. 5M IN A 10.0.1.4
+1000.example. 5M IN A 10.0.1.5
+1000.example. 5M IN A 10.0.1.6
+1000.example. 5M IN A 10.0.1.7
+1000.example. 5M IN A 10.0.1.8
+1000.example. 5M IN A 10.0.1.9
+1000.example. 5M IN A 10.0.1.10
+1000.example. 5M IN A 10.0.1.11
+1000.example. 5M IN A 10.0.1.12
+1000.example. 5M IN A 10.0.1.13
+1000.example. 5M IN A 10.0.1.14
+1000.example. 5M IN A 10.0.1.15
+1000.example. 5M IN A 10.0.1.16
+1000.example. 5M IN A 10.0.1.17
+1000.example. 5M IN A 10.0.1.18
+1000.example. 5M IN A 10.0.1.19
+1000.example. 5M IN A 10.0.1.20
+1000.example. 5M IN A 10.0.1.21
+1000.example. 5M IN A 10.0.1.22
+1000.example. 5M IN A 10.0.1.23
+1000.example. 5M IN A 10.0.1.24
+1000.example. 5M IN A 10.0.1.25
+1000.example. 5M IN A 10.0.1.26
+1000.example. 5M IN A 10.0.1.27
+1000.example. 5M IN A 10.0.1.28
+1000.example. 5M IN A 10.0.1.29
+1000.example. 5M IN A 10.0.1.30
+1000.example. 5M IN A 10.0.1.31
+1000.example. 5M IN A 10.0.1.32
+1000.example. 5M IN A 10.0.1.33
+1000.example. 5M IN A 10.0.1.34
+1000.example. 5M IN A 10.0.1.35
+1000.example. 5M IN A 10.0.1.36
+1000.example. 5M IN A 10.0.1.37
+1000.example. 5M IN A 10.0.1.38
+1000.example. 5M IN A 10.0.1.39
+1000.example. 5M IN A 10.0.1.40
+1000.example. 5M IN A 10.0.1.41
+1000.example. 5M IN A 10.0.1.42
+1000.example. 5M IN A 10.0.1.43
+1000.example. 5M IN A 10.0.1.44
+1000.example. 5M IN A 10.0.1.45
+1000.example. 5M IN A 10.0.1.46
+1000.example. 5M IN A 10.0.1.47
+1000.example. 5M IN A 10.0.1.48
+1000.example. 5M IN A 10.0.1.49
+1000.example. 5M IN A 10.0.1.50
+1000.example. 5M IN A 10.0.1.51
+1000.example. 5M IN A 10.0.1.52
+1000.example. 5M IN A 10.0.1.53
+1000.example. 5M IN A 10.0.1.54
+1000.example. 5M IN A 10.0.1.55
+1000.example. 5M IN A 10.0.1.56
+1000.example. 5M IN A 10.0.1.57
+1000.example. 5M IN A 10.0.1.58
+1000.example. 5M IN A 10.0.1.59
+1000.example. 5M IN A 10.0.1.60
+1000.example. 5M IN A 10.0.1.61
+1000.example. 5M IN A 10.0.1.62
+1000.example. 5M IN A 10.0.1.63
+1000.example. 5M IN A 10.0.1.64
+1000.example. 5M IN A 10.0.1.65
+1000.example. 5M IN A 10.0.1.66
+1000.example. 5M IN A 10.0.1.67
+1000.example. 5M IN A 10.0.1.68
+1000.example. 5M IN A 10.0.1.69
+1000.example. 5M IN A 10.0.1.70
+1000.example. 5M IN A 10.0.1.71
+1000.example. 5M IN A 10.0.1.72
+1000.example. 5M IN A 10.0.1.73
+1000.example. 5M IN A 10.0.1.74
+1000.example. 5M IN A 10.0.1.75
+1000.example. 5M IN A 10.0.1.76
+1000.example. 5M IN A 10.0.1.77
+1000.example. 5M IN A 10.0.1.78
+1000.example. 5M IN A 10.0.1.79
+1000.example. 5M IN A 10.0.1.80
+1000.example. 5M IN A 10.0.1.81
+1000.example. 5M IN A 10.0.1.82
+1000.example. 5M IN A 10.0.1.83
+1000.example. 5M IN A 10.0.1.84
+1000.example. 5M IN A 10.0.1.85
+1000.example. 5M IN A 10.0.1.86
+1000.example. 5M IN A 10.0.1.87
+1000.example. 5M IN A 10.0.1.88
+1000.example. 5M IN A 10.0.1.89
+1000.example. 5M IN A 10.0.1.90
+1000.example. 5M IN A 10.0.1.91
+1000.example. 5M IN A 10.0.1.92
+1000.example. 5M IN A 10.0.1.93
+1000.example. 5M IN A 10.0.1.94
+1000.example. 5M IN A 10.0.1.95
+1000.example. 5M IN A 10.0.1.96
+1000.example. 5M IN A 10.0.1.97
+1000.example. 5M IN A 10.0.1.98
+1000.example. 5M IN A 10.0.1.99
+1000.example. 5M IN A 10.0.1.100
+1000.example. 5M IN A 10.0.1.101
+1000.example. 5M IN A 10.0.1.102
+1000.example. 5M IN A 10.0.1.103
+1000.example. 5M IN A 10.0.1.104
+1000.example. 5M IN A 10.0.1.105
+1000.example. 5M IN A 10.0.1.106
+1000.example. 5M IN A 10.0.1.107
+1000.example. 5M IN A 10.0.1.108
+1000.example. 5M IN A 10.0.1.109
+1000.example. 5M IN A 10.0.1.110
+1000.example. 5M IN A 10.0.1.111
+1000.example. 5M IN A 10.0.1.112
+1000.example. 5M IN A 10.0.1.113
+1000.example. 5M IN A 10.0.1.114
+1000.example. 5M IN A 10.0.1.115
+1000.example. 5M IN A 10.0.1.116
+1000.example. 5M IN A 10.0.1.117
+1000.example. 5M IN A 10.0.1.118
+1000.example. 5M IN A 10.0.1.119
+1000.example. 5M IN A 10.0.1.120
+1000.example. 5M IN A 10.0.1.121
+1000.example. 5M IN A 10.0.1.122
+1000.example. 5M IN A 10.0.1.123
+1000.example. 5M IN A 10.0.1.124
+1000.example. 5M IN A 10.0.1.125
+1000.example. 5M IN A 10.0.1.126
+1000.example. 5M IN A 10.0.1.127
+1000.example. 5M IN A 10.0.1.128
+1000.example. 5M IN A 10.0.1.129
+1000.example. 5M IN A 10.0.1.130
+1000.example. 5M IN A 10.0.1.131
+1000.example. 5M IN A 10.0.1.132
+1000.example. 5M IN A 10.0.1.133
+1000.example. 5M IN A 10.0.1.134
+1000.example. 5M IN A 10.0.1.135
+1000.example. 5M IN A 10.0.1.136
+1000.example. 5M IN A 10.0.1.137
+1000.example. 5M IN A 10.0.1.138
+1000.example. 5M IN A 10.0.1.139
+1000.example. 5M IN A 10.0.1.140
+1000.example. 5M IN A 10.0.1.141
+1000.example. 5M IN A 10.0.1.142
+1000.example. 5M IN A 10.0.1.143
+1000.example. 5M IN A 10.0.1.144
+1000.example. 5M IN A 10.0.1.145
+1000.example. 5M IN A 10.0.1.146
+1000.example. 5M IN A 10.0.1.147
+1000.example. 5M IN A 10.0.1.148
+1000.example. 5M IN A 10.0.1.149
+1000.example. 5M IN A 10.0.1.150
+1000.example. 5M IN A 10.0.1.151
+1000.example. 5M IN A 10.0.1.152
+1000.example. 5M IN A 10.0.1.153
+1000.example. 5M IN A 10.0.1.154
+1000.example. 5M IN A 10.0.1.155
+1000.example. 5M IN A 10.0.1.156
+1000.example. 5M IN A 10.0.1.157
+1000.example. 5M IN A 10.0.1.158
+1000.example. 5M IN A 10.0.1.159
+1000.example. 5M IN A 10.0.1.160
+1000.example. 5M IN A 10.0.1.161
+1000.example. 5M IN A 10.0.1.162
+1000.example. 5M IN A 10.0.1.163
+1000.example. 5M IN A 10.0.1.164
+1000.example. 5M IN A 10.0.1.165
+1000.example. 5M IN A 10.0.1.166
+1000.example. 5M IN A 10.0.1.167
+1000.example. 5M IN A 10.0.1.168
+1000.example. 5M IN A 10.0.1.169
+1000.example. 5M IN A 10.0.1.170
+1000.example. 5M IN A 10.0.1.171
+1000.example. 5M IN A 10.0.1.172
+1000.example. 5M IN A 10.0.1.173
+1000.example. 5M IN A 10.0.1.174
+1000.example. 5M IN A 10.0.1.175
+1000.example. 5M IN A 10.0.1.176
+1000.example. 5M IN A 10.0.1.177
+1000.example. 5M IN A 10.0.1.178
+1000.example. 5M IN A 10.0.1.179
+1000.example. 5M IN A 10.0.1.180
+1000.example. 5M IN A 10.0.1.181
+1000.example. 5M IN A 10.0.1.182
+1000.example. 5M IN A 10.0.1.183
+1000.example. 5M IN A 10.0.1.184
+1000.example. 5M IN A 10.0.1.185
+1000.example. 5M IN A 10.0.1.186
+1000.example. 5M IN A 10.0.1.187
+1000.example. 5M IN A 10.0.1.188
+1000.example. 5M IN A 10.0.1.189
+1000.example. 5M IN A 10.0.1.190
+1000.example. 5M IN A 10.0.1.191
+1000.example. 5M IN A 10.0.1.192
+1000.example. 5M IN A 10.0.1.193
+1000.example. 5M IN A 10.0.1.194
+1000.example. 5M IN A 10.0.1.195
+1000.example. 5M IN A 10.0.1.196
+1000.example. 5M IN A 10.0.1.197
+1000.example. 5M IN A 10.0.1.198
+1000.example. 5M IN A 10.0.1.199
+1000.example. 5M IN A 10.0.1.200
+1000.example. 5M IN A 10.0.1.201
+1000.example. 5M IN A 10.0.1.202
+1000.example. 5M IN A 10.0.1.203
+1000.example. 5M IN A 10.0.1.204
+1000.example. 5M IN A 10.0.1.205
+1000.example. 5M IN A 10.0.1.206
+1000.example. 5M IN A 10.0.1.207
+1000.example. 5M IN A 10.0.1.208
+1000.example. 5M IN A 10.0.1.209
+1000.example. 5M IN A 10.0.1.210
+1000.example. 5M IN A 10.0.1.211
+1000.example. 5M IN A 10.0.1.212
+1000.example. 5M IN A 10.0.1.213
+1000.example. 5M IN A 10.0.1.214
+1000.example. 5M IN A 10.0.1.215
+1000.example. 5M IN A 10.0.1.216
+1000.example. 5M IN A 10.0.1.217
+1000.example. 5M IN A 10.0.1.218
+1000.example. 5M IN A 10.0.1.219
+1000.example. 5M IN A 10.0.1.220
+1000.example. 5M IN A 10.0.1.221
+1000.example. 5M IN A 10.0.1.222
+1000.example. 5M IN A 10.0.1.223
+1000.example. 5M IN A 10.0.1.224
+1000.example. 5M IN A 10.0.1.225
+1000.example. 5M IN A 10.0.1.226
+1000.example. 5M IN A 10.0.1.227
+1000.example. 5M IN A 10.0.1.228
+1000.example. 5M IN A 10.0.1.229
+1000.example. 5M IN A 10.0.1.230
+1000.example. 5M IN A 10.0.1.231
+1000.example. 5M IN A 10.0.1.232
+1000.example. 5M IN A 10.0.1.233
+1000.example. 5M IN A 10.0.1.234
+1000.example. 5M IN A 10.0.1.235
+1000.example. 5M IN A 10.0.1.236
+1000.example. 5M IN A 10.0.1.237
+1000.example. 5M IN A 10.0.1.238
+1000.example. 5M IN A 10.0.1.239
+1000.example. 5M IN A 10.0.1.240
+1000.example. 5M IN A 10.0.1.241
+1000.example. 5M IN A 10.0.1.242
+1000.example. 5M IN A 10.0.1.243
+1000.example. 5M IN A 10.0.1.244
+1000.example. 5M IN A 10.0.1.245
+1000.example. 5M IN A 10.0.1.246
+1000.example. 5M IN A 10.0.1.247
+1000.example. 5M IN A 10.0.1.248
+1000.example. 5M IN A 10.0.1.249
+1000.example. 5M IN A 10.0.1.250
+1000.example. 5M IN A 10.0.1.251
+1000.example. 5M IN A 10.0.1.252
+1000.example. 5M IN A 10.0.1.253
+1000.example. 5M IN A 10.0.1.254
+1000.example. 5M IN A 10.0.1.255
+1000.example. 5M IN A 10.0.2.0
+1000.example. 5M IN A 10.0.2.1
+1000.example. 5M IN A 10.0.2.2
+1000.example. 5M IN A 10.0.2.3
+1000.example. 5M IN A 10.0.2.4
+1000.example. 5M IN A 10.0.2.5
+1000.example. 5M IN A 10.0.2.6
+1000.example. 5M IN A 10.0.2.7
+1000.example. 5M IN A 10.0.2.8
+1000.example. 5M IN A 10.0.2.9
+1000.example. 5M IN A 10.0.2.10
+1000.example. 5M IN A 10.0.2.11
+1000.example. 5M IN A 10.0.2.12
+1000.example. 5M IN A 10.0.2.13
+1000.example. 5M IN A 10.0.2.14
+1000.example. 5M IN A 10.0.2.15
+1000.example. 5M IN A 10.0.2.16
+1000.example. 5M IN A 10.0.2.17
+1000.example. 5M IN A 10.0.2.18
+1000.example. 5M IN A 10.0.2.19
+1000.example. 5M IN A 10.0.2.20
+1000.example. 5M IN A 10.0.2.21
+1000.example. 5M IN A 10.0.2.22
+1000.example. 5M IN A 10.0.2.23
+1000.example. 5M IN A 10.0.2.24
+1000.example. 5M IN A 10.0.2.25
+1000.example. 5M IN A 10.0.2.26
+1000.example. 5M IN A 10.0.2.27
+1000.example. 5M IN A 10.0.2.28
+1000.example. 5M IN A 10.0.2.29
+1000.example. 5M IN A 10.0.2.30
+1000.example. 5M IN A 10.0.2.31
+1000.example. 5M IN A 10.0.2.32
+1000.example. 5M IN A 10.0.2.33
+1000.example. 5M IN A 10.0.2.34
+1000.example. 5M IN A 10.0.2.35
+1000.example. 5M IN A 10.0.2.36
+1000.example. 5M IN A 10.0.2.37
+1000.example. 5M IN A 10.0.2.38
+1000.example. 5M IN A 10.0.2.39
+1000.example. 5M IN A 10.0.2.40
+1000.example. 5M IN A 10.0.2.41
+1000.example. 5M IN A 10.0.2.42
+1000.example. 5M IN A 10.0.2.43
+1000.example. 5M IN A 10.0.2.44
+1000.example. 5M IN A 10.0.2.45
+1000.example. 5M IN A 10.0.2.46
+1000.example. 5M IN A 10.0.2.47
+1000.example. 5M IN A 10.0.2.48
+1000.example. 5M IN A 10.0.2.49
+1000.example. 5M IN A 10.0.2.50
+1000.example. 5M IN A 10.0.2.51
+1000.example. 5M IN A 10.0.2.52
+1000.example. 5M IN A 10.0.2.53
+1000.example. 5M IN A 10.0.2.54
+1000.example. 5M IN A 10.0.2.55
+1000.example. 5M IN A 10.0.2.56
+1000.example. 5M IN A 10.0.2.57
+1000.example. 5M IN A 10.0.2.58
+1000.example. 5M IN A 10.0.2.59
+1000.example. 5M IN A 10.0.2.60
+1000.example. 5M IN A 10.0.2.61
+1000.example. 5M IN A 10.0.2.62
+1000.example. 5M IN A 10.0.2.63
+1000.example. 5M IN A 10.0.2.64
+1000.example. 5M IN A 10.0.2.65
+1000.example. 5M IN A 10.0.2.66
+1000.example. 5M IN A 10.0.2.67
+1000.example. 5M IN A 10.0.2.68
+1000.example. 5M IN A 10.0.2.69
+1000.example. 5M IN A 10.0.2.70
+1000.example. 5M IN A 10.0.2.71
+1000.example. 5M IN A 10.0.2.72
+1000.example. 5M IN A 10.0.2.73
+1000.example. 5M IN A 10.0.2.74
+1000.example. 5M IN A 10.0.2.75
+1000.example. 5M IN A 10.0.2.76
+1000.example. 5M IN A 10.0.2.77
+1000.example. 5M IN A 10.0.2.78
+1000.example. 5M IN A 10.0.2.79
+1000.example. 5M IN A 10.0.2.80
+1000.example. 5M IN A 10.0.2.81
+1000.example. 5M IN A 10.0.2.82
+1000.example. 5M IN A 10.0.2.83
+1000.example. 5M IN A 10.0.2.84
+1000.example. 5M IN A 10.0.2.85
+1000.example. 5M IN A 10.0.2.86
+1000.example. 5M IN A 10.0.2.87
+1000.example. 5M IN A 10.0.2.88
+1000.example. 5M IN A 10.0.2.89
+1000.example. 5M IN A 10.0.2.90
+1000.example. 5M IN A 10.0.2.91
+1000.example. 5M IN A 10.0.2.92
+1000.example. 5M IN A 10.0.2.93
+1000.example. 5M IN A 10.0.2.94
+1000.example. 5M IN A 10.0.2.95
+1000.example. 5M IN A 10.0.2.96
+1000.example. 5M IN A 10.0.2.97
+1000.example. 5M IN A 10.0.2.98
+1000.example. 5M IN A 10.0.2.99
+1000.example. 5M IN A 10.0.2.100
+1000.example. 5M IN A 10.0.2.101
+1000.example. 5M IN A 10.0.2.102
+1000.example. 5M IN A 10.0.2.103
+1000.example. 5M IN A 10.0.2.104
+1000.example. 5M IN A 10.0.2.105
+1000.example. 5M IN A 10.0.2.106
+1000.example. 5M IN A 10.0.2.107
+1000.example. 5M IN A 10.0.2.108
+1000.example. 5M IN A 10.0.2.109
+1000.example. 5M IN A 10.0.2.110
+1000.example. 5M IN A 10.0.2.111
+1000.example. 5M IN A 10.0.2.112
+1000.example. 5M IN A 10.0.2.113
+1000.example. 5M IN A 10.0.2.114
+1000.example. 5M IN A 10.0.2.115
+1000.example. 5M IN A 10.0.2.116
+1000.example. 5M IN A 10.0.2.117
+1000.example. 5M IN A 10.0.2.118
+1000.example. 5M IN A 10.0.2.119
+1000.example. 5M IN A 10.0.2.120
+1000.example. 5M IN A 10.0.2.121
+1000.example. 5M IN A 10.0.2.122
+1000.example. 5M IN A 10.0.2.123
+1000.example. 5M IN A 10.0.2.124
+1000.example. 5M IN A 10.0.2.125
+1000.example. 5M IN A 10.0.2.126
+1000.example. 5M IN A 10.0.2.127
+1000.example. 5M IN A 10.0.2.128
+1000.example. 5M IN A 10.0.2.129
+1000.example. 5M IN A 10.0.2.130
+1000.example. 5M IN A 10.0.2.131
+1000.example. 5M IN A 10.0.2.132
+1000.example. 5M IN A 10.0.2.133
+1000.example. 5M IN A 10.0.2.134
+1000.example. 5M IN A 10.0.2.135
+1000.example. 5M IN A 10.0.2.136
+1000.example. 5M IN A 10.0.2.137
+1000.example. 5M IN A 10.0.2.138
+1000.example. 5M IN A 10.0.2.139
+1000.example. 5M IN A 10.0.2.140
+1000.example. 5M IN A 10.0.2.141
+1000.example. 5M IN A 10.0.2.142
+1000.example. 5M IN A 10.0.2.143
+1000.example. 5M IN A 10.0.2.144
+1000.example. 5M IN A 10.0.2.145
+1000.example. 5M IN A 10.0.2.146
+1000.example. 5M IN A 10.0.2.147
+1000.example. 5M IN A 10.0.2.148
+1000.example. 5M IN A 10.0.2.149
+1000.example. 5M IN A 10.0.2.150
+1000.example. 5M IN A 10.0.2.151
+1000.example. 5M IN A 10.0.2.152
+1000.example. 5M IN A 10.0.2.153
+1000.example. 5M IN A 10.0.2.154
+1000.example. 5M IN A 10.0.2.155
+1000.example. 5M IN A 10.0.2.156
+1000.example. 5M IN A 10.0.2.157
+1000.example. 5M IN A 10.0.2.158
+1000.example. 5M IN A 10.0.2.159
+1000.example. 5M IN A 10.0.2.160
+1000.example. 5M IN A 10.0.2.161
+1000.example. 5M IN A 10.0.2.162
+1000.example. 5M IN A 10.0.2.163
+1000.example. 5M IN A 10.0.2.164
+1000.example. 5M IN A 10.0.2.165
+1000.example. 5M IN A 10.0.2.166
+1000.example. 5M IN A 10.0.2.167
+1000.example. 5M IN A 10.0.2.168
+1000.example. 5M IN A 10.0.2.169
+1000.example. 5M IN A 10.0.2.170
+1000.example. 5M IN A 10.0.2.171
+1000.example. 5M IN A 10.0.2.172
+1000.example. 5M IN A 10.0.2.173
+1000.example. 5M IN A 10.0.2.174
+1000.example. 5M IN A 10.0.2.175
+1000.example. 5M IN A 10.0.2.176
+1000.example. 5M IN A 10.0.2.177
+1000.example. 5M IN A 10.0.2.178
+1000.example. 5M IN A 10.0.2.179
+1000.example. 5M IN A 10.0.2.180
+1000.example. 5M IN A 10.0.2.181
+1000.example. 5M IN A 10.0.2.182
+1000.example. 5M IN A 10.0.2.183
+1000.example. 5M IN A 10.0.2.184
+1000.example. 5M IN A 10.0.2.185
+1000.example. 5M IN A 10.0.2.186
+1000.example. 5M IN A 10.0.2.187
+1000.example. 5M IN A 10.0.2.188
+1000.example. 5M IN A 10.0.2.189
+1000.example. 5M IN A 10.0.2.190
+1000.example. 5M IN A 10.0.2.191
+1000.example. 5M IN A 10.0.2.192
+1000.example. 5M IN A 10.0.2.193
+1000.example. 5M IN A 10.0.2.194
+1000.example. 5M IN A 10.0.2.195
+1000.example. 5M IN A 10.0.2.196
+1000.example. 5M IN A 10.0.2.197
+1000.example. 5M IN A 10.0.2.198
+1000.example. 5M IN A 10.0.2.199
+1000.example. 5M IN A 10.0.2.200
+1000.example. 5M IN A 10.0.2.201
+1000.example. 5M IN A 10.0.2.202
+1000.example. 5M IN A 10.0.2.203
+1000.example. 5M IN A 10.0.2.204
+1000.example. 5M IN A 10.0.2.205
+1000.example. 5M IN A 10.0.2.206
+1000.example. 5M IN A 10.0.2.207
+1000.example. 5M IN A 10.0.2.208
+1000.example. 5M IN A 10.0.2.209
+1000.example. 5M IN A 10.0.2.210
+1000.example. 5M IN A 10.0.2.211
+1000.example. 5M IN A 10.0.2.212
+1000.example. 5M IN A 10.0.2.213
+1000.example. 5M IN A 10.0.2.214
+1000.example. 5M IN A 10.0.2.215
+1000.example. 5M IN A 10.0.2.216
+1000.example. 5M IN A 10.0.2.217
+1000.example. 5M IN A 10.0.2.218
+1000.example. 5M IN A 10.0.2.219
+1000.example. 5M IN A 10.0.2.220
+1000.example. 5M IN A 10.0.2.221
+1000.example. 5M IN A 10.0.2.222
+1000.example. 5M IN A 10.0.2.223
+1000.example. 5M IN A 10.0.2.224
+1000.example. 5M IN A 10.0.2.225
+1000.example. 5M IN A 10.0.2.226
+1000.example. 5M IN A 10.0.2.227
+1000.example. 5M IN A 10.0.2.228
+1000.example. 5M IN A 10.0.2.229
+1000.example. 5M IN A 10.0.2.230
+1000.example. 5M IN A 10.0.2.231
+1000.example. 5M IN A 10.0.2.232
+1000.example. 5M IN A 10.0.2.233
+1000.example. 5M IN A 10.0.2.234
+1000.example. 5M IN A 10.0.2.235
+1000.example. 5M IN A 10.0.2.236
+1000.example. 5M IN A 10.0.2.237
+1000.example. 5M IN A 10.0.2.238
+1000.example. 5M IN A 10.0.2.239
+1000.example. 5M IN A 10.0.2.240
+1000.example. 5M IN A 10.0.2.241
+1000.example. 5M IN A 10.0.2.242
+1000.example. 5M IN A 10.0.2.243
+1000.example. 5M IN A 10.0.2.244
+1000.example. 5M IN A 10.0.2.245
+1000.example. 5M IN A 10.0.2.246
+1000.example. 5M IN A 10.0.2.247
+1000.example. 5M IN A 10.0.2.248
+1000.example. 5M IN A 10.0.2.249
+1000.example. 5M IN A 10.0.2.250
+1000.example. 5M IN A 10.0.2.251
+1000.example. 5M IN A 10.0.2.252
+1000.example. 5M IN A 10.0.2.253
+1000.example. 5M IN A 10.0.2.254
+1000.example. 5M IN A 10.0.2.255
+1000.example. 5M IN A 10.0.3.0
+1000.example. 5M IN A 10.0.3.1
+1000.example. 5M IN A 10.0.3.2
+1000.example. 5M IN A 10.0.3.3
+1000.example. 5M IN A 10.0.3.4
+1000.example. 5M IN A 10.0.3.5
+1000.example. 5M IN A 10.0.3.6
+1000.example. 5M IN A 10.0.3.7
+1000.example. 5M IN A 10.0.3.8
+1000.example. 5M IN A 10.0.3.9
+1000.example. 5M IN A 10.0.3.10
+1000.example. 5M IN A 10.0.3.11
+1000.example. 5M IN A 10.0.3.12
+1000.example. 5M IN A 10.0.3.13
+1000.example. 5M IN A 10.0.3.14
+1000.example. 5M IN A 10.0.3.15
+1000.example. 5M IN A 10.0.3.16
+1000.example. 5M IN A 10.0.3.17
+1000.example. 5M IN A 10.0.3.18
+1000.example. 5M IN A 10.0.3.19
+1000.example. 5M IN A 10.0.3.20
+1000.example. 5M IN A 10.0.3.21
+1000.example. 5M IN A 10.0.3.22
+1000.example. 5M IN A 10.0.3.23
+1000.example. 5M IN A 10.0.3.24
+1000.example. 5M IN A 10.0.3.25
+1000.example. 5M IN A 10.0.3.26
+1000.example. 5M IN A 10.0.3.27
+1000.example. 5M IN A 10.0.3.28
+1000.example. 5M IN A 10.0.3.29
+1000.example. 5M IN A 10.0.3.30
+1000.example. 5M IN A 10.0.3.31
+1000.example. 5M IN A 10.0.3.32
+1000.example. 5M IN A 10.0.3.33
+1000.example. 5M IN A 10.0.3.34
+1000.example. 5M IN A 10.0.3.35
+1000.example. 5M IN A 10.0.3.36
+1000.example. 5M IN A 10.0.3.37
+1000.example. 5M IN A 10.0.3.38
+1000.example. 5M IN A 10.0.3.39
+1000.example. 5M IN A 10.0.3.40
+1000.example. 5M IN A 10.0.3.41
+1000.example. 5M IN A 10.0.3.42
+1000.example. 5M IN A 10.0.3.43
+1000.example. 5M IN A 10.0.3.44
+1000.example. 5M IN A 10.0.3.45
+1000.example. 5M IN A 10.0.3.46
+1000.example. 5M IN A 10.0.3.47
+1000.example. 5M IN A 10.0.3.48
+1000.example. 5M IN A 10.0.3.49
+1000.example. 5M IN A 10.0.3.50
+1000.example. 5M IN A 10.0.3.51
+1000.example. 5M IN A 10.0.3.52
+1000.example. 5M IN A 10.0.3.53
+1000.example. 5M IN A 10.0.3.54
+1000.example. 5M IN A 10.0.3.55
+1000.example. 5M IN A 10.0.3.56
+1000.example. 5M IN A 10.0.3.57
+1000.example. 5M IN A 10.0.3.58
+1000.example. 5M IN A 10.0.3.59
+1000.example. 5M IN A 10.0.3.60
+1000.example. 5M IN A 10.0.3.61
+1000.example. 5M IN A 10.0.3.62
+1000.example. 5M IN A 10.0.3.63
+1000.example. 5M IN A 10.0.3.64
+1000.example. 5M IN A 10.0.3.65
+1000.example. 5M IN A 10.0.3.66
+1000.example. 5M IN A 10.0.3.67
+1000.example. 5M IN A 10.0.3.68
+1000.example. 5M IN A 10.0.3.69
+1000.example. 5M IN A 10.0.3.70
+1000.example. 5M IN A 10.0.3.71
+1000.example. 5M IN A 10.0.3.72
+1000.example. 5M IN A 10.0.3.73
+1000.example. 5M IN A 10.0.3.74
+1000.example. 5M IN A 10.0.3.75
+1000.example. 5M IN A 10.0.3.76
+1000.example. 5M IN A 10.0.3.77
+1000.example. 5M IN A 10.0.3.78
+1000.example. 5M IN A 10.0.3.79
+1000.example. 5M IN A 10.0.3.80
+1000.example. 5M IN A 10.0.3.81
+1000.example. 5M IN A 10.0.3.82
+1000.example. 5M IN A 10.0.3.83
+1000.example. 5M IN A 10.0.3.84
+1000.example. 5M IN A 10.0.3.85
+1000.example. 5M IN A 10.0.3.86
+1000.example. 5M IN A 10.0.3.87
+1000.example. 5M IN A 10.0.3.88
+1000.example. 5M IN A 10.0.3.89
+1000.example. 5M IN A 10.0.3.90
+1000.example. 5M IN A 10.0.3.91
+1000.example. 5M IN A 10.0.3.92
+1000.example. 5M IN A 10.0.3.93
+1000.example. 5M IN A 10.0.3.94
+1000.example. 5M IN A 10.0.3.95
+1000.example. 5M IN A 10.0.3.96
+1000.example. 5M IN A 10.0.3.97
+1000.example. 5M IN A 10.0.3.98
+1000.example. 5M IN A 10.0.3.99
+1000.example. 5M IN A 10.0.3.100
+1000.example. 5M IN A 10.0.3.101
+1000.example. 5M IN A 10.0.3.102
+1000.example. 5M IN A 10.0.3.103
+1000.example. 5M IN A 10.0.3.104
+1000.example. 5M IN A 10.0.3.105
+1000.example. 5M IN A 10.0.3.106
+1000.example. 5M IN A 10.0.3.107
+1000.example. 5M IN A 10.0.3.108
+1000.example. 5M IN A 10.0.3.109
+1000.example. 5M IN A 10.0.3.110
+1000.example. 5M IN A 10.0.3.111
+1000.example. 5M IN A 10.0.3.112
+1000.example. 5M IN A 10.0.3.113
+1000.example. 5M IN A 10.0.3.114
+1000.example. 5M IN A 10.0.3.115
+1000.example. 5M IN A 10.0.3.116
+1000.example. 5M IN A 10.0.3.117
+1000.example. 5M IN A 10.0.3.118
+1000.example. 5M IN A 10.0.3.119
+1000.example. 5M IN A 10.0.3.120
+1000.example. 5M IN A 10.0.3.121
+1000.example. 5M IN A 10.0.3.122
+1000.example. 5M IN A 10.0.3.123
+1000.example. 5M IN A 10.0.3.124
+1000.example. 5M IN A 10.0.3.125
+1000.example. 5M IN A 10.0.3.126
+1000.example. 5M IN A 10.0.3.127
+1000.example. 5M IN A 10.0.3.128
+1000.example. 5M IN A 10.0.3.129
+1000.example. 5M IN A 10.0.3.130
+1000.example. 5M IN A 10.0.3.131
+1000.example. 5M IN A 10.0.3.132
+1000.example. 5M IN A 10.0.3.133
+1000.example. 5M IN A 10.0.3.134
+1000.example. 5M IN A 10.0.3.135
+1000.example. 5M IN A 10.0.3.136
+1000.example. 5M IN A 10.0.3.137
+1000.example. 5M IN A 10.0.3.138
+1000.example. 5M IN A 10.0.3.139
+1000.example. 5M IN A 10.0.3.140
+1000.example. 5M IN A 10.0.3.141
+1000.example. 5M IN A 10.0.3.142
+1000.example. 5M IN A 10.0.3.143
+1000.example. 5M IN A 10.0.3.144
+1000.example. 5M IN A 10.0.3.145
+1000.example. 5M IN A 10.0.3.146
+1000.example. 5M IN A 10.0.3.147
+1000.example. 5M IN A 10.0.3.148
+1000.example. 5M IN A 10.0.3.149
+1000.example. 5M IN A 10.0.3.150
+1000.example. 5M IN A 10.0.3.151
+1000.example. 5M IN A 10.0.3.152
+1000.example. 5M IN A 10.0.3.153
+1000.example. 5M IN A 10.0.3.154
+1000.example. 5M IN A 10.0.3.155
+1000.example. 5M IN A 10.0.3.156
+1000.example. 5M IN A 10.0.3.157
+1000.example. 5M IN A 10.0.3.158
+1000.example. 5M IN A 10.0.3.159
+1000.example. 5M IN A 10.0.3.160
+1000.example. 5M IN A 10.0.3.161
+1000.example. 5M IN A 10.0.3.162
+1000.example. 5M IN A 10.0.3.163
+1000.example. 5M IN A 10.0.3.164
+1000.example. 5M IN A 10.0.3.165
+1000.example. 5M IN A 10.0.3.166
+1000.example. 5M IN A 10.0.3.167
+1000.example. 5M IN A 10.0.3.168
+1000.example. 5M IN A 10.0.3.169
+1000.example. 5M IN A 10.0.3.170
+1000.example. 5M IN A 10.0.3.171
+1000.example. 5M IN A 10.0.3.172
+1000.example. 5M IN A 10.0.3.173
+1000.example. 5M IN A 10.0.3.174
+1000.example. 5M IN A 10.0.3.175
+1000.example. 5M IN A 10.0.3.176
+1000.example. 5M IN A 10.0.3.177
+1000.example. 5M IN A 10.0.3.178
+1000.example. 5M IN A 10.0.3.179
+1000.example. 5M IN A 10.0.3.180
+1000.example. 5M IN A 10.0.3.181
+1000.example. 5M IN A 10.0.3.182
+1000.example. 5M IN A 10.0.3.183
+1000.example. 5M IN A 10.0.3.184
+1000.example. 5M IN A 10.0.3.185
+1000.example. 5M IN A 10.0.3.186
+1000.example. 5M IN A 10.0.3.187
+1000.example. 5M IN A 10.0.3.188
+1000.example. 5M IN A 10.0.3.189
+1000.example. 5M IN A 10.0.3.190
+1000.example. 5M IN A 10.0.3.191
+1000.example. 5M IN A 10.0.3.192
+1000.example. 5M IN A 10.0.3.193
+1000.example. 5M IN A 10.0.3.194
+1000.example. 5M IN A 10.0.3.195
+1000.example. 5M IN A 10.0.3.196
+1000.example. 5M IN A 10.0.3.197
+1000.example. 5M IN A 10.0.3.198
+1000.example. 5M IN A 10.0.3.199
+1000.example. 5M IN A 10.0.3.200
+1000.example. 5M IN A 10.0.3.201
+1000.example. 5M IN A 10.0.3.202
+1000.example. 5M IN A 10.0.3.203
+1000.example. 5M IN A 10.0.3.204
+1000.example. 5M IN A 10.0.3.205
+1000.example. 5M IN A 10.0.3.206
+1000.example. 5M IN A 10.0.3.207
+1000.example. 5M IN A 10.0.3.208
+1000.example. 5M IN A 10.0.3.209
+1000.example. 5M IN A 10.0.3.210
+1000.example. 5M IN A 10.0.3.211
+1000.example. 5M IN A 10.0.3.212
+1000.example. 5M IN A 10.0.3.213
+1000.example. 5M IN A 10.0.3.214
+1000.example. 5M IN A 10.0.3.215
+1000.example. 5M IN A 10.0.3.216
+1000.example. 5M IN A 10.0.3.217
+1000.example. 5M IN A 10.0.3.218
+1000.example. 5M IN A 10.0.3.219
+1000.example. 5M IN A 10.0.3.220
+1000.example. 5M IN A 10.0.3.221
+1000.example. 5M IN A 10.0.3.222
+1000.example. 5M IN A 10.0.3.223
+1000.example. 5M IN A 10.0.3.224
+1000.example. 5M IN A 10.0.3.225
+1000.example. 5M IN A 10.0.3.226
+1000.example. 5M IN A 10.0.3.227
+1000.example. 5M IN A 10.0.3.228
+1000.example. 5M IN A 10.0.3.229
+1000.example. 5M IN A 10.0.3.230
+1000.example. 5M IN A 10.0.3.231
+
+;; AUTHORITY SECTION:
+example. 5M IN NS ns1.example.
+
+;; ADDITIONAL SECTION:
+ns1.example. 5M IN A 10.53.0.1
+
+;; Total query time: 69 msec
+;; FROM: draco to SERVER: 10.53.0.1
+;; WHEN: Fri Jun 23 12:58:14 2000
+;; MSG SIZE sent: 30 rcvd: 16064
+
diff --git a/bin/tests/system/limits/knowngood.dig.out.2000 b/bin/tests/system/limits/knowngood.dig.out.2000
new file mode 100644
index 0000000..96c9181
--- /dev/null
+++ b/bin/tests/system/limits/knowngood.dig.out.2000
@@ -0,0 +1,2023 @@
+
+; <<>> DiG 8.2 <<>> 2000.example. @10.53.0.1 a -p
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
+;; flags: qr aa rd ad; QUERY: 1, ANSWER: 2000, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; 2000.example, type = A, class = IN
+
+;; ANSWER SECTION:
+2000.example. 5M IN A 10.0.0.0
+2000.example. 5M IN A 10.0.0.1
+2000.example. 5M IN A 10.0.0.2
+2000.example. 5M IN A 10.0.0.3
+2000.example. 5M IN A 10.0.0.4
+2000.example. 5M IN A 10.0.0.5
+2000.example. 5M IN A 10.0.0.6
+2000.example. 5M IN A 10.0.0.7
+2000.example. 5M IN A 10.0.0.8
+2000.example. 5M IN A 10.0.0.9
+2000.example. 5M IN A 10.0.0.10
+2000.example. 5M IN A 10.0.0.11
+2000.example. 5M IN A 10.0.0.12
+2000.example. 5M IN A 10.0.0.13
+2000.example. 5M IN A 10.0.0.14
+2000.example. 5M IN A 10.0.0.15
+2000.example. 5M IN A 10.0.0.16
+2000.example. 5M IN A 10.0.0.17
+2000.example. 5M IN A 10.0.0.18
+2000.example. 5M IN A 10.0.0.19
+2000.example. 5M IN A 10.0.0.20
+2000.example. 5M IN A 10.0.0.21
+2000.example. 5M IN A 10.0.0.22
+2000.example. 5M IN A 10.0.0.23
+2000.example. 5M IN A 10.0.0.24
+2000.example. 5M IN A 10.0.0.25
+2000.example. 5M IN A 10.0.0.26
+2000.example. 5M IN A 10.0.0.27
+2000.example. 5M IN A 10.0.0.28
+2000.example. 5M IN A 10.0.0.29
+2000.example. 5M IN A 10.0.0.30
+2000.example. 5M IN A 10.0.0.31
+2000.example. 5M IN A 10.0.0.32
+2000.example. 5M IN A 10.0.0.33
+2000.example. 5M IN A 10.0.0.34
+2000.example. 5M IN A 10.0.0.35
+2000.example. 5M IN A 10.0.0.36
+2000.example. 5M IN A 10.0.0.37
+2000.example. 5M IN A 10.0.0.38
+2000.example. 5M IN A 10.0.0.39
+2000.example. 5M IN A 10.0.0.40
+2000.example. 5M IN A 10.0.0.41
+2000.example. 5M IN A 10.0.0.42
+2000.example. 5M IN A 10.0.0.43
+2000.example. 5M IN A 10.0.0.44
+2000.example. 5M IN A 10.0.0.45
+2000.example. 5M IN A 10.0.0.46
+2000.example. 5M IN A 10.0.0.47
+2000.example. 5M IN A 10.0.0.48
+2000.example. 5M IN A 10.0.0.49
+2000.example. 5M IN A 10.0.0.50
+2000.example. 5M IN A 10.0.0.51
+2000.example. 5M IN A 10.0.0.52
+2000.example. 5M IN A 10.0.0.53
+2000.example. 5M IN A 10.0.0.54
+2000.example. 5M IN A 10.0.0.55
+2000.example. 5M IN A 10.0.0.56
+2000.example. 5M IN A 10.0.0.57
+2000.example. 5M IN A 10.0.0.58
+2000.example. 5M IN A 10.0.0.59
+2000.example. 5M IN A 10.0.0.60
+2000.example. 5M IN A 10.0.0.61
+2000.example. 5M IN A 10.0.0.62
+2000.example. 5M IN A 10.0.0.63
+2000.example. 5M IN A 10.0.0.64
+2000.example. 5M IN A 10.0.0.65
+2000.example. 5M IN A 10.0.0.66
+2000.example. 5M IN A 10.0.0.67
+2000.example. 5M IN A 10.0.0.68
+2000.example. 5M IN A 10.0.0.69
+2000.example. 5M IN A 10.0.0.70
+2000.example. 5M IN A 10.0.0.71
+2000.example. 5M IN A 10.0.0.72
+2000.example. 5M IN A 10.0.0.73
+2000.example. 5M IN A 10.0.0.74
+2000.example. 5M IN A 10.0.0.75
+2000.example. 5M IN A 10.0.0.76
+2000.example. 5M IN A 10.0.0.77
+2000.example. 5M IN A 10.0.0.78
+2000.example. 5M IN A 10.0.0.79
+2000.example. 5M IN A 10.0.0.80
+2000.example. 5M IN A 10.0.0.81
+2000.example. 5M IN A 10.0.0.82
+2000.example. 5M IN A 10.0.0.83
+2000.example. 5M IN A 10.0.0.84
+2000.example. 5M IN A 10.0.0.85
+2000.example. 5M IN A 10.0.0.86
+2000.example. 5M IN A 10.0.0.87
+2000.example. 5M IN A 10.0.0.88
+2000.example. 5M IN A 10.0.0.89
+2000.example. 5M IN A 10.0.0.90
+2000.example. 5M IN A 10.0.0.91
+2000.example. 5M IN A 10.0.0.92
+2000.example. 5M IN A 10.0.0.93
+2000.example. 5M IN A 10.0.0.94
+2000.example. 5M IN A 10.0.0.95
+2000.example. 5M IN A 10.0.0.96
+2000.example. 5M IN A 10.0.0.97
+2000.example. 5M IN A 10.0.0.98
+2000.example. 5M IN A 10.0.0.99
+2000.example. 5M IN A 10.0.0.100
+2000.example. 5M IN A 10.0.0.101
+2000.example. 5M IN A 10.0.0.102
+2000.example. 5M IN A 10.0.0.103
+2000.example. 5M IN A 10.0.0.104
+2000.example. 5M IN A 10.0.0.105
+2000.example. 5M IN A 10.0.0.106
+2000.example. 5M IN A 10.0.0.107
+2000.example. 5M IN A 10.0.0.108
+2000.example. 5M IN A 10.0.0.109
+2000.example. 5M IN A 10.0.0.110
+2000.example. 5M IN A 10.0.0.111
+2000.example. 5M IN A 10.0.0.112
+2000.example. 5M IN A 10.0.0.113
+2000.example. 5M IN A 10.0.0.114
+2000.example. 5M IN A 10.0.0.115
+2000.example. 5M IN A 10.0.0.116
+2000.example. 5M IN A 10.0.0.117
+2000.example. 5M IN A 10.0.0.118
+2000.example. 5M IN A 10.0.0.119
+2000.example. 5M IN A 10.0.0.120
+2000.example. 5M IN A 10.0.0.121
+2000.example. 5M IN A 10.0.0.122
+2000.example. 5M IN A 10.0.0.123
+2000.example. 5M IN A 10.0.0.124
+2000.example. 5M IN A 10.0.0.125
+2000.example. 5M IN A 10.0.0.126
+2000.example. 5M IN A 10.0.0.127
+2000.example. 5M IN A 10.0.0.128
+2000.example. 5M IN A 10.0.0.129
+2000.example. 5M IN A 10.0.0.130
+2000.example. 5M IN A 10.0.0.131
+2000.example. 5M IN A 10.0.0.132
+2000.example. 5M IN A 10.0.0.133
+2000.example. 5M IN A 10.0.0.134
+2000.example. 5M IN A 10.0.0.135
+2000.example. 5M IN A 10.0.0.136
+2000.example. 5M IN A 10.0.0.137
+2000.example. 5M IN A 10.0.0.138
+2000.example. 5M IN A 10.0.0.139
+2000.example. 5M IN A 10.0.0.140
+2000.example. 5M IN A 10.0.0.141
+2000.example. 5M IN A 10.0.0.142
+2000.example. 5M IN A 10.0.0.143
+2000.example. 5M IN A 10.0.0.144
+2000.example. 5M IN A 10.0.0.145
+2000.example. 5M IN A 10.0.0.146
+2000.example. 5M IN A 10.0.0.147
+2000.example. 5M IN A 10.0.0.148
+2000.example. 5M IN A 10.0.0.149
+2000.example. 5M IN A 10.0.0.150
+2000.example. 5M IN A 10.0.0.151
+2000.example. 5M IN A 10.0.0.152
+2000.example. 5M IN A 10.0.0.153
+2000.example. 5M IN A 10.0.0.154
+2000.example. 5M IN A 10.0.0.155
+2000.example. 5M IN A 10.0.0.156
+2000.example. 5M IN A 10.0.0.157
+2000.example. 5M IN A 10.0.0.158
+2000.example. 5M IN A 10.0.0.159
+2000.example. 5M IN A 10.0.0.160
+2000.example. 5M IN A 10.0.0.161
+2000.example. 5M IN A 10.0.0.162
+2000.example. 5M IN A 10.0.0.163
+2000.example. 5M IN A 10.0.0.164
+2000.example. 5M IN A 10.0.0.165
+2000.example. 5M IN A 10.0.0.166
+2000.example. 5M IN A 10.0.0.167
+2000.example. 5M IN A 10.0.0.168
+2000.example. 5M IN A 10.0.0.169
+2000.example. 5M IN A 10.0.0.170
+2000.example. 5M IN A 10.0.0.171
+2000.example. 5M IN A 10.0.0.172
+2000.example. 5M IN A 10.0.0.173
+2000.example. 5M IN A 10.0.0.174
+2000.example. 5M IN A 10.0.0.175
+2000.example. 5M IN A 10.0.0.176
+2000.example. 5M IN A 10.0.0.177
+2000.example. 5M IN A 10.0.0.178
+2000.example. 5M IN A 10.0.0.179
+2000.example. 5M IN A 10.0.0.180
+2000.example. 5M IN A 10.0.0.181
+2000.example. 5M IN A 10.0.0.182
+2000.example. 5M IN A 10.0.0.183
+2000.example. 5M IN A 10.0.0.184
+2000.example. 5M IN A 10.0.0.185
+2000.example. 5M IN A 10.0.0.186
+2000.example. 5M IN A 10.0.0.187
+2000.example. 5M IN A 10.0.0.188
+2000.example. 5M IN A 10.0.0.189
+2000.example. 5M IN A 10.0.0.190
+2000.example. 5M IN A 10.0.0.191
+2000.example. 5M IN A 10.0.0.192
+2000.example. 5M IN A 10.0.0.193
+2000.example. 5M IN A 10.0.0.194
+2000.example. 5M IN A 10.0.0.195
+2000.example. 5M IN A 10.0.0.196
+2000.example. 5M IN A 10.0.0.197
+2000.example. 5M IN A 10.0.0.198
+2000.example. 5M IN A 10.0.0.199
+2000.example. 5M IN A 10.0.0.200
+2000.example. 5M IN A 10.0.0.201
+2000.example. 5M IN A 10.0.0.202
+2000.example. 5M IN A 10.0.0.203
+2000.example. 5M IN A 10.0.0.204
+2000.example. 5M IN A 10.0.0.205
+2000.example. 5M IN A 10.0.0.206
+2000.example. 5M IN A 10.0.0.207
+2000.example. 5M IN A 10.0.0.208
+2000.example. 5M IN A 10.0.0.209
+2000.example. 5M IN A 10.0.0.210
+2000.example. 5M IN A 10.0.0.211
+2000.example. 5M IN A 10.0.0.212
+2000.example. 5M IN A 10.0.0.213
+2000.example. 5M IN A 10.0.0.214
+2000.example. 5M IN A 10.0.0.215
+2000.example. 5M IN A 10.0.0.216
+2000.example. 5M IN A 10.0.0.217
+2000.example. 5M IN A 10.0.0.218
+2000.example. 5M IN A 10.0.0.219
+2000.example. 5M IN A 10.0.0.220
+2000.example. 5M IN A 10.0.0.221
+2000.example. 5M IN A 10.0.0.222
+2000.example. 5M IN A 10.0.0.223
+2000.example. 5M IN A 10.0.0.224
+2000.example. 5M IN A 10.0.0.225
+2000.example. 5M IN A 10.0.0.226
+2000.example. 5M IN A 10.0.0.227
+2000.example. 5M IN A 10.0.0.228
+2000.example. 5M IN A 10.0.0.229
+2000.example. 5M IN A 10.0.0.230
+2000.example. 5M IN A 10.0.0.231
+2000.example. 5M IN A 10.0.0.232
+2000.example. 5M IN A 10.0.0.233
+2000.example. 5M IN A 10.0.0.234
+2000.example. 5M IN A 10.0.0.235
+2000.example. 5M IN A 10.0.0.236
+2000.example. 5M IN A 10.0.0.237
+2000.example. 5M IN A 10.0.0.238
+2000.example. 5M IN A 10.0.0.239
+2000.example. 5M IN A 10.0.0.240
+2000.example. 5M IN A 10.0.0.241
+2000.example. 5M IN A 10.0.0.242
+2000.example. 5M IN A 10.0.0.243
+2000.example. 5M IN A 10.0.0.244
+2000.example. 5M IN A 10.0.0.245
+2000.example. 5M IN A 10.0.0.246
+2000.example. 5M IN A 10.0.0.247
+2000.example. 5M IN A 10.0.0.248
+2000.example. 5M IN A 10.0.0.249
+2000.example. 5M IN A 10.0.0.250
+2000.example. 5M IN A 10.0.0.251
+2000.example. 5M IN A 10.0.0.252
+2000.example. 5M IN A 10.0.0.253
+2000.example. 5M IN A 10.0.0.254
+2000.example. 5M IN A 10.0.0.255
+2000.example. 5M IN A 10.0.1.0
+2000.example. 5M IN A 10.0.1.1
+2000.example. 5M IN A 10.0.1.2
+2000.example. 5M IN A 10.0.1.3
+2000.example. 5M IN A 10.0.1.4
+2000.example. 5M IN A 10.0.1.5
+2000.example. 5M IN A 10.0.1.6
+2000.example. 5M IN A 10.0.1.7
+2000.example. 5M IN A 10.0.1.8
+2000.example. 5M IN A 10.0.1.9
+2000.example. 5M IN A 10.0.1.10
+2000.example. 5M IN A 10.0.1.11
+2000.example. 5M IN A 10.0.1.12
+2000.example. 5M IN A 10.0.1.13
+2000.example. 5M IN A 10.0.1.14
+2000.example. 5M IN A 10.0.1.15
+2000.example. 5M IN A 10.0.1.16
+2000.example. 5M IN A 10.0.1.17
+2000.example. 5M IN A 10.0.1.18
+2000.example. 5M IN A 10.0.1.19
+2000.example. 5M IN A 10.0.1.20
+2000.example. 5M IN A 10.0.1.21
+2000.example. 5M IN A 10.0.1.22
+2000.example. 5M IN A 10.0.1.23
+2000.example. 5M IN A 10.0.1.24
+2000.example. 5M IN A 10.0.1.25
+2000.example. 5M IN A 10.0.1.26
+2000.example. 5M IN A 10.0.1.27
+2000.example. 5M IN A 10.0.1.28
+2000.example. 5M IN A 10.0.1.29
+2000.example. 5M IN A 10.0.1.30
+2000.example. 5M IN A 10.0.1.31
+2000.example. 5M IN A 10.0.1.32
+2000.example. 5M IN A 10.0.1.33
+2000.example. 5M IN A 10.0.1.34
+2000.example. 5M IN A 10.0.1.35
+2000.example. 5M IN A 10.0.1.36
+2000.example. 5M IN A 10.0.1.37
+2000.example. 5M IN A 10.0.1.38
+2000.example. 5M IN A 10.0.1.39
+2000.example. 5M IN A 10.0.1.40
+2000.example. 5M IN A 10.0.1.41
+2000.example. 5M IN A 10.0.1.42
+2000.example. 5M IN A 10.0.1.43
+2000.example. 5M IN A 10.0.1.44
+2000.example. 5M IN A 10.0.1.45
+2000.example. 5M IN A 10.0.1.46
+2000.example. 5M IN A 10.0.1.47
+2000.example. 5M IN A 10.0.1.48
+2000.example. 5M IN A 10.0.1.49
+2000.example. 5M IN A 10.0.1.50
+2000.example. 5M IN A 10.0.1.51
+2000.example. 5M IN A 10.0.1.52
+2000.example. 5M IN A 10.0.1.53
+2000.example. 5M IN A 10.0.1.54
+2000.example. 5M IN A 10.0.1.55
+2000.example. 5M IN A 10.0.1.56
+2000.example. 5M IN A 10.0.1.57
+2000.example. 5M IN A 10.0.1.58
+2000.example. 5M IN A 10.0.1.59
+2000.example. 5M IN A 10.0.1.60
+2000.example. 5M IN A 10.0.1.61
+2000.example. 5M IN A 10.0.1.62
+2000.example. 5M IN A 10.0.1.63
+2000.example. 5M IN A 10.0.1.64
+2000.example. 5M IN A 10.0.1.65
+2000.example. 5M IN A 10.0.1.66
+2000.example. 5M IN A 10.0.1.67
+2000.example. 5M IN A 10.0.1.68
+2000.example. 5M IN A 10.0.1.69
+2000.example. 5M IN A 10.0.1.70
+2000.example. 5M IN A 10.0.1.71
+2000.example. 5M IN A 10.0.1.72
+2000.example. 5M IN A 10.0.1.73
+2000.example. 5M IN A 10.0.1.74
+2000.example. 5M IN A 10.0.1.75
+2000.example. 5M IN A 10.0.1.76
+2000.example. 5M IN A 10.0.1.77
+2000.example. 5M IN A 10.0.1.78
+2000.example. 5M IN A 10.0.1.79
+2000.example. 5M IN A 10.0.1.80
+2000.example. 5M IN A 10.0.1.81
+2000.example. 5M IN A 10.0.1.82
+2000.example. 5M IN A 10.0.1.83
+2000.example. 5M IN A 10.0.1.84
+2000.example. 5M IN A 10.0.1.85
+2000.example. 5M IN A 10.0.1.86
+2000.example. 5M IN A 10.0.1.87
+2000.example. 5M IN A 10.0.1.88
+2000.example. 5M IN A 10.0.1.89
+2000.example. 5M IN A 10.0.1.90
+2000.example. 5M IN A 10.0.1.91
+2000.example. 5M IN A 10.0.1.92
+2000.example. 5M IN A 10.0.1.93
+2000.example. 5M IN A 10.0.1.94
+2000.example. 5M IN A 10.0.1.95
+2000.example. 5M IN A 10.0.1.96
+2000.example. 5M IN A 10.0.1.97
+2000.example. 5M IN A 10.0.1.98
+2000.example. 5M IN A 10.0.1.99
+2000.example. 5M IN A 10.0.1.100
+2000.example. 5M IN A 10.0.1.101
+2000.example. 5M IN A 10.0.1.102
+2000.example. 5M IN A 10.0.1.103
+2000.example. 5M IN A 10.0.1.104
+2000.example. 5M IN A 10.0.1.105
+2000.example. 5M IN A 10.0.1.106
+2000.example. 5M IN A 10.0.1.107
+2000.example. 5M IN A 10.0.1.108
+2000.example. 5M IN A 10.0.1.109
+2000.example. 5M IN A 10.0.1.110
+2000.example. 5M IN A 10.0.1.111
+2000.example. 5M IN A 10.0.1.112
+2000.example. 5M IN A 10.0.1.113
+2000.example. 5M IN A 10.0.1.114
+2000.example. 5M IN A 10.0.1.115
+2000.example. 5M IN A 10.0.1.116
+2000.example. 5M IN A 10.0.1.117
+2000.example. 5M IN A 10.0.1.118
+2000.example. 5M IN A 10.0.1.119
+2000.example. 5M IN A 10.0.1.120
+2000.example. 5M IN A 10.0.1.121
+2000.example. 5M IN A 10.0.1.122
+2000.example. 5M IN A 10.0.1.123
+2000.example. 5M IN A 10.0.1.124
+2000.example. 5M IN A 10.0.1.125
+2000.example. 5M IN A 10.0.1.126
+2000.example. 5M IN A 10.0.1.127
+2000.example. 5M IN A 10.0.1.128
+2000.example. 5M IN A 10.0.1.129
+2000.example. 5M IN A 10.0.1.130
+2000.example. 5M IN A 10.0.1.131
+2000.example. 5M IN A 10.0.1.132
+2000.example. 5M IN A 10.0.1.133
+2000.example. 5M IN A 10.0.1.134
+2000.example. 5M IN A 10.0.1.135
+2000.example. 5M IN A 10.0.1.136
+2000.example. 5M IN A 10.0.1.137
+2000.example. 5M IN A 10.0.1.138
+2000.example. 5M IN A 10.0.1.139
+2000.example. 5M IN A 10.0.1.140
+2000.example. 5M IN A 10.0.1.141
+2000.example. 5M IN A 10.0.1.142
+2000.example. 5M IN A 10.0.1.143
+2000.example. 5M IN A 10.0.1.144
+2000.example. 5M IN A 10.0.1.145
+2000.example. 5M IN A 10.0.1.146
+2000.example. 5M IN A 10.0.1.147
+2000.example. 5M IN A 10.0.1.148
+2000.example. 5M IN A 10.0.1.149
+2000.example. 5M IN A 10.0.1.150
+2000.example. 5M IN A 10.0.1.151
+2000.example. 5M IN A 10.0.1.152
+2000.example. 5M IN A 10.0.1.153
+2000.example. 5M IN A 10.0.1.154
+2000.example. 5M IN A 10.0.1.155
+2000.example. 5M IN A 10.0.1.156
+2000.example. 5M IN A 10.0.1.157
+2000.example. 5M IN A 10.0.1.158
+2000.example. 5M IN A 10.0.1.159
+2000.example. 5M IN A 10.0.1.160
+2000.example. 5M IN A 10.0.1.161
+2000.example. 5M IN A 10.0.1.162
+2000.example. 5M IN A 10.0.1.163
+2000.example. 5M IN A 10.0.1.164
+2000.example. 5M IN A 10.0.1.165
+2000.example. 5M IN A 10.0.1.166
+2000.example. 5M IN A 10.0.1.167
+2000.example. 5M IN A 10.0.1.168
+2000.example. 5M IN A 10.0.1.169
+2000.example. 5M IN A 10.0.1.170
+2000.example. 5M IN A 10.0.1.171
+2000.example. 5M IN A 10.0.1.172
+2000.example. 5M IN A 10.0.1.173
+2000.example. 5M IN A 10.0.1.174
+2000.example. 5M IN A 10.0.1.175
+2000.example. 5M IN A 10.0.1.176
+2000.example. 5M IN A 10.0.1.177
+2000.example. 5M IN A 10.0.1.178
+2000.example. 5M IN A 10.0.1.179
+2000.example. 5M IN A 10.0.1.180
+2000.example. 5M IN A 10.0.1.181
+2000.example. 5M IN A 10.0.1.182
+2000.example. 5M IN A 10.0.1.183
+2000.example. 5M IN A 10.0.1.184
+2000.example. 5M IN A 10.0.1.185
+2000.example. 5M IN A 10.0.1.186
+2000.example. 5M IN A 10.0.1.187
+2000.example. 5M IN A 10.0.1.188
+2000.example. 5M IN A 10.0.1.189
+2000.example. 5M IN A 10.0.1.190
+2000.example. 5M IN A 10.0.1.191
+2000.example. 5M IN A 10.0.1.192
+2000.example. 5M IN A 10.0.1.193
+2000.example. 5M IN A 10.0.1.194
+2000.example. 5M IN A 10.0.1.195
+2000.example. 5M IN A 10.0.1.196
+2000.example. 5M IN A 10.0.1.197
+2000.example. 5M IN A 10.0.1.198
+2000.example. 5M IN A 10.0.1.199
+2000.example. 5M IN A 10.0.1.200
+2000.example. 5M IN A 10.0.1.201
+2000.example. 5M IN A 10.0.1.202
+2000.example. 5M IN A 10.0.1.203
+2000.example. 5M IN A 10.0.1.204
+2000.example. 5M IN A 10.0.1.205
+2000.example. 5M IN A 10.0.1.206
+2000.example. 5M IN A 10.0.1.207
+2000.example. 5M IN A 10.0.1.208
+2000.example. 5M IN A 10.0.1.209
+2000.example. 5M IN A 10.0.1.210
+2000.example. 5M IN A 10.0.1.211
+2000.example. 5M IN A 10.0.1.212
+2000.example. 5M IN A 10.0.1.213
+2000.example. 5M IN A 10.0.1.214
+2000.example. 5M IN A 10.0.1.215
+2000.example. 5M IN A 10.0.1.216
+2000.example. 5M IN A 10.0.1.217
+2000.example. 5M IN A 10.0.1.218
+2000.example. 5M IN A 10.0.1.219
+2000.example. 5M IN A 10.0.1.220
+2000.example. 5M IN A 10.0.1.221
+2000.example. 5M IN A 10.0.1.222
+2000.example. 5M IN A 10.0.1.223
+2000.example. 5M IN A 10.0.1.224
+2000.example. 5M IN A 10.0.1.225
+2000.example. 5M IN A 10.0.1.226
+2000.example. 5M IN A 10.0.1.227
+2000.example. 5M IN A 10.0.1.228
+2000.example. 5M IN A 10.0.1.229
+2000.example. 5M IN A 10.0.1.230
+2000.example. 5M IN A 10.0.1.231
+2000.example. 5M IN A 10.0.1.232
+2000.example. 5M IN A 10.0.1.233
+2000.example. 5M IN A 10.0.1.234
+2000.example. 5M IN A 10.0.1.235
+2000.example. 5M IN A 10.0.1.236
+2000.example. 5M IN A 10.0.1.237
+2000.example. 5M IN A 10.0.1.238
+2000.example. 5M IN A 10.0.1.239
+2000.example. 5M IN A 10.0.1.240
+2000.example. 5M IN A 10.0.1.241
+2000.example. 5M IN A 10.0.1.242
+2000.example. 5M IN A 10.0.1.243
+2000.example. 5M IN A 10.0.1.244
+2000.example. 5M IN A 10.0.1.245
+2000.example. 5M IN A 10.0.1.246
+2000.example. 5M IN A 10.0.1.247
+2000.example. 5M IN A 10.0.1.248
+2000.example. 5M IN A 10.0.1.249
+2000.example. 5M IN A 10.0.1.250
+2000.example. 5M IN A 10.0.1.251
+2000.example. 5M IN A 10.0.1.252
+2000.example. 5M IN A 10.0.1.253
+2000.example. 5M IN A 10.0.1.254
+2000.example. 5M IN A 10.0.1.255
+2000.example. 5M IN A 10.0.2.0
+2000.example. 5M IN A 10.0.2.1
+2000.example. 5M IN A 10.0.2.2
+2000.example. 5M IN A 10.0.2.3
+2000.example. 5M IN A 10.0.2.4
+2000.example. 5M IN A 10.0.2.5
+2000.example. 5M IN A 10.0.2.6
+2000.example. 5M IN A 10.0.2.7
+2000.example. 5M IN A 10.0.2.8
+2000.example. 5M IN A 10.0.2.9
+2000.example. 5M IN A 10.0.2.10
+2000.example. 5M IN A 10.0.2.11
+2000.example. 5M IN A 10.0.2.12
+2000.example. 5M IN A 10.0.2.13
+2000.example. 5M IN A 10.0.2.14
+2000.example. 5M IN A 10.0.2.15
+2000.example. 5M IN A 10.0.2.16
+2000.example. 5M IN A 10.0.2.17
+2000.example. 5M IN A 10.0.2.18
+2000.example. 5M IN A 10.0.2.19
+2000.example. 5M IN A 10.0.2.20
+2000.example. 5M IN A 10.0.2.21
+2000.example. 5M IN A 10.0.2.22
+2000.example. 5M IN A 10.0.2.23
+2000.example. 5M IN A 10.0.2.24
+2000.example. 5M IN A 10.0.2.25
+2000.example. 5M IN A 10.0.2.26
+2000.example. 5M IN A 10.0.2.27
+2000.example. 5M IN A 10.0.2.28
+2000.example. 5M IN A 10.0.2.29
+2000.example. 5M IN A 10.0.2.30
+2000.example. 5M IN A 10.0.2.31
+2000.example. 5M IN A 10.0.2.32
+2000.example. 5M IN A 10.0.2.33
+2000.example. 5M IN A 10.0.2.34
+2000.example. 5M IN A 10.0.2.35
+2000.example. 5M IN A 10.0.2.36
+2000.example. 5M IN A 10.0.2.37
+2000.example. 5M IN A 10.0.2.38
+2000.example. 5M IN A 10.0.2.39
+2000.example. 5M IN A 10.0.2.40
+2000.example. 5M IN A 10.0.2.41
+2000.example. 5M IN A 10.0.2.42
+2000.example. 5M IN A 10.0.2.43
+2000.example. 5M IN A 10.0.2.44
+2000.example. 5M IN A 10.0.2.45
+2000.example. 5M IN A 10.0.2.46
+2000.example. 5M IN A 10.0.2.47
+2000.example. 5M IN A 10.0.2.48
+2000.example. 5M IN A 10.0.2.49
+2000.example. 5M IN A 10.0.2.50
+2000.example. 5M IN A 10.0.2.51
+2000.example. 5M IN A 10.0.2.52
+2000.example. 5M IN A 10.0.2.53
+2000.example. 5M IN A 10.0.2.54
+2000.example. 5M IN A 10.0.2.55
+2000.example. 5M IN A 10.0.2.56
+2000.example. 5M IN A 10.0.2.57
+2000.example. 5M IN A 10.0.2.58
+2000.example. 5M IN A 10.0.2.59
+2000.example. 5M IN A 10.0.2.60
+2000.example. 5M IN A 10.0.2.61
+2000.example. 5M IN A 10.0.2.62
+2000.example. 5M IN A 10.0.2.63
+2000.example. 5M IN A 10.0.2.64
+2000.example. 5M IN A 10.0.2.65
+2000.example. 5M IN A 10.0.2.66
+2000.example. 5M IN A 10.0.2.67
+2000.example. 5M IN A 10.0.2.68
+2000.example. 5M IN A 10.0.2.69
+2000.example. 5M IN A 10.0.2.70
+2000.example. 5M IN A 10.0.2.71
+2000.example. 5M IN A 10.0.2.72
+2000.example. 5M IN A 10.0.2.73
+2000.example. 5M IN A 10.0.2.74
+2000.example. 5M IN A 10.0.2.75
+2000.example. 5M IN A 10.0.2.76
+2000.example. 5M IN A 10.0.2.77
+2000.example. 5M IN A 10.0.2.78
+2000.example. 5M IN A 10.0.2.79
+2000.example. 5M IN A 10.0.2.80
+2000.example. 5M IN A 10.0.2.81
+2000.example. 5M IN A 10.0.2.82
+2000.example. 5M IN A 10.0.2.83
+2000.example. 5M IN A 10.0.2.84
+2000.example. 5M IN A 10.0.2.85
+2000.example. 5M IN A 10.0.2.86
+2000.example. 5M IN A 10.0.2.87
+2000.example. 5M IN A 10.0.2.88
+2000.example. 5M IN A 10.0.2.89
+2000.example. 5M IN A 10.0.2.90
+2000.example. 5M IN A 10.0.2.91
+2000.example. 5M IN A 10.0.2.92
+2000.example. 5M IN A 10.0.2.93
+2000.example. 5M IN A 10.0.2.94
+2000.example. 5M IN A 10.0.2.95
+2000.example. 5M IN A 10.0.2.96
+2000.example. 5M IN A 10.0.2.97
+2000.example. 5M IN A 10.0.2.98
+2000.example. 5M IN A 10.0.2.99
+2000.example. 5M IN A 10.0.2.100
+2000.example. 5M IN A 10.0.2.101
+2000.example. 5M IN A 10.0.2.102
+2000.example. 5M IN A 10.0.2.103
+2000.example. 5M IN A 10.0.2.104
+2000.example. 5M IN A 10.0.2.105
+2000.example. 5M IN A 10.0.2.106
+2000.example. 5M IN A 10.0.2.107
+2000.example. 5M IN A 10.0.2.108
+2000.example. 5M IN A 10.0.2.109
+2000.example. 5M IN A 10.0.2.110
+2000.example. 5M IN A 10.0.2.111
+2000.example. 5M IN A 10.0.2.112
+2000.example. 5M IN A 10.0.2.113
+2000.example. 5M IN A 10.0.2.114
+2000.example. 5M IN A 10.0.2.115
+2000.example. 5M IN A 10.0.2.116
+2000.example. 5M IN A 10.0.2.117
+2000.example. 5M IN A 10.0.2.118
+2000.example. 5M IN A 10.0.2.119
+2000.example. 5M IN A 10.0.2.120
+2000.example. 5M IN A 10.0.2.121
+2000.example. 5M IN A 10.0.2.122
+2000.example. 5M IN A 10.0.2.123
+2000.example. 5M IN A 10.0.2.124
+2000.example. 5M IN A 10.0.2.125
+2000.example. 5M IN A 10.0.2.126
+2000.example. 5M IN A 10.0.2.127
+2000.example. 5M IN A 10.0.2.128
+2000.example. 5M IN A 10.0.2.129
+2000.example. 5M IN A 10.0.2.130
+2000.example. 5M IN A 10.0.2.131
+2000.example. 5M IN A 10.0.2.132
+2000.example. 5M IN A 10.0.2.133
+2000.example. 5M IN A 10.0.2.134
+2000.example. 5M IN A 10.0.2.135
+2000.example. 5M IN A 10.0.2.136
+2000.example. 5M IN A 10.0.2.137
+2000.example. 5M IN A 10.0.2.138
+2000.example. 5M IN A 10.0.2.139
+2000.example. 5M IN A 10.0.2.140
+2000.example. 5M IN A 10.0.2.141
+2000.example. 5M IN A 10.0.2.142
+2000.example. 5M IN A 10.0.2.143
+2000.example. 5M IN A 10.0.2.144
+2000.example. 5M IN A 10.0.2.145
+2000.example. 5M IN A 10.0.2.146
+2000.example. 5M IN A 10.0.2.147
+2000.example. 5M IN A 10.0.2.148
+2000.example. 5M IN A 10.0.2.149
+2000.example. 5M IN A 10.0.2.150
+2000.example. 5M IN A 10.0.2.151
+2000.example. 5M IN A 10.0.2.152
+2000.example. 5M IN A 10.0.2.153
+2000.example. 5M IN A 10.0.2.154
+2000.example. 5M IN A 10.0.2.155
+2000.example. 5M IN A 10.0.2.156
+2000.example. 5M IN A 10.0.2.157
+2000.example. 5M IN A 10.0.2.158
+2000.example. 5M IN A 10.0.2.159
+2000.example. 5M IN A 10.0.2.160
+2000.example. 5M IN A 10.0.2.161
+2000.example. 5M IN A 10.0.2.162
+2000.example. 5M IN A 10.0.2.163
+2000.example. 5M IN A 10.0.2.164
+2000.example. 5M IN A 10.0.2.165
+2000.example. 5M IN A 10.0.2.166
+2000.example. 5M IN A 10.0.2.167
+2000.example. 5M IN A 10.0.2.168
+2000.example. 5M IN A 10.0.2.169
+2000.example. 5M IN A 10.0.2.170
+2000.example. 5M IN A 10.0.2.171
+2000.example. 5M IN A 10.0.2.172
+2000.example. 5M IN A 10.0.2.173
+2000.example. 5M IN A 10.0.2.174
+2000.example. 5M IN A 10.0.2.175
+2000.example. 5M IN A 10.0.2.176
+2000.example. 5M IN A 10.0.2.177
+2000.example. 5M IN A 10.0.2.178
+2000.example. 5M IN A 10.0.2.179
+2000.example. 5M IN A 10.0.2.180
+2000.example. 5M IN A 10.0.2.181
+2000.example. 5M IN A 10.0.2.182
+2000.example. 5M IN A 10.0.2.183
+2000.example. 5M IN A 10.0.2.184
+2000.example. 5M IN A 10.0.2.185
+2000.example. 5M IN A 10.0.2.186
+2000.example. 5M IN A 10.0.2.187
+2000.example. 5M IN A 10.0.2.188
+2000.example. 5M IN A 10.0.2.189
+2000.example. 5M IN A 10.0.2.190
+2000.example. 5M IN A 10.0.2.191
+2000.example. 5M IN A 10.0.2.192
+2000.example. 5M IN A 10.0.2.193
+2000.example. 5M IN A 10.0.2.194
+2000.example. 5M IN A 10.0.2.195
+2000.example. 5M IN A 10.0.2.196
+2000.example. 5M IN A 10.0.2.197
+2000.example. 5M IN A 10.0.2.198
+2000.example. 5M IN A 10.0.2.199
+2000.example. 5M IN A 10.0.2.200
+2000.example. 5M IN A 10.0.2.201
+2000.example. 5M IN A 10.0.2.202
+2000.example. 5M IN A 10.0.2.203
+2000.example. 5M IN A 10.0.2.204
+2000.example. 5M IN A 10.0.2.205
+2000.example. 5M IN A 10.0.2.206
+2000.example. 5M IN A 10.0.2.207
+2000.example. 5M IN A 10.0.2.208
+2000.example. 5M IN A 10.0.2.209
+2000.example. 5M IN A 10.0.2.210
+2000.example. 5M IN A 10.0.2.211
+2000.example. 5M IN A 10.0.2.212
+2000.example. 5M IN A 10.0.2.213
+2000.example. 5M IN A 10.0.2.214
+2000.example. 5M IN A 10.0.2.215
+2000.example. 5M IN A 10.0.2.216
+2000.example. 5M IN A 10.0.2.217
+2000.example. 5M IN A 10.0.2.218
+2000.example. 5M IN A 10.0.2.219
+2000.example. 5M IN A 10.0.2.220
+2000.example. 5M IN A 10.0.2.221
+2000.example. 5M IN A 10.0.2.222
+2000.example. 5M IN A 10.0.2.223
+2000.example. 5M IN A 10.0.2.224
+2000.example. 5M IN A 10.0.2.225
+2000.example. 5M IN A 10.0.2.226
+2000.example. 5M IN A 10.0.2.227
+2000.example. 5M IN A 10.0.2.228
+2000.example. 5M IN A 10.0.2.229
+2000.example. 5M IN A 10.0.2.230
+2000.example. 5M IN A 10.0.2.231
+2000.example. 5M IN A 10.0.2.232
+2000.example. 5M IN A 10.0.2.233
+2000.example. 5M IN A 10.0.2.234
+2000.example. 5M IN A 10.0.2.235
+2000.example. 5M IN A 10.0.2.236
+2000.example. 5M IN A 10.0.2.237
+2000.example. 5M IN A 10.0.2.238
+2000.example. 5M IN A 10.0.2.239
+2000.example. 5M IN A 10.0.2.240
+2000.example. 5M IN A 10.0.2.241
+2000.example. 5M IN A 10.0.2.242
+2000.example. 5M IN A 10.0.2.243
+2000.example. 5M IN A 10.0.2.244
+2000.example. 5M IN A 10.0.2.245
+2000.example. 5M IN A 10.0.2.246
+2000.example. 5M IN A 10.0.2.247
+2000.example. 5M IN A 10.0.2.248
+2000.example. 5M IN A 10.0.2.249
+2000.example. 5M IN A 10.0.2.250
+2000.example. 5M IN A 10.0.2.251
+2000.example. 5M IN A 10.0.2.252
+2000.example. 5M IN A 10.0.2.253
+2000.example. 5M IN A 10.0.2.254
+2000.example. 5M IN A 10.0.2.255
+2000.example. 5M IN A 10.0.3.0
+2000.example. 5M IN A 10.0.3.1
+2000.example. 5M IN A 10.0.3.2
+2000.example. 5M IN A 10.0.3.3
+2000.example. 5M IN A 10.0.3.4
+2000.example. 5M IN A 10.0.3.5
+2000.example. 5M IN A 10.0.3.6
+2000.example. 5M IN A 10.0.3.7
+2000.example. 5M IN A 10.0.3.8
+2000.example. 5M IN A 10.0.3.9
+2000.example. 5M IN A 10.0.3.10
+2000.example. 5M IN A 10.0.3.11
+2000.example. 5M IN A 10.0.3.12
+2000.example. 5M IN A 10.0.3.13
+2000.example. 5M IN A 10.0.3.14
+2000.example. 5M IN A 10.0.3.15
+2000.example. 5M IN A 10.0.3.16
+2000.example. 5M IN A 10.0.3.17
+2000.example. 5M IN A 10.0.3.18
+2000.example. 5M IN A 10.0.3.19
+2000.example. 5M IN A 10.0.3.20
+2000.example. 5M IN A 10.0.3.21
+2000.example. 5M IN A 10.0.3.22
+2000.example. 5M IN A 10.0.3.23
+2000.example. 5M IN A 10.0.3.24
+2000.example. 5M IN A 10.0.3.25
+2000.example. 5M IN A 10.0.3.26
+2000.example. 5M IN A 10.0.3.27
+2000.example. 5M IN A 10.0.3.28
+2000.example. 5M IN A 10.0.3.29
+2000.example. 5M IN A 10.0.3.30
+2000.example. 5M IN A 10.0.3.31
+2000.example. 5M IN A 10.0.3.32
+2000.example. 5M IN A 10.0.3.33
+2000.example. 5M IN A 10.0.3.34
+2000.example. 5M IN A 10.0.3.35
+2000.example. 5M IN A 10.0.3.36
+2000.example. 5M IN A 10.0.3.37
+2000.example. 5M IN A 10.0.3.38
+2000.example. 5M IN A 10.0.3.39
+2000.example. 5M IN A 10.0.3.40
+2000.example. 5M IN A 10.0.3.41
+2000.example. 5M IN A 10.0.3.42
+2000.example. 5M IN A 10.0.3.43
+2000.example. 5M IN A 10.0.3.44
+2000.example. 5M IN A 10.0.3.45
+2000.example. 5M IN A 10.0.3.46
+2000.example. 5M IN A 10.0.3.47
+2000.example. 5M IN A 10.0.3.48
+2000.example. 5M IN A 10.0.3.49
+2000.example. 5M IN A 10.0.3.50
+2000.example. 5M IN A 10.0.3.51
+2000.example. 5M IN A 10.0.3.52
+2000.example. 5M IN A 10.0.3.53
+2000.example. 5M IN A 10.0.3.54
+2000.example. 5M IN A 10.0.3.55
+2000.example. 5M IN A 10.0.3.56
+2000.example. 5M IN A 10.0.3.57
+2000.example. 5M IN A 10.0.3.58
+2000.example. 5M IN A 10.0.3.59
+2000.example. 5M IN A 10.0.3.60
+2000.example. 5M IN A 10.0.3.61
+2000.example. 5M IN A 10.0.3.62
+2000.example. 5M IN A 10.0.3.63
+2000.example. 5M IN A 10.0.3.64
+2000.example. 5M IN A 10.0.3.65
+2000.example. 5M IN A 10.0.3.66
+2000.example. 5M IN A 10.0.3.67
+2000.example. 5M IN A 10.0.3.68
+2000.example. 5M IN A 10.0.3.69
+2000.example. 5M IN A 10.0.3.70
+2000.example. 5M IN A 10.0.3.71
+2000.example. 5M IN A 10.0.3.72
+2000.example. 5M IN A 10.0.3.73
+2000.example. 5M IN A 10.0.3.74
+2000.example. 5M IN A 10.0.3.75
+2000.example. 5M IN A 10.0.3.76
+2000.example. 5M IN A 10.0.3.77
+2000.example. 5M IN A 10.0.3.78
+2000.example. 5M IN A 10.0.3.79
+2000.example. 5M IN A 10.0.3.80
+2000.example. 5M IN A 10.0.3.81
+2000.example. 5M IN A 10.0.3.82
+2000.example. 5M IN A 10.0.3.83
+2000.example. 5M IN A 10.0.3.84
+2000.example. 5M IN A 10.0.3.85
+2000.example. 5M IN A 10.0.3.86
+2000.example. 5M IN A 10.0.3.87
+2000.example. 5M IN A 10.0.3.88
+2000.example. 5M IN A 10.0.3.89
+2000.example. 5M IN A 10.0.3.90
+2000.example. 5M IN A 10.0.3.91
+2000.example. 5M IN A 10.0.3.92
+2000.example. 5M IN A 10.0.3.93
+2000.example. 5M IN A 10.0.3.94
+2000.example. 5M IN A 10.0.3.95
+2000.example. 5M IN A 10.0.3.96
+2000.example. 5M IN A 10.0.3.97
+2000.example. 5M IN A 10.0.3.98
+2000.example. 5M IN A 10.0.3.99
+2000.example. 5M IN A 10.0.3.100
+2000.example. 5M IN A 10.0.3.101
+2000.example. 5M IN A 10.0.3.102
+2000.example. 5M IN A 10.0.3.103
+2000.example. 5M IN A 10.0.3.104
+2000.example. 5M IN A 10.0.3.105
+2000.example. 5M IN A 10.0.3.106
+2000.example. 5M IN A 10.0.3.107
+2000.example. 5M IN A 10.0.3.108
+2000.example. 5M IN A 10.0.3.109
+2000.example. 5M IN A 10.0.3.110
+2000.example. 5M IN A 10.0.3.111
+2000.example. 5M IN A 10.0.3.112
+2000.example. 5M IN A 10.0.3.113
+2000.example. 5M IN A 10.0.3.114
+2000.example. 5M IN A 10.0.3.115
+2000.example. 5M IN A 10.0.3.116
+2000.example. 5M IN A 10.0.3.117
+2000.example. 5M IN A 10.0.3.118
+2000.example. 5M IN A 10.0.3.119
+2000.example. 5M IN A 10.0.3.120
+2000.example. 5M IN A 10.0.3.121
+2000.example. 5M IN A 10.0.3.122
+2000.example. 5M IN A 10.0.3.123
+2000.example. 5M IN A 10.0.3.124
+2000.example. 5M IN A 10.0.3.125
+2000.example. 5M IN A 10.0.3.126
+2000.example. 5M IN A 10.0.3.127
+2000.example. 5M IN A 10.0.3.128
+2000.example. 5M IN A 10.0.3.129
+2000.example. 5M IN A 10.0.3.130
+2000.example. 5M IN A 10.0.3.131
+2000.example. 5M IN A 10.0.3.132
+2000.example. 5M IN A 10.0.3.133
+2000.example. 5M IN A 10.0.3.134
+2000.example. 5M IN A 10.0.3.135
+2000.example. 5M IN A 10.0.3.136
+2000.example. 5M IN A 10.0.3.137
+2000.example. 5M IN A 10.0.3.138
+2000.example. 5M IN A 10.0.3.139
+2000.example. 5M IN A 10.0.3.140
+2000.example. 5M IN A 10.0.3.141
+2000.example. 5M IN A 10.0.3.142
+2000.example. 5M IN A 10.0.3.143
+2000.example. 5M IN A 10.0.3.144
+2000.example. 5M IN A 10.0.3.145
+2000.example. 5M IN A 10.0.3.146
+2000.example. 5M IN A 10.0.3.147
+2000.example. 5M IN A 10.0.3.148
+2000.example. 5M IN A 10.0.3.149
+2000.example. 5M IN A 10.0.3.150
+2000.example. 5M IN A 10.0.3.151
+2000.example. 5M IN A 10.0.3.152
+2000.example. 5M IN A 10.0.3.153
+2000.example. 5M IN A 10.0.3.154
+2000.example. 5M IN A 10.0.3.155
+2000.example. 5M IN A 10.0.3.156
+2000.example. 5M IN A 10.0.3.157
+2000.example. 5M IN A 10.0.3.158
+2000.example. 5M IN A 10.0.3.159
+2000.example. 5M IN A 10.0.3.160
+2000.example. 5M IN A 10.0.3.161
+2000.example. 5M IN A 10.0.3.162
+2000.example. 5M IN A 10.0.3.163
+2000.example. 5M IN A 10.0.3.164
+2000.example. 5M IN A 10.0.3.165
+2000.example. 5M IN A 10.0.3.166
+2000.example. 5M IN A 10.0.3.167
+2000.example. 5M IN A 10.0.3.168
+2000.example. 5M IN A 10.0.3.169
+2000.example. 5M IN A 10.0.3.170
+2000.example. 5M IN A 10.0.3.171
+2000.example. 5M IN A 10.0.3.172
+2000.example. 5M IN A 10.0.3.173
+2000.example. 5M IN A 10.0.3.174
+2000.example. 5M IN A 10.0.3.175
+2000.example. 5M IN A 10.0.3.176
+2000.example. 5M IN A 10.0.3.177
+2000.example. 5M IN A 10.0.3.178
+2000.example. 5M IN A 10.0.3.179
+2000.example. 5M IN A 10.0.3.180
+2000.example. 5M IN A 10.0.3.181
+2000.example. 5M IN A 10.0.3.182
+2000.example. 5M IN A 10.0.3.183
+2000.example. 5M IN A 10.0.3.184
+2000.example. 5M IN A 10.0.3.185
+2000.example. 5M IN A 10.0.3.186
+2000.example. 5M IN A 10.0.3.187
+2000.example. 5M IN A 10.0.3.188
+2000.example. 5M IN A 10.0.3.189
+2000.example. 5M IN A 10.0.3.190
+2000.example. 5M IN A 10.0.3.191
+2000.example. 5M IN A 10.0.3.192
+2000.example. 5M IN A 10.0.3.193
+2000.example. 5M IN A 10.0.3.194
+2000.example. 5M IN A 10.0.3.195
+2000.example. 5M IN A 10.0.3.196
+2000.example. 5M IN A 10.0.3.197
+2000.example. 5M IN A 10.0.3.198
+2000.example. 5M IN A 10.0.3.199
+2000.example. 5M IN A 10.0.3.200
+2000.example. 5M IN A 10.0.3.201
+2000.example. 5M IN A 10.0.3.202
+2000.example. 5M IN A 10.0.3.203
+2000.example. 5M IN A 10.0.3.204
+2000.example. 5M IN A 10.0.3.205
+2000.example. 5M IN A 10.0.3.206
+2000.example. 5M IN A 10.0.3.207
+2000.example. 5M IN A 10.0.3.208
+2000.example. 5M IN A 10.0.3.209
+2000.example. 5M IN A 10.0.3.210
+2000.example. 5M IN A 10.0.3.211
+2000.example. 5M IN A 10.0.3.212
+2000.example. 5M IN A 10.0.3.213
+2000.example. 5M IN A 10.0.3.214
+2000.example. 5M IN A 10.0.3.215
+2000.example. 5M IN A 10.0.3.216
+2000.example. 5M IN A 10.0.3.217
+2000.example. 5M IN A 10.0.3.218
+2000.example. 5M IN A 10.0.3.219
+2000.example. 5M IN A 10.0.3.220
+2000.example. 5M IN A 10.0.3.221
+2000.example. 5M IN A 10.0.3.222
+2000.example. 5M IN A 10.0.3.223
+2000.example. 5M IN A 10.0.3.224
+2000.example. 5M IN A 10.0.3.225
+2000.example. 5M IN A 10.0.3.226
+2000.example. 5M IN A 10.0.3.227
+2000.example. 5M IN A 10.0.3.228
+2000.example. 5M IN A 10.0.3.229
+2000.example. 5M IN A 10.0.3.230
+2000.example. 5M IN A 10.0.3.231
+2000.example. 5M IN A 10.0.3.232
+2000.example. 5M IN A 10.0.3.233
+2000.example. 5M IN A 10.0.3.234
+2000.example. 5M IN A 10.0.3.235
+2000.example. 5M IN A 10.0.3.236
+2000.example. 5M IN A 10.0.3.237
+2000.example. 5M IN A 10.0.3.238
+2000.example. 5M IN A 10.0.3.239
+2000.example. 5M IN A 10.0.3.240
+2000.example. 5M IN A 10.0.3.241
+2000.example. 5M IN A 10.0.3.242
+2000.example. 5M IN A 10.0.3.243
+2000.example. 5M IN A 10.0.3.244
+2000.example. 5M IN A 10.0.3.245
+2000.example. 5M IN A 10.0.3.246
+2000.example. 5M IN A 10.0.3.247
+2000.example. 5M IN A 10.0.3.248
+2000.example. 5M IN A 10.0.3.249
+2000.example. 5M IN A 10.0.3.250
+2000.example. 5M IN A 10.0.3.251
+2000.example. 5M IN A 10.0.3.252
+2000.example. 5M IN A 10.0.3.253
+2000.example. 5M IN A 10.0.3.254
+2000.example. 5M IN A 10.0.3.255
+2000.example. 5M IN A 10.0.4.0
+2000.example. 5M IN A 10.0.4.1
+2000.example. 5M IN A 10.0.4.2
+2000.example. 5M IN A 10.0.4.3
+2000.example. 5M IN A 10.0.4.4
+2000.example. 5M IN A 10.0.4.5
+2000.example. 5M IN A 10.0.4.6
+2000.example. 5M IN A 10.0.4.7
+2000.example. 5M IN A 10.0.4.8
+2000.example. 5M IN A 10.0.4.9
+2000.example. 5M IN A 10.0.4.10
+2000.example. 5M IN A 10.0.4.11
+2000.example. 5M IN A 10.0.4.12
+2000.example. 5M IN A 10.0.4.13
+2000.example. 5M IN A 10.0.4.14
+2000.example. 5M IN A 10.0.4.15
+2000.example. 5M IN A 10.0.4.16
+2000.example. 5M IN A 10.0.4.17
+2000.example. 5M IN A 10.0.4.18
+2000.example. 5M IN A 10.0.4.19
+2000.example. 5M IN A 10.0.4.20
+2000.example. 5M IN A 10.0.4.21
+2000.example. 5M IN A 10.0.4.22
+2000.example. 5M IN A 10.0.4.23
+2000.example. 5M IN A 10.0.4.24
+2000.example. 5M IN A 10.0.4.25
+2000.example. 5M IN A 10.0.4.26
+2000.example. 5M IN A 10.0.4.27
+2000.example. 5M IN A 10.0.4.28
+2000.example. 5M IN A 10.0.4.29
+2000.example. 5M IN A 10.0.4.30
+2000.example. 5M IN A 10.0.4.31
+2000.example. 5M IN A 10.0.4.32
+2000.example. 5M IN A 10.0.4.33
+2000.example. 5M IN A 10.0.4.34
+2000.example. 5M IN A 10.0.4.35
+2000.example. 5M IN A 10.0.4.36
+2000.example. 5M IN A 10.0.4.37
+2000.example. 5M IN A 10.0.4.38
+2000.example. 5M IN A 10.0.4.39
+2000.example. 5M IN A 10.0.4.40
+2000.example. 5M IN A 10.0.4.41
+2000.example. 5M IN A 10.0.4.42
+2000.example. 5M IN A 10.0.4.43
+2000.example. 5M IN A 10.0.4.44
+2000.example. 5M IN A 10.0.4.45
+2000.example. 5M IN A 10.0.4.46
+2000.example. 5M IN A 10.0.4.47
+2000.example. 5M IN A 10.0.4.48
+2000.example. 5M IN A 10.0.4.49
+2000.example. 5M IN A 10.0.4.50
+2000.example. 5M IN A 10.0.4.51
+2000.example. 5M IN A 10.0.4.52
+2000.example. 5M IN A 10.0.4.53
+2000.example. 5M IN A 10.0.4.54
+2000.example. 5M IN A 10.0.4.55
+2000.example. 5M IN A 10.0.4.56
+2000.example. 5M IN A 10.0.4.57
+2000.example. 5M IN A 10.0.4.58
+2000.example. 5M IN A 10.0.4.59
+2000.example. 5M IN A 10.0.4.60
+2000.example. 5M IN A 10.0.4.61
+2000.example. 5M IN A 10.0.4.62
+2000.example. 5M IN A 10.0.4.63
+2000.example. 5M IN A 10.0.4.64
+2000.example. 5M IN A 10.0.4.65
+2000.example. 5M IN A 10.0.4.66
+2000.example. 5M IN A 10.0.4.67
+2000.example. 5M IN A 10.0.4.68
+2000.example. 5M IN A 10.0.4.69
+2000.example. 5M IN A 10.0.4.70
+2000.example. 5M IN A 10.0.4.71
+2000.example. 5M IN A 10.0.4.72
+2000.example. 5M IN A 10.0.4.73
+2000.example. 5M IN A 10.0.4.74
+2000.example. 5M IN A 10.0.4.75
+2000.example. 5M IN A 10.0.4.76
+2000.example. 5M IN A 10.0.4.77
+2000.example. 5M IN A 10.0.4.78
+2000.example. 5M IN A 10.0.4.79
+2000.example. 5M IN A 10.0.4.80
+2000.example. 5M IN A 10.0.4.81
+2000.example. 5M IN A 10.0.4.82
+2000.example. 5M IN A 10.0.4.83
+2000.example. 5M IN A 10.0.4.84
+2000.example. 5M IN A 10.0.4.85
+2000.example. 5M IN A 10.0.4.86
+2000.example. 5M IN A 10.0.4.87
+2000.example. 5M IN A 10.0.4.88
+2000.example. 5M IN A 10.0.4.89
+2000.example. 5M IN A 10.0.4.90
+2000.example. 5M IN A 10.0.4.91
+2000.example. 5M IN A 10.0.4.92
+2000.example. 5M IN A 10.0.4.93
+2000.example. 5M IN A 10.0.4.94
+2000.example. 5M IN A 10.0.4.95
+2000.example. 5M IN A 10.0.4.96
+2000.example. 5M IN A 10.0.4.97
+2000.example. 5M IN A 10.0.4.98
+2000.example. 5M IN A 10.0.4.99
+2000.example. 5M IN A 10.0.4.100
+2000.example. 5M IN A 10.0.4.101
+2000.example. 5M IN A 10.0.4.102
+2000.example. 5M IN A 10.0.4.103
+2000.example. 5M IN A 10.0.4.104
+2000.example. 5M IN A 10.0.4.105
+2000.example. 5M IN A 10.0.4.106
+2000.example. 5M IN A 10.0.4.107
+2000.example. 5M IN A 10.0.4.108
+2000.example. 5M IN A 10.0.4.109
+2000.example. 5M IN A 10.0.4.110
+2000.example. 5M IN A 10.0.4.111
+2000.example. 5M IN A 10.0.4.112
+2000.example. 5M IN A 10.0.4.113
+2000.example. 5M IN A 10.0.4.114
+2000.example. 5M IN A 10.0.4.115
+2000.example. 5M IN A 10.0.4.116
+2000.example. 5M IN A 10.0.4.117
+2000.example. 5M IN A 10.0.4.118
+2000.example. 5M IN A 10.0.4.119
+2000.example. 5M IN A 10.0.4.120
+2000.example. 5M IN A 10.0.4.121
+2000.example. 5M IN A 10.0.4.122
+2000.example. 5M IN A 10.0.4.123
+2000.example. 5M IN A 10.0.4.124
+2000.example. 5M IN A 10.0.4.125
+2000.example. 5M IN A 10.0.4.126
+2000.example. 5M IN A 10.0.4.127
+2000.example. 5M IN A 10.0.4.128
+2000.example. 5M IN A 10.0.4.129
+2000.example. 5M IN A 10.0.4.130
+2000.example. 5M IN A 10.0.4.131
+2000.example. 5M IN A 10.0.4.132
+2000.example. 5M IN A 10.0.4.133
+2000.example. 5M IN A 10.0.4.134
+2000.example. 5M IN A 10.0.4.135
+2000.example. 5M IN A 10.0.4.136
+2000.example. 5M IN A 10.0.4.137
+2000.example. 5M IN A 10.0.4.138
+2000.example. 5M IN A 10.0.4.139
+2000.example. 5M IN A 10.0.4.140
+2000.example. 5M IN A 10.0.4.141
+2000.example. 5M IN A 10.0.4.142
+2000.example. 5M IN A 10.0.4.143
+2000.example. 5M IN A 10.0.4.144
+2000.example. 5M IN A 10.0.4.145
+2000.example. 5M IN A 10.0.4.146
+2000.example. 5M IN A 10.0.4.147
+2000.example. 5M IN A 10.0.4.148
+2000.example. 5M IN A 10.0.4.149
+2000.example. 5M IN A 10.0.4.150
+2000.example. 5M IN A 10.0.4.151
+2000.example. 5M IN A 10.0.4.152
+2000.example. 5M IN A 10.0.4.153
+2000.example. 5M IN A 10.0.4.154
+2000.example. 5M IN A 10.0.4.155
+2000.example. 5M IN A 10.0.4.156
+2000.example. 5M IN A 10.0.4.157
+2000.example. 5M IN A 10.0.4.158
+2000.example. 5M IN A 10.0.4.159
+2000.example. 5M IN A 10.0.4.160
+2000.example. 5M IN A 10.0.4.161
+2000.example. 5M IN A 10.0.4.162
+2000.example. 5M IN A 10.0.4.163
+2000.example. 5M IN A 10.0.4.164
+2000.example. 5M IN A 10.0.4.165
+2000.example. 5M IN A 10.0.4.166
+2000.example. 5M IN A 10.0.4.167
+2000.example. 5M IN A 10.0.4.168
+2000.example. 5M IN A 10.0.4.169
+2000.example. 5M IN A 10.0.4.170
+2000.example. 5M IN A 10.0.4.171
+2000.example. 5M IN A 10.0.4.172
+2000.example. 5M IN A 10.0.4.173
+2000.example. 5M IN A 10.0.4.174
+2000.example. 5M IN A 10.0.4.175
+2000.example. 5M IN A 10.0.4.176
+2000.example. 5M IN A 10.0.4.177
+2000.example. 5M IN A 10.0.4.178
+2000.example. 5M IN A 10.0.4.179
+2000.example. 5M IN A 10.0.4.180
+2000.example. 5M IN A 10.0.4.181
+2000.example. 5M IN A 10.0.4.182
+2000.example. 5M IN A 10.0.4.183
+2000.example. 5M IN A 10.0.4.184
+2000.example. 5M IN A 10.0.4.185
+2000.example. 5M IN A 10.0.4.186
+2000.example. 5M IN A 10.0.4.187
+2000.example. 5M IN A 10.0.4.188
+2000.example. 5M IN A 10.0.4.189
+2000.example. 5M IN A 10.0.4.190
+2000.example. 5M IN A 10.0.4.191
+2000.example. 5M IN A 10.0.4.192
+2000.example. 5M IN A 10.0.4.193
+2000.example. 5M IN A 10.0.4.194
+2000.example. 5M IN A 10.0.4.195
+2000.example. 5M IN A 10.0.4.196
+2000.example. 5M IN A 10.0.4.197
+2000.example. 5M IN A 10.0.4.198
+2000.example. 5M IN A 10.0.4.199
+2000.example. 5M IN A 10.0.4.200
+2000.example. 5M IN A 10.0.4.201
+2000.example. 5M IN A 10.0.4.202
+2000.example. 5M IN A 10.0.4.203
+2000.example. 5M IN A 10.0.4.204
+2000.example. 5M IN A 10.0.4.205
+2000.example. 5M IN A 10.0.4.206
+2000.example. 5M IN A 10.0.4.207
+2000.example. 5M IN A 10.0.4.208
+2000.example. 5M IN A 10.0.4.209
+2000.example. 5M IN A 10.0.4.210
+2000.example. 5M IN A 10.0.4.211
+2000.example. 5M IN A 10.0.4.212
+2000.example. 5M IN A 10.0.4.213
+2000.example. 5M IN A 10.0.4.214
+2000.example. 5M IN A 10.0.4.215
+2000.example. 5M IN A 10.0.4.216
+2000.example. 5M IN A 10.0.4.217
+2000.example. 5M IN A 10.0.4.218
+2000.example. 5M IN A 10.0.4.219
+2000.example. 5M IN A 10.0.4.220
+2000.example. 5M IN A 10.0.4.221
+2000.example. 5M IN A 10.0.4.222
+2000.example. 5M IN A 10.0.4.223
+2000.example. 5M IN A 10.0.4.224
+2000.example. 5M IN A 10.0.4.225
+2000.example. 5M IN A 10.0.4.226
+2000.example. 5M IN A 10.0.4.227
+2000.example. 5M IN A 10.0.4.228
+2000.example. 5M IN A 10.0.4.229
+2000.example. 5M IN A 10.0.4.230
+2000.example. 5M IN A 10.0.4.231
+2000.example. 5M IN A 10.0.4.232
+2000.example. 5M IN A 10.0.4.233
+2000.example. 5M IN A 10.0.4.234
+2000.example. 5M IN A 10.0.4.235
+2000.example. 5M IN A 10.0.4.236
+2000.example. 5M IN A 10.0.4.237
+2000.example. 5M IN A 10.0.4.238
+2000.example. 5M IN A 10.0.4.239
+2000.example. 5M IN A 10.0.4.240
+2000.example. 5M IN A 10.0.4.241
+2000.example. 5M IN A 10.0.4.242
+2000.example. 5M IN A 10.0.4.243
+2000.example. 5M IN A 10.0.4.244
+2000.example. 5M IN A 10.0.4.245
+2000.example. 5M IN A 10.0.4.246
+2000.example. 5M IN A 10.0.4.247
+2000.example. 5M IN A 10.0.4.248
+2000.example. 5M IN A 10.0.4.249
+2000.example. 5M IN A 10.0.4.250
+2000.example. 5M IN A 10.0.4.251
+2000.example. 5M IN A 10.0.4.252
+2000.example. 5M IN A 10.0.4.253
+2000.example. 5M IN A 10.0.4.254
+2000.example. 5M IN A 10.0.4.255
+2000.example. 5M IN A 10.0.5.0
+2000.example. 5M IN A 10.0.5.1
+2000.example. 5M IN A 10.0.5.2
+2000.example. 5M IN A 10.0.5.3
+2000.example. 5M IN A 10.0.5.4
+2000.example. 5M IN A 10.0.5.5
+2000.example. 5M IN A 10.0.5.6
+2000.example. 5M IN A 10.0.5.7
+2000.example. 5M IN A 10.0.5.8
+2000.example. 5M IN A 10.0.5.9
+2000.example. 5M IN A 10.0.5.10
+2000.example. 5M IN A 10.0.5.11
+2000.example. 5M IN A 10.0.5.12
+2000.example. 5M IN A 10.0.5.13
+2000.example. 5M IN A 10.0.5.14
+2000.example. 5M IN A 10.0.5.15
+2000.example. 5M IN A 10.0.5.16
+2000.example. 5M IN A 10.0.5.17
+2000.example. 5M IN A 10.0.5.18
+2000.example. 5M IN A 10.0.5.19
+2000.example. 5M IN A 10.0.5.20
+2000.example. 5M IN A 10.0.5.21
+2000.example. 5M IN A 10.0.5.22
+2000.example. 5M IN A 10.0.5.23
+2000.example. 5M IN A 10.0.5.24
+2000.example. 5M IN A 10.0.5.25
+2000.example. 5M IN A 10.0.5.26
+2000.example. 5M IN A 10.0.5.27
+2000.example. 5M IN A 10.0.5.28
+2000.example. 5M IN A 10.0.5.29
+2000.example. 5M IN A 10.0.5.30
+2000.example. 5M IN A 10.0.5.31
+2000.example. 5M IN A 10.0.5.32
+2000.example. 5M IN A 10.0.5.33
+2000.example. 5M IN A 10.0.5.34
+2000.example. 5M IN A 10.0.5.35
+2000.example. 5M IN A 10.0.5.36
+2000.example. 5M IN A 10.0.5.37
+2000.example. 5M IN A 10.0.5.38
+2000.example. 5M IN A 10.0.5.39
+2000.example. 5M IN A 10.0.5.40
+2000.example. 5M IN A 10.0.5.41
+2000.example. 5M IN A 10.0.5.42
+2000.example. 5M IN A 10.0.5.43
+2000.example. 5M IN A 10.0.5.44
+2000.example. 5M IN A 10.0.5.45
+2000.example. 5M IN A 10.0.5.46
+2000.example. 5M IN A 10.0.5.47
+2000.example. 5M IN A 10.0.5.48
+2000.example. 5M IN A 10.0.5.49
+2000.example. 5M IN A 10.0.5.50
+2000.example. 5M IN A 10.0.5.51
+2000.example. 5M IN A 10.0.5.52
+2000.example. 5M IN A 10.0.5.53
+2000.example. 5M IN A 10.0.5.54
+2000.example. 5M IN A 10.0.5.55
+2000.example. 5M IN A 10.0.5.56
+2000.example. 5M IN A 10.0.5.57
+2000.example. 5M IN A 10.0.5.58
+2000.example. 5M IN A 10.0.5.59
+2000.example. 5M IN A 10.0.5.60
+2000.example. 5M IN A 10.0.5.61
+2000.example. 5M IN A 10.0.5.62
+2000.example. 5M IN A 10.0.5.63
+2000.example. 5M IN A 10.0.5.64
+2000.example. 5M IN A 10.0.5.65
+2000.example. 5M IN A 10.0.5.66
+2000.example. 5M IN A 10.0.5.67
+2000.example. 5M IN A 10.0.5.68
+2000.example. 5M IN A 10.0.5.69
+2000.example. 5M IN A 10.0.5.70
+2000.example. 5M IN A 10.0.5.71
+2000.example. 5M IN A 10.0.5.72
+2000.example. 5M IN A 10.0.5.73
+2000.example. 5M IN A 10.0.5.74
+2000.example. 5M IN A 10.0.5.75
+2000.example. 5M IN A 10.0.5.76
+2000.example. 5M IN A 10.0.5.77
+2000.example. 5M IN A 10.0.5.78
+2000.example. 5M IN A 10.0.5.79
+2000.example. 5M IN A 10.0.5.80
+2000.example. 5M IN A 10.0.5.81
+2000.example. 5M IN A 10.0.5.82
+2000.example. 5M IN A 10.0.5.83
+2000.example. 5M IN A 10.0.5.84
+2000.example. 5M IN A 10.0.5.85
+2000.example. 5M IN A 10.0.5.86
+2000.example. 5M IN A 10.0.5.87
+2000.example. 5M IN A 10.0.5.88
+2000.example. 5M IN A 10.0.5.89
+2000.example. 5M IN A 10.0.5.90
+2000.example. 5M IN A 10.0.5.91
+2000.example. 5M IN A 10.0.5.92
+2000.example. 5M IN A 10.0.5.93
+2000.example. 5M IN A 10.0.5.94
+2000.example. 5M IN A 10.0.5.95
+2000.example. 5M IN A 10.0.5.96
+2000.example. 5M IN A 10.0.5.97
+2000.example. 5M IN A 10.0.5.98
+2000.example. 5M IN A 10.0.5.99
+2000.example. 5M IN A 10.0.5.100
+2000.example. 5M IN A 10.0.5.101
+2000.example. 5M IN A 10.0.5.102
+2000.example. 5M IN A 10.0.5.103
+2000.example. 5M IN A 10.0.5.104
+2000.example. 5M IN A 10.0.5.105
+2000.example. 5M IN A 10.0.5.106
+2000.example. 5M IN A 10.0.5.107
+2000.example. 5M IN A 10.0.5.108
+2000.example. 5M IN A 10.0.5.109
+2000.example. 5M IN A 10.0.5.110
+2000.example. 5M IN A 10.0.5.111
+2000.example. 5M IN A 10.0.5.112
+2000.example. 5M IN A 10.0.5.113
+2000.example. 5M IN A 10.0.5.114
+2000.example. 5M IN A 10.0.5.115
+2000.example. 5M IN A 10.0.5.116
+2000.example. 5M IN A 10.0.5.117
+2000.example. 5M IN A 10.0.5.118
+2000.example. 5M IN A 10.0.5.119
+2000.example. 5M IN A 10.0.5.120
+2000.example. 5M IN A 10.0.5.121
+2000.example. 5M IN A 10.0.5.122
+2000.example. 5M IN A 10.0.5.123
+2000.example. 5M IN A 10.0.5.124
+2000.example. 5M IN A 10.0.5.125
+2000.example. 5M IN A 10.0.5.126
+2000.example. 5M IN A 10.0.5.127
+2000.example. 5M IN A 10.0.5.128
+2000.example. 5M IN A 10.0.5.129
+2000.example. 5M IN A 10.0.5.130
+2000.example. 5M IN A 10.0.5.131
+2000.example. 5M IN A 10.0.5.132
+2000.example. 5M IN A 10.0.5.133
+2000.example. 5M IN A 10.0.5.134
+2000.example. 5M IN A 10.0.5.135
+2000.example. 5M IN A 10.0.5.136
+2000.example. 5M IN A 10.0.5.137
+2000.example. 5M IN A 10.0.5.138
+2000.example. 5M IN A 10.0.5.139
+2000.example. 5M IN A 10.0.5.140
+2000.example. 5M IN A 10.0.5.141
+2000.example. 5M IN A 10.0.5.142
+2000.example. 5M IN A 10.0.5.143
+2000.example. 5M IN A 10.0.5.144
+2000.example. 5M IN A 10.0.5.145
+2000.example. 5M IN A 10.0.5.146
+2000.example. 5M IN A 10.0.5.147
+2000.example. 5M IN A 10.0.5.148
+2000.example. 5M IN A 10.0.5.149
+2000.example. 5M IN A 10.0.5.150
+2000.example. 5M IN A 10.0.5.151
+2000.example. 5M IN A 10.0.5.152
+2000.example. 5M IN A 10.0.5.153
+2000.example. 5M IN A 10.0.5.154
+2000.example. 5M IN A 10.0.5.155
+2000.example. 5M IN A 10.0.5.156
+2000.example. 5M IN A 10.0.5.157
+2000.example. 5M IN A 10.0.5.158
+2000.example. 5M IN A 10.0.5.159
+2000.example. 5M IN A 10.0.5.160
+2000.example. 5M IN A 10.0.5.161
+2000.example. 5M IN A 10.0.5.162
+2000.example. 5M IN A 10.0.5.163
+2000.example. 5M IN A 10.0.5.164
+2000.example. 5M IN A 10.0.5.165
+2000.example. 5M IN A 10.0.5.166
+2000.example. 5M IN A 10.0.5.167
+2000.example. 5M IN A 10.0.5.168
+2000.example. 5M IN A 10.0.5.169
+2000.example. 5M IN A 10.0.5.170
+2000.example. 5M IN A 10.0.5.171
+2000.example. 5M IN A 10.0.5.172
+2000.example. 5M IN A 10.0.5.173
+2000.example. 5M IN A 10.0.5.174
+2000.example. 5M IN A 10.0.5.175
+2000.example. 5M IN A 10.0.5.176
+2000.example. 5M IN A 10.0.5.177
+2000.example. 5M IN A 10.0.5.178
+2000.example. 5M IN A 10.0.5.179
+2000.example. 5M IN A 10.0.5.180
+2000.example. 5M IN A 10.0.5.181
+2000.example. 5M IN A 10.0.5.182
+2000.example. 5M IN A 10.0.5.183
+2000.example. 5M IN A 10.0.5.184
+2000.example. 5M IN A 10.0.5.185
+2000.example. 5M IN A 10.0.5.186
+2000.example. 5M IN A 10.0.5.187
+2000.example. 5M IN A 10.0.5.188
+2000.example. 5M IN A 10.0.5.189
+2000.example. 5M IN A 10.0.5.190
+2000.example. 5M IN A 10.0.5.191
+2000.example. 5M IN A 10.0.5.192
+2000.example. 5M IN A 10.0.5.193
+2000.example. 5M IN A 10.0.5.194
+2000.example. 5M IN A 10.0.5.195
+2000.example. 5M IN A 10.0.5.196
+2000.example. 5M IN A 10.0.5.197
+2000.example. 5M IN A 10.0.5.198
+2000.example. 5M IN A 10.0.5.199
+2000.example. 5M IN A 10.0.5.200
+2000.example. 5M IN A 10.0.5.201
+2000.example. 5M IN A 10.0.5.202
+2000.example. 5M IN A 10.0.5.203
+2000.example. 5M IN A 10.0.5.204
+2000.example. 5M IN A 10.0.5.205
+2000.example. 5M IN A 10.0.5.206
+2000.example. 5M IN A 10.0.5.207
+2000.example. 5M IN A 10.0.5.208
+2000.example. 5M IN A 10.0.5.209
+2000.example. 5M IN A 10.0.5.210
+2000.example. 5M IN A 10.0.5.211
+2000.example. 5M IN A 10.0.5.212
+2000.example. 5M IN A 10.0.5.213
+2000.example. 5M IN A 10.0.5.214
+2000.example. 5M IN A 10.0.5.215
+2000.example. 5M IN A 10.0.5.216
+2000.example. 5M IN A 10.0.5.217
+2000.example. 5M IN A 10.0.5.218
+2000.example. 5M IN A 10.0.5.219
+2000.example. 5M IN A 10.0.5.220
+2000.example. 5M IN A 10.0.5.221
+2000.example. 5M IN A 10.0.5.222
+2000.example. 5M IN A 10.0.5.223
+2000.example. 5M IN A 10.0.5.224
+2000.example. 5M IN A 10.0.5.225
+2000.example. 5M IN A 10.0.5.226
+2000.example. 5M IN A 10.0.5.227
+2000.example. 5M IN A 10.0.5.228
+2000.example. 5M IN A 10.0.5.229
+2000.example. 5M IN A 10.0.5.230
+2000.example. 5M IN A 10.0.5.231
+2000.example. 5M IN A 10.0.5.232
+2000.example. 5M IN A 10.0.5.233
+2000.example. 5M IN A 10.0.5.234
+2000.example. 5M IN A 10.0.5.235
+2000.example. 5M IN A 10.0.5.236
+2000.example. 5M IN A 10.0.5.237
+2000.example. 5M IN A 10.0.5.238
+2000.example. 5M IN A 10.0.5.239
+2000.example. 5M IN A 10.0.5.240
+2000.example. 5M IN A 10.0.5.241
+2000.example. 5M IN A 10.0.5.242
+2000.example. 5M IN A 10.0.5.243
+2000.example. 5M IN A 10.0.5.244
+2000.example. 5M IN A 10.0.5.245
+2000.example. 5M IN A 10.0.5.246
+2000.example. 5M IN A 10.0.5.247
+2000.example. 5M IN A 10.0.5.248
+2000.example. 5M IN A 10.0.5.249
+2000.example. 5M IN A 10.0.5.250
+2000.example. 5M IN A 10.0.5.251
+2000.example. 5M IN A 10.0.5.252
+2000.example. 5M IN A 10.0.5.253
+2000.example. 5M IN A 10.0.5.254
+2000.example. 5M IN A 10.0.5.255
+2000.example. 5M IN A 10.0.6.0
+2000.example. 5M IN A 10.0.6.1
+2000.example. 5M IN A 10.0.6.2
+2000.example. 5M IN A 10.0.6.3
+2000.example. 5M IN A 10.0.6.4
+2000.example. 5M IN A 10.0.6.5
+2000.example. 5M IN A 10.0.6.6
+2000.example. 5M IN A 10.0.6.7
+2000.example. 5M IN A 10.0.6.8
+2000.example. 5M IN A 10.0.6.9
+2000.example. 5M IN A 10.0.6.10
+2000.example. 5M IN A 10.0.6.11
+2000.example. 5M IN A 10.0.6.12
+2000.example. 5M IN A 10.0.6.13
+2000.example. 5M IN A 10.0.6.14
+2000.example. 5M IN A 10.0.6.15
+2000.example. 5M IN A 10.0.6.16
+2000.example. 5M IN A 10.0.6.17
+2000.example. 5M IN A 10.0.6.18
+2000.example. 5M IN A 10.0.6.19
+2000.example. 5M IN A 10.0.6.20
+2000.example. 5M IN A 10.0.6.21
+2000.example. 5M IN A 10.0.6.22
+2000.example. 5M IN A 10.0.6.23
+2000.example. 5M IN A 10.0.6.24
+2000.example. 5M IN A 10.0.6.25
+2000.example. 5M IN A 10.0.6.26
+2000.example. 5M IN A 10.0.6.27
+2000.example. 5M IN A 10.0.6.28
+2000.example. 5M IN A 10.0.6.29
+2000.example. 5M IN A 10.0.6.30
+2000.example. 5M IN A 10.0.6.31
+2000.example. 5M IN A 10.0.6.32
+2000.example. 5M IN A 10.0.6.33
+2000.example. 5M IN A 10.0.6.34
+2000.example. 5M IN A 10.0.6.35
+2000.example. 5M IN A 10.0.6.36
+2000.example. 5M IN A 10.0.6.37
+2000.example. 5M IN A 10.0.6.38
+2000.example. 5M IN A 10.0.6.39
+2000.example. 5M IN A 10.0.6.40
+2000.example. 5M IN A 10.0.6.41
+2000.example. 5M IN A 10.0.6.42
+2000.example. 5M IN A 10.0.6.43
+2000.example. 5M IN A 10.0.6.44
+2000.example. 5M IN A 10.0.6.45
+2000.example. 5M IN A 10.0.6.46
+2000.example. 5M IN A 10.0.6.47
+2000.example. 5M IN A 10.0.6.48
+2000.example. 5M IN A 10.0.6.49
+2000.example. 5M IN A 10.0.6.50
+2000.example. 5M IN A 10.0.6.51
+2000.example. 5M IN A 10.0.6.52
+2000.example. 5M IN A 10.0.6.53
+2000.example. 5M IN A 10.0.6.54
+2000.example. 5M IN A 10.0.6.55
+2000.example. 5M IN A 10.0.6.56
+2000.example. 5M IN A 10.0.6.57
+2000.example. 5M IN A 10.0.6.58
+2000.example. 5M IN A 10.0.6.59
+2000.example. 5M IN A 10.0.6.60
+2000.example. 5M IN A 10.0.6.61
+2000.example. 5M IN A 10.0.6.62
+2000.example. 5M IN A 10.0.6.63
+2000.example. 5M IN A 10.0.6.64
+2000.example. 5M IN A 10.0.6.65
+2000.example. 5M IN A 10.0.6.66
+2000.example. 5M IN A 10.0.6.67
+2000.example. 5M IN A 10.0.6.68
+2000.example. 5M IN A 10.0.6.69
+2000.example. 5M IN A 10.0.6.70
+2000.example. 5M IN A 10.0.6.71
+2000.example. 5M IN A 10.0.6.72
+2000.example. 5M IN A 10.0.6.73
+2000.example. 5M IN A 10.0.6.74
+2000.example. 5M IN A 10.0.6.75
+2000.example. 5M IN A 10.0.6.76
+2000.example. 5M IN A 10.0.6.77
+2000.example. 5M IN A 10.0.6.78
+2000.example. 5M IN A 10.0.6.79
+2000.example. 5M IN A 10.0.6.80
+2000.example. 5M IN A 10.0.6.81
+2000.example. 5M IN A 10.0.6.82
+2000.example. 5M IN A 10.0.6.83
+2000.example. 5M IN A 10.0.6.84
+2000.example. 5M IN A 10.0.6.85
+2000.example. 5M IN A 10.0.6.86
+2000.example. 5M IN A 10.0.6.87
+2000.example. 5M IN A 10.0.6.88
+2000.example. 5M IN A 10.0.6.89
+2000.example. 5M IN A 10.0.6.90
+2000.example. 5M IN A 10.0.6.91
+2000.example. 5M IN A 10.0.6.92
+2000.example. 5M IN A 10.0.6.93
+2000.example. 5M IN A 10.0.6.94
+2000.example. 5M IN A 10.0.6.95
+2000.example. 5M IN A 10.0.6.96
+2000.example. 5M IN A 10.0.6.97
+2000.example. 5M IN A 10.0.6.98
+2000.example. 5M IN A 10.0.6.99
+2000.example. 5M IN A 10.0.6.100
+2000.example. 5M IN A 10.0.6.101
+2000.example. 5M IN A 10.0.6.102
+2000.example. 5M IN A 10.0.6.103
+2000.example. 5M IN A 10.0.6.104
+2000.example. 5M IN A 10.0.6.105
+2000.example. 5M IN A 10.0.6.106
+2000.example. 5M IN A 10.0.6.107
+2000.example. 5M IN A 10.0.6.108
+2000.example. 5M IN A 10.0.6.109
+2000.example. 5M IN A 10.0.6.110
+2000.example. 5M IN A 10.0.6.111
+2000.example. 5M IN A 10.0.6.112
+2000.example. 5M IN A 10.0.6.113
+2000.example. 5M IN A 10.0.6.114
+2000.example. 5M IN A 10.0.6.115
+2000.example. 5M IN A 10.0.6.116
+2000.example. 5M IN A 10.0.6.117
+2000.example. 5M IN A 10.0.6.118
+2000.example. 5M IN A 10.0.6.119
+2000.example. 5M IN A 10.0.6.120
+2000.example. 5M IN A 10.0.6.121
+2000.example. 5M IN A 10.0.6.122
+2000.example. 5M IN A 10.0.6.123
+2000.example. 5M IN A 10.0.6.124
+2000.example. 5M IN A 10.0.6.125
+2000.example. 5M IN A 10.0.6.126
+2000.example. 5M IN A 10.0.6.127
+2000.example. 5M IN A 10.0.6.128
+2000.example. 5M IN A 10.0.6.129
+2000.example. 5M IN A 10.0.6.130
+2000.example. 5M IN A 10.0.6.131
+2000.example. 5M IN A 10.0.6.132
+2000.example. 5M IN A 10.0.6.133
+2000.example. 5M IN A 10.0.6.134
+2000.example. 5M IN A 10.0.6.135
+2000.example. 5M IN A 10.0.6.136
+2000.example. 5M IN A 10.0.6.137
+2000.example. 5M IN A 10.0.6.138
+2000.example. 5M IN A 10.0.6.139
+2000.example. 5M IN A 10.0.6.140
+2000.example. 5M IN A 10.0.6.141
+2000.example. 5M IN A 10.0.6.142
+2000.example. 5M IN A 10.0.6.143
+2000.example. 5M IN A 10.0.6.144
+2000.example. 5M IN A 10.0.6.145
+2000.example. 5M IN A 10.0.6.146
+2000.example. 5M IN A 10.0.6.147
+2000.example. 5M IN A 10.0.6.148
+2000.example. 5M IN A 10.0.6.149
+2000.example. 5M IN A 10.0.6.150
+2000.example. 5M IN A 10.0.6.151
+2000.example. 5M IN A 10.0.6.152
+2000.example. 5M IN A 10.0.6.153
+2000.example. 5M IN A 10.0.6.154
+2000.example. 5M IN A 10.0.6.155
+2000.example. 5M IN A 10.0.6.156
+2000.example. 5M IN A 10.0.6.157
+2000.example. 5M IN A 10.0.6.158
+2000.example. 5M IN A 10.0.6.159
+2000.example. 5M IN A 10.0.6.160
+2000.example. 5M IN A 10.0.6.161
+2000.example. 5M IN A 10.0.6.162
+2000.example. 5M IN A 10.0.6.163
+2000.example. 5M IN A 10.0.6.164
+2000.example. 5M IN A 10.0.6.165
+2000.example. 5M IN A 10.0.6.166
+2000.example. 5M IN A 10.0.6.167
+2000.example. 5M IN A 10.0.6.168
+2000.example. 5M IN A 10.0.6.169
+2000.example. 5M IN A 10.0.6.170
+2000.example. 5M IN A 10.0.6.171
+2000.example. 5M IN A 10.0.6.172
+2000.example. 5M IN A 10.0.6.173
+2000.example. 5M IN A 10.0.6.174
+2000.example. 5M IN A 10.0.6.175
+2000.example. 5M IN A 10.0.6.176
+2000.example. 5M IN A 10.0.6.177
+2000.example. 5M IN A 10.0.6.178
+2000.example. 5M IN A 10.0.6.179
+2000.example. 5M IN A 10.0.6.180
+2000.example. 5M IN A 10.0.6.181
+2000.example. 5M IN A 10.0.6.182
+2000.example. 5M IN A 10.0.6.183
+2000.example. 5M IN A 10.0.6.184
+2000.example. 5M IN A 10.0.6.185
+2000.example. 5M IN A 10.0.6.186
+2000.example. 5M IN A 10.0.6.187
+2000.example. 5M IN A 10.0.6.188
+2000.example. 5M IN A 10.0.6.189
+2000.example. 5M IN A 10.0.6.190
+2000.example. 5M IN A 10.0.6.191
+2000.example. 5M IN A 10.0.6.192
+2000.example. 5M IN A 10.0.6.193
+2000.example. 5M IN A 10.0.6.194
+2000.example. 5M IN A 10.0.6.195
+2000.example. 5M IN A 10.0.6.196
+2000.example. 5M IN A 10.0.6.197
+2000.example. 5M IN A 10.0.6.198
+2000.example. 5M IN A 10.0.6.199
+2000.example. 5M IN A 10.0.6.200
+2000.example. 5M IN A 10.0.6.201
+2000.example. 5M IN A 10.0.6.202
+2000.example. 5M IN A 10.0.6.203
+2000.example. 5M IN A 10.0.6.204
+2000.example. 5M IN A 10.0.6.205
+2000.example. 5M IN A 10.0.6.206
+2000.example. 5M IN A 10.0.6.207
+2000.example. 5M IN A 10.0.6.208
+2000.example. 5M IN A 10.0.6.209
+2000.example. 5M IN A 10.0.6.210
+2000.example. 5M IN A 10.0.6.211
+2000.example. 5M IN A 10.0.6.212
+2000.example. 5M IN A 10.0.6.213
+2000.example. 5M IN A 10.0.6.214
+2000.example. 5M IN A 10.0.6.215
+2000.example. 5M IN A 10.0.6.216
+2000.example. 5M IN A 10.0.6.217
+2000.example. 5M IN A 10.0.6.218
+2000.example. 5M IN A 10.0.6.219
+2000.example. 5M IN A 10.0.6.220
+2000.example. 5M IN A 10.0.6.221
+2000.example. 5M IN A 10.0.6.222
+2000.example. 5M IN A 10.0.6.223
+2000.example. 5M IN A 10.0.6.224
+2000.example. 5M IN A 10.0.6.225
+2000.example. 5M IN A 10.0.6.226
+2000.example. 5M IN A 10.0.6.227
+2000.example. 5M IN A 10.0.6.228
+2000.example. 5M IN A 10.0.6.229
+2000.example. 5M IN A 10.0.6.230
+2000.example. 5M IN A 10.0.6.231
+2000.example. 5M IN A 10.0.6.232
+2000.example. 5M IN A 10.0.6.233
+2000.example. 5M IN A 10.0.6.234
+2000.example. 5M IN A 10.0.6.235
+2000.example. 5M IN A 10.0.6.236
+2000.example. 5M IN A 10.0.6.237
+2000.example. 5M IN A 10.0.6.238
+2000.example. 5M IN A 10.0.6.239
+2000.example. 5M IN A 10.0.6.240
+2000.example. 5M IN A 10.0.6.241
+2000.example. 5M IN A 10.0.6.242
+2000.example. 5M IN A 10.0.6.243
+2000.example. 5M IN A 10.0.6.244
+2000.example. 5M IN A 10.0.6.245
+2000.example. 5M IN A 10.0.6.246
+2000.example. 5M IN A 10.0.6.247
+2000.example. 5M IN A 10.0.6.248
+2000.example. 5M IN A 10.0.6.249
+2000.example. 5M IN A 10.0.6.250
+2000.example. 5M IN A 10.0.6.251
+2000.example. 5M IN A 10.0.6.252
+2000.example. 5M IN A 10.0.6.253
+2000.example. 5M IN A 10.0.6.254
+2000.example. 5M IN A 10.0.6.255
+2000.example. 5M IN A 10.0.7.0
+2000.example. 5M IN A 10.0.7.1
+2000.example. 5M IN A 10.0.7.2
+2000.example. 5M IN A 10.0.7.3
+2000.example. 5M IN A 10.0.7.4
+2000.example. 5M IN A 10.0.7.5
+2000.example. 5M IN A 10.0.7.6
+2000.example. 5M IN A 10.0.7.7
+2000.example. 5M IN A 10.0.7.8
+2000.example. 5M IN A 10.0.7.9
+2000.example. 5M IN A 10.0.7.10
+2000.example. 5M IN A 10.0.7.11
+2000.example. 5M IN A 10.0.7.12
+2000.example. 5M IN A 10.0.7.13
+2000.example. 5M IN A 10.0.7.14
+2000.example. 5M IN A 10.0.7.15
+2000.example. 5M IN A 10.0.7.16
+2000.example. 5M IN A 10.0.7.17
+2000.example. 5M IN A 10.0.7.18
+2000.example. 5M IN A 10.0.7.19
+2000.example. 5M IN A 10.0.7.20
+2000.example. 5M IN A 10.0.7.21
+2000.example. 5M IN A 10.0.7.22
+2000.example. 5M IN A 10.0.7.23
+2000.example. 5M IN A 10.0.7.24
+2000.example. 5M IN A 10.0.7.25
+2000.example. 5M IN A 10.0.7.26
+2000.example. 5M IN A 10.0.7.27
+2000.example. 5M IN A 10.0.7.28
+2000.example. 5M IN A 10.0.7.29
+2000.example. 5M IN A 10.0.7.30
+2000.example. 5M IN A 10.0.7.31
+2000.example. 5M IN A 10.0.7.32
+2000.example. 5M IN A 10.0.7.33
+2000.example. 5M IN A 10.0.7.34
+2000.example. 5M IN A 10.0.7.35
+2000.example. 5M IN A 10.0.7.36
+2000.example. 5M IN A 10.0.7.37
+2000.example. 5M IN A 10.0.7.38
+2000.example. 5M IN A 10.0.7.39
+2000.example. 5M IN A 10.0.7.40
+2000.example. 5M IN A 10.0.7.41
+2000.example. 5M IN A 10.0.7.42
+2000.example. 5M IN A 10.0.7.43
+2000.example. 5M IN A 10.0.7.44
+2000.example. 5M IN A 10.0.7.45
+2000.example. 5M IN A 10.0.7.46
+2000.example. 5M IN A 10.0.7.47
+2000.example. 5M IN A 10.0.7.48
+2000.example. 5M IN A 10.0.7.49
+2000.example. 5M IN A 10.0.7.50
+2000.example. 5M IN A 10.0.7.51
+2000.example. 5M IN A 10.0.7.52
+2000.example. 5M IN A 10.0.7.53
+2000.example. 5M IN A 10.0.7.54
+2000.example. 5M IN A 10.0.7.55
+2000.example. 5M IN A 10.0.7.56
+2000.example. 5M IN A 10.0.7.57
+2000.example. 5M IN A 10.0.7.58
+2000.example. 5M IN A 10.0.7.59
+2000.example. 5M IN A 10.0.7.60
+2000.example. 5M IN A 10.0.7.61
+2000.example. 5M IN A 10.0.7.62
+2000.example. 5M IN A 10.0.7.63
+2000.example. 5M IN A 10.0.7.64
+2000.example. 5M IN A 10.0.7.65
+2000.example. 5M IN A 10.0.7.66
+2000.example. 5M IN A 10.0.7.67
+2000.example. 5M IN A 10.0.7.68
+2000.example. 5M IN A 10.0.7.69
+2000.example. 5M IN A 10.0.7.70
+2000.example. 5M IN A 10.0.7.71
+2000.example. 5M IN A 10.0.7.72
+2000.example. 5M IN A 10.0.7.73
+2000.example. 5M IN A 10.0.7.74
+2000.example. 5M IN A 10.0.7.75
+2000.example. 5M IN A 10.0.7.76
+2000.example. 5M IN A 10.0.7.77
+2000.example. 5M IN A 10.0.7.78
+2000.example. 5M IN A 10.0.7.79
+2000.example. 5M IN A 10.0.7.80
+2000.example. 5M IN A 10.0.7.81
+2000.example. 5M IN A 10.0.7.82
+2000.example. 5M IN A 10.0.7.83
+2000.example. 5M IN A 10.0.7.84
+2000.example. 5M IN A 10.0.7.85
+2000.example. 5M IN A 10.0.7.86
+2000.example. 5M IN A 10.0.7.87
+2000.example. 5M IN A 10.0.7.88
+2000.example. 5M IN A 10.0.7.89
+2000.example. 5M IN A 10.0.7.90
+2000.example. 5M IN A 10.0.7.91
+2000.example. 5M IN A 10.0.7.92
+2000.example. 5M IN A 10.0.7.93
+2000.example. 5M IN A 10.0.7.94
+2000.example. 5M IN A 10.0.7.95
+2000.example. 5M IN A 10.0.7.96
+2000.example. 5M IN A 10.0.7.97
+2000.example. 5M IN A 10.0.7.98
+2000.example. 5M IN A 10.0.7.99
+2000.example. 5M IN A 10.0.7.100
+2000.example. 5M IN A 10.0.7.101
+2000.example. 5M IN A 10.0.7.102
+2000.example. 5M IN A 10.0.7.103
+2000.example. 5M IN A 10.0.7.104
+2000.example. 5M IN A 10.0.7.105
+2000.example. 5M IN A 10.0.7.106
+2000.example. 5M IN A 10.0.7.107
+2000.example. 5M IN A 10.0.7.108
+2000.example. 5M IN A 10.0.7.109
+2000.example. 5M IN A 10.0.7.110
+2000.example. 5M IN A 10.0.7.111
+2000.example. 5M IN A 10.0.7.112
+2000.example. 5M IN A 10.0.7.113
+2000.example. 5M IN A 10.0.7.114
+2000.example. 5M IN A 10.0.7.115
+2000.example. 5M IN A 10.0.7.116
+2000.example. 5M IN A 10.0.7.117
+2000.example. 5M IN A 10.0.7.118
+2000.example. 5M IN A 10.0.7.119
+2000.example. 5M IN A 10.0.7.120
+2000.example. 5M IN A 10.0.7.121
+2000.example. 5M IN A 10.0.7.122
+2000.example. 5M IN A 10.0.7.123
+2000.example. 5M IN A 10.0.7.124
+2000.example. 5M IN A 10.0.7.125
+2000.example. 5M IN A 10.0.7.126
+2000.example. 5M IN A 10.0.7.127
+2000.example. 5M IN A 10.0.7.128
+2000.example. 5M IN A 10.0.7.129
+2000.example. 5M IN A 10.0.7.130
+2000.example. 5M IN A 10.0.7.131
+2000.example. 5M IN A 10.0.7.132
+2000.example. 5M IN A 10.0.7.133
+2000.example. 5M IN A 10.0.7.134
+2000.example. 5M IN A 10.0.7.135
+2000.example. 5M IN A 10.0.7.136
+2000.example. 5M IN A 10.0.7.137
+2000.example. 5M IN A 10.0.7.138
+2000.example. 5M IN A 10.0.7.139
+2000.example. 5M IN A 10.0.7.140
+2000.example. 5M IN A 10.0.7.141
+2000.example. 5M IN A 10.0.7.142
+2000.example. 5M IN A 10.0.7.143
+2000.example. 5M IN A 10.0.7.144
+2000.example. 5M IN A 10.0.7.145
+2000.example. 5M IN A 10.0.7.146
+2000.example. 5M IN A 10.0.7.147
+2000.example. 5M IN A 10.0.7.148
+2000.example. 5M IN A 10.0.7.149
+2000.example. 5M IN A 10.0.7.150
+2000.example. 5M IN A 10.0.7.151
+2000.example. 5M IN A 10.0.7.152
+2000.example. 5M IN A 10.0.7.153
+2000.example. 5M IN A 10.0.7.154
+2000.example. 5M IN A 10.0.7.155
+2000.example. 5M IN A 10.0.7.156
+2000.example. 5M IN A 10.0.7.157
+2000.example. 5M IN A 10.0.7.158
+2000.example. 5M IN A 10.0.7.159
+2000.example. 5M IN A 10.0.7.160
+2000.example. 5M IN A 10.0.7.161
+2000.example. 5M IN A 10.0.7.162
+2000.example. 5M IN A 10.0.7.163
+2000.example. 5M IN A 10.0.7.164
+2000.example. 5M IN A 10.0.7.165
+2000.example. 5M IN A 10.0.7.166
+2000.example. 5M IN A 10.0.7.167
+2000.example. 5M IN A 10.0.7.168
+2000.example. 5M IN A 10.0.7.169
+2000.example. 5M IN A 10.0.7.170
+2000.example. 5M IN A 10.0.7.171
+2000.example. 5M IN A 10.0.7.172
+2000.example. 5M IN A 10.0.7.173
+2000.example. 5M IN A 10.0.7.174
+2000.example. 5M IN A 10.0.7.175
+2000.example. 5M IN A 10.0.7.176
+2000.example. 5M IN A 10.0.7.177
+2000.example. 5M IN A 10.0.7.178
+2000.example. 5M IN A 10.0.7.179
+2000.example. 5M IN A 10.0.7.180
+2000.example. 5M IN A 10.0.7.181
+2000.example. 5M IN A 10.0.7.182
+2000.example. 5M IN A 10.0.7.183
+2000.example. 5M IN A 10.0.7.184
+2000.example. 5M IN A 10.0.7.185
+2000.example. 5M IN A 10.0.7.186
+2000.example. 5M IN A 10.0.7.187
+2000.example. 5M IN A 10.0.7.188
+2000.example. 5M IN A 10.0.7.189
+2000.example. 5M IN A 10.0.7.190
+2000.example. 5M IN A 10.0.7.191
+2000.example. 5M IN A 10.0.7.192
+2000.example. 5M IN A 10.0.7.193
+2000.example. 5M IN A 10.0.7.194
+2000.example. 5M IN A 10.0.7.195
+2000.example. 5M IN A 10.0.7.196
+2000.example. 5M IN A 10.0.7.197
+2000.example. 5M IN A 10.0.7.198
+2000.example. 5M IN A 10.0.7.199
+2000.example. 5M IN A 10.0.7.200
+2000.example. 5M IN A 10.0.7.201
+2000.example. 5M IN A 10.0.7.202
+2000.example. 5M IN A 10.0.7.203
+2000.example. 5M IN A 10.0.7.204
+2000.example. 5M IN A 10.0.7.205
+2000.example. 5M IN A 10.0.7.206
+2000.example. 5M IN A 10.0.7.207
+
+;; AUTHORITY SECTION:
+example. 5M IN NS ns1.example.
+
+;; ADDITIONAL SECTION:
+ns1.example. 5M IN A 10.53.0.1
+
+;; Total query time: 121 msec
+;; FROM: draco to SERVER: 10.53.0.1
+;; WHEN: Fri Jun 23 12:58:14 2000
+;; MSG SIZE sent: 30 rcvd: 32068
+
diff --git a/bin/tests/system/limits/knowngood.dig.out.3000 b/bin/tests/system/limits/knowngood.dig.out.3000
new file mode 100644
index 0000000..1932475
--- /dev/null
+++ b/bin/tests/system/limits/knowngood.dig.out.3000
@@ -0,0 +1,3023 @@
+
+; <<>> DiG 8.2 <<>> 3000.example. @10.53.0.1 a -p
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
+;; flags: qr aa rd ad; QUERY: 1, ANSWER: 3000, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; 3000.example, type = A, class = IN
+
+;; ANSWER SECTION:
+3000.example. 5M IN A 10.0.0.0
+3000.example. 5M IN A 10.0.0.1
+3000.example. 5M IN A 10.0.0.2
+3000.example. 5M IN A 10.0.0.3
+3000.example. 5M IN A 10.0.0.4
+3000.example. 5M IN A 10.0.0.5
+3000.example. 5M IN A 10.0.0.6
+3000.example. 5M IN A 10.0.0.7
+3000.example. 5M IN A 10.0.0.8
+3000.example. 5M IN A 10.0.0.9
+3000.example. 5M IN A 10.0.0.10
+3000.example. 5M IN A 10.0.0.11
+3000.example. 5M IN A 10.0.0.12
+3000.example. 5M IN A 10.0.0.13
+3000.example. 5M IN A 10.0.0.14
+3000.example. 5M IN A 10.0.0.15
+3000.example. 5M IN A 10.0.0.16
+3000.example. 5M IN A 10.0.0.17
+3000.example. 5M IN A 10.0.0.18
+3000.example. 5M IN A 10.0.0.19
+3000.example. 5M IN A 10.0.0.20
+3000.example. 5M IN A 10.0.0.21
+3000.example. 5M IN A 10.0.0.22
+3000.example. 5M IN A 10.0.0.23
+3000.example. 5M IN A 10.0.0.24
+3000.example. 5M IN A 10.0.0.25
+3000.example. 5M IN A 10.0.0.26
+3000.example. 5M IN A 10.0.0.27
+3000.example. 5M IN A 10.0.0.28
+3000.example. 5M IN A 10.0.0.29
+3000.example. 5M IN A 10.0.0.30
+3000.example. 5M IN A 10.0.0.31
+3000.example. 5M IN A 10.0.0.32
+3000.example. 5M IN A 10.0.0.33
+3000.example. 5M IN A 10.0.0.34
+3000.example. 5M IN A 10.0.0.35
+3000.example. 5M IN A 10.0.0.36
+3000.example. 5M IN A 10.0.0.37
+3000.example. 5M IN A 10.0.0.38
+3000.example. 5M IN A 10.0.0.39
+3000.example. 5M IN A 10.0.0.40
+3000.example. 5M IN A 10.0.0.41
+3000.example. 5M IN A 10.0.0.42
+3000.example. 5M IN A 10.0.0.43
+3000.example. 5M IN A 10.0.0.44
+3000.example. 5M IN A 10.0.0.45
+3000.example. 5M IN A 10.0.0.46
+3000.example. 5M IN A 10.0.0.47
+3000.example. 5M IN A 10.0.0.48
+3000.example. 5M IN A 10.0.0.49
+3000.example. 5M IN A 10.0.0.50
+3000.example. 5M IN A 10.0.0.51
+3000.example. 5M IN A 10.0.0.52
+3000.example. 5M IN A 10.0.0.53
+3000.example. 5M IN A 10.0.0.54
+3000.example. 5M IN A 10.0.0.55
+3000.example. 5M IN A 10.0.0.56
+3000.example. 5M IN A 10.0.0.57
+3000.example. 5M IN A 10.0.0.58
+3000.example. 5M IN A 10.0.0.59
+3000.example. 5M IN A 10.0.0.60
+3000.example. 5M IN A 10.0.0.61
+3000.example. 5M IN A 10.0.0.62
+3000.example. 5M IN A 10.0.0.63
+3000.example. 5M IN A 10.0.0.64
+3000.example. 5M IN A 10.0.0.65
+3000.example. 5M IN A 10.0.0.66
+3000.example. 5M IN A 10.0.0.67
+3000.example. 5M IN A 10.0.0.68
+3000.example. 5M IN A 10.0.0.69
+3000.example. 5M IN A 10.0.0.70
+3000.example. 5M IN A 10.0.0.71
+3000.example. 5M IN A 10.0.0.72
+3000.example. 5M IN A 10.0.0.73
+3000.example. 5M IN A 10.0.0.74
+3000.example. 5M IN A 10.0.0.75
+3000.example. 5M IN A 10.0.0.76
+3000.example. 5M IN A 10.0.0.77
+3000.example. 5M IN A 10.0.0.78
+3000.example. 5M IN A 10.0.0.79
+3000.example. 5M IN A 10.0.0.80
+3000.example. 5M IN A 10.0.0.81
+3000.example. 5M IN A 10.0.0.82
+3000.example. 5M IN A 10.0.0.83
+3000.example. 5M IN A 10.0.0.84
+3000.example. 5M IN A 10.0.0.85
+3000.example. 5M IN A 10.0.0.86
+3000.example. 5M IN A 10.0.0.87
+3000.example. 5M IN A 10.0.0.88
+3000.example. 5M IN A 10.0.0.89
+3000.example. 5M IN A 10.0.0.90
+3000.example. 5M IN A 10.0.0.91
+3000.example. 5M IN A 10.0.0.92
+3000.example. 5M IN A 10.0.0.93
+3000.example. 5M IN A 10.0.0.94
+3000.example. 5M IN A 10.0.0.95
+3000.example. 5M IN A 10.0.0.96
+3000.example. 5M IN A 10.0.0.97
+3000.example. 5M IN A 10.0.0.98
+3000.example. 5M IN A 10.0.0.99
+3000.example. 5M IN A 10.0.0.100
+3000.example. 5M IN A 10.0.0.101
+3000.example. 5M IN A 10.0.0.102
+3000.example. 5M IN A 10.0.0.103
+3000.example. 5M IN A 10.0.0.104
+3000.example. 5M IN A 10.0.0.105
+3000.example. 5M IN A 10.0.0.106
+3000.example. 5M IN A 10.0.0.107
+3000.example. 5M IN A 10.0.0.108
+3000.example. 5M IN A 10.0.0.109
+3000.example. 5M IN A 10.0.0.110
+3000.example. 5M IN A 10.0.0.111
+3000.example. 5M IN A 10.0.0.112
+3000.example. 5M IN A 10.0.0.113
+3000.example. 5M IN A 10.0.0.114
+3000.example. 5M IN A 10.0.0.115
+3000.example. 5M IN A 10.0.0.116
+3000.example. 5M IN A 10.0.0.117
+3000.example. 5M IN A 10.0.0.118
+3000.example. 5M IN A 10.0.0.119
+3000.example. 5M IN A 10.0.0.120
+3000.example. 5M IN A 10.0.0.121
+3000.example. 5M IN A 10.0.0.122
+3000.example. 5M IN A 10.0.0.123
+3000.example. 5M IN A 10.0.0.124
+3000.example. 5M IN A 10.0.0.125
+3000.example. 5M IN A 10.0.0.126
+3000.example. 5M IN A 10.0.0.127
+3000.example. 5M IN A 10.0.0.128
+3000.example. 5M IN A 10.0.0.129
+3000.example. 5M IN A 10.0.0.130
+3000.example. 5M IN A 10.0.0.131
+3000.example. 5M IN A 10.0.0.132
+3000.example. 5M IN A 10.0.0.133
+3000.example. 5M IN A 10.0.0.134
+3000.example. 5M IN A 10.0.0.135
+3000.example. 5M IN A 10.0.0.136
+3000.example. 5M IN A 10.0.0.137
+3000.example. 5M IN A 10.0.0.138
+3000.example. 5M IN A 10.0.0.139
+3000.example. 5M IN A 10.0.0.140
+3000.example. 5M IN A 10.0.0.141
+3000.example. 5M IN A 10.0.0.142
+3000.example. 5M IN A 10.0.0.143
+3000.example. 5M IN A 10.0.0.144
+3000.example. 5M IN A 10.0.0.145
+3000.example. 5M IN A 10.0.0.146
+3000.example. 5M IN A 10.0.0.147
+3000.example. 5M IN A 10.0.0.148
+3000.example. 5M IN A 10.0.0.149
+3000.example. 5M IN A 10.0.0.150
+3000.example. 5M IN A 10.0.0.151
+3000.example. 5M IN A 10.0.0.152
+3000.example. 5M IN A 10.0.0.153
+3000.example. 5M IN A 10.0.0.154
+3000.example. 5M IN A 10.0.0.155
+3000.example. 5M IN A 10.0.0.156
+3000.example. 5M IN A 10.0.0.157
+3000.example. 5M IN A 10.0.0.158
+3000.example. 5M IN A 10.0.0.159
+3000.example. 5M IN A 10.0.0.160
+3000.example. 5M IN A 10.0.0.161
+3000.example. 5M IN A 10.0.0.162
+3000.example. 5M IN A 10.0.0.163
+3000.example. 5M IN A 10.0.0.164
+3000.example. 5M IN A 10.0.0.165
+3000.example. 5M IN A 10.0.0.166
+3000.example. 5M IN A 10.0.0.167
+3000.example. 5M IN A 10.0.0.168
+3000.example. 5M IN A 10.0.0.169
+3000.example. 5M IN A 10.0.0.170
+3000.example. 5M IN A 10.0.0.171
+3000.example. 5M IN A 10.0.0.172
+3000.example. 5M IN A 10.0.0.173
+3000.example. 5M IN A 10.0.0.174
+3000.example. 5M IN A 10.0.0.175
+3000.example. 5M IN A 10.0.0.176
+3000.example. 5M IN A 10.0.0.177
+3000.example. 5M IN A 10.0.0.178
+3000.example. 5M IN A 10.0.0.179
+3000.example. 5M IN A 10.0.0.180
+3000.example. 5M IN A 10.0.0.181
+3000.example. 5M IN A 10.0.0.182
+3000.example. 5M IN A 10.0.0.183
+3000.example. 5M IN A 10.0.0.184
+3000.example. 5M IN A 10.0.0.185
+3000.example. 5M IN A 10.0.0.186
+3000.example. 5M IN A 10.0.0.187
+3000.example. 5M IN A 10.0.0.188
+3000.example. 5M IN A 10.0.0.189
+3000.example. 5M IN A 10.0.0.190
+3000.example. 5M IN A 10.0.0.191
+3000.example. 5M IN A 10.0.0.192
+3000.example. 5M IN A 10.0.0.193
+3000.example. 5M IN A 10.0.0.194
+3000.example. 5M IN A 10.0.0.195
+3000.example. 5M IN A 10.0.0.196
+3000.example. 5M IN A 10.0.0.197
+3000.example. 5M IN A 10.0.0.198
+3000.example. 5M IN A 10.0.0.199
+3000.example. 5M IN A 10.0.0.200
+3000.example. 5M IN A 10.0.0.201
+3000.example. 5M IN A 10.0.0.202
+3000.example. 5M IN A 10.0.0.203
+3000.example. 5M IN A 10.0.0.204
+3000.example. 5M IN A 10.0.0.205
+3000.example. 5M IN A 10.0.0.206
+3000.example. 5M IN A 10.0.0.207
+3000.example. 5M IN A 10.0.0.208
+3000.example. 5M IN A 10.0.0.209
+3000.example. 5M IN A 10.0.0.210
+3000.example. 5M IN A 10.0.0.211
+3000.example. 5M IN A 10.0.0.212
+3000.example. 5M IN A 10.0.0.213
+3000.example. 5M IN A 10.0.0.214
+3000.example. 5M IN A 10.0.0.215
+3000.example. 5M IN A 10.0.0.216
+3000.example. 5M IN A 10.0.0.217
+3000.example. 5M IN A 10.0.0.218
+3000.example. 5M IN A 10.0.0.219
+3000.example. 5M IN A 10.0.0.220
+3000.example. 5M IN A 10.0.0.221
+3000.example. 5M IN A 10.0.0.222
+3000.example. 5M IN A 10.0.0.223
+3000.example. 5M IN A 10.0.0.224
+3000.example. 5M IN A 10.0.0.225
+3000.example. 5M IN A 10.0.0.226
+3000.example. 5M IN A 10.0.0.227
+3000.example. 5M IN A 10.0.0.228
+3000.example. 5M IN A 10.0.0.229
+3000.example. 5M IN A 10.0.0.230
+3000.example. 5M IN A 10.0.0.231
+3000.example. 5M IN A 10.0.0.232
+3000.example. 5M IN A 10.0.0.233
+3000.example. 5M IN A 10.0.0.234
+3000.example. 5M IN A 10.0.0.235
+3000.example. 5M IN A 10.0.0.236
+3000.example. 5M IN A 10.0.0.237
+3000.example. 5M IN A 10.0.0.238
+3000.example. 5M IN A 10.0.0.239
+3000.example. 5M IN A 10.0.0.240
+3000.example. 5M IN A 10.0.0.241
+3000.example. 5M IN A 10.0.0.242
+3000.example. 5M IN A 10.0.0.243
+3000.example. 5M IN A 10.0.0.244
+3000.example. 5M IN A 10.0.0.245
+3000.example. 5M IN A 10.0.0.246
+3000.example. 5M IN A 10.0.0.247
+3000.example. 5M IN A 10.0.0.248
+3000.example. 5M IN A 10.0.0.249
+3000.example. 5M IN A 10.0.0.250
+3000.example. 5M IN A 10.0.0.251
+3000.example. 5M IN A 10.0.0.252
+3000.example. 5M IN A 10.0.0.253
+3000.example. 5M IN A 10.0.0.254
+3000.example. 5M IN A 10.0.0.255
+3000.example. 5M IN A 10.0.1.0
+3000.example. 5M IN A 10.0.1.1
+3000.example. 5M IN A 10.0.1.2
+3000.example. 5M IN A 10.0.1.3
+3000.example. 5M IN A 10.0.1.4
+3000.example. 5M IN A 10.0.1.5
+3000.example. 5M IN A 10.0.1.6
+3000.example. 5M IN A 10.0.1.7
+3000.example. 5M IN A 10.0.1.8
+3000.example. 5M IN A 10.0.1.9
+3000.example. 5M IN A 10.0.1.10
+3000.example. 5M IN A 10.0.1.11
+3000.example. 5M IN A 10.0.1.12
+3000.example. 5M IN A 10.0.1.13
+3000.example. 5M IN A 10.0.1.14
+3000.example. 5M IN A 10.0.1.15
+3000.example. 5M IN A 10.0.1.16
+3000.example. 5M IN A 10.0.1.17
+3000.example. 5M IN A 10.0.1.18
+3000.example. 5M IN A 10.0.1.19
+3000.example. 5M IN A 10.0.1.20
+3000.example. 5M IN A 10.0.1.21
+3000.example. 5M IN A 10.0.1.22
+3000.example. 5M IN A 10.0.1.23
+3000.example. 5M IN A 10.0.1.24
+3000.example. 5M IN A 10.0.1.25
+3000.example. 5M IN A 10.0.1.26
+3000.example. 5M IN A 10.0.1.27
+3000.example. 5M IN A 10.0.1.28
+3000.example. 5M IN A 10.0.1.29
+3000.example. 5M IN A 10.0.1.30
+3000.example. 5M IN A 10.0.1.31
+3000.example. 5M IN A 10.0.1.32
+3000.example. 5M IN A 10.0.1.33
+3000.example. 5M IN A 10.0.1.34
+3000.example. 5M IN A 10.0.1.35
+3000.example. 5M IN A 10.0.1.36
+3000.example. 5M IN A 10.0.1.37
+3000.example. 5M IN A 10.0.1.38
+3000.example. 5M IN A 10.0.1.39
+3000.example. 5M IN A 10.0.1.40
+3000.example. 5M IN A 10.0.1.41
+3000.example. 5M IN A 10.0.1.42
+3000.example. 5M IN A 10.0.1.43
+3000.example. 5M IN A 10.0.1.44
+3000.example. 5M IN A 10.0.1.45
+3000.example. 5M IN A 10.0.1.46
+3000.example. 5M IN A 10.0.1.47
+3000.example. 5M IN A 10.0.1.48
+3000.example. 5M IN A 10.0.1.49
+3000.example. 5M IN A 10.0.1.50
+3000.example. 5M IN A 10.0.1.51
+3000.example. 5M IN A 10.0.1.52
+3000.example. 5M IN A 10.0.1.53
+3000.example. 5M IN A 10.0.1.54
+3000.example. 5M IN A 10.0.1.55
+3000.example. 5M IN A 10.0.1.56
+3000.example. 5M IN A 10.0.1.57
+3000.example. 5M IN A 10.0.1.58
+3000.example. 5M IN A 10.0.1.59
+3000.example. 5M IN A 10.0.1.60
+3000.example. 5M IN A 10.0.1.61
+3000.example. 5M IN A 10.0.1.62
+3000.example. 5M IN A 10.0.1.63
+3000.example. 5M IN A 10.0.1.64
+3000.example. 5M IN A 10.0.1.65
+3000.example. 5M IN A 10.0.1.66
+3000.example. 5M IN A 10.0.1.67
+3000.example. 5M IN A 10.0.1.68
+3000.example. 5M IN A 10.0.1.69
+3000.example. 5M IN A 10.0.1.70
+3000.example. 5M IN A 10.0.1.71
+3000.example. 5M IN A 10.0.1.72
+3000.example. 5M IN A 10.0.1.73
+3000.example. 5M IN A 10.0.1.74
+3000.example. 5M IN A 10.0.1.75
+3000.example. 5M IN A 10.0.1.76
+3000.example. 5M IN A 10.0.1.77
+3000.example. 5M IN A 10.0.1.78
+3000.example. 5M IN A 10.0.1.79
+3000.example. 5M IN A 10.0.1.80
+3000.example. 5M IN A 10.0.1.81
+3000.example. 5M IN A 10.0.1.82
+3000.example. 5M IN A 10.0.1.83
+3000.example. 5M IN A 10.0.1.84
+3000.example. 5M IN A 10.0.1.85
+3000.example. 5M IN A 10.0.1.86
+3000.example. 5M IN A 10.0.1.87
+3000.example. 5M IN A 10.0.1.88
+3000.example. 5M IN A 10.0.1.89
+3000.example. 5M IN A 10.0.1.90
+3000.example. 5M IN A 10.0.1.91
+3000.example. 5M IN A 10.0.1.92
+3000.example. 5M IN A 10.0.1.93
+3000.example. 5M IN A 10.0.1.94
+3000.example. 5M IN A 10.0.1.95
+3000.example. 5M IN A 10.0.1.96
+3000.example. 5M IN A 10.0.1.97
+3000.example. 5M IN A 10.0.1.98
+3000.example. 5M IN A 10.0.1.99
+3000.example. 5M IN A 10.0.1.100
+3000.example. 5M IN A 10.0.1.101
+3000.example. 5M IN A 10.0.1.102
+3000.example. 5M IN A 10.0.1.103
+3000.example. 5M IN A 10.0.1.104
+3000.example. 5M IN A 10.0.1.105
+3000.example. 5M IN A 10.0.1.106
+3000.example. 5M IN A 10.0.1.107
+3000.example. 5M IN A 10.0.1.108
+3000.example. 5M IN A 10.0.1.109
+3000.example. 5M IN A 10.0.1.110
+3000.example. 5M IN A 10.0.1.111
+3000.example. 5M IN A 10.0.1.112
+3000.example. 5M IN A 10.0.1.113
+3000.example. 5M IN A 10.0.1.114
+3000.example. 5M IN A 10.0.1.115
+3000.example. 5M IN A 10.0.1.116
+3000.example. 5M IN A 10.0.1.117
+3000.example. 5M IN A 10.0.1.118
+3000.example. 5M IN A 10.0.1.119
+3000.example. 5M IN A 10.0.1.120
+3000.example. 5M IN A 10.0.1.121
+3000.example. 5M IN A 10.0.1.122
+3000.example. 5M IN A 10.0.1.123
+3000.example. 5M IN A 10.0.1.124
+3000.example. 5M IN A 10.0.1.125
+3000.example. 5M IN A 10.0.1.126
+3000.example. 5M IN A 10.0.1.127
+3000.example. 5M IN A 10.0.1.128
+3000.example. 5M IN A 10.0.1.129
+3000.example. 5M IN A 10.0.1.130
+3000.example. 5M IN A 10.0.1.131
+3000.example. 5M IN A 10.0.1.132
+3000.example. 5M IN A 10.0.1.133
+3000.example. 5M IN A 10.0.1.134
+3000.example. 5M IN A 10.0.1.135
+3000.example. 5M IN A 10.0.1.136
+3000.example. 5M IN A 10.0.1.137
+3000.example. 5M IN A 10.0.1.138
+3000.example. 5M IN A 10.0.1.139
+3000.example. 5M IN A 10.0.1.140
+3000.example. 5M IN A 10.0.1.141
+3000.example. 5M IN A 10.0.1.142
+3000.example. 5M IN A 10.0.1.143
+3000.example. 5M IN A 10.0.1.144
+3000.example. 5M IN A 10.0.1.145
+3000.example. 5M IN A 10.0.1.146
+3000.example. 5M IN A 10.0.1.147
+3000.example. 5M IN A 10.0.1.148
+3000.example. 5M IN A 10.0.1.149
+3000.example. 5M IN A 10.0.1.150
+3000.example. 5M IN A 10.0.1.151
+3000.example. 5M IN A 10.0.1.152
+3000.example. 5M IN A 10.0.1.153
+3000.example. 5M IN A 10.0.1.154
+3000.example. 5M IN A 10.0.1.155
+3000.example. 5M IN A 10.0.1.156
+3000.example. 5M IN A 10.0.1.157
+3000.example. 5M IN A 10.0.1.158
+3000.example. 5M IN A 10.0.1.159
+3000.example. 5M IN A 10.0.1.160
+3000.example. 5M IN A 10.0.1.161
+3000.example. 5M IN A 10.0.1.162
+3000.example. 5M IN A 10.0.1.163
+3000.example. 5M IN A 10.0.1.164
+3000.example. 5M IN A 10.0.1.165
+3000.example. 5M IN A 10.0.1.166
+3000.example. 5M IN A 10.0.1.167
+3000.example. 5M IN A 10.0.1.168
+3000.example. 5M IN A 10.0.1.169
+3000.example. 5M IN A 10.0.1.170
+3000.example. 5M IN A 10.0.1.171
+3000.example. 5M IN A 10.0.1.172
+3000.example. 5M IN A 10.0.1.173
+3000.example. 5M IN A 10.0.1.174
+3000.example. 5M IN A 10.0.1.175
+3000.example. 5M IN A 10.0.1.176
+3000.example. 5M IN A 10.0.1.177
+3000.example. 5M IN A 10.0.1.178
+3000.example. 5M IN A 10.0.1.179
+3000.example. 5M IN A 10.0.1.180
+3000.example. 5M IN A 10.0.1.181
+3000.example. 5M IN A 10.0.1.182
+3000.example. 5M IN A 10.0.1.183
+3000.example. 5M IN A 10.0.1.184
+3000.example. 5M IN A 10.0.1.185
+3000.example. 5M IN A 10.0.1.186
+3000.example. 5M IN A 10.0.1.187
+3000.example. 5M IN A 10.0.1.188
+3000.example. 5M IN A 10.0.1.189
+3000.example. 5M IN A 10.0.1.190
+3000.example. 5M IN A 10.0.1.191
+3000.example. 5M IN A 10.0.1.192
+3000.example. 5M IN A 10.0.1.193
+3000.example. 5M IN A 10.0.1.194
+3000.example. 5M IN A 10.0.1.195
+3000.example. 5M IN A 10.0.1.196
+3000.example. 5M IN A 10.0.1.197
+3000.example. 5M IN A 10.0.1.198
+3000.example. 5M IN A 10.0.1.199
+3000.example. 5M IN A 10.0.1.200
+3000.example. 5M IN A 10.0.1.201
+3000.example. 5M IN A 10.0.1.202
+3000.example. 5M IN A 10.0.1.203
+3000.example. 5M IN A 10.0.1.204
+3000.example. 5M IN A 10.0.1.205
+3000.example. 5M IN A 10.0.1.206
+3000.example. 5M IN A 10.0.1.207
+3000.example. 5M IN A 10.0.1.208
+3000.example. 5M IN A 10.0.1.209
+3000.example. 5M IN A 10.0.1.210
+3000.example. 5M IN A 10.0.1.211
+3000.example. 5M IN A 10.0.1.212
+3000.example. 5M IN A 10.0.1.213
+3000.example. 5M IN A 10.0.1.214
+3000.example. 5M IN A 10.0.1.215
+3000.example. 5M IN A 10.0.1.216
+3000.example. 5M IN A 10.0.1.217
+3000.example. 5M IN A 10.0.1.218
+3000.example. 5M IN A 10.0.1.219
+3000.example. 5M IN A 10.0.1.220
+3000.example. 5M IN A 10.0.1.221
+3000.example. 5M IN A 10.0.1.222
+3000.example. 5M IN A 10.0.1.223
+3000.example. 5M IN A 10.0.1.224
+3000.example. 5M IN A 10.0.1.225
+3000.example. 5M IN A 10.0.1.226
+3000.example. 5M IN A 10.0.1.227
+3000.example. 5M IN A 10.0.1.228
+3000.example. 5M IN A 10.0.1.229
+3000.example. 5M IN A 10.0.1.230
+3000.example. 5M IN A 10.0.1.231
+3000.example. 5M IN A 10.0.1.232
+3000.example. 5M IN A 10.0.1.233
+3000.example. 5M IN A 10.0.1.234
+3000.example. 5M IN A 10.0.1.235
+3000.example. 5M IN A 10.0.1.236
+3000.example. 5M IN A 10.0.1.237
+3000.example. 5M IN A 10.0.1.238
+3000.example. 5M IN A 10.0.1.239
+3000.example. 5M IN A 10.0.1.240
+3000.example. 5M IN A 10.0.1.241
+3000.example. 5M IN A 10.0.1.242
+3000.example. 5M IN A 10.0.1.243
+3000.example. 5M IN A 10.0.1.244
+3000.example. 5M IN A 10.0.1.245
+3000.example. 5M IN A 10.0.1.246
+3000.example. 5M IN A 10.0.1.247
+3000.example. 5M IN A 10.0.1.248
+3000.example. 5M IN A 10.0.1.249
+3000.example. 5M IN A 10.0.1.250
+3000.example. 5M IN A 10.0.1.251
+3000.example. 5M IN A 10.0.1.252
+3000.example. 5M IN A 10.0.1.253
+3000.example. 5M IN A 10.0.1.254
+3000.example. 5M IN A 10.0.1.255
+3000.example. 5M IN A 10.0.2.0
+3000.example. 5M IN A 10.0.2.1
+3000.example. 5M IN A 10.0.2.2
+3000.example. 5M IN A 10.0.2.3
+3000.example. 5M IN A 10.0.2.4
+3000.example. 5M IN A 10.0.2.5
+3000.example. 5M IN A 10.0.2.6
+3000.example. 5M IN A 10.0.2.7
+3000.example. 5M IN A 10.0.2.8
+3000.example. 5M IN A 10.0.2.9
+3000.example. 5M IN A 10.0.2.10
+3000.example. 5M IN A 10.0.2.11
+3000.example. 5M IN A 10.0.2.12
+3000.example. 5M IN A 10.0.2.13
+3000.example. 5M IN A 10.0.2.14
+3000.example. 5M IN A 10.0.2.15
+3000.example. 5M IN A 10.0.2.16
+3000.example. 5M IN A 10.0.2.17
+3000.example. 5M IN A 10.0.2.18
+3000.example. 5M IN A 10.0.2.19
+3000.example. 5M IN A 10.0.2.20
+3000.example. 5M IN A 10.0.2.21
+3000.example. 5M IN A 10.0.2.22
+3000.example. 5M IN A 10.0.2.23
+3000.example. 5M IN A 10.0.2.24
+3000.example. 5M IN A 10.0.2.25
+3000.example. 5M IN A 10.0.2.26
+3000.example. 5M IN A 10.0.2.27
+3000.example. 5M IN A 10.0.2.28
+3000.example. 5M IN A 10.0.2.29
+3000.example. 5M IN A 10.0.2.30
+3000.example. 5M IN A 10.0.2.31
+3000.example. 5M IN A 10.0.2.32
+3000.example. 5M IN A 10.0.2.33
+3000.example. 5M IN A 10.0.2.34
+3000.example. 5M IN A 10.0.2.35
+3000.example. 5M IN A 10.0.2.36
+3000.example. 5M IN A 10.0.2.37
+3000.example. 5M IN A 10.0.2.38
+3000.example. 5M IN A 10.0.2.39
+3000.example. 5M IN A 10.0.2.40
+3000.example. 5M IN A 10.0.2.41
+3000.example. 5M IN A 10.0.2.42
+3000.example. 5M IN A 10.0.2.43
+3000.example. 5M IN A 10.0.2.44
+3000.example. 5M IN A 10.0.2.45
+3000.example. 5M IN A 10.0.2.46
+3000.example. 5M IN A 10.0.2.47
+3000.example. 5M IN A 10.0.2.48
+3000.example. 5M IN A 10.0.2.49
+3000.example. 5M IN A 10.0.2.50
+3000.example. 5M IN A 10.0.2.51
+3000.example. 5M IN A 10.0.2.52
+3000.example. 5M IN A 10.0.2.53
+3000.example. 5M IN A 10.0.2.54
+3000.example. 5M IN A 10.0.2.55
+3000.example. 5M IN A 10.0.2.56
+3000.example. 5M IN A 10.0.2.57
+3000.example. 5M IN A 10.0.2.58
+3000.example. 5M IN A 10.0.2.59
+3000.example. 5M IN A 10.0.2.60
+3000.example. 5M IN A 10.0.2.61
+3000.example. 5M IN A 10.0.2.62
+3000.example. 5M IN A 10.0.2.63
+3000.example. 5M IN A 10.0.2.64
+3000.example. 5M IN A 10.0.2.65
+3000.example. 5M IN A 10.0.2.66
+3000.example. 5M IN A 10.0.2.67
+3000.example. 5M IN A 10.0.2.68
+3000.example. 5M IN A 10.0.2.69
+3000.example. 5M IN A 10.0.2.70
+3000.example. 5M IN A 10.0.2.71
+3000.example. 5M IN A 10.0.2.72
+3000.example. 5M IN A 10.0.2.73
+3000.example. 5M IN A 10.0.2.74
+3000.example. 5M IN A 10.0.2.75
+3000.example. 5M IN A 10.0.2.76
+3000.example. 5M IN A 10.0.2.77
+3000.example. 5M IN A 10.0.2.78
+3000.example. 5M IN A 10.0.2.79
+3000.example. 5M IN A 10.0.2.80
+3000.example. 5M IN A 10.0.2.81
+3000.example. 5M IN A 10.0.2.82
+3000.example. 5M IN A 10.0.2.83
+3000.example. 5M IN A 10.0.2.84
+3000.example. 5M IN A 10.0.2.85
+3000.example. 5M IN A 10.0.2.86
+3000.example. 5M IN A 10.0.2.87
+3000.example. 5M IN A 10.0.2.88
+3000.example. 5M IN A 10.0.2.89
+3000.example. 5M IN A 10.0.2.90
+3000.example. 5M IN A 10.0.2.91
+3000.example. 5M IN A 10.0.2.92
+3000.example. 5M IN A 10.0.2.93
+3000.example. 5M IN A 10.0.2.94
+3000.example. 5M IN A 10.0.2.95
+3000.example. 5M IN A 10.0.2.96
+3000.example. 5M IN A 10.0.2.97
+3000.example. 5M IN A 10.0.2.98
+3000.example. 5M IN A 10.0.2.99
+3000.example. 5M IN A 10.0.2.100
+3000.example. 5M IN A 10.0.2.101
+3000.example. 5M IN A 10.0.2.102
+3000.example. 5M IN A 10.0.2.103
+3000.example. 5M IN A 10.0.2.104
+3000.example. 5M IN A 10.0.2.105
+3000.example. 5M IN A 10.0.2.106
+3000.example. 5M IN A 10.0.2.107
+3000.example. 5M IN A 10.0.2.108
+3000.example. 5M IN A 10.0.2.109
+3000.example. 5M IN A 10.0.2.110
+3000.example. 5M IN A 10.0.2.111
+3000.example. 5M IN A 10.0.2.112
+3000.example. 5M IN A 10.0.2.113
+3000.example. 5M IN A 10.0.2.114
+3000.example. 5M IN A 10.0.2.115
+3000.example. 5M IN A 10.0.2.116
+3000.example. 5M IN A 10.0.2.117
+3000.example. 5M IN A 10.0.2.118
+3000.example. 5M IN A 10.0.2.119
+3000.example. 5M IN A 10.0.2.120
+3000.example. 5M IN A 10.0.2.121
+3000.example. 5M IN A 10.0.2.122
+3000.example. 5M IN A 10.0.2.123
+3000.example. 5M IN A 10.0.2.124
+3000.example. 5M IN A 10.0.2.125
+3000.example. 5M IN A 10.0.2.126
+3000.example. 5M IN A 10.0.2.127
+3000.example. 5M IN A 10.0.2.128
+3000.example. 5M IN A 10.0.2.129
+3000.example. 5M IN A 10.0.2.130
+3000.example. 5M IN A 10.0.2.131
+3000.example. 5M IN A 10.0.2.132
+3000.example. 5M IN A 10.0.2.133
+3000.example. 5M IN A 10.0.2.134
+3000.example. 5M IN A 10.0.2.135
+3000.example. 5M IN A 10.0.2.136
+3000.example. 5M IN A 10.0.2.137
+3000.example. 5M IN A 10.0.2.138
+3000.example. 5M IN A 10.0.2.139
+3000.example. 5M IN A 10.0.2.140
+3000.example. 5M IN A 10.0.2.141
+3000.example. 5M IN A 10.0.2.142
+3000.example. 5M IN A 10.0.2.143
+3000.example. 5M IN A 10.0.2.144
+3000.example. 5M IN A 10.0.2.145
+3000.example. 5M IN A 10.0.2.146
+3000.example. 5M IN A 10.0.2.147
+3000.example. 5M IN A 10.0.2.148
+3000.example. 5M IN A 10.0.2.149
+3000.example. 5M IN A 10.0.2.150
+3000.example. 5M IN A 10.0.2.151
+3000.example. 5M IN A 10.0.2.152
+3000.example. 5M IN A 10.0.2.153
+3000.example. 5M IN A 10.0.2.154
+3000.example. 5M IN A 10.0.2.155
+3000.example. 5M IN A 10.0.2.156
+3000.example. 5M IN A 10.0.2.157
+3000.example. 5M IN A 10.0.2.158
+3000.example. 5M IN A 10.0.2.159
+3000.example. 5M IN A 10.0.2.160
+3000.example. 5M IN A 10.0.2.161
+3000.example. 5M IN A 10.0.2.162
+3000.example. 5M IN A 10.0.2.163
+3000.example. 5M IN A 10.0.2.164
+3000.example. 5M IN A 10.0.2.165
+3000.example. 5M IN A 10.0.2.166
+3000.example. 5M IN A 10.0.2.167
+3000.example. 5M IN A 10.0.2.168
+3000.example. 5M IN A 10.0.2.169
+3000.example. 5M IN A 10.0.2.170
+3000.example. 5M IN A 10.0.2.171
+3000.example. 5M IN A 10.0.2.172
+3000.example. 5M IN A 10.0.2.173
+3000.example. 5M IN A 10.0.2.174
+3000.example. 5M IN A 10.0.2.175
+3000.example. 5M IN A 10.0.2.176
+3000.example. 5M IN A 10.0.2.177
+3000.example. 5M IN A 10.0.2.178
+3000.example. 5M IN A 10.0.2.179
+3000.example. 5M IN A 10.0.2.180
+3000.example. 5M IN A 10.0.2.181
+3000.example. 5M IN A 10.0.2.182
+3000.example. 5M IN A 10.0.2.183
+3000.example. 5M IN A 10.0.2.184
+3000.example. 5M IN A 10.0.2.185
+3000.example. 5M IN A 10.0.2.186
+3000.example. 5M IN A 10.0.2.187
+3000.example. 5M IN A 10.0.2.188
+3000.example. 5M IN A 10.0.2.189
+3000.example. 5M IN A 10.0.2.190
+3000.example. 5M IN A 10.0.2.191
+3000.example. 5M IN A 10.0.2.192
+3000.example. 5M IN A 10.0.2.193
+3000.example. 5M IN A 10.0.2.194
+3000.example. 5M IN A 10.0.2.195
+3000.example. 5M IN A 10.0.2.196
+3000.example. 5M IN A 10.0.2.197
+3000.example. 5M IN A 10.0.2.198
+3000.example. 5M IN A 10.0.2.199
+3000.example. 5M IN A 10.0.2.200
+3000.example. 5M IN A 10.0.2.201
+3000.example. 5M IN A 10.0.2.202
+3000.example. 5M IN A 10.0.2.203
+3000.example. 5M IN A 10.0.2.204
+3000.example. 5M IN A 10.0.2.205
+3000.example. 5M IN A 10.0.2.206
+3000.example. 5M IN A 10.0.2.207
+3000.example. 5M IN A 10.0.2.208
+3000.example. 5M IN A 10.0.2.209
+3000.example. 5M IN A 10.0.2.210
+3000.example. 5M IN A 10.0.2.211
+3000.example. 5M IN A 10.0.2.212
+3000.example. 5M IN A 10.0.2.213
+3000.example. 5M IN A 10.0.2.214
+3000.example. 5M IN A 10.0.2.215
+3000.example. 5M IN A 10.0.2.216
+3000.example. 5M IN A 10.0.2.217
+3000.example. 5M IN A 10.0.2.218
+3000.example. 5M IN A 10.0.2.219
+3000.example. 5M IN A 10.0.2.220
+3000.example. 5M IN A 10.0.2.221
+3000.example. 5M IN A 10.0.2.222
+3000.example. 5M IN A 10.0.2.223
+3000.example. 5M IN A 10.0.2.224
+3000.example. 5M IN A 10.0.2.225
+3000.example. 5M IN A 10.0.2.226
+3000.example. 5M IN A 10.0.2.227
+3000.example. 5M IN A 10.0.2.228
+3000.example. 5M IN A 10.0.2.229
+3000.example. 5M IN A 10.0.2.230
+3000.example. 5M IN A 10.0.2.231
+3000.example. 5M IN A 10.0.2.232
+3000.example. 5M IN A 10.0.2.233
+3000.example. 5M IN A 10.0.2.234
+3000.example. 5M IN A 10.0.2.235
+3000.example. 5M IN A 10.0.2.236
+3000.example. 5M IN A 10.0.2.237
+3000.example. 5M IN A 10.0.2.238
+3000.example. 5M IN A 10.0.2.239
+3000.example. 5M IN A 10.0.2.240
+3000.example. 5M IN A 10.0.2.241
+3000.example. 5M IN A 10.0.2.242
+3000.example. 5M IN A 10.0.2.243
+3000.example. 5M IN A 10.0.2.244
+3000.example. 5M IN A 10.0.2.245
+3000.example. 5M IN A 10.0.2.246
+3000.example. 5M IN A 10.0.2.247
+3000.example. 5M IN A 10.0.2.248
+3000.example. 5M IN A 10.0.2.249
+3000.example. 5M IN A 10.0.2.250
+3000.example. 5M IN A 10.0.2.251
+3000.example. 5M IN A 10.0.2.252
+3000.example. 5M IN A 10.0.2.253
+3000.example. 5M IN A 10.0.2.254
+3000.example. 5M IN A 10.0.2.255
+3000.example. 5M IN A 10.0.3.0
+3000.example. 5M IN A 10.0.3.1
+3000.example. 5M IN A 10.0.3.2
+3000.example. 5M IN A 10.0.3.3
+3000.example. 5M IN A 10.0.3.4
+3000.example. 5M IN A 10.0.3.5
+3000.example. 5M IN A 10.0.3.6
+3000.example. 5M IN A 10.0.3.7
+3000.example. 5M IN A 10.0.3.8
+3000.example. 5M IN A 10.0.3.9
+3000.example. 5M IN A 10.0.3.10
+3000.example. 5M IN A 10.0.3.11
+3000.example. 5M IN A 10.0.3.12
+3000.example. 5M IN A 10.0.3.13
+3000.example. 5M IN A 10.0.3.14
+3000.example. 5M IN A 10.0.3.15
+3000.example. 5M IN A 10.0.3.16
+3000.example. 5M IN A 10.0.3.17
+3000.example. 5M IN A 10.0.3.18
+3000.example. 5M IN A 10.0.3.19
+3000.example. 5M IN A 10.0.3.20
+3000.example. 5M IN A 10.0.3.21
+3000.example. 5M IN A 10.0.3.22
+3000.example. 5M IN A 10.0.3.23
+3000.example. 5M IN A 10.0.3.24
+3000.example. 5M IN A 10.0.3.25
+3000.example. 5M IN A 10.0.3.26
+3000.example. 5M IN A 10.0.3.27
+3000.example. 5M IN A 10.0.3.28
+3000.example. 5M IN A 10.0.3.29
+3000.example. 5M IN A 10.0.3.30
+3000.example. 5M IN A 10.0.3.31
+3000.example. 5M IN A 10.0.3.32
+3000.example. 5M IN A 10.0.3.33
+3000.example. 5M IN A 10.0.3.34
+3000.example. 5M IN A 10.0.3.35
+3000.example. 5M IN A 10.0.3.36
+3000.example. 5M IN A 10.0.3.37
+3000.example. 5M IN A 10.0.3.38
+3000.example. 5M IN A 10.0.3.39
+3000.example. 5M IN A 10.0.3.40
+3000.example. 5M IN A 10.0.3.41
+3000.example. 5M IN A 10.0.3.42
+3000.example. 5M IN A 10.0.3.43
+3000.example. 5M IN A 10.0.3.44
+3000.example. 5M IN A 10.0.3.45
+3000.example. 5M IN A 10.0.3.46
+3000.example. 5M IN A 10.0.3.47
+3000.example. 5M IN A 10.0.3.48
+3000.example. 5M IN A 10.0.3.49
+3000.example. 5M IN A 10.0.3.50
+3000.example. 5M IN A 10.0.3.51
+3000.example. 5M IN A 10.0.3.52
+3000.example. 5M IN A 10.0.3.53
+3000.example. 5M IN A 10.0.3.54
+3000.example. 5M IN A 10.0.3.55
+3000.example. 5M IN A 10.0.3.56
+3000.example. 5M IN A 10.0.3.57
+3000.example. 5M IN A 10.0.3.58
+3000.example. 5M IN A 10.0.3.59
+3000.example. 5M IN A 10.0.3.60
+3000.example. 5M IN A 10.0.3.61
+3000.example. 5M IN A 10.0.3.62
+3000.example. 5M IN A 10.0.3.63
+3000.example. 5M IN A 10.0.3.64
+3000.example. 5M IN A 10.0.3.65
+3000.example. 5M IN A 10.0.3.66
+3000.example. 5M IN A 10.0.3.67
+3000.example. 5M IN A 10.0.3.68
+3000.example. 5M IN A 10.0.3.69
+3000.example. 5M IN A 10.0.3.70
+3000.example. 5M IN A 10.0.3.71
+3000.example. 5M IN A 10.0.3.72
+3000.example. 5M IN A 10.0.3.73
+3000.example. 5M IN A 10.0.3.74
+3000.example. 5M IN A 10.0.3.75
+3000.example. 5M IN A 10.0.3.76
+3000.example. 5M IN A 10.0.3.77
+3000.example. 5M IN A 10.0.3.78
+3000.example. 5M IN A 10.0.3.79
+3000.example. 5M IN A 10.0.3.80
+3000.example. 5M IN A 10.0.3.81
+3000.example. 5M IN A 10.0.3.82
+3000.example. 5M IN A 10.0.3.83
+3000.example. 5M IN A 10.0.3.84
+3000.example. 5M IN A 10.0.3.85
+3000.example. 5M IN A 10.0.3.86
+3000.example. 5M IN A 10.0.3.87
+3000.example. 5M IN A 10.0.3.88
+3000.example. 5M IN A 10.0.3.89
+3000.example. 5M IN A 10.0.3.90
+3000.example. 5M IN A 10.0.3.91
+3000.example. 5M IN A 10.0.3.92
+3000.example. 5M IN A 10.0.3.93
+3000.example. 5M IN A 10.0.3.94
+3000.example. 5M IN A 10.0.3.95
+3000.example. 5M IN A 10.0.3.96
+3000.example. 5M IN A 10.0.3.97
+3000.example. 5M IN A 10.0.3.98
+3000.example. 5M IN A 10.0.3.99
+3000.example. 5M IN A 10.0.3.100
+3000.example. 5M IN A 10.0.3.101
+3000.example. 5M IN A 10.0.3.102
+3000.example. 5M IN A 10.0.3.103
+3000.example. 5M IN A 10.0.3.104
+3000.example. 5M IN A 10.0.3.105
+3000.example. 5M IN A 10.0.3.106
+3000.example. 5M IN A 10.0.3.107
+3000.example. 5M IN A 10.0.3.108
+3000.example. 5M IN A 10.0.3.109
+3000.example. 5M IN A 10.0.3.110
+3000.example. 5M IN A 10.0.3.111
+3000.example. 5M IN A 10.0.3.112
+3000.example. 5M IN A 10.0.3.113
+3000.example. 5M IN A 10.0.3.114
+3000.example. 5M IN A 10.0.3.115
+3000.example. 5M IN A 10.0.3.116
+3000.example. 5M IN A 10.0.3.117
+3000.example. 5M IN A 10.0.3.118
+3000.example. 5M IN A 10.0.3.119
+3000.example. 5M IN A 10.0.3.120
+3000.example. 5M IN A 10.0.3.121
+3000.example. 5M IN A 10.0.3.122
+3000.example. 5M IN A 10.0.3.123
+3000.example. 5M IN A 10.0.3.124
+3000.example. 5M IN A 10.0.3.125
+3000.example. 5M IN A 10.0.3.126
+3000.example. 5M IN A 10.0.3.127
+3000.example. 5M IN A 10.0.3.128
+3000.example. 5M IN A 10.0.3.129
+3000.example. 5M IN A 10.0.3.130
+3000.example. 5M IN A 10.0.3.131
+3000.example. 5M IN A 10.0.3.132
+3000.example. 5M IN A 10.0.3.133
+3000.example. 5M IN A 10.0.3.134
+3000.example. 5M IN A 10.0.3.135
+3000.example. 5M IN A 10.0.3.136
+3000.example. 5M IN A 10.0.3.137
+3000.example. 5M IN A 10.0.3.138
+3000.example. 5M IN A 10.0.3.139
+3000.example. 5M IN A 10.0.3.140
+3000.example. 5M IN A 10.0.3.141
+3000.example. 5M IN A 10.0.3.142
+3000.example. 5M IN A 10.0.3.143
+3000.example. 5M IN A 10.0.3.144
+3000.example. 5M IN A 10.0.3.145
+3000.example. 5M IN A 10.0.3.146
+3000.example. 5M IN A 10.0.3.147
+3000.example. 5M IN A 10.0.3.148
+3000.example. 5M IN A 10.0.3.149
+3000.example. 5M IN A 10.0.3.150
+3000.example. 5M IN A 10.0.3.151
+3000.example. 5M IN A 10.0.3.152
+3000.example. 5M IN A 10.0.3.153
+3000.example. 5M IN A 10.0.3.154
+3000.example. 5M IN A 10.0.3.155
+3000.example. 5M IN A 10.0.3.156
+3000.example. 5M IN A 10.0.3.157
+3000.example. 5M IN A 10.0.3.158
+3000.example. 5M IN A 10.0.3.159
+3000.example. 5M IN A 10.0.3.160
+3000.example. 5M IN A 10.0.3.161
+3000.example. 5M IN A 10.0.3.162
+3000.example. 5M IN A 10.0.3.163
+3000.example. 5M IN A 10.0.3.164
+3000.example. 5M IN A 10.0.3.165
+3000.example. 5M IN A 10.0.3.166
+3000.example. 5M IN A 10.0.3.167
+3000.example. 5M IN A 10.0.3.168
+3000.example. 5M IN A 10.0.3.169
+3000.example. 5M IN A 10.0.3.170
+3000.example. 5M IN A 10.0.3.171
+3000.example. 5M IN A 10.0.3.172
+3000.example. 5M IN A 10.0.3.173
+3000.example. 5M IN A 10.0.3.174
+3000.example. 5M IN A 10.0.3.175
+3000.example. 5M IN A 10.0.3.176
+3000.example. 5M IN A 10.0.3.177
+3000.example. 5M IN A 10.0.3.178
+3000.example. 5M IN A 10.0.3.179
+3000.example. 5M IN A 10.0.3.180
+3000.example. 5M IN A 10.0.3.181
+3000.example. 5M IN A 10.0.3.182
+3000.example. 5M IN A 10.0.3.183
+3000.example. 5M IN A 10.0.3.184
+3000.example. 5M IN A 10.0.3.185
+3000.example. 5M IN A 10.0.3.186
+3000.example. 5M IN A 10.0.3.187
+3000.example. 5M IN A 10.0.3.188
+3000.example. 5M IN A 10.0.3.189
+3000.example. 5M IN A 10.0.3.190
+3000.example. 5M IN A 10.0.3.191
+3000.example. 5M IN A 10.0.3.192
+3000.example. 5M IN A 10.0.3.193
+3000.example. 5M IN A 10.0.3.194
+3000.example. 5M IN A 10.0.3.195
+3000.example. 5M IN A 10.0.3.196
+3000.example. 5M IN A 10.0.3.197
+3000.example. 5M IN A 10.0.3.198
+3000.example. 5M IN A 10.0.3.199
+3000.example. 5M IN A 10.0.3.200
+3000.example. 5M IN A 10.0.3.201
+3000.example. 5M IN A 10.0.3.202
+3000.example. 5M IN A 10.0.3.203
+3000.example. 5M IN A 10.0.3.204
+3000.example. 5M IN A 10.0.3.205
+3000.example. 5M IN A 10.0.3.206
+3000.example. 5M IN A 10.0.3.207
+3000.example. 5M IN A 10.0.3.208
+3000.example. 5M IN A 10.0.3.209
+3000.example. 5M IN A 10.0.3.210
+3000.example. 5M IN A 10.0.3.211
+3000.example. 5M IN A 10.0.3.212
+3000.example. 5M IN A 10.0.3.213
+3000.example. 5M IN A 10.0.3.214
+3000.example. 5M IN A 10.0.3.215
+3000.example. 5M IN A 10.0.3.216
+3000.example. 5M IN A 10.0.3.217
+3000.example. 5M IN A 10.0.3.218
+3000.example. 5M IN A 10.0.3.219
+3000.example. 5M IN A 10.0.3.220
+3000.example. 5M IN A 10.0.3.221
+3000.example. 5M IN A 10.0.3.222
+3000.example. 5M IN A 10.0.3.223
+3000.example. 5M IN A 10.0.3.224
+3000.example. 5M IN A 10.0.3.225
+3000.example. 5M IN A 10.0.3.226
+3000.example. 5M IN A 10.0.3.227
+3000.example. 5M IN A 10.0.3.228
+3000.example. 5M IN A 10.0.3.229
+3000.example. 5M IN A 10.0.3.230
+3000.example. 5M IN A 10.0.3.231
+3000.example. 5M IN A 10.0.3.232
+3000.example. 5M IN A 10.0.3.233
+3000.example. 5M IN A 10.0.3.234
+3000.example. 5M IN A 10.0.3.235
+3000.example. 5M IN A 10.0.3.236
+3000.example. 5M IN A 10.0.3.237
+3000.example. 5M IN A 10.0.3.238
+3000.example. 5M IN A 10.0.3.239
+3000.example. 5M IN A 10.0.3.240
+3000.example. 5M IN A 10.0.3.241
+3000.example. 5M IN A 10.0.3.242
+3000.example. 5M IN A 10.0.3.243
+3000.example. 5M IN A 10.0.3.244
+3000.example. 5M IN A 10.0.3.245
+3000.example. 5M IN A 10.0.3.246
+3000.example. 5M IN A 10.0.3.247
+3000.example. 5M IN A 10.0.3.248
+3000.example. 5M IN A 10.0.3.249
+3000.example. 5M IN A 10.0.3.250
+3000.example. 5M IN A 10.0.3.251
+3000.example. 5M IN A 10.0.3.252
+3000.example. 5M IN A 10.0.3.253
+3000.example. 5M IN A 10.0.3.254
+3000.example. 5M IN A 10.0.3.255
+3000.example. 5M IN A 10.0.4.0
+3000.example. 5M IN A 10.0.4.1
+3000.example. 5M IN A 10.0.4.2
+3000.example. 5M IN A 10.0.4.3
+3000.example. 5M IN A 10.0.4.4
+3000.example. 5M IN A 10.0.4.5
+3000.example. 5M IN A 10.0.4.6
+3000.example. 5M IN A 10.0.4.7
+3000.example. 5M IN A 10.0.4.8
+3000.example. 5M IN A 10.0.4.9
+3000.example. 5M IN A 10.0.4.10
+3000.example. 5M IN A 10.0.4.11
+3000.example. 5M IN A 10.0.4.12
+3000.example. 5M IN A 10.0.4.13
+3000.example. 5M IN A 10.0.4.14
+3000.example. 5M IN A 10.0.4.15
+3000.example. 5M IN A 10.0.4.16
+3000.example. 5M IN A 10.0.4.17
+3000.example. 5M IN A 10.0.4.18
+3000.example. 5M IN A 10.0.4.19
+3000.example. 5M IN A 10.0.4.20
+3000.example. 5M IN A 10.0.4.21
+3000.example. 5M IN A 10.0.4.22
+3000.example. 5M IN A 10.0.4.23
+3000.example. 5M IN A 10.0.4.24
+3000.example. 5M IN A 10.0.4.25
+3000.example. 5M IN A 10.0.4.26
+3000.example. 5M IN A 10.0.4.27
+3000.example. 5M IN A 10.0.4.28
+3000.example. 5M IN A 10.0.4.29
+3000.example. 5M IN A 10.0.4.30
+3000.example. 5M IN A 10.0.4.31
+3000.example. 5M IN A 10.0.4.32
+3000.example. 5M IN A 10.0.4.33
+3000.example. 5M IN A 10.0.4.34
+3000.example. 5M IN A 10.0.4.35
+3000.example. 5M IN A 10.0.4.36
+3000.example. 5M IN A 10.0.4.37
+3000.example. 5M IN A 10.0.4.38
+3000.example. 5M IN A 10.0.4.39
+3000.example. 5M IN A 10.0.4.40
+3000.example. 5M IN A 10.0.4.41
+3000.example. 5M IN A 10.0.4.42
+3000.example. 5M IN A 10.0.4.43
+3000.example. 5M IN A 10.0.4.44
+3000.example. 5M IN A 10.0.4.45
+3000.example. 5M IN A 10.0.4.46
+3000.example. 5M IN A 10.0.4.47
+3000.example. 5M IN A 10.0.4.48
+3000.example. 5M IN A 10.0.4.49
+3000.example. 5M IN A 10.0.4.50
+3000.example. 5M IN A 10.0.4.51
+3000.example. 5M IN A 10.0.4.52
+3000.example. 5M IN A 10.0.4.53
+3000.example. 5M IN A 10.0.4.54
+3000.example. 5M IN A 10.0.4.55
+3000.example. 5M IN A 10.0.4.56
+3000.example. 5M IN A 10.0.4.57
+3000.example. 5M IN A 10.0.4.58
+3000.example. 5M IN A 10.0.4.59
+3000.example. 5M IN A 10.0.4.60
+3000.example. 5M IN A 10.0.4.61
+3000.example. 5M IN A 10.0.4.62
+3000.example. 5M IN A 10.0.4.63
+3000.example. 5M IN A 10.0.4.64
+3000.example. 5M IN A 10.0.4.65
+3000.example. 5M IN A 10.0.4.66
+3000.example. 5M IN A 10.0.4.67
+3000.example. 5M IN A 10.0.4.68
+3000.example. 5M IN A 10.0.4.69
+3000.example. 5M IN A 10.0.4.70
+3000.example. 5M IN A 10.0.4.71
+3000.example. 5M IN A 10.0.4.72
+3000.example. 5M IN A 10.0.4.73
+3000.example. 5M IN A 10.0.4.74
+3000.example. 5M IN A 10.0.4.75
+3000.example. 5M IN A 10.0.4.76
+3000.example. 5M IN A 10.0.4.77
+3000.example. 5M IN A 10.0.4.78
+3000.example. 5M IN A 10.0.4.79
+3000.example. 5M IN A 10.0.4.80
+3000.example. 5M IN A 10.0.4.81
+3000.example. 5M IN A 10.0.4.82
+3000.example. 5M IN A 10.0.4.83
+3000.example. 5M IN A 10.0.4.84
+3000.example. 5M IN A 10.0.4.85
+3000.example. 5M IN A 10.0.4.86
+3000.example. 5M IN A 10.0.4.87
+3000.example. 5M IN A 10.0.4.88
+3000.example. 5M IN A 10.0.4.89
+3000.example. 5M IN A 10.0.4.90
+3000.example. 5M IN A 10.0.4.91
+3000.example. 5M IN A 10.0.4.92
+3000.example. 5M IN A 10.0.4.93
+3000.example. 5M IN A 10.0.4.94
+3000.example. 5M IN A 10.0.4.95
+3000.example. 5M IN A 10.0.4.96
+3000.example. 5M IN A 10.0.4.97
+3000.example. 5M IN A 10.0.4.98
+3000.example. 5M IN A 10.0.4.99
+3000.example. 5M IN A 10.0.4.100
+3000.example. 5M IN A 10.0.4.101
+3000.example. 5M IN A 10.0.4.102
+3000.example. 5M IN A 10.0.4.103
+3000.example. 5M IN A 10.0.4.104
+3000.example. 5M IN A 10.0.4.105
+3000.example. 5M IN A 10.0.4.106
+3000.example. 5M IN A 10.0.4.107
+3000.example. 5M IN A 10.0.4.108
+3000.example. 5M IN A 10.0.4.109
+3000.example. 5M IN A 10.0.4.110
+3000.example. 5M IN A 10.0.4.111
+3000.example. 5M IN A 10.0.4.112
+3000.example. 5M IN A 10.0.4.113
+3000.example. 5M IN A 10.0.4.114
+3000.example. 5M IN A 10.0.4.115
+3000.example. 5M IN A 10.0.4.116
+3000.example. 5M IN A 10.0.4.117
+3000.example. 5M IN A 10.0.4.118
+3000.example. 5M IN A 10.0.4.119
+3000.example. 5M IN A 10.0.4.120
+3000.example. 5M IN A 10.0.4.121
+3000.example. 5M IN A 10.0.4.122
+3000.example. 5M IN A 10.0.4.123
+3000.example. 5M IN A 10.0.4.124
+3000.example. 5M IN A 10.0.4.125
+3000.example. 5M IN A 10.0.4.126
+3000.example. 5M IN A 10.0.4.127
+3000.example. 5M IN A 10.0.4.128
+3000.example. 5M IN A 10.0.4.129
+3000.example. 5M IN A 10.0.4.130
+3000.example. 5M IN A 10.0.4.131
+3000.example. 5M IN A 10.0.4.132
+3000.example. 5M IN A 10.0.4.133
+3000.example. 5M IN A 10.0.4.134
+3000.example. 5M IN A 10.0.4.135
+3000.example. 5M IN A 10.0.4.136
+3000.example. 5M IN A 10.0.4.137
+3000.example. 5M IN A 10.0.4.138
+3000.example. 5M IN A 10.0.4.139
+3000.example. 5M IN A 10.0.4.140
+3000.example. 5M IN A 10.0.4.141
+3000.example. 5M IN A 10.0.4.142
+3000.example. 5M IN A 10.0.4.143
+3000.example. 5M IN A 10.0.4.144
+3000.example. 5M IN A 10.0.4.145
+3000.example. 5M IN A 10.0.4.146
+3000.example. 5M IN A 10.0.4.147
+3000.example. 5M IN A 10.0.4.148
+3000.example. 5M IN A 10.0.4.149
+3000.example. 5M IN A 10.0.4.150
+3000.example. 5M IN A 10.0.4.151
+3000.example. 5M IN A 10.0.4.152
+3000.example. 5M IN A 10.0.4.153
+3000.example. 5M IN A 10.0.4.154
+3000.example. 5M IN A 10.0.4.155
+3000.example. 5M IN A 10.0.4.156
+3000.example. 5M IN A 10.0.4.157
+3000.example. 5M IN A 10.0.4.158
+3000.example. 5M IN A 10.0.4.159
+3000.example. 5M IN A 10.0.4.160
+3000.example. 5M IN A 10.0.4.161
+3000.example. 5M IN A 10.0.4.162
+3000.example. 5M IN A 10.0.4.163
+3000.example. 5M IN A 10.0.4.164
+3000.example. 5M IN A 10.0.4.165
+3000.example. 5M IN A 10.0.4.166
+3000.example. 5M IN A 10.0.4.167
+3000.example. 5M IN A 10.0.4.168
+3000.example. 5M IN A 10.0.4.169
+3000.example. 5M IN A 10.0.4.170
+3000.example. 5M IN A 10.0.4.171
+3000.example. 5M IN A 10.0.4.172
+3000.example. 5M IN A 10.0.4.173
+3000.example. 5M IN A 10.0.4.174
+3000.example. 5M IN A 10.0.4.175
+3000.example. 5M IN A 10.0.4.176
+3000.example. 5M IN A 10.0.4.177
+3000.example. 5M IN A 10.0.4.178
+3000.example. 5M IN A 10.0.4.179
+3000.example. 5M IN A 10.0.4.180
+3000.example. 5M IN A 10.0.4.181
+3000.example. 5M IN A 10.0.4.182
+3000.example. 5M IN A 10.0.4.183
+3000.example. 5M IN A 10.0.4.184
+3000.example. 5M IN A 10.0.4.185
+3000.example. 5M IN A 10.0.4.186
+3000.example. 5M IN A 10.0.4.187
+3000.example. 5M IN A 10.0.4.188
+3000.example. 5M IN A 10.0.4.189
+3000.example. 5M IN A 10.0.4.190
+3000.example. 5M IN A 10.0.4.191
+3000.example. 5M IN A 10.0.4.192
+3000.example. 5M IN A 10.0.4.193
+3000.example. 5M IN A 10.0.4.194
+3000.example. 5M IN A 10.0.4.195
+3000.example. 5M IN A 10.0.4.196
+3000.example. 5M IN A 10.0.4.197
+3000.example. 5M IN A 10.0.4.198
+3000.example. 5M IN A 10.0.4.199
+3000.example. 5M IN A 10.0.4.200
+3000.example. 5M IN A 10.0.4.201
+3000.example. 5M IN A 10.0.4.202
+3000.example. 5M IN A 10.0.4.203
+3000.example. 5M IN A 10.0.4.204
+3000.example. 5M IN A 10.0.4.205
+3000.example. 5M IN A 10.0.4.206
+3000.example. 5M IN A 10.0.4.207
+3000.example. 5M IN A 10.0.4.208
+3000.example. 5M IN A 10.0.4.209
+3000.example. 5M IN A 10.0.4.210
+3000.example. 5M IN A 10.0.4.211
+3000.example. 5M IN A 10.0.4.212
+3000.example. 5M IN A 10.0.4.213
+3000.example. 5M IN A 10.0.4.214
+3000.example. 5M IN A 10.0.4.215
+3000.example. 5M IN A 10.0.4.216
+3000.example. 5M IN A 10.0.4.217
+3000.example. 5M IN A 10.0.4.218
+3000.example. 5M IN A 10.0.4.219
+3000.example. 5M IN A 10.0.4.220
+3000.example. 5M IN A 10.0.4.221
+3000.example. 5M IN A 10.0.4.222
+3000.example. 5M IN A 10.0.4.223
+3000.example. 5M IN A 10.0.4.224
+3000.example. 5M IN A 10.0.4.225
+3000.example. 5M IN A 10.0.4.226
+3000.example. 5M IN A 10.0.4.227
+3000.example. 5M IN A 10.0.4.228
+3000.example. 5M IN A 10.0.4.229
+3000.example. 5M IN A 10.0.4.230
+3000.example. 5M IN A 10.0.4.231
+3000.example. 5M IN A 10.0.4.232
+3000.example. 5M IN A 10.0.4.233
+3000.example. 5M IN A 10.0.4.234
+3000.example. 5M IN A 10.0.4.235
+3000.example. 5M IN A 10.0.4.236
+3000.example. 5M IN A 10.0.4.237
+3000.example. 5M IN A 10.0.4.238
+3000.example. 5M IN A 10.0.4.239
+3000.example. 5M IN A 10.0.4.240
+3000.example. 5M IN A 10.0.4.241
+3000.example. 5M IN A 10.0.4.242
+3000.example. 5M IN A 10.0.4.243
+3000.example. 5M IN A 10.0.4.244
+3000.example. 5M IN A 10.0.4.245
+3000.example. 5M IN A 10.0.4.246
+3000.example. 5M IN A 10.0.4.247
+3000.example. 5M IN A 10.0.4.248
+3000.example. 5M IN A 10.0.4.249
+3000.example. 5M IN A 10.0.4.250
+3000.example. 5M IN A 10.0.4.251
+3000.example. 5M IN A 10.0.4.252
+3000.example. 5M IN A 10.0.4.253
+3000.example. 5M IN A 10.0.4.254
+3000.example. 5M IN A 10.0.4.255
+3000.example. 5M IN A 10.0.5.0
+3000.example. 5M IN A 10.0.5.1
+3000.example. 5M IN A 10.0.5.2
+3000.example. 5M IN A 10.0.5.3
+3000.example. 5M IN A 10.0.5.4
+3000.example. 5M IN A 10.0.5.5
+3000.example. 5M IN A 10.0.5.6
+3000.example. 5M IN A 10.0.5.7
+3000.example. 5M IN A 10.0.5.8
+3000.example. 5M IN A 10.0.5.9
+3000.example. 5M IN A 10.0.5.10
+3000.example. 5M IN A 10.0.5.11
+3000.example. 5M IN A 10.0.5.12
+3000.example. 5M IN A 10.0.5.13
+3000.example. 5M IN A 10.0.5.14
+3000.example. 5M IN A 10.0.5.15
+3000.example. 5M IN A 10.0.5.16
+3000.example. 5M IN A 10.0.5.17
+3000.example. 5M IN A 10.0.5.18
+3000.example. 5M IN A 10.0.5.19
+3000.example. 5M IN A 10.0.5.20
+3000.example. 5M IN A 10.0.5.21
+3000.example. 5M IN A 10.0.5.22
+3000.example. 5M IN A 10.0.5.23
+3000.example. 5M IN A 10.0.5.24
+3000.example. 5M IN A 10.0.5.25
+3000.example. 5M IN A 10.0.5.26
+3000.example. 5M IN A 10.0.5.27
+3000.example. 5M IN A 10.0.5.28
+3000.example. 5M IN A 10.0.5.29
+3000.example. 5M IN A 10.0.5.30
+3000.example. 5M IN A 10.0.5.31
+3000.example. 5M IN A 10.0.5.32
+3000.example. 5M IN A 10.0.5.33
+3000.example. 5M IN A 10.0.5.34
+3000.example. 5M IN A 10.0.5.35
+3000.example. 5M IN A 10.0.5.36
+3000.example. 5M IN A 10.0.5.37
+3000.example. 5M IN A 10.0.5.38
+3000.example. 5M IN A 10.0.5.39
+3000.example. 5M IN A 10.0.5.40
+3000.example. 5M IN A 10.0.5.41
+3000.example. 5M IN A 10.0.5.42
+3000.example. 5M IN A 10.0.5.43
+3000.example. 5M IN A 10.0.5.44
+3000.example. 5M IN A 10.0.5.45
+3000.example. 5M IN A 10.0.5.46
+3000.example. 5M IN A 10.0.5.47
+3000.example. 5M IN A 10.0.5.48
+3000.example. 5M IN A 10.0.5.49
+3000.example. 5M IN A 10.0.5.50
+3000.example. 5M IN A 10.0.5.51
+3000.example. 5M IN A 10.0.5.52
+3000.example. 5M IN A 10.0.5.53
+3000.example. 5M IN A 10.0.5.54
+3000.example. 5M IN A 10.0.5.55
+3000.example. 5M IN A 10.0.5.56
+3000.example. 5M IN A 10.0.5.57
+3000.example. 5M IN A 10.0.5.58
+3000.example. 5M IN A 10.0.5.59
+3000.example. 5M IN A 10.0.5.60
+3000.example. 5M IN A 10.0.5.61
+3000.example. 5M IN A 10.0.5.62
+3000.example. 5M IN A 10.0.5.63
+3000.example. 5M IN A 10.0.5.64
+3000.example. 5M IN A 10.0.5.65
+3000.example. 5M IN A 10.0.5.66
+3000.example. 5M IN A 10.0.5.67
+3000.example. 5M IN A 10.0.5.68
+3000.example. 5M IN A 10.0.5.69
+3000.example. 5M IN A 10.0.5.70
+3000.example. 5M IN A 10.0.5.71
+3000.example. 5M IN A 10.0.5.72
+3000.example. 5M IN A 10.0.5.73
+3000.example. 5M IN A 10.0.5.74
+3000.example. 5M IN A 10.0.5.75
+3000.example. 5M IN A 10.0.5.76
+3000.example. 5M IN A 10.0.5.77
+3000.example. 5M IN A 10.0.5.78
+3000.example. 5M IN A 10.0.5.79
+3000.example. 5M IN A 10.0.5.80
+3000.example. 5M IN A 10.0.5.81
+3000.example. 5M IN A 10.0.5.82
+3000.example. 5M IN A 10.0.5.83
+3000.example. 5M IN A 10.0.5.84
+3000.example. 5M IN A 10.0.5.85
+3000.example. 5M IN A 10.0.5.86
+3000.example. 5M IN A 10.0.5.87
+3000.example. 5M IN A 10.0.5.88
+3000.example. 5M IN A 10.0.5.89
+3000.example. 5M IN A 10.0.5.90
+3000.example. 5M IN A 10.0.5.91
+3000.example. 5M IN A 10.0.5.92
+3000.example. 5M IN A 10.0.5.93
+3000.example. 5M IN A 10.0.5.94
+3000.example. 5M IN A 10.0.5.95
+3000.example. 5M IN A 10.0.5.96
+3000.example. 5M IN A 10.0.5.97
+3000.example. 5M IN A 10.0.5.98
+3000.example. 5M IN A 10.0.5.99
+3000.example. 5M IN A 10.0.5.100
+3000.example. 5M IN A 10.0.5.101
+3000.example. 5M IN A 10.0.5.102
+3000.example. 5M IN A 10.0.5.103
+3000.example. 5M IN A 10.0.5.104
+3000.example. 5M IN A 10.0.5.105
+3000.example. 5M IN A 10.0.5.106
+3000.example. 5M IN A 10.0.5.107
+3000.example. 5M IN A 10.0.5.108
+3000.example. 5M IN A 10.0.5.109
+3000.example. 5M IN A 10.0.5.110
+3000.example. 5M IN A 10.0.5.111
+3000.example. 5M IN A 10.0.5.112
+3000.example. 5M IN A 10.0.5.113
+3000.example. 5M IN A 10.0.5.114
+3000.example. 5M IN A 10.0.5.115
+3000.example. 5M IN A 10.0.5.116
+3000.example. 5M IN A 10.0.5.117
+3000.example. 5M IN A 10.0.5.118
+3000.example. 5M IN A 10.0.5.119
+3000.example. 5M IN A 10.0.5.120
+3000.example. 5M IN A 10.0.5.121
+3000.example. 5M IN A 10.0.5.122
+3000.example. 5M IN A 10.0.5.123
+3000.example. 5M IN A 10.0.5.124
+3000.example. 5M IN A 10.0.5.125
+3000.example. 5M IN A 10.0.5.126
+3000.example. 5M IN A 10.0.5.127
+3000.example. 5M IN A 10.0.5.128
+3000.example. 5M IN A 10.0.5.129
+3000.example. 5M IN A 10.0.5.130
+3000.example. 5M IN A 10.0.5.131
+3000.example. 5M IN A 10.0.5.132
+3000.example. 5M IN A 10.0.5.133
+3000.example. 5M IN A 10.0.5.134
+3000.example. 5M IN A 10.0.5.135
+3000.example. 5M IN A 10.0.5.136
+3000.example. 5M IN A 10.0.5.137
+3000.example. 5M IN A 10.0.5.138
+3000.example. 5M IN A 10.0.5.139
+3000.example. 5M IN A 10.0.5.140
+3000.example. 5M IN A 10.0.5.141
+3000.example. 5M IN A 10.0.5.142
+3000.example. 5M IN A 10.0.5.143
+3000.example. 5M IN A 10.0.5.144
+3000.example. 5M IN A 10.0.5.145
+3000.example. 5M IN A 10.0.5.146
+3000.example. 5M IN A 10.0.5.147
+3000.example. 5M IN A 10.0.5.148
+3000.example. 5M IN A 10.0.5.149
+3000.example. 5M IN A 10.0.5.150
+3000.example. 5M IN A 10.0.5.151
+3000.example. 5M IN A 10.0.5.152
+3000.example. 5M IN A 10.0.5.153
+3000.example. 5M IN A 10.0.5.154
+3000.example. 5M IN A 10.0.5.155
+3000.example. 5M IN A 10.0.5.156
+3000.example. 5M IN A 10.0.5.157
+3000.example. 5M IN A 10.0.5.158
+3000.example. 5M IN A 10.0.5.159
+3000.example. 5M IN A 10.0.5.160
+3000.example. 5M IN A 10.0.5.161
+3000.example. 5M IN A 10.0.5.162
+3000.example. 5M IN A 10.0.5.163
+3000.example. 5M IN A 10.0.5.164
+3000.example. 5M IN A 10.0.5.165
+3000.example. 5M IN A 10.0.5.166
+3000.example. 5M IN A 10.0.5.167
+3000.example. 5M IN A 10.0.5.168
+3000.example. 5M IN A 10.0.5.169
+3000.example. 5M IN A 10.0.5.170
+3000.example. 5M IN A 10.0.5.171
+3000.example. 5M IN A 10.0.5.172
+3000.example. 5M IN A 10.0.5.173
+3000.example. 5M IN A 10.0.5.174
+3000.example. 5M IN A 10.0.5.175
+3000.example. 5M IN A 10.0.5.176
+3000.example. 5M IN A 10.0.5.177
+3000.example. 5M IN A 10.0.5.178
+3000.example. 5M IN A 10.0.5.179
+3000.example. 5M IN A 10.0.5.180
+3000.example. 5M IN A 10.0.5.181
+3000.example. 5M IN A 10.0.5.182
+3000.example. 5M IN A 10.0.5.183
+3000.example. 5M IN A 10.0.5.184
+3000.example. 5M IN A 10.0.5.185
+3000.example. 5M IN A 10.0.5.186
+3000.example. 5M IN A 10.0.5.187
+3000.example. 5M IN A 10.0.5.188
+3000.example. 5M IN A 10.0.5.189
+3000.example. 5M IN A 10.0.5.190
+3000.example. 5M IN A 10.0.5.191
+3000.example. 5M IN A 10.0.5.192
+3000.example. 5M IN A 10.0.5.193
+3000.example. 5M IN A 10.0.5.194
+3000.example. 5M IN A 10.0.5.195
+3000.example. 5M IN A 10.0.5.196
+3000.example. 5M IN A 10.0.5.197
+3000.example. 5M IN A 10.0.5.198
+3000.example. 5M IN A 10.0.5.199
+3000.example. 5M IN A 10.0.5.200
+3000.example. 5M IN A 10.0.5.201
+3000.example. 5M IN A 10.0.5.202
+3000.example. 5M IN A 10.0.5.203
+3000.example. 5M IN A 10.0.5.204
+3000.example. 5M IN A 10.0.5.205
+3000.example. 5M IN A 10.0.5.206
+3000.example. 5M IN A 10.0.5.207
+3000.example. 5M IN A 10.0.5.208
+3000.example. 5M IN A 10.0.5.209
+3000.example. 5M IN A 10.0.5.210
+3000.example. 5M IN A 10.0.5.211
+3000.example. 5M IN A 10.0.5.212
+3000.example. 5M IN A 10.0.5.213
+3000.example. 5M IN A 10.0.5.214
+3000.example. 5M IN A 10.0.5.215
+3000.example. 5M IN A 10.0.5.216
+3000.example. 5M IN A 10.0.5.217
+3000.example. 5M IN A 10.0.5.218
+3000.example. 5M IN A 10.0.5.219
+3000.example. 5M IN A 10.0.5.220
+3000.example. 5M IN A 10.0.5.221
+3000.example. 5M IN A 10.0.5.222
+3000.example. 5M IN A 10.0.5.223
+3000.example. 5M IN A 10.0.5.224
+3000.example. 5M IN A 10.0.5.225
+3000.example. 5M IN A 10.0.5.226
+3000.example. 5M IN A 10.0.5.227
+3000.example. 5M IN A 10.0.5.228
+3000.example. 5M IN A 10.0.5.229
+3000.example. 5M IN A 10.0.5.230
+3000.example. 5M IN A 10.0.5.231
+3000.example. 5M IN A 10.0.5.232
+3000.example. 5M IN A 10.0.5.233
+3000.example. 5M IN A 10.0.5.234
+3000.example. 5M IN A 10.0.5.235
+3000.example. 5M IN A 10.0.5.236
+3000.example. 5M IN A 10.0.5.237
+3000.example. 5M IN A 10.0.5.238
+3000.example. 5M IN A 10.0.5.239
+3000.example. 5M IN A 10.0.5.240
+3000.example. 5M IN A 10.0.5.241
+3000.example. 5M IN A 10.0.5.242
+3000.example. 5M IN A 10.0.5.243
+3000.example. 5M IN A 10.0.5.244
+3000.example. 5M IN A 10.0.5.245
+3000.example. 5M IN A 10.0.5.246
+3000.example. 5M IN A 10.0.5.247
+3000.example. 5M IN A 10.0.5.248
+3000.example. 5M IN A 10.0.5.249
+3000.example. 5M IN A 10.0.5.250
+3000.example. 5M IN A 10.0.5.251
+3000.example. 5M IN A 10.0.5.252
+3000.example. 5M IN A 10.0.5.253
+3000.example. 5M IN A 10.0.5.254
+3000.example. 5M IN A 10.0.5.255
+3000.example. 5M IN A 10.0.6.0
+3000.example. 5M IN A 10.0.6.1
+3000.example. 5M IN A 10.0.6.2
+3000.example. 5M IN A 10.0.6.3
+3000.example. 5M IN A 10.0.6.4
+3000.example. 5M IN A 10.0.6.5
+3000.example. 5M IN A 10.0.6.6
+3000.example. 5M IN A 10.0.6.7
+3000.example. 5M IN A 10.0.6.8
+3000.example. 5M IN A 10.0.6.9
+3000.example. 5M IN A 10.0.6.10
+3000.example. 5M IN A 10.0.6.11
+3000.example. 5M IN A 10.0.6.12
+3000.example. 5M IN A 10.0.6.13
+3000.example. 5M IN A 10.0.6.14
+3000.example. 5M IN A 10.0.6.15
+3000.example. 5M IN A 10.0.6.16
+3000.example. 5M IN A 10.0.6.17
+3000.example. 5M IN A 10.0.6.18
+3000.example. 5M IN A 10.0.6.19
+3000.example. 5M IN A 10.0.6.20
+3000.example. 5M IN A 10.0.6.21
+3000.example. 5M IN A 10.0.6.22
+3000.example. 5M IN A 10.0.6.23
+3000.example. 5M IN A 10.0.6.24
+3000.example. 5M IN A 10.0.6.25
+3000.example. 5M IN A 10.0.6.26
+3000.example. 5M IN A 10.0.6.27
+3000.example. 5M IN A 10.0.6.28
+3000.example. 5M IN A 10.0.6.29
+3000.example. 5M IN A 10.0.6.30
+3000.example. 5M IN A 10.0.6.31
+3000.example. 5M IN A 10.0.6.32
+3000.example. 5M IN A 10.0.6.33
+3000.example. 5M IN A 10.0.6.34
+3000.example. 5M IN A 10.0.6.35
+3000.example. 5M IN A 10.0.6.36
+3000.example. 5M IN A 10.0.6.37
+3000.example. 5M IN A 10.0.6.38
+3000.example. 5M IN A 10.0.6.39
+3000.example. 5M IN A 10.0.6.40
+3000.example. 5M IN A 10.0.6.41
+3000.example. 5M IN A 10.0.6.42
+3000.example. 5M IN A 10.0.6.43
+3000.example. 5M IN A 10.0.6.44
+3000.example. 5M IN A 10.0.6.45
+3000.example. 5M IN A 10.0.6.46
+3000.example. 5M IN A 10.0.6.47
+3000.example. 5M IN A 10.0.6.48
+3000.example. 5M IN A 10.0.6.49
+3000.example. 5M IN A 10.0.6.50
+3000.example. 5M IN A 10.0.6.51
+3000.example. 5M IN A 10.0.6.52
+3000.example. 5M IN A 10.0.6.53
+3000.example. 5M IN A 10.0.6.54
+3000.example. 5M IN A 10.0.6.55
+3000.example. 5M IN A 10.0.6.56
+3000.example. 5M IN A 10.0.6.57
+3000.example. 5M IN A 10.0.6.58
+3000.example. 5M IN A 10.0.6.59
+3000.example. 5M IN A 10.0.6.60
+3000.example. 5M IN A 10.0.6.61
+3000.example. 5M IN A 10.0.6.62
+3000.example. 5M IN A 10.0.6.63
+3000.example. 5M IN A 10.0.6.64
+3000.example. 5M IN A 10.0.6.65
+3000.example. 5M IN A 10.0.6.66
+3000.example. 5M IN A 10.0.6.67
+3000.example. 5M IN A 10.0.6.68
+3000.example. 5M IN A 10.0.6.69
+3000.example. 5M IN A 10.0.6.70
+3000.example. 5M IN A 10.0.6.71
+3000.example. 5M IN A 10.0.6.72
+3000.example. 5M IN A 10.0.6.73
+3000.example. 5M IN A 10.0.6.74
+3000.example. 5M IN A 10.0.6.75
+3000.example. 5M IN A 10.0.6.76
+3000.example. 5M IN A 10.0.6.77
+3000.example. 5M IN A 10.0.6.78
+3000.example. 5M IN A 10.0.6.79
+3000.example. 5M IN A 10.0.6.80
+3000.example. 5M IN A 10.0.6.81
+3000.example. 5M IN A 10.0.6.82
+3000.example. 5M IN A 10.0.6.83
+3000.example. 5M IN A 10.0.6.84
+3000.example. 5M IN A 10.0.6.85
+3000.example. 5M IN A 10.0.6.86
+3000.example. 5M IN A 10.0.6.87
+3000.example. 5M IN A 10.0.6.88
+3000.example. 5M IN A 10.0.6.89
+3000.example. 5M IN A 10.0.6.90
+3000.example. 5M IN A 10.0.6.91
+3000.example. 5M IN A 10.0.6.92
+3000.example. 5M IN A 10.0.6.93
+3000.example. 5M IN A 10.0.6.94
+3000.example. 5M IN A 10.0.6.95
+3000.example. 5M IN A 10.0.6.96
+3000.example. 5M IN A 10.0.6.97
+3000.example. 5M IN A 10.0.6.98
+3000.example. 5M IN A 10.0.6.99
+3000.example. 5M IN A 10.0.6.100
+3000.example. 5M IN A 10.0.6.101
+3000.example. 5M IN A 10.0.6.102
+3000.example. 5M IN A 10.0.6.103
+3000.example. 5M IN A 10.0.6.104
+3000.example. 5M IN A 10.0.6.105
+3000.example. 5M IN A 10.0.6.106
+3000.example. 5M IN A 10.0.6.107
+3000.example. 5M IN A 10.0.6.108
+3000.example. 5M IN A 10.0.6.109
+3000.example. 5M IN A 10.0.6.110
+3000.example. 5M IN A 10.0.6.111
+3000.example. 5M IN A 10.0.6.112
+3000.example. 5M IN A 10.0.6.113
+3000.example. 5M IN A 10.0.6.114
+3000.example. 5M IN A 10.0.6.115
+3000.example. 5M IN A 10.0.6.116
+3000.example. 5M IN A 10.0.6.117
+3000.example. 5M IN A 10.0.6.118
+3000.example. 5M IN A 10.0.6.119
+3000.example. 5M IN A 10.0.6.120
+3000.example. 5M IN A 10.0.6.121
+3000.example. 5M IN A 10.0.6.122
+3000.example. 5M IN A 10.0.6.123
+3000.example. 5M IN A 10.0.6.124
+3000.example. 5M IN A 10.0.6.125
+3000.example. 5M IN A 10.0.6.126
+3000.example. 5M IN A 10.0.6.127
+3000.example. 5M IN A 10.0.6.128
+3000.example. 5M IN A 10.0.6.129
+3000.example. 5M IN A 10.0.6.130
+3000.example. 5M IN A 10.0.6.131
+3000.example. 5M IN A 10.0.6.132
+3000.example. 5M IN A 10.0.6.133
+3000.example. 5M IN A 10.0.6.134
+3000.example. 5M IN A 10.0.6.135
+3000.example. 5M IN A 10.0.6.136
+3000.example. 5M IN A 10.0.6.137
+3000.example. 5M IN A 10.0.6.138
+3000.example. 5M IN A 10.0.6.139
+3000.example. 5M IN A 10.0.6.140
+3000.example. 5M IN A 10.0.6.141
+3000.example. 5M IN A 10.0.6.142
+3000.example. 5M IN A 10.0.6.143
+3000.example. 5M IN A 10.0.6.144
+3000.example. 5M IN A 10.0.6.145
+3000.example. 5M IN A 10.0.6.146
+3000.example. 5M IN A 10.0.6.147
+3000.example. 5M IN A 10.0.6.148
+3000.example. 5M IN A 10.0.6.149
+3000.example. 5M IN A 10.0.6.150
+3000.example. 5M IN A 10.0.6.151
+3000.example. 5M IN A 10.0.6.152
+3000.example. 5M IN A 10.0.6.153
+3000.example. 5M IN A 10.0.6.154
+3000.example. 5M IN A 10.0.6.155
+3000.example. 5M IN A 10.0.6.156
+3000.example. 5M IN A 10.0.6.157
+3000.example. 5M IN A 10.0.6.158
+3000.example. 5M IN A 10.0.6.159
+3000.example. 5M IN A 10.0.6.160
+3000.example. 5M IN A 10.0.6.161
+3000.example. 5M IN A 10.0.6.162
+3000.example. 5M IN A 10.0.6.163
+3000.example. 5M IN A 10.0.6.164
+3000.example. 5M IN A 10.0.6.165
+3000.example. 5M IN A 10.0.6.166
+3000.example. 5M IN A 10.0.6.167
+3000.example. 5M IN A 10.0.6.168
+3000.example. 5M IN A 10.0.6.169
+3000.example. 5M IN A 10.0.6.170
+3000.example. 5M IN A 10.0.6.171
+3000.example. 5M IN A 10.0.6.172
+3000.example. 5M IN A 10.0.6.173
+3000.example. 5M IN A 10.0.6.174
+3000.example. 5M IN A 10.0.6.175
+3000.example. 5M IN A 10.0.6.176
+3000.example. 5M IN A 10.0.6.177
+3000.example. 5M IN A 10.0.6.178
+3000.example. 5M IN A 10.0.6.179
+3000.example. 5M IN A 10.0.6.180
+3000.example. 5M IN A 10.0.6.181
+3000.example. 5M IN A 10.0.6.182
+3000.example. 5M IN A 10.0.6.183
+3000.example. 5M IN A 10.0.6.184
+3000.example. 5M IN A 10.0.6.185
+3000.example. 5M IN A 10.0.6.186
+3000.example. 5M IN A 10.0.6.187
+3000.example. 5M IN A 10.0.6.188
+3000.example. 5M IN A 10.0.6.189
+3000.example. 5M IN A 10.0.6.190
+3000.example. 5M IN A 10.0.6.191
+3000.example. 5M IN A 10.0.6.192
+3000.example. 5M IN A 10.0.6.193
+3000.example. 5M IN A 10.0.6.194
+3000.example. 5M IN A 10.0.6.195
+3000.example. 5M IN A 10.0.6.196
+3000.example. 5M IN A 10.0.6.197
+3000.example. 5M IN A 10.0.6.198
+3000.example. 5M IN A 10.0.6.199
+3000.example. 5M IN A 10.0.6.200
+3000.example. 5M IN A 10.0.6.201
+3000.example. 5M IN A 10.0.6.202
+3000.example. 5M IN A 10.0.6.203
+3000.example. 5M IN A 10.0.6.204
+3000.example. 5M IN A 10.0.6.205
+3000.example. 5M IN A 10.0.6.206
+3000.example. 5M IN A 10.0.6.207
+3000.example. 5M IN A 10.0.6.208
+3000.example. 5M IN A 10.0.6.209
+3000.example. 5M IN A 10.0.6.210
+3000.example. 5M IN A 10.0.6.211
+3000.example. 5M IN A 10.0.6.212
+3000.example. 5M IN A 10.0.6.213
+3000.example. 5M IN A 10.0.6.214
+3000.example. 5M IN A 10.0.6.215
+3000.example. 5M IN A 10.0.6.216
+3000.example. 5M IN A 10.0.6.217
+3000.example. 5M IN A 10.0.6.218
+3000.example. 5M IN A 10.0.6.219
+3000.example. 5M IN A 10.0.6.220
+3000.example. 5M IN A 10.0.6.221
+3000.example. 5M IN A 10.0.6.222
+3000.example. 5M IN A 10.0.6.223
+3000.example. 5M IN A 10.0.6.224
+3000.example. 5M IN A 10.0.6.225
+3000.example. 5M IN A 10.0.6.226
+3000.example. 5M IN A 10.0.6.227
+3000.example. 5M IN A 10.0.6.228
+3000.example. 5M IN A 10.0.6.229
+3000.example. 5M IN A 10.0.6.230
+3000.example. 5M IN A 10.0.6.231
+3000.example. 5M IN A 10.0.6.232
+3000.example. 5M IN A 10.0.6.233
+3000.example. 5M IN A 10.0.6.234
+3000.example. 5M IN A 10.0.6.235
+3000.example. 5M IN A 10.0.6.236
+3000.example. 5M IN A 10.0.6.237
+3000.example. 5M IN A 10.0.6.238
+3000.example. 5M IN A 10.0.6.239
+3000.example. 5M IN A 10.0.6.240
+3000.example. 5M IN A 10.0.6.241
+3000.example. 5M IN A 10.0.6.242
+3000.example. 5M IN A 10.0.6.243
+3000.example. 5M IN A 10.0.6.244
+3000.example. 5M IN A 10.0.6.245
+3000.example. 5M IN A 10.0.6.246
+3000.example. 5M IN A 10.0.6.247
+3000.example. 5M IN A 10.0.6.248
+3000.example. 5M IN A 10.0.6.249
+3000.example. 5M IN A 10.0.6.250
+3000.example. 5M IN A 10.0.6.251
+3000.example. 5M IN A 10.0.6.252
+3000.example. 5M IN A 10.0.6.253
+3000.example. 5M IN A 10.0.6.254
+3000.example. 5M IN A 10.0.6.255
+3000.example. 5M IN A 10.0.7.0
+3000.example. 5M IN A 10.0.7.1
+3000.example. 5M IN A 10.0.7.2
+3000.example. 5M IN A 10.0.7.3
+3000.example. 5M IN A 10.0.7.4
+3000.example. 5M IN A 10.0.7.5
+3000.example. 5M IN A 10.0.7.6
+3000.example. 5M IN A 10.0.7.7
+3000.example. 5M IN A 10.0.7.8
+3000.example. 5M IN A 10.0.7.9
+3000.example. 5M IN A 10.0.7.10
+3000.example. 5M IN A 10.0.7.11
+3000.example. 5M IN A 10.0.7.12
+3000.example. 5M IN A 10.0.7.13
+3000.example. 5M IN A 10.0.7.14
+3000.example. 5M IN A 10.0.7.15
+3000.example. 5M IN A 10.0.7.16
+3000.example. 5M IN A 10.0.7.17
+3000.example. 5M IN A 10.0.7.18
+3000.example. 5M IN A 10.0.7.19
+3000.example. 5M IN A 10.0.7.20
+3000.example. 5M IN A 10.0.7.21
+3000.example. 5M IN A 10.0.7.22
+3000.example. 5M IN A 10.0.7.23
+3000.example. 5M IN A 10.0.7.24
+3000.example. 5M IN A 10.0.7.25
+3000.example. 5M IN A 10.0.7.26
+3000.example. 5M IN A 10.0.7.27
+3000.example. 5M IN A 10.0.7.28
+3000.example. 5M IN A 10.0.7.29
+3000.example. 5M IN A 10.0.7.30
+3000.example. 5M IN A 10.0.7.31
+3000.example. 5M IN A 10.0.7.32
+3000.example. 5M IN A 10.0.7.33
+3000.example. 5M IN A 10.0.7.34
+3000.example. 5M IN A 10.0.7.35
+3000.example. 5M IN A 10.0.7.36
+3000.example. 5M IN A 10.0.7.37
+3000.example. 5M IN A 10.0.7.38
+3000.example. 5M IN A 10.0.7.39
+3000.example. 5M IN A 10.0.7.40
+3000.example. 5M IN A 10.0.7.41
+3000.example. 5M IN A 10.0.7.42
+3000.example. 5M IN A 10.0.7.43
+3000.example. 5M IN A 10.0.7.44
+3000.example. 5M IN A 10.0.7.45
+3000.example. 5M IN A 10.0.7.46
+3000.example. 5M IN A 10.0.7.47
+3000.example. 5M IN A 10.0.7.48
+3000.example. 5M IN A 10.0.7.49
+3000.example. 5M IN A 10.0.7.50
+3000.example. 5M IN A 10.0.7.51
+3000.example. 5M IN A 10.0.7.52
+3000.example. 5M IN A 10.0.7.53
+3000.example. 5M IN A 10.0.7.54
+3000.example. 5M IN A 10.0.7.55
+3000.example. 5M IN A 10.0.7.56
+3000.example. 5M IN A 10.0.7.57
+3000.example. 5M IN A 10.0.7.58
+3000.example. 5M IN A 10.0.7.59
+3000.example. 5M IN A 10.0.7.60
+3000.example. 5M IN A 10.0.7.61
+3000.example. 5M IN A 10.0.7.62
+3000.example. 5M IN A 10.0.7.63
+3000.example. 5M IN A 10.0.7.64
+3000.example. 5M IN A 10.0.7.65
+3000.example. 5M IN A 10.0.7.66
+3000.example. 5M IN A 10.0.7.67
+3000.example. 5M IN A 10.0.7.68
+3000.example. 5M IN A 10.0.7.69
+3000.example. 5M IN A 10.0.7.70
+3000.example. 5M IN A 10.0.7.71
+3000.example. 5M IN A 10.0.7.72
+3000.example. 5M IN A 10.0.7.73
+3000.example. 5M IN A 10.0.7.74
+3000.example. 5M IN A 10.0.7.75
+3000.example. 5M IN A 10.0.7.76
+3000.example. 5M IN A 10.0.7.77
+3000.example. 5M IN A 10.0.7.78
+3000.example. 5M IN A 10.0.7.79
+3000.example. 5M IN A 10.0.7.80
+3000.example. 5M IN A 10.0.7.81
+3000.example. 5M IN A 10.0.7.82
+3000.example. 5M IN A 10.0.7.83
+3000.example. 5M IN A 10.0.7.84
+3000.example. 5M IN A 10.0.7.85
+3000.example. 5M IN A 10.0.7.86
+3000.example. 5M IN A 10.0.7.87
+3000.example. 5M IN A 10.0.7.88
+3000.example. 5M IN A 10.0.7.89
+3000.example. 5M IN A 10.0.7.90
+3000.example. 5M IN A 10.0.7.91
+3000.example. 5M IN A 10.0.7.92
+3000.example. 5M IN A 10.0.7.93
+3000.example. 5M IN A 10.0.7.94
+3000.example. 5M IN A 10.0.7.95
+3000.example. 5M IN A 10.0.7.96
+3000.example. 5M IN A 10.0.7.97
+3000.example. 5M IN A 10.0.7.98
+3000.example. 5M IN A 10.0.7.99
+3000.example. 5M IN A 10.0.7.100
+3000.example. 5M IN A 10.0.7.101
+3000.example. 5M IN A 10.0.7.102
+3000.example. 5M IN A 10.0.7.103
+3000.example. 5M IN A 10.0.7.104
+3000.example. 5M IN A 10.0.7.105
+3000.example. 5M IN A 10.0.7.106
+3000.example. 5M IN A 10.0.7.107
+3000.example. 5M IN A 10.0.7.108
+3000.example. 5M IN A 10.0.7.109
+3000.example. 5M IN A 10.0.7.110
+3000.example. 5M IN A 10.0.7.111
+3000.example. 5M IN A 10.0.7.112
+3000.example. 5M IN A 10.0.7.113
+3000.example. 5M IN A 10.0.7.114
+3000.example. 5M IN A 10.0.7.115
+3000.example. 5M IN A 10.0.7.116
+3000.example. 5M IN A 10.0.7.117
+3000.example. 5M IN A 10.0.7.118
+3000.example. 5M IN A 10.0.7.119
+3000.example. 5M IN A 10.0.7.120
+3000.example. 5M IN A 10.0.7.121
+3000.example. 5M IN A 10.0.7.122
+3000.example. 5M IN A 10.0.7.123
+3000.example. 5M IN A 10.0.7.124
+3000.example. 5M IN A 10.0.7.125
+3000.example. 5M IN A 10.0.7.126
+3000.example. 5M IN A 10.0.7.127
+3000.example. 5M IN A 10.0.7.128
+3000.example. 5M IN A 10.0.7.129
+3000.example. 5M IN A 10.0.7.130
+3000.example. 5M IN A 10.0.7.131
+3000.example. 5M IN A 10.0.7.132
+3000.example. 5M IN A 10.0.7.133
+3000.example. 5M IN A 10.0.7.134
+3000.example. 5M IN A 10.0.7.135
+3000.example. 5M IN A 10.0.7.136
+3000.example. 5M IN A 10.0.7.137
+3000.example. 5M IN A 10.0.7.138
+3000.example. 5M IN A 10.0.7.139
+3000.example. 5M IN A 10.0.7.140
+3000.example. 5M IN A 10.0.7.141
+3000.example. 5M IN A 10.0.7.142
+3000.example. 5M IN A 10.0.7.143
+3000.example. 5M IN A 10.0.7.144
+3000.example. 5M IN A 10.0.7.145
+3000.example. 5M IN A 10.0.7.146
+3000.example. 5M IN A 10.0.7.147
+3000.example. 5M IN A 10.0.7.148
+3000.example. 5M IN A 10.0.7.149
+3000.example. 5M IN A 10.0.7.150
+3000.example. 5M IN A 10.0.7.151
+3000.example. 5M IN A 10.0.7.152
+3000.example. 5M IN A 10.0.7.153
+3000.example. 5M IN A 10.0.7.154
+3000.example. 5M IN A 10.0.7.155
+3000.example. 5M IN A 10.0.7.156
+3000.example. 5M IN A 10.0.7.157
+3000.example. 5M IN A 10.0.7.158
+3000.example. 5M IN A 10.0.7.159
+3000.example. 5M IN A 10.0.7.160
+3000.example. 5M IN A 10.0.7.161
+3000.example. 5M IN A 10.0.7.162
+3000.example. 5M IN A 10.0.7.163
+3000.example. 5M IN A 10.0.7.164
+3000.example. 5M IN A 10.0.7.165
+3000.example. 5M IN A 10.0.7.166
+3000.example. 5M IN A 10.0.7.167
+3000.example. 5M IN A 10.0.7.168
+3000.example. 5M IN A 10.0.7.169
+3000.example. 5M IN A 10.0.7.170
+3000.example. 5M IN A 10.0.7.171
+3000.example. 5M IN A 10.0.7.172
+3000.example. 5M IN A 10.0.7.173
+3000.example. 5M IN A 10.0.7.174
+3000.example. 5M IN A 10.0.7.175
+3000.example. 5M IN A 10.0.7.176
+3000.example. 5M IN A 10.0.7.177
+3000.example. 5M IN A 10.0.7.178
+3000.example. 5M IN A 10.0.7.179
+3000.example. 5M IN A 10.0.7.180
+3000.example. 5M IN A 10.0.7.181
+3000.example. 5M IN A 10.0.7.182
+3000.example. 5M IN A 10.0.7.183
+3000.example. 5M IN A 10.0.7.184
+3000.example. 5M IN A 10.0.7.185
+3000.example. 5M IN A 10.0.7.186
+3000.example. 5M IN A 10.0.7.187
+3000.example. 5M IN A 10.0.7.188
+3000.example. 5M IN A 10.0.7.189
+3000.example. 5M IN A 10.0.7.190
+3000.example. 5M IN A 10.0.7.191
+3000.example. 5M IN A 10.0.7.192
+3000.example. 5M IN A 10.0.7.193
+3000.example. 5M IN A 10.0.7.194
+3000.example. 5M IN A 10.0.7.195
+3000.example. 5M IN A 10.0.7.196
+3000.example. 5M IN A 10.0.7.197
+3000.example. 5M IN A 10.0.7.198
+3000.example. 5M IN A 10.0.7.199
+3000.example. 5M IN A 10.0.7.200
+3000.example. 5M IN A 10.0.7.201
+3000.example. 5M IN A 10.0.7.202
+3000.example. 5M IN A 10.0.7.203
+3000.example. 5M IN A 10.0.7.204
+3000.example. 5M IN A 10.0.7.205
+3000.example. 5M IN A 10.0.7.206
+3000.example. 5M IN A 10.0.7.207
+3000.example. 5M IN A 10.0.7.208
+3000.example. 5M IN A 10.0.7.209
+3000.example. 5M IN A 10.0.7.210
+3000.example. 5M IN A 10.0.7.211
+3000.example. 5M IN A 10.0.7.212
+3000.example. 5M IN A 10.0.7.213
+3000.example. 5M IN A 10.0.7.214
+3000.example. 5M IN A 10.0.7.215
+3000.example. 5M IN A 10.0.7.216
+3000.example. 5M IN A 10.0.7.217
+3000.example. 5M IN A 10.0.7.218
+3000.example. 5M IN A 10.0.7.219
+3000.example. 5M IN A 10.0.7.220
+3000.example. 5M IN A 10.0.7.221
+3000.example. 5M IN A 10.0.7.222
+3000.example. 5M IN A 10.0.7.223
+3000.example. 5M IN A 10.0.7.224
+3000.example. 5M IN A 10.0.7.225
+3000.example. 5M IN A 10.0.7.226
+3000.example. 5M IN A 10.0.7.227
+3000.example. 5M IN A 10.0.7.228
+3000.example. 5M IN A 10.0.7.229
+3000.example. 5M IN A 10.0.7.230
+3000.example. 5M IN A 10.0.7.231
+3000.example. 5M IN A 10.0.7.232
+3000.example. 5M IN A 10.0.7.233
+3000.example. 5M IN A 10.0.7.234
+3000.example. 5M IN A 10.0.7.235
+3000.example. 5M IN A 10.0.7.236
+3000.example. 5M IN A 10.0.7.237
+3000.example. 5M IN A 10.0.7.238
+3000.example. 5M IN A 10.0.7.239
+3000.example. 5M IN A 10.0.7.240
+3000.example. 5M IN A 10.0.7.241
+3000.example. 5M IN A 10.0.7.242
+3000.example. 5M IN A 10.0.7.243
+3000.example. 5M IN A 10.0.7.244
+3000.example. 5M IN A 10.0.7.245
+3000.example. 5M IN A 10.0.7.246
+3000.example. 5M IN A 10.0.7.247
+3000.example. 5M IN A 10.0.7.248
+3000.example. 5M IN A 10.0.7.249
+3000.example. 5M IN A 10.0.7.250
+3000.example. 5M IN A 10.0.7.251
+3000.example. 5M IN A 10.0.7.252
+3000.example. 5M IN A 10.0.7.253
+3000.example. 5M IN A 10.0.7.254
+3000.example. 5M IN A 10.0.7.255
+3000.example. 5M IN A 10.0.8.0
+3000.example. 5M IN A 10.0.8.1
+3000.example. 5M IN A 10.0.8.2
+3000.example. 5M IN A 10.0.8.3
+3000.example. 5M IN A 10.0.8.4
+3000.example. 5M IN A 10.0.8.5
+3000.example. 5M IN A 10.0.8.6
+3000.example. 5M IN A 10.0.8.7
+3000.example. 5M IN A 10.0.8.8
+3000.example. 5M IN A 10.0.8.9
+3000.example. 5M IN A 10.0.8.10
+3000.example. 5M IN A 10.0.8.11
+3000.example. 5M IN A 10.0.8.12
+3000.example. 5M IN A 10.0.8.13
+3000.example. 5M IN A 10.0.8.14
+3000.example. 5M IN A 10.0.8.15
+3000.example. 5M IN A 10.0.8.16
+3000.example. 5M IN A 10.0.8.17
+3000.example. 5M IN A 10.0.8.18
+3000.example. 5M IN A 10.0.8.19
+3000.example. 5M IN A 10.0.8.20
+3000.example. 5M IN A 10.0.8.21
+3000.example. 5M IN A 10.0.8.22
+3000.example. 5M IN A 10.0.8.23
+3000.example. 5M IN A 10.0.8.24
+3000.example. 5M IN A 10.0.8.25
+3000.example. 5M IN A 10.0.8.26
+3000.example. 5M IN A 10.0.8.27
+3000.example. 5M IN A 10.0.8.28
+3000.example. 5M IN A 10.0.8.29
+3000.example. 5M IN A 10.0.8.30
+3000.example. 5M IN A 10.0.8.31
+3000.example. 5M IN A 10.0.8.32
+3000.example. 5M IN A 10.0.8.33
+3000.example. 5M IN A 10.0.8.34
+3000.example. 5M IN A 10.0.8.35
+3000.example. 5M IN A 10.0.8.36
+3000.example. 5M IN A 10.0.8.37
+3000.example. 5M IN A 10.0.8.38
+3000.example. 5M IN A 10.0.8.39
+3000.example. 5M IN A 10.0.8.40
+3000.example. 5M IN A 10.0.8.41
+3000.example. 5M IN A 10.0.8.42
+3000.example. 5M IN A 10.0.8.43
+3000.example. 5M IN A 10.0.8.44
+3000.example. 5M IN A 10.0.8.45
+3000.example. 5M IN A 10.0.8.46
+3000.example. 5M IN A 10.0.8.47
+3000.example. 5M IN A 10.0.8.48
+3000.example. 5M IN A 10.0.8.49
+3000.example. 5M IN A 10.0.8.50
+3000.example. 5M IN A 10.0.8.51
+3000.example. 5M IN A 10.0.8.52
+3000.example. 5M IN A 10.0.8.53
+3000.example. 5M IN A 10.0.8.54
+3000.example. 5M IN A 10.0.8.55
+3000.example. 5M IN A 10.0.8.56
+3000.example. 5M IN A 10.0.8.57
+3000.example. 5M IN A 10.0.8.58
+3000.example. 5M IN A 10.0.8.59
+3000.example. 5M IN A 10.0.8.60
+3000.example. 5M IN A 10.0.8.61
+3000.example. 5M IN A 10.0.8.62
+3000.example. 5M IN A 10.0.8.63
+3000.example. 5M IN A 10.0.8.64
+3000.example. 5M IN A 10.0.8.65
+3000.example. 5M IN A 10.0.8.66
+3000.example. 5M IN A 10.0.8.67
+3000.example. 5M IN A 10.0.8.68
+3000.example. 5M IN A 10.0.8.69
+3000.example. 5M IN A 10.0.8.70
+3000.example. 5M IN A 10.0.8.71
+3000.example. 5M IN A 10.0.8.72
+3000.example. 5M IN A 10.0.8.73
+3000.example. 5M IN A 10.0.8.74
+3000.example. 5M IN A 10.0.8.75
+3000.example. 5M IN A 10.0.8.76
+3000.example. 5M IN A 10.0.8.77
+3000.example. 5M IN A 10.0.8.78
+3000.example. 5M IN A 10.0.8.79
+3000.example. 5M IN A 10.0.8.80
+3000.example. 5M IN A 10.0.8.81
+3000.example. 5M IN A 10.0.8.82
+3000.example. 5M IN A 10.0.8.83
+3000.example. 5M IN A 10.0.8.84
+3000.example. 5M IN A 10.0.8.85
+3000.example. 5M IN A 10.0.8.86
+3000.example. 5M IN A 10.0.8.87
+3000.example. 5M IN A 10.0.8.88
+3000.example. 5M IN A 10.0.8.89
+3000.example. 5M IN A 10.0.8.90
+3000.example. 5M IN A 10.0.8.91
+3000.example. 5M IN A 10.0.8.92
+3000.example. 5M IN A 10.0.8.93
+3000.example. 5M IN A 10.0.8.94
+3000.example. 5M IN A 10.0.8.95
+3000.example. 5M IN A 10.0.8.96
+3000.example. 5M IN A 10.0.8.97
+3000.example. 5M IN A 10.0.8.98
+3000.example. 5M IN A 10.0.8.99
+3000.example. 5M IN A 10.0.8.100
