From f50ae72ec3417cae55dd4e085991c01af9fdc5f1 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mnagy@redhat.com>
Date: Wed, 11 Feb 2009 20:37:59 +0100
Subject: Initial commit

---
 bin/rndc/Makefile.in          | 104 +++++
 bin/rndc/include/rndc/os.h    |  46 +++
 bin/rndc/rndc-confgen.8       | 211 +++++++++++
 bin/rndc/rndc-confgen.c       | 342 +++++++++++++++++
 bin/rndc/rndc-confgen.docbook | 286 ++++++++++++++
 bin/rndc/rndc-confgen.html    | 188 +++++++++
 bin/rndc/rndc.8               | 148 ++++++++
 bin/rndc/rndc.c               | 859 ++++++++++++++++++++++++++++++++++++++++++
 bin/rndc/rndc.conf            |  47 +++
 bin/rndc/rndc.conf.5          | 214 +++++++++++
 bin/rndc/rndc.conf.docbook    | 252 +++++++++++++
 bin/rndc/rndc.conf.html       | 217 +++++++++++
 bin/rndc/rndc.docbook         | 253 +++++++++++++
 bin/rndc/rndc.html            | 165 ++++++++
 bin/rndc/unix/Makefile.in     |  36 ++
 bin/rndc/unix/os.c            |  70 ++++
 bin/rndc/util.c               |  57 +++
 bin/rndc/util.h               |  51 +++
 bin/rndc/win32/confgen.dsp    | 111 ++++++
 bin/rndc/win32/confgen.dsw    |  29 ++
 bin/rndc/win32/confgen.mak    | 313 +++++++++++++++
 bin/rndc/win32/os.c           |  65 ++++
 bin/rndc/win32/rndc.dsp       | 107 ++++++
 bin/rndc/win32/rndc.dsw       |  29 ++
 bin/rndc/win32/rndc.mak       | 425 +++++++++++++++++++++
 bin/rndc/win32/rndcutil.dsp   | 119 ++++++
 bin/rndc/win32/rndcutil.dsw   |  29 ++
 27 files changed, 4773 insertions(+)
 create mode 100644 bin/rndc/Makefile.in
 create mode 100644 bin/rndc/include/rndc/os.h
 create mode 100644 bin/rndc/rndc-confgen.8
 create mode 100644 bin/rndc/rndc-confgen.c
 create mode 100644 bin/rndc/rndc-confgen.docbook
 create mode 100644 bin/rndc/rndc-confgen.html
 create mode 100644 bin/rndc/rndc.8
 create mode 100644 bin/rndc/rndc.c
 create mode 100644 bin/rndc/rndc.conf
 create mode 100644 bin/rndc/rndc.conf.5
 create mode 100644 bin/rndc/rndc.conf.docbook
 create mode 100644 bin/rndc/rndc.conf.html
 create mode 100644 bin/rndc/rndc.docbook
 create mode 100644 bin/rndc/rndc.html
 create mode 100644 bin/rndc/unix/Makefile.in
 create mode 100644 bin/rndc/unix/os.c
 create mode 100644 bin/rndc/util.c
 create mode 100644 bin/rndc/util.h
 create mode 100644 bin/rndc/win32/confgen.dsp
 create mode 100644 bin/rndc/win32/confgen.dsw
 create mode 100644 bin/rndc/win32/confgen.mak
 create mode 100644 bin/rndc/win32/os.c
 create mode 100644 bin/rndc/win32/rndc.dsp
 create mode 100644 bin/rndc/win32/rndc.dsw
 create mode 100644 bin/rndc/win32/rndc.mak
 create mode 100644 bin/rndc/win32/rndcutil.dsp
 create mode 100644 bin/rndc/win32/rndcutil.dsw

(limited to 'bin/rndc')

diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in
new file mode 100644
index 0000000..9b0e20d
--- /dev/null
+++ b/bin/rndc/Makefile.in
@@ -0,0 +1,104 @@
+# Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.44 2007/06/18 23:47:22 tbox Exp $
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
+	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCCCLIBS =	../../lib/isccc/libisccc.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS =	../../lib/bind9/libbind9.@A@
+
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
+
+RNDCLIBS =	${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
+RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+CONFLIBS =	${DNSLIBS} ${ISCLIBS} @LIBS@
+CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
+
+SRCS=		rndc.c rndc-confgen.c
+
+SUBDIRS =	unix
+
+TARGETS =	rndc@EXEEXT@ rndc-confgen@EXEEXT@
+
+MANPAGES =	rndc.8 rndc-confgen.8 rndc.conf.5
+
+HTMLPAGES =	rndc.html rndc-confgen.html rndc.conf.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
+
+UOBJS =		unix/os.@O@
+
+@BIND9_MAKE_RULES@
+
+rndc.@O@: rndc.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+		-DVERSION=\"${VERSION}\" \
+		-DRNDC_CONFFILE=\"${sysconfdir}/rndc.conf\" \
+		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+		-c ${srcdir}/rndc.c
+
+rndc-confgen.@O@: rndc-confgen.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+		-c ${srcdir}/rndc-confgen.c
+
+rndc@EXEEXT@: rndc.@O@ util.@O@ ${RNDCDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc.@O@ util.@O@ \
+		${RNDCLIBS}
+
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ ${UOBJS} ${CONFDEPLIBS} 
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc-confgen.@O@ util.@O@ \
+		${UOBJS} ${CONFLIBS}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
+
+install:: rndc@EXEEXT@ rndc-confgen@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc@EXEEXT@ ${DESTDIR}${sbindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+	${INSTALL_DATA} ${srcdir}/rndc.8 ${DESTDIR}${mandir}/man8
+	${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
+	${INSTALL_DATA} ${srcdir}/rndc.conf.5 ${DESTDIR}${mandir}/man5
+
+clean distclean maintainer-clean::
+	rm -f ${TARGETS}
diff --git a/bin/rndc/include/rndc/os.h b/bin/rndc/include/rndc/os.h
new file mode 100644
index 0000000..6e3007c
--- /dev/null
+++ b/bin/rndc/include/rndc/os.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.h,v 1.9 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#ifndef RNDC_OS_H
+#define RNDC_OS_H 1
+
+#include <isc/lang.h>
+#include <stdio.h>
+
+ISC_LANG_BEGINDECLS
+
+FILE *safe_create(const char *filename);
+/*%<
+ * Open 'filename' for writing, truncate if necessary.  If the file was
+ * created ensure that only the owner can read/write it.
+ */
+
+int set_user(FILE *fd, const char *user);
+/*%<
+ * Set the owner of the file refernced by 'fd' to 'user'.
+ * Returns:
+ *   0 		success
+ *   -1 	insufficient permissions, or 'user' does not exist.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif
diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8
new file mode 100644
index 0000000..440870a
--- /dev/null
+++ b/bin/rndc/rndc-confgen.8
@@ -0,0 +1,211 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003 Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc-confgen.8,v 1.20 2007/01/30 00:24:59 marka Exp $
+.\"
+.hy 0
+.ad l
+.\"     Title: rndc\-confgen
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: Aug 27, 2001
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc\-confgen \- rndc key generation tool
+.SH "SYNOPSIS"
+.HP 13
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
+.SH "DESCRIPTION"
+.PP
+\fBrndc\-confgen\fR
+generates configuration files for
+\fBrndc\fR. It can be used as a convenient alternative to writing the
+\fIrndc.conf\fR
+file and the corresponding
+\fBcontrols\fR
+and
+\fBkey\fR
+statements in
+\fInamed.conf\fR
+by hand. Alternatively, it can be run with the
+\fB\-a\fR
+option to set up a
+\fIrndc.key\fR
+file and avoid the need for a
+\fIrndc.conf\fR
+file and a
+\fBcontrols\fR
+statement altogether.
+.SH "OPTIONS"
+.PP
+\-a
+.RS 4
+Do automatic
+\fBrndc\fR
+configuration. This creates a file
+\fIrndc.key\fR
+in
+\fI/etc\fR
+(or whatever
+\fIsysconfdir\fR
+was specified as when
+BIND
+was built) that is read by both
+\fBrndc\fR
+and
+\fBnamed\fR
+on startup. The
+\fIrndc.key\fR
+file defines a default command channel and authentication key allowing
+\fBrndc\fR
+to communicate with
+\fBnamed\fR
+on the local host with no further configuration.
+.sp
+Running
+\fBrndc\-confgen \-a\fR
+allows BIND 9 and
+\fBrndc\fR
+to be used as drop\-in replacements for BIND 8 and
+\fBndc\fR, with no changes to the existing BIND 8
+\fInamed.conf\fR
+file.
+.sp
+If a more elaborate configuration than that generated by
+\fBrndc\-confgen \-a\fR
+is required, for example if rndc is to be used remotely, you should run
+\fBrndc\-confgen\fR
+without the
+\fB\-a\fR
+option and set up a
+\fIrndc.conf\fR
+and
+\fInamed.conf\fR
+as directed.
+.RE
+.PP
+\-b \fIkeysize\fR
+.RS 4
+Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
+.RE
+.PP
+\-c \fIkeyfile\fR
+.RS 4
+Used with the
+\fB\-a\fR
+option to specify an alternate location for
+\fIrndc.key\fR.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBrndc\-confgen\fR.
+.RE
+.PP
+\-k \fIkeyname\fR
+.RS 4
+Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
+\fBrndc\-key\fR.
+.RE
+.PP
+\-p \fIport\fR
+.RS 4
+Specifies the command channel port where
+\fBnamed\fR
+listens for connections from
+\fBrndc\fR. The default is 953.
+.RE
+.PP
+\-r \fIrandomfile\fR
+.RS 4
+Specifies a source of random data for generating the authorization. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
+\-s \fIaddress\fR
+.RS 4
+Specifies the IP address where
+\fBnamed\fR
+listens for command channel connections from
+\fBrndc\fR. The default is the loopback address 127.0.0.1.
+.RE
+.PP
+\-t \fIchrootdir\fR
+.RS 4
+Used with the
+\fB\-a\fR
+option to specify a directory where
+\fBnamed\fR
+will run chrooted. An additional copy of the
+\fIrndc.key\fR
+will be written relative to this directory so that it will be found by the chrooted
+\fBnamed\fR.
+.RE
+.PP
+\-u \fIuser\fR
+.RS 4
+Used with the
+\fB\-a\fR
+option to set the owner of the
+\fIrndc.key\fR
+file generated. If
+\fB\-t\fR
+is also specified only the file in the chroot area has its owner changed.
+.RE
+.SH "EXAMPLES"
+.PP
+To allow
+\fBrndc\fR
+to be used with no manual configuration, run
+.PP
+\fBrndc\-confgen \-a\fR
+.PP
+To print a sample
+\fIrndc.conf\fR
+file and corresponding
+\fBcontrols\fR
+and
+\fBkey\fR
+statements to be manually inserted into
+\fInamed.conf\fR, run
+.PP
+\fBrndc\-confgen\fR
+.SH "SEE ALSO"
+.PP
+\fBrndc\fR(8),
+\fBrndc.conf\fR(5),
+\fBnamed\fR(8),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc-confgen.c b/bin/rndc/rndc-confgen.c
new file mode 100644
index 0000000..221135e
--- /dev/null
+++ b/bin/rndc/rndc-confgen.c
@@ -0,0 +1,342 @@
+/*
+ * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc-confgen.c,v 1.26 2008/10/15 23:47:31 tbox Exp $ */
+
+/*! \file */
+
+/**
+ * rndc-confgen generates configuration files for rndc. It can be used
+ * as a convenient alternative to writing the rndc.conf file and the
+ * corresponding controls and key statements in named.conf by hand.
+ * Alternatively, it can be run with the -a option to set up a
+ * rndc.key file and avoid the need for a rndc.conf file and a
+ * controls statement altogether.
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include <isc/assertions.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/file.h>
+#include <isc/keyboard.h>
+#include <isc/mem.h>
+#include <isc/net.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/string.h>
+#include <isc/time.h>
+#include <isc/util.h>
+
+#include <dns/keyvalues.h>
+#include <dns/name.h>
+
+#include <dst/dst.h>
+#include <rndc/os.h>
+
+#include "util.h"
+
+#define DEFAULT_KEYLENGTH	128		/*% Bits. */
+#define DEFAULT_KEYNAME		"rndc-key"
+#define DEFAULT_SERVER		"127.0.0.1"
+#define DEFAULT_PORT		953
+
+static char program[256];
+const char *progname;
+
+isc_boolean_t verbose = ISC_FALSE;
+
+const char *keyfile, *keydef;
+
+static void
+usage(int status) {
+
+	fprintf(stderr, "\
+Usage:\n\
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
+[-s addr] [-t chrootdir] [-u user]\n\
+  -a:		generate just the key clause and write it to keyfile (%s)\n\
+  -b bits:	from 1 through 512, default %d; total length of the secret\n\
+  -c keyfile:	specify an alternate key file (requires -a)\n\
+  -k keyname:	the name as it will be used  in named.conf and rndc.conf\n\
+  -p port:	the port named will listen on and rndc will connect to\n\
+  -r randomfile: a file containing random data\n\
+  -s addr:	the address to which rndc should connect\n\
+  -t chrootdir:	write a keyfile in chrootdir as well (requires -a)\n\
+  -u user:	set the keyfile owner to \"user\" (requires -a)\n",
+		progname, keydef, DEFAULT_KEYLENGTH);
+
+	exit (status);
+}
+
+/*%
+ * Write an rndc.key file to 'keyfile'.  If 'user' is non-NULL,
+ * make that user the owner of the file.  The key will have
+ * the name 'keyname' and the secret in the buffer 'secret'.
