From 83217b5fdc70ea66fedf2ab3e9b9169c2b8a200a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 12 May 2005 23:54:40 +0000 Subject: [PATCH 001/148] regen --- bin/check/named-checkconf.8 | 4 +- bin/check/named-checkconf.html | 13 ++- bin/check/named-checkzone.8 | 4 +- bin/check/named-checkzone.html | 13 ++- bin/dig/dig.1 | 10 +- bin/dig/dig.html | 19 ++-- bin/dig/host.1 | 4 +- bin/dig/host.html | 9 +- bin/dig/nslookup.1 | 4 +- bin/dig/nslookup.html | 15 +-- bin/dnssec/dnssec-keygen.8 | 4 +- bin/dnssec/dnssec-keygen.html | 15 +-- bin/dnssec/dnssec-signzone.8 | 4 +- bin/dnssec/dnssec-signzone.html | 13 ++- bin/named/lwresd.8 | 4 +- bin/named/lwresd.html | 13 ++- bin/named/named.8 | 4 +- bin/named/named.conf.5 | 4 +- bin/named/named.conf.html | 31 ++--- bin/named/named.html | 17 +-- bin/nsupdate/nsupdate.8 | 4 +- bin/nsupdate/nsupdate.html | 15 +-- bin/rndc/rndc-confgen.8 | 4 +- bin/rndc/rndc-confgen.html | 13 ++- bin/rndc/rndc.8 | 4 +- bin/rndc/rndc.conf.5 | 4 +- bin/rndc/rndc.conf.html | 13 ++- bin/rndc/rndc.html | 13 ++- doc/arm/Bv9ARM.ch01.html | 49 ++++---- doc/arm/Bv9ARM.ch02.html | 21 ++-- doc/arm/Bv9ARM.ch03.html | 25 +++-- doc/arm/Bv9ARM.ch04.html | 65 +++++------ doc/arm/Bv9ARM.ch05.html | 5 +- doc/arm/Bv9ARM.ch06.html | 135 +++++++++++----------- doc/arm/Bv9ARM.ch07.html | 13 ++- doc/arm/Bv9ARM.ch08.html | 17 +-- doc/arm/Bv9ARM.ch09.html | 17 +-- doc/arm/Bv9ARM.html | 143 ++++++++++++------------ lib/lwres/man/lwres.3 | 4 +- lib/lwres/man/lwres.html | 13 ++- lib/lwres/man/lwres_buffer.3 | 4 +- lib/lwres/man/lwres_buffer.html | 5 +- lib/lwres/man/lwres_config.3 | 4 +- lib/lwres/man/lwres_config.html | 11 +- lib/lwres/man/lwres_context.3 | 4 +- lib/lwres/man/lwres_context.html | 9 +- lib/lwres/man/lwres_gabn.3 | 4 +- lib/lwres/man/lwres_gabn.html | 9 +- lib/lwres/man/lwres_gai_strerror.3 | 4 +- lib/lwres/man/lwres_gai_strerror.html | 7 +- lib/lwres/man/lwres_getaddrinfo.3 | 4 +- lib/lwres/man/lwres_getaddrinfo.html | 9 +- lib/lwres/man/lwres_gethostent.3 | 4 +- lib/lwres/man/lwres_gethostent.html | 11 +- lib/lwres/man/lwres_getipnode.3 | 4 +- lib/lwres/man/lwres_getipnode.html | 9 +- lib/lwres/man/lwres_getnameinfo.3 | 4 +- lib/lwres/man/lwres_getnameinfo.html | 11 +- lib/lwres/man/lwres_getrrsetbyname.3 | 4 +- lib/lwres/man/lwres_getrrsetbyname.html | 9 +- lib/lwres/man/lwres_gnba.3 | 4 +- lib/lwres/man/lwres_gnba.html | 9 +- lib/lwres/man/lwres_hstrerror.3 | 4 +- lib/lwres/man/lwres_hstrerror.html | 9 +- lib/lwres/man/lwres_inetntop.3 | 4 +- lib/lwres/man/lwres_inetntop.html | 9 +- lib/lwres/man/lwres_noop.3 | 4 +- lib/lwres/man/lwres_noop.html | 9 +- lib/lwres/man/lwres_packet.3 | 4 +- lib/lwres/man/lwres_packet.html | 7 +- lib/lwres/man/lwres_resutil.3 | 4 +- lib/lwres/man/lwres_resutil.html | 9 +- 72 files changed, 546 insertions(+), 441 deletions(-) diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index efa96f87e4..f694d50eed 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: named-checkconf.8,v 1.22 2005/05/12 23:54:21 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index 126b1cbe6f..85c4e0f2ce 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

named-checkconf — named configuration file syntax checking tool

@@ -31,14 +32,14 @@

named-checkconf [-v] [-j] [-t directory] {filename} [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file.

-

OPTIONS

+

OPTIONS

-t directory

@@ -69,20 +70,20 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 008093ff3e..06e8f52d30 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: named-checkzone.8,v 1.26 2005/05/12 23:54:21 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index dade5b4800..5ad1ec5b42 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

named-checkzone — zone file validity checking tool

@@ -31,7 +32,7 @@

named-checkzone [-d] [-j] [-q] [-v] [-c class] [-k mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -40,7 +41,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -121,21 +122,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), RFC 1035, BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index cd6e31f9e5..5e7a41fc2f 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: dig.1,v 1.29 2005/05/12 23:54:22 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. @@ -39,8 +41,10 @@ dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fIaddress\fR\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-f\ \fIfilename\fR\fR] [\fB\-k\ \fIfilename\fR\fR] [\fB\-p\ \fIport#\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-x\ \fIaddr\fR\fR] [\fB\-y\ \fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...].HP 4 -\fBdig\fR [\fB\-h\fR].HP 4 +\fBdig\fR [@server] [\fB\-b\ \fIaddress\fR\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-f\ \fIfilename\fR\fR] [\fB\-k\ \fIfilename\fR\fR] [\fB\-p\ \fIport#\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-x\ \fIaddr\fR\fR] [\fB\-y\ \fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +.HP 4 +\fBdig\fR [\fB\-h\fR] +.HP 4 \fBdig\fR [global\-queryopt...] [query...] .SH "DESCRIPTION" .PP diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 0f55b1a1b8..108164e1a2 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

dig — DNS lookup utility

@@ -33,7 +34,7 @@

dig [global-queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -72,7 +73,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of dig looks like:

@@ -118,7 +119,7 @@

-

OPTIONS

+

OPTIONS

The -b option sets the source IP address of the query to address. This must be a valid @@ -212,7 +213,7 @@

-

QUERY OPTIONS

+

QUERY OPTIONS

dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -510,7 +511,7 @@

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports @@ -556,14 +557,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

FILES

+

FILES

/etc/resolv.conf

${HOME}/.digrc

-

SEE ALSO

+

SEE ALSO

host(1), named(8), dnssec-keygen(8), @@ -571,7 +572,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/bin/dig/host.1 b/bin/dig/host.1 index 8120c895fe..7321760d72 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: host.1,v 1.20 2005/05/12 23:54:23 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/dig/host.html b/bin/dig/host.html index cc524b5af6..2c36b0730d 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

host — DNS lookup utility

@@ -31,7 +32,7 @@

host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

-

DESCRIPTION

+

DESCRIPTION

host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -177,12 +178,12 @@

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8).

diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index 7c1b156b0e..f9d55a926d 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -11,7 +11,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: nslookup.1,v 1.4 2005/05/12 23:54:23 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index c7286e11e0..dcac0500d7 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -13,6 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -20,7 +21,7 @@
-
+

Name

nslookup — query Internet name servers interactively

@@ -30,7 +31,7 @@

nslookup [-option] [name | -] [server]

-

DESCRIPTION

+

DESCRIPTION

Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows @@ -42,7 +43,7 @@

-

ARGUMENTS

+

ARGUMENTS

Interactive mode is entered in the following cases:

@@ -75,7 +76,7 @@ nslookup -query=hinfo -timeout=10

-

INTERACTIVE COMMANDS

+

INTERACTIVE COMMANDS

host [server]
@@ -275,19 +276,19 @@ nslookup -query=hinfo -timeout=10
-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), host(1), named(8).

-

Author

+

Author

Andrew Cherenson

diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index a6150d06d3..db8051e50a 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: dnssec-keygen.8,v 1.30 2005/05/12 23:54:23 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 5657ff10ea..ae42fa8ead 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

dnssec-keygen — DNSSEC key generation tool

@@ -31,7 +32,7 @@

dnssec-keygen {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate keys for use with @@ -39,7 +40,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -147,7 +148,7 @@
-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, @@ -194,7 +195,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -215,7 +216,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 2535, @@ -224,7 +225,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 246e198772..e23f468e51 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: dnssec-signzone.8,v 1.36 2005/05/12 23:54:24 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index e79108d06f..22d3b3ac26 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

dnssec-signzone — DNSSEC zone signing tool

@@ -31,7 +32,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-j jitter] [-n nthreads] [-o origin] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -42,7 +43,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -203,7 +204,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated in the dnssec-keygen @@ -229,14 +230,14 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 2535.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 4aa81c852d..37f40f3725 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: lwresd.8,v 1.20 2005/05/12 23:54:24 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 08d70e1347..5ed6ec2a4c 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

lwresd — lightweight resolver daemon

@@ -31,7 +32,7 @@

lwresd [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v]

-

DESCRIPTION

+

DESCRIPTION

lwresd is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -66,7 +67,7 @@

-

OPTIONS

+

OPTIONS

-C config-file

@@ -158,7 +159,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -171,14 +172,14 @@

-

SEE ALSO

+

SEE ALSO

named(8), lwres(3), resolver(5).

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/named/named.8 b/bin/named/named.8 index fcd67ffb2d..5118b5c132 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: named.8,v 1.25 2005/05/12 23:54:25 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index f746400964..8dc47c7827 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -11,7 +11,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: named.conf.5,v 1.10 2005/05/12 23:54:25 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 122f564ff8..024da505b1 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -13,6 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -20,7 +21,7 @@
-
+

Name

named.conf — configuration file for named

@@ -30,7 +31,7 @@

named.conf

-

DESCRIPTION

+

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed @@ -49,14 +50,14 @@

-

ACL

+

ACL


acl string { address_match_element; ... };

-

KEY

+

KEY


key domain_name {
algorithm string;
@@ -65,7 +66,7 @@ key

-

MASTERS

+

MASTERS


masters string [ port integer ] {
masters | ipv4_address [port integer] |
@@ -74,7 +75,7 @@ masters

-

SERVER

+

SERVER


server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
bogus boolean;
@@ -94,7 +95,7 @@ server

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys {
domain_name flags protocol algorithm key; ... 
@@ -102,7 +103,7 @@ trusted-keys

-

CONTROLS

+

CONTROLS


controls {
inet ( ipv4_address | ipv6_address | * )
@@ -114,7 +115,7 @@ controls

-

LOGGING

+

LOGGING


logging {
channel string {
@@ -132,7 +133,7 @@ logging

-

LWRES

+

LWRES


lwres {
listen-on [ port integer ] {
@@ -145,7 +146,7 @@ lwres

-

OPTIONS

+

OPTIONS


options {
avoid-v4-udp-ports { port; ... };
@@ -291,7 +292,7 @@ options

-

VIEW

+

VIEW


view string optional_class {
match-clients { address_match_element; ... };
@@ -412,7 +413,7 @@ view

-

ZONE

+

ZONE


zone string optional_class {
type ( master | slave | stub | hint |
@@ -490,12 +491,12 @@ zone

-

FILES

+

FILES

/etc/named.conf

-

SEE ALSO

+

SEE ALSO

named(8), rndc(8), BIND 9 Administrator Reference Manual. diff --git a/bin/named/named.html b/bin/named/named.html index efa1c773fa..849477b4f4 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@

-
+

Name

named — Internet domain name server

@@ -31,7 +32,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +47,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -179,7 +180,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -200,7 +201,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is provided @@ -209,7 +210,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -222,7 +223,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, @@ -232,7 +233,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8 index 6562f7d551..6c8921774b 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: nsupdate.8,v 1.35 2005/05/12 23:54:26 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 2b2aa36c76..9193138955 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

nsupdate — Dynamic DNS update utility

@@ -31,7 +32,7 @@

nsupdate [-d] [[-y keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-v] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. @@ -163,7 +164,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -353,7 +354,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -407,7 +408,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -426,7 +427,7 @@

-

SEE ALSO

+

SEE ALSO

RFC2136, RFC3007, RFC2104, @@ -439,7 +440,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8 index 0f1a112e63..4bc9a8d851 100644 --- a/bin/rndc/rndc-confgen.8 +++ b/bin/rndc/rndc-confgen.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: rndc-confgen.8,v 1.15 2005/05/12 23:54:26 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html index 634fcd965e..e3a8d12714 100644 --- a/bin/rndc/rndc-confgen.html +++ b/bin/rndc/rndc-confgen.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@

-
+

Name

rndc-confgen — rndc key generation tool

@@ -31,7 +32,7 @@

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -47,7 +48,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -154,7 +155,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -171,7 +172,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), @@ -179,7 +180,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index bf97717898..fab0424daa 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: rndc.8,v 1.33 2005/05/12 23:54:28 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 6ac8195837..cb72671533 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -12,7 +12,9 @@ .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. -.\" +.\" +.\" $Id: rndc.conf.5,v 1.31 2005/05/12 23:54:28 sra Exp $ +.\" .hy 0 .ad l .\"Generated by db2man.xsl. Don't modify this, modify the source. diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index 6f2fc5c9dd..9f52a0bac8 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

rndc.conf — rndc configuration file

@@ -31,7 +32,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -116,7 +117,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -190,7 +191,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -200,7 +201,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), @@ -208,7 +209,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 0b9164502f..7b07a8edb7 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -21,7 +22,7 @@
-
+

Name

rndc — name server control utility

@@ -31,7 +32,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -60,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -133,7 +134,7 @@

-

LIMITATIONS

+

LIMITATIONS

rndc does not yet support all the commands of the BIND 8 ndc utility. @@ -147,7 +148,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), named(8), named.conf(5) @@ -156,7 +157,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index 27f7768f10..01d4728a45 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -44,17 +45,17 @@

Table of Contents

-
Scope of Document
-
Organization of This Document
-
Conventions Used in This Document
-
The Domain Name System (DNS)
+
Scope of Document
+
Organization of This Document
+
Conventions Used in This Document
+
The Domain Name System (DNS)
-
DNS Fundamentals
-
Domains and Domain Names
-
Zones
-
Authoritative Name Servers
-
Caching Name Servers
-
Name Servers in Multiple Roles
+
DNS Fundamentals
+
Domains and Domain Names
+
Zones
+
Authoritative Name Servers
+
Caching Name Servers
+
Name Servers in Multiple Roles
@@ -70,7 +71,7 @@

-Scope of Document

+Scope of Document

The Berkeley Internet Name Domain (BIND) implements an @@ -87,7 +88,7 @@

-Organization of This Document

+Organization of This Document

In this document, Section 1 introduces the basic DNS and BIND concepts. Section 2 @@ -116,7 +117,7 @@

-Conventions Used in This Document

+Conventions Used in This Document

In this document, we use the following general typographic conventions: @@ -243,7 +244,7 @@

-The Domain Name System (DNS)

+The Domain Name System (DNS)

The purpose of this document is to explain the installation and upkeep of the BIND software @@ -253,7 +254,7 @@

-DNS Fundamentals

+DNS Fundamentals

The Domain Name System (DNS) is the hierarchical, distributed database. It stores information for mapping Internet host names to @@ -273,7 +274,7 @@

-Domains and Domain Names

+Domains and Domain Names

The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree, @@ -319,7 +320,7 @@

-Zones

+Zones

To properly operate a name server, it is important to understand the difference between a zone @@ -372,7 +373,7 @@

-Authoritative Name Servers

+Authoritative Name Servers

Each zone is served by at least one authoritative name server, @@ -388,7 +389,7 @@

-The Primary Master

+The Primary Master

The authoritative server where the master copy of the zone data is maintained is @@ -404,7 +405,7 @@

-Slave Servers

+Slave Servers

The other authoritative servers, the slave servers (also known as secondary servers) @@ -420,7 +421,7 @@

-Stealth Servers

+Stealth Servers

Usually all of the zone's authoritative servers are listed in NS records in the parent zone. These NS records constitute @@ -455,7 +456,7 @@

-Caching Name Servers

+Caching Name Servers

The resolver libraries provided by most operating systems are stub resolvers, meaning that they are not @@ -482,7 +483,7 @@

-Forwarding

+Forwarding

Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can @@ -513,7 +514,7 @@

-Name Servers in Multiple Roles

+Name Servers in Multiple Roles

The BIND name server can simultaneously act as diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index a35c5521e9..6f960c43bc 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -44,16 +45,16 @@

Table of Contents

-
Hardware requirements
-
CPU Requirements
-
Memory Requirements
-
Name Server Intensive Environment Issues
-
Supported Operating Systems
+
Hardware requirements
+
CPU Requirements
+
Memory Requirements
+
Name Server Intensive Environment Issues
+
Supported Operating Systems

-Hardware requirements

+Hardware requirements

DNS hardware requirements have traditionally been quite modest. @@ -72,7 +73,7 @@

-CPU Requirements

+CPU Requirements

CPU requirements for BIND 9 range from i486-class machines @@ -83,7 +84,7 @@

-Memory Requirements

+Memory Requirements

The memory of the server has to be large enough to fit the cache and zones loaded off disk. The max-cache-size @@ -106,7 +107,7 @@

-Name Server Intensive Environment Issues

+Name Server Intensive Environment Issues

For name server intensive environments, there are two alternative configurations that may be used. The first is where clients and @@ -123,7 +124,7 @@

-Supported Operating Systems

+Supported Operating Systems

ISC BIND 9 compiles and runs on a large number diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index d38f7e61bb..90a3db5dbb 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -46,14 +47,14 @@

Sample Configurations
-
A Caching-only Name Server
-
An Authoritative-only Name Server
+
A Caching-only Name Server
+
An Authoritative-only Name Server
-
Load Balancing
-
Name Server Operations
+
Load Balancing
+
Name Server Operations
-
Tools for Use With the Name Server Daemon
-
Signals
+
Tools for Use With the Name Server Daemon
+
Signals
@@ -67,7 +68,7 @@ Sample Configurations

-A Caching-only Name Server

+A Caching-only Name Server

The following sample configuration is appropriate for a caching-only name server for use by clients internal to a corporation. All @@ -94,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {

-An Authoritative-only Name Server

+An Authoritative-only Name Server

This sample configuration is for an authoritative-only server that is the master server for "example.com" @@ -136,7 +137,7 @@ zone "eng.example.com" {

-Load Balancing

+Load Balancing

A primitive form of load balancing can be achieved in the DNS by using multiple A records for @@ -283,10 +284,10 @@ zone "eng.example.com" {

-Name Server Operations

+Name Server Operations

-Tools for Use With the Name Server Daemon

+Tools for Use With the Name Server Daemon

There are several indispensable diagnostic, administrative and monitoring tools available to the system administrator for @@ -741,7 +742,7 @@ controls {

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 6e4c432430..cd301134bb 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -48,28 +49,28 @@

Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
+
Split DNS
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format
@@ -198,7 +199,7 @@

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization @@ -466,7 +467,7 @@ nameserver 172.16.72.4

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must @@ -474,7 +475,7 @@ nameserver 172.16.72.4

-Automatic Generation

+Automatic Generation

The following command will generate a 128 bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys @@ -499,7 +500,7 @@ nameserver 172.16.72.4

-Manual Generation

+Manual Generation

The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming @@ -514,7 +515,7 @@ nameserver 172.16.72.4

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc. @@ -522,7 +523,7 @@ nameserver 172.16.72.4

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

Imagine host1 and host 2 are @@ -551,7 +552,7 @@ key host1-host2. {

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the named.conf file @@ -583,7 +584,7 @@ server 10.1.2.3 {

-TSIG Key Based Access Control

+TSIG Key Based Access Control

BIND allows IP addresses and ranges to be specified in ACL @@ -611,7 +612,7 @@ allow-update { key host1-host2. ;};

-Errors

+Errors

The processing of TSIG signed messages can result in several errors. If a signed message is sent to a non-TSIG aware @@ -637,7 +638,7 @@ allow-update { key host1-host2. ;};

-TKEY

+TKEY

TKEY is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of @@ -673,7 +674,7 @@ allow-update { key host1-host2. ;};

-SIG(0)

+SIG(0)

BIND 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC2931. @@ -735,7 +736,7 @@ allow-update { key host1-host2. ;};

-Generating Keys

+Generating Keys

The dnssec-keygen program is used to generate keys. @@ -786,7 +787,7 @@ allow-update { key host1-host2. ;};

-Signing the Zone

+Signing the Zone

The dnssec-signzone program is used to @@ -830,7 +831,7 @@ allow-update { key host1-host2. ;};

-Configuring Servers

+Configuring Servers

Unlike BIND 8, BIND 9 does not verify signatures on @@ -847,7 +848,7 @@ allow-update { key host1-host2. ;};

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

BIND 9 fully supports all currently defined forms of IPv6 @@ -891,7 +892,7 @@ allow-update { key host1-host2. ;};

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

The AAAA record is a parallel to the IPv4 A record. It specifies the entire address in a single record. For @@ -911,7 +912,7 @@ host 3600 IN AAAA 2001:db8::1

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 0a321e3942..e35cde771b 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -44,13 +45,13 @@

Table of Contents

-
The Lightweight Resolver Library
+
The Lightweight Resolver Library
Running a Resolver Daemon

-The Lightweight Resolver Library

+The Lightweight Resolver Library

Traditionally applications have been linked with a stub resolver library that sends recursive DNS queries to a local caching name diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 94929dfdbf..f846ccd58b 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,6 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> + @@ -47,52 +48,52 @@

Configuration File Elements
Address Match Lists
-
Comment Syntax
+
Comment Syntax
Configuration File Grammar
-
acl Statement Grammar
+
acl Statement Grammar
acl Statement Definition and Usage
-
controls Statement Grammar
+
controls Statement Grammar
controls Statement Definition and Usage
-
include Statement Grammar
-
include Statement Definition and +
include Statement Grammar
+
include Statement Definition and Usage
-
key Statement Grammar
-
key Statement Definition and Usage
-
logging Statement Grammar
-
logging Statement Definition and +
key Statement Grammar
+
key Statement Definition and Usage
+
logging Statement Grammar
+
logging Statement Definition and Usage
-
lwres Statement Grammar
-
lwres Statement Definition and Usage
-
masters Statement Grammar
-
masters Statement Definition and +
lwres Statement Grammar
+
lwres Statement Definition and Usage
+
masters Statement Grammar
+
masters Statement Definition and Usage
-
options Statement Grammar
+
options Statement Grammar
options Statement Definition and Usage
server Statement Grammar
server Statement Definition and Usage
-
trusted-keys Statement Grammar
-
trusted-keys Statement Definition +
trusted-keys Statement Grammar
+
trusted-keys Statement Definition and Usage
view Statement Grammar
-
view Statement Definition and Usage
+
view Statement Definition and Usage
zone Statement Grammar
-
zone Statement Definition and Usage
+
zone Statement Definition and Usage
-
Zone File
+
Zone File
Types of Resource Records and When to Use Them
-
Discussion of MX Records
+
Discussion of MX Records
Setting TTLs
-
Inverse Mapping in IPv4
-
Other Zone File Directives
-
BIND Master File Extension: the $GENERATE Directive
+
Inverse Mapping in IPv4
+
Other Zone File Directives
+
BIND Master File Extension: the $GENERATE Directive
@@ -410,7 +411,7 @@ Address Match Lists

-Syntax

+Syntax
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -419,7 +420,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -496,7 +497,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -506,7 +507,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -521,7 +522,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -755,7 +756,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name { 
     address_match_list 
 };
@@ -838,7 +839,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys {  key_list  };
@@ -978,12 +979,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -998,7 +999,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1007,7 +1008,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1050,7 +1051,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path name
@@ -1074,7 +1075,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1108,7 +1109,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1627,7 +1628,7 @@ category notify { null; };
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1642,7 +1643,7 @@ category notify { null; };
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -1693,14 +1694,14 @@ category notify { null; };
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] } ; 
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
 	  lists allow for a common set of masters to be easily used by
@@ -1709,7 +1710,7 @@ category notify { null; };
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -2670,7 +2671,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -2714,7 +2715,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -2879,7 +2880,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -2959,7 +2960,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
 
 

 

-Query Address

+Query Address

 

             If the server doesn't know the answer to a question, it will
             query other name servers. query-source specifies
@@ -3203,7 +3204,7 @@ query-source-v6 address * port *;
 
 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 
avoid-v4-udp-ports
 	    and avoid-v6-udp-ports specify a list
             of IPv4 and IPv6 UDP ports that will not be used as system
@@ -3217,7 +3218,7 @@ query-source-v6 address * port *;
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3277,7 +3278,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3356,7 +3357,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -4180,7 +4181,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4189,7 +4190,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4228,7 +4229,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             new feature
@@ -4398,10 +4399,10 @@ view "external" {
 
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 
@@ -4610,7 +4611,7 @@ view "external" {
 

 

-Class

+Class

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -4632,7 +4633,7 @@ view "external" {
 
 

 

-Zone Options

+Zone Options

 
journal

 

@@ -5056,7 +5057,7 @@ view "external" {
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -5069,7 +5070,7 @@ view "external" {
           

 

 

-Resource Records

+Resource Records

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -5658,7 +5659,7 @@ view "external" {
 
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -5865,7 +5866,7 @@ view "external" {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -6122,7 +6123,7 @@ view "external" {
 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -6183,7 +6184,7 @@ view "external" {
 
 

 

-Other Zone File Directives

+Other Zone File Directives

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -6198,7 +6199,7 @@ view "external" {
           

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
 	      domain-name
@@ -6226,7 +6227,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -6262,7 +6263,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -6281,7 +6282,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
 	    range
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 0636b8a3e5..2ef0441cb4 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -45,11 +46,11 @@
 
Table of Contents

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -113,7 +114,7 @@ zone "example.com" {
 

 

-chroot and setuid (for
+chroot and setuid (for
           UNIX servers)

 

           On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -137,7 +138,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot() environment
             to
@@ -165,7 +166,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 2045cec84e..f6265b970e 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -44,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -67,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers-they aren't date
           related.  A lot of people set them to a number that represents a
@@ -94,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Software Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index a2798f10ec..4f41ac4304 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -42,24 +43,24 @@
 

 
Table of Contents

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

-A Brief History of the DNS and BIND

+A Brief History of the DNS and BIND

             Although the "official" beginning of the Domain Name
             System occurred in 1984 with the publication of RFC 920, the
@@ -468,7 +469,7 @@
           

 

-Bibliography

+Bibliography

 
Standards

 
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

@@ -591,11 +592,11 @@
 

 

-Other Documents About BIND

+Other Documents About BIND

 

-Bibliography

+Bibliography
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 952bca1113..39d2fe3089 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
@@ -39,7 +40,7 @@
 

 

 

-BIND 9 Administrator Reference Manual

+BIND 9 Administrator Reference Manual

 
Copyright © 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

 
Copyright © 2000-2003 Internet Software Consortium

 

@@ -50,39 +51,39 @@
 

 
1. Introduction

 

-
Scope of Document

-
Organization of This Document

-
Conventions Used in This Document

-
The Domain Name System (DNS)

+
Scope of Document

+
Organization of This Document

+
Conventions Used in This Document

+
The Domain Name System (DNS)

 

-
DNS Fundamentals

-
Domains and Domain Names

-
Zones

-
Authoritative Name Servers

-
Caching Name Servers

-
Name Servers in Multiple Roles

+
DNS Fundamentals

+
Domains and Domain Names

+
Zones

+
Authoritative Name Servers

+
Caching Name Servers

+
Name Servers in Multiple Roles

 

 

 
2. BIND Resource Requirements

 

-
Hardware requirements

-
CPU Requirements

-
Memory Requirements

-
Name Server Intensive Environment Issues

-
Supported Operating Systems

+
Hardware requirements

+
CPU Requirements

+
Memory Requirements

+
Name Server Intensive Environment Issues

+
Supported Operating Systems

 

 
3. Name Server Configuration

 

 
Sample Configurations

 

-
A Caching-only Name Server

-
An Authoritative-only Name Server

+
A Caching-only Name Server

+
An Authoritative-only Name Server

 

-
Load Balancing

-
Name Server Operations

+
Load Balancing

+
Name Server Operations

 

-
Tools for Use With the Name Server Daemon

-
Signals

+
Tools for Use With the Name Server Daemon

+
Signals

 

 

 
4. Advanced DNS Features

@@ -91,33 +92,33 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

+
Split DNS

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
5. The BIND 9 Lightweight Resolver

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 
6. BIND 9 Configuration Reference

@@ -125,83 +126,83 @@
 
Configuration File Elements

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 
Configuration File Grammar

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
7. BIND 9 Security Considerations

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 
8. Troubleshooting

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 
A. Appendices

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

diff --git a/lib/lwres/man/lwres.3 b/lib/lwres/man/lwres.3
index ced90dd644..b3897c8fae 100644
--- a/lib/lwres/man/lwres.3
+++ b/lib/lwres/man/lwres.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres.3,v 1.22 2005/05/12 23:54:32 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres.html b/lib/lwres/man/lwres.html
index dad12e05c1..c052a97602 100644
--- a/lib/lwres/man/lwres.html
+++ b/lib/lwres/man/lwres.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
@@ -21,7 +22,7 @@
 

-

+

 

 
Name

 
lwres — introduction to the lightweight resolver library

@@ -31,7 +32,7 @@
 
#include <lwres/lwres.h>

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       The BIND 9 lightweight resolver library is a simple, name service
       independent stub resolver library.  It provides hostname-to-address
@@ -46,7 +47,7 @@
     

 

 

-
OVERVIEW

+
OVERVIEW

 

       The lwresd library implements multiple name service APIs.
       The standard
@@ -100,7 +101,7 @@
     

 

 

-
CLIENT-SIDE LOW-LEVEL API CALL FLOW

+
CLIENT-SIDE LOW-LEVEL API CALL FLOW

 

       When a client program wishes to make an lwres request using the
       native low-level API, it typically performs the following
@@ -148,7 +149,7 @@
     

 

 

-
SERVER-SIDE LOW-LEVEL API CALL FLOW

+
SERVER-SIDE LOW-LEVEL API CALL FLOW

 

       When implementing the server side of the lightweight resolver
       protocol using the lwres library, a sequence of actions like the
@@ -190,7 +191,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_gethostent(3),
 
       lwres_getipnode(3),
diff --git a/lib/lwres/man/lwres_buffer.3 b/lib/lwres/man/lwres_buffer.3
index 57918762cf..e0219e23a2 100644
--- a/lib/lwres/man/lwres_buffer.3
+++ b/lib/lwres/man/lwres_buffer.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_buffer.3,v 1.20 2005/05/12 23:54:33 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_buffer.html b/lib/lwres/man/lwres_buffer.html
index e63e9c9853..67d4418fc8 100644
--- a/lib/lwres/man/lwres_buffer.html
+++ b/lib/lwres/man/lwres_buffer.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management

@@ -261,7 +262,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions provide bounds checked access to a region of memory
       where data is being read or written.
diff --git a/lib/lwres/man/lwres_config.3 b/lib/lwres/man/lwres_config.3
index 62c676d06d..826e9b9225 100644
--- a/lib/lwres/man/lwres_config.3
+++ b/lib/lwres/man/lwres_config.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_config.3,v 1.20 2005/05/12 23:54:33 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_config.html b/lib/lwres/man/lwres_config.html
index b7450b333b..1491308c13 100644
--- a/lib/lwres/man/lwres_config.html
+++ b/lib/lwres/man/lwres_config.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration

@@ -89,7 +90,7 @@ lwres_conf_t *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_conf_init()
       creates an empty
       lwres_conf_t
@@ -122,7 +123,7 @@ lwres_conf_t *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_conf_parse()
       returns LWRES_R_SUCCESS
       if it successfully read and parsed
@@ -141,13 +142,13 @@ lwres_conf_t *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
stdio(3),
       resolver(5).
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

diff --git a/lib/lwres/man/lwres_context.3 b/lib/lwres/man/lwres_context.3
index f6a54f45db..f8bd11b911 100644
--- a/lib/lwres/man/lwres_context.3
+++ b/lib/lwres/man/lwres_context.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_context.3,v 1.22 2005/05/12 23:54:34 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_context.html b/lib/lwres/man/lwres_context.html
index 40441d8280..42584340ca 100644
--- a/lib/lwres/man/lwres_context.html
+++ b/lib/lwres/man/lwres_context.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management

@@ -171,7 +172,7 @@ void *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_context_create()
       creates a lwres_context_t structure for use in
       lightweight resolver operations.  It holds a socket and other
@@ -257,7 +258,7 @@ void *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_context_create()
       returns LWRES_R_NOMEMORY if memory for
       the struct lwres_context could not be allocated,
@@ -282,7 +283,7 @@ void *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_conf_init(3),
 
       malloc(3),
diff --git a/lib/lwres/man/lwres_gabn.3 b/lib/lwres/man/lwres_gabn.3
index f184ea8b3f..40fa3023d7 100644
--- a/lib/lwres/man/lwres_gabn.3
+++ b/lib/lwres/man/lwres_gabn.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_gabn.3,v 1.21 2005/05/12 23:54:34 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_gabn.html b/lib/lwres/man/lwres_gabn.html
index ebbee1c5b1..964549e718 100644
--- a/lib/lwres/man/lwres_gabn.html
+++ b/lib/lwres/man/lwres_gabn.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling

@@ -177,7 +178,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These are low-level routines for creating and parsing
       lightweight resolver name-to-address lookup request and
@@ -277,7 +278,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The getaddrbyname opcode functions
       lwres_gabnrequest_render(),
@@ -315,7 +316,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_packet(3)
     

 

diff --git a/lib/lwres/man/lwres_gai_strerror.3 b/lib/lwres/man/lwres_gai_strerror.3
index b6f067c684..39843e5745 100644
--- a/lib/lwres/man/lwres_gai_strerror.3
+++ b/lib/lwres/man/lwres_gai_strerror.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_gai_strerror.3,v 1.21 2005/05/12 23:54:35 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_gai_strerror.html b/lib/lwres/man/lwres_gai_strerror.html
index 69a749c38c..b80ca0c800 100644
--- a/lib/lwres/man/lwres_gai_strerror.html
+++ b/lib/lwres/man/lwres_gai_strerror.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gai_strerror — print suitable error string

@@ -36,7 +37,7 @@ char *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_gai_strerror()
       returns an error message corresponding to an error code returned by
       getaddrinfo().
@@ -104,7 +105,7 @@ char *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
strerror(3),
 
       lwres_getaddrinfo(3),
diff --git a/lib/lwres/man/lwres_getaddrinfo.3 b/lib/lwres/man/lwres_getaddrinfo.3
index 8d011532e6..75c50e88e3 100644
--- a/lib/lwres/man/lwres_getaddrinfo.3
+++ b/lib/lwres/man/lwres_getaddrinfo.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_getaddrinfo.3,v 1.25 2005/05/12 23:54:35 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_getaddrinfo.html b/lib/lwres/man/lwres_getaddrinfo.html
index a9517a51cb..1ef9c984b9 100644
--- a/lib/lwres/man/lwres_getaddrinfo.html
+++ b/lib/lwres/man/lwres_getaddrinfo.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name

@@ -88,7 +89,7 @@ struct  addrinfo {
     

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_getaddrinfo()
       is used to get a list of IP addresses and port numbers for host
       hostname and service
@@ -282,7 +283,7 @@ struct  addrinfo {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_getaddrinfo()
       returns zero on success or one of the error codes listed in
       gai_strerror(3)
@@ -293,7 +294,7 @@ struct  addrinfo {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres(3),
 
       lwres_getaddrinfo(3),
diff --git a/lib/lwres/man/lwres_gethostent.3 b/lib/lwres/man/lwres_gethostent.3
index 71d84e6862..b7d939ac4c 100644
--- a/lib/lwres/man/lwres_gethostent.3
+++ b/lib/lwres/man/lwres_gethostent.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_gethostent.3,v 1.23 2005/05/12 23:54:36 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_gethostent.html b/lib/lwres/man/lwres_gethostent.html
index 03ea59efbe..76b9c7141b 100644
--- a/lib/lwres/man/lwres_gethostent.html
+++ b/lib/lwres/man/lwres_gethostent.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry

@@ -202,7 +203,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions provide hostname-to-address and
       address-to-hostname lookups by means of the lightweight resolver.
@@ -340,7 +341,7 @@ struct  hostent {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The functions
       lwres_gethostbyname(),
@@ -404,7 +405,7 @@ struct  hostent {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
gethostent(3),
 
       lwres_getipnode(3),
@@ -413,7 +414,7 @@ struct  hostent {
     

 

 

-
BUGS

+
BUGS

 
lwres_gethostbyname(),
       lwres_gethostbyname2(),
       lwres_gethostbyaddr()
diff --git a/lib/lwres/man/lwres_getipnode.3 b/lib/lwres/man/lwres_getipnode.3
index e038130252..03d8ddc446 100644
--- a/lib/lwres/man/lwres_getipnode.3
+++ b/lib/lwres/man/lwres_getipnode.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_getipnode.3,v 1.22 2005/05/12 23:54:36 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_getipnode.html b/lib/lwres/man/lwres_getipnode.html
index e024cf9840..25b67de0ed 100644
--- a/lib/lwres/man/lwres_getipnode.html
+++ b/lib/lwres/man/lwres_getipnode.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API

@@ -97,7 +98,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions perform thread safe, protocol independent
       nodename-to-address and address-to-nodename
@@ -216,7 +217,7 @@ struct  hostent {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       If an error occurs,
       lwres_getipnodebyname()
@@ -260,7 +261,7 @@ struct  hostent {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2553,
 
       lwres(3),
diff --git a/lib/lwres/man/lwres_getnameinfo.3 b/lib/lwres/man/lwres_getnameinfo.3
index b0a63b5b52..43bea01a15 100644
--- a/lib/lwres/man/lwres_getnameinfo.3
+++ b/lib/lwres/man/lwres_getnameinfo.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_getnameinfo.3,v 1.23 2005/05/12 23:54:36 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_getnameinfo.html b/lib/lwres/man/lwres_getnameinfo.html
index 1f9242e690..04ddb1b518 100644
--- a/lib/lwres/man/lwres_getnameinfo.html
+++ b/lib/lwres/man/lwres_getnameinfo.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getnameinfo — lightweight resolver socket address structure to hostname and
@@ -81,7 +82,7 @@ int
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

        This function is equivalent to the
       getnameinfo(3) function defined in RFC2133.
@@ -148,13 +149,13 @@ int
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_getnameinfo()
       returns 0 on success or a non-zero error code if an error occurs.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2133,
       getservbyport(3),
       lwres(3),
@@ -164,7 +165,7 @@ int
     

 

 

-
BUGS

+
BUGS

 

       RFC2133 fails to define what the nonzero return values of
       getnameinfo(3)
diff --git a/lib/lwres/man/lwres_getrrsetbyname.3 b/lib/lwres/man/lwres_getrrsetbyname.3
index 8c520b3b8c..1e166abafe 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.3
+++ b/lib/lwres/man/lwres_getrrsetbyname.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_getrrsetbyname.3,v 1.19 2005/05/12 23:54:37 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_getrrsetbyname.html b/lib/lwres/man/lwres_getrrsetbyname.html
index f8f12fd1b3..373bd4c9e9 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.html
+++ b/lib/lwres/man/lwres_getrrsetbyname.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records

@@ -101,7 +102,7 @@ struct  rrsetinfo {
     

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_getrrsetbyname()
       gets a set of resource records associated with a
       hostname, class,
@@ -149,7 +150,7 @@ struct  rrsetinfo {
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_getrrsetbyname()
       returns zero on success, and one of the following error codes if
       an error occurred:
@@ -183,7 +184,7 @@ struct  rrsetinfo {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres(3).
     

 

diff --git a/lib/lwres/man/lwres_gnba.3 b/lib/lwres/man/lwres_gnba.3
index 59f550b6cf..e8d01fccb8 100644
--- a/lib/lwres/man/lwres_gnba.3
+++ b/lib/lwres/man/lwres_gnba.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_gnba.3,v 1.21 2005/05/12 23:54:37 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_gnba.html b/lib/lwres/man/lwres_gnba.html
index f15c0353c4..fe61057bba 100644
--- a/lib/lwres/man/lwres_gnba.html
+++ b/lib/lwres/man/lwres_gnba.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling

@@ -182,7 +183,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These are low-level routines for creating and parsing
       lightweight resolver address-to-name lookup request and
@@ -269,7 +270,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The getnamebyaddr opcode functions
       lwres_gnbarequest_render(),
@@ -307,7 +308,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_packet(3).
     

 

diff --git a/lib/lwres/man/lwres_hstrerror.3 b/lib/lwres/man/lwres_hstrerror.3
index ccaeeceefd..ab6f219d40 100644
--- a/lib/lwres/man/lwres_hstrerror.3
+++ b/lib/lwres/man/lwres_hstrerror.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_hstrerror.3,v 1.21 2005/05/12 23:54:38 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_hstrerror.html b/lib/lwres/man/lwres_hstrerror.html
index 3dced1a4e0..cad675603b 100644
--- a/lib/lwres/man/lwres_hstrerror.html
+++ b/lib/lwres/man/lwres_hstrerror.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_herror, lwres_hstrerror — lightweight resolver error message generation

@@ -39,7 +40,7 @@ const char *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_herror()
       prints the string s on
       stderr followed by the string generated by
@@ -73,7 +74,7 @@ const char *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The string Unknown resolver error is returned by
       lwres_hstrerror()
@@ -83,7 +84,7 @@ const char *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
herror(3),
 
       lwres_hstrerror(3).
diff --git a/lib/lwres/man/lwres_inetntop.3 b/lib/lwres/man/lwres_inetntop.3
index 8e273a8227..d38eaf449c 100644
--- a/lib/lwres/man/lwres_inetntop.3
+++ b/lib/lwres/man/lwres_inetntop.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_inetntop.3,v 1.20 2005/05/12 23:54:38 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_inetntop.html b/lib/lwres/man/lwres_inetntop.html
index 3f3bc9dbad..ae7c8a4e98 100644
--- a/lib/lwres/man/lwres_inetntop.html
+++ b/lib/lwres/man/lwres_inetntop.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_net_ntop — lightweight resolver IP address presentation

@@ -61,7 +62,7 @@ const char *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_net_ntop()
       converts an IP address of protocol family
       af — IPv4 or IPv6 — at
@@ -79,7 +80,7 @@ const char *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       If successful, the function returns dst:
       a pointer to a string containing the presentation format of the
@@ -92,7 +93,7 @@ const char *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC1884,
       inet_ntop(3),
       errno(3).
diff --git a/lib/lwres/man/lwres_noop.3 b/lib/lwres/man/lwres_noop.3
index 145c004079..5b4b164253 100644
--- a/lib/lwres/man/lwres_noop.3
+++ b/lib/lwres/man/lwres_noop.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_noop.3,v 1.22 2005/05/12 23:54:39 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_noop.html b/lib/lwres/man/lwres_noop.html
index 10e289c3ca..aa2eb2a120 100644
--- a/lib/lwres/man/lwres_noop.html
+++ b/lib/lwres/man/lwres_noop.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling

@@ -178,7 +179,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These are low-level routines for creating and parsing
       lightweight resolver no-op request and response messages.
@@ -269,7 +270,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The no-op opcode functions
       lwres_nooprequest_render(),
@@ -308,7 +309,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_packet(3)
     

 

diff --git a/lib/lwres/man/lwres_packet.3 b/lib/lwres/man/lwres_packet.3
index 6983df2f6f..7f2674c2e1 100644
--- a/lib/lwres/man/lwres_packet.3
+++ b/lib/lwres/man/lwres_packet.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_packet.3,v 1.23 2005/05/12 23:54:39 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_packet.html b/lib/lwres/man/lwres_packet.html
index fb35c1ec00..201a438015 100644
--- a/lib/lwres/man/lwres_packet.html
+++ b/lib/lwres/man/lwres_packet.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions

@@ -65,7 +66,7 @@ lwres_result_t
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions rely on a
       struct lwres_lwpacket
@@ -218,7 +219,7 @@ struct lwres_lwpacket {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       Successful calls to
       lwres_lwpacket_renderheader() and
diff --git a/lib/lwres/man/lwres_resutil.3 b/lib/lwres/man/lwres_resutil.3
index e32cde5d97..93c22945c0 100644
--- a/lib/lwres/man/lwres_resutil.3
+++ b/lib/lwres/man/lwres_resutil.3
@@ -12,7 +12,9 @@
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
-.\" 
+.\"
+.\" $Id: lwres_resutil.3,v 1.22 2005/05/12 23:54:40 sra Exp $
+.\"
 .hy 0
 .ad l
 .\"Generated by db2man.xsl. Don't modify this, modify the source.
diff --git a/lib/lwres/man/lwres_resutil.html b/lib/lwres/man/lwres_resutil.html
index d6005340b0..e8efe3c7fc 100644
--- a/lib/lwres/man/lwres_resutil.html
+++ b/lib/lwres/man/lwres_resutil.html
@@ -14,6 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
+
 
 
 
@@ -21,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions

@@ -133,7 +134,7 @@ lwres_result_t
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_string_parse()
       retrieves a DNS-encoded string starting the current pointer of
       lightweight resolver buffer b: i.e.
@@ -209,7 +210,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       Successful calls to
       lwres_string_parse()
@@ -247,7 +248,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_buffer(3),
 
       lwres_gabn(3).

From f6161d8b90541b52946ae845bc8e2bec2647d6cb Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 01:03:21 +0000
Subject: [PATCH 002/148] copyright notice is now generated from the source

---
 util/update_copyrights | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/util/update_copyrights b/util/update_copyrights
index f2e03d944e..a5c6cfe757 100644
--- a/util/update_copyrights
+++ b/util/update_copyrights
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_copyrights,v 1.37 2005/05/12 08:08:44 marka Exp $
+# $Id: update_copyrights,v 1.38 2005/05/13 01:03:21 marka Exp $
 
 require 5.002;
 
@@ -111,6 +111,10 @@ foreach $file (keys %file_types) {
 		}
 	}
 
+	# copyright notice is now generated from the source.
+	if ($years_list eq "DOCBOOK")
+		next;
+
 	if ($years_list eq "DOCBOOK") {
 		docbook($file);
 		if (!defined $years_list) {

From 5bae12051f80947fb9a5a6a3a54762e8bd08d95b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 01:06:30 +0000
Subject: [PATCH 003/148] perl not C

---
 util/update_copyrights | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/util/update_copyrights b/util/update_copyrights
index a5c6cfe757..88f41f564f 100644
--- a/util/update_copyrights
+++ b/util/update_copyrights
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_copyrights,v 1.38 2005/05/13 01:03:21 marka Exp $
+# $Id: update_copyrights,v 1.39 2005/05/13 01:06:30 marka Exp $
 
 require 5.002;
 
@@ -112,8 +112,7 @@ foreach $file (keys %file_types) {
 	}
 
 	# copyright notice is now generated from the source.
-	if ($years_list eq "DOCBOOK")
-		next;
+	next if ($years_list eq "DOCBOOK");
 
 	if ($years_list eq "DOCBOOK") {
 		docbook($file);

From f5d30e2864e048a42c4dc1134993ae7efdb5d6c3 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 01:35:48 +0000
Subject: [PATCH 004/148] update copyright notice

---
 bin/check/named-checkconf.docbook          | 5 +++--
 bin/check/named-checkzone.docbook          | 5 +++--
 bin/dig/dig.docbook                        | 8 +++++---
 bin/dig/host.docbook                       | 8 +++++---
 bin/dig/nslookup.docbook                   | 6 ++++--
 bin/dnssec/dnssec-keygen.docbook           | 5 +++--
 bin/dnssec/dnssec-signzone.docbook         | 5 +++--
 bin/named/include/named/ns_smf_globals.h   | 4 ++--
 bin/named/lwresd.docbook                   | 8 +++++---
 bin/named/named.conf.docbook               | 3 ++-
 bin/named/named.docbook                    | 8 +++++---
 bin/nsupdate/nsupdate.docbook              | 5 +++--
 bin/rndc/rndc-confgen.docbook              | 8 +++++---
 bin/rndc/rndc.conf.docbook                 | 5 +++--
 bin/rndc/rndc.docbook                      | 5 +++--
 doc/arm/Bv9ARM-book.xml                    | 4 ++--
 doc/arm/Makefile.in                        | 4 ++--
 doc/xsl/copyright.xsl                      | 6 +++---
 doc/xsl/isc-docbook-chunk.xsl.in           | 6 +++---
 doc/xsl/isc-docbook-html.xsl.in            | 6 +++---
 doc/xsl/isc-docbook-latex.xsl.in           | 6 +++---
 doc/xsl/isc-manpage.xsl.in                 | 6 +++---
 doc/xsl/pre-latex.xsl                      | 6 +++---
 lib/lwres/man/lwres.docbook                | 5 +++--
 lib/lwres/man/lwres_buffer.docbook         | 5 +++--
 lib/lwres/man/lwres_config.docbook         | 5 +++--
 lib/lwres/man/lwres_context.docbook        | 5 +++--
 lib/lwres/man/lwres_gabn.docbook           | 5 +++--
 lib/lwres/man/lwres_gai_strerror.docbook   | 5 +++--
 lib/lwres/man/lwres_getaddrinfo.docbook    | 5 +++--
 lib/lwres/man/lwres_gethostent.docbook     | 5 +++--
 lib/lwres/man/lwres_getipnode.docbook      | 5 +++--
 lib/lwres/man/lwres_getnameinfo.docbook    | 5 +++--
 lib/lwres/man/lwres_getrrsetbyname.docbook | 5 +++--
 lib/lwres/man/lwres_gnba.docbook           | 5 +++--
 lib/lwres/man/lwres_hstrerror.docbook      | 5 +++--
 lib/lwres/man/lwres_inetntop.docbook       | 5 +++--
 lib/lwres/man/lwres_noop.docbook           | 5 +++--
 lib/lwres/man/lwres_packet.docbook         | 5 +++--
 lib/lwres/man/lwres_resutil.docbook        | 5 +++--
 40 files changed, 127 insertions(+), 90 deletions(-)

diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook
index bbb4556ae7..4029d0c4ff 100644
--- a/bin/check/named-checkconf.docbook
+++ b/bin/check/named-checkconf.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     June 14, 2000
@@ -39,7 +40,7 @@
       2000
       2001
       2002
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index 46b3a62258..8c4340f2d8 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     June 13, 2000
@@ -39,7 +40,7 @@
       2000
       2001
       2002
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 7247cf6c42..6b727b9895 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       []>
 
-
+
+
 
 
   
@@ -38,6 +39,7 @@
   
     
       2004
+      2005
       Internet Systems Consortium, Inc. ("ISC")
     
     
@@ -45,7 +47,7 @@
       2001
       2002
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 70b358b0a4..7bb3847f57 100644
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       []>
 
-
+
+
 
 
   
@@ -38,13 +39,14 @@
   
     
       2004
+      2005
       Internet Systems Consortium, Inc. ("ISC")
     
     
       2000
       2001
       2002
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index f6aa7ab52c..b843b4e4ca 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       []>
 
-
+
+
 
-
+
+
 
   
     June 30, 2000
@@ -45,7 +46,7 @@
       2001
       2002
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
index 2a179d9c9c..e9965aac3c 100644
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     June 30, 2000
@@ -45,7 +46,7 @@
       2001
       2002
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/named/include/named/ns_smf_globals.h b/bin/named/include/named/ns_smf_globals.h
index 23fdb99b4b..f79549e9ca 100644
--- a/bin/named/include/named/ns_smf_globals.h
+++ b/bin/named/include/named/ns_smf_globals.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ns_smf_globals.h,v 1.4 2005/04/29 00:36:16 marka Exp $ */
+/* $Id: ns_smf_globals.h,v 1.5 2005/05/13 01:35:41 marka Exp $ */
 
 #ifndef NS_SMF_GLOBALS_H
 #define NS_SMF_GLOBALS_H 1
diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook
index 34e5c686e9..bdd03defd8 100644
--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       []>
 
-
+
+
 
   
     June 30, 2000
@@ -37,12 +38,13 @@
   
     
       2004
+      2005
       Internet Systems Consortium, Inc. ("ISC")
     
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 0e6bde9a22..5cad2dc242 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -16,7 +16,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     Aug 13, 2004
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index fda1aba25e..e261d89bff 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       []>
 
-
+
+
 
   
     June 30, 2000
@@ -37,13 +38,14 @@
   
     
       2004
+      2005
       Internet Systems Consortium, Inc. ("ISC")
     
     
       2000
       2001
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
index 4c4054e1d1..2c6e92cdf5 100644
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     Jun 30, 2000
@@ -43,7 +44,7 @@
       2001
       2002
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook
index 0509a5e95b..018889b81a 100644
--- a/bin/rndc/rndc-confgen.docbook
+++ b/bin/rndc/rndc-confgen.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       []>
 
-
+
+
 
   
     Aug 27, 2001
@@ -37,12 +38,13 @@
   
     
       2004
+      2005
       Internet Systems Consortium, Inc. ("ISC")
     
     
       2001
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook
index 08cb812eb6..b6521a6373 100644
--- a/bin/rndc/rndc.conf.docbook
+++ b/bin/rndc/rndc.conf.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     June 30, 2000
@@ -43,7 +44,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index 6de50ecb33..34e317ca0d 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     June 30, 2000
@@ -43,7 +44,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 54e650d1f7..e15656adae 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -33,7 +33,7 @@
       2001
       2002
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/doc/arm/Makefile.in b/doc/arm/Makefile.in
index 27f7c35e69..cd8ae236c2 100644
--- a/doc/arm/Makefile.in
+++ b/doc/arm/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2001, 2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.13 2005/05/11 05:55:34 sra Exp $
+# $Id: Makefile.in,v 1.14 2005/05/13 01:35:43 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/doc/xsl/copyright.xsl b/doc/xsl/copyright.xsl
index ddf9ad6bc2..f5dc30a364 100644
--- a/doc/xsl/copyright.xsl
+++ b/doc/xsl/copyright.xsl
@@ -1,10 +1,10 @@
 
 
-
+
 
 
 
diff --git a/doc/xsl/isc-docbook-chunk.xsl.in b/doc/xsl/isc-docbook-chunk.xsl.in
index 10e0a690bc..ee246360a0 100644
--- a/doc/xsl/isc-docbook-chunk.xsl.in
+++ b/doc/xsl/isc-docbook-chunk.xsl.in
@@ -1,10 +1,10 @@
 
 
-
+
 
  
 
diff --git a/doc/xsl/isc-docbook-html.xsl.in b/doc/xsl/isc-docbook-html.xsl.in
index 0bd9de424a..cc7358e864 100644
--- a/doc/xsl/isc-docbook-html.xsl.in
+++ b/doc/xsl/isc-docbook-html.xsl.in
@@ -1,10 +1,10 @@
 
 
-
+
 
  
 
diff --git a/doc/xsl/isc-docbook-latex.xsl.in b/doc/xsl/isc-docbook-latex.xsl.in
index 02e6ed1e4d..262c032304 100644
--- a/doc/xsl/isc-docbook-latex.xsl.in
+++ b/doc/xsl/isc-docbook-latex.xsl.in
@@ -1,10 +1,10 @@
 
 
-
+
 
 
 
diff --git a/doc/xsl/isc-manpage.xsl.in b/doc/xsl/isc-manpage.xsl.in
index 9493739c30..15548d7da1 100644
--- a/doc/xsl/isc-manpage.xsl.in
+++ b/doc/xsl/isc-manpage.xsl.in
@@ -1,10 +1,10 @@
 
 
-
+
 
 
 
diff --git a/doc/xsl/pre-latex.xsl b/doc/xsl/pre-latex.xsl
index 3e1c814c6c..364afb529f 100644
--- a/doc/xsl/pre-latex.xsl
+++ b/doc/xsl/pre-latex.xsl
@@ -1,10 +1,10 @@
 
 
-
+
 
 
-
+
+
 
 
   
@@ -43,7 +44,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_buffer.docbook b/lib/lwres/man/lwres_buffer.docbook
index 791ca49d69..8274569cf0 100644
--- a/lib/lwres/man/lwres_buffer.docbook
+++ b/lib/lwres/man/lwres_buffer.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
     Jun 30, 2000
@@ -38,7 +39,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_config.docbook b/lib/lwres/man/lwres_config.docbook
index a983bed566..f0e25442a5 100644
--- a/lib/lwres/man/lwres_config.docbook
+++ b/lib/lwres/man/lwres_config.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
   
 
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_context.docbook b/lib/lwres/man/lwres_context.docbook
index cecd036eb4..1ff3db3f64 100644
--- a/lib/lwres/man/lwres_context.docbook
+++ b/lib/lwres/man/lwres_context.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -40,7 +41,7 @@
       2000
       2001
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_gabn.docbook b/lib/lwres/man/lwres_gabn.docbook
index 3c94d0ad6c..148f2bd392 100644
--- a/lib/lwres/man/lwres_gabn.docbook
+++ b/lib/lwres/man/lwres_gabn.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_gai_strerror.docbook b/lib/lwres/man/lwres_gai_strerror.docbook
index c75a484a7b..d56ac8c725 100644
--- a/lib/lwres/man/lwres_gai_strerror.docbook
+++ b/lib/lwres/man/lwres_gai_strerror.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_getaddrinfo.docbook b/lib/lwres/man/lwres_getaddrinfo.docbook
index 6034a662c6..1193cee276 100644
--- a/lib/lwres/man/lwres_getaddrinfo.docbook
+++ b/lib/lwres/man/lwres_getaddrinfo.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -40,7 +41,7 @@
       2000
       2001
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_gethostent.docbook b/lib/lwres/man/lwres_gethostent.docbook
index 109e55cd43..62ff9aa961 100644
--- a/lib/lwres/man/lwres_gethostent.docbook
+++ b/lib/lwres/man/lwres_gethostent.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -38,7 +39,7 @@
     
     
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_getipnode.docbook b/lib/lwres/man/lwres_getipnode.docbook
index 8edfe752dc..57dd309727 100644
--- a/lib/lwres/man/lwres_getipnode.docbook
+++ b/lib/lwres/man/lwres_getipnode.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -40,7 +41,7 @@
       2000
       2001
       2003
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_getnameinfo.docbook b/lib/lwres/man/lwres_getnameinfo.docbook
index 98f0c42ad7..4eb8cc95ba 100644
--- a/lib/lwres/man/lwres_getnameinfo.docbook
+++ b/lib/lwres/man/lwres_getnameinfo.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_getrrsetbyname.docbook b/lib/lwres/man/lwres_getrrsetbyname.docbook
index 32caa0b38f..0cd018c129 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.docbook
+++ b/lib/lwres/man/lwres_getrrsetbyname.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_gnba.docbook b/lib/lwres/man/lwres_gnba.docbook
index 24602a2992..d3e18dc071 100644
--- a/lib/lwres/man/lwres_gnba.docbook
+++ b/lib/lwres/man/lwres_gnba.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_hstrerror.docbook b/lib/lwres/man/lwres_hstrerror.docbook
index c3b4f3a6ac..427069478b 100644
--- a/lib/lwres/man/lwres_hstrerror.docbook
+++ b/lib/lwres/man/lwres_hstrerror.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_inetntop.docbook b/lib/lwres/man/lwres_inetntop.docbook
index 3611d6a905..66b0aaba5c 100644
--- a/lib/lwres/man/lwres_inetntop.docbook
+++ b/lib/lwres/man/lwres_inetntop.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_noop.docbook b/lib/lwres/man/lwres_noop.docbook
index cff910b98a..5dca20d247 100644
--- a/lib/lwres/man/lwres_noop.docbook
+++ b/lib/lwres/man/lwres_noop.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_packet.docbook b/lib/lwres/man/lwres_packet.docbook
index 1a44f038c5..fba4e83684 100644
--- a/lib/lwres/man/lwres_packet.docbook
+++ b/lib/lwres/man/lwres_packet.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 
diff --git a/lib/lwres/man/lwres_resutil.docbook b/lib/lwres/man/lwres_resutil.docbook
index 8bfc1144b0..ca55c93436 100644
--- a/lib/lwres/man/lwres_resutil.docbook
+++ b/lib/lwres/man/lwres_resutil.docbook
@@ -17,7 +17,8 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
+
 
 
   
@@ -39,7 +40,7 @@
     
       2000
       2001
-      Internet Software Consortium
+      Internet Software Consortium.
     
   
 

From a9558a6c63d9c6dbb2f3800b39ccb008652fcde3 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 01:47:36 +0000
Subject: [PATCH 005/148] track the modification years even if we are not going
 to be updating the copyrights

---
 util/merge_copyrights | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/util/merge_copyrights b/util/merge_copyrights
index 24f285e20a..d64d88bf00 100644
--- a/util/merge_copyrights
+++ b/util/merge_copyrights
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: merge_copyrights,v 1.22 2005/05/12 02:18:57 marka Exp $
+# $Id: merge_copyrights,v 1.23 2005/05/13 01:47:36 marka Exp $
 
 %file_types = ();
 %file_years = ();
@@ -107,7 +107,9 @@ while () {
             next;
         }
 
-	next if $file_types{$_} eq "X";
+	# track the modification years even if we are not going to be
+	# updating the copyrights.
+	# next if $file_types{$_} eq "X";
 	next if ($file_years{$_} =~ /^PARENT:/);
 	next if ($file_years{$_} eq "DOCBOOK");
 

From 75c0816e8295e180f4bc7f10db3d0d880383bc1c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 03:14:16 +0000
Subject: [PATCH 006/148] regen

---
 bin/check/named-checkconf.8             |   4 +-
 bin/check/named-checkconf.html          |  16 +--
 bin/check/named-checkzone.8             |   4 +-
 bin/check/named-checkzone.html          |  16 +--
 bin/dig/dig.1                           |   6 +-
 bin/dig/dig.html                        |  24 ++--
 bin/dig/host.1                          |   6 +-
 bin/dig/host.html                       |  14 +--
 bin/dig/nslookup.1                      |   4 +-
 bin/dig/nslookup.html                   |  18 +--
 bin/dnssec/dnssec-keygen.8              |   4 +-
 bin/dnssec/dnssec-keygen.html           |  18 +--
 bin/dnssec/dnssec-signzone.8            |   4 +-
 bin/dnssec/dnssec-signzone.html         |  16 +--
 bin/named/lwresd.8                      |   6 +-
 bin/named/lwresd.html                   |  18 +--
 bin/named/named.8                       |   6 +-
 bin/named/named.conf.html               |  32 ++---
 bin/named/named.html                    |  22 ++--
 bin/nsupdate/nsupdate.8                 |   4 +-
 bin/nsupdate/nsupdate.html              |  18 +--
 bin/rndc/rndc-confgen.8                 |   6 +-
 bin/rndc/rndc-confgen.html              |  18 +--
 bin/rndc/rndc.8                         |   4 +-
 bin/rndc/rndc.conf.5                    |   4 +-
 bin/rndc/rndc.conf.html                 |  16 +--
 bin/rndc/rndc.html                      |  16 +--
 doc/arm/Bv9ARM.ch01.html                |  52 ++++-----
 doc/arm/Bv9ARM.ch02.html                |  24 ++--
 doc/arm/Bv9ARM.ch03.html                |  28 ++---
 doc/arm/Bv9ARM.ch04.html                |  68 +++++------
 doc/arm/Bv9ARM.ch05.html                |   8 +-
 doc/arm/Bv9ARM.ch06.html                | 138 +++++++++++-----------
 doc/arm/Bv9ARM.ch07.html                |  16 +--
 doc/arm/Bv9ARM.ch08.html                |  20 ++--
 doc/arm/Bv9ARM.ch09.html                |  20 ++--
 doc/arm/Bv9ARM.html                     | 148 ++++++++++++------------
 doc/misc/options                        |   1 +
 lib/lwres/man/lwres.3                   |   4 +-
 lib/lwres/man/lwres.html                |  16 +--
 lib/lwres/man/lwres_buffer.3            |   4 +-
 lib/lwres/man/lwres_buffer.html         |   8 +-
 lib/lwres/man/lwres_config.3            |   4 +-
 lib/lwres/man/lwres_config.html         |  14 +--
 lib/lwres/man/lwres_context.3           |   4 +-
 lib/lwres/man/lwres_context.html        |  12 +-
 lib/lwres/man/lwres_gabn.3              |   4 +-
 lib/lwres/man/lwres_gabn.html           |  12 +-
 lib/lwres/man/lwres_gai_strerror.3      |   4 +-
 lib/lwres/man/lwres_gai_strerror.html   |  10 +-
 lib/lwres/man/lwres_getaddrinfo.3       |   4 +-
 lib/lwres/man/lwres_getaddrinfo.html    |  12 +-
 lib/lwres/man/lwres_gethostent.3        |   4 +-
 lib/lwres/man/lwres_gethostent.html     |  14 +--
 lib/lwres/man/lwres_getipnode.3         |   4 +-
 lib/lwres/man/lwres_getipnode.html      |  12 +-
 lib/lwres/man/lwres_getnameinfo.3       |   4 +-
 lib/lwres/man/lwres_getnameinfo.html    |  14 +--
 lib/lwres/man/lwres_getrrsetbyname.3    |   4 +-
 lib/lwres/man/lwres_getrrsetbyname.html |  12 +-
 lib/lwres/man/lwres_gnba.3              |   4 +-
 lib/lwres/man/lwres_gnba.html           |  12 +-
 lib/lwres/man/lwres_hstrerror.3         |   4 +-
 lib/lwres/man/lwres_hstrerror.html      |  12 +-
 lib/lwres/man/lwres_inetntop.3          |   4 +-
 lib/lwres/man/lwres_inetntop.html       |  12 +-
 lib/lwres/man/lwres_noop.3              |   4 +-
 lib/lwres/man/lwres_noop.html           |  12 +-
 lib/lwres/man/lwres_packet.3            |   4 +-
 lib/lwres/man/lwres_packet.html         |  10 +-
 lib/lwres/man/lwres_resutil.3           |   4 +-
 lib/lwres/man/lwres_resutil.html        |  12 +-
 72 files changed, 561 insertions(+), 560 deletions(-)

diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
index f694d50eed..4b45e0fdfb 100644
--- a/bin/check/named-checkconf.8
+++ b/bin/check/named-checkconf.8
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.22 2005/05/12 23:54:21 sra Exp $
+.\" $Id: named-checkconf.8,v 1.23 2005/05/13 03:13:54 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
index 85c4e0f2ce..8f7356b9f2 100644
--- a/bin/check/named-checkconf.html
+++ b/bin/check/named-checkconf.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
named-checkconf — named configuration file syntax checking tool

@@ -32,14 +32,14 @@
 
named-checkconf  [-v] [-j] [-t directory] {filename} [-z]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-t directory

 

@@ -70,20 +70,20 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 06e8f52d30..e1c9fa3988 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.26 2005/05/12 23:54:21 sra Exp $
+.\" $Id: named-checkzone.8,v 1.27 2005/05/13 03:14:03 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 5ad1ec5b42..6c539791e2 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
named-checkzone — zone file validity checking tool

@@ -32,7 +32,7 @@
 
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-k mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -41,7 +41,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -122,21 +122,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       RFC 1035,
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index 5e7a41fc2f..e79f791baa 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.29 2005/05/12 23:54:22 sra Exp $
+.\" $Id: dig.1,v 1.30 2005/05/13 03:14:03 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 108164e1a2..62e08eae9f 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
dig — DNS lookup utility

@@ -34,7 +34,7 @@
 
dig  [global-queryopt...] [query...]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -73,7 +73,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -119,7 +119,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -213,7 +213,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -511,7 +511,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -557,14 +557,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -572,7 +572,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/bin/dig/host.1 b/bin/dig/host.1
index 7321760d72..cbb9ff1c4f 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.20 2005/05/12 23:54:23 sra Exp $
+.\" $Id: host.1,v 1.21 2005/05/13 03:14:04 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/dig/host.html b/bin/dig/host.html
index 2c36b0730d..ea0aedd1f7 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
host — DNS lookup utility

@@ -32,7 +32,7 @@
 
host  [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -178,12 +178,12 @@
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index f9d55a926d..23b292ba7a 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.4 2005/05/12 23:54:23 sra Exp $
+.\" $Id: nslookup.1,v 1.5 2005/05/13 03:14:04 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index dcac0500d7..31df531faa 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -21,7 +21,7 @@
 
 
 

-

+

 

 
Name

 
nslookup — query Internet name servers interactively

@@ -31,7 +31,7 @@
 
nslookup  [-option] [name | -] [server]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
Nslookup
       is a program to query Internet domain name servers.  Nslookup
       has two modes: interactive and non-interactive.  Interactive mode allows
@@ -43,7 +43,7 @@
     

 

 

-
ARGUMENTS

+
ARGUMENTS

 

       Interactive mode is entered in the following cases:
       

@@ -76,7 +76,7 @@ nslookup -query=hinfo  -timeout=10
     

 

 

-
INTERACTIVE COMMANDS

+
INTERACTIVE COMMANDS

 

 
host [server]

 

@@ -276,19 +276,19 @@ nslookup -query=hinfo  -timeout=10
 

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       host(1),
       named(8).
     

 

 

-
Author

+
Author

 

       Andrew Cherenson
     

diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index db8051e50a..7d1aee6752 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.30 2005/05/12 23:54:23 sra Exp $
+.\" $Id: dnssec-keygen.8,v 1.31 2005/05/13 03:14:04 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index ae42fa8ead..4791fd258f 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
dnssec-keygen — DNSSEC key generation tool

@@ -32,7 +32,7 @@
 
dnssec-keygen  {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC <TBA\>.  It can also generate keys for use with
@@ -40,7 +40,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -148,7 +148,7 @@
 

 

 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -195,7 +195,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -216,7 +216,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535,
@@ -225,7 +225,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index e23f468e51..2f14cc855e 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.36 2005/05/12 23:54:24 sra Exp $
+.\" $Id: dnssec-signzone.8,v 1.37 2005/05/13 03:14:05 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index 22d3b3ac26..13d23ba503 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
dnssec-signzone — DNSSEC zone signing tool

@@ -32,7 +32,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-j jitter] [-n nthreads] [-o origin] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -204,7 +204,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated in the dnssec-keygen
@@ -230,14 +230,14 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
index 37f40f3725..4dda880da6 100644
--- a/bin/named/lwresd.8
+++ b/bin/named/lwresd.8
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwresd.8,v 1.20 2005/05/12 23:54:24 sra Exp $
+.\" $Id: lwresd.8,v 1.21 2005/05/13 03:14:05 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
index 5ed6ec2a4c..93576885cf 100644
--- a/bin/named/lwresd.html
+++ b/bin/named/lwresd.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwresd — lightweight resolver daemon

@@ -32,7 +32,7 @@
 
lwresd  [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwresd
       is the daemon providing name lookup
       services to clients that use the BIND 9 lightweight resolver
@@ -67,7 +67,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-C config-file

 

@@ -159,7 +159,7 @@
 

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -172,14 +172,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       lwres(3),
       resolver(5).
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/named/named.8 b/bin/named/named.8
index 5118b5c132..36b37506ff 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.8,v 1.25 2005/05/12 23:54:25 sra Exp $
+.\" $Id: named.8,v 1.26 2005/05/13 03:14:05 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 024da505b1..11e7a64487 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -21,7 +21,7 @@
 
 
 

-

+

 

 
Name

 
named.conf — configuration file for named

@@ -31,7 +31,7 @@
 
named.conf 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named.conf is the configuration file
       for
       named.  Statements are enclosed
@@ -50,14 +50,14 @@
     

 

 

-
ACL

+
ACL

 


 acl string { address_match_element; ... };

 

 

 

 

-
KEY

+
KEY

 


 key domain_name {

 	algorithm string;

@@ -66,7 +66,7 @@ key
 

 

 

-
MASTERS

+
MASTERS

 


 masters string [ port integer ] {
masters | ipv4_address [port integer] |

@@ -75,7 +75,7 @@ masters
 

 

 

-
SERVER

+
SERVER

 


 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {

 	bogus boolean;

@@ -95,7 +95,7 @@ server
 

 

 

-
TRUSTED-KEYS

+
TRUSTED-KEYS

 


 trusted-keys {

 	domain_name flags protocol algorithm key; ... 

@@ -103,7 +103,7 @@ trusted-keys
 

 

 

-
CONTROLS

+
CONTROLS

 


 controls {

 	inet ( ipv4_address | ipv6_address | * )

@@ -115,7 +115,7 @@ controls
 

 

 

-
LOGGING

+
LOGGING

 


 logging {

 	channel string {

@@ -133,7 +133,7 @@ logging
 

 

 

-
LWRES

+
LWRES

 


 lwres {

 	listen-on [ port integer ] {

@@ -146,7 +146,7 @@ lwres
 

 

 

-
OPTIONS

+
OPTIONS

 


 options {

 	avoid-v4-udp-ports { port; ... };

@@ -292,7 +292,7 @@ options
 

 

 

-
VIEW

+
VIEW

 


 view string optional_class {

 	match-clients { address_match_element; ... };

@@ -413,7 +413,7 @@ view
 

 

 

-
ZONE

+
ZONE

 


 zone string optional_class {

 	type ( master | slave | stub | hint |

@@ -491,12 +491,12 @@ zone
 

 

 

-
FILES

+
FILES

 
/etc/named.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       rndc(8),
       BIND 9 Administrator Reference Manual.
diff --git a/bin/named/named.html b/bin/named/named.html
index 849477b4f4..ae9bcbe827 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
named — Internet domain name server

@@ -32,7 +32,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -47,7 +47,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -180,7 +180,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -201,7 +201,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -210,7 +210,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -223,7 +223,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -233,7 +233,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8
index 6c8921774b..6c7879e897 100644
--- a/bin/nsupdate/nsupdate.8
+++ b/bin/nsupdate/nsupdate.8
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nsupdate.8,v 1.35 2005/05/12 23:54:26 sra Exp $
+.\" $Id: nsupdate.8,v 1.36 2005/05/13 03:14:06 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 9193138955..f7f015cfec 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
nsupdate — Dynamic DNS update utility

@@ -32,7 +32,7 @@
 
nsupdate  [-d] [[-y keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-v] [filename]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -164,7 +164,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -354,7 +354,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -408,7 +408,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -427,7 +427,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2136,
       RFC3007,
       RFC2104,
@@ -440,7 +440,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8
index 4bc9a8d851..eeca4e6e52 100644
--- a/bin/rndc/rndc-confgen.8
+++ b/bin/rndc/rndc-confgen.8
@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2001, 2003 Internet Software Consortium
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: rndc-confgen.8,v 1.15 2005/05/12 23:54:26 sra Exp $
+.\" $Id: rndc-confgen.8,v 1.16 2005/05/13 03:14:07 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html
index e3a8d12714..9e4623de73 100644
--- a/bin/rndc/rndc-confgen.html
+++ b/bin/rndc/rndc-confgen.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
rndc-confgen — rndc key generation tool

@@ -32,7 +32,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -48,7 +48,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -155,7 +155,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -172,7 +172,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -180,7 +180,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
index fab0424daa..10954f3ec2 100644
--- a/bin/rndc/rndc.8
+++ b/bin/rndc/rndc.8
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: rndc.8,v 1.33 2005/05/12 23:54:28 sra Exp $
+.\" $Id: rndc.8,v 1.34 2005/05/13 03:14:07 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
index cb72671533..7b96266f82 100644
--- a/bin/rndc/rndc.conf.5
+++ b/bin/rndc/rndc.conf.5
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: rndc.conf.5,v 1.31 2005/05/12 23:54:28 sra Exp $
+.\" $Id: rndc.conf.5,v 1.32 2005/05/13 03:14:07 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
index 9f52a0bac8..82c6b8efdd 100644
--- a/bin/rndc/rndc.conf.html
+++ b/bin/rndc/rndc.conf.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
rndc.conf — rndc configuration file

@@ -32,7 +32,7 @@
 
rndc.conf 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -117,7 +117,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -191,7 +191,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -201,7 +201,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -209,7 +209,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index 7b07a8edb7..5dd7c9a27b 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
rndc — name server control utility

@@ -32,7 +32,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -134,7 +134,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -148,7 +148,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       named(8),
       named.conf(5)
@@ -157,7 +157,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 01d4728a45..65011e49a5 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -45,17 +45,17 @@
 

 
Table of Contents

 

-
Scope of Document

-
Organization of This Document

-
Conventions Used in This Document

-
The Domain Name System (DNS)

+
Scope of Document

+
Organization of This Document

+
Conventions Used in This Document

+
The Domain Name System (DNS)

 

-
DNS Fundamentals

-
Domains and Domain Names

-
Zones

-
Authoritative Name Servers

-
Caching Name Servers

-
Name Servers in Multiple Roles

+
DNS Fundamentals

+
Domains and Domain Names

+
Zones

+
Authoritative Name Servers

+
Caching Name Servers

+
Name Servers in Multiple Roles

 

 

 

@@ -71,7 +71,7 @@
     

 

 

-Scope of Document

+Scope of Document

 

         The Berkeley Internet Name Domain
         (BIND) implements an
@@ -88,7 +88,7 @@
 

 

 

-Organization of This Document

+Organization of This Document

 

         In this document, Section 1 introduces
         the basic DNS and BIND concepts. Section 2
@@ -117,7 +117,7 @@
 

 

 

-Conventions Used in This Document

+Conventions Used in This Document

 

         In this document, we use the following general typographic
         conventions:
@@ -244,7 +244,7 @@
 

 

 

-The Domain Name System (DNS)

+The Domain Name System (DNS)

 

         The purpose of this document is to explain the installation
         and upkeep of the BIND software
@@ -254,7 +254,7 @@
       

 

 

-DNS Fundamentals

+DNS Fundamentals

 

           The Domain Name System (DNS) is the hierarchical, distributed
           database.  It stores information for mapping Internet host names to
@@ -274,7 +274,7 @@
 

 

 

-Domains and Domain Names

+Domains and Domain Names

 

           The data stored in the DNS is identified by domain names that are organized as a tree according to
           organizational or administrative boundaries. Each node of the tree,
@@ -320,7 +320,7 @@
 

 

 

-Zones

+Zones

 

           To properly operate a name server, it is important to understand
           the difference between a zone
@@ -373,7 +373,7 @@
 

 

 

-Authoritative Name Servers

+Authoritative Name Servers

 

           Each zone is served by at least
           one authoritative name server,
@@ -389,7 +389,7 @@
         

 

 

-The Primary Master

+The Primary Master

 

             The authoritative server where the master copy of the zone data is
             maintained is
@@ -405,7 +405,7 @@
 

 

 

-Slave Servers

+Slave Servers

 

             The other authoritative servers, the slave
             servers (also known as secondary servers)
@@ -421,7 +421,7 @@
 

 

 

-Stealth Servers

+Stealth Servers

 

             Usually all of the zone's authoritative servers are listed in
             NS records in the parent zone.  These NS records constitute
@@ -456,7 +456,7 @@
 

 

 

-Caching Name Servers

+Caching Name Servers

 

           The resolver libraries provided by most operating systems are
           stub resolvers, meaning that they are not
@@ -483,7 +483,7 @@
         

 

 

-Forwarding

+Forwarding

             Even a caching name server does not necessarily perform
             the complete recursive lookup itself.  Instead, it can
@@ -514,7 +514,7 @@
 
 

 

-Name Servers in Multiple Roles

+Name Servers in Multiple Roles

           The BIND name server can
           simultaneously act as
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 6f960c43bc..c6dd9147c4 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -45,16 +45,16 @@
 

 
Table of Contents

 

-
Hardware requirements

-
CPU Requirements

-
Memory Requirements

-
Name Server Intensive Environment Issues

-
Supported Operating Systems

+
Hardware requirements

+
CPU Requirements

+
Memory Requirements

+
Name Server Intensive Environment Issues

+
Supported Operating Systems

 

 

 

-Hardware requirements

+Hardware requirements

         DNS hardware requirements have
         traditionally been quite modest.
@@ -73,7 +73,7 @@
 
 

 

-CPU Requirements

+CPU Requirements

         CPU requirements for BIND 9 range from
         i486-class machines
@@ -84,7 +84,7 @@
 
 

 

-Memory Requirements

+Memory Requirements

         The memory of the server has to be large enough to fit the
         cache and zones loaded off disk.  The max-cache-size
@@ -107,7 +107,7 @@
 
 

 

-Name Server Intensive Environment Issues

+Name Server Intensive Environment Issues

         For name server intensive environments, there are two alternative
         configurations that may be used. The first is where clients and
@@ -124,7 +124,7 @@
 
 

 

-Supported Operating Systems

+Supported Operating Systems

         ISC BIND 9 compiles and runs on a large
         number
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 90a3db5dbb..8c5d5a2646 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -47,14 +47,14 @@
 

 
Sample Configurations

 

-
A Caching-only Name Server

-
An Authoritative-only Name Server

+
A Caching-only Name Server

+
An Authoritative-only Name Server

 

-
Load Balancing

-
Name Server Operations

+
Load Balancing

+
Name Server Operations

 

-
Tools for Use With the Name Server Daemon

-
Signals

+
Tools for Use With the Name Server Daemon

+
Signals

 

 

@@ -68,7 +68,7 @@
 Sample Configurations

 

-A Caching-only Name Server

+A Caching-only Name Server

           The following sample configuration is appropriate for a caching-only
           name server for use by clients internal to a corporation.  All
@@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
 
 

 

-An Authoritative-only Name Server

+An Authoritative-only Name Server

           This sample configuration is for an authoritative-only server
           that is the master server for "example.com"
@@ -137,7 +137,7 @@ zone "eng.example.com" {
 
 

 

-Load Balancing

+Load Balancing

         A primitive form of load balancing can be achieved in
         the DNS by using multiple A records for
@@ -284,10 +284,10 @@ zone "eng.example.com" {
 
 

 

-Name Server Operations

+Name Server Operations

 

-Tools for Use With the Name Server Daemon

+Tools for Use With the Name Server Daemon

           There are several indispensable diagnostic, administrative
           and monitoring tools available to the system administrator for
@@ -742,7 +742,7 @@ controls {
 
 

 

-Signals

+Signals

           Certain UNIX signals cause the name server to take specific
           actions, as described in the following table.  These signals can
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index cd301134bb..f755e8f33a 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -49,28 +49,28 @@
 
Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)

-
Split DNS

+
Split DNS
TSIG

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)
DNSSEC

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

@@ -199,7 +199,7 @@
 

 

-Split DNS

+Split DNS

         Setting up different views, or visibility, of the DNS space to
         internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization
@@ -467,7 +467,7 @@ nameserver 172.16.72.4
       

 

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

           A shared secret is generated to be shared between host1 and host2.
           An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -475,7 +475,7 @@ nameserver 172.16.72.4
         

 

-Automatic Generation

+Automatic Generation

             The following command will generate a 128 bit (16 byte) HMAC-MD5
             key as described above. Longer keys are better, but shorter keys
@@ -500,7 +500,7 @@ nameserver 172.16.72.4
 
 

 

-Manual Generation

+Manual Generation

             The shared secret is simply a random sequence of bits, encoded
             in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -515,7 +515,7 @@ nameserver 172.16.72.4
 
 

 

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

           This is beyond the scope of DNS. A secure transport mechanism
           should be used. This could be secure FTP, ssh, telephone, etc.
@@ -523,7 +523,7 @@ nameserver 172.16.72.4
 
 

 

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

           Imagine host1 and host 2
           are
@@ -552,7 +552,7 @@ key host1-host2. {
 
 

 

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

           Since keys are shared between two hosts only, the server must
           be told when keys are to be used. The following is added to the named.conf file
@@ -584,7 +584,7 @@ server 10.1.2.3 {
 
 

 

-TSIG Key Based Access Control

+TSIG Key Based Access Control

           BIND allows IP addresses and ranges
           to be specified in ACL
@@ -612,7 +612,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Errors

+Errors

           The processing of TSIG signed messages can result in
           several errors. If a signed message is sent to a non-TSIG aware
@@ -638,7 +638,7 @@ allow-update { key host1-host2. ;};
 
 

 

-TKEY

+TKEY
TKEY
         is a mechanism for automatically generating a shared secret
         between two hosts.  There are several "modes" of
@@ -674,7 +674,7 @@ allow-update { key host1-host2. ;};
 
 

 

-SIG(0)

+SIG(0)

         BIND 9 partially supports DNSSEC SIG(0)
             transaction signatures as specified in RFC 2535 and RFC2931.
@@ -736,7 +736,7 @@ allow-update { key host1-host2. ;};
       

 

-Generating Keys

+Generating Keys

           The dnssec-keygen program is used to
           generate keys.
@@ -787,7 +787,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Signing the Zone

+Signing the Zone

           The dnssec-signzone program is used
           to
@@ -831,7 +831,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Configuring Servers

+Configuring Servers

           Unlike BIND 8,
           BIND 9 does not verify signatures on
@@ -848,7 +848,7 @@ allow-update { key host1-host2. ;};
 
 

 

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

         BIND 9 fully supports all currently
         defined forms of IPv6
@@ -892,7 +892,7 @@ allow-update { key host1-host2. ;};
       

 

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

           The AAAA record is a parallel to the IPv4 A record.  It
           specifies the entire address in a single record.  For
@@ -912,7 +912,7 @@ host            3600    IN      AAAA    2001:db8::1
 
 

 

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

           When looking up an address in nibble format, the address
           components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index e35cde771b..644471f633 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -45,13 +45,13 @@
 

 
Table of Contents

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 

 

-The Lightweight Resolver Library

+The Lightweight Resolver Library

         Traditionally applications have been linked with a stub resolver
         library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index f846ccd58b..d2faab1a1c 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -48,52 +48,52 @@
 
Configuration File Elements

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 
Configuration File Grammar

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 

@@ -411,7 +411,7 @@
 Address Match Lists

 

-Syntax

+Syntax
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -420,7 +420,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -497,7 +497,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -507,7 +507,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -522,7 +522,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -756,7 +756,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name { 
     address_match_list 
 };
@@ -839,7 +839,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys {  key_list  };
@@ -979,12 +979,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -999,7 +999,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1008,7 +1008,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1051,7 +1051,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path name
@@ -1075,7 +1075,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1109,7 +1109,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1628,7 +1628,7 @@ category notify { null; };
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1643,7 +1643,7 @@ category notify { null; };
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -1694,14 +1694,14 @@ category notify { null; };
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] } ; 
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
 	  lists allow for a common set of masters to be easily used by
@@ -1710,7 +1710,7 @@ category notify { null; };
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -2671,7 +2671,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -2715,7 +2715,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -2880,7 +2880,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -2960,7 +2960,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
 
 

 

-Query Address

+Query Address

 

             If the server doesn't know the answer to a question, it will
             query other name servers. query-source specifies
@@ -3204,7 +3204,7 @@ query-source-v6 address * port *;
 
 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 
avoid-v4-udp-ports
 	    and avoid-v6-udp-ports specify a list
             of IPv4 and IPv6 UDP ports that will not be used as system
@@ -3218,7 +3218,7 @@ query-source-v6 address * port *;
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3278,7 +3278,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3357,7 +3357,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -4181,7 +4181,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4190,7 +4190,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4229,7 +4229,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             new feature
@@ -4399,10 +4399,10 @@ view "external" {
 
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 

 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
@@ -4611,7 +4611,7 @@ view "external" {
 

 

-Class

+Class

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -4633,7 +4633,7 @@ view "external" {
 
 

 

-Zone Options

+Zone Options

 
journal

 

@@ -5057,7 +5057,7 @@ view "external" {
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -5070,7 +5070,7 @@ view "external" {
           

 

 

-Resource Records

+Resource Records

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -5659,7 +5659,7 @@ view "external" {
 
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -5866,7 +5866,7 @@ view "external" {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -6123,7 +6123,7 @@ view "external" {
 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -6184,7 +6184,7 @@ view "external" {
 
 

 

-Other Zone File Directives

+Other Zone File Directives

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -6199,7 +6199,7 @@ view "external" {
           

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
 	      domain-name
@@ -6227,7 +6227,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -6263,7 +6263,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -6282,7 +6282,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
 	    range
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 2ef0441cb4..9feb625b7a 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -46,11 +46,11 @@
 
Table of Contents

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -114,7 +114,7 @@ zone "example.com" {
 

 

-chroot and setuid (for
+chroot and setuid (for
           UNIX servers)

 

           On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -138,7 +138,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot() environment
             to
@@ -166,7 +166,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index f6265b970e..0b4a39d2ff 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers-they aren't date
           related.  A lot of people set them to a number that represents a
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Software Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 4f41ac4304..da5b133759 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -43,24 +43,24 @@
 

 
Table of Contents

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

-A Brief History of the DNS and BIND

+A Brief History of the DNS and BIND

             Although the "official" beginning of the Domain Name
             System occurred in 1984 with the publication of RFC 920, the
@@ -469,7 +469,7 @@
           

 

-Bibliography

+Bibliography

 
Standards

 
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

@@ -592,11 +592,11 @@
 

 

-Other Documents About BIND

+Other Documents About BIND

 

-Bibliography

+Bibliography
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 39d2fe3089..3d12b1f6c3 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -1,6 +1,6 @@
 
-
+
@@ -40,9 +40,9 @@
 

 

 

-BIND 9 Administrator Reference Manual

+BIND 9 Administrator Reference Manual

 
Copyright © 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

-
Copyright © 2000-2003 Internet Software Consortium

+
Copyright © 2000-2003 Internet Software Consortium.

 

@@ -51,39 +51,39 @@
 

 
1. Introduction

 

-
Scope of Document

-
Organization of This Document

-
Conventions Used in This Document

-
The Domain Name System (DNS)

+
Scope of Document

+
Organization of This Document

+
Conventions Used in This Document

+
The Domain Name System (DNS)

 

-
DNS Fundamentals

-
Domains and Domain Names

-
Zones

-
Authoritative Name Servers

-
Caching Name Servers

-
Name Servers in Multiple Roles

+
DNS Fundamentals

+
Domains and Domain Names

+
Zones

+
Authoritative Name Servers

+
Caching Name Servers

+
Name Servers in Multiple Roles

 

 

 
2. BIND Resource Requirements

 

-
Hardware requirements

-
CPU Requirements

-
Memory Requirements

-
Name Server Intensive Environment Issues

-
Supported Operating Systems

+
Hardware requirements

+
CPU Requirements

+
Memory Requirements

+
Name Server Intensive Environment Issues

+
Supported Operating Systems

 

 
3. Name Server Configuration

 

 
Sample Configurations

 

-
A Caching-only Name Server

-
An Authoritative-only Name Server

+
A Caching-only Name Server

+
An Authoritative-only Name Server

 

-
Load Balancing

-
Name Server Operations

+
Load Balancing

+
Name Server Operations

 

-
Tools for Use With the Name Server Daemon

-
Signals

+
Tools for Use With the Name Server Daemon

+
Signals

 

 

 
4. Advanced DNS Features

@@ -92,33 +92,33 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

+
Split DNS

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
5. The BIND 9 Lightweight Resolver

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 
6. BIND 9 Configuration Reference

@@ -126,83 +126,83 @@
 
Configuration File Elements

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 
Configuration File Grammar

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
7. BIND 9 Security Considerations

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 
8. Troubleshooting

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 
A. Appendices

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

diff --git a/doc/misc/options b/doc/misc/options
index b64655d034..c2bb164383 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -49,6 +49,7 @@ options {
         use-id-pool ; // obsolete
         use-ixfr ;
         version (  | none );
+        flush-zones-on-shutdown ;
         allow-query-cache { ; ... };
         allow-recursion { ; ... };
         allow-v6-synthesis { ; ... }; // obsolete
diff --git a/lib/lwres/man/lwres.3 b/lib/lwres/man/lwres.3
index b3897c8fae..3cd0d9bd12 100644
--- a/lib/lwres/man/lwres.3
+++ b/lib/lwres/man/lwres.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres.3,v 1.22 2005/05/12 23:54:32 sra Exp $
+.\" $Id: lwres.3,v 1.23 2005/05/13 03:14:11 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres.html b/lib/lwres/man/lwres.html
index c052a97602..417c660202 100644
--- a/lib/lwres/man/lwres.html
+++ b/lib/lwres/man/lwres.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres — introduction to the lightweight resolver library

@@ -32,7 +32,7 @@
 
#include <lwres/lwres.h>

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       The BIND 9 lightweight resolver library is a simple, name service
       independent stub resolver library.  It provides hostname-to-address
@@ -47,7 +47,7 @@
     

 

 

-
OVERVIEW

+
OVERVIEW

 

       The lwresd library implements multiple name service APIs.
       The standard
@@ -101,7 +101,7 @@
     

 

 

-
CLIENT-SIDE LOW-LEVEL API CALL FLOW

+
CLIENT-SIDE LOW-LEVEL API CALL FLOW

 

       When a client program wishes to make an lwres request using the
       native low-level API, it typically performs the following
@@ -149,7 +149,7 @@
     

 

 

-
SERVER-SIDE LOW-LEVEL API CALL FLOW

+
SERVER-SIDE LOW-LEVEL API CALL FLOW

 

       When implementing the server side of the lightweight resolver
       protocol using the lwres library, a sequence of actions like the
@@ -191,7 +191,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_gethostent(3),
 
       lwres_getipnode(3),
diff --git a/lib/lwres/man/lwres_buffer.3 b/lib/lwres/man/lwres_buffer.3
index e0219e23a2..f29e95f25a 100644
--- a/lib/lwres/man/lwres_buffer.3
+++ b/lib/lwres/man/lwres_buffer.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_buffer.3,v 1.20 2005/05/12 23:54:33 sra Exp $
+.\" $Id: lwres_buffer.3,v 1.21 2005/05/13 03:14:12 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_buffer.html b/lib/lwres/man/lwres_buffer.html
index 67d4418fc8..1ad8daa170 100644
--- a/lib/lwres/man/lwres_buffer.html
+++ b/lib/lwres/man/lwres_buffer.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management

@@ -262,7 +262,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions provide bounds checked access to a region of memory
       where data is being read or written.
diff --git a/lib/lwres/man/lwres_config.3 b/lib/lwres/man/lwres_config.3
index 826e9b9225..665a718a4e 100644
--- a/lib/lwres/man/lwres_config.3
+++ b/lib/lwres/man/lwres_config.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_config.3,v 1.20 2005/05/12 23:54:33 sra Exp $
+.\" $Id: lwres_config.3,v 1.21 2005/05/13 03:14:12 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_config.html b/lib/lwres/man/lwres_config.html
index 1491308c13..212b746b11 100644
--- a/lib/lwres/man/lwres_config.html
+++ b/lib/lwres/man/lwres_config.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration

@@ -90,7 +90,7 @@ lwres_conf_t *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_conf_init()
       creates an empty
       lwres_conf_t
@@ -123,7 +123,7 @@ lwres_conf_t *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_conf_parse()
       returns LWRES_R_SUCCESS
       if it successfully read and parsed
@@ -142,13 +142,13 @@ lwres_conf_t *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
stdio(3),
       resolver(5).
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

diff --git a/lib/lwres/man/lwres_context.3 b/lib/lwres/man/lwres_context.3
index f8bd11b911..d3dac5d9af 100644
--- a/lib/lwres/man/lwres_context.3
+++ b/lib/lwres/man/lwres_context.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_context.3,v 1.22 2005/05/12 23:54:34 sra Exp $
+.\" $Id: lwres_context.3,v 1.23 2005/05/13 03:14:12 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_context.html b/lib/lwres/man/lwres_context.html
index 42584340ca..8abc79fc5a 100644
--- a/lib/lwres/man/lwres_context.html
+++ b/lib/lwres/man/lwres_context.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management

@@ -172,7 +172,7 @@ void *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_context_create()
       creates a lwres_context_t structure for use in
       lightweight resolver operations.  It holds a socket and other
@@ -258,7 +258,7 @@ void *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_context_create()
       returns LWRES_R_NOMEMORY if memory for
       the struct lwres_context could not be allocated,
@@ -283,7 +283,7 @@ void *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_conf_init(3),
 
       malloc(3),
diff --git a/lib/lwres/man/lwres_gabn.3 b/lib/lwres/man/lwres_gabn.3
index 40fa3023d7..b77db04e6d 100644
--- a/lib/lwres/man/lwres_gabn.3
+++ b/lib/lwres/man/lwres_gabn.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_gabn.3,v 1.21 2005/05/12 23:54:34 sra Exp $
+.\" $Id: lwres_gabn.3,v 1.22 2005/05/13 03:14:13 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_gabn.html b/lib/lwres/man/lwres_gabn.html
index 964549e718..a17ac029fd 100644
--- a/lib/lwres/man/lwres_gabn.html
+++ b/lib/lwres/man/lwres_gabn.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling

@@ -178,7 +178,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These are low-level routines for creating and parsing
       lightweight resolver name-to-address lookup request and
@@ -278,7 +278,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The getaddrbyname opcode functions
       lwres_gabnrequest_render(),
@@ -316,7 +316,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_packet(3)
     

 

diff --git a/lib/lwres/man/lwres_gai_strerror.3 b/lib/lwres/man/lwres_gai_strerror.3
index 39843e5745..1dce6a54ae 100644
--- a/lib/lwres/man/lwres_gai_strerror.3
+++ b/lib/lwres/man/lwres_gai_strerror.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_gai_strerror.3,v 1.21 2005/05/12 23:54:35 sra Exp $
+.\" $Id: lwres_gai_strerror.3,v 1.22 2005/05/13 03:14:13 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_gai_strerror.html b/lib/lwres/man/lwres_gai_strerror.html
index b80ca0c800..183a63dd06 100644
--- a/lib/lwres/man/lwres_gai_strerror.html
+++ b/lib/lwres/man/lwres_gai_strerror.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gai_strerror — print suitable error string

@@ -37,7 +37,7 @@ char *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_gai_strerror()
       returns an error message corresponding to an error code returned by
       getaddrinfo().
@@ -105,7 +105,7 @@ char *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
strerror(3),
 
       lwres_getaddrinfo(3),
diff --git a/lib/lwres/man/lwres_getaddrinfo.3 b/lib/lwres/man/lwres_getaddrinfo.3
index 75c50e88e3..286fc46bd0 100644
--- a/lib/lwres/man/lwres_getaddrinfo.3
+++ b/lib/lwres/man/lwres_getaddrinfo.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_getaddrinfo.3,v 1.25 2005/05/12 23:54:35 sra Exp $
+.\" $Id: lwres_getaddrinfo.3,v 1.26 2005/05/13 03:14:13 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_getaddrinfo.html b/lib/lwres/man/lwres_getaddrinfo.html
index 1ef9c984b9..74bdbfd00c 100644
--- a/lib/lwres/man/lwres_getaddrinfo.html
+++ b/lib/lwres/man/lwres_getaddrinfo.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name

@@ -89,7 +89,7 @@ struct  addrinfo {
     

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_getaddrinfo()
       is used to get a list of IP addresses and port numbers for host
       hostname and service
@@ -283,7 +283,7 @@ struct  addrinfo {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_getaddrinfo()
       returns zero on success or one of the error codes listed in
       gai_strerror(3)
@@ -294,7 +294,7 @@ struct  addrinfo {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres(3),
 
       lwres_getaddrinfo(3),
diff --git a/lib/lwres/man/lwres_gethostent.3 b/lib/lwres/man/lwres_gethostent.3
index b7d939ac4c..37bef33809 100644
--- a/lib/lwres/man/lwres_gethostent.3
+++ b/lib/lwres/man/lwres_gethostent.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2001 Internet Software Consortium
+.\" Copyright (C) 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_gethostent.3,v 1.23 2005/05/12 23:54:36 sra Exp $
+.\" $Id: lwres_gethostent.3,v 1.24 2005/05/13 03:14:14 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_gethostent.html b/lib/lwres/man/lwres_gethostent.html
index 76b9c7141b..a1839fbd00 100644
--- a/lib/lwres/man/lwres_gethostent.html
+++ b/lib/lwres/man/lwres_gethostent.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry

@@ -203,7 +203,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions provide hostname-to-address and
       address-to-hostname lookups by means of the lightweight resolver.
@@ -341,7 +341,7 @@ struct  hostent {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The functions
       lwres_gethostbyname(),
@@ -405,7 +405,7 @@ struct  hostent {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
gethostent(3),
 
       lwres_getipnode(3),
@@ -414,7 +414,7 @@ struct  hostent {
     

 

 

-
BUGS

+
BUGS

 
lwres_gethostbyname(),
       lwres_gethostbyname2(),
       lwres_gethostbyaddr()
diff --git a/lib/lwres/man/lwres_getipnode.3 b/lib/lwres/man/lwres_getipnode.3
index 03d8ddc446..23a512fca4 100644
--- a/lib/lwres/man/lwres_getipnode.3
+++ b/lib/lwres/man/lwres_getipnode.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_getipnode.3,v 1.22 2005/05/12 23:54:36 sra Exp $
+.\" $Id: lwres_getipnode.3,v 1.23 2005/05/13 03:14:14 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_getipnode.html b/lib/lwres/man/lwres_getipnode.html
index 25b67de0ed..a83d97cdfe 100644
--- a/lib/lwres/man/lwres_getipnode.html
+++ b/lib/lwres/man/lwres_getipnode.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API

@@ -98,7 +98,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions perform thread safe, protocol independent
       nodename-to-address and address-to-nodename
@@ -217,7 +217,7 @@ struct  hostent {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       If an error occurs,
       lwres_getipnodebyname()
@@ -261,7 +261,7 @@ struct  hostent {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2553,
 
       lwres(3),
diff --git a/lib/lwres/man/lwres_getnameinfo.3 b/lib/lwres/man/lwres_getnameinfo.3
index 43bea01a15..ee839d8a10 100644
--- a/lib/lwres/man/lwres_getnameinfo.3
+++ b/lib/lwres/man/lwres_getnameinfo.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_getnameinfo.3,v 1.23 2005/05/12 23:54:36 sra Exp $
+.\" $Id: lwres_getnameinfo.3,v 1.24 2005/05/13 03:14:14 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_getnameinfo.html b/lib/lwres/man/lwres_getnameinfo.html
index 04ddb1b518..0ede27a468 100644
--- a/lib/lwres/man/lwres_getnameinfo.html
+++ b/lib/lwres/man/lwres_getnameinfo.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getnameinfo — lightweight resolver socket address structure to hostname and
@@ -82,7 +82,7 @@ int
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

        This function is equivalent to the
       getnameinfo(3) function defined in RFC2133.
@@ -149,13 +149,13 @@ int
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_getnameinfo()
       returns 0 on success or a non-zero error code if an error occurs.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2133,
       getservbyport(3),
       lwres(3),
@@ -165,7 +165,7 @@ int
     

 

 

-
BUGS

+
BUGS

 

       RFC2133 fails to define what the nonzero return values of
       getnameinfo(3)
diff --git a/lib/lwres/man/lwres_getrrsetbyname.3 b/lib/lwres/man/lwres_getrrsetbyname.3
index 1e166abafe..84fdfbfd23 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.3
+++ b/lib/lwres/man/lwres_getrrsetbyname.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_getrrsetbyname.3,v 1.19 2005/05/12 23:54:37 sra Exp $
+.\" $Id: lwres_getrrsetbyname.3,v 1.20 2005/05/13 03:14:15 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_getrrsetbyname.html b/lib/lwres/man/lwres_getrrsetbyname.html
index 373bd4c9e9..21f630bf79 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.html
+++ b/lib/lwres/man/lwres_getrrsetbyname.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records

@@ -102,7 +102,7 @@ struct  rrsetinfo {
     

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_getrrsetbyname()
       gets a set of resource records associated with a
       hostname, class,
@@ -150,7 +150,7 @@ struct  rrsetinfo {
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
lwres_getrrsetbyname()
       returns zero on success, and one of the following error codes if
       an error occurred:
@@ -184,7 +184,7 @@ struct  rrsetinfo {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres(3).
     

 

diff --git a/lib/lwres/man/lwres_gnba.3 b/lib/lwres/man/lwres_gnba.3
index e8d01fccb8..6a0bf4fdbc 100644
--- a/lib/lwres/man/lwres_gnba.3
+++ b/lib/lwres/man/lwres_gnba.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_gnba.3,v 1.21 2005/05/12 23:54:37 sra Exp $
+.\" $Id: lwres_gnba.3,v 1.22 2005/05/13 03:14:15 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_gnba.html b/lib/lwres/man/lwres_gnba.html
index fe61057bba..bcba813ae0 100644
--- a/lib/lwres/man/lwres_gnba.html
+++ b/lib/lwres/man/lwres_gnba.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling

@@ -183,7 +183,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These are low-level routines for creating and parsing
       lightweight resolver address-to-name lookup request and
@@ -270,7 +270,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The getnamebyaddr opcode functions
       lwres_gnbarequest_render(),
@@ -308,7 +308,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_packet(3).
     

 

diff --git a/lib/lwres/man/lwres_hstrerror.3 b/lib/lwres/man/lwres_hstrerror.3
index ab6f219d40..4f7f487c0d 100644
--- a/lib/lwres/man/lwres_hstrerror.3
+++ b/lib/lwres/man/lwres_hstrerror.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_hstrerror.3,v 1.21 2005/05/12 23:54:38 sra Exp $
+.\" $Id: lwres_hstrerror.3,v 1.22 2005/05/13 03:14:15 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_hstrerror.html b/lib/lwres/man/lwres_hstrerror.html
index cad675603b..139fea0ebb 100644
--- a/lib/lwres/man/lwres_hstrerror.html
+++ b/lib/lwres/man/lwres_hstrerror.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_herror, lwres_hstrerror — lightweight resolver error message generation

@@ -40,7 +40,7 @@ const char *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_herror()
       prints the string s on
       stderr followed by the string generated by
@@ -74,7 +74,7 @@ const char *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The string Unknown resolver error is returned by
       lwres_hstrerror()
@@ -84,7 +84,7 @@ const char *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
herror(3),
 
       lwres_hstrerror(3).
diff --git a/lib/lwres/man/lwres_inetntop.3 b/lib/lwres/man/lwres_inetntop.3
index d38eaf449c..aa1612bafe 100644
--- a/lib/lwres/man/lwres_inetntop.3
+++ b/lib/lwres/man/lwres_inetntop.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_inetntop.3,v 1.20 2005/05/12 23:54:38 sra Exp $
+.\" $Id: lwres_inetntop.3,v 1.21 2005/05/13 03:14:15 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_inetntop.html b/lib/lwres/man/lwres_inetntop.html
index ae7c8a4e98..de48f90538 100644
--- a/lib/lwres/man/lwres_inetntop.html
+++ b/lib/lwres/man/lwres_inetntop.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_net_ntop — lightweight resolver IP address presentation

@@ -62,7 +62,7 @@ const char *
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_net_ntop()
       converts an IP address of protocol family
       af — IPv4 or IPv6 — at
@@ -80,7 +80,7 @@ const char *
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       If successful, the function returns dst:
       a pointer to a string containing the presentation format of the
@@ -93,7 +93,7 @@ const char *
     

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC1884,
       inet_ntop(3),
       errno(3).
diff --git a/lib/lwres/man/lwres_noop.3 b/lib/lwres/man/lwres_noop.3
index 5b4b164253..f94ad8b591 100644
--- a/lib/lwres/man/lwres_noop.3
+++ b/lib/lwres/man/lwres_noop.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_noop.3,v 1.22 2005/05/12 23:54:39 sra Exp $
+.\" $Id: lwres_noop.3,v 1.23 2005/05/13 03:14:16 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_noop.html b/lib/lwres/man/lwres_noop.html
index aa2eb2a120..29abba2f55 100644
--- a/lib/lwres/man/lwres_noop.html
+++ b/lib/lwres/man/lwres_noop.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling

@@ -179,7 +179,7 @@ void
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These are low-level routines for creating and parsing
       lightweight resolver no-op request and response messages.
@@ -270,7 +270,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       The no-op opcode functions
       lwres_nooprequest_render(),
@@ -309,7 +309,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_packet(3)
     

 

diff --git a/lib/lwres/man/lwres_packet.3 b/lib/lwres/man/lwres_packet.3
index 7f2674c2e1..b0f71f7ddb 100644
--- a/lib/lwres/man/lwres_packet.3
+++ b/lib/lwres/man/lwres_packet.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_packet.3,v 1.23 2005/05/12 23:54:39 sra Exp $
+.\" $Id: lwres_packet.3,v 1.24 2005/05/13 03:14:16 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_packet.html b/lib/lwres/man/lwres_packet.html
index 201a438015..b3dfbd1f43 100644
--- a/lib/lwres/man/lwres_packet.html
+++ b/lib/lwres/man/lwres_packet.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions

@@ -66,7 +66,7 @@ lwres_result_t
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 

       These functions rely on a
       struct lwres_lwpacket
@@ -219,7 +219,7 @@ struct lwres_lwpacket {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       Successful calls to
       lwres_lwpacket_renderheader() and
diff --git a/lib/lwres/man/lwres_resutil.3 b/lib/lwres/man/lwres_resutil.3
index 93c22945c0..50dbf6ae0a 100644
--- a/lib/lwres/man/lwres_resutil.3
+++ b/lib/lwres/man/lwres_resutil.3
@@ -1,5 +1,5 @@
 .\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001 Internet Software Consortium
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwres_resutil.3,v 1.22 2005/05/12 23:54:40 sra Exp $
+.\" $Id: lwres_resutil.3,v 1.23 2005/05/13 03:14:16 marka Exp $
 .\"
 .hy 0
 .ad l
diff --git a/lib/lwres/man/lwres_resutil.html b/lib/lwres/man/lwres_resutil.html
index e8efe3c7fc..235c79e01e 100644
--- a/lib/lwres/man/lwres_resutil.html
+++ b/lib/lwres/man/lwres_resutil.html
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -22,7 +22,7 @@
 
 
 

-

+

 

 
Name

 
lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions

@@ -134,7 +134,7 @@ lwres_result_t
 

 

 

-
DESCRIPTION

+
DESCRIPTION

 
lwres_string_parse()
       retrieves a DNS-encoded string starting the current pointer of
       lightweight resolver buffer b: i.e.
@@ -210,7 +210,7 @@ typedef struct {
     

 

 

-
RETURN VALUES

+
RETURN VALUES

 

       Successful calls to
       lwres_string_parse()
@@ -248,7 +248,7 @@ typedef struct {
     

 

 

-
SEE ALSO

+
SEE ALSO

 
lwres_buffer(3),
 
       lwres_gabn(3).