+3000.example. 5M IN A 10.0.8.101
+3000.example. 5M IN A 10.0.8.102
+3000.example. 5M IN A 10.0.8.103
+3000.example. 5M IN A 10.0.8.104
+3000.example. 5M IN A 10.0.8.105
+3000.example. 5M IN A 10.0.8.106
+3000.example. 5M IN A 10.0.8.107
+3000.example. 5M IN A 10.0.8.108
+3000.example. 5M IN A 10.0.8.109
+3000.example. 5M IN A 10.0.8.110
+3000.example. 5M IN A 10.0.8.111
+3000.example. 5M IN A 10.0.8.112
+3000.example. 5M IN A 10.0.8.113
+3000.example. 5M IN A 10.0.8.114
+3000.example. 5M IN A 10.0.8.115
+3000.example. 5M IN A 10.0.8.116
+3000.example. 5M IN A 10.0.8.117
+3000.example. 5M IN A 10.0.8.118
+3000.example. 5M IN A 10.0.8.119
+3000.example. 5M IN A 10.0.8.120
+3000.example. 5M IN A 10.0.8.121
+3000.example. 5M IN A 10.0.8.122
+3000.example. 5M IN A 10.0.8.123
+3000.example. 5M IN A 10.0.8.124
+3000.example. 5M IN A 10.0.8.125
+3000.example. 5M IN A 10.0.8.126
+3000.example. 5M IN A 10.0.8.127
+3000.example. 5M IN A 10.0.8.128
+3000.example. 5M IN A 10.0.8.129
+3000.example. 5M IN A 10.0.8.130
+3000.example. 5M IN A 10.0.8.131
+3000.example. 5M IN A 10.0.8.132
+3000.example. 5M IN A 10.0.8.133
+3000.example. 5M IN A 10.0.8.134
+3000.example. 5M IN A 10.0.8.135
+3000.example. 5M IN A 10.0.8.136
+3000.example. 5M IN A 10.0.8.137
+3000.example. 5M IN A 10.0.8.138
+3000.example. 5M IN A 10.0.8.139
+3000.example. 5M IN A 10.0.8.140
+3000.example. 5M IN A 10.0.8.141
+3000.example. 5M IN A 10.0.8.142
+3000.example. 5M IN A 10.0.8.143
+3000.example. 5M IN A 10.0.8.144
+3000.example. 5M IN A 10.0.8.145
+3000.example. 5M IN A 10.0.8.146
+3000.example. 5M IN A 10.0.8.147
+3000.example. 5M IN A 10.0.8.148
+3000.example. 5M IN A 10.0.8.149
+3000.example. 5M IN A 10.0.8.150
+3000.example. 5M IN A 10.0.8.151
+3000.example. 5M IN A 10.0.8.152
+3000.example. 5M IN A 10.0.8.153
+3000.example. 5M IN A 10.0.8.154
+3000.example. 5M IN A 10.0.8.155
+3000.example. 5M IN A 10.0.8.156
+3000.example. 5M IN A 10.0.8.157
+3000.example. 5M IN A 10.0.8.158
+3000.example. 5M IN A 10.0.8.159
+3000.example. 5M IN A 10.0.8.160
+3000.example. 5M IN A 10.0.8.161
+3000.example. 5M IN A 10.0.8.162
+3000.example. 5M IN A 10.0.8.163
+3000.example. 5M IN A 10.0.8.164
+3000.example. 5M IN A 10.0.8.165
+3000.example. 5M IN A 10.0.8.166
+3000.example. 5M IN A 10.0.8.167
+3000.example. 5M IN A 10.0.8.168
+3000.example. 5M IN A 10.0.8.169
+3000.example. 5M IN A 10.0.8.170
+3000.example. 5M IN A 10.0.8.171
+3000.example. 5M IN A 10.0.8.172
+3000.example. 5M IN A 10.0.8.173
+3000.example. 5M IN A 10.0.8.174
+3000.example. 5M IN A 10.0.8.175
+3000.example. 5M IN A 10.0.8.176
+3000.example. 5M IN A 10.0.8.177
+3000.example. 5M IN A 10.0.8.178
+3000.example. 5M IN A 10.0.8.179
+3000.example. 5M IN A 10.0.8.180
+3000.example. 5M IN A 10.0.8.181
+3000.example. 5M IN A 10.0.8.182
+3000.example. 5M IN A 10.0.8.183
+3000.example. 5M IN A 10.0.8.184
+3000.example. 5M IN A 10.0.8.185
+3000.example. 5M IN A 10.0.8.186
+3000.example. 5M IN A 10.0.8.187
+3000.example. 5M IN A 10.0.8.188
+3000.example. 5M IN A 10.0.8.189
+3000.example. 5M IN A 10.0.8.190
+3000.example. 5M IN A 10.0.8.191
+3000.example. 5M IN A 10.0.8.192
+3000.example. 5M IN A 10.0.8.193
+3000.example. 5M IN A 10.0.8.194
+3000.example. 5M IN A 10.0.8.195
+3000.example. 5M IN A 10.0.8.196
+3000.example. 5M IN A 10.0.8.197
+3000.example. 5M IN A 10.0.8.198
+3000.example. 5M IN A 10.0.8.199
+3000.example. 5M IN A 10.0.8.200
+3000.example. 5M IN A 10.0.8.201
+3000.example. 5M IN A 10.0.8.202
+3000.example. 5M IN A 10.0.8.203
+3000.example. 5M IN A 10.0.8.204
+3000.example. 5M IN A 10.0.8.205
+3000.example. 5M IN A 10.0.8.206
+3000.example. 5M IN A 10.0.8.207
+3000.example. 5M IN A 10.0.8.208
+3000.example. 5M IN A 10.0.8.209
+3000.example. 5M IN A 10.0.8.210
+3000.example. 5M IN A 10.0.8.211
+3000.example. 5M IN A 10.0.8.212
+3000.example. 5M IN A 10.0.8.213
+3000.example. 5M IN A 10.0.8.214
+3000.example. 5M IN A 10.0.8.215
+3000.example. 5M IN A 10.0.8.216
+3000.example. 5M IN A 10.0.8.217
+3000.example. 5M IN A 10.0.8.218
+3000.example. 5M IN A 10.0.8.219
+3000.example. 5M IN A 10.0.8.220
+3000.example. 5M IN A 10.0.8.221
+3000.example. 5M IN A 10.0.8.222
+3000.example. 5M IN A 10.0.8.223
+3000.example. 5M IN A 10.0.8.224
+3000.example. 5M IN A 10.0.8.225
+3000.example. 5M IN A 10.0.8.226
+3000.example. 5M IN A 10.0.8.227
+3000.example. 5M IN A 10.0.8.228
+3000.example. 5M IN A 10.0.8.229
+3000.example. 5M IN A 10.0.8.230
+3000.example. 5M IN A 10.0.8.231
+3000.example. 5M IN A 10.0.8.232
+3000.example. 5M IN A 10.0.8.233
+3000.example. 5M IN A 10.0.8.234
+3000.example. 5M IN A 10.0.8.235
+3000.example. 5M IN A 10.0.8.236
+3000.example. 5M IN A 10.0.8.237
+3000.example. 5M IN A 10.0.8.238
+3000.example. 5M IN A 10.0.8.239
+3000.example. 5M IN A 10.0.8.240
+3000.example. 5M IN A 10.0.8.241
+3000.example. 5M IN A 10.0.8.242
+3000.example. 5M IN A 10.0.8.243
+3000.example. 5M IN A 10.0.8.244
+3000.example. 5M IN A 10.0.8.245
+3000.example. 5M IN A 10.0.8.246
+3000.example. 5M IN A 10.0.8.247
+3000.example. 5M IN A 10.0.8.248
+3000.example. 5M IN A 10.0.8.249
+3000.example. 5M IN A 10.0.8.250
+3000.example. 5M IN A 10.0.8.251
+3000.example. 5M IN A 10.0.8.252
+3000.example. 5M IN A 10.0.8.253
+3000.example. 5M IN A 10.0.8.254
+3000.example. 5M IN A 10.0.8.255
+3000.example. 5M IN A 10.0.9.0
+3000.example. 5M IN A 10.0.9.1
+3000.example. 5M IN A 10.0.9.2
+3000.example. 5M IN A 10.0.9.3
+3000.example. 5M IN A 10.0.9.4
+3000.example. 5M IN A 10.0.9.5
+3000.example. 5M IN A 10.0.9.6
+3000.example. 5M IN A 10.0.9.7
+3000.example. 5M IN A 10.0.9.8
+3000.example. 5M IN A 10.0.9.9
+3000.example. 5M IN A 10.0.9.10
+3000.example. 5M IN A 10.0.9.11
+3000.example. 5M IN A 10.0.9.12
+3000.example. 5M IN A 10.0.9.13
+3000.example. 5M IN A 10.0.9.14
+3000.example. 5M IN A 10.0.9.15
+3000.example. 5M IN A 10.0.9.16
+3000.example. 5M IN A 10.0.9.17
+3000.example. 5M IN A 10.0.9.18
+3000.example. 5M IN A 10.0.9.19
+3000.example. 5M IN A 10.0.9.20
+3000.example. 5M IN A 10.0.9.21
+3000.example. 5M IN A 10.0.9.22
+3000.example. 5M IN A 10.0.9.23
+3000.example. 5M IN A 10.0.9.24
+3000.example. 5M IN A 10.0.9.25
+3000.example. 5M IN A 10.0.9.26
+3000.example. 5M IN A 10.0.9.27
+3000.example. 5M IN A 10.0.9.28
+3000.example. 5M IN A 10.0.9.29
+3000.example. 5M IN A 10.0.9.30
+3000.example. 5M IN A 10.0.9.31
+3000.example. 5M IN A 10.0.9.32
+3000.example. 5M IN A 10.0.9.33
+3000.example. 5M IN A 10.0.9.34
+3000.example. 5M IN A 10.0.9.35
+3000.example. 5M IN A 10.0.9.36
+3000.example. 5M IN A 10.0.9.37
+3000.example. 5M IN A 10.0.9.38
+3000.example. 5M IN A 10.0.9.39
+3000.example. 5M IN A 10.0.9.40
+3000.example. 5M IN A 10.0.9.41
+3000.example. 5M IN A 10.0.9.42
+3000.example. 5M IN A 10.0.9.43
+3000.example. 5M IN A 10.0.9.44
+3000.example. 5M IN A 10.0.9.45
+3000.example. 5M IN A 10.0.9.46
+3000.example. 5M IN A 10.0.9.47
+3000.example. 5M IN A 10.0.9.48
+3000.example. 5M IN A 10.0.9.49
+3000.example. 5M IN A 10.0.9.50
+3000.example. 5M IN A 10.0.9.51
+3000.example. 5M IN A 10.0.9.52
+3000.example. 5M IN A 10.0.9.53
+3000.example. 5M IN A 10.0.9.54
+3000.example. 5M IN A 10.0.9.55
+3000.example. 5M IN A 10.0.9.56
+3000.example. 5M IN A 10.0.9.57
+3000.example. 5M IN A 10.0.9.58
+3000.example. 5M IN A 10.0.9.59
+3000.example. 5M IN A 10.0.9.60
+3000.example. 5M IN A 10.0.9.61
+3000.example. 5M IN A 10.0.9.62
+3000.example. 5M IN A 10.0.9.63
+3000.example. 5M IN A 10.0.9.64
+3000.example. 5M IN A 10.0.9.65
+3000.example. 5M IN A 10.0.9.66
+3000.example. 5M IN A 10.0.9.67
+3000.example. 5M IN A 10.0.9.68
+3000.example. 5M IN A 10.0.9.69
+3000.example. 5M IN A 10.0.9.70
+3000.example. 5M IN A 10.0.9.71
+3000.example. 5M IN A 10.0.9.72
+3000.example. 5M IN A 10.0.9.73
+3000.example. 5M IN A 10.0.9.74
+3000.example. 5M IN A 10.0.9.75
+3000.example. 5M IN A 10.0.9.76
+3000.example. 5M IN A 10.0.9.77
+3000.example. 5M IN A 10.0.9.78
+3000.example. 5M IN A 10.0.9.79
+3000.example. 5M IN A 10.0.9.80
+3000.example. 5M IN A 10.0.9.81
+3000.example. 5M IN A 10.0.9.82
+3000.example. 5M IN A 10.0.9.83
+3000.example. 5M IN A 10.0.9.84
+3000.example. 5M IN A 10.0.9.85
+3000.example. 5M IN A 10.0.9.86
+3000.example. 5M IN A 10.0.9.87
+3000.example. 5M IN A 10.0.9.88
+3000.example. 5M IN A 10.0.9.89
+3000.example. 5M IN A 10.0.9.90
+3000.example. 5M IN A 10.0.9.91
+3000.example. 5M IN A 10.0.9.92
+3000.example. 5M IN A 10.0.9.93
+3000.example. 5M IN A 10.0.9.94
+3000.example. 5M IN A 10.0.9.95
+3000.example. 5M IN A 10.0.9.96
+3000.example. 5M IN A 10.0.9.97
+3000.example. 5M IN A 10.0.9.98
+3000.example. 5M IN A 10.0.9.99
+3000.example. 5M IN A 10.0.9.100
+3000.example. 5M IN A 10.0.9.101
+3000.example. 5M IN A 10.0.9.102
+3000.example. 5M IN A 10.0.9.103
+3000.example. 5M IN A 10.0.9.104
+3000.example. 5M IN A 10.0.9.105
+3000.example. 5M IN A 10.0.9.106
+3000.example. 5M IN A 10.0.9.107
+3000.example. 5M IN A 10.0.9.108
+3000.example. 5M IN A 10.0.9.109
+3000.example. 5M IN A 10.0.9.110
+3000.example. 5M IN A 10.0.9.111
+3000.example. 5M IN A 10.0.9.112
+3000.example. 5M IN A 10.0.9.113
+3000.example. 5M IN A 10.0.9.114
+3000.example. 5M IN A 10.0.9.115
+3000.example. 5M IN A 10.0.9.116
+3000.example. 5M IN A 10.0.9.117
+3000.example. 5M IN A 10.0.9.118
+3000.example. 5M IN A 10.0.9.119
+3000.example. 5M IN A 10.0.9.120
+3000.example. 5M IN A 10.0.9.121
+3000.example. 5M IN A 10.0.9.122
+3000.example. 5M IN A 10.0.9.123
+3000.example. 5M IN A 10.0.9.124
+3000.example. 5M IN A 10.0.9.125
+3000.example. 5M IN A 10.0.9.126
+3000.example. 5M IN A 10.0.9.127
+3000.example. 5M IN A 10.0.9.128
+3000.example. 5M IN A 10.0.9.129
+3000.example. 5M IN A 10.0.9.130
+3000.example. 5M IN A 10.0.9.131
+3000.example. 5M IN A 10.0.9.132
+3000.example. 5M IN A 10.0.9.133
+3000.example. 5M IN A 10.0.9.134
+3000.example. 5M IN A 10.0.9.135
+3000.example. 5M IN A 10.0.9.136
+3000.example. 5M IN A 10.0.9.137
+3000.example. 5M IN A 10.0.9.138
+3000.example. 5M IN A 10.0.9.139
+3000.example. 5M IN A 10.0.9.140
+3000.example. 5M IN A 10.0.9.141
+3000.example. 5M IN A 10.0.9.142
+3000.example. 5M IN A 10.0.9.143
+3000.example. 5M IN A 10.0.9.144
+3000.example. 5M IN A 10.0.9.145
+3000.example. 5M IN A 10.0.9.146
+3000.example. 5M IN A 10.0.9.147
+3000.example. 5M IN A 10.0.9.148
+3000.example. 5M IN A 10.0.9.149
+3000.example. 5M IN A 10.0.9.150
+3000.example. 5M IN A 10.0.9.151
+3000.example. 5M IN A 10.0.9.152
+3000.example. 5M IN A 10.0.9.153
+3000.example. 5M IN A 10.0.9.154
+3000.example. 5M IN A 10.0.9.155
+3000.example. 5M IN A 10.0.9.156
+3000.example. 5M IN A 10.0.9.157
+3000.example. 5M IN A 10.0.9.158
+3000.example. 5M IN A 10.0.9.159
+3000.example. 5M IN A 10.0.9.160
+3000.example. 5M IN A 10.0.9.161
+3000.example. 5M IN A 10.0.9.162
+3000.example. 5M IN A 10.0.9.163
+3000.example. 5M IN A 10.0.9.164
+3000.example. 5M IN A 10.0.9.165
+3000.example. 5M IN A 10.0.9.166
+3000.example. 5M IN A 10.0.9.167
+3000.example. 5M IN A 10.0.9.168
+3000.example. 5M IN A 10.0.9.169
+3000.example. 5M IN A 10.0.9.170
+3000.example. 5M IN A 10.0.9.171
+3000.example. 5M IN A 10.0.9.172
+3000.example. 5M IN A 10.0.9.173
+3000.example. 5M IN A 10.0.9.174
+3000.example. 5M IN A 10.0.9.175
+3000.example. 5M IN A 10.0.9.176
+3000.example. 5M IN A 10.0.9.177
+3000.example. 5M IN A 10.0.9.178
+3000.example. 5M IN A 10.0.9.179
+3000.example. 5M IN A 10.0.9.180
+3000.example. 5M IN A 10.0.9.181
+3000.example. 5M IN A 10.0.9.182
+3000.example. 5M IN A 10.0.9.183
+3000.example. 5M IN A 10.0.9.184
+3000.example. 5M IN A 10.0.9.185
+3000.example. 5M IN A 10.0.9.186
+3000.example. 5M IN A 10.0.9.187
+3000.example. 5M IN A 10.0.9.188
+3000.example. 5M IN A 10.0.9.189
+3000.example. 5M IN A 10.0.9.190
+3000.example. 5M IN A 10.0.9.191
+3000.example. 5M IN A 10.0.9.192
+3000.example. 5M IN A 10.0.9.193
+3000.example. 5M IN A 10.0.9.194
+3000.example. 5M IN A 10.0.9.195
+3000.example. 5M IN A 10.0.9.196
+3000.example. 5M IN A 10.0.9.197
+3000.example. 5M IN A 10.0.9.198
+3000.example. 5M IN A 10.0.9.199
+3000.example. 5M IN A 10.0.9.200
+3000.example. 5M IN A 10.0.9.201
+3000.example. 5M IN A 10.0.9.202
+3000.example. 5M IN A 10.0.9.203
+3000.example. 5M IN A 10.0.9.204
+3000.example. 5M IN A 10.0.9.205
+3000.example. 5M IN A 10.0.9.206
+3000.example. 5M IN A 10.0.9.207
+3000.example. 5M IN A 10.0.9.208
+3000.example. 5M IN A 10.0.9.209
+3000.example. 5M IN A 10.0.9.210
+3000.example. 5M IN A 10.0.9.211
+3000.example. 5M IN A 10.0.9.212
+3000.example. 5M IN A 10.0.9.213
+3000.example. 5M IN A 10.0.9.214
+3000.example. 5M IN A 10.0.9.215
+3000.example. 5M IN A 10.0.9.216
+3000.example. 5M IN A 10.0.9.217
+3000.example. 5M IN A 10.0.9.218
+3000.example. 5M IN A 10.0.9.219
+3000.example. 5M IN A 10.0.9.220
+3000.example. 5M IN A 10.0.9.221
+3000.example. 5M IN A 10.0.9.222
+3000.example. 5M IN A 10.0.9.223
+3000.example. 5M IN A 10.0.9.224
+3000.example. 5M IN A 10.0.9.225
+3000.example. 5M IN A 10.0.9.226
+3000.example. 5M IN A 10.0.9.227
+3000.example. 5M IN A 10.0.9.228
+3000.example. 5M IN A 10.0.9.229
+3000.example. 5M IN A 10.0.9.230
+3000.example. 5M IN A 10.0.9.231
+3000.example. 5M IN A 10.0.9.232
+3000.example. 5M IN A 10.0.9.233
+3000.example. 5M IN A 10.0.9.234
+3000.example. 5M IN A 10.0.9.235
+3000.example. 5M IN A 10.0.9.236
+3000.example. 5M IN A 10.0.9.237
+3000.example. 5M IN A 10.0.9.238
+3000.example. 5M IN A 10.0.9.239
+3000.example. 5M IN A 10.0.9.240
+3000.example. 5M IN A 10.0.9.241
+3000.example. 5M IN A 10.0.9.242
+3000.example. 5M IN A 10.0.9.243
+3000.example. 5M IN A 10.0.9.244
+3000.example. 5M IN A 10.0.9.245
+3000.example. 5M IN A 10.0.9.246
+3000.example. 5M IN A 10.0.9.247
+3000.example. 5M IN A 10.0.9.248
+3000.example. 5M IN A 10.0.9.249
+3000.example. 5M IN A 10.0.9.250
+3000.example. 5M IN A 10.0.9.251
+3000.example. 5M IN A 10.0.9.252
+3000.example. 5M IN A 10.0.9.253
+3000.example. 5M IN A 10.0.9.254
+3000.example. 5M IN A 10.0.9.255
+3000.example. 5M IN A 10.0.10.0
+3000.example. 5M IN A 10.0.10.1
+3000.example. 5M IN A 10.0.10.2
+3000.example. 5M IN A 10.0.10.3
+3000.example. 5M IN A 10.0.10.4
+3000.example. 5M IN A 10.0.10.5
+3000.example. 5M IN A 10.0.10.6
+3000.example. 5M IN A 10.0.10.7
+3000.example. 5M IN A 10.0.10.8
+3000.example. 5M IN A 10.0.10.9
+3000.example. 5M IN A 10.0.10.10
+3000.example. 5M IN A 10.0.10.11
+3000.example. 5M IN A 10.0.10.12
+3000.example. 5M IN A 10.0.10.13
+3000.example. 5M IN A 10.0.10.14
+3000.example. 5M IN A 10.0.10.15
+3000.example. 5M IN A 10.0.10.16
+3000.example. 5M IN A 10.0.10.17
+3000.example. 5M IN A 10.0.10.18
+3000.example. 5M IN A 10.0.10.19
+3000.example. 5M IN A 10.0.10.20
+3000.example. 5M IN A 10.0.10.21
+3000.example. 5M IN A 10.0.10.22
+3000.example. 5M IN A 10.0.10.23
+3000.example. 5M IN A 10.0.10.24
+3000.example. 5M IN A 10.0.10.25
+3000.example. 5M IN A 10.0.10.26
+3000.example. 5M IN A 10.0.10.27
+3000.example. 5M IN A 10.0.10.28
+3000.example. 5M IN A 10.0.10.29
+3000.example. 5M IN A 10.0.10.30
+3000.example. 5M IN A 10.0.10.31
+3000.example. 5M IN A 10.0.10.32
+3000.example. 5M IN A 10.0.10.33
+3000.example. 5M IN A 10.0.10.34
+3000.example. 5M IN A 10.0.10.35
+3000.example. 5M IN A 10.0.10.36
+3000.example. 5M IN A 10.0.10.37
+3000.example. 5M IN A 10.0.10.38
+3000.example. 5M IN A 10.0.10.39
+3000.example. 5M IN A 10.0.10.40
+3000.example. 5M IN A 10.0.10.41
+3000.example. 5M IN A 10.0.10.42
+3000.example. 5M IN A 10.0.10.43
+3000.example. 5M IN A 10.0.10.44
+3000.example. 5M IN A 10.0.10.45
+3000.example. 5M IN A 10.0.10.46
+3000.example. 5M IN A 10.0.10.47
+3000.example. 5M IN A 10.0.10.48
+3000.example. 5M IN A 10.0.10.49
+3000.example. 5M IN A 10.0.10.50
+3000.example. 5M IN A 10.0.10.51
+3000.example. 5M IN A 10.0.10.52
+3000.example. 5M IN A 10.0.10.53
+3000.example. 5M IN A 10.0.10.54
+3000.example. 5M IN A 10.0.10.55
+3000.example. 5M IN A 10.0.10.56
+3000.example. 5M IN A 10.0.10.57
+3000.example. 5M IN A 10.0.10.58
+3000.example. 5M IN A 10.0.10.59
+3000.example. 5M IN A 10.0.10.60
+3000.example. 5M IN A 10.0.10.61
+3000.example. 5M IN A 10.0.10.62
+3000.example. 5M IN A 10.0.10.63
+3000.example. 5M IN A 10.0.10.64
+3000.example. 5M IN A 10.0.10.65
+3000.example. 5M IN A 10.0.10.66
+3000.example. 5M IN A 10.0.10.67
+3000.example. 5M IN A 10.0.10.68
+3000.example. 5M IN A 10.0.10.69
+3000.example. 5M IN A 10.0.10.70
+3000.example. 5M IN A 10.0.10.71
+3000.example. 5M IN A 10.0.10.72
+3000.example. 5M IN A 10.0.10.73
+3000.example. 5M IN A 10.0.10.74
+3000.example. 5M IN A 10.0.10.75
+3000.example. 5M IN A 10.0.10.76
+3000.example. 5M IN A 10.0.10.77
+3000.example. 5M IN A 10.0.10.78
+3000.example. 5M IN A 10.0.10.79
+3000.example. 5M IN A 10.0.10.80
+3000.example. 5M IN A 10.0.10.81
+3000.example. 5M IN A 10.0.10.82
+3000.example. 5M IN A 10.0.10.83
+3000.example. 5M IN A 10.0.10.84
+3000.example. 5M IN A 10.0.10.85
+3000.example. 5M IN A 10.0.10.86
+3000.example. 5M IN A 10.0.10.87
+3000.example. 5M IN A 10.0.10.88
+3000.example. 5M IN A 10.0.10.89
+3000.example. 5M IN A 10.0.10.90
+3000.example. 5M IN A 10.0.10.91
+3000.example. 5M IN A 10.0.10.92
+3000.example. 5M IN A 10.0.10.93
+3000.example. 5M IN A 10.0.10.94
+3000.example. 5M IN A 10.0.10.95
+3000.example. 5M IN A 10.0.10.96
+3000.example. 5M IN A 10.0.10.97
+3000.example. 5M IN A 10.0.10.98
+3000.example. 5M IN A 10.0.10.99
+3000.example. 5M IN A 10.0.10.100
+3000.example. 5M IN A 10.0.10.101
+3000.example. 5M IN A 10.0.10.102
+3000.example. 5M IN A 10.0.10.103
+3000.example. 5M IN A 10.0.10.104
+3000.example. 5M IN A 10.0.10.105
+3000.example. 5M IN A 10.0.10.106
+3000.example. 5M IN A 10.0.10.107
+3000.example. 5M IN A 10.0.10.108
+3000.example. 5M IN A 10.0.10.109
+3000.example. 5M IN A 10.0.10.110
+3000.example. 5M IN A 10.0.10.111
+3000.example. 5M IN A 10.0.10.112
+3000.example. 5M IN A 10.0.10.113
+3000.example. 5M IN A 10.0.10.114
+3000.example. 5M IN A 10.0.10.115
+3000.example. 5M IN A 10.0.10.116
+3000.example. 5M IN A 10.0.10.117
+3000.example. 5M IN A 10.0.10.118
+3000.example. 5M IN A 10.0.10.119
+3000.example. 5M IN A 10.0.10.120
+3000.example. 5M IN A 10.0.10.121
+3000.example. 5M IN A 10.0.10.122
+3000.example. 5M IN A 10.0.10.123
+3000.example. 5M IN A 10.0.10.124
+3000.example. 5M IN A 10.0.10.125
+3000.example. 5M IN A 10.0.10.126
+3000.example. 5M IN A 10.0.10.127
+3000.example. 5M IN A 10.0.10.128
+3000.example. 5M IN A 10.0.10.129
+3000.example. 5M IN A 10.0.10.130
+3000.example. 5M IN A 10.0.10.131
+3000.example. 5M IN A 10.0.10.132
+3000.example. 5M IN A 10.0.10.133
+3000.example. 5M IN A 10.0.10.134
+3000.example. 5M IN A 10.0.10.135
+3000.example. 5M IN A 10.0.10.136
+3000.example. 5M IN A 10.0.10.137
+3000.example. 5M IN A 10.0.10.138
+3000.example. 5M IN A 10.0.10.139
+3000.example. 5M IN A 10.0.10.140
+3000.example. 5M IN A 10.0.10.141
+3000.example. 5M IN A 10.0.10.142
+3000.example. 5M IN A 10.0.10.143
+3000.example. 5M IN A 10.0.10.144
+3000.example. 5M IN A 10.0.10.145
+3000.example. 5M IN A 10.0.10.146
+3000.example. 5M IN A 10.0.10.147
+3000.example. 5M IN A 10.0.10.148
+3000.example. 5M IN A 10.0.10.149
+3000.example. 5M IN A 10.0.10.150
+3000.example. 5M IN A 10.0.10.151
+3000.example. 5M IN A 10.0.10.152
+3000.example. 5M IN A 10.0.10.153
+3000.example. 5M IN A 10.0.10.154
+3000.example. 5M IN A 10.0.10.155
+3000.example. 5M IN A 10.0.10.156
+3000.example. 5M IN A 10.0.10.157
+3000.example. 5M IN A 10.0.10.158
+3000.example. 5M IN A 10.0.10.159
+3000.example. 5M IN A 10.0.10.160
+3000.example. 5M IN A 10.0.10.161
+3000.example. 5M IN A 10.0.10.162
+3000.example. 5M IN A 10.0.10.163
+3000.example. 5M IN A 10.0.10.164
+3000.example. 5M IN A 10.0.10.165
+3000.example. 5M IN A 10.0.10.166
+3000.example. 5M IN A 10.0.10.167
+3000.example. 5M IN A 10.0.10.168
+3000.example. 5M IN A 10.0.10.169
+3000.example. 5M IN A 10.0.10.170
+3000.example. 5M IN A 10.0.10.171
+3000.example. 5M IN A 10.0.10.172
+3000.example. 5M IN A 10.0.10.173
+3000.example. 5M IN A 10.0.10.174
+3000.example. 5M IN A 10.0.10.175
+3000.example. 5M IN A 10.0.10.176
+3000.example. 5M IN A 10.0.10.177
+3000.example. 5M IN A 10.0.10.178
+3000.example. 5M IN A 10.0.10.179
+3000.example. 5M IN A 10.0.10.180
+3000.example. 5M IN A 10.0.10.181
+3000.example. 5M IN A 10.0.10.182
+3000.example. 5M IN A 10.0.10.183
+3000.example. 5M IN A 10.0.10.184
+3000.example. 5M IN A 10.0.10.185
+3000.example. 5M IN A 10.0.10.186
+3000.example. 5M IN A 10.0.10.187
+3000.example. 5M IN A 10.0.10.188
+3000.example. 5M IN A 10.0.10.189
+3000.example. 5M IN A 10.0.10.190
+3000.example. 5M IN A 10.0.10.191
+3000.example. 5M IN A 10.0.10.192
+3000.example. 5M IN A 10.0.10.193
+3000.example. 5M IN A 10.0.10.194
+3000.example. 5M IN A 10.0.10.195
+3000.example. 5M IN A 10.0.10.196
+3000.example. 5M IN A 10.0.10.197
+3000.example. 5M IN A 10.0.10.198
+3000.example. 5M IN A 10.0.10.199
+3000.example. 5M IN A 10.0.10.200
+3000.example. 5M IN A 10.0.10.201
+3000.example. 5M IN A 10.0.10.202
+3000.example. 5M IN A 10.0.10.203
+3000.example. 5M IN A 10.0.10.204
+3000.example. 5M IN A 10.0.10.205
+3000.example. 5M IN A 10.0.10.206
+3000.example. 5M IN A 10.0.10.207
+3000.example. 5M IN A 10.0.10.208
+3000.example. 5M IN A 10.0.10.209
+3000.example. 5M IN A 10.0.10.210
+3000.example. 5M IN A 10.0.10.211
+3000.example. 5M IN A 10.0.10.212
+3000.example. 5M IN A 10.0.10.213
+3000.example. 5M IN A 10.0.10.214
+3000.example. 5M IN A 10.0.10.215
+3000.example. 5M IN A 10.0.10.216
+3000.example. 5M IN A 10.0.10.217
+3000.example. 5M IN A 10.0.10.218
+3000.example. 5M IN A 10.0.10.219
+3000.example. 5M IN A 10.0.10.220
+3000.example. 5M IN A 10.0.10.221
+3000.example. 5M IN A 10.0.10.222
+3000.example. 5M IN A 10.0.10.223
+3000.example. 5M IN A 10.0.10.224
+3000.example. 5M IN A 10.0.10.225
+3000.example. 5M IN A 10.0.10.226
+3000.example. 5M IN A 10.0.10.227
+3000.example. 5M IN A 10.0.10.228
+3000.example. 5M IN A 10.0.10.229
+3000.example. 5M IN A 10.0.10.230
+3000.example. 5M IN A 10.0.10.231
+3000.example. 5M IN A 10.0.10.232
+3000.example. 5M IN A 10.0.10.233
+3000.example. 5M IN A 10.0.10.234
+3000.example. 5M IN A 10.0.10.235
+3000.example. 5M IN A 10.0.10.236
+3000.example. 5M IN A 10.0.10.237
+3000.example. 5M IN A 10.0.10.238
+3000.example. 5M IN A 10.0.10.239
+3000.example. 5M IN A 10.0.10.240
+3000.example. 5M IN A 10.0.10.241
+3000.example. 5M IN A 10.0.10.242
+3000.example. 5M IN A 10.0.10.243
+3000.example. 5M IN A 10.0.10.244
+3000.example. 5M IN A 10.0.10.245
+3000.example. 5M IN A 10.0.10.246
+3000.example. 5M IN A 10.0.10.247
+3000.example. 5M IN A 10.0.10.248
+3000.example. 5M IN A 10.0.10.249
+3000.example. 5M IN A 10.0.10.250
+3000.example. 5M IN A 10.0.10.251
+3000.example. 5M IN A 10.0.10.252
+3000.example. 5M IN A 10.0.10.253
+3000.example. 5M IN A 10.0.10.254
+3000.example. 5M IN A 10.0.10.255
+3000.example. 5M IN A 10.0.11.0
+3000.example. 5M IN A 10.0.11.1
+3000.example. 5M IN A 10.0.11.2
+3000.example. 5M IN A 10.0.11.3
+3000.example. 5M IN A 10.0.11.4
+3000.example. 5M IN A 10.0.11.5
+3000.example. 5M IN A 10.0.11.6
+3000.example. 5M IN A 10.0.11.7
+3000.example. 5M IN A 10.0.11.8
+3000.example. 5M IN A 10.0.11.9
+3000.example. 5M IN A 10.0.11.10
+3000.example. 5M IN A 10.0.11.11
+3000.example. 5M IN A 10.0.11.12
+3000.example. 5M IN A 10.0.11.13
+3000.example. 5M IN A 10.0.11.14
+3000.example. 5M IN A 10.0.11.15
+3000.example. 5M IN A 10.0.11.16
+3000.example. 5M IN A 10.0.11.17
+3000.example. 5M IN A 10.0.11.18
+3000.example. 5M IN A 10.0.11.19
+3000.example. 5M IN A 10.0.11.20
+3000.example. 5M IN A 10.0.11.21
+3000.example. 5M IN A 10.0.11.22
+3000.example. 5M IN A 10.0.11.23
+3000.example. 5M IN A 10.0.11.24
+3000.example. 5M IN A 10.0.11.25
+3000.example. 5M IN A 10.0.11.26
+3000.example. 5M IN A 10.0.11.27
+3000.example. 5M IN A 10.0.11.28
+3000.example. 5M IN A 10.0.11.29
+3000.example. 5M IN A 10.0.11.30
+3000.example. 5M IN A 10.0.11.31
+3000.example. 5M IN A 10.0.11.32
+3000.example. 5M IN A 10.0.11.33
+3000.example. 5M IN A 10.0.11.34
+3000.example. 5M IN A 10.0.11.35
+3000.example. 5M IN A 10.0.11.36
+3000.example. 5M IN A 10.0.11.37
+3000.example. 5M IN A 10.0.11.38
+3000.example. 5M IN A 10.0.11.39
+3000.example. 5M IN A 10.0.11.40
+3000.example. 5M IN A 10.0.11.41
+3000.example. 5M IN A 10.0.11.42
+3000.example. 5M IN A 10.0.11.43
+3000.example. 5M IN A 10.0.11.44
+3000.example. 5M IN A 10.0.11.45
+3000.example. 5M IN A 10.0.11.46
+3000.example. 5M IN A 10.0.11.47
+3000.example. 5M IN A 10.0.11.48
+3000.example. 5M IN A 10.0.11.49
+3000.example. 5M IN A 10.0.11.50
+3000.example. 5M IN A 10.0.11.51
+3000.example. 5M IN A 10.0.11.52
+3000.example. 5M IN A 10.0.11.53
+3000.example. 5M IN A 10.0.11.54
+3000.example. 5M IN A 10.0.11.55
+3000.example. 5M IN A 10.0.11.56
+3000.example. 5M IN A 10.0.11.57
+3000.example. 5M IN A 10.0.11.58
+3000.example. 5M IN A 10.0.11.59
+3000.example. 5M IN A 10.0.11.60
+3000.example. 5M IN A 10.0.11.61
+3000.example. 5M IN A 10.0.11.62
+3000.example. 5M IN A 10.0.11.63
+3000.example. 5M IN A 10.0.11.64
+3000.example. 5M IN A 10.0.11.65
+3000.example. 5M IN A 10.0.11.66
+3000.example. 5M IN A 10.0.11.67
+3000.example. 5M IN A 10.0.11.68
+3000.example. 5M IN A 10.0.11.69
+3000.example. 5M IN A 10.0.11.70
+3000.example. 5M IN A 10.0.11.71
+3000.example. 5M IN A 10.0.11.72
+3000.example. 5M IN A 10.0.11.73
+3000.example. 5M IN A 10.0.11.74
+3000.example. 5M IN A 10.0.11.75
+3000.example. 5M IN A 10.0.11.76
+3000.example. 5M IN A 10.0.11.77
+3000.example. 5M IN A 10.0.11.78
+3000.example. 5M IN A 10.0.11.79
+3000.example. 5M IN A 10.0.11.80
+3000.example. 5M IN A 10.0.11.81
+3000.example. 5M IN A 10.0.11.82
+3000.example. 5M IN A 10.0.11.83
+3000.example. 5M IN A 10.0.11.84
+3000.example. 5M IN A 10.0.11.85
+3000.example. 5M IN A 10.0.11.86
+3000.example. 5M IN A 10.0.11.87
+3000.example. 5M IN A 10.0.11.88
+3000.example. 5M IN A 10.0.11.89
+3000.example. 5M IN A 10.0.11.90
+3000.example. 5M IN A 10.0.11.91
+3000.example. 5M IN A 10.0.11.92
+3000.example. 5M IN A 10.0.11.93
+3000.example. 5M IN A 10.0.11.94
+3000.example. 5M IN A 10.0.11.95
+3000.example. 5M IN A 10.0.11.96
+3000.example. 5M IN A 10.0.11.97
+3000.example. 5M IN A 10.0.11.98
+3000.example. 5M IN A 10.0.11.99
+3000.example. 5M IN A 10.0.11.100
+3000.example. 5M IN A 10.0.11.101
+3000.example. 5M IN A 10.0.11.102
+3000.example. 5M IN A 10.0.11.103
+3000.example. 5M IN A 10.0.11.104
+3000.example. 5M IN A 10.0.11.105
+3000.example. 5M IN A 10.0.11.106
+3000.example. 5M IN A 10.0.11.107
+3000.example. 5M IN A 10.0.11.108
+3000.example. 5M IN A 10.0.11.109
+3000.example. 5M IN A 10.0.11.110
+3000.example. 5M IN A 10.0.11.111
+3000.example. 5M IN A 10.0.11.112
+3000.example. 5M IN A 10.0.11.113
+3000.example. 5M IN A 10.0.11.114
+3000.example. 5M IN A 10.0.11.115
+3000.example. 5M IN A 10.0.11.116
+3000.example. 5M IN A 10.0.11.117
+3000.example. 5M IN A 10.0.11.118
+3000.example. 5M IN A 10.0.11.119
+3000.example. 5M IN A 10.0.11.120
+3000.example. 5M IN A 10.0.11.121
+3000.example. 5M IN A 10.0.11.122
+3000.example. 5M IN A 10.0.11.123
+3000.example. 5M IN A 10.0.11.124
+3000.example. 5M IN A 10.0.11.125
+3000.example. 5M IN A 10.0.11.126
+3000.example. 5M IN A 10.0.11.127
+3000.example. 5M IN A 10.0.11.128
+3000.example. 5M IN A 10.0.11.129
+3000.example. 5M IN A 10.0.11.130
+3000.example. 5M IN A 10.0.11.131
+3000.example. 5M IN A 10.0.11.132
+3000.example. 5M IN A 10.0.11.133
+3000.example. 5M IN A 10.0.11.134
+3000.example. 5M IN A 10.0.11.135
+3000.example. 5M IN A 10.0.11.136
+3000.example. 5M IN A 10.0.11.137
+3000.example. 5M IN A 10.0.11.138
+3000.example. 5M IN A 10.0.11.139
+3000.example. 5M IN A 10.0.11.140
+3000.example. 5M IN A 10.0.11.141
+3000.example. 5M IN A 10.0.11.142
+3000.example. 5M IN A 10.0.11.143
+3000.example. 5M IN A 10.0.11.144
+3000.example. 5M IN A 10.0.11.145
+3000.example. 5M IN A 10.0.11.146
+3000.example. 5M IN A 10.0.11.147
+3000.example. 5M IN A 10.0.11.148
+3000.example. 5M IN A 10.0.11.149
+3000.example. 5M IN A 10.0.11.150
+3000.example. 5M IN A 10.0.11.151
+3000.example. 5M IN A 10.0.11.152
+3000.example. 5M IN A 10.0.11.153
+3000.example. 5M IN A 10.0.11.154
+3000.example. 5M IN A 10.0.11.155
+3000.example. 5M IN A 10.0.11.156
+3000.example. 5M IN A 10.0.11.157
+3000.example. 5M IN A 10.0.11.158
+3000.example. 5M IN A 10.0.11.159
+3000.example. 5M IN A 10.0.11.160
+3000.example. 5M IN A 10.0.11.161
+3000.example. 5M IN A 10.0.11.162
+3000.example. 5M IN A 10.0.11.163
+3000.example. 5M IN A 10.0.11.164
+3000.example. 5M IN A 10.0.11.165
+3000.example. 5M IN A 10.0.11.166
+3000.example. 5M IN A 10.0.11.167
+3000.example. 5M IN A 10.0.11.168
+3000.example. 5M IN A 10.0.11.169
+3000.example. 5M IN A 10.0.11.170
+3000.example. 5M IN A 10.0.11.171
+3000.example. 5M IN A 10.0.11.172
+3000.example. 5M IN A 10.0.11.173
+3000.example. 5M IN A 10.0.11.174
+3000.example. 5M IN A 10.0.11.175
+3000.example. 5M IN A 10.0.11.176
+3000.example. 5M IN A 10.0.11.177
+3000.example. 5M IN A 10.0.11.178
+3000.example. 5M IN A 10.0.11.179
+3000.example. 5M IN A 10.0.11.180
+3000.example. 5M IN A 10.0.11.181
+3000.example. 5M IN A 10.0.11.182
+3000.example. 5M IN A 10.0.11.183
+
+;; AUTHORITY SECTION:
+example. 5M IN NS ns1.example.
+
+;; ADDITIONAL SECTION:
+ns1.example. 5M IN A 10.53.0.1
+
+;; Total query time: 211 msec
+;; FROM: draco to SERVER: 10.53.0.1
+;; WHEN: Fri Jun 23 12:58:17 2000
+;; MSG SIZE sent: 30 rcvd: 48068
+
diff --git a/bin/tests/system/limits/knowngood.dig.out.4000 b/bin/tests/system/limits/knowngood.dig.out.4000
new file mode 100644
index 0000000..8b109c8
--- /dev/null
+++ b/bin/tests/system/limits/knowngood.dig.out.4000
@@ -0,0 +1,4023 @@
+
+; <<>> DiG 8.2 <<>> 4000.example. @10.53.0.1 a -p
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
+;; flags: qr aa rd ad; QUERY: 1, ANSWER: 4000, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; 4000.example, type = A, class = IN
+
+;; ANSWER SECTION:
+4000.example. 5M IN A 10.0.0.0
+4000.example. 5M IN A 10.0.0.1
+4000.example. 5M IN A 10.0.0.2
+4000.example. 5M IN A 10.0.0.3
+4000.example. 5M IN A 10.0.0.4
+4000.example. 5M IN A 10.0.0.5
+4000.example. 5M IN A 10.0.0.6
+4000.example. 5M IN A 10.0.0.7
+4000.example. 5M IN A 10.0.0.8
+4000.example. 5M IN A 10.0.0.9
+4000.example. 5M IN A 10.0.0.10
+4000.example. 5M IN A 10.0.0.11
+4000.example. 5M IN A 10.0.0.12
+4000.example. 5M IN A 10.0.0.13
+4000.example. 5M IN A 10.0.0.14
+4000.example. 5M IN A 10.0.0.15
+4000.example. 5M IN A 10.0.0.16
+4000.example. 5M IN A 10.0.0.17
+4000.example. 5M IN A 10.0.0.18
+4000.example. 5M IN A 10.0.0.19
+4000.example. 5M IN A 10.0.0.20
+4000.example. 5M IN A 10.0.0.21
+4000.example. 5M IN A 10.0.0.22
+4000.example. 5M IN A 10.0.0.23
+4000.example. 5M IN A 10.0.0.24
+4000.example. 5M IN A 10.0.0.25
+4000.example. 5M IN A 10.0.0.26
+4000.example. 5M IN A 10.0.0.27
+4000.example. 5M IN A 10.0.0.28
+4000.example. 5M IN A 10.0.0.29
+4000.example. 5M IN A 10.0.0.30
+4000.example. 5M IN A 10.0.0.31
+4000.example. 5M IN A 10.0.0.32
+4000.example. 5M IN A 10.0.0.33
+4000.example. 5M IN A 10.0.0.34
+4000.example. 5M IN A 10.0.0.35
+4000.example. 5M IN A 10.0.0.36
+4000.example. 5M IN A 10.0.0.37
+4000.example. 5M IN A 10.0.0.38
+4000.example. 5M IN A 10.0.0.39
+4000.example. 5M IN A 10.0.0.40
+4000.example. 5M IN A 10.0.0.41
+4000.example. 5M IN A 10.0.0.42
+4000.example. 5M IN A 10.0.0.43
+4000.example. 5M IN A 10.0.0.44
+4000.example. 5M IN A 10.0.0.45
+4000.example. 5M IN A 10.0.0.46
+4000.example. 5M IN A 10.0.0.47
+4000.example. 5M IN A 10.0.0.48
+4000.example. 5M IN A 10.0.0.49
+4000.example. 5M IN A 10.0.0.50
+4000.example. 5M IN A 10.0.0.51
+4000.example. 5M IN A 10.0.0.52
+4000.example. 5M IN A 10.0.0.53
+4000.example. 5M IN A 10.0.0.54
+4000.example. 5M IN A 10.0.0.55
+4000.example. 5M IN A 10.0.0.56
+4000.example. 5M IN A 10.0.0.57
+4000.example. 5M IN A 10.0.0.58
+4000.example. 5M IN A 10.0.0.59
+4000.example. 5M IN A 10.0.0.60
+4000.example. 5M IN A 10.0.0.61
+4000.example. 5M IN A 10.0.0.62
+4000.example. 5M IN A 10.0.0.63
+4000.example. 5M IN A 10.0.0.64
+4000.example. 5M IN A 10.0.0.65
+4000.example. 5M IN A 10.0.0.66
+4000.example. 5M IN A 10.0.0.67
+4000.example. 5M IN A 10.0.0.68
+4000.example. 5M IN A 10.0.0.69
+4000.example. 5M IN A 10.0.0.70
+4000.example. 5M IN A 10.0.0.71
+4000.example. 5M IN A 10.0.0.72
+4000.example. 5M IN A 10.0.0.73
+4000.example. 5M IN A 10.0.0.74
+4000.example. 5M IN A 10.0.0.75
+4000.example. 5M IN A 10.0.0.76
+4000.example. 5M IN A 10.0.0.77
+4000.example. 5M IN A 10.0.0.78
+4000.example. 5M IN A 10.0.0.79
+4000.example. 5M IN A 10.0.0.80
+4000.example. 5M IN A 10.0.0.81
+4000.example. 5M IN A 10.0.0.82
+4000.example. 5M IN A 10.0.0.83
+4000.example. 5M IN A 10.0.0.84
+4000.example. 5M IN A 10.0.0.85
+4000.example. 5M IN A 10.0.0.86
+4000.example. 5M IN A 10.0.0.87
+4000.example. 5M IN A 10.0.0.88
+4000.example. 5M IN A 10.0.0.89
+4000.example. 5M IN A 10.0.0.90
+4000.example. 5M IN A 10.0.0.91
+4000.example. 5M IN A 10.0.0.92
+4000.example. 5M IN A 10.0.0.93
+4000.example. 5M IN A 10.0.0.94
+4000.example. 5M IN A 10.0.0.95
+4000.example. 5M IN A 10.0.0.96
+4000.example. 5M IN A 10.0.0.97
+4000.example. 5M IN A 10.0.0.98
+4000.example. 5M IN A 10.0.0.99
+4000.example. 5M IN A 10.0.0.100
+4000.example. 5M IN A 10.0.0.101
+4000.example. 5M IN A 10.0.0.102
+4000.example. 5M IN A 10.0.0.103
+4000.example. 5M IN A 10.0.0.104
+4000.example. 5M IN A 10.0.0.105
+4000.example. 5M IN A 10.0.0.106
+4000.example. 5M IN A 10.0.0.107
+4000.example. 5M IN A 10.0.0.108
+4000.example. 5M IN A 10.0.0.109
+4000.example. 5M IN A 10.0.0.110
+4000.example. 5M IN A 10.0.0.111
+4000.example. 5M IN A 10.0.0.112
+4000.example. 5M IN A 10.0.0.113
+4000.example. 5M IN A 10.0.0.114
+4000.example. 5M IN A 10.0.0.115
+4000.example. 5M IN A 10.0.0.116
+4000.example. 5M IN A 10.0.0.117
+4000.example. 5M IN A 10.0.0.118
+4000.example. 5M IN A 10.0.0.119
+4000.example. 5M IN A 10.0.0.120
+4000.example. 5M IN A 10.0.0.121
+4000.example. 5M IN A 10.0.0.122
+4000.example. 5M IN A 10.0.0.123
+4000.example. 5M IN A 10.0.0.124
+4000.example. 5M IN A 10.0.0.125
+4000.example. 5M IN A 10.0.0.126
+4000.example. 5M IN A 10.0.0.127
+4000.example. 5M IN A 10.0.0.128
+4000.example. 5M IN A 10.0.0.129
+4000.example. 5M IN A 10.0.0.130
+4000.example. 5M IN A 10.0.0.131
+4000.example. 5M IN A 10.0.0.132
+4000.example. 5M IN A 10.0.0.133
+4000.example. 5M IN A 10.0.0.134
+4000.example. 5M IN A 10.0.0.135
+4000.example. 5M IN A 10.0.0.136
+4000.example. 5M IN A 10.0.0.137
+4000.example. 5M IN A 10.0.0.138
+4000.example. 5M IN A 10.0.0.139
+4000.example. 5M IN A 10.0.0.140
+4000.example. 5M IN A 10.0.0.141
+4000.example. 5M IN A 10.0.0.142
+4000.example. 5M IN A 10.0.0.143
+4000.example. 5M IN A 10.0.0.144
+4000.example. 5M IN A 10.0.0.145
+4000.example. 5M IN A 10.0.0.146
+4000.example. 5M IN A 10.0.0.147
+4000.example. 5M IN A 10.0.0.148
+4000.example. 5M IN A 10.0.0.149
+4000.example. 5M IN A 10.0.0.150
+4000.example. 5M IN A 10.0.0.151
+4000.example. 5M IN A 10.0.0.152
+4000.example. 5M IN A 10.0.0.153
+4000.example. 5M IN A 10.0.0.154
+4000.example. 5M IN A 10.0.0.155
+4000.example. 5M IN A 10.0.0.156
+4000.example. 5M IN A 10.0.0.157
+4000.example. 5M IN A 10.0.0.158
+4000.example. 5M IN A 10.0.0.159
+4000.example. 5M IN A 10.0.0.160
+4000.example. 5M IN A 10.0.0.161
+4000.example. 5M IN A 10.0.0.162
+4000.example. 5M IN A 10.0.0.163
+4000.example. 5M IN A 10.0.0.164
+4000.example. 5M IN A 10.0.0.165
+4000.example. 5M IN A 10.0.0.166
+4000.example. 5M IN A 10.0.0.167
+4000.example. 5M IN A 10.0.0.168
+4000.example. 5M IN A 10.0.0.169
+4000.example. 5M IN A 10.0.0.170
+4000.example. 5M IN A 10.0.0.171
+4000.example. 5M IN A 10.0.0.172
+4000.example. 5M IN A 10.0.0.173
+4000.example. 5M IN A 10.0.0.174
+4000.example. 5M IN A 10.0.0.175
+4000.example. 5M IN A 10.0.0.176
+4000.example. 5M IN A 10.0.0.177
+4000.example. 5M IN A 10.0.0.178
+4000.example. 5M IN A 10.0.0.179
+4000.example. 5M IN A 10.0.0.180
+4000.example. 5M IN A 10.0.0.181
+4000.example. 5M IN A 10.0.0.182
+4000.example. 5M IN A 10.0.0.183
+4000.example. 5M IN A 10.0.0.184
+4000.example. 5M IN A 10.0.0.185
+4000.example. 5M IN A 10.0.0.186
+4000.example. 5M IN A 10.0.0.187
+4000.example. 5M IN A 10.0.0.188
+4000.example. 5M IN A 10.0.0.189
+4000.example. 5M IN A 10.0.0.190
+4000.example. 5M IN A 10.0.0.191
+4000.example. 5M IN A 10.0.0.192
+4000.example. 5M IN A 10.0.0.193
+4000.example. 5M IN A 10.0.0.194
+4000.example. 5M IN A 10.0.0.195
+4000.example. 5M IN A 10.0.0.196
+4000.example. 5M IN A 10.0.0.197
+4000.example. 5M IN A 10.0.0.198
+4000.example. 5M IN A 10.0.0.199
+4000.example. 5M IN A 10.0.0.200
+4000.example. 5M IN A 10.0.0.201
+4000.example. 5M IN A 10.0.0.202
+4000.example. 5M IN A 10.0.0.203
+4000.example. 5M IN A 10.0.0.204
+4000.example. 5M IN A 10.0.0.205
+4000.example. 5M IN A 10.0.0.206
+4000.example. 5M IN A 10.0.0.207
+4000.example. 5M IN A 10.0.0.208
+4000.example. 5M IN A 10.0.0.209
+4000.example. 5M IN A 10.0.0.210
+4000.example. 5M IN A 10.0.0.211
+4000.example. 5M IN A 10.0.0.212
+4000.example. 5M IN A 10.0.0.213
+4000.example. 5M IN A 10.0.0.214
+4000.example. 5M IN A 10.0.0.215
+4000.example. 5M IN A 10.0.0.216
+4000.example. 5M IN A 10.0.0.217
+4000.example. 5M IN A 10.0.0.218
+4000.example. 5M IN A 10.0.0.219
+4000.example. 5M IN A 10.0.0.220
+4000.example. 5M IN A 10.0.0.221
+4000.example. 5M IN A 10.0.0.222
+4000.example. 5M IN A 10.0.0.223
+4000.example. 5M IN A 10.0.0.224
+4000.example. 5M IN A 10.0.0.225
+4000.example. 5M IN A 10.0.0.226
+4000.example. 5M IN A 10.0.0.227
+4000.example. 5M IN A 10.0.0.228
+4000.example. 5M IN A 10.0.0.229
+4000.example. 5M IN A 10.0.0.230
+4000.example. 5M IN A 10.0.0.231
+4000.example. 5M IN A 10.0.0.232
+4000.example. 5M IN A 10.0.0.233
+4000.example. 5M IN A 10.0.0.234
+4000.example. 5M IN A 10.0.0.235
+4000.example. 5M IN A 10.0.0.236
+4000.example. 5M IN A 10.0.0.237
+4000.example. 5M IN A 10.0.0.238
+4000.example. 5M IN A 10.0.0.239
+4000.example. 5M IN A 10.0.0.240
+4000.example. 5M IN A 10.0.0.241
+4000.example. 5M IN A 10.0.0.242
+4000.example. 5M IN A 10.0.0.243
+4000.example. 5M IN A 10.0.0.244
+4000.example. 5M IN A 10.0.0.245
+4000.example. 5M IN A 10.0.0.246
+4000.example. 5M IN A 10.0.0.247
+4000.example. 5M IN A 10.0.0.248
+4000.example. 5M IN A 10.0.0.249
+4000.example. 5M IN A 10.0.0.250
+4000.example. 5M IN A 10.0.0.251
+4000.example. 5M IN A 10.0.0.252
+4000.example. 5M IN A 10.0.0.253
+4000.example. 5M IN A 10.0.0.254
+4000.example. 5M IN A 10.0.0.255
+4000.example. 5M IN A 10.0.1.0
+4000.example. 5M IN A 10.0.1.1
+4000.example. 5M IN A 10.0.1.2
+4000.example. 5M IN A 10.0.1.3
+4000.example. 5M IN A 10.0.1.4
+4000.example. 5M IN A 10.0.1.5
+4000.example. 5M IN A 10.0.1.6
+4000.example. 5M IN A 10.0.1.7
+4000.example. 5M IN A 10.0.1.8
+4000.example. 5M IN A 10.0.1.9
+4000.example. 5M IN A 10.0.1.10
+4000.example. 5M IN A 10.0.1.11
+4000.example. 5M IN A 10.0.1.12
+4000.example. 5M IN A 10.0.1.13
+4000.example. 5M IN A 10.0.1.14
+4000.example. 5M IN A 10.0.1.15
+4000.example. 5M IN A 10.0.1.16
+4000.example. 5M IN A 10.0.1.17
+4000.example. 5M IN A 10.0.1.18
+4000.example. 5M IN A 10.0.1.19
+4000.example. 5M IN A 10.0.1.20
+4000.example. 5M IN A 10.0.1.21
+4000.example. 5M IN A 10.0.1.22
+4000.example. 5M IN A 10.0.1.23
+4000.example. 5M IN A 10.0.1.24
+4000.example. 5M IN A 10.0.1.25
+4000.example. 5M IN A 10.0.1.26
+4000.example. 5M IN A 10.0.1.27
+4000.example. 5M IN A 10.0.1.28
+4000.example. 5M IN A 10.0.1.29
+4000.example. 5M IN A 10.0.1.30
+4000.example. 5M IN A 10.0.1.31
+4000.example. 5M IN A 10.0.1.32
+4000.example. 5M IN A 10.0.1.33
+4000.example. 5M IN A 10.0.1.34
+4000.example. 5M IN A 10.0.1.35
+4000.example. 5M IN A 10.0.1.36
+4000.example. 5M IN A 10.0.1.37
+4000.example. 5M IN A 10.0.1.38
+4000.example. 5M IN A 10.0.1.39
+4000.example. 5M IN A 10.0.1.40
+4000.example. 5M IN A 10.0.1.41
+4000.example. 5M IN A 10.0.1.42
+4000.example. 5M IN A 10.0.1.43
+4000.example. 5M IN A 10.0.1.44
+4000.example. 5M IN A 10.0.1.45
+4000.example. 5M IN A 10.0.1.46
+4000.example. 5M IN A 10.0.1.47
+4000.example. 5M IN A 10.0.1.48
+4000.example. 5M IN A 10.0.1.49
+4000.example. 5M IN A 10.0.1.50
+4000.example. 5M IN A 10.0.1.51
+4000.example. 5M IN A 10.0.1.52
+4000.example. 5M IN A 10.0.1.53
+4000.example. 5M IN A 10.0.1.54
+4000.example. 5M IN A 10.0.1.55
+4000.example. 5M IN A 10.0.1.56
+4000.example. 5M IN A 10.0.1.57
+4000.example. 5M IN A 10.0.1.58
+4000.example. 5M IN A 10.0.1.59
+4000.example. 5M IN A 10.0.1.60
+4000.example. 5M IN A 10.0.1.61
+4000.example. 5M IN A 10.0.1.62
+4000.example. 5M IN A 10.0.1.63
+4000.example. 5M IN A 10.0.1.64
+4000.example. 5M IN A 10.0.1.65
+4000.example. 5M IN A 10.0.1.66
+4000.example. 5M IN A 10.0.1.67
+4000.example. 5M IN A 10.0.1.68
+4000.example. 5M IN A 10.0.1.69
+4000.example. 5M IN A 10.0.1.70
+4000.example. 5M IN A 10.0.1.71
+4000.example. 5M IN A 10.0.1.72
+4000.example. 5M IN A 10.0.1.73
+4000.example. 5M IN A 10.0.1.74
+4000.example. 5M IN A 10.0.1.75
+4000.example. 5M IN A 10.0.1.76
+4000.example. 5M IN A 10.0.1.77
+4000.example. 5M IN A 10.0.1.78
+4000.example. 5M IN A 10.0.1.79
+4000.example. 5M IN A 10.0.1.80
+4000.example. 5M IN A 10.0.1.81
+4000.example. 5M IN A 10.0.1.82
+4000.example. 5M IN A 10.0.1.83
+4000.example. 5M IN A 10.0.1.84
+4000.example. 5M IN A 10.0.1.85
+4000.example. 5M IN A 10.0.1.86
+4000.example. 5M IN A 10.0.1.87
+4000.example. 5M IN A 10.0.1.88
+4000.example. 5M IN A 10.0.1.89
+4000.example. 5M IN A 10.0.1.90
+4000.example. 5M IN A 10.0.1.91
+4000.example. 5M IN A 10.0.1.92
+4000.example. 5M IN A 10.0.1.93
+4000.example. 5M IN A 10.0.1.94
+4000.example. 5M IN A 10.0.1.95
+4000.example. 5M IN A 10.0.1.96
+4000.example. 5M IN A 10.0.1.97
+4000.example. 5M IN A 10.0.1.98
+4000.example. 5M IN A 10.0.1.99
+4000.example. 5M IN A 10.0.1.100
+4000.example. 5M IN A 10.0.1.101
+4000.example. 5M IN A 10.0.1.102
+4000.example. 5M IN A 10.0.1.103
+4000.example. 5M IN A 10.0.1.104
+4000.example. 5M IN A 10.0.1.105
+4000.example. 5M IN A 10.0.1.106
+4000.example. 5M IN A 10.0.1.107
+4000.example. 5M IN A 10.0.1.108
+4000.example. 5M IN A 10.0.1.109
+4000.example. 5M IN A 10.0.1.110
+4000.example. 5M IN A 10.0.1.111
+4000.example. 5M IN A 10.0.1.112
+4000.example. 5M IN A 10.0.1.113
+4000.example. 5M IN A 10.0.1.114
+4000.example. 5M IN A 10.0.1.115
+4000.example. 5M IN A 10.0.1.116
+4000.example. 5M IN A 10.0.1.117
+4000.example. 5M IN A 10.0.1.118
+4000.example. 5M IN A 10.0.1.119
+4000.example. 5M IN A 10.0.1.120
+4000.example. 5M IN A 10.0.1.121
+4000.example. 5M IN A 10.0.1.122
+4000.example. 5M IN A 10.0.1.123
+4000.example. 5M IN A 10.0.1.124
+4000.example. 5M IN A 10.0.1.125
+4000.example. 5M IN A 10.0.1.126
+4000.example. 5M IN A 10.0.1.127
+4000.example. 5M IN A 10.0.1.128
+4000.example. 5M IN A 10.0.1.129
+4000.example. 5M IN A 10.0.1.130
+4000.example. 5M IN A 10.0.1.131
+4000.example. 5M IN A 10.0.1.132
+4000.example. 5M IN A 10.0.1.133
+4000.example. 5M IN A 10.0.1.134
+4000.example. 5M IN A 10.0.1.135
+4000.example. 5M IN A 10.0.1.136
+4000.example. 5M IN A 10.0.1.137
+4000.example. 5M IN A 10.0.1.138
+4000.example. 5M IN A 10.0.1.139
+4000.example. 5M IN A 10.0.1.140
+4000.example. 5M IN A 10.0.1.141
+4000.example. 5M IN A 10.0.1.142
+4000.example. 5M IN A 10.0.1.143
+4000.example. 5M IN A 10.0.1.144
+4000.example. 5M IN A 10.0.1.145
+4000.example. 5M IN A 10.0.1.146
+4000.example. 5M IN A 10.0.1.147
+4000.example. 5M IN A 10.0.1.148
+4000.example. 5M IN A 10.0.1.149
+4000.example. 5M IN A 10.0.1.150
+4000.example. 5M IN A 10.0.1.151
+4000.example. 5M IN A 10.0.1.152
+4000.example. 5M IN A 10.0.1.153
+4000.example. 5M IN A 10.0.1.154
+4000.example. 5M IN A 10.0.1.155
+4000.example. 5M IN A 10.0.1.156
+4000.example. 5M IN A 10.0.1.157
+4000.example. 5M IN A 10.0.1.158
+4000.example. 5M IN A 10.0.1.159
+4000.example. 5M IN A 10.0.1.160
+4000.example. 5M IN A 10.0.1.161
+4000.example. 5M IN A 10.0.1.162
+4000.example. 5M IN A 10.0.1.163
+4000.example. 5M IN A 10.0.1.164
+4000.example. 5M IN A 10.0.1.165
+4000.example. 5M IN A 10.0.1.166
+4000.example. 5M IN A 10.0.1.167
+4000.example. 5M IN A 10.0.1.168
+4000.example. 5M IN A 10.0.1.169
+4000.example. 5M IN A 10.0.1.170
+4000.example. 5M IN A 10.0.1.171
+4000.example. 5M IN A 10.0.1.172
+4000.example. 5M IN A 10.0.1.173
+4000.example. 5M IN A 10.0.1.174
+4000.example. 5M IN A 10.0.1.175
+4000.example. 5M IN A 10.0.1.176
+4000.example. 5M IN A 10.0.1.177
+4000.example. 5M IN A 10.0.1.178
+4000.example. 5M IN A 10.0.1.179
+4000.example. 5M IN A 10.0.1.180
+4000.example. 5M IN A 10.0.1.181
+4000.example. 5M IN A 10.0.1.182
+4000.example. 5M IN A 10.0.1.183
+4000.example. 5M IN A 10.0.1.184
+4000.example. 5M IN A 10.0.1.185
+4000.example. 5M IN A 10.0.1.186
+4000.example. 5M IN A 10.0.1.187
+4000.example. 5M IN A 10.0.1.188
+4000.example. 5M IN A 10.0.1.189
+4000.example. 5M IN A 10.0.1.190
+4000.example. 5M IN A 10.0.1.191
+4000.example. 5M IN A 10.0.1.192
+4000.example. 5M IN A 10.0.1.193
+4000.example. 5M IN A 10.0.1.194
+4000.example. 5M IN A 10.0.1.195
+4000.example. 5M IN A 10.0.1.196
+4000.example. 5M IN A 10.0.1.197
+4000.example. 5M IN A 10.0.1.198
+4000.example. 5M IN A 10.0.1.199
+4000.example. 5M IN A 10.0.1.200
+4000.example. 5M IN A 10.0.1.201
+4000.example. 5M IN A 10.0.1.202
+4000.example. 5M IN A 10.0.1.203
+4000.example. 5M IN A 10.0.1.204
+4000.example. 5M IN A 10.0.1.205
+4000.example. 5M IN A 10.0.1.206
+4000.example. 5M IN A 10.0.1.207
+4000.example. 5M IN A 10.0.1.208
+4000.example. 5M IN A 10.0.1.209
+4000.example. 5M IN A 10.0.1.210
+4000.example. 5M IN A 10.0.1.211
+4000.example. 5M IN A 10.0.1.212
+4000.example. 5M IN A 10.0.1.213
+4000.example. 5M IN A 10.0.1.214
+4000.example. 5M IN A 10.0.1.215
+4000.example. 5M IN A 10.0.1.216
+4000.example. 5M IN A 10.0.1.217
+4000.example. 5M IN A 10.0.1.218
+4000.example. 5M IN A 10.0.1.219
+4000.example. 5M IN A 10.0.1.220
+4000.example. 5M IN A 10.0.1.221
+4000.example. 5M IN A 10.0.1.222
+4000.example. 5M IN A 10.0.1.223
+4000.example. 5M IN A 10.0.1.224
+4000.example. 5M IN A 10.0.1.225
+4000.example. 5M IN A 10.0.1.226
+4000.example. 5M IN A 10.0.1.227
+4000.example. 5M IN A 10.0.1.228
+4000.example. 5M IN A 10.0.1.229
+4000.example. 5M IN A 10.0.1.230
+4000.example. 5M IN A 10.0.1.231
+4000.example. 5M IN A 10.0.1.232
+4000.example. 5M IN A 10.0.1.233
+4000.example. 5M IN A 10.0.1.234
+4000.example. 5M IN A 10.0.1.235
+4000.example. 5M IN A 10.0.1.236
+4000.example. 5M IN A 10.0.1.237
+4000.example. 5M IN A 10.0.1.238
+4000.example. 5M IN A 10.0.1.239
+4000.example. 5M IN A 10.0.1.240
+4000.example. 5M IN A 10.0.1.241
+4000.example. 5M IN A 10.0.1.242
+4000.example. 5M IN A 10.0.1.243
+4000.example. 5M IN A 10.0.1.244
+4000.example. 5M IN A 10.0.1.245
+4000.example. 5M IN A 10.0.1.246
+4000.example. 5M IN A 10.0.1.247
+4000.example. 5M IN A 10.0.1.248
+4000.example. 5M IN A 10.0.1.249
+4000.example. 5M IN A 10.0.1.250
+4000.example. 5M IN A 10.0.1.251
+4000.example. 5M IN A 10.0.1.252
+4000.example. 5M IN A 10.0.1.253
+4000.example. 5M IN A 10.0.1.254
+4000.example. 5M IN A 10.0.1.255
+4000.example. 5M IN A 10.0.2.0
+4000.example. 5M IN A 10.0.2.1
+4000.example. 5M IN A 10.0.2.2
+4000.example. 5M IN A 10.0.2.3
+4000.example. 5M IN A 10.0.2.4
+4000.example. 5M IN A 10.0.2.5
+4000.example. 5M IN A 10.0.2.6
+4000.example. 5M IN A 10.0.2.7
+4000.example. 5M IN A 10.0.2.8
+4000.example. 5M IN A 10.0.2.9
+4000.example. 5M IN A 10.0.2.10
+4000.example. 5M IN A 10.0.2.11
+4000.example. 5M IN A 10.0.2.12
+4000.example. 5M IN A 10.0.2.13
+4000.example. 5M IN A 10.0.2.14
+4000.example. 5M IN A 10.0.2.15
+4000.example. 5M IN A 10.0.2.16
+4000.example. 5M IN A 10.0.2.17
+4000.example. 5M IN A 10.0.2.18
+4000.example. 5M IN A 10.0.2.19
+4000.example. 5M IN A 10.0.2.20
+4000.example. 5M IN A 10.0.2.21
+4000.example. 5M IN A 10.0.2.22
+4000.example. 5M IN A 10.0.2.23
+4000.example. 5M IN A 10.0.2.24
+4000.example. 5M IN A 10.0.2.25
+4000.example. 5M IN A 10.0.2.26
+4000.example. 5M IN A 10.0.2.27
+4000.example. 5M IN A 10.0.2.28
+4000.example. 5M IN A 10.0.2.29
+4000.example. 5M IN A 10.0.2.30
+4000.example. 5M IN A 10.0.2.31
+4000.example. 5M IN A 10.0.2.32
+4000.example. 5M IN A 10.0.2.33
+4000.example. 5M IN A 10.0.2.34
+4000.example. 5M IN A 10.0.2.35
+4000.example. 5M IN A 10.0.2.36
+4000.example. 5M IN A 10.0.2.37
+4000.example. 5M IN A 10.0.2.38
+4000.example. 5M IN A 10.0.2.39
+4000.example. 5M IN A 10.0.2.40
+4000.example. 5M IN A 10.0.2.41
+4000.example. 5M IN A 10.0.2.42
+4000.example. 5M IN A 10.0.2.43
+4000.example. 5M IN A 10.0.2.44
+4000.example. 5M IN A 10.0.2.45
+4000.example. 5M IN A 10.0.2.46
+4000.example. 5M IN A 10.0.2.47
+4000.example. 5M IN A 10.0.2.48
+4000.example. 5M IN A 10.0.2.49
+4000.example. 5M IN A 10.0.2.50
+4000.example. 5M IN A 10.0.2.51
+4000.example. 5M IN A 10.0.2.52
+4000.example. 5M IN A 10.0.2.53
+4000.example. 5M IN A 10.0.2.54
+4000.example. 5M IN A 10.0.2.55
+4000.example. 5M IN A 10.0.2.56
+4000.example. 5M IN A 10.0.2.57
+4000.example. 5M IN A 10.0.2.58
+4000.example. 5M IN A 10.0.2.59
+4000.example. 5M IN A 10.0.2.60
+4000.example. 5M IN A 10.0.2.61
+4000.example. 5M IN A 10.0.2.62
+4000.example. 5M IN A 10.0.2.63
+4000.example. 5M IN A 10.0.2.64
+4000.example. 5M IN A 10.0.2.65
+4000.example. 5M IN A 10.0.2.66
+4000.example. 5M IN A 10.0.2.67
+4000.example. 5M IN A 10.0.2.68
+4000.example. 5M IN A 10.0.2.69
+4000.example. 5M IN A 10.0.2.70
+4000.example. 5M IN A 10.0.2.71
+4000.example. 5M IN A 10.0.2.72
+4000.example. 5M IN A 10.0.2.73
+4000.example. 5M IN A 10.0.2.74
+4000.example. 5M IN A 10.0.2.75
+4000.example. 5M IN A 10.0.2.76
+4000.example. 5M IN A 10.0.2.77
+4000.example. 5M IN A 10.0.2.78
+4000.example. 5M IN A 10.0.2.79
+4000.example. 5M IN A 10.0.2.80
+4000.example. 5M IN A 10.0.2.81
+4000.example. 5M IN A 10.0.2.82
+4000.example. 5M IN A 10.0.2.83
+4000.example. 5M IN A 10.0.2.84
+4000.example. 5M IN A 10.0.2.85
+4000.example. 5M IN A 10.0.2.86
+4000.example. 5M IN A 10.0.2.87
+4000.example. 5M IN A 10.0.2.88
+4000.example. 5M IN A 10.0.2.89
+4000.example. 5M IN A 10.0.2.90
+4000.example. 5M IN A 10.0.2.91
+4000.example. 5M IN A 10.0.2.92
+4000.example. 5M IN A 10.0.2.93
+4000.example. 5M IN A 10.0.2.94
+4000.example. 5M IN A 10.0.2.95
+4000.example. 5M IN A 10.0.2.96
+4000.example. 5M IN A 10.0.2.97
+4000.example. 5M IN A 10.0.2.98
+4000.example. 5M IN A 10.0.2.99
+4000.example. 5M IN A 10.0.2.100
+4000.example. 5M IN A 10.0.2.101
+4000.example. 5M IN A 10.0.2.102
+4000.example. 5M IN A 10.0.2.103
+4000.example. 5M IN A 10.0.2.104
+4000.example. 5M IN A 10.0.2.105
+4000.example. 5M IN A 10.0.2.106
+4000.example. 5M IN A 10.0.2.107
+4000.example. 5M IN A 10.0.2.108
+4000.example. 5M IN A 10.0.2.109
+4000.example. 5M IN A 10.0.2.110
+4000.example. 5M IN A 10.0.2.111
+4000.example. 5M IN A 10.0.2.112
+4000.example. 5M IN A 10.0.2.113
+4000.example. 5M IN A 10.0.2.114
+4000.example. 5M IN A 10.0.2.115
+4000.example. 5M IN A 10.0.2.116
+4000.example. 5M IN A 10.0.2.117
+4000.example. 5M IN A 10.0.2.118
+4000.example. 5M IN A 10.0.2.119
+4000.example. 5M IN A 10.0.2.120
+4000.example. 5M IN A 10.0.2.121
+4000.example. 5M IN A 10.0.2.122
+4000.example. 5M IN A 10.0.2.123
+4000.example. 5M IN A 10.0.2.124
+4000.example. 5M IN A 10.0.2.125
+4000.example. 5M IN A 10.0.2.126
+4000.example. 5M IN A 10.0.2.127
+4000.example. 5M IN A 10.0.2.128
+4000.example. 5M IN A 10.0.2.129
+4000.example. 5M IN A 10.0.2.130
+4000.example. 5M IN A 10.0.2.131
+4000.example. 5M IN A 10.0.2.132
+4000.example. 5M IN A 10.0.2.133
+4000.example. 5M IN A 10.0.2.134
+4000.example. 5M IN A 10.0.2.135
+4000.example. 5M IN A 10.0.2.136
+4000.example. 5M IN A 10.0.2.137
+4000.example. 5M IN A 10.0.2.138
+4000.example. 5M IN A 10.0.2.139
+4000.example. 5M IN A 10.0.2.140
+4000.example. 5M IN A 10.0.2.141
+4000.example. 5M IN A 10.0.2.142
+4000.example. 5M IN A 10.0.2.143
+4000.example. 5M IN A 10.0.2.144
+4000.example. 5M IN A 10.0.2.145
+4000.example. 5M IN A 10.0.2.146
+4000.example. 5M IN A 10.0.2.147
+4000.example. 5M IN A 10.0.2.148
+4000.example. 5M IN A 10.0.2.149
+4000.example. 5M IN A 10.0.2.150
+4000.example. 5M IN A 10.0.2.151
+4000.example. 5M IN A 10.0.2.152
+4000.example. 5M IN A 10.0.2.153
+4000.example. 5M IN A 10.0.2.154
+4000.example. 5M IN A 10.0.2.155
+4000.example. 5M IN A 10.0.2.156
+4000.example. 5M IN A 10.0.2.157
+4000.example. 5M IN A 10.0.2.158
+4000.example. 5M IN A 10.0.2.159
+4000.example. 5M IN A 10.0.2.160
+4000.example. 5M IN A 10.0.2.161
+4000.example. 5M IN A 10.0.2.162
+4000.example. 5M IN A 10.0.2.163
+4000.example. 5M IN A 10.0.2.164
+4000.example. 5M IN A 10.0.2.165
+4000.example. 5M IN A 10.0.2.166
+4000.example. 5M IN A 10.0.2.167
+4000.example. 5M IN A 10.0.2.168
+4000.example. 5M IN A 10.0.2.169
+4000.example. 5M IN A 10.0.2.170
+4000.example. 5M IN A 10.0.2.171
+4000.example. 5M IN A 10.0.2.172
+4000.example. 5M IN A 10.0.2.173
+4000.example. 5M IN A 10.0.2.174
+4000.example. 5M IN A 10.0.2.175
+4000.example. 5M IN A 10.0.2.176
+4000.example. 5M IN A 10.0.2.177
+4000.example. 5M IN A 10.0.2.178
+4000.example. 5M IN A 10.0.2.179
+4000.example. 5M IN A 10.0.2.180
+4000.example. 5M IN A 10.0.2.181
+4000.example. 5M IN A 10.0.2.182
+4000.example. 5M IN A 10.0.2.183
+4000.example. 5M IN A 10.0.2.184
+4000.example. 5M IN A 10.0.2.185
+4000.example. 5M IN A 10.0.2.186
+4000.example. 5M IN A 10.0.2.187
+4000.example. 5M IN A 10.0.2.188
+4000.example. 5M IN A 10.0.2.189
+4000.example. 5M IN A 10.0.2.190
+4000.example. 5M IN A 10.0.2.191
+4000.example. 5M IN A 10.0.2.192
+4000.example. 5M IN A 10.0.2.193
+4000.example. 5M IN A 10.0.2.194
+4000.example. 5M IN A 10.0.2.195
+4000.example. 5M IN A 10.0.2.196
+4000.example. 5M IN A 10.0.2.197
+4000.example. 5M IN A 10.0.2.198
+4000.example. 5M IN A 10.0.2.199
+4000.example. 5M IN A 10.0.2.200
+4000.example. 5M IN A 10.0.2.201
+4000.example. 5M IN A 10.0.2.202
+4000.example. 5M IN A 10.0.2.203
+4000.example. 5M IN A 10.0.2.204
+4000.example. 5M IN A 10.0.2.205
+4000.example. 5M IN A 10.0.2.206
+4000.example. 5M IN A 10.0.2.207
+4000.example. 5M IN A 10.0.2.208
+4000.example. 5M IN A 10.0.2.209
+4000.example. 5M IN A 10.0.2.210
+4000.example. 5M IN A 10.0.2.211
+4000.example. 5M IN A 10.0.2.212
+4000.example. 5M IN A 10.0.2.213
+4000.example. 5M IN A 10.0.2.214
+4000.example. 5M IN A 10.0.2.215
+4000.example. 5M IN A 10.0.2.216
+4000.example. 5M IN A 10.0.2.217
+4000.example. 5M IN A 10.0.2.218
+4000.example. 5M IN A 10.0.2.219
+4000.example. 5M IN A 10.0.2.220
+4000.example. 5M IN A 10.0.2.221
+4000.example. 5M IN A 10.0.2.222
+4000.example. 5M IN A 10.0.2.223
+4000.example. 5M IN A 10.0.2.224
+4000.example. 5M IN A 10.0.2.225
+4000.example. 5M IN A 10.0.2.226
+4000.example. 5M IN A 10.0.2.227
+4000.example. 5M IN A 10.0.2.228
+4000.example. 5M IN A 10.0.2.229
+4000.example. 5M IN A 10.0.2.230
+4000.example. 5M IN A 10.0.2.231
+4000.example. 5M IN A 10.0.2.232
+4000.example. 5M IN A 10.0.2.233
+4000.example. 5M IN A 10.0.2.234
+4000.example. 5M IN A 10.0.2.235
+4000.example. 5M IN A 10.0.2.236
+4000.example. 5M IN A 10.0.2.237
+4000.example. 5M IN A 10.0.2.238
+4000.example. 5M IN A 10.0.2.239
+4000.example. 5M IN A 10.0.2.240
+4000.example. 5M IN A 10.0.2.241
+4000.example. 5M IN A 10.0.2.242
+4000.example. 5M IN A 10.0.2.243
+4000.example. 5M IN A 10.0.2.244
+4000.example. 5M IN A 10.0.2.245
+4000.example. 5M IN A 10.0.2.246
+4000.example. 5M IN A 10.0.2.247
+4000.example. 5M IN A 10.0.2.248
+4000.example. 5M IN A 10.0.2.249
+4000.example. 5M IN A 10.0.2.250
+4000.example. 5M IN A 10.0.2.251
+4000.example. 5M IN A 10.0.2.252
+4000.example. 5M IN A 10.0.2.253
+4000.example. 5M IN A 10.0.2.254
+4000.example. 5M IN A 10.0.2.255
+4000.example. 5M IN A 10.0.3.0
+4000.example. 5M IN A 10.0.3.1
+4000.example. 5M IN A 10.0.3.2
+4000.example. 5M IN A 10.0.3.3
+4000.example. 5M IN A 10.0.3.4
+4000.example. 5M IN A 10.0.3.5
+4000.example. 5M IN A 10.0.3.6
+4000.example. 5M IN A 10.0.3.7
+4000.example. 5M IN A 10.0.3.8
+4000.example. 5M IN A 10.0.3.9
+4000.example. 5M IN A 10.0.3.10
+4000.example. 5M IN A 10.0.3.11
+4000.example. 5M IN A 10.0.3.12
+4000.example. 5M IN A 10.0.3.13
+4000.example. 5M IN A 10.0.3.14
+4000.example. 5M IN A 10.0.3.15
+4000.example. 5M IN A 10.0.3.16
+4000.example. 5M IN A 10.0.3.17
+4000.example. 5M IN A 10.0.3.18
+4000.example. 5M IN A 10.0.3.19
+4000.example. 5M IN A 10.0.3.20
+4000.example. 5M IN A 10.0.3.21
+4000.example. 5M IN A 10.0.3.22
+4000.example. 5M IN A 10.0.3.23
+4000.example. 5M IN A 10.0.3.24
+4000.example. 5M IN A 10.0.3.25
+4000.example. 5M IN A 10.0.3.26
+4000.example. 5M IN A 10.0.3.27
+4000.example. 5M IN A 10.0.3.28
+4000.example. 5M IN A 10.0.3.29
+4000.example. 5M IN A 10.0.3.30
+4000.example. 5M IN A 10.0.3.31
+4000.example. 5M IN A 10.0.3.32
+4000.example. 5M IN A 10.0.3.33
+4000.example. 5M IN A 10.0.3.34
+4000.example. 5M IN A 10.0.3.35
+4000.example. 5M IN A 10.0.3.36
+4000.example. 5M IN A 10.0.3.37
+4000.example. 5M IN A 10.0.3.38
+4000.example. 5M IN A 10.0.3.39
+4000.example. 5M IN A 10.0.3.40
+4000.example. 5M IN A 10.0.3.41
+4000.example. 5M IN A 10.0.3.42
+4000.example. 5M IN A 10.0.3.43
+4000.example. 5M IN A 10.0.3.44
+4000.example. 5M IN A 10.0.3.45
+4000.example. 5M IN A 10.0.3.46
+4000.example. 5M IN A 10.0.3.47
+4000.example. 5M IN A 10.0.3.48
+4000.example. 5M IN A 10.0.3.49
+4000.example. 5M IN A 10.0.3.50
+4000.example. 5M IN A 10.0.3.51
+4000.example. 5M IN A 10.0.3.52
+4000.example. 5M IN A 10.0.3.53
+4000.example. 5M IN A 10.0.3.54
+4000.example. 5M IN A 10.0.3.55
+4000.example. 5M IN A 10.0.3.56
+4000.example. 5M IN A 10.0.3.57
+4000.example. 5M IN A 10.0.3.58
+4000.example. 5M IN A 10.0.3.59
+4000.example. 5M IN A 10.0.3.60
+4000.example. 5M IN A 10.0.3.61
+4000.example. 5M IN A 10.0.3.62
+4000.example. 5M IN A 10.0.3.63
+4000.example. 5M IN A 10.0.3.64
+4000.example. 5M IN A 10.0.3.65
+4000.example. 5M IN A 10.0.3.66
+4000.example. 5M IN A 10.0.3.67
+4000.example. 5M IN A 10.0.3.68
+4000.example. 5M IN A 10.0.3.69
+4000.example. 5M IN A 10.0.3.70
+4000.example. 5M IN A 10.0.3.71
+4000.example. 5M IN A 10.0.3.72
+4000.example. 5M IN A 10.0.3.73
+4000.example. 5M IN A 10.0.3.74
+4000.example. 5M IN A 10.0.3.75
+4000.example. 5M IN A 10.0.3.76
+4000.example. 5M IN A 10.0.3.77
+4000.example. 5M IN A 10.0.3.78
+4000.example. 5M IN A 10.0.3.79
+4000.example. 5M IN A 10.0.3.80
+4000.example. 5M IN A 10.0.3.81
+4000.example. 5M IN A 10.0.3.82
+4000.example. 5M IN A 10.0.3.83
+4000.example. 5M IN A 10.0.3.84
+4000.example. 5M IN A 10.0.3.85
+4000.example. 5M IN A 10.0.3.86
+4000.example. 5M IN A 10.0.3.87
+4000.example. 5M IN A 10.0.3.88
+4000.example. 5M IN A 10.0.3.89
+4000.example. 5M IN A 10.0.3.90
+4000.example. 5M IN A 10.0.3.91
+4000.example. 5M IN A 10.0.3.92
+4000.example. 5M IN A 10.0.3.93
+4000.example. 5M IN A 10.0.3.94
+4000.example. 5M IN A 10.0.3.95
+4000.example. 5M IN A 10.0.3.96
+4000.example. 5M IN A 10.0.3.97
+4000.example. 5M IN A 10.0.3.98
+4000.example. 5M IN A 10.0.3.99
+4000.example. 5M IN A 10.0.3.100
+4000.example. 5M IN A 10.0.3.101
+4000.example. 5M IN A 10.0.3.102
+4000.example. 5M IN A 10.0.3.103
+4000.example. 5M IN A 10.0.3.104
+4000.example. 5M IN A 10.0.3.105
+4000.example. 5M IN A 10.0.3.106
+4000.example. 5M IN A 10.0.3.107
+4000.example. 5M IN A 10.0.3.108
+4000.example. 5M IN A 10.0.3.109
+4000.example. 5M IN A 10.0.3.110
+4000.example. 5M IN A 10.0.3.111
+4000.example. 5M IN A 10.0.3.112
+4000.example. 5M IN A 10.0.3.113
+4000.example. 5M IN A 10.0.3.114
+4000.example. 5M IN A 10.0.3.115
+4000.example. 5M IN A 10.0.3.116
+4000.example. 5M IN A 10.0.3.117
+4000.example. 5M IN A 10.0.3.118
+4000.example. 5M IN A 10.0.3.119
+4000.example. 5M IN A 10.0.3.120
+4000.example. 5M IN A 10.0.3.121
+4000.example. 5M IN A 10.0.3.122
+4000.example. 5M IN A 10.0.3.123
+4000.example. 5M IN A 10.0.3.124
+4000.example. 5M IN A 10.0.3.125
+4000.example. 5M IN A 10.0.3.126
+4000.example. 5M IN A 10.0.3.127
+4000.example. 5M IN A 10.0.3.128
+4000.example. 5M IN A 10.0.3.129
+4000.example. 5M IN A 10.0.3.130
+4000.example. 5M IN A 10.0.3.131
+4000.example. 5M IN A 10.0.3.132
+4000.example. 5M IN A 10.0.3.133
+4000.example. 5M IN A 10.0.3.134
+4000.example. 5M IN A 10.0.3.135
+4000.example. 5M IN A 10.0.3.136
+4000.example. 5M IN A 10.0.3.137
+4000.example. 5M IN A 10.0.3.138
+4000.example. 5M IN A 10.0.3.139
+4000.example. 5M IN A 10.0.3.140
+4000.example. 5M IN A 10.0.3.141
+4000.example. 5M IN A 10.0.3.142
+4000.example. 5M IN A 10.0.3.143
+4000.example. 5M IN A 10.0.3.144
+4000.example. 5M IN A 10.0.3.145
+4000.example. 5M IN A 10.0.3.146
+4000.example. 5M IN A 10.0.3.147
+4000.example. 5M IN A 10.0.3.148
+4000.example. 5M IN A 10.0.3.149
+4000.example. 5M IN A 10.0.3.150
+4000.example. 5M IN A 10.0.3.151
+4000.example. 5M IN A 10.0.3.152
+4000.example. 5M IN A 10.0.3.153
+4000.example. 5M IN A 10.0.3.154
+4000.example. 5M IN A 10.0.3.155
+4000.example. 5M IN A 10.0.3.156
+4000.example. 5M IN A 10.0.3.157
+4000.example. 5M IN A 10.0.3.158
+4000.example. 5M IN A 10.0.3.159
+4000.example. 5M IN A 10.0.3.160
+4000.example. 5M IN A 10.0.3.161
+4000.example. 5M IN A 10.0.3.162
+4000.example. 5M IN A 10.0.3.163
+4000.example. 5M IN A 10.0.3.164
+4000.example. 5M IN A 10.0.3.165
+4000.example. 5M IN A 10.0.3.166
+4000.example. 5M IN A 10.0.3.167
+4000.example. 5M IN A 10.0.3.168
+4000.example. 5M IN A 10.0.3.169
+4000.example. 5M IN A 10.0.3.170
+4000.example. 5M IN A 10.0.3.171
+4000.example. 5M IN A 10.0.3.172
+4000.example. 5M IN A 10.0.3.173
+4000.example. 5M IN A 10.0.3.174
+4000.example. 5M IN A 10.0.3.175
+4000.example. 5M IN A 10.0.3.176
+4000.example. 5M IN A 10.0.3.177
+4000.example. 5M IN A 10.0.3.178
+4000.example. 5M IN A 10.0.3.179
+4000.example. 5M IN A 10.0.3.180
+4000.example. 5M IN A 10.0.3.181
+4000.example. 5M IN A 10.0.3.182
+4000.example. 5M IN A 10.0.3.183
+4000.example. 5M IN A 10.0.3.184
+4000.example. 5M IN A 10.0.3.185
+4000.example. 5M IN A 10.0.3.186
+4000.example. 5M IN A 10.0.3.187
+4000.example. 5M IN A 10.0.3.188
+4000.example. 5M IN A 10.0.3.189
+4000.example. 5M IN A 10.0.3.190
+4000.example. 5M IN A 10.0.3.191
+4000.example. 5M IN A 10.0.3.192
+4000.example. 5M IN A 10.0.3.193
+4000.example. 5M IN A 10.0.3.194
+4000.example. 5M IN A 10.0.3.195
+4000.example. 5M IN A 10.0.3.196
+4000.example. 5M IN A 10.0.3.197
+4000.example. 5M IN A 10.0.3.198
+4000.example. 5M IN A 10.0.3.199
+4000.example. 5M IN A 10.0.3.200
+4000.example. 5M IN A 10.0.3.201
+4000.example. 5M IN A 10.0.3.202
+4000.example. 5M IN A 10.0.3.203
+4000.example. 5M IN A 10.0.3.204
+4000.example. 5M IN A 10.0.3.205
+4000.example. 5M IN A 10.0.3.206
+4000.example. 5M IN A 10.0.3.207
+4000.example. 5M IN A 10.0.3.208
+4000.example. 5M IN A 10.0.3.209
+4000.example. 5M IN A 10.0.3.210
+4000.example. 5M IN A 10.0.3.211
+4000.example. 5M IN A 10.0.3.212
+4000.example. 5M IN A 10.0.3.213
+4000.example. 5M IN A 10.0.3.214
+4000.example. 5M IN A 10.0.3.215
+4000.example. 5M IN A 10.0.3.216
+4000.example. 5M IN A 10.0.3.217
+4000.example. 5M IN A 10.0.3.218
+4000.example. 5M IN A 10.0.3.219
+4000.example. 5M IN A 10.0.3.220
+4000.example. 5M IN A 10.0.3.221
+4000.example. 5M IN A 10.0.3.222
+4000.example. 5M IN A 10.0.3.223
+4000.example. 5M IN A 10.0.3.224
+4000.example. 5M IN A 10.0.3.225
+4000.example. 5M IN A 10.0.3.226
+4000.example. 5M IN A 10.0.3.227
+4000.example. 5M IN A 10.0.3.228
+4000.example. 5M IN A 10.0.3.229
+4000.example. 5M IN A 10.0.3.230
+4000.example. 5M IN A 10.0.3.231
+4000.example. 5M IN A 10.0.3.232
+4000.example. 5M IN A 10.0.3.233
+4000.example. 5M IN A 10.0.3.234
+4000.example. 5M IN A 10.0.3.235
+4000.example. 5M IN A 10.0.3.236
+4000.example. 5M IN A 10.0.3.237
+4000.example. 5M IN A 10.0.3.238
+4000.example. 5M IN A 10.0.3.239
+4000.example. 5M IN A 10.0.3.240
+4000.example. 5M IN A 10.0.3.241
+4000.example. 5M IN A 10.0.3.242
+4000.example. 5M IN A 10.0.3.243
+4000.example. 5M IN A 10.0.3.244
+4000.example. 5M IN A 10.0.3.245
+4000.example. 5M IN A 10.0.3.246
+4000.example. 5M IN A 10.0.3.247
+4000.example. 5M IN A 10.0.3.248
+4000.example. 5M IN A 10.0.3.249
+4000.example. 5M IN A 10.0.3.250
+4000.example. 5M IN A 10.0.3.251
+4000.example. 5M IN A 10.0.3.252
+4000.example. 5M IN A 10.0.3.253
+4000.example. 5M IN A 10.0.3.254
+4000.example. 5M IN A 10.0.3.255
+4000.example. 5M IN A 10.0.4.0
+4000.example. 5M IN A 10.0.4.1
+4000.example. 5M IN A 10.0.4.2
+4000.example. 5M IN A 10.0.4.3
+4000.example. 5M IN A 10.0.4.4
+4000.example. 5M IN A 10.0.4.5
+4000.example. 5M IN A 10.0.4.6
+4000.example. 5M IN A 10.0.4.7
+4000.example. 5M IN A 10.0.4.8
+4000.example. 5M IN A 10.0.4.9
+4000.example. 5M IN A 10.0.4.10
+4000.example. 5M IN A 10.0.4.11
+4000.example. 5M IN A 10.0.4.12
+4000.example. 5M IN A 10.0.4.13
+4000.example. 5M IN A 10.0.4.14
+4000.example. 5M IN A 10.0.4.15
+4000.example. 5M IN A 10.0.4.16
+4000.example. 5M IN A 10.0.4.17
+4000.example. 5M IN A 10.0.4.18
+4000.example. 5M IN A 10.0.4.19
+4000.example. 5M IN A 10.0.4.20
+4000.example. 5M IN A 10.0.4.21
+4000.example. 5M IN A 10.0.4.22
+4000.example. 5M IN A 10.0.4.23
+4000.example. 5M IN A 10.0.4.24
+4000.example. 5M IN A 10.0.4.25
+4000.example. 5M IN A 10.0.4.26
+4000.example. 5M IN A 10.0.4.27
+4000.example. 5M IN A 10.0.4.28
+4000.example. 5M IN A 10.0.4.29
+4000.example. 5M IN A 10.0.4.30
+4000.example. 5M IN A 10.0.4.31
+4000.example. 5M IN A 10.0.4.32
+4000.example. 5M IN A 10.0.4.33
+4000.example. 5M IN A 10.0.4.34
+4000.example. 5M IN A 10.0.4.35
+4000.example. 5M IN A 10.0.4.36
+4000.example. 5M IN A 10.0.4.37
+4000.example. 5M IN A 10.0.4.38
+4000.example. 5M IN A 10.0.4.39
+4000.example. 5M IN A 10.0.4.40
+4000.example. 5M IN A 10.0.4.41
+4000.example. 5M IN A 10.0.4.42
+4000.example. 5M IN A 10.0.4.43
+4000.example. 5M IN A 10.0.4.44
+4000.example. 5M IN A 10.0.4.45
+4000.example. 5M IN A 10.0.4.46
+4000.example. 5M IN A 10.0.4.47
+4000.example. 5M IN A 10.0.4.48
+4000.example. 5M IN A 10.0.4.49
+4000.example. 5M IN A 10.0.4.50
+4000.example. 5M IN A 10.0.4.51
+4000.example. 5M IN A 10.0.4.52
+4000.example. 5M IN A 10.0.4.53
+4000.example. 5M IN A 10.0.4.54
+4000.example. 5M IN A 10.0.4.55
+4000.example. 5M IN A 10.0.4.56
+4000.example. 5M IN A 10.0.4.57
+4000.example. 5M IN A 10.0.4.58
+4000.example. 5M IN A 10.0.4.59
+4000.example. 5M IN A 10.0.4.60
+4000.example. 5M IN A 10.0.4.61
+4000.example. 5M IN A 10.0.4.62
+4000.example. 5M IN A 10.0.4.63
+4000.example. 5M IN A 10.0.4.64
+4000.example. 5M IN A 10.0.4.65
+4000.example. 5M IN A 10.0.4.66
+4000.example. 5M IN A 10.0.4.67
+4000.example. 5M IN A 10.0.4.68
+4000.example. 5M IN A 10.0.4.69
+4000.example. 5M IN A 10.0.4.70
+4000.example. 5M IN A 10.0.4.71
+4000.example. 5M IN A 10.0.4.72
+4000.example. 5M IN A 10.0.4.73
+4000.example. 5M IN A 10.0.4.74
+4000.example. 5M IN A 10.0.4.75
+4000.example. 5M IN A 10.0.4.76
+4000.example. 5M IN A 10.0.4.77
+4000.example. 5M IN A 10.0.4.78
+4000.example. 5M IN A 10.0.4.79
+4000.example. 5M IN A 10.0.4.80
+4000.example. 5M IN A 10.0.4.81
+4000.example. 5M IN A 10.0.4.82
+4000.example. 5M IN A 10.0.4.83
+4000.example. 5M IN A 10.0.4.84
+4000.example. 5M IN A 10.0.4.85
+4000.example. 5M IN A 10.0.4.86
+4000.example. 5M IN A 10.0.4.87
+4000.example. 5M IN A 10.0.4.88
+4000.example. 5M IN A 10.0.4.89
+4000.example. 5M IN A 10.0.4.90
+4000.example. 5M IN A 10.0.4.91
+4000.example. 5M IN A 10.0.4.92
+4000.example. 5M IN A 10.0.4.93
+4000.example. 5M IN A 10.0.4.94
+4000.example. 5M IN A 10.0.4.95
+4000.example. 5M IN A 10.0.4.96
+4000.example. 5M IN A 10.0.4.97
+4000.example. 5M IN A 10.0.4.98
+4000.example. 5M IN A 10.0.4.99
+4000.example. 5M IN A 10.0.4.100
+4000.example. 5M IN A 10.0.4.101
+4000.example. 5M IN A 10.0.4.102
+4000.example. 5M IN A 10.0.4.103
+4000.example. 5M IN A 10.0.4.104
+4000.example. 5M IN A 10.0.4.105
+4000.example. 5M IN A 10.0.4.106
+4000.example. 5M IN A 10.0.4.107
+4000.example. 5M IN A 10.0.4.108
+4000.example. 5M IN A 10.0.4.109
+4000.example. 5M IN A 10.0.4.110
+4000.example. 5M IN A 10.0.4.111
+4000.example. 5M IN A 10.0.4.112
+4000.example. 5M IN A 10.0.4.113
+4000.example. 5M IN A 10.0.4.114
+4000.example. 5M IN A 10.0.4.115
+4000.example. 5M IN A 10.0.4.116
+4000.example. 5M IN A 10.0.4.117
+4000.example. 5M IN A 10.0.4.118
+4000.example. 5M IN A 10.0.4.119
+4000.example. 5M IN A 10.0.4.120
+4000.example. 5M IN A 10.0.4.121
+4000.example. 5M IN A 10.0.4.122
+4000.example. 5M IN A 10.0.4.123
+4000.example. 5M IN A 10.0.4.124
+4000.example. 5M IN A 10.0.4.125
+4000.example. 5M IN A 10.0.4.126
+4000.example. 5M IN A 10.0.4.127
+4000.example. 5M IN A 10.0.4.128
+4000.example. 5M IN A 10.0.4.129
+4000.example. 5M IN A 10.0.4.130
+4000.example. 5M IN A 10.0.4.131
+4000.example. 5M IN A 10.0.4.132
+4000.example. 5M IN A 10.0.4.133
+4000.example. 5M IN A 10.0.4.134
+4000.example. 5M IN A 10.0.4.135
+4000.example. 5M IN A 10.0.4.136
+4000.example. 5M IN A 10.0.4.137
+4000.example. 5M IN A 10.0.4.138
+4000.example. 5M IN A 10.0.4.139
+4000.example. 5M IN A 10.0.4.140
+4000.example. 5M IN A 10.0.4.141
+4000.example. 5M IN A 10.0.4.142
+4000.example. 5M IN A 10.0.4.143
+4000.example. 5M IN A 10.0.4.144
+4000.example. 5M IN A 10.0.4.145
+4000.example. 5M IN A 10.0.4.146
+4000.example. 5M IN A 10.0.4.147
+4000.example. 5M IN A 10.0.4.148
+4000.example. 5M IN A 10.0.4.149
+4000.example. 5M IN A 10.0.4.150
+4000.example. 5M IN A 10.0.4.151
+4000.example. 5M IN A 10.0.4.152
+4000.example. 5M IN A 10.0.4.153
+4000.example. 5M IN A 10.0.4.154
+4000.example. 5M IN A 10.0.4.155
+4000.example. 5M IN A 10.0.4.156
+4000.example. 5M IN A 10.0.4.157
+4000.example. 5M IN A 10.0.4.158
+4000.example. 5M IN A 10.0.4.159
+4000.example. 5M IN A 10.0.4.160
+4000.example. 5M IN A 10.0.4.161
+4000.example. 5M IN A 10.0.4.162
+4000.example. 5M IN A 10.0.4.163
+4000.example. 5M IN A 10.0.4.164
+4000.example. 5M IN A 10.0.4.165
+4000.example. 5M IN A 10.0.4.166
+4000.example. 5M IN A 10.0.4.167
+4000.example. 5M IN A 10.0.4.168
+4000.example. 5M IN A 10.0.4.169
+4000.example. 5M IN A 10.0.4.170
+4000.example. 5M IN A 10.0.4.171
+4000.example. 5M IN A 10.0.4.172
+4000.example. 5M IN A 10.0.4.173
+4000.example. 5M IN A 10.0.4.174
+4000.example. 5M IN A 10.0.4.175
+4000.example. 5M IN A 10.0.4.176
+4000.example. 5M IN A 10.0.4.177
+4000.example. 5M IN A 10.0.4.178
+4000.example. 5M IN A 10.0.4.179
+4000.example. 5M IN A 10.0.4.180
+4000.example. 5M IN A 10.0.4.181
+4000.example. 5M IN A 10.0.4.182
+4000.example. 5M IN A 10.0.4.183
+4000.example. 5M IN A 10.0.4.184
+4000.example. 5M IN A 10.0.4.185
+4000.example. 5M IN A 10.0.4.186
+4000.example. 5M IN A 10.0.4.187
+4000.example. 5M IN A 10.0.4.188
+4000.example. 5M IN A 10.0.4.189
+4000.example. 5M IN A 10.0.4.190
+4000.example. 5M IN A 10.0.4.191
+4000.example. 5M IN A 10.0.4.192
+4000.example. 5M IN A 10.0.4.193
+4000.example. 5M IN A 10.0.4.194
+4000.example. 5M IN A 10.0.4.195
+4000.example. 5M IN A 10.0.4.196
+4000.example. 5M IN A 10.0.4.197
+4000.example. 5M IN A 10.0.4.198
+4000.example. 5M IN A 10.0.4.199
+4000.example. 5M IN A 10.0.4.200
+4000.example. 5M IN A 10.0.4.201
+4000.example. 5M IN A 10.0.4.202
+4000.example. 5M IN A 10.0.4.203
+4000.example. 5M IN A 10.0.4.204
+4000.example. 5M IN A 10.0.4.205
+4000.example. 5M IN A 10.0.4.206
+4000.example. 5M IN A 10.0.4.207
+4000.example. 5M IN A 10.0.4.208
+4000.example. 5M IN A 10.0.4.209
+4000.example. 5M IN A 10.0.4.210
+4000.example. 5M IN A 10.0.4.211
+4000.example. 5M IN A 10.0.4.212
+4000.example. 5M IN A 10.0.4.213
+4000.example. 5M IN A 10.0.4.214
+4000.example. 5M IN A 10.0.4.215
+4000.example. 5M IN A 10.0.4.216
+4000.example. 5M IN A 10.0.4.217
+4000.example. 5M IN A 10.0.4.218
+4000.example. 5M IN A 10.0.4.219
+4000.example. 5M IN A 10.0.4.220
+4000.example. 5M IN A 10.0.4.221
+4000.example. 5M IN A 10.0.4.222
+4000.example. 5M IN A 10.0.4.223
+4000.example. 5M IN A 10.0.4.224
+4000.example. 5M IN A 10.0.4.225
+4000.example. 5M IN A 10.0.4.226
+4000.example. 5M IN A 10.0.4.227
+4000.example. 5M IN A 10.0.4.228
+4000.example. 5M IN A 10.0.4.229
+4000.example. 5M IN A 10.0.4.230
+4000.example. 5M IN A 10.0.4.231
+4000.example. 5M IN A 10.0.4.232
+4000.example. 5M IN A 10.0.4.233
+4000.example. 5M IN A 10.0.4.234
+4000.example. 5M IN A 10.0.4.235
+4000.example. 5M IN A 10.0.4.236
+4000.example. 5M IN A 10.0.4.237
+4000.example. 5M IN A 10.0.4.238
+4000.example. 5M IN A 10.0.4.239
+4000.example. 5M IN A 10.0.4.240
+4000.example. 5M IN A 10.0.4.241
+4000.example. 5M IN A 10.0.4.242
+4000.example. 5M IN A 10.0.4.243
+4000.example. 5M IN A 10.0.4.244
+4000.example. 5M IN A 10.0.4.245
+4000.example. 5M IN A 10.0.4.246
+4000.example. 5M IN A 10.0.4.247
+4000.example. 5M IN A 10.0.4.248
+4000.example. 5M IN A 10.0.4.249
+4000.example. 5M IN A 10.0.4.250
+4000.example. 5M IN A 10.0.4.251
+4000.example. 5M IN A 10.0.4.252
+4000.example. 5M IN A 10.0.4.253
+4000.example. 5M IN A 10.0.4.254
+4000.example. 5M IN A 10.0.4.255
+4000.example. 5M IN A 10.0.5.0
+4000.example. 5M IN A 10.0.5.1
+4000.example. 5M IN A 10.0.5.2
+4000.example. 5M IN A 10.0.5.3
+4000.example. 5M IN A 10.0.5.4
+4000.example. 5M IN A 10.0.5.5
+4000.example. 5M IN A 10.0.5.6
+4000.example. 5M IN A 10.0.5.7
+4000.example. 5M IN A 10.0.5.8
+4000.example. 5M IN A 10.0.5.9
+4000.example. 5M IN A 10.0.5.10
+4000.example. 5M IN A 10.0.5.11
+4000.example. 5M IN A 10.0.5.12
+4000.example. 5M IN A 10.0.5.13
+4000.example. 5M IN A 10.0.5.14
+4000.example. 5M IN A 10.0.5.15
+4000.example. 5M IN A 10.0.5.16
+4000.example. 5M IN A 10.0.5.17
+4000.example. 5M IN A 10.0.5.18
+4000.example. 5M IN A 10.0.5.19
+4000.example. 5M IN A 10.0.5.20
+4000.example. 5M IN A 10.0.5.21
+4000.example. 5M IN A 10.0.5.22
+4000.example. 5M IN A 10.0.5.23
+4000.example. 5M IN A 10.0.5.24
+4000.example. 5M IN A 10.0.5.25
+4000.example. 5M IN A 10.0.5.26
+4000.example. 5M IN A 10.0.5.27
+4000.example. 5M IN A 10.0.5.28
+4000.example. 5M IN A 10.0.5.29
+4000.example. 5M IN A 10.0.5.30
+4000.example. 5M IN A 10.0.5.31
+4000.example. 5M IN A 10.0.5.32
+4000.example. 5M IN A 10.0.5.33
+4000.example. 5M IN A 10.0.5.34
+4000.example. 5M IN A 10.0.5.35
+4000.example. 5M IN A 10.0.5.36
+4000.example. 5M IN A 10.0.5.37
+4000.example. 5M IN A 10.0.5.38
+4000.example. 5M IN A 10.0.5.39
+4000.example. 5M IN A 10.0.5.40
+4000.example. 5M IN A 10.0.5.41
+4000.example. 5M IN A 10.0.5.42
+4000.example. 5M IN A 10.0.5.43
+4000.example. 5M IN A 10.0.5.44
+4000.example. 5M IN A 10.0.5.45
+4000.example. 5M IN A 10.0.5.46
+4000.example. 5M IN A 10.0.5.47
+4000.example. 5M IN A 10.0.5.48
+4000.example. 5M IN A 10.0.5.49
+4000.example. 5M IN A 10.0.5.50
+4000.example. 5M IN A 10.0.5.51
+4000.example. 5M IN A 10.0.5.52
+4000.example. 5M IN A 10.0.5.53
+4000.example. 5M IN A 10.0.5.54
+4000.example. 5M IN A 10.0.5.55
+4000.example. 5M IN A 10.0.5.56
+4000.example. 5M IN A 10.0.5.57
+4000.example. 5M IN A 10.0.5.58
+4000.example. 5M IN A 10.0.5.59
+4000.example. 5M IN A 10.0.5.60
+4000.example. 5M IN A 10.0.5.61
+4000.example. 5M IN A 10.0.5.62
+4000.example. 5M IN A 10.0.5.63
+4000.example. 5M IN A 10.0.5.64
+4000.example. 5M IN A 10.0.5.65
+4000.example. 5M IN A 10.0.5.66
+4000.example. 5M IN A 10.0.5.67
+4000.example. 5M IN A 10.0.5.68
+4000.example. 5M IN A 10.0.5.69
+4000.example. 5M IN A 10.0.5.70
+4000.example. 5M IN A 10.0.5.71
+4000.example. 5M IN A 10.0.5.72
+4000.example. 5M IN A 10.0.5.73
+4000.example. 5M IN A 10.0.5.74
+4000.example. 5M IN A 10.0.5.75
+4000.example. 5M IN A 10.0.5.76
+4000.example. 5M IN A 10.0.5.77
+4000.example. 5M IN A 10.0.5.78
+4000.example. 5M IN A 10.0.5.79
+4000.example. 5M IN A 10.0.5.80
+4000.example. 5M IN A 10.0.5.81
+4000.example. 5M IN A 10.0.5.82
+4000.example. 5M IN A 10.0.5.83
+4000.example. 5M IN A 10.0.5.84
+4000.example. 5M IN A 10.0.5.85
+4000.example. 5M IN A 10.0.5.86
+4000.example. 5M IN A 10.0.5.87
+4000.example. 5M IN A 10.0.5.88
+4000.example. 5M IN A 10.0.5.89
+4000.example. 5M IN A 10.0.5.90
+4000.example. 5M IN A 10.0.5.91
+4000.example. 5M IN A 10.0.5.92
+4000.example. 5M IN A 10.0.5.93
+4000.example. 5M IN A 10.0.5.94
+4000.example. 5M IN A 10.0.5.95
+4000.example. 5M IN A 10.0.5.96
+4000.example. 5M IN A 10.0.5.97
+4000.example. 5M IN A 10.0.5.98
+4000.example. 5M IN A 10.0.5.99
+4000.example. 5M IN A 10.0.5.100
+4000.example. 5M IN A 10.0.5.101
+4000.example. 5M IN A 10.0.5.102
+4000.example. 5M IN A 10.0.5.103
+4000.example. 5M IN A 10.0.5.104
+4000.example. 5M IN A 10.0.5.105
+4000.example. 5M IN A 10.0.5.106
+4000.example. 5M IN A 10.0.5.107
+4000.example. 5M IN A 10.0.5.108
+4000.example. 5M IN A 10.0.5.109
+4000.example. 5M IN A 10.0.5.110
+4000.example. 5M IN A 10.0.5.111
+4000.example. 5M IN A 10.0.5.112
+4000.example. 5M IN A 10.0.5.113
+4000.example. 5M IN A 10.0.5.114
+4000.example. 5M IN A 10.0.5.115
+4000.example. 5M IN A 10.0.5.116
+4000.example. 5M IN A 10.0.5.117
+4000.example. 5M IN A 10.0.5.118
+4000.example. 5M IN A 10.0.5.119
+4000.example. 5M IN A 10.0.5.120
+4000.example. 5M IN A 10.0.5.121
+4000.example. 5M IN A 10.0.5.122
+4000.example. 5M IN A 10.0.5.123
+4000.example. 5M IN A 10.0.5.124
+4000.example. 5M IN A 10.0.5.125
+4000.example. 5M IN A 10.0.5.126
+4000.example. 5M IN A 10.0.5.127
+4000.example. 5M IN A 10.0.5.128
+4000.example. 5M IN A 10.0.5.129
+4000.example. 5M IN A 10.0.5.130
+4000.example. 5M IN A 10.0.5.131
+4000.example. 5M IN A 10.0.5.132
+4000.example. 5M IN A 10.0.5.133
+4000.example. 5M IN A 10.0.5.134
+4000.example. 5M IN A 10.0.5.135
+4000.example. 5M IN A 10.0.5.136
+4000.example. 5M IN A 10.0.5.137
+4000.example. 5M IN A 10.0.5.138
+4000.example. 5M IN A 10.0.5.139
+4000.example. 5M IN A 10.0.5.140
+4000.example. 5M IN A 10.0.5.141
+4000.example. 5M IN A 10.0.5.142
+4000.example. 5M IN A 10.0.5.143
+4000.example. 5M IN A 10.0.5.144
+4000.example. 5M IN A 10.0.5.145
+4000.example. 5M IN A 10.0.5.146
+4000.example. 5M IN A 10.0.5.147
+4000.example. 5M IN A 10.0.5.148
+4000.example. 5M IN A 10.0.5.149
+4000.example. 5M IN A 10.0.5.150
+4000.example. 5M IN A 10.0.5.151
+4000.example. 5M IN A 10.0.5.152
+4000.example. 5M IN A 10.0.5.153
+4000.example. 5M IN A 10.0.5.154
+4000.example. 5M IN A 10.0.5.155
+4000.example. 5M IN A 10.0.5.156
+4000.example. 5M IN A 10.0.5.157
+4000.example. 5M IN A 10.0.5.158
+4000.example. 5M IN A 10.0.5.159
+4000.example. 5M IN A 10.0.5.160
+4000.example. 5M IN A 10.0.5.161
+4000.example. 5M IN A 10.0.5.162
+4000.example. 5M IN A 10.0.5.163
+4000.example. 5M IN A 10.0.5.164
+4000.example. 5M IN A 10.0.5.165
+4000.example. 5M IN A 10.0.5.166
+4000.example. 5M IN A 10.0.5.167
+4000.example. 5M IN A 10.0.5.168
+4000.example. 5M IN A 10.0.5.169
+4000.example. 5M IN A 10.0.5.170
+4000.example. 5M IN A 10.0.5.171
+4000.example. 5M IN A 10.0.5.172
+4000.example. 5M IN A 10.0.5.173
+4000.example. 5M IN A 10.0.5.174
+4000.example. 5M IN A 10.0.5.175
+4000.example. 5M IN A 10.0.5.176
+4000.example. 5M IN A 10.0.5.177
+4000.example. 5M IN A 10.0.5.178
+4000.example. 5M IN A 10.0.5.179
+4000.example. 5M IN A 10.0.5.180
+4000.example. 5M IN A 10.0.5.181
+4000.example. 5M IN A 10.0.5.182
+4000.example. 5M IN A 10.0.5.183
+4000.example. 5M IN A 10.0.5.184
+4000.example. 5M IN A 10.0.5.185
+4000.example. 5M IN A 10.0.5.186
+4000.example. 5M IN A 10.0.5.187
+4000.example. 5M IN A 10.0.5.188
+4000.example. 5M IN A 10.0.5.189
+4000.example. 5M IN A 10.0.5.190
+4000.example. 5M IN A 10.0.5.191
+4000.example. 5M IN A 10.0.5.192
+4000.example. 5M IN A 10.0.5.193
+4000.example. 5M IN A 10.0.5.194
+4000.example. 5M IN A 10.0.5.195
+4000.example. 5M IN A 10.0.5.196
+4000.example. 5M IN A 10.0.5.197
+4000.example. 5M IN A 10.0.5.198
+4000.example. 5M IN A 10.0.5.199
+4000.example. 5M IN A 10.0.5.200
+4000.example. 5M IN A 10.0.5.201
+4000.example. 5M IN A 10.0.5.202
+4000.example. 5M IN A 10.0.5.203
+4000.example. 5M IN A 10.0.5.204
+4000.example. 5M IN A 10.0.5.205
+4000.example. 5M IN A 10.0.5.206
+4000.example. 5M IN A 10.0.5.207
+4000.example. 5M IN A 10.0.5.208
+4000.example. 5M IN A 10.0.5.209
+4000.example. 5M IN A 10.0.5.210
+4000.example. 5M IN A 10.0.5.211
+4000.example. 5M IN A 10.0.5.212
+4000.example. 5M IN A 10.0.5.213
+4000.example. 5M IN A 10.0.5.214
+4000.example. 5M IN A 10.0.5.215
+4000.example. 5M IN A 10.0.5.216
+4000.example. 5M IN A 10.0.5.217
+4000.example. 5M IN A 10.0.5.218
+4000.example. 5M IN A 10.0.5.219
+4000.example. 5M IN A 10.0.5.220
+4000.example. 5M IN A 10.0.5.221
+4000.example. 5M IN A 10.0.5.222
+4000.example. 5M IN A 10.0.5.223
+4000.example. 5M IN A 10.0.5.224
+4000.example. 5M IN A 10.0.5.225
+4000.example. 5M IN A 10.0.5.226
+4000.example. 5M IN A 10.0.5.227
+4000.example. 5M IN A 10.0.5.228
+4000.example. 5M IN A 10.0.5.229
+4000.example. 5M IN A 10.0.5.230
+4000.example. 5M IN A 10.0.5.231
+4000.example. 5M IN A 10.0.5.232
+4000.example. 5M IN A 10.0.5.233
+4000.example. 5M IN A 10.0.5.234
+4000.example. 5M IN A 10.0.5.235
+4000.example. 5M IN A 10.0.5.236
+4000.example. 5M IN A 10.0.5.237
+4000.example. 5M IN A 10.0.5.238
+4000.example. 5M IN A 10.0.5.239
+4000.example. 5M IN A 10.0.5.240
+4000.example. 5M IN A 10.0.5.241
+4000.example. 5M IN A 10.0.5.242
+4000.example. 5M IN A 10.0.5.243
+4000.example. 5M IN A 10.0.5.244
+4000.example. 5M IN A 10.0.5.245
+4000.example. 5M IN A 10.0.5.246
+4000.example. 5M IN A 10.0.5.247
+4000.example. 5M IN A 10.0.5.248
+4000.example. 5M IN A 10.0.5.249
+4000.example. 5M IN A 10.0.5.250
+4000.example. 5M IN A 10.0.5.251
+4000.example. 5M IN A 10.0.5.252
+4000.example. 5M IN A 10.0.5.253
+4000.example. 5M IN A 10.0.5.254
+4000.example. 5M IN A 10.0.5.255
+4000.example. 5M IN A 10.0.6.0
+4000.example. 5M IN A 10.0.6.1
+4000.example. 5M IN A 10.0.6.2
+4000.example. 5M IN A 10.0.6.3
+4000.example. 5M IN A 10.0.6.4
+4000.example. 5M IN A 10.0.6.5
+4000.example. 5M IN A 10.0.6.6
+4000.example. 5M IN A 10.0.6.7
+4000.example. 5M IN A 10.0.6.8
+4000.example. 5M IN A 10.0.6.9
+4000.example. 5M IN A 10.0.6.10
+4000.example. 5M IN A 10.0.6.11
+4000.example. 5M IN A 10.0.6.12
+4000.example. 5M IN A 10.0.6.13
+4000.example. 5M IN A 10.0.6.14
+4000.example. 5M IN A 10.0.6.15
+4000.example. 5M IN A 10.0.6.16
+4000.example. 5M IN A 10.0.6.17
+4000.example. 5M IN A 10.0.6.18
+4000.example. 5M IN A 10.0.6.19
+4000.example. 5M IN A 10.0.6.20
+4000.example. 5M IN A 10.0.6.21
+4000.example. 5M IN A 10.0.6.22
+4000.example. 5M IN A 10.0.6.23
+4000.example. 5M IN A 10.0.6.24
+4000.example. 5M IN A 10.0.6.25
+4000.example. 5M IN A 10.0.6.26
+4000.example. 5M IN A 10.0.6.27
+4000.example. 5M IN A 10.0.6.28
+4000.example. 5M IN A 10.0.6.29
+4000.example. 5M IN A 10.0.6.30
+4000.example. 5M IN A 10.0.6.31
+4000.example. 5M IN A 10.0.6.32
+4000.example. 5M IN A 10.0.6.33
+4000.example. 5M IN A 10.0.6.34
+4000.example. 5M IN A 10.0.6.35
+4000.example. 5M IN A 10.0.6.36
+4000.example. 5M IN A 10.0.6.37
+4000.example. 5M IN A 10.0.6.38
+4000.example. 5M IN A 10.0.6.39
+4000.example. 5M IN A 10.0.6.40
+4000.example. 5M IN A 10.0.6.41
+4000.example. 5M IN A 10.0.6.42
+4000.example. 5M IN A 10.0.6.43
+4000.example. 5M IN A 10.0.6.44
+4000.example. 5M IN A 10.0.6.45
+4000.example. 5M IN A 10.0.6.46
+4000.example. 5M IN A 10.0.6.47
+4000.example. 5M IN A 10.0.6.48
+4000.example. 5M IN A 10.0.6.49
+4000.example. 5M IN A 10.0.6.50
+4000.example. 5M IN A 10.0.6.51
+4000.example. 5M IN A 10.0.6.52
+4000.example. 5M IN A 10.0.6.53
+4000.example. 5M IN A 10.0.6.54
+4000.example. 5M IN A 10.0.6.55
+4000.example. 5M IN A 10.0.6.56
+4000.example. 5M IN A 10.0.6.57
+4000.example. 5M IN A 10.0.6.58
+4000.example. 5M IN A 10.0.6.59
+4000.example. 5M IN A 10.0.6.60
+4000.example. 5M IN A 10.0.6.61
+4000.example. 5M IN A 10.0.6.62
+4000.example. 5M IN A 10.0.6.63
+4000.example. 5M IN A 10.0.6.64
+4000.example. 5M IN A 10.0.6.65
+4000.example. 5M IN A 10.0.6.66
+4000.example. 5M IN A 10.0.6.67
+4000.example. 5M IN A 10.0.6.68
+4000.example. 5M IN A 10.0.6.69
+4000.example. 5M IN A 10.0.6.70
+4000.example. 5M IN A 10.0.6.71
+4000.example. 5M IN A 10.0.6.72
+4000.example. 5M IN A 10.0.6.73
+4000.example. 5M IN A 10.0.6.74
+4000.example. 5M IN A 10.0.6.75
+4000.example. 5M IN A 10.0.6.76
+4000.example. 5M IN A 10.0.6.77
+4000.example. 5M IN A 10.0.6.78
+4000.example. 5M IN A 10.0.6.79
+4000.example. 5M IN A 10.0.6.80
+4000.example. 5M IN A 10.0.6.81
+4000.example. 5M IN A 10.0.6.82
+4000.example. 5M IN A 10.0.6.83
+4000.example. 5M IN A 10.0.6.84
+4000.example. 5M IN A 10.0.6.85
+4000.example. 5M IN A 10.0.6.86
+4000.example. 5M IN A 10.0.6.87
+4000.example. 5M IN A 10.0.6.88
+4000.example. 5M IN A 10.0.6.89
+4000.example. 5M IN A 10.0.6.90
+4000.example. 5M IN A 10.0.6.91
+4000.example. 5M IN A 10.0.6.92
+4000.example. 5M IN A 10.0.6.93
+4000.example. 5M IN A 10.0.6.94
+4000.example. 5M IN A 10.0.6.95
+4000.example. 5M IN A 10.0.6.96
+4000.example. 5M IN A 10.0.6.97
+4000.example. 5M IN A 10.0.6.98
+4000.example. 5M IN A 10.0.6.99
+4000.example. 5M IN A 10.0.6.100
+4000.example. 5M IN A 10.0.6.101
+4000.example. 5M IN A 10.0.6.102
+4000.example. 5M IN A 10.0.6.103
+4000.example. 5M IN A 10.0.6.104
+4000.example. 5M IN A 10.0.6.105
+4000.example. 5M IN A 10.0.6.106
+4000.example. 5M IN A 10.0.6.107
+4000.example. 5M IN A 10.0.6.108
+4000.example. 5M IN A 10.0.6.109
+4000.example. 5M IN A 10.0.6.110
+4000.example. 5M IN A 10.0.6.111
+4000.example. 5M IN A 10.0.6.112
+4000.example. 5M IN A 10.0.6.113
+4000.example. 5M IN A 10.0.6.114
+4000.example. 5M IN A 10.0.6.115
+4000.example. 5M IN A 10.0.6.116
+4000.example. 5M IN A 10.0.6.117
+4000.example. 5M IN A 10.0.6.118
+4000.example. 5M IN A 10.0.6.119
+4000.example. 5M IN A 10.0.6.120
+4000.example. 5M IN A 10.0.6.121
+4000.example. 5M IN A 10.0.6.122
+4000.example. 5M IN A 10.0.6.123
+4000.example. 5M IN A 10.0.6.124
+4000.example. 5M IN A 10.0.6.125
+4000.example. 5M IN A 10.0.6.126
+4000.example. 5M IN A 10.0.6.127
+4000.example. 5M IN A 10.0.6.128
+4000.example. 5M IN A 10.0.6.129
+4000.example. 5M IN A 10.0.6.130
+4000.example. 5M IN A 10.0.6.131
+4000.example. 5M IN A 10.0.6.132
+4000.example. 5M IN A 10.0.6.133
+4000.example. 5M IN A 10.0.6.134
+4000.example. 5M IN A 10.0.6.135
+4000.example. 5M IN A 10.0.6.136
+4000.example. 5M IN A 10.0.6.137
+4000.example. 5M IN A 10.0.6.138
+4000.example. 5M IN A 10.0.6.139
+4000.example. 5M IN A 10.0.6.140
+4000.example. 5M IN A 10.0.6.141
+4000.example. 5M IN A 10.0.6.142
+4000.example. 5M IN A 10.0.6.143
+4000.example. 5M IN A 10.0.6.144
+4000.example. 5M IN A 10.0.6.145
+4000.example. 5M IN A 10.0.6.146
+4000.example. 5M IN A 10.0.6.147
+4000.example. 5M IN A 10.0.6.148
+4000.example. 5M IN A 10.0.6.149
+4000.example. 5M IN A 10.0.6.150
+4000.example. 5M IN A 10.0.6.151
+4000.example. 5M IN A 10.0.6.152
+4000.example. 5M IN A 10.0.6.153
+4000.example. 5M IN A 10.0.6.154
+4000.example. 5M IN A 10.0.6.155
+4000.example. 5M IN A 10.0.6.156
+4000.example. 5M IN A 10.0.6.157
+4000.example. 5M IN A 10.0.6.158
+4000.example. 5M IN A 10.0.6.159
+4000.example. 5M IN A 10.0.6.160
+4000.example. 5M IN A 10.0.6.161
+4000.example. 5M IN A 10.0.6.162
+4000.example. 5M IN A 10.0.6.163
+4000.example. 5M IN A 10.0.6.164
+4000.example. 5M IN A 10.0.6.165
+4000.example. 5M IN A 10.0.6.166
+4000.example. 5M IN A 10.0.6.167
+4000.example. 5M IN A 10.0.6.168
+4000.example. 5M IN A 10.0.6.169
+4000.example. 5M IN A 10.0.6.170
+4000.example. 5M IN A 10.0.6.171
+4000.example. 5M IN A 10.0.6.172
+4000.example. 5M IN A 10.0.6.173
+4000.example. 5M IN A 10.0.6.174
+4000.example. 5M IN A 10.0.6.175
+4000.example. 5M IN A 10.0.6.176
+4000.example. 5M IN A 10.0.6.177
+4000.example. 5M IN A 10.0.6.178
+4000.example. 5M IN A 10.0.6.179
+4000.example. 5M IN A 10.0.6.180
+4000.example. 5M IN A 10.0.6.181
+4000.example. 5M IN A 10.0.6.182
+4000.example. 5M IN A 10.0.6.183
+4000.example. 5M IN A 10.0.6.184
+4000.example. 5M IN A 10.0.6.185
+4000.example. 5M IN A 10.0.6.186
+4000.example. 5M IN A 10.0.6.187
+4000.example. 5M IN A 10.0.6.188
+4000.example. 5M IN A 10.0.6.189
+4000.example. 5M IN A 10.0.6.190
+4000.example. 5M IN A 10.0.6.191
+4000.example. 5M IN A 10.0.6.192
+4000.example. 5M IN A 10.0.6.193
+4000.example. 5M IN A 10.0.6.194
+4000.example. 5M IN A 10.0.6.195
+4000.example. 5M IN A 10.0.6.196
+4000.example. 5M IN A 10.0.6.197
+4000.example. 5M IN A 10.0.6.198
+4000.example. 5M IN A 10.0.6.199
+4000.example. 5M IN A 10.0.6.200
+4000.example. 5M IN A 10.0.6.201
+4000.example. 5M IN A 10.0.6.202
+4000.example. 5M IN A 10.0.6.203
+4000.example. 5M IN A 10.0.6.204
+4000.example. 5M IN A 10.0.6.205
+4000.example. 5M IN A 10.0.6.206
+4000.example. 5M IN A 10.0.6.207
+4000.example. 5M IN A 10.0.6.208
+4000.example. 5M IN A 10.0.6.209
+4000.example. 5M IN A 10.0.6.210
+4000.example. 5M IN A 10.0.6.211
+4000.example. 5M IN A 10.0.6.212
+4000.example. 5M IN A 10.0.6.213
+4000.example. 5M IN A 10.0.6.214
+4000.example. 5M IN A 10.0.6.215
+4000.example. 5M IN A 10.0.6.216
+4000.example. 5M IN A 10.0.6.217
+4000.example. 5M IN A 10.0.6.218
+4000.example. 5M IN A 10.0.6.219
+4000.example. 5M IN A 10.0.6.220
+4000.example. 5M IN A 10.0.6.221
+4000.example. 5M IN A 10.0.6.222
+4000.example. 5M IN A 10.0.6.223
+4000.example. 5M IN A 10.0.6.224
+4000.example. 5M IN A 10.0.6.225
+4000.example. 5M IN A 10.0.6.226
+4000.example. 5M IN A 10.0.6.227
+4000.example. 5M IN A 10.0.6.228
+4000.example. 5M IN A 10.0.6.229
+4000.example. 5M IN A 10.0.6.230
+4000.example. 5M IN A 10.0.6.231
+4000.example. 5M IN A 10.0.6.232
+4000.example. 5M IN A 10.0.6.233
+4000.example. 5M IN A 10.0.6.234
+4000.example. 5M IN A 10.0.6.235
+4000.example. 5M IN A 10.0.6.236
+4000.example. 5M IN A 10.0.6.237
+4000.example. 5M IN A 10.0.6.238
+4000.example. 5M IN A 10.0.6.239
+4000.example. 5M IN A 10.0.6.240
+4000.example. 5M IN A 10.0.6.241
+4000.example. 5M IN A 10.0.6.242
+4000.example. 5M IN A 10.0.6.243
+4000.example. 5M IN A 10.0.6.244
+4000.example. 5M IN A 10.0.6.245
+4000.example. 5M IN A 10.0.6.246
+4000.example. 5M IN A 10.0.6.247
+4000.example. 5M IN A 10.0.6.248
+4000.example. 5M IN A 10.0.6.249
+4000.example. 5M IN A 10.0.6.250
+4000.example. 5M IN A 10.0.6.251
+4000.example. 5M IN A 10.0.6.252
+4000.example. 5M IN A 10.0.6.253
+4000.example. 5M IN A 10.0.6.254
+4000.example. 5M IN A 10.0.6.255
+4000.example. 5M IN A 10.0.7.0
+4000.example. 5M IN A 10.0.7.1
+4000.example. 5M IN A 10.0.7.2
+4000.example. 5M IN A 10.0.7.3
+4000.example. 5M IN A 10.0.7.4
+4000.example. 5M IN A 10.0.7.5
+4000.example. 5M IN A 10.0.7.6
+4000.example. 5M IN A 10.0.7.7
+4000.example. 5M IN A 10.0.7.8
+4000.example. 5M IN A 10.0.7.9
+4000.example. 5M IN A 10.0.7.10
+4000.example. 5M IN A 10.0.7.11
+4000.example. 5M IN A 10.0.7.12
+4000.example. 5M IN A 10.0.7.13
+4000.example. 5M IN A 10.0.7.14
+4000.example. 5M IN A 10.0.7.15
+4000.example. 5M IN A 10.0.7.16
+4000.example. 5M IN A 10.0.7.17
+4000.example. 5M IN A 10.0.7.18
+4000.example. 5M IN A 10.0.7.19
+4000.example. 5M IN A 10.0.7.20
+4000.example. 5M IN A 10.0.7.21
+4000.example. 5M IN A 10.0.7.22
+4000.example. 5M IN A 10.0.7.23
+4000.example. 5M IN A 10.0.7.24
+4000.example. 5M IN A 10.0.7.25
+4000.example. 5M IN A 10.0.7.26
+4000.example. 5M IN A 10.0.7.27
+4000.example. 5M IN A 10.0.7.28
+4000.example. 5M IN A 10.0.7.29
+4000.example. 5M IN A 10.0.7.30
+4000.example. 5M IN A 10.0.7.31
+4000.example. 5M IN A 10.0.7.32
+4000.example. 5M IN A 10.0.7.33
+4000.example. 5M IN A 10.0.7.34
+4000.example. 5M IN A 10.0.7.35
+4000.example. 5M IN A 10.0.7.36
+4000.example. 5M IN A 10.0.7.37
+4000.example. 5M IN A 10.0.7.38
+4000.example. 5M IN A 10.0.7.39
+4000.example. 5M IN A 10.0.7.40
+4000.example. 5M IN A 10.0.7.41
+4000.example. 5M IN A 10.0.7.42
+4000.example. 5M IN A 10.0.7.43
+4000.example. 5M IN A 10.0.7.44
+4000.example. 5M IN A 10.0.7.45
+4000.example. 5M IN A 10.0.7.46
+4000.example. 5M IN A 10.0.7.47
+4000.example. 5M IN A 10.0.7.48
+4000.example. 5M IN A 10.0.7.49
+4000.example. 5M IN A 10.0.7.50
+4000.example. 5M IN A 10.0.7.51
+4000.example. 5M IN A 10.0.7.52
+4000.example. 5M IN A 10.0.7.53
+4000.example. 5M IN A 10.0.7.54
+4000.example. 5M IN A 10.0.7.55
+4000.example. 5M IN A 10.0.7.56
+4000.example. 5M IN A 10.0.7.57
+4000.example. 5M IN A 10.0.7.58
+4000.example. 5M IN A 10.0.7.59
+4000.example. 5M IN A 10.0.7.60
+4000.example. 5M IN A 10.0.7.61
+4000.example. 5M IN A 10.0.7.62
+4000.example. 5M IN A 10.0.7.63
+4000.example. 5M IN A 10.0.7.64
+4000.example. 5M IN A 10.0.7.65
+4000.example. 5M IN A 10.0.7.66
+4000.example. 5M IN A 10.0.7.67
+4000.example. 5M IN A 10.0.7.68
+4000.example. 5M IN A 10.0.7.69
+4000.example. 5M IN A 10.0.7.70
+4000.example. 5M IN A 10.0.7.71
+4000.example. 5M IN A 10.0.7.72
+4000.example. 5M IN A 10.0.7.73
+4000.example. 5M IN A 10.0.7.74
+4000.example. 5M IN A 10.0.7.75
+4000.example. 5M IN A 10.0.7.76
+4000.example. 5M IN A 10.0.7.77
+4000.example. 5M IN A 10.0.7.78
+4000.example. 5M IN A 10.0.7.79
+4000.example. 5M IN A 10.0.7.80
+4000.example. 5M IN A 10.0.7.81
+4000.example. 5M IN A 10.0.7.82
+4000.example. 5M IN A 10.0.7.83
+4000.example. 5M IN A 10.0.7.84
+4000.example. 5M IN A 10.0.7.85
+4000.example. 5M IN A 10.0.7.86
+4000.example. 5M IN A 10.0.7.87
+4000.example. 5M IN A 10.0.7.88
+4000.example. 5M IN A 10.0.7.89
+4000.example. 5M IN A 10.0.7.90
+4000.example. 5M IN A 10.0.7.91
+4000.example. 5M IN A 10.0.7.92
+4000.example. 5M IN A 10.0.7.93
+4000.example. 5M IN A 10.0.7.94
+4000.example. 5M IN A 10.0.7.95
+4000.example. 5M IN A 10.0.7.96
+4000.example. 5M IN A 10.0.7.97
+4000.example. 5M IN A 10.0.7.98
+4000.example. 5M IN A 10.0.7.99
+4000.example. 5M IN A 10.0.7.100
+4000.example. 5M IN A 10.0.7.101
+4000.example. 5M IN A 10.0.7.102
+4000.example. 5M IN A 10.0.7.103
+4000.example. 5M IN A 10.0.7.104
+4000.example. 5M IN A 10.0.7.105
+4000.example. 5M IN A 10.0.7.106
+4000.example. 5M IN A 10.0.7.107
+4000.example. 5M IN A 10.0.7.108
+4000.example. 5M IN A 10.0.7.109
+4000.example. 5M IN A 10.0.7.110
+4000.example. 5M IN A 10.0.7.111
+4000.example. 5M IN A 10.0.7.112
+4000.example. 5M IN A 10.0.7.113
+4000.example. 5M IN A 10.0.7.114
+4000.example. 5M IN A 10.0.7.115
+4000.example. 5M IN A 10.0.7.116
+4000.example. 5M IN A 10.0.7.117
+4000.example. 5M IN A 10.0.7.118
+4000.example. 5M IN A 10.0.7.119
+4000.example. 5M IN A 10.0.7.120
+4000.example. 5M IN A 10.0.7.121
+4000.example. 5M IN A 10.0.7.122
+4000.example. 5M IN A 10.0.7.123
+4000.example. 5M IN A 10.0.7.124
+4000.example. 5M IN A 10.0.7.125
+4000.example. 5M IN A 10.0.7.126
+4000.example. 5M IN A 10.0.7.127
+4000.example. 5M IN A 10.0.7.128
+4000.example. 5M IN A 10.0.7.129
+4000.example. 5M IN A 10.0.7.130
+4000.example. 5M IN A 10.0.7.131
+4000.example. 5M IN A 10.0.7.132
+4000.example. 5M IN A 10.0.7.133
+4000.example. 5M IN A 10.0.7.134
+4000.example. 5M IN A 10.0.7.135
+4000.example. 5M IN A 10.0.7.136
+4000.example. 5M IN A 10.0.7.137
+4000.example. 5M IN A 10.0.7.138
+4000.example. 5M IN A 10.0.7.139
+4000.example. 5M IN A 10.0.7.140
+4000.example. 5M IN A 10.0.7.141
+4000.example. 5M IN A 10.0.7.142
+4000.example. 5M IN A 10.0.7.143
+4000.example. 5M IN A 10.0.7.144
+4000.example. 5M IN A 10.0.7.145
+4000.example. 5M IN A 10.0.7.146
+4000.example. 5M IN A 10.0.7.147
+4000.example. 5M IN A 10.0.7.148
+4000.example. 5M IN A 10.0.7.149
+4000.example. 5M IN A 10.0.7.150
+4000.example. 5M IN A 10.0.7.151
+4000.example. 5M IN A 10.0.7.152
+4000.example. 5M IN A 10.0.7.153
+4000.example. 5M IN A 10.0.7.154
+4000.example. 5M IN A 10.0.7.155
+4000.example. 5M IN A 10.0.7.156
+4000.example. 5M IN A 10.0.7.157
+4000.example. 5M IN A 10.0.7.158
+4000.example. 5M IN A 10.0.7.159
+4000.example. 5M IN A 10.0.7.160
+4000.example. 5M IN A 10.0.7.161
+4000.example. 5M IN A 10.0.7.162
+4000.example. 5M IN A 10.0.7.163
+4000.example. 5M IN A 10.0.7.164
+4000.example. 5M IN A 10.0.7.165
+4000.example. 5M IN A 10.0.7.166
+4000.example. 5M IN A 10.0.7.167
+4000.example. 5M IN A 10.0.7.168
+4000.example. 5M IN A 10.0.7.169
+4000.example. 5M IN A 10.0.7.170
+4000.example. 5M IN A 10.0.7.171
+4000.example. 5M IN A 10.0.7.172
+4000.example. 5M IN A 10.0.7.173
+4000.example. 5M IN A 10.0.7.174
+4000.example. 5M IN A 10.0.7.175
+4000.example. 5M IN A 10.0.7.176
+4000.example. 5M IN A 10.0.7.177
+4000.example. 5M IN A 10.0.7.178
+4000.example. 5M IN A 10.0.7.179
+4000.example. 5M IN A 10.0.7.180
+4000.example. 5M IN A 10.0.7.181
+4000.example. 5M IN A 10.0.7.182
+4000.example. 5M IN A 10.0.7.183
+4000.example. 5M IN A 10.0.7.184
+4000.example. 5M IN A 10.0.7.185
+4000.example. 5M IN A 10.0.7.186
+4000.example. 5M IN A 10.0.7.187
+4000.example. 5M IN A 10.0.7.188
+4000.example. 5M IN A 10.0.7.189
+4000.example. 5M IN A 10.0.7.190
+4000.example. 5M IN A 10.0.7.191
+4000.example. 5M IN A 10.0.7.192
+4000.example. 5M IN A 10.0.7.193
+4000.example. 5M IN A 10.0.7.194
+4000.example. 5M IN A 10.0.7.195
+4000.example. 5M IN A 10.0.7.196
+4000.example. 5M IN A 10.0.7.197
+4000.example. 5M IN A 10.0.7.198
+4000.example. 5M IN A 10.0.7.199
+4000.example. 5M IN A 10.0.7.200
+4000.example. 5M IN A 10.0.7.201
+4000.example. 5M IN A 10.0.7.202
+4000.example. 5M IN A 10.0.7.203
+4000.example. 5M IN A 10.0.7.204
+4000.example. 5M IN A 10.0.7.205
+4000.example. 5M IN A 10.0.7.206
+4000.example. 5M IN A 10.0.7.207
+4000.example. 5M IN A 10.0.7.208
+4000.example. 5M IN A 10.0.7.209
+4000.example. 5M IN A 10.0.7.210
+4000.example. 5M IN A 10.0.7.211
+4000.example. 5M IN A 10.0.7.212
+4000.example. 5M IN A 10.0.7.213
+4000.example. 5M IN A 10.0.7.214
+4000.example. 5M IN A 10.0.7.215
+4000.example. 5M IN A 10.0.7.216
+4000.example. 5M IN A 10.0.7.217
+4000.example. 5M IN A 10.0.7.218
+4000.example. 5M IN A 10.0.7.219
+4000.example. 5M IN A 10.0.7.220
+4000.example. 5M IN A 10.0.7.221
+4000.example. 5M IN A 10.0.7.222
+4000.example. 5M IN A 10.0.7.223
+4000.example. 5M IN A 10.0.7.224
+4000.example. 5M IN A 10.0.7.225
+4000.example. 5M IN A 10.0.7.226
+4000.example. 5M IN A 10.0.7.227
+4000.example. 5M IN A 10.0.7.228
+4000.example. 5M IN A 10.0.7.229
+4000.example. 5M IN A 10.0.7.230
+4000.example. 5M IN A 10.0.7.231
+4000.example. 5M IN A 10.0.7.232
+4000.example. 5M IN A 10.0.7.233
+4000.example. 5M IN A 10.0.7.234
+4000.example. 5M IN A 10.0.7.235
+4000.example. 5M IN A 10.0.7.236
+4000.example. 5M IN A 10.0.7.237
+4000.example. 5M IN A 10.0.7.238
+4000.example. 5M IN A 10.0.7.239
+4000.example. 5M IN A 10.0.7.240
+4000.example. 5M IN A 10.0.7.241
+4000.example. 5M IN A 10.0.7.242
+4000.example. 5M IN A 10.0.7.243
+4000.example. 5M IN A 10.0.7.244
+4000.example. 5M IN A 10.0.7.245
+4000.example. 5M IN A 10.0.7.246
+4000.example. 5M IN A 10.0.7.247
+4000.example. 5M IN A 10.0.7.248
+4000.example. 5M IN A 10.0.7.249
+4000.example. 5M IN A 10.0.7.250
+4000.example. 5M IN A 10.0.7.251
+4000.example. 5M IN A 10.0.7.252
+4000.example. 5M IN A 10.0.7.253
+4000.example. 5M IN A 10.0.7.254
+4000.example. 5M IN A 10.0.7.255
+4000.example. 5M IN A 10.0.8.0
+4000.example. 5M IN A 10.0.8.1
+4000.example. 5M IN A 10.0.8.2
+4000.example. 5M IN A 10.0.8.3
+4000.example. 5M IN A 10.0.8.4
+4000.example. 5M IN A 10.0.8.5
+4000.example. 5M IN A 10.0.8.6
+4000.example. 5M IN A 10.0.8.7
+4000.example. 5M IN A 10.0.8.8
+4000.example. 5M IN A 10.0.8.9
+4000.example. 5M IN A 10.0.8.10
+4000.example. 5M IN A 10.0.8.11
+4000.example. 5M IN A 10.0.8.12
+4000.example. 5M IN A 10.0.8.13
+4000.example. 5M IN A 10.0.8.14
+4000.example. 5M IN A 10.0.8.15
+4000.example. 5M IN A 10.0.8.16
+4000.example. 5M IN A 10.0.8.17
+4000.example. 5M IN A 10.0.8.18
+4000.example. 5M IN A 10.0.8.19
+4000.example. 5M IN A 10.0.8.20
+4000.example. 5M IN A 10.0.8.21
+4000.example. 5M IN A 10.0.8.22
+4000.example. 5M IN A 10.0.8.23
+4000.example. 5M IN A 10.0.8.24
+4000.example. 5M IN A 10.0.8.25
+4000.example. 5M IN A 10.0.8.26
+4000.example. 5M IN A 10.0.8.27
+4000.example. 5M IN A 10.0.8.28
+4000.example. 5M IN A 10.0.8.29
+4000.example. 5M IN A 10.0.8.30
+4000.example. 5M IN A 10.0.8.31
+4000.example. 5M IN A 10.0.8.32
+4000.example. 5M IN A 10.0.8.33
+4000.example. 5M IN A 10.0.8.34
+4000.example. 5M IN A 10.0.8.35
+4000.example. 5M IN A 10.0.8.36
+4000.example. 5M IN A 10.0.8.37
+4000.example. 5M IN A 10.0.8.38
+4000.example. 5M IN A 10.0.8.39
+4000.example. 5M IN A 10.0.8.40
+4000.example. 5M IN A 10.0.8.41
+4000.example. 5M IN A 10.0.8.42
+4000.example. 5M IN A 10.0.8.43
+4000.example. 5M IN A 10.0.8.44
+4000.example. 5M IN A 10.0.8.45
+4000.example. 5M IN A 10.0.8.46
+4000.example. 5M IN A 10.0.8.47
+4000.example. 5M IN A 10.0.8.48
+4000.example. 5M IN A 10.0.8.49
+4000.example. 5M IN A 10.0.8.50
+4000.example. 5M IN A 10.0.8.51
+4000.example. 5M IN A 10.0.8.52
+4000.example. 5M IN A 10.0.8.53
+4000.example. 5M IN A 10.0.8.54
+4000.example. 5M IN A 10.0.8.55
+4000.example. 5M IN A 10.0.8.56
+4000.example. 5M IN A 10.0.8.57
+4000.example. 5M IN A 10.0.8.58
+4000.example. 5M IN A 10.0.8.59
+4000.example. 5M IN A 10.0.8.60
+4000.example. 5M IN A 10.0.8.61
+4000.example. 5M IN A 10.0.8.62
+4000.example. 5M IN A 10.0.8.63
+4000.example. 5M IN A 10.0.8.64
+4000.example. 5M IN A 10.0.8.65
+4000.example. 5M IN A 10.0.8.66
+4000.example. 5M IN A 10.0.8.67
+4000.example. 5M IN A 10.0.8.68
+4000.example. 5M IN A 10.0.8.69
+4000.example. 5M IN A 10.0.8.70
+4000.example. 5M IN A 10.0.8.71
+4000.example. 5M IN A 10.0.8.72
+4000.example. 5M IN A 10.0.8.73
+4000.example. 5M IN A 10.0.8.74
+4000.example. 5M IN A 10.0.8.75
+4000.example. 5M IN A 10.0.8.76
+4000.example. 5M IN A 10.0.8.77
+4000.example. 5M IN A 10.0.8.78
+4000.example. 5M IN A 10.0.8.79
+4000.example. 5M IN A 10.0.8.80
+4000.example. 5M IN A 10.0.8.81
+4000.example. 5M IN A 10.0.8.82
+4000.example. 5M IN A 10.0.8.83
+4000.example. 5M IN A 10.0.8.84
+4000.example. 5M IN A 10.0.8.85
+4000.example. 5M IN A 10.0.8.86
+4000.example. 5M IN A 10.0.8.87
+4000.example. 5M IN A 10.0.8.88
+4000.example. 5M IN A 10.0.8.89
+4000.example. 5M IN A 10.0.8.90
+4000.example. 5M IN A 10.0.8.91
+4000.example. 5M IN A 10.0.8.92
+4000.example. 5M IN A 10.0.8.93
+4000.example. 5M IN A 10.0.8.94
+4000.example. 5M IN A 10.0.8.95
+4000.example. 5M IN A 10.0.8.96
+4000.example. 5M IN A 10.0.8.97
+4000.example. 5M IN A 10.0.8.98
+4000.example. 5M IN A 10.0.8.99
+4000.example. 5M IN A 10.0.8.100
+4000.example. 5M IN A 10.0.8.101
+4000.example. 5M IN A 10.0.8.102
+4000.example. 5M IN A 10.0.8.103
+4000.example. 5M IN A 10.0.8.104
+4000.example. 5M IN A 10.0.8.105
+4000.example. 5M IN A 10.0.8.106
+4000.example. 5M IN A 10.0.8.107
+4000.example. 5M IN A 10.0.8.108
+4000.example. 5M IN A 10.0.8.109
+4000.example. 5M IN A 10.0.8.110
+4000.example. 5M IN A 10.0.8.111
+4000.example. 5M IN A 10.0.8.112
+4000.example. 5M IN A 10.0.8.113
+4000.example. 5M IN A 10.0.8.114
+4000.example. 5M IN A 10.0.8.115
+4000.example. 5M IN A 10.0.8.116
+4000.example. 5M IN A 10.0.8.117
+4000.example. 5M IN A 10.0.8.118
+4000.example. 5M IN A 10.0.8.119
+4000.example. 5M IN A 10.0.8.120
+4000.example. 5M IN A 10.0.8.121
+4000.example. 5M IN A 10.0.8.122
+4000.example. 5M IN A 10.0.8.123
+4000.example. 5M IN A 10.0.8.124
+4000.example. 5M IN A 10.0.8.125
+4000.example. 5M IN A 10.0.8.126
+4000.example. 5M IN A 10.0.8.127
+4000.example. 5M IN A 10.0.8.128
+4000.example. 5M IN A 10.0.8.129
+4000.example. 5M IN A 10.0.8.130
+4000.example. 5M IN A 10.0.8.131
+4000.example. 5M IN A 10.0.8.132
+4000.example. 5M IN A 10.0.8.133
+4000.example. 5M IN A 10.0.8.134
+4000.example. 5M IN A 10.0.8.135
+4000.example. 5M IN A 10.0.8.136
+4000.example. 5M IN A 10.0.8.137
+4000.example. 5M IN A 10.0.8.138
+4000.example. 5M IN A 10.0.8.139
+4000.example. 5M IN A 10.0.8.140
+4000.example. 5M IN A 10.0.8.141
+4000.example. 5M IN A 10.0.8.142
+4000.example. 5M IN A 10.0.8.143
+4000.example. 5M IN A 10.0.8.144
+4000.example. 5M IN A 10.0.8.145
+4000.example. 5M IN A 10.0.8.146
+4000.example. 5M IN A 10.0.8.147
+4000.example. 5M IN A 10.0.8.148
+4000.example. 5M IN A 10.0.8.149
+4000.example. 5M IN A 10.0.8.150
+4000.example. 5M IN A 10.0.8.151
+4000.example. 5M IN A 10.0.8.152
+4000.example. 5M IN A 10.0.8.153
+4000.example. 5M IN A 10.0.8.154
+4000.example. 5M IN A 10.0.8.155
+4000.example. 5M IN A 10.0.8.156
+4000.example. 5M IN A 10.0.8.157
+4000.example. 5M IN A 10.0.8.158
+4000.example. 5M IN A 10.0.8.159
+4000.example. 5M IN A 10.0.8.160
+4000.example. 5M IN A 10.0.8.161
+4000.example. 5M IN A 10.0.8.162
+4000.example. 5M IN A 10.0.8.163
+4000.example. 5M IN A 10.0.8.164
+4000.example. 5M IN A 10.0.8.165
+4000.example. 5M IN A 10.0.8.166
+4000.example. 5M IN A 10.0.8.167
+4000.example. 5M IN A 10.0.8.168
+4000.example. 5M IN A 10.0.8.169
+4000.example. 5M IN A 10.0.8.170
+4000.example. 5M IN A 10.0.8.171
+4000.example. 5M IN A 10.0.8.172
+4000.example. 5M IN A 10.0.8.173
+4000.example. 5M IN A 10.0.8.174
+4000.example. 5M IN A 10.0.8.175
+4000.example. 5M IN A 10.0.8.176
+4000.example. 5M IN A 10.0.8.177
+4000.example. 5M IN A 10.0.8.178
+4000.example. 5M IN A 10.0.8.179
+4000.example. 5M IN A 10.0.8.180
+4000.example. 5M IN A 10.0.8.181
+4000.example. 5M IN A 10.0.8.182
+4000.example. 5M IN A 10.0.8.183
+4000.example. 5M IN A 10.0.8.184
+4000.example. 5M IN A 10.0.8.185
+4000.example. 5M IN A 10.0.8.186
+4000.example. 5M IN A 10.0.8.187
+4000.example. 5M IN A 10.0.8.188
+4000.example. 5M IN A 10.0.8.189
+4000.example. 5M IN A 10.0.8.190
+4000.example. 5M IN A 10.0.8.191
+4000.example. 5M IN A 10.0.8.192
+4000.example. 5M IN A 10.0.8.193
+4000.example. 5M IN A 10.0.8.194
+4000.example. 5M IN A 10.0.8.195
+4000.example. 5M IN A 10.0.8.196
+4000.example. 5M IN A 10.0.8.197
+4000.example. 5M IN A 10.0.8.198
+4000.example. 5M IN A 10.0.8.199
+4000.example. 5M IN A 10.0.8.200
+4000.example. 5M IN A 10.0.8.201
+4000.example. 5M IN A 10.0.8.202
+4000.example. 5M IN A 10.0.8.203
+4000.example. 5M IN A 10.0.8.204
+4000.example. 5M IN A 10.0.8.205
+4000.example. 5M IN A 10.0.8.206
+4000.example. 5M IN A 10.0.8.207
+4000.example. 5M IN A 10.0.8.208
+4000.example. 5M IN A 10.0.8.209
+4000.example. 5M IN A 10.0.8.210
+4000.example. 5M IN A 10.0.8.211
+4000.example. 5M IN A 10.0.8.212
+4000.example. 5M IN A 10.0.8.213
+4000.example. 5M IN A 10.0.8.214
+4000.example. 5M IN A 10.0.8.215
+4000.example. 5M IN A 10.0.8.216
+4000.example. 5M IN A 10.0.8.217
+4000.example. 5M IN A 10.0.8.218
+4000.example. 5M IN A 10.0.8.219
+4000.example. 5M IN A 10.0.8.220
+4000.example. 5M IN A 10.0.8.221
+4000.example. 5M IN A 10.0.8.222
+4000.example. 5M IN A 10.0.8.223
+4000.example. 5M IN A 10.0.8.224
+4000.example. 5M IN A 10.0.8.225
+4000.example. 5M IN A 10.0.8.226
+4000.example. 5M IN A 10.0.8.227
+4000.example. 5M IN A 10.0.8.228
+4000.example. 5M IN A 10.0.8.229
+4000.example. 5M IN A 10.0.8.230
+4000.example. 5M IN A 10.0.8.231
+4000.example. 5M IN A 10.0.8.232
+4000.example. 5M IN A 10.0.8.233
+4000.example. 5M IN A 10.0.8.234
+4000.example. 5M IN A 10.0.8.235
+4000.example. 5M IN A 10.0.8.236
+4000.example. 5M IN A 10.0.8.237
+4000.example. 5M IN A 10.0.8.238
+4000.example. 5M IN A 10.0.8.239
+4000.example. 5M IN A 10.0.8.240
+4000.example. 5M IN A 10.0.8.241
+4000.example. 5M IN A 10.0.8.242
+4000.example. 5M IN A 10.0.8.243
+4000.example. 5M IN A 10.0.8.244
+4000.example. 5M IN A 10.0.8.245
+4000.example. 5M IN A 10.0.8.246
+4000.example. 5M IN A 10.0.8.247
+4000.example. 5M IN A 10.0.8.248
+4000.example. 5M IN A 10.0.8.249
+4000.example. 5M IN A 10.0.8.250
+4000.example. 5M IN A 10.0.8.251
+4000.example. 5M IN A 10.0.8.252
+4000.example. 5M IN A 10.0.8.253
+4000.example. 5M IN A 10.0.8.254
+4000.example. 5M IN A 10.0.8.255
+4000.example. 5M IN A 10.0.9.0
+4000.example. 5M IN A 10.0.9.1
+4000.example. 5M IN A 10.0.9.2
+4000.example. 5M IN A 10.0.9.3
+4000.example. 5M IN A 10.0.9.4
+4000.example. 5M IN A 10.0.9.5
+4000.example. 5M IN A 10.0.9.6
+4000.example. 5M IN A 10.0.9.7
+4000.example. 5M IN A 10.0.9.8
+4000.example. 5M IN A 10.0.9.9
+4000.example. 5M IN A 10.0.9.10
+4000.example. 5M IN A 10.0.9.11
+4000.example. 5M IN A 10.0.9.12
+4000.example. 5M IN A 10.0.9.13
+4000.example. 5M IN A 10.0.9.14
+4000.example. 5M IN A 10.0.9.15
+4000.example. 5M IN A 10.0.9.16
+4000.example. 5M IN A 10.0.9.17
+4000.example. 5M IN A 10.0.9.18
+4000.example. 5M IN A 10.0.9.19
+4000.example. 5M IN A 10.0.9.20
+4000.example. 5M IN A 10.0.9.21
+4000.example. 5M IN A 10.0.9.22
+4000.example. 5M IN A 10.0.9.23
+4000.example. 5M IN A 10.0.9.24
+4000.example. 5M IN A 10.0.9.25
+4000.example. 5M IN A 10.0.9.26
+4000.example. 5M IN A 10.0.9.27
+4000.example. 5M IN A 10.0.9.28
+4000.example. 5M IN A 10.0.9.29
+4000.example. 5M IN A 10.0.9.30
+4000.example. 5M IN A 10.0.9.31
+4000.example. 5M IN A 10.0.9.32
+4000.example. 5M IN A 10.0.9.33
+4000.example. 5M IN A 10.0.9.34
+4000.example. 5M IN A 10.0.9.35
+4000.example. 5M IN A 10.0.9.36
+4000.example. 5M IN A 10.0.9.37
+4000.example. 5M IN A 10.0.9.38
+4000.example. 5M IN A 10.0.9.39
+4000.example. 5M IN A 10.0.9.40
+4000.example. 5M IN A 10.0.9.41
+4000.example. 5M IN A 10.0.9.42
+4000.example. 5M IN A 10.0.9.43
+4000.example. 5M IN A 10.0.9.44
+4000.example. 5M IN A 10.0.9.45
+4000.example. 5M IN A 10.0.9.46
+4000.example. 5M IN A 10.0.9.47
+4000.example. 5M IN A 10.0.9.48
+4000.example. 5M IN A 10.0.9.49
+4000.example. 5M IN A 10.0.9.50
+4000.example. 5M IN A 10.0.9.51
+4000.example. 5M IN A 10.0.9.52
+4000.example. 5M IN A 10.0.9.53
+4000.example. 5M IN A 10.0.9.54
+4000.example. 5M IN A 10.0.9.55
+4000.example. 5M IN A 10.0.9.56
+4000.example. 5M IN A 10.0.9.57
+4000.example. 5M IN A 10.0.9.58
+4000.example. 5M IN A 10.0.9.59
+4000.example. 5M IN A 10.0.9.60
+4000.example. 5M IN A 10.0.9.61
+4000.example. 5M IN A 10.0.9.62
+4000.example. 5M IN A 10.0.9.63
+4000.example. 5M IN A 10.0.9.64
+4000.example. 5M IN A 10.0.9.65
+4000.example. 5M IN A 10.0.9.66
+4000.example. 5M IN A 10.0.9.67
+4000.example. 5M IN A 10.0.9.68
+4000.example. 5M IN A 10.0.9.69
+4000.example. 5M IN A 10.0.9.70
+4000.example. 5M IN A 10.0.9.71
+4000.example. 5M IN A 10.0.9.72
+4000.example. 5M IN A 10.0.9.73
+4000.example. 5M IN A 10.0.9.74
+4000.example. 5M IN A 10.0.9.75
+4000.example. 5M IN A 10.0.9.76
+4000.example. 5M IN A 10.0.9.77
+4000.example. 5M IN A 10.0.9.78
+4000.example. 5M IN A 10.0.9.79
+4000.example. 5M IN A 10.0.9.80
+4000.example. 5M IN A 10.0.9.81
+4000.example. 5M IN A 10.0.9.82
+4000.example. 5M IN A 10.0.9.83
+4000.example. 5M IN A 10.0.9.84
+4000.example. 5M IN A 10.0.9.85
+4000.example. 5M IN A 10.0.9.86
+4000.example. 5M IN A 10.0.9.87
+4000.example. 5M IN A 10.0.9.88
+4000.example. 5M IN A 10.0.9.89
+4000.example. 5M IN A 10.0.9.90
+4000.example. 5M IN A 10.0.9.91
+4000.example. 5M IN A 10.0.9.92
+4000.example. 5M IN A 10.0.9.93
+4000.example. 5M IN A 10.0.9.94
+4000.example. 5M IN A 10.0.9.95
+4000.example. 5M IN A 10.0.9.96
+4000.example. 5M IN A 10.0.9.97
+4000.example. 5M IN A 10.0.9.98
+4000.example. 5M IN A 10.0.9.99
+4000.example. 5M IN A 10.0.9.100
+4000.example. 5M IN A 10.0.9.101
+4000.example. 5M IN A 10.0.9.102
+4000.example. 5M IN A 10.0.9.103
+4000.example. 5M IN A 10.0.9.104
+4000.example. 5M IN A 10.0.9.105
+4000.example. 5M IN A 10.0.9.106
+4000.example. 5M IN A 10.0.9.107
+4000.example. 5M IN A 10.0.9.108
+4000.example. 5M IN A 10.0.9.109
+4000.example. 5M IN A 10.0.9.110
+4000.example. 5M IN A 10.0.9.111
+4000.example. 5M IN A 10.0.9.112
+4000.example. 5M IN A 10.0.9.113
+4000.example. 5M IN A 10.0.9.114
+4000.example. 5M IN A 10.0.9.115
+4000.example. 5M IN A 10.0.9.116
+4000.example. 5M IN A 10.0.9.117
+4000.example. 5M IN A 10.0.9.118
+4000.example. 5M IN A 10.0.9.119
+4000.example. 5M IN A 10.0.9.120
+4000.example. 5M IN A 10.0.9.121
+4000.example. 5M IN A 10.0.9.122
+4000.example. 5M IN A 10.0.9.123
+4000.example. 5M IN A 10.0.9.124
+4000.example. 5M IN A 10.0.9.125
+4000.example. 5M IN A 10.0.9.126
+4000.example. 5M IN A 10.0.9.127
+4000.example. 5M IN A 10.0.9.128
+4000.example. 5M IN A 10.0.9.129
+4000.example. 5M IN A 10.0.9.130
+4000.example. 5M IN A 10.0.9.131
+4000.example. 5M IN A 10.0.9.132
+4000.example. 5M IN A 10.0.9.133
+4000.example. 5M IN A 10.0.9.134
+4000.example. 5M IN A 10.0.9.135
+4000.example. 5M IN A 10.0.9.136
+4000.example. 5M IN A 10.0.9.137
+4000.example. 5M IN A 10.0.9.138
+4000.example. 5M IN A 10.0.9.139
+4000.example. 5M IN A 10.0.9.140
+4000.example. 5M IN A 10.0.9.141
+4000.example. 5M IN A 10.0.9.142
+4000.example. 5M IN A 10.0.9.143
+4000.example. 5M IN A 10.0.9.144
+4000.example. 5M IN A 10.0.9.145
+4000.example. 5M IN A 10.0.9.146
+4000.example. 5M IN A 10.0.9.147
+4000.example. 5M IN A 10.0.9.148
+4000.example. 5M IN A 10.0.9.149
+4000.example. 5M IN A 10.0.9.150
+4000.example. 5M IN A 10.0.9.151
+4000.example. 5M IN A 10.0.9.152
+4000.example. 5M IN A 10.0.9.153
+4000.example. 5M IN A 10.0.9.154
+4000.example. 5M IN A 10.0.9.155
+4000.example. 5M IN A 10.0.9.156
+4000.example. 5M IN A 10.0.9.157
+4000.example. 5M IN A 10.0.9.158
+4000.example. 5M IN A 10.0.9.159
+4000.example. 5M IN A 10.0.9.160
+4000.example. 5M IN A 10.0.9.161
+4000.example. 5M IN A 10.0.9.162
+4000.example. 5M IN A 10.0.9.163
+4000.example. 5M IN A 10.0.9.164
+4000.example. 5M IN A 10.0.9.165
+4000.example. 5M IN A 10.0.9.166
+4000.example. 5M IN A 10.0.9.167
+4000.example. 5M IN A 10.0.9.168
+4000.example. 5M IN A 10.0.9.169
+4000.example. 5M IN A 10.0.9.170
+4000.example. 5M IN A 10.0.9.171
+4000.example. 5M IN A 10.0.9.172
+4000.example. 5M IN A 10.0.9.173
+4000.example. 5M IN A 10.0.9.174
+4000.example. 5M IN A 10.0.9.175
+4000.example. 5M IN A 10.0.9.176
+4000.example. 5M IN A 10.0.9.177
+4000.example. 5M IN A 10.0.9.178
+4000.example. 5M IN A 10.0.9.179
+4000.example. 5M IN A 10.0.9.180
+4000.example. 5M IN A 10.0.9.181
+4000.example. 5M IN A 10.0.9.182
+4000.example. 5M IN A 10.0.9.183
+4000.example. 5M IN A 10.0.9.184
+4000.example. 5M IN A 10.0.9.185
+4000.example. 5M IN A 10.0.9.186
+4000.example. 5M IN A 10.0.9.187
+4000.example. 5M IN A 10.0.9.188
+4000.example. 5M IN A 10.0.9.189
+4000.example. 5M IN A 10.0.9.190
+4000.example. 5M IN A 10.0.9.191
+4000.example. 5M IN A 10.0.9.192
+4000.example. 5M IN A 10.0.9.193
+4000.example. 5M IN A 10.0.9.194
+4000.example. 5M IN A 10.0.9.195
+4000.example. 5M IN A 10.0.9.196
+4000.example. 5M IN A 10.0.9.197
+4000.example. 5M IN A 10.0.9.198
+4000.example. 5M IN A 10.0.9.199
+4000.example. 5M IN A 10.0.9.200
+4000.example. 5M IN A 10.0.9.201
+4000.example. 5M IN A 10.0.9.202
+4000.example. 5M IN A 10.0.9.203
+4000.example. 5M IN A 10.0.9.204
+4000.example. 5M IN A 10.0.9.205
+4000.example. 5M IN A 10.0.9.206
+4000.example. 5M IN A 10.0.9.207
+4000.example. 5M IN A 10.0.9.208
+4000.example. 5M IN A 10.0.9.209
+4000.example. 5M IN A 10.0.9.210
+4000.example. 5M IN A 10.0.9.211
+4000.example. 5M IN A 10.0.9.212
+4000.example. 5M IN A 10.0.9.213
+4000.example. 5M IN A 10.0.9.214
+4000.example. 5M IN A 10.0.9.215
+4000.example. 5M IN A 10.0.9.216
+4000.example. 5M IN A 10.0.9.217
+4000.example. 5M IN A 10.0.9.218
+4000.example. 5M IN A 10.0.9.219
+4000.example. 5M IN A 10.0.9.220
+4000.example. 5M IN A 10.0.9.221
+4000.example. 5M IN A 10.0.9.222
+4000.example. 5M IN A 10.0.9.223
+4000.example. 5M IN A 10.0.9.224
+4000.example. 5M IN A 10.0.9.225
+4000.example. 5M IN A 10.0.9.226
+4000.example. 5M IN A 10.0.9.227
+4000.example. 5M IN A 10.0.9.228
+4000.example. 5M IN A 10.0.9.229
+4000.example. 5M IN A 10.0.9.230
+4000.example. 5M IN A 10.0.9.231
+4000.example. 5M IN A 10.0.9.232
+4000.example. 5M IN A 10.0.9.233
+4000.example. 5M IN A 10.0.9.234
+4000.example. 5M IN A 10.0.9.235
+4000.example. 5M IN A 10.0.9.236
+4000.example. 5M IN A 10.0.9.237
+4000.example. 5M IN A 10.0.9.238
+4000.example. 5M IN A 10.0.9.239
+4000.example. 5M IN A 10.0.9.240
+4000.example. 5M IN A 10.0.9.241
+4000.example. 5M IN A 10.0.9.242
+4000.example. 5M IN A 10.0.9.243
+4000.example. 5M IN A 10.0.9.244
+4000.example. 5M IN A 10.0.9.245
+4000.example. 5M IN A 10.0.9.246
+4000.example. 5M IN A 10.0.9.247
+4000.example. 5M IN A 10.0.9.248
+4000.example. 5M IN A 10.0.9.249
+4000.example. 5M IN A 10.0.9.250
+4000.example. 5M IN A 10.0.9.251
+4000.example. 5M IN A 10.0.9.252
+4000.example. 5M IN A 10.0.9.253
+4000.example. 5M IN A 10.0.9.254
+4000.example. 5M IN A 10.0.9.255
+4000.example. 5M IN A 10.0.10.0
+4000.example. 5M IN A 10.0.10.1
+4000.example. 5M IN A 10.0.10.2
+4000.example. 5M IN A 10.0.10.3
+4000.example. 5M IN A 10.0.10.4
+4000.example. 5M IN A 10.0.10.5
+4000.example. 5M IN A 10.0.10.6
+4000.example. 5M IN A 10.0.10.7
+4000.example. 5M IN A 10.0.10.8
+4000.example. 5M IN A 10.0.10.9
+4000.example. 5M IN A 10.0.10.10
+4000.example. 5M IN A 10.0.10.11
+4000.example. 5M IN A 10.0.10.12
+4000.example. 5M IN A 10.0.10.13
+4000.example. 5M IN A 10.0.10.14
+4000.example. 5M IN A 10.0.10.15
+4000.example. 5M IN A 10.0.10.16
+4000.example. 5M IN A 10.0.10.17
+4000.example. 5M IN A 10.0.10.18
+4000.example. 5M IN A 10.0.10.19
+4000.example. 5M IN A 10.0.10.20
+4000.example. 5M IN A 10.0.10.21
+4000.example. 5M IN A 10.0.10.22
+4000.example. 5M IN A 10.0.10.23
+4000.example. 5M IN A 10.0.10.24
+4000.example. 5M IN A 10.0.10.25
+4000.example. 5M IN A 10.0.10.26
+4000.example. 5M IN A 10.0.10.27
+4000.example. 5M IN A 10.0.10.28
+4000.example. 5M IN A 10.0.10.29
+4000.example. 5M IN A 10.0.10.30
+4000.example. 5M IN A 10.0.10.31
+4000.example. 5M IN A 10.0.10.32
+4000.example. 5M IN A 10.0.10.33
+4000.example. 5M IN A 10.0.10.34
+4000.example. 5M IN A 10.0.10.35
+4000.example. 5M IN A 10.0.10.36
+4000.example. 5M IN A 10.0.10.37
+4000.example. 5M IN A 10.0.10.38
+4000.example. 5M IN A 10.0.10.39
+4000.example. 5M IN A 10.0.10.40
+4000.example. 5M IN A 10.0.10.41
+4000.example. 5M IN A 10.0.10.42
+4000.example. 5M IN A 10.0.10.43
+4000.example. 5M IN A 10.0.10.44
+4000.example. 5M IN A 10.0.10.45
+4000.example. 5M IN A 10.0.10.46
+4000.example. 5M IN A 10.0.10.47
+4000.example. 5M IN A 10.0.10.48
+4000.example. 5M IN A 10.0.10.49
+4000.example. 5M IN A 10.0.10.50
+4000.example. 5M IN A 10.0.10.51
+4000.example. 5M IN A 10.0.10.52
+4000.example. 5M IN A 10.0.10.53
+4000.example. 5M IN A 10.0.10.54
+4000.example. 5M IN A 10.0.10.55
+4000.example. 5M IN A 10.0.10.56
+4000.example. 5M IN A 10.0.10.57
+4000.example. 5M IN A 10.0.10.58
+4000.example. 5M IN A 10.0.10.59
+4000.example. 5M IN A 10.0.10.60
+4000.example. 5M IN A 10.0.10.61
+4000.example. 5M IN A 10.0.10.62
+4000.example. 5M IN A 10.0.10.63
+4000.example. 5M IN A 10.0.10.64
+4000.example. 5M IN A 10.0.10.65
+4000.example. 5M IN A 10.0.10.66
+4000.example. 5M IN A 10.0.10.67
+4000.example. 5M IN A 10.0.10.68
+4000.example. 5M IN A 10.0.10.69
+4000.example. 5M IN A 10.0.10.70
+4000.example. 5M IN A 10.0.10.71
+4000.example. 5M IN A 10.0.10.72
+4000.example. 5M IN A 10.0.10.73
+4000.example. 5M IN A 10.0.10.74
+4000.example. 5M IN A 10.0.10.75
+4000.example. 5M IN A 10.0.10.76
+4000.example. 5M IN A 10.0.10.77
+4000.example. 5M IN A 10.0.10.78
+4000.example. 5M IN A 10.0.10.79
+4000.example. 5M IN A 10.0.10.80
+4000.example. 5M IN A 10.0.10.81
+4000.example. 5M IN A 10.0.10.82
+4000.example. 5M IN A 10.0.10.83
+4000.example. 5M IN A 10.0.10.84
+4000.example. 5M IN A 10.0.10.85
+4000.example. 5M IN A 10.0.10.86
+4000.example. 5M IN A 10.0.10.87
+4000.example. 5M IN A 10.0.10.88
+4000.example. 5M IN A 10.0.10.89
+4000.example. 5M IN A 10.0.10.90
+4000.example. 5M IN A 10.0.10.91
+4000.example. 5M IN A 10.0.10.92
+4000.example. 5M IN A 10.0.10.93
+4000.example. 5M IN A 10.0.10.94
+4000.example. 5M IN A 10.0.10.95
+4000.example. 5M IN A 10.0.10.96
+4000.example. 5M IN A 10.0.10.97
+4000.example. 5M IN A 10.0.10.98
+4000.example. 5M IN A 10.0.10.99
+4000.example. 5M IN A 10.0.10.100
+4000.example. 5M IN A 10.0.10.101
+4000.example. 5M IN A 10.0.10.102
+4000.example. 5M IN A 10.0.10.103
+4000.example. 5M IN A 10.0.10.104
+4000.example. 5M IN A 10.0.10.105
+4000.example. 5M IN A 10.0.10.106
+4000.example. 5M IN A 10.0.10.107
+4000.example. 5M IN A 10.0.10.108
+4000.example. 5M IN A 10.0.10.109
+4000.example. 5M IN A 10.0.10.110
+4000.example. 5M IN A 10.0.10.111
+4000.example. 5M IN A 10.0.10.112
+4000.example. 5M IN A 10.0.10.113
+4000.example. 5M IN A 10.0.10.114
+4000.example. 5M IN A 10.0.10.115
+4000.example. 5M IN A 10.0.10.116
+4000.example. 5M IN A 10.0.10.117
+4000.example. 5M IN A 10.0.10.118
+4000.example. 5M IN A 10.0.10.119
+4000.example. 5M IN A 10.0.10.120
+4000.example. 5M IN A 10.0.10.121
+4000.example. 5M IN A 10.0.10.122
+4000.example. 5M IN A 10.0.10.123
+4000.example. 5M IN A 10.0.10.124
+4000.example. 5M IN A 10.0.10.125
+4000.example. 5M IN A 10.0.10.126
+4000.example. 5M IN A 10.0.10.127
+4000.example. 5M IN A 10.0.10.128
+4000.example. 5M IN A 10.0.10.129
+4000.example. 5M IN A 10.0.10.130
+4000.example. 5M IN A 10.0.10.131
+4000.example. 5M IN A 10.0.10.132
+4000.example. 5M IN A 10.0.10.133
+4000.example. 5M IN A 10.0.10.134
+4000.example. 5M IN A 10.0.10.135
+4000.example. 5M IN A 10.0.10.136
+4000.example. 5M IN A 10.0.10.137
+4000.example. 5M IN A 10.0.10.138
+4000.example. 5M IN A 10.0.10.139
+4000.example. 5M IN A 10.0.10.140
+4000.example. 5M IN A 10.0.10.141
+4000.example. 5M IN A 10.0.10.142
+4000.example. 5M IN A 10.0.10.143
+4000.example. 5M IN A 10.0.10.144
+4000.example. 5M IN A 10.0.10.145
+4000.example. 5M IN A 10.0.10.146
+4000.example. 5M IN A 10.0.10.147
+4000.example. 5M IN A 10.0.10.148
+4000.example. 5M IN A 10.0.10.149
+4000.example. 5M IN A 10.0.10.150
+4000.example. 5M IN A 10.0.10.151
+4000.example. 5M IN A 10.0.10.152
+4000.example. 5M IN A 10.0.10.153
+4000.example. 5M IN A 10.0.10.154
+4000.example. 5M IN A 10.0.10.155
+4000.example. 5M IN A 10.0.10.156
+4000.example. 5M IN A 10.0.10.157
+4000.example. 5M IN A 10.0.10.158
+4000.example. 5M IN A 10.0.10.159
+4000.example. 5M IN A 10.0.10.160
+4000.example. 5M IN A 10.0.10.161
+4000.example. 5M IN A 10.0.10.162
+4000.example. 5M IN A 10.0.10.163
+4000.example. 5M IN A 10.0.10.164
+4000.example. 5M IN A 10.0.10.165
+4000.example. 5M IN A 10.0.10.166
+4000.example. 5M IN A 10.0.10.167
+4000.example. 5M IN A 10.0.10.168
+4000.example. 5M IN A 10.0.10.169
+4000.example. 5M IN A 10.0.10.170
+4000.example. 5M IN A 10.0.10.171
+4000.example. 5M IN A 10.0.10.172
+4000.example. 5M IN A 10.0.10.173
+4000.example. 5M IN A 10.0.10.174
+4000.example. 5M IN A 10.0.10.175
+4000.example. 5M IN A 10.0.10.176
+4000.example. 5M IN A 10.0.10.177
+4000.example. 5M IN A 10.0.10.178
+4000.example. 5M IN A 10.0.10.179
+4000.example. 5M IN A 10.0.10.180
+4000.example. 5M IN A 10.0.10.181
+4000.example. 5M IN A 10.0.10.182
+4000.example. 5M IN A 10.0.10.183
+4000.example. 5M IN A 10.0.10.184
+4000.example. 5M IN A 10.0.10.185
+4000.example. 5M IN A 10.0.10.186
+4000.example. 5M IN A 10.0.10.187
+4000.example. 5M IN A 10.0.10.188
+4000.example. 5M IN A 10.0.10.189
+4000.example. 5M IN A 10.0.10.190
+4000.example. 5M IN A 10.0.10.191
+4000.example. 5M IN A 10.0.10.192
+4000.example. 5M IN A 10.0.10.193
+4000.example. 5M IN A 10.0.10.194
+4000.example. 5M IN A 10.0.10.195
+4000.example. 5M IN A 10.0.10.196
+4000.example. 5M IN A 10.0.10.197
+4000.example. 5M IN A 10.0.10.198
+4000.example. 5M IN A 10.0.10.199
+4000.example. 5M IN A 10.0.10.200
+4000.example. 5M IN A 10.0.10.201
+4000.example. 5M IN A 10.0.10.202
+4000.example. 5M IN A 10.0.10.203
+4000.example. 5M IN A 10.0.10.204
+4000.example. 5M IN A 10.0.10.205
+4000.example. 5M IN A 10.0.10.206
+4000.example. 5M IN A 10.0.10.207
+4000.example. 5M IN A 10.0.10.208
+4000.example. 5M IN A 10.0.10.209
+4000.example. 5M IN A 10.0.10.210
+4000.example. 5M IN A 10.0.10.211
+4000.example. 5M IN A 10.0.10.212
+4000.example. 5M IN A 10.0.10.213
+4000.example. 5M IN A 10.0.10.214
+4000.example. 5M IN A 10.0.10.215
+4000.example. 5M IN A 10.0.10.216
+4000.example. 5M IN A 10.0.10.217
+4000.example. 5M IN A 10.0.10.218
+4000.example. 5M IN A 10.0.10.219
+4000.example. 5M IN A 10.0.10.220
+4000.example. 5M IN A 10.0.10.221
+4000.example. 5M IN A 10.0.10.222
+4000.example. 5M IN A 10.0.10.223
+4000.example. 5M IN A 10.0.10.224
+4000.example. 5M IN A 10.0.10.225
+4000.example. 5M IN A 10.0.10.226
+4000.example. 5M IN A 10.0.10.227
+4000.example. 5M IN A 10.0.10.228
+4000.example. 5M IN A 10.0.10.229
+4000.example. 5M IN A 10.0.10.230
+4000.example. 5M IN A 10.0.10.231
+4000.example. 5M IN A 10.0.10.232
+4000.example. 5M IN A 10.0.10.233
+4000.example. 5M IN A 10.0.10.234
+4000.example. 5M IN A 10.0.10.235
+4000.example. 5M IN A 10.0.10.236
+4000.example. 5M IN A 10.0.10.237
+4000.example. 5M IN A 10.0.10.238
+4000.example. 5M IN A 10.0.10.239
+4000.example. 5M IN A 10.0.10.240
+4000.example. 5M IN A 10.0.10.241
+4000.example. 5M IN A 10.0.10.242
+4000.example. 5M IN A 10.0.10.243
+4000.example. 5M IN A 10.0.10.244
+4000.example. 5M IN A 10.0.10.245
+4000.example. 5M IN A 10.0.10.246
+4000.example. 5M IN A 10.0.10.247
+4000.example. 5M IN A 10.0.10.248
+4000.example. 5M IN A 10.0.10.249
+4000.example. 5M IN A 10.0.10.250
+4000.example. 5M IN A 10.0.10.251
+4000.example. 5M IN A 10.0.10.252
+4000.example. 5M IN A 10.0.10.253
+4000.example. 5M IN A 10.0.10.254
+4000.example. 5M IN A 10.0.10.255
+4000.example. 5M IN A 10.0.11.0
+4000.example. 5M IN A 10.0.11.1
+4000.example. 5M IN A 10.0.11.2
+4000.example. 5M IN A 10.0.11.3
+4000.example. 5M IN A 10.0.11.4
+4000.example. 5M IN A 10.0.11.5
+4000.example. 5M IN A 10.0.11.6
+4000.example. 5M IN A 10.0.11.7
+4000.example. 5M IN A 10.0.11.8
+4000.example. 5M IN A 10.0.11.9
+4000.example. 5M IN A 10.0.11.10
+4000.example. 5M IN A 10.0.11.11
+4000.example. 5M IN A 10.0.11.12
+4000.example. 5M IN A 10.0.11.13
+4000.example. 5M IN A 10.0.11.14
+4000.example. 5M IN A 10.0.11.15
+4000.example. 5M IN A 10.0.11.16
+4000.example. 5M IN A 10.0.11.17
+4000.example. 5M IN A 10.0.11.18
+4000.example. 5M IN A 10.0.11.19
+4000.example. 5M IN A 10.0.11.20
+4000.example. 5M IN A 10.0.11.21
+4000.example. 5M IN A 10.0.11.22
+4000.example. 5M IN A 10.0.11.23
+4000.example. 5M IN A 10.0.11.24
+4000.example. 5M IN A 10.0.11.25
+4000.example. 5M IN A 10.0.11.26
+4000.example. 5M IN A 10.0.11.27
+4000.example. 5M IN A 10.0.11.28
+4000.example. 5M IN A 10.0.11.29
+4000.example. 5M IN A 10.0.11.30
+4000.example. 5M IN A 10.0.11.31
+4000.example. 5M IN A 10.0.11.32
+4000.example. 5M IN A 10.0.11.33
+4000.example. 5M IN A 10.0.11.34
+4000.example. 5M IN A 10.0.11.35
+4000.example. 5M IN A 10.0.11.36
+4000.example. 5M IN A 10.0.11.37
+4000.example. 5M IN A 10.0.11.38
+4000.example. 5M IN A 10.0.11.39
+4000.example. 5M IN A 10.0.11.40
+4000.example. 5M IN A 10.0.11.41
+4000.example. 5M IN A 10.0.11.42
+4000.example. 5M IN A 10.0.11.43
+4000.example. 5M IN A 10.0.11.44
+4000.example. 5M IN A 10.0.11.45
+4000.example. 5M IN A 10.0.11.46
+4000.example. 5M IN A 10.0.11.47
+4000.example. 5M IN A 10.0.11.48
+4000.example. 5M IN A 10.0.11.49
+4000.example. 5M IN A 10.0.11.50
+4000.example. 5M IN A 10.0.11.51
+4000.example. 5M IN A 10.0.11.52
+4000.example. 5M IN A 10.0.11.53
+4000.example. 5M IN A 10.0.11.54
+4000.example. 5M IN A 10.0.11.55
+4000.example. 5M IN A 10.0.11.56
+4000.example. 5M IN A 10.0.11.57
+4000.example. 5M IN A 10.0.11.58
+4000.example. 5M IN A 10.0.11.59
+4000.example. 5M IN A 10.0.11.60
+4000.example. 5M IN A 10.0.11.61
+4000.example. 5M IN A 10.0.11.62
+4000.example. 5M IN A 10.0.11.63
+4000.example. 5M IN A 10.0.11.64
+4000.example. 5M IN A 10.0.11.65
+4000.example. 5M IN A 10.0.11.66
+4000.example. 5M IN A 10.0.11.67
+4000.example. 5M IN A 10.0.11.68
+4000.example. 5M IN A 10.0.11.69
+4000.example. 5M IN A 10.0.11.70
+4000.example. 5M IN A 10.0.11.71
+4000.example. 5M IN A 10.0.11.72
+4000.example. 5M IN A 10.0.11.73
+4000.example. 5M IN A 10.0.11.74
+4000.example. 5M IN A 10.0.11.75
+4000.example. 5M IN A 10.0.11.76
+4000.example. 5M IN A 10.0.11.77
+4000.example. 5M IN A 10.0.11.78
+4000.example. 5M IN A 10.0.11.79
+4000.example. 5M IN A 10.0.11.80
+4000.example. 5M IN A 10.0.11.81
+4000.example. 5M IN A 10.0.11.82
+4000.example. 5M IN A 10.0.11.83
+4000.example. 5M IN A 10.0.11.84
+4000.example. 5M IN A 10.0.11.85
+4000.example. 5M IN A 10.0.11.86
+4000.example. 5M IN A 10.0.11.87
+4000.example. 5M IN A 10.0.11.88
+4000.example. 5M IN A 10.0.11.89
+4000.example. 5M IN A 10.0.11.90
+4000.example. 5M IN A 10.0.11.91
+4000.example. 5M IN A 10.0.11.92
+4000.example. 5M IN A 10.0.11.93
+4000.example. 5M IN A 10.0.11.94
+4000.example. 5M IN A 10.0.11.95
+4000.example. 5M IN A 10.0.11.96
+4000.example. 5M IN A 10.0.11.97
+4000.example. 5M IN A 10.0.11.98
+4000.example. 5M IN A 10.0.11.99
+4000.example. 5M IN A 10.0.11.100
+4000.example. 5M IN A 10.0.11.101
+4000.example. 5M IN A 10.0.11.102
+4000.example. 5M IN A 10.0.11.103
+4000.example. 5M IN A 10.0.11.104
+4000.example. 5M IN A 10.0.11.105
+4000.example. 5M IN A 10.0.11.106
+4000.example. 5M IN A 10.0.11.107
+4000.example. 5M IN A 10.0.11.108
+4000.example. 5M IN A 10.0.11.109
+4000.example. 5M IN A 10.0.11.110
+4000.example. 5M IN A 10.0.11.111
+4000.example. 5M IN A 10.0.11.112
+4000.example. 5M IN A 10.0.11.113
+4000.example. 5M IN A 10.0.11.114
+4000.example. 5M IN A 10.0.11.115
+4000.example. 5M IN A 10.0.11.116
+4000.example. 5M IN A 10.0.11.117
+4000.example. 5M IN A 10.0.11.118
+4000.example. 5M IN A 10.0.11.119
+4000.example. 5M IN A 10.0.11.120
+4000.example. 5M IN A 10.0.11.121
+4000.example. 5M IN A 10.0.11.122
+4000.example. 5M IN A 10.0.11.123
+4000.example. 5M IN A 10.0.11.124
+4000.example. 5M IN A 10.0.11.125
+4000.example. 5M IN A 10.0.11.126
+4000.example. 5M IN A 10.0.11.127
+4000.example. 5M IN A 10.0.11.128
+4000.example. 5M IN A 10.0.11.129
+4000.example. 5M IN A 10.0.11.130
+4000.example. 5M IN A 10.0.11.131
+4000.example. 5M IN A 10.0.11.132
+4000.example. 5M IN A 10.0.11.133
+4000.example. 5M IN A 10.0.11.134
+4000.example. 5M IN A 10.0.11.135
+4000.example. 5M IN A 10.0.11.136
+4000.example. 5M IN A 10.0.11.137
+4000.example. 5M IN A 10.0.11.138
+4000.example. 5M IN A 10.0.11.139
+4000.example. 5M IN A 10.0.11.140
+4000.example. 5M IN A 10.0.11.141
+4000.example. 5M IN A 10.0.11.142
+4000.example. 5M IN A 10.0.11.143
+4000.example. 5M IN A 10.0.11.144
+4000.example. 5M IN A 10.0.11.145
+4000.example. 5M IN A 10.0.11.146
+4000.example. 5M IN A 10.0.11.147
+4000.example. 5M IN A 10.0.11.148
+4000.example. 5M IN A 10.0.11.149
+4000.example. 5M IN A 10.0.11.150
+4000.example. 5M IN A 10.0.11.151
+4000.example. 5M IN A 10.0.11.152
+4000.example. 5M IN A 10.0.11.153
+4000.example. 5M IN A 10.0.11.154
+4000.example. 5M IN A 10.0.11.155
+4000.example. 5M IN A 10.0.11.156
+4000.example. 5M IN A 10.0.11.157
+4000.example. 5M IN A 10.0.11.158
+4000.example. 5M IN A 10.0.11.159
+4000.example. 5M IN A 10.0.11.160
+4000.example. 5M IN A 10.0.11.161
+4000.example. 5M IN A 10.0.11.162
+4000.example. 5M IN A 10.0.11.163
+4000.example. 5M IN A 10.0.11.164
+4000.example. 5M IN A 10.0.11.165
+4000.example. 5M IN A 10.0.11.166
+4000.example. 5M IN A 10.0.11.167
+4000.example. 5M IN A 10.0.11.168
+4000.example. 5M IN A 10.0.11.169
+4000.example. 5M IN A 10.0.11.170
+4000.example. 5M IN A 10.0.11.171
+4000.example. 5M IN A 10.0.11.172
+4000.example. 5M IN A 10.0.11.173
+4000.example. 5M IN A 10.0.11.174
+4000.example. 5M IN A 10.0.11.175
+4000.example. 5M IN A 10.0.11.176
+4000.example. 5M IN A 10.0.11.177
+4000.example. 5M IN A 10.0.11.178
+4000.example. 5M IN A 10.0.11.179
+4000.example. 5M IN A 10.0.11.180
+4000.example. 5M IN A 10.0.11.181
+4000.example. 5M IN A 10.0.11.182
+4000.example. 5M IN A 10.0.11.183
+4000.example. 5M IN A 10.0.11.184
+4000.example. 5M IN A 10.0.11.185
+4000.example. 5M IN A 10.0.11.186
+4000.example. 5M IN A 10.0.11.187
+4000.example. 5M IN A 10.0.11.188
+4000.example. 5M IN A 10.0.11.189
+4000.example. 5M IN A 10.0.11.190
+4000.example. 5M IN A 10.0.11.191
+4000.example. 5M IN A 10.0.11.192
+4000.example. 5M IN A 10.0.11.193
+4000.example. 5M IN A 10.0.11.194
+4000.example. 5M IN A 10.0.11.195
+4000.example. 5M IN A 10.0.11.196
+4000.example. 5M IN A 10.0.11.197
+4000.example. 5M IN A 10.0.11.198
+4000.example. 5M IN A 10.0.11.199
+4000.example. 5M IN A 10.0.11.200
+4000.example. 5M IN A 10.0.11.201
+4000.example. 5M IN A 10.0.11.202
+4000.example. 5M IN A 10.0.11.203
+4000.example. 5M IN A 10.0.11.204
+4000.example. 5M IN A 10.0.11.205
+4000.example. 5M IN A 10.0.11.206
+4000.example. 5M IN A 10.0.11.207
+4000.example. 5M IN A 10.0.11.208
+4000.example. 5M IN A 10.0.11.209
+4000.example. 5M IN A 10.0.11.210
+4000.example. 5M IN A 10.0.11.211
+4000.example. 5M IN A 10.0.11.212
+4000.example. 5M IN A 10.0.11.213
+4000.example. 5M IN A 10.0.11.214
+4000.example. 5M IN A 10.0.11.215
+4000.example. 5M IN A 10.0.11.216
+4000.example. 5M IN A 10.0.11.217
+4000.example. 5M IN A 10.0.11.218
+4000.example. 5M IN A 10.0.11.219
+4000.example. 5M IN A 10.0.11.220
+4000.example. 5M IN A 10.0.11.221
+4000.example. 5M IN A 10.0.11.222
+4000.example. 5M IN A 10.0.11.223
+4000.example. 5M IN A 10.0.11.224
+4000.example. 5M IN A 10.0.11.225
+4000.example. 5M IN A 10.0.11.226
+4000.example. 5M IN A 10.0.11.227
+4000.example. 5M IN A 10.0.11.228
+4000.example. 5M IN A 10.0.11.229
+4000.example. 5M IN A 10.0.11.230
+4000.example. 5M IN A 10.0.11.231
+4000.example. 5M IN A 10.0.11.232
+4000.example. 5M IN A 10.0.11.233
+4000.example. 5M IN A 10.0.11.234
+4000.example. 5M IN A 10.0.11.235
+4000.example. 5M IN A 10.0.11.236
+4000.example. 5M IN A 10.0.11.237
+4000.example. 5M IN A 10.0.11.238
+4000.example. 5M IN A 10.0.11.239
+4000.example. 5M IN A 10.0.11.240
+4000.example. 5M IN A 10.0.11.241
+4000.example. 5M IN A 10.0.11.242
+4000.example. 5M IN A 10.0.11.243
+4000.example. 5M IN A 10.0.11.244
+4000.example. 5M IN A 10.0.11.245
+4000.example. 5M IN A 10.0.11.246
+4000.example. 5M IN A 10.0.11.247
+4000.example. 5M IN A 10.0.11.248
+4000.example. 5M IN A 10.0.11.249
+4000.example. 5M IN A 10.0.11.250
+4000.example. 5M IN A 10.0.11.251
+4000.example. 5M IN A 10.0.11.252
+4000.example. 5M IN A 10.0.11.253
+4000.example. 5M IN A 10.0.11.254
+4000.example. 5M IN A 10.0.11.255
+4000.example. 5M IN A 10.0.12.0
+4000.example. 5M IN A 10.0.12.1
+4000.example. 5M IN A 10.0.12.2
+4000.example. 5M IN A 10.0.12.3
+4000.example. 5M IN A 10.0.12.4
+4000.example. 5M IN A 10.0.12.5
+4000.example. 5M IN A 10.0.12.6
+4000.example. 5M IN A 10.0.12.7
+4000.example. 5M IN A 10.0.12.8
+4000.example. 5M IN A 10.0.12.9
+4000.example. 5M IN A 10.0.12.10
+4000.example. 5M IN A 10.0.12.11
+4000.example. 5M IN A 10.0.12.12
+4000.example. 5M IN A 10.0.12.13
+4000.example. 5M IN A 10.0.12.14
+4000.example. 5M IN A 10.0.12.15
+4000.example. 5M IN A 10.0.12.16
+4000.example. 5M IN A 10.0.12.17
+4000.example. 5M IN A 10.0.12.18
+4000.example. 5M IN A 10.0.12.19
+4000.example. 5M IN A 10.0.12.20
+4000.example. 5M IN A 10.0.12.21
+4000.example. 5M IN A 10.0.12.22
+4000.example. 5M IN A 10.0.12.23
+4000.example. 5M IN A 10.0.12.24
+4000.example. 5M IN A 10.0.12.25
+4000.example. 5M IN A 10.0.12.26
+4000.example. 5M IN A 10.0.12.27
+4000.example. 5M IN A 10.0.12.28
+4000.example. 5M IN A 10.0.12.29
+4000.example. 5M IN A 10.0.12.30
+4000.example. 5M IN A 10.0.12.31
+4000.example. 5M IN A 10.0.12.32
+4000.example. 5M IN A 10.0.12.33
+4000.example. 5M IN A 10.0.12.34
+4000.example. 5M IN A 10.0.12.35
+4000.example. 5M IN A 10.0.12.36
+4000.example. 5M IN A 10.0.12.37
+4000.example. 5M IN A 10.0.12.38
+4000.example. 5M IN A 10.0.12.39
+4000.example. 5M IN A 10.0.12.40
+4000.example. 5M IN A 10.0.12.41
+4000.example. 5M IN A 10.0.12.42
+4000.example. 5M IN A 10.0.12.43
+4000.example. 5M IN A 10.0.12.44
+4000.example. 5M IN A 10.0.12.45
+4000.example. 5M IN A 10.0.12.46
+4000.example. 5M IN A 10.0.12.47
+4000.example. 5M IN A 10.0.12.48
+4000.example. 5M IN A 10.0.12.49
+4000.example. 5M IN A 10.0.12.50
+4000.example. 5M IN A 10.0.12.51
+4000.example. 5M IN A 10.0.12.52
+4000.example. 5M IN A 10.0.12.53
+4000.example. 5M IN A 10.0.12.54
+4000.example. 5M IN A 10.0.12.55
+4000.example. 5M IN A 10.0.12.56
+4000.example. 5M IN A 10.0.12.57
+4000.example. 5M IN A 10.0.12.58
+4000.example. 5M IN A 10.0.12.59
+4000.example. 5M IN A 10.0.12.60
+4000.example. 5M IN A 10.0.12.61
+4000.example. 5M IN A 10.0.12.62
+4000.example. 5M IN A 10.0.12.63
+4000.example. 5M IN A 10.0.12.64
+4000.example. 5M IN A 10.0.12.65
+4000.example. 5M IN A 10.0.12.66
+4000.example. 5M IN A 10.0.12.67
+4000.example. 5M IN A 10.0.12.68
+4000.example. 5M IN A 10.0.12.69
+4000.example. 5M IN A 10.0.12.70
+4000.example. 5M IN A 10.0.12.71
+4000.example. 5M IN A 10.0.12.72
+4000.example. 5M IN A 10.0.12.73
+4000.example. 5M IN A 10.0.12.74
+4000.example. 5M IN A 10.0.12.75
+4000.example. 5M IN A 10.0.12.76
+4000.example. 5M IN A 10.0.12.77
+4000.example. 5M IN A 10.0.12.78
+4000.example. 5M IN A 10.0.12.79
+4000.example. 5M IN A 10.0.12.80
+4000.example. 5M IN A 10.0.12.81
+4000.example. 5M IN A 10.0.12.82
+4000.example. 5M IN A 10.0.12.83
+4000.example. 5M IN A 10.0.12.84
+4000.example. 5M IN A 10.0.12.85
+4000.example. 5M IN A 10.0.12.86
+4000.example. 5M IN A 10.0.12.87
+4000.example. 5M IN A 10.0.12.88
+4000.example. 5M IN A 10.0.12.89
+4000.example. 5M IN A 10.0.12.90
+4000.example. 5M IN A 10.0.12.91
+4000.example. 5M IN A 10.0.12.92
+4000.example. 5M IN A 10.0.12.93
+4000.example. 5M IN A 10.0.12.94
+4000.example. 5M IN A 10.0.12.95
+4000.example. 5M IN A 10.0.12.96
+4000.example. 5M IN A 10.0.12.97
+4000.example. 5M IN A 10.0.12.98
+4000.example. 5M IN A 10.0.12.99
+4000.example. 5M IN A 10.0.12.100
+4000.example. 5M IN A 10.0.12.101
+4000.example. 5M IN A 10.0.12.102
+4000.example. 5M IN A 10.0.12.103
+4000.example. 5M IN A 10.0.12.104
+4000.example. 5M IN A 10.0.12.105
+4000.example. 5M IN A 10.0.12.106
+4000.example. 5M IN A 10.0.12.107
+4000.example. 5M IN A 10.0.12.108
+4000.example. 5M IN A 10.0.12.109
+4000.example. 5M IN A 10.0.12.110
+4000.example. 5M IN A 10.0.12.111
+4000.example. 5M IN A 10.0.12.112
+4000.example. 5M IN A 10.0.12.113
+4000.example. 5M IN A 10.0.12.114
+4000.example. 5M IN A 10.0.12.115
+4000.example. 5M IN A 10.0.12.116
+4000.example. 5M IN A 10.0.12.117
+4000.example. 5M IN A 10.0.12.118
+4000.example. 5M IN A 10.0.12.119
+4000.example. 5M IN A 10.0.12.120
+4000.example. 5M IN A 10.0.12.121
+4000.example. 5M IN A 10.0.12.122
+4000.example. 5M IN A 10.0.12.123
+4000.example. 5M IN A 10.0.12.124
+4000.example. 5M IN A 10.0.12.125
+4000.example. 5M IN A 10.0.12.126
+4000.example. 5M IN A 10.0.12.127
+4000.example. 5M IN A 10.0.12.128
+4000.example. 5M IN A 10.0.12.129
+4000.example. 5M IN A 10.0.12.130
+4000.example. 5M IN A 10.0.12.131
+4000.example. 5M IN A 10.0.12.132
+4000.example. 5M IN A 10.0.12.133
+4000.example. 5M IN A 10.0.12.134
+4000.example. 5M IN A 10.0.12.135
+4000.example. 5M IN A 10.0.12.136
+4000.example. 5M IN A 10.0.12.137
+4000.example. 5M IN A 10.0.12.138
+4000.example. 5M IN A 10.0.12.139
+4000.example. 5M IN A 10.0.12.140
+4000.example. 5M IN A 10.0.12.141
+4000.example. 5M IN A 10.0.12.142
+4000.example. 5M IN A 10.0.12.143
+4000.example. 5M IN A 10.0.12.144
+4000.example. 5M IN A 10.0.12.145
+4000.example. 5M IN A 10.0.12.146
+4000.example. 5M IN A 10.0.12.147
+4000.example. 5M IN A 10.0.12.148
+4000.example. 5M IN A 10.0.12.149
+4000.example. 5M IN A 10.0.12.150
+4000.example. 5M IN A 10.0.12.151
+4000.example. 5M IN A 10.0.12.152
+4000.example. 5M IN A 10.0.12.153
+4000.example. 5M IN A 10.0.12.154
+4000.example. 5M IN A 10.0.12.155
+4000.example. 5M IN A 10.0.12.156
+4000.example. 5M IN A 10.0.12.157
+4000.example. 5M IN A 10.0.12.158
+4000.example. 5M IN A 10.0.12.159
+4000.example. 5M IN A 10.0.12.160
+4000.example. 5M IN A 10.0.12.161
+4000.example. 5M IN A 10.0.12.162
+4000.example. 5M IN A 10.0.12.163
+4000.example. 5M IN A 10.0.12.164
+4000.example. 5M IN A 10.0.12.165
+4000.example. 5M IN A 10.0.12.166
+4000.example. 5M IN A 10.0.12.167
+4000.example. 5M IN A 10.0.12.168
+4000.example. 5M IN A 10.0.12.169
+4000.example. 5M IN A 10.0.12.170
+4000.example. 5M IN A 10.0.12.171
+4000.example. 5M IN A 10.0.12.172
+4000.example. 5M IN A 10.0.12.173
+4000.example. 5M IN A 10.0.12.174
+4000.example. 5M IN A 10.0.12.175
+4000.example. 5M IN A 10.0.12.176
+4000.example. 5M IN A 10.0.12.177
+4000.example. 5M IN A 10.0.12.178
+4000.example. 5M IN A 10.0.12.179
+4000.example. 5M IN A 10.0.12.180
+4000.example. 5M IN A 10.0.12.181
+4000.example. 5M IN A 10.0.12.182
+4000.example. 5M IN A 10.0.12.183
+4000.example. 5M IN A 10.0.12.184
+4000.example. 5M IN A 10.0.12.185
+4000.example. 5M IN A 10.0.12.186
+4000.example. 5M IN A 10.0.12.187
+4000.example. 5M IN A 10.0.12.188
+4000.example. 5M IN A 10.0.12.189
+4000.example. 5M IN A 10.0.12.190
+4000.example. 5M IN A 10.0.12.191
+4000.example. 5M IN A 10.0.12.192
+4000.example. 5M IN A 10.0.12.193
+4000.example. 5M IN A 10.0.12.194
+4000.example. 5M IN A 10.0.12.195
+4000.example. 5M IN A 10.0.12.196
+4000.example. 5M IN A 10.0.12.197
+4000.example. 5M IN A 10.0.12.198
+4000.example. 5M IN A 10.0.12.199
+4000.example. 5M IN A 10.0.12.200
+4000.example. 5M IN A 10.0.12.201
+4000.example. 5M IN A 10.0.12.202
+4000.example. 5M IN A 10.0.12.203
+4000.example. 5M IN A 10.0.12.204
+4000.example. 5M IN A 10.0.12.205
+4000.example. 5M IN A 10.0.12.206
+4000.example. 5M IN A 10.0.12.207
+4000.example. 5M IN A 10.0.12.208
+4000.example. 5M IN A 10.0.12.209
+4000.example. 5M IN A 10.0.12.210
+4000.example. 5M IN A 10.0.12.211
+4000.example. 5M IN A 10.0.12.212
+4000.example. 5M IN A 10.0.12.213
+4000.example. 5M IN A 10.0.12.214
+4000.example. 5M IN A 10.0.12.215
+4000.example. 5M IN A 10.0.12.216
+4000.example. 5M IN A 10.0.12.217
+4000.example. 5M IN A 10.0.12.218
+4000.example. 5M IN A 10.0.12.219
+4000.example. 5M IN A 10.0.12.220
+4000.example. 5M IN A 10.0.12.221
+4000.example. 5M IN A 10.0.12.222
+4000.example. 5M IN A 10.0.12.223
+4000.example. 5M IN A 10.0.12.224
+4000.example. 5M IN A 10.0.12.225
+4000.example. 5M IN A 10.0.12.226
+4000.example. 5M IN A 10.0.12.227
+4000.example. 5M IN A 10.0.12.228
+4000.example. 5M IN A 10.0.12.229
+4000.example. 5M IN A 10.0.12.230
+4000.example. 5M IN A 10.0.12.231
+4000.example. 5M IN A 10.0.12.232
+4000.example. 5M IN A 10.0.12.233
+4000.example. 5M IN A 10.0.12.234
+4000.example. 5M IN A 10.0.12.235
+4000.example. 5M IN A 10.0.12.236
+4000.example. 5M IN A 10.0.12.237
+4000.example. 5M IN A 10.0.12.238
+4000.example. 5M IN A 10.0.12.239
+4000.example. 5M IN A 10.0.12.240
+4000.example. 5M IN A 10.0.12.241
+4000.example. 5M IN A 10.0.12.242
+4000.example. 5M IN A 10.0.12.243
+4000.example. 5M IN A 10.0.12.244
+4000.example. 5M IN A 10.0.12.245
+4000.example. 5M IN A 10.0.12.246
+4000.example. 5M IN A 10.0.12.247
+4000.example. 5M IN A 10.0.12.248
+4000.example. 5M IN A 10.0.12.249
+4000.example. 5M IN A 10.0.12.250
+4000.example. 5M IN A 10.0.12.251
+4000.example. 5M IN A 10.0.12.252
+4000.example. 5M IN A 10.0.12.253
+4000.example. 5M IN A 10.0.12.254
+4000.example. 5M IN A 10.0.12.255
+4000.example. 5M IN A 10.0.13.0
+4000.example. 5M IN A 10.0.13.1
+4000.example. 5M IN A 10.0.13.2
+4000.example. 5M IN A 10.0.13.3
+4000.example. 5M IN A 10.0.13.4
+4000.example. 5M IN A 10.0.13.5
+4000.example. 5M IN A 10.0.13.6
+4000.example. 5M IN A 10.0.13.7
+4000.example. 5M IN A 10.0.13.8
+4000.example. 5M IN A 10.0.13.9
+4000.example. 5M IN A 10.0.13.10
+4000.example. 5M IN A 10.0.13.11
+4000.example. 5M IN A 10.0.13.12
+4000.example. 5M IN A 10.0.13.13
+4000.example. 5M IN A 10.0.13.14
+4000.example. 5M IN A 10.0.13.15
+4000.example. 5M IN A 10.0.13.16
+4000.example. 5M IN A 10.0.13.17
+4000.example. 5M IN A 10.0.13.18
+4000.example. 5M IN A 10.0.13.19
+4000.example. 5M IN A 10.0.13.20
+4000.example. 5M IN A 10.0.13.21
+4000.example. 5M IN A 10.0.13.22
+4000.example. 5M IN A 10.0.13.23
+4000.example. 5M IN A 10.0.13.24
+4000.example. 5M IN A 10.0.13.25
+4000.example. 5M IN A 10.0.13.26
+4000.example. 5M IN A 10.0.13.27
+4000.example. 5M IN A 10.0.13.28
+4000.example. 5M IN A 10.0.13.29
+4000.example. 5M IN A 10.0.13.30
+4000.example. 5M IN A 10.0.13.31
+4000.example. 5M IN A 10.0.13.32
+4000.example. 5M IN A 10.0.13.33
+4000.example. 5M IN A 10.0.13.34
+4000.example. 5M IN A 10.0.13.35
+4000.example. 5M IN A 10.0.13.36
+4000.example. 5M IN A 10.0.13.37
+4000.example. 5M IN A 10.0.13.38
+4000.example. 5M IN A 10.0.13.39
+4000.example. 5M IN A 10.0.13.40
+4000.example. 5M IN A 10.0.13.41
+4000.example. 5M IN A 10.0.13.42
+4000.example. 5M IN A 10.0.13.43
+4000.example. 5M IN A 10.0.13.44
+4000.example. 5M IN A 10.0.13.45
+4000.example. 5M IN A 10.0.13.46
+4000.example. 5M IN A 10.0.13.47
+4000.example. 5M IN A 10.0.13.48
+4000.example. 5M IN A 10.0.13.49
+4000.example. 5M IN A 10.0.13.50
+4000.example. 5M IN A 10.0.13.51
+4000.example. 5M IN A 10.0.13.52
+4000.example. 5M IN A 10.0.13.53
+4000.example. 5M IN A 10.0.13.54
+4000.example. 5M IN A 10.0.13.55
+4000.example. 5M IN A 10.0.13.56
+4000.example. 5M IN A 10.0.13.57
+4000.example. 5M IN A 10.0.13.58
+4000.example. 5M IN A 10.0.13.59
+4000.example. 5M IN A 10.0.13.60
+4000.example. 5M IN A 10.0.13.61
+4000.example. 5M IN A 10.0.13.62
+4000.example. 5M IN A 10.0.13.63
+4000.example. 5M IN A 10.0.13.64
+4000.example. 5M IN A 10.0.13.65
+4000.example. 5M IN A 10.0.13.66
+4000.example. 5M IN A 10.0.13.67
+4000.example. 5M IN A 10.0.13.68
+4000.example. 5M IN A 10.0.13.69
+4000.example. 5M IN A 10.0.13.70
+4000.example. 5M IN A 10.0.13.71
+4000.example. 5M IN A 10.0.13.72
+4000.example. 5M IN A 10.0.13.73
+4000.example. 5M IN A 10.0.13.74
+4000.example. 5M IN A 10.0.13.75
+4000.example. 5M IN A 10.0.13.76
+4000.example. 5M IN A 10.0.13.77
+4000.example. 5M IN A 10.0.13.78
+4000.example. 5M IN A 10.0.13.79
+4000.example. 5M IN A 10.0.13.80
+4000.example. 5M IN A 10.0.13.81
+4000.example. 5M IN A 10.0.13.82
+4000.example. 5M IN A 10.0.13.83
+4000.example. 5M IN A 10.0.13.84
+4000.example. 5M IN A 10.0.13.85
+4000.example. 5M IN A 10.0.13.86
+4000.example. 5M IN A 10.0.13.87
+4000.example. 5M IN A 10.0.13.88
+4000.example. 5M IN A 10.0.13.89
+4000.example. 5M IN A 10.0.13.90
+4000.example. 5M IN A 10.0.13.91
+4000.example. 5M IN A 10.0.13.92
+4000.example. 5M IN A 10.0.13.93
+4000.example. 5M IN A 10.0.13.94
+4000.example. 5M IN A 10.0.13.95
+4000.example. 5M IN A 10.0.13.96
+4000.example. 5M IN A 10.0.13.97
+4000.example. 5M IN A 10.0.13.98
+4000.example. 5M IN A 10.0.13.99
+4000.example. 5M IN A 10.0.13.100
+4000.example. 5M IN A 10.0.13.101
+4000.example. 5M IN A 10.0.13.102
+4000.example. 5M IN A 10.0.13.103
+4000.example. 5M IN A 10.0.13.104
+4000.example. 5M IN A 10.0.13.105
+4000.example. 5M IN A 10.0.13.106
+4000.example. 5M IN A 10.0.13.107
+4000.example. 5M IN A 10.0.13.108
+4000.example. 5M IN A 10.0.13.109
+4000.example. 5M IN A 10.0.13.110
+4000.example. 5M IN A 10.0.13.111
+4000.example. 5M IN A 10.0.13.112
+4000.example. 5M IN A 10.0.13.113
+4000.example. 5M IN A 10.0.13.114
+4000.example. 5M IN A 10.0.13.115
+4000.example. 5M IN A 10.0.13.116
+4000.example. 5M IN A 10.0.13.117
+4000.example. 5M IN A 10.0.13.118
+4000.example. 5M IN A 10.0.13.119
+4000.example. 5M IN A 10.0.13.120
+4000.example. 5M IN A 10.0.13.121
+4000.example. 5M IN A 10.0.13.122
+4000.example. 5M IN A 10.0.13.123
+4000.example. 5M IN A 10.0.13.124
+4000.example. 5M IN A 10.0.13.125
+4000.example. 5M IN A 10.0.13.126
+4000.example. 5M IN A 10.0.13.127
+4000.example. 5M IN A 10.0.13.128
+4000.example. 5M IN A 10.0.13.129
+4000.example. 5M IN A 10.0.13.130
+4000.example. 5M IN A 10.0.13.131
+4000.example. 5M IN A 10.0.13.132
+4000.example. 5M IN A 10.0.13.133
+4000.example. 5M IN A 10.0.13.134
+4000.example. 5M IN A 10.0.13.135
+4000.example. 5M IN A 10.0.13.136
+4000.example. 5M IN A 10.0.13.137
+4000.example. 5M IN A 10.0.13.138
+4000.example. 5M IN A 10.0.13.139
+4000.example. 5M IN A 10.0.13.140
+4000.example. 5M IN A 10.0.13.141
+4000.example. 5M IN A 10.0.13.142
+4000.example. 5M IN A 10.0.13.143
+4000.example. 5M IN A 10.0.13.144
+4000.example. 5M IN A 10.0.13.145
+4000.example. 5M IN A 10.0.13.146
+4000.example. 5M IN A 10.0.13.147
+4000.example. 5M IN A 10.0.13.148
+4000.example. 5M IN A 10.0.13.149
+4000.example. 5M IN A 10.0.13.150
+4000.example. 5M IN A 10.0.13.151
+4000.example. 5M IN A 10.0.13.152
+4000.example. 5M IN A 10.0.13.153
+4000.example. 5M IN A 10.0.13.154
+4000.example. 5M IN A 10.0.13.155
+4000.example. 5M IN A 10.0.13.156
+4000.example. 5M IN A 10.0.13.157
+4000.example. 5M IN A 10.0.13.158
+4000.example. 5M IN A 10.0.13.159
+4000.example. 5M IN A 10.0.13.160
+4000.example. 5M IN A 10.0.13.161
+4000.example. 5M IN A 10.0.13.162
+4000.example. 5M IN A 10.0.13.163
+4000.example. 5M IN A 10.0.13.164
+4000.example. 5M IN A 10.0.13.165
+4000.example. 5M IN A 10.0.13.166
+4000.example. 5M IN A 10.0.13.167
+4000.example. 5M IN A 10.0.13.168
+4000.example. 5M IN A 10.0.13.169
+4000.example. 5M IN A 10.0.13.170
+4000.example. 5M IN A 10.0.13.171
+4000.example. 5M IN A 10.0.13.172
+4000.example. 5M IN A 10.0.13.173
+4000.example. 5M IN A 10.0.13.174
+4000.example. 5M IN A 10.0.13.175
+4000.example. 5M IN A 10.0.13.176
+4000.example. 5M IN A 10.0.13.177
+4000.example. 5M IN A 10.0.13.178
+4000.example. 5M IN A 10.0.13.179
+4000.example. 5M IN A 10.0.13.180
+4000.example. 5M IN A 10.0.13.181
+4000.example. 5M IN A 10.0.13.182
+4000.example. 5M IN A 10.0.13.183
+4000.example. 5M IN A 10.0.13.184
+4000.example. 5M IN A 10.0.13.185
+4000.example. 5M IN A 10.0.13.186
+4000.example. 5M IN A 10.0.13.187
+4000.example. 5M IN A 10.0.13.188
+4000.example. 5M IN A 10.0.13.189
+4000.example. 5M IN A 10.0.13.190
+4000.example. 5M IN A 10.0.13.191
+4000.example. 5M IN A 10.0.13.192
+4000.example. 5M IN A 10.0.13.193
+4000.example. 5M IN A 10.0.13.194
+4000.example. 5M IN A 10.0.13.195
+4000.example. 5M IN A 10.0.13.196
+4000.example. 5M IN A 10.0.13.197
+4000.example. 5M IN A 10.0.13.198
+4000.example. 5M IN A 10.0.13.199
+4000.example. 5M IN A 10.0.13.200
+4000.example. 5M IN A 10.0.13.201
+4000.example. 5M IN A 10.0.13.202
+4000.example. 5M IN A 10.0.13.203
+4000.example. 5M IN A 10.0.13.204
+4000.example. 5M IN A 10.0.13.205
+4000.example. 5M IN A 10.0.13.206
+4000.example. 5M IN A 10.0.13.207
+4000.example. 5M IN A 10.0.13.208
+4000.example. 5M IN A 10.0.13.209
+4000.example. 5M IN A 10.0.13.210
+4000.example. 5M IN A 10.0.13.211
+4000.example. 5M IN A 10.0.13.212
+4000.example. 5M IN A 10.0.13.213
+4000.example. 5M IN A 10.0.13.214
+4000.example. 5M IN A 10.0.13.215
+4000.example. 5M IN A 10.0.13.216
+4000.example. 5M IN A 10.0.13.217
+4000.example. 5M IN A 10.0.13.218
+4000.example. 5M IN A 10.0.13.219
+4000.example. 5M IN A 10.0.13.220
+4000.example. 5M IN A 10.0.13.221
+4000.example. 5M IN A 10.0.13.222
+4000.example. 5M IN A 10.0.13.223
+4000.example. 5M IN A 10.0.13.224
+4000.example. 5M IN A 10.0.13.225
+4000.example. 5M IN A 10.0.13.226
+4000.example. 5M IN A 10.0.13.227
+4000.example. 5M IN A 10.0.13.228
+4000.example. 5M IN A 10.0.13.229
+4000.example. 5M IN A 10.0.13.230
+4000.example. 5M IN A 10.0.13.231
+4000.example. 5M IN A 10.0.13.232
+4000.example. 5M IN A 10.0.13.233
+4000.example. 5M IN A 10.0.13.234
+4000.example. 5M IN A 10.0.13.235
+4000.example. 5M IN A 10.0.13.236
+4000.example. 5M IN A 10.0.13.237
+4000.example. 5M IN A 10.0.13.238
+4000.example. 5M IN A 10.0.13.239
+4000.example. 5M IN A 10.0.13.240
+4000.example. 5M IN A 10.0.13.241
+4000.example. 5M IN A 10.0.13.242
+4000.example. 5M IN A 10.0.13.243
+4000.example. 5M IN A 10.0.13.244
+4000.example. 5M IN A 10.0.13.245
+4000.example. 5M IN A 10.0.13.246
+4000.example. 5M IN A 10.0.13.247
+4000.example. 5M IN A 10.0.13.248
+4000.example. 5M IN A 10.0.13.249
+4000.example. 5M IN A 10.0.13.250
+4000.example. 5M IN A 10.0.13.251
+4000.example. 5M IN A 10.0.13.252
+4000.example. 5M IN A 10.0.13.253
+4000.example. 5M IN A 10.0.13.254
+4000.example. 5M IN A 10.0.13.255
+4000.example. 5M IN A 10.0.14.0
+4000.example. 5M IN A 10.0.14.1
+4000.example. 5M IN A 10.0.14.2
+4000.example. 5M IN A 10.0.14.3
+4000.example. 5M IN A 10.0.14.4
+4000.example. 5M IN A 10.0.14.5
+4000.example. 5M IN A 10.0.14.6
+4000.example. 5M IN A 10.0.14.7
+4000.example. 5M IN A 10.0.14.8
+4000.example. 5M IN A 10.0.14.9
+4000.example. 5M IN A 10.0.14.10
+4000.example. 5M IN A 10.0.14.11
+4000.example. 5M IN A 10.0.14.12
+4000.example. 5M IN A 10.0.14.13
+4000.example. 5M IN A 10.0.14.14
+4000.example. 5M IN A 10.0.14.15
+4000.example. 5M IN A 10.0.14.16
+4000.example. 5M IN A 10.0.14.17
+4000.example. 5M IN A 10.0.14.18
+4000.example. 5M IN A 10.0.14.19
+4000.example. 5M IN A 10.0.14.20
+4000.example. 5M IN A 10.0.14.21
+4000.example. 5M IN A 10.0.14.22
+4000.example. 5M IN A 10.0.14.23
+4000.example. 5M IN A 10.0.14.24
+4000.example. 5M IN A 10.0.14.25
+4000.example. 5M IN A 10.0.14.26
+4000.example. 5M IN A 10.0.14.27
+4000.example. 5M IN A 10.0.14.28
+4000.example. 5M IN A 10.0.14.29
+4000.example. 5M IN A 10.0.14.30
+4000.example. 5M IN A 10.0.14.31
+4000.example. 5M IN A 10.0.14.32
+4000.example. 5M IN A 10.0.14.33
+4000.example. 5M IN A 10.0.14.34
+4000.example. 5M IN A 10.0.14.35
+4000.example. 5M IN A 10.0.14.36
+4000.example. 5M IN A 10.0.14.37
+4000.example. 5M IN A 10.0.14.38
+4000.example. 5M IN A 10.0.14.39
+4000.example. 5M IN A 10.0.14.40
+4000.example. 5M IN A 10.0.14.41
+4000.example. 5M IN A 10.0.14.42
+4000.example. 5M IN A 10.0.14.43
+4000.example. 5M IN A 10.0.14.44
+4000.example. 5M IN A 10.0.14.45
+4000.example. 5M IN A 10.0.14.46
+4000.example. 5M IN A 10.0.14.47
+4000.example. 5M IN A 10.0.14.48
+4000.example. 5M IN A 10.0.14.49
+4000.example. 5M IN A 10.0.14.50
+4000.example. 5M IN A 10.0.14.51
+4000.example. 5M IN A 10.0.14.52
+4000.example. 5M IN A 10.0.14.53
+4000.example. 5M IN A 10.0.14.54
+4000.example. 5M IN A 10.0.14.55
+4000.example. 5M IN A 10.0.14.56
+4000.example. 5M IN A 10.0.14.57
+4000.example. 5M IN A 10.0.14.58
+4000.example. 5M IN A 10.0.14.59
+4000.example. 5M IN A 10.0.14.60
+4000.example. 5M IN A 10.0.14.61
+4000.example. 5M IN A 10.0.14.62
+4000.example. 5M IN A 10.0.14.63
+4000.example. 5M IN A 10.0.14.64
+4000.example. 5M IN A 10.0.14.65
+4000.example. 5M IN A 10.0.14.66
+4000.example. 5M IN A 10.0.14.67
+4000.example. 5M IN A 10.0.14.68
+4000.example. 5M IN A 10.0.14.69
+4000.example. 5M IN A 10.0.14.70
+4000.example. 5M IN A 10.0.14.71
+4000.example. 5M IN A 10.0.14.72
+4000.example. 5M IN A 10.0.14.73
+4000.example. 5M IN A 10.0.14.74
+4000.example. 5M IN A 10.0.14.75
+4000.example. 5M IN A 10.0.14.76
+4000.example. 5M IN A 10.0.14.77
+4000.example. 5M IN A 10.0.14.78
+4000.example. 5M IN A 10.0.14.79
+4000.example. 5M IN A 10.0.14.80
+4000.example. 5M IN A 10.0.14.81
+4000.example. 5M IN A 10.0.14.82
+4000.example. 5M IN A 10.0.14.83
+4000.example. 5M IN A 10.0.14.84
+4000.example. 5M IN A 10.0.14.85
+4000.example. 5M IN A 10.0.14.86
+4000.example. 5M IN A 10.0.14.87
+4000.example. 5M IN A 10.0.14.88
+4000.example. 5M IN A 10.0.14.89
+4000.example. 5M IN A 10.0.14.90
+4000.example. 5M IN A 10.0.14.91
+4000.example. 5M IN A 10.0.14.92
+4000.example. 5M IN A 10.0.14.93
+4000.example. 5M IN A 10.0.14.94
+4000.example. 5M IN A 10.0.14.95
+4000.example. 5M IN A 10.0.14.96
+4000.example. 5M IN A 10.0.14.97
+4000.example. 5M IN A 10.0.14.98
+4000.example. 5M IN A 10.0.14.99
+4000.example. 5M IN A 10.0.14.100
+4000.example. 5M IN A 10.0.14.101
+4000.example. 5M IN A 10.0.14.102
+4000.example. 5M IN A 10.0.14.103
+4000.example. 5M IN A 10.0.14.104
+4000.example. 5M IN A 10.0.14.105
+4000.example. 5M IN A 10.0.14.106
+4000.example. 5M IN A 10.0.14.107
+4000.example. 5M IN A 10.0.14.108
+4000.example. 5M IN A 10.0.14.109
+4000.example. 5M IN A 10.0.14.110
+4000.example. 5M IN A 10.0.14.111
+4000.example. 5M IN A 10.0.14.112
+4000.example. 5M IN A 10.0.14.113
+4000.example. 5M IN A 10.0.14.114
+4000.example. 5M IN A 10.0.14.115
+4000.example. 5M IN A 10.0.14.116
+4000.example. 5M IN A 10.0.14.117
+4000.example. 5M IN A 10.0.14.118
+4000.example. 5M IN A 10.0.14.119
+4000.example. 5M IN A 10.0.14.120
+4000.example. 5M IN A 10.0.14.121
+4000.example. 5M IN A 10.0.14.122
+4000.example. 5M IN A 10.0.14.123
+4000.example. 5M IN A 10.0.14.124
+4000.example. 5M IN A 10.0.14.125
+4000.example. 5M IN A 10.0.14.126
+4000.example. 5M IN A 10.0.14.127
+4000.example. 5M IN A 10.0.14.128
+4000.example. 5M IN A 10.0.14.129
+4000.example. 5M IN A 10.0.14.130
+4000.example. 5M IN A 10.0.14.131
+4000.example. 5M IN A 10.0.14.132
+4000.example. 5M IN A 10.0.14.133
+4000.example. 5M IN A 10.0.14.134
+4000.example. 5M IN A 10.0.14.135
+4000.example. 5M IN A 10.0.14.136
+4000.example. 5M IN A 10.0.14.137
+4000.example. 5M IN A 10.0.14.138
+4000.example. 5M IN A 10.0.14.139
+4000.example. 5M IN A 10.0.14.140
+4000.example. 5M IN A 10.0.14.141
+4000.example. 5M IN A 10.0.14.142
+4000.example. 5M IN A 10.0.14.143
+4000.example. 5M IN A 10.0.14.144
+4000.example. 5M IN A 10.0.14.145
+4000.example. 5M IN A 10.0.14.146
+4000.example. 5M IN A 10.0.14.147
+4000.example. 5M IN A 10.0.14.148
+4000.example. 5M IN A 10.0.14.149
+4000.example. 5M IN A 10.0.14.150
+4000.example. 5M IN A 10.0.14.151
+4000.example. 5M IN A 10.0.14.152
+4000.example. 5M IN A 10.0.14.153
+4000.example. 5M IN A 10.0.14.154
+4000.example. 5M IN A 10.0.14.155
+4000.example. 5M IN A 10.0.14.156
+4000.example. 5M IN A 10.0.14.157
+4000.example. 5M IN A 10.0.14.158
+4000.example. 5M IN A 10.0.14.159
+4000.example. 5M IN A 10.0.14.160
+4000.example. 5M IN A 10.0.14.161
+4000.example. 5M IN A 10.0.14.162
+4000.example. 5M IN A 10.0.14.163
+4000.example. 5M IN A 10.0.14.164
+4000.example. 5M IN A 10.0.14.165
+4000.example. 5M IN A 10.0.14.166
+4000.example. 5M IN A 10.0.14.167
+4000.example. 5M IN A 10.0.14.168
+4000.example. 5M IN A 10.0.14.169
+4000.example. 5M IN A 10.0.14.170
+4000.example. 5M IN A 10.0.14.171
+4000.example. 5M IN A 10.0.14.172
+4000.example. 5M IN A 10.0.14.173
+4000.example. 5M IN A 10.0.14.174
+4000.example. 5M IN A 10.0.14.175
+4000.example. 5M IN A 10.0.14.176
+4000.example. 5M IN A 10.0.14.177
+4000.example. 5M IN A 10.0.14.178
+4000.example. 5M IN A 10.0.14.179
+4000.example. 5M IN A 10.0.14.180
+4000.example. 5M IN A 10.0.14.181
+4000.example. 5M IN A 10.0.14.182
+4000.example. 5M IN A 10.0.14.183
+4000.example. 5M IN A 10.0.14.184
+4000.example. 5M IN A 10.0.14.185
+4000.example. 5M IN A 10.0.14.186
+4000.example. 5M IN A 10.0.14.187
+4000.example. 5M IN A 10.0.14.188
+4000.example. 5M IN A 10.0.14.189
+4000.example. 5M IN A 10.0.14.190
+4000.example. 5M IN A 10.0.14.191
+4000.example. 5M IN A 10.0.14.192
+4000.example. 5M IN A 10.0.14.193
+4000.example. 5M IN A 10.0.14.194
+4000.example. 5M IN A 10.0.14.195
+4000.example. 5M IN A 10.0.14.196
+4000.example. 5M IN A 10.0.14.197
+4000.example. 5M IN A 10.0.14.198
+4000.example. 5M IN A 10.0.14.199
+4000.example. 5M IN A 10.0.14.200
+4000.example. 5M IN A 10.0.14.201
+4000.example. 5M IN A 10.0.14.202
+4000.example. 5M IN A 10.0.14.203
+4000.example. 5M IN A 10.0.14.204
+4000.example. 5M IN A 10.0.14.205
+4000.example. 5M IN A 10.0.14.206
+4000.example. 5M IN A 10.0.14.207
+4000.example. 5M IN A 10.0.14.208
+4000.example. 5M IN A 10.0.14.209
+4000.example. 5M IN A 10.0.14.210
+4000.example. 5M IN A 10.0.14.211
+4000.example. 5M IN A 10.0.14.212
+4000.example. 5M IN A 10.0.14.213
+4000.example. 5M IN A 10.0.14.214
+4000.example. 5M IN A 10.0.14.215
+4000.example. 5M IN A 10.0.14.216
+4000.example. 5M IN A 10.0.14.217
+4000.example. 5M IN A 10.0.14.218
+4000.example. 5M IN A 10.0.14.219
+4000.example. 5M IN A 10.0.14.220
+4000.example. 5M IN A 10.0.14.221
+4000.example. 5M IN A 10.0.14.222
+4000.example. 5M IN A 10.0.14.223
+4000.example. 5M IN A 10.0.14.224
+4000.example. 5M IN A 10.0.14.225
+4000.example. 5M IN A 10.0.14.226
+4000.example. 5M IN A 10.0.14.227
+4000.example. 5M IN A 10.0.14.228
+4000.example. 5M IN A 10.0.14.229
+4000.example. 5M IN A 10.0.14.230
+4000.example. 5M IN A 10.0.14.231
+4000.example. 5M IN A 10.0.14.232
+4000.example. 5M IN A 10.0.14.233
+4000.example. 5M IN A 10.0.14.234
+4000.example. 5M IN A 10.0.14.235
+4000.example. 5M IN A 10.0.14.236
+4000.example. 5M IN A 10.0.14.237
+4000.example. 5M IN A 10.0.14.238
+4000.example. 5M IN A 10.0.14.239
+4000.example. 5M IN A 10.0.14.240
+4000.example. 5M IN A 10.0.14.241
+4000.example. 5M IN A 10.0.14.242
+4000.example. 5M IN A 10.0.14.243
+4000.example. 5M IN A 10.0.14.244
+4000.example. 5M IN A 10.0.14.245
+4000.example. 5M IN A 10.0.14.246
+4000.example. 5M IN A 10.0.14.247
+4000.example. 5M IN A 10.0.14.248
+4000.example. 5M IN A 10.0.14.249
+4000.example. 5M IN A 10.0.14.250
+4000.example. 5M IN A 10.0.14.251
+4000.example. 5M IN A 10.0.14.252
+4000.example. 5M IN A 10.0.14.253
+4000.example. 5M IN A 10.0.14.254
+4000.example. 5M IN A 10.0.14.255
+4000.example. 5M IN A 10.0.15.0
+4000.example. 5M IN A 10.0.15.1
+4000.example. 5M IN A 10.0.15.2
+4000.example. 5M IN A 10.0.15.3
+4000.example. 5M IN A 10.0.15.4
+4000.example. 5M IN A 10.0.15.5
+4000.example. 5M IN A 10.0.15.6
+4000.example. 5M IN A 10.0.15.7
+4000.example. 5M IN A 10.0.15.8
+4000.example. 5M IN A 10.0.15.9
+4000.example. 5M IN A 10.0.15.10
+4000.example. 5M IN A 10.0.15.11
+4000.example. 5M IN A 10.0.15.12
+4000.example. 5M IN A 10.0.15.13
+4000.example. 5M IN A 10.0.15.14
+4000.example. 5M IN A 10.0.15.15
+4000.example. 5M IN A 10.0.15.16
+4000.example. 5M IN A 10.0.15.17
+4000.example. 5M IN A 10.0.15.18
+4000.example. 5M IN A 10.0.15.19
+4000.example. 5M IN A 10.0.15.20
+4000.example. 5M IN A 10.0.15.21
+4000.example. 5M IN A 10.0.15.22
+4000.example. 5M IN A 10.0.15.23
+4000.example. 5M IN A 10.0.15.24
+4000.example. 5M IN A 10.0.15.25
+4000.example. 5M IN A 10.0.15.26
+4000.example. 5M IN A 10.0.15.27
+4000.example. 5M IN A 10.0.15.28
+4000.example. 5M IN A 10.0.15.29
+4000.example. 5M IN A 10.0.15.30
+4000.example. 5M IN A 10.0.15.31
+4000.example. 5M IN A 10.0.15.32
+4000.example. 5M IN A 10.0.15.33
+4000.example. 5M IN A 10.0.15.34
+4000.example. 5M IN A 10.0.15.35
+4000.example. 5M IN A 10.0.15.36
+4000.example. 5M IN A 10.0.15.37
+4000.example. 5M IN A 10.0.15.38
+4000.example. 5M IN A 10.0.15.39
+4000.example. 5M IN A 10.0.15.40
+4000.example. 5M IN A 10.0.15.41
+4000.example. 5M IN A 10.0.15.42
+4000.example. 5M IN A 10.0.15.43
+4000.example. 5M IN A 10.0.15.44
+4000.example. 5M IN A 10.0.15.45
+4000.example. 5M IN A 10.0.15.46
+4000.example. 5M IN A 10.0.15.47
+4000.example. 5M IN A 10.0.15.48
+4000.example. 5M IN A 10.0.15.49
+4000.example. 5M IN A 10.0.15.50
+4000.example. 5M IN A 10.0.15.51
+4000.example. 5M IN A 10.0.15.52
+4000.example. 5M IN A 10.0.15.53
+4000.example. 5M IN A 10.0.15.54
+4000.example. 5M IN A 10.0.15.55
+4000.example. 5M IN A 10.0.15.56
+4000.example. 5M IN A 10.0.15.57
+4000.example. 5M IN A 10.0.15.58
+4000.example. 5M IN A 10.0.15.59
+4000.example. 5M IN A 10.0.15.60
+4000.example. 5M IN A 10.0.15.61
+4000.example. 5M IN A 10.0.15.62
+4000.example. 5M IN A 10.0.15.63
+4000.example. 5M IN A 10.0.15.64
+4000.example. 5M IN A 10.0.15.65
+4000.example. 5M IN A 10.0.15.66
+4000.example. 5M IN A 10.0.15.67
+4000.example. 5M IN A 10.0.15.68
+4000.example. 5M IN A 10.0.15.69
+4000.example. 5M IN A 10.0.15.70
+4000.example. 5M IN A 10.0.15.71
+4000.example. 5M IN A 10.0.15.72
+4000.example. 5M IN A 10.0.15.73
+4000.example. 5M IN A 10.0.15.74
+4000.example. 5M IN A 10.0.15.75
+4000.example. 5M IN A 10.0.15.76
+4000.example. 5M IN A 10.0.15.77
+4000.example. 5M IN A 10.0.15.78
+4000.example. 5M IN A 10.0.15.79
+4000.example. 5M IN A 10.0.15.80
+4000.example. 5M IN A 10.0.15.81
+4000.example. 5M IN A 10.0.15.82
+4000.example. 5M IN A 10.0.15.83
+4000.example. 5M IN A 10.0.15.84
+4000.example. 5M IN A 10.0.15.85
+4000.example. 5M IN A 10.0.15.86
+4000.example. 5M IN A 10.0.15.87
+4000.example. 5M IN A 10.0.15.88
+4000.example. 5M IN A 10.0.15.89
+4000.example. 5M IN A 10.0.15.90
+4000.example. 5M IN A 10.0.15.91
+4000.example. 5M IN A 10.0.15.92
+4000.example. 5M IN A 10.0.15.93
+4000.example. 5M IN A 10.0.15.94
+4000.example. 5M IN A 10.0.15.95
+4000.example. 5M IN A 10.0.15.96
+4000.example. 5M IN A 10.0.15.97
+4000.example. 5M IN A 10.0.15.98
+4000.example. 5M IN A 10.0.15.99
+4000.example. 5M IN A 10.0.15.100
+4000.example. 5M IN A 10.0.15.101
+4000.example. 5M IN A 10.0.15.102
+4000.example. 5M IN A 10.0.15.103
+4000.example. 5M IN A 10.0.15.104
+4000.example. 5M IN A 10.0.15.105
+4000.example. 5M IN A 10.0.15.106
+4000.example. 5M IN A 10.0.15.107
+4000.example. 5M IN A 10.0.15.108
+4000.example. 5M IN A 10.0.15.109
+4000.example. 5M IN A 10.0.15.110
+4000.example. 5M IN A 10.0.15.111
+4000.example. 5M IN A 10.0.15.112
+4000.example. 5M IN A 10.0.15.113
+4000.example. 5M IN A 10.0.15.114
+4000.example. 5M IN A 10.0.15.115
+4000.example. 5M IN A 10.0.15.116
+4000.example. 5M IN A 10.0.15.117
+4000.example. 5M IN A 10.0.15.118
+4000.example. 5M IN A 10.0.15.119
+4000.example. 5M IN A 10.0.15.120
+4000.example. 5M IN A 10.0.15.121
+4000.example. 5M IN A 10.0.15.122
+4000.example. 5M IN A 10.0.15.123
+4000.example. 5M IN A 10.0.15.124
+4000.example. 5M IN A 10.0.15.125
+4000.example. 5M IN A 10.0.15.126
+4000.example. 5M IN A 10.0.15.127
+4000.example. 5M IN A 10.0.15.128
+4000.example. 5M IN A 10.0.15.129
+4000.example. 5M IN A 10.0.15.130
+4000.example. 5M IN A 10.0.15.131
+4000.example. 5M IN A 10.0.15.132
+4000.example. 5M IN A 10.0.15.133
+4000.example. 5M IN A 10.0.15.134
+4000.example. 5M IN A 10.0.15.135
+4000.example. 5M IN A 10.0.15.136
+4000.example. 5M IN A 10.0.15.137
+4000.example. 5M IN A 10.0.15.138
+4000.example. 5M IN A 10.0.15.139
+4000.example. 5M IN A 10.0.15.140
+4000.example. 5M IN A 10.0.15.141
+4000.example. 5M IN A 10.0.15.142
+4000.example. 5M IN A 10.0.15.143
+4000.example. 5M IN A 10.0.15.144
+4000.example. 5M IN A 10.0.15.145
+4000.example. 5M IN A 10.0.15.146
+4000.example. 5M IN A 10.0.15.147
+4000.example. 5M IN A 10.0.15.148
+4000.example. 5M IN A 10.0.15.149
+4000.example. 5M IN A 10.0.15.150
+4000.example. 5M IN A 10.0.15.151
+4000.example. 5M IN A 10.0.15.152
+4000.example. 5M IN A 10.0.15.153
+4000.example. 5M IN A 10.0.15.154
+4000.example. 5M IN A 10.0.15.155
+4000.example. 5M IN A 10.0.15.156
+4000.example. 5M IN A 10.0.15.157
+4000.example. 5M IN A 10.0.15.158
+4000.example. 5M IN A 10.0.15.159
+
+;; AUTHORITY SECTION:
+example. 5M IN NS ns1.example.