+ */
+static void
+write_key_file(const char *keyfile, const char *user,
+	       const char *keyname, isc_buffer_t *secret )
+{
+	FILE *fd;
+
+	fd = safe_create(keyfile);
+	if (fd == NULL)
+		fatal( "unable to create \"%s\"\n", keyfile);
+	if (user != NULL) {
+		if (set_user(fd, user) == -1)
+			fatal("unable to set file owner\n");
+	}
+	fprintf(fd, "key \"%s\" {\n\talgorithm hmac-md5;\n"
+		"\tsecret \"%.*s\";\n};\n", keyname,
+		(int)isc_buffer_usedlength(secret),
+		(char *)isc_buffer_base(secret));
+	fflush(fd);
+	if (ferror(fd))
+		fatal("write to %s failed\n", keyfile);
+	if (fclose(fd))
+		fatal("fclose(%s) failed\n", keyfile);
+	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
+}
+
+int
+main(int argc, char **argv) {
+	isc_boolean_t show_final_mem = ISC_FALSE;
+	isc_buffer_t key_rawbuffer;
+	isc_buffer_t key_txtbuffer;
+	isc_region_t key_rawregion;
+	isc_mem_t *mctx = NULL;
+	isc_entropy_t *ectx = NULL;
+	isc_entropysource_t *entropy_source = NULL;
+	isc_result_t result = ISC_R_SUCCESS;
+	dst_key_t *key = NULL;
+	const char *keyname = NULL;
+	const char *randomfile = NULL;
+	const char *serveraddr = NULL;
+	char key_rawsecret[64];
+	char key_txtsecret[256];
+	char *p;
+	int ch;
+	int port;
+	int keysize;
+	int entropy_flags = 0;
+	int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
+	struct in_addr addr4_dummy;
+	struct in6_addr addr6_dummy;
+	char *chrootdir = NULL;
+	char *user = NULL;
+	isc_boolean_t keyonly = ISC_FALSE;
+	int len;
+
+	keydef = keyfile = RNDC_KEYFILE;
+
+	result = isc_file_progname(*argv, program, sizeof(program));
+	if (result != ISC_R_SUCCESS)
+		memcpy(program, "rndc-confgen", 13);
+	progname = program;
+
+	keyname = DEFAULT_KEYNAME;
+	keysize = DEFAULT_KEYLENGTH;
+	serveraddr = DEFAULT_SERVER;
+	port = DEFAULT_PORT;
+
+	isc_commandline_errprint = ISC_FALSE;
+
+	while ((ch = isc_commandline_parse(argc, argv,
+					   "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) {
+		switch (ch) {
+		case 'a':
+			keyonly = ISC_TRUE;
+			break;
+		case 'b':
+			keysize = strtol(isc_commandline_argument, &p, 10);
+			if (*p != '\0' || keysize < 0)
+				fatal("-b requires a non-negative number");
+			if (keysize < 1 || keysize > 512)
+				fatal("-b must be in the range 1 through 512");
+			break;
+		case 'c':
+			keyfile = isc_commandline_argument;
+			break;
+		case 'h':
+			usage(0);
+		case 'k':
+		case 'y':	/* Compatible with rndc -y. */
+			keyname = isc_commandline_argument;
+			break;
+		case 'M':
+			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+			break;
+
+		case 'm':
+			show_final_mem = ISC_TRUE;
+			break;
+		case 'p':
+			port = strtol(isc_commandline_argument, &p, 10);
+			if (*p != '\0' || port < 0 || port > 65535)
+				fatal("port '%s' out of range",
+				      isc_commandline_argument);
+			break;
+		case 'r':
+			randomfile = isc_commandline_argument;
+			break;
+		case 's':
+			serveraddr = isc_commandline_argument;
+			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
+			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
+				fatal("-s should be an IPv4 or IPv6 address");
+			break;
+		case 't':
+			chrootdir = isc_commandline_argument;
+			break;
+		case 'u':
+			user = isc_commandline_argument;
+			break;
+		case 'V':
+			verbose = ISC_TRUE;
+			break;
+		case '?':
+			if (isc_commandline_option != '?') {
+				fprintf(stderr, "%s: invalid argument -%c\n",
+					program, isc_commandline_option);
+				usage(1);
+			} else
+				usage(0);
+			break;
+		default:
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
+			exit(1);
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc > 0)
+		usage(1);
+
+	DO("create memory context", isc_mem_create(0, 0, &mctx));
+
+	DO("create entropy context", isc_entropy_create(mctx, &ectx));
+
+	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
+		randomfile = NULL;
+		open_keyboard = ISC_ENTROPY_KEYBOARDYES;
+	}
+	DO("start entropy source", isc_entropy_usebestsource(ectx,
+							     &entropy_source,
+							     randomfile,
+							     open_keyboard));
+
+	entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
+
+	DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
+
+	DO("generate key", dst_key_generate(dns_rootname, DST_ALG_HMACMD5,
+					    keysize, 0, 0,
+					    DNS_KEYPROTO_ANY,
+					    dns_rdataclass_in, mctx, &key));
+
+	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
+
+	DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
+
+	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
+	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
+
+	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
+						     &key_txtbuffer));
+
+	/*
+	 * Shut down the entropy source now so the "stop typing" message
+	 * does not muck with the output.
+	 */
+	if (entropy_source != NULL)
+		isc_entropy_destroysource(&entropy_source);
+
+	if (key != NULL)
+		dst_key_free(&key);
+
+	isc_entropy_detach(&ectx);
+	dst_lib_destroy();
+
+	if (keyonly) {
+		write_key_file(keyfile, chrootdir == NULL ? user : NULL,
+			       keyname, &key_txtbuffer);
+
+		if (chrootdir != NULL) {
+			char *buf;
+			len = strlen(chrootdir) + strlen(keyfile) + 2;
+			buf = isc_mem_get(mctx, len);
+			if (buf == NULL)
+				fatal("isc_mem_get(%d) failed\n", len);
+			snprintf(buf, len, "%s%s%s", chrootdir,
+				 (*keyfile != '/') ? "/" : "", keyfile);
+
+			write_key_file(buf, user, keyname, &key_txtbuffer);
+			isc_mem_put(mctx, buf, len);
+		}
+	} else {
+		printf("\
+# Start of rndc.conf\n\
+key \"%s\" {\n\
+	algorithm hmac-md5;\n\
+	secret \"%.*s\";\n\
+};\n\
+\n\
+options {\n\
+	default-key \"%s\";\n\
+	default-server %s;\n\
+	default-port %d;\n\
+};\n\
+# End of rndc.conf\n\
+\n\
+# Use with the following in named.conf, adjusting the allow list as needed:\n\
+# key \"%s\" {\n\
+# 	algorithm hmac-md5;\n\
+# 	secret \"%.*s\";\n\
+# };\n\
+# \n\
+# controls {\n\
+# 	inet %s port %d\n\
+# 		allow { %s; } keys { \"%s\"; };\n\
+# };\n\
+# End of named.conf\n",
+		       keyname,
+		       (int)isc_buffer_usedlength(&key_txtbuffer),
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       keyname, serveraddr, port,
+		       keyname,
+		       (int)isc_buffer_usedlength(&key_txtbuffer),
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       serveraddr, port, serveraddr, keyname);
+	}
+
+	if (show_final_mem)
+		isc_mem_stats(mctx, stderr);
+
+	isc_mem_destroy(&mctx);
+
+	return (0);
+}
diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook
new file mode 100644
index 0000000..4c51da5
--- /dev/null
+++ b/bin/rndc/rndc-confgen.docbook
@@ -0,0 +1,286 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003  Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc-confgen.docbook,v 1.13 2007/06/18 23:47:25 tbox Exp $ -->
+<refentry id="man.rndc-confgen">
+  <refentryinfo>
+    <date>Aug 27, 2001</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle><application>rndc-confgen</application></refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo>BIND9</refmiscinfo>
+  </refmeta>
+
+  <refnamediv>
+    <refname><application>rndc-confgen</application></refname>
+    <refpurpose>rndc key generation tool</refpurpose>
+  </refnamediv>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2007</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>rndc-confgen</command>
+      <arg><option>-a</option></arg>
+      <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
+      <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
+      <arg><option>-h</option></arg>
+      <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
+      <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+      <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
+      <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
+      <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
+      <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+    <para><command>rndc-confgen</command>
+      generates configuration files
+      for <command>rndc</command>.  It can be used as a
+      convenient alternative to writing the
+      <filename>rndc.conf</filename> file
+      and the corresponding <command>controls</command>
+      and <command>key</command>
+      statements in <filename>named.conf</filename> by hand.
+      Alternatively, it can be run with the <command>-a</command>
+      option to set up a <filename>rndc.key</filename> file and
+      avoid the need for a <filename>rndc.conf</filename> file
+      and a <command>controls</command> statement altogether.
+    </para>
+
+  </refsect1>
+
+  <refsect1>
+    <title>OPTIONS</title>
+
+    <variablelist>
+      <varlistentry>
+        <term>-a</term>
+        <listitem>
+          <para>
+            Do automatic <command>rndc</command> configuration.
+            This creates a file <filename>rndc.key</filename>
+            in <filename>/etc</filename> (or whatever
+            <varname>sysconfdir</varname>
+            was specified as when <acronym>BIND</acronym> was
+            built)
+            that is read by both <command>rndc</command>
+            and <command>named</command> on startup.  The
+            <filename>rndc.key</filename> file defines a default
+            command channel and authentication key allowing
+            <command>rndc</command> to communicate with
+            <command>named</command> on the local host
+            with no further configuration.
+          </para>
+          <para>
+            Running <command>rndc-confgen -a</command> allows
+            BIND 9 and <command>rndc</command> to be used as
+            drop-in
+            replacements for BIND 8 and <command>ndc</command>,
+            with no changes to the existing BIND 8
+            <filename>named.conf</filename> file.
+          </para>
+          <para>
+            If a more elaborate configuration than that
+            generated by <command>rndc-confgen -a</command>
+            is required, for example if rndc is to be used remotely,
+            you should run <command>rndc-confgen</command> without
+            the
+            <command>-a</command> option and set up a
+            <filename>rndc.conf</filename> and
+            <filename>named.conf</filename>
+            as directed.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-b <replaceable class="parameter">keysize</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the size of the authentication key in bits.
+            Must be between 1 and 512 bits; the default is 128.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c <replaceable class="parameter">keyfile</replaceable></term>
+        <listitem>
+          <para>
+            Used with the <command>-a</command> option to specify
+            an alternate location for <filename>rndc.key</filename>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-h</term>
+        <listitem>
+          <para>
+            Prints a short summary of the options and arguments to
+            <command>rndc-confgen</command>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-k <replaceable class="parameter">keyname</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the key name of the rndc authentication key.
+            This must be a valid domain name.
+            The default is <constant>rndc-key</constant>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p <replaceable class="parameter">port</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the command channel port where <command>named</command>
+            listens for connections from <command>rndc</command>.
+            The default is 953.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-r <replaceable class="parameter">randomfile</replaceable></term>
+        <listitem>
+          <para>
+            Specifies a source of random data for generating the
+            authorization.  If the operating
+            system does not provide a <filename>/dev/random</filename>
+            or equivalent device, the default source of randomness
+            is keyboard input.  <filename>randomdev</filename>
+            specifies
+            the name of a character device or file containing random
+            data to be used instead of the default.  The special value
+            <filename>keyboard</filename> indicates that keyboard
+            input should be used.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-s <replaceable class="parameter">address</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the IP address where <command>named</command>
+            listens for command channel connections from
+            <command>rndc</command>.  The default is the loopback
+            address 127.0.0.1.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
+        <listitem>
+          <para>
+            Used with the <command>-a</command> option to specify
+            a directory where <command>named</command> will run
+            chrooted.  An additional copy of the <filename>rndc.key</filename>
+            will be written relative to this directory so that
+            it will be found by the chrooted <command>named</command>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-u <replaceable class="parameter">user</replaceable></term>
+        <listitem>
+          <para>
+            Used with the <command>-a</command> option to set the
+            owner
+            of the <filename>rndc.key</filename> file generated.
+            If
+            <command>-t</command> is also specified only the file
+            in
+            the chroot area has its owner changed.