From 841fc0fd70881499b62f15e35980dd14b905ba45 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 06:41:08 +0000
Subject: [PATCH 007/148] placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 8aabdb2a2e..48446ebf8a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1859.	[placeholder]	rt14695
+
 1858.	[bug]		The flush-zones-on-shutdown option wasn't being
 			parsed. [RT #14686]
 

From ea206aebcafe1ed5d470dd99daab9a1cedc81c7c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 13 May 2005 23:39:15 +0000
Subject: [PATCH 008/148] newcopyrights

---
 util/copyrights | 410 ++++++++++++++++++++++++------------------------
 1 file changed, 205 insertions(+), 205 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index e3c5ae3670..120ce21871 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1,9 +1,9 @@
 ./.cvsignore					X	1999,2000,2001
-./CHANGES					X	2000,2001
+./CHANGES					X	2000,2001,2005
 ./COPYRIGHT					TXT	1996,1997,1998,1999,2000,2001,2002,2003,2004,2005
-./FAQ						X	2000,2001
+./FAQ						X	2000,2001,2005
 ./Makefile.in					MAKE	1998,1999,2000,2001,2002,2004
-./README					X	1999,2000,2001
+./README					X	1999,2000,2001,2005
 ./acconfig.h					C	1999,2000,2001,2002,2003,2004,2005
 ./aclocal.m4					X	1999,2000,2001
 ./bin/.cvsignore				X	1999,2000,2001
@@ -145,9 +145,9 @@
 ./bin/named/update.c				C	1999,2000,2001,2002,2003,2004,2005
 ./bin/named/win32/include/named/ntservice.h	C	1999,2000,2001,2002,2003,2004
 ./bin/named/win32/include/named/os.h		C	1999,2000,2001,2002,2004
-./bin/named/win32/named.dsp			X	2001
+./bin/named/win32/named.dsp			X	2001,2005
 ./bin/named/win32/named.dsw			X	2001
-./bin/named/win32/named.mak			X	2001
+./bin/named/win32/named.mak			X	2001,2005
 ./bin/named/win32/ntservice.c			C	1999,2000,2001,2002,2004
 ./bin/named/win32/os.c				C	1999,2000,2001,2002,2004,2005
 ./bin/named/xfrout.c				C	1999,2000,2001,2002,2003,2004,2005
@@ -810,11 +810,11 @@
 ./bin/win32/BINDInstall/res/BINDInstall.rc2	X	2001
 ./bin/win32/BINDInstall/resource.h		X	2001
 ./config.guess					X	1999,2000,2001
-./config.h.in					X	1999,2000,2001
+./config.h.in					X	1999,2000,2001,2005
 ./config.h.win32				C	1999,2000,2001,2004
 ./config.sub					X	1999,2000,2001
 ./config.threads.in				X	2005
-./configure					X	1998,1999,2000,2001
+./configure					X	1998,1999,2000,2001,2005
 ./configure.in					SH	1998,1999,2000,2001,2002,2003,2004,2005
 ./conftools/perllib/dnsconf/DNSConf-macros.h	C	2000,2001,2004
 ./conftools/perllib/dnsconf/DNSConf.i		C	2000,2001,2004
@@ -1089,18 +1089,18 @@
 ./contrib/sdb/time/timedb.h			C	2000,2001,2004
 ./doc/.cvsignore				X	2000,2001
 ./doc/Makefile.in				MAKE	2000,2001,2004
-./doc/arm/.cvsignore				X	2000,2001
+./doc/arm/.cvsignore				X	2000,2001,2005
 ./doc/arm/Bv9ARM-book.xml			SGML	2000,2001,2002,2003,2004,2005
-./doc/arm/Bv9ARM.ch01.html			X	2000,2001
-./doc/arm/Bv9ARM.ch02.html			X	2000,2001
-./doc/arm/Bv9ARM.ch03.html			X	2000,2001
-./doc/arm/Bv9ARM.ch04.html			X	2000,2001
-./doc/arm/Bv9ARM.ch05.html			X	2000,2001
-./doc/arm/Bv9ARM.ch06.html			X	2000,2001
-./doc/arm/Bv9ARM.ch07.html			X	2000,2001
-./doc/arm/Bv9ARM.ch08.html			X	2000,2001
-./doc/arm/Bv9ARM.ch09.html			X	2000,2001
-./doc/arm/Bv9ARM.html				X	2000,2001
+./doc/arm/Bv9ARM.ch01.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch02.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch03.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch04.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch05.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch06.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch07.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch08.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.ch09.html			X	2000,2001,2005
+./doc/arm/Bv9ARM.html				X	2000,2001,2005
 ./doc/arm/Makefile.in				MAKE	2001,2002,2004,2005
 ./doc/arm/README-SGML				TXT.BRIEF	2000,2001,2004
 ./doc/arm/isc.color.gif				X	2000,2001
@@ -1142,7 +1142,7 @@
 ./doc/misc/ipv6					TXT.BRIEF	2000,2001,2004
 ./doc/misc/migration				TXT.BRIEF	2000,2001,2003,2004
 ./doc/misc/migration-4to9			TXT.BRIEF	2001,2004
-./doc/misc/options				X	2000,2001
+./doc/misc/options				X	2000,2001,2005
 ./doc/misc/rfc-compliance			TXT.BRIEF	2001,2004
 ./doc/misc/roadmap				TXT.BRIEF	2000,2001,2004
 ./doc/misc/sdb					TXT.BRIEF	2000,2001,2004
@@ -1181,176 +1181,176 @@
 ./lib/bind/api					X	2001
 ./lib/bind/bsd/.cvsignore			X	2001
 ./lib/bind/bsd/Makefile.in			MAKE	2001,2004
-./lib/bind/bsd/daemon.c				X	2001
-./lib/bind/bsd/ftruncate.c			X	2001
-./lib/bind/bsd/gettimeofday.c			X	2001
-./lib/bind/bsd/mktemp.c				X	2001
-./lib/bind/bsd/putenv.c				X	2001
-./lib/bind/bsd/readv.c				X	2001
-./lib/bind/bsd/setenv.c				X	2001
-./lib/bind/bsd/setitimer.c			X	2001
-./lib/bind/bsd/strcasecmp.c			X	2001
-./lib/bind/bsd/strdup.c				X	2001
-./lib/bind/bsd/strerror.c			X	2001
-./lib/bind/bsd/strpbrk.c			X	2001
-./lib/bind/bsd/strsep.c				X	2001
-./lib/bind/bsd/strtoul.c			X	2001
-./lib/bind/bsd/utimes.c				X	2001
-./lib/bind/bsd/writev.c				X	2001
+./lib/bind/bsd/daemon.c				X	2001,2005
+./lib/bind/bsd/ftruncate.c			X	2001,2005
+./lib/bind/bsd/gettimeofday.c			X	2001,2005
+./lib/bind/bsd/mktemp.c				X	2001,2005
+./lib/bind/bsd/putenv.c				X	2001,2005
+./lib/bind/bsd/readv.c				X	2001,2005
+./lib/bind/bsd/setenv.c				X	2001,2005
+./lib/bind/bsd/setitimer.c			X	2001,2005
+./lib/bind/bsd/strcasecmp.c			X	2001,2005
+./lib/bind/bsd/strdup.c				X	2001,2005
+./lib/bind/bsd/strerror.c			X	2001,2005
+./lib/bind/bsd/strpbrk.c			X	2001,2005
+./lib/bind/bsd/strsep.c				X	2001,2005
+./lib/bind/bsd/strtoul.c			X	2001,2005
+./lib/bind/bsd/utimes.c				X	2001,2005
+./lib/bind/bsd/writev.c				X	2001,2005
 ./lib/bind/config.h.in				X	2001
-./lib/bind/configure				X	2001
+./lib/bind/configure				X	2001,2005
 ./lib/bind/configure.in				SH	2001,2004,2005
 ./lib/bind/dst/.cvsignore			X	2001
 ./lib/bind/dst/Makefile.in			MAKE	2001,2004
-./lib/bind/dst/dst_api.c			X	2001
-./lib/bind/dst/dst_internal.h			X	2001
-./lib/bind/dst/hmac_link.c			X	2001
-./lib/bind/dst/md5.h				X	2001
-./lib/bind/dst/md5_dgst.c			X	2001
-./lib/bind/dst/md5_locl.h			X	2001
-./lib/bind/dst/support.c			X	2001
+./lib/bind/dst/dst_api.c			X	2001,2005
+./lib/bind/dst/dst_internal.h			X	2001,2005
+./lib/bind/dst/hmac_link.c			X	2001,2005
+./lib/bind/dst/md5.h				X	2001,2005
+./lib/bind/dst/md5_dgst.c			X	2001,2005
+./lib/bind/dst/md5_locl.h			X	2001,2005
+./lib/bind/dst/support.c			X	2001,2005
 ./lib/bind/include/.cvsignore			X	2001
 ./lib/bind/include/Makefile.in			MAKE	2001,2004
-./lib/bind/include/arpa/inet.h			X	2001
-./lib/bind/include/arpa/nameser.h		X	2001
-./lib/bind/include/arpa/nameser_compat.h	X	2001
-./lib/bind/include/fd_setsize.h			X	2001
-./lib/bind/include/hesiod.h			X	2001
-./lib/bind/include/irp.h			X	2001
-./lib/bind/include/irs.h			X	2001
-./lib/bind/include/isc/assertions.h		X	2001
-./lib/bind/include/isc/ctl.h			X	2001
-./lib/bind/include/isc/dst.h			X	2001
-./lib/bind/include/isc/eventlib.h		X	2001
-./lib/bind/include/isc/heap.h			X	2001
-./lib/bind/include/isc/irpmarshall.h		X	2001
-./lib/bind/include/isc/list.h			X	2001
-./lib/bind/include/isc/logging.h		X	2001
-./lib/bind/include/isc/memcluster.h		X	2001
-./lib/bind/include/isc/misc.h			X	2001
-./lib/bind/include/isc/tree.h			X	2001
-./lib/bind/include/netdb.h			X	2001
-./lib/bind/include/netgroup.h			X	2001
-./lib/bind/include/res_update.h			X	2001
-./lib/bind/include/resolv.h			X	2001
+./lib/bind/include/arpa/inet.h			X	2001,2005
+./lib/bind/include/arpa/nameser.h		X	2001,2005
+./lib/bind/include/arpa/nameser_compat.h	X	2001,2005
+./lib/bind/include/fd_setsize.h			X	2001,2005
+./lib/bind/include/hesiod.h			X	2001,2005
+./lib/bind/include/irp.h			X	2001,2005
+./lib/bind/include/irs.h			X	2001,2005
+./lib/bind/include/isc/assertions.h		X	2001,2005
+./lib/bind/include/isc/ctl.h			X	2001,2005
+./lib/bind/include/isc/dst.h			X	2001,2005
+./lib/bind/include/isc/eventlib.h		X	2001,2005
+./lib/bind/include/isc/heap.h			X	2001,2005
+./lib/bind/include/isc/irpmarshall.h		X	2001,2005
+./lib/bind/include/isc/list.h			X	2001,2005
+./lib/bind/include/isc/logging.h		X	2001,2005
+./lib/bind/include/isc/memcluster.h		X	2001,2005
+./lib/bind/include/isc/misc.h			X	2001,2005
+./lib/bind/include/isc/tree.h			X	2001,2005
+./lib/bind/include/netdb.h			X	2001,2005
+./lib/bind/include/netgroup.h			X	2001,2005
+./lib/bind/include/res_update.h			X	2001,2005
+./lib/bind/include/resolv.h			X	2001,2005
 ./lib/bind/inet/.cvsignore			X	2001
 ./lib/bind/inet/Makefile.in			MAKE	2001,2004
-./lib/bind/inet/inet_addr.c			X	2001
-./lib/bind/inet/inet_cidr_ntop.c		X	2001
-./lib/bind/inet/inet_cidr_pton.c		X	2001
-./lib/bind/inet/inet_data.c			X	2001
-./lib/bind/inet/inet_lnaof.c			X	2001
-./lib/bind/inet/inet_makeaddr.c			X	2001
-./lib/bind/inet/inet_net_ntop.c			X	2001
-./lib/bind/inet/inet_net_pton.c			X	2001
-./lib/bind/inet/inet_neta.c			X	2001
-./lib/bind/inet/inet_netof.c			X	2001
-./lib/bind/inet/inet_network.c			X	2001
-./lib/bind/inet/inet_ntoa.c			X	2001
-./lib/bind/inet/inet_ntop.c			X	2001
-./lib/bind/inet/inet_pton.c			X	2001
-./lib/bind/inet/nsap_addr.c			X	2001
+./lib/bind/inet/inet_addr.c			X	2001,2005
+./lib/bind/inet/inet_cidr_ntop.c		X	2001,2005
+./lib/bind/inet/inet_cidr_pton.c		X	2001,2005
+./lib/bind/inet/inet_data.c			X	2001,2005
+./lib/bind/inet/inet_lnaof.c			X	2001,2005
+./lib/bind/inet/inet_makeaddr.c			X	2001,2005
+./lib/bind/inet/inet_net_ntop.c			X	2001,2005
+./lib/bind/inet/inet_net_pton.c			X	2001,2005
+./lib/bind/inet/inet_neta.c			X	2001,2005
+./lib/bind/inet/inet_netof.c			X	2001,2005
+./lib/bind/inet/inet_network.c			X	2001,2005
+./lib/bind/inet/inet_ntoa.c			X	2001,2005
+./lib/bind/inet/inet_ntop.c			X	2001,2005
+./lib/bind/inet/inet_pton.c			X	2001,2005
+./lib/bind/inet/nsap_addr.c			X	2001,2005
 ./lib/bind/irs/.cvsignore			X	2001
 ./lib/bind/irs/Makefile.in			MAKE	2001,2004
-./lib/bind/irs/dns.c				X	2001
-./lib/bind/irs/dns_gr.c				X	2001
-./lib/bind/irs/dns_ho.c				X	2001
-./lib/bind/irs/dns_nw.c				X	2001
-./lib/bind/irs/dns_p.h				X	2001
-./lib/bind/irs/dns_pr.c				X	2001
-./lib/bind/irs/dns_pw.c				X	2001
-./lib/bind/irs/dns_sv.c				X	2001
-./lib/bind/irs/gai_strerror.c			X	2001
-./lib/bind/irs/gen.c				X	2001
-./lib/bind/irs/gen_gr.c				X	2001
-./lib/bind/irs/gen_ho.c				X	2001
-./lib/bind/irs/gen_ng.c				X	2001
-./lib/bind/irs/gen_nw.c				X	2001
-./lib/bind/irs/gen_p.h				X	2001
-./lib/bind/irs/gen_pr.c				X	2001
-./lib/bind/irs/gen_pw.c				X	2001
-./lib/bind/irs/gen_sv.c				X	2001
-./lib/bind/irs/getaddrinfo.c			X	2001
-./lib/bind/irs/getgrent.c			X	2001
-./lib/bind/irs/getgrent_r.c			X	2001
-./lib/bind/irs/gethostent.c			X	2001
-./lib/bind/irs/gethostent_r.c			X	2001
-./lib/bind/irs/getnameinfo.c			X	2001
-./lib/bind/irs/getnetent.c			X	2001
-./lib/bind/irs/getnetent_r.c			X	2001
-./lib/bind/irs/getnetgrent.c			X	2001
-./lib/bind/irs/getnetgrent_r.c			X	2001
-./lib/bind/irs/getprotoent.c			X	2001
-./lib/bind/irs/getprotoent_r.c			X	2001
-./lib/bind/irs/getpwent.c			X	2001
-./lib/bind/irs/getpwent_r.c			X	2001
-./lib/bind/irs/getservent.c			X	2001
-./lib/bind/irs/getservent_r.c			X	2001
-./lib/bind/irs/hesiod.c				X	2001
-./lib/bind/irs/hesiod_p.h			X	2001
-./lib/bind/irs/irp.c				X	2001
-./lib/bind/irs/irp_gr.c				X	2001
-./lib/bind/irs/irp_ho.c				X	2001
-./lib/bind/irs/irp_ng.c				X	2001
-./lib/bind/irs/irp_nw.c				X	2001
-./lib/bind/irs/irp_p.h				X	2001
-./lib/bind/irs/irp_pr.c				X	2001
-./lib/bind/irs/irp_pw.c				X	2001
-./lib/bind/irs/irp_sv.c				X	2001
-./lib/bind/irs/irpmarshall.c			X	2001
-./lib/bind/irs/irs_data.c			X	2001
-./lib/bind/irs/irs_data.h			X	2001
-./lib/bind/irs/irs_p.h				X	2001
-./lib/bind/irs/lcl.c				X	2001
-./lib/bind/irs/lcl_gr.c				X	2001
-./lib/bind/irs/lcl_ho.c				X	2001
-./lib/bind/irs/lcl_ng.c				X	2001
-./lib/bind/irs/lcl_nw.c				X	2001
-./lib/bind/irs/lcl_p.h				X	2001
-./lib/bind/irs/lcl_pr.c				X	2001
-./lib/bind/irs/lcl_pw.c				X	2001
-./lib/bind/irs/lcl_sv.c				X	2001
-./lib/bind/irs/nis.c				X	2001
-./lib/bind/irs/nis_gr.c				X	2001
-./lib/bind/irs/nis_ho.c				X	2001
-./lib/bind/irs/nis_ng.c				X	2001
-./lib/bind/irs/nis_nw.c				X	2001
-./lib/bind/irs/nis_p.h				X	2001
-./lib/bind/irs/nis_pr.c				X	2001
-./lib/bind/irs/nis_pw.c				X	2001
-./lib/bind/irs/nis_sv.c				X	2001
-./lib/bind/irs/nul_ng.c				X	2001
-./lib/bind/irs/pathnames.h			X	2001
-./lib/bind/irs/util.c				X	2001
+./lib/bind/irs/dns.c				X	2001,2005
+./lib/bind/irs/dns_gr.c				X	2001,2005
+./lib/bind/irs/dns_ho.c				X	2001,2005
+./lib/bind/irs/dns_nw.c				X	2001,2005
+./lib/bind/irs/dns_p.h				X	2001,2005
+./lib/bind/irs/dns_pr.c				X	2001,2005
+./lib/bind/irs/dns_pw.c				X	2001,2005
+./lib/bind/irs/dns_sv.c				X	2001,2005
+./lib/bind/irs/gai_strerror.c			X	2001,2005
+./lib/bind/irs/gen.c				X	2001,2005
+./lib/bind/irs/gen_gr.c				X	2001,2005
+./lib/bind/irs/gen_ho.c				X	2001,2005
+./lib/bind/irs/gen_ng.c				X	2001,2005
+./lib/bind/irs/gen_nw.c				X	2001,2005
+./lib/bind/irs/gen_p.h				X	2001,2005
+./lib/bind/irs/gen_pr.c				X	2001,2005
+./lib/bind/irs/gen_pw.c				X	2001,2005
+./lib/bind/irs/gen_sv.c				X	2001,2005
+./lib/bind/irs/getaddrinfo.c			X	2001,2005
+./lib/bind/irs/getgrent.c			X	2001,2005
+./lib/bind/irs/getgrent_r.c			X	2001,2005
+./lib/bind/irs/gethostent.c			X	2001,2005
+./lib/bind/irs/gethostent_r.c			X	2001,2005
+./lib/bind/irs/getnameinfo.c			X	2001,2005
+./lib/bind/irs/getnetent.c			X	2001,2005
+./lib/bind/irs/getnetent_r.c			X	2001,2005
+./lib/bind/irs/getnetgrent.c			X	2001,2005
+./lib/bind/irs/getnetgrent_r.c			X	2001,2005
+./lib/bind/irs/getprotoent.c			X	2001,2005
+./lib/bind/irs/getprotoent_r.c			X	2001,2005
+./lib/bind/irs/getpwent.c			X	2001,2005
+./lib/bind/irs/getpwent_r.c			X	2001,2005
+./lib/bind/irs/getservent.c			X	2001,2005
+./lib/bind/irs/getservent_r.c			X	2001,2005
+./lib/bind/irs/hesiod.c				X	2001,2005
+./lib/bind/irs/hesiod_p.h			X	2001,2005
+./lib/bind/irs/irp.c				X	2001,2005
+./lib/bind/irs/irp_gr.c				X	2001,2005
+./lib/bind/irs/irp_ho.c				X	2001,2005
+./lib/bind/irs/irp_ng.c				X	2001,2005
+./lib/bind/irs/irp_nw.c				X	2001,2005
+./lib/bind/irs/irp_p.h				X	2001,2005
+./lib/bind/irs/irp_pr.c				X	2001,2005
+./lib/bind/irs/irp_pw.c				X	2001,2005
+./lib/bind/irs/irp_sv.c				X	2001,2005
+./lib/bind/irs/irpmarshall.c			X	2001,2005
+./lib/bind/irs/irs_data.c			X	2001,2005
+./lib/bind/irs/irs_data.h			X	2001,2005
+./lib/bind/irs/irs_p.h				X	2001,2005
+./lib/bind/irs/lcl.c				X	2001,2005
+./lib/bind/irs/lcl_gr.c				X	2001,2005
+./lib/bind/irs/lcl_ho.c				X	2001,2005
+./lib/bind/irs/lcl_ng.c				X	2001,2005
+./lib/bind/irs/lcl_nw.c				X	2001,2005
+./lib/bind/irs/lcl_p.h				X	2001,2005
+./lib/bind/irs/lcl_pr.c				X	2001,2005
+./lib/bind/irs/lcl_pw.c				X	2001,2005
+./lib/bind/irs/lcl_sv.c				X	2001,2005
+./lib/bind/irs/nis.c				X	2001,2005
+./lib/bind/irs/nis_gr.c				X	2001,2005
+./lib/bind/irs/nis_ho.c				X	2001,2005
+./lib/bind/irs/nis_ng.c				X	2001,2005
+./lib/bind/irs/nis_nw.c				X	2001,2005
+./lib/bind/irs/nis_p.h				X	2001,2005
+./lib/bind/irs/nis_pr.c				X	2001,2005
+./lib/bind/irs/nis_pw.c				X	2001,2005
+./lib/bind/irs/nis_sv.c				X	2001,2005
+./lib/bind/irs/nul_ng.c				X	2001,2005
+./lib/bind/irs/pathnames.h			X	2001,2005
+./lib/bind/irs/util.c				X	2001,2005
 ./lib/bind/isc/.cvsignore			X	2001
 ./lib/bind/isc/Makefile.in			MAKE	2001,2004
-./lib/bind/isc/assertions.c			X	2001
+./lib/bind/isc/assertions.c			X	2001,2005
 ./lib/bind/isc/assertions.mdoc			X	2001
-./lib/bind/isc/base64.c				X	2001
-./lib/bind/isc/bitncmp.c			X	2001
+./lib/bind/isc/base64.c				X	2001,2005
+./lib/bind/isc/bitncmp.c			X	2001,2005
 ./lib/bind/isc/bitncmp.mdoc			X	2001
-./lib/bind/isc/ctl_clnt.c			X	2001
-./lib/bind/isc/ctl_p.c				X	2001
-./lib/bind/isc/ctl_p.h				X	2001
-./lib/bind/isc/ctl_srvr.c			X	2001
-./lib/bind/isc/ev_connects.c			X	2001
-./lib/bind/isc/ev_files.c			X	2001
-./lib/bind/isc/ev_streams.c			X	2001
-./lib/bind/isc/ev_timers.c			X	2001
-./lib/bind/isc/ev_waits.c			X	2001
-./lib/bind/isc/eventlib.c			X	2001
+./lib/bind/isc/ctl_clnt.c			X	2001,2005
+./lib/bind/isc/ctl_p.c				X	2001,2005
+./lib/bind/isc/ctl_p.h				X	2001,2005
+./lib/bind/isc/ctl_srvr.c			X	2001,2005
+./lib/bind/isc/ev_connects.c			X	2001,2005
+./lib/bind/isc/ev_files.c			X	2001,2005
+./lib/bind/isc/ev_streams.c			X	2001,2005
+./lib/bind/isc/ev_timers.c			X	2001,2005
+./lib/bind/isc/ev_waits.c			X	2001,2005
+./lib/bind/isc/eventlib.c			X	2001,2005
 ./lib/bind/isc/eventlib.mdoc			X	2001
-./lib/bind/isc/eventlib_p.h			X	2001
-./lib/bind/isc/heap.c				X	2001
+./lib/bind/isc/eventlib_p.h			X	2001,2005
+./lib/bind/isc/heap.c				X	2001,2005
 ./lib/bind/isc/heap.mdoc			X	2001
-./lib/bind/isc/hex.c				X	2001
-./lib/bind/isc/logging.c			X	2001
+./lib/bind/isc/hex.c				X	2001,2005
+./lib/bind/isc/logging.c			X	2001,2005
 ./lib/bind/isc/logging.mdoc			X	2001
-./lib/bind/isc/logging_p.h			X	2001
-./lib/bind/isc/memcluster.c			X	2001
+./lib/bind/isc/logging_p.h			X	2001,2005
+./lib/bind/isc/memcluster.c			X	2001,2005
 ./lib/bind/isc/memcluster.mdoc			X	2001
-./lib/bind/isc/movefile.c			X	2001
-./lib/bind/isc/tree.c				X	2001
+./lib/bind/isc/movefile.c			X	2001,2005
+./lib/bind/isc/tree.c				X	2001,2005
 ./lib/bind/isc/tree.mdoc			X	2001
 ./lib/bind/make/.cvsignore			X	2001
 ./lib/bind/make/includes.in			MAKE	2001,2004
@@ -1359,15 +1359,15 @@
 ./lib/bind/mkinstalldirs			X	2001
 ./lib/bind/nameser/.cvsignore			X	2001
 ./lib/bind/nameser/Makefile.in			MAKE	2001,2004
-./lib/bind/nameser/ns_date.c			X	2001
-./lib/bind/nameser/ns_name.c			X	2001
-./lib/bind/nameser/ns_netint.c			X	2001
-./lib/bind/nameser/ns_parse.c			X	2001
-./lib/bind/nameser/ns_print.c			X	2001
-./lib/bind/nameser/ns_samedomain.c		X	2001
-./lib/bind/nameser/ns_sign.c			X	2001
-./lib/bind/nameser/ns_ttl.c			X	2001
-./lib/bind/nameser/ns_verify.c			X	2001
+./lib/bind/nameser/ns_date.c			X	2001,2005
+./lib/bind/nameser/ns_name.c			X	2001,2005
+./lib/bind/nameser/ns_netint.c			X	2001,2005
+./lib/bind/nameser/ns_parse.c			X	2001,2005
+./lib/bind/nameser/ns_print.c			X	2001,2005
+./lib/bind/nameser/ns_samedomain.c		X	2001,2005
+./lib/bind/nameser/ns_sign.c			X	2001,2005
+./lib/bind/nameser/ns_ttl.c			X	2001,2005
+./lib/bind/nameser/ns_verify.c			X	2001,2005
 ./lib/bind/port/.cvsignore			X	2001
 ./lib/bind/port/Makefile.in			MAKE	2001,2004
 ./lib/bind/port/aix32/.cvsignore		X	2001
@@ -1573,25 +1573,25 @@
 ./lib/bind/port/unknown/Makefile.in		MAKE	2001,2004
 ./lib/bind/port/unknown/include/.cvsignore	X	2001
 ./lib/bind/port/unknown/include/Makefile.in	MAKE	2001,2004,2005
-./lib/bind/port_after.h.in			X	2001
-./lib/bind/port_before.h.in			X	2001
+./lib/bind/port_after.h.in			X	2001,2005
+./lib/bind/port_before.h.in			X	2001,2005
 ./lib/bind/resolv/.cvsignore			X	2001
 ./lib/bind/resolv/Makefile.in			MAKE	2001,2004
-./lib/bind/resolv/herror.c			X	2001
-./lib/bind/resolv/res_comp.c			X	2001
-./lib/bind/resolv/res_data.c			X	2001
-./lib/bind/resolv/res_debug.c			X	2001
-./lib/bind/resolv/res_debug.h			X	2001
-./lib/bind/resolv/res_findzonecut.c		X	2001
-./lib/bind/resolv/res_init.c			X	2001
-./lib/bind/resolv/res_mkquery.c			X	2001
-./lib/bind/resolv/res_mkupdate.c		X	2001
-./lib/bind/resolv/res_mkupdate.h		X	2001
-./lib/bind/resolv/res_private.h			X	2001
-./lib/bind/resolv/res_query.c			X	2001
-./lib/bind/resolv/res_send.c			X	2001
-./lib/bind/resolv/res_sendsigned.c		X	2001
-./lib/bind/resolv/res_update.c			X	2001
+./lib/bind/resolv/herror.c			X	2001,2005
+./lib/bind/resolv/res_comp.c			X	2001,2005
+./lib/bind/resolv/res_data.c			X	2001,2005
+./lib/bind/resolv/res_debug.c			X	2001,2005
+./lib/bind/resolv/res_debug.h			X	2001,2005
+./lib/bind/resolv/res_findzonecut.c		X	2001,2005
+./lib/bind/resolv/res_init.c			X	2001,2005
+./lib/bind/resolv/res_mkquery.c			X	2001,2005
+./lib/bind/resolv/res_mkupdate.c		X	2001,2005
+./lib/bind/resolv/res_mkupdate.h		X	2001,2005
+./lib/bind/resolv/res_private.h			X	2001,2005
+./lib/bind/resolv/res_query.c			X	2001,2005
+./lib/bind/resolv/res_send.c			X	2001,2005
+./lib/bind/resolv/res_sendsigned.c		X	2001,2005
+./lib/bind/resolv/res_update.c			X	2001,2005
 ./lib/bind9/.cvsignore				X	2001
 ./lib/bind9/Makefile.in				MAKE	2001,2004
 ./lib/bind9/api					X	2001
@@ -1873,10 +1873,10 @@
 ./lib/dns/win32/gen.dsp				X	2001
 ./lib/dns/win32/gen.dsw				X	2001
 ./lib/dns/win32/gen.mak				X	2001
-./lib/dns/win32/libdns.def			X	2001
-./lib/dns/win32/libdns.dsp			X	2001
+./lib/dns/win32/libdns.def			X	2001,2005
+./lib/dns/win32/libdns.dsp			X	2001,2005
 ./lib/dns/win32/libdns.dsw			X	2001
-./lib/dns/win32/libdns.mak			X	2001
+./lib/dns/win32/libdns.mak			X	2001,2005
 ./lib/dns/win32/version.c			C	1998,1999,2000,2001,2004
 ./lib/dns/xfrin.c				C	1999,2000,2001,2002,2003,2004,2005
 ./lib/dns/zone.c				C	1999,2000,2001,2002,2003,2004,2005
@@ -2108,7 +2108,7 @@
 ./lib/isc/win32/interfaceiter.c			C	1999,2000,2001,2004
 ./lib/isc/win32/ipv6.c				C	1999,2000,2001,2004
 ./lib/isc/win32/keyboard.c			C	2000,2001,2004
-./lib/isc/win32/libisc.def			X	2001
+./lib/isc/win32/libisc.def			X	2001,2005
 ./lib/isc/win32/libisc.dsp			X	2001
 ./lib/isc/win32/libisc.dsw			X	2001
 ./lib/isc/win32/libisc.mak			X	2001
@@ -2184,10 +2184,10 @@
 ./lib/isccfg/parser.c				C	2000,2001,2002,2003,2004,2005
 ./lib/isccfg/version.c				C	1998,1999,2000,2001,2004,2005
 ./lib/isccfg/win32/DLLMain.c			C	2001,2004
-./lib/isccfg/win32/libisccfg.def		X	2001
-./lib/isccfg/win32/libisccfg.dsp		X	2001
+./lib/isccfg/win32/libisccfg.def		X	2001,2005
+./lib/isccfg/win32/libisccfg.dsp		X	2001,2005
 ./lib/isccfg/win32/libisccfg.dsw		X	2001
-./lib/isccfg/win32/libisccfg.mak		X	2001
+./lib/isccfg/win32/libisccfg.mak		X	2001,2005
 ./lib/isccfg/win32/version.c			C	1998,1999,2000,2001,2004
 ./lib/lwres/.cvsignore				X	2000,2001
 ./lib/lwres/Makefile.in				MAKE	2000,2001,2004
@@ -2345,7 +2345,7 @@
 ./util/check-instincludes.sh			SH	2000,2001,2004
 ./util/check-pullups.pl				PERL	2001,2002,2003,2004
 ./util/check-sources.pl				PERL	2000,2001,2004
-./util/copyrights				X	1999,2000,2001
+./util/copyrights				X	1999,2000,2001,2005
 ./util/kit.sh					SH	2000,2001,2002,2003,2004
 ./util/mandoc2docbook.pl			PERL	2001,2004
 ./util/mdnbuildtest.sh				SH	2000,2001,2004

From baf62093eb60684ad8514d56ac300a8030d8e501 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter 
Date: Sat, 14 May 2005 22:11:56 +0000
Subject: [PATCH 009/148] extended string API from rt11733

---
 lib/isc/include/isc/string.h | 148 ++++++++++++++++++++++++++++++++++-
 lib/isc/string.c             | 111 +++++++++++++++++++++++++-
 2 files changed, 257 insertions(+), 2 deletions(-)

diff --git a/lib/isc/include/isc/string.h b/lib/isc/include/isc/string.h
index d3899aac75..5cc9d82e5c 100644
--- a/lib/isc/include/isc/string.h
+++ b/lib/isc/include/isc/string.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: string.h,v 1.14 2005/04/29 00:23:45 marka Exp $ */
+/* $Id: string.h,v 1.15 2005/05/14 22:11:56 jakob Exp $ */
 
 #ifndef ISC_STRING_H
 #define ISC_STRING_H 1
@@ -27,6 +27,9 @@
 #include 
 #include 
 #include 
+#include 
+
+#define ISC_STRING_MAGIC 0x5e
 
 ISC_LANG_BEGINDECLS
 
@@ -45,6 +48,149 @@ isc_string_touint64(char *source, char **endp, int base);
  * On error 'endp' points to 'source'.
  */
 
+isc_result_t
+isc_string_copy(char *target, size_t size, const char *source);
+/*
+ * Copy the string pointed to by 'source' to 'target' which is a
+ * pointer to a string of at least 'size' bytes.
+ *
+ * Requires:
+ *	'target' is a pointer to a char[] of at least 'size' bytes.
+ *	'size' an integer > 0.
+ *	'source' == NULL or points to a NUL terminated string.
+ *
+ * Ensures:
+ *	If result == ISC_R_SUCCESS
+ *		'target' will be a NUL terminated string of no more
+ *		than 'size' bytes (including NUL).
+ *
+ *	If result == ISC_R_NOSPACE
+ *		'target' is undefined.
+ *
+ * Returns:
+ *	ISC_R_SUCCESS  -- 'source' was successfully copied to 'target'.
+ *	ISC_R_NOSPACE  -- 'source' could not be copied since 'target'
+ *	                  is too small.
+ */
+
+void
+isc_string_copy_truncate(char *target, size_t size, const char *source);
+/*
+ * Copy the string pointed to by 'source' to 'target' which is a
+ * pointer to a string of at least 'size' bytes.
+ *
+ * Requires:
+ *	'target' is a pointer to a char[] of at least 'size' bytes.
+ *	'size' an integer > 0.
+ *	'source' == NULL or points to a NUL terminated string.
+ *
+ * Ensures:
+ *	'target' will be a NUL terminated string of no more
+ *	than 'size' bytes (including NUL).
+ */
+
+isc_result_t
+isc_string_append(char *target, size_t size, const char *source);
+/*
+ * Append the string pointed to by 'source' to 'target' which is a
+ * pointer to a NUL terminated string of at least 'size' bytes.
+ *
+ * Requires:
+ *	'target' is a pointer to a NUL terminated char[] of at
+ *	least 'size' bytes.
+ *	'size' an integer > 0.
+ *	'source' == NULL or points to a NUL terminated string.
+ *
+ * Ensures:
+ *	If result == ISC_R_SUCCESS
+ *		'target' will be a NUL terminated string of no more
+ *		than 'size' bytes (including NUL).
+ *
+ *	If result == ISC_R_NOSPACE
+ *		'target' is undefined.
+ *
+ * Returns:
+ *	ISC_R_SUCCESS  -- 'source' was successfully appended to 'target'.
+ *	ISC_R_NOSPACE  -- 'source' could not be appended since 'target'
+ *	                  is too small.
+ */
+
+void
+isc_string_append_truncate(char *target, size_t size, const char *source);
+/*
+ * Append the string pointed to by 'source' to 'target' which is a
+ * pointer to a NUL terminated string of at least 'size' bytes.
+ *
+ * Requires:
+ *	'target' is a pointer to a NUL terminated char[] of at
+ *	least 'size' bytes.
+ *	'size' an integer > 0.
+ *	'source' == NULL or points to a NUL terminated string.
+ *
+ * Ensures:
+ *	'target' will be a NUL terminated string of no more
+ *	than 'size' bytes (including NUL).
+ */
+
+isc_result_t
+isc_string_printf(char *target, size_t size, const char *format, ...);
+/*
+ * Print 'format' to 'target' which is a pointer to a string of at least
+ * 'size' bytes.
+ *
+ * Requires:
+ *	'target' is a pointer to a char[] of at least 'size' bytes.
+ *	'size' an integer > 0.
+ *	'format' == NULL or points to a NUL terminated string.
+ *
+ * Ensures:
+ *	If result == ISC_R_SUCCESS
+ *		'target' will be a NUL terminated string of no more
+ *		than 'size' bytes (including NUL).
+ *
+ *	If result == ISC_R_NOSPACE
+ *		'target' is undefined.
+ *
+ * Returns:
+ *	ISC_R_SUCCESS  -- 'format' was successfully printed to 'target'.
+ *	ISC_R_NOSPACE  -- 'format' could not be printed to 'target' since it
+ *	                  is too small.
+ */
+
+void
+isc_string_printf_truncate(char *target, size_t size, const char *format, ...);
+/*
+ * Print 'format' to 'target' which is a pointer to a string of at least
+ * 'size' bytes.
+ *
+ * Requires:
+ *	'target' is a pointer to a char[] of at least 'size' bytes.
+ *	'size' an integer > 0.
+ *	'format' == NULL or points to a NUL terminated string.
+ *
+ * Ensures:
+ *	'target' will be a NUL terminated string of no more
+ *	than 'size' bytes (including NUL).
+ */
+
+
+char *
+isc_string_regiondup(isc_mem_t *mctx, const isc_region_t *source);
+/*
+ * Copy the region pointed to by r to a NUL terminated string
+ * allocated from the memory context pointed to by mctx.
+ *
+ * The result should be deallocated using isc_mem_free()
+ *
+ * Requires:
+ *	'mctx' is a point to a valid memory context.
+ *	'source' is a pointer to a valid region.
+ *
+ * Returns:
+ *	a pointer to a NUL terminated string or
+ *	NULL if memory for the copy could not be allocated
+ *
+ */
 
 char *
 isc_string_separate(char **stringp, const char *delim);
diff --git a/lib/isc/string.c b/lib/isc/string.c
index fdf9916a62..c8f760e1fc 100644
--- a/lib/isc/string.c
+++ b/lib/isc/string.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: string.c,v 1.13 2005/04/29 00:23:31 marka Exp $ */
+/* $Id: string.c,v 1.14 2005/05/14 22:11:56 jakob Exp $ */
 
 /*! \file */
 
@@ -23,7 +23,10 @@
 
 #include 
 
+#include 
+#include 
 #include 
+#include 
 
 static char digits[] = "0123456789abcdefghijklmnoprstuvwxyz";
 
@@ -91,6 +94,112 @@ isc_string_touint64(char *source, char **end, int base) {
 	return (tmp);
 }
 
+isc_result_t
+isc_string_copy(char *target, size_t size, const char *source)
+{
+	REQUIRE(size > 0);
+
+	if (strlcpy(target, source, size) >= size) {
+		memset(target, ISC_STRING_MAGIC, size);
+		return (ISC_R_NOSPACE);
+	}
+
+	ENSURE(strlen(target) < size);
+
+	return (ISC_R_SUCCESS);
+}
+
+void
+isc_string_copy_truncate(char *target, size_t size, const char *source)
+{
+	REQUIRE(size > 0);
+
+	strlcpy(target, source, size);
+
+	ENSURE(strlen(target) < size);
+}
+
+isc_result_t
+isc_string_append(char *target, size_t size, const char *source)
+{
+	REQUIRE(size > 0);
+	REQUIRE(strlen(target) < size);
+
+	if (strlcat(target, source, size) >= size) {
+		memset(target, ISC_STRING_MAGIC, size);
+		return (ISC_R_NOSPACE);
+	}
+
+	ENSURE(strlen(target) < size);
+
+	return (ISC_R_SUCCESS);
+}
+
+void
+isc_string_append_truncate(char *target, size_t size, const char *source)
+{
+	REQUIRE(size > 0);
+	REQUIRE(strlen(target) < size);
+
+	strlcat(target, source, size);
+
+	ENSURE(strlen(target) < size);
+}
+
+isc_result_t
+isc_string_printf(char *target, size_t size, const char *format, ...)
+{
+	va_list args;
+	size_t n;
+
+	REQUIRE(size > 0);
+
+	va_start(args, format);
+	n = vsnprintf(target, size, format, args);
+	va_end(args);
+
+	if (n >= size) {
+		memset(target, ISC_STRING_MAGIC, size);
+		return (ISC_R_NOSPACE);
+	}
+
+	ENSURE(strlen(target) < size);
+
+	return (ISC_R_SUCCESS);
+}
+
+void
+isc_string_printf_truncate(char *target, size_t size, const char *format, ...)
+{
+	va_list args;
+	size_t n;
+
+	REQUIRE(size > 0);
+
+	va_start(args, format);
+	n = vsnprintf(target, size, format, args);
+	va_end(args);
+
+	ENSURE(strlen(target) < size);
+}
+
+char *
+isc_string_regiondup(isc_mem_t *mctx, const isc_region_t *source)
+{
+	char *target;
+
+	REQUIRE(mctx != NULL);
+	REQUIRE(source != NULL);
+
+	target = (char *) isc_mem_allocate(mctx, source->length + 1);
+	if (target != NULL) {
+		memcpy(source->base, target, source->length);
+		target[source->length] = '\0';
+	}
+
+	return (target);
+}
+
 char *
 isc_string_separate(char **stringp, const char *delim) {
 	char *string = *stringp;

From b2e221a37027fd6b909894451a29366162c91d7e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 15 May 2005 23:48:12 +0000
Subject: [PATCH 010/148] comment out debugging prints

---
 util/update_copyrights | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/util/update_copyrights b/util/update_copyrights
index 88f41f564f..d009fae1db 100644
--- a/util/update_copyrights
+++ b/util/update_copyrights
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_copyrights,v 1.39 2005/05/13 01:06:30 marka Exp $
+# $Id: update_copyrights,v 1.40 2005/05/15 23:48:12 marka Exp $
 
 require 5.002;
 
@@ -419,12 +419,12 @@ foreach $file (keys %file_types) {
                 $/ = "\n";
 
 		if ($type eq 'SGML' && m:.*?:s) {
-			print "docinfo: $file\n";
+			# print "docinfo: $file\n";
 			my $r = copyrights(@years);
 			s:.*?:\n$r  :s;
 		}
 		if ($type eq 'SGML' && m:.*?:s) {
-			print "bookinfo: $file\n";
+			# print "bookinfo: $file\n";
 			my $r = copyrights(@years);
 			s:.*?:\n$r  :s;
 		}

From 5caf67f913ac7c31cf92692c483901287ccfb04c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 15 May 2005 23:50:08 +0000
Subject: [PATCH 011/148] remove deleted files

---
 util/copyrights | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index 120ce21871..47a4fcb2be 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1103,11 +1103,7 @@
 ./doc/arm/Bv9ARM.html				X	2000,2001,2005
 ./doc/arm/Makefile.in				MAKE	2001,2002,2004,2005
 ./doc/arm/README-SGML				TXT.BRIEF	2000,2001,2004
-./doc/arm/isc.color.gif				X	2000,2001
 ./doc/arm/latex-fixup.pl			PERL	2005
-./doc/arm/nominum-docbook-html.dsl.in		X	2000,2001
-./doc/arm/nominum-docbook-print.dsl.in		X	2001
-./doc/arm/validate.sh.in			SH	2000,2001,2004
 ./doc/design/addressdb				TXT.BRIEF	2000,2001,2004
 ./doc/design/compression			TXT.BRIEF	1999,2000,2001,2004
 ./doc/design/database				TXT.BRIEF	1999,2000,2001,2004
@@ -1169,7 +1165,6 @@
 ./docutil/.cvsignore				X	2001
 ./docutil/HTML_COPYRIGHT			X	2001
 ./docutil/MAN_COPYRIGHT				X	2001
-./docutil/docbook2man-wrapper.sh.in		SH	2001,2002,2004
 ./install-sh					X	1999,2000,2001
 ./isc-config.sh.in				SH	2000,2001,2003,2004
 ./lib/.cvsignore				X	1999,2000,2001

From 63412f67091c3fda01738d8354fbb9f2e087765d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 04:19:09 +0000
Subject: [PATCH 012/148] auto update

---
 doc/private/branches | 442 ++++++++++++++++++++++++++++++++++++-------
 1 file changed, 371 insertions(+), 71 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 2c86c6ebba..622efa2c87 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -1,73 +1,373 @@
-Name		Status		Whom
-------------------------------------
-additional_cache review			(additional RRs caching for performance)
-rt8753		review			(support IPv6-scoped addr in dig)
-queryperf-v6	review			(IPv6 transport support for queryperf)
-compiled_zonefile open			(wire format zone file, under development)
+
+Branch				Status	Whom
+-------------------------------------------------------
+
+additional_cache		review		(additional RRs caching for performance)
+additional_cache_rt6496		new	
+avoid_gettimeofday		new	
+bind9-gss-tsig			new	
+bind9-gsstsig			new	
+compiled_zonefile		open		(wire format zone file, under development)
+da				new	
+delegation_only			new	
+dlz				new	
+ds				new	
+ds13				new	
+edns1				new	
+gsstsig2			new	
+jinmei-mmapzone-test		new	
+libbind_clean			open	jinmei
+mlg-20000518			new	
+newconfig			new	
+openssl_stub			open	marka
+optin				new	
+peter				private	peter	(hostname.bind for 9.2.x)
+queryperf-v6			review		(IPv6 transport support for queryperf)
+rdata_split			new	
+rt10038				new	
+rt10049				new	
+rt10105				new	
+rt10114				new	
+rt10115				new	
+rt10131				new	
+rt10147				new	
+rt10148				new	
+rt10150				new	
+rt10194				new	
+rt10202				new	
+rt10208				new	
+rt10221				new	
+rt10236				new	
+rt10272				new	
+rt10272a			new	
+rt10331				new	
+rt10345				new	
+rt10346				new	
+rt10381				new	
+rt10440				new	
+rt10440a			new	
+rt10452				new	
+rt10461				new	
+rt10497				new	
+rt10508				new	
+rt10565				new	
+rt10590				new	
+rt10642				new	
+rt10704				new	
+rt10764				new	
+rt10838				new	
+rt10847				new	
+rt10861				new	
+rt10864				new	
+rt10920				new	
+rt10925				new	
+rt10929				new	
+rt10991				new	
+rt11013				new	
+rt11065				new	
+rt11069				new	
+rt11069_v9_2			new	
+rt11101				new	
+rt11116				new	
+rt11117				new	
+rt11118				new	
+rt11119				new	
+rt11127				new	
+rt11132				new	
+rt11149				new	
+rt11156				new	
+rt11156_v9_2			new	
+rt11163				new	
+rt11163_1			new	
+rt11177				new	
+rt11179				new	
+rt11206				new	
+rt11208				new	
+rt11237				new	
+rt11280				new	
+rt11288				new	
+rt11331				new	
+rt113347			new	
+rt11360				new	
+rt11398				new	
+rt11398a			new	
+rt11398b			new	
+rt11398c			new	
+rt11432				new	
+rt11436				new	
+rt11439				new	
+rt11445				new	
+rt11446				new	
+rt11486				new	
+rt11541				new	
+rt11542				new	
+rt11543				new	
+rt11582				new	
+rt11595				new	
+rt11600				new	
+rt11681				new	
+rt11697				new	
+rt11706				new	
+rt11714				new	
+rt11733				new	
+rt11733b			new	
+rt11742				new	
+rt11943				new	
+rt12023				new	
+rt12024				new	
+rt12133				new	
+rt12154				new	
+rt12281				new	
+rt12286				new	
+rt12321				new	
+rt12321a			new	
+rt12321b			new	
+rt12322				new	
+rt12323				new	
+rt12327				new	
+rt12328				new	
+rt12352				new	
+rt12375				new	
+rt12376				new	
+rt12404				new	
+rt12410				new	
+rt12416				new	
+rt12467				new	
+rt12492				new	
+rt12493				new	
+rt12498				new	
+rt12505a			new	
+rt12505b			new	
+rt12519				new	
+rt12541				new	
+rt12557				new	
+rt12581				new	
+rt12634				new	
+rt12658				new	
+rt12695				new	
+rt12729				new	
+rt12729a			new	
+rt12745				new	
+rt12745a			new	
+rt12774				new	
+rt12788				new	
+rt12790				new	
+rt12810				new	
+rt12810a			new	
+rt12838				new	
+rt12866				new	
+rt12894				new	
+rt12907				new	
+rt12919				new	
+rt12933				new	
+rt12937				new	
+rt12942				new	
+rt12970				new	
+rt12971				new	
+rt12995				new	
+rt13002				new	
+rt13009				new	
+rt13015				new	
+rt13016				new	
+rt13062				new	
+rt13077				new	
+rt13086				new	
+rt13101				new	
+rt13124				new	
+rt13153				new	
+rt13154				new	
+rt13205				new	
+rt13212				new	
+rt13219				new	
+rt13230				new	
+rt13238				new	
+rt13239				new	
+rt13378				new	
+rt13382				new	
+rt13396				new	
+rt13428				new	
+rt13438				new	
+rt13455				new	
+rt13463				new	
+rt13483				new	
+rt13489				new	
+rt13501				new	
+rt13505				new	
+rt13511				new	
+rt13526				new	
+rt13547				new	
+rt13555				new	
+rt13562				new	
+rt13587				new	
+rt13593				new	
+rt13593a			new	
+rt13597				new	
+rt13605				new	
+rt13606				new	
+rt13609				new	
+rt13620				new	
+rt13659				new	
+rt13662				new	
+rt13694				new	
+rt13707				new	
+rt13714				new	
+rt13745				new	
+rt13753				new	
+rt13754				new	
+rt13771				new	
+rt14616				new	
+rt14673				new	
+rt14686				new	
+rt14695				new	
+rt1471				new	
+rt1572a				new	
+rt288				new	
+rt3469				new	
+rt3517				new	
+rt3746				open	marka
+rt3746_lidl			new	
+rt4389				new	
+rt4404				new	
+rt4441				new	
+rt4706				new	
+rt4940				new	
+rt5066a				new	
+rt5182				new	
+rt5192				new	
+rt5204				new	
+rt5206_1			new	
+rt5228				new	
+rt5299				open	marka
+rt5318				new	
+rt5397				new	
+rt5456				review	explorer
+rt5528				new	
+rt5577				new	
+rt5586				new	
+rt5599				new	
+rt5746a				new	
+rt5764				new	
+rt6189				new	
+rt6206				new	
+rt6225				new	
+rt6229				new	
+rt6427				new	
+rt6432				new	
+rt6496				new	
+rt6496a				new	
+rt6539				review	???
+rt6636				new	
+rt6813				new	
+rt7391				new	
+rt8138				new	
+rt8358				new	
+rt8373				new	
+rt8534				new	
+rt8753				review		(support IPv6-scoped addr in dig)
+rt8934				new	
+rt9091				new	
+rt9099				new	
+rt9099x				new	
+rt9164				new	
+rt9189				new	
+rt9239				new	
+rt9239_base			new	
+rt9319				new	
+rt9341				new	
+rt9442				new	
+rt9475				new	
+rt9479				new	
+rt9479_v9_2			new	
+rt9940				new	
+rt9941				new	
+rt9976				review	jakob
+rt9979				new	
+rt9989				new	
+rt9997				new	
+rt9997a				new	
+rt9998				new	
+skan				new	
+skan-metazones1			new	
+skan-tcr			new	
+skan-typecode-roll		new	
+skan-typecode-roll2		new	
+skan_implicit_update1		new	
+skan_stats1			new	
+stats_lidl			new	
+v6source			new	
+v9_0				new	
+v9_1				new	
+v9_1_1_base			new	
+v9_1_1_patch			new	
+v9_1_3_delegation_only		new	
+v9_1_3_do_base			new	
+v9_1_4_base			new	
+v9_2				new	
+v9_2_0_patch			new	
+v9_2_2_delegation_only		new	
+v9_2_2base			new	
+v9_2_4base			new	
+v9_3				new	
+v9_3_0base			new	
+v9_3_0beta2_dlv			new	
+v9_4				new	
+ws20030120			new	
+ws20030120_tcr			new	
+ws20030312_optin		new	
+ws20030312_tcr			new	
 
 
-rt6539		review		???
-libbind_clean	open		jinmei
-rt3746		open		marka
-v6source
-peter		private		peter		(hostname.bind for 9.2.x)
-openssl_stub	open		marka
-chroot		open		marka
-rt5299		open		marka
-rt5456		review		explorer
-rt9976		review		jakob
-
-a6_remove	closed
-adb_race	closed		explorer
-blabel-cleanup	closed
-chroot		closed
-ds_12		closed
-edns_size	closed
-ifiter_getifaddrs closed
-ipl		closed
-ipv6-improvements closed
-ipv6-scope	closed
-ipv6_6to4	closed
-ksk		closed
-marka_google	closed
-rt3445		closed
-rt3502		closed
-rt3507		closed		ogud (pull down by explorer)
-rt3536(ixfr)	closed
-rt3588		closed
-rt3598		closed		explorer
-rt3625		closed		explorer
-rt3653		closed
-rt3666		closed
-rt3892		closed		explorer
-rt3907		closed		explorer
-rt4090		closed		explorer
-rt4112		closed		explorer
-rt4268		closed
-rt4319		closed		explorer
-rt4347		closed
-rt4398		closed
-rt4425		closed
-rt4463		closed
-rt4663		closed
-rt4675		closed
-rt4687		closed
-rt4715		closed
-rt4764		closed
-rt4796		closed
-rt4802		closed
-rt4898		closed
-rt5033		closed
-rt5041		closed
-rt5042		closed
-rt5044		closed
-rt5066		closed
-rt5084		closed
-rt5099		closed
-rt5124		closed
-rt5127		closed
-slavefix	closed
-rt7572		closed
-rt10132		closed
-rt10133		closed
-rt10134		closed
+a6_remove			closed
+adb_race			closed
+blabel-cleanup			closed
+chroot				closed
+ds_12				closed
+edns_size			closed
+ifiter_getifaddrs		closed
+ipl				closed
+ipv6-improvements		closed
+ipv6-scope			closed
+ipv6_6to4			closed
+ksk				closed
+marka_google			closed
+rt10132				closed
+rt10133				closed
+rt10134				closed
+rt3445				closed
+rt3502				closed
+rt3507				closed		(pull down by explorer)
+rt3536				closed		(ixfr)
+rt3588				closed
+rt3598				closed
+rt3625				closed
+rt3653				closed
+rt3666				closed
+rt3892				closed
+rt3907				closed
+rt4090				closed
+rt4112				closed
+rt4268				closed
+rt4319				closed
+rt4347				closed
+rt4398				closed
+rt4425				closed
+rt4463				closed
+rt4663				closed
+rt4675				closed
+rt4687				closed
+rt4715				closed
+rt4764				closed
+rt4796				closed
+rt4802				closed
+rt4898				closed
+rt5033				closed
+rt5041				closed
+rt5042				closed
+rt5044				closed
+rt5066				closed
+rt5084				closed
+rt5099				closed
+rt5124				closed
+rt5127				closed
+rt7572				closed
+slavefix			closed

From d9b4174233b951f25cd53a2787b9f14314258c2f Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 04:21:29 +0000
Subject: [PATCH 013/148] Update doc/private/branches.

---
 util/update_branches | 135 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 util/update_branches

diff --git a/util/update_branches b/util/update_branches
new file mode 100644
index 0000000000..bb57e4fa04
--- /dev/null
+++ b/util/update_branches
@@ -0,0 +1,135 @@
+#!/usr/local/bin/perl -w
+#
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: update_branches,v 1.1 2005/05/16 04:21:29 marka Exp $
+
+%branches = ();
+%whom = ();
+%comments = ();
+
+#
+# load existing content
+#
+open(BRANCHES, ") {
+	chomp;
+	next if (/----------/);
+	next if (/Whom/);
+	$c = "";
+	if (m/\(.*\)/) {
+		$c = $_;
+		$c =~ s/.*(\(.*\)).*$/$1/;
+		s/\(.*\)//;
+	}
+	next if (/^\s*$/);
+	($branch, $status, $who) = split;
+	#$status = "new" if (!defined($status));
+	$branches{$branch} = $status;
+	#$who = "-" if (!defined($who));
+	$whom{$branch} = $who;
+	$comments{$branch} = $c;
+}
+close (BRANCHES);
+
+#
+# Search repository for new branches.
+#
+open(FILES, "find /proj/cvs/prod/bind9 -type f -name *,v -print |") || die "can't start find: $!";
+while () {
+	chomp;
+	# print "file: $_\n"; # debug
+	# $file = $_; # save for branch debug below.
+	open(FILE, "<$_") || die "can't open $_: $!";
+	while () {
+		chomp;
+		next unless m/^symbols$/;	# skip until we find the tags
+		while () {
+			chomp;
+			last if (m/^locks;/);	# we are past the tags
+			next unless m/\.0\.\d$/; # skip if not a branch
+			s/\s(.*):.*/$1/;	# extract label
+			if (!$branches{$_}) {
+				$branches{$_} = "new";
+				$whom{$_} =  "";
+				$comments{$_} =  "";
+				# print "branch: $_ $file\n"; # debug
+			}
+		}
+		last;
+	}
+	close(FILE);
+}
+close(FILES);
+
+#
+# Write out updated version.
+#
+open(BRANCHES, ">doc/private/newbranches") || die "can't open doc/private/branches: $!";
+print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\n";
+print BRANCHES "-------------------------------------------------------\n\n";
+foreach $key (sort keys %branches) {
+	next if ($branches{$key} eq "closed");
+	print BRANCHES "$key";
+	$len = length($key);
+	if ($len >= 32) {
+		$tabs = 1;
+	} else {
+		$needed = int (32 - $len);
+		$tabs = int ($needed / 8);
+		if ($needed % 8 != 0) {
+			$tabs++;
+		}
+	}
+	for ($i = 0; $i < $tabs; $i++) {
+		printf	BRANCHES "\t";
+	}
+	print BRANCHES "$branches{$key}\t";
+	print BRANCHES "$whom{$key}";
+	print BRANCHES "\t$comments{$key}" if ($comments{$key} ne "");
+	print BRANCHES "\n";
+}
+
+print BRANCHES "\n\n";
+
+foreach $key (sort keys %branches) {
+	next if ($branches{$key} ne "closed");
+	print BRANCHES "$key";
+	$len = length($key);
+	if ($len >= 32) {
+		$tabs = 1;
+	} else {
+		$needed = int (32 - $len);
+		$tabs = int ($needed / 8);
+		if ($needed % 8 != 0) {
+			$tabs++;
+		}
+	}
+	for ($i = 0; $i < $tabs; $i++) {
+		printf	BRANCHES "\t";
+	}
+	print BRANCHES "$branches{$key}";
+	print BRANCHES "\t\t$comments{$key}" if ($comments{$key} ne "");
+	print BRANCHES "\n";
+}
+close(BRANCHES);
+
+#
+# Update if changed.
+#
+if (system("cmp", "-s", "doc/private/newbranches", "doc/private/branches")) {
+	rename("doc/private/newbranches", "doc/private/branches") || die "Cannot rename: doc/private/newbranches -> doc/private/branches: $!";
+	system("cvs", "-d", "/proj/cvs/prod", "commit", "-m", "auto update", "doc/private/branches") || die "cvs commit failed: $!";
+}

From 648ba62b1f156cbca14d54d06c535385f1193d13 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 04:27:57 +0000
Subject: [PATCH 014/148] perform a initial cvs update

---
 util/update_branches | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index bb57e4fa04..b7009fc3cd 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,12 +14,14 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.1 2005/05/16 04:21:29 marka Exp $
+# $Id: update_branches,v 1.2 2005/05/16 04:27:57 marka Exp $
 
 %branches = ();
 %whom = ();
 %comments = ();
 
+!system("cvs", "-d", "/proj/cvs/prod", "update", "doc/private/branches") || die "cannot update doc/private/branches: $!";
+
 #
 # load existing content
 #
@@ -131,5 +133,5 @@ close(BRANCHES);
 #
 if (system("cmp", "-s", "doc/private/newbranches", "doc/private/branches")) {
 	rename("doc/private/newbranches", "doc/private/branches") || die "Cannot rename: doc/private/newbranches -> doc/private/branches: $!";
-	system("cvs", "-d", "/proj/cvs/prod", "commit", "-m", "auto update", "doc/private/branches") || die "cvs commit failed: $!";
+	!system("cvs", "-d", "/proj/cvs/prod", "commit", "-m", "auto update", "doc/private/branches") || die "cvs commit failed: $!";
 }

From f91671c7dc877a52adc06d0a7d0ed1c7f6391e6e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 04:28:59 +0000
Subject: [PATCH 015/148] tidy up

---
 util/update_branches | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/update_branches b/util/update_branches
index b7009fc3cd..320572cc71 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.2 2005/05/16 04:27:57 marka Exp $
+# $Id: update_branches,v 1.3 2005/05/16 04:28:59 marka Exp $
 
 %branches = ();
 %whom = ();
@@ -134,4 +134,6 @@ close(BRANCHES);
 if (system("cmp", "-s", "doc/private/newbranches", "doc/private/branches")) {
 	rename("doc/private/newbranches", "doc/private/branches") || die "Cannot rename: doc/private/newbranches -> doc/private/branches: $!";
 	!system("cvs", "-d", "/proj/cvs/prod", "commit", "-m", "auto update", "doc/private/branches") || die "cvs commit failed: $!";
+} else {
+	unlink("doc/private/newbranches");
 }

From b87095800b7a138748ffa25c19b8bcf5584afeba Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 04:49:22 +0000
Subject: [PATCH 016/148] mark some branches as closed

---
 doc/private/branches | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 622efa2c87..05e77f165f 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -25,22 +25,22 @@ peter				private	peter	(hostname.bind for 9.2.x)
 queryperf-v6			review		(IPv6 transport support for queryperf)
 rdata_split			new	
 rt10038				new	
-rt10049				new	
-rt10105				new	
-rt10114				new	
-rt10115				new	
-rt10131				new	
-rt10147				new	
-rt10148				new	
-rt10150				new	
-rt10194				new	
-rt10202				new	
-rt10208				new	
-rt10221				new	
-rt10236				new	
+rt10049				closed	
+rt10105				closed	
+rt10114				closed	
+rt10115				closed	
+rt10131				closed	
+rt10147				closed	
+rt10148				closed	
+rt10150				closed	
+rt10194				closed	
+rt10202				closed	
+rt10208				closed	
+rt10221				closed	
+rt10236				closed	
 rt10272				new	
 rt10272a			new	
-rt10331				new	
+rt10331				closed	
 rt10345				new	
 rt10346				new	
 rt10381				new	

From 0c39c31d56de215adbfffb27eb9d92898a60c156 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 05:00:57 +0000
Subject: [PATCH 017/148] mark branches as closed

---
 doc/private/branches | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 05e77f165f..9b0d3d7c43 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -41,18 +41,18 @@ rt10236				closed
 rt10272				new	
 rt10272a			new	
 rt10331				closed	
-rt10345				new	
-rt10346				new	
-rt10381				new	
+rt10345				closed	
+rt10346				closed	
+rt10381				closed	
 rt10440				new	
 rt10440a			new	
-rt10452				new	
-rt10461				new	
-rt10497				new	
-rt10508				new	
-rt10565				new	
-rt10590				new	
-rt10642				new	
+rt10452				closed	
+rt10461				closed	
+rt10497				closed	
+rt10508				closed	
+rt10565				closed	
+rt10590				closed	
+rt10642				closed	
 rt10704				new	
 rt10764				new	
 rt10838				new	
@@ -224,7 +224,7 @@ rt1572a				new
 rt288				new	
 rt3469				new	
 rt3517				new	
-rt3746				open	marka
+rt3746				closed	marka
 rt3746_lidl			new	
 rt4389				new	
 rt4404				new	

From 3bb84f19cb1b461b6502751d71b2c656073a9233 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 05:17:07 +0000
Subject: [PATCH 018/148] mark branches as closed

---
 doc/private/branches | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 9b0d3d7c43..86d2050154 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -53,21 +53,21 @@ rt10508				closed
 rt10565				closed	
 rt10590				closed	
 rt10642				closed	
-rt10704				new	
-rt10764				new	
-rt10838				new	
-rt10847				new	
-rt10861				new	
-rt10864				new	
-rt10920				new	
-rt10925				new	
-rt10929				new	
-rt10991				new	
-rt11013				new	
-rt11065				new	
+rt10704				closed	
+rt10764				closed	(empty)	
+rt10838				closed	
+rt10847				closed	
+rt10861				closed	
+rt10864				open	marka	
+rt10920				closed	
+rt10925				closed	
+rt10929				closed	
+rt10991				closed	
+rt11013				closed	
+rt11065				closed	
 rt11069				new	
 rt11069_v9_2			new	
-rt11101				new	
+rt11101				closed	
 rt11116				new	
 rt11117				new	
 rt11118				new	

From 361a71b7e6b54d8b5488015d87ae2207e97586fb Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 05:33:42 +0000
Subject: [PATCH 019/148] typo in comment

---
 bin/named/query.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/named/query.c b/bin/named/query.c
index b5942c44e9..a9f8742bb8 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.265 2005/04/27 04:55:53 sra Exp $ */
+/* $Id: query.c,v 1.266 2005/05/16 05:33:42 marka Exp $ */
 
 /*! \file */
 
@@ -3482,7 +3482,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 		/*
 		 * Add SOA.  If the query was for a SOA record force the
 		 * ttl to zero so that it is possible for clients to find
-		 * the containing zone of a arbitary name with a stub
+		 * the containing zone of an arbitrary name with a stub
 		 * resolver and not have it cached.
 		 */
 		if (qtype == dns_rdatatype_soa)

From e287f841b4574e9af4819726ffecac3d2c81b16a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 05:50:21 +0000
Subject: [PATCH 020/148] mark branches as closed

---
 doc/private/branches | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 86d2050154..f88538feb3 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -9,7 +9,7 @@ bind9-gss-tsig			new
 bind9-gsstsig			new	
 compiled_zonefile		open		(wire format zone file, under development)
 da				new	
-delegation_only			new	
+delegation_only			closed	
 dlz				new	
 ds				new	
 ds13				new	
@@ -288,33 +288,33 @@ rt9997a				new
 rt9998				new	
 skan				new	
 skan-metazones1			new	
-skan-tcr			new	
-skan-typecode-roll		new	
-skan-typecode-roll2		new	
+skan-tcr			closed	
+skan-typecode-roll		closed	
+skan-typecode-roll2		closed	
 skan_implicit_update1		new	
 skan_stats1			new	
 stats_lidl			new	
 v6source			new	
-v9_0				new	
-v9_1				new	
+v9_0				closed	
+v9_1				active	(security fixes only)
 v9_1_1_base			new	
 v9_1_1_patch			new	
-v9_1_3_delegation_only		new	
+v9_1_3_delegation_only		closed	
 v9_1_3_do_base			new	
 v9_1_4_base			new	
-v9_2				new	
+v9_2				active
 v9_2_0_patch			new	
 v9_2_2_delegation_only		new	
 v9_2_2base			new	
 v9_2_4base			new	
-v9_3				new	
+v9_3				active	
 v9_3_0base			new	
 v9_3_0beta2_dlv			new	
-v9_4				new	
-ws20030120			new	
-ws20030120_tcr			new	
-ws20030312_optin		new	
-ws20030312_tcr			new	
+v9_4				active	
+ws20030120			closed	(workshop branch)	
+ws20030120_tcr			closed	(workshop branch)	
+ws20030312_optin		closed	(workshop branch)	
+ws20030312_tcr			closed	(workshop branch)	
 
 
 a6_remove			closed

From 76e55ea636accf92dc6d9fd204e9c0bc29260636 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 06:19:18 +0000
Subject: [PATCH 021/148] mark branches as closed

---
 doc/private/branches | 50 ++++++++++++++++++++++----------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index f88538feb3..390b02cb99 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -68,39 +68,39 @@ rt11065				closed
 rt11069				new	
 rt11069_v9_2			new	
 rt11101				closed	
-rt11116				new	
-rt11117				new	
-rt11118				new	
-rt11119				new	
-rt11127				new	
-rt11132				new	
-rt11149				new	
+rt11116				closed	
+rt11117				closed	
+rt11118				closed	
+rt11119				closed	
+rt11127				closed	
+rt11132				closed	
+rt11149				closed	
 rt11156				new	
 rt11156_v9_2			new	
 rt11163				new	
 rt11163_1			new	
-rt11177				new	
-rt11179				new	
+rt11177				closed	
+rt11179				closed	
 rt11206				new	
-rt11208				new	
-rt11237				new	
-rt11280				new	
-rt11288				new	
-rt11331				new	
-rt113347			new	
-rt11360				new	
+rt11208				closed	
+rt11237				closed	
+rt11280				closed	
+rt11288				closed	
+rt11331				closed	
+rt113347			closed	(rt11347)
+rt11360				closed	
 rt11398				new	
 rt11398a			new	
 rt11398b			new	
-rt11398c			new	
-rt11432				new	
-rt11436				new	
-rt11439				new	
-rt11445				new	
-rt11446				new	
-rt11486				new	
-rt11541				new	
-rt11542				new	
+rt11398c			closed	
+rt11432				closed	
+rt11436				closed	
+rt11439				closed
+rt11445				closed	
+rt11446				closed	
+rt11486				closed	
+rt11541				closed	
+rt11542				closed	
 rt11543				new	
 rt11582				new	
 rt11595				new	

From 64a567b4ad22ab84f4574848b74b184f8113befd Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 06:26:36 +0000
Subject: [PATCH 022/148] mark branches as closed

---
 doc/private/branches | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 390b02cb99..fc4eb19afc 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -1,5 +1,5 @@
 
-Branch				Status	Whom
+Branch				Status	Whom	(Comments)
 -------------------------------------------------------
 
 additional_cache		review		(additional RRs caching for performance)
@@ -278,14 +278,14 @@ rt9442				new
 rt9475				new	
 rt9479				new	
 rt9479_v9_2			new	
-rt9940				new	
-rt9941				new	
+rt9940				closed	
+rt9941				closed	
 rt9976				review	jakob
-rt9979				new	
-rt9989				new	
-rt9997				new	
-rt9997a				new	
-rt9998				new	
+rt9979				closed	
+rt9989				closed	
+rt9997				closed	
+rt9997a				closed	
+rt9998				closed	
 skan				new	
 skan-metazones1			new	
 skan-tcr			closed	

From 0968b9c9e953f796a356672c4559365754363cad Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 06:35:12 +0000
Subject: [PATCH 023/148] mark branches as closed

---
 doc/private/branches | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index fc4eb19afc..bb9f3a0716 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -101,17 +101,17 @@ rt11446				closed
 rt11486				closed	
 rt11541				closed	
 rt11542				closed	
-rt11543				new	
-rt11582				new	
-rt11595				new	
-rt11600				new	
-rt11681				new	
-rt11697				new	
-rt11706				new	
-rt11714				new	
+rt11543				open	jakob	
+rt11582				closed	
+rt11595				closed	
+rt11600				closed	
+rt11681				closed	
+rt11697				closed	
+rt11706				closed	
+rt11714				closed	
 rt11733				new	
 rt11733b			new	
-rt11742				new	
+rt11742				closed	
 rt11943				new	
 rt12023				new	
 rt12024				new	

From c6313caa6cd9d011ac075048d2b62fd3410162df Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 06:39:39 +0000
Subject: [PATCH 024/148] Add (Comment) to header

---
 util/update_branches | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 320572cc71..806101558f 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.3 2005/05/16 04:28:59 marka Exp $
+# $Id: update_branches,v 1.4 2005/05/16 06:39:39 marka Exp $
 
 %branches = ();
 %whom = ();
@@ -28,8 +28,8 @@
 open(BRANCHES, ") {
 	chomp;
-	next if (/----------/);
-	next if (/Whom/);
+	next if (/^-*$/
+	next if (/^Branch/);
 	$c = "";
 	if (m/\(.*\)/) {
 		$c = $_;
@@ -80,8 +80,8 @@ close(FILES);
 # Write out updated version.
 #
 open(BRANCHES, ">doc/private/newbranches") || die "can't open doc/private/branches: $!";
-print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\n";
-print BRANCHES "-------------------------------------------------------\n\n";
+print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\t(Comments)\n";
+print BRANCHES "----------------------------------------------------------\n\n";
 foreach $key (sort keys %branches) {
 	next if ($branches{$key} eq "closed");
 	print BRANCHES "$key";

From 35665db4e49e3e4c0e3776e635449f931f3732cf Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 06:57:51 +0000
Subject: [PATCH 025/148] fix if clause

---
 util/update_branches | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 806101558f..886237b8dd 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.4 2005/05/16 06:39:39 marka Exp $
+# $Id: update_branches,v 1.5 2005/05/16 06:57:51 marka Exp $
 
 %branches = ();
 %whom = ();
@@ -28,7 +28,7 @@
 open(BRANCHES, ") {
 	chomp;
-	next if (/^-*$/
+	next if (/^-/);
 	next if (/^Branch/);
 	$c = "";
 	if (m/\(.*\)/) {

From 64cde9d94a2f6c7050f00d9651df6b05e63d09f2 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 07:02:22 +0000
Subject: [PATCH 026/148] update

---
 util/update_branches | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 886237b8dd..1281ee7b66 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.5 2005/05/16 06:57:51 marka Exp $
+# $Id: update_branches,v 1.6 2005/05/16 07:02:22 marka Exp $
 
 %branches = ();
 %whom = ();
@@ -36,11 +36,12 @@ while () {
 		$c =~ s/.*(\(.*\)).*$/$1/;
 		s/\(.*\)//;
 	}
+	s/\s$//;
 	next if (/^\s*$/);
 	($branch, $status, $who) = split;
-	#$status = "new" if (!defined($status));
+	$status = "new" if (!defined($status));
 	$branches{$branch} = $status;
-	#$who = "-" if (!defined($who));
+	$who = "-" if (!defined($who));
 	$whom{$branch} = $who;
 	$comments{$branch} = $c;
 }

From cbb94d52f98b48e8c3a8866dbf8c67860764f349 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 07:03:47 +0000
Subject: [PATCH 027/148] update

---
 util/update_branches | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 1281ee7b66..2773aa46ab 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.6 2005/05/16 07:02:22 marka Exp $
+# $Id: update_branches,v 1.7 2005/05/16 07:03:47 marka Exp $
 
 %branches = ();
 %whom = ();
@@ -41,7 +41,7 @@ while () {
 	($branch, $status, $who) = split;
 	$status = "new" if (!defined($status));
 	$branches{$branch} = $status;
-	$who = "-" if (!defined($who));
+	$who = "" if (!defined($who));
 	$whom{$branch} = $who;
 	$comments{$branch} = $c;
 }

From 704aa36bf33ff7b7a455f6f7da330ca73281a10e Mon Sep 17 00:00:00 2001
From: Rob Austein 
Date: Mon, 16 May 2005 18:43:09 +0000
Subject: [PATCH 028/148] update

---
 doc/private/branches | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index bb9f3a0716..7d0b960270 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -10,7 +10,7 @@ bind9-gsstsig			new
 compiled_zonefile		open		(wire format zone file, under development)
 da				new	
 delegation_only			closed	
-dlz				new	
+dlz				open	sra	(dynamicly loadable zones)
 ds				new	
 ds13				new	
 edns1				new	
@@ -89,9 +89,9 @@ rt11288				closed
 rt11331				closed	
 rt113347			closed	(rt11347)
 rt11360				closed	
-rt11398				new	
-rt11398a			new	
-rt11398b			new	
+rt11398				closed
+rt11398a			open	sra	(doxygen dev)
+rt11398b			closed
 rt11398c			closed	
 rt11432				closed	
 rt11436				closed	

From c32eafbc40987f66c0709e252e3f899c91795545 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 22:55:05 +0000
Subject: [PATCH 029/148] new draft

---
 .../draft-ietf-dnsext-wcard-clarify-06.txt    | 825 -----------------
 .../draft-ietf-dnsext-wcard-clarify-07.txt    | 861 ++++++++++++++++++
 2 files changed, 861 insertions(+), 825 deletions(-)
 delete mode 100644 doc/draft/draft-ietf-dnsext-wcard-clarify-06.txt
 create mode 100644 doc/draft/draft-ietf-dnsext-wcard-clarify-07.txt

diff --git a/doc/draft/draft-ietf-dnsext-wcard-clarify-06.txt b/doc/draft/draft-ietf-dnsext-wcard-clarify-06.txt
deleted file mode 100644
index 4f13155eaf..0000000000
--- a/doc/draft/draft-ietf-dnsext-wcard-clarify-06.txt
+++ /dev/null
@@ -1,825 +0,0 @@
-DNSEXT Working Group                                            E. Lewis
-INTERNET DRAFT                                                   NeuStar
-Expiration Date: November 11, 2005                           May 11 2005
-
-                           The Role of Wildcards
-                         in the Domain Name System
-                   draft-ietf-dnsext-wcard-clarify-06.txt
-
-Status of this Memo
-
-   By submitting this Internet-Draft, each author represents that
-   any applicable patent or other IPR claims of which he or she is
-   aware have been or will be disclosed, and any of which he or she
-   becomes aware will be disclosed, in accordance with Section 6 of
-   BCP 79.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as Internet-
-   Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-     http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-     http://www.ietf.org/shadow.html
-
-   This Internet-Draft will expire on November 11, 2005.
-
-Copyright Notice
-
-   Copyright (C) The Internet Society (2005).
-
-Abstract
-
-   This is an update to the wildcard definition of RFC 1034.  The
-   interaction with wildcards and CNAME is changed, an error
-   condition removed, and the words defining some concepts central to
-   wildcards are changed.  The overall goal is not to change wildcards,
-   but to refine the definition of RFC 1034.
-
-1 Introduction
-
-   In RFC 1034 [RFC1034], sections 4.3.2 and 4.3.3 describe the synthesis
-   of answers from special resource records called wildcards.  The
-   definition in RFC 1034 is incomplete and has proven to be confusing.
-   This document describes the wildcard synthesis by adding to the
-   discussion and making limited modifications.  Modifications are made
-   to close inconsistencies that have led to interoperability issues.
-   This description does not expand the service intended by the original
-   definition.
-
-   Staying within the spirit and style of the original documents, this
-   document avoids specifying rules for DNS implementations regarding
-   wildcards.  The intention is to only describe what is needed for
-   interoperability, not restrict implementation choices.  In addition,
-   consideration has been given to minimize any backwards compatibility
-   with implementations that have complied with RFC 1034's definition.
-
-   This document is focused on the concept of wildcards as defined in RFC
-   1034.  Nothing is implied regarding alternative approaches, nor are
-   alternatives discussed.
-
-1.1 Motivation
-
-   Many DNS implementations have diverged with respect to wildcards in
-   different ways from the original definition, or at from least what
-   had been intended.  Although there is clearly a need to clarify the
-   original documents in light of this alone, the impetus for this
-   document lay in the engineering of the DNS security extensions
-   [RFC4033].  With an unclear definition of wildcards the design of
-   authenticated denial became entangled.
-
-   This document is intended to limit changes,  only those based on
-   implementation experience, and to remain as close to the original
-   document as possible.  To reinforce this, relevant sections of RFC
-   1034 are repeated verbatim to help compare the old and new text.
-
-1.2 The Original Definition
-
-   The context of the wildcard concept involves the algorithm by which
-   a name server prepares a response (in RFC 1034's section 4.3.2) and
-   the way in which a resource record (set) is identified as being a
-   source of synthetic data (section 4.3.3).
-
-   The beginning of the discussion ought to start with the definition
-   of the term "wildcard" as it appears in RFC 1034, section 4.3.3.
-
-# In the previous algorithm, special treatment was given to RRs with
-# owner names starting with the label "*".  Such RRs are called
-# wildcards. Wildcard RRs can be thought of as instructions for
-# synthesizing RRs.  When the appropriate conditions are met, the name
-# server creates RRs with an owner name equal to the query name and
-# contents taken from the wildcard RRs.
-
-   This passage appears after the algorithm in which the term wildcard
-   is first used.   In this definition, wildcard refers to resource
-   records.  In other usage, wildcard has referred to domain names, and
-   it has been used to describe the operational practice of relying on
-   wildcards to generate answers.  It is clear from this that there is
-   a need to define clear and unambiguous terminology in the process of
-   discussing wildcards.
-
-   The mention of the use of wildcards in the preparation of a response
-   is contained in step 3c of RFC 1034's section 4.3.2 entitled
-   "Algorithm." Note that "wildcard" does not appear in the algorithm,
-   instead references are made to the "*" label.  The portion of the
-   algorithm relating to wildcards is deconstructed in detail in
-   section 3 of this document, this is the beginning of the passage.
-
-#        c. If at some label, a match is impossible (i.e., the
-#           corresponding label does not exist), look to see if [...]
-#           the "*" label exists.
-
-   The scope of this document is the RFC 1034 definition of wildcards and
-   the implications of updates to those documents, such as DNSSEC.
-   Alternate schemes for synthesizing answers are not considered.
-   (Note that there is no reference listed.  No document is known to
-   describe any alternate schemes, although there has been some
-   mention of them in mailing lists.)
-
-1.3 This Document
-
-   This document accomplishes these three items.
-   o Defines new terms
-   o Makes minor changes to avoid conflicting concepts
-   o Describes the actions of certain resource records as wildcards
-
-1.3.1 New Terms
-
-   To help in discussing what resource records are wildcards, two terms
-   will be defined - "asterisk label" and "wild card domain name".  These
-   are defined in section 2.1.1.
-
-   To assist in clarifying the role of wildcards in the name server
-   algorithm in RFC 1034, 4.3.2, "source of synthesis" and "closest
-   encloser" are defined.  These definitions are in section 3.3.2.
-   "Label match" is defined in section 3.2.
-
-   The introduction of new terms ought not have an impact on any existing
-   implementations.  The new terms are used only to make discussions of
-   wildcards clearer.
-
-1.3.2 Changed Text
-
-   The definition of "existence" is changed, superficially.  This
-   change will not be apparent to implementations; it is needed to
-   make descriptions more precise.  The change appears in section 2.2.3.
-
-   RFC 1034, section 4.3.3., seems to prohibit having two asterisk
-   labels in a wildcard owner name.  With this document the restriction
-   is removed entirely.  This change and its implications are in
-   section 2.1.3.
-
-   The actions when a source of synthesis owns a CNAME RR are changed to
-   mirror the actions if an exact match name owns a CNAME RR.  This
-   is an addition to the words in RFC 1034, section 4.3.2, step 3,
-   part c.  The discussion of this is in section 3.3.3.
-
-   Only the latter change represents an impact to implementations.  The
-   definition of existence is not a protocol impact.  The change to the
-   restriction on names is unlikely to have an impact, as there was no
-   discussion of how to enforce the restriction.
-
-1.3.3 Considerations with Special Types
-
-   This document describes semantics of wildcard CNAME RRSets [RFC2181],
-   wildcard NS RRSets, wildcard SOA RRSets, wildcard DNAME RRSets
-   [RFC2672], wildcard DS RRSets [RFC TBD], and empty non-terminal
-   wildcards.  Understanding these types in the context of wildcards
-   has been clouded because these types incur special processing if they
-   are the result of an exact match.  This discussion is in section 4.
-
-   These discussions do not have an implementation impact, they cover
-   existing knowledge of the types, but to a greater level of detail.
-
-1.4 Standards Terminology
-
-   This document does not use terms as defined in "Key words for use in
-   RFCs to Indicate Requirement Levels." [RFC2119]
-
-   Quotations of RFC 1034 are denoted by a '#' in the leftmost column.
-
-2 Wildcard Syntax
-
-   The syntax of a wildcard is the same as any other DNS resource record,
-   across all classes and types.  The only significant feature is the
-   owner name.
-
-   Because wildcards are encoded as resource records with special names,
-   they are included in zone transfers and incremental zone transfers.
-   [RFC1995].  This feature has been underappreciated until discussions
-   on alternative approaches to wildcards appeared on mailing lists.
-
-2.1 Identifying a Wildcard
-
-   To provide a more accurate description of "wildcards", the definition
-   has to start with a discussion of the domain names that appear as
-   owners.  Two new terms are needed, "Asterisk Label" and "Wild Card
-   Domain Name."
-
-2.1.1 Wild Card Domain Name and Asterisk Label
-
-   A "wild card domain name" is defined by having its initial
-   (i.e., left-most or least significant) label be, in binary format:
-
-        0000 0001 0010 1010 (binary) = 0x01 0x2a (hexadecimal)
-
-   The first octet is the normal label type and length for a 1 octet
-   long label, the second octet is the ASCII representation [RFC20] for
-   the '*' character.
-
-   A descriptive name of a label equaling that value is an "asterisk
-   label."
-
-   RFC 1034's definition of wildcard would be "a resource record owned
-   by a wild card domain name."
-
-2.1.2 Asterisks and Other Characters
-
-   No label values other than that in section 2.1.1 are asterisk labels,
-   hence names beginning with other labels are never wild card domain
-   names.  Labels such as 'the*' and '**' are not asterisk labels,
-   they do not start wild card domain names.
-
-2.1.3 Non-terminal Wild Card Domain Names
-
-   In section 4.3.3, the following is stated:
-
-#   ..........................  The owner name of the wildcard RRs is of
-#   the form "*.", where  is any domain name.
-#    should not contain other * labels......................
-
-   This restriction is lifted because the original documentation of it
-   is incomplete and the restriction does not serve any purpose given
-   years of operational experience.
-
-   Indirectly, the above passage raises questions about wild card domain
-   names having subdomains and possibly being an empty non-terminal.  By
-   thinking of domain names such as "*.example.*.example." and
-   "*.*.example." and focusing on the right-most asterisk label in each,
-   the issues become apparent.
-
-   Although those example names have been restricted per RFC 1034, a name
-   such as "example.*.example." illustrates the same problems.  The
-   sticky issue of subdomains and empty non-terminals is not removed by
-   the restriction.  With that conclusion, the restriction appears to
-   be meaningless, worse yet, it implies that an implementation would
-   have to perform checks that do little more than waste CPU cycles.
-
-   A wild card domain name can have subdomains.  There is no need to
-   inspect the subdomains to see if there is another asterisk label in
-   any subdomain.
-
-   A wild card domain name can be an empty non-terminal.  (See the
-   upcoming sections on empty non-terminals.)  In this case, any
-   lookup encountering it will terminate as would any empty
-   non-terminal match.
-
-2.2 Existence Rules
-
-   The notion that a domain name 'exists' is mentioned in the definition
-   of wildcards.  In section 4.3.3 of RFC 1034:
-
-# Wildcard RRs do not apply:
-#
-...
-#   - When the query name or a name between the wildcard domain and
-#     the query name is know[n] to exist.  For example, if a wildcard
-
-   RFC 1034 also refers to non-existence in the process of generating
-   a response that results in a return code of "name error."  NXDOMAIN
-   is introduced in RFC 2308, section 2.1 says "In this case the domain
-   ... does not exist." The overloading of the term "existence" is
-   confusing.
-
-   For the purposes of this document, a domain name is said to exist if
-   it plays a role in the execution of the algorithms in RFC 1034.  This
-   document avoids discussion determining when an authoritative name
-   error has occurred.
-
-2.2.1 An Example
-
-   To illustrate what is meant by existence consider this complete zone:
-
-       $ORIGIN example.
-       example.                  3600 IN  SOA   
-       example.                  3600     NS    ns.example.com.
-       example.                  3600     NS    ns.example.net.
-       *.example.                3600     TXT   "this is a wild card"
-       *.example.                3600     MX    10 host1.example.
-       sub.*.example.            3600     TXT   "this is not a wild card"
-       host1.example.            3600     A     192.0.4.1
-       _ssh._tcp.host1.example.  3600     SRV  
-       _ssh._tcp.host2.example.  3600     SRV  
-       subdel.example.           3600     NS   ns.example.com.
-       subdel.example.           3600     NS   ns.example.net.
-
-   A look at the domain names in a tree structure is helpful:
-
-                                 |
-                 -------------example------------
-                /           /         \          \
-               /           /           \          \
-              /           /             \          \
-             *          host1          host2      subdel
-             |            |             |
-             |            |             |
-            sub         _tcp          _tcp
-                          |             |
-                          |             |
-                        _ssh          _ssh
-
-   The following queries would be synthesized from one of the wildcards:
-
-        QNAME=host3.example. QTYPE=MX, QCLASS=IN
-             the answer will be a "host3.example. IN MX ..."
-
-        QNAME=host3.example. QTYPE=A, QCLASS=IN
-             the answer will reflect "no error, but no data"
-             because there is no A RR set at '*.example.'
-
-        QNAME=foo.bar.example. QTYPE=TXT, QCLASS=IN
-             the answer will be "foo.bar.example. IN TXT ..."
-             because bar.example. does not exist, but the wildcard does.
-
-   The following queries would not be synthesized from any of the
-   wildcards:
-
-        QNAME=host1.example., QTYPE=MX, QCLASS=IN
-             because host1.example. exists
-
-        QNAME=ghost.*.example., QTYPE=MX, QCLASS=IN
-             because *.example. exists
-
-        QNAME=sub.*.example., QTYPE=MX, QCLASS=IN
-             because sub.*.example. exists
-
-        QNAME=_telnet._tcp.host1.example., QTYPE=SRV, QCLASS=IN
-             because _tcp.host1.example. exists (without data)
-
-        QNAME=host.subdel.example., QTYPE=A, QCLASS=IN
-             because subdel.example. exists (and is a zone cut)
-
-2.2.2 Empty Non-terminals
-
-   Empty non-terminals [RFC2136, Section 7.16] are domain names that own
-   no resource records but have subdomains that do.  In section 2.2.1,
-   "_tcp.host1.example." is an example of a empty non-terminal name.
-   Empty non-terminals are introduced by this text in section 3.1 of RFC
-   1034:
-
-# The domain name space is a tree structure.  Each node and leaf on the
-# tree corresponds to a resource set (which may be empty).  The domain
-# system makes no distinctions between the uses of the interior nodes
-# and leaves, and this memo uses the term "node" to refer to both.
-
-   The parenthesized "which may be empty" specifies that empty non-
-   terminals are explicitly recognized, and that empty non-terminals
-   "exist."
-
-   Pedantically reading the above paragraph can lead to an
-   interpretation that all possible domains exist - up to the suggested
-   limit of 255 octets for a domain name [RFC1035].  For example,
-   www.example. may have an A RR, and as far as is practically
-   concerned, is a leaf of the domain tree.  But the definition can be
-   taken to mean that sub.www.example. also exists, albeit with no data.
-   By extension, all possible domains exist, from the root on down.  As
-   RFC 1034 also defines "an authoritative name error indicating that
-   the name does not exist" in section 4.3.1, this is not the intent of
-   the original document.
-
-2.2.3 Yet Another Definition of Existence
-
-   RFC1034's wording is fixed by the following paragraph:
-
-   The domain name space is a tree structure.  Nodes in the tree either
-   own at least one RRSet and/or have descendants that collectively own
-   at least on RRSet.  A node may have no RRSets if it has descendents
-   that do, this node is a empty non-terminal.  A node may have its own
-   RRSets and have descendants with RRSets too.
-
-   A node with no descendants is a leaf node.  Empty leaf nodes do not
-   exist.
-
-   Note that at a zone boundary, the domain name owns data, including
-   the NS RR set.  At the delegating server, the NS RR set is not
-   authoritative, but that is of no consequence here.  The domain name
-   owns data, therefore, it exists.
-
-2.3 When does a Wild Card Domain Name is not Special
-
-   When a wild card domain name appears in a message's query section,
-   no special processing occurs.  An asterisk label in a query name
-   only (label) matches an asterisk label in the existing zone tree
-   when the 4.3.2 algorithm is being followed.
-
-   When a wild card domain name appears in the resource data of a
-   record, no special processing occurs.  An asterisk label in that
-   context literally means just an asterisk.
-
-3. Impact of a Wild Card Domain Name On a Response
-
-   The description of how wildcards impact response generation is in
-   RFC 1034, section 4.3.2.  That passage contains the algorithm
-   followed by a server in constructing a response.  Within that
-   algorithm, step 3, part 'c' defines the behavior of the wild card.
-
-   The algorithm in RFC 1034, section 4.3.2. is not intended to be pseudo
-   code, i.e., its steps are not intended to be followed in strict
-   order.  The "algorithm" is a suggestion.  As such, in step 3, parts
-   a, b, and c, do not have to be implemented in that order.
-
-3.1 Step 2
-
-   Step 2 of the RFC 1034's section 4.3.2 reads:
-
-#   2. Search the available zones for the zone which is the nearest
-#      ancestor to QNAME.  If such a zone is found, go to step 3,
-#      otherwise step 4.
-
-   In this step, the most appropriate zone for the response is chosen.
-   The significance of this step is that it means all of step 3 is being
-   performed within one zone.  This has significance when considering
-   whether or not an SOA RR can be ever be used for synthesis.
-
-3.2 Step 3
-
-   Step 3 is dominated by three parts, labelled 'a', 'b', and 'c'.  But
-   the beginning of the step is important and needs explanation.
-
-#   3. Start matching down, label by label, in the zone.  The
-#      matching process can terminate several ways:
-
-   The word 'matching' refers to label matching.  The concept
-   is based in the view of the zone as the tree of existing names.  The
-   query name is considered to be an ordered sequence of labels - as
-   if the name were a path from the root to the owner of the desired
-   data.  (Which it is - 3rd paragraph of RFC 1034, section 3.1.)
-
-   The process of label matching a query name ends in exactly one of
-   three choices, the parts 'a', 'b', and 'c'.  Either the name is
-   found, the name is below a cut point, or the name is not found.
-
-   Once one of the parts is chosen, the other parts are not considered.
-   (E.g., do not execute part 'c' and then change the execution path to
-   finish in part 'b'.)  The process of label matching is also done
-   independent of the query type (QTYPE).
-
-   Parts 'a' and 'b' are not an issue for this clarification as they
-   do not relate to record synthesis.  Part 'a' is an exact match that
-   results in an answer, part 'b' is a referral.  It is possible, from
-   the description given, that a query might fit into both part a and
-   part b, this is not within the scope of this document.
-
-3.3 Part 'c'
-
-   The context of part 'c' is that the process of label matching the
-   labels of the query name has resulted in a situation in which there
-   is no corresponding label in the tree.  It is as if the lookup has
-   "fallen off the tree."
-
-#         c. If at some label, a match is impossible (i.e., the
-#            corresponding label does not exist), look to see if [...]
-#            the "*" label exists.
-
-   To help describe the process of looking 'to see if [...] the "*"
-   label exists' a term has been coined to describe the last domain
-   (node) matched.  The term is "closest encloser."
-
-3.3.1 Closest Encloser and the Source of Synthesis
-
-   The closest encloser is the node in the zone's tree of existing
-   domain names that has the most labels matching the query name
-   (consecutively, counting from the root label downward). Each match
-   is a "label match" and the order of the labels is the same.
-
-   The closest encloser is, by definition, an existing name in the zone.
-   The closest encloser might be an empty non-terminal or even be a wild
-   card domain name itself.  In no circumstances is the closest encloser
-   to be used to synthesize records for the current query.
-
-   The source of synthesis is defined in the context of a query process
-   as that wild card domain name immediately descending from the
-   closest encloser, provided that this wild card domain name exists.
-   "Immediately descending" means that the source of synthesis has a name
-   of the form ..  A source of
-   synthesis does not guarantee having a RRSet to use for synthesis.
-   The source of synthesis could be an empty non-terminal.
-
-   If the source of synthesis does not exist (not on the domain tree),
-   there will be no wildcard synthesis.  There is no search for an
-   alternate.
-
-   The important concept is that for any given lookup process, there
-   is at most one place at which wildcard synthetic records can be
-   obtained.  If the source of synthesis does not exist, the lookup
-   terminates, the lookup does not look for other wildcard records.
-
-3.3.2 Closest Encloser and Source of Synthesis Examples
-
-   To illustrate, using the example zone in section 2.2.1 of this
-   document, the following chart shows QNAMEs and the closest enclosers.
-
-   QNAME                        Closest Encloser     Source of Synthesis
-   host3.example.               example.             *.example.
-   _telnet._tcp.host1.example.  _tcp.host1.example.  no source
-   _telnet._tcp.host2.example.  host2.example.       no source
-   _telnet._tcp.host3.example.  example.             *.example.
-   _chat._udp.host3.example.    example.             *.example.
-   foobar.*.example.            *.example.           no source
-
-3.3.3 Type Matching
-
-    RFC 1034 concludes part 'c' with this:
-
-#            If the "*" label does not exist, check whether the name
-#            we are looking for is the original QNAME in the query
-#            or a name we have followed due to a CNAME.  If the name
-#            is original, set an authoritative name error in the
-#            response and exit.  Otherwise just exit.
-#
-#            If the "*" label does exist, match RRs at that node
-#            against QTYPE.  If any match, copy them into the answer
-#            section, but set the owner of the RR to be QNAME, and
-#            not the node with the "*" label.  Go to step 6.
-
-   The final paragraph covers the role of the QTYPE in the lookup
-   process.
-
-   Based on implementation feedback and similarities between step 'a' and
-   step 'c' a change to this passage has been made.
-
-   The change is to add the following text to step 'c':
-
-            If the data at the source of synthesis is a CNAME, and
-            QTYPE doesn't match CNAME, copy the CNAME RR into the
-            answer section of the response changing the owner name
-            to the QNAME, change QNAME to the canonical name in the
-            CNAME RR, and go back to step 1.
-
-   This is essentially the same text in step a covering the processing of
-   CNAME RRSets.
-
-4. Considerations with Special Types
-
-   Sections 2 and 3 of this document discuss wildcard synthesis with
-   respect to names in the domain tree and ignore the impact of types.
-   In this section, the implication of wildcards of specific types are
-   discussed.  The types covered are those that have proven to be the
-   most difficult to understand.  The types are SOA, NS, CNAME, DNAME,
-   SRV, DS, NSEC, RRSIG and "none," i.e., empty non-terminal wild card
-   domain names.
-
-4.1 SOA RRSet at a Wild Card Domain Name
-
-   A wild card domain name owning an SOA RRSet means that the domain
-   is at the root of the zone (apex).  The domain can not be a source of
-   synthesis because that is, by definition, a descendent node (of
-   the closest encloser) and a zone apex is at the top of the zone.
-
-   Although a wild card domain name owning an SOA RRSet can never be a
-   source of synthesis, there is no reason to forbid the ownership of
-   an SOA RRSet.
-
-   E.g., given this zone:
-          $ORIGIN *.example.
-          @                 3600 IN  SOA   
-                            3600     NS    ns1.example.com.
-                            3600     NS    ns1.example.net.
-          www               3600     TXT   "the www txt record"
-
-   A query for www.*.example.'s TXT record would still find the "the www
-   txt record" answer.  The reason is that the asterisk label only
-   becomes significant when RFC 1034's 4.3.2, step 3 part 'c' in in
-   effect.
-
-   Of course, there would need to be a delegation in the parent zone,
-   "example." for this to work too.  This is covered in the next section.
-
-4.2 NS RRSet at a Wild Card Domain Name
-
-   With the definition of DNSSEC [RFC4033, RFC4034, RFC4035] now in
-   place, the semantics of a wild card domain name owning an NS RR has
-   come to be poorly defined.  The dilemma relates to a conflict
-   between the rules for synthesis in part 'c' and the fact that the
-   resulting synthesis generates a record for which the zone is not
-   authoritative.  In a DNSSEC signed zone, the mechanics of signature
-   management (generation and inclusion in a message) become unclear.
-
-   After some lengthy discussions, there has been no clear "best answer"
-   on how to document the semantics of such a situation.  Barring such
-   records from the DNS would require definition of rules for that, as
-   well as introducing a restriction on records that were once legal.
-   Allowing such records and amending the process of signature
-   management would entail complicating the DNSSEC definition.
-
-   Combining these observations with thought that a wild card domain name
-   owning an NS record is an operationally uninteresting scenario, i.e.,
-   it won't happen in the normal course of events, accomodating this
-   situation in the specification would also be categorized as
-   "needless complication." Further, expending more effort on this
-   topic has proven to be an exercise in diminishing returns.
-
-   In summary, there is no definition given for wild card domain names
-   owning an NS RRSet.  The semantics are left undefined until there
-   is a clear need to have a set defined, and until there is a clear
-   direction to proceed.  Operationally, inclusion of wild card NS
-   RRSets in a zone is discouraged, but not barred.
-
-4.3 CNAME RRSet at a Wild Card Domain Name
-
-   The issue of a CNAME RRSet owned by a wild card domain name has
-   prompted a suggested change to the last paragraph of step 3c of the
-   algorithm in 4.3.2.  The changed text appears in section 3.3.3 of
-   this document.
-
-4.4 DNAME RRSet at a Wild Card Domain Name
-
-   Ownership of a DNAME RRSet by a wild card domain name represents a
-   threat to the coherency of the DNS and is to be avoided or outright
-   rejected.  Such a DNAME RRSet represents non-deterministic synthesis
-   of rules fed to different caches.  As caches are fed the different
-   rules (in an unpredictable manner) the caches will cease to be
-   coherent.  ("As caches are fed" refers to the storage in a cache of
-   records obtained in responses by recursive or iterative servers.)
-
-   For example, assume one cache, responding to a recursive request,
-   obtains the record "a.b.example. DNAME foo.bar.tld." and another
-   cache obtains "b.example. DNAME foo.bar.tld.", both generated from
-   the record "*.example. DNAME foo.bar.tld." by an authoritative server.
-
-   The DNAME specification is not clear on whether DNAME records in a
-   cache are used to rewrite queries.  In some interpretations, the
-   rewrite occurs, in some, it is not.  Allowing for the occurrence of
-   rewriting, queries for "sub.a.b.example. A" may be rewritten as
-   "sub.foo.bar.tld. A" by the former caching server and may be rewritten
-   as "sub.a.foo.bar.tld. A" by the latter.  Coherency is lost, an
-   operational nightmare ensues.
-
-   Another justification for banning or avoiding wildcard DNAME records
-   is the observation that such a record could synthesize a DNAME owned
-   by "sub.foo.bar.example." and "foo.bar.example."  There is a
-   restriction in the DNAME definition that no domain exist below a
-   DNAME-owning domain, hence, the wildcard DNAME is not to be permitted.
-
-4.5 SRV RRSet at a Wild Card Domain Name
-
-   The definition of the SRV RRset is RFC 2782 [RFC2782].  In the
-   definition of the record, there is some confusion over the term
-   "Name."  The definition reads as follows:
-
-# The format of the SRV RR
-...
-#      _Service._Proto.Name TTL Class SRV Priority Weight Port Target
-...
-#   Name
-#     The domain this RR refers to.  The SRV RR is unique in that the
-#     name one searches for is not this name; the example near the end
-#     shows this clearly.
-
-   Do not confuse the definition "Name" with a domain name.  I.e., once
-   removing the _Service and _Proto labels from the owner name of the
-   SRV RRSet, what remains could be a wild card domain name but this is
-   immaterial to the SRV RRSet.
-
-   E.g.,  If an SRV record is:
-        _foo._udp.*.example. 10800 IN SRV 0 1 9 old-slow-box.example.
-
-   *.example is a wild card domain name and although it it the Name of
-   the SRV RR, it is not the owner (domain name).  The owner domain name
-   is "_foo._udp.*.example." which is not a wild card domain name.
-
-   The confusion is likely based on the mixture of the specification of
-   the SRV RR and the description of a "use case."
-
-4.6 DS RRSet at a Wild Card Domain Name
-
-   A DS RRSet owned by a wild card domain name is meaningless and
-   harmless.
-
-4.7 NSEC RRSet at a Wild Card Domain Name
-
-   Wild card domain names in DNSSEC signed zones will have an NSEC RRSet.
-   Synthesis of these records will only occur when the query exactly
-   matches the record.  Synthesized NSEC RR's will not be harmful as
-   they will never be used in negative caching or to generate a negative
-   response.
-
-4.8 RRSIG at a Wild Card Domain Name
-
-   RRSIG records will be present at a wild card domain name in a signed
-   zone, and will be synthesized along with data sought in a query.
-   The fact that the owner name is synthesized is not a problem as the
-   label count in the RRSIG will instruct the verifying code to ignore
-   it.
-
-4.9 Empty Non-terminal Wild Card Domain Name
-
-   If a source of synthesis is an empty non-terminal, then the response
-   will be one of no error in the return code and no RRSet in the answer
-   section.
-
-5. Security Considerations
-
-   This document is refining the specifications to make it more likely
-   that security can be added to DNS.  No functional additions are being
-   made, just refining what is considered proper to allow the DNS,
-   security of the DNS, and extending the DNS to be more predictable.
-
-6. IANA Considerations
-
-    None.
-
-7. References
-
-   Normative References
-
-   [RFC20]   ASCII Format for Network Interchange, V.G. Cerf, Oct-16-1969
-
-   [RFC1034] Domain Names - Concepts and Facilities, P.V. Mockapetris,
-             Nov-01-1987
-
-   [RFC1035] Domain Names - Implementation and Specification, P.V
-             Mockapetris, Nov-01-1987
-
-   [RFC1995] Incremental Zone Transfer in DNS, M. Ohta, August 1996
-
-   [RFC2119] Key Words for Use in RFCs to Indicate Requirement Levels, S
-             Bradner, March 1997
-
-   [RFC2181] Clarifications to the DNS Specification, R. Elz and R. Bush,
-             July 1997
-
-   [RFC2308] Negative Caching of DNS Queries (DNS NCACHE), M. Andrews,
-             March 1998
-
-   [RFC2782] A DNS RR for specifying the location of services (DNS SRV),
-             A. Gulbrandsen, et.al., February 2000
-
-   [RFC4033] DNS Security Introduction and Requirements, R. Arends,
-             et.al., March 2005
-
-   [RFC4034] Resource Records for the DNS Security Extensions, R. Arends,
-             et.al., March 2005
-
-   [RFC4035] Protocol Modifications for the DNS Security Extensions,
-             R. Arends, et.al., March 2005
-
-   [RFC2672] Non-Terminal DNS Name Redirection, M. Crawford, August 1999
-
-   Informative References
-
-   [RFC2136] Dynamic Updates in the Domain Name System (DNS UPDATE), P.
-             Vixie, Ed., S. Thomson, Y. Rekhter, J. Bound, April 1997
-
-8. Editor
-
-        Name:         Edward Lewis
-        Affiliation:  NeuStar
-        Address:      46000 Center Oak Plaza, Sterling, VA, 20166, US
-        Phone:        +1-571-434-5468
-        Email:        ed.lewis@neustar.biz
-
-   Comments on this document can be sent to the editor or the mailing
-   list for the DNSEXT WG, namedroppers@ops.ietf.org.
-
-9. Others Contributing to the Document
-
-   This document represents the work of a large working group.  The
-   editor merely recorded the collective wisdom of the working group.
-
-10. Trailing Boilerplate
-
-   Copyright (C) The Internet Society (2005).
-
-   This document is subject to the rights, licenses and restrictions
-   contained in BCP 78, and except as set forth therein, the authors
-   retain all their rights.
-
-   This document and the information contained herein are provided on an
-   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
-   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
-   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
-   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
-   The IETF takes no position regarding the validity or scope of any
-   Intellectual Property Rights or other rights that might be claimed to
-   pertain to the implementation or use of the technology described in
-   this document or the extent to which any license under such rights
-   might or might not be available; nor does it represent that it has
-   made any independent effort to identify any such rights.  Information
-   on the procedures with respect to rights in RFC documents can be
-   found in BCP 78 and BCP 79.
-
-   Copies of IPR disclosures made to the IETF Secretariat and any
-   assurances of licenses to be made available, or the result of an
-   attempt made to obtain a general license or permission for the use of
-   such proprietary rights by implementers or users of this
-   specification can be obtained from the IETF on-line IPR repository at
-   http://www.ietf.org/ipr.  The IETF invites any interested party to
-   bring to its attention any copyrights, patents or patent
-   applications, or other proprietary rights that may cover technology
-   that may be required to implement this standard.  Please address the
-   information to the IETF at ietf-ipr@ietf.org.
-
-Acknowledgement
-
-   Funding for the RFC Editor function is currently provided by the
-   Internet Society.
-
-Expiration
-
-   This document expires on or about November 11, 2005.
-
--- 
diff --git a/doc/draft/draft-ietf-dnsext-wcard-clarify-07.txt b/doc/draft/draft-ietf-dnsext-wcard-clarify-07.txt
new file mode 100644
index 0000000000..7f6f5a818b
--- /dev/null
+++ b/doc/draft/draft-ietf-dnsext-wcard-clarify-07.txt
@@ -0,0 +1,861 @@
+DNSEXT Working Group                                          E. Lewis
+INTERNET DRAFT                                                 NeuStar
+Expiration Date: November 16, 2005                        May 16, 2005
+
+                            The Role of Wildcards
+                          in the Domain Name System
+                    draft-ietf-dnsext-wcard-clarify-07.txt
+
+Status of this Memo
+
+    By submitting this Internet-Draft, each author represents that
+    any applicable patent or other IPR claims of which he or she is
+    aware have been or will be disclosed, and any of which he or she
+    becomes aware will be disclosed, in accordance with Section 6 of
+    BCP 79.
+
+    Internet-Drafts are working documents of the Internet Engineering
+    Task Force (IETF), its areas, and its working groups.  Note that
+    other groups may also distribute working documents as Internet-
+    Drafts.
+
+    Internet-Drafts are draft documents valid for a maximum of six
+    months and may be updated, replaced, or obsoleted by other
+    documents at any time.  It is inappropriate to use Internet-Drafts
+    as reference material or to cite them other than as "work in
+    progress."
+
+    The list of current Internet-Drafts can be accessed at
+      http://www.ietf.org/ietf/1id-abstracts.txt
+
+    The list of Internet-Draft Shadow Directories can be accessed at
+      http://www.ietf.org/shadow.html
+
+    This Internet-Draft will expire on November 16, 2005.
+
+Copyright Notice
+
+    Copyright (C) The Internet Society (2005).
+
+Abstract
+
+    This is an update to the wildcard definition of RFC 1034.  The
+    interaction with wildcards and CNAME is changed, an error
+    condition removed, and the words defining some concepts central
+    to wildcards are changed.  The overall goal is not to change
+    wildcards, but to refine the definition of RFC 1034.
+
+1 Introduction
+
+    In RFC 1034 [RFC1034], sections 4.3.2 and 4.3.3 describe the
+    synthesis of answers from special resource records called
+    wildcards.  The definition in RFC 1034 is incomplete and has
+    proven to be confusing.  This document describes the wildcard
+    synthesis by adding to the discussion and making limited
+    modifications.  Modifications are made to close inconsistencies
+    that have led to interoperability issues.  This description
+    does not expand the service intended by the original definition.
+
+    Staying within the spirit and style of the original documents,
+    this document avoids specifying rules for DNS implementations
+    regarding wildcards.  The intention is to only describe what is
+    needed for interoperability, not restrict implementation choices.
+    In addition, consideration has been given to minimize any
+    backwards compatibility with implementations that have complied
+    with RFC 1034's definition.
+
+    This document is focused on the concept of wildcards as defined
+    in RFC 1034.  Nothing is implied regarding alternative approaches,
+    nor are alternatives discussed.
+
+1.1 Motivation
+
+    Many DNS implementations have diverged with respect to wildcards
+    in different ways from the original definition, or at from least
+    what had been intended.  Although there is clearly a need to
+    clarify the original documents in light of this alone, the impetus
+    for this document lay in the engineering of the DNS security
+    extensions [RFC4033].  With an unclear definition of wildcards
+    the design of authenticated denial became entangled.
+
+    This document is intended to limit changes,  only those based on
+    implementation experience, and to remain as close to the original
+    document as possible.  To reinforce this, relevant sections of RFC
+    1034 are repeated verbatim to help compare the old and new text.
+
+1.2 The Original Definition
+
+    The context of the wildcard concept involves the algorithm by
+    which a name server prepares a response (in RFC 1034's section
+    4.3.2) and the way in which a resource record (set) is identified
+    as being a source of synthetic data (section 4.3.3).
+
+    The beginning of the discussion ought to start with the definition
+    of the term "wildcard" as it appears in RFC 1034, section 4.3.3.
+
+# In the previous algorithm, special treatment was given to RRs with
+# owner names starting with the label "*".  Such RRs are called
+# wildcards. Wildcard RRs can be thought of as instructions for
+# synthesizing RRs.  When the appropriate conditions are met, the name
+# server creates RRs with an owner name equal to the query name and
+# contents taken from the wildcard RRs.
+
+    This passage appears after the algorithm in which the term wildcard
+    is first used.   In this definition, wildcard refers to resource
+    records.  In other usage, wildcard has referred to domain names,
+    and it has been used to describe the operational practice of
+    relying on wildcards to generate answers.  It is clear from this
+    that there is a need to define clear and unambiguous terminology
+    in the process of discussing wildcards.
+
+    The mention of the use of wildcards in the preparation of a
+    response is contained in step 3c of RFC 1034's section 4.3.2
+    entitled "Algorithm." Note that "wildcard" does not appear in
+    the algorithm, instead references are made to the "*" label.
+    The portion of the algorithm relating to wildcards is
+    deconstructed in detail in section 3 of this document, this is
+    the beginning of the passage.
+
+#    c. If at some label, a match is impossible (i.e., the
+#       corresponding label does not exist), look to see if [...]
+#       the "*" label exists.
+
+    The scope of this document is the RFC 1034 definition of
+    wildcards and the implications of updates to those documents,
+    such as DNSSEC.  Alternate schemes for synthesizing answers are
+    not considered.  (Note that there is no reference listed.  No
+    document is known to describe any alternate schemes, although
+    there has been some mention of them in mailing lists.)
+
+1.3 This Document
+
+    This document accomplishes these three items.
+    o Defines new terms
+    o Makes minor changes to avoid conflicting concepts
+    o Describes the actions of certain resource records as wildcards
+
+1.3.1 New Terms
+
+    To help in discussing what resource records are wildcards, two
+    terms will be defined - "asterisk label" and "wild card domain
+    name".  These are defined in section 2.1.1.
+
+    To assist in clarifying the role of wildcards in the name server
+    algorithm in RFC 1034, 4.3.2, "source of synthesis" and "closest
+    encloser" are defined.  These definitions are in section 3.3.2.
+    "Label match" is defined in section 3.2.
+
+    The introduction of new terms ought not have an impact on any
+    existing implementations.  The new terms are used only to make
+    discussions of wildcards clearer.
+
+1.3.2 Changed Text
+
+    The definition of "existence" is changed, superficially.  This
+    change will not be apparent to implementations; it is needed to
+    make descriptions more precise.  The change appears in section
+    2.2.3.
+
+    RFC 1034, section 4.3.3., seems to prohibit having two asterisk
+    labels in a wildcard owner name.  With this document the
+    restriction is removed entirely.  This change and its implications
+    are in section 2.1.3.
+
+    The actions when a source of synthesis owns a CNAME RR are
+    changed to mirror the actions if an exact match name owns a
+    CNAME RR.  This is an addition to the words in RFC 1034,
+    section 4.3.2, step 3, part c.  The discussion of this is in
+    section 3.3.3.
+
+    Only the latter change represents an impact to implementations.
+    The definition of existence is not a protocol impact.  The change
+    to the restriction on names is unlikely to have an impact, as
+    there was no discussion of how to enforce the restriction.
+
+1.3.3 Considerations with Special Types
+
+    This document describes semantics of wildcard CNAME RRSets
+    [RFC2181], wildcard NS RRSets, wildcard SOA RRSets, wildcard
+    DNAME RRSets [RFC2672], wildcard DS RRSets [RFC TBD], and empty
+    non-terminal wildcards.  Understanding these types in the context
+    of wildcards has been clouded because these types incur special
+    processing if they are the result of an exact match.  This
+    discussion is in section 4.
+
+    These discussions do not have an implementation impact, they cover
+    existing knowledge of the types, but to a greater level of detail.
+
+1.4 Standards Terminology
+
+    This document does not use terms as defined in "Key words for use
+    in RFCs to Indicate Requirement Levels." [RFC2119]
+
+    Quotations of RFC 1034 are denoted by a '#' in the leftmost
+    column.
+
+2 Wildcard Syntax
+
+    The syntax of a wildcard is the same as any other DNS resource
+    record, across all classes and types.  The only significant
+    feature is the owner name.
+
+    Because wildcards are encoded as resource records with special
+    names, they are included in zone transfers and incremental zone
+    transfers[RFC1995].  This feature has been underappreciated until
+    discussions on alternative approaches to wildcards appeared on
+    mailing lists.
+
+2.1 Identifying a Wildcard
+
+    To provide a more accurate description of "wildcards", the
+    definition has to start with a discussion of the domain names
+    that appear as owners.  Two new terms are needed, "Asterisk
+    Label" and "Wild Card Domain Name."
+
+2.1.1 Wild Card Domain Name and Asterisk Label
+
+    A "wild card domain name" is defined by having its initial
+    (i.e., left-most or least significant) label be, in binary format:
+
+         0000 0001 0010 1010 (binary) = 0x01 0x2a (hexadecimal)
+
+    The first octet is the normal label type and length for a 1 octet
+    long label, the second octet is the ASCII representation [RFC20]
+    for the '*' character.
+
+    A descriptive name of a label equaling that value is an "asterisk
+    label."
+
+    RFC 1034's definition of wildcard would be "a resource record
+    owned by a wild card domain name."
+
+2.1.2 Asterisks and Other Characters
+
+    No label values other than that in section 2.1.1 are asterisk
+    labels, hence names beginning with other labels are never wild
+    card domain names.  Labels such as 'the*' and '**' are not
+    asterisk labels, they do not start wild card domain names.
+
+2.1.3 Non-terminal Wild Card Domain Names
+
+    In section 4.3.3, the following is stated:
+
+# ..........................  The owner name of the wildcard RRs is of
+# the form "*.", where  is any domain name.
+#  should not contain other * labels......................
+
+    This restriction is lifted because the original documentation of it
+    is incomplete and the restriction does not serve any purpose given
+    years of operational experience.
+
+    Indirectly, the above passage raises questions about wild card
+    domain names having subdomains and possibly being an empty
+    non-terminal.  By thinking of domain names such as
+    "*.example.*.example." and "*.*.example." and focusing on the
+    right-most asterisk label in each, the issues become apparent.
+
+    Although those example names have been restricted per RFC 1034,
+    a name such as "example.*.example." illustrates the same problems.
+    The sticky issue of subdomains and empty non-terminals is not
+    removed by the restriction.  With that conclusion, the restriction
+    appears to be meaningless, worse yet, it implies that an
+    implementation would have to perform checks that do little more
+    than waste CPU cycles.
+
+    A wild card domain name can have subdomains.  There is no need
+    to inspect the subdomains to see if there is another asterisk
+    label in any subdomain.
+
+    A wild card domain name can be an empty non-terminal.  (See the
+    upcoming sections on empty non-terminals.)  In this case, any
+    lookup encountering it will terminate as would any empty
+    non-terminal match.
+
+2.2 Existence Rules
+
+    The notion that a domain name 'exists' is mentioned in the
+    definition of wildcards.  In section 4.3.3 of RFC 1034:
+
+# Wildcard RRs do not apply:
+#
+...
+#   - When the query name or a name between the wildcard domain and
+#     the query name is know[n] to exist.  For example, if a wildcard
+
+    RFC 1034 also refers to non-existence in the process of generating
+    a response that results in a return code of "name error."
+    NXDOMAIN is introduced in RFC 2308, section 2.1 says "In this
+    case the domain ... does not exist." The overloading of the term
+    "existence" is confusing.
+
+    For the purposes of this document, a domain name is said to
+    exist if it plays a role in the execution of the algorithms in
+    RFC 1034.  This document avoids discussion determining when an
+    authoritative name error has occurred.
+
+2.2.1 An Example
+
+    To illustrate what is meant by existence consider this complete
+    zone:
+
+      $ORIGIN example.
+      example.                 3600 IN  SOA   
+      example.                 3600     NS    ns.example.com.
+      example.                 3600     NS    ns.example.net.
+      *.example.               3600     TXT   "this is a wild card"
+      *.example.               3600     MX    10 host1.example.
+      sub.*.example.           3600     TXT   "this is not a wild card"
+      host1.example.           3600     A     192.0.4.1
+      _ssh._tcp.host1.example. 3600     SRV  
+      _ssh._tcp.host2.example. 3600     SRV  
+      subdel.example.          3600     NS   ns.example.com.
+      subdel.example.          3600     NS   ns.example.net.
+
+    A look at the domain names in a tree structure is helpful:
+
+                                  |
+                  -------------example------------
+                 /           /         \          \
+                /           /           \          \
+               /           /             \          \
+              *          host1          host2      subdel
+              |            |             |
+              |            |             |
+             sub         _tcp          _tcp
+                           |             |
+                           |             |
+                         _ssh          _ssh
+
+    The following queries would be synthesized from one of the
+    wildcards:
+
+        QNAME=host3.example. QTYPE=MX, QCLASS=IN
+             the answer will be a "host3.example. IN MX ..."
+
+        QNAME=host3.example. QTYPE=A, QCLASS=IN
+             the answer will reflect "no error, but no data"
+             because there is no A RR set at '*.example.'
+
+        QNAME=foo.bar.example. QTYPE=TXT, QCLASS=IN
+             the answer will be "foo.bar.example. IN TXT ..."
+             because bar.example. does not exist, but the wildcard
+             does.
+
+    The following queries would not be synthesized from any of the
+    wildcards:
+
+        QNAME=host1.example., QTYPE=MX, QCLASS=IN
+             because host1.example. exists
+
+        QNAME=ghost.*.example., QTYPE=MX, QCLASS=IN
+             because *.example. exists
+
+        QNAME=sub.*.example., QTYPE=MX, QCLASS=IN
+             because sub.*.example. exists
+
+        QNAME=_telnet._tcp.host1.example., QTYPE=SRV, QCLASS=IN
+             because _tcp.host1.example. exists (without data)
+
+        QNAME=host.subdel.example., QTYPE=A, QCLASS=IN
+             because subdel.example. exists (and is a zone cut)
+
+2.2.2 Empty Non-terminals
+
+    Empty non-terminals [RFC2136, Section 7.16] are domain names
+    that own no resource records but have subdomains that do.  In
+    section 2.2.1, "_tcp.host1.example." is an example of a empty
+    non-terminal name.  Empty non-terminals are introduced by this
+    text in section 3.1 of RFC 1034:
+
+# The domain name space is a tree structure.  Each node and leaf on
+# the tree corresponds to a resource set (which may be empty).  The
+# domain system makes no distinctions between the uses of the
+# interior nodes and leaves, and this memo uses the term "node" to
+# refer to both.
+
+    The parenthesized "which may be empty" specifies that empty non-
+    terminals are explicitly recognized, and that empty non-terminals
+    "exist."
+
+    Pedantically reading the above paragraph can lead to an
+    interpretation that all possible domains exist - up to the
+    suggested limit of 255 octets for a domain name [RFC1035].
+    For example, www.example. may have an A RR, and as far as is
+    practically concerned, is a leaf of the domain tree.  But the
+    definition can be taken to mean that sub.www.example. also
+    exists, albeit with no data.  By extension, all possible domains
+    exist, from the root on down.  As RFC 1034 also defines "an
+    authoritative name error indicating that the name does not exist"
+    in section 4.3.1, this is not the intent of the original document.
+
+2.2.3 Yet Another Definition of Existence
+
+    RFC1034's wording is fixed by the following paragraph:
+
+    The domain name space is a tree structure.  Nodes in the tree
+    either own at least one RRSet and/or have descendants that
+    collectively own at least on RRSet.  A node may have no RRSets
+    if it has descendents that do, this node is a empty non-terminal.
+    A node may have its own RRSets and have descendants with RRSets
+    too.
+
+    A node with no descendants is a leaf node.  Empty leaf nodes do
+    not exist.
+
+    Note that at a zone boundary, the domain name owns data,
+    including the NS RR set.  At the delegating server, the NS RR
+    set is not authoritative, but that is of no consequence here.
+    The domain name owns data, therefore, it exists.
+
+2.3 When does a Wild Card Domain Name is not Special
+
+    When a wild card domain name appears in a message's query section,
+    no special processing occurs.  An asterisk label in a query name
+    only (label) matches an asterisk label in the existing zone tree
+    when the 4.3.2 algorithm is being followed.
+
+    When a wild card domain name appears in the resource data of a
+    record, no special processing occurs.  An asterisk label in that
+    context literally means just an asterisk.
+
+3. Impact of a Wild Card Domain Name On a Response
+
+    The description of how wildcards impact response generation is in
+    RFC 1034, section 4.3.2.  That passage contains the algorithm
+    followed by a server in constructing a response.  Within that
+    algorithm, step 3, part 'c' defines the behavior of the wild card.
+
+    The algorithm in RFC 1034, section 4.3.2. is not intended to be
+    pseudo code, i.e., its steps are not intended to be followed in
+    strict order.  The "algorithm" is a suggestion.  As such, in
+    step 3, parts a, b, and c, do not have to be implemented in
+    that order.
+
+3.1 Step 2
+
+    Step 2 of the RFC 1034's section 4.3.2 reads:
+
+#   2. Search the available zones for the zone which is the nearest
+#      ancestor to QNAME.  If such a zone is found, go to step 3,
+#      otherwise step 4.
+
+    In this step, the most appropriate zone for the response is
+    chosen.  The significance of this step is that it means all of
+    step 3 is being performed within one zone.  This has significance
+    when considering whether or not an SOA RR can be ever be used for
+    synthesis.
+
+3.2 Step 3
+
+    Step 3 is dominated by three parts, labelled 'a', 'b', and 'c'.
+    But the beginning of the step is important and needs explanation.
+
+#   3. Start matching down, label by label, in the zone.  The
+#      matching process can terminate several ways:
+
+    The word 'matching' refers to label matching.  The concept
+    is based in the view of the zone as the tree of existing names.
+    The query name is considered to be an ordered sequence of
+    labels - as if the name were a path from the root to the owner
+    of the desired data.  (Which it is - 3rd paragraph of RFC 1034,
+    section 3.1.)
+
+    The process of label matching a query name ends in exactly one of
+    three choices, the parts 'a', 'b', and 'c'.  Either the name is
+    found, the name is below a cut point, or the name is not found.
+
+    Once one of the parts is chosen, the other parts are not
+    considered.  (E.g., do not execute part 'c' and then change
+    the execution path to finish in part 'b'.)  The process of label
+    matching is also done independent of the query type (QTYPE).
+
+    Parts 'a' and 'b' are not an issue for this clarification as they
+    do not relate to record synthesis.  Part 'a' is an exact match
+    that results in an answer, part 'b' is a referral.  It is
+    possible, from the description given, that a query might fit
+    into both part a and part b, this is not within the scope of
+    this document.
+
+3.3 Part 'c'
+
+    The context of part 'c' is that the process of label matching the
+    labels of the query name has resulted in a situation in which
+    there is no corresponding label in the tree.  It is as if the
+    lookup has "fallen off the tree."
+
+#     c. If at some label, a match is impossible (i.e., the
+#        corresponding label does not exist), look to see if [...]
+#        the "*" label exists.
+
+    To help describe the process of looking 'to see if [...] the "*"
+    label exists' a term has been coined to describe the last domain
+    (node) matched.  The term is "closest encloser."
+
+3.3.1 Closest Encloser and the Source of Synthesis
+
+    The closest encloser is the node in the zone's tree of existing
+    domain names that has the most labels matching the query name
+    (consecutively, counting from the root label downward). Each match
+    is a "label match" and the order of the labels is the same.
+
+    The closest encloser is, by definition, an existing name in the
+    zone.  The closest encloser might be an empty non-terminal or even
+    be a wild card domain name itself.  In no circumstances is the
+    closest encloser to be used to synthesize records for the current
+    query.
+
+    The source of synthesis is defined in the context of a query
+    process as that wild card domain name immediately descending
+    from the closest encloser, provided that this wild card domain
+    name exists.  "Immediately descending" means that the source
+    of synthesis has a name of the form:
+          ..
+    A source of synthesis does not guarantee having a RRSet to use
+    for synthesis.  The source of synthesis could be an empty
+    non-terminal.
+
+    If the source of synthesis does not exist (not on the domain
+    tree), there will be no wildcard synthesis.  There is no search
+    for an alternate.
+
+    The important concept is that for any given lookup process, there
+    is at most one place at which wildcard synthetic records can be
+    obtained.  If the source of synthesis does not exist, the lookup
+    terminates, the lookup does not look for other wildcard records.
+
+3.3.2 Closest Encloser and Source of Synthesis Examples
+
+    To illustrate, using the example zone in section 2.2.1 of this
+    document, the following chart shows QNAMEs and the closest
+    enclosers.
+
+    QNAME                       Closest Encloser    Source of Synthesis
+    host3.example.              example.            *.example.
+    _telnet._tcp.host1.example. _tcp.host1.example. no source
+    _telnet._tcp.host2.example. host2.example.      no source
+    _telnet._tcp.host3.example. example.            *.example.
+    _chat._udp.host3.example.   example.            *.example.
+    foobar.*.example.           *.example.          no source
+
+3.3.3 Type Matching
+
+     RFC 1034 concludes part 'c' with this:
+
+#            If the "*" label does not exist, check whether the name
+#            we are looking for is the original QNAME in the query
+#            or a name we have followed due to a CNAME.  If the name
+#            is original, set an authoritative name error in the
+#            response and exit.  Otherwise just exit.
+#
+#            If the "*" label does exist, match RRs at that node
+#            against QTYPE.  If any match, copy them into the answer
+#            section, but set the owner of the RR to be QNAME, and
+#            not the node with the "*" label.  Go to step 6.
+
+    The final paragraph covers the role of the QTYPE in the lookup
+    process.
+
+    Based on implementation feedback and similarities between step
+    'a' and step 'c' a change to this passage has been made.
+
+    The change is to add the following text to step 'c':
+
+             If the data at the source of synthesis is a CNAME, and
+             QTYPE doesn't match CNAME, copy the CNAME RR into the
+             answer section of the response changing the owner name
+             to the QNAME, change QNAME to the canonical name in the
+             CNAME RR, and go back to step 1.
+
+    This is essentially the same text in step a covering the
+    processing of CNAME RRSets.
+
+4. Considerations with Special Types
+
+    Sections 2 and 3 of this document discuss wildcard synthesis
+    with respect to names in the domain tree and ignore the impact
+    of types.  In this section, the implication of wildcards of
+    specific types are discussed.  The types covered are those
+    that have proven to be the most difficult to understand.  The
+    types are SOA, NS, CNAME, DNAME, SRV, DS, NSEC, RRSIG and
+    "none," i.e., empty non-terminal wild card domain names.
+
+4.1 SOA RRSet at a Wild Card Domain Name
+
+    A wild card domain name owning an SOA RRSet means that the
+    domain is at the root of the zone (apex).  The domain can not
+    be a source of synthesis because that is, by definition, a
+    descendent node (of the closest encloser) and a zone apex is
+    at the top of the zone.
+
+    Although a wild card domain name owning an SOA RRSet can never
+    be a source of synthesis, there is no reason to forbid the
+    ownership of an SOA RRSet.
+
+    E.g., given this zone:
+           $ORIGIN *.example.
+           @                 3600 IN  SOA   
+                             3600     NS    ns1.example.com.
+                             3600     NS    ns1.example.net.
+           www               3600     TXT   "the www txt record"
+
+    A query for www.*.example.'s TXT record would still find the
+    "the www txt record" answer.  The reason is that the asterisk
+    label only becomes significant when RFC 1034's 4.3.2, step 3
+    part 'c' in in effect.
+
+    Of course, there would need to be a delegation in the parent
+    zone, "example." for this to work too.  This is covered in the
+    next section.
+
+4.2 NS RRSet at a Wild Card Domain Name
+
+    With the definition of DNSSEC [RFC4033, RFC4034, RFC4035] now
+    in place, the semantics of a wild card domain name owning an
+    NS RR has come to be poorly defined.  The dilemma relates to
+    a conflict between the rules for synthesis in part 'c' and the
+    fact that the resulting synthesis generates a record for which
+    the zone is not authoritative.  In a DNSSEC signed zone, the
+    mechanics of signature management (generation and inclusion
+    in a message) become unclear.
+
+    After some lengthy discussions, there has been no clear "best
+    answer" on how to document the semantics of such a situation.
+    Barring such records from the DNS would require definition of
+    rules for that, as well as introducing a restriction on records
+    that were once legal.  Allowing such records and amending the
+    process of signature management would entail complicating the
+    DNSSEC definition.
+
+    Combining these observations with thought that a wild card
+    domain name owning an NS record is an operationally uninteresting
+    scenario, i.e., it won't happen in the normal course of events,
+    accomodating this situation in the specification would also be
+    categorized as "needless complication." Further, expending more
+    effort on this topic has proven to be an exercise in diminishing
+    returns.
+
+    In summary, there is no definition given for wild card domain
+    names owning an NS RRSet.  The semantics are left undefined until
+    there is a clear need to have a set defined, and until there is
+    a clear direction to proceed.  Operationally, inclusion of wild
+    card NS RRSets in a zone is discouraged, but not barred.
+
+4.3 CNAME RRSet at a Wild Card Domain Name
+
+    The issue of a CNAME RRSet owned by a wild card domain name has
+    prompted a suggested change to the last paragraph of step 3c of
+    the algorithm in 4.3.2.  The changed text appears in section
+    3.3.3 of this document.
+
+4.4 DNAME RRSet at a Wild Card Domain Name
+
+    Ownership of a DNAME RRSet by a wild card domain name
+    represents a threat to the coherency of the DNS and is to be
+    avoided or outright rejected.  Such a DNAME RRSet represents
+    non-deterministic synthesis of rules fed to different caches.
+    As caches are fed the different rules (in an unpredictable
+    manner) the caches will cease to be coherent.  ("As caches
+    are fed" refers to the storage in a cache of records obtained
+    in responses by recursive or iterative servers.)
+
+    For example, assume one cache, responding to a recursive request,
+    obtains the record "a.b.example. DNAME foo.bar.tld." and another
+    cache obtains "b.example. DNAME foo.bar.tld.", both generated
+    from the record "*.example. DNAME foo.bar.tld." by an
+    authoritative server.
+
+    The DNAME specification is not clear on whether DNAME records
+    in a cache are used to rewrite queries.  In some interpretations,
+    the rewrite occurs, in some, it is not.  Allowing for the
+    occurrence of rewriting, queries for "sub.a.b.example. A" may
+    be rewritten as "sub.foo.bar.tld. A" by the former caching
+    server and may be rewritten as "sub.a.foo.bar.tld. A" by the
+    latter.  Coherency is lost, an operational nightmare ensues.
+
+    Another justification for banning or avoiding wildcard DNAME
+    records is the observation that such a record could synthesize
+    a DNAME owned by "sub.foo.bar.example." and "foo.bar.example."
+    There is a restriction in the DNAME definition that no domain
+    exist below a DNAME-owning domain, hence, the wildcard DNAME
+    is not to be permitted.
+
+4.5 SRV RRSet at a Wild Card Domain Name
+
+    The definition of the SRV RRset is RFC 2782 [RFC2782].  In the
+    definition of the record, there is some confusion over the term
+    "Name."  The definition reads as follows:
+
+# The format of the SRV RR
+...
+#    _Service._Proto.Name TTL Class SRV Priority Weight Port Target
+...
+#  Name
+#   The domain this RR refers to.  The SRV RR is unique in that the
+#   name one searches for is not this name; the example near the end
+#   shows this clearly.
+
+    Do not confuse the definition "Name" with a domain name.  I.e.,
+    once removing the _Service and _Proto labels from the owner name
+    of the SRV RRSet, what remains could be a wild card domain name
+    but this is immaterial to the SRV RRSet.
+
+    E.g.,  If an SRV record is:
+       _foo._udp.*.example. 10800 IN SRV 0 1 9 old-slow-box.example.
+
+    *.example is a wild card domain name and although it it the Name
+    of the SRV RR, it is not the owner (domain name).  The owner
+    domain name is "_foo._udp.*.example." which is not a wild card
+    domain name.
+
+    The confusion is likely based on the mixture of the specification
+    of the SRV RR and the description of a "use case."
+
+4.6 DS RRSet at a Wild Card Domain Name
+
+    A DS RRSet owned by a wild card domain name is meaningless and
+    harmless.
+
+4.7 NSEC RRSet at a Wild Card Domain Name
+
+    Wild card domain names in DNSSEC signed zones will have an NSEC
+    RRSet.  Synthesis of these records will only occur when the
+    query exactly matches the record.  Synthesized NSEC RR's will not
+    be harmful as they will never be used in negative caching or to
+    generate a negative response.
+
+4.8 RRSIG at a Wild Card Domain Name
+
+    RRSIG records will be present at a wild card domain name in a
+    signed zone, and will be synthesized along with data sought in a
+    query.  The fact that the owner name is synthesized is not a
+    problem as the label count in the RRSIG will instruct the
+    verifying code to ignore it.
+
+4.9 Empty Non-terminal Wild Card Domain Name
+
+    If a source of synthesis is an empty non-terminal, then the
+    response will be one of no error in the return code and no RRSet
+    in the answer section.
+
+5. Security Considerations
+
+    This document is refining the specifications to make it more
+    likely that security can be added to DNS.  No functional
+    additions are being made, just refining what is considered
+    proper to allow the DNS, security of the DNS, and extending
+    the DNS to be more predictable.
+
+6. IANA Considerations
+
+     None.
+
+7. References
+
+    Normative References
+
+    [RFC20]   ASCII Format for Network Interchange, V.G. Cerf,
+              Oct-16-1969
+
+    [RFC1034] Domain Names - Concepts and Facilities,
+              P.V. Mockapetris, Nov-01-1987
+
+    [RFC1035] Domain Names - Implementation and Specification, P.V
+              Mockapetris, Nov-01-1987
+
+    [RFC1995] Incremental Zone Transfer in DNS, M. Ohta, August 1996
+
+    [RFC2119] Key Words for Use in RFCs to Indicate Requirement
+              Levels, S Bradner, March 1997
+
+    [RFC2181] Clarifications to the DNS Specification, R. Elz and
+              R. Bush, July 1997
+
+    [RFC2308] Negative Caching of DNS Queries (DNS NCACHE),
+              M. Andrews, March 1998
+
+    [RFC2782] A DNS RR for specifying the location of services (DNS
+              SRV), A. Gulbrandsen, et.al., February 2000
+
+    [RFC4033] DNS Security Introduction and Requirements, R. Arends,
+              et.al., March 2005
+
+    [RFC4034] Resource Records for the DNS Security Extensions,
+              R. Arends, et.al., March 2005
+
+    [RFC4035] Protocol Modifications for the DNS Security Extensions,
+              R. Arends, et.al., March 2005
+
+    [RFC2672] Non-Terminal DNS Name Redirection, M. Crawford,
+              August 1999
+
+    Informative References
+
+    [RFC2136] Dynamic Updates in the Domain Name System (DNS UPDATE),
+              P. Vixie, Ed., S. Thomson, Y. Rekhter, J. Bound,
+              April 1997
+
+8. Editor
+
+         Name:         Edward Lewis
+         Affiliation:  NeuStar
+         Address:      46000 Center Oak Plaza, Sterling, VA, 20166, US
+         Phone:        +1-571-434-5468
+         Email:        ed.lewis@neustar.biz
+
+    Comments on this document can be sent to the editor or the mailing
+    list for the DNSEXT WG, namedroppers@ops.ietf.org.
+
+9. Others Contributing to the Document
+
+    This document represents the work of a large working group.  The
+    editor merely recorded the collective wisdom of the working group.
+
+10. Trailing Boilerplate
+
+    Copyright (C) The Internet Society (2005).
+
+    This document is subject to the rights, licenses and restrictions
+    contained in BCP 78, and except as set forth therein, the authors
+    retain all their rights.
+
+    This document and the information contained herein are provided
+    on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION
+    HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET
+    SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
+    WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+    ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
+    INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+    The IETF takes no position regarding the validity or scope of
+    any Intellectual Property Rights or other rights that might
+    be claimed to pertain to the implementation or use of the
+    technology described in this document or the extent to which
+    any license under such rights might or might not be available;
+    nor does it represent that it has made any independent effort
+    to identify any such rights.  Information on the procedures
+    with respect to rights in RFC documents can be found in BCP 78
+    and BCP 79.
+
+    Copies of IPR disclosures made to the IETF Secretariat and any
+    assurances of licenses to be made available, or the result of an
+    attempt made to obtain a general license or permission for the
+    use of such proprietary rights by implementers or users of this
+    specification can be obtained from the IETF on-line IPR
+    repository at http://www.ietf.org/ipr.  The IETF invites any
+    interested party to bring to its attention any copyrights,
+    patents or patent applications, or other proprietary rights
+    that may cover technology that may be required to implement
+    this standard.  Please address the information to the IETF at
+    ietf-ipr@ietf.org.
+
+Acknowledgement
+
+    Funding for the RFC Editor function is currently provided by the
+    Internet Society.
+
+Expiration
+
+    This document expires on or about November 16, 2005.
\ No newline at end of file

From 1cf240631e4805fb5fe73fc4440cf6270a8bef72 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 23:15:07 +0000
Subject: [PATCH 030/148] auto update

---
 doc/private/branches | 188 +++++++++++++++++++++----------------------
 1 file changed, 94 insertions(+), 94 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 7d0b960270..dac0a5cc04 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -1,6 +1,6 @@
 