+
+;; ADDITIONAL SECTION:
+ns1.example. 5M IN A 10.53.0.1
+
+;; Total query time: 279 msec
+;; FROM: draco to SERVER: 10.53.0.1
+;; WHEN: Fri Jun 23 12:58:20 2000
+;; MSG SIZE sent: 30 rcvd: 64068
+
diff --git a/bin/tests/system/limits/knowngood.dig.out.a-maximum-rrset b/bin/tests/system/limits/knowngood.dig.out.a-maximum-rrset
new file mode 100644
index 0000000..1688e83
--- /dev/null
+++ b/bin/tests/system/limits/knowngood.dig.out.a-maximum-rrset
@@ -0,0 +1,4114 @@
+
+; <<>> DiG 8.2 <<>> a-maximum-rrset.example. @10.53.0.1 a -p
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
+;; flags: qr aa rd ad; QUERY: 1, ANSWER: 4091, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; a-maximum-rrset.example, type = A, class = IN
+
+;; ANSWER SECTION:
+a-maximum-rrset.example. 5M IN A 10.0.0.0
+a-maximum-rrset.example. 5M IN A 10.0.0.1
+a-maximum-rrset.example. 5M IN A 10.0.0.2
+a-maximum-rrset.example. 5M IN A 10.0.0.3
+a-maximum-rrset.example. 5M IN A 10.0.0.4
+a-maximum-rrset.example. 5M IN A 10.0.0.5
+a-maximum-rrset.example. 5M IN A 10.0.0.6
+a-maximum-rrset.example. 5M IN A 10.0.0.7
+a-maximum-rrset.example. 5M IN A 10.0.0.8
+a-maximum-rrset.example. 5M IN A 10.0.0.9
+a-maximum-rrset.example. 5M IN A 10.0.0.10
+a-maximum-rrset.example. 5M IN A 10.0.0.11
+a-maximum-rrset.example. 5M IN A 10.0.0.12
+a-maximum-rrset.example. 5M IN A 10.0.0.13
+a-maximum-rrset.example. 5M IN A 10.0.0.14
+a-maximum-rrset.example. 5M IN A 10.0.0.15
+a-maximum-rrset.example. 5M IN A 10.0.0.16
+a-maximum-rrset.example. 5M IN A 10.0.0.17
+a-maximum-rrset.example. 5M IN A 10.0.0.18
+a-maximum-rrset.example. 5M IN A 10.0.0.19
+a-maximum-rrset.example. 5M IN A 10.0.0.20
+a-maximum-rrset.example. 5M IN A 10.0.0.21
+a-maximum-rrset.example. 5M IN A 10.0.0.22
+a-maximum-rrset.example. 5M IN A 10.0.0.23
+a-maximum-rrset.example. 5M IN A 10.0.0.24
+a-maximum-rrset.example. 5M IN A 10.0.0.25
+a-maximum-rrset.example. 5M IN A 10.0.0.26
+a-maximum-rrset.example. 5M IN A 10.0.0.27
+a-maximum-rrset.example. 5M IN A 10.0.0.28
+a-maximum-rrset.example. 5M IN A 10.0.0.29
+a-maximum-rrset.example. 5M IN A 10.0.0.30
+a-maximum-rrset.example. 5M IN A 10.0.0.31
+a-maximum-rrset.example. 5M IN A 10.0.0.32
+a-maximum-rrset.example. 5M IN A 10.0.0.33
+a-maximum-rrset.example. 5M IN A 10.0.0.34
+a-maximum-rrset.example. 5M IN A 10.0.0.35
+a-maximum-rrset.example. 5M IN A 10.0.0.36
+a-maximum-rrset.example. 5M IN A 10.0.0.37
+a-maximum-rrset.example. 5M IN A 10.0.0.38
+a-maximum-rrset.example. 5M IN A 10.0.0.39
+a-maximum-rrset.example. 5M IN A 10.0.0.40
+a-maximum-rrset.example. 5M IN A 10.0.0.41
+a-maximum-rrset.example. 5M IN A 10.0.0.42
+a-maximum-rrset.example. 5M IN A 10.0.0.43
+a-maximum-rrset.example. 5M IN A 10.0.0.44
+a-maximum-rrset.example. 5M IN A 10.0.0.45
+a-maximum-rrset.example. 5M IN A 10.0.0.46
+a-maximum-rrset.example. 5M IN A 10.0.0.47
+a-maximum-rrset.example. 5M IN A 10.0.0.48
+a-maximum-rrset.example. 5M IN A 10.0.0.49
+a-maximum-rrset.example. 5M IN A 10.0.0.50
+a-maximum-rrset.example. 5M IN A 10.0.0.51
+a-maximum-rrset.example. 5M IN A 10.0.0.52
+a-maximum-rrset.example. 5M IN A 10.0.0.53
+a-maximum-rrset.example. 5M IN A 10.0.0.54
+a-maximum-rrset.example. 5M IN A 10.0.0.55
+a-maximum-rrset.example. 5M IN A 10.0.0.56
+a-maximum-rrset.example. 5M IN A 10.0.0.57
+a-maximum-rrset.example. 5M IN A 10.0.0.58
+a-maximum-rrset.example. 5M IN A 10.0.0.59
+a-maximum-rrset.example. 5M IN A 10.0.0.60
+a-maximum-rrset.example. 5M IN A 10.0.0.61
+a-maximum-rrset.example. 5M IN A 10.0.0.62
+a-maximum-rrset.example. 5M IN A 10.0.0.63
+a-maximum-rrset.example. 5M IN A 10.0.0.64
+a-maximum-rrset.example. 5M IN A 10.0.0.65
+a-maximum-rrset.example. 5M IN A 10.0.0.66
+a-maximum-rrset.example. 5M IN A 10.0.0.67
+a-maximum-rrset.example. 5M IN A 10.0.0.68
+a-maximum-rrset.example. 5M IN A 10.0.0.69
+a-maximum-rrset.example. 5M IN A 10.0.0.70
+a-maximum-rrset.example. 5M IN A 10.0.0.71
+a-maximum-rrset.example. 5M IN A 10.0.0.72
+a-maximum-rrset.example. 5M IN A 10.0.0.73
+a-maximum-rrset.example. 5M IN A 10.0.0.74
+a-maximum-rrset.example. 5M IN A 10.0.0.75
+a-maximum-rrset.example. 5M IN A 10.0.0.76
+a-maximum-rrset.example. 5M IN A 10.0.0.77
+a-maximum-rrset.example. 5M IN A 10.0.0.78
+a-maximum-rrset.example. 5M IN A 10.0.0.79
+a-maximum-rrset.example. 5M IN A 10.0.0.80
+a-maximum-rrset.example. 5M IN A 10.0.0.81
+a-maximum-rrset.example. 5M IN A 10.0.0.82
+a-maximum-rrset.example. 5M IN A 10.0.0.83
+a-maximum-rrset.example. 5M IN A 10.0.0.84
+a-maximum-rrset.example. 5M IN A 10.0.0.85
+a-maximum-rrset.example. 5M IN A 10.0.0.86
+a-maximum-rrset.example. 5M IN A 10.0.0.87
+a-maximum-rrset.example. 5M IN A 10.0.0.88
+a-maximum-rrset.example. 5M IN A 10.0.0.89
+a-maximum-rrset.example. 5M IN A 10.0.0.90
+a-maximum-rrset.example. 5M IN A 10.0.0.91
+a-maximum-rrset.example. 5M IN A 10.0.0.92
+a-maximum-rrset.example. 5M IN A 10.0.0.93
+a-maximum-rrset.example. 5M IN A 10.0.0.94
+a-maximum-rrset.example. 5M IN A 10.0.0.95
+a-maximum-rrset.example. 5M IN A 10.0.0.96
+a-maximum-rrset.example. 5M IN A 10.0.0.97
+a-maximum-rrset.example. 5M IN A 10.0.0.98
+a-maximum-rrset.example. 5M IN A 10.0.0.99
+a-maximum-rrset.example. 5M IN A 10.0.0.100
+a-maximum-rrset.example. 5M IN A 10.0.0.101
+a-maximum-rrset.example. 5M IN A 10.0.0.102
+a-maximum-rrset.example. 5M IN A 10.0.0.103
+a-maximum-rrset.example. 5M IN A 10.0.0.104
+a-maximum-rrset.example. 5M IN A 10.0.0.105
+a-maximum-rrset.example. 5M IN A 10.0.0.106
+a-maximum-rrset.example. 5M IN A 10.0.0.107
+a-maximum-rrset.example. 5M IN A 10.0.0.108
+a-maximum-rrset.example. 5M IN A 10.0.0.109
+a-maximum-rrset.example. 5M IN A 10.0.0.110
+a-maximum-rrset.example. 5M IN A 10.0.0.111
+a-maximum-rrset.example. 5M IN A 10.0.0.112
+a-maximum-rrset.example. 5M IN A 10.0.0.113
+a-maximum-rrset.example. 5M IN A 10.0.0.114
+a-maximum-rrset.example. 5M IN A 10.0.0.115
+a-maximum-rrset.example. 5M IN A 10.0.0.116
+a-maximum-rrset.example. 5M IN A 10.0.0.117
+a-maximum-rrset.example. 5M IN A 10.0.0.118
+a-maximum-rrset.example. 5M IN A 10.0.0.119
+a-maximum-rrset.example. 5M IN A 10.0.0.120
+a-maximum-rrset.example. 5M IN A 10.0.0.121
+a-maximum-rrset.example. 5M IN A 10.0.0.122
+a-maximum-rrset.example. 5M IN A 10.0.0.123
+a-maximum-rrset.example. 5M IN A 10.0.0.124
+a-maximum-rrset.example. 5M IN A 10.0.0.125
+a-maximum-rrset.example. 5M IN A 10.0.0.126
+a-maximum-rrset.example. 5M IN A 10.0.0.127
+a-maximum-rrset.example. 5M IN A 10.0.0.128
+a-maximum-rrset.example. 5M IN A 10.0.0.129
+a-maximum-rrset.example. 5M IN A 10.0.0.130
+a-maximum-rrset.example. 5M IN A 10.0.0.131
+a-maximum-rrset.example. 5M IN A 10.0.0.132
+a-maximum-rrset.example. 5M IN A 10.0.0.133
+a-maximum-rrset.example. 5M IN A 10.0.0.134
+a-maximum-rrset.example. 5M IN A 10.0.0.135
+a-maximum-rrset.example. 5M IN A 10.0.0.136
+a-maximum-rrset.example. 5M IN A 10.0.0.137
+a-maximum-rrset.example. 5M IN A 10.0.0.138
+a-maximum-rrset.example. 5M IN A 10.0.0.139
+a-maximum-rrset.example. 5M IN A 10.0.0.140
+a-maximum-rrset.example. 5M IN A 10.0.0.141
+a-maximum-rrset.example. 5M IN A 10.0.0.142
+a-maximum-rrset.example. 5M IN A 10.0.0.143
+a-maximum-rrset.example. 5M IN A 10.0.0.144
+a-maximum-rrset.example. 5M IN A 10.0.0.145
+a-maximum-rrset.example. 5M IN A 10.0.0.146
+a-maximum-rrset.example. 5M IN A 10.0.0.147
+a-maximum-rrset.example. 5M IN A 10.0.0.148
+a-maximum-rrset.example. 5M IN A 10.0.0.149
+a-maximum-rrset.example. 5M IN A 10.0.0.150
+a-maximum-rrset.example. 5M IN A 10.0.0.151
+a-maximum-rrset.example. 5M IN A 10.0.0.152
+a-maximum-rrset.example. 5M IN A 10.0.0.153
+a-maximum-rrset.example. 5M IN A 10.0.0.154
+a-maximum-rrset.example. 5M IN A 10.0.0.155
+a-maximum-rrset.example. 5M IN A 10.0.0.156
+a-maximum-rrset.example. 5M IN A 10.0.0.157
+a-maximum-rrset.example. 5M IN A 10.0.0.158
+a-maximum-rrset.example. 5M IN A 10.0.0.159
+a-maximum-rrset.example. 5M IN A 10.0.0.160
+a-maximum-rrset.example. 5M IN A 10.0.0.161
+a-maximum-rrset.example. 5M IN A 10.0.0.162
+a-maximum-rrset.example. 5M IN A 10.0.0.163
+a-maximum-rrset.example. 5M IN A 10.0.0.164
+a-maximum-rrset.example. 5M IN A 10.0.0.165
+a-maximum-rrset.example. 5M IN A 10.0.0.166
+a-maximum-rrset.example. 5M IN A 10.0.0.167
+a-maximum-rrset.example. 5M IN A 10.0.0.168
+a-maximum-rrset.example. 5M IN A 10.0.0.169
+a-maximum-rrset.example. 5M IN A 10.0.0.170
+a-maximum-rrset.example. 5M IN A 10.0.0.171
+a-maximum-rrset.example. 5M IN A 10.0.0.172
+a-maximum-rrset.example. 5M IN A 10.0.0.173
+a-maximum-rrset.example. 5M IN A 10.0.0.174
+a-maximum-rrset.example. 5M IN A 10.0.0.175
+a-maximum-rrset.example. 5M IN A 10.0.0.176
+a-maximum-rrset.example. 5M IN A 10.0.0.177
+a-maximum-rrset.example. 5M IN A 10.0.0.178
+a-maximum-rrset.example. 5M IN A 10.0.0.179
+a-maximum-rrset.example. 5M IN A 10.0.0.180
+a-maximum-rrset.example. 5M IN A 10.0.0.181
+a-maximum-rrset.example. 5M IN A 10.0.0.182
+a-maximum-rrset.example. 5M IN A 10.0.0.183
+a-maximum-rrset.example. 5M IN A 10.0.0.184
+a-maximum-rrset.example. 5M IN A 10.0.0.185
+a-maximum-rrset.example. 5M IN A 10.0.0.186
+a-maximum-rrset.example. 5M IN A 10.0.0.187
+a-maximum-rrset.example. 5M IN A 10.0.0.188
+a-maximum-rrset.example. 5M IN A 10.0.0.189
+a-maximum-rrset.example. 5M IN A 10.0.0.190
+a-maximum-rrset.example. 5M IN A 10.0.0.191
+a-maximum-rrset.example. 5M IN A 10.0.0.192
+a-maximum-rrset.example. 5M IN A 10.0.0.193
+a-maximum-rrset.example. 5M IN A 10.0.0.194
+a-maximum-rrset.example. 5M IN A 10.0.0.195
+a-maximum-rrset.example. 5M IN A 10.0.0.196
+a-maximum-rrset.example. 5M IN A 10.0.0.197
+a-maximum-rrset.example. 5M IN A 10.0.0.198
+a-maximum-rrset.example. 5M IN A 10.0.0.199
+a-maximum-rrset.example. 5M IN A 10.0.0.200
+a-maximum-rrset.example. 5M IN A 10.0.0.201
+a-maximum-rrset.example. 5M IN A 10.0.0.202
+a-maximum-rrset.example. 5M IN A 10.0.0.203
+a-maximum-rrset.example. 5M IN A 10.0.0.204
+a-maximum-rrset.example. 5M IN A 10.0.0.205
+a-maximum-rrset.example. 5M IN A 10.0.0.206
+a-maximum-rrset.example. 5M IN A 10.0.0.207
+a-maximum-rrset.example. 5M IN A 10.0.0.208
+a-maximum-rrset.example. 5M IN A 10.0.0.209
+a-maximum-rrset.example. 5M IN A 10.0.0.210
+a-maximum-rrset.example. 5M IN A 10.0.0.211
+a-maximum-rrset.example. 5M IN A 10.0.0.212
+a-maximum-rrset.example. 5M IN A 10.0.0.213
+a-maximum-rrset.example. 5M IN A 10.0.0.214
+a-maximum-rrset.example. 5M IN A 10.0.0.215
+a-maximum-rrset.example. 5M IN A 10.0.0.216
+a-maximum-rrset.example. 5M IN A 10.0.0.217
+a-maximum-rrset.example. 5M IN A 10.0.0.218
+a-maximum-rrset.example. 5M IN A 10.0.0.219
+a-maximum-rrset.example. 5M IN A 10.0.0.220
+a-maximum-rrset.example. 5M IN A 10.0.0.221
+a-maximum-rrset.example. 5M IN A 10.0.0.222
+a-maximum-rrset.example. 5M IN A 10.0.0.223
+a-maximum-rrset.example. 5M IN A 10.0.0.224
+a-maximum-rrset.example. 5M IN A 10.0.0.225
+a-maximum-rrset.example. 5M IN A 10.0.0.226
+a-maximum-rrset.example. 5M IN A 10.0.0.227
+a-maximum-rrset.example. 5M IN A 10.0.0.228
+a-maximum-rrset.example. 5M IN A 10.0.0.229
+a-maximum-rrset.example. 5M IN A 10.0.0.230
+a-maximum-rrset.example. 5M IN A 10.0.0.231
+a-maximum-rrset.example. 5M IN A 10.0.0.232
+a-maximum-rrset.example. 5M IN A 10.0.0.233
+a-maximum-rrset.example. 5M IN A 10.0.0.234
+a-maximum-rrset.example. 5M IN A 10.0.0.235
+a-maximum-rrset.example. 5M IN A 10.0.0.236
+a-maximum-rrset.example. 5M IN A 10.0.0.237
+a-maximum-rrset.example. 5M IN A 10.0.0.238
+a-maximum-rrset.example. 5M IN A 10.0.0.239
+a-maximum-rrset.example. 5M IN A 10.0.0.240
+a-maximum-rrset.example. 5M IN A 10.0.0.241
+a-maximum-rrset.example. 5M IN A 10.0.0.242
+a-maximum-rrset.example. 5M IN A 10.0.0.243
+a-maximum-rrset.example. 5M IN A 10.0.0.244
+a-maximum-rrset.example. 5M IN A 10.0.0.245
+a-maximum-rrset.example. 5M IN A 10.0.0.246
+a-maximum-rrset.example. 5M IN A 10.0.0.247
+a-maximum-rrset.example. 5M IN A 10.0.0.248
+a-maximum-rrset.example. 5M IN A 10.0.0.249
+a-maximum-rrset.example. 5M IN A 10.0.0.250
+a-maximum-rrset.example. 5M IN A 10.0.0.251
+a-maximum-rrset.example. 5M IN A 10.0.0.252
+a-maximum-rrset.example. 5M IN A 10.0.0.253
+a-maximum-rrset.example. 5M IN A 10.0.0.254
+a-maximum-rrset.example. 5M IN A 10.0.0.255
+a-maximum-rrset.example. 5M IN A 10.0.1.0
+a-maximum-rrset.example. 5M IN A 10.0.1.1
+a-maximum-rrset.example. 5M IN A 10.0.1.2
+a-maximum-rrset.example. 5M IN A 10.0.1.3
+a-maximum-rrset.example. 5M IN A 10.0.1.4
+a-maximum-rrset.example. 5M IN A 10.0.1.5
+a-maximum-rrset.example. 5M IN A 10.0.1.6
+a-maximum-rrset.example. 5M IN A 10.0.1.7
+a-maximum-rrset.example. 5M IN A 10.0.1.8
+a-maximum-rrset.example. 5M IN A 10.0.1.9
+a-maximum-rrset.example. 5M IN A 10.0.1.10
+a-maximum-rrset.example. 5M IN A 10.0.1.11
+a-maximum-rrset.example. 5M IN A 10.0.1.12
+a-maximum-rrset.example. 5M IN A 10.0.1.13
+a-maximum-rrset.example. 5M IN A 10.0.1.14
+a-maximum-rrset.example. 5M IN A 10.0.1.15
+a-maximum-rrset.example. 5M IN A 10.0.1.16
+a-maximum-rrset.example. 5M IN A 10.0.1.17
+a-maximum-rrset.example. 5M IN A 10.0.1.18
+a-maximum-rrset.example. 5M IN A 10.0.1.19
+a-maximum-rrset.example. 5M IN A 10.0.1.20
+a-maximum-rrset.example. 5M IN A 10.0.1.21
+a-maximum-rrset.example. 5M IN A 10.0.1.22
+a-maximum-rrset.example. 5M IN A 10.0.1.23
+a-maximum-rrset.example. 5M IN A 10.0.1.24
+a-maximum-rrset.example. 5M IN A 10.0.1.25
+a-maximum-rrset.example. 5M IN A 10.0.1.26
+a-maximum-rrset.example. 5M IN A 10.0.1.27
+a-maximum-rrset.example. 5M IN A 10.0.1.28
+a-maximum-rrset.example. 5M IN A 10.0.1.29
+a-maximum-rrset.example. 5M IN A 10.0.1.30
+a-maximum-rrset.example. 5M IN A 10.0.1.31
+a-maximum-rrset.example. 5M IN A 10.0.1.32
+a-maximum-rrset.example. 5M IN A 10.0.1.33
+a-maximum-rrset.example. 5M IN A 10.0.1.34
+a-maximum-rrset.example. 5M IN A 10.0.1.35
+a-maximum-rrset.example. 5M IN A 10.0.1.36
+a-maximum-rrset.example. 5M IN A 10.0.1.37
+a-maximum-rrset.example. 5M IN A 10.0.1.38
+a-maximum-rrset.example. 5M IN A 10.0.1.39
+a-maximum-rrset.example. 5M IN A 10.0.1.40
+a-maximum-rrset.example. 5M IN A 10.0.1.41
+a-maximum-rrset.example. 5M IN A 10.0.1.42
+a-maximum-rrset.example. 5M IN A 10.0.1.43
+a-maximum-rrset.example. 5M IN A 10.0.1.44
+a-maximum-rrset.example. 5M IN A 10.0.1.45
+a-maximum-rrset.example. 5M IN A 10.0.1.46
+a-maximum-rrset.example. 5M IN A 10.0.1.47
+a-maximum-rrset.example. 5M IN A 10.0.1.48
+a-maximum-rrset.example. 5M IN A 10.0.1.49
+a-maximum-rrset.example. 5M IN A 10.0.1.50
+a-maximum-rrset.example. 5M IN A 10.0.1.51
+a-maximum-rrset.example. 5M IN A 10.0.1.52
+a-maximum-rrset.example. 5M IN A 10.0.1.53
+a-maximum-rrset.example. 5M IN A 10.0.1.54
+a-maximum-rrset.example. 5M IN A 10.0.1.55
+a-maximum-rrset.example. 5M IN A 10.0.1.56
+a-maximum-rrset.example. 5M IN A 10.0.1.57
+a-maximum-rrset.example. 5M IN A 10.0.1.58
+a-maximum-rrset.example. 5M IN A 10.0.1.59
+a-maximum-rrset.example. 5M IN A 10.0.1.60
+a-maximum-rrset.example. 5M IN A 10.0.1.61
+a-maximum-rrset.example. 5M IN A 10.0.1.62
+a-maximum-rrset.example. 5M IN A 10.0.1.63
+a-maximum-rrset.example. 5M IN A 10.0.1.64
+a-maximum-rrset.example. 5M IN A 10.0.1.65
+a-maximum-rrset.example. 5M IN A 10.0.1.66
+a-maximum-rrset.example. 5M IN A 10.0.1.67
+a-maximum-rrset.example. 5M IN A 10.0.1.68
+a-maximum-rrset.example. 5M IN A 10.0.1.69
+a-maximum-rrset.example. 5M IN A 10.0.1.70
+a-maximum-rrset.example. 5M IN A 10.0.1.71
+a-maximum-rrset.example. 5M IN A 10.0.1.72
+a-maximum-rrset.example. 5M IN A 10.0.1.73
+a-maximum-rrset.example. 5M IN A 10.0.1.74
+a-maximum-rrset.example. 5M IN A 10.0.1.75
+a-maximum-rrset.example. 5M IN A 10.0.1.76
+a-maximum-rrset.example. 5M IN A 10.0.1.77
+a-maximum-rrset.example. 5M IN A 10.0.1.78
+a-maximum-rrset.example. 5M IN A 10.0.1.79
+a-maximum-rrset.example. 5M IN A 10.0.1.80
+a-maximum-rrset.example. 5M IN A 10.0.1.81
+a-maximum-rrset.example. 5M IN A 10.0.1.82
+a-maximum-rrset.example. 5M IN A 10.0.1.83
+a-maximum-rrset.example. 5M IN A 10.0.1.84
+a-maximum-rrset.example. 5M IN A 10.0.1.85
+a-maximum-rrset.example. 5M IN A 10.0.1.86
+a-maximum-rrset.example. 5M IN A 10.0.1.87
+a-maximum-rrset.example. 5M IN A 10.0.1.88
+a-maximum-rrset.example. 5M IN A 10.0.1.89
+a-maximum-rrset.example. 5M IN A 10.0.1.90
+a-maximum-rrset.example. 5M IN A 10.0.1.91
+a-maximum-rrset.example. 5M IN A 10.0.1.92
+a-maximum-rrset.example. 5M IN A 10.0.1.93
+a-maximum-rrset.example. 5M IN A 10.0.1.94
+a-maximum-rrset.example. 5M IN A 10.0.1.95
+a-maximum-rrset.example. 5M IN A 10.0.1.96
+a-maximum-rrset.example. 5M IN A 10.0.1.97
+a-maximum-rrset.example. 5M IN A 10.0.1.98
+a-maximum-rrset.example. 5M IN A 10.0.1.99
+a-maximum-rrset.example. 5M IN A 10.0.1.100
+a-maximum-rrset.example. 5M IN A 10.0.1.101
+a-maximum-rrset.example. 5M IN A 10.0.1.102
+a-maximum-rrset.example. 5M IN A 10.0.1.103
+a-maximum-rrset.example. 5M IN A 10.0.1.104
+a-maximum-rrset.example. 5M IN A 10.0.1.105
+a-maximum-rrset.example. 5M IN A 10.0.1.106
+a-maximum-rrset.example. 5M IN A 10.0.1.107
+a-maximum-rrset.example. 5M IN A 10.0.1.108
+a-maximum-rrset.example. 5M IN A 10.0.1.109
+a-maximum-rrset.example. 5M IN A 10.0.1.110
+a-maximum-rrset.example. 5M IN A 10.0.1.111
+a-maximum-rrset.example. 5M IN A 10.0.1.112
+a-maximum-rrset.example. 5M IN A 10.0.1.113
+a-maximum-rrset.example. 5M IN A 10.0.1.114
+a-maximum-rrset.example. 5M IN A 10.0.1.115
+a-maximum-rrset.example. 5M IN A 10.0.1.116
+a-maximum-rrset.example. 5M IN A 10.0.1.117
+a-maximum-rrset.example. 5M IN A 10.0.1.118
+a-maximum-rrset.example. 5M IN A 10.0.1.119
+a-maximum-rrset.example. 5M IN A 10.0.1.120
+a-maximum-rrset.example. 5M IN A 10.0.1.121
+a-maximum-rrset.example. 5M IN A 10.0.1.122
+a-maximum-rrset.example. 5M IN A 10.0.1.123
+a-maximum-rrset.example. 5M IN A 10.0.1.124
+a-maximum-rrset.example. 5M IN A 10.0.1.125
+a-maximum-rrset.example. 5M IN A 10.0.1.126
+a-maximum-rrset.example. 5M IN A 10.0.1.127
+a-maximum-rrset.example. 5M IN A 10.0.1.128
+a-maximum-rrset.example. 5M IN A 10.0.1.129
+a-maximum-rrset.example. 5M IN A 10.0.1.130
+a-maximum-rrset.example. 5M IN A 10.0.1.131
+a-maximum-rrset.example. 5M IN A 10.0.1.132
+a-maximum-rrset.example. 5M IN A 10.0.1.133
+a-maximum-rrset.example. 5M IN A 10.0.1.134
+a-maximum-rrset.example. 5M IN A 10.0.1.135
+a-maximum-rrset.example. 5M IN A 10.0.1.136
+a-maximum-rrset.example. 5M IN A 10.0.1.137
+a-maximum-rrset.example. 5M IN A 10.0.1.138
+a-maximum-rrset.example. 5M IN A 10.0.1.139
+a-maximum-rrset.example. 5M IN A 10.0.1.140
+a-maximum-rrset.example. 5M IN A 10.0.1.141
+a-maximum-rrset.example. 5M IN A 10.0.1.142
+a-maximum-rrset.example. 5M IN A 10.0.1.143
+a-maximum-rrset.example. 5M IN A 10.0.1.144
+a-maximum-rrset.example. 5M IN A 10.0.1.145
+a-maximum-rrset.example. 5M IN A 10.0.1.146
+a-maximum-rrset.example. 5M IN A 10.0.1.147
+a-maximum-rrset.example. 5M IN A 10.0.1.148
+a-maximum-rrset.example. 5M IN A 10.0.1.149
+a-maximum-rrset.example. 5M IN A 10.0.1.150
+a-maximum-rrset.example. 5M IN A 10.0.1.151
+a-maximum-rrset.example. 5M IN A 10.0.1.152
+a-maximum-rrset.example. 5M IN A 10.0.1.153
+a-maximum-rrset.example. 5M IN A 10.0.1.154
+a-maximum-rrset.example. 5M IN A 10.0.1.155
+a-maximum-rrset.example. 5M IN A 10.0.1.156
+a-maximum-rrset.example. 5M IN A 10.0.1.157
+a-maximum-rrset.example. 5M IN A 10.0.1.158
+a-maximum-rrset.example. 5M IN A 10.0.1.159
+a-maximum-rrset.example. 5M IN A 10.0.1.160
+a-maximum-rrset.example. 5M IN A 10.0.1.161
+a-maximum-rrset.example. 5M IN A 10.0.1.162
+a-maximum-rrset.example. 5M IN A 10.0.1.163
+a-maximum-rrset.example. 5M IN A 10.0.1.164
+a-maximum-rrset.example. 5M IN A 10.0.1.165
+a-maximum-rrset.example. 5M IN A 10.0.1.166
+a-maximum-rrset.example. 5M IN A 10.0.1.167
+a-maximum-rrset.example. 5M IN A 10.0.1.168
+a-maximum-rrset.example. 5M IN A 10.0.1.169
+a-maximum-rrset.example. 5M IN A 10.0.1.170
+a-maximum-rrset.example. 5M IN A 10.0.1.171
+a-maximum-rrset.example. 5M IN A 10.0.1.172
+a-maximum-rrset.example. 5M IN A 10.0.1.173
+a-maximum-rrset.example. 5M IN A 10.0.1.174
+a-maximum-rrset.example. 5M IN A 10.0.1.175
+a-maximum-rrset.example. 5M IN A 10.0.1.176
+a-maximum-rrset.example. 5M IN A 10.0.1.177
+a-maximum-rrset.example. 5M IN A 10.0.1.178
+a-maximum-rrset.example. 5M IN A 10.0.1.179
+a-maximum-rrset.example. 5M IN A 10.0.1.180
+a-maximum-rrset.example. 5M IN A 10.0.1.181
+a-maximum-rrset.example. 5M IN A 10.0.1.182
+a-maximum-rrset.example. 5M IN A 10.0.1.183
+a-maximum-rrset.example. 5M IN A 10.0.1.184
+a-maximum-rrset.example. 5M IN A 10.0.1.185
+a-maximum-rrset.example. 5M IN A 10.0.1.186
+a-maximum-rrset.example. 5M IN A 10.0.1.187
+a-maximum-rrset.example. 5M IN A 10.0.1.188
+a-maximum-rrset.example. 5M IN A 10.0.1.189
+a-maximum-rrset.example. 5M IN A 10.0.1.190
+a-maximum-rrset.example. 5M IN A 10.0.1.191
+a-maximum-rrset.example. 5M IN A 10.0.1.192
+a-maximum-rrset.example. 5M IN A 10.0.1.193
+a-maximum-rrset.example. 5M IN A 10.0.1.194
+a-maximum-rrset.example. 5M IN A 10.0.1.195
+a-maximum-rrset.example. 5M IN A 10.0.1.196
+a-maximum-rrset.example. 5M IN A 10.0.1.197
+a-maximum-rrset.example. 5M IN A 10.0.1.198
+a-maximum-rrset.example. 5M IN A 10.0.1.199
+a-maximum-rrset.example. 5M IN A 10.0.1.200
+a-maximum-rrset.example. 5M IN A 10.0.1.201
+a-maximum-rrset.example. 5M IN A 10.0.1.202
+a-maximum-rrset.example. 5M IN A 10.0.1.203
+a-maximum-rrset.example. 5M IN A 10.0.1.204
+a-maximum-rrset.example. 5M IN A 10.0.1.205
+a-maximum-rrset.example. 5M IN A 10.0.1.206
+a-maximum-rrset.example. 5M IN A 10.0.1.207
+a-maximum-rrset.example. 5M IN A 10.0.1.208
+a-maximum-rrset.example. 5M IN A 10.0.1.209
+a-maximum-rrset.example. 5M IN A 10.0.1.210
+a-maximum-rrset.example. 5M IN A 10.0.1.211
+a-maximum-rrset.example. 5M IN A 10.0.1.212
+a-maximum-rrset.example. 5M IN A 10.0.1.213
+a-maximum-rrset.example. 5M IN A 10.0.1.214
+a-maximum-rrset.example. 5M IN A 10.0.1.215
+a-maximum-rrset.example. 5M IN A 10.0.1.216
+a-maximum-rrset.example. 5M IN A 10.0.1.217
+a-maximum-rrset.example. 5M IN A 10.0.1.218
+a-maximum-rrset.example. 5M IN A 10.0.1.219
+a-maximum-rrset.example. 5M IN A 10.0.1.220
+a-maximum-rrset.example. 5M IN A 10.0.1.221
+a-maximum-rrset.example. 5M IN A 10.0.1.222
+a-maximum-rrset.example. 5M IN A 10.0.1.223
+a-maximum-rrset.example. 5M IN A 10.0.1.224
+a-maximum-rrset.example. 5M IN A 10.0.1.225
+a-maximum-rrset.example. 5M IN A 10.0.1.226
+a-maximum-rrset.example. 5M IN A 10.0.1.227
+a-maximum-rrset.example. 5M IN A 10.0.1.228
+a-maximum-rrset.example. 5M IN A 10.0.1.229
+a-maximum-rrset.example. 5M IN A 10.0.1.230
+a-maximum-rrset.example. 5M IN A 10.0.1.231
+a-maximum-rrset.example. 5M IN A 10.0.1.232
+a-maximum-rrset.example. 5M IN A 10.0.1.233
+a-maximum-rrset.example. 5M IN A 10.0.1.234
+a-maximum-rrset.example. 5M IN A 10.0.1.235
+a-maximum-rrset.example. 5M IN A 10.0.1.236
+a-maximum-rrset.example. 5M IN A 10.0.1.237
+a-maximum-rrset.example. 5M IN A 10.0.1.238
+a-maximum-rrset.example. 5M IN A 10.0.1.239
+a-maximum-rrset.example. 5M IN A 10.0.1.240
+a-maximum-rrset.example. 5M IN A 10.0.1.241
+a-maximum-rrset.example. 5M IN A 10.0.1.242
+a-maximum-rrset.example. 5M IN A 10.0.1.243
+a-maximum-rrset.example. 5M IN A 10.0.1.244
+a-maximum-rrset.example. 5M IN A 10.0.1.245
+a-maximum-rrset.example. 5M IN A 10.0.1.246
+a-maximum-rrset.example. 5M IN A 10.0.1.247
+a-maximum-rrset.example. 5M IN A 10.0.1.248
+a-maximum-rrset.example. 5M IN A 10.0.1.249
+a-maximum-rrset.example. 5M IN A 10.0.1.250
+a-maximum-rrset.example. 5M IN A 10.0.1.251
+a-maximum-rrset.example. 5M IN A 10.0.1.252
+a-maximum-rrset.example. 5M IN A 10.0.1.253
+a-maximum-rrset.example. 5M IN A 10.0.1.254
+a-maximum-rrset.example. 5M IN A 10.0.1.255
+a-maximum-rrset.example. 5M IN A 10.0.2.0
+a-maximum-rrset.example. 5M IN A 10.0.2.1
+a-maximum-rrset.example. 5M IN A 10.0.2.2
+a-maximum-rrset.example. 5M IN A 10.0.2.3
+a-maximum-rrset.example. 5M IN A 10.0.2.4
+a-maximum-rrset.example. 5M IN A 10.0.2.5
+a-maximum-rrset.example. 5M IN A 10.0.2.6
+a-maximum-rrset.example. 5M IN A 10.0.2.7
+a-maximum-rrset.example. 5M IN A 10.0.2.8
+a-maximum-rrset.example. 5M IN A 10.0.2.9
+a-maximum-rrset.example. 5M IN A 10.0.2.10
+a-maximum-rrset.example. 5M IN A 10.0.2.11
+a-maximum-rrset.example. 5M IN A 10.0.2.12
+a-maximum-rrset.example. 5M IN A 10.0.2.13
+a-maximum-rrset.example. 5M IN A 10.0.2.14
+a-maximum-rrset.example. 5M IN A 10.0.2.15
+a-maximum-rrset.example. 5M IN A 10.0.2.16
+a-maximum-rrset.example. 5M IN A 10.0.2.17
+a-maximum-rrset.example. 5M IN A 10.0.2.18
+a-maximum-rrset.example. 5M IN A 10.0.2.19
+a-maximum-rrset.example. 5M IN A 10.0.2.20
+a-maximum-rrset.example. 5M IN A 10.0.2.21
+a-maximum-rrset.example. 5M IN A 10.0.2.22
+a-maximum-rrset.example. 5M IN A 10.0.2.23
+a-maximum-rrset.example. 5M IN A 10.0.2.24
+a-maximum-rrset.example. 5M IN A 10.0.2.25
+a-maximum-rrset.example. 5M IN A 10.0.2.26
+a-maximum-rrset.example. 5M IN A 10.0.2.27
+a-maximum-rrset.example. 5M IN A 10.0.2.28
+a-maximum-rrset.example. 5M IN A 10.0.2.29
+a-maximum-rrset.example. 5M IN A 10.0.2.30
+a-maximum-rrset.example. 5M IN A 10.0.2.31
+a-maximum-rrset.example. 5M IN A 10.0.2.32
+a-maximum-rrset.example. 5M IN A 10.0.2.33
+a-maximum-rrset.example. 5M IN A 10.0.2.34
+a-maximum-rrset.example. 5M IN A 10.0.2.35
+a-maximum-rrset.example. 5M IN A 10.0.2.36
+a-maximum-rrset.example. 5M IN A 10.0.2.37
+a-maximum-rrset.example. 5M IN A 10.0.2.38
+a-maximum-rrset.example. 5M IN A 10.0.2.39
+a-maximum-rrset.example. 5M IN A 10.0.2.40
+a-maximum-rrset.example. 5M IN A 10.0.2.41
+a-maximum-rrset.example. 5M IN A 10.0.2.42
+a-maximum-rrset.example. 5M IN A 10.0.2.43
+a-maximum-rrset.example. 5M IN A 10.0.2.44
+a-maximum-rrset.example. 5M IN A 10.0.2.45
+a-maximum-rrset.example. 5M IN A 10.0.2.46
+a-maximum-rrset.example. 5M IN A 10.0.2.47
+a-maximum-rrset.example. 5M IN A 10.0.2.48
+a-maximum-rrset.example. 5M IN A 10.0.2.49
+a-maximum-rrset.example. 5M IN A 10.0.2.50
+a-maximum-rrset.example. 5M IN A 10.0.2.51
+a-maximum-rrset.example. 5M IN A 10.0.2.52
+a-maximum-rrset.example. 5M IN A 10.0.2.53
+a-maximum-rrset.example. 5M IN A 10.0.2.54
+a-maximum-rrset.example. 5M IN A 10.0.2.55
+a-maximum-rrset.example. 5M IN A 10.0.2.56
+a-maximum-rrset.example. 5M IN A 10.0.2.57
+a-maximum-rrset.example. 5M IN A 10.0.2.58
+a-maximum-rrset.example. 5M IN A 10.0.2.59
+a-maximum-rrset.example. 5M IN A 10.0.2.60
+a-maximum-rrset.example. 5M IN A 10.0.2.61
+a-maximum-rrset.example. 5M IN A 10.0.2.62
+a-maximum-rrset.example. 5M IN A 10.0.2.63
+a-maximum-rrset.example. 5M IN A 10.0.2.64
+a-maximum-rrset.example. 5M IN A 10.0.2.65
+a-maximum-rrset.example. 5M IN A 10.0.2.66
+a-maximum-rrset.example. 5M IN A 10.0.2.67
+a-maximum-rrset.example. 5M IN A 10.0.2.68
+a-maximum-rrset.example. 5M IN A 10.0.2.69
+a-maximum-rrset.example. 5M IN A 10.0.2.70
+a-maximum-rrset.example. 5M IN A 10.0.2.71
+a-maximum-rrset.example. 5M IN A 10.0.2.72
+a-maximum-rrset.example. 5M IN A 10.0.2.73
+a-maximum-rrset.example. 5M IN A 10.0.2.74
+a-maximum-rrset.example. 5M IN A 10.0.2.75
+a-maximum-rrset.example. 5M IN A 10.0.2.76
+a-maximum-rrset.example. 5M IN A 10.0.2.77
+a-maximum-rrset.example. 5M IN A 10.0.2.78
+a-maximum-rrset.example. 5M IN A 10.0.2.79
+a-maximum-rrset.example. 5M IN A 10.0.2.80
+a-maximum-rrset.example. 5M IN A 10.0.2.81
+a-maximum-rrset.example. 5M IN A 10.0.2.82
+a-maximum-rrset.example. 5M IN A 10.0.2.83
+a-maximum-rrset.example. 5M IN A 10.0.2.84
+a-maximum-rrset.example. 5M IN A 10.0.2.85
+a-maximum-rrset.example. 5M IN A 10.0.2.86
+a-maximum-rrset.example. 5M IN A 10.0.2.87
+a-maximum-rrset.example. 5M IN A 10.0.2.88
+a-maximum-rrset.example. 5M IN A 10.0.2.89
+a-maximum-rrset.example. 5M IN A 10.0.2.90
+a-maximum-rrset.example. 5M IN A 10.0.2.91
+a-maximum-rrset.example. 5M IN A 10.0.2.92
+a-maximum-rrset.example. 5M IN A 10.0.2.93
+a-maximum-rrset.example. 5M IN A 10.0.2.94
+a-maximum-rrset.example. 5M IN A 10.0.2.95
+a-maximum-rrset.example. 5M IN A 10.0.2.96
+a-maximum-rrset.example. 5M IN A 10.0.2.97
+a-maximum-rrset.example. 5M IN A 10.0.2.98
+a-maximum-rrset.example. 5M IN A 10.0.2.99
+a-maximum-rrset.example. 5M IN A 10.0.2.100
+a-maximum-rrset.example. 5M IN A 10.0.2.101
+a-maximum-rrset.example. 5M IN A 10.0.2.102
+a-maximum-rrset.example. 5M IN A 10.0.2.103
+a-maximum-rrset.example. 5M IN A 10.0.2.104
+a-maximum-rrset.example. 5M IN A 10.0.2.105
+a-maximum-rrset.example. 5M IN A 10.0.2.106
+a-maximum-rrset.example. 5M IN A 10.0.2.107
+a-maximum-rrset.example. 5M IN A 10.0.2.108
+a-maximum-rrset.example. 5M IN A 10.0.2.109
+a-maximum-rrset.example. 5M IN A 10.0.2.110
+a-maximum-rrset.example. 5M IN A 10.0.2.111
+a-maximum-rrset.example. 5M IN A 10.0.2.112
+a-maximum-rrset.example. 5M IN A 10.0.2.113
+a-maximum-rrset.example. 5M IN A 10.0.2.114
+a-maximum-rrset.example. 5M IN A 10.0.2.115
+a-maximum-rrset.example. 5M IN A 10.0.2.116
+a-maximum-rrset.example. 5M IN A 10.0.2.117
+a-maximum-rrset.example. 5M IN A 10.0.2.118
+a-maximum-rrset.example. 5M IN A 10.0.2.119
+a-maximum-rrset.example. 5M IN A 10.0.2.120
+a-maximum-rrset.example. 5M IN A 10.0.2.121
+a-maximum-rrset.example. 5M IN A 10.0.2.122
+a-maximum-rrset.example. 5M IN A 10.0.2.123
+a-maximum-rrset.example. 5M IN A 10.0.2.124
+a-maximum-rrset.example. 5M IN A 10.0.2.125
+a-maximum-rrset.example. 5M IN A 10.0.2.126
+a-maximum-rrset.example. 5M IN A 10.0.2.127
+a-maximum-rrset.example. 5M IN A 10.0.2.128
+a-maximum-rrset.example. 5M IN A 10.0.2.129
+a-maximum-rrset.example. 5M IN A 10.0.2.130
+a-maximum-rrset.example. 5M IN A 10.0.2.131
+a-maximum-rrset.example. 5M IN A 10.0.2.132
+a-maximum-rrset.example. 5M IN A 10.0.2.133
+a-maximum-rrset.example. 5M IN A 10.0.2.134
+a-maximum-rrset.example. 5M IN A 10.0.2.135
+a-maximum-rrset.example. 5M IN A 10.0.2.136
+a-maximum-rrset.example. 5M IN A 10.0.2.137
+a-maximum-rrset.example. 5M IN A 10.0.2.138
+a-maximum-rrset.example. 5M IN A 10.0.2.139
+a-maximum-rrset.example. 5M IN A 10.0.2.140
+a-maximum-rrset.example. 5M IN A 10.0.2.141
+a-maximum-rrset.example. 5M IN A 10.0.2.142
+a-maximum-rrset.example. 5M IN A 10.0.2.143
+a-maximum-rrset.example. 5M IN A 10.0.2.144
+a-maximum-rrset.example. 5M IN A 10.0.2.145
+a-maximum-rrset.example. 5M IN A 10.0.2.146
+a-maximum-rrset.example. 5M IN A 10.0.2.147
+a-maximum-rrset.example. 5M IN A 10.0.2.148
+a-maximum-rrset.example. 5M IN A 10.0.2.149
+a-maximum-rrset.example. 5M IN A 10.0.2.150
+a-maximum-rrset.example. 5M IN A 10.0.2.151
+a-maximum-rrset.example. 5M IN A 10.0.2.152
+a-maximum-rrset.example. 5M IN A 10.0.2.153
+a-maximum-rrset.example. 5M IN A 10.0.2.154
+a-maximum-rrset.example. 5M IN A 10.0.2.155
+a-maximum-rrset.example. 5M IN A 10.0.2.156
+a-maximum-rrset.example. 5M IN A 10.0.2.157
+a-maximum-rrset.example. 5M IN A 10.0.2.158
+a-maximum-rrset.example. 5M IN A 10.0.2.159
+a-maximum-rrset.example. 5M IN A 10.0.2.160
+a-maximum-rrset.example. 5M IN A 10.0.2.161
+a-maximum-rrset.example. 5M IN A 10.0.2.162
+a-maximum-rrset.example. 5M IN A 10.0.2.163
+a-maximum-rrset.example. 5M IN A 10.0.2.164
+a-maximum-rrset.example. 5M IN A 10.0.2.165
+a-maximum-rrset.example. 5M IN A 10.0.2.166
+a-maximum-rrset.example. 5M IN A 10.0.2.167
+a-maximum-rrset.example. 5M IN A 10.0.2.168
+a-maximum-rrset.example. 5M IN A 10.0.2.169
+a-maximum-rrset.example. 5M IN A 10.0.2.170
+a-maximum-rrset.example. 5M IN A 10.0.2.171
+a-maximum-rrset.example. 5M IN A 10.0.2.172
+a-maximum-rrset.example. 5M IN A 10.0.2.173
+a-maximum-rrset.example. 5M IN A 10.0.2.174
+a-maximum-rrset.example. 5M IN A 10.0.2.175
+a-maximum-rrset.example. 5M IN A 10.0.2.176
+a-maximum-rrset.example. 5M IN A 10.0.2.177
+a-maximum-rrset.example. 5M IN A 10.0.2.178
+a-maximum-rrset.example. 5M IN A 10.0.2.179
+a-maximum-rrset.example. 5M IN A 10.0.2.180
+a-maximum-rrset.example. 5M IN A 10.0.2.181
+a-maximum-rrset.example. 5M IN A 10.0.2.182
+a-maximum-rrset.example. 5M IN A 10.0.2.183
+a-maximum-rrset.example. 5M IN A 10.0.2.184
+a-maximum-rrset.example. 5M IN A 10.0.2.185
+a-maximum-rrset.example. 5M IN A 10.0.2.186
+a-maximum-rrset.example. 5M IN A 10.0.2.187
+a-maximum-rrset.example. 5M IN A 10.0.2.188
+a-maximum-rrset.example. 5M IN A 10.0.2.189
+a-maximum-rrset.example. 5M IN A 10.0.2.190
+a-maximum-rrset.example. 5M IN A 10.0.2.191
+a-maximum-rrset.example. 5M IN A 10.0.2.192
+a-maximum-rrset.example. 5M IN A 10.0.2.193
+a-maximum-rrset.example. 5M IN A 10.0.2.194
+a-maximum-rrset.example. 5M IN A 10.0.2.195
+a-maximum-rrset.example. 5M IN A 10.0.2.196
+a-maximum-rrset.example. 5M IN A 10.0.2.197
+a-maximum-rrset.example. 5M IN A 10.0.2.198
+a-maximum-rrset.example. 5M IN A 10.0.2.199
+a-maximum-rrset.example. 5M IN A 10.0.2.200
+a-maximum-rrset.example. 5M IN A 10.0.2.201
+a-maximum-rrset.example. 5M IN A 10.0.2.202
+a-maximum-rrset.example. 5M IN A 10.0.2.203
+a-maximum-rrset.example. 5M IN A 10.0.2.204
+a-maximum-rrset.example. 5M IN A 10.0.2.205
+a-maximum-rrset.example. 5M IN A 10.0.2.206
+a-maximum-rrset.example. 5M IN A 10.0.2.207
+a-maximum-rrset.example. 5M IN A 10.0.2.208
+a-maximum-rrset.example. 5M IN A 10.0.2.209
+a-maximum-rrset.example. 5M IN A 10.0.2.210
+a-maximum-rrset.example. 5M IN A 10.0.2.211
+a-maximum-rrset.example. 5M IN A 10.0.2.212
+a-maximum-rrset.example. 5M IN A 10.0.2.213
+a-maximum-rrset.example. 5M IN A 10.0.2.214
+a-maximum-rrset.example. 5M IN A 10.0.2.215
+a-maximum-rrset.example. 5M IN A 10.0.2.216
+a-maximum-rrset.example. 5M IN A 10.0.2.217
+a-maximum-rrset.example. 5M IN A 10.0.2.218
+a-maximum-rrset.example. 5M IN A 10.0.2.219
+a-maximum-rrset.example. 5M IN A 10.0.2.220
+a-maximum-rrset.example. 5M IN A 10.0.2.221
+a-maximum-rrset.example. 5M IN A 10.0.2.222
+a-maximum-rrset.example. 5M IN A 10.0.2.223
+a-maximum-rrset.example. 5M IN A 10.0.2.224
+a-maximum-rrset.example. 5M IN A 10.0.2.225
+a-maximum-rrset.example. 5M IN A 10.0.2.226
+a-maximum-rrset.example. 5M IN A 10.0.2.227
+a-maximum-rrset.example. 5M IN A 10.0.2.228
+a-maximum-rrset.example. 5M IN A 10.0.2.229
+a-maximum-rrset.example. 5M IN A 10.0.2.230
+a-maximum-rrset.example. 5M IN A 10.0.2.231
+a-maximum-rrset.example. 5M IN A 10.0.2.232
+a-maximum-rrset.example. 5M IN A 10.0.2.233
+a-maximum-rrset.example. 5M IN A 10.0.2.234
+a-maximum-rrset.example. 5M IN A 10.0.2.235
+a-maximum-rrset.example. 5M IN A 10.0.2.236
+a-maximum-rrset.example. 5M IN A 10.0.2.237
+a-maximum-rrset.example. 5M IN A 10.0.2.238
+a-maximum-rrset.example. 5M IN A 10.0.2.239
+a-maximum-rrset.example. 5M IN A 10.0.2.240
+a-maximum-rrset.example. 5M IN A 10.0.2.241
+a-maximum-rrset.example. 5M IN A 10.0.2.242
+a-maximum-rrset.example. 5M IN A 10.0.2.243
+a-maximum-rrset.example. 5M IN A 10.0.2.244
+a-maximum-rrset.example. 5M IN A 10.0.2.245
+a-maximum-rrset.example. 5M IN A 10.0.2.246
+a-maximum-rrset.example. 5M IN A 10.0.2.247
+a-maximum-rrset.example. 5M IN A 10.0.2.248
+a-maximum-rrset.example. 5M IN A 10.0.2.249
+a-maximum-rrset.example. 5M IN A 10.0.2.250
+a-maximum-rrset.example. 5M IN A 10.0.2.251
+a-maximum-rrset.example. 5M IN A 10.0.2.252
+a-maximum-rrset.example. 5M IN A 10.0.2.253
+a-maximum-rrset.example. 5M IN A 10.0.2.254
+a-maximum-rrset.example. 5M IN A 10.0.2.255
+a-maximum-rrset.example. 5M IN A 10.0.3.0
+a-maximum-rrset.example. 5M IN A 10.0.3.1
+a-maximum-rrset.example. 5M IN A 10.0.3.2
+a-maximum-rrset.example. 5M IN A 10.0.3.3
+a-maximum-rrset.example. 5M IN A 10.0.3.4
+a-maximum-rrset.example. 5M IN A 10.0.3.5
+a-maximum-rrset.example. 5M IN A 10.0.3.6
+a-maximum-rrset.example. 5M IN A 10.0.3.7
+a-maximum-rrset.example. 5M IN A 10.0.3.8
+a-maximum-rrset.example. 5M IN A 10.0.3.9
+a-maximum-rrset.example. 5M IN A 10.0.3.10
+a-maximum-rrset.example. 5M IN A 10.0.3.11
+a-maximum-rrset.example. 5M IN A 10.0.3.12
+a-maximum-rrset.example. 5M IN A 10.0.3.13
+a-maximum-rrset.example. 5M IN A 10.0.3.14
+a-maximum-rrset.example. 5M IN A 10.0.3.15
+a-maximum-rrset.example. 5M IN A 10.0.3.16
+a-maximum-rrset.example. 5M IN A 10.0.3.17
+a-maximum-rrset.example. 5M IN A 10.0.3.18
+a-maximum-rrset.example. 5M IN A 10.0.3.19
+a-maximum-rrset.example. 5M IN A 10.0.3.20
+a-maximum-rrset.example. 5M IN A 10.0.3.21
+a-maximum-rrset.example. 5M IN A 10.0.3.22
+a-maximum-rrset.example. 5M IN A 10.0.3.23
+a-maximum-rrset.example. 5M IN A 10.0.3.24
+a-maximum-rrset.example. 5M IN A 10.0.3.25
+a-maximum-rrset.example. 5M IN A 10.0.3.26
+a-maximum-rrset.example. 5M IN A 10.0.3.27
+a-maximum-rrset.example. 5M IN A 10.0.3.28
+a-maximum-rrset.example. 5M IN A 10.0.3.29
+a-maximum-rrset.example. 5M IN A 10.0.3.30
+a-maximum-rrset.example. 5M IN A 10.0.3.31
+a-maximum-rrset.example. 5M IN A 10.0.3.32
+a-maximum-rrset.example. 5M IN A 10.0.3.33
+a-maximum-rrset.example. 5M IN A 10.0.3.34
+a-maximum-rrset.example. 5M IN A 10.0.3.35
+a-maximum-rrset.example. 5M IN A 10.0.3.36
+a-maximum-rrset.example. 5M IN A 10.0.3.37
+a-maximum-rrset.example. 5M IN A 10.0.3.38
+a-maximum-rrset.example. 5M IN A 10.0.3.39
+a-maximum-rrset.example. 5M IN A 10.0.3.40
+a-maximum-rrset.example. 5M IN A 10.0.3.41
+a-maximum-rrset.example. 5M IN A 10.0.3.42
+a-maximum-rrset.example. 5M IN A 10.0.3.43
+a-maximum-rrset.example. 5M IN A 10.0.3.44
+a-maximum-rrset.example. 5M IN A 10.0.3.45
+a-maximum-rrset.example. 5M IN A 10.0.3.46
+a-maximum-rrset.example. 5M IN A 10.0.3.47
+a-maximum-rrset.example. 5M IN A 10.0.3.48
+a-maximum-rrset.example. 5M IN A 10.0.3.49
+a-maximum-rrset.example. 5M IN A 10.0.3.50
+a-maximum-rrset.example. 5M IN A 10.0.3.51
+a-maximum-rrset.example. 5M IN A 10.0.3.52
+a-maximum-rrset.example. 5M IN A 10.0.3.53
+a-maximum-rrset.example. 5M IN A 10.0.3.54
+a-maximum-rrset.example. 5M IN A 10.0.3.55
+a-maximum-rrset.example. 5M IN A 10.0.3.56
+a-maximum-rrset.example. 5M IN A 10.0.3.57
+a-maximum-rrset.example. 5M IN A 10.0.3.58
+a-maximum-rrset.example. 5M IN A 10.0.3.59
+a-maximum-rrset.example. 5M IN A 10.0.3.60
+a-maximum-rrset.example. 5M IN A 10.0.3.61
+a-maximum-rrset.example. 5M IN A 10.0.3.62
+a-maximum-rrset.example. 5M IN A 10.0.3.63
+a-maximum-rrset.example. 5M IN A 10.0.3.64
+a-maximum-rrset.example. 5M IN A 10.0.3.65
+a-maximum-rrset.example. 5M IN A 10.0.3.66
+a-maximum-rrset.example. 5M IN A 10.0.3.67
+a-maximum-rrset.example. 5M IN A 10.0.3.68
+a-maximum-rrset.example. 5M IN A 10.0.3.69
+a-maximum-rrset.example. 5M IN A 10.0.3.70
+a-maximum-rrset.example. 5M IN A 10.0.3.71
+a-maximum-rrset.example. 5M IN A 10.0.3.72
+a-maximum-rrset.example. 5M IN A 10.0.3.73
+a-maximum-rrset.example. 5M IN A 10.0.3.74
+a-maximum-rrset.example. 5M IN A 10.0.3.75
+a-maximum-rrset.example. 5M IN A 10.0.3.76
+a-maximum-rrset.example. 5M IN A 10.0.3.77
+a-maximum-rrset.example. 5M IN A 10.0.3.78
+a-maximum-rrset.example. 5M IN A 10.0.3.79
+a-maximum-rrset.example. 5M IN A 10.0.3.80
+a-maximum-rrset.example. 5M IN A 10.0.3.81
+a-maximum-rrset.example. 5M IN A 10.0.3.82
+a-maximum-rrset.example. 5M IN A 10.0.3.83
+a-maximum-rrset.example. 5M IN A 10.0.3.84
+a-maximum-rrset.example. 5M IN A 10.0.3.85
+a-maximum-rrset.example. 5M IN A 10.0.3.86
+a-maximum-rrset.example. 5M IN A 10.0.3.87
+a-maximum-rrset.example. 5M IN A 10.0.3.88
+a-maximum-rrset.example. 5M IN A 10.0.3.89
+a-maximum-rrset.example. 5M IN A 10.0.3.90
+a-maximum-rrset.example. 5M IN A 10.0.3.91
+a-maximum-rrset.example. 5M IN A 10.0.3.92
+a-maximum-rrset.example. 5M IN A 10.0.3.93
+a-maximum-rrset.example. 5M IN A 10.0.3.94
+a-maximum-rrset.example. 5M IN A 10.0.3.95
+a-maximum-rrset.example. 5M IN A 10.0.3.96
+a-maximum-rrset.example. 5M IN A 10.0.3.97
+a-maximum-rrset.example. 5M IN A 10.0.3.98
+a-maximum-rrset.example. 5M IN A 10.0.3.99
+a-maximum-rrset.example. 5M IN A 10.0.3.100
+a-maximum-rrset.example. 5M IN A 10.0.3.101
+a-maximum-rrset.example. 5M IN A 10.0.3.102
+a-maximum-rrset.example. 5M IN A 10.0.3.103
+a-maximum-rrset.example. 5M IN A 10.0.3.104
+a-maximum-rrset.example. 5M IN A 10.0.3.105
+a-maximum-rrset.example. 5M IN A 10.0.3.106
+a-maximum-rrset.example. 5M IN A 10.0.3.107
+a-maximum-rrset.example. 5M IN A 10.0.3.108
+a-maximum-rrset.example. 5M IN A 10.0.3.109
+a-maximum-rrset.example. 5M IN A 10.0.3.110
+a-maximum-rrset.example. 5M IN A 10.0.3.111
+a-maximum-rrset.example. 5M IN A 10.0.3.112
+a-maximum-rrset.example. 5M IN A 10.0.3.113
+a-maximum-rrset.example. 5M IN A 10.0.3.114
+a-maximum-rrset.example. 5M IN A 10.0.3.115
+a-maximum-rrset.example. 5M IN A 10.0.3.116
+a-maximum-rrset.example. 5M IN A 10.0.3.117
+a-maximum-rrset.example. 5M IN A 10.0.3.118
+a-maximum-rrset.example. 5M IN A 10.0.3.119
+a-maximum-rrset.example. 5M IN A 10.0.3.120
+a-maximum-rrset.example. 5M IN A 10.0.3.121
+a-maximum-rrset.example. 5M IN A 10.0.3.122
+a-maximum-rrset.example. 5M IN A 10.0.3.123
+a-maximum-rrset.example. 5M IN A 10.0.3.124
+a-maximum-rrset.example. 5M IN A 10.0.3.125
+a-maximum-rrset.example. 5M IN A 10.0.3.126
+a-maximum-rrset.example. 5M IN A 10.0.3.127
+a-maximum-rrset.example. 5M IN A 10.0.3.128
+a-maximum-rrset.example. 5M IN A 10.0.3.129
+a-maximum-rrset.example. 5M IN A 10.0.3.130
+a-maximum-rrset.example. 5M IN A 10.0.3.131
+a-maximum-rrset.example. 5M IN A 10.0.3.132
+a-maximum-rrset.example. 5M IN A 10.0.3.133
+a-maximum-rrset.example. 5M IN A 10.0.3.134
+a-maximum-rrset.example. 5M IN A 10.0.3.135
+a-maximum-rrset.example. 5M IN A 10.0.3.136
+a-maximum-rrset.example. 5M IN A 10.0.3.137
+a-maximum-rrset.example. 5M IN A 10.0.3.138
+a-maximum-rrset.example. 5M IN A 10.0.3.139
+a-maximum-rrset.example. 5M IN A 10.0.3.140
+a-maximum-rrset.example. 5M IN A 10.0.3.141
+a-maximum-rrset.example. 5M IN A 10.0.3.142
+a-maximum-rrset.example. 5M IN A 10.0.3.143
+a-maximum-rrset.example. 5M IN A 10.0.3.144
+a-maximum-rrset.example. 5M IN A 10.0.3.145
+a-maximum-rrset.example. 5M IN A 10.0.3.146
+a-maximum-rrset.example. 5M IN A 10.0.3.147
+a-maximum-rrset.example. 5M IN A 10.0.3.148
+a-maximum-rrset.example. 5M IN A 10.0.3.149
+a-maximum-rrset.example. 5M IN A 10.0.3.150
+a-maximum-rrset.example. 5M IN A 10.0.3.151
+a-maximum-rrset.example. 5M IN A 10.0.3.152
+a-maximum-rrset.example. 5M IN A 10.0.3.153
+a-maximum-rrset.example. 5M IN A 10.0.3.154
+a-maximum-rrset.example. 5M IN A 10.0.3.155
+a-maximum-rrset.example. 5M IN A 10.0.3.156
+a-maximum-rrset.example. 5M IN A 10.0.3.157
+a-maximum-rrset.example. 5M IN A 10.0.3.158
+a-maximum-rrset.example. 5M IN A 10.0.3.159
+a-maximum-rrset.example. 5M IN A 10.0.3.160
+a-maximum-rrset.example. 5M IN A 10.0.3.161
+a-maximum-rrset.example. 5M IN A 10.0.3.162
+a-maximum-rrset.example. 5M IN A 10.0.3.163
+a-maximum-rrset.example. 5M IN A 10.0.3.164
+a-maximum-rrset.example. 5M IN A 10.0.3.165
+a-maximum-rrset.example. 5M IN A 10.0.3.166
+a-maximum-rrset.example. 5M IN A 10.0.3.167
+a-maximum-rrset.example. 5M IN A 10.0.3.168
+a-maximum-rrset.example. 5M IN A 10.0.3.169
+a-maximum-rrset.example. 5M IN A 10.0.3.170
+a-maximum-rrset.example. 5M IN A 10.0.3.171
+a-maximum-rrset.example. 5M IN A 10.0.3.172
+a-maximum-rrset.example. 5M IN A 10.0.3.173
+a-maximum-rrset.example. 5M IN A 10.0.3.174
+a-maximum-rrset.example. 5M IN A 10.0.3.175
+a-maximum-rrset.example. 5M IN A 10.0.3.176
+a-maximum-rrset.example. 5M IN A 10.0.3.177
+a-maximum-rrset.example. 5M IN A 10.0.3.178
+a-maximum-rrset.example. 5M IN A 10.0.3.179
+a-maximum-rrset.example. 5M IN A 10.0.3.180
+a-maximum-rrset.example. 5M IN A 10.0.3.181
+a-maximum-rrset.example. 5M IN A 10.0.3.182
+a-maximum-rrset.example. 5M IN A 10.0.3.183
+a-maximum-rrset.example. 5M IN A 10.0.3.184
+a-maximum-rrset.example. 5M IN A 10.0.3.185
+a-maximum-rrset.example. 5M IN A 10.0.3.186
+a-maximum-rrset.example. 5M IN A 10.0.3.187
+a-maximum-rrset.example. 5M IN A 10.0.3.188
+a-maximum-rrset.example. 5M IN A 10.0.3.189
+a-maximum-rrset.example. 5M IN A 10.0.3.190
+a-maximum-rrset.example. 5M IN A 10.0.3.191
+a-maximum-rrset.example. 5M IN A 10.0.3.192
+a-maximum-rrset.example. 5M IN A 10.0.3.193
+a-maximum-rrset.example. 5M IN A 10.0.3.194
+a-maximum-rrset.example. 5M IN A 10.0.3.195
+a-maximum-rrset.example. 5M IN A 10.0.3.196
+a-maximum-rrset.example. 5M IN A 10.0.3.197
+a-maximum-rrset.example. 5M IN A 10.0.3.198
+a-maximum-rrset.example. 5M IN A 10.0.3.199
+a-maximum-rrset.example. 5M IN A 10.0.3.200
+a-maximum-rrset.example. 5M IN A 10.0.3.201
+a-maximum-rrset.example. 5M IN A 10.0.3.202
+a-maximum-rrset.example. 5M IN A 10.0.3.203
+a-maximum-rrset.example. 5M IN A 10.0.3.204
+a-maximum-rrset.example. 5M IN A 10.0.3.205
+a-maximum-rrset.example. 5M IN A 10.0.3.206
+a-maximum-rrset.example. 5M IN A 10.0.3.207
+a-maximum-rrset.example. 5M IN A 10.0.3.208
+a-maximum-rrset.example. 5M IN A 10.0.3.209
+a-maximum-rrset.example. 5M IN A 10.0.3.210
+a-maximum-rrset.example. 5M IN A 10.0.3.211
+a-maximum-rrset.example. 5M IN A 10.0.3.212
+a-maximum-rrset.example. 5M IN A 10.0.3.213
+a-maximum-rrset.example. 5M IN A 10.0.3.214
+a-maximum-rrset.example. 5M IN A 10.0.3.215
+a-maximum-rrset.example. 5M IN A 10.0.3.216
+a-maximum-rrset.example. 5M IN A 10.0.3.217
+a-maximum-rrset.example. 5M IN A 10.0.3.218
+a-maximum-rrset.example. 5M IN A 10.0.3.219
+a-maximum-rrset.example. 5M IN A 10.0.3.220
+a-maximum-rrset.example. 5M IN A 10.0.3.221
+a-maximum-rrset.example. 5M IN A 10.0.3.222
+a-maximum-rrset.example. 5M IN A 10.0.3.223
+a-maximum-rrset.example. 5M IN A 10.0.3.224
+a-maximum-rrset.example. 5M IN A 10.0.3.225
+a-maximum-rrset.example. 5M IN A 10.0.3.226
+a-maximum-rrset.example. 5M IN A 10.0.3.227
+a-maximum-rrset.example. 5M IN A 10.0.3.228
+a-maximum-rrset.example. 5M IN A 10.0.3.229
+a-maximum-rrset.example. 5M IN A 10.0.3.230
+a-maximum-rrset.example. 5M IN A 10.0.3.231
+a-maximum-rrset.example. 5M IN A 10.0.3.232
+a-maximum-rrset.example. 5M IN A 10.0.3.233
+a-maximum-rrset.example. 5M IN A 10.0.3.234
+a-maximum-rrset.example. 5M IN A 10.0.3.235
+a-maximum-rrset.example. 5M IN A 10.0.3.236
+a-maximum-rrset.example. 5M IN A 10.0.3.237
+a-maximum-rrset.example. 5M IN A 10.0.3.238
+a-maximum-rrset.example. 5M IN A 10.0.3.239
+a-maximum-rrset.example. 5M IN A 10.0.3.240
+a-maximum-rrset.example. 5M IN A 10.0.3.241
+a-maximum-rrset.example. 5M IN A 10.0.3.242
+a-maximum-rrset.example. 5M IN A 10.0.3.243
+a-maximum-rrset.example. 5M IN A 10.0.3.244
+a-maximum-rrset.example. 5M IN A 10.0.3.245
+a-maximum-rrset.example. 5M IN A 10.0.3.246
+a-maximum-rrset.example. 5M IN A 10.0.3.247
+a-maximum-rrset.example. 5M IN A 10.0.3.248
+a-maximum-rrset.example. 5M IN A 10.0.3.249
+a-maximum-rrset.example. 5M IN A 10.0.3.250
+a-maximum-rrset.example. 5M IN A 10.0.3.251
+a-maximum-rrset.example. 5M IN A 10.0.3.252
+a-maximum-rrset.example. 5M IN A 10.0.3.253
+a-maximum-rrset.example. 5M IN A 10.0.3.254
+a-maximum-rrset.example. 5M IN A 10.0.3.255
+a-maximum-rrset.example. 5M IN A 10.0.4.0
+a-maximum-rrset.example. 5M IN A 10.0.4.1
+a-maximum-rrset.example. 5M IN A 10.0.4.2
+a-maximum-rrset.example. 5M IN A 10.0.4.3
+a-maximum-rrset.example. 5M IN A 10.0.4.4
+a-maximum-rrset.example. 5M IN A 10.0.4.5
+a-maximum-rrset.example. 5M IN A 10.0.4.6
+a-maximum-rrset.example. 5M IN A 10.0.4.7
+a-maximum-rrset.example. 5M IN A 10.0.4.8
+a-maximum-rrset.example. 5M IN A 10.0.4.9
+a-maximum-rrset.example. 5M IN A 10.0.4.10
+a-maximum-rrset.example. 5M IN A 10.0.4.11
+a-maximum-rrset.example. 5M IN A 10.0.4.12
+a-maximum-rrset.example. 5M IN A 10.0.4.13
+a-maximum-rrset.example. 5M IN A 10.0.4.14
+a-maximum-rrset.example. 5M IN A 10.0.4.15
+a-maximum-rrset.example. 5M IN A 10.0.4.16
+a-maximum-rrset.example. 5M IN A 10.0.4.17
+a-maximum-rrset.example. 5M IN A 10.0.4.18
+a-maximum-rrset.example. 5M IN A 10.0.4.19
+a-maximum-rrset.example. 5M IN A 10.0.4.20
+a-maximum-rrset.example. 5M IN A 10.0.4.21
+a-maximum-rrset.example. 5M IN A 10.0.4.22
+a-maximum-rrset.example. 5M IN A 10.0.4.23
+a-maximum-rrset.example. 5M IN A 10.0.4.24
+a-maximum-rrset.example. 5M IN A 10.0.4.25
+a-maximum-rrset.example. 5M IN A 10.0.4.26
+a-maximum-rrset.example. 5M IN A 10.0.4.27
+a-maximum-rrset.example. 5M IN A 10.0.4.28
+a-maximum-rrset.example. 5M IN A 10.0.4.29
+a-maximum-rrset.example. 5M IN A 10.0.4.30
+a-maximum-rrset.example. 5M IN A 10.0.4.31
+a-maximum-rrset.example. 5M IN A 10.0.4.32
+a-maximum-rrset.example. 5M IN A 10.0.4.33
+a-maximum-rrset.example. 5M IN A 10.0.4.34
+a-maximum-rrset.example. 5M IN A 10.0.4.35
+a-maximum-rrset.example. 5M IN A 10.0.4.36
+a-maximum-rrset.example. 5M IN A 10.0.4.37
+a-maximum-rrset.example. 5M IN A 10.0.4.38
+a-maximum-rrset.example. 5M IN A 10.0.4.39
+a-maximum-rrset.example. 5M IN A 10.0.4.40
+a-maximum-rrset.example. 5M IN A 10.0.4.41
+a-maximum-rrset.example. 5M IN A 10.0.4.42
+a-maximum-rrset.example. 5M IN A 10.0.4.43
+a-maximum-rrset.example. 5M IN A 10.0.4.44
+a-maximum-rrset.example. 5M IN A 10.0.4.45
+a-maximum-rrset.example. 5M IN A 10.0.4.46
+a-maximum-rrset.example. 5M IN A 10.0.4.47
+a-maximum-rrset.example. 5M IN A 10.0.4.48
+a-maximum-rrset.example. 5M IN A 10.0.4.49
+a-maximum-rrset.example. 5M IN A 10.0.4.50
+a-maximum-rrset.example. 5M IN A 10.0.4.51
+a-maximum-rrset.example. 5M IN A 10.0.4.52
+a-maximum-rrset.example. 5M IN A 10.0.4.53
+a-maximum-rrset.example. 5M IN A 10.0.4.54
+a-maximum-rrset.example. 5M IN A 10.0.4.55
+a-maximum-rrset.example. 5M IN A 10.0.4.56
+a-maximum-rrset.example. 5M IN A 10.0.4.57
+a-maximum-rrset.example. 5M IN A 10.0.4.58
+a-maximum-rrset.example. 5M IN A 10.0.4.59
+a-maximum-rrset.example. 5M IN A 10.0.4.60
+a-maximum-rrset.example. 5M IN A 10.0.4.61
+a-maximum-rrset.example. 5M IN A 10.0.4.62
+a-maximum-rrset.example. 5M IN A 10.0.4.63
+a-maximum-rrset.example. 5M IN A 10.0.4.64
+a-maximum-rrset.example. 5M IN A 10.0.4.65
+a-maximum-rrset.example. 5M IN A 10.0.4.66
+a-maximum-rrset.example. 5M IN A 10.0.4.67
+a-maximum-rrset.example. 5M IN A 10.0.4.68
+a-maximum-rrset.example. 5M IN A 10.0.4.69
+a-maximum-rrset.example. 5M IN A 10.0.4.70
+a-maximum-rrset.example. 5M IN A 10.0.4.71
+a-maximum-rrset.example. 5M IN A 10.0.4.72
+a-maximum-rrset.example. 5M IN A 10.0.4.73
+a-maximum-rrset.example. 5M IN A 10.0.4.74
+a-maximum-rrset.example. 5M IN A 10.0.4.75
+a-maximum-rrset.example. 5M IN A 10.0.4.76
+a-maximum-rrset.example. 5M IN A 10.0.4.77
+a-maximum-rrset.example. 5M IN A 10.0.4.78
+a-maximum-rrset.example. 5M IN A 10.0.4.79
+a-maximum-rrset.example. 5M IN A 10.0.4.80
+a-maximum-rrset.example. 5M IN A 10.0.4.81
+a-maximum-rrset.example. 5M IN A 10.0.4.82
+a-maximum-rrset.example. 5M IN A 10.0.4.83
+a-maximum-rrset.example. 5M IN A 10.0.4.84
+a-maximum-rrset.example. 5M IN A 10.0.4.85
+a-maximum-rrset.example. 5M IN A 10.0.4.86
+a-maximum-rrset.example. 5M IN A 10.0.4.87
+a-maximum-rrset.example. 5M IN A 10.0.4.88
+a-maximum-rrset.example. 5M IN A 10.0.4.89
+a-maximum-rrset.example. 5M IN A 10.0.4.90
+a-maximum-rrset.example. 5M IN A 10.0.4.91
+a-maximum-rrset.example. 5M IN A 10.0.4.92
+a-maximum-rrset.example. 5M IN A 10.0.4.93
+a-maximum-rrset.example. 5M IN A 10.0.4.94
+a-maximum-rrset.example. 5M IN A 10.0.4.95
+a-maximum-rrset.example. 5M IN A 10.0.4.96
+a-maximum-rrset.example. 5M IN A 10.0.4.97
+a-maximum-rrset.example. 5M IN A 10.0.4.98
+a-maximum-rrset.example. 5M IN A 10.0.4.99
+a-maximum-rrset.example. 5M IN A 10.0.4.100
+a-maximum-rrset.example. 5M IN A 10.0.4.101
+a-maximum-rrset.example. 5M IN A 10.0.4.102
+a-maximum-rrset.example. 5M IN A 10.0.4.103
+a-maximum-rrset.example. 5M IN A 10.0.4.104
+a-maximum-rrset.example. 5M IN A 10.0.4.105
+a-maximum-rrset.example. 5M IN A 10.0.4.106
+a-maximum-rrset.example. 5M IN A 10.0.4.107
+a-maximum-rrset.example. 5M IN A 10.0.4.108
+a-maximum-rrset.example. 5M IN A 10.0.4.109
+a-maximum-rrset.example. 5M IN A 10.0.4.110
+a-maximum-rrset.example. 5M IN A 10.0.4.111
+a-maximum-rrset.example. 5M IN A 10.0.4.112
+a-maximum-rrset.example. 5M IN A 10.0.4.113
+a-maximum-rrset.example. 5M IN A 10.0.4.114
+a-maximum-rrset.example. 5M IN A 10.0.4.115
+a-maximum-rrset.example. 5M IN A 10.0.4.116
+a-maximum-rrset.example. 5M IN A 10.0.4.117
+a-maximum-rrset.example. 5M IN A 10.0.4.118
+a-maximum-rrset.example. 5M IN A 10.0.4.119
+a-maximum-rrset.example. 5M IN A 10.0.4.120
+a-maximum-rrset.example. 5M IN A 10.0.4.121
+a-maximum-rrset.example. 5M IN A 10.0.4.122
+a-maximum-rrset.example. 5M IN A 10.0.4.123
+a-maximum-rrset.example. 5M IN A 10.0.4.124
+a-maximum-rrset.example. 5M IN A 10.0.4.125
+a-maximum-rrset.example. 5M IN A 10.0.4.126
+a-maximum-rrset.example. 5M IN A 10.0.4.127
+a-maximum-rrset.example. 5M IN A 10.0.4.128
+a-maximum-rrset.example. 5M IN A 10.0.4.129
+a-maximum-rrset.example. 5M IN A 10.0.4.130
+a-maximum-rrset.example. 5M IN A 10.0.4.131
+a-maximum-rrset.example. 5M IN A 10.0.4.132
+a-maximum-rrset.example. 5M IN A 10.0.4.133
+a-maximum-rrset.example. 5M IN A 10.0.4.134
+a-maximum-rrset.example. 5M IN A 10.0.4.135
+a-maximum-rrset.example. 5M IN A 10.0.4.136
+a-maximum-rrset.example. 5M IN A 10.0.4.137
+a-maximum-rrset.example. 5M IN A 10.0.4.138
+a-maximum-rrset.example. 5M IN A 10.0.4.139
+a-maximum-rrset.example. 5M IN A 10.0.4.140
+a-maximum-rrset.example. 5M IN A 10.0.4.141
+a-maximum-rrset.example. 5M IN A 10.0.4.142
+a-maximum-rrset.example. 5M IN A 10.0.4.143
+a-maximum-rrset.example. 5M IN A 10.0.4.144
+a-maximum-rrset.example. 5M IN A 10.0.4.145
+a-maximum-rrset.example. 5M IN A 10.0.4.146
+a-maximum-rrset.example. 5M IN A 10.0.4.147
+a-maximum-rrset.example. 5M IN A 10.0.4.148
+a-maximum-rrset.example. 5M IN A 10.0.4.149
+a-maximum-rrset.example. 5M IN A 10.0.4.150
+a-maximum-rrset.example. 5M IN A 10.0.4.151
+a-maximum-rrset.example. 5M IN A 10.0.4.152
+a-maximum-rrset.example. 5M IN A 10.0.4.153
+a-maximum-rrset.example. 5M IN A 10.0.4.154
+a-maximum-rrset.example. 5M IN A 10.0.4.155
+a-maximum-rrset.example. 5M IN A 10.0.4.156
+a-maximum-rrset.example. 5M IN A 10.0.4.157
+a-maximum-rrset.example. 5M IN A 10.0.4.158
+a-maximum-rrset.example. 5M IN A 10.0.4.159
+a-maximum-rrset.example. 5M IN A 10.0.4.160
+a-maximum-rrset.example. 5M IN A 10.0.4.161
+a-maximum-rrset.example. 5M IN A 10.0.4.162
+a-maximum-rrset.example. 5M IN A 10.0.4.163
+a-maximum-rrset.example. 5M IN A 10.0.4.164
+a-maximum-rrset.example. 5M IN A 10.0.4.165
+a-maximum-rrset.example. 5M IN A 10.0.4.166
+a-maximum-rrset.example. 5M IN A 10.0.4.167
+a-maximum-rrset.example. 5M IN A 10.0.4.168
+a-maximum-rrset.example. 5M IN A 10.0.4.169
+a-maximum-rrset.example. 5M IN A 10.0.4.170
+a-maximum-rrset.example. 5M IN A 10.0.4.171
+a-maximum-rrset.example. 5M IN A 10.0.4.172
+a-maximum-rrset.example. 5M IN A 10.0.4.173
+a-maximum-rrset.example. 5M IN A 10.0.4.174
+a-maximum-rrset.example. 5M IN A 10.0.4.175
+a-maximum-rrset.example. 5M IN A 10.0.4.176
+a-maximum-rrset.example. 5M IN A 10.0.4.177
+a-maximum-rrset.example. 5M IN A 10.0.4.178
+a-maximum-rrset.example. 5M IN A 10.0.4.179
+a-maximum-rrset.example. 5M IN A 10.0.4.180
+a-maximum-rrset.example. 5M IN A 10.0.4.181
+a-maximum-rrset.example. 5M IN A 10.0.4.182
+a-maximum-rrset.example. 5M IN A 10.0.4.183
+a-maximum-rrset.example. 5M IN A 10.0.4.184
+a-maximum-rrset.example. 5M IN A 10.0.4.185
+a-maximum-rrset.example. 5M IN A 10.0.4.186
+a-maximum-rrset.example. 5M IN A 10.0.4.187
+a-maximum-rrset.example. 5M IN A 10.0.4.188
+a-maximum-rrset.example. 5M IN A 10.0.4.189
+a-maximum-rrset.example. 5M IN A 10.0.4.190
+a-maximum-rrset.example. 5M IN A 10.0.4.191
+a-maximum-rrset.example. 5M IN A 10.0.4.192
+a-maximum-rrset.example. 5M IN A 10.0.4.193
+a-maximum-rrset.example. 5M IN A 10.0.4.194
+a-maximum-rrset.example. 5M IN A 10.0.4.195
+a-maximum-rrset.example. 5M IN A 10.0.4.196
+a-maximum-rrset.example. 5M IN A 10.0.4.197
+a-maximum-rrset.example. 5M IN A 10.0.4.198
+a-maximum-rrset.example. 5M IN A 10.0.4.199
+a-maximum-rrset.example. 5M IN A 10.0.4.200
+a-maximum-rrset.example. 5M IN A 10.0.4.201
+a-maximum-rrset.example. 5M IN A 10.0.4.202
+a-maximum-rrset.example. 5M IN A 10.0.4.203
+a-maximum-rrset.example. 5M IN A 10.0.4.204
+a-maximum-rrset.example. 5M IN A 10.0.4.205
+a-maximum-rrset.example. 5M IN A 10.0.4.206
+a-maximum-rrset.example. 5M IN A 10.0.4.207
+a-maximum-rrset.example. 5M IN A 10.0.4.208
+a-maximum-rrset.example. 5M IN A 10.0.4.209
+a-maximum-rrset.example. 5M IN A 10.0.4.210
+a-maximum-rrset.example. 5M IN A 10.0.4.211
+a-maximum-rrset.example. 5M IN A 10.0.4.212
+a-maximum-rrset.example. 5M IN A 10.0.4.213
+a-maximum-rrset.example. 5M IN A 10.0.4.214
+a-maximum-rrset.example. 5M IN A 10.0.4.215
+a-maximum-rrset.example. 5M IN A 10.0.4.216
+a-maximum-rrset.example. 5M IN A 10.0.4.217
+a-maximum-rrset.example. 5M IN A 10.0.4.218
+a-maximum-rrset.example. 5M IN A 10.0.4.219
+a-maximum-rrset.example. 5M IN A 10.0.4.220
+a-maximum-rrset.example. 5M IN A 10.0.4.221
+a-maximum-rrset.example. 5M IN A 10.0.4.222
+a-maximum-rrset.example. 5M IN A 10.0.4.223
+a-maximum-rrset.example. 5M IN A 10.0.4.224
+a-maximum-rrset.example. 5M IN A 10.0.4.225
+a-maximum-rrset.example. 5M IN A 10.0.4.226
+a-maximum-rrset.example. 5M IN A 10.0.4.227
+a-maximum-rrset.example. 5M IN A 10.0.4.228
+a-maximum-rrset.example. 5M IN A 10.0.4.229
+a-maximum-rrset.example. 5M IN A 10.0.4.230
+a-maximum-rrset.example. 5M IN A 10.0.4.231
+a-maximum-rrset.example. 5M IN A 10.0.4.232
+a-maximum-rrset.example. 5M IN A 10.0.4.233
+a-maximum-rrset.example. 5M IN A 10.0.4.234
+a-maximum-rrset.example. 5M IN A 10.0.4.235
+a-maximum-rrset.example. 5M IN A 10.0.4.236
+a-maximum-rrset.example. 5M IN A 10.0.4.237
+a-maximum-rrset.example. 5M IN A 10.0.4.238
+a-maximum-rrset.example. 5M IN A 10.0.4.239
+a-maximum-rrset.example. 5M IN A 10.0.4.240
+a-maximum-rrset.example. 5M IN A 10.0.4.241
+a-maximum-rrset.example. 5M IN A 10.0.4.242
+a-maximum-rrset.example. 5M IN A 10.0.4.243
+a-maximum-rrset.example. 5M IN A 10.0.4.244
+a-maximum-rrset.example. 5M IN A 10.0.4.245
+a-maximum-rrset.example. 5M IN A 10.0.4.246
+a-maximum-rrset.example. 5M IN A 10.0.4.247
+a-maximum-rrset.example. 5M IN A 10.0.4.248
+a-maximum-rrset.example. 5M IN A 10.0.4.249
+a-maximum-rrset.example. 5M IN A 10.0.4.250
+a-maximum-rrset.example. 5M IN A 10.0.4.251
+a-maximum-rrset.example. 5M IN A 10.0.4.252
+a-maximum-rrset.example. 5M IN A 10.0.4.253
+a-maximum-rrset.example. 5M IN A 10.0.4.254
+a-maximum-rrset.example. 5M IN A 10.0.4.255
+a-maximum-rrset.example. 5M IN A 10.0.5.0
+a-maximum-rrset.example. 5M IN A 10.0.5.1
+a-maximum-rrset.example. 5M IN A 10.0.5.2
+a-maximum-rrset.example. 5M IN A 10.0.5.3
+a-maximum-rrset.example. 5M IN A 10.0.5.4
+a-maximum-rrset.example. 5M IN A 10.0.5.5
+a-maximum-rrset.example. 5M IN A 10.0.5.6
+a-maximum-rrset.example. 5M IN A 10.0.5.7
+a-maximum-rrset.example. 5M IN A 10.0.5.8
+a-maximum-rrset.example. 5M IN A 10.0.5.9
+a-maximum-rrset.example. 5M IN A 10.0.5.10
+a-maximum-rrset.example. 5M IN A 10.0.5.11
+a-maximum-rrset.example. 5M IN A 10.0.5.12
+a-maximum-rrset.example. 5M IN A 10.0.5.13
+a-maximum-rrset.example. 5M IN A 10.0.5.14
+a-maximum-rrset.example. 5M IN A 10.0.5.15
+a-maximum-rrset.example. 5M IN A 10.0.5.16
+a-maximum-rrset.example. 5M IN A 10.0.5.17
+a-maximum-rrset.example. 5M IN A 10.0.5.18
+a-maximum-rrset.example. 5M IN A 10.0.5.19
+a-maximum-rrset.example. 5M IN A 10.0.5.20
+a-maximum-rrset.example. 5M IN A 10.0.5.21
+a-maximum-rrset.example. 5M IN A 10.0.5.22
+a-maximum-rrset.example. 5M IN A 10.0.5.23
+a-maximum-rrset.example. 5M IN A 10.0.5.24
+a-maximum-rrset.example. 5M IN A 10.0.5.25
+a-maximum-rrset.example. 5M IN A 10.0.5.26
+a-maximum-rrset.example. 5M IN A 10.0.5.27
+a-maximum-rrset.example. 5M IN A 10.0.5.28
+a-maximum-rrset.example. 5M IN A 10.0.5.29
+a-maximum-rrset.example. 5M IN A 10.0.5.30
+a-maximum-rrset.example. 5M IN A 10.0.5.31
+a-maximum-rrset.example. 5M IN A 10.0.5.32
+a-maximum-rrset.example. 5M IN A 10.0.5.33
+a-maximum-rrset.example. 5M IN A 10.0.5.34
+a-maximum-rrset.example. 5M IN A 10.0.5.35
+a-maximum-rrset.example. 5M IN A 10.0.5.36
+a-maximum-rrset.example. 5M IN A 10.0.5.37
+a-maximum-rrset.example. 5M IN A 10.0.5.38
+a-maximum-rrset.example. 5M IN A 10.0.5.39
+a-maximum-rrset.example. 5M IN A 10.0.5.40
+a-maximum-rrset.example. 5M IN A 10.0.5.41
+a-maximum-rrset.example. 5M IN A 10.0.5.42
+a-maximum-rrset.example. 5M IN A 10.0.5.43
+a-maximum-rrset.example. 5M IN A 10.0.5.44
+a-maximum-rrset.example. 5M IN A 10.0.5.45
+a-maximum-rrset.example. 5M IN A 10.0.5.46
+a-maximum-rrset.example. 5M IN A 10.0.5.47
+a-maximum-rrset.example. 5M IN A 10.0.5.48
+a-maximum-rrset.example. 5M IN A 10.0.5.49
+a-maximum-rrset.example. 5M IN A 10.0.5.50
+a-maximum-rrset.example. 5M IN A 10.0.5.51
+a-maximum-rrset.example. 5M IN A 10.0.5.52
+a-maximum-rrset.example. 5M IN A 10.0.5.53
+a-maximum-rrset.example. 5M IN A 10.0.5.54
+a-maximum-rrset.example. 5M IN A 10.0.5.55
+a-maximum-rrset.example. 5M IN A 10.0.5.56
+a-maximum-rrset.example. 5M IN A 10.0.5.57
+a-maximum-rrset.example. 5M IN A 10.0.5.58
+a-maximum-rrset.example. 5M IN A 10.0.5.59
+a-maximum-rrset.example. 5M IN A 10.0.5.60
+a-maximum-rrset.example. 5M IN A 10.0.5.61
+a-maximum-rrset.example. 5M IN A 10.0.5.62
+a-maximum-rrset.example. 5M IN A 10.0.5.63
+a-maximum-rrset.example. 5M IN A 10.0.5.64
+a-maximum-rrset.example. 5M IN A 10.0.5.65
+a-maximum-rrset.example. 5M IN A 10.0.5.66
+a-maximum-rrset.example. 5M IN A 10.0.5.67
+a-maximum-rrset.example. 5M IN A 10.0.5.68
+a-maximum-rrset.example. 5M IN A 10.0.5.69
+a-maximum-rrset.example. 5M IN A 10.0.5.70
+a-maximum-rrset.example. 5M IN A 10.0.5.71
+a-maximum-rrset.example. 5M IN A 10.0.5.72
+a-maximum-rrset.example. 5M IN A 10.0.5.73
+a-maximum-rrset.example. 5M IN A 10.0.5.74
+a-maximum-rrset.example. 5M IN A 10.0.5.75
+a-maximum-rrset.example. 5M IN A 10.0.5.76
+a-maximum-rrset.example. 5M IN A 10.0.5.77
+a-maximum-rrset.example. 5M IN A 10.0.5.78
+a-maximum-rrset.example. 5M IN A 10.0.5.79
+a-maximum-rrset.example. 5M IN A 10.0.5.80
+a-maximum-rrset.example. 5M IN A 10.0.5.81
+a-maximum-rrset.example. 5M IN A 10.0.5.82
+a-maximum-rrset.example. 5M IN A 10.0.5.83
+a-maximum-rrset.example. 5M IN A 10.0.5.84
+a-maximum-rrset.example. 5M IN A 10.0.5.85
+a-maximum-rrset.example. 5M IN A 10.0.5.86
+a-maximum-rrset.example. 5M IN A 10.0.5.87
+a-maximum-rrset.example. 5M IN A 10.0.5.88
+a-maximum-rrset.example. 5M IN A 10.0.5.89
+a-maximum-rrset.example. 5M IN A 10.0.5.90
+a-maximum-rrset.example. 5M IN A 10.0.5.91
+a-maximum-rrset.example. 5M IN A 10.0.5.92
+a-maximum-rrset.example. 5M IN A 10.0.5.93
+a-maximum-rrset.example. 5M IN A 10.0.5.94
+a-maximum-rrset.example. 5M IN A 10.0.5.95
+a-maximum-rrset.example. 5M IN A 10.0.5.96
+a-maximum-rrset.example. 5M IN A 10.0.5.97
+a-maximum-rrset.example. 5M IN A 10.0.5.98
+a-maximum-rrset.example. 5M IN A 10.0.5.99
+a-maximum-rrset.example. 5M IN A 10.0.5.100
+a-maximum-rrset.example. 5M IN A 10.0.5.101
+a-maximum-rrset.example. 5M IN A 10.0.5.102
+a-maximum-rrset.example. 5M IN A 10.0.5.103
+a-maximum-rrset.example. 5M IN A 10.0.5.104
+a-maximum-rrset.example. 5M IN A 10.0.5.105
+a-maximum-rrset.example. 5M IN A 10.0.5.106
+a-maximum-rrset.example. 5M IN A 10.0.5.107
+a-maximum-rrset.example. 5M IN A 10.0.5.108
+a-maximum-rrset.example. 5M IN A 10.0.5.109
+a-maximum-rrset.example. 5M IN A 10.0.5.110
+a-maximum-rrset.example. 5M IN A 10.0.5.111
+a-maximum-rrset.example. 5M IN A 10.0.5.112
+a-maximum-rrset.example. 5M IN A 10.0.5.113
+a-maximum-rrset.example. 5M IN A 10.0.5.114
+a-maximum-rrset.example. 5M IN A 10.0.5.115
+a-maximum-rrset.example. 5M IN A 10.0.5.116
+a-maximum-rrset.example. 5M IN A 10.0.5.117
+a-maximum-rrset.example. 5M IN A 10.0.5.118
+a-maximum-rrset.example. 5M IN A 10.0.5.119
+a-maximum-rrset.example. 5M IN A 10.0.5.120
+a-maximum-rrset.example. 5M IN A 10.0.5.121
+a-maximum-rrset.example. 5M IN A 10.0.5.122
+a-maximum-rrset.example. 5M IN A 10.0.5.123
+a-maximum-rrset.example. 5M IN A 10.0.5.124
+a-maximum-rrset.example. 5M IN A 10.0.5.125
+a-maximum-rrset.example. 5M IN A 10.0.5.126
+a-maximum-rrset.example. 5M IN A 10.0.5.127
+a-maximum-rrset.example. 5M IN A 10.0.5.128
+a-maximum-rrset.example. 5M IN A 10.0.5.129
+a-maximum-rrset.example. 5M IN A 10.0.5.130
+a-maximum-rrset.example. 5M IN A 10.0.5.131
+a-maximum-rrset.example. 5M IN A 10.0.5.132
+a-maximum-rrset.example. 5M IN A 10.0.5.133
+a-maximum-rrset.example. 5M IN A 10.0.5.134
+a-maximum-rrset.example. 5M IN A 10.0.5.135
+a-maximum-rrset.example. 5M IN A 10.0.5.136
+a-maximum-rrset.example. 5M IN A 10.0.5.137
+a-maximum-rrset.example. 5M IN A 10.0.5.138
+a-maximum-rrset.example. 5M IN A 10.0.5.139
+a-maximum-rrset.example. 5M IN A 10.0.5.140
+a-maximum-rrset.example. 5M IN A 10.0.5.141
+a-maximum-rrset.example. 5M IN A 10.0.5.142
+a-maximum-rrset.example. 5M IN A 10.0.5.143
+a-maximum-rrset.example. 5M IN A 10.0.5.144
+a-maximum-rrset.example. 5M IN A 10.0.5.145
+a-maximum-rrset.example. 5M IN A 10.0.5.146
+a-maximum-rrset.example. 5M IN A 10.0.5.147
+a-maximum-rrset.example. 5M IN A 10.0.5.148
+a-maximum-rrset.example. 5M IN A 10.0.5.149
+a-maximum-rrset.example. 5M IN A 10.0.5.150
+a-maximum-rrset.example. 5M IN A 10.0.5.151
+a-maximum-rrset.example. 5M IN A 10.0.5.152
+a-maximum-rrset.example. 5M IN A 10.0.5.153
+a-maximum-rrset.example. 5M IN A 10.0.5.154
+a-maximum-rrset.example. 5M IN A 10.0.5.155
+a-maximum-rrset.example. 5M IN A 10.0.5.156
+a-maximum-rrset.example. 5M IN A 10.0.5.157
+a-maximum-rrset.example. 5M IN A 10.0.5.158
+a-maximum-rrset.example. 5M IN A 10.0.5.159
+a-maximum-rrset.example. 5M IN A 10.0.5.160
+a-maximum-rrset.example. 5M IN A 10.0.5.161
+a-maximum-rrset.example. 5M IN A 10.0.5.162
+a-maximum-rrset.example. 5M IN A 10.0.5.163
+a-maximum-rrset.example. 5M IN A 10.0.5.164
+a-maximum-rrset.example. 5M IN A 10.0.5.165
+a-maximum-rrset.example. 5M IN A 10.0.5.166
+a-maximum-rrset.example. 5M IN A 10.0.5.167
+a-maximum-rrset.example. 5M IN A 10.0.5.168
+a-maximum-rrset.example. 5M IN A 10.0.5.169
+a-maximum-rrset.example. 5M IN A 10.0.5.170
+a-maximum-rrset.example. 5M IN A 10.0.5.171
+a-maximum-rrset.example. 5M IN A 10.0.5.172
+a-maximum-rrset.example. 5M IN A 10.0.5.173
+a-maximum-rrset.example. 5M IN A 10.0.5.174
+a-maximum-rrset.example. 5M IN A 10.0.5.175
+a-maximum-rrset.example. 5M IN A 10.0.5.176
+a-maximum-rrset.example. 5M IN A 10.0.5.177
+a-maximum-rrset.example. 5M IN A 10.0.5.178
+a-maximum-rrset.example. 5M IN A 10.0.5.179
+a-maximum-rrset.example. 5M IN A 10.0.5.180
+a-maximum-rrset.example. 5M IN A 10.0.5.181
+a-maximum-rrset.example. 5M IN A 10.0.5.182
+a-maximum-rrset.example. 5M IN A 10.0.5.183
+a-maximum-rrset.example. 5M IN A 10.0.5.184
+a-maximum-rrset.example. 5M IN A 10.0.5.185
+a-maximum-rrset.example. 5M IN A 10.0.5.186
+a-maximum-rrset.example. 5M IN A 10.0.5.187
+a-maximum-rrset.example. 5M IN A 10.0.5.188
+a-maximum-rrset.example. 5M IN A 10.0.5.189
+a-maximum-rrset.example. 5M IN A 10.0.5.190
+a-maximum-rrset.example. 5M IN A 10.0.5.191
+a-maximum-rrset.example. 5M IN A 10.0.5.192
+a-maximum-rrset.example. 5M IN A 10.0.5.193
+a-maximum-rrset.example. 5M IN A 10.0.5.194
+a-maximum-rrset.example. 5M IN A 10.0.5.195
+a-maximum-rrset.example. 5M IN A 10.0.5.196
+a-maximum-rrset.example. 5M IN A 10.0.5.197
+a-maximum-rrset.example. 5M IN A 10.0.5.198
+a-maximum-rrset.example. 5M IN A 10.0.5.199
+a-maximum-rrset.example. 5M IN A 10.0.5.200
+a-maximum-rrset.example. 5M IN A 10.0.5.201
+a-maximum-rrset.example. 5M IN A 10.0.5.202
+a-maximum-rrset.example. 5M IN A 10.0.5.203
+a-maximum-rrset.example. 5M IN A 10.0.5.204
+a-maximum-rrset.example. 5M IN A 10.0.5.205
+a-maximum-rrset.example. 5M IN A 10.0.5.206
+a-maximum-rrset.example. 5M IN A 10.0.5.207
+a-maximum-rrset.example. 5M IN A 10.0.5.208
+a-maximum-rrset.example. 5M IN A 10.0.5.209
+a-maximum-rrset.example. 5M IN A 10.0.5.210
+a-maximum-rrset.example. 5M IN A 10.0.5.211
+a-maximum-rrset.example. 5M IN A 10.0.5.212
+a-maximum-rrset.example. 5M IN A 10.0.5.213
+a-maximum-rrset.example. 5M IN A 10.0.5.214
+a-maximum-rrset.example. 5M IN A 10.0.5.215
+a-maximum-rrset.example. 5M IN A 10.0.5.216
+a-maximum-rrset.example. 5M IN A 10.0.5.217
+a-maximum-rrset.example. 5M IN A 10.0.5.218
+a-maximum-rrset.example. 5M IN A 10.0.5.219
+a-maximum-rrset.example. 5M IN A 10.0.5.220
+a-maximum-rrset.example. 5M IN A 10.0.5.221
+a-maximum-rrset.example. 5M IN A 10.0.5.222
+a-maximum-rrset.example. 5M IN A 10.0.5.223
+a-maximum-rrset.example. 5M IN A 10.0.5.224
+a-maximum-rrset.example. 5M IN A 10.0.5.225
+a-maximum-rrset.example. 5M IN A 10.0.5.226
+a-maximum-rrset.example. 5M IN A 10.0.5.227
+a-maximum-rrset.example. 5M IN A 10.0.5.228
+a-maximum-rrset.example. 5M IN A 10.0.5.229
+a-maximum-rrset.example. 5M IN A 10.0.5.230
+a-maximum-rrset.example. 5M IN A 10.0.5.231
+a-maximum-rrset.example. 5M IN A 10.0.5.232
+a-maximum-rrset.example. 5M IN A 10.0.5.233
+a-maximum-rrset.example. 5M IN A 10.0.5.234
+a-maximum-rrset.example. 5M IN A 10.0.5.235
+a-maximum-rrset.example. 5M IN A 10.0.5.236
+a-maximum-rrset.example. 5M IN A 10.0.5.237
+a-maximum-rrset.example. 5M IN A 10.0.5.238
+a-maximum-rrset.example. 5M IN A 10.0.5.239
+a-maximum-rrset.example. 5M IN A 10.0.5.240
+a-maximum-rrset.example. 5M IN A 10.0.5.241
+a-maximum-rrset.example. 5M IN A 10.0.5.242
+a-maximum-rrset.example. 5M IN A 10.0.5.243
+a-maximum-rrset.example. 5M IN A 10.0.5.244
+a-maximum-rrset.example. 5M IN A 10.0.5.245
+a-maximum-rrset.example. 5M IN A 10.0.5.246
+a-maximum-rrset.example. 5M IN A 10.0.5.247
+a-maximum-rrset.example. 5M IN A 10.0.5.248
+a-maximum-rrset.example. 5M IN A 10.0.5.249
+a-maximum-rrset.example. 5M IN A 10.0.5.250
+a-maximum-rrset.example. 5M IN A 10.0.5.251
+a-maximum-rrset.example. 5M IN A 10.0.5.252
+a-maximum-rrset.example. 5M IN A 10.0.5.253
+a-maximum-rrset.example. 5M IN A 10.0.5.254
+a-maximum-rrset.example. 5M IN A 10.0.5.255
+a-maximum-rrset.example. 5M IN A 10.0.6.0
+a-maximum-rrset.example. 5M IN A 10.0.6.1
+a-maximum-rrset.example. 5M IN A 10.0.6.2
+a-maximum-rrset.example. 5M IN A 10.0.6.3
+a-maximum-rrset.example. 5M IN A 10.0.6.4
+a-maximum-rrset.example. 5M IN A 10.0.6.5
+a-maximum-rrset.example. 5M IN A 10.0.6.6
+a-maximum-rrset.example. 5M IN A 10.0.6.7
+a-maximum-rrset.example. 5M IN A 10.0.6.8
+a-maximum-rrset.example. 5M IN A 10.0.6.9
+a-maximum-rrset.example. 5M IN A 10.0.6.10
+a-maximum-rrset.example. 5M IN A 10.0.6.11
+a-maximum-rrset.example. 5M IN A 10.0.6.12
+a-maximum-rrset.example. 5M IN A 10.0.6.13
+a-maximum-rrset.example. 5M IN A 10.0.6.14
+a-maximum-rrset.example. 5M IN A 10.0.6.15
+a-maximum-rrset.example. 5M IN A 10.0.6.16
+a-maximum-rrset.example. 5M IN A 10.0.6.17
+a-maximum-rrset.example. 5M IN A 10.0.6.18
+a-maximum-rrset.example. 5M IN A 10.0.6.19
+a-maximum-rrset.example. 5M IN A 10.0.6.20
+a-maximum-rrset.example. 5M IN A 10.0.6.21
+a-maximum-rrset.example. 5M IN A 10.0.6.22
+a-maximum-rrset.example. 5M IN A 10.0.6.23
+a-maximum-rrset.example. 5M IN A 10.0.6.24
+a-maximum-rrset.example. 5M IN A 10.0.6.25
+a-maximum-rrset.example. 5M IN A 10.0.6.26
+a-maximum-rrset.example. 5M IN A 10.0.6.27
+a-maximum-rrset.example. 5M IN A 10.0.6.28
+a-maximum-rrset.example. 5M IN A 10.0.6.29
+a-maximum-rrset.example. 5M IN A 10.0.6.30
+a-maximum-rrset.example. 5M IN A 10.0.6.31
+a-maximum-rrset.example. 5M IN A 10.0.6.32
+a-maximum-rrset.example. 5M IN A 10.0.6.33
+a-maximum-rrset.example. 5M IN A 10.0.6.34
+a-maximum-rrset.example. 5M IN A 10.0.6.35
+a-maximum-rrset.example. 5M IN A 10.0.6.36
+a-maximum-rrset.example. 5M IN A 10.0.6.37
+a-maximum-rrset.example. 5M IN A 10.0.6.38
+a-maximum-rrset.example. 5M IN A 10.0.6.39
+a-maximum-rrset.example. 5M IN A 10.0.6.40
+a-maximum-rrset.example. 5M IN A 10.0.6.41
+a-maximum-rrset.example. 5M IN A 10.0.6.42
+a-maximum-rrset.example. 5M IN A 10.0.6.43
+a-maximum-rrset.example. 5M IN A 10.0.6.44
+a-maximum-rrset.example. 5M IN A 10.0.6.45
+a-maximum-rrset.example. 5M IN A 10.0.6.46
+a-maximum-rrset.example. 5M IN A 10.0.6.47
+a-maximum-rrset.example. 5M IN A 10.0.6.48
+a-maximum-rrset.example. 5M IN A 10.0.6.49
+a-maximum-rrset.example. 5M IN A 10.0.6.50
+a-maximum-rrset.example. 5M IN A 10.0.6.51
+a-maximum-rrset.example. 5M IN A 10.0.6.52
+a-maximum-rrset.example. 5M IN A 10.0.6.53
+a-maximum-rrset.example. 5M IN A 10.0.6.54
+a-maximum-rrset.example. 5M IN A 10.0.6.55
+a-maximum-rrset.example. 5M IN A 10.0.6.56
+a-maximum-rrset.example. 5M IN A 10.0.6.57
+a-maximum-rrset.example. 5M IN A 10.0.6.58
+a-maximum-rrset.example. 5M IN A 10.0.6.59
+a-maximum-rrset.example. 5M IN A 10.0.6.60
+a-maximum-rrset.example. 5M IN A 10.0.6.61
+a-maximum-rrset.example. 5M IN A 10.0.6.62
+a-maximum-rrset.example. 5M IN A 10.0.6.63
+a-maximum-rrset.example. 5M IN A 10.0.6.64
+a-maximum-rrset.example. 5M IN A 10.0.6.65
+a-maximum-rrset.example. 5M IN A 10.0.6.66
+a-maximum-rrset.example. 5M IN A 10.0.6.67
+a-maximum-rrset.example. 5M IN A 10.0.6.68
+a-maximum-rrset.example. 5M IN A 10.0.6.69
+a-maximum-rrset.example. 5M IN A 10.0.6.70
+a-maximum-rrset.example. 5M IN A 10.0.6.71
+a-maximum-rrset.example. 5M IN A 10.0.6.72
+a-maximum-rrset.example. 5M IN A 10.0.6.73
+a-maximum-rrset.example. 5M IN A 10.0.6.74
+a-maximum-rrset.example. 5M IN A 10.0.6.75
+a-maximum-rrset.example. 5M IN A 10.0.6.76
+a-maximum-rrset.example. 5M IN A 10.0.6.77
+a-maximum-rrset.example. 5M IN A 10.0.6.78
+a-maximum-rrset.example. 5M IN A 10.0.6.79
+a-maximum-rrset.example. 5M IN A 10.0.6.80
+a-maximum-rrset.example. 5M IN A 10.0.6.81
+a-maximum-rrset.example. 5M IN A 10.0.6.82
+a-maximum-rrset.example. 5M IN A 10.0.6.83
+a-maximum-rrset.example. 5M IN A 10.0.6.84
+a-maximum-rrset.example. 5M IN A 10.0.6.85
+a-maximum-rrset.example. 5M IN A 10.0.6.86
+a-maximum-rrset.example. 5M IN A 10.0.6.87
+a-maximum-rrset.example. 5M IN A 10.0.6.88
+a-maximum-rrset.example. 5M IN A 10.0.6.89
+a-maximum-rrset.example. 5M IN A 10.0.6.90
+a-maximum-rrset.example. 5M IN A 10.0.6.91
+a-maximum-rrset.example. 5M IN A 10.0.6.92
+a-maximum-rrset.example. 5M IN A 10.0.6.93
+a-maximum-rrset.example. 5M IN A 10.0.6.94
+a-maximum-rrset.example. 5M IN A 10.0.6.95
+a-maximum-rrset.example. 5M IN A 10.0.6.96
+a-maximum-rrset.example. 5M IN A 10.0.6.97
+a-maximum-rrset.example. 5M IN A 10.0.6.98
+a-maximum-rrset.example. 5M IN A 10.0.6.99
+a-maximum-rrset.example. 5M IN A 10.0.6.100
+a-maximum-rrset.example. 5M IN A 10.0.6.101
+a-maximum-rrset.example. 5M IN A 10.0.6.102
+a-maximum-rrset.example. 5M IN A 10.0.6.103
+a-maximum-rrset.example. 5M IN A 10.0.6.104
+a-maximum-rrset.example. 5M IN A 10.0.6.105
+a-maximum-rrset.example. 5M IN A 10.0.6.106
+a-maximum-rrset.example. 5M IN A 10.0.6.107
+a-maximum-rrset.example. 5M IN A 10.0.6.108
+a-maximum-rrset.example. 5M IN A 10.0.6.109
+a-maximum-rrset.example. 5M IN A 10.0.6.110
+a-maximum-rrset.example. 5M IN A 10.0.6.111
+a-maximum-rrset.example. 5M IN A 10.0.6.112
+a-maximum-rrset.example. 5M IN A 10.0.6.113
+a-maximum-rrset.example. 5M IN A 10.0.6.114
+a-maximum-rrset.example. 5M IN A 10.0.6.115
+a-maximum-rrset.example. 5M IN A 10.0.6.116
+a-maximum-rrset.example. 5M IN A 10.0.6.117
+a-maximum-rrset.example. 5M IN A 10.0.6.118
+a-maximum-rrset.example. 5M IN A 10.0.6.119
+a-maximum-rrset.example. 5M IN A 10.0.6.120
+a-maximum-rrset.example. 5M IN A 10.0.6.121
+a-maximum-rrset.example. 5M IN A 10.0.6.122
+a-maximum-rrset.example. 5M IN A 10.0.6.123
+a-maximum-rrset.example. 5M IN A 10.0.6.124
+a-maximum-rrset.example. 5M IN A 10.0.6.125
+a-maximum-rrset.example. 5M IN A 10.0.6.126
+a-maximum-rrset.example. 5M IN A 10.0.6.127
+a-maximum-rrset.example. 5M IN A 10.0.6.128
+a-maximum-rrset.example. 5M IN A 10.0.6.129
+a-maximum-rrset.example. 5M IN A 10.0.6.130
+a-maximum-rrset.example. 5M IN A 10.0.6.131
+a-maximum-rrset.example. 5M IN A 10.0.6.132
+a-maximum-rrset.example. 5M IN A 10.0.6.133
+a-maximum-rrset.example. 5M IN A 10.0.6.134
+a-maximum-rrset.example. 5M IN A 10.0.6.135
+a-maximum-rrset.example. 5M IN A 10.0.6.136
+a-maximum-rrset.example. 5M IN A 10.0.6.137
+a-maximum-rrset.example. 5M IN A 10.0.6.138
+a-maximum-rrset.example. 5M IN A 10.0.6.139
+a-maximum-rrset.example. 5M IN A 10.0.6.140
+a-maximum-rrset.example. 5M IN A 10.0.6.141
+a-maximum-rrset.example. 5M IN A 10.0.6.142
+a-maximum-rrset.example. 5M IN A 10.0.6.143
+a-maximum-rrset.example. 5M IN A 10.0.6.144
+a-maximum-rrset.example. 5M IN A 10.0.6.145
+a-maximum-rrset.example. 5M IN A 10.0.6.146
+a-maximum-rrset.example. 5M IN A 10.0.6.147
+a-maximum-rrset.example. 5M IN A 10.0.6.148
+a-maximum-rrset.example. 5M IN A 10.0.6.149
+a-maximum-rrset.example. 5M IN A 10.0.6.150
+a-maximum-rrset.example. 5M IN A 10.0.6.151
+a-maximum-rrset.example. 5M IN A 10.0.6.152
+a-maximum-rrset.example. 5M IN A 10.0.6.153
+a-maximum-rrset.example. 5M IN A 10.0.6.154
+a-maximum-rrset.example. 5M IN A 10.0.6.155
+a-maximum-rrset.example. 5M IN A 10.0.6.156
+a-maximum-rrset.example. 5M IN A 10.0.6.157
+a-maximum-rrset.example. 5M IN A 10.0.6.158
+a-maximum-rrset.example. 5M IN A 10.0.6.159
+a-maximum-rrset.example. 5M IN A 10.0.6.160
+a-maximum-rrset.example. 5M IN A 10.0.6.161
+a-maximum-rrset.example. 5M IN A 10.0.6.162
+a-maximum-rrset.example. 5M IN A 10.0.6.163
+a-maximum-rrset.example. 5M IN A 10.0.6.164
+a-maximum-rrset.example. 5M IN A 10.0.6.165
+a-maximum-rrset.example. 5M IN A 10.0.6.166
+a-maximum-rrset.example. 5M IN A 10.0.6.167
+a-maximum-rrset.example. 5M IN A 10.0.6.168
+a-maximum-rrset.example. 5M IN A 10.0.6.169
+a-maximum-rrset.example. 5M IN A 10.0.6.170
+a-maximum-rrset.example. 5M IN A 10.0.6.171
+a-maximum-rrset.example. 5M IN A 10.0.6.172
+a-maximum-rrset.example. 5M IN A 10.0.6.173
+a-maximum-rrset.example. 5M IN A 10.0.6.174
+a-maximum-rrset.example. 5M IN A 10.0.6.175
+a-maximum-rrset.example. 5M IN A 10.0.6.176
+a-maximum-rrset.example. 5M IN A 10.0.6.177
+a-maximum-rrset.example. 5M IN A 10.0.6.178
+a-maximum-rrset.example. 5M IN A 10.0.6.179
+a-maximum-rrset.example. 5M IN A 10.0.6.180
+a-maximum-rrset.example. 5M IN A 10.0.6.181
+a-maximum-rrset.example. 5M IN A 10.0.6.182
+a-maximum-rrset.example. 5M IN A 10.0.6.183
+a-maximum-rrset.example. 5M IN A 10.0.6.184
+a-maximum-rrset.example. 5M IN A 10.0.6.185
+a-maximum-rrset.example. 5M IN A 10.0.6.186
+a-maximum-rrset.example. 5M IN A 10.0.6.187
+a-maximum-rrset.example. 5M IN A 10.0.6.188
+a-maximum-rrset.example. 5M IN A 10.0.6.189
+a-maximum-rrset.example. 5M IN A 10.0.6.190
+a-maximum-rrset.example. 5M IN A 10.0.6.191
+a-maximum-rrset.example. 5M IN A 10.0.6.192
+a-maximum-rrset.example. 5M IN A 10.0.6.193
+a-maximum-rrset.example. 5M IN A 10.0.6.194
+a-maximum-rrset.example. 5M IN A 10.0.6.195
+a-maximum-rrset.example. 5M IN A 10.0.6.196
+a-maximum-rrset.example. 5M IN A 10.0.6.197
+a-maximum-rrset.example. 5M IN A 10.0.6.198
+a-maximum-rrset.example. 5M IN A 10.0.6.199
+a-maximum-rrset.example. 5M IN A 10.0.6.200
+a-maximum-rrset.example. 5M IN A 10.0.6.201
+a-maximum-rrset.example. 5M IN A 10.0.6.202
+a-maximum-rrset.example. 5M IN A 10.0.6.203
+a-maximum-rrset.example. 5M IN A 10.0.6.204
+a-maximum-rrset.example. 5M IN A 10.0.6.205
+a-maximum-rrset.example. 5M IN A 10.0.6.206
+a-maximum-rrset.example. 5M IN A 10.0.6.207
+a-maximum-rrset.example. 5M IN A 10.0.6.208
+a-maximum-rrset.example. 5M IN A 10.0.6.209
+a-maximum-rrset.example. 5M IN A 10.0.6.210
+a-maximum-rrset.example. 5M IN A 10.0.6.211
+a-maximum-rrset.example. 5M IN A 10.0.6.212
+a-maximum-rrset.example. 5M IN A 10.0.6.213
+a-maximum-rrset.example. 5M IN A 10.0.6.214
+a-maximum-rrset.example. 5M IN A 10.0.6.215
+a-maximum-rrset.example. 5M IN A 10.0.6.216
+a-maximum-rrset.example. 5M IN A 10.0.6.217
+a-maximum-rrset.example. 5M IN A 10.0.6.218
+a-maximum-rrset.example. 5M IN A 10.0.6.219
+a-maximum-rrset.example. 5M IN A 10.0.6.220
+a-maximum-rrset.example. 5M IN A 10.0.6.221
+a-maximum-rrset.example. 5M IN A 10.0.6.222
+a-maximum-rrset.example. 5M IN A 10.0.6.223
+a-maximum-rrset.example. 5M IN A 10.0.6.224
+a-maximum-rrset.example. 5M IN A 10.0.6.225
+a-maximum-rrset.example. 5M IN A 10.0.6.226
+a-maximum-rrset.example. 5M IN A 10.0.6.227
+a-maximum-rrset.example. 5M IN A 10.0.6.228
+a-maximum-rrset.example. 5M IN A 10.0.6.229
+a-maximum-rrset.example. 5M IN A 10.0.6.230
+a-maximum-rrset.example. 5M IN A 10.0.6.231
+a-maximum-rrset.example. 5M IN A 10.0.6.232
+a-maximum-rrset.example. 5M IN A 10.0.6.233
+a-maximum-rrset.example. 5M IN A 10.0.6.234
+a-maximum-rrset.example. 5M IN A 10.0.6.235
+a-maximum-rrset.example. 5M IN A 10.0.6.236
+a-maximum-rrset.example. 5M IN A 10.0.6.237
+a-maximum-rrset.example. 5M IN A 10.0.6.238
+a-maximum-rrset.example. 5M IN A 10.0.6.239
+a-maximum-rrset.example. 5M IN A 10.0.6.240
+a-maximum-rrset.example. 5M IN A 10.0.6.241
+a-maximum-rrset.example. 5M IN A 10.0.6.242
+a-maximum-rrset.example. 5M IN A 10.0.6.243
+a-maximum-rrset.example. 5M IN A 10.0.6.244
+a-maximum-rrset.example. 5M IN A 10.0.6.245
+a-maximum-rrset.example. 5M IN A 10.0.6.246
+a-maximum-rrset.example. 5M IN A 10.0.6.247
+a-maximum-rrset.example. 5M IN A 10.0.6.248
+a-maximum-rrset.example. 5M IN A 10.0.6.249
+a-maximum-rrset.example. 5M IN A 10.0.6.250
+a-maximum-rrset.example. 5M IN A 10.0.6.251
+a-maximum-rrset.example. 5M IN A 10.0.6.252
+a-maximum-rrset.example. 5M IN A 10.0.6.253
+a-maximum-rrset.example. 5M IN A 10.0.6.254
+a-maximum-rrset.example. 5M IN A 10.0.6.255
+a-maximum-rrset.example. 5M IN A 10.0.7.0
+a-maximum-rrset.example. 5M IN A 10.0.7.1
+a-maximum-rrset.example. 5M IN A 10.0.7.2
+a-maximum-rrset.example. 5M IN A 10.0.7.3
+a-maximum-rrset.example. 5M IN A 10.0.7.4
+a-maximum-rrset.example. 5M IN A 10.0.7.5
+a-maximum-rrset.example. 5M IN A 10.0.7.6
+a-maximum-rrset.example. 5M IN A 10.0.7.7
+a-maximum-rrset.example. 5M IN A 10.0.7.8
+a-maximum-rrset.example. 5M IN A 10.0.7.9
+a-maximum-rrset.example. 5M IN A 10.0.7.10
+a-maximum-rrset.example. 5M IN A 10.0.7.11
+a-maximum-rrset.example. 5M IN A 10.0.7.12
+a-maximum-rrset.example. 5M IN A 10.0.7.13
+a-maximum-rrset.example. 5M IN A 10.0.7.14
+a-maximum-rrset.example. 5M IN A 10.0.7.15
+a-maximum-rrset.example. 5M IN A 10.0.7.16
+a-maximum-rrset.example. 5M IN A 10.0.7.17
+a-maximum-rrset.example. 5M IN A 10.0.7.18
+a-maximum-rrset.example. 5M IN A 10.0.7.19
+a-maximum-rrset.example. 5M IN A 10.0.7.20
+a-maximum-rrset.example. 5M IN A 10.0.7.21
+a-maximum-rrset.example. 5M IN A 10.0.7.22
+a-maximum-rrset.example. 5M IN A 10.0.7.23
+a-maximum-rrset.example. 5M IN A 10.0.7.24
+a-maximum-rrset.example. 5M IN A 10.0.7.25
+a-maximum-rrset.example. 5M IN A 10.0.7.26
+a-maximum-rrset.example. 5M IN A 10.0.7.27
+a-maximum-rrset.example. 5M IN A 10.0.7.28
+a-maximum-rrset.example. 5M IN A 10.0.7.29
+a-maximum-rrset.example. 5M IN A 10.0.7.30
+a-maximum-rrset.example. 5M IN A 10.0.7.31
+a-maximum-rrset.example. 5M IN A 10.0.7.32
+a-maximum-rrset.example. 5M IN A 10.0.7.33
+a-maximum-rrset.example. 5M IN A 10.0.7.34
+a-maximum-rrset.example. 5M IN A 10.0.7.35
+a-maximum-rrset.example. 5M IN A 10.0.7.36
+a-maximum-rrset.example. 5M IN A 10.0.7.37
+a-maximum-rrset.example. 5M IN A 10.0.7.38
+a-maximum-rrset.example. 5M IN A 10.0.7.39
+a-maximum-rrset.example. 5M IN A 10.0.7.40
+a-maximum-rrset.example. 5M IN A 10.0.7.41
+a-maximum-rrset.example. 5M IN A 10.0.7.42
+a-maximum-rrset.example. 5M IN A 10.0.7.43
+a-maximum-rrset.example. 5M IN A 10.0.7.44
+a-maximum-rrset.example. 5M IN A 10.0.7.45
+a-maximum-rrset.example. 5M IN A 10.0.7.46
+a-maximum-rrset.example. 5M IN A 10.0.7.47
+a-maximum-rrset.example. 5M IN A 10.0.7.48
+a-maximum-rrset.example. 5M IN A 10.0.7.49
+a-maximum-rrset.example. 5M IN A 10.0.7.50
+a-maximum-rrset.example. 5M IN A 10.0.7.51
+a-maximum-rrset.example. 5M IN A 10.0.7.52
+a-maximum-rrset.example. 5M IN A 10.0.7.53
+a-maximum-rrset.example. 5M IN A 10.0.7.54
+a-maximum-rrset.example. 5M IN A 10.0.7.55
+a-maximum-rrset.example. 5M IN A 10.0.7.56
+a-maximum-rrset.example. 5M IN A 10.0.7.57
+a-maximum-rrset.example. 5M IN A 10.0.7.58
+a-maximum-rrset.example. 5M IN A 10.0.7.59
+a-maximum-rrset.example. 5M IN A 10.0.7.60
+a-maximum-rrset.example. 5M IN A 10.0.7.61
+a-maximum-rrset.example. 5M IN A 10.0.7.62
+a-maximum-rrset.example. 5M IN A 10.0.7.63
+a-maximum-rrset.example. 5M IN A 10.0.7.64
+a-maximum-rrset.example. 5M IN A 10.0.7.65
+a-maximum-rrset.example. 5M IN A 10.0.7.66
+a-maximum-rrset.example. 5M IN A 10.0.7.67
+a-maximum-rrset.example. 5M IN A 10.0.7.68
+a-maximum-rrset.example. 5M IN A 10.0.7.69
+a-maximum-rrset.example. 5M IN A 10.0.7.70
+a-maximum-rrset.example. 5M IN A 10.0.7.71
+a-maximum-rrset.example. 5M IN A 10.0.7.72
+a-maximum-rrset.example. 5M IN A 10.0.7.73
+a-maximum-rrset.example. 5M IN A 10.0.7.74
+a-maximum-rrset.example. 5M IN A 10.0.7.75
+a-maximum-rrset.example. 5M IN A 10.0.7.76
+a-maximum-rrset.example. 5M IN A 10.0.7.77
+a-maximum-rrset.example. 5M IN A 10.0.7.78
+a-maximum-rrset.example. 5M IN A 10.0.7.79
+a-maximum-rrset.example. 5M IN A 10.0.7.80
+a-maximum-rrset.example. 5M IN A 10.0.7.81
+a-maximum-rrset.example. 5M IN A 10.0.7.82
+a-maximum-rrset.example. 5M IN A 10.0.7.83
+a-maximum-rrset.example. 5M IN A 10.0.7.84
+a-maximum-rrset.example. 5M IN A 10.0.7.85
+a-maximum-rrset.example. 5M IN A 10.0.7.86
+a-maximum-rrset.example. 5M IN A 10.0.7.87
+a-maximum-rrset.example. 5M IN A 10.0.7.88
+a-maximum-rrset.example. 5M IN A 10.0.7.89
+a-maximum-rrset.example. 5M IN A 10.0.7.90
+a-maximum-rrset.example. 5M IN A 10.0.7.91
+a-maximum-rrset.example. 5M IN A 10.0.7.92
+a-maximum-rrset.example. 5M IN A 10.0.7.93
+a-maximum-rrset.example. 5M IN A 10.0.7.94
+a-maximum-rrset.example. 5M IN A 10.0.7.95
+a-maximum-rrset.example. 5M IN A 10.0.7.96
+a-maximum-rrset.example. 5M IN A 10.0.7.97
+a-maximum-rrset.example. 5M IN A 10.0.7.98
+a-maximum-rrset.example. 5M IN A 10.0.7.99
+a-maximum-rrset.example. 5M IN A 10.0.7.100
+a-maximum-rrset.example. 5M IN A 10.0.7.101
+a-maximum-rrset.example. 5M IN A 10.0.7.102
+a-maximum-rrset.example. 5M IN A 10.0.7.103
+a-maximum-rrset.example. 5M IN A 10.0.7.104
+a-maximum-rrset.example. 5M IN A 10.0.7.105
+a-maximum-rrset.example. 5M IN A 10.0.7.106
+a-maximum-rrset.example. 5M IN A 10.0.7.107
+a-maximum-rrset.example. 5M IN A 10.0.7.108
+a-maximum-rrset.example. 5M IN A 10.0.7.109
+a-maximum-rrset.example. 5M IN A 10.0.7.110
+a-maximum-rrset.example. 5M IN A 10.0.7.111
+a-maximum-rrset.example. 5M IN A 10.0.7.112
+a-maximum-rrset.example. 5M IN A 10.0.7.113
+a-maximum-rrset.example. 5M IN A 10.0.7.114
+a-maximum-rrset.example. 5M IN A 10.0.7.115
+a-maximum-rrset.example. 5M IN A 10.0.7.116
+a-maximum-rrset.example. 5M IN A 10.0.7.117
+a-maximum-rrset.example. 5M IN A 10.0.7.118
+a-maximum-rrset.example. 5M IN A 10.0.7.119
+a-maximum-rrset.example. 5M IN A 10.0.7.120
+a-maximum-rrset.example. 5M IN A 10.0.7.121
+a-maximum-rrset.example. 5M IN A 10.0.7.122
+a-maximum-rrset.example. 5M IN A 10.0.7.123
+a-maximum-rrset.example. 5M IN A 10.0.7.124
+a-maximum-rrset.example. 5M IN A 10.0.7.125
+a-maximum-rrset.example. 5M IN A 10.0.7.126
+a-maximum-rrset.example. 5M IN A 10.0.7.127
+a-maximum-rrset.example. 5M IN A 10.0.7.128
+a-maximum-rrset.example. 5M IN A 10.0.7.129
+a-maximum-rrset.example. 5M IN A 10.0.7.130
+a-maximum-rrset.example. 5M IN A 10.0.7.131
+a-maximum-rrset.example. 5M IN A 10.0.7.132
+a-maximum-rrset.example. 5M IN A 10.0.7.133
+a-maximum-rrset.example. 5M IN A 10.0.7.134
+a-maximum-rrset.example. 5M IN A 10.0.7.135
+a-maximum-rrset.example. 5M IN A 10.0.7.136
+a-maximum-rrset.example. 5M IN A 10.0.7.137
+a-maximum-rrset.example. 5M IN A 10.0.7.138
+a-maximum-rrset.example. 5M IN A 10.0.7.139
+a-maximum-rrset.example. 5M IN A 10.0.7.140
+a-maximum-rrset.example. 5M IN A 10.0.7.141
+a-maximum-rrset.example. 5M IN A 10.0.7.142
+a-maximum-rrset.example. 5M IN A 10.0.7.143
+a-maximum-rrset.example. 5M IN A 10.0.7.144
+a-maximum-rrset.example. 5M IN A 10.0.7.145
+a-maximum-rrset.example. 5M IN A 10.0.7.146
+a-maximum-rrset.example. 5M IN A 10.0.7.147
+a-maximum-rrset.example. 5M IN A 10.0.7.148
+a-maximum-rrset.example. 5M IN A 10.0.7.149
+a-maximum-rrset.example. 5M IN A 10.0.7.150
+a-maximum-rrset.example. 5M IN A 10.0.7.151
+a-maximum-rrset.example. 5M IN A 10.0.7.152
+a-maximum-rrset.example. 5M IN A 10.0.7.153
+a-maximum-rrset.example. 5M IN A 10.0.7.154
+a-maximum-rrset.example. 5M IN A 10.0.7.155
+a-maximum-rrset.example. 5M IN A 10.0.7.156
+a-maximum-rrset.example. 5M IN A 10.0.7.157
+a-maximum-rrset.example. 5M IN A 10.0.7.158
+a-maximum-rrset.example. 5M IN A 10.0.7.159
+a-maximum-rrset.example. 5M IN A 10.0.7.160
+a-maximum-rrset.example. 5M IN A 10.0.7.161
+a-maximum-rrset.example. 5M IN A 10.0.7.162
+a-maximum-rrset.example. 5M IN A 10.0.7.163
+a-maximum-rrset.example. 5M IN A 10.0.7.164
+a-maximum-rrset.example. 5M IN A 10.0.7.165
+a-maximum-rrset.example. 5M IN A 10.0.7.166
+a-maximum-rrset.example. 5M IN A 10.0.7.167
+a-maximum-rrset.example. 5M IN A 10.0.7.168
+a-maximum-rrset.example. 5M IN A 10.0.7.169
+a-maximum-rrset.example. 5M IN A 10.0.7.170
+a-maximum-rrset.example. 5M IN A 10.0.7.171
+a-maximum-rrset.example. 5M IN A 10.0.7.172
+a-maximum-rrset.example. 5M IN A 10.0.7.173
+a-maximum-rrset.example. 5M IN A 10.0.7.174
+a-maximum-rrset.example. 5M IN A 10.0.7.175
+a-maximum-rrset.example. 5M IN A 10.0.7.176
+a-maximum-rrset.example. 5M IN A 10.0.7.177
+a-maximum-rrset.example. 5M IN A 10.0.7.178
+a-maximum-rrset.example. 5M IN A 10.0.7.179
+a-maximum-rrset.example. 5M IN A 10.0.7.180
+a-maximum-rrset.example. 5M IN A 10.0.7.181
+a-maximum-rrset.example. 5M IN A 10.0.7.182
+a-maximum-rrset.example. 5M IN A 10.0.7.183
+a-maximum-rrset.example. 5M IN A 10.0.7.184
+a-maximum-rrset.example. 5M IN A 10.0.7.185
+a-maximum-rrset.example. 5M IN A 10.0.7.186
+a-maximum-rrset.example. 5M IN A 10.0.7.187
+a-maximum-rrset.example. 5M IN A 10.0.7.188
+a-maximum-rrset.example. 5M IN A 10.0.7.189
+a-maximum-rrset.example. 5M IN A 10.0.7.190
+a-maximum-rrset.example. 5M IN A 10.0.7.191
+a-maximum-rrset.example. 5M IN A 10.0.7.192
+a-maximum-rrset.example. 5M IN A 10.0.7.193
+a-maximum-rrset.example. 5M IN A 10.0.7.194
+a-maximum-rrset.example. 5M IN A 10.0.7.195
+a-maximum-rrset.example. 5M IN A 10.0.7.196
+a-maximum-rrset.example. 5M IN A 10.0.7.197
+a-maximum-rrset.example. 5M IN A 10.0.7.198
+a-maximum-rrset.example. 5M IN A 10.0.7.199
+a-maximum-rrset.example. 5M IN A 10.0.7.200
+a-maximum-rrset.example. 5M IN A 10.0.7.201
+a-maximum-rrset.example. 5M IN A 10.0.7.202
+a-maximum-rrset.example. 5M IN A 10.0.7.203
+a-maximum-rrset.example. 5M IN A 10.0.7.204
+a-maximum-rrset.example. 5M IN A 10.0.7.205
+a-maximum-rrset.example. 5M IN A 10.0.7.206
+a-maximum-rrset.example. 5M IN A 10.0.7.207
+a-maximum-rrset.example. 5M IN A 10.0.7.208
+a-maximum-rrset.example. 5M IN A 10.0.7.209
+a-maximum-rrset.example. 5M IN A 10.0.7.210
+a-maximum-rrset.example. 5M IN A 10.0.7.211
+a-maximum-rrset.example. 5M IN A 10.0.7.212
+a-maximum-rrset.example. 5M IN A 10.0.7.213
+a-maximum-rrset.example. 5M IN A 10.0.7.214
+a-maximum-rrset.example. 5M IN A 10.0.7.215
+a-maximum-rrset.example. 5M IN A 10.0.7.216
+a-maximum-rrset.example. 5M IN A 10.0.7.217
+a-maximum-rrset.example. 5M IN A 10.0.7.218
+a-maximum-rrset.example. 5M IN A 10.0.7.219
+a-maximum-rrset.example. 5M IN A 10.0.7.220
+a-maximum-rrset.example. 5M IN A 10.0.7.221
+a-maximum-rrset.example. 5M IN A 10.0.7.222
+a-maximum-rrset.example. 5M IN A 10.0.7.223
+a-maximum-rrset.example. 5M IN A 10.0.7.224
+a-maximum-rrset.example. 5M IN A 10.0.7.225
+a-maximum-rrset.example. 5M IN A 10.0.7.226
+a-maximum-rrset.example. 5M IN A 10.0.7.227
+a-maximum-rrset.example. 5M IN A 10.0.7.228
+a-maximum-rrset.example. 5M IN A 10.0.7.229
+a-maximum-rrset.example. 5M IN A 10.0.7.230
+a-maximum-rrset.example. 5M IN A 10.0.7.231
+a-maximum-rrset.example. 5M IN A 10.0.7.232
+a-maximum-rrset.example. 5M IN A 10.0.7.233
+a-maximum-rrset.example. 5M IN A 10.0.7.234
+a-maximum-rrset.example. 5M IN A 10.0.7.235
+a-maximum-rrset.example. 5M IN A 10.0.7.236
+a-maximum-rrset.example. 5M IN A 10.0.7.237
+a-maximum-rrset.example. 5M IN A 10.0.7.238
+a-maximum-rrset.example. 5M IN A 10.0.7.239
+a-maximum-rrset.example. 5M IN A 10.0.7.240
+a-maximum-rrset.example. 5M IN A 10.0.7.241
+a-maximum-rrset.example. 5M IN A 10.0.7.242
+a-maximum-rrset.example. 5M IN A 10.0.7.243
+a-maximum-rrset.example. 5M IN A 10.0.7.244
+a-maximum-rrset.example. 5M IN A 10.0.7.245
+a-maximum-rrset.example. 5M IN A 10.0.7.246
+a-maximum-rrset.example. 5M IN A 10.0.7.247
+a-maximum-rrset.example. 5M IN A 10.0.7.248
+a-maximum-rrset.example. 5M IN A 10.0.7.249
+a-maximum-rrset.example. 5M IN A 10.0.7.250
+a-maximum-rrset.example. 5M IN A 10.0.7.251
+a-maximum-rrset.example. 5M IN A 10.0.7.252
+a-maximum-rrset.example. 5M IN A 10.0.7.253
+a-maximum-rrset.example. 5M IN A 10.0.7.254
+a-maximum-rrset.example. 5M IN A 10.0.7.255
+a-maximum-rrset.example. 5M IN A 10.0.8.0
+a-maximum-rrset.example. 5M IN A 10.0.8.1
+a-maximum-rrset.example. 5M IN A 10.0.8.2
+a-maximum-rrset.example. 5M IN A 10.0.8.3
+a-maximum-rrset.example. 5M IN A 10.0.8.4
+a-maximum-rrset.example. 5M IN A 10.0.8.5
+a-maximum-rrset.example. 5M IN A 10.0.8.6
+a-maximum-rrset.example. 5M IN A 10.0.8.7
+a-maximum-rrset.example. 5M IN A 10.0.8.8
+a-maximum-rrset.example. 5M IN A 10.0.8.9
+a-maximum-rrset.example. 5M IN A 10.0.8.10
+a-maximum-rrset.example. 5M IN A 10.0.8.11
+a-maximum-rrset.example. 5M IN A 10.0.8.12
+a-maximum-rrset.example. 5M IN A 10.0.8.13
+a-maximum-rrset.example. 5M IN A 10.0.8.14
+a-maximum-rrset.example. 5M IN A 10.0.8.15
+a-maximum-rrset.example. 5M IN A 10.0.8.16
+a-maximum-rrset.example. 5M IN A 10.0.8.17
+a-maximum-rrset.example. 5M IN A 10.0.8.18
+a-maximum-rrset.example. 5M IN A 10.0.8.19
+a-maximum-rrset.example. 5M IN A 10.0.8.20
+a-maximum-rrset.example. 5M IN A 10.0.8.21
+a-maximum-rrset.example. 5M IN A 10.0.8.22
+a-maximum-rrset.example. 5M IN A 10.0.8.23
+a-maximum-rrset.example. 5M IN A 10.0.8.24
+a-maximum-rrset.example. 5M IN A 10.0.8.25
+a-maximum-rrset.example. 5M IN A 10.0.8.26
+a-maximum-rrset.example. 5M IN A 10.0.8.27
+a-maximum-rrset.example. 5M IN A 10.0.8.28
+a-maximum-rrset.example. 5M IN A 10.0.8.29
+a-maximum-rrset.example. 5M IN A 10.0.8.30
+a-maximum-rrset.example. 5M IN A 10.0.8.31
+a-maximum-rrset.example. 5M IN A 10.0.8.32
+a-maximum-rrset.example. 5M IN A 10.0.8.33
+a-maximum-rrset.example. 5M IN A 10.0.8.34
+a-maximum-rrset.example. 5M IN A 10.0.8.35
+a-maximum-rrset.example. 5M IN A 10.0.8.36
+a-maximum-rrset.example. 5M IN A 10.0.8.37
+a-maximum-rrset.example. 5M IN A 10.0.8.38
+a-maximum-rrset.example. 5M IN A 10.0.8.39
+a-maximum-rrset.example. 5M IN A 10.0.8.40
+a-maximum-rrset.example. 5M IN A 10.0.8.41
+a-maximum-rrset.example. 5M IN A 10.0.8.42
+a-maximum-rrset.example. 5M IN A 10.0.8.43
+a-maximum-rrset.example. 5M IN A 10.0.8.44
+a-maximum-rrset.example. 5M IN A 10.0.8.45
+a-maximum-rrset.example. 5M IN A 10.0.8.46
+a-maximum-rrset.example. 5M IN A 10.0.8.47
+a-maximum-rrset.example. 5M IN A 10.0.8.48
+a-maximum-rrset.example. 5M IN A 10.0.8.49
+a-maximum-rrset.example. 5M IN A 10.0.8.50
+a-maximum-rrset.example. 5M IN A 10.0.8.51
+a-maximum-rrset.example. 5M IN A 10.0.8.52
+a-maximum-rrset.example. 5M IN A 10.0.8.53
+a-maximum-rrset.example. 5M IN A 10.0.8.54
+a-maximum-rrset.example. 5M IN A 10.0.8.55
+a-maximum-rrset.example. 5M IN A 10.0.8.56
+a-maximum-rrset.example. 5M IN A 10.0.8.57
+a-maximum-rrset.example. 5M IN A 10.0.8.58
+a-maximum-rrset.example. 5M IN A 10.0.8.59
+a-maximum-rrset.example. 5M IN A 10.0.8.60
+a-maximum-rrset.example. 5M IN A 10.0.8.61
+a-maximum-rrset.example. 5M IN A 10.0.8.62
+a-maximum-rrset.example. 5M IN A 10.0.8.63
+a-maximum-rrset.example. 5M IN A 10.0.8.64
+a-maximum-rrset.example. 5M IN A 10.0.8.65
+a-maximum-rrset.example. 5M IN A 10.0.8.66
+a-maximum-rrset.example. 5M IN A 10.0.8.67
+a-maximum-rrset.example. 5M IN A 10.0.8.68
+a-maximum-rrset.example. 5M IN A 10.0.8.69
+a-maximum-rrset.example. 5M IN A 10.0.8.70
+a-maximum-rrset.example. 5M IN A 10.0.8.71
+a-maximum-rrset.example. 5M IN A 10.0.8.72
+a-maximum-rrset.example. 5M IN A 10.0.8.73
+a-maximum-rrset.example. 5M IN A 10.0.8.74
+a-maximum-rrset.example. 5M IN A 10.0.8.75
+a-maximum-rrset.example. 5M IN A 10.0.8.76
+a-maximum-rrset.example. 5M IN A 10.0.8.77
+a-maximum-rrset.example. 5M IN A 10.0.8.78
+a-maximum-rrset.example. 5M IN A 10.0.8.79
+a-maximum-rrset.example. 5M IN A 10.0.8.80
+a-maximum-rrset.example. 5M IN A 10.0.8.81
+a-maximum-rrset.example. 5M IN A 10.0.8.82
+a-maximum-rrset.example. 5M IN A 10.0.8.83
+a-maximum-rrset.example. 5M IN A 10.0.8.84
+a-maximum-rrset.example. 5M IN A 10.0.8.85
+a-maximum-rrset.example. 5M IN A 10.0.8.86
+a-maximum-rrset.example. 5M IN A 10.0.8.87
+a-maximum-rrset.example. 5M IN A 10.0.8.88
+a-maximum-rrset.example. 5M IN A 10.0.8.89
+a-maximum-rrset.example. 5M IN A 10.0.8.90
+a-maximum-rrset.example. 5M IN A 10.0.8.91
+a-maximum-rrset.example. 5M IN A 10.0.8.92
+a-maximum-rrset.example. 5M IN A 10.0.8.93
+a-maximum-rrset.example. 5M IN A 10.0.8.94
+a-maximum-rrset.example. 5M IN A 10.0.8.95
+a-maximum-rrset.example. 5M IN A 10.0.8.96
+a-maximum-rrset.example. 5M IN A 10.0.8.97
+a-maximum-rrset.example. 5M IN A 10.0.8.98
+a-maximum-rrset.example. 5M IN A 10.0.8.99
+a-maximum-rrset.example. 5M IN A 10.0.8.100
+a-maximum-rrset.example. 5M IN A 10.0.8.101
+a-maximum-rrset.example. 5M IN A 10.0.8.102
+a-maximum-rrset.example. 5M IN A 10.0.8.103
+a-maximum-rrset.example. 5M IN A 10.0.8.104
+a-maximum-rrset.example. 5M IN A 10.0.8.105
+a-maximum-rrset.example. 5M IN A 10.0.8.106
+a-maximum-rrset.example. 5M IN A 10.0.8.107
+a-maximum-rrset.example. 5M IN A 10.0.8.108
+a-maximum-rrset.example. 5M IN A 10.0.8.109
+a-maximum-rrset.example. 5M IN A 10.0.8.110
+a-maximum-rrset.example. 5M IN A 10.0.8.111
+a-maximum-rrset.example. 5M IN A 10.0.8.112
+a-maximum-rrset.example. 5M IN A 10.0.8.113
+a-maximum-rrset.example. 5M IN A 10.0.8.114
+a-maximum-rrset.example. 5M IN A 10.0.8.115
+a-maximum-rrset.example. 5M IN A 10.0.8.116
+a-maximum-rrset.example. 5M IN A 10.0.8.117
+a-maximum-rrset.example. 5M IN A 10.0.8.118
+a-maximum-rrset.example. 5M IN A 10.0.8.119
+a-maximum-rrset.example. 5M IN A 10.0.8.120
+a-maximum-rrset.example. 5M IN A 10.0.8.121
+a-maximum-rrset.example. 5M IN A 10.0.8.122
+a-maximum-rrset.example. 5M IN A 10.0.8.123
+a-maximum-rrset.example. 5M IN A 10.0.8.124
+a-maximum-rrset.example. 5M IN A 10.0.8.125
+a-maximum-rrset.example. 5M IN A 10.0.8.126
+a-maximum-rrset.example. 5M IN A 10.0.8.127
+a-maximum-rrset.example. 5M IN A 10.0.8.128
+a-maximum-rrset.example. 5M IN A 10.0.8.129
+a-maximum-rrset.example. 5M IN A 10.0.8.130
+a-maximum-rrset.example. 5M IN A 10.0.8.131
+a-maximum-rrset.example. 5M IN A 10.0.8.132
+a-maximum-rrset.example. 5M IN A 10.0.8.133
+a-maximum-rrset.example. 5M IN A 10.0.8.134
+a-maximum-rrset.example. 5M IN A 10.0.8.135
+a-maximum-rrset.example. 5M IN A 10.0.8.136
+a-maximum-rrset.example. 5M IN A 10.0.8.137
+a-maximum-rrset.example. 5M IN A 10.0.8.138
+a-maximum-rrset.example. 5M IN A 10.0.8.139
+a-maximum-rrset.example. 5M IN A 10.0.8.140
+a-maximum-rrset.example. 5M IN A 10.0.8.141
+a-maximum-rrset.example. 5M IN A 10.0.8.142
+a-maximum-rrset.example. 5M IN A 10.0.8.143
+a-maximum-rrset.example. 5M IN A 10.0.8.144
+a-maximum-rrset.example. 5M IN A 10.0.8.145
+a-maximum-rrset.example. 5M IN A 10.0.8.146
+a-maximum-rrset.example. 5M IN A 10.0.8.147
+a-maximum-rrset.example. 5M IN A 10.0.8.148
+a-maximum-rrset.example. 5M IN A 10.0.8.149
+a-maximum-rrset.example. 5M IN A 10.0.8.150
+a-maximum-rrset.example. 5M IN A 10.0.8.151
+a-maximum-rrset.example. 5M IN A 10.0.8.152
+a-maximum-rrset.example. 5M IN A 10.0.8.153
+a-maximum-rrset.example. 5M IN A 10.0.8.154
+a-maximum-rrset.example. 5M IN A 10.0.8.155
+a-maximum-rrset.example. 5M IN A 10.0.8.156
+a-maximum-rrset.example. 5M IN A 10.0.8.157
+a-maximum-rrset.example. 5M IN A 10.0.8.158
+a-maximum-rrset.example. 5M IN A 10.0.8.159
+a-maximum-rrset.example. 5M IN A 10.0.8.160
+a-maximum-rrset.example. 5M IN A 10.0.8.161
+a-maximum-rrset.example. 5M IN A 10.0.8.162
+a-maximum-rrset.example. 5M IN A 10.0.8.163
+a-maximum-rrset.example. 5M IN A 10.0.8.164
+a-maximum-rrset.example. 5M IN A 10.0.8.165
+a-maximum-rrset.example. 5M IN A 10.0.8.166
+a-maximum-rrset.example. 5M IN A 10.0.8.167
+a-maximum-rrset.example. 5M IN A 10.0.8.168
+a-maximum-rrset.example. 5M IN A 10.0.8.169
+a-maximum-rrset.example. 5M IN A 10.0.8.170
+a-maximum-rrset.example. 5M IN A 10.0.8.171
+a-maximum-rrset.example. 5M IN A 10.0.8.172
+a-maximum-rrset.example. 5M IN A 10.0.8.173
+a-maximum-rrset.example. 5M IN A 10.0.8.174
+a-maximum-rrset.example. 5M IN A 10.0.8.175
+a-maximum-rrset.example. 5M IN A 10.0.8.176
+a-maximum-rrset.example. 5M IN A 10.0.8.177
+a-maximum-rrset.example. 5M IN A 10.0.8.178
+a-maximum-rrset.example. 5M IN A 10.0.8.179
+a-maximum-rrset.example. 5M IN A 10.0.8.180
+a-maximum-rrset.example. 5M IN A 10.0.8.181
+a-maximum-rrset.example. 5M IN A 10.0.8.182
+a-maximum-rrset.example. 5M IN A 10.0.8.183
+a-maximum-rrset.example. 5M IN A 10.0.8.184
+a-maximum-rrset.example. 5M IN A 10.0.8.185
+a-maximum-rrset.example. 5M IN A 10.0.8.186
+a-maximum-rrset.example. 5M IN A 10.0.8.187
+a-maximum-rrset.example. 5M IN A 10.0.8.188
+a-maximum-rrset.example. 5M IN A 10.0.8.189
+a-maximum-rrset.example. 5M IN A 10.0.8.190
+a-maximum-rrset.example. 5M IN A 10.0.8.191
+a-maximum-rrset.example. 5M IN A 10.0.8.192
+a-maximum-rrset.example. 5M IN A 10.0.8.193
+a-maximum-rrset.example. 5M IN A 10.0.8.194
+a-maximum-rrset.example. 5M IN A 10.0.8.195
+a-maximum-rrset.example. 5M IN A 10.0.8.196
+a-maximum-rrset.example. 5M IN A 10.0.8.197
+a-maximum-rrset.example. 5M IN A 10.0.8.198
+a-maximum-rrset.example. 5M IN A 10.0.8.199
+a-maximum-rrset.example. 5M IN A 10.0.8.200
+a-maximum-rrset.example. 5M IN A 10.0.8.201
+a-maximum-rrset.example. 5M IN A 10.0.8.202
+a-maximum-rrset.example. 5M IN A 10.0.8.203
+a-maximum-rrset.example. 5M IN A 10.0.8.204
+a-maximum-rrset.example. 5M IN A 10.0.8.205
+a-maximum-rrset.example. 5M IN A 10.0.8.206
+a-maximum-rrset.example. 5M IN A 10.0.8.207
+a-maximum-rrset.example. 5M IN A 10.0.8.208
+a-maximum-rrset.example. 5M IN A 10.0.8.209
+a-maximum-rrset.example. 5M IN A 10.0.8.210
+a-maximum-rrset.example. 5M IN A 10.0.8.211
+a-maximum-rrset.example. 5M IN A 10.0.8.212
+a-maximum-rrset.example. 5M IN A 10.0.8.213
+a-maximum-rrset.example. 5M IN A 10.0.8.214
+a-maximum-rrset.example. 5M IN A 10.0.8.215
+a-maximum-rrset.example. 5M IN A 10.0.8.216
+a-maximum-rrset.example. 5M IN A 10.0.8.217
+a-maximum-rrset.example. 5M IN A 10.0.8.218
+a-maximum-rrset.example. 5M IN A 10.0.8.219
+a-maximum-rrset.example. 5M IN A 10.0.8.220
+a-maximum-rrset.example. 5M IN A 10.0.8.221
+a-maximum-rrset.example. 5M IN A 10.0.8.222
+a-maximum-rrset.example. 5M IN A 10.0.8.223
+a-maximum-rrset.example. 5M IN A 10.0.8.224
+a-maximum-rrset.example. 5M IN A 10.0.8.225
+a-maximum-rrset.example. 5M IN A 10.0.8.226
+a-maximum-rrset.example. 5M IN A 10.0.8.227
+a-maximum-rrset.example. 5M IN A 10.0.8.228
+a-maximum-rrset.example. 5M IN A 10.0.8.229
+a-maximum-rrset.example. 5M IN A 10.0.8.230
+a-maximum-rrset.example. 5M IN A 10.0.8.231
+a-maximum-rrset.example. 5M IN A 10.0.8.232
+a-maximum-rrset.example. 5M IN A 10.0.8.233
+a-maximum-rrset.example. 5M IN A 10.0.8.234
+a-maximum-rrset.example. 5M IN A 10.0.8.235
+a-maximum-rrset.example. 5M IN A 10.0.8.236
+a-maximum-rrset.example. 5M IN A 10.0.8.237
+a-maximum-rrset.example. 5M IN A 10.0.8.238
+a-maximum-rrset.example. 5M IN A 10.0.8.239
+a-maximum-rrset.example. 5M IN A 10.0.8.240
+a-maximum-rrset.example. 5M IN A 10.0.8.241
+a-maximum-rrset.example. 5M IN A 10.0.8.242
+a-maximum-rrset.example. 5M IN A 10.0.8.243
+a-maximum-rrset.example. 5M IN A 10.0.8.244
+a-maximum-rrset.example. 5M IN A 10.0.8.245
+a-maximum-rrset.example. 5M IN A 10.0.8.246
+a-maximum-rrset.example. 5M IN A 10.0.8.247
+a-maximum-rrset.example. 5M IN A 10.0.8.248
+a-maximum-rrset.example. 5M IN A 10.0.8.249
+a-maximum-rrset.example. 5M IN A 10.0.8.250
+a-maximum-rrset.example. 5M IN A 10.0.8.251
+a-maximum-rrset.example. 5M IN A 10.0.8.252
+a-maximum-rrset.example. 5M IN A 10.0.8.253
+a-maximum-rrset.example. 5M IN A 10.0.8.254
+a-maximum-rrset.example. 5M IN A 10.0.8.255
+a-maximum-rrset.example. 5M IN A 10.0.9.0
+a-maximum-rrset.example. 5M IN A 10.0.9.1
+a-maximum-rrset.example. 5M IN A 10.0.9.2
+a-maximum-rrset.example. 5M IN A 10.0.9.3
+a-maximum-rrset.example. 5M IN A 10.0.9.4
+a-maximum-rrset.example. 5M IN A 10.0.9.5
+a-maximum-rrset.example. 5M IN A 10.0.9.6
+a-maximum-rrset.example. 5M IN A 10.0.9.7
+a-maximum-rrset.example. 5M IN A 10.0.9.8
+a-maximum-rrset.example. 5M IN A 10.0.9.9
+a-maximum-rrset.example. 5M IN A 10.0.9.10
+a-maximum-rrset.example. 5M IN A 10.0.9.11
+a-maximum-rrset.example. 5M IN A 10.0.9.12
+a-maximum-rrset.example. 5M IN A 10.0.9.13
+a-maximum-rrset.example. 5M IN A 10.0.9.14
+a-maximum-rrset.example. 5M IN A 10.0.9.15
+a-maximum-rrset.example. 5M IN A 10.0.9.16
+a-maximum-rrset.example. 5M IN A 10.0.9.17
+a-maximum-rrset.example. 5M IN A 10.0.9.18
+a-maximum-rrset.example. 5M IN A 10.0.9.19
+a-maximum-rrset.example. 5M IN A 10.0.9.20
+a-maximum-rrset.example. 5M IN A 10.0.9.21
+a-maximum-rrset.example. 5M IN A 10.0.9.22
+a-maximum-rrset.example. 5M IN A 10.0.9.23
+a-maximum-rrset.example. 5M IN A 10.0.9.24
+a-maximum-rrset.example. 5M IN A 10.0.9.25
+a-maximum-rrset.example. 5M IN A 10.0.9.26
+a-maximum-rrset.example. 5M IN A 10.0.9.27
+a-maximum-rrset.example. 5M IN A 10.0.9.28
+a-maximum-rrset.example. 5M IN A 10.0.9.29
+a-maximum-rrset.example. 5M IN A 10.0.9.30
+a-maximum-rrset.example. 5M IN A 10.0.9.31
+a-maximum-rrset.example. 5M IN A 10.0.9.32
+a-maximum-rrset.example. 5M IN A 10.0.9.33
+a-maximum-rrset.example. 5M IN A 10.0.9.34
+a-maximum-rrset.example. 5M IN A 10.0.9.35
+a-maximum-rrset.example. 5M IN A 10.0.9.36
+a-maximum-rrset.example. 5M IN A 10.0.9.37
+a-maximum-rrset.example. 5M IN A 10.0.9.38
+a-maximum-rrset.example. 5M IN A 10.0.9.39
+a-maximum-rrset.example. 5M IN A 10.0.9.40
+a-maximum-rrset.example. 5M IN A 10.0.9.41
+a-maximum-rrset.example. 5M IN A 10.0.9.42
+a-maximum-rrset.example. 5M IN A 10.0.9.43
+a-maximum-rrset.example. 5M IN A 10.0.9.44
+a-maximum-rrset.example. 5M IN A 10.0.9.45
+a-maximum-rrset.example. 5M IN A 10.0.9.46
+a-maximum-rrset.example. 5M IN A 10.0.9.47
+a-maximum-rrset.example. 5M IN A 10.0.9.48
+a-maximum-rrset.example. 5M IN A 10.0.9.49
+a-maximum-rrset.example. 5M IN A 10.0.9.50
+a-maximum-rrset.example. 5M IN A 10.0.9.51
+a-maximum-rrset.example. 5M IN A 10.0.9.52
+a-maximum-rrset.example. 5M IN A 10.0.9.53
+a-maximum-rrset.example. 5M IN A 10.0.9.54
+a-maximum-rrset.example. 5M IN A 10.0.9.55
+a-maximum-rrset.example. 5M IN A 10.0.9.56
+a-maximum-rrset.example. 5M IN A 10.0.9.57
+a-maximum-rrset.example. 5M IN A 10.0.9.58
+a-maximum-rrset.example. 5M IN A 10.0.9.59
+a-maximum-rrset.example. 5M IN A 10.0.9.60
+a-maximum-rrset.example. 5M IN A 10.0.9.61
+a-maximum-rrset.example. 5M IN A 10.0.9.62
+a-maximum-rrset.example. 5M IN A 10.0.9.63
+a-maximum-rrset.example. 5M IN A 10.0.9.64
+a-maximum-rrset.example. 5M IN A 10.0.9.65
+a-maximum-rrset.example. 5M IN A 10.0.9.66
+a-maximum-rrset.example. 5M IN A 10.0.9.67
+a-maximum-rrset.example. 5M IN A 10.0.9.68
+a-maximum-rrset.example. 5M IN A 10.0.9.69
+a-maximum-rrset.example. 5M IN A 10.0.9.70
+a-maximum-rrset.example. 5M IN A 10.0.9.71
+a-maximum-rrset.example. 5M IN A 10.0.9.72
+a-maximum-rrset.example. 5M IN A 10.0.9.73
+a-maximum-rrset.example. 5M IN A 10.0.9.74
+a-maximum-rrset.example. 5M IN A 10.0.9.75
+a-maximum-rrset.example. 5M IN A 10.0.9.76
+a-maximum-rrset.example. 5M IN A 10.0.9.77
+a-maximum-rrset.example. 5M IN A 10.0.9.78
+a-maximum-rrset.example. 5M IN A 10.0.9.79
+a-maximum-rrset.example. 5M IN A 10.0.9.80
+a-maximum-rrset.example. 5M IN A 10.0.9.81
+a-maximum-rrset.example. 5M IN A 10.0.9.82
+a-maximum-rrset.example. 5M IN A 10.0.9.83
+a-maximum-rrset.example. 5M IN A 10.0.9.84
+a-maximum-rrset.example. 5M IN A 10.0.9.85
+a-maximum-rrset.example. 5M IN A 10.0.9.86
+a-maximum-rrset.example. 5M IN A 10.0.9.87
+a-maximum-rrset.example. 5M IN A 10.0.9.88
+a-maximum-rrset.example. 5M IN A 10.0.9.89
+a-maximum-rrset.example. 5M IN A 10.0.9.90
+a-maximum-rrset.example. 5M IN A 10.0.9.91
+a-maximum-rrset.example. 5M IN A 10.0.9.92
+a-maximum-rrset.example. 5M IN A 10.0.9.93
+a-maximum-rrset.example. 5M IN A 10.0.9.94
+a-maximum-rrset.example. 5M IN A 10.0.9.95
+a-maximum-rrset.example. 5M IN A 10.0.9.96
+a-maximum-rrset.example. 5M IN A 10.0.9.97
+a-maximum-rrset.example. 5M IN A 10.0.9.98
+a-maximum-rrset.example. 5M IN A 10.0.9.99
+a-maximum-rrset.example. 5M IN A 10.0.9.100
+a-maximum-rrset.example. 5M IN A 10.0.9.101
+a-maximum-rrset.example. 5M IN A 10.0.9.102
+a-maximum-rrset.example. 5M IN A 10.0.9.103
+a-maximum-rrset.example. 5M IN A 10.0.9.104
+a-maximum-rrset.example. 5M IN A 10.0.9.105
+a-maximum-rrset.example. 5M IN A 10.0.9.106
+a-maximum-rrset.example. 5M IN A 10.0.9.107
+a-maximum-rrset.example. 5M IN A 10.0.9.108
+a-maximum-rrset.example. 5M IN A 10.0.9.109
+a-maximum-rrset.example. 5M IN A 10.0.9.110
+a-maximum-rrset.example. 5M IN A 10.0.9.111
+a-maximum-rrset.example. 5M IN A 10.0.9.112
+a-maximum-rrset.example. 5M IN A 10.0.9.113
+a-maximum-rrset.example. 5M IN A 10.0.9.114
+a-maximum-rrset.example. 5M IN A 10.0.9.115
+a-maximum-rrset.example. 5M IN A 10.0.9.116
+a-maximum-rrset.example. 5M IN A 10.0.9.117
+a-maximum-rrset.example. 5M IN A 10.0.9.118
+a-maximum-rrset.example. 5M IN A 10.0.9.119
+a-maximum-rrset.example. 5M IN A 10.0.9.120
+a-maximum-rrset.example. 5M IN A 10.0.9.121
+a-maximum-rrset.example. 5M IN A 10.0.9.122
+a-maximum-rrset.example. 5M IN A 10.0.9.123
+a-maximum-rrset.example. 5M IN A 10.0.9.124
+a-maximum-rrset.example. 5M IN A 10.0.9.125
+a-maximum-rrset.example. 5M IN A 10.0.9.126
+a-maximum-rrset.example. 5M IN A 10.0.9.127
+a-maximum-rrset.example. 5M IN A 10.0.9.128
+a-maximum-rrset.example. 5M IN A 10.0.9.129
+a-maximum-rrset.example. 5M IN A 10.0.9.130
+a-maximum-rrset.example. 5M IN A 10.0.9.131
+a-maximum-rrset.example. 5M IN A 10.0.9.132
+a-maximum-rrset.example. 5M IN A 10.0.9.133
+a-maximum-rrset.example. 5M IN A 10.0.9.134
+a-maximum-rrset.example. 5M IN A 10.0.9.135
+a-maximum-rrset.example. 5M IN A 10.0.9.136
+a-maximum-rrset.example. 5M IN A 10.0.9.137
+a-maximum-rrset.example. 5M IN A 10.0.9.138
+a-maximum-rrset.example. 5M IN A 10.0.9.139
+a-maximum-rrset.example. 5M IN A 10.0.9.140
+a-maximum-rrset.example. 5M IN A 10.0.9.141
+a-maximum-rrset.example. 5M IN A 10.0.9.142
+a-maximum-rrset.example. 5M IN A 10.0.9.143
+a-maximum-rrset.example. 5M IN A 10.0.9.144
+a-maximum-rrset.example. 5M IN A 10.0.9.145
+a-maximum-rrset.example. 5M IN A 10.0.9.146
+a-maximum-rrset.example. 5M IN A 10.0.9.147
+a-maximum-rrset.example. 5M IN A 10.0.9.148
+a-maximum-rrset.example. 5M IN A 10.0.9.149
+a-maximum-rrset.example. 5M IN A 10.0.9.150
+a-maximum-rrset.example. 5M IN A 10.0.9.151
+a-maximum-rrset.example. 5M IN A 10.0.9.152
+a-maximum-rrset.example. 5M IN A 10.0.9.153
+a-maximum-rrset.example. 5M IN A 10.0.9.154
+a-maximum-rrset.example. 5M IN A 10.0.9.155
+a-maximum-rrset.example. 5M IN A 10.0.9.156
+a-maximum-rrset.example. 5M IN A 10.0.9.157
+a-maximum-rrset.example. 5M IN A 10.0.9.158
+a-maximum-rrset.example. 5M IN A 10.0.9.159
+a-maximum-rrset.example. 5M IN A 10.0.9.160
+a-maximum-rrset.example. 5M IN A 10.0.9.161
+a-maximum-rrset.example. 5M IN A 10.0.9.162
+a-maximum-rrset.example. 5M IN A 10.0.9.163
+a-maximum-rrset.example. 5M IN A 10.0.9.164
+a-maximum-rrset.example. 5M IN A 10.0.9.165
+a-maximum-rrset.example. 5M IN A 10.0.9.166
+a-maximum-rrset.example. 5M IN A 10.0.9.167
+a-maximum-rrset.example. 5M IN A 10.0.9.168
+a-maximum-rrset.example. 5M IN A 10.0.9.169
+a-maximum-rrset.example. 5M IN A 10.0.9.170
+a-maximum-rrset.example. 5M IN A 10.0.9.171
+a-maximum-rrset.example. 5M IN A 10.0.9.172
+a-maximum-rrset.example. 5M IN A 10.0.9.173
+a-maximum-rrset.example. 5M IN A 10.0.9.174
+a-maximum-rrset.example. 5M IN A 10.0.9.175
+a-maximum-rrset.example. 5M IN A 10.0.9.176
+a-maximum-rrset.example. 5M IN A 10.0.9.177
+a-maximum-rrset.example. 5M IN A 10.0.9.178
+a-maximum-rrset.example. 5M IN A 10.0.9.179
+a-maximum-rrset.example. 5M IN A 10.0.9.180
+a-maximum-rrset.example. 5M IN A 10.0.9.181
+a-maximum-rrset.example. 5M IN A 10.0.9.182
+a-maximum-rrset.example. 5M IN A 10.0.9.183
+a-maximum-rrset.example. 5M IN A 10.0.9.184
+a-maximum-rrset.example. 5M IN A 10.0.9.185
+a-maximum-rrset.example. 5M IN A 10.0.9.186
+a-maximum-rrset.example. 5M IN A 10.0.9.187
+a-maximum-rrset.example. 5M IN A 10.0.9.188
+a-maximum-rrset.example. 5M IN A 10.0.9.189
+a-maximum-rrset.example. 5M IN A 10.0.9.190
+a-maximum-rrset.example. 5M IN A 10.0.9.191
+a-maximum-rrset.example. 5M IN A 10.0.9.192
+a-maximum-rrset.example. 5M IN A 10.0.9.193
+a-maximum-rrset.example. 5M IN A 10.0.9.194
+a-maximum-rrset.example. 5M IN A 10.0.9.195
+a-maximum-rrset.example. 5M IN A 10.0.9.196
+a-maximum-rrset.example. 5M IN A 10.0.9.197
+a-maximum-rrset.example. 5M IN A 10.0.9.198
+a-maximum-rrset.example. 5M IN A 10.0.9.199
+a-maximum-rrset.example. 5M IN A 10.0.9.200
+a-maximum-rrset.example. 5M IN A 10.0.9.201
+a-maximum-rrset.example. 5M IN A 10.0.9.202
+a-maximum-rrset.example. 5M IN A 10.0.9.203
+a-maximum-rrset.example. 5M IN A 10.0.9.204
+a-maximum-rrset.example. 5M IN A 10.0.9.205
+a-maximum-rrset.example. 5M IN A 10.0.9.206
+a-maximum-rrset.example. 5M IN A 10.0.9.207
+a-maximum-rrset.example. 5M IN A 10.0.9.208
+a-maximum-rrset.example. 5M IN A 10.0.9.209
+a-maximum-rrset.example. 5M IN A 10.0.9.210
+a-maximum-rrset.example. 5M IN A 10.0.9.211
+a-maximum-rrset.example. 5M IN A 10.0.9.212
+a-maximum-rrset.example. 5M IN A 10.0.9.213
+a-maximum-rrset.example. 5M IN A 10.0.9.214
+a-maximum-rrset.example. 5M IN A 10.0.9.215
+a-maximum-rrset.example. 5M IN A 10.0.9.216
+a-maximum-rrset.example. 5M IN A 10.0.9.217
+a-maximum-rrset.example. 5M IN A 10.0.9.218
+a-maximum-rrset.example. 5M IN A 10.0.9.219
+a-maximum-rrset.example. 5M IN A 10.0.9.220
+a-maximum-rrset.example. 5M IN A 10.0.9.221
+a-maximum-rrset.example. 5M IN A 10.0.9.222
+a-maximum-rrset.example. 5M IN A 10.0.9.223
+a-maximum-rrset.example. 5M IN A 10.0.9.224
+a-maximum-rrset.example. 5M IN A 10.0.9.225
+a-maximum-rrset.example. 5M IN A 10.0.9.226
+a-maximum-rrset.example. 5M IN A 10.0.9.227
+a-maximum-rrset.example. 5M IN A 10.0.9.228
+a-maximum-rrset.example. 5M IN A 10.0.9.229
+a-maximum-rrset.example. 5M IN A 10.0.9.230
+a-maximum-rrset.example. 5M IN A 10.0.9.231
+a-maximum-rrset.example. 5M IN A 10.0.9.232
+a-maximum-rrset.example. 5M IN A 10.0.9.233
+a-maximum-rrset.example. 5M IN A 10.0.9.234
+a-maximum-rrset.example. 5M IN A 10.0.9.235
+a-maximum-rrset.example. 5M IN A 10.0.9.236
+a-maximum-rrset.example. 5M IN A 10.0.9.237
+a-maximum-rrset.example. 5M IN A 10.0.9.238
+a-maximum-rrset.example. 5M IN A 10.0.9.239
+a-maximum-rrset.example. 5M IN A 10.0.9.240
+a-maximum-rrset.example. 5M IN A 10.0.9.241
+a-maximum-rrset.example. 5M IN A 10.0.9.242
+a-maximum-rrset.example. 5M IN A 10.0.9.243
+a-maximum-rrset.example. 5M IN A 10.0.9.244
+a-maximum-rrset.example. 5M IN A 10.0.9.245
+a-maximum-rrset.example. 5M IN A 10.0.9.246
+a-maximum-rrset.example. 5M IN A 10.0.9.247
+a-maximum-rrset.example. 5M IN A 10.0.9.248
+a-maximum-rrset.example. 5M IN A 10.0.9.249
+a-maximum-rrset.example. 5M IN A 10.0.9.250
+a-maximum-rrset.example. 5M IN A 10.0.9.251
+a-maximum-rrset.example. 5M IN A 10.0.9.252
+a-maximum-rrset.example. 5M IN A 10.0.9.253
+a-maximum-rrset.example. 5M IN A 10.0.9.254
+a-maximum-rrset.example. 5M IN A 10.0.9.255
+a-maximum-rrset.example. 5M IN A 10.0.10.0
+a-maximum-rrset.example. 5M IN A 10.0.10.1
+a-maximum-rrset.example. 5M IN A 10.0.10.2
+a-maximum-rrset.example. 5M IN A 10.0.10.3
+a-maximum-rrset.example. 5M IN A 10.0.10.4
+a-maximum-rrset.example. 5M IN A 10.0.10.5
+a-maximum-rrset.example. 5M IN A 10.0.10.6
+a-maximum-rrset.example. 5M IN A 10.0.10.7
+a-maximum-rrset.example. 5M IN A 10.0.10.8
+a-maximum-rrset.example. 5M IN A 10.0.10.9
+a-maximum-rrset.example. 5M IN A 10.0.10.10
+a-maximum-rrset.example. 5M IN A 10.0.10.11
+a-maximum-rrset.example. 5M IN A 10.0.10.12
+a-maximum-rrset.example. 5M IN A 10.0.10.13
+a-maximum-rrset.example. 5M IN A 10.0.10.14
+a-maximum-rrset.example. 5M IN A 10.0.10.15
+a-maximum-rrset.example. 5M IN A 10.0.10.16
+a-maximum-rrset.example. 5M IN A 10.0.10.17
+a-maximum-rrset.example. 5M IN A 10.0.10.18
+a-maximum-rrset.example. 5M IN A 10.0.10.19
+a-maximum-rrset.example. 5M IN A 10.0.10.20
+a-maximum-rrset.example. 5M IN A 10.0.10.21
+a-maximum-rrset.example. 5M IN A 10.0.10.22
+a-maximum-rrset.example. 5M IN A 10.0.10.23
+a-maximum-rrset.example. 5M IN A 10.0.10.24
+a-maximum-rrset.example. 5M IN A 10.0.10.25
+a-maximum-rrset.example. 5M IN A 10.0.10.26
+a-maximum-rrset.example. 5M IN A 10.0.10.27
+a-maximum-rrset.example. 5M IN A 10.0.10.28
+a-maximum-rrset.example. 5M IN A 10.0.10.29
+a-maximum-rrset.example. 5M IN A 10.0.10.30
+a-maximum-rrset.example. 5M IN A 10.0.10.31
+a-maximum-rrset.example. 5M IN A 10.0.10.32
+a-maximum-rrset.example. 5M IN A 10.0.10.33
+a-maximum-rrset.example. 5M IN A 10.0.10.34
+a-maximum-rrset.example. 5M IN A 10.0.10.35
+a-maximum-rrset.example. 5M IN A 10.0.10.36
+a-maximum-rrset.example. 5M IN A 10.0.10.37
+a-maximum-rrset.example. 5M IN A 10.0.10.38
+a-maximum-rrset.example. 5M IN A 10.0.10.39
+a-maximum-rrset.example. 5M IN A 10.0.10.40
+a-maximum-rrset.example. 5M IN A 10.0.10.41
+a-maximum-rrset.example. 5M IN A 10.0.10.42
+a-maximum-rrset.example. 5M IN A 10.0.10.43
+a-maximum-rrset.example. 5M IN A 10.0.10.44
+a-maximum-rrset.example. 5M IN A 10.0.10.45
+a-maximum-rrset.example. 5M IN A 10.0.10.46
+a-maximum-rrset.example. 5M IN A 10.0.10.47
+a-maximum-rrset.example. 5M IN A 10.0.10.48
+a-maximum-rrset.example. 5M IN A 10.0.10.49
+a-maximum-rrset.example. 5M IN A 10.0.10.50
+a-maximum-rrset.example. 5M IN A 10.0.10.51
+a-maximum-rrset.example. 5M IN A 10.0.10.52
+a-maximum-rrset.example. 5M IN A 10.0.10.53
+a-maximum-rrset.example. 5M IN A 10.0.10.54
+a-maximum-rrset.example. 5M IN A 10.0.10.55
+a-maximum-rrset.example. 5M IN A 10.0.10.56
+a-maximum-rrset.example. 5M IN A 10.0.10.57
+a-maximum-rrset.example. 5M IN A 10.0.10.58
+a-maximum-rrset.example. 5M IN A 10.0.10.59
+a-maximum-rrset.example. 5M IN A 10.0.10.60
+a-maximum-rrset.example. 5M IN A 10.0.10.61
+a-maximum-rrset.example. 5M IN A 10.0.10.62
+a-maximum-rrset.example. 5M IN A 10.0.10.63
+a-maximum-rrset.example. 5M IN A 10.0.10.64
+a-maximum-rrset.example. 5M IN A 10.0.10.65
+a-maximum-rrset.example. 5M IN A 10.0.10.66
+a-maximum-rrset.example. 5M IN A 10.0.10.67
+a-maximum-rrset.example. 5M IN A 10.0.10.68
+a-maximum-rrset.example. 5M IN A 10.0.10.69
+a-maximum-rrset.example. 5M IN A 10.0.10.70
+a-maximum-rrset.example. 5M IN A 10.0.10.71
+a-maximum-rrset.example. 5M IN A 10.0.10.72
+a-maximum-rrset.example. 5M IN A 10.0.10.73
+a-maximum-rrset.example. 5M IN A 10.0.10.74
+a-maximum-rrset.example. 5M IN A 10.0.10.75
+a-maximum-rrset.example. 5M IN A 10.0.10.76
+a-maximum-rrset.example. 5M IN A 10.0.10.77
+a-maximum-rrset.example. 5M IN A 10.0.10.78
+a-maximum-rrset.example. 5M IN A 10.0.10.79
+a-maximum-rrset.example. 5M IN A 10.0.10.80
+a-maximum-rrset.example. 5M IN A 10.0.10.81
+a-maximum-rrset.example. 5M IN A 10.0.10.82
+a-maximum-rrset.example. 5M IN A 10.0.10.83
+a-maximum-rrset.example. 5M IN A 10.0.10.84
+a-maximum-rrset.example. 5M IN A 10.0.10.85
+a-maximum-rrset.example. 5M IN A 10.0.10.86