+          </para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>EXAMPLES</title>
+    <para>
+      To allow <command>rndc</command> to be used with
+      no manual configuration, run
+    </para>
+    <para><userinput>rndc-confgen -a</userinput>
+    </para>
+    <para>
+      To print a sample <filename>rndc.conf</filename> file and
+      corresponding <command>controls</command> and <command>key</command>
+      statements to be manually inserted into <filename>named.conf</filename>,
+      run
+    </para>
+    <para><userinput>rndc-confgen</userinput>
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para><citerefentry>
+        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>AUTHOR</title>
+    <para><corpauthor>Internet Systems Consortium</corpauthor>
+    </para>
+  </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html
new file mode 100644
index 0000000..4be87af
--- /dev/null
+++ b/bin/rndc/rndc-confgen.html
@@ -0,0 +1,188 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003 Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: rndc-confgen.html,v 1.25 2007/01/30 00:24:59 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>rndc-confgen</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.rndc-confgen"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543429"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">rndc-confgen</strong></span>
+      generates configuration files
+      for <span><strong class="command">rndc</strong></span>.  It can be used as a
+      convenient alternative to writing the
+      <code class="filename">rndc.conf</code> file
+      and the corresponding <span><strong class="command">controls</strong></span>
+      and <span><strong class="command">key</strong></span>
+      statements in <code class="filename">named.conf</code> by hand.
+      Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
+      option to set up a <code class="filename">rndc.key</code> file and
+      avoid the need for a <code class="filename">rndc.conf</code> file
+      and a <span><strong class="command">controls</strong></span> statement altogether.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543474"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd>
+<p>
+            Do automatic <span><strong class="command">rndc</strong></span> configuration.
+            This creates a file <code class="filename">rndc.key</code>
+            in <code class="filename">/etc</code> (or whatever
+            <code class="varname">sysconfdir</code>
+            was specified as when <acronym class="acronym">BIND</acronym> was
+            built)
+            that is read by both <span><strong class="command">rndc</strong></span>
+            and <span><strong class="command">named</strong></span> on startup.  The
+            <code class="filename">rndc.key</code> file defines a default
+            command channel and authentication key allowing
+            <span><strong class="command">rndc</strong></span> to communicate with
+            <span><strong class="command">named</strong></span> on the local host
+            with no further configuration.
+          </p>
+<p>
+            Running <span><strong class="command">rndc-confgen -a</strong></span> allows
+            BIND 9 and <span><strong class="command">rndc</strong></span> to be used as
+            drop-in
+            replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
+            with no changes to the existing BIND 8
+            <code class="filename">named.conf</code> file.
+          </p>
+<p>
+            If a more elaborate configuration than that
+            generated by <span><strong class="command">rndc-confgen -a</strong></span>
+            is required, for example if rndc is to be used remotely,
+            you should run <span><strong class="command">rndc-confgen</strong></span> without
+            the
+            <span><strong class="command">-a</strong></span> option and set up a
+            <code class="filename">rndc.conf</code> and
+            <code class="filename">named.conf</code>
+            as directed.
+          </p>
+</dd>
+<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
+<dd><p>
+            Specifies the size of the authentication key in bits.
+            Must be between 1 and 512 bits; the default is 128.
+          </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
+<dd><p>
+            Used with the <span><strong class="command">-a</strong></span> option to specify
+            an alternate location for <code class="filename">rndc.key</code>.
+          </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+            Prints a short summary of the options and arguments to
+            <span><strong class="command">rndc-confgen</strong></span>.
+          </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
+<dd><p>
+            Specifies the key name of the rndc authentication key.
+            This must be a valid domain name.
+            The default is <code class="constant">rndc-key</code>.
+          </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+            Specifies the command channel port where <span><strong class="command">named</strong></span>
+            listens for connections from <span><strong class="command">rndc</strong></span>.
+            The default is 953.
+          </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
+<dd><p>
+            Specifies a source of random data for generating the
+            authorization.  If the operating
+            system does not provide a <code class="filename">/dev/random</code>
+            or equivalent device, the default source of randomness
+            is keyboard input.  <code class="filename">randomdev</code>
+            specifies
+            the name of a character device or file containing random
+            data to be used instead of the default.  The special value
+            <code class="filename">keyboard</code> indicates that keyboard
+            input should be used.
+          </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
+<dd><p>
+            Specifies the IP address where <span><strong class="command">named</strong></span>
+            listens for command channel connections from
+            <span><strong class="command">rndc</strong></span>.  The default is the loopback
+            address 127.0.0.1.
+          </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
+<dd><p>
+            Used with the <span><strong class="command">-a</strong></span> option to specify
+            a directory where <span><strong class="command">named</strong></span> will run
+            chrooted.  An additional copy of the <code class="filename">rndc.key</code>
+            will be written relative to this directory so that
+            it will be found by the chrooted <span><strong class="command">named</strong></span>.
+          </p></dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd><p>
+            Used with the <span><strong class="command">-a</strong></span> option to set the
+            owner
+            of the <code class="filename">rndc.key</code> file generated.
+            If
+            <span><strong class="command">-t</strong></span> is also specified only the file
+            in
+            the chroot area has its owner changed.
+          </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543787"></a><h2>EXAMPLES</h2>
+<p>
+      To allow <span><strong class="command">rndc</strong></span> to be used with
+      no manual configuration, run
+    </p>
+<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
+    </p>
+<p>
+      To print a sample <code class="filename">rndc.conf</code> file and
+      corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span>
+      statements to be manually inserted into <code class="filename">named.conf</code>,
+      run
+    </p>
+<p><strong class="userinput"><code>rndc-confgen</code></strong>
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543829"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
+      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543867"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
new file mode 100644
index 0000000..7f0dea1
--- /dev/null
+++ b/bin/rndc/rndc.8
@@ -0,0 +1,148 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc.8,v 1.42 2007/12/14 22:37:22 marka Exp $
+.\"
+.hy 0
+.ad l
+.\"     Title: rndc
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc \- name server control utility
+.SH "SYNOPSIS"
+.HP 5
+\fBrndc\fR [\fB\-b\ \fR\fB\fIsource\-address\fR\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command}
+.SH "DESCRIPTION"
+.PP
+\fBrndc\fR
+controls the operation of a name server. It supersedes the
+\fBndc\fR
+utility that was provided in old BIND releases. If
+\fBrndc\fR
+is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments.
+.PP
+\fBrndc\fR
+communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
+\fBrndc\fR
+and
+\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
+.PP
+\fBrndc\fR
+reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
+.SH "OPTIONS"
+.PP
+\-b \fIsource\-address\fR
+.RS 4
+Use
+\fIsource\-address\fR
+as the source address for the connection to the server. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses.
+.RE
+.PP
+\-c \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/rndc.conf\fR.
+.RE
+.PP
+\-k \fIkey\-file\fR
+.RS 4
+Use
+\fIkey\-file\fR
+as the key file instead of the default,
+\fI/etc/rndc.key\fR. The key in
+\fI/etc/rndc.key\fR
+will be used to authenticate commands sent to the server if the
+\fIconfig\-file\fR
+does not exist.
+.RE
+.PP
+\-s \fIserver\fR
+.RS 4
+\fIserver\fR
+is the name or address of the server which matches a server statement in the configuration file for
+\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the
+\fBrndc\fR
+configuration file will be used.
+.RE
+.PP
+\-p \fIport\fR
+.RS 4
+Send commands to TCP port
+\fIport\fR
+instead of BIND 9's default control channel port, 953.
+.RE
+.PP
+\-V
+.RS 4
+Enable verbose logging.
+.RE
+.PP
+\-y \fIkey_id\fR
+.RS 4
+Use the key
+\fIkey_id\fR
+from the configuration file.
+\fIkey_id\fR
+must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no
+\fIkey_id\fR
+is specified,
+\fBrndc\fR
+will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
+.RE
+.PP
+For the complete set of commands supported by
+\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run
+\fBrndc\fR
+without arguments to see its help message.
+.SH "LIMITATIONS"
+.PP
+\fBrndc\fR
+does not yet support all the commands of the BIND 8
+\fBndc\fR
+utility.
+.PP
+There is currently no way to provide the shared secret for a
+\fBkey_id\fR
+without using the configuration file.
+.PP
+Several error messages could be clearer.
+.SH "SEE ALSO"
+.PP
+\fBrndc.conf\fR(5),
+\fBrndc\-confgen\fR(8),
+\fBnamed\fR(8),
+\fBnamed.conf\fR(5),
+\fBndc\fR(8),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
new file mode 100644
index 0000000..cdebf3d
--- /dev/null
+++ b/bin/rndc/rndc.c
@@ -0,0 +1,859 @@
+/*
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.c,v 1.122 2008/10/15 03:01:59 marka Exp $ */
+
+/*! \file */
+
+/*
+ * Principal Author: DCL
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/file.h>
+#include <isc/log.h>
+#include <isc/net.h>
+#include <isc/mem.h>
+#include <isc/random.h>
+#include <isc/socket.h>
+#include <isc/stdtime.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/thread.h>
+#include <isc/util.h>
+
+#include <isccfg/namedconf.h>
+
+#include <isccc/alist.h>
+#include <isccc/base64.h>
+#include <isccc/cc.h>
+#include <isccc/ccmsg.h>
+#include <isccc/result.h>
+#include <isccc/sexpr.h>
+#include <isccc/types.h>
+#include <isccc/util.h>
+
+#include <dns/name.h>
+
+#include <bind9/getaddresses.h>
+
+#include "util.h"
+
+#define SERVERADDRS 10
+
+const char *progname;
+isc_boolean_t verbose;
+
+static const char *admin_conffile;
+static const char *admin_keyfile;
+static const char *version = VERSION;
+static const char *servername = NULL;
+static isc_sockaddr_t serveraddrs[SERVERADDRS];
+static isc_sockaddr_t local4, local6;
+static isc_boolean_t local4set = ISC_FALSE, local6set = ISC_FALSE;
+static int nserveraddrs;
+static int currentaddr = 0;
+static unsigned int remoteport = 0;
+static isc_socketmgr_t *socketmgr = NULL;
+static unsigned char databuf[2048];
+static isccc_ccmsg_t ccmsg;
+static isccc_region_t secret;
+static isc_boolean_t failed = ISC_FALSE;
+static isc_mem_t *mctx;
+static int sends, recvs, connects;
+static char *command;
+static char *args;
+static char program[256];
+static isc_socket_t *sock = NULL;
+static isc_uint32_t serial;
+
+static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task);
+
+static void
+usage(int status) {
+	fprintf(stderr, "\
+Usage: %s [-c config] [-s server] [-p port]\n\
+	[-k key-file ] [-y key] [-V] command\n\
+\n\
+command is one of the following:\n\
+\n\
+  reload	Reload configuration file and zones.\n\
+  reload zone [class [view]]\n\
+		Reload a single zone.\n\
+  refresh zone [class [view]]\n\
+		Schedule immediate maintenance for a zone.\n\
+  retransfer zone [class [view]]\n\
+		Retransfer a single zone without checking serial number.\n\
+  freeze	Suspend updates to all dynamic zones.\n\
+  freeze zone [class [view]]\n\