 Branch				Status	Whom	(Comments)
--------------------------------------------------------
+----------------------------------------------------------
 
 additional_cache		review		(additional RRs caching for performance)
 additional_cache_rt6496		new	
@@ -9,7 +9,6 @@ bind9-gss-tsig			new
 bind9-gsstsig			new	
 compiled_zonefile		open		(wire format zone file, under development)
 da				new	
-delegation_only			closed	
 dlz				open	sra	(dynamicly loadable zones)
 ds				new	
 ds13				new	
@@ -25,93 +24,22 @@ peter				private	peter	(hostname.bind for 9.2.x)
 queryperf-v6			review		(IPv6 transport support for queryperf)
 rdata_split			new	
 rt10038				new	
-rt10049				closed	
-rt10105				closed	
-rt10114				closed	
-rt10115				closed	
-rt10131				closed	
-rt10147				closed	
-rt10148				closed	
-rt10150				closed	
-rt10194				closed	
-rt10202				closed	
-rt10208				closed	
-rt10221				closed	
-rt10236				closed	
 rt10272				new	
 rt10272a			new	
-rt10331				closed	
-rt10345				closed	
-rt10346				closed	
-rt10381				closed	
 rt10440				new	
 rt10440a			new	
-rt10452				closed	
-rt10461				closed	
-rt10497				closed	
-rt10508				closed	
-rt10565				closed	
-rt10590				closed	
-rt10642				closed	
-rt10704				closed	
-rt10764				closed	(empty)	
-rt10838				closed	
-rt10847				closed	
-rt10861				closed	
-rt10864				open	marka	
-rt10920				closed	
-rt10925				closed	
-rt10929				closed	
-rt10991				closed	
-rt11013				closed	
-rt11065				closed	
+rt10864				open	marka
 rt11069				new	
 rt11069_v9_2			new	
-rt11101				closed	
-rt11116				closed	
-rt11117				closed	
-rt11118				closed	
-rt11119				closed	
-rt11127				closed	
-rt11132				closed	
-rt11149				closed	
 rt11156				new	
 rt11156_v9_2			new	
 rt11163				new	
 rt11163_1			new	
-rt11177				closed	
-rt11179				closed	
 rt11206				new	
-rt11208				closed	
-rt11237				closed	
-rt11280				closed	
-rt11288				closed	
-rt11331				closed	
-rt113347			closed	(rt11347)
-rt11360				closed	
-rt11398				closed
 rt11398a			open	sra	(doxygen dev)
-rt11398b			closed
-rt11398c			closed	
-rt11432				closed	
-rt11436				closed	
-rt11439				closed
-rt11445				closed	
-rt11446				closed	
-rt11486				closed	
-rt11541				closed	
-rt11542				closed	
-rt11543				open	jakob	
-rt11582				closed	
-rt11595				closed	
-rt11600				closed	
-rt11681				closed	
-rt11697				closed	
-rt11706				closed	
-rt11714				closed	
+rt11543				open	jakob
 rt11733				new	
 rt11733b			new	
-rt11742				closed	
 rt11943				new	
 rt12023				new	
 rt12024				new	
@@ -224,7 +152,6 @@ rt1572a				new
 rt288				new	
 rt3469				new	
 rt3517				new	
-rt3746				closed	marka
 rt3746_lidl			new	
 rt4389				new	
 rt4404				new	
@@ -278,31 +205,19 @@ rt9442				new
 rt9475				new	
 rt9479				new	
 rt9479_v9_2			new	
-rt9940				closed	
-rt9941				closed	
 rt9976				review	jakob
-rt9979				closed	
-rt9989				closed	
-rt9997				closed	
-rt9997a				closed	
-rt9998				closed	
 skan				new	
 skan-metazones1			new	
-skan-tcr			closed	
-skan-typecode-roll		closed	
-skan-typecode-roll2		closed	
 skan_implicit_update1		new	
 skan_stats1			new	
 stats_lidl			new	
 v6source			new	
-v9_0				closed	
-v9_1				active	(security fixes only)
+v9_1				active		(security fixes only)
 v9_1_1_base			new	
 v9_1_1_patch			new	
-v9_1_3_delegation_only		closed	
 v9_1_3_do_base			new	
 v9_1_4_base			new	
-v9_2				active
+v9_2				active	
 v9_2_0_patch			new	
 v9_2_2_delegation_only		new	
 v9_2_2base			new	
@@ -311,16 +226,13 @@ v9_3				active
 v9_3_0base			new	
 v9_3_0beta2_dlv			new	
 v9_4				active	
-ws20030120			closed	(workshop branch)	
-ws20030120_tcr			closed	(workshop branch)	
-ws20030312_optin		closed	(workshop branch)	
-ws20030312_tcr			closed	(workshop branch)	
 
 
 a6_remove			closed
 adb_race			closed
 blabel-cleanup			closed
 chroot				closed
+delegation_only			closed
 ds_12				closed
 edns_size			closed
 ifiter_getifaddrs		closed
@@ -330,9 +242,80 @@ ipv6-scope			closed
 ipv6_6to4			closed
 ksk				closed
 marka_google			closed
+rt10049				closed
+rt10105				closed
+rt10114				closed
+rt10115				closed
+rt10131				closed
 rt10132				closed
 rt10133				closed
 rt10134				closed
+rt10147				closed
+rt10148				closed
+rt10150				closed
+rt10194				closed
+rt10202				closed
+rt10208				closed
+rt10221				closed
+rt10236				closed
+rt10331				closed
+rt10345				closed
+rt10346				closed
+rt10381				closed
+rt10452				closed
+rt10461				closed
+rt10497				closed
+rt10508				closed
+rt10565				closed
+rt10590				closed
+rt10642				closed
+rt10704				closed
+rt10764				closed		(empty)
+rt10838				closed
+rt10847				closed
+rt10861				closed
+rt10920				closed
+rt10925				closed
+rt10929				closed
+rt10991				closed
+rt11013				closed
+rt11065				closed
+rt11101				closed
+rt11116				closed
+rt11117				closed
+rt11118				closed
+rt11119				closed
+rt11127				closed
+rt11132				closed
+rt11149				closed
+rt11177				closed
+rt11179				closed
+rt11208				closed
+rt11237				closed
+rt11280				closed
+rt11288				closed
+rt11331				closed
+rt113347			closed		(rt11347)
+rt11360				closed
+rt11398				closed
+rt11398b			closed
+rt11398c			closed
+rt11432				closed
+rt11436				closed
+rt11439				closed
+rt11445				closed
+rt11446				closed
+rt11486				closed
+rt11541				closed
+rt11542				closed
+rt11582				closed
+rt11595				closed
+rt11600				closed
+rt11681				closed
+rt11697				closed
+rt11706				closed
+rt11714				closed
+rt11742				closed
 rt3445				closed
 rt3502				closed
 rt3507				closed		(pull down by explorer)
@@ -342,6 +325,7 @@ rt3598				closed
 rt3625				closed
 rt3653				closed
 rt3666				closed
+rt3746				closed
 rt3892				closed
 rt3907				closed
 rt4090				closed
@@ -370,4 +354,20 @@ rt5099				closed
 rt5124				closed
 rt5127				closed
 rt7572				closed
+rt9940				closed
+rt9941				closed
+rt9979				closed
+rt9989				closed
+rt9997				closed
+rt9997a				closed
+rt9998				closed
+skan-tcr			closed
+skan-typecode-roll		closed
+skan-typecode-roll2		closed
 slavefix			closed
+v9_0				closed
+v9_1_3_delegation_only		closed
+ws20030120			closed		(workshop branch)
+ws20030120_tcr			closed		(workshop branch)
+ws20030312_optin		closed		(workshop branch)
+ws20030312_tcr			closed		(workshop branch)

From 95317501208f3bf5b159e6a40801b7069f68c486 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 23:35:37 +0000
Subject: [PATCH 031/148] add comment

---
 util/update_branches | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/util/update_branches b/util/update_branches
index 2773aa46ab..8b8d42a918 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,22 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.7 2005/05/16 07:03:47 marka Exp $
+# $Id: update_branches,v 1.8 2005/05/16 23:35:37 marka Exp $
+
+#
+#  Track which branches are still open or not in the bind9 cvs repository.
+#  This is done so that work that is "in progress" (active) doesn't get
+#  so easily forgotten about.
+#
+#  This script updates doc/private/branches by adding new branches and moving
+#  closed branches to the end of the file.  New branches are found by walking
+#  the cvs repository and extracting the new branches from the header fields
+#  of the files there.
+#
+#  doc/private/branches has one line per branch in the following field order:
+#  name, status, to whom the branch belongs and comments.  Comments are
+#  in '(',')'.  The first three field are single words.
+#
 
 %branches = ();
 %whom = ();

From 01163d188b89911c3a23fe1125a4cab6764a408c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 23:38:45 +0000
Subject: [PATCH 032/148] add comment

---
 util/update_branches | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 8b8d42a918..333e15f151 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.8 2005/05/16 23:35:37 marka Exp $
+# $Id: update_branches,v 1.9 2005/05/16 23:38:45 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -35,7 +35,11 @@
 %whom = ();
 %comments = ();
 
-!system("cvs", "-d", "/proj/cvs/prod", "update", "doc/private/branches") || die "cannot update doc/private/branches: $!";
+#
+# Make sure we have a up to date copy.  If the previous ran failed for
+# any reason remove it (-C).
+#
+!system("cvs", "-d", "/proj/cvs/prod", "update", "-C", "doc/private/branches") || die "cannot update doc/private/branches: $!";
 
 #
 # load existing content

From 37fa2164186c66fed3025ce0ecfa43b6ae867c5a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 16 May 2005 23:57:08 +0000
Subject: [PATCH 033/148] add update_branches

---
 util/copyrights | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/copyrights b/util/copyrights
index 47a4fcb2be..09f584117f 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2352,6 +2352,7 @@
 ./util/spacewhack.pl				PERL	2000,2001,2004
 ./util/tabify-changes				SH	2004
 ./util/update-drafts.pl				PERL	2000,2001,2004
+./util/update_branches				PERL	2005
 ./util/update_copyrights			PERL	1998,1999,2000,2001,2004,2005
 ./version					X	1999,2000,2001
 ./win32utils/BINDBuild.dsw			X	2001

From 61a03692ab84504fb2bd85b71facfe0f6456b466 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 00:45:16 +0000
Subject: [PATCH 034/148] use "cvs log -h"

---
 util/update_branches | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 333e15f151..70fb8771c5 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.9 2005/05/16 23:38:45 marka Exp $
+# $Id: update_branches,v 1.10 2005/05/17 00:45:16 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -74,13 +74,21 @@ while () {
 	chomp;
 	# print "file: $_\n"; # debug
 	# $file = $_; # save for branch debug below.
-	open(FILE, "<$_") || die "can't open $_: $!";
+	s:/proj/cvs/prod/bind9/::;
+	s:/Attic/([^/]*)$:/$1:;
+	s:^Attic/([^/]*)$:$1:;
+	s:,v$::;
+	#
+	# use cvs so that the file is locked.
+	#
+	open(FILE, "cvs log -h $_|") || die "can't start cvs log -h $_: $!";
 	while () {
 		chomp;
 		next unless m/^symbols$/;	# skip until we find the tags
 		while () {
 			chomp;
 			last if (m/^locks;/);	# we are past the tags
+			last if (m/^keyword/);	# we are past the tags
 			next unless m/\.0\.\d$/; # skip if not a branch
 			s/\s(.*):.*/$1/;	# extract label
 			if (!$branches{$_}) {

From bdfd62f497fe0d5281c25b61271595a4c821a040 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 00:57:31 +0000
Subject: [PATCH 035/148] use // for comments

---
 util/update_branches | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 70fb8771c5..2ec10d7d5f 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.10 2005/05/17 00:45:16 marka Exp $
+# $Id: update_branches,v 1.11 2005/05/17 00:57:31 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -50,10 +50,16 @@ while () {
 	next if (/^-/);
 	next if (/^Branch/);
 	$c = "";
-	if (m/\(.*\)/) {
+	if (m://.*:) {
 		$c = $_;
-		$c =~ s/.*(\(.*\)).*$/$1/;
-		s/\(.*\)//;
+		$c =~ s:.*?//(.*)$:$1:;
+		s:(.*?)//.*:$1:;
+	} else {
+		if (m/\(.*\)/) {
+			$c = $_;
+			$c =~ s/.*\((.*)\).*$/$1/;
+			s/\(.*\)//;
+		}
 	}
 	s/\s$//;
 	next if (/^\s*$/);

From 133015326138df036e018e197017f9086cb8e135 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 00:58:41 +0000
Subject: [PATCH 036/148] add comment leader

---
 util/update_branches | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 2ec10d7d5f..a020e31677 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.11 2005/05/17 00:57:31 marka Exp $
+# $Id: update_branches,v 1.12 2005/05/17 00:58:41 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -134,7 +134,7 @@ foreach $key (sort keys %branches) {
 	}
 	print BRANCHES "$branches{$key}\t";
 	print BRANCHES "$whom{$key}";
-	print BRANCHES "\t$comments{$key}" if ($comments{$key} ne "");
+	print BRANCHES "\t//$comments{$key}" if ($comments{$key} ne "");
 	print BRANCHES "\n";
 }
 
@@ -157,7 +157,7 @@ foreach $key (sort keys %branches) {
 		printf	BRANCHES "\t";
 	}
 	print BRANCHES "$branches{$key}";
-	print BRANCHES "\t\t$comments{$key}" if ($comments{$key} ne "");
+	print BRANCHES "\t\t//$comments{$key}" if ($comments{$key} ne "");
 	print BRANCHES "\n";
 }
 close(BRANCHES);

From 444c4d42aae36ea373f3b0c244b4c7c48b5f551b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:26:58 +0000
Subject: [PATCH 037/148] auto update

---
 doc/private/branches | 41 ++++++++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index dac0a5cc04..235c7eb82f 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -1,15 +1,22 @@
 
-Branch				Status	Whom	(Comments)
+Branch				Status	Whom	// Comments
 ----------------------------------------------------------
 
-additional_cache		review		(additional RRs caching for performance)
+//					new	// not yet clasified
+//					open	// developement branch
+//					active	// not a development branch
+//					review	// ready for review
+//					private	// private branch
+//					closed	// finished with
+
+additional_cache		review		// additional RRs caching for performance
 additional_cache_rt6496		new	
 avoid_gettimeofday		new	
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
-compiled_zonefile		open		(wire format zone file, under development)
+compiled_zonefile		open		// wire format zone file, under development
 da				new	
-dlz				open	sra	(dynamicly loadable zones)
+dlz				open	sra	// dynamicly loadable zones
 ds				new	
 ds13				new	
 edns1				new	
@@ -20,8 +27,8 @@ mlg-20000518			new
 newconfig			new	
 openssl_stub			open	marka
 optin				new	
-peter				private	peter	(hostname.bind for 9.2.x)
-queryperf-v6			review		(IPv6 transport support for queryperf)
+peter				private	peter	// hostname.bind for 9.2.x
+queryperf-v6			review		// IPv6 transport support for queryperf
 rdata_split			new	
 rt10038				new	
 rt10272				new	
@@ -36,7 +43,7 @@ rt11156_v9_2			new
 rt11163				new	
 rt11163_1			new	
 rt11206				new	
-rt11398a			open	sra	(doxygen dev)
+rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
 rt11733				new	
 rt11733b			new	
@@ -190,7 +197,7 @@ rt8138				new
 rt8358				new	
 rt8373				new	
 rt8534				new	
-rt8753				review		(support IPv6-scoped addr in dig)
+rt8753				review		// support IPv6-scoped addr in dig
 rt8934				new	
 rt9091				new	
 rt9099				new	
@@ -212,7 +219,7 @@ skan_implicit_update1		new
 skan_stats1			new	
 stats_lidl			new	
 v6source			new	
-v9_1				active		(security fixes only)
+v9_1				active		// security fixes only
 v9_1_1_base			new	
 v9_1_1_patch			new	
 v9_1_3_do_base			new	
@@ -270,7 +277,7 @@ rt10565				closed
 rt10590				closed
 rt10642				closed
 rt10704				closed
-rt10764				closed		(empty)
+rt10764				closed		// empty
 rt10838				closed
 rt10847				closed
 rt10861				closed
@@ -295,7 +302,7 @@ rt11237				closed
 rt11280				closed
 rt11288				closed
 rt11331				closed
-rt113347			closed		(rt11347)
+rt113347			closed		// rt11347
 rt11360				closed
 rt11398				closed
 rt11398b			closed
@@ -318,8 +325,8 @@ rt11714				closed
 rt11742				closed
 rt3445				closed
 rt3502				closed
-rt3507				closed		(pull down by explorer)
-rt3536				closed		(ixfr)
+rt3507				closed		// pull down by explorer
+rt3536				closed		// ixfr
 rt3588				closed
 rt3598				closed
 rt3625				closed
@@ -367,7 +374,7 @@ skan-typecode-roll2		closed
 slavefix			closed
 v9_0				closed
 v9_1_3_delegation_only		closed
-ws20030120			closed		(workshop branch)
-ws20030120_tcr			closed		(workshop branch)
-ws20030312_optin		closed		(workshop branch)
-ws20030312_tcr			closed		(workshop branch)
+ws20030120			closed		// workshop branch
+ws20030120_tcr			closed		// workshop branch
+ws20030312_optin		closed		// workshop branch
+ws20030312_tcr			closed		// workshop branch

From b08e3be5dbfba22719ae9c428bd6853ac6f09798 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:31:44 +0000
Subject: [PATCH 038/148] use rtag, parameterize repository and module

---
 util/update_branches | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index a020e31677..ae6ce533da 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.12 2005/05/17 00:58:41 marka Exp $
+# $Id: update_branches,v 1.13 2005/05/17 03:31:44 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -34,12 +34,14 @@
 %branches = ();
 %whom = ();
 %comments = ();
+$repository = "/proj/cvs/prod";
+$module = "bind9";
 
 #
 # Make sure we have a up to date copy.  If the previous ran failed for
 # any reason remove it (-C).
 #
-!system("cvs", "-d", "/proj/cvs/prod", "update", "-C", "doc/private/branches") || die "cannot update doc/private/branches: $!";
+!system("cvs", "-d", $repository, "update", "-C", "doc/private/branches") || die "cannot update doc/private/branches: $!";
 
 #
 # load existing content
@@ -52,9 +54,12 @@ while () {
 	$c = "";
 	if (m://.*:) {
 		$c = $_;
-		$c =~ s:.*?//(.*)$:$1:;
+		$c =~ s:.*?//\s*(.*)$:$1:;
 		s:(.*?)//.*:$1:;
 	} else {
+		#
+		# look for old style comment
+		#
 		if (m/\(.*\)/) {
 			$c = $_;
 			$c =~ s/.*\((.*)\).*$/$1/;
@@ -75,19 +80,19 @@ close (BRANCHES);
 #
 # Search repository for new branches.
 #
-open(FILES, "find /proj/cvs/prod/bind9 -type f -name *,v -print |") || die "can't start find: $!";
+open(FILES, "find $repository/$module -type f -name *,v -print |") || die "can't start find: $!";
 while () {
 	chomp;
 	# print "file: $_\n"; # debug
 	# $file = $_; # save for branch debug below.
-	s:/proj/cvs/prod/bind9/::;
+	s:^$repository/::;
 	s:/Attic/([^/]*)$:/$1:;
-	s:^Attic/([^/]*)$:$1:;
 	s:,v$::;
 	#
 	# use cvs so that the file is locked.
 	#
-	open(FILE, "cvs log -h $_|") || die "can't start cvs log -h $_: $!";
+	#print "cvs -d $repository rlog -h $_\n";
+	open(FILE, "cvs -d $repository rlog -h $_|") || die "can't start cvs rlog -h $_: $!";
 	while () {
 		chomp;
 		next unless m/^symbols$/;	# skip until we find the tags
@@ -104,7 +109,7 @@ while () {
 				# print "branch: $_ $file\n"; # debug
 			}
 		}
-		last;
+		chomp while ();	# let cvs rlog exit normally.
 	}
 	close(FILE);
 }
@@ -114,8 +119,15 @@ close(FILES);
 # Write out updated version.
 #
 open(BRANCHES, ">doc/private/newbranches") || die "can't open doc/private/branches: $!";
-print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\t(Comments)\n";
+print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\t// Comments\n";
 print BRANCHES "----------------------------------------------------------\n\n";
+print BRANCHES "//\t\t\t\tnew\tnot yet clasified\n";
+print BRANCHES "//\t\t\t\topen\tdevelopement branch\n";
+print BRANCHES "//\t\t\t\tactive\tnot a development branch\n";
+print BRANCHES "//\t\t\t\treview\tready for review\n";
+print BRANCHES "//\t\t\t\tprivate\tprivate branch\n";
+print BRANCHES "//\t\t\t\tclosed\tfinished with\n";
+print BRANCHES "\n";
 foreach $key (sort keys %branches) {
 	next if ($branches{$key} eq "closed");
 	print BRANCHES "$key";
@@ -134,7 +146,7 @@ foreach $key (sort keys %branches) {
 	}
 	print BRANCHES "$branches{$key}\t";
 	print BRANCHES "$whom{$key}";
-	print BRANCHES "\t//$comments{$key}" if ($comments{$key} ne "");
+	print BRANCHES "\t// $comments{$key}" if ($comments{$key} ne "");
 	print BRANCHES "\n";
 }
 
@@ -157,7 +169,7 @@ foreach $key (sort keys %branches) {
 		printf	BRANCHES "\t";
 	}
 	print BRANCHES "$branches{$key}";
-	print BRANCHES "\t\t//$comments{$key}" if ($comments{$key} ne "");
+	print BRANCHES "\t\t// $comments{$key}" if ($comments{$key} ne "");
 	print BRANCHES "\n";
 }
 close(BRANCHES);
@@ -167,7 +179,7 @@ close(BRANCHES);
 #
 if (system("cmp", "-s", "doc/private/newbranches", "doc/private/branches")) {
 	rename("doc/private/newbranches", "doc/private/branches") || die "Cannot rename: doc/private/newbranches -> doc/private/branches: $!";
-	!system("cvs", "-d", "/proj/cvs/prod", "commit", "-m", "auto update", "doc/private/branches") || die "cvs commit failed: $!";
+	!system("cvs", "-d", $repository, "commit", "-m", "auto update", "doc/private/branches") || die "cvs commit failed: $!";
 } else {
 	unlink("doc/private/newbranches");
 }

From efde7c2fb507ed1e54950eac49634af81bd1ab5c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:36:44 +0000
Subject: [PATCH 039/148] spelling

---
 util/update_branches | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index ae6ce533da..93651f6bd4 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.13 2005/05/17 03:31:44 marka Exp $
+# $Id: update_branches,v 1.14 2005/05/17 03:36:44 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -121,7 +121,7 @@ close(FILES);
 open(BRANCHES, ">doc/private/newbranches") || die "can't open doc/private/branches: $!";
 print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\t// Comments\n";
 print BRANCHES "----------------------------------------------------------\n\n";
-print BRANCHES "//\t\t\t\tnew\tnot yet clasified\n";
+print BRANCHES "//\t\t\t\tnew\tnot yet classified\n";
 print BRANCHES "//\t\t\t\topen\tdevelopement branch\n";
 print BRANCHES "//\t\t\t\tactive\tnot a development branch\n";
 print BRANCHES "//\t\t\t\treview\tready for review\n";

From 283d46c7f7845c6f934efdaddadadc609a8eefca Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:37:17 +0000
Subject: [PATCH 040/148] auto update

---
 doc/private/branches | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 235c7eb82f..92e77dba62 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -2,12 +2,12 @@
 Branch				Status	Whom	// Comments
 ----------------------------------------------------------
 
-//					new	// not yet clasified
-//					open	// developement branch
-//					active	// not a development branch
-//					review	// ready for review
-//					private	// private branch
-//					closed	// finished with
+//				new	not yet clasified
+//				open	developement branch
+//				active	not a development branch
+//				review	ready for review
+//				private	private branch
+//				closed	finished with
 
 additional_cache		review		// additional RRs caching for performance
 additional_cache_rt6496		new	

From d6dc0d4f584352d2e4305435599ae8c93776d9b4 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:50:55 +0000
Subject: [PATCH 041/148] update

---
 util/update_branches | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 93651f6bd4..aa9f83f4fd 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.14 2005/05/17 03:36:44 marka Exp $
+# $Id: update_branches,v 1.15 2005/05/17 03:50:55 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -51,6 +51,7 @@ while () {
 	chomp;
 	next if (/^-/);
 	next if (/^Branch/);
+	next if (/^\s/);
 	$c = "";
 	if (m://.*:) {
 		$c = $_;
@@ -66,7 +67,7 @@ while () {
 			s/\(.*\)//;
 		}
 	}
-	s/\s$//;
+	s/\s*$//;
 	next if (/^\s*$/);
 	($branch, $status, $who) = split;
 	$status = "new" if (!defined($status));
@@ -80,6 +81,9 @@ close (BRANCHES);
 #
 # Search repository for new branches.
 #
+# New branches have the following format "name:.0.#"
+# where # is the number of potential branches from this the revision.
+#
 open(FILES, "find $repository/$module -type f -name *,v -print |") || die "can't start find: $!";
 while () {
 	chomp;
@@ -120,13 +124,13 @@ close(FILES);
 #
 open(BRANCHES, ">doc/private/newbranches") || die "can't open doc/private/branches: $!";
 print BRANCHES "\nBranch\t\t\t\tStatus\tWhom\t// Comments\n";
-print BRANCHES "----------------------------------------------------------\n\n";
-print BRANCHES "//\t\t\t\tnew\tnot yet classified\n";
-print BRANCHES "//\t\t\t\topen\tdevelopement branch\n";
-print BRANCHES "//\t\t\t\tactive\tnot a development branch\n";
-print BRANCHES "//\t\t\t\treview\tready for review\n";
-print BRANCHES "//\t\t\t\tprivate\tprivate branch\n";
-print BRANCHES "//\t\t\t\tclosed\tfinished with\n";
+print BRANCHES "-----------------------------------------------------------\n\n";
+print BRANCHES "\t\t\t\tnew\t\tnot yet classified\n";
+print BRANCHES "\t\t\t\topen\t\tdevelopement branch\n";
+print BRANCHES "\t\t\t\tactive\t\tnot a development branch\n";
+print BRANCHES "\t\t\t\treview\t\tready for review\n";
+print BRANCHES "\t\t\t\tprivate\t\tprivate branch\n";
+print BRANCHES "\t\t\t\tclosed\t\tfinished with\n";
 print BRANCHES "\n";
 foreach $key (sort keys %branches) {
 	next if ($branches{$key} eq "closed");

From 73cac2175470e9068829589476dda8bd6d88036f Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:54:26 +0000
Subject: [PATCH 042/148] add a comment about where this has to be run.

---
 util/update_branches | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/update_branches b/util/update_branches
index aa9f83f4fd..7b2220db10 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.15 2005/05/17 03:50:55 marka Exp $
+# $Id: update_branches,v 1.16 2005/05/17 03:54:26 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -30,6 +30,8 @@
 #  name, status, to whom the branch belongs and comments.  Comments are
 #  in '(',')'.  The first three field are single words.
 #
+#  Note: this is intended to be run on the machine hosting the CVS repository.
+#
 
 %branches = ();
 %whom = ();

From 1ba3a5c67dfc12b75f33e1e9dd4fffcfe28412b3 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 03:56:59 +0000
Subject: [PATCH 043/148] auto update

---
 doc/private/branches | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 92e77dba62..7669609d5a 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -1,13 +1,13 @@
 
 Branch				Status	Whom	// Comments
-----------------------------------------------------------
+-----------------------------------------------------------
 
-//				new	not yet clasified
-//				open	developement branch
-//				active	not a development branch
-//				review	ready for review
-//				private	private branch
-//				closed	finished with
+				new		not yet classified
+				open		developement branch
+				active		not a development branch
+				review		ready for review
+				private		private branch
+				closed		finished with
 
 additional_cache		review		// additional RRs caching for performance
 additional_cache_rt6496		new	

From 437404e8313481329baa5897eeda8c45bf748553 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 07:16:21 +0000
Subject: [PATCH 044/148] placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 48446ebf8a..4bdfe0e511 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1860.	[placeholder]	rt14775
+
 1859.	[placeholder]	rt14695
 
 1858.	[bug]		The flush-zones-on-shutdown option wasn't being

From 636074b71e7ed691e7c31484e1e2d60401bd5e74 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 08:01:22 +0000
Subject: [PATCH 045/148] mark branches as closed

---
 doc/private/branches | 52 ++++++++++++++++++++++----------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 7669609d5a..54784eddaa 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -15,45 +15,45 @@ avoid_gettimeofday		new
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
 compiled_zonefile		open		// wire format zone file, under development
-da				new	
+da				closed		// aborted DNSSEC DA flag
 dlz				open	sra	// dynamicly loadable zones
 ds				new	
-ds13				new	
+ds13				closed	
 edns1				new	
 gsstsig2			new	
 jinmei-mmapzone-test		new	
 libbind_clean			open	jinmei
 mlg-20000518			new	
-newconfig			new	
+newconfig			closed	
 openssl_stub			open	marka
-optin				new	
+optin				closed		// aborted DNSSEC OPTIN code
 peter				private	peter	// hostname.bind for 9.2.x
 queryperf-v6			review		// IPv6 transport support for queryperf
-rdata_split			new	
-rt10038				new	
-rt10272				new	
-rt10272a			new	
-rt10440				new	
-rt10440a			new	
+rdata_split			closed	
+rt10038				closed	
+rt10272				closed	
+rt10272a			closed	
+rt10440				closed	
+rt10440a			closed	
 rt10864				open	marka
-rt11069				new	
-rt11069_v9_2			new	
-rt11156				new	
-rt11156_v9_2			new	
-rt11163				new	
-rt11163_1			new	
-rt11206				new	
+rt11069				closed	
+rt11069_v9_2			closed	
+rt11156				closed	
+rt11156_v9_2			closed	
+rt11163				closed	
+rt11163_1			closed	
+rt11206				closed	
 rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
-rt11733				new	
-rt11733b			new	
-rt11943				new	
-rt12023				new	
-rt12024				new	
-rt12133				new	
-rt12154				new	
-rt12281				new	
-rt12286				new	
+rt11733				open	jakob
+rt11733b			open	jakob
+rt11943				closed	
+rt12023				closed	
+rt12024				closed	
+rt12133				closed	
+rt12154				closed	
+rt12281				closed	
+rt12286				closed	
 rt12321				new	
 rt12321a			new	
 rt12321b			new	

From 79f3f79a774399730ebb8110b571e9a8f91953b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 17 May 2005 10:08:27 +0000
Subject: [PATCH 046/148] updated some branches

---
 doc/private/branches | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 54784eddaa..fde8fc8369 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -9,26 +9,26 @@ Branch				Status	Whom	// Comments
 				private		private branch
 				closed		finished with
 
-additional_cache		review		// additional RRs caching for performance
-additional_cache_rt6496		new	
-avoid_gettimeofday		new	
+additional_cache		closed		// additional RRs caching for performance
+additional_cache_rt6496		closed	
+avoid_gettimeofday		closed	
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
-compiled_zonefile		open		// wire format zone file, under development
+compiled_zonefile		closed		// wire format zone file, under development (moved to rt13587)
 da				closed		// aborted DNSSEC DA flag
 dlz				open	sra	// dynamicly loadable zones
 ds				new	
 ds13				closed	
 edns1				new	
 gsstsig2			new	
-jinmei-mmapzone-test		new	
+jinmei-mmapzone-test		new		// mmap based zone file. very experimental, just for reference purposes
 libbind_clean			open	jinmei
 mlg-20000518			new	
 newconfig			closed	
 openssl_stub			open	marka
 optin				closed		// aborted DNSSEC OPTIN code
 peter				private	peter	// hostname.bind for 9.2.x
-queryperf-v6			review		// IPv6 transport support for queryperf
+queryperf-v6			closed		// IPv6 transport support for queryperf
 rdata_split			closed	
 rt10038				closed	
 rt10272				closed	
@@ -127,13 +127,13 @@ rt13463				new
 rt13483				new	
 rt13489				new	
 rt13501				new	
-rt13505				new	
+rt13505				review	
 rt13511				new	
 rt13526				new	
 rt13547				new	
 rt13555				new	
 rt13562				new	
-rt13587				new	
+rt13587				review	
 rt13593				new	
 rt13593a			new	
 rt13597				new	

From 23ba0c95be28fe6825eeb2856127c6acae0b9d97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 17 May 2005 13:20:03 +0000
Subject: [PATCH 047/148] marked a closed branch

---
 doc/private/branches | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/private/branches b/doc/private/branches
index fde8fc8369..cd8041c015 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -197,7 +197,7 @@ rt8138				new
 rt8358				new	
 rt8373				new	
 rt8534				new	
-rt8753				review		// support IPv6-scoped addr in dig
+rt8753				closed		// support IPv6-scoped addr in dig
 rt8934				new	
 rt9091				new	
 rt9099				new	

From 10d1a7ae66a4ed3e2ca9883a932c874c7dad13b7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 17 May 2005 23:38:10 +0000
Subject: [PATCH 048/148] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index 09f584117f..7a737155c7 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1143,7 +1143,7 @@
 ./doc/misc/roadmap				TXT.BRIEF	2000,2001,2004
 ./doc/misc/sdb					TXT.BRIEF	2000,2001,2004
 ./doc/private/CHANGES				X	2000,2001
-./doc/private/branches				X	2002
+./doc/private/branches				X	2002,2005
 ./doc/private/bugfix-by-assertion		X	2001
 ./doc/private/options				TXT.BRIEF	2000,2001,2004
 ./doc/todo/brister/todo				X	2000,2001

From 4f0b171c0ed2313fcad28b38ff40597405dc47bf Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 00:28:31 +0000
Subject: [PATCH 049/148] auto update

---
 doc/private/branches | 60 ++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index cd8041c015..b1784d9517 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -9,51 +9,22 @@ Branch				Status	Whom	// Comments
 				private		private branch
 				closed		finished with
 
-additional_cache		closed		// additional RRs caching for performance
-additional_cache_rt6496		closed	
-avoid_gettimeofday		closed	
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
-compiled_zonefile		closed		// wire format zone file, under development (moved to rt13587)
-da				closed		// aborted DNSSEC DA flag
 dlz				open	sra	// dynamicly loadable zones
 ds				new	
-ds13				closed	
 edns1				new	
 gsstsig2			new	
 jinmei-mmapzone-test		new		// mmap based zone file. very experimental, just for reference purposes
 libbind_clean			open	jinmei
 mlg-20000518			new	
-newconfig			closed	
 openssl_stub			open	marka
-optin				closed		// aborted DNSSEC OPTIN code
 peter				private	peter	// hostname.bind for 9.2.x
-queryperf-v6			closed		// IPv6 transport support for queryperf
-rdata_split			closed	
-rt10038				closed	
-rt10272				closed	
-rt10272a			closed	
-rt10440				closed	
-rt10440a			closed	
 rt10864				open	marka
-rt11069				closed	
-rt11069_v9_2			closed	
-rt11156				closed	
-rt11156_v9_2			closed	
-rt11163				closed	
-rt11163_1			closed	
-rt11206				closed	
 rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
 rt11733				open	jakob
 rt11733b			open	jakob
-rt11943				closed	
-rt12023				closed	
-rt12024				closed	
-rt12133				closed	
-rt12154				closed	
-rt12281				closed	
-rt12286				closed	
 rt12321				new	
 rt12321a			new	
 rt12321b			new	
@@ -197,7 +168,6 @@ rt8138				new
 rt8358				new	
 rt8373				new	
 rt8534				new	
-rt8753				closed		// support IPv6-scoped addr in dig
 rt8934				new	
 rt9091				new	
 rt9099				new	
@@ -237,9 +207,15 @@ v9_4				active
 
 a6_remove			closed
 adb_race			closed
+additional_cache		closed		// additional RRs caching for performance
+additional_cache_rt6496		closed
+avoid_gettimeofday		closed
 blabel-cleanup			closed
 chroot				closed
+compiled_zonefile		closed		// wire format zone file, under development (moved to rt13587)
+da				closed		// aborted DNSSEC DA flag
 delegation_only			closed
+ds13				closed
 ds_12				closed
 edns_size			closed
 ifiter_getifaddrs		closed
@@ -249,6 +225,11 @@ ipv6-scope			closed
 ipv6_6to4			closed
 ksk				closed
 marka_google			closed
+newconfig			closed
+optin				closed		// aborted DNSSEC OPTIN code
+queryperf-v6			closed		// IPv6 transport support for queryperf
+rdata_split			closed
+rt10038				closed
 rt10049				closed
 rt10105				closed
 rt10114				closed
@@ -265,10 +246,14 @@ rt10202				closed
 rt10208				closed
 rt10221				closed
 rt10236				closed
+rt10272				closed
+rt10272a			closed
 rt10331				closed
 rt10345				closed
 rt10346				closed
 rt10381				closed
+rt10440				closed
+rt10440a			closed
 rt10452				closed
 rt10461				closed
 rt10497				closed
@@ -287,6 +272,8 @@ rt10929				closed
 rt10991				closed
 rt11013				closed
 rt11065				closed
+rt11069				closed
+rt11069_v9_2			closed
 rt11101				closed
 rt11116				closed
 rt11117				closed
@@ -295,8 +282,13 @@ rt11119				closed
 rt11127				closed
 rt11132				closed
 rt11149				closed
+rt11156				closed
+rt11156_v9_2			closed
+rt11163				closed
+rt11163_1			closed
 rt11177				closed
 rt11179				closed
+rt11206				closed
 rt11208				closed
 rt11237				closed
 rt11280				closed
@@ -323,6 +315,13 @@ rt11697				closed
 rt11706				closed
 rt11714				closed
 rt11742				closed
+rt11943				closed
+rt12023				closed
+rt12024				closed
+rt12133				closed
+rt12154				closed
+rt12281				closed
+rt12286				closed
 rt3445				closed
 rt3502				closed
 rt3507				closed		// pull down by explorer
@@ -361,6 +360,7 @@ rt5099				closed
 rt5124				closed
 rt5127				closed
 rt7572				closed
+rt8753				closed		// support IPv6-scoped addr in dig
 rt9940				closed
 rt9941				closed
 rt9979				closed

From 8f8634e66351e292925dde8ab6b0418a0141f86a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 03:31:31 +0000
Subject: [PATCH 050/148] update

---
 util/update_branches | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index 7b2220db10..f5316837ca 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.16 2005/05/17 03:54:26 marka Exp $
+# $Id: update_branches,v 1.17 2005/05/18 03:31:31 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -101,7 +101,7 @@ while () {
 	open(FILE, "cvs -d $repository rlog -h $_|") || die "can't start cvs rlog -h $_: $!";
 	while () {
 		chomp;
-		next unless m/^symbols$/;	# skip until we find the tags
+		next unless m/^symbolic names:$/; # skip until we find the tags
 		while () {
 			chomp;
 			last if (m/^locks;/);	# we are past the tags

From 68843c99b695bf194b019d465f6d33e6297fd02a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 04:15:55 +0000
Subject: [PATCH 051/148] update

---
 util/update_branches | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/update_branches b/util/update_branches
index f5316837ca..645b7446fe 100644
--- a/util/update_branches
+++ b/util/update_branches
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: update_branches,v 1.17 2005/05/18 03:31:31 marka Exp $
+# $Id: update_branches,v 1.18 2005/05/18 04:15:55 marka Exp $
 
 #
 #  Track which branches are still open or not in the bind9 cvs repository.
@@ -106,7 +106,7 @@ while () {
 			chomp;
 			last if (m/^locks;/);	# we are past the tags
 			last if (m/^keyword/);	# we are past the tags
-			next unless m/\.0\.\d$/; # skip if not a branch
+			next unless m/\.0\.\d+$/; # skip if not a branch
 			s/\s(.*):.*/$1/;	# extract label
 			if (!$branches{$_}) {
 				$branches{$_} = "new";

From 6edc414a22054f67b811bda2113fe2cd6e5b0960 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 05:00:41 +0000
Subject: [PATCH 052/148] mark branches as closed

---
 doc/private/branches | 50 ++++++++++++++++++++++----------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index b1784d9517..7fc9c24890 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -12,8 +12,8 @@ Branch				Status	Whom	// Comments
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
 dlz				open	sra	// dynamicly loadable zones
-ds				new	
-edns1				new	
+ds				closed	
+edns1				open	marka
 gsstsig2			new	
 jinmei-mmapzone-test		new		// mmap based zone file. very experimental, just for reference purposes
 libbind_clean			open	jinmei
@@ -25,29 +25,29 @@ rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
 rt11733				open	jakob
 rt11733b			open	jakob
-rt12321				new	
-rt12321a			new	
-rt12321b			new	
-rt12322				new	
-rt12323				new	
-rt12327				new	
-rt12328				new	
-rt12352				new	
-rt12375				new	
-rt12376				new	
-rt12404				new	
-rt12410				new	
-rt12416				new	
-rt12467				new	
-rt12492				new	
-rt12493				new	
-rt12498				new	
-rt12505a			new	
-rt12505b			new	
-rt12519				new	
-rt12541				new	
-rt12557				new	
-rt12581				new	
+rt12321				closed	
+rt12321a			closed	
+rt12321b			closed	
+rt12322				closed	
+rt12323				closed	
+rt12327				closed	
+rt12328				closed	
+rt12352				closed	
+rt12375				closed	
+rt12376				closed	
+rt12404				closed	
+rt12410				closed	
+rt12416				closed	
+rt12467				closed	
+rt12492				closed	
+rt12493				closed	
+rt12498				closed	
+rt12505a			closed	
+rt12505b			closed	
+rt12519				closed	
+rt12541				closed	
+rt12557				closed	
+rt12581				closed	
 rt12634				new	
 rt12658				new	
 rt12695				new	

From b035d905eeb2f2ffecc640c9446714202b4993a8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 05:08:23 +0000
Subject: [PATCH 053/148] auto update

---
 doc/private/branches | 50 +++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 7fc9c24890..a808c0ceb2 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -12,7 +12,6 @@ Branch				Status	Whom	// Comments
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
 dlz				open	sra	// dynamicly loadable zones
-ds				closed	
 edns1				open	marka
 gsstsig2			new	
 jinmei-mmapzone-test		new		// mmap based zone file. very experimental, just for reference purposes
@@ -25,29 +24,6 @@ rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
 rt11733				open	jakob
 rt11733b			open	jakob
-rt12321				closed	
-rt12321a			closed	
-rt12321b			closed	
-rt12322				closed	
-rt12323				closed	
-rt12327				closed	
-rt12328				closed	
-rt12352				closed	
-rt12375				closed	
-rt12376				closed	
-rt12404				closed	
-rt12410				closed	
-rt12416				closed	
-rt12467				closed	
-rt12492				closed	
-rt12493				closed	
-rt12498				closed	
-rt12505a			closed	
-rt12505b			closed	
-rt12519				closed	
-rt12541				closed	
-rt12557				closed	
-rt12581				closed	
 rt12634				new	
 rt12658				new	
 rt12695				new	
@@ -126,6 +102,7 @@ rt14673				new
 rt14686				new	
 rt14695				new	
 rt1471				new	
+rt14775				new	
 rt1572a				new	
 rt288				new	
 rt3469				new	
@@ -203,6 +180,7 @@ v9_3				active
 v9_3_0base			new	
 v9_3_0beta2_dlv			new	
 v9_4				active	
+ws20030312			new	
 
 
 a6_remove			closed
@@ -215,6 +193,7 @@ chroot				closed
 compiled_zonefile		closed		// wire format zone file, under development (moved to rt13587)
 da				closed		// aborted DNSSEC DA flag
 delegation_only			closed
+ds				closed
 ds13				closed
 ds_12				closed
 edns_size			closed
@@ -322,6 +301,29 @@ rt12133				closed
 rt12154				closed
 rt12281				closed
 rt12286				closed
+rt12321				closed
+rt12321a			closed
+rt12321b			closed
+rt12322				closed
+rt12323				closed
+rt12327				closed
+rt12328				closed
+rt12352				closed
+rt12375				closed
+rt12376				closed
+rt12404				closed
+rt12410				closed
+rt12416				closed
+rt12467				closed
+rt12492				closed
+rt12493				closed
+rt12498				closed
+rt12505a			closed
+rt12505b			closed
+rt12519				closed
+rt12541				closed
+rt12557				closed
+rt12581				closed
 rt3445				closed
 rt3502				closed
 rt3507				closed		// pull down by explorer

From 1d92e478b881c7d6017eb9e01a5d1b1f039c9fd6 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 05:29:23 +0000
Subject: [PATCH 054/148] mark branches as closed

---
 doc/private/branches | 56 ++++++++++++++++++++++----------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index a808c0ceb2..7cdd8f6c88 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -24,34 +24,34 @@ rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
 rt11733				open	jakob
 rt11733b			open	jakob
-rt12634				new	
-rt12658				new	
-rt12695				new	
-rt12729				new	
-rt12729a			new	
-rt12745				new	
-rt12745a			new	
-rt12774				new	
-rt12788				new	
-rt12790				new	
-rt12810				new	
-rt12810a			new	
-rt12838				new	
-rt12866				new	
-rt12894				new	
-rt12907				new	
-rt12919				new	
-rt12933				new	
-rt12937				new	
-rt12942				new	
-rt12970				new	
-rt12971				new	
-rt12995				new	
-rt13002				new	
-rt13009				new	
-rt13015				new	
-rt13016				new	
-rt13062				new	
+rt12634				closed	
+rt12658				closed	
+rt12695				closed	
+rt12729				closed	
+rt12729a			closed	
+rt12745				closed	
+rt12745a			closed	
+rt12774				closed	
+rt12788				closed	
+rt12790				closed	
+rt12810				closed	
+rt12810a			closed	
+rt12838				closed	
+rt12866				closed	
+rt12894				closed	
+rt12907				closed	
+rt12919				closed	
+rt12933				closed	
+rt12937				closed	
+rt12942				closed	
+rt12970				closed	
+rt12971				closed	
+rt12995				closed	
+rt13002				closed	
+rt13009				closed	
+rt13015				closed	
+rt13016				closed	
+rt13062				closed	
 rt13077				new	
 rt13086				new	
 rt13101				new	

From 68b32be0ee81ee18330cb5ad1819946b21897b2e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 05:57:01 +0000
Subject: [PATCH 055/148] mark branches as closed

---
 doc/private/branches | 50 ++++++++++++++++++++++----------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 7cdd8f6c88..182f502160 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -52,32 +52,32 @@ rt13009				closed
 rt13015				closed	
 rt13016				closed	
 rt13062				closed	
-rt13077				new	
-rt13086				new	
-rt13101				new	
-rt13124				new	
-rt13153				new	
-rt13154				new	
-rt13205				new	
-rt13212				new	
-rt13219				new	
-rt13230				new	
-rt13238				new	
-rt13239				new	
-rt13378				new	
-rt13382				new	
-rt13396				new	
-rt13428				new	
-rt13438				new	
-rt13455				new	
-rt13463				new	
-rt13483				new	
-rt13489				new	
-rt13501				new	
+rt13077				closed	
+rt13086				closed	
+rt13101				closed	
+rt13124				closed	
+rt13153				closed	
+rt13154				closed	
+rt13205				closed	
+rt13212				closed	
+rt13219				closed	
+rt13230				closed	
+rt13238				closed	
+rt13239				closed	
+rt13378				closed	
+rt13382				closed	
+rt13396				closed	
+rt13428				closed	
+rt13438				closed	
+rt13455				closed	
+rt13463				closed	
+rt13483				closed	
+rt13489				review	marka	
+rt13501				closed	
 rt13505				review	
-rt13511				new	
-rt13526				new	
-rt13547				new	
+rt13511				closed	
+rt13526				closed	
+rt13547				closed	
 rt13555				new	
 rt13562				new	
 rt13587				review	

From 954d61020dfddbcf1d7db13a5587f897f8475a79 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 06:10:58 +0000
Subject: [PATCH 056/148] mark branches as closed

---
 doc/private/branches | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 182f502160..c70d48ac10 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -78,17 +78,17 @@ rt13505				review
 rt13511				closed	
 rt13526				closed	
 rt13547				closed	
-rt13555				new	
-rt13562				new	
+rt13555				open	marka	
+rt13562				open	marka	
 rt13587				review	
-rt13593				new	
-rt13593a			new	
-rt13597				new	
-rt13605				new	
-rt13606				new	
-rt13609				new	
-rt13620				new	
-rt13659				new	
+rt13593				closed	
+rt13593a			closed	
+rt13597				closed	
+rt13605				closed	
+rt13606				open	marka	// TSIG SHA256
+rt13609				closed	
+rt13620				closed	
+rt13659				closed	
 rt13662				new	
 rt13694				new	
 rt13707				new	

From f664589bb57001f4a0e96acfbefe2cc7f227fe2d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 18 May 2005 23:28:46 +0000
Subject: [PATCH 057/148] auto update

---
 doc/private/branches | 124 +++++++++++++++++++++----------------------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index c70d48ac10..fc6b1e1507 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -24,71 +24,12 @@ rt11398a			open	sra	// doxygen dev
 rt11543				open	jakob
 rt11733				open	jakob
 rt11733b			open	jakob
-rt12634				closed	
-rt12658				closed	
-rt12695				closed	
-rt12729				closed	
-rt12729a			closed	
-rt12745				closed	
-rt12745a			closed	
-rt12774				closed	
-rt12788				closed	
-rt12790				closed	
-rt12810				closed	
-rt12810a			closed	
-rt12838				closed	
-rt12866				closed	
-rt12894				closed	
-rt12907				closed	
-rt12919				closed	
-rt12933				closed	
-rt12937				closed	
-rt12942				closed	
-rt12970				closed	
-rt12971				closed	
-rt12995				closed	
-rt13002				closed	
-rt13009				closed	
-rt13015				closed	
-rt13016				closed	
-rt13062				closed	
-rt13077				closed	
-rt13086				closed	
-rt13101				closed	
-rt13124				closed	
-rt13153				closed	
-rt13154				closed	
-rt13205				closed	
-rt13212				closed	
-rt13219				closed	
-rt13230				closed	
-rt13238				closed	
-rt13239				closed	
-rt13378				closed	
-rt13382				closed	
-rt13396				closed	
-rt13428				closed	
-rt13438				closed	
-rt13455				closed	
-rt13463				closed	
-rt13483				closed	
-rt13489				review	marka	
-rt13501				closed	
+rt13489				review	marka
 rt13505				review	
-rt13511				closed	
-rt13526				closed	
-rt13547				closed	
-rt13555				open	marka	
-rt13562				open	marka	
+rt13555				open	marka
+rt13562				open	marka
 rt13587				review	
-rt13593				closed	
-rt13593a			closed	
-rt13597				closed	
-rt13605				closed	
 rt13606				open	marka	// TSIG SHA256
-rt13609				closed	
-rt13620				closed	
-rt13659				closed	
 rt13662				new	
 rt13694				new	
 rt13707				new	
@@ -324,6 +265,65 @@ rt12519				closed
 rt12541				closed
 rt12557				closed
 rt12581				closed
+rt12634				closed
+rt12658				closed
+rt12695				closed
+rt12729				closed
+rt12729a			closed
+rt12745				closed
+rt12745a			closed
+rt12774				closed
+rt12788				closed
+rt12790				closed
+rt12810				closed
+rt12810a			closed
+rt12838				closed
+rt12866				closed
+rt12894				closed
+rt12907				closed
+rt12919				closed
+rt12933				closed
+rt12937				closed
+rt12942				closed
+rt12970				closed
+rt12971				closed
+rt12995				closed
+rt13002				closed
+rt13009				closed
+rt13015				closed
+rt13016				closed
+rt13062				closed
+rt13077				closed
+rt13086				closed
+rt13101				closed
+rt13124				closed
+rt13153				closed
+rt13154				closed
+rt13205				closed
+rt13212				closed
+rt13219				closed
+rt13230				closed
+rt13238				closed
+rt13239				closed
+rt13378				closed
+rt13382				closed
+rt13396				closed
+rt13428				closed
+rt13438				closed
+rt13455				closed
+rt13463				closed
+rt13483				closed
+rt13501				closed
+rt13511				closed
+rt13526				closed
+rt13547				closed
+rt13593				closed
+rt13593a			closed
+rt13597				closed
+rt13605				closed
+rt13609				closed
+rt13620				closed
+rt13659				closed
 rt3445				closed
 rt3502				closed
 rt3507				closed		// pull down by explorer

From 092f7679306989293bbe755f31ade0a5f456b370 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 19 May 2005 02:05:18 +0000
Subject: [PATCH 058/148] placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 4bdfe0e511..fd74ff49d9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1861.	[placeholder]	rt14801
+
 1860.	[placeholder]	rt14775
 
 1859.	[placeholder]	rt14695

From d73541ea2eebe01cafc5ff1b2ba4b9a8f75237b1 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 19 May 2005 02:42:42 +0000
Subject: [PATCH 059/148] 1845.   [bug]           Improve error reporting to
 distingish between                         accept()/fcntl() and
 socket()/fcntl() errors.                         [RT #13745]

---
 CHANGES               |  4 ++-
 doc/private/branches  |  2 +-
 lib/isc/unix/socket.c | 64 +++++++++++++++++++++++--------------------
 3 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/CHANGES b/CHANGES
index fd74ff49d9..886a590102 100644
--- a/CHANGES
+++ b/CHANGES
@@ -39,7 +39,9 @@
 1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer
 			.
 
-1845.	[placeholder]	rt13745
+1845.	[bug]		Improve error reporting to distingish between
+			accept()/fcntl() and socket()/fcntl() errors.
+			[RT #13745]
 
 1844.	[bug]		inet_pton() accepted more that 4 hexadecimal digits
 			for each 16 bit piece of the IPv6 address.  The text
diff --git a/doc/private/branches b/doc/private/branches
index fc6b1e1507..139b0c9091 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -34,7 +34,7 @@ rt13662				new
 rt13694				new	
 rt13707				new	
 rt13714				new	
-rt13745				new	
+rt13745				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new	
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 2651502770..e8bee8c046 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.249 2005/04/27 04:57:23 sra Exp $ */
+/* $Id: socket.c,v 1.250 2005/05/19 02:42:42 marka Exp $ */
 
 /*! \file */
 
@@ -369,7 +369,7 @@ select_poke(isc_socketmgr_t *mgr, int fd, int msg) {
 		}
 #endif
 	} while (cc < 0 && SOFT_ERROR(errno));
-			        
+
 	if (cc < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		FATAL_ERROR(__FILE__, __LINE__,
@@ -1358,6 +1358,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 	int on = 1;
 #endif
 	char strbuf[ISC_STRERRORSIZE];
+	const char *err = "socket";
 
 	REQUIRE(VALID_MANAGER(manager));
 	REQUIRE(socketp != NULL && *socketp == NULL);
@@ -1380,23 +1381,24 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 	}
 
 #ifdef F_DUPFD
-        /*
-         * Leave a space for stdio to work in.
-         */
-        if (sock->fd >= 0 && sock->fd < 20) {
-                int new, tmp;
-                new = fcntl(sock->fd, F_DUPFD, 20);
-                tmp = errno;
-                (void)close(sock->fd);
-                errno = tmp;
-                sock->fd = new;
-        }
+	/*
+	 * Leave a space for stdio to work in.
+	 */
+	if (sock->fd >= 0 && sock->fd < 20) {
+		int new, tmp;
+		new = fcntl(sock->fd, F_DUPFD, 20);
+		tmp = errno;
+		(void)close(sock->fd);
+		errno = tmp;
+		sock->fd = new;
+		err = "isc_socket_create: fcntl";
+	}
 #endif
 
 	if (sock->fd >= (int)FD_SETSIZE) {
 		(void)close(sock->fd);
 		isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL,
-			      ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
+			       ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
 			       isc_msgcat, ISC_MSGSET_SOCKET,
 			       ISC_MSG_TOOMANYFDS,
 			       "%s: too many open file descriptors", "socket");
@@ -1426,7 +1428,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 		default:
 			isc__strerror(errno, strbuf, sizeof(strbuf));
 			UNEXPECTED_ERROR(__FILE__, __LINE__,
-					 "socket() %s: %s",
+					 "%s() %s: %s", err,
 					 isc_msgcat_get(isc_msgcat,
 							ISC_MSGSET_GENERAL,
 							ISC_MSG_FAILED,
@@ -1778,6 +1780,7 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
 	int fd;
 	isc_result_t result = ISC_R_SUCCESS;
 	char strbuf[ISC_STRERRORSIZE];
+	const char *err = "accept";
 
 	UNUSED(me);
 
@@ -1831,17 +1834,18 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
 		    (void *)&addrlen);
 
 #ifdef F_DUPFD
-        /*
-         * Leave a space for stdio to work in.
-         */
-        if (fd >= 0 && fd < 20) {
-                int new, tmp;
-                new = fcntl(fd, F_DUPFD, 20);
-                tmp = errno;
-                (void)close(fd);
-                errno = tmp;
-                fd = new;
-        }
+	/*
+	 * Leave a space for stdio to work in.
+	 */
+	if (fd >= 0 && fd < 20) {
+		int new, tmp;
+		new = fcntl(fd, F_DUPFD, 20);
+		tmp = errno;
+		(void)close(fd);
+		errno = tmp;
+		fd = new;
+		err = "fcntl";
+	}
 #endif
 
 	if (fd < 0) {
@@ -1870,7 +1874,7 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
 		}
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "internal_accept: accept() %s: %s",
+				 "internal_accept: %s() %s: %s", err,
 				 isc_msgcat_get(isc_msgcat,
 						ISC_MSGSET_GENERAL,
 						ISC_MSG_FAILED,
@@ -2211,7 +2215,7 @@ watcher(void *uap) {
 			cc = select(maxfd, &readfds, &writefds, NULL, NULL);
 			if (cc < 0) {
 				if (!SOFT_ERROR(errno)) {
-				        isc__strerror(errno, strbuf,
+					isc__strerror(errno, strbuf,
 						      sizeof(strbuf));
 					FATAL_ERROR(__FILE__, __LINE__,
 						    "select() %s: %s",
@@ -3447,7 +3451,7 @@ internal_connect(isc_task_t *me, isc_event_t *ev) {
 			ERROR_MATCH(EPERM, ISC_R_HOSTUNREACH);
 			ERROR_MATCH(EPIPE, ISC_R_NOTCONNECTED);
 			ERROR_MATCH(ETIMEDOUT, ISC_R_TIMEDOUT);
-		        ERROR_MATCH(ECONNRESET, ISC_R_CONNECTIONRESET);
+			ERROR_MATCH(ECONNRESET, ISC_R_CONNECTIONRESET);
 #undef ERROR_MATCH
 		default:
 			dev->result = ISC_R_UNEXPECTED;
@@ -3618,7 +3622,7 @@ isc_socket_cancel(isc_socket_t *sock, isc_task_t *task, unsigned int how) {
 				dev->result = ISC_R_CANCELED;
 				dev->ev_sender = sock;
 				isc_task_sendanddetach(¤t_task,
-					        ISC_EVENT_PTR(&dev));
+						       ISC_EVENT_PTR(&dev));
 			}
 
 			dev = next;

From c5223c9cb7c22620d5ee6611228673e95b48a270 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 19 May 2005 04:59:05 +0000
Subject: [PATCH 060/148] 1862.   [func]          Add additional zone data
 constancy checks.                         named-checkzone has extended
 checking of NS, MX and                         SRV record and the hosts they
 reference.                         named has extended post zone load checks. 
                        New zone options: check-mx and integrity-check.       
                  [RT #4940]

---
 CHANGES                                  |   7 +
 bin/check/check-tool.c                   | 308 ++++++++++++++-
 bin/check/check-tool.h                   |   5 +-
 bin/check/named-checkconf.c              | 118 +++++-
 bin/check/named-checkzone.c              |  87 ++++-
 bin/check/named-checkzone.docbook        |  52 ++-
 bin/named/config.c                       |   4 +-
 bin/named/named.conf.docbook             |   8 +-
 bin/named/update.c                       | 111 +++++-
 bin/named/zoneconf.c                     |  66 +++-
 bin/tests/system/nsupdate/ns1/named.conf |   4 +-
 doc/arm/Bv9ARM-book.xml                  |  56 ++-
 lib/bind9/check.c                        |   4 +-
 lib/dns/include/dns/master.h             |   4 +-
 lib/dns/include/dns/name.h               |   4 +-
 lib/dns/include/dns/rdata.h              |   4 +-
 lib/dns/include/dns/result.h             |   5 +-
 lib/dns/include/dns/types.h              |  14 +-
 lib/dns/include/dns/zone.h               |  35 +-
 lib/dns/master.c                         |  12 +-
 lib/dns/rdata.c                          |  22 +-
 lib/dns/rdata/generic/mx_15.c            |  33 +-
 lib/dns/result.c                         |   5 +-
 lib/dns/zone.c                           | 459 +++++++++++++++++++++--
 lib/isccfg/namedconf.c                   |   4 +-
 25 files changed, 1359 insertions(+), 72 deletions(-)

diff --git a/CHANGES b/CHANGES
index 886a590102..906c727d75 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+1862.	[func]		Add additional zone data constancy checks.
+			named-checkzone has extended checking of NS, MX and 
+			SRV record and the hosts they reference.
+			named has extended post zone load checks.
+			New zone options: check-mx and integrity-check. 
+			[RT #4940]
+
 1861.	[placeholder]	rt14801
 
 1860.	[placeholder]	rt14775
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c
index dacd56ac55..305bb5eefd 100644
--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.16 2005/04/27 04:55:42 sra Exp $ */
+/* $Id: check-tool.c,v 1.17 2005/05/19 04:58:59 marka Exp $ */
 
 /*! \file */
 
@@ -29,6 +29,8 @@
 
 #include 
 #include 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -36,24 +38,39 @@
 #include 
 #include 
 #include 
+#include 
 #include 
+#include 
 #include 
 #include 
 
+#ifdef HAVE_ADDRINFO
+#ifdef HAVE_GETADDRINFO
+#ifdef HAVE_GAISTRERROR
+#define USE_GETADDRINFO
+#endif
+#endif
+#endif
+
 #define CHECK(r) \
-        do { \
+	do { \
 		result = (r); \
-                if (result != ISC_R_SUCCESS) \
-                        goto cleanup; \
-        } while (0)   
+		if (result != ISC_R_SUCCESS) \
+			goto cleanup; \
+	} while (0)   
 
 static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
 isc_boolean_t nomerge = ISC_TRUE;
+isc_boolean_t docheckmx = ISC_TRUE;
+isc_boolean_t dochecksrv = ISC_TRUE;
+isc_boolean_t docheckns = ISC_TRUE;
 unsigned int zone_options = DNS_ZONEOPT_CHECKNS | 
+			    DNS_ZONEOPT_CHECKMX |
 			    DNS_ZONEOPT_MANYERRORS |
 			    DNS_ZONEOPT_CHECKNAMES |
+			    DNS_ZONEOPT_INTEGRITYCHECK |
 			    DNS_ZONEOPT_CHECKWILDCARD;
 
 /*
@@ -70,6 +87,279 @@ static isc_logcategory_t categories[] = {
 	{ NULL,		     0 }
 };
 
+static isc_boolean_t
+checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
+	dns_rdataset_t *a, dns_rdataset_t *aaaa)
+{
+#ifdef USE_GETADDRINFO
+	dns_rdataset_t *rdataset;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
+	struct addrinfo hints, *ai, *cur;
+	char namebuf[DNS_NAME_FORMATSIZE + 1];
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
+	isc_boolean_t answer = ISC_TRUE;
+	isc_boolean_t match;
+	const char *type;
+	void *ptr = NULL;
+	int result;
+
+	REQUIRE(a == NULL || !dns_rdataset_isassociated(a) ||
+		a->type == dns_rdatatype_a);
+	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
+		aaaa->type == dns_rdatatype_aaaa);
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_flags = AI_CANONNAME;
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+
+	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+	/*
+	 * Turn off search.
+	 */
+	if (dns_name_countlabels(name) > 1U)
+		strcat(namebuf, ".");
+	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
+	
+	result = getaddrinfo(namebuf, NULL, &hints, &ai);
+	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+	switch (result) {
+	case 0:
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
+			dns_zone_log(zone, ISC_LOG_ERROR,
+			             "%s/NS '%s' (out of zone) "
+				     "is a CNAME (illegal)",
+				     ownerbuf, namebuf);
+			answer = ISC_FALSE;
+		}
+		break;
+	case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+	case EAI_NODATA:
+#endif
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+
+	default:
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
+		return (ISC_TRUE);
+	}
+	if (a == NULL || aaaa == NULL)
+		return (answer);
+	/*
+	 * Check that all glue records really exist.
+	 */
+	if (!dns_rdataset_isassociated(a))
+		goto checkaaaa;
+	result = dns_rdataset_first(a);
+	while (result == ISC_R_SUCCESS) {
+		dns_rdataset_current(a, &rdata);
+		match = ISC_FALSE;
+		for (cur = ai; cur != NULL; cur = cur->ai_next) {
+			if (cur->ai_family != AF_INET)
+				continue;
+			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
+				match = ISC_TRUE;
+				break;
+			}
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "extra GLUE A record (%s)",
+				     ownerbuf, namebuf,
+				     inet_ntop(AF_INET, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
+			answer = ISC_FALSE;
+		}
+		dns_rdata_reset(&rdata);
+		result = dns_rdataset_next(a);
+	}
+
+ checkaaaa:
+	if (!dns_rdataset_isassociated(aaaa))
+		goto checkmissing;
+	result = dns_rdataset_first(aaaa);
+	while (result == ISC_R_SUCCESS) {
+		dns_rdataset_current(aaaa, &rdata);
+		match = ISC_FALSE;
+		for (cur = ai; cur != NULL; cur = cur->ai_next) {
+			if (cur->ai_family != AF_INET6)
+				continue;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
+				match = ISC_TRUE;
+				break;
+			}
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "extra GLUE AAAA record (%s)",
+				     ownerbuf, namebuf,
+				     inet_ntop(AF_INET6, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
+			answer = ISC_FALSE;
+		}
+		dns_rdata_reset(&rdata);
+		result = dns_rdataset_next(aaaa);
+	}
+
+ checkmissing:
+	/*
+	 * Check that all addresses appear in the glue.
+	 */
+	for (cur = ai; cur != NULL; cur = cur->ai_next) {
+		switch (cur->ai_family) {
+		case AF_INET:
+			rdataset = a;
+			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+			type = "A";
+			break;
+		case AF_INET6:
+			rdataset = aaaa;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+			type = "AAAA";
+			break;
+		default:
+			 continue;
+		}
+		match = ISC_FALSE;
+		if (dns_rdataset_isassociated(rdataset))
+			result = dns_rdataset_first(rdataset);
+		else
+			result = ISC_R_FAILURE;
+		while (result == ISC_R_SUCCESS && !match) {
+			dns_rdataset_current(rdataset, &rdata);
+			if (memcmp(ptr, rdata.data, rdata.length) == 0)
+				match = ISC_TRUE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(rdataset);
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "missing GLUE %s record (%s)",
+				     ownerbuf, namebuf, type,
+				     inet_ntop(cur->ai_family, ptr,
+					       addrbuf, sizeof(addrbuf)));
+			answer = ISC_FALSE;
+		}
+	}
+	freeaddrinfo(ai);
+	return (answer);
+#else
+	return (ISC_TRUE);
+#endif
+}
+
+static isc_boolean_t
+checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
+#ifdef USE_GETADDRINFO
+	struct addrinfo hints, *ai;
+	char namebuf[DNS_NAME_FORMATSIZE + 1];
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	int result;
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_flags = AI_CANONNAME;
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+
+	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+	/*
+	 * Turn off search.
+	 */
+	if (dns_name_countlabels(name) > 1U)
+		strcat(namebuf, ".");
+	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
+	
+	result = getaddrinfo(namebuf, NULL, &hints, &ai);
+	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+	switch (result) {
+	case 0:
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0)
+			dns_zone_log(zone, ISC_LOG_WARNING,
+			             "%s/MX '%s' (out of zone) "
+				     "is a CNAME (illegal)",
+				     ownerbuf, namebuf);
+		freeaddrinfo(ai);
+		break;
+	case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+	case EAI_NODATA:
+#endif
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+
+	default:
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
+		return (ISC_TRUE);
+	}
+#endif
+	return (ISC_TRUE);
+}
+
+static isc_boolean_t
+checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
+#ifdef USE_GETADDRINFO
+	struct addrinfo hints, *ai;
+	char namebuf[DNS_NAME_FORMATSIZE + 1];
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	int result;
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_flags = AI_CANONNAME;
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_protocol = IPPROTO_TCP;
+
+	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+	/*
+	 * Turn off search.
+	 */
+	if (dns_name_countlabels(name) > 1U)
+		strcat(namebuf, ".");
+	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
+	
+	result = getaddrinfo(namebuf, NULL, &hints, &ai);
+	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
+	switch (result) {
+	case 0:
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0)
+			dns_zone_log(zone, ISC_LOG_WARNING,
+			             "%s/SRV '%s' (out of zone) "
+				     "is a CNAME (illegal)",
+				     ownerbuf, namebuf);
+		freeaddrinfo(ai);
+		break;
+	case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+	case EAI_NODATA:
+#endif
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+
+	default:
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
+		return (ISC_TRUE);
+	}
+#endif
+	return (ISC_TRUE);
+}
+
 isc_result_t
 setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	isc_logdestination_t destination;
@@ -124,7 +414,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	dns_fixedname_init(&fixorigin);
 	origin = dns_fixedname_name(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
-			        ISC_FALSE, NULL));
+				ISC_FALSE, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
 	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
 	CHECK(dns_zone_setfile(zone, filename));
@@ -136,6 +426,12 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	dns_zone_setclass(zone, rdclass);
 	dns_zone_setoption(zone, zone_options, ISC_TRUE);
 	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
+	if (docheckmx)
+		dns_zone_setcheckmx(zone, checkmx);
+	if (docheckns)
+		dns_zone_setcheckns(zone, checkns);
+	if (dochecksrv)
+		dns_zone_setchecksrv(zone, checksrv);
 
 	CHECK(dns_zone_load(zone));
 	if (zonep != NULL){
diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h
index 54c9bfe282..bfd8a409e2 100644
--- a/bin/check/check-tool.h
+++ b/bin/check/check-tool.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.9 2005/04/29 00:22:24 marka Exp $ */
+/* $Id: check-tool.h,v 1.10 2005/05/19 04:58:59 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -41,6 +41,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename);
 
 extern int debug;
 extern isc_boolean_t nomerge;
+extern isc_boolean_t docheckmx;
+extern isc_boolean_t docheckns;
+extern isc_boolean_t dochecksrv;
 extern unsigned int zone_options;
 
 ISC_LANG_ENDDECLS
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index e6d165e0a3..c730675d17 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.31 2005/04/27 04:55:43 sra Exp $ */
+/* $Id: named-checkconf.c,v 1.32 2005/05/19 04:58:59 marka Exp $ */
 
 /*! \file */
 
@@ -41,11 +41,14 @@
 
 #include 
 #include 
+#include 
 #include 
+#include 
 
 #include "check-tool.h"
 
 isc_log_t *logc = NULL;
+static isc_entropy_t *ectx = NULL;
 
 #define CHECK(r)\
 	do { \
@@ -88,10 +91,54 @@ directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
 	return (ISC_R_SUCCESS);
 }
 
+static isc_boolean_t
+get_maps(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) {
+	int i;
+	for (i = 0;; i++) {
+		if (maps[i] == NULL)
+			return (ISC_FALSE);
+		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
+			return (ISC_TRUE);
+	}
+}
+
+static isc_boolean_t
+get_checknames(cfg_obj_t **maps, cfg_obj_t **obj) {
+	cfg_listelt_t *element;
+	cfg_obj_t *checknames;
+	cfg_obj_t *type;
+	cfg_obj_t *value;
+	isc_result_t result;
+	int i;
+
+	for (i = 0;; i++) {
+		if (maps[i] == NULL)
+			return (ISC_FALSE);
+		checknames = NULL;
+		result = cfg_map_get(maps[i], "check-names", &checknames);
+		if (result != ISC_R_SUCCESS)
+			continue;
+		if (checknames != NULL && !cfg_obj_islist(checknames)) {
+			*obj = checknames;
+			return (ISC_TRUE);
+		}
+		for (element = cfg_list_first(checknames);
+		     element != NULL;
+		     element = cfg_list_next(element)) {
+			value = cfg_listelt_value(element);
+			type = cfg_tuple_get(value, "type");
+			if (strcasecmp(cfg_obj_asstring(type), "master") != 0)
+				continue;
+			*obj = cfg_tuple_get(value, "mode");
+			return (ISC_TRUE);
+		}
+	}
+}
+
 /*% configure the zone */
 static isc_result_t
 configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
-	       isc_mem_t *mctx)
+	       cfg_obj_t *vconfig, cfg_obj_t *config, isc_mem_t *mctx)
 {
 	isc_result_t result;
 	const char *zclass;
@@ -102,6 +149,13 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
 	cfg_obj_t *typeobj = NULL;
 	cfg_obj_t *fileobj = NULL;
 	cfg_obj_t *dbobj = NULL;
+	cfg_obj_t *obj = NULL;
+	cfg_obj_t *maps[4];
+	int i = 0;
+
+	zone_options = DNS_ZONEOPT_CHECKNS |
+		       DNS_ZONEOPT_MANYERRORS |
+		       DNS_ZONEOPT_INTEGRITYCHECK;
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
@@ -109,7 +163,18 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
                 zclass = vclass;
         else
 		zclass = cfg_obj_asstring(classobj);
+
 	zoptions = cfg_tuple_get(zconfig, "options");
+	maps[i++] = zoptions;
+	if (vconfig != NULL)
+		maps[i++] = cfg_tuple_get(vconfig, "options");
+	if (config != NULL) {
+		cfg_map_get(config, "options", &obj);
+		if (obj != NULL)
+			maps[i++] = obj;
+	}
+	maps[i++] = NULL;
+
 	cfg_map_get(zoptions, "type", &typeobj);
 	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
@@ -122,6 +187,43 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
 	if (fileobj == NULL)
 		return (ISC_R_FAILURE);
 	zfile = cfg_obj_asstring(fileobj);
+
+	obj = NULL;
+	if (get_maps(maps, "check-mx", &obj)) {
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			zone_options |= DNS_ZONEOPT_CHECKMX;
+			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			zone_options |= DNS_ZONEOPT_CHECKMX;
+			zone_options |= DNS_ZONEOPT_CHECKMXFAIL;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			zone_options &= ~DNS_ZONEOPT_CHECKMX;
+			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+		} else
+			INSIST(0);
+	} else {
+		zone_options |= DNS_ZONEOPT_CHECKMX;
+		zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+	}
+
+	obj = NULL;
+	if (get_checknames(maps, &obj)) {
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			zone_options |= DNS_ZONEOPT_CHECKNAMES;
+			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			zone_options |= DNS_ZONEOPT_CHECKNAMES;
+			zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
+			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
+		} else
+			INSIST(0);
+	} else {
+               zone_options |= DNS_ZONEOPT_CHECKNAMES;
+               zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+	}
+
 	result = load_zone(mctx, zname, zfile, zclass, NULL);
 	if (result != ISC_R_SUCCESS)
 		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
@@ -155,7 +257,8 @@ configure_view(const char *vclass, const char *view, cfg_obj_t *config,
 	     element = cfg_list_next(element))
 	{
 		cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, mctx);
+		tresult = configure_zone(vclass, view, zconfig, vconfig,
+					 config, mctx);
 		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
 	}
@@ -248,6 +351,9 @@ main(int argc, char **argv) {
 
 		case 'z':
 			load_zones = ISC_TRUE;
+			docheckmx = ISC_FALSE;
+			docheckns = ISC_FALSE;
+			dochecksrv = ISC_FALSE;
 			break;
 
 		default:
@@ -268,6 +374,10 @@ main(int argc, char **argv) {
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
 		      == ISC_R_SUCCESS);
 
+	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS); 
+	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+		      == ISC_R_SUCCESS);
+
 	dns_result_register();
 
 	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
@@ -294,6 +404,8 @@ main(int argc, char **argv) {
 
 	cfg_parser_destroy(&parser);
 
+	isc_hash_destroy();
+
 	isc_log_destroy(&logc);
 
 	isc_hash_destroy();
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index f8bdfae90c..99c405f28f 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.34 2005/04/27 04:55:43 sra Exp $ */
+/* $Id: named-checkzone.c,v 1.35 2005/05/19 04:58:59 marka Exp $ */
 
 /*! \file */
 
@@ -39,6 +39,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -69,7 +70,9 @@ usage(void) {
 	fprintf(stderr,
 		"usage: named-checkzone [-djqvD] [-c class] [-o output] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
-		"[-n (ignore|warn|fail)] [-W (ignore|warn)] zonename filename\n");
+		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
+		"[-i (full|local|none)] [-W (ignore|warn)] "
+		"zonename filename\n");
 	exit(1);
 }
 
@@ -91,7 +94,8 @@ main(int argc, char **argv) {
 	char *classname = classname_in;
 	const char *workdir = NULL;
 
-	while ((c = isc_commandline_parse(argc, argv, "c:dijk:n:qst:o:vw:DW:")) != EOF) {
+	while ((c = isc_commandline_parse(argc, argv,
+					  "c:di:jk:m:n:qst:o:vw:DW:")) != EOF) {
 		switch (c) {
 		case 'c':
 			classname = isc_commandline_argument;
@@ -101,20 +105,33 @@ main(int argc, char **argv) {
 			debug++;
 			break;
 
-		case 'j':
-			nomerge = ISC_FALSE;
+		case 'i':
+			if (!strcmp(isc_commandline_argument, "full")) {
+				zone_options |= DNS_ZONEOPT_INTEGRITYCHECK;
+				docheckmx = ISC_TRUE;
+				docheckns = ISC_TRUE;
+				dochecksrv = ISC_TRUE;
+			} else if (!strcmp(isc_commandline_argument,
+					   "local")) {
+				zone_options |= DNS_ZONEOPT_INTEGRITYCHECK;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
+			} else if (!strcmp(isc_commandline_argument,
+					   "none")) {
+				zone_options &= ~DNS_ZONEOPT_INTEGRITYCHECK;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
+			} else {
+				fprintf(stderr, "invalid argument to -i: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
 			break;
 
-		case 'n':
-			if (!strcmp(isc_commandline_argument, "ignore"))
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
-						  DNS_ZONEOPT_FATALNS);
-			else if (!strcmp(isc_commandline_argument, "warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS;
-				zone_options &= ~DNS_ZONEOPT_FATALNS;
-			} else if (!strcmp(isc_commandline_argument, "fail"))
-				zone_options |= DNS_ZONEOPT_CHECKNS|
-					        DNS_ZONEOPT_FATALNS;
+		case 'j':
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'k':
@@ -129,6 +146,46 @@ main(int argc, char **argv) {
 					   "ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
 						  DNS_ZONEOPT_CHECKNAMESFAIL);
+			} else {
+				fprintf(stderr, "invalid argument to -k: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
+		case 'n':
+			if (!strcmp(isc_commandline_argument, "ignore")) {
+				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
+						  DNS_ZONEOPT_FATALNS);
+			} else if (!strcmp(isc_commandline_argument, "warn")) {
+				zone_options |= DNS_ZONEOPT_CHECKNS;
+				zone_options &= ~DNS_ZONEOPT_FATALNS;
+			} else if (!strcmp(isc_commandline_argument, "fail")) {
+				zone_options |= DNS_ZONEOPT_CHECKNS|
+					        DNS_ZONEOPT_FATALNS;
+			} else {
+				fprintf(stderr, "invalid argument to -n: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
+		case 'm':
+			if (!strcmp(isc_commandline_argument, "warn")) {
+				zone_options |= DNS_ZONEOPT_CHECKMX;
+				zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
+			} else if (!strcmp(isc_commandline_argument,
+					   "fail")) {
+				zone_options |= DNS_ZONEOPT_CHECKMX |
+						DNS_ZONEOPT_CHECKMXFAIL;
+			} else if (!strcmp(isc_commandline_argument,
+					   "ignore")) {
+				zone_options &= ~(DNS_ZONEOPT_CHECKMX |
+						  DNS_ZONEOPT_CHECKMXFAIL);
+			} else {
+				fprintf(stderr, "invalid argument to -m: %s\n",
+					isc_commandline_argument);
+				exit(1);
 			}
 			break;
 
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index 8c4340f2d8..121b2bc94c 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     June 13, 2000
@@ -57,7 +57,9 @@
       
       
       
+      
       
+      
       
       
       
@@ -129,6 +131,42 @@
         
       
 
+      
+        -i mode
+	
+	  
+	      Perform post load zone integrity checks.  Possible modes are
+	      "full" (default),
+	      "local" and
+	      "none".
+	  
+	  
+	      Mode "full" checks that MX records
+	      refer to A or AAAA record (both in-zone and out-of-zone
+	      hostnames).  Mode "local" only
+	      checks MX records which refer to in-zone hostnames.
+	  
+	  
+	      Mode "full" checks that SRV records
+	      refer to A or AAAA record (both in-zone and out-of-zone
+	      hostnames).  Mode "local" only
+	      checks SRV records which refer to in-zone hostnames.
+	  
+	  
+	      Mode "full" checks that delegation NS
+	      records refer to A or AAAA record (both in-zone and out-of-zone
+	      hostnames).  It also checks that glue addresses records
+	      in the zone match those advertised by the child.
+	      Mode "local" only checks NS records which
+	      refer to in-zone hostnames or that some required glue exists,
+	      that is when the nameserver is in a child zone.
+	  
+	  
+	      Mode "none" disables the checks.
+	  
+	
+      
+
       
         -k mode
         
@@ -142,6 +180,18 @@
         
       
 
+      
+        -m mode
+        
+          
+            Specify whether MX records should be checked to see if they
+            are addresses.  Possible modes are "fail",
+            "warn" (default) and
+            "ignore".
+          
+        
+      
+
       
         -n mode
         
diff --git a/bin/named/config.c b/bin/named/config.c
index f4e5966d8c..87b8a2f22e 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.56 2005/04/27 04:55:49 sra Exp $ */
+/* $Id: config.c,v 1.57 2005/05/19 04:59:00 marka Exp $ */
 
 /*! \file */
 
@@ -128,10 +128,12 @@ options {\n\
 	check-names master fail;\n\
 	check-names slave warn;\n\
 	check-names response ignore;\n\
+	check-mx warn;\n\
 	use-additional-cache true;\n\
 	acache-cleaning-interval 60;\n\
 	max-acache-size 0;\n\
 	dnssec-enable no; /* Make yes for 9.4. */ \n\
+	integrity-check yes;\n\
 "
 
 "	/* zone */\n\
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 5cad2dc242..1534681b4a 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     Aug 13, 2004
@@ -240,6 +240,8 @@ options {
 	max-cache-size size_no_default;
 	check-names ( master | slave | response )
 		( fail | warn | ignore );
+	check-mx ( fail | warn | ignore );
+	integrity-check boolean;
 	cache-file quoted_string;
 	suppress-initial-notify boolean; // not yet implemented
 	preferred-glue string;
@@ -370,6 +372,8 @@ view string optional_class
 	max-cache-size size_no_default;
 	check-names ( master | slave | response )
 		( fail | warn | ignore );
+	check-mx ( fail | warn | ignore );
+	integrity-check boolean;
 	cache-file quoted_string;
 	suppress-initial-notify boolean; // not yet implemented
 	preferred-glue string;
@@ -458,6 +462,8 @@ zone string optional_class
 	database string;
 	delegation-only boolean;
 	check-names ( fail | warn | ignore );
+	check-mx ( fail | warn | ignore );
+	integrity-check boolean;
 	dialup dialuptype;
 	ixfr-from-differences boolean;
 	journal quoted_string;
diff --git a/bin/named/update.c b/bin/named/update.c
index d7ed3c9886..a2c0794084 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.121 2005/04/27 04:55:55 sra Exp $ */
+/* $Id: update.c,v 1.122 2005/05/19 04:59:00 marka Exp $ */
 
 #include 
 
@@ -36,6 +36,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -2129,6 +2130,112 @@ remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) {
 	return (result);
 }
 
+/*
+ * This implements the post load integrity checks for mx records.
+ */
+static isc_result_t
+check_mx(ns_client_t *client, dns_zone_t *zone,
+	 dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff)
+{
+	char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123.")];
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	char namebuf[DNS_NAME_FORMATSIZE];
+	char altbuf[DNS_NAME_FORMATSIZE];
+	dns_difftuple_t *t;
+	dns_fixedname_t fixed;
+	dns_name_t *foundname;
+	dns_rdata_mx_t mx;
+	dns_rdata_t rdata;
+	isc_boolean_t ok = ISC_TRUE;
+	isc_boolean_t isaddress;
+	isc_result_t result;
+	struct in6_addr addr6;
+	struct in_addr addr;
+	unsigned int options;
+
+	dns_fixedname_init(&fixed);
+	foundname = dns_fixedname_name(&fixed);
+	dns_rdata_init(&rdata);
+	options = dns_zone_getoptions(zone);
+
+	for (t = ISC_LIST_HEAD(diff->tuples);
+	     t != NULL;
+	     t = ISC_LIST_NEXT(t, link)) {
+		if (t->op != DNS_DIFFOP_DEL ||
+		    t->rdata.type != dns_rdatatype_mx)
+			continue;
+
+		result = dns_rdata_tostruct(&t->rdata, &mx, NULL);
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+		/*
+		 * Check if we will error out if we attempt to reload the
+		 * zone.
+		 */
+		dns_name_format(&mx.mx, namebuf, sizeof(namebuf));
+		dns_name_format(&t->name, ownerbuf, sizeof(ownerbuf));
+		isaddress = ISC_FALSE;
+		if ((options & DNS_RDATA_CHECKMX) != 0 &&
+		    strlcpy(tmp, namebuf, sizeof(tmp)) < sizeof(tmp)) {
+			if (tmp[strlen(tmp) - 1] == '.')
+				tmp[strlen(tmp) - 1] = '\0';
+			if (inet_aton(tmp, &addr) == 1 ||
+			    inet_pton(AF_INET6, tmp, &addr6) == 1)
+				isaddress = ISC_TRUE;
+		}
+
+		if (isaddress && (options & DNS_RDATA_CHECKMXFAIL) != 0) {
+			update_log(client, zone, ISC_LOG_ERROR,
+				   "%s/MX: '%s': %s",
+				   ownerbuf, namebuf,
+				   dns_result_totext(DNS_R_MXISADDRESS));
+			ok = ISC_FALSE;
+		} else if (isaddress) {
+			update_log(client, zone, ISC_LOG_WARNING,
+				   "%s/MX: warning: '%s': %s",
+				   ownerbuf, namebuf,
+				   dns_result_totext(DNS_R_MXISADDRESS));
+		}
+		
+		/*
+		 * Check zone integrity checks.
+		 */
+		if ((options & DNS_ZONEOPT_INTEGRITYCHECK) == 0)
+			continue;
+		result = dns_db_find(db, &mx.mx, newver, dns_rdatatype_a,
+				     0, 0, NULL, foundname, NULL, NULL);
+		if (result == ISC_R_SUCCESS)
+			continue;
+
+		if (result == DNS_R_NXRRSET) {
+			result = dns_db_find(db, &mx.mx, newver,
+					     dns_rdatatype_aaaa,
+					     0, 0, NULL, foundname,
+					     NULL, NULL);
+			if (result == ISC_R_SUCCESS)
+				continue;
+		}
+
+		if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN) {
+			update_log(client, zone, ISC_LOG_ERROR,
+				   "%s/MX '%s' has no address records "
+				   "(A or AAAA)", ownerbuf, namebuf);
+			ok = ISC_FALSE;
+		} else if (result == DNS_R_CNAME) {
+			update_log(client, zone, ISC_LOG_ERROR,
+				   "%s/MX '%s' is a CNAME (illegal)",
+				   ownerbuf, namebuf);
+			ok = ISC_FALSE;
+		} else if (result == DNS_R_DNAME) {
+			dns_name_format(foundname, altbuf, sizeof altbuf);
+			update_log(client, zone, ISC_LOG_ERROR,
+				   "%s/MX '%s' is below a DNAME '%s' (illegal)",
+				   ownerbuf, namebuf, altbuf);
+			ok = ISC_FALSE;
+		}
+	}
+	return (ok ? ISC_R_SUCCESS : DNS_R_REFUSED);
+}
+
 static void
 update_action(isc_task_t *task, isc_event_t *event) {
 	update_event_t *uev = (update_event_t *) event;
@@ -2628,6 +2735,8 @@ update_action(isc_task_t *task, isc_event_t *event) {
 			CHECK(increment_soa_serial(db, ver, &diff, mctx));
 		}
 
+		CHECK(check_mx(client, zone, db, ver, &diff));
+
 		CHECK(remove_orphaned_ds(db, ver, &diff));
 
 		if (dns_db_issecure(db)) {
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index cdbc6d8a1f..d64bd7f55b 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.120 2005/04/27 04:55:56 sra Exp $ */
+/* $Id: zoneconf.c,v 1.121 2005/05/19 04:59:01 marka Exp $ */
 
 /*% */
 
@@ -613,6 +613,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 			}
 			RETERR(dns_zone_setkeydirectory(zone, filename));
 		}
+
 		obj = NULL;
 		result = ns_config_get(maps, "check-wildcard", &obj);
 		if (result == ISC_R_SUCCESS)
@@ -620,6 +621,69 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 		else
 			check = ISC_FALSE;
 		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check);
+
+		obj = NULL;
+		result = ns_config_get(maps, "check-mx", &obj);
+		INSIST(obj != NULL);
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			fail = ISC_FALSE;
+			check = ISC_TRUE;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
+			fail = check = ISC_TRUE;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			fail = check = ISC_FALSE;
+		} else
+			INSIST(0);
+		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMX, check);
+		dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail);
+
+		obj = NULL;
+		result = ns_config_get(maps, "integrity-check", &obj);
+		INSIST(obj != NULL);
+		dns_zone_setoption(zone, DNS_ZONEOPT_INTEGRITYCHECK, 
+				   cfg_obj_asboolean(obj));
+	}
+
+	/*
+	 * Configure update-related options.  These apply to
+	 * primary masters only.
+	 */
+	if (ztype == dns_zone_master) {
+		dns_acl_t *updateacl;
+		RETERR(configure_zone_acl(zconfig, vconfig, config,
+					  "allow-update", ac, zone,
+					  dns_zone_setupdateacl,
+					  dns_zone_clearupdateacl));
+		
+		updateacl = dns_zone_getupdateacl(zone);
+		if (updateacl != NULL  && dns_acl_isinsecure(updateacl))
+			isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
+				      NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+				      "zone '%s' allows updates by IP "
+				      "address, which is insecure",
+				      zname);
+		
+		RETERR(configure_zone_ssutable(zoptions, zone));
+
+		obj = NULL;
+		result = ns_config_get(maps, "sig-validity-interval", &obj);
+		INSIST(result == ISC_R_SUCCESS);
+		dns_zone_setsigvalidityinterval(zone,
+						cfg_obj_asuint32(obj) * 86400);
+
+		obj = NULL;
+		result = ns_config_get(maps, "key-directory", &obj);
+		if (result == ISC_R_SUCCESS) {
+			filename = cfg_obj_asstring(obj);
+			if (!isc_file_isabsolute(filename)) {
+				cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
+					    "key-directory '%s' "
+					    "is not absolute", filename);
+				return (ISC_R_FAILURE);
+			}
+			RETERR(dns_zone_setkeydirectory(zone, filename));
+		}
+
 	} else if (ztype == dns_zone_slave) {
 		RETERR(configure_zone_acl(zconfig, vconfig, config,
 					  "allow-update-forwarding", ac, zone,
diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf
index 20f678c42a..03b100ba05 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf
+++ b/bin/tests/system/nsupdate/ns1/named.conf
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.12 2004/03/05 05:01:58 marka Exp $ */
+/* $Id: named.conf,v 1.13 2005/05/19 04:59:01 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -43,6 +43,7 @@ controls {
 zone "example.nil" {
 	type master;
 	file "example.db";
+	integrity-check no;
 	allow-update { any; };
 	allow-transfer { any; };
 };
@@ -50,6 +51,7 @@ zone "example.nil" {
 zone "update.nil" {
 	type master;
 	file "update.db";
+	integrity-check no;
 	allow-update { any; };
 	allow-transfer { any; };
 	also-notify { 10.53.0.2; };
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index e15656adae..35af0efb28 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -4307,7 +4307,9 @@ category notify { null; };
      forwarders { ip_addr port ip_port ;  ip_addr port ip_port ; ...  }; 
      dual-stack-servers port ip_port { ( domain_name port ip_port | ip_addr port ip_port ) ; ... }; 
      check-names ( master | slave | response )( warn | fail | ignore ); 
+     check-mx ( warn | fail | ignore ); 
      check-wildcard yes_or_no; 
+     integrity-checks yes_or_no; 
      allow-notify { address_match_list }; 
      allow-query { address_match_list }; 
      allow-query-cache { address_match_list }; 
@@ -5423,6 +5425,18 @@ options {
               
             
 
+	    
+	      check-mx
+	      
+		
+		  Check whether the MX record appears to refer to a IP address.
+		  The default is to warn.  Other possible
+		  values are fail and
+		  ignore.
+		
+	      
+	    
+
             
               check-wildcard
               
@@ -5438,6 +5452,24 @@ options {
               
             
 
+	    
+	      integrity-check
+	      
+		
+		  Perform post load zone integrity checks on master
+		  zones.  This checks that MX and SRV records refer
+		  to address (A or AAAA) records and that glue
+		  address records exist for delegated zones.  For
+		  MX and SRV records only in-zone hostnames are
+		  checked (for out-of-zone hostnames use named-checkzone).
+		  For NS records only names below top of zone are
+		  checked (for out-of-zone names and glue consistancy
+		  checks use named-checkzone).  The default is
+		  yes.
+		
+	      
+	    
+
           
 
         
@@ -7497,7 +7529,9 @@ view "external" {
      allow-update-forwarding { address_match_list } ; 
      also-notify { ip_addr port ip_port ;  ip_addr port ip_port ; ...  }; 
      check-names (warn|fail|ignore) ; 
+     check-mx (warn|fail|ignore) ; 
      check-wildcard yes_or_no; 
+     integrity-checks yes_or_no ; 
      dialup dialup_option ; 
      delegation-only yes_or_no ; 
      file string ; 
@@ -7884,6 +7918,16 @@ view "external" {
                 
               
 
+              
+                check-mx
+                
+                  
+                    See the description of
+                    check-mx in .
+                  
+                
+              
+
               
                 check-wildcard
                 
@@ -7894,6 +7938,16 @@ view "external" {
                 
               
 
+              
+                integrity-check
+                
+                  
+                    See the description of
+                    integrity-check in .
+                  
+                
+              
+
               
                 database
                 
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index b30745787d..af63de774f 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.57 2005/04/27 04:56:43 sra Exp $ */
+/* $Id: check.c,v 1.58 2005/05/19 04:59:02 marka Exp $ */
 
 /*! \file */
 
@@ -799,6 +799,8 @@ check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *voptions, cfg_obj_t *config,
 	{ "database", MASTERZONE | SLAVEZONE | STUBZONE },
 	{ "key-directory", MASTERZONE },
 	{ "check-wildcard", MASTERZONE },
+	{ "check-mx", MASTERZONE },
+	{ "integrity-check", MASTERZONE },
 	};
 
 	static optionstable dialups[] = {
diff --git a/lib/dns/include/dns/master.h b/lib/dns/include/dns/master.h
index 2ce21ed756..7a9661f2b2 100644
--- a/lib/dns/include/dns/master.h
+++ b/lib/dns/include/dns/master.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: master.h,v 1.42 2005/04/27 04:56:56 sra Exp $ */
+/* $Id: master.h,v 1.43 2005/05/19 04:59:04 marka Exp $ */
 
 #ifndef DNS_MASTER_H
 #define DNS_MASTER_H 1
@@ -52,6 +52,8 @@
 #define DNS_MASTER_CHECKNAMES   0x00000100
 #define DNS_MASTER_CHECKNAMESFAIL 0x00000200
 #define DNS_MASTER_CHECKWILDCARD 0x00000400	/* Check for internal wildcards. */
+#define DNS_MASTER_CHECKMX	0x00000800
+#define DNS_MASTER_CHECKMXFAIL	0x00001000
 
 ISC_LANG_BEGINDECLS
 
diff --git a/lib/dns/include/dns/name.h b/lib/dns/include/dns/name.h
index d8237f6dcc..656ac08857 100644
--- a/lib/dns/include/dns/name.h
+++ b/lib/dns/include/dns/name.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: name.h,v 1.115 2005/04/27 04:56:57 sra Exp $ */
+/* $Id: name.h,v 1.116 2005/05/19 04:59:04 marka Exp $ */
 
 #ifndef DNS_NAME_H
 #define DNS_NAME_H 1
@@ -145,6 +145,8 @@ struct dns_name {
 #define DNS_NAME_CHECKNAMES		0x0002		/*%< Used by rdata. */
 #define DNS_NAME_CHECKNAMESFAIL		0x0004		/*%< Used by rdata. */
 #define DNS_NAME_CHECKREVERSE		0x0008		/*%< Used by rdata. */
+#define DNS_NAME_CHECKMX		0x0010		/*%< Used by rdata. */
+#define DNS_NAME_CHECKMXFAIL		0x0020		/*%< Used by rdata. */
 
 LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_rootname;
 LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_wildcardname;
diff --git a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
index 9cf8f7b8b9..296cf61c39 100644
--- a/lib/dns/include/dns/rdata.h
+++ b/lib/dns/include/dns/rdata.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rdata.h,v 1.62 2005/04/29 00:23:01 marka Exp $ */
+/* $Id: rdata.h,v 1.63 2005/05/19 04:59:04 marka Exp $ */
 
 #ifndef DNS_RDATA_H
 #define DNS_RDATA_H 1
@@ -143,6 +143,8 @@ struct dns_rdata {
 #define DNS_RDATA_CHECKNAMES		DNS_NAME_CHECKNAMES
 #define DNS_RDATA_CHECKNAMESFAIL	DNS_NAME_CHECKNAMESFAIL
 #define DNS_RDATA_CHECKREVERSE		DNS_NAME_CHECKREVERSE
+#define DNS_RDATA_CHECKMX		DNS_NAME_CHECKMX
+#define DNS_RDATA_CHECKMXFAIL		DNS_NAME_CHECKMXFAIL
 
 /***
  *** Initialization
diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h
index 684322b11f..5e6d5c61ef 100644
--- a/lib/dns/include/dns/result.h
+++ b/lib/dns/include/dns/result.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.h,v 1.108 2005/04/29 00:23:02 marka Exp $ */
+/* $Id: result.h,v 1.109 2005/05/19 04:59:04 marka Exp $ */
 
 #ifndef DNS_RESULT_H
 #define DNS_RESULT_H 1
@@ -145,8 +145,9 @@
 #define DNS_R_UNKNOWNCOMMAND		(ISC_RESULTCLASS_DNS + 99)
 #define DNS_R_MUSTBESECURE		(ISC_RESULTCLASS_DNS + 100)
 #define DNS_R_COVERINGNSEC		(ISC_RESULTCLASS_DNS + 101)
+#define DNS_R_MXISADDRESS		(ISC_RESULTCLASS_DNS + 102)
 
-#define DNS_R_NRESULTS			102	/*%< Number of results */
+#define DNS_R_NRESULTS			103	/*%< Number of results */
 
 /*
  * DNS wire format rcodes.
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index 15031b102b..d3aec3bad3 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.114 2005/04/27 04:57:00 sra Exp $ */
+/* $Id: types.h,v 1.115 2005/05/19 04:59:04 marka Exp $ */
 
 #ifndef DNS_TYPES_H
 #define DNS_TYPES_H 1
@@ -298,7 +298,17 @@ typedef void
 (*dns_updatecallback_t)(void *, isc_result_t, dns_message_t *);
 
 typedef int 
-(*dns_rdatasetorderfunc_t)(dns_rdata_t *rdata, void *arg);
+(*dns_rdatasetorderfunc_t)(dns_rdata_t *, void *);
+
+typedef isc_boolean_t
+(*dns_checkmxfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *);
+
+typedef isc_boolean_t
+(*dns_checksrvfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *);
+
+typedef isc_boolean_t
+(*dns_checknsfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *,
+		     dns_rdataset_t *, dns_rdataset_t *);
 
 typedef isc_boolean_t
 (*dns_isselffunc_t)(dns_view_t *, dns_tsigkey_t *, isc_sockaddr_t *,
diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h
index 75f2f63148..cf70fba749 100644
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.133 2005/04/27 04:57:01 sra Exp $ */
+/* $Id: zone.h,v 1.134 2005/05/19 04:59:05 marka Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -55,6 +55,9 @@ typedef enum {
 #define DNS_ZONEOPT_CHECKNAMES	  0x00000800U	/*%< check-names */
 #define DNS_ZONEOPT_CHECKNAMESFAIL 0x00001000U	/*%< fatal check-name failures */
 #define DNS_ZONEOPT_CHECKWILDCARD 0x00002000U	/*%< check for internal wildcards */
+#define DNS_ZONEOPT_CHECKMX	  0x00004000U	/*%< check-mx */
+#define DNS_ZONEOPT_CHECKMXFAIL   0x00008000U	/*%< fatal check-mx failures */
+#define DNS_ZONEOPT_INTEGRITYCHECK 0x00010000U	/*%< perform integrity checks */
 
 #ifndef NOMINUM_PUBLIC
 /*
@@ -1448,6 +1451,36 @@ dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache);
  *	'zone' will have a reference to 'acache'
  */
 
+void
+dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx);
+/*
+ *	Set the post load integrity callback function 'checkmx'.
+ *	'checkmx' will be called if the MX is not within the zone.
+ *
+ * Require:
+ *	'zone' to be a valid zone.
+ */
+
+void
+dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv);
+/*
+ *	Set the post load integrity callback function 'checksrv'.
+ *	'checksrv' will be called if the SRV TARGET is not within the zone.
+ *
+ * Require:
+ *	'zone' to be a valid zone.
+ */
+
+void
+dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns);
+/*
+ *	Set the post load integrity callback function 'checkmx'.
+ *	'checkmx' will be called if the MX is not within the zone.
+ *
+ * Require:
+ *	'zone' to be a valid zone.
+ */
+
 void
 dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay);
 /*
diff --git a/lib/dns/master.c b/lib/dns/master.c
index 6ce43f46d9..beaccbd8a9 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: master.c,v 1.152 2005/04/27 04:56:47 sra Exp $ */
+/* $Id: master.c,v 1.153 2005/05/19 04:59:02 marka Exp $ */
 
 /*! \file */
 
@@ -959,11 +959,16 @@ load(dns_loadctx_t *lctx) {
 		options |= DNS_RDATA_CHECKNAMES;
 	if ((lctx->options & DNS_MASTER_CHECKNAMESFAIL) != 0)
 		options |= DNS_RDATA_CHECKNAMESFAIL;
+	if ((lctx->options & DNS_MASTER_CHECKMX) != 0)
+		options |= DNS_RDATA_CHECKMX;
+	if ((lctx->options & DNS_MASTER_CHECKMXFAIL) != 0)
+		options |= DNS_RDATA_CHECKMXFAIL;
 	source = isc_lex_getsourcename(lctx->lex);
 	do {
 		initialws = ISC_FALSE;
 		line = isc_lex_getsourceline(lctx->lex);
-		GETTOKEN(lctx->lex, ISC_LEXOPT_INITIALWS, &token, ISC_TRUE);
+		GETTOKEN(lctx->lex, ISC_LEXOPT_INITIALWS | ISC_LEXOPT_QSTRING,
+			 &token, ISC_TRUE);
 		line = isc_lex_getsourceline(lctx->lex);
 
 		if (token.type == isc_tokentype_eof) {
@@ -999,7 +1004,8 @@ load(dns_loadctx_t *lctx) {
 			 * Still working on the same name.
 			 */
 			initialws = ISC_TRUE;
-		} else if (token.type == isc_tokentype_string) {
+		} else if (token.type == isc_tokentype_string ||
+			   token.type == isc_tokentype_qstring) {
 
 			/*
 			 * "$" Support.
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 64b630942f..08f3c46f87 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rdata.c,v 1.188 2005/04/27 04:56:50 sra Exp $ */
+/* $Id: rdata.c,v 1.189 2005/05/19 04:59:03 marka Exp $ */
 
 /*! \file */
 
@@ -197,6 +197,10 @@ static void
 warn_badname(dns_name_t *name, isc_lex_t *lexer,
 	     dns_rdatacallbacks_t *callbacks);
 
+static void
+warn_badmx(isc_token_t *token, isc_lex_t *lexer,
+	   dns_rdatacallbacks_t *callbacks);
+
 static inline int
 getquad(const void *src, struct in_addr *dst,
 	isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks)
@@ -1578,6 +1582,22 @@ fromtext_warneof(isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks) {
 	}
 }
 
+static void
+warn_badmx(isc_token_t *token, isc_lex_t *lexer,
+	   dns_rdatacallbacks_t *callbacks)
+{
+	const char *file;
+	unsigned long line;
+
+	if (lexer != NULL) {
+		file = isc_lex_getsourcename(lexer);
+		line = isc_lex_getsourceline(lexer);
+		(*callbacks->warn)(callbacks, "%s:%u: warning: '%s': %s", 
+				   file, line, DNS_AS_STR(*token),
+				   dns_result_totext(DNS_R_MXISADDRESS));
+	}
+}
+
 static void
 warn_badname(dns_name_t *name, isc_lex_t *lexer,
 	     dns_rdatacallbacks_t *callbacks)
diff --git a/lib/dns/rdata/generic/mx_15.c b/lib/dns/rdata/generic/mx_15.c
index 211a0af656..92bda74fe6 100644
--- a/lib/dns/rdata/generic/mx_15.c
+++ b/lib/dns/rdata/generic/mx_15.c
@@ -15,15 +15,37 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mx_15.c,v 1.52 2004/03/05 05:10:15 marka Exp $ */
+/* $Id: mx_15.c,v 1.53 2005/05/19 04:59:05 marka Exp $ */
 
 /* reviewed: Wed Mar 15 18:05:46 PST 2000 by brister */
 
 #ifndef RDATA_GENERIC_MX_15_C
 #define RDATA_GENERIC_MX_15_C
 
+#include 
+
+#include 
+
 #define RRTYPE_MX_ATTRIBUTES (0)
 
+static isc_boolean_t
+check_mx(isc_token_t *token) {
+	char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123.")];
+	struct in_addr addr;
+	struct in6_addr addr6;
+
+	if (strlcpy(tmp, DNS_AS_STR(*token), sizeof(tmp)) >= sizeof(tmp))
+		return (ISC_TRUE);
+
+	if (tmp[strlen(tmp) - 1] == '.')
+		tmp[strlen(tmp) - 1] = '\0';
+	if (inet_aton(tmp, &addr) == 1 ||
+	    inet_pton(AF_INET6, tmp, &addr6) == 1)
+		return (ISC_FALSE);
+
+	return (ISC_TRUE);
+}
+
 static inline isc_result_t
 fromtext_mx(ARGS_FROMTEXT) {
 	isc_token_t token;
@@ -45,6 +67,15 @@ fromtext_mx(ARGS_FROMTEXT) {
 
 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
 				      ISC_FALSE));
+
+	ok = ISC_TRUE;
+	if ((options & DNS_RDATA_CHECKMX) != 0)
+		ok = check_mx(&token);
+	if (!ok && (options & DNS_RDATA_CHECKMXFAIL) != 0)
+		RETTOK(DNS_R_MXISADDRESS);
+	if (!ok && callbacks != NULL)
+		warn_badmx(&token, lexer, callbacks);
+
 	dns_name_init(&name, NULL);
 	buffer_fromregion(&buffer, &token.value.as_region);
 	origin = (origin != NULL) ? origin : dns_rootname;
diff --git a/lib/dns/result.c b/lib/dns/result.c
index a211ed5df6..9885666a70 100644
--- a/lib/dns/result.c
+++ b/lib/dns/result.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.c,v 1.119 2005/04/29 00:22:51 marka Exp $ */
+/* $Id: result.c,v 1.120 2005/05/19 04:59:03 marka Exp $ */
 
 /*! \file */
 
@@ -153,7 +153,8 @@ static const char *text[DNS_R_NRESULTS] = {
 	"unknown command",		       /*%< 99 DNS_R_UNKNOWNCOMMAND */
 
 	"must-be-secure",		       /*%< 100 DNS_R_MUSTBESECURE */
-	"covering NSEC record returned"	       /*%< 101 DNS_R_COVERINGNSEC */
+	"covering NSEC record returned",       /*%< 101 DNS_R_COVERINGNSEC */
+	"MX is an address"		       /*%< 102 DNS_R_MXISADDRESS */
 };
 
 static const char *rcode_text[DNS_R_NRCODERESULTS] = {
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index a2a1d7d548..41aa8bbdb2 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.433 2005/04/27 04:56:53 sra Exp $ */
+/* $Id: zone.c,v 1.434 2005/05/19 04:59:03 marka Exp $ */
 
 /*! \file */
 
@@ -38,6 +38,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -179,13 +180,13 @@ struct dns_zone {
 	unsigned int		notifycnt;
 	isc_sockaddr_t		notifyfrom;
 	isc_task_t		*task;
-	isc_sockaddr_t	 	notifysrc4;
-	isc_sockaddr_t	 	notifysrc6;
-	isc_sockaddr_t	 	xfrsource4;
-	isc_sockaddr_t	 	xfrsource6;
-	isc_sockaddr_t	 	altxfrsource4;
-	isc_sockaddr_t	 	altxfrsource6;
-	isc_sockaddr_t	 	sourceaddr;
+	isc_sockaddr_t		notifysrc4;
+	isc_sockaddr_t		notifysrc6;
+	isc_sockaddr_t		xfrsource4;
+	isc_sockaddr_t		xfrsource6;
+	isc_sockaddr_t		altxfrsource4;
+	isc_sockaddr_t		altxfrsource6;
+	isc_sockaddr_t		sourceaddr;
 	dns_xfrin_ctx_t		*xfr;		/* task locked */
 	dns_tsigkey_t		*tsigkey;	/* key used for xfr */
 	/* Access Control Lists */
@@ -211,6 +212,9 @@ struct dns_zone {
 	isc_uint32_t		sigvalidityinterval;
 	dns_view_t		*view;
 	dns_acache_t		*acache;
+	dns_checkmxfunc_t	checkmx;
+	dns_checksrvfunc_t	checksrv;
+	dns_checknsfunc_t	checkns;
 	/*%
 	 * Zones in certain states such as "waiting for zone transfer"
 	 * or "zone transfer in progress" are kept on per-state linked lists
@@ -586,6 +590,9 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	zone->sigvalidityinterval = 30 * 24 * 3600;
 	zone->view = NULL;
 	zone->acache = NULL;
+	zone->checkmx = NULL;
+	zone->checksrv = NULL;
+	zone->checkns = NULL;
 	ISC_LINK_INIT(zone, statelink);
 	zone->statelist = NULL;
 	zone->counters = NULL;
@@ -1025,24 +1032,34 @@ zone_load(dns_zone_t *zone, unsigned int flags) {
 		goto cleanup;
 	}
 
+
+	/*
+	 * Store the current time before the zone is loaded, so that if the
+	 * file changes between the time of the load and the time that
+	 * zone->loadtime is set, then the file will still be reloaded
+	 * the next time dns_zone_load is called.
+	 */
+	TIME_NOW(&loadtime);
+
 	/*
 	 * Don't do the load if the file that stores the zone is older
 	 * than the last time the zone was loaded.  If the zone has not
 	 * been loaded yet, zone->loadtime will be the epoch.
 	 */
-	if (zone->masterfile != NULL && ! isc_time_isepoch(&zone->loadtime)) {
+	if (zone->masterfile != NULL) {
 		/*
 		 * The file is already loaded.  If we are just doing a
 		 * "rndc reconfig", we are done.
 		 */
-		if ((flags & DNS_ZONELOADFLAG_NOSTAT) != 0) {
+		if (!isc_time_isepoch(&zone->loadtime) &&
+		    (flags & DNS_ZONELOADFLAG_NOSTAT) != 0) {
 			result = ISC_R_SUCCESS;
 			goto cleanup;
 		}
-		if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE)) {
-			result = isc_file_getmodtime(zone->masterfile,
-						     &filetime);
-			if (result == ISC_R_SUCCESS &&
+
+		result = isc_file_getmodtime(zone->masterfile, &filetime);
+		if (result == ISC_R_SUCCESS) {
+			if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE) &&
 			    isc_time_compare(&filetime, &zone->loadtime) < 0) {
 				dns_zone_log(zone, ISC_LOG_DEBUG(1),
 					     "skipping load: master file older "
@@ -1050,6 +1067,7 @@ zone_load(dns_zone_t *zone, unsigned int flags) {
 				result = DNS_R_UPTODATE;
 				goto cleanup;
 			}
+			loadtime = filetime;
 		}
 	}
 
@@ -1073,14 +1091,6 @@ zone_load(dns_zone_t *zone, unsigned int flags) {
 
 	dns_zone_log(zone, ISC_LOG_DEBUG(1), "starting load");
 
-	/*
-	 * Store the current time before the zone is loaded, so that if the
-	 * file changes between the time of the load and the time that
-	 * zone->loadtime is set, then the file will still be reloaded
-	 * the next time dns_zone_load is called.
-	 */
-	TIME_NOW(&loadtime);
-
 	result = dns_db_create(zone->mctx, zone->db_argv[0],
 			       &zone->origin, (zone->type == dns_zone_stub) ?
 			       dns_dbtype_stub : dns_dbtype_zone,
@@ -1161,6 +1171,10 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) {
 		options |= DNS_MASTER_CHECKNAMES;
 	if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKNAMESFAIL))
 		options |= DNS_MASTER_CHECKNAMESFAIL;
+	if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKMX))
+		options |= DNS_MASTER_CHECKMX;
+	if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKMXFAIL))
+		options |= DNS_MASTER_CHECKMXFAIL;
 	if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKWILDCARD))
 		options |= DNS_MASTER_CHECKWILDCARD;
 	result = dns_master_loadfileinc(load->zone->masterfile,
@@ -1233,6 +1247,10 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
 		options |= DNS_MASTER_CHECKNAMES;
 	if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL))
 		options |= DNS_MASTER_CHECKNAMESFAIL;
+	if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMX))
+		options |= DNS_MASTER_CHECKMX;
+	if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMXFAIL))
+		options |= DNS_MASTER_CHECKMXFAIL;
 	if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD))
 		options |= DNS_MASTER_CHECKWILDCARD;
 
@@ -1293,6 +1311,375 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
 	return (result);
 }
 
+static isc_boolean_t
+zone_check_mx(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
+	      dns_name_t *owner)
+{
+	isc_result_t result;
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	char namebuf[DNS_NAME_FORMATSIZE];
+	char altbuf[DNS_NAME_FORMATSIZE];
+	dns_fixedname_t fixed;
+	dns_name_t *foundname;
+	int level;
+	
+	/*
+	 * Outside of zone.
+	 */
+	if (!dns_name_issubdomain(name, &zone->origin)) {
+		if (zone->checkmx != NULL)
+			return ((zone->checkmx)(zone, name, owner));
+		return (ISC_TRUE);
+	}
+
+	if (zone->type == dns_zone_master)
+		level = ISC_LOG_ERROR;
+	else
+		level = ISC_LOG_WARNING;
+
+	dns_fixedname_init(&fixed);
+	foundname = dns_fixedname_name(&fixed);
+
+	result = dns_db_find(db, name, NULL, dns_rdatatype_a,
+			     0, 0, NULL, foundname, NULL, NULL);
+	if (result == ISC_R_SUCCESS)
+		return (ISC_TRUE);
+
+	if (result == DNS_R_NXRRSET) {
+		result = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
+				     0, 0, NULL, foundname, NULL, NULL);
+		if (result == ISC_R_SUCCESS)
+			return (ISC_TRUE);
+	}
+
+	dns_name_format(owner, ownerbuf, sizeof ownerbuf);
+	dns_name_format(name, namebuf, sizeof namebuf);
+	if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN ||
+	    result == DNS_R_EMPTYNAME) {
+		dns_zone_log(zone, level,
+			     "%s/MX '%s' has no address records (A or AAAA)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+	}
+
+	if (result == DNS_R_CNAME) {
+		dns_zone_log(zone, level, "%s/MX '%s' is a CNAME (illegal)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+	}
+
+	if (result == DNS_R_DNAME) {
+		dns_name_format(foundname, altbuf, sizeof altbuf);
+		dns_zone_log(zone, level,
+			     "%s/MX '%s' is below a DNAME '%s' (illegal)",
+			     ownerbuf, namebuf, altbuf);
+		return (ISC_FALSE);
+	}
+
+	if (zone->checkmx != NULL && result == DNS_R_DELEGATION)
+		return ((zone->checkmx)(zone, name, owner));
+
+	return (ISC_TRUE);
+}
+
+static isc_boolean_t
+zone_check_srv(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
+	       dns_name_t *owner)
+{
+	isc_result_t result;
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	char namebuf[DNS_NAME_FORMATSIZE];
+	char altbuf[DNS_NAME_FORMATSIZE];
+	dns_fixedname_t fixed;
+	dns_name_t *foundname;
+	int level;
+	
+	/*
+	 * Outside of zone.
+	 */
+	if (!dns_name_issubdomain(name, &zone->origin)) {
+		if (zone->checksrv != NULL)
+			return ((zone->checksrv)(zone, name, owner));
+		return (ISC_TRUE);
+	}
+
+	if (zone->type == dns_zone_master)
+		level = ISC_LOG_ERROR;
+	else
+		level = ISC_LOG_WARNING;
+
+	dns_fixedname_init(&fixed);
+	foundname = dns_fixedname_name(&fixed);
+
+	result = dns_db_find(db, name, NULL, dns_rdatatype_a,
+			     0, 0, NULL, foundname, NULL, NULL);
+	if (result == ISC_R_SUCCESS)
+		return (ISC_TRUE);
+
+	if (result == DNS_R_NXRRSET) {
+		result = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
+				     0, 0, NULL, foundname, NULL, NULL);
+		if (result == ISC_R_SUCCESS)
+			return (ISC_TRUE);
+	}
+
+	dns_name_format(owner, ownerbuf, sizeof ownerbuf);
+	dns_name_format(name, namebuf, sizeof namebuf);
+	if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN ||
+	    result == DNS_R_EMPTYNAME) {
+		dns_zone_log(zone, level,
+			     "%s/SRV '%s' has no address records (A or AAAA)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+	}
+
+	if (result == DNS_R_CNAME) {
+		dns_zone_log(zone, level, "%s/SRV '%s' is a CNAME (illegal)",
+			     ownerbuf, namebuf);
+		return (ISC_FALSE);
+	}
+
+	if (result == DNS_R_DNAME) {
+		dns_name_format(foundname, altbuf, sizeof altbuf);
+		dns_zone_log(zone, level,
+			     "%s/SRV '%s' is below a DNAME '%s' (illegal)",
+			     ownerbuf, namebuf, altbuf);
+		return (ISC_FALSE);
+	}
+
+	if (zone->checksrv != NULL && result == DNS_R_DELEGATION)
+		return ((zone->checksrv)(zone, name, owner));
+
+	return (ISC_TRUE);
+}
+
+static isc_boolean_t
+zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name,
+	        dns_name_t *owner)
+{
+	isc_boolean_t answer = ISC_TRUE;
+	isc_result_t result, tresult;
+	char ownerbuf[DNS_NAME_FORMATSIZE];
+	char namebuf[DNS_NAME_FORMATSIZE];
+	char altbuf[DNS_NAME_FORMATSIZE];
+	dns_fixedname_t fixed;
+	dns_name_t *foundname;
+	dns_rdataset_t a;
+	dns_rdataset_t aaaa;
+	int level;
+	
+	/*
+	 * Outside of zone.
+	 */
+	if (!dns_name_issubdomain(name, &zone->origin)) {
+		if (zone->checkns != NULL)
+			return ((zone->checkns)(zone, name, owner, NULL, NULL));
+		return (ISC_TRUE);
+	}
+
+	if (zone->type == dns_zone_master)
+		level = ISC_LOG_ERROR;
+	else
+		level = ISC_LOG_WARNING;
+
+	dns_fixedname_init(&fixed);
+	foundname = dns_fixedname_name(&fixed);
+	dns_rdataset_init(&a);
+	dns_rdataset_init(&aaaa);
+
+	result = dns_db_find(db, name, NULL, dns_rdatatype_a,
+			     DNS_DBFIND_GLUEOK, 0, NULL,
+			     foundname, &a, NULL);
+
+	if (result == ISC_R_SUCCESS) {
+		dns_rdataset_disassociate(&a);
+		return (ISC_TRUE);
+	} else if (result == DNS_R_DELEGATION)
+		dns_rdataset_disassociate(&a);
+
+	if (result == DNS_R_NXRRSET || result == DNS_R_DELEGATION ||
+	    result == DNS_R_GLUE) {
+		tresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
+				     DNS_DBFIND_GLUEOK, 0, NULL,
+				     foundname, &aaaa, NULL);
+		if (tresult == ISC_R_SUCCESS) {
+			dns_rdataset_disassociate(&aaaa);
+			return (ISC_TRUE);
+		} 
+		if (tresult == DNS_R_DELEGATION)
+			dns_rdataset_disassociate(&aaaa);
+		if (result == DNS_R_GLUE || tresult == DNS_R_GLUE) {
+			/*
+			 * Check glue against child zone.
+			 */
+			if (zone->checkns != NULL)
+				answer = (zone->checkns)(zone, name, owner,
+							 &a, &aaaa);
+			if (dns_rdataset_isassociated(&a))
+				dns_rdataset_disassociate(&a);
+			if (dns_rdataset_isassociated(&aaaa))
+				dns_rdataset_disassociate(&aaaa);
+			return (answer);
+		}
+	} else
+		tresult = result;
+
+	dns_name_format(owner, ownerbuf, sizeof ownerbuf);
+	dns_name_format(name, namebuf, sizeof namebuf);
+	if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN ||
+	    result == DNS_R_EMPTYNAME || result == DNS_R_DELEGATION) {
+		const char *what;
+		if (dns_name_issubdomain(name, owner))
+			what = "REQUIRED GLUE ";
+		else if (result == DNS_R_DELEGATION)
+			what = "SIBLING GLUE ";
+		else
+			what = "";
+		dns_zone_log(zone, level,
+			     "%s/NS '%s' has no %saddress records (A or AAAA)",
+			     ownerbuf, namebuf, what);
+		/*
+		 * Log missing address record.
+		 */
+		if (result == DNS_R_DELEGATION && zone->checkns != NULL)
+			answer = (zone->checkns)(zone, name, owner, &a, &aaaa);
+		answer = ISC_FALSE;
+	} else if (result == DNS_R_CNAME) {
+		dns_zone_log(zone, level, "%s/NS '%s' is a CNAME (illegal)",
+			     ownerbuf, namebuf);
+		answer = ISC_FALSE;
+	} else if (result == DNS_R_DNAME) {
+		dns_name_format(foundname, altbuf, sizeof altbuf);
+		dns_zone_log(zone, level,
+			     "%s/NS '%s' is below a DNAME '%s' (illegal)",
+			     ownerbuf, namebuf, altbuf);
+		answer = ISC_FALSE;
+	}
+
+	if (dns_rdataset_isassociated(&a))
+		dns_rdataset_disassociate(&a);
+	if (dns_rdataset_isassociated(&aaaa))
+		dns_rdataset_disassociate(&aaaa);
+	return (answer);
+}
+
+static isc_boolean_t
+integrity_checks(dns_zone_t *zone, dns_db_t *db) {
+	dns_dbiterator_t *dbiterator = NULL;
+	dns_dbnode_t *node = NULL;
+	dns_rdataset_t rdataset;
+	dns_fixedname_t fixed;
+	dns_fixedname_t fixedbottom;
+	dns_rdata_mx_t mx;
+	dns_rdata_ns_t ns;
+	dns_rdata_in_srv_t srv;
+	dns_rdata_t rdata;
+	dns_name_t *name;
+	dns_name_t *bottom;
+	isc_result_t result;
+	isc_boolean_t ok = ISC_TRUE;
+
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
+	dns_fixedname_init(&fixedbottom);
+	bottom = dns_fixedname_name(&fixedbottom);
+	dns_rdataset_init(&rdataset);
+	dns_rdata_init(&rdata);
+
+	result = dns_db_createiterator(db, ISC_FALSE, &dbiterator);
+	if (result != ISC_R_SUCCESS)
+		return (ISC_TRUE);
+
+	result = dns_dbiterator_first(dbiterator);
+	while (result == ISC_R_SUCCESS) {
+		result = dns_dbiterator_current(dbiterator, &node, name);
+		if (result != ISC_R_SUCCESS)
+			goto cleanup;
+
+		/*
+		 * Is this name visible in the zone?
+		 */
+		if (!dns_name_issubdomain(name, &zone->origin) ||
+		    (dns_name_countlabels(bottom) > 0 &&
+		     dns_name_issubdomain(name, bottom)))
+			goto next;
+
+		/*
+		 * Don't check the NS records at the origin.
+		 */
+		if (dns_name_equal(name, &zone->origin))
+			goto checkmx;
+
+		result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ns, 
+					     0, 0, &rdataset, NULL);
+		if (result != ISC_R_SUCCESS)
+			goto checkmx;
+		/*
+		 * Remember bottom of zone.
+		 */
+		dns_name_dup(name, NULL, bottom);
+
+		result = dns_rdataset_first(&rdataset);
+		while (result == ISC_R_SUCCESS) {
+			dns_rdataset_current(&rdataset, &rdata);
+			result = dns_rdata_tostruct(&rdata, &ns, NULL);
+			RUNTIME_CHECK(result == ISC_R_SUCCESS);
+			if (!zone_check_glue(zone, db, &ns.name, name))
+				ok = ISC_FALSE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(&rdataset);
+		}
+		dns_rdataset_disassociate(&rdataset);
+
+ checkmx:
+		result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_mx, 
+					     0, 0, &rdataset, NULL);
+		if (result != ISC_R_SUCCESS)
+			goto checksrv;
+		result = dns_rdataset_first(&rdataset);
+		while (result == ISC_R_SUCCESS) {
+			dns_rdataset_current(&rdataset, &rdata);
+			result = dns_rdata_tostruct(&rdata, &mx, NULL);
+			RUNTIME_CHECK(result == ISC_R_SUCCESS);
+			if (!zone_check_mx(zone, db, &mx.mx, name))
+				ok = ISC_FALSE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(&rdataset);
+		}
+		dns_rdataset_disassociate(&rdataset);
+
+ checksrv:
+		if (zone->rdclass != dns_rdataclass_in)
+			goto next;
+		result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_srv, 
+					     0, 0, &rdataset, NULL);
+		if (result != ISC_R_SUCCESS)
+			goto next;
+		result = dns_rdataset_first(&rdataset);
+		while (result == ISC_R_SUCCESS) {
+			dns_rdataset_current(&rdataset, &rdata);
+			result = dns_rdata_tostruct(&rdata, &srv, NULL);
+			RUNTIME_CHECK(result == ISC_R_SUCCESS);
+			if (!zone_check_srv(zone, db, &srv.target, name))
+				ok = ISC_FALSE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(&rdataset);
+		}
+		dns_rdataset_disassociate(&rdataset);
+
+ next:
+		dns_db_detachnode(db, &node);
+		result = dns_dbiterator_next(dbiterator);
+	}
+
+ cleanup:
+	if (node != NULL)
+		dns_db_detachnode(db, &node);
+	dns_dbiterator_destroy(&dbiterator);
+
+	return (ok);
+}
+
 static isc_result_t
 zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
 	      isc_result_t result)
@@ -1410,6 +1797,13 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
 			result = DNS_R_BADZONE;
 			goto cleanup;
 		}
+		if (zone->type == dns_zone_master &&
+		    DNS_ZONE_OPTION(zone, DNS_ZONEOPT_INTEGRITYCHECK) &&
+		    !integrity_checks(zone, db)) {
+			result = DNS_R_BADZONE;
+			goto cleanup;
+		}
+
 		if (zone->db != NULL) {
 			if (!isc_serial_ge(serial, zone->serial)) {
 				dns_zone_log(zone, ISC_LOG_ERROR,
@@ -1555,7 +1949,8 @@ zone_check_ns(dns_zone_t *zone, dns_db_t *db, dns_name_t *name) {
 	}
 
 	dns_name_format(name, namebuf, sizeof namebuf);
-	if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN) {
+	if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN ||
+	    result == DNS_R_EMPTYNAME) {
 		dns_zone_log(zone, level,
 			     "NS '%s' has no address records (A or AAAA)",
 			     namebuf);
@@ -7062,6 +7457,24 @@ dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata) {
 	return (ISC_R_SUCCESS);
 }
 
+void
+dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	zone->checkmx = checkmx;
+}
+
+void
+dns_zone_setchecksrv(dns_zone_t *zone, dns_checksrvfunc_t checksrv) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	zone->checksrv = checksrv;
+}
+
+void
+dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns) {
+	REQUIRE(DNS_ZONE_VALID(zone));
+	zone->checkns = checkns;
+}
+
 void
 dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg) {
 	REQUIRE(DNS_ZONE_VALID(zone));
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 44e355f4b9..593eb87209 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.49 2005/05/12 04:38:23 marka Exp $ */
+/* $Id: namedconf.c,v 1.50 2005/05/19 04:59:05 marka Exp $ */
 
 /*! \file */
 
@@ -793,6 +793,8 @@ zone_clauses[] = {
 	{ "zone-statistics", &cfg_type_boolean, 0 },
 	{ "key-directory", &cfg_type_qstring, 0 },
 	{ "check-wildcard", &cfg_type_boolean, 0 },
+	{ "integrity-check", &cfg_type_boolean, 0 },
+	{ "check-mx", &cfg_type_checkmode, 0 },
 	{ NULL, NULL, 0 }
 };
 

From 3a3705ef7747327df182bf8d009333d2472253d5 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 19 May 2005 12:34:34 +0000
Subject: [PATCH 061/148] regen

---
 bin/check/named-checkzone.8    |  14 ++++-
 bin/check/named-checkzone.html |  54 ++++++++++++++---
 bin/named/named.conf.5         |   8 ++-
 bin/named/named.conf.html      |  16 +++--
 doc/arm/Bv9ARM.ch06.html       | 104 ++++++++++++++++++++++-----------
 doc/arm/Bv9ARM.ch07.html       |  14 ++---
 doc/arm/Bv9ARM.ch08.html       |  18 +++---
 doc/arm/Bv9ARM.ch09.html       |  18 +++---
 doc/arm/Bv9ARM.html            |  40 ++++++-------
 doc/misc/options               |   8 +++
 10 files changed, 199 insertions(+), 95 deletions(-)

diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index e1c9fa3988..8e870d54eb 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.27 2005/05/13 03:14:03 marka Exp $
+.\" $Id: named-checkzone.8,v 1.28 2005/05/19 12:34:32 marka Exp $
 .\"
 .hy 0
 .ad l
@@ -41,7 +41,7 @@
 named-checkzone \- zone file validity checking tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-i\ \fImode\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-m\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fImode\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR checks the syntax and integrity of a zone file\&. It performs the same checks as \fBnamed\fR does when loading a zone\&. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server\&.
@@ -62,9 +62,19 @@ When loading the zone file read the journal if it exists\&.
 \-c \fIclass\fR
 Specify the class of the zone\&. If not specified "IN" is assumed\&.
 .TP
+\-i \fImode\fR
+Perform post load zone integrity checks\&. Possible modes are \fB"full"\fR (default), \fB"local"\fR and \fB"none"\fR\&.
+Mode \fB"full"\fR checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode \fB"local"\fR only checks MX records which refer to in\-zone hostnames\&.
+Mode \fB"full"\fR checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode \fB"local"\fR only checks SRV records which refer to in\-zone hostnames\&.
+Mode \fB"full"\fR checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue addresses records in the zone match those advertised by the child\&. Mode \fB"local"\fR only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&.
+Mode \fB"none"\fR disables the checks\&.
+.TP
 \-k \fImode\fR
 Perform \fB"check\-name"\fR checks with the specified failure mode\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
 .TP
+\-m \fImode\fR
+Specify whether MX records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
+.TP
 \-n \fImode\fR
 Specify whether NS records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
 .TP
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 6c539791e2..2246b1c628 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -29,10 +29,10 @@
 

 

 
Synopsis

-
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-k mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -41,7 +41,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -64,6 +64,39 @@
 

             Specify the class of the zone.  If not specified "IN" is assumed.
           