+a-maximum-rrset.example. 5M IN A 10.0.10.87
+a-maximum-rrset.example. 5M IN A 10.0.10.88
+a-maximum-rrset.example. 5M IN A 10.0.10.89
+a-maximum-rrset.example. 5M IN A 10.0.10.90
+a-maximum-rrset.example. 5M IN A 10.0.10.91
+a-maximum-rrset.example. 5M IN A 10.0.10.92
+a-maximum-rrset.example. 5M IN A 10.0.10.93
+a-maximum-rrset.example. 5M IN A 10.0.10.94
+a-maximum-rrset.example. 5M IN A 10.0.10.95
+a-maximum-rrset.example. 5M IN A 10.0.10.96
+a-maximum-rrset.example. 5M IN A 10.0.10.97
+a-maximum-rrset.example. 5M IN A 10.0.10.98
+a-maximum-rrset.example. 5M IN A 10.0.10.99
+a-maximum-rrset.example. 5M IN A 10.0.10.100
+a-maximum-rrset.example. 5M IN A 10.0.10.101
+a-maximum-rrset.example. 5M IN A 10.0.10.102
+a-maximum-rrset.example. 5M IN A 10.0.10.103
+a-maximum-rrset.example. 5M IN A 10.0.10.104
+a-maximum-rrset.example. 5M IN A 10.0.10.105
+a-maximum-rrset.example. 5M IN A 10.0.10.106
+a-maximum-rrset.example. 5M IN A 10.0.10.107
+a-maximum-rrset.example. 5M IN A 10.0.10.108
+a-maximum-rrset.example. 5M IN A 10.0.10.109
+a-maximum-rrset.example. 5M IN A 10.0.10.110
+a-maximum-rrset.example. 5M IN A 10.0.10.111
+a-maximum-rrset.example. 5M IN A 10.0.10.112
+a-maximum-rrset.example. 5M IN A 10.0.10.113
+a-maximum-rrset.example. 5M IN A 10.0.10.114
+a-maximum-rrset.example. 5M IN A 10.0.10.115
+a-maximum-rrset.example. 5M IN A 10.0.10.116
+a-maximum-rrset.example. 5M IN A 10.0.10.117
+a-maximum-rrset.example. 5M IN A 10.0.10.118
+a-maximum-rrset.example. 5M IN A 10.0.10.119
+a-maximum-rrset.example. 5M IN A 10.0.10.120
+a-maximum-rrset.example. 5M IN A 10.0.10.121
+a-maximum-rrset.example. 5M IN A 10.0.10.122
+a-maximum-rrset.example. 5M IN A 10.0.10.123
+a-maximum-rrset.example. 5M IN A 10.0.10.124
+a-maximum-rrset.example. 5M IN A 10.0.10.125
+a-maximum-rrset.example. 5M IN A 10.0.10.126
+a-maximum-rrset.example. 5M IN A 10.0.10.127
+a-maximum-rrset.example. 5M IN A 10.0.10.128
+a-maximum-rrset.example. 5M IN A 10.0.10.129
+a-maximum-rrset.example. 5M IN A 10.0.10.130
+a-maximum-rrset.example. 5M IN A 10.0.10.131
+a-maximum-rrset.example. 5M IN A 10.0.10.132
+a-maximum-rrset.example. 5M IN A 10.0.10.133
+a-maximum-rrset.example. 5M IN A 10.0.10.134
+a-maximum-rrset.example. 5M IN A 10.0.10.135
+a-maximum-rrset.example. 5M IN A 10.0.10.136
+a-maximum-rrset.example. 5M IN A 10.0.10.137
+a-maximum-rrset.example. 5M IN A 10.0.10.138
+a-maximum-rrset.example. 5M IN A 10.0.10.139
+a-maximum-rrset.example. 5M IN A 10.0.10.140
+a-maximum-rrset.example. 5M IN A 10.0.10.141
+a-maximum-rrset.example. 5M IN A 10.0.10.142
+a-maximum-rrset.example. 5M IN A 10.0.10.143
+a-maximum-rrset.example. 5M IN A 10.0.10.144
+a-maximum-rrset.example. 5M IN A 10.0.10.145
+a-maximum-rrset.example. 5M IN A 10.0.10.146
+a-maximum-rrset.example. 5M IN A 10.0.10.147
+a-maximum-rrset.example. 5M IN A 10.0.10.148
+a-maximum-rrset.example. 5M IN A 10.0.10.149
+a-maximum-rrset.example. 5M IN A 10.0.10.150
+a-maximum-rrset.example. 5M IN A 10.0.10.151
+a-maximum-rrset.example. 5M IN A 10.0.10.152
+a-maximum-rrset.example. 5M IN A 10.0.10.153
+a-maximum-rrset.example. 5M IN A 10.0.10.154
+a-maximum-rrset.example. 5M IN A 10.0.10.155
+a-maximum-rrset.example. 5M IN A 10.0.10.156
+a-maximum-rrset.example. 5M IN A 10.0.10.157
+a-maximum-rrset.example. 5M IN A 10.0.10.158
+a-maximum-rrset.example. 5M IN A 10.0.10.159
+a-maximum-rrset.example. 5M IN A 10.0.10.160
+a-maximum-rrset.example. 5M IN A 10.0.10.161
+a-maximum-rrset.example. 5M IN A 10.0.10.162
+a-maximum-rrset.example. 5M IN A 10.0.10.163
+a-maximum-rrset.example. 5M IN A 10.0.10.164
+a-maximum-rrset.example. 5M IN A 10.0.10.165
+a-maximum-rrset.example. 5M IN A 10.0.10.166
+a-maximum-rrset.example. 5M IN A 10.0.10.167
+a-maximum-rrset.example. 5M IN A 10.0.10.168
+a-maximum-rrset.example. 5M IN A 10.0.10.169
+a-maximum-rrset.example. 5M IN A 10.0.10.170
+a-maximum-rrset.example. 5M IN A 10.0.10.171
+a-maximum-rrset.example. 5M IN A 10.0.10.172
+a-maximum-rrset.example. 5M IN A 10.0.10.173
+a-maximum-rrset.example. 5M IN A 10.0.10.174
+a-maximum-rrset.example. 5M IN A 10.0.10.175
+a-maximum-rrset.example. 5M IN A 10.0.10.176
+a-maximum-rrset.example. 5M IN A 10.0.10.177
+a-maximum-rrset.example. 5M IN A 10.0.10.178
+a-maximum-rrset.example. 5M IN A 10.0.10.179
+a-maximum-rrset.example. 5M IN A 10.0.10.180
+a-maximum-rrset.example. 5M IN A 10.0.10.181
+a-maximum-rrset.example. 5M IN A 10.0.10.182
+a-maximum-rrset.example. 5M IN A 10.0.10.183
+a-maximum-rrset.example. 5M IN A 10.0.10.184
+a-maximum-rrset.example. 5M IN A 10.0.10.185
+a-maximum-rrset.example. 5M IN A 10.0.10.186
+a-maximum-rrset.example. 5M IN A 10.0.10.187
+a-maximum-rrset.example. 5M IN A 10.0.10.188
+a-maximum-rrset.example. 5M IN A 10.0.10.189
+a-maximum-rrset.example. 5M IN A 10.0.10.190
+a-maximum-rrset.example. 5M IN A 10.0.10.191
+a-maximum-rrset.example. 5M IN A 10.0.10.192
+a-maximum-rrset.example. 5M IN A 10.0.10.193
+a-maximum-rrset.example. 5M IN A 10.0.10.194
+a-maximum-rrset.example. 5M IN A 10.0.10.195
+a-maximum-rrset.example. 5M IN A 10.0.10.196
+a-maximum-rrset.example. 5M IN A 10.0.10.197
+a-maximum-rrset.example. 5M IN A 10.0.10.198
+a-maximum-rrset.example. 5M IN A 10.0.10.199
+a-maximum-rrset.example. 5M IN A 10.0.10.200
+a-maximum-rrset.example. 5M IN A 10.0.10.201
+a-maximum-rrset.example. 5M IN A 10.0.10.202
+a-maximum-rrset.example. 5M IN A 10.0.10.203
+a-maximum-rrset.example. 5M IN A 10.0.10.204
+a-maximum-rrset.example. 5M IN A 10.0.10.205
+a-maximum-rrset.example. 5M IN A 10.0.10.206
+a-maximum-rrset.example. 5M IN A 10.0.10.207
+a-maximum-rrset.example. 5M IN A 10.0.10.208
+a-maximum-rrset.example. 5M IN A 10.0.10.209
+a-maximum-rrset.example. 5M IN A 10.0.10.210
+a-maximum-rrset.example. 5M IN A 10.0.10.211
+a-maximum-rrset.example. 5M IN A 10.0.10.212
+a-maximum-rrset.example. 5M IN A 10.0.10.213
+a-maximum-rrset.example. 5M IN A 10.0.10.214
+a-maximum-rrset.example. 5M IN A 10.0.10.215
+a-maximum-rrset.example. 5M IN A 10.0.10.216
+a-maximum-rrset.example. 5M IN A 10.0.10.217
+a-maximum-rrset.example. 5M IN A 10.0.10.218
+a-maximum-rrset.example. 5M IN A 10.0.10.219
+a-maximum-rrset.example. 5M IN A 10.0.10.220
+a-maximum-rrset.example. 5M IN A 10.0.10.221
+a-maximum-rrset.example. 5M IN A 10.0.10.222
+a-maximum-rrset.example. 5M IN A 10.0.10.223
+a-maximum-rrset.example. 5M IN A 10.0.10.224
+a-maximum-rrset.example. 5M IN A 10.0.10.225
+a-maximum-rrset.example. 5M IN A 10.0.10.226
+a-maximum-rrset.example. 5M IN A 10.0.10.227
+a-maximum-rrset.example. 5M IN A 10.0.10.228
+a-maximum-rrset.example. 5M IN A 10.0.10.229
+a-maximum-rrset.example. 5M IN A 10.0.10.230
+a-maximum-rrset.example. 5M IN A 10.0.10.231
+a-maximum-rrset.example. 5M IN A 10.0.10.232
+a-maximum-rrset.example. 5M IN A 10.0.10.233
+a-maximum-rrset.example. 5M IN A 10.0.10.234
+a-maximum-rrset.example. 5M IN A 10.0.10.235
+a-maximum-rrset.example. 5M IN A 10.0.10.236
+a-maximum-rrset.example. 5M IN A 10.0.10.237
+a-maximum-rrset.example. 5M IN A 10.0.10.238
+a-maximum-rrset.example. 5M IN A 10.0.10.239
+a-maximum-rrset.example. 5M IN A 10.0.10.240
+a-maximum-rrset.example. 5M IN A 10.0.10.241
+a-maximum-rrset.example. 5M IN A 10.0.10.242
+a-maximum-rrset.example. 5M IN A 10.0.10.243
+a-maximum-rrset.example. 5M IN A 10.0.10.244
+a-maximum-rrset.example. 5M IN A 10.0.10.245
+a-maximum-rrset.example. 5M IN A 10.0.10.246
+a-maximum-rrset.example. 5M IN A 10.0.10.247
+a-maximum-rrset.example. 5M IN A 10.0.10.248
+a-maximum-rrset.example. 5M IN A 10.0.10.249
+a-maximum-rrset.example. 5M IN A 10.0.10.250
+a-maximum-rrset.example. 5M IN A 10.0.10.251
+a-maximum-rrset.example. 5M IN A 10.0.10.252
+a-maximum-rrset.example. 5M IN A 10.0.10.253
+a-maximum-rrset.example. 5M IN A 10.0.10.254
+a-maximum-rrset.example. 5M IN A 10.0.10.255
+a-maximum-rrset.example. 5M IN A 10.0.11.0
+a-maximum-rrset.example. 5M IN A 10.0.11.1
+a-maximum-rrset.example. 5M IN A 10.0.11.2
+a-maximum-rrset.example. 5M IN A 10.0.11.3
+a-maximum-rrset.example. 5M IN A 10.0.11.4
+a-maximum-rrset.example. 5M IN A 10.0.11.5
+a-maximum-rrset.example. 5M IN A 10.0.11.6
+a-maximum-rrset.example. 5M IN A 10.0.11.7
+a-maximum-rrset.example. 5M IN A 10.0.11.8
+a-maximum-rrset.example. 5M IN A 10.0.11.9
+a-maximum-rrset.example. 5M IN A 10.0.11.10
+a-maximum-rrset.example. 5M IN A 10.0.11.11
+a-maximum-rrset.example. 5M IN A 10.0.11.12
+a-maximum-rrset.example. 5M IN A 10.0.11.13
+a-maximum-rrset.example. 5M IN A 10.0.11.14
+a-maximum-rrset.example. 5M IN A 10.0.11.15
+a-maximum-rrset.example. 5M IN A 10.0.11.16
+a-maximum-rrset.example. 5M IN A 10.0.11.17
+a-maximum-rrset.example. 5M IN A 10.0.11.18
+a-maximum-rrset.example. 5M IN A 10.0.11.19
+a-maximum-rrset.example. 5M IN A 10.0.11.20
+a-maximum-rrset.example. 5M IN A 10.0.11.21
+a-maximum-rrset.example. 5M IN A 10.0.11.22
+a-maximum-rrset.example. 5M IN A 10.0.11.23
+a-maximum-rrset.example. 5M IN A 10.0.11.24
+a-maximum-rrset.example. 5M IN A 10.0.11.25
+a-maximum-rrset.example. 5M IN A 10.0.11.26
+a-maximum-rrset.example. 5M IN A 10.0.11.27
+a-maximum-rrset.example. 5M IN A 10.0.11.28
+a-maximum-rrset.example. 5M IN A 10.0.11.29
+a-maximum-rrset.example. 5M IN A 10.0.11.30
+a-maximum-rrset.example. 5M IN A 10.0.11.31
+a-maximum-rrset.example. 5M IN A 10.0.11.32
+a-maximum-rrset.example. 5M IN A 10.0.11.33
+a-maximum-rrset.example. 5M IN A 10.0.11.34
+a-maximum-rrset.example. 5M IN A 10.0.11.35
+a-maximum-rrset.example. 5M IN A 10.0.11.36
+a-maximum-rrset.example. 5M IN A 10.0.11.37
+a-maximum-rrset.example. 5M IN A 10.0.11.38
+a-maximum-rrset.example. 5M IN A 10.0.11.39
+a-maximum-rrset.example. 5M IN A 10.0.11.40
+a-maximum-rrset.example. 5M IN A 10.0.11.41
+a-maximum-rrset.example. 5M IN A 10.0.11.42
+a-maximum-rrset.example. 5M IN A 10.0.11.43
+a-maximum-rrset.example. 5M IN A 10.0.11.44
+a-maximum-rrset.example. 5M IN A 10.0.11.45
+a-maximum-rrset.example. 5M IN A 10.0.11.46
+a-maximum-rrset.example. 5M IN A 10.0.11.47
+a-maximum-rrset.example. 5M IN A 10.0.11.48
+a-maximum-rrset.example. 5M IN A 10.0.11.49
+a-maximum-rrset.example. 5M IN A 10.0.11.50
+a-maximum-rrset.example. 5M IN A 10.0.11.51
+a-maximum-rrset.example. 5M IN A 10.0.11.52
+a-maximum-rrset.example. 5M IN A 10.0.11.53
+a-maximum-rrset.example. 5M IN A 10.0.11.54
+a-maximum-rrset.example. 5M IN A 10.0.11.55
+a-maximum-rrset.example. 5M IN A 10.0.11.56
+a-maximum-rrset.example. 5M IN A 10.0.11.57
+a-maximum-rrset.example. 5M IN A 10.0.11.58
+a-maximum-rrset.example. 5M IN A 10.0.11.59
+a-maximum-rrset.example. 5M IN A 10.0.11.60
+a-maximum-rrset.example. 5M IN A 10.0.11.61
+a-maximum-rrset.example. 5M IN A 10.0.11.62
+a-maximum-rrset.example. 5M IN A 10.0.11.63
+a-maximum-rrset.example. 5M IN A 10.0.11.64
+a-maximum-rrset.example. 5M IN A 10.0.11.65
+a-maximum-rrset.example. 5M IN A 10.0.11.66
+a-maximum-rrset.example. 5M IN A 10.0.11.67
+a-maximum-rrset.example. 5M IN A 10.0.11.68
+a-maximum-rrset.example. 5M IN A 10.0.11.69
+a-maximum-rrset.example. 5M IN A 10.0.11.70
+a-maximum-rrset.example. 5M IN A 10.0.11.71
+a-maximum-rrset.example. 5M IN A 10.0.11.72
+a-maximum-rrset.example. 5M IN A 10.0.11.73
+a-maximum-rrset.example. 5M IN A 10.0.11.74
+a-maximum-rrset.example. 5M IN A 10.0.11.75
+a-maximum-rrset.example. 5M IN A 10.0.11.76
+a-maximum-rrset.example. 5M IN A 10.0.11.77
+a-maximum-rrset.example. 5M IN A 10.0.11.78
+a-maximum-rrset.example. 5M IN A 10.0.11.79
+a-maximum-rrset.example. 5M IN A 10.0.11.80
+a-maximum-rrset.example. 5M IN A 10.0.11.81
+a-maximum-rrset.example. 5M IN A 10.0.11.82
+a-maximum-rrset.example. 5M IN A 10.0.11.83
+a-maximum-rrset.example. 5M IN A 10.0.11.84
+a-maximum-rrset.example. 5M IN A 10.0.11.85
+a-maximum-rrset.example. 5M IN A 10.0.11.86
+a-maximum-rrset.example. 5M IN A 10.0.11.87
+a-maximum-rrset.example. 5M IN A 10.0.11.88
+a-maximum-rrset.example. 5M IN A 10.0.11.89
+a-maximum-rrset.example. 5M IN A 10.0.11.90
+a-maximum-rrset.example. 5M IN A 10.0.11.91
+a-maximum-rrset.example. 5M IN A 10.0.11.92
+a-maximum-rrset.example. 5M IN A 10.0.11.93
+a-maximum-rrset.example. 5M IN A 10.0.11.94
+a-maximum-rrset.example. 5M IN A 10.0.11.95
+a-maximum-rrset.example. 5M IN A 10.0.11.96
+a-maximum-rrset.example. 5M IN A 10.0.11.97
+a-maximum-rrset.example. 5M IN A 10.0.11.98
+a-maximum-rrset.example. 5M IN A 10.0.11.99
+a-maximum-rrset.example. 5M IN A 10.0.11.100
+a-maximum-rrset.example. 5M IN A 10.0.11.101
+a-maximum-rrset.example. 5M IN A 10.0.11.102
+a-maximum-rrset.example. 5M IN A 10.0.11.103
+a-maximum-rrset.example. 5M IN A 10.0.11.104
+a-maximum-rrset.example. 5M IN A 10.0.11.105
+a-maximum-rrset.example. 5M IN A 10.0.11.106
+a-maximum-rrset.example. 5M IN A 10.0.11.107
+a-maximum-rrset.example. 5M IN A 10.0.11.108
+a-maximum-rrset.example. 5M IN A 10.0.11.109
+a-maximum-rrset.example. 5M IN A 10.0.11.110
+a-maximum-rrset.example. 5M IN A 10.0.11.111
+a-maximum-rrset.example. 5M IN A 10.0.11.112
+a-maximum-rrset.example. 5M IN A 10.0.11.113
+a-maximum-rrset.example. 5M IN A 10.0.11.114
+a-maximum-rrset.example. 5M IN A 10.0.11.115
+a-maximum-rrset.example. 5M IN A 10.0.11.116
+a-maximum-rrset.example. 5M IN A 10.0.11.117
+a-maximum-rrset.example. 5M IN A 10.0.11.118
+a-maximum-rrset.example. 5M IN A 10.0.11.119
+a-maximum-rrset.example. 5M IN A 10.0.11.120
+a-maximum-rrset.example. 5M IN A 10.0.11.121
+a-maximum-rrset.example. 5M IN A 10.0.11.122
+a-maximum-rrset.example. 5M IN A 10.0.11.123
+a-maximum-rrset.example. 5M IN A 10.0.11.124
+a-maximum-rrset.example. 5M IN A 10.0.11.125
+a-maximum-rrset.example. 5M IN A 10.0.11.126
+a-maximum-rrset.example. 5M IN A 10.0.11.127
+a-maximum-rrset.example. 5M IN A 10.0.11.128
+a-maximum-rrset.example. 5M IN A 10.0.11.129
+a-maximum-rrset.example. 5M IN A 10.0.11.130
+a-maximum-rrset.example. 5M IN A 10.0.11.131
+a-maximum-rrset.example. 5M IN A 10.0.11.132
+a-maximum-rrset.example. 5M IN A 10.0.11.133
+a-maximum-rrset.example. 5M IN A 10.0.11.134
+a-maximum-rrset.example. 5M IN A 10.0.11.135
+a-maximum-rrset.example. 5M IN A 10.0.11.136
+a-maximum-rrset.example. 5M IN A 10.0.11.137
+a-maximum-rrset.example. 5M IN A 10.0.11.138
+a-maximum-rrset.example. 5M IN A 10.0.11.139
+a-maximum-rrset.example. 5M IN A 10.0.11.140
+a-maximum-rrset.example. 5M IN A 10.0.11.141
+a-maximum-rrset.example. 5M IN A 10.0.11.142
+a-maximum-rrset.example. 5M IN A 10.0.11.143
+a-maximum-rrset.example. 5M IN A 10.0.11.144
+a-maximum-rrset.example. 5M IN A 10.0.11.145
+a-maximum-rrset.example. 5M IN A 10.0.11.146
+a-maximum-rrset.example. 5M IN A 10.0.11.147
+a-maximum-rrset.example. 5M IN A 10.0.11.148
+a-maximum-rrset.example. 5M IN A 10.0.11.149
+a-maximum-rrset.example. 5M IN A 10.0.11.150
+a-maximum-rrset.example. 5M IN A 10.0.11.151
+a-maximum-rrset.example. 5M IN A 10.0.11.152
+a-maximum-rrset.example. 5M IN A 10.0.11.153
+a-maximum-rrset.example. 5M IN A 10.0.11.154
+a-maximum-rrset.example. 5M IN A 10.0.11.155
+a-maximum-rrset.example. 5M IN A 10.0.11.156
+a-maximum-rrset.example. 5M IN A 10.0.11.157
+a-maximum-rrset.example. 5M IN A 10.0.11.158
+a-maximum-rrset.example. 5M IN A 10.0.11.159
+a-maximum-rrset.example. 5M IN A 10.0.11.160
+a-maximum-rrset.example. 5M IN A 10.0.11.161
+a-maximum-rrset.example. 5M IN A 10.0.11.162
+a-maximum-rrset.example. 5M IN A 10.0.11.163
+a-maximum-rrset.example. 5M IN A 10.0.11.164
+a-maximum-rrset.example. 5M IN A 10.0.11.165
+a-maximum-rrset.example. 5M IN A 10.0.11.166
+a-maximum-rrset.example. 5M IN A 10.0.11.167
+a-maximum-rrset.example. 5M IN A 10.0.11.168
+a-maximum-rrset.example. 5M IN A 10.0.11.169
+a-maximum-rrset.example. 5M IN A 10.0.11.170
+a-maximum-rrset.example. 5M IN A 10.0.11.171
+a-maximum-rrset.example. 5M IN A 10.0.11.172
+a-maximum-rrset.example. 5M IN A 10.0.11.173
+a-maximum-rrset.example. 5M IN A 10.0.11.174
+a-maximum-rrset.example. 5M IN A 10.0.11.175
+a-maximum-rrset.example. 5M IN A 10.0.11.176
+a-maximum-rrset.example. 5M IN A 10.0.11.177
+a-maximum-rrset.example. 5M IN A 10.0.11.178
+a-maximum-rrset.example. 5M IN A 10.0.11.179
+a-maximum-rrset.example. 5M IN A 10.0.11.180
+a-maximum-rrset.example. 5M IN A 10.0.11.181
+a-maximum-rrset.example. 5M IN A 10.0.11.182
+a-maximum-rrset.example. 5M IN A 10.0.11.183
+a-maximum-rrset.example. 5M IN A 10.0.11.184
+a-maximum-rrset.example. 5M IN A 10.0.11.185
+a-maximum-rrset.example. 5M IN A 10.0.11.186
+a-maximum-rrset.example. 5M IN A 10.0.11.187
+a-maximum-rrset.example. 5M IN A 10.0.11.188
+a-maximum-rrset.example. 5M IN A 10.0.11.189
+a-maximum-rrset.example. 5M IN A 10.0.11.190
+a-maximum-rrset.example. 5M IN A 10.0.11.191
+a-maximum-rrset.example. 5M IN A 10.0.11.192
+a-maximum-rrset.example. 5M IN A 10.0.11.193
+a-maximum-rrset.example. 5M IN A 10.0.11.194
+a-maximum-rrset.example. 5M IN A 10.0.11.195
+a-maximum-rrset.example. 5M IN A 10.0.11.196
+a-maximum-rrset.example. 5M IN A 10.0.11.197
+a-maximum-rrset.example. 5M IN A 10.0.11.198
+a-maximum-rrset.example. 5M IN A 10.0.11.199
+a-maximum-rrset.example. 5M IN A 10.0.11.200
+a-maximum-rrset.example. 5M IN A 10.0.11.201
+a-maximum-rrset.example. 5M IN A 10.0.11.202
+a-maximum-rrset.example. 5M IN A 10.0.11.203
+a-maximum-rrset.example. 5M IN A 10.0.11.204
+a-maximum-rrset.example. 5M IN A 10.0.11.205
+a-maximum-rrset.example. 5M IN A 10.0.11.206
+a-maximum-rrset.example. 5M IN A 10.0.11.207
+a-maximum-rrset.example. 5M IN A 10.0.11.208
+a-maximum-rrset.example. 5M IN A 10.0.11.209
+a-maximum-rrset.example. 5M IN A 10.0.11.210
+a-maximum-rrset.example. 5M IN A 10.0.11.211
+a-maximum-rrset.example. 5M IN A 10.0.11.212
+a-maximum-rrset.example. 5M IN A 10.0.11.213
+a-maximum-rrset.example. 5M IN A 10.0.11.214
+a-maximum-rrset.example. 5M IN A 10.0.11.215
+a-maximum-rrset.example. 5M IN A 10.0.11.216
+a-maximum-rrset.example. 5M IN A 10.0.11.217
+a-maximum-rrset.example. 5M IN A 10.0.11.218
+a-maximum-rrset.example. 5M IN A 10.0.11.219
+a-maximum-rrset.example. 5M IN A 10.0.11.220
+a-maximum-rrset.example. 5M IN A 10.0.11.221
+a-maximum-rrset.example. 5M IN A 10.0.11.222
+a-maximum-rrset.example. 5M IN A 10.0.11.223
+a-maximum-rrset.example. 5M IN A 10.0.11.224
+a-maximum-rrset.example. 5M IN A 10.0.11.225
+a-maximum-rrset.example. 5M IN A 10.0.11.226
+a-maximum-rrset.example. 5M IN A 10.0.11.227
+a-maximum-rrset.example. 5M IN A 10.0.11.228
+a-maximum-rrset.example. 5M IN A 10.0.11.229
+a-maximum-rrset.example. 5M IN A 10.0.11.230
+a-maximum-rrset.example. 5M IN A 10.0.11.231
+a-maximum-rrset.example. 5M IN A 10.0.11.232
+a-maximum-rrset.example. 5M IN A 10.0.11.233
+a-maximum-rrset.example. 5M IN A 10.0.11.234
+a-maximum-rrset.example. 5M IN A 10.0.11.235
+a-maximum-rrset.example. 5M IN A 10.0.11.236
+a-maximum-rrset.example. 5M IN A 10.0.11.237
+a-maximum-rrset.example. 5M IN A 10.0.11.238
+a-maximum-rrset.example. 5M IN A 10.0.11.239
+a-maximum-rrset.example. 5M IN A 10.0.11.240
+a-maximum-rrset.example. 5M IN A 10.0.11.241
+a-maximum-rrset.example. 5M IN A 10.0.11.242
+a-maximum-rrset.example. 5M IN A 10.0.11.243
+a-maximum-rrset.example. 5M IN A 10.0.11.244
+a-maximum-rrset.example. 5M IN A 10.0.11.245
+a-maximum-rrset.example. 5M IN A 10.0.11.246
+a-maximum-rrset.example. 5M IN A 10.0.11.247
+a-maximum-rrset.example. 5M IN A 10.0.11.248
+a-maximum-rrset.example. 5M IN A 10.0.11.249
+a-maximum-rrset.example. 5M IN A 10.0.11.250
+a-maximum-rrset.example. 5M IN A 10.0.11.251
+a-maximum-rrset.example. 5M IN A 10.0.11.252
+a-maximum-rrset.example. 5M IN A 10.0.11.253
+a-maximum-rrset.example. 5M IN A 10.0.11.254
+a-maximum-rrset.example. 5M IN A 10.0.11.255
+a-maximum-rrset.example. 5M IN A 10.0.12.0
+a-maximum-rrset.example. 5M IN A 10.0.12.1
+a-maximum-rrset.example. 5M IN A 10.0.12.2
+a-maximum-rrset.example. 5M IN A 10.0.12.3
+a-maximum-rrset.example. 5M IN A 10.0.12.4
+a-maximum-rrset.example. 5M IN A 10.0.12.5
+a-maximum-rrset.example. 5M IN A 10.0.12.6
+a-maximum-rrset.example. 5M IN A 10.0.12.7
+a-maximum-rrset.example. 5M IN A 10.0.12.8
+a-maximum-rrset.example. 5M IN A 10.0.12.9
+a-maximum-rrset.example. 5M IN A 10.0.12.10
+a-maximum-rrset.example. 5M IN A 10.0.12.11
+a-maximum-rrset.example. 5M IN A 10.0.12.12
+a-maximum-rrset.example. 5M IN A 10.0.12.13
+a-maximum-rrset.example. 5M IN A 10.0.12.14
+a-maximum-rrset.example. 5M IN A 10.0.12.15
+a-maximum-rrset.example. 5M IN A 10.0.12.16
+a-maximum-rrset.example. 5M IN A 10.0.12.17
+a-maximum-rrset.example. 5M IN A 10.0.12.18
+a-maximum-rrset.example. 5M IN A 10.0.12.19
+a-maximum-rrset.example. 5M IN A 10.0.12.20
+a-maximum-rrset.example. 5M IN A 10.0.12.21
+a-maximum-rrset.example. 5M IN A 10.0.12.22
+a-maximum-rrset.example. 5M IN A 10.0.12.23
+a-maximum-rrset.example. 5M IN A 10.0.12.24
+a-maximum-rrset.example. 5M IN A 10.0.12.25
+a-maximum-rrset.example. 5M IN A 10.0.12.26
+a-maximum-rrset.example. 5M IN A 10.0.12.27
+a-maximum-rrset.example. 5M IN A 10.0.12.28
+a-maximum-rrset.example. 5M IN A 10.0.12.29
+a-maximum-rrset.example. 5M IN A 10.0.12.30
+a-maximum-rrset.example. 5M IN A 10.0.12.31
+a-maximum-rrset.example. 5M IN A 10.0.12.32
+a-maximum-rrset.example. 5M IN A 10.0.12.33
+a-maximum-rrset.example. 5M IN A 10.0.12.34
+a-maximum-rrset.example. 5M IN A 10.0.12.35
+a-maximum-rrset.example. 5M IN A 10.0.12.36
+a-maximum-rrset.example. 5M IN A 10.0.12.37
+a-maximum-rrset.example. 5M IN A 10.0.12.38
+a-maximum-rrset.example. 5M IN A 10.0.12.39
+a-maximum-rrset.example. 5M IN A 10.0.12.40
+a-maximum-rrset.example. 5M IN A 10.0.12.41
+a-maximum-rrset.example. 5M IN A 10.0.12.42
+a-maximum-rrset.example. 5M IN A 10.0.12.43
+a-maximum-rrset.example. 5M IN A 10.0.12.44
+a-maximum-rrset.example. 5M IN A 10.0.12.45
+a-maximum-rrset.example. 5M IN A 10.0.12.46
+a-maximum-rrset.example. 5M IN A 10.0.12.47
+a-maximum-rrset.example. 5M IN A 10.0.12.48
+a-maximum-rrset.example. 5M IN A 10.0.12.49
+a-maximum-rrset.example. 5M IN A 10.0.12.50
+a-maximum-rrset.example. 5M IN A 10.0.12.51
+a-maximum-rrset.example. 5M IN A 10.0.12.52
+a-maximum-rrset.example. 5M IN A 10.0.12.53
+a-maximum-rrset.example. 5M IN A 10.0.12.54
+a-maximum-rrset.example. 5M IN A 10.0.12.55
+a-maximum-rrset.example. 5M IN A 10.0.12.56
+a-maximum-rrset.example. 5M IN A 10.0.12.57
+a-maximum-rrset.example. 5M IN A 10.0.12.58
+a-maximum-rrset.example. 5M IN A 10.0.12.59
+a-maximum-rrset.example. 5M IN A 10.0.12.60
+a-maximum-rrset.example. 5M IN A 10.0.12.61
+a-maximum-rrset.example. 5M IN A 10.0.12.62
+a-maximum-rrset.example. 5M IN A 10.0.12.63
+a-maximum-rrset.example. 5M IN A 10.0.12.64
+a-maximum-rrset.example. 5M IN A 10.0.12.65
+a-maximum-rrset.example. 5M IN A 10.0.12.66
+a-maximum-rrset.example. 5M IN A 10.0.12.67
+a-maximum-rrset.example. 5M IN A 10.0.12.68
+a-maximum-rrset.example. 5M IN A 10.0.12.69
+a-maximum-rrset.example. 5M IN A 10.0.12.70
+a-maximum-rrset.example. 5M IN A 10.0.12.71
+a-maximum-rrset.example. 5M IN A 10.0.12.72
+a-maximum-rrset.example. 5M IN A 10.0.12.73
+a-maximum-rrset.example. 5M IN A 10.0.12.74
+a-maximum-rrset.example. 5M IN A 10.0.12.75
+a-maximum-rrset.example. 5M IN A 10.0.12.76
+a-maximum-rrset.example. 5M IN A 10.0.12.77
+a-maximum-rrset.example. 5M IN A 10.0.12.78
+a-maximum-rrset.example. 5M IN A 10.0.12.79
+a-maximum-rrset.example. 5M IN A 10.0.12.80
+a-maximum-rrset.example. 5M IN A 10.0.12.81
+a-maximum-rrset.example. 5M IN A 10.0.12.82
+a-maximum-rrset.example. 5M IN A 10.0.12.83
+a-maximum-rrset.example. 5M IN A 10.0.12.84
+a-maximum-rrset.example. 5M IN A 10.0.12.85
+a-maximum-rrset.example. 5M IN A 10.0.12.86
+a-maximum-rrset.example. 5M IN A 10.0.12.87
+a-maximum-rrset.example. 5M IN A 10.0.12.88
+a-maximum-rrset.example. 5M IN A 10.0.12.89
+a-maximum-rrset.example. 5M IN A 10.0.12.90
+a-maximum-rrset.example. 5M IN A 10.0.12.91
+a-maximum-rrset.example. 5M IN A 10.0.12.92
+a-maximum-rrset.example. 5M IN A 10.0.12.93
+a-maximum-rrset.example. 5M IN A 10.0.12.94
+a-maximum-rrset.example. 5M IN A 10.0.12.95
+a-maximum-rrset.example. 5M IN A 10.0.12.96
+a-maximum-rrset.example. 5M IN A 10.0.12.97
+a-maximum-rrset.example. 5M IN A 10.0.12.98
+a-maximum-rrset.example. 5M IN A 10.0.12.99
+a-maximum-rrset.example. 5M IN A 10.0.12.100
+a-maximum-rrset.example. 5M IN A 10.0.12.101
+a-maximum-rrset.example. 5M IN A 10.0.12.102
+a-maximum-rrset.example. 5M IN A 10.0.12.103
+a-maximum-rrset.example. 5M IN A 10.0.12.104
+a-maximum-rrset.example. 5M IN A 10.0.12.105
+a-maximum-rrset.example. 5M IN A 10.0.12.106
+a-maximum-rrset.example. 5M IN A 10.0.12.107
+a-maximum-rrset.example. 5M IN A 10.0.12.108
+a-maximum-rrset.example. 5M IN A 10.0.12.109
+a-maximum-rrset.example. 5M IN A 10.0.12.110
+a-maximum-rrset.example. 5M IN A 10.0.12.111
+a-maximum-rrset.example. 5M IN A 10.0.12.112
+a-maximum-rrset.example. 5M IN A 10.0.12.113
+a-maximum-rrset.example. 5M IN A 10.0.12.114
+a-maximum-rrset.example. 5M IN A 10.0.12.115
+a-maximum-rrset.example. 5M IN A 10.0.12.116
+a-maximum-rrset.example. 5M IN A 10.0.12.117
+a-maximum-rrset.example. 5M IN A 10.0.12.118
+a-maximum-rrset.example. 5M IN A 10.0.12.119
+a-maximum-rrset.example. 5M IN A 10.0.12.120
+a-maximum-rrset.example. 5M IN A 10.0.12.121
+a-maximum-rrset.example. 5M IN A 10.0.12.122
+a-maximum-rrset.example. 5M IN A 10.0.12.123
+a-maximum-rrset.example. 5M IN A 10.0.12.124
+a-maximum-rrset.example. 5M IN A 10.0.12.125
+a-maximum-rrset.example. 5M IN A 10.0.12.126
+a-maximum-rrset.example. 5M IN A 10.0.12.127
+a-maximum-rrset.example. 5M IN A 10.0.12.128
+a-maximum-rrset.example. 5M IN A 10.0.12.129
+a-maximum-rrset.example. 5M IN A 10.0.12.130
+a-maximum-rrset.example. 5M IN A 10.0.12.131
+a-maximum-rrset.example. 5M IN A 10.0.12.132
+a-maximum-rrset.example. 5M IN A 10.0.12.133
+a-maximum-rrset.example. 5M IN A 10.0.12.134
+a-maximum-rrset.example. 5M IN A 10.0.12.135
+a-maximum-rrset.example. 5M IN A 10.0.12.136
+a-maximum-rrset.example. 5M IN A 10.0.12.137
+a-maximum-rrset.example. 5M IN A 10.0.12.138
+a-maximum-rrset.example. 5M IN A 10.0.12.139
+a-maximum-rrset.example. 5M IN A 10.0.12.140
+a-maximum-rrset.example. 5M IN A 10.0.12.141
+a-maximum-rrset.example. 5M IN A 10.0.12.142
+a-maximum-rrset.example. 5M IN A 10.0.12.143
+a-maximum-rrset.example. 5M IN A 10.0.12.144
+a-maximum-rrset.example. 5M IN A 10.0.12.145
+a-maximum-rrset.example. 5M IN A 10.0.12.146
+a-maximum-rrset.example. 5M IN A 10.0.12.147
+a-maximum-rrset.example. 5M IN A 10.0.12.148
+a-maximum-rrset.example. 5M IN A 10.0.12.149
+a-maximum-rrset.example. 5M IN A 10.0.12.150
+a-maximum-rrset.example. 5M IN A 10.0.12.151
+a-maximum-rrset.example. 5M IN A 10.0.12.152
+a-maximum-rrset.example. 5M IN A 10.0.12.153
+a-maximum-rrset.example. 5M IN A 10.0.12.154
+a-maximum-rrset.example. 5M IN A 10.0.12.155
+a-maximum-rrset.example. 5M IN A 10.0.12.156
+a-maximum-rrset.example. 5M IN A 10.0.12.157
+a-maximum-rrset.example. 5M IN A 10.0.12.158
+a-maximum-rrset.example. 5M IN A 10.0.12.159
+a-maximum-rrset.example. 5M IN A 10.0.12.160
+a-maximum-rrset.example. 5M IN A 10.0.12.161
+a-maximum-rrset.example. 5M IN A 10.0.12.162
+a-maximum-rrset.example. 5M IN A 10.0.12.163
+a-maximum-rrset.example. 5M IN A 10.0.12.164
+a-maximum-rrset.example. 5M IN A 10.0.12.165
+a-maximum-rrset.example. 5M IN A 10.0.12.166
+a-maximum-rrset.example. 5M IN A 10.0.12.167
+a-maximum-rrset.example. 5M IN A 10.0.12.168
+a-maximum-rrset.example. 5M IN A 10.0.12.169
+a-maximum-rrset.example. 5M IN A 10.0.12.170
+a-maximum-rrset.example. 5M IN A 10.0.12.171
+a-maximum-rrset.example. 5M IN A 10.0.12.172
+a-maximum-rrset.example. 5M IN A 10.0.12.173
+a-maximum-rrset.example. 5M IN A 10.0.12.174
+a-maximum-rrset.example. 5M IN A 10.0.12.175
+a-maximum-rrset.example. 5M IN A 10.0.12.176
+a-maximum-rrset.example. 5M IN A 10.0.12.177
+a-maximum-rrset.example. 5M IN A 10.0.12.178
+a-maximum-rrset.example. 5M IN A 10.0.12.179
+a-maximum-rrset.example. 5M IN A 10.0.12.180
+a-maximum-rrset.example. 5M IN A 10.0.12.181
+a-maximum-rrset.example. 5M IN A 10.0.12.182
+a-maximum-rrset.example. 5M IN A 10.0.12.183
+a-maximum-rrset.example. 5M IN A 10.0.12.184
+a-maximum-rrset.example. 5M IN A 10.0.12.185
+a-maximum-rrset.example. 5M IN A 10.0.12.186
+a-maximum-rrset.example. 5M IN A 10.0.12.187
+a-maximum-rrset.example. 5M IN A 10.0.12.188
+a-maximum-rrset.example. 5M IN A 10.0.12.189
+a-maximum-rrset.example. 5M IN A 10.0.12.190
+a-maximum-rrset.example. 5M IN A 10.0.12.191
+a-maximum-rrset.example. 5M IN A 10.0.12.192
+a-maximum-rrset.example. 5M IN A 10.0.12.193
+a-maximum-rrset.example. 5M IN A 10.0.12.194
+a-maximum-rrset.example. 5M IN A 10.0.12.195
+a-maximum-rrset.example. 5M IN A 10.0.12.196
+a-maximum-rrset.example. 5M IN A 10.0.12.197
+a-maximum-rrset.example. 5M IN A 10.0.12.198
+a-maximum-rrset.example. 5M IN A 10.0.12.199
+a-maximum-rrset.example. 5M IN A 10.0.12.200
+a-maximum-rrset.example. 5M IN A 10.0.12.201
+a-maximum-rrset.example. 5M IN A 10.0.12.202
+a-maximum-rrset.example. 5M IN A 10.0.12.203
+a-maximum-rrset.example. 5M IN A 10.0.12.204
+a-maximum-rrset.example. 5M IN A 10.0.12.205
+a-maximum-rrset.example. 5M IN A 10.0.12.206
+a-maximum-rrset.example. 5M IN A 10.0.12.207
+a-maximum-rrset.example. 5M IN A 10.0.12.208
+a-maximum-rrset.example. 5M IN A 10.0.12.209
+a-maximum-rrset.example. 5M IN A 10.0.12.210
+a-maximum-rrset.example. 5M IN A 10.0.12.211
+a-maximum-rrset.example. 5M IN A 10.0.12.212
+a-maximum-rrset.example. 5M IN A 10.0.12.213
+a-maximum-rrset.example. 5M IN A 10.0.12.214
+a-maximum-rrset.example. 5M IN A 10.0.12.215
+a-maximum-rrset.example. 5M IN A 10.0.12.216
+a-maximum-rrset.example. 5M IN A 10.0.12.217
+a-maximum-rrset.example. 5M IN A 10.0.12.218
+a-maximum-rrset.example. 5M IN A 10.0.12.219
+a-maximum-rrset.example. 5M IN A 10.0.12.220
+a-maximum-rrset.example. 5M IN A 10.0.12.221
+a-maximum-rrset.example. 5M IN A 10.0.12.222
+a-maximum-rrset.example. 5M IN A 10.0.12.223
+a-maximum-rrset.example. 5M IN A 10.0.12.224
+a-maximum-rrset.example. 5M IN A 10.0.12.225
+a-maximum-rrset.example. 5M IN A 10.0.12.226
+a-maximum-rrset.example. 5M IN A 10.0.12.227
+a-maximum-rrset.example. 5M IN A 10.0.12.228
+a-maximum-rrset.example. 5M IN A 10.0.12.229
+a-maximum-rrset.example. 5M IN A 10.0.12.230
+a-maximum-rrset.example. 5M IN A 10.0.12.231
+a-maximum-rrset.example. 5M IN A 10.0.12.232
+a-maximum-rrset.example. 5M IN A 10.0.12.233
+a-maximum-rrset.example. 5M IN A 10.0.12.234
+a-maximum-rrset.example. 5M IN A 10.0.12.235
+a-maximum-rrset.example. 5M IN A 10.0.12.236
+a-maximum-rrset.example. 5M IN A 10.0.12.237
+a-maximum-rrset.example. 5M IN A 10.0.12.238
+a-maximum-rrset.example. 5M IN A 10.0.12.239
+a-maximum-rrset.example. 5M IN A 10.0.12.240
+a-maximum-rrset.example. 5M IN A 10.0.12.241
+a-maximum-rrset.example. 5M IN A 10.0.12.242
+a-maximum-rrset.example. 5M IN A 10.0.12.243
+a-maximum-rrset.example. 5M IN A 10.0.12.244
+a-maximum-rrset.example. 5M IN A 10.0.12.245
+a-maximum-rrset.example. 5M IN A 10.0.12.246
+a-maximum-rrset.example. 5M IN A 10.0.12.247
+a-maximum-rrset.example. 5M IN A 10.0.12.248
+a-maximum-rrset.example. 5M IN A 10.0.12.249
+a-maximum-rrset.example. 5M IN A 10.0.12.250
+a-maximum-rrset.example. 5M IN A 10.0.12.251
+a-maximum-rrset.example. 5M IN A 10.0.12.252
+a-maximum-rrset.example. 5M IN A 10.0.12.253
+a-maximum-rrset.example. 5M IN A 10.0.12.254
+a-maximum-rrset.example. 5M IN A 10.0.12.255
+a-maximum-rrset.example. 5M IN A 10.0.13.0
+a-maximum-rrset.example. 5M IN A 10.0.13.1
+a-maximum-rrset.example. 5M IN A 10.0.13.2
+a-maximum-rrset.example. 5M IN A 10.0.13.3
+a-maximum-rrset.example. 5M IN A 10.0.13.4
+a-maximum-rrset.example. 5M IN A 10.0.13.5
+a-maximum-rrset.example. 5M IN A 10.0.13.6
+a-maximum-rrset.example. 5M IN A 10.0.13.7
+a-maximum-rrset.example. 5M IN A 10.0.13.8
+a-maximum-rrset.example. 5M IN A 10.0.13.9
+a-maximum-rrset.example. 5M IN A 10.0.13.10
+a-maximum-rrset.example. 5M IN A 10.0.13.11
+a-maximum-rrset.example. 5M IN A 10.0.13.12
+a-maximum-rrset.example. 5M IN A 10.0.13.13
+a-maximum-rrset.example. 5M IN A 10.0.13.14
+a-maximum-rrset.example. 5M IN A 10.0.13.15
+a-maximum-rrset.example. 5M IN A 10.0.13.16
+a-maximum-rrset.example. 5M IN A 10.0.13.17
+a-maximum-rrset.example. 5M IN A 10.0.13.18
+a-maximum-rrset.example. 5M IN A 10.0.13.19
+a-maximum-rrset.example. 5M IN A 10.0.13.20
+a-maximum-rrset.example. 5M IN A 10.0.13.21
+a-maximum-rrset.example. 5M IN A 10.0.13.22
+a-maximum-rrset.example. 5M IN A 10.0.13.23
+a-maximum-rrset.example. 5M IN A 10.0.13.24
+a-maximum-rrset.example. 5M IN A 10.0.13.25
+a-maximum-rrset.example. 5M IN A 10.0.13.26
+a-maximum-rrset.example. 5M IN A 10.0.13.27
+a-maximum-rrset.example. 5M IN A 10.0.13.28
+a-maximum-rrset.example. 5M IN A 10.0.13.29
+a-maximum-rrset.example. 5M IN A 10.0.13.30
+a-maximum-rrset.example. 5M IN A 10.0.13.31
+a-maximum-rrset.example. 5M IN A 10.0.13.32
+a-maximum-rrset.example. 5M IN A 10.0.13.33
+a-maximum-rrset.example. 5M IN A 10.0.13.34
+a-maximum-rrset.example. 5M IN A 10.0.13.35
+a-maximum-rrset.example. 5M IN A 10.0.13.36
+a-maximum-rrset.example. 5M IN A 10.0.13.37
+a-maximum-rrset.example. 5M IN A 10.0.13.38
+a-maximum-rrset.example. 5M IN A 10.0.13.39
+a-maximum-rrset.example. 5M IN A 10.0.13.40
+a-maximum-rrset.example. 5M IN A 10.0.13.41
+a-maximum-rrset.example. 5M IN A 10.0.13.42
+a-maximum-rrset.example. 5M IN A 10.0.13.43
+a-maximum-rrset.example. 5M IN A 10.0.13.44
+a-maximum-rrset.example. 5M IN A 10.0.13.45
+a-maximum-rrset.example. 5M IN A 10.0.13.46
+a-maximum-rrset.example. 5M IN A 10.0.13.47
+a-maximum-rrset.example. 5M IN A 10.0.13.48
+a-maximum-rrset.example. 5M IN A 10.0.13.49
+a-maximum-rrset.example. 5M IN A 10.0.13.50
+a-maximum-rrset.example. 5M IN A 10.0.13.51
+a-maximum-rrset.example. 5M IN A 10.0.13.52
+a-maximum-rrset.example. 5M IN A 10.0.13.53
+a-maximum-rrset.example. 5M IN A 10.0.13.54
+a-maximum-rrset.example. 5M IN A 10.0.13.55
+a-maximum-rrset.example. 5M IN A 10.0.13.56
+a-maximum-rrset.example. 5M IN A 10.0.13.57
+a-maximum-rrset.example. 5M IN A 10.0.13.58
+a-maximum-rrset.example. 5M IN A 10.0.13.59
+a-maximum-rrset.example. 5M IN A 10.0.13.60
+a-maximum-rrset.example. 5M IN A 10.0.13.61
+a-maximum-rrset.example. 5M IN A 10.0.13.62
+a-maximum-rrset.example. 5M IN A 10.0.13.63
+a-maximum-rrset.example. 5M IN A 10.0.13.64
+a-maximum-rrset.example. 5M IN A 10.0.13.65
+a-maximum-rrset.example. 5M IN A 10.0.13.66
+a-maximum-rrset.example. 5M IN A 10.0.13.67
+a-maximum-rrset.example. 5M IN A 10.0.13.68
+a-maximum-rrset.example. 5M IN A 10.0.13.69
+a-maximum-rrset.example. 5M IN A 10.0.13.70
+a-maximum-rrset.example. 5M IN A 10.0.13.71
+a-maximum-rrset.example. 5M IN A 10.0.13.72
+a-maximum-rrset.example. 5M IN A 10.0.13.73
+a-maximum-rrset.example. 5M IN A 10.0.13.74
+a-maximum-rrset.example. 5M IN A 10.0.13.75
+a-maximum-rrset.example. 5M IN A 10.0.13.76
+a-maximum-rrset.example. 5M IN A 10.0.13.77
+a-maximum-rrset.example. 5M IN A 10.0.13.78
+a-maximum-rrset.example. 5M IN A 10.0.13.79
+a-maximum-rrset.example. 5M IN A 10.0.13.80
+a-maximum-rrset.example. 5M IN A 10.0.13.81
+a-maximum-rrset.example. 5M IN A 10.0.13.82
+a-maximum-rrset.example. 5M IN A 10.0.13.83
+a-maximum-rrset.example. 5M IN A 10.0.13.84
+a-maximum-rrset.example. 5M IN A 10.0.13.85
+a-maximum-rrset.example. 5M IN A 10.0.13.86
+a-maximum-rrset.example. 5M IN A 10.0.13.87
+a-maximum-rrset.example. 5M IN A 10.0.13.88
+a-maximum-rrset.example. 5M IN A 10.0.13.89
+a-maximum-rrset.example. 5M IN A 10.0.13.90
+a-maximum-rrset.example. 5M IN A 10.0.13.91
+a-maximum-rrset.example. 5M IN A 10.0.13.92
+a-maximum-rrset.example. 5M IN A 10.0.13.93
+a-maximum-rrset.example. 5M IN A 10.0.13.94
+a-maximum-rrset.example. 5M IN A 10.0.13.95
+a-maximum-rrset.example. 5M IN A 10.0.13.96
+a-maximum-rrset.example. 5M IN A 10.0.13.97
+a-maximum-rrset.example. 5M IN A 10.0.13.98
+a-maximum-rrset.example. 5M IN A 10.0.13.99
+a-maximum-rrset.example. 5M IN A 10.0.13.100
+a-maximum-rrset.example. 5M IN A 10.0.13.101
+a-maximum-rrset.example. 5M IN A 10.0.13.102
+a-maximum-rrset.example. 5M IN A 10.0.13.103
+a-maximum-rrset.example. 5M IN A 10.0.13.104
+a-maximum-rrset.example. 5M IN A 10.0.13.105
+a-maximum-rrset.example. 5M IN A 10.0.13.106
+a-maximum-rrset.example. 5M IN A 10.0.13.107
+a-maximum-rrset.example. 5M IN A 10.0.13.108
+a-maximum-rrset.example. 5M IN A 10.0.13.109
+a-maximum-rrset.example. 5M IN A 10.0.13.110
+a-maximum-rrset.example. 5M IN A 10.0.13.111
+a-maximum-rrset.example. 5M IN A 10.0.13.112
+a-maximum-rrset.example. 5M IN A 10.0.13.113
+a-maximum-rrset.example. 5M IN A 10.0.13.114
+a-maximum-rrset.example. 5M IN A 10.0.13.115
+a-maximum-rrset.example. 5M IN A 10.0.13.116
+a-maximum-rrset.example. 5M IN A 10.0.13.117
+a-maximum-rrset.example. 5M IN A 10.0.13.118
+a-maximum-rrset.example. 5M IN A 10.0.13.119
+a-maximum-rrset.example. 5M IN A 10.0.13.120
+a-maximum-rrset.example. 5M IN A 10.0.13.121
+a-maximum-rrset.example. 5M IN A 10.0.13.122
+a-maximum-rrset.example. 5M IN A 10.0.13.123
+a-maximum-rrset.example. 5M IN A 10.0.13.124
+a-maximum-rrset.example. 5M IN A 10.0.13.125
+a-maximum-rrset.example. 5M IN A 10.0.13.126
+a-maximum-rrset.example. 5M IN A 10.0.13.127
+a-maximum-rrset.example. 5M IN A 10.0.13.128
+a-maximum-rrset.example. 5M IN A 10.0.13.129
+a-maximum-rrset.example. 5M IN A 10.0.13.130
+a-maximum-rrset.example. 5M IN A 10.0.13.131
+a-maximum-rrset.example. 5M IN A 10.0.13.132
+a-maximum-rrset.example. 5M IN A 10.0.13.133
+a-maximum-rrset.example. 5M IN A 10.0.13.134
+a-maximum-rrset.example. 5M IN A 10.0.13.135
+a-maximum-rrset.example. 5M IN A 10.0.13.136
+a-maximum-rrset.example. 5M IN A 10.0.13.137
+a-maximum-rrset.example. 5M IN A 10.0.13.138
+a-maximum-rrset.example. 5M IN A 10.0.13.139
+a-maximum-rrset.example. 5M IN A 10.0.13.140
+a-maximum-rrset.example. 5M IN A 10.0.13.141
+a-maximum-rrset.example. 5M IN A 10.0.13.142
+a-maximum-rrset.example. 5M IN A 10.0.13.143
+a-maximum-rrset.example. 5M IN A 10.0.13.144
+a-maximum-rrset.example. 5M IN A 10.0.13.145
+a-maximum-rrset.example. 5M IN A 10.0.13.146
+a-maximum-rrset.example. 5M IN A 10.0.13.147
+a-maximum-rrset.example. 5M IN A 10.0.13.148
+a-maximum-rrset.example. 5M IN A 10.0.13.149
+a-maximum-rrset.example. 5M IN A 10.0.13.150
+a-maximum-rrset.example. 5M IN A 10.0.13.151
+a-maximum-rrset.example. 5M IN A 10.0.13.152
+a-maximum-rrset.example. 5M IN A 10.0.13.153
+a-maximum-rrset.example. 5M IN A 10.0.13.154
+a-maximum-rrset.example. 5M IN A 10.0.13.155
+a-maximum-rrset.example. 5M IN A 10.0.13.156
+a-maximum-rrset.example. 5M IN A 10.0.13.157
+a-maximum-rrset.example. 5M IN A 10.0.13.158
+a-maximum-rrset.example. 5M IN A 10.0.13.159
+a-maximum-rrset.example. 5M IN A 10.0.13.160
+a-maximum-rrset.example. 5M IN A 10.0.13.161
+a-maximum-rrset.example. 5M IN A 10.0.13.162
+a-maximum-rrset.example. 5M IN A 10.0.13.163
+a-maximum-rrset.example. 5M IN A 10.0.13.164
+a-maximum-rrset.example. 5M IN A 10.0.13.165
+a-maximum-rrset.example. 5M IN A 10.0.13.166
+a-maximum-rrset.example. 5M IN A 10.0.13.167
+a-maximum-rrset.example. 5M IN A 10.0.13.168
+a-maximum-rrset.example. 5M IN A 10.0.13.169
+a-maximum-rrset.example. 5M IN A 10.0.13.170
+a-maximum-rrset.example. 5M IN A 10.0.13.171
+a-maximum-rrset.example. 5M IN A 10.0.13.172
+a-maximum-rrset.example. 5M IN A 10.0.13.173
+a-maximum-rrset.example. 5M IN A 10.0.13.174
+a-maximum-rrset.example. 5M IN A 10.0.13.175
+a-maximum-rrset.example. 5M IN A 10.0.13.176
+a-maximum-rrset.example. 5M IN A 10.0.13.177
+a-maximum-rrset.example. 5M IN A 10.0.13.178
+a-maximum-rrset.example. 5M IN A 10.0.13.179
+a-maximum-rrset.example. 5M IN A 10.0.13.180
+a-maximum-rrset.example. 5M IN A 10.0.13.181
+a-maximum-rrset.example. 5M IN A 10.0.13.182
+a-maximum-rrset.example. 5M IN A 10.0.13.183
+a-maximum-rrset.example. 5M IN A 10.0.13.184
+a-maximum-rrset.example. 5M IN A 10.0.13.185
+a-maximum-rrset.example. 5M IN A 10.0.13.186
+a-maximum-rrset.example. 5M IN A 10.0.13.187
+a-maximum-rrset.example. 5M IN A 10.0.13.188
+a-maximum-rrset.example. 5M IN A 10.0.13.189
+a-maximum-rrset.example. 5M IN A 10.0.13.190
+a-maximum-rrset.example. 5M IN A 10.0.13.191
+a-maximum-rrset.example. 5M IN A 10.0.13.192
+a-maximum-rrset.example. 5M IN A 10.0.13.193
+a-maximum-rrset.example. 5M IN A 10.0.13.194
+a-maximum-rrset.example. 5M IN A 10.0.13.195
+a-maximum-rrset.example. 5M IN A 10.0.13.196
+a-maximum-rrset.example. 5M IN A 10.0.13.197
+a-maximum-rrset.example. 5M IN A 10.0.13.198
+a-maximum-rrset.example. 5M IN A 10.0.13.199
+a-maximum-rrset.example. 5M IN A 10.0.13.200
+a-maximum-rrset.example. 5M IN A 10.0.13.201
+a-maximum-rrset.example. 5M IN A 10.0.13.202
+a-maximum-rrset.example. 5M IN A 10.0.13.203
+a-maximum-rrset.example. 5M IN A 10.0.13.204
+a-maximum-rrset.example. 5M IN A 10.0.13.205
+a-maximum-rrset.example. 5M IN A 10.0.13.206
+a-maximum-rrset.example. 5M IN A 10.0.13.207
+a-maximum-rrset.example. 5M IN A 10.0.13.208
+a-maximum-rrset.example. 5M IN A 10.0.13.209
+a-maximum-rrset.example. 5M IN A 10.0.13.210
+a-maximum-rrset.example. 5M IN A 10.0.13.211
+a-maximum-rrset.example. 5M IN A 10.0.13.212
+a-maximum-rrset.example. 5M IN A 10.0.13.213
+a-maximum-rrset.example. 5M IN A 10.0.13.214
+a-maximum-rrset.example. 5M IN A 10.0.13.215
+a-maximum-rrset.example. 5M IN A 10.0.13.216
+a-maximum-rrset.example. 5M IN A 10.0.13.217
+a-maximum-rrset.example. 5M IN A 10.0.13.218
+a-maximum-rrset.example. 5M IN A 10.0.13.219
+a-maximum-rrset.example. 5M IN A 10.0.13.220
+a-maximum-rrset.example. 5M IN A 10.0.13.221
+a-maximum-rrset.example. 5M IN A 10.0.13.222
+a-maximum-rrset.example. 5M IN A 10.0.13.223
+a-maximum-rrset.example. 5M IN A 10.0.13.224
+a-maximum-rrset.example. 5M IN A 10.0.13.225
+a-maximum-rrset.example. 5M IN A 10.0.13.226
+a-maximum-rrset.example. 5M IN A 10.0.13.227
+a-maximum-rrset.example. 5M IN A 10.0.13.228
+a-maximum-rrset.example. 5M IN A 10.0.13.229
+a-maximum-rrset.example. 5M IN A 10.0.13.230
+a-maximum-rrset.example. 5M IN A 10.0.13.231
+a-maximum-rrset.example. 5M IN A 10.0.13.232
+a-maximum-rrset.example. 5M IN A 10.0.13.233
+a-maximum-rrset.example. 5M IN A 10.0.13.234
+a-maximum-rrset.example. 5M IN A 10.0.13.235
+a-maximum-rrset.example. 5M IN A 10.0.13.236
+a-maximum-rrset.example. 5M IN A 10.0.13.237
+a-maximum-rrset.example. 5M IN A 10.0.13.238
+a-maximum-rrset.example. 5M IN A 10.0.13.239
+a-maximum-rrset.example. 5M IN A 10.0.13.240
+a-maximum-rrset.example. 5M IN A 10.0.13.241
+a-maximum-rrset.example. 5M IN A 10.0.13.242
+a-maximum-rrset.example. 5M IN A 10.0.13.243
+a-maximum-rrset.example. 5M IN A 10.0.13.244
+a-maximum-rrset.example. 5M IN A 10.0.13.245
+a-maximum-rrset.example. 5M IN A 10.0.13.246
+a-maximum-rrset.example. 5M IN A 10.0.13.247
+a-maximum-rrset.example. 5M IN A 10.0.13.248
+a-maximum-rrset.example. 5M IN A 10.0.13.249
+a-maximum-rrset.example. 5M IN A 10.0.13.250
+a-maximum-rrset.example. 5M IN A 10.0.13.251
+a-maximum-rrset.example. 5M IN A 10.0.13.252
+a-maximum-rrset.example. 5M IN A 10.0.13.253
+a-maximum-rrset.example. 5M IN A 10.0.13.254
+a-maximum-rrset.example. 5M IN A 10.0.13.255
+a-maximum-rrset.example. 5M IN A 10.0.14.0
+a-maximum-rrset.example. 5M IN A 10.0.14.1
+a-maximum-rrset.example. 5M IN A 10.0.14.2
+a-maximum-rrset.example. 5M IN A 10.0.14.3
+a-maximum-rrset.example. 5M IN A 10.0.14.4
+a-maximum-rrset.example. 5M IN A 10.0.14.5
+a-maximum-rrset.example. 5M IN A 10.0.14.6
+a-maximum-rrset.example. 5M IN A 10.0.14.7
+a-maximum-rrset.example. 5M IN A 10.0.14.8
+a-maximum-rrset.example. 5M IN A 10.0.14.9
+a-maximum-rrset.example. 5M IN A 10.0.14.10
+a-maximum-rrset.example. 5M IN A 10.0.14.11
+a-maximum-rrset.example. 5M IN A 10.0.14.12
+a-maximum-rrset.example. 5M IN A 10.0.14.13
+a-maximum-rrset.example. 5M IN A 10.0.14.14
+a-maximum-rrset.example. 5M IN A 10.0.14.15
+a-maximum-rrset.example. 5M IN A 10.0.14.16
+a-maximum-rrset.example. 5M IN A 10.0.14.17
+a-maximum-rrset.example. 5M IN A 10.0.14.18
+a-maximum-rrset.example. 5M IN A 10.0.14.19
+a-maximum-rrset.example. 5M IN A 10.0.14.20
+a-maximum-rrset.example. 5M IN A 10.0.14.21
+a-maximum-rrset.example. 5M IN A 10.0.14.22
+a-maximum-rrset.example. 5M IN A 10.0.14.23
+a-maximum-rrset.example. 5M IN A 10.0.14.24
+a-maximum-rrset.example. 5M IN A 10.0.14.25
+a-maximum-rrset.example. 5M IN A 10.0.14.26
+a-maximum-rrset.example. 5M IN A 10.0.14.27
+a-maximum-rrset.example. 5M IN A 10.0.14.28
+a-maximum-rrset.example. 5M IN A 10.0.14.29
+a-maximum-rrset.example. 5M IN A 10.0.14.30
+a-maximum-rrset.example. 5M IN A 10.0.14.31
+a-maximum-rrset.example. 5M IN A 10.0.14.32
+a-maximum-rrset.example. 5M IN A 10.0.14.33
+a-maximum-rrset.example. 5M IN A 10.0.14.34
+a-maximum-rrset.example. 5M IN A 10.0.14.35
+a-maximum-rrset.example. 5M IN A 10.0.14.36
+a-maximum-rrset.example. 5M IN A 10.0.14.37
+a-maximum-rrset.example. 5M IN A 10.0.14.38
+a-maximum-rrset.example. 5M IN A 10.0.14.39
+a-maximum-rrset.example. 5M IN A 10.0.14.40
+a-maximum-rrset.example. 5M IN A 10.0.14.41
+a-maximum-rrset.example. 5M IN A 10.0.14.42
+a-maximum-rrset.example. 5M IN A 10.0.14.43
+a-maximum-rrset.example. 5M IN A 10.0.14.44
+a-maximum-rrset.example. 5M IN A 10.0.14.45
+a-maximum-rrset.example. 5M IN A 10.0.14.46
+a-maximum-rrset.example. 5M IN A 10.0.14.47
+a-maximum-rrset.example. 5M IN A 10.0.14.48
+a-maximum-rrset.example. 5M IN A 10.0.14.49
+a-maximum-rrset.example. 5M IN A 10.0.14.50
+a-maximum-rrset.example. 5M IN A 10.0.14.51
+a-maximum-rrset.example. 5M IN A 10.0.14.52
+a-maximum-rrset.example. 5M IN A 10.0.14.53
+a-maximum-rrset.example. 5M IN A 10.0.14.54
+a-maximum-rrset.example. 5M IN A 10.0.14.55
+a-maximum-rrset.example. 5M IN A 10.0.14.56
+a-maximum-rrset.example. 5M IN A 10.0.14.57
+a-maximum-rrset.example. 5M IN A 10.0.14.58
+a-maximum-rrset.example. 5M IN A 10.0.14.59
+a-maximum-rrset.example. 5M IN A 10.0.14.60
+a-maximum-rrset.example. 5M IN A 10.0.14.61
+a-maximum-rrset.example. 5M IN A 10.0.14.62
+a-maximum-rrset.example. 5M IN A 10.0.14.63
+a-maximum-rrset.example. 5M IN A 10.0.14.64
+a-maximum-rrset.example. 5M IN A 10.0.14.65
+a-maximum-rrset.example. 5M IN A 10.0.14.66
+a-maximum-rrset.example. 5M IN A 10.0.14.67
+a-maximum-rrset.example. 5M IN A 10.0.14.68
+a-maximum-rrset.example. 5M IN A 10.0.14.69
+a-maximum-rrset.example. 5M IN A 10.0.14.70
+a-maximum-rrset.example. 5M IN A 10.0.14.71
+a-maximum-rrset.example. 5M IN A 10.0.14.72
+a-maximum-rrset.example. 5M IN A 10.0.14.73
+a-maximum-rrset.example. 5M IN A 10.0.14.74
+a-maximum-rrset.example. 5M IN A 10.0.14.75
+a-maximum-rrset.example. 5M IN A 10.0.14.76
+a-maximum-rrset.example. 5M IN A 10.0.14.77
+a-maximum-rrset.example. 5M IN A 10.0.14.78
+a-maximum-rrset.example. 5M IN A 10.0.14.79
+a-maximum-rrset.example. 5M IN A 10.0.14.80
+a-maximum-rrset.example. 5M IN A 10.0.14.81
+a-maximum-rrset.example. 5M IN A 10.0.14.82
+a-maximum-rrset.example. 5M IN A 10.0.14.83
+a-maximum-rrset.example. 5M IN A 10.0.14.84
+a-maximum-rrset.example. 5M IN A 10.0.14.85
+a-maximum-rrset.example. 5M IN A 10.0.14.86
+a-maximum-rrset.example. 5M IN A 10.0.14.87
+a-maximum-rrset.example. 5M IN A 10.0.14.88
+a-maximum-rrset.example. 5M IN A 10.0.14.89
+a-maximum-rrset.example. 5M IN A 10.0.14.90
+a-maximum-rrset.example. 5M IN A 10.0.14.91
+a-maximum-rrset.example. 5M IN A 10.0.14.92
+a-maximum-rrset.example. 5M IN A 10.0.14.93
+a-maximum-rrset.example. 5M IN A 10.0.14.94
+a-maximum-rrset.example. 5M IN A 10.0.14.95
+a-maximum-rrset.example. 5M IN A 10.0.14.96
+a-maximum-rrset.example. 5M IN A 10.0.14.97
+a-maximum-rrset.example. 5M IN A 10.0.14.98
+a-maximum-rrset.example. 5M IN A 10.0.14.99
+a-maximum-rrset.example. 5M IN A 10.0.14.100
+a-maximum-rrset.example. 5M IN A 10.0.14.101
+a-maximum-rrset.example. 5M IN A 10.0.14.102
+a-maximum-rrset.example. 5M IN A 10.0.14.103
+a-maximum-rrset.example. 5M IN A 10.0.14.104
+a-maximum-rrset.example. 5M IN A 10.0.14.105
+a-maximum-rrset.example. 5M IN A 10.0.14.106
+a-maximum-rrset.example. 5M IN A 10.0.14.107
+a-maximum-rrset.example. 5M IN A 10.0.14.108
+a-maximum-rrset.example. 5M IN A 10.0.14.109
+a-maximum-rrset.example. 5M IN A 10.0.14.110
+a-maximum-rrset.example. 5M IN A 10.0.14.111
+a-maximum-rrset.example. 5M IN A 10.0.14.112
+a-maximum-rrset.example. 5M IN A 10.0.14.113
+a-maximum-rrset.example. 5M IN A 10.0.14.114
+a-maximum-rrset.example. 5M IN A 10.0.14.115
+a-maximum-rrset.example. 5M IN A 10.0.14.116
+a-maximum-rrset.example. 5M IN A 10.0.14.117
+a-maximum-rrset.example. 5M IN A 10.0.14.118
+a-maximum-rrset.example. 5M IN A 10.0.14.119
+a-maximum-rrset.example. 5M IN A 10.0.14.120
+a-maximum-rrset.example. 5M IN A 10.0.14.121
+a-maximum-rrset.example. 5M IN A 10.0.14.122
+a-maximum-rrset.example. 5M IN A 10.0.14.123
+a-maximum-rrset.example. 5M IN A 10.0.14.124
+a-maximum-rrset.example. 5M IN A 10.0.14.125
+a-maximum-rrset.example. 5M IN A 10.0.14.126
+a-maximum-rrset.example. 5M IN A 10.0.14.127
+a-maximum-rrset.example. 5M IN A 10.0.14.128
+a-maximum-rrset.example. 5M IN A 10.0.14.129
+a-maximum-rrset.example. 5M IN A 10.0.14.130
+a-maximum-rrset.example. 5M IN A 10.0.14.131
+a-maximum-rrset.example. 5M IN A 10.0.14.132
+a-maximum-rrset.example. 5M IN A 10.0.14.133
+a-maximum-rrset.example. 5M IN A 10.0.14.134
+a-maximum-rrset.example. 5M IN A 10.0.14.135
+a-maximum-rrset.example. 5M IN A 10.0.14.136
+a-maximum-rrset.example. 5M IN A 10.0.14.137
+a-maximum-rrset.example. 5M IN A 10.0.14.138
+a-maximum-rrset.example. 5M IN A 10.0.14.139
+a-maximum-rrset.example. 5M IN A 10.0.14.140
+a-maximum-rrset.example. 5M IN A 10.0.14.141
+a-maximum-rrset.example. 5M IN A 10.0.14.142
+a-maximum-rrset.example. 5M IN A 10.0.14.143
+a-maximum-rrset.example. 5M IN A 10.0.14.144
+a-maximum-rrset.example. 5M IN A 10.0.14.145
+a-maximum-rrset.example. 5M IN A 10.0.14.146
+a-maximum-rrset.example. 5M IN A 10.0.14.147
+a-maximum-rrset.example. 5M IN A 10.0.14.148
+a-maximum-rrset.example. 5M IN A 10.0.14.149
+a-maximum-rrset.example. 5M IN A 10.0.14.150
+a-maximum-rrset.example. 5M IN A 10.0.14.151
+a-maximum-rrset.example. 5M IN A 10.0.14.152
+a-maximum-rrset.example. 5M IN A 10.0.14.153
+a-maximum-rrset.example. 5M IN A 10.0.14.154
+a-maximum-rrset.example. 5M IN A 10.0.14.155
+a-maximum-rrset.example. 5M IN A 10.0.14.156
+a-maximum-rrset.example. 5M IN A 10.0.14.157
+a-maximum-rrset.example. 5M IN A 10.0.14.158
+a-maximum-rrset.example. 5M IN A 10.0.14.159
+a-maximum-rrset.example. 5M IN A 10.0.14.160
+a-maximum-rrset.example. 5M IN A 10.0.14.161
+a-maximum-rrset.example. 5M IN A 10.0.14.162
+a-maximum-rrset.example. 5M IN A 10.0.14.163
+a-maximum-rrset.example. 5M IN A 10.0.14.164
+a-maximum-rrset.example. 5M IN A 10.0.14.165
+a-maximum-rrset.example. 5M IN A 10.0.14.166
+a-maximum-rrset.example. 5M IN A 10.0.14.167
+a-maximum-rrset.example. 5M IN A 10.0.14.168
+a-maximum-rrset.example. 5M IN A 10.0.14.169
+a-maximum-rrset.example. 5M IN A 10.0.14.170
+a-maximum-rrset.example. 5M IN A 10.0.14.171
+a-maximum-rrset.example. 5M IN A 10.0.14.172
+a-maximum-rrset.example. 5M IN A 10.0.14.173
+a-maximum-rrset.example. 5M IN A 10.0.14.174
+a-maximum-rrset.example. 5M IN A 10.0.14.175
+a-maximum-rrset.example. 5M IN A 10.0.14.176
+a-maximum-rrset.example. 5M IN A 10.0.14.177
+a-maximum-rrset.example. 5M IN A 10.0.14.178
+a-maximum-rrset.example. 5M IN A 10.0.14.179
+a-maximum-rrset.example. 5M IN A 10.0.14.180
+a-maximum-rrset.example. 5M IN A 10.0.14.181
+a-maximum-rrset.example. 5M IN A 10.0.14.182
+a-maximum-rrset.example. 5M IN A 10.0.14.183
+a-maximum-rrset.example. 5M IN A 10.0.14.184
+a-maximum-rrset.example. 5M IN A 10.0.14.185
+a-maximum-rrset.example. 5M IN A 10.0.14.186
+a-maximum-rrset.example. 5M IN A 10.0.14.187
+a-maximum-rrset.example. 5M IN A 10.0.14.188
+a-maximum-rrset.example. 5M IN A 10.0.14.189
+a-maximum-rrset.example. 5M IN A 10.0.14.190
+a-maximum-rrset.example. 5M IN A 10.0.14.191
+a-maximum-rrset.example. 5M IN A 10.0.14.192
+a-maximum-rrset.example. 5M IN A 10.0.14.193
+a-maximum-rrset.example. 5M IN A 10.0.14.194
+a-maximum-rrset.example. 5M IN A 10.0.14.195
+a-maximum-rrset.example. 5M IN A 10.0.14.196
+a-maximum-rrset.example. 5M IN A 10.0.14.197
+a-maximum-rrset.example. 5M IN A 10.0.14.198
+a-maximum-rrset.example. 5M IN A 10.0.14.199
+a-maximum-rrset.example. 5M IN A 10.0.14.200
+a-maximum-rrset.example. 5M IN A 10.0.14.201
+a-maximum-rrset.example. 5M IN A 10.0.14.202
+a-maximum-rrset.example. 5M IN A 10.0.14.203
+a-maximum-rrset.example. 5M IN A 10.0.14.204
+a-maximum-rrset.example. 5M IN A 10.0.14.205
+a-maximum-rrset.example. 5M IN A 10.0.14.206
+a-maximum-rrset.example. 5M IN A 10.0.14.207
+a-maximum-rrset.example. 5M IN A 10.0.14.208
+a-maximum-rrset.example. 5M IN A 10.0.14.209
+a-maximum-rrset.example. 5M IN A 10.0.14.210
+a-maximum-rrset.example. 5M IN A 10.0.14.211
+a-maximum-rrset.example. 5M IN A 10.0.14.212
+a-maximum-rrset.example. 5M IN A 10.0.14.213
+a-maximum-rrset.example. 5M IN A 10.0.14.214
+a-maximum-rrset.example. 5M IN A 10.0.14.215
+a-maximum-rrset.example. 5M IN A 10.0.14.216
+a-maximum-rrset.example. 5M IN A 10.0.14.217
+a-maximum-rrset.example. 5M IN A 10.0.14.218
+a-maximum-rrset.example. 5M IN A 10.0.14.219
+a-maximum-rrset.example. 5M IN A 10.0.14.220
+a-maximum-rrset.example. 5M IN A 10.0.14.221
+a-maximum-rrset.example. 5M IN A 10.0.14.222
+a-maximum-rrset.example. 5M IN A 10.0.14.223
+a-maximum-rrset.example. 5M IN A 10.0.14.224
+a-maximum-rrset.example. 5M IN A 10.0.14.225
+a-maximum-rrset.example. 5M IN A 10.0.14.226
+a-maximum-rrset.example. 5M IN A 10.0.14.227
+a-maximum-rrset.example. 5M IN A 10.0.14.228
+a-maximum-rrset.example. 5M IN A 10.0.14.229
+a-maximum-rrset.example. 5M IN A 10.0.14.230
+a-maximum-rrset.example. 5M IN A 10.0.14.231
+a-maximum-rrset.example. 5M IN A 10.0.14.232
+a-maximum-rrset.example. 5M IN A 10.0.14.233
+a-maximum-rrset.example. 5M IN A 10.0.14.234
+a-maximum-rrset.example. 5M IN A 10.0.14.235
+a-maximum-rrset.example. 5M IN A 10.0.14.236
+a-maximum-rrset.example. 5M IN A 10.0.14.237
+a-maximum-rrset.example. 5M IN A 10.0.14.238
+a-maximum-rrset.example. 5M IN A 10.0.14.239
+a-maximum-rrset.example. 5M IN A 10.0.14.240
+a-maximum-rrset.example. 5M IN A 10.0.14.241
+a-maximum-rrset.example. 5M IN A 10.0.14.242
+a-maximum-rrset.example. 5M IN A 10.0.14.243
+a-maximum-rrset.example. 5M IN A 10.0.14.244
+a-maximum-rrset.example. 5M IN A 10.0.14.245
+a-maximum-rrset.example. 5M IN A 10.0.14.246
+a-maximum-rrset.example. 5M IN A 10.0.14.247
+a-maximum-rrset.example. 5M IN A 10.0.14.248
+a-maximum-rrset.example. 5M IN A 10.0.14.249
+a-maximum-rrset.example. 5M IN A 10.0.14.250
+a-maximum-rrset.example. 5M IN A 10.0.14.251
+a-maximum-rrset.example. 5M IN A 10.0.14.252
+a-maximum-rrset.example. 5M IN A 10.0.14.253
+a-maximum-rrset.example. 5M IN A 10.0.14.254
+a-maximum-rrset.example. 5M IN A 10.0.14.255
+a-maximum-rrset.example. 5M IN A 10.0.15.0
+a-maximum-rrset.example. 5M IN A 10.0.15.1
+a-maximum-rrset.example. 5M IN A 10.0.15.2
+a-maximum-rrset.example. 5M IN A 10.0.15.3
+a-maximum-rrset.example. 5M IN A 10.0.15.4
+a-maximum-rrset.example. 5M IN A 10.0.15.5
+a-maximum-rrset.example. 5M IN A 10.0.15.6
+a-maximum-rrset.example. 5M IN A 10.0.15.7
+a-maximum-rrset.example. 5M IN A 10.0.15.8
+a-maximum-rrset.example. 5M IN A 10.0.15.9
+a-maximum-rrset.example. 5M IN A 10.0.15.10
+a-maximum-rrset.example. 5M IN A 10.0.15.11
+a-maximum-rrset.example. 5M IN A 10.0.15.12
+a-maximum-rrset.example. 5M IN A 10.0.15.13
+a-maximum-rrset.example. 5M IN A 10.0.15.14
+a-maximum-rrset.example. 5M IN A 10.0.15.15
+a-maximum-rrset.example. 5M IN A 10.0.15.16
+a-maximum-rrset.example. 5M IN A 10.0.15.17
+a-maximum-rrset.example. 5M IN A 10.0.15.18
+a-maximum-rrset.example. 5M IN A 10.0.15.19
+a-maximum-rrset.example. 5M IN A 10.0.15.20
+a-maximum-rrset.example. 5M IN A 10.0.15.21
+a-maximum-rrset.example. 5M IN A 10.0.15.22
+a-maximum-rrset.example. 5M IN A 10.0.15.23
+a-maximum-rrset.example. 5M IN A 10.0.15.24
+a-maximum-rrset.example. 5M IN A 10.0.15.25
+a-maximum-rrset.example. 5M IN A 10.0.15.26
+a-maximum-rrset.example. 5M IN A 10.0.15.27
+a-maximum-rrset.example. 5M IN A 10.0.15.28
+a-maximum-rrset.example. 5M IN A 10.0.15.29
+a-maximum-rrset.example. 5M IN A 10.0.15.30
+a-maximum-rrset.example. 5M IN A 10.0.15.31
+a-maximum-rrset.example. 5M IN A 10.0.15.32
+a-maximum-rrset.example. 5M IN A 10.0.15.33
+a-maximum-rrset.example. 5M IN A 10.0.15.34
+a-maximum-rrset.example. 5M IN A 10.0.15.35
+a-maximum-rrset.example. 5M IN A 10.0.15.36
+a-maximum-rrset.example. 5M IN A 10.0.15.37
+a-maximum-rrset.example. 5M IN A 10.0.15.38
+a-maximum-rrset.example. 5M IN A 10.0.15.39
+a-maximum-rrset.example. 5M IN A 10.0.15.40
+a-maximum-rrset.example. 5M IN A 10.0.15.41
+a-maximum-rrset.example. 5M IN A 10.0.15.42
+a-maximum-rrset.example. 5M IN A 10.0.15.43
+a-maximum-rrset.example. 5M IN A 10.0.15.44
+a-maximum-rrset.example. 5M IN A 10.0.15.45
+a-maximum-rrset.example. 5M IN A 10.0.15.46
+a-maximum-rrset.example. 5M IN A 10.0.15.47
+a-maximum-rrset.example. 5M IN A 10.0.15.48
+a-maximum-rrset.example. 5M IN A 10.0.15.49
+a-maximum-rrset.example. 5M IN A 10.0.15.50
+a-maximum-rrset.example. 5M IN A 10.0.15.51
+a-maximum-rrset.example. 5M IN A 10.0.15.52
+a-maximum-rrset.example. 5M IN A 10.0.15.53
+a-maximum-rrset.example. 5M IN A 10.0.15.54
+a-maximum-rrset.example. 5M IN A 10.0.15.55
+a-maximum-rrset.example. 5M IN A 10.0.15.56
+a-maximum-rrset.example. 5M IN A 10.0.15.57
+a-maximum-rrset.example. 5M IN A 10.0.15.58
+a-maximum-rrset.example. 5M IN A 10.0.15.59
+a-maximum-rrset.example. 5M IN A 10.0.15.60
+a-maximum-rrset.example. 5M IN A 10.0.15.61
+a-maximum-rrset.example. 5M IN A 10.0.15.62
+a-maximum-rrset.example. 5M IN A 10.0.15.63
+a-maximum-rrset.example. 5M IN A 10.0.15.64
+a-maximum-rrset.example. 5M IN A 10.0.15.65
+a-maximum-rrset.example. 5M IN A 10.0.15.66
+a-maximum-rrset.example. 5M IN A 10.0.15.67
+a-maximum-rrset.example. 5M IN A 10.0.15.68
+a-maximum-rrset.example. 5M IN A 10.0.15.69
+a-maximum-rrset.example. 5M IN A 10.0.15.70
+a-maximum-rrset.example. 5M IN A 10.0.15.71
+a-maximum-rrset.example. 5M IN A 10.0.15.72
+a-maximum-rrset.example. 5M IN A 10.0.15.73
+a-maximum-rrset.example. 5M IN A 10.0.15.74
+a-maximum-rrset.example. 5M IN A 10.0.15.75
+a-maximum-rrset.example. 5M IN A 10.0.15.76
+a-maximum-rrset.example. 5M IN A 10.0.15.77
+a-maximum-rrset.example. 5M IN A 10.0.15.78
+a-maximum-rrset.example. 5M IN A 10.0.15.79
+a-maximum-rrset.example. 5M IN A 10.0.15.80
+a-maximum-rrset.example. 5M IN A 10.0.15.81
+a-maximum-rrset.example. 5M IN A 10.0.15.82
+a-maximum-rrset.example. 5M IN A 10.0.15.83
+a-maximum-rrset.example. 5M IN A 10.0.15.84
+a-maximum-rrset.example. 5M IN A 10.0.15.85
+a-maximum-rrset.example. 5M IN A 10.0.15.86
+a-maximum-rrset.example. 5M IN A 10.0.15.87
+a-maximum-rrset.example. 5M IN A 10.0.15.88
+a-maximum-rrset.example. 5M IN A 10.0.15.89
+a-maximum-rrset.example. 5M IN A 10.0.15.90
+a-maximum-rrset.example. 5M IN A 10.0.15.91
+a-maximum-rrset.example. 5M IN A 10.0.15.92
+a-maximum-rrset.example. 5M IN A 10.0.15.93
+a-maximum-rrset.example. 5M IN A 10.0.15.94
+a-maximum-rrset.example. 5M IN A 10.0.15.95
+a-maximum-rrset.example. 5M IN A 10.0.15.96
+a-maximum-rrset.example. 5M IN A 10.0.15.97
+a-maximum-rrset.example. 5M IN A 10.0.15.98
+a-maximum-rrset.example. 5M IN A 10.0.15.99
+a-maximum-rrset.example. 5M IN A 10.0.15.100
+a-maximum-rrset.example. 5M IN A 10.0.15.101
+a-maximum-rrset.example. 5M IN A 10.0.15.102
+a-maximum-rrset.example. 5M IN A 10.0.15.103
+a-maximum-rrset.example. 5M IN A 10.0.15.104
+a-maximum-rrset.example. 5M IN A 10.0.15.105
+a-maximum-rrset.example. 5M IN A 10.0.15.106
+a-maximum-rrset.example. 5M IN A 10.0.15.107
+a-maximum-rrset.example. 5M IN A 10.0.15.108
+a-maximum-rrset.example. 5M IN A 10.0.15.109
+a-maximum-rrset.example. 5M IN A 10.0.15.110
+a-maximum-rrset.example. 5M IN A 10.0.15.111
+a-maximum-rrset.example. 5M IN A 10.0.15.112
+a-maximum-rrset.example. 5M IN A 10.0.15.113
+a-maximum-rrset.example. 5M IN A 10.0.15.114
+a-maximum-rrset.example. 5M IN A 10.0.15.115
+a-maximum-rrset.example. 5M IN A 10.0.15.116
+a-maximum-rrset.example. 5M IN A 10.0.15.117
+a-maximum-rrset.example. 5M IN A 10.0.15.118
+a-maximum-rrset.example. 5M IN A 10.0.15.119
+a-maximum-rrset.example. 5M IN A 10.0.15.120
+a-maximum-rrset.example. 5M IN A 10.0.15.121
+a-maximum-rrset.example. 5M IN A 10.0.15.122
+a-maximum-rrset.example. 5M IN A 10.0.15.123
+a-maximum-rrset.example. 5M IN A 10.0.15.124
+a-maximum-rrset.example. 5M IN A 10.0.15.125
+a-maximum-rrset.example. 5M IN A 10.0.15.126
+a-maximum-rrset.example. 5M IN A 10.0.15.127
+a-maximum-rrset.example. 5M IN A 10.0.15.128
+a-maximum-rrset.example. 5M IN A 10.0.15.129
+a-maximum-rrset.example. 5M IN A 10.0.15.130
+a-maximum-rrset.example. 5M IN A 10.0.15.131
+a-maximum-rrset.example. 5M IN A 10.0.15.132
+a-maximum-rrset.example. 5M IN A 10.0.15.133
+a-maximum-rrset.example. 5M IN A 10.0.15.134
+a-maximum-rrset.example. 5M IN A 10.0.15.135
+a-maximum-rrset.example. 5M IN A 10.0.15.136
+a-maximum-rrset.example. 5M IN A 10.0.15.137
+a-maximum-rrset.example. 5M IN A 10.0.15.138
+a-maximum-rrset.example. 5M IN A 10.0.15.139
+a-maximum-rrset.example. 5M IN A 10.0.15.140
+a-maximum-rrset.example. 5M IN A 10.0.15.141
+a-maximum-rrset.example. 5M IN A 10.0.15.142
+a-maximum-rrset.example. 5M IN A 10.0.15.143
+a-maximum-rrset.example. 5M IN A 10.0.15.144
+a-maximum-rrset.example. 5M IN A 10.0.15.145
+a-maximum-rrset.example. 5M IN A 10.0.15.146
+a-maximum-rrset.example. 5M IN A 10.0.15.147
+a-maximum-rrset.example. 5M IN A 10.0.15.148
+a-maximum-rrset.example. 5M IN A 10.0.15.149
+a-maximum-rrset.example. 5M IN A 10.0.15.150
+a-maximum-rrset.example. 5M IN A 10.0.15.151
+a-maximum-rrset.example. 5M IN A 10.0.15.152
+a-maximum-rrset.example. 5M IN A 10.0.15.153
+a-maximum-rrset.example. 5M IN A 10.0.15.154
+a-maximum-rrset.example. 5M IN A 10.0.15.155
+a-maximum-rrset.example. 5M IN A 10.0.15.156
+a-maximum-rrset.example. 5M IN A 10.0.15.157
+a-maximum-rrset.example. 5M IN A 10.0.15.158
+a-maximum-rrset.example. 5M IN A 10.0.15.159
+a-maximum-rrset.example. 5M IN A 10.1.0.0
+a-maximum-rrset.example. 5M IN A 10.1.0.1
+a-maximum-rrset.example. 5M IN A 10.1.0.2
+a-maximum-rrset.example. 5M IN A 10.1.0.3
+a-maximum-rrset.example. 5M IN A 10.1.0.4
+a-maximum-rrset.example. 5M IN A 10.1.0.5
+a-maximum-rrset.example. 5M IN A 10.1.0.6
+a-maximum-rrset.example. 5M IN A 10.1.0.7
+a-maximum-rrset.example. 5M IN A 10.1.0.8
+a-maximum-rrset.example. 5M IN A 10.1.0.9
+a-maximum-rrset.example. 5M IN A 10.1.0.10
+a-maximum-rrset.example. 5M IN A 10.1.0.11
+a-maximum-rrset.example. 5M IN A 10.1.0.12
+a-maximum-rrset.example. 5M IN A 10.1.0.13
+a-maximum-rrset.example. 5M IN A 10.1.0.14
+a-maximum-rrset.example. 5M IN A 10.1.0.15
+a-maximum-rrset.example. 5M IN A 10.1.0.16
+a-maximum-rrset.example. 5M IN A 10.1.0.17
+a-maximum-rrset.example. 5M IN A 10.1.0.18
+a-maximum-rrset.example. 5M IN A 10.1.0.19
+a-maximum-rrset.example. 5M IN A 10.1.0.20
+a-maximum-rrset.example. 5M IN A 10.1.0.21
+a-maximum-rrset.example. 5M IN A 10.1.0.22
+a-maximum-rrset.example. 5M IN A 10.1.0.23
+a-maximum-rrset.example. 5M IN A 10.1.0.24
+a-maximum-rrset.example. 5M IN A 10.1.0.25
+a-maximum-rrset.example. 5M IN A 10.1.0.26
+a-maximum-rrset.example. 5M IN A 10.1.0.27
+a-maximum-rrset.example. 5M IN A 10.1.0.28
+a-maximum-rrset.example. 5M IN A 10.1.0.29
+a-maximum-rrset.example. 5M IN A 10.1.0.30
+a-maximum-rrset.example. 5M IN A 10.1.0.31
+a-maximum-rrset.example. 5M IN A 10.1.0.32
+a-maximum-rrset.example. 5M IN A 10.1.0.33
+a-maximum-rrset.example. 5M IN A 10.1.0.34
+a-maximum-rrset.example. 5M IN A 10.1.0.35
+a-maximum-rrset.example. 5M IN A 10.1.0.36
+a-maximum-rrset.example. 5M IN A 10.1.0.37
+a-maximum-rrset.example. 5M IN A 10.1.0.38
+a-maximum-rrset.example. 5M IN A 10.1.0.39
+a-maximum-rrset.example. 5M IN A 10.1.0.40
+a-maximum-rrset.example. 5M IN A 10.1.0.41
+a-maximum-rrset.example. 5M IN A 10.1.0.42
+a-maximum-rrset.example. 5M IN A 10.1.0.43
+a-maximum-rrset.example. 5M IN A 10.1.0.44
+a-maximum-rrset.example. 5M IN A 10.1.0.45
+a-maximum-rrset.example. 5M IN A 10.1.0.46
+a-maximum-rrset.example. 5M IN A 10.1.0.47
+a-maximum-rrset.example. 5M IN A 10.1.0.48
+a-maximum-rrset.example. 5M IN A 10.1.0.49
+a-maximum-rrset.example. 5M IN A 10.1.0.50
+a-maximum-rrset.example. 5M IN A 10.1.0.51
+a-maximum-rrset.example. 5M IN A 10.1.0.52
+a-maximum-rrset.example. 5M IN A 10.1.0.53
+a-maximum-rrset.example. 5M IN A 10.1.0.54
+a-maximum-rrset.example. 5M IN A 10.1.0.55
+a-maximum-rrset.example. 5M IN A 10.1.0.56
+a-maximum-rrset.example. 5M IN A 10.1.0.57
+a-maximum-rrset.example. 5M IN A 10.1.0.58
+a-maximum-rrset.example. 5M IN A 10.1.0.59
+a-maximum-rrset.example. 5M IN A 10.1.0.60
+a-maximum-rrset.example. 5M IN A 10.1.0.61
+a-maximum-rrset.example. 5M IN A 10.1.0.62
+a-maximum-rrset.example. 5M IN A 10.1.0.63
+a-maximum-rrset.example. 5M IN A 10.1.0.64
+a-maximum-rrset.example. 5M IN A 10.1.0.65
+a-maximum-rrset.example. 5M IN A 10.1.0.66
+a-maximum-rrset.example. 5M IN A 10.1.0.67
+a-maximum-rrset.example. 5M IN A 10.1.0.68
+a-maximum-rrset.example. 5M IN A 10.1.0.69
+a-maximum-rrset.example. 5M IN A 10.1.0.70
+a-maximum-rrset.example. 5M IN A 10.1.0.71
+a-maximum-rrset.example. 5M IN A 10.1.0.72
+a-maximum-rrset.example. 5M IN A 10.1.0.73
+a-maximum-rrset.example. 5M IN A 10.1.0.74
+a-maximum-rrset.example. 5M IN A 10.1.0.75
+a-maximum-rrset.example. 5M IN A 10.1.0.76
+a-maximum-rrset.example. 5M IN A 10.1.0.77
+a-maximum-rrset.example. 5M IN A 10.1.0.78
+a-maximum-rrset.example. 5M IN A 10.1.0.79
+a-maximum-rrset.example. 5M IN A 10.1.0.80
+a-maximum-rrset.example. 5M IN A 10.1.0.81
+a-maximum-rrset.example. 5M IN A 10.1.0.82
+a-maximum-rrset.example. 5M IN A 10.1.0.83
+a-maximum-rrset.example. 5M IN A 10.1.0.84
+a-maximum-rrset.example. 5M IN A 10.1.0.85
+a-maximum-rrset.example. 5M IN A 10.1.0.86
+a-maximum-rrset.example. 5M IN A 10.1.0.87
+a-maximum-rrset.example. 5M IN A 10.1.0.88
+a-maximum-rrset.example. 5M IN A 10.1.0.89
+a-maximum-rrset.example. 5M IN A 10.1.0.90
+
+;; AUTHORITY SECTION:
+example. 5M IN NS ns1.example.
+
+;; ADDITIONAL SECTION:
+ns1.example. 5M IN A 10.53.0.1
+
+;; Total query time: 308 msec
+;; FROM: draco to SERVER: 10.53.0.1
+;; WHEN: Fri Jun 23 12:58:22 2000
+;; MSG SIZE sent: 41 rcvd: 65535
+
diff --git a/bin/tests/system/limits/ns1/example.db b/bin/tests/system/limits/ns1/example.db
new file mode 100644
index 0000000..836b766
--- /dev/null
+++ b/bin/tests/system/limits/ns1/example.db
@@ -0,0 +1,19118 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.10 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns1.example. hostmaster.example. (
+ 2000042795 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+@ NS ns1.example.
+ns1 A 10.53.0.1
+1000 A 10.0.0.0
+ A 10.0.0.1
+ A 10.0.0.2
+ A 10.0.0.3
+ A 10.0.0.4
+ A 10.0.0.5
+ A 10.0.0.6
+ A 10.0.0.7
+ A 10.0.0.8
+ A 10.0.0.9
+ A 10.0.0.10
+ A 10.0.0.11
+ A 10.0.0.12
+ A 10.0.0.13
+ A 10.0.0.14
+ A 10.0.0.15
+ A 10.0.0.16
+ A 10.0.0.17
+ A 10.0.0.18
+ A 10.0.0.19
+ A 10.0.0.20
+ A 10.0.0.21
+ A 10.0.0.22
+ A 10.0.0.23
+ A 10.0.0.24
+ A 10.0.0.25
+ A 10.0.0.26
+ A 10.0.0.27
+ A 10.0.0.28
+ A 10.0.0.29
+ A 10.0.0.30
+ A 10.0.0.31
+ A 10.0.0.32
+ A 10.0.0.33
+ A 10.0.0.34
+ A 10.0.0.35
+ A 10.0.0.36
+ A 10.0.0.37
+ A 10.0.0.38
+ A 10.0.0.39
+ A 10.0.0.40
+ A 10.0.0.41
+ A 10.0.0.42
+ A 10.0.0.43
+ A 10.0.0.44
+ A 10.0.0.45
+ A 10.0.0.46
+ A 10.0.0.47
+ A 10.0.0.48
+ A 10.0.0.49
+ A 10.0.0.50
+ A 10.0.0.51
+ A 10.0.0.52
+ A 10.0.0.53
+ A 10.0.0.54
+ A 10.0.0.55
+ A 10.0.0.56
+ A 10.0.0.57
+ A 10.0.0.58
+ A 10.0.0.59
+ A 10.0.0.60
+ A 10.0.0.61
+ A 10.0.0.62
+ A 10.0.0.63
+ A 10.0.0.64
+ A 10.0.0.65
+ A 10.0.0.66
+ A 10.0.0.67
+ A 10.0.0.68
+ A 10.0.0.69
+ A 10.0.0.70
+ A 10.0.0.71
+ A 10.0.0.72
+ A 10.0.0.73
+ A 10.0.0.74
+ A 10.0.0.75
+ A 10.0.0.76
+ A 10.0.0.77
+ A 10.0.0.78
+ A 10.0.0.79
+ A 10.0.0.80
+ A 10.0.0.81
+ A 10.0.0.82
+ A 10.0.0.83
+ A 10.0.0.84
+ A 10.0.0.85
+ A 10.0.0.86
+ A 10.0.0.87
+ A 10.0.0.88
+ A 10.0.0.89
+ A 10.0.0.90
+ A 10.0.0.91
+ A 10.0.0.92
+ A 10.0.0.93
+ A 10.0.0.94
+ A 10.0.0.95
+ A 10.0.0.96
+ A 10.0.0.97
+ A 10.0.0.98
+ A 10.0.0.99
+ A 10.0.0.100
+ A 10.0.0.101
+ A 10.0.0.102
+ A 10.0.0.103
+ A 10.0.0.104
+ A 10.0.0.105
+ A 10.0.0.106
+ A 10.0.0.107
+ A 10.0.0.108
+ A 10.0.0.109
+ A 10.0.0.110
+ A 10.0.0.111
+ A 10.0.0.112
+ A 10.0.0.113
+ A 10.0.0.114
+ A 10.0.0.115
+ A 10.0.0.116
+ A 10.0.0.117
+ A 10.0.0.118
+ A 10.0.0.119
+ A 10.0.0.120
+ A 10.0.0.121
+ A 10.0.0.122
+ A 10.0.0.123
+ A 10.0.0.124
+ A 10.0.0.125
+ A 10.0.0.126
+ A 10.0.0.127
+ A 10.0.0.128
+ A 10.0.0.129
+ A 10.0.0.130
+ A 10.0.0.131
+ A 10.0.0.132
+ A 10.0.0.133
+ A 10.0.0.134
+ A 10.0.0.135
+ A 10.0.0.136
+ A 10.0.0.137
+ A 10.0.0.138
+ A 10.0.0.139
+ A 10.0.0.140
+ A 10.0.0.141
+ A 10.0.0.142
+ A 10.0.0.143
+ A 10.0.0.144
+ A 10.0.0.145
+ A 10.0.0.146
+ A 10.0.0.147
+ A 10.0.0.148
+ A 10.0.0.149
+ A 10.0.0.150
+ A 10.0.0.151
+ A 10.0.0.152
+ A 10.0.0.153
+ A 10.0.0.154
+ A 10.0.0.155
+ A 10.0.0.156
+ A 10.0.0.157
+ A 10.0.0.158
+ A 10.0.0.159
+ A 10.0.0.160
+ A 10.0.0.161
+ A 10.0.0.162
+ A 10.0.0.163
+ A 10.0.0.164
+ A 10.0.0.165
+ A 10.0.0.166
+ A 10.0.0.167
+ A 10.0.0.168
+ A 10.0.0.169
+ A 10.0.0.170
+ A 10.0.0.171
+ A 10.0.0.172
+ A 10.0.0.173
+ A 10.0.0.174
+ A 10.0.0.175
+ A 10.0.0.176
+ A 10.0.0.177
+ A 10.0.0.178
+ A 10.0.0.179
+ A 10.0.0.180
+ A 10.0.0.181
+ A 10.0.0.182
+ A 10.0.0.183
+ A 10.0.0.184
+ A 10.0.0.185
+ A 10.0.0.186
+ A 10.0.0.187
+ A 10.0.0.188
+ A 10.0.0.189
+ A 10.0.0.190
+ A 10.0.0.191
+ A 10.0.0.192
+ A 10.0.0.193
+ A 10.0.0.194
+ A 10.0.0.195
+ A 10.0.0.196
+ A 10.0.0.197
+ A 10.0.0.198
+ A 10.0.0.199
+ A 10.0.0.200
+ A 10.0.0.201
+ A 10.0.0.202
+ A 10.0.0.203
+ A 10.0.0.204
+ A 10.0.0.205
+ A 10.0.0.206
+ A 10.0.0.207
+ A 10.0.0.208
+ A 10.0.0.209
+ A 10.0.0.210
+ A 10.0.0.211
+ A 10.0.0.212
+ A 10.0.0.213
+ A 10.0.0.214
+ A 10.0.0.215
+ A 10.0.0.216
+ A 10.0.0.217
+ A 10.0.0.218
+ A 10.0.0.219
+ A 10.0.0.220
+ A 10.0.0.221
+ A 10.0.0.222
+ A 10.0.0.223
+ A 10.0.0.224
+ A 10.0.0.225
+ A 10.0.0.226
+ A 10.0.0.227
+ A 10.0.0.228
+ A 10.0.0.229
+ A 10.0.0.230
+ A 10.0.0.231
+ A 10.0.0.232
+ A 10.0.0.233
+ A 10.0.0.234
+ A 10.0.0.235
+ A 10.0.0.236
+ A 10.0.0.237
+ A 10.0.0.238
+ A 10.0.0.239
+ A 10.0.0.240
+ A 10.0.0.241
+ A 10.0.0.242
+ A 10.0.0.243
+ A 10.0.0.244
+ A 10.0.0.245
+ A 10.0.0.246
+ A 10.0.0.247
+ A 10.0.0.248
+ A 10.0.0.249
+ A 10.0.0.250
+ A 10.0.0.251
+ A 10.0.0.252
+ A 10.0.0.253
+ A 10.0.0.254
+ A 10.0.0.255
+ A 10.0.1.0
+ A 10.0.1.1
+ A 10.0.1.2
+ A 10.0.1.3
+ A 10.0.1.4
+ A 10.0.1.5
+ A 10.0.1.6
+ A 10.0.1.7
+ A 10.0.1.8
+ A 10.0.1.9
+ A 10.0.1.10
+ A 10.0.1.11
+ A 10.0.1.12
+ A 10.0.1.13
+ A 10.0.1.14
+ A 10.0.1.15
+ A 10.0.1.16
+ A 10.0.1.17
+ A 10.0.1.18
+ A 10.0.1.19
+ A 10.0.1.20
+ A 10.0.1.21
+ A 10.0.1.22
+ A 10.0.1.23
+ A 10.0.1.24
+ A 10.0.1.25
+ A 10.0.1.26
+ A 10.0.1.27
+ A 10.0.1.28
+ A 10.0.1.29
+ A 10.0.1.30
+ A 10.0.1.31
+ A 10.0.1.32
+ A 10.0.1.33
+ A 10.0.1.34
+ A 10.0.1.35
+ A 10.0.1.36
+ A 10.0.1.37
+ A 10.0.1.38
+ A 10.0.1.39
+ A 10.0.1.40
+ A 10.0.1.41
+ A 10.0.1.42
+ A 10.0.1.43
+ A 10.0.1.44
+ A 10.0.1.45
+ A 10.0.1.46
+ A 10.0.1.47
+ A 10.0.1.48
+ A 10.0.1.49
+ A 10.0.1.50
+ A 10.0.1.51
+ A 10.0.1.52
+ A 10.0.1.53
+ A 10.0.1.54
+ A 10.0.1.55
+ A 10.0.1.56
+ A 10.0.1.57
+ A 10.0.1.58
+ A 10.0.1.59
+ A 10.0.1.60
+ A 10.0.1.61
+ A 10.0.1.62
+ A 10.0.1.63
+ A 10.0.1.64
+ A 10.0.1.65
+ A 10.0.1.66
+ A 10.0.1.67
+ A 10.0.1.68
+ A 10.0.1.69
+ A 10.0.1.70
+ A 10.0.1.71
+ A 10.0.1.72
+ A 10.0.1.73
+ A 10.0.1.74
+ A 10.0.1.75
+ A 10.0.1.76
+ A 10.0.1.77
+ A 10.0.1.78
+ A 10.0.1.79
+ A 10.0.1.80
+ A 10.0.1.81
+ A 10.0.1.82
+ A 10.0.1.83
+ A 10.0.1.84
+ A 10.0.1.85
+ A 10.0.1.86
+ A 10.0.1.87
+ A 10.0.1.88
+ A 10.0.1.89
+ A 10.0.1.90
+ A 10.0.1.91
+ A 10.0.1.92
+ A 10.0.1.93
+ A 10.0.1.94
+ A 10.0.1.95
+ A 10.0.1.96
+ A 10.0.1.97
+ A 10.0.1.98
+ A 10.0.1.99
+ A 10.0.1.100
+ A 10.0.1.101
+ A 10.0.1.102
+ A 10.0.1.103
+ A 10.0.1.104
+ A 10.0.1.105
+ A 10.0.1.106
+ A 10.0.1.107
+ A 10.0.1.108
+ A 10.0.1.109
+ A 10.0.1.110
+ A 10.0.1.111
+ A 10.0.1.112
+ A 10.0.1.113
+ A 10.0.1.114
+ A 10.0.1.115
+ A 10.0.1.116
+ A 10.0.1.117
+ A 10.0.1.118
+ A 10.0.1.119
+ A 10.0.1.120
+ A 10.0.1.121
+ A 10.0.1.122
+ A 10.0.1.123
+ A 10.0.1.124
+ A 10.0.1.125
+ A 10.0.1.126
+ A 10.0.1.127
+ A 10.0.1.128
+ A 10.0.1.129
+ A 10.0.1.130
+ A 10.0.1.131
+ A 10.0.1.132
+ A 10.0.1.133
+ A 10.0.1.134
+ A 10.0.1.135
+ A 10.0.1.136
+ A 10.0.1.137
+ A 10.0.1.138
+ A 10.0.1.139
+ A 10.0.1.140
+ A 10.0.1.141
+ A 10.0.1.142
+ A 10.0.1.143
+ A 10.0.1.144
+ A 10.0.1.145
+ A 10.0.1.146
+ A 10.0.1.147
+ A 10.0.1.148
+ A 10.0.1.149
+ A 10.0.1.150
+ A 10.0.1.151
+ A 10.0.1.152
+ A 10.0.1.153
+ A 10.0.1.154
+ A 10.0.1.155
+ A 10.0.1.156
+ A 10.0.1.157
+ A 10.0.1.158
+ A 10.0.1.159
+ A 10.0.1.160
+ A 10.0.1.161
+ A 10.0.1.162
+ A 10.0.1.163
+ A 10.0.1.164
+ A 10.0.1.165
+ A 10.0.1.166
+ A 10.0.1.167
+ A 10.0.1.168
+ A 10.0.1.169
+ A 10.0.1.170
+ A 10.0.1.171
+ A 10.0.1.172
+ A 10.0.1.173
+ A 10.0.1.174
+ A 10.0.1.175
+ A 10.0.1.176
+ A 10.0.1.177
+ A 10.0.1.178
+ A 10.0.1.179
+ A 10.0.1.180
+ A 10.0.1.181
+ A 10.0.1.182
+ A 10.0.1.183
+ A 10.0.1.184
+ A 10.0.1.185
+ A 10.0.1.186
+ A 10.0.1.187
+ A 10.0.1.188
+ A 10.0.1.189
+ A 10.0.1.190
+ A 10.0.1.191
+ A 10.0.1.192
+ A 10.0.1.193
+ A 10.0.1.194
+ A 10.0.1.195
+ A 10.0.1.196
+ A 10.0.1.197
+ A 10.0.1.198
+ A 10.0.1.199
+ A 10.0.1.200
+ A 10.0.1.201
+ A 10.0.1.202
+ A 10.0.1.203
+ A 10.0.1.204
+ A 10.0.1.205
+ A 10.0.1.206
+ A 10.0.1.207
+ A 10.0.1.208
+ A 10.0.1.209
+ A 10.0.1.210
+ A 10.0.1.211
+ A 10.0.1.212
+ A 10.0.1.213
+ A 10.0.1.214
+ A 10.0.1.215
+ A 10.0.1.216
+ A 10.0.1.217
+ A 10.0.1.218
+ A 10.0.1.219
+ A 10.0.1.220
+ A 10.0.1.221
+ A 10.0.1.222
+ A 10.0.1.223
+ A 10.0.1.224
+ A 10.0.1.225
+ A 10.0.1.226
+ A 10.0.1.227
+ A 10.0.1.228
+ A 10.0.1.229
+ A 10.0.1.230
+ A 10.0.1.231
+ A 10.0.1.232
+ A 10.0.1.233
+ A 10.0.1.234
+ A 10.0.1.235
+ A 10.0.1.236
+ A 10.0.1.237
+ A 10.0.1.238
+ A 10.0.1.239
+ A 10.0.1.240
+ A 10.0.1.241
+ A 10.0.1.242
+ A 10.0.1.243
+ A 10.0.1.244
+ A 10.0.1.245
+ A 10.0.1.246
+ A 10.0.1.247
+ A 10.0.1.248
+ A 10.0.1.249
+ A 10.0.1.250
+ A 10.0.1.251
+ A 10.0.1.252
+ A 10.0.1.253
+ A 10.0.1.254
+ A 10.0.1.255
+ A 10.0.2.0
+ A 10.0.2.1
+ A 10.0.2.2
+ A 10.0.2.3
+ A 10.0.2.4
+ A 10.0.2.5
+ A 10.0.2.6
+ A 10.0.2.7
+ A 10.0.2.8
+ A 10.0.2.9
+ A 10.0.2.10
+ A 10.0.2.11
+ A 10.0.2.12
+ A 10.0.2.13
+ A 10.0.2.14
+ A 10.0.2.15
+ A 10.0.2.16
+ A 10.0.2.17
+ A 10.0.2.18
+ A 10.0.2.19
+ A 10.0.2.20
+ A 10.0.2.21
+ A 10.0.2.22
+ A 10.0.2.23
+ A 10.0.2.24
+ A 10.0.2.25
+ A 10.0.2.26
+ A 10.0.2.27
+ A 10.0.2.28
+ A 10.0.2.29
+ A 10.0.2.30
+ A 10.0.2.31
+ A 10.0.2.32
+ A 10.0.2.33
+ A 10.0.2.34
+ A 10.0.2.35
+ A 10.0.2.36
+ A 10.0.2.37
+ A 10.0.2.38
+ A 10.0.2.39
+ A 10.0.2.40
+ A 10.0.2.41
+ A 10.0.2.42
+ A 10.0.2.43
+ A 10.0.2.44
+ A 10.0.2.45
+ A 10.0.2.46
+ A 10.0.2.47
+ A 10.0.2.48
+ A 10.0.2.49
+ A 10.0.2.50
+ A 10.0.2.51
+ A 10.0.2.52
+ A 10.0.2.53
+ A 10.0.2.54
+ A 10.0.2.55
+ A 10.0.2.56
+ A 10.0.2.57
+ A 10.0.2.58
+ A 10.0.2.59
+ A 10.0.2.60
+ A 10.0.2.61
+ A 10.0.2.62
+ A 10.0.2.63
+ A 10.0.2.64
+ A 10.0.2.65
+ A 10.0.2.66
+ A 10.0.2.67
+ A 10.0.2.68
+ A 10.0.2.69
+ A 10.0.2.70
+ A 10.0.2.71
+ A 10.0.2.72
+ A 10.0.2.73
+ A 10.0.2.74
+ A 10.0.2.75
+ A 10.0.2.76
+ A 10.0.2.77
+ A 10.0.2.78
+ A 10.0.2.79
+ A 10.0.2.80
+ A 10.0.2.81
+ A 10.0.2.82
+ A 10.0.2.83
+ A 10.0.2.84
+ A 10.0.2.85
+ A 10.0.2.86
+ A 10.0.2.87
+ A 10.0.2.88
+ A 10.0.2.89
+ A 10.0.2.90
+ A 10.0.2.91
+ A 10.0.2.92
+ A 10.0.2.93
+ A 10.0.2.94
+ A 10.0.2.95
+ A 10.0.2.96
+ A 10.0.2.97
+ A 10.0.2.98
+ A 10.0.2.99
+ A 10.0.2.100
+ A 10.0.2.101
+ A 10.0.2.102
+ A 10.0.2.103
+ A 10.0.2.104
+ A 10.0.2.105
+ A 10.0.2.106
+ A 10.0.2.107
+ A 10.0.2.108
+ A 10.0.2.109
+ A 10.0.2.110
+ A 10.0.2.111
+ A 10.0.2.112
+ A 10.0.2.113
+ A 10.0.2.114
+ A 10.0.2.115
+ A 10.0.2.116
+ A 10.0.2.117
+ A 10.0.2.118
+ A 10.0.2.119
+ A 10.0.2.120
+ A 10.0.2.121
+ A 10.0.2.122
+ A 10.0.2.123
+ A 10.0.2.124
+ A 10.0.2.125
+ A 10.0.2.126
+ A 10.0.2.127
+ A 10.0.2.128
+ A 10.0.2.129
+ A 10.0.2.130
+ A 10.0.2.131
+ A 10.0.2.132
+ A 10.0.2.133
+ A 10.0.2.134
+ A 10.0.2.135
+ A 10.0.2.136
+ A 10.0.2.137
+ A 10.0.2.138
+ A 10.0.2.139
+ A 10.0.2.140
+ A 10.0.2.141
+ A 10.0.2.142
+ A 10.0.2.143
+ A 10.0.2.144
+ A 10.0.2.145
+ A 10.0.2.146
+ A 10.0.2.147
+ A 10.0.2.148
+ A 10.0.2.149
+ A 10.0.2.150
+ A 10.0.2.151
+ A 10.0.2.152
+ A 10.0.2.153
+ A 10.0.2.154
+ A 10.0.2.155
+ A 10.0.2.156
+ A 10.0.2.157
+ A 10.0.2.158
+ A 10.0.2.159
+ A 10.0.2.160
+ A 10.0.2.161
+ A 10.0.2.162
+ A 10.0.2.163
+ A 10.0.2.164
+ A 10.0.2.165
+ A 10.0.2.166
+ A 10.0.2.167
+ A 10.0.2.168
+ A 10.0.2.169
+ A 10.0.2.170
+ A 10.0.2.171
+ A 10.0.2.172
+ A 10.0.2.173
+ A 10.0.2.174
+ A 10.0.2.175
+ A 10.0.2.176
+ A 10.0.2.177
+ A 10.0.2.178
+ A 10.0.2.179
+ A 10.0.2.180
+ A 10.0.2.181
+ A 10.0.2.182
+ A 10.0.2.183
+ A 10.0.2.184
+ A 10.0.2.185
+ A 10.0.2.186
+ A 10.0.2.187
+ A 10.0.2.188
+ A 10.0.2.189
+ A 10.0.2.190
+ A 10.0.2.191
+ A 10.0.2.192
+ A 10.0.2.193
+ A 10.0.2.194
+ A 10.0.2.195
+ A 10.0.2.196
+ A 10.0.2.197
+ A 10.0.2.198
+ A 10.0.2.199
+ A 10.0.2.200
+ A 10.0.2.201
+ A 10.0.2.202
+ A 10.0.2.203
+ A 10.0.2.204
+ A 10.0.2.205
+ A 10.0.2.206
+ A 10.0.2.207
+ A 10.0.2.208
+ A 10.0.2.209
+ A 10.0.2.210
+ A 10.0.2.211
+ A 10.0.2.212
+ A 10.0.2.213
+ A 10.0.2.214
+ A 10.0.2.215
+ A 10.0.2.216
+ A 10.0.2.217
+ A 10.0.2.218
+ A 10.0.2.219
+ A 10.0.2.220
+ A 10.0.2.221
+ A 10.0.2.222
+ A 10.0.2.223
+ A 10.0.2.224
+ A 10.0.2.225
+ A 10.0.2.226
+ A 10.0.2.227
+ A 10.0.2.228
+ A 10.0.2.229
+ A 10.0.2.230
+ A 10.0.2.231
+ A 10.0.2.232
+ A 10.0.2.233
+ A 10.0.2.234
+ A 10.0.2.235
+ A 10.0.2.236
+ A 10.0.2.237
+ A 10.0.2.238
+ A 10.0.2.239
+ A 10.0.2.240
+ A 10.0.2.241
+ A 10.0.2.242
+ A 10.0.2.243
+ A 10.0.2.244
+ A 10.0.2.245
+ A 10.0.2.246
+ A 10.0.2.247
+ A 10.0.2.248
+ A 10.0.2.249
+ A 10.0.2.250
+ A 10.0.2.251
+ A 10.0.2.252
+ A 10.0.2.253
+ A 10.0.2.254
+ A 10.0.2.255
+ A 10.0.3.0
+ A 10.0.3.1
+ A 10.0.3.2
+ A 10.0.3.3
+ A 10.0.3.4
+ A 10.0.3.5
+ A 10.0.3.6
+ A 10.0.3.7
+ A 10.0.3.8
+ A 10.0.3.9
+ A 10.0.3.10
+ A 10.0.3.11
+ A 10.0.3.12
+ A 10.0.3.13
+ A 10.0.3.14
+ A 10.0.3.15
+ A 10.0.3.16
+ A 10.0.3.17
+ A 10.0.3.18
+ A 10.0.3.19
+ A 10.0.3.20
+ A 10.0.3.21
+ A 10.0.3.22
+ A 10.0.3.23
+ A 10.0.3.24
+ A 10.0.3.25
+ A 10.0.3.26
+ A 10.0.3.27
+ A 10.0.3.28
+ A 10.0.3.29
+ A 10.0.3.30
+ A 10.0.3.31
+ A 10.0.3.32
+ A 10.0.3.33
+ A 10.0.3.34
+ A 10.0.3.35
+ A 10.0.3.36
+ A 10.0.3.37
+ A 10.0.3.38
+ A 10.0.3.39
+ A 10.0.3.40
+ A 10.0.3.41
+ A 10.0.3.42
+ A 10.0.3.43
+ A 10.0.3.44
+ A 10.0.3.45
+ A 10.0.3.46
+ A 10.0.3.47
+ A 10.0.3.48
+ A 10.0.3.49
+ A 10.0.3.50
+ A 10.0.3.51
+ A 10.0.3.52
+ A 10.0.3.53
+ A 10.0.3.54
+ A 10.0.3.55
+ A 10.0.3.56
+ A 10.0.3.57
+ A 10.0.3.58
+ A 10.0.3.59
+ A 10.0.3.60
+ A 10.0.3.61
+ A 10.0.3.62
+ A 10.0.3.63
+ A 10.0.3.64
+ A 10.0.3.65
+ A 10.0.3.66
+ A 10.0.3.67
+ A 10.0.3.68
+ A 10.0.3.69
+ A 10.0.3.70
+ A 10.0.3.71
+ A 10.0.3.72
+ A 10.0.3.73
+ A 10.0.3.74
+ A 10.0.3.75
+ A 10.0.3.76
+ A 10.0.3.77
+ A 10.0.3.78
+ A 10.0.3.79
+ A 10.0.3.80
+ A 10.0.3.81
+ A 10.0.3.82
+ A 10.0.3.83
+ A 10.0.3.84
+ A 10.0.3.85
+ A 10.0.3.86
+ A 10.0.3.87
+ A 10.0.3.88
+ A 10.0.3.89
+ A 10.0.3.90
+ A 10.0.3.91
+ A 10.0.3.92
+ A 10.0.3.93
+ A 10.0.3.94
+ A 10.0.3.95
+ A 10.0.3.96
+ A 10.0.3.97
+ A 10.0.3.98
+ A 10.0.3.99
+ A 10.0.3.100
+ A 10.0.3.101
+ A 10.0.3.102
+ A 10.0.3.103
+ A 10.0.3.104
+ A 10.0.3.105
+ A 10.0.3.106
+ A 10.0.3.107
+ A 10.0.3.108
+ A 10.0.3.109
+ A 10.0.3.110
+ A 10.0.3.111
+ A 10.0.3.112
+ A 10.0.3.113
+ A 10.0.3.114
+ A 10.0.3.115
+ A 10.0.3.116
+ A 10.0.3.117
+ A 10.0.3.118
+ A 10.0.3.119
+ A 10.0.3.120
+ A 10.0.3.121
+ A 10.0.3.122
+ A 10.0.3.123
+ A 10.0.3.124
+ A 10.0.3.125
+ A 10.0.3.126
+ A 10.0.3.127
+ A 10.0.3.128
+ A 10.0.3.129
+ A 10.0.3.130
+ A 10.0.3.131
+ A 10.0.3.132
+ A 10.0.3.133
+ A 10.0.3.134
+ A 10.0.3.135
+ A 10.0.3.136
+ A 10.0.3.137
+ A 10.0.3.138
+ A 10.0.3.139
+ A 10.0.3.140
+ A 10.0.3.141
+ A 10.0.3.142
+ A 10.0.3.143
+ A 10.0.3.144
+ A 10.0.3.145
+ A 10.0.3.146
+ A 10.0.3.147
+ A 10.0.3.148
+ A 10.0.3.149
+ A 10.0.3.150
+ A 10.0.3.151
+ A 10.0.3.152
+ A 10.0.3.153
+ A 10.0.3.154
+ A 10.0.3.155
+ A 10.0.3.156
+ A 10.0.3.157
+ A 10.0.3.158
+ A 10.0.3.159
+ A 10.0.3.160
+ A 10.0.3.161
+ A 10.0.3.162
+ A 10.0.3.163
+ A 10.0.3.164
+ A 10.0.3.165
+ A 10.0.3.166
+ A 10.0.3.167
+ A 10.0.3.168
+ A 10.0.3.169
+ A 10.0.3.170
+ A 10.0.3.171
+ A 10.0.3.172
+ A 10.0.3.173
+ A 10.0.3.174
+ A 10.0.3.175
+ A 10.0.3.176
+ A 10.0.3.177
+ A 10.0.3.178
+ A 10.0.3.179
+ A 10.0.3.180
+ A 10.0.3.181
+ A 10.0.3.182
+ A 10.0.3.183
+ A 10.0.3.184
+ A 10.0.3.185
+ A 10.0.3.186
+ A 10.0.3.187
+ A 10.0.3.188
+ A 10.0.3.189
+ A 10.0.3.190
+ A 10.0.3.191
+ A 10.0.3.192
+ A 10.0.3.193
+ A 10.0.3.194
+ A 10.0.3.195
+ A 10.0.3.196
+ A 10.0.3.197
+ A 10.0.3.198
+ A 10.0.3.199
+ A 10.0.3.200
+ A 10.0.3.201
+ A 10.0.3.202
+ A 10.0.3.203
+ A 10.0.3.204
+ A 10.0.3.205
+ A 10.0.3.206
+ A 10.0.3.207
+ A 10.0.3.208
+ A 10.0.3.209
+ A 10.0.3.210
+ A 10.0.3.211
+ A 10.0.3.212
+ A 10.0.3.213
+ A 10.0.3.214
+ A 10.0.3.215
+ A 10.0.3.216
+ A 10.0.3.217
+ A 10.0.3.218
+ A 10.0.3.219
+ A 10.0.3.220
+ A 10.0.3.221
+ A 10.0.3.222
+ A 10.0.3.223
+ A 10.0.3.224
+ A 10.0.3.225
+ A 10.0.3.226
+ A 10.0.3.227
+ A 10.0.3.228
+ A 10.0.3.229
+ A 10.0.3.230
+ A 10.0.3.231
+2000 A 10.0.0.0
+ A 10.0.0.1
+ A 10.0.0.2
+ A 10.0.0.3
+ A 10.0.0.4
+ A 10.0.0.5
+ A 10.0.0.6
+ A 10.0.0.7
+ A 10.0.0.8
+ A 10.0.0.9
+ A 10.0.0.10
+ A 10.0.0.11
+ A 10.0.0.12
+ A 10.0.0.13
+ A 10.0.0.14
+ A 10.0.0.15
+ A 10.0.0.16
+ A 10.0.0.17
+ A 10.0.0.18
+ A 10.0.0.19
+ A 10.0.0.20
+ A 10.0.0.21
+ A 10.0.0.22
+ A 10.0.0.23
+ A 10.0.0.24
+ A 10.0.0.25
+ A 10.0.0.26
+ A 10.0.0.27
+ A 10.0.0.28
+ A 10.0.0.29
+ A 10.0.0.30
+ A 10.0.0.31
+ A 10.0.0.32
+ A 10.0.0.33
+ A 10.0.0.34
+ A 10.0.0.35
+ A 10.0.0.36
+ A 10.0.0.37
+ A 10.0.0.38
+ A 10.0.0.39
+ A 10.0.0.40
+ A 10.0.0.41
+ A 10.0.0.42
+ A 10.0.0.43
+ A 10.0.0.44
+ A 10.0.0.45
+ A 10.0.0.46
+ A 10.0.0.47
+ A 10.0.0.48
+ A 10.0.0.49
+ A 10.0.0.50
+ A 10.0.0.51
+ A 10.0.0.52
+ A 10.0.0.53
+ A 10.0.0.54
+ A 10.0.0.55
+ A 10.0.0.56
+ A 10.0.0.57
+ A 10.0.0.58
+ A 10.0.0.59
+ A 10.0.0.60
+ A 10.0.0.61
+ A 10.0.0.62
+ A 10.0.0.63
+ A 10.0.0.64
+ A 10.0.0.65
+ A 10.0.0.66
+ A 10.0.0.67
+ A 10.0.0.68
+ A 10.0.0.69
+ A 10.0.0.70
+ A 10.0.0.71
+ A 10.0.0.72
+ A 10.0.0.73
+ A 10.0.0.74
+ A 10.0.0.75
+ A 10.0.0.76
+ A 10.0.0.77
+ A 10.0.0.78
+ A 10.0.0.79
+ A 10.0.0.80
+ A 10.0.0.81
+ A 10.0.0.82
+ A 10.0.0.83
+ A 10.0.0.84
+ A 10.0.0.85
+ A 10.0.0.86
+ A 10.0.0.87
+ A 10.0.0.88
+ A 10.0.0.89
+ A 10.0.0.90
+ A 10.0.0.91
+ A 10.0.0.92
+ A 10.0.0.93
+ A 10.0.0.94
+ A 10.0.0.95
+ A 10.0.0.96
+ A 10.0.0.97
+ A 10.0.0.98
+ A 10.0.0.99
+ A 10.0.0.100
+ A 10.0.0.101
+ A 10.0.0.102
+ A 10.0.0.103
+ A 10.0.0.104
+ A 10.0.0.105
+ A 10.0.0.106
+ A 10.0.0.107
+ A 10.0.0.108
+ A 10.0.0.109
+ A 10.0.0.110
+ A 10.0.0.111
+ A 10.0.0.112
+ A 10.0.0.113
+ A 10.0.0.114
+ A 10.0.0.115
+ A 10.0.0.116
+ A 10.0.0.117
+ A 10.0.0.118
+ A 10.0.0.119
+ A 10.0.0.120
+ A 10.0.0.121
+ A 10.0.0.122
+ A 10.0.0.123
+ A 10.0.0.124
+ A 10.0.0.125
+ A 10.0.0.126
+ A 10.0.0.127
+ A 10.0.0.128
+ A 10.0.0.129
+ A 10.0.0.130
+ A 10.0.0.131
+ A 10.0.0.132
+ A 10.0.0.133
+ A 10.0.0.134
+ A 10.0.0.135
+ A 10.0.0.136
+ A 10.0.0.137
+ A 10.0.0.138
+ A 10.0.0.139
+ A 10.0.0.140
+ A 10.0.0.141
+ A 10.0.0.142
+ A 10.0.0.143
+ A 10.0.0.144
+ A 10.0.0.145
+ A 10.0.0.146
+ A 10.0.0.147
+ A 10.0.0.148
+ A 10.0.0.149
+ A 10.0.0.150
+ A 10.0.0.151
+ A 10.0.0.152
+ A 10.0.0.153
+ A 10.0.0.154
+ A 10.0.0.155
+ A 10.0.0.156
+ A 10.0.0.157
+ A 10.0.0.158
+ A 10.0.0.159
+ A 10.0.0.160
+ A 10.0.0.161
+ A 10.0.0.162
+ A 10.0.0.163
+ A 10.0.0.164
+ A 10.0.0.165
+ A 10.0.0.166
+ A 10.0.0.167
+ A 10.0.0.168
+ A 10.0.0.169
+ A 10.0.0.170
+ A 10.0.0.171
+ A 10.0.0.172
+ A 10.0.0.173
+ A 10.0.0.174
+ A 10.0.0.175
+ A 10.0.0.176
+ A 10.0.0.177
+ A 10.0.0.178
+ A 10.0.0.179
+ A 10.0.0.180
+ A 10.0.0.181
+ A 10.0.0.182
+ A 10.0.0.183
+ A 10.0.0.184
+ A 10.0.0.185
+ A 10.0.0.186
+ A 10.0.0.187
+ A 10.0.0.188
+ A 10.0.0.189
+ A 10.0.0.190
+ A 10.0.0.191
+ A 10.0.0.192
+ A 10.0.0.193
+ A 10.0.0.194
+ A 10.0.0.195
+ A 10.0.0.196
+ A 10.0.0.197
+ A 10.0.0.198
+ A 10.0.0.199
+ A 10.0.0.200
+ A 10.0.0.201
+ A 10.0.0.202
+ A 10.0.0.203
+ A 10.0.0.204
+ A 10.0.0.205
+ A 10.0.0.206
+ A 10.0.0.207
+ A 10.0.0.208
+ A 10.0.0.209
+ A 10.0.0.210
+ A 10.0.0.211
+ A 10.0.0.212
+ A 10.0.0.213
+ A 10.0.0.214
+ A 10.0.0.215
+ A 10.0.0.216
+ A 10.0.0.217
+ A 10.0.0.218
+ A 10.0.0.219
+ A 10.0.0.220
+ A 10.0.0.221
+ A 10.0.0.222
+ A 10.0.0.223
+ A 10.0.0.224
+ A 10.0.0.225
+ A 10.0.0.226
+ A 10.0.0.227
+ A 10.0.0.228
+ A 10.0.0.229
+ A 10.0.0.230
+ A 10.0.0.231
+ A 10.0.0.232
+ A 10.0.0.233
+ A 10.0.0.234
+ A 10.0.0.235
+ A 10.0.0.236
+ A 10.0.0.237
+ A 10.0.0.238
+ A 10.0.0.239
+ A 10.0.0.240
+ A 10.0.0.241
+ A 10.0.0.242
+ A 10.0.0.243
+ A 10.0.0.244
+ A 10.0.0.245
+ A 10.0.0.246
+ A 10.0.0.247
+ A 10.0.0.248
+ A 10.0.0.249
+ A 10.0.0.250
+ A 10.0.0.251
+ A 10.0.0.252
+ A 10.0.0.253
+ A 10.0.0.254
+ A 10.0.0.255
+ A 10.0.1.0
+ A 10.0.1.1
+ A 10.0.1.2
+ A 10.0.1.3
+ A 10.0.1.4
+ A 10.0.1.5
+ A 10.0.1.6
+ A 10.0.1.7
+ A 10.0.1.8
+ A 10.0.1.9
+ A 10.0.1.10
+ A 10.0.1.11
+ A 10.0.1.12
+ A 10.0.1.13
+ A 10.0.1.14
+ A 10.0.1.15
+ A 10.0.1.16
+ A 10.0.1.17
+ A 10.0.1.18
+ A 10.0.1.19
+ A 10.0.1.20
+ A 10.0.1.21
+ A 10.0.1.22
+ A 10.0.1.23
+ A 10.0.1.24
+ A 10.0.1.25
+ A 10.0.1.26
+ A 10.0.1.27
+ A 10.0.1.28
+ A 10.0.1.29
+ A 10.0.1.30
+ A 10.0.1.31
+ A 10.0.1.32
+ A 10.0.1.33
+ A 10.0.1.34
+ A 10.0.1.35
+ A 10.0.1.36
+ A 10.0.1.37
+ A 10.0.1.38
+ A 10.0.1.39
+ A 10.0.1.40
+ A 10.0.1.41
+ A 10.0.1.42
+ A 10.0.1.43
+ A 10.0.1.44
+ A 10.0.1.45
+ A 10.0.1.46
+ A 10.0.1.47
+ A 10.0.1.48
+ A 10.0.1.49
+ A 10.0.1.50
+ A 10.0.1.51
+ A 10.0.1.52
+ A 10.0.1.53
+ A 10.0.1.54
+ A 10.0.1.55
+ A 10.0.1.56
+ A 10.0.1.57
+ A 10.0.1.58
+ A 10.0.1.59
+ A 10.0.1.60
+ A 10.0.1.61
+ A 10.0.1.62
+ A 10.0.1.63
+ A 10.0.1.64
+ A 10.0.1.65
+ A 10.0.1.66
+ A 10.0.1.67
+ A 10.0.1.68
+ A 10.0.1.69
+ A 10.0.1.70
+ A 10.0.1.71
+ A 10.0.1.72
+ A 10.0.1.73
+ A 10.0.1.74
+ A 10.0.1.75
+ A 10.0.1.76
+ A 10.0.1.77
+ A 10.0.1.78
+ A 10.0.1.79
+ A 10.0.1.80
+ A 10.0.1.81
+ A 10.0.1.82
+ A 10.0.1.83
+ A 10.0.1.84
+ A 10.0.1.85
+ A 10.0.1.86
+ A 10.0.1.87
+ A 10.0.1.88
+ A 10.0.1.89
+ A 10.0.1.90
+ A 10.0.1.91
+ A 10.0.1.92
+ A 10.0.1.93
+ A 10.0.1.94
+ A 10.0.1.95
+ A 10.0.1.96
+ A 10.0.1.97
+ A 10.0.1.98
+ A 10.0.1.99
+ A 10.0.1.100
+ A 10.0.1.101
+ A 10.0.1.102
+ A 10.0.1.103
+ A 10.0.1.104
+ A 10.0.1.105
+ A 10.0.1.106
+ A 10.0.1.107
+ A 10.0.1.108
+ A 10.0.1.109
+ A 10.0.1.110
+ A 10.0.1.111
+ A 10.0.1.112
+ A 10.0.1.113
+ A 10.0.1.114
+ A 10.0.1.115
+ A 10.0.1.116
+ A 10.0.1.117
+ A 10.0.1.118
+ A 10.0.1.119
+ A 10.0.1.120
+ A 10.0.1.121
+ A 10.0.1.122
+ A 10.0.1.123
+ A 10.0.1.124
+ A 10.0.1.125
+ A 10.0.1.126
+ A 10.0.1.127
+ A 10.0.1.128
+ A 10.0.1.129
+ A 10.0.1.130
+ A 10.0.1.131
+ A 10.0.1.132
+ A 10.0.1.133
+ A 10.0.1.134
+ A 10.0.1.135
+ A 10.0.1.136
+ A 10.0.1.137
+ A 10.0.1.138
+ A 10.0.1.139
+ A 10.0.1.140
+ A 10.0.1.141
+ A 10.0.1.142
+ A 10.0.1.143
+ A 10.0.1.144
+ A 10.0.1.145
+ A 10.0.1.146
+ A 10.0.1.147
+ A 10.0.1.148
+ A 10.0.1.149
+ A 10.0.1.150
+ A 10.0.1.151
+ A 10.0.1.152
+ A 10.0.1.153
+ A 10.0.1.154
+ A 10.0.1.155
+ A 10.0.1.156
+ A 10.0.1.157
+ A 10.0.1.158
+ A 10.0.1.159
+ A 10.0.1.160
+ A 10.0.1.161
+ A 10.0.1.162
+ A 10.0.1.163
+ A 10.0.1.164
+ A 10.0.1.165
+ A 10.0.1.166
+ A 10.0.1.167
+ A 10.0.1.168
+ A 10.0.1.169
+ A 10.0.1.170
+ A 10.0.1.171
+ A 10.0.1.172
+ A 10.0.1.173
+ A 10.0.1.174
+ A 10.0.1.175
+ A 10.0.1.176
+ A 10.0.1.177
+ A 10.0.1.178
+ A 10.0.1.179
+ A 10.0.1.180
+ A 10.0.1.181
+ A 10.0.1.182
+ A 10.0.1.183
+ A 10.0.1.184
+ A 10.0.1.185
+ A 10.0.1.186
+ A 10.0.1.187
+ A 10.0.1.188
+ A 10.0.1.189
+ A 10.0.1.190
+ A 10.0.1.191
+ A 10.0.1.192
+ A 10.0.1.193
+ A 10.0.1.194
+ A 10.0.1.195
+ A 10.0.1.196
+ A 10.0.1.197
+ A 10.0.1.198
+ A 10.0.1.199
+ A 10.0.1.200
+ A 10.0.1.201
+ A 10.0.1.202
+ A 10.0.1.203
+ A 10.0.1.204
+ A 10.0.1.205
+ A 10.0.1.206
+ A 10.0.1.207
+ A 10.0.1.208
+ A 10.0.1.209
+ A 10.0.1.210
+ A 10.0.1.211
+ A 10.0.1.212
+ A 10.0.1.213
+ A 10.0.1.214
+ A 10.0.1.215
+ A 10.0.1.216
+ A 10.0.1.217
+ A 10.0.1.218
+ A 10.0.1.219
+ A 10.0.1.220
+ A 10.0.1.221
+ A 10.0.1.222
+ A 10.0.1.223
+ A 10.0.1.224
+ A 10.0.1.225
+ A 10.0.1.226
+ A 10.0.1.227
+ A 10.0.1.228
+ A 10.0.1.229
+ A 10.0.1.230
+ A 10.0.1.231
+ A 10.0.1.232
+ A 10.0.1.233
+ A 10.0.1.234
+ A 10.0.1.235
+ A 10.0.1.236
+ A 10.0.1.237
+ A 10.0.1.238
+ A 10.0.1.239
+ A 10.0.1.240
+ A 10.0.1.241
+ A 10.0.1.242
+ A 10.0.1.243
+ A 10.0.1.244
+ A 10.0.1.245
+ A 10.0.1.246
+ A 10.0.1.247
+ A 10.0.1.248
+ A 10.0.1.249
+ A 10.0.1.250
+ A 10.0.1.251
+ A 10.0.1.252
+ A 10.0.1.253
+ A 10.0.1.254
+ A 10.0.1.255
+ A 10.0.2.0
+ A 10.0.2.1
+ A 10.0.2.2
+ A 10.0.2.3
+ A 10.0.2.4
+ A 10.0.2.5
+ A 10.0.2.6
+ A 10.0.2.7
+ A 10.0.2.8
+ A 10.0.2.9
+ A 10.0.2.10
+ A 10.0.2.11
+ A 10.0.2.12
+ A 10.0.2.13
+ A 10.0.2.14
+ A 10.0.2.15
+ A 10.0.2.16
+ A 10.0.2.17
+ A 10.0.2.18
+ A 10.0.2.19
+ A 10.0.2.20
+ A 10.0.2.21
+ A 10.0.2.22
+ A 10.0.2.23
+ A 10.0.2.24
+ A 10.0.2.25
+ A 10.0.2.26
+ A 10.0.2.27
+ A 10.0.2.28
+ A 10.0.2.29
+ A 10.0.2.30
+ A 10.0.2.31
+ A 10.0.2.32
+ A 10.0.2.33
+ A 10.0.2.34
+ A 10.0.2.35
+ A 10.0.2.36
+ A 10.0.2.37
+ A 10.0.2.38
+ A 10.0.2.39
+ A 10.0.2.40
+ A 10.0.2.41
+ A 10.0.2.42
+ A 10.0.2.43
+ A 10.0.2.44
+ A 10.0.2.45
+ A 10.0.2.46
+ A 10.0.2.47
+ A 10.0.2.48
+ A 10.0.2.49
+ A 10.0.2.50
+ A 10.0.2.51
+ A 10.0.2.52
+ A 10.0.2.53
+ A 10.0.2.54
+ A 10.0.2.55
+ A 10.0.2.56
+ A 10.0.2.57
+ A 10.0.2.58
+ A 10.0.2.59
+ A 10.0.2.60
+ A 10.0.2.61
+ A 10.0.2.62
+ A 10.0.2.63
+ A 10.0.2.64
+ A 10.0.2.65
+ A 10.0.2.66
+ A 10.0.2.67
+ A 10.0.2.68
+ A 10.0.2.69
+ A 10.0.2.70
+ A 10.0.2.71
+ A 10.0.2.72
+ A 10.0.2.73
+ A 10.0.2.74
+ A 10.0.2.75
+ A 10.0.2.76
+ A 10.0.2.77
+ A 10.0.2.78
+ A 10.0.2.79
+ A 10.0.2.80
+ A 10.0.2.81
+ A 10.0.2.82
+ A 10.0.2.83
+ A 10.0.2.84
+ A 10.0.2.85
+ A 10.0.2.86
+ A 10.0.2.87
+ A 10.0.2.88
+ A 10.0.2.89
+ A 10.0.2.90
+ A 10.0.2.91
+ A 10.0.2.92
+ A 10.0.2.93
+ A 10.0.2.94
+ A 10.0.2.95
+ A 10.0.2.96
+ A 10.0.2.97
+ A 10.0.2.98
+ A 10.0.2.99
+ A 10.0.2.100
+ A 10.0.2.101
+ A 10.0.2.102
+ A 10.0.2.103
+ A 10.0.2.104
+ A 10.0.2.105
+ A 10.0.2.106
+ A 10.0.2.107
+ A 10.0.2.108
+ A 10.0.2.109
+ A 10.0.2.110
+ A 10.0.2.111
+ A 10.0.2.112
+ A 10.0.2.113
+ A 10.0.2.114
+ A 10.0.2.115
+ A 10.0.2.116
+ A 10.0.2.117
+ A 10.0.2.118
+ A 10.0.2.119
+ A 10.0.2.120
+ A 10.0.2.121
+ A 10.0.2.122
+ A 10.0.2.123
+ A 10.0.2.124
+ A 10.0.2.125
+ A 10.0.2.126
+ A 10.0.2.127
+ A 10.0.2.128
+ A 10.0.2.129
+ A 10.0.2.130
+ A 10.0.2.131
+ A 10.0.2.132
+ A 10.0.2.133
+ A 10.0.2.134
+ A 10.0.2.135
+ A 10.0.2.136
+ A 10.0.2.137
+ A 10.0.2.138
+ A 10.0.2.139
+ A 10.0.2.140
+ A 10.0.2.141
+ A 10.0.2.142
+ A 10.0.2.143
+ A 10.0.2.144
+ A 10.0.2.145
+ A 10.0.2.146
+ A 10.0.2.147
+ A 10.0.2.148
+ A 10.0.2.149
+ A 10.0.2.150
+ A 10.0.2.151
+ A 10.0.2.152
+ A 10.0.2.153
+ A 10.0.2.154
+ A 10.0.2.155
+ A 10.0.2.156
+ A 10.0.2.157
+ A 10.0.2.158
+ A 10.0.2.159
+ A 10.0.2.160
+ A 10.0.2.161
+ A 10.0.2.162
+ A 10.0.2.163
+ A 10.0.2.164
+ A 10.0.2.165
+ A 10.0.2.166
+ A 10.0.2.167
+ A 10.0.2.168
+ A 10.0.2.169
+ A 10.0.2.170
+ A 10.0.2.171
+ A 10.0.2.172
+ A 10.0.2.173
+ A 10.0.2.174
+ A 10.0.2.175
+ A 10.0.2.176
+ A 10.0.2.177
+ A 10.0.2.178
+ A 10.0.2.179
+ A 10.0.2.180
+ A 10.0.2.181
+ A 10.0.2.182
+ A 10.0.2.183
+ A 10.0.2.184
+ A 10.0.2.185
+ A 10.0.2.186
+ A 10.0.2.187
+ A 10.0.2.188
+ A 10.0.2.189
+ A 10.0.2.190
+ A 10.0.2.191
+ A 10.0.2.192
+ A 10.0.2.193
+ A 10.0.2.194
+ A 10.0.2.195
+ A 10.0.2.196
+ A 10.0.2.197
+ A 10.0.2.198
+ A 10.0.2.199
+ A 10.0.2.200
+ A 10.0.2.201
+ A 10.0.2.202
+ A 10.0.2.203
+ A 10.0.2.204
+ A 10.0.2.205
+ A 10.0.2.206
+ A 10.0.2.207
+ A 10.0.2.208
+ A 10.0.2.209
+ A 10.0.2.210
+ A 10.0.2.211
+ A 10.0.2.212
+ A 10.0.2.213
+ A 10.0.2.214
+ A 10.0.2.215
+ A 10.0.2.216
+ A 10.0.2.217
+ A 10.0.2.218
+ A 10.0.2.219
+ A 10.0.2.220
+ A 10.0.2.221
+ A 10.0.2.222
+ A 10.0.2.223
+ A 10.0.2.224
+ A 10.0.2.225
+ A 10.0.2.226
+ A 10.0.2.227
+ A 10.0.2.228
+ A 10.0.2.229
+ A 10.0.2.230
+ A 10.0.2.231
+ A 10.0.2.232
+ A 10.0.2.233
+ A 10.0.2.234
+ A 10.0.2.235
+ A 10.0.2.236
+ A 10.0.2.237
+ A 10.0.2.238
+ A 10.0.2.239
+ A 10.0.2.240
+ A 10.0.2.241
+ A 10.0.2.242
+ A 10.0.2.243
+ A 10.0.2.244
+ A 10.0.2.245
+ A 10.0.2.246
+ A 10.0.2.247
+ A 10.0.2.248
+ A 10.0.2.249
+ A 10.0.2.250
+ A 10.0.2.251
+ A 10.0.2.252
+ A 10.0.2.253
+ A 10.0.2.254
+ A 10.0.2.255
+ A 10.0.3.0
+ A 10.0.3.1
+ A 10.0.3.2
+ A 10.0.3.3
+ A 10.0.3.4
+ A 10.0.3.5
+ A 10.0.3.6
+ A 10.0.3.7
+ A 10.0.3.8
+ A 10.0.3.9
+ A 10.0.3.10
+ A 10.0.3.11
+ A 10.0.3.12
+ A 10.0.3.13
+ A 10.0.3.14
+ A 10.0.3.15
+ A 10.0.3.16
+ A 10.0.3.17
+ A 10.0.3.18
+ A 10.0.3.19
+ A 10.0.3.20
+ A 10.0.3.21
+ A 10.0.3.22
+ A 10.0.3.23
+ A 10.0.3.24
+ A 10.0.3.25
+ A 10.0.3.26
+ A 10.0.3.27
+ A 10.0.3.28
+ A 10.0.3.29
+ A 10.0.3.30
+ A 10.0.3.31
+ A 10.0.3.32
+ A 10.0.3.33
+ A 10.0.3.34
+ A 10.0.3.35
+ A 10.0.3.36
+ A 10.0.3.37
+ A 10.0.3.38
+ A 10.0.3.39
+ A 10.0.3.40
+ A 10.0.3.41
+ A 10.0.3.42
+ A 10.0.3.43
+ A 10.0.3.44
+ A 10.0.3.45
+ A 10.0.3.46
+ A 10.0.3.47
+ A 10.0.3.48
+ A 10.0.3.49
+ A 10.0.3.50
+ A 10.0.3.51
+ A 10.0.3.52
+ A 10.0.3.53
+ A 10.0.3.54
+ A 10.0.3.55
+ A 10.0.3.56
+ A 10.0.3.57
+ A 10.0.3.58
+ A 10.0.3.59
+ A 10.0.3.60
+ A 10.0.3.61
+ A 10.0.3.62
+ A 10.0.3.63
+ A 10.0.3.64
+ A 10.0.3.65
+ A 10.0.3.66
+ A 10.0.3.67
+ A 10.0.3.68
+ A 10.0.3.69
+ A 10.0.3.70
+ A 10.0.3.71
+ A 10.0.3.72
+ A 10.0.3.73
+ A 10.0.3.74
+ A 10.0.3.75
+ A 10.0.3.76
+ A 10.0.3.77
+ A 10.0.3.78
+ A 10.0.3.79
+ A 10.0.3.80
+ A 10.0.3.81
+ A 10.0.3.82
+ A 10.0.3.83
+ A 10.0.3.84
+ A 10.0.3.85
+ A 10.0.3.86
+ A 10.0.3.87
+ A 10.0.3.88
+ A 10.0.3.89
+ A 10.0.3.90
+ A 10.0.3.91
+ A 10.0.3.92
+ A 10.0.3.93
+ A 10.0.3.94
+ A 10.0.3.95
+ A 10.0.3.96
+ A 10.0.3.97
+ A 10.0.3.98
+ A 10.0.3.99
+ A 10.0.3.100
+ A 10.0.3.101
+ A 10.0.3.102
+ A 10.0.3.103
+ A 10.0.3.104
+ A 10.0.3.105
+ A 10.0.3.106
+ A 10.0.3.107
+ A 10.0.3.108
+ A 10.0.3.109
+ A 10.0.3.110
+ A 10.0.3.111
+ A 10.0.3.112
+ A 10.0.3.113
+ A 10.0.3.114
+ A 10.0.3.115
+ A 10.0.3.116
+ A 10.0.3.117
+ A 10.0.3.118
+ A 10.0.3.119
+ A 10.0.3.120
+ A 10.0.3.121
+ A 10.0.3.122
+ A 10.0.3.123
+ A 10.0.3.124
+ A 10.0.3.125
+ A 10.0.3.126
+ A 10.0.3.127
+ A 10.0.3.128
+ A 10.0.3.129
+ A 10.0.3.130
+ A 10.0.3.131
+ A 10.0.3.132
+ A 10.0.3.133
+ A 10.0.3.134
+ A 10.0.3.135
+ A 10.0.3.136
+ A 10.0.3.137
+ A 10.0.3.138
+ A 10.0.3.139
+ A 10.0.3.140
+ A 10.0.3.141
+ A 10.0.3.142
+ A 10.0.3.143
+ A 10.0.3.144
+ A 10.0.3.145
+ A 10.0.3.146
+ A 10.0.3.147
+ A 10.0.3.148
+ A 10.0.3.149
+ A 10.0.3.150
+ A 10.0.3.151
+ A 10.0.3.152
+ A 10.0.3.153
+ A 10.0.3.154
+ A 10.0.3.155
+ A 10.0.3.156
+ A 10.0.3.157
+ A 10.0.3.158
+ A 10.0.3.159
+ A 10.0.3.160
+ A 10.0.3.161
+ A 10.0.3.162
+ A 10.0.3.163
+ A 10.0.3.164
+ A 10.0.3.165
+ A 10.0.3.166
+ A 10.0.3.167
+ A 10.0.3.168
+ A 10.0.3.169
+ A 10.0.3.170
+ A 10.0.3.171
+ A 10.0.3.172
+ A 10.0.3.173
+ A 10.0.3.174
+ A 10.0.3.175
+ A 10.0.3.176
+ A 10.0.3.177
+ A 10.0.3.178
+ A 10.0.3.179
+ A 10.0.3.180
+ A 10.0.3.181
+ A 10.0.3.182
+ A 10.0.3.183
+ A 10.0.3.184
+ A 10.0.3.185
+ A 10.0.3.186
+ A 10.0.3.187
+ A 10.0.3.188
+ A 10.0.3.189
+ A 10.0.3.190
+ A 10.0.3.191
+ A 10.0.3.192
+ A 10.0.3.193
+ A 10.0.3.194
+ A 10.0.3.195
+ A 10.0.3.196
+ A 10.0.3.197
+ A 10.0.3.198
+ A 10.0.3.199
+ A 10.0.3.200
+ A 10.0.3.201
+ A 10.0.3.202
+ A 10.0.3.203
+ A 10.0.3.204
+ A 10.0.3.205
+ A 10.0.3.206
+ A 10.0.3.207
+ A 10.0.3.208
+ A 10.0.3.209
+ A 10.0.3.210
+ A 10.0.3.211
+ A 10.0.3.212
+ A 10.0.3.213
+ A 10.0.3.214
+ A 10.0.3.215
+ A 10.0.3.216
+ A 10.0.3.217
+ A 10.0.3.218
+ A 10.0.3.219
+ A 10.0.3.220
+ A 10.0.3.221
+ A 10.0.3.222
+ A 10.0.3.223
+ A 10.0.3.224
+ A 10.0.3.225
+ A 10.0.3.226
+ A 10.0.3.227
+ A 10.0.3.228
+ A 10.0.3.229
+ A 10.0.3.230
+ A 10.0.3.231
+ A 10.0.3.232
+ A 10.0.3.233
+ A 10.0.3.234
+ A 10.0.3.235
+ A 10.0.3.236
+ A 10.0.3.237
+ A 10.0.3.238
+ A 10.0.3.239
+ A 10.0.3.240
+ A 10.0.3.241
+ A 10.0.3.242
+ A 10.0.3.243
+ A 10.0.3.244
+ A 10.0.3.245
+ A 10.0.3.246
+ A 10.0.3.247
+ A 10.0.3.248
+ A 10.0.3.249
+ A 10.0.3.250
+ A 10.0.3.251
+ A 10.0.3.252
+ A 10.0.3.253
+ A 10.0.3.254
+ A 10.0.3.255
+ A 10.0.4.0
+ A 10.0.4.1
+ A 10.0.4.2
+ A 10.0.4.3
+ A 10.0.4.4
+ A 10.0.4.5
+ A 10.0.4.6
+ A 10.0.4.7
+ A 10.0.4.8
+ A 10.0.4.9
+ A 10.0.4.10
+ A 10.0.4.11
+ A 10.0.4.12
+ A 10.0.4.13
+ A 10.0.4.14
+ A 10.0.4.15
+ A 10.0.4.16
+ A 10.0.4.17
+ A 10.0.4.18
+ A 10.0.4.19
+ A 10.0.4.20
+ A 10.0.4.21
+ A 10.0.4.22
+ A 10.0.4.23
+ A 10.0.4.24
+ A 10.0.4.25
+ A 10.0.4.26
+ A 10.0.4.27
+ A 10.0.4.28
+ A 10.0.4.29
+ A 10.0.4.30
+ A 10.0.4.31
+ A 10.0.4.32
+ A 10.0.4.33
+ A 10.0.4.34
+ A 10.0.4.35
+ A 10.0.4.36
+ A 10.0.4.37
+ A 10.0.4.38
+ A 10.0.4.39
+ A 10.0.4.40
+ A 10.0.4.41
+ A 10.0.4.42
+ A 10.0.4.43
+ A 10.0.4.44
+ A 10.0.4.45
+ A 10.0.4.46
+ A 10.0.4.47
+ A 10.0.4.48
+ A 10.0.4.49
+ A 10.0.4.50
+ A 10.0.4.51
+ A 10.0.4.52
+ A 10.0.4.53
+ A 10.0.4.54
+ A 10.0.4.55
+ A 10.0.4.56
+ A 10.0.4.57
+ A 10.0.4.58
+ A 10.0.4.59
+ A 10.0.4.60
+ A 10.0.4.61
+ A 10.0.4.62
+ A 10.0.4.63
+ A 10.0.4.64
+ A 10.0.4.65
+ A 10.0.4.66
+ A 10.0.4.67
+ A 10.0.4.68
+ A 10.0.4.69
+ A 10.0.4.70
+ A 10.0.4.71
+ A 10.0.4.72
+ A 10.0.4.73
+ A 10.0.4.74
+ A 10.0.4.75
+ A 10.0.4.76
+ A 10.0.4.77
+ A 10.0.4.78
+ A 10.0.4.79
+ A 10.0.4.80
+ A 10.0.4.81
+ A 10.0.4.82
+ A 10.0.4.83
+ A 10.0.4.84
+ A 10.0.4.85
+ A 10.0.4.86
+ A 10.0.4.87
+ A 10.0.4.88
+ A 10.0.4.89
+ A 10.0.4.90
+ A 10.0.4.91
+ A 10.0.4.92
+ A 10.0.4.93
+ A 10.0.4.94
+ A 10.0.4.95
+ A 10.0.4.96
+ A 10.0.4.97
+ A 10.0.4.98
+ A 10.0.4.99
+ A 10.0.4.100
+ A 10.0.4.101
+ A 10.0.4.102
+ A 10.0.4.103
+ A 10.0.4.104
+ A 10.0.4.105
+ A 10.0.4.106
+ A 10.0.4.107
+ A 10.0.4.108
+ A 10.0.4.109
+ A 10.0.4.110
+ A 10.0.4.111
+ A 10.0.4.112
+ A 10.0.4.113
+ A 10.0.4.114
+ A 10.0.4.115
+ A 10.0.4.116
+ A 10.0.4.117
+ A 10.0.4.118
+ A 10.0.4.119
+ A 10.0.4.120
+ A 10.0.4.121
+ A 10.0.4.122
+ A 10.0.4.123
+ A 10.0.4.124
+ A 10.0.4.125
+ A 10.0.4.126
+ A 10.0.4.127
+ A 10.0.4.128
+ A 10.0.4.129
+ A 10.0.4.130
+ A 10.0.4.131
+ A 10.0.4.132
+ A 10.0.4.133
+ A 10.0.4.134
+ A 10.0.4.135
+ A 10.0.4.136
+ A 10.0.4.137
+ A 10.0.4.138
+ A 10.0.4.139
+ A 10.0.4.140
+ A 10.0.4.141
+ A 10.0.4.142
+ A 10.0.4.143
+ A 10.0.4.144
+ A 10.0.4.145
+ A 10.0.4.146
+ A 10.0.4.147
+ A 10.0.4.148
+ A 10.0.4.149
+ A 10.0.4.150
+ A 10.0.4.151
+ A 10.0.4.152
+ A 10.0.4.153
+ A 10.0.4.154
+ A 10.0.4.155
+ A 10.0.4.156
+ A 10.0.4.157
+ A 10.0.4.158
+ A 10.0.4.159
+ A 10.0.4.160
+ A 10.0.4.161
+ A 10.0.4.162
+ A 10.0.4.163
+ A 10.0.4.164
+ A 10.0.4.165
+ A 10.0.4.166
+ A 10.0.4.167
+ A 10.0.4.168
+ A 10.0.4.169
+ A 10.0.4.170
+ A 10.0.4.171
+ A 10.0.4.172
+ A 10.0.4.173
+ A 10.0.4.174
+ A 10.0.4.175
+ A 10.0.4.176
+ A 10.0.4.177
+ A 10.0.4.178
+ A 10.0.4.179
+ A 10.0.4.180
+ A 10.0.4.181
+ A 10.0.4.182
+ A 10.0.4.183
+ A 10.0.4.184
+ A 10.0.4.185
+ A 10.0.4.186
+ A 10.0.4.187
+ A 10.0.4.188
+ A 10.0.4.189
+ A 10.0.4.190
+ A 10.0.4.191
+ A 10.0.4.192
+ A 10.0.4.193
+ A 10.0.4.194
+ A 10.0.4.195
+ A 10.0.4.196
+ A 10.0.4.197
+ A 10.0.4.198
+ A 10.0.4.199
+ A 10.0.4.200
+ A 10.0.4.201
+ A 10.0.4.202
+ A 10.0.4.203
+ A 10.0.4.204
+ A 10.0.4.205
+ A 10.0.4.206
+ A 10.0.4.207
+ A 10.0.4.208
+ A 10.0.4.209
+ A 10.0.4.210
+ A 10.0.4.211
+ A 10.0.4.212
+ A 10.0.4.213
+ A 10.0.4.214
+ A 10.0.4.215
+ A 10.0.4.216
+ A 10.0.4.217
+ A 10.0.4.218
+ A 10.0.4.219
+ A 10.0.4.220
+ A 10.0.4.221
+ A 10.0.4.222
+ A 10.0.4.223
+ A 10.0.4.224
+ A 10.0.4.225
+ A 10.0.4.226
+ A 10.0.4.227
+ A 10.0.4.228
+ A 10.0.4.229
+ A 10.0.4.230
+ A 10.0.4.231
+ A 10.0.4.232
+ A 10.0.4.233
+ A 10.0.4.234
+ A 10.0.4.235
+ A 10.0.4.236
+ A 10.0.4.237
+ A 10.0.4.238
+ A 10.0.4.239
+ A 10.0.4.240
+ A 10.0.4.241
+ A 10.0.4.242
+ A 10.0.4.243
+ A 10.0.4.244
+ A 10.0.4.245
+ A 10.0.4.246
+ A 10.0.4.247
+ A 10.0.4.248
+ A 10.0.4.249
+ A 10.0.4.250
+ A 10.0.4.251
+ A 10.0.4.252
+ A 10.0.4.253
+ A 10.0.4.254
+ A 10.0.4.255
+ A 10.0.5.0
+ A 10.0.5.1
+ A 10.0.5.2
+ A 10.0.5.3
+ A 10.0.5.4
+ A 10.0.5.5
+ A 10.0.5.6
+ A 10.0.5.7
+ A 10.0.5.8
+ A 10.0.5.9
+ A 10.0.5.10
+ A 10.0.5.11
+ A 10.0.5.12
+ A 10.0.5.13
+ A 10.0.5.14
+ A 10.0.5.15
+ A 10.0.5.16
+ A 10.0.5.17
+ A 10.0.5.18
+ A 10.0.5.19
+ A 10.0.5.20
+ A 10.0.5.21
+ A 10.0.5.22
+ A 10.0.5.23
+ A 10.0.5.24
+ A 10.0.5.25
+ A 10.0.5.26
+ A 10.0.5.27
+ A 10.0.5.28
+ A 10.0.5.29
+ A 10.0.5.30
+ A 10.0.5.31
+ A 10.0.5.32
+ A 10.0.5.33
+ A 10.0.5.34
+ A 10.0.5.35
+ A 10.0.5.36
+ A 10.0.5.37
+ A 10.0.5.38
+ A 10.0.5.39
+ A 10.0.5.40
+ A 10.0.5.41
+ A 10.0.5.42
+ A 10.0.5.43
+ A 10.0.5.44
+ A 10.0.5.45
+ A 10.0.5.46
+ A 10.0.5.47
+ A 10.0.5.48
+ A 10.0.5.49
+ A 10.0.5.50
+ A 10.0.5.51
+ A 10.0.5.52
+ A 10.0.5.53
+ A 10.0.5.54
+ A 10.0.5.55
+ A 10.0.5.56
+ A 10.0.5.57
+ A 10.0.5.58
+ A 10.0.5.59
+ A 10.0.5.60
+ A 10.0.5.61
+ A 10.0.5.62
+ A 10.0.5.63
+ A 10.0.5.64
+ A 10.0.5.65
+ A 10.0.5.66
+ A 10.0.5.67
+ A 10.0.5.68
+ A 10.0.5.69
+ A 10.0.5.70
+ A 10.0.5.71
+ A 10.0.5.72
+ A 10.0.5.73
+ A 10.0.5.74
+ A 10.0.5.75
+ A 10.0.5.76
+ A 10.0.5.77
+ A 10.0.5.78
+ A 10.0.5.79
+ A 10.0.5.80
+ A 10.0.5.81
+ A 10.0.5.82
+ A 10.0.5.83
+ A 10.0.5.84
+ A 10.0.5.85
+ A 10.0.5.86
+ A 10.0.5.87
+ A 10.0.5.88
+ A 10.0.5.89
+ A 10.0.5.90
+ A 10.0.5.91
+ A 10.0.5.92
+ A 10.0.5.93
+ A 10.0.5.94
+ A 10.0.5.95
+ A 10.0.5.96
+ A 10.0.5.97
+ A 10.0.5.98
+ A 10.0.5.99
+ A 10.0.5.100
+ A 10.0.5.101
+ A 10.0.5.102
+ A 10.0.5.103
+ A 10.0.5.104
+ A 10.0.5.105
+ A 10.0.5.106
+ A 10.0.5.107
+ A 10.0.5.108
+ A 10.0.5.109
+ A 10.0.5.110
+ A 10.0.5.111
+ A 10.0.5.112
+ A 10.0.5.113
+ A 10.0.5.114
+ A 10.0.5.115
+ A 10.0.5.116
+ A 10.0.5.117
+ A 10.0.5.118
+ A 10.0.5.119
+ A 10.0.5.120
+ A 10.0.5.121
+ A 10.0.5.122
+ A 10.0.5.123
+ A 10.0.5.124
+ A 10.0.5.125
+ A 10.0.5.126
+ A 10.0.5.127
+ A 10.0.5.128
+ A 10.0.5.129
+ A 10.0.5.130
+ A 10.0.5.131
+ A 10.0.5.132
+ A 10.0.5.133
+ A 10.0.5.134
+ A 10.0.5.135
+ A 10.0.5.136
+ A 10.0.5.137
+ A 10.0.5.138
+ A 10.0.5.139
+ A 10.0.5.140
+ A 10.0.5.141
+ A 10.0.5.142
+ A 10.0.5.143
+ A 10.0.5.144
+ A 10.0.5.145
+ A 10.0.5.146
+ A 10.0.5.147
+ A 10.0.5.148
+ A 10.0.5.149
+ A 10.0.5.150
+ A 10.0.5.151
+ A 10.0.5.152
+ A 10.0.5.153
+ A 10.0.5.154
+ A 10.0.5.155
+ A 10.0.5.156
+ A 10.0.5.157
+ A 10.0.5.158
+ A 10.0.5.159
+ A 10.0.5.160
+ A 10.0.5.161
+ A 10.0.5.162
+ A 10.0.5.163
+ A 10.0.5.164
+ A 10.0.5.165
+ A 10.0.5.166
+ A 10.0.5.167
+ A 10.0.5.168
+ A 10.0.5.169
+ A 10.0.5.170
+ A 10.0.5.171
+ A 10.0.5.172
+ A 10.0.5.173
+ A 10.0.5.174
+ A 10.0.5.175
+ A 10.0.5.176
+ A 10.0.5.177
+ A 10.0.5.178
+ A 10.0.5.179
+ A 10.0.5.180
+ A 10.0.5.181
+ A 10.0.5.182
+ A 10.0.5.183
+ A 10.0.5.184
+ A 10.0.5.185
+ A 10.0.5.186
+ A 10.0.5.187
+ A 10.0.5.188
+ A 10.0.5.189
+ A 10.0.5.190
+ A 10.0.5.191
+ A 10.0.5.192
+ A 10.0.5.193
+ A 10.0.5.194
+ A 10.0.5.195
+ A 10.0.5.196
+ A 10.0.5.197
+ A 10.0.5.198
+ A 10.0.5.199
+ A 10.0.5.200
+ A 10.0.5.201
+ A 10.0.5.202
+ A 10.0.5.203
+ A 10.0.5.204
+ A 10.0.5.205
+ A 10.0.5.206
+ A 10.0.5.207
+ A 10.0.5.208
+ A 10.0.5.209
+ A 10.0.5.210
+ A 10.0.5.211
+ A 10.0.5.212
+ A 10.0.5.213
+ A 10.0.5.214
+ A 10.0.5.215
+ A 10.0.5.216
+ A 10.0.5.217
+ A 10.0.5.218
+ A 10.0.5.219
+ A 10.0.5.220
+ A 10.0.5.221
+ A 10.0.5.222
+ A 10.0.5.223
+ A 10.0.5.224
+ A 10.0.5.225
+ A 10.0.5.226
+ A 10.0.5.227
+ A 10.0.5.228
+ A 10.0.5.229
+ A 10.0.5.230
+ A 10.0.5.231
+ A 10.0.5.232
+ A 10.0.5.233
+ A 10.0.5.234
+ A 10.0.5.235
+ A 10.0.5.236
+ A 10.0.5.237
+ A 10.0.5.238
+ A 10.0.5.239
+ A 10.0.5.240
+ A 10.0.5.241
+ A 10.0.5.242
+ A 10.0.5.243
+ A 10.0.5.244
+ A 10.0.5.245
+ A 10.0.5.246
+ A 10.0.5.247
+ A 10.0.5.248
+ A 10.0.5.249
+ A 10.0.5.250
+ A 10.0.5.251
+ A 10.0.5.252
+ A 10.0.5.253
+ A 10.0.5.254
+ A 10.0.5.255
+ A 10.0.6.0
+ A 10.0.6.1
+ A 10.0.6.2
+ A 10.0.6.3
+ A 10.0.6.4
+ A 10.0.6.5
+ A 10.0.6.6
+ A 10.0.6.7
+ A 10.0.6.8
+ A 10.0.6.9
+ A 10.0.6.10
+ A 10.0.6.11
+ A 10.0.6.12
+ A 10.0.6.13
+ A 10.0.6.14
+ A 10.0.6.15
+ A 10.0.6.16
+ A 10.0.6.17
+ A 10.0.6.18
+ A 10.0.6.19
+ A 10.0.6.20
+ A 10.0.6.21
+ A 10.0.6.22
+ A 10.0.6.23
+ A 10.0.6.24
+ A 10.0.6.25
+ A 10.0.6.26
+ A 10.0.6.27
+ A 10.0.6.28
+ A 10.0.6.29
+ A 10.0.6.30
+ A 10.0.6.31
+ A 10.0.6.32
+ A 10.0.6.33
+ A 10.0.6.34
+ A 10.0.6.35
+ A 10.0.6.36
+ A 10.0.6.37
+ A 10.0.6.38
+ A 10.0.6.39
+ A 10.0.6.40
+ A 10.0.6.41
+ A 10.0.6.42
+ A 10.0.6.43
+ A 10.0.6.44
+ A 10.0.6.45
+ A 10.0.6.46
+ A 10.0.6.47
+ A 10.0.6.48
+ A 10.0.6.49
+ A 10.0.6.50
+ A 10.0.6.51
+ A 10.0.6.52
+ A 10.0.6.53
+ A 10.0.6.54
+ A 10.0.6.55
+ A 10.0.6.56
+ A 10.0.6.57
+ A 10.0.6.58
+ A 10.0.6.59
+ A 10.0.6.60
+ A 10.0.6.61
+ A 10.0.6.62
+ A 10.0.6.63
+ A 10.0.6.64
+ A 10.0.6.65
+ A 10.0.6.66
+ A 10.0.6.67
+ A 10.0.6.68
+ A 10.0.6.69
+ A 10.0.6.70
+ A 10.0.6.71
+ A 10.0.6.72
+ A 10.0.6.73
+ A 10.0.6.74
+ A 10.0.6.75
+ A 10.0.6.76
+ A 10.0.6.77
+ A 10.0.6.78
+ A 10.0.6.79
+ A 10.0.6.80
+ A 10.0.6.81
+ A 10.0.6.82
+ A 10.0.6.83
+ A 10.0.6.84
+ A 10.0.6.85
+ A 10.0.6.86
+ A 10.0.6.87
+ A 10.0.6.88
+ A 10.0.6.89
+ A 10.0.6.90
+ A 10.0.6.91
+ A 10.0.6.92
+ A 10.0.6.93
+ A 10.0.6.94
+ A 10.0.6.95
+ A 10.0.6.96
+ A 10.0.6.97
+ A 10.0.6.98
+ A 10.0.6.99
+ A 10.0.6.100
+ A 10.0.6.101
+ A 10.0.6.102
+ A 10.0.6.103
+ A 10.0.6.104
+ A 10.0.6.105
+ A 10.0.6.106
+ A 10.0.6.107
+ A 10.0.6.108
+ A 10.0.6.109
+ A 10.0.6.110
+ A 10.0.6.111
+ A 10.0.6.112
+ A 10.0.6.113
+ A 10.0.6.114
+ A 10.0.6.115
+ A 10.0.6.116
+ A 10.0.6.117
+ A 10.0.6.118
+ A 10.0.6.119
+ A 10.0.6.120
+ A 10.0.6.121
+ A 10.0.6.122
+ A 10.0.6.123
+ A 10.0.6.124
+ A 10.0.6.125
+ A 10.0.6.126
+ A 10.0.6.127
+ A 10.0.6.128
+ A 10.0.6.129
+ A 10.0.6.130
+ A 10.0.6.131
+ A 10.0.6.132
+ A 10.0.6.133
+ A 10.0.6.134
+ A 10.0.6.135
+ A 10.0.6.136
+ A 10.0.6.137
+ A 10.0.6.138
+ A 10.0.6.139
+ A 10.0.6.140
+ A 10.0.6.141
+ A 10.0.6.142
+ A 10.0.6.143
+ A 10.0.6.144
+ A 10.0.6.145
+ A 10.0.6.146
+ A 10.0.6.147
+ A 10.0.6.148
+ A 10.0.6.149
+ A 10.0.6.150
+ A 10.0.6.151
+ A 10.0.6.152
+ A 10.0.6.153
+ A 10.0.6.154
+ A 10.0.6.155
+ A 10.0.6.156
+ A 10.0.6.157
+ A 10.0.6.158
+ A 10.0.6.159
+ A 10.0.6.160
+ A 10.0.6.161
+ A 10.0.6.162
+ A 10.0.6.163
+ A 10.0.6.164
+ A 10.0.6.165
+ A 10.0.6.166
+ A 10.0.6.167
+ A 10.0.6.168
+ A 10.0.6.169
+ A 10.0.6.170
+ A 10.0.6.171
+ A 10.0.6.172
+ A 10.0.6.173
+ A 10.0.6.174
+ A 10.0.6.175
+ A 10.0.6.176
+ A 10.0.6.177
+ A 10.0.6.178
+ A 10.0.6.179
+ A 10.0.6.180
+ A 10.0.6.181
+ A 10.0.6.182
+ A 10.0.6.183
+ A 10.0.6.184
+ A 10.0.6.185
+ A 10.0.6.186
+ A 10.0.6.187
+ A 10.0.6.188
+ A 10.0.6.189
+ A 10.0.6.190
+ A 10.0.6.191
+ A 10.0.6.192
+ A 10.0.6.193
+ A 10.0.6.194
+ A 10.0.6.195
+ A 10.0.6.196
+ A 10.0.6.197
+ A 10.0.6.198
+ A 10.0.6.199
+ A 10.0.6.200
+ A 10.0.6.201
+ A 10.0.6.202
+ A 10.0.6.203
+ A 10.0.6.204
+ A 10.0.6.205
+ A 10.0.6.206
+ A 10.0.6.207
+ A 10.0.6.208
+ A 10.0.6.209
+ A 10.0.6.210
+ A 10.0.6.211
+ A 10.0.6.212
+ A 10.0.6.213
+ A 10.0.6.214
+ A 10.0.6.215
+ A 10.0.6.216
+ A 10.0.6.217
+ A 10.0.6.218
+ A 10.0.6.219
+ A 10.0.6.220
+ A 10.0.6.221
+ A 10.0.6.222
+ A 10.0.6.223
+ A 10.0.6.224
+ A 10.0.6.225
+ A 10.0.6.226
+ A 10.0.6.227
+ A 10.0.6.228
+ A 10.0.6.229
+ A 10.0.6.230
+ A 10.0.6.231
+ A 10.0.6.232
+ A 10.0.6.233
+ A 10.0.6.234
+ A 10.0.6.235
+ A 10.0.6.236
+ A 10.0.6.237
+ A 10.0.6.238
+ A 10.0.6.239
+ A 10.0.6.240
+ A 10.0.6.241
+ A 10.0.6.242
+ A 10.0.6.243
+ A 10.0.6.244
+ A 10.0.6.245
+ A 10.0.6.246
+ A 10.0.6.247
+ A 10.0.6.248
+ A 10.0.6.249
+ A 10.0.6.250
+ A 10.0.6.251
+ A 10.0.6.252
+ A 10.0.6.253
+ A 10.0.6.254
+ A 10.0.6.255
+ A 10.0.7.0
+ A 10.0.7.1
+ A 10.0.7.2
+ A 10.0.7.3
+ A 10.0.7.4
+ A 10.0.7.5
+ A 10.0.7.6
+ A 10.0.7.7
+ A 10.0.7.8
+ A 10.0.7.9
+ A 10.0.7.10
+ A 10.0.7.11
+ A 10.0.7.12
+ A 10.0.7.13
+ A 10.0.7.14
+ A 10.0.7.15
+ A 10.0.7.16
+ A 10.0.7.17
+ A 10.0.7.18
+ A 10.0.7.19
+ A 10.0.7.20
+ A 10.0.7.21
+ A 10.0.7.22
+ A 10.0.7.23
+ A 10.0.7.24
+ A 10.0.7.25
+ A 10.0.7.26
+ A 10.0.7.27
+ A 10.0.7.28
+ A 10.0.7.29
+ A 10.0.7.30
+ A 10.0.7.31
+ A 10.0.7.32
+ A 10.0.7.33
+ A 10.0.7.34
+ A 10.0.7.35
+ A 10.0.7.36
+ A 10.0.7.37
+ A 10.0.7.38
+ A 10.0.7.39
+ A 10.0.7.40
+ A 10.0.7.41
+ A 10.0.7.42
+ A 10.0.7.43
+ A 10.0.7.44
+ A 10.0.7.45
+ A 10.0.7.46
+ A 10.0.7.47
+ A 10.0.7.48
+ A 10.0.7.49
+ A 10.0.7.50
+ A 10.0.7.51
+ A 10.0.7.52
+ A 10.0.7.53
+ A 10.0.7.54
+ A 10.0.7.55
+ A 10.0.7.56
+ A 10.0.7.57
+ A 10.0.7.58
+ A 10.0.7.59
+ A 10.0.7.60
+ A 10.0.7.61
+ A 10.0.7.62
+ A 10.0.7.63
+ A 10.0.7.64
+ A 10.0.7.65
+ A 10.0.7.66
+ A 10.0.7.67
+ A 10.0.7.68
+ A 10.0.7.69
+ A 10.0.7.70
+ A 10.0.7.71
+ A 10.0.7.72
+ A 10.0.7.73
+ A 10.0.7.74
+ A 10.0.7.75
+ A 10.0.7.76
+ A 10.0.7.77
+ A 10.0.7.78
+ A 10.0.7.79
+ A 10.0.7.80
+ A 10.0.7.81
+ A 10.0.7.82
+ A 10.0.7.83
+ A 10.0.7.84
+ A 10.0.7.85
+ A 10.0.7.86
+ A 10.0.7.87
+ A 10.0.7.88
+ A 10.0.7.89
+ A 10.0.7.90
+ A 10.0.7.91
+ A 10.0.7.92
+ A 10.0.7.93
+ A 10.0.7.94
+ A 10.0.7.95
+ A 10.0.7.96
+ A 10.0.7.97
+ A 10.0.7.98
+ A 10.0.7.99
+ A 10.0.7.100
+ A 10.0.7.101
+ A 10.0.7.102
+ A 10.0.7.103
+ A 10.0.7.104
+ A 10.0.7.105
+ A 10.0.7.106
+ A 10.0.7.107
+ A 10.0.7.108
+ A 10.0.7.109
+ A 10.0.7.110
+ A 10.0.7.111
+ A 10.0.7.112
+ A 10.0.7.113
+ A 10.0.7.114
+ A 10.0.7.115
+ A 10.0.7.116
+ A 10.0.7.117
+ A 10.0.7.118
+ A 10.0.7.119
+ A 10.0.7.120
+ A 10.0.7.121
+ A 10.0.7.122
+ A 10.0.7.123
+ A 10.0.7.124
+ A 10.0.7.125
+ A 10.0.7.126
+ A 10.0.7.127
+ A 10.0.7.128
+ A 10.0.7.129
+ A 10.0.7.130
+ A 10.0.7.131
+ A 10.0.7.132
+ A 10.0.7.133
+ A 10.0.7.134
+ A 10.0.7.135
+ A 10.0.7.136
+ A 10.0.7.137
+ A 10.0.7.138
+ A 10.0.7.139
+ A 10.0.7.140
+ A 10.0.7.141
+ A 10.0.7.142
+ A 10.0.7.143
+ A 10.0.7.144
+ A 10.0.7.145
+ A 10.0.7.146
+ A 10.0.7.147
+ A 10.0.7.148
+ A 10.0.7.149
+ A 10.0.7.150
+ A 10.0.7.151
+ A 10.0.7.152
+ A 10.0.7.153
+ A 10.0.7.154
+ A 10.0.7.155
+ A 10.0.7.156
+ A 10.0.7.157
+ A 10.0.7.158
+ A 10.0.7.159
+ A 10.0.7.160
+ A 10.0.7.161
+ A 10.0.7.162
+ A 10.0.7.163
+ A 10.0.7.164
+ A 10.0.7.165
+ A 10.0.7.166
+ A 10.0.7.167
+ A 10.0.7.168
+ A 10.0.7.169
+ A 10.0.7.170
+ A 10.0.7.171
+ A 10.0.7.172
+ A 10.0.7.173
+ A 10.0.7.174
+ A 10.0.7.175
+ A 10.0.7.176
+ A 10.0.7.177
+ A 10.0.7.178
+ A 10.0.7.179
+ A 10.0.7.180
+ A 10.0.7.181
+ A 10.0.7.182
+ A 10.0.7.183
+ A 10.0.7.184
+ A 10.0.7.185
+ A 10.0.7.186
+ A 10.0.7.187
+ A 10.0.7.188
+ A 10.0.7.189
+ A 10.0.7.190
+ A 10.0.7.191
+ A 10.0.7.192
+ A 10.0.7.193
+ A 10.0.7.194
+ A 10.0.7.195
+ A 10.0.7.196
+ A 10.0.7.197
+ A 10.0.7.198
+ A 10.0.7.199
+ A 10.0.7.200
+ A 10.0.7.201
+ A 10.0.7.202
+ A 10.0.7.203
+ A 10.0.7.204
+ A 10.0.7.205
+ A 10.0.7.206
+ A 10.0.7.207
+3000 A 10.0.0.0
+ A 10.0.0.1
+ A 10.0.0.2
+ A 10.0.0.3
+ A 10.0.0.4
+ A 10.0.0.5
+ A 10.0.0.6
+ A 10.0.0.7
+ A 10.0.0.8
+ A 10.0.0.9
+ A 10.0.0.10
+ A 10.0.0.11
+ A 10.0.0.12
+ A 10.0.0.13
+ A 10.0.0.14
+ A 10.0.0.15
+ A 10.0.0.16
+ A 10.0.0.17
+ A 10.0.0.18
+ A 10.0.0.19
+ A 10.0.0.20
+ A 10.0.0.21
+ A 10.0.0.22
+ A 10.0.0.23
+ A 10.0.0.24
+ A 10.0.0.25
+ A 10.0.0.26
+ A 10.0.0.27
+ A 10.0.0.28
+ A 10.0.0.29
+ A 10.0.0.30
+ A 10.0.0.31
+ A 10.0.0.32
+ A 10.0.0.33
+ A 10.0.0.34
+ A 10.0.0.35
+ A 10.0.0.36
+ A 10.0.0.37
+ A 10.0.0.38
+ A 10.0.0.39
+ A 10.0.0.40
+ A 10.0.0.41
+ A 10.0.0.42
+ A 10.0.0.43
+ A 10.0.0.44
+ A 10.0.0.45
+ A 10.0.0.46
+ A 10.0.0.47
+ A 10.0.0.48
+ A 10.0.0.49
+ A 10.0.0.50
+ A 10.0.0.51
+ A 10.0.0.52
+ A 10.0.0.53
+ A 10.0.0.54
+ A 10.0.0.55
+ A 10.0.0.56
+ A 10.0.0.57
+ A 10.0.0.58
+ A 10.0.0.59
+ A 10.0.0.60
+ A 10.0.0.61
+ A 10.0.0.62
+ A 10.0.0.63
+ A 10.0.0.64
+ A 10.0.0.65
+ A 10.0.0.66
+ A 10.0.0.67
+ A 10.0.0.68
+ A 10.0.0.69
+ A 10.0.0.70
+ A 10.0.0.71
+ A 10.0.0.72
+ A 10.0.0.73
+ A 10.0.0.74
+ A 10.0.0.75
+ A 10.0.0.76
+ A 10.0.0.77
+ A 10.0.0.78
+ A 10.0.0.79
+ A 10.0.0.80
+ A 10.0.0.81
+ A 10.0.0.82
+ A 10.0.0.83
+ A 10.0.0.84
+ A 10.0.0.85
+ A 10.0.0.86
+ A 10.0.0.87
+ A 10.0.0.88
+ A 10.0.0.89
+ A 10.0.0.90
+ A 10.0.0.91
+ A 10.0.0.92
+ A 10.0.0.93
+ A 10.0.0.94
+ A 10.0.0.95
+ A 10.0.0.96
+ A 10.0.0.97
+ A 10.0.0.98
+ A 10.0.0.99
+ A 10.0.0.100
+ A 10.0.0.101
+ A 10.0.0.102
+ A 10.0.0.103
+ A 10.0.0.104
+ A 10.0.0.105
+ A 10.0.0.106
+ A 10.0.0.107
+ A 10.0.0.108
+ A 10.0.0.109
+ A 10.0.0.110
+ A 10.0.0.111
+ A 10.0.0.112
+ A 10.0.0.113
+ A 10.0.0.114
+ A 10.0.0.115
+ A 10.0.0.116
+ A 10.0.0.117
+ A 10.0.0.118
+ A 10.0.0.119
+ A 10.0.0.120
+ A 10.0.0.121
+ A 10.0.0.122
+ A 10.0.0.123
+ A 10.0.0.124
+ A 10.0.0.125
+ A 10.0.0.126
+ A 10.0.0.127
+ A 10.0.0.128
+ A 10.0.0.129
+ A 10.0.0.130
+ A 10.0.0.131
+ A 10.0.0.132
+ A 10.0.0.133
+ A 10.0.0.134
+ A 10.0.0.135
+ A 10.0.0.136
+ A 10.0.0.137
+ A 10.0.0.138
+ A 10.0.0.139
+ A 10.0.0.140
+ A 10.0.0.141
+ A 10.0.0.142
+ A 10.0.0.143
+ A 10.0.0.144
+ A 10.0.0.145
+ A 10.0.0.146
+ A 10.0.0.147
+ A 10.0.0.148
+ A 10.0.0.149
+ A 10.0.0.150
+ A 10.0.0.151
+ A 10.0.0.152
+ A 10.0.0.153
+ A 10.0.0.154
+ A 10.0.0.155
+ A 10.0.0.156
+ A 10.0.0.157
+ A 10.0.0.158
+ A 10.0.0.159
+ A 10.0.0.160
+ A 10.0.0.161
+ A 10.0.0.162
+ A 10.0.0.163
+ A 10.0.0.164
+ A 10.0.0.165
+ A 10.0.0.166
+ A 10.0.0.167
+ A 10.0.0.168
+ A 10.0.0.169
+ A 10.0.0.170
+ A 10.0.0.171
+ A 10.0.0.172
+ A 10.0.0.173
+ A 10.0.0.174
+ A 10.0.0.175
+ A 10.0.0.176
+ A 10.0.0.177
+ A 10.0.0.178
+ A 10.0.0.179
+ A 10.0.0.180
+ A 10.0.0.181
+ A 10.0.0.182
+ A 10.0.0.183
+ A 10.0.0.184
+ A 10.0.0.185
+ A 10.0.0.186
+ A 10.0.0.187
+ A 10.0.0.188
+ A 10.0.0.189
+ A 10.0.0.190
+ A 10.0.0.191
+ A 10.0.0.192
+ A 10.0.0.193
+ A 10.0.0.194
+ A 10.0.0.195
+ A 10.0.0.196
+ A 10.0.0.197
+ A 10.0.0.198
+ A 10.0.0.199
+ A 10.0.0.200
+ A 10.0.0.201
+ A 10.0.0.202
+ A 10.0.0.203
+ A 10.0.0.204
+ A 10.0.0.205
+ A 10.0.0.206
+ A 10.0.0.207
+ A 10.0.0.208
+ A 10.0.0.209
+ A 10.0.0.210
+ A 10.0.0.211
+ A 10.0.0.212
+ A 10.0.0.213
+ A 10.0.0.214
+ A 10.0.0.215
+ A 10.0.0.216
+ A 10.0.0.217
+ A 10.0.0.218
+ A 10.0.0.219
+ A 10.0.0.220
+ A 10.0.0.221
+ A 10.0.0.222
+ A 10.0.0.223
+ A 10.0.0.224
+ A 10.0.0.225
+ A 10.0.0.226
+ A 10.0.0.227
+ A 10.0.0.228
+ A 10.0.0.229
+ A 10.0.0.230
+ A 10.0.0.231
+ A 10.0.0.232
+ A 10.0.0.233
+ A 10.0.0.234
+ A 10.0.0.235
+ A 10.0.0.236
+ A 10.0.0.237
+ A 10.0.0.238
+ A 10.0.0.239
+ A 10.0.0.240
+ A 10.0.0.241
+ A 10.0.0.242
+ A 10.0.0.243
+ A 10.0.0.244
+ A 10.0.0.245
+ A 10.0.0.246
+ A 10.0.0.247
+ A 10.0.0.248
+ A 10.0.0.249
+ A 10.0.0.250
+ A 10.0.0.251
+ A 10.0.0.252
+ A 10.0.0.253
+ A 10.0.0.254
+ A 10.0.0.255
+ A 10.0.1.0
+ A 10.0.1.1
+ A 10.0.1.2
+ A 10.0.1.3
+ A 10.0.1.4
+ A 10.0.1.5
+ A 10.0.1.6
+ A 10.0.1.7
+ A 10.0.1.8
+ A 10.0.1.9
+ A 10.0.1.10
+ A 10.0.1.11
+ A 10.0.1.12
+ A 10.0.1.13
+ A 10.0.1.14
+ A 10.0.1.15
+ A 10.0.1.16
+ A 10.0.1.17
+ A 10.0.1.18
+ A 10.0.1.19
+ A 10.0.1.20
+ A 10.0.1.21
+ A 10.0.1.22
+ A 10.0.1.23
+ A 10.0.1.24
+ A 10.0.1.25
+ A 10.0.1.26
+ A 10.0.1.27
+ A 10.0.1.28
+ A 10.0.1.29
+ A 10.0.1.30
+ A 10.0.1.31
+ A 10.0.1.32
+ A 10.0.1.33
+ A 10.0.1.34
+ A 10.0.1.35
+ A 10.0.1.36
+ A 10.0.1.37
+ A 10.0.1.38
+ A 10.0.1.39
+ A 10.0.1.40
+ A 10.0.1.41
+ A 10.0.1.42
+ A 10.0.1.43
+ A 10.0.1.44
+ A 10.0.1.45
+ A 10.0.1.46
+ A 10.0.1.47
+ A 10.0.1.48
+ A 10.0.1.49
+ A 10.0.1.50
+ A 10.0.1.51
+ A 10.0.1.52
+ A 10.0.1.53
+ A 10.0.1.54
+ A 10.0.1.55
+ A 10.0.1.56
+ A 10.0.1.57
+ A 10.0.1.58
+ A 10.0.1.59
+ A 10.0.1.60
+ A 10.0.1.61
+ A 10.0.1.62
+ A 10.0.1.63
+ A 10.0.1.64
+ A 10.0.1.65
+ A 10.0.1.66
+ A 10.0.1.67
+ A 10.0.1.68
+ A 10.0.1.69
+ A 10.0.1.70
+ A 10.0.1.71
+ A 10.0.1.72
+ A 10.0.1.73
+ A 10.0.1.74
+ A 10.0.1.75
+ A 10.0.1.76
+ A 10.0.1.77
+ A 10.0.1.78
+ A 10.0.1.79
+ A 10.0.1.80
+ A 10.0.1.81
+ A 10.0.1.82
+ A 10.0.1.83
+ A 10.0.1.84
+ A 10.0.1.85
+ A 10.0.1.86
+ A 10.0.1.87
+ A 10.0.1.88
+ A 10.0.1.89
+ A 10.0.1.90
+ A 10.0.1.91
+ A 10.0.1.92
+ A 10.0.1.93
+ A 10.0.1.94
+ A 10.0.1.95
+ A 10.0.1.96
+ A 10.0.1.97
+ A 10.0.1.98
+ A 10.0.1.99
+ A 10.0.1.100
+ A 10.0.1.101
+ A 10.0.1.102
+ A 10.0.1.103
+ A 10.0.1.104
+ A 10.0.1.105
+ A 10.0.1.106
+ A 10.0.1.107
+ A 10.0.1.108
+ A 10.0.1.109
+ A 10.0.1.110
+ A 10.0.1.111
+ A 10.0.1.112
+ A 10.0.1.113
+ A 10.0.1.114
+ A 10.0.1.115
+ A 10.0.1.116
+ A 10.0.1.117
+ A 10.0.1.118
+ A 10.0.1.119
+ A 10.0.1.120
+ A 10.0.1.121
+ A 10.0.1.122
+ A 10.0.1.123
+ A 10.0.1.124
+ A 10.0.1.125
+ A 10.0.1.126
+ A 10.0.1.127
+ A 10.0.1.128
+ A 10.0.1.129
+ A 10.0.1.130
+ A 10.0.1.131
+ A 10.0.1.132
+ A 10.0.1.133
+ A 10.0.1.134
+ A 10.0.1.135
+ A 10.0.1.136
+ A 10.0.1.137
+ A 10.0.1.138
+ A 10.0.1.139
+ A 10.0.1.140
+ A 10.0.1.141
+ A 10.0.1.142
+ A 10.0.1.143
+ A 10.0.1.144
+ A 10.0.1.145
+ A 10.0.1.146
+ A 10.0.1.147
+ A 10.0.1.148
+ A 10.0.1.149
+ A 10.0.1.150
+ A 10.0.1.151
+ A 10.0.1.152
+ A 10.0.1.153
+ A 10.0.1.154
+ A 10.0.1.155
+ A 10.0.1.156
+ A 10.0.1.157
+ A 10.0.1.158
+ A 10.0.1.159
+ A 10.0.1.160
+ A 10.0.1.161
+ A 10.0.1.162
+ A 10.0.1.163
+ A 10.0.1.164
+ A 10.0.1.165
+ A 10.0.1.166
+ A 10.0.1.167
+ A 10.0.1.168
+ A 10.0.1.169
+ A 10.0.1.170
+ A 10.0.1.171
+ A 10.0.1.172
+ A 10.0.1.173
+ A 10.0.1.174
+ A 10.0.1.175
+ A 10.0.1.176
+ A 10.0.1.177
+ A 10.0.1.178
+ A 10.0.1.179
+ A 10.0.1.180
+ A 10.0.1.181
+ A 10.0.1.182
+ A 10.0.1.183
+ A 10.0.1.184
+ A 10.0.1.185
+ A 10.0.1.186
+ A 10.0.1.187
+ A 10.0.1.188
+ A 10.0.1.189
+ A 10.0.1.190
+ A 10.0.1.191
+ A 10.0.1.192
+ A 10.0.1.193
+ A 10.0.1.194
+ A 10.0.1.195
+ A 10.0.1.196
+ A 10.0.1.197
+ A 10.0.1.198
+ A 10.0.1.199
+ A 10.0.1.200
+ A 10.0.1.201
+ A 10.0.1.202
+ A 10.0.1.203
+ A 10.0.1.204
+ A 10.0.1.205
+ A 10.0.1.206
+ A 10.0.1.207
+ A 10.0.1.208
+ A 10.0.1.209
+ A 10.0.1.210
+ A 10.0.1.211
+ A 10.0.1.212
+ A 10.0.1.213
+ A 10.0.1.214
+ A 10.0.1.215
+ A 10.0.1.216
+ A 10.0.1.217
+ A 10.0.1.218
+ A 10.0.1.219
+ A 10.0.1.220
+ A 10.0.1.221
+ A 10.0.1.222
+ A 10.0.1.223
+ A 10.0.1.224
+ A 10.0.1.225
+ A 10.0.1.226
+ A 10.0.1.227
+ A 10.0.1.228
+ A 10.0.1.229
+ A 10.0.1.230
+ A 10.0.1.231
+ A 10.0.1.232
+ A 10.0.1.233
+ A 10.0.1.234
+ A 10.0.1.235
+ A 10.0.1.236
+ A 10.0.1.237
+ A 10.0.1.238
+ A 10.0.1.239
+ A 10.0.1.240
+ A 10.0.1.241
+ A 10.0.1.242
+ A 10.0.1.243
+ A 10.0.1.244
+ A 10.0.1.245
+ A 10.0.1.246
+ A 10.0.1.247
+ A 10.0.1.248
+ A 10.0.1.249
+ A 10.0.1.250
+ A 10.0.1.251
+ A 10.0.1.252
+ A 10.0.1.253
+ A 10.0.1.254
+ A 10.0.1.255
+ A 10.0.2.0
+ A 10.0.2.1
+ A 10.0.2.2
+ A 10.0.2.3
+ A 10.0.2.4
+ A 10.0.2.5
+ A 10.0.2.6
+ A 10.0.2.7
+ A 10.0.2.8
+ A 10.0.2.9
+ A 10.0.2.10
+ A 10.0.2.11
+ A 10.0.2.12
+ A 10.0.2.13
+ A 10.0.2.14
+ A 10.0.2.15
+ A 10.0.2.16
+ A 10.0.2.17
+ A 10.0.2.18
+ A 10.0.2.19
+ A 10.0.2.20
+ A 10.0.2.21
+ A 10.0.2.22
+ A 10.0.2.23
+ A 10.0.2.24
+ A 10.0.2.25
+ A 10.0.2.26
+ A 10.0.2.27
+ A 10.0.2.28
+ A 10.0.2.29
+ A 10.0.2.30
+ A 10.0.2.31
+ A 10.0.2.32
+ A 10.0.2.33
+ A 10.0.2.34
+ A 10.0.2.35
+ A 10.0.2.36
+ A 10.0.2.37
+ A 10.0.2.38
+ A 10.0.2.39
+ A 10.0.2.40
+ A 10.0.2.41
+ A 10.0.2.42
+ A 10.0.2.43
+ A 10.0.2.44
+ A 10.0.2.45
+ A 10.0.2.46
+ A 10.0.2.47
+ A 10.0.2.48
+ A 10.0.2.49
+ A 10.0.2.50
+ A 10.0.2.51
+ A 10.0.2.52
+ A 10.0.2.53
+ A 10.0.2.54
+ A 10.0.2.55
+ A 10.0.2.56
+ A 10.0.2.57
+ A 10.0.2.58
+ A 10.0.2.59
+ A 10.0.2.60
+ A 10.0.2.61
+ A 10.0.2.62
+ A 10.0.2.63
+ A 10.0.2.64
+ A 10.0.2.65
+ A 10.0.2.66
+ A 10.0.2.67
+ A 10.0.2.68
+ A 10.0.2.69
+ A 10.0.2.70
+ A 10.0.2.71
+ A 10.0.2.72
+ A 10.0.2.73
+ A 10.0.2.74
+ A 10.0.2.75
+ A 10.0.2.76
+ A 10.0.2.77
+ A 10.0.2.78
+ A 10.0.2.79
+ A 10.0.2.80
+ A 10.0.2.81
+ A 10.0.2.82
+ A 10.0.2.83
+ A 10.0.2.84
+ A 10.0.2.85
+ A 10.0.2.86
+ A 10.0.2.87
+ A 10.0.2.88