+		Suspend updates to a dynamic zone.\n\
+  thaw		Enable updates to all dynamic zones and reload them.\n\
+  thaw zone [class [view]]\n\
+		Enable updates to a frozen dynamic zone and reload it.\n\
+  notify zone [class [view]]\n\
+		Resend NOTIFY messages for the zone.\n\
+  reconfig	Reload configuration file and new zones only.\n\
+  stats		Write server statistics to the statistics file.\n\
+  querylog	Toggle query logging.\n\
+  dumpdb [-all|-cache|-zones] [view ...]\n\
+		Dump cache(s) to the dump file (named_dump.db).\n\
+  stop		Save pending updates to master files and stop the server.\n\
+  stop -p	Save pending updates to master files and stop the server\n\
+		reporting process id.\n\
+  halt		Stop the server without saving pending updates.\n\
+  halt -p	Stop the server without saving pending updates reporting\n\
+		process id.\n\
+  trace		Increment debugging level by one.\n\
+  trace level	Change the debugging level.\n\
+  notrace	Set debugging level to 0.\n\
+  flush 	Flushes all of the server's caches.\n\
+  flush [view]	Flushes the server's cache for a view.\n\
+  flushname name [view]\n\
+		Flush the given name from the server's cache(s)\n\
+  status	Display status of the server.\n\
+  recursing	Dump the queries that are currently recursing (named.recursing)\n\
+  validation newstate [view]\n\
+		Enable / disable DNSSEC validation.\n\
+  *restart	Restart the server.\n\
+\n\
+* == not yet implemented\n\
+Version: %s\n",
+		progname, version);
+
+	exit(status);
+}
+
+static void
+get_addresses(const char *host, in_port_t port) {
+	isc_result_t result;
+	int found = 0, count;
+
+	if (*host == '/') {
+		result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs],
+					       host);
+		if (result == ISC_R_SUCCESS)
+			nserveraddrs++;
+	} else {
+		count = SERVERADDRS - nserveraddrs;
+		result = bind9_getaddresses(host, port,
+					    &serveraddrs[nserveraddrs],
+					    count, &found);
+		nserveraddrs += found;
+	}
+	if (result != ISC_R_SUCCESS)
+		fatal("couldn't get address for '%s': %s",
+		      host, isc_result_totext(result));
+	INSIST(nserveraddrs > 0);
+}
+
+static void
+rndc_senddone(isc_task_t *task, isc_event_t *event) {
+	isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+
+	UNUSED(task);
+
+	sends--;
+	if (sevent->result != ISC_R_SUCCESS)
+		fatal("send failed: %s", isc_result_totext(sevent->result));
+	isc_event_free(&event);
+	if (sends == 0 && recvs == 0) {
+		isc_socket_detach(&sock);
+		isc_task_shutdown(task);
+		RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS);
+	}
+}
+
+static void
+rndc_recvdone(isc_task_t *task, isc_event_t *event) {
+	isccc_sexpr_t *response = NULL;
+	isccc_sexpr_t *data;
+	isccc_region_t source;
+	char *errormsg = NULL;
+	char *textmsg = NULL;
+	isc_result_t result;
+
+	recvs--;
+
+	if (ccmsg.result == ISC_R_EOF)
+		fatal("connection to remote host closed\n"
+		      "This may indicate that\n"
+		      "* the remote server is using an older version of"
+		      " the command protocol,\n"
+		      "* this host is not authorized to connect,\n"
+		      "* the clocks are not syncronized, or\n"
+		      "* the key is invalid.");
+
+	if (ccmsg.result != ISC_R_SUCCESS)
+		fatal("recv failed: %s", isc_result_totext(ccmsg.result));
+
+	source.rstart = isc_buffer_base(&ccmsg.buffer);
+	source.rend = isc_buffer_used(&ccmsg.buffer);
+
+	DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+	data = isccc_alist_lookup(response, "_data");
+	if (data == NULL)
+		fatal("no data section in response");
+	result = isccc_cc_lookupstring(data, "err", &errormsg);
+	if (result == ISC_R_SUCCESS) {
+		failed = ISC_TRUE;
+		fprintf(stderr, "%s: '%s' failed: %s\n",
+			progname, command, errormsg);
+	}
+	else if (result != ISC_R_NOTFOUND)
+		fprintf(stderr, "%s: parsing response failed: %s\n",
+			progname, isc_result_totext(result));
+
+	result = isccc_cc_lookupstring(data, "text", &textmsg);
+	if (result == ISC_R_SUCCESS)
+		printf("%s\n", textmsg);
+	else if (result != ISC_R_NOTFOUND)
+		fprintf(stderr, "%s: parsing response failed: %s\n",
+			progname, isc_result_totext(result));
+
+	isc_event_free(&event);
+	isccc_sexpr_free(&response);
+	if (sends == 0 && recvs == 0) {
+		isc_socket_detach(&sock);
+		isc_task_shutdown(task);
+		RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS);
+	}
+}
+
+static void
+rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
+	isccc_sexpr_t *response = NULL;
+	isccc_sexpr_t *_ctrl;
+	isccc_region_t source;
+	isc_result_t result;
+	isc_uint32_t nonce;
+	isccc_sexpr_t *request = NULL;
+	isccc_time_t now;
+	isc_region_t r;
+	isccc_sexpr_t *data;
+	isccc_region_t message;
+	isc_uint32_t len;
+	isc_buffer_t b;
+
+	recvs--;
+
+	if (ccmsg.result == ISC_R_EOF)
+		fatal("connection to remote host closed\n"
+		      "This may indicate that\n"
+		      "* the remote server is using an older version of"
+		      " the command protocol,\n"
+		      "* this host is not authorized to connect,\n"
+		      "* the clocks are not syncronized, or\n"
+		      "* the key is invalid.");
+
+	if (ccmsg.result != ISC_R_SUCCESS)
+		fatal("recv failed: %s", isc_result_totext(ccmsg.result));
+
+	source.rstart = isc_buffer_base(&ccmsg.buffer);
+	source.rend = isc_buffer_used(&ccmsg.buffer);
+
+	DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+	_ctrl = isccc_alist_lookup(response, "_ctrl");
+	if (_ctrl == NULL)
+		fatal("_ctrl section missing");
+	nonce = 0;
+	if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
+		nonce = 0;
+
+	isc_stdtime_get(&now);
+
+	DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
+						    now, now + 60, &request));
+	data = isccc_alist_lookup(request, "_data");
+	if (data == NULL)
+		fatal("_data section missing");
+	if (isccc_cc_definestring(data, "type", args) == NULL)
+		fatal("out of memory");
+	if (nonce != 0) {
+		_ctrl = isccc_alist_lookup(request, "_ctrl");
+		if (_ctrl == NULL)
+			fatal("_ctrl section missing");
+		if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL)
+			fatal("out of memory");
+	}
+	message.rstart = databuf + 4;
+	message.rend = databuf + sizeof(databuf);
+	DO("render message", isccc_cc_towire(request, &message, &secret));
+	len = sizeof(databuf) - REGION_SIZE(message);
+	isc_buffer_init(&b, databuf, 4);
+	isc_buffer_putuint32(&b, len - 4);
+	r.length = len;
+	r.base = databuf;
+
+	isccc_ccmsg_cancelread(&ccmsg);
+	DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
+						    rndc_recvdone, NULL));
+	recvs++;
+	DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
+					   NULL));
+	sends++;
+
+	isc_event_free(&event);
+	isccc_sexpr_free(&response);
+	return;
+}
+
+static void
+rndc_connected(isc_task_t *task, isc_event_t *event) {
+	char socktext[ISC_SOCKADDR_FORMATSIZE];
+	isc_socketevent_t *sevent = (isc_socketevent_t *)event;
+	isccc_sexpr_t *request = NULL;
+	isccc_sexpr_t *data;
+	isccc_time_t now;
+	isccc_region_t message;
+	isc_region_t r;
+	isc_uint32_t len;
+	isc_buffer_t b;
+	isc_result_t result;
+
+	connects--;
+
+	if (sevent->result != ISC_R_SUCCESS) {
+		isc_sockaddr_format(&serveraddrs[currentaddr], socktext,
+				    sizeof(socktext));
+		if (sevent->result != ISC_R_CANCELED &&
+		    ++currentaddr < nserveraddrs)
+		{
+			notify("connection failed: %s: %s", socktext,
+			       isc_result_totext(sevent->result));
+			isc_socket_detach(&sock);
+			isc_event_free(&event);
+			rndc_startconnect(&serveraddrs[currentaddr], task);
+			return;
+		} else
+			fatal("connect failed: %s: %s", socktext,
+			      isc_result_totext(sevent->result));
+	}
+
+	isc_stdtime_get(&now);
+	DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
+						    now, now + 60, &request));
+	data = isccc_alist_lookup(request, "_data");
+	if (data == NULL)
+		fatal("_data section missing");
+	if (isccc_cc_definestring(data, "type", "null") == NULL)
+		fatal("out of memory");
+	message.rstart = databuf + 4;
+	message.rend = databuf + sizeof(databuf);
+	DO("render message", isccc_cc_towire(request, &message, &secret));
+	len = sizeof(databuf) - REGION_SIZE(message);
+	isc_buffer_init(&b, databuf, 4);
+	isc_buffer_putuint32(&b, len - 4);
+	r.length = len;
+	r.base = databuf;
+
+	isccc_ccmsg_init(mctx, sock, &ccmsg);
+	isccc_ccmsg_setmaxsize(&ccmsg, 1024 * 1024);
+
+	DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
+						    rndc_recvnonce, NULL));
+	recvs++;
+	DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
+					   NULL));
+	sends++;
+	isc_event_free(&event);
+}
+
+static void
+rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
+	isc_result_t result;
+	int pf;
+	isc_sockettype_t type;
+
+	char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+	isc_sockaddr_format(addr, socktext, sizeof(socktext));
+
+	notify("using server %s (%s)", servername, socktext);
+
+	pf = isc_sockaddr_pf(addr);
+	if (pf == AF_INET || pf == AF_INET6)
+		type = isc_sockettype_tcp;
+	else
+		type = isc_sockettype_unix;
+	DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
+	switch (isc_sockaddr_pf(addr)) {
+	case AF_INET:
+		DO("bind socket", isc_socket_bind(sock, &local4, 0));
+		break;
+	case AF_INET6:
+		DO("bind socket", isc_socket_bind(sock, &local6, 0));
+		break;
+	default:
+		break;
+	}
+	DO("connect", isc_socket_connect(sock, addr, task, rndc_connected,
+					 NULL));
+	connects++;
+}
+
+static void
+rndc_start(isc_task_t *task, isc_event_t *event) {
+	isc_event_free(&event);
+
+	currentaddr = 0;
+	rndc_startconnect(&serveraddrs[currentaddr], task);
+}
+
+static void
+parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
+	     cfg_parser_t **pctxp, cfg_obj_t **configp)
+{
+	isc_result_t result;
+	const char *conffile = admin_conffile;
+	const cfg_obj_t *addresses = NULL;
+	const cfg_obj_t *defkey = NULL;
+	const cfg_obj_t *options = NULL;
+	const cfg_obj_t *servers = NULL;
+	const cfg_obj_t *server = NULL;
+	const cfg_obj_t *keys = NULL;
+	const cfg_obj_t *key = NULL;
+	const cfg_obj_t *defport = NULL;
+	const cfg_obj_t *secretobj = NULL;
+	const cfg_obj_t *algorithmobj = NULL;
+	cfg_obj_t *config = NULL;
+	const cfg_obj_t *address = NULL;
+	const cfg_listelt_t *elt;
+	const char *secretstr;
+	const char *algorithm;
+	static char secretarray[1024];
+	const cfg_type_t *conftype = &cfg_type_rndcconf;
+	isc_boolean_t key_only = ISC_FALSE;
+	const cfg_listelt_t *element;
+
+	if (! isc_file_exists(conffile)) {
+		conffile = admin_keyfile;
+		conftype = &cfg_type_rndckey;
+
+		if (! isc_file_exists(conffile))
+			fatal("neither %s nor %s was found",
+			      admin_conffile, admin_keyfile);
+		key_only = ISC_TRUE;
+	}
+
+	DO("create parser", cfg_parser_create(mctx, log, pctxp));
+
+	/*
+	 * The parser will output its own errors, so DO() is not used.
+	 */
+	result = cfg_parse_file(*pctxp, conffile, conftype, &config);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not load rndc configuration");
+
+	if (!key_only)
+		(void)cfg_map_get(config, "options", &options);
+
+	if (key_only && servername == NULL)
+		servername = "127.0.0.1";
+	else if (servername == NULL && options != NULL) {
+		const cfg_obj_t *defserverobj = NULL;
+		(void)cfg_map_get(options, "default-server", &defserverobj);
+		if (defserverobj != NULL)
+			servername = cfg_obj_asstring(defserverobj);
+	}
+
+	if (servername == NULL)
+		fatal("no server specified and no default");
+
+	if (!key_only) {
+		(void)cfg_map_get(config, "server", &servers);
+		if (servers != NULL) {
+			for (elt = cfg_list_first(servers);
+			     elt != NULL;
+			     elt = cfg_list_next(elt))
+			{
+				const char *name;
+				server = cfg_listelt_value(elt);
+				name = cfg_obj_asstring(cfg_map_getname(server));
+				if (strcasecmp(name, servername) == 0)
+					break;
+				server = NULL;
+			}
+		}
+	}
+
+	/*
+	 * Look for the name of the key to use.
+	 */
+	if (keyname != NULL)
+		;		/* Was set on command line, do nothing. */
+	else if (server != NULL) {
+		DO("get key for server", cfg_map_get(server, "key", &defkey));
+		keyname = cfg_obj_asstring(defkey);
+	} else if (options != NULL) {
+		DO("get default key", cfg_map_get(options, "default-key",
+						  &defkey));
+		keyname = cfg_obj_asstring(defkey);
+	} else if (!key_only)
+		fatal("no key for server and no default");
+
+	/*
+	 * Get the key's definition.
+	 */
+	if (key_only)
+		DO("get key", cfg_map_get(config, "key", &key));
+	else {
+		DO("get config key list", cfg_map_get(config, "key", &keys));
+		for (elt = cfg_list_first(keys);
+		     elt != NULL;
+		     elt = cfg_list_next(elt))
+		{
+			key = cfg_listelt_value(elt);
+			if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)),
+				       keyname) == 0)
+				break;
+		}
+		if (elt == NULL)
+			fatal("no key definition for name %s", keyname);
+	}
+	(void)cfg_map_get(key, "secret", &secretobj);
+	(void)cfg_map_get(key, "algorithm", &algorithmobj);
+	if (secretobj == NULL || algorithmobj == NULL)
+		fatal("key must have algorithm and secret");
+
+	secretstr = cfg_obj_asstring(secretobj);
+	algorithm = cfg_obj_asstring(algorithmobj);
+
+	if (strcasecmp(algorithm, "hmac-md5") != 0)
+		fatal("unsupported algorithm: %s", algorithm);
+
+	secret.rstart = (unsigned char *)secretarray;
+	secret.rend = (unsigned char *)secretarray + sizeof(secretarray);
+	DO("decode base64 secret", isccc_base64_decode(secretstr, &secret));
+	secret.rend = secret.rstart;
+	secret.rstart = (unsigned char *)secretarray;
+
+	/*
+	 * Find the port to connect to.