+
-i mode

+

+

+	      Perform post load zone integrity checks.  Possible modes are
+	      "full" (default),
+	      "local" and
+	      "none".
+	  

+

+	      Mode "full" checks that MX records
+	      refer to A or AAAA record (both in-zone and out-of-zone
+	      hostnames).  Mode "local" only
+	      checks MX records which refer to in-zone hostnames.
+	  

+

+	      Mode "full" checks that SRV records
+	      refer to A or AAAA record (both in-zone and out-of-zone
+	      hostnames).  Mode "local" only
+	      checks SRV records which refer to in-zone hostnames.
+	  

+

+	      Mode "full" checks that delegation NS
+	      records refer to A or AAAA record (both in-zone and out-of-zone
+	      hostnames).  It also checks that glue addresses records
+	      in the zone match those advertised by the child.
+	      Mode "local" only checks NS records which
+	      refer to in-zone hostnames or that some required glue exists,
+	      that is when the nameserver is in a child zone.
+	  

+

+	      Mode "none" disables the checks.
+	  

+

 
-k mode

 

             Perform "check-name" checks with
@@ -72,6 +105,13 @@
             "warn" (default) and
             "ignore".
           

+
-m mode

+

+            Specify whether MX records should be checked to see if they
+            are addresses.  Possible modes are "fail",
+            "warn" (default) and
+            "ignore".
+          

 
-n mode

 

             Specify whether NS records should be checked to see if they
@@ -122,21 +162,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       RFC 1035,
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 8dc47c7827..d09f028ca7 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.conf.5,v 1.10 2005/05/12 23:54:25 sra Exp $
+.\" $Id: named.conf.5,v 1.11 2005/05/19 12:34:33 marka Exp $
 .\"
 .hy 0
 .ad l
@@ -195,6 +195,8 @@ options {
 	max\-cache\-size \fIsize_no_default\fR;
 	check\-names ( master | slave | response )
 		( fail | warn | ignore );
+	check\-mx ( fail | warn | ignore );
+	integrity\-check \fIboolean\fR;
 	cache\-file \fIquoted_string\fR;
 	suppress\-initial\-notify \fIboolean\fR; // not yet implemented
 	preferred\-glue \fIstring\fR;
@@ -308,6 +310,8 @@ view \fIstring\fR \fIoptional_class\fR {
 	max\-cache\-size \fIsize_no_default\fR;
 	check\-names ( master | slave | response )
 		( fail | warn | ignore );
+	check\-mx ( fail | warn | ignore );
+	integrity\-check \fIboolean\fR;
 	cache\-file \fIquoted_string\fR;
 	suppress\-initial\-notify \fIboolean\fR; // not yet implemented
 	preferred\-glue \fIstring\fR;
@@ -382,6 +386,8 @@ zone \fIstring\fR \fIoptional_class\fR {
 	database \fIstring\fR;
 	delegation\-only \fIboolean\fR;
 	check\-names ( fail | warn | ignore );
+	check\-mx ( fail | warn | ignore );
+	integrity\-check \fIboolean\fR;
 	dialup \fIdialuptype\fR;
 	ixfr\-from\-differences \fIboolean\fR;
 	journal \fIquoted_string\fR;
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 11e7a64487..cf0851ecdd 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -213,6 +213,8 @@ options
 	max-cache-size size_no_default;

 	check-names ( master | slave | response )

 		( fail | warn | ignore );

+	check-mx ( fail | warn | ignore );

+	integrity-check boolean;

 	cache-file quoted_string;

 	suppress-initial-notify boolean; // not yet implemented

 	preferred-glue string;

@@ -292,7 +294,7 @@ options
 

 

 

-
VIEW

+
VIEW

 


 view string optional_class {

 	match-clients { address_match_element; ... };

@@ -342,6 +344,8 @@ view
 	max-cache-size size_no_default;

 	check-names ( master | slave | response )

 		( fail | warn | ignore );

+	check-mx ( fail | warn | ignore );

+	integrity-check boolean;

 	cache-file quoted_string;

 	suppress-initial-notify boolean; // not yet implemented

 	preferred-glue string;

@@ -413,7 +417,7 @@ view
 

 

 

-
ZONE

+
ZONE

 


 zone string optional_class {

 	type ( master | slave | stub | hint |

@@ -429,6 +433,8 @@ zone
 	database string;

 	delegation-only boolean;

 	check-names ( fail | warn | ignore );

+	check-mx ( fail | warn | ignore );

+	integrity-check boolean;

 	dialup dialuptype;

 	ixfr-from-differences boolean;

 	journal quoted_string;

@@ -491,12 +497,12 @@ zone
 

 

 

-
FILES

+
FILES

 
/etc/named.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       rndc(8),
       BIND 9 Administrator Reference Manual.
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index d2faab1a1c..0ef364eeac 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -77,23 +77,23 @@
 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 
-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 

 
 

@@ -1752,7 +1752,9 @@ category notify { null; };
     [ forwarders { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
     [ dual-stack-servers [port ip_port] { ( domain_name [port ip_port] | ip_addr [port ip_port] ) ; ... }; ]
     [ check-names ( master | slave | response )( warn | fail | ignore ); ]
+    [ check-mx ( warn | fail | ignore ); ]
     [ check-wildcard yes_or_no; ]
+    [ integrity-checks yes_or_no; ]
     [ allow-notify { address_match_list }; ]
     [ allow-query { address_match_list }; ]
     [ allow-query-cache { address_match_list }; ]
@@ -2657,6 +2659,13 @@ options {
                   IN-ADDR.ARPA, IP6.ARPA, IP6.INT).
                 

 
+
check-mx

+

+		  Check whether the MX record appears to refer to a IP address.
+		  The default is to warn.  Other possible
+		  values are fail and
+		  ignore.
+		

 
check-wildcard

 

                   This option is used to check for non-terminal wildcards.
@@ -2667,11 +2676,24 @@ options {
                   affects master zones.  The default (yes) is to check
                   for non-terminal wildcards and issue a warning.
                 

+
integrity-check

+

+		  Perform post load zone integrity checks on master
+		  zones.  This checks that MX and SRV records refer
+		  to address (A or AAAA) records and that glue
+		  address records exist for delegated zones.  For
+		  MX and SRV records only in-zone hostnames are
+		  checked (for out-of-zone hostnames use named-checkzone).
+		  For NS records only names below top of zone are
+		  checked (for out-of-zone names and glue consistancy
+		  checks use named-checkzone).  The default is
+		  yes.
+		

 

 

 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -2715,7 +2737,7 @@ options {
 

 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -2880,7 +2902,7 @@ options {
 

 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -2960,7 +2982,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
 

 

 

-Query Address

+Query Address

 

             If the server doesn't know the answer to a question, it will
             query other name servers. query-source specifies
@@ -3204,7 +3226,7 @@ query-source-v6 address * port *;
 
 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 
avoid-v4-udp-ports
 	    and avoid-v6-udp-ports specify a list
             of IPv4 and IPv6 UDP ports that will not be used as system
@@ -3218,7 +3240,7 @@ query-source-v6 address * port *;
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3278,7 +3300,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3357,7 +3379,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -4181,7 +4203,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4190,7 +4212,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4229,7 +4251,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             new feature
@@ -4359,7 +4381,9 @@ view "external" {
     [ allow-update-forwarding { address_match_list } ; ]
     [ also-notify { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
     [ check-names (warn|fail|ignore) ; ]
+    [ check-mx (warn|fail|ignore) ; ]
     [ check-wildcard yes_or_no; ]
+    [ integrity-checks yes_or_no ; ]
     [ dialup dialup_option ; ]
     [ delegation-only yes_or_no ; ]
     [ file string ; ]
@@ -4399,10 +4423,10 @@ view "external" {
 
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 

 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
@@ -4611,7 +4635,7 @@ view "external" {
 

 

-Class

+Class

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -4633,7 +4657,7 @@ view "external" {
 
 

 

-Zone Options

+Zone Options

 
journal

 

@@ -4700,11 +4724,21 @@ view "external" {
                     network.  The default varies according to zone type.  For master zones the default is fail.  For slave
                     zones the default is warn.
                   

+
check-mx

+

+                    See the description of
+                    check-mx in the section called “Boolean Options”.
+                  

 
check-wildcard

 

                     See the description of
                     check-wildcard in the section called “Boolean Options”.
                   

+
integrity-check

+

+                    See the description of
+                    integrity-check in the section called “Boolean Options”.
+                  

 
database

 

 

@@ -5057,7 +5091,7 @@ view "external" {
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -5070,7 +5104,7 @@ view "external" {
           

 

 

-Resource Records

+Resource Records

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -5659,7 +5693,7 @@ view "external" {
 
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -5866,7 +5900,7 @@ view "external" {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -6123,7 +6157,7 @@ view "external" {
 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -6184,7 +6218,7 @@ view "external" {
 
 

 

-Other Zone File Directives

+Other Zone File Directives

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -6199,7 +6233,7 @@ view "external" {
           

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
 	      domain-name
@@ -6227,7 +6261,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -6263,7 +6297,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -6282,7 +6316,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
 	    range
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 9feb625b7a..852a6b9c05 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,11 +46,11 @@
 
Table of Contents

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -114,7 +114,7 @@ zone "example.com" {
 

 

-chroot and setuid (for
+chroot and setuid (for
           UNIX servers)

 

           On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -138,7 +138,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot() environment
             to
@@ -166,7 +166,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 0b4a39d2ff..4a18eb8b3e 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers-they aren't date
           related.  A lot of people set them to a number that represents a
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Software Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index da5b133759..d9ac4ff086 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -43,24 +43,24 @@
 

 
Table of Contents

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

-A Brief History of the DNS and BIND

+A Brief History of the DNS and BIND

             Although the "official" beginning of the Domain Name
             System occurred in 1984 with the publication of RFC 920, the
@@ -469,7 +469,7 @@
           

 

-Bibliography

+Bibliography

 
Standards

 
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

@@ -592,11 +592,11 @@
 

 

-Other Documents About BIND

+Other Documents About BIND

 

-Bibliography

+Bibliography
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 3d12b1f6c3..f1b167fc49 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -155,54 +155,54 @@
 
server Statement Grammar
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
7. BIND 9 Security Considerations

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 
8. Troubleshooting

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 
A. Appendices

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

diff --git a/doc/misc/options b/doc/misc/options
index c2bb164383..16ff3398ac 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -129,6 +129,8 @@ options {
         zone-statistics ;
         key-directory ;
         check-wildcard ;
+        integrity-check ;
+        check-mx ( fail | warn | ignore );
 };
 
 controls {
@@ -224,6 +226,8 @@ view   {
                 zone-statistics ;
                 key-directory ;
                 check-wildcard ;
+                integrity-check ;
+                check-mx ( fail | warn | ignore );
         };
         server  {
                 bogus ;
@@ -320,6 +324,8 @@ view   {
         zone-statistics ;
         key-directory ;
         check-wildcard ;
+        integrity-check ;
+        check-mx ( fail | warn | ignore );
 };
 
 lwres {
@@ -388,6 +394,8 @@ zone   {
         zone-statistics ;
         key-directory ;
         check-wildcard ;
+        integrity-check ;
+        check-mx ( fail | warn | ignore );
 };
 
 server  {

From 9b3dcd7576a25f05f2b02677d1fedcf3071507f8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 19 May 2005 23:27:31 +0000
Subject: [PATCH 062/148] auto update

---
 doc/private/branches | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/private/branches b/doc/private/branches
index 139b0c9091..19f6380fad 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -34,7 +34,6 @@ rt13662				new
 rt13694				new	
 rt13707				new	
 rt13714				new	
-rt13745				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new	
@@ -44,6 +43,7 @@ rt14686				new
 rt14695				new	
 rt1471				new	
 rt14775				new	
+rt14801				new	
 rt1572a				new	
 rt288				new	
 rt3469				new	
@@ -324,6 +324,7 @@ rt13605				closed
 rt13609				closed
 rt13620				closed
 rt13659				closed
+rt13745				closed
 rt3445				closed
 rt3502				closed
 rt3507				closed		// pull down by explorer

From 49ef9cb60f37eb190986b750db57a194c8f7321c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 19 May 2005 23:38:12 +0000
Subject: [PATCH 063/148] newcopyrights

---
 util/copyrights | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index 7a737155c7..e248ababd5 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -604,7 +604,7 @@
 ./bin/tests/system/nsupdate/knowngood.ns1.before	X	2000,2001
 ./bin/tests/system/nsupdate/ns1/.cvsignore	X	2000,2001
 ./bin/tests/system/nsupdate/ns1/example1.db	ZONE	2000,2001,2002,2004
-./bin/tests/system/nsupdate/ns1/named.conf	CONF-C	2000,2001,2004
+./bin/tests/system/nsupdate/ns1/named.conf	CONF-C	2000,2001,2004,2005
 ./bin/tests/system/nsupdate/ns2/.cvsignore	X	2000,2001
 ./bin/tests/system/nsupdate/ns2/named.conf	CONF-C	2000,2001,2004
 ./bin/tests/system/nsupdate/setup.sh		SH	2000,2001,2004
@@ -1780,7 +1780,7 @@
 ./lib/dns/rdata/generic/minfo_14.h		C	1998,1999,2000,2001,2004,2005
 ./lib/dns/rdata/generic/mr_9.c			C	1998,1999,2000,2001,2004
 ./lib/dns/rdata/generic/mr_9.h			C	1998,1999,2000,2001,2004,2005
-./lib/dns/rdata/generic/mx_15.c			C	1998,1999,2000,2001,2003,2004
+./lib/dns/rdata/generic/mx_15.c			C	1998,1999,2000,2001,2003,2004,2005
 ./lib/dns/rdata/generic/mx_15.h			C	1998,1999,2000,2001,2004,2005
 ./lib/dns/rdata/generic/ns_2.c			C	1998,1999,2000,2001,2004
 ./lib/dns/rdata/generic/ns_2.h			C	1998,1999,2000,2001,2004,2005

From 172d748152bf72a5af01f79c10f5e80ab4965583 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 20 May 2005 01:09:36 +0000
Subject: [PATCH 064/148] update copyright notice

---
 bin/tests/system/nsupdate/ns1/named.conf | 4 ++--
 lib/dns/rdata/generic/mx_15.c            | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf
index 03b100ba05..8e0a5692eb 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf
+++ b/bin/tests/system/nsupdate/ns1/named.conf
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.13 2005/05/19 04:59:01 marka Exp $ */
+/* $Id: named.conf,v 1.14 2005/05/20 01:09:35 marka Exp $ */
 
 controls { /* empty */ };
 
diff --git a/lib/dns/rdata/generic/mx_15.c b/lib/dns/rdata/generic/mx_15.c
index 92bda74fe6..7ec44f3000 100644
--- a/lib/dns/rdata/generic/mx_15.c
+++ b/lib/dns/rdata/generic/mx_15.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mx_15.c,v 1.53 2005/05/19 04:59:05 marka Exp $ */
+/* $Id: mx_15.c,v 1.54 2005/05/20 01:09:36 marka Exp $ */
 
 /* reviewed: Wed Mar 15 18:05:46 PST 2000 by brister */
 

From 3b4405aba93729eead9f8f006d426f24fc4c3d78 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 20 May 2005 01:19:43 +0000
Subject: [PATCH 065/148] 1837.   [bug]           Compile time option
 ISC_FACILITY was not effective                         for 'named -u '.
  [RT #13714]

---
 CHANGES              |  3 ++-
 bin/named/log.c      | 14 +++++++++++++-
 doc/private/branches |  2 +-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 906c727d75..ea4c1e16a6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -73,7 +73,8 @@
 
 1838.	[placeholder]	rt13707
 
-1837.	[placeholder]	rt13714
+1837.	[bug]		Compile time option ISC_FACILITY was not effective
+			for 'named -u '.  [RT #13714]
 
 1836.	[cleanup]	Silence compiler warnings in hash_test.c.
 
diff --git a/bin/named/log.c b/bin/named/log.c
index 3bbbc2eff5..fb5ad506f2 100644
--- a/bin/named/log.c
+++ b/bin/named/log.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.c,v 1.40 2005/04/29 00:22:27 marka Exp $ */
+/* $Id: log.c,v 1.41 2005/05/20 01:19:42 marka Exp $ */
 
 /*! \file */
 
@@ -157,6 +157,9 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
 isc_result_t
 ns_log_setsafechannels(isc_logconfig_t *lcfg) {
 	isc_result_t result;
+#if ISC_FACILITY != LOG_DAEMON
+	isc_logdestination_t destination;
+#endif
 
 	if (! ns_g_logstderr) {
 		result = isc_log_createchannel(lcfg, "default_debug",
@@ -175,6 +178,15 @@ ns_log_setsafechannels(isc_logconfig_t *lcfg) {
 		isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
 	}
 
+#if ISC_FACILITY != LOG_DAEMON
+	destination.facility = ISC_FACILITY;
+	result = isc_log_createchannel(lcfg, "default_syslog",
+				       ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
+				       &destination, 0);
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
+#endif
+
 	result = ISC_R_SUCCESS;
 
  cleanup:
diff --git a/doc/private/branches b/doc/private/branches
index 19f6380fad..94c74fbddd 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -33,7 +33,7 @@ rt13606				open	marka	// TSIG SHA256
 rt13662				new	
 rt13694				new	
 rt13707				new	
-rt13714				new	
+rt13714				13714	
 rt13753				new	
 rt13754				new	
 rt13771				new	

From bb99a72b219ad4f1daa80c636883ab485174c9a6 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 20 May 2005 01:37:03 +0000
Subject: [PATCH 066/148] 1838.   [cleanup]       Don't allow Linux
 capabilities to be inherited.                         [RT #13707]

---
 CHANGES              | 3 ++-
 bin/named/unix/os.c  | 4 ++--
 doc/private/branches | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index ea4c1e16a6..b636576dc0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -71,7 +71,8 @@
 
 1839.	[bug]		 was not being installed.
 
-1838.	[placeholder]	rt13707
+1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
+			[RT #13707]
 
 1837.	[bug]		Compile time option ISC_FACILITY was not effective
 			for 'named -u '.  [RT #13714]
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index e453c7b488..43907bf1ef 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.74 2005/04/27 04:56:02 sra Exp $ */
+/* $Id: os.c,v 1.75 2005/05/20 01:37:03 marka Exp $ */
 
 /*! \file */
 
@@ -164,7 +164,7 @@ linux_setcaps(unsigned int caps) {
 	memset(&cap, 0, sizeof(cap));
 	cap.effective = caps;
 	cap.permitted = caps;
-	cap.inheritable = caps;
+	cap.inheritable = 0;
 	if (syscall(SYS_capset, &caphead, &cap) < 0) {
 		isc__strerror(errno, strbuf, sizeof(strbuf));
 		ns_main_earlyfatal("capset failed: %s:"
diff --git a/doc/private/branches b/doc/private/branches
index 94c74fbddd..092178d01b 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -32,8 +32,8 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				new	
 rt13694				new	
-rt13707				new	
-rt13714				13714	
+rt13707				closed	
+rt13714				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new	

From efa92b575ef314239ed2c570ee37f24adb672320 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 20 May 2005 23:26:11 +0000
Subject: [PATCH 067/148] auto update

---
 doc/private/branches | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 092178d01b..3f129b52d3 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -32,8 +32,6 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				new	
 rt13694				new	
-rt13707				closed	
-rt13714				closed	
 rt13753				new	
 rt13754				new	
 rt13771				new	
@@ -44,6 +42,8 @@ rt14695				new
 rt1471				new	
 rt14775				new	
 rt14801				new	
+rt14814				new	
+rt14815				new	
 rt1572a				new	
 rt288				new	
 rt3469				new	
@@ -324,6 +324,8 @@ rt13605				closed
 rt13609				closed
 rt13620				closed
 rt13659				closed
+rt13707				closed
+rt13714				closed
 rt13745				closed
 rt3445				closed
 rt3502				closed

From e123ebc1aab239eb40f1833bef3cc10d23095b0e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 24 May 2005 04:30:10 +0000
Subject: [PATCH 068/148] integrity check cleanup

---
 bin/tests/system/cacheclean/ns1/named.conf | 3 ++-
 bin/tests/system/checknames/ns1/named.conf | 3 ++-
 bin/tests/system/glue/ns1/named.conf       | 3 ++-
 bin/tests/system/xfer/ns2/named.conf       | 3 ++-
 lib/dns/zone.c                             | 4 ++--
 5 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/bin/tests/system/cacheclean/ns1/named.conf b/bin/tests/system/cacheclean/ns1/named.conf
index 57637708a5..fa0a03b197 100644
--- a/bin/tests/system/cacheclean/ns1/named.conf
+++ b/bin/tests/system/cacheclean/ns1/named.conf
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.4 2004/03/05 04:59:20 marka Exp $ */
+/* $Id: named.conf,v 1.5 2005/05/24 04:30:08 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -29,6 +29,7 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	notify yes;
+	integrity-check no;
 };
 
 zone "." {
diff --git a/bin/tests/system/checknames/ns1/named.conf b/bin/tests/system/checknames/ns1/named.conf
index c6e64070c0..6c46b4bc14 100644
--- a/bin/tests/system/checknames/ns1/named.conf
+++ b/bin/tests/system/checknames/ns1/named.conf
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.4 2004/03/05 04:59:38 marka Exp $ */
+/* $Id: named.conf,v 1.5 2005/05/24 04:30:09 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -28,6 +28,7 @@ options {
         listen-on-v6 { none; };
         recursion no;
         notify yes;
+	integrity-check no;
 };
 
 zone "." {
diff --git a/bin/tests/system/glue/ns1/named.conf b/bin/tests/system/glue/ns1/named.conf
index dab176c7f0..fbf922c477 100644
--- a/bin/tests/system/glue/ns1/named.conf
+++ b/bin/tests/system/glue/ns1/named.conf
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.10 2004/03/05 05:00:58 marka Exp $ */
+/* $Id: named.conf,v 1.11 2005/05/24 04:30:09 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -30,6 +30,7 @@ options {
 	recursion no;
 	notify no;
 	cache-file "cache";
+	integrity-check no;
 };
 
 zone "." {
diff --git a/bin/tests/system/xfer/ns2/named.conf b/bin/tests/system/xfer/ns2/named.conf
index 3d3ad3ed37..816f5324d1 100644
--- a/bin/tests/system/xfer/ns2/named.conf
+++ b/bin/tests/system/xfer/ns2/named.conf
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.18 2004/03/05 05:03:59 marka Exp $ */
+/* $Id: named.conf,v 1.19 2005/05/24 04:30:09 marka Exp $ */
 
 controls { /* empty */ };
 
@@ -30,6 +30,7 @@ options {
 	recursion no;
 	notify yes;
 	ixfr-from-differences yes;
+	integrity-check no;
 };
 
 include "../../common/controls.conf";
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 41aa8bbdb2..505eedc1e8 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.434 2005/05/19 04:59:03 marka Exp $ */
+/* $Id: zone.c,v 1.435 2005/05/24 04:30:10 marka Exp $ */
 
 /*! \file */
 
@@ -1617,7 +1617,7 @@ integrity_checks(dns_zone_t *zone, dns_db_t *db) {
 		/*
 		 * Remember bottom of zone.
 		 */
-		dns_name_dup(name, NULL, bottom);
+		dns_name_copy(name, bottom, NULL);
 
 		result = dns_rdataset_first(&rdataset);
 		while (result == ISC_R_SUCCESS) {

From 05331ce161276d879711342fadbc6144af7f5ba6 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 27 May 2005 00:49:19 +0000
Subject: [PATCH 069/148] 1863.   [bug]           rrset-order fixed error
 messages not complete.

---
 CHANGES           | 2 ++
 lib/bind9/check.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index b636576dc0..42fcdafd32 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1863.	[bug]		rrset-order "fixed" error messages not complete.
+
 1862.	[func]		Add additional zone data constancy checks.
 			named-checkzone has extended checking of NS, MX and 
 			SRV record and the hosts they reference.
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index af63de774f..60372c20f8 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.58 2005/05/19 04:59:02 marka Exp $ */
+/* $Id: check.c,v 1.59 2005/05/27 00:49:19 marka Exp $ */
 
 /*! \file */
 
@@ -123,7 +123,7 @@ check_orderent(cfg_obj_t *ent, isc_log_t *logctx) {
 		result = ISC_R_FAILURE;
 	} else if (strcasecmp(cfg_obj_asstring(obj), "fixed") == 0) {
 		cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
-			    "rrset-order: order 'fixed' not implemented");
+			    "rrset-order: order 'fixed' not fully implemented");
 	} else if (/* strcasecmp(cfg_obj_asstring(obj), "fixed") != 0 && */
 		   strcasecmp(cfg_obj_asstring(obj), "random") != 0 &&
 		   strcasecmp(cfg_obj_asstring(obj), "cyclic") != 0) {

From 83a810eba60ae87341a2d177ff60d834e26d7a90 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 27 May 2005 23:35:42 +0000
Subject: [PATCH 070/148] newcopyrights

---
 util/copyrights | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index e248ababd5..e2a04023cc 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -417,7 +417,7 @@
 ./bin/tests/system/cacheclean/knowngood.dig.out	X	2001
 ./bin/tests/system/cacheclean/ns1/.cvsignore	X	2001
 ./bin/tests/system/cacheclean/ns1/example.db	ZONE	2001,2004
-./bin/tests/system/cacheclean/ns1/named.conf	CONF-C	2001,2004
+./bin/tests/system/cacheclean/ns1/named.conf	CONF-C	2001,2004,2005
 ./bin/tests/system/cacheclean/ns2/.cvsignore	X	2001
 ./bin/tests/system/cacheclean/ns2/named.conf	CONF-C	2001,2004
 ./bin/tests/system/cacheclean/tests.sh		SH	2001,2004
@@ -426,7 +426,7 @@
 ./bin/tests/system/checknames/ns1/fail.update.db.in	ZONE	2004
 ./bin/tests/system/checknames/ns1/ignore.example.db.in	ZONE	2004
 ./bin/tests/system/checknames/ns1/ignore.update.db.in	ZONE	2004
-./bin/tests/system/checknames/ns1/named.conf	CONF-C	2004
+./bin/tests/system/checknames/ns1/named.conf	CONF-C	2004,2005
 ./bin/tests/system/checknames/ns1/root.db	ZONE	2004
 ./bin/tests/system/checknames/ns1/warn.example.db.in	ZONE	2004
 ./bin/tests/system/checknames/ns1/warn.update.db.in	ZONE	2004
@@ -530,7 +530,7 @@
 ./bin/tests/system/glue/ns1/.cvsignore		X	2000,2001
 ./bin/tests/system/glue/ns1/cache.in		ZONE	2000,2001,2004
 ./bin/tests/system/glue/ns1/mil.db		ZONE	2000,2001,2004
-./bin/tests/system/glue/ns1/named.conf		CONF-C	2000,2001,2004
+./bin/tests/system/glue/ns1/named.conf		CONF-C	2000,2001,2004,2005
 ./bin/tests/system/glue/ns1/net.db		ZONE	2000,2001,2004
 ./bin/tests/system/glue/ns1/root-servers.nil.db	ZONE	2000,2001,2004
 ./bin/tests/system/glue/ns1/root.db		ZONE	2000,2001,2004
@@ -750,7 +750,7 @@
 ./bin/tests/system/xfer/ns1/named.conf		CONF-C	2000,2001,2004
 ./bin/tests/system/xfer/ns1/root.db		ZONE	2000,2001,2004
 ./bin/tests/system/xfer/ns2/.cvsignore		X	2000,2001
-./bin/tests/system/xfer/ns2/named.conf		CONF-C	2000,2001,2004
+./bin/tests/system/xfer/ns2/named.conf		CONF-C	2000,2001,2004,2005
 ./bin/tests/system/xfer/ns3/.cvsignore		X	2000,2001
 ./bin/tests/system/xfer/ns3/named.conf		CONF-C	2000,2001,2004
 ./bin/tests/system/xfer/setup.sh		SH	2001,2002,2004

From 0c545eb705070f6a020215e76c1fe397f5323263 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 30 May 2005 02:00:39 +0000
Subject: [PATCH 071/148] update copyright notice

---
 bin/tests/system/cacheclean/ns1/named.conf | 4 ++--
 bin/tests/system/checknames/ns1/named.conf | 4 ++--
 bin/tests/system/glue/ns1/named.conf       | 4 ++--
 bin/tests/system/xfer/ns2/named.conf       | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/bin/tests/system/cacheclean/ns1/named.conf b/bin/tests/system/cacheclean/ns1/named.conf
index fa0a03b197..3d46e2493e 100644
--- a/bin/tests/system/cacheclean/ns1/named.conf
+++ b/bin/tests/system/cacheclean/ns1/named.conf
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.5 2005/05/24 04:30:08 marka Exp $ */
+/* $Id: named.conf,v 1.6 2005/05/30 02:00:38 marka Exp $ */
 
 controls { /* empty */ };
 
diff --git a/bin/tests/system/checknames/ns1/named.conf b/bin/tests/system/checknames/ns1/named.conf
index 6c46b4bc14..284c7b6d3f 100644
--- a/bin/tests/system/checknames/ns1/named.conf
+++ b/bin/tests/system/checknames/ns1/named.conf
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.5 2005/05/24 04:30:09 marka Exp $ */
+/* $Id: named.conf,v 1.6 2005/05/30 02:00:39 marka Exp $ */
 
 controls { /* empty */ };
 
diff --git a/bin/tests/system/glue/ns1/named.conf b/bin/tests/system/glue/ns1/named.conf
index fbf922c477..0f49dc3eb4 100644
--- a/bin/tests/system/glue/ns1/named.conf
+++ b/bin/tests/system/glue/ns1/named.conf
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.11 2005/05/24 04:30:09 marka Exp $ */
+/* $Id: named.conf,v 1.12 2005/05/30 02:00:39 marka Exp $ */
 
 controls { /* empty */ };
 
diff --git a/bin/tests/system/xfer/ns2/named.conf b/bin/tests/system/xfer/ns2/named.conf
index 816f5324d1..7e523791f0 100644
--- a/bin/tests/system/xfer/ns2/named.conf
+++ b/bin/tests/system/xfer/ns2/named.conf
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.19 2005/05/24 04:30:09 marka Exp $ */
+/* $Id: named.conf,v 1.20 2005/05/30 02:00:39 marka Exp $ */
 
 controls { /* empty */ };
 

From cd5f6549b33bf2481538b77934d69313f452ff4b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 31 May 2005 02:25:58 +0000
Subject: [PATCH 072/148] placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 42fcdafd32..8465ae160b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1864.	[placeholder]	rt14802
+
 1863.	[bug]		rrset-order "fixed" error messages not complete.
 
 1862.	[func]		Add additional zone data constancy checks.

From 0599176c73ddd4edf44a5d11351bfa9179ea8369 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 31 May 2005 03:06:59 +0000
Subject: [PATCH 073/148] update

---
 doc/private/branches | 84 ++++++++++++++++++++++----------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 3f129b52d3..4b9e032a24 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -30,48 +30,48 @@ rt13555				open	marka
 rt13562				open	marka
 rt13587				review	
 rt13606				open	marka	// TSIG SHA256
-rt13662				new	
-rt13694				new	
-rt13753				new	
-rt13754				new	
-rt13771				new	
-rt14616				new	
-rt14673				new	
-rt14686				new	
-rt14695				new	
-rt1471				new	
-rt14775				new	
-rt14801				new	
-rt14814				new	
-rt14815				new	
-rt1572a				new	
-rt288				new	
-rt3469				new	
-rt3517				new	
-rt3746_lidl			new	
-rt4389				new	
-rt4404				new	
-rt4441				new	
-rt4706				new	
-rt4940				new	
-rt5066a				new	
-rt5182				new	
-rt5192				new	
-rt5204				new	
-rt5206_1			new	
-rt5228				new	
-rt5299				open	marka
-rt5318				new	
-rt5397				new	
-rt5456				review	explorer
-rt5528				new	
-rt5577				new	
-rt5586				new	
-rt5599				new	
-rt5746a				new	
-rt5764				new	
-rt6189				new	
-rt6206				new	
+rt13662				open	marka	// rrset-order fixed
+rt13694				closed
+rt13753				review	
+rt13754				closed	
+rt13771				review	
+rt14616				review	
+rt14673				review	
+rt14686				closed	
+rt14695				review	
+rt1471				closed	
+rt14775				review	
+rt14801				review	
+rt14814				review	
+rt14815				open	marka	
+rt1572a				closed		// bad rt#
+rt288				closed	
+rt3469				closed	
+rt3517				closed	
+rt3746_lidl			closed	
+rt4389				closed	
+rt4404				closed	
+rt4441				closed	
+rt4706				closed	
+rt4940				closed	
+rt5066a				closed	
+rt5182				closed	
+rt5192				closed	
+rt5204				closed	
+rt5206_1			open	marka	
+rt5228				closed	
+rt5299				closed	marka
+rt5318				closed	
+rt5397				closed	
+rt5456				closed	explorer
+rt5528				closed	
+rt5577				closed	
+rt5586				closed	
+rt5599				closed	
+rt5746a				closed		// rt3746
+rt5764				closed	
+rt6189				closed	
+rt6206				closed	
 rt6225				new	
 rt6229				new	
 rt6427				new	

From be57f3a85198e1b77270f5fa5937c70d748c6462 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 31 May 2005 04:19:10 +0000
Subject: [PATCH 074/148] update

---
 doc/private/branches | 60 ++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 4b9e032a24..ed21e33bb6 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -72,35 +72,35 @@ rt5746a				closed		// rt3746
 rt5764				closed	
 rt6189				closed	
 rt6206				closed	
-rt6225				new	
-rt6229				new	
-rt6427				new	
-rt6432				new	
-rt6496				new	
-rt6496a				new	
-rt6539				review	???
-rt6636				new	
-rt6813				new	
-rt7391				new	
-rt8138				new	
-rt8358				new	
-rt8373				new	
-rt8534				new	
-rt8934				new	
-rt9091				new	
-rt9099				new	
-rt9099x				new	
-rt9164				new	
-rt9189				new	
-rt9239				new	
-rt9239_base			new	
-rt9319				new	
-rt9341				new	
-rt9442				new	
-rt9475				new	
-rt9479				new	
-rt9479_v9_2			new	
-rt9976				review	jakob
+rt6225				closed	
+rt6229				closed	
+rt6427				closed	
+rt6432				open	marka	
+rt6496				closed	
+rt6496a				open	marka	
+rt6539				closed
+rt6636				closed	
+rt6813				closed	
+rt7391				closed	
+rt8138				closed	
+rt8358				closed	
+rt8373				closed	
+rt8534				closed	
+rt8934				closed	
+rt9091				closed	
+rt9099				closed	
+rt9099x				closed	
+rt9164				closed	
+rt9189				closed	
+rt9239				closed	
+rt9239_base			closed
+rt9319				closed	
+rt9341				closed	
+rt9442				closed	
+rt9475				closed	
+rt9479				closed	
+rt9479_v9_2			closed	
+rt9976				closed
 skan				new	
 skan-metazones1			new	
 skan_implicit_update1		new	
@@ -121,7 +121,7 @@ v9_3				active
 v9_3_0base			new	
 v9_3_0beta2_dlv			new	
 v9_4				active	
-ws20030312			new	
+ws20030312			closed	
 
 
 a6_remove			closed

From c4d84a7af387bc395c7be29fcc38a67d1e8a78db Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 31 May 2005 04:28:55 +0000
Subject: [PATCH 075/148] auto update

---
 doc/private/branches | 127 ++++++++++++++++++++++---------------------
 1 file changed, 64 insertions(+), 63 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index ed21e33bb6..99951319ec 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -31,76 +31,19 @@ rt13562				open	marka
 rt13587				review	
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
-rt13694				closed
 rt13753				review	
-rt13754				closed	
 rt13771				review	
 rt14616				review	
 rt14673				review	
-rt14686				closed	
 rt14695				review	
-rt1471				closed	
 rt14775				review	
 rt14801				review	
+rt14802				new	
 rt14814				review	
-rt14815				open	marka	
-rt1572a				closed		// bad rt#
-rt288				closed	
-rt3469				closed	
-rt3517				closed	
-rt3746_lidl			closed	
-rt4389				closed	
-rt4404				closed	
-rt4441				closed	
-rt4706				closed	
-rt4940				closed	
-rt5066a				closed	
-rt5182				closed	
-rt5192				closed	
-rt5204				closed	
-rt5206_1			open	marka	
-rt5228				closed	
-rt5299				closed	marka
-rt5318				closed	
-rt5397				closed	
-rt5456				closed	explorer
-rt5528				closed	
-rt5577				closed	
-rt5586				closed	
-rt5599				closed	
-rt5746a				closed		// rt3746
-rt5764				closed	
-rt6189				closed	
-rt6206				closed	
-rt6225				closed	
-rt6229				closed	
-rt6427				closed	
-rt6432				open	marka	
-rt6496				closed	
-rt6496a				open	marka	
-rt6539				closed
-rt6636				closed	
-rt6813				closed	
-rt7391				closed	
-rt8138				closed	
-rt8358				closed	
-rt8373				closed	
-rt8534				closed	
-rt8934				closed	
-rt9091				closed	
-rt9099				closed	
-rt9099x				closed	
-rt9164				closed	
-rt9189				closed	
-rt9239				closed	
-rt9239_base			closed
-rt9319				closed	
-rt9341				closed	
-rt9442				closed	
-rt9475				closed	
-rt9479				closed	
-rt9479_v9_2			closed	
-rt9976				closed
+rt14815				open	marka
+rt5206_1			open	marka
+rt6432				open	marka
+rt6496a				open	marka
 skan				new	
 skan-metazones1			new	
 skan_implicit_update1		new	
@@ -121,7 +64,6 @@ v9_3				active
 v9_3_0base			new	
 v9_3_0beta2_dlv			new	
 v9_4				active	
-ws20030312			closed	
 
 
 a6_remove			closed
@@ -324,12 +266,20 @@ rt13605				closed
 rt13609				closed
 rt13620				closed
 rt13659				closed
+rt13694				closed
 rt13707				closed
 rt13714				closed
 rt13745				closed
+rt13754				closed
+rt14686				closed
+rt1471				closed
+rt1572a				closed		// bad rt#
+rt288				closed
 rt3445				closed
+rt3469				closed
 rt3502				closed
 rt3507				closed		// pull down by explorer
+rt3517				closed
 rt3536				closed		// ixfr
 rt3588				closed
 rt3598				closed
@@ -337,6 +287,7 @@ rt3625				closed
 rt3653				closed
 rt3666				closed
 rt3746				closed
+rt3746_lidl			closed
 rt3892				closed
 rt3907				closed
 rt4090				closed
@@ -344,30 +295,79 @@ rt4112				closed
 rt4268				closed
 rt4319				closed
 rt4347				closed
+rt4389				closed
 rt4398				closed
+rt4404				closed
 rt4425				closed
+rt4441				closed
 rt4463				closed
 rt4663				closed
 rt4675				closed
 rt4687				closed
+rt4706				closed
 rt4715				closed
 rt4764				closed
 rt4796				closed
 rt4802				closed
 rt4898				closed
+rt4940				closed
 rt5033				closed
 rt5041				closed
 rt5042				closed
 rt5044				closed
 rt5066				closed
+rt5066a				closed
 rt5084				closed
 rt5099				closed
 rt5124				closed
 rt5127				closed
+rt5182				closed
+rt5192				closed
+rt5204				closed
+rt5228				closed
+rt5299				closed
+rt5318				closed
+rt5397				closed
+rt5456				closed
+rt5528				closed
+rt5577				closed
+rt5586				closed
+rt5599				closed
+rt5746a				closed		// rt3746
+rt5764				closed
+rt6189				closed
+rt6206				closed
+rt6225				closed
+rt6229				closed
+rt6427				closed
+rt6496				closed
+rt6539				closed
+rt6636				closed
+rt6813				closed
+rt7391				closed
 rt7572				closed
+rt8138				closed
+rt8358				closed
+rt8373				closed
+rt8534				closed
 rt8753				closed		// support IPv6-scoped addr in dig
+rt8934				closed
+rt9091				closed
+rt9099				closed
+rt9099x				closed
+rt9164				closed
+rt9189				closed
+rt9239				closed
+rt9239_base			closed
+rt9319				closed
+rt9341				closed
+rt9442				closed
+rt9475				closed
+rt9479				closed
+rt9479_v9_2			closed
 rt9940				closed
 rt9941				closed
+rt9976				closed
 rt9979				closed
 rt9989				closed
 rt9997				closed
@@ -381,5 +381,6 @@ v9_0				closed
 v9_1_3_delegation_only		closed
 ws20030120			closed		// workshop branch
 ws20030120_tcr			closed		// workshop branch
+ws20030312			closed
 ws20030312_optin		closed		// workshop branch
 ws20030312_tcr			closed		// workshop branch

From fafd53abdab07e3d0db6fa6ab946eb85501dc498 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 1 Jun 2005 01:56:49 +0000
Subject: [PATCH 076/148] style

---
 bin/dig/dighost.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 9631ddd976..93b3c20870 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.275 2005/04/27 04:55:44 sra Exp $ */
+/* $Id: dighost.c,v 1.276 2005/06/01 01:56:49 marka Exp $ */
 
 /*! \file
  *  \note
@@ -2937,7 +2937,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 				printmessage(query, msg, ISC_TRUE);
 		} 
 #ifdef DIG_SIGCHASE
-		if ( do_sigchase) {	     
+		if (do_sigchase) {	     
 			chase_msg = isc_mem_allocate(mctx,
 						     sizeof(dig_message_t));
 			if (chase_msg == NULL) {

From 5c08d19fb17f0684e6424b94910cef61cec7592f Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 1 Jun 2005 05:07:01 +0000
Subject: [PATCH 077/148] placeholder

---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 8465ae160b..0544f6b23a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+1866.	[placeholder]	rt14841
+
+1865.	[placeholder]	rt14841
+
 1864.	[placeholder]	rt14802
 
 1863.	[bug]		rrset-order "fixed" error messages not complete.

From fb80d07564f351666a18842929f3f133825c09cb Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 1 Jun 2005 23:24:50 +0000
Subject: [PATCH 078/148] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 99951319ec..c957c6f4ac 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -41,6 +41,8 @@ rt14801				review
 rt14802				new	
 rt14814				review	
 rt14815				open	marka
+rt14841				new	
+rt14846				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From a5768d889b4e139e78f2b1d9433f3e9f8d225ff4 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 2 Jun 2005 01:53:38 +0000
Subject: [PATCH 079/148] placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 0544f6b23a..1ed1107683 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1867.	[placeholder]	rt14846
+
 1866.	[placeholder]	rt14841
 
 1865.	[placeholder]	rt14841

From cb6fe566ff051ade7b99f5ca9fca897193d1bd4f Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 2 Jun 2005 02:11:14 +0000
Subject: [PATCH 080/148] 4074:   Common Misbehavior Against DNS Queries for
 IPv6 Addresses

---
 doc/rfc/index       |   1 +
 doc/rfc/rfc4074.txt | 339 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 340 insertions(+)
 create mode 100644 doc/rfc/rfc4074.txt

diff --git a/doc/rfc/index b/doc/rfc/index
index 1c6244ba54..ad1b9a29fb 100644
--- a/doc/rfc/index
+++ b/doc/rfc/index
@@ -98,3 +98,4 @@
 4033:	DNS Security Introduction and Requirements
 4034:	Resource Records for the DNS Security Extensions
 4035:	Protocol Modifications for the DNS Security Extensions
+4074:	Common Misbehavior Against DNS Queries for IPv6 Addresses
diff --git a/doc/rfc/rfc4074.txt b/doc/rfc/rfc4074.txt
new file mode 100644
index 0000000000..d9252b39eb
--- /dev/null
+++ b/doc/rfc/rfc4074.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Network Working Group                                       Y. Morishita
+Request for Comments: 4074                                          JPRS
+Category: Informational                                        T. Jinmei
+                                                                 Toshiba
+                                                                May 2005
+
+
+       Common Misbehavior Against DNS Queries for IPv6 Addresses
+
+Status of This Memo
+
+   This memo provides information for the Internet community.  It does
+   not specify an Internet standard of any kind.  Distribution of this
+   memo is unlimited.
+
+Copyright Notice
+
+   Copyright (C) The Internet Society (2005).
+
+Abstract
+
+   There is some known misbehavior of DNS authoritative servers when
+   they are queried for AAAA resource records.  Such behavior can block
+   IPv4 communication that should actually be available, cause a
+   significant delay in name resolution, or even make a denial of
+   service attack.  This memo describes details of known cases and
+   discusses their effects.
+
+1.  Introduction
+
+   Many existing DNS clients (resolvers) that support IPv6 first search
+   for AAAA Resource Records (RRs) of a target host name, and then for A
+   RRs of the same name.  This fallback mechanism is based on the DNS
+   specifications, which if not obeyed by authoritative servers, can
+   produce unpleasant results.  In some cases, for example, a web
+   browser fails to connect to a web server it could otherwise reach.
+   In the following sections, this memo describes some typical cases of
+   such misbehavior and its (bad) effects.
+
+   Note that the misbehavior is not specific to AAAA RRs.  In fact, all
+   known examples also apply to the cases of queries for MX, NS, and SOA
+   RRs.  The authors believe this can be generalized for all types of
+   queries other than those for A RRs.  In this memo, however, we
+   concentrate on the case for AAAA queries, since the problem is
+   particularly severe for resolvers that support IPv6, which thus
+   affects many end users.  Resolvers at end users normally send A
+   and/or AAAA queries only, so the problem for the other cases is
+   relatively minor.
+
+
+
+Morishita & Jinmei           Informational                      [Page 1]
+
+RFC 4074         Common Misbehavior Against DNS Queries         May 2005
+
+
+2.  Network Model
+
+   In this memo, we assume a typical network model of name resolution
+   environment using DNS.  It consists of three components: stub
+   resolvers, caching servers, and authoritative servers.  A stub
+   resolver issues a recursive query to a caching server, which then
+   handles the entire name resolution procedure recursively.  The
+   caching server caches the result of the query and sends the result to
+   the stub resolver.  The authoritative servers respond to queries for
+   names for which they have the authority, normally in a non-recursive
+   manner.
+
+3.  Expected Behavior
+
+   Suppose that an authoritative server has an A RR but has no AAAA RR
+   for a host name.  Then, the server should return a response to a
+   query for an AAAA RR of the name with the response code (RCODE) being
+   0 (indicating no error) and with an empty answer section (see
+   Sections 4.3.2 and 6.2.4 of [1]).  Such a response indicates that
+   there is at least one RR of a different type than AAAA for the
+   queried name, and the stub resolver can then look for A RRs.
+
+   This way, the caching server can cache the fact that the queried name
+   has no AAAA RR (but may have other types of RRs), and thus improve
+   the response time to further queries for an AAAA RR of the name.
+
+4.  Problematic Behaviors
+
+   There are some known cases at authoritative servers that do not
+   conform to the expected behavior.  This section describes those
+   problematic cases.
+
+4.1.  Ignore Queries for AAAA
+
+   Some authoritative servers seem to ignore queries for an AAAA RR,
+   causing a delay at the stub resolver to fall back to a query for an A
+   RR.  This behavior may cause a fatal timeout at the resolver or at
+   the application that calls the resolver.  Even if the resolver
+   eventually falls back, the result can be an unacceptable delay for
+   the application user, especially with interactive applications like
+   web browsing.
+
+4.2.  Return "Name Error"
+
+   This type of server returns a response with RCODE 3 ("Name Error") to
+   a query for an AAAA RR, indicating that it does not have any RRs of
+   any type for the queried name.
+
+
+
+
+Morishita & Jinmei           Informational                      [Page 2]
+
+RFC 4074         Common Misbehavior Against DNS Queries         May 2005
+
+
+   With this response, the stub resolver may immediately give up and
+   never fall back.  Even if the resolver retries with a query for an A
+   RR, the negative response for the name has been cached in the caching
+   server, and the caching server will simply return the negative
+   response.  As a result, the stub resolver considers this to be a
+   fatal error in name resolution.
+
+   Several examples of this behavior are known to the authors.  As of
+   this writing, all have been fixed.
+
+4.3.  Return Other Erroneous Codes
+
+   Other authoritative servers return a response with erroneous response
+   codes other than RCODE 3 ("Name Error").  One such RCODE is 4 ("Not
+   Implemented"), indicating that the servers do not support the
+   requested type of query.
+
+   These cases are less harmful than the previous one; if the stub
+   resolver falls back to querying for an A RR, the caching server will
+   process the query correctly and return an appropriate response.
+
+   However, these can still cause a serious effect.  There was an
+   authoritative server implementation that returned RCODE 2 ("Server
+   failure") to queries for AAAA RRs.  One widely deployed mail server
+   implementation with a certain type of resolver library interpreted
+   this result as an indication of retry and did not fall back to
+   queries for A RRs, causing message delivery failure.
+
+   If the caching server receives a response with these response codes,
+   it does not cache the fact that the queried name has no AAAA RR,
+   resulting in redundant queries for AAAA RRs in the future.  The
+   behavior will waste network bandwidth and increase the load of the
+   authoritative server.
+
+   Using RCODE 1 ("Format error") would cause a similar effect, though
+   the authors have not seen such implementations yet.
+
+4.4.  Return a Broken Response
+
+   Another type of authoritative servers returns broken responses to
+   AAAA queries.  Returning a response whose RR type is AAAA with the
+   length of the RDATA being 4 bytes is a known behavior of this
+   category.  The 4-byte data looks like the IPv4 address of the queried
+   host name.
+
+
+
+
+
+
+
+Morishita & Jinmei           Informational                      [Page 3]
+
+RFC 4074         Common Misbehavior Against DNS Queries         May 2005
+
+
+   That is, the RR in the answer section would be described as follows:
+
+     www.bad.example. 600 IN AAAA 192.0.2.1
+
+   which is, of course, bogus (or at least meaningless).
+
+   A widely deployed caching server implementation transparently returns
+   the broken response (and caches it) to the stub resolver.  Another
+   known server implementation parses the response by itself, and sends
+   a separate response with RCODE 2 ("Server failure").
+
+   In either case, the broken response does not affect queries for an A
+   RR of the same name.  If the stub resolver falls back to A queries,
+   it will get an appropriate response.
+
+   The latter case, however, causes the same bad effect as that
+   described in the previous section: redundant queries for AAAA RRs.
+
+4.5.  Make Lame Delegation
+
+   Some authoritative servers respond to AAAA queries in a way that
+   causes lame delegation.  In this case, the parent zone specifies that
+   the authoritative server should have the authority of a zone, but the
+   server should not return an authoritative response for AAAA queries
+   within the zone (i.e., the AA bit in the response is not set).  On
+   the other hand, the authoritative server returns an authoritative
+   response for A queries.
+
+   When a caching server asks the server for AAAA RRs in the zone, it
+   recognizes the delegation is lame, and returns a response with RCODE
+   2 ("Server failure") to the stub resolver.
+
+   Furthermore, some caching servers record the authoritative server as
+   lame for the zone and will not use it for a certain period of time.
+   With this type of caching server, even if the stub resolver falls
+   back to querying for an A RR, the caching server will simply return a
+   response with RCODE 2, since all the servers are known to be "lame."
+
+   There is also an implementation that relaxes the behavior a little
+   bit.  It tries to avoid using the lame server, but continues to try
+   it as a last resort.  With this type of caching server, the stub
+   resolver will get a correct response if it falls back after Server
+   failure.  However, this still causes redundant AAAA queries, as
+   explained in the previous sections.
+
+
+
+
+
+
+
+Morishita & Jinmei           Informational                      [Page 4]
+
+RFC 4074         Common Misbehavior Against DNS Queries         May 2005
+
+
+5.  Security Considerations
+
+   The CERT/CC pointed out that the response with RCODE 3 ("Name
+   Error"), described in Section 4.2, can be used for a denial of
+   service attack [2].  The same argument applies to the case of "lame
+   delegation", described in Section 4.5, with a certain type of caching
+   server.
+
+6.  Acknowledgements
+
+   Erik Nordmark encouraged the authors to publish this document as an
+   RFC.  Akira Kato and Paul Vixie reviewed a preliminary version of
+   this document.  Pekka Savola carefully reviewed a previous version
+   and provided detailed comments.  Bill Fenner, Scott Hollenbeck,
+   Thomas Narten, and Alex Zinin reviewed and helped improve the
+   document at the last stage for publication.
+
+7.  Informative References
+
+   [1]  Mockapetris, P., "Domain names - concepts and facilities", STD
+        13, RFC 1034, November 1987.
+
+   [2]  The CERT Coordination Center, "Incorrect NXDOMAIN responses from
+        AAAA queries could cause denial-of-service conditions",
+        March 2003, .
+
+Authors' Addresses
+
+   MORISHITA Orange Yasuhiro
+   Research and Development Department, Japan Registry Services Co.,Ltd.
+   Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
+   Chiyoda-ku, Tokyo  101-0065
+   Japan
+
+   EMail: yasuhiro@jprs.co.jp
+
+
+   JINMEI Tatuya
+   Corporate Research & Development Center, Toshiba Corporation
+   1 Komukai Toshiba-cho, Saiwai-ku
+   Kawasaki-shi, Kanagawa  212-8582
+   Japan
+
+   EMail: jinmei@isl.rdc.toshiba.co.jp
+
+
+
+
+
+
+
+Morishita & Jinmei           Informational                      [Page 5]
+
+RFC 4074         Common Misbehavior Against DNS Queries         May 2005
+
+
+Full Copyright Statement
+
+   Copyright (C) The Internet Society (2005).
+
+   This document is subject to the rights, licenses and restrictions
+   contained in BCP 78, and except as set forth therein, the authors
+   retain all their rights.
+
+   This document and the information contained herein are provided on an
+   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+   The IETF takes no position regarding the validity or scope of any
+   Intellectual Property Rights or other rights that might be claimed to
+   pertain to the implementation or use of the technology described in
+   this document or the extent to which any license under such rights
+   might or might not be available; nor does it represent that it has
+   made any independent effort to identify any such rights.  Information
+   on the procedures with respect to rights in RFC documents can be
+   found in BCP 78 and BCP 79.
+
+   Copies of IPR disclosures made to the IETF Secretariat and any
+   assurances of licenses to be made available, or the result of an
+   attempt made to obtain a general license or permission for the use of
+   such proprietary rights by implementers or users of this
+   specification can be obtained from the IETF on-line IPR repository at
+   http://www.ietf.org/ipr.
+
+   The IETF invites any interested party to bring to its attention any
+   copyrights, patents or patent applications, or other proprietary
+   rights that may cover technology that may be required to implement
+   this standard.  Please address the information to the IETF at ietf-
+   ipr@ietf.org.
+
+Acknowledgement
+
+   Funding for the RFC Editor function is currently provided by the
+   Internet Society.
+
+
+
+
+
+
+
+Morishita & Jinmei           Informational                      [Page 6]
+

From 81bdad57bd2c0c4b9a0684fe6e222ba95da625ec Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 2 Jun 2005 03:19:10 +0000
Subject: [PATCH 081/148] placeholder

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 1ed1107683..d14efeb32b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1868.	[placeholder]	rt14851
+
 1867.	[placeholder]	rt14846
 
 1866.	[placeholder]	rt14841

From 33ea08b5a8b8a6245c0578279f787dfd842ecd26 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 2 Jun 2005 04:06:13 +0000
Subject: [PATCH 082/148] 4074:   Common Misbehavior Against DNS Queries for
 IPv6 Addresses

---
 ...ietf-dnsop-misbehavior-against-aaaa-02.txt | 451 ------------------
 1 file changed, 451 deletions(-)
 delete mode 100644 doc/draft/draft-ietf-dnsop-misbehavior-against-aaaa-02.txt

diff --git a/doc/draft/draft-ietf-dnsop-misbehavior-against-aaaa-02.txt b/doc/draft/draft-ietf-dnsop-misbehavior-against-aaaa-02.txt
deleted file mode 100644
index 9018f7b5af..0000000000
--- a/doc/draft/draft-ietf-dnsop-misbehavior-against-aaaa-02.txt
+++ /dev/null
@@ -1,451 +0,0 @@
-
-
-
-
-IETF DNSOP Working Group                                    Y. Morishita
-Internet-Draft                                                      JPRS
-Expires: April 23, 2005                                        T. Jinmei
-                                                                 Toshiba
-                                                        October 23, 2004
-
-
-       Common Misbehavior against DNS Queries for IPv6 Addresses
-            draft-ietf-dnsop-misbehavior-against-aaaa-02.txt
-
-Status of this Memo
-
-   This document is an Internet-Draft and is subject to all provisions
-   of section 3 of RFC 3667.  By submitting this Internet-Draft, each
-   author represents that any applicable patent or other IPR claims of
-   which he or she is aware have been or will be disclosed, and any of
-   which he or she become aware will be disclosed, in accordance with
-   RFC 3668.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as
-   Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt.
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   This Internet-Draft will expire on April 23, 2005.
-
-Copyright Notice
-
-   Copyright (C) The Internet Society (2004).
-
-Abstract
-
-   There is some known misbehavior of DNS authoritative servers when
-   they are queried for AAAA resource records.  Such behavior can block
-   IPv4 communication which should actually be available, cause a
-   significant delay in name resolution, or even make a denial of
-   service attack.  This memo describes details of the known cases and
-   discusses the effect of the cases.
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 1]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-1.  Introduction
-
-   Many existing DNS clients (resolvers) that support IPv6 first search
-   for AAAA Resource Records (RRs) of a target host name, and then for A
-   RRs of the same name.  This fallback mechanism is based on the DNS
-   specifications, which if not obeyed by authoritative servers can
-   produce unpleasant results.  In some cases, for example, a web
-   browser fails to connect to a web server it could otherwise reach.
-   In the following sections, this memo describes some typical cases of
-   such misbehavior and its (bad) effects.
-
-   Note that the misbehavior is not specific to AAAA RRs.  In fact, all
-   known examples also apply to the cases of queries for MX, NS, and SOA
-   RRs.  The authors even believe this can be generalized for all types
-   of queries other than those for A RRs.  In this memo, however, we
-   concentrate on the case for AAAA queries, since the problem is
-   particularly severe for resolvers that support IPv6, which thus
-   affects many end users.  Resolvers at end users normally send A
-   and/or AAAA queries only, and so the problem for the other cases is
-   relatively minor.
-
-2.  Network Model
-
-   In this memo, we assume a typical network model of name resolution
-   environment using DNS.  It consists of three components; stub
-   resolvers, caching servers, and authoritative servers.  A stub
-   resolver issues a recursive query to a caching server, which then
-   handles the entire name resolution procedure recursively.  The
-   caching server caches the result of the query as well as sends the
-   result to the stub resolver.  The authoritative servers respond to
-   queries for names for which they have the authority, normally in a
-   non-recursive manner.
-
-3.  Expected Behavior
-
-   Suppose that an authoritative server has an A RR but not a AAAA RR
-   for a host name.  Then the server should return a response to a query
-   for a AAAA RR of the name with the response code (RCODE) being 0
-   (indicating no error) and with an empty answer section (see Sections
-   4.3.2 and 6.2.4 of [1]).  Such a response indicates that there is at
-   least one RR of a different type than AAAA for the queried name, and
-   the stub resolver can then look for A RRs.
-
-   This way, the caching server can cache the fact that the queried name
-   does not have a AAAA RR (but may have other types of RRs), and thus
-   can improve the response time to further queries for a AAAA RR of the
-   name.
-
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 2]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-4.  Problematic Behaviors
-
-   There are some known cases at authoritative servers that do not
-   conform to the expected behavior.  This section describes those
-   problematic cases.
-
-4.1  Ignore Queries for AAAA
-
-   Some authoritative servers seem to ignore queries for a AAAA RR,
-   causing a delay at the stub resolver to fall back to a query for an A
-   RR.  This behavior may even cause a fatal timeout at the resolver or
-   at the application which calls the resolver.  Even if the resolver
-   eventually falls back, the result can be an unacceptable delay for
-   the application user, especially with interactive applications like
-   web browsing.
-
-
-4.2  Return "Name Error"
-
-   This type of server returns a response with the RCODE being 3 ("Name
-   Error") to a query for a AAAA RR, indicating it does not have any RRs
-   of any type for the queried name.
-
-   With this response, the stub resolver may immediately give up and
-   never fall back.  Even if the resolver retries with a query for an A
-   RR, the negative response for the name has been cached in the caching
-   server, and the caching server will simply return the negative
-   response.  As a result, the stub resolver considers this as a fatal
-   error in name resolution.
-
-   There have been several known examples of this behavior, but all the
-   examples that the authors know have fixed their behavior as of this
-   writing.
-
-4.3  Return Other Erroneous Codes
-
-   Other authoritative servers return a response with other erroneous
-   response codes than RCODE 3 ("Name Error").  One well-known such
-   RCODE is 4 ("Not Implemented"), indicating the servers do not support
-   the requested type of query.
-
-   These cases are less harmful than the previous one; if the stub
-   resolver falls back to querying for an A RR, the caching server will
-   process the query correctly and return an appropriate response.
-
-   However, these can still cause a serious effect.  There was an
-   authoritative server implementation that returned RCODE 2 ("Server
-   failure") to queries for AAAA RRs.  One widely deployed mail server
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 3]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-   implementation with a certain type of resolver library interpreted
-   this result as an indication of retry and did not fall back to
-   queries for A RRs, causing failure of message delivery.
-
-   If the caching server receives a response with these response codes,
-   it does not cache the fact that the queried name has no AAAA RR,
-   resulting in redundant queries for AAAA RRs in the future.  The
-   behavior will waste network bandwidth and increase the load of the
-   authoritative server.
-
-   Using RCODE 1 ("Format error") would cause a similar effect, though
-   the authors have not seen such implementations yet.
-
-4.4  Return a Broken Response
-
-   Another different type of authoritative servers returns broken
-   responses to AAAA queries.  A known behavior of this category is to
-   return a response whose RR type is AAAA, but the length of the RDATA
-   is 4 bytes.  The 4-byte data looks like the IPv4 address of the
-   queried host name.  That is, the RR in the answer section would be
-   described like this:
-
-     www.bad.example. 600 IN AAAA 192.0.2.1
-
-   which is, of course, bogus (or at least meaningless).
-
-   A widely deployed caching server implementation transparently returns
-   the broken response (as well as caches it) to the stub resolver.
-   Another known server implementation parses the response by
-   themselves, and sends a separate response with the RCODE being 2
-   ("Server failure").
-
-   In either case, the broken response does not affect queries for an A
-   RR of the same name.  If the stub resolver falls back to A queries,
-   it will get an appropriate response.
-
-   The latter case, however, causes the same bad effect as that
-   described in the previous section: redundant queries for AAAA RRs.
-
-4.5  Make Lame Delegation
-
-   Some authoritative servers respond to AAAA queries in a way causing
-   lame delegation.  In this case the parent zone specifies that the
-   authoritative server should have the authority of a zone, but the
-   server does not return an authoritative response for AAAA queries
-   within the zone (i.e., the AA bit in the response is not set).  On
-   the other hand, the authoritative server returns an authoritative
-   response for A queries.
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 4]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-   When a caching server asks the server for AAAA RRs in the zone, it
-   recognizes the delegation is lame, and returns a response with the
-   RCODE being 2 ("Server failure") to the stub resolver.
-
-   Furthermore, some caching servers record the authoritative server as
-   lame for the zone and will not use it for a certain period of time.
-   With this type of caching server, even if the stub resolver falls
-   back to querying for an A RR, the caching server will simply return a
-   response with the RCODE being 2, since all the servers are known to
-   be "lame."
-
-   There is also an implementation that relaxes the behavior a little
-   bit.  It basically tries to avoid using the lame server, but still
-   continues to try it as a last resort.  With this type of caching
-   server, the stub resolver will get a correct response if it falls
-   back after Sever failure.  However, this still causes redundant AAAA
-   queries as explained in the previous sections.
-
-5.  Security Considerations
-
-   The CERT/CC pointed out that the response with RCODE 3 ("Name Error")
-   described in Section 4.2 can be used for a denial of service attack
-   [2].  The same argument applies to the case of "lame delegation"
-   described in Section 4.5 with a certain type of caching server.
-
-6.  Acknowledgements
-
-   Erik Nordmark encouraged the authors to publish this document as an
-   Internet Draft.  Akira Kato and Paul Vixie reviewed a preliminary
-   version of this document.  Pekka Savola carefully reviewed a previous
-   version and provided detailed comments.  Bill Fenner, Scott
-   Hollenbeck, Thomas Narten, and Alex Zinin reviewed and helped improve
-   the document at the last stage for publication.
-
-7  Informative References
-
-   [1]  Mockapetris, P., "DOMAIN NAMES - CONCEPTS AND FACILITIES", RFC
-        1034, November 1987.
-
-   [2]  The CERT Coordination Center, "Incorrect NXDOMAIN responses from
-        AAAA queries could cause denial-of-service conditions", March
-        2003, .
-
-
-
-
-
-
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 5]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-Authors' Addresses
-
-   MORISHITA Orange Yasuhiro
-   Research and Development Department, Japan Registry Service Co.,Ltd.
-   Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
-   Chiyoda-ku, Tokyo  101-0065
-   Japan
-
-   EMail: yasuhiro@jprs.co.jp
-
-
-   JINMEI Tatuya
-   Corporate Research & Development Center, Toshiba Corporation
-   1 Komukai Toshiba-cho, Saiwai-ku
-   Kawasaki-shi, Kanagawa  212-8582
-   Japan
-
-   EMail: jinmei@isl.rdc.toshiba.co.jp
-
-Appendix A.  Change History
-
-   [NOTE TO RFC EDITOR:  PLEASE REMOVE THIS SECTION UPON PUBLICATION.]
-
-   Changes since draft-morishita-dnsop-misbehavior-against-aaaa-00 are:
-
-   o  Made a separate appendix and moved live examples to appendix so
-      that we can remove them when this document is (ever) officially
-      published.
-   o  Revised some live examples based on the recent status.
-   o  Noted in introduction that the misbehavior is not specific to AAAA
-      and that this document still concentrates on the AAAA case.
-   o  Changed the section title of "delegation loop" to "lame
-      delegation" in order to reflect the essential point of the issue.
-      Wording on this matter was updated accordingly.
-   o  Updated the Acknowledgements list.
-   o  Changed the reference category from normative to informative (this
-      is an informational document after all).
-   o  Changed the draft name to an IETF dnsop working group document (as
-      agreed).
-   o  Applied several editorial fixes.
-
-   Changes since draft-ietf-dnsop-misbehavior-against-aaaa-00 are:
-
-   o  Removed the appendix talking about live examples since these were
-      not appropriate for official publication.
-   o  Added a note to rfc editor asking to remove this section upon
-      publication.
-
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 6]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-   Changes since draft-ietf-dnsop-misbehavior-against-aaaa-01 are:
-
-   o  Used the standard keywords for describing RCODEs.
-   o  Provided more specific references for RFC1034.
-   o  Described an additional known issue regarding RCODE 2 ("Server
-      failure").  Also changed the section title accordingly.
-   o  Moved the "Ignore Queries" section to the first of Section 4,
-      since it looks the most widely seen misbehavior.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 7]
-
-Internet-Draft    Common Misbehavior against AAAA Queries   October 2004
-
-
-Intellectual Property Statement
-
-   The IETF takes no position regarding the validity or scope of any
-   Intellectual Property Rights or other rights that might be claimed to
-   pertain to the implementation or use of the technology described in
-   this document or the extent to which any license under such rights
-   might or might not be available; nor does it represent that it has
-   made any independent effort to identify any such rights.  Information
-   on the procedures with respect to rights in RFC documents can be
-   found in BCP 78 and BCP 79.
-
-   Copies of IPR disclosures made to the IETF Secretariat and any
-   assurances of licenses to be made available, or the result of an
-   attempt made to obtain a general license or permission for the use of
-   such proprietary rights by implementers or users of this
-   specification can be obtained from the IETF on-line IPR repository at
-   http://www.ietf.org/ipr.
-
-   The IETF invites any interested party to bring to its attention any
-   copyrights, patents or patent applications, or other proprietary
-   rights that may cover technology that may be required to implement
-   this standard.  Please address the information to the IETF at
-   ietf-ipr@ietf.org.
-
-
-Disclaimer of Validity
-
-   This document and the information contained herein are provided on an
-   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
-   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
-   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
-   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-Copyright Statement
-
-   Copyright (C) The Internet Society (2004).  This document is subject
-   to the rights, licenses and restrictions contained in BCP 78, and
-   except as set forth therein, the authors retain all their rights.
-
-
-Acknowledgment
-
-   Funding for the RFC Editor function is currently provided by the
-   Internet Society.
-
-
-
-
-Morishita & Jinmei       Expires April 23, 2005                 [Page 8]
-
-

From 34288ce01fa3655d15457023ed4f055ccb1e9645 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 2 Jun 2005 23:28:44 +0000
Subject: [PATCH 083/148] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index c957c6f4ac..db67ba78b9 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -43,6 +43,8 @@ rt14814				review
 rt14815				open	marka
 rt14841				new	
 rt14846				new	
+rt14851				new	
+rt14855				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From c793339fdb94c66ead8ec72989b7830c57c9621f Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sat, 4 Jun 2005 00:08:18 +0000
Subject: [PATCH 084/148] Q: How do I intergrate BIND 9 and Solaris SMF

---
 FAQ | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/FAQ b/FAQ
index 7e0e342e2b..ad6802c90b 100644
--- a/FAQ
+++ b/FAQ
@@ -501,3 +501,9 @@ A: These indicate a filesystem permission error preventing named creating /
 		masters { 192.168.4.12; };
 	}
 
+
+Q: How do I intergrate BIND 9 and Solaris SMF
+
+A: Sun has a blog entry describing how to do this.
+
+	http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris

From f4545143206d918a7f6ee53cd4fb9788c534c0c7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sat, 4 Jun 2005 00:08:44 +0000
Subject: [PATCH 085/148] wrong number

---
 doc/rfc/index | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/rfc/index b/doc/rfc/index
index ad1b9a29fb..0c2b4028b8 100644
--- a/doc/rfc/index
+++ b/doc/rfc/index
@@ -76,9 +76,9 @@
 	 Addresses in the Domain Name System (DNS)
 3364:	Tradeoffs in Domain Name System (DNS) Support
 	 for Internet Protocol version 6 (IPv6)
-3390:	Internationalizing Domain Names In Applications (IDNA)
 3425:	Obsoleting IQUERY
 3445:	Limiting the Scope of the KEY Resource Record (RR)
+3490:	Internationalizing Domain Names In Applications (IDNA)
 3491:	Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
 3492:	Punycode:A Bootstring encoding of Unicode for
 	  Internationalized Domain Names in Applications (IDNA)

From ef67e6d8fa86d98a2c0defc43b624434324d9ce7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sat, 4 Jun 2005 00:18:56 +0000
Subject: [PATCH 086/148] 1859.   [func]          Add support for CH A record.
 [RT #14695]

---
 CHANGES                   |   2 +-
 lib/dns/gen.c             |   9 +-
 lib/dns/master.c          |   3 +-
 lib/dns/rdata/ch_3/a_1.c  | 314 ++++++++++++++++++++++++++++++++++++++
 lib/dns/rdata/ch_3/a_1.h  |  32 ++++
 lib/isc/include/isc/lex.h |  22 ++-
 lib/isc/lex.c             |  42 ++++-
 util/copyrights           |   2 +
 8 files changed, 413 insertions(+), 13 deletions(-)
 create mode 100644 lib/dns/rdata/ch_3/a_1.c
 create mode 100644 lib/dns/rdata/ch_3/a_1.h

diff --git a/CHANGES b/CHANGES
index d14efeb32b..39887fbf6d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,7 +21,7 @@
 
 1860.	[placeholder]	rt14775
 
-1859.	[placeholder]	rt14695
+1859.	[func]		Add support for CH A record. [RT #14695]
 
 1858.	[bug]		The flush-zones-on-shutdown option wasn't being
 			parsed. [RT #14686]
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
index 409376031a..0d8a5bd0f4 100644
--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: gen.c,v 1.75 2005/04/29 00:22:46 marka Exp $ */
+/* $Id: gen.c,v 1.76 2005/06/04 00:18:53 marka Exp $ */
 
 /*! \file */
 
@@ -831,13 +831,10 @@ main(int argc, char **argv) {
 	} while (0)
 
 		for (cc = classes; cc != NULL; cc = cc->next) {
-			if (cc->rdclass == 4) {
-				PRINTCLASS("ch", 3);
+			if (cc->rdclass == 3)
 				PRINTCLASS("chaos", 3);
-
-			} else if (cc->rdclass == 255) {
+			else if (cc->rdclass == 255)
 				PRINTCLASS("none", 254);
-			}
 			PRINTCLASS(cc->classname, cc->rdclass);
 		}
 
diff --git a/lib/dns/master.c b/lib/dns/master.c
index beaccbd8a9..a697dbe4e6 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: master.c,v 1.153 2005/05/19 04:59:02 marka Exp $ */
+/* $Id: master.c,v 1.154 2005/06/04 00:18:54 marka Exp $ */
 
 /*! \file */
 
@@ -714,6 +714,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
 	case dns_rdatatype_a:
 	case dns_rdatatype_aaaa:
 		if (lctx->zclass == dns_rdataclass_in ||
+		    lctx->zclass == dns_rdataclass_ch ||
 		    lctx->zclass == dns_rdataclass_hs)
 			break;
 		/* FALLTHROUGH */
diff --git a/lib/dns/rdata/ch_3/a_1.c b/lib/dns/rdata/ch_3/a_1.c
new file mode 100644
index 0000000000..b841f9c85d
--- /dev/null
+++ b/lib/dns/rdata/ch_3/a_1.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* by Bjorn.Victor@it.uu.se, 2005-05-07 */
+/* Based on generic/soa_6.c and generic/mx_15.c */
+
+#ifndef RDATA_CH_3_A_1_C
+#define RDATA_CH_3_A_1_C
+
+#include 
+
+#define RRTYPE_A_ATTRIBUTES (0)
+
+static inline isc_result_t
+fromtext_ch_a(ARGS_FROMTEXT) {
+	isc_token_t token;
+	dns_name_t name;
+	isc_buffer_t buffer;
+
+	REQUIRE(type == 1);
+	REQUIRE(rdclass == dns_rdataclass_ch); /* 3 */
+
+	UNUSED(type);
+	UNUSED(callbacks);
+
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
+				      ISC_FALSE));
+
+	/* get domain name */
+	dns_name_init(&name, NULL);
+	buffer_fromregion(&buffer, &token.value.as_region);
+	origin = (origin != NULL) ? origin : dns_rootname;
+	RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
+	if ((options & DNS_RDATA_CHECKNAMES) != 0 &&
+	    (options & DNS_RDATA_CHECKREVERSE) != 0) {
+		isc_boolean_t ok;
+		ok = dns_name_ishostname(&name, ISC_FALSE);
+		if (!ok && (options & DNS_RDATA_CHECKNAMESFAIL) != 0)
+			RETTOK(DNS_R_BADNAME);
+		if (!ok && callbacks != NULL)
+			warn_badname(&name, lexer, callbacks);
+	}
+
+	/* 16-bit octal address */
+	RETERR(isc_lex_getoctaltoken(lexer, &token, ISC_FALSE));
+	if (token.value.as_ulong > 0xffff)
+		RETTOK(ISC_R_RANGE);
+	return (uint16_tobuffer(token.value.as_ulong, target));
+}
+
+static inline isc_result_t
+totext_ch_a(ARGS_TOTEXT) {
+	isc_region_t region;
+	dns_name_t name;
+	dns_name_t prefix;
+	isc_boolean_t sub;
+	char buf[sizeof("0177777")];
+	isc_uint16_t addr;
+
+	REQUIRE(rdata->type == 1);
+	REQUIRE(rdata->rdclass == dns_rdataclass_ch); /* 3 */
+	REQUIRE(rdata->length != 0);
+
+	dns_name_init(&name, NULL);
+	dns_name_init(&prefix, NULL);
+
+	dns_rdata_toregion(rdata, ®ion);
+	dns_name_fromregion(&name, ®ion);
+	isc_region_consume(®ion, name_length(&name));
+	addr = uint16_fromregion(®ion);
+
+	sub = name_prefix(&name, tctx->origin, &prefix);
+	RETERR(dns_name_totext(&prefix, sub, target));
+
+	sprintf(buf, "%o", addr); /* note octal */
+	RETERR(str_totext(" ", target));
+	return (str_totext(buf, target));
+}
+
+static inline isc_result_t
+fromwire_ch_a(ARGS_FROMWIRE) {
+	isc_region_t sregion;
+	isc_region_t tregion;
+	dns_name_t name;
+
+	REQUIRE(type == 1);
+	REQUIRE(rdclass == dns_rdataclass_ch);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+
+	dns_decompress_setmethods(dctx, DNS_COMPRESS_GLOBAL14);
+
+	dns_name_init(&name, NULL);
+	
+	RETERR(dns_name_fromwire(&name, source, dctx, options, target));
+
+	isc_buffer_activeregion(source, &sregion);
+	isc_buffer_availableregion(target, &tregion);
+	if (sregion.length < 2)
+		return (ISC_R_UNEXPECTEDEND);
+	if (tregion.length < 2)
+		return (ISC_R_NOSPACE);
+
+	memcpy(tregion.base, sregion.base, 2);
+	isc_buffer_forward(source, 2);
+	isc_buffer_add(target, 2);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+towire_ch_a(ARGS_TOWIRE) {
+	dns_name_t name;
+	dns_offsets_t offsets;
+	isc_region_t sregion;
+	isc_region_t tregion;
+
+	REQUIRE(rdata->type == 1);
+	REQUIRE(rdata->rdclass == dns_rdataclass_ch);
+	REQUIRE(rdata->length != 0);
+
+	dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14);
+
+	dns_name_init(&name, offsets);
+
+	dns_rdata_toregion(rdata, &sregion);
+
+	dns_name_fromregion(&name, &sregion);
+	isc_region_consume(&sregion, name_length(&name));
+	RETERR(dns_name_towire(&name, cctx, target));
+
+	isc_buffer_availableregion(target, &tregion);
+	if (tregion.length < 2)
+		return (ISC_R_NOSPACE);
+
+	memcpy(tregion.base, sregion.base, 2);
+	isc_buffer_add(target, 2);
+	return (ISC_R_SUCCESS);
+}
+
+static inline int
+compare_ch_a(ARGS_COMPARE) {
+	dns_name_t name1;
+	dns_name_t name2;
+	isc_region_t region1;
+	isc_region_t region2;
+	int order;
+
+	REQUIRE(rdata1->type == rdata2->type);
+	REQUIRE(rdata1->rdclass == rdata2->rdclass);
+	REQUIRE(rdata1->type == 1);
+	REQUIRE(rdata1->rdclass == dns_rdataclass_ch);
+	REQUIRE(rdata1->length != 0);
+	REQUIRE(rdata2->length != 0);
+
+	dns_name_init(&name1, NULL);
+	dns_name_init(&name2, NULL);
+
+	dns_rdata_toregion(rdata1, ®ion1);
+	dns_rdata_toregion(rdata2, ®ion2);
+
+	dns_name_fromregion(&name1, ®ion1);
+	dns_name_fromregion(&name2, ®ion2);
+	isc_region_consume(®ion1, name_length(&name1));
+	isc_region_consume(®ion2, name_length(&name2));
+
+	order = dns_name_rdatacompare(&name1, &name2);
+	if (order != 0)
+		return (order);
+
+	order = memcmp(rdata1->data, rdata2->data, 2);
+	if (order != 0)
+		order = (order < 0) ? -1 : 1;
+	return (order);
+}
+
+static inline isc_result_t
+fromstruct_ch_a(ARGS_FROMSTRUCT) {
+	dns_rdata_ch_a_t *a = source;
+	isc_region_t region;
+
+	REQUIRE(type == 1);
+	REQUIRE(source != NULL);
+	REQUIRE(a->common.rdtype == type);
+	REQUIRE(a->common.rdclass == rdclass);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+
+	dns_name_toregion(&a->ch_addr_dom, ®ion);
+	RETERR(isc_buffer_copyregion(target, ®ion));
+	
+	return (uint16_tobuffer(ntohs(a->ch_addr), target));
+}
+
+static inline isc_result_t
+tostruct_ch_a(ARGS_TOSTRUCT) {
+	dns_rdata_ch_a_t *a = target;
+	isc_region_t region;
+	dns_name_t name;
+
+	REQUIRE(rdata->type == 1);
+	REQUIRE(rdata->rdclass == dns_rdataclass_ch);
+	REQUIRE(rdata->length != 0);
+
+	a->common.rdclass = rdata->rdclass;
+	a->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&a->common, link);
+
+	dns_rdata_toregion(rdata, ®ion);
+
+	dns_name_init(&name, NULL);
+	dns_name_fromregion(&name, ®ion);
+	isc_region_consume(®ion, name_length(&name));
+
+	dns_name_init(&a->ch_addr_dom, NULL);
+	RETERR(name_duporclone(&name, mctx, &a->ch_addr_dom));
+	a->ch_addr = htons(uint16_fromregion(®ion));
+	a->mctx = mctx;
+	return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_ch_a(ARGS_FREESTRUCT) {
+	dns_rdata_ch_a_t *a = source;
+
+	REQUIRE(source != NULL);
+	REQUIRE(a->common.rdtype == 1);
+
+	if (a->mctx == NULL)
+		return;
+
+	dns_name_free(&a->ch_addr_dom, a->mctx);
+	a->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_ch_a(ARGS_ADDLDATA) {
+
+	REQUIRE(rdata->type == 1);
+	REQUIRE(rdata->rdclass == dns_rdataclass_ch);
+
+	UNUSED(rdata);
+	UNUSED(add);
+	UNUSED(arg);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_ch_a(ARGS_DIGEST) {
+	isc_region_t r;
+
+	dns_name_t name;
+
+	REQUIRE(rdata->type == 1);
+	REQUIRE(rdata->rdclass == dns_rdataclass_ch);
+
+	dns_rdata_toregion(rdata, &r);
+	dns_name_init(&name, NULL);
+	dns_name_fromregion(&name, &r);
+	isc_region_consume(&r, name_length(&name));
+	RETERR(dns_name_digest(&name, digest, arg));
+	return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_ch_a(ARGS_CHECKOWNER) {
+
+	REQUIRE(type == 1);
+	REQUIRE(rdclass == dns_rdataclass_ch);
+
+	UNUSED(type);
+
+	return (dns_name_ishostname(name, wildcard));
+}
+
+static inline isc_boolean_t
+checknames_ch_a(ARGS_CHECKNAMES) {
+	isc_region_t region;
+	dns_name_t name;
+
+	REQUIRE(rdata->type == 1);
+	REQUIRE(rdata->rdclass == dns_rdataclass_ch);
+
+	UNUSED(owner);
+
+	dns_rdata_toregion(rdata, ®ion);
+	dns_name_init(&name, NULL);
+	dns_name_fromregion(&name, ®ion);
+	if (!dns_name_ishostname(&name, ISC_FALSE)) {
+		if (bad != NULL)
+			dns_name_clone(&name, bad);
+		return (ISC_FALSE);
+	}
+
+	return (ISC_TRUE);
+}
+
+#endif	/* RDATA_CH_3_A_1_C */
diff --git a/lib/dns/rdata/ch_3/a_1.h b/lib/dns/rdata/ch_3/a_1.h
new file mode 100644
index 0000000000..34aa3d7f8c
--- /dev/null
+++ b/lib/dns/rdata/ch_3/a_1.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* by Bjorn.Victor@it.uu.se, 2005-05-07 */
+/* Based on generic/mx_15.h */
+
+#ifndef CH_3_A_1_H
+#define CH_3_A_1_H 1
+
+typedef isc_uint16_t ch_addr_t;
+
+typedef struct dns_rdata_ch_a {
+	dns_rdatacommon_t	common;
+	isc_mem_t		*mctx;
+  	dns_name_t		ch_addr_dom; /* ch-addr domain for back mapping */
+	ch_addr_t		ch_addr; /* chaos address (16 bit) network order */
+} dns_rdata_ch_a_t;
+
+#endif /* CH_3_A_1_H */
diff --git a/lib/isc/include/isc/lex.h b/lib/isc/include/isc/lex.h
index 90e8d59653..fe7269bc95 100644
--- a/lib/isc/include/isc/lex.h
+++ b/lib/isc/include/isc/lex.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lex.h,v 1.32 2005/04/29 00:23:38 marka Exp $ */
+/* $Id: lex.h,v 1.33 2005/06/04 00:18:55 marka Exp $ */
 
 #ifndef ISC_LEX_H
 #define ISC_LEX_H 1
@@ -86,9 +86,10 @@ ISC_LANG_BEGINDECLS
 #define ISC_LEXOPT_DNSMULTILINE		0x20	/*%< Handle '(' and ')'. */
 #define ISC_LEXOPT_NOMORE		0x40	/*%< Want "no more" token. */
 
-#define ISC_LEXOPT_CNUMBER		0x80    /*%< Regognize octal and hex */
+#define ISC_LEXOPT_CNUMBER		0x80    /*%< Regognize octal and hex. */
 #define ISC_LEXOPT_ESCAPE		0x100	/*%< Recognize escapes. */
 #define ISC_LEXOPT_QSTRINGMULTILINE	0x200	/*%< Allow multiline "" strings */
+#define ISC_LEXOPT_OCTAL		0x400	/*%< Expect a octal number. */
 /*@}*/
 /*@{*/
 /*!
@@ -323,6 +324,23 @@ isc_lex_getmastertoken(isc_lex_t *lex, isc_token_t *token,
  * \li	any return code from isc_lex_gettoken().
  */
 
+isc_result_t
+isc_lex_getoctaltoken(isc_lex_t *lex, isc_token_t *token, isc_boolean_t eol);
+/*%<
+ * Get the next token from a DNS master file type stream.  This is a
+ * convenience function that sets appropriate options and handles end
+ * of line correctly for master files.  It also ungets unexpected tokens.
+ *
+ * Requires:
+ *\li	'lex' is a valid lexer.
+ *
+ *\li	'token' is a valid pointer
+ *
+ * Returns:
+ *
+ * \li	any return code from isc_lex_gettoken().
+ */
+
 void
 isc_lex_ungettoken(isc_lex_t *lex, isc_token_t *tokenp);
 /*%<
diff --git a/lib/isc/lex.c b/lib/isc/lex.c
index b264623ad4..650b759c4d 100644
--- a/lib/isc/lex.c
+++ b/lib/isc/lex.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lex.c,v 1.81 2005/04/29 00:23:27 marka Exp $ */
+/* $Id: lex.c,v 1.82 2005/06/04 00:18:55 marka Exp $ */
 
 /*! \file */
 
@@ -565,7 +565,11 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 			} else if (isdigit((unsigned char)c) &&
 				   (options & ISC_LEXOPT_NUMBER) != 0) {
 				lex->last_was_eol = ISC_FALSE;
-				state = lexstate_number;
+				if ((options & ISC_LEXOPT_OCTAL) != 0 &&
+				    (c == '8' || c == '9'))
+					state = lexstate_string;
+				else
+					state = lexstate_number;
 				goto no_read;
 			} else {
 				lex->last_was_eol = ISC_FALSE;
@@ -586,7 +590,9 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 				    c == '\n' || c == EOF ||
 				    lex->specials[c]) {
 					int base;
-					if ((options & ISC_LEXOPT_CNUMBER) != 0)
+					if ((options & ISC_LEXOPT_OCTAL) != 0)
+						base = 8;
+					else if ((options & ISC_LEXOPT_CNUMBER) != 0)
 						base = 0;
 					else
 						base = 10;
@@ -621,6 +627,9 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 					   (lex->data[0] != '0'))) {
 					/* Above test supports hex numbers */
 					state = lexstate_string;
+				} else if ((options & ISC_LEXOPT_OCTAL) != 0 &&
+					   (c == '8' || c == '9')) {
+					state = lexstate_string;
 				}
 			}
 			if (remaining == 0U) {
@@ -819,6 +828,33 @@ isc_lex_getmastertoken(isc_lex_t *lex, isc_token_t *token,
 	return (ISC_R_SUCCESS);
 }
 
+isc_result_t
+isc_lex_getoctaltoken(isc_lex_t *lex, isc_token_t *token, isc_boolean_t eol)
+{
+	unsigned int options = ISC_LEXOPT_EOL | ISC_LEXOPT_EOF |
+			       ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE|
+			       ISC_LEXOPT_NUMBER | ISC_LEXOPT_OCTAL;
+	isc_result_t result;
+
+	result = isc_lex_gettoken(lex, options, token);
+	if (result == ISC_R_RANGE)
+		isc_lex_ungettoken(lex, token);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	if (eol && ((token->type == isc_tokentype_eol) ||
+		    (token->type == isc_tokentype_eof)))
+		return (ISC_R_SUCCESS);
+	if (token->type != isc_tokentype_number) {
+		isc_lex_ungettoken(lex, token);
+		if (token->type == isc_tokentype_eol ||
+		    token->type == isc_tokentype_eof)
+			return (ISC_R_UNEXPECTEDEND);
+		return (ISC_R_BADNUMBER);
+	}
+	return (ISC_R_SUCCESS);
+}
+
 void
 isc_lex_ungettoken(isc_lex_t *lex, isc_token_t *tokenp) {
 	inputsource *source;
diff --git a/util/copyrights b/util/copyrights
index e2a04023cc..7b87f551a7 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1744,6 +1744,8 @@
 ./lib/dns/rdata.c				C	1998,1999,2000,2001,2002,2003,2004,2005
 ./lib/dns/rdata/any_255/tsig_250.c		C	1999,2000,2001,2002,2003,2004,2005
 ./lib/dns/rdata/any_255/tsig_250.h		C	1999,2000,2001,2004,2005
+./lib/dns/rdata/ch_3/a_1.c			C	2005
+./lib/dns/rdata/ch_3/a_1.h			C	2005
 ./lib/dns/rdata/generic/afsdb_18.c		C	1999,2000,2001,2003,2004,2005
 ./lib/dns/rdata/generic/afsdb_18.h		C	1999,2000,2001,2004,2005
 ./lib/dns/rdata/generic/cert_37.c		C	1999,2000,2001,2002,2003,2004,2005

From 5597be9bb88de138dfec9fa9176708443813925e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Sat, 4 Jun 2005 05:32:50 +0000
Subject: [PATCH 087/148] 1813.	[func]		Restructured the data locking
 framework using 			architecture dependent atomic
 operations (when 			available), improving response
 performance on 			multi-processor machines
 significantly. 			x86, x86_64, alpha, and sparc64 are
 currently 			supported.

(RT #13505)
---
 CHANGES                               |    7 +-
 bin/named/client.c                    |   45 +-
 configure.in                          |   72 +-
 lib/dns/acache.c                      |   80 +-
 lib/dns/include/dns/rbt.h             |   75 +-
 lib/dns/rbt.c                         |   32 +-
 lib/dns/rbtdb.c                       | 1356 +++++++++++++++++--------
 lib/dns/resolver.c                    |   86 +-
 lib/dns/zone.c                        |  143 ++-
 lib/isc/Makefile.in                   |    3 +-
 lib/isc/alpha/include/isc/atomic.h    |  166 +++
 lib/isc/include/isc/mem.h             |   23 +-
 lib/isc/include/isc/platform.h.in     |   25 +-
 lib/isc/include/isc/refcount.h        |   85 +-
 lib/isc/include/isc/rwlock.h          |   40 +-
 lib/isc/mem.c                         |  153 +--
 lib/isc/noatomic/include/isc/atomic.h |   24 +
 lib/isc/rwlock.c                      |  420 +++++++-
 lib/isc/sparc64/include/isc/atomic.h  |  119 +++
 lib/isc/unix/include/isc/stdtime.h    |   13 +-
 lib/isc/win32/include/isc/stdtime.h   |   13 +-
 lib/isc/x86_32/include/isc/atomic.h   |   83 ++
 make/includes.in                      |    7 +-
 23 files changed, 2413 insertions(+), 657 deletions(-)
 create mode 100644 lib/isc/alpha/include/isc/atomic.h
 create mode 100644 lib/isc/noatomic/include/isc/atomic.h
 create mode 100644 lib/isc/sparc64/include/isc/atomic.h
 create mode 100644 lib/isc/x86_32/include/isc/atomic.h

diff --git a/CHANGES b/CHANGES
index 39887fbf6d..f84495e8df 100644
--- a/CHANGES
+++ b/CHANGES
@@ -146,7 +146,12 @@
 
 1814.	[func]		UNIX domain controls are now supported.
 
-1813.	[placeholder]	rt13505
+1813.	[func]		Restructured the data locking framework using
+			architecture dependent atomic operations (when
+			available), improving response performance on
+			multi-processor machines significantly.
+			x86, x86_64, alpha, and sparc64 are currently
+			supported.
 
 1812.	[port]		win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
 			[RT #13453]
diff --git a/bin/named/client.c b/bin/named/client.c
index 95ab3f9ac4..067e327497 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,13 +15,14 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.226 2005/04/27 04:55:48 sra Exp $ */
+/* $Id: client.c,v 1.227 2005/06/04 05:32:46 jinmei Exp $ */
 
 #include 
 
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -471,7 +472,7 @@ exit_check(ns_client_t *client) {
 
 		CTRACE("free");
 		client->magic = 0;
-		isc_mem_put(client->mctx, client, sizeof(*client));
+		isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
 
 		goto unlock;
 	}
@@ -1667,6 +1668,7 @@ static isc_result_t
 client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	ns_client_t *client;
 	isc_result_t result;
+	isc_mem_t *mctx = NULL;
 
 	/*
 	 * Caller must be holding the manager lock.
@@ -1678,9 +1680,31 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 
 	REQUIRE(clientp != NULL && *clientp == NULL);
 
-	client = isc_mem_get(manager->mctx, sizeof(*client));
-	if (client == NULL)
+#ifdef ISC_PLATFORM_USETHREADS
+	/*
+	 * When enabling threads, we use a separate memory context for each
+	 * client, since concurrent access to a shared context would cause
+	 * heavy contentions.  We also specify the NOLOCK flag on creation,
+	 * since we are very sure that multiple threads will never get access
+	 * to the context simultaneously.
+	 */
+	result = isc_mem_create2(0, 0, &mctx, ISC_MEMFLAG_NOLOCK);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+#else
+	/*
+	 * Otherwise, simply share manager's context.  Using a separate context
+	 * in this case would simply waste memory.
+	 */
+	isc_mem_attach(manager->mctx, &mctx);
+#endif
+
+	client = isc_mem_get(mctx, sizeof(*client));
+	if (client == NULL) {
+		isc_mem_detach(&mctx);
 		return (ISC_R_NOMEMORY);
+	}
+	client->mctx = mctx;
 
 	client->task = NULL;
 	result = isc_task_create(manager->taskmgr, 0, &client->task);
@@ -1697,7 +1721,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	client->timerset = ISC_FALSE;
 
 	client->message = NULL;
-	result = dns_message_create(manager->mctx, DNS_MESSAGE_INTENTPARSE,
+	result = dns_message_create(client->mctx, DNS_MESSAGE_INTENTPARSE,
 				    &client->message);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_timer;
@@ -1705,7 +1729,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	/* XXXRTH  Hardwired constants */
 
 	client->sendevent = (isc_socketevent_t *)
-			    isc_event_allocate(manager->mctx, client,
+			    isc_event_allocate(client->mctx, client,
 					       ISC_SOCKEVENT_SENDDONE,
 					       client_senddone, client,
 					       sizeof(isc_socketevent_t));
@@ -1714,14 +1738,14 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 		goto cleanup_message;
 	}
 
-	client->recvbuf = isc_mem_get(manager->mctx, RECV_BUFFER_SIZE);
+	client->recvbuf = isc_mem_get(client->mctx, RECV_BUFFER_SIZE);
 	if  (client->recvbuf == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto cleanup_sendevent;
 	}
 
 	client->recvevent = (isc_socketevent_t *)
-			    isc_event_allocate(manager->mctx, client,
+			    isc_event_allocate(client->mctx, client,
 					       ISC_SOCKEVENT_RECVDONE,
 					       client_request, client,
 					       sizeof(isc_socketevent_t));
@@ -1731,7 +1755,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	}
 
 	client->magic = NS_CLIENT_MAGIC;
-	client->mctx = manager->mctx;
 	client->manager = NULL;
 	client->state = NS_CLIENTSTATE_INACTIVE;
 	client->newstate = NS_CLIENTSTATE_MAX;
@@ -1801,7 +1824,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	isc_event_free((isc_event_t **)&client->recvevent);
 
  cleanup_recvbuf:
-	isc_mem_put(manager->mctx, client->recvbuf, RECV_BUFFER_SIZE);
+	isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
 
  cleanup_sendevent:
 	isc_event_free((isc_event_t **)&client->sendevent);
@@ -1818,7 +1841,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	isc_task_detach(&client->task);
 
  cleanup_client:
-	isc_mem_put(manager->mctx, client, sizeof(*client));
+	isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
 
 	return (result);
 }
diff --git a/configure.in b/configure.in
index 16f88edba8..e4f639fc90 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.376 $)
+AC_REVISION($Revision: 1.377 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)
@@ -1830,6 +1830,76 @@ yes)
 esac
 AC_SUBST(ISC_PLATFORM_HAVEIFNAMETOINDEX)
 
+#
+# Machine architecture dependent features
+#
+AC_ARG_ENABLE(atomic,
+	[  --enable-atomic	enable machine specific atomic operations
+                        [[default=autodetect]]],
+			enable_atomic="$enableval",
+			enable_atomic="autodetect")
+case "$enable_atomic" in
+	yes|''|autodetect)
+		use_atomic=yes
+		;;
+	no)
+		use_atomic=no
+		;;
+esac
+
+ISC_PLATFORM_USEOSFASM="#undef ISC_PLATFORM_USEOSFASM"
+if test "$use_atomic" = "yes"; then
+	AC_MSG_CHECKING([architecture type for atomic operations])
+	case "$host" in
+	[i[3456]86-*]|x86_64-*)
+		# XXX: also need to check portability of the "asm" keyword?
+		# XXX: some old x86 architectures actualy do not support
+		#      (some of) these operations.  Do we need stricter checks?
+		# Note: We currently use the same code for both the x86_32 and
+		#       x86_64 architectures, but there may be a better
+		# implementation for the latter.
+		have_atomic=yes
+		arch=x86_32
+	;;
+	alpha*-*)
+		have_atomic=yes
+		arch=alpha
+		if test "X$GCC" != "Xyes"; then
+			case "$host" in
+			*-dec-osf*)
+			# Tru64 compiler has its own syntax for inline
+			# assembly.
+			ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1"
+			;;
+			esac
+		fi
+	;;
+	*)
+		have_atomic=no
+		arch=noatomic
+	;;
+	esac
+	AC_MSG_RESULT($arch)
+fi
+
+if test "$have_atomic" = "yes"; then
+	ISC_PLATFORM_HAVEXADD="#define ISC_PLATFORM_HAVEXADD 1"
+	ISC_PLATFORM_HAVECMPXCHG="#define ISC_PLATFORM_HAVECMPXCHG 1"
+	ISC_PLATFORM_HAVEATOMICSTORE="#define ISC_PLATFORM_HAVEATOMICSTORE 1"
+else
+	ISC_PLATFORM_HAVEXADD="#undef ISC_PLATFORM_HAVEXADD"
+	ISC_PLATFORM_HAVECMPXCHG="#undef ISC_PLATFORM_HAVECMPXCHG"
+	ISC_PLATFORM_HAVEATOMICSTORE="#undef ISC_PLATFORM_HAVEATOMICSTORE"
+fi
+
+AC_SUBST(ISC_PLATFORM_HAVEXADD)
+AC_SUBST(ISC_PLATFORM_HAVECMPXCHG)
+AC_SUBST(ISC_PLATFORM_HAVEATOMICSTORE)
+AC_SUBST(ISC_PLATFORM_USEOSFASM)
+
+ISC_ARCH_DIR=$arch
+AC_SUBST(ISC_ARCH_DIR)
+
 #
 # The following sections deal with tools used for formatting
 # the documentation.  They are all optional, unless you are
diff --git a/lib/dns/acache.c b/lib/dns/acache.c
index 1d9491020a..31bd333b67 100644
--- a/lib/dns/acache.c
+++ b/lib/dns/acache.c
@@ -14,10 +14,11 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acache.c,v 1.8 2005/02/07 00:04:05 marka Exp $ */
+/* $Id: acache.c,v 1.9 2005/06/04 05:32:46 jinmei Exp $ */
 
 #include 
 
+#include 
 #include 
 #include 
 #include 
@@ -25,6 +26,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -73,6 +75,26 @@
 #define DNS_ACACHE_MINSIZE 		2097152	/* Bytes.  2097152 = 2 MB */
 #define DNS_ACACHE_CLEANERINCREMENT	1000	/* Number of entries. */
 
+#if defined(ISC_RWLOCK_USEATOMIC) && defined(ISC_PLATFORM_HAVEATOMICSTORE)
+#define ACACHE_USE_RWLOCK 1
+#endif
+
+#ifdef ACACHE_USE_RWLOCK
+#define ACACHE_INITLOCK(l)	isc_rwlock_init((l), 0, 0)
+#define ACACHE_DESTROYLOCK(l)	isc_rwlock_destroy(l)
+#define ACACHE_LOCK(l, t)	RWLOCK((l), (t))
+#define ACACHE_UNLOCK(l, t)	RWUNLOCK((l), (t))
+
+#define acache_storetime(entry, t) (isc_atomic_store(&(entry)->lastused, (t)))
+#else
+#define ACACHE_INITLOCK(l)	isc_mutex_init(l)
+#define ACACHE_DESTROYLOCK(l)	DESTROYLOCK(l)
+#define ACACHE_LOCK(l, t)	LOCK(l)
+#define ACACHE_UNLOCK(l, t)	UNLOCK(l)
+
+#define acache_storetime(entry, t) ((entry)->lastused = (t))
+#endif
+
 /* Locked by acache lock */
 typedef struct dbentry {
 	ISC_LINK(struct dbentry)	link;
@@ -157,7 +179,11 @@ struct dns_acache {
 struct dns_acacheentry {
 	unsigned int 		magic;
 
+#ifdef ACACHE_USE_RWLOCK
+	isc_rwlock_t 		lock;
+#else
 	isc_mutex_t 		lock;
+#endif
 	isc_refcount_t 		references;
 
 	dns_acache_t 		*acache;
@@ -185,7 +211,7 @@ struct dns_acacheentry {
 	void 			*cbarg;
 
 	/* Timestamp of the last time this entry is referred to */
-	isc_stdtime_t 		lastused;
+	isc_stdtime32_t		lastused;
 };
 
 /*
@@ -242,7 +268,7 @@ shutdown_entries(dns_acache_t *acache) {
 	     entry = entry_next) {
 		entry_next = ISC_LIST_NEXT(entry, link);
 
-		LOCK(&entry->lock);
+		ACACHE_LOCK(&entry->lock, isc_rwlocktype_write);
 
 		/*
 		 * If the cleaner holds this entry, it will be unlinked and
@@ -256,7 +282,7 @@ shutdown_entries(dns_acache_t *acache) {
 			entry->callback = NULL;
 		}
 
-		UNLOCK(&entry->lock);
+		ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 
 		if (acache->cleaner.current_entry != entry)
 			dns_acache_detachentry(&entry);
@@ -352,7 +378,7 @@ destroy_entry(dns_acacheentry_t *entry) {
 	 */
 	clear_entry(acache, entry);
 
-	DESTROYLOCK(&entry->lock);
+	ACACHE_DESTROYLOCK(&entry->lock);
 
 	isc_mem_put(acache->mctx, entry, sizeof(*entry));
 
@@ -666,6 +692,7 @@ entry_stale(acache_cleaner_t *cleaner, dns_acacheentry_t *entry,
 	    isc_stdtime_t now)
 {
 	unsigned int interval = cleaner->cleaning_interval;
+	isc_stdtime32_t now32;
 
 	/*
 	 * If the callback has been canceled, we definitely do not need the
@@ -674,7 +701,8 @@ entry_stale(acache_cleaner_t *cleaner, dns_acacheentry_t *entry,
 	if (entry->callback == NULL)
 		return (ISC_TRUE);
 
-	if (entry->lastused + interval < now)
+	isc_stdtime_convert32(now, &now32);
+	if (entry->lastused + interval < now32)
 		return (ISC_TRUE);
 
 	/*
@@ -683,7 +711,8 @@ entry_stale(acache_cleaner_t *cleaner, dns_acacheentry_t *entry,
 	 * use and the cleaning interval.
 	 */
 	if (cleaner->overmem) {
-		unsigned int passed = now - entry->lastused; /* <= interval */
+		unsigned int passed =
+			now32 - entry->lastused; /* <= interval */
 		isc_uint32_t val, r;
 
 		isc_random_get(&val);
@@ -734,7 +763,7 @@ acache_incremental_cleaning_action(isc_task_t *task, isc_event_t *event) {
 
 		next = ISC_LIST_NEXT(entry, link);
 
-		LOCK(&entry->lock);
+		ACACHE_LOCK(&entry->lock, isc_rwlocktype_write);
 
 		is_stale = entry_stale(cleaner, entry, now);
 		if (is_stale) {
@@ -747,7 +776,7 @@ acache_incremental_cleaning_action(isc_task_t *task, isc_event_t *event) {
 			cleaner->ncleaned++;
 		}
 
-		UNLOCK(&entry->lock);
+		ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 
 		if (is_stale)
 			dns_acache_detachentry(&entry);
@@ -1129,7 +1158,7 @@ dns_acache_putdb(dns_acache_t *acache, dns_db_t *db) {
 	 * original holder has canceled callback,) destroy it here.
 	 */
 	while ((entry = ISC_LIST_HEAD(dbentry->originlist)) != NULL) {
-		LOCK(&entry->lock);
+		ACACHE_LOCK(&entry->lock, isc_rwlocktype_write);
 
 		/*
 		 * Releasing olink first would avoid finddbent() in
@@ -1144,13 +1173,13 @@ dns_acache_putdb(dns_acache_t *acache, dns_db_t *db) {
 			(entry->callback)(entry, &entry->cbarg);
 		entry->callback = NULL;
 
-		UNLOCK(&entry->lock);
+		ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 
 		if (acache->cleaner.current_entry != entry)
 			dns_acache_detachentry(&entry);
 	}
 	while ((entry = ISC_LIST_HEAD(dbentry->referlist)) != NULL) {
-		LOCK(&entry->lock);
+		ACACHE_LOCK(&entry->lock, isc_rwlocktype_write);
 
 		ISC_LIST_UNLINK(dbentry->referlist, entry, rlink);
 		if (acache->cleaner.current_entry != entry)
@@ -1161,7 +1190,7 @@ dns_acache_putdb(dns_acache_t *acache, dns_db_t *db) {
 			(entry->callback)(entry, &entry->cbarg);
 		entry->callback = NULL;
 
-		UNLOCK(&entry->lock);
+		ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 
 		if (acache->cleaner.current_entry != entry)
 			dns_acache_detachentry(&entry);
@@ -1200,7 +1229,7 @@ dns_acache_createentry(dns_acache_t *acache, dns_db_t *origdb,
 	if (newentry == NULL)
 		return (ISC_R_NOMEMORY);
 
-	result = isc_mutex_init(&newentry->lock);
+	result = ACACHE_INITLOCK(&newentry->lock);
 	if (result != ISC_R_SUCCESS) {
 		isc_mem_put(acache->mctx, newentry, sizeof(*newentry));
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -1246,6 +1275,7 @@ dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep,
 {
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdataset_t *erdataset;
+	isc_stdtime32_t	now32;
 
 	REQUIRE(DNS_ACACHEENTRY_VALID(entry));
 	REQUIRE(zonep == NULL || *zonep == NULL);
@@ -1254,10 +1284,11 @@ dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep,
 	REQUIRE(nodep != NULL && *nodep == NULL);
 	REQUIRE(fname != NULL);
 	REQUIRE(msg != NULL);
+	
+	ACACHE_LOCK(&entry->lock, isc_rwlocktype_read);
 
-	LOCK(&entry->lock);
-
-	entry->lastused = now;
+	isc_stdtime_convert32(now, &now32);
+	acache_storetime(entry, now32);
 
 	if (entry->zone != NULL && zonep != NULL)
 		dns_zone_attach(entry->zone, zonep);
@@ -1284,7 +1315,8 @@ dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep,
 			ardataset = NULL;
 			result = dns_message_gettemprdataset(msg, &ardataset);
 			if (result != ISC_R_SUCCESS) {
-				UNLOCK(&entry->lock);
+				ACACHE_UNLOCK(&entry->lock,
+					      isc_rwlocktype_read);
 				goto fail;
 			}
 
@@ -1300,7 +1332,7 @@ dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep,
 		}
 	}
 
-	UNLOCK(&entry->lock);
+	ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_read);
 
 	return (result);
 
@@ -1337,7 +1369,7 @@ dns_acache_setentry(dns_acache_t *acache, dns_acacheentry_t *entry,
 	REQUIRE(DNS_ACACHEENTRY_VALID(entry));
 
 	LOCK(&acache->lock);	/* XXX: need to lock it here for ordering */
-	LOCK(&entry->lock);
+	ACACHE_LOCK(&entry->lock, isc_rwlocktype_write);
 
 	/* Set zone */
 	if (zone != NULL)
@@ -1429,7 +1461,7 @@ dns_acache_setentry(dns_acache_t *acache, dns_acacheentry_t *entry,
 	 */
 	dns_acache_attachentry(entry, &dummy_entry);
 
-	UNLOCK(&entry->lock);
+	ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 	UNLOCK(&acache->lock);
 
 	return (ISC_R_SUCCESS);
@@ -1437,7 +1469,7 @@ dns_acache_setentry(dns_acache_t *acache, dns_acacheentry_t *entry,
  fail:
 	clear_entry(acache, entry);
 
-	UNLOCK(&entry->lock);
+	ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 	UNLOCK(&acache->lock);
 
 	return (result);
@@ -1451,7 +1483,7 @@ dns_acache_cancelentry(dns_acacheentry_t *entry) {
 	INSIST(DNS_ACACHE_VALID(acache));
 
 	LOCK(&acache->lock);
-	LOCK(&entry->lock);
+	ACACHE_LOCK(&entry->lock, isc_rwlocktype_write);
 
 	/*
 	 * Release dependencies stored in this entry as much as possible.
@@ -1465,7 +1497,7 @@ dns_acache_cancelentry(dns_acacheentry_t *entry) {
 	entry->callback = NULL;
 	entry->cbarg = NULL;
 
-	UNLOCK(&entry->lock);
+	ACACHE_UNLOCK(&entry->lock, isc_rwlocktype_write);
 	UNLOCK(&acache->lock);
 }
 
diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
index 46ebeb3b8b..3b4bc22ef9 100644
--- a/lib/dns/include/dns/rbt.h
+++ b/lib/dns/include/dns/rbt.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbt.h,v 1.62 2005/04/29 00:23:00 marka Exp $ */
+/* $Id: rbt.h,v 1.63 2005/06/04 05:32:47 jinmei Exp $ */
 
 #ifndef DNS_RBT_H
 #define DNS_RBT_H 1
@@ -24,6 +24,7 @@
 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -42,6 +43,12 @@ ISC_LANG_BEGINDECLS
 #define DNS_RBTFIND_NOPREDECESSOR		0x04
 /*@}*/
 
+#ifndef DNS_RBT_USEISCREFCOUNT
+#ifdef ISC_REFCOUNT_HAVEATOMIC
+#define DNS_RBT_USEISCREFCOUNT 1
+#endif
+#endif
+
 /*
  * These should add up to 30.
  */
@@ -108,7 +115,11 @@ typedef struct dns_rbtnode {
 	unsigned int dirty:1;
 	unsigned int wild:1;
 	unsigned int locknum:DNS_RBT_LOCKLENGTH;
+#ifndef DNS_RBT_USEISCREFCOUNT
 	unsigned int references:DNS_RBT_REFLENGTH;
+#else
+	isc_refcount_t references; /* note that this is not in the bitfield */
+#endif
 	/*@}*/
 } dns_rbtnode_t;
 
@@ -211,7 +222,10 @@ typedef struct dns_rbtnodechain {
 /*****
  ***** Public interfaces.
  *****/
-
+isc_result_t
+dns_rbt_create2(isc_mem_t *mctx, void (*deleter)(void *, void *),
+		void (*deleter2)(void *, void *),
+		void *deleter_arg, dns_rbt_t **rbtp);
 isc_result_t
 dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *),
 	       void *deleter_arg, dns_rbt_t **rbtp);
@@ -844,6 +858,63 @@ dns_rbtnodechain_next(dns_rbtnodechain_t *chain, dns_name_t *name,
  *\li	<something_else>	Any error result from dns_name_concatenate.
  */
 
+/*
+ * Wrapper macros for manipulating the rbtnode reference counter:
+ *   Since we selectively use isc_refcount_t for the reference counter of
+ *   a rbtnode, operations on the counter depend on the actual type of it.
+ *   The following macros provide a common interface to these operations,
+ *   hiding the back-end.  The usage is the same as that of isc_refcount_xxx().
+ */
+#ifdef DNS_RBT_USEISCREFCOUNT
+#define dns_rbtnode_refinit(node, n)				\
+	do {							\
+ 		isc_refcount_init(&(node)->references, (n));	\
+	} while (0) 
+#define dns_rbtnode_refdestroy(node)				\
+	do {							\
+		isc_refcount_destroy(&(node)->references);	\
+	} while (0) 
+#define dns_rbtnode_refcurrent(node)				\
+	isc_refcount_current(&(node)->references)
+#define dns_rbtnode_refincrement0(node, refs)			\
+	do {							\
+		isc_refcount_increment0(&(node)->references, (refs)); \
+	} while (0) 
+#define dns_rbtnode_refincrement(node, refs)			\
+	do {							\
+		isc_refcount_increment(&(node)->references, (refs)); \
+	} while (0) 
+#define dns_rbtnode_refdecrement(node, refs)			\
+	do {							\
+		isc_refcount_decrement(&(node)->references, (refs)); \
+	} while (0) 
+#else  /* DNS_RBT_USEISCREFCOUNT */
+#define dns_rbtnode_refinit(node, n)	((node)->references = (n))
+#define dns_rbtnode_refdestroy(node)	(REQUIRE((node)->references == 0))
+#define dns_rbtnode_refcurrent(node)	((node)->references)
+#define dns_rbtnode_refincrement0(node, refs)			\
+	do {							\
+		unsigned int *_tmp = (unsigned int *)(refs);	\
+		(node)->references++;				\
+		if ((_tmp) != NULL)				\
+			(*_tmp) = (node)->references;		\
+	} while (0) 
+#define dns_rbtnode_refincrement(node, refs)			\
+	do {							\
+		REQUIRE((node)->references > 0);		\
+		(node)->references++;				\
+		if ((refs) != NULL)				\
+			(*refs) = (node)->references;		\
+	} while (0) 
+#define dns_rbtnode_refdecrement(node, refs)			\
+	do {							\
+		REQUIRE((node)->references > 0);		\
+		(node)->references--;				\
+		if ((refs) != NULL)				\
+			(*refs) = (node)->references;		\
+	} while (0) 
+#endif /* DNS_RBT_USEISCREFCOUNT */
+
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_RBT_H */
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index 18418316fb..1f3463f9ec 100644
--- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbt.c,v 1.132 2005/04/29 00:22:50 marka Exp $ */
+/* $Id: rbt.c,v 1.133 2005/06/04 05:32:46 jinmei Exp $ */
 
 /*! \file */
 
@@ -26,6 +26,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
@@ -62,6 +63,7 @@ struct dns_rbt {
 	isc_mem_t *		mctx;
 	dns_rbtnode_t *		root;
 	void			(*data_deleter)(void *, void *);
+	void			(*data_deleter2)(void *, void *);
 	void *			deleter_arg;
 	unsigned int		nodecount;
 	unsigned int		hashsize;
@@ -96,7 +98,6 @@ struct dns_rbt {
 #define DIRTY(node)	((node)->dirty)
 #define WILD(node)	((node)->wild)
 #define LOCKNUM(node)	((node)->locknum)
-#define REFS(node)	((node)->references)
 
 /*%
  * The variable length stuff stored after the node.
@@ -220,8 +221,9 @@ dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum,
  * Initialize a red/black tree of trees.
  */
 isc_result_t
-dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *),
-	       void *deleter_arg, dns_rbt_t **rbtp)
+dns_rbt_create2(isc_mem_t *mctx, void (*deleter)(void *, void *),
+		void (*deleter2)(void *, void *),
+		void *deleter_arg, dns_rbt_t **rbtp)
 {
 #ifdef DNS_RBT_USEHASH
 	isc_result_t result;
@@ -231,7 +233,7 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *),
 
 	REQUIRE(mctx != NULL);
 	REQUIRE(rbtp != NULL && *rbtp == NULL);
-	REQUIRE(deleter == NULL ? deleter_arg == NULL : 1);
+	REQUIRE((deleter == NULL && deleter2 == NULL) ? deleter_arg == NULL : 1);
 
 	rbt = (dns_rbt_t *)isc_mem_get(mctx, sizeof(*rbt));
 	if (rbt == NULL)
@@ -239,6 +241,7 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *),
 
 	rbt->mctx = mctx;
 	rbt->data_deleter = deleter;
+	rbt->data_deleter2 = deleter2;
 	rbt->deleter_arg = deleter_arg;
 	rbt->root = NULL;
 	rbt->nodecount = 0;
@@ -258,6 +261,13 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *),
 	return (ISC_R_SUCCESS);
 }
 
+isc_result_t
+dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *),
+	       void *deleter_arg, dns_rbt_t **rbtp)
+{
+	return (dns_rbt_create2(mctx, deleter, NULL, deleter_arg, rbtp));
+}
+
 /*
  * Deallocate a red/black tree of trees.
  */
@@ -1276,6 +1286,9 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse)
 			if (DATA(node) != NULL && rbt->data_deleter != NULL)
 				rbt->data_deleter(DATA(node),
 						  rbt->deleter_arg);
+			if (DATA(node) != NULL && rbt->data_deleter2 != NULL)
+				rbt->data_deleter2(node,
+						   rbt->deleter_arg);
 			DATA(node) = NULL;
 
 			/*
@@ -1307,11 +1320,14 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse)
 
 	if (DATA(node) != NULL && rbt->data_deleter != NULL)
 		rbt->data_deleter(DATA(node), rbt->deleter_arg);
+	if (DATA(node) != NULL && rbt->data_deleter2 != NULL)
+		rbt->data_deleter2(node, rbt->deleter_arg);
 
 	unhash_node(rbt, node);
 #if DNS_RBT_USEMAGIC
 	node->magic = 0;
 #endif
+	dns_rbtnode_refdestroy(node);
 	isc_mem_put(rbt->mctx, node, NODE_SIZE(node));
 	rbt->nodecount--;
 
@@ -1436,9 +1452,9 @@ create_node(isc_mem_t *mctx, dns_name_t *name, dns_rbtnode_t **nodep) {
 #endif
 
 	LOCKNUM(node) = 0;
-	REFS(node) = 0;
 	WILD(node) = 0;
 	DIRTY(node) = 0;
+	dns_rbtnode_refinit(node, 0);
 	node->find_callback = 0;
 
 	MAKE_BLACK(node);
@@ -2021,6 +2037,8 @@ dns_rbt_deletetree(dns_rbt_t *rbt, dns_rbtnode_t *node) {
 
 	if (DATA(node) != NULL && rbt->data_deleter != NULL)
 		rbt->data_deleter(DATA(node), rbt->deleter_arg);
+	if (DATA(node) != NULL && rbt->data_deleter2 != NULL)
+		rbt->data_deleter2(node, rbt->deleter_arg);
 
 	unhash_node(rbt, node);
 #if DNS_RBT_USEMAGIC
@@ -2061,6 +2079,8 @@ dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum,
 
 	if (DATA(node) != NULL && rbt->data_deleter != NULL)
 		rbt->data_deleter(DATA(node), rbt->deleter_arg);
+	if (DATA(node) != NULL && rbt->data_deleter2 != NULL)
+		rbt->data_deleter2(node, rbt->deleter_arg);
 
 	unhash_node(rbt, node);
 #if DNS_RBT_USEMAGIC
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 3a96203c9e..ef477d715f 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.206 2005/04/27 04:56:49 sra Exp $ */
+/* $Id: rbtdb.c,v 1.207 2005/06/04 05:32:46 jinmei Exp $ */
 
 /*! \file */
 
@@ -102,6 +102,86 @@ typedef isc_uint32_t			rbtdb_rdatatype_t;
 #define RBTDB_RDATATYPE_NCACHEANY \
 		RBTDB_RDATATYPE_VALUE(0, dns_rdatatype_any)
 