+ A 10.0.2.89
+ A 10.0.2.90
+ A 10.0.2.91
+ A 10.0.2.92
+ A 10.0.2.93
+ A 10.0.2.94
+ A 10.0.2.95
+ A 10.0.2.96
+ A 10.0.2.97
+ A 10.0.2.98
+ A 10.0.2.99
+ A 10.0.2.100
+ A 10.0.2.101
+ A 10.0.2.102
+ A 10.0.2.103
+ A 10.0.2.104
+ A 10.0.2.105
+ A 10.0.2.106
+ A 10.0.2.107
+ A 10.0.2.108
+ A 10.0.2.109
+ A 10.0.2.110
+ A 10.0.2.111
+ A 10.0.2.112
+ A 10.0.2.113
+ A 10.0.2.114
+ A 10.0.2.115
+ A 10.0.2.116
+ A 10.0.2.117
+ A 10.0.2.118
+ A 10.0.2.119
+ A 10.0.2.120
+ A 10.0.2.121
+ A 10.0.2.122
+ A 10.0.2.123
+ A 10.0.2.124
+ A 10.0.2.125
+ A 10.0.2.126
+ A 10.0.2.127
+ A 10.0.2.128
+ A 10.0.2.129
+ A 10.0.2.130
+ A 10.0.2.131
+ A 10.0.2.132
+ A 10.0.2.133
+ A 10.0.2.134
+ A 10.0.2.135
+ A 10.0.2.136
+ A 10.0.2.137
+ A 10.0.2.138
+ A 10.0.2.139
+ A 10.0.2.140
+ A 10.0.2.141
+ A 10.0.2.142
+ A 10.0.2.143
+ A 10.0.2.144
+ A 10.0.2.145
+ A 10.0.2.146
+ A 10.0.2.147
+ A 10.0.2.148
+ A 10.0.2.149
+ A 10.0.2.150
+ A 10.0.2.151
+ A 10.0.2.152
+ A 10.0.2.153
+ A 10.0.2.154
+ A 10.0.2.155
+ A 10.0.2.156
+ A 10.0.2.157
+ A 10.0.2.158
+ A 10.0.2.159
+ A 10.0.2.160
+ A 10.0.2.161
+ A 10.0.2.162
+ A 10.0.2.163
+ A 10.0.2.164
+ A 10.0.2.165
+ A 10.0.2.166
+ A 10.0.2.167
+ A 10.0.2.168
+ A 10.0.2.169
+ A 10.0.2.170
+ A 10.0.2.171
+ A 10.0.2.172
+ A 10.0.2.173
+ A 10.0.2.174
+ A 10.0.2.175
+ A 10.0.2.176
+ A 10.0.2.177
+ A 10.0.2.178
+ A 10.0.2.179
+ A 10.0.2.180
+ A 10.0.2.181
+ A 10.0.2.182
+ A 10.0.2.183
+ A 10.0.2.184
+ A 10.0.2.185
+ A 10.0.2.186
+ A 10.0.2.187
+ A 10.0.2.188
+ A 10.0.2.189
+ A 10.0.2.190
+ A 10.0.2.191
+ A 10.0.2.192
+ A 10.0.2.193
+ A 10.0.2.194
+ A 10.0.2.195
+ A 10.0.2.196
+ A 10.0.2.197
+ A 10.0.2.198
+ A 10.0.2.199
+ A 10.0.2.200
+ A 10.0.2.201
+ A 10.0.2.202
+ A 10.0.2.203
+ A 10.0.2.204
+ A 10.0.2.205
+ A 10.0.2.206
+ A 10.0.2.207
+ A 10.0.2.208
+ A 10.0.2.209
+ A 10.0.2.210
+ A 10.0.2.211
+ A 10.0.2.212
+ A 10.0.2.213
+ A 10.0.2.214
+ A 10.0.2.215
+ A 10.0.2.216
+ A 10.0.2.217
+ A 10.0.2.218
+ A 10.0.2.219
+ A 10.0.2.220
+ A 10.0.2.221
+ A 10.0.2.222
+ A 10.0.2.223
+ A 10.0.2.224
+ A 10.0.2.225
+ A 10.0.2.226
+ A 10.0.2.227
+ A 10.0.2.228
+ A 10.0.2.229
+ A 10.0.2.230
+ A 10.0.2.231
+ A 10.0.2.232
+ A 10.0.2.233
+ A 10.0.2.234
+ A 10.0.2.235
+ A 10.0.2.236
+ A 10.0.2.237
+ A 10.0.2.238
+ A 10.0.2.239
+ A 10.0.2.240
+ A 10.0.2.241
+ A 10.0.2.242
+ A 10.0.2.243
+ A 10.0.2.244
+ A 10.0.2.245
+ A 10.0.2.246
+ A 10.0.2.247
+ A 10.0.2.248
+ A 10.0.2.249
+ A 10.0.2.250
+ A 10.0.2.251
+ A 10.0.2.252
+ A 10.0.2.253
+ A 10.0.2.254
+ A 10.0.2.255
+ A 10.0.3.0
+ A 10.0.3.1
+ A 10.0.3.2
+ A 10.0.3.3
+ A 10.0.3.4
+ A 10.0.3.5
+ A 10.0.3.6
+ A 10.0.3.7
+ A 10.0.3.8
+ A 10.0.3.9
+ A 10.0.3.10
+ A 10.0.3.11
+ A 10.0.3.12
+ A 10.0.3.13
+ A 10.0.3.14
+ A 10.0.3.15
+ A 10.0.3.16
+ A 10.0.3.17
+ A 10.0.3.18
+ A 10.0.3.19
+ A 10.0.3.20
+ A 10.0.3.21
+ A 10.0.3.22
+ A 10.0.3.23
+ A 10.0.3.24
+ A 10.0.3.25
+ A 10.0.3.26
+ A 10.0.3.27
+ A 10.0.3.28
+ A 10.0.3.29
+ A 10.0.3.30
+ A 10.0.3.31
+ A 10.0.3.32
+ A 10.0.3.33
+ A 10.0.3.34
+ A 10.0.3.35
+ A 10.0.3.36
+ A 10.0.3.37
+ A 10.0.3.38
+ A 10.0.3.39
+ A 10.0.3.40
+ A 10.0.3.41
+ A 10.0.3.42
+ A 10.0.3.43
+ A 10.0.3.44
+ A 10.0.3.45
+ A 10.0.3.46
+ A 10.0.3.47
+ A 10.0.3.48
+ A 10.0.3.49
+ A 10.0.3.50
+ A 10.0.3.51
+ A 10.0.3.52
+ A 10.0.3.53
+ A 10.0.3.54
+ A 10.0.3.55
+ A 10.0.3.56
+ A 10.0.3.57
+ A 10.0.3.58
+ A 10.0.3.59
+ A 10.0.3.60
+ A 10.0.3.61
+ A 10.0.3.62
+ A 10.0.3.63
+ A 10.0.3.64
+ A 10.0.3.65
+ A 10.0.3.66
+ A 10.0.3.67
+ A 10.0.3.68
+ A 10.0.3.69
+ A 10.0.3.70
+ A 10.0.3.71
+ A 10.0.3.72
+ A 10.0.3.73
+ A 10.0.3.74
+ A 10.0.3.75
+ A 10.0.3.76
+ A 10.0.3.77
+ A 10.0.3.78
+ A 10.0.3.79
+ A 10.0.3.80
+ A 10.0.3.81
+ A 10.0.3.82
+ A 10.0.3.83
+ A 10.0.3.84
+ A 10.0.3.85
+ A 10.0.3.86
+ A 10.0.3.87
+ A 10.0.3.88
+ A 10.0.3.89
+ A 10.0.3.90
+ A 10.0.3.91
+ A 10.0.3.92
+ A 10.0.3.93
+ A 10.0.3.94
+ A 10.0.3.95
+ A 10.0.3.96
+ A 10.0.3.97
+ A 10.0.3.98
+ A 10.0.3.99
+ A 10.0.3.100
+ A 10.0.3.101
+ A 10.0.3.102
+ A 10.0.3.103
+ A 10.0.3.104
+ A 10.0.3.105
+ A 10.0.3.106
+ A 10.0.3.107
+ A 10.0.3.108
+ A 10.0.3.109
+ A 10.0.3.110
+ A 10.0.3.111
+ A 10.0.3.112
+ A 10.0.3.113
+ A 10.0.3.114
+ A 10.0.3.115
+ A 10.0.3.116
+ A 10.0.3.117
+ A 10.0.3.118
+ A 10.0.3.119
+ A 10.0.3.120
+ A 10.0.3.121
+ A 10.0.3.122
+ A 10.0.3.123
+ A 10.0.3.124
+ A 10.0.3.125
+ A 10.0.3.126
+ A 10.0.3.127
+ A 10.0.3.128
+ A 10.0.3.129
+ A 10.0.3.130
+ A 10.0.3.131
+ A 10.0.3.132
+ A 10.0.3.133
+ A 10.0.3.134
+ A 10.0.3.135
+ A 10.0.3.136
+ A 10.0.3.137
+ A 10.0.3.138
+ A 10.0.3.139
+ A 10.0.3.140
+ A 10.0.3.141
+ A 10.0.3.142
+ A 10.0.3.143
+ A 10.0.3.144
+ A 10.0.3.145
+ A 10.0.3.146
+ A 10.0.3.147
+ A 10.0.3.148
+ A 10.0.3.149
+ A 10.0.3.150
+ A 10.0.3.151
+ A 10.0.3.152
+ A 10.0.3.153
+ A 10.0.3.154
+ A 10.0.3.155
+ A 10.0.3.156
+ A 10.0.3.157
+ A 10.0.3.158
+ A 10.0.3.159
+ A 10.0.3.160
+ A 10.0.3.161
+ A 10.0.3.162
+ A 10.0.3.163
+ A 10.0.3.164
+ A 10.0.3.165
+ A 10.0.3.166
+ A 10.0.3.167
+ A 10.0.3.168
+ A 10.0.3.169
+ A 10.0.3.170
+ A 10.0.3.171
+ A 10.0.3.172
+ A 10.0.3.173
+ A 10.0.3.174
+ A 10.0.3.175
+ A 10.0.3.176
+ A 10.0.3.177
+ A 10.0.3.178
+ A 10.0.3.179
+ A 10.0.3.180
+ A 10.0.3.181
+ A 10.0.3.182
+ A 10.0.3.183
+ A 10.0.3.184
+ A 10.0.3.185
+ A 10.0.3.186
+ A 10.0.3.187
+ A 10.0.3.188
+ A 10.0.3.189
+ A 10.0.3.190
+ A 10.0.3.191
+ A 10.0.3.192
+ A 10.0.3.193
+ A 10.0.3.194
+ A 10.0.3.195
+ A 10.0.3.196
+ A 10.0.3.197
+ A 10.0.3.198
+ A 10.0.3.199
+ A 10.0.3.200
+ A 10.0.3.201
+ A 10.0.3.202
+ A 10.0.3.203
+ A 10.0.3.204
+ A 10.0.3.205
+ A 10.0.3.206
+ A 10.0.3.207
+ A 10.0.3.208
+ A 10.0.3.209
+ A 10.0.3.210
+ A 10.0.3.211
+ A 10.0.3.212
+ A 10.0.3.213
+ A 10.0.3.214
+ A 10.0.3.215
+ A 10.0.3.216
+ A 10.0.3.217
+ A 10.0.3.218
+ A 10.0.3.219
+ A 10.0.3.220
+ A 10.0.3.221
+ A 10.0.3.222
+ A 10.0.3.223
+ A 10.0.3.224
+ A 10.0.3.225
+ A 10.0.3.226
+ A 10.0.3.227
+ A 10.0.3.228
+ A 10.0.3.229
+ A 10.0.3.230
+ A 10.0.3.231
+ A 10.0.3.232
+ A 10.0.3.233
+ A 10.0.3.234
+ A 10.0.3.235
+ A 10.0.3.236
+ A 10.0.3.237
+ A 10.0.3.238
+ A 10.0.3.239
+ A 10.0.3.240
+ A 10.0.3.241
+ A 10.0.3.242
+ A 10.0.3.243
+ A 10.0.3.244
+ A 10.0.3.245
+ A 10.0.3.246
+ A 10.0.3.247
+ A 10.0.3.248
+ A 10.0.3.249
+ A 10.0.3.250
+ A 10.0.3.251
+ A 10.0.3.252
+ A 10.0.3.253
+ A 10.0.3.254
+ A 10.0.3.255
+ A 10.0.4.0
+ A 10.0.4.1
+ A 10.0.4.2
+ A 10.0.4.3
+ A 10.0.4.4
+ A 10.0.4.5
+ A 10.0.4.6
+ A 10.0.4.7
+ A 10.0.4.8
+ A 10.0.4.9
+ A 10.0.4.10
+ A 10.0.4.11
+ A 10.0.4.12
+ A 10.0.4.13
+ A 10.0.4.14
+ A 10.0.4.15
+ A 10.0.4.16
+ A 10.0.4.17
+ A 10.0.4.18
+ A 10.0.4.19
+ A 10.0.4.20
+ A 10.0.4.21
+ A 10.0.4.22
+ A 10.0.4.23
+ A 10.0.4.24
+ A 10.0.4.25
+ A 10.0.4.26
+ A 10.0.4.27
+ A 10.0.4.28
+ A 10.0.4.29
+ A 10.0.4.30
+ A 10.0.4.31
+ A 10.0.4.32
+ A 10.0.4.33
+ A 10.0.4.34
+ A 10.0.4.35
+ A 10.0.4.36
+ A 10.0.4.37
+ A 10.0.4.38
+ A 10.0.4.39
+ A 10.0.4.40
+ A 10.0.4.41
+ A 10.0.4.42
+ A 10.0.4.43
+ A 10.0.4.44
+ A 10.0.4.45
+ A 10.0.4.46
+ A 10.0.4.47
+ A 10.0.4.48
+ A 10.0.4.49
+ A 10.0.4.50
+ A 10.0.4.51
+ A 10.0.4.52
+ A 10.0.4.53
+ A 10.0.4.54
+ A 10.0.4.55
+ A 10.0.4.56
+ A 10.0.4.57
+ A 10.0.4.58
+ A 10.0.4.59
+ A 10.0.4.60
+ A 10.0.4.61
+ A 10.0.4.62
+ A 10.0.4.63
+ A 10.0.4.64
+ A 10.0.4.65
+ A 10.0.4.66
+ A 10.0.4.67
+ A 10.0.4.68
+ A 10.0.4.69
+ A 10.0.4.70
+ A 10.0.4.71
+ A 10.0.4.72
+ A 10.0.4.73
+ A 10.0.4.74
+ A 10.0.4.75
+ A 10.0.4.76
+ A 10.0.4.77
+ A 10.0.4.78
+ A 10.0.4.79
+ A 10.0.4.80
+ A 10.0.4.81
+ A 10.0.4.82
+ A 10.0.4.83
+ A 10.0.4.84
+ A 10.0.4.85
+ A 10.0.4.86
+ A 10.0.4.87
+ A 10.0.4.88
+ A 10.0.4.89
+ A 10.0.4.90
+ A 10.0.4.91
+ A 10.0.4.92
+ A 10.0.4.93
+ A 10.0.4.94
+ A 10.0.4.95
+ A 10.0.4.96
+ A 10.0.4.97
+ A 10.0.4.98
+ A 10.0.4.99
+ A 10.0.4.100
+ A 10.0.4.101
+ A 10.0.4.102
+ A 10.0.4.103
+ A 10.0.4.104
+ A 10.0.4.105
+ A 10.0.4.106
+ A 10.0.4.107
+ A 10.0.4.108
+ A 10.0.4.109
+ A 10.0.4.110
+ A 10.0.4.111
+ A 10.0.4.112
+ A 10.0.4.113
+ A 10.0.4.114
+ A 10.0.4.115
+ A 10.0.4.116
+ A 10.0.4.117
+ A 10.0.4.118
+ A 10.0.4.119
+ A 10.0.4.120
+ A 10.0.4.121
+ A 10.0.4.122
+ A 10.0.4.123
+ A 10.0.4.124
+ A 10.0.4.125
+ A 10.0.4.126
+ A 10.0.4.127
+ A 10.0.4.128
+ A 10.0.4.129
+ A 10.0.4.130
+ A 10.0.4.131
+ A 10.0.4.132
+ A 10.0.4.133
+ A 10.0.4.134
+ A 10.0.4.135
+ A 10.0.4.136
+ A 10.0.4.137
+ A 10.0.4.138
+ A 10.0.4.139
+ A 10.0.4.140
+ A 10.0.4.141
+ A 10.0.4.142
+ A 10.0.4.143
+ A 10.0.4.144
+ A 10.0.4.145
+ A 10.0.4.146
+ A 10.0.4.147
+ A 10.0.4.148
+ A 10.0.4.149
+ A 10.0.4.150
+ A 10.0.4.151
+ A 10.0.4.152
+ A 10.0.4.153
+ A 10.0.4.154
+ A 10.0.4.155
+ A 10.0.4.156
+ A 10.0.4.157
+ A 10.0.4.158
+ A 10.0.4.159
+ A 10.0.4.160
+ A 10.0.4.161
+ A 10.0.4.162
+ A 10.0.4.163
+ A 10.0.4.164
+ A 10.0.4.165
+ A 10.0.4.166
+ A 10.0.4.167
+ A 10.0.4.168
+ A 10.0.4.169
+ A 10.0.4.170
+ A 10.0.4.171
+ A 10.0.4.172
+ A 10.0.4.173
+ A 10.0.4.174
+ A 10.0.4.175
+ A 10.0.4.176
+ A 10.0.4.177
+ A 10.0.4.178
+ A 10.0.4.179
+ A 10.0.4.180
+ A 10.0.4.181
+ A 10.0.4.182
+ A 10.0.4.183
+ A 10.0.4.184
+ A 10.0.4.185
+ A 10.0.4.186
+ A 10.0.4.187
+ A 10.0.4.188
+ A 10.0.4.189
+ A 10.0.4.190
+ A 10.0.4.191
+ A 10.0.4.192
+ A 10.0.4.193
+ A 10.0.4.194
+ A 10.0.4.195
+ A 10.0.4.196
+ A 10.0.4.197
+ A 10.0.4.198
+ A 10.0.4.199
+ A 10.0.4.200
+ A 10.0.4.201
+ A 10.0.4.202
+ A 10.0.4.203
+ A 10.0.4.204
+ A 10.0.4.205
+ A 10.0.4.206
+ A 10.0.4.207
+ A 10.0.4.208
+ A 10.0.4.209
+ A 10.0.4.210
+ A 10.0.4.211
+ A 10.0.4.212
+ A 10.0.4.213
+ A 10.0.4.214
+ A 10.0.4.215
+ A 10.0.4.216
+ A 10.0.4.217
+ A 10.0.4.218
+ A 10.0.4.219
+ A 10.0.4.220
+ A 10.0.4.221
+ A 10.0.4.222
+ A 10.0.4.223
+ A 10.0.4.224
+ A 10.0.4.225
+ A 10.0.4.226
+ A 10.0.4.227
+ A 10.0.4.228
+ A 10.0.4.229
+ A 10.0.4.230
+ A 10.0.4.231
+ A 10.0.4.232
+ A 10.0.4.233
+ A 10.0.4.234
+ A 10.0.4.235
+ A 10.0.4.236
+ A 10.0.4.237
+ A 10.0.4.238
+ A 10.0.4.239
+ A 10.0.4.240
+ A 10.0.4.241
+ A 10.0.4.242
+ A 10.0.4.243
+ A 10.0.4.244
+ A 10.0.4.245
+ A 10.0.4.246
+ A 10.0.4.247
+ A 10.0.4.248
+ A 10.0.4.249
+ A 10.0.4.250
+ A 10.0.4.251
+ A 10.0.4.252
+ A 10.0.4.253
+ A 10.0.4.254
+ A 10.0.4.255
+ A 10.0.5.0
+ A 10.0.5.1
+ A 10.0.5.2
+ A 10.0.5.3
+ A 10.0.5.4
+ A 10.0.5.5
+ A 10.0.5.6
+ A 10.0.5.7
+ A 10.0.5.8
+ A 10.0.5.9
+ A 10.0.5.10
+ A 10.0.5.11
+ A 10.0.5.12
+ A 10.0.5.13
+ A 10.0.5.14
+ A 10.0.5.15
+ A 10.0.5.16
+ A 10.0.5.17
+ A 10.0.5.18
+ A 10.0.5.19
+ A 10.0.5.20
+ A 10.0.5.21
+ A 10.0.5.22
+ A 10.0.5.23
+ A 10.0.5.24
+ A 10.0.5.25
+ A 10.0.5.26
+ A 10.0.5.27
+ A 10.0.5.28
+ A 10.0.5.29
+ A 10.0.5.30
+ A 10.0.5.31
+ A 10.0.5.32
+ A 10.0.5.33
+ A 10.0.5.34
+ A 10.0.5.35
+ A 10.0.5.36
+ A 10.0.5.37
+ A 10.0.5.38
+ A 10.0.5.39
+ A 10.0.5.40
+ A 10.0.5.41
+ A 10.0.5.42
+ A 10.0.5.43
+ A 10.0.5.44
+ A 10.0.5.45
+ A 10.0.5.46
+ A 10.0.5.47
+ A 10.0.5.48
+ A 10.0.5.49
+ A 10.0.5.50
+ A 10.0.5.51
+ A 10.0.5.52
+ A 10.0.5.53
+ A 10.0.5.54
+ A 10.0.5.55
+ A 10.0.5.56
+ A 10.0.5.57
+ A 10.0.5.58
+ A 10.0.5.59
+ A 10.0.5.60
+ A 10.0.5.61
+ A 10.0.5.62
+ A 10.0.5.63
+ A 10.0.5.64
+ A 10.0.5.65
+ A 10.0.5.66
+ A 10.0.5.67
+ A 10.0.5.68
+ A 10.0.5.69
+ A 10.0.5.70
+ A 10.0.5.71
+ A 10.0.5.72
+ A 10.0.5.73
+ A 10.0.5.74
+ A 10.0.5.75
+ A 10.0.5.76
+ A 10.0.5.77
+ A 10.0.5.78
+ A 10.0.5.79
+ A 10.0.5.80
+ A 10.0.5.81
+ A 10.0.5.82
+ A 10.0.5.83
+ A 10.0.5.84
+ A 10.0.5.85
+ A 10.0.5.86
+ A 10.0.5.87
+ A 10.0.5.88
+ A 10.0.5.89
+ A 10.0.5.90
+ A 10.0.5.91
+ A 10.0.5.92
+ A 10.0.5.93
+ A 10.0.5.94
+ A 10.0.5.95
+ A 10.0.5.96
+ A 10.0.5.97
+ A 10.0.5.98
+ A 10.0.5.99
+ A 10.0.5.100
+ A 10.0.5.101
+ A 10.0.5.102
+ A 10.0.5.103
+ A 10.0.5.104
+ A 10.0.5.105
+ A 10.0.5.106
+ A 10.0.5.107
+ A 10.0.5.108
+ A 10.0.5.109
+ A 10.0.5.110
+ A 10.0.5.111
+ A 10.0.5.112
+ A 10.0.5.113
+ A 10.0.5.114
+ A 10.0.5.115
+ A 10.0.5.116
+ A 10.0.5.117
+ A 10.0.5.118
+ A 10.0.5.119
+ A 10.0.5.120
+ A 10.0.5.121
+ A 10.0.5.122
+ A 10.0.5.123
+ A 10.0.5.124
+ A 10.0.5.125
+ A 10.0.5.126
+ A 10.0.5.127
+ A 10.0.5.128
+ A 10.0.5.129
+ A 10.0.5.130
+ A 10.0.5.131
+ A 10.0.5.132
+ A 10.0.5.133
+ A 10.0.5.134
+ A 10.0.5.135
+ A 10.0.5.136
+ A 10.0.5.137
+ A 10.0.5.138
+ A 10.0.5.139
+ A 10.0.5.140
+ A 10.0.5.141
+ A 10.0.5.142
+ A 10.0.5.143
+ A 10.0.5.144
+ A 10.0.5.145
+ A 10.0.5.146
+ A 10.0.5.147
+ A 10.0.5.148
+ A 10.0.5.149
+ A 10.0.5.150
+ A 10.0.5.151
+ A 10.0.5.152
+ A 10.0.5.153
+ A 10.0.5.154
+ A 10.0.5.155
+ A 10.0.5.156
+ A 10.0.5.157
+ A 10.0.5.158
+ A 10.0.5.159
+ A 10.0.5.160
+ A 10.0.5.161
+ A 10.0.5.162
+ A 10.0.5.163
+ A 10.0.5.164
+ A 10.0.5.165
+ A 10.0.5.166
+ A 10.0.5.167
+ A 10.0.5.168
+ A 10.0.5.169
+ A 10.0.5.170
+ A 10.0.5.171
+ A 10.0.5.172
+ A 10.0.5.173
+ A 10.0.5.174
+ A 10.0.5.175
+ A 10.0.5.176
+ A 10.0.5.177
+ A 10.0.5.178
+ A 10.0.5.179
+ A 10.0.5.180
+ A 10.0.5.181
+ A 10.0.5.182
+ A 10.0.5.183
+ A 10.0.5.184
+ A 10.0.5.185
+ A 10.0.5.186
+ A 10.0.5.187
+ A 10.0.5.188
+ A 10.0.5.189
+ A 10.0.5.190
+ A 10.0.5.191
+ A 10.0.5.192
+ A 10.0.5.193
+ A 10.0.5.194
+ A 10.0.5.195
+ A 10.0.5.196
+ A 10.0.5.197
+ A 10.0.5.198
+ A 10.0.5.199
+ A 10.0.5.200
+ A 10.0.5.201
+ A 10.0.5.202
+ A 10.0.5.203
+ A 10.0.5.204
+ A 10.0.5.205
+ A 10.0.5.206
+ A 10.0.5.207
+ A 10.0.5.208
+ A 10.0.5.209
+ A 10.0.5.210
+ A 10.0.5.211
+ A 10.0.5.212
+ A 10.0.5.213
+ A 10.0.5.214
+ A 10.0.5.215
+ A 10.0.5.216
+ A 10.0.5.217
+ A 10.0.5.218
+ A 10.0.5.219
+ A 10.0.5.220
+ A 10.0.5.221
+ A 10.0.5.222
+ A 10.0.5.223
+ A 10.0.5.224
+ A 10.0.5.225
+ A 10.0.5.226
+ A 10.0.5.227
+ A 10.0.5.228
+ A 10.0.5.229
+ A 10.0.5.230
+ A 10.0.5.231
+ A 10.0.5.232
+ A 10.0.5.233
+ A 10.0.5.234
+ A 10.0.5.235
+ A 10.0.5.236
+ A 10.0.5.237
+ A 10.0.5.238
+ A 10.0.5.239
+ A 10.0.5.240
+ A 10.0.5.241
+ A 10.0.5.242
+ A 10.0.5.243
+ A 10.0.5.244
+ A 10.0.5.245
+ A 10.0.5.246
+ A 10.0.5.247
+ A 10.0.5.248
+ A 10.0.5.249
+ A 10.0.5.250
+ A 10.0.5.251
+ A 10.0.5.252
+ A 10.0.5.253
+ A 10.0.5.254
+ A 10.0.5.255
+ A 10.0.6.0
+ A 10.0.6.1
+ A 10.0.6.2
+ A 10.0.6.3
+ A 10.0.6.4
+ A 10.0.6.5
+ A 10.0.6.6
+ A 10.0.6.7
+ A 10.0.6.8
+ A 10.0.6.9
+ A 10.0.6.10
+ A 10.0.6.11
+ A 10.0.6.12
+ A 10.0.6.13
+ A 10.0.6.14
+ A 10.0.6.15
+ A 10.0.6.16
+ A 10.0.6.17
+ A 10.0.6.18
+ A 10.0.6.19
+ A 10.0.6.20
+ A 10.0.6.21
+ A 10.0.6.22
+ A 10.0.6.23
+ A 10.0.6.24
+ A 10.0.6.25
+ A 10.0.6.26
+ A 10.0.6.27
+ A 10.0.6.28
+ A 10.0.6.29
+ A 10.0.6.30
+ A 10.0.6.31
+ A 10.0.6.32
+ A 10.0.6.33
+ A 10.0.6.34
+ A 10.0.6.35
+ A 10.0.6.36
+ A 10.0.6.37
+ A 10.0.6.38
+ A 10.0.6.39
+ A 10.0.6.40
+ A 10.0.6.41
+ A 10.0.6.42
+ A 10.0.6.43
+ A 10.0.6.44
+ A 10.0.6.45
+ A 10.0.6.46
+ A 10.0.6.47
+ A 10.0.6.48
+ A 10.0.6.49
+ A 10.0.6.50
+ A 10.0.6.51
+ A 10.0.6.52
+ A 10.0.6.53
+ A 10.0.6.54
+ A 10.0.6.55
+ A 10.0.6.56
+ A 10.0.6.57
+ A 10.0.6.58
+ A 10.0.6.59
+ A 10.0.6.60
+ A 10.0.6.61
+ A 10.0.6.62
+ A 10.0.6.63
+ A 10.0.6.64
+ A 10.0.6.65
+ A 10.0.6.66
+ A 10.0.6.67
+ A 10.0.6.68
+ A 10.0.6.69
+ A 10.0.6.70
+ A 10.0.6.71
+ A 10.0.6.72
+ A 10.0.6.73
+ A 10.0.6.74
+ A 10.0.6.75
+ A 10.0.6.76
+ A 10.0.6.77
+ A 10.0.6.78
+ A 10.0.6.79
+ A 10.0.6.80
+ A 10.0.6.81
+ A 10.0.6.82
+ A 10.0.6.83
+ A 10.0.6.84
+ A 10.0.6.85
+ A 10.0.6.86
+ A 10.0.6.87
+ A 10.0.6.88
+ A 10.0.6.89
+ A 10.0.6.90
+ A 10.0.6.91
+ A 10.0.6.92
+ A 10.0.6.93
+ A 10.0.6.94
+ A 10.0.6.95
+ A 10.0.6.96
+ A 10.0.6.97
+ A 10.0.6.98
+ A 10.0.6.99
+ A 10.0.6.100
+ A 10.0.6.101
+ A 10.0.6.102
+ A 10.0.6.103
+ A 10.0.6.104
+ A 10.0.6.105
+ A 10.0.6.106
+ A 10.0.6.107
+ A 10.0.6.108
+ A 10.0.6.109
+ A 10.0.6.110
+ A 10.0.6.111
+ A 10.0.6.112
+ A 10.0.6.113
+ A 10.0.6.114
+ A 10.0.6.115
+ A 10.0.6.116
+ A 10.0.6.117
+ A 10.0.6.118
+ A 10.0.6.119
+ A 10.0.6.120
+ A 10.0.6.121
+ A 10.0.6.122
+ A 10.0.6.123
+ A 10.0.6.124
+ A 10.0.6.125
+ A 10.0.6.126
+ A 10.0.6.127
+ A 10.0.6.128
+ A 10.0.6.129
+ A 10.0.6.130
+ A 10.0.6.131
+ A 10.0.6.132
+ A 10.0.6.133
+ A 10.0.6.134
+ A 10.0.6.135
+ A 10.0.6.136
+ A 10.0.6.137
+ A 10.0.6.138
+ A 10.0.6.139
+ A 10.0.6.140
+ A 10.0.6.141
+ A 10.0.6.142
+ A 10.0.6.143
+ A 10.0.6.144
+ A 10.0.6.145
+ A 10.0.6.146
+ A 10.0.6.147
+ A 10.0.6.148
+ A 10.0.6.149
+ A 10.0.6.150
+ A 10.0.6.151
+ A 10.0.6.152
+ A 10.0.6.153
+ A 10.0.6.154
+ A 10.0.6.155
+ A 10.0.6.156
+ A 10.0.6.157
+ A 10.0.6.158
+ A 10.0.6.159
+ A 10.0.6.160
+ A 10.0.6.161
+ A 10.0.6.162
+ A 10.0.6.163
+ A 10.0.6.164
+ A 10.0.6.165
+ A 10.0.6.166
+ A 10.0.6.167
+ A 10.0.6.168
+ A 10.0.6.169
+ A 10.0.6.170
+ A 10.0.6.171
+ A 10.0.6.172
+ A 10.0.6.173
+ A 10.0.6.174
+ A 10.0.6.175
+ A 10.0.6.176
+ A 10.0.6.177
+ A 10.0.6.178
+ A 10.0.6.179
+ A 10.0.6.180
+ A 10.0.6.181
+ A 10.0.6.182
+ A 10.0.6.183
+ A 10.0.6.184
+ A 10.0.6.185
+ A 10.0.6.186
+ A 10.0.6.187
+ A 10.0.6.188
+ A 10.0.6.189
+ A 10.0.6.190
+ A 10.0.6.191
+ A 10.0.6.192
+ A 10.0.6.193
+ A 10.0.6.194
+ A 10.0.6.195
+ A 10.0.6.196
+ A 10.0.6.197
+ A 10.0.6.198
+ A 10.0.6.199
+ A 10.0.6.200
+ A 10.0.6.201
+ A 10.0.6.202
+ A 10.0.6.203
+ A 10.0.6.204
+ A 10.0.6.205
+ A 10.0.6.206
+ A 10.0.6.207
+ A 10.0.6.208
+ A 10.0.6.209
+ A 10.0.6.210
+ A 10.0.6.211
+ A 10.0.6.212
+ A 10.0.6.213
+ A 10.0.6.214
+ A 10.0.6.215
+ A 10.0.6.216
+ A 10.0.6.217
+ A 10.0.6.218
+ A 10.0.6.219
+ A 10.0.6.220
+ A 10.0.6.221
+ A 10.0.6.222
+ A 10.0.6.223
+ A 10.0.6.224
+ A 10.0.6.225
+ A 10.0.6.226
+ A 10.0.6.227
+ A 10.0.6.228
+ A 10.0.6.229
+ A 10.0.6.230
+ A 10.0.6.231
+ A 10.0.6.232
+ A 10.0.6.233
+ A 10.0.6.234
+ A 10.0.6.235
+ A 10.0.6.236
+ A 10.0.6.237
+ A 10.0.6.238
+ A 10.0.6.239
+ A 10.0.6.240
+ A 10.0.6.241
+ A 10.0.6.242
+ A 10.0.6.243
+ A 10.0.6.244
+ A 10.0.6.245
+ A 10.0.6.246
+ A 10.0.6.247
+ A 10.0.6.248
+ A 10.0.6.249
+ A 10.0.6.250
+ A 10.0.6.251
+ A 10.0.6.252
+ A 10.0.6.253
+ A 10.0.6.254
+ A 10.0.6.255
+ A 10.0.7.0
+ A 10.0.7.1
+ A 10.0.7.2
+ A 10.0.7.3
+ A 10.0.7.4
+ A 10.0.7.5
+ A 10.0.7.6
+ A 10.0.7.7
+ A 10.0.7.8
+ A 10.0.7.9
+ A 10.0.7.10
+ A 10.0.7.11
+ A 10.0.7.12
+ A 10.0.7.13
+ A 10.0.7.14
+ A 10.0.7.15
+ A 10.0.7.16
+ A 10.0.7.17
+ A 10.0.7.18
+ A 10.0.7.19
+ A 10.0.7.20
+ A 10.0.7.21
+ A 10.0.7.22
+ A 10.0.7.23
+ A 10.0.7.24
+ A 10.0.7.25
+ A 10.0.7.26
+ A 10.0.7.27
+ A 10.0.7.28
+ A 10.0.7.29
+ A 10.0.7.30
+ A 10.0.7.31
+ A 10.0.7.32
+ A 10.0.7.33
+ A 10.0.7.34
+ A 10.0.7.35
+ A 10.0.7.36
+ A 10.0.7.37
+ A 10.0.7.38
+ A 10.0.7.39
+ A 10.0.7.40
+ A 10.0.7.41
+ A 10.0.7.42
+ A 10.0.7.43
+ A 10.0.7.44
+ A 10.0.7.45
+ A 10.0.7.46
+ A 10.0.7.47
+ A 10.0.7.48
+ A 10.0.7.49
+ A 10.0.7.50
+ A 10.0.7.51
+ A 10.0.7.52
+ A 10.0.7.53
+ A 10.0.7.54
+ A 10.0.7.55
+ A 10.0.7.56
+ A 10.0.7.57
+ A 10.0.7.58
+ A 10.0.7.59
+ A 10.0.7.60
+ A 10.0.7.61
+ A 10.0.7.62
+ A 10.0.7.63
+ A 10.0.7.64
+ A 10.0.7.65
+ A 10.0.7.66
+ A 10.0.7.67
+ A 10.0.7.68
+ A 10.0.7.69
+ A 10.0.7.70
+ A 10.0.7.71
+ A 10.0.7.72
+ A 10.0.7.73
+ A 10.0.7.74
+ A 10.0.7.75
+ A 10.0.7.76
+ A 10.0.7.77
+ A 10.0.7.78
+ A 10.0.7.79
+ A 10.0.7.80
+ A 10.0.7.81
+ A 10.0.7.82
+ A 10.0.7.83
+ A 10.0.7.84
+ A 10.0.7.85
+ A 10.0.7.86
+ A 10.0.7.87
+ A 10.0.7.88
+ A 10.0.7.89
+ A 10.0.7.90
+ A 10.0.7.91
+ A 10.0.7.92
+ A 10.0.7.93
+ A 10.0.7.94
+ A 10.0.7.95
+ A 10.0.7.96
+ A 10.0.7.97
+ A 10.0.7.98
+ A 10.0.7.99
+ A 10.0.7.100
+ A 10.0.7.101
+ A 10.0.7.102
+ A 10.0.7.103
+ A 10.0.7.104
+ A 10.0.7.105
+ A 10.0.7.106
+ A 10.0.7.107
+ A 10.0.7.108
+ A 10.0.7.109
+ A 10.0.7.110
+ A 10.0.7.111
+ A 10.0.7.112
+ A 10.0.7.113
+ A 10.0.7.114
+ A 10.0.7.115
+ A 10.0.7.116
+ A 10.0.7.117
+ A 10.0.7.118
+ A 10.0.7.119
+ A 10.0.7.120
+ A 10.0.7.121
+ A 10.0.7.122
+ A 10.0.7.123
+ A 10.0.7.124
+ A 10.0.7.125
+ A 10.0.7.126
+ A 10.0.7.127
+ A 10.0.7.128
+ A 10.0.7.129
+ A 10.0.7.130
+ A 10.0.7.131
+ A 10.0.7.132
+ A 10.0.7.133
+ A 10.0.7.134
+ A 10.0.7.135
+ A 10.0.7.136
+ A 10.0.7.137
+ A 10.0.7.138
+ A 10.0.7.139
+ A 10.0.7.140
+ A 10.0.7.141
+ A 10.0.7.142
+ A 10.0.7.143
+ A 10.0.7.144
+ A 10.0.7.145
+ A 10.0.7.146
+ A 10.0.7.147
+ A 10.0.7.148
+ A 10.0.7.149
+ A 10.0.7.150
+ A 10.0.7.151
+ A 10.0.7.152
+ A 10.0.7.153
+ A 10.0.7.154
+ A 10.0.7.155
+ A 10.0.7.156
+ A 10.0.7.157
+ A 10.0.7.158
+ A 10.0.7.159
+ A 10.0.7.160
+ A 10.0.7.161
+ A 10.0.7.162
+ A 10.0.7.163
+ A 10.0.7.164
+ A 10.0.7.165
+ A 10.0.7.166
+ A 10.0.7.167
+ A 10.0.7.168
+ A 10.0.7.169
+ A 10.0.7.170
+ A 10.0.7.171
+ A 10.0.7.172
+ A 10.0.7.173
+ A 10.0.7.174
+ A 10.0.7.175
+ A 10.0.7.176
+ A 10.0.7.177
+ A 10.0.7.178
+ A 10.0.7.179
+ A 10.0.7.180
+ A 10.0.7.181
+ A 10.0.7.182
+ A 10.0.7.183
+ A 10.0.7.184
+ A 10.0.7.185
+ A 10.0.7.186
+ A 10.0.7.187
+ A 10.0.7.188
+ A 10.0.7.189
+ A 10.0.7.190
+ A 10.0.7.191
+ A 10.0.7.192
+ A 10.0.7.193
+ A 10.0.7.194
+ A 10.0.7.195
+ A 10.0.7.196
+ A 10.0.7.197
+ A 10.0.7.198
+ A 10.0.7.199
+ A 10.0.7.200
+ A 10.0.7.201
+ A 10.0.7.202
+ A 10.0.7.203
+ A 10.0.7.204
+ A 10.0.7.205
+ A 10.0.7.206
+ A 10.0.7.207
+ A 10.0.7.208
+ A 10.0.7.209
+ A 10.0.7.210
+ A 10.0.7.211
+ A 10.0.7.212
+ A 10.0.7.213
+ A 10.0.7.214
+ A 10.0.7.215
+ A 10.0.7.216
+ A 10.0.7.217
+ A 10.0.7.218
+ A 10.0.7.219
+ A 10.0.7.220
+ A 10.0.7.221
+ A 10.0.7.222
+ A 10.0.7.223
+ A 10.0.7.224
+ A 10.0.7.225
+ A 10.0.7.226
+ A 10.0.7.227
+ A 10.0.7.228
+ A 10.0.7.229
+ A 10.0.7.230
+ A 10.0.7.231
+ A 10.0.7.232
+ A 10.0.7.233
+ A 10.0.7.234
+ A 10.0.7.235
+ A 10.0.7.236
+ A 10.0.7.237
+ A 10.0.7.238
+ A 10.0.7.239
+ A 10.0.7.240
+ A 10.0.7.241
+ A 10.0.7.242
+ A 10.0.7.243
+ A 10.0.7.244
+ A 10.0.7.245
+ A 10.0.7.246
+ A 10.0.7.247
+ A 10.0.7.248
+ A 10.0.7.249
+ A 10.0.7.250
+ A 10.0.7.251
+ A 10.0.7.252
+ A 10.0.7.253
+ A 10.0.7.254
+ A 10.0.7.255
+ A 10.0.8.0
+ A 10.0.8.1
+ A 10.0.8.2
+ A 10.0.8.3
+ A 10.0.8.4
+ A 10.0.8.5
+ A 10.0.8.6
+ A 10.0.8.7
+ A 10.0.8.8
+ A 10.0.8.9
+ A 10.0.8.10
+ A 10.0.8.11
+ A 10.0.8.12
+ A 10.0.8.13
+ A 10.0.8.14
+ A 10.0.8.15
+ A 10.0.8.16
+ A 10.0.8.17
+ A 10.0.8.18
+ A 10.0.8.19
+ A 10.0.8.20
+ A 10.0.8.21
+ A 10.0.8.22
+ A 10.0.8.23
+ A 10.0.8.24
+ A 10.0.8.25
+ A 10.0.8.26
+ A 10.0.8.27
+ A 10.0.8.28
+ A 10.0.8.29
+ A 10.0.8.30
+ A 10.0.8.31
+ A 10.0.8.32
+ A 10.0.8.33
+ A 10.0.8.34
+ A 10.0.8.35
+ A 10.0.8.36
+ A 10.0.8.37
+ A 10.0.8.38
+ A 10.0.8.39
+ A 10.0.8.40
+ A 10.0.8.41
+ A 10.0.8.42
+ A 10.0.8.43
+ A 10.0.8.44
+ A 10.0.8.45
+ A 10.0.8.46
+ A 10.0.8.47
+ A 10.0.8.48
+ A 10.0.8.49
+ A 10.0.8.50
+ A 10.0.8.51
+ A 10.0.8.52
+ A 10.0.8.53
+ A 10.0.8.54
+ A 10.0.8.55
+ A 10.0.8.56
+ A 10.0.8.57
+ A 10.0.8.58
+ A 10.0.8.59
+ A 10.0.8.60
+ A 10.0.8.61
+ A 10.0.8.62
+ A 10.0.8.63
+ A 10.0.8.64
+ A 10.0.8.65
+ A 10.0.8.66
+ A 10.0.8.67
+ A 10.0.8.68
+ A 10.0.8.69
+ A 10.0.8.70
+ A 10.0.8.71
+ A 10.0.8.72
+ A 10.0.8.73
+ A 10.0.8.74
+ A 10.0.8.75
+ A 10.0.8.76
+ A 10.0.8.77
+ A 10.0.8.78
+ A 10.0.8.79
+ A 10.0.8.80
+ A 10.0.8.81
+ A 10.0.8.82
+ A 10.0.8.83
+ A 10.0.8.84
+ A 10.0.8.85
+ A 10.0.8.86
+ A 10.0.8.87
+ A 10.0.8.88
+ A 10.0.8.89
+ A 10.0.8.90
+ A 10.0.8.91
+ A 10.0.8.92
+ A 10.0.8.93
+ A 10.0.8.94
+ A 10.0.8.95
+ A 10.0.8.96
+ A 10.0.8.97
+ A 10.0.8.98
+ A 10.0.8.99
+ A 10.0.8.100
+ A 10.0.8.101
+ A 10.0.8.102
+ A 10.0.8.103
+ A 10.0.8.104
+ A 10.0.8.105
+ A 10.0.8.106
+ A 10.0.8.107
+ A 10.0.8.108
+ A 10.0.8.109
+ A 10.0.8.110
+ A 10.0.8.111
+ A 10.0.8.112
+ A 10.0.8.113
+ A 10.0.8.114
+ A 10.0.8.115
+ A 10.0.8.116
+ A 10.0.8.117
+ A 10.0.8.118
+ A 10.0.8.119
+ A 10.0.8.120
+ A 10.0.8.121
+ A 10.0.8.122
+ A 10.0.8.123
+ A 10.0.8.124
+ A 10.0.8.125
+ A 10.0.8.126
+ A 10.0.8.127
+ A 10.0.8.128
+ A 10.0.8.129
+ A 10.0.8.130
+ A 10.0.8.131
+ A 10.0.8.132
+ A 10.0.8.133
+ A 10.0.8.134
+ A 10.0.8.135
+ A 10.0.8.136
+ A 10.0.8.137
+ A 10.0.8.138
+ A 10.0.8.139
+ A 10.0.8.140
+ A 10.0.8.141
+ A 10.0.8.142
+ A 10.0.8.143
+ A 10.0.8.144
+ A 10.0.8.145
+ A 10.0.8.146
+ A 10.0.8.147
+ A 10.0.8.148
+ A 10.0.8.149
+ A 10.0.8.150
+ A 10.0.8.151
+ A 10.0.8.152
+ A 10.0.8.153
+ A 10.0.8.154
+ A 10.0.8.155
+ A 10.0.8.156
+ A 10.0.8.157
+ A 10.0.8.158
+ A 10.0.8.159
+ A 10.0.8.160
+ A 10.0.8.161
+ A 10.0.8.162
+ A 10.0.8.163
+ A 10.0.8.164
+ A 10.0.8.165
+ A 10.0.8.166
+ A 10.0.8.167
+ A 10.0.8.168
+ A 10.0.8.169
+ A 10.0.8.170
+ A 10.0.8.171
+ A 10.0.8.172
+ A 10.0.8.173
+ A 10.0.8.174
+ A 10.0.8.175
+ A 10.0.8.176
+ A 10.0.8.177
+ A 10.0.8.178
+ A 10.0.8.179
+ A 10.0.8.180
+ A 10.0.8.181
+ A 10.0.8.182
+ A 10.0.8.183
+ A 10.0.8.184
+ A 10.0.8.185
+ A 10.0.8.186
+ A 10.0.8.187
+ A 10.0.8.188
+ A 10.0.8.189
+ A 10.0.8.190
+ A 10.0.8.191
+ A 10.0.8.192
+ A 10.0.8.193
+ A 10.0.8.194
+ A 10.0.8.195
+ A 10.0.8.196
+ A 10.0.8.197
+ A 10.0.8.198
+ A 10.0.8.199
+ A 10.0.8.200
+ A 10.0.8.201
+ A 10.0.8.202
+ A 10.0.8.203
+ A 10.0.8.204
+ A 10.0.8.205
+ A 10.0.8.206
+ A 10.0.8.207
+ A 10.0.8.208
+ A 10.0.8.209
+ A 10.0.8.210
+ A 10.0.8.211
+ A 10.0.8.212
+ A 10.0.8.213
+ A 10.0.8.214
+ A 10.0.8.215
+ A 10.0.8.216
+ A 10.0.8.217
+ A 10.0.8.218
+ A 10.0.8.219
+ A 10.0.8.220
+ A 10.0.8.221
+ A 10.0.8.222
+ A 10.0.8.223
+ A 10.0.8.224
+ A 10.0.8.225
+ A 10.0.8.226
+ A 10.0.8.227
+ A 10.0.8.228
+ A 10.0.8.229
+ A 10.0.8.230
+ A 10.0.8.231
+ A 10.0.8.232
+ A 10.0.8.233
+ A 10.0.8.234
+ A 10.0.8.235
+ A 10.0.8.236
+ A 10.0.8.237
+ A 10.0.8.238
+ A 10.0.8.239
+ A 10.0.8.240
+ A 10.0.8.241
+ A 10.0.8.242
+ A 10.0.8.243
+ A 10.0.8.244
+ A 10.0.8.245
+ A 10.0.8.246
+ A 10.0.8.247
+ A 10.0.8.248
+ A 10.0.8.249
+ A 10.0.8.250
+ A 10.0.8.251
+ A 10.0.8.252
+ A 10.0.8.253
+ A 10.0.8.254
+ A 10.0.8.255
+ A 10.0.9.0
+ A 10.0.9.1
+ A 10.0.9.2
+ A 10.0.9.3
+ A 10.0.9.4
+ A 10.0.9.5
+ A 10.0.9.6
+ A 10.0.9.7
+ A 10.0.9.8
+ A 10.0.9.9
+ A 10.0.9.10
+ A 10.0.9.11
+ A 10.0.9.12
+ A 10.0.9.13
+ A 10.0.9.14
+ A 10.0.9.15
+ A 10.0.9.16
+ A 10.0.9.17
+ A 10.0.9.18
+ A 10.0.9.19
+ A 10.0.9.20
+ A 10.0.9.21
+ A 10.0.9.22
+ A 10.0.9.23
+ A 10.0.9.24
+ A 10.0.9.25
+ A 10.0.9.26
+ A 10.0.9.27
+ A 10.0.9.28
+ A 10.0.9.29
+ A 10.0.9.30
+ A 10.0.9.31
+ A 10.0.9.32
+ A 10.0.9.33
+ A 10.0.9.34
+ A 10.0.9.35
+ A 10.0.9.36
+ A 10.0.9.37
+ A 10.0.9.38
+ A 10.0.9.39
+ A 10.0.9.40
+ A 10.0.9.41
+ A 10.0.9.42
+ A 10.0.9.43
+ A 10.0.9.44
+ A 10.0.9.45
+ A 10.0.9.46
+ A 10.0.9.47
+ A 10.0.9.48
+ A 10.0.9.49
+ A 10.0.9.50
+ A 10.0.9.51
+ A 10.0.9.52
+ A 10.0.9.53
+ A 10.0.9.54
+ A 10.0.9.55
+ A 10.0.9.56
+ A 10.0.9.57
+ A 10.0.9.58
+ A 10.0.9.59
+ A 10.0.9.60
+ A 10.0.9.61
+ A 10.0.9.62
+ A 10.0.9.63
+ A 10.0.9.64
+ A 10.0.9.65
+ A 10.0.9.66
+ A 10.0.9.67
+ A 10.0.9.68
+ A 10.0.9.69
+ A 10.0.9.70
+ A 10.0.9.71
+ A 10.0.9.72
+ A 10.0.9.73
+ A 10.0.9.74
+ A 10.0.9.75
+ A 10.0.9.76
+ A 10.0.9.77
+ A 10.0.9.78
+ A 10.0.9.79
+ A 10.0.9.80
+ A 10.0.9.81
+ A 10.0.9.82
+ A 10.0.9.83
+ A 10.0.9.84
+ A 10.0.9.85
+ A 10.0.9.86
+ A 10.0.9.87
+ A 10.0.9.88
+ A 10.0.9.89
+ A 10.0.9.90
+ A 10.0.9.91
+ A 10.0.9.92
+ A 10.0.9.93
+ A 10.0.9.94
+ A 10.0.9.95
+ A 10.0.9.96
+ A 10.0.9.97
+ A 10.0.9.98
+ A 10.0.9.99
+ A 10.0.9.100
+ A 10.0.9.101
+ A 10.0.9.102
+ A 10.0.9.103
+ A 10.0.9.104
+ A 10.0.9.105
+ A 10.0.9.106
+ A 10.0.9.107
+ A 10.0.9.108
+ A 10.0.9.109
+ A 10.0.9.110
+ A 10.0.9.111
+ A 10.0.9.112
+ A 10.0.9.113
+ A 10.0.9.114
+ A 10.0.9.115
+ A 10.0.9.116
+ A 10.0.9.117
+ A 10.0.9.118
+ A 10.0.9.119
+ A 10.0.9.120
+ A 10.0.9.121
+ A 10.0.9.122
+ A 10.0.9.123
+ A 10.0.9.124
+ A 10.0.9.125
+ A 10.0.9.126
+ A 10.0.9.127
+ A 10.0.9.128
+ A 10.0.9.129
+ A 10.0.9.130
+ A 10.0.9.131
+ A 10.0.9.132
+ A 10.0.9.133
+ A 10.0.9.134
+ A 10.0.9.135
+ A 10.0.9.136
+ A 10.0.9.137
+ A 10.0.9.138
+ A 10.0.9.139
+ A 10.0.9.140
+ A 10.0.9.141
+ A 10.0.9.142
+ A 10.0.9.143
+ A 10.0.9.144
+ A 10.0.9.145
+ A 10.0.9.146
+ A 10.0.9.147
+ A 10.0.9.148
+ A 10.0.9.149
+ A 10.0.9.150
+ A 10.0.9.151
+ A 10.0.9.152
+ A 10.0.9.153
+ A 10.0.9.154
+ A 10.0.9.155
+ A 10.0.9.156
+ A 10.0.9.157
+ A 10.0.9.158
+ A 10.0.9.159
+ A 10.0.9.160
+ A 10.0.9.161
+ A 10.0.9.162
+ A 10.0.9.163
+ A 10.0.9.164
+ A 10.0.9.165
+ A 10.0.9.166
+ A 10.0.9.167
+ A 10.0.9.168
+ A 10.0.9.169
+ A 10.0.9.170
+ A 10.0.9.171
+ A 10.0.9.172
+ A 10.0.9.173
+ A 10.0.9.174
+ A 10.0.9.175
+ A 10.0.9.176
+ A 10.0.9.177
+ A 10.0.9.178
+ A 10.0.9.179
+ A 10.0.9.180
+ A 10.0.9.181
+ A 10.0.9.182
+ A 10.0.9.183
+ A 10.0.9.184
+ A 10.0.9.185
+ A 10.0.9.186
+ A 10.0.9.187
+ A 10.0.9.188
+ A 10.0.9.189
+ A 10.0.9.190
+ A 10.0.9.191
+ A 10.0.9.192
+ A 10.0.9.193
+ A 10.0.9.194
+ A 10.0.9.195
+ A 10.0.9.196
+ A 10.0.9.197
+ A 10.0.9.198
+ A 10.0.9.199
+ A 10.0.9.200
+ A 10.0.9.201
+ A 10.0.9.202
+ A 10.0.9.203
+ A 10.0.9.204
+ A 10.0.9.205
+ A 10.0.9.206
+ A 10.0.9.207
+ A 10.0.9.208
+ A 10.0.9.209
+ A 10.0.9.210
+ A 10.0.9.211
+ A 10.0.9.212
+ A 10.0.9.213
+ A 10.0.9.214
+ A 10.0.9.215
+ A 10.0.9.216
+ A 10.0.9.217
+ A 10.0.9.218
+ A 10.0.9.219
+ A 10.0.9.220
+ A 10.0.9.221
+ A 10.0.9.222
+ A 10.0.9.223
+ A 10.0.9.224
+ A 10.0.9.225
+ A 10.0.9.226
+ A 10.0.9.227
+ A 10.0.9.228
+ A 10.0.9.229
+ A 10.0.9.230
+ A 10.0.9.231
+ A 10.0.9.232
+ A 10.0.9.233
+ A 10.0.9.234
+ A 10.0.9.235
+ A 10.0.9.236
+ A 10.0.9.237
+ A 10.0.9.238
+ A 10.0.9.239
+ A 10.0.9.240
+ A 10.0.9.241
+ A 10.0.9.242
+ A 10.0.9.243
+ A 10.0.9.244
+ A 10.0.9.245
+ A 10.0.9.246
+ A 10.0.9.247
+ A 10.0.9.248
+ A 10.0.9.249
+ A 10.0.9.250
+ A 10.0.9.251
+ A 10.0.9.252
+ A 10.0.9.253
+ A 10.0.9.254
+ A 10.0.9.255
+ A 10.0.10.0
+ A 10.0.10.1
+ A 10.0.10.2
+ A 10.0.10.3
+ A 10.0.10.4
+ A 10.0.10.5
+ A 10.0.10.6
+ A 10.0.10.7
+ A 10.0.10.8
+ A 10.0.10.9
+ A 10.0.10.10
+ A 10.0.10.11
+ A 10.0.10.12
+ A 10.0.10.13
+ A 10.0.10.14
+ A 10.0.10.15
+ A 10.0.10.16
+ A 10.0.10.17
+ A 10.0.10.18
+ A 10.0.10.19
+ A 10.0.10.20
+ A 10.0.10.21
+ A 10.0.10.22
+ A 10.0.10.23
+ A 10.0.10.24
+ A 10.0.10.25
+ A 10.0.10.26
+ A 10.0.10.27
+ A 10.0.10.28
+ A 10.0.10.29
+ A 10.0.10.30
+ A 10.0.10.31
+ A 10.0.10.32
+ A 10.0.10.33
+ A 10.0.10.34
+ A 10.0.10.35
+ A 10.0.10.36
+ A 10.0.10.37
+ A 10.0.10.38
+ A 10.0.10.39
+ A 10.0.10.40
+ A 10.0.10.41
+ A 10.0.10.42
+ A 10.0.10.43
+ A 10.0.10.44
+ A 10.0.10.45
+ A 10.0.10.46
+ A 10.0.10.47
+ A 10.0.10.48
+ A 10.0.10.49
+ A 10.0.10.50
+ A 10.0.10.51
+ A 10.0.10.52
+ A 10.0.10.53
+ A 10.0.10.54
+ A 10.0.10.55
+ A 10.0.10.56
+ A 10.0.10.57
+ A 10.0.10.58
+ A 10.0.10.59
+ A 10.0.10.60
+ A 10.0.10.61
+ A 10.0.10.62
+ A 10.0.10.63
+ A 10.0.10.64
+ A 10.0.10.65
+ A 10.0.10.66
+ A 10.0.10.67
+ A 10.0.10.68
+ A 10.0.10.69
+ A 10.0.10.70
+ A 10.0.10.71
+ A 10.0.10.72
+ A 10.0.10.73
+ A 10.0.10.74
+ A 10.0.10.75
+ A 10.0.10.76
+ A 10.0.10.77
+ A 10.0.10.78
+ A 10.0.10.79
+ A 10.0.10.80
+ A 10.0.10.81
+ A 10.0.10.82
+ A 10.0.10.83
+ A 10.0.10.84
+ A 10.0.10.85
+ A 10.0.10.86
+ A 10.0.10.87
+ A 10.0.10.88
+ A 10.0.10.89
+ A 10.0.10.90
+ A 10.0.10.91
+ A 10.0.10.92
+ A 10.0.10.93
+ A 10.0.10.94
+ A 10.0.10.95
+ A 10.0.10.96
+ A 10.0.10.97
+ A 10.0.10.98
+ A 10.0.10.99
+ A 10.0.10.100
+ A 10.0.10.101
+ A 10.0.10.102
+ A 10.0.10.103
+ A 10.0.10.104
+ A 10.0.10.105
+ A 10.0.10.106
+ A 10.0.10.107
+ A 10.0.10.108
+ A 10.0.10.109
+ A 10.0.10.110
+ A 10.0.10.111
+ A 10.0.10.112
+ A 10.0.10.113
+ A 10.0.10.114
+ A 10.0.10.115
+ A 10.0.10.116
+ A 10.0.10.117
+ A 10.0.10.118
+ A 10.0.10.119
+ A 10.0.10.120
+ A 10.0.10.121
+ A 10.0.10.122
+ A 10.0.10.123
+ A 10.0.10.124
+ A 10.0.10.125
+ A 10.0.10.126
+ A 10.0.10.127
+ A 10.0.10.128
+ A 10.0.10.129
+ A 10.0.10.130
+ A 10.0.10.131
+ A 10.0.10.132
+ A 10.0.10.133
+ A 10.0.10.134
+ A 10.0.10.135
+ A 10.0.10.136
+ A 10.0.10.137
+ A 10.0.10.138
+ A 10.0.10.139
+ A 10.0.10.140
+ A 10.0.10.141
+ A 10.0.10.142
+ A 10.0.10.143
+ A 10.0.10.144
+ A 10.0.10.145
+ A 10.0.10.146
+ A 10.0.10.147
+ A 10.0.10.148
+ A 10.0.10.149
+ A 10.0.10.150
+ A 10.0.10.151
+ A 10.0.10.152
+ A 10.0.10.153
+ A 10.0.10.154
+ A 10.0.10.155
+ A 10.0.10.156
+ A 10.0.10.157
+ A 10.0.10.158
+ A 10.0.10.159
+ A 10.0.10.160
+ A 10.0.10.161
+ A 10.0.10.162
+ A 10.0.10.163
+ A 10.0.10.164
+ A 10.0.10.165
+ A 10.0.10.166
+ A 10.0.10.167
+ A 10.0.10.168
+ A 10.0.10.169
+ A 10.0.10.170
+ A 10.0.10.171
+ A 10.0.10.172
+ A 10.0.10.173
+ A 10.0.10.174
+ A 10.0.10.175
+ A 10.0.10.176
+ A 10.0.10.177
+ A 10.0.10.178
+ A 10.0.10.179
+ A 10.0.10.180
+ A 10.0.10.181
+ A 10.0.10.182
+ A 10.0.10.183
+ A 10.0.10.184
+ A 10.0.10.185
+ A 10.0.10.186
+ A 10.0.10.187
+ A 10.0.10.188
+ A 10.0.10.189
+ A 10.0.10.190
+ A 10.0.10.191
+ A 10.0.10.192
+ A 10.0.10.193
+ A 10.0.10.194
+ A 10.0.10.195
+ A 10.0.10.196
+ A 10.0.10.197
+ A 10.0.10.198
+ A 10.0.10.199
+ A 10.0.10.200
+ A 10.0.10.201
+ A 10.0.10.202
+ A 10.0.10.203
+ A 10.0.10.204
+ A 10.0.10.205
+ A 10.0.10.206
+ A 10.0.10.207
+ A 10.0.10.208
+ A 10.0.10.209
+ A 10.0.10.210
+ A 10.0.10.211
+ A 10.0.10.212
+ A 10.0.10.213
+ A 10.0.10.214
+ A 10.0.10.215
+ A 10.0.10.216
+ A 10.0.10.217
+ A 10.0.10.218
+ A 10.0.10.219
+ A 10.0.10.220
+ A 10.0.10.221
+ A 10.0.10.222
+ A 10.0.10.223
+ A 10.0.10.224
+ A 10.0.10.225
+ A 10.0.10.226
+ A 10.0.10.227
+ A 10.0.10.228
+ A 10.0.10.229
+ A 10.0.10.230
+ A 10.0.10.231
+ A 10.0.10.232
+ A 10.0.10.233
+ A 10.0.10.234
+ A 10.0.10.235
+ A 10.0.10.236
+ A 10.0.10.237
+ A 10.0.10.238
+ A 10.0.10.239
+ A 10.0.10.240
+ A 10.0.10.241
+ A 10.0.10.242
+ A 10.0.10.243
+ A 10.0.10.244
+ A 10.0.10.245
+ A 10.0.10.246
+ A 10.0.10.247
+ A 10.0.10.248
+ A 10.0.10.249
+ A 10.0.10.250
+ A 10.0.10.251
+ A 10.0.10.252
+ A 10.0.10.253
+ A 10.0.10.254
+ A 10.0.10.255
+ A 10.0.11.0
+ A 10.0.11.1
+ A 10.0.11.2
+ A 10.0.11.3
+ A 10.0.11.4
+ A 10.0.11.5
+ A 10.0.11.6
+ A 10.0.11.7
+ A 10.0.11.8
+ A 10.0.11.9
+ A 10.0.11.10
+ A 10.0.11.11
+ A 10.0.11.12
+ A 10.0.11.13
+ A 10.0.11.14
+ A 10.0.11.15
+ A 10.0.11.16
+ A 10.0.11.17
+ A 10.0.11.18
+ A 10.0.11.19
+ A 10.0.11.20
+ A 10.0.11.21
+ A 10.0.11.22
+ A 10.0.11.23
+ A 10.0.11.24
+ A 10.0.11.25
+ A 10.0.11.26
+ A 10.0.11.27
+ A 10.0.11.28
+ A 10.0.11.29
+ A 10.0.11.30
+ A 10.0.11.31
+ A 10.0.11.32
+ A 10.0.11.33
+ A 10.0.11.34
+ A 10.0.11.35
+ A 10.0.11.36
+ A 10.0.11.37
+ A 10.0.11.38
+ A 10.0.11.39
+ A 10.0.11.40
+ A 10.0.11.41
+ A 10.0.11.42
+ A 10.0.11.43
+ A 10.0.11.44
+ A 10.0.11.45
+ A 10.0.11.46
+ A 10.0.11.47
+ A 10.0.11.48
+ A 10.0.11.49
+ A 10.0.11.50
+ A 10.0.11.51
+ A 10.0.11.52
+ A 10.0.11.53
+ A 10.0.11.54
+ A 10.0.11.55
+ A 10.0.11.56
+ A 10.0.11.57
+ A 10.0.11.58
+ A 10.0.11.59
+ A 10.0.11.60
+ A 10.0.11.61
+ A 10.0.11.62
+ A 10.0.11.63
+ A 10.0.11.64
+ A 10.0.11.65
+ A 10.0.11.66
+ A 10.0.11.67
+ A 10.0.11.68
+ A 10.0.11.69
+ A 10.0.11.70
+ A 10.0.11.71
+ A 10.0.11.72
+ A 10.0.11.73
+ A 10.0.11.74
+ A 10.0.11.75
+ A 10.0.11.76
+ A 10.0.11.77
+ A 10.0.11.78
+ A 10.0.11.79
+ A 10.0.11.80
+ A 10.0.11.81
+ A 10.0.11.82
+ A 10.0.11.83
+ A 10.0.11.84
+ A 10.0.11.85
+ A 10.0.11.86
+ A 10.0.11.87
+ A 10.0.11.88
+ A 10.0.11.89
+ A 10.0.11.90
+ A 10.0.11.91
+ A 10.0.11.92
+ A 10.0.11.93
+ A 10.0.11.94
+ A 10.0.11.95
+ A 10.0.11.96
+ A 10.0.11.97
+ A 10.0.11.98
+ A 10.0.11.99
+ A 10.0.11.100
+ A 10.0.11.101
+ A 10.0.11.102
+ A 10.0.11.103
+ A 10.0.11.104
+ A 10.0.11.105
+ A 10.0.11.106
+ A 10.0.11.107
+ A 10.0.11.108
+ A 10.0.11.109
+ A 10.0.11.110
+ A 10.0.11.111
+ A 10.0.11.112
+ A 10.0.11.113
+ A 10.0.11.114
+ A 10.0.11.115
+ A 10.0.11.116
+ A 10.0.11.117
+ A 10.0.11.118
+ A 10.0.11.119
+ A 10.0.11.120
+ A 10.0.11.121
+ A 10.0.11.122
+ A 10.0.11.123
+ A 10.0.11.124
+ A 10.0.11.125
+ A 10.0.11.126
+ A 10.0.11.127
+ A 10.0.11.128
+ A 10.0.11.129
+ A 10.0.11.130
+ A 10.0.11.131
+ A 10.0.11.132
+ A 10.0.11.133
+ A 10.0.11.134
+ A 10.0.11.135
+ A 10.0.11.136
+ A 10.0.11.137
+ A 10.0.11.138
+ A 10.0.11.139
+ A 10.0.11.140
+ A 10.0.11.141
+ A 10.0.11.142
+ A 10.0.11.143
+ A 10.0.11.144
+ A 10.0.11.145
+ A 10.0.11.146
+ A 10.0.11.147
+ A 10.0.11.148
+ A 10.0.11.149
+ A 10.0.11.150
+ A 10.0.11.151
+ A 10.0.11.152
+ A 10.0.11.153
+ A 10.0.11.154
+ A 10.0.11.155
+ A 10.0.11.156
+ A 10.0.11.157
+ A 10.0.11.158
+ A 10.0.11.159
+ A 10.0.11.160
+ A 10.0.11.161
+ A 10.0.11.162
+ A 10.0.11.163
+ A 10.0.11.164
+ A 10.0.11.165
+ A 10.0.11.166
+ A 10.0.11.167
+ A 10.0.11.168
+ A 10.0.11.169
+ A 10.0.11.170
+ A 10.0.11.171
+ A 10.0.11.172
+ A 10.0.11.173
+ A 10.0.11.174
+ A 10.0.11.175
+ A 10.0.11.176
+ A 10.0.11.177
+ A 10.0.11.178
+ A 10.0.11.179
+ A 10.0.11.180
+ A 10.0.11.181
+ A 10.0.11.182
+ A 10.0.11.183
+4000 A 10.0.0.0
+ A 10.0.0.1
+ A 10.0.0.2
+ A 10.0.0.3
+ A 10.0.0.4
+ A 10.0.0.5
+ A 10.0.0.6
+ A 10.0.0.7
+ A 10.0.0.8
+ A 10.0.0.9
+ A 10.0.0.10
+ A 10.0.0.11
+ A 10.0.0.12
+ A 10.0.0.13
+ A 10.0.0.14
+ A 10.0.0.15
+ A 10.0.0.16
+ A 10.0.0.17
+ A 10.0.0.18
+ A 10.0.0.19
+ A 10.0.0.20
+ A 10.0.0.21
+ A 10.0.0.22
+ A 10.0.0.23
+ A 10.0.0.24
+ A 10.0.0.25
+ A 10.0.0.26
+ A 10.0.0.27
+ A 10.0.0.28
+ A 10.0.0.29
+ A 10.0.0.30
+ A 10.0.0.31
+ A 10.0.0.32
+ A 10.0.0.33
+ A 10.0.0.34
+ A 10.0.0.35
+ A 10.0.0.36
+ A 10.0.0.37
+ A 10.0.0.38
+ A 10.0.0.39
+ A 10.0.0.40
+ A 10.0.0.41
+ A 10.0.0.42
+ A 10.0.0.43
+ A 10.0.0.44
+ A 10.0.0.45
+ A 10.0.0.46
+ A 10.0.0.47
+ A 10.0.0.48
+ A 10.0.0.49
+ A 10.0.0.50
+ A 10.0.0.51
+ A 10.0.0.52
+ A 10.0.0.53
+ A 10.0.0.54
+ A 10.0.0.55
+ A 10.0.0.56
+ A 10.0.0.57
+ A 10.0.0.58
+ A 10.0.0.59
+ A 10.0.0.60
+ A 10.0.0.61
+ A 10.0.0.62
+ A 10.0.0.63
+ A 10.0.0.64
+ A 10.0.0.65
+ A 10.0.0.66
+ A 10.0.0.67
+ A 10.0.0.68
+ A 10.0.0.69
+ A 10.0.0.70
+ A 10.0.0.71
+ A 10.0.0.72
+ A 10.0.0.73
+ A 10.0.0.74
+ A 10.0.0.75
+ A 10.0.0.76
+ A 10.0.0.77
+ A 10.0.0.78
+ A 10.0.0.79
+ A 10.0.0.80
+ A 10.0.0.81
+ A 10.0.0.82
+ A 10.0.0.83
+ A 10.0.0.84
+ A 10.0.0.85
+ A 10.0.0.86
+ A 10.0.0.87
+ A 10.0.0.88
+ A 10.0.0.89
+ A 10.0.0.90
+ A 10.0.0.91
+ A 10.0.0.92
+ A 10.0.0.93
+ A 10.0.0.94
+ A 10.0.0.95
+ A 10.0.0.96
+ A 10.0.0.97
+ A 10.0.0.98
+ A 10.0.0.99
+ A 10.0.0.100
+ A 10.0.0.101
+ A 10.0.0.102
+ A 10.0.0.103
+ A 10.0.0.104
+ A 10.0.0.105
+ A 10.0.0.106
+ A 10.0.0.107
+ A 10.0.0.108
+ A 10.0.0.109
+ A 10.0.0.110
+ A 10.0.0.111
+ A 10.0.0.112
+ A 10.0.0.113
+ A 10.0.0.114
+ A 10.0.0.115
+ A 10.0.0.116
+ A 10.0.0.117
+ A 10.0.0.118
+ A 10.0.0.119
+ A 10.0.0.120
+ A 10.0.0.121
+ A 10.0.0.122
+ A 10.0.0.123
+ A 10.0.0.124
+ A 10.0.0.125
+ A 10.0.0.126
+ A 10.0.0.127
+ A 10.0.0.128
+ A 10.0.0.129
+ A 10.0.0.130
+ A 10.0.0.131
+ A 10.0.0.132
+ A 10.0.0.133
+ A 10.0.0.134
+ A 10.0.0.135
+ A 10.0.0.136
+ A 10.0.0.137
+ A 10.0.0.138
+ A 10.0.0.139
+ A 10.0.0.140
+ A 10.0.0.141
+ A 10.0.0.142
+ A 10.0.0.143
+ A 10.0.0.144
+ A 10.0.0.145
+ A 10.0.0.146
+ A 10.0.0.147
+ A 10.0.0.148
+ A 10.0.0.149
+ A 10.0.0.150
+ A 10.0.0.151
+ A 10.0.0.152
+ A 10.0.0.153
+ A 10.0.0.154
+ A 10.0.0.155
+ A 10.0.0.156
+ A 10.0.0.157
+ A 10.0.0.158
+ A 10.0.0.159
+ A 10.0.0.160
+ A 10.0.0.161
+ A 10.0.0.162
+ A 10.0.0.163
+ A 10.0.0.164
+ A 10.0.0.165
+ A 10.0.0.166
+ A 10.0.0.167
+ A 10.0.0.168
+ A 10.0.0.169
+ A 10.0.0.170
+ A 10.0.0.171
+ A 10.0.0.172
+ A 10.0.0.173
+ A 10.0.0.174
+ A 10.0.0.175
+ A 10.0.0.176
+ A 10.0.0.177
+ A 10.0.0.178
+ A 10.0.0.179
+ A 10.0.0.180
+ A 10.0.0.181
+ A 10.0.0.182
+ A 10.0.0.183
+ A 10.0.0.184
+ A 10.0.0.185
+ A 10.0.0.186
+ A 10.0.0.187
+ A 10.0.0.188
+ A 10.0.0.189
+ A 10.0.0.190
+ A 10.0.0.191
+ A 10.0.0.192
+ A 10.0.0.193
+ A 10.0.0.194
+ A 10.0.0.195
+ A 10.0.0.196
+ A 10.0.0.197
+ A 10.0.0.198
+ A 10.0.0.199
+ A 10.0.0.200
+ A 10.0.0.201
+ A 10.0.0.202
+ A 10.0.0.203
+ A 10.0.0.204
+ A 10.0.0.205
+ A 10.0.0.206
+ A 10.0.0.207
+ A 10.0.0.208
+ A 10.0.0.209
+ A 10.0.0.210
+ A 10.0.0.211
+ A 10.0.0.212
+ A 10.0.0.213
+ A 10.0.0.214
+ A 10.0.0.215
+ A 10.0.0.216
+ A 10.0.0.217
+ A 10.0.0.218
+ A 10.0.0.219
+ A 10.0.0.220
+ A 10.0.0.221
+ A 10.0.0.222
+ A 10.0.0.223
+ A 10.0.0.224
+ A 10.0.0.225
+ A 10.0.0.226
+ A 10.0.0.227
+ A 10.0.0.228
+ A 10.0.0.229
+ A 10.0.0.230
+ A 10.0.0.231
+ A 10.0.0.232
+ A 10.0.0.233
+ A 10.0.0.234
+ A 10.0.0.235
+ A 10.0.0.236
+ A 10.0.0.237
+ A 10.0.0.238
+ A 10.0.0.239
+ A 10.0.0.240
+ A 10.0.0.241
+ A 10.0.0.242
+ A 10.0.0.243
+ A 10.0.0.244
+ A 10.0.0.245
+ A 10.0.0.246
+ A 10.0.0.247
+ A 10.0.0.248
+ A 10.0.0.249
+ A 10.0.0.250
+ A 10.0.0.251
+ A 10.0.0.252
+ A 10.0.0.253
+ A 10.0.0.254
+ A 10.0.0.255
+ A 10.0.1.0
+ A 10.0.1.1
+ A 10.0.1.2
+ A 10.0.1.3
+ A 10.0.1.4
+ A 10.0.1.5
+ A 10.0.1.6
+ A 10.0.1.7
+ A 10.0.1.8
+ A 10.0.1.9
+ A 10.0.1.10
+ A 10.0.1.11
+ A 10.0.1.12
+ A 10.0.1.13
+ A 10.0.1.14
+ A 10.0.1.15
+ A 10.0.1.16
+ A 10.0.1.17
+ A 10.0.1.18
+ A 10.0.1.19
+ A 10.0.1.20
+ A 10.0.1.21
+ A 10.0.1.22
+ A 10.0.1.23
+ A 10.0.1.24
+ A 10.0.1.25
+ A 10.0.1.26
+ A 10.0.1.27
+ A 10.0.1.28
+ A 10.0.1.29
+ A 10.0.1.30
+ A 10.0.1.31
+ A 10.0.1.32
+ A 10.0.1.33
+ A 10.0.1.34
+ A 10.0.1.35
+ A 10.0.1.36
+ A 10.0.1.37
+ A 10.0.1.38
+ A 10.0.1.39
+ A 10.0.1.40
+ A 10.0.1.41
+ A 10.0.1.42
+ A 10.0.1.43
+ A 10.0.1.44
+ A 10.0.1.45
+ A 10.0.1.46
+ A 10.0.1.47
+ A 10.0.1.48
+ A 10.0.1.49
+ A 10.0.1.50
+ A 10.0.1.51
+ A 10.0.1.52
+ A 10.0.1.53
+ A 10.0.1.54
+ A 10.0.1.55
+ A 10.0.1.56
+ A 10.0.1.57
+ A 10.0.1.58
+ A 10.0.1.59
+ A 10.0.1.60
+ A 10.0.1.61
+ A 10.0.1.62
+ A 10.0.1.63
+ A 10.0.1.64
+ A 10.0.1.65
+ A 10.0.1.66
+ A 10.0.1.67
+ A 10.0.1.68
+ A 10.0.1.69
+ A 10.0.1.70
+ A 10.0.1.71
+ A 10.0.1.72
+ A 10.0.1.73
+ A 10.0.1.74
+ A 10.0.1.75
+ A 10.0.1.76
+ A 10.0.1.77
+ A 10.0.1.78
+ A 10.0.1.79
+ A 10.0.1.80
+ A 10.0.1.81
+ A 10.0.1.82
+ A 10.0.1.83
+ A 10.0.1.84
+ A 10.0.1.85
+ A 10.0.1.86
+ A 10.0.1.87
+ A 10.0.1.88
+ A 10.0.1.89
+ A 10.0.1.90
+ A 10.0.1.91
+ A 10.0.1.92
+ A 10.0.1.93
+ A 10.0.1.94
+ A 10.0.1.95
+ A 10.0.1.96
+ A 10.0.1.97
+ A 10.0.1.98
+ A 10.0.1.99
+ A 10.0.1.100
+ A 10.0.1.101
+ A 10.0.1.102
+ A 10.0.1.103
+ A 10.0.1.104
+ A 10.0.1.105
+ A 10.0.1.106
+ A 10.0.1.107
+ A 10.0.1.108
+ A 10.0.1.109
+ A 10.0.1.110
+ A 10.0.1.111
+ A 10.0.1.112
+ A 10.0.1.113
+ A 10.0.1.114
+ A 10.0.1.115
+ A 10.0.1.116
+ A 10.0.1.117
+ A 10.0.1.118
+ A 10.0.1.119
+ A 10.0.1.120
+ A 10.0.1.121
+ A 10.0.1.122
+ A 10.0.1.123
+ A 10.0.1.124
+ A 10.0.1.125
+ A 10.0.1.126
+ A 10.0.1.127
+ A 10.0.1.128
+ A 10.0.1.129
+ A 10.0.1.130
+ A 10.0.1.131
+ A 10.0.1.132
+ A 10.0.1.133
+ A 10.0.1.134
+ A 10.0.1.135
+ A 10.0.1.136
+ A 10.0.1.137
+ A 10.0.1.138
+ A 10.0.1.139
+ A 10.0.1.140
+ A 10.0.1.141
+ A 10.0.1.142
+ A 10.0.1.143
+ A 10.0.1.144
+ A 10.0.1.145
+ A 10.0.1.146
+ A 10.0.1.147
+ A 10.0.1.148
+ A 10.0.1.149
+ A 10.0.1.150
+ A 10.0.1.151
+ A 10.0.1.152
+ A 10.0.1.153
+ A 10.0.1.154
+ A 10.0.1.155
+ A 10.0.1.156
+ A 10.0.1.157
+ A 10.0.1.158
+ A 10.0.1.159
+ A 10.0.1.160
+ A 10.0.1.161
+ A 10.0.1.162
+ A 10.0.1.163
+ A 10.0.1.164
+ A 10.0.1.165
+ A 10.0.1.166
+ A 10.0.1.167
+ A 10.0.1.168
+ A 10.0.1.169
+ A 10.0.1.170
+ A 10.0.1.171
+ A 10.0.1.172
+ A 10.0.1.173
+ A 10.0.1.174
+ A 10.0.1.175
+ A 10.0.1.176
+ A 10.0.1.177
+ A 10.0.1.178
+ A 10.0.1.179
+ A 10.0.1.180
+ A 10.0.1.181
+ A 10.0.1.182
+ A 10.0.1.183
+ A 10.0.1.184
+ A 10.0.1.185
+ A 10.0.1.186
+ A 10.0.1.187
+ A 10.0.1.188
+ A 10.0.1.189
+ A 10.0.1.190
+ A 10.0.1.191
+ A 10.0.1.192
+ A 10.0.1.193
+ A 10.0.1.194
+ A 10.0.1.195
+ A 10.0.1.196
+ A 10.0.1.197
+ A 10.0.1.198
+ A 10.0.1.199
+ A 10.0.1.200
+ A 10.0.1.201
+ A 10.0.1.202
+ A 10.0.1.203
+ A 10.0.1.204
+ A 10.0.1.205
+ A 10.0.1.206
+ A 10.0.1.207
+ A 10.0.1.208
+ A 10.0.1.209
+ A 10.0.1.210
+ A 10.0.1.211
+ A 10.0.1.212
+ A 10.0.1.213
+ A 10.0.1.214
+ A 10.0.1.215
+ A 10.0.1.216
+ A 10.0.1.217
+ A 10.0.1.218
+ A 10.0.1.219
+ A 10.0.1.220
+ A 10.0.1.221
+ A 10.0.1.222
+ A 10.0.1.223
+ A 10.0.1.224
+ A 10.0.1.225
+ A 10.0.1.226
+ A 10.0.1.227
+ A 10.0.1.228
+ A 10.0.1.229
+ A 10.0.1.230
+ A 10.0.1.231
+ A 10.0.1.232
+ A 10.0.1.233
+ A 10.0.1.234
+ A 10.0.1.235
+ A 10.0.1.236
+ A 10.0.1.237
+ A 10.0.1.238
+ A 10.0.1.239
+ A 10.0.1.240
+ A 10.0.1.241
+ A 10.0.1.242
+ A 10.0.1.243
+ A 10.0.1.244
+ A 10.0.1.245
+ A 10.0.1.246
+ A 10.0.1.247
+ A 10.0.1.248
+ A 10.0.1.249
+ A 10.0.1.250
+ A 10.0.1.251
+ A 10.0.1.252
+ A 10.0.1.253
+ A 10.0.1.254
+ A 10.0.1.255
+ A 10.0.2.0
+ A 10.0.2.1
+ A 10.0.2.2
+ A 10.0.2.3
+ A 10.0.2.4
+ A 10.0.2.5
+ A 10.0.2.6
+ A 10.0.2.7
+ A 10.0.2.8
+ A 10.0.2.9
+ A 10.0.2.10
+ A 10.0.2.11
+ A 10.0.2.12
+ A 10.0.2.13
+ A 10.0.2.14
+ A 10.0.2.15
+ A 10.0.2.16
+ A 10.0.2.17
+ A 10.0.2.18
+ A 10.0.2.19
+ A 10.0.2.20
+ A 10.0.2.21
+ A 10.0.2.22
+ A 10.0.2.23
+ A 10.0.2.24
+ A 10.0.2.25
+ A 10.0.2.26
+ A 10.0.2.27
+ A 10.0.2.28
+ A 10.0.2.29
+ A 10.0.2.30
+ A 10.0.2.31
+ A 10.0.2.32
+ A 10.0.2.33
+ A 10.0.2.34
+ A 10.0.2.35
+ A 10.0.2.36
+ A 10.0.2.37
+ A 10.0.2.38
+ A 10.0.2.39
+ A 10.0.2.40
+ A 10.0.2.41
+ A 10.0.2.42
+ A 10.0.2.43
+ A 10.0.2.44
+ A 10.0.2.45
+ A 10.0.2.46
+ A 10.0.2.47
+ A 10.0.2.48
+ A 10.0.2.49
+ A 10.0.2.50
+ A 10.0.2.51
+ A 10.0.2.52
+ A 10.0.2.53
+ A 10.0.2.54
+ A 10.0.2.55
+ A 10.0.2.56
+ A 10.0.2.57
+ A 10.0.2.58
+ A 10.0.2.59
+ A 10.0.2.60
+ A 10.0.2.61
+ A 10.0.2.62
+ A 10.0.2.63
+ A 10.0.2.64
+ A 10.0.2.65
+ A 10.0.2.66
+ A 10.0.2.67
+ A 10.0.2.68
+ A 10.0.2.69
+ A 10.0.2.70
+ A 10.0.2.71
+ A 10.0.2.72
+ A 10.0.2.73
+ A 10.0.2.74
+ A 10.0.2.75
+ A 10.0.2.76
+ A 10.0.2.77
+ A 10.0.2.78
+ A 10.0.2.79
+ A 10.0.2.80
+ A 10.0.2.81
+ A 10.0.2.82
+ A 10.0.2.83
+ A 10.0.2.84
+ A 10.0.2.85
+ A 10.0.2.86
+ A 10.0.2.87
+ A 10.0.2.88
+ A 10.0.2.89
+ A 10.0.2.90
+ A 10.0.2.91
+ A 10.0.2.92
+ A 10.0.2.93
+ A 10.0.2.94
+ A 10.0.2.95
+ A 10.0.2.96
+ A 10.0.2.97
+ A 10.0.2.98
+ A 10.0.2.99
+ A 10.0.2.100
+ A 10.0.2.101
+ A 10.0.2.102
+ A 10.0.2.103
+ A 10.0.2.104
+ A 10.0.2.105
+ A 10.0.2.106
+ A 10.0.2.107
+ A 10.0.2.108
+ A 10.0.2.109
+ A 10.0.2.110
+ A 10.0.2.111
+ A 10.0.2.112
+ A 10.0.2.113
+ A 10.0.2.114
+ A 10.0.2.115
+ A 10.0.2.116
+ A 10.0.2.117
+ A 10.0.2.118
+ A 10.0.2.119
+ A 10.0.2.120
+ A 10.0.2.121
+ A 10.0.2.122
+ A 10.0.2.123
+ A 10.0.2.124
+ A 10.0.2.125
+ A 10.0.2.126
+ A 10.0.2.127
+ A 10.0.2.128
+ A 10.0.2.129
+ A 10.0.2.130
+ A 10.0.2.131
+ A 10.0.2.132
+ A 10.0.2.133
+ A 10.0.2.134
+ A 10.0.2.135
+ A 10.0.2.136
+ A 10.0.2.137
+ A 10.0.2.138
+ A 10.0.2.139
+ A 10.0.2.140
+ A 10.0.2.141
+ A 10.0.2.142
+ A 10.0.2.143
+ A 10.0.2.144
+ A 10.0.2.145
+ A 10.0.2.146
+ A 10.0.2.147
+ A 10.0.2.148
+ A 10.0.2.149
+ A 10.0.2.150
+ A 10.0.2.151
+ A 10.0.2.152
+ A 10.0.2.153
+ A 10.0.2.154
+ A 10.0.2.155
+ A 10.0.2.156
+ A 10.0.2.157
+ A 10.0.2.158
+ A 10.0.2.159
+ A 10.0.2.160
+ A 10.0.2.161
+ A 10.0.2.162
+ A 10.0.2.163
+ A 10.0.2.164
+ A 10.0.2.165
+ A 10.0.2.166
+ A 10.0.2.167
+ A 10.0.2.168
+ A 10.0.2.169
+ A 10.0.2.170
+ A 10.0.2.171
+ A 10.0.2.172
+ A 10.0.2.173
+ A 10.0.2.174
+ A 10.0.2.175
+ A 10.0.2.176
+ A 10.0.2.177
+ A 10.0.2.178
+ A 10.0.2.179
+ A 10.0.2.180
+ A 10.0.2.181
+ A 10.0.2.182
+ A 10.0.2.183
+ A 10.0.2.184
+ A 10.0.2.185
+ A 10.0.2.186
+ A 10.0.2.187
+ A 10.0.2.188
+ A 10.0.2.189
+ A 10.0.2.190
+ A 10.0.2.191
+ A 10.0.2.192
+ A 10.0.2.193
+ A 10.0.2.194
+ A 10.0.2.195
+ A 10.0.2.196
+ A 10.0.2.197
+ A 10.0.2.198
+ A 10.0.2.199
+ A 10.0.2.200
+ A 10.0.2.201
+ A 10.0.2.202
+ A 10.0.2.203
+ A 10.0.2.204
+ A 10.0.2.205
+ A 10.0.2.206
+ A 10.0.2.207
+ A 10.0.2.208
+ A 10.0.2.209
+ A 10.0.2.210
+ A 10.0.2.211
+ A 10.0.2.212
+ A 10.0.2.213
+ A 10.0.2.214
+ A 10.0.2.215
+ A 10.0.2.216
+ A 10.0.2.217
+ A 10.0.2.218
+ A 10.0.2.219
+ A 10.0.2.220
+ A 10.0.2.221
+ A 10.0.2.222
+ A 10.0.2.223
+ A 10.0.2.224
+ A 10.0.2.225
+ A 10.0.2.226
+ A 10.0.2.227
+ A 10.0.2.228
+ A 10.0.2.229
+ A 10.0.2.230
+ A 10.0.2.231
+ A 10.0.2.232
+ A 10.0.2.233
+ A 10.0.2.234
+ A 10.0.2.235
+ A 10.0.2.236
+ A 10.0.2.237
+ A 10.0.2.238
+ A 10.0.2.239
+ A 10.0.2.240
+ A 10.0.2.241
+ A 10.0.2.242
+ A 10.0.2.243
+ A 10.0.2.244
+ A 10.0.2.245
+ A 10.0.2.246
+ A 10.0.2.247
+ A 10.0.2.248
+ A 10.0.2.249
+ A 10.0.2.250
+ A 10.0.2.251
+ A 10.0.2.252
+ A 10.0.2.253
+ A 10.0.2.254
+ A 10.0.2.255
+ A 10.0.3.0
+ A 10.0.3.1
+ A 10.0.3.2
+ A 10.0.3.3
+ A 10.0.3.4
+ A 10.0.3.5
+ A 10.0.3.6
+ A 10.0.3.7
+ A 10.0.3.8
+ A 10.0.3.9
+ A 10.0.3.10
+ A 10.0.3.11
+ A 10.0.3.12
+ A 10.0.3.13
+ A 10.0.3.14
+ A 10.0.3.15
+ A 10.0.3.16
+ A 10.0.3.17
+ A 10.0.3.18
+ A 10.0.3.19
+ A 10.0.3.20
+ A 10.0.3.21
+ A 10.0.3.22
+ A 10.0.3.23
+ A 10.0.3.24
+ A 10.0.3.25
+ A 10.0.3.26
+ A 10.0.3.27
+ A 10.0.3.28
+ A 10.0.3.29
+ A 10.0.3.30
+ A 10.0.3.31
+ A 10.0.3.32
+ A 10.0.3.33
+ A 10.0.3.34
+ A 10.0.3.35
+ A 10.0.3.36
+ A 10.0.3.37
+ A 10.0.3.38
+ A 10.0.3.39
+ A 10.0.3.40
+ A 10.0.3.41
+ A 10.0.3.42
+ A 10.0.3.43
+ A 10.0.3.44
+ A 10.0.3.45
+ A 10.0.3.46
+ A 10.0.3.47
+ A 10.0.3.48
+ A 10.0.3.49
+ A 10.0.3.50
+ A 10.0.3.51
+ A 10.0.3.52
+ A 10.0.3.53
+ A 10.0.3.54
+ A 10.0.3.55
+ A 10.0.3.56
+ A 10.0.3.57
+ A 10.0.3.58
+ A 10.0.3.59
+ A 10.0.3.60
+ A 10.0.3.61
+ A 10.0.3.62
+ A 10.0.3.63
+ A 10.0.3.64
+ A 10.0.3.65
+ A 10.0.3.66
+ A 10.0.3.67
+ A 10.0.3.68
+ A 10.0.3.69
+ A 10.0.3.70
+ A 10.0.3.71
+ A 10.0.3.72
+ A 10.0.3.73
+ A 10.0.3.74
+ A 10.0.3.75
+ A 10.0.3.76
+ A 10.0.3.77
+ A 10.0.3.78
+ A 10.0.3.79
+ A 10.0.3.80
+ A 10.0.3.81
+ A 10.0.3.82
+ A 10.0.3.83
+ A 10.0.3.84
+ A 10.0.3.85
+ A 10.0.3.86
+ A 10.0.3.87
+ A 10.0.3.88
+ A 10.0.3.89
+ A 10.0.3.90
+ A 10.0.3.91
+ A 10.0.3.92
+ A 10.0.3.93
+ A 10.0.3.94
+ A 10.0.3.95
+ A 10.0.3.96
+ A 10.0.3.97
+ A 10.0.3.98
+ A 10.0.3.99
+ A 10.0.3.100
+ A 10.0.3.101
+ A 10.0.3.102
+ A 10.0.3.103
+ A 10.0.3.104
+ A 10.0.3.105
+ A 10.0.3.106
+ A 10.0.3.107
+ A 10.0.3.108
+ A 10.0.3.109
+ A 10.0.3.110
+ A 10.0.3.111
+ A 10.0.3.112
+ A 10.0.3.113
+ A 10.0.3.114
+ A 10.0.3.115
+ A 10.0.3.116
+ A 10.0.3.117
+ A 10.0.3.118
+ A 10.0.3.119
+ A 10.0.3.120
+ A 10.0.3.121
+ A 10.0.3.122
+ A 10.0.3.123
+ A 10.0.3.124
+ A 10.0.3.125
+ A 10.0.3.126
+ A 10.0.3.127
+ A 10.0.3.128
+ A 10.0.3.129
+ A 10.0.3.130
+ A 10.0.3.131
+ A 10.0.3.132
+ A 10.0.3.133
+ A 10.0.3.134
+ A 10.0.3.135
+ A 10.0.3.136
+ A 10.0.3.137
+ A 10.0.3.138
+ A 10.0.3.139
+ A 10.0.3.140
+ A 10.0.3.141
+ A 10.0.3.142
+ A 10.0.3.143
+ A 10.0.3.144
+ A 10.0.3.145
+ A 10.0.3.146
+ A 10.0.3.147
+ A 10.0.3.148
+ A 10.0.3.149
+ A 10.0.3.150
+ A 10.0.3.151
+ A 10.0.3.152
+ A 10.0.3.153
+ A 10.0.3.154
+ A 10.0.3.155
+ A 10.0.3.156
+ A 10.0.3.157
+ A 10.0.3.158
+ A 10.0.3.159
+ A 10.0.3.160
+ A 10.0.3.161
+ A 10.0.3.162
+ A 10.0.3.163
+ A 10.0.3.164
+ A 10.0.3.165
+ A 10.0.3.166
+ A 10.0.3.167
+ A 10.0.3.168
+ A 10.0.3.169
+ A 10.0.3.170
+ A 10.0.3.171
+ A 10.0.3.172
+ A 10.0.3.173
+ A 10.0.3.174
+ A 10.0.3.175
+ A 10.0.3.176
+ A 10.0.3.177
+ A 10.0.3.178
+ A 10.0.3.179
+ A 10.0.3.180
+ A 10.0.3.181
+ A 10.0.3.182
+ A 10.0.3.183
+ A 10.0.3.184
+ A 10.0.3.185
+ A 10.0.3.186
+ A 10.0.3.187
+ A 10.0.3.188
+ A 10.0.3.189
+ A 10.0.3.190
+ A 10.0.3.191
+ A 10.0.3.192
+ A 10.0.3.193
+ A 10.0.3.194
+ A 10.0.3.195
+ A 10.0.3.196
+ A 10.0.3.197
+ A 10.0.3.198
+ A 10.0.3.199
+ A 10.0.3.200
+ A 10.0.3.201
+ A 10.0.3.202
+ A 10.0.3.203
+ A 10.0.3.204
+ A 10.0.3.205
+ A 10.0.3.206
+ A 10.0.3.207
+ A 10.0.3.208
+ A 10.0.3.209
+ A 10.0.3.210
+ A 10.0.3.211
+ A 10.0.3.212
+ A 10.0.3.213
+ A 10.0.3.214
+ A 10.0.3.215
+ A 10.0.3.216
+ A 10.0.3.217
+ A 10.0.3.218
+ A 10.0.3.219
+ A 10.0.3.220
+ A 10.0.3.221
+ A 10.0.3.222
+ A 10.0.3.223
+ A 10.0.3.224
+ A 10.0.3.225
+ A 10.0.3.226
+ A 10.0.3.227
+ A 10.0.3.228
+ A 10.0.3.229
+ A 10.0.3.230
+ A 10.0.3.231
+ A 10.0.3.232
+ A 10.0.3.233
+ A 10.0.3.234
+ A 10.0.3.235
+ A 10.0.3.236
+ A 10.0.3.237
+ A 10.0.3.238
+ A 10.0.3.239
+ A 10.0.3.240
+ A 10.0.3.241
+ A 10.0.3.242
+ A 10.0.3.243
+ A 10.0.3.244
+ A 10.0.3.245
+ A 10.0.3.246
+ A 10.0.3.247
+ A 10.0.3.248
+ A 10.0.3.249
+ A 10.0.3.250
+ A 10.0.3.251
+ A 10.0.3.252
+ A 10.0.3.253
+ A 10.0.3.254
+ A 10.0.3.255
+ A 10.0.4.0
+ A 10.0.4.1
+ A 10.0.4.2
+ A 10.0.4.3
+ A 10.0.4.4
+ A 10.0.4.5
+ A 10.0.4.6
+ A 10.0.4.7
+ A 10.0.4.8
+ A 10.0.4.9
+ A 10.0.4.10
+ A 10.0.4.11
+ A 10.0.4.12
+ A 10.0.4.13
+ A 10.0.4.14
+ A 10.0.4.15
+ A 10.0.4.16
+ A 10.0.4.17
+ A 10.0.4.18
+ A 10.0.4.19
+ A 10.0.4.20
+ A 10.0.4.21
+ A 10.0.4.22
+ A 10.0.4.23
+ A 10.0.4.24
+ A 10.0.4.25
+ A 10.0.4.26
+ A 10.0.4.27
+ A 10.0.4.28
+ A 10.0.4.29
+ A 10.0.4.30
+ A 10.0.4.31
+ A 10.0.4.32
+ A 10.0.4.33
+ A 10.0.4.34
+ A 10.0.4.35
+ A 10.0.4.36
+ A 10.0.4.37
+ A 10.0.4.38
+ A 10.0.4.39
+ A 10.0.4.40
+ A 10.0.4.41
+ A 10.0.4.42
+ A 10.0.4.43
+ A 10.0.4.44
+ A 10.0.4.45
+ A 10.0.4.46
+ A 10.0.4.47
+ A 10.0.4.48
+ A 10.0.4.49
+ A 10.0.4.50
+ A 10.0.4.51
+ A 10.0.4.52
+ A 10.0.4.53
+ A 10.0.4.54
+ A 10.0.4.55
+ A 10.0.4.56
+ A 10.0.4.57
+ A 10.0.4.58
+ A 10.0.4.59
+ A 10.0.4.60
+ A 10.0.4.61
+ A 10.0.4.62
+ A 10.0.4.63
+ A 10.0.4.64
+ A 10.0.4.65
+ A 10.0.4.66
+ A 10.0.4.67
+ A 10.0.4.68
+ A 10.0.4.69
+ A 10.0.4.70
+ A 10.0.4.71
+ A 10.0.4.72
+ A 10.0.4.73
+ A 10.0.4.74
+ A 10.0.4.75
+ A 10.0.4.76
+ A 10.0.4.77
+ A 10.0.4.78
+ A 10.0.4.79
+ A 10.0.4.80
+ A 10.0.4.81
+ A 10.0.4.82
+ A 10.0.4.83
+ A 10.0.4.84
+ A 10.0.4.85
+ A 10.0.4.86
+ A 10.0.4.87
+ A 10.0.4.88
+ A 10.0.4.89
+ A 10.0.4.90
+ A 10.0.4.91
+ A 10.0.4.92
+ A 10.0.4.93
+ A 10.0.4.94
+ A 10.0.4.95
+ A 10.0.4.96
+ A 10.0.4.97
+ A 10.0.4.98
+ A 10.0.4.99
+ A 10.0.4.100
+ A 10.0.4.101
+ A 10.0.4.102
+ A 10.0.4.103
+ A 10.0.4.104
+ A 10.0.4.105
+ A 10.0.4.106
+ A 10.0.4.107
+ A 10.0.4.108
+ A 10.0.4.109
+ A 10.0.4.110
+ A 10.0.4.111
+ A 10.0.4.112
+ A 10.0.4.113
+ A 10.0.4.114
+ A 10.0.4.115
+ A 10.0.4.116
+ A 10.0.4.117
+ A 10.0.4.118
+ A 10.0.4.119
+ A 10.0.4.120
+ A 10.0.4.121
+ A 10.0.4.122
+ A 10.0.4.123
+ A 10.0.4.124
+ A 10.0.4.125
+ A 10.0.4.126
+ A 10.0.4.127
+ A 10.0.4.128
+ A 10.0.4.129
+ A 10.0.4.130
+ A 10.0.4.131
+ A 10.0.4.132
+ A 10.0.4.133
+ A 10.0.4.134
+ A 10.0.4.135
+ A 10.0.4.136
+ A 10.0.4.137
+ A 10.0.4.138
+ A 10.0.4.139
+ A 10.0.4.140
+ A 10.0.4.141
+ A 10.0.4.142
+ A 10.0.4.143
+ A 10.0.4.144
+ A 10.0.4.145
+ A 10.0.4.146
+ A 10.0.4.147
+ A 10.0.4.148
+ A 10.0.4.149
+ A 10.0.4.150
+ A 10.0.4.151
+ A 10.0.4.152
+ A 10.0.4.153
+ A 10.0.4.154
+ A 10.0.4.155
+ A 10.0.4.156
+ A 10.0.4.157
+ A 10.0.4.158
+ A 10.0.4.159
+ A 10.0.4.160
+ A 10.0.4.161
+ A 10.0.4.162
+ A 10.0.4.163
+ A 10.0.4.164
+ A 10.0.4.165
+ A 10.0.4.166
+ A 10.0.4.167
+ A 10.0.4.168
+ A 10.0.4.169
+ A 10.0.4.170
+ A 10.0.4.171
+ A 10.0.4.172
+ A 10.0.4.173
+ A 10.0.4.174
+ A 10.0.4.175
+ A 10.0.4.176
+ A 10.0.4.177
+ A 10.0.4.178
+ A 10.0.4.179
+ A 10.0.4.180
+ A 10.0.4.181
+ A 10.0.4.182
+ A 10.0.4.183
+ A 10.0.4.184
+ A 10.0.4.185
+ A 10.0.4.186
+ A 10.0.4.187
+ A 10.0.4.188
+ A 10.0.4.189
+ A 10.0.4.190
+ A 10.0.4.191
+ A 10.0.4.192
+ A 10.0.4.193
+ A 10.0.4.194
+ A 10.0.4.195
+ A 10.0.4.196
+ A 10.0.4.197
+ A 10.0.4.198
+ A 10.0.4.199
+ A 10.0.4.200
+ A 10.0.4.201
+ A 10.0.4.202
+ A 10.0.4.203
+ A 10.0.4.204
+ A 10.0.4.205
+ A 10.0.4.206
+ A 10.0.4.207
+ A 10.0.4.208
+ A 10.0.4.209
+ A 10.0.4.210
+ A 10.0.4.211
+ A 10.0.4.212
+ A 10.0.4.213
+ A 10.0.4.214
+ A 10.0.4.215
+ A 10.0.4.216
+ A 10.0.4.217
+ A 10.0.4.218
+ A 10.0.4.219
+ A 10.0.4.220
+ A 10.0.4.221
+ A 10.0.4.222
+ A 10.0.4.223
+ A 10.0.4.224
+ A 10.0.4.225
+ A 10.0.4.226
+ A 10.0.4.227
+ A 10.0.4.228
+ A 10.0.4.229
+ A 10.0.4.230
+ A 10.0.4.231
+ A 10.0.4.232
+ A 10.0.4.233
+ A 10.0.4.234
+ A 10.0.4.235
+ A 10.0.4.236
+ A 10.0.4.237
+ A 10.0.4.238
+ A 10.0.4.239
+ A 10.0.4.240
+ A 10.0.4.241
+ A 10.0.4.242
+ A 10.0.4.243
+ A 10.0.4.244
+ A 10.0.4.245
+ A 10.0.4.246
+ A 10.0.4.247
+ A 10.0.4.248
+ A 10.0.4.249
+ A 10.0.4.250
+ A 10.0.4.251
+ A 10.0.4.252
+ A 10.0.4.253
+ A 10.0.4.254
+ A 10.0.4.255
+ A 10.0.5.0
+ A 10.0.5.1
+ A 10.0.5.2
+ A 10.0.5.3
+ A 10.0.5.4
+ A 10.0.5.5
+ A 10.0.5.6
+ A 10.0.5.7
+ A 10.0.5.8
+ A 10.0.5.9
+ A 10.0.5.10
+ A 10.0.5.11
+ A 10.0.5.12
+ A 10.0.5.13
+ A 10.0.5.14
+ A 10.0.5.15
+ A 10.0.5.16
+ A 10.0.5.17
+ A 10.0.5.18
+ A 10.0.5.19
+ A 10.0.5.20
+ A 10.0.5.21
+ A 10.0.5.22
+ A 10.0.5.23
+ A 10.0.5.24
+ A 10.0.5.25
+ A 10.0.5.26
+ A 10.0.5.27
+ A 10.0.5.28
+ A 10.0.5.29
+ A 10.0.5.30
+ A 10.0.5.31
+ A 10.0.5.32
+ A 10.0.5.33
+ A 10.0.5.34
+ A 10.0.5.35
+ A 10.0.5.36
+ A 10.0.5.37
+ A 10.0.5.38
+ A 10.0.5.39
+ A 10.0.5.40
+ A 10.0.5.41
+ A 10.0.5.42
+ A 10.0.5.43
+ A 10.0.5.44
+ A 10.0.5.45
+ A 10.0.5.46
+ A 10.0.5.47
+ A 10.0.5.48
+ A 10.0.5.49
+ A 10.0.5.50
+ A 10.0.5.51
+ A 10.0.5.52
+ A 10.0.5.53
+ A 10.0.5.54
+ A 10.0.5.55
+ A 10.0.5.56
+ A 10.0.5.57
+ A 10.0.5.58
+ A 10.0.5.59
+ A 10.0.5.60
+ A 10.0.5.61
+ A 10.0.5.62
+ A 10.0.5.63
+ A 10.0.5.64
+ A 10.0.5.65
+ A 10.0.5.66
+ A 10.0.5.67
+ A 10.0.5.68
+ A 10.0.5.69
+ A 10.0.5.70
+ A 10.0.5.71
+ A 10.0.5.72
+ A 10.0.5.73
+ A 10.0.5.74
+ A 10.0.5.75
+ A 10.0.5.76
+ A 10.0.5.77
+ A 10.0.5.78
+ A 10.0.5.79
+ A 10.0.5.80
+ A 10.0.5.81
+ A 10.0.5.82
+ A 10.0.5.83
+ A 10.0.5.84
+ A 10.0.5.85
+ A 10.0.5.86
+ A 10.0.5.87
+ A 10.0.5.88
+ A 10.0.5.89
+ A 10.0.5.90
+ A 10.0.5.91
+ A 10.0.5.92
+ A 10.0.5.93
+ A 10.0.5.94
+ A 10.0.5.95
+ A 10.0.5.96
+ A 10.0.5.97
+ A 10.0.5.98
+ A 10.0.5.99
+ A 10.0.5.100
+ A 10.0.5.101
+ A 10.0.5.102
+ A 10.0.5.103
+ A 10.0.5.104
+ A 10.0.5.105
+ A 10.0.5.106
+ A 10.0.5.107
+ A 10.0.5.108
+ A 10.0.5.109
+ A 10.0.5.110
+ A 10.0.5.111
+ A 10.0.5.112
+ A 10.0.5.113
+ A 10.0.5.114
+ A 10.0.5.115
+ A 10.0.5.116
+ A 10.0.5.117
+ A 10.0.5.118
+ A 10.0.5.119
+ A 10.0.5.120
+ A 10.0.5.121
+ A 10.0.5.122
+ A 10.0.5.123
+ A 10.0.5.124
+ A 10.0.5.125
+ A 10.0.5.126
+ A 10.0.5.127
+ A 10.0.5.128
+ A 10.0.5.129
+ A 10.0.5.130
+ A 10.0.5.131
+ A 10.0.5.132
+ A 10.0.5.133
+ A 10.0.5.134
+ A 10.0.5.135
+ A 10.0.5.136
+ A 10.0.5.137
+ A 10.0.5.138
+ A 10.0.5.139
+ A 10.0.5.140
+ A 10.0.5.141
+ A 10.0.5.142
+ A 10.0.5.143
+ A 10.0.5.144
+ A 10.0.5.145
+ A 10.0.5.146
+ A 10.0.5.147
+ A 10.0.5.148
+ A 10.0.5.149
+ A 10.0.5.150
+ A 10.0.5.151
+ A 10.0.5.152
+ A 10.0.5.153
+ A 10.0.5.154
+ A 10.0.5.155
+ A 10.0.5.156
+ A 10.0.5.157
+ A 10.0.5.158
+ A 10.0.5.159
+ A 10.0.5.160
+ A 10.0.5.161
+ A 10.0.5.162
+ A 10.0.5.163
+ A 10.0.5.164
+ A 10.0.5.165
+ A 10.0.5.166
+ A 10.0.5.167
+ A 10.0.5.168
+ A 10.0.5.169
+ A 10.0.5.170
+ A 10.0.5.171
+ A 10.0.5.172
+ A 10.0.5.173
+ A 10.0.5.174
+ A 10.0.5.175
+ A 10.0.5.176
+ A 10.0.5.177
+ A 10.0.5.178
+ A 10.0.5.179
+ A 10.0.5.180
+ A 10.0.5.181
+ A 10.0.5.182
+ A 10.0.5.183
+ A 10.0.5.184
+ A 10.0.5.185
+ A 10.0.5.186
+ A 10.0.5.187
+ A 10.0.5.188
+ A 10.0.5.189
+ A 10.0.5.190
+ A 10.0.5.191
+ A 10.0.5.192
+ A 10.0.5.193
+ A 10.0.5.194
+ A 10.0.5.195
+ A 10.0.5.196
+ A 10.0.5.197
+ A 10.0.5.198
+ A 10.0.5.199
+ A 10.0.5.200
+ A 10.0.5.201
+ A 10.0.5.202
+ A 10.0.5.203
+ A 10.0.5.204
+ A 10.0.5.205
+ A 10.0.5.206
+ A 10.0.5.207
+ A 10.0.5.208
+ A 10.0.5.209
+ A 10.0.5.210
+ A 10.0.5.211
+ A 10.0.5.212
+ A 10.0.5.213
+ A 10.0.5.214
+ A 10.0.5.215
+ A 10.0.5.216
+ A 10.0.5.217
+ A 10.0.5.218
+ A 10.0.5.219
+ A 10.0.5.220
+ A 10.0.5.221
+ A 10.0.5.222
+ A 10.0.5.223
+ A 10.0.5.224
+ A 10.0.5.225
+ A 10.0.5.226
+ A 10.0.5.227
+ A 10.0.5.228
+ A 10.0.5.229
+ A 10.0.5.230
+ A 10.0.5.231
+ A 10.0.5.232
+ A 10.0.5.233
+ A 10.0.5.234
+ A 10.0.5.235
+ A 10.0.5.236
+ A 10.0.5.237
+ A 10.0.5.238
+ A 10.0.5.239
+ A 10.0.5.240
+ A 10.0.5.241
+ A 10.0.5.242
+ A 10.0.5.243
+ A 10.0.5.244
+ A 10.0.5.245
+ A 10.0.5.246
+ A 10.0.5.247
+ A 10.0.5.248
+ A 10.0.5.249
+ A 10.0.5.250
+ A 10.0.5.251
+ A 10.0.5.252
+ A 10.0.5.253
+ A 10.0.5.254
+ A 10.0.5.255
+ A 10.0.6.0
+ A 10.0.6.1
+ A 10.0.6.2
+ A 10.0.6.3
+ A 10.0.6.4
+ A 10.0.6.5
+ A 10.0.6.6
+ A 10.0.6.7
+ A 10.0.6.8
+ A 10.0.6.9
+ A 10.0.6.10
+ A 10.0.6.11
+ A 10.0.6.12
+ A 10.0.6.13
+ A 10.0.6.14
+ A 10.0.6.15
+ A 10.0.6.16
+ A 10.0.6.17
+ A 10.0.6.18
+ A 10.0.6.19
+ A 10.0.6.20
+ A 10.0.6.21
+ A 10.0.6.22
+ A 10.0.6.23
+ A 10.0.6.24
+ A 10.0.6.25
+ A 10.0.6.26
+ A 10.0.6.27
+ A 10.0.6.28
+ A 10.0.6.29
+ A 10.0.6.30
+ A 10.0.6.31
+ A 10.0.6.32
+ A 10.0.6.33
+ A 10.0.6.34
+ A 10.0.6.35
+ A 10.0.6.36
+ A 10.0.6.37
+ A 10.0.6.38
+ A 10.0.6.39
+ A 10.0.6.40
+ A 10.0.6.41
+ A 10.0.6.42
+ A 10.0.6.43
+ A 10.0.6.44
+ A 10.0.6.45
+ A 10.0.6.46
+ A 10.0.6.47
+ A 10.0.6.48
+ A 10.0.6.49
+ A 10.0.6.50
+ A 10.0.6.51
+ A 10.0.6.52
+ A 10.0.6.53
+ A 10.0.6.54
+ A 10.0.6.55
+ A 10.0.6.56
+ A 10.0.6.57
+ A 10.0.6.58
+ A 10.0.6.59
+ A 10.0.6.60
+ A 10.0.6.61
+ A 10.0.6.62
+ A 10.0.6.63
+ A 10.0.6.64
+ A 10.0.6.65
+ A 10.0.6.66
+ A 10.0.6.67
+ A 10.0.6.68
+ A 10.0.6.69
+ A 10.0.6.70
+ A 10.0.6.71
+ A 10.0.6.72
+ A 10.0.6.73
+ A 10.0.6.74
+ A 10.0.6.75
+ A 10.0.6.76
+ A 10.0.6.77
+ A 10.0.6.78
+ A 10.0.6.79
+ A 10.0.6.80
+ A 10.0.6.81
+ A 10.0.6.82
+ A 10.0.6.83
+ A 10.0.6.84
+ A 10.0.6.85
+ A 10.0.6.86
+ A 10.0.6.87
+ A 10.0.6.88
+ A 10.0.6.89
+ A 10.0.6.90
+ A 10.0.6.91
+ A 10.0.6.92
+ A 10.0.6.93
+ A 10.0.6.94
+ A 10.0.6.95
+ A 10.0.6.96
+ A 10.0.6.97
+ A 10.0.6.98
+ A 10.0.6.99
+ A 10.0.6.100
+ A 10.0.6.101
+ A 10.0.6.102
+ A 10.0.6.103
+ A 10.0.6.104
+ A 10.0.6.105
+ A 10.0.6.106
+ A 10.0.6.107
+ A 10.0.6.108
+ A 10.0.6.109
+ A 10.0.6.110
+ A 10.0.6.111
+ A 10.0.6.112
+ A 10.0.6.113
+ A 10.0.6.114
+ A 10.0.6.115
+ A 10.0.6.116
+ A 10.0.6.117
+ A 10.0.6.118
+ A 10.0.6.119
+ A 10.0.6.120
+ A 10.0.6.121
+ A 10.0.6.122
+ A 10.0.6.123
+ A 10.0.6.124
+ A 10.0.6.125
+ A 10.0.6.126
+ A 10.0.6.127
+ A 10.0.6.128
+ A 10.0.6.129
+ A 10.0.6.130
+ A 10.0.6.131
+ A 10.0.6.132
+ A 10.0.6.133
+ A 10.0.6.134
+ A 10.0.6.135
+ A 10.0.6.136
+ A 10.0.6.137
+ A 10.0.6.138
+ A 10.0.6.139
+ A 10.0.6.140
+ A 10.0.6.141
+ A 10.0.6.142
+ A 10.0.6.143
+ A 10.0.6.144
+ A 10.0.6.145
+ A 10.0.6.146
+ A 10.0.6.147
+ A 10.0.6.148
+ A 10.0.6.149
+ A 10.0.6.150
+ A 10.0.6.151
+ A 10.0.6.152
+ A 10.0.6.153
+ A 10.0.6.154
+ A 10.0.6.155
+ A 10.0.6.156
+ A 10.0.6.157
+ A 10.0.6.158
+ A 10.0.6.159
+ A 10.0.6.160
+ A 10.0.6.161
+ A 10.0.6.162
+ A 10.0.6.163
+ A 10.0.6.164
+ A 10.0.6.165
+ A 10.0.6.166
+ A 10.0.6.167
+ A 10.0.6.168
+ A 10.0.6.169
+ A 10.0.6.170
+ A 10.0.6.171
+ A 10.0.6.172
+ A 10.0.6.173
+ A 10.0.6.174
+ A 10.0.6.175
+ A 10.0.6.176
+ A 10.0.6.177
+ A 10.0.6.178
+ A 10.0.6.179
+ A 10.0.6.180
+ A 10.0.6.181
+ A 10.0.6.182
+ A 10.0.6.183
+ A 10.0.6.184
+ A 10.0.6.185
+ A 10.0.6.186
+ A 10.0.6.187
+ A 10.0.6.188
+ A 10.0.6.189
+ A 10.0.6.190
+ A 10.0.6.191
+ A 10.0.6.192
+ A 10.0.6.193
+ A 10.0.6.194
+ A 10.0.6.195
+ A 10.0.6.196
+ A 10.0.6.197
+ A 10.0.6.198
+ A 10.0.6.199
+ A 10.0.6.200
+ A 10.0.6.201
+ A 10.0.6.202
+ A 10.0.6.203
+ A 10.0.6.204
+ A 10.0.6.205
+ A 10.0.6.206
+ A 10.0.6.207
+ A 10.0.6.208
+ A 10.0.6.209
+ A 10.0.6.210
+ A 10.0.6.211
+ A 10.0.6.212
+ A 10.0.6.213
+ A 10.0.6.214
+ A 10.0.6.215
+ A 10.0.6.216
+ A 10.0.6.217
+ A 10.0.6.218
+ A 10.0.6.219
+ A 10.0.6.220
+ A 10.0.6.221
+ A 10.0.6.222
+ A 10.0.6.223
+ A 10.0.6.224
+ A 10.0.6.225
+ A 10.0.6.226
+ A 10.0.6.227
+ A 10.0.6.228
+ A 10.0.6.229
+ A 10.0.6.230
+ A 10.0.6.231
+ A 10.0.6.232
+ A 10.0.6.233
+ A 10.0.6.234
+ A 10.0.6.235
+ A 10.0.6.236
+ A 10.0.6.237
+ A 10.0.6.238
+ A 10.0.6.239
+ A 10.0.6.240
+ A 10.0.6.241
+ A 10.0.6.242
+ A 10.0.6.243
+ A 10.0.6.244
+ A 10.0.6.245
+ A 10.0.6.246
+ A 10.0.6.247
+ A 10.0.6.248
+ A 10.0.6.249
+ A 10.0.6.250
+ A 10.0.6.251
+ A 10.0.6.252
+ A 10.0.6.253
+ A 10.0.6.254
+ A 10.0.6.255
+ A 10.0.7.0
+ A 10.0.7.1
+ A 10.0.7.2
+ A 10.0.7.3
+ A 10.0.7.4
+ A 10.0.7.5
+ A 10.0.7.6
+ A 10.0.7.7
+ A 10.0.7.8
+ A 10.0.7.9
+ A 10.0.7.10
+ A 10.0.7.11
+ A 10.0.7.12
+ A 10.0.7.13
+ A 10.0.7.14
+ A 10.0.7.15
+ A 10.0.7.16
+ A 10.0.7.17
+ A 10.0.7.18
+ A 10.0.7.19
+ A 10.0.7.20
+ A 10.0.7.21
+ A 10.0.7.22
+ A 10.0.7.23
+ A 10.0.7.24
+ A 10.0.7.25
+ A 10.0.7.26
+ A 10.0.7.27
+ A 10.0.7.28
+ A 10.0.7.29
+ A 10.0.7.30
+ A 10.0.7.31
+ A 10.0.7.32
+ A 10.0.7.33
+ A 10.0.7.34
+ A 10.0.7.35
+ A 10.0.7.36
+ A 10.0.7.37
+ A 10.0.7.38
+ A 10.0.7.39
+ A 10.0.7.40
+ A 10.0.7.41
+ A 10.0.7.42
+ A 10.0.7.43
+ A 10.0.7.44
+ A 10.0.7.45
+ A 10.0.7.46
+ A 10.0.7.47
+ A 10.0.7.48
+ A 10.0.7.49
+ A 10.0.7.50
+ A 10.0.7.51
+ A 10.0.7.52
+ A 10.0.7.53
+ A 10.0.7.54
+ A 10.0.7.55
+ A 10.0.7.56
+ A 10.0.7.57
+ A 10.0.7.58
+ A 10.0.7.59
+ A 10.0.7.60
+ A 10.0.7.61
+ A 10.0.7.62
+ A 10.0.7.63
+ A 10.0.7.64
+ A 10.0.7.65
+ A 10.0.7.66
+ A 10.0.7.67
+ A 10.0.7.68
+ A 10.0.7.69
+ A 10.0.7.70
+ A 10.0.7.71
+ A 10.0.7.72
+ A 10.0.7.73
+ A 10.0.7.74
+ A 10.0.7.75
+ A 10.0.7.76
+ A 10.0.7.77
+ A 10.0.7.78
+ A 10.0.7.79
+ A 10.0.7.80
+ A 10.0.7.81
+ A 10.0.7.82
+ A 10.0.7.83
+ A 10.0.7.84
+ A 10.0.7.85
+ A 10.0.7.86
+ A 10.0.7.87
+ A 10.0.7.88
+ A 10.0.7.89
+ A 10.0.7.90
+ A 10.0.7.91
+ A 10.0.7.92
+ A 10.0.7.93
+ A 10.0.7.94
+ A 10.0.7.95
+ A 10.0.7.96
+ A 10.0.7.97
+ A 10.0.7.98
+ A 10.0.7.99
+ A 10.0.7.100
+ A 10.0.7.101
+ A 10.0.7.102
+ A 10.0.7.103
+ A 10.0.7.104
+ A 10.0.7.105
+ A 10.0.7.106
+ A 10.0.7.107
+ A 10.0.7.108
+ A 10.0.7.109
+ A 10.0.7.110
+ A 10.0.7.111
+ A 10.0.7.112
+ A 10.0.7.113
+ A 10.0.7.114
+ A 10.0.7.115
+ A 10.0.7.116
+ A 10.0.7.117
+ A 10.0.7.118
+ A 10.0.7.119
+ A 10.0.7.120
+ A 10.0.7.121
+ A 10.0.7.122
+ A 10.0.7.123
+ A 10.0.7.124
+ A 10.0.7.125
+ A 10.0.7.126
+ A 10.0.7.127
+ A 10.0.7.128
+ A 10.0.7.129
+ A 10.0.7.130
+ A 10.0.7.131
+ A 10.0.7.132
+ A 10.0.7.133
+ A 10.0.7.134
+ A 10.0.7.135
+ A 10.0.7.136
+ A 10.0.7.137
+ A 10.0.7.138
+ A 10.0.7.139
+ A 10.0.7.140
+ A 10.0.7.141
+ A 10.0.7.142
+ A 10.0.7.143
+ A 10.0.7.144
+ A 10.0.7.145
+ A 10.0.7.146
+ A 10.0.7.147
+ A 10.0.7.148
+ A 10.0.7.149
+ A 10.0.7.150
+ A 10.0.7.151
+ A 10.0.7.152
+ A 10.0.7.153
+ A 10.0.7.154
+ A 10.0.7.155
+ A 10.0.7.156
+ A 10.0.7.157
+ A 10.0.7.158
+ A 10.0.7.159
+ A 10.0.7.160
+ A 10.0.7.161
+ A 10.0.7.162
+ A 10.0.7.163
+ A 10.0.7.164
+ A 10.0.7.165
+ A 10.0.7.166
+ A 10.0.7.167
+ A 10.0.7.168
+ A 10.0.7.169
+ A 10.0.7.170
+ A 10.0.7.171
+ A 10.0.7.172
+ A 10.0.7.173
+ A 10.0.7.174
+ A 10.0.7.175
+ A 10.0.7.176
+ A 10.0.7.177
+ A 10.0.7.178
+ A 10.0.7.179
+ A 10.0.7.180
+ A 10.0.7.181
+ A 10.0.7.182
+ A 10.0.7.183
+ A 10.0.7.184
+ A 10.0.7.185
+ A 10.0.7.186
+ A 10.0.7.187
+ A 10.0.7.188
+ A 10.0.7.189
+ A 10.0.7.190
+ A 10.0.7.191
+ A 10.0.7.192
+ A 10.0.7.193
+ A 10.0.7.194
+ A 10.0.7.195
+ A 10.0.7.196
+ A 10.0.7.197
+ A 10.0.7.198
+ A 10.0.7.199
+ A 10.0.7.200
+ A 10.0.7.201
+ A 10.0.7.202
+ A 10.0.7.203
+ A 10.0.7.204
+ A 10.0.7.205
+ A 10.0.7.206
+ A 10.0.7.207
+ A 10.0.7.208
+ A 10.0.7.209
+ A 10.0.7.210
+ A 10.0.7.211
+ A 10.0.7.212
+ A 10.0.7.213
+ A 10.0.7.214
+ A 10.0.7.215
+ A 10.0.7.216
+ A 10.0.7.217
+ A 10.0.7.218
+ A 10.0.7.219
+ A 10.0.7.220
+ A 10.0.7.221
+ A 10.0.7.222
+ A 10.0.7.223
+ A 10.0.7.224
+ A 10.0.7.225
+ A 10.0.7.226
+ A 10.0.7.227
+ A 10.0.7.228
+ A 10.0.7.229
+ A 10.0.7.230
+ A 10.0.7.231
+ A 10.0.7.232
+ A 10.0.7.233
+ A 10.0.7.234
+ A 10.0.7.235
+ A 10.0.7.236
+ A 10.0.7.237
+ A 10.0.7.238
+ A 10.0.7.239
+ A 10.0.7.240
+ A 10.0.7.241
+ A 10.0.7.242
+ A 10.0.7.243
+ A 10.0.7.244
+ A 10.0.7.245
+ A 10.0.7.246
+ A 10.0.7.247
+ A 10.0.7.248
+ A 10.0.7.249
+ A 10.0.7.250
+ A 10.0.7.251
+ A 10.0.7.252
+ A 10.0.7.253
+ A 10.0.7.254
+ A 10.0.7.255
+ A 10.0.8.0
+ A 10.0.8.1
+ A 10.0.8.2
+ A 10.0.8.3
+ A 10.0.8.4
+ A 10.0.8.5
+ A 10.0.8.6
+ A 10.0.8.7
+ A 10.0.8.8
+ A 10.0.8.9
+ A 10.0.8.10
+ A 10.0.8.11
+ A 10.0.8.12
+ A 10.0.8.13
+ A 10.0.8.14
+ A 10.0.8.15
+ A 10.0.8.16
+ A 10.0.8.17
+ A 10.0.8.18
+ A 10.0.8.19
+ A 10.0.8.20
+ A 10.0.8.21
+ A 10.0.8.22
+ A 10.0.8.23
+ A 10.0.8.24
+ A 10.0.8.25
+ A 10.0.8.26
+ A 10.0.8.27
+ A 10.0.8.28
+ A 10.0.8.29
+ A 10.0.8.30
+ A 10.0.8.31
+ A 10.0.8.32
+ A 10.0.8.33
+ A 10.0.8.34
+ A 10.0.8.35
+ A 10.0.8.36
+ A 10.0.8.37
+ A 10.0.8.38
+ A 10.0.8.39
+ A 10.0.8.40
+ A 10.0.8.41
+ A 10.0.8.42
+ A 10.0.8.43
+ A 10.0.8.44
+ A 10.0.8.45
+ A 10.0.8.46
+ A 10.0.8.47
+ A 10.0.8.48
+ A 10.0.8.49
+ A 10.0.8.50
+ A 10.0.8.51
+ A 10.0.8.52
+ A 10.0.8.53
+ A 10.0.8.54
+ A 10.0.8.55
+ A 10.0.8.56
+ A 10.0.8.57
+ A 10.0.8.58
+ A 10.0.8.59
+ A 10.0.8.60
+ A 10.0.8.61
+ A 10.0.8.62
+ A 10.0.8.63
+ A 10.0.8.64
+ A 10.0.8.65
+ A 10.0.8.66
+ A 10.0.8.67
+ A 10.0.8.68
+ A 10.0.8.69
+ A 10.0.8.70
+ A 10.0.8.71
+ A 10.0.8.72
+ A 10.0.8.73
+ A 10.0.8.74
+ A 10.0.8.75
+ A 10.0.8.76
+ A 10.0.8.77
+ A 10.0.8.78
+ A 10.0.8.79
+ A 10.0.8.80
+ A 10.0.8.81
+ A 10.0.8.82
+ A 10.0.8.83
+ A 10.0.8.84
+ A 10.0.8.85
+ A 10.0.8.86
+ A 10.0.8.87
+ A 10.0.8.88
+ A 10.0.8.89
+ A 10.0.8.90
+ A 10.0.8.91
+ A 10.0.8.92
+ A 10.0.8.93
+ A 10.0.8.94
+ A 10.0.8.95
+ A 10.0.8.96
+ A 10.0.8.97
+ A 10.0.8.98
+ A 10.0.8.99
+ A 10.0.8.100
+ A 10.0.8.101
+ A 10.0.8.102
+ A 10.0.8.103
+ A 10.0.8.104
+ A 10.0.8.105
+ A 10.0.8.106
+ A 10.0.8.107
+ A 10.0.8.108
+ A 10.0.8.109
+ A 10.0.8.110
+ A 10.0.8.111
+ A 10.0.8.112
+ A 10.0.8.113
+ A 10.0.8.114
+ A 10.0.8.115
+ A 10.0.8.116
+ A 10.0.8.117
+ A 10.0.8.118
+ A 10.0.8.119
+ A 10.0.8.120
+ A 10.0.8.121
+ A 10.0.8.122
+ A 10.0.8.123
+ A 10.0.8.124
+ A 10.0.8.125
+ A 10.0.8.126
+ A 10.0.8.127
+ A 10.0.8.128
+ A 10.0.8.129
+ A 10.0.8.130
+ A 10.0.8.131
+ A 10.0.8.132
+ A 10.0.8.133
+ A 10.0.8.134
+ A 10.0.8.135
+ A 10.0.8.136
+ A 10.0.8.137
+ A 10.0.8.138
+ A 10.0.8.139
+ A 10.0.8.140
+ A 10.0.8.141
+ A 10.0.8.142
+ A 10.0.8.143
+ A 10.0.8.144
+ A 10.0.8.145
+ A 10.0.8.146
+ A 10.0.8.147
+ A 10.0.8.148
+ A 10.0.8.149
+ A 10.0.8.150
+ A 10.0.8.151
+ A 10.0.8.152
+ A 10.0.8.153
+ A 10.0.8.154
+ A 10.0.8.155
+ A 10.0.8.156
+ A 10.0.8.157
+ A 10.0.8.158
+ A 10.0.8.159
+ A 10.0.8.160
+ A 10.0.8.161
+ A 10.0.8.162
+ A 10.0.8.163
+ A 10.0.8.164
+ A 10.0.8.165
+ A 10.0.8.166
+ A 10.0.8.167
+ A 10.0.8.168
+ A 10.0.8.169
+ A 10.0.8.170
+ A 10.0.8.171
+ A 10.0.8.172
+ A 10.0.8.173
+ A 10.0.8.174
+ A 10.0.8.175
+ A 10.0.8.176
+ A 10.0.8.177
+ A 10.0.8.178
+ A 10.0.8.179
+ A 10.0.8.180
+ A 10.0.8.181
+ A 10.0.8.182
+ A 10.0.8.183
+ A 10.0.8.184
+ A 10.0.8.185
+ A 10.0.8.186
+ A 10.0.8.187
+ A 10.0.8.188
+ A 10.0.8.189
+ A 10.0.8.190
+ A 10.0.8.191
+ A 10.0.8.192
+ A 10.0.8.193
+ A 10.0.8.194
+ A 10.0.8.195
+ A 10.0.8.196
+ A 10.0.8.197
+ A 10.0.8.198
+ A 10.0.8.199
+ A 10.0.8.200
+ A 10.0.8.201
+ A 10.0.8.202
+ A 10.0.8.203
+ A 10.0.8.204
+ A 10.0.8.205
+ A 10.0.8.206
+ A 10.0.8.207
+ A 10.0.8.208
+ A 10.0.8.209
+ A 10.0.8.210
+ A 10.0.8.211
+ A 10.0.8.212
+ A 10.0.8.213
+ A 10.0.8.214
+ A 10.0.8.215
+ A 10.0.8.216
+ A 10.0.8.217
+ A 10.0.8.218
+ A 10.0.8.219
+ A 10.0.8.220
+ A 10.0.8.221
+ A 10.0.8.222
+ A 10.0.8.223
+ A 10.0.8.224
+ A 10.0.8.225
+ A 10.0.8.226
+ A 10.0.8.227
+ A 10.0.8.228
+ A 10.0.8.229
+ A 10.0.8.230
+ A 10.0.8.231
+ A 10.0.8.232
+ A 10.0.8.233
+ A 10.0.8.234
+ A 10.0.8.235
+ A 10.0.8.236
+ A 10.0.8.237
+ A 10.0.8.238
+ A 10.0.8.239
+ A 10.0.8.240
+ A 10.0.8.241
+ A 10.0.8.242
+ A 10.0.8.243
+ A 10.0.8.244
+ A 10.0.8.245
+ A 10.0.8.246
+ A 10.0.8.247
+ A 10.0.8.248
+ A 10.0.8.249
+ A 10.0.8.250
+ A 10.0.8.251
+ A 10.0.8.252
+ A 10.0.8.253
+ A 10.0.8.254
+ A 10.0.8.255
+ A 10.0.9.0
+ A 10.0.9.1
+ A 10.0.9.2
+ A 10.0.9.3
+ A 10.0.9.4
+ A 10.0.9.5
+ A 10.0.9.6
+ A 10.0.9.7
+ A 10.0.9.8
+ A 10.0.9.9
+ A 10.0.9.10
+ A 10.0.9.11
+ A 10.0.9.12
+ A 10.0.9.13
+ A 10.0.9.14
+ A 10.0.9.15
+ A 10.0.9.16
+ A 10.0.9.17
+ A 10.0.9.18
+ A 10.0.9.19
+ A 10.0.9.20
+ A 10.0.9.21
+ A 10.0.9.22
+ A 10.0.9.23
+ A 10.0.9.24
+ A 10.0.9.25
+ A 10.0.9.26
+ A 10.0.9.27
+ A 10.0.9.28
+ A 10.0.9.29
+ A 10.0.9.30
+ A 10.0.9.31
+ A 10.0.9.32
+ A 10.0.9.33
+ A 10.0.9.34
+ A 10.0.9.35
+ A 10.0.9.36
+ A 10.0.9.37
+ A 10.0.9.38
+ A 10.0.9.39
+ A 10.0.9.40
+ A 10.0.9.41
+ A 10.0.9.42
+ A 10.0.9.43
+ A 10.0.9.44
+ A 10.0.9.45
+ A 10.0.9.46
+ A 10.0.9.47
+ A 10.0.9.48
+ A 10.0.9.49
+ A 10.0.9.50
+ A 10.0.9.51
+ A 10.0.9.52
+ A 10.0.9.53
+ A 10.0.9.54
+ A 10.0.9.55
+ A 10.0.9.56
+ A 10.0.9.57
+ A 10.0.9.58
+ A 10.0.9.59
+ A 10.0.9.60
+ A 10.0.9.61
+ A 10.0.9.62
+ A 10.0.9.63
+ A 10.0.9.64
+ A 10.0.9.65
+ A 10.0.9.66
+ A 10.0.9.67
+ A 10.0.9.68
+ A 10.0.9.69
+ A 10.0.9.70
+ A 10.0.9.71
+ A 10.0.9.72
+ A 10.0.9.73
+ A 10.0.9.74
+ A 10.0.9.75
+ A 10.0.9.76
+ A 10.0.9.77
+ A 10.0.9.78
+ A 10.0.9.79
+ A 10.0.9.80
+ A 10.0.9.81
+ A 10.0.9.82
+ A 10.0.9.83
+ A 10.0.9.84
+ A 10.0.9.85
+ A 10.0.9.86
+ A 10.0.9.87
+ A 10.0.9.88
+ A 10.0.9.89
+ A 10.0.9.90
+ A 10.0.9.91
+ A 10.0.9.92
+ A 10.0.9.93
+ A 10.0.9.94
+ A 10.0.9.95
+ A 10.0.9.96
+ A 10.0.9.97
+ A 10.0.9.98
+ A 10.0.9.99
+ A 10.0.9.100
+ A 10.0.9.101
+ A 10.0.9.102
+ A 10.0.9.103
+ A 10.0.9.104
+ A 10.0.9.105
+ A 10.0.9.106
+ A 10.0.9.107
+ A 10.0.9.108
+ A 10.0.9.109
+ A 10.0.9.110
+ A 10.0.9.111
+ A 10.0.9.112
+ A 10.0.9.113
+ A 10.0.9.114
+ A 10.0.9.115
+ A 10.0.9.116
+ A 10.0.9.117
+ A 10.0.9.118
+ A 10.0.9.119
+ A 10.0.9.120
+ A 10.0.9.121
+ A 10.0.9.122
+ A 10.0.9.123
+ A 10.0.9.124
+ A 10.0.9.125
+ A 10.0.9.126
+ A 10.0.9.127
+ A 10.0.9.128
+ A 10.0.9.129
+ A 10.0.9.130
+ A 10.0.9.131
+ A 10.0.9.132
+ A 10.0.9.133
+ A 10.0.9.134
+ A 10.0.9.135
+ A 10.0.9.136
+ A 10.0.9.137
+ A 10.0.9.138
+ A 10.0.9.139
+ A 10.0.9.140
+ A 10.0.9.141
+ A 10.0.9.142
+ A 10.0.9.143
+ A 10.0.9.144
+ A 10.0.9.145
+ A 10.0.9.146
+ A 10.0.9.147
+ A 10.0.9.148
+ A 10.0.9.149
+ A 10.0.9.150
+ A 10.0.9.151
+ A 10.0.9.152
+ A 10.0.9.153
+ A 10.0.9.154
+ A 10.0.9.155
+ A 10.0.9.156
+ A 10.0.9.157
+ A 10.0.9.158
+ A 10.0.9.159
+ A 10.0.9.160
+ A 10.0.9.161
+ A 10.0.9.162
+ A 10.0.9.163
+ A 10.0.9.164
+ A 10.0.9.165
+ A 10.0.9.166
+ A 10.0.9.167
+ A 10.0.9.168
+ A 10.0.9.169
+ A 10.0.9.170
+ A 10.0.9.171
+ A 10.0.9.172
+ A 10.0.9.173
+ A 10.0.9.174
+ A 10.0.9.175
+ A 10.0.9.176
+ A 10.0.9.177
+ A 10.0.9.178
+ A 10.0.9.179
+ A 10.0.9.180
+ A 10.0.9.181
+ A 10.0.9.182
+ A 10.0.9.183
+ A 10.0.9.184
+ A 10.0.9.185
+ A 10.0.9.186
+ A 10.0.9.187
+ A 10.0.9.188
+ A 10.0.9.189
+ A 10.0.9.190
+ A 10.0.9.191
+ A 10.0.9.192
+ A 10.0.9.193
+ A 10.0.9.194
+ A 10.0.9.195
+ A 10.0.9.196
+ A 10.0.9.197
+ A 10.0.9.198
+ A 10.0.9.199
+ A 10.0.9.200
+ A 10.0.9.201
+ A 10.0.9.202
+ A 10.0.9.203
+ A 10.0.9.204
+ A 10.0.9.205
+ A 10.0.9.206
+ A 10.0.9.207
+ A 10.0.9.208
+ A 10.0.9.209
+ A 10.0.9.210
+ A 10.0.9.211
+ A 10.0.9.212
+ A 10.0.9.213
+ A 10.0.9.214
+ A 10.0.9.215
+ A 10.0.9.216
+ A 10.0.9.217
+ A 10.0.9.218
+ A 10.0.9.219
+ A 10.0.9.220
+ A 10.0.9.221
+ A 10.0.9.222
+ A 10.0.9.223
+ A 10.0.9.224
+ A 10.0.9.225
+ A 10.0.9.226
+ A 10.0.9.227
+ A 10.0.9.228
+ A 10.0.9.229
+ A 10.0.9.230
+ A 10.0.9.231
+ A 10.0.9.232
+ A 10.0.9.233
+ A 10.0.9.234
+ A 10.0.9.235
+ A 10.0.9.236
+ A 10.0.9.237
+ A 10.0.9.238
+ A 10.0.9.239
+ A 10.0.9.240
+ A 10.0.9.241
+ A 10.0.9.242
+ A 10.0.9.243
+ A 10.0.9.244
+ A 10.0.9.245
+ A 10.0.9.246
+ A 10.0.9.247
+ A 10.0.9.248
+ A 10.0.9.249
+ A 10.0.9.250
+ A 10.0.9.251
+ A 10.0.9.252
+ A 10.0.9.253
+ A 10.0.9.254
+ A 10.0.9.255
+ A 10.0.10.0
+ A 10.0.10.1
+ A 10.0.10.2
+ A 10.0.10.3
+ A 10.0.10.4
+ A 10.0.10.5
+ A 10.0.10.6
+ A 10.0.10.7
+ A 10.0.10.8
+ A 10.0.10.9
+ A 10.0.10.10
+ A 10.0.10.11
+ A 10.0.10.12
+ A 10.0.10.13
+ A 10.0.10.14
+ A 10.0.10.15
+ A 10.0.10.16
+ A 10.0.10.17
+ A 10.0.10.18
+ A 10.0.10.19
+ A 10.0.10.20
+ A 10.0.10.21
+ A 10.0.10.22
+ A 10.0.10.23
+ A 10.0.10.24
+ A 10.0.10.25
+ A 10.0.10.26
+ A 10.0.10.27
+ A 10.0.10.28
+ A 10.0.10.29
+ A 10.0.10.30
+ A 10.0.10.31
+ A 10.0.10.32
+ A 10.0.10.33
+ A 10.0.10.34
+ A 10.0.10.35
+ A 10.0.10.36
+ A 10.0.10.37
+ A 10.0.10.38
+ A 10.0.10.39
+ A 10.0.10.40
+ A 10.0.10.41
+ A 10.0.10.42
+ A 10.0.10.43
+ A 10.0.10.44
+ A 10.0.10.45
+ A 10.0.10.46
+ A 10.0.10.47
+ A 10.0.10.48
+ A 10.0.10.49
+ A 10.0.10.50
+ A 10.0.10.51
+ A 10.0.10.52
+ A 10.0.10.53
+ A 10.0.10.54
+ A 10.0.10.55
+ A 10.0.10.56
+ A 10.0.10.57
+ A 10.0.10.58
+ A 10.0.10.59
+ A 10.0.10.60
+ A 10.0.10.61
+ A 10.0.10.62
+ A 10.0.10.63
+ A 10.0.10.64
+ A 10.0.10.65
+ A 10.0.10.66
+ A 10.0.10.67
+ A 10.0.10.68
+ A 10.0.10.69
+ A 10.0.10.70
+ A 10.0.10.71
+ A 10.0.10.72
+ A 10.0.10.73
+ A 10.0.10.74
+ A 10.0.10.75
+ A 10.0.10.76
+ A 10.0.10.77
+ A 10.0.10.78
+ A 10.0.10.79
+ A 10.0.10.80
+ A 10.0.10.81
+ A 10.0.10.82
+ A 10.0.10.83
+ A 10.0.10.84
+ A 10.0.10.85
+ A 10.0.10.86
+ A 10.0.10.87
+ A 10.0.10.88
+ A 10.0.10.89
+ A 10.0.10.90
+ A 10.0.10.91
+ A 10.0.10.92
+ A 10.0.10.93
+ A 10.0.10.94
+ A 10.0.10.95
+ A 10.0.10.96
+ A 10.0.10.97
+ A 10.0.10.98
+ A 10.0.10.99
+ A 10.0.10.100
+ A 10.0.10.101
+ A 10.0.10.102
+ A 10.0.10.103
+ A 10.0.10.104
+ A 10.0.10.105
+ A 10.0.10.106
+ A 10.0.10.107
+ A 10.0.10.108
+ A 10.0.10.109
+ A 10.0.10.110
+ A 10.0.10.111
+ A 10.0.10.112
+ A 10.0.10.113
+ A 10.0.10.114
+ A 10.0.10.115
+ A 10.0.10.116
+ A 10.0.10.117
+ A 10.0.10.118
+ A 10.0.10.119
+ A 10.0.10.120
+ A 10.0.10.121
+ A 10.0.10.122
+ A 10.0.10.123
+ A 10.0.10.124
+ A 10.0.10.125
+ A 10.0.10.126
+ A 10.0.10.127
+ A 10.0.10.128
+ A 10.0.10.129
+ A 10.0.10.130
+ A 10.0.10.131
+ A 10.0.10.132
+ A 10.0.10.133
+ A 10.0.10.134
+ A 10.0.10.135
+ A 10.0.10.136
+ A 10.0.10.137
+ A 10.0.10.138
+ A 10.0.10.139
+ A 10.0.10.140
+ A 10.0.10.141
+ A 10.0.10.142
+ A 10.0.10.143
+ A 10.0.10.144
+ A 10.0.10.145
+ A 10.0.10.146
+ A 10.0.10.147
+ A 10.0.10.148
+ A 10.0.10.149
+ A 10.0.10.150
+ A 10.0.10.151
+ A 10.0.10.152
+ A 10.0.10.153
+ A 10.0.10.154
+ A 10.0.10.155
+ A 10.0.10.156
+ A 10.0.10.157
+ A 10.0.10.158
+ A 10.0.10.159
+ A 10.0.10.160
+ A 10.0.10.161
+ A 10.0.10.162
+ A 10.0.10.163
+ A 10.0.10.164
+ A 10.0.10.165
+ A 10.0.10.166
+ A 10.0.10.167
+ A 10.0.10.168
+ A 10.0.10.169
+ A 10.0.10.170
+ A 10.0.10.171
+ A 10.0.10.172
+ A 10.0.10.173
+ A 10.0.10.174
+ A 10.0.10.175
+ A 10.0.10.176
+ A 10.0.10.177
+ A 10.0.10.178
+ A 10.0.10.179
+ A 10.0.10.180
+ A 10.0.10.181
+ A 10.0.10.182
+ A 10.0.10.183
+ A 10.0.10.184
+ A 10.0.10.185
+ A 10.0.10.186
+ A 10.0.10.187
+ A 10.0.10.188
+ A 10.0.10.189
+ A 10.0.10.190
+ A 10.0.10.191
+ A 10.0.10.192
+ A 10.0.10.193
+ A 10.0.10.194
+ A 10.0.10.195
+ A 10.0.10.196
+ A 10.0.10.197
+ A 10.0.10.198
+ A 10.0.10.199
+ A 10.0.10.200
+ A 10.0.10.201
+ A 10.0.10.202
+ A 10.0.10.203
+ A 10.0.10.204
+ A 10.0.10.205
+ A 10.0.10.206
+ A 10.0.10.207
+ A 10.0.10.208
+ A 10.0.10.209
+ A 10.0.10.210
+ A 10.0.10.211
+ A 10.0.10.212
+ A 10.0.10.213
+ A 10.0.10.214
+ A 10.0.10.215
+ A 10.0.10.216
+ A 10.0.10.217
+ A 10.0.10.218
+ A 10.0.10.219
+ A 10.0.10.220
+ A 10.0.10.221
+ A 10.0.10.222
+ A 10.0.10.223
+ A 10.0.10.224
+ A 10.0.10.225
+ A 10.0.10.226
+ A 10.0.10.227
+ A 10.0.10.228
+ A 10.0.10.229
+ A 10.0.10.230
+ A 10.0.10.231
+ A 10.0.10.232
+ A 10.0.10.233
+ A 10.0.10.234
+ A 10.0.10.235
+ A 10.0.10.236
+ A 10.0.10.237
+ A 10.0.10.238
+ A 10.0.10.239
+ A 10.0.10.240
+ A 10.0.10.241
+ A 10.0.10.242
+ A 10.0.10.243
+ A 10.0.10.244
+ A 10.0.10.245
+ A 10.0.10.246
+ A 10.0.10.247
+ A 10.0.10.248
+ A 10.0.10.249
+ A 10.0.10.250
+ A 10.0.10.251
+ A 10.0.10.252
+ A 10.0.10.253
+ A 10.0.10.254
+ A 10.0.10.255
+ A 10.0.11.0
+ A 10.0.11.1
+ A 10.0.11.2
+ A 10.0.11.3
+ A 10.0.11.4
+ A 10.0.11.5
+ A 10.0.11.6
+ A 10.0.11.7
+ A 10.0.11.8
+ A 10.0.11.9
+ A 10.0.11.10
+ A 10.0.11.11
+ A 10.0.11.12
+ A 10.0.11.13
+ A 10.0.11.14
+ A 10.0.11.15
+ A 10.0.11.16
+ A 10.0.11.17
+ A 10.0.11.18
+ A 10.0.11.19
+ A 10.0.11.20
+ A 10.0.11.21
+ A 10.0.11.22
+ A 10.0.11.23
+ A 10.0.11.24
+ A 10.0.11.25
+ A 10.0.11.26
+ A 10.0.11.27
+ A 10.0.11.28
+ A 10.0.11.29
+ A 10.0.11.30
+ A 10.0.11.31
+ A 10.0.11.32
+ A 10.0.11.33
+ A 10.0.11.34
+ A 10.0.11.35
+ A 10.0.11.36
+ A 10.0.11.37
+ A 10.0.11.38
+ A 10.0.11.39
+ A 10.0.11.40
+ A 10.0.11.41
+ A 10.0.11.42
+ A 10.0.11.43
+ A 10.0.11.44
+ A 10.0.11.45
+ A 10.0.11.46
+ A 10.0.11.47
+ A 10.0.11.48
+ A 10.0.11.49
+ A 10.0.11.50
+ A 10.0.11.51
+ A 10.0.11.52
+ A 10.0.11.53
+ A 10.0.11.54
+ A 10.0.11.55
+ A 10.0.11.56
+ A 10.0.11.57
+ A 10.0.11.58
+ A 10.0.11.59
+ A 10.0.11.60
+ A 10.0.11.61
+ A 10.0.11.62
+ A 10.0.11.63
+ A 10.0.11.64
+ A 10.0.11.65
+ A 10.0.11.66
+ A 10.0.11.67
+ A 10.0.11.68
+ A 10.0.11.69
+ A 10.0.11.70
+ A 10.0.11.71
+ A 10.0.11.72
+ A 10.0.11.73
+ A 10.0.11.74
+ A 10.0.11.75
+ A 10.0.11.76
+ A 10.0.11.77
+ A 10.0.11.78
+ A 10.0.11.79
+ A 10.0.11.80
+ A 10.0.11.81
+ A 10.0.11.82
+ A 10.0.11.83
+ A 10.0.11.84
+ A 10.0.11.85
+ A 10.0.11.86
+ A 10.0.11.87
+ A 10.0.11.88
+ A 10.0.11.89
+ A 10.0.11.90
+ A 10.0.11.91
+ A 10.0.11.92
+ A 10.0.11.93
+ A 10.0.11.94
+ A 10.0.11.95
+ A 10.0.11.96
+ A 10.0.11.97
+ A 10.0.11.98
+ A 10.0.11.99
+ A 10.0.11.100
+ A 10.0.11.101
+ A 10.0.11.102
+ A 10.0.11.103
+ A 10.0.11.104
+ A 10.0.11.105
+ A 10.0.11.106
+ A 10.0.11.107
+ A 10.0.11.108
+ A 10.0.11.109
+ A 10.0.11.110
+ A 10.0.11.111
+ A 10.0.11.112
+ A 10.0.11.113
+ A 10.0.11.114
+ A 10.0.11.115
+ A 10.0.11.116
+ A 10.0.11.117
+ A 10.0.11.118
+ A 10.0.11.119
+ A 10.0.11.120
+ A 10.0.11.121
+ A 10.0.11.122
+ A 10.0.11.123
+ A 10.0.11.124
+ A 10.0.11.125
+ A 10.0.11.126
+ A 10.0.11.127
+ A 10.0.11.128
+ A 10.0.11.129
+ A 10.0.11.130
+ A 10.0.11.131
+ A 10.0.11.132
+ A 10.0.11.133
+ A 10.0.11.134
+ A 10.0.11.135
+ A 10.0.11.136
+ A 10.0.11.137
+ A 10.0.11.138
+ A 10.0.11.139
+ A 10.0.11.140
+ A 10.0.11.141
+ A 10.0.11.142
+ A 10.0.11.143
+ A 10.0.11.144
+ A 10.0.11.145
+ A 10.0.11.146
+ A 10.0.11.147
+ A 10.0.11.148
+ A 10.0.11.149
+ A 10.0.11.150
+ A 10.0.11.151
+ A 10.0.11.152
+ A 10.0.11.153
+ A 10.0.11.154
+ A 10.0.11.155
+ A 10.0.11.156
+ A 10.0.11.157
+ A 10.0.11.158
+ A 10.0.11.159
+ A 10.0.11.160
+ A 10.0.11.161
+ A 10.0.11.162
+ A 10.0.11.163
+ A 10.0.11.164
+ A 10.0.11.165
+ A 10.0.11.166
+ A 10.0.11.167
+ A 10.0.11.168
+ A 10.0.11.169
+ A 10.0.11.170
+ A 10.0.11.171
+ A 10.0.11.172
+ A 10.0.11.173
+ A 10.0.11.174
+ A 10.0.11.175
+ A 10.0.11.176
+ A 10.0.11.177
+ A 10.0.11.178
+ A 10.0.11.179
+ A 10.0.11.180
+ A 10.0.11.181
+ A 10.0.11.182
+ A 10.0.11.183
+ A 10.0.11.184
+ A 10.0.11.185
+ A 10.0.11.186
+ A 10.0.11.187
+ A 10.0.11.188
+ A 10.0.11.189
+ A 10.0.11.190
+ A 10.0.11.191
+ A 10.0.11.192
+ A 10.0.11.193
+ A 10.0.11.194
+ A 10.0.11.195
+ A 10.0.11.196
+ A 10.0.11.197
+ A 10.0.11.198
+ A 10.0.11.199
+ A 10.0.11.200
+ A 10.0.11.201
+ A 10.0.11.202
+ A 10.0.11.203
+ A 10.0.11.204
+ A 10.0.11.205
+ A 10.0.11.206
+ A 10.0.11.207
+ A 10.0.11.208
+ A 10.0.11.209
+ A 10.0.11.210
+ A 10.0.11.211
+ A 10.0.11.212
+ A 10.0.11.213
+ A 10.0.11.214
+ A 10.0.11.215
+ A 10.0.11.216
+ A 10.0.11.217
+ A 10.0.11.218
+ A 10.0.11.219
+ A 10.0.11.220
+ A 10.0.11.221
+ A 10.0.11.222
+ A 10.0.11.223
+ A 10.0.11.224
+ A 10.0.11.225
+ A 10.0.11.226
+ A 10.0.11.227
+ A 10.0.11.228
+ A 10.0.11.229
+ A 10.0.11.230
+ A 10.0.11.231
+ A 10.0.11.232
+ A 10.0.11.233
+ A 10.0.11.234
+ A 10.0.11.235
+ A 10.0.11.236
+ A 10.0.11.237
+ A 10.0.11.238
+ A 10.0.11.239
+ A 10.0.11.240
+ A 10.0.11.241
+ A 10.0.11.242
+ A 10.0.11.243
+ A 10.0.11.244
+ A 10.0.11.245
+ A 10.0.11.246
+ A 10.0.11.247
+ A 10.0.11.248
+ A 10.0.11.249
+ A 10.0.11.250
+ A 10.0.11.251
+ A 10.0.11.252
+ A 10.0.11.253
+ A 10.0.11.254
+ A 10.0.11.255
+ A 10.0.12.0
+ A 10.0.12.1
+ A 10.0.12.2
+ A 10.0.12.3
+ A 10.0.12.4
+ A 10.0.12.5
+ A 10.0.12.6
+ A 10.0.12.7
+ A 10.0.12.8
+ A 10.0.12.9
+ A 10.0.12.10
+ A 10.0.12.11
+ A 10.0.12.12
+ A 10.0.12.13
+ A 10.0.12.14
+ A 10.0.12.15
+ A 10.0.12.16
+ A 10.0.12.17
+ A 10.0.12.18
+ A 10.0.12.19
+ A 10.0.12.20
+ A 10.0.12.21
+ A 10.0.12.22
+ A 10.0.12.23
+ A 10.0.12.24
+ A 10.0.12.25
+ A 10.0.12.26
+ A 10.0.12.27
+ A 10.0.12.28
+ A 10.0.12.29
+ A 10.0.12.30
+ A 10.0.12.31
+ A 10.0.12.32
+ A 10.0.12.33
+ A 10.0.12.34
+ A 10.0.12.35
+ A 10.0.12.36
+ A 10.0.12.37
+ A 10.0.12.38
+ A 10.0.12.39
+ A 10.0.12.40
+ A 10.0.12.41
+ A 10.0.12.42
+ A 10.0.12.43
+ A 10.0.12.44
+ A 10.0.12.45
+ A 10.0.12.46
+ A 10.0.12.47
+ A 10.0.12.48
+ A 10.0.12.49
+ A 10.0.12.50
+ A 10.0.12.51
+ A 10.0.12.52
+ A 10.0.12.53
+ A 10.0.12.54
+ A 10.0.12.55
+ A 10.0.12.56
+ A 10.0.12.57
+ A 10.0.12.58
+ A 10.0.12.59
+ A 10.0.12.60
+ A 10.0.12.61
+ A 10.0.12.62
+ A 10.0.12.63
+ A 10.0.12.64
+ A 10.0.12.65
+ A 10.0.12.66
+ A 10.0.12.67
+ A 10.0.12.68
+ A 10.0.12.69
+ A 10.0.12.70
+ A 10.0.12.71
+ A 10.0.12.72
+ A 10.0.12.73
+ A 10.0.12.74
+ A 10.0.12.75
+ A 10.0.12.76
+ A 10.0.12.77
+ A 10.0.12.78
+ A 10.0.12.79
+ A 10.0.12.80
+ A 10.0.12.81
+ A 10.0.12.82
+ A 10.0.12.83
+ A 10.0.12.84
+ A 10.0.12.85
+ A 10.0.12.86
+ A 10.0.12.87
+ A 10.0.12.88
+ A 10.0.12.89
+ A 10.0.12.90
+ A 10.0.12.91
+ A 10.0.12.92
+ A 10.0.12.93
+ A 10.0.12.94
+ A 10.0.12.95
+ A 10.0.12.96
+ A 10.0.12.97
+ A 10.0.12.98
+ A 10.0.12.99
+ A 10.0.12.100
+ A 10.0.12.101
+ A 10.0.12.102
+ A 10.0.12.103
+ A 10.0.12.104
+ A 10.0.12.105
+ A 10.0.12.106
+ A 10.0.12.107
+ A 10.0.12.108
+ A 10.0.12.109
+ A 10.0.12.110
+ A 10.0.12.111
+ A 10.0.12.112
+ A 10.0.12.113
+ A 10.0.12.114
+ A 10.0.12.115
+ A 10.0.12.116
+ A 10.0.12.117
+ A 10.0.12.118
+ A 10.0.12.119
+ A 10.0.12.120
+ A 10.0.12.121
+ A 10.0.12.122
+ A 10.0.12.123
+ A 10.0.12.124
+ A 10.0.12.125
+ A 10.0.12.126
+ A 10.0.12.127
+ A 10.0.12.128
+ A 10.0.12.129
+ A 10.0.12.130
+ A 10.0.12.131
+ A 10.0.12.132
+ A 10.0.12.133
+ A 10.0.12.134
+ A 10.0.12.135
+ A 10.0.12.136
+ A 10.0.12.137
+ A 10.0.12.138
+ A 10.0.12.139
+ A 10.0.12.140
+ A 10.0.12.141
+ A 10.0.12.142
+ A 10.0.12.143
+ A 10.0.12.144
+ A 10.0.12.145
+ A 10.0.12.146
+ A 10.0.12.147
+ A 10.0.12.148
+ A 10.0.12.149
+ A 10.0.12.150
+ A 10.0.12.151
+ A 10.0.12.152
+ A 10.0.12.153
+ A 10.0.12.154
+ A 10.0.12.155
+ A 10.0.12.156
+ A 10.0.12.157
+ A 10.0.12.158
+ A 10.0.12.159
+ A 10.0.12.160
+ A 10.0.12.161
+ A 10.0.12.162
+ A 10.0.12.163
+ A 10.0.12.164
+ A 10.0.12.165
+ A 10.0.12.166
+ A 10.0.12.167
+ A 10.0.12.168
+ A 10.0.12.169
+ A 10.0.12.170
+ A 10.0.12.171
+ A 10.0.12.172
+ A 10.0.12.173
+ A 10.0.12.174
+ A 10.0.12.175
+ A 10.0.12.176
+ A 10.0.12.177
+ A 10.0.12.178
+ A 10.0.12.179
+ A 10.0.12.180
+ A 10.0.12.181
+ A 10.0.12.182
+ A 10.0.12.183
+ A 10.0.12.184
+ A 10.0.12.185
+ A 10.0.12.186
+ A 10.0.12.187
+ A 10.0.12.188
+ A 10.0.12.189
+ A 10.0.12.190
+ A 10.0.12.191
+ A 10.0.12.192
+ A 10.0.12.193
+ A 10.0.12.194
+ A 10.0.12.195
+ A 10.0.12.196
+ A 10.0.12.197
+ A 10.0.12.198
+ A 10.0.12.199
+ A 10.0.12.200
+ A 10.0.12.201
+ A 10.0.12.202
+ A 10.0.12.203
+ A 10.0.12.204
+ A 10.0.12.205
+ A 10.0.12.206
+ A 10.0.12.207
+ A 10.0.12.208
+ A 10.0.12.209
+ A 10.0.12.210
+ A 10.0.12.211
+ A 10.0.12.212
+ A 10.0.12.213
+ A 10.0.12.214
+ A 10.0.12.215
+ A 10.0.12.216
+ A 10.0.12.217
+ A 10.0.12.218
+ A 10.0.12.219
+ A 10.0.12.220
+ A 10.0.12.221
+ A 10.0.12.222
+ A 10.0.12.223
+ A 10.0.12.224
+ A 10.0.12.225
+ A 10.0.12.226
+ A 10.0.12.227
+ A 10.0.12.228
+ A 10.0.12.229
+ A 10.0.12.230
+ A 10.0.12.231
+ A 10.0.12.232
+ A 10.0.12.233
+ A 10.0.12.234
+ A 10.0.12.235
+ A 10.0.12.236
+ A 10.0.12.237
+ A 10.0.12.238
+ A 10.0.12.239
+ A 10.0.12.240
+ A 10.0.12.241
+ A 10.0.12.242
+ A 10.0.12.243
+ A 10.0.12.244
+ A 10.0.12.245
+ A 10.0.12.246
+ A 10.0.12.247
+ A 10.0.12.248
+ A 10.0.12.249
+ A 10.0.12.250
+ A 10.0.12.251
+ A 10.0.12.252
+ A 10.0.12.253
+ A 10.0.12.254
+ A 10.0.12.255
+ A 10.0.13.0
+ A 10.0.13.1
+ A 10.0.13.2
+ A 10.0.13.3
+ A 10.0.13.4
+ A 10.0.13.5
+ A 10.0.13.6
+ A 10.0.13.7
+ A 10.0.13.8
+ A 10.0.13.9
+ A 10.0.13.10
+ A 10.0.13.11
+ A 10.0.13.12
+ A 10.0.13.13
+ A 10.0.13.14
+ A 10.0.13.15
+ A 10.0.13.16
+ A 10.0.13.17
+ A 10.0.13.18
+ A 10.0.13.19
+ A 10.0.13.20
+ A 10.0.13.21
+ A 10.0.13.22
+ A 10.0.13.23
+ A 10.0.13.24
+ A 10.0.13.25
+ A 10.0.13.26
+ A 10.0.13.27
+ A 10.0.13.28
+ A 10.0.13.29
+ A 10.0.13.30
+ A 10.0.13.31
+ A 10.0.13.32
+ A 10.0.13.33
+ A 10.0.13.34
+ A 10.0.13.35
+ A 10.0.13.36
+ A 10.0.13.37
+ A 10.0.13.38
+ A 10.0.13.39
+ A 10.0.13.40
+ A 10.0.13.41
+ A 10.0.13.42
+ A 10.0.13.43
+ A 10.0.13.44
+ A 10.0.13.45
+ A 10.0.13.46
+ A 10.0.13.47
+ A 10.0.13.48
+ A 10.0.13.49
+ A 10.0.13.50
+ A 10.0.13.51
+ A 10.0.13.52
+ A 10.0.13.53
+ A 10.0.13.54
+ A 10.0.13.55
+ A 10.0.13.56
+ A 10.0.13.57
+ A 10.0.13.58
+ A 10.0.13.59
+ A 10.0.13.60
+ A 10.0.13.61
+ A 10.0.13.62
+ A 10.0.13.63
+ A 10.0.13.64
+ A 10.0.13.65
+ A 10.0.13.66
+ A 10.0.13.67
+ A 10.0.13.68
+ A 10.0.13.69
+ A 10.0.13.70
+ A 10.0.13.71
+ A 10.0.13.72
+ A 10.0.13.73
+ A 10.0.13.74
+ A 10.0.13.75
+ A 10.0.13.76
+ A 10.0.13.77
+ A 10.0.13.78
+ A 10.0.13.79
+ A 10.0.13.80
+ A 10.0.13.81
+ A 10.0.13.82
+ A 10.0.13.83
+ A 10.0.13.84
+ A 10.0.13.85
+ A 10.0.13.86
+ A 10.0.13.87
+ A 10.0.13.88
+ A 10.0.13.89
+ A 10.0.13.90
+ A 10.0.13.91
+ A 10.0.13.92
+ A 10.0.13.93
+ A 10.0.13.94
+ A 10.0.13.95
+ A 10.0.13.96
+ A 10.0.13.97
+ A 10.0.13.98
+ A 10.0.13.99
+ A 10.0.13.100
+ A 10.0.13.101
+ A 10.0.13.102
+ A 10.0.13.103
+ A 10.0.13.104
+ A 10.0.13.105
+ A 10.0.13.106
+ A 10.0.13.107
+ A 10.0.13.108
+ A 10.0.13.109
+ A 10.0.13.110
+ A 10.0.13.111
+ A 10.0.13.112
+ A 10.0.13.113
+ A 10.0.13.114
+ A 10.0.13.115
+ A 10.0.13.116
+ A 10.0.13.117
+ A 10.0.13.118
+ A 10.0.13.119
+ A 10.0.13.120
+ A 10.0.13.121
+ A 10.0.13.122
+ A 10.0.13.123
+ A 10.0.13.124
+ A 10.0.13.125
+ A 10.0.13.126
+ A 10.0.13.127
+ A 10.0.13.128
+ A 10.0.13.129
+ A 10.0.13.130
+ A 10.0.13.131
+ A 10.0.13.132
+ A 10.0.13.133
+ A 10.0.13.134
+ A 10.0.13.135
+ A 10.0.13.136
+ A 10.0.13.137
+ A 10.0.13.138
+ A 10.0.13.139
+ A 10.0.13.140
+ A 10.0.13.141
+ A 10.0.13.142
+ A 10.0.13.143
+ A 10.0.13.144
+ A 10.0.13.145
+ A 10.0.13.146
+ A 10.0.13.147
+ A 10.0.13.148
+ A 10.0.13.149
+ A 10.0.13.150
+ A 10.0.13.151
+ A 10.0.13.152
+ A 10.0.13.153
+ A 10.0.13.154
+ A 10.0.13.155
+ A 10.0.13.156
+ A 10.0.13.157
+ A 10.0.13.158
+ A 10.0.13.159
+ A 10.0.13.160
+ A 10.0.13.161
+ A 10.0.13.162
+ A 10.0.13.163
+ A 10.0.13.164
+ A 10.0.13.165
+ A 10.0.13.166
+ A 10.0.13.167
+ A 10.0.13.168
+ A 10.0.13.169
+ A 10.0.13.170
+ A 10.0.13.171
+ A 10.0.13.172
+ A 10.0.13.173
+ A 10.0.13.174
+ A 10.0.13.175
+ A 10.0.13.176
+ A 10.0.13.177
+ A 10.0.13.178
+ A 10.0.13.179
+ A 10.0.13.180
+ A 10.0.13.181
+ A 10.0.13.182
+ A 10.0.13.183
+ A 10.0.13.184
+ A 10.0.13.185
+ A 10.0.13.186
+ A 10.0.13.187
+ A 10.0.13.188
+ A 10.0.13.189
+ A 10.0.13.190
+ A 10.0.13.191
+ A 10.0.13.192
+ A 10.0.13.193
+ A 10.0.13.194
+ A 10.0.13.195
+ A 10.0.13.196
+ A 10.0.13.197
+ A 10.0.13.198
+ A 10.0.13.199
+ A 10.0.13.200
+ A 10.0.13.201
+ A 10.0.13.202
+ A 10.0.13.203
+ A 10.0.13.204
+ A 10.0.13.205
+ A 10.0.13.206
+ A 10.0.13.207
+ A 10.0.13.208
+ A 10.0.13.209
+ A 10.0.13.210
+ A 10.0.13.211
+ A 10.0.13.212
+ A 10.0.13.213
+ A 10.0.13.214
+ A 10.0.13.215
+ A 10.0.13.216
+ A 10.0.13.217
+ A 10.0.13.218
+ A 10.0.13.219
+ A 10.0.13.220
+ A 10.0.13.221
+ A 10.0.13.222
+ A 10.0.13.223
+ A 10.0.13.224
+ A 10.0.13.225
+ A 10.0.13.226
+ A 10.0.13.227
+ A 10.0.13.228
+ A 10.0.13.229
+ A 10.0.13.230
+ A 10.0.13.231
+ A 10.0.13.232
+ A 10.0.13.233
+ A 10.0.13.234
+ A 10.0.13.235
+ A 10.0.13.236
+ A 10.0.13.237
+ A 10.0.13.238
+ A 10.0.13.239
+ A 10.0.13.240
+ A 10.0.13.241
+ A 10.0.13.242
+ A 10.0.13.243
+ A 10.0.13.244
+ A 10.0.13.245
+ A 10.0.13.246
+ A 10.0.13.247
+ A 10.0.13.248
+ A 10.0.13.249
+ A 10.0.13.250
+ A 10.0.13.251
+ A 10.0.13.252
+ A 10.0.13.253
+ A 10.0.13.254
+ A 10.0.13.255
+ A 10.0.14.0
+ A 10.0.14.1
+ A 10.0.14.2
+ A 10.0.14.3
+ A 10.0.14.4
+ A 10.0.14.5
+ A 10.0.14.6
+ A 10.0.14.7
+ A 10.0.14.8
+ A 10.0.14.9
+ A 10.0.14.10
+ A 10.0.14.11
+ A 10.0.14.12
+ A 10.0.14.13
+ A 10.0.14.14
+ A 10.0.14.15
+ A 10.0.14.16
+ A 10.0.14.17
+ A 10.0.14.18
+ A 10.0.14.19
+ A 10.0.14.20
+ A 10.0.14.21
+ A 10.0.14.22
+ A 10.0.14.23
+ A 10.0.14.24
+ A 10.0.14.25
+ A 10.0.14.26
+ A 10.0.14.27
+ A 10.0.14.28
+ A 10.0.14.29
+ A 10.0.14.30
+ A 10.0.14.31
+ A 10.0.14.32
+ A 10.0.14.33
+ A 10.0.14.34
+ A 10.0.14.35
+ A 10.0.14.36
+ A 10.0.14.37
+ A 10.0.14.38
+ A 10.0.14.39
+ A 10.0.14.40
+ A 10.0.14.41
+ A 10.0.14.42
+ A 10.0.14.43
+ A 10.0.14.44
+ A 10.0.14.45
+ A 10.0.14.46
+ A 10.0.14.47
+ A 10.0.14.48
+ A 10.0.14.49
+ A 10.0.14.50
+ A 10.0.14.51
+ A 10.0.14.52
+ A 10.0.14.53
+ A 10.0.14.54
+ A 10.0.14.55
+ A 10.0.14.56
+ A 10.0.14.57
+ A 10.0.14.58
+ A 10.0.14.59
+ A 10.0.14.60
+ A 10.0.14.61
+ A 10.0.14.62
+ A 10.0.14.63
+ A 10.0.14.64
+ A 10.0.14.65
+ A 10.0.14.66
+ A 10.0.14.67
+ A 10.0.14.68
+ A 10.0.14.69
+ A 10.0.14.70
+ A 10.0.14.71
+ A 10.0.14.72
+ A 10.0.14.73
+ A 10.0.14.74
+ A 10.0.14.75
+ A 10.0.14.76
+ A 10.0.14.77
+ A 10.0.14.78
+ A 10.0.14.79
+ A 10.0.14.80
+ A 10.0.14.81
+ A 10.0.14.82
+ A 10.0.14.83
+ A 10.0.14.84
+ A 10.0.14.85
+ A 10.0.14.86
+ A 10.0.14.87
+ A 10.0.14.88
+ A 10.0.14.89
+ A 10.0.14.90
+ A 10.0.14.91
+ A 10.0.14.92
+ A 10.0.14.93
+ A 10.0.14.94
+ A 10.0.14.95
+ A 10.0.14.96
+ A 10.0.14.97
+ A 10.0.14.98
+ A 10.0.14.99
+ A 10.0.14.100
+ A 10.0.14.101
+ A 10.0.14.102
+ A 10.0.14.103
+ A 10.0.14.104
+ A 10.0.14.105
+ A 10.0.14.106
+ A 10.0.14.107
+ A 10.0.14.108
+ A 10.0.14.109
+ A 10.0.14.110
+ A 10.0.14.111
+ A 10.0.14.112
+ A 10.0.14.113
+ A 10.0.14.114
+ A 10.0.14.115
+ A 10.0.14.116
+ A 10.0.14.117
+ A 10.0.14.118
+ A 10.0.14.119
+ A 10.0.14.120
+ A 10.0.14.121
+ A 10.0.14.122
+ A 10.0.14.123
+ A 10.0.14.124
+ A 10.0.14.125
+ A 10.0.14.126
+ A 10.0.14.127
+ A 10.0.14.128
+ A 10.0.14.129
+ A 10.0.14.130
+ A 10.0.14.131
+ A 10.0.14.132
+ A 10.0.14.133
+ A 10.0.14.134
+ A 10.0.14.135
+ A 10.0.14.136
+ A 10.0.14.137
+ A 10.0.14.138
+ A 10.0.14.139
+ A 10.0.14.140
+ A 10.0.14.141
+ A 10.0.14.142
+ A 10.0.14.143
+ A 10.0.14.144
+ A 10.0.14.145
+ A 10.0.14.146
+ A 10.0.14.147
+ A 10.0.14.148
+ A 10.0.14.149
+ A 10.0.14.150
+ A 10.0.14.151
+ A 10.0.14.152
+ A 10.0.14.153
+ A 10.0.14.154
+ A 10.0.14.155
+ A 10.0.14.156
+ A 10.0.14.157
+ A 10.0.14.158
+ A 10.0.14.159
+ A 10.0.14.160
+ A 10.0.14.161
+ A 10.0.14.162
+ A 10.0.14.163
+ A 10.0.14.164
+ A 10.0.14.165
+ A 10.0.14.166
+ A 10.0.14.167
+ A 10.0.14.168
+ A 10.0.14.169
+ A 10.0.14.170
+ A 10.0.14.171
+ A 10.0.14.172
+ A 10.0.14.173
+ A 10.0.14.174
+ A 10.0.14.175
+ A 10.0.14.176
+ A 10.0.14.177
+ A 10.0.14.178
+ A 10.0.14.179
+ A 10.0.14.180
+ A 10.0.14.181
+ A 10.0.14.182
+ A 10.0.14.183
+ A 10.0.14.184
+ A 10.0.14.185
+ A 10.0.14.186
+ A 10.0.14.187
+ A 10.0.14.188
+ A 10.0.14.189
+ A 10.0.14.190
+ A 10.0.14.191
+ A 10.0.14.192
+ A 10.0.14.193
+ A 10.0.14.194
+ A 10.0.14.195
+ A 10.0.14.196
+ A 10.0.14.197
+ A 10.0.14.198
+ A 10.0.14.199
+ A 10.0.14.200
+ A 10.0.14.201
+ A 10.0.14.202
+ A 10.0.14.203
+ A 10.0.14.204
+ A 10.0.14.205
+ A 10.0.14.206
+ A 10.0.14.207
+ A 10.0.14.208
+ A 10.0.14.209
+ A 10.0.14.210
+ A 10.0.14.211
+ A 10.0.14.212
+ A 10.0.14.213
+ A 10.0.14.214
+ A 10.0.14.215
+ A 10.0.14.216
+ A 10.0.14.217
+ A 10.0.14.218
+ A 10.0.14.219
+ A 10.0.14.220
+ A 10.0.14.221
+ A 10.0.14.222
+ A 10.0.14.223
+ A 10.0.14.224
+ A 10.0.14.225
+ A 10.0.14.226
+ A 10.0.14.227
+ A 10.0.14.228
+ A 10.0.14.229
+ A 10.0.14.230
+ A 10.0.14.231
+ A 10.0.14.232
+ A 10.0.14.233
+ A 10.0.14.234
+ A 10.0.14.235
+ A 10.0.14.236
+ A 10.0.14.237
+ A 10.0.14.238
+ A 10.0.14.239
+ A 10.0.14.240
+ A 10.0.14.241
+ A 10.0.14.242
+ A 10.0.14.243
+ A 10.0.14.244
+ A 10.0.14.245
+ A 10.0.14.246
+ A 10.0.14.247
+ A 10.0.14.248
+ A 10.0.14.249
+ A 10.0.14.250
+ A 10.0.14.251
+ A 10.0.14.252
+ A 10.0.14.253
+ A 10.0.14.254
+ A 10.0.14.255
+ A 10.0.15.0
+ A 10.0.15.1
+ A 10.0.15.2
+ A 10.0.15.3
+ A 10.0.15.4
+ A 10.0.15.5
+ A 10.0.15.6
+ A 10.0.15.7
+ A 10.0.15.8
+ A 10.0.15.9
+ A 10.0.15.10
+ A 10.0.15.11
+ A 10.0.15.12
+ A 10.0.15.13
+ A 10.0.15.14
+ A 10.0.15.15
+ A 10.0.15.16
+ A 10.0.15.17
+ A 10.0.15.18
+ A 10.0.15.19
+ A 10.0.15.20
+ A 10.0.15.21
+ A 10.0.15.22
+ A 10.0.15.23
+ A 10.0.15.24
+ A 10.0.15.25
+ A 10.0.15.26
+ A 10.0.15.27
+ A 10.0.15.28
+ A 10.0.15.29
+ A 10.0.15.30
+ A 10.0.15.31
+ A 10.0.15.32
+ A 10.0.15.33
+ A 10.0.15.34
+ A 10.0.15.35
+ A 10.0.15.36
+ A 10.0.15.37
+ A 10.0.15.38
+ A 10.0.15.39
+ A 10.0.15.40
+ A 10.0.15.41
+ A 10.0.15.42
+ A 10.0.15.43
+ A 10.0.15.44
+ A 10.0.15.45
+ A 10.0.15.46
+ A 10.0.15.47
+ A 10.0.15.48
+ A 10.0.15.49
+ A 10.0.15.50
+ A 10.0.15.51
+ A 10.0.15.52
+ A 10.0.15.53
+ A 10.0.15.54
+ A 10.0.15.55
+ A 10.0.15.56
+ A 10.0.15.57
+ A 10.0.15.58
+ A 10.0.15.59
+ A 10.0.15.60
+ A 10.0.15.61
+ A 10.0.15.62
+ A 10.0.15.63
+ A 10.0.15.64
+ A 10.0.15.65
+ A 10.0.15.66
+ A 10.0.15.67
+ A 10.0.15.68
+ A 10.0.15.69
+ A 10.0.15.70
+ A 10.0.15.71
+ A 10.0.15.72
+ A 10.0.15.73
+ A 10.0.15.74
+ A 10.0.15.75
+ A 10.0.15.76
+ A 10.0.15.77
+ A 10.0.15.78
+ A 10.0.15.79
+ A 10.0.15.80
+ A 10.0.15.81
+ A 10.0.15.82
+ A 10.0.15.83
+ A 10.0.15.84
+ A 10.0.15.85
+ A 10.0.15.86
+ A 10.0.15.87
+ A 10.0.15.88
+ A 10.0.15.89
+ A 10.0.15.90
+ A 10.0.15.91
+ A 10.0.15.92
+ A 10.0.15.93
+ A 10.0.15.94
+ A 10.0.15.95
+ A 10.0.15.96
+ A 10.0.15.97
+ A 10.0.15.98
+ A 10.0.15.99
+ A 10.0.15.100
+ A 10.0.15.101
+ A 10.0.15.102
+ A 10.0.15.103
+ A 10.0.15.104
+ A 10.0.15.105
+ A 10.0.15.106
+ A 10.0.15.107
+ A 10.0.15.108
+ A 10.0.15.109
+ A 10.0.15.110
+ A 10.0.15.111
+ A 10.0.15.112
+ A 10.0.15.113
+ A 10.0.15.114
+ A 10.0.15.115
+ A 10.0.15.116
+ A 10.0.15.117
+ A 10.0.15.118
+ A 10.0.15.119
+ A 10.0.15.120
+ A 10.0.15.121
+ A 10.0.15.122
+ A 10.0.15.123
+ A 10.0.15.124
+ A 10.0.15.125
+ A 10.0.15.126
+ A 10.0.15.127
+ A 10.0.15.128
+ A 10.0.15.129
+ A 10.0.15.130
+ A 10.0.15.131
+ A 10.0.15.132
+ A 10.0.15.133
+ A 10.0.15.134
+ A 10.0.15.135
+ A 10.0.15.136
+ A 10.0.15.137
+ A 10.0.15.138
+ A 10.0.15.139
+ A 10.0.15.140
+ A 10.0.15.141
+ A 10.0.15.142
+ A 10.0.15.143
+ A 10.0.15.144
+ A 10.0.15.145
+ A 10.0.15.146
+ A 10.0.15.147
+ A 10.0.15.148
+ A 10.0.15.149
+ A 10.0.15.150
+ A 10.0.15.151
+ A 10.0.15.152
+ A 10.0.15.153
+ A 10.0.15.154
+ A 10.0.15.155
+ A 10.0.15.156
+ A 10.0.15.157
+ A 10.0.15.158
+ A 10.0.15.159
+5000 A 10.0.0.0
+ A 10.0.0.1
+ A 10.0.0.2
+ A 10.0.0.3
+ A 10.0.0.4
+ A 10.0.0.5
+ A 10.0.0.6
+ A 10.0.0.7
+ A 10.0.0.8
+ A 10.0.0.9
+ A 10.0.0.10
+ A 10.0.0.11
+ A 10.0.0.12
+ A 10.0.0.13
+ A 10.0.0.14
+ A 10.0.0.15
+ A 10.0.0.16
+ A 10.0.0.17
+ A 10.0.0.18
+ A 10.0.0.19
+ A 10.0.0.20
+ A 10.0.0.21
+ A 10.0.0.22
+ A 10.0.0.23
+ A 10.0.0.24
+ A 10.0.0.25
+ A 10.0.0.26
+ A 10.0.0.27
+ A 10.0.0.28
+ A 10.0.0.29
+ A 10.0.0.30
+ A 10.0.0.31
+ A 10.0.0.32
+ A 10.0.0.33
+ A 10.0.0.34
+ A 10.0.0.35
+ A 10.0.0.36
+ A 10.0.0.37
+ A 10.0.0.38
+ A 10.0.0.39
+ A 10.0.0.40
+ A 10.0.0.41
+ A 10.0.0.42
+ A 10.0.0.43
+ A 10.0.0.44
+ A 10.0.0.45
+ A 10.0.0.46
+ A 10.0.0.47
+ A 10.0.0.48
+ A 10.0.0.49
+ A 10.0.0.50
+ A 10.0.0.51
+ A 10.0.0.52
+ A 10.0.0.53
+ A 10.0.0.54
+ A 10.0.0.55
+ A 10.0.0.56
+ A 10.0.0.57
+ A 10.0.0.58
+ A 10.0.0.59
+ A 10.0.0.60
+ A 10.0.0.61
+ A 10.0.0.62
+ A 10.0.0.63
+ A 10.0.0.64
+ A 10.0.0.65
+ A 10.0.0.66
+ A 10.0.0.67
+ A 10.0.0.68
+ A 10.0.0.69
+ A 10.0.0.70
+ A 10.0.0.71
+ A 10.0.0.72
+ A 10.0.0.73
+ A 10.0.0.74
+ A 10.0.0.75
+ A 10.0.0.76
+ A 10.0.0.77
+ A 10.0.0.78
+ A 10.0.0.79
+ A 10.0.0.80
+ A 10.0.0.81
+ A 10.0.0.82
+ A 10.0.0.83
+ A 10.0.0.84
+ A 10.0.0.85
+ A 10.0.0.86
+ A 10.0.0.87
+ A 10.0.0.88
+ A 10.0.0.89
+ A 10.0.0.90
+ A 10.0.0.91
+ A 10.0.0.92
+ A 10.0.0.93
+ A 10.0.0.94
+ A 10.0.0.95
+ A 10.0.0.96
+ A 10.0.0.97
+ A 10.0.0.98
+ A 10.0.0.99
+ A 10.0.0.100
+ A 10.0.0.101
+ A 10.0.0.102
+ A 10.0.0.103
+ A 10.0.0.104
+ A 10.0.0.105
+ A 10.0.0.106
+ A 10.0.0.107
+ A 10.0.0.108
+ A 10.0.0.109
+ A 10.0.0.110
+ A 10.0.0.111
+ A 10.0.0.112
+ A 10.0.0.113
+ A 10.0.0.114
+ A 10.0.0.115
+ A 10.0.0.116
+ A 10.0.0.117
+ A 10.0.0.118
+ A 10.0.0.119
+ A 10.0.0.120
+ A 10.0.0.121
+ A 10.0.0.122
+ A 10.0.0.123
+ A 10.0.0.124
+ A 10.0.0.125
+ A 10.0.0.126
+ A 10.0.0.127
+ A 10.0.0.128
+ A 10.0.0.129
+ A 10.0.0.130
+ A 10.0.0.131
+ A 10.0.0.132
+ A 10.0.0.133
+ A 10.0.0.134
+ A 10.0.0.135
+ A 10.0.0.136
+ A 10.0.0.137
+ A 10.0.0.138
+ A 10.0.0.139
+ A 10.0.0.140
+ A 10.0.0.141
+ A 10.0.0.142
+ A 10.0.0.143
+ A 10.0.0.144
+ A 10.0.0.145
+ A 10.0.0.146
+ A 10.0.0.147
+ A 10.0.0.148
+ A 10.0.0.149
+ A 10.0.0.150
+ A 10.0.0.151
+ A 10.0.0.152
+ A 10.0.0.153
+ A 10.0.0.154
+ A 10.0.0.155
+ A 10.0.0.156
+ A 10.0.0.157
+ A 10.0.0.158
+ A 10.0.0.159
+ A 10.0.0.160
+ A 10.0.0.161
+ A 10.0.0.162
+ A 10.0.0.163
+ A 10.0.0.164
+ A 10.0.0.165
+ A 10.0.0.166
+ A 10.0.0.167
+ A 10.0.0.168
+ A 10.0.0.169
+ A 10.0.0.170
+ A 10.0.0.171
+ A 10.0.0.172
+ A 10.0.0.173
+ A 10.0.0.174
+ A 10.0.0.175
+ A 10.0.0.176
+ A 10.0.0.177
+ A 10.0.0.178
+ A 10.0.0.179
+ A 10.0.0.180
+ A 10.0.0.181
+ A 10.0.0.182
+ A 10.0.0.183
+ A 10.0.0.184
+ A 10.0.0.185
+ A 10.0.0.186
+ A 10.0.0.187
+ A 10.0.0.188
+ A 10.0.0.189
+ A 10.0.0.190
+ A 10.0.0.191
+ A 10.0.0.192
+ A 10.0.0.193
+ A 10.0.0.194
+ A 10.0.0.195
+ A 10.0.0.196
+ A 10.0.0.197
+ A 10.0.0.198
+ A 10.0.0.199
+ A 10.0.0.200
+ A 10.0.0.201
+ A 10.0.0.202
+ A 10.0.0.203
+ A 10.0.0.204
+ A 10.0.0.205
+ A 10.0.0.206
+ A 10.0.0.207
+ A 10.0.0.208
+ A 10.0.0.209
+ A 10.0.0.210
+ A 10.0.0.211
+ A 10.0.0.212
+ A 10.0.0.213
+ A 10.0.0.214
+ A 10.0.0.215
+ A 10.0.0.216
+ A 10.0.0.217
+ A 10.0.0.218
+ A 10.0.0.219
+ A 10.0.0.220
+ A 10.0.0.221
+ A 10.0.0.222
+ A 10.0.0.223
+ A 10.0.0.224
+ A 10.0.0.225
+ A 10.0.0.226
+ A 10.0.0.227
+ A 10.0.0.228
+ A 10.0.0.229
+ A 10.0.0.230
+ A 10.0.0.231
+ A 10.0.0.232
+ A 10.0.0.233
+ A 10.0.0.234
+ A 10.0.0.235
+ A 10.0.0.236
+ A 10.0.0.237
+ A 10.0.0.238
+ A 10.0.0.239
+ A 10.0.0.240
+ A 10.0.0.241
+ A 10.0.0.242
+ A 10.0.0.243
+ A 10.0.0.244
+ A 10.0.0.245
+ A 10.0.0.246
+ A 10.0.0.247
+ A 10.0.0.248
+ A 10.0.0.249
+ A 10.0.0.250
+ A 10.0.0.251
+ A 10.0.0.252
+ A 10.0.0.253
+ A 10.0.0.254
+ A 10.0.0.255
+ A 10.0.1.0
+ A 10.0.1.1
+ A 10.0.1.2
+ A 10.0.1.3
+ A 10.0.1.4
+ A 10.0.1.5
+ A 10.0.1.6
+ A 10.0.1.7
+ A 10.0.1.8
+ A 10.0.1.9
+ A 10.0.1.10
+ A 10.0.1.11
+ A 10.0.1.12
+ A 10.0.1.13
+ A 10.0.1.14
+ A 10.0.1.15
+ A 10.0.1.16
+ A 10.0.1.17
+ A 10.0.1.18
+ A 10.0.1.19
+ A 10.0.1.20
+ A 10.0.1.21
+ A 10.0.1.22
+ A 10.0.1.23
+ A 10.0.1.24
+ A 10.0.1.25
+ A 10.0.1.26
+ A 10.0.1.27
+ A 10.0.1.28
+ A 10.0.1.29
+ A 10.0.1.30
+ A 10.0.1.31
+ A 10.0.1.32
+ A 10.0.1.33
+ A 10.0.1.34
+ A 10.0.1.35
+ A 10.0.1.36
+ A 10.0.1.37
+ A 10.0.1.38
+ A 10.0.1.39
+ A 10.0.1.40
+ A 10.0.1.41
+ A 10.0.1.42
+ A 10.0.1.43
+ A 10.0.1.44
+ A 10.0.1.45
+ A 10.0.1.46
+ A 10.0.1.47
+ A 10.0.1.48
+ A 10.0.1.49
+ A 10.0.1.50
+ A 10.0.1.51
+ A 10.0.1.52
+ A 10.0.1.53
+ A 10.0.1.54
+ A 10.0.1.55
+ A 10.0.1.56
+ A 10.0.1.57
+ A 10.0.1.58
+ A 10.0.1.59
+ A 10.0.1.60
+ A 10.0.1.61
+ A 10.0.1.62
+ A 10.0.1.63
+ A 10.0.1.64
+ A 10.0.1.65
+ A 10.0.1.66
+ A 10.0.1.67
+ A 10.0.1.68
+ A 10.0.1.69
+ A 10.0.1.70
+ A 10.0.1.71
+ A 10.0.1.72
+ A 10.0.1.73
+ A 10.0.1.74
+ A 10.0.1.75
+ A 10.0.1.76
+ A 10.0.1.77
+ A 10.0.1.78
+ A 10.0.1.79
+ A 10.0.1.80
+ A 10.0.1.81
+ A 10.0.1.82
+ A 10.0.1.83
+ A 10.0.1.84
+ A 10.0.1.85
+ A 10.0.1.86
+ A 10.0.1.87
+ A 10.0.1.88
+ A 10.0.1.89
+ A 10.0.1.90
+ A 10.0.1.91
+ A 10.0.1.92
+ A 10.0.1.93
+ A 10.0.1.94
+ A 10.0.1.95
+ A 10.0.1.96
+ A 10.0.1.97
+ A 10.0.1.98
+ A 10.0.1.99
+ A 10.0.1.100
+ A 10.0.1.101
+ A 10.0.1.102
+ A 10.0.1.103
+ A 10.0.1.104
+ A 10.0.1.105
+ A 10.0.1.106
+ A 10.0.1.107
+ A 10.0.1.108
+ A 10.0.1.109
+ A 10.0.1.110
+ A 10.0.1.111
+ A 10.0.1.112
+ A 10.0.1.113
+ A 10.0.1.114
+ A 10.0.1.115
+ A 10.0.1.116
+ A 10.0.1.117
+ A 10.0.1.118
+ A 10.0.1.119
+ A 10.0.1.120
+ A 10.0.1.121
+ A 10.0.1.122
+ A 10.0.1.123
+ A 10.0.1.124
+ A 10.0.1.125
+ A 10.0.1.126
+ A 10.0.1.127
+ A 10.0.1.128
+ A 10.0.1.129
+ A 10.0.1.130
+ A 10.0.1.131
+ A 10.0.1.132
+ A 10.0.1.133
+ A 10.0.1.134
+ A 10.0.1.135
+ A 10.0.1.136
+ A 10.0.1.137
+ A 10.0.1.138
+ A 10.0.1.139
+ A 10.0.1.140
+ A 10.0.1.141
+ A 10.0.1.142
+ A 10.0.1.143
+ A 10.0.1.144
+ A 10.0.1.145
+ A 10.0.1.146
+ A 10.0.1.147
+ A 10.0.1.148
+ A 10.0.1.149
+ A 10.0.1.150
+ A 10.0.1.151
+ A 10.0.1.152
+ A 10.0.1.153
+ A 10.0.1.154
+ A 10.0.1.155
+ A 10.0.1.156
+ A 10.0.1.157
+ A 10.0.1.158
+ A 10.0.1.159
+ A 10.0.1.160
+ A 10.0.1.161
+ A 10.0.1.162
+ A 10.0.1.163
+ A 10.0.1.164
+ A 10.0.1.165
+ A 10.0.1.166
+ A 10.0.1.167
+ A 10.0.1.168
+ A 10.0.1.169
+ A 10.0.1.170
+ A 10.0.1.171
+ A 10.0.1.172
+ A 10.0.1.173
+ A 10.0.1.174
+ A 10.0.1.175
+ A 10.0.1.176
+ A 10.0.1.177
+ A 10.0.1.178
+ A 10.0.1.179
+ A 10.0.1.180
+ A 10.0.1.181
+ A 10.0.1.182
+ A 10.0.1.183
+ A 10.0.1.184
+ A 10.0.1.185
+ A 10.0.1.186
+ A 10.0.1.187
+ A 10.0.1.188
+ A 10.0.1.189
+ A 10.0.1.190
+ A 10.0.1.191
+ A 10.0.1.192
+ A 10.0.1.193
+ A 10.0.1.194
+ A 10.0.1.195
+ A 10.0.1.196
+ A 10.0.1.197
+ A 10.0.1.198
+ A 10.0.1.199
+ A 10.0.1.200
+ A 10.0.1.201
+ A 10.0.1.202
+ A 10.0.1.203
+ A 10.0.1.204
+ A 10.0.1.205
+ A 10.0.1.206
+ A 10.0.1.207
+ A 10.0.1.208
+ A 10.0.1.209
+ A 10.0.1.210
+ A 10.0.1.211
+ A 10.0.1.212
+ A 10.0.1.213
+ A 10.0.1.214
+ A 10.0.1.215
+ A 10.0.1.216
+ A 10.0.1.217
+ A 10.0.1.218
+ A 10.0.1.219
+ A 10.0.1.220
+ A 10.0.1.221
+ A 10.0.1.222
+ A 10.0.1.223
+ A 10.0.1.224
+ A 10.0.1.225
+ A 10.0.1.226
+ A 10.0.1.227
+ A 10.0.1.228
+ A 10.0.1.229
+ A 10.0.1.230
+ A 10.0.1.231
+ A 10.0.1.232
+ A 10.0.1.233
+ A 10.0.1.234
+ A 10.0.1.235
+ A 10.0.1.236
+ A 10.0.1.237
+ A 10.0.1.238
+ A 10.0.1.239
+ A 10.0.1.240
+ A 10.0.1.241
+ A 10.0.1.242
+ A 10.0.1.243
+ A 10.0.1.244
+ A 10.0.1.245
+ A 10.0.1.246
+ A 10.0.1.247
+ A 10.0.1.248
+ A 10.0.1.249
+ A 10.0.1.250
+ A 10.0.1.251
+ A 10.0.1.252
+ A 10.0.1.253
+ A 10.0.1.254
+ A 10.0.1.255
+ A 10.0.2.0
+ A 10.0.2.1
+ A 10.0.2.2
+ A 10.0.2.3
+ A 10.0.2.4
+ A 10.0.2.5
+ A 10.0.2.6
+ A 10.0.2.7
+ A 10.0.2.8
+ A 10.0.2.9
+ A 10.0.2.10
+ A 10.0.2.11
+ A 10.0.2.12
+ A 10.0.2.13
+ A 10.0.2.14
+ A 10.0.2.15
+ A 10.0.2.16
+ A 10.0.2.17
+ A 10.0.2.18
+ A 10.0.2.19
+ A 10.0.2.20
+ A 10.0.2.21
+ A 10.0.2.22
+ A 10.0.2.23
+ A 10.0.2.24
+ A 10.0.2.25
+ A 10.0.2.26
+ A 10.0.2.27
+ A 10.0.2.28
+ A 10.0.2.29
+ A 10.0.2.30
+ A 10.0.2.31
+ A 10.0.2.32
+ A 10.0.2.33
+ A 10.0.2.34
+ A 10.0.2.35
+ A 10.0.2.36
+ A 10.0.2.37
+ A 10.0.2.38
+ A 10.0.2.39
+ A 10.0.2.40
+ A 10.0.2.41
+ A 10.0.2.42
+ A 10.0.2.43
+ A 10.0.2.44
+ A 10.0.2.45
+ A 10.0.2.46
+ A 10.0.2.47
+ A 10.0.2.48
+ A 10.0.2.49
+ A 10.0.2.50
+ A 10.0.2.51
+ A 10.0.2.52
+ A 10.0.2.53
+ A 10.0.2.54
+ A 10.0.2.55
+ A 10.0.2.56
+ A 10.0.2.57
+ A 10.0.2.58
+ A 10.0.2.59
+ A 10.0.2.60
+ A 10.0.2.61
+ A 10.0.2.62
+ A 10.0.2.63
+ A 10.0.2.64
+ A 10.0.2.65
+ A 10.0.2.66
+ A 10.0.2.67
+ A 10.0.2.68
+ A 10.0.2.69
+ A 10.0.2.70
+ A 10.0.2.71
+ A 10.0.2.72
+ A 10.0.2.73
+ A 10.0.2.74
+ A 10.0.2.75
+ A 10.0.2.76
+ A 10.0.2.77
+ A 10.0.2.78
+ A 10.0.2.79
+ A 10.0.2.80
+ A 10.0.2.81
+ A 10.0.2.82
+ A 10.0.2.83
+ A 10.0.2.84
+ A 10.0.2.85
+ A 10.0.2.86
+ A 10.0.2.87
+ A 10.0.2.88
+ A 10.0.2.89
+ A 10.0.2.90
+ A 10.0.2.91
+ A 10.0.2.92
+ A 10.0.2.93
+ A 10.0.2.94
+ A 10.0.2.95
+ A 10.0.2.96
+ A 10.0.2.97
+ A 10.0.2.98
+ A 10.0.2.99
+ A 10.0.2.100
+ A 10.0.2.101
+ A 10.0.2.102
+ A 10.0.2.103
+ A 10.0.2.104
+ A 10.0.2.105
+ A 10.0.2.106
+ A 10.0.2.107
+ A 10.0.2.108
+ A 10.0.2.109
+ A 10.0.2.110
+ A 10.0.2.111
+ A 10.0.2.112
+ A 10.0.2.113
+ A 10.0.2.114
+ A 10.0.2.115
+ A 10.0.2.116
+ A 10.0.2.117
+ A 10.0.2.118
+ A 10.0.2.119
+ A 10.0.2.120
+ A 10.0.2.121
+ A 10.0.2.122
+ A 10.0.2.123
+ A 10.0.2.124
+ A 10.0.2.125
+ A 10.0.2.126
+ A 10.0.2.127
+ A 10.0.2.128
+ A 10.0.2.129
+ A 10.0.2.130
+ A 10.0.2.131
+ A 10.0.2.132
+ A 10.0.2.133
+ A 10.0.2.134
+ A 10.0.2.135
+ A 10.0.2.136
+ A 10.0.2.137
+ A 10.0.2.138
+ A 10.0.2.139
+ A 10.0.2.140
+ A 10.0.2.141
+ A 10.0.2.142
+ A 10.0.2.143
+ A 10.0.2.144
+ A 10.0.2.145
+ A 10.0.2.146
+ A 10.0.2.147
+ A 10.0.2.148
+ A 10.0.2.149
+ A 10.0.2.150
+ A 10.0.2.151
+ A 10.0.2.152
+ A 10.0.2.153
+ A 10.0.2.154
+ A 10.0.2.155
+ A 10.0.2.156
+ A 10.0.2.157
+ A 10.0.2.158
+ A 10.0.2.159
+ A 10.0.2.160
+ A 10.0.2.161
+ A 10.0.2.162
+ A 10.0.2.163
+ A 10.0.2.164
+ A 10.0.2.165
+ A 10.0.2.166
+ A 10.0.2.167
+ A 10.0.2.168
+ A 10.0.2.169
+ A 10.0.2.170
+ A 10.0.2.171
+ A 10.0.2.172
+ A 10.0.2.173
+ A 10.0.2.174
+ A 10.0.2.175
+ A 10.0.2.176
+ A 10.0.2.177
+ A 10.0.2.178
+ A 10.0.2.179
+ A 10.0.2.180
+ A 10.0.2.181
+ A 10.0.2.182
+ A 10.0.2.183
+ A 10.0.2.184
+ A 10.0.2.185
+ A 10.0.2.186
+ A 10.0.2.187
+ A 10.0.2.188
+ A 10.0.2.189
+ A 10.0.2.190
+ A 10.0.2.191
+ A 10.0.2.192
+ A 10.0.2.193
+ A 10.0.2.194
+ A 10.0.2.195
+ A 10.0.2.196
+ A 10.0.2.197
+ A 10.0.2.198
+ A 10.0.2.199
+ A 10.0.2.200
+ A 10.0.2.201
+ A 10.0.2.202
+ A 10.0.2.203
+ A 10.0.2.204
+ A 10.0.2.205
+ A 10.0.2.206
+ A 10.0.2.207
+ A 10.0.2.208
+ A 10.0.2.209
+ A 10.0.2.210
+ A 10.0.2.211
+ A 10.0.2.212
+ A 10.0.2.213
+ A 10.0.2.214
+ A 10.0.2.215
+ A 10.0.2.216
+ A 10.0.2.217
+ A 10.0.2.218
+ A 10.0.2.219
+ A 10.0.2.220
+ A 10.0.2.221
+ A 10.0.2.222
+ A 10.0.2.223
+ A 10.0.2.224
+ A 10.0.2.225
+ A 10.0.2.226
+ A 10.0.2.227
+ A 10.0.2.228
+ A 10.0.2.229
+ A 10.0.2.230
+ A 10.0.2.231
+ A 10.0.2.232
+ A 10.0.2.233
+ A 10.0.2.234
+ A 10.0.2.235
+ A 10.0.2.236
+ A 10.0.2.237
+ A 10.0.2.238
+ A 10.0.2.239
+ A 10.0.2.240
+ A 10.0.2.241
+ A 10.0.2.242
+ A 10.0.2.243
+ A 10.0.2.244
+ A 10.0.2.245
+ A 10.0.2.246
+ A 10.0.2.247
+ A 10.0.2.248
+ A 10.0.2.249
+ A 10.0.2.250
+ A 10.0.2.251
+ A 10.0.2.252
+ A 10.0.2.253
+ A 10.0.2.254
+ A 10.0.2.255
+ A 10.0.3.0
+ A 10.0.3.1
+ A 10.0.3.2
+ A 10.0.3.3
+ A 10.0.3.4
+ A 10.0.3.5
+ A 10.0.3.6
+ A 10.0.3.7
+ A 10.0.3.8
+ A 10.0.3.9
+ A 10.0.3.10
+ A 10.0.3.11
+ A 10.0.3.12
+ A 10.0.3.13
+ A 10.0.3.14
+ A 10.0.3.15
+ A 10.0.3.16
+ A 10.0.3.17
+ A 10.0.3.18
+ A 10.0.3.19
+ A 10.0.3.20
+ A 10.0.3.21
+ A 10.0.3.22
+ A 10.0.3.23
+ A 10.0.3.24
+ A 10.0.3.25
+ A 10.0.3.26
+ A 10.0.3.27
+ A 10.0.3.28
+ A 10.0.3.29
+ A 10.0.3.30
+ A 10.0.3.31
+ A 10.0.3.32
+ A 10.0.3.33
+ A 10.0.3.34
+ A 10.0.3.35
+ A 10.0.3.36
+ A 10.0.3.37
+ A 10.0.3.38
+ A 10.0.3.39
+ A 10.0.3.40
+ A 10.0.3.41
+ A 10.0.3.42
+ A 10.0.3.43
+ A 10.0.3.44
+ A 10.0.3.45
+ A 10.0.3.46
+ A 10.0.3.47
+ A 10.0.3.48
+ A 10.0.3.49
+ A 10.0.3.50
+ A 10.0.3.51
+ A 10.0.3.52
+ A 10.0.3.53
+ A 10.0.3.54
+ A 10.0.3.55
+ A 10.0.3.56
+ A 10.0.3.57
+ A 10.0.3.58
+ A 10.0.3.59
+ A 10.0.3.60
+ A 10.0.3.61
+ A 10.0.3.62
+ A 10.0.3.63
+ A 10.0.3.64
+ A 10.0.3.65
+ A 10.0.3.66
+ A 10.0.3.67
+ A 10.0.3.68
+ A 10.0.3.69
+ A 10.0.3.70
+ A 10.0.3.71
+ A 10.0.3.72
+ A 10.0.3.73
+ A 10.0.3.74
+ A 10.0.3.75
+ A 10.0.3.76
+ A 10.0.3.77
+ A 10.0.3.78
+ A 10.0.3.79
+ A 10.0.3.80
+ A 10.0.3.81
+ A 10.0.3.82
+ A 10.0.3.83
+ A 10.0.3.84
+ A 10.0.3.85
+ A 10.0.3.86
+ A 10.0.3.87
+ A 10.0.3.88
+ A 10.0.3.89
+ A 10.0.3.90
+ A 10.0.3.91
+ A 10.0.3.92
+ A 10.0.3.93
+ A 10.0.3.94
+ A 10.0.3.95
+ A 10.0.3.96
+ A 10.0.3.97
+ A 10.0.3.98
+ A 10.0.3.99
+ A 10.0.3.100
+ A 10.0.3.101
+ A 10.0.3.102
+ A 10.0.3.103
+ A 10.0.3.104
+ A 10.0.3.105
+ A 10.0.3.106
+ A 10.0.3.107
+ A 10.0.3.108
+ A 10.0.3.109
+ A 10.0.3.110
+ A 10.0.3.111
+ A 10.0.3.112
+ A 10.0.3.113
+ A 10.0.3.114
+ A 10.0.3.115
+ A 10.0.3.116
+ A 10.0.3.117
+ A 10.0.3.118
+ A 10.0.3.119
+ A 10.0.3.120
+ A 10.0.3.121
+ A 10.0.3.122
+ A 10.0.3.123
+ A 10.0.3.124
+ A 10.0.3.125
+ A 10.0.3.126
+ A 10.0.3.127
+ A 10.0.3.128
+ A 10.0.3.129
+ A 10.0.3.130
+ A 10.0.3.131
+ A 10.0.3.132
+ A 10.0.3.133
+ A 10.0.3.134
+ A 10.0.3.135
+ A 10.0.3.136
+ A 10.0.3.137
+ A 10.0.3.138
+ A 10.0.3.139
+ A 10.0.3.140
+ A 10.0.3.141
+ A 10.0.3.142
+ A 10.0.3.143
+ A 10.0.3.144
+ A 10.0.3.145
+ A 10.0.3.146
+ A 10.0.3.147
+ A 10.0.3.148
+ A 10.0.3.149
+ A 10.0.3.150
+ A 10.0.3.151
+ A 10.0.3.152
+ A 10.0.3.153
+ A 10.0.3.154
+ A 10.0.3.155
+ A 10.0.3.156
+ A 10.0.3.157
+ A 10.0.3.158
+ A 10.0.3.159
+ A 10.0.3.160
+ A 10.0.3.161
+ A 10.0.3.162
+ A 10.0.3.163
+ A 10.0.3.164
+ A 10.0.3.165
+ A 10.0.3.166
+ A 10.0.3.167
+ A 10.0.3.168
+ A 10.0.3.169
+ A 10.0.3.170
+ A 10.0.3.171
+ A 10.0.3.172
+ A 10.0.3.173
+ A 10.0.3.174
+ A 10.0.3.175
+ A 10.0.3.176
+ A 10.0.3.177
+ A 10.0.3.178
+ A 10.0.3.179
+ A 10.0.3.180
+ A 10.0.3.181
+ A 10.0.3.182
+ A 10.0.3.183
+ A 10.0.3.184
+ A 10.0.3.185
+ A 10.0.3.186
+ A 10.0.3.187
+ A 10.0.3.188
+ A 10.0.3.189
+ A 10.0.3.190
+ A 10.0.3.191
+ A 10.0.3.192
+ A 10.0.3.193
+ A 10.0.3.194
+ A 10.0.3.195
+ A 10.0.3.196
+ A 10.0.3.197
+ A 10.0.3.198
+ A 10.0.3.199
+ A 10.0.3.200
+ A 10.0.3.201
+ A 10.0.3.202
+ A 10.0.3.203
+ A 10.0.3.204
+ A 10.0.3.205
+ A 10.0.3.206
+ A 10.0.3.207
+ A 10.0.3.208
+ A 10.0.3.209
+ A 10.0.3.210
+ A 10.0.3.211
+ A 10.0.3.212
+ A 10.0.3.213
+ A 10.0.3.214
+ A 10.0.3.215
+ A 10.0.3.216
+ A 10.0.3.217
+ A 10.0.3.218
+ A 10.0.3.219
+ A 10.0.3.220
+ A 10.0.3.221
+ A 10.0.3.222
+ A 10.0.3.223
+ A 10.0.3.224
+ A 10.0.3.225
+ A 10.0.3.226
+ A 10.0.3.227
+ A 10.0.3.228
+ A 10.0.3.229
+ A 10.0.3.230
+ A 10.0.3.231
+ A 10.0.3.232
+ A 10.0.3.233
+ A 10.0.3.234
+ A 10.0.3.235
+ A 10.0.3.236
+ A 10.0.3.237
+ A 10.0.3.238
+ A 10.0.3.239
+ A 10.0.3.240
+ A 10.0.3.241
+ A 10.0.3.242
+ A 10.0.3.243
+ A 10.0.3.244
+ A 10.0.3.245
+ A 10.0.3.246
+ A 10.0.3.247
+ A 10.0.3.248
+ A 10.0.3.249
+ A 10.0.3.250
+ A 10.0.3.251
+ A 10.0.3.252
+ A 10.0.3.253
+ A 10.0.3.254
+ A 10.0.3.255
+ A 10.0.4.0
+ A 10.0.4.1
+ A 10.0.4.2
+ A 10.0.4.3
+ A 10.0.4.4
+ A 10.0.4.5
+ A 10.0.4.6
+ A 10.0.4.7
+ A 10.0.4.8
+ A 10.0.4.9
+ A 10.0.4.10
+ A 10.0.4.11
+ A 10.0.4.12
+ A 10.0.4.13
+ A 10.0.4.14
+ A 10.0.4.15
+ A 10.0.4.16
+ A 10.0.4.17
+ A 10.0.4.18
+ A 10.0.4.19
+ A 10.0.4.20
+ A 10.0.4.21
+ A 10.0.4.22
+ A 10.0.4.23
+ A 10.0.4.24
+ A 10.0.4.25
+ A 10.0.4.26
+ A 10.0.4.27
+ A 10.0.4.28
+ A 10.0.4.29
+ A 10.0.4.30
+ A 10.0.4.31
+ A 10.0.4.32
+ A 10.0.4.33
+ A 10.0.4.34
+ A 10.0.4.35
+ A 10.0.4.36
+ A 10.0.4.37
+ A 10.0.4.38
+ A 10.0.4.39
+ A 10.0.4.40
+ A 10.0.4.41
+ A 10.0.4.42
+ A 10.0.4.43
+ A 10.0.4.44
+ A 10.0.4.45
+ A 10.0.4.46
+ A 10.0.4.47
+ A 10.0.4.48
+ A 10.0.4.49
+ A 10.0.4.50
+ A 10.0.4.51
+ A 10.0.4.52
+ A 10.0.4.53
+ A 10.0.4.54
+ A 10.0.4.55
+ A 10.0.4.56
+ A 10.0.4.57
+ A 10.0.4.58
+ A 10.0.4.59
+ A 10.0.4.60
+ A 10.0.4.61
+ A 10.0.4.62
+ A 10.0.4.63
+ A 10.0.4.64
+ A 10.0.4.65
+ A 10.0.4.66
+ A 10.0.4.67
+ A 10.0.4.68
+ A 10.0.4.69
+ A 10.0.4.70
+ A 10.0.4.71
+ A 10.0.4.72
+ A 10.0.4.73
+ A 10.0.4.74
+ A 10.0.4.75
+ A 10.0.4.76
+ A 10.0.4.77
+ A 10.0.4.78
+ A 10.0.4.79
+ A 10.0.4.80
+ A 10.0.4.81
+ A 10.0.4.82
+ A 10.0.4.83
+ A 10.0.4.84
+ A 10.0.4.85
+ A 10.0.4.86
+ A 10.0.4.87
+ A 10.0.4.88
+ A 10.0.4.89
+ A 10.0.4.90
+ A 10.0.4.91
+ A 10.0.4.92
+ A 10.0.4.93
+ A 10.0.4.94
+ A 10.0.4.95
+ A 10.0.4.96
+ A 10.0.4.97
+ A 10.0.4.98
+ A 10.0.4.99
+ A 10.0.4.100
+ A 10.0.4.101
+ A 10.0.4.102
+ A 10.0.4.103
+ A 10.0.4.104
+ A 10.0.4.105
+ A 10.0.4.106
+ A 10.0.4.107
+ A 10.0.4.108
+ A 10.0.4.109
+ A 10.0.4.110
+ A 10.0.4.111
+ A 10.0.4.112
+ A 10.0.4.113
+ A 10.0.4.114
+ A 10.0.4.115
+ A 10.0.4.116
+ A 10.0.4.117
+ A 10.0.4.118
+ A 10.0.4.119
+ A 10.0.4.120
+ A 10.0.4.121
+ A 10.0.4.122
+ A 10.0.4.123
+ A 10.0.4.124
+ A 10.0.4.125
+ A 10.0.4.126
+ A 10.0.4.127
+ A 10.0.4.128
+ A 10.0.4.129
+ A 10.0.4.130
+ A 10.0.4.131
+ A 10.0.4.132
+ A 10.0.4.133
+ A 10.0.4.134
+ A 10.0.4.135
+ A 10.0.4.136
+ A 10.0.4.137
+ A 10.0.4.138
+ A 10.0.4.139
+ A 10.0.4.140
+ A 10.0.4.141
+ A 10.0.4.142
+ A 10.0.4.143
+ A 10.0.4.144
+ A 10.0.4.145
+ A 10.0.4.146
+ A 10.0.4.147
+ A 10.0.4.148
+ A 10.0.4.149
+ A 10.0.4.150
+ A 10.0.4.151
+ A 10.0.4.152
+ A 10.0.4.153
+ A 10.0.4.154
+ A 10.0.4.155
+ A 10.0.4.156
+ A 10.0.4.157
+ A 10.0.4.158
+ A 10.0.4.159
+ A 10.0.4.160
+ A 10.0.4.161
+ A 10.0.4.162
+ A 10.0.4.163
+ A 10.0.4.164
+ A 10.0.4.165
+ A 10.0.4.166
+ A 10.0.4.167
+ A 10.0.4.168
+ A 10.0.4.169
+ A 10.0.4.170
+ A 10.0.4.171
+ A 10.0.4.172
+ A 10.0.4.173
+ A 10.0.4.174
+ A 10.0.4.175
+ A 10.0.4.176
+ A 10.0.4.177
+ A 10.0.4.178
+ A 10.0.4.179
+ A 10.0.4.180
+ A 10.0.4.181
+ A 10.0.4.182
+ A 10.0.4.183
+ A 10.0.4.184
+ A 10.0.4.185
+ A 10.0.4.186
+ A 10.0.4.187
+ A 10.0.4.188
+ A 10.0.4.189
+ A 10.0.4.190
+ A 10.0.4.191
+ A 10.0.4.192
+ A 10.0.4.193
+ A 10.0.4.194
+ A 10.0.4.195
+ A 10.0.4.196
+ A 10.0.4.197
+ A 10.0.4.198
+ A 10.0.4.199
+ A 10.0.4.200
+ A 10.0.4.201
+ A 10.0.4.202
+ A 10.0.4.203
+ A 10.0.4.204
+ A 10.0.4.205
+ A 10.0.4.206
+ A 10.0.4.207
+ A 10.0.4.208
+ A 10.0.4.209
+ A 10.0.4.210
+ A 10.0.4.211
+ A 10.0.4.212
+ A 10.0.4.213
+ A 10.0.4.214
+ A 10.0.4.215
+ A 10.0.4.216
+ A 10.0.4.217
+ A 10.0.4.218
+ A 10.0.4.219
+ A 10.0.4.220
+ A 10.0.4.221
+ A 10.0.4.222
+ A 10.0.4.223
+ A 10.0.4.224
+ A 10.0.4.225
+ A 10.0.4.226
+ A 10.0.4.227
+ A 10.0.4.228
+ A 10.0.4.229
+ A 10.0.4.230
+ A 10.0.4.231
+ A 10.0.4.232
+ A 10.0.4.233
+ A 10.0.4.234
+ A 10.0.4.235
+ A 10.0.4.236
+ A 10.0.4.237
+ A 10.0.4.238
+ A 10.0.4.239
+ A 10.0.4.240
+ A 10.0.4.241
+ A 10.0.4.242
+ A 10.0.4.243
+ A 10.0.4.244
+ A 10.0.4.245
+ A 10.0.4.246
+ A 10.0.4.247
+ A 10.0.4.248
+ A 10.0.4.249
+ A 10.0.4.250
+ A 10.0.4.251
+ A 10.0.4.252
+ A 10.0.4.253
+ A 10.0.4.254
+ A 10.0.4.255
+ A 10.0.5.0
+ A 10.0.5.1
+ A 10.0.5.2
+ A 10.0.5.3
+ A 10.0.5.4
+ A 10.0.5.5
+ A 10.0.5.6
+ A 10.0.5.7
+ A 10.0.5.8
+ A 10.0.5.9
+ A 10.0.5.10
+ A 10.0.5.11
+ A 10.0.5.12
+ A 10.0.5.13
+ A 10.0.5.14
+ A 10.0.5.15
+ A 10.0.5.16
+ A 10.0.5.17
+ A 10.0.5.18
+ A 10.0.5.19
+ A 10.0.5.20
+ A 10.0.5.21
+ A 10.0.5.22
+ A 10.0.5.23
+ A 10.0.5.24
+ A 10.0.5.25
+ A 10.0.5.26
+ A 10.0.5.27
+ A 10.0.5.28
+ A 10.0.5.29
+ A 10.0.5.30
+ A 10.0.5.31
+ A 10.0.5.32
+ A 10.0.5.33
+ A 10.0.5.34
+ A 10.0.5.35
+ A 10.0.5.36
+ A 10.0.5.37
+ A 10.0.5.38
+ A 10.0.5.39
+ A 10.0.5.40
+ A 10.0.5.41
+ A 10.0.5.42
+ A 10.0.5.43
+ A 10.0.5.44
+ A 10.0.5.45
+ A 10.0.5.46
+ A 10.0.5.47
+ A 10.0.5.48
+ A 10.0.5.49
+ A 10.0.5.50
+ A 10.0.5.51
+ A 10.0.5.52
+ A 10.0.5.53
+ A 10.0.5.54
+ A 10.0.5.55
+ A 10.0.5.56
+ A 10.0.5.57
+ A 10.0.5.58
+ A 10.0.5.59
+ A 10.0.5.60
+ A 10.0.5.61
+ A 10.0.5.62
+ A 10.0.5.63
+ A 10.0.5.64
+ A 10.0.5.65
+ A 10.0.5.66
+ A 10.0.5.67
+ A 10.0.5.68
+ A 10.0.5.69
+ A 10.0.5.70
+ A 10.0.5.71
+ A 10.0.5.72
+ A 10.0.5.73
+ A 10.0.5.74
+ A 10.0.5.75
+ A 10.0.5.76
+ A 10.0.5.77
+ A 10.0.5.78
+ A 10.0.5.79
+ A 10.0.5.80
+ A 10.0.5.81
+ A 10.0.5.82
+ A 10.0.5.83
+ A 10.0.5.84
+ A 10.0.5.85
+ A 10.0.5.86
+ A 10.0.5.87
+ A 10.0.5.88
+ A 10.0.5.89
+ A 10.0.5.90
+ A 10.0.5.91
+ A 10.0.5.92
+ A 10.0.5.93
+ A 10.0.5.94
+ A 10.0.5.95
+ A 10.0.5.96
+ A 10.0.5.97
+ A 10.0.5.98
+ A 10.0.5.99
+ A 10.0.5.100
+ A 10.0.5.101
+ A 10.0.5.102
+ A 10.0.5.103
+ A 10.0.5.104
+ A 10.0.5.105
+ A 10.0.5.106
+ A 10.0.5.107
+ A 10.0.5.108
+ A 10.0.5.109
+ A 10.0.5.110
+ A 10.0.5.111
+ A 10.0.5.112
+ A 10.0.5.113
+ A 10.0.5.114
+ A 10.0.5.115
+ A 10.0.5.116
+ A 10.0.5.117
+ A 10.0.5.118
+ A 10.0.5.119
+ A 10.0.5.120
+ A 10.0.5.121
+ A 10.0.5.122
+ A 10.0.5.123
+ A 10.0.5.124
+ A 10.0.5.125
+ A 10.0.5.126
+ A 10.0.5.127
+ A 10.0.5.128
+ A 10.0.5.129
+ A 10.0.5.130
+ A 10.0.5.131
+ A 10.0.5.132
+ A 10.0.5.133
+ A 10.0.5.134
+ A 10.0.5.135
+ A 10.0.5.136
+ A 10.0.5.137
+ A 10.0.5.138
+ A 10.0.5.139
+ A 10.0.5.140
+ A 10.0.5.141
+ A 10.0.5.142
+ A 10.0.5.143
+ A 10.0.5.144
+ A 10.0.5.145
+ A 10.0.5.146
+ A 10.0.5.147
+ A 10.0.5.148
+ A 10.0.5.149
+ A 10.0.5.150
+ A 10.0.5.151
+ A 10.0.5.152
+ A 10.0.5.153
+ A 10.0.5.154
+ A 10.0.5.155
+ A 10.0.5.156
+ A 10.0.5.157
+ A 10.0.5.158
+ A 10.0.5.159
+ A 10.0.5.160
+ A 10.0.5.161
+ A 10.0.5.162
+ A 10.0.5.163
+ A 10.0.5.164
+ A 10.0.5.165
+ A 10.0.5.166
+ A 10.0.5.167
+ A 10.0.5.168
+ A 10.0.5.169
+ A 10.0.5.170
+ A 10.0.5.171
+ A 10.0.5.172
+ A 10.0.5.173
+ A 10.0.5.174
+ A 10.0.5.175
+ A 10.0.5.176
+ A 10.0.5.177
+ A 10.0.5.178
+ A 10.0.5.179
+ A 10.0.5.180
+ A 10.0.5.181
+ A 10.0.5.182
+ A 10.0.5.183
+ A 10.0.5.184
+ A 10.0.5.185
+ A 10.0.5.186
+ A 10.0.5.187
+ A 10.0.5.188
+ A 10.0.5.189
+ A 10.0.5.190
+ A 10.0.5.191
+ A 10.0.5.192
+ A 10.0.5.193
+ A 10.0.5.194
+ A 10.0.5.195
+ A 10.0.5.196
+ A 10.0.5.197
+ A 10.0.5.198
+ A 10.0.5.199
+ A 10.0.5.200
+ A 10.0.5.201
+ A 10.0.5.202
+ A 10.0.5.203
+ A 10.0.5.204
+ A 10.0.5.205
+ A 10.0.5.206
+ A 10.0.5.207
+ A 10.0.5.208
+ A 10.0.5.209
+ A 10.0.5.210
+ A 10.0.5.211
+ A 10.0.5.212
+ A 10.0.5.213
+ A 10.0.5.214
+ A 10.0.5.215
+ A 10.0.5.216
+ A 10.0.5.217
+ A 10.0.5.218
+ A 10.0.5.219
+ A 10.0.5.220
+ A 10.0.5.221
+ A 10.0.5.222
+ A 10.0.5.223
+ A 10.0.5.224
+ A 10.0.5.225
+ A 10.0.5.226
+ A 10.0.5.227
+ A 10.0.5.228
+ A 10.0.5.229
+ A 10.0.5.230
+ A 10.0.5.231
+ A 10.0.5.232
+ A 10.0.5.233
+ A 10.0.5.234
+ A 10.0.5.235
+ A 10.0.5.236
+ A 10.0.5.237
+ A 10.0.5.238
+ A 10.0.5.239
+ A 10.0.5.240
+ A 10.0.5.241
+ A 10.0.5.242
+ A 10.0.5.243
+ A 10.0.5.244
+ A 10.0.5.245
+ A 10.0.5.246
+ A 10.0.5.247
+ A 10.0.5.248
+ A 10.0.5.249
+ A 10.0.5.250
+ A 10.0.5.251
+ A 10.0.5.252
+ A 10.0.5.253
+ A 10.0.5.254
+ A 10.0.5.255
+ A 10.0.6.0
+ A 10.0.6.1
+ A 10.0.6.2
+ A 10.0.6.3
+ A 10.0.6.4
+ A 10.0.6.5
+ A 10.0.6.6
+ A 10.0.6.7
+ A 10.0.6.8
+ A 10.0.6.9
+ A 10.0.6.10
+ A 10.0.6.11
+ A 10.0.6.12
+ A 10.0.6.13
+ A 10.0.6.14
+ A 10.0.6.15
+ A 10.0.6.16
+ A 10.0.6.17
+ A 10.0.6.18
+ A 10.0.6.19
+ A 10.0.6.20
+ A 10.0.6.21
+ A 10.0.6.22
+ A 10.0.6.23
+ A 10.0.6.24
+ A 10.0.6.25
+ A 10.0.6.26
+ A 10.0.6.27
+ A 10.0.6.28
+ A 10.0.6.29
+ A 10.0.6.30
+ A 10.0.6.31
+ A 10.0.6.32
+ A 10.0.6.33
+ A 10.0.6.34
+ A 10.0.6.35
+ A 10.0.6.36
+ A 10.0.6.37
+ A 10.0.6.38
+ A 10.0.6.39
+ A 10.0.6.40
+ A 10.0.6.41
+ A 10.0.6.42
+ A 10.0.6.43
+ A 10.0.6.44
+ A 10.0.6.45
+ A 10.0.6.46
+ A 10.0.6.47
+ A 10.0.6.48
+ A 10.0.6.49
+ A 10.0.6.50
+ A 10.0.6.51
+ A 10.0.6.52
+ A 10.0.6.53
+ A 10.0.6.54
+ A 10.0.6.55
+ A 10.0.6.56
+ A 10.0.6.57
+ A 10.0.6.58
+ A 10.0.6.59
+ A 10.0.6.60
+ A 10.0.6.61
+ A 10.0.6.62
+ A 10.0.6.63
+ A 10.0.6.64
+ A 10.0.6.65
+ A 10.0.6.66
+ A 10.0.6.67
+ A 10.0.6.68
+ A 10.0.6.69
+ A 10.0.6.70
+ A 10.0.6.71
+ A 10.0.6.72
+ A 10.0.6.73
+ A 10.0.6.74
+ A 10.0.6.75
+ A 10.0.6.76
+ A 10.0.6.77
+ A 10.0.6.78
+ A 10.0.6.79
+ A 10.0.6.80
+ A 10.0.6.81
+ A 10.0.6.82
+ A 10.0.6.83
+ A 10.0.6.84
+ A 10.0.6.85
+ A 10.0.6.86
+ A 10.0.6.87
+ A 10.0.6.88
+ A 10.0.6.89
+ A 10.0.6.90