+	 */
+	if (remoteport != 0)
+		;		/* Was set on command line, do nothing. */
+	else {
+		if (server != NULL)
+			(void)cfg_map_get(server, "port", &defport);
+		if (defport == NULL && options != NULL)
+			(void)cfg_map_get(options, "default-port", &defport);
+	}
+	if (defport != NULL) {
+		remoteport = cfg_obj_asuint32(defport);
+		if (remoteport > 65535 || remoteport == 0)
+			fatal("port %u out of range", remoteport);
+	} else if (remoteport == 0)
+		remoteport = NS_CONTROL_PORT;
+
+	if (server != NULL)
+		result = cfg_map_get(server, "addresses", &addresses);
+	else
+		result = ISC_R_NOTFOUND;
+	if (result == ISC_R_SUCCESS) {
+		for (element = cfg_list_first(addresses);
+		     element != NULL;
+		     element = cfg_list_next(element))
+		{
+			isc_sockaddr_t sa;
+
+			address = cfg_listelt_value(element);
+			if (!cfg_obj_issockaddr(address)) {
+				unsigned int myport;
+				const char *name;
+				const cfg_obj_t *obj;
+
+				obj = cfg_tuple_get(address, "name");
+				name = cfg_obj_asstring(obj);
+				obj = cfg_tuple_get(address, "port");
+				if (cfg_obj_isuint32(obj)) {
+					myport = cfg_obj_asuint32(obj);
+					if (myport > ISC_UINT16_MAX ||
+					    myport == 0)
+						fatal("port %u out of range",
+						      myport);
+				} else
+					myport = remoteport;
+				if (nserveraddrs < SERVERADDRS)
+					get_addresses(name, (in_port_t) myport);
+				else
+					fprintf(stderr, "too many address: "
+						"%s: dropped\n", name);
+				continue;
+			}
+			sa = *cfg_obj_assockaddr(address);
+			if (isc_sockaddr_getport(&sa) == 0)
+				isc_sockaddr_setport(&sa, remoteport);
+			if (nserveraddrs < SERVERADDRS)
+				serveraddrs[nserveraddrs++] = sa;
+			else {
+				char socktext[ISC_SOCKADDR_FORMATSIZE];
+
+				isc_sockaddr_format(&sa, socktext,
+						    sizeof(socktext));
+				fprintf(stderr,
+					"too many address: %s: dropped\n",
+					socktext);
+			}
+		}
+	}
+
+	if (!local4set && server != NULL) {
+		address = NULL;
+		cfg_map_get(server, "source-address", &address);
+		if (address != NULL) {
+			local4 = *cfg_obj_assockaddr(address);
+			local4set = ISC_TRUE;
+		}
+	}
+	if (!local4set && options != NULL) {
+		address = NULL;
+		cfg_map_get(options, "default-source-address", &address);
+		if (address != NULL) {
+			local4 = *cfg_obj_assockaddr(address);
+			local4set = ISC_TRUE;
+		}
+	}
+
+	if (!local6set && server != NULL) {
+		address = NULL;
+		cfg_map_get(server, "source-address-v6", &address);
+		if (address != NULL) {
+			local6 = *cfg_obj_assockaddr(address);
+			local6set = ISC_TRUE;
+		}
+	}
+	if (!local6set && options != NULL) {
+		address = NULL;
+		cfg_map_get(options, "default-source-address-v6", &address);
+		if (address != NULL) {
+			local6 = *cfg_obj_assockaddr(address);
+			local6set = ISC_TRUE;
+		}
+	}
+
+	*configp = config;
+}
+
+int
+main(int argc, char **argv) {
+	isc_boolean_t show_final_mem = ISC_FALSE;
+	isc_result_t result = ISC_R_SUCCESS;
+	isc_taskmgr_t *taskmgr = NULL;
+	isc_task_t *task = NULL;
+	isc_log_t *log = NULL;
+	isc_logconfig_t *logconfig = NULL;
+	isc_logdestination_t logdest;
+	cfg_parser_t *pctx = NULL;
+	cfg_obj_t *config = NULL;
+	const char *keyname = NULL;
+	struct in_addr in;
+	struct in6_addr in6;
+	char *p;
+	size_t argslen;
+	int ch;
+	int i;
+
+	result = isc_file_progname(*argv, program, sizeof(program));
+	if (result != ISC_R_SUCCESS)
+		memcpy(program, "rndc", 5);
+	progname = program;
+
+	admin_conffile = RNDC_CONFFILE;
+	admin_keyfile = RNDC_KEYFILE;
+
+	isc_sockaddr_any(&local4);
+	isc_sockaddr_any6(&local6);
+
+	result = isc_app_start();
+	if (result != ISC_R_SUCCESS)
+		fatal("isc_app_start() failed: %s", isc_result_totext(result));
+
+	isc_commandline_errprint = ISC_FALSE;
+
+	while ((ch = isc_commandline_parse(argc, argv, "b:c:hk:Mmp:s:Vy:"))
+	       != -1) {
+		switch (ch) {
+		case 'b':
+			if (inet_pton(AF_INET, isc_commandline_argument,
+				      &in) == 1) {
+				isc_sockaddr_fromin(&local4, &in, 0);
+				local4set = ISC_TRUE;
+			} else if (inet_pton(AF_INET6, isc_commandline_argument,
+					     &in6) == 1) {
+				isc_sockaddr_fromin6(&local6, &in6, 0);
+				local6set = ISC_TRUE;
+			}
+			break;
+
+		case 'c':
+			admin_conffile = isc_commandline_argument;
+			break;
+
+		case 'k':
+			admin_keyfile = isc_commandline_argument;
+			break;
+
+		case 'M':
+			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
+			break;
+
+		case 'm':
+			show_final_mem = ISC_TRUE;
+			break;
+
+		case 'p':
+			remoteport = atoi(isc_commandline_argument);
+			if (remoteport > 65535 || remoteport == 0)
+				fatal("port '%s' out of range",
+				      isc_commandline_argument);
+			break;
+
+		case 's':
+			servername = isc_commandline_argument;
+			break;
+
+		case 'V':
+			verbose = ISC_TRUE;
+			break;
+
+		case 'y':
+			keyname = isc_commandline_argument;
+			break;
+
+		case '?':
+			if (isc_commandline_option != '?') {
+				fprintf(stderr, "%s: invalid argument -%c\n",
+					program, isc_commandline_option);
+				usage(1);
+			}
+		case 'h':
+			usage(0);
+			break;
+		default:
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
+			exit(1);
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 1)
+		usage(1);
+
+	isc_random_get(&serial);
+
+	DO("create memory context", isc_mem_create(0, 0, &mctx));
+	DO("create socket manager", isc_socketmgr_create(mctx, &socketmgr));
+	DO("create task manager", isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+	DO("create task", isc_task_create(taskmgr, 0, &task));
+
+	DO("create logging context", isc_log_create(mctx, &log, &logconfig));
+	isc_log_setcontext(log);
+	DO("setting log tag", isc_log_settag(logconfig, progname));
+	logdest.file.stream = stderr;
+	logdest.file.name = NULL;
+	logdest.file.versions = ISC_LOG_ROLLNEVER;
+	logdest.file.maximum_size = 0;
+	DO("creating log channel",
+	   isc_log_createchannel(logconfig, "stderr",
+				 ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
+				 ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL));
+	DO("enabling log channel", isc_log_usechannel(logconfig, "stderr",
+						      NULL, NULL));
+
+	parse_config(mctx, log, keyname, &pctx, &config);
+
+	isccc_result_register();
+
+	command = *argv;
+
+	/*
+	 * Convert argc/argv into a space-delimited command string
+	 * similar to what the user might enter in interactive mode
+	 * (if that were implemented).
+	 */
+	argslen = 0;
+	for (i = 0; i < argc; i++)
+		argslen += strlen(argv[i]) + 1;
+
+	args = isc_mem_get(mctx, argslen);
+	if (args == NULL)
+		DO("isc_mem_get", ISC_R_NOMEMORY);
+
+	p = args;
+	for (i = 0; i < argc; i++) {
+		size_t len = strlen(argv[i]);
+		memcpy(p, argv[i], len);
+		p += len;
+		*p++ = ' ';
+	}
+
+	p--;
+	*p++ = '\0';
+	INSIST(p == args + argslen);
+
+	notify("%s", command);
+
+	if (strcmp(command, "restart") == 0)
+		fatal("'%s' is not implemented", command);
+
+	if (nserveraddrs == 0)
+		get_addresses(servername, (in_port_t) remoteport);
+
+	DO("post event", isc_app_onrun(mctx, task, rndc_start, NULL));
+
+	result = isc_app_run();
+	if (result != ISC_R_SUCCESS)
+		fatal("isc_app_run() failed: %s", isc_result_totext(result));
+
+	if (connects > 0 || sends > 0 || recvs > 0)
+		isc_socket_cancel(sock, task, ISC_SOCKCANCEL_ALL);
+
+	isc_task_detach(&task);
+	isc_taskmgr_destroy(&taskmgr);
+	isc_socketmgr_destroy(&socketmgr);
+	isc_log_destroy(&log);
+	isc_log_setcontext(NULL);
+
+	cfg_obj_destroy(pctx, &config);
+	cfg_parser_destroy(&pctx);
+
+	isc_mem_put(mctx, args, argslen);
+	isccc_ccmsg_invalidate(&ccmsg);
+
+	dns_name_destroy();
+
+	if (show_final_mem)
+		isc_mem_stats(mctx, stderr);
+
+	isc_mem_destroy(&mctx);
+
+	if (failed)
+		return (1);
+
+	return (0);
+}
diff --git a/bin/rndc/rndc.conf b/bin/rndc/rndc.conf
new file mode 100644
index 0000000..67542b9
--- /dev/null
+++ b/bin/rndc/rndc.conf
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */
+
+/*
+ * Sample rndc configuration file.
+ */
+
+options {
+        default-server  localhost;
+        default-key     "key";
+};
+
+server localhost {
+        key     "key";
+};
+
+key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
+	algorithm hmac-md5;
+	secret "34f88008d07deabbe65bd01f1d233d47";
+};
+
+server "test1" {
+        key "cc64b3d1db63fc88d7cb5d2f9f57d258";
+	port 5353;
+        addresses { 10.53.0.1; };
+};
+
+key "key" {
+        algorithm       hmac-md5;
+        secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+};
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
new file mode 100644
index 0000000..9e9bad4
--- /dev/null
+++ b/bin/rndc/rndc.conf.5
@@ -0,0 +1,214 @@
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: rndc.conf.5,v 1.38 2007/05/09 13:35:57 marka Exp $
+.\"
+.hy 0
+.ad l
+.\"     Title: \fIrndc.conf\fR
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc.conf \- rndc configuration file
+.SH "SYNOPSIS"
+.HP 10
+\fBrndc.conf\fR
+.SH "DESCRIPTION"
+.PP
+\fIrndc.conf\fR
+is the configuration file for
+\fBrndc\fR, the BIND 9 name server control utility. This file has a similar structure and syntax to
+\fInamed.conf\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
+.PP
+C style: /* */
+.PP
+C++ style: // to end of line
+.PP
+Unix style: # to end of line
+.PP
+\fIrndc.conf\fR
+is much simpler than
+\fInamed.conf\fR. The file uses three statements: an options statement, a server statement and a key statement.
+.PP
+The
+\fBoptions\fR
+statement contains five clauses. The
+\fBdefault\-server\fR
+clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to
+\fBrndc\fR. The
+\fBdefault\-key\fR
+clause is followed by the name of a key which is identified by a
+\fBkey\fR
+statement. If no
+\fBkeyid\fR
+is provided on the rndc command line, and no
+\fBkey\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default key will be used to authenticate the server's commands and responses. The
+\fBdefault\-port\fR
+clause is followed by the port to connect to on the remote name server. If no
+\fBport\fR
+option is provided on the rndc command line, and no
+\fBport\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default port will be used to connect. The
+\fBdefault\-source\-address\fR
+and
+\fBdefault\-source\-address\-v6\fR
+clauses which can be used to set the IPv4 and IPv6 source addresses respectively.
+.PP
+After the
+\fBserver\fR
+keyword, the server statement includes a string which is the hostname or address for a name server. The statement has three possible clauses:
+\fBkey\fR,
+\fBport\fR
+and
+\fBaddresses\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. If an
+\fBaddresses\fR
+clause is supplied these addresses will be used instead of the server name. Each address can take an optional port. If an
+\fBsource\-address\fR
+or
+\fBsource\-address\-v6\fR
+of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively.
+.PP
+The
+\fBkey\fR
+statement begins with an identifying string, the name of the key. The statement has two clauses.
+\fBalgorithm\fR
+identifies the encryption algorithm for
+\fBrndc\fR
+to use; currently only HMAC\-MD5 is supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key. The base\-64 string is enclosed in double quotes.
+.PP
+There are two common ways to generate the base\-64 string for the secret. The BIND 9 program
+\fBrndc\-confgen\fR
+can be used to generate a random key, or the
+\fBmmencode\fR
+program, also known as
+\fBmimencode\fR, can be used to generate a base\-64 string from known input.