+/*
+ * We use rwlock for DB lock only when DNS_RBTDB_USERWLOCK is non 0.
+ * Using rwlock is effective with regard to lookup performance only when
+ * it is implemented in an efficient way and the server receives a massive
+ * number of queries for non-existent names (which cause calls to getsoanode()
+ * below).
+ * Otherwise, it is generally wise to stick to the simple locking since rwlock
+ * would require more memory or can even make lookups slower due to its own
+ * overhead (when it internally calls mutex locks).
+ * By default, DNS_RBTDB_USERWLOCK is 0.  It is only set to 1 when
+ * both DNS_RBTDB_ALLOWUSERWLOCK and ISC_RWLOCK_USEATOMIC is defined at
+ * compilation time (the latter is automatically defined when available).
+ */
+#ifndef DNS_RBTDB_USERWLOCK
+#if defined(ISC_RWLOCK_USEATOMIC) && defined(DNS_RBTDB_ALLOWUSERWLOCK)
+#define DNS_RBTDB_USERWLOCK 1
+#else
+#define DNS_RBTDB_USERWLOCK 0
+#endif
+#endif /* DNS_RBTDB_USERWLOCK */
+
+#if DNS_RBTDB_USERWLOCK
+#define RBTDB_INITLOCK(l)	isc_rwlock_init((l), 0, 0)
+#define RBTDB_DESTROYLOCK(l)	isc_rwlock_destroy(l)
+#define RBTDB_LOCK(l, t)	RWLOCK((l), (t))
+#define RBTDB_UNLOCK(l, t)	RWUNLOCK((l), (t))
+#else
+#define RBTDB_INITLOCK(l)	isc_mutex_init(l)
+#define RBTDB_DESTROYLOCK(l)	DESTROYLOCK(l)
+#define RBTDB_LOCK(l, t)	LOCK(l)
+#define RBTDB_UNLOCK(l, t)	UNLOCK(l)
+#endif
+
+/*
+ * Since node locking is sensitive to both performance and memory footprint,
+ * we need some trick here.  If we have both high-performance rwlock and
+ * high performance and small-memory reference counters, we use rwlock for
+ * node lock and isc_refcount for node references.  In this case, we don't have
+ * to protect the access to the counters by locks.
+ * Otherwise, we simply use ordinary mutex lock for node locking, and use
+ * simple integers as reference counters which is protected by the lock.
+ * In most cases, we can simply use wrapper macros such as NODE_LOCK and
+ * NODE_UNLOCK.  In some other cases, however, we need to protect reference
+ * counters first and then protect other parts of a node as read-only data.
+ * Special additional macros, NODE_STRONGLOCK(), NODE_WEAKLOCK(), etc, are also
+ * provided for these special cases.  When we can use the efficient backend
+ * routines, we should only protect the "other members" by NODE_WEAKLOCK(read).
+ * Otherwise, we should use NODE_STRONGLOCK() to protect the entire critical
+ * section including the access to the reference counter.
+ * Note that we cannot use NODE_LOCK()/NODE_UNLOCK() wherever the protected
+ * section is also protected by NODE_STRONGLOCK().
+ */
+#if defined(ISC_RWLOCK_USEATOMIC) && defined(DNS_RBT_USEISCREFCOUNT)
+typedef isc_rwlock_t nodelock_t;
+
+#define NODE_INITLOCK(l)	isc_rwlock_init((l), 0, 0)
+#define NODE_DESTROYLOCK(l)	isc_rwlock_destroy(l)
+#define NODE_LOCK(l, t)		RWLOCK((l), (t))
+#define NODE_UNLOCK(l, t)	RWUNLOCK((l), (t))
+#define NODE_TRYUPGRADE(l)	isc_rwlock_tryupgrade(l)
+
+#define NODE_STRONGLOCK(l)
+#define NODE_STRONGUNLOCK(l)
+#define NODE_WEAKLOCK(l, t)	NODE_LOCK(l, t)
+#define NODE_WEAKUNLOCK(l, t)	NODE_UNLOCK(l, t)
+#else
+typedef isc_mutex_t nodelock_t;
+
+#define NODE_INITLOCK(l)	isc_mutex_init(l)
+#define NODE_DESTROYLOCK(l)	DESTROYLOCK(l)
+#define NODE_LOCK(l, t)		LOCK(l)
+#define NODE_UNLOCK(l, t)	UNLOCK(l)
+#define NODE_TRYUPGRADE(l)	ISC_R_SUCCESS
+
+#define NODE_STRONGLOCK(l)	LOCK(l)
+#define NODE_STRONGUNLOCK(l)	UNLOCK(l)
+#define NODE_WEAKLOCK(l, t)
+#define NODE_WEAKUNLOCK(l, t)
+#endif
+
 struct noqname {
 	dns_name_t name;
 	void *	   nsec;
@@ -195,9 +275,10 @@ struct acachectl {
 #define DEFAULT_NODE_LOCK_COUNT		7		/*%< Should be prime. */
 
 typedef struct {
-	isc_mutex_t			lock;
+	nodelock_t			lock;
+	/* Protected in the refcount routines. */
+	isc_refcount_t			references;
 	/* Locked by lock. */
-	unsigned int			references;
 	isc_boolean_t			exiting;
 } rbtdb_nodelock_t;
 
@@ -212,9 +293,14 @@ typedef ISC_LIST(rbtdb_changed_t)	rbtdb_changedlist_t;
 typedef struct rbtdb_version {
 	/* Not locked */
 	rbtdb_serial_t			serial;
+	/*
+	 * Protected in the refcount routines.
+	 * XXXJT: should we change the lock policy based on the refcount
+	 * performance?
+	 */
+	isc_refcount_t			references;
 	/* Locked by database lock. */
 	isc_boolean_t			writer;
-	unsigned int			references;
 	isc_boolean_t			commit_ok;
 	rbtdb_changedlist_t		changed_list;
 	ISC_LINK(struct rbtdb_version)	link;
@@ -225,7 +311,11 @@ typedef ISC_LIST(rbtdb_version_t)	rbtdb_versionlist_t;
 typedef struct {
 	/* Unlocked. */
 	dns_db_t			common;
+#if DNS_RBTDB_USERWLOCK
+	isc_rwlock_t			lock;
+#else
 	isc_mutex_t			lock;
+#endif
 	isc_rwlock_t			tree_lock;
 	unsigned int			node_lock_count;
 	rbtdb_nodelock_t *	       	node_locks;
@@ -247,6 +337,9 @@ typedef struct {
 	/* Locked by tree_lock. */
 	dns_rbt_t *			tree;
 	isc_boolean_t			secure;
+
+	/* Unlocked */
+	isc_mem_t **			nodemctxs;
 } dns_rbtdb_t;
 
 #define RBTDB_ATTR_LOADED		0x01
@@ -456,12 +549,20 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
 	isc_result_t result;
 	char buf[DNS_NAME_FORMATSIZE];
 
-	REQUIRE(EMPTY(rbtdb->open_versions));
+	REQUIRE(rbtdb->current_version != NULL || EMPTY(rbtdb->open_versions));
 	REQUIRE(rbtdb->future_version == NULL);
 
-	if (rbtdb->current_version != NULL)
+	if (rbtdb->current_version != NULL) {
+		unsigned int refs;
+
+		isc_refcount_decrement(&rbtdb->current_version->references,
+				       &refs);
+		INSIST(refs == 0);
+		UNLINK(rbtdb->open_versions, rbtdb->current_version, link);
+		isc_refcount_destroy(&rbtdb->current_version->references);
 		isc_mem_put(rbtdb->common.mctx, rbtdb->current_version,
 			    sizeof(rbtdb_version_t));
+	}
  again:
 	if (rbtdb->tree != NULL) {
 		result = dns_rbt_destroy2(&rbtdb->tree,
@@ -496,15 +597,23 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
 	}
 	if (dns_name_dynamic(&rbtdb->common.origin))
 		dns_name_free(&rbtdb->common.origin, rbtdb->common.mctx);
-	for (i = 0; i < rbtdb->node_lock_count; i++)
-		DESTROYLOCK(&rbtdb->node_locks[i].lock);
+	for (i = 0; i < rbtdb->node_lock_count; i++) {
+		isc_refcount_destroy(&rbtdb->node_locks[i].references);
+		NODE_DESTROYLOCK(&rbtdb->node_locks[i].lock);
+
+		if (rbtdb->nodemctxs != NULL)
+			isc_mem_detach(&rbtdb->nodemctxs[i]);
+	}
+	if (rbtdb->nodemctxs != NULL)
+		isc_mem_put(rbtdb->common.mctx, rbtdb->nodemctxs,
+			    sizeof(isc_mem_t *) * rbtdb->node_lock_count);
 	isc_mem_put(rbtdb->common.mctx, rbtdb->node_locks,
 		    rbtdb->node_lock_count * sizeof(rbtdb_nodelock_t));
 	isc_rwlock_destroy(&rbtdb->tree_lock);
 	isc_refcount_destroy(&rbtdb->references);
 	if (rbtdb->task != NULL)
 		isc_task_detach(&rbtdb->task);
-	DESTROYLOCK(&rbtdb->lock);
+	RBTDB_DESTROYLOCK(&rbtdb->lock);
 	rbtdb->common.magic = 0;
 	rbtdb->common.impmagic = 0;
 	ondest = rbtdb->common.ondest;
@@ -530,19 +639,21 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) {
 	 * may be nodes in use.
 	 */
 	for (i = 0; i < rbtdb->node_lock_count; i++) {
-		LOCK(&rbtdb->node_locks[i].lock);
+		NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
 		rbtdb->node_locks[i].exiting = ISC_TRUE;
-		if (rbtdb->node_locks[i].references == 0)
+		NODE_UNLOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
+		if (isc_refcount_current(&rbtdb->node_locks[i].references)
+		    == 0) {
 			inactive++;
-		UNLOCK(&rbtdb->node_locks[i].lock);
+		}
 	}
 
 	if (inactive != 0) {
-		LOCK(&rbtdb->lock);
+		RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 		rbtdb->active -= inactive;
 		if (rbtdb->active == 0)
 			want_free = ISC_TRUE;
-		UNLOCK(&rbtdb->lock);
+		RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 		if (want_free) {
 			char buf[DNS_NAME_FORMATSIZE];
 			if (dns_name_dynamic(&rbtdb->common.origin))
@@ -577,15 +688,17 @@ static void
 currentversion(dns_db_t *db, dns_dbversion_t **versionp) {
 	dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
 	rbtdb_version_t *version;
+	unsigned int refs;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	LOCK(&rbtdb->lock);
 	version = rbtdb->current_version;
-	if (version->references == 0)
+	isc_refcount_increment(&version->references, &refs);
+	if (refs == 1) {
+		RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 		PREPEND(rbtdb->open_versions, version, link);
-	version->references++;
-	UNLOCK(&rbtdb->lock);
+		RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
+	}
 
 	*versionp = (dns_dbversion_t *)version;
 }
@@ -600,7 +713,7 @@ allocate_version(isc_mem_t *mctx, rbtdb_serial_t serial,
 	if (version == NULL)
 		return (NULL);
 	version->serial = serial;
-	version->references = references;
+	isc_refcount_init(&version->references, references);
 	version->writer = writer;
 	version->commit_ok = ISC_FALSE;
 	ISC_LIST_INIT(version->changed_list);
@@ -618,7 +731,7 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) {
 	REQUIRE(versionp != NULL && *versionp == NULL);
 	REQUIRE(rbtdb->future_version == NULL);
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 	RUNTIME_CHECK(rbtdb->next_serial != 0);		/* XXX Error? */
 	version = allocate_version(rbtdb->common.mctx, rbtdb->next_serial, 1,
 				   ISC_TRUE);
@@ -627,7 +740,7 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) {
 		rbtdb->next_serial++;
 		rbtdb->future_version = version;
 	}
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	if (version == NULL)
 		return (ISC_R_NOMEMORY);
@@ -643,16 +756,12 @@ attachversion(dns_db_t *db, dns_dbversion_t *source,
 {
 	dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
 	rbtdb_version_t *rbtversion = source;
+	unsigned int refs;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	LOCK(&rbtdb->lock);
-
-	INSIST(rbtversion->references > 0);
-	rbtversion->references++;
-	INSIST(rbtversion->references != 0);
-
-	UNLOCK(&rbtdb->lock);
+	isc_refcount_increment(&rbtversion->references, &refs);
+	INSIST(refs > 1);
 
 	*targetp = rbtversion;
 }
@@ -662,28 +771,29 @@ add_changed(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
 	    dns_rbtnode_t *node)
 {
 	rbtdb_changed_t *changed;
+	unsigned int refs;
 
 	/*
-	 * Caller must be holding the node lock.
+	 * Caller must be holding the node lock if its reference must be
+	 * protected by the lock.
 	 */
 
 	changed = isc_mem_get(rbtdb->common.mctx, sizeof(*changed));
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	REQUIRE(version->writer);
 
 	if (changed != NULL) {
-		INSIST(node->references > 0);
-		node->references++;
-		INSIST(node->references != 0);
+		dns_rbtnode_refincrement0(node, &refs);
+		INSIST(refs > 0);
 		changed->node = node;
 		changed->dirty = ISC_FALSE;
 		ISC_LIST_INITANDAPPEND(version->changed_list, changed, link);
 	} else
 		version->commit_ok = ISC_FALSE;
 
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	return (changed);
 }
@@ -785,11 +895,13 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
 static inline void
 clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
 	rdatasetheader_t *current, *dcurrent, *top_prev, *top_next, *down_next;
-	isc_mem_t *mctx = rbtdb->common.mctx;
+	isc_mem_t *mctx;
 
 	/*
 	 * Caller must be holding the node lock.
 	 */
+	REQUIRE(rbtdb->nodemctxs != NULL);
+	mctx = rbtdb->nodemctxs[node->locknum];
 
 	top_prev = NULL;
 	for (current = node->data; current != NULL; current = top_next) {
@@ -945,16 +1057,29 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 		node->dirty = 0;
 }
 
+/*
+ * Caller must be holding the node lock if its reference must be protected
+ * by the lock.
+ */
 static inline void
 new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
-	if (node->references == 0) {
-		rbtdb->node_locks[node->locknum].references++;
-		INSIST(rbtdb->node_locks[node->locknum].references != 0);
+	unsigned int lockrefs, noderefs;
+	isc_refcount_t *lockref;
+
+	dns_rbtnode_refincrement0(node, &noderefs);
+	if (noderefs == 1) {	/* this is the first reference to the node */
+		lockref = &rbtdb->node_locks[node->locknum].references;
+		isc_refcount_increment0(lockref, &lockrefs);
+		INSIST(lockrefs != 0);
 	}
-	node->references++;
-	INSIST(node->references != 0);
+	INSIST(noderefs != 0);
 }
 
+
+/*
+ * Caller must be holding the node lock if its reference must be protected
+ * by the lock.
+ */
 static void
 no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 	      rbtdb_serial_t least_serial, isc_rwlocktype_t lock)
@@ -962,13 +1087,30 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 	isc_result_t result;
 	isc_boolean_t write_locked;
 	unsigned int locknum;
+	unsigned int refs;
 
 	/*
-	 * Caller must be holding the node lock.
+	 * We cannot request the node reference be 0 at the moment, since
+	 * the reference counter can atomically be modified without a lock.
+	 * It should still be safe unless we actually try to delete the node,
+	 * at which point the operation is properly protected by locking.
 	 */
 
-	REQUIRE(node->references == 0);
+	locknum = node->locknum;
 
+	NODE_WEAKLOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_read);
+	if (!node->dirty && (node->data != NULL || node->down != NULL)) {
+		/* easy and typical case first, in an efficient way. */
+		isc_refcount_decrement(&rbtdb->node_locks[locknum].references,
+				       &refs);
+		INSIST((int)refs >= 0);
+		NODE_WEAKUNLOCK(&rbtdb->node_locks[locknum].lock,
+				isc_rwlocktype_read);
+		return;
+	}
+	NODE_WEAKUNLOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_read);
+
+	NODE_WEAKLOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_write);
 	if (node->dirty) {
 		if (IS_CACHE(rbtdb))
 			clean_cache_node(rbtdb, node);
@@ -978,24 +1120,26 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 				 * Caller doesn't know the least serial.
 				 * Get it.
 				 */
-				LOCK(&rbtdb->lock);
+				RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
 				least_serial = rbtdb->least_serial;
-				UNLOCK(&rbtdb->lock);
+				RBTDB_UNLOCK(&rbtdb->lock,
+					     isc_rwlocktype_read);
 			}
 			clean_zone_node(rbtdb, node, least_serial);
 		}
 	}
 
-	locknum = node->locknum;
-
-	INSIST(rbtdb->node_locks[locknum].references > 0);
-	rbtdb->node_locks[locknum].references--;
+	isc_refcount_decrement(&rbtdb->node_locks[locknum].references, &refs);
+	INSIST((int)refs >= 0);
 
 	/*
 	 * XXXDCL should this only be done for cache zones?
 	 */
-	if (node->data != NULL || node->down != NULL)
+	if (node->data != NULL || node->down != NULL) {
+		NODE_WEAKUNLOCK(&rbtdb->node_locks[locknum].lock,
+				isc_rwlocktype_write);
 		return;
+	}
 
 	/*
 	 * XXXDCL need to add a deferred delete method for ISC_R_LOCKBUSY.
@@ -1019,6 +1163,15 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 		write_locked = ISC_TRUE;
 
 	if (write_locked) {
+		/*
+		 * We are now ready for deleting the node.  The node and tree
+		 * locks must ensure there be no other users.  (Note that
+		 * dns_rbt_findnode() could find the node to be deleted while
+		 * we are in this function.  However, the tree lock would
+		 * prevent us from entering this section in that case.)
+		 */
+		INSIST(dns_rbtnode_refcurrent(node) == 0);
+
 		if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(1))) {
 			char printname[DNS_NAME_FORMATSIZE];
 
@@ -1038,6 +1191,9 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 				      isc_result_totext(result));
 	}
 
+	NODE_WEAKUNLOCK(&rbtdb->node_locks[locknum].lock,
+			isc_rwlocktype_write);
+
 	/*
 	 * Relock a read lock, or unlock the write lock if no lock was held.
 	 */
@@ -1103,7 +1259,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
 	rbtdb_changed_t *changed, *next_changed;
 	rbtdb_serial_t serial, least_serial;
 	dns_rbtnode_t *rbtnode;
-	isc_mutex_t *lock;
+	unsigned int refs;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 	version = (rbtdb_version_t *)*versionp;
@@ -1111,113 +1267,146 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
 	cleanup_version = NULL;
 	ISC_LIST_INIT(cleanup_list);
 
-	LOCK(&rbtdb->lock);
-	INSIST(version->references > 0);
-	INSIST(!version->writer || !(commit && version->references > 1));
-	version->references--;
+	isc_refcount_decrement(&version->references, &refs);
+	if (refs > 0) {		/* typical and easy case first */
+		if (commit) {
+			RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
+			INSIST(!version->writer);
+			RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read);
+		}
+		goto end;
+	}
+
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 	serial = version->serial;
-	if (version->references == 0) {
-		if (version->writer) {
-			if (commit) {
-				INSIST(version->commit_ok);
-				INSIST(version == rbtdb->future_version);
-				if (EMPTY(rbtdb->open_versions)) {
-					/*
-					 * We're going to become the least open
-					 * version.
-					 */
-					make_least_version(rbtdb, version,
-							   &cleanup_list);
-				} else {
-					/*
-					 * Some other open version is the
-					 * least version.  We can't cleanup
-					 * records that were changed in this
-					 * version because the older versions
-					 * may still be in use by an open
-					 * version.
-					 *
-					 * We can, however, discard the
-					 * changed records for things that
-					 * we've added that didn't exist in
-					 * prior versions.
-					 */
-					cleanup_nondirty(version,
-							 &cleanup_list);
-				}
+	if (version->writer) {
+		if (commit) {
+			unsigned cur_ref;
+			rbtdb_version_t *cur_version;
+
+			INSIST(version->commit_ok);
+			INSIST(version == rbtdb->future_version);
+			/*
+			 * The current version is going to be replaced.
+			 * Release the (likely last) reference to it from the
+			 * DB itself and unlink it from the open list.
+			 */
+			cur_version = rbtdb->current_version;
+			isc_refcount_decrement(&cur_version->references,
+					       &cur_ref);
+			if (cur_ref == 0) {
+				if (cur_version->serial == rbtdb->least_serial)
+					INSIST(EMPTY(cur_version->changed_list));
+				UNLINK(rbtdb->open_versions,
+				       cur_version, link);
+			}
+			if (EMPTY(rbtdb->open_versions)) {
 				/*
-				 * If the (soon to be former) current version
-				 * isn't being used by anyone, we can clean
-				 * it up.
+				 * We're going to become the least open
+				 * version.
 				 */
-				if (rbtdb->current_version->references == 0) {
-					cleanup_version =
-						rbtdb->current_version;
-					APPENDLIST(version->changed_list,
-						 cleanup_version->changed_list,
-						   link);
-				}
-				/*
-				 * Become the current version.
-				 */
-				version->writer = ISC_FALSE;
-				rbtdb->current_version = version;
-				rbtdb->current_serial = version->serial;
-				rbtdb->future_version = NULL;
+				make_least_version(rbtdb, version,
+						   &cleanup_list);
 			} else {
 				/*
-				 * We're rolling back this transaction.
+				 * Some other open version is the
+				 * least version.  We can't cleanup
+				 * records that were changed in this
+				 * version because the older versions
+				 * may still be in use by an open
+				 * version.
+				 *
+				 * We can, however, discard the
+				 * changed records for things that
+				 * we've added that didn't exist in
+				 * prior versions.
 				 */
-				cleanup_list = version->changed_list;
-				ISC_LIST_INIT(version->changed_list);
-				rollback = ISC_TRUE;
-				cleanup_version = version;
-				rbtdb->future_version = NULL;
+				cleanup_nondirty(version, &cleanup_list);
 			}
+			/*
+			 * If the (soon to be former) current version
+			 * isn't being used by anyone, we can clean
+			 * it up.
+			 */
+			if (cur_ref == 0) {
+				cleanup_version = cur_version;
+				APPENDLIST(version->changed_list,
+					   cleanup_version->changed_list,
+					   link);
+			}
+			/*
+			 * Become the current version.
+			 */
+			version->writer = ISC_FALSE;
+			rbtdb->current_version = version;
+			rbtdb->current_serial = version->serial;
+			rbtdb->future_version = NULL;
+
+			/*
+			 * Keep the current version in the open list, and
+			 * gain a reference for the DB itself (see the DB
+			 * creation function below).  This must be the only
+			 * case where we need to increment the counter from
+			 * zero and need to use isc_refcount_increment0().
+			 */
+			isc_refcount_increment0(&version->references,
+						&cur_ref);
+			INSIST(cur_ref == 1);
+			PREPEND(rbtdb->open_versions,
+				rbtdb->current_version, link);
 		} else {
-			if (version != rbtdb->current_version) {
-				/*
-				 * There are no external or internal references
-				 * to this version and it can be cleaned up.
-				 */
-				cleanup_version = version;
-
-				/*
-				 * Find the version with the least serial
-				 * number greater than ours.
-				 */
-				least_greater = PREV(version, link);
-				if (least_greater == NULL)
-					least_greater = rbtdb->current_version;
-
-				INSIST(version->serial < least_greater->serial);
-				/*
-				 * Is this the least open version?
-				 */
-				if (version->serial == rbtdb->least_serial) {
-					/*
-					 * Yes.  Install the new least open
-					 * version.
-					 */
-					make_least_version(rbtdb,
-							   least_greater,
-							   &cleanup_list);
-				} else {
-					/*
-					 * Add any unexecuted cleanups to
-					 * those of the least greater version.
-					 */
-					APPENDLIST(least_greater->changed_list,
-						   version->changed_list,
-						   link);
-				}
-			} else if (version->serial == rbtdb->least_serial)
-				INSIST(EMPTY(version->changed_list));
-			UNLINK(rbtdb->open_versions, version, link);
+			/*
+			 * We're rolling back this transaction.
+			 */
+			cleanup_list = version->changed_list;
+			ISC_LIST_INIT(version->changed_list);
+			rollback = ISC_TRUE;
+			cleanup_version = version;
+			rbtdb->future_version = NULL;
 		}
+	} else {
+		if (version != rbtdb->current_version) {
+			/*
+			 * There are no external or internal references
+			 * to this version and it can be cleaned up.
+			 */
+			cleanup_version = version;
+
+			/*
+			 * Find the version with the least serial
+			 * number greater than ours.
+			 */
+			least_greater = PREV(version, link);
+			if (least_greater == NULL)
+				least_greater = rbtdb->current_version;
+
+			INSIST(version->serial < least_greater->serial);
+			/*
+			 * Is this the least open version?
+			 */
+			if (version->serial == rbtdb->least_serial) {
+				/*
+				 * Yes.  Install the new least open
+				 * version.
+				 */
+				make_least_version(rbtdb,
+						   least_greater,
+						   &cleanup_list);
+			} else {
+				/*
+				 * Add any unexecuted cleanups to
+				 * those of the least greater version.
+				 */
+				APPENDLIST(least_greater->changed_list,
+					   version->changed_list,
+					   link);
+			}
+		} else if (version->serial == rbtdb->least_serial)
+			INSIST(EMPTY(version->changed_list));
+		UNLINK(rbtdb->open_versions, version, link);
 	}
 	least_serial = rbtdb->least_serial;
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	if (cleanup_version != NULL) {
 		INSIST(EMPTY(cleanup_version->changed_list));
@@ -1229,28 +1418,35 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
 		for (changed = HEAD(cleanup_list);
 		     changed != NULL;
 		     changed = next_changed) {
+			nodelock_t *lock;
+			unsigned int refs;
+
 			next_changed = NEXT(changed, link);
 			rbtnode = changed->node;
 			lock = &rbtdb->node_locks[rbtnode->locknum].lock;
 
-			LOCK(lock);
+			NODE_STRONGLOCK(lock);
 
-			INSIST(rbtnode->references > 0);
-			rbtnode->references--;
+			dns_rbtnode_refdecrement(rbtnode, &refs);
+			INSIST((int)refs >= 0);
+
+			NODE_WEAKLOCK(lock, isc_rwlocktype_write);
 			if (rollback)
 				rollback_node(rbtnode, serial);
+			NODE_WEAKUNLOCK(lock, isc_rwlocktype_write);
 
-			if (rbtnode->references == 0)
+			if (refs == 0)
 				no_references(rbtdb, rbtnode, least_serial,
 					      isc_rwlocktype_none);
 
-			UNLOCK(lock);
+			NODE_STRONGUNLOCK(lock);
 
 			isc_mem_put(rbtdb->common.mctx, changed,
 				    sizeof(*changed));
 		}
 	}
 
+  end:
 	*versionp = NULL;
 }
 
@@ -1323,7 +1519,6 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 	dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
 	dns_rbtnode_t *node = NULL;
 	dns_name_t nodename;
-	unsigned int locknum;
 	isc_result_t result;
 	isc_rwlocktype_t locktype = isc_rwlocktype_read;
 
@@ -1370,10 +1565,7 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 			return (result);
 		}
 	}
-	locknum = node->locknum;
-	LOCK(&rbtdb->node_locks[locknum].lock);
 	new_reference(rbtdb, node);
-	UNLOCK(&rbtdb->node_locks[locknum].lock);
 	RWUNLOCK(&rbtdb->tree_lock, locktype);
 
 	*nodep = (dns_dbnode_t *)node;
@@ -1402,7 +1594,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 	result = DNS_R_CONTINUE;
 	onode = search->rbtdb->origin_node;
 
-	LOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+	NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+		  isc_rwlocktype_read);
 
 	/*
 	 * Look for an NS or DNAME rdataset active in our version.
@@ -1513,7 +1706,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 			search->wild = ISC_TRUE;
 	}
 
-	UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+	NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+		    isc_rwlocktype_read);
 
 	return (result);
 }
@@ -1526,7 +1720,11 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 	unsigned char *raw;
 
 	/*
-	 * Caller must be holding the node lock.
+	 * Caller must be holding the node reader lock.
+	 * XXXJT: technically, we need a writer lock, since we'll increment
+	 * the header count below.  However, since the actual counter value
+	 * doesn't matter, we prioritize performance here.  (We may want to
+	 * use atomic increment when available).
 	 */
 
 	if (rdataset == NULL)
@@ -1606,14 +1804,16 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep,
 		search->need_cleanup = ISC_FALSE;
 	}
 	if (rdataset != NULL) {
-		LOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+			  isc_rwlocktype_read);
 		bind_rdataset(search->rbtdb, node, search->zonecut_rdataset,
 			      search->now, rdataset);
 		if (sigrdataset != NULL && search->zonecut_sigrdataset != NULL)
 			bind_rdataset(search->rbtdb, node,
 				      search->zonecut_sigrdataset,
 				      search->now, sigrdataset);
-		UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+			    isc_rwlocktype_read);
 	}
 
 	if (type == dns_rdatatype_dname)
@@ -1708,7 +1908,8 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain,
 						  origin, &node);
 		if (result != ISC_R_SUCCESS)
 			break;
-		LOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock),
+			  isc_rwlocktype_read);
 		for (header = node->data;
 		     header != NULL;
 		     header = header->next) {
@@ -1716,7 +1917,8 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain,
 			    !IGNORE(header) && EXISTS(header))
 				break;
 		}
-		UNLOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock),
+			    isc_rwlocktype_read);
 		if (header != NULL)
 			break;
 		result = dns_rbtnodechain_next(chain, NULL, NULL);
@@ -1773,7 +1975,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) {
 						  origin, &node);
 		if (result != ISC_R_SUCCESS)
 			break;
-		LOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock),
+			  isc_rwlocktype_read);
 		for (header = node->data;
 		     header != NULL;
 		     header = header->next) {
@@ -1781,7 +1984,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) {
 			    !IGNORE(header) && EXISTS(header))
 				break;
 		}
-		UNLOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock),
+			    isc_rwlocktype_read);
 		if (header != NULL)
 			break;
 		result = dns_rbtnodechain_prev(&chain, NULL, NULL);
@@ -1798,7 +2002,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) {
 						  origin, &node);
 		if (result != ISC_R_SUCCESS)
 			break;
-		LOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock),
+			  isc_rwlocktype_read);
 		for (header = node->data;
 		     header != NULL;
 		     header = header->next) {
@@ -1806,7 +2011,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) {
 			    !IGNORE(header) && EXISTS(header))
 				break;
 		}
-		UNLOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock),
+			    isc_rwlocktype_read);
 		if (header != NULL)
 			break;
 		result = dns_rbtnodechain_next(&chain, NULL, NULL);
@@ -1874,7 +2080,8 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep,
 	done = ISC_FALSE;
 	node = *nodep;
 	do {
-		LOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock),
+			  isc_rwlocktype_read);
 
 		/*
 		 * First we try to figure out if this node is active in
@@ -1899,7 +2106,8 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep,
 		else
 			wild = ISC_FALSE;
 
-		UNLOCK(&(rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock),
+			    isc_rwlocktype_read);
 
 		if (wild) {
 			/*
@@ -1932,33 +2140,38 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep,
 						  DNS_RBTFIND_EMPTYDATA,
 						  NULL, NULL);
 			if (result == ISC_R_SUCCESS) {
-			    /*
-			     * We have found the wildcard node.  If it
-			     * is active in the search's version, we're
-			     * done.
-			     */
-			    LOCK(&(rbtdb->node_locks[wnode->locknum].lock));
-			    for (header = wnode->data;
-				 header != NULL;
-				 header = header->next) {
-				    if (header->serial <= search->serial &&
-					!IGNORE(header) && EXISTS(header))
-					    break;
-			    }
-			    UNLOCK(&(rbtdb->node_locks[wnode->locknum].lock));
-			    if (header != NULL ||
-				activeempty(search, &wchain, wname)) {
-				    if (activeemtpynode(search, qname, wname))
+				nodelock_t *lock;
+
+				/*
+				 * We have found the wildcard node.  If it
+				 * is active in the search's version, we're
+				 * done.
+				 */
+				lock = &rbtdb->node_locks[wnode->locknum].lock;
+				NODE_LOCK(lock, isc_rwlocktype_read);
+				for (header = wnode->data;
+				     header != NULL;
+				     header = header->next) {
+					if (header->serial <= search->serial &&
+					    !IGNORE(header) && EXISTS(header))
+						break;
+				}
+				NODE_UNLOCK(lock, isc_rwlocktype_read);
+				if (header != NULL ||
+				    activeempty(search, &wchain, wname)) {
+					if (activeemtpynode(search, qname,
+							    wname)) {
 						return (ISC_R_NOTFOUND);
-				    /*
-				     * The wildcard node is active!
-				     *
-				     * Note: result is still ISC_R_SUCCESS
-				     * so we don't have to set it.
-				     */
-				    *nodep = wnode;
-				    break;
-			    }
+					}
+					/*
+					 * The wildcard node is active!
+					 *
+					 * Note: result is still ISC_R_SUCCESS
+					 * so we don't have to set it.
+					 */
+					*nodep = wnode;
+					break;
+				}
 			} else if (result != ISC_R_NOTFOUND &&
 				   result != DNS_R_PARTIALMATCH) {
 				/*
@@ -2010,7 +2223,8 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 						  origin, &node);
 		if (result != ISC_R_SUCCESS)
 			return (result);
-		LOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+			  isc_rwlocktype_read);
 		found = NULL;
 		foundsig = NULL;
 		empty_node = ISC_TRUE;
@@ -2110,7 +2324,8 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 			result = dns_rbtnodechain_prev(&search->chain, NULL,
 						       NULL);
 		}
-		UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+			    isc_rwlocktype_read);
 	} while (empty_node && result == ISC_R_SUCCESS);
 
 	/*
@@ -2139,12 +2354,12 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	isc_boolean_t at_zonecut = ISC_FALSE;
 	isc_boolean_t wild;
 	isc_boolean_t empty_node;
-	isc_mutex_t *lock;
 	rdatasetheader_t *header, *header_next, *found, *nsecheader;
 	rdatasetheader_t *foundsig, *cnamesig, *nsecsig;
 	rbtdb_rdatatype_t sigtype;
 	isc_boolean_t active;
 	dns_rbtnodechain_t chain;
+	nodelock_t *lock;
 
 
 	search.rbtdb = (dns_rbtdb_t *)db;
@@ -2279,7 +2494,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	 * We now go looking for rdata...
 	 */
 
-	LOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+	NODE_LOCK(&(search.rbtdb->node_locks[node->locknum].lock),
+		  isc_rwlocktype_read);
 
 	found = NULL;
 	foundsig = NULL;
@@ -2421,7 +2637,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 		 * we really have a partial match.
 		 */
 		if (!wild) {
-			UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+			lock = &search.rbtdb->node_locks[node->locknum].lock;
+			NODE_UNLOCK(lock, isc_rwlocktype_read);
 			goto partial_match;
 		}
 	}
@@ -2431,16 +2648,17 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	 */
 	if (found == NULL) {
 		if (search.zonecut != NULL) {
-		    /*
-		     * We were trying to find glue at a node beneath a
-		     * zone cut, but didn't.
-		     *
-		     * Return the delegation.
-		     */
-		    UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
-		    result = setup_delegation(&search, nodep, foundname,
-					      rdataset, sigrdataset);
-		    goto tree_exit;
+			/*
+			 * We were trying to find glue at a node beneath a
+			 * zone cut, but didn't.
+			 *
+			 * Return the delegation.
+			 */
+			lock = &search.rbtdb->node_locks[node->locknum].lock;
+			NODE_UNLOCK(lock, isc_rwlocktype_read);
+			result = setup_delegation(&search, nodep, foundname,
+						  rdataset, sigrdataset);
+			goto tree_exit;
 		}
 		/*
 		 * The desired type doesn't exist.
@@ -2456,11 +2674,12 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 				result = DNS_R_BADDB;
 				goto node_exit;
 			}
-			
-			UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+
+			lock = &search.rbtdb->node_locks[node->locknum].lock;
+			NODE_UNLOCK(lock, isc_rwlocktype_read);
 			result = find_closest_nsec(&search, nodep, foundname,
-						  rdataset, sigrdataset,
-						  search.rbtdb->secure);
+						   rdataset, sigrdataset,
+						   search.rbtdb->secure);
 			if (result == ISC_R_SUCCESS)
 				result = DNS_R_EMPTYWILD;
 			goto tree_exit;
@@ -2532,9 +2751,10 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 		if (result == DNS_R_GLUE &&
 		    (search.options & DNS_DBFIND_VALIDATEGLUE) != 0 &&
 		    !valid_glue(&search, foundname, type, node)) {
-		    UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
-		    result = setup_delegation(&search, nodep, foundname,
-					      rdataset, sigrdataset);
+			lock = &search.rbtdb->node_locks[node->locknum].lock;
+			NODE_UNLOCK(lock, isc_rwlocktype_read);
+			result = setup_delegation(&search, nodep, foundname,
+						  rdataset, sigrdataset);
 		    goto tree_exit;
 		}
 	} else {
@@ -2563,7 +2783,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 		foundname->attributes |= DNS_NAMEATTR_WILDCARD;
 
  node_exit:
-	UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+	NODE_UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock),
+		    isc_rwlocktype_read);
 
  tree_exit:
 	RWUNLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read);
@@ -2573,17 +2794,20 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	 * let go of it.
 	 */
 	if (search.need_cleanup) {
+		unsigned int refs;
+
 		node = search.zonecut;
 		lock = &(search.rbtdb->node_locks[node->locknum].lock);
 
-		LOCK(lock);
-		INSIST(node->references > 0);
-		node->references--;
-		if (node->references == 0)
+		NODE_STRONGLOCK(lock);
+
+		dns_rbtnode_refdecrement(node, &refs);
+		INSIST((int)refs >= 0);
+		if (refs == 0)
 			no_references(search.rbtdb, node, 0,
 				      isc_rwlocktype_none);
 
-		UNLOCK(lock);
+		NODE_STRONGUNLOCK(lock);
 	}
 
 	if (close_version)
@@ -2620,6 +2844,8 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 	rdatasetheader_t *header, *header_prev, *header_next;
 	rdatasetheader_t *dname_header, *sigdname_header;
 	isc_result_t result;
+	nodelock_t *lock;
+	isc_rwlocktype_t locktype;
 
 	/* XXX comment */
 
@@ -2630,7 +2856,9 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 	 */
 	UNUSED(name);
 
-	LOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+	lock = &(search->rbtdb->node_locks[node->locknum].lock);
+	locktype = isc_rwlocktype_read; 
+	NODE_LOCK(lock, locktype);
 
 	/*
 	 * Look for a DNAME or RRSIG DNAME rdataset.
@@ -2648,21 +2876,41 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 			 * the node as dirty, so it will get cleaned
 			 * up later.
 			 */
-			if (node->references == 0) {
-				INSIST(header->down == NULL);
-				if (header_prev != NULL)
-					header_prev->next =
-						header->next;
-				else
-					node->data = header->next;
-				free_rdataset(search->rbtdb->common.mctx,
-					      header);
-			} else {
-				header->attributes |=
-					RDATASET_ATTR_STALE;
-				node->dirty = 1;
+			if (locktype == isc_rwlocktype_write ||
+			    NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS) {
+				/*
+				 * We update the node's status only when we
+				 * can get write access; otherwise, we leave
+				 * others to this work.  Periodical cleaning
+				 * will eventually take the job as the last
+				 * resort.
+				 * We won't downgrade the lock, since other
+				 * rdatasets are probably stale, too. 
+				 */
+				locktype = isc_rwlocktype_write;
+
+				if (dns_rbtnode_refcurrent(node) == 0) {
+					isc_mem_t *mctx;
+
+					INSIST(header->down == NULL);
+					if (header_prev != NULL)
+						header_prev->next =
+							header->next;
+					else
+						node->data = header->next;
+					INSIST(search->rbtdb->nodemctxs
+					       != NULL);
+					mctx = search->rbtdb->nodemctxs[node->locknum];
+					free_rdataset(mctx,
+						      header);
+				} else {
+					header->attributes |=
+						RDATASET_ATTR_STALE;
+					node->dirty = 1;
+					header_prev = header;
+				}
+			} else
 				header_prev = header;
-			}
 		} else if (header->type == dns_rdatatype_dname &&
 			   EXISTS(header)) {
 			dname_header = header;
@@ -2691,7 +2939,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 	} else
 		result = DNS_R_CONTINUE;
 
-	UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+	NODE_UNLOCK(lock, locktype);
 
 	return (result);
 }
@@ -2709,6 +2957,8 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 	dns_name_t name;
 	dns_rbtdb_t *rbtdb;
 	isc_boolean_t done;
+	nodelock_t *lock;
+	isc_rwlocktype_t locktype;
 
 	/*
 	 * Caller must be holding the tree lock.
@@ -2717,8 +2967,10 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 	rbtdb = search->rbtdb;
 	i = search->chain.level_matches;
 	done = ISC_FALSE;
+	lock = &rbtdb->node_locks[node->locknum].lock;
 	do {
-		LOCK(&(rbtdb->node_locks[node->locknum].lock));
+		locktype = isc_rwlocktype_read;
+		NODE_LOCK(lock, locktype);
 
 		/*
 		 * Look for NS and RRSIG NS rdatasets.
@@ -2738,21 +2990,41 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 				 * the node as dirty, so it will get cleaned
 				 * up later.
 				 */
-				if (node->references == 0) {
-					INSIST(header->down == NULL);
-					if (header_prev != NULL)
-						header_prev->next =
-							header->next;
-					else
-						node->data = header->next;
-					free_rdataset(rbtdb->common.mctx,
-						      header);
-				} else {
-					header->attributes |=
-						RDATASET_ATTR_STALE;
-					node->dirty = 1;
+				if (locktype == isc_rwlocktype_write ||
+				    NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS) {
+					/*
+					 * We update the node's status only
+					 * when we can get write access.
+					 */
+					locktype = isc_rwlocktype_write;
+
+					if (dns_rbtnode_refcurrent(node)
+					    == 0) {
+						isc_mem_t *mctx;
+
+						INSIST(header->down == NULL);
+						if (header_prev != NULL)
+							header_prev->next =
+								header->next;
+						else
+							node->data =
+								header->next;
+
+						if (search->rbtdb->nodemctxs !=
+						    NULL)
+							mctx = search->rbtdb->nodemctxs[node->locknum];
+						else
+							mctx = search->rbtdb->common.mctx;
+						free_rdataset(mctx,
+							      header);
+					} else {
+						header->attributes |=
+							RDATASET_ATTR_STALE;
+						node->dirty = 1;
+						header_prev = header;
+					}
+				} else
 					header_prev = header;
-				}
 			} else if (EXISTS(header)) {
 				/*
 				 * We've found an extant rdataset.  See if
@@ -2816,7 +3088,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 		}
 
 	node_exit:
-		UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(lock, locktype);
 
 		if (found == NULL && i > 0) {
 			i--;
@@ -2842,6 +3114,8 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 	dns_fixedname_t fname, forigin;
 	dns_name_t *name, *origin;
 	rbtdb_rdatatype_t matchtype, sigmatchtype, nsectype;
+	nodelock_t *lock;
+	isc_rwlocktype_t locktype;
 
 	matchtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_nsec, 0);
 	nsectype = RBTDB_RDATATYPE_VALUE(0, dns_rdatatype_nsec);
@@ -2858,7 +3132,9 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 						  origin, &node);
 		if (result != ISC_R_SUCCESS)
 			return (result);
-		LOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		locktype = isc_rwlocktype_read;
+		lock = &(search->rbtdb->node_locks[node->locknum].lock);
+		NODE_LOCK(lock, locktype);
 		found = NULL;
 		foundsig = NULL;
 		empty_node = ISC_TRUE;
@@ -2875,21 +3151,39 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 				 * node as dirty, so it will get cleaned up 
 				 * later.
 				 */
-				if (node->references == 0) {
-					INSIST(header->down == NULL);
-					if (header_prev != NULL)
-						header_prev->next =
-							header->next;
-					else
-						node->data = header->next;
-					free_rdataset(search->rbtdb->common.mctx,
-						      header);
-				} else {
-					header->attributes |=
-						 RDATASET_ATTR_STALE;
-					node->dirty = 1;
+				if (locktype == isc_rwlocktype_write ||
+				    NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS) {
+					/*
+					 * We update the node's status only
+					 * when we can get write access.
+					 */
+					locktype = isc_rwlocktype_write;
+
+					if (dns_rbtnode_refcurrent(node)
+					    == 0) {
+						isc_mem_t *mctx;
+
+						INSIST(header->down == NULL);
+						if (header_prev != NULL)
+							header_prev->next =
+								header->next;
+						else
+							node->data = header->next;
+						if (search->rbtdb->nodemctxs !=
+						    NULL)
+							mctx = search->rbtdb->nodemctxs[node->locknum];
+						else
+							mctx = search->rbtdb->common.mctx;
+						free_rdataset(mctx,
+							      header);
+					} else {
+						header->attributes |=
+							RDATASET_ATTR_STALE;
+						node->dirty = 1;
+						header_prev = header;
+					}
+				} else
 					header_prev = header;
-				}
 				continue;
 			}
 			if (NONEXISTENT(header) || NXDOMAIN(header)) {
@@ -2922,7 +3216,7 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 			result = dns_rbtnodechain_prev(&search->chain, NULL,
 						       NULL);
  unlock_node:
-		UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(lock, locktype);
 	} while (empty_node && result == ISC_R_SUCCESS);
 	return (result);
 }
@@ -2938,7 +3232,8 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	rbtdb_search_t search;
 	isc_boolean_t cname_ok = ISC_TRUE;
 	isc_boolean_t empty_node;
-	isc_mutex_t *lock;
+	nodelock_t *lock;
+	isc_rwlocktype_t locktype;
 	rdatasetheader_t *header, *header_prev, *header_next;
 	rdatasetheader_t *found, *nsheader;
 	rdatasetheader_t *foundsig, *nssig, *cnamesig;
@@ -3012,7 +3307,9 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	 * We now go looking for rdata...
 	 */
 
-	LOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+	lock = &(search.rbtdb->node_locks[node->locknum].lock);
+	locktype = isc_rwlocktype_read;
+	NODE_LOCK(lock, locktype);
 
 	found = NULL;
 	foundsig = NULL;
@@ -3032,19 +3329,35 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 			 * mark it as stale, and the node as dirty, so it will
 			 * get cleaned up later.
 			 */
-			if (node->references == 0) {
-				INSIST(header->down == NULL);
-				if (header_prev != NULL)
-					header_prev->next = header->next;
-				else
-					node->data = header->next;
-				free_rdataset(search.rbtdb->common.mctx,
-					      header);
-			} else {
-				header->attributes |= RDATASET_ATTR_STALE;
-				node->dirty = 1;
+			if (locktype == isc_rwlocktype_write ||
+			    NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS) {
+				/*
+				 * We update the node's status only when we
+				 * can get write access.
+				 */
+				locktype = isc_rwlocktype_write;
+
+				if (dns_rbtnode_refcurrent(node) == 0) {
+					isc_mem_t *mctx;
+
+					INSIST(header->down == NULL);
+					if (header_prev != NULL)
+						header_prev->next =
+							header->next;
+					else
+						node->data = header->next;
+					INSIST(search.rbtdb->nodemctxs != NULL);
+					mctx = search.rbtdb->nodemctxs[node->locknum];
+					free_rdataset(mctx,
+						      header);
+				} else {
+					header->attributes |=
+						RDATASET_ATTR_STALE;
+					node->dirty = 1;
+					header_prev = header;
+				}
+			} else
 				header_prev = header;
-			}
 		} else if (EXISTS(header)) {
 			/*
 			 * We now know that there is at least one active
@@ -3124,7 +3437,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 		 * extant rdatasets.  That means that this node doesn't
 		 * meaningfully exist, and that we really have a partial match.
 		 */
-		UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(lock, locktype);
 		goto find_ns;
 	}
 
@@ -3157,7 +3470,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 		/*
 		 * Go find the deepest zone cut.
 		 */
-		UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(lock, locktype);
 		goto find_ns;
 	}
 
@@ -3204,7 +3517,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	}
 
  node_exit:
-	UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+	NODE_UNLOCK(lock, locktype);
 
  tree_exit:
 	RWUNLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read);
@@ -3214,16 +3527,21 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 	 * let go of it.
 	 */
 	if (search.need_cleanup) {
+		unsigned int refs;
+
 		node = search.zonecut;
 		lock = &(search.rbtdb->node_locks[node->locknum].lock);
 
-		LOCK(lock);
-		INSIST(node->references > 0);
-		node->references--;
-		if (node->references == 0)
+		NODE_STRONGLOCK(lock);
+
+		dns_rbtnode_refdecrement(node, &refs);
+		INSIST((int)refs >= 0);
+
+		if (refs == 0)
 			no_references(search.rbtdb, node, 0,
 				      isc_rwlocktype_none);
-		UNLOCK(lock);
+
+		NODE_STRONGUNLOCK(lock);
 	}
 
 	dns_rbtnodechain_reset(&search.chain);
@@ -3238,11 +3556,13 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
 		  dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
 {
 	dns_rbtnode_t *node = NULL;
+	nodelock_t *lock;
 	isc_result_t result;
 	rbtdb_search_t search;
 	rdatasetheader_t *header, *header_prev, *header_next;
 	rdatasetheader_t *found, *foundsig;
 	unsigned int rbtoptions = DNS_RBTFIND_EMPTYDATA;
+	isc_rwlocktype_t locktype;
 
 	search.rbtdb = (dns_rbtdb_t *)db;
 
@@ -3285,7 +3605,9 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
 	 * We now go looking for an NS rdataset at the node.
 	 */
 
-	LOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+	lock = &(search.rbtdb->node_locks[node->locknum].lock);
+	locktype = isc_rwlocktype_read;
+	NODE_LOCK(lock, locktype);
 
 	found = NULL;
 	foundsig = NULL;
@@ -3299,19 +3621,35 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
 			 * mark it as stale, and the node as dirty, so it will
 			 * get cleaned up later.
 			 */
-			if (node->references == 0) {
-				INSIST(header->down == NULL);
-				if (header_prev != NULL)
-					header_prev->next = header->next;
-				else
-					node->data = header->next;
-				free_rdataset(search.rbtdb->common.mctx,
-					      header);
-			} else {
-				header->attributes |= RDATASET_ATTR_STALE;
-				node->dirty = 1;
+			if (locktype == isc_rwlocktype_write ||
+			    NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS) {
+				/*
+				 * We update the node's status only when we
+				 * can get write access.
+				 */
+				locktype = isc_rwlocktype_write;
+
+				if (dns_rbtnode_refcurrent(node) == 0) {
+					isc_mem_t *mctx;
+					
+					INSIST(header->down == NULL);
+					if (header_prev != NULL)
+						header_prev->next =
+							header->next;
+					else
+						node->data = header->next;
+					INSIST(search.rbtdb->nodemctxs != NULL);
+					mctx = search.rbtdb->nodemctxs[node->locknum];
+					free_rdataset(mctx,
+						      header);
+				} else {
+					header->attributes |=
+						RDATASET_ATTR_STALE;
+					node->dirty = 1;
+					header_prev = header;
+				}
+			} else
 				header_prev = header;
-			}
 		} else if (EXISTS(header)) {
 			/*
 			 * If we found a type we were looking for, remember
@@ -3340,7 +3678,7 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
 		/*
 		 * No NS records here.
 		 */
-		UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+		NODE_UNLOCK(lock, locktype);
 		goto find_ns;
 	}
 
@@ -3354,7 +3692,7 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
 		bind_rdataset(search.rbtdb, node, foundsig, search.now,
 			      sigrdataset);
 
-	UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
+	NODE_UNLOCK(lock, locktype);
 
  tree_exit:
 	RWUNLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read);
@@ -3373,15 +3711,15 @@ static void
 attachnode(dns_db_t *db, dns_dbnode_t *source, dns_dbnode_t **targetp) {
 	dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
 	dns_rbtnode_t *node = (dns_rbtnode_t *)source;
+	unsigned int refs;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(targetp != NULL && *targetp == NULL);
 
-	LOCK(&rbtdb->node_locks[node->locknum].lock);
-	INSIST(node->references > 0);
-	node->references++;
-	INSIST(node->references != 0);			/* Catch overflow. */
-	UNLOCK(&rbtdb->node_locks[node->locknum].lock);
+	NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock);
+	dns_rbtnode_refincrement0(node, &refs);
+	INSIST(refs > 1);
+	NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock);
 
 	*targetp = source;
 }
@@ -3393,6 +3731,7 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) {
 	isc_boolean_t want_free = ISC_FALSE;
 	isc_boolean_t inactive = ISC_FALSE;
 	unsigned int locknum;
+	unsigned int refs;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(targetp != NULL && *targetp != NULL);
@@ -3400,27 +3739,31 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) {
 	node = (dns_rbtnode_t *)(*targetp);
 	locknum = node->locknum;
 
-	LOCK(&rbtdb->node_locks[locknum].lock);
+	NODE_STRONGLOCK(&rbtdb->node_locks[locknum].lock);
 
-	INSIST(node->references > 0);
-	node->references--;
-	if (node->references == 0) {
+	dns_rbtnode_refdecrement(node, &refs);
+	INSIST((int)refs >= 0);
+	if (refs == 0) {
 		no_references(rbtdb, node, 0, isc_rwlocktype_none);
-		if (rbtdb->node_locks[locknum].references == 0 &&
+		NODE_WEAKLOCK(&rbtdb->node_locks[locknum].lock,
+			      isc_rwlocktype_read);
+		if (isc_refcount_current(&rbtdb->node_locks[locknum].references) == 0 &&
 		    rbtdb->node_locks[locknum].exiting)
 			inactive = ISC_TRUE;
+		NODE_WEAKUNLOCK(&rbtdb->node_locks[locknum].lock,
+				isc_rwlocktype_read);
 	}
 
-	UNLOCK(&rbtdb->node_locks[locknum].lock);
+	NODE_STRONGUNLOCK(&rbtdb->node_locks[locknum].lock);
 
 	*targetp = NULL;
 
 	if (inactive) {
-		LOCK(&rbtdb->lock);
+		RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 		rbtdb->active--;
 		if (rbtdb->active == 0)
 			want_free = ISC_TRUE;
-		UNLOCK(&rbtdb->lock);
+		RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 		if (want_free) {
 			char buf[DNS_NAME_FORMATSIZE];
 			if (dns_name_dynamic(&rbtdb->common.origin))
@@ -3484,14 +3827,19 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
 							   sizeof(printname)));
 	}
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	/*
+	 * We may not need write access, but this code path is not performance
+	 * sensitive, so it should be okay to always lock as a writer.
+	 */
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_write);
 
 	for (header = rbtnode->data; header != NULL; header = header->next)
 		if (header->ttl <= now) {
 			/*
-			 * We don't check if rbtnode->references == 0 and try
+			 * We don't check if refcurrent(rbtnode) == 0 and try
 			 * to free like we do in cache_find(), because
-			 * rbtnode->references must be non-zero.  This is so
+			 * refcurrent(rbtnode) must be non-zero.  This is so
 			 * because 'node' is an argument to the function.
 			 */
 			header->attributes |= RDATASET_ATTR_STALE;
@@ -3515,7 +3863,8 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
 			isc_log_write(dns_lctx, category, module, level,
 				      "overmem cache: saved %s", printname);
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_write);
 
 	return (ISC_R_SUCCESS);
 }
@@ -3537,10 +3886,12 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) {
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_read);
 
 	fprintf(out, "node %p, %u references, locknum = %u\n",
-		rbtnode, rbtnode->references, rbtnode->locknum);
+		rbtnode, dns_rbtnode_refcurrent(rbtnode),
+		rbtnode->locknum);
 	if (rbtnode->data != NULL) {
 		rdatasetheader_t *current, *top_next;
 
@@ -3566,7 +3917,8 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) {
 	} else
 		fprintf(out, "(empty)\n");
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_read);
 }
 
 static isc_result_t
@@ -3627,7 +3979,8 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	serial = rbtversion->serial;
 	now = 0;
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_read);
 
 	found = NULL;
 	foundsig = NULL;
@@ -3675,7 +4028,8 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 				      sigrdataset);
 	}
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_read);
 
 	if (close_version)
 		closeversion(db, (dns_dbversion_t **) (void *)(&rbtversion),
@@ -3698,6 +4052,8 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	rdatasetheader_t *header, *header_next, *found, *foundsig;
 	rbtdb_rdatatype_t matchtype, sigmatchtype, nsectype;
 	isc_result_t result;
+	nodelock_t *lock;
+	isc_rwlocktype_t locktype;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(type != dns_rdatatype_any);
@@ -3709,7 +4065,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	if (now == 0)
 		isc_stdtime_get(&now);
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	lock = &rbtdb->node_locks[rbtnode->locknum].lock;
+	locktype = isc_rwlocktype_read;
+	NODE_LOCK(lock, locktype);
 
 	found = NULL;
 	foundsig = NULL;
@@ -3723,14 +4081,24 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	for (header = rbtnode->data; header != NULL; header = header_next) {
 		header_next = header->next;
 		if (header->ttl <= now) {
-			/*
-			 * We don't check if rbtnode->references == 0 and try
-			 * to free like we do in cache_find(), because
-			 * rbtnode->references must be non-zero.  This is so
-			 * because 'node' is an argument to the function.
-			 */
-			header->attributes |= RDATASET_ATTR_STALE;
-			rbtnode->dirty = 1;
+			if (locktype == isc_rwlocktype_write ||
+			    NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS) {
+				/*
+				 * We update the node's status only when we
+				 * can get write access.
+				 */
+				locktype = isc_rwlocktype_write;
+				
+				/*
+				 * We don't check if refcurrent(rbtnode) == 0
+				 * and try to free like we do in cache_find(),
+				 * because refcurrent(rbtnode) must be
+				 * non-zero.  This is so because 'node' is an
+				 * argument to the function.
+				 */
+				header->attributes |= RDATASET_ATTR_STALE;
+				rbtnode->dirty = 1;
+			}
 		} else if (EXISTS(header)) {
 			if (header->type == matchtype)
 				found = header;
@@ -3748,7 +4116,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 				      sigrdataset);
 	}
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(lock, locktype);
 
 	if (found == NULL)
 		return (ISC_R_NOTFOUND);
@@ -3774,6 +4142,7 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	dns_rbtnode_t *rbtnode = (dns_rbtnode_t *)node;
 	rbtdb_version_t *rbtversion = version;
 	rbtdb_rdatasetiter_t *iterator;
+	unsigned int refs;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
@@ -3787,11 +4156,11 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 			currentversion(db,
 				 (dns_dbversion_t **) (void *)(&rbtversion));
 		else {
-			LOCK(&rbtdb->lock);
-			INSIST(rbtversion->references > 0);
-			rbtversion->references++;
-			INSIST(rbtversion->references != 0);
-			UNLOCK(&rbtdb->lock);
+			unsigned int refs;
+
+			isc_refcount_increment(&rbtversion->references,
+					       &refs);
+			INSIST(refs > 1);
 		}
 	} else {
 		if (now == 0)
@@ -3806,14 +4175,14 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	iterator->common.version = (dns_dbversion_t *)rbtversion;
 	iterator->common.now = now;
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_STRONGLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+
+	dns_rbtnode_refincrement0(rbtnode, &refs);
+	INSIST(refs > 0);
 
-	INSIST(rbtnode->references > 0);
-	rbtnode->references++;
-	INSIST(rbtnode->references != 0);
 	iterator->current = NULL;
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_STRONGUNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
 
 	*iteratorp = (dns_rdatasetiter_t *)iterator;
 
@@ -3917,6 +4286,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 	isc_boolean_t merge;
 	dns_rdatatype_t nsectype, rdtype, covers;
 	dns_trust_t trust;
+	isc_mem_t *mctx;
 
 	/*
 	 * Add an rdatasetheader_t to a node.
@@ -3937,6 +4307,11 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 	else
 		trust = newheader->trust;
 
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+
 	if (rbtversion != NULL && !loading) {
 		/*
 		 * We always add a changed record, even if no changes end up
@@ -3945,7 +4320,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 		 */
 		changed = add_changed(rbtdb, rbtversion, rbtnode);
 		if (changed == NULL) {
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			return (ISC_R_NOMEMORY);
 		}
 	}
@@ -4002,7 +4377,8 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 					/*
 					 * The NXDOMAIN is more trusted.
 					 */
-					free_rdataset(rbtdb->common.mctx,
+					
+					free_rdataset(mctx,
 						      newheader);
 					if (addedrdataset != NULL)
 						bind_rdataset(rbtdb, rbtnode,
@@ -4049,7 +4425,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 		 * Deleting an already non-existent rdataset has no effect.
 		 */
 		if (header_nx && newheader_nx) {
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			return (DNS_R_UNCHANGED);
 		}
 
@@ -4059,7 +4435,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 		 */
 		if (rbtversion == NULL && trust < header->trust &&
 		    (header->ttl > now || header_nx)) {
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			if (addedrdataset != NULL)
 				bind_rdataset(rbtdb, rbtnode, header, now,
 					      addedrdataset);
@@ -4094,7 +4470,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 					     (unsigned char *)header,
 					     (unsigned char *)newheader,
 					     (unsigned int)(sizeof(*newheader)),
-					     rbtdb->common.mctx,
+					     mctx,
 					     rbtdb->common.rdclass,
 					     (dns_rdatatype_t)header->type,
 					     flags, &merged);
@@ -4107,10 +4483,10 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 				 * alone.  It will get cleaned up when
 				 * clean_zone_node() runs.
 				 */
-				free_rdataset(rbtdb->common.mctx, newheader);
+				free_rdataset(mctx, newheader);
 				newheader = (rdatasetheader_t *)merged;
 			} else {
-				free_rdataset(rbtdb->common.mctx, newheader);
+				free_rdataset(mctx, newheader);
 				return (result);
 			}
 		}
@@ -4141,7 +4517,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 				header->noqname = newheader->noqname;
 				newheader->noqname = NULL;
 			}
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			if (addedrdataset != NULL)
 				bind_rdataset(rbtdb, rbtnode, header, now,
 					      addedrdataset);
@@ -4166,7 +4542,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 				header->noqname = newheader->noqname;
 				newheader->noqname = NULL;
 			}
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			if (addedrdataset != NULL)
 				bind_rdataset(rbtdb, rbtnode, header, now,
 					      addedrdataset);
@@ -4187,7 +4563,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 			 * loading, we MUST clean up 'header' now.
 			 */
 			newheader->down = NULL;
-			free_rdataset(rbtdb->common.mctx, header);
+			free_rdataset(mctx, header);
 		} else {
 			newheader->down = topheader;
 			topheader->next = newheader;
@@ -4205,7 +4581,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 		 * If we're trying to delete the type, don't bother.
 		 */
 		if (newheader_nx) {
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			return (DNS_R_UNCHANGED);
 		}
 
@@ -4331,6 +4707,7 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	rdatasetheader_t *newheader;
 	isc_result_t result;
 	isc_boolean_t delegating;
+	isc_mem_t *mctx;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
@@ -4340,7 +4717,12 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	} else
 		now = 0;
 
-	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,
+	if (rbtdb->nodemctxs != NULL) 
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+
+	result = dns_rdataslab_fromrdataset(rdataset, mctx,
 					    ®ion,
 					    sizeof(rdatasetheader_t));
 	if (result != ISC_R_SUCCESS)
@@ -4366,7 +4748,7 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 		if ((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0) {
 			result = addnoqname(rbtdb, newheader, rdataset);
 			if (result != ISC_R_SUCCESS) {
-				free_rdataset(rbtdb->common.mctx, newheader);
+				free_rdataset(mctx, newheader);
 				return (result);
 			}
 		}
@@ -4384,14 +4766,16 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	} else
 		delegating = ISC_FALSE;
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_write);
 
 	result = add(rbtdb, rbtnode, rbtversion, newheader, options, ISC_FALSE,
 		     addedrdataset, now);
 	if (result == ISC_R_SUCCESS && delegating)
 		rbtnode->find_callback = 1;
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_write);
 
 	if (delegating)
 		RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
@@ -4412,10 +4796,16 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	isc_region_t region;
 	isc_result_t result;
 	rbtdb_changed_t *changed;
+	isc_mem_t *mctx;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+
+	result = dns_rdataslab_fromrdataset(rdataset, mctx,
 					    ®ion,
 					    sizeof(rdatasetheader_t));
 	if (result != ISC_R_SUCCESS)
@@ -4432,12 +4822,14 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	newheader->additional_auth = NULL;
 	newheader->additional_glue = NULL;
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_write);
 
 	changed = add_changed(rbtdb, rbtversion, rbtnode);
 	if (changed == NULL) {
 		free_rdataset(rbtdb->common.mctx, newheader);
-		UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+		NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+			    isc_rwlocktype_write);
 		return (ISC_R_NOMEMORY);
 	}
 
@@ -4471,12 +4863,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 					(unsigned char *)header,
 					(unsigned char *)newheader,
 					(unsigned int)(sizeof(*newheader)),
-					rbtdb->common.mctx,
+					mctx,
 					rbtdb->common.rdclass,
 					(dns_rdatatype_t)header->type,
 					flags, &subresult);
 		if (result == ISC_R_SUCCESS) {
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			newheader = (rdatasetheader_t *)subresult;
 			/*
 			 * We have to set the serial since the rdataslab
@@ -4496,8 +4888,8 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 			 * This subtraction would remove all of the rdata;
 			 * add a nonexistent header instead.
 			 */
-			free_rdataset(rbtdb->common.mctx, newheader);
-			newheader = isc_mem_get(rbtdb->common.mctx,
+			free_rdataset(mctx, newheader);
+			newheader = isc_mem_get(mctx,
 						sizeof(*newheader));
 			if (newheader == NULL) {
 				result = ISC_R_NOMEMORY;
@@ -4513,7 +4905,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 			newheader->additional_auth = NULL;
 			newheader->additional_glue = NULL;
 		} else {
-			free_rdataset(rbtdb->common.mctx, newheader);
+			free_rdataset(mctx, newheader);
 			goto unlock;
 		}
 
@@ -4536,7 +4928,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 		 * The rdataset doesn't exist, so we don't need to do anything
 		 * to satisfy the deletion request.
 		 */
-		free_rdataset(rbtdb->common.mctx, newheader);
+		free_rdataset(mctx, newheader);
 		if ((options & DNS_DBSUB_EXACT) != 0)
 			result = DNS_R_NOTEXACT;
 		else
@@ -4547,7 +4939,8 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 		bind_rdataset(rbtdb, rbtnode, newheader, 0, newrdataset);
 
  unlock:
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_write);
 
 	return (result);
 }
@@ -4561,6 +4954,7 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	rbtdb_version_t *rbtversion = version;
 	isc_result_t result;
 	rdatasetheader_t *newheader;
+	isc_mem_t *mctx;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
@@ -4569,7 +4963,12 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	if (type == dns_rdatatype_rrsig && covers == 0)
 		return (ISC_R_NOTIMPLEMENTED);
 
-	newheader = isc_mem_get(rbtdb->common.mctx, sizeof(*newheader));
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+
+	newheader = isc_mem_get(mctx, sizeof(*newheader));
 	if (newheader == NULL)
 		return (ISC_R_NOMEMORY);
 	newheader->ttl = 0;
@@ -4585,12 +4984,14 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 		newheader->serial = 0;
 	newheader->count = 0;
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_write);
 
 	result = add(rbtdb, rbtnode, rbtversion, newheader, DNS_DBADD_FORCE,
 		     ISC_FALSE, NULL, 0);
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_write);
 
 	return (result);
 }
@@ -4603,6 +5004,7 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
 	isc_result_t result;
 	isc_region_t region;
 	rdatasetheader_t *newheader;
+	isc_mem_t *mctx;
 
 	/*
 	 * This routine does no node locking.  See comments in
@@ -4647,7 +5049,11 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
 #endif
 	}
 
-	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[node->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+	result = dns_rdataslab_fromrdataset(rdataset, mctx,
 					    ®ion,
 					    sizeof(rdatasetheader_t));
 	if (result != ISC_R_SUCCESS)
@@ -4694,13 +5100,13 @@ beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp) {
 	else
 		loadctx->now = 0;
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	REQUIRE((rbtdb->attributes & (RBTDB_ATTR_LOADED|RBTDB_ATTR_LOADING))
 		== 0);
 	rbtdb->attributes |= RBTDB_ATTR_LOADING;
 
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	*addp = loading_addrdataset;
 	*dbloadp = loadctx;
@@ -4760,7 +5166,7 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) {
 	loadctx = *dbloadp;
 	REQUIRE(loadctx->rbtdb == rbtdb);
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	REQUIRE((rbtdb->attributes & RBTDB_ATTR_LOADING) != 0);
 	REQUIRE((rbtdb->attributes & RBTDB_ATTR_LOADED) == 0);
@@ -4768,7 +5174,7 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) {
 	rbtdb->attributes &= ~RBTDB_ATTR_LOADING;
 	rbtdb->attributes |= RBTDB_ATTR_LOADED;
 
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	/*
 	 * If there's a KEY rdataset at the zone origin containing a
@@ -4800,11 +5206,17 @@ dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) {
 static void
 delete_callback(void *data, void *arg) {
 	dns_rbtdb_t *rbtdb = arg;
+	dns_rbtnode_t *rbtnode = data;
 	rdatasetheader_t *current, *next;
+	isc_mem_t *mctx;
 
-	for (current = data; current != NULL; current = next) {
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+	for (current = rbtnode->data; current != NULL; current = next) {
 		next = current->next;
-		free_rdataset(rbtdb->common.mctx, current);
+		free_rdataset(mctx, current);
 	}
 }
 
@@ -4848,12 +5260,12 @@ settask(dns_db_t *db, isc_task_t *task) {
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 	if (rbtdb->task != NULL)
 		isc_task_detach(&rbtdb->task);
 	if (task != NULL)
 		isc_task_attach(task, &rbtdb->task);
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 }
 
 static isc_boolean_t
@@ -4870,12 +5282,12 @@ getsoanode(dns_db_t *db, dns_dbnode_t **nodep) {
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(nodep != NULL && *nodep == NULL);
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
 	if (rbtdb->soanode != NULL) {
 		attachnode(db, rbtdb->soanode, nodep);
 	} else
 		result = ISC_R_NOTFOUND;
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read);
 
 	return (result);
 }
@@ -4887,11 +5299,11 @@ setsoanode(dns_db_t *db, dns_dbnode_t *node) {
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(node != NULL);
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 	if (rbtdb->soanode != NULL)
 		detachnode(db, &rbtdb->soanode);
 	attachnode(db, node, &rbtdb->soanode);
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	return (ISC_R_SUCCESS);
 }
@@ -4904,12 +5316,12 @@ getnsnode(dns_db_t *db, dns_dbnode_t **nodep) {
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(nodep != NULL && *nodep == NULL);
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
 	if (rbtdb->nsnode != NULL) {
 		attachnode(db, rbtdb->nsnode, nodep);
 	} else
 		result = ISC_R_NOTFOUND;
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read);
 
 	return (result);
 }
@@ -4921,11 +5333,11 @@ setnsnode(dns_db_t *db, dns_dbnode_t *node) {
 	REQUIRE(VALID_RBTDB(rbtdb));
 	REQUIRE(node != NULL);
 
-	LOCK(&rbtdb->lock);
+	RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write);
 	if (rbtdb->nsnode != NULL)
 		detachnode(db, &rbtdb->nsnode);
 	attachnode(db, node, &rbtdb->nsnode);
-	UNLOCK(&rbtdb->lock);
+	RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 
 	return (ISC_R_SUCCESS);
 }
@@ -5034,19 +5446,20 @@ dns_rbtdb_create
 		rbtdb->common.methods = &zone_methods;
 	rbtdb->common.rdclass = rdclass;
 	rbtdb->common.mctx = NULL;
+	rbtdb->nodemctxs = NULL;
 
-	result = isc_mutex_init(&rbtdb->lock);
+	result = RBTDB_INITLOCK(&rbtdb->lock);
 	if (result != ISC_R_SUCCESS) {
 		isc_mem_put(mctx, rbtdb, sizeof(*rbtdb));
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "isc_mutex_init() failed: %s",
+				 "RBTDB_INITLOCK() failed: %s",
 				 isc_result_totext(result));
 		return (ISC_R_UNEXPECTED);
 	}
 
 	result = isc_rwlock_init(&rbtdb->tree_lock, 0, 0);
 	if (result != ISC_R_SUCCESS) {
-		DESTROYLOCK(&rbtdb->lock);
+		RBTDB_DESTROYLOCK(&rbtdb->lock);
 		isc_mem_put(mctx, rbtdb, sizeof(*rbtdb));
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
 				 "isc_rwlock_init() failed: %s",
@@ -5061,27 +5474,44 @@ dns_rbtdb_create
 	rbtdb->node_locks = isc_mem_get(mctx, rbtdb->node_lock_count *
 					sizeof(rbtdb_nodelock_t));
 	rbtdb->active = rbtdb->node_lock_count;
+
+	if (IS_CACHE(rbtdb)) {
+		rbtdb->nodemctxs = isc_mem_get(mctx,
+					       sizeof(isc_mem_t *) *
+					       rbtdb->node_lock_count);
+		if (rbtdb->nodemctxs == NULL)
+			INSIST(0); /* XXXJT: cleanup */
+		for (i = 0; i < (int)(rbtdb->node_lock_count); i++)
+			rbtdb->nodemctxs[i] = NULL;
+	}
+
 	for (i = 0; i < (int)(rbtdb->node_lock_count); i++) {
-		result = isc_mutex_init(&rbtdb->node_locks[i].lock);
+		result = NODE_INITLOCK(&rbtdb->node_locks[i].lock);
 		if (result != ISC_R_SUCCESS) {
 			i--;
 			while (i >= 0) {
-				DESTROYLOCK(&rbtdb->node_locks[i].lock);
+				NODE_DESTROYLOCK(&rbtdb->node_locks[i].lock);
 				i--;
 			}
 			isc_mem_put(mctx, rbtdb->node_locks,
 				    rbtdb->node_lock_count *
 				    sizeof(rbtdb_nodelock_t));
 			isc_rwlock_destroy(&rbtdb->tree_lock);
-			DESTROYLOCK(&rbtdb->lock);
+			RBTDB_DESTROYLOCK(&rbtdb->lock);
 			isc_mem_put(mctx, rbtdb, sizeof(*rbtdb));
 			UNEXPECTED_ERROR(__FILE__, __LINE__,
 					 "isc_mutex_init() failed: %s",
 					 isc_result_totext(result));
 			return (ISC_R_UNEXPECTED);
 		}
-		rbtdb->node_locks[i].references = 0;
+		isc_refcount_init(&rbtdb->node_locks[i].references, 0);
 		rbtdb->node_locks[i].exiting = ISC_FALSE;
+
+		if (IS_CACHE(rbtdb)) {
+			result = isc_mem_create(0, 0, &rbtdb->nodemctxs[i]);
+			if (result != ISC_R_SUCCESS)
+				INSIST(0); /* XXXJT: cleanup */
+		}
 	}
 
 	/*
@@ -5108,7 +5538,8 @@ dns_rbtdb_create
 	/*
 	 * Make the Red-Black Tree.
 	 */
-	result = dns_rbt_create(mctx, delete_callback, rbtdb, &rbtdb->tree);
+	result = dns_rbt_create2(mctx, NULL, delete_callback, rbtdb,
+				 &rbtdb->tree);
 	if (result != ISC_R_SUCCESS) {
 		free_rbtdb(rbtdb, ISC_FALSE, NULL);
 		return (result);
@@ -5166,13 +5597,18 @@ dns_rbtdb_create
 	rbtdb->current_serial = 1;
 	rbtdb->least_serial = 1;
 	rbtdb->next_serial = 2;
-	rbtdb->current_version = allocate_version(mctx, 1, 0, ISC_FALSE);
+	rbtdb->current_version = allocate_version(mctx, 1, 1, ISC_FALSE);
 	if (rbtdb->current_version == NULL) {
 		free_rbtdb(rbtdb, ISC_FALSE, NULL);
 		return (ISC_R_NOMEMORY);
 	}
 	rbtdb->future_version = NULL;
 	ISC_LIST_INIT(rbtdb->open_versions);
+	/*
+	 * Keep the current version in the open list so that list operation
+	 * won't happen in normal lookup operations.
+	 */
+	PREPEND(rbtdb->open_versions, rbtdb->current_version, link);
 
 	rbtdb->common.magic = DNS_DB_MAGIC;
 	rbtdb->common.impmagic = RBTDB_MAGIC;
@@ -5358,7 +5794,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
 		now = 0;
 	}
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_read);
 
 	for (header = rbtnode->data; header != NULL; header = top_next) {
 		top_next = header->next;
@@ -5385,7 +5822,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
 			break;
 	}
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_read);
 
 	rbtiterator->current = header;
 
@@ -5418,7 +5856,8 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) {
 		now = 0;
 	}
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_read);
 
 	type = header->type;
 	for (header = header->next; header != NULL; header = top_next) {
@@ -5450,7 +5889,8 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) {
 		}
 	}
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_read);
 
 	rbtiterator->current = header;
 
@@ -5470,12 +5910,14 @@ rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) {
 	header = rbtiterator->current;
 	REQUIRE(header != NULL);
 
-	LOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		  isc_rwlocktype_read);
 
 	bind_rdataset(rbtdb, rbtnode, header, rbtiterator->common.now,
 		      rdataset);
 
-	UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock);
+	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+		    isc_rwlocktype_read);
 }
 
 
@@ -5492,26 +5934,26 @@ reference_iter_node(rbtdb_dbiterator_t *rbtdbiter) {
 		return;
 
 	INSIST(rbtdbiter->tree_locked != isc_rwlocktype_none);
-	LOCK(&rbtdb->node_locks[node->locknum].lock);
 	new_reference(rbtdb, node);
-	UNLOCK(&rbtdb->node_locks[node->locknum].lock);
 }
 
 static inline void
 dereference_iter_node(rbtdb_dbiterator_t *rbtdbiter) {
 	dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)rbtdbiter->common.db;
 	dns_rbtnode_t *node = rbtdbiter->node;
-	isc_mutex_t *lock;
+	unsigned int refs;
+	nodelock_t *lock;
 
 	if (node == NULL)
 		return;
 
 	lock = &rbtdb->node_locks[node->locknum].lock;
-	LOCK(lock);
-	INSIST(rbtdbiter->node->references > 0);
-	if (--node->references == 0)
+	NODE_STRONGLOCK(lock);
+	dns_rbtnode_refdecrement(node, &refs);
+	INSIST((int)refs >= 0);
+	if (refs == 0)
 		no_references(rbtdb, node, 0, rbtdbiter->tree_locked);
-	UNLOCK(lock);
+	NODE_STRONGUNLOCK(lock);
 
 	rbtdbiter->node = NULL;
 }
@@ -5521,7 +5963,7 @@ flush_deletions(rbtdb_dbiterator_t *rbtdbiter) {
 	dns_rbtnode_t *node;
 	dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)rbtdbiter->common.db;
 	isc_boolean_t was_read_locked = ISC_FALSE;
-	isc_mutex_t *lock;
+	nodelock_t *lock;
 	int i;
 
 	if (rbtdbiter->delete != 0) {
@@ -5545,16 +5987,18 @@ flush_deletions(rbtdb_dbiterator_t *rbtdbiter) {
 		rbtdbiter->tree_locked = isc_rwlocktype_write;
 
 		for (i = 0; i < rbtdbiter->delete; i++) {
+			unsigned int refs;
+
 			node = rbtdbiter->deletions[i];
 			lock = &rbtdb->node_locks[node->locknum].lock;
 
-			LOCK(lock);
-			INSIST(node->references > 0);
-			node->references--;
-			if (node->references == 0)
+			NODE_STRONGLOCK(lock);
+			dns_rbtnode_refdecrement(node, &refs);
+			INSIST((int)refs >= 0);
+			if (refs == 0)
 				no_references(rbtdb, node, 0,
 					      rbtdbiter->tree_locked);
-			UNLOCK(lock);
+			NODE_STRONGUNLOCK(lock);
 		}
 
 		rbtdbiter->delete = 0;
@@ -5822,9 +6266,7 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep,
 	} else
 		result = ISC_R_SUCCESS;
 
-	LOCK(&rbtdb->node_locks[node->locknum].lock);
 	new_reference(rbtdb, node);
-	UNLOCK(&rbtdb->node_locks[node->locknum].lock);
 
 	*nodep = rbtdbiter->node;
 
@@ -5846,9 +6288,9 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep,
 		 */
 		if (expire_result == ISC_R_SUCCESS && node->down == NULL) {
 			rbtdbiter->deletions[rbtdbiter->delete++] = node;
-			LOCK(&rbtdb->node_locks[node->locknum].lock);
-			node->references++;
-			UNLOCK(&rbtdb->node_locks[node->locknum].lock);
+			NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock);
+			dns_rbtnode_refincrement0(node, NULL);
+			NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock);
 		}
 	}
 
@@ -5908,7 +6350,7 @@ rdataset_getadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 	unsigned int current_count = rdataset->privateuint4;
 	unsigned int count;
 	rdatasetheader_t *header;
-	isc_mutex_t *nodelock;
+	nodelock_t *nodelock;
 	unsigned int total_count;
 	acachectl_t *acarray;
 	dns_acacheentry_t *entry;
@@ -5926,7 +6368,7 @@ rdataset_getadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 	acarray = NULL;
 
 	nodelock = &rbtdb->node_locks[rbtnode->locknum].lock;
-	LOCK(nodelock);
+	NODE_LOCK(nodelock, isc_rwlocktype_read);
 
 	switch (type) {
 	case dns_rdatasetadditional_fromauth:
@@ -5943,19 +6385,19 @@ rdataset_getadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 	}
 
 	if (acarray == NULL) {
-		UNLOCK(nodelock);
+		NODE_UNLOCK(nodelock, isc_rwlocktype_read);
 		return (ISC_R_NOTFOUND);
 	}
 
 	if (acarray[count].entry == NULL) {
-		UNLOCK(nodelock);
+		NODE_UNLOCK(nodelock, isc_rwlocktype_read);
 		return (ISC_R_NOTFOUND);
 	}
 
 	entry = NULL;
 	dns_acache_attachentry(acarray[count].entry, &entry);
 
-	UNLOCK(nodelock);
+	NODE_UNLOCK(nodelock, isc_rwlocktype_read);
 
 	result = dns_acache_getentry(entry, zonep, dbp, versionp,
 				     nodep, fname, msg, now);
@@ -5969,10 +6411,11 @@ static void
 acache_callback(dns_acacheentry_t *entry, void **arg) {
 	dns_rbtdb_t *rbtdb;
 	dns_rbtnode_t *rbtnode;
-	isc_mutex_t *nodelock;
+	nodelock_t *nodelock;
 	acachectl_t *acarray = NULL;
 	acache_cbarg_t *cbarg;
 	unsigned int count;
+	isc_mem_t *mctx;
 
 	REQUIRE(arg != NULL);
 	cbarg = *arg;
@@ -5985,7 +6428,7 @@ acache_callback(dns_acacheentry_t *entry, void **arg) {
 	rbtnode = (dns_rbtnode_t *)cbarg->node;
 
 	nodelock = &rbtdb->node_locks[rbtnode->locknum].lock;
-	LOCK(nodelock);
+	NODE_LOCK(nodelock, isc_rwlocktype_write);
 
 	switch (cbarg->type) {
 	case dns_rdatasetadditional_fromauth:
@@ -6002,13 +6445,17 @@ acache_callback(dns_acacheentry_t *entry, void **arg) {
 	if (acarray[count].entry == entry)
 		acarray[count].entry = NULL;
 	INSIST(acarray[count].cbarg != NULL);
-	isc_mem_put(rbtdb->common.mctx, acarray[count].cbarg,
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+	isc_mem_put(mctx, acarray[count].cbarg,
 		    sizeof(acache_cbarg_t));
 	acarray[count].cbarg = NULL;
 
 	dns_acache_detachentry(&entry);
 
-	UNLOCK(nodelock);
+	NODE_UNLOCK(nodelock, isc_rwlocktype_write);
 
 	dns_db_detachnode((dns_db_t *)rbtdb, (dns_dbnode_t **)(void*)&rbtnode);
 	dns_db_detach((dns_db_t **)(void*)&rbtdb);
@@ -6050,8 +6497,8 @@ rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 	unsigned int current_count = rdataset->privateuint4;
 	rdatasetheader_t *header;
 	unsigned int total_count, count;
-	isc_mutex_t *nodelock;
-	isc_mem_t *mctx = rbtdb->common.mctx;
+	nodelock_t *nodelock;
+	isc_mem_t *mctx;
 	isc_result_t result;
 	acachectl_t *acarray;
 	dns_acacheentry_t *newentry, *oldentry = NULL;
@@ -6068,6 +6515,11 @@ rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 	INSIST(total_count > current_count);
 	count = total_count - current_count - 1; /* should be private data */
 
+	if (rbtdb->nodemctxs != NULL)
+		mctx = rbtdb->nodemctxs[rbtnode->locknum];
+	else
+		mctx = rbtdb->common.mctx;
+
 	newcbarg = isc_mem_get(mctx, sizeof(*newcbarg));
 	if (newcbarg == NULL)
 		return (ISC_R_NOMEMORY);
@@ -6091,7 +6543,7 @@ rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 		goto fail;
 
 	nodelock = &rbtdb->node_locks[rbtnode->locknum].lock;
-	LOCK(nodelock);
+	NODE_LOCK(nodelock, isc_rwlocktype_write);
 
 	acarray = NULL;
 	switch (type) {
@@ -6112,7 +6564,7 @@ rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 				      sizeof(acachectl_t));
 
 		if (acarray == NULL) {
-			UNLOCK(nodelock);
+			NODE_UNLOCK(nodelock, isc_rwlocktype_write);
 			goto fail;
 		}
 
@@ -6144,7 +6596,7 @@ rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type,
 	acarray[count].entry = newentry;
 	acarray[count].cbarg = newcbarg;
 
-	UNLOCK(nodelock);
+	NODE_UNLOCK(nodelock, isc_rwlocktype_write);
 
 	if (oldentry != NULL) {
 		if (oldcbarg != NULL)
@@ -6173,7 +6625,7 @@ rdataset_putadditional(dns_acache_t *acache, dns_rdataset_t *rdataset,
 	unsigned char *raw = rdataset->private3;
 	unsigned int current_count = rdataset->privateuint4;
 	rdatasetheader_t *header;
-	isc_mutex_t *nodelock;
+	nodelock_t *nodelock;
 	unsigned int total_count, count;
 	acachectl_t *acarray;
 	dns_acacheentry_t *entry;
@@ -6195,7 +6647,7 @@ rdataset_putadditional(dns_acache_t *acache, dns_rdataset_t *rdataset,
 	entry = NULL;
 
 	nodelock = &rbtdb->node_locks[rbtnode->locknum].lock;
-	LOCK(nodelock);
+	NODE_LOCK(nodelock, isc_rwlocktype_write);
 
 	switch (type) {
 	case dns_rdatasetadditional_fromauth:
@@ -6209,13 +6661,13 @@ rdataset_putadditional(dns_acache_t *acache, dns_rdataset_t *rdataset,
 	}
 
 	if (acarray == NULL) {
-		UNLOCK(nodelock);
+		NODE_UNLOCK(nodelock, isc_rwlocktype_write);
 		return (ISC_R_NOTFOUND);
 	}
 
 	entry = acarray[count].entry;
 	if (entry == NULL) {
-		UNLOCK(nodelock);
+		NODE_UNLOCK(nodelock, isc_rwlocktype_write);
 		return (ISC_R_NOTFOUND);
 	}
 
@@ -6223,11 +6675,19 @@ rdataset_putadditional(dns_acache_t *acache, dns_rdataset_t *rdataset,
 	cbarg = acarray[count].cbarg;
 	acarray[count].cbarg = NULL;
 
-	UNLOCK(nodelock);
+	NODE_UNLOCK(nodelock, isc_rwlocktype_write);
 
 	if (entry != NULL) {
-		if(cbarg != NULL)
-			acache_cancelentry(rbtdb->common.mctx, entry, &cbarg);
+		if(cbarg != NULL) {
+			isc_mem_t *mctx;
+
+			if (rbtdb->nodemctxs != NULL)
+				mctx = rbtdb->nodemctxs[rbtnode->locknum];
+			else
+				mctx = rbtdb->common.mctx;
+
+			acache_cancelentry(mctx, entry, &cbarg);
+		}
 		dns_acache_detachentry(&entry);
 	}
 
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 38c713c00d..012b67e788 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.307 2005/04/27 04:56:51 sra Exp $ */
+/* $Id: resolver.c,v 1.308 2005/06/04 05:32:47 jinmei Exp $ */
 
 /*! \file */
 
@@ -262,6 +262,7 @@ typedef struct fctxbucket {
 	isc_mutex_t			lock;
 	ISC_LIST(fetchctx_t)		fctxs;
 	isc_boolean_t			exiting;
+	isc_mem_t *			mctx;
 } fctxbucket_t;
 
 typedef struct alternate {
@@ -943,12 +944,13 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 
 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
 
-	query = isc_mem_get(res->mctx, sizeof(*query));
+	query = isc_mem_get(res->buckets[fctx->bucketnum].mctx,
+			    sizeof(*query));
 	if (query == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto stop_idle_timer;
 	}
-	query->mctx = res->mctx;
+	query->mctx = res->buckets[fctx->bucketnum].mctx;
 	query->options = options;
 	query->attributes = 0;
 	query->sends = 0;
@@ -1066,7 +1068,8 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 
  cleanup_query:
 	query->magic = 0;
-	isc_mem_put(res->mctx, query, sizeof(*query));
+	isc_mem_put(res->buckets[fctx->bucketnum].mctx,
+		    query, sizeof(*query));
 
  stop_idle_timer:
 	RUNTIME_CHECK(fctx_stopidletimer(fctx) == ISC_R_SUCCESS);
@@ -1625,7 +1628,8 @@ add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) {
 
 	FCTXTRACE("add_bad");
 
-	sa = isc_mem_get(fctx->res->mctx, sizeof(*sa));
+	sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
+			 sizeof(*sa));
 	if (sa == NULL)
 		return;
 	*sa = *address;
@@ -2374,21 +2378,21 @@ fctx_destroy(fetchctx_t *fctx) {
 	     sa = next_sa) {
 		next_sa = ISC_LIST_NEXT(sa, link);
 		ISC_LIST_UNLINK(fctx->bad, sa, link);
-		isc_mem_put(res->mctx, sa, sizeof(*sa));
+		isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa));
 	}
 
 	isc_timer_detach(&fctx->timer);
 	dns_message_destroy(&fctx->rmessage);
 	dns_message_destroy(&fctx->qmessage);
 	if (dns_name_countlabels(&fctx->domain) > 0)
-		dns_name_free(&fctx->domain, res->mctx);
+		dns_name_free(&fctx->domain, res->buckets[bucketnum].mctx);
 	if (dns_rdataset_isassociated(&fctx->nameservers))
 		dns_rdataset_disassociate(&fctx->nameservers);
-	dns_name_free(&fctx->name, res->mctx);
+	dns_name_free(&fctx->name, res->buckets[bucketnum].mctx);
 	dns_db_detach(&fctx->cache);
 	dns_adb_detach(&fctx->adb);
-	isc_mem_free(res->mctx, fctx->info);
-	isc_mem_put(res->mctx, fctx, sizeof(*fctx));
+	isc_mem_free(res->buckets[bucketnum].mctx, fctx->info);
+	isc_mem_put(res->buckets[bucketnum].mctx, fctx, sizeof(*fctx));
 
 	LOCK(&res->nlock);
 	res->nfctx--;
@@ -2633,8 +2637,8 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action,
 	clone = NULL;
 	isc_task_attach(task, &clone);
 	event = (dns_fetchevent_t *)
-		isc_event_allocate(fctx->res->mctx, clone,
-				   DNS_EVENT_FETCHDONE,
+		isc_event_allocate(fctx->res->buckets[fctx->bucketnum].mctx,
+				   clone, DNS_EVENT_FETCHDONE,
 				   action, arg, sizeof(*event));
 	if (event == NULL) {
 		isc_task_detach(&clone);
@@ -2685,19 +2689,19 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 	 */
 	REQUIRE(fctxp != NULL && *fctxp == NULL);
 
-	fctx = isc_mem_get(res->mctx, sizeof(*fctx));
+	fctx = isc_mem_get(res->buckets[bucketnum].mctx, sizeof(*fctx));
 	if (fctx == NULL)
 		return (ISC_R_NOMEMORY);
 	dns_name_format(name, buf, sizeof(buf));
 	dns_rdatatype_format(type, typebuf, sizeof(typebuf));
 	strcat(buf, "/");	/* checked */
 	strcat(buf, typebuf);	/* checked */
-	fctx->info = isc_mem_strdup(res->mctx, buf);
+	fctx->info = isc_mem_strdup(res->buckets[bucketnum].mctx, buf);
 	if (fctx->info == NULL)
 		goto cleanup_fetch;
 	FCTXTRACE("create");
 	dns_name_init(&fctx->name, NULL);
-	result = dns_name_dup(name, res->mctx, &fctx->name);
+	result = dns_name_dup(name, res->buckets[bucketnum].mctx, &fctx->name);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_info;
 	dns_name_init(&fctx->domain, NULL);
@@ -2772,7 +2776,9 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 						      NULL);
 			if (result != ISC_R_SUCCESS)
 				goto cleanup_name;
-			result = dns_name_dup(domain, res->mctx, &fctx->domain);
+			result = dns_name_dup(domain,
+					      res->buckets[bucketnum].mctx,
+					      &fctx->domain);
 			if (result != ISC_R_SUCCESS) {
 				dns_rdataset_disassociate(&fctx->nameservers);
 				goto cleanup_name;
@@ -2781,12 +2787,16 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 			/*
 			 * We're in forward-only mode.  Set the query domain.
 			 */
-			result = dns_name_dup(domain, res->mctx, &fctx->domain);
+			result = dns_name_dup(domain,
+					      res->buckets[bucketnum].mctx,
+					      &fctx->domain);
 			if (result != ISC_R_SUCCESS)
 				goto cleanup_name;
 		}
 	} else {
-		result = dns_name_dup(domain, res->mctx, &fctx->domain);
+		result = dns_name_dup(domain,
+				      res->buckets[bucketnum].mctx,
+				      &fctx->domain);
 		if (result != ISC_R_SUCCESS)
 			goto cleanup_name;
 		dns_rdataset_clone(nameservers, &fctx->nameservers);
@@ -2795,14 +2805,16 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 	INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain));
 
 	fctx->qmessage = NULL;
-	result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTRENDER,
+	result = dns_message_create(res->buckets[bucketnum].mctx,
+				    DNS_MESSAGE_INTENTRENDER,
 				    &fctx->qmessage);
 
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_domain;
 
 	fctx->rmessage = NULL;
-	result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTPARSE,
+	result = dns_message_create(res->buckets[bucketnum].mctx,
+				    DNS_MESSAGE_INTENTPARSE,
 				    &fctx->rmessage);
 
 	if (result != ISC_R_SUCCESS)
@@ -2875,18 +2887,19 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 
  cleanup_domain:
 	if (dns_name_countlabels(&fctx->domain) > 0)
-		dns_name_free(&fctx->domain, res->mctx);
+		dns_name_free(&fctx->domain, res->buckets[bucketnum].mctx);
 	if (dns_rdataset_isassociated(&fctx->nameservers))
 		dns_rdataset_disassociate(&fctx->nameservers);
 
  cleanup_name:
-	dns_name_free(&fctx->name, res->mctx);
+	dns_name_free(&fctx->name, res->buckets[bucketnum].mctx);
 
  cleanup_info:
-	isc_mem_free(res->mctx, fctx->info);
+	isc_mem_free(res->buckets[bucketnum].mctx, fctx->info);
 
  cleanup_fetch:
-	isc_mem_put(res->mctx, fctx, sizeof(*fctx));
+	isc_mem_putanddetach(&res->buckets[bucketnum].mctx,
+			     fctx, sizeof(*fctx));
 
 	return (result);
 }
@@ -4424,11 +4437,14 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
 		 *	   if so we should bail out.
 		 */
 		INSIST(dns_name_countlabels(&fctx->domain) > 0);
-		dns_name_free(&fctx->domain, fctx->res->mctx);
+		dns_name_free(&fctx->domain,
+			      fctx->res->buckets[fctx->bucketnum].mctx);
 		if (dns_rdataset_isassociated(&fctx->nameservers))
 			dns_rdataset_disassociate(&fctx->nameservers);
 		dns_name_init(&fctx->domain, NULL);
-		result = dns_name_dup(ns_name, fctx->res->mctx, &fctx->domain);
+		result = dns_name_dup(ns_name,
+				      fctx->res->buckets[fctx->bucketnum].mctx,
+				      &fctx->domain);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 		fctx->attributes |= FCTX_ATTR_WANTCACHE;
@@ -4883,9 +4899,11 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
 		if (dns_rdataset_isassociated(&fctx->nameservers))
 			dns_rdataset_disassociate(&fctx->nameservers);
 		dns_rdataset_clone(fevent->rdataset, &fctx->nameservers);
-		dns_name_free(&fctx->domain, fctx->res->mctx);
+		dns_name_free(&fctx->domain,
+			      fctx->res->buckets[bucketnum].mctx);
 		dns_name_init(&fctx->domain, NULL);
-		result = dns_name_dup(&fctx->nsname, fctx->res->mctx,
+		result = dns_name_dup(&fctx->nsname,
+				      fctx->res->buckets[bucketnum].mctx,
 				      &fctx->domain);
 		if (result != ISC_R_SUCCESS) {
 			fctx_done(fctx, DNS_R_SERVFAIL);
@@ -5510,9 +5528,11 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 				fctx_done(fctx, DNS_R_SERVFAIL);
 				return;
 			}
-			dns_name_free(&fctx->domain, fctx->res->mctx);
+			dns_name_free(&fctx->domain,
+				      fctx->res->buckets[fctx->bucketnum].mctx);
 			dns_name_init(&fctx->domain, NULL);
-			result = dns_name_dup(fname, fctx->res->mctx,
+			result = dns_name_dup(fname,
+					      fctx->res->buckets[fctx->bucketnum].mctx,
 					      &fctx->domain);
 			if (result != ISC_R_SUCCESS) {
 				fctx_done(fctx, DNS_R_SERVFAIL);
@@ -5610,6 +5630,7 @@ destroy(dns_resolver_t *res) {
 		isc_task_shutdown(res->buckets[i].task);
 		isc_task_detach(&res->buckets[i].task);
 		DESTROYLOCK(&res->buckets[i].lock);
+		isc_mem_detach(&res->buckets[i].mctx);
 	}
 	isc_mem_put(res->mctx, res->buckets,
 		    res->nbuckets * sizeof(fctxbucket_t));
@@ -5731,6 +5752,9 @@ dns_resolver_create(dns_view_t *view,
 			DESTROYLOCK(&res->buckets[i].lock);
 			goto cleanup_buckets;
 		}
+		res->buckets[i].mctx = NULL;
+		result = isc_mem_create(0, 0, &res->buckets[i].mctx);
+		INSIST(result == ISC_R_SUCCESS); /* XXXJT: need care */
 		snprintf(name, sizeof(name), "res%u", i);
 		isc_task_setname(res->buckets[i].task, name, res);
 		ISC_LIST_INIT(res->buckets[i].fctxs);
@@ -6130,7 +6154,7 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
 	if (fetch == NULL)
 		return (ISC_R_NOMEMORY);
 
-	bucketnum = dns_name_hash(name, ISC_FALSE) % res->nbuckets;
+	bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets;
 
 	LOCK(&res->buckets[bucketnum].lock);
 
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 505eedc1e8..344be62362 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.435 2005/05/24 04:30:10 marka Exp $ */
+/* $Id: zone.c,v 1.436 2005/06/04 05:32:47 jinmei Exp $ */
 
 /*! \file */
 
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -127,6 +128,18 @@ typedef ISC_LIST(dns_io_t) dns_iolist_t;
 #define LOCKED_ZONE(z) ISC_TRUE
 #endif
 
+#ifdef ISC_RWLOCK_USEATOMIC
+#define ZONEDB_INITLOCK(l)	isc_rwlock_init((l), 0, 0)
+#define ZONEDB_DESTROYLOCK(l)	isc_rwlock_destroy(l)
+#define ZONEDB_LOCK(l, t)	RWLOCK((l), (t))
+#define ZONEDB_UNLOCK(l, t)	RWUNLOCK((l), (t))
+#else
+#define ZONEDB_INITLOCK(l)	isc_mutex_init(l)
+#define ZONEDB_DESTROYLOCK(l)	DESTROYLOCK(l)
+#define ZONEDB_LOCK(l, t)	LOCK(l)
+#define ZONEDB_UNLOCK(l, t)	UNLOCK(l)
+#endif
+
 struct dns_zone {
 	/* Unlocked */
 	unsigned int		magic;
@@ -137,8 +150,14 @@ struct dns_zone {
 	isc_mem_t		*mctx;
 	isc_refcount_t		erefs;
 
+#ifdef ISC_RWLOCK_USEATOMIC
+	isc_rwlock_t		dblock;
+#else
+	isc_mutex_t		dblock;
+#endif
+	dns_db_t		*db;		/* Locked by dblock */
+
 	/* Locked */
-	dns_db_t		*db;
 	dns_zonemgr_t		*zmgr;
 	ISC_LINK(dns_zone_t)	link;		/* Used by zmgr. */
 	isc_timer_t		*timer;
@@ -507,21 +526,31 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	if (zone == NULL)
 		return (ISC_R_NOMEMORY);
 
+	zone->mctx = NULL;
+	isc_mem_attach(mctx, &zone->mctx);
+
 	result = isc_mutex_init(&zone->lock);
 	if (result != ISC_R_SUCCESS) {
-		isc_mem_put(mctx, zone, sizeof(*zone));
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
 				 "isc_mutex_init() failed: %s",
 				 isc_result_totext(result));
-		return (ISC_R_UNEXPECTED);
+		result = ISC_R_UNEXPECTED;
+		goto free_zone;
+	}
+
+	result = ZONEDB_INITLOCK(&zone->dblock);
+	if (result != ISC_R_SUCCESS) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "isc_mutex_init() failed: %s",
+				 isc_result_totext(result));
+		result = ISC_R_UNEXPECTED;
+		goto free_mutex;
 	}
 
 	/* XXX MPA check that all elements are initialised */
-	zone->mctx = NULL;
 #ifdef DNS_ZONE_CHECKLOCK
 	zone->locked = ISC_FALSE;
 #endif
-	isc_mem_attach(mctx, &zone->mctx);
 	zone->db = NULL;
 	zone->zmgr = NULL;
 	ISC_LINK_INIT(zone, link);
@@ -605,7 +634,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	/* Must be after magic is set. */
 	result = dns_zone_setdbtype(zone, dbargc_default, dbargv_default);
 	if (result != ISC_R_SUCCESS)
-		goto free_mutex;
+		goto free_dblock;
 
 	ISC_EVENT_INIT(&zone->ctlevent, sizeof(zone->ctlevent), 0, NULL,
 		       DNS_EVENT_ZONECONTROL, zone_shutdown, zone, zone,
@@ -613,8 +642,13 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	*zonep = zone;
 	return (ISC_R_SUCCESS);
 
+ free_dblock:
+	ZONEDB_DESTROYLOCK(&zone->dblock);
+
  free_mutex:
 	DESTROYLOCK(&zone->lock);
+
+ free_zone:
 	isc_mem_putanddetach(&zone->mctx, zone, sizeof(*zone));
 	return (result);
 }
@@ -686,6 +720,7 @@ zone_free(dns_zone_t *zone) {
 		dns_ssutable_detach(&zone->ssutable);
 
 	/* last stuff */
+	ZONEDB_DESTROYLOCK(&zone->dblock);
 	DESTROYLOCK(&zone->lock);
 	isc_refcount_destroy(&zone->erefs);
 	zone->magic = 0;
@@ -857,6 +892,7 @@ dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache) {
 	if (zone->acache != NULL)
 		dns_acache_detach(&zone->acache);
 	dns_acache_attach(acache, &zone->acache);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	if (zone->db != NULL) {
 		isc_result_t result;
 
@@ -873,6 +909,7 @@ dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache) {
 					 isc_result_totext(result));
 		}
 	}
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 	UNLOCK_ZONE(zone);
 }
 
@@ -1212,12 +1249,14 @@ zone_gotwritehandle(isc_task_t *task, isc_event_t *event) {
 		goto fail;
 
 	LOCK_ZONE(zone);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	dns_db_currentversion(zone->db, &version);
 	result = dns_master_dumpinc(zone->mctx, zone->db, version,
 				    &dns_master_style_default,
 				    zone->masterfile, zone->task,
 				    dump_done, zone, &zone->dctx);
 	dns_db_closeversion(zone->db, &version, ISC_FALSE);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 	UNLOCK_ZONE(zone);
 	if (result != DNS_R_CONTINUE)
 		goto fail;
@@ -1863,12 +1902,15 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
 	}
 #endif
 
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
 	if (zone->db != NULL) {
 		result = zone_replacedb(zone, db, ISC_FALSE);
+		ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
 		if (result != ISC_R_SUCCESS)
 			goto cleanup;
 	} else {
 		zone_attachdb(zone, db);
+		ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
 		DNS_ZONE_SETFLAG(zone,
 				 DNS_ZONEFLG_LOADED|DNS_ZONEFLG_NEEDNOTIFY);
 	}
@@ -2565,12 +2607,12 @@ dns_zone_getdb(dns_zone_t *zone, dns_db_t **dpb) {
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
-	LOCK_ZONE(zone);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	if (zone->db == NULL)
 		result = DNS_R_NOTLOADED;
 	else
 		dns_db_attach(zone->db, dpb);
-	UNLOCK_ZONE(zone);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 
 	return (result);
 }
@@ -2950,9 +2992,11 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
 	ENTER;
 
  redo:
-	LOCK_ZONE(zone);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	if (zone->db != NULL)
 		dns_db_attach(zone->db, &db);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+	LOCK_ZONE(zone);
 	if (zone->masterfile != NULL)
 		masterfile = isc_mem_strdup(zone->mctx, zone->masterfile);
 	UNLOCK_ZONE(zone);
@@ -3026,10 +3070,10 @@ dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style) {
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
-	LOCK_ZONE(zone);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	if (zone->db != NULL)
 		dns_db_attach(zone->db, &db);
-	UNLOCK_ZONE(zone);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 	if (db == NULL)
 		return (DNS_R_NOTLOADED);
 
@@ -3088,7 +3132,9 @@ zone_unload(dns_zone_t *zone) {
 
 	REQUIRE(LOCKED_ZONE(zone));
 
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
 	zone_detachdb(zone);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
 	DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADED);
 	DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP);
 }
@@ -3469,6 +3515,7 @@ dns_zone_notify(dns_zone_t *zone) {
 static void
 zone_notify(dns_zone_t *zone, isc_time_t *now) {
 	dns_dbnode_t *node = NULL;
+	dns_db_t *zonedb = NULL;
 	dns_dbversion_t *version = NULL;
 	dns_name_t *origin = NULL;
 	dns_name_t master;
@@ -3486,7 +3533,6 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
 	dns_notifytype_t notifytype;
 	unsigned int flags = 0;
 	isc_boolean_t loggednotify = ISC_FALSE;
-	dns_db_t *db = NULL;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
@@ -3506,13 +3552,6 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
 	    zone->type != dns_zone_master)
 		return;
 
-	LOCK_ZONE(zone);
-	if (zone->db != NULL)
-		dns_db_attach(zone->db, &db);
-	UNLOCK_ZONE(zone);
-	if (db == NULL)
-		return;
-
 	origin = &zone->origin;
 
 	/*
@@ -3525,13 +3564,19 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
 	/*
 	 * Get SOA RRset.
 	 */
-	dns_db_currentversion(db, &version);
-	result = dns_db_findnode(db, origin, ISC_FALSE, &node);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
+	if (zone->db != NULL)
+		dns_db_attach(zone->db, &zonedb);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+	if (zonedb == NULL)
+		return;
+	dns_db_currentversion(zonedb, &version);
+	result = dns_db_findnode(zonedb, origin, ISC_FALSE, &node);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup1;
 
 	dns_rdataset_init(&soardset);
-	result = dns_db_findrdataset(db, node, version, dns_rdatatype_soa,
+	result = dns_db_findrdataset(zonedb, node, version, dns_rdatatype_soa,
 				     dns_rdatatype_none, 0, &soardset, NULL);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup2;
@@ -3588,7 +3633,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
 	 */
 
 	dns_rdataset_init(&nsrdset);
-	result = dns_db_findrdataset(db, node, version, dns_rdatatype_ns,
+	result = dns_db_findrdataset(zonedb, node, version, dns_rdatatype_ns,
 				     dns_rdatatype_none, 0, &nsrdset, NULL);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup3;
@@ -3645,10 +3690,10 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
 	if (dns_name_dynamic(&master))
 		dns_name_free(&master, zone->mctx);
  cleanup2:
-	dns_db_detachnode(db, &node);
+	dns_db_detachnode(zonedb, &node);
  cleanup1:
-	dns_db_closeversion(db, &version, ISC_FALSE);
-	dns_db_detach(&db);
+	dns_db_closeversion(zonedb, &version, ISC_FALSE);
+	dns_db_detach(&zonedb);
 }
 
 /***
@@ -3895,10 +3940,10 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
 	 * Tidy up.
 	 */
 	dns_db_closeversion(stub->db, &stub->version, ISC_TRUE);
-	LOCK_ZONE(zone);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
 	if (zone->db == NULL)
 		zone_attachdb(zone, stub->db);
-	UNLOCK_ZONE(zone);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
 	dns_db_detach(&stub->db);
 
 	if (zone->masterfile != NULL) {
@@ -4637,9 +4682,13 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
 		 * new one and attach it to the zone once we have the NS
 		 * RRset and glue.
 		 */
-		if (zone->db != NULL)
+		ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
+		if (zone->db != NULL) {
 			dns_db_attach(zone->db, &stub->db);
-		else {
+			ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+		} else {
+			ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+
 			INSIST(zone->db_argc >= 1);
 			result = dns_db_create(zone->mctx, zone->db_argv[0],
 					       &zone->origin, dns_dbtype_stub,
@@ -5006,6 +5055,7 @@ static isc_result_t
 notify_createmessage(dns_zone_t *zone, unsigned int flags,
 		     dns_message_t **messagep)
 {
+	dns_db_t *zonedb = NULL;
 	dns_dbnode_t *node = NULL;
 	dns_dbversion_t *version = NULL;
 	dns_message_t *message = NULL;
@@ -5071,15 +5121,20 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags,
 	if (result != ISC_R_SUCCESS)
 		goto soa_cleanup;
 
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
+	INSIST(zone->db != NULL); /* XXXJT: is this assumption correct? */
+	dns_db_attach(zone->db, &zonedb);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+
 	dns_name_init(tempname, NULL);
 	dns_name_clone(&zone->origin, tempname);
-	dns_db_currentversion(zone->db, &version);
-	result = dns_db_findnode(zone->db, tempname, ISC_FALSE, &node);
+	dns_db_currentversion(zonedb, &version);
+	result = dns_db_findnode(zonedb, tempname, ISC_FALSE, &node);
 	if (result != ISC_R_SUCCESS)
 		goto soa_cleanup;
 
 	dns_rdataset_init(&rdataset);
-	result = dns_db_findrdataset(zone->db, node, version,
+	result = dns_db_findrdataset(zonedb, node, version,
 				     dns_rdatatype_soa,
 				     dns_rdatatype_none, 0, &rdataset,
 				     NULL);
@@ -5123,9 +5178,11 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags,
 
  soa_cleanup:
 	if (node != NULL)
-		dns_db_detachnode(zone->db, &node);
+		dns_db_detachnode(zonedb, &node);
 	if (version != NULL)
-		dns_db_closeversion(zone->db, &version, ISC_FALSE);
+		dns_db_closeversion(zonedb, &version, ISC_FALSE);
+	if (zonedb != NULL)
+		dns_db_detach(&zonedb);
 	if (tempname != NULL)
 		dns_message_puttempname(message, &tempname);
 	if (temprdata != NULL)
@@ -5689,8 +5746,10 @@ dns_zone_settask(dns_zone_t *zone, isc_task_t *task) {
 	if (zone->task != NULL)
 		isc_task_detach(&zone->task);
 	isc_task_attach(task, &zone->task);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	if (zone->db != NULL)
 		dns_db_settask(zone->db, zone->task);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 	UNLOCK_ZONE(zone);
 }
 
@@ -5795,7 +5854,9 @@ dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 	LOCK_ZONE(zone);
+	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write);
 	result = zone_replacedb(zone, db, dump);
+	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write);
 	UNLOCK_ZONE(zone);
 	return (result);
 }
@@ -5808,7 +5869,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
 	unsigned int nscount = 0;
 
 	/*
-	 * 'zone' locked by caller.
+	 * 'zone' and 'zonedb' locked by caller.
 	 */
 	REQUIRE(DNS_ZONE_VALID(zone));
 	REQUIRE(LOCKED_ZONE(zone));
@@ -5935,6 +5996,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
 	return (result);
 }
 
+/* The caller must hold the dblock as a writer. */
 static inline void
 zone_attachdb(dns_zone_t *zone, dns_db_t *db) {
 	REQUIRE(zone->db == NULL && db != NULL);
@@ -5951,6 +6013,7 @@ zone_attachdb(dns_zone_t *zone, dns_db_t *db) {
 	}
 }
 
+/* The caller must hold the dblock as a writer. */
 static inline void
 zone_detachdb(dns_zone_t *zone) {
 	REQUIRE(zone->db != NULL);
@@ -5989,8 +6052,11 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
 		/*
 		 * Has the zone expired underneath us?
 		 */
-		if (zone->db == NULL)
+		ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
+		if (zone->db == NULL) {
+			ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 			goto same_master;
+		}
 
 		/*
 		 * Update the zone structure's data from the actual
@@ -6002,6 +6068,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
 		result = zone_get_from_db(zone, zone->db, &nscount,
 					  &soacount, &serial, &refresh,
 					  &retry, &expire, &minimum, NULL);
+		ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 		if (result == ISC_R_SUCCESS) {
 			if (soacount != 1)
 				dns_zone_log(zone, ISC_LOG_ERROR,
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 8c45de6ede..0ed2c9d99b 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.82 2004/07/20 07:13:42 marka Exp $
+# $Id: Makefile.in,v 1.83 2005/06/04 05:32:48 jinmei Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -25,6 +25,7 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	-I${srcdir}/unix/include \
 		-I${srcdir}/@ISC_THREAD_DIR@/include \
+		-I${srcdir}/@ISC_ARCH_DIR@/include \
 		-I./include \
 		-I${srcdir}/include
 CDEFINES =
diff --git a/lib/isc/alpha/include/isc/atomic.h b/lib/isc/alpha/include/isc/atomic.h
new file mode 100644
index 0000000000..83fe91d08b
--- /dev/null
+++ b/lib/isc/alpha/include/isc/atomic.h
@@ -0,0 +1,166 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: atomic.h,v 1.2 2005/06/04 05:32:48 jinmei Exp $ */
+
+/*
+ * This code was written based on FreeBSD's kernel source whose copyright
+ * follows:
+ */
+
+/*-
+ * Copyright (c) 1998 Doug Rabson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/alpha/include/atomic.h,v 1.18.6.1 2004/09/13 21:52:04 wilko Exp $
+ */
+
+#ifndef ISC_ATOMIC_H
+#define ISC_ATOMIC_H 1
+
+#include 
+#include 
+
+#ifdef ISC_PLATFORM_USEOSFASM
+#include 
+
+#pragma intrinsic(asm)
+
+/*
+ * This routine atomically increments the value stored in 'p' by 'val', and
+ * returns the previous value.
+ */
+static inline isc_int32_t 
+isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
+	return (asm("1:"
+		    "ldl_l %t0, 0(%a0);"	/* load old value */
+		    "mov %t0, %v0;"		/* copy the old value */
+		    "addl %t0, %a1, %t0;"	/* calculate new value */
+		    "stl_c %t0, 0(%a0);"	/* attempt to store */
+		    "beq %t0, 1b;",		/* spin if failed */
+		    p, val));
+}
+
+/*
+ * This routine atomically stores the value 'val' in 'p'.
+ */
+static inline void
+isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+	(void)asm("1:"
+		  "ldl_l %t0, 0(%a0);"		/* load old value */
+		  "mov %a1, %t0;"		/* value to store */
+		  "stl_c %t0, 0(%a0);"		/* attempt to store */
+		  "beq %t0, 1b;",		/* spin if failed */
+		  p, val);
+}
+
+/*
+ * This routine atomically replaces the value in 'p' with 'val', if the
+ * original value is equal to 'cmpval'.  The original value is returned in any
+ * case.
+ */
+static inline isc_int32_t
+isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
+
+	return(asm("1:"
+		   "ldl_l %t0, 0(%a0);"		/* load old value */
+		   "mov %t0, %v0;"		/* copy the old value */
+		   "cmpeq %t0, %a1, %t0;"	/* compare */
+		   "beq %t0, 2f;"		/* exit if not equal */
+		   "mov %a2, %t0;"		/* value to store */
+		   "stl_c %t0, 0(%a0);"		/* attempt to store */
+		   "beq %t0, 1b;"		/* if it failed, spin */
+		   "2:",
+		   p, cmpval, val));
+}
+#else  /* ISC_PLATFORM_USEOSFASM */
+static inline isc_int32_t 
+isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
+	isc_int32_t temp, prev;
+
+	__asm__ volatile(
+		"1:"
+		"ldl_l %0, %1;"			/* load old value */
+		"mov %0, %2;"			/* copy the old value */
+		"addl %0, %3, %0;"		/* calculate new value */
+		"stl_c %0, %1;"			/* attempt to store */
+		"beq %0, 1b;"			/* spin if failed */
+		: "=&r"(temp), "+m"(*p), "=r"(prev)
+		: "r"(val)
+		: "memory");
+
+	return (prev);
+}
+
+static inline void
+isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+	isc_int32_t temp;
+
+	__asm__ volatile(
+		"1:"
+		"ldl_l %0, %1;"			/* load old value */
+		"mov %2, %0;"			/* value to store */
+		"stl_c %0, %1;"			/* attempt to store */
+		"beq %0, 1b;"			/* if it failed, spin */
+		: "=&r"(temp), "+m"(*p)
+		: "r"(val)
+		: "memory");
+}
+
+static inline isc_int32_t
+isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
+	isc_int32_t temp, prev;
+
+	__asm__ volatile(
+		"1:"
+		"ldl_l %0, %1;"			/* load old value */
+		"mov %0, %2;"			/* copy the old value */
+		"cmpeq %0, %3, %0;"		/* compare */
+		"beq %0, 2f;"			/* exit if not equal */
+		"mov %4, %0;"			/* value to store */
+		"stl_c %0, %1;"			/* attempt to store */
+		"beq %0, 1b;"			/* if it failed, spin */
+		"2:"
+		: "=&r"(temp), "+m"(*p), "=r"(prev)
+		: "r"(cmpval), "r"(val)
+		: "memory");
+
+	return (prev);
+}
+#endif /* ISC_PLATFORM_USEOSFASM */
+
+#endif /* ISC_ATOMIC_H */
diff --git a/lib/isc/include/isc/mem.h b/lib/isc/include/isc/mem.h
index e37d5806f4..e026082ba8 100644
--- a/lib/isc/include/isc/mem.h
+++ b/lib/isc/include/isc/mem.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mem.h,v 1.62 2005/04/29 00:23:40 marka Exp $ */
+/* $Id: mem.h,v 1.63 2005/06/04 05:32:48 jinmei Exp $ */
 
 #ifndef ISC_MEM_H
 #define ISC_MEM_H 1
@@ -115,6 +115,11 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging;
 #define _ISC_MEM_FLARG
 #endif
 
+/*
+ * Flags for isc_mem_create2()calls.
+ */
+#define ISC_MEMFLAG_NOLOCK	0x00000001	 /* no lock is necessary */
+
 #define isc_mem_get(c, s)	isc__mem_get((c), (s) _ISC_MEM_FILELINE)
 #define isc_mem_allocate(c, s)	isc__mem_allocate((c), (s) _ISC_MEM_FILELINE)
 #define isc_mem_strdup(c, p)	isc__mem_strdup((c), (p) _ISC_MEM_FILELINE)
@@ -183,10 +188,20 @@ isc_result_t
 isc_mem_create(size_t max_size, size_t target_size,
 	       isc_mem_t **mctxp);
 
+isc_result_t
+isc_mem_create2(size_t max_size, size_t target_size,
+		isc_mem_t **mctxp, unsigned int flags);
+
 isc_result_t 
 isc_mem_createx(size_t max_size, size_t target_size,
 		isc_memalloc_t memalloc, isc_memfree_t memfree,
 		void *arg, isc_mem_t **mctxp);
+
+isc_result_t 
+isc_mem_createx2(size_t max_size, size_t target_size,
+		 isc_memalloc_t memalloc, isc_memfree_t memfree,
+		 void *arg, isc_mem_t **mctxp, unsigned int flags);
+
 /*!<
  * \brief Create a memory context.
  *
@@ -209,6 +224,12 @@ isc_mem_createx(size_t max_size, size_t target_size,
  * using isc_mem_create() will use the standard library malloc()
  * and free().
  *
+ * If ISC_MEMFLAG_NOLOCK is set in 'flags', the corresponding memory context
+ * will be accessed without locking.  The user who creates the context must
+ * ensure there be no race.  Since this can be a source of bug, it is generally
+ * inadvisable to use this flag unless the user is very sure about the race
+ * condition and the access to the object is highly performance sensitive.
+ *
  * Requires:
  * mctxp != NULL && *mctxp == NULL */
 /*@}*/
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index 48277a1d29..c9333d9283 100644
--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: platform.h.in,v 1.37 2005/04/27 04:57:19 sra Exp $ */
+/* $Id: platform.h.in,v 1.38 2005/06/04 05:32:48 jinmei Exp $ */
 
 #ifndef ISC_PLATFORM_H
 #define ISC_PLATFORM_H 1
@@ -217,6 +217,29 @@
  */
 @ISC_PLATFORM_HAVESYSUNH@
 
+/*
+ * If the "xadd" operation is available on this architecture,
+ * ISC_PLATFORM_HAVEXADD will be defined. 
+ */
+@ISC_PLATFORM_HAVEXADD@
+
+/*
+ * If the "atomic swap" operation is available on this architecture,
+ * ISC_PLATFORM_HAVEATOMICSTORE" will be defined. 
+ */
+@ISC_PLATFORM_HAVEATOMICSTORE@
+
+/*
+ * If the "compare-and-exchange" operation is available on this architecture,
+ * ISC_PLATFORM_HAVECMPXCHG will be defined. 
+ */
+@ISC_PLATFORM_HAVECMPXCHG@
+
+/*
+ * Define if Tru64 style ASM syntax must be used.
+ */
+@ISC_PLATFORM_USEOSFASM@
+
 #ifndef ISC_PLATFORM_USEDECLSPEC
 #define LIBISC_EXTERNAL_DATA
 #define LIBDNS_EXTERNAL_DATA
diff --git a/lib/isc/include/isc/refcount.h b/lib/isc/include/isc/refcount.h
index 7583d24862..87d078aebb 100644
--- a/lib/isc/include/isc/refcount.h
+++ b/lib/isc/include/isc/refcount.h
@@ -15,11 +15,12 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: refcount.h,v 1.9 2005/04/29 00:23:43 marka Exp $ */
+/* $Id: refcount.h,v 1.10 2005/06/04 05:32:48 jinmei Exp $ */
 
 #ifndef ISC_REFCOUNT_H
 #define ISC_REFCOUNT_H 1
 
+#include 
 #include 
 #include 
 #include 
@@ -63,9 +64,14 @@ ISC_LANG_BEGINDECLS
 /*
  * void
  * isc_refcount_increment(isc_refcount_t *ref, unsigned int *targetp);
+ * isc_refcount_increment0(isc_refcount_t *ref, unsigned int *targetp);
  *
  * Increments the reference count, returning the new value in targetp if it's
- * not NULL.
+ * not NULL.  The reference counter typically begins with the initial counter
+ * of 1, and will be destroyed once the counter reaches 0.  Thus,
+ * isc_refcount_increment() additionally requires the previous counter be
+ * larger than 0 so that an error which violates the usage can be easily
+ * caught.  isc_refcount_increment0() does not have this restriction.
  *
  * Requires:
  *	ref != NULL.
@@ -87,6 +93,48 @@ ISC_LANG_BEGINDECLS
  * Sample implementations
  */
 #ifdef ISC_PLATFORM_USETHREADS
+#ifdef ISC_PLATFORM_HAVEXADD
+
+#define ISC_REFCOUNT_HAVEATOMIC 1
+
+typedef struct isc_refcount {
+	isc_int32_t refs;
+} isc_refcount_t;
+
+#define isc_refcount_init(rp, n) ((rp)->refs = (n))
+#define isc_refcount_destroy(rp) (REQUIRE((rp)->refs == 0))
+#define isc_refcount_current(rp) ((unsigned int)((rp)->refs))
+
+#define isc_refcount_increment0(rp, tp)				\
+	do {							\
+		unsigned int *_tmp = (unsigned int *)(tp);	\
+		isc_int32_t prev;				\
+		prev = isc_atomic_xadd(&(rp)->refs, 1);		\
+		if (_tmp != NULL)				\
+			*_tmp = prev + 1;			\
+	} while (0)
+
+#define isc_refcount_increment(rp, tp)				\
+	do {							\
+		unsigned int *_tmp = (unsigned int *)(tp);	\
+		isc_int32_t prev;				\
+		prev = isc_atomic_xadd(&(rp)->refs, 1);		\
+		REQUIRE(prev > 0);				\
+		if (_tmp != NULL)				\
+			*_tmp = prev + 1;			\
+	} while (0)
+
+#define isc_refcount_decrement(rp, tp)				\
+	do {							\
+		unsigned int *_tmp = (unsigned int *)(tp);	\
+		isc_int32_t prev;				\
+		prev = isc_atomic_xadd(&(rp)->refs, -1);	\
+		REQUIRE(prev > 0);				\
+		if (_tmp != NULL)				\
+			*_tmp = prev - 1;			\
+	} while (0)
+
+#else  /* ISC_PLATFORM_HAVEXADD */
 
 typedef struct isc_refcount {
 	int refs;
@@ -112,6 +160,16 @@ typedef struct isc_refcount {
 #define isc_refcount_current(rp) ((unsigned int)((rp)->refs))
 