+ A 10.0.6.91
+ A 10.0.6.92
+ A 10.0.6.93
+ A 10.0.6.94
+ A 10.0.6.95
+ A 10.0.6.96
+ A 10.0.6.97
+ A 10.0.6.98
+ A 10.0.6.99
+ A 10.0.6.100
+ A 10.0.6.101
+ A 10.0.6.102
+ A 10.0.6.103
+ A 10.0.6.104
+ A 10.0.6.105
+ A 10.0.6.106
+ A 10.0.6.107
+ A 10.0.6.108
+ A 10.0.6.109
+ A 10.0.6.110
+ A 10.0.6.111
+ A 10.0.6.112
+ A 10.0.6.113
+ A 10.0.6.114
+ A 10.0.6.115
+ A 10.0.6.116
+ A 10.0.6.117
+ A 10.0.6.118
+ A 10.0.6.119
+ A 10.0.6.120
+ A 10.0.6.121
+ A 10.0.6.122
+ A 10.0.6.123
+ A 10.0.6.124
+ A 10.0.6.125
+ A 10.0.6.126
+ A 10.0.6.127
+ A 10.0.6.128
+ A 10.0.6.129
+ A 10.0.6.130
+ A 10.0.6.131
+ A 10.0.6.132
+ A 10.0.6.133
+ A 10.0.6.134
+ A 10.0.6.135
+ A 10.0.6.136
+ A 10.0.6.137
+ A 10.0.6.138
+ A 10.0.6.139
+ A 10.0.6.140
+ A 10.0.6.141
+ A 10.0.6.142
+ A 10.0.6.143
+ A 10.0.6.144
+ A 10.0.6.145
+ A 10.0.6.146
+ A 10.0.6.147
+ A 10.0.6.148
+ A 10.0.6.149
+ A 10.0.6.150
+ A 10.0.6.151
+ A 10.0.6.152
+ A 10.0.6.153
+ A 10.0.6.154
+ A 10.0.6.155
+ A 10.0.6.156
+ A 10.0.6.157
+ A 10.0.6.158
+ A 10.0.6.159
+ A 10.0.6.160
+ A 10.0.6.161
+ A 10.0.6.162
+ A 10.0.6.163
+ A 10.0.6.164
+ A 10.0.6.165
+ A 10.0.6.166
+ A 10.0.6.167
+ A 10.0.6.168
+ A 10.0.6.169
+ A 10.0.6.170
+ A 10.0.6.171
+ A 10.0.6.172
+ A 10.0.6.173
+ A 10.0.6.174
+ A 10.0.6.175
+ A 10.0.6.176
+ A 10.0.6.177
+ A 10.0.6.178
+ A 10.0.6.179
+ A 10.0.6.180
+ A 10.0.6.181
+ A 10.0.6.182
+ A 10.0.6.183
+ A 10.0.6.184
+ A 10.0.6.185
+ A 10.0.6.186
+ A 10.0.6.187
+ A 10.0.6.188
+ A 10.0.6.189
+ A 10.0.6.190
+ A 10.0.6.191
+ A 10.0.6.192
+ A 10.0.6.193
+ A 10.0.6.194
+ A 10.0.6.195
+ A 10.0.6.196
+ A 10.0.6.197
+ A 10.0.6.198
+ A 10.0.6.199
+ A 10.0.6.200
+ A 10.0.6.201
+ A 10.0.6.202
+ A 10.0.6.203
+ A 10.0.6.204
+ A 10.0.6.205
+ A 10.0.6.206
+ A 10.0.6.207
+ A 10.0.6.208
+ A 10.0.6.209
+ A 10.0.6.210
+ A 10.0.6.211
+ A 10.0.6.212
+ A 10.0.6.213
+ A 10.0.6.214
+ A 10.0.6.215
+ A 10.0.6.216
+ A 10.0.6.217
+ A 10.0.6.218
+ A 10.0.6.219
+ A 10.0.6.220
+ A 10.0.6.221
+ A 10.0.6.222
+ A 10.0.6.223
+ A 10.0.6.224
+ A 10.0.6.225
+ A 10.0.6.226
+ A 10.0.6.227
+ A 10.0.6.228
+ A 10.0.6.229
+ A 10.0.6.230
+ A 10.0.6.231
+ A 10.0.6.232
+ A 10.0.6.233
+ A 10.0.6.234
+ A 10.0.6.235
+ A 10.0.6.236
+ A 10.0.6.237
+ A 10.0.6.238
+ A 10.0.6.239
+ A 10.0.6.240
+ A 10.0.6.241
+ A 10.0.6.242
+ A 10.0.6.243
+ A 10.0.6.244
+ A 10.0.6.245
+ A 10.0.6.246
+ A 10.0.6.247
+ A 10.0.6.248
+ A 10.0.6.249
+ A 10.0.6.250
+ A 10.0.6.251
+ A 10.0.6.252
+ A 10.0.6.253
+ A 10.0.6.254
+ A 10.0.6.255
+ A 10.0.7.0
+ A 10.0.7.1
+ A 10.0.7.2
+ A 10.0.7.3
+ A 10.0.7.4
+ A 10.0.7.5
+ A 10.0.7.6
+ A 10.0.7.7
+ A 10.0.7.8
+ A 10.0.7.9
+ A 10.0.7.10
+ A 10.0.7.11
+ A 10.0.7.12
+ A 10.0.7.13
+ A 10.0.7.14
+ A 10.0.7.15
+ A 10.0.7.16
+ A 10.0.7.17
+ A 10.0.7.18
+ A 10.0.7.19
+ A 10.0.7.20
+ A 10.0.7.21
+ A 10.0.7.22
+ A 10.0.7.23
+ A 10.0.7.24
+ A 10.0.7.25
+ A 10.0.7.26
+ A 10.0.7.27
+ A 10.0.7.28
+ A 10.0.7.29
+ A 10.0.7.30
+ A 10.0.7.31
+ A 10.0.7.32
+ A 10.0.7.33
+ A 10.0.7.34
+ A 10.0.7.35
+ A 10.0.7.36
+ A 10.0.7.37
+ A 10.0.7.38
+ A 10.0.7.39
+ A 10.0.7.40
+ A 10.0.7.41
+ A 10.0.7.42
+ A 10.0.7.43
+ A 10.0.7.44
+ A 10.0.7.45
+ A 10.0.7.46
+ A 10.0.7.47
+ A 10.0.7.48
+ A 10.0.7.49
+ A 10.0.7.50
+ A 10.0.7.51
+ A 10.0.7.52
+ A 10.0.7.53
+ A 10.0.7.54
+ A 10.0.7.55
+ A 10.0.7.56
+ A 10.0.7.57
+ A 10.0.7.58
+ A 10.0.7.59
+ A 10.0.7.60
+ A 10.0.7.61
+ A 10.0.7.62
+ A 10.0.7.63
+ A 10.0.7.64
+ A 10.0.7.65
+ A 10.0.7.66
+ A 10.0.7.67
+ A 10.0.7.68
+ A 10.0.7.69
+ A 10.0.7.70
+ A 10.0.7.71
+ A 10.0.7.72
+ A 10.0.7.73
+ A 10.0.7.74
+ A 10.0.7.75
+ A 10.0.7.76
+ A 10.0.7.77
+ A 10.0.7.78
+ A 10.0.7.79
+ A 10.0.7.80
+ A 10.0.7.81
+ A 10.0.7.82
+ A 10.0.7.83
+ A 10.0.7.84
+ A 10.0.7.85
+ A 10.0.7.86
+ A 10.0.7.87
+ A 10.0.7.88
+ A 10.0.7.89
+ A 10.0.7.90
+ A 10.0.7.91
+ A 10.0.7.92
+ A 10.0.7.93
+ A 10.0.7.94
+ A 10.0.7.95
+ A 10.0.7.96
+ A 10.0.7.97
+ A 10.0.7.98
+ A 10.0.7.99
+ A 10.0.7.100
+ A 10.0.7.101
+ A 10.0.7.102
+ A 10.0.7.103
+ A 10.0.7.104
+ A 10.0.7.105
+ A 10.0.7.106
+ A 10.0.7.107
+ A 10.0.7.108
+ A 10.0.7.109
+ A 10.0.7.110
+ A 10.0.7.111
+ A 10.0.7.112
+ A 10.0.7.113
+ A 10.0.7.114
+ A 10.0.7.115
+ A 10.0.7.116
+ A 10.0.7.117
+ A 10.0.7.118
+ A 10.0.7.119
+ A 10.0.7.120
+ A 10.0.7.121
+ A 10.0.7.122
+ A 10.0.7.123
+ A 10.0.7.124
+ A 10.0.7.125
+ A 10.0.7.126
+ A 10.0.7.127
+ A 10.0.7.128
+ A 10.0.7.129
+ A 10.0.7.130
+ A 10.0.7.131
+ A 10.0.7.132
+ A 10.0.7.133
+ A 10.0.7.134
+ A 10.0.7.135
+ A 10.0.7.136
+ A 10.0.7.137
+ A 10.0.7.138
+ A 10.0.7.139
+ A 10.0.7.140
+ A 10.0.7.141
+ A 10.0.7.142
+ A 10.0.7.143
+ A 10.0.7.144
+ A 10.0.7.145
+ A 10.0.7.146
+ A 10.0.7.147
+ A 10.0.7.148
+ A 10.0.7.149
+ A 10.0.7.150
+ A 10.0.7.151
+ A 10.0.7.152
+ A 10.0.7.153
+ A 10.0.7.154
+ A 10.0.7.155
+ A 10.0.7.156
+ A 10.0.7.157
+ A 10.0.7.158
+ A 10.0.7.159
+ A 10.0.7.160
+ A 10.0.7.161
+ A 10.0.7.162
+ A 10.0.7.163
+ A 10.0.7.164
+ A 10.0.7.165
+ A 10.0.7.166
+ A 10.0.7.167
+ A 10.0.7.168
+ A 10.0.7.169
+ A 10.0.7.170
+ A 10.0.7.171
+ A 10.0.7.172
+ A 10.0.7.173
+ A 10.0.7.174
+ A 10.0.7.175
+ A 10.0.7.176
+ A 10.0.7.177
+ A 10.0.7.178
+ A 10.0.7.179
+ A 10.0.7.180
+ A 10.0.7.181
+ A 10.0.7.182
+ A 10.0.7.183
+ A 10.0.7.184
+ A 10.0.7.185
+ A 10.0.7.186
+ A 10.0.7.187
+ A 10.0.7.188
+ A 10.0.7.189
+ A 10.0.7.190
+ A 10.0.7.191
+ A 10.0.7.192
+ A 10.0.7.193
+ A 10.0.7.194
+ A 10.0.7.195
+ A 10.0.7.196
+ A 10.0.7.197
+ A 10.0.7.198
+ A 10.0.7.199
+ A 10.0.7.200
+ A 10.0.7.201
+ A 10.0.7.202
+ A 10.0.7.203
+ A 10.0.7.204
+ A 10.0.7.205
+ A 10.0.7.206
+ A 10.0.7.207
+ A 10.0.7.208
+ A 10.0.7.209
+ A 10.0.7.210
+ A 10.0.7.211
+ A 10.0.7.212
+ A 10.0.7.213
+ A 10.0.7.214
+ A 10.0.7.215
+ A 10.0.7.216
+ A 10.0.7.217
+ A 10.0.7.218
+ A 10.0.7.219
+ A 10.0.7.220
+ A 10.0.7.221
+ A 10.0.7.222
+ A 10.0.7.223
+ A 10.0.7.224
+ A 10.0.7.225
+ A 10.0.7.226
+ A 10.0.7.227
+ A 10.0.7.228
+ A 10.0.7.229
+ A 10.0.7.230
+ A 10.0.7.231
+ A 10.0.7.232
+ A 10.0.7.233
+ A 10.0.7.234
+ A 10.0.7.235
+ A 10.0.7.236
+ A 10.0.7.237
+ A 10.0.7.238
+ A 10.0.7.239
+ A 10.0.7.240
+ A 10.0.7.241
+ A 10.0.7.242
+ A 10.0.7.243
+ A 10.0.7.244
+ A 10.0.7.245
+ A 10.0.7.246
+ A 10.0.7.247
+ A 10.0.7.248
+ A 10.0.7.249
+ A 10.0.7.250
+ A 10.0.7.251
+ A 10.0.7.252
+ A 10.0.7.253
+ A 10.0.7.254
+ A 10.0.7.255
+ A 10.0.8.0
+ A 10.0.8.1
+ A 10.0.8.2
+ A 10.0.8.3
+ A 10.0.8.4
+ A 10.0.8.5
+ A 10.0.8.6
+ A 10.0.8.7
+ A 10.0.8.8
+ A 10.0.8.9
+ A 10.0.8.10
+ A 10.0.8.11
+ A 10.0.8.12
+ A 10.0.8.13
+ A 10.0.8.14
+ A 10.0.8.15
+ A 10.0.8.16
+ A 10.0.8.17
+ A 10.0.8.18
+ A 10.0.8.19
+ A 10.0.8.20
+ A 10.0.8.21
+ A 10.0.8.22
+ A 10.0.8.23
+ A 10.0.8.24
+ A 10.0.8.25
+ A 10.0.8.26
+ A 10.0.8.27
+ A 10.0.8.28
+ A 10.0.8.29
+ A 10.0.8.30
+ A 10.0.8.31
+ A 10.0.8.32
+ A 10.0.8.33
+ A 10.0.8.34
+ A 10.0.8.35
+ A 10.0.8.36
+ A 10.0.8.37
+ A 10.0.8.38
+ A 10.0.8.39
+ A 10.0.8.40
+ A 10.0.8.41
+ A 10.0.8.42
+ A 10.0.8.43
+ A 10.0.8.44
+ A 10.0.8.45
+ A 10.0.8.46
+ A 10.0.8.47
+ A 10.0.8.48
+ A 10.0.8.49
+ A 10.0.8.50
+ A 10.0.8.51
+ A 10.0.8.52
+ A 10.0.8.53
+ A 10.0.8.54
+ A 10.0.8.55
+ A 10.0.8.56
+ A 10.0.8.57
+ A 10.0.8.58
+ A 10.0.8.59
+ A 10.0.8.60
+ A 10.0.8.61
+ A 10.0.8.62
+ A 10.0.8.63
+ A 10.0.8.64
+ A 10.0.8.65
+ A 10.0.8.66
+ A 10.0.8.67
+ A 10.0.8.68
+ A 10.0.8.69
+ A 10.0.8.70
+ A 10.0.8.71
+ A 10.0.8.72
+ A 10.0.8.73
+ A 10.0.8.74
+ A 10.0.8.75
+ A 10.0.8.76
+ A 10.0.8.77
+ A 10.0.8.78
+ A 10.0.8.79
+ A 10.0.8.80
+ A 10.0.8.81
+ A 10.0.8.82
+ A 10.0.8.83
+ A 10.0.8.84
+ A 10.0.8.85
+ A 10.0.8.86
+ A 10.0.8.87
+ A 10.0.8.88
+ A 10.0.8.89
+ A 10.0.8.90
+ A 10.0.8.91
+ A 10.0.8.92
+ A 10.0.8.93
+ A 10.0.8.94
+ A 10.0.8.95
+ A 10.0.8.96
+ A 10.0.8.97
+ A 10.0.8.98
+ A 10.0.8.99
+ A 10.0.8.100
+ A 10.0.8.101
+ A 10.0.8.102
+ A 10.0.8.103
+ A 10.0.8.104
+ A 10.0.8.105
+ A 10.0.8.106
+ A 10.0.8.107
+ A 10.0.8.108
+ A 10.0.8.109
+ A 10.0.8.110
+ A 10.0.8.111
+ A 10.0.8.112
+ A 10.0.8.113
+ A 10.0.8.114
+ A 10.0.8.115
+ A 10.0.8.116
+ A 10.0.8.117
+ A 10.0.8.118
+ A 10.0.8.119
+ A 10.0.8.120
+ A 10.0.8.121
+ A 10.0.8.122
+ A 10.0.8.123
+ A 10.0.8.124
+ A 10.0.8.125
+ A 10.0.8.126
+ A 10.0.8.127
+ A 10.0.8.128
+ A 10.0.8.129
+ A 10.0.8.130
+ A 10.0.8.131
+ A 10.0.8.132
+ A 10.0.8.133
+ A 10.0.8.134
+ A 10.0.8.135
+ A 10.0.8.136
+ A 10.0.8.137
+ A 10.0.8.138
+ A 10.0.8.139
+ A 10.0.8.140
+ A 10.0.8.141
+ A 10.0.8.142
+ A 10.0.8.143
+ A 10.0.8.144
+ A 10.0.8.145
+ A 10.0.8.146
+ A 10.0.8.147
+ A 10.0.8.148
+ A 10.0.8.149
+ A 10.0.8.150
+ A 10.0.8.151
+ A 10.0.8.152
+ A 10.0.8.153
+ A 10.0.8.154
+ A 10.0.8.155
+ A 10.0.8.156
+ A 10.0.8.157
+ A 10.0.8.158
+ A 10.0.8.159
+ A 10.0.8.160
+ A 10.0.8.161
+ A 10.0.8.162
+ A 10.0.8.163
+ A 10.0.8.164
+ A 10.0.8.165
+ A 10.0.8.166
+ A 10.0.8.167
+ A 10.0.8.168
+ A 10.0.8.169
+ A 10.0.8.170
+ A 10.0.8.171
+ A 10.0.8.172
+ A 10.0.8.173
+ A 10.0.8.174
+ A 10.0.8.175
+ A 10.0.8.176
+ A 10.0.8.177
+ A 10.0.8.178
+ A 10.0.8.179
+ A 10.0.8.180
+ A 10.0.8.181
+ A 10.0.8.182
+ A 10.0.8.183
+ A 10.0.8.184
+ A 10.0.8.185
+ A 10.0.8.186
+ A 10.0.8.187
+ A 10.0.8.188
+ A 10.0.8.189
+ A 10.0.8.190
+ A 10.0.8.191
+ A 10.0.8.192
+ A 10.0.8.193
+ A 10.0.8.194
+ A 10.0.8.195
+ A 10.0.8.196
+ A 10.0.8.197
+ A 10.0.8.198
+ A 10.0.8.199
+ A 10.0.8.200
+ A 10.0.8.201
+ A 10.0.8.202
+ A 10.0.8.203
+ A 10.0.8.204
+ A 10.0.8.205
+ A 10.0.8.206
+ A 10.0.8.207
+ A 10.0.8.208
+ A 10.0.8.209
+ A 10.0.8.210
+ A 10.0.8.211
+ A 10.0.8.212
+ A 10.0.8.213
+ A 10.0.8.214
+ A 10.0.8.215
+ A 10.0.8.216
+ A 10.0.8.217
+ A 10.0.8.218
+ A 10.0.8.219
+ A 10.0.8.220
+ A 10.0.8.221
+ A 10.0.8.222
+ A 10.0.8.223
+ A 10.0.8.224
+ A 10.0.8.225
+ A 10.0.8.226
+ A 10.0.8.227
+ A 10.0.8.228
+ A 10.0.8.229
+ A 10.0.8.230
+ A 10.0.8.231
+ A 10.0.8.232
+ A 10.0.8.233
+ A 10.0.8.234
+ A 10.0.8.235
+ A 10.0.8.236
+ A 10.0.8.237
+ A 10.0.8.238
+ A 10.0.8.239
+ A 10.0.8.240
+ A 10.0.8.241
+ A 10.0.8.242
+ A 10.0.8.243
+ A 10.0.8.244
+ A 10.0.8.245
+ A 10.0.8.246
+ A 10.0.8.247
+ A 10.0.8.248
+ A 10.0.8.249
+ A 10.0.8.250
+ A 10.0.8.251
+ A 10.0.8.252
+ A 10.0.8.253
+ A 10.0.8.254
+ A 10.0.8.255
+ A 10.0.9.0
+ A 10.0.9.1
+ A 10.0.9.2
+ A 10.0.9.3
+ A 10.0.9.4
+ A 10.0.9.5
+ A 10.0.9.6
+ A 10.0.9.7
+ A 10.0.9.8
+ A 10.0.9.9
+ A 10.0.9.10
+ A 10.0.9.11
+ A 10.0.9.12
+ A 10.0.9.13
+ A 10.0.9.14
+ A 10.0.9.15
+ A 10.0.9.16
+ A 10.0.9.17
+ A 10.0.9.18
+ A 10.0.9.19
+ A 10.0.9.20
+ A 10.0.9.21
+ A 10.0.9.22
+ A 10.0.9.23
+ A 10.0.9.24
+ A 10.0.9.25
+ A 10.0.9.26
+ A 10.0.9.27
+ A 10.0.9.28
+ A 10.0.9.29
+ A 10.0.9.30
+ A 10.0.9.31
+ A 10.0.9.32
+ A 10.0.9.33
+ A 10.0.9.34
+ A 10.0.9.35
+ A 10.0.9.36
+ A 10.0.9.37
+ A 10.0.9.38
+ A 10.0.9.39
+ A 10.0.9.40
+ A 10.0.9.41
+ A 10.0.9.42
+ A 10.0.9.43
+ A 10.0.9.44
+ A 10.0.9.45
+ A 10.0.9.46
+ A 10.0.9.47
+ A 10.0.9.48
+ A 10.0.9.49
+ A 10.0.9.50
+ A 10.0.9.51
+ A 10.0.9.52
+ A 10.0.9.53
+ A 10.0.9.54
+ A 10.0.9.55
+ A 10.0.9.56
+ A 10.0.9.57
+ A 10.0.9.58
+ A 10.0.9.59
+ A 10.0.9.60
+ A 10.0.9.61
+ A 10.0.9.62
+ A 10.0.9.63
+ A 10.0.9.64
+ A 10.0.9.65
+ A 10.0.9.66
+ A 10.0.9.67
+ A 10.0.9.68
+ A 10.0.9.69
+ A 10.0.9.70
+ A 10.0.9.71
+ A 10.0.9.72
+ A 10.0.9.73
+ A 10.0.9.74
+ A 10.0.9.75
+ A 10.0.9.76
+ A 10.0.9.77
+ A 10.0.9.78
+ A 10.0.9.79
+ A 10.0.9.80
+ A 10.0.9.81
+ A 10.0.9.82
+ A 10.0.9.83
+ A 10.0.9.84
+ A 10.0.9.85
+ A 10.0.9.86
+ A 10.0.9.87
+ A 10.0.9.88
+ A 10.0.9.89
+ A 10.0.9.90
+ A 10.0.9.91
+ A 10.0.9.92
+ A 10.0.9.93
+ A 10.0.9.94
+ A 10.0.9.95
+ A 10.0.9.96
+ A 10.0.9.97
+ A 10.0.9.98
+ A 10.0.9.99
+ A 10.0.9.100
+ A 10.0.9.101
+ A 10.0.9.102
+ A 10.0.9.103
+ A 10.0.9.104
+ A 10.0.9.105
+ A 10.0.9.106
+ A 10.0.9.107
+ A 10.0.9.108
+ A 10.0.9.109
+ A 10.0.9.110
+ A 10.0.9.111
+ A 10.0.9.112
+ A 10.0.9.113
+ A 10.0.9.114
+ A 10.0.9.115
+ A 10.0.9.116
+ A 10.0.9.117
+ A 10.0.9.118
+ A 10.0.9.119
+ A 10.0.9.120
+ A 10.0.9.121
+ A 10.0.9.122
+ A 10.0.9.123
+ A 10.0.9.124
+ A 10.0.9.125
+ A 10.0.9.126
+ A 10.0.9.127
+ A 10.0.9.128
+ A 10.0.9.129
+ A 10.0.9.130
+ A 10.0.9.131
+ A 10.0.9.132
+ A 10.0.9.133
+ A 10.0.9.134
+ A 10.0.9.135
+ A 10.0.9.136
+ A 10.0.9.137
+ A 10.0.9.138
+ A 10.0.9.139
+ A 10.0.9.140
+ A 10.0.9.141
+ A 10.0.9.142
+ A 10.0.9.143
+ A 10.0.9.144
+ A 10.0.9.145
+ A 10.0.9.146
+ A 10.0.9.147
+ A 10.0.9.148
+ A 10.0.9.149
+ A 10.0.9.150
+ A 10.0.9.151
+ A 10.0.9.152
+ A 10.0.9.153
+ A 10.0.9.154
+ A 10.0.9.155
+ A 10.0.9.156
+ A 10.0.9.157
+ A 10.0.9.158
+ A 10.0.9.159
+ A 10.0.9.160
+ A 10.0.9.161
+ A 10.0.9.162
+ A 10.0.9.163
+ A 10.0.9.164
+ A 10.0.9.165
+ A 10.0.9.166
+ A 10.0.9.167
+ A 10.0.9.168
+ A 10.0.9.169
+ A 10.0.9.170
+ A 10.0.9.171
+ A 10.0.9.172
+ A 10.0.9.173
+ A 10.0.9.174
+ A 10.0.9.175
+ A 10.0.9.176
+ A 10.0.9.177
+ A 10.0.9.178
+ A 10.0.9.179
+ A 10.0.9.180
+ A 10.0.9.181
+ A 10.0.9.182
+ A 10.0.9.183
+ A 10.0.9.184
+ A 10.0.9.185
+ A 10.0.9.186
+ A 10.0.9.187
+ A 10.0.9.188
+ A 10.0.9.189
+ A 10.0.9.190
+ A 10.0.9.191
+ A 10.0.9.192
+ A 10.0.9.193
+ A 10.0.9.194
+ A 10.0.9.195
+ A 10.0.9.196
+ A 10.0.9.197
+ A 10.0.9.198
+ A 10.0.9.199
+ A 10.0.9.200
+ A 10.0.9.201
+ A 10.0.9.202
+ A 10.0.9.203
+ A 10.0.9.204
+ A 10.0.9.205
+ A 10.0.9.206
+ A 10.0.9.207
+ A 10.0.9.208
+ A 10.0.9.209
+ A 10.0.9.210
+ A 10.0.9.211
+ A 10.0.9.212
+ A 10.0.9.213
+ A 10.0.9.214
+ A 10.0.9.215
+ A 10.0.9.216
+ A 10.0.9.217
+ A 10.0.9.218
+ A 10.0.9.219
+ A 10.0.9.220
+ A 10.0.9.221
+ A 10.0.9.222
+ A 10.0.9.223
+ A 10.0.9.224
+ A 10.0.9.225
+ A 10.0.9.226
+ A 10.0.9.227
+ A 10.0.9.228
+ A 10.0.9.229
+ A 10.0.9.230
+ A 10.0.9.231
+ A 10.0.9.232
+ A 10.0.9.233
+ A 10.0.9.234
+ A 10.0.9.235
+ A 10.0.9.236
+ A 10.0.9.237
+ A 10.0.9.238
+ A 10.0.9.239
+ A 10.0.9.240
+ A 10.0.9.241
+ A 10.0.9.242
+ A 10.0.9.243
+ A 10.0.9.244
+ A 10.0.9.245
+ A 10.0.9.246
+ A 10.0.9.247
+ A 10.0.9.248
+ A 10.0.9.249
+ A 10.0.9.250
+ A 10.0.9.251
+ A 10.0.9.252
+ A 10.0.9.253
+ A 10.0.9.254
+ A 10.0.9.255
+ A 10.0.10.0
+ A 10.0.10.1
+ A 10.0.10.2
+ A 10.0.10.3
+ A 10.0.10.4
+ A 10.0.10.5
+ A 10.0.10.6
+ A 10.0.10.7
+ A 10.0.10.8
+ A 10.0.10.9
+ A 10.0.10.10
+ A 10.0.10.11
+ A 10.0.10.12
+ A 10.0.10.13
+ A 10.0.10.14
+ A 10.0.10.15
+ A 10.0.10.16
+ A 10.0.10.17
+ A 10.0.10.18
+ A 10.0.10.19
+ A 10.0.10.20
+ A 10.0.10.21
+ A 10.0.10.22
+ A 10.0.10.23
+ A 10.0.10.24
+ A 10.0.10.25
+ A 10.0.10.26
+ A 10.0.10.27
+ A 10.0.10.28
+ A 10.0.10.29
+ A 10.0.10.30
+ A 10.0.10.31
+ A 10.0.10.32
+ A 10.0.10.33
+ A 10.0.10.34
+ A 10.0.10.35
+ A 10.0.10.36
+ A 10.0.10.37
+ A 10.0.10.38
+ A 10.0.10.39
+ A 10.0.10.40
+ A 10.0.10.41
+ A 10.0.10.42
+ A 10.0.10.43
+ A 10.0.10.44
+ A 10.0.10.45
+ A 10.0.10.46
+ A 10.0.10.47
+ A 10.0.10.48
+ A 10.0.10.49
+ A 10.0.10.50
+ A 10.0.10.51
+ A 10.0.10.52
+ A 10.0.10.53
+ A 10.0.10.54
+ A 10.0.10.55
+ A 10.0.10.56
+ A 10.0.10.57
+ A 10.0.10.58
+ A 10.0.10.59
+ A 10.0.10.60
+ A 10.0.10.61
+ A 10.0.10.62
+ A 10.0.10.63
+ A 10.0.10.64
+ A 10.0.10.65
+ A 10.0.10.66
+ A 10.0.10.67
+ A 10.0.10.68
+ A 10.0.10.69
+ A 10.0.10.70
+ A 10.0.10.71
+ A 10.0.10.72
+ A 10.0.10.73
+ A 10.0.10.74
+ A 10.0.10.75
+ A 10.0.10.76
+ A 10.0.10.77
+ A 10.0.10.78
+ A 10.0.10.79
+ A 10.0.10.80
+ A 10.0.10.81
+ A 10.0.10.82
+ A 10.0.10.83
+ A 10.0.10.84
+ A 10.0.10.85
+ A 10.0.10.86
+ A 10.0.10.87
+ A 10.0.10.88
+ A 10.0.10.89
+ A 10.0.10.90
+ A 10.0.10.91
+ A 10.0.10.92
+ A 10.0.10.93
+ A 10.0.10.94
+ A 10.0.10.95
+ A 10.0.10.96
+ A 10.0.10.97
+ A 10.0.10.98
+ A 10.0.10.99
+ A 10.0.10.100
+ A 10.0.10.101
+ A 10.0.10.102
+ A 10.0.10.103
+ A 10.0.10.104
+ A 10.0.10.105
+ A 10.0.10.106
+ A 10.0.10.107
+ A 10.0.10.108
+ A 10.0.10.109
+ A 10.0.10.110
+ A 10.0.10.111
+ A 10.0.10.112
+ A 10.0.10.113
+ A 10.0.10.114
+ A 10.0.10.115
+ A 10.0.10.116
+ A 10.0.10.117
+ A 10.0.10.118
+ A 10.0.10.119
+ A 10.0.10.120
+ A 10.0.10.121
+ A 10.0.10.122
+ A 10.0.10.123
+ A 10.0.10.124
+ A 10.0.10.125
+ A 10.0.10.126
+ A 10.0.10.127
+ A 10.0.10.128
+ A 10.0.10.129
+ A 10.0.10.130
+ A 10.0.10.131
+ A 10.0.10.132
+ A 10.0.10.133
+ A 10.0.10.134
+ A 10.0.10.135
+ A 10.0.10.136
+ A 10.0.10.137
+ A 10.0.10.138
+ A 10.0.10.139
+ A 10.0.10.140
+ A 10.0.10.141
+ A 10.0.10.142
+ A 10.0.10.143
+ A 10.0.10.144
+ A 10.0.10.145
+ A 10.0.10.146
+ A 10.0.10.147
+ A 10.0.10.148
+ A 10.0.10.149
+ A 10.0.10.150
+ A 10.0.10.151
+ A 10.0.10.152
+ A 10.0.10.153
+ A 10.0.10.154
+ A 10.0.10.155
+ A 10.0.10.156
+ A 10.0.10.157
+ A 10.0.10.158
+ A 10.0.10.159
+ A 10.0.10.160
+ A 10.0.10.161
+ A 10.0.10.162
+ A 10.0.10.163
+ A 10.0.10.164
+ A 10.0.10.165
+ A 10.0.10.166
+ A 10.0.10.167
+ A 10.0.10.168
+ A 10.0.10.169
+ A 10.0.10.170
+ A 10.0.10.171
+ A 10.0.10.172
+ A 10.0.10.173
+ A 10.0.10.174
+ A 10.0.10.175
+ A 10.0.10.176
+ A 10.0.10.177
+ A 10.0.10.178
+ A 10.0.10.179
+ A 10.0.10.180
+ A 10.0.10.181
+ A 10.0.10.182
+ A 10.0.10.183
+ A 10.0.10.184
+ A 10.0.10.185
+ A 10.0.10.186
+ A 10.0.10.187
+ A 10.0.10.188
+ A 10.0.10.189
+ A 10.0.10.190
+ A 10.0.10.191
+ A 10.0.10.192
+ A 10.0.10.193
+ A 10.0.10.194
+ A 10.0.10.195
+ A 10.0.10.196
+ A 10.0.10.197
+ A 10.0.10.198
+ A 10.0.10.199
+ A 10.0.10.200
+ A 10.0.10.201
+ A 10.0.10.202
+ A 10.0.10.203
+ A 10.0.10.204
+ A 10.0.10.205
+ A 10.0.10.206
+ A 10.0.10.207
+ A 10.0.10.208
+ A 10.0.10.209
+ A 10.0.10.210
+ A 10.0.10.211
+ A 10.0.10.212
+ A 10.0.10.213
+ A 10.0.10.214
+ A 10.0.10.215
+ A 10.0.10.216
+ A 10.0.10.217
+ A 10.0.10.218
+ A 10.0.10.219
+ A 10.0.10.220
+ A 10.0.10.221
+ A 10.0.10.222
+ A 10.0.10.223
+ A 10.0.10.224
+ A 10.0.10.225
+ A 10.0.10.226
+ A 10.0.10.227
+ A 10.0.10.228
+ A 10.0.10.229
+ A 10.0.10.230
+ A 10.0.10.231
+ A 10.0.10.232
+ A 10.0.10.233
+ A 10.0.10.234
+ A 10.0.10.235
+ A 10.0.10.236
+ A 10.0.10.237
+ A 10.0.10.238
+ A 10.0.10.239
+ A 10.0.10.240
+ A 10.0.10.241
+ A 10.0.10.242
+ A 10.0.10.243
+ A 10.0.10.244
+ A 10.0.10.245
+ A 10.0.10.246
+ A 10.0.10.247
+ A 10.0.10.248
+ A 10.0.10.249
+ A 10.0.10.250
+ A 10.0.10.251
+ A 10.0.10.252
+ A 10.0.10.253
+ A 10.0.10.254
+ A 10.0.10.255
+ A 10.0.11.0
+ A 10.0.11.1
+ A 10.0.11.2
+ A 10.0.11.3
+ A 10.0.11.4
+ A 10.0.11.5
+ A 10.0.11.6
+ A 10.0.11.7
+ A 10.0.11.8
+ A 10.0.11.9
+ A 10.0.11.10
+ A 10.0.11.11
+ A 10.0.11.12
+ A 10.0.11.13
+ A 10.0.11.14
+ A 10.0.11.15
+ A 10.0.11.16
+ A 10.0.11.17
+ A 10.0.11.18
+ A 10.0.11.19
+ A 10.0.11.20
+ A 10.0.11.21
+ A 10.0.11.22
+ A 10.0.11.23
+ A 10.0.11.24
+ A 10.0.11.25
+ A 10.0.11.26
+ A 10.0.11.27
+ A 10.0.11.28
+ A 10.0.11.29
+ A 10.0.11.30
+ A 10.0.11.31
+ A 10.0.11.32
+ A 10.0.11.33
+ A 10.0.11.34
+ A 10.0.11.35
+ A 10.0.11.36
+ A 10.0.11.37
+ A 10.0.11.38
+ A 10.0.11.39
+ A 10.0.11.40
+ A 10.0.11.41
+ A 10.0.11.42
+ A 10.0.11.43
+ A 10.0.11.44
+ A 10.0.11.45
+ A 10.0.11.46
+ A 10.0.11.47
+ A 10.0.11.48
+ A 10.0.11.49
+ A 10.0.11.50
+ A 10.0.11.51
+ A 10.0.11.52
+ A 10.0.11.53
+ A 10.0.11.54
+ A 10.0.11.55
+ A 10.0.11.56
+ A 10.0.11.57
+ A 10.0.11.58
+ A 10.0.11.59
+ A 10.0.11.60
+ A 10.0.11.61
+ A 10.0.11.62
+ A 10.0.11.63
+ A 10.0.11.64
+ A 10.0.11.65
+ A 10.0.11.66
+ A 10.0.11.67
+ A 10.0.11.68
+ A 10.0.11.69
+ A 10.0.11.70
+ A 10.0.11.71
+ A 10.0.11.72
+ A 10.0.11.73
+ A 10.0.11.74
+ A 10.0.11.75
+ A 10.0.11.76
+ A 10.0.11.77
+ A 10.0.11.78
+ A 10.0.11.79
+ A 10.0.11.80
+ A 10.0.11.81
+ A 10.0.11.82
+ A 10.0.11.83
+ A 10.0.11.84
+ A 10.0.11.85
+ A 10.0.11.86
+ A 10.0.11.87
+ A 10.0.11.88
+ A 10.0.11.89
+ A 10.0.11.90
+ A 10.0.11.91
+ A 10.0.11.92
+ A 10.0.11.93
+ A 10.0.11.94
+ A 10.0.11.95
+ A 10.0.11.96
+ A 10.0.11.97
+ A 10.0.11.98
+ A 10.0.11.99
+ A 10.0.11.100
+ A 10.0.11.101
+ A 10.0.11.102
+ A 10.0.11.103
+ A 10.0.11.104
+ A 10.0.11.105
+ A 10.0.11.106
+ A 10.0.11.107
+ A 10.0.11.108
+ A 10.0.11.109
+ A 10.0.11.110
+ A 10.0.11.111
+ A 10.0.11.112
+ A 10.0.11.113
+ A 10.0.11.114
+ A 10.0.11.115
+ A 10.0.11.116
+ A 10.0.11.117
+ A 10.0.11.118
+ A 10.0.11.119
+ A 10.0.11.120
+ A 10.0.11.121
+ A 10.0.11.122
+ A 10.0.11.123
+ A 10.0.11.124
+ A 10.0.11.125
+ A 10.0.11.126
+ A 10.0.11.127
+ A 10.0.11.128
+ A 10.0.11.129
+ A 10.0.11.130
+ A 10.0.11.131
+ A 10.0.11.132
+ A 10.0.11.133
+ A 10.0.11.134
+ A 10.0.11.135
+ A 10.0.11.136
+ A 10.0.11.137
+ A 10.0.11.138
+ A 10.0.11.139
+ A 10.0.11.140
+ A 10.0.11.141
+ A 10.0.11.142
+ A 10.0.11.143
+ A 10.0.11.144
+ A 10.0.11.145
+ A 10.0.11.146
+ A 10.0.11.147
+ A 10.0.11.148
+ A 10.0.11.149
+ A 10.0.11.150
+ A 10.0.11.151
+ A 10.0.11.152
+ A 10.0.11.153
+ A 10.0.11.154
+ A 10.0.11.155
+ A 10.0.11.156
+ A 10.0.11.157
+ A 10.0.11.158
+ A 10.0.11.159
+ A 10.0.11.160
+ A 10.0.11.161
+ A 10.0.11.162
+ A 10.0.11.163
+ A 10.0.11.164
+ A 10.0.11.165
+ A 10.0.11.166
+ A 10.0.11.167
+ A 10.0.11.168
+ A 10.0.11.169
+ A 10.0.11.170
+ A 10.0.11.171
+ A 10.0.11.172
+ A 10.0.11.173
+ A 10.0.11.174
+ A 10.0.11.175
+ A 10.0.11.176
+ A 10.0.11.177
+ A 10.0.11.178
+ A 10.0.11.179
+ A 10.0.11.180
+ A 10.0.11.181
+ A 10.0.11.182
+ A 10.0.11.183
+ A 10.0.11.184
+ A 10.0.11.185
+ A 10.0.11.186
+ A 10.0.11.187
+ A 10.0.11.188
+ A 10.0.11.189
+ A 10.0.11.190
+ A 10.0.11.191
+ A 10.0.11.192
+ A 10.0.11.193
+ A 10.0.11.194
+ A 10.0.11.195
+ A 10.0.11.196
+ A 10.0.11.197
+ A 10.0.11.198
+ A 10.0.11.199
+ A 10.0.11.200
+ A 10.0.11.201
+ A 10.0.11.202
+ A 10.0.11.203
+ A 10.0.11.204
+ A 10.0.11.205
+ A 10.0.11.206
+ A 10.0.11.207
+ A 10.0.11.208
+ A 10.0.11.209
+ A 10.0.11.210
+ A 10.0.11.211
+ A 10.0.11.212
+ A 10.0.11.213
+ A 10.0.11.214
+ A 10.0.11.215
+ A 10.0.11.216
+ A 10.0.11.217
+ A 10.0.11.218
+ A 10.0.11.219
+ A 10.0.11.220
+ A 10.0.11.221
+ A 10.0.11.222
+ A 10.0.11.223
+ A 10.0.11.224
+ A 10.0.11.225
+ A 10.0.11.226
+ A 10.0.11.227
+ A 10.0.11.228
+ A 10.0.11.229
+ A 10.0.11.230
+ A 10.0.11.231
+ A 10.0.11.232
+ A 10.0.11.233
+ A 10.0.11.234
+ A 10.0.11.235
+ A 10.0.11.236
+ A 10.0.11.237
+ A 10.0.11.238
+ A 10.0.11.239
+ A 10.0.11.240
+ A 10.0.11.241
+ A 10.0.11.242
+ A 10.0.11.243
+ A 10.0.11.244
+ A 10.0.11.245
+ A 10.0.11.246
+ A 10.0.11.247
+ A 10.0.11.248
+ A 10.0.11.249
+ A 10.0.11.250
+ A 10.0.11.251
+ A 10.0.11.252
+ A 10.0.11.253
+ A 10.0.11.254
+ A 10.0.11.255
+ A 10.0.12.0
+ A 10.0.12.1
+ A 10.0.12.2
+ A 10.0.12.3
+ A 10.0.12.4
+ A 10.0.12.5
+ A 10.0.12.6
+ A 10.0.12.7
+ A 10.0.12.8
+ A 10.0.12.9
+ A 10.0.12.10
+ A 10.0.12.11
+ A 10.0.12.12
+ A 10.0.12.13
+ A 10.0.12.14
+ A 10.0.12.15
+ A 10.0.12.16
+ A 10.0.12.17
+ A 10.0.12.18
+ A 10.0.12.19
+ A 10.0.12.20
+ A 10.0.12.21
+ A 10.0.12.22
+ A 10.0.12.23
+ A 10.0.12.24
+ A 10.0.12.25
+ A 10.0.12.26
+ A 10.0.12.27
+ A 10.0.12.28
+ A 10.0.12.29
+ A 10.0.12.30
+ A 10.0.12.31
+ A 10.0.12.32
+ A 10.0.12.33
+ A 10.0.12.34
+ A 10.0.12.35
+ A 10.0.12.36
+ A 10.0.12.37
+ A 10.0.12.38
+ A 10.0.12.39
+ A 10.0.12.40
+ A 10.0.12.41
+ A 10.0.12.42
+ A 10.0.12.43
+ A 10.0.12.44
+ A 10.0.12.45
+ A 10.0.12.46
+ A 10.0.12.47
+ A 10.0.12.48
+ A 10.0.12.49
+ A 10.0.12.50
+ A 10.0.12.51
+ A 10.0.12.52
+ A 10.0.12.53
+ A 10.0.12.54
+ A 10.0.12.55
+ A 10.0.12.56
+ A 10.0.12.57
+ A 10.0.12.58
+ A 10.0.12.59
+ A 10.0.12.60
+ A 10.0.12.61
+ A 10.0.12.62
+ A 10.0.12.63
+ A 10.0.12.64
+ A 10.0.12.65
+ A 10.0.12.66
+ A 10.0.12.67
+ A 10.0.12.68
+ A 10.0.12.69
+ A 10.0.12.70
+ A 10.0.12.71
+ A 10.0.12.72
+ A 10.0.12.73
+ A 10.0.12.74
+ A 10.0.12.75
+ A 10.0.12.76
+ A 10.0.12.77
+ A 10.0.12.78
+ A 10.0.12.79
+ A 10.0.12.80
+ A 10.0.12.81
+ A 10.0.12.82
+ A 10.0.12.83
+ A 10.0.12.84
+ A 10.0.12.85
+ A 10.0.12.86
+ A 10.0.12.87
+ A 10.0.12.88
+ A 10.0.12.89
+ A 10.0.12.90
+ A 10.0.12.91
+ A 10.0.12.92
+ A 10.0.12.93
+ A 10.0.12.94
+ A 10.0.12.95
+ A 10.0.12.96
+ A 10.0.12.97
+ A 10.0.12.98
+ A 10.0.12.99
+ A 10.0.12.100
+ A 10.0.12.101
+ A 10.0.12.102
+ A 10.0.12.103
+ A 10.0.12.104
+ A 10.0.12.105
+ A 10.0.12.106
+ A 10.0.12.107
+ A 10.0.12.108
+ A 10.0.12.109
+ A 10.0.12.110
+ A 10.0.12.111
+ A 10.0.12.112
+ A 10.0.12.113
+ A 10.0.12.114
+ A 10.0.12.115
+ A 10.0.12.116
+ A 10.0.12.117
+ A 10.0.12.118
+ A 10.0.12.119
+ A 10.0.12.120
+ A 10.0.12.121
+ A 10.0.12.122
+ A 10.0.12.123
+ A 10.0.12.124
+ A 10.0.12.125
+ A 10.0.12.126
+ A 10.0.12.127
+ A 10.0.12.128
+ A 10.0.12.129
+ A 10.0.12.130
+ A 10.0.12.131
+ A 10.0.12.132
+ A 10.0.12.133
+ A 10.0.12.134
+ A 10.0.12.135
+ A 10.0.12.136
+ A 10.0.12.137
+ A 10.0.12.138
+ A 10.0.12.139
+ A 10.0.12.140
+ A 10.0.12.141
+ A 10.0.12.142
+ A 10.0.12.143
+ A 10.0.12.144
+ A 10.0.12.145
+ A 10.0.12.146
+ A 10.0.12.147
+ A 10.0.12.148
+ A 10.0.12.149
+ A 10.0.12.150
+ A 10.0.12.151
+ A 10.0.12.152
+ A 10.0.12.153
+ A 10.0.12.154
+ A 10.0.12.155
+ A 10.0.12.156
+ A 10.0.12.157
+ A 10.0.12.158
+ A 10.0.12.159
+ A 10.0.12.160
+ A 10.0.12.161
+ A 10.0.12.162
+ A 10.0.12.163
+ A 10.0.12.164
+ A 10.0.12.165
+ A 10.0.12.166
+ A 10.0.12.167
+ A 10.0.12.168
+ A 10.0.12.169
+ A 10.0.12.170
+ A 10.0.12.171
+ A 10.0.12.172
+ A 10.0.12.173
+ A 10.0.12.174
+ A 10.0.12.175
+ A 10.0.12.176
+ A 10.0.12.177
+ A 10.0.12.178
+ A 10.0.12.179
+ A 10.0.12.180
+ A 10.0.12.181
+ A 10.0.12.182
+ A 10.0.12.183
+ A 10.0.12.184
+ A 10.0.12.185
+ A 10.0.12.186
+ A 10.0.12.187
+ A 10.0.12.188
+ A 10.0.12.189
+ A 10.0.12.190
+ A 10.0.12.191
+ A 10.0.12.192
+ A 10.0.12.193
+ A 10.0.12.194
+ A 10.0.12.195
+ A 10.0.12.196
+ A 10.0.12.197
+ A 10.0.12.198
+ A 10.0.12.199
+ A 10.0.12.200
+ A 10.0.12.201
+ A 10.0.12.202
+ A 10.0.12.203
+ A 10.0.12.204
+ A 10.0.12.205
+ A 10.0.12.206
+ A 10.0.12.207
+ A 10.0.12.208
+ A 10.0.12.209
+ A 10.0.12.210
+ A 10.0.12.211
+ A 10.0.12.212
+ A 10.0.12.213
+ A 10.0.12.214
+ A 10.0.12.215
+ A 10.0.12.216
+ A 10.0.12.217
+ A 10.0.12.218
+ A 10.0.12.219
+ A 10.0.12.220
+ A 10.0.12.221
+ A 10.0.12.222
+ A 10.0.12.223
+ A 10.0.12.224
+ A 10.0.12.225
+ A 10.0.12.226
+ A 10.0.12.227
+ A 10.0.12.228
+ A 10.0.12.229
+ A 10.0.12.230
+ A 10.0.12.231
+ A 10.0.12.232
+ A 10.0.12.233
+ A 10.0.12.234
+ A 10.0.12.235
+ A 10.0.12.236
+ A 10.0.12.237
+ A 10.0.12.238
+ A 10.0.12.239
+ A 10.0.12.240
+ A 10.0.12.241
+ A 10.0.12.242
+ A 10.0.12.243
+ A 10.0.12.244
+ A 10.0.12.245
+ A 10.0.12.246
+ A 10.0.12.247
+ A 10.0.12.248
+ A 10.0.12.249
+ A 10.0.12.250
+ A 10.0.12.251
+ A 10.0.12.252
+ A 10.0.12.253
+ A 10.0.12.254
+ A 10.0.12.255
+ A 10.0.13.0
+ A 10.0.13.1
+ A 10.0.13.2
+ A 10.0.13.3
+ A 10.0.13.4
+ A 10.0.13.5
+ A 10.0.13.6
+ A 10.0.13.7
+ A 10.0.13.8
+ A 10.0.13.9
+ A 10.0.13.10
+ A 10.0.13.11
+ A 10.0.13.12
+ A 10.0.13.13
+ A 10.0.13.14
+ A 10.0.13.15
+ A 10.0.13.16
+ A 10.0.13.17
+ A 10.0.13.18
+ A 10.0.13.19
+ A 10.0.13.20
+ A 10.0.13.21
+ A 10.0.13.22
+ A 10.0.13.23
+ A 10.0.13.24
+ A 10.0.13.25
+ A 10.0.13.26
+ A 10.0.13.27
+ A 10.0.13.28
+ A 10.0.13.29
+ A 10.0.13.30
+ A 10.0.13.31
+ A 10.0.13.32
+ A 10.0.13.33
+ A 10.0.13.34
+ A 10.0.13.35
+ A 10.0.13.36
+ A 10.0.13.37
+ A 10.0.13.38
+ A 10.0.13.39
+ A 10.0.13.40
+ A 10.0.13.41
+ A 10.0.13.42
+ A 10.0.13.43
+ A 10.0.13.44
+ A 10.0.13.45
+ A 10.0.13.46
+ A 10.0.13.47
+ A 10.0.13.48
+ A 10.0.13.49
+ A 10.0.13.50
+ A 10.0.13.51
+ A 10.0.13.52
+ A 10.0.13.53
+ A 10.0.13.54
+ A 10.0.13.55
+ A 10.0.13.56
+ A 10.0.13.57
+ A 10.0.13.58
+ A 10.0.13.59
+ A 10.0.13.60
+ A 10.0.13.61
+ A 10.0.13.62
+ A 10.0.13.63
+ A 10.0.13.64
+ A 10.0.13.65
+ A 10.0.13.66
+ A 10.0.13.67
+ A 10.0.13.68
+ A 10.0.13.69
+ A 10.0.13.70
+ A 10.0.13.71
+ A 10.0.13.72
+ A 10.0.13.73
+ A 10.0.13.74
+ A 10.0.13.75
+ A 10.0.13.76
+ A 10.0.13.77
+ A 10.0.13.78
+ A 10.0.13.79
+ A 10.0.13.80
+ A 10.0.13.81
+ A 10.0.13.82
+ A 10.0.13.83
+ A 10.0.13.84
+ A 10.0.13.85
+ A 10.0.13.86
+ A 10.0.13.87
+ A 10.0.13.88
+ A 10.0.13.89
+ A 10.0.13.90
+ A 10.0.13.91
+ A 10.0.13.92
+ A 10.0.13.93
+ A 10.0.13.94
+ A 10.0.13.95
+ A 10.0.13.96
+ A 10.0.13.97
+ A 10.0.13.98
+ A 10.0.13.99
+ A 10.0.13.100
+ A 10.0.13.101
+ A 10.0.13.102
+ A 10.0.13.103
+ A 10.0.13.104
+ A 10.0.13.105
+ A 10.0.13.106
+ A 10.0.13.107
+ A 10.0.13.108
+ A 10.0.13.109
+ A 10.0.13.110
+ A 10.0.13.111
+ A 10.0.13.112
+ A 10.0.13.113
+ A 10.0.13.114
+ A 10.0.13.115
+ A 10.0.13.116
+ A 10.0.13.117
+ A 10.0.13.118
+ A 10.0.13.119
+ A 10.0.13.120
+ A 10.0.13.121
+ A 10.0.13.122
+ A 10.0.13.123
+ A 10.0.13.124
+ A 10.0.13.125
+ A 10.0.13.126
+ A 10.0.13.127
+ A 10.0.13.128
+ A 10.0.13.129
+ A 10.0.13.130
+ A 10.0.13.131
+ A 10.0.13.132
+ A 10.0.13.133
+ A 10.0.13.134
+ A 10.0.13.135
+ A 10.0.13.136
+ A 10.0.13.137
+ A 10.0.13.138
+ A 10.0.13.139
+ A 10.0.13.140
+ A 10.0.13.141
+ A 10.0.13.142
+ A 10.0.13.143
+ A 10.0.13.144
+ A 10.0.13.145
+ A 10.0.13.146
+ A 10.0.13.147
+ A 10.0.13.148
+ A 10.0.13.149
+ A 10.0.13.150
+ A 10.0.13.151
+ A 10.0.13.152
+ A 10.0.13.153
+ A 10.0.13.154
+ A 10.0.13.155
+ A 10.0.13.156
+ A 10.0.13.157
+ A 10.0.13.158
+ A 10.0.13.159
+ A 10.0.13.160
+ A 10.0.13.161
+ A 10.0.13.162
+ A 10.0.13.163
+ A 10.0.13.164
+ A 10.0.13.165
+ A 10.0.13.166
+ A 10.0.13.167
+ A 10.0.13.168
+ A 10.0.13.169
+ A 10.0.13.170
+ A 10.0.13.171
+ A 10.0.13.172
+ A 10.0.13.173
+ A 10.0.13.174
+ A 10.0.13.175
+ A 10.0.13.176
+ A 10.0.13.177
+ A 10.0.13.178
+ A 10.0.13.179
+ A 10.0.13.180
+ A 10.0.13.181
+ A 10.0.13.182
+ A 10.0.13.183
+ A 10.0.13.184
+ A 10.0.13.185
+ A 10.0.13.186
+ A 10.0.13.187
+ A 10.0.13.188
+ A 10.0.13.189
+ A 10.0.13.190
+ A 10.0.13.191
+ A 10.0.13.192
+ A 10.0.13.193
+ A 10.0.13.194
+ A 10.0.13.195
+ A 10.0.13.196
+ A 10.0.13.197
+ A 10.0.13.198
+ A 10.0.13.199
+ A 10.0.13.200
+ A 10.0.13.201
+ A 10.0.13.202
+ A 10.0.13.203
+ A 10.0.13.204
+ A 10.0.13.205
+ A 10.0.13.206
+ A 10.0.13.207
+ A 10.0.13.208
+ A 10.0.13.209
+ A 10.0.13.210
+ A 10.0.13.211
+ A 10.0.13.212
+ A 10.0.13.213
+ A 10.0.13.214
+ A 10.0.13.215
+ A 10.0.13.216
+ A 10.0.13.217
+ A 10.0.13.218
+ A 10.0.13.219
+ A 10.0.13.220
+ A 10.0.13.221
+ A 10.0.13.222
+ A 10.0.13.223
+ A 10.0.13.224
+ A 10.0.13.225
+ A 10.0.13.226
+ A 10.0.13.227
+ A 10.0.13.228
+ A 10.0.13.229
+ A 10.0.13.230
+ A 10.0.13.231
+ A 10.0.13.232
+ A 10.0.13.233
+ A 10.0.13.234
+ A 10.0.13.235
+ A 10.0.13.236
+ A 10.0.13.237
+ A 10.0.13.238
+ A 10.0.13.239
+ A 10.0.13.240
+ A 10.0.13.241
+ A 10.0.13.242
+ A 10.0.13.243
+ A 10.0.13.244
+ A 10.0.13.245
+ A 10.0.13.246
+ A 10.0.13.247
+ A 10.0.13.248
+ A 10.0.13.249
+ A 10.0.13.250
+ A 10.0.13.251
+ A 10.0.13.252
+ A 10.0.13.253
+ A 10.0.13.254
+ A 10.0.13.255
+ A 10.0.14.0
+ A 10.0.14.1
+ A 10.0.14.2
+ A 10.0.14.3
+ A 10.0.14.4
+ A 10.0.14.5
+ A 10.0.14.6
+ A 10.0.14.7
+ A 10.0.14.8
+ A 10.0.14.9
+ A 10.0.14.10
+ A 10.0.14.11
+ A 10.0.14.12
+ A 10.0.14.13
+ A 10.0.14.14
+ A 10.0.14.15
+ A 10.0.14.16
+ A 10.0.14.17
+ A 10.0.14.18
+ A 10.0.14.19
+ A 10.0.14.20
+ A 10.0.14.21
+ A 10.0.14.22
+ A 10.0.14.23
+ A 10.0.14.24
+ A 10.0.14.25
+ A 10.0.14.26
+ A 10.0.14.27
+ A 10.0.14.28
+ A 10.0.14.29
+ A 10.0.14.30
+ A 10.0.14.31
+ A 10.0.14.32
+ A 10.0.14.33
+ A 10.0.14.34
+ A 10.0.14.35
+ A 10.0.14.36
+ A 10.0.14.37
+ A 10.0.14.38
+ A 10.0.14.39
+ A 10.0.14.40
+ A 10.0.14.41
+ A 10.0.14.42
+ A 10.0.14.43
+ A 10.0.14.44
+ A 10.0.14.45
+ A 10.0.14.46
+ A 10.0.14.47
+ A 10.0.14.48
+ A 10.0.14.49
+ A 10.0.14.50
+ A 10.0.14.51
+ A 10.0.14.52
+ A 10.0.14.53
+ A 10.0.14.54
+ A 10.0.14.55
+ A 10.0.14.56
+ A 10.0.14.57
+ A 10.0.14.58
+ A 10.0.14.59
+ A 10.0.14.60
+ A 10.0.14.61
+ A 10.0.14.62
+ A 10.0.14.63
+ A 10.0.14.64
+ A 10.0.14.65
+ A 10.0.14.66
+ A 10.0.14.67
+ A 10.0.14.68
+ A 10.0.14.69
+ A 10.0.14.70
+ A 10.0.14.71
+ A 10.0.14.72
+ A 10.0.14.73
+ A 10.0.14.74
+ A 10.0.14.75
+ A 10.0.14.76
+ A 10.0.14.77
+ A 10.0.14.78
+ A 10.0.14.79
+ A 10.0.14.80
+ A 10.0.14.81
+ A 10.0.14.82
+ A 10.0.14.83
+ A 10.0.14.84
+ A 10.0.14.85
+ A 10.0.14.86
+ A 10.0.14.87
+ A 10.0.14.88
+ A 10.0.14.89
+ A 10.0.14.90
+ A 10.0.14.91
+ A 10.0.14.92
+ A 10.0.14.93
+ A 10.0.14.94
+ A 10.0.14.95
+ A 10.0.14.96
+ A 10.0.14.97
+ A 10.0.14.98
+ A 10.0.14.99
+ A 10.0.14.100
+ A 10.0.14.101
+ A 10.0.14.102
+ A 10.0.14.103
+ A 10.0.14.104
+ A 10.0.14.105
+ A 10.0.14.106
+ A 10.0.14.107
+ A 10.0.14.108
+ A 10.0.14.109
+ A 10.0.14.110
+ A 10.0.14.111
+ A 10.0.14.112
+ A 10.0.14.113
+ A 10.0.14.114
+ A 10.0.14.115
+ A 10.0.14.116
+ A 10.0.14.117
+ A 10.0.14.118
+ A 10.0.14.119
+ A 10.0.14.120
+ A 10.0.14.121
+ A 10.0.14.122
+ A 10.0.14.123
+ A 10.0.14.124
+ A 10.0.14.125
+ A 10.0.14.126
+ A 10.0.14.127
+ A 10.0.14.128
+ A 10.0.14.129
+ A 10.0.14.130
+ A 10.0.14.131
+ A 10.0.14.132
+ A 10.0.14.133
+ A 10.0.14.134
+ A 10.0.14.135
+ A 10.0.14.136
+ A 10.0.14.137
+ A 10.0.14.138
+ A 10.0.14.139
+ A 10.0.14.140
+ A 10.0.14.141
+ A 10.0.14.142
+ A 10.0.14.143
+ A 10.0.14.144
+ A 10.0.14.145
+ A 10.0.14.146
+ A 10.0.14.147
+ A 10.0.14.148
+ A 10.0.14.149
+ A 10.0.14.150
+ A 10.0.14.151
+ A 10.0.14.152
+ A 10.0.14.153
+ A 10.0.14.154
+ A 10.0.14.155
+ A 10.0.14.156
+ A 10.0.14.157
+ A 10.0.14.158
+ A 10.0.14.159
+ A 10.0.14.160
+ A 10.0.14.161
+ A 10.0.14.162
+ A 10.0.14.163
+ A 10.0.14.164
+ A 10.0.14.165
+ A 10.0.14.166
+ A 10.0.14.167
+ A 10.0.14.168
+ A 10.0.14.169
+ A 10.0.14.170
+ A 10.0.14.171
+ A 10.0.14.172
+ A 10.0.14.173
+ A 10.0.14.174
+ A 10.0.14.175
+ A 10.0.14.176
+ A 10.0.14.177
+ A 10.0.14.178
+ A 10.0.14.179
+ A 10.0.14.180
+ A 10.0.14.181
+ A 10.0.14.182
+ A 10.0.14.183
+ A 10.0.14.184
+ A 10.0.14.185
+ A 10.0.14.186
+ A 10.0.14.187
+ A 10.0.14.188
+ A 10.0.14.189
+ A 10.0.14.190
+ A 10.0.14.191
+ A 10.0.14.192
+ A 10.0.14.193
+ A 10.0.14.194
+ A 10.0.14.195
+ A 10.0.14.196
+ A 10.0.14.197
+ A 10.0.14.198
+ A 10.0.14.199
+ A 10.0.14.200
+ A 10.0.14.201
+ A 10.0.14.202
+ A 10.0.14.203
+ A 10.0.14.204
+ A 10.0.14.205
+ A 10.0.14.206
+ A 10.0.14.207
+ A 10.0.14.208
+ A 10.0.14.209
+ A 10.0.14.210
+ A 10.0.14.211
+ A 10.0.14.212
+ A 10.0.14.213
+ A 10.0.14.214
+ A 10.0.14.215
+ A 10.0.14.216
+ A 10.0.14.217
+ A 10.0.14.218
+ A 10.0.14.219
+ A 10.0.14.220
+ A 10.0.14.221
+ A 10.0.14.222
+ A 10.0.14.223
+ A 10.0.14.224
+ A 10.0.14.225
+ A 10.0.14.226
+ A 10.0.14.227
+ A 10.0.14.228
+ A 10.0.14.229
+ A 10.0.14.230
+ A 10.0.14.231
+ A 10.0.14.232
+ A 10.0.14.233
+ A 10.0.14.234
+ A 10.0.14.235
+ A 10.0.14.236
+ A 10.0.14.237
+ A 10.0.14.238
+ A 10.0.14.239
+ A 10.0.14.240
+ A 10.0.14.241
+ A 10.0.14.242
+ A 10.0.14.243
+ A 10.0.14.244
+ A 10.0.14.245
+ A 10.0.14.246
+ A 10.0.14.247
+ A 10.0.14.248
+ A 10.0.14.249
+ A 10.0.14.250
+ A 10.0.14.251
+ A 10.0.14.252
+ A 10.0.14.253
+ A 10.0.14.254
+ A 10.0.14.255
+ A 10.0.15.0
+ A 10.0.15.1
+ A 10.0.15.2
+ A 10.0.15.3
+ A 10.0.15.4
+ A 10.0.15.5
+ A 10.0.15.6
+ A 10.0.15.7
+ A 10.0.15.8
+ A 10.0.15.9
+ A 10.0.15.10
+ A 10.0.15.11
+ A 10.0.15.12
+ A 10.0.15.13
+ A 10.0.15.14
+ A 10.0.15.15
+ A 10.0.15.16
+ A 10.0.15.17
+ A 10.0.15.18
+ A 10.0.15.19
+ A 10.0.15.20
+ A 10.0.15.21
+ A 10.0.15.22
+ A 10.0.15.23
+ A 10.0.15.24
+ A 10.0.15.25
+ A 10.0.15.26
+ A 10.0.15.27
+ A 10.0.15.28
+ A 10.0.15.29
+ A 10.0.15.30
+ A 10.0.15.31
+ A 10.0.15.32
+ A 10.0.15.33
+ A 10.0.15.34
+ A 10.0.15.35
+ A 10.0.15.36
+ A 10.0.15.37
+ A 10.0.15.38
+ A 10.0.15.39
+ A 10.0.15.40
+ A 10.0.15.41
+ A 10.0.15.42
+ A 10.0.15.43
+ A 10.0.15.44
+ A 10.0.15.45
+ A 10.0.15.46
+ A 10.0.15.47
+ A 10.0.15.48
+ A 10.0.15.49
+ A 10.0.15.50
+ A 10.0.15.51
+ A 10.0.15.52
+ A 10.0.15.53
+ A 10.0.15.54
+ A 10.0.15.55
+ A 10.0.15.56
+ A 10.0.15.57
+ A 10.0.15.58
+ A 10.0.15.59
+ A 10.0.15.60
+ A 10.0.15.61
+ A 10.0.15.62
+ A 10.0.15.63
+ A 10.0.15.64
+ A 10.0.15.65
+ A 10.0.15.66
+ A 10.0.15.67
+ A 10.0.15.68
+ A 10.0.15.69
+ A 10.0.15.70
+ A 10.0.15.71
+ A 10.0.15.72
+ A 10.0.15.73
+ A 10.0.15.74
+ A 10.0.15.75
+ A 10.0.15.76
+ A 10.0.15.77
+ A 10.0.15.78
+ A 10.0.15.79
+ A 10.0.15.80
+ A 10.0.15.81
+ A 10.0.15.82
+ A 10.0.15.83
+ A 10.0.15.84
+ A 10.0.15.85
+ A 10.0.15.86
+ A 10.0.15.87
+ A 10.0.15.88
+ A 10.0.15.89
+ A 10.0.15.90
+ A 10.0.15.91
+ A 10.0.15.92
+ A 10.0.15.93
+ A 10.0.15.94
+ A 10.0.15.95
+ A 10.0.15.96
+ A 10.0.15.97
+ A 10.0.15.98
+ A 10.0.15.99
+ A 10.0.15.100
+ A 10.0.15.101
+ A 10.0.15.102
+ A 10.0.15.103
+ A 10.0.15.104
+ A 10.0.15.105
+ A 10.0.15.106
+ A 10.0.15.107
+ A 10.0.15.108
+ A 10.0.15.109
+ A 10.0.15.110
+ A 10.0.15.111
+ A 10.0.15.112
+ A 10.0.15.113
+ A 10.0.15.114
+ A 10.0.15.115
+ A 10.0.15.116
+ A 10.0.15.117
+ A 10.0.15.118
+ A 10.0.15.119
+ A 10.0.15.120
+ A 10.0.15.121
+ A 10.0.15.122
+ A 10.0.15.123
+ A 10.0.15.124
+ A 10.0.15.125
+ A 10.0.15.126
+ A 10.0.15.127
+ A 10.0.15.128
+ A 10.0.15.129
+ A 10.0.15.130
+ A 10.0.15.131
+ A 10.0.15.132
+ A 10.0.15.133
+ A 10.0.15.134
+ A 10.0.15.135
+ A 10.0.15.136
+ A 10.0.15.137
+ A 10.0.15.138
+ A 10.0.15.139
+ A 10.0.15.140
+ A 10.0.15.141
+ A 10.0.15.142
+ A 10.0.15.143
+ A 10.0.15.144
+ A 10.0.15.145
+ A 10.0.15.146
+ A 10.0.15.147
+ A 10.0.15.148
+ A 10.0.15.149
+ A 10.0.15.150
+ A 10.0.15.151
+ A 10.0.15.152
+ A 10.0.15.153
+ A 10.0.15.154
+ A 10.0.15.155
+ A 10.0.15.156
+ A 10.0.15.157
+ A 10.0.15.158
+ A 10.0.15.159
+ A 10.0.15.160
+ A 10.0.15.161
+ A 10.0.15.162
+ A 10.0.15.163
+ A 10.0.15.164
+ A 10.0.15.165
+ A 10.0.15.166
+ A 10.0.15.167
+ A 10.0.15.168
+ A 10.0.15.169
+ A 10.0.15.170
+ A 10.0.15.171
+ A 10.0.15.172
+ A 10.0.15.173
+ A 10.0.15.174
+ A 10.0.15.175
+ A 10.0.15.176
+ A 10.0.15.177
+ A 10.0.15.178
+ A 10.0.15.179
+ A 10.0.15.180
+ A 10.0.15.181
+ A 10.0.15.182
+ A 10.0.15.183
+ A 10.0.15.184
+ A 10.0.15.185
+ A 10.0.15.186
+ A 10.0.15.187
+ A 10.0.15.188
+ A 10.0.15.189
+ A 10.0.15.190
+ A 10.0.15.191
+ A 10.0.15.192
+ A 10.0.15.193
+ A 10.0.15.194
+ A 10.0.15.195
+ A 10.0.15.196
+ A 10.0.15.197
+ A 10.0.15.198
+ A 10.0.15.199
+ A 10.0.15.200
+ A 10.0.15.201
+ A 10.0.15.202
+ A 10.0.15.203
+ A 10.0.15.204
+ A 10.0.15.205
+ A 10.0.15.206
+ A 10.0.15.207
+ A 10.0.15.208
+ A 10.0.15.209
+ A 10.0.15.210
+ A 10.0.15.211
+ A 10.0.15.212
+ A 10.0.15.213
+ A 10.0.15.214
+ A 10.0.15.215
+ A 10.0.15.216
+ A 10.0.15.217
+ A 10.0.15.218
+ A 10.0.15.219
+ A 10.0.15.220
+ A 10.0.15.221
+ A 10.0.15.222
+ A 10.0.15.223
+ A 10.0.15.224
+ A 10.0.15.225
+ A 10.0.15.226
+ A 10.0.15.227
+ A 10.0.15.228
+ A 10.0.15.229
+ A 10.0.15.230
+ A 10.0.15.231
+ A 10.0.15.232
+ A 10.0.15.233
+ A 10.0.15.234
+ A 10.0.15.235
+ A 10.0.15.236
+ A 10.0.15.237
+ A 10.0.15.238
+ A 10.0.15.239
+ A 10.0.15.240
+ A 10.0.15.241
+ A 10.0.15.242
+ A 10.0.15.243
+ A 10.0.15.244
+ A 10.0.15.245
+ A 10.0.15.246
+ A 10.0.15.247
+ A 10.0.15.248
+ A 10.0.15.249
+ A 10.0.15.250
+ A 10.0.15.251
+ A 10.0.15.252
+ A 10.0.15.253
+ A 10.0.15.254
+ A 10.0.15.255
+ A 10.0.16.0
+ A 10.0.16.1
+ A 10.0.16.2
+ A 10.0.16.3
+ A 10.0.16.4
+ A 10.0.16.5
+ A 10.0.16.6
+ A 10.0.16.7
+ A 10.0.16.8
+ A 10.0.16.9
+ A 10.0.16.10
+ A 10.0.16.11
+ A 10.0.16.12
+ A 10.0.16.13
+ A 10.0.16.14
+ A 10.0.16.15
+ A 10.0.16.16
+ A 10.0.16.17
+ A 10.0.16.18
+ A 10.0.16.19
+ A 10.0.16.20
+ A 10.0.16.21
+ A 10.0.16.22
+ A 10.0.16.23
+ A 10.0.16.24
+ A 10.0.16.25
+ A 10.0.16.26
+ A 10.0.16.27
+ A 10.0.16.28
+ A 10.0.16.29
+ A 10.0.16.30
+ A 10.0.16.31
+ A 10.0.16.32
+ A 10.0.16.33
+ A 10.0.16.34
+ A 10.0.16.35
+ A 10.0.16.36
+ A 10.0.16.37
+ A 10.0.16.38
+ A 10.0.16.39
+ A 10.0.16.40
+ A 10.0.16.41
+ A 10.0.16.42
+ A 10.0.16.43
+ A 10.0.16.44
+ A 10.0.16.45
+ A 10.0.16.46
+ A 10.0.16.47
+ A 10.0.16.48
+ A 10.0.16.49
+ A 10.0.16.50
+ A 10.0.16.51
+ A 10.0.16.52
+ A 10.0.16.53
+ A 10.0.16.54
+ A 10.0.16.55
+ A 10.0.16.56
+ A 10.0.16.57
+ A 10.0.16.58
+ A 10.0.16.59
+ A 10.0.16.60
+ A 10.0.16.61
+ A 10.0.16.62
+ A 10.0.16.63
+ A 10.0.16.64
+ A 10.0.16.65
+ A 10.0.16.66
+ A 10.0.16.67
+ A 10.0.16.68
+ A 10.0.16.69
+ A 10.0.16.70
+ A 10.0.16.71
+ A 10.0.16.72
+ A 10.0.16.73
+ A 10.0.16.74
+ A 10.0.16.75
+ A 10.0.16.76
+ A 10.0.16.77
+ A 10.0.16.78
+ A 10.0.16.79
+ A 10.0.16.80
+ A 10.0.16.81
+ A 10.0.16.82
+ A 10.0.16.83
+ A 10.0.16.84
+ A 10.0.16.85
+ A 10.0.16.86
+ A 10.0.16.87
+ A 10.0.16.88
+ A 10.0.16.89
+ A 10.0.16.90
+ A 10.0.16.91
+ A 10.0.16.92
+ A 10.0.16.93
+ A 10.0.16.94
+ A 10.0.16.95
+ A 10.0.16.96
+ A 10.0.16.97
+ A 10.0.16.98
+ A 10.0.16.99
+ A 10.0.16.100
+ A 10.0.16.101
+ A 10.0.16.102
+ A 10.0.16.103
+ A 10.0.16.104
+ A 10.0.16.105
+ A 10.0.16.106
+ A 10.0.16.107
+ A 10.0.16.108
+ A 10.0.16.109
+ A 10.0.16.110
+ A 10.0.16.111
+ A 10.0.16.112
+ A 10.0.16.113
+ A 10.0.16.114
+ A 10.0.16.115
+ A 10.0.16.116
+ A 10.0.16.117
+ A 10.0.16.118
+ A 10.0.16.119
+ A 10.0.16.120
+ A 10.0.16.121
+ A 10.0.16.122
+ A 10.0.16.123
+ A 10.0.16.124
+ A 10.0.16.125
+ A 10.0.16.126
+ A 10.0.16.127
+ A 10.0.16.128
+ A 10.0.16.129
+ A 10.0.16.130
+ A 10.0.16.131
+ A 10.0.16.132
+ A 10.0.16.133
+ A 10.0.16.134
+ A 10.0.16.135
+ A 10.0.16.136
+ A 10.0.16.137
+ A 10.0.16.138
+ A 10.0.16.139
+ A 10.0.16.140
+ A 10.0.16.141
+ A 10.0.16.142
+ A 10.0.16.143
+ A 10.0.16.144
+ A 10.0.16.145
+ A 10.0.16.146
+ A 10.0.16.147
+ A 10.0.16.148
+ A 10.0.16.149
+ A 10.0.16.150
+ A 10.0.16.151
+ A 10.0.16.152
+ A 10.0.16.153
+ A 10.0.16.154
+ A 10.0.16.155
+ A 10.0.16.156
+ A 10.0.16.157
+ A 10.0.16.158
+ A 10.0.16.159
+ A 10.0.16.160
+ A 10.0.16.161
+ A 10.0.16.162
+ A 10.0.16.163
+ A 10.0.16.164
+ A 10.0.16.165
+ A 10.0.16.166
+ A 10.0.16.167
+ A 10.0.16.168
+ A 10.0.16.169
+ A 10.0.16.170
+ A 10.0.16.171
+ A 10.0.16.172
+ A 10.0.16.173
+ A 10.0.16.174
+ A 10.0.16.175
+ A 10.0.16.176
+ A 10.0.16.177
+ A 10.0.16.178
+ A 10.0.16.179
+ A 10.0.16.180
+ A 10.0.16.181
+ A 10.0.16.182
+ A 10.0.16.183
+ A 10.0.16.184
+ A 10.0.16.185
+ A 10.0.16.186
+ A 10.0.16.187
+ A 10.0.16.188
+ A 10.0.16.189
+ A 10.0.16.190
+ A 10.0.16.191
+ A 10.0.16.192
+ A 10.0.16.193
+ A 10.0.16.194
+ A 10.0.16.195
+ A 10.0.16.196
+ A 10.0.16.197
+ A 10.0.16.198
+ A 10.0.16.199
+ A 10.0.16.200
+ A 10.0.16.201
+ A 10.0.16.202
+ A 10.0.16.203
+ A 10.0.16.204
+ A 10.0.16.205
+ A 10.0.16.206
+ A 10.0.16.207
+ A 10.0.16.208
+ A 10.0.16.209
+ A 10.0.16.210
+ A 10.0.16.211
+ A 10.0.16.212
+ A 10.0.16.213
+ A 10.0.16.214
+ A 10.0.16.215
+ A 10.0.16.216
+ A 10.0.16.217
+ A 10.0.16.218
+ A 10.0.16.219
+ A 10.0.16.220
+ A 10.0.16.221
+ A 10.0.16.222
+ A 10.0.16.223
+ A 10.0.16.224
+ A 10.0.16.225
+ A 10.0.16.226
+ A 10.0.16.227
+ A 10.0.16.228
+ A 10.0.16.229
+ A 10.0.16.230
+ A 10.0.16.231
+ A 10.0.16.232
+ A 10.0.16.233
+ A 10.0.16.234
+ A 10.0.16.235
+ A 10.0.16.236
+ A 10.0.16.237
+ A 10.0.16.238
+ A 10.0.16.239
+ A 10.0.16.240
+ A 10.0.16.241
+ A 10.0.16.242
+ A 10.0.16.243
+ A 10.0.16.244
+ A 10.0.16.245
+ A 10.0.16.246
+ A 10.0.16.247
+ A 10.0.16.248
+ A 10.0.16.249
+ A 10.0.16.250
+ A 10.0.16.251
+ A 10.0.16.252
+ A 10.0.16.253
+ A 10.0.16.254
+ A 10.0.16.255
+ A 10.0.17.0
+ A 10.0.17.1
+ A 10.0.17.2
+ A 10.0.17.3
+ A 10.0.17.4
+ A 10.0.17.5
+ A 10.0.17.6
+ A 10.0.17.7
+ A 10.0.17.8
+ A 10.0.17.9
+ A 10.0.17.10
+ A 10.0.17.11
+ A 10.0.17.12
+ A 10.0.17.13
+ A 10.0.17.14
+ A 10.0.17.15
+ A 10.0.17.16
+ A 10.0.17.17
+ A 10.0.17.18
+ A 10.0.17.19
+ A 10.0.17.20
+ A 10.0.17.21
+ A 10.0.17.22
+ A 10.0.17.23
+ A 10.0.17.24
+ A 10.0.17.25
+ A 10.0.17.26
+ A 10.0.17.27
+ A 10.0.17.28
+ A 10.0.17.29
+ A 10.0.17.30
+ A 10.0.17.31
+ A 10.0.17.32
+ A 10.0.17.33
+ A 10.0.17.34
+ A 10.0.17.35
+ A 10.0.17.36
+ A 10.0.17.37
+ A 10.0.17.38
+ A 10.0.17.39
+ A 10.0.17.40
+ A 10.0.17.41
+ A 10.0.17.42
+ A 10.0.17.43
+ A 10.0.17.44
+ A 10.0.17.45
+ A 10.0.17.46
+ A 10.0.17.47
+ A 10.0.17.48
+ A 10.0.17.49
+ A 10.0.17.50
+ A 10.0.17.51
+ A 10.0.17.52
+ A 10.0.17.53
+ A 10.0.17.54
+ A 10.0.17.55
+ A 10.0.17.56
+ A 10.0.17.57
+ A 10.0.17.58
+ A 10.0.17.59
+ A 10.0.17.60
+ A 10.0.17.61
+ A 10.0.17.62
+ A 10.0.17.63
+ A 10.0.17.64
+ A 10.0.17.65
+ A 10.0.17.66
+ A 10.0.17.67
+ A 10.0.17.68
+ A 10.0.17.69
+ A 10.0.17.70
+ A 10.0.17.71
+ A 10.0.17.72
+ A 10.0.17.73
+ A 10.0.17.74
+ A 10.0.17.75
+ A 10.0.17.76
+ A 10.0.17.77
+ A 10.0.17.78
+ A 10.0.17.79
+ A 10.0.17.80
+ A 10.0.17.81
+ A 10.0.17.82
+ A 10.0.17.83
+ A 10.0.17.84
+ A 10.0.17.85
+ A 10.0.17.86
+ A 10.0.17.87
+ A 10.0.17.88
+ A 10.0.17.89
+ A 10.0.17.90
+ A 10.0.17.91
+ A 10.0.17.92
+ A 10.0.17.93
+ A 10.0.17.94
+ A 10.0.17.95
+ A 10.0.17.96
+ A 10.0.17.97
+ A 10.0.17.98
+ A 10.0.17.99
+ A 10.0.17.100
+ A 10.0.17.101
+ A 10.0.17.102
+ A 10.0.17.103
+ A 10.0.17.104
+ A 10.0.17.105
+ A 10.0.17.106
+ A 10.0.17.107
+ A 10.0.17.108
+ A 10.0.17.109
+ A 10.0.17.110
+ A 10.0.17.111
+ A 10.0.17.112
+ A 10.0.17.113
+ A 10.0.17.114
+ A 10.0.17.115
+ A 10.0.17.116
+ A 10.0.17.117
+ A 10.0.17.118
+ A 10.0.17.119
+ A 10.0.17.120
+ A 10.0.17.121
+ A 10.0.17.122
+ A 10.0.17.123
+ A 10.0.17.124
+ A 10.0.17.125
+ A 10.0.17.126
+ A 10.0.17.127
+ A 10.0.17.128
+ A 10.0.17.129
+ A 10.0.17.130
+ A 10.0.17.131
+ A 10.0.17.132
+ A 10.0.17.133
+ A 10.0.17.134
+ A 10.0.17.135
+ A 10.0.17.136
+ A 10.0.17.137
+ A 10.0.17.138
+ A 10.0.17.139
+ A 10.0.17.140
+ A 10.0.17.141
+ A 10.0.17.142
+ A 10.0.17.143
+ A 10.0.17.144
+ A 10.0.17.145
+ A 10.0.17.146
+ A 10.0.17.147
+ A 10.0.17.148
+ A 10.0.17.149
+ A 10.0.17.150
+ A 10.0.17.151
+ A 10.0.17.152
+ A 10.0.17.153
+ A 10.0.17.154
+ A 10.0.17.155
+ A 10.0.17.156
+ A 10.0.17.157
+ A 10.0.17.158
+ A 10.0.17.159
+ A 10.0.17.160
+ A 10.0.17.161
+ A 10.0.17.162
+ A 10.0.17.163
+ A 10.0.17.164
+ A 10.0.17.165
+ A 10.0.17.166
+ A 10.0.17.167
+ A 10.0.17.168
+ A 10.0.17.169
+ A 10.0.17.170
+ A 10.0.17.171
+ A 10.0.17.172
+ A 10.0.17.173
+ A 10.0.17.174
+ A 10.0.17.175
+ A 10.0.17.176
+ A 10.0.17.177
+ A 10.0.17.178
+ A 10.0.17.179
+ A 10.0.17.180
+ A 10.0.17.181
+ A 10.0.17.182
+ A 10.0.17.183
+ A 10.0.17.184
+ A 10.0.17.185
+ A 10.0.17.186
+ A 10.0.17.187
+ A 10.0.17.188
+ A 10.0.17.189
+ A 10.0.17.190
+ A 10.0.17.191
+ A 10.0.17.192
+ A 10.0.17.193
+ A 10.0.17.194
+ A 10.0.17.195
+ A 10.0.17.196
+ A 10.0.17.197
+ A 10.0.17.198
+ A 10.0.17.199
+ A 10.0.17.200
+ A 10.0.17.201
+ A 10.0.17.202
+ A 10.0.17.203
+ A 10.0.17.204
+ A 10.0.17.205
+ A 10.0.17.206
+ A 10.0.17.207
+ A 10.0.17.208
+ A 10.0.17.209
+ A 10.0.17.210
+ A 10.0.17.211
+ A 10.0.17.212
+ A 10.0.17.213
+ A 10.0.17.214
+ A 10.0.17.215
+ A 10.0.17.216
+ A 10.0.17.217
+ A 10.0.17.218
+ A 10.0.17.219
+ A 10.0.17.220
+ A 10.0.17.221
+ A 10.0.17.222
+ A 10.0.17.223
+ A 10.0.17.224
+ A 10.0.17.225
+ A 10.0.17.226
+ A 10.0.17.227
+ A 10.0.17.228
+ A 10.0.17.229
+ A 10.0.17.230
+ A 10.0.17.231
+ A 10.0.17.232
+ A 10.0.17.233
+ A 10.0.17.234
+ A 10.0.17.235
+ A 10.0.17.236
+ A 10.0.17.237
+ A 10.0.17.238
+ A 10.0.17.239
+ A 10.0.17.240
+ A 10.0.17.241
+ A 10.0.17.242
+ A 10.0.17.243
+ A 10.0.17.244
+ A 10.0.17.245
+ A 10.0.17.246
+ A 10.0.17.247
+ A 10.0.17.248
+ A 10.0.17.249
+ A 10.0.17.250
+ A 10.0.17.251
+ A 10.0.17.252
+ A 10.0.17.253
+ A 10.0.17.254
+ A 10.0.17.255
+ A 10.0.18.0
+ A 10.0.18.1
+ A 10.0.18.2
+ A 10.0.18.3
+ A 10.0.18.4
+ A 10.0.18.5
+ A 10.0.18.6
+ A 10.0.18.7
+ A 10.0.18.8
+ A 10.0.18.9
+ A 10.0.18.10
+ A 10.0.18.11
+ A 10.0.18.12
+ A 10.0.18.13
+ A 10.0.18.14
+ A 10.0.18.15
+ A 10.0.18.16
+ A 10.0.18.17
+ A 10.0.18.18
+ A 10.0.18.19
+ A 10.0.18.20
+ A 10.0.18.21
+ A 10.0.18.22
+ A 10.0.18.23
+ A 10.0.18.24
+ A 10.0.18.25
+ A 10.0.18.26
+ A 10.0.18.27
+ A 10.0.18.28
+ A 10.0.18.29
+ A 10.0.18.30
+ A 10.0.18.31
+ A 10.0.18.32
+ A 10.0.18.33
+ A 10.0.18.34
+ A 10.0.18.35
+ A 10.0.18.36
+ A 10.0.18.37
+ A 10.0.18.38
+ A 10.0.18.39
+ A 10.0.18.40
+ A 10.0.18.41
+ A 10.0.18.42
+ A 10.0.18.43
+ A 10.0.18.44
+ A 10.0.18.45
+ A 10.0.18.46
+ A 10.0.18.47
+ A 10.0.18.48
+ A 10.0.18.49
+ A 10.0.18.50
+ A 10.0.18.51
+ A 10.0.18.52
+ A 10.0.18.53
+ A 10.0.18.54
+ A 10.0.18.55
+ A 10.0.18.56
+ A 10.0.18.57
+ A 10.0.18.58
+ A 10.0.18.59
+ A 10.0.18.60
+ A 10.0.18.61
+ A 10.0.18.62
+ A 10.0.18.63
+ A 10.0.18.64
+ A 10.0.18.65
+ A 10.0.18.66
+ A 10.0.18.67
+ A 10.0.18.68
+ A 10.0.18.69
+ A 10.0.18.70
+ A 10.0.18.71
+ A 10.0.18.72
+ A 10.0.18.73
+ A 10.0.18.74
+ A 10.0.18.75
+ A 10.0.18.76
+ A 10.0.18.77
+ A 10.0.18.78
+ A 10.0.18.79
+ A 10.0.18.80
+ A 10.0.18.81
+ A 10.0.18.82
+ A 10.0.18.83
+ A 10.0.18.84
+ A 10.0.18.85
+ A 10.0.18.86
+ A 10.0.18.87
+ A 10.0.18.88
+ A 10.0.18.89
+ A 10.0.18.90
+ A 10.0.18.91
+ A 10.0.18.92
+ A 10.0.18.93
+ A 10.0.18.94
+ A 10.0.18.95
+ A 10.0.18.96
+ A 10.0.18.97
+ A 10.0.18.98
+ A 10.0.18.99
+ A 10.0.18.100
+ A 10.0.18.101
+ A 10.0.18.102
+ A 10.0.18.103
+ A 10.0.18.104
+ A 10.0.18.105
+ A 10.0.18.106
+ A 10.0.18.107
+ A 10.0.18.108
+ A 10.0.18.109
+ A 10.0.18.110
+ A 10.0.18.111
+ A 10.0.18.112
+ A 10.0.18.113
+ A 10.0.18.114
+ A 10.0.18.115
+ A 10.0.18.116
+ A 10.0.18.117
+ A 10.0.18.118
+ A 10.0.18.119
+ A 10.0.18.120
+ A 10.0.18.121
+ A 10.0.18.122
+ A 10.0.18.123
+ A 10.0.18.124
+ A 10.0.18.125
+ A 10.0.18.126
+ A 10.0.18.127
+ A 10.0.18.128
+ A 10.0.18.129
+ A 10.0.18.130
+ A 10.0.18.131
+ A 10.0.18.132
+ A 10.0.18.133
+ A 10.0.18.134
+ A 10.0.18.135
+ A 10.0.18.136
+ A 10.0.18.137
+ A 10.0.18.138
+ A 10.0.18.139
+ A 10.0.18.140
+ A 10.0.18.141
+ A 10.0.18.142
+ A 10.0.18.143
+ A 10.0.18.144
+ A 10.0.18.145
+ A 10.0.18.146
+ A 10.0.18.147
+ A 10.0.18.148
+ A 10.0.18.149
+ A 10.0.18.150
+ A 10.0.18.151
+ A 10.0.18.152
+ A 10.0.18.153
+ A 10.0.18.154
+ A 10.0.18.155
+ A 10.0.18.156
+ A 10.0.18.157
+ A 10.0.18.158
+ A 10.0.18.159
+ A 10.0.18.160
+ A 10.0.18.161
+ A 10.0.18.162
+ A 10.0.18.163
+ A 10.0.18.164
+ A 10.0.18.165
+ A 10.0.18.166
+ A 10.0.18.167
+ A 10.0.18.168
+ A 10.0.18.169
+ A 10.0.18.170
+ A 10.0.18.171
+ A 10.0.18.172
+ A 10.0.18.173
+ A 10.0.18.174
+ A 10.0.18.175
+ A 10.0.18.176
+ A 10.0.18.177
+ A 10.0.18.178
+ A 10.0.18.179
+ A 10.0.18.180
+ A 10.0.18.181
+ A 10.0.18.182
+ A 10.0.18.183
+ A 10.0.18.184
+ A 10.0.18.185
+ A 10.0.18.186
+ A 10.0.18.187
+ A 10.0.18.188
+ A 10.0.18.189
+ A 10.0.18.190
+ A 10.0.18.191
+ A 10.0.18.192
+ A 10.0.18.193
+ A 10.0.18.194
+ A 10.0.18.195
+ A 10.0.18.196
+ A 10.0.18.197
+ A 10.0.18.198
+ A 10.0.18.199
+ A 10.0.18.200
+ A 10.0.18.201
+ A 10.0.18.202
+ A 10.0.18.203
+ A 10.0.18.204
+ A 10.0.18.205
+ A 10.0.18.206
+ A 10.0.18.207
+ A 10.0.18.208
+ A 10.0.18.209
+ A 10.0.18.210
+ A 10.0.18.211
+ A 10.0.18.212
+ A 10.0.18.213
+ A 10.0.18.214
+ A 10.0.18.215
+ A 10.0.18.216
+ A 10.0.18.217
+ A 10.0.18.218
+ A 10.0.18.219
+ A 10.0.18.220
+ A 10.0.18.221
+ A 10.0.18.222
+ A 10.0.18.223
+ A 10.0.18.224
+ A 10.0.18.225
+ A 10.0.18.226
+ A 10.0.18.227
+ A 10.0.18.228
+ A 10.0.18.229
+ A 10.0.18.230
+ A 10.0.18.231
+ A 10.0.18.232
+ A 10.0.18.233
+ A 10.0.18.234
+ A 10.0.18.235
+ A 10.0.18.236
+ A 10.0.18.237
+ A 10.0.18.238
+ A 10.0.18.239
+ A 10.0.18.240
+ A 10.0.18.241
+ A 10.0.18.242
+ A 10.0.18.243
+ A 10.0.18.244
+ A 10.0.18.245
+ A 10.0.18.246
+ A 10.0.18.247
+ A 10.0.18.248
+ A 10.0.18.249
+ A 10.0.18.250
+ A 10.0.18.251
+ A 10.0.18.252
+ A 10.0.18.253
+ A 10.0.18.254
+ A 10.0.18.255
+ A 10.0.19.0
+ A 10.0.19.1
+ A 10.0.19.2
+ A 10.0.19.3
+ A 10.0.19.4
+ A 10.0.19.5
+ A 10.0.19.6
+ A 10.0.19.7
+ A 10.0.19.8
+ A 10.0.19.9
+ A 10.0.19.10
+ A 10.0.19.11
+ A 10.0.19.12
+ A 10.0.19.13
+ A 10.0.19.14
+ A 10.0.19.15
+ A 10.0.19.16
+ A 10.0.19.17
+ A 10.0.19.18
+ A 10.0.19.19
+ A 10.0.19.20
+ A 10.0.19.21
+ A 10.0.19.22
+ A 10.0.19.23
+ A 10.0.19.24
+ A 10.0.19.25
+ A 10.0.19.26
+ A 10.0.19.27
+ A 10.0.19.28
+ A 10.0.19.29
+ A 10.0.19.30
+ A 10.0.19.31
+ A 10.0.19.32
+ A 10.0.19.33
+ A 10.0.19.34
+ A 10.0.19.35
+ A 10.0.19.36
+ A 10.0.19.37
+ A 10.0.19.38
+ A 10.0.19.39
+ A 10.0.19.40
+ A 10.0.19.41
+ A 10.0.19.42
+ A 10.0.19.43
+ A 10.0.19.44
+ A 10.0.19.45
+ A 10.0.19.46
+ A 10.0.19.47
+ A 10.0.19.48
+ A 10.0.19.49
+ A 10.0.19.50
+ A 10.0.19.51
+ A 10.0.19.52
+ A 10.0.19.53
+ A 10.0.19.54
+ A 10.0.19.55
+ A 10.0.19.56
+ A 10.0.19.57
+ A 10.0.19.58
+ A 10.0.19.59
+ A 10.0.19.60
+ A 10.0.19.61
+ A 10.0.19.62
+ A 10.0.19.63
+ A 10.0.19.64
+ A 10.0.19.65
+ A 10.0.19.66
+ A 10.0.19.67
+ A 10.0.19.68
+ A 10.0.19.69
+ A 10.0.19.70
+ A 10.0.19.71
+ A 10.0.19.72
+ A 10.0.19.73
+ A 10.0.19.74
+ A 10.0.19.75
+ A 10.0.19.76
+ A 10.0.19.77
+ A 10.0.19.78
+ A 10.0.19.79
+ A 10.0.19.80
+ A 10.0.19.81
+ A 10.0.19.82
+ A 10.0.19.83
+ A 10.0.19.84
+ A 10.0.19.85
+ A 10.0.19.86
+ A 10.0.19.87
+ A 10.0.19.88
+ A 10.0.19.89
+ A 10.0.19.90
+ A 10.0.19.91
+ A 10.0.19.92
+ A 10.0.19.93
+ A 10.0.19.94
+ A 10.0.19.95
+ A 10.0.19.96
+ A 10.0.19.97
+ A 10.0.19.98
+ A 10.0.19.99
+ A 10.0.19.100
+ A 10.0.19.101
+ A 10.0.19.102
+ A 10.0.19.103
+ A 10.0.19.104
+ A 10.0.19.105
+ A 10.0.19.106
+ A 10.0.19.107
+ A 10.0.19.108
+ A 10.0.19.109
+ A 10.0.19.110
+ A 10.0.19.111
+ A 10.0.19.112
+ A 10.0.19.113
+ A 10.0.19.114
+ A 10.0.19.115
+ A 10.0.19.116
+ A 10.0.19.117
+ A 10.0.19.118
+ A 10.0.19.119
+ A 10.0.19.120
+ A 10.0.19.121
+ A 10.0.19.122
+ A 10.0.19.123
+ A 10.0.19.124
+ A 10.0.19.125
+ A 10.0.19.126
+ A 10.0.19.127
+ A 10.0.19.128
+ A 10.0.19.129
+ A 10.0.19.130
+ A 10.0.19.131
+ A 10.0.19.132
+ A 10.0.19.133
+ A 10.0.19.134
+ A 10.0.19.135
+a-maximum-rrset A 10.0.0.0
+ A 10.0.0.1
+ A 10.0.0.2
+ A 10.0.0.3
+ A 10.0.0.4
+ A 10.0.0.5
+ A 10.0.0.6
+ A 10.0.0.7
+ A 10.0.0.8
+ A 10.0.0.9
+ A 10.0.0.10
+ A 10.0.0.11
+ A 10.0.0.12
+ A 10.0.0.13
+ A 10.0.0.14
+ A 10.0.0.15
+ A 10.0.0.16
+ A 10.0.0.17
+ A 10.0.0.18
+ A 10.0.0.19
+ A 10.0.0.20
+ A 10.0.0.21
+ A 10.0.0.22
+ A 10.0.0.23
+ A 10.0.0.24
+ A 10.0.0.25
+ A 10.0.0.26
+ A 10.0.0.27
+ A 10.0.0.28
+ A 10.0.0.29
+ A 10.0.0.30
+ A 10.0.0.31
+ A 10.0.0.32
+ A 10.0.0.33
+ A 10.0.0.34
+ A 10.0.0.35
+ A 10.0.0.36
+ A 10.0.0.37
+ A 10.0.0.38
+ A 10.0.0.39
+ A 10.0.0.40
+ A 10.0.0.41
+ A 10.0.0.42
+ A 10.0.0.43
+ A 10.0.0.44
+ A 10.0.0.45
+ A 10.0.0.46
+ A 10.0.0.47
+ A 10.0.0.48
+ A 10.0.0.49
+ A 10.0.0.50
+ A 10.0.0.51
+ A 10.0.0.52
+ A 10.0.0.53
+ A 10.0.0.54
+ A 10.0.0.55
+ A 10.0.0.56
+ A 10.0.0.57
+ A 10.0.0.58
+ A 10.0.0.59
+ A 10.0.0.60
+ A 10.0.0.61
+ A 10.0.0.62
+ A 10.0.0.63
+ A 10.0.0.64
+ A 10.0.0.65
+ A 10.0.0.66
+ A 10.0.0.67
+ A 10.0.0.68
+ A 10.0.0.69
+ A 10.0.0.70
+ A 10.0.0.71
+ A 10.0.0.72
+ A 10.0.0.73
+ A 10.0.0.74
+ A 10.0.0.75
+ A 10.0.0.76
+ A 10.0.0.77
+ A 10.0.0.78
+ A 10.0.0.79
+ A 10.0.0.80
+ A 10.0.0.81
+ A 10.0.0.82
+ A 10.0.0.83
+ A 10.0.0.84
+ A 10.0.0.85
+ A 10.0.0.86
+ A 10.0.0.87
+ A 10.0.0.88
+ A 10.0.0.89
+ A 10.0.0.90
+ A 10.0.0.91
+ A 10.0.0.92
+ A 10.0.0.93
+ A 10.0.0.94
+ A 10.0.0.95
+ A 10.0.0.96
+ A 10.0.0.97
+ A 10.0.0.98
+ A 10.0.0.99
+ A 10.0.0.100
+ A 10.0.0.101
+ A 10.0.0.102
+ A 10.0.0.103
+ A 10.0.0.104
+ A 10.0.0.105
+ A 10.0.0.106
+ A 10.0.0.107
+ A 10.0.0.108
+ A 10.0.0.109
+ A 10.0.0.110
+ A 10.0.0.111
+ A 10.0.0.112
+ A 10.0.0.113
+ A 10.0.0.114
+ A 10.0.0.115
+ A 10.0.0.116
+ A 10.0.0.117
+ A 10.0.0.118
+ A 10.0.0.119
+ A 10.0.0.120
+ A 10.0.0.121
+ A 10.0.0.122
+ A 10.0.0.123
+ A 10.0.0.124
+ A 10.0.0.125
+ A 10.0.0.126
+ A 10.0.0.127
+ A 10.0.0.128
+ A 10.0.0.129
+ A 10.0.0.130
+ A 10.0.0.131
+ A 10.0.0.132
+ A 10.0.0.133
+ A 10.0.0.134
+ A 10.0.0.135
+ A 10.0.0.136
+ A 10.0.0.137
+ A 10.0.0.138
+ A 10.0.0.139
+ A 10.0.0.140
+ A 10.0.0.141
+ A 10.0.0.142
+ A 10.0.0.143
+ A 10.0.0.144
+ A 10.0.0.145
+ A 10.0.0.146
+ A 10.0.0.147
+ A 10.0.0.148
+ A 10.0.0.149
+ A 10.0.0.150
+ A 10.0.0.151
+ A 10.0.0.152
+ A 10.0.0.153
+ A 10.0.0.154
+ A 10.0.0.155
+ A 10.0.0.156
+ A 10.0.0.157
+ A 10.0.0.158
+ A 10.0.0.159
+ A 10.0.0.160
+ A 10.0.0.161
+ A 10.0.0.162
+ A 10.0.0.163
+ A 10.0.0.164
+ A 10.0.0.165
+ A 10.0.0.166
+ A 10.0.0.167
+ A 10.0.0.168
+ A 10.0.0.169
+ A 10.0.0.170
+ A 10.0.0.171
+ A 10.0.0.172
+ A 10.0.0.173
+ A 10.0.0.174
+ A 10.0.0.175
+ A 10.0.0.176
+ A 10.0.0.177
+ A 10.0.0.178
+ A 10.0.0.179
+ A 10.0.0.180
+ A 10.0.0.181
+ A 10.0.0.182
+ A 10.0.0.183
+ A 10.0.0.184
+ A 10.0.0.185
+ A 10.0.0.186
+ A 10.0.0.187
+ A 10.0.0.188
+ A 10.0.0.189
+ A 10.0.0.190
+ A 10.0.0.191
+ A 10.0.0.192
+ A 10.0.0.193
+ A 10.0.0.194
+ A 10.0.0.195
+ A 10.0.0.196
+ A 10.0.0.197
+ A 10.0.0.198
+ A 10.0.0.199
+ A 10.0.0.200
+ A 10.0.0.201
+ A 10.0.0.202
+ A 10.0.0.203
+ A 10.0.0.204
+ A 10.0.0.205
+ A 10.0.0.206
+ A 10.0.0.207
+ A 10.0.0.208
+ A 10.0.0.209
+ A 10.0.0.210
+ A 10.0.0.211
+ A 10.0.0.212
+ A 10.0.0.213
+ A 10.0.0.214
+ A 10.0.0.215
+ A 10.0.0.216
+ A 10.0.0.217
+ A 10.0.0.218
+ A 10.0.0.219
+ A 10.0.0.220
+ A 10.0.0.221
+ A 10.0.0.222
+ A 10.0.0.223
+ A 10.0.0.224
+ A 10.0.0.225
+ A 10.0.0.226
+ A 10.0.0.227
+ A 10.0.0.228
+ A 10.0.0.229
+ A 10.0.0.230
+ A 10.0.0.231
+ A 10.0.0.232
+ A 10.0.0.233
+ A 10.0.0.234
+ A 10.0.0.235
+ A 10.0.0.236
+ A 10.0.0.237
+ A 10.0.0.238
+ A 10.0.0.239
+ A 10.0.0.240
+ A 10.0.0.241
+ A 10.0.0.242
+ A 10.0.0.243
+ A 10.0.0.244
+ A 10.0.0.245
+ A 10.0.0.246
+ A 10.0.0.247
+ A 10.0.0.248
+ A 10.0.0.249
+ A 10.0.0.250
+ A 10.0.0.251
+ A 10.0.0.252
+ A 10.0.0.253
+ A 10.0.0.254
+ A 10.0.0.255
+ A 10.0.1.0
+ A 10.0.1.1
+ A 10.0.1.2
+ A 10.0.1.3
+ A 10.0.1.4
+ A 10.0.1.5
+ A 10.0.1.6
+ A 10.0.1.7
+ A 10.0.1.8
+ A 10.0.1.9
+ A 10.0.1.10
+ A 10.0.1.11
+ A 10.0.1.12
+ A 10.0.1.13
+ A 10.0.1.14
+ A 10.0.1.15
+ A 10.0.1.16
+ A 10.0.1.17
+ A 10.0.1.18
+ A 10.0.1.19
+ A 10.0.1.20
+ A 10.0.1.21
+ A 10.0.1.22
+ A 10.0.1.23
+ A 10.0.1.24
+ A 10.0.1.25
+ A 10.0.1.26
+ A 10.0.1.27
+ A 10.0.1.28
+ A 10.0.1.29
+ A 10.0.1.30
+ A 10.0.1.31
+ A 10.0.1.32
+ A 10.0.1.33
+ A 10.0.1.34
+ A 10.0.1.35
+ A 10.0.1.36
+ A 10.0.1.37
+ A 10.0.1.38
+ A 10.0.1.39
+ A 10.0.1.40
+ A 10.0.1.41
+ A 10.0.1.42
+ A 10.0.1.43
+ A 10.0.1.44
+ A 10.0.1.45
+ A 10.0.1.46
+ A 10.0.1.47
+ A 10.0.1.48
+ A 10.0.1.49
+ A 10.0.1.50
+ A 10.0.1.51
+ A 10.0.1.52
+ A 10.0.1.53
+ A 10.0.1.54
+ A 10.0.1.55
+ A 10.0.1.56
+ A 10.0.1.57
+ A 10.0.1.58
+ A 10.0.1.59
+ A 10.0.1.60
+ A 10.0.1.61
+ A 10.0.1.62
+ A 10.0.1.63
+ A 10.0.1.64
+ A 10.0.1.65
+ A 10.0.1.66
+ A 10.0.1.67
+ A 10.0.1.68
+ A 10.0.1.69
+ A 10.0.1.70
+ A 10.0.1.71
+ A 10.0.1.72
+ A 10.0.1.73
+ A 10.0.1.74
+ A 10.0.1.75
+ A 10.0.1.76
+ A 10.0.1.77
+ A 10.0.1.78
+ A 10.0.1.79
+ A 10.0.1.80
+ A 10.0.1.81
+ A 10.0.1.82
+ A 10.0.1.83
+ A 10.0.1.84
+ A 10.0.1.85
+ A 10.0.1.86
+ A 10.0.1.87
+ A 10.0.1.88
+ A 10.0.1.89
+ A 10.0.1.90
+ A 10.0.1.91
+ A 10.0.1.92
+ A 10.0.1.93
+ A 10.0.1.94
+ A 10.0.1.95
+ A 10.0.1.96
+ A 10.0.1.97
+ A 10.0.1.98
+ A 10.0.1.99
+ A 10.0.1.100
+ A 10.0.1.101
+ A 10.0.1.102
+ A 10.0.1.103
+ A 10.0.1.104
+ A 10.0.1.105
+ A 10.0.1.106
+ A 10.0.1.107
+ A 10.0.1.108
+ A 10.0.1.109
+ A 10.0.1.110
+ A 10.0.1.111
+ A 10.0.1.112
+ A 10.0.1.113
+ A 10.0.1.114
+ A 10.0.1.115
+ A 10.0.1.116
+ A 10.0.1.117
+ A 10.0.1.118
+ A 10.0.1.119
+ A 10.0.1.120
+ A 10.0.1.121
+ A 10.0.1.122
+ A 10.0.1.123
+ A 10.0.1.124
+ A 10.0.1.125
+ A 10.0.1.126
+ A 10.0.1.127
+ A 10.0.1.128
+ A 10.0.1.129
+ A 10.0.1.130
+ A 10.0.1.131
+ A 10.0.1.132
+ A 10.0.1.133
+ A 10.0.1.134
+ A 10.0.1.135
+ A 10.0.1.136
+ A 10.0.1.137
+ A 10.0.1.138
+ A 10.0.1.139
+ A 10.0.1.140
+ A 10.0.1.141
+ A 10.0.1.142
+ A 10.0.1.143
+ A 10.0.1.144
+ A 10.0.1.145
+ A 10.0.1.146
+ A 10.0.1.147
+ A 10.0.1.148
+ A 10.0.1.149
+ A 10.0.1.150
+ A 10.0.1.151
+ A 10.0.1.152
+ A 10.0.1.153
+ A 10.0.1.154
+ A 10.0.1.155
+ A 10.0.1.156
+ A 10.0.1.157
+ A 10.0.1.158
+ A 10.0.1.159
+ A 10.0.1.160
+ A 10.0.1.161
+ A 10.0.1.162
+ A 10.0.1.163
+ A 10.0.1.164
+ A 10.0.1.165
+ A 10.0.1.166
+ A 10.0.1.167
+ A 10.0.1.168
+ A 10.0.1.169
+ A 10.0.1.170
+ A 10.0.1.171
+ A 10.0.1.172
+ A 10.0.1.173
+ A 10.0.1.174
+ A 10.0.1.175
+ A 10.0.1.176
+ A 10.0.1.177
+ A 10.0.1.178
+ A 10.0.1.179
+ A 10.0.1.180
+ A 10.0.1.181
+ A 10.0.1.182
+ A 10.0.1.183
+ A 10.0.1.184
+ A 10.0.1.185
+ A 10.0.1.186
+ A 10.0.1.187
+ A 10.0.1.188
+ A 10.0.1.189
+ A 10.0.1.190
+ A 10.0.1.191
+ A 10.0.1.192
+ A 10.0.1.193
+ A 10.0.1.194
+ A 10.0.1.195
+ A 10.0.1.196
+ A 10.0.1.197
+ A 10.0.1.198
+ A 10.0.1.199
+ A 10.0.1.200
+ A 10.0.1.201
+ A 10.0.1.202
+ A 10.0.1.203
+ A 10.0.1.204
+ A 10.0.1.205
+ A 10.0.1.206
+ A 10.0.1.207
+ A 10.0.1.208
+ A 10.0.1.209
+ A 10.0.1.210
+ A 10.0.1.211
+ A 10.0.1.212
+ A 10.0.1.213
+ A 10.0.1.214
+ A 10.0.1.215
+ A 10.0.1.216
+ A 10.0.1.217
+ A 10.0.1.218
+ A 10.0.1.219
+ A 10.0.1.220
+ A 10.0.1.221
+ A 10.0.1.222
+ A 10.0.1.223
+ A 10.0.1.224
+ A 10.0.1.225
+ A 10.0.1.226
+ A 10.0.1.227
+ A 10.0.1.228
+ A 10.0.1.229
+ A 10.0.1.230
+ A 10.0.1.231
+ A 10.0.1.232
+ A 10.0.1.233
+ A 10.0.1.234
+ A 10.0.1.235
+ A 10.0.1.236
+ A 10.0.1.237
+ A 10.0.1.238
+ A 10.0.1.239
+ A 10.0.1.240
+ A 10.0.1.241
+ A 10.0.1.242
+ A 10.0.1.243
+ A 10.0.1.244
+ A 10.0.1.245
+ A 10.0.1.246
+ A 10.0.1.247
+ A 10.0.1.248
+ A 10.0.1.249
+ A 10.0.1.250
+ A 10.0.1.251
+ A 10.0.1.252
+ A 10.0.1.253
+ A 10.0.1.254
+ A 10.0.1.255
+ A 10.0.2.0
+ A 10.0.2.1
+ A 10.0.2.2
+ A 10.0.2.3
+ A 10.0.2.4
+ A 10.0.2.5
+ A 10.0.2.6
+ A 10.0.2.7
+ A 10.0.2.8
+ A 10.0.2.9
+ A 10.0.2.10
+ A 10.0.2.11
+ A 10.0.2.12
+ A 10.0.2.13
+ A 10.0.2.14
+ A 10.0.2.15
+ A 10.0.2.16
+ A 10.0.2.17
+ A 10.0.2.18
+ A 10.0.2.19
+ A 10.0.2.20
+ A 10.0.2.21
+ A 10.0.2.22
+ A 10.0.2.23
+ A 10.0.2.24
+ A 10.0.2.25
+ A 10.0.2.26
+ A 10.0.2.27
+ A 10.0.2.28
+ A 10.0.2.29
+ A 10.0.2.30
+ A 10.0.2.31
+ A 10.0.2.32
+ A 10.0.2.33
+ A 10.0.2.34
+ A 10.0.2.35
+ A 10.0.2.36
+ A 10.0.2.37
+ A 10.0.2.38
+ A 10.0.2.39
+ A 10.0.2.40
+ A 10.0.2.41
+ A 10.0.2.42
+ A 10.0.2.43
+ A 10.0.2.44
+ A 10.0.2.45
+ A 10.0.2.46
+ A 10.0.2.47
+ A 10.0.2.48
+ A 10.0.2.49
+ A 10.0.2.50
+ A 10.0.2.51
+ A 10.0.2.52
+ A 10.0.2.53
+ A 10.0.2.54
+ A 10.0.2.55
+ A 10.0.2.56
+ A 10.0.2.57
+ A 10.0.2.58
+ A 10.0.2.59
+ A 10.0.2.60
+ A 10.0.2.61
+ A 10.0.2.62
+ A 10.0.2.63
+ A 10.0.2.64
+ A 10.0.2.65
+ A 10.0.2.66
+ A 10.0.2.67
+ A 10.0.2.68
+ A 10.0.2.69
+ A 10.0.2.70
+ A 10.0.2.71
+ A 10.0.2.72
+ A 10.0.2.73
+ A 10.0.2.74
+ A 10.0.2.75
+ A 10.0.2.76
+ A 10.0.2.77
+ A 10.0.2.78
+ A 10.0.2.79
+ A 10.0.2.80
+ A 10.0.2.81
+ A 10.0.2.82
+ A 10.0.2.83
+ A 10.0.2.84
+ A 10.0.2.85
+ A 10.0.2.86
+ A 10.0.2.87
+ A 10.0.2.88
+ A 10.0.2.89
+ A 10.0.2.90
+ A 10.0.2.91
+ A 10.0.2.92
+ A 10.0.2.93
+ A 10.0.2.94
+ A 10.0.2.95
+ A 10.0.2.96
+ A 10.0.2.97
+ A 10.0.2.98
+ A 10.0.2.99
+ A 10.0.2.100
+ A 10.0.2.101
+ A 10.0.2.102
+ A 10.0.2.103
+ A 10.0.2.104
+ A 10.0.2.105
+ A 10.0.2.106
+ A 10.0.2.107
+ A 10.0.2.108
+ A 10.0.2.109
+ A 10.0.2.110
+ A 10.0.2.111
+ A 10.0.2.112
+ A 10.0.2.113
+ A 10.0.2.114
+ A 10.0.2.115
+ A 10.0.2.116
+ A 10.0.2.117
+ A 10.0.2.118
+ A 10.0.2.119
+ A 10.0.2.120
+ A 10.0.2.121
+ A 10.0.2.122
+ A 10.0.2.123
+ A 10.0.2.124
+ A 10.0.2.125
+ A 10.0.2.126
+ A 10.0.2.127
+ A 10.0.2.128
+ A 10.0.2.129
+ A 10.0.2.130
+ A 10.0.2.131
+ A 10.0.2.132
+ A 10.0.2.133
+ A 10.0.2.134
+ A 10.0.2.135
+ A 10.0.2.136
+ A 10.0.2.137
+ A 10.0.2.138
+ A 10.0.2.139
+ A 10.0.2.140
+ A 10.0.2.141
+ A 10.0.2.142
+ A 10.0.2.143
+ A 10.0.2.144
+ A 10.0.2.145
+ A 10.0.2.146
+ A 10.0.2.147
+ A 10.0.2.148
+ A 10.0.2.149
+ A 10.0.2.150
+ A 10.0.2.151
+ A 10.0.2.152
+ A 10.0.2.153
+ A 10.0.2.154
+ A 10.0.2.155
+ A 10.0.2.156
+ A 10.0.2.157
+ A 10.0.2.158
+ A 10.0.2.159
+ A 10.0.2.160
+ A 10.0.2.161
+ A 10.0.2.162
+ A 10.0.2.163
+ A 10.0.2.164
+ A 10.0.2.165
+ A 10.0.2.166
+ A 10.0.2.167
+ A 10.0.2.168
+ A 10.0.2.169
+ A 10.0.2.170
+ A 10.0.2.171
+ A 10.0.2.172
+ A 10.0.2.173
+ A 10.0.2.174
+ A 10.0.2.175
+ A 10.0.2.176
+ A 10.0.2.177
+ A 10.0.2.178
+ A 10.0.2.179
+ A 10.0.2.180
+ A 10.0.2.181
+ A 10.0.2.182
+ A 10.0.2.183
+ A 10.0.2.184
+ A 10.0.2.185
+ A 10.0.2.186
+ A 10.0.2.187
+ A 10.0.2.188
+ A 10.0.2.189
+ A 10.0.2.190
+ A 10.0.2.191
+ A 10.0.2.192
+ A 10.0.2.193
+ A 10.0.2.194
+ A 10.0.2.195
+ A 10.0.2.196
+ A 10.0.2.197
+ A 10.0.2.198
+ A 10.0.2.199
+ A 10.0.2.200
+ A 10.0.2.201
+ A 10.0.2.202
+ A 10.0.2.203
+ A 10.0.2.204
+ A 10.0.2.205
+ A 10.0.2.206
+ A 10.0.2.207
+ A 10.0.2.208
+ A 10.0.2.209
+ A 10.0.2.210
+ A 10.0.2.211
+ A 10.0.2.212
+ A 10.0.2.213
+ A 10.0.2.214
+ A 10.0.2.215
+ A 10.0.2.216
+ A 10.0.2.217
+ A 10.0.2.218
+ A 10.0.2.219
+ A 10.0.2.220
+ A 10.0.2.221
+ A 10.0.2.222
+ A 10.0.2.223
+ A 10.0.2.224
+ A 10.0.2.225
+ A 10.0.2.226
+ A 10.0.2.227
+ A 10.0.2.228
+ A 10.0.2.229
+ A 10.0.2.230
+ A 10.0.2.231
+ A 10.0.2.232
+ A 10.0.2.233
+ A 10.0.2.234
+ A 10.0.2.235
+ A 10.0.2.236
+ A 10.0.2.237
+ A 10.0.2.238
+ A 10.0.2.239
+ A 10.0.2.240
+ A 10.0.2.241
+ A 10.0.2.242
+ A 10.0.2.243
+ A 10.0.2.244
+ A 10.0.2.245
+ A 10.0.2.246
+ A 10.0.2.247
+ A 10.0.2.248
+ A 10.0.2.249
+ A 10.0.2.250
+ A 10.0.2.251
+ A 10.0.2.252
+ A 10.0.2.253
+ A 10.0.2.254
+ A 10.0.2.255
+ A 10.0.3.0
+ A 10.0.3.1
+ A 10.0.3.2
+ A 10.0.3.3
+ A 10.0.3.4
+ A 10.0.3.5
+ A 10.0.3.6
+ A 10.0.3.7
+ A 10.0.3.8
+ A 10.0.3.9
+ A 10.0.3.10
+ A 10.0.3.11
+ A 10.0.3.12
+ A 10.0.3.13
+ A 10.0.3.14
+ A 10.0.3.15
+ A 10.0.3.16
+ A 10.0.3.17
+ A 10.0.3.18
+ A 10.0.3.19
+ A 10.0.3.20
+ A 10.0.3.21
+ A 10.0.3.22
+ A 10.0.3.23
+ A 10.0.3.24
+ A 10.0.3.25
+ A 10.0.3.26
+ A 10.0.3.27
+ A 10.0.3.28
+ A 10.0.3.29
+ A 10.0.3.30
+ A 10.0.3.31
+ A 10.0.3.32
+ A 10.0.3.33
+ A 10.0.3.34
+ A 10.0.3.35
+ A 10.0.3.36
+ A 10.0.3.37
+ A 10.0.3.38
+ A 10.0.3.39
+ A 10.0.3.40
+ A 10.0.3.41
+ A 10.0.3.42
+ A 10.0.3.43
+ A 10.0.3.44
+ A 10.0.3.45
+ A 10.0.3.46
+ A 10.0.3.47
+ A 10.0.3.48
+ A 10.0.3.49
+ A 10.0.3.50
+ A 10.0.3.51
+ A 10.0.3.52
+ A 10.0.3.53
+ A 10.0.3.54
+ A 10.0.3.55
+ A 10.0.3.56
+ A 10.0.3.57
+ A 10.0.3.58
+ A 10.0.3.59
+ A 10.0.3.60
+ A 10.0.3.61
+ A 10.0.3.62
+ A 10.0.3.63
+ A 10.0.3.64
+ A 10.0.3.65
+ A 10.0.3.66
+ A 10.0.3.67
+ A 10.0.3.68
+ A 10.0.3.69
+ A 10.0.3.70
+ A 10.0.3.71
+ A 10.0.3.72
+ A 10.0.3.73
+ A 10.0.3.74
+ A 10.0.3.75
+ A 10.0.3.76
+ A 10.0.3.77
+ A 10.0.3.78
+ A 10.0.3.79
+ A 10.0.3.80
+ A 10.0.3.81
+ A 10.0.3.82
+ A 10.0.3.83
+ A 10.0.3.84
+ A 10.0.3.85
+ A 10.0.3.86
+ A 10.0.3.87
+ A 10.0.3.88
+ A 10.0.3.89
+ A 10.0.3.90
+ A 10.0.3.91
+ A 10.0.3.92
+ A 10.0.3.93
+ A 10.0.3.94
+ A 10.0.3.95
+ A 10.0.3.96
+ A 10.0.3.97
+ A 10.0.3.98
+ A 10.0.3.99
+ A 10.0.3.100
+ A 10.0.3.101
+ A 10.0.3.102
+ A 10.0.3.103
+ A 10.0.3.104
+ A 10.0.3.105
+ A 10.0.3.106
+ A 10.0.3.107
+ A 10.0.3.108
+ A 10.0.3.109
+ A 10.0.3.110
+ A 10.0.3.111
+ A 10.0.3.112
+ A 10.0.3.113
+ A 10.0.3.114
+ A 10.0.3.115
+ A 10.0.3.116
+ A 10.0.3.117
+ A 10.0.3.118
+ A 10.0.3.119
+ A 10.0.3.120
+ A 10.0.3.121
+ A 10.0.3.122
+ A 10.0.3.123
+ A 10.0.3.124
+ A 10.0.3.125
+ A 10.0.3.126
+ A 10.0.3.127
+ A 10.0.3.128
+ A 10.0.3.129
+ A 10.0.3.130
+ A 10.0.3.131
+ A 10.0.3.132
+ A 10.0.3.133
+ A 10.0.3.134
+ A 10.0.3.135
+ A 10.0.3.136
+ A 10.0.3.137
+ A 10.0.3.138
+ A 10.0.3.139
+ A 10.0.3.140
+ A 10.0.3.141
+ A 10.0.3.142
+ A 10.0.3.143
+ A 10.0.3.144
+ A 10.0.3.145
+ A 10.0.3.146
+ A 10.0.3.147
+ A 10.0.3.148
+ A 10.0.3.149
+ A 10.0.3.150
+ A 10.0.3.151
+ A 10.0.3.152
+ A 10.0.3.153
+ A 10.0.3.154
+ A 10.0.3.155
+ A 10.0.3.156
+ A 10.0.3.157
+ A 10.0.3.158
+ A 10.0.3.159
+ A 10.0.3.160
+ A 10.0.3.161
+ A 10.0.3.162
+ A 10.0.3.163
+ A 10.0.3.164
+ A 10.0.3.165
+ A 10.0.3.166
+ A 10.0.3.167
+ A 10.0.3.168
+ A 10.0.3.169
+ A 10.0.3.170
+ A 10.0.3.171
+ A 10.0.3.172
+ A 10.0.3.173
+ A 10.0.3.174
+ A 10.0.3.175
+ A 10.0.3.176
+ A 10.0.3.177
+ A 10.0.3.178
+ A 10.0.3.179
+ A 10.0.3.180
+ A 10.0.3.181
+ A 10.0.3.182
+ A 10.0.3.183
+ A 10.0.3.184
+ A 10.0.3.185
+ A 10.0.3.186
+ A 10.0.3.187
+ A 10.0.3.188
+ A 10.0.3.189
+ A 10.0.3.190
+ A 10.0.3.191
+ A 10.0.3.192
+ A 10.0.3.193
+ A 10.0.3.194
+ A 10.0.3.195
+ A 10.0.3.196
+ A 10.0.3.197
+ A 10.0.3.198
+ A 10.0.3.199
+ A 10.0.3.200
+ A 10.0.3.201
+ A 10.0.3.202
+ A 10.0.3.203
+ A 10.0.3.204
+ A 10.0.3.205
+ A 10.0.3.206
+ A 10.0.3.207
+ A 10.0.3.208
+ A 10.0.3.209
+ A 10.0.3.210
+ A 10.0.3.211
+ A 10.0.3.212
+ A 10.0.3.213
+ A 10.0.3.214
+ A 10.0.3.215
+ A 10.0.3.216
+ A 10.0.3.217
+ A 10.0.3.218
+ A 10.0.3.219
+ A 10.0.3.220
+ A 10.0.3.221
+ A 10.0.3.222
+ A 10.0.3.223
+ A 10.0.3.224
+ A 10.0.3.225
+ A 10.0.3.226
+ A 10.0.3.227
+ A 10.0.3.228
+ A 10.0.3.229
+ A 10.0.3.230
+ A 10.0.3.231
+ A 10.0.3.232
+ A 10.0.3.233
+ A 10.0.3.234
+ A 10.0.3.235
+ A 10.0.3.236
+ A 10.0.3.237
+ A 10.0.3.238
+ A 10.0.3.239
+ A 10.0.3.240
+ A 10.0.3.241
+ A 10.0.3.242
+ A 10.0.3.243
+ A 10.0.3.244
+ A 10.0.3.245
+ A 10.0.3.246
+ A 10.0.3.247
+ A 10.0.3.248
+ A 10.0.3.249
+ A 10.0.3.250
+ A 10.0.3.251
+ A 10.0.3.252
+ A 10.0.3.253
+ A 10.0.3.254
+ A 10.0.3.255
+ A 10.0.4.0
+ A 10.0.4.1
+ A 10.0.4.2
+ A 10.0.4.3
+ A 10.0.4.4
+ A 10.0.4.5
+ A 10.0.4.6
+ A 10.0.4.7
+ A 10.0.4.8
+ A 10.0.4.9
+ A 10.0.4.10
+ A 10.0.4.11
+ A 10.0.4.12
+ A 10.0.4.13
+ A 10.0.4.14
+ A 10.0.4.15
+ A 10.0.4.16
+ A 10.0.4.17
+ A 10.0.4.18
+ A 10.0.4.19
+ A 10.0.4.20
+ A 10.0.4.21
+ A 10.0.4.22
+ A 10.0.4.23
+ A 10.0.4.24
+ A 10.0.4.25
+ A 10.0.4.26
+ A 10.0.4.27
+ A 10.0.4.28
+ A 10.0.4.29
+ A 10.0.4.30
+ A 10.0.4.31
+ A 10.0.4.32
+ A 10.0.4.33
+ A 10.0.4.34
+ A 10.0.4.35
+ A 10.0.4.36
+ A 10.0.4.37
+ A 10.0.4.38
+ A 10.0.4.39
+ A 10.0.4.40
+ A 10.0.4.41
+ A 10.0.4.42
+ A 10.0.4.43
+ A 10.0.4.44
+ A 10.0.4.45
+ A 10.0.4.46
+ A 10.0.4.47
+ A 10.0.4.48
+ A 10.0.4.49
+ A 10.0.4.50
+ A 10.0.4.51
+ A 10.0.4.52
+ A 10.0.4.53
+ A 10.0.4.54
+ A 10.0.4.55
+ A 10.0.4.56
+ A 10.0.4.57
+ A 10.0.4.58
+ A 10.0.4.59
+ A 10.0.4.60
+ A 10.0.4.61
+ A 10.0.4.62
+ A 10.0.4.63
+ A 10.0.4.64
+ A 10.0.4.65
+ A 10.0.4.66
+ A 10.0.4.67
+ A 10.0.4.68
+ A 10.0.4.69
+ A 10.0.4.70
+ A 10.0.4.71
+ A 10.0.4.72
+ A 10.0.4.73
+ A 10.0.4.74
+ A 10.0.4.75
+ A 10.0.4.76
+ A 10.0.4.77
+ A 10.0.4.78
+ A 10.0.4.79
+ A 10.0.4.80
+ A 10.0.4.81
+ A 10.0.4.82
+ A 10.0.4.83
+ A 10.0.4.84
+ A 10.0.4.85
+ A 10.0.4.86
+ A 10.0.4.87
+ A 10.0.4.88
+ A 10.0.4.89
+ A 10.0.4.90
+ A 10.0.4.91
+ A 10.0.4.92
+ A 10.0.4.93
+ A 10.0.4.94
+ A 10.0.4.95
+ A 10.0.4.96
+ A 10.0.4.97
+ A 10.0.4.98
+ A 10.0.4.99
+ A 10.0.4.100
+ A 10.0.4.101
+ A 10.0.4.102
+ A 10.0.4.103
+ A 10.0.4.104
+ A 10.0.4.105
+ A 10.0.4.106
+ A 10.0.4.107
+ A 10.0.4.108
+ A 10.0.4.109
+ A 10.0.4.110
+ A 10.0.4.111
+ A 10.0.4.112
+ A 10.0.4.113
+ A 10.0.4.114
+ A 10.0.4.115
+ A 10.0.4.116
+ A 10.0.4.117
+ A 10.0.4.118
+ A 10.0.4.119
+ A 10.0.4.120
+ A 10.0.4.121
+ A 10.0.4.122
+ A 10.0.4.123
+ A 10.0.4.124
+ A 10.0.4.125
+ A 10.0.4.126
+ A 10.0.4.127
+ A 10.0.4.128
+ A 10.0.4.129
+ A 10.0.4.130
+ A 10.0.4.131
+ A 10.0.4.132
+ A 10.0.4.133
+ A 10.0.4.134
+ A 10.0.4.135
+ A 10.0.4.136
+ A 10.0.4.137
+ A 10.0.4.138
+ A 10.0.4.139
+ A 10.0.4.140
+ A 10.0.4.141
+ A 10.0.4.142
+ A 10.0.4.143
+ A 10.0.4.144
+ A 10.0.4.145
+ A 10.0.4.146
+ A 10.0.4.147
+ A 10.0.4.148
+ A 10.0.4.149
+ A 10.0.4.150
+ A 10.0.4.151
+ A 10.0.4.152
+ A 10.0.4.153
+ A 10.0.4.154
+ A 10.0.4.155
+ A 10.0.4.156
+ A 10.0.4.157
+ A 10.0.4.158
+ A 10.0.4.159
+ A 10.0.4.160
+ A 10.0.4.161
+ A 10.0.4.162
+ A 10.0.4.163
+ A 10.0.4.164
+ A 10.0.4.165
+ A 10.0.4.166
+ A 10.0.4.167
+ A 10.0.4.168
+ A 10.0.4.169
+ A 10.0.4.170
+ A 10.0.4.171
+ A 10.0.4.172
+ A 10.0.4.173
+ A 10.0.4.174
+ A 10.0.4.175
+ A 10.0.4.176
+ A 10.0.4.177
+ A 10.0.4.178
+ A 10.0.4.179
+ A 10.0.4.180
+ A 10.0.4.181
+ A 10.0.4.182
+ A 10.0.4.183
+ A 10.0.4.184
+ A 10.0.4.185
+ A 10.0.4.186
+ A 10.0.4.187
+ A 10.0.4.188
+ A 10.0.4.189
+ A 10.0.4.190
+ A 10.0.4.191
+ A 10.0.4.192
+ A 10.0.4.193
+ A 10.0.4.194
+ A 10.0.4.195
+ A 10.0.4.196
+ A 10.0.4.197
+ A 10.0.4.198
+ A 10.0.4.199
+ A 10.0.4.200
+ A 10.0.4.201
+ A 10.0.4.202
+ A 10.0.4.203
+ A 10.0.4.204
+ A 10.0.4.205
+ A 10.0.4.206
+ A 10.0.4.207
+ A 10.0.4.208
+ A 10.0.4.209
+ A 10.0.4.210
+ A 10.0.4.211
+ A 10.0.4.212
+ A 10.0.4.213
+ A 10.0.4.214
+ A 10.0.4.215
+ A 10.0.4.216
+ A 10.0.4.217
+ A 10.0.4.218
+ A 10.0.4.219
+ A 10.0.4.220
+ A 10.0.4.221
+ A 10.0.4.222
+ A 10.0.4.223
+ A 10.0.4.224
+ A 10.0.4.225
+ A 10.0.4.226
+ A 10.0.4.227
+ A 10.0.4.228
+ A 10.0.4.229
+ A 10.0.4.230
+ A 10.0.4.231
+ A 10.0.4.232
+ A 10.0.4.233
+ A 10.0.4.234
+ A 10.0.4.235
+ A 10.0.4.236
+ A 10.0.4.237
+ A 10.0.4.238
+ A 10.0.4.239
+ A 10.0.4.240
+ A 10.0.4.241
+ A 10.0.4.242
+ A 10.0.4.243
+ A 10.0.4.244
+ A 10.0.4.245
+ A 10.0.4.246
+ A 10.0.4.247
+ A 10.0.4.248
+ A 10.0.4.249
+ A 10.0.4.250
+ A 10.0.4.251
+ A 10.0.4.252
+ A 10.0.4.253
+ A 10.0.4.254
+ A 10.0.4.255
+ A 10.0.5.0
+ A 10.0.5.1
+ A 10.0.5.2
+ A 10.0.5.3
+ A 10.0.5.4
+ A 10.0.5.5
+ A 10.0.5.6
+ A 10.0.5.7
+ A 10.0.5.8
+ A 10.0.5.9
+ A 10.0.5.10
+ A 10.0.5.11
+ A 10.0.5.12
+ A 10.0.5.13
+ A 10.0.5.14
+ A 10.0.5.15
+ A 10.0.5.16
+ A 10.0.5.17
+ A 10.0.5.18
+ A 10.0.5.19
+ A 10.0.5.20
+ A 10.0.5.21
+ A 10.0.5.22
+ A 10.0.5.23
+ A 10.0.5.24
+ A 10.0.5.25
+ A 10.0.5.26
+ A 10.0.5.27
+ A 10.0.5.28
+ A 10.0.5.29
+ A 10.0.5.30
+ A 10.0.5.31
+ A 10.0.5.32
+ A 10.0.5.33
+ A 10.0.5.34
+ A 10.0.5.35
+ A 10.0.5.36
+ A 10.0.5.37
+ A 10.0.5.38
+ A 10.0.5.39
+ A 10.0.5.40
+ A 10.0.5.41
+ A 10.0.5.42
+ A 10.0.5.43
+ A 10.0.5.44
+ A 10.0.5.45
+ A 10.0.5.46
+ A 10.0.5.47
+ A 10.0.5.48
+ A 10.0.5.49
+ A 10.0.5.50
+ A 10.0.5.51
+ A 10.0.5.52
+ A 10.0.5.53
+ A 10.0.5.54
+ A 10.0.5.55
+ A 10.0.5.56
+ A 10.0.5.57
+ A 10.0.5.58
+ A 10.0.5.59
+ A 10.0.5.60
+ A 10.0.5.61
+ A 10.0.5.62
+ A 10.0.5.63
+ A 10.0.5.64
+ A 10.0.5.65
+ A 10.0.5.66
+ A 10.0.5.67
+ A 10.0.5.68
+ A 10.0.5.69
+ A 10.0.5.70
+ A 10.0.5.71
+ A 10.0.5.72
+ A 10.0.5.73
+ A 10.0.5.74
+ A 10.0.5.75
+ A 10.0.5.76
+ A 10.0.5.77
+ A 10.0.5.78
+ A 10.0.5.79
+ A 10.0.5.80
+ A 10.0.5.81
+ A 10.0.5.82
+ A 10.0.5.83
+ A 10.0.5.84
+ A 10.0.5.85
+ A 10.0.5.86
+ A 10.0.5.87
+ A 10.0.5.88
+ A 10.0.5.89
+ A 10.0.5.90
+ A 10.0.5.91
+ A 10.0.5.92
+ A 10.0.5.93
+ A 10.0.5.94
+ A 10.0.5.95
+ A 10.0.5.96
+ A 10.0.5.97
+ A 10.0.5.98
+ A 10.0.5.99
+ A 10.0.5.100
+ A 10.0.5.101
+ A 10.0.5.102
+ A 10.0.5.103
+ A 10.0.5.104
+ A 10.0.5.105
+ A 10.0.5.106
+ A 10.0.5.107
+ A 10.0.5.108
+ A 10.0.5.109
+ A 10.0.5.110
+ A 10.0.5.111
+ A 10.0.5.112
+ A 10.0.5.113
+ A 10.0.5.114
+ A 10.0.5.115
+ A 10.0.5.116
+ A 10.0.5.117
+ A 10.0.5.118
+ A 10.0.5.119
+ A 10.0.5.120
+ A 10.0.5.121
+ A 10.0.5.122
+ A 10.0.5.123
+ A 10.0.5.124
+ A 10.0.5.125
+ A 10.0.5.126
+ A 10.0.5.127
+ A 10.0.5.128
+ A 10.0.5.129
+ A 10.0.5.130
+ A 10.0.5.131
+ A 10.0.5.132
+ A 10.0.5.133
+ A 10.0.5.134
+ A 10.0.5.135
+ A 10.0.5.136
+ A 10.0.5.137
+ A 10.0.5.138
+ A 10.0.5.139
+ A 10.0.5.140
+ A 10.0.5.141
+ A 10.0.5.142
+ A 10.0.5.143
+ A 10.0.5.144
+ A 10.0.5.145
+ A 10.0.5.146
+ A 10.0.5.147
+ A 10.0.5.148
+ A 10.0.5.149
+ A 10.0.5.150
+ A 10.0.5.151
+ A 10.0.5.152
+ A 10.0.5.153
+ A 10.0.5.154
+ A 10.0.5.155
+ A 10.0.5.156
+ A 10.0.5.157
+ A 10.0.5.158
+ A 10.0.5.159
+ A 10.0.5.160
+ A 10.0.5.161
+ A 10.0.5.162
+ A 10.0.5.163
+ A 10.0.5.164
+ A 10.0.5.165
+ A 10.0.5.166
+ A 10.0.5.167
+ A 10.0.5.168
+ A 10.0.5.169
+ A 10.0.5.170
+ A 10.0.5.171
+ A 10.0.5.172
+ A 10.0.5.173
+ A 10.0.5.174
+ A 10.0.5.175
+ A 10.0.5.176
+ A 10.0.5.177
+ A 10.0.5.178
+ A 10.0.5.179
+ A 10.0.5.180
+ A 10.0.5.181
+ A 10.0.5.182
+ A 10.0.5.183
+ A 10.0.5.184
+ A 10.0.5.185
+ A 10.0.5.186
+ A 10.0.5.187
+ A 10.0.5.188
+ A 10.0.5.189
+ A 10.0.5.190
+ A 10.0.5.191
+ A 10.0.5.192
+ A 10.0.5.193
+ A 10.0.5.194
+ A 10.0.5.195
+ A 10.0.5.196
+ A 10.0.5.197
+ A 10.0.5.198
+ A 10.0.5.199
+ A 10.0.5.200
+ A 10.0.5.201
+ A 10.0.5.202
+ A 10.0.5.203
+ A 10.0.5.204
+ A 10.0.5.205
+ A 10.0.5.206
+ A 10.0.5.207
+ A 10.0.5.208
+ A 10.0.5.209
+ A 10.0.5.210
+ A 10.0.5.211
+ A 10.0.5.212
+ A 10.0.5.213
+ A 10.0.5.214
+ A 10.0.5.215
+ A 10.0.5.216
+ A 10.0.5.217
+ A 10.0.5.218
+ A 10.0.5.219
+ A 10.0.5.220
+ A 10.0.5.221
+ A 10.0.5.222
+ A 10.0.5.223
+ A 10.0.5.224
+ A 10.0.5.225
+ A 10.0.5.226
+ A 10.0.5.227
+ A 10.0.5.228
+ A 10.0.5.229
+ A 10.0.5.230
+ A 10.0.5.231
+ A 10.0.5.232
+ A 10.0.5.233
+ A 10.0.5.234
+ A 10.0.5.235
+ A 10.0.5.236
+ A 10.0.5.237
+ A 10.0.5.238
+ A 10.0.5.239
+ A 10.0.5.240
+ A 10.0.5.241
+ A 10.0.5.242
+ A 10.0.5.243
+ A 10.0.5.244
+ A 10.0.5.245
+ A 10.0.5.246
+ A 10.0.5.247
+ A 10.0.5.248
+ A 10.0.5.249
+ A 10.0.5.250
+ A 10.0.5.251
+ A 10.0.5.252
+ A 10.0.5.253
+ A 10.0.5.254
+ A 10.0.5.255
+ A 10.0.6.0
+ A 10.0.6.1
+ A 10.0.6.2
+ A 10.0.6.3
+ A 10.0.6.4
+ A 10.0.6.5
+ A 10.0.6.6
+ A 10.0.6.7
+ A 10.0.6.8
+ A 10.0.6.9
+ A 10.0.6.10
+ A 10.0.6.11
+ A 10.0.6.12
+ A 10.0.6.13
+ A 10.0.6.14
+ A 10.0.6.15
+ A 10.0.6.16
+ A 10.0.6.17
+ A 10.0.6.18
+ A 10.0.6.19
+ A 10.0.6.20
+ A 10.0.6.21
+ A 10.0.6.22
+ A 10.0.6.23
+ A 10.0.6.24
+ A 10.0.6.25
+ A 10.0.6.26
+ A 10.0.6.27
+ A 10.0.6.28
+ A 10.0.6.29
+ A 10.0.6.30
+ A 10.0.6.31
+ A 10.0.6.32
+ A 10.0.6.33
+ A 10.0.6.34
+ A 10.0.6.35
+ A 10.0.6.36
+ A 10.0.6.37
+ A 10.0.6.38
+ A 10.0.6.39
+ A 10.0.6.40
+ A 10.0.6.41
+ A 10.0.6.42
+ A 10.0.6.43
+ A 10.0.6.44
+ A 10.0.6.45
+ A 10.0.6.46
+ A 10.0.6.47
+ A 10.0.6.48
+ A 10.0.6.49
+ A 10.0.6.50
+ A 10.0.6.51
+ A 10.0.6.52
+ A 10.0.6.53
+ A 10.0.6.54
+ A 10.0.6.55
+ A 10.0.6.56
+ A 10.0.6.57
+ A 10.0.6.58
+ A 10.0.6.59
+ A 10.0.6.60
+ A 10.0.6.61
+ A 10.0.6.62
+ A 10.0.6.63
+ A 10.0.6.64
+ A 10.0.6.65
+ A 10.0.6.66
+ A 10.0.6.67
+ A 10.0.6.68
+ A 10.0.6.69
+ A 10.0.6.70
+ A 10.0.6.71
+ A 10.0.6.72
+ A 10.0.6.73
+ A 10.0.6.74
+ A 10.0.6.75
+ A 10.0.6.76
+ A 10.0.6.77
+ A 10.0.6.78
+ A 10.0.6.79
+ A 10.0.6.80
+ A 10.0.6.81
+ A 10.0.6.82
+ A 10.0.6.83
+ A 10.0.6.84
+ A 10.0.6.85
+ A 10.0.6.86
+ A 10.0.6.87
+ A 10.0.6.88
+ A 10.0.6.89
+ A 10.0.6.90
+ A 10.0.6.91
+ A 10.0.6.92
+ A 10.0.6.93
+ A 10.0.6.94
+ A 10.0.6.95
+ A 10.0.6.96
+ A 10.0.6.97
+ A 10.0.6.98
+ A 10.0.6.99
+ A 10.0.6.100
+ A 10.0.6.101
+ A 10.0.6.102
+ A 10.0.6.103
+ A 10.0.6.104
+ A 10.0.6.105
+ A 10.0.6.106
+ A 10.0.6.107
+ A 10.0.6.108
+ A 10.0.6.109
+ A 10.0.6.110
+ A 10.0.6.111
+ A 10.0.6.112
+ A 10.0.6.113
+ A 10.0.6.114
+ A 10.0.6.115
+ A 10.0.6.116
+ A 10.0.6.117
+ A 10.0.6.118
+ A 10.0.6.119
+ A 10.0.6.120
+ A 10.0.6.121
+ A 10.0.6.122
+ A 10.0.6.123
+ A 10.0.6.124
+ A 10.0.6.125
+ A 10.0.6.126
+ A 10.0.6.127
+ A 10.0.6.128
+ A 10.0.6.129
+ A 10.0.6.130
+ A 10.0.6.131
+ A 10.0.6.132
+ A 10.0.6.133
+ A 10.0.6.134
+ A 10.0.6.135
+ A 10.0.6.136
+ A 10.0.6.137
+ A 10.0.6.138
+ A 10.0.6.139
+ A 10.0.6.140
+ A 10.0.6.141
+ A 10.0.6.142
+ A 10.0.6.143
+ A 10.0.6.144
+ A 10.0.6.145
+ A 10.0.6.146
+ A 10.0.6.147
+ A 10.0.6.148
+ A 10.0.6.149
+ A 10.0.6.150
+ A 10.0.6.151
+ A 10.0.6.152
+ A 10.0.6.153
+ A 10.0.6.154
+ A 10.0.6.155
+ A 10.0.6.156
+ A 10.0.6.157
+ A 10.0.6.158
+ A 10.0.6.159
+ A 10.0.6.160
+ A 10.0.6.161
+ A 10.0.6.162
+ A 10.0.6.163
+ A 10.0.6.164
+ A 10.0.6.165
+ A 10.0.6.166
+ A 10.0.6.167
+ A 10.0.6.168
+ A 10.0.6.169
+ A 10.0.6.170
+ A 10.0.6.171
+ A 10.0.6.172
+ A 10.0.6.173
+ A 10.0.6.174
+ A 10.0.6.175
+ A 10.0.6.176
+ A 10.0.6.177
+ A 10.0.6.178
+ A 10.0.6.179
+ A 10.0.6.180
+ A 10.0.6.181
+ A 10.0.6.182
+ A 10.0.6.183
+ A 10.0.6.184
+ A 10.0.6.185
+ A 10.0.6.186
+ A 10.0.6.187
+ A 10.0.6.188
+ A 10.0.6.189
+ A 10.0.6.190
+ A 10.0.6.191
+ A 10.0.6.192
+ A 10.0.6.193
+ A 10.0.6.194
+ A 10.0.6.195
+ A 10.0.6.196
+ A 10.0.6.197
+ A 10.0.6.198
+ A 10.0.6.199
+ A 10.0.6.200
+ A 10.0.6.201
+ A 10.0.6.202
+ A 10.0.6.203
+ A 10.0.6.204
+ A 10.0.6.205
+ A 10.0.6.206
+ A 10.0.6.207
+ A 10.0.6.208
+ A 10.0.6.209
+ A 10.0.6.210
+ A 10.0.6.211
+ A 10.0.6.212
+ A 10.0.6.213
+ A 10.0.6.214
+ A 10.0.6.215
+ A 10.0.6.216
+ A 10.0.6.217
+ A 10.0.6.218
+ A 10.0.6.219
+ A 10.0.6.220
+ A 10.0.6.221
+ A 10.0.6.222
+ A 10.0.6.223
+ A 10.0.6.224
+ A 10.0.6.225
+ A 10.0.6.226
+ A 10.0.6.227
+ A 10.0.6.228
+ A 10.0.6.229
+ A 10.0.6.230
+ A 10.0.6.231
+ A 10.0.6.232
+ A 10.0.6.233
+ A 10.0.6.234
+ A 10.0.6.235
+ A 10.0.6.236
+ A 10.0.6.237
+ A 10.0.6.238
+ A 10.0.6.239
+ A 10.0.6.240
+ A 10.0.6.241
+ A 10.0.6.242
+ A 10.0.6.243
+ A 10.0.6.244
+ A 10.0.6.245
+ A 10.0.6.246
+ A 10.0.6.247
+ A 10.0.6.248
+ A 10.0.6.249
+ A 10.0.6.250
+ A 10.0.6.251
+ A 10.0.6.252
+ A 10.0.6.253
+ A 10.0.6.254
+ A 10.0.6.255
+ A 10.0.7.0
+ A 10.0.7.1
+ A 10.0.7.2
+ A 10.0.7.3
+ A 10.0.7.4
+ A 10.0.7.5
+ A 10.0.7.6
+ A 10.0.7.7
+ A 10.0.7.8
+ A 10.0.7.9
+ A 10.0.7.10
+ A 10.0.7.11
+ A 10.0.7.12
+ A 10.0.7.13
+ A 10.0.7.14
+ A 10.0.7.15
+ A 10.0.7.16
+ A 10.0.7.17
+ A 10.0.7.18
+ A 10.0.7.19
+ A 10.0.7.20
+ A 10.0.7.21
+ A 10.0.7.22
+ A 10.0.7.23
+ A 10.0.7.24
+ A 10.0.7.25
+ A 10.0.7.26
+ A 10.0.7.27
+ A 10.0.7.28
+ A 10.0.7.29
+ A 10.0.7.30
+ A 10.0.7.31
+ A 10.0.7.32
+ A 10.0.7.33
+ A 10.0.7.34
+ A 10.0.7.35
+ A 10.0.7.36
+ A 10.0.7.37
+ A 10.0.7.38
+ A 10.0.7.39
+ A 10.0.7.40
+ A 10.0.7.41
+ A 10.0.7.42
+ A 10.0.7.43
+ A 10.0.7.44
+ A 10.0.7.45
+ A 10.0.7.46
+ A 10.0.7.47
+ A 10.0.7.48
+ A 10.0.7.49
+ A 10.0.7.50
+ A 10.0.7.51
+ A 10.0.7.52
+ A 10.0.7.53
+ A 10.0.7.54
+ A 10.0.7.55
+ A 10.0.7.56
+ A 10.0.7.57
+ A 10.0.7.58
+ A 10.0.7.59
+ A 10.0.7.60
+ A 10.0.7.61
+ A 10.0.7.62
+ A 10.0.7.63
+ A 10.0.7.64
+ A 10.0.7.65
+ A 10.0.7.66
+ A 10.0.7.67
+ A 10.0.7.68
+ A 10.0.7.69
+ A 10.0.7.70
+ A 10.0.7.71
+ A 10.0.7.72
+ A 10.0.7.73
+ A 10.0.7.74
+ A 10.0.7.75
+ A 10.0.7.76
+ A 10.0.7.77
+ A 10.0.7.78
+ A 10.0.7.79
+ A 10.0.7.80
+ A 10.0.7.81
+ A 10.0.7.82
+ A 10.0.7.83
+ A 10.0.7.84
+ A 10.0.7.85
+ A 10.0.7.86
+ A 10.0.7.87
+ A 10.0.7.88
+ A 10.0.7.89
+ A 10.0.7.90
+ A 10.0.7.91
+ A 10.0.7.92
+ A 10.0.7.93
+ A 10.0.7.94
+ A 10.0.7.95
+ A 10.0.7.96
+ A 10.0.7.97
+ A 10.0.7.98
+ A 10.0.7.99
+ A 10.0.7.100
+ A 10.0.7.101
+ A 10.0.7.102
+ A 10.0.7.103
+ A 10.0.7.104
+ A 10.0.7.105
+ A 10.0.7.106
+ A 10.0.7.107
+ A 10.0.7.108
+ A 10.0.7.109
+ A 10.0.7.110
+ A 10.0.7.111
+ A 10.0.7.112
+ A 10.0.7.113
+ A 10.0.7.114
+ A 10.0.7.115
+ A 10.0.7.116
+ A 10.0.7.117
+ A 10.0.7.118
+ A 10.0.7.119
+ A 10.0.7.120
+ A 10.0.7.121
+ A 10.0.7.122
+ A 10.0.7.123
+ A 10.0.7.124
+ A 10.0.7.125
+ A 10.0.7.126
+ A 10.0.7.127
+ A 10.0.7.128
+ A 10.0.7.129
+ A 10.0.7.130
+ A 10.0.7.131
+ A 10.0.7.132
+ A 10.0.7.133
+ A 10.0.7.134
+ A 10.0.7.135
+ A 10.0.7.136
+ A 10.0.7.137
+ A 10.0.7.138
+ A 10.0.7.139
+ A 10.0.7.140
+ A 10.0.7.141
+ A 10.0.7.142
+ A 10.0.7.143
+ A 10.0.7.144
+ A 10.0.7.145
+ A 10.0.7.146
+ A 10.0.7.147
+ A 10.0.7.148
+ A 10.0.7.149
+ A 10.0.7.150
+ A 10.0.7.151
+ A 10.0.7.152
+ A 10.0.7.153
+ A 10.0.7.154
+ A 10.0.7.155
+ A 10.0.7.156
+ A 10.0.7.157
+ A 10.0.7.158
+ A 10.0.7.159
+ A 10.0.7.160
+ A 10.0.7.161
+ A 10.0.7.162
+ A 10.0.7.163
+ A 10.0.7.164
+ A 10.0.7.165
+ A 10.0.7.166
+ A 10.0.7.167
+ A 10.0.7.168
+ A 10.0.7.169
+ A 10.0.7.170
+ A 10.0.7.171
+ A 10.0.7.172
+ A 10.0.7.173
+ A 10.0.7.174
+ A 10.0.7.175
+ A 10.0.7.176
+ A 10.0.7.177
+ A 10.0.7.178
+ A 10.0.7.179
+ A 10.0.7.180
+ A 10.0.7.181
+ A 10.0.7.182
+ A 10.0.7.183
+ A 10.0.7.184
+ A 10.0.7.185
+ A 10.0.7.186
+ A 10.0.7.187
+ A 10.0.7.188
+ A 10.0.7.189
+ A 10.0.7.190
+ A 10.0.7.191
+ A 10.0.7.192
+ A 10.0.7.193
+ A 10.0.7.194
+ A 10.0.7.195
+ A 10.0.7.196
+ A 10.0.7.197
+ A 10.0.7.198
+ A 10.0.7.199
+ A 10.0.7.200
+ A 10.0.7.201
+ A 10.0.7.202
+ A 10.0.7.203
+ A 10.0.7.204
+ A 10.0.7.205
+ A 10.0.7.206
+ A 10.0.7.207
+ A 10.0.7.208
+ A 10.0.7.209
+ A 10.0.7.210
+ A 10.0.7.211
+ A 10.0.7.212
+ A 10.0.7.213
+ A 10.0.7.214
+ A 10.0.7.215
+ A 10.0.7.216
+ A 10.0.7.217
+ A 10.0.7.218
+ A 10.0.7.219
+ A 10.0.7.220
+ A 10.0.7.221
+ A 10.0.7.222
+ A 10.0.7.223
+ A 10.0.7.224
+ A 10.0.7.225
+ A 10.0.7.226
+ A 10.0.7.227
+ A 10.0.7.228
+ A 10.0.7.229
+ A 10.0.7.230
+ A 10.0.7.231
+ A 10.0.7.232
+ A 10.0.7.233
+ A 10.0.7.234
+ A 10.0.7.235
+ A 10.0.7.236
+ A 10.0.7.237
+ A 10.0.7.238
+ A 10.0.7.239
+ A 10.0.7.240
+ A 10.0.7.241
+ A 10.0.7.242
+ A 10.0.7.243
+ A 10.0.7.244
+ A 10.0.7.245
+ A 10.0.7.246
+ A 10.0.7.247
+ A 10.0.7.248
+ A 10.0.7.249
+ A 10.0.7.250
+ A 10.0.7.251
+ A 10.0.7.252
+ A 10.0.7.253
+ A 10.0.7.254
+ A 10.0.7.255
+ A 10.0.8.0
+ A 10.0.8.1
+ A 10.0.8.2
+ A 10.0.8.3
+ A 10.0.8.4
+ A 10.0.8.5
+ A 10.0.8.6
+ A 10.0.8.7
+ A 10.0.8.8
+ A 10.0.8.9
+ A 10.0.8.10
+ A 10.0.8.11
+ A 10.0.8.12
+ A 10.0.8.13
+ A 10.0.8.14
+ A 10.0.8.15
+ A 10.0.8.16
+ A 10.0.8.17
+ A 10.0.8.18
+ A 10.0.8.19
+ A 10.0.8.20
+ A 10.0.8.21
+ A 10.0.8.22
+ A 10.0.8.23
+ A 10.0.8.24
+ A 10.0.8.25
+ A 10.0.8.26
+ A 10.0.8.27
+ A 10.0.8.28
+ A 10.0.8.29
+ A 10.0.8.30
+ A 10.0.8.31
+ A 10.0.8.32
+ A 10.0.8.33
+ A 10.0.8.34
+ A 10.0.8.35
+ A 10.0.8.36
+ A 10.0.8.37
+ A 10.0.8.38
+ A 10.0.8.39
+ A 10.0.8.40
+ A 10.0.8.41
+ A 10.0.8.42
+ A 10.0.8.43
+ A 10.0.8.44
+ A 10.0.8.45
+ A 10.0.8.46
+ A 10.0.8.47
+ A 10.0.8.48
+ A 10.0.8.49
+ A 10.0.8.50
+ A 10.0.8.51
+ A 10.0.8.52
+ A 10.0.8.53
+ A 10.0.8.54
+ A 10.0.8.55
+ A 10.0.8.56
+ A 10.0.8.57
+ A 10.0.8.58
+ A 10.0.8.59
+ A 10.0.8.60
+ A 10.0.8.61
+ A 10.0.8.62
+ A 10.0.8.63
+ A 10.0.8.64
+ A 10.0.8.65
+ A 10.0.8.66
+ A 10.0.8.67
+ A 10.0.8.68
+ A 10.0.8.69
+ A 10.0.8.70
+ A 10.0.8.71
+ A 10.0.8.72
+ A 10.0.8.73
+ A 10.0.8.74
+ A 10.0.8.75
+ A 10.0.8.76
+ A 10.0.8.77
+ A 10.0.8.78
+ A 10.0.8.79
+ A 10.0.8.80
+ A 10.0.8.81
+ A 10.0.8.82
+ A 10.0.8.83
+ A 10.0.8.84
+ A 10.0.8.85
+ A 10.0.8.86
+ A 10.0.8.87
+ A 10.0.8.88
+ A 10.0.8.89
+ A 10.0.8.90
+ A 10.0.8.91
+ A 10.0.8.92
+ A 10.0.8.93
+ A 10.0.8.94
+ A 10.0.8.95
+ A 10.0.8.96
+ A 10.0.8.97
+ A 10.0.8.98
+ A 10.0.8.99
+ A 10.0.8.100
+ A 10.0.8.101
+ A 10.0.8.102
+ A 10.0.8.103
+ A 10.0.8.104
+ A 10.0.8.105
+ A 10.0.8.106
+ A 10.0.8.107
+ A 10.0.8.108
+ A 10.0.8.109
+ A 10.0.8.110
+ A 10.0.8.111
+ A 10.0.8.112
+ A 10.0.8.113
+ A 10.0.8.114
+ A 10.0.8.115
+ A 10.0.8.116
+ A 10.0.8.117
+ A 10.0.8.118
+ A 10.0.8.119
+ A 10.0.8.120
+ A 10.0.8.121
+ A 10.0.8.122
+ A 10.0.8.123
+ A 10.0.8.124
+ A 10.0.8.125
+ A 10.0.8.126
+ A 10.0.8.127
+ A 10.0.8.128
+ A 10.0.8.129
+ A 10.0.8.130
+ A 10.0.8.131
+ A 10.0.8.132
+ A 10.0.8.133
+ A 10.0.8.134
+ A 10.0.8.135
+ A 10.0.8.136
+ A 10.0.8.137
+ A 10.0.8.138
+ A 10.0.8.139
+ A 10.0.8.140
+ A 10.0.8.141
+ A 10.0.8.142
+ A 10.0.8.143
+ A 10.0.8.144
+ A 10.0.8.145
+ A 10.0.8.146
+ A 10.0.8.147
+ A 10.0.8.148
+ A 10.0.8.149
+ A 10.0.8.150
+ A 10.0.8.151
+ A 10.0.8.152
+ A 10.0.8.153
+ A 10.0.8.154
+ A 10.0.8.155
+ A 10.0.8.156
+ A 10.0.8.157
+ A 10.0.8.158
+ A 10.0.8.159
+ A 10.0.8.160
+ A 10.0.8.161
+ A 10.0.8.162
+ A 10.0.8.163
+ A 10.0.8.164
+ A 10.0.8.165
+ A 10.0.8.166
+ A 10.0.8.167
+ A 10.0.8.168
+ A 10.0.8.169
+ A 10.0.8.170
+ A 10.0.8.171
+ A 10.0.8.172
+ A 10.0.8.173
+ A 10.0.8.174
+ A 10.0.8.175
+ A 10.0.8.176
+ A 10.0.8.177
+ A 10.0.8.178
+ A 10.0.8.179
+ A 10.0.8.180
+ A 10.0.8.181
+ A 10.0.8.182
+ A 10.0.8.183
+ A 10.0.8.184
+ A 10.0.8.185
+ A 10.0.8.186
+ A 10.0.8.187
+ A 10.0.8.188
+ A 10.0.8.189
+ A 10.0.8.190
+ A 10.0.8.191
+ A 10.0.8.192
+ A 10.0.8.193
+ A 10.0.8.194
+ A 10.0.8.195
+ A 10.0.8.196
+ A 10.0.8.197
+ A 10.0.8.198
+ A 10.0.8.199
+ A 10.0.8.200
+ A 10.0.8.201
+ A 10.0.8.202
+ A 10.0.8.203
+ A 10.0.8.204
+ A 10.0.8.205
+ A 10.0.8.206
+ A 10.0.8.207
+ A 10.0.8.208
+ A 10.0.8.209
+ A 10.0.8.210
+ A 10.0.8.211
+ A 10.0.8.212
+ A 10.0.8.213
+ A 10.0.8.214
+ A 10.0.8.215
+ A 10.0.8.216
+ A 10.0.8.217
+ A 10.0.8.218
+ A 10.0.8.219
+ A 10.0.8.220
+ A 10.0.8.221
+ A 10.0.8.222
+ A 10.0.8.223
+ A 10.0.8.224
+ A 10.0.8.225
+ A 10.0.8.226
+ A 10.0.8.227
+ A 10.0.8.228
+ A 10.0.8.229
+ A 10.0.8.230
+ A 10.0.8.231
+ A 10.0.8.232
+ A 10.0.8.233
+ A 10.0.8.234
+ A 10.0.8.235
+ A 10.0.8.236
+ A 10.0.8.237
+ A 10.0.8.238
+ A 10.0.8.239
+ A 10.0.8.240
+ A 10.0.8.241
+ A 10.0.8.242
+ A 10.0.8.243
+ A 10.0.8.244
+ A 10.0.8.245
+ A 10.0.8.246
+ A 10.0.8.247
+ A 10.0.8.248
+ A 10.0.8.249
+ A 10.0.8.250
+ A 10.0.8.251
+ A 10.0.8.252
+ A 10.0.8.253
+ A 10.0.8.254
+ A 10.0.8.255
+ A 10.0.9.0
+ A 10.0.9.1
+ A 10.0.9.2
+ A 10.0.9.3
+ A 10.0.9.4
+ A 10.0.9.5
+ A 10.0.9.6
+ A 10.0.9.7
+ A 10.0.9.8
+ A 10.0.9.9
+ A 10.0.9.10
+ A 10.0.9.11
+ A 10.0.9.12
+ A 10.0.9.13
+ A 10.0.9.14
+ A 10.0.9.15
+ A 10.0.9.16
+ A 10.0.9.17
+ A 10.0.9.18
+ A 10.0.9.19
+ A 10.0.9.20
+ A 10.0.9.21
+ A 10.0.9.22
+ A 10.0.9.23
+ A 10.0.9.24
+ A 10.0.9.25
+ A 10.0.9.26
+ A 10.0.9.27
+ A 10.0.9.28
+ A 10.0.9.29
+ A 10.0.9.30
+ A 10.0.9.31
+ A 10.0.9.32
+ A 10.0.9.33
+ A 10.0.9.34
+ A 10.0.9.35
+ A 10.0.9.36
+ A 10.0.9.37
+ A 10.0.9.38
+ A 10.0.9.39
+ A 10.0.9.40
+ A 10.0.9.41
+ A 10.0.9.42
+ A 10.0.9.43
+ A 10.0.9.44
+ A 10.0.9.45
+ A 10.0.9.46
+ A 10.0.9.47
+ A 10.0.9.48
+ A 10.0.9.49
+ A 10.0.9.50
+ A 10.0.9.51
+ A 10.0.9.52
+ A 10.0.9.53
+ A 10.0.9.54
+ A 10.0.9.55
+ A 10.0.9.56
+ A 10.0.9.57
+ A 10.0.9.58
+ A 10.0.9.59
+ A 10.0.9.60
+ A 10.0.9.61
+ A 10.0.9.62
+ A 10.0.9.63
+ A 10.0.9.64
+ A 10.0.9.65
+ A 10.0.9.66
+ A 10.0.9.67
+ A 10.0.9.68
+ A 10.0.9.69
+ A 10.0.9.70
+ A 10.0.9.71
+ A 10.0.9.72
+ A 10.0.9.73
+ A 10.0.9.74
+ A 10.0.9.75
+ A 10.0.9.76
+ A 10.0.9.77
+ A 10.0.9.78
+ A 10.0.9.79
+ A 10.0.9.80
+ A 10.0.9.81
+ A 10.0.9.82
+ A 10.0.9.83
+ A 10.0.9.84
+ A 10.0.9.85
+ A 10.0.9.86
+ A 10.0.9.87
+ A 10.0.9.88
+ A 10.0.9.89
+ A 10.0.9.90
+ A 10.0.9.91
+ A 10.0.9.92
+ A 10.0.9.93
+ A 10.0.9.94
+ A 10.0.9.95
+ A 10.0.9.96
+ A 10.0.9.97
+ A 10.0.9.98
+ A 10.0.9.99
+ A 10.0.9.100
+ A 10.0.9.101
+ A 10.0.9.102
+ A 10.0.9.103
+ A 10.0.9.104
+ A 10.0.9.105
+ A 10.0.9.106
+ A 10.0.9.107
+ A 10.0.9.108
+ A 10.0.9.109
+ A 10.0.9.110
+ A 10.0.9.111
+ A 10.0.9.112
+ A 10.0.9.113
+ A 10.0.9.114
+ A 10.0.9.115
+ A 10.0.9.116
+ A 10.0.9.117
+ A 10.0.9.118
+ A 10.0.9.119
+ A 10.0.9.120
+ A 10.0.9.121
+ A 10.0.9.122
+ A 10.0.9.123
+ A 10.0.9.124
+ A 10.0.9.125
+ A 10.0.9.126
+ A 10.0.9.127
+ A 10.0.9.128
+ A 10.0.9.129
+ A 10.0.9.130
+ A 10.0.9.131
+ A 10.0.9.132
+ A 10.0.9.133
+ A 10.0.9.134
+ A 10.0.9.135
+ A 10.0.9.136
+ A 10.0.9.137
+ A 10.0.9.138
+ A 10.0.9.139
+ A 10.0.9.140
+ A 10.0.9.141
+ A 10.0.9.142
+ A 10.0.9.143
+ A 10.0.9.144
+ A 10.0.9.145
+ A 10.0.9.146
+ A 10.0.9.147
+ A 10.0.9.148
+ A 10.0.9.149
+ A 10.0.9.150
+ A 10.0.9.151
+ A 10.0.9.152
+ A 10.0.9.153
+ A 10.0.9.154
+ A 10.0.9.155
+ A 10.0.9.156
+ A 10.0.9.157
+ A 10.0.9.158
+ A 10.0.9.159
+ A 10.0.9.160
+ A 10.0.9.161
+ A 10.0.9.162
+ A 10.0.9.163
+ A 10.0.9.164
+ A 10.0.9.165
+ A 10.0.9.166
+ A 10.0.9.167
+ A 10.0.9.168
+ A 10.0.9.169
+ A 10.0.9.170
+ A 10.0.9.171
+ A 10.0.9.172
+ A 10.0.9.173
+ A 10.0.9.174
+ A 10.0.9.175
+ A 10.0.9.176
+ A 10.0.9.177
+ A 10.0.9.178
+ A 10.0.9.179
+ A 10.0.9.180
+ A 10.0.9.181
+ A 10.0.9.182
+ A 10.0.9.183
+ A 10.0.9.184
+ A 10.0.9.185
+ A 10.0.9.186
+ A 10.0.9.187
+ A 10.0.9.188
+ A 10.0.9.189
+ A 10.0.9.190
+ A 10.0.9.191
+ A 10.0.9.192
+ A 10.0.9.193
+ A 10.0.9.194
+ A 10.0.9.195
+ A 10.0.9.196
+ A 10.0.9.197
+ A 10.0.9.198
+ A 10.0.9.199
+ A 10.0.9.200
+ A 10.0.9.201
+ A 10.0.9.202
+ A 10.0.9.203
+ A 10.0.9.204
+ A 10.0.9.205
+ A 10.0.9.206
+ A 10.0.9.207
+ A 10.0.9.208
+ A 10.0.9.209
+ A 10.0.9.210
+ A 10.0.9.211
+ A 10.0.9.212
+ A 10.0.9.213
+ A 10.0.9.214
+ A 10.0.9.215
+ A 10.0.9.216
+ A 10.0.9.217
+ A 10.0.9.218
+ A 10.0.9.219
+ A 10.0.9.220
+ A 10.0.9.221
+ A 10.0.9.222
+ A 10.0.9.223
+ A 10.0.9.224
+ A 10.0.9.225
+ A 10.0.9.226
+ A 10.0.9.227
+ A 10.0.9.228
+ A 10.0.9.229
+ A 10.0.9.230
+ A 10.0.9.231
+ A 10.0.9.232
+ A 10.0.9.233
+ A 10.0.9.234
+ A 10.0.9.235
+ A 10.0.9.236
+ A 10.0.9.237
+ A 10.0.9.238
+ A 10.0.9.239
+ A 10.0.9.240
+ A 10.0.9.241
+ A 10.0.9.242
+ A 10.0.9.243
+ A 10.0.9.244
+ A 10.0.9.245
+ A 10.0.9.246
+ A 10.0.9.247
+ A 10.0.9.248
+ A 10.0.9.249
+ A 10.0.9.250
+ A 10.0.9.251
+ A 10.0.9.252
+ A 10.0.9.253
+ A 10.0.9.254
+ A 10.0.9.255
+ A 10.0.10.0
+ A 10.0.10.1
+ A 10.0.10.2
+ A 10.0.10.3
+ A 10.0.10.4
+ A 10.0.10.5
+ A 10.0.10.6
+ A 10.0.10.7
+ A 10.0.10.8
+ A 10.0.10.9
+ A 10.0.10.10
+ A 10.0.10.11
+ A 10.0.10.12
+ A 10.0.10.13
+ A 10.0.10.14
+ A 10.0.10.15
+ A 10.0.10.16
+ A 10.0.10.17
+ A 10.0.10.18
+ A 10.0.10.19
+ A 10.0.10.20
+ A 10.0.10.21
+ A 10.0.10.22
+ A 10.0.10.23
+ A 10.0.10.24
+ A 10.0.10.25
+ A 10.0.10.26
+ A 10.0.10.27
+ A 10.0.10.28
+ A 10.0.10.29
+ A 10.0.10.30
+ A 10.0.10.31
+ A 10.0.10.32
+ A 10.0.10.33
+ A 10.0.10.34
+ A 10.0.10.35
+ A 10.0.10.36
+ A 10.0.10.37
+ A 10.0.10.38
+ A 10.0.10.39
+ A 10.0.10.40
+ A 10.0.10.41
+ A 10.0.10.42
+ A 10.0.10.43
+ A 10.0.10.44
+ A 10.0.10.45
+ A 10.0.10.46
+ A 10.0.10.47
+ A 10.0.10.48
+ A 10.0.10.49
+ A 10.0.10.50
+ A 10.0.10.51
+ A 10.0.10.52
+ A 10.0.10.53
+ A 10.0.10.54
+ A 10.0.10.55
+ A 10.0.10.56
+ A 10.0.10.57
+ A 10.0.10.58
+ A 10.0.10.59
+ A 10.0.10.60
+ A 10.0.10.61
+ A 10.0.10.62
+ A 10.0.10.63
+ A 10.0.10.64
+ A 10.0.10.65
+ A 10.0.10.66
+ A 10.0.10.67
+ A 10.0.10.68
+ A 10.0.10.69
+ A 10.0.10.70
+ A 10.0.10.71
+ A 10.0.10.72
+ A 10.0.10.73
+ A 10.0.10.74
+ A 10.0.10.75
+ A 10.0.10.76
+ A 10.0.10.77
+ A 10.0.10.78
+ A 10.0.10.79
+ A 10.0.10.80
+ A 10.0.10.81
+ A 10.0.10.82
+ A 10.0.10.83
+ A 10.0.10.84
+ A 10.0.10.85
+ A 10.0.10.86
+ A 10.0.10.87
+ A 10.0.10.88
+ A 10.0.10.89
+ A 10.0.10.90
+ A 10.0.10.91
+ A 10.0.10.92
+ A 10.0.10.93
+ A 10.0.10.94
+ A 10.0.10.95
+ A 10.0.10.96
+ A 10.0.10.97
+ A 10.0.10.98
+ A 10.0.10.99
+ A 10.0.10.100
+ A 10.0.10.101
+ A 10.0.10.102
+ A 10.0.10.103
+ A 10.0.10.104
+ A 10.0.10.105
+ A 10.0.10.106
+ A 10.0.10.107
+ A 10.0.10.108
+ A 10.0.10.109
+ A 10.0.10.110
+ A 10.0.10.111
+ A 10.0.10.112
+ A 10.0.10.113
+ A 10.0.10.114
+ A 10.0.10.115
+ A 10.0.10.116
+ A 10.0.10.117
+ A 10.0.10.118
+ A 10.0.10.119
+ A 10.0.10.120
+ A 10.0.10.121
+ A 10.0.10.122
+ A 10.0.10.123
+ A 10.0.10.124
+ A 10.0.10.125
+ A 10.0.10.126
+ A 10.0.10.127
+ A 10.0.10.128
+ A 10.0.10.129
+ A 10.0.10.130
+ A 10.0.10.131
+ A 10.0.10.132
+ A 10.0.10.133
+ A 10.0.10.134
+ A 10.0.10.135
+ A 10.0.10.136
+ A 10.0.10.137
+ A 10.0.10.138
+ A 10.0.10.139
+ A 10.0.10.140
+ A 10.0.10.141
+ A 10.0.10.142
+ A 10.0.10.143
+ A 10.0.10.144
+ A 10.0.10.145
+ A 10.0.10.146
+ A 10.0.10.147
+ A 10.0.10.148
+ A 10.0.10.149
+ A 10.0.10.150
+ A 10.0.10.151
+ A 10.0.10.152
+ A 10.0.10.153
+ A 10.0.10.154
+ A 10.0.10.155
+ A 10.0.10.156
+ A 10.0.10.157
+ A 10.0.10.158
+ A 10.0.10.159
+ A 10.0.10.160
+ A 10.0.10.161
+ A 10.0.10.162
+ A 10.0.10.163
+ A 10.0.10.164
+ A 10.0.10.165
+ A 10.0.10.166
+ A 10.0.10.167
+ A 10.0.10.168
+ A 10.0.10.169
+ A 10.0.10.170
+ A 10.0.10.171
+ A 10.0.10.172
+ A 10.0.10.173
+ A 10.0.10.174
+ A 10.0.10.175
+ A 10.0.10.176
+ A 10.0.10.177
+ A 10.0.10.178
+ A 10.0.10.179
+ A 10.0.10.180
+ A 10.0.10.181
+ A 10.0.10.182
+ A 10.0.10.183
+ A 10.0.10.184
+ A 10.0.10.185
+ A 10.0.10.186
+ A 10.0.10.187
+ A 10.0.10.188
+ A 10.0.10.189
+ A 10.0.10.190
+ A 10.0.10.191
+ A 10.0.10.192
+ A 10.0.10.193
+ A 10.0.10.194
+ A 10.0.10.195
+ A 10.0.10.196
+ A 10.0.10.197
+ A 10.0.10.198
+ A 10.0.10.199
+ A 10.0.10.200
+ A 10.0.10.201
+ A 10.0.10.202
+ A 10.0.10.203
+ A 10.0.10.204
+ A 10.0.10.205
+ A 10.0.10.206
+ A 10.0.10.207
+ A 10.0.10.208
+ A 10.0.10.209
+ A 10.0.10.210
+ A 10.0.10.211
+ A 10.0.10.212
+ A 10.0.10.213
+ A 10.0.10.214
+ A 10.0.10.215
+ A 10.0.10.216
+ A 10.0.10.217
+ A 10.0.10.218
+ A 10.0.10.219
+ A 10.0.10.220
+ A 10.0.10.221
+ A 10.0.10.222
+ A 10.0.10.223
+ A 10.0.10.224
+ A 10.0.10.225
+ A 10.0.10.226
+ A 10.0.10.227
+ A 10.0.10.228
+ A 10.0.10.229
+ A 10.0.10.230
+ A 10.0.10.231
+ A 10.0.10.232
+ A 10.0.10.233
+ A 10.0.10.234
+ A 10.0.10.235
+ A 10.0.10.236
+ A 10.0.10.237
+ A 10.0.10.238
+ A 10.0.10.239
+ A 10.0.10.240
+ A 10.0.10.241
+ A 10.0.10.242
+ A 10.0.10.243
+ A 10.0.10.244
+ A 10.0.10.245
+ A 10.0.10.246
+ A 10.0.10.247
+ A 10.0.10.248
+ A 10.0.10.249
+ A 10.0.10.250
+ A 10.0.10.251
+ A 10.0.10.252
+ A 10.0.10.253
+ A 10.0.10.254
+ A 10.0.10.255
+ A 10.0.11.0
+ A 10.0.11.1
+ A 10.0.11.2
+ A 10.0.11.3
+ A 10.0.11.4
+ A 10.0.11.5
+ A 10.0.11.6
+ A 10.0.11.7
+ A 10.0.11.8
+ A 10.0.11.9
+ A 10.0.11.10
+ A 10.0.11.11
+ A 10.0.11.12
+ A 10.0.11.13
+ A 10.0.11.14
+ A 10.0.11.15
+ A 10.0.11.16
+ A 10.0.11.17
+ A 10.0.11.18
+ A 10.0.11.19
+ A 10.0.11.20
+ A 10.0.11.21
+ A 10.0.11.22
+ A 10.0.11.23
+ A 10.0.11.24
+ A 10.0.11.25
+ A 10.0.11.26
+ A 10.0.11.27
+ A 10.0.11.28
+ A 10.0.11.29
+ A 10.0.11.30
+ A 10.0.11.31
+ A 10.0.11.32
+ A 10.0.11.33
+ A 10.0.11.34
+ A 10.0.11.35
+ A 10.0.11.36
+ A 10.0.11.37
+ A 10.0.11.38
+ A 10.0.11.39
+ A 10.0.11.40
+ A 10.0.11.41
+ A 10.0.11.42
+ A 10.0.11.43
+ A 10.0.11.44
+ A 10.0.11.45
+ A 10.0.11.46
+ A 10.0.11.47
+ A 10.0.11.48
+ A 10.0.11.49
+ A 10.0.11.50
+ A 10.0.11.51
+ A 10.0.11.52
+ A 10.0.11.53
+ A 10.0.11.54
+ A 10.0.11.55
+ A 10.0.11.56
+ A 10.0.11.57
+ A 10.0.11.58
+ A 10.0.11.59
+ A 10.0.11.60
+ A 10.0.11.61
+ A 10.0.11.62
+ A 10.0.11.63
+ A 10.0.11.64
+ A 10.0.11.65
+ A 10.0.11.66
+ A 10.0.11.67
+ A 10.0.11.68
+ A 10.0.11.69
+ A 10.0.11.70
+ A 10.0.11.71
+ A 10.0.11.72
+ A 10.0.11.73
+ A 10.0.11.74
+ A 10.0.11.75
+ A 10.0.11.76
+ A 10.0.11.77
+ A 10.0.11.78
+ A 10.0.11.79
+ A 10.0.11.80
+ A 10.0.11.81
+ A 10.0.11.82
+ A 10.0.11.83
+ A 10.0.11.84
+ A 10.0.11.85
+ A 10.0.11.86
+ A 10.0.11.87
+ A 10.0.11.88
+ A 10.0.11.89
+ A 10.0.11.90
+ A 10.0.11.91
+ A 10.0.11.92
+ A 10.0.11.93
+ A 10.0.11.94
+ A 10.0.11.95
+ A 10.0.11.96
+ A 10.0.11.97
+ A 10.0.11.98
+ A 10.0.11.99
+ A 10.0.11.100
+ A 10.0.11.101
+ A 10.0.11.102
+ A 10.0.11.103
+ A 10.0.11.104
+ A 10.0.11.105
+ A 10.0.11.106
+ A 10.0.11.107
+ A 10.0.11.108
+ A 10.0.11.109
+ A 10.0.11.110
+ A 10.0.11.111
+ A 10.0.11.112
+ A 10.0.11.113
+ A 10.0.11.114
+ A 10.0.11.115
+ A 10.0.11.116
+ A 10.0.11.117
+ A 10.0.11.118
+ A 10.0.11.119
+ A 10.0.11.120
+ A 10.0.11.121
+ A 10.0.11.122
+ A 10.0.11.123
+ A 10.0.11.124
+ A 10.0.11.125
+ A 10.0.11.126
+ A 10.0.11.127
+ A 10.0.11.128
+ A 10.0.11.129
+ A 10.0.11.130
+ A 10.0.11.131
+ A 10.0.11.132
+ A 10.0.11.133
+ A 10.0.11.134
+ A 10.0.11.135
+ A 10.0.11.136
+ A 10.0.11.137
+ A 10.0.11.138
+ A 10.0.11.139
+ A 10.0.11.140
+ A 10.0.11.141
+ A 10.0.11.142
+ A 10.0.11.143
+ A 10.0.11.144
+ A 10.0.11.145
+ A 10.0.11.146
+ A 10.0.11.147
+ A 10.0.11.148
+ A 10.0.11.149
+ A 10.0.11.150
+ A 10.0.11.151
+ A 10.0.11.152
+ A 10.0.11.153
+ A 10.0.11.154
+ A 10.0.11.155
+ A 10.0.11.156
+ A 10.0.11.157
+ A 10.0.11.158
+ A 10.0.11.159
+ A 10.0.11.160
+ A 10.0.11.161
+ A 10.0.11.162
+ A 10.0.11.163
+ A 10.0.11.164
+ A 10.0.11.165
+ A 10.0.11.166
+ A 10.0.11.167
+ A 10.0.11.168
+ A 10.0.11.169
+ A 10.0.11.170
+ A 10.0.11.171
+ A 10.0.11.172
+ A 10.0.11.173
+ A 10.0.11.174
+ A 10.0.11.175
+ A 10.0.11.176
+ A 10.0.11.177
+ A 10.0.11.178
+ A 10.0.11.179
+ A 10.0.11.180
+ A 10.0.11.181
+ A 10.0.11.182
+ A 10.0.11.183
+ A 10.0.11.184
+ A 10.0.11.185
+ A 10.0.11.186
+ A 10.0.11.187
+ A 10.0.11.188
+ A 10.0.11.189
+ A 10.0.11.190
+ A 10.0.11.191
+ A 10.0.11.192
+ A 10.0.11.193
+ A 10.0.11.194
+ A 10.0.11.195
+ A 10.0.11.196
+ A 10.0.11.197
+ A 10.0.11.198
+ A 10.0.11.199
+ A 10.0.11.200
+ A 10.0.11.201
+ A 10.0.11.202
+ A 10.0.11.203
+ A 10.0.11.204
+ A 10.0.11.205
+ A 10.0.11.206
+ A 10.0.11.207
+ A 10.0.11.208
+ A 10.0.11.209
+ A 10.0.11.210
+ A 10.0.11.211
+ A 10.0.11.212
+ A 10.0.11.213
+ A 10.0.11.214
+ A 10.0.11.215
+ A 10.0.11.216
+ A 10.0.11.217
+ A 10.0.11.218
+ A 10.0.11.219
+ A 10.0.11.220
+ A 10.0.11.221
+ A 10.0.11.222
+ A 10.0.11.223
+ A 10.0.11.224
+ A 10.0.11.225
+ A 10.0.11.226
+ A 10.0.11.227
+ A 10.0.11.228
+ A 10.0.11.229
+ A 10.0.11.230
+ A 10.0.11.231
+ A 10.0.11.232
+ A 10.0.11.233
+ A 10.0.11.234
+ A 10.0.11.235
+ A 10.0.11.236
+ A 10.0.11.237
+ A 10.0.11.238
+ A 10.0.11.239
+ A 10.0.11.240
+ A 10.0.11.241
+ A 10.0.11.242
+ A 10.0.11.243
+ A 10.0.11.244
+ A 10.0.11.245
+ A 10.0.11.246
+ A 10.0.11.247
+ A 10.0.11.248
+ A 10.0.11.249
+ A 10.0.11.250
+ A 10.0.11.251
+ A 10.0.11.252
+ A 10.0.11.253
+ A 10.0.11.254
+ A 10.0.11.255
+ A 10.0.12.0
+ A 10.0.12.1
+ A 10.0.12.2
+ A 10.0.12.3
+ A 10.0.12.4
+ A 10.0.12.5
+ A 10.0.12.6
+ A 10.0.12.7
+ A 10.0.12.8
+ A 10.0.12.9
+ A 10.0.12.10
+ A 10.0.12.11
+ A 10.0.12.12
+ A 10.0.12.13
+ A 10.0.12.14
+ A 10.0.12.15
+ A 10.0.12.16
+ A 10.0.12.17
+ A 10.0.12.18
+ A 10.0.12.19
+ A 10.0.12.20
+ A 10.0.12.21
+ A 10.0.12.22
+ A 10.0.12.23
+ A 10.0.12.24
+ A 10.0.12.25
+ A 10.0.12.26
+ A 10.0.12.27
+ A 10.0.12.28
+ A 10.0.12.29
+ A 10.0.12.30
+ A 10.0.12.31
+ A 10.0.12.32
+ A 10.0.12.33
+ A 10.0.12.34
+ A 10.0.12.35
+ A 10.0.12.36
+ A 10.0.12.37
+ A 10.0.12.38
+ A 10.0.12.39
+ A 10.0.12.40
+ A 10.0.12.41
+ A 10.0.12.42
+ A 10.0.12.43
+ A 10.0.12.44
+ A 10.0.12.45
+ A 10.0.12.46
+ A 10.0.12.47
+ A 10.0.12.48
+ A 10.0.12.49
+ A 10.0.12.50
+ A 10.0.12.51
+ A 10.0.12.52
+ A 10.0.12.53
+ A 10.0.12.54
+ A 10.0.12.55
+ A 10.0.12.56
+ A 10.0.12.57
+ A 10.0.12.58
+ A 10.0.12.59
+ A 10.0.12.60
+ A 10.0.12.61
+ A 10.0.12.62
+ A 10.0.12.63
+ A 10.0.12.64
+ A 10.0.12.65
+ A 10.0.12.66
+ A 10.0.12.67
+ A 10.0.12.68
+ A 10.0.12.69
+ A 10.0.12.70
+ A 10.0.12.71
+ A 10.0.12.72
+ A 10.0.12.73
+ A 10.0.12.74
+ A 10.0.12.75
+ A 10.0.12.76
+ A 10.0.12.77
+ A 10.0.12.78
+ A 10.0.12.79
+ A 10.0.12.80
+ A 10.0.12.81
+ A 10.0.12.82
+ A 10.0.12.83
+ A 10.0.12.84
+ A 10.0.12.85
+ A 10.0.12.86
+ A 10.0.12.87
+ A 10.0.12.88
+ A 10.0.12.89
+ A 10.0.12.90
+ A 10.0.12.91
+ A 10.0.12.92
+ A 10.0.12.93
+ A 10.0.12.94
+ A 10.0.12.95
+ A 10.0.12.96
+ A 10.0.12.97
+ A 10.0.12.98
+ A 10.0.12.99
+ A 10.0.12.100
+ A 10.0.12.101
+ A 10.0.12.102
+ A 10.0.12.103
+ A 10.0.12.104
+ A 10.0.12.105
+ A 10.0.12.106
+ A 10.0.12.107
+ A 10.0.12.108
+ A 10.0.12.109
+ A 10.0.12.110
+ A 10.0.12.111
+ A 10.0.12.112
+ A 10.0.12.113
+ A 10.0.12.114
+ A 10.0.12.115
+ A 10.0.12.116
+ A 10.0.12.117
+ A 10.0.12.118
+ A 10.0.12.119
+ A 10.0.12.120
+ A 10.0.12.121
+ A 10.0.12.122
+ A 10.0.12.123
+ A 10.0.12.124
+ A 10.0.12.125
+ A 10.0.12.126
+ A 10.0.12.127
+ A 10.0.12.128
+ A 10.0.12.129
+ A 10.0.12.130
+ A 10.0.12.131
+ A 10.0.12.132
+ A 10.0.12.133
+ A 10.0.12.134
+ A 10.0.12.135
+ A 10.0.12.136
+ A 10.0.12.137
+ A 10.0.12.138
+ A 10.0.12.139
+ A 10.0.12.140
+ A 10.0.12.141
+ A 10.0.12.142
+ A 10.0.12.143
+ A 10.0.12.144
+ A 10.0.12.145
+ A 10.0.12.146
+ A 10.0.12.147
+ A 10.0.12.148
+ A 10.0.12.149
+ A 10.0.12.150
+ A 10.0.12.151
+ A 10.0.12.152
+ A 10.0.12.153
+ A 10.0.12.154
+ A 10.0.12.155
+ A 10.0.12.156
+ A 10.0.12.157
+ A 10.0.12.158
+ A 10.0.12.159
+ A 10.0.12.160
+ A 10.0.12.161
+ A 10.0.12.162
+ A 10.0.12.163
+ A 10.0.12.164
+ A 10.0.12.165
+ A 10.0.12.166
+ A 10.0.12.167
+ A 10.0.12.168
+ A 10.0.12.169
+ A 10.0.12.170
+ A 10.0.12.171
+ A 10.0.12.172
+ A 10.0.12.173
+ A 10.0.12.174
+ A 10.0.12.175
+ A 10.0.12.176
+ A 10.0.12.177
+ A 10.0.12.178
+ A 10.0.12.179
+ A 10.0.12.180
+ A 10.0.12.181
+ A 10.0.12.182
+ A 10.0.12.183
+ A 10.0.12.184
+ A 10.0.12.185
+ A 10.0.12.186
+ A 10.0.12.187
+ A 10.0.12.188
+ A 10.0.12.189
+ A 10.0.12.190
+ A 10.0.12.191
+ A 10.0.12.192
+ A 10.0.12.193
+ A 10.0.12.194
+ A 10.0.12.195
+ A 10.0.12.196
+ A 10.0.12.197
+ A 10.0.12.198
+ A 10.0.12.199
+ A 10.0.12.200
+ A 10.0.12.201
+ A 10.0.12.202
+ A 10.0.12.203
+ A 10.0.12.204
+ A 10.0.12.205
+ A 10.0.12.206
+ A 10.0.12.207
+ A 10.0.12.208
+ A 10.0.12.209
+ A 10.0.12.210
+ A 10.0.12.211
+ A 10.0.12.212
+ A 10.0.12.213
+ A 10.0.12.214
+ A 10.0.12.215
+ A 10.0.12.216
+ A 10.0.12.217
+ A 10.0.12.218
+ A 10.0.12.219
+ A 10.0.12.220
+ A 10.0.12.221
+ A 10.0.12.222
+ A 10.0.12.223
+ A 10.0.12.224
+ A 10.0.12.225
+ A 10.0.12.226
+ A 10.0.12.227
+ A 10.0.12.228
+ A 10.0.12.229
+ A 10.0.12.230
+ A 10.0.12.231
+ A 10.0.12.232
+ A 10.0.12.233
+ A 10.0.12.234
+ A 10.0.12.235
+ A 10.0.12.236
+ A 10.0.12.237
+ A 10.0.12.238
+ A 10.0.12.239
+ A 10.0.12.240
+ A 10.0.12.241
+ A 10.0.12.242
+ A 10.0.12.243
+ A 10.0.12.244
+ A 10.0.12.245
+ A 10.0.12.246
+ A 10.0.12.247
+ A 10.0.12.248
+ A 10.0.12.249
+ A 10.0.12.250
+ A 10.0.12.251
+ A 10.0.12.252
+ A 10.0.12.253
+ A 10.0.12.254
+ A 10.0.12.255
+ A 10.0.13.0
+ A 10.0.13.1
+ A 10.0.13.2
+ A 10.0.13.3
+ A 10.0.13.4
+ A 10.0.13.5
+ A 10.0.13.6
+ A 10.0.13.7
+ A 10.0.13.8
+ A 10.0.13.9
+ A 10.0.13.10
+ A 10.0.13.11
+ A 10.0.13.12
+ A 10.0.13.13
+ A 10.0.13.14
+ A 10.0.13.15
+ A 10.0.13.16
+ A 10.0.13.17
+ A 10.0.13.18
+ A 10.0.13.19
+ A 10.0.13.20
+ A 10.0.13.21
+ A 10.0.13.22
+ A 10.0.13.23
+ A 10.0.13.24
+ A 10.0.13.25
+ A 10.0.13.26
+ A 10.0.13.27
+ A 10.0.13.28
+ A 10.0.13.29
+ A 10.0.13.30
+ A 10.0.13.31
+ A 10.0.13.32
+ A 10.0.13.33
+ A 10.0.13.34
+ A 10.0.13.35
+ A 10.0.13.36
+ A 10.0.13.37
+ A 10.0.13.38
+ A 10.0.13.39
+ A 10.0.13.40
+ A 10.0.13.41
+ A 10.0.13.42
+ A 10.0.13.43
+ A 10.0.13.44
+ A 10.0.13.45
+ A 10.0.13.46
+ A 10.0.13.47
+ A 10.0.13.48
+ A 10.0.13.49
+ A 10.0.13.50
+ A 10.0.13.51
+ A 10.0.13.52
+ A 10.0.13.53
+ A 10.0.13.54
+ A 10.0.13.55
+ A 10.0.13.56
+ A 10.0.13.57
+ A 10.0.13.58
+ A 10.0.13.59
+ A 10.0.13.60
+ A 10.0.13.61
+ A 10.0.13.62
+ A 10.0.13.63
+ A 10.0.13.64
+ A 10.0.13.65
+ A 10.0.13.66
+ A 10.0.13.67
+ A 10.0.13.68
+ A 10.0.13.69
+ A 10.0.13.70
+ A 10.0.13.71
+ A 10.0.13.72
+ A 10.0.13.73
+ A 10.0.13.74
+ A 10.0.13.75
+ A 10.0.13.76
+ A 10.0.13.77
+ A 10.0.13.78
+ A 10.0.13.79
+ A 10.0.13.80
+ A 10.0.13.81
+ A 10.0.13.82
+ A 10.0.13.83
+ A 10.0.13.84
+ A 10.0.13.85
+ A 10.0.13.86
+ A 10.0.13.87
+ A 10.0.13.88
+ A 10.0.13.89
+ A 10.0.13.90
+ A 10.0.13.91
+ A 10.0.13.92
+ A 10.0.13.93
+ A 10.0.13.94
+ A 10.0.13.95
+ A 10.0.13.96
+ A 10.0.13.97
+ A 10.0.13.98
+ A 10.0.13.99
+ A 10.0.13.100
+ A 10.0.13.101
+ A 10.0.13.102
+ A 10.0.13.103
+ A 10.0.13.104
+ A 10.0.13.105
+ A 10.0.13.106
+ A 10.0.13.107
+ A 10.0.13.108
+ A 10.0.13.109
+ A 10.0.13.110
+ A 10.0.13.111
+ A 10.0.13.112
+ A 10.0.13.113
+ A 10.0.13.114
+ A 10.0.13.115
+ A 10.0.13.116
+ A 10.0.13.117
+ A 10.0.13.118
+ A 10.0.13.119
+ A 10.0.13.120
+ A 10.0.13.121
+ A 10.0.13.122
+ A 10.0.13.123
+ A 10.0.13.124
+ A 10.0.13.125
+ A 10.0.13.126
+ A 10.0.13.127
+ A 10.0.13.128
+ A 10.0.13.129
+ A 10.0.13.130
+ A 10.0.13.131
+ A 10.0.13.132
+ A 10.0.13.133
+ A 10.0.13.134
+ A 10.0.13.135
+ A 10.0.13.136
+ A 10.0.13.137
+ A 10.0.13.138
+ A 10.0.13.139
+ A 10.0.13.140
+ A 10.0.13.141
+ A 10.0.13.142
+ A 10.0.13.143
+ A 10.0.13.144
+ A 10.0.13.145
+ A 10.0.13.146
+ A 10.0.13.147
+ A 10.0.13.148
+ A 10.0.13.149
+ A 10.0.13.150
+ A 10.0.13.151
+ A 10.0.13.152
+ A 10.0.13.153
+ A 10.0.13.154
+ A 10.0.13.155
+ A 10.0.13.156
+ A 10.0.13.157
+ A 10.0.13.158
+ A 10.0.13.159
+ A 10.0.13.160
+ A 10.0.13.161
+ A 10.0.13.162
+ A 10.0.13.163
+ A 10.0.13.164
+ A 10.0.13.165
+ A 10.0.13.166
+ A 10.0.13.167
+ A 10.0.13.168
+ A 10.0.13.169
+ A 10.0.13.170
+ A 10.0.13.171
+ A 10.0.13.172
+ A 10.0.13.173
+ A 10.0.13.174
+ A 10.0.13.175
+ A 10.0.13.176
+ A 10.0.13.177
+ A 10.0.13.178
+ A 10.0.13.179
+ A 10.0.13.180
+ A 10.0.13.181
+ A 10.0.13.182
+ A 10.0.13.183
+ A 10.0.13.184
+ A 10.0.13.185
+ A 10.0.13.186
+ A 10.0.13.187
+ A 10.0.13.188
+ A 10.0.13.189
+ A 10.0.13.190
+ A 10.0.13.191
+ A 10.0.13.192
+ A 10.0.13.193
+ A 10.0.13.194
+ A 10.0.13.195
+ A 10.0.13.196
+ A 10.0.13.197
+ A 10.0.13.198
+ A 10.0.13.199
+ A 10.0.13.200
+ A 10.0.13.201
+ A 10.0.13.202
+ A 10.0.13.203
+ A 10.0.13.204
+ A 10.0.13.205
+ A 10.0.13.206
+ A 10.0.13.207
+ A 10.0.13.208
+ A 10.0.13.209
+ A 10.0.13.210
+ A 10.0.13.211
+ A 10.0.13.212
+ A 10.0.13.213
+ A 10.0.13.214
+ A 10.0.13.215
+ A 10.0.13.216
+ A 10.0.13.217
+ A 10.0.13.218
+ A 10.0.13.219
+ A 10.0.13.220
+ A 10.0.13.221
+ A 10.0.13.222
+ A 10.0.13.223
+ A 10.0.13.224
+ A 10.0.13.225
+ A 10.0.13.226
+ A 10.0.13.227
+ A 10.0.13.228
+ A 10.0.13.229
+ A 10.0.13.230
+ A 10.0.13.231
+ A 10.0.13.232
+ A 10.0.13.233
+ A 10.0.13.234
+ A 10.0.13.235
+ A 10.0.13.236
+ A 10.0.13.237
+ A 10.0.13.238
+ A 10.0.13.239
+ A 10.0.13.240
+ A 10.0.13.241
+ A 10.0.13.242
+ A 10.0.13.243
+ A 10.0.13.244
+ A 10.0.13.245
+ A 10.0.13.246
+ A 10.0.13.247
+ A 10.0.13.248
+ A 10.0.13.249
+ A 10.0.13.250
+ A 10.0.13.251
+ A 10.0.13.252
+ A 10.0.13.253
+ A 10.0.13.254
+ A 10.0.13.255
+ A 10.0.14.0
+ A 10.0.14.1
+ A 10.0.14.2
+ A 10.0.14.3
+ A 10.0.14.4
+ A 10.0.14.5
+ A 10.0.14.6
+ A 10.0.14.7
+ A 10.0.14.8
+ A 10.0.14.9
+ A 10.0.14.10
+ A 10.0.14.11
+ A 10.0.14.12
+ A 10.0.14.13
+ A 10.0.14.14
+ A 10.0.14.15
+ A 10.0.14.16
+ A 10.0.14.17
+ A 10.0.14.18
+ A 10.0.14.19
+ A 10.0.14.20
+ A 10.0.14.21
+ A 10.0.14.22
+ A 10.0.14.23
+ A 10.0.14.24
+ A 10.0.14.25
+ A 10.0.14.26
+ A 10.0.14.27
+ A 10.0.14.28
+ A 10.0.14.29
+ A 10.0.14.30
+ A 10.0.14.31
+ A 10.0.14.32
+ A 10.0.14.33
+ A 10.0.14.34
+ A 10.0.14.35
+ A 10.0.14.36
+ A 10.0.14.37
+ A 10.0.14.38
+ A 10.0.14.39
+ A 10.0.14.40
+ A 10.0.14.41
+ A 10.0.14.42
+ A 10.0.14.43
+ A 10.0.14.44
+ A 10.0.14.45
+ A 10.0.14.46
+ A 10.0.14.47
+ A 10.0.14.48
+ A 10.0.14.49
+ A 10.0.14.50
+ A 10.0.14.51
+ A 10.0.14.52
+ A 10.0.14.53
+ A 10.0.14.54
+ A 10.0.14.55
+ A 10.0.14.56
+ A 10.0.14.57
+ A 10.0.14.58
+ A 10.0.14.59
+ A 10.0.14.60
+ A 10.0.14.61
+ A 10.0.14.62
+ A 10.0.14.63
+ A 10.0.14.64
+ A 10.0.14.65
+ A 10.0.14.66
+ A 10.0.14.67
+ A 10.0.14.68
+ A 10.0.14.69
+ A 10.0.14.70
+ A 10.0.14.71
+ A 10.0.14.72
+ A 10.0.14.73
+ A 10.0.14.74
+ A 10.0.14.75
+ A 10.0.14.76
+ A 10.0.14.77
+ A 10.0.14.78
+ A 10.0.14.79
+ A 10.0.14.80
+ A 10.0.14.81
+ A 10.0.14.82
+ A 10.0.14.83
+ A 10.0.14.84
+ A 10.0.14.85
+ A 10.0.14.86
+ A 10.0.14.87
+ A 10.0.14.88
+ A 10.0.14.89
+ A 10.0.14.90
+ A 10.0.14.91
+ A 10.0.14.92
+ A 10.0.14.93
+ A 10.0.14.94
+ A 10.0.14.95
+ A 10.0.14.96
+ A 10.0.14.97
+ A 10.0.14.98
+ A 10.0.14.99
+ A 10.0.14.100
+ A 10.0.14.101
+ A 10.0.14.102
+ A 10.0.14.103
+ A 10.0.14.104
+ A 10.0.14.105
+ A 10.0.14.106
+ A 10.0.14.107
+ A 10.0.14.108
+ A 10.0.14.109
+ A 10.0.14.110
+ A 10.0.14.111
+ A 10.0.14.112
+ A 10.0.14.113
+ A 10.0.14.114
+ A 10.0.14.115
+ A 10.0.14.116
+ A 10.0.14.117
+ A 10.0.14.118
+ A 10.0.14.119
+ A 10.0.14.120
+ A 10.0.14.121
+ A 10.0.14.122
+ A 10.0.14.123
+ A 10.0.14.124
+ A 10.0.14.125
+ A 10.0.14.126
+ A 10.0.14.127
+ A 10.0.14.128
+ A 10.0.14.129
+ A 10.0.14.130
+ A 10.0.14.131
+ A 10.0.14.132
+ A 10.0.14.133
+ A 10.0.14.134
+ A 10.0.14.135
+ A 10.0.14.136
+ A 10.0.14.137
+ A 10.0.14.138
+ A 10.0.14.139
+ A 10.0.14.140
+ A 10.0.14.141
+ A 10.0.14.142
+ A 10.0.14.143
+ A 10.0.14.144
+ A 10.0.14.145
+ A 10.0.14.146
+ A 10.0.14.147
+ A 10.0.14.148
+ A 10.0.14.149
+ A 10.0.14.150
+ A 10.0.14.151
+ A 10.0.14.152
+ A 10.0.14.153
+ A 10.0.14.154
+ A 10.0.14.155
+ A 10.0.14.156
+ A 10.0.14.157
+ A 10.0.14.158
+ A 10.0.14.159
+ A 10.0.14.160
+ A 10.0.14.161
+ A 10.0.14.162
+ A 10.0.14.163
+ A 10.0.14.164
+ A 10.0.14.165
+ A 10.0.14.166
+ A 10.0.14.167
+ A 10.0.14.168
+ A 10.0.14.169
+ A 10.0.14.170
+ A 10.0.14.171
+ A 10.0.14.172
+ A 10.0.14.173
+ A 10.0.14.174
+ A 10.0.14.175
+ A 10.0.14.176
+ A 10.0.14.177
+ A 10.0.14.178
+ A 10.0.14.179
+ A 10.0.14.180
+ A 10.0.14.181
+ A 10.0.14.182
+ A 10.0.14.183
+ A 10.0.14.184
+ A 10.0.14.185
+ A 10.0.14.186
+ A 10.0.14.187
+ A 10.0.14.188
+ A 10.0.14.189
+ A 10.0.14.190
+ A 10.0.14.191
+ A 10.0.14.192
+ A 10.0.14.193
+ A 10.0.14.194
+ A 10.0.14.195
+ A 10.0.14.196
+ A 10.0.14.197
+ A 10.0.14.198
+ A 10.0.14.199
+ A 10.0.14.200
+ A 10.0.14.201
+ A 10.0.14.202
+ A 10.0.14.203
+ A 10.0.14.204
+ A 10.0.14.205
+ A 10.0.14.206
+ A 10.0.14.207
+ A 10.0.14.208
+ A 10.0.14.209
+ A 10.0.14.210
+ A 10.0.14.211
+ A 10.0.14.212
+ A 10.0.14.213
+ A 10.0.14.214
+ A 10.0.14.215
+ A 10.0.14.216
+ A 10.0.14.217
+ A 10.0.14.218
+ A 10.0.14.219
+ A 10.0.14.220
+ A 10.0.14.221
+ A 10.0.14.222
+ A 10.0.14.223
+ A 10.0.14.224
+ A 10.0.14.225
+ A 10.0.14.226
+ A 10.0.14.227
+ A 10.0.14.228
+ A 10.0.14.229
+ A 10.0.14.230
+ A 10.0.14.231
+ A 10.0.14.232
+ A 10.0.14.233
+ A 10.0.14.234
+ A 10.0.14.235
+ A 10.0.14.236
+ A 10.0.14.237
+ A 10.0.14.238
+ A 10.0.14.239
+ A 10.0.14.240
+ A 10.0.14.241
+ A 10.0.14.242
+ A 10.0.14.243
+ A 10.0.14.244
+ A 10.0.14.245
+ A 10.0.14.246
+ A 10.0.14.247
+ A 10.0.14.248
+ A 10.0.14.249
+ A 10.0.14.250
+ A 10.0.14.251
+ A 10.0.14.252
+ A 10.0.14.253
+ A 10.0.14.254
+ A 10.0.14.255
+ A 10.0.15.0
+ A 10.0.15.1
+ A 10.0.15.2
+ A 10.0.15.3
+ A 10.0.15.4
+ A 10.0.15.5
+ A 10.0.15.6
+ A 10.0.15.7
+ A 10.0.15.8
+ A 10.0.15.9
+ A 10.0.15.10
+ A 10.0.15.11
+ A 10.0.15.12
+ A 10.0.15.13
+ A 10.0.15.14
+ A 10.0.15.15
+ A 10.0.15.16
+ A 10.0.15.17
+ A 10.0.15.18
+ A 10.0.15.19
+ A 10.0.15.20
+ A 10.0.15.21
+ A 10.0.15.22
+ A 10.0.15.23
+ A 10.0.15.24
+ A 10.0.15.25
+ A 10.0.15.26
+ A 10.0.15.27
+ A 10.0.15.28
+ A 10.0.15.29
+ A 10.0.15.30
+ A 10.0.15.31
+ A 10.0.15.32
+ A 10.0.15.33
+ A 10.0.15.34
+ A 10.0.15.35
+ A 10.0.15.36
+ A 10.0.15.37
+ A 10.0.15.38
+ A 10.0.15.39
+ A 10.0.15.40
+ A 10.0.15.41
+ A 10.0.15.42
+ A 10.0.15.43
+ A 10.0.15.44
+ A 10.0.15.45
+ A 10.0.15.46
+ A 10.0.15.47
+ A 10.0.15.48
+ A 10.0.15.49
+ A 10.0.15.50
+ A 10.0.15.51
+ A 10.0.15.52
+ A 10.0.15.53
+ A 10.0.15.54
+ A 10.0.15.55
+ A 10.0.15.56
+ A 10.0.15.57
+ A 10.0.15.58
+ A 10.0.15.59
+ A 10.0.15.60
+ A 10.0.15.61
+ A 10.0.15.62
+ A 10.0.15.63
+ A 10.0.15.64
+ A 10.0.15.65
+ A 10.0.15.66
+ A 10.0.15.67
+ A 10.0.15.68
+ A 10.0.15.69
+ A 10.0.15.70
+ A 10.0.15.71
+ A 10.0.15.72
+ A 10.0.15.73
+ A 10.0.15.74
+ A 10.0.15.75
+ A 10.0.15.76
+ A 10.0.15.77
+ A 10.0.15.78
+ A 10.0.15.79
+ A 10.0.15.80
+ A 10.0.15.81
+ A 10.0.15.82
+ A 10.0.15.83
+ A 10.0.15.84
+ A 10.0.15.85
+ A 10.0.15.86
+ A 10.0.15.87
+ A 10.0.15.88
+ A 10.0.15.89
+ A 10.0.15.90
+ A 10.0.15.91
+ A 10.0.15.92
+ A 10.0.15.93
+ A 10.0.15.94
+ A 10.0.15.95
+ A 10.0.15.96
+ A 10.0.15.97
+ A 10.0.15.98
+ A 10.0.15.99
+ A 10.0.15.100
+ A 10.0.15.101
+ A 10.0.15.102
+ A 10.0.15.103
+ A 10.0.15.104
+ A 10.0.15.105
+ A 10.0.15.106
+ A 10.0.15.107
+ A 10.0.15.108
+ A 10.0.15.109
+ A 10.0.15.110
+ A 10.0.15.111
+ A 10.0.15.112
+ A 10.0.15.113
+ A 10.0.15.114
+ A 10.0.15.115
+ A 10.0.15.116
+ A 10.0.15.117
+ A 10.0.15.118
+ A 10.0.15.119
+ A 10.0.15.120
+ A 10.0.15.121
+ A 10.0.15.122
+ A 10.0.15.123
+ A 10.0.15.124
+ A 10.0.15.125
+ A 10.0.15.126
+ A 10.0.15.127
+ A 10.0.15.128
+ A 10.0.15.129
+ A 10.0.15.130
+ A 10.0.15.131
+ A 10.0.15.132
+ A 10.0.15.133
+ A 10.0.15.134
+ A 10.0.15.135
+ A 10.0.15.136
+ A 10.0.15.137
+ A 10.0.15.138
+ A 10.0.15.139
+ A 10.0.15.140
+ A 10.0.15.141
+ A 10.0.15.142
+ A 10.0.15.143
+ A 10.0.15.144
+ A 10.0.15.145
+ A 10.0.15.146
+ A 10.0.15.147
+ A 10.0.15.148
+ A 10.0.15.149
+ A 10.0.15.150
+ A 10.0.15.151
+ A 10.0.15.152
+ A 10.0.15.153
+ A 10.0.15.154
+ A 10.0.15.155
+ A 10.0.15.156
+ A 10.0.15.157
+ A 10.0.15.158
+ A 10.0.15.159
+ A 10.1.0.0
+ A 10.1.0.1
+ A 10.1.0.2
+ A 10.1.0.3
+ A 10.1.0.4
+ A 10.1.0.5
+ A 10.1.0.6
+ A 10.1.0.7
+ A 10.1.0.8
+ A 10.1.0.9
+ A 10.1.0.10
+ A 10.1.0.11
+ A 10.1.0.12
+ A 10.1.0.13
+ A 10.1.0.14
+ A 10.1.0.15
+ A 10.1.0.16
+ A 10.1.0.17
+ A 10.1.0.18
+ A 10.1.0.19
+ A 10.1.0.20
+ A 10.1.0.21
+ A 10.1.0.22
+ A 10.1.0.23
+ A 10.1.0.24
+ A 10.1.0.25
+ A 10.1.0.26
+ A 10.1.0.27
+ A 10.1.0.28
+ A 10.1.0.29
+ A 10.1.0.30
+ A 10.1.0.31
+ A 10.1.0.32
+ A 10.1.0.33
+ A 10.1.0.34
+ A 10.1.0.35
+ A 10.1.0.36
+ A 10.1.0.37
+ A 10.1.0.38
+ A 10.1.0.39
+ A 10.1.0.40
+ A 10.1.0.41
+ A 10.1.0.42
+ A 10.1.0.43
+ A 10.1.0.44
+ A 10.1.0.45
+ A 10.1.0.46
+ A 10.1.0.47
+ A 10.1.0.48
+ A 10.1.0.49
+ A 10.1.0.50
+ A 10.1.0.51
+ A 10.1.0.52
+ A 10.1.0.53
+ A 10.1.0.54
+ A 10.1.0.55
+ A 10.1.0.56
+ A 10.1.0.57
+ A 10.1.0.58
+ A 10.1.0.59
+ A 10.1.0.60
+ A 10.1.0.61
+ A 10.1.0.62
+ A 10.1.0.63
+ A 10.1.0.64
+ A 10.1.0.65
+ A 10.1.0.66
+ A 10.1.0.67
+ A 10.1.0.68
+ A 10.1.0.69
+ A 10.1.0.70
+ A 10.1.0.71
+ A 10.1.0.72
+ A 10.1.0.73
+ A 10.1.0.74
+ A 10.1.0.75
+ A 10.1.0.76
+ A 10.1.0.77
+ A 10.1.0.78
+ A 10.1.0.79
+ A 10.1.0.80
+ A 10.1.0.81
+ A 10.1.0.82
+ A 10.1.0.83
+ A 10.1.0.84
+ A 10.1.0.85
+ A 10.1.0.86
+ A 10.1.0.87
+ A 10.1.0.88
+ A 10.1.0.89
+ A 10.1.0.90
diff --git a/bin/tests/system/limits/ns1/named.conf b/bin/tests/system/limits/ns1/named.conf
new file mode 100644
index 0000000..e8e439e
--- /dev/null
+++ b/bin/tests/system/limits/ns1/named.conf
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.14 2007/06/19 23:47:03 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/limits/ns1/root.db b/bin/tests/system/limits/ns1/root.db
new file mode 100644
index 0000000..635dfce
--- /dev/null
+++ b/bin/tests/system/limits/ns1/root.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.9 2007/06/19 23:47:03 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns1.example.
+ns1.example. A 10.53.0.1
diff --git a/bin/tests/system/limits/tests.sh b/bin/tests/system/limits/tests.sh
new file mode 100644
index 0000000..f2728d2
--- /dev/null
+++ b/bin/tests/system/limits/tests.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.17 2007/06/19 23:47:03 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:1000 A records"
+$DIG +tcp +norec 1000.example. @10.53.0.1 a -p 5300 > dig.out.1000 || status=1
+#dig 1000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.1000
+$PERL ../digcomp.pl knowngood.dig.out.1000 dig.out.1000 || status=1
+
+echo "I:2000 A records"
+$DIG +tcp +norec 2000.example. @10.53.0.1 a -p 5300 > dig.out.2000 || status=1
+#dig 2000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.2000
+$PERL ../digcomp.pl knowngood.dig.out.2000 dig.out.2000 || status=1
+
+echo "I:3000 A records"
+$DIG +tcp +norec 3000.example. @10.53.0.1 a -p 5300 > dig.out.3000 || status=1
+#dig 3000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.3000
+$PERL ../digcomp.pl knowngood.dig.out.3000 dig.out.3000 || status=1
+
+echo "I:4000 A records"
+$DIG +tcp +norec 4000.example. @10.53.0.1 a -p 5300 > dig.out.4000 || status=1
+#dig 4000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.4000
+$PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1
+
+echo "I:exactly maximum rrset"
+$DIG +tcp +norec a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \
+ || status=1
+#dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset
+$PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1
+
+echo "I:exceed maximum rrset (5000 A records)"
+$DIG +tcp +norec 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1
+# Look for truncation bit (tc).
+grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || {
+ echo "I:TC bit was not set"
+ status=1
+}
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/lwresd/Makefile.in b/bin/tests/system/lwresd/Makefile.in
new file mode 100644
index 0000000..807349d
--- /dev/null
+++ b/bin/tests/system/lwresd/Makefile.in
@@ -0,0 +1,56 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.19 2007/06/19 23:47:03 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${LWRES_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+LWRESLIBS = ../../../../lib/lwres/liblwres.@A@
+ISCLIBS = ../../../../lib/isc/libisc.@A@
+
+LWRESDEPLIBS = ../../../../lib/lwres/liblwres.@A@
+ISCDEPLIBS = ../../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${LWRESDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${LWRESLIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = lwtest@EXEEXT@
+
+OBJS = lwtest.@O@
+
+SRCS = lwtest.c
+
+@BIND9_MAKE_RULES@
+
+all: lwtest@EXEEXT@
+
+lwtest@EXEEXT@: ${OBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${LIBS}
+
+clean distclean::
+ rm -f ${TARGETS}
+
diff --git a/bin/tests/system/lwresd/clean.sh b/bin/tests/system/lwresd/clean.sh
new file mode 100644
index 0000000..107a020
--- /dev/null
+++ b/bin/tests/system/lwresd/clean.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.1 2008/07/17 01:14:16 marka Exp $
+
+#
+# Clean up after lwresd tests.
+#
+rm -f */named.memstats
diff --git a/bin/tests/system/lwresd/lwresd1/lwresd.conf b/bin/tests/system/lwresd/lwresd1/lwresd.conf
new file mode 100644
index 0000000..272cab6
--- /dev/null
+++ b/bin/tests/system/lwresd/lwresd1/lwresd.conf
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwresd.conf,v 1.8 2007/06/19 23:47:04 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ port 5300;
+ pid-file "lwresd.pid";
+ forwarders {10.53.0.1;};
+ forward only;
+};
+
+lwres {
+ listen-on {10.53.0.1 port 9210;};
+ view "_default";
+ search {example1.;};
+ ndots 1;
+};
diff --git a/bin/tests/system/lwresd/lwresd1/resolv.conf b/bin/tests/system/lwresd/lwresd1/resolv.conf
new file mode 100644
index 0000000..1aa88c9
--- /dev/null
+++ b/bin/tests/system/lwresd/lwresd1/resolv.conf
@@ -0,0 +1,21 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: resolv.conf,v 1.11 2007/06/19 23:47:04 tbox Exp $
+
+nameserver 10.53.0.1
+lwserver 10.53.0.1
+search example1.
+ndots 1
diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c
new file mode 100644
index 0000000..534e999
--- /dev/null
+++ b/bin/tests/system/lwresd/lwtest.c
@@ -0,0 +1,773 @@
+/*
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: lwtest.c,v 1.32 2008/04/02 02:37:42 marka Exp $ */
+
+#include <config.h>
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include <isc/net.h>
+#include <isc/string.h>
+
+#include <lwres/lwres.h>
+#include <lwres/netdb.h>
+#include <lwres/net.h>
+
+/*
+ * XXX getnameinfo errors, which don't appear to be standard.
+ */
+#define ENI_NOSERVNAME 1
+#define ENI_NOHOSTNAME 2
+#define ENI_MEMORY 3
+#define ENI_SYSTEM 4
+#define ENI_FAMILY 5
+#define ENI_SALEN 6
+#define ENI_NOSOCKET 7
+
+static int fails = 0;
+
+static void
+CHECK(lwres_result_t val, const char *msg) {
+ if (val != 0) {
+ printf("I:%s returned %d\n", msg, val);
+ exit(1);
+ }
+}
+
+static unsigned char TESTSTRING[] =
+ "This is a test. This is only a test. !!!";
+
+static lwres_context_t *ctx;
+
+static void
+test_noop(void) {
+ lwres_result_t ret;
+ lwres_lwpacket_t pkt, pkt2;
+ lwres_nooprequest_t nooprequest, *nooprequest2;
+ lwres_noopresponse_t noopresponse, *noopresponse2;
+ lwres_buffer_t b;
+
+ pkt.pktflags = 0;
+ pkt.serial = 0x11223344;
+ pkt.recvlength = 0x55667788;
+ pkt.result = 0;
+
+ nooprequest.datalength = strlen((char *)TESTSTRING);
+ nooprequest.data = TESTSTRING;
+ ret = lwres_nooprequest_render(ctx, &nooprequest, &pkt, &b);
+ CHECK(ret, "lwres_nooprequest_render");
+
+ /*
+ * Now, parse it into a new structure.