+\fBmmencode\fR
+does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
+.SH "EXAMPLE"
+.PP
+.RS 4
+.nf
+      options {
+        default\-server  localhost;
+        default\-key     samplekey;
+      };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+      server localhost {
+        key             samplekey;
+      };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+      server testserver {
+        key		testkey;
+        addresses	{ localhost port 5353; };
+      };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+      key samplekey {
+        algorithm       hmac\-md5;
+        secret          "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+      };
+.fi
+.RE
+.sp
+.PP
+.RS 4
+.nf
+      key testkey {
+        algorithm	hmac\-md5;
+        secret		"R3HI8P6BKw9ZwXwN3VZKuQ==";
+      };
+.fi
+.RE
+.sp
+.PP
+In the above example,
+\fBrndc\fR
+will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes.
+.PP
+If
+\fBrndc \-s testserver\fR
+is used then
+\fBrndc\fR
+will connect to server on localhost port 5353 using the key testkey.
+.PP
+To generate a random secret with
+\fBrndc\-confgen\fR:
+.PP
+\fBrndc\-confgen\fR
+.PP
+A complete
+\fIrndc.conf\fR
+file, including the randomly generated key, will be written to the standard output. Commented\-out
+\fBkey\fR
+and
+\fBcontrols\fR
+statements for
+\fInamed.conf\fR
+are also printed.
+.PP
+To generate a base\-64 secret with
+\fBmmencode\fR:
+.PP
+\fBecho "known plaintext for a secret" | mmencode\fR
+.SH "NAME SERVER CONFIGURATION"
+.PP
+The name server must be configured to accept rndc connections and to recognize the key specified in the
+\fIrndc.conf\fR
+file, using the controls statement in
+\fInamed.conf\fR. See the sections on the
+\fBcontrols\fR
+statement in the BIND 9 Administrator Reference Manual for details.
+.SH "SEE ALSO"
+.PP
+\fBrndc\fR(8),
+\fBrndc\-confgen\fR(8),
+\fBmmencode\fR(1),
+BIND 9 Administrator Reference Manual.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook
new file mode 100644
index 0000000..9de1995
--- /dev/null
+++ b/bin/rndc/rndc.conf.docbook
@@ -0,0 +1,252 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001  Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.conf.docbook,v 1.17 2007/06/18 23:47:25 tbox Exp $ -->
+<refentry id="man.rndc.conf">
+  <refentryinfo>
+    <date>June 30, 2000</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle><filename>rndc.conf</filename></refentrytitle>
+    <manvolnum>5</manvolnum>
+    <refmiscinfo>BIND9</refmiscinfo>
+  </refmeta>
+
+  <refnamediv>
+    <refname><filename>rndc.conf</filename></refname>
+    <refpurpose>rndc configuration file</refpurpose>
+  </refnamediv>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2007</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>rndc.conf</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+    <para><filename>rndc.conf</filename> is the configuration file
+      for <command>rndc</command>, the BIND 9 name server control
+      utility.  This file has a similar structure and syntax to
+      <filename>named.conf</filename>.  Statements are enclosed
+      in braces and terminated with a semi-colon.  Clauses in
+      the statements are also semi-colon terminated.  The usual
+      comment styles are supported:
+    </para>
+    <para>
+      C style: /* */
+    </para>
+    <para>
+      C++ style: // to end of line
+    </para>
+    <para>
+      Unix style: # to end of line
+    </para>
+    <para><filename>rndc.conf</filename> is much simpler than
+      <filename>named.conf</filename>.  The file uses three
+      statements: an options statement, a server statement
+      and a key statement.
+    </para>
+    <para>
+      The <option>options</option> statement contains five clauses.
+      The <option>default-server</option> clause is followed by the
+      name or address of a name server.  This host will be used when
+      no name server is given as an argument to
+      <command>rndc</command>.  The <option>default-key</option>
+      clause is followed by the name of a key which is identified by
+      a <option>key</option> statement.  If no
+      <option>keyid</option> is provided on the rndc command line,
+      and no <option>key</option> clause is found in a matching
+      <option>server</option> statement, this default key will be
+      used to authenticate the server's commands and responses.  The
+      <option>default-port</option> clause is followed by the port
+      to connect to on the remote name server.  If no
+      <option>port</option> option is provided on the rndc command
+      line, and no <option>port</option> clause is found in a
+      matching <option>server</option> statement, this default port
+      will be used to connect.
+      The <option>default-source-address</option> and
+      <option>default-source-address-v6</option> clauses which
+      can be used to set the IPv4 and IPv6 source addresses
+      respectively.
+    </para>
+    <para>
+      After the <option>server</option> keyword, the server
+      statement includes a string which is the hostname or address
+      for a name server.  The statement has three possible clauses:
+      <option>key</option>, <option>port</option> and
+      <option>addresses</option>. The key name must match the
+      name of a key statement in the file.  The port number
+      specifies the port to connect to.  If an <option>addresses</option>
+      clause is supplied these addresses will be used instead of
+      the server name.  Each address can take an optional port.
+      If an <option>source-address</option> or <option>source-address-v6</option>
+      of supplied then these will be used to specify the IPv4 and IPv6
+      source addresses respectively.
+    </para>
+    <para>
+      The <option>key</option> statement begins with an identifying
+      string, the name of the key.  The statement has two clauses.
+      <option>algorithm</option> identifies the encryption algorithm
+      for <command>rndc</command> to use; currently only HMAC-MD5
+      is
+      supported.  This is followed by a secret clause which contains
+      the base-64 encoding of the algorithm's encryption key.  The
+      base-64 string is enclosed in double quotes.
+    </para>
+    <para>
+      There are two common ways to generate the base-64 string for the
+      secret.  The BIND 9 program <command>rndc-confgen</command>
+      can
+      be used to generate a random key, or the
+      <command>mmencode</command> program, also known as
+      <command>mimencode</command>, can be used to generate a
+      base-64
+      string from known input.  <command>mmencode</command> does
+      not
+      ship with BIND 9 but is available on many systems.  See the
+      EXAMPLE section for sample command lines for each.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>EXAMPLE</title>
+
+    <para><programlisting>
+      options {
+        default-server  localhost;
+        default-key     samplekey;
+      };
+</programlisting>
+    </para>
+    <para><programlisting>
+      server localhost {
+        key             samplekey;
+      };
+</programlisting>
+    </para>
+    <para><programlisting>
+      server testserver {
+        key		testkey;
+        addresses	{ localhost port 5353; };
+      };
+</programlisting>
+    </para>
+    <para><programlisting>
+      key samplekey {
+        algorithm       hmac-md5;
+        secret          "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+      };
+</programlisting>
+    </para>
+    <para><programlisting>
+      key testkey {
+        algorithm	hmac-md5;
+        secret		"R3HI8P6BKw9ZwXwN3VZKuQ==";
+      };
+    </programlisting>
+    </para>
+
+    <para>
+      In the above example, <command>rndc</command> will by
+      default use
+      the server at localhost (127.0.0.1) and the key called samplekey.
+      Commands to the localhost server will use the samplekey key, which
+      must also be defined in the server's configuration file with the
+      same name and secret.  The key statement indicates that samplekey
+      uses the HMAC-MD5 algorithm and its secret clause contains the
+      base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+    </para>
+    <para>
+      If <command>rndc -s testserver</command> is used then <command>rndc</command> will
+      connect to server on localhost port 5353 using the key testkey.
+    </para>
+    <para>
+      To generate a random secret with <command>rndc-confgen</command>:
+    </para>
+    <para><userinput>rndc-confgen</userinput>
+    </para>
+    <para>
+      A complete <filename>rndc.conf</filename> file, including
+      the
+      randomly generated key, will be written to the standard
+      output.  Commented-out <option>key</option> and
+      <option>controls</option> statements for
+      <filename>named.conf</filename> are also printed.
+    </para>
+    <para>
+      To generate a base-64 secret with <command>mmencode</command>:
+    </para>
+    <para><userinput>echo "known plaintext for a secret" | mmencode</userinput>
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>NAME SERVER CONFIGURATION</title>
+    <para>
+      The name server must be configured to accept rndc connections and
+      to recognize the key specified in the <filename>rndc.conf</filename>
+      file, using the controls statement in <filename>named.conf</filename>.
+      See the sections on the <option>controls</option> statement in the
+      BIND 9 Administrator Reference Manual for details.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para><citerefentry>
+        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>mmencode</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>,
+      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>AUTHOR</title>
+    <para><corpauthor>Internet Systems Consortium</corpauthor>
+    </para>
+  </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
new file mode 100644
index 0000000..144cd1c
--- /dev/null
+++ b/bin/rndc/rndc.conf.html
@@ -0,0 +1,217 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: rndc.conf.html,v 1.29 2007/05/09 13:35:57 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>rndc.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.rndc.conf"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">rndc.conf</code> &#8212; rndc configuration file</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543352"></a><h2>DESCRIPTION</h2>
+<p><code class="filename">rndc.conf</code> is the configuration file
+      for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
+      utility.  This file has a similar structure and syntax to
+      <code class="filename">named.conf</code>.  Statements are enclosed
+      in braces and terminated with a semi-colon.  Clauses in
+      the statements are also semi-colon terminated.  The usual
+      comment styles are supported:
+    </p>
+<p>
+      C style: /* */
+    </p>
+<p>
+      C++ style: // to end of line
+    </p>
+<p>
+      Unix style: # to end of line
+    </p>
+<p><code class="filename">rndc.conf</code> is much simpler than
+      <code class="filename">named.conf</code>.  The file uses three
+      statements: an options statement, a server statement
+      and a key statement.
+    </p>
+<p>
+      The <code class="option">options</code> statement contains five clauses.
+      The <code class="option">default-server</code> clause is followed by the
+      name or address of a name server.  This host will be used when
+      no name server is given as an argument to
+      <span><strong class="command">rndc</strong></span>.  The <code class="option">default-key</code>
+      clause is followed by the name of a key which is identified by
+      a <code class="option">key</code> statement.  If no
+      <code class="option">keyid</code> is provided on the rndc command line,
+      and no <code class="option">key</code> clause is found in a matching
+      <code class="option">server</code> statement, this default key will be
+      used to authenticate the server's commands and responses.  The
+      <code class="option">default-port</code> clause is followed by the port
+      to connect to on the remote name server.  If no
+      <code class="option">port</code> option is provided on the rndc command
+      line, and no <code class="option">port</code> clause is found in a
+      matching <code class="option">server</code> statement, this default port
+      will be used to connect.
+      The <code class="option">default-source-address</code> and
+      <code class="option">default-source-address-v6</code> clauses which
+      can be used to set the IPv4 and IPv6 source addresses
+      respectively.
+    </p>
+<p>
+      After the <code class="option">server</code> keyword, the server
+      statement includes a string which is the hostname or address
+      for a name server.  The statement has three possible clauses:
+      <code class="option">key</code>, <code class="option">port</code> and
+      <code class="option">addresses</code>. The key name must match the
+      name of a key statement in the file.  The port number
+      specifies the port to connect to.  If an <code class="option">addresses</code>
+      clause is supplied these addresses will be used instead of
+      the server name.  Each address can take an optional port.
+      If an <code class="option">source-address</code> or <code class="option">source-address-v6</code>
+      of supplied then these will be used to specify the IPv4 and IPv6
+      source addresses respectively.
+    </p>
+<p>
+      The <code class="option">key</code> statement begins with an identifying
+      string, the name of the key.  The statement has two clauses.
+      <code class="option">algorithm</code> identifies the encryption algorithm
+      for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
+      is
+      supported.  This is followed by a secret clause which contains
+      the base-64 encoding of the algorithm's encryption key.  The
+      base-64 string is enclosed in double quotes.
+    </p>
+<p>
+      There are two common ways to generate the base-64 string for the
+      secret.  The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
+      can
+      be used to generate a random key, or the
+      <span><strong class="command">mmencode</strong></span> program, also known as
+      <span><strong class="command">mimencode</strong></span>, can be used to generate a
+      base-64
+      string from known input.  <span><strong class="command">mmencode</strong></span> does
+      not
+      ship with BIND 9 but is available on many systems.  See the
+      EXAMPLE section for sample command lines for each.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543500"></a><h2>EXAMPLE</h2>
+<pre class="programlisting">
+      options {
+        default-server  localhost;
+        default-key     samplekey;
+      };
+</pre>
+<p>
+    </p>
+<pre class="programlisting">
+      server localhost {
+        key             samplekey;
+      };
+</pre>
+<p>
+    </p>
+<pre class="programlisting">
+      server testserver {
+        key		testkey;
+        addresses	{ localhost port 5353; };
+      };
+</pre>
+<p>
+    </p>
+<pre class="programlisting">
+      key samplekey {
+        algorithm       hmac-md5;
+        secret          "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+      };
+</pre>
+<p>
+    </p>
+<pre class="programlisting">
+      key testkey {
+        algorithm	hmac-md5;
+        secret		"R3HI8P6BKw9ZwXwN3VZKuQ==";
+      };
+    </pre>
+<p>
+    </p>
+<p>
+      In the above example, <span><strong class="command">rndc</strong></span> will by
+      default use
+      the server at localhost (127.0.0.1) and the key called samplekey.
+      Commands to the localhost server will use the samplekey key, which
+      must also be defined in the server's configuration file with the
+      same name and secret.  The key statement indicates that samplekey
+      uses the HMAC-MD5 algorithm and its secret clause contains the
+      base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+    </p>
+<p>
+      If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will
+      connect to server on localhost port 5353 using the key testkey.