 /*% Increments the reference count, returning the new value in targetp if it's not NULL. */
+#define isc_refcount_increment0(rp, tp)				\
+	do {							\
+		unsigned int *_tmp = (unsigned int *)(tp);	\
+		LOCK(&(rp)->lock);				\
+		++((rp)->refs);					\
+		if (_tmp != NULL)				\
+			*_tmp = ((rp)->refs);			\
+		UNLOCK(&(rp)->lock);				\
+	} while (0)
+
 #define isc_refcount_increment(rp, tp)				\
 	do {							\
 		unsigned int *_tmp = (unsigned int *)(tp);	\
@@ -135,7 +193,8 @@ typedef struct isc_refcount {
 		UNLOCK(&(rp)->lock);				\
 	} while (0)
 
-#else
+#endif /* ISC_PLATFORM_HAVEXADD */
+#else  /* ISC_PLATFORM_USETHREADS */
 
 typedef struct isc_refcount {
 	int refs;
@@ -145,7 +204,7 @@ typedef struct isc_refcount {
 #define isc_refcount_destroy(rp) (REQUIRE((rp)->refs == 0))
 #define isc_refcount_current(rp) ((unsigned int)((rp)->refs))
 
-#define isc_refcount_increment(rp, tp)					\
+#define isc_refcount_increment0(rp, tp)					\
 	do {								\
 		unsigned int *_tmp = (unsigned int *)(tp);		\
 		int _n = ++(rp)->refs;					\
@@ -153,15 +212,27 @@ typedef struct isc_refcount {
 			*_tmp = _n;					\
 	} while (0)
 
-#define isc_refcount_decrement(rp, tp)					\
+#define isc_refcount_increment(rp, tp)					\
 	do {								\
 		unsigned int *_tmp = (unsigned int *)(tp);		\
-		int _n = --(rp)->refs;					\
+		int _n;							\
+		REQUIRE((rp)->refs > 0);				\
+		_n = ++(rp)->refs;					\
 		if (_tmp != NULL)					\
 			*_tmp = _n;					\
 	} while (0)
 
-#endif
+#define isc_refcount_decrement(rp, tp)					\
+	do {								\
+		unsigned int *_tmp = (unsigned int *)(tp);		\
+		int _n;							\
+		REQUIRE((rp)->refs > 0);				\
+		_n = --(rp)->refs;					\
+		if (_tmp != NULL)					\
+			*_tmp = _n;					\
+	} while (0)
+
+#endif /* ISC_PLATFORM_USETHREADS */
 
 ISC_LANG_ENDDECLS
 
diff --git a/lib/isc/include/isc/rwlock.h b/lib/isc/include/isc/rwlock.h
index ea52879ef5..f388d6ff41 100644
--- a/lib/isc/include/isc/rwlock.h
+++ b/lib/isc/include/isc/rwlock.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rwlock.h,v 1.23 2005/04/29 00:23:44 marka Exp $ */
+/* $Id: rwlock.h,v 1.24 2005/06/04 05:32:49 jinmei Exp $ */
 
 #ifndef ISC_RWLOCK_H
 #define ISC_RWLOCK_H 1
@@ -36,10 +36,47 @@ typedef enum {
 } isc_rwlocktype_t;
 
 #ifdef ISC_PLATFORM_USETHREADS
+#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG)
+#define ISC_RWLOCK_USEATOMIC 1
+#endif
+
 struct isc_rwlock {
 	/* Unlocked. */
 	unsigned int		magic;
 	isc_mutex_t		lock;
+
+#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG)
+	/*
+	 * When some atomic instructions with hardware assistance are
+	 * available, rwlock will use those so that concurrent readers do not
+	 * interfere with each other through mutex as long as no writers
+	 * appear, massively reducing the lock overhead in the typical case.
+	 *
+	 * The basic algorithm of this approach is the "simple
+	 * writer-preference lock" shown in the following URL:
+	 * http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html
+	 * but our implementation does not rely on the spin lock unlike the
+	 * original algorithm to be more portable as a user space application.
+	 */
+
+	/* Read or modified atomically. */
+	isc_int32_t		write_requests;
+	isc_int32_t		write_completions;
+	isc_int32_t		cnt_and_flag;
+
+	/* Locked by lock. */
+	isc_condition_t		readable;
+	isc_condition_t		writeable;
+	unsigned int		readers_waiting;
+
+	/* Locked by rwlock itself. */
+	unsigned int		write_granted;
+
+	/* Unlocked. */
+	unsigned int		write_quota;
+
+#else  /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */
+
 	/*%< Locked by lock. */
 	isc_condition_t		readable;
 	isc_condition_t		writeable;
@@ -60,6 +97,7 @@ struct isc_rwlock {
 	unsigned int		read_quota;
 	unsigned int		write_quota;
 	isc_rwlocktype_t	original;
+#endif  /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */
 };
 #else /* ISC_PLATFORM_USETHREADS */
 struct isc_rwlock {
diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index dac37f10ef..f20bd51c60 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mem.c,v 1.119 2005/04/27 04:57:13 sra Exp $ */
+/* $Id: mem.c,v 1.120 2005/06/04 05:32:48 jinmei Exp $ */
 
 /*! \file */
 
@@ -36,6 +36,9 @@
 #include 
 #include 
 
+#define MCTXLOCK(m, l) if (((m)->flags & ISC_MEMFLAG_NOLOCK) == 0) LOCK(l)
+#define MCTXUNLOCK(m, l) if (((m)->flags & ISC_MEMFLAG_NOLOCK) == 0) UNLOCK(l)
+
 #ifndef ISC_MEM_DEBUGGING
 #define ISC_MEM_DEBUGGING 0
 #endif
@@ -46,9 +49,11 @@ LIBISC_EXTERNAL_DATA unsigned int isc_mem_debugging = ISC_MEM_DEBUGGING;
  * implementation in preference to the system one.  The internal malloc()
  * is very space-efficient, and quite fast on uniprocessor systems.  It
  * performs poorly on multiprocessor machines.
+ * JT: we can overcome the performance issue on multiprocessor machines
+ * by carefully separating memory contexts.
  */
 #ifndef ISC_MEM_USE_INTERNAL_MALLOC
-#define ISC_MEM_USE_INTERNAL_MALLOC 0
+#define ISC_MEM_USE_INTERNAL_MALLOC 1
 #endif
 
 /*
@@ -117,6 +122,7 @@ typedef ISC_LIST(debuglink_t)	debuglist_t;
 struct isc_mem {
 	unsigned int		magic;
 	isc_ondestroy_t		ondestroy;
+	unsigned int		flags;
 	isc_mutex_t		lock;
 	isc_memalloc_t		memalloc;
 	isc_memfree_t		memfree;
@@ -701,6 +707,16 @@ isc_result_t
 isc_mem_createx(size_t init_max_size, size_t target_size,
 		isc_memalloc_t memalloc, isc_memfree_t memfree, void *arg,
 		isc_mem_t **ctxp)
+{
+	return (isc_mem_createx2(init_max_size, target_size, memalloc, memfree,
+				 arg, ctxp, 0));
+				 
+}
+
+isc_result_t
+isc_mem_createx2(size_t init_max_size, size_t target_size,
+		 isc_memalloc_t memalloc, isc_memfree_t memfree, void *arg,
+		 isc_mem_t **ctxp, unsigned int flags)
 {
 	isc_mem_t *ctx;
 	isc_result_t result;
@@ -719,11 +735,14 @@ isc_mem_createx(size_t init_max_size, size_t target_size,
 	if (ctx == NULL)
 		return (ISC_R_NOMEMORY);
 
-	if (isc_mutex_init(&ctx->lock) != ISC_R_SUCCESS) {
+	if ((flags & ISC_MEMFLAG_NOLOCK) == 0 &&
+	    isc_mutex_init(&ctx->lock) != ISC_R_SUCCESS) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
 				 "isc_mutex_init() %s",
-				 isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-						ISC_MSG_FAILED, "failed"));
+				 isc_msgcat_get(isc_msgcat,
+						ISC_MSGSET_GENERAL,
+						ISC_MSG_FAILED,
+						"failed"));
 		(memfree)(arg, ctx);
 		return (ISC_R_UNEXPECTED);
 	}
@@ -732,6 +751,7 @@ isc_mem_createx(size_t init_max_size, size_t target_size,
 		ctx->max_size = DEF_MAX_SIZE;
 	else
 		ctx->max_size = init_max_size;
+	ctx->flags = flags;
 	ctx->references = 1;
 	ctx->quota = 0;
 	ctx->total = 0;
@@ -818,7 +838,8 @@ isc_mem_createx(size_t init_max_size, size_t target_size,
 		if (ctx->debuglist != NULL)
 			(ctx->memfree)(ctx->arg, ctx->debuglist);
 #endif /* ISC_MEM_TRACKLINES */
-		DESTROYLOCK(&ctx->lock);
+		if ((ctx->flags & ISC_MEMFLAG_NOLOCK) == 0)
+			DESTROYLOCK(&ctx->lock);
 		(memfree)(arg, ctx);
 	}
 
@@ -829,9 +850,18 @@ isc_result_t
 isc_mem_create(size_t init_max_size, size_t target_size,
 	       isc_mem_t **ctxp)
 {
-	return (isc_mem_createx(init_max_size, target_size,
-				default_memalloc, default_memfree, NULL,
-				ctxp));
+	return (isc_mem_createx2(init_max_size, target_size,
+				 default_memalloc, default_memfree, NULL,
+				 ctxp, 0));
+}
+
+isc_result_t
+isc_mem_create2(size_t init_max_size, size_t target_size,
+		isc_mem_t **ctxp, unsigned int flags)
+{
+	return (isc_mem_createx2(init_max_size, target_size,
+				 default_memalloc, default_memfree, NULL,
+				 ctxp, flags));
 }
 
 static void
@@ -891,7 +921,8 @@ destroy(isc_mem_t *ctx) {
 
 	ondest = ctx->ondestroy;
 
-	DESTROYLOCK(&ctx->lock);
+	if ((ctx->flags & ISC_MEMFLAG_NOLOCK) == 0)
+		DESTROYLOCK(&ctx->lock);
 	(ctx->memfree)(ctx->arg, ctx);
 
 	isc_ondestroy_notify(&ondest, ctx);
@@ -902,9 +933,9 @@ isc_mem_attach(isc_mem_t *source, isc_mem_t **targetp) {
 	REQUIRE(VALID_CONTEXT(source));
 	REQUIRE(targetp != NULL && *targetp == NULL);
 
-	LOCK(&source->lock);
+	MCTXLOCK(source, &source->lock);
 	source->references++;
-	UNLOCK(&source->lock);
+	MCTXUNLOCK(source, &source->lock);
 
 	*targetp = source;
 }
@@ -918,12 +949,12 @@ isc_mem_detach(isc_mem_t **ctxp) {
 	ctx = *ctxp;
 	REQUIRE(VALID_CONTEXT(ctx));
 
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	INSIST(ctx->references > 0);
 	ctx->references--;
 	if (ctx->references == 0)
 		want_destroy = ISC_TRUE;
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	if (want_destroy)
 		destroy(ctx);
@@ -958,11 +989,11 @@ isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) {
 	*ctxp = NULL;
 
 #if ISC_MEM_USE_INTERNAL_MALLOC
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	mem_putunlocked(ctx, ptr, size);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
 	mem_put(ctx, ptr, size);
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	mem_putstats(ctx, ptr, size);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 
@@ -972,7 +1003,7 @@ isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) {
 	if (ctx->references == 0)
 		want_destroy = ISC_TRUE;
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	if (want_destroy)
 		destroy(ctx);
@@ -991,14 +1022,14 @@ isc_mem_destroy(isc_mem_t **ctxp) {
 	ctx = *ctxp;
 	REQUIRE(VALID_CONTEXT(ctx));
 
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 #if ISC_MEM_TRACKLINES
 	if (ctx->references != 1)
 		print_active(ctx, stderr);
 #endif
 	REQUIRE(ctx->references == 1);
 	ctx->references--;
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	destroy(ctx);
 
@@ -1009,9 +1040,9 @@ isc_result_t
 isc_mem_ondestroy(isc_mem_t *ctx, isc_task_t *task, isc_event_t **event) {
 	isc_result_t res;
 
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	res = isc_ondestroy_register(&ctx->ondestroy, task, event);
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	return (res);
 }
@@ -1025,11 +1056,11 @@ isc__mem_get(isc_mem_t *ctx, size_t size FLARG) {
 	REQUIRE(VALID_CONTEXT(ctx));
 
 #if ISC_MEM_USE_INTERNAL_MALLOC
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	ptr = mem_getunlocked(ctx, size);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
 	ptr = mem_get(ctx, size);
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	if (ptr != NULL)
 		mem_getstats(ctx, size);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
@@ -1047,7 +1078,7 @@ isc__mem_get(isc_mem_t *ctx, size_t size FLARG) {
 			fprintf(stderr, "maxinuse = %lu\n",
 				(unsigned long)ctx->inuse);
 	}
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	if (call_water)
 		(ctx->water)(ctx->water_arg, ISC_MEM_HIWATER);
@@ -1064,11 +1095,11 @@ isc__mem_put(isc_mem_t *ctx, void *ptr, size_t size FLARG)
 	REQUIRE(ptr != NULL);
 
 #if ISC_MEM_USE_INTERNAL_MALLOC
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	mem_putunlocked(ctx, ptr, size);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
 	mem_put(ctx, ptr, size);
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	mem_putstats(ctx, ptr, size);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 
@@ -1086,7 +1117,7 @@ isc__mem_put(isc_mem_t *ctx, void *ptr, size_t size FLARG)
 		if (ctx->water != NULL)
 			call_water = ISC_TRUE;
 	}
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	if (call_water)
 		(ctx->water)(ctx->water_arg, ISC_MEM_LOWATER);
@@ -1143,7 +1174,7 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) {
 	const isc_mempool_t *pool;
 
 	REQUIRE(VALID_CONTEXT(ctx));
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 
 	for (i = 0; i <= ctx->max_size; i++) {
 		s = &ctx->stats[i];
@@ -1205,7 +1236,7 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) {
 	print_active(ctx, out);
 #endif
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 }
 
 /*
@@ -1236,11 +1267,11 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
 	REQUIRE(VALID_CONTEXT(ctx));
 
 #if ISC_MEM_USE_INTERNAL_MALLOC
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	si = isc__mem_allocateunlocked(ctx, size);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
 	si = isc__mem_allocateunlocked(ctx, size);
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	if (si != NULL)
 		mem_getstats(ctx, si[-1].u.size);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
@@ -1249,7 +1280,7 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
 	ADD_TRACE(ctx, si, si[-1].u.size, file, line);
 #endif
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	return (si);
 }
@@ -1266,17 +1297,17 @@ isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) {
 	size = si->u.size;
 
 #if ISC_MEM_USE_INTERNAL_MALLOC
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	mem_putunlocked(ctx, si, size);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
 	mem_put(ctx, si, size);
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	mem_putstats(ctx, si, size);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 
 	DELETE_TRACE(ctx, ptr, size, file, line);
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 }
 
 
@@ -1305,11 +1336,11 @@ isc__mem_strdup(isc_mem_t *mctx, const char *s FLARG) {
 void
 isc_mem_setdestroycheck(isc_mem_t *ctx, isc_boolean_t flag) {
 	REQUIRE(VALID_CONTEXT(ctx));
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 
 	ctx->checkfree = flag;
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 }
 
 /*
@@ -1319,11 +1350,11 @@ isc_mem_setdestroycheck(isc_mem_t *ctx, isc_boolean_t flag) {
 void
 isc_mem_setquota(isc_mem_t *ctx, size_t quota) {
 	REQUIRE(VALID_CONTEXT(ctx));
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 
 	ctx->quota = quota;
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 }
 
 size_t
@@ -1331,11 +1362,11 @@ isc_mem_getquota(isc_mem_t *ctx) {
 	size_t quota;
 
 	REQUIRE(VALID_CONTEXT(ctx));
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 
 	quota = ctx->quota;
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	return (quota);
 }
@@ -1345,11 +1376,11 @@ isc_mem_inuse(isc_mem_t *ctx) {
 	size_t inuse;
 
 	REQUIRE(VALID_CONTEXT(ctx));
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 
 	inuse = ctx->inuse;
 
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 
 	return (inuse);
 }
@@ -1361,7 +1392,7 @@ isc_mem_setwater(isc_mem_t *ctx, isc_mem_water_t water, void *water_arg,
 	REQUIRE(VALID_CONTEXT(ctx));
 	REQUIRE(hiwater >= lowater);
 
-	LOCK(&ctx->lock);
+	MCTXLOCK(ctx, &ctx->lock);
 	if (water == NULL) {
 		ctx->water = NULL;
 		ctx->water_arg = NULL;
@@ -1375,7 +1406,7 @@ isc_mem_setwater(isc_mem_t *ctx, isc_mem_water_t water, void *water_arg,
 		ctx->lo_water = lowater;
 		ctx->hi_called = ISC_FALSE;
 	}
-	UNLOCK(&ctx->lock);
+	MCTXUNLOCK(ctx, &ctx->lock);
 }
 
 /*
@@ -1415,9 +1446,9 @@ isc_mempool_create(isc_mem_t *mctx, size_t size, isc_mempool_t **mpctxp) {
 
 	*mpctxp = mpctx;
 
-	LOCK(&mctx->lock);
+	MCTXLOCK(mctx, &mctx->lock);
 	ISC_LIST_INITANDAPPEND(mctx->pools, mpctx, link);
-	UNLOCK(&mctx->lock);
+	MCTXUNLOCK(mctx, &mctx->lock);
 
 	return (ISC_R_SUCCESS);
 }
@@ -1470,7 +1501,7 @@ isc_mempool_destroy(isc_mempool_t **mpctxp) {
 	/*
 	 * Return any items on the free list
 	 */
-	LOCK(&mctx->lock);
+	MCTXLOCK(mctx, &mctx->lock);
 	while (mpctx->items != NULL) {
 		INSIST(mpctx->freecount > 0);
 		mpctx->freecount--;
@@ -1484,14 +1515,14 @@ isc_mempool_destroy(isc_mempool_t **mpctxp) {
 		mem_putstats(mctx, item, mpctx->size);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 	}
-	UNLOCK(&mctx->lock);
+	MCTXUNLOCK(mctx, &mctx->lock);
 
 	/*
 	 * Remove our linked list entry from the memory context.
 	 */
-	LOCK(&mctx->lock);
+	MCTXLOCK(mctx, &mctx->lock);
 	ISC_LIST_UNLINK(mctx->pools, mpctx, link);
-	UNLOCK(&mctx->lock);
+	MCTXUNLOCK(mctx, &mctx->lock);
 
 	mpctx->magic = 0;
 
@@ -1550,7 +1581,7 @@ isc__mempool_get(isc_mempool_t *mpctx FLARG) {
 	 * We need to dip into the well.  Lock the memory context here and
 	 * fill up our free list.
 	 */
-	LOCK(&mctx->lock);
+	MCTXLOCK(mctx, &mctx->lock);
 	for (i = 0; i < mpctx->fillcount; i++) {
 #if ISC_MEM_USE_INTERNAL_MALLOC
 		item = mem_getunlocked(mctx, mpctx->size);
@@ -1565,7 +1596,7 @@ isc__mempool_get(isc_mempool_t *mpctx FLARG) {
 		mpctx->items = item;
 		mpctx->freecount++;
 	}
-	UNLOCK(&mctx->lock);
+	MCTXUNLOCK(mctx, &mctx->lock);
 
 	/*
 	 * If we didn't get any items, return NULL.
@@ -1585,9 +1616,9 @@ isc__mempool_get(isc_mempool_t *mpctx FLARG) {
 
 #if ISC_MEM_TRACKLINES
 	if (item != NULL) {
-		LOCK(&mctx->lock);
+		MCTXLOCK(mctx, &mctx->lock);
 		ADD_TRACE(mctx, item, mpctx->size, file, line);
-		UNLOCK(&mctx->lock);
+		MCTXUNLOCK(mctx, &mctx->lock);
 	}
 #endif /* ISC_MEM_TRACKLINES */
 
@@ -1611,9 +1642,9 @@ isc__mempool_put(isc_mempool_t *mpctx, void *mem FLARG) {
 	mpctx->allocated--;
 
 #if ISC_MEM_TRACKLINES
-	LOCK(&mctx->lock);
+	MCTXLOCK(mctx, &mctx->lock);
 	DELETE_TRACE(mctx, mem, mpctx->size, file, line);
-	UNLOCK(&mctx->lock);
+	MCTXUNLOCK(mctx, &mctx->lock);
 #endif /* ISC_MEM_TRACKLINES */
 
 	/*
@@ -1621,14 +1652,14 @@ isc__mempool_put(isc_mempool_t *mpctx, void *mem FLARG) {
 	 */
 	if (mpctx->freecount >= mpctx->freemax) {
 #if ISC_MEM_USE_INTERNAL_MALLOC
-		LOCK(&mctx->lock);
+		MCTXLOCK(mctx, &mctx->lock);
 		mem_putunlocked(mctx, mem, mpctx->size);
-		UNLOCK(&mctx->lock);
+		MCTXUNLOCK(mctx, &mctx->lock);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
 		mem_put(mctx, mem, mpctx->size);
-		LOCK(&mctx->lock);
+		MCTXLOCK(mctx, &mctx->lock);
 		mem_putstats(mctx, mem, mpctx->size);
-		UNLOCK(&mctx->lock);
+		MCTXUNLOCK(mctx, &mctx->lock);
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 		if (mpctx->lock != NULL)
 			UNLOCK(mpctx->lock);
diff --git a/lib/isc/noatomic/include/isc/atomic.h b/lib/isc/noatomic/include/isc/atomic.h
new file mode 100644
index 0000000000..08681ce527
--- /dev/null
+++ b/lib/isc/noatomic/include/isc/atomic.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: atomic.h,v 1.2 2005/06/04 05:32:49 jinmei Exp $ */
+
+#ifndef ISC_ATOMIC_H
+#define ISC_ATOMIC_H 1
+
+/* This file is inherently empty. */
+
+#endif /* ISC_ATOMIC_H */
diff --git a/lib/isc/rwlock.c b/lib/isc/rwlock.c
index 3e6fd2f261..1498af43be 100644
--- a/lib/isc/rwlock.c
+++ b/lib/isc/rwlock.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rwlock.c,v 1.40 2005/04/27 04:57:14 sra Exp $ */
+/* $Id: rwlock.c,v 1.41 2005/06/04 05:32:48 jinmei Exp $ */
 
 /*! \file */
 
@@ -23,6 +23,7 @@
 
 #include 
 
+#include 
 #include 
 #include 
 #include 
@@ -83,6 +84,20 @@ isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota,
 	 */
 	rwl->magic = 0;
 
+#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG)
+	rwl->write_requests = 0;
+	rwl->write_completions = 0;
+	rwl->cnt_and_flag = 0;
+	rwl->readers_waiting = 0;
+	rwl->write_granted = 0;
+	if (read_quota != 0) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "read quota is not supported");
+	}
+	if (write_quota == 0)
+		write_quota = RWLOCK_DEFAULT_WRITE_QUOTA;
+	rwl->write_quota = write_quota;
+#else
 	rwl->type = isc_rwlocktype_read;
 	rwl->original = isc_rwlocktype_none;
 	rwl->active = 0;
@@ -95,6 +110,8 @@ isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota,
 	if (write_quota == 0)
 		write_quota = RWLOCK_DEFAULT_WRITE_QUOTA;
 	rwl->write_quota = write_quota;
+#endif
+
 	result = isc_mutex_init(&rwl->lock);
 	if (result != ISC_R_SUCCESS) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -113,7 +130,6 @@ isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota,
 				 isc_result_totext(result));
 		result = ISC_R_UNEXPECTED;
 		goto destroy_lock;
-
 	}
 	result = isc_condition_init(&rwl->writeable);
 	if (result != ISC_R_SUCCESS) {
@@ -138,6 +154,389 @@ isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota,
 	return (result);
 }
 
+void
+isc_rwlock_destroy(isc_rwlock_t *rwl) {
+	REQUIRE(VALID_RWLOCK(rwl));
+
+#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG)
+	REQUIRE(rwl->write_requests == rwl->write_completions &&
+		rwl->cnt_and_flag == 0 && rwl->readers_waiting == 0);
+#else
+	LOCK(&rwl->lock);
+	REQUIRE(rwl->active == 0 &&
+		rwl->readers_waiting == 0 &&
+		rwl->writers_waiting == 0);
+	UNLOCK(&rwl->lock);
+#endif
+
+	rwl->magic = 0;
+	(void)isc_condition_destroy(&rwl->readable);
+	(void)isc_condition_destroy(&rwl->writeable);
+	DESTROYLOCK(&rwl->lock);
+}
+
+#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG)
+
+/*
+ * When some architecture-dependent atomic operations are available,
+ * rwlock can be more efficient than the generic algorithm defined below.
+ * The basic algorithm is described in the following URL:
+ *   http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html
+ *
+ * The key is to use the following integer variables modified atomically:
+ *   write_requests, write_completions, and cnt_and_flag.
+ *
+ * write_requests and write_completions act as a waiting queue for writers
+ * in order to ensure the FIFO order.  Both variables begin with the initial
+ * value of 0.  When a new writer tries to get a write lock, it increments
+ * write_requests and gets the previous value of the variable as a "ticket".
+ * When write_completions reaches the ticket number, the new writer can start
+ * writing.  When the writer completes its work, it increments
+ * write_completions so that another new writer can start working.  If the
+ * write_requests is not equal to write_completions, it means a writer is now
+ * working or waiting.  In this case, a new readers cannot start reading, or
+ * in other words, this algorithm basically prefers writers.
+ *
+ * cnt_and_flag is a "lock" shared by all readers and writers.  This integer
+ * variable is a kind of structure with two members: writer_flag (1 bit) and
+ * reader_count (31 bits).  The writer_flag shows whether a writer is working,
+ * and the reader_count shows the number of readers currently working or almost
+ * ready for working.  A writer who has the current "ticket" tries to get the
+ * lock by exclusively setting the writer_flag to 1, provided that the whole
+ * 32-bit is 0 (meaning no readers or writers working).  On the other hand,
+ * a new reader tries to increment the "reader_count" field provided that
+ * the writer_flag is 0 (meaning there is no writer working).
+ *
+ * If some of the above operations fail, the reader or the writer sleeps
+ * until the related condition changes.  When a working reader or writer
+ * completes its work, some readers or writers are sleeping, and the condition
+ * that suspended the reader or writer has changed, it wakes up the sleeping
+ * readers or writers.
+ *
+ * As already noted, this algorithm basically prefers writers.  In order to
+ * prevent readers from starving, however, the algorithm also introduces the
+ * "writer quota" (Q).  When Q consecutive writers have completed their work,
+ * suspending readers, the last writer will wake up the readers, even if a new
+ * writer is waiting.
+ *
+ * Implementation specific note: due to the combination of atomic operations
+ * and a mutex lock, ordering between the atomic operation and locks can be
+ * very sensitive in some cases.  In particular, it is generally very important
+ * to check the atomic variable that requires a reader or writer to sleep after
+ * locking the mutex and before actually sleeping; otherwise, it could be very
+ * likely to cause a deadlock.  For example, assume "var" is a variable
+ * atomically modified, then the corresponding code would be:
+ *	if (var == need_sleep) {
+ *		LOCK(lock);
+ *		if (var == need_sleep)
+ *			WAIT(cond, lock);
+ *		UNLOCK(lock);
+ *	}
+ * The second check is important, since "var" is protected by the atomic
+ * operation, not by the mutex, and can be changed just before sleeping.
+ * (The first "if" could be omitted, but this is also important in order to
+ * make the code efficient by avoiding the use of the mutex unless it is
+ * really necessary.)
+ */
+
+#define WRITER_ACTIVE	0x1
+#define READER_INCR	0x2
+
+isc_result_t
+isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) {
+	isc_int32_t cntflag;
+
+	REQUIRE(VALID_RWLOCK(rwl));
+
+#ifdef ISC_RWLOCK_TRACE
+	print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK,
+				  ISC_MSG_PRELOCK, "prelock"), rwl, type);
+#endif
+
+	if (type == isc_rwlocktype_read) {
+		if (rwl->write_requests != rwl->write_completions) {
+			/* there is a waiting or active writer */
+			LOCK(&rwl->lock);
+			if (rwl->write_requests != rwl->write_completions) {
+				rwl->readers_waiting++;
+				WAIT(&rwl->readable, &rwl->lock);
+				rwl->readers_waiting--;
+			}
+			UNLOCK(&rwl->lock);
+		}
+
+		cntflag = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR);
+		while (1) {
+			if ((rwl->cnt_and_flag & WRITER_ACTIVE) == 0)
+				break;
+
+			/* A writer is still working */
+			LOCK(&rwl->lock);
+			rwl->readers_waiting++;
+			if ((rwl->cnt_and_flag & WRITER_ACTIVE) != 0)
+				WAIT(&rwl->readable, &rwl->lock);
+			rwl->readers_waiting--;
+			UNLOCK(&rwl->lock);
+
+			/*
+			 * Typically, the reader should be able to get a lock
+			 * at this stage:
+			 *   (1) there should have been no pending writer when
+			 *       the reader was trying to increment the
+			 *       counter; otherwise, the writer should be in
+			 *       the waiting queue, preventing the reader from
+			 *       proceeding to this point.
+			 *   (2) once the reader increments the counter, no
+			 *       more writer can get a lock.
+			 * Still, it is possible another writer can work at
+			 * this point, e.g. in the following scenario:
+			 *   A previous writer unlocks the writer lock.
+			 *   This reader proceeds to point (1).
+			 *   A new writer appears, and gets a new lock before
+			 *   the reader increments the counter.
+			 *   The reader then increments the counter.
+			 *   The previous writer notices there is a waiting
+			 *   reader who is almost ready, and wakes it up.
+			 * So, the reader needs to confirm whether it can now
+			 * read explicitly (thus we loop).  Note that this is
+			 * not an infinite process, since the reader has
+			 * incremented the counter at this point.
+			 */
+		}
+
+		/*
+		 * If we are temporarily preferred to writers due to the writer
+		 * quota, reset the condition (race among readers doesn't
+		 * matter).
+		 */
+		rwl->write_granted = 0;
+	} else {
+		isc_int32_t prev_writer;
+
+		/* enter the waiting queue, and wait for our turn */
+		prev_writer = isc_atomic_xadd(&rwl->write_requests, 1);
+		while (rwl->write_completions != prev_writer) {
+			LOCK(&rwl->lock);
+			if (rwl->write_completions != prev_writer) {
+				WAIT(&rwl->writeable, &rwl->lock);
+				UNLOCK(&rwl->lock);
+				continue;
+			}
+			UNLOCK(&rwl->lock);
+			break;
+		}
+
+		while (1) {
+			cntflag = isc_atomic_cmpxchg(&rwl->cnt_and_flag, 0,
+						     WRITER_ACTIVE);
+			if (cntflag == 0)
+				break;
+
+			/* Another active reader or writer is working. */
+			LOCK(&rwl->lock);
+			if (rwl->cnt_and_flag != 0)
+				WAIT(&rwl->writeable, &rwl->lock);
+			UNLOCK(&rwl->lock);
+		}
+
+		INSIST((rwl->cnt_and_flag & WRITER_ACTIVE) != 0);
+		rwl->write_granted++;
+	}
+
+#ifdef ISC_RWLOCK_TRACE
+	print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK,
+				  ISC_MSG_POSTLOCK, "postlock"), rwl, type);
+#endif
+
+	return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) {
+	isc_int32_t cntflag;
+
+	REQUIRE(VALID_RWLOCK(rwl));
+
+#ifdef ISC_RWLOCK_TRACE
+	print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK,
+				  ISC_MSG_PRELOCK, "prelock"), rwl, type);
+#endif
+
+	if (type == isc_rwlocktype_read) {
+		/* If a writer is waiting or working, we fail. */
+		if (rwl->write_requests != rwl->write_completions)
+			return (ISC_R_LOCKBUSY);
+
+		/* Otherwise, be ready for reading. */
+		cntflag = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR);
+		if ((cntflag & WRITER_ACTIVE) != 0) {
+			/*
+			 * A writer is working.  We lose, and cancel the read
+			 * request.
+			 */
+			cntflag = isc_atomic_xadd(&rwl->cnt_and_flag,
+						  -READER_INCR);
+			/*
+			 * If no other readers are waiting and we've suspended
+			 * new writers in this short period, wake them up.
+			 */
+			if (cntflag == READER_INCR &&
+			    rwl->write_completions != rwl->write_requests) {
+				LOCK(&rwl->lock);
+				BROADCAST(&rwl->writeable);
+				UNLOCK(&rwl->lock);
+			}
+			
+			return (ISC_R_LOCKBUSY);
+		}
+	} else {
+		/* Try locking without entering the waiting queue. */
+		cntflag = isc_atomic_cmpxchg(&rwl->cnt_and_flag, 0,
+					     WRITER_ACTIVE);
+		if (cntflag != 0)
+			return (ISC_R_LOCKBUSY);
+
+		/*
+		 * XXXJT: jump into the queue, possibly breaking the writer
+		 * order.
+		 */
+		(void)isc_atomic_xadd(&rwl->write_completions, -1);
+
+		rwl->write_granted++;
+	}
+
+#ifdef ISC_RWLOCK_TRACE
+	print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK,
+				  ISC_MSG_POSTLOCK, "postlock"), rwl, type);
+#endif
+
+	return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+isc_rwlock_tryupgrade(isc_rwlock_t *rwl) {
+	isc_int32_t prevcnt;
+
+	REQUIRE(VALID_RWLOCK(rwl));
+
+	/* Try to acquire write access. */
+	prevcnt = isc_atomic_cmpxchg(&rwl->cnt_and_flag,
+				     READER_INCR, WRITER_ACTIVE);
+	/*
+	 * There must have been no writer, and there must have been at least
+	 * one reader.
+	 */
+	INSIST((prevcnt & WRITER_ACTIVE) == 0 &&
+	       (prevcnt & ~WRITER_ACTIVE) != 0);
+
+	if (prevcnt == READER_INCR) {
+		/*
+		 * We are the only reader and have been upgraded.
+		 * Now jump into the head of the writer waiting queue.
+		 */
+		(void)isc_atomic_xadd(&rwl->write_completions, -1);
+	} else
+		return (ISC_R_LOCKBUSY);
+
+	return (ISC_R_SUCCESS);
+	
+}
+
+void
+isc_rwlock_downgrade(isc_rwlock_t *rwl) {
+	isc_int32_t prev_readers;
+
+	REQUIRE(VALID_RWLOCK(rwl));
+
+	/* Become an active reader. */
+	prev_readers = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR);
+	/* We must have been a writer. */
+	INSIST((prev_readers & WRITER_ACTIVE) != 0);
+
+	/* Complete write */
+	(void)isc_atomic_xadd(&rwl->cnt_and_flag, -WRITER_ACTIVE);
+	(void)isc_atomic_xadd(&rwl->write_completions, 1);
+
+	/* Resume other readers */
+	LOCK(&rwl->lock);
+	if (rwl->readers_waiting > 0)
+		BROADCAST(&rwl->readable);
+	UNLOCK(&rwl->lock);
+}
+
+isc_result_t
+isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) {
+	isc_int32_t prev_cnt;
+
+	REQUIRE(VALID_RWLOCK(rwl));
+
+#ifdef ISC_RWLOCK_TRACE
+	print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK,
+				  ISC_MSG_PREUNLOCK, "preunlock"), rwl, type);
+#endif
+
+	if (type == isc_rwlocktype_read) {
+		prev_cnt = isc_atomic_xadd(&rwl->cnt_and_flag, -READER_INCR);
+
+		/*
+		 * If we're the last reader and any writers are waiting, wake
+		 * them up.  We need to wake up all of them to ensure the
+		 * FIFO order.
+		 */
+		if (prev_cnt == READER_INCR &&
+		    rwl->write_completions != rwl->write_requests) {
+			LOCK(&rwl->lock);
+			BROADCAST(&rwl->writeable);
+			UNLOCK(&rwl->lock);
+		}
+	} else {
+		isc_boolean_t wakeup_writers = ISC_TRUE;
+
+		/*
+		 * Reset the flag, and (implicitly) tell other writers
+		 * we are done.
+		 */
+		(void)isc_atomic_xadd(&rwl->cnt_and_flag, -WRITER_ACTIVE);
+		(void)isc_atomic_xadd(&rwl->write_completions, 1);
+
+		if (rwl->write_granted >= rwl->write_quota ||
+		    rwl->write_requests == rwl->write_completions ||
+		    (rwl->cnt_and_flag & ~WRITER_ACTIVE) != 0) {
+			/*
+			 * We have passed the write quota, no writer is
+			 * waiting, or some readers are almost ready, pending
+			 * possible writers.  Note that the last case can
+			 * happen even if write_requests != write_completions
+			 * (which means a new writer in the queue), so we need
+			 * to catch the case explicitly.
+			 */
+			LOCK(&rwl->lock);
+			if (rwl->readers_waiting > 0) {
+				wakeup_writers = ISC_FALSE;
+				BROADCAST(&rwl->readable);
+			}
+			UNLOCK(&rwl->lock);
+		}
+
+		if (rwl->write_requests != rwl->write_completions &&
+		    wakeup_writers) {
+			LOCK(&rwl->lock);
+			BROADCAST(&rwl->writeable);
+			UNLOCK(&rwl->lock);
+		}
+	}
+
+#ifdef ISC_RWLOCK_TRACE
+	print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK,
+				  ISC_MSG_POSTUNLOCK, "postunlock"),
+		   rwl, type);
+#endif
+
+	return (ISC_R_SUCCESS);
+}
+
+#else /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */
+
 static isc_result_t
 doit(isc_rwlock_t *rwl, isc_rwlocktype_t type, isc_boolean_t nonblock) {
 	isc_boolean_t skip = ISC_FALSE;
@@ -323,22 +722,7 @@ isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) {
 	return (ISC_R_SUCCESS);
 }
 
-void
-isc_rwlock_destroy(isc_rwlock_t *rwl) {
-	REQUIRE(VALID_RWLOCK(rwl));
-
-	LOCK(&rwl->lock);
-	REQUIRE(rwl->active == 0 &&
-		rwl->readers_waiting == 0 &&
-		rwl->writers_waiting == 0);
-	UNLOCK(&rwl->lock);
-
-	rwl->magic = 0;
-	(void)isc_condition_destroy(&rwl->readable);
-	(void)isc_condition_destroy(&rwl->writeable);
-	DESTROYLOCK(&rwl->lock);
-}
-
+#endif /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */
 #else /* ISC_PLATFORM_USETHREADS */
 
 isc_result_t
diff --git a/lib/isc/sparc64/include/isc/atomic.h b/lib/isc/sparc64/include/isc/atomic.h
new file mode 100644
index 0000000000..2d6cdd3e44
--- /dev/null
+++ b/lib/isc/sparc64/include/isc/atomic.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: atomic.h,v 1.2 2005/06/04 05:32:49 jinmei Exp $ */
+
+/*
+ * This code was written based on FreeBSD's kernel source whose copyright
+ * follows:
+ */
+
+/*-
+ * Copyright (c) 1998 Doug Rabson.
+ * Copyright (c) 2001 Jake Burkholder.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	from: FreeBSD: src/sys/i386/include/atomic.h,v 1.20 2001/02/11
+ * $FreeBSD: src/sys/sparc64/include/atomic.h,v 1.8 2004/05/22 00:52:16 marius Exp $
+ */
+
+#ifndef ISC_ATOMIC_H
+#define ISC_ATOMIC_H 1
+
+#include 
+#include 
+
+#define	ASI_P	0x80		/* Primary Address Space Identifier */
+
+/*
+ * This routine atomically increments the value stored in 'p' by 'val', and
+ * returns the previous value.
+ */
+static inline isc_int32_t
+isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
+	isc_int32_t prev, swapped;
+
+	for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) {
+		swapped = prev + val;
+		__asm__ volatile(
+			"casa [%1] %2, %3, %0"
+			: "+r"(swapped)
+			: "r"(p), "n"(ASI_P), "r"(prev));
+		if (swapped == prev)
+			break;
+	}
+
+	return (prev);
+}
+
+/*
+ * This routine atomically stores the value 'val' in 'p'.
+ */
+static inline void
+isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+	isc_int32_t prev, swapped;
+
+	for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) {
+		swapped = val;
+		__asm__ volatile(
+			"casa [%1] %2, %3, %0"
+			: "+r"(swapped)
+			: "r"(p), "n"(ASI_P), "r"(prev)
+			: "memory");
+		if (swapped == prev)
+			break;
+	}
+}
+
+/*
+ * This routine atomically replaces the value in 'p' with 'val', if the
+ * original value is equal to 'cmpval'.  The original value is returned in any
+ * case.
+ */
+static inline isc_int32_t
+isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
+	isc_int32_t temp = val;
+
+	__asm__ volatile(
+		"casa [%1] %2, %3, %0"
+		: "+r"(temp)
+		: "r"(p), "n"(ASI_P), "r"(cmpval));
+
+	return (temp);
+}
+
+#endif /* ISC_ATOMIC_H */
diff --git a/lib/isc/unix/include/isc/stdtime.h b/lib/isc/unix/include/isc/stdtime.h
index 45f1f75a78..be673e71e4 100644
--- a/lib/isc/unix/include/isc/stdtime.h
+++ b/lib/isc/unix/include/isc/stdtime.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stdtime.h,v 1.11 2005/04/29 00:23:53 marka Exp $ */
+/* $Id: stdtime.h,v 1.12 2005/06/04 05:32:49 jinmei Exp $ */
 
 #ifndef ISC_STDTIME_H
 #define ISC_STDTIME_H 1
@@ -31,6 +31,12 @@
  * about its size.
  */
 typedef isc_uint32_t isc_stdtime_t;
+/*
+ * isc_stdtime32_t is a 32-bit version of isc_stdtime_t.  A variable of this
+ * type should only be used as an opaque integer (e.g.,) to compare two
+ * time values.
+ */
+typedef isc_uint32_t isc_stdtime32_t;
 
 ISC_LANG_BEGINDECLS
 /* */
@@ -44,6 +50,11 @@ isc_stdtime_get(isc_stdtime_t *t);
  *\li	't' is a valid pointer.
  */
 
+#define isc_stdtime_convert32(t, t32p) (*(t32p) = t)
+/*
+ * Convert the standard time to its 32-bit version.
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* ISC_STDTIME_H */
diff --git a/lib/isc/win32/include/isc/stdtime.h b/lib/isc/win32/include/isc/stdtime.h
index 3b0460cb41..ee3ad1e67f 100644
--- a/lib/isc/win32/include/isc/stdtime.h
+++ b/lib/isc/win32/include/isc/stdtime.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stdtime.h,v 1.8 2004/03/05 05:12:06 marka Exp $ */
+/* $Id: stdtime.h,v 1.9 2005/06/04 05:32:49 jinmei Exp $ */
 
 #ifndef ISC_STDTIME_H
 #define ISC_STDTIME_H 1
@@ -29,6 +29,12 @@
  * about its size.
  */
 typedef isc_uint32_t isc_stdtime_t;
+/*
+ * isc_stdtime32_t is a 32-bit version of isc_stdtime_t.  A variable of this
+ * type should only be used as an opaque integer (e.g.,) to compare two
+ * time values.
+ */
+typedef isc_uint32_t isc_stdtime32_t;
 
 ISC_LANG_BEGINDECLS
 
@@ -42,6 +48,11 @@ isc_stdtime_get(isc_stdtime_t *t);
  *	't' is a valid pointer.
  */
 
+#define isc_stdtime_convert32(t, t32p) (*(t32p) = t)
+/*
+ * Convert the standard time to its 32-bit version.
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* ISC_STDTIME_H */
diff --git a/lib/isc/x86_32/include/isc/atomic.h b/lib/isc/x86_32/include/isc/atomic.h
new file mode 100644
index 0000000000..807d6967ec
--- /dev/null
+++ b/lib/isc/x86_32/include/isc/atomic.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: atomic.h,v 1.2 2005/06/04 05:32:50 jinmei Exp $ */
+
+#ifndef ISC_ATOMIC_H
+#define ISC_ATOMIC_H 1
+
+#include 
+#include 
+
+/*
+ * This routine atomically increments the value stored in 'p' by 'val', and
+ * returns the previous value.
+ */
+static inline isc_int32_t
+isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
+	isc_int32_t prev = val;
+
+	__asm__ volatile(
+#ifdef ISC_PLATFORM_USETHREADS
+		"lock;"
+#endif
+		"xadd %0, %1"
+		:"=q"(prev)
+		:"m"(*p), "0"(prev)
+		:"memory", "cc");
+
+	return (prev);
+}
+
+/*
+ * This routine atomically stores the value 'val' in 'p'.
+ */
+static inline void
+isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+	__asm__ volatile(
+#ifdef ISC_PLATFORM_USETHREADS
+		/*
+		 * xchg should automatically lock memory, but we add it
+		 * explicitly just in case (it at least doesn't harm)
+		 */
+		"lock;"		
+#endif
+		"xchgl %1, %0"
+		:
+		: "r"(val), "m"(*p)
+		: "memory");
+}
+
+/*
+ * This routine atomically replaces the value in 'p' with 'val', if the
+ * original value is equal to 'cmpval'.  The original value is returned in any
+ * case.
+ */
+static inline isc_int32_t
+isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
+	__asm__ volatile(
+#ifdef ISC_PLATFORM_USETHREADS
+		"lock;"
+#endif
+		"cmpxchgl %1, %2"
+		: "=a"(cmpval)
+		: "r"(val), "m"(*p), "a"(cmpval)
+		: "memory");
+
+	return (cmpval);
+}
+
+#endif /* ISC_ATOMIC_H */
diff --git a/make/includes.in b/make/includes.in
index eb3b4f2a51..a5a3f003d8 100644
--- a/make/includes.in
+++ b/make/includes.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1999-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: includes.in,v 1.18 2004/12/09 01:41:24 marka Exp $
+# $Id: includes.in,v 1.19 2005/06/04 05:32:50 jinmei Exp $
 
 # Search for machine-generated header files in the build tree,
 # and for normal headers in the source tree (${top_srcdir}).
@@ -25,7 +25,8 @@ ISC_INCLUDES = @BIND9_ISC_BUILDINCLUDE@ \
 	-I${top_srcdir}/lib/isc \
 	-I${top_srcdir}/lib/isc/include \
 	-I${top_srcdir}/lib/isc/unix/include \
-	-I${top_srcdir}/lib/isc/@ISC_THREAD_DIR@/include
+	-I${top_srcdir}/lib/isc/@ISC_THREAD_DIR@/include \
+	-I${top_srcdir}/lib/isc/@ISC_ARCH_DIR@/include
 
 ISCCC_INCLUDES = @BIND9_ISCCC_BUILDINCLUDE@ \
        -I${top_srcdir}/lib/isccc/include

From 5016f103ae37bcb2988a459415c1313fb762791b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Sat, 4 Jun 2005 05:38:48 +0000
Subject: [PATCH 088/148] regen

---
 configure | 141 ++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 111 insertions(+), 30 deletions(-)

diff --git a/configure b/configure
index 4d9de0d0ea..cdbcc34bf6 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.362 2005/05/12 23:54:19 sra Exp $
+# $Id: configure,v 1.363 2005/06/04 05:38:48 jinmei Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -495,7 +495,7 @@ ac_includes_default="\
 # include 
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEOSFASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
 ac_subst_files='BIND9_MAKE_INCLUDES BIND9_MAKE_RULES LIBISC_API LIBISCCC_API LIBISCCFG_API LIBDNS_API LIBBIND9_API LIBLWRES_API'
 
 # Initialize some variables set by options.
@@ -1064,6 +1064,8 @@ Optional Features:
   --enable-getifaddrs    Enable the use of getifaddrs() [yes|no|glibc].
              glibc: Use getifaddrs() in glibc if you know it supports IPv6.
   --disable-linux-caps	disable linux capabilities
+  --enable-atomic	enable machine specific atomic operations
+                        [default=autodetect]
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -8066,7 +8068,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 8069 "configure"' > conftest.$ac_ext
+  echo '#line 8071 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -9063,7 +9065,7 @@ fi
 
 
 # Provide some information about the compiler.
-echo "$as_me:9066:" \
+echo "$as_me:9068:" \
      "checking for Fortran 77 compiler version" >&5
 ac_compiler=`set X $ac_compile; echo $2`
 { (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5
@@ -10124,11 +10126,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:10127: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:10129: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:10131: \$? = $ac_status" >&5
+   echo "$as_me:10133: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -10367,11 +10369,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:10370: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:10372: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:10374: \$? = $ac_status" >&5
+   echo "$as_me:10376: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -10427,11 +10429,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:10430: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:10432: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:10434: \$? = $ac_status" >&5
+   echo "$as_me:10436: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -12612,7 +12614,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+   (eval echo "\"\$as_me:14912: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:14914: \$? = $ac_status" >&5
+   echo "$as_me:14916: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -14967,11 +14969,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:14970: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:14972: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:14974: \$? = $ac_status" >&5
+   echo "$as_me:14976: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -16328,7 +16330,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+   (eval echo "\"\$as_me:17268: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:17270: \$? = $ac_status" >&5
+   echo "$as_me:17272: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -17323,11 +17325,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17326: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:17328: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:17330: \$? = $ac_status" >&5
+   echo "$as_me:17332: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -19362,11 +19364,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:19365: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:19367: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:19369: \$? = $ac_status" >&5
+   echo "$as_me:19371: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -19605,11 +19607,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:19608: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:19610: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:19612: \$? = $ac_status" >&5
+   echo "$as_me:19614: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -19665,11 +19667,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:19668: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:19670: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:19672: \$? = $ac_status" >&5
+   echo "$as_me:19674: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -21850,7 +21852,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext < conftest.$ac_ext <&5
+echo $ECHO_N "checking architecture type for atomic operations... $ECHO_C" >&6
+	case "$host" in
+	i[3456]86-*|x86_64-*)
+		# XXX: also need to check portability of the "asm" keyword?
+		# XXX: some old x86 architectures actualy do not support
+		#      (some of) these operations.  Do we need stricter checks?
+		# Note: We currently use the same code for both the x86_32 and
+		#       x86_64 architectures, but there may be a better
+		# implementation for the latter.
+		have_atomic=yes
+		arch=x86_32
+	;;
+	alpha*-*)
+		have_atomic=yes
+		arch=alpha
+		if test "X$GCC" != "Xyes"; then
+			case "$host" in
+			*-dec-osf*)
+			# Tru64 compiler has its own syntax for inline
+			# assembly.
+			ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1"
+			;;
+			esac
+		fi
+	;;
+	*)
+		have_atomic=no
+		arch=noatomic
+	;;
+	esac
+	echo "$as_me:$LINENO: result: $arch" >&5
+echo "${ECHO_T}$arch" >&6
+fi
+
+if test "$have_atomic" = "yes"; then
+	ISC_PLATFORM_HAVEXADD="#define ISC_PLATFORM_HAVEXADD 1"
+	ISC_PLATFORM_HAVECMPXCHG="#define ISC_PLATFORM_HAVECMPXCHG 1"
+	ISC_PLATFORM_HAVEATOMICSTORE="#define ISC_PLATFORM_HAVEATOMICSTORE 1"
+else
+	ISC_PLATFORM_HAVEXADD="#undef ISC_PLATFORM_HAVEXADD"
+	ISC_PLATFORM_HAVECMPXCHG="#undef ISC_PLATFORM_HAVECMPXCHG"
+	ISC_PLATFORM_HAVEATOMICSTORE="#undef ISC_PLATFORM_HAVEATOMICSTORE"
+fi
+
+
+
+
+
+
+ISC_ARCH_DIR=$arch
+
+
 #
 # The following sections deal with tools used for formatting
 # the documentation.  They are all optional, unless you are
@@ -28669,6 +28745,11 @@ s,@ISC_PLATFORM_USEDECLSPEC@,$ISC_PLATFORM_USEDECLSPEC,;t t
 s,@LWRES_PLATFORM_USEDECLSPEC@,$LWRES_PLATFORM_USEDECLSPEC,;t t
 s,@ISC_PLATFORM_BRACEPTHREADONCEINIT@,$ISC_PLATFORM_BRACEPTHREADONCEINIT,;t t
 s,@ISC_PLATFORM_HAVEIFNAMETOINDEX@,$ISC_PLATFORM_HAVEIFNAMETOINDEX,;t t
+s,@ISC_PLATFORM_HAVEXADD@,$ISC_PLATFORM_HAVEXADD,;t t
+s,@ISC_PLATFORM_HAVECMPXCHG@,$ISC_PLATFORM_HAVECMPXCHG,;t t
+s,@ISC_PLATFORM_HAVEATOMICSTORE@,$ISC_PLATFORM_HAVEATOMICSTORE,;t t
+s,@ISC_PLATFORM_USEOSFASM@,$ISC_PLATFORM_USEOSFASM,;t t
+s,@ISC_ARCH_DIR@,$ISC_ARCH_DIR,;t t
 s,@LATEX@,$LATEX,;t t
 s,@PDFLATEX@,$PDFLATEX,;t t
 s,@XSLTPROC@,$XSLTPROC,;t t

From be91039743737206fd31c86bf83c10faf1d47c27 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sat, 4 Jun 2005 23:34:42 +0000
Subject: [PATCH 089/148] newcopyrights

---
 util/copyrights | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index 7b87f551a7..68478cfb28 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1880,7 +1880,8 @@
 ./lib/dns/zonekey.c				C	2001,2003,2004,2005
 ./lib/dns/zt.c					C	1999,2000,2001,2002,2004,2005
 ./lib/isc/.cvsignore				X	1999,2000,2001
-./lib/isc/Makefile.in				MAKE	1998,1999,2000,2001,2002,2003,2004
+./lib/isc/Makefile.in				MAKE	1998,1999,2000,2001,2002,2003,2004,2005
+./lib/isc/alpha/include/isc/atomic.h		C	2005
 ./lib/isc/api					X	1999,2000,2001
 ./lib/isc/assertions.c				C	1997,1998,1999,2000,2001,2004,2005
 ./lib/isc/base64.c				C	1998,1999,2000,2001,2003,2004,2005
@@ -1978,6 +1979,7 @@
 ./lib/isc/nls/.cvsignore			X	1999,2000,2001
 ./lib/isc/nls/Makefile.in			MAKE	1999,2000,2001,2004
 ./lib/isc/nls/msgcat.c				C	1999,2000,2001,2004,2005
+./lib/isc/noatomic/include/isc/atomic.h		C	2005
 ./lib/isc/nothreads/.cvsignore			X	2000,2001
 ./lib/isc/nothreads/Makefile.in			MAKE	2000,2001,2004
 ./lib/isc/nothreads/condition.c			C	2000,2001,2004
@@ -2016,6 +2018,7 @@
 ./lib/isc/serial.c				C	1999,2000,2001,2004,2005
 ./lib/isc/sha1.c				C	2000,2001,2003,2004,2005
 ./lib/isc/sockaddr.c				C	1999,2000,2001,2002,2003,2004,2005
+./lib/isc/sparc64/include/isc/atomic.h		C	2005
 ./lib/isc/string.c				C	1999,2000,2001,2003,2004,2005
 ./lib/isc/strtoul.c				C	2003,2004,2005
 ./lib/isc/symtab.c				C	1996,1997,1998,1999,2000,2001,2004,2005
@@ -2096,7 +2099,7 @@
 ./lib/isc/win32/include/isc/once.h		C	1999,2000,2001,2004
 ./lib/isc/win32/include/isc/platform.h		C	2001,2004,2005
 ./lib/isc/win32/include/isc/stat.h		C	2000,2001,2003,2004
-./lib/isc/win32/include/isc/stdtime.h		C	1999,2000,2001,2004
+./lib/isc/win32/include/isc/stdtime.h		C	1999,2000,2001,2004,2005
 ./lib/isc/win32/include/isc/strerror.h		C	2001,2004
 ./lib/isc/win32/include/isc/syslog.h		C	1999,2000,2001,2004
 ./lib/isc/win32/include/isc/thread.h		C	1998,1999,2000,2001,2004
@@ -2127,6 +2130,7 @@
 ./lib/isc/win32/unistd.h			C	2000,2001,2004
 ./lib/isc/win32/version.c			C	1998,1999,2000,2001,2004
 ./lib/isc/win32/win32os.c			C	2002,2004
+./lib/isc/x86_32/include/isc/atomic.h		C	2005
 ./lib/isccc/.cvsignore				X	2001
 ./lib/isccc/Makefile.in				MAKE	2001,2003,2004
 ./lib/isccc/alist.c				C.NOM	2001,2004,2005
@@ -2325,7 +2329,7 @@
 ./ltmain.sh					X	1999,2000,2001
 ./make/.cvsignore				X	1999,2000,2001
 ./make/Makefile.in				MAKE	1998,1999,2000,2001,2004
-./make/includes.in				MAKE	1999,2000,2001,2004
+./make/includes.in				MAKE	1999,2000,2001,2004,2005
 ./make/mkdep.in					X	1999,2000,2001
 ./make/rules.in					MAKE	1998,1999,2000,2001,2002,2003,2004,2005
 ./mkinstalldirs					X	1996

From dc5c59bd1dfb372225fb72fd83e6f3e9670be04b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 5 Jun 2005 00:01:55 +0000
Subject: [PATCH 090/148] update copyright

---
 lib/dns/rdata/ch_3/a_1.c            | 2 ++
 lib/dns/rdata/ch_3/a_1.h            | 2 ++
 lib/isc/Makefile.in                 | 4 ++--
 lib/isc/win32/include/isc/stdtime.h | 4 ++--
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/dns/rdata/ch_3/a_1.c b/lib/dns/rdata/ch_3/a_1.c
index b841f9c85d..ff70f4025f 100644
--- a/lib/dns/rdata/ch_3/a_1.c
+++ b/lib/dns/rdata/ch_3/a_1.c
@@ -14,6 +14,8 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: a_1.c,v 1.3 2005/06/05 00:01:54 marka Exp $ */
+
 /* by Bjorn.Victor@it.uu.se, 2005-05-07 */
 /* Based on generic/soa_6.c and generic/mx_15.c */
 
diff --git a/lib/dns/rdata/ch_3/a_1.h b/lib/dns/rdata/ch_3/a_1.h
index 34aa3d7f8c..2471c7509e 100644
--- a/lib/dns/rdata/ch_3/a_1.h
+++ b/lib/dns/rdata/ch_3/a_1.h
@@ -14,6 +14,8 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: a_1.h,v 1.3 2005/06/05 00:01:54 marka Exp $ */
+
 /* by Bjorn.Victor@it.uu.se, 2005-05-07 */
 /* Based on generic/mx_15.h */
 
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 0ed2c9d99b..e02060c521 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.83 2005/06/04 05:32:48 jinmei Exp $
+# $Id: Makefile.in,v 1.84 2005/06/05 00:01:54 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/lib/isc/win32/include/isc/stdtime.h b/lib/isc/win32/include/isc/stdtime.h
index ee3ad1e67f..f5c62b25c8 100644
--- a/lib/isc/win32/include/isc/stdtime.h
+++ b/lib/isc/win32/include/isc/stdtime.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stdtime.h,v 1.9 2005/06/04 05:32:49 jinmei Exp $ */
+/* $Id: stdtime.h,v 1.10 2005/06/05 00:01:55 marka Exp $ */
 
 #ifndef ISC_STDTIME_H
 #define ISC_STDTIME_H 1

From 40a547174fb7d14f74bc375f076c8c390498f68e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 6 Jun 2005 04:40:30 +0000
Subject: [PATCH 091/148] adjust description

---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index f84495e8df..0fb5c14aee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -52,7 +52,7 @@
 1848.	[bug]		Improve SMF integration. [RT #13238]
 
 1847.	[bug]		isc_ondestroy_init() is called too late in
-			in dns_rbtdb_create()/dns_rbtdb_create(). 
+			dns_rbtdb_create()/dns_rbtdb64_create(). 
 			[RT #13661]
 			
 1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer

From e37806ea92a11c82627ad050cbcc8fcf26f2e306 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 6 Jun 2005 23:27:12 +0000
Subject: [PATCH 092/148] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index db67ba78b9..dfe43c249f 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -45,6 +45,7 @@ rt14841				new
 rt14846				new	
 rt14851				new	
 rt14855				new	
+rt14873				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From 1fc4793844c9613b17866c33dbeab8aaa94b66ff Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 00:16:01 +0000
Subject: [PATCH 093/148] 1879.   [func]          Added framework for handling
 multiple EDNS versions.

1878.   [func]          dig can now specify the EDNS version when making
                        a query.
---
 CHANGES                          |  5 ++++
 bin/dig/dig.c                    | 15 +++++++++++-
 bin/dig/dig.docbook              | 23 +++++++++++++-----
 bin/dig/dighost.c                | 19 ++++++++++-----
 bin/dig/include/dig/dig.h        |  3 ++-
 bin/named/client.c               | 30 +++++++++++++-----------
 bin/named/include/named/client.h |  3 ++-
 lib/dns/include/dns/resolver.h   |  6 ++++-
 lib/dns/resolver.c               | 40 ++++++++++++++++++++++++++++----
 9 files changed, 109 insertions(+), 35 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0fb5c14aee..ee880612b6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+1879.	[func]		Added framework for handling multiple EDNS versions.
+
+1878.	[func]		dig can now specify the EDNS version when making
+			a query.
+
 1868.	[placeholder]	rt14851
 
 1867.	[placeholder]	rt14846
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 96baacbad9..df3032c973 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.203 2005/04/27 04:55:44 sra Exp $ */
+/* $Id: dig.c,v 1.204 2005/06/07 00:15:58 marka Exp $ */
 
 /*! \file */
 
@@ -192,6 +192,7 @@ help(void) {
 "                 +domain=###         (Set default domainname)\n"
 "                 +bufsize=###        (Set EDNS0 Max UDP packet size)\n"
 "                 +ndots=###          (Set NDOTS value)\n"
+"                 +edns=###           (Set EDNS version)\n"
 "                 +[no]search         (Set whether to use searchlist)\n"
 "                 +[no]defname        (Ditto)\n"
 "                 +[no]recurse        (Recursive mode)\n"
@@ -854,6 +855,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			break;
 		case 'n': /* dnssec */	
 			FULLCHECK("dnssec");
+			if (state && lookup->edns == -1)
+				lookup->edns = 0;
 			lookup->dnssec = state;
 			break;
 		case 'o': /* domain */	
@@ -869,6 +872,16 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			goto invalid_option;
 		}
 		break;
+	case 'e':
+		FULLCHECK("edns");
+		if (!state) {
+			lookup->edns = -1;
+			break;
+		}
+		if (value == NULL)
+			goto need_value;
+		lookup->edns = (isc_int16_t) parse_uint(value, "edns", 255);
+		break;
 	case 'f': /* fail */
 		FULLCHECK("fail");
 		lookup->servfail_stops = state;
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 6b727b9895..49aa1d1da3 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 
   
@@ -695,15 +695,26 @@
           
             
               Set the UDP message buffer size advertised using EDNS0 to
-              B bytes.  The maximum and
-              minimum sizes of this
-              buffer are 65535 and 0 respectively.  Values outside this range
-              are
-              rounded up or down appropriately.
+              B bytes.  The maximum and minimum sizes
+	      of this buffer are 65535 and 0 respectively.  Values outside
+	      this range are rounded up or down appropriately.  
+	      Values other than zero will cause a EDNS query to be sent.
             
           
         
 
+	
+	  
+	  
+	    
+	       Specify the EDNS version to query with.  Valid values
+	       are 0 to 255.  Setting the EDNS version will cause a
+	       EDNS query to be sent.   clears the
+	       remembered EDNS version.
+	    
+	  
+	
+
         
           
           
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 93b3c20870..fe7df5731f 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.276 2005/06/01 01:56:49 marka Exp $ */
+/* $Id: dighost.c,v 1.277 2005/06/07 00:15:58 marka Exp $ */
 
 /*! \file
  *  \note
@@ -702,6 +702,7 @@ make_empty_lookup(void) {
 #endif
 #endif
 	looknew->udpsize = 0;
+	looknew->edns = -1;
 	looknew->recurse = ISC_TRUE;
 	looknew->aaonly = ISC_FALSE;
 	looknew->adflag = ISC_FALSE;
@@ -778,6 +779,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
 #endif
 #endif
 	looknew->udpsize = lookold->udpsize;
+	looknew->edns = lookold->edns;
 	looknew->recurse = lookold->recurse;
 	looknew->aaonly = lookold->aaonly;
 	looknew->adflag = lookold->adflag;
@@ -1085,7 +1087,9 @@ setup_libs(void) {
  * options are UDP buffer size and the DO bit.
  */
 static void
-add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) {
+add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns,
+	isc_boolean_t dnssec)
+{
 	dns_rdataset_t *rdataset = NULL;
 	dns_rdatalist_t *rdatalist = NULL;
 	dns_rdata_t *rdata = NULL;
@@ -1104,9 +1108,9 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) {
 	rdatalist->type = dns_rdatatype_opt;
 	rdatalist->covers = 0;
 	rdatalist->rdclass = udpsize;
-	rdatalist->ttl = 0;
+	rdatalist->ttl = edns << 16;
 	if (dnssec)
-		rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO;
+		rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
 	rdata->data = NULL;
 	rdata->length = 0;
 	ISC_LIST_INIT(rdatalist->rdata);
@@ -1829,10 +1833,13 @@ setup_lookup(dig_lookup_t *lookup) {
 	result = dns_message_renderbegin(lookup->sendmsg, &cctx,
 					 &lookup->sendbuf);
 	check_result(result, "dns_message_renderbegin");
-	if (lookup->udpsize > 0 || lookup->dnssec) {
+	if (lookup->udpsize > 0 || lookup->dnssec || lookup->edns > -1) {
 		if (lookup->udpsize == 0)
 			lookup->udpsize = 2048;
-		add_opt(lookup->sendmsg, lookup->udpsize, lookup->dnssec);
+		if (lookup->edns < 0)
+			lookup->edns = 0;
+		add_opt(lookup->sendmsg, lookup->udpsize,
+			lookup->edns, lookup->dnssec);
 	}
 
 	result = dns_message_rendersection(lookup->sendmsg,
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index c59636a0ab..4028ff73c5 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.91 2005/04/27 04:55:45 sra Exp $ */
+/* $Id: dig.h,v 1.92 2005/06/07 00:15:59 marka Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -180,6 +180,7 @@ isc_boolean_t	sigchase;
 	isc_uint32_t retries;
 	int nsfound;
 	isc_uint16_t udpsize;
+	isc_int16_t edns;
 	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
diff --git a/bin/named/client.c b/bin/named/client.c
index 067e327497..14009bf296 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.227 2005/06/04 05:32:46 jinmei Exp $ */
+/* $Id: client.c,v 1.228 2005/06/07 00:15:59 marka Exp $ */
 
 #include 
 
@@ -574,6 +574,7 @@ ns_client_endrequest(ns_client_t *client) {
 
 	client->udpsize = 512;
 	client->extflags = 0;
+	client->ednsversion = -1;
 	dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
 
 	if (client->recursionquota != NULL)
@@ -1363,8 +1364,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	 */
 	opt = dns_message_getopt(client->message);
 	if (opt != NULL) {
-		unsigned int version;
-
 		/*
 		 * Set the client's UDP buffer size.
 		 */
@@ -1382,6 +1381,19 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		 */
 		client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
 
+		/*
+		 * Do we understand this version of EDNS?
+		 *
+		 * XXXRTH need library support for this!
+		 */
+		client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
+		if (client->ednsversion > 0) {
+			result = client_addopt(client);
+			if (result == ISC_R_SUCCESS)
+				result = DNS_R_BADVERS;
+			ns_client_error(client, result);
+			goto cleanup;
+		}
 		/*
 		 * Create an OPT for our reply.
 		 */
@@ -1390,17 +1402,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 			ns_client_error(client, result);
 			goto cleanup;
 		}
-
-		/*
-		 * Do we understand this version of ENDS?
-		 *
-		 * XXXRTH need library support for this!
-		 */
-		version = (opt->ttl & 0x00FF0000) >> 16;
-		if (version != 0) {
-			ns_client_error(client, DNS_R_BADVERS);
-			goto cleanup;
-		}
 	}
 
 	if (client->message->rdclass == 0) {
@@ -1776,6 +1777,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	client->opt = NULL;
 	client->udpsize = 512;
 	client->extflags = 0;
+	client->ednsversion = -1;
 	client->next = NULL;
 	client->shutdown = NULL;
 	client->shutdown_arg = NULL;
diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
index 7993fc99de..6cec4d63cd 100644
--- a/bin/named/include/named/client.h
+++ b/bin/named/include/named/client.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.73 2005/04/27 04:55:56 sra Exp $ */
+/* $Id: client.h,v 1.74 2005/06/07 00:16:00 marka Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -116,6 +116,7 @@ struct ns_client {
 	dns_rdataset_t *	opt;
 	isc_uint16_t		udpsize;
 	isc_uint16_t		extflags;
+	isc_int16_t		ednsversion;	/* -1 noedns */
 	void			(*next)(ns_client_t *);
 	void			(*shutdown)(void *arg, isc_result_t result);
 	void 			*shutdown_arg;
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 6f42c7bae0..a6555b601b 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.h,v 1.44 2005/04/27 04:56:59 sra Exp $ */
+/* $Id: resolver.h,v 1.45 2005/06/07 00:16:01 marka Exp $ */
 
 #ifndef DNS_RESOLVER_H
 #define DNS_RESOLVER_H 1
@@ -91,6 +91,10 @@ typedef struct dns_fetchevent {
 #define DNS_FETCHOPT_FORWARDONLY	0x10	     /*%< Only use forwarders. */
 #define DNS_FETCHOPT_NOVALIDATE		0x20	     /*%< Disable validation. */
 
+#define	DNS_FETCHOPT_EDNSVERSIONSET	0x00800000
+#define	DNS_FETCHOPT_EDNSVERSIONMASK	0xff000000
+#define	DNS_FETCHOPT_EDNSVERSIONSHIFT	24
+
 /*
  * XXXRTH  Should this API be made semi-private?  (I.e.
  * _dns_resolver_create()).
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 012b67e788..f03b5dd283 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.308 2005/06/04 05:32:47 jinmei Exp $ */
+/* $Id: resolver.c,v 1.309 2005/06/07 00:16:00 marka Exp $ */
 
 /*! \file */
 
@@ -841,7 +841,7 @@ resquery_senddone(isc_task_t *task, isc_event_t *event) {
 }
 
 static inline isc_result_t
-fctx_addopt(dns_message_t *message, dns_resolver_t *res) {
+fctx_addopt(dns_message_t *message, unsigned int version, dns_resolver_t *res) {
 	dns_rdataset_t *rdataset;
 	dns_rdatalist_t *rdatalist;
 	dns_rdata_t *rdata;
@@ -870,9 +870,10 @@ fctx_addopt(dns_message_t *message, dns_resolver_t *res) {
 	rdatalist->rdclass = res->udpsize;
 
 	/*
-	 * Set EXTENDED-RCODE, VERSION, and Z to 0, and the DO bit to 1.
+	 * Set EXTENDED-RCODE and Z to 0, DO to 1.
 	 */
-	rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO;
+	rdatalist->ttl = (version << 16);
+	rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
 
 	/*
 	 * No EDNS options.
@@ -1233,7 +1234,14 @@ resquery_send(resquery_t *query) {
 
 	if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
 		if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) {
-			result = fctx_addopt(fctx->qmessage, res);
+			unsigned int version = 0;	/* Default version. */
+			unsigned int flags;
+			flags = query->addrinfo->flags;
+			if ((flags & DNS_FETCHOPT_EDNSVERSIONSET) != 0) {
+				version = flags & DNS_FETCHOPT_EDNSVERSIONMASK;
+				version >>= DNS_FETCHOPT_EDNSVERSIONSHIFT;
+			}
+			result = fctx_addopt(fctx->qmessage, version, res);
 			if (result != ISC_R_SUCCESS) {
 				/*
 				 * We couldn't add the OPT, but we'll press on.
@@ -5277,6 +5285,28 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 			 * for this fetch.
 			 */
 			result = DNS_R_YXDOMAIN;
+		} else if (message->rcode == dns_rcode_badvers) {
+			dns_rdataset_t *opt;
+			unsigned int flags, mask;
+			unsigned int version;
+
+			resend = ISC_TRUE;
+			opt = dns_message_getopt(message);
+			version = (opt->ttl >> 16) & 0xff;
+			flags = (version << DNS_FETCHOPT_EDNSVERSIONSHIFT) |
+				DNS_FETCHOPT_EDNSVERSIONSET;
+			mask = DNS_FETCHOPT_EDNSVERSIONMASK |
+			       DNS_FETCHOPT_EDNSVERSIONSET;
+			switch (version) {
+			case 0:
+				dns_adb_changeflags(fctx->adb, query->addrinfo,
+						    flags, mask);
+				break;
+			default:
+				broken_server = DNS_R_BADVERS;
+				keep_trying = ISC_TRUE;
+				break;
+			}
 		} else {
 			/*
 			 * XXXRTH log.

From 1c153afce556ff3c687986fb7c4a0b0a7f5e7cd8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 00:27:34 +0000
Subject: [PATCH 094/148] 1868.   [func]          edns-udp-size can now be
 overridden on a per                         server basis. [RT #14851]

---
 CHANGES                      |  3 ++-
 bin/named/named.conf.docbook |  3 ++-
 bin/named/server.c           | 13 ++++++++++++-
 doc/arm/Bv9ARM-book.xml      | 19 ++++++++++++++-----
 doc/misc/options             |  2 ++
 lib/dns/include/dns/peer.h   |  9 ++++++++-
 lib/dns/peer.c               | 31 ++++++++++++++++++++++++++++++-
 lib/dns/resolver.c           | 13 +++++++++----
 lib/dns/zone.c               | 20 +++++++++++++++-----
 lib/isccfg/namedconf.c       |  3 ++-
 10 files changed, 96 insertions(+), 20 deletions(-)

diff --git a/CHANGES b/CHANGES
index ee880612b6..511ed8b958 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,7 +3,8 @@
 1878.	[func]		dig can now specify the EDNS version when making
 			a query.
 
-1868.	[placeholder]	rt14851
+1868.	[func]		edns-udp-size can now be overridden on a per
+			server basis. [RT #14851]
 
 1867.	[placeholder]	rt14846
 
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 1534681b4a..a00cf8760b 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     Aug 13, 2004
@@ -102,6 +102,7 @@ masters string  port integeripv4_address/prefixlen | ipv6_address/prefixlen ) {
 	bogus boolean;
 	edns boolean;
+	edns-udp-size integer;
 	provide-ixfr boolean;
 	request-ixfr boolean;
 	keys server_key;
diff --git a/bin/named/server.c b/bin/named/server.c
index 947457b3a7..4fa3f19dc6 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.442 2005/04/29 00:36:15 marka Exp $ */
+/* $Id: server.c,v 1.443 2005/06/07 00:27:32 marka Exp $ */
 
 /*! \file */
 
@@ -620,6 +620,17 @@ configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
 	if (obj != NULL)
 		CHECK(dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj)));
 
+	obj = NULL;
+	(void)cfg_map_get(cpeer, "edns-udp-size", &obj);
+	if (obj != NULL) {
+		isc_uint32_t udpsize = cfg_obj_asuint32(obj);
+		if (udpsize < 512)
+			udpsize = 512;
+		if (udpsize > 4096)
+			udpsize = 4096;
+		CHECK(dns_peer_setudpsize(peer, (isc_uint16_t)udpsize));
+	}
+
 	obj = NULL;
 	(void)cfg_map_get(cpeer, "transfers", &obj);
 	if (obj != NULL)
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 35af0efb28..ab2d0c642e 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -7181,6 +7181,7 @@ query-source-v6 address * port *;
      provide-ixfr yes_or_no ; 
      request-ixfr yes_or_no ; 
      edns yes_or_no ; 
+     edns-udp-size number ; 
      transfers number ; 
      transfer-format ( one-answer | many-answers ) ; ]
      keys { string ;  string ; ... } ; 
@@ -7271,10 +7272,18 @@ query-source-v6 address * port *;
 
           
             The edns clause determines whether
-            the local server
-            will attempt to use EDNS when communicating with the remote
-            server.  The
-            default is yes.
+            the local server will attempt to use EDNS when communicating
+	    with the remote server.  The default is yes.
+          
+
+          
+            The edns-udp-size option sets the EDNS UDP size
+	    that is advertised by named when querying the remote server.
+	    Valid values are 512 to 4096 (values outside this range will be
+	    silently adjusted).  This option is useful when you wish to
+	    advertises a different value to this server than the value you
+	    advertise globally, for example, when there is a firewall at the
+	    remote site that is blocking large replies.
           
 
           
diff --git a/doc/misc/options b/doc/misc/options
index 16ff3398ac..2f6a6b3cfd 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -238,6 +238,7 @@ view   {
                 transfer-format ( many-answers | one-answer );
                 keys ;
                 edns ;
+                edns-udp-size ;
                 transfer-source (  | * ) [ port (  |
                     * ) ];
                 transfer-source-v6 (  | * ) [ port (
@@ -407,6 +408,7 @@ server  {
         transfer-format ( many-answers | one-answer );
         keys ;
         edns ;
+        edns-udp-size ;
         transfer-source (  | * ) [ port (  | * ) ];
         transfer-source-v6 (  | * ) [ port (  | * ) ];
 };
diff --git a/lib/dns/include/dns/peer.h b/lib/dns/include/dns/peer.h
index e8de6e3b9c..f9200ab9f3 100644
--- a/lib/dns/include/dns/peer.h
+++ b/lib/dns/include/dns/peer.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: peer.h,v 1.23 2005/04/27 04:56:57 sra Exp $ */
+/* $Id: peer.h,v 1.24 2005/06/07 00:27:34 marka Exp $ */
 
 #ifndef DNS_PEER_H
 #define DNS_PEER_H 1
@@ -75,6 +75,7 @@ struct dns_peer {
 	isc_boolean_t		support_edns;
 	dns_name_t	       *key;
 	isc_sockaddr_t	       *transfer_source;
+	isc_uint16_t		udpsize;
 
 	isc_uint32_t		bitflags;
 
@@ -178,6 +179,12 @@ dns_peer_settransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source);
 isc_result_t
 dns_peer_gettransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source);
 
+isc_result_t
+dns_peer_setudpsize(dns_peer_t *peer, isc_uint16_t udpsize);
+
+isc_result_t
+dns_peer_getudpsize(dns_peer_t *peer, isc_uint16_t *udpsize);
+
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_PEER_H */
diff --git a/lib/dns/peer.c b/lib/dns/peer.c
index 081398168a..6334a19f83 100644
--- a/lib/dns/peer.c
+++ b/lib/dns/peer.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: peer.c,v 1.22 2005/04/27 04:56:49 sra Exp $ */
+/* $Id: peer.c,v 1.23 2005/06/07 00:27:33 marka Exp $ */
 
 /*! \file */
 
@@ -40,6 +40,7 @@
 #define PROVIDE_IXFR_BIT		3
 #define REQUEST_IXFR_BIT		4
 #define SUPPORT_EDNS_BIT		5
+#define SERVER_UDPSIZE_BIT		6
 
 static void
 peerlist_delete(dns_peerlist_t **list);
@@ -558,3 +559,31 @@ dns_peer_gettransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source) {
 	*transfer_source = *peer->transfer_source;
 	return (ISC_R_SUCCESS);
 }
+
+isc_result_t
+dns_peer_setudpsize(dns_peer_t *peer, isc_uint16_t udpsize) {
+	isc_boolean_t existed;
+
+	REQUIRE(DNS_PEER_VALID(peer));
+
+	existed = DNS_BIT_CHECK(SERVER_UDPSIZE_BIT, &peer->bitflags);
+
+	peer->udpsize = udpsize;
+	DNS_BIT_SET(SERVER_UDPSIZE_BIT, &peer->bitflags);
+
+	return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS);
+}
+
+isc_result_t
+dns_peer_getudpsize(dns_peer_t *peer, isc_uint16_t *udpsize) {
+
+	REQUIRE(DNS_PEER_VALID(peer));
+	REQUIRE(udpsize != NULL);
+
+	if (DNS_BIT_CHECK(SERVER_UDPSIZE_BIT, &peer->bitflags)) {
+                *udpsize = peer->udpsize;
+                return (ISC_R_SUCCESS);
+        } else {
+                return (ISC_R_NOTFOUND);
+        }
+}
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index f03b5dd283..ae4e4cea10 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.309 2005/06/07 00:16:00 marka Exp $ */
+/* $Id: resolver.c,v 1.310 2005/06/07 00:27:33 marka Exp $ */
 
 /*! \file */
 
@@ -841,7 +841,8 @@ resquery_senddone(isc_task_t *task, isc_event_t *event) {
 }
 
 static inline isc_result_t
-fctx_addopt(dns_message_t *message, unsigned int version, dns_resolver_t *res) {
+fctx_addopt(dns_message_t *message, unsigned int version, isc_uint16_t udpsize)
+{ 
 	dns_rdataset_t *rdataset;
 	dns_rdatalist_t *rdatalist;
 	dns_rdata_t *rdata;
@@ -867,7 +868,7 @@ fctx_addopt(dns_message_t *message, unsigned int version, dns_resolver_t *res) {
 	/*
 	 * Set Maximum UDP buffer size.
 	 */
-	rdatalist->rdclass = res->udpsize;
+	rdatalist->rdclass = udpsize;
 
 	/*
 	 * Set EXTENDED-RCODE and Z to 0, DO to 1.
@@ -1236,12 +1237,16 @@ resquery_send(resquery_t *query) {
 		if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) {
 			unsigned int version = 0;	/* Default version. */
 			unsigned int flags;
+			isc_uint16_t udpsize = res->udpsize;
+
 			flags = query->addrinfo->flags;
 			if ((flags & DNS_FETCHOPT_EDNSVERSIONSET) != 0) {
 				version = flags & DNS_FETCHOPT_EDNSVERSIONMASK;
 				version >>= DNS_FETCHOPT_EDNSVERSIONSHIFT;
 			}
-			result = fctx_addopt(fctx->qmessage, version, res);
+			if (peer != NULL)
+				(void)dns_peer_getudpsize(peer, &udpsize);
+			result = fctx_addopt(fctx->qmessage, version, udpsize);
 			if (result != ISC_R_SUCCESS) {
 				/*
 				 * We couldn't add the OPT, but we'll press on.
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 344be62362..c513379613 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.436 2005/06/04 05:32:47 jinmei Exp $ */
+/* $Id: zone.c,v 1.437 2005/06/07 00:27:33 marka Exp $ */
 
 /*! \file */
 
@@ -4430,7 +4430,7 @@ create_query(dns_zone_t *zone, dns_rdatatype_t rdtype,
 }
 
 static isc_result_t
-add_opt(dns_message_t *message) {
+add_opt(dns_message_t *message, isc_uint16_t udpsize) {
 	dns_rdataset_t *rdataset = NULL;
 	dns_rdatalist_t *rdatalist = NULL;
 	dns_rdata_t *rdata = NULL;
@@ -4453,7 +4453,7 @@ add_opt(dns_message_t *message) {
 	/*
 	 * Set Maximum UDP buffer size.
 	 */
-	rdatalist->rdclass = SEND_BUFFER_SIZE;
+	rdatalist->rdclass = udpsize;
 
 	/*
 	 * Set EXTENDED-RCODE, VERSION, DO and Z to 0.
@@ -4500,6 +4500,7 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 	isc_boolean_t cancel = ISC_TRUE;
 	int timeout;
 	isc_boolean_t have_xfrsource;
+	isc_uint16_t udpsize = SEND_BUFFER_SIZE;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
@@ -4563,6 +4564,10 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 							    &zone->sourceaddr);
 			if (result == ISC_R_SUCCESS)
 				have_xfrsource = ISC_TRUE;
+			if (zone->view->resolver != NULL)
+				udpsize =
+				  dns_resolver_getudpsize(zone->view->resolver);
+			(void)dns_peer_getudpsize(peer, &udpsize);
 		}
 	}
 
@@ -4594,7 +4599,7 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 		  DNS_REQUESTOPT_TCP : 0;
 
 	if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
-		result = add_opt(message);
+		result = add_opt(message, udpsize);
 		if (result != ISC_R_SUCCESS)
 			zone_debuglog(zone, me, 1,
 				      "unable to add opt record: %s",
@@ -4653,6 +4658,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
 	dns_dbnode_t *node = NULL;
 	int timeout;
 	isc_boolean_t have_xfrsource = ISC_FALSE;
+	isc_uint16_t udpsize = SEND_BUFFER_SIZE;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 	REQUIRE((soardataset != NULL && stub == NULL) ||
@@ -4776,11 +4782,15 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
 							    &zone->sourceaddr);
 			if (result == ISC_R_SUCCESS)
 				have_xfrsource = ISC_TRUE;
+			if (zone->view->resolver != NULL)
+				udpsize =
+				  dns_resolver_getudpsize(zone->view->resolver);
+			(void)dns_peer_getudpsize(peer, &udpsize);
 		}
 		
 	}
 	if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) {
-		result = add_opt(message);
+		result = add_opt(message, udpsize);
 		if (result != ISC_R_SUCCESS)
 			zone_debuglog(zone, me, 1,
 				      "unable to add opt record: %s",
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 593eb87209..ea4f04cfd8 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.50 2005/05/19 04:59:05 marka Exp $ */
+/* $Id: namedconf.c,v 1.51 2005/06/07 00:27:34 marka Exp $ */
 
 /*! \file */
 
@@ -907,6 +907,7 @@ server_clauses[] = {
 	{ "transfer-format", &cfg_type_transferformat, 0 },
 	{ "keys", &cfg_type_server_key_kludge, 0 },
 	{ "edns", &cfg_type_boolean, 0 },
+	{ "edns-udp-size", &cfg_type_uint32, 0 },
 	{ "transfer-source", &cfg_type_sockaddr4wild, 0 },
 	{ "transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
 	{ NULL, NULL, 0 }

From 116e6b4257e3efceca3e82af1e695579129af93d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 00:39:05 +0000
Subject: [PATCH 095/148] 1867.   [bug]           It was possible to trigger a
 INSIST in                         dlv_validatezonekey(). [RT #14846]

---
 CHANGES              | 6 ++++--
 doc/private/branches | 8 ++++----
 lib/dns/validator.c  | 4 ++--
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 511ed8b958..cb522ea956 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,12 +1,14 @@
 1879.	[func]		Added framework for handling multiple EDNS versions.
+			[RT #14873]
 
 1878.	[func]		dig can now specify the EDNS version when making
-			a query.
+			a query. [RT #14873]
 
 1868.	[func]		edns-udp-size can now be overridden on a per
 			server basis. [RT #14851]
 
-1867.	[placeholder]	rt14846
+1867.	[bug]		It was possible to trigger a INSIST in
+			dlv_validatezonekey(). [RT #14846]
 
 1866.	[placeholder]	rt14841
 
diff --git a/doc/private/branches b/doc/private/branches
index dfe43c249f..a4c0dba3b1 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -12,7 +12,7 @@ Branch				Status	Whom	// Comments
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
 dlz				open	sra	// dynamicly loadable zones
-edns1				open	marka
+edns1				closed	marka
 gsstsig2			new	
 jinmei-mmapzone-test		new		// mmap based zone file. very experimental, just for reference purposes
 libbind_clean			open	jinmei
@@ -42,10 +42,10 @@ rt14802				new
 rt14814				review	
 rt14815				open	marka
 rt14841				new	
-rt14846				new	
-rt14851				new	
+rt14846				closed	
+rt14851				closed	
 rt14855				new	
-rt14873				new	
+rt14873				closed	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 25a474d41a..9bdddcca06 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.129 2005/05/06 01:59:38 marka Exp $ */
+/* $Id: validator.c,v 1.130 2005/06/07 00:39:05 marka Exp $ */
 
 /*! \file */
 
@@ -1483,7 +1483,7 @@ dlv_validatezonekey(dns_validator_t *val) {
 			/*
 			 * We have DLV records.
 			 */
-			val->dsset = &val->frdataset;
+			val->dlv = &val->frdataset;
 			if (val->frdataset.trust == dns_trust_pending &&
 			    dns_rdataset_isassociated(&val->fsigrdataset))
 			{

From 3d247992c4a500caa7703edaee68612e545af602 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 01:00:00 +0000
Subject: [PATCH 096/148] 1866.   [bug]           resolv.conf parse errors were
 being ignored by                         dig/host/nslookup. [RT #14841]

1865.   [bug]           Silently ignore nameservers in /etc/resolv.conf with
                        bad addresses. [RT #14841]
---
 CHANGES              |  6 ++++--
 bin/dig/dighost.c    |  7 +++++--
 doc/private/branches |  2 +-
 lib/lwres/lwconfig.c | 10 +++++-----
 4 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index cb522ea956..f647ea8ef6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,9 +10,11 @@
 1867.	[bug]		It was possible to trigger a INSIST in
 			dlv_validatezonekey(). [RT #14846]
 
-1866.	[placeholder]	rt14841
+1866.	[bug]		resolv.conf parse errors were being ignored by
+			dig/host/nslookup. [RT #14841]
 
-1865.	[placeholder]	rt14841
+1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
+			bad addresses. [RT #14841]
 
 1864.	[placeholder]	rt14802
 
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index fe7df5731f..1fe537a0f5 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.277 2005/06/07 00:15:58 marka Exp $ */
+/* $Id: dighost.c,v 1.278 2005/06/07 00:59:59 marka Exp $ */
 
 /*! \file
  *  \note
@@ -948,7 +948,10 @@ setup_system(void) {
 	if (lwresult != LWRES_R_SUCCESS)
 		fatal("lwres_context_create failed");
 
-	(void)lwres_conf_parse(lwctx, RESOLV_CONF);
+	lwresult = lwres_conf_parse(lwctx, RESOLV_CONF);
+	if (lwresult != LWRES_R_SUCCESS)
+		fatal("parse of %s failed", RESOLV_CONF);
+
 	lwconf = lwres_conf_get(lwctx);
 
 	/* Make the search list */
diff --git a/doc/private/branches b/doc/private/branches
index a4c0dba3b1..bf14d01cd8 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -41,7 +41,7 @@ rt14801				review
 rt14802				new	
 rt14814				review	
 rt14815				open	marka
-rt14841				new	
+rt14841				closed	
 rt14846				closed	
 rt14851				closed	
 rt14855				new	
diff --git a/lib/lwres/lwconfig.c b/lib/lwres/lwconfig.c
index a096473af1..05aa8edbb5 100644
--- a/lib/lwres/lwconfig.c
+++ b/lib/lwres/lwconfig.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwconfig.c,v 1.41 2005/04/29 00:24:06 marka Exp $ */
+/* $Id: lwconfig.c,v 1.42 2005/06/07 01:00:00 marka Exp $ */
 
 /*! \file */
 
@@ -296,6 +296,7 @@ lwres_conf_parsenameserver(lwres_context_t *ctx,  FILE *fp) {
 	char word[LWRES_CONFMAXLINELEN];
 	int res;
 	lwres_conf_t *confdata;
+	lwres_addr_t address;
 
 	confdata = &ctx->confdata;
 
@@ -311,10 +312,9 @@ lwres_conf_parsenameserver(lwres_context_t *ctx,  FILE *fp) {
 	if (res != EOF && res != '\n')
 		return (LWRES_R_FAILURE); /* Extra junk on line. */
 
-	res = lwres_create_addr(word,
-				&confdata->nameservers[confdata->nsnext++], 1);
-	if (res != LWRES_R_SUCCESS)
-		return (res);
+	res = lwres_create_addr(word, &address, 1);
+	if (res == LWRES_R_SUCCESS)
+		confdata->nameservers[confdata->nsnext++] = address;
 
 	return (LWRES_R_SUCCESS);
 }

From 9eca2b9b95df456545e1bc298c8337400aa24e8e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 01:21:32 +0000
Subject: [PATCH 097/148] 1864.   [bug]           Don't try the alternative
 transfer source if you                         got a answer / transfer with
 the main source                         address. [RT #14802]

---
 CHANGES                 |   4 +-
 doc/arm/Bv9ARM-book.xml |  10 ++-
 doc/private/branches    |   2 +-
 lib/dns/zone.c          | 134 ++++++++++++++++++++++++++++++++++------
 4 files changed, 129 insertions(+), 21 deletions(-)

diff --git a/CHANGES b/CHANGES
index f647ea8ef6..08ded809a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -16,7 +16,9 @@
 1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
 			bad addresses. [RT #14841]
 
-1864.	[placeholder]	rt14802
+1864.	[bug]		Don't try the alternative transfer source if you
+			got a answer / transfer with the main source
+			address. [RT #14802]
 
 1863.	[bug]		rrset-order "fixed" error messages not complete.
 
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index ab2d0c642e..69983476cc 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -6109,6 +6109,14 @@ query-source-v6 address * port *;
                   use-alt-transfer-source is
                   set.
                 
+		
+		  If you do not wish the alternate transfer source
+		  to be used you should set
+		  use-alt-transfer-source
+		  appropriately and you should not depend upon
+		  getting a answer back to the first refresh
+		  query.
+		
               
             
 
diff --git a/doc/private/branches b/doc/private/branches
index bf14d01cd8..b26bb2ab43 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -38,7 +38,7 @@ rt14673				review
 rt14695				review	
 rt14775				review	
 rt14801				review	
-rt14802				new	
+rt14802				closed	
 rt14814				review	
 rt14815				open	marka
 rt14841				closed	
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index c513379613..3b2ad41cf0 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.437 2005/06/07 00:27:33 marka Exp $ */
+/* $Id: zone.c,v 1.438 2005/06/07 01:21:32 marka Exp $ */
 
 /*! \file */
 
@@ -191,6 +191,7 @@ struct dns_zone {
 
 	isc_sockaddr_t		*masters;
 	dns_name_t		**masterkeynames;
+	isc_boolean_t		*mastersok;
 	unsigned int		masterscnt;
 	unsigned int		curmaster;
 	isc_sockaddr_t		masteraddr;
@@ -583,6 +584,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	zone->minretry = DNS_ZONE_MINRETRY;
 	zone->masters = NULL;
 	zone->masterkeynames = NULL;
+	zone->mastersok = NULL;
 	zone->masterscnt = 0;
 	zone->curmaster = 0;
 	zone->notify = NULL;
@@ -2505,6 +2507,7 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters,
 	isc_sockaddr_t *new;
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_name_t **newname;
+	isc_boolean_t *newok;
 	unsigned int i;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
@@ -2534,10 +2537,15 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters,
 			    zone->masterscnt * sizeof(dns_name_t *));
 		zone->masterkeynames = NULL;
 	}
+	if (zone->mastersok != NULL) {
+		isc_mem_put(zone->mctx, zone->mastersok,
+			    zone->masterscnt * sizeof(isc_boolean_t));
+		zone->mastersok = NULL;
+	}
 	zone->masterscnt = 0;
 	/*
-	 * If count == 0, don't allocate any space for masters or keynames
-	 * so internally, those pointers are NULL if count == 0
+	 * If count == 0, don't allocate any space for masters, mastersok or
+	 * keynames so internally, those pointers are NULL if count == 0
 	 */
 	if (count == 0)
 		goto unlock;
@@ -2545,27 +2553,35 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters,
 	/*
 	 * masters must countain count elements!
 	 */
-	new = isc_mem_get(zone->mctx,
-			  count * sizeof(isc_sockaddr_t));
+	new = isc_mem_get(zone->mctx, count * sizeof(*new));
 	if (new == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto unlock;
 	}
 	memcpy(new, masters, count * sizeof(*new));
-	zone->masters = new;
-	zone->masterscnt = count;
-	DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOMASTERS);
+	
+	/*
+	 * Similarly for mastersok.
+	 */
+	newok = isc_mem_get(zone->mctx, count * sizeof(newok));
+	if (newok == NULL) {
+		result = ISC_R_NOMEMORY;
+		isc_mem_put(zone->mctx, new, count * sizeof(*new));
+		goto unlock;
+	};
+	for (i = 0; i < count; i++)
+		newok[i] = ISC_FALSE;
 
 	/*
 	 * if keynames is non-NULL, it must contain count elements!
 	 */
+	newname = NULL;
 	if (keynames != NULL) {
-		newname = isc_mem_get(zone->mctx,
-				      count * sizeof(dns_name_t *));
+		newname = isc_mem_get(zone->mctx, count * sizeof(*newname));
 		if (newname == NULL) {
 			result = ISC_R_NOMEMORY;
-			isc_mem_put(zone->mctx, zone->masters,
-				    count * sizeof(*new));
+			isc_mem_put(zone->mctx, new, count * sizeof(*new));
+			isc_mem_put(zone->mctx, newok, count * sizeof(*newok));
 			goto unlock;
 		}
 		for (i = 0; i < count; i++)
@@ -2586,16 +2602,27 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters,
 							dns_name_free(
 							       newname[i],
 							       zone->mctx);
-					isc_mem_put(zone->mctx, zone->masters,
+					isc_mem_put(zone->mctx, new,
 						    count * sizeof(*new));
+					isc_mem_put(zone->mctx, newok,
+						    count * sizeof(*newok));
 					isc_mem_put(zone->mctx, newname,
 						    count * sizeof(*newname));
 					goto unlock;
 				}
 			}
 		}
-		zone->masterkeynames = newname;
 	}
+
+	/*
+	 * Everything is ok so attach to the zone.
+	 */
+	zone->masters = new;
+	zone->mastersok = newok;
+	zone->masterkeynames = newname;
+	zone->masterscnt = count;
+	DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOMASTERS);
+
  unlock:
 	UNLOCK_ZONE(zone);
 	return (result);
@@ -2785,6 +2812,7 @@ void
 dns_zone_refresh(dns_zone_t *zone) {
 	isc_interval_t i;
 	isc_uint32_t oldflags;
+	unsigned int j;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
@@ -2829,6 +2857,8 @@ dns_zone_refresh(dns_zone_t *zone) {
 		zone->retry = ISC_MIN(zone->retry * 2, 6 * 3600);
 
 	zone->curmaster = 0;
+	for (j = 0; j < zone->masterscnt; j++)
+		zone->mastersok[j] = ISC_FALSE;
 	/* initiate soa query */
 	queue_soa_query(zone);
  unlock:
@@ -3799,6 +3829,7 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
 	isc_time_t now;
 	isc_boolean_t exiting = ISC_FALSE;
 	isc_interval_t i;
+	unsigned int j;
 
 	stub = revent->ev_arg;
 	INSIST(DNS_STUB_VALID(stub));
@@ -3973,13 +4004,37 @@ stub_callback(isc_task_t *task, isc_event_t *event) {
 	isc_event_free(&event);
 	LOCK_ZONE(zone);
 	dns_request_destroy(&zone->request);
-	zone->curmaster++;
+	/*
+	 * Skip to next failed / untried master.
+	 */
+	do {
+		zone->curmaster++;
+	} while (zone->curmaster < zone->masterscnt &&
+		 zone->mastersok[zone->curmaster]);
 	DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
 	if (exiting || zone->curmaster >= zone->masterscnt) {
+		isc_boolean_t done = ISC_TRUE;
 		if (!exiting &&
 		    DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
 		    !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
+			/*
+			 * Did we get a good answer from all the masters?
+			 */
+			for (j = 0; j < zone->masterscnt; j++)
+				if (zone->mastersok[j] == ISC_FALSE) {
+					done = ISC_FALSE;
+					break;
+				}
+		} else
+			done = ISC_TRUE;
+		if (!done) {
 			zone->curmaster = 0;
+			/*
+			 * Find the next failed master.
+			 */
+			while (zone->curmaster < zone->masterscnt &&
+			       zone->mastersok[zone->curmaster])
+				zone->curmaster++;
 			DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
 		} else {
 			DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
@@ -4033,6 +4088,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
 	dns_rdata_soa_t soa;
 	isc_result_t result;
 	isc_uint32_t serial;
+	unsigned int j;
 
 	zone = revent->ev_arg;
 	INSIST(DNS_ZONE_VALID(zone));
@@ -4281,6 +4337,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
 		}
 		DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
 		DNS_ZONE_TIME_ADD(&now, zone->expire, &zone->expiretime);
+		zone->mastersok[zone->curmaster] = ISC_TRUE;
 		goto next_master;
 	} else {
 		if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MULTIMASTER))
@@ -4289,6 +4346,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
 				     soa.serial, master, zone->serial);
 		else
 			zone_debuglog(zone, me, 1, "ahead");
+		zone->mastersok[zone->curmaster] = ISC_TRUE;
 		goto next_master;
 	}
 	if (msg != NULL)
@@ -4301,13 +4359,37 @@ refresh_callback(isc_task_t *task, isc_event_t *event) {
 	isc_event_free(&event);
 	LOCK_ZONE(zone);
 	dns_request_destroy(&zone->request);
-	zone->curmaster++;
+	/*
+	 * Skip to next failed / untried master.
+	 */
+	do {
+		zone->curmaster++;
+	} while (zone->curmaster < zone->masterscnt &&
+		 zone->mastersok[zone->curmaster]);
 	DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NOEDNS);
 	if (zone->curmaster >= zone->masterscnt) {
+		isc_boolean_t done = ISC_TRUE;
 		if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_USEALTXFRSRC) &&
 		    !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
+			/*
+			 * Did we get a good answer from all the masters?
+			 */
+			for (j = 0; j < zone->masterscnt; j++)
+				if (zone->mastersok[j] == ISC_FALSE) {
+					done = ISC_FALSE;
+					break;
+				}
+		} else
+			done = ISC_TRUE;
+		if (!done) {
 			DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
 			zone->curmaster = 0;
+			/*
+			 * Find the next failed master.
+			 */
+			while (zone->curmaster < zone->masterscnt &&
+			       zone->mastersok[zone->curmaster])
+				zone->curmaster++;
 			goto requeue;
 		}
 		DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH);
@@ -4641,7 +4723,13 @@ soa_query(isc_task_t *task, isc_event_t *event) {
  skip_master:
 	if (key != NULL)
 		dns_tsigkey_detach(&key);
-	zone->curmaster++;
+	/*
+	 * Skip to next failed / untried master.
+	 */
+	do {
+		zone->curmaster++;
+	} while (zone->curmaster < zone->masterscnt &&
+		 zone->mastersok[zone->curmaster]);
 	if (zone->curmaster < zone->masterscnt)
 		goto again;
 	zone->curmaster = 0;
@@ -6173,7 +6261,14 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
 
 	default:
 	next_master:
-		zone->curmaster++;
+		/*
+		 * Skip to next failed / untried master.
+		 */
+		do {
+			zone->curmaster++;
+		} while (zone->curmaster < zone->masterscnt &&
+			 zone->mastersok[zone->curmaster]);
+		/* FALLTHROUGH */
 	same_master:
 		if (zone->curmaster >= zone->masterscnt) {
 			zone->curmaster = 0;
@@ -6181,6 +6276,9 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
 			    !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEALTXFRSRC)) {
 				DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH);
 				DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);
+				while (zone->curmaster < zone->masterscnt &&
+				       zone->mastersok[zone->curmaster])
+					zone->curmaster++;
 				again = ISC_TRUE;
 			} else
 				DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_USEALTXFRSRC);

From 2fa0485e9e969dd42dd10339354d7949db46111a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 01:42:29 +0000
Subject: [PATCH 098/148] 1861.   [bug]           dig could trigger a INSIST on
 certain malformed                         responses. [RT #14801]

---
 CHANGES           | 3 ++-
 lib/dns/message.c | 9 ++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 08ded809a9..ca6558c455 100644
--- a/CHANGES
+++ b/CHANGES
@@ -29,7 +29,8 @@
 			New zone options: check-mx and integrity-check. 
 			[RT #4940]
 
-1861.	[placeholder]	rt14801
+1861.	[bug]		dig could trigger a INSIST on certain malformed
+			responses. [RT #14801]
 
 1860.	[placeholder]	rt14775
 
diff --git a/lib/dns/message.c b/lib/dns/message.c
index 997cb16948..cffb42966d 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.226 2005/04/27 04:56:48 sra Exp $ */
+/* $Id: message.c,v 1.227 2005/06/07 01:42:29 marka Exp $ */
 
 /*! \file */
 
@@ -1478,6 +1478,13 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			free_name = ISC_FALSE;
 		}
 
+		if (seen_problem) {
+			if (free_name)
+				isc_mempool_put(msg->namepool, name);
+			if (free_rdataset)
+				isc_mempool_put(msg->rdspool, rdataset);
+			free_name = free_rdataset = ISC_FALSE;
+		}
 		INSIST(free_name == ISC_FALSE);
 		INSIST(free_rdataset == ISC_FALSE);
 	}

From 16b9ee24b96a1c1d21d809e88238091c4afa25c9 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 01:52:51 +0000
Subject: [PATCH 099/148] 1857.   [bug]           named could trigger a
 INSIST() if reconfigured /                         reloaded too fast.  [RT
 #14673]

---
 CHANGES              | 3 ++-
 bin/named/server.c   | 8 ++++++--
 doc/private/branches | 4 ++--
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index ca6558c455..42559c7ea4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -39,7 +39,8 @@
 1858.	[bug]		The flush-zones-on-shutdown option wasn't being
 			parsed. [RT #14686]
 
-1857.	[placeholder]	rt14673
+1857.	[bug]		named could trigger a INSIST() if reconfigured /
+			reloaded too fast.  [RT #14673]
 
 1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
 			[RT #11398]
diff --git a/bin/named/server.c b/bin/named/server.c
index 4fa3f19dc6..5273837ec9 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.443 2005/06/07 00:27:32 marka Exp $ */
+/* $Id: server.c,v 1.444 2005/06/07 01:52:51 marka Exp $ */
 
 /*! \file */
 
@@ -2008,9 +2008,13 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
 		 * At this point the zone list may contain a stale zone
 		 * just removed from the configuration.  To see the validity,
 		 * check if the corresponding view is in our current view list.
+		 * There may also be old zones that are still in the process
+		 * of shutting down and have detached from their old view
+		 * (zoneview == NULL).
 		 */
 		zoneview = dns_zone_getview(zone);
-		INSIST(zoneview != NULL);
+		if (zoneview == NULL)
+			continue;
 		for (view = ISC_LIST_HEAD(server->viewlist);
 		     view != NULL && view != zoneview;
 		     view = ISC_LIST_NEXT(view, link))
diff --git a/doc/private/branches b/doc/private/branches
index b26bb2ab43..4a26c8bea8 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -34,10 +34,10 @@ rt13662				open	marka	// rrset-order fixed
 rt13753				review	
 rt13771				review	
 rt14616				review	
-rt14673				review	
+rt14673				closed	
 rt14695				review	
 rt14775				review	
-rt14801				review	
+rt14801				closed	
 rt14802				closed	
 rt14814				review	
 rt14815				open	marka

From da53179d1055c75e64dc2c9623b38cb2b8629eb6 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 02:02:05 +0000
Subject: [PATCH 100/148] 1855.   [bug]           ixfr-from-differences was
 failing to detect changes                         of ttl due to
 dns_diff_subtract() was ignoring the ttl                         of records. 
 [RT #14616]

---
 CHANGES              |  4 +++-
 doc/private/branches |  2 +-
 lib/dns/journal.c    | 14 +++++++++++---
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 42559c7ea4..5c8ca490f0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -45,7 +45,9 @@
 1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
 			[RT #11398]
 
-1855.	[placeholder]	rt14616
+1855.	[bug]		ixfr-from-differences was failing to detect changes
+			of ttl due to dns_diff_subtract() was ignoring the ttl
+			of records.  [RT #14616]
 
 1854.	[bug]		lwres also needs to know the print format for
 			(long long).  [RT #13754]
diff --git a/doc/private/branches b/doc/private/branches
index 4a26c8bea8..802c2e2e28 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -33,7 +33,7 @@ rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
 rt13753				review	
 rt13771				review	
-rt14616				review	
+rt14616				closed	
 rt14673				closed	
 rt14695				review	
 rt14775				review	
diff --git a/lib/dns/journal.c b/lib/dns/journal.c
index 0e024aed35..00345c5b18 100644
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: journal.c,v 1.91 2005/04/29 00:22:47 marka Exp $ */
+/* $Id: journal.c,v 1.92 2005/06/07 02:02:05 marka Exp $ */
 
 #include 
 
@@ -1746,6 +1746,8 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) {
 	isc_result_t result;
 	dns_difftuple_t *p[2];
 	int i, t;
+	isc_boolean_t append;
+
 	CHECK(dns_diff_sort(&diff[0], rdata_order));
 	CHECK(dns_diff_sort(&diff[1], rdata_order));
 
@@ -1774,11 +1776,17 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) {
 		}
 		INSIST(t == 0);
 		/*
-		 * Identical RRs in both databases; skip them both.
+		 * Identical RRs in both databases; skip them both
+		 * if the ttl differs.
 		 */
+		append = ISC_TF(p[0]->ttl != p[1]->ttl);
 		for (i = 0; i < 2; i++) {
 			ISC_LIST_UNLINK(diff[i].tuples, p[i], link);
-			dns_difftuple_free(&p[i]);
+			if (append) {
+				ISC_LIST_APPEND(r->tuples, p[i], link);
+			} else {
+				dns_difftuple_free(&p[i]);
+			}
 		}
 	next: ;
 	}

From 2c6f9101f99cc663074376a5cc1d954d33bdbe36 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 02:11:39 +0000
Subject: [PATCH 101/148] 1880.   [bug]           dnssec_makekeyset and
 dnssec-signkey failed to                         initalize the hash context.
 [RT #13771]

---
 CHANGES              | 2 ++
 doc/private/branches | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 5c8ca490f0..9c81e86895 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1880.	[placeholder]
+
 1879.	[func]		Added framework for handling multiple EDNS versions.
 			[RT #14873]
 
diff --git a/doc/private/branches b/doc/private/branches
index 802c2e2e28..61ef95cbf2 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -32,7 +32,7 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
 rt13753				review	
-rt13771				review	
+rt13771				closed	
 rt14616				closed	
 rt14673				closed	
 rt14695				review	

From eef245ff4e5b331199dd0ee551308a566daa2eaa Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 02:22:10 +0000
Subject: [PATCH 102/148] update

---
 doc/private/branches | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 61ef95cbf2..a83f161da0 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -35,7 +35,7 @@ rt13753				review
 rt13771				closed	
 rt14616				closed	
 rt14673				closed	
-rt14695				review	
+rt14695				closed	
 rt14775				review	
 rt14801				closed	
 rt14802				closed	
@@ -44,7 +44,7 @@ rt14815				open	marka
 rt14841				closed	
 rt14846				closed	
 rt14851				closed	
-rt14855				new	
+rt14855				open		// 9.4 ARM review	
 rt14873				closed	
 rt5206_1			open	marka
 rt6432				open	marka

From 00124ad0406365d39f4b2d1011ef6a76706e9df0 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 03:06:51 +0000
Subject: [PATCH 103/148] regen

---
 bin/dig/dig.1             |  7 ++-
 bin/dig/dig.html          | 26 ++++++-----
 bin/named/named.conf.5    |  3 +-
 bin/named/named.conf.html | 21 ++++-----
 doc/arm/Bv9ARM.ch06.html  | 93 +++++++++++++++++++++++----------------
 doc/arm/Bv9ARM.ch07.html  | 14 +++---
 doc/arm/Bv9ARM.ch08.html  | 18 ++++----
 doc/arm/Bv9ARM.ch09.html  | 18 ++++----
 doc/arm/Bv9ARM.html       | 40 ++++++++---------
 9 files changed, 135 insertions(+), 105 deletions(-)

diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index e79f791baa..9d897e6573 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.30 2005/05/13 03:14:03 marka Exp $
+.\" $Id: dig.1,v 1.31 2005/06/07 03:06:48 marka Exp $
 .\"
 .hy 0
 .ad l
@@ -187,7 +187,10 @@ Sets the number of times to retry UDP queries to server to \fIT\fR instead of th
 Set the number of dots that have to appear in \fIname\fR to \fID\fR for it to be considered absolute\&. The default value is that defined using the ndots statement in \fI/etc/resolv\&.conf\fR, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the \fBsearch\fR or \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR\&.
 .TP
 \fB+bufsize=B\fR
-Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&.
+Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. Values other than zero will cause a EDNS query to be sent\&.
+.TP
+\fB+edns=#\fR
+Specify the EDNS version to query with\&. Valid values are 0 to 255\&. Setting the EDNS version will cause a EDNS query to be sent\&. \fB+noedns\fR clears the remembered EDNS version\&.
 .TP
 \fB+[no]multiline\fR
 Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output\&.
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 62e08eae9f..2d699a4c1e 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -456,12 +456,18 @@
 
+bufsize=B

 

               Set the UDP message buffer size advertised using EDNS0 to
-              B bytes.  The maximum and
-              minimum sizes of this
-              buffer are 65535 and 0 respectively.  Values outside this range
-              are
-              rounded up or down appropriately.
+              B bytes.  The maximum and minimum sizes
+	      of this buffer are 65535 and 0 respectively.  Values outside
+	      this range are rounded up or down appropriately.  
+	      Values other than zero will cause a EDNS query to be sent.
             

+
+edns=#

+

+	       Specify the EDNS version to query with.  Valid values
+	       are 0 to 255.  Setting the EDNS version will cause a
+	       EDNS query to be sent.  +noedns clears the
+	       remembered EDNS version.
+	    

 
+[no]multiline

 

               Print records like the SOA records in a verbose multi-line
@@ -511,7 +517,7 @@
     

 
 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -557,14 +563,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -572,7 +578,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index d09f028ca7..63b21d862d 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.conf.5,v 1.11 2005/05/19 12:34:33 marka Exp $
+.\" $Id: named.conf.5,v 1.12 2005/06/07 03:06:49 marka Exp $
 .\"
 .hy 0
 .ad l
@@ -73,6 +73,7 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
 server ( \fIipv4_address[/prefixlen]\fR | \fIipv6_address[/prefixlen]\fR ) {
 	bogus \fIboolean\fR;
 	edns \fIboolean\fR;
+	edns\-udp\-size \fIinteger\fR;
 	provide\-ixfr \fIboolean\fR;
 	request\-ixfr \fIboolean\fR;
 	keys \fIserver_key\fR;
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index cf0851ecdd..5203b11441 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -80,6 +80,7 @@ masters
 server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {

 	bogus boolean;

 	edns boolean;

+	edns-udp-size integer;

 	provide-ixfr boolean;

 	request-ixfr boolean;

 	keys server_key;

@@ -95,7 +96,7 @@ server
 

 
 

-
TRUSTED-KEYS

+
TRUSTED-KEYS

 


 trusted-keys {

 	domain_name flags protocol algorithm key; ... 

@@ -103,7 +104,7 @@ trusted-keys
 

 

 

-
CONTROLS

+
CONTROLS

 


 controls {

 	inet ( ipv4_address | ipv6_address | * )

@@ -115,7 +116,7 @@ controls
 

 

 

-
LOGGING

+
LOGGING

 


 logging {

 	channel string {

@@ -133,7 +134,7 @@ logging
 

 

 

-
LWRES

+
LWRES

 


 lwres {

 	listen-on [ port integer ] {

@@ -146,7 +147,7 @@ lwres
 

 

 

-
OPTIONS

+
OPTIONS

 


 options {

 	avoid-v4-udp-ports { port; ... };

@@ -294,7 +295,7 @@ options
 

 

 

-
VIEW

+
VIEW

 


 view string optional_class {

 	match-clients { address_match_element; ... };

@@ -417,7 +418,7 @@ view
 

 

 

-
ZONE

+
ZONE

 


 zone string optional_class {

 	type ( master | slave | stub | hint |

@@ -497,12 +498,12 @@ zone
 

 

 

-
FILES

+
FILES

 
/etc/named.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       rndc(8),
       BIND 9 Administrator Reference Manual.
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 0ef364eeac..60123ed303 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -77,23 +77,23 @@
 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 
-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 

 
 
@@ -3181,12 +3181,23 @@ query-source-v6 address * port *;
                   except zone transfers are performed using IPv6.
                 

 
alt-transfer-source

-

+

+

                   An alternate transfer source if the one listed in
                   transfer-source fails and
                   use-alt-transfer-source is
                   set.
-                

+                

+

+
Note

+		  If you do not wish the alternate transfer source
+		  to be used you should set
+		  use-alt-transfer-source
+		  appropriately and you should not depend upon
+		  getting a answer back to the first refresh
+		  query.
+		

+
 
alt-transfer-source-v6

 

                   An alternate transfer source if the one listed in
@@ -3226,7 +3237,7 @@ query-source-v6 address * port *;
 
 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 
avoid-v4-udp-ports
 	    and avoid-v6-udp-ports specify a list
             of IPv4 and IPv6 UDP ports that will not be used as system
@@ -3240,7 +3251,7 @@ query-source-v6 address * port *;
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3300,7 +3311,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3379,7 +3390,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -4057,6 +4068,7 @@ query-source-v6 address * port *;
     [ provide-ixfr yes_or_no ; ]
     [ request-ixfr yes_or_no ; ]
     [ edns yes_or_no ; ]
+    [ edns-udp-size number ; ]
     [ transfers number ; ]
     [ transfer-format ( one-answer | many-answers ) ; ]]
     [ keys { string ; [ string ; [...]] } ; ]
@@ -4140,10 +4152,17 @@ query-source-v6 address * port *;
           

 

             The edns clause determines whether
-            the local server
-            will attempt to use EDNS when communicating with the remote
-            server.  The
-            default is yes.
+            the local server will attempt to use EDNS when communicating
+	    with the remote server.  The default is yes.
+          

+

+            The edns-udp-size option sets the EDNS UDP size
+	    that is advertised by named when querying the remote server.
+	    Valid values are 512 to 4096 (values outside this range will be
+	    silently adjusted).  This option is useful when you wish to
+	    advertises a different value to this server than the value you
+	    advertise globally, for example, when there is a firewall at the
+	    remote site that is blocking large replies.
           