+ */
+ lwres_buffer_first(&b);
+ ret = lwres_lwpacket_parseheader(&b, &pkt2);
+ CHECK(ret, "lwres_lwpacket_parseheader");
+
+ nooprequest2 = NULL;
+ ret = lwres_nooprequest_parse(ctx, &b, &pkt2, &nooprequest2);
+ CHECK(ret, "lwres_nooprequest_parse");
+
+ assert(nooprequest.datalength == nooprequest2->datalength);
+ assert(memcmp(nooprequest.data, nooprequest2->data,
+ nooprequest.datalength) == 0);
+
+ lwres_nooprequest_free(ctx, &nooprequest2);
+
+ lwres_context_freemem(ctx, b.base, b.length);
+ b.base = NULL;
+ b.length = 0;
+
+ pkt.pktflags = 0;
+ pkt.serial = 0x11223344;
+ pkt.recvlength = 0x55667788;
+ pkt.result = 0xdeadbeef;
+
+ noopresponse.datalength = strlen((char *)TESTSTRING);
+ noopresponse.data = TESTSTRING;
+ ret = lwres_noopresponse_render(ctx, &noopresponse, &pkt, &b);
+ CHECK(ret, "lwres_noopresponse_render");
+
+ /*
+ * Now, parse it into a new structure.
+ */
+ lwres_buffer_first(&b);
+ ret = lwres_lwpacket_parseheader(&b, &pkt2);
+ CHECK(ret, "lwres_lwpacket_parseheader");
+
+ noopresponse2 = NULL;
+ ret = lwres_noopresponse_parse(ctx, &b, &pkt2, &noopresponse2);
+ CHECK(ret, "lwres_noopresponse_parse");
+
+ assert(noopresponse.datalength == noopresponse2->datalength);
+ assert(memcmp(noopresponse.data, noopresponse2->data,
+ noopresponse.datalength) == 0);
+
+ lwres_noopresponse_free(ctx, &noopresponse2);
+
+ lwres_context_freemem(ctx, b.base, b.length);
+ b.base = NULL;
+ b.length = 0;
+}
+
+static void
+test_gabn(const char *target, lwres_result_t expected, const char *address,
+ lwres_uint32_t af)
+{
+ lwres_gabnresponse_t *res;
+ unsigned char addrbuf[16];
+ lwres_addr_t *addr;
+ char outbuf[64];
+ unsigned int len;
+ lwres_result_t ret;
+
+ res = NULL;
+ ret = lwres_getaddrsbyname(ctx, target,
+ LWRES_ADDRTYPE_V4 | LWRES_ADDRTYPE_V6,
+ &res);
+ if (ret != expected) {
+ printf("I:gabn(%s) failed: %d\n", target, ret);
+ if (res != NULL)
+ lwres_gabnresponse_free(ctx, &res);
+ fails++;
+ return;
+ }
+ if (ret == LWRES_R_SUCCESS) {
+ if (af == LWRES_ADDRTYPE_V4) {
+ len = 4;
+ ret = inet_pton(AF_INET, address, addrbuf);
+ assert(ret == 1);
+ } else {
+ len = 16;
+ ret = inet_pton(AF_INET6, address, addrbuf);
+ assert(ret == 1);
+ }
+ addr = LWRES_LIST_HEAD(res->addrs);
+ if (addr == NULL) {
+ printf("I:gabn(%s) returned empty list\n", target);
+ fails++;
+ return;
+ }
+ while (addr != NULL) {
+ if (addr->family != af || addr->length != len ||
+ memcmp(addr->address, addrbuf, len) == 0)
+ break;
+ addr = LWRES_LIST_NEXT(addr, link);
+ }
+ if (addr == NULL) {
+ addr = LWRES_LIST_HEAD(res->addrs);
+ if (addr->family == LWRES_ADDRTYPE_V4)
+ (void)inet_ntop(AF_INET, addr->address,
+ outbuf, sizeof(outbuf));
+ else
+ (void)inet_ntop(AF_INET6, addr->address,
+ outbuf, sizeof(outbuf));
+ printf("I:gabn(%s) returned %s, expected %s\n",
+ target, outbuf, address);
+ fails++;
+ return;
+ }
+ }
+ if (res != NULL)
+ lwres_gabnresponse_free(ctx, &res);
+}
+
+static void
+test_gnba(const char *target, lwres_uint32_t af, lwres_result_t expected,
+ const char *name)
+{
+ lwres_gnbaresponse_t *res;
+ lwres_result_t ret;
+ unsigned char addrbuf[16];
+ unsigned int len;
+
+ if (af == LWRES_ADDRTYPE_V4) {
+ len = 4;
+ ret = inet_pton(AF_INET, target, addrbuf);
+ assert(ret == 1);
+ } else {
+ len = 16;
+ ret = inet_pton(AF_INET6, target, addrbuf);
+ assert(ret == 1);
+ }
+
+ res = NULL;
+ ret = lwres_getnamebyaddr(ctx, af, len, addrbuf, &res);
+ if (ret != expected) {
+ printf("I:gnba(%s) failed: %d\n", target, ret);
+ if (res != NULL)
+ lwres_gnbaresponse_free(ctx, &res);
+ fails++;
+ return;
+ }
+ if (ret == LWRES_R_SUCCESS && strcasecmp(res->realname, name) != 0) {
+ printf("I:gnba(%s) returned %s, expected %s\n",
+ target, res->realname, name);
+ fails++;
+ return;
+ }
+ if (res != NULL)
+ lwres_gnbaresponse_free(ctx, &res);
+}
+
+static void
+test_gethostbyname(const char *name, const char *address) {
+ struct hostent *hp;
+ unsigned char addrbuf[16];
+ int ret;
+
+ hp = gethostbyname(name);
+ if (hp == NULL) {
+ if (address == NULL && h_errno == HOST_NOT_FOUND)
+ return;
+ else if (h_errno != HOST_NOT_FOUND) {
+ printf("I:gethostbyname(%s) failed: %s\n",
+ name, hstrerror(h_errno));
+ fails++;
+ return;
+ } else {
+ printf("I:gethostbyname(%s) returned not found\n",
+ name);
+ fails++;
+ return;
+ }
+ } else {
+ ret = inet_pton(AF_INET, address, addrbuf);
+ assert(ret == 1);
+ if (memcmp(hp->h_addr_list[0], addrbuf, hp->h_length) != 0) {
+ char outbuf[16];
+ (void)inet_ntop(AF_INET, hp->h_addr_list[0],
+ outbuf, sizeof(outbuf));
+ printf("I:gethostbyname(%s) returned %s, "
+ "expected %s\n", name, outbuf, address);
+ fails++;
+ return;
+ }
+ }
+}
+
+static void
+test_gethostbyname2(const char *name, const char *address, int af) {
+ struct hostent *hp;
+ unsigned char addrbuf[16];
+ int len, ret;
+
+ hp = gethostbyname2(name, af);
+ if (hp == NULL) {
+ if (address == NULL && h_errno == HOST_NOT_FOUND)
+ return;
+ else if (h_errno != HOST_NOT_FOUND) {
+ printf("I:gethostbyname(%s) failed: %s\n",
+ name, hstrerror(h_errno));
+ fails++;
+ return;
+ } else {
+ printf("I:gethostbyname(%s) returned not found\n",
+ name);
+ fails++;
+ return;
+ }
+ } else {
+ if (af == AF_INET)
+ len = 4;
+ else
+ len = 16;
+ ret = inet_pton(af, address, addrbuf);
+ assert(ret == 1);
+ if (hp->h_addrtype != af) {
+ printf("I:gethostbyname(%s) returned wrong family\n",
+ name);
+ fails++;
+ return;
+ }
+ if (len != (int)hp->h_length ||
+ memcmp(hp->h_addr_list[0], addrbuf, hp->h_length) != 0)
+ {
+ char outbuf[16];
+ (void)inet_ntop(af, hp->h_addr_list[0],
+ outbuf, sizeof(outbuf));
+ printf("I:gethostbyname(%s) returned %s, "
+ "expected %s\n", name, outbuf, address);
+ fails++;
+ return;
+ }
+ }
+}
+
+static void
+test_getipnodebyname(const char *name, const char *address, int af,
+ int v4map, int all)
+{
+ struct hostent *hp;
+ unsigned char addrbuf[16];
+ int len, ret;
+ int error_num;
+ int flags = 0;
+
+ if (v4map)
+ flags |= AI_V4MAPPED;
+ if (all)
+ flags |= AI_ALL;
+
+ hp = getipnodebyname(name, af, flags, &error_num);
+ if (hp == NULL) {
+ if (address == NULL && error_num == HOST_NOT_FOUND)
+ return;
+ else if (error_num != HOST_NOT_FOUND) {
+ printf("I:getipnodebyname(%s) failed: %d\n",
+ name, error_num);
+ fails++;
+ return;
+ } else {
+ printf("I:getipnodebyname(%s) returned not found\n",
+ name);
+ fails++;
+ return;
+ }
+ } else {
+ if (af == AF_INET)
+ len = 4;
+ else
+ len = 16;
+ ret = inet_pton(af, address, addrbuf);
+ assert(ret == 1);
+ if (hp->h_addrtype != af) {
+ printf("I:getipnodebyname(%s) returned wrong family\n",
+ name);
+ freehostent(hp);
+ fails++;
+ return;
+ }
+ if (len != (int)hp->h_length ||
+ memcmp(hp->h_addr_list[0], addrbuf, hp->h_length) != 0)
+ {
+ char outbuf[16];
+ (void)inet_ntop(af, hp->h_addr_list[0],
+ outbuf, sizeof(outbuf));
+ printf("I:getipnodebyname(%s) returned %s, "
+ "expected %s\n", name, outbuf, address);
+ freehostent(hp);
+ fails++;
+ return;
+ }
+ freehostent(hp);
+ }
+}
+
+static void
+test_gethostbyaddr(const char *address, int af, const char *name) {
+ struct hostent *hp;
+ char addrbuf[16];
+ int len, ret;
+
+ if (af == AF_INET)
+ len = 4;
+ else
+ len = 16;
+ ret = inet_pton(af, address, addrbuf);
+ assert(ret == 1);
+
+ hp = gethostbyaddr(addrbuf, len, af);
+
+ if (hp == NULL) {
+ if (name == NULL && h_errno == HOST_NOT_FOUND)
+ return;
+ else if (h_errno != HOST_NOT_FOUND) {
+ printf("I:gethostbyaddr(%s) failed: %s\n",
+ address, hstrerror(h_errno));
+ fails++;
+ return;
+ } else {
+ printf("I:gethostbyaddr(%s) returned not found\n",
+ address);
+ fails++;
+ return;
+ }
+ } else {
+ if (strcmp(hp->h_name, name) != 0) {
+ printf("I:gethostbyname(%s) returned %s, "
+ "expected %s\n", address, hp->h_name, name);
+ fails++;
+ return;
+ }
+ }
+}
+
+static void
+test_getipnodebyaddr(const char *address, int af, const char *name) {
+ struct hostent *hp;
+ char addrbuf[16];
+ int len, ret;
+ int error_num;
+
+ if (af == AF_INET)
+ len = 4;
+ else
+ len = 16;
+ ret = inet_pton(af, address, addrbuf);
+ assert(ret == 1);
+
+ hp = getipnodebyaddr(addrbuf, len, af, &error_num);
+
+ if (hp == NULL) {
+ if (name == NULL && error_num == HOST_NOT_FOUND)
+ return;
+ else if (error_num != HOST_NOT_FOUND) {
+ printf("I:getipnodebyaddr(%s) failed: %d\n",
+ address, error_num);
+ fails++;
+ return;
+ } else {
+ printf("I:getipnodebyaddr(%s) returned not found\n",
+ address);
+ fails++;
+ return;
+ }
+ } else {
+ if (strcmp(hp->h_name, name) != 0) {
+ printf("I:getipnodebyaddr(%s) returned %s, "
+ "expected %s\n", address, hp->h_name, name);
+ freehostent(hp);
+ fails++;
+ return;
+ }
+ freehostent(hp);
+ }
+}
+
+static void
+test_getaddrinfo(const char *name, int af, int v4ok, int v6ok,
+ const char *address)
+{
+ unsigned int len;
+ int ret;
+ struct addrinfo *ai;
+ struct addrinfo hint;
+ unsigned char addrbuf[16];
+
+ if (v4ok == 1 && v6ok== 1) {
+ ret = getaddrinfo(name, NULL, NULL, &ai);
+ } else {
+ memset(&hint, 0, sizeof(hint));
+ if (v4ok)
+ hint.ai_family = AF_INET;
+ else
+ hint.ai_family = AF_INET6;
+ ret = getaddrinfo(name, NULL, &hint, &ai);
+ }
+ if (ret != 0) {
+ if (address == NULL && ret == EAI_NODATA)
+ return;
+ else if (ret != EAI_NODATA) {
+ printf("I:getaddrinfo(%s,%d,%d) failed: %s\n",
+ name, v4ok, v6ok, gai_strerror(ret));
+ fails++;
+ return;
+ } else {
+ printf("I:getaddrinfo(%s,%d,%d) returned not found\n",
+ name, v4ok, v6ok);
+ fails++;
+ return;
+ }
+ } else {
+ if (af == AF_INET)
+ len = sizeof(struct sockaddr_in);
+ else
+ len = sizeof(struct sockaddr_in6);
+ ret = inet_pton(af, address, addrbuf);
+ assert(ret == 1);
+ if (ai->ai_family != af) {
+ printf("I:getaddrinfo(%s) returned wrong family\n",
+ name);
+ fails++;
+ freeaddrinfo(ai);
+ return;
+ }
+ if (len != (unsigned int) ai->ai_addrlen) {
+ char outbuf[16];
+ (void)inet_ntop(af, ai->ai_addr,
+ outbuf, sizeof(outbuf));
+ printf("I:getaddrinfo(%s) returned %lub, "
+ "expected %ub\n", name,
+ (unsigned long)ai->ai_addrlen, len);
+ fails++;
+ freeaddrinfo(ai);
+ return;
+ } else if (af == AF_INET) {
+ struct sockaddr_in *sin;
+ sin = (struct sockaddr_in *) ai->ai_addr;
+ if (memcmp(&sin->sin_addr.s_addr, addrbuf, 4) != 0) {
+ char outbuf[16];
+ (void)inet_ntop(af, &sin->sin_addr.s_addr,
+ outbuf, sizeof(outbuf));
+ printf("I:getaddrinfo(%s) returned %s, "
+ "expected %s\n", name, outbuf, address);
+ fails++;
+ freeaddrinfo(ai);
+ return;
+ }
+ } else {
+ struct sockaddr_in6 *sin6;
+ sin6 = (struct sockaddr_in6 *) ai->ai_addr;
+ if (memcmp(sin6->sin6_addr.s6_addr, addrbuf, 16) != 0)
+ {
+ char outbuf[16];
+ (void)inet_ntop(af, &sin6->sin6_addr.s6_addr,
+ outbuf, sizeof(outbuf));
+ printf("I:getaddrinfo(%s) returned %s, "
+ "expected %s\n", name, outbuf, address);
+ fails++;
+ freeaddrinfo(ai);
+ return;
+ }
+ }
+ freeaddrinfo(ai);
+ }
+}
+
+static void
+test_getnameinfo(const char *address, int af, const char *name) {
+ int ret;
+ struct sockaddr_in sin;
+ struct sockaddr_in6 sin6;
+ struct sockaddr *sa;
+ int salen;
+ char host[1025];
+
+ if (af == AF_INET) {
+ memset(&sin, 0, sizeof(sin));
+ ret = inet_pton(AF_INET, address, &sin.sin_addr.s_addr);
+ assert(ret == 1);
+ sin.sin_family = AF_INET;
+#ifdef LWRES_PLATFORM_HAVESALEN
+ sin.sin_len = sizeof(sin);
+#endif
+ sa = (struct sockaddr *) &sin;
+ salen = sizeof(sin);
+ } else {
+ memset(&sin6, 0, sizeof(sin6));
+ ret = inet_pton(AF_INET6, address, sin6.sin6_addr.s6_addr);
+ assert(ret == 1);
+ sin6.sin6_family = AF_INET6;
+#ifdef LWRES_PLATFORM_HAVESALEN
+ sin6.sin6_len = sizeof(sin6);
+#endif
+ sa = (struct sockaddr *) &sin6;
+ salen = sizeof(sin6);
+ }
+ sa->sa_family = af;
+
+ ret = getnameinfo(sa, salen, host, sizeof(host), NULL, 0, NI_NAMEREQD);
+
+ if (ret != 0) {
+ if (name == NULL && ret == ENI_NOHOSTNAME)
+ return;
+ else if (ret != ENI_NOHOSTNAME) {
+ printf("I:getnameinfo(%s) failed: %d\n",
+ address, ret);
+ fails++;
+ return;
+ } else {
+ printf("I:getnameinfo(%s) returned not found\n",
+ address);
+ fails++;
+ return;
+ }
+ } else {
+ if (name == NULL) {
+ printf("I:getnameinfo(%s) returned %s, "
+ "expected NULL\n", address, host);
+ fails++;
+ return;
+ } else if (strcmp(host, name) != 0) {
+ printf("I:getnameinfo(%s) returned %s, expected %s\n",
+ address, host, name);
+ fails++;
+ return;
+ }
+ }
+}
+
+static void
+test_getrrsetbyname(const char *name, int rdclass, int rdtype,
+ unsigned int nrdatas, unsigned int nsigs,
+ int should_pass)
+{
+ int ret;
+ struct rrsetinfo *rrinfo = NULL;
+ ret = getrrsetbyname(name, rdclass, rdtype, 0, &rrinfo);
+ if (ret != 0 && should_pass == 1) {
+ printf("I:getrrsetbyname(%s, %d) failed\n", name, rdtype);
+ fails++;
+ return;
+ } else if (ret == 0 && should_pass == 0) {
+ printf("I:getrrsetbyname(%s, %d) unexpectedly succeeded\n",
+ name, rdtype);
+ fails++;
+ freerrset(rrinfo);
+ return;
+ } else if (ret != 0)
+ return;
+ if (rrinfo->rri_nrdatas != nrdatas) {
+ printf("I:getrrsetbyname(%s, %d): got %d rr, expected %d\n",
+ name, rdtype, rrinfo->rri_nrdatas, nrdatas);
+ fails++;
+ }
+ if (rrinfo->rri_nsigs != nsigs) {
+ printf("I:getrrsetbyname(%s, %d): got %d sig, expected %d\n",
+ name, rdtype, rrinfo->rri_nsigs, nsigs);
+ fails++;
+ }
+ freerrset(rrinfo);
+ return;
+}
+
+int
+main(void) {
+ lwres_result_t ret;
+
+ lwres_udp_port = 9210;
+ lwres_resolv_conf = "resolv.conf";
+
+ ret = lwres_context_create(&ctx, NULL, NULL, NULL, 0);
+ CHECK(ret, "lwres_context_create");
+
+ ret = lwres_conf_parse(ctx, "resolv.conf");
+ CHECK(ret, "lwres_conf_parse");
+
+ test_noop();
+
+ test_gabn("a.example1", LWRES_R_SUCCESS, "10.0.1.1",
+ LWRES_ADDRTYPE_V4);
+ test_gabn("a.example1.", LWRES_R_SUCCESS, "10.0.1.1",
+ LWRES_ADDRTYPE_V4);
+ test_gabn("a.example2", LWRES_R_SUCCESS, "10.0.2.1",
+ LWRES_ADDRTYPE_V4);
+ test_gabn("a.example2.", LWRES_R_SUCCESS, "10.0.2.1",
+ LWRES_ADDRTYPE_V4);
+ test_gabn("a.example3", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V4);
+ test_gabn("a.example3.", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V4);
+ test_gabn("a", LWRES_R_SUCCESS, "10.0.1.1", LWRES_ADDRTYPE_V4);
+ test_gabn("a.", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V4);
+
+ test_gabn("a2", LWRES_R_SUCCESS, "10.0.1.1", LWRES_ADDRTYPE_V4);
+ test_gabn("a3", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V4);
+
+ test_gabn("b.example1", LWRES_R_SUCCESS,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ LWRES_ADDRTYPE_V6);
+ test_gabn("b.example1.", LWRES_R_SUCCESS,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ LWRES_ADDRTYPE_V6);
+ test_gabn("b.example2", LWRES_R_SUCCESS,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ LWRES_ADDRTYPE_V6);
+ test_gabn("b.example2.", LWRES_R_SUCCESS,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ LWRES_ADDRTYPE_V6);
+ test_gabn("b.example3", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V6);
+ test_gabn("b.example3.", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V6);
+ test_gabn("b", LWRES_R_SUCCESS,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ LWRES_ADDRTYPE_V6);
+ test_gabn("b.", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V6);
+
+ test_gabn("d.example1", LWRES_R_NOTFOUND, NULL, LWRES_ADDRTYPE_V6);
+
+ test_gabn("x", LWRES_R_SUCCESS, "10.1.10.1", LWRES_ADDRTYPE_V4);
+ test_gabn("x.", LWRES_R_SUCCESS, "10.1.10.1", LWRES_ADDRTYPE_V4);
+
+ test_gnba("10.10.10.1", LWRES_ADDRTYPE_V4, LWRES_R_SUCCESS,
+ "ipv4.example");
+ test_gnba("10.10.10.17", LWRES_ADDRTYPE_V4, LWRES_R_NOTFOUND,
+ NULL);
+ test_gnba("0123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ LWRES_ADDRTYPE_V6, LWRES_R_SUCCESS, "ip6.int.example");
+ test_gnba("0123:4567:89ab:cdef:0123:4567:89ab:cde0",
+ LWRES_ADDRTYPE_V6, LWRES_R_NOTFOUND, NULL);
+ test_gnba("1123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ LWRES_ADDRTYPE_V6, LWRES_R_SUCCESS, "ip6.arpa.example");
+ test_gnba("1123:4567:89ab:cdef:0123:4567:89ab:cde0",
+ LWRES_ADDRTYPE_V6, LWRES_R_NOTFOUND, NULL);
+
+ test_gethostbyname("a.example1.", "10.0.1.1");
+ test_gethostbyname("q.example1.", NULL);
+
+ test_gethostbyname2("a.example1.", "10.0.1.1", AF_INET);
+ test_gethostbyname2("b.example1.",
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ AF_INET6);
+ test_gethostbyname2("q.example1.", NULL, AF_INET);
+
+ test_getipnodebyname("a.example1.", "10.0.1.1", AF_INET, 0, 0);
+ test_getipnodebyname("b.example1.",
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ AF_INET6, 0, 0);
+ test_getipnodebyname("a.example1.",
+ "::ffff:10.0.1.1", AF_INET6, 1, 0);
+ test_getipnodebyname("a.example1.",
+ "::ffff:10.0.1.1", AF_INET6, 1, 1);
+ test_getipnodebyname("b.example1.",
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff",
+ AF_INET6, 1, 1);
+ test_getipnodebyname("q.example1.", NULL, AF_INET, 0, 0);
+
+ test_gethostbyaddr("10.10.10.1", AF_INET, "ipv4.example");
+ test_gethostbyaddr("10.10.10.17", AF_INET, NULL);
+ test_gethostbyaddr("0123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ AF_INET6, "ip6.int.example");
+ test_gethostbyaddr("1123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ AF_INET6, "ip6.arpa.example");
+
+ test_getipnodebyaddr("10.10.10.1", AF_INET, "ipv4.example");
+ test_getipnodebyaddr("10.10.10.17", AF_INET, NULL);
+ test_getipnodebyaddr("0123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ AF_INET6, "ip6.int.example");
+ test_getipnodebyaddr("1123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ AF_INET6, "ip6.arpa.example");
+
+ test_getaddrinfo("a.example1.", AF_INET, 1, 1, "10.0.1.1");
+ test_getaddrinfo("a.example1.", AF_INET, 1, 0, "10.0.1.1");
+ test_getaddrinfo("a.example1.", AF_INET, 0, 1, NULL);
+ test_getaddrinfo("b.example1.", AF_INET6, 1, 1,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff");
+ test_getaddrinfo("b.example1.", AF_INET6, 1, 0, NULL);
+ test_getaddrinfo("b.example1.", AF_INET6, 0, 1,
+ "eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff");
+
+ test_getnameinfo("10.10.10.1", AF_INET, "ipv4.example");
+ test_getnameinfo("10.10.10.17", AF_INET, NULL);
+ test_getnameinfo("0123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ AF_INET6, "ip6.int.example");
+ test_getnameinfo("1123:4567:89ab:cdef:0123:4567:89ab:cdef",
+ AF_INET6, "ip6.arpa.example");
+ test_getnameinfo("1122:3344:5566:7788:99aa:bbcc:ddee:ff00",
+ AF_INET6, "dname.example1");
+
+ test_getrrsetbyname("a", 1, 1, 1, 0, 1);
+ test_getrrsetbyname("a.example1.", 1, 1, 1, 0, 1);
+ test_getrrsetbyname("e.example1.", 1, 1, 1, 1, 1);
+ test_getrrsetbyname("e.example1.", 1, 255, 1, 1, 0);
+ test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1);
+ test_getrrsetbyname("", 1, 1, 0, 0, 0);
+
+ if (fails == 0)
+ printf("I:ok\n");
+ return (fails);
+}
diff --git a/bin/tests/system/lwresd/ns1/10.10.10.in-addr.arpa.db b/bin/tests/system/lwresd/ns1/10.10.10.in-addr.arpa.db
new file mode 100644
index 0000000..8c8adca
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/10.10.10.in-addr.arpa.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: 10.10.10.in-addr.arpa.db,v 1.10 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000062001 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+1 PTR ipv4.example.
diff --git a/bin/tests/system/lwresd/ns1/e.example1.db b/bin/tests/system/lwresd/ns1/e.example1.db
new file mode 100644
index 0000000..2d9587c
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/e.example1.db
@@ -0,0 +1,54 @@
+; File written on Wed Mar 5 10:20:40 2008
+; dnssec_signzone version 9.3.4-P1
+e.example1. 300 IN SOA mname1. . (
+ 2002082210 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ 300 RRSIG SOA 5 2 300 20010101000000 (
+ 20000101000000 14043 e.example1.
+ KtYwrnKM7Tu53BNf8XuTix53r9kDdCneJ1X7
+ xklFbp4YjRKC3NhwVK9PFe0jdHOkIDMtrwxn
+ n7/Rp07xIyURqw== )
+ 300 NS ns.e.example1.
+ 300 RRSIG NS 5 2 300 20010101000000 (
+ 20000101000000 14043 e.example1.
+ KBPx3XmNl4swVPdwuUEFuzZedMSfsyK2a0Fu
+ o2wBnbCuS7G7DtfW9690lP/eTyixLOIwlFLQ
+ MrjN3+XgpkdgIw== )
+ 300 A 10.0.1.1
+ 300 RRSIG A 5 2 300 20010101000000 (
+ 20000101000000 14043 e.example1.
+ KYlxMQUvv8DQtVgS23lNL5tFYmRppJ7vTgH3
+ btvgKbyHxW/04ewRsgCa82iu3iJipdEhKM11
+ ALkRNhqL7frnig== )
+ 3600 NSEC ns.e.example1. A NS SOA RRSIG NSEC DNSKEY
+ 3600 RRSIG NSEC 5 2 3600 20010101000000 (
+ 20000101000000 14043 e.example1.
+ azSgagb7bldM06qSZg8nDZWOY2FbqeZY0/T8
+ nC+6VhCs7YTfNvXynLWmvmpqL7gVT6/O+Yi2
+ 2lmdntld7GORrQ== )
+ 300 DNSKEY 256 3 5 (
+ AwEAAcvAUMfH7wA0z077fJaF7RMrxAFyvo0/
+ 7aAL4d2/yA5TqTaUCVnJtE+XgGO34kH9mwae
+ we+Nyv2kRWDeLl6nhGk=
+ ) ; key id = 14043
+ 300 RRSIG DNSKEY 5 2 300 20010101000000 (
+ 20000101000000 14043 e.example1.
+ BQFWOHopXuBNdzcopkdl1YVKGF0QvIaYpywM
+ fcpG5gi+sy9EoTofQ1UGsLOjU3nFXCvJFG4K
+ 1gUhzEEti440/g== )
+ns.e.example1. 300 IN A 10.53.0.1
+ 300 RRSIG A 5 3 300 20010101000000 (
+ 20000101000000 14043 e.example1.
+ cYPzsWNQ/eL4h2lihKRjKT2jhGpOqV9woGJA
+ /Jstx2iethOAvYtgY22CsAbCUr/6E4bSgBZR
+ TMoC604cNdFzIw== )
+ 3600 NSEC e.example1. A RRSIG NSEC
+ 3600 RRSIG NSEC 5 3 3600 20010101000000 (
+ 20000101000000 14043 e.example1.
+ J8Md544zDLP4GjyAtkjH/rSFvpzXY/7bgJRS
+ YDoARwFQRmlrJvavXEjqElb2fTQqlNNz1cal
+ QROz/WJ3GLwOWw== )
diff --git a/bin/tests/system/lwresd/ns1/example1.db b/bin/tests/system/lwresd/ns1/example1.db
new file mode 100644
index 0000000..16a53f4
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/example1.db
@@ -0,0 +1,35 @@
+; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2003 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example1.db,v 1.19 2008/04/02 23:46:57 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2002082210 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+a A 10.0.1.1
+a2 CNAME a
+a3 CNAME nowhere
+b AAAA eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff
+8.8.7.7 DNAME net
+0.0.f.f.e.e.d.d.c.c.b.b.a.a.9.9.net PTR dname
+e NS ns.e
diff --git a/bin/tests/system/lwresd/ns1/example2.db b/bin/tests/system/lwresd/ns1/example2.db
new file mode 100644
index 0000000..495f2f6
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/example2.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example2.db,v 1.10 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2000062001 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+a A 10.0.2.1
+b AAAA eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff
diff --git a/bin/tests/system/lwresd/ns1/ip6.arpa.db b/bin/tests/system/lwresd/ns1/ip6.arpa.db
new file mode 100644
index 0000000..d2a1965
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/ip6.arpa.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ip6.arpa.db,v 1.11 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2002082300 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.1 PTR ip6.arpa.example.
+6.6.5.5.4.4.3.3.2.2.1.1 DNAME example1.
diff --git a/bin/tests/system/lwresd/ns1/ip6.int.db b/bin/tests/system/lwresd/ns1/ip6.int.db
new file mode 100644
index 0000000..8085426
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/ip6.int.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ip6.int.db,v 1.11 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2002082300 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0 PTR ip6.int.example.
diff --git a/bin/tests/system/lwresd/ns1/named.conf b/bin/tests/system/lwresd/ns1/named.conf
new file mode 100644
index 0000000..2d649c7
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/named.conf
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.21 2008/04/02 23:46:57 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "example1." {
+ type master;
+ file "example1.db";
+};
+
+zone "e.example1." {
+ type master;
+ file "e.example1.db";
+};
+
+zone "example2." {
+ type master;
+ file "example2.db";
+};
+
+zone "10.10.10.in-addr.arpa." {
+ type master;
+ file "10.10.10.in-addr.arpa.db";
+};
+
+zone "ip6.int." {
+ type master;
+ file "ip6.int.db";
+};
+
+zone "ip6.arpa." {
+ type master;
+ file "ip6.arpa.db";
+};
diff --git a/bin/tests/system/lwresd/ns1/root.db b/bin/tests/system/lwresd/ns1/root.db
new file mode 100644
index 0000000..9cd0a16
--- /dev/null
+++ b/bin/tests/system/lwresd/ns1/root.db
@@ -0,0 +1,33 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.9 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1. NS ns.example1.
+ns.example1. A 10.53.0.2
+example2. NS ns.example2.
+ns.example2. A 10.53.0.2
+x A 10.1.10.1
diff --git a/bin/tests/system/lwresd/resolv.conf b/bin/tests/system/lwresd/resolv.conf
new file mode 100644
index 0000000..1aa88c9
--- /dev/null
+++ b/bin/tests/system/lwresd/resolv.conf
@@ -0,0 +1,21 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: resolv.conf,v 1.11 2007/06/19 23:47:04 tbox Exp $
+
+nameserver 10.53.0.1
+lwserver 10.53.0.1
+search example1.
+ndots 1
diff --git a/bin/tests/system/lwresd/tests.sh b/bin/tests/system/lwresd/tests.sh
new file mode 100644
index 0000000..c425410
--- /dev/null
+++ b/bin/tests/system/lwresd/tests.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.18 2007/06/18 23:47:29 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:using resolv.conf"
+ret=0
+./lwtest || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+$PERL $SYSTEMTESTTOP/stop.pl . lwresd1
+
+$PERL $SYSTEMTESTTOP/start.pl . lwresd1 -- "-m record,size,mctx -c lwresd.conf -d 99 -g"
+
+echo "I:using lwresd.conf"
+ret=0
+./lwtest || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/masterfile/clean.sh b/bin/tests/system/masterfile/clean.sh
new file mode 100644
index 0000000..d90a65d
--- /dev/null
+++ b/bin/tests/system/masterfile/clean.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.5 2007/09/26 03:22:44 marka Exp $
+
+rm -f dig.out
+rm -f */named.memstats
diff --git a/bin/tests/system/masterfile/knowngood.dig.out b/bin/tests/system/masterfile/knowngood.dig.out
new file mode 100644
index 0000000..56de555
--- /dev/null
+++ b/bin/tests/system/masterfile/knowngood.dig.out
@@ -0,0 +1,33 @@
+include. 300 IN SOA ns.include. hostmaster.include. 1 3600 1800 1814400 3600
+include. 300 IN NS ns.include.
+a.include. 300 IN A 10.0.0.1
+a.include. 300 IN A 10.0.0.99
+a.a.include. 300 IN A 10.0.1.1
+b.foo.a.include. 300 IN A 10.0.2.2
+b.include. 300 IN A 10.0.0.2
+b.include. 300 IN A 10.0.0.99
+a.b.include. 300 IN A 10.0.1.1
+c.b.include. 300 IN A 10.0.0.3
+b.foo.b.include. 300 IN A 10.0.2.2
+ns.include. 300 IN A 127.0.0.1
+include. 300 IN SOA ns.include. hostmaster.include. 1 3600 1800 1814400 3600
+ttl2. 1 IN SOA ns.ttl2. hostmaster.ttl2. 1 3600 1800 1814400 3
+ttl2. 1 IN NS ns.ttl2.
+a.ttl2. 1 IN TXT "inherited ttl 1"
+b.ttl2. 2 IN TXT "explicit ttl 2"
+c.ttl2. 2 IN TXT "inherited ttl 2"
+d.ttl2. 3 IN TXT "default ttl 3"
+e.ttl2. 2 IN TXT "explicit ttl 2"
+f.ttl2. 3 IN TXT "default ttl 3"
+ns.ttl2. 1 IN A 10.53.0.1
+ttl2. 1 IN SOA ns.ttl2. hostmaster.ttl2. 1 3600 1800 1814400 3
+ttl2. 1 IN SOA ns.ttl2. hostmaster.ttl2. 1 3600 1800 1814400 3
+ttl2. 1 IN NS ns.ttl2.
+a.ttl2. 1 IN TXT "inherited ttl 1"
+b.ttl2. 2 IN TXT "explicit ttl 2"
+c.ttl2. 2 IN TXT "inherited ttl 2"
+d.ttl2. 3 IN TXT "default ttl 3"
+e.ttl2. 2 IN TXT "explicit ttl 2"
+f.ttl2. 3 IN TXT "default ttl 3"
+ns.ttl2. 1 IN A 10.53.0.1
+ttl2. 1 IN SOA ns.ttl2. hostmaster.ttl2. 1 3600 1800 1814400 3
diff --git a/bin/tests/system/masterfile/ns1/include.db b/bin/tests/system/masterfile/ns1/include.db
new file mode 100644
index 0000000..47c985f
--- /dev/null
+++ b/bin/tests/system/masterfile/ns1/include.db
@@ -0,0 +1,41 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: include.db,v 1.5 2007/06/19 23:47:04 tbox Exp $
+
+; Test $INCLUDE current domain name and origin semantics
+
+$TTL 300
+@ IN SOA ns hostmaster (
+ 1 ; serial
+ 3600
+ 1800
+ 1814400
+ 3600
+ )
+ NS ns
+
+ns A 127.0.0.1
+
+a A 10.0.0.1
+$INCLUDE sub.db a
+; use the current domain name
+ A 10.0.0.99
+b A 10.0.0.2
+$ORIGIN b
+$INCLUDE sub.db
+; use the current domain name
+ A 10.0.0.99
+c A 10.0.0.3
diff --git a/bin/tests/system/masterfile/ns1/named.conf b/bin/tests/system/masterfile/ns1/named.conf
new file mode 100644
index 0000000..1669f94
--- /dev/null
+++ b/bin/tests/system/masterfile/ns1/named.conf
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.6 2007/06/19 23:47:04 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "include" {
+ type master;
+ file "include.db";
+};
+
+zone "ttl1" {
+ type master;
+ file "ttl1.db";
+};
+
+zone "ttl2" {
+ type master;
+ file "ttl2.db";
+};
diff --git a/bin/tests/system/masterfile/ns1/sub.db b/bin/tests/system/masterfile/ns1/sub.db
new file mode 100644
index 0000000..d6186f1
--- /dev/null
+++ b/bin/tests/system/masterfile/ns1/sub.db
@@ -0,0 +1,21 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: sub.db,v 1.5 2007/06/19 23:47:04 tbox Exp $
+
+a A 10.0.1.1
+$ORIGIN foo
+b A 10.0.2.2
+
diff --git a/bin/tests/system/masterfile/ns1/ttl1.db b/bin/tests/system/masterfile/ns1/ttl1.db
new file mode 100644
index 0000000..c575cec
--- /dev/null
+++ b/bin/tests/system/masterfile/ns1/ttl1.db
@@ -0,0 +1,33 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ttl1.db,v 1.6 2007/06/19 23:47:04 tbox Exp $
+
+@ IN SOA ns hostmaster (
+ 1 ; serial
+ 3600
+ 1800
+ 1814400
+ 3
+ )
+ NS ns
+ns A 10.53.0.1
+a TXT "soa minttl 3"
+b 2 TXT "explicit ttl 2"
+c TXT "soa minttl 3"
+$TTL 1
+d TXT "default ttl 1"
+e 4 TXT "explicit ttl 4"
+f TXT "default ttl 1"
diff --git a/bin/tests/system/masterfile/ns1/ttl2.db b/bin/tests/system/masterfile/ns1/ttl2.db
new file mode 100644
index 0000000..2a01123
--- /dev/null
+++ b/bin/tests/system/masterfile/ns1/ttl2.db
@@ -0,0 +1,36 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ttl2.db,v 1.6 2007/06/19 23:47:04 tbox Exp $
+
+@ 1 IN SOA ns hostmaster (
+ 1 ; serial
+ 3600
+ 1800
+ 1814400
+ 3
+ )
+ NS ns
+ns A 10.53.0.1
+a TXT "inherited ttl 1"
+b 2 TXT "explicit ttl 2"
+c TXT "inherited ttl 2"
+$TTL 3
+d TXT "default ttl 3"
+e 2 TXT "explicit ttl 2"
+f TXT "default ttl 3"
+
+
+
diff --git a/bin/tests/system/masterfile/tests.sh b/bin/tests/system/masterfile/tests.sh
new file mode 100644
index 0000000..beebcdc
--- /dev/null
+++ b/bin/tests/system/masterfile/tests.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:04 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:test master file \$INCLUDE semantics"
+$DIG +nostats +nocmd include. axfr @10.53.0.1 -p 5300 >dig.out
+
+echo "I:test master file BIND 8 compatibility TTL and \$TTL semantics"
+$DIG +nostats +nocmd ttl2. axfr @10.53.0.1 -p 5300 >>dig.out
+
+echo "I:test of master file RFC1035 TTL and \$TTL semantics"
+$DIG +nostats +nocmd ttl2. axfr @10.53.0.1 -p 5300 >>dig.out
+
+diff dig.out knowngood.dig.out || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/masterformat/clean.sh b/bin/tests/system/masterformat/clean.sh
new file mode 100755
index 0000000..1909dc2
--- /dev/null
+++ b/bin/tests/system/masterformat/clean.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.5 2007/09/26 03:22:44 marka Exp $
+
+rm -f named-compilezone
+rm -f ns1/example.db.raw
+rm -f ns2/example.db
+rm -f dig.out.*
+rm -f */named.memstats
diff --git a/bin/tests/system/masterformat/ns1/compile.sh b/bin/tests/system/masterformat/ns1/compile.sh
new file mode 100755
index 0000000..551a01f
--- /dev/null
+++ b/bin/tests/system/masterformat/ns1/compile.sh
@@ -0,0 +1,17 @@
+# Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: compile.sh,v 1.6 2007/06/19 23:47:04 tbox Exp $
+
+../named-compilezone -D -F raw -o example.db.raw example example.db
diff --git a/bin/tests/system/masterformat/ns1/example.db b/bin/tests/system/masterformat/ns1/example.db
new file mode 100644
index 0000000..c216706
--- /dev/null
+++ b/bin/tests/system/masterformat/ns1/example.db
@@ -0,0 +1,54 @@
+; Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.5 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 1D
+
+@ IN SOA ns hostmaster (
+ 1
+ 3600
+ 1800
+ 1814400
+ 3
+ )
+ NS ns
+ns A 10.53.0.1
+mx MX 10 mail
+a A 10.53.0.1
+ A 10.53.0.2
+aaaa AAAA 2001:db8::53
+cname CNAME cname-target
+dname DNAME dname-target
+txt TXT "this is text"
+
+;;
+;; we are not testing DNSSEC behavior, so we don't care about the semantics
+;; of the following records.
+dnskey 300 DNSKEY 256 3 1 (
+ AQPTpWyReB/e9Ii6mVGnakS8hX2zkh/iUYAg
+ +Ge4noWROpTWOIBvm76zeJPWs4Zfqa1IsswD
+ Ix5Mqeg0zwclz59uecKsKyx5w9IhtZ8plc4R
+ b9VIE5x7KNHAYTvTO5d4S8M=
+ )
+ds 300 DS 30795 1 1 (
+ 310D27F4D82C1FC2400704EA9939FE6E1CEA
+ A3B9 )
+nsec 600 NSEC nsecnext NS DS RRSIG NSEC
+rrsig 300 RRSIG SOA 1 0 300 20050714214747 (
+ 20050614214747 30795 .
+ yi/RRPAQmn6rnjDQaCqVValBa+ICF00ZldKf
+ ZSDaoew5mMUh83DlrrPPNeAxrzMSNzDGlJ6P
+ fdyIFgzPn/CvthF4kjBUAiJTp4r2zhlaUJQ+
+ QFo+drYXYgVJo6aA36fj )
diff --git a/bin/tests/system/masterformat/ns1/named.conf b/bin/tests/system/masterformat/ns1/named.conf
new file mode 100644
index 0000000..a2971f5
--- /dev/null
+++ b/bin/tests/system/masterformat/ns1/named.conf
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:04 tbox Exp $ */
+
+// NS1
+
+controls { /* empty */ };
+
+options {
+ pid-file "named.pid";
+ listen-on port 5300 { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+ dnssec-enable yes;
+};
+
+zone "example" {
+ type master;
+ masterfile-format raw;
+ file "example.db.raw";
+};
diff --git a/bin/tests/system/masterformat/ns2/named.conf b/bin/tests/system/masterformat/ns2/named.conf
new file mode 100644
index 0000000..3cda00e
--- /dev/null
+++ b/bin/tests/system/masterformat/ns2/named.conf
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:04 tbox Exp $ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+ pid-file "named.pid";
+ listen-on port 5300 { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+ dnssec-enable yes;
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/masterformat/setup.sh b/bin/tests/system/masterformat/setup.sh
new file mode 100755
index 0000000..4c85ab7
--- /dev/null
+++ b/bin/tests/system/masterformat/setup.sh
@@ -0,0 +1,20 @@
+# Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.6 2007/06/19 23:47:04 tbox Exp $
+
+ln -s $CHECKZONE named-compilezone
+rm -f ns1/example.db.raw
+cp ns1/example.db ns2/
+cd ns1 && sh compile.sh
diff --git a/bin/tests/system/masterformat/tests.sh b/bin/tests/system/masterformat/tests.sh
new file mode 100755
index 0000000..71c115d
--- /dev/null
+++ b/bin/tests/system/masterformat/tests.sh
@@ -0,0 +1,80 @@
+#!/bin/sh
+#
+# Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.4 2007/06/19 23:47:04 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="+tcp +noauth +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+status=0
+
+echo "I:checking that master file in the raw format worked"
+
+for server in 1 2
+do
+ for name in ns mx a aaaa cname dname txt rrsig nsec dnskey ds
+ do
+ $DIG $DIGOPTS $name.example. $name @10.53.0.$server -p 5300
+ echo
+ done > dig.out.$server
+done
+
+diff dig.out.1 dig.out.2 || status=1
+
+echo "I:exit status: $status"
+exit $status
+#!/bin/sh
+#
+# Copyright (C) 2005 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.4 2007/06/19 23:47:04 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="+tcp +noauth +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+status=0
+
+echo "I:checking that master file in the raw format worked"
+
+for server in 1 2
+do
+ for name in ns mx a aaaa cname dname txt rrsig nsec dnskey ds
+ do
+ $DIG $DIGOPTS $name.example. $name @10.53.0.$server -p 5300
+ echo
+ done > dig.out.$server
+done
+
+diff dig.out.1 dig.out.2 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/notify/clean.sh b/bin/tests/system/notify/clean.sh
new file mode 100644
index 0000000..6a08bab
--- /dev/null
+++ b/bin/tests/system/notify/clean.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.12 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f ns3/example.bk dig.out.ns2 dig.out.ns3
+rm -f ns2/example.db
+rm -f */named.memstats
diff --git a/bin/tests/system/notify/ns1/named.conf b/bin/tests/system/notify/ns1/named.conf
new file mode 100644
index 0000000..29b22e5
--- /dev/null
+++ b/bin/tests/system/notify/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.18 2007/06/19 23:47:04 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/notify/ns1/root.db b/bin/tests/system/notify/ns1/root.db
new file mode 100644
index 0000000..cff7b81
--- /dev/null
+++ b/bin/tests/system/notify/ns1/root.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.9 2007/06/19 23:47:04 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
diff --git a/bin/tests/system/notify/ns2/example1.db b/bin/tests/system/notify/ns2/example1.db
new file mode 100644
index 0000000..f081693
--- /dev/null
+++ b/bin/tests/system/notify/ns2/example1.db
@@ -0,0 +1,150 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example1.db,v 1.12 2007/06/19 23:47:04 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 1 ; serial
+ 300 ; refresh (300 seconds)
+ 300 ; retry (300 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+a A 10.0.0.1
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+key01 KEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02 NXT . ( NSAP-PTR NXT )
+nxt03 NXT . ( A )
+nxt04 NXT . ( 127 )
+ptr01 PTR example.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.
+ns A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+sig01 SIG NXT 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nxt"
+$ORIGIN u.example.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/notify/ns2/example2.db b/bin/tests/system/notify/ns2/example2.db
new file mode 100644
index 0000000..93ae040
--- /dev/null
+++ b/bin/tests/system/notify/ns2/example2.db
@@ -0,0 +1,150 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example2.db,v 1.12 2007/06/19 23:47:04 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 2 ; serial
+ 300 ; refresh (300 seconds)
+ 300 ; retry (300 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+a A 10.0.0.2
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+key01 KEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02 NXT . ( NSAP-PTR NXT )
+nxt03 NXT . ( A )
+nxt04 NXT . ( 127 )
+ptr01 PTR example.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.
+ns A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+sig01 SIG NXT 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nxt"
+$ORIGIN u.example.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/notify/ns2/example3.db b/bin/tests/system/notify/ns2/example3.db
new file mode 100644
index 0000000..3afbaa6
--- /dev/null
+++ b/bin/tests/system/notify/ns2/example3.db
@@ -0,0 +1,150 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example3.db,v 1.12 2007/06/19 23:47:04 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 3 ; serial
+ 300 ; refresh (300 seconds)
+ 300 ; retry (300 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+a A 10.0.0.3
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+key01 KEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02 NXT . ( NSAP-PTR NXT )
+nxt03 NXT . ( A )
+nxt04 NXT . ( 127 )
+ptr01 PTR example.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.
+ns A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+sig01 SIG NXT 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nxt"
+$ORIGIN u.example.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/notify/ns2/example4.db b/bin/tests/system/notify/ns2/example4.db
new file mode 100644
index 0000000..8c18a37
--- /dev/null
+++ b/bin/tests/system/notify/ns2/example4.db
@@ -0,0 +1,150 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example4.db,v 1.12 2007/06/19 23:47:04 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 4 ; serial
+ 300 ; refresh (300 seconds)
+ 300 ; retry (300 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+a A 10.0.0.4
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+key01 KEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02 NXT . ( NSAP-PTR NXT )
+nxt03 NXT . ( A )
+nxt04 NXT . ( 127 )
+ptr01 PTR example.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.
+ns A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+sig01 SIG NXT 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nxt"
+$ORIGIN u.example.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/notify/ns2/named.conf b/bin/tests/system/notify/ns2/named.conf
new file mode 100644
index 0000000..f57a107
--- /dev/null
+++ b/bin/tests/system/notify/ns2/named.conf
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.20 2007/06/19 23:47:04 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+ allow-update { any; };
+};
diff --git a/bin/tests/system/notify/ns3/named.conf b/bin/tests/system/notify/ns3/named.conf
new file mode 100644
index 0000000..5316957
--- /dev/null
+++ b/bin/tests/system/notify/ns3/named.conf
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.24 2007/06/18 23:47:29 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type slave;
+ masters { 10.53.0.2; };
+ file "example.bk";
+};
+
+
diff --git a/bin/tests/system/notify/setup.sh b/bin/tests/system/notify/setup.sh
new file mode 100644
index 0000000..eebcbf1
--- /dev/null
+++ b/bin/tests/system/notify/setup.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.10 2007/06/19 23:47:04 tbox Exp $
+
+cp -f ns2/example1.db ns2/example.db
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
new file mode 100644
index 0000000..0f14240
--- /dev/null
+++ b/bin/tests/system/notify/tests.sh
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.33 2007/06/19 23:47:04 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.2 a -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.3 a -p 5300 > dig.out.ns3 || status=1
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig.out.ns2 dig.out.ns3 || status=1
+
+rm -f ns2/example.db
+cp -f ns2/example2.db ns2/example.db
+kill -HUP `cat ns2/named.pid`
+sleep 45
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.2 a -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.3 a -p 5300 > dig.out.ns3 || status=1
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig.out.ns2 dig.out.ns3 || status=1
+
+###
+# Why does not doing the stop not cause problems with the start further on?
+###
+$PERL $SYSTEMTESTTOP/stop.pl . ns3
+
+rm -f ns2/example.db
+cp -f ns2/example3.db ns2/example.db
+kill -HUP `cat ns2/named.pid`
+sleep 45
+
+$PERL $SYSTEMTESTTOP/start.pl . ns3
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.2 a -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.3 a -p 5300 > dig.out.ns3 || status=1
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig.out.ns2 dig.out.ns3 || status=1
+
+$PERL $SYSTEMTESTTOP/stop.pl . ns2
+
+rm -f ns2/example.db
+cp -f ns2/example4.db ns2/example.db
+
+$PERL $SYSTEMTESTTOP/start.pl . ns2
+
+sleep 45
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.2 a -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd a.example.\
+ @10.53.0.3 a -p 5300 > dig.out.ns3 || status=1
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig.out.ns2 dig.out.ns3 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
new file mode 100644
index 0000000..565c97b
--- /dev/null
+++ b/bin/tests/system/nsupdate/clean.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.12 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/*.jnl ns2/*.jnl \
+ ns1/example.db ns1/update.db
+rm -f ns2/example.bk
+rm -f ns2/update.bk
+rm -f */named.memstats
diff --git a/bin/tests/system/nsupdate/knowngood.ns1.after b/bin/tests/system/nsupdate/knowngood.ns1.after
new file mode 100644
index 0000000..32e1c8d
--- /dev/null
+++ b/bin/tests/system/nsupdate/knowngood.ns1.after
@@ -0,0 +1,99 @@
+example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 2 2000 2000 1814400 3600
+example.nil. 300 IN NS ns1.example.nil.
+example.nil. 300 IN NS ns2.example.nil.
+*.example.nil. 300 IN MX 10 mail.example.nil.
+a.example.nil. 300 IN TXT "foo foo foo"
+a.example.nil. 300 IN PTR foo.net.
+a01.example.nil. 3600 IN A 0.0.0.0
+a02.example.nil. 3600 IN A 255.255.255.255
+a601.example.nil. 3600 IN AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01.example.nil. 3600 IN AFSDB 0 hostname.example.nil.
+afsdb02.example.nil. 3600 IN AFSDB 65535 .
+b.example.nil. 300 IN CNAME foo.net.
+c.example.nil. 300 IN A 73.80.65.49
+cert01.example.nil. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+cname01.example.nil. 3600 IN CNAME cname-target.
+cname02.example.nil. 3600 IN CNAME cname-target.example.nil.
+cname03.example.nil. 3600 IN CNAME .
+d.example.nil. 300 IN A 73.80.65.49
+dname01.example.nil. 3600 IN DNAME dname-target.
+dname02.example.nil. 3600 IN DNAME dname-target.example.nil.
+dname03.example.nil. 3600 IN DNAME .
+e.example.nil. 300 IN MX 10 mail.example.nil.
+e.example.nil. 300 IN TXT "one"
+e.example.nil. 300 IN TXT "two"
+e.example.nil. 300 IN TXT "three"
+e.example.nil. 300 IN A 73.80.65.49
+e.example.nil. 300 IN A 73.80.65.50
+e.example.nil. 300 IN A 73.80.65.51
+e.example.nil. 300 IN A 73.80.65.52
+f.example.nil. 300 IN A 73.80.65.52
+gpos01.example.nil. 3600 IN GPOS "-22.6882" "116.8652" "250.0"
+gpos02.example.nil. 3600 IN GPOS "" "" ""
+hinfo01.example.nil. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02.example.nil. 3600 IN HINFO "PC" "NetBSD"
+isdn01.example.nil. 3600 IN ISDN "isdn-address"
+isdn02.example.nil. 3600 IN ISDN "isdn-address" "subaddress"
+isdn03.example.nil. 3600 IN ISDN "isdn-address"
+isdn04.example.nil. 3600 IN ISDN "isdn-address" "subaddress"
+key01.example.nil. 3600 IN KEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+kx01.example.nil. 3600 IN KX 10 kdc.example.nil.
+kx02.example.nil. 3600 IN KX 10 .
+loc01.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01.example.nil. 3600 IN MG madname.example.nil.
+mb02.example.nil. 3600 IN MG .
+mg01.example.nil. 3600 IN MG mgmname.example.nil.
+mg02.example.nil. 3600 IN MG .
+minfo01.example.nil. 3600 IN MINFO rmailbx.example.nil. emailbx.example.nil.
+minfo02.example.nil. 3600 IN MINFO . .
+mr01.example.nil. 3600 IN MR mrname.example.nil.
+mr02.example.nil. 3600 IN MR .
+mx01.example.nil. 3600 IN MX 10 mail.example.nil.
+mx02.example.nil. 3600 IN MX 10 .
+naptr01.example.nil. 3600 IN NAPTR 0 0 "" "" "" .
+naptr02.example.nil. 3600 IN NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+ns1.example.nil. 300 IN A 10.53.0.1
+ns2.example.nil. 300 IN A 10.53.0.2
+nsap-ptr01.example.nil. 3600 IN NSAP-PTR .
+nsap-ptr01.example.nil. 3600 IN NSAP-PTR foo.
+nsap01.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01.example.nil. 3600 IN NXT a.secure.example.nil. NS SOA MX SIG KEY LOC NXT
+nxt02.example.nil. 3600 IN NXT . NSAP-PTR NXT
+nxt03.example.nil. 3600 IN NXT . A
+nxt04.example.nil. 3600 IN NXT . 127
+ptr01.example.nil. 3600 IN PTR example.nil.
+px01.example.nil. 3600 IN PX 65535 foo. bar.
+px02.example.nil. 3600 IN PX 65535 . .
+rp01.example.nil. 3600 IN RP mbox-dname.example.nil. txt-dname.example.nil.
+rp02.example.nil. 3600 IN RP . .
+rt01.example.nil. 3600 IN RT 0 intermediate-host.example.nil.
+rt02.example.nil. 3600 IN RT 65535 .
+s.example.nil. 300 IN NS ns.s.example.nil.
+ns.s.example.nil. 300 IN A 73.80.65.49
+sig01.example.nil. 3600 IN SIG NXT 1 3 3600 20000102030405 19961211100908 2143 foo.example.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+srv01.example.nil. 3600 IN SRV 0 0 0 .
+srv02.example.nil. 3600 IN SRV 65535 65535 65535 old-slow-box.example.com.
+txt01.example.nil. 3600 IN TXT "foo"
+txt02.example.nil. 3600 IN TXT "foo" "bar"
+txt03.example.nil. 3600 IN TXT "foo"
+txt04.example.nil. 3600 IN TXT "foo" "bar"
+txt05.example.nil. 3600 IN TXT "foo bar"
+txt06.example.nil. 3600 IN TXT "foo bar"
+txt07.example.nil. 3600 IN TXT "foo bar"
+txt08.example.nil. 3600 IN TXT "foo\010bar"
+txt09.example.nil. 3600 IN TXT "foo\010bar"
+txt10.example.nil. 3600 IN TXT "foo bar"
+txt11.example.nil. 3600 IN TXT "\"foo\""
+txt12.example.nil. 3600 IN TXT "\"foo\""
+u.example.nil. 300 IN TXT "txt-not-in-nxt"
+a.u.example.nil. 300 IN A 73.80.65.49
+b.u.example.nil. 300 IN A 73.80.65.49
+updated.example.nil. 600 IN TXT "Foo"
+updated.example.nil. 600 IN A 10.10.10.1
+wks01.example.nil. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
+wks02.example.nil. 3600 IN WKS 10.0.0.1 17 0 1 2 53
+wks03.example.nil. 3600 IN WKS 10.0.0.2 6 65535
+x2501.example.nil. 3600 IN X25 "123456789"
+example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 2 2000 2000 1814400 3600
diff --git a/bin/tests/system/nsupdate/knowngood.ns1.afterstop b/bin/tests/system/nsupdate/knowngood.ns1.afterstop
new file mode 100644
index 0000000..e871d4c
--- /dev/null
+++ b/bin/tests/system/nsupdate/knowngood.ns1.afterstop
@@ -0,0 +1,3 @@
+updated4.example.nil. 600 IN A 10.10.10.3
+example.nil. 300 IN NS ns1.example.nil.
+example.nil. 300 IN NS ns2.example.nil.
diff --git a/bin/tests/system/nsupdate/knowngood.ns1.before b/bin/tests/system/nsupdate/knowngood.ns1.before
new file mode 100644
index 0000000..e108c2a
--- /dev/null
+++ b/bin/tests/system/nsupdate/knowngood.ns1.before
@@ -0,0 +1,98 @@
+example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 1 2000 2000 1814400 3600
+example.nil. 300 IN NS ns1.example.nil.
+example.nil. 300 IN NS ns2.example.nil.
+*.example.nil. 300 IN MX 10 mail.example.nil.
+a.example.nil. 300 IN TXT "foo foo foo"
+a.example.nil. 300 IN PTR foo.net.
+a01.example.nil. 3600 IN A 0.0.0.0
+a02.example.nil. 3600 IN A 255.255.255.255
+a601.example.nil. 3600 IN AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01.example.nil. 3600 IN AFSDB 0 hostname.example.nil.
+afsdb02.example.nil. 3600 IN AFSDB 65535 .
+b.example.nil. 300 IN CNAME foo.net.
+c.example.nil. 300 IN A 73.80.65.49
+cert01.example.nil. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+cname01.example.nil. 3600 IN CNAME cname-target.
+cname02.example.nil. 3600 IN CNAME cname-target.example.nil.
+cname03.example.nil. 3600 IN CNAME .
+d.example.nil. 300 IN A 73.80.65.49
+dname01.example.nil. 3600 IN DNAME dname-target.
+dname02.example.nil. 3600 IN DNAME dname-target.example.nil.
+dname03.example.nil. 3600 IN DNAME .
+e.example.nil. 300 IN MX 10 mail.example.nil.
+e.example.nil. 300 IN TXT "one"
+e.example.nil. 300 IN TXT "two"
+e.example.nil. 300 IN TXT "three"
+e.example.nil. 300 IN A 73.80.65.49
+e.example.nil. 300 IN A 73.80.65.50
+e.example.nil. 300 IN A 73.80.65.51
+e.example.nil. 300 IN A 73.80.65.52
+f.example.nil. 300 IN A 73.80.65.52
+gpos01.example.nil. 3600 IN GPOS "-22.6882" "116.8652" "250.0"
+gpos02.example.nil. 3600 IN GPOS "" "" ""
+hinfo01.example.nil. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02.example.nil. 3600 IN HINFO "PC" "NetBSD"
+isdn01.example.nil. 3600 IN ISDN "isdn-address"
+isdn02.example.nil. 3600 IN ISDN "isdn-address" "subaddress"
+isdn03.example.nil. 3600 IN ISDN "isdn-address"
+isdn04.example.nil. 3600 IN ISDN "isdn-address" "subaddress"
+key01.example.nil. 3600 IN KEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+kx01.example.nil. 3600 IN KX 10 kdc.example.nil.
+kx02.example.nil. 3600 IN KX 10 .
+loc01.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01.example.nil. 3600 IN MG madname.example.nil.
+mb02.example.nil. 3600 IN MG .
+mg01.example.nil. 3600 IN MG mgmname.example.nil.
+mg02.example.nil. 3600 IN MG .
+minfo01.example.nil. 3600 IN MINFO rmailbx.example.nil. emailbx.example.nil.
+minfo02.example.nil. 3600 IN MINFO . .
+mr01.example.nil. 3600 IN MR mrname.example.nil.
+mr02.example.nil. 3600 IN MR .
+mx01.example.nil. 3600 IN MX 10 mail.example.nil.
+mx02.example.nil. 3600 IN MX 10 .
+naptr01.example.nil. 3600 IN NAPTR 0 0 "" "" "" .
+naptr02.example.nil. 3600 IN NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+ns1.example.nil. 300 IN A 10.53.0.1
+ns2.example.nil. 300 IN A 10.53.0.2
+nsap-ptr01.example.nil. 3600 IN NSAP-PTR .
+nsap-ptr01.example.nil. 3600 IN NSAP-PTR foo.
+nsap01.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01.example.nil. 3600 IN NXT a.secure.example.nil. NS SOA MX SIG KEY LOC NXT
+nxt02.example.nil. 3600 IN NXT . NSAP-PTR NXT
+nxt03.example.nil. 3600 IN NXT . A
+nxt04.example.nil. 3600 IN NXT . 127
+ptr01.example.nil. 3600 IN PTR example.nil.
+px01.example.nil. 3600 IN PX 65535 foo. bar.
+px02.example.nil. 3600 IN PX 65535 . .
+rp01.example.nil. 3600 IN RP mbox-dname.example.nil. txt-dname.example.nil.
+rp02.example.nil. 3600 IN RP . .
+rt01.example.nil. 3600 IN RT 0 intermediate-host.example.nil.
+rt02.example.nil. 3600 IN RT 65535 .
+s.example.nil. 300 IN NS ns.s.example.nil.
+ns.s.example.nil. 300 IN A 73.80.65.49
+sig01.example.nil. 3600 IN SIG NXT 1 3 3600 20000102030405 19961211100908 2143 foo.example.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+srv01.example.nil. 3600 IN SRV 0 0 0 .
+srv02.example.nil. 3600 IN SRV 65535 65535 65535 old-slow-box.example.com.
+t.example.nil. 301 IN A 73.80.65.49
+txt01.example.nil. 3600 IN TXT "foo"
+txt02.example.nil. 3600 IN TXT "foo" "bar"
+txt03.example.nil. 3600 IN TXT "foo"
+txt04.example.nil. 3600 IN TXT "foo" "bar"
+txt05.example.nil. 3600 IN TXT "foo bar"
+txt06.example.nil. 3600 IN TXT "foo bar"
+txt07.example.nil. 3600 IN TXT "foo bar"
+txt08.example.nil. 3600 IN TXT "foo\010bar"
+txt09.example.nil. 3600 IN TXT "foo\010bar"
+txt10.example.nil. 3600 IN TXT "foo bar"
+txt11.example.nil. 3600 IN TXT "\"foo\""
+txt12.example.nil. 3600 IN TXT "\"foo\""
+u.example.nil. 300 IN TXT "txt-not-in-nxt"
+a.u.example.nil. 300 IN A 73.80.65.49
+b.u.example.nil. 300 IN A 73.80.65.49
+wks01.example.nil. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
+wks02.example.nil. 3600 IN WKS 10.0.0.1 17 0 1 2 53
+wks03.example.nil. 3600 IN WKS 10.0.0.2 6 65535
+x2501.example.nil. 3600 IN X25 "123456789"
+example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 1 2000 2000 1814400 3600
diff --git a/bin/tests/system/nsupdate/ns1/example1.db b/bin/tests/system/nsupdate/ns1/example1.db
new file mode 100644
index 0000000..e8856fe
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/example1.db
@@ -0,0 +1,152 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example1.db,v 1.8 2007/06/19 23:47:04 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example.nil IN SOA ns1.example.nil. hostmaster.example.nil. (
+ 1 ; serial
+ 2000 ; refresh (2000 seconds)
+ 2000 ; retry (2000 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example.nil. NS ns1.example.nil.
+ns1.example.nil. A 10.53.0.1
+example.nil. NS ns2.example.nil.
+ns2.example.nil. A 10.53.0.2
+
+$ORIGIN example.nil.
+* MX 10 mail
+a TXT "foo foo foo"
+ PTR foo.net.
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+key01 KEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02 NXT . ( NSAP-PTR NXT )
+nxt03 NXT . ( A )
+nxt04 NXT . ( 127 )
+ptr01 PTR example.nil.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.nil.
+ns A 73.80.65.49
+$ORIGIN example.nil.
+$TTL 3600 ; 1 hour
+sig01 SIG NXT 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nxt"
+$ORIGIN u.example.nil.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.nil.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf
new file mode 100644
index 0000000..0c0e8ff
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/named.conf
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.17 2007/06/19 23:47:04 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "example.nil" {
+ type master;
+ file "example.db";
+ check-integrity no;
+ allow-update { any; };
+ allow-transfer { any; };
+};
+
+zone "update.nil" {
+ type master;
+ file "update.db";
+ check-integrity no;
+ allow-update { any; };
+ allow-transfer { any; };
+ also-notify { 10.53.0.2; };
+};
diff --git a/bin/tests/system/nsupdate/ns2/named.conf b/bin/tests/system/nsupdate/ns2/named.conf
new file mode 100644
index 0000000..77e4013
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns2/named.conf
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.14 2007/06/18 23:47:30 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "example.nil" {
+ type slave;
+ masters { 10.53.0.1; };
+ file "example.bk";
+ allow-transfer { any; };
+};
+
+zone "update.nil" {
+ type slave;
+ masters { 10.53.0.1; };
+ file "update.bk";
+ allow-transfer { any; };
+};
+
+
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
new file mode 100644
index 0000000..2d9d51b
--- /dev/null
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.10 2007/06/19 23:47:04 tbox Exp $
+
+#
+# jnl and database files MUST be removed before we start
+#
+
+rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk
+
+cp -f ns1/example1.db ns1/example.db
+
+# update_test.pl has its own zone file because it
+# requires a specific NS record set.
+cat <<\EOF >ns1/update.db
+$ORIGIN .
+$TTL 300 ; 5 minutes
+update.nil IN SOA ns1.example.nil. hostmaster.example.nil. (
+ 1 ; serial
+ 2000 ; refresh (2000 seconds)
+ 2000 ; retry (2000 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+update.nil. NS ns1.update.nil.
+ns1.update.nil. A 10.53.0.2
+EOF
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
new file mode 100644
index 0000000..c6a26bb
--- /dev/null
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -0,0 +1,161 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.25 2007/06/19 23:47:04 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:fetching first copy of zone before update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+
+echo "I:fetching second copy of zone before update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns2 || status=1
+
+echo "I:comparing pre-update copies to known good data"
+$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || status=1
+$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1
+
+echo "I:updating zone"
+# nsupdate will print a ">" prompt to stdout as it gets each input line.
+$NSUPDATE <<END > /dev/null || status=1
+server 10.53.0.1 5300
+update add updated.example.nil. 600 A 10.10.10.1
+update add updated.example.nil. 600 TXT Foo
+update delete t.example.nil.
+
+END
+echo "I:sleeping 15 seconds for server to incorporate changes"
+sleep 15
+
+echo "I:fetching first copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+
+echo "I:fetching second copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+
+echo "I:comparing post-update copies to known good data"
+$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
+$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || status=1
+
+if $PERL -e 'use Net::DNS;' 2>/dev/null
+then
+ echo "I:running update.pl test"
+ $PERL update_test.pl -s 10.53.0.1 -p 5300 update.nil. || status=1
+else
+ echo "I:The second part of this test requires the Net::DNS library." >&2
+fi
+
+echo "I:fetching first copy of test zone"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+
+echo "I:fetching second copy of test zone"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+
+echo "I:comparing zones"
+$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || status=1
+
+echo "I:SIGKILL and restart server ns1"
+cd ns1
+kill -KILL `cat named.pid`
+rm named.pid
+cd ..
+sleep 10
+if
+ $PERL $SYSTEMTESTTOP/start.pl --noclean . ns1
+then
+ echo "I:restarted server ns1"
+else
+ echo "I:could not restart server ns1"
+ exit 1
+fi
+sleep 10
+
+echo "I:fetching ns1 after hard restart"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1.after || status=1
+
+echo "I:comparing zones"
+$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1
+
+echo "I:begin RT #482 regression test"
+
+echo "I:update master"
+$NSUPDATE <<END > /dev/null || status=1
+server 10.53.0.1 5300
+update add updated2.example.nil. 600 A 10.10.10.2
+update add updated2.example.nil. 600 TXT Bar
+update delete c.example.nil.
+send
+END
+
+sleep 5
+
+echo "I:SIGHUP slave"
+kill -HUP `cat ns2/named.pid`
+
+sleep 5
+
+echo "I:update master again"
+$NSUPDATE <<END > /dev/null || status=1
+server 10.53.0.1 5300
+update add updated3.example.nil. 600 A 10.10.10.3
+update add updated3.example.nil. 600 TXT Zap
+update delete d.example.nil.
+send
+END
+
+sleep 5
+
+echo "I:SIGHUP slave again"
+kill -HUP `cat ns2/named.pid`
+
+sleep 5
+
+if grep "out of sync" ns2/named.run
+then
+ status=1
+fi
+
+echo "I:end RT #482 regression test"
+
+echo "I:testing that rndc stop updates the master file"
+$NSUPDATE <<END > /dev/null || status=1
+server 10.53.0.1 5300
+update add updated4.example.nil. 600 A 10.10.10.3
+send
+END
+$PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1
+# Removing the journal file and restarting the server means
+# that the data served by the new server process are exactly
+# those dumped to the master file by "rndc stop".
+rm -f ns1/*jnl
+$PERL $SYSTEMTESTTOP/start.pl --noclean . ns1
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\
+ @10.53.0.1 a -p 5300 > dig.out.ns1 || status=1
+$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/nsupdate/update_test.pl b/bin/tests/system/nsupdate/update_test.pl
new file mode 100644
index 0000000..ef41b00
--- /dev/null
+++ b/bin/tests/system/nsupdate/update_test.pl
@@ -0,0 +1,426 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+#
+# Dynamic update test suite.
+#
+# Usage:
+#
+# perl update_test.pl [-s server] [-p port] zone
+#
+# The server defaults to 127.0.0.1.
+# The port defaults to 53.
+#
+# The "Special NS rules" tests will only work correctly if the
+# zone has no NS records to begin with, or alternatively has a
+# single NS record pointing at the name "ns1" (relative to
+# the zone name).
+#
+# Installation notes:
+#
+# This program uses the Net::DNS::Resolver module.
+# You can install it by saying
+#
+# perl -MCPAN -e "install Net::DNS"
+#
+# $Id: update_test.pl,v 1.10 2007/06/19 23:47:04 tbox Exp $
+#
+
+use Getopt::Std;
+use Net::DNS;
+use Net::DNS::Update;
+use Net::DNS::Resolver;
+
+$opt_s = "127.0.0.1";
+$opt_p = 53;
+
+getopt('s:p:');
+
+$res = new Net::DNS::Resolver;
+$res->nameservers($opt_s);
+$res->port($opt_p);
+$res->defnames(0); # Do not append default domain.
+
+@ARGV == 1 or die
+ "usage: perl update_test.pl [-s server] [-p port] zone\n";
+
+$zone = shift @ARGV;
+
+my $failures = 0;
+
+sub assert {
+ my ($cond, $explanation) = @_;
+ if (!$cond) {
+ print "I:Test Failed: $explanation ***\n";
+ $failures++
+ }
+}
+
+sub test {
+ my ($expected, @records) = @_;
+
+ my $update = new Net::DNS::Update("$zone");
+
+ foreach $rec (@records) {
+ $update->push(@$rec);
+ }
+
+ $reply = $res->send($update);
+
+ # Did it work?
+ if (defined $reply) {
+ my $rcode = $reply->header->rcode;
+ assert($rcode eq $expected, "expected $expected, got $rcode");
+ } else {
+ print "I:Update failed: ", $res->errorstring, "\n";
+ }
+}
+
+sub section {
+ my ($msg) = @_;
+ print "I:$msg\n";
+}
+
+section("Delete any leftovers from previous tests");
+test("NOERROR", ["update", rr_del("a.$zone")]);
+test("NOERROR", ["update", rr_del("b.$zone")]);
+test("NOERROR", ["update", rr_del("c.$zone")]);
+test("NOERROR", ["update", rr_del("d.$zone")]);
+test("NOERROR", ["update", rr_del("e.$zone")]);
+test("NOERROR", ["update", rr_del("f.$zone")]);
+test("NOERROR", ["update", rr_del("ns.s.$zone")]);
+test("NOERROR", ["update", rr_del("s.$zone")]);
+test("NOERROR", ["update", rr_del("t.$zone")]);
+test("NOERROR", ["update", rr_del("*.$zone")]);
+test("NOERROR", ["update", rr_del("u.$zone")]);
+test("NOERROR", ["update", rr_del("a.u.$zone")]);
+test("NOERROR", ["update", rr_del("b.u.$zone")]);
+
+section("Simple prerequisites in the absence of data");
+# Name is in Use
+test("NXDOMAIN", ["pre", yxdomain("a.$zone")]);
+# RRset exists (value independent)
+test("NXRRSET", ["pre", yxrrset("a.$zone A")]);
+# Name is not in use
+test("NOERROR", ["pre", nxdomain("a.$zone")]);
+# RRset does not exist
+test("NOERROR", ["pre", nxrrset("a.$zone A")]);
+# RRset exists (value dependent)
+test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]);
+
+
+section ("Simple creation of data");
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
+
+section ("Simple prerequisites in the presence of data");
+# Name is in use
+test("NOERROR", ["pre", yxdomain("a.$zone")]);
+# RRset exists (value independent)
+test("NOERROR", ["pre", yxrrset("a.$zone A")]);
+# Name is not in use
+test("YXDOMAIN", ["pre", nxdomain("a.$zone")]);
+# RRset does not exist
+test("YXRRSET", ["pre", nxrrset("a.$zone A")]);
+# RRset exists (value dependent)
+test("NOERROR", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]);
+
+#
+# Merging of RRsets
+#
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
+
+section("Detailed tests of \"RRset exists (value dependent)\" prerequisites");
+test("NOERROR", ["pre",
+ yxrrset("a.$zone 300 A 73.80.65.49"),
+ yxrrset("a.$zone 300 A 73.80.65.50")]);
+test("NOERROR", ["pre",
+ yxrrset("a.$zone 300 A 73.80.65.50"),
+ yxrrset("a.$zone 300 A 73.80.65.49")]);
+test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]);
+test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.50")]);
+test("NXRRSET", ["pre",
+ yxrrset("a.$zone 300 A 73.80.65.49"),
+ yxrrset("a.$zone 300 A 73.80.65.50"),
+ yxrrset("a.$zone 300 A 73.80.65.51")]);
+
+
+section("Torture test of \"RRset exists (value dependent)\" prerequisites.");
+
+test("NOERROR", ["update",
+ rr_add("e.$zone 300 A 73.80.65.49"),
+ rr_add("e.$zone 300 TXT 'one'"),
+ rr_add("e.$zone 300 A 73.80.65.50")]);
+test("NOERROR", ["update",
+ rr_add("e.$zone 300 A 73.80.65.52"),
+ rr_add("f.$zone 300 A 73.80.65.52"),
+ rr_add("e.$zone 300 A 73.80.65.51")]);
+test("NOERROR", ["update",
+ rr_add("e.$zone 300 TXT 'three'"),
+ rr_add("e.$zone 300 TXT 'two'")]);
+test("NOERROR", ["update",
+ rr_add("e.$zone 300 MX 10 mail.$zone")]);
+
+test("NOERROR", ["pre",
+ yxrrset("e.$zone 300 A 73.80.65.52"),
+ yxrrset("e.$zone 300 TXT 'two'"),
+ yxrrset("e.$zone 300 A 73.80.65.51"),
+ yxrrset("e.$zone 300 TXT 'three'"),
+ yxrrset("e.$zone 300 A 73.80.65.50"),
+ yxrrset("f.$zone 300 A 73.80.65.52"),
+ yxrrset("e.$zone 300 A 73.80.65.49"),
+ yxrrset("e.$zone 300 TXT 'one'")]);
+
+
+section("Subtraction of RRsets");
+test("NOERROR", ["update", rr_del("a.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["pre",
+ yxrrset("a.$zone 300 A 73.80.65.50")]);
+
+test("NOERROR", ["update", rr_del("a.$zone 300 A 73.80.65.50")]);
+test("NOERROR", ["pre", nxrrset("a.$zone 300 A")]);
+test("NOERROR", ["pre", nxdomain("a.$zone")]);
+
+section("Other forms of deletion");
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
+test("NOERROR", ["update", rr_add("a.$zone 300 MX 10 mail.$zone")]);
+test("NOERROR", ["update", rr_del("a.$zone 300 A")]);
+test("NOERROR", ["pre", nxrrset("a.$zone 300 A")]);
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
+test("NOERROR", ["update", rr_del("a.$zone")]);
+test("NOERROR", ["pre", nxdomain("a.$zone")]);
+
+section("Case insensitivity");
+test("NOERROR", ["update", rr_add("a.$zone 300 PTR foo.net.")]);
+test("NOERROR", ["pre", yxrrset("A.$zone 300 PTR fOo.NeT.")]);
+
+section("Special CNAME rules");
+test("NOERROR", ["update", rr_add("b.$zone 300 CNAME foo.net.")]);
+test("NOERROR", ["update", rr_add("b.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["pre", yxrrset("b.$zone 300 CNAME foo.net.")]);
+test("NOERROR", ["pre", nxrrset("b.$zone A")]);
+
+test("NOERROR", ["update", rr_add("c.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["update", rr_add("c.$zone 300 CNAME foo.net.")]);
+test("NOERROR", ["pre", yxrrset("c.$zone A")]);
+test("NOERROR", ["pre", nxrrset("c.$zone CNAME")]);
+
+# XXX should test with SIG, KEY, NXT, too.
+
+#
+# Currently commented out because Net::DNS does not properly
+# support WKS records.
+#
+#section("Special WKS rules");
+#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP telnet ftp")]);
+#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 UDP telnet ftp")]);
+#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]);
+#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP smtp")]);
+#test("NOERROR", ["pre",
+# yxrrset("c.$zone 300 WKS 73.80.65.49 TCP smtp"),
+# yxrrset("c.$zone 300 WKS 73.80.65.49 UDP telnet ftp"),
+# yxrrset("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]);
+
+
+section("Special NS rules");
+
+# Deleting the last NS record using "Delete an RR from an RRset"
+# should fail at the zone apex and work elsewhere. The pseudocode
+# in RFC2136 says it should fail everywhere, but this is in conflict
+# with the actual text.
+
+# Apex
+test("NOERROR", ["update",
+ rr_add("$zone 300 NS ns1.$zone"),
+ rr_add("$zone 300 NS ns2.$zone")]);
+test("NOERROR", ["update", rr_del("$zone 300 NS ns1.$zone")]);
+test("NOERROR", ["update", rr_del("$zone 300 NS ns2.$zone")]);
+test("NOERROR", ["pre",
+ yxrrset("$zone 300 NS ns2.$zone")]);
+
+# Non-apex
+test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
+test("NOERROR", ["update", rr_del("n.$zone 300 NS ns1.$zone")]);
+test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]);
+
+# Other ways of deleting NS records should also fail at the apex
+# and work elsewhere.
+
+# Non-apex
+test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
+test("NOERROR", ["update", rr_del("n.$zone 300 NS")]);
+test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]);
+
+test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
+test("NOERROR", ["pre", yxrrset("n.$zone 300 NS")]);
+test("NOERROR", ["update", rr_del("n.$zone")]);
+test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]);
+
+# Apex
+test("NOERROR", ["update", rr_del("$zone NS")]);
+test("NOERROR", ["pre",
+ yxrrset("$zone 300 NS ns2.$zone")]);
+
+test("NOERROR", ["update", rr_del("$zone")]);
+test("NOERROR", ["pre",
+ yxrrset("$zone 300 NS ns2.$zone")]);
+
+# They should not touch the SOA, either.
+
+test("NOERROR", ["update", rr_del("$zone SOA")]);
+test("NOERROR", ["pre", yxrrset("$zone SOA")]);
+
+
+section("Idempotency");
+
+test("NOERROR", ["update", rr_add("d.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["pre", yxrrset("d.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["update",
+ rr_add("d.$zone 300 A 73.80.65.49"),
+ rr_del("d.$zone A")]);
+test("NOERROR", ["pre", nxrrset("d.$zone 300 A 73.80.65.49")]);
+
+test("NOERROR", ["update", rr_del("d.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["pre", nxrrset("d.$zone 300 A")]);
+test("NOERROR", ["update",
+ rr_del("d.$zone 300 A"),
+ rr_add("d.$zone 300 A 73.80.65.49")]);
+
+test("NOERROR", ["pre", yxrrset("d.$zone 300 A")]);
+
+section("Out-of-zone prerequisites and updates");
+test("NOTZONE", ["pre", yxrrset("a.somewhere.else. 300 A 73.80.65.49")]);
+test("NOTZONE", ["update", rr_add("a.somewhere.else. 300 A 73.80.65.49")]);
+
+
+section("Glue");
+test("NOERROR", ["update", rr_add("s.$zone 300 NS ns.s.$zone")]);
+test("NOERROR", ["update", rr_add("ns.s.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["pre", yxrrset("ns.s.$zone 300 A 73.80.65.49")]);
+
+section("Wildcards");
+test("NOERROR", ["update", rr_add("*.$zone 300 MX 10 mail.$zone")]);
+test("NOERROR", ["pre", yxrrset("*.$zone 300 MX 10 mail.$zone")]);
+test("NXRRSET", ["pre", yxrrset("w.$zone 300 MX 10 mail.$zone")]);
+test("NOERROR", ["pre", nxrrset("w.$zone MX")]);
+test("NOERROR", ["pre", nxdomain("w.$zone")]);
+
+
+section("SOA serial handling");
+
+my $soatimers = "20 20 1814400 3600";
+
+# Get the current SOA serial number.
+my $query = $res->query($zone, "SOA");
+my ($old_soa) = $query->answer;
+
+my $old_serial = $old_soa->serial;
+
+# Increment it by 10.
+my $new_serial = $old_serial + 10;
+if ($new_serial > 0xFFFFFFFF) {
+ $new_serial -= 0x80000000;
+ $new_serial -= 0x80000000;
+}
+
+# Replace the SOA with a new one.
+test("NOERROR", ["update", rr_add("$zone 300 SOA mname1. . $new_serial $soatimers")]);
+
+# Check that the SOA really got replaced.
+($db_soa) = $res->query($zone, "SOA")->answer;
+assert($db_soa->mname eq "mname1");
+
+# Check that attempts to decrement the serial number are ignored.
+$new_serial = $old_serial - 10;
+if ($new_serial < 0) {
+ $new_serial += 0x80000000;
+ $new_serial += 0x80000000;
+}
+test("NOERROR", ["update", rr_add("$zone 300 SOA mname2. . $new_serial $soatimers")]);
+assert($db_soa->mname eq "mname1");
+
+# Check that attempts to leave the serial number unchanged are ignored.
+($old_soa) = $res->query($zone, "SOA")->answer;
+$old_serial = $old_soa->serial;
+test("NOERROR", ["update", rr_add("$zone 300 SOA mname3. . $old_serial " .
+ $soatimers)]);
+($db_soa) = $res->query($zone, "SOA")->answer;
+assert($db_soa->mname eq "mname1");
+
+#
+# Currently commented out because Net::DNS does not properly
+# support multiple strings in TXT records.
+#
+#section("Big data");
+#test("NOERROR", ["update", rr_add("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
+#test("NOERROR", ["update", rr_del("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
+test("NOERROR", ["update", rr_add("a.$zone 300 TXT " . ("foo " x 3))]);
+
+section("Updating TTLs only");
+
+test("NOERROR", ["update", rr_add("t.$zone 300 A 73.80.65.49")]);
+($a) = $res->query("t.$zone", "A")->answer;
+$ttl = $a->ttl;
+assert($ttl == 300, "incorrect TTL value $ttl != 300");
+test("NOERROR", ["update",
+ rr_del("t.$zone 300 A 73.80.65.49"),
+ rr_add("t.$zone 301 A 73.80.65.49")]);
+($a) = $res->query("t.$zone", "A")->answer;
+$ttl = $a->ttl;
+assert($ttl == 301, "incorrect TTL value $ttl != 301");
+
+# Add an RR that is identical to an existing one except for the TTL.
+# RFC2136 is not clear about what this should do; it says "duplicate RRs
+# will be silently ignored" but is an RR differing only in TTL
+# to be considered a duplicate or not? The test assumes that it
+# should not be considered a duplicate.
+test("NOERROR", ["update", rr_add("t.$zone 302 A 73.80.65.50")]);
+($a) = $res->query("t.$zone", "A")->answer;
+$ttl = $a->ttl;
+assert($ttl == 302, "incorrect TTL value $ttl != 302");
+
+section("TTL normalization");
+
+# The desired behaviour is that the old RRs get their TTL
+# changed to match the new one. RFC2136 does not explicitly
+# specify this, but I think it makes more sense than the
+# alternatives.
+
+test("NOERROR", ["update", rr_add("t.$zone 303 A 73.80.65.51")]);
+(@answers) = $res->query("t.$zone", "A")->answer;
+$nanswers = scalar @answers;
+assert($nanswers == 3, "wrong number of answers $nanswers != 3");
+foreach $a (@answers) {
+ $ttl = $a->ttl;
+ assert($ttl == 303, "incorrect TTL value $ttl != 303");
+}
+
+section("Obscuring existing data by zone cut");
+test("NOERROR", ["update", rr_add("a.u.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["update", rr_add("b.u.$zone 300 A 73.80.65.49")]);
+test("NOERROR", ["update", rr_add("u.$zone 300 TXT txt-not-in-nxt")]);
+test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]);
+
+test("NOERROR", ["update", rr_del("u.$zone 300 NS ns.u.$zone")]);
+
+if ($failures) {
+ print "I:$failures tests failed.\n";
+} else {
+ print "I:All tests successful.\n";
+}
+exit $failures;
diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl
new file mode 100644
index 0000000..b41f198
--- /dev/null
+++ b/bin/tests/system/resolver/ans2/ans.pl
@@ -0,0 +1,75 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: ans.pl,v 1.10 2007/09/24 04:13:25 marka Exp $
+
+#
+# Ad hoc name server
+#
+
+use IO::File;
+use IO::Socket;
+use Net::DNS;
+use Net::DNS::Packet;
+
+my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.2",
+ LocalPort => 5300, Proto => "udp") or die "$!";
+
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
+print $pidf "$$\n" or die "cannot write pid file: $!";
+$pidf->close or die "cannot close pid file: $!";
+sub rmpid { unlink "ans.pid"; exit 1; };
+
+$SIG{INT} = \&rmpid;
+$SIG{TERM} = \&rmpid;
+
+for (;;) {
+ $sock->recv($buf, 512);
+
+ print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
+
+ my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
+ $err and die $err;
+
+ print "REQUEST:\n";
+ $packet->print;
+
+ $packet->header->qr(1);
+
+ my @questions = $packet->question;
+ my $qname = $questions[0]->qname;
+
+ if ($qname eq "cname1.example.com") {
+ # Data for the "cname + other data / 1" test
+ $packet->push("answer", new Net::DNS::RR("cname1.example.com 300 CNAME cname1.example.com"));
+ $packet->push("answer", new Net::DNS::RR("cname1.example.com 300 A 1.2.3.4"));
+ } elsif ($qname eq "cname2.example.com") {
+ # Data for the "cname + other data / 2" test: same RRs in opposite order
+ $packet->push("answer", new Net::DNS::RR("cname2.example.com 300 A 1.2.3.4"));
+ $packet->push("answer", new Net::DNS::RR("cname2.example.com 300 CNAME cname2.example.com"));
+ } else {
+ # Data for the "bogus referrals" test
+ $packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com"));
+ $packet->push("additional", new Net::DNS::RR("ns.below.www.example.com 300 A 10.53.0.3"));
+ }
+
+ $sock->send($packet->data);
+
+ print "RESPONSE:\n";
+ $packet->print;
+ print "\n";
+}
diff --git a/bin/tests/system/resolver/ans3/ans.pl b/bin/tests/system/resolver/ans3/ans.pl
new file mode 100644
index 0000000..3053b25
--- /dev/null
+++ b/bin/tests/system/resolver/ans3/ans.pl
@@ -0,0 +1,60 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: ans.pl,v 1.9 2007/09/24 04:13:25 marka Exp $
+
+#
+# Ad hoc name server
+#
+
+use IO::File;
+use IO::Socket;
+use Net::DNS;
+use Net::DNS::Packet;
+
+my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.3",
+ LocalPort => 5300, Proto => "udp") or die "$!";
+
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
+print $pidf "$$\n" or die "cannot write pid file: $!";
+$pidf->close or die "cannot close pid file: $!";
+sub rmpid { unlink "ans.pid"; exit 1; };
+
+$SIG{INT} = \&rmpid;
+$SIG{TERM} = \&rmpid;
+
+for (;;) {
+ $sock->recv($buf, 512);
+
+ print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
+
+ my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
+ $err and die $err;
+
+ print "REQUEST:\n";
+ $packet->print;
+
+ $packet->header->qr(1);
+
+ $packet->push("answer", new Net::DNS::RR("www.example.com 300 A 1.2.3.4"));
+
+ $sock->send($packet->data);
+
+ print "RESPONSE:\n";
+ $packet->print;
+ print "\n";
+}
diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh
new file mode 100644
index 0000000..c79da92
--- /dev/null
+++ b/bin/tests/system/resolver/clean.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.1 2008/07/17 01:15:34 marka Exp $
+
+#
+# Clean up after resolver tests.
+#
+rm -f */named.memstats
diff --git a/bin/tests/system/resolver/ns1/named.conf b/bin/tests/system/resolver/ns1/named.conf
new file mode 100644
index 0000000..4b0c80a
--- /dev/null
+++ b/bin/tests/system/resolver/ns1/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.13 2007/06/18 23:47:30 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+};
+
+zone "." {
+ type hint;
+ file "root.hint";
+};
+
diff --git a/bin/tests/system/resolver/ns1/root.hint b/bin/tests/system/resolver/ns1/root.hint
new file mode 100644
index 0000000..2fd180e
--- /dev/null
+++ b/bin/tests/system/resolver/ns1/root.hint
@@ -0,0 +1,20 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.hint,v 1.7 2007/06/19 23:47:05 tbox Exp $
+
+$TTL 999999
+. IN NS a.root-servers.nil.
+a.root-servers.nil. IN A 10.53.0.2
diff --git a/bin/tests/system/resolver/prereq.sh b/bin/tests/system/resolver/prereq.sh
new file mode 100644
index 0000000..c0dbb7b
--- /dev/null
+++ b/bin/tests/system/resolver/prereq.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: prereq.sh,v 1.7 2007/06/19 23:47:05 tbox Exp $
+
+if $PERL -e 'use Net::DNS;' 2>/dev/null
+then
+ :
+else
+ echo "I:This test requires the Net::DNS library." >&2
+ exit 1
+fi
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
new file mode 100644
index 0000000..585455c
--- /dev/null
+++ b/bin/tests/system/resolver/tests.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.9 2007/06/19 23:47:05 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:checking handling of bogus referrals"
+# If the server has the "INSIST(!external)" bug, this query will kill it.
+$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
+
+echo "I:check handling of cname + other data / 1"
+$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
+
+echo "I:check handling of cname + other data / 2"
+$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
+
+echo "I:check that server is still running"
+$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/rrsetorder/clean.sh b/bin/tests/system/rrsetorder/clean.sh
new file mode 100644
index 0000000..d5b245c
--- /dev/null
+++ b/bin/tests/system/rrsetorder/clean.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.8 2008/04/24 23:46:59 tbox Exp $
+
+rm -f dig.out.cyclic dig.out.fixed dig.out.random
+rm -f dig.out.0 dig.out.1 dig.out.2 dig.out.3
+rm -f ns2/root.bk
+rm -f ns?/named.run ns?/named.core
+rm -f */named.memstats
diff --git a/bin/tests/system/rrsetorder/dig.out.fixed.good b/bin/tests/system/rrsetorder/dig.out.fixed.good
new file mode 100644
index 0000000..eaf9c63
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.fixed.good
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.3
+1.2.3.1
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good1 b/bin/tests/system/rrsetorder/dig.out.random.good1
new file mode 100644
index 0000000..c272c75
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good1
@@ -0,0 +1,4 @@
+1.2.3.1
+1.2.3.2
+1.2.3.3
+1.2.3.4
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good10 b/bin/tests/system/rrsetorder/dig.out.random.good10
new file mode 100644
index 0000000..6a39e3f
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good10
@@ -0,0 +1,4 @@
+1.2.3.2
+1.2.3.3
+1.2.3.4
+1.2.3.1
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good11 b/bin/tests/system/rrsetorder/dig.out.random.good11
new file mode 100644
index 0000000..efbc792
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good11
@@ -0,0 +1,4 @@
+1.2.3.2
+1.2.3.4
+1.2.3.1
+1.2.3.3
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good12 b/bin/tests/system/rrsetorder/dig.out.random.good12
new file mode 100644
index 0000000..c859a2e
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good12
@@ -0,0 +1,4 @@
+1.2.3.2
+1.2.3.4
+1.2.3.3
+1.2.3.1
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good13 b/bin/tests/system/rrsetorder/dig.out.random.good13
new file mode 100644
index 0000000..49bf54b
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good13
@@ -0,0 +1,4 @@
+1.2.3.3
+1.2.3.1
+1.2.3.2
+1.2.3.4
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good14 b/bin/tests/system/rrsetorder/dig.out.random.good14
new file mode 100644
index 0000000..974aa89
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good14
@@ -0,0 +1,4 @@
+1.2.3.3
+1.2.3.1
+1.2.3.4
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good15 b/bin/tests/system/rrsetorder/dig.out.random.good15
new file mode 100644
index 0000000..e8deb67
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good15
@@ -0,0 +1,4 @@
+1.2.3.3
+1.2.3.2
+1.2.3.1
+1.2.3.4
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good16 b/bin/tests/system/rrsetorder/dig.out.random.good16
new file mode 100644
index 0000000..f467087
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good16
@@ -0,0 +1,4 @@
+1.2.3.3
+1.2.3.2
+1.2.3.4
+1.2.3.1
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good17 b/bin/tests/system/rrsetorder/dig.out.random.good17
new file mode 100644
index 0000000..6082a25
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good17
@@ -0,0 +1,4 @@
+1.2.3.3
+1.2.3.4
+1.2.3.1
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good18 b/bin/tests/system/rrsetorder/dig.out.random.good18
new file mode 100644
index 0000000..07eefa0
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good18
@@ -0,0 +1,4 @@
+1.2.3.3
+1.2.3.4
+1.2.3.2
+1.2.3.1
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good19 b/bin/tests/system/rrsetorder/dig.out.random.good19
new file mode 100644
index 0000000..a5530c6
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good19
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.1
+1.2.3.2
+1.2.3.3
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good2 b/bin/tests/system/rrsetorder/dig.out.random.good2
new file mode 100644
index 0000000..00da93a
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good2
@@ -0,0 +1,4 @@
+1.2.3.1
+1.2.3.2
+1.2.3.4
+1.2.3.3
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good20 b/bin/tests/system/rrsetorder/dig.out.random.good20
new file mode 100644
index 0000000..6dcf6da
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good20
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.1
+1.2.3.3
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good21 b/bin/tests/system/rrsetorder/dig.out.random.good21
new file mode 100644
index 0000000..9dcc63f
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good21
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.2
+1.2.3.1
+1.2.3.3
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good22 b/bin/tests/system/rrsetorder/dig.out.random.good22
new file mode 100644
index 0000000..4c51aa6
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good22
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.2
+1.2.3.3
+1.2.3.1
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good23 b/bin/tests/system/rrsetorder/dig.out.random.good23
new file mode 100644
index 0000000..eaf9c63
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good23
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.3
+1.2.3.1
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good24 b/bin/tests/system/rrsetorder/dig.out.random.good24
new file mode 100644
index 0000000..c25c756
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good24
@@ -0,0 +1,4 @@
+1.2.3.4
+1.2.3.3
+1.2.3.2
+1.2.3.1
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good3 b/bin/tests/system/rrsetorder/dig.out.random.good3
new file mode 100644
index 0000000..4d50059
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good3
@@ -0,0 +1,4 @@
+1.2.3.1
+1.2.3.3
+1.2.3.2
+1.2.3.4
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good4 b/bin/tests/system/rrsetorder/dig.out.random.good4
new file mode 100644
index 0000000..0b34afa
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good4
@@ -0,0 +1,4 @@
+1.2.3.1
+1.2.3.3
+1.2.3.4
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good5 b/bin/tests/system/rrsetorder/dig.out.random.good5
new file mode 100644
index 0000000..efe0e25
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good5
@@ -0,0 +1,4 @@
+1.2.3.1
+1.2.3.4
+1.2.3.2
+1.2.3.3
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good6 b/bin/tests/system/rrsetorder/dig.out.random.good6
new file mode 100644
index 0000000..d2ca6fc
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good6
@@ -0,0 +1,4 @@
+1.2.3.1
+1.2.3.4
+1.2.3.3
+1.2.3.2
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good7 b/bin/tests/system/rrsetorder/dig.out.random.good7
new file mode 100644
index 0000000..0d8312a
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good7
@@ -0,0 +1,4 @@
+1.2.3.2
+1.2.3.1
+1.2.3.3
+1.2.3.4
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good8 b/bin/tests/system/rrsetorder/dig.out.random.good8
new file mode 100644
index 0000000..3b27693
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good8
@@ -0,0 +1,4 @@
+1.2.3.2
+1.2.3.1
+1.2.3.4
+1.2.3.3
diff --git a/bin/tests/system/rrsetorder/dig.out.random.good9 b/bin/tests/system/rrsetorder/dig.out.random.good9
new file mode 100644
index 0000000..61192af
--- /dev/null
+++ b/bin/tests/system/rrsetorder/dig.out.random.good9
@@ -0,0 +1,4 @@
+1.2.3.2
+1.2.3.3
+1.2.3.1
+1.2.3.4
diff --git a/bin/tests/system/rrsetorder/ns1/named.conf b/bin/tests/system/rrsetorder/ns1/named.conf
new file mode 100644
index 0000000..f228a07
--- /dev/null
+++ b/bin/tests/system/rrsetorder/ns1/named.conf
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ rrset-order {
+ name "fixed.example" order fixed;
+ name "random.example" order random;
+ name "cyclic.example" order cyclic;
+ type NS order random;
+ order cyclic;
+ };
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/rrsetorder/ns1/root.db b/bin/tests/system/rrsetorder/ns1/root.db
new file mode 100644
index 0000000..dd2f08f
--- /dev/null
+++ b/bin/tests/system/rrsetorder/ns1/root.db
@@ -0,0 +1,40 @@
+; Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:05 tbox Exp $
+
+$TTL 3600
+. SOA hostmaster.isc.org. a.root-servers.nil. (
+ 2000042100
+ 600
+ 600
+ 1200
+ 600 )
+. NS a.root-servers.nil.
+a.root-servers.nil A 10.53.0.1
+;
+fixed.example. A 1.2.3.4
+fixed.example. A 1.2.3.3
+fixed.example. A 1.2.3.1
+fixed.example. A 1.2.3.2
+;
+random.example. A 1.2.3.1
+random.example. A 1.2.3.2
+random.example. A 1.2.3.3
+random.example. A 1.2.3.4
+;
+cyclic.example. A 1.2.3.4
+cyclic.example. A 1.2.3.3
+cyclic.example. A 1.2.3.2
+cyclic.example. A 1.2.3.1
diff --git a/bin/tests/system/rrsetorder/ns2/named.conf b/bin/tests/system/rrsetorder/ns2/named.conf
new file mode 100644
index 0000000..0a1e9b9
--- /dev/null
+++ b/bin/tests/system/rrsetorder/ns2/named.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.4 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ // flush-zones-on-shutdown yes;
+ rrset-order {
+ name "fixed.example" order fixed;
+ name "random.example" order random;
+ name "cyclic.example" order cyclic;
+ type NS order random;
+ order cyclic;
+ };
+};
+
+zone "." {
+ type slave;
+ masters { 10.53.0.1; };
+ file "root.bk";
+};
diff --git a/bin/tests/system/rrsetorder/ns3/named.conf b/bin/tests/system/rrsetorder/ns3/named.conf
new file mode 100644
index 0000000..fa8bfc9
--- /dev/null
+++ b/bin/tests/system/rrsetorder/ns3/named.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.5 2007/06/18 23:47:30 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+ rrset-order {
+ name "fixed.example" order fixed;
+ name "random.example" order random;
+ name "cyclic.example" order cyclic;
+ type NS order random;
+ order cyclic;
+ };
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
diff --git a/bin/tests/system/rrsetorder/tests.sh b/bin/tests/system/rrsetorder/tests.sh
new file mode 100644
index 0000000..a05e34f
--- /dev/null
+++ b/bin/tests/system/rrsetorder/tests.sh
@@ -0,0 +1,332 @@
+#!/bin/sh
+#
+# Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.8 2008/10/09 21:27:52 each Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+if grep "^#define DNS_RDATASET_FIXED" $TOP/config.h > /dev/null 2>&1 ; then
+ test_fixed=true
+else
+ echo "I: Order 'fixed' disabled at compile time"
+ test_fixed=false
+fi
+
+#
+#
+#
+if $test_fixed; then
+ echo "I: Checking order fixed (master)"
+ ret=0
+ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
+ do
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.1 fixed.example > dig.out.fixed || ret=1
+ cmp -s dig.out.fixed dig.out.fixed.good || ret=1
+ done
+ if [ $ret != 0 ]; then echo "I:failed"; fi
+ status=`expr $status + $ret`
+fi
+
+#
+#
+#
+echo "I: Checking order cyclic (master)"
+ret=0
+matches=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
+do
+ j=`expr $i % 4`
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.1 cyclic.example > dig.out.cyclic || ret=1
+ if [ $i -le 4 ]; then
+ cp dig.out.cyclic dig.out.$j
+ else
+ cmp -s dig.out.cyclic dig.out.$j && matches=`expr $matches + 1`
+ fi
+done
+cmp -s dig.out.0 dig.out.1 && ret=1
+cmp -s dig.out.0 dig.out.2 && ret=1
+cmp -s dig.out.0 dig.out.3 && ret=1
+cmp -s dig.out.1 dig.out.2 && ret=1
+cmp -s dig.out.1 dig.out.3 && ret=1
+cmp -s dig.out.2 dig.out.3 && ret=1
+if [ $matches -ne 16 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: Checking order random (master)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+ eval match$i=0
+done
+for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 9
+do
+$DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.1 random.example > dig.out.random || ret=1
+ match=0
+ for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+ do
+ eval "cmp -s dig.out.random dig.out.random.good$j && match$j=1 match=1"
+ if [ $match -eq 1 ]; then break; fi
+ done
+ if [ $match -eq 0 ]; then ret=1; fi
+done
+match=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+ eval "match=\`expr \$match + \$match$i\`"
+done
+echo "I: Random selection return $match of 24 possible orders in 36 samples"
+if [ $match -lt 8 ]; then echo ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+#
+#
+#
+if $test_fixed; then
+ echo "I: Checking order fixed (slave)"
+ ret=0
+ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
+ do
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.2 fixed.example > dig.out.fixed || ret=1
+ cmp -s dig.out.fixed dig.out.fixed.good || ret=1
+ done
+ if [ $ret != 0 ]; then echo "I:failed"; fi
+ status=`expr $status + $ret`
+fi
+
+#
+#
+#
+echo "I: Checking order cyclic (slave)"
+ret=0
+matches=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
+do
+ j=`expr $i % 4`
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.2 cyclic.example > dig.out.cyclic || ret=1
+ if [ $i -le 4 ]; then
+ cp dig.out.cyclic dig.out.$j
+ else
+ cmp -s dig.out.cyclic dig.out.$j && matches=`expr $matches + 1`
+ fi
+done
+cmp -s dig.out.0 dig.out.1 && ret=1
+cmp -s dig.out.0 dig.out.2 && ret=1
+cmp -s dig.out.0 dig.out.3 && ret=1
+cmp -s dig.out.1 dig.out.2 && ret=1
+cmp -s dig.out.1 dig.out.3 && ret=1
+cmp -s dig.out.2 dig.out.3 && ret=1
+if [ $matches -ne 16 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: Checking order random (slave)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+ eval match$i=0
+done
+for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 9
+do
+$DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.2 random.example > dig.out.random || ret=1
+ match=0
+ for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+ do
+ eval "cmp -s dig.out.random dig.out.random.good$j && match$j=1 match=1"
+ if [ $match -eq 1 ]; then break; fi
+ done
+ if [ $match -eq 0 ]; then ret=1; fi
+done
+match=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+eval "match=\`expr \$match + \$match$i\`"
+done
+echo "I: Random selection return $match of 24 possible orders in 36 samples"
+if [ $match -lt 8 ]; then echo ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: Shutting down slave"
+
+(cd ..; sh stop.sh rrsetorder ns2 )
+
+echo "I: Checking for slave's on disk copy of zone"
+
+if [ ! -f ns2/root.bk ]
+then
+ echo "I:failed";
+ status=`expr $status + 1`
+fi
+
+echo "I: Re-starting slave"
+
+(cd ..; sh start.sh --noclean rrsetorder ns2 )
+
+#
+#
+#
+if $test_fixed; then
+ echo "I: Checking order fixed (slave loaded from disk)"
+ ret=0
+ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
+ do
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.2 fixed.example > dig.out.fixed || ret=1
+ cmp -s dig.out.fixed dig.out.fixed.good || ret=1
+ done
+ if [ $ret != 0 ]; then echo "I:failed"; fi
+ status=`expr $status + $ret`
+fi
+
+#
+#
+#
+echo "I: Checking order cyclic (slave loaded from disk)"
+ret=0
+matches=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
+do
+ j=`expr $i % 4`
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.2 cyclic.example > dig.out.cyclic || ret=1
+ if [ $i -le 4 ]; then
+ cp dig.out.cyclic dig.out.$j
+ else
+ cmp -s dig.out.cyclic dig.out.$j && matches=`expr $matches + 1`
+ fi
+done
+cmp -s dig.out.0 dig.out.1 && ret=1
+cmp -s dig.out.0 dig.out.2 && ret=1
+cmp -s dig.out.0 dig.out.3 && ret=1
+cmp -s dig.out.1 dig.out.2 && ret=1
+cmp -s dig.out.1 dig.out.3 && ret=1
+cmp -s dig.out.2 dig.out.3 && ret=1
+if [ $matches -ne 16 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: Checking order random (slave loaded from disk)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+ eval match$i=0
+done
+for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 9
+do
+$DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.2 random.example > dig.out.random || ret=1
+ match=0
+ for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+ do
+ eval "cmp -s dig.out.random dig.out.random.good$j && match$j=1 match=1"
+ if [ $match -eq 1 ]; then break; fi
+ done
+ if [ $match -eq 0 ]; then ret=1; fi
+done
+match=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+eval "match=\`expr \$match + \$match$i\`"
+done
+echo "I: Random selection return $match of 24 possible orders in 36 samples"
+if [ $match -lt 8 ]; then echo ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+#
+#
+#
+if $test_fixed; then
+ echo "I: Checking order fixed (cache)"
+ ret=0
+ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
+ do
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.3 fixed.example > dig.out.fixed || ret=1
+ cmp -s dig.out.fixed dig.out.fixed.good || ret=1
+ done
+ if [ $ret != 0 ]; then echo "I:failed"; fi
+ status=`expr $status + $ret`
+fi
+
+#
+#
+#
+echo "I: Checking order cyclic (cache)"
+ret=0
+matches=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
+do
+ j=`expr $i % 4`
+ $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.3 cyclic.example > dig.out.cyclic || ret=1
+ if [ $i -le 4 ]; then
+ cp dig.out.cyclic dig.out.$j
+ else
+ cmp -s dig.out.cyclic dig.out.$j && matches=`expr $matches + 1`
+ fi
+done
+cmp -s dig.out.0 dig.out.1 && ret=1
+cmp -s dig.out.0 dig.out.2 && ret=1
+cmp -s dig.out.0 dig.out.3 && ret=1
+cmp -s dig.out.1 dig.out.2 && ret=1
+cmp -s dig.out.1 dig.out.3 && ret=1
+cmp -s dig.out.2 dig.out.3 && ret=1
+if [ $matches -ne 16 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: Checking order random (cache)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+ eval match$i=0
+done
+for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 9
+do
+$DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short \
+ -p 5300 @10.53.0.3 random.example > dig.out.random || ret=1
+ match=0
+ for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+ do
+ eval "cmp -s dig.out.random dig.out.random.good$j && match$j=1 match=1"
+ if [ $match -eq 1 ]; then break; fi
+ done
+ if [ $match -eq 0 ]; then ret=1; fi
+done
+match=0
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+eval "match=\`expr \$match + \$match$i\`"
+done
+echo "I: Random selection return $match of 24 possible orders in 36 samples"
+if [ $match -lt 8 ]; then echo ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+
+status=`expr $status + $ret`
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/run.sh b/bin/tests/system/run.sh
new file mode 100644
index 0000000..8d4a6ad
--- /dev/null
+++ b/bin/tests/system/run.sh
@@ -0,0 +1,115 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: run.sh,v 1.42 2007/06/19 23:47:00 tbox Exp $
+
+#
+# Run a system test.
+#
+
+SYSTEMTESTTOP=.
+. $SYSTEMTESTTOP/conf.sh
+
+stopservers=true
+
+case $1 in
+ --keep) stopservers=false; shift ;;
+esac
+
+test $# -gt 0 || { echo "usage: $0 [--keep] test-directory" >&2; exit 1; }
+
+test=$1
+shift
+
+test -d $test || { echo "$0: $test: no such test" >&2; exit 1; }
+
+echo "S:$test:`date`" >&2
+echo "T:$test:1:A" >&2
+echo "A:System test $test" >&2
+
+if [ x$PERL = x ]
+then
+ echo "I:Perl not available. Skipping test." >&2
+ echo "R:UNTESTED" >&2
+ echo "E:$test:`date`" >&2
+ exit 0;
+fi
+
+$PERL testsock.pl || {
+ echo "I:Network interface aliases not set up. Skipping test." >&2;
+ echo "R:UNTESTED" >&2;
+ echo "E:$test:`date`" >&2;
+ exit 0;
+}
+
+
+# Check for test-specific prerequisites.
+if
+ test ! -f $test/prereq.sh ||
+ ( cd $test && sh prereq.sh "$@" )
+then
+ : prereqs ok
+else
+ echo "I:Prerequisites for $test missing, skipping test." >&2
+ echo "R:UNTESTED" >&2
+ echo "E:$test:`date`" >&2
+ exit 0
+fi
+
+# Set up any dynamically generated test data
+if test -f $test/setup.sh
+then
+ ( cd $test && sh setup.sh "$@" )
+fi
+
+# Start name servers running
+$PERL start.pl $test || exit 1
+
+# Run the tests
+( cd $test ; sh tests.sh )
+
+status=$?
+
+if $stopservers
+then
+ :
+else
+ exit $status
+fi
+
+# Shutdown
+$PERL stop.pl $test
+
+status=`expr $status + $?`
+
+if [ $status != 0 ]; then
+ echo "R:FAIL"
+ # Don't clean up - we need the evidence.
+ find . -name core -exec chmod 0644 '{}' \;
+else
+ echo "R:PASS"
+
+ # Clean up.
+ if test -f $test/clean.sh
+ then
+ ( cd $test && sh clean.sh "$@" )
+ fi
+fi
+
+echo "E:$test:`date`"
+
+exit $status
diff --git a/bin/tests/system/runall.sh b/bin/tests/system/runall.sh
new file mode 100644
index 0000000..23ad53f
--- /dev/null
+++ b/bin/tests/system/runall.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: runall.sh,v 1.8 2007/06/19 23:47:00 tbox Exp $
+
+#
+# Run all the system tests.
+#
+
+SYSTEMTESTTOP=.
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+for d in $SUBDIRS
+do
+ sh run.sh $d || status=1
+done
+
+$PERL testsock.pl || {
+ cat <<EOF >&2
+I:
+I:NOTE: Many of the tests were skipped because they require that
+I: the IP addresses 10.53.0.1 through 10.53.0.5 are configured
+I: as alias addresses on the loopback interface. Please run
+I: "bin/tests/system/ifconfig.sh up" as root to configure them
+I: and rerun the tests.
+EOF
+ exit 0;
+}
+
+exit $status
diff --git a/bin/tests/system/send.pl b/bin/tests/system/send.pl
new file mode 100644
index 0000000..bda9b6d
--- /dev/null
+++ b/bin/tests/system/send.pl
@@ -0,0 +1,39 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: send.pl,v 1.5 2007/06/19 23:47:00 tbox Exp $
+
+#
+# Send a file to a given address and port using TCP. Used for
+# configuring the test server in ixfr/ans2/ans.pl.
+#
+
+use IO::File;
+use IO::Socket;
+
+@ARGV == 2 or die "usage: send.pl host port [file ...]\n";
+
+my $host = shift @ARGV;
+my $port = shift @ARGV;
+
+my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port,
+ Proto => "tcp",) or die "$!";
+while (<>) {
+ $sock->syswrite($_, length $_);
+}
+
+$sock->close;
diff --git a/bin/tests/system/setup.sh b/bin/tests/system/setup.sh
new file mode 100644
index 0000000..8418e2e
--- /dev/null
+++ b/bin/tests/system/setup.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.11 2007/06/19 23:47:00 tbox Exp $
+
+#
+# Run a system test.
+#
+
+SYSTEMTESTTOP=.
+. $SYSTEMTESTTOP/conf.sh
+
+test $# -gt 0 || { echo "usage: $0 test-directory" >&2; exit 1; }
+
+test=$1
+shift
+
+test -d $test || { echo "$0: $test: no such test" >&2; exit 1; }
+
+# Set up any dynamically generated test data
+if test -f $test/setup.sh
+then
+ ( cd $test && sh setup.sh "$@" )
+fi
+
+
diff --git a/bin/tests/system/sortlist/clean.sh b/bin/tests/system/sortlist/clean.sh
new file mode 100644
index 0000000..bb71507
--- /dev/null
+++ b/bin/tests/system/sortlist/clean.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.7 2007/09/26 03:22:44 marka Exp $
+
+rm -f *.dig *.good
+rm -f */named.memstats
diff --git a/bin/tests/system/sortlist/ns1/example.db b/bin/tests/system/sortlist/ns1/example.db
new file mode 100644
index 0000000..7e408db
--- /dev/null
+++ b/bin/tests/system/sortlist/ns1/example.db
@@ -0,0 +1,43 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.7 2007/06/19 23:47:05 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns1.example. hostmaster.example. (
+ 2000042795 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns1.example.
+ns1.example. A 10.53.0.1
+
+; Let's see what the sortlist picks out of this...
+a A 1.1.1.1
+a A 1.1.1.5
+a A 1.1.1.2
+a A 192.168.3.1
+a A 1.1.1.3
+a A 192.168.1.1
+a A 1.1.1.4
+
+b A 10.53.0.1
+b A 10.53.0.2
+b A 10.53.0.3
+b A 10.53.0.4
+b A 10.53.0.5
+
diff --git a/bin/tests/system/sortlist/ns1/named.conf b/bin/tests/system/sortlist/ns1/named.conf
new file mode 100644
index 0000000..5d149ec
--- /dev/null
+++ b/bin/tests/system/sortlist/ns1/named.conf
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.10 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+
+ sortlist {
+ { 10.53.0.1; // IF 10.53.0.1
+ {
+ !1.1.1.4; !1.1.1.2; !1.1.1.3; !1.1.1.1; // sort these last,
+ 192.168.3/24; // this first
+ { 192.168.2/24; 192.168.1/24; }; }; }; // and these next
+ { { 10.53.0.2; 10.53.0.3; }; }; // Prefer self
+ 10.53.0.4; // BIND 8 compat
+ { 10.53.0.5; 10.53.0.5; }; // BIND 8 compat
+ };
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/sortlist/ns1/root.db b/bin/tests/system/sortlist/ns1/root.db
new file mode 100644
index 0000000..f300adc
--- /dev/null
+++ b/bin/tests/system/sortlist/ns1/root.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.5 2007/06/19 23:47:05 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
diff --git a/bin/tests/system/sortlist/tests.sh b/bin/tests/system/sortlist/tests.sh
new file mode 100644
index 0000000..06f175a
--- /dev/null
+++ b/bin/tests/system/sortlist/tests.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.9 2007/09/14 01:46:05 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:test 2-element sortlist statement"
+cat <<EOF >test1.good
+a.example. 300 IN A 192.168.3.1
+a.example. 300 IN A 192.168.1.1
+a.example. 300 IN A 1.1.1.5
+a.example. 300 IN A 1.1.1.1
+a.example. 300 IN A 1.1.1.3
+a.example. 300 IN A 1.1.1.2
+a.example. 300 IN A 1.1.1.4
+EOF
+$DIG +tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd a.example. \
+ @10.53.0.1 -b 10.53.0.1 -p 5300 >test1.dig
+# Note that this can't use digcomp.pl because here, the ordering of the
+# result RRs is significant.
+diff test1.dig test1.good || status=1
+
+echo "I:test 1-element sortlist statement and undocumented BIND 8 features"
+ cat <<EOF >test2.good
+b.example. 300 IN A 10.53.0.$n
+EOF
+
+$DIG +tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd \
+ b.example. @10.53.0.1 -b 10.53.0.2 -p 5300 | sed 1q | \
+ egrep '10.53.0.(2|3)$' > test2.out &&
+$DIG +tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd \
+ b.example. @10.53.0.1 -b 10.53.0.3 -p 5300 | sed 1q | \
+ egrep '10.53.0.(2|3)$' >> test2.out &&
+$DIG +tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd \
+ b.example. @10.53.0.1 -b 10.53.0.4 -p 5300 | sed 1q | \
+ egrep '10.53.0.4$' >> test2.out &&
+$DIG +tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd \
+ b.example. @10.53.0.1 -b 10.53.0.5 -p 5300 | sed 1q | \
+ egrep '10.53.0.5$' >> test2.out || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl
new file mode 100644
index 0000000..1f461b5
--- /dev/null
+++ b/bin/tests/system/start.pl
@@ -0,0 +1,209 @@
+#!/usr/bin/perl -w
+#
+# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: start.pl,v 1.13 2008/01/02 23:47:01 tbox Exp $
+
+# Framework for starting test servers.
+# Based on the type of server specified, check for port availability, remove
+# temporary files, start the server, and verify that the server is running.
+# If a server is specified, start it. Otherwise, start all servers for test.
+
+use strict;
+use Cwd 'abs_path';
+use Getopt::Long;
+
+# Option handling
+# --noclean test [server [options]]
+#
+# --noclean - Do not cleanup files in server directory
+# test - name of the test directory
+# server - name of the server directory
+# options - alternate options for the server
+
+my $usage = "usage: $0 [--noclean] test-directory [server-directory [server-options]]";
+my $noclean;
+GetOptions('noclean' => \$noclean);
+my $test = $ARGV[0];
+my $server = $ARGV[1];
+my $options = $ARGV[2];
+
+if (!$test) {
+ print "$usage\n";
+}
+if (!-d $test) {
+ print "No test directory: \"$test\"\n";
+}
+if ($server && !-d "$test/$server") {
+ print "No server directory: \"$test/$server\"\n";
+}
+
+# Global variables
+my $topdir = abs_path("$test/..");
+my $testdir = abs_path("$test");
+my $NAMED = $ENV{'NAMED'};
+my $LWRESD = $ENV{'LWRESD'};
+my $DIG = $ENV{'DIG'};
+my $PERL = $ENV{'PERL'};
+
+# Start the server(s)
+
+if ($server) {
+ if ($server =~ /^ns/) {
+ &check_ports($server);
+ }
+ &start_server($server, $options);
+ if ($server =~ /^ns/) {
+ &verify_server($server);
+ }
+} else {
+ # Determine which servers need to be started for this test.
+ opendir DIR, $testdir;
+ my @files = sort readdir DIR;
+ closedir DIR;
+
+ my @ns = grep /^ns[0-9]*$/, @files;
+ my @lwresd = grep /^lwresd[0-9]*$/, @files;
+ my @ans = grep /^ans[0-9]*$/, @files;
+
+ # Start the servers we found.
+ &check_ports();
+ foreach (@ns, @lwresd, @ans) {
+ &start_server($_);
+ }
+ foreach (@ns) {
+ &verify_server($_);
+ }
+}
+
+# Subroutines
+
+sub check_ports {
+ my $server = shift;
+ my $options = "";
+
+ if ($server && $server =~ /(\d+)$/) {
+ $options = "-i $1";
+ }
+
+ my $tries = 0;
+ while (1) {
+ my $return = system("$PERL $topdir/testsock.pl -p 5300 $options");
+ last if ($return == 0);
+ if (++$tries > 4) {
+ print "$0: could not bind to server addresses, still running?\n";
+ print "I:server sockets not available\n";
+ print "R:FAIL\n";
+ system("$PERL $topdir/stop.pl $testdir"); # Is this the correct behavior?
+ exit 1;
+ }
+ print "I:Couldn't bind to socket (yet)\n";
+ sleep 2;
+ }
+}
+
+sub start_server {
+ my $server = shift;
+ my $options = shift;
+
+ my $cleanup_files;
+ my $command;
+ my $pid_file;
+
+ if ($server =~ /^ns/) {
+ $cleanup_files = "{*.jnl,*.bk,*.st,named.run}";
+ $command = "$NAMED ";
+ if ($options) {
+ $command .= "$options";
+ } else {
+ $command .= "-m record,size,mctx ";
+ $command .= "-T clienttest ";
+ $command .= "-c named.conf -d 99 -g";
+ }
+ $command .= " >named.run 2>&1 &";
+ $pid_file = "named.pid";
+ } elsif ($server =~ /^lwresd/) {
+ $cleanup_files = "{lwresd.run}";
+ $command = "$LWRESD ";
+ if ($options) {
+ $command .= "$options";
+ } else {
+ $command .= "-m record,size,mctx ";
+ $command .= "-T clienttest ";
+ $command .= "-C resolv.conf -d 99 -g ";
+ $command .= "-i lwresd.pid -P 9210 -p 5300";
+ }
+ $command .= " >lwresd.run 2>&1 &";
+ $pid_file = "lwresd.pid";
+ } elsif ($server =~ /^ans/) {
+ $cleanup_files = "{ans.run}";
+ $command = "$PERL ./ans.pl ";
+ if ($options) {
+ $command .= "$options";
+ } else {
+ $command .= "";
+ }
+ $command .= " >ans.run 2>&1 &";
+ $pid_file = "ans.pid";
+ } else {
+ print "I:Unknown server type $server\n";
+ print "R:FAIL\n";
+ system "$PERL $topdir/stop.pl $testdir";
+ exit 1;
+ }
+
+ # print "I:starting server $server\n";
+
+ chdir "$testdir/$server";
+
+ unless ($noclean) {
+ unlink glob $cleanup_files;
+ }
+
+ system "$command";
+
+ my $tries = 0;
+ while (!-f $pid_file) {
+ if (++$tries > 14) {
+ print "I:Couldn't start server $server\n";
+ print "R:FAIL\n";
+ system "$PERL $topdir/stop.pl $testdir";
+ exit 1;
+ }
+ sleep 1;
+ }
+}
+
+sub verify_server {
+ my $server = shift;
+ my $n = $server;
+ $n =~ s/^ns//;
+
+ my $tries = 0;
+ while (1) {
+ my $return = system("$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p 5300 version.bind. chaos txt \@10.53.0.$n > dig.out");
+ last if ($return == 0);
+ print `grep ";" dig.out`;
+ if (++$tries >= 30) {
+ print "I:no response from $server\n";
+ print "R:FAIL\n";
+ system("$PERL $topdir/stop.pl $testdir");
+ exit 1;
+ }
+ sleep 2;
+ }
+ unlink "dig.out";
+}
diff --git a/bin/tests/system/start.sh b/bin/tests/system/start.sh
new file mode 100644
index 0000000..7c128db
--- /dev/null
+++ b/bin/tests/system/start.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: start.sh,v 1.42 2007/06/18 23:47:27 tbox Exp $
+
+. ./conf.sh
+$PERL start.pl "$@"
diff --git a/bin/tests/system/stop.pl b/bin/tests/system/stop.pl
new file mode 100644
index 0000000..3d4b804
--- /dev/null
+++ b/bin/tests/system/stop.pl
@@ -0,0 +1,188 @@
+#!/usr/bin/perl -w
+#
+# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: stop.pl,v 1.12 2007/06/19 23:47:00 tbox Exp $
+
+# Framework for stopping test servers
+# Based on the type of server specified, signal the server to stop, wait
+# briefly for it to die, and then kill it if it is still alive.
+# If a server is specified, stop it. Otherwise, stop all servers for test.
+
+use strict;
+use Cwd 'abs_path';
+
+# Option handling
+# [--use-rndc] test [server]
+#
+# test - name of the test directory
+# server - name of the server directory
+
+my $usage = "usage: $0 [--use-rndc] test-directory [server-directory]";
+my $use_rndc;
+
+while (@ARGV && $ARGV[0] =~ /^-/) {
+ my $opt = shift @ARGV;
+ if ($opt eq '--use-rndc') {
+ $use_rndc = 1;
+ } else {
+ die "$usage\n";
+ }
+}
+
+my $test = $ARGV[0];
+my $server = $ARGV[1];
+
+my $errors = 0;
+
+die "$usage\n" unless defined($test);
+die "No test directory: \"$test\"\n" unless (-d $test);
+die "No server directory: \"$server\"\n" if (defined($server) && !-d "$test/$server");
+
+# Global variables
+my $testdir = abs_path($test);
+my @servers;
+
+
+# Determine which servers need to be stopped.
+if (defined $server) {
+ @servers = ($server);
+} else {
+ local *DIR;
+ opendir DIR, $testdir or die "$testdir: $!\n";
+ my @files = sort readdir DIR;
+ closedir DIR;
+
+ my @ns = grep /^ns[0-9]*$/, @files;
+ my @lwresd = grep /^lwresd[0-9]*$/, @files;
+ my @ans = grep /^ans[0-9]*$/, @files;
+
+ push @servers, @ns, @lwresd, @ans;
+}
+
+
+# Stop the server(s), pass 1: rndc.
+if ($use_rndc) {
+ foreach my $server (grep /^ns/, @servers) {
+ stop_rndc($server);
+ }
+
+ wait_for_servers(30, grep /^ns/, @servers);
+}
+
+
+# Pass 2: SIGTERM
+foreach my $server (@servers) {
+ stop_signal($server, "TERM");
+}
+
+wait_for_servers(60, @servers);
+
+# Pass 3: SIGABRT
+foreach my $server (@servers) {
+ stop_signal($server, "ABRT");
+}
+
+exit($errors ? 1 : 0);
+
+# Subroutines
+
+# Return the full path to a given server's PID file.
+sub server_pid_file {
+ my($server) = @_;
+
+ my $pid_file;
+ if ($server =~ /^ns/) {
+ $pid_file = "named.pid";
+ } elsif ($server =~ /^lwresd/) {
+ $pid_file = "lwresd.pid";
+ } elsif ($server =~ /^ans/) {
+ $pid_file = "ans.pid";
+ } else {
+ print "I:Unknown server type $server\n";
+ exit 1;
+ }
+ $pid_file = "$testdir/$server/$pid_file";
+}
+
+# Read a PID.
+sub read_pid {
+ my($pid_file) = @_;
+
+ local *FH;
+ my $result = open FH, "< $pid_file";
+ if (!$result) {
+ print "I:$pid_file: $!\n";
+ unlink $pid_file;
+ return;
+ }
+
+ my $pid = <FH>;
+ chomp($pid);
+ return $pid;
+}
+
+# Stop a named process with rndc.
+sub stop_rndc {
+ my($server) = @_;
+
+ return unless ($server =~ /^ns(\d+)$/);
+ my $ip = "10.53.0.$1";
+
+ # Ugly, but should work.
+ system("$ENV{RNDC} -c $testdir/../common/rndc.conf -s $ip -p 9953 stop | sed 's/^/I:$server /'");
+ return;
+}
+
+# Stop a server by sending a signal to it.
+sub stop_signal {
+ my($server, $sig) = @_;
+
+ my $pid_file = server_pid_file($server);
+ return unless -f $pid_file;
+
+ my $pid = read_pid($pid_file);
+ return unless defined($pid);
+
+ if ($sig eq 'ABRT') {
+ print "I:$server didn't die when sent a SIGTERM\n";
+ $errors++;
+ }
+
+ my $result = kill $sig, $pid;
+ if (!$result) {
+ print "I:$server died before a SIG$sig was sent\n";
+ unlink $pid_file;
+ $errors++;
+ }
+
+ return;
+}
+
+sub wait_for_servers {
+ my($timeout, @servers) = @_;
+
+ my @pid_files = grep { defined($_) }
+ map { server_pid_file($_) } @servers;
+
+ while ($timeout > 0 && @pid_files > 0) {
+ @pid_files = grep { -f $_ } @pid_files;
+ sleep 1 if (@pid_files > 0);
+ $timeout--;
+ }
+
+ return;
+}
diff --git a/bin/tests/system/stop.sh b/bin/tests/system/stop.sh
new file mode 100644
index 0000000..5eb6cdd
--- /dev/null
+++ b/bin/tests/system/stop.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: stop.sh,v 1.25 2007/06/18 23:47:27 tbox Exp $
+
+. ./conf.sh
+$PERL ./stop.pl "$@"
+
diff --git a/bin/tests/system/stress/clean.sh b/bin/tests/system/stress/clean.sh
new file mode 100644
index 0000000..1a3fa60
--- /dev/null
+++ b/bin/tests/system/stress/clean.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
+
+rm -f reload.pid
+
+rm -f ns?/zones.conf
+rm -f ns?/zone*.bk
+
+rm -f ns1/delegations.db
+
+rm -f ns2/zone0*.db
+rm -f ns2/zone0*.jnl
+rm -f */named.memstats
diff --git a/bin/tests/system/stress/ns1/named.conf b/bin/tests/system/stress/ns1/named.conf
new file mode 100644
index 0000000..3d88d8e
--- /dev/null
+++ b/bin/tests/system/stress/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.6 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/stress/ns2/named.conf b/bin/tests/system/stress/ns2/named.conf
new file mode 100644
index 0000000..812b833
--- /dev/null
+++ b/bin/tests/system/stress/ns2/named.conf
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.7 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+include "zones.conf";
diff --git a/bin/tests/system/stress/ns3/named.conf b/bin/tests/system/stress/ns3/named.conf
new file mode 100644
index 0000000..9ff09d7
--- /dev/null
+++ b/bin/tests/system/stress/ns3/named.conf
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/18 23:47:30 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+server 10.53.0.4 {
+ provide-ixfr no;
+};
+server 10.53.0.2 {
+ request-ixfr no;
+};
+
+include "zones.conf";
diff --git a/bin/tests/system/stress/ns4/named.conf b/bin/tests/system/stress/ns4/named.conf
new file mode 100644
index 0000000..e40a0a5
--- /dev/null
+++ b/bin/tests/system/stress/ns4/named.conf
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.8 2007/06/18 23:47:31 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.4;
+ notify-source 10.53.0.4;
+ transfer-source 10.53.0.4;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+include "zones.conf";
+
diff --git a/bin/tests/system/stress/setup.pl b/bin/tests/system/stress/setup.pl
new file mode 100644
index 0000000..5ae0928
--- /dev/null
+++ b/bin/tests/system/stress/setup.pl
@@ -0,0 +1,91 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.pl,v 1.6 2007/06/19 23:47:05 tbox Exp $
+
+#
+# Set up test data for zone transfer quota tests.
+#
+use FileHandle;
+
+my $n_zones = 5;
+my $n_names = 1000;
+
+make_zones(2, undef);
+make_zones(3, "10.53.0.2");
+make_zones(4, "10.53.0.3");
+
+my $rootdelegations =
+ new FileHandle("ns1/root.db", "w") or die;
+
+print $rootdelegations <<END;
+\$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+END
+
+for ($z = 0; $z < $n_zones; $z++) {
+ my $zn = sprintf("zone%06d.example", $z);
+ foreach $ns (qw(2 3 4)) {
+ print $rootdelegations "$zn. NS ns$ns.$zn.\n";
+ print $rootdelegations "ns$ns.$zn. A 10.53.0.$ns\n";
+ }
+}
+close $rootdelegations;
+
+sub make_zones {
+ my ($nsno, $slaved_from) = @_;
+ my $namedconf = new FileHandle("ns$nsno/zones.conf", "w") or die;
+ for ($z = 0; $z < $n_zones; $z++) {
+ my $zn = sprintf("zone%06d.example", $z);
+ if (defined($slaved_from)) {
+ print $namedconf "zone \"$zn\" { type slave; " .
+ "file \"$zn.bk\"; masters { $slaved_from; }; };\n";
+ } else {
+ print $namedconf "zone \"$zn\" { " .
+ "type master; " .
+ "allow-update { any; }; " .
+ "file \"$zn.db\"; };\n";
+
+ my $fn = "ns$nsno/$zn.db";
+ my $f = new FileHandle($fn, "w") or die "open: $fn: $!";
+ print $f "\$TTL 300
+\@ IN SOA ns2.$zn. hostmaster 1 300 120 3600 86400
+@ NS ns2.$zn.
+ns2.$zn. A 10.53.0.2
+@ NS ns3.$zn.
+ns3.$zn. A 10.53.0.3
+@ NS ns4.$zn.
+ns4.$zn. A 10.53.0.4
+ MX 10 mail1.isp.example.
+ MX 20 mail2.isp.example.
+";
+ for ($i = 0; $i < $n_names; $i++) {
+ print $f sprintf("name%06d", $i) .
+ " A 10.0.0.1\n";
+ }
+ $f->close;
+ }
+ }
+}
diff --git a/bin/tests/system/stress/setup.sh b/bin/tests/system/stress/setup.sh
new file mode 100644
index 0000000..2737998
--- /dev/null
+++ b/bin/tests/system/stress/setup.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.5 2007/06/19 23:47:05 tbox Exp $
+
+#
+# Set up test data for zone transfer quota tests.
+#
+
+$PERL setup.pl
diff --git a/bin/tests/system/stress/tests.sh b/bin/tests/system/stress/tests.sh
new file mode 100644
index 0000000..1c5e75e
--- /dev/null
+++ b/bin/tests/system/stress/tests.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:05 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+if $PERL -e 'use Net::DNS;' 2>/dev/null
+then
+ :
+else
+ echo "I:This test requires the Net::DNS library." >&2
+ exit 1
+fi
+
+(
+sh -c "while true
+ do $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 |
+ sed 's/^/I:ns3 /';
+ sleep 1
+ done" & echo $! >reload.pid
+) &
+
+for i in 0 1 2 3 4
+do
+ $PERL update.pl -s 10.53.0.2 -p 5300 zone00000$i.example. &
+done
+
+echo "I:waiting for background processes to finish"
+wait
+
+echo "I:killing reload loop"
+kill `cat reload.pid`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/stress/update.pl b/bin/tests/system/stress/update.pl
new file mode 100644
index 0000000..6a4a6fb
--- /dev/null
+++ b/bin/tests/system/stress/update.pl
@@ -0,0 +1,107 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+#
+# Dynamic update test suite.
+#
+# Usage:
+#
+# perl update_test.pl [-s server] [-p port] zone
+#
+# The server defaults to 127.0.0.1.
+# The port defaults to 53.
+#
+# The "Special NS rules" tests will only work correctly if the
+# has no NS records to begin with, or alternatively has a
+# single NS record pointing at the name "ns1" (relative to
+# the zone name).
+#
+# Installation notes:
+#
+# This program uses the Net::DNS::Resolver module.
+# You can install it by saying
+#
+# perl -MCPAN -e "install Net::DNS"
+#
+# $Id: update.pl,v 1.5 2007/06/19 23:47:05 tbox Exp $
+#
+
+use Getopt::Std;
+use Net::DNS;
+use Net::DNS::Update;
+use Net::DNS::Resolver;
+
+$opt_s = "127.0.0.1";
+$opt_p = 53;
+
+getopt('s:p:');
+
+$res = new Net::DNS::Resolver;
+$res->nameservers($opt_s);
+$res->port($opt_p);
+$res->defnames(0); # Do not append default domain.
+
+@ARGV == 1 or die
+ "usage: perl update_test.pl [-s server] [-p port] zone\n";
+
+$zone = shift @ARGV;
+
+my $failures = 0;
+
+sub assert {
+ my ($cond, $explanation) = @_;
+ if (!$cond) {
+ print "I:Test Failed: $explanation ***\n";
+ $failures++
+ }
+}
+
+sub test {
+ my ($expected, @records) = @_;
+
+ my $update = new Net::DNS::Update("$zone");
+
+ foreach $rec (@records) {
+ $update->push(@$rec);
+ }
+
+ $reply = $res->send($update);
+
+ # Did it work?
+ if (defined $reply) {
+ my $rcode = $reply->header->rcode;
+ assert($rcode eq $expected, "expected $expected, got $rcode");
+ } else {
+ print "I:Update failed: ", $res->errorstring, "\n";
+ }
+}
+
+sub section {
+ my ($msg) = @_;
+ print "I:$msg\n";
+}
+
+for ($i = 0; $i < 1000; $i++) {
+ test("NOERROR", ["update", rr_add("dynamic-$i.$zone 300 TXT txt-$i" )]);
+}
+
+if ($failures) {
+ print "I:$failures tests failed.\n";
+} else {
+ print "I:Update of $opt_s zone $zone successful.\n";
+}
+exit $failures;
diff --git a/bin/tests/system/stub/clean.sh b/bin/tests/system/stub/clean.sh
new file mode 100644
index 0000000..dadd765
--- /dev/null
+++ b/bin/tests/system/stub/clean.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.10 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after stub tests.
+#
+rm -f dig.out.ns3 ns3/child.example.st
+rm -f */named.memstats
diff --git a/bin/tests/system/stub/knowngood.dig.out.norec b/bin/tests/system/stub/knowngood.dig.out.norec
new file mode 100644
index 0000000..ca0e458
--- /dev/null
+++ b/bin/tests/system/stub/knowngood.dig.out.norec
@@ -0,0 +1,21 @@
+
+; <<>> DiG 8.2 <<>> -p @10.53.0.3 +norec data.child.example txt
+; (1 server found)
+;; res options: init defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 216
+;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; data.child.example, type = TXT, class = IN
+
+;; AUTHORITY SECTION:
+child.example. 5M IN NS ns2.child.example.
+
+;; ADDITIONAL SECTION:
+ns2.child.example. 5M IN A 10.53.0.2
+
+;; Total query time: 3 msec
+;; FROM: draco to SERVER: 10.53.0.3
+;; WHEN: Wed Jun 21 10:58:37 2000
+;; MSG SIZE sent: 36 rcvd: 70
+
diff --git a/bin/tests/system/stub/knowngood.dig.out.rec b/bin/tests/system/stub/knowngood.dig.out.rec
new file mode 100644
index 0000000..9f2e4ee
--- /dev/null
+++ b/bin/tests/system/stub/knowngood.dig.out.rec
@@ -0,0 +1,24 @@
+
+; <<>> DiG 8.2 <<>> -p @10.53.0.3 data.child.example txt
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
+;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
+;; QUERY SECTION:
+;; data.child.example, type = TXT, class = IN
+
+;; ANSWER SECTION:
+data.child.example. 5M IN TXT "some" "test" "data"
+
+;; AUTHORITY SECTION:
+child.example. 5M IN NS ns2.child.example.
+
+;; ADDITIONAL SECTION:
+ns2.child.example. 5M IN A 10.53.0.2
+
+;; Total query time: 8 msec
+;; FROM: draco to SERVER: 10.53.0.3
+;; WHEN: Wed Jun 21 10:58:54 2000
+;; MSG SIZE sent: 36 rcvd: 97
+
diff --git a/bin/tests/system/stub/ns1/named.conf b/bin/tests/system/stub/ns1/named.conf
new file mode 100644
index 0000000..858506b
--- /dev/null
+++ b/bin/tests/system/stub/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.14 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/stub/ns1/root.db b/bin/tests/system/stub/ns1/root.db
new file mode 100644
index 0000000..a811e47
--- /dev/null
+++ b/bin/tests/system/stub/ns1/root.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.9 2007/06/19 23:47:05 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
diff --git a/bin/tests/system/stub/ns2/child.example.db b/bin/tests/system/stub/ns2/child.example.db
new file mode 100644
index 0000000..327a3b8
--- /dev/null
+++ b/bin/tests/system/stub/ns2/child.example.db
@@ -0,0 +1,28 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: child.example.db,v 1.9 2007/06/19 23:47:05 tbox Exp $
+
+$TTL 300 ; 5 minutes
+child.example. IN SOA ns2.child.example. hostmaster.child.example. (
+ 2000042795 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+child.example. NS ns2.child.example.
+ns2.child.example. A 10.53.0.2
+data TXT some test data
diff --git a/bin/tests/system/stub/ns2/named.conf b/bin/tests/system/stub/ns2/named.conf
new file mode 100644
index 0000000..888b5e0
--- /dev/null
+++ b/bin/tests/system/stub/ns2/named.conf
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.14 2007/06/19 23:47:05 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "child.example" {
+ type master;
+ file "child.example.db";
+};
diff --git a/bin/tests/system/stub/ns3/example.db b/bin/tests/system/stub/ns3/example.db
new file mode 100644
index 0000000..25e17e4
--- /dev/null
+++ b/bin/tests/system/stub/ns3/example.db
@@ -0,0 +1,28 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.9 2007/06/19 23:47:05 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA ns3.example. hostmaster.example. (
+ 2000042795 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
diff --git a/bin/tests/system/stub/ns3/named.conf b/bin/tests/system/stub/ns3/named.conf
new file mode 100644
index 0000000..89ba16e
--- /dev/null
+++ b/bin/tests/system/stub/ns3/named.conf
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.16 2007/06/18 23:47:31 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "child.example" {
+ type stub;
+ file "child.example.st";
+ masters { 10.53.0.2; };
+};
diff --git a/bin/tests/system/stub/tests.sh b/bin/tests/system/stub/tests.sh
new file mode 100644
index 0000000..ad7fe0b
--- /dev/null
+++ b/bin/tests/system/stub/tests.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.14 2007/06/19 23:47:05 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:trying an axfr that should be denied (NOTAUTH)"
+$DIG +tcp data.child.example. @10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+grep "; Transfer failed." dig.out.ns3 > /dev/null || status=1
+
+echo "I:look for stub zone data without recursion (should not be found)"
+$DIG +tcp +norec data.child.example. @10.53.0.3 txt -p 5300 > dig.out.ns3 \
+ || status=1
+$PERL ../digcomp.pl knowngood.dig.out.norec dig.out.ns3 || status=1
+
+echo "I:look for stub zone data with recursion (should be found)"
+$DIG +tcp data.child.example. @10.53.0.3 txt -p 5300 > dig.out.ns3 || status=1
+$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns3 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/testsock.pl b/bin/tests/system/testsock.pl
new file mode 100644
index 0000000..a658086
--- /dev/null
+++ b/bin/tests/system/testsock.pl
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: testsock.pl,v 1.16 2007/06/19 23:47:00 tbox Exp $
+
+# Test whether the interfaces on 10.53.0.* are up.
+
+require 5.001;
+
+use Socket;
+use Getopt::Long;
+
+my $port = 0;
+my $id = 0;
+GetOptions("p=i" => \$port,
+ "i=i" => \$id);
+
+my @ids;
+if ($id != 0) {
+ @ids = ($id);
+} else {
+ @ids = (1..5);
+}
+
+foreach $id (@ids) {
+ my $addr = pack("C4", 10, 53, 0, $id);
+ my $sa = pack_sockaddr_in($port, $addr);
+ socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname("tcp"))
+ or die "$0: socket: $!\n";
+ setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, pack("l", 1));
+
+ bind(SOCK, $sa)
+ or die sprintf("$0: bind(%s, %d): $!\n",
+ inet_ntoa($addr), $port);
+ close(SOCK);
+ sleep(1);
+}
diff --git a/bin/tests/system/tkey/Makefile.in b/bin/tests/system/tkey/Makefile.in
new file mode 100644
index 0000000..684fb1a
--- /dev/null
+++ b/bin/tests/system/tkey/Makefile.in
@@ -0,0 +1,60 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001, 2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.11 2007/06/19 23:47:06 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+DNSLIBS = ../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../../lib/isc/libisc.@A@
+
+DNSDEPLIBS = ../../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = keycreate@EXEEXT@ keydelete@EXEEXT@
+
+CREATEOBJS = keycreate.@O@
+DELETEOBJS = keydelete.@O@
+
+SRCS = keycreate.c keydelete.c
+
+@BIND9_MAKE_RULES@
+
+all: keycreate@EXEEXT@ keydelete@EXEEXT@
+
+keycreate@EXEEXT@: ${CREATEOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${CREATEOBJS} ${LIBS}
+
+keydelete@EXEEXT@: ${DELETEOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${DELETEOBJS} ${LIBS}
+
+clean distclean::
+ rm -f ${TARGETS}
+
diff --git a/bin/tests/system/tkey/clean.sh b/bin/tests/system/tkey/clean.sh
new file mode 100644
index 0000000..7d64de5
--- /dev/null
+++ b/bin/tests/system/tkey/clean.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
+
+rm -f dig.out.* random.data ns1/named.conf
+rm -f K* ns1/K*
+rm -f */named.memstats
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
new file mode 100644
index 0000000..5540866
--- /dev/null
+++ b/bin/tests/system/tkey/keycreate.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: keycreate.c,v 1.15 2007/06/19 23:47:06 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/dispatch.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/request.h>
+#include <dns/result.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+
+#include <dst/result.h>
+
+#define CHECK(str, x) { \
+ if ((x) != ISC_R_SUCCESS) { \
+ fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \
+ exit(-1); \
+ } \
+}
+
+#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
+
+#define PORT 5300
+#define TIMEOUT 30
+
+static dst_key_t *ourkey;
+static isc_mem_t *mctx;
+static dns_tsigkey_t *tsigkey, *initialkey;
+static dns_tsig_keyring_t *ring;
+static unsigned char noncedata[16];
+static isc_buffer_t nonce;
+static dns_requestmgr_t *requestmgr;
+static const char *ownername_str = ".";
+
+static void
+recvquery(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = (dns_requestevent_t *)event;
+ isc_result_t result;
+ dns_message_t *query, *response;
+ char keyname[256];
+ isc_buffer_t keynamebuf;
+ int type;
+
+ UNUSED(task);
+
+ REQUIRE(reqev != NULL);
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "I:request event result: %s\n",
+ isc_result_totext(reqev->result));
+ exit(-1);
+ }
+
+ query = reqev->ev_arg;
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+
+ result = dns_request_getresponse(reqev->request, response,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ CHECK("dns_request_getresponse", result);
+
+ if (response->rcode != dns_rcode_noerror) {
+ result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
+ fprintf(stderr, "I:response rcode: %s\n",
+ isc_result_totext(result));
+ exit(-1);
+ }
+
+ result = dns_tkey_processdhresponse(query, response, ourkey, &nonce,
+ &tsigkey, ring);
+ CHECK("dns_tkey_processdhresponse", result);
+
+ /*
+ * Yes, this is a hack.
+ */
+ isc_buffer_init(&keynamebuf, keyname, sizeof(keyname));
+ result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf);
+ CHECK("dst_key_buildfilename", result);
+ printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf),
+ (char *)isc_buffer_base(&keynamebuf));
+ type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY;
+ result = dst_key_tofile(tsigkey->key, type, "");
+ CHECK("dst_key_tofile", result);
+
+ dns_message_destroy(&query);
+ dns_message_destroy(&response);
+ dns_request_destroy(&reqev->request);
+ isc_event_free(&event);
+ isc_app_shutdown();
+ return;
+}
+
+static void
+sendquery(isc_task_t *task, isc_event_t *event) {
+ struct in_addr inaddr;
+ isc_sockaddr_t address;
+ isc_region_t r;
+ isc_result_t result;
+ dns_fixedname_t keyname;
+ dns_fixedname_t ownername;
+ isc_buffer_t namestr, keybuf;
+ unsigned char keydata[9];
+ dns_message_t *query;
+ dns_request_t *request;
+ static char keystr[] = "0123456789ab";
+
+ isc_event_free(&event);
+
+ result = ISC_R_FAILURE;
+ if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
+ CHECK("inet_pton", result);
+ isc_sockaddr_fromin(&address, &inaddr, PORT);
+
+ dns_fixedname_init(&keyname);
+ isc_buffer_init(&namestr, "tkeytest.", 9);
+ isc_buffer_add(&namestr, 9);
+ result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr,
+ NULL, ISC_FALSE, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ dns_fixedname_init(&ownername);
+ isc_buffer_init(&namestr, ownername_str, strlen(ownername_str));
+ isc_buffer_add(&namestr, strlen(ownername_str));
+ result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr,
+ NULL, ISC_FALSE, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ isc_buffer_init(&keybuf, keydata, 9);
+ result = isc_base64_decodestring(keystr, &keybuf);
+ CHECK("isc_base64_decodestring", result);
+
+ isc_buffer_usedregion(&keybuf, &r);
+
+ initialkey = NULL;
+ result = dns_tsigkey_create(dns_fixedname_name(&keyname),
+ DNS_TSIG_HMACMD5_NAME,
+ isc_buffer_base(&keybuf),
+ isc_buffer_usedlength(&keybuf),
+ ISC_FALSE, NULL, 0, 0, mctx, ring,
+ &initialkey);
+ CHECK("dns_tsigkey_create", result);
+
+ query = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
+ CHECK("dns_message_create", result);
+
+ result = dns_tkey_builddhquery(query, ourkey,
+ dns_fixedname_name(&ownername),
+ DNS_TSIG_HMACMD5_NAME, &nonce, 3600);
+ CHECK("dns_tkey_builddhquery", result);
+
+ request = NULL;
+ result = dns_request_create(requestmgr, query, &address,
+ 0, initialkey, TIMEOUT, task,
+ recvquery, query, &request);
+ CHECK("dns_request_create", result);
+}
+
+int
+main(int argc, char *argv[]) {
+ char *ourkeyname;
+ isc_taskmgr_t *taskmgr;
+ isc_timermgr_t *timermgr;
+ isc_socketmgr_t *socketmgr;
+ isc_socket_t *sock;
+ unsigned int attrs, attrmask;
+ isc_sockaddr_t bind_any;
+ dns_dispatchmgr_t *dispatchmgr;
+ dns_dispatch_t *dispatchv4;
+ dns_view_t *view;
+ isc_entropy_t *ectx;
+ dns_tkeyctx_t *tctx;
+ isc_log_t *log;
+ isc_logconfig_t *logconfig;
+ isc_task_t *task;
+ isc_result_t result;
+ int type;
+
+ RUNCHECK(isc_app_start());
+
+ if (argc < 2) {
+ fprintf(stderr, "I:no DH key provided\n");
+ exit(-1);
+ }
+ ourkeyname = argv[1];
+
+ if (argc >= 3)
+ ownername_str = argv[2];
+
+ dns_result_register();
+
+ mctx = NULL;
+ RUNCHECK(isc_mem_create(0, 0, &mctx));
+
+ ectx = NULL;
+ RUNCHECK(isc_entropy_create(mctx, &ectx));
+ RUNCHECK(isc_entropy_createfilesource(ectx, "random.data"));
+ RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE));
+
+ log = NULL;
+ logconfig = NULL;
+ RUNCHECK(isc_log_create(mctx, &log, &logconfig));
+
+ RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY));
+
+ taskmgr = NULL;
+ RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ task = NULL;
+ RUNCHECK(isc_task_create(taskmgr, 0, &task));
+ timermgr = NULL;
+ RUNCHECK(isc_timermgr_create(mctx, &timermgr));
+ socketmgr = NULL;
+ RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
+ dispatchmgr = NULL;
+ RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr));
+ isc_sockaddr_any(&bind_any);
+ attrs = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_MAKEQUERY |
+ DNS_DISPATCHATTR_IPV4;
+ attrmask = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_TCP |
+ DNS_DISPATCHATTR_IPV4 |
+ DNS_DISPATCHATTR_IPV6;
+ dispatchv4 = NULL;
+ RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any, 4096, 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv4));
+ requestmgr = NULL;
+ RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr,
+ dispatchmgr, dispatchv4, NULL,
+ &requestmgr));
+
+ ring = NULL;
+ RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
+ tctx = NULL;
+ RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx));
+
+ view = NULL;
+ RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
+ dns_view_setkeyring(view, ring);
+
+ sock = NULL;
+ RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp,
+ &sock));
+
+ RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL));
+
+ ourkey = NULL;
+ type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
+ result = dst_key_fromnamedfile(ourkeyname, type, mctx, &ourkey);
+ CHECK("dst_key_fromnamedfile", result);
+
+ isc_buffer_init(&nonce, noncedata, sizeof(noncedata));
+ result = isc_entropy_getdata(ectx, noncedata, sizeof(noncedata),
+ NULL, ISC_ENTROPY_BLOCKING);
+ CHECK("isc_entropy_getdata", result);
+ isc_buffer_add(&nonce, sizeof(noncedata));
+
+ (void)isc_app_run();
+
+ dns_requestmgr_shutdown(requestmgr);
+ dns_requestmgr_detach(&requestmgr);
+ dns_dispatch_detach(&dispatchv4);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+ isc_task_shutdown(task);
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_socket_detach(&sock);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ dst_key_free(&ourkey);
+ dns_tsigkey_detach(&initialkey);
+ dns_tsigkey_detach(&tsigkey);
+
+ dns_tkeyctx_destroy(&tctx);
+
+ dns_view_detach(&view);
+
+ isc_log_destroy(&log);
+
+ dst_lib_destroy();
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
new file mode 100644
index 0000000..cb028ad
--- /dev/null
+++ b/bin/tests/system/tkey/keydelete.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: keydelete.c,v 1.11 2007/06/19 23:47:06 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/dispatch.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/request.h>
+#include <dns/result.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+
+#include <dst/result.h>
+
+#define CHECK(str, x) { \
+ if ((x) != ISC_R_SUCCESS) { \
+ fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \
+ exit(-1); \
+ } \
+}
+
+#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
+
+#define PORT 5300
+#define TIMEOUT 30
+
+static isc_mem_t *mctx;
+static dns_tsigkey_t *tsigkey;
+static dns_tsig_keyring_t *ring;
+static dns_requestmgr_t *requestmgr;
+
+static void
+recvquery(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = (dns_requestevent_t *)event;
+ isc_result_t result;
+ dns_message_t *query, *response;
+
+ UNUSED(task);
+
+ REQUIRE(reqev != NULL);
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "I:request event result: %s\n",
+ isc_result_totext(reqev->result));
+ exit(-1);
+ }
+
+ query = reqev->ev_arg;
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+
+ result = dns_request_getresponse(reqev->request, response,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ CHECK("dns_request_getresponse", result);
+
+ if (response->rcode != dns_rcode_noerror) {
+ result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
+ fprintf(stderr, "I:response rcode: %s\n",
+ isc_result_totext(result));
+ exit(-1);
+ }
+
+ result = dns_tkey_processdeleteresponse(query, response, ring);
+ CHECK("dns_tkey_processdhresponse", result);
+
+ dns_message_destroy(&query);
+ dns_message_destroy(&response);
+ dns_request_destroy(&reqev->request);
+ isc_event_free(&event);
+ isc_app_shutdown();
+ return;
+}
+
+static void
+sendquery(isc_task_t *task, isc_event_t *event) {
+ struct in_addr inaddr;
+ isc_sockaddr_t address;
+ isc_result_t result;
+ dns_message_t *query;
+ dns_request_t *request;
+
+ isc_event_free(&event);
+
+ result = ISC_R_FAILURE;
+ if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
+ CHECK("inet_pton", result);
+ isc_sockaddr_fromin(&address, &inaddr, PORT);
+
+ query = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
+ CHECK("dns_message_create", result);
+
+ result = dns_tkey_builddeletequery(query, tsigkey);
+ CHECK("dns_tkey_builddeletequery", result);
+
+ request = NULL;
+ result = dns_request_create(requestmgr, query, &address,
+ 0, tsigkey, TIMEOUT, task,
+ recvquery, query, &request);
+ CHECK("dns_request_create", result);
+}
+
+int
+main(int argc, char **argv) {
+ char *keyname;
+ isc_taskmgr_t *taskmgr;
+ isc_timermgr_t *timermgr;
+ isc_socketmgr_t *socketmgr;
+ isc_socket_t *sock;
+ unsigned int attrs, attrmask;
+ isc_sockaddr_t bind_any;
+ dns_dispatchmgr_t *dispatchmgr;
+ dns_dispatch_t *dispatchv4;
+ dns_view_t *view;
+ isc_entropy_t *ectx;
+ dns_tkeyctx_t *tctx;
+ dst_key_t *dstkey;
+ isc_log_t *log;
+ isc_logconfig_t *logconfig;
+ isc_task_t *task;
+ isc_result_t result;
+ int type;
+
+ RUNCHECK(isc_app_start());
+
+ if (argc < 2) {
+ fprintf(stderr, "I:no key to delete\n");
+ exit(-1);
+ }
+ keyname = argv[1];
+
+ dns_result_register();
+
+ mctx = NULL;
+ RUNCHECK(isc_mem_create(0, 0, &mctx));
+
+ ectx = NULL;
+ RUNCHECK(isc_entropy_create(mctx, &ectx));
+ RUNCHECK(isc_entropy_createfilesource(ectx, "random.data"));
+ RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE));
+
+ log = NULL;
+ logconfig = NULL;
+ RUNCHECK(isc_log_create(mctx, &log, &logconfig));
+
+ RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY));
+
+ taskmgr = NULL;
+ RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ task = NULL;
+ RUNCHECK(isc_task_create(taskmgr, 0, &task));
+ timermgr = NULL;
+ RUNCHECK(isc_timermgr_create(mctx, &timermgr));
+ socketmgr = NULL;
+ RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
+ dispatchmgr = NULL;
+ RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr));
+ isc_sockaddr_any(&bind_any);
+ attrs = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_MAKEQUERY |
+ DNS_DISPATCHATTR_IPV4;
+ attrmask = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_TCP |
+ DNS_DISPATCHATTR_IPV4 |
+ DNS_DISPATCHATTR_IPV6;
+ dispatchv4 = NULL;
+ RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any, 4096, 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv4));
+ requestmgr = NULL;
+ RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr,
+ dispatchmgr, dispatchv4, NULL,
+ &requestmgr));
+
+ ring = NULL;
+ RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
+ tctx = NULL;
+ RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx));
+
+ view = NULL;
+ RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
+ dns_view_setkeyring(view, ring);
+
+ sock = NULL;
+ RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp,
+ &sock));
+
+ RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL));
+
+ dstkey = NULL;
+ type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
+ result = dst_key_fromnamedfile(keyname, type, mctx, &dstkey);
+ CHECK("dst_key_fromnamedfile", result);
+ result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
+ DNS_TSIG_HMACMD5_NAME,
+ dstkey, ISC_TRUE, NULL, 0, 0,
+ mctx, ring, &tsigkey);
+ CHECK("dns_tsigkey_createfromkey", result);
+
+ (void)isc_app_run();
+
+ dns_requestmgr_shutdown(requestmgr);
+ dns_requestmgr_detach(&requestmgr);
+ dns_dispatch_detach(&dispatchv4);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+ isc_task_shutdown(task);
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_socket_detach(&sock);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ dns_tsigkey_detach(&tsigkey);
+
+ dns_tkeyctx_destroy(&tctx);
+
+ dns_view_detach(&view);
+
+ isc_log_destroy(&log);
+
+ dst_lib_destroy();
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in
new file mode 100644
index 0000000..27e0d6b
--- /dev/null
+++ b/bin/tests/system/tkey/ns1/named.conf.in
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf.in,v 1.6 2007/06/19 23:47:06 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+ tkey-domain "server";
+ tkey-dhkey "server" KEYID;
+};
+
+key "tkeytest." {
+ algorithm hmac-md5;
+ secret "0123456789ab";
+};
diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh
new file mode 100644
index 0000000..c54e17f
--- /dev/null
+++ b/bin/tests/system/tkey/ns1/setup.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.8 2007/06/19 23:47:06 tbox Exp $
+
+RANDFILE=../random.data
+
+keyname=`$KEYGEN -k -a DH -b 768 -n host -r $RANDFILE server`
+keyid=`echo $keyname | $PERL -p -e 's/^.*\+0*//;'`
+rm -f named.conf
+perl -p -e "s/KEYID/$keyid/;" < named.conf.in > named.conf
diff --git a/bin/tests/system/tkey/prereq.sh b/bin/tests/system/tkey/prereq.sh
new file mode 100644
index 0000000..9c162a4
--- /dev/null
+++ b/bin/tests/system/tkey/prereq.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: prereq.sh,v 1.10 2007/06/19 23:47:06 tbox Exp $
+
+../../genrandom 400 random.data
+
+if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
+then
+ rm -f foo*
+else
+ echo "I:This test requires that --with-openssl was used." >&2
+ exit 1
+fi
diff --git a/bin/tests/system/tkey/setup.sh b/bin/tests/system/tkey/setup.sh
new file mode 100644
index 0000000..d4aee8b
--- /dev/null
+++ b/bin/tests/system/tkey/setup.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+RANDFILE=random.data
+
+../../genrandom 100 $RANDFILE
+
+cd ns1 && sh setup.sh
diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh
new file mode 100644
index 0000000..199a3b9
--- /dev/null
+++ b/bin/tests/system/tkey/tests.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.7 2007/06/19 23:47:06 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="@10.53.0.1 -p 5300"
+
+status=0
+
+RANDFILE=random.data
+
+echo "I:generating new DH key"
+ret=0
+dhkeyname=`$KEYGEN -k -a DH -b 768 -n host -r $RANDFILE client` || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+ echo "I:exit status: $status"
+ exit $status
+fi
+status=`expr $status + $ret`
+
+for owner in . foo.example.
+do
+ echo "I:creating new key using owner name \"$owner\""
+ ret=0
+ keyname=`./keycreate $dhkeyname $owner` || ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ echo "I:exit status: $status"
+ exit $status
+ fi
+ status=`expr $status + $ret`
+
+ echo "I:checking the new key"
+ ret=0
+ $DIG $DIGOPTS . ns -k $keyname > dig.out.1 || ret=1
+ grep "status: NOERROR" dig.out.1 > /dev/null || ret=1
+ grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1
+ grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ fi
+ status=`expr $status + $ret`
+
+ echo "I:deleting new key"
+ ret=0
+ ./keydelete $keyname || ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ fi
+ status=`expr $status + $ret`
+
+ echo "I:checking that new key has been deleted"
+ ret=0
+ $DIG $DIGOPTS . ns -k $keyname > dig.out.2 || ret=1
+ grep "status: NOERROR" dig.out.2 > /dev/null && ret=1
+ grep "TSIG.*hmac-md5.*NOERROR" dig.out.2 > /dev/null && ret=1
+ grep "Some TSIG could not be validated" dig.out.2 > /dev/null || ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh
new file mode 100644
index 0000000..47e7172
--- /dev/null
+++ b/bin/tests/system/tsig/clean.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after tsig tests.
+#
+
+rm -f dig.out.*
+rm -f */named.memstats
diff --git a/bin/tests/system/tsig/ns1/example.db b/bin/tests/system/tsig/ns1/example.db
new file mode 100644
index 0000000..1dd6522
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/example.db
@@ -0,0 +1,151 @@
+; Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example.nil IN SOA ns1.example.nil. hostmaster.example.nil. (
+ 1 ; serial
+ 2000 ; refresh (2000 seconds)
+ 2000 ; retry (2000 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example.nil. NS ns1.example.nil.
+ns1.example.nil. A 10.53.0.1
+example.nil. NS ns2.example.nil.
+ns2.example.nil. A 10.53.0.2
+
+$ORIGIN example.nil.
+* MX 10 mail
+a TXT "foo foo foo"
+ PTR foo.net.
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+key01 KEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02 NXT . ( NSAP-PTR NXT )
+nxt03 NXT . ( A )
+nxt04 NXT . ( 127 )
+ptr01 PTR example.nil.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.nil.
+ns A 73.80.65.49
+$ORIGIN example.nil.
+$TTL 3600 ; 1 hour
+sig01 SIG NXT 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nxt"
+$ORIGIN u.example.nil.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.nil.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/tsig/ns1/named.conf b/bin/tests/system/tsig/ns1/named.conf
new file mode 100644
index 0000000..b48de83
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/named.conf
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.5 2007/06/19 23:47:06 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+};
+
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "sha1" {
+ secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+ algorithm hmac-sha1;
+};
+
+key "sha224" {
+ secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
+ algorithm hmac-sha224;
+};
+
+key "sha256" {
+ secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
+ algorithm hmac-sha256;
+};
+
+key "sha384" {
+ secret "OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h";
+ algorithm hmac-sha384;
+};
+
+key "sha512" {
+ secret "jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg==";
+ algorithm hmac-sha512;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
+
+key "sha1-trunc" {
+ secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+ algorithm hmac-sha1-80;
+};
+
+key "sha224-trunc" {
+ secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
+ algorithm hmac-sha224-112;
+};
+
+key "sha256-trunc" {
+ secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
+ algorithm hmac-sha256-128;
+};
+
+key "sha384-trunc" {
+ secret "OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h";
+ algorithm hmac-sha384-192;
+};
+
+key "sha512-trunc" {
+ secret "jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg==";
+ algorithm hmac-sha512-256;
+};
+
+zone "example.nil" {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
new file mode 100644
index 0000000..d2391c1
--- /dev/null
+++ b/bin/tests/system/tsig/tests.sh
@@ -0,0 +1,218 @@
+#!/bin/sh
+#
+# Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+#
+# Shared secrets.
+#
+md5="97rnFx24Tfna4mHPfgnerA=="
+sha1="FrSt77yPTFx6hTs4i2tKLB9LmE0="
+sha224="hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="
+sha256="R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="
+sha384="OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h"
+sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg=="
+
+status=0
+
+echo "I:fetching using hmac-md5 (old form)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.old || ret=1
+grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-md5 (new form)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-md5:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.new || ret=1
+grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha1"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha1:sha1:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1 || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha224"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha224:sha224:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224 || ret=1
+grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha256"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha256:sha256:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256 || ret=1
+grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha384"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha384:sha384:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384 || ret=1
+grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha512"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha512:sha512:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512 || ret=1
+grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+#
+#
+# Truncated TSIG
+#
+#
+echo "I:fetching using hmac-md5 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.trunc || ret=1
+grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha1 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha1-80:sha1-trunc:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1.trunc || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha224 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha224-112:sha224-trunc:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224.trunc || ret=1
+grep -i "sha224-trunc.*TSIG.*NOERROR" dig.out.sha224.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha256 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha256-128:sha256-trunc:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256.trunc || ret=1
+grep -i "sha256-trunc.*TSIG.*NOERROR" dig.out.sha256.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha384 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha384-192:sha384-trunc:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384.trunc || ret=1
+grep -i "sha384-trunc.*TSIG.*NOERROR" dig.out.sha384.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha512-256 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha512-256:sha512-trunc:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512.trunc || ret=1
+grep -i "sha512-trunc.*TSIG.*NOERROR" dig.out.sha512.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+
+#
+#
+# Check for bad truncation.
+#
+#
+echo "I:fetching using hmac-md5-80 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5-80 || ret=1
+grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha1-80 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha1-80:sha1:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1-80 || ret=1
+grep -i "sha1.*TSIG.*BADTRUNC" dig.out.sha1-80 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha224-112 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha224-112:sha224:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224-112 || ret=1
+grep -i "sha224.*TSIG.*BADTRUNC" dig.out.sha224-112 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha256-128 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha256-128:sha256:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256-128 || ret=1
+grep -i "sha256.*TSIG.*BADTRUNC" dig.out.sha256-128 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha384-192 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha384-192:sha384:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384-192 || ret=1
+grep -i "sha384.*TSIG.*BADTRUNC" dig.out.sha384-192 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha512-256 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+ -y "hmac-sha512-256:sha512:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512-256 || ret=1
+grep -i "sha512.*TSIG.*BADTRUNC" dig.out.sha512-256 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+exit $status
+
+
diff --git a/bin/tests/system/unknown/clean.sh b/bin/tests/system/unknown/clean.sh
new file mode 100644
index 0000000..98acac5
--- /dev/null
+++ b/bin/tests/system/unknown/clean.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.7 2007/09/26 03:22:44 marka Exp $
+
+rm -f dig.out
+rm -f */named.memstats
diff --git a/bin/tests/system/unknown/ns1/broken1.db b/bin/tests/system/unknown/ns1/broken1.db
new file mode 100644
index 0000000..657c75e
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/broken1.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: broken1.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+a A \# 5 0A000001
diff --git a/bin/tests/system/unknown/ns1/broken2.db b/bin/tests/system/unknown/ns1/broken2.db
new file mode 100644
index 0000000..47e2942
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/broken2.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: broken2.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+a A \# 4 0A00000100
diff --git a/bin/tests/system/unknown/ns1/broken3.db b/bin/tests/system/unknown/ns1/broken3.db
new file mode 100644
index 0000000..a292a4e
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/broken3.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: broken3.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+a A \# 5 0A00000100
diff --git a/bin/tests/system/unknown/ns1/broken4.db b/bin/tests/system/unknown/ns1/broken4.db
new file mode 100644
index 0000000..9abb02b
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/broken4.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: broken4.db,v 1.6 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+soa SOA \# 32 026E73013300 04726F6F74C4 00000001 00000001 00000001 00000001 00000001
diff --git a/bin/tests/system/unknown/ns1/broken5.db b/bin/tests/system/unknown/ns1/broken5.db
new file mode 100644
index 0000000..5501a77
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/broken5.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: broken5.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+any TYPE255 \# 2 AB CD
diff --git a/bin/tests/system/unknown/ns1/class10.hints b/bin/tests/system/unknown/ns1/class10.hints
new file mode 100644
index 0000000..c283a31
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/class10.hints
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: class10.hints,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 3600
+. NS ns.
diff --git a/bin/tests/system/unknown/ns1/example-class10.db b/bin/tests/system/unknown/ns1/example-class10.db
new file mode 100644
index 0000000..834b558
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/example-class10.db
@@ -0,0 +1,37 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example-class10.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+
+a1 A \# 4 0A000001
+a2 CLASS10 A \# 4 0A000001
+
+txt1 TXT \# 6 0568656C6C6F
+txt2 TXT "hello"
+txt3 CLASS10 TXT \# 6 0568656C6C6F
+txt4 CLASS10 TXT "hello"
+
+unk1 TYPE123 \# 1 00
+unk2 CLASS10 TYPE123 \# 1 00
diff --git a/bin/tests/system/unknown/ns1/example-in.db b/bin/tests/system/unknown/ns1/example-in.db
new file mode 100644
index 0000000..579bed8
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/example-in.db
@@ -0,0 +1,52 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example-in.db,v 1.7 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300 ; 5 minutes
+@ SOA mname1. . (
+ 2000062101 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+a1 A \# 4 0A000001
+a2 A \# 4 0A 00 00 01
+a3 CLASS1 A 10.0.0.1
+a4 CLASS1 A \# 4 0A000001
+a5 TYPE1 10.0.0.1
+a6 TYPE1 \# 4 0A000001
+a7 CLASS1 TYPE1 10.0.0.1
+a8 CLASS1 TYPE1 \# 4 0A000001
+a9 IN TYPE1 10.0.0.1
+a10 IN TYPE1 \# 4 0A000001
+a11 IN TYPE1 \# 4 0a000001
+a12 IN A \# 4 0A000001
+
+txt1 IN TXT "hello"
+txt2 CLASS1 TXT "hello"
+txt3 IN TYPE16 "hello"
+txt4 CLASS1 TYPE16 "hello"
+txt5 TXT \# 6 0568656C6C6F
+txt6 TYPE16 \# 6 0568656C6C6F
+txt7 IN TXT \# 6 0568656C6C6F
+
+unk1 TYPE123 \# 1 00
+unk2 CLASS1 TYPE123 \# 1 00
+unk3 IN TYPE123 \# 1 00
diff --git a/bin/tests/system/unknown/ns1/named.conf b/bin/tests/system/unknown/ns1/named.conf
new file mode 100644
index 0000000..be3b57e
--- /dev/null
+++ b/bin/tests/system/unknown/ns1/named.conf
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.11 2007/06/19 23:47:06 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+};
+
+view "in" {
+ zone "example." {
+ type master;
+ file "example-in.db";
+ };
+
+ zone "broken1." {
+ type master;
+ file "broken1.db";
+ };
+
+ zone "broken2." {
+ type master;
+ file "broken2.db";
+ };
+
+ zone "broken3." {
+ type master;
+ file "broken3.db";
+ };
+
+ zone "broken4." {
+ type master;
+ file "broken4.db";
+ };
+
+ zone "broken5." {
+ type master;
+ file "broken5.db";
+ };
+};
+
+view "class10" class10 {
+ zone "." class10 {
+ type hint;
+ file "class10.hints";
+ };
+
+ zone "example." class10 {
+ type master;
+ file "example-class10.db";
+ };
+};
diff --git a/bin/tests/system/unknown/tests.sh b/bin/tests/system/unknown/tests.sh
new file mode 100644
index 0000000..c234178
--- /dev/null
+++ b/bin/tests/system/unknown/tests.sh
@@ -0,0 +1,119 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.10 2007/06/19 23:47:06 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+DIGOPTS="@10.53.0.1 -p 5300"
+
+echo "I:querying for various representations of an IN A record"
+for i in 1 2 3 4 5 6 7 8 9 10 11 12
+do
+ ret=0
+ $DIG +short $DIGOPTS a$i.example a in > dig.out || ret=1
+ echo 10.0.0.1 | diff - dig.out || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:querying for various representations of an IN TXT record"
+for i in 1 2 3 4 5 6 7
+do
+ ret=0
+ $DIG +short $DIGOPTS txt$i.example txt in > dig.out || ret=1
+ echo '"hello"' | diff - dig.out || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:querying for various representations of an IN TYPE123 record"
+for i in 1 2 3
+do
+ ret=0
+ $DIG +short $DIGOPTS unk$i.example type123 in > dig.out || ret=1
+ echo '\# 1 00' | diff - dig.out || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:querying for various representations of a CLASS10 TYPE1 record"
+for i in 1 2
+do
+ ret=0
+ $DIG +short $DIGOPTS a$i.example a class10 > dig.out || ret=1
+ echo '\# 4 0A000001' | diff - dig.out || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:querying for various representations of a CLASS10 TXT record"
+for i in 1 2 3 4
+do
+ ret=0
+ $DIG +short $DIGOPTS txt$i.example txt class10 > dig.out || ret=1
+ echo '"hello"' | diff - dig.out || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:querying for various representations of a CLASS10 TYPE123 record"
+for i in 1 2
+do
+ ret=0
+ $DIG +short $DIGOPTS unk$i.example type123 class10 > dig.out || ret=1
+ echo '\# 1 00' | diff - dig.out || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:querying for SOAs of zone that should have failed to load"
+for i in 1 2 3 4
+do
+ ret=0
+ $DIG $DIGOPTS broken$i. soa in > dig.out || ret=1
+ grep "SERVFAIL" dig.out > /dev/null || ret=1
+ if [ $ret != 0 ]
+ then
+ echo "#$i failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/upforwd/clean.sh b/bin/tests/system/upforwd/clean.sh
new file mode 100644
index 0000000..5d4054e
--- /dev/null
+++ b/bin/tests/system/upforwd/clean.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.9 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1 dig.out.ns3 dig.out.ns1.after
+rm -f ns1/*.jnl ns2/*.jnl ns3/*.jnl ns1/example.db ns2/*.bk ns3/*.bk
+rm -f */named.memstats
diff --git a/bin/tests/system/upforwd/knowngood.after1 b/bin/tests/system/upforwd/knowngood.after1
new file mode 100644
index 0000000..7fc424c
--- /dev/null
+++ b/bin/tests/system/upforwd/knowngood.after1
@@ -0,0 +1,10 @@
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 2 3600 1200 604800 7200
+example. 3600 IN NS ns2.example.
+example. 3600 IN NS ns3.example.
+ns1.example. 3600 IN A 10.53.0.1
+ns2.example. 3600 IN A 10.53.0.2
+ns3.example. 3600 IN A 10.53.0.3
+updated.example. 600 IN TXT "Foo"
+updated.example. 600 IN A 10.10.10.1
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 2 3600 1200 604800 7200
+
diff --git a/bin/tests/system/upforwd/knowngood.after2 b/bin/tests/system/upforwd/knowngood.after2
new file mode 100644
index 0000000..eab7a2c
--- /dev/null
+++ b/bin/tests/system/upforwd/knowngood.after2
@@ -0,0 +1,11 @@
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 3 3600 1200 604800 7200
+example. 3600 IN NS ns2.example.
+example. 3600 IN NS ns3.example.
+ns1.example. 3600 IN A 10.53.0.1
+ns2.example. 3600 IN A 10.53.0.2
+ns3.example. 3600 IN A 10.53.0.3
+unsigned.example. 600 IN TXT "Foo"
+unsigned.example. 600 IN A 10.10.10.1
+updated.example. 600 IN TXT "Foo"
+updated.example. 600 IN A 10.10.10.1
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 3 3600 1200 604800 7200
diff --git a/bin/tests/system/upforwd/knowngood.before b/bin/tests/system/upforwd/knowngood.before
new file mode 100644
index 0000000..4bde819
--- /dev/null
+++ b/bin/tests/system/upforwd/knowngood.before
@@ -0,0 +1,8 @@
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 1 3600 1200 604800 7200
+example. 3600 IN NS ns2.example.
+example. 3600 IN NS ns3.example.
+ns1.example. 3600 IN A 10.53.0.1
+ns2.example. 3600 IN A 10.53.0.2
+ns3.example. 3600 IN A 10.53.0.3
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 1 3600 1200 604800 7200
+
diff --git a/bin/tests/system/upforwd/knowngood.ns2.before b/bin/tests/system/upforwd/knowngood.ns2.before
new file mode 100644
index 0000000..bb3c355
--- /dev/null
+++ b/bin/tests/system/upforwd/knowngood.ns2.before
@@ -0,0 +1,6 @@
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 1 3600 1200 604800 7200
+example. 3600 IN NS ns2.example.
+ns1.example. 3600 IN A 10.53.0.1
+ns2.example. 3600 IN A 10.53.0.2
+example. 3600 IN SOA n1.example. hostmaster.ns1.example. 1 3600 1200 604800 7200
+
diff --git a/bin/tests/system/upforwd/ns1/example1.db b/bin/tests/system/upforwd/ns1/example1.db
new file mode 100644
index 0000000..940b9fd
--- /dev/null
+++ b/bin/tests/system/upforwd/ns1/example1.db
@@ -0,0 +1,24 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example1.db,v 1.4 2007/06/19 23:47:06 tbox Exp $
+
+@ 3600 SOA n1.example. hostmaster.ns1.example. (
+ 1 3600 1200 604800 7200 )
+ NS ns2.example.
+ NS ns3.example.
+ns1 A 10.53.0.1
+ns2 A 10.53.0.2
+ns3 A 10.53.0.3
diff --git a/bin/tests/system/upforwd/ns1/named.conf b/bin/tests/system/upforwd/ns1/named.conf
new file mode 100644
index 0000000..8d9d2fa
--- /dev/null
+++ b/bin/tests/system/upforwd/ns1/named.conf
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.11 2007/06/18 23:47:31 tbox Exp $ */
+
+key "update.example." {
+ algorithm "hmac-md5";
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+};
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+ allow-update { key update.example.; 10.53.0.3; };
+};
diff --git a/bin/tests/system/upforwd/ns2/named.conf b/bin/tests/system/upforwd/ns2/named.conf
new file mode 100644
index 0000000..57ad4b0
--- /dev/null
+++ b/bin/tests/system/upforwd/ns2/named.conf
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.10 2007/06/18 23:47:31 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "example" {
+ type slave;
+ file "example.bk";
+ masters { 10.53.0.1; };
+};
diff --git a/bin/tests/system/upforwd/ns3/named.conf b/bin/tests/system/upforwd/ns3/named.conf
new file mode 100644
index 0000000..b1fe854
--- /dev/null
+++ b/bin/tests/system/upforwd/ns3/named.conf
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.10 2007/06/18 23:47:31 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "example" {
+ type slave;
+ file "example.bk";
+ allow-update-forwarding { any; };
+ masters { 10.53.0.1; };
+};
diff --git a/bin/tests/system/upforwd/setup.sh b/bin/tests/system/upforwd/setup.sh
new file mode 100644
index 0000000..21a0e36
--- /dev/null
+++ b/bin/tests/system/upforwd/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.8 2007/06/19 23:47:06 tbox Exp $
+
+cp -f ns1/example1.db ns1/example.db
+rm -f ns1/example.db.jnl ns2/example.bk ns2/example.bk.jnl
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
new file mode 100644
index 0000000..81156c8
--- /dev/null
+++ b/bin/tests/system/upforwd/tests.sh
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.10 2007/06/19 23:47:06 tbox Exp $
+
+# ns1 = stealth master
+# ns2 = slave with update forwarding disabled; not currently used
+# ns3 = slave with update forwarding enabled
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:fetching master copy of zone before update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+
+echo "I:fetching slave 1 copy of zone before update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+
+echo "I:fetching slave 2 copy of zone before update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+
+echo "I:comparing pre-update copies to known good data"
+$PERL ../digcomp.pl knowngood.before dig.out.ns1 || status=1
+$PERL ../digcomp.pl knowngood.before dig.out.ns2 || status=1
+$PERL ../digcomp.pl knowngood.before dig.out.ns3 || status=1
+
+echo "I:updating zone (signed)"
+$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || status=1
+server 10.53.0.3 5300
+update add updated.example. 600 A 10.10.10.1
+update add updated.example. 600 TXT Foo
+send
+EOF
+
+echo "I:sleeping 15 seconds for server to incorporate changes"
+sleep 15
+
+echo "I:fetching master copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+
+echo "I:fetching slave 1 copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+
+echo "I:fetching slave 2 copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+
+echo "I:comparing post-update copies to known good data"
+$PERL ../digcomp.pl knowngood.after1 dig.out.ns1 || status=1
+$PERL ../digcomp.pl knowngood.after1 dig.out.ns2 || status=1
+$PERL ../digcomp.pl knowngood.after1 dig.out.ns3 || status=1
+
+echo "I:updating zone (unsigned)"
+$NSUPDATE -- - <<EOF || status=1
+server 10.53.0.3 5300
+update add unsigned.example. 600 A 10.10.10.1
+update add unsigned.example. 600 TXT Foo
+send
+EOF
+
+echo "I:sleeping 15 seconds for server to incorporate changes"
+sleep 15
+
+echo "I:fetching master copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+
+echo "I:fetching slave 1 copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+
+echo "I:fetching slave 2 copy of zone after update"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
+ @10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+
+echo "I:comparing post-update copies to known good data"
+$PERL ../digcomp.pl knowngood.after2 dig.out.ns1 || status=1
+$PERL ../digcomp.pl knowngood.after2 dig.out.ns2 || status=1
+$PERL ../digcomp.pl knowngood.after2 dig.out.ns3 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/v6synth/clean.sh b/bin/tests/system/v6synth/clean.sh
new file mode 100644
index 0000000..5f9157b
--- /dev/null
+++ b/bin/tests/system/v6synth/clean.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.5 2007/09/26 03:22:44 marka Exp $
+
+rm -f *.out
+rm -f */named.memstats
diff --git a/bin/tests/system/v6synth/ns1/named.conf b/bin/tests/system/v6synth/ns1/named.conf
new file mode 100644
index 0000000..fdf7e56
--- /dev/null
+++ b/bin/tests/system/v6synth/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.5 2007/06/19 23:47:06 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/v6synth/ns1/root.db b/bin/tests/system/v6synth/ns1/root.db
new file mode 100644
index 0000000..0208038
--- /dev/null
+++ b/bin/tests/system/v6synth/ns1/root.db
@@ -0,0 +1,33 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.4 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+
+ip6.int. NS ns2.example.
+ip6.arpa. NS ns2.example.
diff --git a/bin/tests/system/v6synth/ns2/example.db b/bin/tests/system/v6synth/ns2/example.db
new file mode 100644
index 0000000..120b87d
--- /dev/null
+++ b/bin/tests/system/v6synth/ns2/example.db
@@ -0,0 +1,38 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.4 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 86400
+@ IN SOA ns2 hostmaster (
+ 2001010604 3600 1800 1814400 3600 )
+ NS ns2.example.
+ns2.example. A 10.53.0.2
+
+a A 10.0.0.1
+aaaa AAAA 12:34:56::ff
+a6 A6 0 12:34:56::ff
+chain A6 64 0::ff:ff prefix
+prefix A6 0 12:34:56::0
+alias CNAME chain
+alias2 CNAME alias
+dname DNAME foo
+
+loop CNAME loop
+
+loop2 CNAME loop3
+loop3 CNAME loop2
+
+aaaa.foo AAAA 12:34:56::ff
diff --git a/bin/tests/system/v6synth/ns2/ip6.arpa.db b/bin/tests/system/v6synth/ns2/ip6.arpa.db
new file mode 100644
index 0000000..c99c8d9
--- /dev/null
+++ b/bin/tests/system/v6synth/ns2/ip6.arpa.db
@@ -0,0 +1,24 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001, 2002 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ip6.arpa.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 86400
+@ IN SOA ns2 hostmaster (
+ 2001010604 3600 1800 1814400 3600 )
+ NS ns2.example.
+ns2.example. A 10.53.0.2
+
+f.f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.4.3.2.1 PTR foo.
diff --git a/bin/tests/system/v6synth/ns2/ip6.int.db b/bin/tests/system/v6synth/ns2/ip6.int.db
new file mode 100644
index 0000000..374e02a
--- /dev/null
+++ b/bin/tests/system/v6synth/ns2/ip6.int.db
@@ -0,0 +1,24 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: ip6.int.db,v 1.4 2007/06/19 23:47:06 tbox Exp $
+
+$TTL 86400
+@ IN SOA ns2 hostmaster (
+ 2001010604 3600 1800 1814400 3600 )
+ NS ns2.example.
+ns2.example. A 10.53.0.2
+
+f.f.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.4.3.2.1 PTR bar.
diff --git a/bin/tests/system/v6synth/ns2/named.conf b/bin/tests/system/v6synth/ns2/named.conf
new file mode 100644
index 0000000..1eb6d33
--- /dev/null
+++ b/bin/tests/system/v6synth/ns2/named.conf
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.6 2007/06/18 23:47:31 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "ip6.int" {
+ type master;
+ file "ip6.int.db";
+};
+
+zone "ip6.arpa" {
+ type master;
+ file "ip6.arpa.db";
+};
+
diff --git a/bin/tests/system/v6synth/ns3/named.conf b/bin/tests/system/v6synth/ns3/named.conf
new file mode 100644
index 0000000..bacaab7
--- /dev/null
+++ b/bin/tests/system/v6synth/ns3/named.conf
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.6 2007/06/18 23:47:31 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+ allow-v6-synthesis { any; };
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
diff --git a/bin/tests/system/v6synth/tests.sh b/bin/tests/system/v6synth/tests.sh
new file mode 100644
index 0000000..8cc67f9
--- /dev/null
+++ b/bin/tests/system/v6synth/tests.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.4 2007/06/19 23:47:06 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+# ns1 = root server
+# ns2 = authoritative server
+# ns3 = recursive server doing v6 synthesis
+
+status=0
+
+DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+for name in aaaa a6 chain alias2 aaaa.dname loop loop2
+do
+ $DIG $DIGOPTS $name.example. aaaa @10.53.0.3 -p 5300
+ echo
+done >dig.out
+
+for i in 1 2
+do
+ $DIG $DIGOPTS f.f.$i.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.4.3.2.1.ip6.int. PTR @10.53.0.3 -p 5300
+ echo
+done >>dig.out
+
+cat <<EOF >good.out
+aaaa.example. 0 IN AAAA 12:34:56::ff
+
+a6.example. 0 IN AAAA 12:34:56::ff
+
+chain.example. 0 IN AAAA 12:34:56::ff:ff
+
+alias2.example. 0 IN CNAME alias.example.
+alias.example. 0 IN CNAME chain.example.
+chain.example. 0 IN AAAA 12:34:56::ff:ff
+
+aaaa.dname.example. 0 IN CNAME aaaa.foo.example.
+aaaa.foo.example. 0 IN AAAA 12:34:56::ff
+
+loop.example. 0 IN CNAME loop.example.
+
+loop2.example. 0 IN CNAME loop3.example.
+loop3.example. 0 IN CNAME loop2.example.
+
+f.f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.4.3.2.1.ip6.int. 0 IN PTR foo.
+
+f.f.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.4.3.2.1.ip6.int. 0 IN PTR bar.
+
+EOF
+
+diff good.out dig.out || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/views/clean.sh b/bin/tests/system/views/clean.sh
new file mode 100644
index 0000000..1eebccf
--- /dev/null
+++ b/bin/tests/system/views/clean.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.14 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f ns3/example.bk dig.out.ns?.?
+rm -f ns2/named.conf ns2/example.db ns3/named.conf ns3/internal.bk
+rm -f */named.memstats
diff --git a/bin/tests/system/views/ns1/named.conf b/bin/tests/system/views/ns1/named.conf
new file mode 100644
index 0000000..46a0a02
--- /dev/null
+++ b/bin/tests/system/views/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.17 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/views/ns1/root.db b/bin/tests/system/views/ns1/root.db
new file mode 100644
index 0000000..683f585
--- /dev/null
+++ b/bin/tests/system/views/ns1/root.db
@@ -0,0 +1,30 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.9 2007/06/19 23:47:07 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
diff --git a/bin/tests/system/views/ns2/example1.db b/bin/tests/system/views/ns2/example1.db
new file mode 100644
index 0000000..c8d7ec8
--- /dev/null
+++ b/bin/tests/system/views/ns2/example1.db
@@ -0,0 +1,34 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example1.db,v 1.9 2007/06/19 23:47:07 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 1 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+
+$ORIGIN example.
+a A 10.0.0.1
+ MX 10 mail.example.
+
+mail A 10.0.0.2
diff --git a/bin/tests/system/views/ns2/example2.db b/bin/tests/system/views/ns2/example2.db
new file mode 100644
index 0000000..d7ea37e
--- /dev/null
+++ b/bin/tests/system/views/ns2/example2.db
@@ -0,0 +1,34 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example2.db,v 1.10 2007/06/19 23:47:07 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 2 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.4
+
+$ORIGIN example.
+a A 10.0.0.1
+ MX 10 mail.example.
+
+mail A 10.0.0.2
diff --git a/bin/tests/system/views/ns2/internal.db b/bin/tests/system/views/ns2/internal.db
new file mode 100644
index 0000000..1a97057
--- /dev/null
+++ b/bin/tests/system/views/ns2/internal.db
@@ -0,0 +1,36 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: internal.db,v 1.9 2007/06/19 23:47:07 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 2 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+a A 10.1.0.1
+ MX 10 intmail.example.
+
+intmail A 10.1.0.2
diff --git a/bin/tests/system/views/ns2/named1.conf b/bin/tests/system/views/ns2/named1.conf
new file mode 100644
index 0000000..a09d069
--- /dev/null
+++ b/bin/tests/system/views/ns2/named1.conf
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named1.conf,v 1.20 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+include "../../common/controls.conf";
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+ allow-update { any; };
+};
diff --git a/bin/tests/system/views/ns2/named2.conf b/bin/tests/system/views/ns2/named2.conf
new file mode 100644
index 0000000..e4180f2
--- /dev/null
+++ b/bin/tests/system/views/ns2/named2.conf
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named2.conf,v 1.22 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; 10.53.0.4; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+include "../../common/controls.conf";
+
+view "internal" {
+ match-clients { 10.53.0.2;
+ 10.53.0.3; };
+
+ zone "." {
+ type hint;
+ file "../../common/root.hint";
+ };
+
+ zone "example" {
+ type master;
+ file "internal.db";
+ allow-update { any; };
+ };
+};
+
+view "external" {
+ match-clients { any; };
+
+ zone "." {
+ type hint;
+ file "../../common/root.hint";
+ };
+
+ zone "example" {
+ type master;
+ file "example.db";
+ };
+};
+
diff --git a/bin/tests/system/views/ns3/internal.db b/bin/tests/system/views/ns3/internal.db
new file mode 100644
index 0000000..3d33d7f
--- /dev/null
+++ b/bin/tests/system/views/ns3/internal.db
@@ -0,0 +1,34 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: internal.db,v 1.9 2007/06/19 23:47:07 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 1 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+a A 10.1.0.1
+ MX 10 intmail.example.
+
+intmail A 10.1.0.2
diff --git a/bin/tests/system/views/ns3/named1.conf b/bin/tests/system/views/ns3/named1.conf
new file mode 100644
index 0000000..9723e08
--- /dev/null
+++ b/bin/tests/system/views/ns3/named1.conf
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named1.conf,v 1.19 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ directory ".";
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ notify yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ allow-update { any; };
+ file "internal.db";
+};
+
+
diff --git a/bin/tests/system/views/ns3/named2.conf b/bin/tests/system/views/ns3/named2.conf
new file mode 100644
index 0000000..27d4955
--- /dev/null
+++ b/bin/tests/system/views/ns3/named2.conf
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named2.conf,v 1.19 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ directory ".";
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ notify yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.3 port 11953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type slave;
+ masters { 10.53.0.2; };
+ allow-update { any; };
+ file "internal.bk";
+};
diff --git a/bin/tests/system/views/setup.sh b/bin/tests/system/views/setup.sh
new file mode 100644
index 0000000..c572a87
--- /dev/null
+++ b/bin/tests/system/views/setup.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.10 2007/06/19 23:47:06 tbox Exp $
+
+
+cp -f ns2/example1.db ns2/example.db
+cp -f ns2/named1.conf ns2/named.conf
+cp -f ns3/named1.conf ns3/named.conf
diff --git a/bin/tests/system/views/tests.sh b/bin/tests/system/views/tests.sh
new file mode 100644
index 0000000..b6fb552
--- /dev/null
+++ b/bin/tests/system/views/tests.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.30 2007/06/19 23:47:06 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I:fetching a.example from ns2's initial configuration"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noauth \
+ a.example. @10.53.0.2 any -p 5300 > dig.out.ns2.1 || status=1
+grep ";" dig.out.ns2.1 # XXXDCL why is this here?
+
+echo "I:fetching a.example from ns3's initial configuration"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noauth \
+ a.example. @10.53.0.3 any -p 5300 > dig.out.ns3.1 || status=1
+grep ";" dig.out.ns3.1 # XXXDCL why is this here?
+
+echo "I:copying in new configurations for ns2 and ns3"
+rm -f ns2/named.conf ns3/named.conf ns2/example.db
+cp -f ns2/named2.conf ns2/named.conf
+cp -f ns3/named2.conf ns3/named.conf
+cp -f ns2/example2.db ns2/example.db
+
+echo "I:reloading ns2 and ns3 with rndc"
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /'
+
+echo "I:sleeping for 20 seconds"
+sleep 20
+
+echo "I:fetching a.example from ns2's 10.53.0.4, source address 10.53.0.4"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noauth \
+ -b 10.53.0.4 a.example. @10.53.0.4 any -p 5300 > dig.out.ns4.2 \
+ || status=1
+grep ";" dig.out.ns4.2 # XXXDCL why is this here?
+
+echo "I:fetching a.example from ns2's 10.53.0.2, source address 10.53.0.2"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noauth \
+ -b 10.53.0.2 a.example. @10.53.0.2 any -p 5300 > dig.out.ns2.2 \
+ || status=1
+grep ";" dig.out.ns2.2 # XXXDCL why is this here?
+
+echo "I:fetching a.example from ns3's 10.53.0.3, source address defaulted"
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noauth \
+ @10.53.0.3 a.example. any -p 5300 > dig.out.ns3.2 || status=1
+grep ";" dig.out.ns3.2 # XXXDCL why is this here?
+
+echo "I:comparing ns3's initial a.example to one from reconfigured 10.53.0.2"
+$PERL ../digcomp.pl dig.out.ns3.1 dig.out.ns2.2 || status=1
+
+echo "I:comparing ns3's initial a.example to one from reconfigured 10.53.0.3"
+$PERL ../digcomp.pl dig.out.ns3.1 dig.out.ns3.2 || status=1
+
+echo "I:comparing ns2's initial a.example to one from reconfigured 10.53.0.4"
+$PERL ../digcomp.pl dig.out.ns2.1 dig.out.ns4.2 || status=1
+
+echo "I:comparing ns2's initial a.example to one from reconfigured 10.53.0.3"
+echo "I:(should be different)"
+if $PERL ../digcomp.pl dig.out.ns2.1 dig.out.ns3.2 >/dev/null
+then
+ echo "I:no differences found. something's wrong."
+ status=1
+fi
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh
new file mode 100644
index 0000000..132530a
--- /dev/null
+++ b/bin/tests/system/xfer/clean.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.14 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f dig.out.ns2 dig.out.ns3
+rm -f ns2/example.db ns2/tsigzone.db ns2/example.db.jnl
+rm -f ns3/example.bk ns3/tsigzone.bk ns3/example.bk.jnl
+rm -f */named.memstats
diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good
new file mode 100644
index 0000000..b7f3f79
--- /dev/null
+++ b/bin/tests/system/xfer/dig1.good
@@ -0,0 +1,80 @@
+example. 86400 IN SOA ns2.example. hostmaster.example. 1397051952 5 5 1814400 3600
+example. 3600 IN NS ns2.example.
+example. 3600 IN NS ns3.example.
+a01.example. 3600 IN A 0.0.0.0
+a02.example. 3600 IN A 255.255.255.255
+a601.example. 3600 IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+a601.example. 3600 IN A6 64 ::ffff:ffff:ffff:ffff foo.
+a601.example. 3600 IN A6 127 ::1 foo.
+a601.example. 3600 IN A6 128 .
+afsdb01.example. 3600 IN AFSDB 0 hostname.example.
+afsdb02.example. 3600 IN AFSDB 65535 .
+cert01.example. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+cname01.example. 3600 IN CNAME cname-target.
+cname02.example. 3600 IN CNAME cname-target.example.
+cname03.example. 3600 IN CNAME .
+dname01.example. 3600 IN DNAME dname-target.
+dname02.example. 3600 IN DNAME dname-target.example.
+dname03.example. 3600 IN DNAME .
+gpos01.example. 3600 IN GPOS "-22.6882" "116.8652" "250.0"
+gpos02.example. 3600 IN GPOS "" "" ""
+hinfo01.example. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02.example. 3600 IN HINFO "PC" "NetBSD"
+isdn01.example. 3600 IN ISDN "isdn-address"
+isdn02.example. 3600 IN ISDN "isdn-address" "subaddress"
+isdn03.example. 3600 IN ISDN "isdn-address"
+isdn04.example. 3600 IN ISDN "isdn-address" "subaddress"
+dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+kx01.example. 3600 IN KX 10 kdc.example.
+kx02.example. 3600 IN KX 10 .
+loc01.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01.example. 3600 IN MG madname.example.
+mb02.example. 3600 IN MG .
+mg01.example. 3600 IN MG mgmname.example.
+mg02.example. 3600 IN MG .
+minfo01.example. 3600 IN MINFO rmailbx.example. emailbx.example.
+minfo02.example. 3600 IN MINFO . .
+mr01.example. 3600 IN MR mrname.example.
+mr02.example. 3600 IN MR .
+mx01.example. 3600 IN MX 10 mail.example.
+mx02.example. 3600 IN MX 10 .
+naptr01.example. 3600 IN NAPTR 0 0 "" "" "" .
+naptr02.example. 3600 IN NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+ns2.example. 3600 IN A 10.53.0.2
+ns3.example. 3600 IN A 10.53.0.3
+nsap-ptr01.example. 3600 IN NSAP-PTR .
+nsap-ptr01.example. 3600 IN NSAP-PTR foo.
+nsap01.example. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02.example. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nsec01.example. 3600 IN NSEC a.secure.nil. NS SOA MX LOC RRSIG NSEC DNSKEY
+nsec02.example. 3600 IN NSEC . NSAP-PTR NSEC
+nsec03.example. 3600 IN NSEC . A
+nsec04.example. 3600 IN NSEC . TYPE127
+ptr01.example. 3600 IN PTR example.
+px01.example. 3600 IN PX 65535 foo. bar.
+px02.example. 3600 IN PX 65535 . .
+rp01.example. 3600 IN RP mbox-dname.example. txt-dname.example.
+rp02.example. 3600 IN RP . .
+rt01.example. 3600 IN RT 0 intermediate-host.example.
+rt02.example. 3600 IN RT 65535 .
+rrsig01.example. 3600 IN RRSIG NSEC 1 3 3600 20000102030405 19961211100908 2143 foo.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+srv01.example. 3600 IN SRV 0 0 0 .
+srv02.example. 3600 IN SRV 65535 65535 65535 old-slow-box.example.
+txt01.example. 3600 IN TXT "foo"
+txt02.example. 3600 IN TXT "foo" "bar"
+txt03.example. 3600 IN TXT "foo"
+txt04.example. 3600 IN TXT "foo" "bar"
+txt05.example. 3600 IN TXT "foo bar"
+txt06.example. 3600 IN TXT "foo bar"
+txt07.example. 3600 IN TXT "foo bar"
+txt08.example. 3600 IN TXT "foo\010bar"
+txt09.example. 3600 IN TXT "foo\010bar"
+txt10.example. 3600 IN TXT "foo bar"
+txt11.example. 3600 IN TXT "\"foo\""
+txt12.example. 3600 IN TXT "\"foo\""
+wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
+wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53
+wks03.example. 3600 IN WKS 10.0.0.2 6 65535
+x2501.example. 3600 IN X25 "123456789"
+example. 86400 IN SOA ns2.example. hostmaster.example. 1397051952 5 5 1814400 3600
diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good
new file mode 100644
index 0000000..9f2cece
--- /dev/null
+++ b/bin/tests/system/xfer/dig2.good
@@ -0,0 +1,80 @@
+example. 86400 IN SOA ns2.example. hostmaster.example. 1397051953 5 5 1814400 3600
+example. 3600 IN NS ns2.example.
+example. 3600 IN NS ns3.example.
+a01.example. 3600 IN A 0.0.0.1
+a02.example. 3600 IN A 255.255.255.255
+a601.example. 3600 IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+a601.example. 3600 IN A6 64 ::ffff:ffff:ffff:ffff foo.
+a601.example. 3600 IN A6 127 ::1 foo.
+a601.example. 3600 IN A6 128 .
+afsdb01.example. 3600 IN AFSDB 0 hostname.example.
+afsdb02.example. 3600 IN AFSDB 65535 .
+cert01.example. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+cname01.example. 3600 IN CNAME cname-target.
+cname02.example. 3600 IN CNAME cname-target.example.
+cname03.example. 3600 IN CNAME .
+dname01.example. 3600 IN DNAME dname-target.
+dname02.example. 3600 IN DNAME dname-target.example.
+dname03.example. 3600 IN DNAME .
+gpos01.example. 3600 IN GPOS "-22.6882" "116.8652" "250.0"
+gpos02.example. 3600 IN GPOS "" "" ""
+hinfo01.example. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02.example. 3600 IN HINFO "PC" "NetBSD"
+isdn01.example. 3600 IN ISDN "isdn-address"
+isdn02.example. 3600 IN ISDN "isdn-address" "subaddress"
+isdn03.example. 3600 IN ISDN "isdn-address"
+isdn04.example. 3600 IN ISDN "isdn-address" "subaddress"
+dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+kx01.example. 3600 IN KX 10 kdc.example.
+kx02.example. 3600 IN KX 10 .
+loc01.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01.example. 3600 IN MG madname.example.
+mb02.example. 3600 IN MG .
+mg01.example. 3600 IN MG mgmname.example.
+mg02.example. 3600 IN MG .
+minfo01.example. 3600 IN MINFO rmailbx.example. emailbx.example.
+minfo02.example. 3600 IN MINFO . .
+mr01.example. 3600 IN MR mrname.example.
+mr02.example. 3600 IN MR .
+mx01.example. 3600 IN MX 10 mail.example.
+mx02.example. 3600 IN MX 10 .
+naptr01.example. 3600 IN NAPTR 0 0 "" "" "" .
+naptr02.example. 3600 IN NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+ns2.example. 3600 IN A 10.53.0.2
+ns3.example. 3600 IN A 10.53.0.3
+nsap-ptr01.example. 3600 IN NSAP-PTR .
+nsap-ptr01.example. 3600 IN NSAP-PTR foo.
+nsap01.example. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02.example. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100
+nsec01.example. 3600 IN NSEC a.secure.nil. NS SOA MX LOC RRSIG NSEC DNSKEY
+nsec02.example. 3600 IN NSEC . NSAP-PTR NSEC
+nsec03.example. 3600 IN NSEC . A
+nsec04.example. 3600 IN NSEC . TYPE127
+ptr01.example. 3600 IN PTR example.
+px01.example. 3600 IN PX 65535 foo. bar.
+px02.example. 3600 IN PX 65535 . .
+rp01.example. 3600 IN RP mbox-dname.example. txt-dname.example.
+rp02.example. 3600 IN RP . .
+rt01.example. 3600 IN RT 0 intermediate-host.example.
+rt02.example. 3600 IN RT 65535 .
+rrsig01.example. 3600 IN RRSIG NSEC 1 3 3600 20000102030405 19961211100908 2143 foo.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
+srv01.example. 3600 IN SRV 0 0 0 .
+srv02.example. 3600 IN SRV 65535 65535 65535 old-slow-box.example.
+txt01.example. 3600 IN TXT "foo"
+txt02.example. 3600 IN TXT "foo" "bar"
+txt03.example. 3600 IN TXT "foo"
+txt04.example. 3600 IN TXT "foo" "bar"
+txt05.example. 3600 IN TXT "foo bar"
+txt06.example. 3600 IN TXT "foo bar"
+txt07.example. 3600 IN TXT "foo bar"
+txt08.example. 3600 IN TXT "foo\010bar"
+txt09.example. 3600 IN TXT "foo\010bar"
+txt10.example. 3600 IN TXT "foo bar"
+txt11.example. 3600 IN TXT "\"foo\""
+txt12.example. 3600 IN TXT "\"foo\""
+wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
+wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53
+wks03.example. 3600 IN WKS 10.0.0.2 6 65535
+x2501.example. 3600 IN X25 "123456789"
+example. 86400 IN SOA ns2.example. hostmaster.example. 1397051953 5 5 1814400 3600
diff --git a/bin/tests/system/xfer/ns1/named.conf b/bin/tests/system/xfer/ns1/named.conf
new file mode 100644
index 0000000..4c945ca
--- /dev/null
+++ b/bin/tests/system/xfer/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.18 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
diff --git a/bin/tests/system/xfer/ns1/root.db b/bin/tests/system/xfer/ns1/root.db
new file mode 100644
index 0000000..ee1e74b
--- /dev/null
+++ b/bin/tests/system/xfer/ns1/root.db
@@ -0,0 +1,33 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.10 2007/06/19 23:47:07 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+
+tsigzone. NS ns2.tsigzone.
+ns2.tsigzone. A 10.53.0.2
diff --git a/bin/tests/system/xfer/ns2/named.conf b/bin/tests/system/xfer/ns2/named.conf
new file mode 100644
index 0000000..53a64ab
--- /dev/null
+++ b/bin/tests/system/xfer/ns2/named.conf
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.24 2007/12/20 01:48:29 marka Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ ixfr-from-differences yes;
+ check-integrity no;
+};
+
+include "../../common/controls.conf";
+
+key tsigzone. {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+acl tzkey {
+ key tsigzone.;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db";
+};
+
+zone "tsigzone" {
+ type master;
+ file "tsigzone.db";
+ allow-transfer { tzkey; };
+};
diff --git a/bin/tests/system/xfer/ns3/named.conf b/bin/tests/system/xfer/ns3/named.conf
new file mode 100644
index 0000000..2dd1254
--- /dev/null
+++ b/bin/tests/system/xfer/ns3/named.conf
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.21 2007/06/18 23:47:32 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; };
+};
+
+key tsigzone. {
+ algorithm hmac-md5;
+ secret "1234abcd8765";
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type slave;
+ masters { 10.53.0.2; };
+ file "example.bk";
+};
+
+server 10.53.0.2 {
+ keys { tsigzone.; };
+};
+
+zone "tsigzone" {
+ type slave;
+ masters { 10.53.0.2; };
+ file "tsigzone.bk";
+ allow-transfer { key tsigzone.; };
+};
+
+
diff --git a/bin/tests/system/xfer/setup.sh b/bin/tests/system/xfer/setup.sh
new file mode 100644
index 0000000..8faadcb
--- /dev/null
+++ b/bin/tests/system/xfer/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001, 2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+sh ../genzone.sh 2 3 >ns2/example.db
+sh ../genzone.sh 2 3 >ns2/tsigzone.db
diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh
new file mode 100644
index 0000000..3356f81
--- /dev/null
+++ b/bin/tests/system/xfer/tests.sh
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.31 2007/06/19 23:47:07 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+status=0
+
+echo "I:testing basic zone transfer functionality"
+$DIG $DIGOPTS example. \
+ @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+#
+# Spin to allow the zone to tranfer.
+#
+for i in 1 2 3 4 5
+do
+tmp=0
+$DIG $DIGOPTS example. \
+ @10.53.0.3 axfr -p 5300 > dig.out.ns3 || tmp=1
+ grep ";" dig.out.ns3 > /dev/null
+ if test $? -ne 0 ; then break; fi
+ echo "I: plain zone re-transfer"
+ sleep 5
+done
+if test $tmp -eq 1 ; then status=1; fi
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig1.good dig.out.ns2 || status=1
+
+$PERL ../digcomp.pl dig1.good dig.out.ns3 || status=1
+
+echo "I:testing TSIG signed zone transfers"
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 axfr -y tsigzone.:1234abcd8765 -p 5300 \
+ > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+#
+# Spin to allow the zone to tranfer.
+#
+for i in 1 2 3 4 5
+do
+tmp=0
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.3 axfr -y tsigzone.:1234abcd8765 -p 5300 \
+ > dig.out.ns3 || tmp=1
+ grep ";" dig.out.ns3 > /dev/null
+ if test $? -ne 0 ; then break; fi
+ echo "I: plain zone re-transfer"
+ sleep 5
+done
+if test $tmp -eq 1 ; then status=1; fi
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig.out.ns2 dig.out.ns3 || status=1
+
+echo "I:testing ixfr-from-differences"
+
+$PERL -i -p -e '
+ s/0\.0\.0\.0/0.0.0.1/;
+ s/1397051952/1397051953/
+' ns2/example.db
+
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
+
+sleep 5
+
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /'
+
+sleep 5
+
+$DIG $DIGOPTS example. \
+ @10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+grep ";" dig.out.ns3
+
+$PERL ../digcomp.pl dig2.good dig.out.ns3 || status=1
+
+# ns3 has a journal iff it received an IXFR.
+test -f ns3/example.bk.jnl || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/xferquota/clean.sh b/bin/tests/system/xferquota/clean.sh
new file mode 100644
index 0000000..9ca8830
--- /dev/null
+++ b/bin/tests/system/xferquota/clean.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.14 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after zone transfer quota tests.
+#
+
+rm -f ns1/zone*.example.db ns1/zones.conf
+rm -f ns2/zone*.example.bk ns2/zones.conf
+rm -f dig.out.* ns2/changing.bk
+rm -f ns1/changing.db
+rm -f */named.memstats
diff --git a/bin/tests/system/xferquota/ns1/changing1.db b/bin/tests/system/xferquota/ns1/changing1.db
new file mode 100644
index 0000000..70b9016
--- /dev/null
+++ b/bin/tests/system/xferquota/ns1/changing1.db
@@ -0,0 +1,33 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: changing1.db,v 1.10 2007/06/19 23:47:07 tbox Exp $
+
+$TTL 600
+
+@ IN SOA dns1.changing. postmaster.changing. (
+ 1 ;; serial
+ 3600 ;; refresh period
+ 1800 ;; retry interval
+ 604800 ;; expire time
+ 600 ) ;; default TTL
+
+ IN NS dns1.changing.
+ NS dns2.changing.
+
+dns1 IN A 10.53.0.1
+dns2 IN A 10.53.0.2
+
+a IN A 10.0.0.1
diff --git a/bin/tests/system/xferquota/ns1/changing2.db b/bin/tests/system/xferquota/ns1/changing2.db
new file mode 100644
index 0000000..bcf73e0
--- /dev/null
+++ b/bin/tests/system/xferquota/ns1/changing2.db
@@ -0,0 +1,33 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: changing2.db,v 1.10 2007/06/19 23:47:07 tbox Exp $
+
+$TTL 600
+
+@ IN SOA dns1.changing. postmaster.changing. (
+ 2 ;; serial
+ 3600 ;; refresh period
+ 1800 ;; retry interval
+ 604800 ;; expire time
+ 600 ) ;; default TTL
+
+ IN NS dns1.changing.
+ NS dns2.changing.
+
+dns1 IN A 10.53.0.1
+dns2 IN A 10.53.0.2
+
+a IN A 10.0.0.2
diff --git a/bin/tests/system/xferquota/ns1/named.conf b/bin/tests/system/xferquota/ns1/named.conf
new file mode 100644
index 0000000..a49e790
--- /dev/null
+++ b/bin/tests/system/xferquota/ns1/named.conf
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.21 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "changing." {
+ type master;
+ file "changing.db";
+};
+
+include "zones.conf";
diff --git a/bin/tests/system/xferquota/ns1/root.db b/bin/tests/system/xferquota/ns1/root.db
new file mode 100644
index 0000000..beca386
--- /dev/null
+++ b/bin/tests/system/xferquota/ns1/root.db
@@ -0,0 +1,35 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000, 2001 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.10 2007/06/19 23:47:07 tbox Exp $
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+
+changing. NS dns1.changing.
+ A 10.53.0.1
+ NS dns2.changing.
+ A 10.53.0.2
diff --git a/bin/tests/system/xferquota/ns2/example.db b/bin/tests/system/xferquota/ns2/example.db
new file mode 100644
index 0000000..8e5a7be
--- /dev/null
+++ b/bin/tests/system/xferquota/ns2/example.db
@@ -0,0 +1,152 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2000-2003 Internet Software Consortium.
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.12 2007/06/19 23:47:07 tbox Exp $
+
+$ORIGIN .
+$TTL 300 ; 5 minutes
+example IN SOA mname1. . (
+ 2000042795 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns3.example.
+ns3.example. A 10.53.0.3
+
+$ORIGIN example.
+* MX 10 mail
+a TXT "foo foo foo"
+ PTR foo.net.
+$TTL 3600 ; 1 hour
+a01 A 0.0.0.0
+a02 A 255.255.255.255
+a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01 AFSDB 0 hostname
+afsdb02 AFSDB 65535 .
+$TTL 300 ; 5 minutes
+b CNAME foo.net.
+c A 73.80.65.49
+$TTL 3600 ; 1 hour
+cert01 CERT 65534 65535 PRIVATEOID (
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+cname01 CNAME cname-target.
+cname02 CNAME cname-target
+cname03 CNAME .
+$TTL 300 ; 5 minutes
+d A 73.80.65.49
+$TTL 3600 ; 1 hour
+dname01 DNAME dname-target.
+dname02 DNAME dname-target
+dname03 DNAME .
+$TTL 300 ; 5 minutes
+e MX 10 mail
+ TXT "one"
+ TXT "three"
+ TXT "two"
+ A 73.80.65.49
+ A 73.80.65.50
+ A 73.80.65.52
+ A 73.80.65.51
+f A 73.80.65.52
+$TTL 3600 ; 1 hour
+gpos01 GPOS "-22.6882" "116.8652" "250.0"
+gpos02 GPOS "" "" ""
+hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
+hinfo02 HINFO "PC" "NetBSD"
+isdn01 ISDN "isdn-address"
+isdn02 ISDN "isdn-address" "subaddress"
+isdn03 ISDN "isdn-address"
+isdn04 ISDN "isdn-address" "subaddress"
+dnskey01 DNSKEY 512 255 1 (
+ AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+ yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+ GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+ jqf0BaqHT+8= )
+kx01 KX 10 kdc
+kx02 KX 10 .
+loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01 MG madname
+mb02 MG .
+mg01 MG mgmname
+mg02 MG .
+minfo01 MINFO rmailbx emailbx
+minfo02 MINFO . .
+mr01 MR mrname
+mr02 MR .
+mx01 MX 10 mail
+mx02 MX 10 .
+naptr01 NAPTR 0 0 "" "" "" .
+naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01 NSAP-PTR foo.
+ NSAP-PTR .
+nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
+nsec01 NSEC a.secure ( NS SOA MX RRSIG DNSKEY LOC NSEC )
+nsec02 NSEC . ( NSAP-PTR NSEC )
+nsec03 NSEC . ( A )
+nsec04 NSEC . ( 127 )
+ptr01 PTR example.
+px01 PX 65535 foo. bar.
+px02 PX 65535 . .
+rp01 RP mbox-dname txt-dname
+rp02 RP . .
+rt01 RT 0 intermediate-host
+rt02 RT 65535 .
+$TTL 300 ; 5 minutes
+s NS ns.s
+$ORIGIN s.example.
+ns A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+rrsig01 RRSIG NSEC 1 3 3600 20000102030405 (
+ 19961211100908 2143 foo
+ MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+ WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+ d80jEeC8aTrO+KKmCaY= )
+srv01 SRV 0 0 0 .
+srv02 SRV 65535 65535 65535 old-slow-box.example.com.
+$TTL 301 ; 5 minutes 1 second
+t A 73.80.65.49
+$TTL 3600 ; 1 hour
+txt01 TXT "foo"
+txt02 TXT "foo" "bar"
+txt03 TXT "foo"
+txt04 TXT "foo" "bar"
+txt05 TXT "foo bar"
+txt06 TXT "foo bar"
+txt07 TXT "foo bar"
+txt08 TXT "foo\010bar"
+txt09 TXT "foo\010bar"
+txt10 TXT "foo bar"
+txt11 TXT "\"foo\""
+txt12 TXT "\"foo\""
+$TTL 300 ; 5 minutes
+u TXT "txt-not-in-nsec"
+$ORIGIN u.example.
+a A 73.80.65.49
+b A 73.80.65.49
+$ORIGIN example.
+$TTL 3600 ; 1 hour
+wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
+wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
+wks03 WKS 10.0.0.2 6 ( 65535 )
+x2501 X25 "123456789"
diff --git a/bin/tests/system/xferquota/ns2/named.conf b/bin/tests/system/xferquota/ns2/named.conf
new file mode 100644
index 0000000..5930eea
--- /dev/null
+++ b/bin/tests/system/xferquota/ns2/named.conf
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.22 2007/06/19 23:47:07 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+
+ transfers-in 5;
+ transfers-per-ns 5;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "changing." {
+ type slave;
+ masters { 10.53.0.1; };
+ file "changing.bk";
+};
+
+include "zones.conf";
diff --git a/bin/tests/system/xferquota/setup.pl b/bin/tests/system/xferquota/setup.pl
new file mode 100644
index 0000000..19ed4e8
--- /dev/null
+++ b/bin/tests/system/xferquota/setup.pl
@@ -0,0 +1,46 @@
+#!/usr/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.pl,v 1.14 2007/06/19 23:47:07 tbox Exp $
+
+#
+# Set up test data for zone transfer quota tests.
+#
+use FileHandle;
+
+my $masterconf = new FileHandle("ns1/zones.conf", "w") or die;
+my $slaveconf = new FileHandle("ns2/zones.conf", "w") or die;
+
+for ($z = 0; $z < 300; $z++) {
+ my $zn = sprintf("zone%06d.example", $z);
+ print $masterconf "zone \"$zn\" { type master; file \"$zn.db\"; };\n";
+ print $slaveconf "zone \"$zn\" { type slave; file \"$zn.bk\"; masters { 10.53.0.1; }; };\n";
+ my $fn = "ns1/$zn.db";
+ my $f = new FileHandle($fn, "w") or die "open: $fn: $!";
+ print $f "\$TTL 300
+\@ IN SOA ns1 . 1 300 120 3600 86400
+ NS ns1
+ NS ns2
+ns1 A 10.53.0.1
+ns2 A 10.53.0.2
+ MX 10 mail1.isp.example.
+ MX 20 mail2.isp.example.
+www A 10.0.0.1
+xyzzy A 10.0.0.2
+";
+ $f->close;
+}
diff --git a/bin/tests/system/xferquota/setup.sh b/bin/tests/system/xferquota/setup.sh
new file mode 100644
index 0000000..d45cc88
--- /dev/null
+++ b/bin/tests/system/xferquota/setup.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.15 2007/06/19 23:47:07 tbox Exp $
+
+#
+# Set up test data for zone transfer quota tests.