+    </p>
+<p>
+      To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:
+    </p>
+<p><strong class="userinput"><code>rndc-confgen</code></strong>
+    </p>
+<p>
+      A complete <code class="filename">rndc.conf</code> file, including
+      the
+      randomly generated key, will be written to the standard
+      output.  Commented-out <code class="option">key</code> and
+      <code class="option">controls</code> statements for
+      <code class="filename">named.conf</code> are also printed.
+    </p>
+<p>
+      To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>:
+    </p>
+<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong>
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543592"></a><h2>NAME SERVER CONFIGURATION</h2>
+<p>
+      The name server must be configured to accept rndc connections and
+      to recognize the key specified in the <code class="filename">rndc.conf</code>
+      file, using the controls statement in <code class="filename">named.conf</code>.
+      See the sections on the <code class="option">controls</code> statement in the
+      BIND 9 Administrator Reference Manual for details.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543613"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543652"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
new file mode 100644
index 0000000..d407f2b
--- /dev/null
+++ b/bin/rndc/rndc.docbook
@@ -0,0 +1,253 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001  Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ -->
+<refentry id="man.rndc">
+  <refentryinfo>
+    <date>June 30, 2000</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle><application>rndc</application></refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo>BIND9</refmiscinfo>
+  </refmeta>
+
+  <refnamediv>
+    <refname><application>rndc</application></refname>
+    <refpurpose>name server control utility</refpurpose>
+  </refnamediv>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2007</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>rndc</command>
+      <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
+      <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+      <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
+      <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
+      <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+      <arg><option>-V</option></arg>
+      <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
+      <arg choice="req">command</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+    <para><command>rndc</command>
+      controls the operation of a name
+      server.  It supersedes the <command>ndc</command> utility
+      that was provided in old BIND releases.  If
+      <command>rndc</command> is invoked with no command line
+      options or arguments, it prints a short summary of the
+      supported commands and the available options and their
+      arguments.
+    </para>
+    <para><command>rndc</command>
+      communicates with the name server
+      over a TCP connection, sending commands authenticated with
+      digital signatures.  In the current versions of
+      <command>rndc</command> and <command>named</command>,
+      the only supported authentication algorithm is HMAC-MD5,
+      which uses a shared secret on each end of the connection.
+      This provides TSIG-style authentication for the command
+      request and the name server's response.  All commands sent
+      over the channel must be signed by a key_id known to the
+      server.
+    </para>
+    <para><command>rndc</command>
+      reads a configuration file to
+      determine how to contact the name server and decide what
+      algorithm and key it should use.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>OPTIONS</title>
+
+    <variablelist>
+      <varlistentry>
+        <term>-b <replaceable class="parameter">source-address</replaceable></term>
+        <listitem>
+          <para>
+            Use <replaceable class="parameter">source-address</replaceable>
+            as the source address for the connection to the server.
+            Multiple instances are permitted to allow setting of both
+            the IPv4 and IPv6 source addresses.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c <replaceable class="parameter">config-file</replaceable></term>
+        <listitem>
+          <para>
+            Use <replaceable class="parameter">config-file</replaceable>
+            as the configuration file instead of the default,
+            <filename>/etc/rndc.conf</filename>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-k <replaceable class="parameter">key-file</replaceable></term>
+        <listitem>
+          <para>
+            Use <replaceable class="parameter">key-file</replaceable>
+            as the key file instead of the default,
+            <filename>/etc/rndc.key</filename>.  The key in
+            <filename>/etc/rndc.key</filename> will be used to
+            authenticate
+            commands sent to the server if the <replaceable class="parameter">config-file</replaceable>
+            does not exist.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-s <replaceable class="parameter">server</replaceable></term>
+        <listitem>
+          <para><replaceable class="parameter">server</replaceable> is
+            the name or address of the server which matches a
+            server statement in the configuration file for
+            <command>rndc</command>.  If no server is supplied on the
+            command line, the host named by the default-server clause
+            in the options statement of the <command>rndc</command>
+	    configuration file will be used.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p <replaceable class="parameter">port</replaceable></term>
+        <listitem>
+          <para>
+            Send commands to TCP port
+            <replaceable class="parameter">port</replaceable>
+            instead
+            of BIND 9's default control channel port, 953.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-V</term>
+        <listitem>
+          <para>
+            Enable verbose logging.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-y <replaceable class="parameter">key_id</replaceable></term>
+        <listitem>
+          <para>
+            Use the key <replaceable class="parameter">key_id</replaceable>
+            from the configuration file.
+            <replaceable class="parameter">key_id</replaceable>
+            must be
+            known by named with the same algorithm and secret string
+            in order for control message validation to succeed.
+            If no <replaceable class="parameter">key_id</replaceable>
+            is specified, <command>rndc</command> will first look
+            for a key clause in the server statement of the server
+            being used, or if no server statement is present for that
+            host, then the default-key clause of the options statement.
+            Note that the configuration file contains shared secrets
+            which are used to send authenticated control commands
+            to name servers.  It should therefore not have general read
+            or write access.
+          </para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+    <para>
+      For the complete set of commands supported by <command>rndc</command>,
+      see the BIND 9 Administrator Reference Manual or run
+      <command>rndc</command> without arguments to see its help
+      message.
+    </para>
+
+  </refsect1>
+
+  <refsect1>
+    <title>LIMITATIONS</title>
+    <para><command>rndc</command>
+      does not yet support all the commands of
+      the BIND 8 <command>ndc</command> utility.
+    </para>
+    <para>
+      There is currently no way to provide the shared secret for a
+      <option>key_id</option> without using the configuration file.
+    </para>
+    <para>
+      Several error messages could be clearer.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para><citerefentry>
+        <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>ndc</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>AUTHOR</title>
+    <para><corpauthor>Internet Systems Consortium</corpauthor>
+    </para>
+  </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
new file mode 100644
index 0000000..a8d11c4
--- /dev/null
+++ b/bin/rndc/rndc.html
@@ -0,0 +1,165 @@
+<!--
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: rndc.html,v 1.31 2007/12/14 22:37:22 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>rndc</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="man.rndc"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">rndc</span> &#8212; name server control utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543413"></a><h2>DESCRIPTION</h2>
+<p><span><strong class="command">rndc</strong></span>
+      controls the operation of a name
+      server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
+      that was provided in old BIND releases.  If
+      <span><strong class="command">rndc</strong></span> is invoked with no command line
+      options or arguments, it prints a short summary of the
+      supported commands and the available options and their
+      arguments.
+    </p>
+<p><span><strong class="command">rndc</strong></span>
+      communicates with the name server
+      over a TCP connection, sending commands authenticated with
+      digital signatures.  In the current versions of
+      <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
+      the only supported authentication algorithm is HMAC-MD5,
+      which uses a shared secret on each end of the connection.
+      This provides TSIG-style authentication for the command
+      request and the name server's response.  All commands sent
+      over the channel must be signed by a key_id known to the
+      server.
+    </p>
+<p><span><strong class="command">rndc</strong></span>
+      reads a configuration file to
+      determine how to contact the name server and decide what
+      algorithm and key it should use.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543448"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
+<dd><p>
+            Use <em class="replaceable"><code>source-address</code></em>
+            as the source address for the connection to the server.
+            Multiple instances are permitted to allow setting of both
+            the IPv4 and IPv6 source addresses.
+          </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+            Use <em class="replaceable"><code>config-file</code></em>
+            as the configuration file instead of the default,
+            <code class="filename">/etc/rndc.conf</code>.
+          </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>key-file</code></em></span></dt>
+<dd><p>
+            Use <em class="replaceable"><code>key-file</code></em>
+            as the key file instead of the default,
+            <code class="filename">/etc/rndc.key</code>.  The key in
+            <code class="filename">/etc/rndc.key</code> will be used to
+            authenticate
+            commands sent to the server if the <em class="replaceable"><code>config-file</code></em>
+            does not exist.
+          </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
+<dd><p><em class="replaceable"><code>server</code></em> is
+            the name or address of the server which matches a
+            server statement in the configuration file for
+            <span><strong class="command">rndc</strong></span>.  If no server is supplied on the
+            command line, the host named by the default-server clause
+            in the options statement of the <span><strong class="command">rndc</strong></span>
+	    configuration file will be used.
+          </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+            Send commands to TCP port
+            <em class="replaceable"><code>port</code></em>
+            instead
+            of BIND 9's default control channel port, 953.
+          </p></dd>
+<dt><span class="term">-V</span></dt>
+<dd><p>
+            Enable verbose logging.
+          </p></dd>
+<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
+<dd><p>
+            Use the key <em class="replaceable"><code>key_id</code></em>
+            from the configuration file.
+            <em class="replaceable"><code>key_id</code></em>
+            must be
+            known by named with the same algorithm and secret string
+            in order for control message validation to succeed.
+            If no <em class="replaceable"><code>key_id</code></em>
+            is specified, <span><strong class="command">rndc</strong></span> will first look
+            for a key clause in the server statement of the server
+            being used, or if no server statement is present for that
+            host, then the default-key clause of the options statement.
+            Note that the configuration file contains shared secrets
+            which are used to send authenticated control commands
+            to name servers.  It should therefore not have general read
+            or write access.
+          </p></dd>
+</dl></div>
+<p>
+      For the complete set of commands supported by <span><strong class="command">rndc</strong></span>,
+      see the BIND 9 Administrator Reference Manual or run
+      <span><strong class="command">rndc</strong></span> without arguments to see its help
+      message.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543656"></a><h2>LIMITATIONS</h2>
+<p><span><strong class="command">rndc</strong></span>
+      does not yet support all the commands of
+      the BIND 8 <span><strong class="command">ndc</strong></span> utility.
+    </p>
+<p>
+      There is currently no way to provide the shared secret for a
+      <code class="option">key_id</code> without using the configuration file.
+    </p>
+<p>
+      Several error messages could be clearer.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543683"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
+      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
+      <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543738"></a><h2>AUTHOR</h2>
+<p><span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>
diff --git a/bin/rndc/unix/Makefile.in b/bin/rndc/unix/Makefile.in
new file mode 100644
index 0000000..31a0532
--- /dev/null
+++ b/bin/rndc/unix/Makefile.in
@@ -0,0 +1,36 @@
+# Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.5 2007/06/19 23:46:59 tbox Exp $
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
+		${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+OBJS =		os.@O@
+
+SRCS =		os.c
+
+TARGETS =	${OBJS}
+
+@BIND9_MAKE_RULES@
diff --git a/bin/rndc/unix/os.c b/bin/rndc/unix/os.c
new file mode 100644
index 0000000..ddf8259
--- /dev/null
+++ b/bin/rndc/unix/os.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.10 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <rndc/os.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <sys/stat.h>
+
+int
+set_user(FILE *fd, const char *user) {
+	struct passwd *pw;
+
+	pw = getpwnam(user);
+	if (pw == NULL) {
+		errno = EINVAL;
+		return (-1);
+	}
+	return (fchown(fileno(fd), pw->pw_uid, -1));
+}
+
+FILE *
+safe_create(const char *filename) {
+	int fd;
+	FILE *f;
+        struct stat sb;
+	int flags = O_WRONLY;
+
+        if (stat(filename, &sb) == -1) {
+                if (errno != ENOENT)
+			return (NULL);
+		flags = O_WRONLY | O_CREAT | O_EXCL;
+        } else if ((sb.st_mode & S_IFREG) == 0) {
+		errno = EOPNOTSUPP;
+		return (NULL);
+	} else
+		flags = O_WRONLY | O_TRUNC;
+
+	fd = open(filename, flags, S_IRUSR | S_IWUSR);
+	if (fd == -1)
+		return (NULL);
+	f = fdopen(fd, "w");
+	if (f == NULL)
+		close(fd);
+	return (f);
+}
diff --git a/bin/rndc/util.c b/bin/rndc/util.c
new file mode 100644
index 0000000..c654462
--- /dev/null
+++ b/bin/rndc/util.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: util.c,v 1.7 2007/06/19 23:46:59 tbox Exp $ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <isc/boolean.h>
+
+#include "util.h"
+
+extern isc_boolean_t verbose;
+extern const char *progname;
+
+void
+notify(const char *fmt, ...) {
+	va_list ap;
+
+	if (verbose) {
+		va_start(ap, fmt);
+		vfprintf(stderr, fmt, ap);
+		va_end(ap);
+		fputs("\n", stderr);
+	}
+}
+
+void            
+fatal(const char *format, ...) {
+	va_list args;
+
+	fprintf(stderr, "%s: ", progname);
+	va_start(args, format);
+	vfprintf(stderr, format, args);
+	va_end(args);
+	fprintf(stderr, "\n");
+	exit(1);
+}               
diff --git a/bin/rndc/util.h b/bin/rndc/util.h
new file mode 100644
index 0000000..7adcaa5
--- /dev/null
+++ b/bin/rndc/util.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: util.h,v 1.10 2007/06/19 23:46:59 tbox Exp $ */
+
+#ifndef RNDC_UTIL_H
+#define RNDC_UTIL_H 1
+
+/*! \file */
+
+#include <isc/lang.h>
+
+#include <isc/formatcheck.h>
+
+#define NS_CONTROL_PORT		953
+
+#undef DO
+#define DO(name, function) \
+	do { \
+		result = function; \
+		if (result != ISC_R_SUCCESS) \
+			fatal("%s: %s", name, isc_result_totext(result)); \
+		else \
+			notify("%s", name); \
+	} while (0)
+
+ISC_LANG_BEGINDECLS
+
+void
+notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void            
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+ISC_LANG_ENDDECLS
+
+#endif /* RNDC_UTIL_H */
diff --git a/bin/rndc/win32/confgen.dsp b/bin/rndc/win32/confgen.dsp
new file mode 100644
index 0000000..3cdd722
--- /dev/null
+++ b/bin/rndc/win32/confgen.dsp
@@ -0,0 +1,111 @@
+# Microsoft Developer Studio Project File - Name="rndcconfgen" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=rndcconfgen - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "confgen.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "confgen.mak" CFG="rndcconfgen - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/util.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe"
+
+!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/util.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
+
+!ENDIF 
+
+# Begin Target
+
+# Name "rndcconfgen - Win32 Release"
+# Name "rndcconfgen - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=.\os.c
+# End Source File
+# Begin Source File
+
+SOURCE="..\rndc-confgen.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\util.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/rndc/win32/confgen.dsw b/bin/rndc/win32/confgen.dsw
new file mode 100644
index 0000000..1b1f888
--- /dev/null
+++ b/bin/rndc/win32/confgen.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "confgen"=".\confgen.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/rndc/win32/confgen.mak b/bin/rndc/win32/confgen.mak
new file mode 100644
index 0000000..02299e2
--- /dev/null
+++ b/bin/rndc/win32/confgen.mak
@@ -0,0 +1,313 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on confgen.dsp
+!IF "$(CFG)" == ""
+CFG=rndcconfgen - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to rndcconfgen - Win32 Debug.