 

             The server supports two zone transfer methods. The first, one-answer,
@@ -4203,7 +4222,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4212,7 +4231,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4251,7 +4270,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             new feature
@@ -4423,10 +4442,10 @@ view "external" {
 
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 

 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
@@ -4635,7 +4654,7 @@ view "external" {
 

 

-Class

+Class

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -4657,7 +4676,7 @@ view "external" {
 
 

 

-Zone Options

+Zone Options

 
journal

 

@@ -5091,7 +5110,7 @@ view "external" {
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -5104,7 +5123,7 @@ view "external" {
           

 

 

-Resource Records

+Resource Records

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -5693,7 +5712,7 @@ view "external" {
 
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -5900,7 +5919,7 @@ view "external" {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -6157,7 +6176,7 @@ view "external" {
 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -6218,7 +6237,7 @@ view "external" {
 
 

 

-Other Zone File Directives

+Other Zone File Directives

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -6233,7 +6252,7 @@ view "external" {
           

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
 	      domain-name
@@ -6261,7 +6280,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -6297,7 +6316,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -6316,7 +6335,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
 	    range
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 852a6b9c05..a2a01841b3 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,11 +46,11 @@
 
Table of Contents

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -114,7 +114,7 @@ zone "example.com" {
 

 

-chroot and setuid (for
+chroot and setuid (for
           UNIX servers)

 

           On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -138,7 +138,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot() environment
             to
@@ -166,7 +166,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 4a18eb8b3e..0d96001dc9 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers-they aren't date
           related.  A lot of people set them to a number that represents a
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Software Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index d9ac4ff086..21dc158674 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -43,24 +43,24 @@
 

 
Table of Contents

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

-A Brief History of the DNS and BIND

+A Brief History of the DNS and BIND

             Although the "official" beginning of the Domain Name
             System occurred in 1984 with the publication of RFC 920, the
@@ -469,7 +469,7 @@
           

 

-Bibliography

+Bibliography

 
Standards

 
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

@@ -592,11 +592,11 @@
 

 

-Other Documents About BIND

+Other Documents About BIND

 

-Bibliography

+Bibliography
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index f1b167fc49..83b0df2567 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -155,54 +155,54 @@
 
server Statement Grammar
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
7. BIND 9 Security Considerations

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 
8. Troubleshooting

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 
A. Appendices

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 


From f4c369b44b4639669c61a13a1c3b5469f299a161 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 7 Jun 2005 23:26:55 +0000
Subject: [PATCH 104/148] auto update

---
 doc/private/branches | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index a83f161da0..4f3c2669b8 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -12,7 +12,6 @@ Branch				Status	Whom	// Comments
 bind9-gss-tsig			new	
 bind9-gsstsig			new	
 dlz				open	sra	// dynamicly loadable zones
-edns1				closed	marka
 gsstsig2			new	
 jinmei-mmapzone-test		new		// mmap based zone file. very experimental, just for reference purposes
 libbind_clean			open	jinmei
@@ -32,20 +31,10 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
 rt13753				review	
-rt13771				closed	
-rt14616				closed	
-rt14673				closed	
-rt14695				closed	
 rt14775				review	
-rt14801				closed	
-rt14802				closed	
 rt14814				review	
 rt14815				open	marka
-rt14841				closed	
-rt14846				closed	
-rt14851				closed	
 rt14855				open		// 9.4 ARM review	
-rt14873				closed	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka
@@ -84,6 +73,7 @@ delegation_only			closed
 ds				closed
 ds13				closed
 ds_12				closed
+edns1				closed
 edns_size			closed
 ifiter_getifaddrs		closed
 ipl				closed
@@ -276,8 +266,18 @@ rt13707				closed
 rt13714				closed
 rt13745				closed
 rt13754				closed
+rt13771				closed
+rt14616				closed
+rt14673				closed
 rt14686				closed
+rt14695				closed
 rt1471				closed
+rt14801				closed
+rt14802				closed
+rt14841				closed
+rt14846				closed
+rt14851				closed
+rt14873				closed
 rt1572a				closed		// bad rt#
 rt288				closed
 rt3445				closed

From 7d5b32acb1898844afa19123d07483b46edac7cb Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 8 Jun 2005 00:50:08 +0000
Subject: [PATCH 105/148] 1860.   [port]          solaris 2.8:
 hack_shutup_pthreadmutexinit was                         incorrectly set. [RT
 #14775]

---
 CHANGES               | 3 ++-
 configure             | 4 ++--
 doc/private/branches  | 2 +-
 lib/bind/configure    | 1 -
 lib/bind/configure.in | 3 +--
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9c81e86895..b99118b3b1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -34,7 +34,8 @@
 1861.	[bug]		dig could trigger a INSIST on certain malformed
 			responses. [RT #14801]
 
-1860.	[placeholder]	rt14775
+1860.	[port]		solaris 2.8: hack_shutup_pthreadmutexinit was
+			incorrectly set. [RT #14775]
 
 1859.	[func]		Add support for CH A record. [RT #14695]
 
diff --git a/configure b/configure
index cdbcc34bf6..9bcd27d5a7 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.363 2005/06/04 05:38:48 jinmei Exp $
+# $Id: configure,v 1.364 2005/06/08 00:50:08 marka Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.376 .
+# From configure.in Revision: 1.377 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59.
 #
diff --git a/doc/private/branches b/doc/private/branches
index 4f3c2669b8..4e92ab3f26 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -31,7 +31,7 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
 rt13753				review	
-rt14775				review	
+rt14775				closed	
 rt14814				review	
 rt14815				open	marka
 rt14855				open		// 9.4 ARM review	
diff --git a/lib/bind/configure b/lib/bind/configure
index 38bfd51930..f5c0db7524 100644
--- a/lib/bind/configure
+++ b/lib/bind/configure
@@ -30569,7 +30569,6 @@ case "$host" in
 		hack_shutup_in6addr_init_macros=yes
 		;;
 	*-solaris2.8)
-		hack_shutup_pthreadmutexinit=yes
 		hack_shutup_in6addr_init_macros=yes
 		;;
 	*-solaris2.9)
diff --git a/lib/bind/configure.in b/lib/bind/configure.in
index da96d0d00a..493910b475 100644
--- a/lib/bind/configure.in
+++ b/lib/bind/configure.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-AC_REVISION($Revision: 1.102 $)
+AC_REVISION($Revision: 1.103 $)
 
 AC_INIT(resolv/herror.c)
 AC_PREREQ(2.13)
@@ -2251,7 +2251,6 @@ case "$host" in
 		hack_shutup_in6addr_init_macros=yes
 		;;
 	*-solaris2.8)
-		hack_shutup_pthreadmutexinit=yes
 		hack_shutup_in6addr_init_macros=yes
 		;;
 	*-solaris2.9)

From ab9871e71eac6b33ce92a0ad26dc50d0ff241e3b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 8 Jun 2005 01:04:30 +0000
Subject: [PATCH 106/148] 1882.   [port]          win32: isc__errno2result()
 now reports its caller.                         [RT #13753]

1881.   [port]          win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]
---
 CHANGES                      |  5 +++++
 lib/isc/win32/errno2result.c | 11 ++++-------
 lib/isc/win32/errno2result.h |  7 +++++--
 lib/isc/win32/socket.c       |  4 +++-
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index b99118b3b1..ed8b5f8461 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+1882.	[port]		win32: isc__errno2result() now reports its caller.
+			[RT #13753]
+
+1881.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]
+
 1880.	[placeholder]
 
 1879.	[func]		Added framework for handling multiple EDNS versions.
diff --git a/lib/isc/win32/errno2result.c b/lib/isc/win32/errno2result.c
index f7873f51ab..8c8c6038e9 100644
--- a/lib/isc/win32/errno2result.c
+++ b/lib/isc/win32/errno2result.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.c,v 1.9 2004/03/05 05:11:56 marka Exp $ */
+/* $Id: errno2result.c,v 1.10 2005/06/08 01:04:29 marka Exp $ */
 
 #include 
 
@@ -32,7 +32,7 @@
  * not already there.
  */
 isc_result_t
-isc__errno2result(int posixerrno) {
+isc__errno2resultx(int posixerrno, const char *file, int line) {
 	char strbuf[ISC_STRERRORSIZE];
 
 	switch (posixerrno) {
@@ -63,10 +63,8 @@ isc__errno2result(int posixerrno) {
 		return (ISC_R_TOOMANYOPENFILES);
 	default:
 		isc__strerror(posixerrno, strbuf, sizeof(strbuf));
-		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "unable to convert errno "
-				 "to isc_result: %d: %s",
-				 posixerrno, strbuf);
+		UNEXPECTED_ERROR(file, line, "unable to convert errno "
+				 "to isc_result: %d: %s", posixerrno, strbuf);
 		/*
 		 * XXXDCL would be nice if perhaps this function could
 		 * return the system's error string, so the caller
@@ -76,4 +74,3 @@ isc__errno2result(int posixerrno) {
 		return (ISC_R_UNEXPECTED);
 	}
 }
-
diff --git a/lib/isc/win32/errno2result.h b/lib/isc/win32/errno2result.h
index b72dc33cac..75d60b0c96 100644
--- a/lib/isc/win32/errno2result.h
+++ b/lib/isc/win32/errno2result.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.h,v 1.6 2004/03/05 05:11:57 marka Exp $ */
+/* $Id: errno2result.h,v 1.7 2005/06/08 01:04:29 marka Exp $ */
 
 #ifndef UNIX_ERRNO2RESULT_H
 #define UNIX_ERRNO2RESULT_H 1
@@ -29,8 +29,11 @@
 
 ISC_LANG_BEGINDECLS
 
+#define isc__errno2result(posixerrno) \
+	isc__errno2resultx(posixerrno, __FILE__, __LINE__)
+
 isc_result_t
-isc__errno2result(int posixerrno);
+isc__errno2resultx(int posixerrno, const char *file, int line);
 
 ISC_LANG_ENDDECLS
 
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index b7855b7746..65766cca6f 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.37 2005/02/24 00:33:35 marka Exp $ */
+/* $Id: socket.c,v 1.38 2005/06/08 01:04:30 marka Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -1385,6 +1385,7 @@ completeio_recv(isc_socket_t *sock, isc_socketevent_t *dev,
 		SOFT_OR_HARD(WSAEDISCON, ISC_R_CONNECTIONRESET);
 		SOFT_OR_HARD(WSAENETDOWN, ISC_R_NETDOWN);
 		ALWAYS_HARD(ERROR_OPERATION_ABORTED, ISC_R_CONNECTIONRESET);
+		ALWAYS_HARD(ERROR_NETNAME_DELETED, ISC_R_CONNECTIONRESET);
 		ALWAYS_HARD(ERROR_PORT_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_HOST_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_NETWORK_UNREACHABLE, ISC_R_NETUNREACH);
@@ -1572,6 +1573,7 @@ completeio_send(isc_socket_t *sock, isc_socketevent_t *dev,
 		SOFT_OR_HARD(WSAEDISCON, ISC_R_CONNECTIONRESET);
 		SOFT_OR_HARD(WSAENETDOWN, ISC_R_NETDOWN);
 		ALWAYS_HARD(ERROR_OPERATION_ABORTED, ISC_R_CONNECTIONRESET);
+		ALWAYS_HARD(ERROR_NETNAME_DELETED, ISC_R_CONNECTIONRESET);
 		ALWAYS_HARD(ERROR_PORT_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_HOST_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_NETWORK_UNREACHABLE, ISC_R_NETUNREACH);

From e7fb847ed570dd8c1bcdacabb3d69bd81feb79ae Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 8 Jun 2005 02:09:18 +0000
Subject: [PATCH 107/148] 1883.   [port]          sunos: portability fixes. [RT
 #14814]

---
 CHANGES                               |   2 +
 bin/tests/Makefile.in                 |   8 +-
 config.h.in                           |   5 +-
 configure                             |  71 +++++++++++++-
 configure.in                          |  21 +++-
 doc/private/branches                  |   4 +-
 lib/dns/gen-unix.h                    |   6 +-
 lib/dns/journal.c                     |   3 +-
 lib/dns/key.c                         |   3 +-
 lib/isc/include/isc/print.h           |   6 +-
 lib/isc/lfsr.c                        |   3 +-
 lib/isc/nls/msgcat.c                  |   3 +-
 lib/isc/result.c                      |   3 +-
 lib/isc/unix/stdtime.c                |   3 +-
 lib/lwres/Makefile.in                 |   8 +-
 lib/lwres/getaddrinfo.c               |   4 +-
 lib/lwres/include/lwres/platform.h.in |   7 +-
 lib/lwres/include/lwres/stdlib.h      |  40 ++++++++
 lib/lwres/print.c                     |   4 +-
 lib/lwres/strtoul.c                   | 135 ++++++++++++++++++++++++++
 20 files changed, 311 insertions(+), 28 deletions(-)
 create mode 100644 lib/lwres/include/lwres/stdlib.h
 create mode 100644 lib/lwres/strtoul.c

diff --git a/CHANGES b/CHANGES
index ed8b5f8461..45c60748e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1883.	[port]		sunos: portability fixes. [RT #14814]
+
 1882.	[port]		win32: isc__errno2result() now reports its caller.
 			[RT #13753]
 
diff --git a/bin/tests/Makefile.in b/bin/tests/Makefile.in
index 5627c7e49a..b600f1c0db 100644
--- a/bin/tests/Makefile.in
+++ b/bin/tests/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.124 2005/03/17 03:56:10 marka Exp $
+# $Id: Makefile.in,v 1.125 2005/06/08 02:06:57 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -90,7 +90,9 @@ XTARGETS =	adb_test@EXEEXT@ \
 		zone_test@EXEEXT@
 
 # Alphabetically
-SRCS =		adb_test.c \
+SRCS =		cfg_test.c genrandom.c ${XSRCS}
+
+XSRCS =		adb_test.c \
 		byaddr_test.c \
 		byname_test.c \
 		compress_test.c \
@@ -133,7 +135,7 @@ SRCS =		adb_test.c \
 all_tests: ${XTARGETS}
 
 genrandom@EXEEXT@: genrandom.@O@
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ genrandom.@O@
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ genrandom.@O@ @GENRANDOMLIB@
 
 adb_test@EXEEXT@: adb_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ adb_test.@O@ \
diff --git a/config.h.in b/config.h.in
index 8bc047877d..baa554db2c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -16,7 +16,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h.in,v 1.66 2005/05/11 06:05:28 sra Exp $ */
+/* $Id: config.h.in,v 1.67 2005/06/08 02:09:18 marka Exp $ */
 
 /*! \file */
 
@@ -231,6 +231,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the  header file. */
 #undef HAVE_UNISTD_H
 
+/* Defined if extern char *optarg is not declared. */
+#undef NEED_OPTARG
+
 /* Define if connect does not honour the permission on the UNIX domain socket.
    */
 #undef NEED_SECURE_DIRECTORY
diff --git a/configure b/configure
index 9bcd27d5a7..d6e006d82d 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.364 2005/06/08 00:50:08 marka Exp $
+# $Id: configure,v 1.365 2005/06/08 02:09:18 marka Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.377 .
+# From configure.in Revision: 1.378 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59.
 #
@@ -495,7 +495,7 @@ ac_includes_default="\
 # include 
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEOSFASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL LWRES_PLATFORM_NEEDSTRTOUL GENRANDOMLIB ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEOSFASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
 ac_subst_files='BIND9_MAKE_INCLUDES BIND9_MAKE_RULES LIBISC_API LIBISCCC_API LIBISCCFG_API LIBDNS_API LIBBIND9_API LIBLWRES_API'
 
 # Initialize some variables set by options.
@@ -25518,12 +25518,18 @@ echo "$as_me:$LINENO: result: $ac_cv_func_strtoul" >&5
 echo "${ECHO_T}$ac_cv_func_strtoul" >&6
 if test $ac_cv_func_strtoul = yes; then
   ISC_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL"
+	 LWRES_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL"
+	 GENRANDOMLIB=""
 else
   ISC_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1"
+	 LWRES_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1"
+	 "GENRANDOMLIB=${ISCLIBS}"
 fi
 
 
 
+
+
 echo "$as_me:$LINENO: checking for strlcpy" >&5
 echo $ECHO_N "checking for strlcpy... $ECHO_C" >&6
 if test "${ac_cv_func_strlcpy+set}" = set; then
@@ -26743,6 +26749,63 @@ _ACEOF
 fi
 
 
+echo "$as_me:$LINENO: checking for optarg decarartion" >&5
+echo $ECHO_N "checking for optarg decarartion... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include 
+
+int
+main ()
+{
+optarg = 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_OPTARG 1
+_ACEOF
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
 #
 # BSD/OS, and perhaps some others, don't define rlim_t.
 #
@@ -28729,6 +28792,8 @@ s,@ISC_LWRES_GETNAMEINFOPROTO@,$ISC_LWRES_GETNAMEINFOPROTO,;t t
 s,@ISC_PLATFORM_NEEDSTRSEP@,$ISC_PLATFORM_NEEDSTRSEP,;t t
 s,@ISC_PLATFORM_NEEDMEMMOVE@,$ISC_PLATFORM_NEEDMEMMOVE,;t t
 s,@ISC_PLATFORM_NEEDSTRTOUL@,$ISC_PLATFORM_NEEDSTRTOUL,;t t
+s,@LWRES_PLATFORM_NEEDSTRTOUL@,$LWRES_PLATFORM_NEEDSTRTOUL,;t t
+s,@GENRANDOMLIB@,$GENRANDOMLIB,;t t
 s,@ISC_PLATFORM_NEEDSTRLCPY@,$ISC_PLATFORM_NEEDSTRLCPY,;t t
 s,@ISC_PLATFORM_NEEDSTRLCAT@,$ISC_PLATFORM_NEEDSTRLCAT,;t t
 s,@ISC_PLATFORM_NEEDSPRINTF@,$ISC_PLATFORM_NEEDSPRINTF,;t t
diff --git a/configure.in b/configure.in
index e4f639fc90..f3992b1881 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.377 $)
+AC_REVISION($Revision: 1.378 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)
@@ -1551,9 +1551,15 @@ AC_CHECK_FUNC(memmove,
 AC_SUBST(ISC_PLATFORM_NEEDMEMMOVE)
 
 AC_CHECK_FUNC(strtoul,
-	[ISC_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL"],
-	[ISC_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1"])
+	[ISC_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL"
+	 LWRES_PLATFORM_NEEDSTRTOUL="#undef ISC_PLATFORM_NEEDSTRTOUL"
+	 GENRANDOMLIB=""],
+	[ISC_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1"
+	 LWRES_PLATFORM_NEEDSTRTOUL="#define ISC_PLATFORM_NEEDSTRTOUL 1"
+	 "GENRANDOMLIB=${ISCLIBS}"])
 AC_SUBST(ISC_PLATFORM_NEEDSTRTOUL)
+AC_SUBST(LWRES_PLATFORM_NEEDSTRTOUL)
+AC_SUBST(GENRANDOMLIB)
 
 AC_CHECK_FUNC(strlcpy,
 	[ISC_PLATFORM_NEEDSTRLCPY="#undef ISC_PLATFORM_NEEDSTRLCPY"],
@@ -1676,6 +1682,15 @@ esac
 #
 AC_CHECK_FUNC(tzset, AC_DEFINE(HAVE_TZSET))
 
+AC_MSG_CHECKING(for optarg decarartion)
+AC_TRY_COMPILE([
+#include 
+],
+[optarg = 0;],
+[AC_MSG_RESULT(yes)],
+[AC_MSG_RESULT(no)
+AC_DEFINE(NEED_OPTARG, 1, [Defined if extern char *optarg is not declared.])])
+
 #
 # BSD/OS, and perhaps some others, don't define rlim_t.
 #
diff --git a/doc/private/branches b/doc/private/branches
index 4e92ab3f26..ba6f26e9fa 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -30,9 +30,9 @@ rt13562				open	marka
 rt13587				review	
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
-rt13753				review	
+rt13753				closed	
 rt14775				closed	
-rt14814				review	
+rt14814				closed	
 rt14815				open	marka
 rt14855				open		// 9.4 ARM review	
 rt5206_1			open	marka
diff --git a/lib/dns/gen-unix.h b/lib/dns/gen-unix.h
index 52da52375c..522f2e1e3a 100644
--- a/lib/dns/gen-unix.h
+++ b/lib/dns/gen-unix.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: gen-unix.h,v 1.16 2005/04/29 00:22:46 marka Exp $ */
+/* $Id: gen-unix.h,v 1.17 2005/06/08 02:06:58 marka Exp $ */
 
 /*! \file
  * \brief
@@ -41,6 +41,10 @@
 #include 
 #include 
 
+#ifdef NEED_OPTARG
+extern char *optarg;
+#endif
+
 #define isc_commandline_parse		getopt
 #define isc_commandline_argument 	optarg
 
diff --git a/lib/dns/journal.c b/lib/dns/journal.c
index 00345c5b18..d43c138d37 100644
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -15,11 +15,12 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: journal.c,v 1.92 2005/06/07 02:02:05 marka Exp $ */
+/* $Id: journal.c,v 1.93 2005/06/08 02:06:58 marka Exp $ */
 
 #include 
 
 #include 
+#include 
 
 #include 
 #include 
diff --git a/lib/dns/key.c b/lib/dns/key.c
index 37a0924d51..dd3f32a2bb 100644
--- a/lib/dns/key.c
+++ b/lib/dns/key.c
@@ -15,10 +15,11 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: key.c,v 1.3 2005/04/29 00:22:47 marka Exp $ */
+/* $Id: key.c,v 1.4 2005/06/08 02:06:59 marka Exp $ */
 
 #include 
 
+#include 
 #include 
 
 #include 
diff --git a/lib/isc/include/isc/print.h b/lib/isc/include/isc/print.h
index 13fd32de6b..0a1b401145 100644
--- a/lib/isc/include/isc/print.h
+++ b/lib/isc/include/isc/print.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: print.h,v 1.21 2005/04/29 00:23:42 marka Exp $ */
+/* $Id: print.h,v 1.22 2005/06/08 02:07:00 marka Exp $ */
 
 #ifndef ISC_PRINT_H
 #define ISC_PRINT_H 1
@@ -57,6 +57,10 @@
 #include 
 #include 
 #endif
+#ifdef ISC_PLATFORM_NEEDSPRINTF
+#include 
+#endif
+
 
 ISC_LANG_BEGINDECLS
 
diff --git a/lib/isc/lfsr.c b/lib/isc/lfsr.c
index cec12f016e..5ddcc1b62a 100644
--- a/lib/isc/lfsr.c
+++ b/lib/isc/lfsr.c
@@ -15,12 +15,13 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lfsr.c,v 1.16 2005/04/29 00:23:27 marka Exp $ */
+/* $Id: lfsr.c,v 1.17 2005/06/08 02:06:59 marka Exp $ */
 
 /*! \file */
 
 #include 
 
+#include 
 #include 
 
 #include 
diff --git a/lib/isc/nls/msgcat.c b/lib/isc/nls/msgcat.c
index 55e77871a5..ac6d5a3e39 100644
--- a/lib/isc/nls/msgcat.c
+++ b/lib/isc/nls/msgcat.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: msgcat.c,v 1.15 2005/04/29 00:23:47 marka Exp $ */
+/* $Id: msgcat.c,v 1.16 2005/06/08 02:07:00 marka Exp $ */
 
 /*! \file msgcat.c
  *
@@ -24,6 +24,7 @@
 
 #include 
 
+#include 
 #include 
 
 #include 
diff --git a/lib/isc/result.c b/lib/isc/result.c
index 5d9f6a4f66..ce3b988392 100644
--- a/lib/isc/result.c
+++ b/lib/isc/result.c
@@ -15,12 +15,13 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.c,v 1.66 2005/04/29 00:23:30 marka Exp $ */
+/* $Id: result.c,v 1.67 2005/06/08 02:06:59 marka Exp $ */
 
 /*! \file */
 
 #include 
 
+#include 
 #include 
 
 #include 
diff --git a/lib/isc/unix/stdtime.c b/lib/isc/unix/stdtime.c
index ddf0157350..f5f30e2075 100644
--- a/lib/isc/unix/stdtime.c
+++ b/lib/isc/unix/stdtime.c
@@ -15,12 +15,13 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stdtime.c,v 1.16 2005/04/29 00:23:51 marka Exp $ */
+/* $Id: stdtime.c,v 1.17 2005/06/08 02:07:01 marka Exp $ */
 
 /*! \file */
 
 #include 
 
+#include 	/* NULL */
 #include 	/* NULL */
 #include 
 
diff --git a/lib/lwres/Makefile.in b/lib/lwres/Makefile.in
index 95b6565657..b08beb68d0 100644
--- a/lib/lwres/Makefile.in
+++ b/lib/lwres/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.30 2004/08/28 06:16:59 marka Exp $
+# $Id: Makefile.in,v 1.31 2005/06/08 02:07:01 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -35,14 +35,16 @@ OBJS =		context.@O@ gai_strerror.@O@ getaddrinfo.@O@ gethost.@O@ \
 		getipnode.@O@ getnameinfo.@O@ getrrset.@O@ herror.@O@ \
 		lwbuffer.@O@ lwconfig.@O@ lwpacket.@O@ lwresutil.@O@ \
 		lwres_gabn.@O@ lwres_gnba.@O@ lwres_grbn.@O@ lwres_noop.@O@ \
-		lwinetaton.@O@ lwinetpton.@O@ lwinetntop.@O@ print.@O@
+		lwinetaton.@O@ lwinetpton.@O@ lwinetntop.@O@ print.@O@ \
+		strtoul.@O@
 
 # Alphabetically
 SRCS =		context.c gai_strerror.c getaddrinfo.c gethost.c \
 		getipnode.c getnameinfo.c getrrset.c herror.c \
 		lwbuffer.c lwconfig.c lwpacket.c lwresutil.c \
 		lwres_gabn.c lwres_gnba.c lwres_grbn.c lwres_noop.c \
-		lwinetaton.c lwinetpton.c lwinetntop.c print.c
+		lwinetaton.c lwinetpton.c lwinetntop.c print.c \
+		strtoul.c
 
 LIBS =		@LIBS@
 
diff --git a/lib/lwres/getaddrinfo.c b/lib/lwres/getaddrinfo.c
index 3734e23635..da3424dbb6 100644
--- a/lib/lwres/getaddrinfo.c
+++ b/lib/lwres/getaddrinfo.c
@@ -18,7 +18,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: getaddrinfo.c,v 1.45 2005/04/29 00:24:05 marka Exp $ */
+/* $Id: getaddrinfo.c,v 1.46 2005/06/08 02:07:01 marka Exp $ */
 
 /*! \file */
 
@@ -135,11 +135,11 @@
 
 #include 
 #include 
-#include 
 
 #include 
 #include 
 #include 
+#include 
 
 #define SA(addr)	((struct sockaddr *)(addr))
 #define SIN(addr)	((struct sockaddr_in *)(addr))
diff --git a/lib/lwres/include/lwres/platform.h.in b/lib/lwres/include/lwres/platform.h.in
index 1ce2345068..8ce3428e68 100644
--- a/lib/lwres/include/lwres/platform.h.in
+++ b/lib/lwres/include/lwres/platform.h.in
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: platform.h.in,v 1.18 2005/05/06 02:09:51 marka Exp $ */
+/* $Id: platform.h.in,v 1.19 2005/06/08 02:07:03 marka Exp $ */
 
 /*! \file */
 
@@ -95,6 +95,11 @@
  */
 @LWRES_PLATFORM_QUADFORMAT@
 
+/*! \brief
+ * Define if this system needs strtoul.
+ */
+@LWRES_PLATFORM_NEEDSTRTOUL@
+
 #ifndef LWRES_PLATFORM_USEDECLSPEC
 #define LIBLWRES_EXTERNAL_DATA
 #else
diff --git a/lib/lwres/include/lwres/stdlib.h b/lib/lwres/include/lwres/stdlib.h
new file mode 100644
index 0000000000..1f7895cf15
--- /dev/null
+++ b/lib/lwres/include/lwres/stdlib.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2003  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: stdlib.h,v 1.2 2005/06/08 02:07:03 marka Exp $ */
+
+#ifndef LWRES_STDLIB_H
+#define LWRES_STDLIB_H 1
+
+/*! \file */
+
+#include 
+
+#include 
+#include 
+
+#ifdef LWRES_PLATFORM_NEEDSTRTOUL
+#define strtoul lwres_strtoul
+#endif
+
+LWRES_LANG_BEGINDECLS
+
+unsigned long lwres_strtoul(const char *, char **, int);
+
+LWRES_LANG_ENDDECLS
+
+#endif
diff --git a/lib/lwres/print.c b/lib/lwres/print.c
index 7456695ef3..ee21f78b5a 100644
--- a/lib/lwres/print.c
+++ b/lib/lwres/print.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: print.c,v 1.6 2005/05/09 00:41:48 marka Exp $ */
+/* $Id: print.c,v 1.7 2005/06/08 02:07:02 marka Exp $ */
 
 #include 
 
@@ -25,7 +25,7 @@
 
 #define	LWRES__PRINT_SOURCE	/* Used to get the lwres_print_* prototypes. */
 
-#include 
+#include 
 
 #include "assert_p.h"
 #include "print_p.h"
diff --git a/lib/lwres/strtoul.c b/lib/lwres/strtoul.c
new file mode 100644
index 0000000000..f7e7933dd3
--- /dev/null
+++ b/lib/lwres/strtoul.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2003  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*! \file */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)strtoul.c	8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+/* $Id: strtoul.c,v 1.2 2005/06/08 02:07:02 marka Exp $ */
+
+#include 
+
+#include 
+#include 
+#include 
+
+#include 
+
+#define DE_CONST(konst, var) \
+	do { \
+		union { const void *k; void *v; } _u; \
+		_u.k = konst; \
+		var = _u.v; \
+	} while (0)
+
+/*!
+ * Convert a string to an unsigned long integer.
+ *
+ * Ignores `locale' stuff.  Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+unsigned long
+lwres_strtoul(const char *nptr, char **endptr, int base) {
+	const char *s = nptr;
+	unsigned long acc;
+	unsigned char c;
+	unsigned long cutoff;
+	int neg = 0, any, cutlim;
+
+	/*
+	 * See strtol for comments as to the logic used.
+	 */
+	do {
+		c = *s++;
+	} while (isspace(c));
+	if (c == '-') {
+		neg = 1;
+		c = *s++;
+	} else if (c == '+')
+		c = *s++;
+	if ((base == 0 || base == 16) &&
+	    c == '0' && (*s == 'x' || *s == 'X')) {
+		c = s[1];
+		s += 2;
+		base = 16;
+	}
+	if (base == 0)
+		base = c == '0' ? 8 : 10;
+	cutoff = (unsigned long)ULONG_MAX / (unsigned long)base;
+	cutlim = (unsigned long)ULONG_MAX % (unsigned long)base;
+	for (acc = 0, any = 0;; c = *s++) {
+		if (!isascii(c))
+			break;
+		if (isdigit(c))
+			c -= '0';
+		else if (isalpha(c))
+			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+		else
+			break;
+		if (c >= base)
+			break;
+		if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
+			any = -1;
+		else {
+			any = 1;
+			acc *= base;
+			acc += c;
+		}
+	}
+	if (any < 0) {
+		acc = ULONG_MAX;
+		errno = ERANGE;
+	} else if (neg)
+		acc = -acc;
+	if (endptr != 0)
+		DE_CONST(any ? s - 1 : nptr, *endptr);
+	return (acc);
+}

From 690b796315aa662bdd0cf7da35d878794c782831 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 8 Jun 2005 02:17:26 +0000
Subject: [PATCH 108/148] newcopyrights

---
 util/copyrights | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/copyrights b/util/copyrights
index 68478cfb28..c023e9afe6 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2218,6 +2218,7 @@
 ./lib/lwres/include/lwres/netdb.h.in		C	2000,2001,2004,2005
 ./lib/lwres/include/lwres/platform.h.in		C	2000,2001,2004,2005
 ./lib/lwres/include/lwres/result.h		C	2000,2001,2004,2005
+./lib/lwres/include/lwres/stdlib.h		C	2003,2004,2005
 ./lib/lwres/include/lwres/version.h		C	2001,2004,2005
 ./lib/lwres/lwbuffer.c				C	2000,2001,2004,2005
 ./lib/lwres/lwconfig.c				C	2000,2001,2002,2003,2004,2005
@@ -2286,6 +2287,7 @@
 ./lib/lwres/man/resolver.5			MAN	2000,2001,2004
 ./lib/lwres/print.c				C	1999,2000,2001,2003,2004,2005
 ./lib/lwres/print_p.h				C	1999,2000,2001,2003,2004
+./lib/lwres/strtoul.c				C	2003,2004,2005
 ./lib/lwres/unix/.cvsignore			X	2001
 ./lib/lwres/unix/Makefile.in			MAKE	2001,2004
 ./lib/lwres/unix/include/.cvsignore		X	2001

From 1f0775abff1d32145bf7b57e80cc4a17b05143a6 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 8 Jun 2005 23:29:11 +0000
Subject: [PATCH 109/148] auto update

---
 doc/private/branches | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index ba6f26e9fa..ee270efdc7 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -30,9 +30,6 @@ rt13562				open	marka
 rt13587				review	
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
-rt13753				closed	
-rt14775				closed	
-rt14814				closed	
 rt14815				open	marka
 rt14855				open		// 9.4 ARM review	
 rt5206_1			open	marka
@@ -265,6 +262,7 @@ rt13694				closed
 rt13707				closed
 rt13714				closed
 rt13745				closed
+rt13753				closed
 rt13754				closed
 rt13771				closed
 rt14616				closed
@@ -272,8 +270,10 @@ rt14673				closed
 rt14686				closed
 rt14695				closed
 rt1471				closed
+rt14775				closed
 rt14801				closed
 rt14802				closed
+rt14814				closed
 rt14841				closed
 rt14846				closed
 rt14851				closed

From b059a0ad4850115cd53610db8e4bcec5de548336 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 9 Jun 2005 23:26:17 +0000
Subject: [PATCH 110/148] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index ee270efdc7..5733d4532b 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -32,6 +32,8 @@ rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
 rt14815				open	marka
 rt14855				open		// 9.4 ARM review	
+rt14890				new	
+rt14895				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From 618d936b4783c66485a5a666e28f8c8d419f191c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 9 Jun 2005 23:35:22 +0000
Subject: [PATCH 111/148] newcopyrights

---
 util/copyrights | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index c023e9afe6..d3403f3a49 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2075,8 +2075,8 @@
 ./lib/isc/win32/condition.c			C	1998,1999,2000,2001,2004
 ./lib/isc/win32/dir.c				C	1999,2000,2001,2004
 ./lib/isc/win32/entropy.c			C	2000,2001,2002,2004
-./lib/isc/win32/errno2result.c			C	2000,2001,2002,2004
-./lib/isc/win32/errno2result.h			C	2000,2001,2004
+./lib/isc/win32/errno2result.c			C	2000,2001,2002,2004,2005
+./lib/isc/win32/errno2result.h			C	2000,2001,2004,2005
 ./lib/isc/win32/file.c				C	2000,2001,2002,2004
 ./lib/isc/win32/fsaccess.c			C	2000,2001,2002,2004
 ./lib/isc/win32/include/.cvsignore		X	1999,2000,2001
@@ -2191,7 +2191,7 @@
 ./lib/isccfg/win32/libisccfg.mak		X	2001,2005
 ./lib/isccfg/win32/version.c			C	1998,1999,2000,2001,2004
 ./lib/lwres/.cvsignore				X	2000,2001
-./lib/lwres/Makefile.in				MAKE	2000,2001,2004
+./lib/lwres/Makefile.in				MAKE	2000,2001,2004,2005
 ./lib/lwres/api					X	2000,2001
 ./lib/lwres/assert_p.h				C	2000,2001,2004,2005
 ./lib/lwres/context.c				C	2000,2001,2003,2004,2005

From f7d7c7ba4316050260c10b402cdc8986ae0a42da Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 10 Jun 2005 00:00:59 +0000
Subject: [PATCH 112/148] update copyright notice

---
 lib/isc/win32/errno2result.c | 4 ++--
 lib/isc/win32/errno2result.h | 4 ++--
 lib/lwres/Makefile.in        | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/isc/win32/errno2result.c b/lib/isc/win32/errno2result.c
index 8c8c6038e9..edb742fc57 100644
--- a/lib/isc/win32/errno2result.c
+++ b/lib/isc/win32/errno2result.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.c,v 1.10 2005/06/08 01:04:29 marka Exp $ */
+/* $Id: errno2result.c,v 1.11 2005/06/10 00:00:58 marka Exp $ */
 
 #include 
 
diff --git a/lib/isc/win32/errno2result.h b/lib/isc/win32/errno2result.h
index 75d60b0c96..b28b9e7cca 100644
--- a/lib/isc/win32/errno2result.h
+++ b/lib/isc/win32/errno2result.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.h,v 1.7 2005/06/08 01:04:29 marka Exp $ */
+/* $Id: errno2result.h,v 1.8 2005/06/10 00:00:58 marka Exp $ */
 
 #ifndef UNIX_ERRNO2RESULT_H
 #define UNIX_ERRNO2RESULT_H 1
diff --git a/lib/lwres/Makefile.in b/lib/lwres/Makefile.in
index b08beb68d0..07776d2deb 100644
--- a/lib/lwres/Makefile.in
+++ b/lib/lwres/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.31 2005/06/08 02:07:01 marka Exp $
+# $Id: Makefile.in,v 1.32 2005/06/10 00:00:59 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

From e8e62bb7829e88fc56360f7edc021dc8493a8704 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 10 Jun 2005 06:58:27 +0000
Subject: [PATCH 113/148] 1884.   [bug]           process_dhtkey() was using
 the wrong memory context                         to free some memory. [RT
 #14890]

---
 CHANGES        | 3 +++
 lib/dns/tkey.c | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 45c60748e0..8ce16735c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1884.	[bug]		process_dhtkey() was using the wrong memory context
+			to free some memory. [RT #14890]
+
 1883.	[port]		sunos: portability fixes. [RT #14814]
 
 1882.	[port]		win32: isc__errno2result() now reports its caller.
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 2f7696b988..7ff4556a4b 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tkey.c,v 1.79 2005/04/29 00:22:53 marka Exp $
+ * $Id: tkey.c,v 1.80 2005/06/10 06:58:27 marka Exp $
  */
 /*! \file */
 #include 
@@ -356,7 +356,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
 
 	isc_buffer_init(&secret, secretdata, sizeof(secretdata));
 
-	randomdata = isc_mem_get(tctx->mctx, TKEY_RANDOM_AMOUNT);
+	randomdata = isc_mem_get(tkeyout->mctx, TKEY_RANDOM_AMOUNT);
 	if (randomdata == NULL)
 		goto failure;
 
@@ -397,8 +397,8 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
 		isc_buffer_free(&shared);
 	if (pubkey != NULL)
 		dst_key_free(&pubkey);
-	if (randomdata == NULL)
-		isc_mem_put(tctx->mctx, randomdata, TKEY_RANDOM_AMOUNT);
+	if (randomdata != NULL)
+		isc_mem_put(tkeyout->mctx, randomdata, TKEY_RANDOM_AMOUNT);
 	return (result);
 }
 

From d4d68515d23668cfe804ab2a174a7e427decedd8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 10 Jun 2005 07:00:20 +0000
Subject: [PATCH 114/148] 1885.   [func]          Additional memory debugging
 support to track size                         and mctx arguements. [RT
 #14814]

---
 CHANGES                   |  3 ++
 bin/named/main.c          |  8 ++--
 bin/tests/system/start.pl |  6 +--
 lib/isc/include/isc/mem.h | 13 +++++-
 lib/isc/mem.c             | 90 +++++++++++++++++++++++++++++++++++++--
 5 files changed, 109 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8ce16735c1..fc12d53a06 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1885.	[func]		Additional memory debugging support to track size
+			and mctx arguements. [RT #14814]
+
 1884.	[bug]		process_dhtkey() was using the wrong memory context
 			to free some memory. [RT #14890]
 
diff --git a/bin/named/main.c b/bin/named/main.c
index f9a05128c9..f40a8c6324 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.146 2005/04/29 00:36:15 marka Exp $ */
+/* $Id: main.c,v 1.147 2005/06/10 07:00:19 marka Exp $ */
 
 /*! \file */
 
@@ -228,7 +228,7 @@ lwresd_usage(void) {
 		"              [-f|-g] [-n number_of_cpus] [-p port] "
 		"[-P listen-port] [-s]\n"
 		"              [-t chrootdir] [-u username] [-i pidfile]\n"
-		"              [-m {usage|trace|record}]\n");
+		"              [-m {usage|trace|record|size|mctx}]\n");
 }
 
 static void
@@ -241,7 +241,7 @@ usage(void) {
 		"usage: named [-4|-6] [-c conffile] [-d debuglevel] "
 		"[-f|-g] [-n number_of_cpus]\n"
 		"             [-p port] [-s] [-t chrootdir] [-u username]\n"
-		"             [-m {usage|trace|record}]\n");
+		"             [-m {usage|trace|record|size|mctx}]\n");
 }
 
 static void
@@ -309,6 +309,8 @@ static struct flag_def {
 	{ "trace",  ISC_MEM_DEBUGTRACE },
 	{ "record", ISC_MEM_DEBUGRECORD },
 	{ "usage", ISC_MEM_DEBUGUSAGE },
+	{ "size", ISC_MEM_DEBUGSIZE },
+	{ "mctx", ISC_MEM_DEBUGCTX },
 	{ NULL, 0 }
 };
 
diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl
index 8e8bc82f96..785ca63ab6 100644
--- a/bin/tests/system/start.pl
+++ b/bin/tests/system/start.pl
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: start.pl,v 1.5 2004/03/10 02:19:52 marka Exp $
+# $Id: start.pl,v 1.6 2005/06/10 07:00:19 marka Exp $
 
 # Framework for starting test servers.
 # Based on the type of server specified, check for port availability, remove
@@ -129,7 +129,7 @@ sub start_server {
 		if ($options) {
 			$command .= "$options";
 		} else {
-			$command .= "-m record -c named.conf -d 99 -g";
+			$command .= "-m record,size,mctx -c named.conf -d 99 -g";
 		}
 		$command .= " >named.run 2>&1 &";
 		$pid_file = "named.pid";
@@ -139,7 +139,7 @@ sub start_server {
 		if ($options) {
 			$command .= "$options";
 		} else {
-			$command .= "-m record -C resolv.conf -d 99 -g -i lwresd.pid -P 9210 -p 5300";
+			$command .= "-m record,size,mctx -C resolv.conf -d 99 -g -i lwresd.pid -P 9210 -p 5300";
 		}
 		$command .= " >lwresd.run 2>&1 &";
 		$pid_file = "lwresd.pid";
diff --git a/lib/isc/include/isc/mem.h b/lib/isc/include/isc/mem.h
index e026082ba8..19acbd2eb0 100644
--- a/lib/isc/include/isc/mem.h
+++ b/lib/isc/include/isc/mem.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mem.h,v 1.63 2005/06/04 05:32:48 jinmei Exp $ */
+/* $Id: mem.h,v 1.64 2005/06/10 07:00:20 marka Exp $ */
 
 #ifndef ISC_MEM_H
 #define ISC_MEM_H 1
@@ -87,6 +87,9 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging;
 #define ISC_MEM_DEBUGTRACE		0x00000001U
 #define ISC_MEM_DEBUGRECORD		0x00000002U
 #define ISC_MEM_DEBUGUSAGE		0x00000004U
+#define ISC_MEM_DEBUGSIZE		0x00000008U
+#define ISC_MEM_DEBUGCTX		0x00000010U
+#define ISC_MEM_DEBUGALL		0x0000001FU
 /*!<
  * The variable isc_mem_debugging holds a set of flags for
  * turning certain memory debugging options on or off at
@@ -104,6 +107,14 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging;
  * \li #ISC_MEM_DEBUGUSAGE
  *	If a hi_water mark is set, print the maximium inuse memory
  *	every time it is raised once it exceeds the hi_water mark.
+ *
+ * \li #ISC_MEM_DEBUGSIZE
+ *	Check the size arguement being passed to isc_mem_put() matches
+ *	that passed to isc_mem_get().
+ *
+ * \li #ISC_MEM_DEBUGCTX
+ *	Check the mctx arguement being passed to isc_mem_put() matches
+ *	that passed to isc_mem_get().
  */
 /*@}*/
 
diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index f20bd51c60..f15f731710 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mem.c,v 1.120 2005/06/04 05:32:48 jinmei Exp $ */
+/* $Id: mem.c,v 1.121 2005/06/10 07:00:19 marka Exp $ */
 
 /*! \file */
 
@@ -99,6 +99,7 @@ typedef struct {
 	 */
 	union {
 		size_t		size;
+		isc_mem_t	*ctx;
 		char		bytes[ALIGNMENT_SIZE];
 	} u;
 } size_info;
@@ -976,6 +977,8 @@ void
 isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) {
 	isc_mem_t *ctx;
 	isc_boolean_t want_destroy = ISC_FALSE;
+	size_info *si;
+	size_t oldsize;
 
 	REQUIRE(ctxp != NULL);
 	ctx = *ctxp;
@@ -988,6 +991,26 @@ isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) {
 	 */
 	*ctxp = NULL;
 
+	if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0) {
+		if ((isc_mem_debugging & ISC_MEM_DEBUGSIZE) != 0) {
+			si = &(((size_info *)ptr)[-1]);
+			oldsize = si->u.size - ALIGNMENT_SIZE;
+			if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0)
+				oldsize -= ALIGNMENT_SIZE;
+			INSIST(oldsize == size);
+		}
+		isc__mem_free(ctx, ptr FLARG_PASS);
+
+		MCTXLOCK(ctx, &ctx->lock);
+		ctx->references--;
+		if (ctx->references == 0)
+			want_destroy = ISC_TRUE;
+		MCTXUNLOCK(ctx, &ctx->lock);
+		if (want_destroy)
+			destroy(ctx);
+
+		return;
+	}
 #if ISC_MEM_USE_INTERNAL_MALLOC
 	MCTXLOCK(ctx, &ctx->lock);
 	mem_putunlocked(ctx, ptr, size);
@@ -1055,6 +1078,8 @@ isc__mem_get(isc_mem_t *ctx, size_t size FLARG) {
 
 	REQUIRE(VALID_CONTEXT(ctx));
 
+	if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0)
+		return (isc__mem_allocate(ctx, size FLARG_PASS));
 #if ISC_MEM_USE_INTERNAL_MALLOC
 	MCTXLOCK(ctx, &ctx->lock);
 	ptr = mem_getunlocked(ctx, size);
@@ -1090,10 +1115,24 @@ void
 isc__mem_put(isc_mem_t *ctx, void *ptr, size_t size FLARG)
 {
 	isc_boolean_t call_water = ISC_FALSE;
+	size_info *si;
+	size_t oldsize;
 
 	REQUIRE(VALID_CONTEXT(ctx));
 	REQUIRE(ptr != NULL);
 
+	if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0) {
+		if ((isc_mem_debugging & ISC_MEM_DEBUGSIZE) != 0) {
+			si = &(((size_info *)ptr)[-1]);
+			oldsize = si->u.size - ALIGNMENT_SIZE;
+			if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0)
+				oldsize -= ALIGNMENT_SIZE;
+			INSIST(oldsize == size);
+		}
+		isc__mem_free(ctx, ptr FLARG_PASS);
+		return;
+	}
+
 #if ISC_MEM_USE_INTERNAL_MALLOC
 	MCTXLOCK(ctx, &ctx->lock);
 	mem_putunlocked(ctx, ptr, size);
@@ -1249,6 +1288,8 @@ isc__mem_allocateunlocked(isc_mem_t *ctx, size_t size) {
 	size_info *si;
 
 	size += ALIGNMENT_SIZE;
+	if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0)
+		size += ALIGNMENT_SIZE;
 #if ISC_MEM_USE_INTERNAL_MALLOC
 	si = mem_getunlocked(ctx, size);
 #else /* ISC_MEM_USE_INTERNAL_MALLOC */
@@ -1256,6 +1297,10 @@ isc__mem_allocateunlocked(isc_mem_t *ctx, size_t size) {
 #endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 	if (si == NULL)
 		return (NULL);
+	if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) {
+		si->u.ctx = ctx;
+		si++;
+	}
 	si->u.size = size;
 	return (&si[1]);
 }
@@ -1263,6 +1308,7 @@ isc__mem_allocateunlocked(isc_mem_t *ctx, size_t size) {
 void *
 isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
 	size_info *si;
+	isc_boolean_t call_water = ISC_FALSE;
 
 	REQUIRE(VALID_CONTEXT(ctx));
 
@@ -1279,9 +1325,23 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
 #if ISC_MEM_TRACKLINES
 	ADD_TRACE(ctx, si, si[-1].u.size, file, line);
 #endif
-
+	if (ctx->hi_water != 0U && !ctx->hi_called &&
+	    ctx->inuse > ctx->hi_water) {
+		ctx->hi_called = ISC_TRUE;
+		call_water = ISC_TRUE;
+	}
+	if (ctx->inuse > ctx->maxinuse) {
+		ctx->maxinuse = ctx->inuse;
+		if (ctx->hi_water != 0U && ctx->inuse > ctx->hi_water &&
+		    (isc_mem_debugging & ISC_MEM_DEBUGUSAGE) != 0)
+			fprintf(stderr, "maxinuse = %lu\n",
+				(unsigned long)ctx->inuse);
+	}
 	MCTXUNLOCK(ctx, &ctx->lock);
 
+	if (call_water)
+		(ctx->water)(ctx->water_arg, ISC_MEM_HIWATER);
+
 	return (si);
 }
 
@@ -1289,12 +1349,19 @@ void
 isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) {
 	size_info *si;
 	size_t size;
+	isc_boolean_t call_water= ISC_FALSE;
 
 	REQUIRE(VALID_CONTEXT(ctx));
 	REQUIRE(ptr != NULL);
 
-	si = &(((size_info *)ptr)[-1]);
-	size = si->u.size;
+	if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) {
+		si = &(((size_info *)ptr)[-2]);
+		REQUIRE(si->u.ctx == ctx);
+		size = si[1].u.size;
+	} else {
+		si = &(((size_info *)ptr)[-1]);
+		size = si->u.size;
+	}
 
 #if ISC_MEM_USE_INTERNAL_MALLOC
 	MCTXLOCK(ctx, &ctx->lock);
@@ -1307,7 +1374,22 @@ isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) {
 
 	DELETE_TRACE(ctx, ptr, size, file, line);
 
+	/*
+	 * The check against ctx->lo_water == 0 is for the condition
+	 * when the context was pushed over hi_water but then had
+	 * isc_mem_setwater() called with 0 for hi_water and lo_water.
+	 */
+	if (ctx->hi_called && 
+	    (ctx->inuse < ctx->lo_water || ctx->lo_water == 0U)) {
+		ctx->hi_called = ISC_FALSE;
+
+		if (ctx->water != NULL)
+			call_water = ISC_TRUE;
+	}
 	MCTXUNLOCK(ctx, &ctx->lock);
+
+	if (call_water)
+		(ctx->water)(ctx->water_arg, ISC_MEM_LOWATER);
 }
 
 

From d3b3cfdf0d4fc682d808b5a541689881fb371f8c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 10 Jun 2005 07:51:54 +0000
Subject: [PATCH 115/148] #1864 had a size(foo) instead of sizeof(*foo) which
 broke on 64 bit machines.

---
 lib/dns/zone.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3b2ad41cf0..ece6eb5807 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.438 2005/06/07 01:21:32 marka Exp $ */
+/* $Id: zone.c,v 1.439 2005/06/10 07:51:54 marka Exp $ */
 
 /*! \file */
 
@@ -2563,7 +2563,7 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, isc_sockaddr_t *masters,
 	/*
 	 * Similarly for mastersok.
 	 */
-	newok = isc_mem_get(zone->mctx, count * sizeof(newok));
+	newok = isc_mem_get(zone->mctx, count * sizeof(*newok));
 	if (newok == NULL) {
 		result = ISC_R_NOMEMORY;
 		isc_mem_put(zone->mctx, new, count * sizeof(*new));

From 1c528138d7f99a908956737b1e4f3f9c7d36e626 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 10 Jun 2005 23:28:12 +0000
Subject: [PATCH 116/148] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 5733d4532b..6a11d57895 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -33,6 +33,7 @@ rt13662				open	marka	// rrset-order fixed
 rt14815				open	marka
 rt14855				open		// 9.4 ARM review	
 rt14890				new	
+rt14892				new	
 rt14895				new	
 rt5206_1			open	marka
 rt6432				open	marka

From 6e611cc919d69bed062e9885078412ef2ac4f007 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sat, 11 Jun 2005 23:34:54 +0000
Subject: [PATCH 117/148] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index d3403f3a49..42938bb91f 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -646,7 +646,7 @@
 ./bin/tests/system/sortlist/ns1/named.conf	CONF-C	2000,2001,2004
 ./bin/tests/system/sortlist/ns1/root.db		ZONE	2000,2001,2004
 ./bin/tests/system/sortlist/tests.sh		SH	2000,2001,2004
-./bin/tests/system/start.pl			SH	2001,2004
+./bin/tests/system/start.pl			SH	2001,2004,2005
 ./bin/tests/system/start.sh			SH	2001,2004
 ./bin/tests/system/stop.pl			SH	2001,2004
 ./bin/tests/system/stop.sh			SH	2001,2004

From f2daad8ac3efed39c791e6d60e28c6b564e9b8dd Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 12 Jun 2005 00:03:20 +0000
Subject: [PATCH 118/148] update copyright notice

---
 bin/tests/system/start.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl
index 785ca63ab6..1826f11bab 100644
--- a/bin/tests/system/start.pl
+++ b/bin/tests/system/start.pl
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -w
 #
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: start.pl,v 1.6 2005/06/10 07:00:19 marka Exp $
+# $Id: start.pl,v 1.7 2005/06/12 00:03:20 marka Exp $
 
 # Framework for starting test servers.
 # Based on the type of server specified, check for port availability, remove

From 608c78b88cf6abb81fe7cb8a16e6357f7bd2fc57 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 14 Jun 2005 23:25:46 +0000
Subject: [PATCH 119/148] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 6a11d57895..36e3649120 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -31,6 +31,7 @@ rt13587				review
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
 rt14815				open	marka
+rt14815a			new	
 rt14855				open		// 9.4 ARM review	
 rt14890				new	
 rt14892				new	

From 2f3f5552624e5a237dad89bcb70aa19335e6e7e8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 15 Jun 2005 23:29:06 +0000
Subject: [PATCH 120/148] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 36e3649120..35df2dd252 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -36,6 +36,8 @@ rt14855				open		// 9.4 ARM review
 rt14890				new	
 rt14892				new	
 rt14895				new	
+rt14916				new	
+rt2471				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From c528bd698637d84a0081d26a58813607c7f52bb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 16 Jun 2005 21:58:00 +0000
Subject: [PATCH 121/148] provided __asm version of assembly code for atomic
 atomic operations for better compatibility.

(this is a temporary resolution so that this one won't block other tests.
we'll revisit this change when we figure out performance implication of
the __asm version.)
---
 configure.in                         | 61 +++++++++++++++++----
 lib/isc/alpha/include/isc/atomic.h   | 10 ++--
 lib/isc/include/isc/platform.h.in    | 12 ++++-
 lib/isc/sparc64/include/isc/atomic.h | 10 +++-
 lib/isc/x86_32/include/isc/atomic.h  | 79 +++++++++++++++++++++++++++-
 5 files changed, 155 insertions(+), 17 deletions(-)

diff --git a/configure.in b/configure.in
index f3992b1881..16428beed9 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.378 $)
+AC_REVISION($Revision: 1.379 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)
@@ -1867,7 +1867,6 @@ if test "$use_atomic" = "yes"; then
 	AC_MSG_CHECKING([architecture type for atomic operations])
 	case "$host" in
 	[i[3456]86-*]|x86_64-*)
-		# XXX: also need to check portability of the "asm" keyword?
 		# XXX: some old x86 architectures actualy do not support
 		#      (some of) these operations.  Do we need stricter checks?
 		# Note: We currently use the same code for both the x86_32 and
@@ -1879,15 +1878,6 @@ if test "$use_atomic" = "yes"; then
 	alpha*-*)
 		have_atomic=yes
 		arch=alpha
-		if test "X$GCC" != "Xyes"; then
-			case "$host" in
-			*-dec-osf*)
-			# Tru64 compiler has its own syntax for inline
-			# assembly.
-			ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1"
-			;;
-			esac
-		fi
 	;;
 	*)
 		have_atomic=no
@@ -1897,6 +1887,52 @@ if test "$use_atomic" = "yes"; then
 	AC_MSG_RESULT($arch)
 fi
 
+if test "$have_atomic" = "yes"; then
+	AC_MSG_CHECKING([compiler support for inline assembly code])
+
+	compiler=generic
+	# Check whehter the compiler supports the assembly syntax we provide.
+	if test "X$GCC" = "Xyes"; then
+		# GCC's ASM extension always works
+		compiler=gcc
+	else
+		case "$host" in
+		alpha*-dec-osf*)
+			# Tru64 compiler has its own syntax for inline 
+			# assembly.
+			AC_TRY_COMPILE(, [
+#ifndef __DECC
+#error "unexpected compiler"
+#endif
+				return (0);],
+				[compiler=osf],)
+		;;
+		esac
+	fi
+	case "$compiler" in
+	gcc)
+		ISC_PLATFORM_USEGCCASM="#define ISC_PLATFORM_USEGCCASM 1"
+		;;
+	osf)
+		ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1"
+		;;
+	*)
+		# See if the generic __asm function works.  If not,
+		# we need to disable the atomic operations.
+		AC_TRY_LINK(, [
+					__asm("nop")
+				],
+		[compiler="standard"
+		ISC_PLATFORM_USESTDASM="#define ISC_PLATFORM_USESTDASM 1"],
+		[compiler="not supported (atomic operations disabled)"
+		have_atomic=no
+		arch=noatomic ]);
+		;;
+	esac
+
+	AC_MSG_RESULT($compiler)
+fi
+
 if test "$have_atomic" = "yes"; then
 	ISC_PLATFORM_HAVEXADD="#define ISC_PLATFORM_HAVEXADD 1"
 	ISC_PLATFORM_HAVECMPXCHG="#define ISC_PLATFORM_HAVECMPXCHG 1"
@@ -1910,7 +1946,10 @@ fi
 AC_SUBST(ISC_PLATFORM_HAVEXADD)
 AC_SUBST(ISC_PLATFORM_HAVECMPXCHG)
 AC_SUBST(ISC_PLATFORM_HAVEATOMICSTORE)
+
+AC_SUBST(ISC_PLATFORM_USEGCCASM)
 AC_SUBST(ISC_PLATFORM_USEOSFASM)
+AC_SUBST(ISC_PLATFORM_USESTDASM)
 
 ISC_ARCH_DIR=$arch
 AC_SUBST(ISC_ARCH_DIR)
diff --git a/lib/isc/alpha/include/isc/atomic.h b/lib/isc/alpha/include/isc/atomic.h
index 83fe91d08b..2eb4a1715d 100644
--- a/lib/isc/alpha/include/isc/atomic.h
+++ b/lib/isc/alpha/include/isc/atomic.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: atomic.h,v 1.2 2005/06/04 05:32:48 jinmei Exp $ */
+/* $Id: atomic.h,v 1.3 2005/06/16 21:57:59 jinmei Exp $ */
 
 /*
  * This code was written based on FreeBSD's kernel source whose copyright
@@ -107,7 +107,7 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
 		   "2:",
 		   p, cmpval, val));
 }
-#else  /* ISC_PLATFORM_USEOSFASM */
+#elif defined (ISC_PLATFORM_USEGCCASM)
 static inline isc_int32_t 
 isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
 	isc_int32_t temp, prev;
@@ -161,6 +161,10 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
 
 	return (prev);
 }
-#endif /* ISC_PLATFORM_USEOSFASM */
+#else
+
+#error "unsupported compiler.  disable atomic ops by --disable-atomic"
+
+#endif
 
 #endif /* ISC_ATOMIC_H */
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index c9333d9283..dc00bf310e 100644
--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: platform.h.in,v 1.38 2005/06/04 05:32:48 jinmei Exp $ */
+/* $Id: platform.h.in,v 1.39 2005/06/16 21:57:59 jinmei Exp $ */
 
 #ifndef ISC_PLATFORM_H
 #define ISC_PLATFORM_H 1
@@ -235,11 +235,21 @@
  */
 @ISC_PLATFORM_HAVECMPXCHG@
 
+/*
+ * Define if gcc ASM extension is available
+ */
+@ISC_PLATFORM_USEGCCASM@
+
 /*
  * Define if Tru64 style ASM syntax must be used.
  */
 @ISC_PLATFORM_USEOSFASM@
 
+/*
+ * Define if the standard __asm function must be used.
+ */
+@ISC_PLATFORM_USESTDASM@
+
 #ifndef ISC_PLATFORM_USEDECLSPEC
 #define LIBISC_EXTERNAL_DATA
 #define LIBDNS_EXTERNAL_DATA
diff --git a/lib/isc/sparc64/include/isc/atomic.h b/lib/isc/sparc64/include/isc/atomic.h
index 2d6cdd3e44..cd4fa18d8f 100644
--- a/lib/isc/sparc64/include/isc/atomic.h
+++ b/lib/isc/sparc64/include/isc/atomic.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: atomic.h,v 1.2 2005/06/04 05:32:49 jinmei Exp $ */
+/* $Id: atomic.h,v 1.3 2005/06/16 21:58:00 jinmei Exp $ */
 
 /*
  * This code was written based on FreeBSD's kernel source whose copyright
@@ -59,6 +59,8 @@
 
 #define	ASI_P	0x80		/* Primary Address Space Identifier */
 
+#ifdef ISC_PLATFORM_USEGCCASM
+
 /*
  * This routine atomically increments the value stored in 'p' by 'val', and
  * returns the previous value.
@@ -116,4 +118,10 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
 	return (temp);
 }
 
+#else  /* ISC_PLATFORM_USEGCCASM */
+
+#error "unsupported compiler.  disable atomic ops by --disable-atomic"
+
+#endif /* ISC_PLATFORM_USEGCCASM */
+
 #endif /* ISC_ATOMIC_H */
diff --git a/lib/isc/x86_32/include/isc/atomic.h b/lib/isc/x86_32/include/isc/atomic.h
index 807d6967ec..f123a54479 100644
--- a/lib/isc/x86_32/include/isc/atomic.h
+++ b/lib/isc/x86_32/include/isc/atomic.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: atomic.h,v 1.2 2005/06/04 05:32:50 jinmei Exp $ */
+/* $Id: atomic.h,v 1.3 2005/06/16 21:58:00 jinmei Exp $ */
 
 #ifndef ISC_ATOMIC_H
 #define ISC_ATOMIC_H 1
@@ -22,6 +22,7 @@
 #include 
 #include 
 
+#ifdef ISC_PLATFORM_USEGCCASM
 /*
  * This routine atomically increments the value stored in 'p' by 'val', and
  * returns the previous value.
@@ -55,6 +56,7 @@ isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
 		 */
 		"lock;"		
 #endif
+
 		"xchgl %1, %0"
 		:
 		: "r"(val), "m"(*p)
@@ -80,4 +82,79 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
 	return (cmpval);
 }
 
+#elif defined(ISC_PLATFORM_USESTDASM)
+/*
+ * The followings are "generic" assembly code which implements the same
+ * functionality in case the gcc extension cannot be used.  It should be
+ * better to avoid inlining below, since we directly refer to specific
+ * positions of the stack frame, which would not actually point to the
+ * intended address in the embedded mnemonic.
+ *
+ * XXX: this code may also not work on a 64-bit (w/o gcc) machine.
+ */
+#include 		/* for 'UNUSED' macro */
+
+static isc_int32_t
+isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) {
+	UNUSED(p);
+	UNUSED(val);
+
+	__asm (
+		"movl 8(%ebp), %ecx\n"
+		"movl 12(%ebp), %edx\n"
+#ifdef ISC_PLATFORM_USETHREADS
+		"lock;"
+#endif
+		"xadd %edx, (%ecx)\n"
+
+		/*
+		 * set the return value directly in the register so that we
+		 * can avoid guessing the correct position in the stack for a
+		 * local variable.
+		 */
+		"movl %edx, %eax"
+		);
+}
+
+static void
+isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+	UNUSED(p);
+	UNUSED(val);
+
+	__asm (
+		"movl 8(%ebp), %ecx\n"
+		"movl 12(%ebp), %edx\n"
+#ifdef ISC_PLATFORM_USETHREADS
+		"lock;"
+#endif
+		"xchgl (%ecx), %edx\n"
+		);
+}
+
+static isc_int32_t
+isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
+	UNUSED(p);
+	UNUSED(cmpval);
+	UNUSED(val);
+
+	__asm (
+		"movl 8(%ebp), %ecx\n"
+		"movl 12(%ebp), %eax\n"	/* must be %eax for cmpxchgl */
+		"movl 16(%ebp), %edx\n"
+#ifdef ISC_PLATFORM_USETHREADS
+		"lock;"
+#endif
+
+		/*
+		 * If (%ecx) == %eax then (%ecx) := %edx.
+		 % %eax is set to old (%ecx), which will be the return value.
+		 */
+		"cmpxchgl %edx, (%ecx)"
+		);
+}
+#else /* !ISC_PLATFORM_USEGCCASM && !ISC_PLATFORM_USESTDASM */
+
+#error "unsupported compiler.  disable atomic ops by --disable-atomic"
+
+#endif
 #endif /* ISC_ATOMIC_H */

From 2acaf2cfbb187e20ca31054e536c94031444a728 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 16 Jun 2005 21:59:33 +0000
Subject: [PATCH 122/148] regen

---
 configure | 154 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 141 insertions(+), 13 deletions(-)

diff --git a/configure b/configure
index d6e006d82d..3fe6163d9f 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.365 2005/06/08 02:09:18 marka Exp $
+# $Id: configure,v 1.366 2005/06/16 21:59:33 jinmei Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.378 .
+# From configure.in Revision: 1.379 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59.
 #
@@ -495,7 +495,7 @@ ac_includes_default="\
 # include 
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL LWRES_PLATFORM_NEEDSTRTOUL GENRANDOMLIB ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEOSFASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL LWRES_PLATFORM_NEEDSTRTOUL GENRANDOMLIB ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEGCCASM ISC_PLATFORM_USEOSFASM ISC_PLATFORM_USESTDASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
 ac_subst_files='BIND9_MAKE_INCLUDES BIND9_MAKE_RULES LIBISC_API LIBISCCC_API LIBISCCFG_API LIBDNS_API LIBBIND9_API LIBLWRES_API'
 
 # Initialize some variables set by options.
@@ -27462,7 +27462,6 @@ if test "$use_atomic" = "yes"; then
 echo $ECHO_N "checking architecture type for atomic operations... $ECHO_C" >&6
 	case "$host" in
 	i[3456]86-*|x86_64-*)
-		# XXX: also need to check portability of the "asm" keyword?
 		# XXX: some old x86 architectures actualy do not support
 		#      (some of) these operations.  Do we need stricter checks?
 		# Note: We currently use the same code for both the x86_32 and
@@ -27474,15 +27473,6 @@ echo $ECHO_N "checking architecture type for atomic operations... $ECHO_C" >&6
 	alpha*-*)
 		have_atomic=yes
 		arch=alpha
-		if test "X$GCC" != "Xyes"; then
-			case "$host" in
-			*-dec-osf*)
-			# Tru64 compiler has its own syntax for inline
-			# assembly.
-			ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1"
-			;;
-			esac
-		fi
 	;;
 	*)
 		have_atomic=no
@@ -27493,6 +27483,139 @@ echo $ECHO_N "checking architecture type for atomic operations... $ECHO_C" >&6
 echo "${ECHO_T}$arch" >&6
 fi
 
+if test "$have_atomic" = "yes"; then
+	echo "$as_me:$LINENO: checking compiler support for inline assembly code" >&5
+echo $ECHO_N "checking compiler support for inline assembly code... $ECHO_C" >&6
+
+	compiler=generic
+	# Check whehter the compiler supports the assembly syntax we provide.
+	if test "X$GCC" = "Xyes"; then
+		# GCC's ASM extension always works
+		compiler=gcc
+	else
+		case "$host" in
+		alpha*-dec-osf*)
+			# Tru64 compiler has its own syntax for inline
+			# assembly.
+			cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+#ifndef __DECC
+#error "unexpected compiler"
+#endif
+				return (0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  compiler=osf
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+		;;
+		esac
+	fi
+	case "$compiler" in
+	gcc)
+		ISC_PLATFORM_USEGCCASM="#define ISC_PLATFORM_USEGCCASM 1"
+		;;
+	osf)
+		ISC_PLATFORM_USEOSFASM="#define ISC_PLATFORM_USEOSFASM 1"
+		;;
+	*)
+		# See if the generic __asm function works.  If not,
+		# we need to disable the atomic operations.
+		cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+					__asm("nop")
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  compiler="standard"
+		ISC_PLATFORM_USESTDASM="#define ISC_PLATFORM_USESTDASM 1"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+compiler="not supported (atomic operations disabled)"
+		have_atomic=no
+		arch=noatomic
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext;
+		;;
+	esac
+
+	echo "$as_me:$LINENO: result: $compiler" >&5
+echo "${ECHO_T}$compiler" >&6
+fi
+
 if test "$have_atomic" = "yes"; then
 	ISC_PLATFORM_HAVEXADD="#define ISC_PLATFORM_HAVEXADD 1"
 	ISC_PLATFORM_HAVECMPXCHG="#define ISC_PLATFORM_HAVECMPXCHG 1"
@@ -27508,6 +27631,9 @@ fi
 
 
 
+
+
+
 ISC_ARCH_DIR=$arch
 
 
@@ -28813,7 +28939,9 @@ s,@ISC_PLATFORM_HAVEIFNAMETOINDEX@,$ISC_PLATFORM_HAVEIFNAMETOINDEX,;t t
 s,@ISC_PLATFORM_HAVEXADD@,$ISC_PLATFORM_HAVEXADD,;t t
 s,@ISC_PLATFORM_HAVECMPXCHG@,$ISC_PLATFORM_HAVECMPXCHG,;t t
 s,@ISC_PLATFORM_HAVEATOMICSTORE@,$ISC_PLATFORM_HAVEATOMICSTORE,;t t
+s,@ISC_PLATFORM_USEGCCASM@,$ISC_PLATFORM_USEGCCASM,;t t
 s,@ISC_PLATFORM_USEOSFASM@,$ISC_PLATFORM_USEOSFASM,;t t
+s,@ISC_PLATFORM_USESTDASM@,$ISC_PLATFORM_USESTDASM,;t t
 s,@ISC_ARCH_DIR@,$ISC_ARCH_DIR,;t t
 s,@LATEX@,$LATEX,;t t
 s,@PDFLATEX@,$PDFLATEX,;t t

From a0e9df38e5039143074bdd13aa9a04894ea4a745 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 16 Jun 2005 23:28:22 +0000
Subject: [PATCH 123/148] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 35df2dd252..4d47880537 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -37,6 +37,8 @@ rt14890				new
 rt14892				new	
 rt14895				new	
 rt14916				new	
+rt14918				new	
+rt14919				new	
 rt2471				new	
 rt5206_1			open	marka
 rt6432				open	marka

From 83a56f1e4f2d11fa895ceff4342fff7157910036 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 17 Jun 2005 01:00:08 +0000
Subject: [PATCH 124/148] 1886.   [bug]           Fix unreasonably low quantum
 on call to                         dns_rbt_destroy2().  Remove unnecessay
 unhash_node()                         call. [RT #14919]

---
 CHANGES         | 4 ++++
 lib/dns/rbt.c   | 7 +++++--
 lib/dns/rbtdb.c | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index fc12d53a06..8bb442dda6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+1886.	[bug]		Fix unreasonably low quantum on call to
+			dns_rbt_destroy2().  Remove unnecessay unhash_node()
+			call. [RT #14919]
+
 1885.	[func]		Additional memory debugging support to track size
 			and mctx arguements. [RT #14814]
 
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index 1f3463f9ec..74523d96bd 100644
--- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbt.c,v 1.133 2005/06/04 05:32:46 jinmei Exp $ */
+/* $Id: rbt.c,v 1.134 2005/06/17 01:00:08 marka Exp $ */
 
 /*! \file */
 
@@ -2082,7 +2082,10 @@ dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum,
 	if (DATA(node) != NULL && rbt->data_deleter2 != NULL)
 		rbt->data_deleter2(node, rbt->deleter_arg);
 
-	unhash_node(rbt, node);
+	/*
+	 * Note: we don't call unhash_node() here as we are destroying
+	 * the complete rbt tree. 
+         */
 #if DNS_RBT_USEMAGIC
 	node->magic = 0;
 #endif
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index ef477d715f..e3c3c579f4 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.207 2005/06/04 05:32:46 jinmei Exp $ */
+/* $Id: rbtdb.c,v 1.208 2005/06/17 01:00:08 marka Exp $ */
 
 /*! \file */
 
@@ -566,7 +566,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
  again:
 	if (rbtdb->tree != NULL) {
 		result = dns_rbt_destroy2(&rbtdb->tree,
-					  (rbtdb->task != NULL) ? 5 : 0);
+					  (rbtdb->task != NULL) ? 1000 : 0);
 		if (result == ISC_R_QUOTA) {
 			INSIST(rbtdb->task != NULL);
 			if (event == NULL)

From 9b80f3a7c739a99b498a37a711a51b6a88df3a78 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 17 Jun 2005 01:58:23 +0000
Subject: [PATCH 125/148] 1887.   [func]          Detect duplicates of UDP
 queries we are recursing on                         and drop them.  New stats
 category "duplicates".                         [RT #14892]

---
 CHANGES                        |  4 +++
 bin/named/query.c              | 59 +++++++++++++++++++++++-----------
 lib/dns/include/dns/resolver.h | 29 ++++++++++++++---
 lib/dns/include/dns/result.h   |  5 +--
 lib/dns/include/dns/stats.h    |  7 ++--
 lib/dns/resolver.c             | 45 +++++++++++++++++++++++---
 lib/dns/result.c               |  5 +--
 lib/dns/stats.c                |  5 +--
 8 files changed, 124 insertions(+), 35 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8bb442dda6..b9b5c4cb9e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+1887.	[func]		Detect duplicates of UDP queries we are recursing on
+			and drop them.  New stats category "duplicates".
+			[RT #14892]
+
 1886.	[bug]		Fix unreasonably low quantum on call to
 			dns_rbt_destroy2().  Remove unnecessay unhash_node()
 			call. [RT #14919]
diff --git a/bin/named/query.c b/bin/named/query.c
index a9f8742bb8..8c15ad54cf 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.266 2005/05/16 05:33:42 marka Exp $ */
+/* $Id: query.c,v 1.267 2005/06/17 01:58:21 marka Exp $ */
 
 /*! \file */
 
@@ -161,7 +161,10 @@ query_error(ns_client_t *client, isc_result_t result) {
 
 static void
 query_next(ns_client_t *client, isc_result_t result) {
-	inc_stats(client, dns_statscounter_failure);
+	if (result == DNS_R_DUPLICATE)
+		inc_stats(client, dns_statscounter_duplicate);
+	else
+		inc_stats(client, dns_statscounter_failure);
 	ns_client_next(client, result);
 }
 
@@ -2681,6 +2684,7 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
 {
 	isc_result_t result;
 	dns_rdataset_t *rdataset, *sigrdataset;
+	isc_sockaddr_t *peeraddr;
 
 	inc_stats(client, dns_statscounter_recursion);
 
@@ -2744,14 +2748,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
 
 	if (client->query.timerset == ISC_FALSE)
 		ns_client_settimeout(client, 60);
-	result = dns_resolver_createfetch(client->view->resolver,
-					  client->query.qname,
-					  qtype, qdomain, nameservers,
-					  NULL, client->query.fetchoptions,
-					  client->task,
-					  query_resume, client,
-					  rdataset, sigrdataset,
-					  &client->query.fetch);
+	if ((client->attributes & NS_CLIENTATTR_TCP) == 0)
+		peeraddr = &client->peeraddr;
+	else
+		peeraddr = NULL;
+	result = dns_resolver_createfetch2(client->view->resolver,
+					   client->query.qname,
+					   qtype, qdomain, nameservers,
+					   NULL, peeraddr, client->message->id,
+					   client->query.fetchoptions,
+					   client->task,
+					   query_resume, client,
+					   rdataset, sigrdataset,
+					   &client->query.fetch);
 
 	if (result == ISC_R_SUCCESS) {
 		/*
@@ -3219,7 +3228,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 				if (result == ISC_R_SUCCESS)
 					client->query.attributes |=
 						NS_QUERYATTR_RECURSING;
-				else {
+				else if (result == DNS_R_DUPLICATE) {
+					/* Duplicate query. */
+					QUERY_ERROR(result);
+				} else {
 					/* Unable to recurse. */
 					QUERY_ERROR(DNS_R_SERVFAIL);
 				}
@@ -3389,6 +3401,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 				if (result == ISC_R_SUCCESS)
 					client->query.attributes |=
 						NS_QUERYATTR_RECURSING;
+				else if (result == DNS_R_DUPLICATE)
+					QUERY_ERROR(result);
 				else
 					QUERY_ERROR(DNS_R_SERVFAIL);
 			} else {
@@ -3930,13 +3944,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 
 	if (eresult != ISC_R_SUCCESS &&
 	    (!PARTIALANSWER(client) || WANTRECURSION(client))) {
-		/*
-		 * If we don't have any answer to give the client,
-		 * or if the client requested recursion and thus wanted
-		 * the complete answer, send an error response.
-		 */
-		 query_error(client, eresult);
-		 ns_client_detach(&client);
+		if (eresult == DNS_R_DUPLICATE) {
+			/*
+			 * This was a duplicate query that we are
+			 * recursing on.  Don't send a response now.
+			 * The original query will still cause a response.
+			 */
+			query_next(client, eresult);
+		} else {
+			/*
+			 * If we don't have any answer to give the client,
+			 * or if the client requested recursion and thus wanted
+			 * the complete answer, send an error response.
+			 */
+			query_error(client, eresult);
+		}
+		ns_client_detach(&client);
 	} else if (!RECURSING(client)) {
 		/*
 		 * We are done.  Set up sortlist data for the message
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index a6555b601b..2efa26c899 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.h,v 1.45 2005/06/07 00:16:01 marka Exp $ */
+/* $Id: resolver.h,v 1.46 2005/06/17 01:58:23 marka Exp $ */
 
 #ifndef DNS_RESOLVER_H
 #define DNS_RESOLVER_H 1
@@ -65,9 +65,9 @@ ISC_LANG_BEGINDECLS
  * 'node', 'rdataset', and 'sigrdataset' may be bound.  It is the
  * receiver's responsibility to detach before freeing the event.
  * \brief
- * 'rdataset' and 'sigrdataset' are the values that were supplied when
- * dns_resolver_createfetch() was called.  They are returned to the
- * caller so that they may be freed.
+ * 'rdataset', 'sigrdataset', 'client' and 'id' are the values that were
+ * supplied when dns_resolver_createfetch() was called.  They are returned
+ *  to the caller so that they may be freed.
  */
 typedef struct dns_fetchevent {
 	ISC_EVENT_COMMON(struct dns_fetchevent);
@@ -79,6 +79,8 @@ typedef struct dns_fetchevent {
 	dns_rdataset_t *		rdataset;
 	dns_rdataset_t *		sigrdataset;
 	dns_fixedname_t			foundname;
+	isc_sockaddr_t *		client;
+	dns_messageid_t			id;
 } dns_fetchevent_t;
 
 /*
@@ -240,6 +242,18 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
 			 dns_rdataset_t *rdataset,
 			 dns_rdataset_t *sigrdataset,
 			 dns_fetch_t **fetchp);
+
+isc_result_t
+dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+			  dns_rdatatype_t type,
+			  dns_name_t *domain, dns_rdataset_t *nameservers,
+			  dns_forwarders_t *forwarders,
+			  isc_sockaddr_t *client, isc_uint16_t id,
+			  unsigned int options, isc_task_t *task,
+			  isc_taskaction_t action, void *arg,
+			  dns_rdataset_t *rdataset,
+			  dns_rdataset_t *sigrdataset,
+			  dns_fetch_t **fetchp);
 /*%<
  * Recurse to answer a question.
  *
@@ -262,6 +276,10 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
  *\li	The values of 'rdataset' and 'sigrdataset' will be returned in
  *	the FETCHDONE event.
  *
+ *\li	'client' and 'id' are used for duplicate query detection.  '*client'
+ *	must remain stable until after 'action' has been called or
+ *	dns_resolver_cancelfetch() is called.
+ *
  * Requires:
  *
  *\li	'res' is a valid resolver that has been frozen.
@@ -277,6 +295,8 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
  *
  *\li	'forwarders' is NULL.
  *
+ *\li	'client' is a valid sockaddr or NULL.
+ *
  *\li	'options' contains valid options.
  *
  *\li	'rdataset' is a valid, disassociated rdataset.
@@ -288,6 +308,7 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
  * Returns:
  *
  *\li	#ISC_R_SUCCESS					Success
+ *\li	#DNS_R_DUPLICATE
  *
  *\li	Many other values are possible, all of which indicate failure.
  */
diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h
index 5e6d5c61ef..b430ee5056 100644
--- a/lib/dns/include/dns/result.h
+++ b/lib/dns/include/dns/result.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.h,v 1.109 2005/05/19 04:59:04 marka Exp $ */
+/* $Id: result.h,v 1.110 2005/06/17 01:58:23 marka Exp $ */
 
 #ifndef DNS_RESULT_H
 #define DNS_RESULT_H 1
@@ -146,8 +146,9 @@
 #define DNS_R_MUSTBESECURE		(ISC_RESULTCLASS_DNS + 100)
 #define DNS_R_COVERINGNSEC		(ISC_RESULTCLASS_DNS + 101)
 #define DNS_R_MXISADDRESS		(ISC_RESULTCLASS_DNS + 102)
+#define DNS_R_DUPLICATE			(ISC_RESULTCLASS_DNS + 103)
 
-#define DNS_R_NRESULTS			103	/*%< Number of results */
+#define DNS_R_NRESULTS			104	/*%< Number of results */
 
 /*
  * DNS wire format rcodes.
diff --git a/lib/dns/include/dns/stats.h b/lib/dns/include/dns/stats.h
index 69eb74846c..2ec3f44a2c 100644
--- a/lib/dns/include/dns/stats.h
+++ b/lib/dns/include/dns/stats.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stats.h,v 1.7 2005/04/29 00:23:04 marka Exp $ */
+/* $Id: stats.h,v 1.8 2005/06/17 01:58:23 marka Exp $ */
 
 #ifndef DNS_STATS_H
 #define DNS_STATS_H 1
@@ -33,10 +33,11 @@ typedef enum {
 	dns_statscounter_nxrrset = 2,    /*%< NXRRSET result */
 	dns_statscounter_nxdomain = 3,   /*%< NXDOMAIN result */
 	dns_statscounter_recursion = 4,  /*%< Recursion was used */
-	dns_statscounter_failure = 5     /*%< Some other failure */
+	dns_statscounter_failure = 5,    /*%< Some other failure */
+	dns_statscounter_duplicate = 6   /*%< Duplicate query */
 } dns_statscounter_t;
 
-#define DNS_STATS_NCOUNTERS 6
+#define DNS_STATS_NCOUNTERS 7
 
 LIBDNS_EXTERNAL_DATA extern const char *dns_statscounter_names[];
 
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index ae4e4cea10..5027cc9615 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.310 2005/06/07 00:27:33 marka Exp $ */
+/* $Id: resolver.c,v 1.311 2005/06/17 01:58:22 marka Exp $ */
 
 /*! \file */
 
@@ -2633,8 +2633,9 @@ fctx_start(isc_task_t *task, isc_event_t *event) {
  */
 
 static inline isc_result_t
-fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action,
-	  void *arg, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
+fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client,
+	  dns_messageid_t id, isc_taskaction_t action, void *arg,
+	  dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
 	  dns_fetch_t *fetch)
 {
 	isc_task_t *clone;
@@ -2664,6 +2665,8 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action,
 	event->rdataset = rdataset;
 	event->sigrdataset = sigrdataset;
 	event->fetch = fetch;
+	event->client = client;
+	event->id = id;
 	dns_fixedname_init(&event->foundname);
 
 	/*
@@ -6156,6 +6159,24 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
 			 dns_rdataset_t *rdataset,
 			 dns_rdataset_t *sigrdataset,
 			 dns_fetch_t **fetchp)
+{
+	return (dns_resolver_createfetch2(res, name, type, domain,
+					  nameservers, forwarders, NULL, 0,
+					  options, task, action, arg,
+					  rdataset, sigrdataset, fetchp));
+}
+
+isc_result_t
+dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+			  dns_rdatatype_t type,
+			  dns_name_t *domain, dns_rdataset_t *nameservers,
+			  dns_forwarders_t *forwarders,
+			  isc_sockaddr_t *client, dns_messageid_t id,
+			  unsigned int options, isc_task_t *task,
+			  isc_taskaction_t action, void *arg,
+			  dns_rdataset_t *rdataset,
+			  dns_rdataset_t *sigrdataset,
+			  dns_fetch_t **fetchp)
 {
 	dns_fetch_t *fetch;
 	fetchctx_t *fctx = NULL;
@@ -6206,6 +6227,22 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
 				break;
 		}
 	}
+	
+	/*
+	 * Is this a duplicate?
+	 */
+	if (fctx != NULL && client != NULL) {
+		dns_fetchevent_t *fevent;
+		for (fevent = ISC_LIST_HEAD(fctx->events);
+		     fevent != NULL;
+		     fevent = ISC_LIST_NEXT(fevent, ev_link)) {
+			if (fevent->client != NULL && fevent->id == id &&
+			    isc_sockaddr_equal(fevent->client, client)) {
+				result = DNS_R_DUPLICATE;
+				goto unlock;
+			}
+		}
+	}
 
 	/*
 	 * If we didn't have a fetch, would attach to a done fetch, this
@@ -6225,7 +6262,7 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
 		new_fctx = ISC_TRUE;
 	}
 
-	result = fctx_join(fctx, task, action, arg,
+	result = fctx_join(fctx, task, client, id, action, arg,
 			   rdataset, sigrdataset, fetch);
 	if (new_fctx) {
 		if (result == ISC_R_SUCCESS) {
diff --git a/lib/dns/result.c b/lib/dns/result.c
index 9885666a70..c6cc5fe2e3 100644
--- a/lib/dns/result.c
+++ b/lib/dns/result.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.c,v 1.120 2005/05/19 04:59:03 marka Exp $ */
+/* $Id: result.c,v 1.121 2005/06/17 01:58:22 marka Exp $ */
 
 /*! \file */
 
@@ -154,7 +154,8 @@ static const char *text[DNS_R_NRESULTS] = {
 
 	"must-be-secure",		       /*%< 100 DNS_R_MUSTBESECURE */
 	"covering NSEC record returned",       /*%< 101 DNS_R_COVERINGNSEC */
-	"MX is an address"		       /*%< 102 DNS_R_MXISADDRESS */
+	"MX is an address",		       /*%< 102 DNS_R_MXISADDRESS */
+	"duplicate query"		       /*%< 103 DNS_R_DUPLICATE */
 };
 
 static const char *rcode_text[DNS_R_NRCODERESULTS] = {
diff --git a/lib/dns/stats.c b/lib/dns/stats.c
index 8506c67500..e3418f35f3 100644
--- a/lib/dns/stats.c
+++ b/lib/dns/stats.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: stats.c,v 1.8 2005/04/29 00:22:52 marka Exp $ */
+/* $Id: stats.c,v 1.9 2005/06/17 01:58:22 marka Exp $ */
 
 /*! \file */
 
@@ -32,7 +32,8 @@ LIBDNS_EXTERNAL_DATA const char *dns_statscounter_names[DNS_STATS_NCOUNTERS] =
 	"nxrrset",
 	"nxdomain",
 	"recursion",
-	"failure"
+	"failure",
+	"duplicate"
 	};
 
 isc_result_t

From 016c0a82f1ce3fe4d362d7c9cf8de4377ffaf5a9 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 17 Jun 2005 02:22:45 +0000
Subject: [PATCH 126/148] 1888.   [func]          "USE INTERNAL MALLOC" is now
 runtime selectable.                         [RT #14892]

---
 CHANGES                     |   5 +-
 bin/check/named-checkconf.c |   3 +-
 lib/dns/dst_api.c           |  23 +++-
 lib/dns/openssl_link.c      |  35 +++++-
 lib/dns/openssldh_link.c    |   6 +-
 lib/dns/opensslrsa_link.c   |   4 +-
 lib/isc/include/isc/mem.h   |  35 ++++--
 lib/isc/mem.c               | 236 ++++++++++++++++--------------------
 lib/tests/t_api.c           |   4 +-
 9 files changed, 197 insertions(+), 154 deletions(-)

diff --git a/CHANGES b/CHANGES
index b9b5c4cb9e..92337a6ca1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
+1888.	[func]		"USE INTERNAL MALLOC" is now runtime selectable.
+			[RT #14892]
+
 1887.	[func]		Detect duplicates of UDP queries we are recursing on
 			and drop them.  New stats category "duplicates".
-			[RT #14892]
+			[RT #2471]
 
 1886.	[bug]		Fix unreasonably low quantum on call to
 			dns_rbt_destroy2().  Remove unnecessay unhash_node()
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index c730675d17..9cda04ca49 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.32 2005/05/19 04:58:59 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.33 2005/06/17 02:22:43 marka Exp $ */
 
 /*! \file */
 
@@ -48,7 +48,6 @@
 #include "check-tool.h"
 
 isc_log_t *logc = NULL;
-static isc_entropy_t *ectx = NULL;
 
 #define CHECK(r)\
 	do { \
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 8fe5f4d747..c82cd55c72 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.3 2005/04/29 00:22:45 marka Exp $
+ * $Id: dst_api.c,v 1.4 2005/06/17 02:22:43 marka Exp $
  */
 
 /*! \file */
@@ -109,6 +109,20 @@ static isc_result_t	addsuffix(char *filename, unsigned int len,
 			return (_r);		\
 	} while (0);				\
 
+static void *
+default_memalloc(void *arg, size_t size) {
+        UNUSED(arg);
+        if (size == 0U)
+                size = 1;
+        return (malloc(size));
+}
+
+static void
+default_memfree(void *arg, void *ptr) {
+        UNUSED(arg);
+        free(ptr);
+}
+
 isc_result_t
 dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
 	isc_result_t result;
@@ -124,9 +138,12 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
 	 * When using --with-openssl, there seems to be no good way of not
 	 * leaking memory due to the openssl error handling mechanism.
 	 * Avoid assertions by using a local memory context and not checking
-	 * for leaks on exit.
+	 * for leaks on exit.  Note: as there are leaks we cannot use
+	 * ISC_MEMFLAG_INTERNAL as it will free up memory still being used
+	 * by libcrypto.
 	 */
-	result = isc_mem_create(0, 0, &dst__memory_pool);
+	result = isc_mem_createx2(0, 0, default_memalloc, default_memfree,
+				  NULL, &dst__memory_pool, 0);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 	isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE);
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 66af09ebbb..63b7b8674c 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.3 2005/04/29 00:22:49 marka Exp $
+ * $Id: openssl_link.c,v 1.4 2005/06/17 02:22:44 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -132,6 +132,11 @@ isc_result_t
 dst__openssl_init() {
 	isc_result_t result;
 
+#ifdef  DNS_CRYPTO_LEAKS
+	CRYPTO_malloc_debug_init();
+	CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+#endif
 	CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
 	nlocks = CRYPTO_num_locks();
 	locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
@@ -179,19 +184,45 @@ dst__openssl_init() {
 
 void
 dst__openssl_destroy() {
+
+	/*
+	 * Sequence taken from apps_shutdown() in .
+	 */
+	CONF_modules_unload(1);
+	EVP_cleanup();
+#ifdef USE_ENGINE
+	ENGINE_cleanup();
+#endif
+	CRYPTO_cleanup_all_ex_data();
+	ERR_clear_error();
+	ERR_free_strings();
+	ERR_remove_state(0);
+
+#ifdef  DNS_CRYPTO_LEAKS
+	CRYPTO_mem_leaks_fp(stderr);
+#endif
+
+#if 0
+	/*
+	 * The old error sequence that leaked.  Remove for 9.4.1 if
+	 * there are no issues by then.
+	 */
 	ERR_clear_error();
 #ifdef USE_ENGINE
 	if (e != NULL) {
 		ENGINE_free(e);
 		e = NULL;
 	}
+#endif
 #endif
 	if (locks != NULL) {
 		DESTROYMUTEXBLOCK(locks, nlocks);
 		mem_free(locks);
 	}
-	if (rm != NULL)
+	if (rm != NULL) {
+		RAND_cleanup();
 		mem_free(rm);
+	}
 }
 
 isc_result_t
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index 7c1e50e00e..5c99f72a35 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.3 2005/04/29 00:22:49 marka Exp $
+ * $Id: openssldh_link.c,v 1.4 2005/06/17 02:22:44 marka Exp $
  */
 
 #ifdef OPENSSL
@@ -149,7 +149,7 @@ openssldh_generate(dst_key_t *key, int generator) {
 		{
 			dh = DH_new();
 			if (dh == NULL)
-				return (ISC_R_NOMEMORY);
+				return (dst__openssl_toresult(ISC_R_NOMEMORY));
 			if (key->key_size == 768)
 				dh->p = &bn768;
 			else if (key->key_size == 1024)
@@ -285,7 +285,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
 
 	dh = DH_new();
 	if (dh == NULL)
-		return (ISC_R_NOMEMORY);
+		return (dst__openssl_toresult(ISC_R_NOMEMORY));
 	dh->flags &= ~DH_FLAG_CACHE_MONT_P;
 
 	/*
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 85dd9af1ac..2e1f1e63d7 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.3 2005/04/29 00:22:49 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.4 2005/06/17 02:22:44 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -342,7 +342,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
 
 	rsa = RSA_new();
 	if (rsa == NULL)
-		return (ISC_R_NOMEMORY);
+		return (dst__openssl_toresult(ISC_R_NOMEMORY));
 	SET_FLAGS(rsa);
 
 	if (r.length < 1) {
diff --git a/lib/isc/include/isc/mem.h b/lib/isc/include/isc/mem.h
index 19acbd2eb0..9df5582139 100644
--- a/lib/isc/include/isc/mem.h
+++ b/lib/isc/include/isc/mem.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mem.h,v 1.64 2005/06/10 07:00:20 marka Exp $ */
+/* $Id: mem.h,v 1.65 2005/06/17 02:22:44 marka Exp $ */
 
 #ifndef ISC_MEM_H
 #define ISC_MEM_H 1
@@ -126,10 +126,30 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging;
 #define _ISC_MEM_FLARG
 #endif
 
+/*!
+ * Define ISC_MEM_USE_INTERNAL_MALLOC=1 to use the internal malloc()
+ * implementation in preference to the system one.  The internal malloc()
+ * is very space-efficient, and quite fast on uniprocessor systems.  It
+ * performs poorly on multiprocessor machines.
+ * JT: we can overcome the performance issue on multiprocessor machines
+ * by carefully separating memory contexts.
+ */
+
+#ifndef ISC_MEM_USE_INTERNAL_MALLOC
+#define ISC_MEM_USE_INTERNAL_MALLOC 1
+#endif
+
 /*
  * Flags for isc_mem_create2()calls.
  */
 #define ISC_MEMFLAG_NOLOCK	0x00000001	 /* no lock is necessary */
+#define ISC_MEMFLAG_INTERNAL	0x00000002	 /* use internal malloc */
+#if ISC_MEM_USE_INTERNAL_MALLOC
+#define ISC_MEMFLAG_DEFAULT 	ISC_MEMFLAG_INTERNAL
+#else
+#define ISC_MEMFLAG_DEFAULT 	0
+#endif
+
 
 #define isc_mem_get(c, s)	isc__mem_get((c), (s) _ISC_MEM_FILELINE)
 #define isc_mem_allocate(c, s)	isc__mem_allocate((c), (s) _ISC_MEM_FILELINE)
@@ -217,13 +237,12 @@ isc_mem_createx2(size_t max_size, size_t target_size,
  * \brief Create a memory context.
  *
  * 'max_size' and 'target_size' are tuning parameters.  When
- * ISC_MEM_USE_INTERNAL_MALLOC is true, allocations smaller than
- * 'max_size' will be satisfied by getting blocks of size
- * 'target_size' from the system allocator and breaking them up into
- * pieces; larger allocations will use the system allocator directly.
- * If 'max_size' and/or 'target_size' are zero, default values will be
- * used.  When ISC_MEM_USE_INTERNAL_MALLOC is false, 'target_size' is
- * ignored.
+ * ISC_MEMFLAG_INTERNAL is set, allocations smaller than 'max_size'
+ * will be satisfied by getting blocks of size 'target_size' from the
+ * system allocator and breaking them up into pieces; larger allocations
+ * will use the system allocator directly. If 'max_size' and/or
+ * 'target_size' are zero, default values will be * used.  When
+ * ISC_MEMFLAG_INTERNAL is not set, 'target_size' is ignored.
  *
  * 'max_size' is also used to size the statistics arrays and the array
  * used to record active memory when ISC_MEM_DEBUGRECORD is set.  Settin
diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index f15f731710..387a97bc94 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: mem.c,v 1.121 2005/06/10 07:00:19 marka Exp $ */
+/* $Id: mem.c,v 1.122 2005/06/17 02:22:44 marka Exp $ */
 
 /*! \file */
 
@@ -44,18 +44,6 @@
 #endif
 LIBISC_EXTERNAL_DATA unsigned int isc_mem_debugging = ISC_MEM_DEBUGGING;
 
-/*!
- * Define ISC_MEM_USE_INTERNAL_MALLOC=1 to use the internal malloc()
- * implementation in preference to the system one.  The internal malloc()
- * is very space-efficient, and quite fast on uniprocessor systems.  It
- * performs poorly on multiprocessor machines.
- * JT: we can overcome the performance issue on multiprocessor machines
- * by carefully separating memory contexts.
- */
-#ifndef ISC_MEM_USE_INTERNAL_MALLOC
-#define ISC_MEM_USE_INTERNAL_MALLOC 1
-#endif
-
 /*
  * Constants.
  */
@@ -107,10 +95,8 @@ typedef struct {
 struct stats {
 	unsigned long		gets;
 	unsigned long		totalgets;
-#if ISC_MEM_USE_INTERNAL_MALLOC
 	unsigned long		blocks;
 	unsigned long		freefrags;
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 };
 
 #define MEM_MAGIC		ISC_MAGIC('M', 'e', 'm', 'C')
@@ -143,7 +129,7 @@ struct isc_mem {
 	void *			water_arg;
 	ISC_LIST(isc_mempool_t)	pools;
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
+	/*  ISC_MEMFLAG_INTERNAL */
 	size_t			mem_target;
 	element **		freelists;
 	element *		basic_blocks;
@@ -152,7 +138,6 @@ struct isc_mem {
 	unsigned int		basic_table_size;
 	unsigned char *		lowest;
 	unsigned char *		highest;
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 
 #if ISC_MEM_TRACKLINES
 	debuglist_t *	 	debuglist;
@@ -318,7 +303,6 @@ delete_trace_entry(isc_mem_t *mctx, const void *ptr, unsigned int size,
 }
 #endif /* ISC_MEM_TRACKLINES */
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
 static inline size_t
 rmsize(size_t size) {
 	/*
@@ -598,8 +582,6 @@ mem_putunlocked(isc_mem_t *ctx, void *mem, size_t size) {
 	ctx->inuse -= new_size;
 }
 
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-
 /*!
  * Perform a malloc, doing memory filling and overrun detection as necessary.
  */
@@ -680,8 +662,6 @@ mem_putstats(isc_mem_t *ctx, void *ptr, size_t size) {
 	}
 }
 
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
-
 /*
  * Private.
  */
@@ -710,7 +690,7 @@ isc_mem_createx(size_t init_max_size, size_t target_size,
 		isc_mem_t **ctxp)
 {
 	return (isc_mem_createx2(init_max_size, target_size, memalloc, memfree,
-				 arg, ctxp, 0));
+				 arg, ctxp, ISC_MEMFLAG_DEFAULT));
 				 
 }
 
@@ -728,10 +708,6 @@ isc_mem_createx2(size_t init_max_size, size_t target_size,
 
 	INSIST((ALIGNMENT_SIZE & (ALIGNMENT_SIZE - 1)) == 0);
 
-#if !ISC_MEM_USE_INTERNAL_MALLOC
-	UNUSED(target_size);
-#endif
-
 	ctx = (memalloc)(arg, sizeof(*ctx));
 	if (ctx == NULL)
 		return (ISC_R_NOMEMORY);
@@ -774,10 +750,13 @@ isc_mem_createx2(size_t init_max_size, size_t target_size,
 	ctx->debuglist = NULL;
 #endif
 	ISC_LIST_INIT(ctx->pools);
-
-#if ISC_MEM_USE_INTERNAL_MALLOC
 	ctx->freelists = NULL;
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+	ctx->basic_blocks = NULL;
+	ctx->basic_table = NULL;
+	ctx->basic_table_count = 0;
+	ctx->basic_table_size = 0;
+	ctx->lowest = NULL;
+	ctx->highest = NULL;
 
 	ctx->stats = (memalloc)(arg,
 				(ctx->max_size+1) * sizeof(struct stats));
@@ -787,25 +766,20 @@ isc_mem_createx2(size_t init_max_size, size_t target_size,
 	}
 	memset(ctx->stats, 0, (ctx->max_size + 1) * sizeof(struct stats));
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	if (target_size == 0)
-		ctx->mem_target = DEF_MEM_TARGET;
-	else
-		ctx->mem_target = target_size;
-	ctx->freelists = (memalloc)(arg, ctx->max_size * sizeof(element *));
-	if (ctx->freelists == NULL) {
-		result = ISC_R_NOMEMORY;
-		goto error;
+	if ((flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		if (target_size == 0)
+			ctx->mem_target = DEF_MEM_TARGET;
+		else
+			ctx->mem_target = target_size;
+		ctx->freelists = (memalloc)(arg, ctx->max_size *
+						 sizeof(element *));
+		if (ctx->freelists == NULL) {
+			result = ISC_R_NOMEMORY;
+			goto error;
+		}
+		memset(ctx->freelists, 0,
+		       ctx->max_size * sizeof(element *));
 	}
-	memset(ctx->freelists, 0,
-	       ctx->max_size * sizeof(element *));
-	ctx->basic_blocks = NULL;
-	ctx->basic_table = NULL;
-	ctx->basic_table_count = 0;
-	ctx->basic_table_size = 0;
-	ctx->lowest = NULL;
-	ctx->highest = NULL;
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 
 #if ISC_MEM_TRACKLINES
 	if ((isc_mem_debugging & ISC_MEM_DEBUGRECORD) != 0) {
@@ -831,10 +805,8 @@ isc_mem_createx2(size_t init_max_size, size_t target_size,
 	if (ctx != NULL) {
 		if (ctx->stats != NULL)
 			(memfree)(arg, ctx->stats);
-#if ISC_MEM_USE_INTERNAL_MALLOC
 		if (ctx->freelists != NULL)
 			(memfree)(arg, ctx->freelists);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 #if ISC_MEM_TRACKLINES
 		if (ctx->debuglist != NULL)
 			(ctx->memfree)(ctx->arg, ctx->debuglist);
@@ -853,7 +825,7 @@ isc_mem_create(size_t init_max_size, size_t target_size,
 {
 	return (isc_mem_createx2(init_max_size, target_size,
 				 default_memalloc, default_memfree, NULL,
-				 ctxp, 0));
+				 ctxp, ISC_MEMFLAG_DEFAULT));
 }
 
 isc_result_t
@@ -872,9 +844,7 @@ destroy(isc_mem_t *ctx) {
 
 	ctx->magic = 0;
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
 	INSIST(ISC_LIST_EMPTY(ctx->pools));
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 
 #if ISC_MEM_TRACKLINES
 	if (ctx->debuglist != NULL) {
@@ -913,12 +883,12 @@ destroy(isc_mem_t *ctx) {
 
 	(ctx->memfree)(ctx->arg, ctx->stats);
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	for (i = 0; i < ctx->basic_table_count; i++)
-		(ctx->memfree)(ctx->arg, ctx->basic_table[i]);
-	(ctx->memfree)(ctx->arg, ctx->freelists);
-	(ctx->memfree)(ctx->arg, ctx->basic_table);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		for (i = 0; i < ctx->basic_table_count; i++)
+			(ctx->memfree)(ctx->arg, ctx->basic_table[i]);
+		(ctx->memfree)(ctx->arg, ctx->freelists);
+		(ctx->memfree)(ctx->arg, ctx->basic_table);
+	}
 
 	ondest = ctx->ondestroy;
 
@@ -1011,14 +981,15 @@ isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) {
 
 		return;
 	}
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	MCTXLOCK(ctx, &ctx->lock);
-	mem_putunlocked(ctx, ptr, size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-	mem_put(ctx, ptr, size);
-	MCTXLOCK(ctx, &ctx->lock);
-	mem_putstats(ctx, ptr, size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		MCTXLOCK(ctx, &ctx->lock);
+		mem_putunlocked(ctx, ptr, size);
+	} else {
+		mem_put(ctx, ptr, size);
+		MCTXLOCK(ctx, &ctx->lock);
+		mem_putstats(ctx, ptr, size);
+	}
 
 	DELETE_TRACE(ctx, ptr, size, file, line);
 	INSIST(ctx->references > 0);
@@ -1080,15 +1051,16 @@ isc__mem_get(isc_mem_t *ctx, size_t size FLARG) {
 
 	if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0)
 		return (isc__mem_allocate(ctx, size FLARG_PASS));
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	MCTXLOCK(ctx, &ctx->lock);
-	ptr = mem_getunlocked(ctx, size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-	ptr = mem_get(ctx, size);
-	MCTXLOCK(ctx, &ctx->lock);
-	if (ptr != NULL)
-		mem_getstats(ctx, size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		MCTXLOCK(ctx, &ctx->lock);
+		ptr = mem_getunlocked(ctx, size);
+	} else {
+		ptr = mem_get(ctx, size);
+		MCTXLOCK(ctx, &ctx->lock);
+		if (ptr != NULL)
+			mem_getstats(ctx, size);
+	}
 
 	ADD_TRACE(ctx, ptr, size, file, line);
 	if (ctx->hi_water != 0U && !ctx->hi_called &&
@@ -1133,14 +1105,14 @@ isc__mem_put(isc_mem_t *ctx, void *ptr, size_t size FLARG)
 		return;
 	}
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	MCTXLOCK(ctx, &ctx->lock);
-	mem_putunlocked(ctx, ptr, size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-	mem_put(ctx, ptr, size);
-	MCTXLOCK(ctx, &ctx->lock);
-	mem_putstats(ctx, ptr, size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		MCTXLOCK(ctx, &ctx->lock);
+		mem_putunlocked(ctx, ptr, size);
+	} else {
+		mem_put(ctx, ptr, size);
+		MCTXLOCK(ctx, &ctx->lock);
+		mem_putstats(ctx, ptr, size);
+	}
 
 	DELETE_TRACE(ctx, ptr, size, file, line);
 
@@ -1223,11 +1195,10 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) {
 		fprintf(out, "%s%5lu: %11lu gets, %11lu rem",
 			(i == ctx->max_size) ? ">=" : "  ",
 			(unsigned long) i, s->totalgets, s->gets);
-#if ISC_MEM_USE_INTERNAL_MALLOC
-		if (s->blocks != 0 || s->freefrags != 0)
+		if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0 &&
+		    (s->blocks != 0 || s->freefrags != 0))
 			fprintf(out, " (%lu bl, %lu ff)",
 				s->blocks, s->freefrags);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
 		fputc('\n', out);
 	}
 
@@ -1290,11 +1261,12 @@ isc__mem_allocateunlocked(isc_mem_t *ctx, size_t size) {
 	size += ALIGNMENT_SIZE;
 	if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0)
 		size += ALIGNMENT_SIZE;
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	si = mem_getunlocked(ctx, size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-	si = mem_get(ctx, size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0)
+		si = mem_getunlocked(ctx, size);
+	else
+		si = mem_get(ctx, size);
+
 	if (si == NULL)
 		return (NULL);
 	if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) {
@@ -1312,15 +1284,15 @@ isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) {
 
 	REQUIRE(VALID_CONTEXT(ctx));
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	MCTXLOCK(ctx, &ctx->lock);
-	si = isc__mem_allocateunlocked(ctx, size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-	si = isc__mem_allocateunlocked(ctx, size);
-	MCTXLOCK(ctx, &ctx->lock);
-	if (si != NULL)
-		mem_getstats(ctx, si[-1].u.size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		MCTXLOCK(ctx, &ctx->lock);
+		si = isc__mem_allocateunlocked(ctx, size);
+	} else {
+		si = isc__mem_allocateunlocked(ctx, size);
+		MCTXLOCK(ctx, &ctx->lock);
+		if (si != NULL)
+			mem_getstats(ctx, si[-1].u.size);
+	}
 
 #if ISC_MEM_TRACKLINES
 	ADD_TRACE(ctx, si, si[-1].u.size, file, line);
@@ -1363,14 +1335,14 @@ isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) {
 		size = si->u.size;
 	}
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
-	MCTXLOCK(ctx, &ctx->lock);
-	mem_putunlocked(ctx, si, size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-	mem_put(ctx, si, size);
-	MCTXLOCK(ctx, &ctx->lock);
-	mem_putstats(ctx, si, size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+	if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+		MCTXLOCK(ctx, &ctx->lock);
+		mem_putunlocked(ctx, si, size);
+	} else {
+		mem_put(ctx, si, size);
+		MCTXLOCK(ctx, &ctx->lock);
+		mem_putstats(ctx, si, size);
+	}
 
 	DELETE_TRACE(ctx, ptr, size, file, line);
 
@@ -1590,12 +1562,12 @@ isc_mempool_destroy(isc_mempool_t **mpctxp) {
 		item = mpctx->items;
 		mpctx->items = item->next;
 
-#if ISC_MEM_USE_INTERNAL_MALLOC
-		mem_putunlocked(mctx, item, mpctx->size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-		mem_put(mctx, item, mpctx->size);
-		mem_putstats(mctx, item, mpctx->size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+		if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+			mem_putunlocked(mctx, item, mpctx->size);
+		} else {
+			mem_put(mctx, item, mpctx->size);
+			mem_putstats(mctx, item, mpctx->size);
+		}
 	}
 	MCTXUNLOCK(mctx, &mctx->lock);
 
@@ -1665,13 +1637,13 @@ isc__mempool_get(isc_mempool_t *mpctx FLARG) {
 	 */
 	MCTXLOCK(mctx, &mctx->lock);
 	for (i = 0; i < mpctx->fillcount; i++) {
-#if ISC_MEM_USE_INTERNAL_MALLOC
-		item = mem_getunlocked(mctx, mpctx->size);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-		item = mem_get(mctx, mpctx->size);
-		if (item != NULL)
-			mem_getstats(mctx, mpctx->size);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+		if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+			item = mem_getunlocked(mctx, mpctx->size);
+		} else {
+			item = mem_get(mctx, mpctx->size);
+			if (item != NULL)
+				mem_getstats(mctx, mpctx->size);
+		}
 		if (item == NULL)
 			break;
 		item->next = mpctx->items;
@@ -1733,16 +1705,16 @@ isc__mempool_put(isc_mempool_t *mpctx, void *mem FLARG) {
 	 * If our free list is full, return this to the mctx directly.
 	 */
 	if (mpctx->freecount >= mpctx->freemax) {
-#if ISC_MEM_USE_INTERNAL_MALLOC
-		MCTXLOCK(mctx, &mctx->lock);
-		mem_putunlocked(mctx, mem, mpctx->size);
-		MCTXUNLOCK(mctx, &mctx->lock);
-#else /* ISC_MEM_USE_INTERNAL_MALLOC */
-		mem_put(mctx, mem, mpctx->size);
-		MCTXLOCK(mctx, &mctx->lock);
-		mem_putstats(mctx, mem, mpctx->size);
-		MCTXUNLOCK(mctx, &mctx->lock);
-#endif /* ISC_MEM_USE_INTERNAL_MALLOC */
+		if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+			MCTXLOCK(mctx, &mctx->lock);
+			mem_putunlocked(mctx, mem, mpctx->size);
+			MCTXUNLOCK(mctx, &mctx->lock);
+		} else {
+			mem_put(mctx, mem, mpctx->size);
+			MCTXLOCK(mctx, &mctx->lock);
+			mem_putstats(mctx, mem, mpctx->size);
+			MCTXUNLOCK(mctx, &mctx->lock);
+		}
 		if (mpctx->lock != NULL)
 			UNLOCK(mpctx->lock);
 		return;
diff --git a/lib/tests/t_api.c b/lib/tests/t_api.c
index 9321dc88a0..35f7bb79fc 100644
--- a/lib/tests/t_api.c
+++ b/lib/tests/t_api.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: t_api.c,v 1.56 2005/04/29 00:24:12 marka Exp $ */
+/* $Id: t_api.c,v 1.57 2005/06/17 02:22:45 marka Exp $ */
 
 /*! \file */
 
@@ -37,6 +37,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -121,6 +122,7 @@ main(int argc, char **argv) {
 	testspec_t		*pts;
 	struct sigaction	sa;
 
+	isc_mem_debugging = ISC_MEM_DEBUGRECORD;
 	first = ISC_TRUE;
 	subprocs = 1;
 	T_timeout = T_TCTOUT;

From 4643f4132791764ffe5820d24bb36b6789bc3dff Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 17 Jun 2005 03:15:37 +0000
Subject: [PATCH 127/148] update

---
 doc/private/branches | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index 4d47880537..b194db9172 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -25,21 +25,21 @@ rt11733				open	jakob
 rt11733b			open	jakob
 rt13489				review	marka
 rt13505				review	
-rt13555				open	marka
+rt13555				open	marka	// nslookup name failure
 rt13562				open	marka
 rt13587				review	
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
-rt14815				open	marka
-rt14815a			new	
+rt14815a			open	marka	// statistics blind spots
+rt14815a			closed		// abandoned	
 rt14855				open		// 9.4 ARM review	
-rt14890				new	
-rt14892				new	
-rt14895				new	
-rt14916				new	
-rt14918				new	
-rt14919				new	
-rt2471				new	
+rt14890				closed	
+rt14892				closed
+rt14895				open	jinmei	
+rt14916				open	marka	// lame cache to 
+rt14918				open	marka	// clients-per-query	
+rt14919				closed	
+rt2471				closed	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From bafbaadc0c5cf572005cb7ae75f8eb703a0c9440 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 17 Jun 2005 03:55:51 +0000
Subject: [PATCH 128/148] silence implicit function declaration warning

---
 lib/dns/openssl_link.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 63b7b8674c..8bbf6f5460 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.4 2005/06/17 02:22:44 marka Exp $
+ * $Id: openssl_link.c,v 1.5 2005/06/17 03:55:51 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -37,6 +37,8 @@
 
 #include 
 #include 
+#include 
+#include 
 #include 
 
 #if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER < 0x00907000L)

From 8c2490a92a8f6018ed1ca33c2f329878a50d9dc8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 17 Jun 2005 23:24:59 +0000
Subject: [PATCH 129/148] auto update

---
 doc/private/branches | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/private/branches b/doc/private/branches
index b194db9172..aadb83eb1f 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -30,16 +30,11 @@ rt13562				open	marka
 rt13587				review	
 rt13606				open	marka	// TSIG SHA256
 rt13662				open	marka	// rrset-order fixed
-rt14815a			open	marka	// statistics blind spots
-rt14815a			closed		// abandoned	
+rt14815				new	
 rt14855				open		// 9.4 ARM review	
-rt14890				closed	
-rt14892				closed
-rt14895				open	jinmei	
+rt14895				open	jinmei
 rt14916				open	marka	// lame cache to 
 rt14918				open	marka	// clients-per-query	
-rt14919				closed	
-rt2471				closed	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka
@@ -282,11 +277,16 @@ rt14775				closed
 rt14801				closed
 rt14802				closed
 rt14814				closed
+rt14815a			closed		// abandoned	
 rt14841				closed
 rt14846				closed
 rt14851				closed
 rt14873				closed
+rt14890				closed
+rt14892				closed
+rt14919				closed
 rt1572a				closed		// bad rt#
+rt2471				closed
 rt288				closed
 rt3445				closed
 rt3469				closed

From 6820d6f3233268f9abb2aadb6502cebbb56ea464 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sat, 18 Jun 2005 00:48:53 +0000
Subject: [PATCH 130/148] CONF_modules_unload(), ENGINE_cleanup() and
 CRYPTO_cleanup_all_ex_data() are not available in 0x0090607fL

---
 lib/dns/openssl_link.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 8bbf6f5460..2e4e974386 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -18,7 +18,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.5 2005/06/17 03:55:51 marka Exp $
+ * $Id: openssl_link.c,v 1.6 2005/06/18 00:48:53 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -190,12 +190,16 @@ dst__openssl_destroy() {
 	/*
 	 * Sequence taken from apps_shutdown() in .
 	 */
+#if (OPENSSL_VERSION_NUMBER > 0x0090607fL)
 	CONF_modules_unload(1);
+#endif
 	EVP_cleanup();
-#ifdef USE_ENGINE
+#if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER > 0x0090607fL
 	ENGINE_cleanup();
 #endif
+#if (OPENSSL_VERSION_NUMBER > 0x0090607fL)
 	CRYPTO_cleanup_all_ex_data();
+#endif
 	ERR_clear_error();
 	ERR_free_strings();
 	ERR_remove_state(0);

From 94271b0d993bfe4d4495208288e856e048a2d158 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 19 Jun 2005 05:49:22 +0000
Subject: [PATCH 131/148] extent timeout now that we are have memrecord on

---
 bin/tests/mem/Makefile.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/tests/mem/Makefile.in b/bin/tests/mem/Makefile.in
index c886c0a866..e2ba46675c 100644
--- a/bin/tests/mem/Makefile.in
+++ b/bin/tests/mem/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.30 2004/07/20 07:13:36 marka Exp $
+# $Id: Makefile.in,v 1.31 2005/06/19 05:49:22 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -46,7 +46,7 @@ t_mem@EXEEXT@: t_mem.@O@ ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_mem.@O@ ${LIBS}
 
 test: t_mem@EXEEXT@
-	-@./t_mem@EXEEXT@ -b @srcdir@ -q 300 -a
+	-@./t_mem@EXEEXT@ -b @srcdir@ -q 450 -a
 
 testhelp:
 	@./t_mem@EXEEXT@ -h

From 2fda20909f4bf1655176d9d9a3d3fcf572f58121 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 19 Jun 2005 22:12:31 +0000
Subject: [PATCH 132/148] simplify conditional code

---
 bin/dig/dighost.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 1fe537a0f5..2245102b04 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.278 2005/06/07 00:59:59 marka Exp $ */
+/* $Id: dighost.c,v 1.279 2005/06/19 22:12:31 marka Exp $ */
 
 /*! \file
  *  \note
@@ -2888,9 +2888,6 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 	}
 
 	if (!l->doing_xfr || l->xfr_q == query) {
-#ifdef DIG_SIGCHASE
-		int count = 0;
-#endif
 		if (msg->rcode != dns_rcode_noerror && l->origin != NULL) {
 			if (!next_origin(msg, query)) {
 				printmessage(query, msg, ISC_TRUE);
@@ -2903,11 +2900,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 				printmessage(query, msg, ISC_TRUE);
 		} else if (l->trace) {
 			int n = 0;
-#ifdef DIG_SIGCHASE
-			count = msg->counts[DNS_SECTION_ANSWER];
-#else
 			int count = msg->counts[DNS_SECTION_ANSWER];
-#endif
 
 			debug("in TRACE code");
 			if (!l->ns_search_only)

From 1fb4c62faaa2a097c9963e48dc4bf17dca360cee Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 19 Jun 2005 22:45:22 +0000
Subject: [PATCH 133/148] remove #define ROOTNS 1

---
 bin/dig/include/dig/dig.h | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index 4028ff73c5..52a19d71da 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.92 2005/06/07 00:15:59 marka Exp $ */
+/* $Id: dig.h,v 1.93 2005/06/19 22:45:22 marka Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -75,14 +75,6 @@
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
-#define ROOTNS 1
-/*%
- * Set the number of root servers to ask for information when running in
- * trace mode.
- * XXXMWS -- trace mode is currently semi-broken, and this number *MUST*
- * be 1.
- */
-
 /*
  * Defaults for the sigchase suboptions.  Consolidated here because
  * these control the layout of dig_lookup_t (among other things).

From 396819cd65e995b928b37dab86b3fb019922563c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 19 Jun 2005 22:56:03 +0000
Subject: [PATCH 134/148] style

---
 lib/isc/string.c | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/lib/isc/string.c b/lib/isc/string.c
index c8f760e1fc..796b79625c 100644
--- a/lib/isc/string.c
+++ b/lib/isc/string.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: string.c,v 1.14 2005/05/14 22:11:56 jakob Exp $ */
+/* $Id: string.c,v 1.15 2005/06/19 22:56:03 marka Exp $ */
 
 /*! \file */
 
@@ -95,8 +95,7 @@ isc_string_touint64(char *source, char **end, int base) {
 }
 
 isc_result_t
-isc_string_copy(char *target, size_t size, const char *source)
-{
+isc_string_copy(char *target, size_t size, const char *source) {
 	REQUIRE(size > 0);
 
 	if (strlcpy(target, source, size) >= size) {
@@ -110,8 +109,7 @@ isc_string_copy(char *target, size_t size, const char *source)
 }
 
 void
-isc_string_copy_truncate(char *target, size_t size, const char *source)
-{
+isc_string_copy_truncate(char *target, size_t size, const char *source) {
 	REQUIRE(size > 0);
 
 	strlcpy(target, source, size);
@@ -120,8 +118,7 @@ isc_string_copy_truncate(char *target, size_t size, const char *source)
 }
 
 isc_result_t
-isc_string_append(char *target, size_t size, const char *source)
-{
+isc_string_append(char *target, size_t size, const char *source) {
 	REQUIRE(size > 0);
 	REQUIRE(strlen(target) < size);
 
@@ -136,8 +133,7 @@ isc_string_append(char *target, size_t size, const char *source)
 }
 
 void
-isc_string_append_truncate(char *target, size_t size, const char *source)
-{
+isc_string_append_truncate(char *target, size_t size, const char *source) {
 	REQUIRE(size > 0);
 	REQUIRE(strlen(target) < size);
 
@@ -147,8 +143,7 @@ isc_string_append_truncate(char *target, size_t size, const char *source)
 }
 
 isc_result_t
-isc_string_printf(char *target, size_t size, const char *format, ...)
-{
+isc_string_printf(char *target, size_t size, const char *format, ...) {
 	va_list args;
 	size_t n;
 
@@ -169,8 +164,7 @@ isc_string_printf(char *target, size_t size, const char *format, ...)
 }
 
 void
-isc_string_printf_truncate(char *target, size_t size, const char *format, ...)
-{
+isc_string_printf_truncate(char *target, size_t size, const char *format, ...) {
 	va_list args;
 	size_t n;
 
@@ -184,8 +178,7 @@ isc_string_printf_truncate(char *target, size_t size, const char *format, ...)
 }
 
 char *
-isc_string_regiondup(isc_mem_t *mctx, const isc_region_t *source)
-{
+isc_string_regiondup(isc_mem_t *mctx, const isc_region_t *source) {
 	char *target;
 
 	REQUIRE(mctx != NULL);

From 49a83dbc7e0a0c209789d389d6ac95d437d782c1 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Sun, 19 Jun 2005 22:57:59 +0000
Subject: [PATCH 135/148] enable format checking

---
 lib/isc/include/isc/string.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/isc/include/isc/string.h b/lib/isc/include/isc/string.h
index 5cc9d82e5c..ad2fef80d4 100644
--- a/lib/isc/include/isc/string.h
+++ b/lib/isc/include/isc/string.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: string.h,v 1.15 2005/05/14 22:11:56 jakob Exp $ */
+/* $Id: string.h,v 1.16 2005/06/19 22:57:59 marka Exp $ */
 
 #ifndef ISC_STRING_H
 #define ISC_STRING_H 1
@@ -24,6 +24,7 @@
 
 #include 
 
+#include 
 #include 
 #include 
 #include 
@@ -158,7 +159,8 @@ isc_string_printf(char *target, size_t size, const char *format, ...);
  */
 
 void
-isc_string_printf_truncate(char *target, size_t size, const char *format, ...);
+isc_string_printf_truncate(char *target, size_t size, const char *format, ...)
+	ISC_FORMAT_PRINTF(3, 4);
 /*
  * Print 'format' to 'target' which is a pointer to a string of at least
  * 'size' bytes.

From a903095bf4512dae561c7f6fc7854a51bebf334a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 20 Jun 2005 01:05:33 +0000
Subject: [PATCH 136/148] 1817.   [func]          add support for additional
 zone file formats for                         improving loading performance. 
 The masterfile-format                         option in named.conf can be
 used to specify a                         non-default format.  A new separate
 command                         named-compilezone was provided to generate
 zone files                         in a new format.

---
 CHANGES                                      |   7 +-
 bin/check/Makefile.in                        |   4 +-
 bin/check/check-tool.c                       |  12 +-
 bin/check/check-tool.h                       |  11 +-
 bin/check/named-checkconf.c                  |  35 +-
 bin/check/named-checkzone.c                  | 107 +++-
 bin/check/named-checkzone.docbook            | 104 +++-
 bin/named/zoneconf.c                         |  19 +-
 bin/tests/system/conf.sh.in                  |   4 +-
 bin/tests/system/masterformat/clean.sh       |  22 +
 bin/tests/system/masterformat/ns1/compile.sh |  17 +
 bin/tests/system/masterformat/ns1/example.db |  38 ++
 bin/tests/system/masterformat/ns1/named.conf |  36 ++
 bin/tests/system/masterformat/ns2/named.conf |  35 ++
 bin/tests/system/masterformat/setup.sh       |  19 +
 bin/tests/system/masterformat/tests.sh       |  80 +++
 configure                                    |  30 +-
 configure.in                                 |   3 +-
 doc/arm/Bv9ARM-book.xml                      | 101 +++-
 lib/bind9/check.c                            |   3 +-
 lib/dns/db.c                                 |  15 +-
 lib/dns/include/dns/db.h                     |   9 +-
 lib/dns/include/dns/master.h                 |  56 ++-
 lib/dns/include/dns/masterdump.h             |  39 +-
 lib/dns/include/dns/types.h                  |   8 +-
 lib/dns/include/dns/zone.h                   |  33 +-
 lib/dns/master.c                             | 486 +++++++++++++++++--
 lib/dns/masterdump.c                         | 294 +++++++++--
 lib/dns/rbtdb.c                              |  11 +-
 lib/dns/sdb.c                                |   6 +-
 lib/dns/zone.c                               |  86 ++--
 lib/isccfg/namedconf.c                       |   9 +-
 make/rules.in                                |   3 +-
 33 files changed, 1571 insertions(+), 171 deletions(-)
 create mode 100755 bin/tests/system/masterformat/clean.sh
 create mode 100755 bin/tests/system/masterformat/ns1/compile.sh
 create mode 100644 bin/tests/system/masterformat/ns1/example.db
 create mode 100644 bin/tests/system/masterformat/ns1/named.conf
 create mode 100644 bin/tests/system/masterformat/ns2/named.conf
 create mode 100755 bin/tests/system/masterformat/setup.sh
 create mode 100755 bin/tests/system/masterformat/tests.sh

diff --git a/CHANGES b/CHANGES
index 92337a6ca1..a516f81107 100644
--- a/CHANGES
+++ b/CHANGES
@@ -178,7 +178,12 @@
 
 1818.	[bug]		'named-checkconf -z' triggered an INSIST. [RT #13599]
 
-1817.	[placeholder]	rt13587
+1817.	[func]		add support for additional zone file formats for
+			improving loading performance.  The masterfile-format
+			option in named.conf can be used to specify a
+			non-default format.  A new separate command
+			named-compilezone was provided to generate zone files
+			in a new format.
 
 1816.	[port]		UnixWare: failed to compile lib/isc/unix/net.c.
 			[RT #13597]
diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in
index 7ad13a70fe..d2dd07eeb3 100644
--- a/bin/check/Makefile.in
+++ b/bin/check/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.25 2004/07/20 07:13:33 marka Exp $
+# $Id: Makefile.in,v 1.26 2005/06/20 01:03:47 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -89,7 +89,9 @@ installdirs:
 install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
+	cd ${DESTDIR}${sbindir}; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@
 	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+	cd ${DESTDIR}${mandir}/man8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8
 
 clean distclean::
 	rm -f ${TARGETS} r1.htm
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c
index 305bb5eefd..0bf37db577 100644
--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.17 2005/05/19 04:58:59 marka Exp $ */
+/* $Id: check-tool.c,v 1.18 2005/06/20 01:03:48 marka Exp $ */
 
 /*! \file */
 
@@ -389,7 +389,8 @@ setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 /*% load the zone */
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  const char *classname, dns_zone_t **zonep)
+	  dns_masterformat_t fileformat, const char *classname,
+	  dns_zone_t **zonep)
 {
 	isc_result_t result;
 	dns_rdataclass_t rdclass;
@@ -417,7 +418,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 				ISC_FALSE, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
 	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
-	CHECK(dns_zone_setfile(zone, filename));
+	CHECK(dns_zone_setfile2(zone, filename, fileformat));
 
 	DE_CONST(classname, region.base);
 	region.length = strlen(classname);
@@ -447,7 +448,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 /*% dump the zone */
 isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename)
+dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
+	  dns_masterformat_t fileformat, const dns_master_style_t *style)
 {
 	isc_result_t result;
 	FILE *output = stdout;
@@ -470,7 +472,7 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename)
 		}
 	}
 
-	result = dns_zone_fulldumptostream(zone, output);
+	result = dns_zone_dumptostream2(zone, output, fileformat, style);
 
 	if (filename != NULL)
 		(void)isc_stdio_close(output);
diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h
index bfd8a409e2..d6b78ad426 100644
--- a/bin/check/check-tool.h
+++ b/bin/check/check-tool.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.10 2005/05/19 04:58:59 marka Exp $ */
+/* $Id: check-tool.h,v 1.11 2005/06/20 01:03:48 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -23,8 +23,9 @@
 /*! \file */
 
 #include 
-
 #include 
+
+#include 
 #include 
 
 ISC_LANG_BEGINDECLS
@@ -34,10 +35,12 @@ setup_logging(isc_mem_t *mctx, isc_log_t **logp);
 
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  const char *classname, dns_zone_t **zonep);
+	  dns_masterformat_t fileformat, const char *classname,
+	  dns_zone_t **zonep);
 
 isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename);
+dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
+	  dns_masterformat_t fileformat, const dns_master_style_t *style);
 
 extern int debug;
 extern isc_boolean_t nomerge;
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index 9cda04ca49..7f137a3f92 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.33 2005/06/17 02:22:43 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.34 2005/06/20 01:03:48 marka Exp $ */
 
 /*! \file */
 
@@ -134,23 +134,37 @@ get_checknames(cfg_obj_t **maps, cfg_obj_t **obj) {
 	}
 }
 
+static isc_result_t
+config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) {
+	int i;
+
+	for (i = 0;; i++) {
+		if (maps[i] == NULL)
+			return (ISC_R_NOTFOUND);
+		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
+			return (ISC_R_SUCCESS);
+	}
+}
+
 /*% configure the zone */
 static isc_result_t
 configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
 	       cfg_obj_t *vconfig, cfg_obj_t *config, isc_mem_t *mctx)
 {
+	int i = 0;
 	isc_result_t result;
 	const char *zclass;
 	const char *zname;
 	const char *zfile;
+	cfg_obj_t *maps[4];
 	cfg_obj_t *zoptions = NULL;
 	cfg_obj_t *classobj = NULL;
 	cfg_obj_t *typeobj = NULL;
 	cfg_obj_t *fileobj = NULL;
 	cfg_obj_t *dbobj = NULL;
 	cfg_obj_t *obj = NULL;
-	cfg_obj_t *maps[4];
-	int i = 0;
+	cfg_obj_t *fmtobj = NULL;
+	dns_masterformat_t masterformat;
 
 	zone_options = DNS_ZONEOPT_CHECKNS |
 		       DNS_ZONEOPT_MANYERRORS |
@@ -223,7 +237,20 @@ configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
                zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
 	}
 
-	result = load_zone(mctx, zname, zfile, zclass, NULL);
+	masterformat = dns_masterformat_text;
+	fmtobj = NULL;
+	result = config_get(maps, "masterfile-format", &fmtobj);
+	if (result == ISC_R_SUCCESS) {
+		char *masterformatstr = cfg_obj_asstring(fmtobj);
+		if (strcasecmp(masterformatstr, "text") == 0)
+			masterformat = dns_masterformat_text;
+		else if (strcasecmp(masterformatstr, "raw") == 0)
+			masterformat = dns_masterformat_raw;
+		else
+			INSIST(0);
+	}
+
+	result = load_zone(mctx, zname, zfile, masterformat, zclass, NULL);
 	if (result != ISC_R_SUCCESS)
 		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
 			dns_result_totext(result));
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index 99c405f28f..aa348cf28a 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.35 2005/05/19 04:58:59 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.36 2005/06/20 01:03:48 marka Exp $ */
 
 /*! \file */
 
@@ -39,10 +39,12 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #include "check-tool.h"
@@ -54,6 +56,9 @@ dns_zone_t *zone = NULL;
 dns_zonetype_t zonetype = dns_zone_master;
 static int dumpzone = 0;
 static const char *output_filename;
+static char *prog_name = NULL;
+static const dns_master_style_t *outputstyle = &dns_master_style_full;
+static enum { progmode_check, progmode_compile } progmode;
 
 #define ERRRET(result, function) \
 	do { \
@@ -68,11 +73,12 @@ static const char *output_filename;
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: named-checkzone [-djqvD] [-c class] [-o output] "
+		"usage: %s [-djqvD] [-c class] [-o output] "
+		"[-f inputformat] [-F outputformat] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
 		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
 		"[-i (full|local|none)] [-W (ignore|warn)] "
-		"zonename filename\n");
+		"zonename filename\n", prog_name);
 	exit(1);
 }
 
@@ -93,9 +99,35 @@ main(int argc, char **argv) {
 	char classname_in[] = "IN";
 	char *classname = classname_in;
 	const char *workdir = NULL;
+	const char *inputformatstr = NULL;
+	const char *outputformatstr = NULL;
+	dns_masterformat_t inputformat = dns_masterformat_text;
+	dns_masterformat_t outputformat = dns_masterformat_text;
+
+	prog_name = strrchr(argv[0], '/');
+	if (prog_name != NULL)
+		prog_name++;
+	else
+		prog_name = argv[0];
+	if (strcmp(prog_name, "named-checkzone") == 0)
+		progmode = progmode_check;
+	else if (strcmp(prog_name, "named-compilezone") == 0)
+		progmode = progmode_compile;
+	else
+		INSIST(0);
+
+	/* Compilation specific defaults */
+	if (progmode == progmode_compile) {
+		zone_options |= (DNS_ZONEOPT_CHECKNS |
+				 DNS_ZONEOPT_FATALNS |
+				 DNS_ZONEOPT_CHECKNAMES |
+				 DNS_ZONEOPT_CHECKNAMESFAIL |
+				 DNS_ZONEOPT_CHECKWILDCARD);
+	}
 
 	while ((c = isc_commandline_parse(argc, argv,
-					  "c:di:jk:m:n:qst:o:vw:DW:")) != EOF) {
+					  "c:df:i:jk:m:n:qst:o:vw:DF:W:"))
+	       != EOF) {
 		switch (c) {
 		case 'c':
 			classname = isc_commandline_argument;
@@ -130,6 +162,14 @@ main(int argc, char **argv) {
 			}
 			break;
 
+		case 'f':
+			inputformatstr = isc_commandline_argument;
+			break;
+
+		case 'F':
+			outputformatstr = isc_commandline_argument;
+			break;
+
 		case 'j':
 			nomerge = ISC_FALSE;
 			break;
@@ -209,6 +249,20 @@ main(int argc, char **argv) {
 			}
 			break;
 
+		case 's':
+			if (strcmp(isc_commandline_argument, "full") == 0)
+				outputstyle = &dns_master_style_full;
+			else if (strcmp(isc_commandline_argument,
+					"default") == 0) {
+				outputstyle = &dns_master_style_default;
+			} else {
+				fprintf(stderr,
+					"unknown or unsupported style: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
 		case 'o':
 			output_filename = isc_commandline_argument;
 			break;
@@ -237,6 +291,15 @@ main(int argc, char **argv) {
 		}
 	}
 
+	if (progmode == progmode_compile) {
+		dumpzone = 1;	/* always dump */
+		if (output_filename == NULL) {
+			fprintf(stderr,
+				"output file required, but not specified\n");
+			usage();
+		}
+	}
+
 	if (workdir != NULL) {
 		result = isc_dir_chdir(workdir);
 		if (result != ISC_R_SUCCESS) {
@@ -246,6 +309,30 @@ main(int argc, char **argv) {
 		}
 	}
 
+	if (inputformatstr != NULL) {
+		if (strcasecmp(inputformatstr, "text") == 0)
+			inputformat = dns_masterformat_text;
+		else if (strcasecmp(inputformatstr, "raw") == 0)
+			inputformat = dns_masterformat_raw;
+		else {
+			fprintf(stderr, "unknown file format: %s\n",
+			    inputformatstr);
+			exit(1);
+		}
+	}
+
+	if (outputformatstr != NULL) {
+		if (strcasecmp(outputformatstr, "text") == 0)
+			outputformat = dns_masterformat_text;
+		else if (strcasecmp(outputformatstr, "raw") == 0)
+			outputformat = dns_masterformat_raw;
+		else {
+			fprintf(stderr, "unknown file format: %s\n",
+				outputformatstr);
+			exit(1);
+		}
+	}
+
 	if (isc_commandline_index + 2 > argc)
 		usage();
 
@@ -263,10 +350,18 @@ main(int argc, char **argv) {
 
 	origin = argv[isc_commandline_index++];
 	filename = argv[isc_commandline_index++];
-	result = load_zone(mctx, origin, filename, classname, &zone);
+	result = load_zone(mctx, origin, filename, inputformat, classname,
+			   &zone);
 
 	if (result == ISC_R_SUCCESS && dumpzone) {
-		result = dump_zone(origin, zone, output_filename);
+		if (!quiet && progmode == progmode_compile) {
+			fprintf(stdout, "dump zone to %s...", output_filename);
+			fflush(stdout);
+		}
+		result = dump_zone(origin, zone, output_filename,
+				   outputformat, outputstyle);
+		if (!quiet && progmode == progmode_compile)
+			fprintf(stdout, "done\n");
 	}
 
 	if (!quiet && result == ISC_R_SUCCESS)
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index 121b2bc94c..0539f69cb1 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     June 13, 2000
@@ -46,7 +46,8 @@
 
   
     named-checkzone
-    zone file validity checking tool
+    named-compilezone
+    zone file validity checking or converting tool
   
 
   
@@ -57,11 +58,36 @@
       
       
       
+      
+      
       
       
       
       
       
+      
+      
+      
+      
+      
+      zonename
+      filename
+    
+    
+      named-compilezone
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
+      
       
       
       
@@ -79,6 +105,16 @@
       zone.  This makes named-checkzone useful for
       checking zone files before configuring them into a name server.
     