+#
+
+$PERL setup.pl
+
+cp -f ns1/changing1.db ns1/changing.db
diff --git a/bin/tests/system/xferquota/tests.sh b/bin/tests/system/xferquota/tests.sh
new file mode 100644
index 0000000..9d077e5
--- /dev/null
+++ b/bin/tests/system/xferquota/tests.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.25 2007/06/19 23:47:07 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+#
+# Perform tests
+#
+
+count=0
+ticks=0
+while [ $count != 300 ]; do
+ if [ $ticks = 1 ]; then
+ echo "I:Changing test zone..."
+ cp -f ns1/changing2.db ns1/changing.db
+ kill -HUP `cat ns1/named.pid`
+ fi
+ sleep 1
+ ticks=`expr $ticks + 1`
+ seconds=`expr $ticks \* 1`
+ if [ $ticks = 360 ]; then
+ echo "I:Took too long to load zones"
+ exit 1
+ fi
+ count=`cat ns2/zone*.bk | grep xyzzy | wc -l`
+ echo "I:Have $count zones up in $seconds seconds"
+done
+
+status=0
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+ zone000099.example. @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+grep ";" dig.out.ns1
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+ zone000099.example. @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || status=1
+
+sleep 15
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+ a.changing. @10.53.0.1 a -p 5300 > dig.out.ns1 || status=1
+grep ";" dig.out.ns1
+
+$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+ a.changing. @10.53.0.2 a -p 5300 > dig.out.ns2 || status=1
+grep ";" dig.out.ns2
+
+$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/zonechecks/a.db b/bin/tests/system/zonechecks/a.db
new file mode 100644
index 0000000..2f90e8e
--- /dev/null
+++ b/bin/tests/system/zonechecks/a.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: a.db,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+@ 3600 IN SOA ns hostmaster 1 3600 1200 604800 3600
+@ 3600 IN NS 127.0.0.1
+127.0.0.1 3600 IN A 127.0.0.1
diff --git a/bin/tests/system/zonechecks/aaaa.db b/bin/tests/system/zonechecks/aaaa.db
new file mode 100644
index 0000000..bcf26f4
--- /dev/null
+++ b/bin/tests/system/zonechecks/aaaa.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: aaaa.db,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+@ 3600 IN SOA ns hostmaster 1 3600 1200 604800 3600
+@ 3600 IN NS ::1
+::1 3600 IN AAAA ::1
diff --git a/bin/tests/system/zonechecks/clean.sh b/bin/tests/system/zonechecks/clean.sh
new file mode 100644
index 0000000..c103c59
--- /dev/null
+++ b/bin/tests/system/zonechecks/clean.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
+
+rm -f *.out
+rm -f */named.memstats
diff --git a/bin/tests/system/zonechecks/cname.db b/bin/tests/system/zonechecks/cname.db
new file mode 100644
index 0000000..75e3f38
--- /dev/null
+++ b/bin/tests/system/zonechecks/cname.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: cname.db,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+@ 3600 IN SOA ns hostmaster 1 3600 1200 604800 3600
+@ 3600 IN NS ns
+ns 3600 IN CNAME @
diff --git a/bin/tests/system/zonechecks/dname.db b/bin/tests/system/zonechecks/dname.db
new file mode 100644
index 0000000..fdbc128
--- /dev/null
+++ b/bin/tests/system/zonechecks/dname.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: dname.db,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+@ 3600 IN SOA ns hostmaster 1 3600 1200 604800 3600
+@ 3600 IN NS ns
+@ 3600 IN DNAME .
diff --git a/bin/tests/system/zonechecks/noaddress.db b/bin/tests/system/zonechecks/noaddress.db
new file mode 100644
index 0000000..e457626
--- /dev/null
+++ b/bin/tests/system/zonechecks/noaddress.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: noaddress.db,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+@ 3600 IN SOA ns hostmaster 1 3600 1200 604800 3600
+@ 3600 IN NS ns
+ns 3600 IN TXT this name has no address records
diff --git a/bin/tests/system/zonechecks/nxdomain.db b/bin/tests/system/zonechecks/nxdomain.db
new file mode 100644
index 0000000..d5981bb
--- /dev/null
+++ b/bin/tests/system/zonechecks/nxdomain.db
@@ -0,0 +1,19 @@
+; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: nxdomain.db,v 1.5 2007/06/19 23:47:07 tbox Exp $
+
+@ 3600 IN SOA ns hostmaster 1 3600 1200 604800 3600
+@ 3600 IN NS ns
+; There are no records at all with the ownername of "ns".
diff --git a/bin/tests/system/zonechecks/tests.sh b/bin/tests/system/zonechecks/tests.sh
new file mode 100644
index 0000000..2a1b850
--- /dev/null
+++ b/bin/tests/system/zonechecks/tests.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.4 2007/06/19 23:47:07 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+#
+echo "I: checking that we detect a NS which refers to a CNAME"
+if $CHECKZONE . cname.db > cname.out 2>&1
+then
+ echo "I:failed (status)"; status=1
+else
+ if grep "is a CNAME" cname.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+fi
+
+#
+echo "I: checking that we detect a NS which is below a DNAME"
+if $CHECKZONE . dname.db > dname.out 2>&1
+then
+ echo "I:failed (status)"; status=1
+else
+ if grep "is below a DNAME" dname.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+fi
+
+#
+echo "I: checking that we detect a NS which has no address records (A/AAAA)"
+if $CHECKZONE . noaddress.db > noaddress.out
+then
+ echo "I:failed (status)"; status=1
+else
+ if grep "has no address records" noaddress.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+fi
+
+#
+echo "I: checking that we detect a NS which has no records"
+if $CHECKZONE . nxdomain.db > nxdomain.out
+then
+ echo "I:failed (status)"; status=1
+else
+ if grep "has no address records" noaddress.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+fi
+
+#
+echo "I: checking that we detect a NS which looks like a A record (fail)"
+if $CHECKZONE -n fail . a.db > a.out 2>&1
+then
+ echo "I:failed (status)"; status=1
+else
+ if grep "appears to be an address" a.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+fi
+
+#
+echo "I: checking that we detect a NS which looks like a A record (warn=default)"
+if $CHECKZONE . a.db > a.out 2>&1
+then
+ if grep "appears to be an address" a.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+else
+ echo "I:failed (status)"; status=1
+fi
+
+#
+echo "I: checking that we detect a NS which looks like a A record (ignore)"
+if $CHECKZONE -n ignore . a.db > a.out 2>&1
+then
+ if grep "appears to be an address" a.out > /dev/null
+ then
+ echo "I:failed (message)"; status=1
+ else
+ :
+ fi
+else
+ echo "I:failed (status)"; status=1
+fi
+
+#
+echo "I: checking that we detect a NS which looks like a AAAA record (fail)"
+if $CHECKZONE -n fail . aaaa.db > aaaa.out 2>&1
+then
+ echo "I:failed (status)"; status=1
+else
+ if grep "appears to be an address" aaaa.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+fi
+
+#
+echo "I: checking that we detect a NS which looks like a AAAA record (warn=default)"
+if $CHECKZONE . aaaa.db > aaaa.out 2>&1
+then
+ if grep "appears to be an address" aaaa.out > /dev/null
+ then
+ :
+ else
+ echo "I:failed (message)"; status=1
+ fi
+else
+ echo "I:failed (status)"; status=1
+fi
+
+#
+echo "I: checking that we detect a NS which looks like a AAAA record (ignore)"
+if $CHECKZONE -n ignore . aaaa.db > aaaa.out 2>&1
+then
+ if grep "appears to be an address" aaaa.out > /dev/null
+ then
+ echo "I:failed (message)"; status=1
+ else
+ :
+ fi
+else
+ echo "I:failed (status)"; status=1
+fi
+echo "I:exit status: $status"
+exit $?
diff --git a/bin/tests/t_api.pl b/bin/tests/t_api.pl
new file mode 100644
index 0000000..daf0161
--- /dev/null
+++ b/bin/tests/t_api.pl
@@ -0,0 +1,223 @@
+#!/usr/local/bin/perl
+#
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2001 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: t_api.pl,v 1.10 2007/06/19 23:46:59 tbox Exp $
+
+require "getopts.pl";
+
+#
+# a minimalistic test api in perl compatable with the C api
+# used for the bind 9 regression tests
+#
+
+sub t_info {
+ package t_api;
+ local($format, @rest) = @_;
+ printf("I:${format}%s", @rest);
+}
+
+sub t_result {
+ package t_api;
+ local($result) = @_;
+ $T_inresult = 1;
+ printf("R:$result\n");
+}
+
+sub t_assert {
+ package t_api;
+ local($component, $anum, $class, $what, @rest) = @_;
+ printf("A:%s:%d:%s:$what\n", $component, $anum, $class, @rest);
+}
+
+sub t_getenv {
+ package t_api;
+ local($name) = @_;
+ return($T_env{$name}) if (defined($T_env{$name}));
+}
+
+package t_api;
+
+$| = 1;
+
+sub t_on_abort {
+ $T_aborted = 1;
+ &t_info("got abort\n");
+ die;
+}
+
+sub t_on_alarm {
+ $T_timedout = 1;
+ &t_info("got alarm\n");
+ die;
+}
+
+sub t_on_int {
+ $T_terminated = 1;
+ &t_info("got int\n");
+ die;
+}
+
+# initialize the test environment
+sub t_initconf {
+ local($cfile) = @_;
+ local($name, $value);
+
+ if ((-f $cfile) && (-s _)) {
+ open(XXX, "< $cfile");
+ while (<XXX>) {
+ next if (/^\#/);
+ next unless (/=/);
+ chop;
+ ($name, $value) = split(/=/, $_, 2);
+ $T_env{$name} = $value;
+ }
+ close(XXX);
+ }
+}
+
+# dump the configuration to the journal
+sub t_dumpconf {
+ local($name, $value);
+
+ foreach $name (sort keys %T_env) {
+ &main't_info("%s\t%s\n", $name, $T_env{$name});
+ }
+}
+
+# run a test
+sub doTestN {
+ package main;
+ local($testnumber) = @_;
+ local($status);
+
+ if (defined($T_testlist[$testnumber])) {
+
+ $t_api'T_inresult = 0;
+ $t_api'T_aborted = 0;
+ $t_api'T_timedout = 0;
+ $t_api'T_terminated = 0;
+ $t_api'T_unresolved = 0;
+
+ alarm($t_api'T_timeout);
+ $status = eval($T_testlist[$testnumber]);
+ alarm(0);
+
+ if (! defined($status)) {
+ &t_info("The test case timed out\n") if ($t_api'T_timedout);
+ &t_info("The test case was terminated\n") if ($t_api'T_terminated);
+ &t_info("The test case was aborted\n") if ($t_api'T_aborted);
+ &t_result("UNRESOLVED");
+ }
+ elsif (! $t_api'T_inresult) {
+ &t_result("NORESULT");
+ }
+ }
+ else {
+ &t_info("Test %d is not defined\n", $testnumber);
+ &t_result("UNTESTED");
+ }
+}
+
+$T_usage = "Usage:
+ a : run all tests
+ b <dir> : cd to dir before running tests
+ c <configfile> : use configfile instead of t_config
+ d <level> : set debug level to level
+ h : print test info (not implemented)
+ u : print usage info
+ n <testnumber> : run test number testnumber
+ t <name> : run test named testname (not implemented)
+ q <seconds> : use seconds as the timeout value
+ x : don't execute tests in a subproc (n/a)
+";
+
+# get command line args
+&main'Getopts('ab:c:d:hun:t:q:x');
+
+# if -u, print usage and exit
+if (defined($main'opt_u)) {
+ print $T_usage;
+ exit(0);
+}
+
+# implement -h and -t after we add test descriptions to T_testlist ZZZ
+if (defined($main'opt_h)) {
+ print "the -h option is not implemented\n";
+ exit(0);
+}
+
+if (defined($main'opt_t)) {
+ print "the -t option is not implemented\n";
+ exit(0);
+}
+
+#
+# silently ignore the -x option
+# this exists in the C version of the api
+# to facilitate exception debugging with gdb
+# and is not meaningful here
+#
+
+$T_configfile = "t_config";
+$T_debug = 0;
+$T_timeout = 10;
+$T_testnum = -1;
+
+$T_dir = $main'opt_b if (defined($main'opt_b));
+$T_debug = $main'opt_d if (defined($main'opt_d));
+$T_configfile = $main'opt_c if (defined($main'opt_c));
+$T_testnum = $main'opt_n if (defined($main'opt_n));
+$T_timeout = $main'opt_q if (defined($main'opt_q));
+
+$SIG{'ABRT'} = 't_api\'t_on_abort';
+$SIG{'ALRM'} = 't_api\'t_on_alarm';
+$SIG{'INT'} = 't_api\'t_on_int';
+$SIG{'QUIT'} = 't_api\'t_on_int';
+
+# print the start line
+$date = `date`;
+chop $date;
+($cmd = $0) =~ s/\.\///g;
+printf("S:$cmd:$date\n");
+
+# initialize the test environment
+&t_initconf($T_configfile);
+&t_dumpconf() if ($T_debug);
+
+# establish working directory if requested
+chdir("$T_dir") if (defined($T_dir) && (-d "$T_dir"));
+
+# run the tests
+if ($T_testnum == -1) {
+ # run all tests
+ $T_ntests = $#main'T_testlist + 1;
+ for ($T_cnt = 0; $T_cnt < $T_ntests; ++$T_cnt) {
+ &doTestN($T_cnt);
+ }
+}
+else {
+ # otherwise run the specified test
+ &doTest($T_testnum);
+}
+
+# print the end line
+$date = `date`;
+chop $date;
+printf("E:$cmd:$date\n");
+
+1;
+
diff --git a/bin/tests/task_test.c b/bin/tests/task_test.c
new file mode 100644
index 0000000..e3ff26b
--- /dev/null
+++ b/bin/tests/task_test.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: task_test.c,v 1.51 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <isc/mem.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+isc_mem_t *mctx = NULL;
+
+static void
+my_callback(isc_task_t *task, isc_event_t *event) {
+ int i, j;
+ char *name = event->ev_arg;
+
+ j = 0;
+ for (i = 0; i < 1000000; i++)
+ j += 100;
+ printf("task %s (%p): %d\n", name, task, j);
+ isc_event_free(&event);
+}
+
+static void
+my_shutdown(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+
+ printf("shutdown %s (%p)\n", name, task);
+ isc_event_free(&event);
+}
+
+static void
+my_tick(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+
+ printf("task %p tick %s\n", task, name);
+ isc_event_free(&event);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_taskmgr_t *manager = NULL;
+ isc_task_t *t1 = NULL, *t2 = NULL;
+ isc_task_t *t3 = NULL, *t4 = NULL;
+ isc_event_t *event;
+ unsigned int workers;
+ isc_timermgr_t *timgr;
+ isc_timer_t *ti1, *ti2;
+ struct isc_interval interval;
+
+ if (argc > 1)
+ workers = atoi(argv[1]);
+ else
+ workers = 2;
+ printf("%d workers\n", workers);
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, workers, 0, &manager) ==
+ ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t1) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t2) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t3) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t4) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_task_onshutdown(t1, my_shutdown, "1") ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t2, my_shutdown, "2") ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t3, my_shutdown, "3") ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t4, my_shutdown, "4") ==
+ ISC_R_SUCCESS);
+
+ timgr = NULL;
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timgr) == ISC_R_SUCCESS);
+ ti1 = NULL;
+
+ isc_interval_set(&interval, 1, 0);
+ RUNTIME_CHECK(isc_timer_create(timgr, isc_timertype_ticker, NULL,
+ &interval, t1, my_tick, "foo", &ti1) ==
+ ISC_R_SUCCESS);
+
+ ti2 = NULL;
+ isc_interval_set(&interval, 1, 0);
+ RUNTIME_CHECK(isc_timer_create(timgr, isc_timertype_ticker, NULL,
+ &interval, t2, my_tick, "bar", &ti2) ==
+ ISC_R_SUCCESS);
+
+ printf("task 1 = %p\n", t1);
+ printf("task 2 = %p\n", t2);
+ sleep(2);
+
+ /*
+ * Note: (void *)1 is used as a sender here, since some compilers
+ * don't like casting a function pointer to a (void *).
+ *
+ * In a real use, it is more likely the sender would be a
+ * structure (socket, timer, task, etc) but this is just a test
+ * program.
+ */
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "1",
+ sizeof(*event));
+ isc_task_send(t1, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "2",
+ sizeof(*event));
+ isc_task_send(t2, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "3",
+ sizeof(*event));
+ isc_task_send(t3, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "4",
+ sizeof(*event));
+ isc_task_send(t4, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "2",
+ sizeof(*event));
+ isc_task_send(t2, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "3",
+ sizeof(*event));
+ isc_task_send(t3, &event);
+ event = isc_event_allocate(mctx, (void *)1, 1, my_callback, "4",
+ sizeof(*event));
+ isc_task_send(t4, &event);
+ isc_task_purgerange(t3,
+ NULL,
+ ISC_EVENTTYPE_FIRSTEVENT,
+ ISC_EVENTTYPE_LASTEVENT, NULL);
+
+ isc_task_detach(&t1);
+ isc_task_detach(&t2);
+ isc_task_detach(&t3);
+ isc_task_detach(&t4);
+
+ sleep(10);
+ printf("destroy\n");
+ isc_timer_detach(&ti1);
+ isc_timer_detach(&ti2);
+ isc_timermgr_destroy(&timgr);
+ isc_taskmgr_destroy(&manager);
+ printf("destroyed\n");
+
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/tests/tasks/Makefile.in b/bin/tests/tasks/Makefile.in
new file mode 100644
index 0000000..f7fc908
--- /dev/null
+++ b/bin/tests/tasks/Makefile.in
@@ -0,0 +1,55 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.30 2007/06/19 23:47:07 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCLIBS = ../../../lib/isc/libisc.@A@
+TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
+
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+TAPILIBS = ../../../lib/tests/libt_api.@A@
+
+DEPLIBS = ${TAPIDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${TAPILIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = t_tasks@EXEEXT@
+
+SRCS = t_tasks.c
+
+@BIND9_MAKE_RULES@
+
+t_tasks@EXEEXT@: t_tasks.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_tasks.@O@ ${LIBS}
+
+test: t_tasks@EXEEXT@
+ -@./t_tasks@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -a
+
+testhelp:
+ @./t_tasks@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/tasks/t_tasks.c b/bin/tests/tasks/t_tasks.c
new file mode 100644
index 0000000..b8a4d24
--- /dev/null
+++ b/bin/tests/tasks/t_tasks.c
@@ -0,0 +1,2293 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_tasks.c,v 1.40 2007/06/19 23:47:07 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h> /* uintptr_t */
+#endif
+#include <isc/condition.h>
+#include <isc/mem.h>
+#include <isc/platform.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <tests/t_api.h>
+
+
+#ifdef ISC_PLATFORM_USETHREADS
+isc_boolean_t threaded = ISC_TRUE;
+#else
+isc_boolean_t threaded = ISC_FALSE;
+#endif
+
+static int senders[4];
+
+static void
+require_threads(void) {
+ t_info("This test requires threads\n");
+ t_result(T_THREADONLY);
+ return;
+}
+
+static void
+t1_callback(isc_task_t *task, isc_event_t *event) {
+ int i;
+ int j;
+
+ UNUSED(task);
+
+ j = 0;
+
+ for (i = 0; i < 1000000; i++)
+ j += 100;
+
+ t_info("task %s\n", (char *)event->ev_arg);
+ isc_event_free(&event);
+}
+
+static void
+t1_shutdown(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+
+ t_info("shutdown %s\n", (char *)event->ev_arg);
+ isc_event_free(&event);
+}
+
+static void
+my_tick(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+
+ t_info("%s\n", (char *)event->ev_arg);
+ isc_event_free(&event);
+}
+
+/*
+ * Adapted from RTH's original task_test program
+ */
+
+static int
+t_tasks1(void) {
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *manager;
+ isc_task_t *task1;
+ isc_task_t *task2;
+ isc_task_t *task3;
+ isc_task_t *task4;
+ isc_event_t *event;
+ unsigned int workers;
+ isc_timermgr_t *timgr;
+ isc_timer_t *ti1;
+ isc_timer_t *ti2;
+ isc_result_t isc_result;
+ struct isc_time absolute;
+ struct isc_interval interval;
+
+ manager = NULL;
+ task1 = NULL;
+ task2 = NULL;
+ task3 = NULL;
+ task4 = NULL;
+ mctx = NULL;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+ if (workers < 1) {
+ t_info("Bad config value for ISC_TASK_WORKERS, %d\n", workers);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &manager);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_create(manager, 0, &task1);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_create(manager, 0, &task2);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_create(manager, 0, &task3);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_create(manager, 0, &task4);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_onshutdown(task1, t1_shutdown, "1");
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_onshutdown(task2, t1_shutdown, "2");
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_onshutdown(task3, t1_shutdown, "3");
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_onshutdown(task4, t1_shutdown, "4");
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ timgr = NULL;
+ isc_result = isc_timermgr_create(mctx, &timgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timermgr_create %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ ti1 = NULL;
+ isc_time_settoepoch(&absolute);
+ isc_interval_set(&interval, 1, 0);
+ isc_result = isc_timer_create(timgr, isc_timertype_ticker,
+ &absolute, &interval,
+ task1, my_tick, "tick", &ti1);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timer_create %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ ti2 = NULL;
+ isc_time_settoepoch(&absolute);
+ isc_interval_set(&interval, 1, 0);
+ isc_result = isc_timer_create(timgr, isc_timertype_ticker,
+ &absolute, &interval,
+ task2, my_tick, "tock", &ti2);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timer_create %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+
+ sleep(2);
+
+ /*
+ * Note: (void *)1 is used as a sender here, since some compilers
+ * don't like casting a function pointer to a (void *).
+ *
+ * In a real use, it is more likely the sender would be a
+ * structure (socket, timer, task, etc) but this is just a test
+ * program.
+ */
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "1",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task1, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "2",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task2, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "3",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task3, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "4",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task4, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "2",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task2, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "3",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task3, &event);
+
+ event = isc_event_allocate(mctx, (void *)1, 1, t1_callback, "4",
+ sizeof(*event));
+ if (event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_send(task4, &event);
+
+ (void)isc_task_purge(task3, NULL, 0, 0);
+
+ isc_task_detach(&task1);
+ isc_task_detach(&task2);
+ isc_task_detach(&task3);
+ isc_task_detach(&task4);
+
+ sleep(10);
+ isc_timer_detach(&ti1);
+ isc_timer_detach(&ti2);
+ isc_timermgr_destroy(&timgr);
+ isc_taskmgr_destroy(&manager);
+
+ isc_mem_destroy(&mctx);
+ return(T_PASS);
+}
+
+static const char *a1 = "The task subsystem can create and manage tasks";
+
+static void
+t1(void) {
+ int result;
+
+ t_assert("tasks", 1, T_REQUIRED, a1);
+ result = t_tasks1();
+ t_result(result);
+}
+
+#define T2_NTASKS 10000
+
+static isc_event_t *T2_event;
+static isc_taskmgr_t *T2_manager;
+static isc_mem_t *T2_mctx;
+static isc_condition_t T2_cv;
+static isc_mutex_t T2_mx;
+static int T2_done;
+static int T2_nprobs;
+static int T2_nfails;
+static int T2_ntasks;
+
+static void
+t2_shutdown(isc_task_t *task, isc_event_t *event) {
+
+ isc_result_t isc_result;
+
+ task = task; /* notused */
+
+ if (event->ev_arg != NULL) {
+ isc_task_destroy((isc_task_t**) &event->ev_arg);
+ }
+ else {
+ isc_result = isc_mutex_lock(&T2_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %d\n", isc_result);
+ ++T2_nprobs;
+ }
+
+ T2_done = 1;
+
+ isc_result = isc_condition_signal(&T2_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %d\n", isc_result);
+ ++T2_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T2_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %d\n", isc_result);
+ ++T2_nprobs;
+ }
+
+ isc_event_free(&T2_event);
+ isc_taskmgr_destroy(&T2_manager);
+ isc_mem_destroy(&T2_mctx);
+ }
+}
+
+static void
+t2_callback(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+ isc_task_t *newtask;
+
+ ++T2_ntasks;
+
+ if (T_debug && ((T2_ntasks % 100) == 0)) {
+ t_info("T2_ntasks %d\n", T2_ntasks);
+ }
+
+ if (event->ev_arg) {
+
+ event->ev_arg = (void *)(((uintptr_t) event->ev_arg) - 1);
+
+ /*
+ * Create a new task and forward the message.
+ */
+ newtask = NULL;
+ isc_result = isc_task_create(T2_manager, 0, &newtask);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %d\n", isc_result);
+ ++T2_nfails;
+ return;
+ }
+
+ isc_result = isc_task_onshutdown(newtask, t2_shutdown,
+ (void *)task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %d\n",
+ isc_result);
+ ++T2_nfails;
+ return;
+ }
+
+ isc_task_send(newtask, &event);
+ } else {
+ /*
+ * Time to unwind, shutdown should perc back up.
+ */
+ isc_task_destroy(&task);
+ }
+}
+
+static int
+t_tasks2(void) {
+ uintptr_t ntasks;
+ int result;
+ char *p;
+ isc_event_t *event;
+ unsigned int workers;
+ isc_result_t isc_result;
+
+ T2_manager = NULL;
+ T2_done = 0;
+ T2_nprobs = 0;
+ T2_nfails = 0;
+ T2_ntasks = 0;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+ if (workers < 1) {
+ t_info("Bad config value for ISC_TASK_WORKERS, %d\n", workers);
+ return(T_UNRESOLVED);
+ }
+
+ p = t_getenv("ISC_TASKS_MIN");
+ if (p != NULL)
+ ntasks = atoi(p);
+ else
+ ntasks = T2_NTASKS;
+ if (ntasks == 0U) {
+ t_info("Bad config value for ISC_TASKS_MIN, %lu\n",
+ (unsigned long)ntasks);
+ return(T_UNRESOLVED);
+ }
+
+ t_info("Testing with %lu tasks\n", (unsigned long)ntasks);
+
+ isc_result = isc_mutex_init(&T2_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_init(&T2_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &T2_mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_taskmgr_create(T2_mctx, workers, 0, &T2_manager);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ T2_event = isc_event_allocate(T2_mctx, (void *)1, 1, t2_callback,
+ (void *)ntasks, sizeof(*event));
+ if (T2_event == NULL) {
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_lock(&T2_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ t2_callback(NULL, T2_event);
+
+ while (T2_done == 0) {
+ isc_result = isc_condition_wait(&T2_cv, &T2_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_wait failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((T2_nfails == 0) && (T2_nprobs == 0))
+ result = T_PASS;
+ else if (T2_nfails != 0)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a2 = "The task subsystem can create ISC_TASKS_MIN tasks";
+
+static void
+t2(void) {
+ t_assert("tasks", 2, T_REQUIRED, a2);
+
+ if (threaded)
+ t_result(t_tasks2());
+ else
+ require_threads();
+}
+
+#define T3_NEVENTS 256
+
+static int T3_flag;
+static int T3_nevents;
+static int T3_nsdevents;
+static isc_mutex_t T3_mx;
+static isc_condition_t T3_cv;
+static int T3_nfails;
+static int T3_nprobs;
+
+static void
+t3_sde1(isc_task_t *task, isc_event_t *event) {
+ task = task;
+
+ if (T3_nevents != T3_NEVENTS) {
+ t_info("Some events were not processed\n");
+ ++T3_nprobs;
+ }
+ if (T3_nsdevents == 1) {
+ ++T3_nsdevents;
+ } else {
+ t_info("Shutdown events not processed in LIFO order\n");
+ ++T3_nfails;
+ }
+ isc_event_free(&event);
+}
+
+static void
+t3_sde2(isc_task_t *task, isc_event_t *event) {
+
+ task = task;
+
+ if (T3_nevents != T3_NEVENTS) {
+ t_info("Some events were not processed\n");
+ ++T3_nprobs;
+ }
+ if (T3_nsdevents == 0) {
+ ++T3_nsdevents;
+ } else {
+ t_info("Shutdown events not processed in LIFO order\n");
+ ++T3_nfails;
+ }
+ isc_event_free(&event);
+}
+
+static void
+t3_event1(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ task = task;
+
+ isc_result = isc_mutex_lock(&T3_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T3_nprobs;
+ }
+ while (T3_flag != 1) {
+ (void) isc_condition_wait(&T3_cv, &T3_mx);
+ }
+
+ isc_result = isc_mutex_unlock(&T3_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T3_nprobs;
+ }
+ isc_event_free(&event);
+}
+
+static void
+t3_event2(isc_task_t *task, isc_event_t *event) {
+ task = task;
+
+ ++T3_nevents;
+ isc_event_free(&event);
+}
+
+static int
+t_tasks3(void) {
+ int cnt;
+ int result;
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ isc_task_t *task;
+ unsigned int workers;
+ isc_event_t *event;
+ isc_result_t isc_result;
+ isc_eventtype_t event_type;
+
+ T3_flag = 0;
+ T3_nevents = 0;
+ T3_nsdevents = 0;
+ T3_nfails = 0;
+ T3_nprobs = 0;
+
+ event_type = 3;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_init(&T3_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_init(&T3_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_lock(&T3_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ task = NULL;
+ isc_result = isc_task_create(tmgr, 0, &task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mutex_unlock(&T3_mx);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * This event causes the task to wait on T3_cv.
+ */
+ event = isc_event_allocate(mctx, &senders[1], event_type, t3_event1,
+ NULL, sizeof(*event));
+ isc_task_send(task, &event);
+
+ /*
+ * Now we fill up the task's event queue with some events.
+ */
+ for (cnt = 0; cnt < T3_NEVENTS; ++cnt) {
+ event = isc_event_allocate(mctx, &senders[1], event_type,
+ t3_event2, NULL, sizeof(*event));
+ isc_task_send(task, &event);
+ }
+
+ /*
+ * Now we register two shutdown events.
+ */
+ isc_result = isc_task_onshutdown(task, t3_sde1, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_send failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mutex_unlock(&T3_mx);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_task_onshutdown(task, t3_sde2, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_send failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mutex_unlock(&T3_mx);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_task_shutdown(task);
+
+ /*
+ * Now we free the task by signaling T3_cv.
+ */
+ T3_flag = 1;
+ isc_result = isc_condition_signal(&T3_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_send failed %s\n",
+ isc_result_totext(isc_result));
+ ++T3_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T3_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_send failed %s\n",
+ isc_result_totext(isc_result));
+ ++T3_nprobs;
+ }
+
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+
+ if (T3_nsdevents != 2) {
+ t_info("T3_nsdevents == %d, expected 2\n", T3_nsdevents);
+ ++T3_nfails;
+ }
+
+ if (T3_nevents != T3_nevents) {
+ t_info("T3_nevents == %d, expected 2\n", T3_nevents);
+ ++T3_nfails;
+ }
+
+ result = T_UNRESOLVED;
+
+ if (T3_nfails != 0)
+ result = T_FAIL;
+ else if ((T3_nfails == 0) && (T3_nprobs == 0))
+ result = T_PASS;
+
+ return(result);
+}
+
+static const char *a3 = "When isc_task_shutdown() is called, any shutdown "
+ "events that have been requested via prior "
+ "isc_task_onshutdown() calls are posted in "
+ "LIFO order.";
+static void
+t3(void) {
+ t_assert("tasks", 3, T_REQUIRED, a3);
+
+ if (threaded)
+ t_result(t_tasks3());
+ else
+ require_threads();
+}
+
+static isc_mutex_t T4_mx;
+static isc_condition_t T4_cv;
+static int T4_flag;
+static int T4_nprobs;
+static int T4_nfails;
+
+static void
+t4_event1(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ UNUSED(task);
+
+ isc_result = isc_mutex_lock(&T4_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T4_nprobs;
+ }
+ while (T4_flag != 1) {
+ (void) isc_condition_wait(&T4_cv, &T4_mx);
+ }
+
+ isc_result = isc_mutex_unlock(&T4_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T4_nprobs;
+ }
+ isc_event_free(&event);
+}
+
+static void
+t4_sde(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+
+ /*
+ * No-op.
+ */
+
+ isc_event_free(&event);
+}
+
+static int
+t_tasks4(void) {
+ int result;
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ isc_task_t *task;
+ unsigned int workers;
+ isc_result_t isc_result;
+ isc_eventtype_t event_type;
+ isc_event_t *event;
+
+ T4_nprobs = 0;
+ T4_nfails = 0;
+ T4_flag = 0;
+
+ result = T_UNRESOLVED;
+ event_type = 4;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_init(&T4_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_init(&T4_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T4_mx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T4_mx);
+ isc_condition_destroy(&T4_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_lock(&T4_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T4_mx);
+ isc_condition_destroy(&T4_cv);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ task = NULL;
+ isc_result = isc_task_create(tmgr, 0, &task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T4_mx);
+ isc_condition_destroy(&T4_cv);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * This event causes the task to wait on T4_cv.
+ */
+ event = isc_event_allocate(mctx, &senders[1], event_type, t4_event1,
+ NULL, sizeof(*event));
+ isc_task_send(task, &event);
+
+ isc_task_shutdown(task);
+
+ isc_result = isc_task_onshutdown(task, t4_sde, NULL);
+ if (isc_result != ISC_R_SHUTTINGDOWN) {
+ t_info("isc_task_onshutdown returned %s\n",
+ isc_result_totext(isc_result));
+ ++T4_nfails;
+ }
+
+ /*
+ * Release the task.
+ */
+ T4_flag = 1;
+
+ isc_result = isc_condition_signal(&T4_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++T4_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T4_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T4_nprobs;
+ }
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ isc_condition_destroy(&T4_cv);
+ DESTROYLOCK(&T4_mx);
+
+ result = T_UNRESOLVED;
+
+ if (T4_nfails != 0)
+ result = T_FAIL;
+ else if ((T4_nfails == 0) && (T4_nprobs == 0))
+ result = T_PASS;
+
+ return(result);
+}
+
+static const char *a4 =
+ "After isc_task_shutdown() has been called, any call to "
+ "isc_task_onshutdown() will return ISC_R_SHUTTINGDOWN.";
+
+static void
+t4(void) {
+ t_assert("tasks", 4, T_REQUIRED, a4);
+
+ if (threaded)
+ t_result(t_tasks4());
+ else
+ require_threads();
+}
+
+static int T7_nprobs;
+static int T7_eflag;
+static int T7_sdflag;
+static isc_mutex_t T7_mx;
+static isc_condition_t T7_cv;
+
+static int T7_nfails;
+
+static void
+t7_event1(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+
+ ++T7_eflag;
+
+ isc_event_free(&event);
+}
+
+static void
+t7_sde(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ UNUSED(task);
+
+ isc_result = isc_mutex_lock(&T7_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T7_nprobs;
+ }
+
+ ++T7_sdflag;
+
+ isc_result = isc_condition_signal(&T7_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++T7_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T7_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T7_nprobs;
+ }
+
+ isc_event_free(&event);
+}
+
+static int
+t_tasks7(void) {
+ int result;
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ isc_task_t *task;
+ unsigned int workers;
+ isc_result_t isc_result;
+ isc_eventtype_t event_type;
+ isc_event_t *event;
+ isc_time_t now;
+ isc_interval_t interval;
+
+ T7_nprobs = 0;
+ T7_nfails = 0;
+ T7_sdflag = 0;
+ T7_eflag = 0;
+
+ result = T_UNRESOLVED;
+ event_type = 7;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_init(&T7_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_init(&T7_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_condition_destroy(&T7_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_lock(&T7_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_condition_destroy(&T7_cv);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ task = NULL;
+ isc_result = isc_task_create(tmgr, 0, &task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_condition_destroy(&T7_cv);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+
+ isc_result = isc_task_onshutdown(task, t7_sde, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown returned %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_condition_destroy(&T7_cv);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ event = isc_event_allocate(mctx, &senders[1], event_type, t7_event1,
+ NULL, sizeof(*event));
+ isc_task_send(task, &event);
+
+ isc_task_shutdown(task);
+
+ interval.seconds = 5;
+ interval.nanoseconds = 0;
+
+ while (T7_sdflag == 0) {
+ isc_result = isc_time_nowplusinterval(&now, &interval);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_nowplusinterval failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_condition_destroy(&T7_cv);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_waituntil(&T7_cv, &T7_mx, &now);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_waituntil returned %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T7_mx);
+ isc_condition_destroy(&T7_cv);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ return(T_FAIL);
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&T7_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T7_nprobs;
+ }
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ isc_condition_destroy(&T7_cv);
+ DESTROYLOCK(&T7_mx);
+
+ result = T_UNRESOLVED;
+
+ if (T7_eflag == 0)
+ ++T7_nfails;
+
+ if (T7_nfails != 0)
+ result = T_FAIL;
+ else if ((T7_nfails == 0) && (T7_nprobs == 0))
+ result = T_PASS;
+
+ return(result);
+}
+
+static const char *a7 = "A call to isc_task_create() creates a task that can "
+ "receive events.";
+
+static void
+t7(void) {
+ t_assert("tasks", 7, T_REQUIRED, a7);
+
+ if (threaded)
+ t_result(t_tasks7());
+ else
+ require_threads();
+}
+
+#define T10_SENDERCNT 3
+#define T10_TYPECNT 4
+#define T10_TAGCNT 5
+#define T10_NEVENTS (T10_SENDERCNT*T10_TYPECNT*T10_TAGCNT)
+#define T_CONTROL 99999
+
+static int T10_nprobs;
+static int T10_nfails;
+static int T10_startflag;
+static int T10_shutdownflag;
+static int T10_eventcnt;
+static isc_mutex_t T10_mx;
+static isc_condition_t T10_cv;
+
+static void *T10_purge_sender;
+static isc_eventtype_t T10_purge_type_first;
+static isc_eventtype_t T10_purge_type_last;
+static void *T10_purge_tag;
+static int T10_testrange;
+
+static void
+t10_event1(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ task = task;
+
+ isc_result = isc_mutex_lock(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T10_nprobs;
+ }
+
+ while (T10_startflag == 0) {
+ isc_result = isc_condition_wait(&T10_cv, &T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T10_nprobs;
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T10_nprobs;
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+t10_event2(isc_task_t *task, isc_event_t *event) {
+
+ int sender_match;
+ int type_match;
+ int tag_match;
+
+ task = task;
+
+ sender_match = 0;
+ type_match = 0;
+ tag_match = 0;
+
+ if (T_debug) {
+ t_info("Event %p,%d,%p,%s\n",
+ event->ev_sender,
+ (int)event->ev_type,
+ event->ev_tag,
+ event->ev_attributes & ISC_EVENTATTR_NOPURGE ?
+ "NP" : "P");
+ }
+
+ if ((T10_purge_sender == NULL) ||
+ (T10_purge_sender == event->ev_sender)) {
+ sender_match = 1;
+ }
+ if (T10_testrange == 0) {
+ if (T10_purge_type_first == event->ev_type) {
+ type_match = 1;
+ }
+ } else {
+ if ((T10_purge_type_first <= event->ev_type) &&
+ (event->ev_type <= T10_purge_type_last)) {
+ type_match = 1;
+ }
+ }
+ if ((T10_purge_tag == NULL) ||
+ (T10_purge_tag == event->ev_tag)) {
+ tag_match = 1;
+ }
+
+ if (sender_match && type_match && tag_match) {
+ if (event->ev_attributes & ISC_EVENTATTR_NOPURGE) {
+ t_info("event %p,%d,%p matched but was not purgable\n",
+ event->ev_sender, (int)event->ev_type,
+ event->ev_tag);
+ ++T10_eventcnt;
+ } else {
+ t_info("*** event %p,%d,%p not purged\n",
+ event->ev_sender, (int)event->ev_type,
+ event->ev_tag);
+ }
+ } else {
+ ++T10_eventcnt;
+ }
+ isc_event_free(&event);
+}
+
+
+static void
+t10_sde(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ task = task;
+
+ isc_result = isc_mutex_lock(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T10_nprobs;
+ }
+
+ ++T10_shutdownflag;
+
+ isc_result = isc_condition_signal(&T10_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++T10_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T10_nprobs;
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+t_taskpurge_x(int sender, int type, int tag, void *purge_sender,
+ int purge_type_first, int purge_type_last, void *purge_tag,
+ int exp_nevents, int *nfails, int *nprobs, int testrange)
+{
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ isc_task_t *task;
+ unsigned int workers;
+ isc_result_t isc_result;
+ isc_event_t *event;
+ isc_time_t now;
+ isc_interval_t interval;
+ int sender_cnt;
+ int type_cnt;
+ int tag_cnt;
+ int event_cnt;
+ int cnt;
+ int nevents;
+ isc_event_t *eventtab[T10_NEVENTS];
+
+
+ T10_startflag = 0;
+ T10_shutdownflag = 0;
+ T10_eventcnt = 0;
+ T10_purge_sender = purge_sender;
+ T10_purge_type_first = (isc_eventtype_t) purge_type_first;
+ T10_purge_type_last = (isc_eventtype_t) purge_type_last;
+ T10_purge_tag = purge_tag;
+ T10_testrange = testrange;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ ++*nprobs;
+ return;
+ }
+
+ isc_result = isc_mutex_init(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ ++*nprobs;
+ return;
+ }
+
+ isc_result = isc_condition_init(&T10_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ ++*nprobs;
+ return;
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+ ++*nprobs;
+ return;
+ }
+
+ task = NULL;
+ isc_result = isc_task_create(tmgr, 0, &task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+ ++*nprobs;
+ return;
+ }
+
+ isc_result = isc_task_onshutdown(task, t10_sde, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown returned %s\n",
+ isc_result_totext(isc_result));
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+ ++*nprobs;
+ return;
+ }
+
+ /*
+ * Block the task on T10_cv.
+ */
+ event = isc_event_allocate(mctx, (void *)1, (isc_eventtype_t)T_CONTROL,
+ t10_event1, NULL, sizeof(*event));
+
+ isc_task_send(task, &event);
+
+ /*
+ * Fill the task's queue with some messages with varying
+ * sender, type, tag, and purgable attribute values.
+ */
+
+ event_cnt = 0;
+ for (sender_cnt = 0; sender_cnt < T10_SENDERCNT; ++sender_cnt) {
+ for (type_cnt = 0; type_cnt < T10_TYPECNT; ++type_cnt) {
+ for (tag_cnt = 0; tag_cnt < T10_TAGCNT; ++tag_cnt) {
+ eventtab[event_cnt] =
+ isc_event_allocate(mctx,
+ &senders[sender + sender_cnt],
+ (isc_eventtype_t)(type + type_cnt),
+ t10_event2, NULL, sizeof(*event));
+
+ eventtab[event_cnt]->ev_tag =
+ (void *)((uintptr_t)tag + tag_cnt);
+
+ /*
+ * Make all odd message non-purgable.
+ */
+ if ((sender_cnt % 2) && (type_cnt %2) &&
+ (tag_cnt %2))
+ eventtab[event_cnt]->ev_attributes |=
+ ISC_EVENTATTR_NOPURGE;
+ ++event_cnt;
+ }
+ }
+ }
+
+ for (cnt = 0; cnt < event_cnt; ++cnt)
+ isc_task_send(task, &eventtab[cnt]);
+
+ if (T_debug)
+ t_info("%d events queued\n", cnt);
+
+ if (testrange == 0) {
+ /*
+ * We're testing isc_task_purge.
+ */
+ nevents = isc_task_purge(task, purge_sender,
+ (isc_eventtype_t)purge_type_first,
+ purge_tag);
+ if (nevents != exp_nevents) {
+ t_info("*** isc_task_purge returned %d, expected %d\n",
+ nevents, exp_nevents);
+ ++*nfails;
+ } else if (T_debug)
+ t_info("isc_task_purge returned %d\n", nevents);
+ } else {
+ /*
+ * We're testing isc_task_purgerange.
+ */
+ nevents = isc_task_purgerange(task, purge_sender,
+ (isc_eventtype_t)purge_type_first,
+ (isc_eventtype_t)purge_type_last,
+ purge_tag);
+ if (nevents != exp_nevents) {
+ t_info("*** isc_task_purgerange returned %d, "
+ "expected %d\n", nevents, exp_nevents);
+ ++*nfails;
+ } else if (T_debug)
+ t_info("isc_task_purgerange returned %d\n", nevents);
+ }
+
+ isc_result = isc_mutex_lock(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+ ++*nprobs;
+ return;
+ }
+
+ /*
+ * Unblock the task, allowing event processing.
+ */
+ T10_startflag = 1;
+ isc_result = isc_condition_signal(&T10_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++*nprobs;
+ }
+
+ isc_task_shutdown(task);
+
+ interval.seconds = 5;
+ interval.nanoseconds = 0;
+
+ /*
+ * Wait for shutdown processing to complete.
+ */
+ while (T10_shutdownflag == 0) {
+ isc_result = isc_time_nowplusinterval(&now, &interval);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_nowplusinterval failed %s\n",
+ isc_result_totext(isc_result));
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+ ++*nprobs;
+ return;
+ }
+
+ isc_result = isc_condition_waituntil(&T10_cv, &T10_mx, &now);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_waituntil returned %s\n",
+ isc_result_totext(isc_result));
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+ ++*nfails;
+ return;
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&T10_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++*nprobs;
+ }
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T10_mx);
+ isc_condition_destroy(&T10_cv);
+
+ if (T_debug)
+ t_info("task processed %d events\n", T10_eventcnt);
+
+ if ((T10_eventcnt + nevents) != event_cnt) {
+ t_info("*** processed %d, purged %d, total %d\n",
+ T10_eventcnt, nevents, event_cnt);
+ ++*nfails;
+ }
+}
+
+static int
+t_tasks10(void) {
+ int result;
+
+ T10_nprobs = 0;
+ T10_nfails = 0;
+
+ /*
+ * Try purging on a specific sender.
+ */
+ t_info("testing purge on 2,4,8 expecting 1\n");
+ t_taskpurge_x(1, 4, 7, &senders[2], 4, 4, (void *)8, 1, &T10_nfails,
+ &T10_nprobs, 0);
+
+ /*
+ * Try purging on all senders.
+ */
+ t_info("testing purge on 0,4,8 expecting 3\n");
+ t_taskpurge_x(1, 4, 7, NULL, 4, 4, (void *)8, 3, &T10_nfails,
+ &T10_nprobs, 0);
+
+ /*
+ * Try purging on all senders, specified type, all tags.
+ */
+ t_info("testing purge on 0,4,0 expecting 15\n");
+ t_taskpurge_x(1, 4, 7, NULL, 4, 4, NULL, 15, &T10_nfails,
+ &T10_nprobs, 0);
+
+ /*
+ * Try purging on a specified tag, no such type.
+ */
+ t_info("testing purge on 0,99,8 expecting 0\n");
+ t_taskpurge_x(1, 4, 7, NULL, 99, 99, (void *)8, 0, &T10_nfails,
+ &T10_nprobs, 0);
+
+ /*
+ * Try purging on specified sender, type, all tags.
+ */
+ t_info("testing purge on 0,5,0 expecting 5\n");
+ t_taskpurge_x(1, 4, 7, &senders[3], 5, 5, NULL, 5, &T10_nfails,
+ &T10_nprobs, 0);
+
+ result = T_UNRESOLVED;
+
+ if ((T10_nfails == 0) && (T10_nprobs == 0))
+ result = T_PASS;
+ else if (T10_nfails != 0)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a10 =
+ "A call to isc_task_purge(task, sender, type, tag) "
+ "purges all events of type 'type' and with tag 'tag' "
+ "not marked as unpurgable from sender from the task's "
+ "queue and returns the number of events purged.";
+
+static void
+t10(void) {
+ t_assert("tasks", 10, T_REQUIRED, a10);
+
+ if (threaded)
+ t_result(t_tasks10());
+ else
+ require_threads();
+}
+
+static int T11_nprobs;
+static int T11_nfails;
+static int T11_startflag;
+static int T11_shutdownflag;
+static int T11_eventcnt;
+static isc_mutex_t T11_mx;
+static isc_condition_t T11_cv;
+
+static void
+t11_event1(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ task = task;
+
+ isc_result = isc_mutex_lock(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ while (T11_startflag == 0) {
+ isc_result = isc_condition_wait(&T11_cv, &T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+t11_event2(isc_task_t *task, isc_event_t *event) {
+ UNUSED(task);
+
+ ++T11_eventcnt;
+ isc_event_free(&event);
+}
+
+
+static void
+t11_sde(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ UNUSED(task);
+
+ isc_result = isc_mutex_lock(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ ++T11_shutdownflag;
+
+ isc_result = isc_condition_signal(&T11_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ isc_event_free(&event);
+}
+
+static int
+t_tasks11(int purgable) {
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ isc_task_t *task;
+ isc_boolean_t rval;
+ unsigned int workers;
+ isc_result_t isc_result;
+ isc_event_t *event1;
+ isc_event_t *event2, *event2_clone;
+ isc_time_t now;
+ isc_interval_t interval;
+ int result;
+
+ T11_startflag = 0;
+ T11_shutdownflag = 0;
+ T11_eventcnt = 0;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_init(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_init(&T11_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T11_mx);
+ return(T_UNRESOLVED);
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T11_mx);
+ isc_condition_destroy(&T11_cv);
+ return(T_UNRESOLVED);
+ }
+
+ task = NULL;
+ isc_result = isc_task_create(tmgr, 0, &task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T11_mx);
+ isc_condition_destroy(&T11_cv);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_task_onshutdown(task, t11_sde, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown returned %s\n",
+ isc_result_totext(isc_result));
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T11_mx);
+ isc_condition_destroy(&T11_cv);
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Block the task on T11_cv.
+ */
+ event1 = isc_event_allocate(mctx, (void *)1, (isc_eventtype_t)1,
+ t11_event1, NULL, sizeof(*event1));
+
+ isc_task_send(task, &event1);
+
+ event2 = isc_event_allocate(mctx, (void *)1, (isc_eventtype_t)1,
+ t11_event2, NULL, sizeof(*event2));
+ event2_clone = event2;
+ if (purgable)
+ event2->ev_attributes &= ~ISC_EVENTATTR_NOPURGE;
+ else
+ event2->ev_attributes |= ISC_EVENTATTR_NOPURGE;
+
+ isc_task_send(task, &event2);
+
+ rval = isc_task_purgeevent(task, event2_clone);
+ if (rval != (purgable ? ISC_TRUE : ISC_FALSE)) {
+ t_info("isc_task_purgeevent returned %s, expected %s\n",
+ (rval ? "ISC_TRUE" : "ISC_FALSE"),
+ (purgable ? "ISC_TRUE" : "ISC_FALSE"));
+ ++T11_nfails;
+ }
+
+ isc_result = isc_mutex_lock(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ /*
+ * Unblock the task, allowing event processing.
+ */
+ T11_startflag = 1;
+ isc_result = isc_condition_signal(&T11_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ isc_task_shutdown(task);
+
+ interval.seconds = 5;
+ interval.nanoseconds = 0;
+
+ /*
+ * Wait for shutdown processing to complete.
+ */
+ while (T11_shutdownflag == 0) {
+ isc_result = isc_time_nowplusinterval(&now, &interval);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_nowplusinterval failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ isc_result = isc_condition_waituntil(&T11_cv, &T11_mx, &now);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_waituntil returned %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&T11_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T11_nprobs;
+ }
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_mem_destroy(&mctx);
+ DESTROYLOCK(&T11_mx);
+ isc_condition_destroy(&T11_cv);
+
+ if (T11_eventcnt != (purgable ? 0 : 1)) {
+ t_info("Event was %s purged\n",
+ (purgable ? "not" : "unexpectedly"));
+ ++T11_nfails;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((T11_nfails == 0) && (T11_nprobs == 0))
+ result = T_PASS;
+ else if (T11_nfails)
+ result = T_FAIL;
+
+ return(result);
+}
+
+static const char *a11 =
+ "When the event is marked as purgable, a call to "
+ "isc_task_purgeevent(task, event) purges the event 'event' "
+ "from the task's queue and returns ISC_TRUE.";
+
+static void
+t11(void) {
+ t_assert("tasks", 11, T_REQUIRED, a11);
+
+ if (threaded)
+ t_result(t_tasks11(1));
+ else
+ require_threads();
+}
+
+static const char *a12 =
+ "When the event is not marked as purgable, a call to "
+ "isc_task_purgeevent(task, event) does not purge the "
+ "event 'event' from the task's queue and returns "
+ "ISC_FALSE.";
+
+static int
+t_tasks12(void) {
+ return(t_tasks11(0));
+}
+
+static void
+t12(void) {
+ t_assert("tasks", 12, T_REQUIRED, a12);
+
+ if (threaded)
+ t_result(t_tasks12());
+ else
+ require_threads();
+}
+
+static int T13_nfails;
+static int T13_nprobs;
+
+static const char *a13 =
+ "A call to "
+ "isc_event_purgerange(task, sender, first, last, tag) "
+ "purges all events not marked unpurgable from "
+ "sender 'sender' and of type within the range 'first' "
+ "to 'last' inclusive from the task's event queue and "
+ "returns the number of tasks purged.";
+
+static int
+t_tasks13(void) {
+ int result;
+
+ T13_nfails = 0;
+ T13_nprobs = 0;
+
+ /*
+ * First let's try the same cases we used in t10.
+ */
+
+ /*
+ * Try purging on a specific sender.
+ */
+ t_info("testing purge on 2,4,8 expecting 1\n");
+ t_taskpurge_x(1, 4, 7, &senders[2], 4, 4, (void *)8, 1,
+ &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on all senders.
+ */
+ t_info("testing purge on 0,4,8 expecting 3\n");
+ t_taskpurge_x(1, 4, 7, NULL, 4, 4, (void *)8, 3,
+ &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on all senders, specified type, all tags.
+ */
+ t_info("testing purge on 0,4,0 expecting 15\n");
+ t_taskpurge_x(1, 4, 7, NULL, 4, 4, NULL, 15, &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on a specified tag, no such type.
+ */
+ t_info("testing purge on 0,99,8 expecting 0\n");
+ t_taskpurge_x(1, 4, 7, NULL, 99, 99, (void *)8, 0,
+ &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on specified sender, type, all tags.
+ */
+ t_info("testing purge on 3,5,0 expecting 5\n");
+ t_taskpurge_x(1, 4, 7, &senders[3], 5, 5, 0, 5, &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Now let's try some ranges.
+ */
+
+ t_info("testing purgerange on 2,4-5,8 expecting 2\n");
+ t_taskpurge_x(1, 4, 7, &senders[2], 4, 5, (void *)8, 1,
+ &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on all senders.
+ */
+ t_info("testing purge on 0,4-5,8 expecting 5\n");
+ t_taskpurge_x(1, 4, 7, NULL, 4, 5, (void *)8, 5,
+ &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on all senders, specified type, all tags.
+ */
+ t_info("testing purge on 0,5-6,0 expecting 28\n");
+ t_taskpurge_x(1, 4, 7, NULL, 5, 6, NULL, 28, &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on a specified tag, no such type.
+ */
+ t_info("testing purge on 0,99-101,8 expecting 0\n");
+ t_taskpurge_x(1, 4, 7, NULL, 99, 101, (void *)8, 0,
+ &T13_nfails, &T13_nprobs, 1);
+
+ /*
+ * Try purging on specified sender, type, all tags.
+ */
+ t_info("testing purge on 3,5-6,0 expecting 10\n");
+ t_taskpurge_x(1, 4, 7, &senders[3], 5, 6, NULL, 10, &T13_nfails,
+ &T13_nprobs, 1);
+
+ result = T_UNRESOLVED;
+
+ if ((T13_nfails == 0) && (T13_nprobs == 0))
+ result = T_PASS;
+ else if (T13_nfails)
+ result = T_FAIL;
+
+ return (result);
+}
+
+static void
+t13(void) {
+ t_assert("tasks", 13, T_REQUIRED, a13);
+
+ if (threaded)
+ t_result(t_tasks13());
+ else
+ require_threads();
+}
+
+#define T14_NTASKS 10
+#define T14_EXCLTASK 6
+
+int t14_exclusiveerror = ISC_R_SUCCESS;
+int t14_error = 0;
+int t14_done = 0;
+
+int spin(int n);
+
+int t14_active[T14_NTASKS];
+
+static void
+t14_callback(isc_task_t *task, isc_event_t *event) {
+ int taskno = *(int *)(event->ev_arg);
+
+
+ t_info("task enter %d\n", taskno);
+ if (taskno == T14_EXCLTASK) {
+ int i;
+ t14_exclusiveerror = isc_task_beginexclusive(task);
+ if (t14_exclusiveerror == ISC_R_SUCCESS)
+ t_info("task %d got exclusive access\n", taskno);
+ else
+ t_info("task %d failed to got exclusive access: %d\n",
+ taskno, t14_exclusiveerror);
+ for (i = 0; i < T14_NTASKS; i++) {
+ t_info("task %d state %d\n", i , t14_active[i]);
+ if (t14_active[i])
+ t14_error++;
+ }
+ isc_task_endexclusive(task);
+ t14_done = 1;
+ } else {
+ t14_active[taskno]++;
+ (void) spin(10000000);
+ t14_active[taskno]--;
+ }
+ t_info("task exit %d\n", taskno);
+ if (t14_done) {
+ isc_mem_put(event->ev_destroy_arg, event->ev_arg, sizeof (int));
+ isc_event_free(&event);
+ } else {
+ isc_task_send(task, &event);
+ }
+}
+
+int spin(int n) {
+ int i;
+ int r = 0;
+ for (i = 0; i < n; i++) {
+ r += i;
+ if (r > 1000000)
+ r = 0;
+ }
+ return (r);
+}
+
+static int
+t_tasks14(void) {
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *manager;
+ isc_task_t *tasks[T14_NTASKS];
+ unsigned int workers;
+ isc_result_t isc_result;
+ int i;
+
+ manager = NULL;
+ mctx = NULL;
+
+ for (i = 0; i < T14_NTASKS; i++)
+ tasks[i] = NULL;
+
+ workers = 4;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+ if (workers < 1) {
+ t_info("Bad config value for ISC_TASK_WORKERS, %d\n", workers);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %d\n", isc_result);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &manager);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ for (i = 0; i < T14_NTASKS; i++) {
+ isc_event_t *event;
+ int *v;
+
+ isc_result = isc_task_create(manager, 0, &tasks[i]);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %d\n", isc_result);
+ return(T_FAIL);
+ }
+
+ v = isc_mem_get(mctx, sizeof *v);
+ if (v == NULL) {
+ isc_task_detach(&tasks[i]);
+ t_info("isc_mem_get failed\n");
+ return(T_FAIL);
+ }
+ *v = i;
+
+ event = isc_event_allocate(mctx, NULL, 1, t14_callback,
+ v, sizeof(*event));
+ if (event == NULL) {
+ isc_mem_put(mctx, v, sizeof *v);
+ t_info("isc_event_allocate failed\n");
+ return(T_UNRESOLVED);
+ }
+ isc_task_send(tasks[i], &event);
+ }
+
+ for (i = 0; i < T14_NTASKS; i++) {
+ isc_task_detach(&tasks[i]);
+ }
+
+ isc_taskmgr_destroy(&manager);
+
+ if (t14_exclusiveerror != ISC_R_SUCCESS || t14_error) {
+ if (t14_exclusiveerror != ISC_R_SUCCESS)
+ t_info("isc_task_beginexclusive() failed\n");
+ if (t14_error)
+ t_info("mutual access occurred\n");
+ return(T_FAIL);
+ }
+
+ isc_mem_destroy(&mctx);
+ return(T_PASS);
+}
+
+static void
+t14(void) {
+ int result;
+
+ t_assert("tasks", 14, T_REQUIRED,
+ "isc_task_beginexclusive() gets exclusive access");
+ result = t_tasks14();
+ t_result(result);
+}
+
+testspec_t T_testlist[] = {
+ { t1, "basic task subsystem" },
+ { t2, "maxtasks" },
+ { t3, "isc_task_shutdown" },
+ { t4, "isc_task_shutdown" },
+ { t7, "isc_task_create" },
+ { t10, "isc_task_purge" },
+ { t11, "isc_task_purgeevent" },
+ { t12, "isc_task_purgeevent" },
+ { t13, "isc_task_purgerange" },
+ { t14, "isc_task_beginexclusive" },
+ { NULL, NULL }
+};
diff --git a/bin/tests/timer_test.c b/bin/tests/timer_test.c
new file mode 100644
index 0000000..2825dc5
--- /dev/null
+++ b/bin/tests/timer_test.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: timer_test.c,v 1.40 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <isc/mem.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+isc_mem_t *mctx1, *mctx2, *mctx3;
+isc_task_t *t1, *t2, *t3;
+isc_timer_t *ti1, *ti2, *ti3;
+int tick_count = 0;
+
+static void
+shutdown_task(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+
+ printf("task %p shutdown %s\n", task, name);
+ isc_event_free(&event);
+}
+
+static void
+tick(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+
+ INSIST(event->ev_type == ISC_TIMEREVENT_TICK);
+
+ printf("task %s (%p) tick\n", name, task);
+
+ tick_count++;
+ if (ti3 != NULL && tick_count % 3 == 0)
+ isc_timer_touch(ti3);
+
+ if (ti3 != NULL && tick_count == 7) {
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ isc_interval_set(&interval, 5, 0);
+ (void)isc_time_nowplusinterval(&expires, &interval);
+ isc_interval_set(&interval, 4, 0);
+ printf("*** resetting ti3 ***\n");
+ RUNTIME_CHECK(isc_timer_reset(ti3, isc_timertype_once,
+ &expires, &interval, ISC_TRUE) ==
+ ISC_R_SUCCESS);
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+timeout(isc_task_t *task, isc_event_t *event) {
+ char *name = event->ev_arg;
+ const char *type;
+
+ INSIST(event->ev_type == ISC_TIMEREVENT_IDLE ||
+ event->ev_type == ISC_TIMEREVENT_LIFE);
+
+ if (event->ev_type == ISC_TIMEREVENT_IDLE)
+ type = "idle";
+ else
+ type = "life";
+ printf("task %s (%p) %s timeout\n", name, task, type);
+
+ if (strcmp(name, "3") == 0) {
+ printf("*** saving task 3 ***\n");
+ isc_event_free(&event);
+ return;
+ }
+
+ isc_event_free(&event);
+ isc_task_shutdown(task);
+}
+
+int
+main(int argc, char *argv[]) {
+ isc_taskmgr_t *manager = NULL;
+ isc_timermgr_t *timgr = NULL;
+ unsigned int workers;
+ isc_time_t expires, now;
+ isc_interval_t interval;
+
+ if (argc > 1)
+ workers = atoi(argv[1]);
+ else
+ workers = 2;
+ printf("%d workers\n", workers);
+
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx1) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_taskmgr_create(mctx1, workers, 0, &manager) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_timermgr_create(mctx1, &timgr) == ISC_R_SUCCESS);
+
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t1) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t2) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_create(manager, 0, &t3) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t1, shutdown_task, "1") ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t2, shutdown_task, "2") ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_task_onshutdown(t3, shutdown_task, "3") ==
+ ISC_R_SUCCESS);
+
+ printf("task 1: %p\n", t1);
+ printf("task 2: %p\n", t2);
+ printf("task 3: %p\n", t3);
+
+ TIME_NOW(&now);
+
+ isc_interval_set(&interval, 2, 0);
+ RUNTIME_CHECK(isc_timer_create(timgr, isc_timertype_once, NULL,
+ &interval, t2, timeout, "2", &ti2) ==
+ ISC_R_SUCCESS);
+
+ isc_interval_set(&interval, 1, 0);
+ RUNTIME_CHECK(isc_timer_create(timgr, isc_timertype_ticker, NULL,
+ &interval, t1, tick, "1", &ti1) ==
+ ISC_R_SUCCESS);
+
+ isc_interval_set(&interval, 10, 0);
+ RUNTIME_CHECK(isc_time_add(&now, &interval, &expires) ==
+ ISC_R_SUCCESS);
+ isc_interval_set(&interval, 2, 0);
+ RUNTIME_CHECK(isc_timer_create(timgr, isc_timertype_once, &expires,
+ &interval, t3, timeout, "3", &ti3) ==
+ ISC_R_SUCCESS);
+
+ isc_task_detach(&t1);
+ isc_task_detach(&t2);
+ isc_task_detach(&t3);
+
+ sleep(15);
+ printf("destroy\n");
+ isc_timer_detach(&ti1);
+ isc_timer_detach(&ti2);
+ isc_timer_detach(&ti3);
+ sleep(2);
+ isc_timermgr_destroy(&timgr);
+ isc_taskmgr_destroy(&manager);
+ printf("destroyed\n");
+
+ printf("Statistics for mctx1:\n");
+ isc_mem_stats(mctx1, stdout);
+ isc_mem_destroy(&mctx1);
+
+ return (0);
+}
diff --git a/bin/tests/timers/Makefile.in b/bin/tests/timers/Makefile.in
new file mode 100644
index 0000000..0ba198a
--- /dev/null
+++ b/bin/tests/timers/Makefile.in
@@ -0,0 +1,55 @@
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002 Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.28 2007/06/19 23:47:07 tbox Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCLIBS = ../../../lib/isc/libisc.@A@
+
+ISCDEPLIBS = ../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${ISCDEPLIBS}
+
+LIBS = ${ISCLIBS} @LIBS@
+
+TLIB = ../../../lib/tests/libt_api.@A@
+
+TARGETS = t_timers@EXEEXT@
+
+SRCS = t_timers.c
+
+@BIND9_MAKE_RULES@
+
+t_timers@EXEEXT@: t_timers.@O@ ${DEPLIBS} ${TLIB}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_timers.@O@ ${TLIB} ${LIBS}
+
+test: t_timers@EXEEXT@
+ -@./t_timers@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -q 60 -a
+
+testhelp:
+ @./t_timers@EXEEXT@ -h
+
+clean distclean::
+ rm -f ${TARGETS}
diff --git a/bin/tests/timers/t_timers.c b/bin/tests/timers/t_timers.c
new file mode 100644
index 0000000..7705364
--- /dev/null
+++ b/bin/tests/timers/t_timers.c
@@ -0,0 +1,1128 @@
+/*
+ * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_timers.c,v 1.28 2008/01/12 23:47:13 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/condition.h>
+#include <isc/mem.h>
+#include <isc/platform.h>
+#include <isc/task.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <tests/t_api.h>
+
+#ifdef ISC_PLATFORM_USETHREADS
+isc_boolean_t threaded = ISC_TRUE;
+#else
+isc_boolean_t threaded = ISC_FALSE;
+#endif
+
+#define Tx_FUDGE_SECONDS 0 /* in absence of clock_getres() */
+#define Tx_FUDGE_NANOSECONDS 500000000 /* in absence of clock_getres() */
+
+static isc_time_t Tx_endtime;
+static isc_time_t Tx_lasttime;
+static int Tx_eventcnt;
+static int Tx_nevents;
+static isc_mutex_t Tx_mx;
+static isc_condition_t Tx_cv;
+static int Tx_nfails;
+static int Tx_nprobs;
+static isc_timer_t *Tx_timer;
+static int Tx_seconds;
+static int Tx_nanoseconds;
+
+static void
+require_threads(void) {
+ t_info("This test requires threads\n");
+ t_result(T_THREADONLY);
+ return;
+}
+
+static void
+tx_sde(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ task = task;
+ event = event;
+
+ /*
+ * Signal shutdown processing complete.
+ */
+ isc_result = isc_mutex_lock(&Tx_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ isc_result = isc_condition_signal(&Tx_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&Tx_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+tx_te(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+ isc_time_t now;
+ isc_time_t base;
+ isc_time_t ulim;
+ isc_time_t llim;
+ isc_interval_t interval;
+ isc_eventtype_t expected_event_type;
+
+ ++Tx_eventcnt;
+
+ t_info("tick %d\n", Tx_eventcnt);
+
+ expected_event_type = ISC_TIMEREVENT_LIFE;
+ if ((isc_timertype_t) event->ev_arg == isc_timertype_ticker)
+ expected_event_type = ISC_TIMEREVENT_TICK;
+
+ if (event->ev_type != expected_event_type) {
+ t_info("expected event type %d, got %d\n",
+ expected_event_type, (int) event->ev_type);
+ ++Tx_nfails;
+ }
+
+ isc_result = isc_time_now(&now);
+ if (isc_result == ISC_R_SUCCESS) {
+ interval.seconds = Tx_seconds;
+ interval.nanoseconds = Tx_nanoseconds;
+ isc_result = isc_time_add(&Tx_lasttime, &interval, &base);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_add failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ } else {
+ t_info("isc_time_now failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ interval.seconds = Tx_FUDGE_SECONDS;
+ interval.nanoseconds = Tx_FUDGE_NANOSECONDS;
+ isc_result = isc_time_add(&base, &interval, &ulim);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_add failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ isc_result = isc_time_subtract(&base, &interval, &llim);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_subtract failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ if (isc_time_compare(&llim, &now) > 0) {
+ t_info("timer range error: early by "
+ "%lu microseconds\n",
+ (unsigned long)isc_time_microdiff(&base, &now));
+ ++Tx_nfails;
+ } else if (isc_time_compare(&ulim, &now) < 0) {
+ t_info("timer range error: late by "
+ "%lu microseconds\n",
+ (unsigned long)isc_time_microdiff(&now, &base));
+ ++Tx_nfails;
+ }
+ Tx_lasttime = now;
+ }
+
+ if (Tx_eventcnt == Tx_nevents) {
+ isc_result = isc_time_now(&Tx_endtime);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_now failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ isc_timer_detach(&Tx_timer);
+ isc_task_shutdown(task);
+ }
+
+ isc_event_free(&event);
+}
+
+static void
+t_timers_x(isc_timertype_t timertype, isc_time_t *expires,
+ isc_interval_t *interval,
+ void (*action)(isc_task_t *, isc_event_t *))
+{
+ char *p;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ isc_task_t *task;
+ unsigned int workers;
+ isc_result_t isc_result;
+ isc_timermgr_t *timermgr;
+
+ Tx_eventcnt = 0;
+ isc_time_settoepoch(&Tx_endtime);
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ return;
+ }
+
+ isc_result = isc_mutex_init(&Tx_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ isc_result = isc_condition_init(&Tx_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&Tx_mx);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ timermgr = NULL;
+ isc_result = isc_timermgr_create(mctx, &timermgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timermgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ isc_result = isc_mutex_lock(&Tx_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ task = NULL;
+ isc_result = isc_task_create(tmgr, 0, &task);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ isc_result = isc_task_onshutdown(task, tx_sde, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ isc_result = isc_time_now(&Tx_lasttime);
+ if (isc_result != ISC_R_SUCCESS) {
+ isc_timermgr_destroy(&timermgr);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ Tx_timer = NULL;
+ isc_result = isc_timer_create(timermgr, timertype, expires, interval,
+ task, action, (void *)timertype,
+ &Tx_timer);
+
+ if (isc_result != ISC_R_SUCCESS) {
+ isc_timermgr_destroy(&timermgr);
+ isc_task_destroy(&task);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+ ++Tx_nprobs;
+ return;
+ }
+
+ /*
+ * Wait for shutdown processing to complete.
+ */
+ while (Tx_eventcnt != Tx_nevents) {
+ isc_result = isc_condition_wait(&Tx_cv, &Tx_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_waituntil failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&Tx_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&tmgr);
+ isc_timermgr_destroy(&timermgr);
+ DESTROYLOCK(&Tx_mx);
+ isc_condition_destroy(&Tx_cv);
+ isc_mem_destroy(&mctx);
+
+}
+
+#define T1_SECONDS 2
+#define T1_NANOSECONDS 500000000
+
+static const char *a1 =
+ "When type is isc_timertype_ticker, a call to isc_timer_create() "
+ "creates a timer that posts an ISC_TIMEREVENT_TICK event to the "
+ "specified task every 'interval' seconds and returns ISC_R_SUCCESS.";
+
+static void
+t1(void) {
+ int result;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ t_assert("isc_timer_create", 1, T_REQUIRED, a1);
+
+ if (threaded) {
+ Tx_nfails = 0;
+ Tx_nprobs = 0;
+ Tx_nevents = 12;
+ Tx_seconds = T1_SECONDS;
+ Tx_nanoseconds = T1_NANOSECONDS;
+ isc_interval_set(&interval, Tx_seconds, Tx_nanoseconds);
+ isc_time_settoepoch(&expires);
+
+ t_timers_x(isc_timertype_ticker, &expires, &interval, tx_te);
+
+ result = T_UNRESOLVED;
+
+ if ((Tx_nfails == 0) && (Tx_nprobs == 0))
+ result = T_PASS;
+ else if (Tx_nfails)
+ result = T_FAIL;
+
+ t_result(result);
+ } else
+ require_threads();
+}
+
+#define T2_SECONDS 5
+#define T2_NANOSECONDS 300000000;
+
+static const char *a2 =
+ "When type is isc_timertype_once, a call to isc_timer_create() "
+ "creates a timer that posts an ISC_TIMEEVENT_LIFE event to the "
+ "specified task when the current time reaches or exceeds the time "
+ "specified by 'expires'.";
+
+static void
+t2(void) {
+ int result;
+ int isc_result;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ t_assert("isc_timer_create", 2, T_REQUIRED, a2);
+
+ if (threaded) {
+ Tx_nfails = 0;
+ Tx_nprobs = 0;
+ Tx_nevents = 1;
+ Tx_seconds = T2_SECONDS;
+ Tx_nanoseconds = T2_NANOSECONDS;
+ isc_interval_set(&interval, Tx_seconds, Tx_nanoseconds);
+
+ isc_result = isc_time_nowplusinterval(&expires, &interval);
+ if (isc_result == ISC_R_SUCCESS) {
+
+ isc_interval_set(&interval, 0, 0);
+ t_timers_x(isc_timertype_once, &expires, &interval,
+ tx_te);
+
+ } else {
+ t_info("isc_time_nowplusinterval failed %s\n",
+ isc_result_totext(isc_result));
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((Tx_nfails == 0) && (Tx_nprobs == 0))
+ result = T_PASS;
+ else if (Tx_nfails)
+ result = T_FAIL;
+
+ t_result(result);
+ } else
+ require_threads();
+}
+
+static void
+t3_te(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+ isc_time_t now;
+ isc_time_t base;
+ isc_time_t ulim;
+ isc_time_t llim;
+ isc_interval_t interval;
+
+ ++Tx_eventcnt;
+
+ t_info("tick %d\n", Tx_eventcnt);
+
+ isc_result = isc_time_now(&now);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_now failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ interval.seconds = Tx_seconds;
+ interval.nanoseconds = Tx_nanoseconds;
+ isc_result = isc_time_add(&Tx_lasttime, &interval, &base);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_add failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ interval.seconds = Tx_FUDGE_SECONDS;
+ interval.nanoseconds = Tx_FUDGE_NANOSECONDS;
+ isc_result = isc_time_add(&base, &interval, &ulim);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_add failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ isc_result = isc_time_subtract(&base, &interval, &llim);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_subtract failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ if (isc_time_compare(&llim, &now) > 0) {
+ t_info("timer range error: early by "
+ "%lu microseconds\n",
+ (unsigned long)isc_time_microdiff(&base, &now));
+ ++Tx_nfails;
+ } else if (isc_time_compare(&ulim, &now) < 0) {
+ t_info("timer range error: late by "
+ "%lu microseconds\n",
+ (unsigned long)isc_time_microdiff(&now, &base));
+ ++Tx_nfails;
+ }
+ Tx_lasttime = now;
+ }
+
+ if (event->ev_type != ISC_TIMEREVENT_IDLE) {
+ t_info("received event type %d, expected type %d\n",
+ event->ev_type, ISC_TIMEREVENT_IDLE);
+ ++Tx_nfails;
+ }
+
+ isc_timer_detach(&Tx_timer);
+ isc_task_shutdown(task);
+ isc_event_free(&event);
+}
+
+#define T3_SECONDS 4
+#define T3_NANOSECONDS 400000000
+
+static const char *a3 =
+ "When type is isc_timertype_once, a call to isc_timer_create() "
+ "creates a timer that posts an ISC_TIMEEVENT_IDLE event to the "
+ "specified task when the timer has been idle for 'interval' seconds.";
+
+static void
+t3(void) {
+ int result;
+ int isc_result;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ t_assert("isc_timer_create", 3, T_REQUIRED, a3);
+
+ if (threaded) {
+ Tx_nfails = 0;
+ Tx_nprobs = 0;
+ Tx_nevents = 1;
+ Tx_seconds = T3_SECONDS;
+ Tx_nanoseconds = T3_NANOSECONDS;
+
+ isc_interval_set(&interval, Tx_seconds + 1, Tx_nanoseconds);
+
+ isc_result = isc_time_nowplusinterval(&expires, &interval);
+ if (isc_result == ISC_R_SUCCESS) {
+ isc_interval_set(&interval, Tx_seconds,
+ Tx_nanoseconds);
+ t_timers_x(isc_timertype_once, &expires, &interval,
+ t3_te);
+ } else {
+ t_info("isc_time_nowplusinterval failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ result = T_UNRESOLVED;
+
+ if ((Tx_nfails == 0) && (Tx_nprobs == 0))
+ result = T_PASS;
+ else if (Tx_nfails)
+ result = T_FAIL;
+
+ t_result(result);
+ } else
+ require_threads();
+}
+
+#define T4_SECONDS 2
+#define T4_NANOSECONDS 500000000
+
+static void
+t4_te(isc_task_t *task, isc_event_t *event) {
+
+ isc_result_t isc_result;
+ isc_time_t now;
+ isc_time_t base;
+ isc_time_t ulim;
+ isc_time_t llim;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ ++Tx_eventcnt;
+
+ t_info("tick %d\n", Tx_eventcnt);
+
+ /*
+ * Check expired time.
+ */
+
+ isc_result = isc_time_now(&now);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_now failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ interval.seconds = Tx_seconds;
+ interval.nanoseconds = Tx_nanoseconds;
+ isc_result = isc_time_add(&Tx_lasttime, &interval, &base);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_add failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ interval.seconds = Tx_FUDGE_SECONDS;
+ interval.nanoseconds = Tx_FUDGE_NANOSECONDS;
+ isc_result = isc_time_add(&base, &interval, &ulim);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_add failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ isc_result = isc_time_subtract(&base, &interval, &llim);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_time_subtract failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+
+ if (isc_result == ISC_R_SUCCESS) {
+ if (isc_time_compare(&llim, &now) > 0) {
+ t_info("timer range error: early by "
+ "%lu microseconds\n",
+ (unsigned long)isc_time_microdiff(&base, &now));
+ ++Tx_nfails;
+ } else if (isc_time_compare(&ulim, &now) < 0) {
+ t_info("timer range error: late by "
+ "%lu microseconds\n",
+ (unsigned long)isc_time_microdiff(&now, &base));
+ ++Tx_nfails;
+ }
+ Tx_lasttime = now;
+ }
+
+ if (Tx_eventcnt < 3) {
+ if (event->ev_type != ISC_TIMEREVENT_TICK) {
+ t_info("received event type %d, expected type %d\n",
+ event->ev_type, ISC_TIMEREVENT_IDLE);
+ ++Tx_nfails;
+ }
+ if (Tx_eventcnt == 2) {
+ isc_interval_set(&interval, T4_SECONDS,
+ T4_NANOSECONDS);
+ isc_result = isc_time_nowplusinterval(&expires,
+ &interval);
+ if (isc_result == ISC_R_SUCCESS) {
+ isc_interval_set(&interval, 0, 0);
+ isc_result =
+ isc_timer_reset(Tx_timer,
+ isc_timertype_once,
+ &expires, &interval,
+ ISC_FALSE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timer_reset failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nfails;
+ }
+ } else {
+ t_info("isc_time_nowplusinterval failed %s\n",
+ isc_result_totext(isc_result));
+ ++Tx_nprobs;
+ }
+ }
+ } else {
+ if (event->ev_type != ISC_TIMEREVENT_LIFE) {
+ t_info("received event type %d, expected type %d\n",
+ event->ev_type, ISC_TIMEREVENT_IDLE);
+ ++Tx_nfails;
+ }
+
+ isc_timer_detach(&Tx_timer);
+ isc_task_shutdown(task);
+ }
+
+ isc_event_free(&event);
+}
+
+static const char *a4 =
+ "A call to isc_timer_reset() changes the timer's type, expires and "
+ "interval values to the given values.";
+
+static void
+t4(void) {
+ int result;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ t_assert("isc_timer_reset", 4, T_REQUIRED, a4);
+
+ if (threaded) {
+ Tx_nfails = 0;
+ Tx_nprobs = 0;
+ Tx_nevents = 3;
+ Tx_seconds = T4_SECONDS;
+ Tx_nanoseconds = T4_NANOSECONDS;
+
+ isc_interval_set(&interval, T4_SECONDS, T4_NANOSECONDS);
+ isc_time_settoepoch(&expires);
+ t_timers_x(isc_timertype_ticker, &expires, &interval, t4_te);
+
+ result = T_UNRESOLVED;
+
+ if ((Tx_nfails == 0) && (Tx_nprobs == 0))
+ result = T_PASS;
+ else if (Tx_nfails)
+ result = T_FAIL;
+
+ t_result(result);
+ } else
+ require_threads();
+}
+
+#define T5_NTICKS 4
+#define T5_SECONDS 3
+
+static int T5_startflag;
+static int T5_shutdownflag;
+static int T5_eventcnt;
+static isc_mutex_t T5_mx;
+static isc_condition_t T5_cv;
+static int T5_nfails;
+static int T5_nprobs;
+static isc_timer_t *T5_tickertimer;
+static isc_timer_t *T5_oncetimer;
+static isc_task_t *T5_task1;
+static isc_task_t *T5_task2;
+
+/*
+ * T5_task1 blocks on T5_mx while events accumulate
+ * in it's queue, until signaled by T5_task2.
+ */
+
+static void
+t5_start_event(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+
+ UNUSED(task);
+
+ t_info("t5_start_event\n");
+
+ isc_result = isc_mutex_lock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ while (! T5_startflag) {
+ (void) isc_condition_wait(&T5_cv, &T5_mx);
+ }
+
+ isc_result = isc_mutex_unlock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+ isc_event_free(&event);
+}
+
+static void
+t5_tick_event(isc_task_t *task, isc_event_t *event) {
+ isc_result_t isc_result;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ task = task;
+
+ ++T5_eventcnt;
+ t_info("t5_tick_event %d\n", T5_eventcnt);
+
+ /*
+ * On the first tick, purge all remaining tick events
+ * and then shut down the task.
+ */
+ if (T5_eventcnt == 1) {
+ isc_time_settoepoch(&expires);
+ isc_interval_set(&interval, T5_SECONDS, 0);
+ isc_result = isc_timer_reset(T5_tickertimer,
+ isc_timertype_ticker, &expires,
+ &interval, ISC_TRUE);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timer_reset failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nfails;
+ }
+ isc_task_shutdown(task);
+ }
+ isc_event_free(&event);
+}
+
+static void
+t5_once_event(isc_task_t *task, isc_event_t *event) {
+
+ isc_result_t isc_result;
+
+ t_info("t5_once_event\n");
+
+ /*
+ * Allow task1 to start processing events.
+ */
+ isc_result = isc_mutex_lock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ T5_startflag = 1;
+
+ isc_result = isc_condition_broadcast(&T5_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_broadcast failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ isc_event_free(&event);
+ isc_task_shutdown(task);
+}
+
+static void
+t5_shutdown_event(isc_task_t *task, isc_event_t *event) {
+
+ isc_result_t isc_result;
+
+ UNUSED(task);
+ UNUSED(event);
+
+ t_info("t5_shutdown_event\n");
+
+ /*
+ * Signal shutdown processing complete.
+ */
+ isc_result = isc_mutex_lock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ T5_shutdownflag = 1;
+
+ isc_result = isc_condition_signal(&T5_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_signal failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ isc_result = isc_mutex_unlock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+ isc_event_free(&event);
+}
+
+static int
+t_timers5(void) {
+ char *p;
+ int result;
+ isc_mem_t *mctx;
+ isc_taskmgr_t *tmgr;
+ unsigned int workers;
+ isc_result_t isc_result;
+ isc_timermgr_t *timermgr;
+ isc_event_t *event;
+ isc_time_t expires;
+ isc_interval_t interval;
+
+ T5_startflag = 0;
+ T5_shutdownflag = 0;
+ T5_eventcnt = 0;
+
+ workers = 2;
+ p = t_getenv("ISC_TASK_WORKERS");
+ if (p != NULL)
+ workers = atoi(p);
+
+ mctx = NULL;
+ isc_result = isc_mem_create(0, 0, &mctx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mem_create failed %s\n",
+ isc_result_totext(isc_result));
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_init(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_init failed %s\n",
+ isc_result_totext(isc_result));
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_condition_init(&T5_cv);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_init failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T5_mx);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ tmgr = NULL;
+ isc_result = isc_taskmgr_create(mctx, workers, 0, &tmgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_taskmgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ timermgr = NULL;
+ isc_result = isc_timermgr_create(mctx, &timermgr);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_timermgr_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ T5_task1 = NULL;
+ isc_result = isc_task_create(tmgr, 0, &T5_task1);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_task_onshutdown(T5_task1, t5_shutdown_event, NULL);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_onshutdown failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_task_destroy(&T5_task1);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ T5_task2 = NULL;
+ isc_result = isc_task_create(tmgr, 0, &T5_task2);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_task_create failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_task_destroy(&T5_task1);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_result = isc_mutex_lock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_lock failed %s\n",
+ isc_result_totext(isc_result));
+ isc_timermgr_destroy(&timermgr);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ event = isc_event_allocate(mctx, (void *)1 , (isc_eventtype_t)1,
+ t5_start_event, NULL, sizeof(*event));
+ isc_task_send(T5_task1, &event);
+
+ isc_time_settoepoch(&expires);
+ isc_interval_set(&interval, T5_SECONDS, 0);
+
+ T5_tickertimer = NULL;
+ isc_result = isc_timer_create(timermgr, isc_timertype_ticker,
+ &expires, &interval, T5_task1,
+ t5_tick_event, NULL, &T5_tickertimer);
+
+ if (isc_result != ISC_R_SUCCESS) {
+ isc_timermgr_destroy(&timermgr);
+ (void) isc_condition_signal(&T5_cv);
+ (void) isc_mutex_unlock(&T5_mx);
+ isc_task_destroy(&T5_task1);
+ isc_task_destroy(&T5_task2);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ T5_oncetimer = NULL;
+ isc_interval_set(&interval, (T5_SECONDS * T5_NTICKS) + 2, 0);
+ isc_result = isc_time_nowplusinterval(&expires, &interval);
+ if (isc_result != ISC_R_SUCCESS) {
+ isc_timer_detach(&T5_tickertimer);
+ isc_timermgr_destroy(&timermgr);
+ (void)isc_condition_signal(&T5_cv);
+ (void)isc_mutex_unlock(&T5_mx);
+ isc_task_destroy(&T5_task1);
+ isc_task_destroy(&T5_task2);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ return(T_UNRESOLVED);
+ }
+
+ isc_interval_set(&interval, 0, 0);
+ isc_result = isc_timer_create(timermgr, isc_timertype_once,
+ &expires, &interval, T5_task2,
+ t5_once_event, NULL, &T5_oncetimer);
+
+ if (isc_result != ISC_R_SUCCESS) {
+ isc_timer_detach(&T5_tickertimer);
+ isc_timermgr_destroy(&timermgr);
+ (void) isc_condition_signal(&T5_cv);
+ (void) isc_mutex_unlock(&T5_mx);
+ isc_task_destroy(&T5_task1);
+ isc_task_destroy(&T5_task2);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+ ++T5_nprobs;
+ return(T_UNRESOLVED);
+ }
+
+ /*
+ * Wait for shutdown processing to complete.
+ */
+ while (! T5_shutdownflag) {
+ isc_result = isc_condition_wait(&T5_cv, &T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_condition_waituntil failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+ }
+
+ isc_result = isc_mutex_unlock(&T5_mx);
+ if (isc_result != ISC_R_SUCCESS) {
+ t_info("isc_mutex_unlock failed %s\n",
+ isc_result_totext(isc_result));
+ ++T5_nprobs;
+ }
+
+ if (T5_eventcnt != 1) {
+ t_info("processed %d events\n", T5_eventcnt);
+ ++T5_nfails;
+ }
+
+ isc_timer_detach(&T5_tickertimer);
+ isc_timer_detach(&T5_oncetimer);
+ isc_timermgr_destroy(&timermgr);
+ isc_task_destroy(&T5_task1);
+ isc_task_destroy(&T5_task2);
+ isc_taskmgr_destroy(&tmgr);
+ DESTROYLOCK(&T5_mx);
+ isc_condition_destroy(&T5_cv);
+ isc_mem_destroy(&mctx);
+
+ result = T_UNRESOLVED;
+
+ if ((T5_nfails == 0) && (T5_nprobs == 0))
+ result = T_PASS;
+ else if (T5_nfails)
+ result = T_FAIL;
+
+ return (result);
+}
+
+static const char *a5 =
+ "When 'purge' is TRUE, a call to isc_timer_reset() purges any pending "
+ "events from 'timer' from the task's event queue.";
+
+static void
+t5(void) {
+ t_assert("isc_timer_reset", 5, T_REQUIRED, a5);
+
+ if (threaded)
+ t_result(t_timers5());
+ else
+ require_threads();
+}
+
+testspec_t T_testlist[] = {
+ { t1, "timer_create" },
+ { t2, "timer_create" },
+ { t3, "timer_create" },
+ { t4, "timer_reset" },
+ { t5, "timer_reset" },
+ { NULL, NULL }
+};
diff --git a/bin/tests/wire_test.c b/bin/tests/wire_test.c
new file mode 100644
index 0000000..ee7de98
--- /dev/null
+++ b/bin/tests/wire_test.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: wire_test.c,v 1.67 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/result.h>
+
+#include "printmsg.h"
+
+int parseflags = 0;
+isc_mem_t *mctx;
+isc_boolean_t printmemstats = ISC_FALSE;
+isc_boolean_t dorender = ISC_FALSE;
+
+static void
+process_message(isc_buffer_t *source);
+
+static inline void
+CHECKRESULT(isc_result_t result, const char *msg) {
+ if (result != ISC_R_SUCCESS) {
+ printf("%s: %s\n", msg, dns_result_totext(result));
+
+ exit(1);
+ }
+}
+
+static int
+fromhex(char c) {
+ if (c >= '0' && c <= '9')
+ return (c - '0');
+ else if (c >= 'a' && c <= 'f')
+ return (c - 'a' + 10);
+ else if (c >= 'A' && c <= 'F')
+ return (c - 'A' + 10);
+
+ printf("bad input format: %02x\n", c);
+ exit(3);
+ /* NOTREACHED */
+}
+
+static void
+usage(void) {
+ fprintf(stderr, "wire_test [-p] [-b] [-s] [-r]\n");
+ fprintf(stderr, "\t-p\tPreserve order of the records in messages\n");
+ fprintf(stderr, "\t-b\tBest-effort parsing (ignore some errors)\n");
+ fprintf(stderr, "\t-s\tPrint memory statistics\n");
+ fprintf(stderr, "\t-r\tAfter parsing, re-render the message\n");
+ fprintf(stderr, "\t-t\tTCP mode - ignore the first 2 bytes\n");
+}
+
+int
+main(int argc, char *argv[]) {
+ char *rp, *wp;
+ unsigned char *bp;
+ isc_buffer_t source;
+ size_t len, i;
+ int n;
+ FILE *f;
+ isc_boolean_t need_close = ISC_FALSE;
+ unsigned char b[64 * 1024];
+ char s[4000];
+ isc_boolean_t tcp = ISC_FALSE;
+ int ch;
+
+ mctx = NULL;
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+ while ((ch = isc_commandline_parse(argc, argv, "pbsrt")) != -1) {
+ switch (ch) {
+ case 'p':
+ parseflags |= DNS_MESSAGEPARSE_PRESERVEORDER;
+ break;
+ case 'b':
+ parseflags |= DNS_MESSAGEPARSE_BESTEFFORT;
+ break;
+ case 's':
+ printmemstats = ISC_TRUE;
+ break;
+ case 'r':
+ dorender = ISC_TRUE;
+ break;
+ case 't':
+ tcp = ISC_TRUE;
+ break;
+ default:
+ usage();
+ exit(1);
+ }
+ }
+
+ argc -= isc_commandline_index;
+ argv += isc_commandline_index;
+
+ if (argc > 1) {
+ f = fopen(argv[1], "r");
+ if (f == NULL) {
+ printf("fopen failed\n");
+ exit(1);
+ }
+ need_close = ISC_TRUE;
+ } else
+ f = stdin;
+
+ bp = b;
+ while (fgets(s, sizeof(s), f) != NULL) {
+ rp = s;
+ wp = s;
+ len = 0;
+ while (*rp != '\0') {
+ if (*rp == '#')
+ break;
+ if (*rp != ' ' && *rp != '\t' &&
+ *rp != '\r' && *rp != '\n') {
+ *wp++ = *rp;
+ len++;
+ }
+ rp++;
+ }
+ if (len == 0U)
+ break;
+ if (len % 2 != 0U) {
+ printf("bad input format: %lu\n", (unsigned long)len);
+ exit(1);
+ }
+ if (len > sizeof(b) * 2) {
+ printf("input too long\n");
+ exit(2);
+ }
+ rp = s;
+ for (i = 0; i < len; i += 2) {
+ n = fromhex(*rp++);
+ n *= 16;
+ n += fromhex(*rp++);
+ *bp++ = n;
+ }
+ }
+
+ if (need_close)
+ fclose(f);
+
+ if (tcp) {
+ unsigned char *p = b;
+ while (p < bp) {
+ unsigned int len;
+
+ if (p + 2 > bp) {
+ printf("premature end of packet\n");
+ exit(1);
+ }
+ len = p[0] << 8 | p[1];
+
+ if (p + 2 + len > bp) {
+ printf("premature end of packet\n");
+ exit(1);
+ }
+ isc_buffer_init(&source, p + 2, len);
+ isc_buffer_add(&source, len);
+ process_message(&source);
+ p += 2 + len;
+ }
+ } else {
+ isc_buffer_init(&source, b, sizeof(b));
+ isc_buffer_add(&source, bp - b);
+ process_message(&source);
+ }
+
+ if (printmemstats)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
+
+static void
+process_message(isc_buffer_t *source) {
+ dns_message_t *message;
+ isc_result_t result;
+ int i;
+
+ message = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &message);
+ CHECKRESULT(result, "dns_message_create failed");
+
+ result = dns_message_parse(message, source, parseflags);
+ if (result == DNS_R_RECOVERABLE)
+ result = ISC_R_SUCCESS;
+ CHECKRESULT(result, "dns_message_parse failed");
+
+ result = printmessage(message);
+ CHECKRESULT(result, "printmessage() failed");
+
+ if (printmemstats)
+ isc_mem_stats(mctx, stdout);
+
+ if (dorender) {
+ unsigned char b2[64 * 1024];
+ isc_buffer_t buffer;
+ dns_compress_t cctx;
+
+ isc_buffer_init(&buffer, b2, sizeof(b2));
+
+ /*
+ * XXXMLG
+ * Changing this here is a hack, and should not be done in
+ * reasonable application code, ever.
+ */
+ message->from_to_wire = DNS_MESSAGE_INTENTRENDER;
+
+ for (i = 0; i < DNS_SECTION_MAX; i++)
+ message->counts[i] = 0; /* Another hack XXX */
+
+ result = dns_compress_init(&cctx, -1, mctx);
+ CHECKRESULT(result, "dns_compress_init() failed");
+
+ result = dns_message_renderbegin(message, &cctx, &buffer);
+ CHECKRESULT(result, "dns_message_renderbegin() failed");
+
+ result = dns_message_rendersection(message,
+ DNS_SECTION_QUESTION, 0);
+ CHECKRESULT(result,
+ "dns_message_rendersection(QUESTION) failed");
+
+ result = dns_message_rendersection(message,
+ DNS_SECTION_ANSWER, 0);
+ CHECKRESULT(result,
+ "dns_message_rendersection(ANSWER) failed");
+
+ result = dns_message_rendersection(message,
+ DNS_SECTION_AUTHORITY, 0);
+ CHECKRESULT(result,
+ "dns_message_rendersection(AUTHORITY) failed");
+
+ result = dns_message_rendersection(message,
+ DNS_SECTION_ADDITIONAL, 0);
+ CHECKRESULT(result,
+ "dns_message_rendersection(ADDITIONAL) failed");
+
+ dns_message_renderend(message);
+
+ dns_compress_invalidate(&cctx);
+
+ message->from_to_wire = DNS_MESSAGE_INTENTPARSE;
+ dns_message_destroy(&message);
+
+ printf("Message rendered.\n");
+ if (printmemstats)
+ isc_mem_stats(mctx, stdout);
+
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE,
+ &message);
+ CHECKRESULT(result, "dns_message_create failed");
+
+ result = dns_message_parse(message, &buffer, parseflags);
+ CHECKRESULT(result, "dns_message_parse failed");
+
+ result = printmessage(message);
+ CHECKRESULT(result, "printmessage() failed");
+ }
+ dns_message_destroy(&message);
+}
diff --git a/bin/tests/wire_test.data b/bin/tests/wire_test.data
new file mode 100644
index 0000000..cbda586
--- /dev/null
+++ b/bin/tests/wire_test.data
@@ -0,0 +1,9 @@
+000a 8580 0001 0003 0000 0003 # message header
+0376697803636f6d00 0002 0001 # question section: vix.com IN NS
+c00c 0002 0001 00000e10 # vix.com IN NS 3600
+000b 056973727631027061c00c # rdlen=0xb isrv1.pa.vix.com
+c00c 0002 0001 00000e10 0009 066e732d657874c00c
+c00c 0002 0001 00000e10 000e 036e733104676e616303636f6d00
+c025 0001 0001 00000e10 0004 cc98b886
+c03c 0001 0001 00000e10 0004 cc98b840
+c051 0001 0001 0002a14a 0004 c697f8f6
diff --git a/bin/tests/wire_test.data2 b/bin/tests/wire_test.data2
new file mode 100644
index 0000000..503eac7
--- /dev/null
+++ b/bin/tests/wire_test.data2
@@ -0,0 +1,14 @@
+1707 8180
+ 0001 0005 0002 0002 027a 6202 6d78 0361
+ 6f6c 0363 6f6d 0000 0100 01c0 0c00 0100
+ 0100 000b a100 04c6 5110 21c0 0c00 0100
+ 0100 000b a100 04c6 5110 22c0 0c00 0100
+ 0100 000b a100 04c6 5110 23c0 0c00 0100
+ 0100 000b a100 04c6 5110 24c0 0c00 0100
+ 0100 000b a100 04c6 5110 2502 6d78 0341
+ 4f4c 0363 6f6d 0000 0200 0100 000d 9900
+ 0c06 646e 732d 3031 026e 73c0 72c0 6f00
+ 0200 0100 000d 9900 0906 646e 732d 3032
+ c08c c085 0001 0001 0000 0d99 0004 c651
+ 11e8 c09d 0001 0001 0000 0d99 0004 cdbc
+ 9de8
diff --git a/bin/tests/wire_test.data3 b/bin/tests/wire_test.data3
new file mode 100644
index 0000000..86a80ab
--- /dev/null
+++ b/bin/tests/wire_test.data3
@@ -0,0 +1,14 @@
+1706 8180
+ 0001 0005 0002 0002 027a 6102 6d78 0361
+ 6f6c 0363 6f6d 0000 0100 01c0 0c00 0100
+ 0100 000b a100 04c6 5110 05c0 0c00 0100
+ 0100 000b a100 04c6 5110 01c0 0c00 0100
+ 0100 000b a100 04c6 5110 02c0 0c00 0100
+ 0100 000b a100 04c6 5110 03c0 0c00 0100
+ 0100 000b a100 04c6 5110 0402 6d78 0341
+ 4f4c 0363 6f6d 0000 0200 0100 000d 9900
+ 0c06 646e 732d 3031 026e 73c0 72c0 6f00
+ 0200 0100 000d 9900 0906 646e 732d 3032
+ c08c c085 0001 0001 0000 0d99 0004 c651
+ 11e8 c09d 0001 0001 0000 0d99 0004 cdbc
+ 9de8
diff --git a/bin/tests/wire_test.data4 b/bin/tests/wire_test.data4
new file mode 100644
index 0000000..b934a60
--- /dev/null
+++ b/bin/tests/wire_test.data4
@@ -0,0 +1,31 @@
+00068180
+000100070002001103616f6c03636f6d
+00000f0001c00c000f000100000d1b00
+0a000f027a64026d78c00cc00c000f00
+0100000d1b0007000f027962c02ac00c
+000f000100000d1b0007000f027963c0
+2ac00c000f000100000d1b0007000f02
+7964c02ac00c000f000100000d1b0007
+000f027a61c02ac00c000f000100000d
+1b0007000f027a62c02ac00c000f0001
+00000d1b0007000f027a63c02ac00c00
+02000100000d1b000c06444e532d3031
+024e53c00cc00c0002000100000d1b00
+0906444e532d3032c0b4c02700010001
+00000d1c0004c6511062c02700010001
+00000d1c0004c6511063c02700010001
+00000d1c0004c6511064c02700010001
+00000d1c0004c6511065c02700010001
+00000d1c0004c6511061c03d00010001
+00000d1c0004cdbc9c63c03d00010001
+00000d1c0004cdbc9c64c03d00010001
+00000d1c0004cdbc9c65c03d00010001
+00000d1c0004cdbc9c61c03d00010001
+00000d1c0004cdbc9c62c05000010001
+00000d1c0004cdbc9c83c05000010001
+00000d1c0004cdbc9c84c05000010001
+00000d1c0004cdbc9c85c05000010001
+00000d1c0004cdbc9c81c05000010001
+00000d1c0004cdbc9c82c0ad00010001
+00000d1c0004c65111e8c0c500010001
+00000d1c0004cdbc9de8
diff --git a/bin/tests/zone_test.c b/bin/tests/zone_test.c
new file mode 100644
index 0000000..7983bba
--- /dev/null
+++ b/bin/tests/zone_test.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: zone_test.c,v 1.33 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/socket.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/fixedname.h>
+#include <dns/rdataclass.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/zone.h>
+
+#ifdef ISC_PLATFORM_NEEDSYSSELECTH
+#include <sys/select.h>
+#endif
+
+static int debug = 0;
+static int quiet = 0;
+static int stats = 0;
+static isc_mem_t *mctx = NULL;
+dns_zone_t *zone = NULL;
+isc_taskmgr_t *taskmgr = NULL;
+isc_timermgr_t *timermgr = NULL;
+isc_socketmgr_t *socketmgr = NULL;
+dns_zonemgr_t *zonemgr = NULL;
+dns_zonetype_t zonetype = dns_zone_master;
+isc_sockaddr_t addr;
+
+#define ERRRET(result, function) \
+ do { \
+ if (result != ISC_R_SUCCESS) { \
+ fprintf(stderr, "%s() returned %s\n", \
+ function, dns_result_totext(result)); \
+ return; \
+ } \
+ } while (0)
+
+#define ERRCONT(result, function) \
+ if (result != ISC_R_SUCCESS) { \
+ fprintf(stderr, "%s() returned %s\n", \
+ function, dns_result_totext(result)); \
+ continue; \
+ } else \
+ (void)NULL
+
+static void
+usage() {
+ fprintf(stderr,
+ "usage: zone_test [-dqsSM] [-c class] [-f file] zone\n");
+ exit(1);
+}
+
+static void
+setup(const char *zonename, const char *filename, const char *classname) {
+ isc_result_t result;
+ dns_rdataclass_t rdclass;
+ isc_consttextregion_t region;
+ isc_buffer_t buffer;
+ dns_fixedname_t fixorigin;
+ dns_name_t *origin;
+ const char *rbt = "rbt";
+
+ if (debug)
+ fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
+ zonename, filename, classname);
+ result = dns_zone_create(&zone, mctx);
+ ERRRET(result, "dns_zone_new");
+
+ dns_zone_settype(zone, zonetype);
+
+ isc_buffer_init(&buffer, zonename, strlen(zonename));
+ isc_buffer_add(&buffer, strlen(zonename));
+ dns_fixedname_init(&fixorigin);
+ result = dns_name_fromtext(dns_fixedname_name(&fixorigin),
+ &buffer, dns_rootname, ISC_FALSE, NULL);
+ ERRRET(result, "dns_name_fromtext");
+ origin = dns_fixedname_name(&fixorigin);
+
+ result = dns_zone_setorigin(zone, origin);
+ ERRRET(result, "dns_zone_setorigin");
+
+ result = dns_zone_setdbtype(zone, 1, &rbt);
+ ERRRET(result, "dns_zone_setdatabase");
+
+ result = dns_zone_setfile(zone, filename);
+ ERRRET(result, "dns_zone_setfile");
+
+ region.base = classname;
+ region.length = strlen(classname);
+ result = dns_rdataclass_fromtext(&rdclass,
+ (isc_textregion_t *)(void*)&region);
+ ERRRET(result, "dns_rdataclass_fromtext");
+
+ dns_zone_setclass(zone, rdclass);
+
+ if (zonetype == dns_zone_slave)
+ dns_zone_setmasters(zone, &addr, 1);
+
+ result = dns_zone_load(zone);
+ ERRRET(result, "dns_zone_load");
+
+ result = dns_zonemgr_managezone(zonemgr, zone);
+ ERRRET(result, "dns_zonemgr_managezone");
+}
+
+static void
+print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset) {
+ isc_buffer_t text;
+ char t[1000];
+ isc_result_t result;
+ isc_region_t r;
+
+ isc_buffer_init(&text, t, sizeof(t));
+ result = dns_rdataset_totext(rdataset, name, ISC_FALSE, ISC_FALSE,
+ &text);
+ isc_buffer_usedregion(&text, &r);
+ if (result == ISC_R_SUCCESS)
+ printf("%.*s", (int)r.length, (char *)r.base);
+ else
+ printf("%s\n", dns_result_totext(result));
+}
+
+static void
+query(void) {
+ char buf[1024];
+ dns_fixedname_t name;
+ dns_fixedname_t found;
+ dns_db_t *db;
+ char *s;
+ isc_buffer_t buffer;
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+ dns_rdataset_t sigset;
+ fd_set rfdset;
+
+ db = NULL;
+ result = dns_zone_getdb(zone, &db);
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "%s() returned %s\n", "dns_zone_getdb",
+ dns_result_totext(result));
+ return;
+ }
+
+ dns_fixedname_init(&found);
+ dns_rdataset_init(&rdataset);
+ dns_rdataset_init(&sigset);
+
+ do {
+
+ fprintf(stdout, "zone_test ");
+ fflush(stdout);
+ FD_ZERO(&rfdset);
+ FD_SET(0, &rfdset);
+ select(1, &rfdset, NULL, NULL, NULL);
+ if (fgets(buf, sizeof(buf), stdin) == NULL) {
+ fprintf(stdout, "\n");
+ break;
+ }
+ buf[sizeof(buf) - 1] = '\0';
+
+ s = strchr(buf, '\n');
+ if (s != NULL)
+ *s = '\0';
+ s = strchr(buf, '\r');
+ if (s != NULL)
+ *s = '\0';
+ if (strcmp(buf, "dump") == 0) {
+ dns_zone_dumptostream(zone, stdout);
+ continue;
+ }
+ if (strlen(buf) == 0U)
+ continue;
+ dns_fixedname_init(&name);
+ isc_buffer_init(&buffer, buf, strlen(buf));
+ isc_buffer_add(&buffer, strlen(buf));
+ result = dns_name_fromtext(dns_fixedname_name(&name),
+ &buffer, dns_rootname, ISC_FALSE, NULL);
+ ERRCONT(result, "dns_name_fromtext");
+
+ result = dns_db_find(db, dns_fixedname_name(&name),
+ NULL /*vesion*/,
+ dns_rdatatype_a,
+ 0 /*options*/,
+ 0 /*time*/,
+ NULL /*nodep*/,
+ dns_fixedname_name(&found),
+ &rdataset, &sigset);
+ fprintf(stderr, "%s() returned %s\n", "dns_db_find",
+ dns_result_totext(result));
+ switch (result) {
+ case DNS_R_DELEGATION:
+ print_rdataset(dns_fixedname_name(&found), &rdataset);
+ break;
+ case ISC_R_SUCCESS:
+ print_rdataset(dns_fixedname_name(&name), &rdataset);
+ break;
+ default:
+ break;
+ }
+
+ if (dns_rdataset_isassociated(&rdataset))
+ dns_rdataset_disassociate(&rdataset);
+ if (dns_rdataset_isassociated(&sigset))
+ dns_rdataset_disassociate(&sigset);
+ } while (1);
+ dns_rdataset_invalidate(&rdataset);
+ dns_db_detach(&db);
+}
+
+int
+main(int argc, char **argv) {
+ int c;
+ char *filename = NULL;
+ const char *classname = "IN";
+
+ while ((c = isc_commandline_parse(argc, argv, "cdf:m:qsMS")) != EOF) {
+ switch (c) {
+ case 'c':
+ classname = isc_commandline_argument;
+ break;
+ case 'd':
+ debug++;
+ break;
+ case 'f':
+ if (filename != NULL)
+ usage();
+ filename = isc_commandline_argument;
+ break;
+ case 'm':
+ memset(&addr, 0, sizeof(addr));
+ addr.type.sin.sin_family = AF_INET;
+ inet_pton(AF_INET, isc_commandline_argument,
+ &addr.type.sin.sin_addr);
+ addr.type.sin.sin_port = htons(53);
+ break;
+ case 'q':
+ quiet++;
+ break;
+ case 's':
+ stats++;
+ break;
+ case 'S':
+ zonetype = dns_zone_slave;
+ break;
+ case 'M':
+ zonetype = dns_zone_master;
+ break;
+ default:
+ usage();
+ }
+ }
+
+ if (argv[isc_commandline_index] == NULL)
+ usage();
+
+ RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_taskmgr_create(mctx, 2, 0, &taskmgr) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_zonemgr_create(mctx, taskmgr, timermgr, socketmgr,
+ &zonemgr) == ISC_R_SUCCESS);
+ if (filename == NULL)
+ filename = argv[isc_commandline_index];
+ setup(argv[isc_commandline_index], filename, classname);
+ query();
+ if (zone != NULL)
+ dns_zone_detach(&zone);
+ dns_zonemgr_shutdown(zonemgr);
+ dns_zonemgr_detach(&zonemgr);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_timermgr_destroy(&timermgr);
+ if (!quiet && stats)
+ isc_mem_stats(mctx, stdout);
+ isc_mem_destroy(&mctx);
+
+ return (0);
+}
diff --git a/bin/win32/BINDInstall/AccountInfo.cpp b/bin/win32/BINDInstall/AccountInfo.cpp
new file mode 100644
index 0000000..5b28a23
--- /dev/null
+++ b/bin/win32/BINDInstall/AccountInfo.cpp
@@ -0,0 +1,438 @@
+/*
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001, 2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: AccountInfo.cpp,v 1.8 2007/06/19 23:47:07 tbox Exp $ */
+
+#ifndef UNICODE
+#define UNICODE
+#endif /* UNICODE */
+
+#include "stdafx.h"
+
+#include <windows.h>
+#include <lm.h>
+#include <ntsecapi.h>
+
+#include <isc/ntgroups.h>
+#include <isc/result.h>
+#include "AccountInfo.h"
+
+#define MAX_NAME_LENGTH 256
+
+NTSTATUS
+OpenPolicy(
+ LPWSTR ServerName, /* machine to open policy on (Unicode) */
+ DWORD DesiredAccess, /* desired access to policy */
+ PLSA_HANDLE PolicyHandle /* resultant policy handle */
+ );
+
+BOOL
+GetAccountSid(
+ LPTSTR SystemName, /* where to lookup account */
+ LPTSTR AccountName, /* account of interest */
+ PSID *Sid /* resultant buffer containing SID */
+ );
+
+NTSTATUS
+SetPrivilegeOnAccount(
+ LSA_HANDLE PolicyHandle, /* open policy handle */
+ PSID AccountSid, /* SID to grant privilege to */
+ LPWSTR PrivilegeName, /* privilege to grant (Unicode) */
+ BOOL bEnable /* enable or disable */
+ );
+
+NTSTATUS
+GetPrivilegesOnAccount(
+ LSA_HANDLE PolicyHandle, /* open policy handle */
+ PSID AccountSid, /* SID to grant privilege to */
+ wchar_t **PrivList, /* Ptr to List of Privileges found */
+ unsigned int *PrivCount /* total number of Privileges in list */
+ );
+
+NTSTATUS
+AddPrivilegeToAcccount(
+ LPTSTR AccountName, /* Name of the account */
+ LPWSTR PrivilegeName /* Privilege to Add */
+ );
+
+void
+InitLsaString(
+ PLSA_UNICODE_STRING LsaString, /* destination */
+ LPWSTR String /* source (Unicode) */
+ );
+
+void
+DisplayNtStatus(
+ LPSTR szAPI, /* pointer to function name (ANSI) */
+ NTSTATUS Status /* NTSTATUS error value */
+ );
+
+void
+DisplayWinError(
+ LPSTR szAPI, /* pointer to function name (ANSI) */
+ DWORD WinError /* DWORD WinError */
+ );
+
+#ifndef STATUS_SUCCESS
+#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+#endif
+
+/*
+ * Note that this code only retrieves the list of privileges of the
+ * requested account or group. However, all accounts belong to the
+ * Everyone group even though that group is not returned by the
+ * calls to get the groups to which that account belongs.
+ * The Everyone group has two privileges associated with it:
+ * SeChangeNotifyPrivilege and SeNetworkLogonRight
+ * It is not advisable to disable or remove these privileges
+ * from the group nor can the account be removed from the Everyone
+ * group
+ * The None group has no privileges associated with it and is the group
+ * to which an account belongs if it is associated with no group.
+ */
+
+int
+GetAccountPrivileges(char *name, wchar_t **PrivList, unsigned int *PrivCount,
+ char **Accounts, unsigned int *totalAccounts,
+ int maxAccounts)
+{
+ LSA_HANDLE PolicyHandle;
+ TCHAR AccountName[256]; /* static account name buffer */
+ PSID pSid;
+ unsigned int i;
+ NTSTATUS Status;
+ isc_result_t istatus;
+ int iRetVal = RTN_ERROR; /* assume error from main */
+
+ /*
+ * Open the policy on the target machine.
+ */
+ if ((Status = OpenPolicy(NULL,
+ POLICY_LOOKUP_NAMES,
+ &PolicyHandle)) != STATUS_SUCCESS)
+ return (RTN_ERROR);
+
+ /*
+ * Let's see if the account exists. Return if not
+ */
+ wsprintf(AccountName, TEXT("%hS"), name);
+ if (!GetAccountSid(NULL, AccountName, &pSid))
+ return (RTN_NOACCOUNT);
+ /*
+ * Find out what groups the account belongs to
+ */
+ istatus = isc_ntsecurity_getaccountgroups(name, Accounts, maxAccounts,
+ totalAccounts);
+ if (istatus == ISC_R_NOMEMORY)
+ return (RTN_NOMEMORY);
+ else if (istatus != ISC_R_SUCCESS)
+ return (RTN_ERROR);
+
+ Accounts[*totalAccounts] = name; /* Add the account to the list */
+ (*totalAccounts)++;
+
+ /*
+ * Loop through each Account to get the list of privileges
+ */
+ for (i = 0; i < *totalAccounts; i++) {
+ wsprintf(AccountName, TEXT("%hS"), Accounts[i]);
+ /* Obtain the SID of the user/group. */
+ if (!GetAccountSid(NULL, AccountName, &pSid))
+ continue; /* Try the next one */
+ /* Get the Privileges allocated to this SID */
+ if ((Status = GetPrivilegesOnAccount(PolicyHandle, pSid,
+ PrivList, PrivCount)) == STATUS_SUCCESS)
+ {
+ iRetVal=RTN_OK;
+ if (pSid != NULL)
+ HeapFree(GetProcessHeap(), 0, pSid);
+ } else {
+ if (pSid != NULL)
+ HeapFree(GetProcessHeap(), 0, pSid);
+ continue; /* Try the next one */
+ }
+ }
+ /*
+ * Close the policy handle.
+ */
+ LsaClose(PolicyHandle);
+
+ (*totalAccounts)--; /* Correct for the number of groups */
+ return iRetVal;
+}
+
+BOOL
+CreateServiceAccount(char *name, char *password) {
+ NTSTATUS retstat;
+ USER_INFO_1 ui;
+ DWORD dwLevel = 1;
+ DWORD dwError = 0;
+ NET_API_STATUS nStatus;
+
+ unsigned int namelen = strlen(name);
+ unsigned int passwdlen = strlen(password);
+ wchar_t AccountName[MAX_NAME_LENGTH];
+ wchar_t AccountPassword[MAX_NAME_LENGTH];
+
+ mbstowcs(AccountName, name, namelen + 1);
+ mbstowcs(AccountPassword, password, passwdlen + 1);
+
+ /*
+ * Set up the USER_INFO_1 structure.
+ * USER_PRIV_USER: name is required here when creating an account
+ * rather than an administrator or a guest.
+ */
+
+ ui.usri1_name = (LPWSTR) &AccountName;
+ ui.usri1_password = (LPWSTR) &AccountPassword;
+ ui.usri1_priv = USER_PRIV_USER;
+ ui.usri1_home_dir = NULL;
+ ui.usri1_comment = L"ISC BIND Service Account";
+ ui.usri1_flags = UF_PASSWD_CANT_CHANGE | UF_DONT_EXPIRE_PASSWD |
+ UF_SCRIPT;
+ ui.usri1_script_path = NULL;
+ /*
+ * Call the NetUserAdd function, specifying level 1.
+ */
+ nStatus = NetUserAdd(NULL, dwLevel, (LPBYTE)&ui, &dwError);
+
+ if (nStatus != NERR_Success)
+ return (FALSE);
+
+ retstat = AddPrivilegeToAcccount(name, SE_SERVICE_LOGON_PRIV);
+ return (TRUE);
+}
+
+NTSTATUS
+AddPrivilegeToAcccount(LPTSTR name, LPWSTR PrivilegeName) {
+ LSA_HANDLE PolicyHandle;
+ TCHAR AccountName[256]; /* static account name buffer */
+ PSID pSid;
+ NTSTATUS Status;
+ unsigned long err;
+
+ /*
+ * Open the policy on the target machine.
+ */
+ if ((Status = OpenPolicy(NULL, POLICY_ALL_ACCESS, &PolicyHandle))
+ != STATUS_SUCCESS)
+ return (RTN_ERROR);
+
+ /*
+ * Let's see if the account exists. Return if not
+ */
+ wsprintf(AccountName, TEXT("%hS"), name);
+ if (!GetAccountSid(NULL, AccountName, &pSid))
+ return (RTN_NOACCOUNT);
+
+ err = LsaNtStatusToWinError(SetPrivilegeOnAccount(PolicyHandle,
+ pSid, PrivilegeName, TRUE));
+
+ LsaClose(PolicyHandle);
+ if (err == ERROR_SUCCESS)
+ return (RTN_OK);
+ else
+ return (err);
+}
+
+void
+InitLsaString(PLSA_UNICODE_STRING LsaString, LPWSTR String){
+ DWORD StringLength;
+
+ if (String == NULL) {
+ LsaString->Buffer = NULL;
+ LsaString->Length = 0;
+ LsaString->MaximumLength = 0;
+ return;
+ }
+
+ StringLength = wcslen(String);
+ LsaString->Buffer = String;
+ LsaString->Length = (USHORT) StringLength * sizeof(WCHAR);
+ LsaString->MaximumLength = (USHORT)(StringLength+1) * sizeof(WCHAR);
+}
+
+NTSTATUS
+OpenPolicy(LPWSTR ServerName, DWORD DesiredAccess, PLSA_HANDLE PolicyHandle){
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+ LSA_UNICODE_STRING ServerString;
+ PLSA_UNICODE_STRING Server = NULL;
+
+ /*
+ * Always initialize the object attributes to all zeroes.
+ */
+ ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
+
+ if (ServerName != NULL) {
+ /*
+ * Make a LSA_UNICODE_STRING out of the LPWSTR passed in
+ */
+ InitLsaString(&ServerString, ServerName);
+ Server = &ServerString;
+ }
+
+ /*
+ * Attempt to open the policy.
+ */
+ return (LsaOpenPolicy(Server, &ObjectAttributes, DesiredAccess,
+ PolicyHandle));
+}
+
+BOOL
+GetAccountSid(LPTSTR SystemName, LPTSTR AccountName, PSID *Sid) {
+ LPTSTR ReferencedDomain = NULL;
+ DWORD cbSid = 128; /* initial allocation attempt */
+ DWORD cbReferencedDomain = 16; /* initial allocation size */
+ SID_NAME_USE peUse;
+ BOOL bSuccess = FALSE; /* assume this function will fail */
+
+ __try {
+ /*
+ * initial memory allocations
+ */
+ if ((*Sid = HeapAlloc(GetProcessHeap(), 0, cbSid)) == NULL)
+ __leave;
+
+ if ((ReferencedDomain = (LPTSTR) HeapAlloc(GetProcessHeap(), 0,
+ cbReferencedDomain)) == NULL) __leave;
+
+ /*
+ * Obtain the SID of the specified account on the specified system.
+ */
+ while (!LookupAccountName(SystemName, AccountName, *Sid, &cbSid,
+ ReferencedDomain, &cbReferencedDomain,
+ &peUse))
+ {
+ if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
+ /* reallocate memory */
+ if ((*Sid = HeapReAlloc(GetProcessHeap(), 0,
+ *Sid, cbSid)) == NULL) __leave;
+
+ if ((ReferencedDomain= (LPTSTR) HeapReAlloc(
+ GetProcessHeap(), 0, ReferencedDomain,
+ cbReferencedDomain)) == NULL)
+ __leave;
+ }
+ else
+ __leave;
+ }
+ bSuccess = TRUE;
+ } /* finally */
+ __finally {
+
+ /* Cleanup and indicate failure, if appropriate. */
+
+ HeapFree(GetProcessHeap(), 0, ReferencedDomain);
+
+ if (!bSuccess) {
+ if (*Sid != NULL) {
+ HeapFree(GetProcessHeap(), 0, *Sid);
+ *Sid = NULL;
+ }
+ }
+
+ }
+
+ return (bSuccess);
+}
+
+NTSTATUS
+SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle, PSID AccountSid,
+ LPWSTR PrivilegeName, BOOL bEnable)
+{
+ LSA_UNICODE_STRING PrivilegeString;
+
+ /* Create a LSA_UNICODE_STRING for the privilege name. */
+ InitLsaString(&PrivilegeString, PrivilegeName);
+
+ /* grant or revoke the privilege, accordingly */
+ if (bEnable)
+ return (LsaAddAccountRights(PolicyHandle, AccountSid,
+ &PrivilegeString, 1));
+ else
+ return (LsaRemoveAccountRights(PolicyHandle, AccountSid,
+ FALSE, &PrivilegeString, 1));
+}
+
+NTSTATUS
+GetPrivilegesOnAccount(LSA_HANDLE PolicyHandle, PSID AccountSid,
+ wchar_t **PrivList, unsigned int *PrivCount)
+{
+ NTSTATUS Status;
+ LSA_UNICODE_STRING *UserRights;
+ ULONG CountOfRights;
+ unsigned int retlen = 0;
+ DWORD i, j;
+ int found;
+
+ Status = LsaEnumerateAccountRights(PolicyHandle, AccountSid,
+ &UserRights, &CountOfRights);
+ /* Only continue if there is something */
+ if (UserRights == NULL || Status != STATUS_SUCCESS)
+ return (Status);
+
+ for (i = 0; i < CountOfRights; i++) {
+ found = -1;
+ retlen = UserRights[i].Length/sizeof(wchar_t);
+ for (j = 0; j < *PrivCount; j++) {
+ found = wcsncmp(PrivList[j], UserRights[i].Buffer,
+ retlen);
+ if (found == 0)
+ break;
+ }
+ if (found != 0) {
+ PrivList[*PrivCount] =
+ (wchar_t *)malloc(UserRights[i].MaximumLength);
+ if (PrivList[*PrivCount] == NULL)
+ return (RTN_NOMEMORY);
+
+ wcsncpy(PrivList[*PrivCount], UserRights[i].Buffer,
+ retlen);
+ PrivList[*PrivCount][retlen] = L'\0';
+ (*PrivCount)++;
+ }
+
+ }
+
+ return (Status);
+}
+
+void
+DisplayNtStatus(LPSTR szAPI, NTSTATUS Status) {
+ /* Convert the NTSTATUS to Winerror. Then call DisplayWinError(). */
+ DisplayWinError(szAPI, LsaNtStatusToWinError(Status));
+}
+
+void
+DisplayWinError(LPSTR szAPI, DWORD WinError) {
+ LPSTR MessageBuffer;
+ DWORD dwBufferLength;
+
+ if (dwBufferLength=FormatMessageA(
+ FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+ NULL, WinError, GetUserDefaultLangID(),
+ (LPSTR) &MessageBuffer, 0, NULL)){
+ DWORD dwBytesWritten; /* unused */
+
+ /* Output message string on stderr. */
+ WriteFile(GetStdHandle(STD_ERROR_HANDLE), MessageBuffer,
+ dwBufferLength, &dwBytesWritten, NULL);
+
+ /* Free the buffer allocated by the system. */
+ LocalFree(MessageBuffer);
+ }
+}
diff --git a/bin/win32/BINDInstall/AccountInfo.h b/bin/win32/BINDInstall/AccountInfo.h
new file mode 100644
index 0000000..4e8098f
--- /dev/null
+++ b/bin/win32/BINDInstall/AccountInfo.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: AccountInfo.h,v 1.6 2007/06/19 23:47:07 tbox Exp $ */
+
+
+#define RTN_OK 0
+#define RTN_NOACCOUNT 1
+#define RTN_NOMEMORY 2
+#define RTN_ERROR 10
+
+#define SE_SERVICE_LOGON_PRIV L"SeServiceLogonRight"
+
+/*
+ * This routine retrieves the list of all Privileges associated with
+ * a given account as well as the groups to which it beongs
+ */
+int
+GetAccountPrivileges(
+ char *name, /* Name of Account */
+ wchar_t **PrivList, /* List of Privileges returned */
+ unsigned int *PrivCount, /* Count of Privileges returned */
+ char **Groups, /* List of Groups to which account belongs */
+ unsigned int *totalGroups, /* Count of Groups returned */
+ int maxGroups /* Maximum number of Groups to return */
+ );
+
+/*
+ * This routine creates an account with the given name which has just
+ * the logon service privilege and no membership of any groups,
+ * i.e. it's part of the None group.
+ */
+BOOL
+CreateServiceAccount(char *name, char *password);
diff --git a/bin/win32/BINDInstall/BINDInstall.cpp b/bin/win32/BINDInstall/BINDInstall.cpp
new file mode 100644
index 0000000..f9dc5bc
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstall.cpp
@@ -0,0 +1,106 @@
+/*
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: BINDInstall.cpp,v 1.7 2007/06/19 23:47:07 tbox Exp $ */
+
+/*
+ * Copyright (c) 1999-2000 by Nortel Networks Corporation
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+ * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+ * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include "stdafx.h"
+#include "BINDInstall.h"
+#include "BINDInstallDlg.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+// CBINDInstallApp
+
+BEGIN_MESSAGE_MAP(CBINDInstallApp, CWinApp)
+ //{{AFX_MSG_MAP(CBINDInstallApp)
+ // NOTE - the ClassWizard will add and remove mapping macros here.
+ // DO NOT EDIT what you see in these blocks of generated code!
+ //}}AFX_MSG
+ ON_COMMAND(ID_HELP, CWinApp::OnHelp)
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// CBINDInstallApp construction
+
+CBINDInstallApp::CBINDInstallApp()
+{
+ // TODO: add construction code here,
+ // Place all significant initialization in InitInstance
+}
+
+/////////////////////////////////////////////////////////////////////////////
+// The one and only CBINDInstallApp object
+
+CBINDInstallApp theApp;
+
+/////////////////////////////////////////////////////////////////////////////
+// CBINDInstallApp initialization
+
+BOOL CBINDInstallApp::InitInstance()
+{
+ // Standard initialization
+ // If you are not using these features and wish to reduce the size
+ // of your final executable, you should remove from the following
+ // the specific initialization routines you do not need.
+#if _MSC_VER < 1300
+#ifdef _AFXDLL
+ Enable3dControls(); // Call this when using MFC in a shared DLL
+#else
+ Enable3dControlsStatic(); // Call this when linking to MFC statically
+#endif
+#endif
+
+ CBINDInstallDlg dlg;
+ m_pMainWnd = &dlg;
+ int nResponse = dlg.DoModal();
+ if (nResponse == IDOK)
+ {
+ // TODO: Place code here to handle when the dialog is
+ // dismissed with OK
+ }
+ else if (nResponse == IDCANCEL)
+ {
+ // TODO: Place code here to handle when the dialog is
+ // dismissed with Cancel
+ }
+
+ // Since the dialog has been closed, return FALSE so that we exit the
+ // application, rather than start the application's message pump.
+ return FALSE;
+}
diff --git a/bin/win32/BINDInstall/BINDInstall.dsp b/bin/win32/BINDInstall/BINDInstall.dsp
new file mode 100644
index 0000000..6585d51
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstall.dsp
@@ -0,0 +1,177 @@
+# Microsoft Developer Studio Project File - Name="BINDInstall" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Application" 0x0101
+
+CFG=BINDInstall - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "BINDInstall.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "BINDInstall.mak" CFG="BINDInstall - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "BINDInstall - Win32 Release" (based on "Win32 (x86) Application")
+!MESSAGE "BINDInstall - Win32 Debug" (based on "Win32 (x86) Application")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+# PROP BASE Use_MFC 5
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 6
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /Yu"stdafx.h" /FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /TP /c
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 /nologo /subsystem:windows /machine:I386
+# ADD LINK32 version.lib netapi32.lib /nologo /subsystem:windows /pdb:none /machine:I386 /out:"..\..\..\Build\Release\BINDInstall.exe"
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+# PROP BASE Use_MFC 5
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 6
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /Yu"stdafx.h" /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR /Yu"stdafx.h" /FD /TP /GZ /c
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 version.lib netapi32.lib /nologo /subsystem:windows /pdb:none /debug /machine:I386 /out:"..\..\..\Build\Debug\BINDInstall.exe"
+
+!ENDIF
+
+# Begin Target
+
+# Name "BINDInstall - Win32 Release"
+# Name "BINDInstall - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\AccountInfo.cpp
+# End Source File
+# Begin Source File
+
+SOURCE=.\BINDInstall.cpp
+# End Source File
+# Begin Source File
+
+SOURCE=.\BINDInstallDlg.cpp
+# End Source File
+# Begin Source File
+
+SOURCE=.\DirBrowse.cpp
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\..\lib\isc\win32\ntgroups.c
+# SUBTRACT CPP /YX /Yc /Yu
+# End Source File
+# Begin Source File
+
+SOURCE=.\StdAfx.cpp
+# ADD CPP /Yc"stdafx.h"
+# End Source File
+# Begin Source File
+
+SOURCE=.\VersionInfo.cpp
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=.\Accountinfo.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\BINDInstall.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\BINDInstallDlg.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\DirBrowse.h
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\..\lib\isc\win32\include\isc\ntgroups.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\Resource.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\StdAfx.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\VersionInfo.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# Begin Source File
+
+SOURCE=.\res\BINDInstall.ico
+# End Source File
+# Begin Source File
+
+SOURCE=.\res\BINDInstall.rc2
+# End Source File
+# End Group
+# Begin Source File
+
+SOURCE=.\BINDInstall.rc
+# End Source File
+# End Target
+# End Project
diff --git a/bin/win32/BINDInstall/BINDInstall.dsw b/bin/win32/BINDInstall/BINDInstall.dsw
new file mode 100644
index 0000000..c949bc7
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstall.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "BINDInstall"=.\BINDInstall.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/win32/BINDInstall/BINDInstall.h b/bin/win32/BINDInstall/BINDInstall.h
new file mode 100644
index 0000000..4251f25
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstall.h
@@ -0,0 +1,64 @@
+/*
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: BINDInstall.h,v 1.6 2007/06/19 23:47:07 tbox Exp $ */
+
+/*
+ * Copyright (c) 1999-2000 by Nortel Networks Corporation
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+ * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+ * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef BINDINSTALL_H
+#define BINDINSTALL_H
+
+#ifndef __AFXWIN_H__
+ #error include 'stdafx.h' before including this file for PCH
+#endif
+
+#include "resource.h" // main symbols
+
+class CBINDInstallApp : public CWinApp
+{
+public:
+ CBINDInstallApp();
+
+ // ClassWizard generated virtual function overrides
+ //{{AFX_VIRTUAL(CBINDInstallApp)
+ public:
+ virtual BOOL InitInstance();
+ //}}AFX_VIRTUAL
+
+ //{{AFX_MSG(CBINDInstallApp)
+ // NOTE - the ClassWizard will add and remove member functions here.
+ // DO NOT EDIT what you see in these blocks of generated code !
+ //}}AFX_MSG
+ DECLARE_MESSAGE_MAP()
+};
+
+#endif
diff --git a/bin/win32/BINDInstall/BINDInstall.mak b/bin/win32/BINDInstall/BINDInstall.mak
new file mode 100644
index 0000000..c814517
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstall.mak
@@ -0,0 +1,428 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on BINDInstall.dsp
+!IF "$(CFG)" == ""
+CFG=BINDInstall - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to BINDInstall - Win32 Debug.
+!ENDIF
+
+!IF "$(CFG)" != "BINDInstall - Win32 Release" && "$(CFG)" != "BINDInstall - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "BINDInstall.mak" CFG="BINDInstall - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "BINDInstall - Win32 Release" (based on "Win32 (x86) Application")
+!MESSAGE "BINDInstall - Win32 Debug" (based on "Win32 (x86) Application")
+!MESSAGE
+!ERROR An invalid configuration is specified.
+!ENDIF
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE
+NULL=nul
+!ENDIF
+
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+ $(_VC_MANIFEST_BASENAME).auto.rc \
+ $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\BINDInstall.exe"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\AccountInfo.obj"
+ -@erase "$(INTDIR)\BINDInstall.obj"
+ -@erase "$(INTDIR)\BINDInstall.pch"
+ -@erase "$(INTDIR)\BINDInstall.res"
+ -@erase "$(INTDIR)\BINDInstallDlg.obj"
+ -@erase "$(INTDIR)\DirBrowse.obj"
+ -@erase "$(INTDIR)\ntgroups.obj"
+ -@erase "$(INTDIR)\StdAfx.obj"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\VersionInfo.obj"
+ -@erase "..\..\..\Build\Release\BINDInstall.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /TP /c
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "NDEBUG"
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\BINDInstall.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=version.lib netapi32.lib /nologo /subsystem:windows /pdb:none /machine:I386 /out:"..\..\..\Build\Release\BINDInstall.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\AccountInfo.obj" \
+ "$(INTDIR)\BINDInstall.obj" \
+ "$(INTDIR)\BINDInstallDlg.obj" \
+ "$(INTDIR)\DirBrowse.obj" \
+ "$(INTDIR)\ntgroups.obj" \
+ "$(INTDIR)\StdAfx.obj" \
+ "$(INTDIR)\VersionInfo.obj" \
+ "$(INTDIR)\BINDInstall.res"
+
+"..\..\..\Build\Release\BINDInstall.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\BINDInstall.exe" "$(OUTDIR)\BINDInstall.bsc"
+
+
+CLEAN :
+ -@erase "$(INTDIR)\AccountInfo.obj"
+ -@erase "$(INTDIR)\AccountInfo.sbr"
+ -@erase "$(INTDIR)\BINDInstall.obj"
+ -@erase "$(INTDIR)\BINDInstall.pch"
+ -@erase "$(INTDIR)\BINDInstall.res"
+ -@erase "$(INTDIR)\BINDInstall.sbr"
+ -@erase "$(INTDIR)\BINDInstallDlg.obj"
+ -@erase "$(INTDIR)\BINDInstallDlg.sbr"
+ -@erase "$(INTDIR)\DirBrowse.obj"
+ -@erase "$(INTDIR)\DirBrowse.sbr"
+ -@erase "$(INTDIR)\ntgroups.obj"
+ -@erase "$(INTDIR)\ntgroups.sbr"
+ -@erase "$(INTDIR)\StdAfx.obj"
+ -@erase "$(INTDIR)\StdAfx.sbr"
+ -@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(INTDIR)\VersionInfo.obj"
+ -@erase "$(INTDIR)\VersionInfo.sbr"
+ -@erase "$(OUTDIR)\BINDInstall.bsc"
+ -@erase "..\..\..\Build\Debug\BINDInstall.exe"
+ -@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+ if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /TP /GZ /c
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "_DEBUG"
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\BINDInstall.bsc"
+BSC32_SBRS= \
+ "$(INTDIR)\AccountInfo.sbr" \
+ "$(INTDIR)\BINDInstall.sbr" \
+ "$(INTDIR)\BINDInstallDlg.sbr" \
+ "$(INTDIR)\DirBrowse.sbr" \
+ "$(INTDIR)\ntgroups.sbr" \
+ "$(INTDIR)\StdAfx.sbr" \
+ "$(INTDIR)\VersionInfo.sbr"
+
+"$(OUTDIR)\BINDInstall.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+ $(BSC32) @<<
+ $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=version.lib netapi32.lib /nologo /subsystem:windows /pdb:none /debug /machine:I386 /out:"..\..\..\Build\Debug\BINDInstall.exe"
+LINK32_OBJS= \
+ "$(INTDIR)\AccountInfo.obj" \
+ "$(INTDIR)\BINDInstall.obj" \
+ "$(INTDIR)\BINDInstallDlg.obj" \
+ "$(INTDIR)\DirBrowse.obj" \
+ "$(INTDIR)\ntgroups.obj" \
+ "$(INTDIR)\StdAfx.obj" \
+ "$(INTDIR)\VersionInfo.obj" \
+ "$(INTDIR)\BINDInstall.res"
+
+"..\..\..\Build\Debug\BINDInstall.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+ $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF
+
+.c{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(INTDIR)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("BINDInstall.dep")
+!INCLUDE "BINDInstall.dep"
+!ELSE
+!MESSAGE Warning: cannot find "BINDInstall.dep"
+!ENDIF
+!ENDIF
+
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release" || "$(CFG)" == "BINDInstall - Win32 Debug"
+SOURCE=.\AccountInfo.cpp
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+
+"$(INTDIR)\AccountInfo.obj" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+
+"$(INTDIR)\AccountInfo.obj" "$(INTDIR)\AccountInfo.sbr" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ENDIF
+
+SOURCE=.\BINDInstall.cpp
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+
+"$(INTDIR)\BINDInstall.obj" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+
+"$(INTDIR)\BINDInstall.obj" "$(INTDIR)\BINDInstall.sbr" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ENDIF
+
+SOURCE=.\BINDInstallDlg.cpp
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+
+"$(INTDIR)\BINDInstallDlg.obj" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+
+"$(INTDIR)\BINDInstallDlg.obj" "$(INTDIR)\BINDInstallDlg.sbr" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ENDIF
+
+SOURCE=.\DirBrowse.cpp
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+
+"$(INTDIR)\DirBrowse.obj" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+
+"$(INTDIR)\DirBrowse.obj" "$(INTDIR)\DirBrowse.sbr" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ENDIF
+
+SOURCE=..\..\..\lib\isc\win32\ntgroups.c
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+CPP_SWITCHES=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /TP /c
+
+"$(INTDIR)\ntgroups.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) @<<
+ $(CPP_SWITCHES) $(SOURCE)
+<<
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+CPP_SWITCHES=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /TP /GZ /c
+
+"$(INTDIR)\ntgroups.obj" "$(INTDIR)\ntgroups.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) @<<
+ $(CPP_SWITCHES) $(SOURCE)
+<<
+
+
+!ENDIF
+
+SOURCE=.\StdAfx.cpp
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+CPP_SWITCHES=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /TP /c
+
+"$(INTDIR)\StdAfx.obj" "$(INTDIR)\BINDInstall.pch" : $(SOURCE) "$(INTDIR)"
+ $(CPP) @<<
+ $(CPP_SWITCHES) $(SOURCE)
+<<
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+CPP_SWITCHES=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /I "..\..\..\lib\isc\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /TP /GZ /c
+
+"$(INTDIR)\StdAfx.obj" "$(INTDIR)\StdAfx.sbr" "$(INTDIR)\BINDInstall.pch" : $(SOURCE) "$(INTDIR)"
+ $(CPP) @<<
+ $(CPP_SWITCHES) $(SOURCE)
+<<
+
+
+!ENDIF
+
+SOURCE=.\VersionInfo.cpp
+
+!IF "$(CFG)" == "BINDInstall - Win32 Release"
+
+
+"$(INTDIR)\VersionInfo.obj" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
+
+
+"$(INTDIR)\VersionInfo.obj" "$(INTDIR)\VersionInfo.sbr" : $(SOURCE) "$(INTDIR)" "$(INTDIR)\BINDInstall.pch"
+
+
+!ENDIF
+
+SOURCE=.\BINDInstall.rc
+
+"$(INTDIR)\BINDInstall.res" : $(SOURCE) "$(INTDIR)"
+ $(RSC) $(RSC_PROJ) $(SOURCE)
+
+
+
+!ENDIF
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+ type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+ type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/win32/BINDInstall/BINDInstall.rc b/bin/win32/BINDInstall/BINDInstall.rc
new file mode 100644
index 0000000..8bcb636
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstall.rc
@@ -0,0 +1,338 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (U.S.) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+#ifdef _WIN32
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+#endif //_WIN32
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE
+BEGIN
+ "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE
+BEGIN
+ "#include ""afxres.h""\r\n"
+ "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE
+BEGIN
+ "#define _AFX_NO_SPLITTER_RESOURCES\r\n"
+ "#define _AFX_NO_OLE_RESOURCES\r\n"
+ "#define _AFX_NO_TRACKER_RESOURCES\r\n"
+ "#define _AFX_NO_PROPERTY_RESOURCES\r\n"
+ "\r\n"
+ "#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)\r\n"
+ "#ifdef _WIN32\r\n"
+ "LANGUAGE 9, 1\r\n"
+ "#pragma code_page(1252)\r\n"
+ "#endif //_WIN32\r\n"
+ "#include ""res\\BINDInstall.rc2"" // non-Microsoft Visual C++ edited resources\r\n"
+ "#include ""afxres.rc"" // Standard components\r\n"
+ "#endif\r\n"
+ "\0"
+END
+
+#endif // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+IDR_MAINFRAME ICON DISCARDABLE "res\\BINDInstall.ico"
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+IDD_BINDINSTALL_DIALOG DIALOGEX 0, 0, 210, 301
+STYLE DS_MODALFRAME | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION |
+ WS_SYSMENU
+EXSTYLE WS_EX_APPWINDOW
+CAPTION "BIND 9 Installer"
+FONT 8, "MS Sans Serif",0,0,0x1
+BEGIN
+ EDITTEXT IDC_TARGETDIR,7,62,196,14,ES_AUTOHSCROLL
+ EDITTEXT IDC_ACCOUNT_NAME,7,94,196,14,ES_AUTOHSCROLL
+ EDITTEXT IDC_ACCOUNT_PASSWORD,7,122,196,14,ES_PASSWORD |
+ ES_AUTOHSCROLL
+ EDITTEXT IDC_ACCOUNT_PASSWORD_CONFIRM,7,151,196,14,ES_PASSWORD |
+ ES_AUTOHSCROLL
+ DEFPUSHBUTTON "&Install",IDC_INSTALL,153,7,50,14
+ PUSHBUTTON "E&xit",IDC_EXIT,153,39,50,14
+ CONTROL "&Automatic Startup",IDC_AUTO_START,"Button",
+ BS_AUTOCHECKBOX | WS_TABSTOP,14,190,72,10
+ CONTROL "&Keep Config Files After Uninstall",IDC_KEEP_FILES,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,14,200,116,10
+ CONTROL "&Start BIND Service After Install",IDC_START,"Button",
+ BS_AUTOCHECKBOX | WS_TABSTOP,14,210,113,10
+ PUSHBUTTON "&Uninstall",IDC_UNINSTALL,153,23,50,14
+ PUSHBUTTON "Browse",IDC_BROWSE,7,22,50,14
+ LTEXT "Target Directory:",IDC_STATIC,7,53,54,8
+ GROUPBOX "Progress",IDC_STATIC,7,224,196,70
+ RTEXT "",IDC_COPY_TAG,14,261,78,8
+ LTEXT "",IDC_COPY_FILE,105,261,90,8
+ RTEXT "",IDC_SERVICE_TAG,15,271,77,8
+ LTEXT "",IDC_REG_SERVICE,105,271,89,8
+ RTEXT "",IDC_MESSAGE_TAG,15,281,77,8
+ LTEXT "",IDC_REG_MESSAGE,105,281,88,8
+ RTEXT "",IDC_DIR_TAG,15,251,77,8
+ GROUPBOX "Options",IDC_STATIC,7,172,196,49
+ CTEXT "Version Unknown",IDC_VERSION,7,7,61,10,SS_CENTERIMAGE |
+ SS_SUNKEN
+ RTEXT "Current Operation:",IDC_CURRENT_TAG,34,235,58,8
+ LTEXT "",IDC_CURRENT,105,235,90,8
+ LTEXT "",IDC_CREATE_DIR,105,251,88,8
+ LTEXT "Service Account Name",IDC_STATIC,7,84,74,8
+ LTEXT "Service Account Password",IDC_STATIC,7,112,86,8
+ LTEXT "Confirm Service Account Password",IDC_STATIC,7,140,112,
+ 8
+END
+
+IDD_BROWSE DIALOG DISCARDABLE 0, 0, 227, 117
+STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Select Directory"
+FONT 8, "MS Sans Serif"
+BEGIN
+ DEFPUSHBUTTON "OK",IDOK,170,7,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,170,24,50,14
+ LISTBOX IDC_DIRLIST,7,28,155,82,LBS_SORT | LBS_NOINTEGRALHEIGHT |
+ WS_VSCROLL | WS_TABSTOP
+ EDITTEXT IDC_CURDIR,7,7,155,14,ES_AUTOHSCROLL
+ COMBOBOX IDC_DRIVES,170,98,50,74,CBS_DROPDOWNLIST | CBS_SORT |
+ WS_VSCROLL | WS_TABSTOP
+END
+
+IDD_DIALOG1 DIALOG DISCARDABLE 0, 0, 186, 95
+STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Dialog"
+FONT 8, "MS Sans Serif"
+BEGIN
+ DEFPUSHBUTTON "OK",IDOK,129,7,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,129,24,50,14
+END
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 2,0,0,0
+ PRODUCTVERSION 2,0,0,0
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x4L
+ FILETYPE 0x1L
+ FILESUBTYPE 0x0L
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904b0"
+ BEGIN
+ VALUE "Comments", "\0"
+ VALUE "CompanyName", "Internet Software Consortium\0"
+ VALUE "FileDescription", "ISC BIND Install Utility\0"
+ VALUE "FileVersion", "2.0.0\0"
+ VALUE "InternalName", "BINDInstall\0"
+ VALUE "LegalCopyright", "Copyright © 2000\0"
+ VALUE "LegalTrademarks", "\0"
+ VALUE "OriginalFilename", "BINDInstall.EXE\0"
+ VALUE "PrivateBuild", "\0"
+ VALUE "ProductName", "ISC BIND\0"
+ VALUE "ProductVersion", "9.3.0\0"
+ VALUE "SpecialBuild", "\0"
+ END
+ END
+ BLOCK "VarFileInfo"
+ BEGIN
+ VALUE "Translation", 0x409, 1200
+ END
+END
+
+#endif // !_MAC
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO DISCARDABLE
+BEGIN
+ IDD_BINDINSTALL_DIALOG, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 203
+ VERTGUIDE, 14
+ VERTGUIDE, 92
+ VERTGUIDE, 105
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 294
+ HORZGUIDE, 195
+ HORZGUIDE, 205
+ HORZGUIDE, 215
+ HORZGUIDE, 239
+ HORZGUIDE, 255
+ HORZGUIDE, 265
+ HORZGUIDE, 275
+ HORZGUIDE, 285
+ END
+
+ IDD_BROWSE, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 220
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 110
+ END
+
+ IDD_DIALOG1, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 179
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 88
+ END
+END
+#endif // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// String Table
+//
+
+STRINGTABLE DISCARDABLE
+BEGIN
+ IDS_MAINFRAME "BIND 9 Installer"
+ IDS_CREATEDIR "Directory %s does not exist.\nDo you wish to create it?"
+ IDS_SUCCESS "BIND installation completed successfully"
+ IDS_FAIL "BIND installation failed"
+ IDS_DIREXIST "Directory %s exists.\n Install here anyway?"
+ IDS_INSTALL_DIR "Create Directories..."
+ IDS_INSTALL_FILE "Copy Files..."
+ IDS_INSTALL_SERVICE "Register Service..."
+ IDS_INSTALL_MESSAGE "Register Messages..."
+ IDS_UNINSTALL "Do you wish to uninstall BIND?"
+ IDS_UNINSTALL_DONE "BIND Uninstall Completed"
+END
+
+STRINGTABLE DISCARDABLE
+BEGIN
+ IDS_CREATE_KEY "Creating BIND registry key"
+ IDS_ADD_REMOVE "Setting up Add/Remove Programs entry"
+ IDS_CLEANUP "Cleaning up"
+ IDS_INSTALL_DONE "Finished Installing"
+ IDS_CREATE_DIR "Creating directory %s"
+ IDS_REMOVE_DIR "Removing directory %s"
+ IDS_COPY_FILE "Copying file %s"
+ IDS_DELETE_FILE "Deleting file %s"
+ IDS_OPEN_SCM "Opening Service Control Manager"
+ IDS_CREATE_SERVICE "Creating BIND service"
+ IDS_OPEN_SERVICE "Opening BIND service"
+ IDS_REMOVE_SERVICE "Removing BIND service"
+ IDS_REGISTER_MESSAGES "Registering BIND message source"
+ IDS_UNREGISTER_MESSAGES "Unregistering BIND message source"
+ IDS_STOP_SERVICE "Stopping BIND service"
+ IDS_START_SERVICE "Starting BIND service"
+END
+
+STRINGTABLE DISCARDABLE
+BEGIN
+ IDS_UNINSTALL_DIR "Remove Directories..."
+ IDS_UNINSTALL_FILES "Delete Files..."
+ IDS_UNINSTALL_SERVICE "Unregister Service..."
+ IDS_UNINSTALL_MESSAGE "Unregister Messages..."
+ IDS_ERR_OPEN_SCM "Could not open Service Control Manager\n(%s)"
+ IDS_ERR_OPEN_SERVICE "Could not open BIND Service\n(%s)"
+ IDS_ERR_STOP_SERVICE "Could not stop BIND Service\n(%s)"
+ IDS_ERR_NONCRIT_FILE "An error occurred while copying non-critical file %s\n(%s)\nDo you wish to continue?"
+ IDS_ERR_COPY_FILE "An error occurred while copying file %s\n(%s)\nInstallation will be terminated"
+ IDS_ERR_CREATE_SERVICE "Error creating service\n(%s)"
+ IDS_ERR_REMOVE_SERVICE "Error removing service\n(%s)"
+ IDS_REBOOT "BINDInstall needs to restart Windows.\nDo you wish to restart now?"
+ IDS_BAD_PRIVILEGES "This user cannot acquire the privileges necessary to install BIND. Please ensure you are logged on as a member of the Administrators group."
+ IDS_ERR_CREATE_DIR "An error occurred while creating directory %s\n(%s)"
+ IDS_VERSION "Version %s"
+ IDS_ERR_CREATE_KEY "An error occured while creating registry keys\n(%s)"
+END
+
+STRINGTABLE DISCARDABLE
+BEGIN
+ IDS_ERR_SET_VALUE "An error occured while setting registry key values\n(%s)"
+ IDS_NO_VERSION "Version Unknown"
+ IDS_EXISTING_NEWER "%s\nThe existing version of this file is newer than the version being installed.\nDo you wish to overwrite the existing file?"
+ IDS_FILE_BAD "Could not retrieve version info for file %s. Do you wish to continue?\n(Continuing may overwrite a newer version of the file) "
+ IDS_ERR_TOOPRIVED "Chosen account has too many privileges. Do you wish to choose a different account name?"
+ IDS_ERR_BADACCOUNT "Error Validating Account. Unable to install service using this account."
+ IDS_ERR_WRONGPRIV "The wrong privilege: %s was detected. Only the Service Logon Right privilege should be enabled for this account."
+ IDS_CREATEACCOUNT_FAILED "Unable to Create Account for the Service."
+ IDS_ERR_PASSWORD "Passwords entered did not match. Please reenter password."
+ IDS_ERR_UPDATE_SERVICE "Error updating service\n(%s)"
+ IDS_ERR_NULLPASSWORD "Service account password cannot be null"
+ IDS_ERR_WHITESPACE "Service account password has leading/trailing whitespace"
+END
+
+#endif // English (U.S.) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+#define _AFX_NO_SPLITTER_RESOURCES
+#define _AFX_NO_OLE_RESOURCES
+#define _AFX_NO_TRACKER_RESOURCES
+#define _AFX_NO_PROPERTY_RESOURCES
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+#ifdef _WIN32
+LANGUAGE 9, 1
+#pragma code_page(1252)
+#endif //_WIN32
+#include "res\BINDInstall.rc2" // non-Microsoft Visual C++ edited resources
+#include "afxres.rc" // Standard components
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+#endif // not APSTUDIO_INVOKED
+
diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp
new file mode 100644
index 0000000..1d493f7
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp
@@ -0,0 +1,1290 @@
+/*
+ * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001, 2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: BINDInstallDlg.cpp,v 1.37.228.2 2008/12/14 21:33:07 tbox Exp $ */
+
+/*
+ * Copyright (c) 1999-2000 by Nortel Networks Corporation
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+ * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+ * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Define this to make a standalone installer that will copy msvcrt.dll
+ * and/or msvcrtd.dll during the install
+ */
+// #define BINARIES_INSTALL
+
+/*
+ * msvcrt.dll is the release c-runtime library for MSVC. msvcrtd.dll is the debug
+ * c-runtime library for MSVC. If you have debug binaries you want to have DEBUG_BINARIES
+ * defined. If you have release binaries you want to have RELEASE_BINARIES defined.
+ * If you have both, then define them both.
+ * Of course, you need msvcrt[d].dll present to install it!
+ */
+#ifdef BINARIES_INSTALL
+// # define DEBUG_BINARIES
+// # define RELEASE_BINARIES
+#endif
+
+#include "stdafx.h"
+#include "BINDInstall.h"
+#include "BINDInstallDlg.h"
+#include "DirBrowse.h"
+#include <winsvc.h>
+#include <named/ntservice.h>
+#include <isc/bind_registry.h>
+#include <isc/ntgroups.h>
+#include <direct.h>
+#include "AccountInfo.h"
+#include "versioninfo.h"
+
+#define MAX_GROUPS 100
+#define MAX_PRIVS 50
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+typedef struct _xexception
+{
+ _xexception(UINT string, ...);
+
+ CString resString;
+} Exception;
+
+_xexception::_xexception(UINT string, ...)
+{
+ CString format;
+ va_list va;
+
+ format.LoadString(string);
+
+ va_start(va, string);
+ resString.FormatV(format, va);
+ va_end(va);
+}
+
+typedef struct _filedata {
+ enum FileDestinations {TargetDir, BinDir, EtcDir, WinSystem};
+ enum FileImportance {Trivial, Normal, Critical};
+
+ char *filename;
+ int destination;
+ int importance;
+ BOOL checkVer;
+
+} FileData;
+
+const FileData installFiles[] =
+{
+#ifdef BINARIES_INSTALL
+# ifdef DEBUG_BINARIES
+ {"msvcrtd.dll", FileData::WinSystem, FileData::Critical, TRUE},
+# endif
+# ifdef RELEASE_BINARIES
+ {"msvcrt.dll", FileData::WinSystem, FileData::Critical, TRUE},
+# endif
+#endif
+#if _MSC_VER < 1400
+#if _MSC_VER >= 1310
+ {"mfc71.dll", FileData::WinSystem, FileData::Critical, TRUE},
+ {"msvcr71.dll", FileData::WinSystem, FileData::Critical, TRUE},
+#elif _MSC_VER > 1200 && _MSC_VER < 1310
+ {"mfc70.dll", FileData::WinSystem, FileData::Critical, TRUE},
+ {"msvcr70.dll", FileData::WinSystem, FileData::Critical, TRUE},
+#endif
+#endif
+ {"bindevt.dll", FileData::BinDir, FileData::Normal, FALSE},
+ {"libbind9.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"libisc.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"libisccfg.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"libisccc.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"libdns.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"liblwres.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"libeay32.dll", FileData::BinDir, FileData::Critical, FALSE},
+ {"named.exe", FileData::BinDir, FileData::Critical, FALSE},
+ {"nsupdate.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"BINDInstall.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"rndc.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"dig.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"host.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"nslookup.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"rndc-confgen.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"dnssec-keygen.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"dnssec-signzone.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"dnssec-dsfromkey.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"dnssec-keyfromlabel.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"named-checkconf.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"named-checkzone.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"named-compilezone.exe", FileData::BinDir, FileData::Normal, FALSE},
+ {"readme1st.txt", FileData::BinDir, FileData::Trivial, FALSE},
+ {NULL, -1, -1}
+};
+
+
+/////////////////////////////////////////////////////////////////////////////
+// CBINDInstallDlg dialog
+
+CBINDInstallDlg::CBINDInstallDlg(CWnd* pParent /*=NULL*/)
+ : CDialog(CBINDInstallDlg::IDD, pParent) {
+ char buf[MAX_PATH];
+
+ //{{AFX_DATA_INIT(CBINDInstallDlg)
+ m_targetDir = _T("");
+ m_version = _T("");
+ m_autoStart = FALSE;
+ m_keepFiles = FALSE;
+ m_current = _T("");
+ m_startOnInstall = FALSE;
+ m_accountName = _T("");
+ m_accountPassword = _T("");
+ m_accountName = _T("");
+ //}}AFX_DATA_INIT
+ // Note that LoadIcon does not require a subsequent DestroyIcon in Win32
+ m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
+
+ GetSystemDirectory(buf, MAX_PATH);
+ m_winSysDir = buf;
+ m_defaultDir = buf;
+ m_defaultDir += "\\dns";
+ m_installed = FALSE;
+ m_accountExists = FALSE;
+ m_accountUsed = FALSE;
+ m_serviceExists = TRUE;
+ GetCurrentServiceAccountName();
+ m_currentAccount = m_accountName;
+ if (m_accountName == "") {
+ m_accountName = "named";
+ }
+}
+
+void CBINDInstallDlg::DoDataExchange(CDataExchange* pDX) {
+ CDialog::DoDataExchange(pDX);
+ //{{AFX_DATA_MAP(CBINDInstallDlg)
+ DDX_Text(pDX, IDC_TARGETDIR, m_targetDir);
+ DDX_Text(pDX, IDC_VERSION, m_version);
+ DDX_Text(pDX, IDC_ACCOUNT_NAME, m_accountName);
+ DDX_Text(pDX, IDC_ACCOUNT_PASSWORD, m_accountPassword);
+ DDX_Text(pDX, IDC_ACCOUNT_PASSWORD_CONFIRM, m_accountPasswordConfirm);
+ DDX_Check(pDX, IDC_AUTO_START, m_autoStart);
+ DDX_Check(pDX, IDC_KEEP_FILES, m_keepFiles);
+ DDX_Text(pDX, IDC_CURRENT, m_current);
+ DDX_Check(pDX, IDC_START, m_startOnInstall);
+ //}}AFX_DATA_MAP
+}
+
+BEGIN_MESSAGE_MAP(CBINDInstallDlg, CDialog)
+ //{{AFX_MSG_MAP(CBINDInstallDlg)
+ ON_WM_PAINT()
+ ON_WM_QUERYDRAGICON()
+ ON_BN_CLICKED(IDC_BROWSE, OnBrowse)
+ ON_BN_CLICKED(IDC_INSTALL, OnInstall)
+ ON_BN_CLICKED(IDC_EXIT, OnExit)
+ ON_BN_CLICKED(IDC_UNINSTALL, OnUninstall)
+ //}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// CBINDInstallDlg message handlers
+
+BOOL CBINDInstallDlg::OnInitDialog() {
+ CDialog::OnInitDialog();
+
+ // Set the icon for this dialog. The framework does this automatically
+ // when the application's main window is not a dialog
+ SetIcon(m_hIcon, TRUE); // Set big icon
+ SetIcon(m_hIcon, FALSE); // Set small icon
+
+ char filename[MAX_PATH];
+ char dirname[MAX_PATH];
+ char *fptr = &filename[0];
+ GetModuleFileName(NULL, filename, MAX_PATH);
+ char *dptr = strrchr(filename,'\\');
+ int index = dptr - fptr;
+ strncpy(dirname, filename, index);
+ dirname[index] = '\0';
+ CString Dirname(dirname);
+ m_currentDir = Dirname;
+
+ CVersionInfo bindInst(filename);
+ if(bindInst.IsValid())
+ m_version.Format(IDS_VERSION, bindInst.GetFileVersionString());
+ else
+ m_version.LoadString(IDS_NO_VERSION);
+
+ DWORD dwBufLen = MAX_PATH;
+ char buf[MAX_PATH];
+ HKEY hKey;
+
+ m_startOnInstall = CheckBINDService();
+
+ /* See if we are installed already */
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, BIND_SUBKEY, 0, KEY_READ, &hKey)
+ == ERROR_SUCCESS) {
+ m_installed = TRUE;
+ memset(buf, 0, MAX_PATH);
+ // Get the install directory
+ if (RegQueryValueEx(hKey, "InstallDir", NULL, NULL, (LPBYTE)buf,
+ &dwBufLen) == ERROR_SUCCESS)
+ if (strcmp(buf, ""))
+ m_defaultDir = buf;
+
+ RegCloseKey(hKey);
+ }
+ m_targetDir = m_defaultDir;
+
+ // Set checkbox defaults
+ m_autoStart = TRUE;
+ m_keepFiles = TRUE;
+
+ UpdateData(FALSE);
+
+ return (TRUE); /* return(TRUE) unless you set the focus to a control */
+}
+
+/*
+ * If you add a minimize button to your dialog, you will need the code below
+ * to draw the icon. For MFC applications using the document/view model,
+ * this is automatically done for you by the framework.
+ */
+
+void CBINDInstallDlg::OnPaint() {
+ if (IsIconic()) {
+ CPaintDC dc(this); // device context for painting
+
+ SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
+
+ // Center icon in client rectangle
+ int cxIcon = GetSystemMetrics(SM_CXICON);
+ int cyIcon = GetSystemMetrics(SM_CYICON);
+ CRect rect;
+ GetClientRect(&rect);
+ int x = (rect.Width() - cxIcon + 1) / 2;
+ int y = (rect.Height() - cyIcon + 1) / 2;
+
+ // Draw the icon
+ dc.DrawIcon(x, y, m_hIcon);
+ }
+ else {
+ CDialog::OnPaint();
+ }
+}
+
+// The system calls this to obtain the cursor to display while the user drags
+// the minimized window.
+HCURSOR CBINDInstallDlg::OnQueryDragIcon() {
+ return((HCURSOR)m_hIcon);
+}
+
+void CBINDInstallDlg::OnBrowse() {
+
+ CDirBrowse browse;
+
+ if (browse.DoModal() == IDOK) {
+ //m_targetDir = browse.m_selectedDir;
+ UpdateData(FALSE);
+ }
+}
+
+/*
+ * User pressed the exit button
+ */
+void CBINDInstallDlg::OnExit() {
+ EndDialog(0);
+}
+
+/*
+ * User pressed the uninstall button. Make it go.
+ */
+void CBINDInstallDlg::OnUninstall() {
+ UpdateData();
+
+ if (MsgBox(IDS_UNINSTALL, MB_YESNO) == IDYES) {
+ if (CheckBINDService())
+ StopBINDService();
+
+ SC_HANDLE hSCManager = OpenSCManager(NULL, NULL,
+ SC_MANAGER_ALL_ACCESS);
+ if (!hSCManager) {
+ MsgBox(IDS_ERR_OPEN_SCM, GetErrMessage());
+ return;
+ }
+
+ SC_HANDLE hService = OpenService(hSCManager, BIND_SERVICE_NAME,
+ SERVICE_ALL_ACCESS);
+ if (!hService && GetLastError() != ERROR_SERVICE_DOES_NOT_EXIST){
+ MsgBox(IDS_ERR_OPEN_SERVICE, GetErrMessage());
+ return;
+ }
+
+ SERVICE_STATUS ss;
+ QueryServiceStatus(hService, &ss);
+ if (ss.dwCurrentState == SERVICE_RUNNING) {
+ BOOL rc = ControlService(hService,
+ SERVICE_CONTROL_STOP, &ss);
+ if (rc == FALSE || ss.dwCurrentState != SERVICE_STOPPED) {
+ MsgBox(IDS_ERR_STOP_SERVICE, GetErrMessage());
+ return;
+ }
+
+ }
+ CloseServiceHandle(hService);
+ CloseServiceHandle(hSCManager);
+
+ // Directories
+ m_etcDir = m_targetDir + "\\etc";
+ m_binDir = m_targetDir + "\\bin";
+
+ UninstallTags();
+ UnregisterMessages(TRUE);
+ UnregisterService(TRUE);
+ DeleteFiles(TRUE);
+ if (m_keepFiles == FALSE)
+ RemoveDirs(TRUE);
+ else
+ GetDlgItem(IDC_CREATE_DIR)->SetWindowText("Not Removed");
+
+
+ // Delete registry keys for named
+ RegDeleteKey(HKEY_LOCAL_MACHINE, BIND_SESSION_SUBKEY);
+ RegDeleteKey(HKEY_LOCAL_MACHINE, BIND_SUBKEY);
+ RegDeleteKey(HKEY_LOCAL_MACHINE, BIND_UNINSTALL_SUBKEY);
+
+ ProgramGroup(FALSE);
+
+ SetCurrent(IDS_UNINSTALL_DONE);
+ MsgBox(IDS_UNINSTALL_DONE);
+ }
+}
+
+/*
+ * User pressed the install button. Make it go.
+ */
+void CBINDInstallDlg::OnInstall() {
+#if _MSC_VER >= 1400
+ char Vcredist_x86[MAX_PATH];
+#endif
+ BOOL success = FALSE;
+ int oldlen;
+
+ if (CheckBINDService())
+ StopBINDService();
+
+ InstallTags();
+
+ UpdateData();
+
+ /*
+ * Check that the Passwords entered match.
+ */
+ if (m_accountPassword != m_accountPasswordConfirm) {
+ MsgBox(IDS_ERR_PASSWORD);
+ return;
+ }
+
+ /*
+ * Check that there is not leading / trailing whitespace.
+ * This is for compatability with the standard password dialog.
+ * Passwords really should be treated as opaque blobs.
+ */
+ oldlen = m_accountPassword.GetLength();
+ m_accountPassword.TrimLeft();
+ m_accountPassword.TrimRight();
+ if (m_accountPassword.GetLength() != oldlen) {
+ MsgBox(IDS_ERR_WHITESPACE);
+ return;
+ }
+
+ /*
+ * Check the entered account name.
+ */
+ if (ValidateServiceAccount() == FALSE)
+ return;
+
+ /*
+ * For Registration we need to know if account was changed.
+ */
+ if (m_accountName != m_currentAccount)
+ m_accountUsed = FALSE;
+
+ if (m_accountUsed == FALSE && m_serviceExists == FALSE)
+ {
+ /*
+ * Check that the Password is not null.
+ */
+ if (m_accountPassword.GetLength() == 0) {
+ MsgBox(IDS_ERR_NULLPASSWORD);
+ return;
+ }
+ }
+
+ /* Directories */
+ m_etcDir = m_targetDir + "\\etc";
+ m_binDir = m_targetDir + "\\bin";
+
+ if (m_defaultDir != m_targetDir) {
+ if (GetFileAttributes(m_targetDir) != 0xFFFFFFFF)
+ {
+ int install = MsgBox(IDS_DIREXIST,
+ MB_YESNO | MB_ICONQUESTION, m_targetDir);
+ if (install == IDNO)
+ return;
+ }
+ else {
+ int createDir = MsgBox(IDS_CREATEDIR,
+ MB_YESNO | MB_ICONQUESTION, m_targetDir);
+ if (createDir == IDNO)
+ return;
+ }
+ }
+
+ if (m_accountExists == FALSE) {
+ success = CreateServiceAccount(m_accountName.GetBuffer(30),
+ m_accountPassword.GetBuffer(30));
+ if (success == FALSE) {
+ MsgBox(IDS_CREATEACCOUNT_FAILED);
+ return;
+ }
+ m_accountExists = TRUE;
+ }
+
+ ProgramGroup(FALSE);
+
+#if _MSC_VER >= 1400
+ /*
+ * Install Visual Studio libraries. As per:
+ * http://blogs.msdn.com/astebner/archive/2006/08/23/715755.aspx
+ *
+ * Vcredist_x86.exe /q:a /c:"msiexec /i vcredist.msi /qn /l*v %temp%\vcredist_x86.log"
+ */
+ /*system(".\\Vcredist_x86.exe /q:a /c:\"msiexec /i vcredist.msi /qn /l*v %temp%\vcredist_x86.log\"");*/
+
+ /*
+ * Enclose full path to Vcredist_x86.exe in quotes as
+ * m_currentDir may contain spaces.
+ */
+ sprintf(Vcredist_x86, "\"%s\\Vcredist_x86.exe\"",
+ (LPCTSTR) m_currentDir);
+ system(Vcredist_x86);
+#endif
+ try {
+ CreateDirs();
+ CopyFiles();
+ RegisterService();
+ RegisterMessages();
+
+ HKEY hKey;
+
+ /* Create a new key for named */
+ SetCurrent(IDS_CREATE_KEY);
+ if (RegCreateKey(HKEY_LOCAL_MACHINE, BIND_SUBKEY,
+ &hKey) == ERROR_SUCCESS) {
+ // Get the install directory
+ RegSetValueEx(hKey, "InstallDir", 0, REG_SZ,
+ (LPBYTE)(LPCTSTR)m_targetDir,
+ m_targetDir.GetLength());
+ RegCloseKey(hKey);
+ }
+
+
+ SetCurrent(IDS_ADD_REMOVE);
+ if (RegCreateKey(HKEY_LOCAL_MACHINE, BIND_UNINSTALL_SUBKEY,
+ &hKey) == ERROR_SUCCESS) {
+ CString buf(BIND_DISPLAY_NAME);
+
+ RegSetValueEx(hKey, "DisplayName", 0, REG_SZ,
+ (LPBYTE)(LPCTSTR)buf, buf.GetLength());
+
+ buf.Format("%s\\BINDInstall.exe", m_binDir);
+ RegSetValueEx(hKey, "UninstallString", 0, REG_SZ,
+ (LPBYTE)(LPCTSTR)buf, buf.GetLength());
+ RegCloseKey(hKey);
+ }
+
+ ProgramGroup(FALSE);
+
+ if (m_startOnInstall)
+ StartBINDService();
+ }
+ catch(Exception e) {
+ MessageBox(e.resString);
+ SetCurrent(IDS_CLEANUP);
+ FailedInstall();
+ MsgBox(IDS_FAIL);
+ return;
+ }
+ catch(DWORD dw) {
+ CString msg;
+ msg.Format("A fatal error occured\n(%s)", GetErrMessage(dw));
+ MessageBox(msg);
+ SetCurrent(IDS_CLEANUP);
+ FailedInstall();
+ MsgBox(IDS_FAIL);
+ return;
+ }
+
+ SetCurrent(IDS_INSTALL_DONE);
+ MsgBox(IDS_SUCCESS);
+}
+
+/*
+ * Methods to do the work
+ */
+void CBINDInstallDlg::CreateDirs() {
+ /* s'OK if the directories already exist */
+ SetCurrent(IDS_CREATE_DIR, m_targetDir);
+ if (!CreateDirectory(m_targetDir, NULL) && GetLastError() != ERROR_ALREADY_EXISTS)
+ throw(Exception(IDS_ERR_CREATE_DIR, m_targetDir, GetErrMessage()));
+
+ SetCurrent(IDS_CREATE_DIR, m_etcDir);
+ if (!CreateDirectory(m_etcDir, NULL) && GetLastError() != ERROR_ALREADY_EXISTS)
+ throw(Exception(IDS_ERR_CREATE_DIR, m_etcDir, GetErrMessage()));
+
+ SetCurrent(IDS_CREATE_DIR, m_binDir);
+ if (!CreateDirectory(m_binDir, NULL) && GetLastError() != ERROR_ALREADY_EXISTS)
+ throw(Exception(IDS_ERR_CREATE_DIR, m_binDir, GetErrMessage()));
+
+ SetItemStatus(IDC_CREATE_DIR);
+}
+
+void CBINDInstallDlg::RemoveDirs(BOOL uninstall) {
+ if (!m_keepFiles) {
+ SetCurrent(IDS_REMOVE_DIR, m_binDir);
+ // Check for existence then remove if present
+ if (GetFileAttributes(m_binDir) != 0xFFFFFFFF)
+ RemoveDirectory(m_binDir);
+
+ SetCurrent(IDS_REMOVE_DIR, m_etcDir);
+ if (GetFileAttributes(m_etcDir) != 0xFFFFFFFF)
+ RemoveDirectory(m_etcDir);
+
+ SetCurrent(IDS_REMOVE_DIR, m_targetDir);
+ if (GetFileAttributes(m_targetDir) != 0xFFFFFFFF)
+ RemoveDirectory(m_targetDir);
+ }
+
+ if (uninstall)
+ SetItemStatus(IDC_CREATE_DIR, TRUE);
+}
+
+void CBINDInstallDlg::CopyFiles() {
+ CString destFile;
+
+ for (int i = 0; installFiles[i].filename; i++) {
+ SetCurrent(IDS_COPY_FILE, installFiles[i].filename);
+
+ destFile = DestDir(installFiles[i].destination) + "\\" +
+ installFiles[i].filename;
+ CString filespec = m_currentDir + "\\" + installFiles[i].filename;
+ CVersionInfo bindFile(destFile);
+
+ CVersionInfo origFile(filespec);
+ if (!origFile.IsValid() && installFiles[i].checkVer) {
+ if (MsgBox(IDS_FILE_BAD, MB_YESNO,
+ installFiles[i].filename) == IDNO)
+ throw(Exception(IDS_ERR_COPY_FILE,
+ installFiles[i].filename,
+ GetErrMessage()));
+ }
+
+ try {
+/*
+ * Ignore Version checking. We need to make sure that all files get copied regardless
+ * of whether or not they are earlier or later versions since we cannot guarantee
+ * that we have either backward or forward compatibility between versions.
+ */
+ bindFile.CopyFileNoVersion(origFile);
+ }
+ catch(...) {
+ if (installFiles[i].importance != FileData::Trivial) {
+ if (installFiles[i].importance ==
+ FileData::Critical ||
+ MsgBox(IDS_ERR_NONCRIT_FILE, MB_YESNO,
+ installFiles[i].filename,
+ GetErrMessage()) == IDNO)
+ {
+ SetItemStatus(IDC_COPY_FILE, FALSE);
+ throw(Exception(IDS_ERR_COPY_FILE,
+ installFiles[i].filename,
+ GetErrMessage()));
+ }
+ }
+ }
+ }
+
+ SetItemStatus(IDC_COPY_FILE);
+}
+
+void CBINDInstallDlg::DeleteFiles(BOOL uninstall) {
+ CString destFile;
+
+ for (int i = 0; installFiles[i].filename; i++) {
+ if (installFiles[i].checkVer)
+ continue;
+
+ destFile = DestDir(installFiles[i].destination) + "\\" +
+ installFiles[i].filename;
+
+ if (uninstall)
+ SetCurrent(IDS_DELETE_FILE, installFiles[i].filename);
+
+ DeleteFile(destFile);
+ }
+
+ if (!m_keepFiles) {
+ WIN32_FIND_DATA findData;
+ CString file = m_etcDir + "\\*.*";
+ BOOL rc;
+ HANDLE hFile;
+
+ hFile = FindFirstFile(file, &findData);
+ rc = hFile != INVALID_HANDLE_VALUE;
+
+ while (rc == TRUE) {
+ if (strcmp(findData.cFileName, ".") &&
+ strcmp(findData.cFileName, "..")) {
+ file = m_etcDir + "\\" + findData.cFileName;
+ SetCurrent(IDS_DELETE_FILE, file);
+ DeleteFile(file);
+ }
+ rc = FindNextFile(hFile, &findData);
+ }
+ FindClose(hFile);
+ }
+
+ if (uninstall)
+ SetItemStatus(IDC_COPY_FILE, TRUE);
+}
+
+/*
+ * Get the service account name out of the registry, if any
+ */
+void
+CBINDInstallDlg::GetCurrentServiceAccountName() {
+ HKEY hKey;
+ BOOL keyFound = FALSE;
+ char accountName[MAX_PATH];
+ DWORD nameLen = MAX_PATH;
+ CString Tmp;
+ m_accountUsed = FALSE;
+
+ memset(accountName, 0, nameLen);
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, BIND_SERVICE_SUBKEY, 0, KEY_READ,
+ &hKey) == ERROR_SUCCESS) {
+ keyFound = TRUE;
+ }
+ else {
+ m_serviceExists = FALSE;
+ }
+
+ if (keyFound == TRUE) {
+ /* Get the named service account, if one was specified */
+ if (RegQueryValueEx(hKey, "ObjectName", NULL, NULL,
+ (LPBYTE)accountName, &nameLen) != ERROR_SUCCESS)
+ keyFound = FALSE;
+ }
+
+ RegCloseKey(hKey);
+ if(keyFound == FALSE)
+ m_accountName = "";
+ else {
+ /*
+ * LocalSystem is not a regular account and is equivalent
+ * to no account but with lots of privileges
+ */
+ Tmp = accountName;
+ if (Tmp == ".\\LocalSystem")
+ m_accountName = "";
+ /* Found account strip any ".\" from it */
+ if (Tmp.Left(2) == ".\\") {
+ m_accountName = Tmp.Mid(2);
+ m_accountUsed = TRUE;
+ }
+ }
+}
+
+BOOL
+CBINDInstallDlg::ValidateServiceAccount() {
+ wchar_t *PrivList[MAX_PRIVS];
+ unsigned int PrivCount = 0;
+ char *Groups[MAX_GROUPS];
+ unsigned int totalGroups = 0;
+ int status;
+ char *name;
+
+ name = m_accountName.GetBuffer(30);
+
+ status = GetAccountPrivileges(name, PrivList, &PrivCount,
+ Groups, &totalGroups, MAX_GROUPS);
+ if (status == RTN_NOACCOUNT) {
+ m_accountExists = FALSE;
+ /* We need to do this in case an account was previously used */
+ m_accountUsed = FALSE;
+ return (TRUE);
+ }
+ if (status != RTN_OK) {
+ MsgBox(IDS_ERR_BADACCOUNT);
+ return (FALSE);
+ }
+
+ m_accountExists = TRUE;
+ if (PrivCount > 1) {
+ if (MsgBox(IDS_ERR_TOOPRIVED, MB_YESNO) == IDYES)
+ return (FALSE);
+ else
+ return (TRUE);
+ }
+
+ /* See if we have the correct privilege */
+ if (wcscmp(PrivList[0], SE_SERVICE_LOGON_PRIV) != 0) {
+ MsgBox(IDS_ERR_WRONGPRIV, PrivList[0]);
+ return (FALSE);
+ }
+ return (TRUE);
+}
+
+void
+CBINDInstallDlg::RegisterService() {
+ SC_HANDLE hSCManager;
+ SC_HANDLE hService;
+ CString StartName = ".\\" + m_accountName;
+
+ /*
+ * We need to change the service rather than create it
+ * if the service already exists. Do nothing if we are already
+ * using that account
+ */
+ if(m_serviceExists == TRUE) {
+ if(m_accountUsed == FALSE) {
+ UpdateService();
+ SetItemStatus(IDC_REG_SERVICE);
+ return;
+ }
+ else {
+ SetItemStatus(IDC_REG_SERVICE);
+ return;
+ }
+ }
+
+ SetCurrent(IDS_OPEN_SCM);
+ hSCManager= OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+ if (!hSCManager)
+ throw(Exception(IDS_ERR_OPEN_SCM, GetErrMessage()));
+
+ DWORD dwStart = SERVICE_DEMAND_START;
+ if (m_autoStart)
+ dwStart = SERVICE_AUTO_START;
+
+ DWORD dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+
+ CString namedLoc;
+ namedLoc.Format("%s\\bin\\named.exe", m_targetDir);
+
+ SetCurrent(IDS_CREATE_SERVICE);
+ hService = CreateService(hSCManager, BIND_SERVICE_NAME,
+ BIND_DISPLAY_NAME, SERVICE_ALL_ACCESS, dwServiceType, dwStart,
+ SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL, StartName,
+ m_accountPassword);
+
+ if (!hService && GetLastError() != ERROR_SERVICE_EXISTS)
+ throw(Exception(IDS_ERR_CREATE_SERVICE, GetErrMessage()));
+
+ if (hService)
+ CloseServiceHandle(hService);
+
+ if (hSCManager)
+ CloseServiceHandle(hSCManager);
+
+ SetItemStatus(IDC_REG_SERVICE);
+}
+
+void
+CBINDInstallDlg::UpdateService() {
+ SC_HANDLE hSCManager;
+ SC_HANDLE hService;
+ CString StartName = ".\\" + m_accountName;
+
+ SetCurrent(IDS_OPEN_SCM);
+ hSCManager= OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+ if (!hSCManager) {
+ MsgBox(IDS_ERR_OPEN_SCM, GetErrMessage());
+ return;
+ }
+
+ DWORD dwStart = SERVICE_DEMAND_START;
+ if (m_autoStart)
+ dwStart = SERVICE_AUTO_START;
+
+ DWORD dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+
+ CString namedLoc;
+ namedLoc.Format("%s\\bin\\named.exe", m_targetDir);
+
+ SetCurrent(IDS_OPEN_SERVICE);
+ hService = OpenService(hSCManager, BIND_SERVICE_NAME,
+ SERVICE_CHANGE_CONFIG);
+ if (!hService)
+ {
+ MsgBox(IDS_ERR_OPEN_SERVICE, GetErrMessage());
+ if (hSCManager)
+ CloseServiceHandle(hSCManager);
+ return;
+ }
+ else {
+ if (ChangeServiceConfig(hService, dwServiceType, dwStart,
+ SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL,
+ StartName, m_accountPassword,BIND_DISPLAY_NAME)
+ != TRUE) {
+ DWORD err = GetLastError();
+ MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage());
+ }
+ }
+
+ if (hService)
+ CloseServiceHandle(hService);
+
+ if (hSCManager)
+ CloseServiceHandle(hSCManager);
+
+ SetItemStatus(IDC_REG_SERVICE);
+}
+
+void CBINDInstallDlg::UnregisterService(BOOL uninstall) {
+ BOOL rc = FALSE;
+ SC_HANDLE hSCManager;
+ SC_HANDLE hService;
+
+ while(1) {
+ SetCurrent(IDS_OPEN_SCM);
+ hSCManager= OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+ if (!hSCManager && uninstall == TRUE) {
+ MsgBox(IDS_ERR_OPEN_SCM, GetErrMessage());
+ break;
+ }
+
+ SetCurrent(IDS_OPEN_SERVICE);
+ hService = OpenService(hSCManager, BIND_SERVICE_NAME,
+ STANDARD_RIGHTS_REQUIRED);
+ if (!hService && uninstall == TRUE)
+ {
+ if (GetLastError() != ERROR_SERVICE_DOES_NOT_EXIST) {
+ MsgBox(IDS_ERR_OPEN_SERVICE, GetErrMessage());
+ break;
+ }
+ }
+ else {
+ SetCurrent(IDS_REMOVE_SERVICE);
+ if (!DeleteService(hService) && uninstall == TRUE) {
+ DWORD err = GetLastError();
+ if (err != ERROR_SERVICE_MARKED_FOR_DELETE &&
+ err != ERROR_SERVICE_DOES_NOT_EXIST) {
+ MsgBox(IDS_ERR_REMOVE_SERVICE, GetErrMessage());
+ break;
+ }
+ }
+ }
+
+ rc = TRUE;
+ break;
+ }
+
+ if (hService)
+ CloseServiceHandle(hService);
+
+ if (hSCManager)
+ CloseServiceHandle(hSCManager);
+
+ if (uninstall)
+ SetItemStatus(IDC_REG_SERVICE, rc);
+}
+
+void CBINDInstallDlg::RegisterMessages() {
+ HKEY hKey;
+ DWORD dwData;
+ char pszMsgDLL[MAX_PATH];
+
+ sprintf(pszMsgDLL, "%s\\%s", (LPCTSTR)m_binDir, "bindevt.dll");
+
+ SetCurrent(IDS_REGISTER_MESSAGES);
+ /* Create a new key for named */
+ if (RegCreateKey(HKEY_LOCAL_MACHINE, BIND_MESSAGE_SUBKEY, &hKey)
+ != ERROR_SUCCESS)
+ throw(Exception(IDS_ERR_CREATE_KEY, GetErrMessage()));
+
+ /* Add the Event-ID message-file name to the subkey. */
+ if (RegSetValueEx(hKey, "EventMessageFile", 0, REG_EXPAND_SZ,
+ (LPBYTE)pszMsgDLL, strlen(pszMsgDLL) + 1) != ERROR_SUCCESS)
+ throw(Exception(IDS_ERR_SET_VALUE, GetErrMessage()));
+
+ /* Set the supported types flags and addit to the subkey. */
+ dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE;
+ if (RegSetValueEx(hKey, "TypesSupported", 0, REG_DWORD,
+ (LPBYTE)&dwData, sizeof(DWORD)) != ERROR_SUCCESS)
+ throw(Exception(IDS_ERR_SET_VALUE, GetErrMessage()));
+
+ RegCloseKey(hKey);
+
+ SetItemStatus(IDC_REG_MESSAGE);
+}
+
+void CBINDInstallDlg::UnregisterMessages(BOOL uninstall) {
+ BOOL rc = FALSE;
+ HKEY hKey = NULL;
+
+ while(1) {
+ SetCurrent(IDS_UNREGISTER_MESSAGES);
+ /* Open key for Application Event Log */
+ if (RegOpenKey(HKEY_LOCAL_MACHINE, EVENTLOG_APP_SUBKEY, &hKey)
+ != ERROR_SUCCESS)
+ break;
+
+ /* Remove named from the list of messages sources */
+ if (RegDeleteKey(hKey, BIND_MESSAGE_NAME) != ERROR_SUCCESS)
+ break;
+
+ rc = TRUE;
+ break;
+ }
+
+ if (hKey)
+ RegCloseKey(hKey);
+
+ if (uninstall)
+ SetItemStatus(IDC_REG_MESSAGE, rc);
+}
+
+/*
+ * Install failed - clean up quietly
+ */
+void CBINDInstallDlg::FailedInstall() {
+ UnregisterMessages(FALSE);
+ UnregisterService(FALSE);
+ DeleteFiles(FALSE);
+ RemoveDirs(FALSE);
+}
+
+/*
+ * Set the checklist tags for install
+ */
+void CBINDInstallDlg::InstallTags() {
+ CString tag;
+
+ tag.LoadString(IDS_INSTALL_FILE);
+ GetDlgItem(IDC_COPY_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_COPY_FILE)->SetWindowText("");
+
+ tag.LoadString(IDS_INSTALL_DIR);
+ GetDlgItem(IDC_DIR_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_CREATE_DIR)->SetWindowText("");
+ GetDlgItem(IDC_REG_SERVICE)->SetWindowText("");
+
+ tag.LoadString(IDS_INSTALL_SERVICE);
+ GetDlgItem(IDC_SERVICE_TAG)->SetWindowText(tag);
+
+ tag.LoadString(IDS_INSTALL_MESSAGE);
+ GetDlgItem(IDC_MESSAGE_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_REG_MESSAGE)->SetWindowText("");
+}
+
+/*
+ * Set the checklist tags for uninstall
+ */
+void CBINDInstallDlg::UninstallTags() {
+ CString tag;
+
+ tag.LoadString(IDS_UNINSTALL_FILES);
+ GetDlgItem(IDC_COPY_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_COPY_FILE)->SetWindowText("");
+
+ tag.LoadString(IDS_UNINSTALL_DIR);
+ GetDlgItem(IDC_DIR_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_CREATE_DIR)->SetWindowText("");
+
+ tag.LoadString(IDS_UNINSTALL_SERVICE);
+ GetDlgItem(IDC_SERVICE_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_REG_SERVICE)->SetWindowText("");
+
+ tag.LoadString(IDS_UNINSTALL_MESSAGE);
+ GetDlgItem(IDC_MESSAGE_TAG)->SetWindowText(tag);
+ GetDlgItem(IDC_REG_MESSAGE)->SetWindowText("");
+}
+
+void CBINDInstallDlg::SetItemStatus(UINT nID, BOOL bSuccess) {
+ GetDlgItem(nID)->SetWindowText(bSuccess == TRUE ? "Done" : "Failed");
+}
+
+
+/*
+ * Set the text in the current operation field - use a string table string
+ */
+void CBINDInstallDlg::SetCurrent(int id, ...) {
+ CString format;
+ va_list va;
+ char buf[128];
+
+ format.LoadString(id);
+ memset(buf, 0, 128);
+
+ va_start(va, id);
+ vsprintf(buf, format, va);
+ va_end(va);
+
+ m_current.Format("%s", buf);
+ UpdateData(FALSE);
+}
+
+/*
+ * Stop the BIND service
+ */
+void CBINDInstallDlg::StopBINDService() {
+ SERVICE_STATUS svcStatus;
+
+ SetCurrent(IDS_STOP_SERVICE);
+
+ SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+ if (!hSCManager) {
+ MsgBox(IDS_ERR_OPEN_SCM, GetErrMessage());
+ }
+
+ SC_HANDLE hBINDSvc = OpenService(hSCManager, BIND_SERVICE_NAME,
+ SERVICE_ALL_ACCESS);
+ if (!hBINDSvc) {
+ MsgBox(IDS_ERR_OPEN_SERVICE, GetErrMessage());
+ }
+
+ BOOL rc = ControlService(hBINDSvc, SERVICE_CONTROL_STOP, &svcStatus);
+}
+
+/*
+ * Start the BIND service
+ */
+void CBINDInstallDlg::StartBINDService() {
+ SetCurrent(IDS_START_SERVICE);
+
+ SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+ if (!hSCManager) {
+ MsgBox(IDS_ERR_OPEN_SCM, GetErrMessage());
+ }
+
+ SC_HANDLE hBINDSvc = OpenService(hSCManager, BIND_SERVICE_NAME,
+ SERVICE_ALL_ACCESS);
+ if (!hBINDSvc) {
+ MsgBox(IDS_ERR_OPEN_SERVICE, GetErrMessage());
+ }
+ BOOL rc = StartService(hBINDSvc, 0, NULL);
+}
+
+/*
+ * Check to see if the BIND service is running or not
+ */
+BOOL CBINDInstallDlg::CheckBINDService() {
+ SERVICE_STATUS svcStatus;
+
+ SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+ if (hSCManager) {
+ SC_HANDLE hBINDSvc = OpenService(hSCManager, BIND_SERVICE_NAME,
+ SERVICE_ALL_ACCESS);
+ if (hBINDSvc) {
+ BOOL rc = ControlService(hBINDSvc,
+ SERVICE_CONTROL_INTERROGATE, &svcStatus);
+ if (!rc)
+ DWORD err = GetLastError();
+
+ return (svcStatus.dwCurrentState == SERVICE_RUNNING);
+ }
+ }
+ return (FALSE);
+}
+
+/*
+ * Display message boxes with variable args, using string table strings
+ * for the format specifiers
+ */
+int CBINDInstallDlg::MsgBox(int id, ...) {
+ CString format;
+ va_list va;
+ char buf[BUFSIZ];
+
+ format.LoadString(id);
+ memset(buf, 0, BUFSIZ);
+
+ va_start(va, id);
+ vsprintf(buf, format, va);
+ va_end(va);
+
+ return (MessageBox(buf));
+}
+
+int CBINDInstallDlg::MsgBox(int id, UINT type, ...) {
+ CString format;
+ va_list va;
+ char buf[BUFSIZ];
+
+ format.LoadString(id);
+ memset(buf, 0, BUFSIZ);
+
+ va_start(va, type);
+ vsprintf(buf, format, va);
+ va_end(va);
+
+ return(MessageBox(buf, NULL, type));
+}
+
+/*
+ * Call GetLastError(), retrieve the message associated with the error
+ */
+CString CBINDInstallDlg::GetErrMessage(DWORD err) {
+ LPVOID msgBuf;
+ static char buf[BUFSIZ];
+
+ DWORD len = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, err == -1 ? GetLastError() : err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &msgBuf, 0, NULL );
+
+
+ strcpy(buf, (LPTSTR)msgBuf);
+ LocalFree(msgBuf);
+ /* Strip off the period and the \n */
+ buf[len - 3] = 0;
+ return(buf);
+}
+
+void CBINDInstallDlg::ProgramGroup(BOOL create) {
+ TCHAR path[MAX_PATH], commonPath[MAX_PATH], fileloc[MAX_PATH], linkpath[MAX_PATH];
+ HRESULT hres;
+ IShellLink *psl = NULL;
+ LPMALLOC pMalloc = NULL;
+ ITEMIDLIST *itemList = NULL;
+
+ HRESULT hr = SHGetMalloc(&pMalloc);
+ if (hr != NOERROR) {
+ MessageBox("Could not get a handle to Shell memory object");
+ return;
+ }
+
+ hr = SHGetSpecialFolderLocation(m_hWnd, CSIDL_COMMON_PROGRAMS, &itemList);
+ if (hr != NOERROR) {
+ MessageBox("Could not get a handle to the Common Programs folder");
+ if (itemList) {
+ pMalloc->Free(itemList);
+ }
+ return;
+ }
+
+ hr = SHGetPathFromIDList(itemList, commonPath);
+ pMalloc->Free(itemList);
+
+ if (create) {
+ sprintf(path, "%s\\ISC", commonPath);
+ CreateDirectory(path, NULL);
+
+ sprintf(path, "%s\\ISC\\BIND", commonPath);
+ CreateDirectory(path, NULL);
+
+ hres = CoInitialize(NULL);
+
+ if (SUCCEEDED(hres)) {
+ // Get a pointer to the IShellLink interface.
+ hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, IID_IShellLink, (LPVOID *)&psl);
+ if (SUCCEEDED(hres))
+ {
+ IPersistFile* ppf;
+ sprintf(linkpath, "%s\\BINDCtrl.lnk", path);
+ sprintf(fileloc, "%s\\BINDCtrl.exe", m_binDir);
+
+ psl->SetPath(fileloc);
+ psl->SetDescription("BIND Control Panel");
+
+ hres = psl->QueryInterface(IID_IPersistFile, (void **)&ppf);
+ if (SUCCEEDED(hres)) {
+ WCHAR wsz[MAX_PATH];
+
+ MultiByteToWideChar(CP_ACP, 0, linkpath, -1, wsz, MAX_PATH);
+ hres = ppf->Save(wsz, TRUE);
+ ppf->Release();
+ }
+
+ if (GetFileAttributes("readme.txt") != -1) {
+ sprintf(fileloc, "%s\\Readme.txt", m_targetDir);
+ sprintf(linkpath, "%s\\Readme.lnk", path);
+
+ psl->SetPath(fileloc);
+ psl->SetDescription("BIND Readme");
+
+ hres = psl->QueryInterface(IID_IPersistFile, (void **)&ppf);
+ if (SUCCEEDED(hres)) {
+ WCHAR wsz[MAX_PATH];
+
+ MultiByteToWideChar(CP_ACP, 0, linkpath, -1, wsz, MAX_PATH);
+ hres = ppf->Save(wsz, TRUE);
+ ppf->Release();
+ }
+ psl->Release();
+ }
+ }
+ CoUninitialize();
+ }
+ }
+ else {
+ TCHAR filename[MAX_PATH];
+ WIN32_FIND_DATA fd;
+
+ sprintf(path, "%s\\ISC\\BIND", commonPath);
+
+ sprintf(filename, "%s\\*.*", path);
+ HANDLE hFind = FindFirstFile(filename, &fd);
+ if (hFind != INVALID_HANDLE_VALUE) {
+ do {
+ if (strcmp(fd.cFileName, ".") && strcmp(fd.cFileName, "..")) {
+ sprintf(filename, "%s\\%s", path, fd.cFileName);
+ DeleteFile(filename);
+ }
+ } while (FindNextFile(hFind, &fd));
+ FindClose(hFind);
+ }
+ RemoveDirectory(path);
+ sprintf(path, "%s\\ISC", commonPath);
+ RemoveDirectory(path);
+ }
+}
+
+CString CBINDInstallDlg::DestDir(int destination) {
+ switch(destination) {
+ case FileData::TargetDir:
+ return m_targetDir;
+ case FileData::BinDir:
+ return m_binDir;
+ case FileData::EtcDir:
+ return m_etcDir;
+ case FileData::WinSystem:
+ return m_winSysDir;
+ }
+ return("");
+}
diff --git a/bin/win32/BINDInstall/BINDInstallDlg.h b/bin/win32/BINDInstall/BINDInstallDlg.h
new file mode 100644
index 0000000..597f7a3
--- /dev/null
+++ b/bin/win32/BINDInstall/BINDInstallDlg.h
@@ -0,0 +1,127 @@
+/*
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: BINDInstallDlg.h,v 1.8 2007/06/19 23:47:07 tbox Exp $ */
+
+/*
+ * Copyright (c) 1999-2000 by Nortel Networks Corporation
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+ * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+ * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef BINDINSTALLDLG_H
+#define BINDINSTALLDLG_H
+
+class CBINDInstallDlg : public CDialog
+{
+public:
+ CBINDInstallDlg(CWnd* pParent = NULL); // standard constructor
+
+ //{{AFX_DATA(CBINDInstallDlg)
+ enum { IDD = IDD_BINDINSTALL_DIALOG };
+ CString m_targetDir;
+ CString m_version;
+ BOOL m_autoStart;
+ BOOL m_keepFiles;
+ CString m_current;
+ BOOL m_startOnInstall;
+ //}}AFX_DATA
+
+ // ClassWizard generated virtual function overrides
+ //{{AFX_VIRTUAL(CBINDInstallDlg)
+ protected:
+ virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
+ //}}AFX_VIRTUAL
+
+protected:
+ void StartBINDService();
+ void StopBINDService();
+
+ void InstallTags();
+ void UninstallTags();
+
+ void CreateDirs();
+ void RemoveDirs(BOOL uninstall);
+
+ void CopyFiles();
+ void DeleteFiles(BOOL uninstall);
+
+ void RegisterService();
+ void UpdateService();
+ void UnregisterService(BOOL uninstall);
+
+ void RegisterMessages();
+ void UnregisterMessages(BOOL uninstall);
+
+ void FailedInstall();
+ void SetItemStatus(UINT nID, BOOL bSuccess = TRUE);
+
+ void GetCurrentServiceAccountName();
+ BOOL ValidateServiceAccount();
+protected:
+ CString DestDir(int destination);
+ int MsgBox(int id, ...);
+ int MsgBox(int id, UINT type, ...);
+ CString GetErrMessage(DWORD err = -1);
+ BOOL CheckBINDService();
+ void SetCurrent(int id, ...);
+ void ProgramGroup(BOOL create = TRUE);
+
+ HICON m_hIcon;
+ CString m_defaultDir;
+ CString m_etcDir;
+ CString m_binDir;
+ CString m_winSysDir;
+ BOOL m_installed;
+ CString m_currentDir;
+ BOOL m_accountExists;
+ BOOL m_accountUsed;
+ CString m_currentAccount;
+ CString m_accountName;
+ CString m_accountPasswordConfirm;
+ CString m_accountPassword;
+ BOOL m_serviceExists;
+
+ // Generated message map functions
+ //{{AFX_MSG(CBINDInstallDlg)
+ virtual BOOL OnInitDialog();
+ afx_msg void OnPaint();
+ afx_msg HCURSOR OnQueryDragIcon();
+ afx_msg void OnBrowse();
+ afx_msg void OnChangeTargetdir();
+ afx_msg void OnInstall();
+ afx_msg void OnExit();
+ afx_msg void OnUninstall();
+ afx_msg void OnAutoStart();
+ afx_msg void OnKeepFiles();
+ afx_msg void OnStartOnInstall();
+ //}}AFX_MSG
+ DECLARE_MESSAGE_MAP()
+};
+
+#endif
diff --git a/bin/win32/BINDInstall/DirBrowse.cpp b/bin/win32/BINDInstall/DirBrowse.cpp
new file mode 100644
index 0000000..b4fbf91
--- /dev/null
+++ b/bin/win32/BINDInstall/DirBrowse.cpp
@@ -0,0 +1,103 @@
+/*
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: DirBrowse.cpp,v 1.6 2007/06/19 23:47:07 tbox Exp $ */
+
+/*
+ * Copyright (c) 1999-2000 by Nortel Networks Corporation
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+ * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+ * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include "stdafx.h"
+#include "BINDInstall.h"
+#include "DirBrowse.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+// CDirBrowse dialog
+
+
+CDirBrowse::CDirBrowse(CString initialDir, CWnd* pParent /*=NULL*/)
+ : CDialog(CDirBrowse::IDD, pParent)
+{
+ //{{AFX_DATA_INIT(CDirBrowse)
+ // NOTE: the ClassWizard will add member initialization here
+ //}}AFX_DATA_INIT
+ m_selectedDir = initialDir;
+}
+
+
+void CDirBrowse::DoDataExchange(CDataExchange* pDX)
+{
+ CDialog::DoDataExchange(pDX);
+ //{{AFX_DATA_MAP(CDirBrowse)
+ // NOTE: the ClassWizard will add DDX and DDV calls here
+ //}}AFX_DATA_MAP
+}
+
+
+BEGIN_MESSAGE_MAP(CDirBrowse, CDialog)
+ //{{AFX_MSG_MAP(CDirBrowse)
+ ON_LBN_DBLCLK(IDC_DIRLIST, OnDblclkDirlist)
+ ON_LBN_SELCHANGE(IDC_DIRLIST, OnSelchangeDirlist)
+ //}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// CDirBrowse message handlers
+
+BOOL CDirBrowse::OnInitDialog()
+{
+ CDialog::OnInitDialog();
+
+ DlgDirList((LPTSTR)(LPCTSTR)m_selectedDir, IDC_DIRLIST, IDC_CURDIR, DDL_DIRECTORY);
+
+ return TRUE; // return TRUE unless you set the focus to a control
+ // EXCEPTION: OCX Property Pages should return FALSE
+}
+
+void CDirBrowse::OnDblclkDirlist()
+{
+ CListBox *lb = (CListBox *)GetDlgItem(IDC_DIRLIST);
+ CString curSel;
+
+ lb->GetText(lb->GetCurSel(), curSel);
+ DlgDirList((LPTSTR)(LPCTSTR)curSel, IDC_DIRLIST, IDC_CURDIR, DDL_DIRECTORY);
+}
+
+void CDirBrowse::OnSelchangeDirlist()
+{
+ // TODO: Add your control notification handler code here
+
+}
diff --git a/bin/win32/BINDInstall/DirBrowse.h b/bin/win32/BINDInstall/DirBrowse.h
new file mode 100644
index 0000000..a81605f
--- /dev/null
+++ b/bin/win32/BINDInstall/DirBrowse.h
@@ -0,0 +1,71 @@
+/*
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: DirBrowse.h,v 1.6 2007/06/19 23:47:07 tbox Exp $ */
+
+/*
+ * Copyright (c) 1999-2000 by Nortel Networks Corporation
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+ * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+ * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DIRBROWSE_H
+#define DIRBROWSE_H
+
+class CDirBrowse : public CDialog
+{
+// Construction
+public:
+ CDirBrowse(CString initialDir = "\\", CWnd* pParent = NULL); // standard constructor
+ CString GetSelectedDir() {return(m_selectedDir);}
+
+ //{{AFX_DATA(CDirBrowse)
+ enum { IDD = IDD_BROWSE };
+ // NOTE: the ClassWizard will add data members here
+ //}}AFX_DATA
+
+ // ClassWizard generated virtual function overrides
+ //{{AFX_VIRTUAL(CDirBrowse)
+ protected:
+ virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
+ //}}AFX_VIRTUAL
+
+protected:
+ // Generated message map functions
+ //{{AFX_MSG(CDirBrowse)
+ virtual BOOL OnInitDialog();
+ afx_msg void OnDblclkDirlist();
+ afx_msg void OnSelchangeDirlist();
+ //}}AFX_MSG
+ DECLARE_MESSAGE_MAP()
+
+private:
+ CString m_selectedDir;
+};
+
+#endif
diff --git a/bin/win32/BINDInstall/StdAfx.cpp b/bin/win32/BINDInstall/StdAfx.cpp
new file mode 100644
index 0000000..a4195ca
--- /dev/null
+++ b/bin/win32/BINDInstall/StdAfx.cpp
@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// BINDInstall.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+
+
diff --git a/bin/win32/BINDInstall/StdAfx.h b/bin/win32/BINDInstall/StdAfx.h
new file mode 100644
index 0000000..d5929bb
--- /dev/null
+++ b/bin/win32/BINDInstall/StdAfx.h
@@ -0,0 +1,30 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#if !defined(AFX_STDAFX_H__61537819_39FC_11D3_A97A_00105A12BD65__INCLUDED_)
+#define AFX_STDAFX_H__61537819_39FC_11D3_A97A_00105A12BD65__INCLUDED_
+
+#if _MSC_VER > 1000
+#pragma once
+#endif // _MSC_VER > 1000
+
+#define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
+
+#include <afxwin.h> // MFC core and standard components
+#include <afxext.h> // MFC extensions
+#include <afxdtctl.h> // MFC support for Internet Explorer 4 Common Controls
+#ifndef _AFX_NO_AFXCMN_SUPPORT
+#include <afxcmn.h> // MFC support for Windows Common Controls
+#endif // _AFX_NO_AFXCMN_SUPPORT
+
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_STDAFX_H__61537819_39FC_11D3_A97A_00105A12BD65__INCLUDED_)
diff --git a/bin/win32/BINDInstall/VersionInfo.cpp b/bin/win32/BINDInstall/VersionInfo.cpp
new file mode 100644
index 0000000..e940e9e
--- /dev/null
+++ b/bin/win32/BINDInstall/VersionInfo.cpp
@@ -0,0 +1,286 @@
+// VersionInfo.cpp: implementation of the CVersionInfo class.
+//
+//////////////////////////////////////////////////////////////////////
+
+#include "stdafx.h"
+#include "bindinstall.h"
+#include "VersionInfo.h"
+#include <winver.h>
+
+#ifdef _DEBUG
+#undef THIS_FILE
+static char THIS_FILE[]=__FILE__;
+#define new DEBUG_NEW
+#endif
+
+//////////////////////////////////////////////////////////////////////
+// Construction/Destruction
+//////////////////////////////////////////////////////////////////////
+
+CVersionInfo::CVersionInfo(CString filename)
+{
+ HANDLE hFile;
+ WIN32_FIND_DATA fd;
+ memset(&fd, 0, sizeof(WIN32_FIND_DATA));
+
+ m_status = ERROR_SUCCESS;
+ m_isValid = FALSE;
+ m_filename = filename;
+
+ // See if the given file exists
+ hFile = FindFirstFile(filename, &fd);
+ if(hFile == INVALID_HANDLE_VALUE)
+ {
+ m_status = ERROR_FILE_NOT_FOUND;
+ m_versionInfo = NULL;
+ return;
+ }
+ FindClose(hFile);
+
+ // Extract the file info
+ DWORD handle;
+ DWORD viSize = GetFileVersionInfoSize((LPTSTR)(LPCTSTR)filename, &handle);
+ m_versionInfo = NULL;
+
+ if(viSize == 0)
+ {
+ m_status = GetLastError();
+ }
+ else
+ {
+ m_versionInfo = new char[viSize];
+
+ // Get the block of version info from the file
+ if(!GetFileVersionInfo((LPTSTR)(LPCTSTR)filename, handle, viSize, m_versionInfo))
+ {
+ if(m_versionInfo)
+ {
+ delete [] m_versionInfo;
+ m_versionInfo = NULL;
+ }
+ return;
+ }
+
+ // Now extract the sub block we are interested in
+ UINT versionLen = 0;
+ LPVOID viBlob = NULL;
+ if(!VerQueryValue(m_versionInfo, "\\", &viBlob, &versionLen))
+ {
+ if(m_versionInfo)
+ {
+ delete [] m_versionInfo;
+ m_versionInfo = NULL;
+ }
+ return;
+ }
+
+ // And finally the version info is ours
+ m_fixedInfo = (VS_FIXEDFILEINFO *)viBlob;
+
+ UINT blobLen = 0;
+
+ // If we got here, all is good
+ }
+ m_isValid = TRUE;
+}
+
+CVersionInfo::~CVersionInfo()
+{
+ m_fixedInfo = NULL;
+ if(m_versionInfo)
+ {
+ delete [] m_versionInfo;
+ m_versionInfo = NULL;
+ }
+}
+
+CString CVersionInfo::GetFileVersionString()
+{
+ return(QueryStringValue("FileVersion"));
+}
+
+CString CVersionInfo::GetProductVersionString()
+{
+ return(QueryStringValue("ProductVersion"));
+}
+
+CString CVersionInfo::GetComments()
+{
+ return(QueryStringValue("Comments"));
+}
+
+CString CVersionInfo::GetFileDescription()
+{
+ return(QueryStringValue("FileDescription"));
+}
+
+CString CVersionInfo::GetInternalName()
+{
+ return(QueryStringValue("InternalName"));
+}
+
+CString CVersionInfo::GetLegalCopyright()
+{
+ return(QueryStringValue("LegalCopyright"));
+}
+
+CString CVersionInfo::GetLegalTrademarks()
+{
+ return(QueryStringValue("LegalTrademarks"));
+}
+
+CString CVersionInfo::GetOriginalFileName()
+{
+ return(QueryStringValue("OriginalFilename"));
+}
+
+CString CVersionInfo::GetProductName()
+{
+ return(QueryStringValue("ProductName"));
+}
+
+CString CVersionInfo::GetSpecialBuildString()
+{
+ return(QueryStringValue("SpecialBuild"));
+}
+
+CString CVersionInfo::GetPrivateBuildString()
+{
+ return(QueryStringValue("PrivateBuild"));
+}
+
+CString CVersionInfo::GetCompanyName()
+{
+ return(QueryStringValue("CompanyName"));
+}
+
+#ifdef NOTUSED
+BOOL CVersionInfo::CopyFileCheckVersion(CVersionInfo &originalFile)
+{
+ _int64 myVer = GetFileVersion();
+ _int64 origVer = originalFile.GetFileVersion();
+
+ if(origVer > myVer)
+ {
+ CString msg;
+ msg.Format(IDS_EXISTING_NEWER, m_filename);
+ DWORD query = AfxMessageBox(msg, MB_YESNO);
+ if(query == IDNO)
+ return(TRUE);
+ }
+
+ return(CopyFileNoVersion(originalFile));
+}
+#endif
+
+BOOL CVersionInfo::CopyFileNoVersion(CVersionInfo &originalFile)
+{
+ int x = 7;
+ return(CopyFile(originalFile.GetFilename(), m_filename, FALSE));
+}
+
+
+_int64 CVersionInfo::GetFileVersion()
+{
+ _int64 ver = 0;
+
+ if(m_versionInfo)
+ {
+ ver = m_fixedInfo->dwFileVersionMS;
+ ver <<= 32;
+ ver += m_fixedInfo->dwFileVersionLS;
+ }
+ return(ver);
+}
+
+_int64 CVersionInfo::GetProductVersion()
+{
+ _int64 ver = 0;
+
+ if(m_versionInfo)
+ {
+ ver = m_fixedInfo->dwProductVersionMS;
+ ver <<= 32;
+ ver += m_fixedInfo->dwProductVersionLS;
+ }
+ return(ver);
+}
+
+_int64 CVersionInfo::GetFileDate()
+{
+ _int64 fDate = 0;
+
+ if(m_versionInfo)
+ {
+ fDate = m_fixedInfo->dwFileDateMS;
+ fDate <<= 32;
+ fDate += m_fixedInfo->dwFileDateLS;
+ }
+ return(fDate);
+}
+
+DWORD CVersionInfo::GetFileFlagMask()
+{
+ if(m_versionInfo)
+ {
+ return(m_fixedInfo->dwFileFlagsMask);
+ }
+ return(0);
+}
+
+DWORD CVersionInfo::GetFileFlags()
+{
+ if(m_versionInfo)
+ {
+ return(m_fixedInfo->dwFileFlags);
+ }
+ return(0);
+}
+
+DWORD CVersionInfo::GetFileOS()
+{
+ if(m_versionInfo)
+ {
+ return(m_fixedInfo->dwFileOS);
+ }
+ return(VOS_UNKNOWN);
+}
+
+DWORD CVersionInfo::GetFileType()
+{
+ if(m_versionInfo)
+ {
+ return(m_fixedInfo->dwFileType);
+ }
+ return(VFT_UNKNOWN);
+}
+
+DWORD CVersionInfo::GetFileSubType()
+{
+ if(m_versionInfo)
+ {
+ return(m_fixedInfo->dwFileSubtype);
+ }
+ return(VFT2_UNKNOWN);
+}
+
+CString CVersionInfo::QueryStringValue(CString value)
+{
+ UINT blobLen = 0;
+ LPVOID viBlob = NULL;
+
+ if(m_versionInfo)
+ {
+ char queryString[256];
+
+ // This code page value is for American English. If you change the resources to be other than that
+ // You probably should change this to match it.
+ DWORD codePage = 0x040904B0;
+
+ sprintf(queryString, "\\StringFileInfo\\%08X\\%s", codePage, value);
+
+ if(VerQueryValue(m_versionInfo, queryString, &viBlob, &blobLen))
+ return((char *)viBlob);
+ }
+ return("Not Available");
+}
diff --git a/bin/win32/BINDInstall/VersionInfo.h b/bin/win32/BINDInstall/VersionInfo.h
new file mode 100644
index 0000000..ec21540
--- /dev/null
+++ b/bin/win32/BINDInstall/VersionInfo.h
@@ -0,0 +1,62 @@
+// VersionInfo.h: interface for the CVersionInfo class.
+//
+//////////////////////////////////////////////////////////////////////
+
+#if !defined(AFX_VERSIONINFO_H__F82E9FF3_5298_11D4_AB87_00C04F789BA0__INCLUDED_)
+#define AFX_VERSIONINFO_H__F82E9FF3_5298_11D4_AB87_00C04F789BA0__INCLUDED_
+
+#if _MSC_VER > 1000
+#pragma once
+#endif // _MSC_VER > 1000
+
+class CVersionInfo
+{
+public:
+ CVersionInfo(CString filename);
+ virtual ~CVersionInfo();
+ BOOL IsValid() {return m_isValid;}
+ DWORD GetStatus() {return m_status;}
+
+ BOOL CopyFileCheckVersion(CVersionInfo &originalFile);
+ BOOL CopyFileNoVersion(CVersionInfo &originalFile);
+
+ const CString &GetFilename() {return m_filename;}
+
+ // Extract the elements of the file's string info block
+ CString GetFileVersionString();
+ CString GetProductVersionString();
+ CString GetComments();
+ CString GetFileDescription();
+ CString GetInternalName();
+ CString GetLegalCopyright();
+ CString GetLegalTrademarks();
+ CString GetOriginalFileName();
+ CString GetProductName();
+ CString GetSpecialBuildString();
+ CString GetPrivateBuildString();
+ CString GetCompanyName();
+
+
+ // Extract the elements of the file's VS_FIXEDFILEINFO block
+ _int64 GetFileVersion();
+ _int64 GetProductVersion();
+ _int64 GetFileDate();
+
+ DWORD GetFileFlagMask();
+ DWORD GetFileFlags();
+ DWORD GetFileOS();
+ DWORD GetFileType();
+ DWORD GetFileSubType();
+
+private:
+ CString m_filename;
+ BOOL m_isValid;
+ LPVOID m_versionInfo;
+ VS_FIXEDFILEINFO *m_fixedInfo;
+ DWORD m_codePage;
+ DWORD m_status;
+
+ CString QueryStringValue(CString value);
+};
+
+#endif // !defined(AFX_VERSIONINFO_H__F82E9FF3_5298_11D4_AB87_00C04F789BA0__INCLUDED_)
diff --git a/bin/win32/BINDInstall/res/BINDInstall.ico b/bin/win32/BINDInstall/res/BINDInstall.ico
new file mode 100644
index 0000000..2cf25fe
--- /dev/null
+++ b/bin/win32/BINDInstall/res/BINDInstall.ico
Binary files differ
diff --git a/bin/win32/BINDInstall/res/BINDInstall.rc2 b/bin/win32/BINDInstall/res/BINDInstall.rc2
new file mode 100644
index 0000000..4fc93bb
--- /dev/null
+++ b/bin/win32/BINDInstall/res/BINDInstall.rc2
@@ -0,0 +1,13 @@
+//
+// BINDINSTALL.RC2 - resources Microsoft Visual C++ does not edit directly
+//
+
+#ifdef APSTUDIO_INVOKED
+ #error this file is not editable by Microsoft Visual C++
+#endif //APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+// Add manually edited resources here...
+
+/////////////////////////////////////////////////////////////////////////////
diff --git a/bin/win32/BINDInstall/resource.h b/bin/win32/BINDInstall/resource.h
new file mode 100644
index 0000000..14b5084
--- /dev/null
+++ b/bin/win32/BINDInstall/resource.h
@@ -0,0 +1,103 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by BINDInstall.rc
+//
+#define IDS_MAINFRAME 1
+#define IDS_CREATEDIR 2
+#define IDS_SUCCESS 3
+#define IDS_FAIL 4
+#define IDS_DIREXIST 5
+#define IDS_INSTALL_DIR 6
+#define IDS_INSTALL_FILE 7
+#define IDS_INSTALL_SERVICE 8
+#define IDS_INSTALL_MESSAGE 9
+#define IDS_UNINSTALL 14
+#define IDS_UNINSTALL_DONE 15
+#define IDS_CREATE_KEY 16
+#define IDS_ADD_REMOVE 17
+#define IDS_CLEANUP 18
+#define IDS_INSTALL_DONE 19
+#define IDS_CREATE_DIR 20
+#define IDS_REMOVE_DIR 21
+#define IDS_COPY_FILE 22
+#define IDS_DELETE_FILE 23
+#define IDS_OPEN_SCM 24
+#define IDS_CREATE_SERVICE 25
+#define IDS_OPEN_SERVICE 26
+#define IDS_REMOVE_SERVICE 27
+#define IDS_REGISTER_MESSAGES 28
+#define IDS_UNREGISTER_MESSAGES 29
+#define IDS_STOP_SERVICE 30
+#define IDS_START_SERVICE 31
+#define IDS_UNINSTALL_DIR 32
+#define IDS_UNINSTALL_FILES 33
+#define IDS_UNINSTALL_SERVICE 34
+#define IDS_UNINSTALL_MESSAGE 35
+#define IDS_ERR_OPEN_SCM 36
+#define IDS_ERR_OPEN_SERVICE 37
+#define IDS_ERR_STOP_SERVICE 38
+#define IDS_ERR_NONCRIT_FILE 39
+#define IDS_ERR_CRITICAL_FILE 40
+#define IDS_ERR_COPY_FILE 40
+#define IDS_ERR_CREATE_SERVICE 41
+#define IDS_ERR_REMOVE_SERVICE 42
+#define IDS_REBOOT 43
+#define IDS_BAD_PRIVILEGES 44
+#define IDS_ERR_CREATE_DIR 45
+#define IDS_VERSION 46
+#define IDS_ERR_CREATE_KEY 47
+#define IDS_ERR_SET_VALUE 48
+#define IDS_NO_VERSION 49
+#define IDS_EXISTING_NEWER 50
+#define IDS_FILE_BAD 51
+#define IDS_ERR_TOOPRIVED 52
+#define IDS_ERR_BADACCOUNT 53
+#define IDS_ERR_WRONGPRIV 54
+#define IDS_CREATEACCOUNT_FAILED 55
+#define IDS_ERR_PASSWORD 56
+#define IDS_ERR_UPDATE_SERVICE 57
+#define IDS_ERR_NULLPASSWORD 58
+#define IDS_ERR_WHITESPACE 59
+#define IDD_BINDINSTALL_DIALOG 102
+#define IDR_MAINFRAME 128
+#define IDD_BROWSE 129
+#define IDI_CHECK 130
+#define IDI_X 132
+#define IDC_CURSOR1 142
+#define IDD_DIALOG1 143
+#define IDC_TARGETDIR 1001
+#define IDC_BROWSE 1002
+#define IDC_DIRLIST 1004
+#define IDC_CURDIR 1005
+#define IDC_INSTALL 1006
+#define IDC_COPY_FILE 1007
+#define IDC_REG_SERVICE 1008
+#define IDC_REG_MESSAGE 1009
+#define IDC_CREATE_DIR 1010
+#define IDC_EXIT 1011
+#define IDC_DIR_TAG 1012
+#define IDC_COPY_TAG 1013
+#define IDC_SERVICE_TAG 1014
+#define IDC_MESSAGE_TAG 1015
+#define IDC_AUTO_START 1016
+#define IDC_UNINSTALL 1017
+#define IDC_VERSION 1018
+#define IDC_KEEP_FILES 1019
+#define IDC_CURRENT_TAG 1020
+#define IDC_DRIVES 1021
+#define IDC_CURRENT 1021
+#define IDC_START 1022
+#define IDC_ACCOUNT_NAME 1030
+#define IDC_ACCOUNT_PASSWORD 1031
+#define IDC_ACCOUNT_PASSWORD_CONFIRM 1032
+
+// Next default values for new objects
+//
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE 144
+#define _APS_NEXT_COMMAND_VALUE 32771
+#define _APS_NEXT_CONTROL_VALUE 1027
+#define _APS_NEXT_SYMED_VALUE 104
+#endif
+#endif