+!ENDIF 
+
+!IF "$(CFG)" != "rndcconfgen - Win32 Release" && "$(CFG)" != "rndcconfgen - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "confgen.mak" CFG="rndcconfgen - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\rndc-confgen.exe"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\os.obj"
+	-@erase "$(INTDIR)\rndc-confgen.obj"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "..\..\..\Build\Release\rndc-confgen.exe"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\confgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\rndc-confgen.pdb" /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\os.obj" \
+	"$(INTDIR)\rndc-confgen.obj" \
+	"$(INTDIR)\util.obj"
+
+"..\..\..\Build\Release\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\rndc-confgen.exe" "$(OUTDIR)\confgen.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\os.obj"
+	-@erase "$(INTDIR)\os.sbr"
+	-@erase "$(INTDIR)\rndc-confgen.obj"
+	-@erase "$(INTDIR)\rndc-confgen.sbr"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\util.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\confgen.bsc"
+	-@erase "$(OUTDIR)\rndc-confgen.pdb"
+	-@erase "..\..\..\Build\Debug\rndc-confgen.exe"
+	-@erase "..\..\..\Build\Debug\rndc-confgen.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\os.sbr" \
+	"$(INTDIR)\rndc-confgen.sbr" \
+	"$(INTDIR)\util.sbr"
+
+"$(OUTDIR)\confgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\os.obj" \
+	"$(INTDIR)\rndc-confgen.obj" \
+	"$(INTDIR)\util.obj"
+
+"..\..\..\Build\Debug\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("confgen.dep")
+!INCLUDE "confgen.dep"
+!ELSE 
+!MESSAGE Warning: cannot find "confgen.dep"
+!ENDIF 
+!ENDIF 
+
+
+!IF "$(CFG)" == "rndcconfgen - Win32 Release" || "$(CFG)" == "rndcconfgen - Win32 Debug"
+SOURCE=.\os.c
+
+!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
+
+
+"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+
+"$(INTDIR)\os.obj"	"$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF 
+
+SOURCE="..\rndc-confgen.c"
+
+!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
+
+
+"$(INTDIR)\rndc-confgen.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+
+"$(INTDIR)\rndc-confgen.obj"	"$(INTDIR)\rndc-confgen.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+SOURCE=..\util.c
+
+!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
+
+
+"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
+
+
+"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+
+!ENDIF 
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/rndc/win32/os.c b/bin/rndc/win32/os.c
new file mode 100644
index 0000000..cf9d311
--- /dev/null
+++ b/bin/rndc/win32/os.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: os.c,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
+
+#include <config.h>
+
+#include <rndc/os.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <io.h>
+#include <sys/stat.h>
+
+int
+set_user(FILE *fd, const char *user) {
+	return (0);
+}
+
+/*
+ * Note that the error code EOPNOTSUPP does not exist
+ * on win32 so we are forced to fall back to using
+ * ENOENT for now. WSAEOPNOTSUPP does exist but it
+ * should only be used for sockets.
+ */
+
+FILE *
+safe_create(const char *filename) {
+	int fd;
+	FILE *f;
+        struct stat sb;
+
+        if (stat(filename, &sb) == -1) {
+                if (errno != ENOENT)
+			return (NULL);
+        } else if ((sb.st_mode & S_IFREG) == 0) {
+		errno = ENOENT;
+		return (NULL);
+	}
+
+	fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+	if (fd == -1)
+		return (NULL);
+	f = fdopen(fd, "w");
+	if (f == NULL)
+		close(fd);
+	return (f);
+}
diff --git a/bin/rndc/win32/rndc.dsp b/bin/rndc/win32/rndc.dsp
new file mode 100644
index 0000000..ba153e4
--- /dev/null
+++ b/bin/rndc/win32/rndc.dsp
@@ -0,0 +1,107 @@
+# Microsoft Developer Studio Project File - Name="rndc" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=rndc - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "rndc.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "rndc.mak" CFG="rndc - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "rndc - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndc - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/util.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /profile /machine:I386 /out:"../../../Build/Release/rndc.exe"
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/util.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/rndc.exe" /pdbtype:sept
+
+!ENDIF 
+
+# Begin Target
+
+# Name "rndc - Win32 Release"
+# Name "rndc - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE=..\rndc.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\util.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/bin/rndc/win32/rndc.dsw b/bin/rndc/win32/rndc.dsw
new file mode 100644
index 0000000..97d3e43
--- /dev/null
+++ b/bin/rndc/win32/rndc.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "rndc"=".\rndc.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
diff --git a/bin/rndc/win32/rndc.mak b/bin/rndc/win32/rndc.mak
new file mode 100644
index 0000000..8220048
--- /dev/null
+++ b/bin/rndc/win32/rndc.mak
@@ -0,0 +1,425 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on rndc.dsp
+!IF "$(CFG)" == ""
+CFG=rndc - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to rndc - Win32 Debug.
+!ENDIF 
+
+!IF "$(CFG)" != "rndc - Win32 Release" && "$(CFG)" != "rndc - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "rndc.mak" CFG="rndc - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "rndc - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "rndc - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "..\..\..\Build\Release\rndc.exe"
+
+!ELSE 
+
+ALL : "libbind9 - Win32 Release" "libisccfg - Win32 Release" "libisccc - Win32 Release" "libisc - Win32 Release" "..\..\..\Build\Release\rndc.exe"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"libisc - Win32 ReleaseCLEAN" "libisccc - Win32 ReleaseCLEAN" "libisccfg - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" 
+!ELSE 
+CLEAN :
+!ENDIF 
+	-@erase "$(INTDIR)\rndc.obj"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "..\..\..\Build\Release\rndc.exe"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\rndc.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\rndc.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib  ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /profile /machine:I386 /out:"../../../Build/Release/rndc.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\rndc.obj" \
+	"$(INTDIR)\util.obj" \
+	"..\..\..\lib\isc\win32\Release\libisc.lib" \
+	"..\..\..\lib\isccc\win32\Release\libisccc.lib" \
+	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
+	"..\..\..\lib\bind9\win32\Release\libbind9.lib"
+
+"..\..\..\Build\Release\rndc.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "..\..\..\Build\Debug\rndc.exe" "$(OUTDIR)\rndc.bsc"
+
+!ELSE 
+
+ALL : "libbind9 - Win32 Debug" "libisccfg - Win32 Debug" "libisccc - Win32 Debug" "libisc - Win32 Debug" "..\..\..\Build\Debug\rndc.exe" "$(OUTDIR)\rndc.bsc"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"libisc - Win32 DebugCLEAN" "libisccc - Win32 DebugCLEAN" "libisccfg - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" 
+!ELSE 
+CLEAN :
+!ENDIF 
+	-@erase "$(INTDIR)\rndc.obj"
+	-@erase "$(INTDIR)\rndc.sbr"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\util.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\rndc.bsc"
+	-@erase "$(OUTDIR)\rndc.pdb"
+	-@erase "..\..\..\Build\Debug\rndc.exe"
+	-@erase "..\..\..\Build\Debug\rndc.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\rndc.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\rndc.sbr" \
+	"$(INTDIR)\util.sbr"
+
+"$(OUTDIR)\rndc.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib  ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc.pdb" /debug /machine:I386 /out:"../../../Build/Debug/rndc.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\rndc.obj" \
+	"$(INTDIR)\util.obj" \
+	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
+	"..\..\..\lib\isccc\win32\Debug\libisccc.lib" \
+	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
+	"..\..\..\lib\bind9\win32\Debug\libbind9.lib"
+
+"..\..\..\Build\Debug\rndc.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("rndc.dep")
+!INCLUDE "rndc.dep"
+!ELSE 
+!MESSAGE Warning: cannot find "rndc.dep"
+!ENDIF 
+!ENDIF 
+
+
+!IF "$(CFG)" == "rndc - Win32 Release" || "$(CFG)" == "rndc - Win32 Debug"
+SOURCE=..\rndc.c
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+
+"$(INTDIR)\rndc.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+
+"$(INTDIR)\rndc.obj"	"$(INTDIR)\rndc.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+SOURCE=..\util.c
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+
+"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+
+"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+"libisc - Win32 Release" : 
+   cd "..\..\..\lib\isc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libisc - Win32 ReleaseCLEAN" : 
+   cd "..\..\..\lib\isc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+"libisc - Win32 Debug" : 
+   cd "..\..\..\lib\isc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libisc - Win32 DebugCLEAN" : 
+   cd "..\..\..\lib\isc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ENDIF 
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+"libisccc - Win32 Release" : 
+   cd "..\..\..\lib\isccc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Release" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libisccc - Win32 ReleaseCLEAN" : 
+   cd "..\..\..\lib\isccc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Release" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+"libisccc - Win32 Debug" : 
+   cd "..\..\..\lib\isccc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Debug" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libisccc - Win32 DebugCLEAN" : 
+   cd "..\..\..\lib\isccc\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccc.mak" CFG="libisccc - Win32 Debug" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ENDIF 
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+"libisccfg - Win32 Release" : 
+   cd "..\..\..\lib\isccfg\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libisccfg - Win32 ReleaseCLEAN" : 
+   cd "..\..\..\lib\isccfg\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+"libisccfg - Win32 Debug" : 
+   cd "..\..\..\lib\isccfg\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libisccfg - Win32 DebugCLEAN" : 
+   cd "..\..\..\lib\isccfg\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ENDIF 
+
+!IF  "$(CFG)" == "rndc - Win32 Release"
+
+"libbind9 - Win32 Release" : 
+   cd "..\..\..\lib\bind9\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libbind9 - Win32 ReleaseCLEAN" : 
+   cd "..\..\..\lib\bind9\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ELSEIF  "$(CFG)" == "rndc - Win32 Debug"
+
+"libbind9 - Win32 Debug" : 
+   cd "..\..\..\lib\bind9\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
+   cd "..\..\..\bin\rndc\win32"
+
+"libbind9 - Win32 DebugCLEAN" : 
+   cd "..\..\..\lib\bind9\win32"
+   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
+   cd "..\..\..\bin\rndc\win32"
+
+!ENDIF 
+
+
+!ENDIF 
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
diff --git a/bin/rndc/win32/rndcutil.dsp b/bin/rndc/win32/rndcutil.dsp
new file mode 100644
index 0000000..8827e09
--- /dev/null
+++ b/bin/rndc/win32/rndcutil.dsp
@@ -0,0 +1,119 @@
+# Microsoft Developer Studio Project File - Name="rndcutil" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=rndcutil - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "rndcutil.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "rndcutil.mak" CFG="rndcutil - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "rndcutil - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "rndcutil - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "rndcutil - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdutil
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /out:"Release/util.lib"
+LIB32=lib.exe
+# ADD BASE LIB32
+# ADD LIB32 /out:"Release/util.lib"
+
+!ELSEIF  "$(CFG)" == "rndcutil - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdutil
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /debug /out:"Debug/util.lib"
+LIB32=lib.exe
+# ADD BASE LIB32
+# ADD LIB32 /out:"Debug/util.lib"
+
+!ENDIF 
+
+# Begin Target
+
+# Name "rndcutil - Win32 Release"
+# Name "rndcutil - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\util.c
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/bin/rndc/win32/rndcutil.dsw b/bin/rndc/win32/rndcutil.dsw
new file mode 100644
index 0000000..c6d981a
--- /dev/null
+++ b/bin/rndc/win32/rndcutil.dsw
@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "rndcutil"=".\rndcutil.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+
-- 
cgit