+    
+        named-compilezone is similar to
+	named-checkzone, but it always dumps the
+        zone contents to a specified file in a specified format.
+	Additionally, it applies stricter check levels by default,
+        since the dump output will be used as an actual zone file
+	loaded by named.
+	When manaully specified otherwise, the check levels must at
+        least be as strict as those specified in the
+	named configuration file.
   
 
   
@@ -167,14 +203,41 @@
 	
       
 
+      
+	-f format
+	
+	  
+	    Specify the format of the zone file.
+	    Possible formats are "text" (default)
+	    and "raw".
+	  
+	
+      
+
+      
+	-F format
+	
+	  
+	    Specify the format of the output file specified.
+	    Possible formats are "text" (default)
+	    and "raw".
+	    For named-checkzone,
+	    this does not cause any effects unless it dumps the zone
+	    contents.
+	  
+	
+      
+
       
         -k mode
         
           
-            Perform "check-name" checks with
-            the specified failure mode.
-            Possible modes are "fail",
-            "warn" (default) and
+            Perform "check-name" checks with the
+	    specified failure mode.
+            Possible modes are "fail"
+	    (default for named-compilezone),
+            "warn"
+	    (default for named-checkzone) and
             "ignore".
           
         
@@ -197,8 +260,11 @@
         
           
             Specify whether NS records should be checked to see if they
-            are addresses.  Possible modes are "fail",
-            "warn" (default) and
+            are addresses.
+	    Possible modes are "fail"
+	    (default for named-compilezone),
+            "warn"
+	    (default for named-checkzone) and
             "ignore".
           
         
@@ -209,10 +275,31 @@
         
           
             Write zone output to filename.
+	    This is mandatory for named-compilezone.
           
         
       
 
+      
+	-s style
+	
+	  
+	    Specify the style of the dumped zone file.
+	    Possible styles are "full" (default)
+	    and "default".
+	    The full format is most suitable for processing
+	    automatically by a separate script.
+	    On the other hand, the default format is more
+	    human-readable and is thus suitable for editing by hand.
+	    For named-checkzone
+	    this does not cause any effects unless it dumps the zone
+	    contents.
+	    It also does not have any meaning if the output format
+	    is not text.
+	  
+	
+      
+
       
         -t directory
         
@@ -243,6 +330,7 @@
         
           
             Dump zone file in canonical format.
+	    This is always enabled for named-compilezone.
           
         
       
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index d64bd7f55b..fb02988cdb 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.121 2005/05/19 04:59:01 marka Exp $ */
+/* $Id: zoneconf.c,v 1.122 2005/06/20 01:03:49 marka Exp $ */
 
 /*% */
 
@@ -341,6 +341,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 	dns_view_t *view;
 	isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE;
 	isc_boolean_t ixfrdiff;
+	dns_masterformat_t masterformat;
 
 	i = 0;
 	if (zconfig != NULL) {
@@ -395,7 +396,21 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 	result = cfg_map_get(zoptions, "file", &obj);
 	if (result == ISC_R_SUCCESS)
 		filename = cfg_obj_asstring(obj);
-	RETERR(dns_zone_setfile(zone, filename));
+
+	masterformat = dns_masterformat_text;
+	obj = NULL;
+	result= ns_config_get(maps, "masterfile-format", &obj);
+	if (result == ISC_R_SUCCESS) {
+		char *masterformatstr = cfg_obj_asstring(obj);
+
+		if (strcasecmp(masterformatstr, "text") == 0)
+			masterformat = dns_masterformat_text;
+		else if (strcasecmp(masterformatstr, "raw") == 0)
+			masterformat = dns_masterformat_raw;
+		else
+			INSIST(0);
+	}
+	RETERR(dns_zone_setfile2(zone, filename, masterformat));
 
 	obj = NULL;
 	result = cfg_map_get(zoptions, "journal", &obj);
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index d6bd70962a..2adce547ae 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.28 2004/11/23 05:23:35 marka Exp $
+# $Id: conf.sh.in,v 1.29 2005/06/20 01:03:49 marka Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -43,7 +43,7 @@ CHECKZONE=$TOP/bin/check/named-checkzone
 # load on the machine to make it unusable to other users.
 # v6synth
 SUBDIRS="cacheclean checknames dnssec forward glue ixfr limits lwresd \
-    masterfile notify nsupdate resolver sortlist stub tkey \
+    masterfile masterformat notify nsupdate resolver sortlist stub tkey \
     unknown upforwd views xfer xferquota zonechecks"
 
 # PERL will be an empty string if no perl interpreter was found.
diff --git a/bin/tests/system/masterformat/clean.sh b/bin/tests/system/masterformat/clean.sh
new file mode 100755
index 0000000000..7aa458a42a
--- /dev/null
+++ b/bin/tests/system/masterformat/clean.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.2 2005/06/20 01:03:49 marka Exp $
+
+rm -f named-compilezone
+rm -f ns1/example.db.raw
+rm -f ns2/example.db
+rm -f dig.out.*
diff --git a/bin/tests/system/masterformat/ns1/compile.sh b/bin/tests/system/masterformat/ns1/compile.sh
new file mode 100755
index 0000000000..3960178f96
--- /dev/null
+++ b/bin/tests/system/masterformat/ns1/compile.sh
@@ -0,0 +1,17 @@
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: compile.sh,v 1.2 2005/06/20 01:03:50 marka Exp $
+
+../named-compilezone -F raw -o example.db.raw example example.db
diff --git a/bin/tests/system/masterformat/ns1/example.db b/bin/tests/system/masterformat/ns1/example.db
new file mode 100644
index 0000000000..57ee13ecd4
--- /dev/null
+++ b/bin/tests/system/masterformat/ns1/example.db
@@ -0,0 +1,38 @@
+$TTL 1D
+
+@			IN SOA	ns hostmaster (
+				1
+				3600
+				1800
+				1814400
+				3
+				)
+			NS	ns
+ns			A	10.53.0.1
+mx			MX	10 mail
+a			A	10.53.0.1
+			A	10.53.0.2
+aaaa			AAAA	2001:db8::53
+cname			CNAME	cname-target
+dname			DNAME	dname-target
+txt			TXT	"this is text"
+
+;;
+;; we are not testing DNSSEC behavior, so we don't care about the semantics
+;; of the following records.
+dnskey			300	DNSKEY	256 3 1 (
+					AQPTpWyReB/e9Ii6mVGnakS8hX2zkh/iUYAg
+					+Ge4noWROpTWOIBvm76zeJPWs4Zfqa1IsswD
+					Ix5Mqeg0zwclz59uecKsKyx5w9IhtZ8plc4R
+					b9VIE5x7KNHAYTvTO5d4S8M=
+					)
+ds			300	DS	30795 1 1 (
+					310D27F4D82C1FC2400704EA9939FE6E1CEA
+					A3B9 )
+nsec			600	NSEC	nsecnext NS DS RRSIG NSEC
+rrsig			300	RRSIG	SOA 1 0 300 20050714214747 (
+					20050614214747 30795 .
+					yi/RRPAQmn6rnjDQaCqVValBa+ICF00ZldKf
+					ZSDaoew5mMUh83DlrrPPNeAxrzMSNzDGlJ6P
+					fdyIFgzPn/CvthF4kjBUAiJTp4r2zhlaUJQ+
+					QFo+drYXYgVJo6aA36fj )
diff --git a/bin/tests/system/masterformat/ns1/named.conf b/bin/tests/system/masterformat/ns1/named.conf
new file mode 100644
index 0000000000..f8eec4b2cf
--- /dev/null
+++ b/bin/tests/system/masterformat/ns1/named.conf
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2005/06/20 01:03:51 marka Exp $ */
+
+// NS1
+
+controls { /* empty */ };
+
+options {
+	pid-file "named.pid";
+	listen-on port 5300 { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+	dnssec-enable yes;
+};
+
+zone "example" {
+	type master;
+	masterfile-format raw;
+	file "example.db.raw";
+};
diff --git a/bin/tests/system/masterformat/ns2/named.conf b/bin/tests/system/masterformat/ns2/named.conf
new file mode 100644
index 0000000000..759d348183
--- /dev/null
+++ b/bin/tests/system/masterformat/ns2/named.conf
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2005/06/20 01:03:51 marka Exp $ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+	pid-file "named.pid";
+	listen-on port 5300 { 10.53.0.2; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+	dnssec-enable yes;
+};
+
+zone "example" {
+	type master;
+	file "example.db";
+};
diff --git a/bin/tests/system/masterformat/setup.sh b/bin/tests/system/masterformat/setup.sh
new file mode 100755
index 0000000000..77fe774642
--- /dev/null
+++ b/bin/tests/system/masterformat/setup.sh
@@ -0,0 +1,19 @@
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.2 2005/06/20 01:03:50 marka Exp $
+
+ln -s $CHECKZONE named-compilezone
+cp ns1/example.db ns2/
+cd ns1 && sh compile.sh
diff --git a/bin/tests/system/masterformat/tests.sh b/bin/tests/system/masterformat/tests.sh
new file mode 100755
index 0000000000..2b8d1dc0ea
--- /dev/null
+++ b/bin/tests/system/masterformat/tests.sh
@@ -0,0 +1,80 @@
+#!/bin/sh
+#
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.2 2005/06/20 01:03:50 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="+tcp +noauth +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+status=0
+
+echo "I:checking that master file in the raw format worked"
+
+for server in 1 2
+do
+	for name in ns mx a aaaa cname dname txt rrsig nsec dnskey ds
+	do
+		$DIG $DIGOPTS $name.example. $name @10.53.0.$server -p 5300
+		echo
+	done > dig.out.$server
+done
+
+diff dig.out.1 dig.out.2 || status=1
+
+echo "I:exit status: $status"
+exit $status
+#!/bin/sh
+#
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.2 2005/06/20 01:03:50 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="+tcp +noauth +noadd +nosea +nostat +noquest +nocomm +nocmd"
+
+status=0
+
+echo "I:checking that master file in the raw format worked"
+
+for server in 1 2
+do
+	for name in ns mx a aaaa cname dname txt rrsig nsec dnskey ds
+	do
+		$DIG $DIGOPTS $name.example. $name @10.53.0.$server -p 5300
+		echo
+	done > dig.out.$server
+done
+
+diff dig.out.1 dig.out.2 || status=1
+
+echo "I:exit status: $status"
+exit $status
diff --git a/configure b/configure
index 3fe6163d9f..8d144337e7 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.366 2005/06/16 21:59:33 jinmei Exp $
+# $Id: configure,v 1.367 2005/06/20 01:05:33 marka Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.379 .
+# From configure.in Revision: 1.380 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59.
 #
@@ -495,7 +495,7 @@ ac_includes_default="\
 # include 
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL LWRES_PLATFORM_NEEDSTRTOUL GENRANDOMLIB ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEGCCASM ISC_PLATFORM_USEOSFASM ISC_PLATFORM_USESTDASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_HAVELIFCONF ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH USE_OPENSSL DST_OPENSSL_INC USE_GSSAPI DST_GSSAPI_INC DNS_CRYPTO_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID ISC_PLATFORM_HAVESCOPEID ISC_PLATFORM_HAVEIF_LADDRREQ ISC_PLATFORM_HAVEIF_LADDRCONF ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDMEMMOVE ISC_PLATFORM_NEEDSTRTOUL LWRES_PLATFORM_NEEDSTRTOUL GENRANDOMLIB ISC_PLATFORM_NEEDSTRLCPY ISC_PLATFORM_NEEDSTRLCAT ISC_PLATFORM_NEEDSPRINTF LWRES_PLATFORM_NEEDSPRINTF ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_HAVESYSUNH ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT ISC_PLATFORM_HAVEIFNAMETOINDEX ISC_PLATFORM_HAVEXADD ISC_PLATFORM_HAVECMPXCHG ISC_PLATFORM_HAVEATOMICSTORE ISC_PLATFORM_USEGCCASM ISC_PLATFORM_USEOSFASM ISC_PLATFORM_USESTDASM ISC_ARCH_DIR LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_BIND9_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
 ac_subst_files='BIND9_MAKE_INCLUDES BIND9_MAKE_RULES LIBISC_API LIBISCCC_API LIBISCCFG_API LIBDNS_API LIBBIND9_API LIBLWRES_API'
 
 # Initialize some variables set by options.
@@ -1812,6 +1812,17 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
 
 test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
+echo "$as_me:$LINENO: checking whether ln -s works" >&5
+echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me:$LINENO: result: no, using $LN_S" >&5
+echo "${ECHO_T}no, using $LN_S" >&6
+fi
+
 
 
 
@@ -7839,17 +7850,6 @@ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
 echo "${ECHO_T}$lt_cv_path_NM" >&6
 NM="$lt_cv_path_NM"
 
-echo "$as_me:$LINENO: checking whether ln -s works" >&5
-echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:$LINENO: result: no, using $LN_S" >&5
-echo "${ECHO_T}no, using $LN_S" >&6
-fi
-
 echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
 echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6
 if test "${lt_cv_deplibs_check_method+set}" = set; then
@@ -28814,6 +28814,7 @@ s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
 s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
 s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
 s,@INSTALL_DATA@,$INSTALL_DATA,;t t
+s,@LN_S@,$LN_S,;t t
 s,@STD_CINCLUDES@,$STD_CINCLUDES,;t t
 s,@STD_CDEFINES@,$STD_CDEFINES,;t t
 s,@STD_CWARNINGS@,$STD_CWARNINGS,;t t
@@ -28851,7 +28852,6 @@ s,@MKDEPPROG@,$MKDEPPROG,;t t
 s,@IRIX_DNSSEC_WARNINGS_HACK@,$IRIX_DNSSEC_WARNINGS_HACK,;t t
 s,@purify_path@,$purify_path,;t t
 s,@PURIFY@,$PURIFY,;t t
-s,@LN_S@,$LN_S,;t t
 s,@ECHO@,$ECHO,;t t
 s,@ac_ct_AR@,$ac_ct_AR,;t t
 s,@STRIP@,$STRIP,;t t
diff --git a/configure.in b/configure.in
index 16428beed9..c8d0d25a9c 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.379 $)
+AC_REVISION($Revision: 1.380 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)
@@ -31,6 +31,7 @@ AC_CANONICAL_HOST
 AC_PROG_MAKE_SET
 AC_PROG_RANLIB
 AC_PROG_INSTALL
+AC_PROG_LN_S
 
 AC_SUBST(STD_CINCLUDES)
 AC_SUBST(STD_CDEFINES)
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 69983476cc..6685a4b4da 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -1053,6 +1053,15 @@ zone "eng.example.com" {
                 
               
             
+	    
+	      named-compilezone
+	      
+		
+		  Similar to named-checkzone, but
+		  it always dumps the zone content to a specified file
+		  (typically in a different format).
+		
+	    
             
 
               rndc
@@ -4386,6 +4395,7 @@ category notify { null; };
      use-additional-cache yes_or_no ; 
      acache-cleaning-interval number; 
      max-acache-size size_spec ; 
+     masterfile-format (text|raw) ; 
 };
 
 
@@ -6855,7 +6865,37 @@ query-source-v6 address * port *;
                 
               
             
-          
+
+	    
+	      masterfile-format
+	      
+	        masterfile-format specifies
+		  the file format of zone files (see
+	          ).
+	          The default value is text, which is the
+		  standard textual representation.  Files in other formats
+		  than text are typically expected
+		  to be generated by the named-compilezone.
+		  Note that when a zone file in a different format than
+		  text is loaded, named
+	          may omit some of the checks which would be performed for a
+		  file in the text format.  In particular,
+		  check-names checks do not apply
+		  for the raw format.  This means
+		  a zone file in the raw format
+		  must be generated with the same check level as that
+		  specified in the named configuration
+		  file.  This statement sets the
+		  masterfile-format for all zones,
+		  but can be overridden on a per-zone / per-view basis
+		  by including a masterfile-format
+		  statement within the zone or
+		  view block in the configuration
+		  file.
+	        
+	      
+	    
+	  
 
         
 
@@ -7552,6 +7592,7 @@ view "external" {
      dialup dialup_option ; 
      delegation-only yes_or_no ; 
      file string ; 
+     masterfile-format (text|raw) ; 
      journal string ; 
      forward (only|first) ; 
      forwarders { ip_addr port ip_port ;  ip_addr port ip_port ; ...  }; 
@@ -8262,11 +8303,21 @@ view "external" {
                 multi-master
                 
                   
-                    See the description of
-                    multi-master in .
+                    See the description of multi-master in
+		    .
                   
                 
               
+	
+	      
+		masterfile-format
+		
+		  
+		    See the description of masterfile-format
+		    in .
+		  
+		
+	      
 
             
 
@@ -9835,6 +9886,48 @@ $GENERATE 1-127 $ CNAME $.0
             BIND 8 does not support the optional TTL and CLASS fields.
           
         
+
+	
+	  Additional File Formats
+	  
+	    In addition to the standard textual format, BIND 9
+	    supports the ability to read or dump to zone files in
+	    other formats.  The raw format is
+	    currently available as an additional format.  It is a
+	    binary format representing BIND 9's internal data
+	    structure directly, thereby remarkably improving the
+	    loading time.
+	  
+	  
+	    For a primary server, a zone file in the
+	    raw format is expected to be
+	    generated from a textual zone file by the
+	    named-compilezone command.  For a
+	    secondary server or for a dynamic zone, it is automatically
+	    generated (if this format is specified by the
+	    masterfile-format option) when
+	    named dumps the zone contents after
+	    zone transfer or when applying prior updates.
+	  
+	  
+	    If a zone file in a binary format needs manual modification,
+	    it first must be converted to a textual form by the
+	    named-compilezone command.  All
+	    necessary modification should go to the text file, which
+	    should then be converted to the binary form by the
+	    named-compilezone command again.
+	  
+    	  
+	     Although the raw format uses the
+	     network byte order and avoids architecture-dependent
+	     data alignment so that it is as much portable as
+	     possible, it is primarily expected to be used inside
+	     the same single system.  In order to export a zone
+	     file in the raw format or make a
+	     portable backup of the file, it is recommended to
+	     convert the file to the standard textual representation.
+	  
+	
       
     
     
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 60372c20f8..37a6f6133b 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.59 2005/05/27 00:49:19 marka Exp $ */
+/* $Id: check.c,v 1.60 2005/06/20 01:03:52 marka Exp $ */
 
 /*! \file */
 
@@ -801,6 +801,7 @@ check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *voptions, cfg_obj_t *config,
 	{ "check-wildcard", MASTERZONE },
 	{ "check-mx", MASTERZONE },
 	{ "integrity-check", MASTERZONE },
+	{ "masterfile-format", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE },
 	};
 
 	static optionstable dialups[] = {
diff --git a/lib/dns/db.c b/lib/dns/db.c
index 51a5c4d552..a9c16e4b9d 100644
--- a/lib/dns/db.c
+++ b/lib/dns/db.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: db.c,v 1.77 2005/04/29 00:22:44 marka Exp $ */
+/* $Id: db.c,v 1.78 2005/06/20 01:03:52 marka Exp $ */
 
 /*! \file */
 
@@ -339,13 +339,22 @@ dns_db_load(dns_db_t *db, const char *filename) {
 
 isc_result_t
 dns_db_dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) {
+	return ((db->methods->dump)(db, version, filename,
+				    dns_masterformat_text));
+}
+
+isc_result_t
+dns_db_dump2(dns_db_t *db, dns_dbversion_t *version, const char *filename,
+	     dns_masterformat_t masterformat) {
 	/*
-	 * Dump 'db' into master file 'filename'.
+	 * Dump 'db' into master file 'filename' in the 'masterformat' format.
+	 * XXXJT: is it okay to modify the interface to the existing "dump"
+	 * method?
 	 */
 
 	REQUIRE(DNS_DB_VALID(db));
 
-	return ((db->methods->dump)(db, version, filename));
+	return ((db->methods->dump)(db, version, filename, masterformat));
 }
 
 /***
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index 2da7d83c89..685ddd2a87 100644
--- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: db.h,v 1.80 2005/04/29 00:22:55 marka Exp $ */
+/* $Id: db.h,v 1.81 2005/06/20 01:03:54 marka Exp $ */
 
 #ifndef DNS_DB_H
 #define DNS_DB_H 1
@@ -75,7 +75,8 @@ typedef struct dns_dbmethods {
 				     dns_dbload_t **dbloadp);
 	isc_result_t	(*endload)(dns_db_t *db, dns_dbload_t **dbloadp);
 	isc_result_t	(*dump)(dns_db_t *db, dns_dbversion_t *version,
-				const char *filename);
+				const char *filename,
+				dns_masterformat_t masterformat);
 	void		(*currentversion)(dns_db_t *db,
 					  dns_dbversion_t **versionp);
 	isc_result_t	(*newversion)(dns_db_t *db,
@@ -473,6 +474,10 @@ dns_db_load(dns_db_t *db, const char *filename);
 
 isc_result_t
 dns_db_dump(dns_db_t *db, dns_dbversion_t *version, const char *filename);
+
+isc_result_t
+dns_db_dump2(dns_db_t *db, dns_dbversion_t *version, const char *filename,
+	     dns_masterformat_t masterformat);
 /*%<
  * Dump version 'version' of 'db' to master file 'filename'.
  *
diff --git a/lib/dns/include/dns/master.h b/lib/dns/include/dns/master.h
index 7a9661f2b2..d5c15d871d 100644
--- a/lib/dns/include/dns/master.h
+++ b/lib/dns/include/dns/master.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: master.h,v 1.43 2005/05/19 04:59:04 marka Exp $ */
+/* $Id: master.h,v 1.44 2005/06/20 01:03:54 marka Exp $ */
 
 #ifndef DNS_MASTER_H
 #define DNS_MASTER_H 1
@@ -57,6 +57,38 @@
 
 ISC_LANG_BEGINDECLS
 
+/*
+ * Structures that implement the "raw" format for master dump.
+ * These are provided for a reference purpose only; in the actual
+ * encoding, we directly read/write each field so that the encoded data
+ * is always "packed", regardless of the hardware architecture.
+ */
+#define DNS_RAWFORMAT_VERSION 0
+
+/* Common header */
+typedef struct {
+	isc_uint32_t		format;		/* must be
+						 * dns_masterformat_raw */
+	isc_uint32_t		version;	/* compatibility for future
+						 * extensions */
+	isc_uint32_t		dumptime;	/* timestamp on creation
+						 * (currently unused)
+						 */
+} dns_masterrawheader_t;
+
+/* The structure for each RRset */
+typedef struct {
+	isc_uint32_t		totallen;	/* length of the data for this
+						 * RRset, including the
+						 * "header" part */
+	dns_rdataclass_t	rdclass;	/* 16-bit class */
+	dns_rdatatype_t		type;		/* 16-bit type */
+	dns_rdatatype_t		covers;		/* same as type */
+	dns_ttl_t		ttl;		/* 32-bit TTL */
+	isc_uint32_t		nrdata;		/* number of RRs in this set */
+	/* followed by encoded owner name, and then rdata */
+} dns_masterrawrdataset_t;
+
 /***
  ***	Function
  ***/
@@ -70,6 +102,16 @@ dns_master_loadfile(const char *master_file,
 		    dns_rdatacallbacks_t *callbacks,
 		    isc_mem_t *mctx);
 
+isc_result_t
+dns_master_loadfile2(const char *master_file,
+		     dns_name_t *top,
+		     dns_name_t *origin,
+		     dns_rdataclass_t zclass,
+		     unsigned int options,
+		     dns_rdatacallbacks_t *callbacks,
+		     isc_mem_t *mctx,
+		     dns_masterformat_t format);
+
 isc_result_t
 dns_master_loadstream(FILE *stream,
 		      dns_name_t *top,
@@ -108,6 +150,18 @@ dns_master_loadfileinc(const char *master_file,
 		       dns_loaddonefunc_t done, void *done_arg,
 		       dns_loadctx_t **ctxp, isc_mem_t *mctx);
 
+isc_result_t
+dns_master_loadfileinc2(const char *master_file,
+			dns_name_t *top,
+			dns_name_t *origin,
+			dns_rdataclass_t zclass,
+			unsigned int options,
+			dns_rdatacallbacks_t *callbacks,
+			isc_task_t *task,
+			dns_loaddonefunc_t done, void *done_arg,
+			dns_loadctx_t **ctxp, isc_mem_t *mctx,
+			dns_masterformat_t format);
+
 isc_result_t
 dns_master_loadstreaminc(FILE *stream,
 			 dns_name_t *top,
diff --git a/lib/dns/include/dns/masterdump.h b/lib/dns/include/dns/masterdump.h
index 0742efd0ac..a7f36f8a55 100644
--- a/lib/dns/include/dns/masterdump.h
+++ b/lib/dns/include/dns/masterdump.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: masterdump.h,v 1.33 2005/04/29 00:22:59 marka Exp $ */
+/* $Id: masterdump.h,v 1.34 2005/06/20 01:03:54 marka Exp $ */
 
 #ifndef DNS_MASTERDUMP_H
 #define DNS_MASTERDUMP_H 1
@@ -211,10 +211,19 @@ isc_result_t
 dns_master_dumptostream(isc_mem_t *mctx, dns_db_t *db,
 			dns_dbversion_t *version,
 			const dns_master_style_t *style, FILE *f);
+
+isc_result_t
+dns_master_dumptostream2(isc_mem_t *mctx, dns_db_t *db,
+			 dns_dbversion_t *version,
+			 const dns_master_style_t *style,
+			 dns_masterformat_t format, FILE *f);
 /*%<
- * Dump the database 'db' to the steam 'f' in RFC1035 master
- * file format, in the style defined by 'style'
- * (e.g., &dns_default_master_style_default)
+ * Dump the database 'db' to the steam 'f' in the specified format by
+ * 'format'.  If the format is dns_masterformat_text (the RFC1035 format),
+ * 'style' specifies the file style (e.g., &dns_master_style_default).
+ *
+ * dns_master_dumptostream() is an old form of dns_master_dumptostream2(),
+ * which always specifies the dns_masterformat_text format.
  *
  * Temporary dynamic memory may be allocated from 'mctx'.
  *
@@ -239,14 +248,30 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 		   isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg,
 		   dns_dumpctx_t **dctxp);
 
+isc_result_t
+dns_master_dumpinc2(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
+		    const dns_master_style_t *style, const char *filename,
+		    isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg,			    dns_dumpctx_t **dctxp, dns_masterformat_t format);
+
 isc_result_t
 dns_master_dump(isc_mem_t *mctx, dns_db_t *db,
 		dns_dbversion_t *version,
 		const dns_master_style_t *style, const char *filename);
+
+isc_result_t
+dns_master_dump2(isc_mem_t *mctx, dns_db_t *db,
+		 dns_dbversion_t *version,
+		 const dns_master_style_t *style, const char *filename,
+		 dns_masterformat_t format);
+
 /*%<
- * Dump the database 'db' to the file 'filename' in RFC1035 master
- * file format, in the style defined by 'style'
- * (e.g., &dns_default_master_style_default)
+ * Dump the database 'db' to the file 'filename' in the specified format by
+ * 'format'.  If the format is dns_masterformat_text (the RFC1035 format),
+ * 'style' specifies the file style (e.g., &dns_master_style_default).
+ *
+ * dns_master_dumpinc() and dns_master_dump() are old forms of _dumpinc2()
+ * and _dump2(), respectively, which always specify the dns_masterformat_text
+ * format.
  *
  * Temporary dynamic memory may be allocated from 'mctx'.
  *
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index d3aec3bad3..cf77d16a1d 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.115 2005/05/19 04:59:04 marka Exp $ */
+/* $Id: types.h,v 1.116 2005/06/20 01:03:54 marka Exp $ */
 
 #ifndef DNS_TYPES_H
 #define DNS_TYPES_H 1
@@ -152,6 +152,12 @@ typedef enum {
 	dns_dialuptype_passive = 5
 } dns_dialuptype_t;
 
+typedef enum {
+	dns_masterformat_none = 0,
+	dns_masterformat_text = 1,
+	dns_masterformat_raw = 2
+} dns_masterformat_t;
+
 /*
  * These are generated by gen.c.
  */
diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h
index cf70fba749..7daa709d4f 100644
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.h,v 1.134 2005/05/19 04:59:05 marka Exp $ */
+/* $Id: zone.h,v 1.135 2005/06/20 01:03:55 marka Exp $ */
 
 #ifndef DNS_ZONE_H
 #define DNS_ZONE_H 1
@@ -32,6 +32,7 @@
 #include 
 #include 
 
+#include 
 #include 
 
 typedef enum {
@@ -193,14 +194,23 @@ dns_zone_getorigin(dns_zone_t *zone);
 
 isc_result_t
 dns_zone_setfile(dns_zone_t *zone, const char *file);
+
+isc_result_t
+dns_zone_setfile2(dns_zone_t *zone, const char *file,
+		  dns_masterformat_t format);
 /*%<
- *	Sets the name of the master file from which the zone
- *	loads its database to 'file'.  For zones that have
- *	no associated master file, 'file' will be NULL.
+ *    Sets the name of the master file in the format of 'format' from which
+ *    the zone loads its database to 'file'.
+ *
+ *    For zones that have no associated master file, 'file' will be NULL.
  *
  *	For zones with persistent databases, the file name
  *	setting is ignored.
  *
+ *    dns_zone_setfile() is a backward-compatible form of
+ *    dns_zone_setfile2(), which always specifies the
+ *    dns_masterformat_text (RFC1035) format.
+ *
  * Require:
  *\li	'zone' to be a valid zone.
  *
@@ -390,8 +400,21 @@ dns_zone_dump(dns_zone_t *zone);
 
 isc_result_t
 dns_zone_dumptostream(dns_zone_t *zone, FILE *fd);
+
+isc_result_t
+dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
+		       const dns_master_style_t *style);
 /*%<
- *	Write the zone to stream 'fd'.
+ *    Write the zone to stream 'fd' in the specified 'format'.
+ *    If the 'format' is dns_masterformat_text (RFC1035), 'style' also
+ *    specifies the file style (e.g., &dns_master_style_default).
+ *
+ *    dns_zone_dumptostream() is a backward-compatible form of
+ *    dns_zone_dumptostream2(), which always uses the dns_masterformat_text
+ *    format and the dns_master_style_default style.
+ *
+ *    Note that dns_zone_dumptostream2() is the most flexible form.  It
+ *    can also provide the functionality of dns_zone_fulldumptostream().
  *
  * Require:
  *\li	'zone' to be a valid zone.
diff --git a/lib/dns/master.c b/lib/dns/master.c
index a697dbe4e6..24203e22cb 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: master.c,v 1.154 2005/06/04 00:18:54 marka Exp $ */
+/* $Id: master.c,v 1.155 2005/06/20 01:03:53 marka Exp $ */
 
 /*! \file */
 
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -97,12 +98,21 @@ typedef struct dns_incctx dns_incctx_t;
 struct dns_loadctx {
 	unsigned int		magic;
 	isc_mem_t		*mctx;
-	isc_lex_t		*lex;
-	isc_boolean_t		keep_lex;
+	dns_masterformat_t	format;
+
 	dns_rdatacallbacks_t	*callbacks;
 	isc_task_t		*task;
 	dns_loaddonefunc_t	done;
 	void			*done_arg;
+
+	/* Common methods */
+	isc_result_t		(*openfile)(dns_loadctx_t *lctx,
+					    const char *filename);
+	isc_result_t		(*load)(dns_loadctx_t *lctx);
+
+	/* Members specific to the text format: */
+	isc_lex_t		*lex;
+	isc_boolean_t		keep_lex;
 	unsigned int		options;
 	isc_boolean_t		ttl_known;
 	isc_boolean_t		default_ttl_known;
@@ -115,6 +125,11 @@ struct dns_loadctx {
 	dns_rdataclass_t	zclass;
 	dns_fixedname_t		fixed_top;
 	dns_name_t		*top;			/*%< top of zone */
+
+	/* Members specific to the raw format: */
+	FILE			*f;
+	isc_boolean_t		first;
+
 	/* Which fixed buffers we are using? */
 	unsigned int		loop_cnt;		/*% records per quantum,
 							 * 0 => all. */
@@ -146,6 +161,18 @@ struct dns_incctx {
 
 #define DNS_AS_STR(t) ((t).value.as_textregion.base)
 
+static isc_result_t
+openfile_text(dns_loadctx_t *lctx, const char *master_file);
+
+static isc_result_t
+openfile_raw(dns_loadctx_t *lctx, const char *master_file);
+
+static isc_result_t
+load_text(dns_loadctx_t *lctx);
+
+static isc_result_t
+load_raw(dns_loadctx_t *lctx);
+
 static isc_result_t
 pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx);
 
@@ -408,6 +435,7 @@ incctx_destroy(isc_mem_t *mctx, dns_incctx_t *ictx) {
 static void
 loadctx_destroy(dns_loadctx_t *lctx) {
 	isc_mem_t *mctx;
+	isc_result_t result;
 
 	REQUIRE(DNS_LCTX_VALID(lctx));
 
@@ -415,6 +443,15 @@ loadctx_destroy(dns_loadctx_t *lctx) {
 	if (lctx->inc != NULL)
 		incctx_destroy(lctx->mctx, lctx->inc);
 
+	if (lctx->f != NULL) {
+		result = isc_stdio_close(lctx->f);
+		if (result != ISC_R_SUCCESS) {
+			UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "isc_stdio_close() failed: %s",
+					 isc_result_totext(result));
+		}
+	}
+
 	/* isc_lex_destroy() will close all open streams */
 	if (lctx->lex != NULL && !lctx->keep_lex)
 		isc_lex_destroy(&lctx->lex);
@@ -464,7 +501,8 @@ incctx_create(isc_mem_t *mctx, dns_name_t *origin, dns_incctx_t **ictxp) {
 }
 
 static isc_result_t
-loadctx_create(isc_mem_t *mctx, unsigned int options, dns_name_t *top,
+loadctx_create(dns_masterformat_t format, isc_mem_t *mctx,
+	       unsigned int options, dns_name_t *top,
 	       dns_rdataclass_t zclass, dns_name_t *origin,
 	       dns_rdatacallbacks_t *callbacks, isc_task_t *task,
 	       dns_loaddonefunc_t done, void *done_arg, isc_lex_t *lex,
@@ -503,6 +541,20 @@ loadctx_create(isc_mem_t *mctx, unsigned int options, dns_name_t *top,
 	if (result != ISC_R_SUCCESS) 
 		goto cleanup_ctx;
 
+	lctx->format = format;
+	switch (format) {
+	default:
+		INSIST(0);
+	case dns_masterformat_text:
+		lctx->openfile = openfile_text;
+		lctx->load = load_text;
+		break;
+	case dns_masterformat_raw:
+		lctx->openfile = openfile_raw;
+		lctx->load = load_raw;
+		break;
+	}
+
 	if (lex != NULL) {
 		lctx->lex = lex;
 		lctx->keep_lex = ISC_TRUE;
@@ -537,6 +589,9 @@ loadctx_create(isc_mem_t *mctx, unsigned int options, dns_name_t *top,
 	dns_name_toregion(top, &r);
 	dns_name_fromregion(lctx->top, &r);
 
+	lctx->f = NULL;
+	lctx->first = ISC_TRUE;
+
 	lctx->loop_cnt = (done != NULL) ? 100 : 0;
 	lctx->callbacks = callbacks;
 	lctx->task = NULL;
@@ -642,6 +697,25 @@ genname(char *name, int it, char *buffer, size_t length) {
 	return (ISC_R_SUCCESS);
 }
 
+static isc_result_t
+openfile_text(dns_loadctx_t *lctx, const char *master_file) {
+	return (isc_lex_openfile(lctx->lex, master_file));
+}
+
+static isc_result_t
+openfile_raw(dns_loadctx_t *lctx, const char *master_file) {
+	isc_result_t result;
+
+	result = isc_stdio_open(master_file, "r", &lctx->f);
+	if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "isc_stdio_open() failed: %s",
+				 isc_result_totext(result));		
+	}
+
+	return (result);
+}
+
 static isc_result_t
 generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
 	 const char *source, unsigned int line)
@@ -884,7 +958,7 @@ check_wildcard(dns_incctx_t *ictx, const char *source, unsigned long line,
 }
 
 static isc_result_t
-load(dns_loadctx_t *lctx) {
+load_text(dns_loadctx_t *lctx) {
 	dns_rdataclass_t rdclass;
 	dns_rdatatype_t type, covers;
 	isc_uint32_t ttl_offset = 0;
@@ -1914,7 +1988,7 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) {
 		new->drop = ictx->drop;
 	}
 
-	result = isc_lex_openfile(lctx->lex, master_file);
+	result = (lctx->openfile)(lctx, master_file);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 	new->parent = ictx;
@@ -1927,25 +2001,349 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) {
 	return (result);
 }
 
+static inline isc_result_t
+read_and_check(isc_boolean_t do_read, isc_buffer_t *buffer,
+	       size_t len, FILE *f)
+{
+	isc_result_t result;
+
+	if (do_read) {
+		INSIST(isc_buffer_availablelength(buffer) >= len);
+		result = isc_stdio_read(isc_buffer_used(buffer), 1, len,
+					f, NULL);
+		if (result != ISC_R_SUCCESS)
+			return (result);
+		isc_buffer_add(buffer, len);
+	} else if (isc_buffer_remaininglength(buffer) < len)
+		return (ISC_R_RANGE);
+
+	return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+load_raw(dns_loadctx_t *lctx) {
+	isc_result_t result = ISC_R_SUCCESS;
+	isc_boolean_t done = ISC_FALSE;
+	unsigned int loop_cnt = 0;
+	dns_rdatacallbacks_t *callbacks;
+	unsigned char namebuf[DNS_NAME_MAXWIRE];
+	isc_region_t r;
+	dns_name_t name;
+	rdatalist_head_t head, dummy;
+	dns_rdatalist_t rdatalist;
+	isc_mem_t *mctx = lctx->mctx;
+	dns_rdata_t *rdata = NULL;
+	unsigned int rdata_size = 0;
+	int target_size = TSIZ;
+	isc_buffer_t target;
+	unsigned char *target_mem = NULL;
+
+	REQUIRE(DNS_LCTX_VALID(lctx));
+	callbacks = lctx->callbacks;
+
+	if (lctx->first) {
+		dns_masterrawheader_t header;
+		isc_uint32_t format, version, dumptime;
+		size_t hdrlen = sizeof(format) + sizeof(version) +
+			sizeof(dumptime);
+
+		INSIST(hdrlen <= sizeof(header));
+		isc_buffer_init(&target, &header, sizeof(header));
+
+		result = isc_stdio_read(&header, 1, hdrlen, lctx->f, NULL);
+		if (result != ISC_R_SUCCESS) {
+			UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "isc_stdio_read failed: %s",
+					 isc_result_totext(result));
+			return (result);
+		}
+		isc_buffer_add(&target, hdrlen);
+		format = isc_buffer_getuint32(&target);
+		if (format != dns_masterformat_raw) {
+			(*callbacks->error)(callbacks,
+					    "dns_master_load: "
+					    "file format mismatch");
+			return (ISC_R_NOTIMPLEMENTED);
+		}
+
+		version = isc_buffer_getuint32(&target);
+		if (version > DNS_RAWFORMAT_VERSION) {
+			(*callbacks->error)(callbacks,
+					    "dns_master_load: "
+					    "unsupported file format version");
+			return (ISC_R_NOTIMPLEMENTED);
+		}
+
+		/* Empty read: currently, we do not use dumptime */
+		dumptime = isc_buffer_getuint32(&target);
+
+		lctx->first = ISC_FALSE;
+	}
+
+	ISC_LIST_INIT(head);
+	ISC_LIST_INIT(dummy);
+	dns_rdatalist_init(&rdatalist);
+
+	/*
+	 * Allocate target_size of buffer space.  This is greater than twice
+	 * the maximum individual RR data size.
+	 */
+	target_mem = isc_mem_get(mctx, target_size);
+	if (target_mem == NULL) {
+		result = ISC_R_NOMEMORY;
+		goto cleanup;
+	}
+	isc_buffer_init(&target, target_mem, target_size);
+
+	/*
+	 * In the following loop, we regard any error fatal regardless of
+	 * whether "MANYERRORS" is set in the context option.  This is because
+	 * normal errors should already have been checked at creation time.
+	 * Besides, it is very unlikely that we can recover from an error
+	 * in this format, and so trying to continue parsing erroneous data
+	 * does not really make sense.
+	 */
+	for (loop_cnt = 0;
+	     (lctx->loop_cnt == 0 || loop_cnt < lctx->loop_cnt);
+	     loop_cnt++) {
+		dns_masterrawrdataset_t rawrrset;
+		unsigned int i, rdcount, consumed_name;
+		isc_uint16_t namelen;
+		isc_uint32_t totallen;
+		size_t minlen, readlen;
+		isc_boolean_t sequential_read = ISC_FALSE;
+
+		/* Read the data length */
+		isc_buffer_clear(&target);
+		INSIST(isc_buffer_availablelength(&target) >=
+		       sizeof(totallen));
+		result = isc_stdio_read(target.base, 1, sizeof(totallen),
+					lctx->f, NULL);
+		if (result == ISC_R_EOF) {
+			result = ISC_R_SUCCESS;
+			done = ISC_TRUE;
+			break;
+		}
+		if (result != ISC_R_SUCCESS)
+			goto cleanup;
+		isc_buffer_add(&target, sizeof(totallen));
+		totallen = isc_buffer_getuint32(&target);
+		/*
+		 * Validation: the input data must at least contain the common
+		 * header.
+		 */
+		minlen = sizeof(totallen) + sizeof(isc_uint16_t) +
+			sizeof(isc_uint16_t) + sizeof(isc_uint16_t) +
+			sizeof(isc_uint32_t) + sizeof(isc_uint32_t);
+		if (totallen < minlen) {
+			result = ISC_R_RANGE;
+			goto cleanup;
+		}
+		totallen -= sizeof(totallen);
+
+		isc_buffer_clear(&target);
+		if (totallen > isc_buffer_availablelength(&target)) {
+			/*
+			 * The default buffer size should typically be large
+			 * enough to store the entire RRset.  We could try to
+			 * allocate enough space if this is not the case, but
+			 * it might cause a hazardous result when "totallen"
+			 * is forged.  Thus, we'd rather take an inefficient
+			 * but robust approach in this atypical case: read
+			 * data step by step, and commit partial data when
+			 * necessary.  Note that the buffer must be large
+			 * enough to store the "header part", owner name, and
+			 * at least one rdata (however large it is).
+			 */
+			sequential_read = ISC_TRUE;
+			readlen = minlen - sizeof(totallen);
+		} else {
+			/*
+			 * Typical case.  We can read the whole RRset at once
+			 * with the default buffer.
+			 */
+			readlen = totallen;
+		}
+		result = isc_stdio_read(target.base, 1, readlen,
+					lctx->f, NULL);
+		if (result != ISC_R_SUCCESS)
+			goto cleanup;
+		isc_buffer_add(&target, readlen);
+
+		/* Construct RRset headers */
+		rdatalist.rdclass = isc_buffer_getuint16(&target);
+		rdatalist.type = isc_buffer_getuint16(&target);
+		rdatalist.covers = isc_buffer_getuint16(&target);
+		rdatalist.ttl =  isc_buffer_getuint32(&target);
+		rdcount = isc_buffer_getuint32(&target);
+		INSIST(isc_buffer_consumedlength(&target) <= readlen);
+
+		/* Owner name: length followed by name */
+		result = read_and_check(sequential_read, &target,
+					sizeof(namelen), lctx->f);
+		if (result != ISC_R_SUCCESS)
+			goto cleanup;
+		namelen = isc_buffer_getuint16(&target);
+		if (namelen > sizeof(namebuf)) {
+			result = ISC_R_RANGE;
+			goto cleanup;
+		}
+
+		result = read_and_check(sequential_read, &target, namelen,
+					lctx->f);
+		if (result != ISC_R_SUCCESS)
+			goto cleanup;
+		isc_buffer_setactive(&target, (unsigned int)namelen);
+		isc_buffer_activeregion(&target, &r);
+		dns_name_init(&name, NULL);
+		dns_name_fromregion(&name, &r);
+		isc_buffer_forward(&target, (unsigned int)namelen);
+		consumed_name = isc_buffer_consumedlength(&target);
+
+		/* Rdata contents. */
+		if (rdcount > rdata_size) {
+			dns_rdata_t *new_rdata = NULL;
+
+			new_rdata = grow_rdata(rdata_size + RDSZ, rdata,
+					       rdata_size, &head,
+					       &dummy, mctx);
+			if (new_rdata == NULL) {
+				result = ISC_R_NOMEMORY;
+				goto cleanup;
+			}
+			rdata_size += RDSZ;
+			rdata = new_rdata;
+		}
+
+	continue_read:
+		for (i = 0; i < rdcount; i++) {
+			isc_uint16_t rdlen;
+
+			dns_rdata_init(&rdata[i]);
+			
+			if (sequential_read &&
+			    isc_buffer_availablelength(&target) < MINTSIZ) {
+				unsigned int j;
+
+				INSIST(i > 0); /* detect an infinite loop */
+
+				/* Partial Commit. */
+				ISC_LIST_APPEND(head, &rdatalist, link);
+				result = commit(callbacks, lctx, &head, &name,
+						NULL, 0);
+				for (j = 0; j < i; j++) {
+					ISC_LIST_UNLINK(rdatalist.rdata,
+							&rdata[j], link);
+					dns_rdata_reset(&rdata[j]);
+				}
+				if (result != ISC_R_SUCCESS)
+					goto cleanup;
+
+				/* Rewind the buffer and continue */
+				isc_buffer_clear(&target);
+				isc_buffer_add(&target, consumed_name);
+				isc_buffer_forward(&target, consumed_name);
+
+				rdcount -= i;
+				i = 0;
+
+				goto continue_read;
+			}
+
+			/* rdata length */
+			result = read_and_check(sequential_read, &target,
+						sizeof(rdlen), lctx->f);
+			if (result != ISC_R_SUCCESS)
+				goto cleanup;
+			rdlen = isc_buffer_getuint16(&target);
+
+			/* rdata */
+			result = read_and_check(sequential_read, &target,
+						rdlen, lctx->f);
+			if (result != ISC_R_SUCCESS)
+				goto cleanup;
+			isc_buffer_setactive(&target, (unsigned int)rdlen);
+			isc_buffer_activeregion(&target, &r);
+			isc_buffer_forward(&target, (unsigned int)rdlen);
+			dns_rdata_fromregion(&rdata[i], rawrrset.rdclass,
+					     rdatalist.type, &r);
+
+			ISC_LIST_APPEND(rdatalist.rdata, &rdata[i], link);
+		}
+
+		/*
+		 * Sanity check.  Still having remaining space is not
+		 * necessarily critical, but it very likely indicates broken
+		 * or malformed data.
+		 */
+		if (isc_buffer_remaininglength(&target) != 0) {
+			result = ISC_R_RANGE;
+			goto cleanup;
+		}
+
+		ISC_LIST_APPEND(head, &rdatalist, link);
+
+		/* Commit this RRset.  rdatalist will be unlinked. */
+		result = commit(callbacks, lctx, &head, &name, NULL, 0);
+
+		for (i = 0; i < rdcount; i++) {
+			ISC_LIST_UNLINK(rdatalist.rdata, &rdata[i], link);
+			dns_rdata_reset(&rdata[i]);
+		}
+
+		if (result != ISC_R_SUCCESS)
+			goto cleanup;
+	}
+
+	if (!done) {
+		INSIST(lctx->done != NULL && lctx->task != NULL);
+		result = DNS_R_CONTINUE;
+	} else if (result == ISC_R_SUCCESS && lctx->result != ISC_R_SUCCESS)
+		result = lctx->result;
+
+ cleanup:
+	if (rdata != NULL)
+		isc_mem_put(mctx, rdata, rdata_size * sizeof(*rdata));
+	if (target_mem != NULL)
+		isc_mem_put(mctx, target_mem, target_size);
+	if (result != ISC_R_SUCCESS && result != DNS_R_CONTINUE) {
+		(*callbacks->error)(callbacks, "dns_master_load: %s",
+				    dns_result_totext(result));
+	}
+
+	return (result);
+}
+
 isc_result_t
 dns_master_loadfile(const char *master_file, dns_name_t *top,
 		    dns_name_t *origin,
 		    dns_rdataclass_t zclass, unsigned int options,
 		    dns_rdatacallbacks_t *callbacks, isc_mem_t *mctx)
+{
+	return (dns_master_loadfile2(master_file, top, origin, zclass, options,
+				     callbacks, mctx, dns_masterformat_text));
+}
+
+isc_result_t
+dns_master_loadfile2(const char *master_file, dns_name_t *top,
+		     dns_name_t *origin,
+		     dns_rdataclass_t zclass, unsigned int options,
+		     dns_rdatacallbacks_t *callbacks, isc_mem_t *mctx,
+		     dns_masterformat_t format)
 {
 	dns_loadctx_t *lctx = NULL;
 	isc_result_t result;
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
+	result = loadctx_create(format, mctx, options, top, zclass, origin,
 				callbacks, NULL, NULL, NULL, NULL, &lctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	result = isc_lex_openfile(lctx->lex, master_file);
+	result = (lctx->openfile)(lctx, master_file);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
-	result = load(lctx);
+	result = (lctx->load)(lctx);
 	INSIST(result != DNS_R_CONTINUE);
 
  cleanup:
@@ -1960,19 +2358,33 @@ dns_master_loadfileinc(const char *master_file, dns_name_t *top,
 		       unsigned int options, dns_rdatacallbacks_t *callbacks,
 		       isc_task_t *task, dns_loaddonefunc_t done,
 		       void *done_arg, dns_loadctx_t **lctxp, isc_mem_t *mctx)
+{
+	return (dns_master_loadfileinc2(master_file, top, origin, zclass,
+					options, callbacks, task, done,
+					done_arg, lctxp, mctx,
+					dns_masterformat_text));
+}
+
+isc_result_t
+dns_master_loadfileinc2(const char *master_file, dns_name_t *top,
+			dns_name_t *origin, dns_rdataclass_t zclass,
+			unsigned int options, dns_rdatacallbacks_t *callbacks,
+			isc_task_t *task, dns_loaddonefunc_t done,
+			void *done_arg, dns_loadctx_t **lctxp, isc_mem_t *mctx,
+			dns_masterformat_t format)
 {
 	dns_loadctx_t *lctx = NULL;
 	isc_result_t result;
-	
+
 	REQUIRE(task != NULL);
 	REQUIRE(done != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
+	result = loadctx_create(format, mctx, options, top, zclass, origin,
 				callbacks, task, done, done_arg, NULL, &lctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	result = isc_lex_openfile(lctx->lex, master_file);
+	result = (lctx->openfile)(lctx, master_file);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
@@ -1998,8 +2410,9 @@ dns_master_loadstream(FILE *stream, dns_name_t *top, dns_name_t *origin,
 
 	REQUIRE(stream != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
-				callbacks, NULL, NULL, NULL, NULL, &lctx);
+	result = loadctx_create(dns_masterformat_text, mctx, options, top,
+				zclass, origin, callbacks, NULL, NULL, NULL,
+				NULL, &lctx);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
@@ -2007,7 +2420,7 @@ dns_master_loadstream(FILE *stream, dns_name_t *top, dns_name_t *origin,
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
-	result = load(lctx);
+	result = (lctx->load)(lctx);
 	INSIST(result != DNS_R_CONTINUE);
 
  cleanup:
@@ -2030,8 +2443,9 @@ dns_master_loadstreaminc(FILE *stream, dns_name_t *top, dns_name_t *origin,
 	REQUIRE(task != NULL);
 	REQUIRE(done != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
-				callbacks, task, done, done_arg, NULL, &lctx);
+	result = loadctx_create(dns_masterformat_text, mctx, options, top,
+				zclass, origin, callbacks, task, done,
+				done_arg, NULL, &lctx);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
@@ -2062,8 +2476,9 @@ dns_master_loadbuffer(isc_buffer_t *buffer, dns_name_t *top,
 
 	REQUIRE(buffer != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
-				callbacks, NULL, NULL, NULL, NULL, &lctx);
+	result = loadctx_create(dns_masterformat_text, mctx, options, top,
+				zclass, origin, callbacks, NULL, NULL, NULL,
+				NULL, &lctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
@@ -2071,7 +2486,7 @@ dns_master_loadbuffer(isc_buffer_t *buffer, dns_name_t *top,
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
-	result = load(lctx);
+	result = (lctx->load)(lctx);
 	INSIST(result != DNS_R_CONTINUE);
 
  cleanup:
@@ -2095,8 +2510,9 @@ dns_master_loadbufferinc(isc_buffer_t *buffer, dns_name_t *top,
 	REQUIRE(task != NULL);
 	REQUIRE(done != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
-				callbacks, task, done, done_arg, NULL, &lctx);
+	result = loadctx_create(dns_masterformat_text, mctx, options, top,
+				zclass, origin, callbacks, task, done,
+				done_arg, NULL, &lctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
@@ -2127,12 +2543,13 @@ dns_master_loadlexer(isc_lex_t *lex, dns_name_t *top,
 
 	REQUIRE(lex != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
-				callbacks, NULL, NULL, NULL, lex, &lctx);
+	result = loadctx_create(dns_masterformat_text, mctx, options, top,
+				zclass, origin, callbacks, NULL, NULL, NULL,
+				lex, &lctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	result = load(lctx);
+	result = (lctx->load)(lctx);
 	INSIST(result != DNS_R_CONTINUE);
 
 	dns_loadctx_detach(&lctx);
@@ -2154,8 +2571,9 @@ dns_master_loadlexerinc(isc_lex_t *lex, dns_name_t *top,
 	REQUIRE(task != NULL);
 	REQUIRE(done != NULL);
 
-	result = loadctx_create(mctx, options, top, zclass, origin,
-				callbacks, task, done, done_arg, lex, &lctx);
+	result = loadctx_create(dns_masterformat_text, mctx, options, top,
+				zclass, origin, callbacks, task, done,
+				done_arg, lex, &lctx);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
@@ -2316,9 +2734,15 @@ commit(dns_rdatacallbacks_t *callbacks, dns_loadctx_t *lctx,
 		} else if (result != ISC_R_SUCCESS) {
 			dns_name_format(owner, namebuf,
 					sizeof(namebuf));
-			(*error)(callbacks, "%s: %s:%lu: %s: %s",
-				 "dns_master_load", source, line,
-				 namebuf, dns_result_totext(result));
+			if (source != NULL) {
+				(*error)(callbacks, "%s: %s:%lu: %s: %s",
+					 "dns_master_load", source, line,
+					 namebuf, dns_result_totext(result));
+			} else {
+				(*error)(callbacks, "%s: %s: %s",
+					 "dns_master_load", namebuf,
+					 dns_result_totext(result));
+			}
 		}
 		if (MANYERRS(lctx, result))
 			SETRESULT(lctx, result);
@@ -2377,7 +2801,7 @@ load_quantum(isc_task_t *task, isc_event_t *event) {
 	if (lctx->canceled)
 		result = ISC_R_CANCELED;
 	else
-		result = load(lctx);
+		result = (lctx->load)(lctx);
 	if (result == DNS_R_CONTINUE) {
 		event->ev_arg = lctx;
 		isc_task_send(task, &event);
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
index 0800f29c19..72327d9558 100644
--- a/lib/dns/masterdump.c
+++ b/lib/dns/masterdump.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: masterdump.c,v 1.77 2005/04/29 00:22:48 marka Exp $ */
+/* $Id: masterdump.c,v 1.78 2005/06/20 01:03:53 marka Exp $ */
 
 /*! \file */
 
@@ -38,6 +38,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -173,6 +174,11 @@ struct dns_dumpctx {
 	/* dns_master_dumpinc() */
 	char			*file;
 	char 			*tmpfile;
+	dns_masterformat_t	format;
+	isc_result_t		(*dumpsets)(isc_mem_t *mctx, dns_name_t *name,
+					    dns_rdatasetiter_t *rdsiter,
+					    dns_totext_ctx_t *ctx,
+					    isc_buffer_t *buffer, FILE *f);
 };
 
 #define NXDOMAIN(x) (((x)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) 
@@ -776,9 +782,9 @@ static const char *trustnames[] = {
 };
 
 static isc_result_t
-dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter,
-	       dns_totext_ctx_t *ctx,
-	       isc_buffer_t *buffer, FILE *f)
+dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name,
+		    dns_rdatasetiter_t *rdsiter, dns_totext_ctx_t *ctx,
+		    isc_buffer_t *buffer, FILE *f)
 {
 	isc_result_t itresult, dumpresult;
 	isc_region_t r;
@@ -850,6 +856,145 @@ dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter,
 	return (itresult);
 }
 
+/*
+ * Dump given RRsets in the "raw" format.
+ */
+static isc_result_t
+dump_rdataset_raw(isc_mem_t *mctx, dns_name_t *name, dns_rdataset_t *rdataset,
+		  isc_buffer_t *buffer, FILE *f)
+{
+	isc_result_t result;
+	isc_uint32_t totallen;
+	isc_uint16_t dlen;
+	isc_region_t r, r_hdr;
+
+	REQUIRE(buffer->length > 0);
+	REQUIRE(DNS_RDATASET_VALID(rdataset));
+
+ restart:
+	totallen = 0;
+	result = dns_rdataset_first(rdataset);
+	REQUIRE(result == ISC_R_SUCCESS);
+
+	isc_buffer_clear(buffer);
+
+	/*
+	 * Common header and owner name (length followed by name)
+	 * These fields should be in a moderate length, so we assume we
+	 * can store all of them in the initial buffer.
+	 */
+	isc_buffer_availableregion(buffer, &r_hdr);
+	INSIST(r_hdr.length >= sizeof(dns_masterrawrdataset_t));
+	isc_buffer_putuint32(buffer, totallen);	/* XXX: leave space */
+	isc_buffer_putuint16(buffer, rdataset->rdclass); /* 16-bit class */
+	isc_buffer_putuint16(buffer, rdataset->type); /* 16-bit type */
+	isc_buffer_putuint16(buffer, rdataset->covers);	/* same as type */
+	isc_buffer_putuint32(buffer, rdataset->ttl); /* 32-bit TTL */
+	isc_buffer_putuint32(buffer, dns_rdataset_count(rdataset));
+	totallen = isc_buffer_usedlength(buffer);
+	INSIST(totallen <= sizeof(dns_masterrawrdataset_t));
+
+	dns_name_toregion(name, &r);
+	INSIST(isc_buffer_availablelength(buffer) >=
+	       (sizeof(dlen) + r.length));
+	dlen = (isc_uint16_t)r.length;
+	isc_buffer_putuint16(buffer, dlen);
+	isc_buffer_copyregion(buffer, &r);
+	totallen += sizeof(dlen) + r.length;
+
+	do {
+		dns_rdata_t rdata = DNS_RDATA_INIT;
+		isc_region_t r;
+
+		dns_rdataset_current(rdataset, &rdata);
+		dns_rdata_toregion(&rdata, &r);
+		INSIST(r.length <= DNS_NAME_MAXWIRE);
+		dlen = (isc_uint16_t)r.length;
+
+		/*
+		 * Copy the rdata into the buffer.  If the buffer is too small,
+		 * grow it.  This should be rare, so we'll simply restart the
+		 * entire procedure (or should we copy the old data and
+		 * continue?).
+		 */
+		if (isc_buffer_availablelength(buffer) < dlen + r.length) {
+			int newlength;
+			void *newmem;
+
+			newlength = buffer->length * 2;
+			newmem = isc_mem_get(mctx, newlength);
+			if (newmem == NULL)
+				return (ISC_R_NOMEMORY);
+			isc_mem_put(mctx, buffer->base, buffer->length);
+			isc_buffer_init(buffer, newmem, newlength);
+			goto restart;
+		}
+		isc_buffer_putuint16(buffer, dlen);
+		isc_buffer_copyregion(buffer, &r);
+		totallen += sizeof(dlen) + r.length;
+
+		result = dns_rdataset_next(rdataset);
+	} while (result == ISC_R_SUCCESS);
+
+	if (result != ISC_R_NOMORE)
+		return (result);
+
+	/*
+	 * Fill in the total length field.
+	 * XXX: this is a bit tricky.  Since we have already "used" the space
+	 * for the total length in the buffer, we first remember the entire
+	 * buffer length in the region, "rewind", and then write the value.
+	 */
+	isc_buffer_usedregion(buffer, &r);
+	isc_buffer_clear(buffer);
+	isc_buffer_putuint32(buffer, totallen);
+	INSIST(isc_buffer_usedlength(buffer) < totallen);
+
+	/*
+	 * Write the buffer contents to the raw master file.
+	 */
+	result = isc_stdio_write(r.base, 1, (size_t)r.length, f, NULL);
+
+	if (result != ISC_R_SUCCESS) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "raw master file write failed: %s",
+				 isc_result_totext(result));
+		return (result);
+	}
+
+	return (result);
+}
+
+static isc_result_t
+dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name,
+		   dns_rdatasetiter_t *rdsiter, dns_totext_ctx_t *ctx,
+		   isc_buffer_t *buffer, FILE *f)
+{
+	isc_result_t result;
+	dns_rdataset_t rdataset;
+
+	for (result = dns_rdatasetiter_first(rdsiter);
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdatasetiter_next(rdsiter)) {
+
+		dns_rdataset_init(&rdataset);
+		dns_rdatasetiter_current(rdsiter, &rdataset);
+
+		if (rdataset.type == 0 &&
+		    (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {
+			/* Omit negative cache entries */
+		} else {
+			result = dump_rdataset_raw(mctx, name, &rdataset,
+						   buffer, f);
+		}
+		dns_rdataset_disassociate(&rdataset);
+	}
+
+	if (result == ISC_R_NOMORE)
+		result = ISC_R_SUCCESS;
+
+	return (result);
+}
 
 /*
  * Initial size of text conversion buffer.  The buffer is used
@@ -858,7 +1003,7 @@ dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter,
  *
  * When converting rdatasets, it is dynamically resized, but
  * when converting origins, timestamps, etc it is not.  Therefore,
- * the  initial size must large enough to hold the longest possible
+ * the initial size must large enough to hold the longest possible
  * text representation of any domain name (for $ORIGIN).
  */
 static const int initial_buffer_length = 1200;
@@ -1023,7 +1168,8 @@ task_send(dns_dumpctx_t *dctx) {
 
 static isc_result_t
 dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
-	       const dns_master_style_t *style, FILE *f, dns_dumpctx_t **dctxp)
+	       const dns_master_style_t *style, FILE *f, dns_dumpctx_t **dctxp,
+	       dns_masterformat_t format)
 {
 	dns_dumpctx_t *dctx;
 	isc_result_t result;
@@ -1046,6 +1192,19 @@ dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 	dctx->canceled = ISC_FALSE;
 	dctx->file = NULL;
 	dctx->tmpfile = NULL;
+	dctx->format = format;
+
+	switch (format) {
+	case dns_masterformat_text:
+		dctx->dumpsets = dump_rdatasets_text;
+		break;
+	case dns_masterformat_raw:
+		dctx->dumpsets = dump_rdatasets_raw;
+		break;
+	default:
+		INSIST(0);
+		break;
+	}
 
 	result = totext_ctx_init(style, &dctx->tctx);
 	if (result != ISC_R_SUCCESS) {
@@ -1059,8 +1218,11 @@ dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 
 	dctx->do_date = dns_db_iscache(dctx->db);
 
-	relative = ((dctx->tctx.style.flags & DNS_STYLEFLAG_REL_OWNER) != 0) ?
-			ISC_TRUE : ISC_FALSE;
+	if (dctx->format == dns_masterformat_text &&
+	    (dctx->tctx.style.flags & DNS_STYLEFLAG_REL_OWNER) != 0) {
+		relative = ISC_TRUE;
+	} else
+		relative = ISC_FALSE;
 	result = dns_db_createiterator(dctx->db, relative, &dctx->dbiter);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
@@ -1097,6 +1259,8 @@ dumptostreaminc(dns_dumpctx_t *dctx) {
 	dns_name_t *name;
 	dns_fixedname_t fixname;
 	unsigned int nodes;
+	dns_masterrawheader_t rawheader;
+	isc_uint32_t now32;
 
 	bufmem = isc_mem_get(dctx->mctx, initial_buffer_length);
 	if (bufmem == NULL)
@@ -1108,20 +1272,61 @@ dumptostreaminc(dns_dumpctx_t *dctx) {
 	name = dns_fixedname_name(&fixname);
 
 	if (dctx->first) {
-		/*
-		 * If the database has cache semantics, output an RFC2540
-		 * $DATE directive so that the TTLs can be adjusted when
-		 * it is reloaded.  For zones it is not really needed, and
-		 * it would make the file incompatible with pre-RFC2540
-		 * software, so we omit it in the zone case.
-		 */
-		if (dctx->do_date) {
-			result = dns_time32_totext(dctx->now, &buffer);
-			RUNTIME_CHECK(result == ISC_R_SUCCESS);
-			isc_buffer_usedregion(&buffer, &r);
-			fprintf(dctx->f, "$DATE %.*s\n",
-				(int) r.length, (char *) r.base);
+		switch (dctx->format) {
+		case dns_masterformat_text:
+			/*
+			 * If the database has cache semantics, output an
+			 * RFC2540 $DATE directive so that the TTLs can be
+			 * adjusted when it is reloaded.  For zones it is not
+			 * really needed, and it would make the file
+			 * incompatible with pre-RFC2540 software, so we omit
+			 * it in the zone case.
+			 */
+			if (dctx->do_date) {
+				result = dns_time32_totext(dctx->now, &buffer);
+				RUNTIME_CHECK(result == ISC_R_SUCCESS);
+				isc_buffer_usedregion(&buffer, &r);
+				fprintf(dctx->f, "$DATE %.*s\n",
+					(int) r.length, (char *) r.base);
+			}
+			break;
+		case dns_masterformat_raw:
+			r.base = (unsigned char *)&rawheader;
+			r.length = sizeof(rawheader);
+			isc_buffer_region(&buffer, &r);
+			isc_buffer_putuint32(&buffer, dns_masterformat_raw);
+			isc_buffer_putuint32(&buffer, DNS_RAWFORMAT_VERSION);
+			if (sizeof(now32) != sizeof(dctx->now)) {
+				/*
+				 * We assume isc_stdtime_t is a 32-bit integer,
+				 * which should be the case on most cases.
+				 * If it turns out to be uncommon, we'll need
+				 * to bump the version number and revise the
+				 * header format.
+				 */
+				isc_log_write(dns_lctx,
+					      ISC_LOGCATEGORY_GENERAL,
+					      DNS_LOGMODULE_MASTERDUMP,
+					      ISC_LOG_INFO,
+					      "dumping master file in raw "
+					      "format: stdtime is not 32bits");
+				now32 = 0;
+			} else
+				now32 = dctx->now;
+			isc_buffer_putuint32(&buffer, now32);
+			INSIST(isc_buffer_usedlength(&buffer) <=
+			       sizeof(rawheader));
+			result = isc_stdio_write(buffer.base, 1,
+						 isc_buffer_usedlength(&buffer),
+						 dctx->f, NULL);
+			if (result != ISC_R_SUCCESS)
+				return (result);
+			isc_buffer_clear(&buffer);
+			break;
+		default:
+			INSIST(0);
 		}
+
 		result = dns_dbiterator_first(dctx->dbiter);
 		dctx->first = ISC_FALSE;
 	} else
@@ -1150,8 +1355,8 @@ dumptostreaminc(dns_dumpctx_t *dctx) {
 			dns_db_detachnode(dctx->db, &node);
 			goto fail;
 		}
-		result = dump_rdatasets(dctx->mctx, name, rdsiter, &dctx->tctx,
-					&buffer, dctx->f);
+		result = (dctx->dumpsets)(dctx->mctx, name, rdsiter,
+					  &dctx->tctx, &buffer, dctx->f);
 		dns_rdatasetiter_destroy(&rdsiter);
 		if (result != ISC_R_SUCCESS) {
 			dns_db_detachnode(dctx->db, &node);
@@ -1186,7 +1391,8 @@ dns_master_dumptostreaminc(isc_mem_t *mctx, dns_db_t *db,
 	REQUIRE(f != NULL);
 	REQUIRE(done != NULL);
 
-	result = dumpctx_create(mctx, db, version, style, f, &dctx);
+	result = dumpctx_create(mctx, db, version, style, f, &dctx,
+				dns_masterformat_text);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 	isc_task_attach(task, &dctx->task);
@@ -1213,11 +1419,21 @@ dns_master_dumptostream(isc_mem_t *mctx, dns_db_t *db,
 			dns_dbversion_t *version,
 			const dns_master_style_t *style,
 			FILE *f)
+{
+	return (dns_master_dumptostream2(mctx, db, version, style,
+					 dns_masterformat_text, f));
+}
+
+isc_result_t
+dns_master_dumptostream2(isc_mem_t *mctx, dns_db_t *db,
+			 dns_dbversion_t *version,
+			 const dns_master_style_t *style,
+			 dns_masterformat_t format, FILE *f)
 {
 	dns_dumpctx_t *dctx = NULL;
 	isc_result_t result;
 
-	result = dumpctx_create(mctx, db, version, style, f, &dctx);
+	result = dumpctx_create(mctx, db, version, style, f, &dctx, format);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
@@ -1265,6 +1481,17 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 		   const dns_master_style_t *style, const char *filename,
 		   isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg,
 		   dns_dumpctx_t **dctxp)
+{
+	return (dns_master_dumpinc2(mctx, db, version, style, filename, task,
+				    done, done_arg, dctxp,
+				    dns_masterformat_text));
+}
+
+isc_result_t
+dns_master_dumpinc2(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
+		    const dns_master_style_t *style, const char *filename,
+		    isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg,
+		    dns_dumpctx_t **dctxp, dns_masterformat_t format)
 {
 	FILE *f = NULL;
 	isc_result_t result;
@@ -1280,7 +1507,7 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
-	result = dumpctx_create(mctx, db, version, style, f, &dctx);
+	result = dumpctx_create(mctx, db, version, style, f, &dctx, format);
 	if (result != ISC_R_SUCCESS) {
 		(void)isc_stdio_close(f);
 		(void)isc_file_remove(tempname);
@@ -1315,6 +1542,15 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 isc_result_t
 dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 		const dns_master_style_t *style, const char *filename)
+{
+	return (dns_master_dump2(mctx, db, version, style, filename,
+				 dns_masterformat_text));
+}
+
+isc_result_t
+dns_master_dump2(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
+		 const dns_master_style_t *style, const char *filename,
+		 dns_masterformat_t format)
 {
 	FILE *f = NULL;
 	isc_result_t result;
@@ -1325,7 +1561,7 @@ dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	result = dumpctx_create(mctx, db, version, style, f, &dctx);
+	result = dumpctx_create(mctx, db, version, style, f, &dctx, format);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
@@ -1342,6 +1578,7 @@ dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version,
 
 /*
  * Dump a database node into a master file.
+ * XXX: this function assumes the text format.
  */
 isc_result_t
 dns_master_dumpnodetostream(isc_mem_t *mctx, dns_db_t *db,
@@ -1375,7 +1612,7 @@ dns_master_dumpnodetostream(isc_mem_t *mctx, dns_db_t *db,
 	result = dns_db_allrdatasets(db, node, version, now, &rdsiter);
 	if (result != ISC_R_SUCCESS)
 		goto failure;
-	result = dump_rdatasets(mctx, name, rdsiter, &ctx, &buffer, f);
+	result = dump_rdatasets_text(mctx, name, rdsiter, &ctx, &buffer, f);
 	if (result != ISC_R_SUCCESS)
 		goto failure;
 	dns_rdatasetiter_destroy(&rdsiter);
@@ -1454,4 +1691,3 @@ dns_master_styledestroy(dns_master_style_t **stylep, isc_mem_t *mctx) {
 	*stylep = NULL;
 	isc_mem_put(mctx, style, sizeof(*style));
 }
-
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index e3c3c579f4..a324435341 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.208 2005/06/17 01:00:08 marka Exp $ */
+/* $Id: rbtdb.c,v 1.209 2005/06/20 01:03:53 marka Exp $ */
 
 /*! \file */
 
@@ -5191,16 +5191,17 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) {
 }
 
 static isc_result_t
-dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) {
+dump(dns_db_t *db, dns_dbversion_t *version, const char *filename,
+     dns_masterformat_t masterformat) {
 	dns_rbtdb_t *rbtdb;
 
 	rbtdb = (dns_rbtdb_t *)db;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
-	return (dns_master_dump(rbtdb->common.mctx, db, version,
-				&dns_master_style_default,
-				filename));
+	return (dns_master_dump2(rbtdb->common.mctx, db, version,
+				 &dns_master_style_default,
+				 filename, masterformat));
 }
 
 static void
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
index e912426704..fd9d1b8b01 100644
--- a/lib/dns/sdb.c
+++ b/lib/dns/sdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sdb.c,v 1.49 2005/04/29 00:22:51 marka Exp $ */
+/* $Id: sdb.c,v 1.50 2005/06/20 01:03:53 marka Exp $ */
 
 /*! \file */
 
@@ -601,10 +601,12 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) {
 }
 
 static isc_result_t
-dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) {
+dump(dns_db_t *db, dns_dbversion_t *version, const char *filename,
+     dns_masterformat_t masterformat) {
 	UNUSED(db);
 	UNUSED(version);
 	UNUSED(filename);
+	UNUSED(masterformat);
 	return (ISC_R_NOTIMPLEMENTED);
 }
 
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index ece6eb5807..10fd2d5292 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.439 2005/06/10 07:51:54 marka Exp $ */
+/* $Id: zone.c,v 1.440 2005/06/20 01:03:53 marka Exp $ */
 
 /*! \file */
 
@@ -164,6 +164,7 @@ struct dns_zone {
 	unsigned int		irefs;
 	dns_name_t		origin;
 	char			*masterfile;
+	dns_masterformat_t	masterformat;
 	char			*journal;
 	isc_int32_t		journalsize;
 	dns_rdataclass_t	rdclass;
@@ -559,6 +560,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
 	zone->irefs = 0;
 	dns_name_init(&zone->origin, NULL);
 	zone->masterfile = NULL;
+	zone->masterformat =  dns_masterformat_none;
 	zone->keydirectory = NULL;
 	zone->journalsize = -1;
 	zone->journal = NULL;
@@ -936,14 +938,22 @@ dns_zone_setstring(dns_zone_t *zone, char **field, const char *value) {
 
 isc_result_t
 dns_zone_setfile(dns_zone_t *zone, const char *file) {
+	return (dns_zone_setfile2(zone, file, dns_masterformat_text));
+}
+
+isc_result_t
+dns_zone_setfile2(dns_zone_t *zone, const char *file,
+		  dns_masterformat_t format) {
 	isc_result_t result = ISC_R_SUCCESS;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
 	LOCK_ZONE(zone);
 	result = dns_zone_setstring(zone, &zone->masterfile, file);
-	if (result == ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS) {
+		zone->masterformat = format;
 		result = default_journal(zone);
+	}
 	UNLOCK_ZONE(zone);
 
 	return (result);
@@ -1101,8 +1111,8 @@ zone_load(dns_zone_t *zone, unsigned int flags) {
 			if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE) &&
 			    isc_time_compare(&filetime, &zone->loadtime) < 0) {
 				dns_zone_log(zone, ISC_LOG_DEBUG(1),
-					     "skipping load: master file older "
-					     "than last load");
+					     "skipping load: master file "
+					     "older than last load");
 				result = DNS_R_UPTODATE;
 				goto cleanup;
 			}
@@ -1117,9 +1127,10 @@ zone_load(dns_zone_t *zone, unsigned int flags) {
 	     strcmp(zone->db_argv[0], "rbt64") == 0)) {
 		if (zone->masterfile == NULL ||
 		    !isc_file_exists(zone->masterfile)) {
-			if (zone->masterfile != NULL)
+			if (zone->masterfile != NULL) {
 				dns_zone_log(zone, ISC_LOG_DEBUG(1),
 					     "no master file");
+			}
 			zone->refreshtime = now;
 			if (zone->task != NULL)
 				zone_settimer(zone, &now);
@@ -1216,14 +1227,15 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) {
 		options |= DNS_MASTER_CHECKMXFAIL;
 	if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKWILDCARD))
 		options |= DNS_MASTER_CHECKWILDCARD;
-	result = dns_master_loadfileinc(load->zone->masterfile,
-					dns_db_origin(load->db),
-					dns_db_origin(load->db),
-					load->zone->rdclass,
-					options,
-					&load->callbacks, task,
-					zone_loaddone, load,
-					&load->zone->lctx, load->zone->mctx);
+ 	result = dns_master_loadfileinc2(load->zone->masterfile,
+					 dns_db_origin(load->db),
+					 dns_db_origin(load->db),
+					 load->zone->rdclass,
+					 options,
+					 &load->callbacks, task,
+					 zone_loaddone, load,
+					 &load->zone->lctx, load->zone->mctx,
+					 load->zone->masterformat);
 	if (result != ISC_R_SUCCESS && result != DNS_R_CONTINUE &&
 	    result != DNS_R_SEENINCLUDE)
 		goto fail;
@@ -1253,10 +1265,10 @@ zone_gotwritehandle(isc_task_t *task, isc_event_t *event) {
 	LOCK_ZONE(zone);
 	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
 	dns_db_currentversion(zone->db, &version);
-	result = dns_master_dumpinc(zone->mctx, zone->db, version,
-				    &dns_master_style_default,
-				    zone->masterfile, zone->task,
-				    dump_done, zone, &zone->dctx);
+	result = dns_master_dumpinc2(zone->mctx, zone->db, version,
+				     &dns_master_style_default,
+				     zone->masterfile, zone->task, dump_done,
+				     zone, &zone->dctx, zone->masterformat);
 	dns_db_closeversion(zone->db, &version, ISC_FALSE);
 	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 	UNLOCK_ZONE(zone);
@@ -1333,9 +1345,10 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
 					  &callbacks.add_private);
 		if (result != ISC_R_SUCCESS)
 			return (result);
-		result = dns_master_loadfile(zone->masterfile, &zone->origin,
-					     &zone->origin, zone->rdclass,
-					     options, &callbacks, zone->mctx);
+		result = dns_master_loadfile2(zone->masterfile, &zone->origin,
+					      &zone->origin, zone->rdclass,
+					      options, &callbacks, zone->mctx,
+					      zone->masterformat);
 		tresult = dns_db_endload(db, &callbacks.add_private);
 		if (result == ISC_R_SUCCESS)
 			result = tresult;
@@ -3013,6 +3026,7 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
 	isc_boolean_t again;
 	dns_db_t *db = NULL;
 	char *masterfile = NULL;
+	dns_masterformat_t masterformat = dns_masterformat_none;
 
 /*
  * 'compact' MUST only be set if we are task locked.
@@ -3027,8 +3041,10 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
 		dns_db_attach(zone->db, &db);
 	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
 	LOCK_ZONE(zone);
-	if (zone->masterfile != NULL)
+	if (zone->masterfile != NULL) {
 		masterfile = isc_mem_strdup(zone->mctx, zone->masterfile);
+		masterformat = zone->masterformat;
+	}
 	UNLOCK_ZONE(zone);
 	if (db == NULL) {
 		result = DNS_R_NOTLOADED;
@@ -3053,9 +3069,9 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
 		UNLOCK_ZONE(zone);
 	} else {
 		dns_db_currentversion(db, &version);
-		result = dns_master_dump(zone->mctx, db, version,
-					 &dns_master_style_default,
-					 masterfile);
+		result = dns_master_dump2(zone->mctx, db, version,
+					  &dns_master_style_default,
+					  masterfile, masterformat);
 		dns_db_closeversion(db, &version, ISC_FALSE);
 	}
  fail:
@@ -3093,7 +3109,9 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) {
 }
 
 static isc_result_t
-dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style) {
+dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style,
+	     dns_masterformat_t format)
+{
 	isc_result_t result;
 	dns_dbversion_t *version = NULL;
 	dns_db_t *db = NULL;
@@ -3108,20 +3126,29 @@ dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style) {
 		return (DNS_R_NOTLOADED);
 
 	dns_db_currentversion(db, &version);
-	result = dns_master_dumptostream(zone->mctx, db, version, style, fd);
+	result = dns_master_dumptostream2(zone->mctx, db, version, style,
+					  format, fd);
 	dns_db_closeversion(db, &version, ISC_FALSE);
 	dns_db_detach(&db);
 	return (result);
 }
 
+isc_result_t
+dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format,
+		       const dns_master_style_t *style) {
+	return dumptostream(zone, fd, style, format);
+}
+
 isc_result_t
 dns_zone_dumptostream(dns_zone_t *zone, FILE *fd) {
-	return dumptostream(zone, fd, &dns_master_style_default);
+	return dumptostream(zone, fd, &dns_master_style_default,
+			    dns_masterformat_text);
 }
 
 isc_result_t
 dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd) {
-	return dumptostream(zone, fd, &dns_master_style_full);
+	return dumptostream(zone, fd, &dns_master_style_full,
+			    dns_masterformat_text);
 }
 
 void
@@ -6043,7 +6070,8 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) {
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
 				      DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(3),
 				      "dumping new zone version");
-			result = dns_db_dump(db, ver, zone->masterfile);
+			result = dns_db_dump2(db, ver, zone->masterfile,
+					      zone->masterformat);
 			if (result != ISC_R_SUCCESS)
 				goto fail;
 
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index ea4f04cfd8..4f8b78bc66 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.51 2005/06/07 00:27:34 marka Exp $ */
+/* $Id: namedconf.c,v 1.52 2005/06/20 01:03:55 marka Exp $ */
 
 /*! \file */
 
@@ -664,6 +664,12 @@ static cfg_type_t cfg_type_mustbesecure = {
 	&cfg_rep_tuple, mustbesecure_fields
 };
 
+static const char *masterformat_enums[] = { "text", "raw", NULL };
+static cfg_type_t cfg_type_masterformat = {
+	"masterformat", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum,
+	&cfg_rep_string, &masterformat_enums
+};
+
 /*
  * dnssec-lookaside
  */
@@ -764,6 +770,7 @@ zone_clauses[] = {
 	{ "allow-update", &cfg_type_bracketed_aml, 0 },
 	{ "allow-update-forwarding", &cfg_type_bracketed_aml, 0 },
 	{ "allow-notify", &cfg_type_bracketed_aml, 0 },
+	{ "masterfile-format", &cfg_type_masterformat, 0 },
 	{ "notify", &cfg_type_notifytype, 0 },
 	{ "notify-source", &cfg_type_sockaddr4wild, 0 },
 	{ "notify-source-v6", &cfg_type_sockaddr6wild, 0 },
diff --git a/make/rules.in b/make/rules.in
index 61c8d9ef3a..78ec625c92 100644
--- a/make/rules.in
+++ b/make/rules.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: rules.in,v 1.51 2005/05/11 05:55:41 sra Exp $
+# $Id: rules.in,v 1.52 2005/06/20 01:03:55 marka Exp $
 
 ###
 ### Common Makefile rules for BIND 9.
@@ -176,6 +176,7 @@ RANLIB =	@RANLIB@
 
 INSTALL =		@INSTALL@
 INSTALL_PROGRAM =	@INSTALL_PROGRAM@
+LINK_PROGRAM =		@LN_S@
 INSTALL_SCRIPT =	@INSTALL_SCRIPT@
 INSTALL_DATA =		@INSTALL_DATA@
 

From 728a9bec1fe3a56fedfd672e7f34d2d82631d1d7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 20 Jun 2005 01:09:42 +0000
Subject: [PATCH 137/148] missing 

---
 bin/check/named-checkzone.docbook | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index 0539f69cb1..d07c59fff3 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     June 13, 2000
@@ -115,6 +115,7 @@
 	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	named configuration file.
+     
   
 
   

From 147dd9991267a3e4787beb0aedaa842702e759a7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 20 Jun 2005 01:11:57 +0000
Subject: [PATCH 138/148] missing 

---
 doc/arm/Bv9ARM-book.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 6685a4b4da..8977684fc3 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -1061,6 +1061,7 @@ zone "eng.example.com" {
 		  it always dumps the zone content to a specified file
 		  (typically in a different format).
 		
+	      
 	    
             
 

From 7208386cd37a2092c70eddf80cf29519b16c4c80 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 20 Jun 2005 03:30:28 +0000
Subject: [PATCH 139/148] 1817.   [func]          add support for additional
 zone file formats for                         improving loading performance. 
 The masterfile-format                         option in named.conf can be
 used to specify a                         non-default format.  A new separate
 command                         named-compilezone was provided to generate
 zone files                         in a new format.

---
 bin/check/named-checkzone.8    |  27 +++--
 bin/check/named-checkzone.html |  77 +++++++++---
 doc/arm/Bv9ARM.ch03.html       |  14 ++-
 doc/arm/Bv9ARM.ch04.html       |  66 +++++-----
 doc/arm/Bv9ARM.ch05.html       |   6 +-
 doc/arm/Bv9ARM.ch06.html       | 215 ++++++++++++++++++++++-----------
 doc/arm/Bv9ARM.ch07.html       |  14 +--
 doc/arm/Bv9ARM.ch08.html       |  18 +--
 doc/arm/Bv9ARM.ch09.html       |  18 +--
 doc/arm/Bv9ARM.html            | 103 ++++++++--------
 doc/misc/options               |   4 +
 11 files changed, 356 insertions(+), 206 deletions(-)

diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 8e870d54eb..3a64b338d4 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.28 2005/05/19 12:34:32 marka Exp $
+.\" $Id: named-checkzone.8,v 1.29 2005/06/20 03:30:26 marka Exp $
 .\"
 .hy 0
 .ad l
@@ -38,13 +38,17 @@
 ..
 .TH "NAMED-CHECKZONE" 8 "June 13, 2000" "" ""
 .SH NAME
-named-checkzone \- zone file validity checking tool
+named-checkzone, named-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-i\ \fImode\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-m\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-f\ \fIformat\fR\fR] [\fB\-F\ \fIformat\fR\fR] [\fB\-i\ \fImode\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-m\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-s\ \fIstyle\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fImode\fR\fR] {zonename} {filename}
+.HP 18
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-f\ \fIformat\fR\fR] [\fB\-F\ \fIformat\fR\fR] [\fB\-i\ \fImode\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-m\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-s\ \fIstyle\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fImode\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR checks the syntax and integrity of a zone file\&. It performs the same checks as \fBnamed\fR does when loading a zone\&. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server\&.
+.PP
+ \fBnamed\-compilezone\fR is similar to\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format\&. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by \fBnamed\fR\&. When manaully specified otherwise, the check levels must at least be as strict as those specified in the\fBnamed\fR configuration file\&.
 .SH "OPTIONS"
 .TP
 \-d
@@ -69,17 +73,26 @@ Mode \fB"full"\fR checks that SRV records refer to A or AAAA record (both in\-zo
 Mode \fB"full"\fR checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue addresses records in the zone match those advertised by the child\&. Mode \fB"local"\fR only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&.
 Mode \fB"none"\fR disables the checks\&.
 .TP
+\-f \fIformat\fR
+Specify the format of the zone file\&. Possible formats are \fB"text"\fR (default) and \fB"raw"\fR\&.
+.TP
+\-F \fIformat\fR
+Specify the format of the output file specified\&. Possible formats are \fB"text"\fR (default) and \fB"raw"\fR\&. For \fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents\&.
+.TP
 \-k \fImode\fR
-Perform \fB"check\-name"\fR checks with the specified failure mode\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
+Perform \fB"check\-name"\fR checks with the specified failure mode\&. Possible modes are \fB"fail"\fR (default for \fBnamed\-compilezone\fR), \fB"warn"\fR (default for \fBnamed\-checkzone\fR) and \fB"ignore"\fR\&.
 .TP
 \-m \fImode\fR
 Specify whether MX records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
 .TP
 \-n \fImode\fR
-Specify whether NS records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
+Specify whether NS records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR (default for \fBnamed\-compilezone\fR), \fB"warn"\fR (default for \fBnamed\-checkzone\fR) and \fB"ignore"\fR\&.
 .TP
 \-o \fIfilename\fR
-Write zone output to \fIfilename\fR\&.
+Write zone output to \fIfilename\fR\&. This is mandatory for \fBnamed\-compilezone\fR\&.
+.TP
+\-s \fIstyle\fR
+Specify the style of the dumped zone file\&. Possible styles are \fB"full"\fR (default) and \fB"default"\fR\&. The full format is most suitable for processing automatically by a separate script\&. On the other hand, the default format is more human\-readable and is thus suitable for editing by hand\&. For \fBnamed\-checkzone\fR this does not cause any effects unless it dumps the zone contents\&. It also does not have any meaning if the output format is not text\&.
 .TP
 \-t \fIdirectory\fR
 chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
@@ -88,7 +101,7 @@ chroot to \fIdirectory\fR so that include directives in the configuration file a
 chdir to \fIdirectory\fR so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in \fInamed\&.conf\fR\&.
 .TP
 \-D
-Dump zone file in canonical format\&.
+Dump zone file in canonical format\&. This is always enabled for \fBnamed\-compilezone\fR\&.
 .TP
 \-W \fImode\fR
 Specify whether to check for non\-terminal wildcards\&. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034)\&. Possible modes are \fB"warn"\fR (default) and \fB"ignore"\fR\&.
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 2246b1c628..c8640df26f 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -25,23 +25,35 @@
 

 

 
Name

-
named-checkzone — zone file validity checking tool

+
named-checkzone, named-compilezone — zone file validity checking or converting tool

 

 

 
Synopsis

-
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
       zone.  This makes named-checkzone useful for
       checking zone files before configuring them into a name server.
     

+

+        named-compilezone is similar to
+	named-checkzone, but it always dumps the
+        zone contents to a specified file in a specified format.
+	Additionally, it applies stricter check levels by default,
+        since the dump output will be used as an actual zone file
+	loaded by named.
+	When manaully specified otherwise, the check levels must at
+        least be as strict as those specified in the
+	named configuration file.
+     

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -97,12 +109,29 @@
 	      Mode "none" disables the checks.
 	  

 

+
-f format

+

+	    Specify the format of the zone file.
+	    Possible formats are "text" (default)
+	    and "raw".
+	  

+
-F format

+

+	    Specify the format of the output file specified.
+	    Possible formats are "text" (default)
+	    and "raw".
+	    For named-checkzone,
+	    this does not cause any effects unless it dumps the zone
+	    contents.
+	  

 
-k mode

 

-            Perform "check-name" checks with
-            the specified failure mode.
-            Possible modes are "fail",
-            "warn" (default) and
+            Perform "check-name" checks with the
+	    specified failure mode.
+            Possible modes are "fail"
+	    (default for named-compilezone),
+            "warn"
+	    (default for named-checkzone) and
             "ignore".
           

 
-m mode

@@ -115,14 +144,33 @@
 
-n mode

 

             Specify whether NS records should be checked to see if they
-            are addresses.  Possible modes are "fail",
-            "warn" (default) and
+            are addresses.
+	    Possible modes are "fail"
+	    (default for named-compilezone),
+            "warn"
+	    (default for named-checkzone) and
             "ignore".
           

 
-o filename

 

             Write zone output to filename.
+	    This is mandatory for named-compilezone.
           

+
-s style

+

+	    Specify the style of the dumped zone file.
+	    Possible styles are "full" (default)
+	    and "default".
+	    The full format is most suitable for processing
+	    automatically by a separate script.
+	    On the other hand, the default format is more
+	    human-readable and is thus suitable for editing by hand.
+	    For named-checkzone
+	    this does not cause any effects unless it dumps the zone
+	    contents.
+	    It also does not have any meaning if the output format
+	    is not text.
+	  

 
-t directory

 

             chroot to directory so that
@@ -141,6 +189,7 @@
 
-D

 

             Dump zone file in canonical format.
+	    This is always enabled for named-compilezone.
           

 
-W mode

 

@@ -162,21 +211,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       RFC 1035,
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 8c5d5a2646..c829a384da 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -54,7 +54,7 @@
 
Name Server Operations

 

 
Tools for Use With the Name Server Daemon

-
Signals

+
Signals

 

 
 
@@ -414,6 +414,14 @@ zone "eng.example.com" {
 
named-checkzone  [-djqvD] [-c class] [-o output] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-W (ignore|warn)]  zone  [filename]

 
 

+named-compilezone
+

+

+		  Similar to named-checkzone, but
+		  it always dumps the zone content to a specified file
+		  (typically in a different format).
+		

+

 rndc
 

 

@@ -742,7 +750,7 @@ controls {
 
 

 

-Signals

+Signals

 

           Certain UNIX signals cause the name server to take specific
           actions, as described in the following table.  These signals can
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index f755e8f33a..63b72a0b9f 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -49,28 +49,28 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

+
Split DNS

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
 
@@ -199,7 +199,7 @@
 
 

 

-Split DNS

+Split DNS

 

         Setting up different views, or visibility, of the DNS space to
         internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization
@@ -467,7 +467,7 @@ nameserver 172.16.72.4
       

 

 

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

 

           A shared secret is generated to be shared between host1 and host2.
           An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -475,7 +475,7 @@ nameserver 172.16.72.4
         

 

 

-Automatic Generation

+Automatic Generation

 

             The following command will generate a 128 bit (16 byte) HMAC-MD5
             key as described above. Longer keys are better, but shorter keys
@@ -500,7 +500,7 @@ nameserver 172.16.72.4
 
 

 

-Manual Generation

+Manual Generation

 

             The shared secret is simply a random sequence of bits, encoded
             in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -515,7 +515,7 @@ nameserver 172.16.72.4
 
 

 

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

 

           This is beyond the scope of DNS. A secure transport mechanism
           should be used. This could be secure FTP, ssh, telephone, etc.
@@ -523,7 +523,7 @@ nameserver 172.16.72.4
 
 

 

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

 

           Imagine host1 and host 2
           are
@@ -552,7 +552,7 @@ key host1-host2. {
 
 

 

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

 

           Since keys are shared between two hosts only, the server must
           be told when keys are to be used. The following is added to the named.conf file
@@ -584,7 +584,7 @@ server 10.1.2.3 {
 
 

 

-TSIG Key Based Access Control

+TSIG Key Based Access Control

 

           BIND allows IP addresses and ranges
           to be specified in ACL
@@ -612,7 +612,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Errors

+Errors

 

           The processing of TSIG signed messages can result in
           several errors. If a signed message is sent to a non-TSIG aware
@@ -638,7 +638,7 @@ allow-update { key host1-host2. ;};
 
 

 

-TKEY

+TKEY

 
TKEY
         is a mechanism for automatically generating a shared secret
         between two hosts.  There are several "modes" of
@@ -674,7 +674,7 @@ allow-update { key host1-host2. ;};
 
 

 

-SIG(0)

+SIG(0)

 

         BIND 9 partially supports DNSSEC SIG(0)
             transaction signatures as specified in RFC 2535 and RFC2931.
@@ -736,7 +736,7 @@ allow-update { key host1-host2. ;};
       

 

 

-Generating Keys

+Generating Keys

 

           The dnssec-keygen program is used to
           generate keys.
@@ -787,7 +787,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Signing the Zone

+Signing the Zone

 

           The dnssec-signzone program is used
           to
@@ -831,7 +831,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Configuring Servers

+Configuring Servers

 

           Unlike BIND 8,
           BIND 9 does not verify signatures on
@@ -848,7 +848,7 @@ allow-update { key host1-host2. ;};
 
 

 

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

 

         BIND 9 fully supports all currently
         defined forms of IPv6
@@ -892,7 +892,7 @@ allow-update { key host1-host2. ;};
       

 

 

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

 

           The AAAA record is a parallel to the IPv4 A record.  It
           specifies the entire address in a single record.  For
@@ -912,7 +912,7 @@ host            3600    IN      AAAA    2001:db8::1
 
 

 

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

 

           When looking up an address in nibble format, the address
           components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 644471f633..c8ff701471 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,13 +45,13 @@
 

 
Table of Contents

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 

 

 

-The Lightweight Resolver Library

+The Lightweight Resolver Library

 

         Traditionally applications have been linked with a stub resolver
         library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 60123ed303..0ba4352cb4 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,52 +48,53 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

+
Additional File Formats

 

 
 
@@ -411,7 +412,7 @@
 Address Match Lists
 

 

-Syntax

+Syntax

 
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -420,7 +421,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -497,7 +498,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -507,7 +508,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -522,7 +523,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -756,7 +757,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name { 
     address_match_list 
 };
@@ -839,7 +840,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys {  key_list  };
@@ -979,12 +980,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -999,7 +1000,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1008,7 +1009,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1051,7 +1052,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path name
@@ -1075,7 +1076,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1109,7 +1110,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1628,7 +1629,7 @@ category notify { null; };
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1643,7 +1644,7 @@ category notify { null; };
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -1694,14 +1695,14 @@ category notify { null; };
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] } ; 
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
 	  lists allow for a common set of masters to be easily used by
@@ -1710,7 +1711,7 @@ category notify { null; };
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -1831,6 +1832,7 @@ category notify { null; };
     [ use-additional-cache yes_or_no ; ]
     [ acache-cleaning-interval number; ]
     [ max-acache-size size_spec ; ]
+    [ masterfile-format (text|raw) ; ]
 };
 

 
@@ -2693,7 +2695,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -2737,7 +2739,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -2902,7 +2904,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -2982,7 +2984,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
 
 

 

-Query Address

+Query Address

 

             If the server doesn't know the answer to a question, it will
             query other name servers. query-source specifies
@@ -3237,7 +3239,7 @@ query-source-v6 address * port *;
 
 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 
avoid-v4-udp-ports
 	    and avoid-v6-udp-ports specify a list
             of IPv4 and IPv6 UDP ports that will not be used as system
@@ -3251,7 +3253,7 @@ query-source-v6 address * port *;
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3311,7 +3313,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3390,7 +3392,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -3783,6 +3785,31 @@ query-source-v6 address * port *;
                   packets and/or block UDP packets that are greater
                   than 512 bytes.
                 

+
masterfile-format

+
masterfile-format specifies
+		  the file format of zone files (see
+	          the section called “Additional File Formats”).
+	          The default value is text, which is the
+		  standard textual representation.  Files in other formats
+		  than text are typically expected
+		  to be generated by the named-compilezone.
+		  Note that when a zone file in a different format than
+		  text is loaded, named
+	          may omit some of the checks which would be performed for a
+		  file in the text format.  In particular,
+		  check-names checks do not apply
+		  for the raw format.  This means
+		  a zone file in the raw format
+		  must be generated with the same check level as that
+		  specified in the named configuration
+		  file.  This statement sets the
+		  masterfile-format for all zones,
+		  but can be overridden on a per-zone / per-view basis
+		  by including a masterfile-format
+		  statement within the zone or
+		  view block in the configuration
+		  file.
+	        

 

 
 

@@ -4222,7 +4249,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4231,7 +4258,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4270,7 +4297,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             new feature
@@ -4406,6 +4433,7 @@ view "external" {
     [ dialup dialup_option ; ]
     [ delegation-only yes_or_no ; ]
     [ file string ; ]
+    [ masterfile-format (text|raw) ; ]
     [ journal string ; ]
     [ forward (only|first) ; ]
     [ forwarders { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
@@ -4442,10 +4470,10 @@ view "external" {
 
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 

 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
@@ -4654,7 +4682,7 @@ view "external" {
 

 

-Class

+Class

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -4676,7 +4704,7 @@ view "external" {
 
 

 

-Zone Options

+Zone Options

 
journal

 

@@ -4930,9 +4958,14 @@ view "external" {
                   

 
multi-master

 

-                    See the description of
-                    multi-master in the section called “Boolean Options”.
+                    See the description of multi-master in
+		    the section called “Boolean Options”.
                   

+
masterfile-format

+

+		    See the description of masterfile-format
+		    in the section called “Tuning”.
+		  

 

@@ -5110,7 +5143,7 @@ view "external" {
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -5123,7 +5156,7 @@ view "external" {
           

 

 

-Resource Records

+Resource Records

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -5712,7 +5745,7 @@ view "external" {
 
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -5919,7 +5952,7 @@ view "external" {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -6176,7 +6209,7 @@ view "external" {
 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -6237,7 +6270,7 @@ view "external" {
 
 

 

-Other Zone File Directives

+Other Zone File Directives

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -6252,7 +6285,7 @@ view "external" {
           

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
 	      domain-name
@@ -6280,7 +6313,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -6316,7 +6349,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -6335,7 +6368,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
 	    range
@@ -6494,6 +6527,48 @@ $GENERATE 1-127 $ CNAME $.0
             BIND 8 does not support the optional TTL and CLASS fields.
           

+

+

+Additional File Formats

+

+	    In addition to the standard textual format, BIND 9
+	    supports the ability to read or dump to zone files in
+	    other formats.  The raw format is
+	    currently available as an additional format.  It is a
+	    binary format representing BIND 9's internal data
+	    structure directly, thereby remarkably improving the
+	    loading time.
+	  

+

+	    For a primary server, a zone file in the
+	    raw format is expected to be
+	    generated from a textual zone file by the
+	    named-compilezone command.  For a
+	    secondary server or for a dynamic zone, it is automatically
+	    generated (if this format is specified by the
+	    masterfile-format option) when
+	    named dumps the zone contents after
+	    zone transfer or when applying prior updates.
+	  

+

+	    If a zone file in a binary format needs manual modification,
+	    it first must be converted to a textual form by the
+	    named-compilezone command.  All
+	    necessary modification should go to the text file, which
+	    should then be converted to the binary form by the
+	    named-compilezone command again.
+	  

+

+	     Although the raw format uses the
+	     network byte order and avoids architecture-dependent
+	     data alignment so that it is as much portable as
+	     possible, it is primarily expected to be used inside
+	     the same single system.  In order to export a zone
+	     file in the raw format or make a
+	     portable backup of the file, it is recommended to
+	     convert the file to the standard textual representation.
+	  

+

diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index a2a01841b3..cfe09bb39e 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,11 +46,11 @@
 
Table of Contents

 

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -114,7 +114,7 @@ zone "example.com" {
 

 

-chroot and setuid (for
+chroot and setuid (for
           UNIX servers)

 

           On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -138,7 +138,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot() environment
             to
@@ -166,7 +166,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 0d96001dc9..84db68bbc4 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers-they aren't date
           related.  A lot of people set them to a number that represents a
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Software Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 21dc158674..6843c10825 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -43,24 +43,24 @@
 

 
Table of Contents

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

-A Brief History of the DNS and BIND

+A Brief History of the DNS and BIND

             Although the "official" beginning of the Domain Name
             System occurred in 1984 with the publication of RFC 920, the
@@ -469,7 +469,7 @@
           

 

-Bibliography

+Bibliography

 
Standards

 
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

@@ -592,11 +592,11 @@
 

 

-Other Documents About BIND

+Other Documents About BIND

 

-Bibliography

+Bibliography
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 83b0df2567..3f403c0745 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -83,7 +83,7 @@
 
Name Server Operations

 
Tools for Use With the Name Server Daemon

-
Signals

+
Signals

 
4. Advanced DNS Features

@@ -92,33 +92,33 @@
 
Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)

-
Split DNS

+
Split DNS
TSIG

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)
DNSSEC

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 
5. The BIND 9 Lightweight Resolver

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 
6. BIND 9 Configuration Reference

@@ -126,83 +126,84 @@
 
Configuration File Elements

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 
Configuration File Grammar

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

+
Additional File Formats

 
7. BIND 9 Security Considerations

 
Access Control Lists

-
chroot and setuid (for
+
chroot and setuid (for
           UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 
8. Troubleshooting

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 
A. Appendices

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

diff --git a/doc/misc/options b/doc/misc/options
index 2f6a6b3cfd..d9921e22df 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -96,6 +96,7 @@ options {
         allow-update { ; ... };
         allow-update-forwarding { ; ... };
         allow-notify { ; ... };
+        masterfile-format ( text | raw );
         notify ;
         notify-source (  | * ) [ port (  | * ) ];
         notify-source-v6 (  | * ) [ port (  | * ) ];
@@ -189,6 +190,7 @@ view   {
                 allow-update { ; ... };
                 allow-update-forwarding { ; ... };
                 allow-notify { ; ... };
+                masterfile-format ( text | raw );
                 notify ;
                 notify-source (  | * ) [ port (  | *
                     ) ];
@@ -292,6 +294,7 @@ view   {
         allow-update { ; ... };
         allow-update-forwarding { ; ... };
         allow-notify { ; ... };
+        masterfile-format ( text | raw );
         notify ;
         notify-source (  | * ) [ port (  | * ) ];
         notify-source-v6 (  | * ) [ port (  | * ) ];
@@ -362,6 +365,7 @@ zone   {
         allow-update { ; ... };
         allow-update-forwarding { ; ... };
         allow-notify { ; ... };
+        masterfile-format ( text | raw );
         notify ;
         notify-source (  | * ) [ port (  | * ) ];
         notify-source-v6 (  | * ) [ port (  | * ) ];

From 4af482d5b89c41bf0e1a4bb780608560bbb33ffb Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 20 Jun 2005 23:28:34 +0000
Subject: [PATCH 140/148] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index aadb83eb1f..f5ddfa5b9c 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -35,6 +35,7 @@ rt14855				open		// 9.4 ARM review
 rt14895				open	jinmei
 rt14916				open	marka	// lame cache to 
 rt14918				open	marka	// clients-per-query	
+rt14931				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From 8db8946251a42d132438af5860f0f021a08264c0 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 21 Jun 2005 00:27:59 +0000
Subject: [PATCH 141/148] 9.5.0-prerelease

---
 version | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/version b/version
index 4126f91934..271f353cd7 100644
--- a/version
+++ b/version
@@ -1,10 +1,10 @@
-# $Id: version,v 1.29 2003/08/04 00:24:32 marka Exp $
+# $Id: version,v 1.30 2005/06/21 00:27:59 marka Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
 #
 MAJORVER=9
-MINORVER=4
+MINORVER=5
 PATCHVER=0
-RELEASETYPE=a
-RELEASEVER=0
+RELEASETYPE=-prerelease
+RELEASEVER=

From 01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5e Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 21 Jun 2005 23:36:37 +0000
Subject: [PATCH 142/148] newcopyrights

---
 util/copyrights | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index 42938bb91f..9a418d0637 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -9,7 +9,7 @@
 ./bin/.cvsignore				X	1999,2000,2001
 ./bin/Makefile.in				MAKE	1998,1999,2000,2001,2004
 ./bin/check/.cvsignore				X	2000,2001
-./bin/check/Makefile.in				MAKE	2000,2001,2002,2003,2004
+./bin/check/Makefile.in				MAKE	2000,2001,2002,2003,2004,2005
 ./bin/check/check-tool.c			C	2000,2001,2002,2004,2005
 ./bin/check/check-tool.h			C	2000,2001,2002,2004,2005
 ./bin/check/named-checkconf.8			MAN	DOCBOOK
@@ -315,7 +315,7 @@
 ./bin/tests/master/t_master.c			C	1998,1999,2000,2001,2003,2004
 ./bin/tests/master_test.c			C	1999,2000,2001,2004
 ./bin/tests/mem/.cvsignore			X	1999,2000,2001
-./bin/tests/mem/Makefile.in			MAKE	1998,1999,2000,2001,2002,2004
+./bin/tests/mem/Makefile.in			MAKE	1998,1999,2000,2001,2002,2004,2005
 ./bin/tests/mem/t_mem.c				C	1999,2000,2001,2004
 ./bin/tests/mempool_test.c			C	1999,2000,2001,2004
 ./bin/tests/name_test.c				C	1998,1999,2000,2001,2003,2004,2005
@@ -440,7 +440,7 @@
 ./bin/tests/system/common/controls.conf		CONF-C	2000,2001,2004
 ./bin/tests/system/common/rndc.conf		CONF-C	2000,2001,2004
 ./bin/tests/system/common/root.hint		ZONE	2000,2001,2004
-./bin/tests/system/conf.sh.in			SH	2000,2001,2002,2003,2004
+./bin/tests/system/conf.sh.in			SH	2000,2001,2002,2003,2004,2005
 ./bin/tests/system/dialup/ns1/.cvsignore	X	2000,2001
 ./bin/tests/system/dialup/ns1/example.db	ZONE	2000,2001,2004
 ./bin/tests/system/dialup/ns1/named.conf	CONF-C	2000,2001,2004
@@ -583,6 +583,13 @@
 ./bin/tests/system/masterfile/ns1/ttl1.db	ZONE	2001,2004
 ./bin/tests/system/masterfile/ns1/ttl2.db	ZONE	2001,2004
 ./bin/tests/system/masterfile/tests.sh		SH	2001,2004
+./bin/tests/system/masterformat/clean.sh	SH	2005
+./bin/tests/system/masterformat/ns1/compile.sh	SH	2005
+./bin/tests/system/masterformat/ns1/example.db	ZONE	2005
+./bin/tests/system/masterformat/ns1/named.conf	CONF-C	2005
+./bin/tests/system/masterformat/ns2/named.conf	CONF-C	2005
+./bin/tests/system/masterformat/setup.sh	SH	2005
+./bin/tests/system/masterformat/tests.sh	SH	2005
 ./bin/tests/system/notify/clean.sh		SH	2000,2001,2004
 ./bin/tests/system/notify/ns1/.cvsignore	X	2000,2001
 ./bin/tests/system/notify/ns1/named.conf	CONF-C	2000,2001,2004
@@ -2362,7 +2369,7 @@
 ./util/update-drafts.pl				PERL	2000,2001,2004
 ./util/update_branches				PERL	2005
 ./util/update_copyrights			PERL	1998,1999,2000,2001,2004,2005
-./version					X	1999,2000,2001
+./version					X	1999,2000,2001,2005
 ./win32utils/BINDBuild.dsw			X	2001
 ./win32utils/BuildAll.bat			BAT	2001,2002,2004
 ./win32utils/BuildSetup.bat			BAT	2001,2002,2004

From 618e5825c5e7f23d2983bd42e501e8df22ddb51c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 22 Jun 2005 00:10:30 +0000
Subject: [PATCH 143/148] update copyright notice

---
 bin/check/Makefile.in                        |  4 ++--
 bin/tests/mem/Makefile.in                    |  4 ++--
 bin/tests/system/conf.sh.in                  |  4 ++--
 bin/tests/system/masterformat/ns1/example.db | 16 ++++++++++++++++
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in
index d2dd07eeb3..de17df1f45 100644
--- a/bin/check/Makefile.in
+++ b/bin/check/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.26 2005/06/20 01:03:47 marka Exp $
+# $Id: Makefile.in,v 1.27 2005/06/22 00:10:29 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/bin/tests/mem/Makefile.in b/bin/tests/mem/Makefile.in
index e2ba46675c..4b033bd92a 100644
--- a/bin/tests/mem/Makefile.in
+++ b/bin/tests/mem/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.31 2005/06/19 05:49:22 marka Exp $
+# $Id: Makefile.in,v 1.32 2005/06/22 00:10:30 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 2adce547ae..08f5c9a27f 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.29 2005/06/20 01:03:49 marka Exp $
+# $Id: conf.sh.in,v 1.30 2005/06/22 00:10:30 marka Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
diff --git a/bin/tests/system/masterformat/ns1/example.db b/bin/tests/system/masterformat/ns1/example.db
index 57ee13ecd4..dfd6519a57 100644
--- a/bin/tests/system/masterformat/ns1/example.db
+++ b/bin/tests/system/masterformat/ns1/example.db
@@ -1,3 +1,19 @@
+; Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.3 2005/06/22 00:10:30 marka Exp $
+
 $TTL 1D
 
 @			IN SOA	ns hostmaster (

From 910fe6deb578c73fc784a923f7baae52d9399ce1 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 22 Jun 2005 23:28:04 +0000
Subject: [PATCH 144/148] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index f5ddfa5b9c..68bc0d2b4f 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -36,6 +36,7 @@ rt14895				open	jinmei
 rt14916				open	marka	// lame cache to 
 rt14918				open	marka	// clients-per-query	
 rt14931				new	
+rt14933				new	
 rt5206_1			open	marka
 rt6432				open	marka
 rt6496a				open	marka

From 045eca6d9cdd2730ed68d55350b9d78e75a9f746 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 22 Jun 2005 23:29:07 +0000
Subject: [PATCH 145/148] handle libtool prefix

---
 bin/check/named-checkzone.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index aa348cf28a..31c3420fc8 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.36 2005/06/20 01:03:48 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.37 2005/06/22 23:29:07 marka Exp $ */
 
 /*! \file */
 
@@ -109,6 +109,12 @@ main(int argc, char **argv) {
 		prog_name++;
 	else
 		prog_name = argv[0];
+	/*
+	 * Libtool doesn't preserve the program name prior to final
+	 * installation.  Remove the libtool prefix ("lt-").
+	 */
+	if (strncmp(prog_name, "lt-", 3) == 0)
+		prog_name += 3;
 	if (strcmp(prog_name, "named-checkzone") == 0)
 		progmode = progmode_check;
 	else if (strcmp(prog_name, "named-compilezone") == 0)

From bcf369e513a1cc2209e2a987f5772afa79813540 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 23 Jun 2005 04:22:02 +0000
Subject: [PATCH 146/148] 1889.   [func]          The lame cache is now done on
 a                          basis as some servers only
 appear to be lame for                         certain query types.  [RT
 #14916]

---
 CHANGES                   |   4 +
 bin/named/lwdgabn.c       |   4 +-
 lib/dns/adb.c             | 184 ++++++++++++++++++++------------------
 lib/dns/include/dns/adb.h |  23 ++---
 lib/dns/resolver.c        |  41 ++-------
 lib/dns/zone.c            |   4 +-
 6 files changed, 125 insertions(+), 135 deletions(-)

diff --git a/CHANGES b/CHANGES
index a516f81107..9680945764 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+1889.	[func]		The lame cache is now done on a 
+			basis as some servers only appear to be lame for
+			certain query types.  [RT #14916]
+
 1888.	[func]		"USE INTERNAL MALLOC" is now runtime selectable.
 			[RT #14892]
 
diff --git a/bin/named/lwdgabn.c b/bin/named/lwdgabn.c
index bc9b0746a3..d5da2f1db9 100644
--- a/bin/named/lwdgabn.c
+++ b/bin/named/lwdgabn.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.17 2005/04/29 00:22:28 marka Exp $ */
+/* $Id: lwdgabn.c,v 1.18 2005/06/23 04:21:59 marka Exp $ */
 
 /*! \file */
 
@@ -434,7 +434,7 @@ restart_find(ns_lwdclient_t *client) {
 				    client->clientmgr->task,
 				    process_gabn_finddone, client,
 				    dns_fixedname_name(&client->target_name),
-				    dns_rootname, options, 0,
+				    dns_rootname, 0, options, 0,
 				    dns_fixedname_name(&client->target_name),
 				    client->clientmgr->view->dstport,
 				    &client->find);
diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index 103f46b0b7..1362f32f20 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: adb.c,v 1.221 2005/04/27 04:56:44 sra Exp $ */
+/* $Id: adb.c,v 1.222 2005/06/23 04:22:01 marka Exp $ */
 
 /*! \file 
  *
@@ -52,6 +52,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
@@ -61,8 +62,8 @@
 #define DNS_ADBNAME_VALID(x)	  ISC_MAGIC_VALID(x, DNS_ADBNAME_MAGIC)
 #define DNS_ADBNAMEHOOK_MAGIC	  ISC_MAGIC('a', 'd', 'N', 'H')
 #define DNS_ADBNAMEHOOK_VALID(x)  ISC_MAGIC_VALID(x, DNS_ADBNAMEHOOK_MAGIC)
-#define DNS_ADBZONEINFO_MAGIC	  ISC_MAGIC('a', 'd', 'b', 'Z')
-#define DNS_ADBZONEINFO_VALID(x)  ISC_MAGIC_VALID(x, DNS_ADBZONEINFO_MAGIC)
+#define DNS_ADBLAMEINFO_MAGIC	  ISC_MAGIC('a', 'd', 'b', 'Z')
+#define DNS_ADBLAMEINFO_VALID(x)  ISC_MAGIC_VALID(x, DNS_ADBLAMEINFO_MAGIC)
 #define DNS_ADBENTRY_MAGIC	  ISC_MAGIC('a', 'd', 'b', 'E')
 #define DNS_ADBENTRY_VALID(x)	  ISC_MAGIC_VALID(x, DNS_ADBENTRY_MAGIC)
 #define DNS_ADBFETCH_MAGIC	  ISC_MAGIC('a', 'd', 'F', '4')
@@ -107,7 +108,7 @@
 typedef ISC_LIST(dns_adbname_t) dns_adbnamelist_t;
 typedef struct dns_adbnamehook dns_adbnamehook_t;
 typedef ISC_LIST(dns_adbnamehook_t) dns_adbnamehooklist_t;
-typedef struct dns_adbzoneinfo dns_adbzoneinfo_t;
+typedef struct dns_adblameinfo dns_adblameinfo_t;
 typedef ISC_LIST(dns_adbentry_t) dns_adbentrylist_t;
 typedef struct dns_adbfetch dns_adbfetch_t;
 typedef struct dns_adbfetch6 dns_adbfetch6_t;
@@ -135,7 +136,7 @@ struct dns_adb {
 	isc_mutex_t			mplock;
 	isc_mempool_t		       *nmp;	/*%< dns_adbname_t */
 	isc_mempool_t		       *nhmp;	/*%< dns_adbnamehook_t */
-	isc_mempool_t		       *zimp;	/*%< dns_adbzoneinfo_t */
+	isc_mempool_t		       *limp;	/*%< dns_adblameinfo_t */
 	isc_mempool_t		       *emp;	/*%< dns_adbentry_t */
 	isc_mempool_t		       *ahmp;	/*%< dns_adbfind_t */
 	isc_mempool_t		       *aimp;	/*%< dns_adbaddrinfo_t */
@@ -218,17 +219,18 @@ struct dns_adbnamehook {
 };
 
 /*%
- * This is a small widget that holds zone-specific information about an
+ * This is a small widget that holds qname-specific information about an
  * address.  Currently limited to lameness, but could just as easily be
  * extended to other types of information about zones.
  */
-struct dns_adbzoneinfo {
+struct dns_adblameinfo {
 	unsigned int			magic;
 
-	dns_name_t			zone;
+	dns_name_t			qname;
+	dns_rdatatype_t			qtype;
 	isc_stdtime_t			lame_timer;
 
-	ISC_LINK(dns_adbzoneinfo_t)	plink;
+	ISC_LINK(dns_adblameinfo_t)	plink;
 };
 
 /*%
@@ -255,7 +257,7 @@ struct dns_adbentry {
 	 * name.
 	 */
 
-	ISC_LIST(dns_adbzoneinfo_t)	zoneinfo;
+	ISC_LIST(dns_adblameinfo_t)	lameinfo;
 	ISC_LINK(dns_adbentry_t)	plink;
 };
 
@@ -267,8 +269,9 @@ static inline void free_adbname(dns_adb_t *, dns_adbname_t **);
 static inline dns_adbnamehook_t *new_adbnamehook(dns_adb_t *,
 						 dns_adbentry_t *);
 static inline void free_adbnamehook(dns_adb_t *, dns_adbnamehook_t **);
-static inline dns_adbzoneinfo_t *new_adbzoneinfo(dns_adb_t *, dns_name_t *);
-static inline void free_adbzoneinfo(dns_adb_t *, dns_adbzoneinfo_t **);
+static inline dns_adblameinfo_t *new_adblameinfo(dns_adb_t *, dns_name_t *,
+						 dns_rdatatype_t);
+static inline void free_adblameinfo(dns_adb_t *, dns_adblameinfo_t **);
 static inline dns_adbentry_t *new_adbentry(dns_adb_t *);
 static inline void free_adbentry(dns_adb_t *, dns_adbentry_t **);
 static inline dns_adbfind_t *new_adbfind(dns_adb_t *);
@@ -1324,42 +1327,42 @@ free_adbnamehook(dns_adb_t *adb, dns_adbnamehook_t **namehook) {
 	isc_mempool_put(adb->nhmp, nh);
 }
 
-static inline dns_adbzoneinfo_t *
-new_adbzoneinfo(dns_adb_t *adb, dns_name_t *zone) {
-	dns_adbzoneinfo_t *zi;
+static inline dns_adblameinfo_t *
+new_adblameinfo(dns_adb_t *adb, dns_name_t *qname, dns_rdatatype_t qtype) {
+	dns_adblameinfo_t *li;
 
-	zi = isc_mempool_get(adb->zimp);
-	if (zi == NULL)
+	li = isc_mempool_get(adb->limp);
+	if (li == NULL)
 		return (NULL);
 
-	dns_name_init(&zi->zone, NULL);
-	if (dns_name_dup(zone, adb->mctx, &zi->zone) != ISC_R_SUCCESS) {
-		isc_mempool_put(adb->zimp, zi);
+	dns_name_init(&li->qname, NULL);
+	if (dns_name_dup(qname, adb->mctx, &li->qname) != ISC_R_SUCCESS) {
+		isc_mempool_put(adb->limp, li);
 		return (NULL);
 	}
+	li->magic = DNS_ADBLAMEINFO_MAGIC;
+	li->lame_timer = 0;
+	li->qtype = qtype;
+	ISC_LINK_INIT(li, plink);
 
-	zi->magic = DNS_ADBZONEINFO_MAGIC;
-	zi->lame_timer = 0;
-	ISC_LINK_INIT(zi, plink);
-
-	return (zi);
+	return (li);
 }
 
 static inline void
-free_adbzoneinfo(dns_adb_t *adb, dns_adbzoneinfo_t **zoneinfo) {
-	dns_adbzoneinfo_t *zi;
+free_adblameinfo(dns_adb_t *adb, dns_adblameinfo_t **lameinfo) {
+	dns_adblameinfo_t *li;
 
-	INSIST(zoneinfo != NULL && DNS_ADBZONEINFO_VALID(*zoneinfo));
-	zi = *zoneinfo;
-	*zoneinfo = NULL;
+	INSIST(lameinfo != NULL && DNS_ADBLAMEINFO_VALID(*lameinfo));
+	li = *lameinfo;
+	*lameinfo = NULL;
 
-	INSIST(!ISC_LINK_LINKED(zi, plink));
+	INSIST(!ISC_LINK_LINKED(li, plink));
 
-	dns_name_free(&zi->zone, adb->mctx);
+	dns_name_free(&li->qname, adb->mctx);
 
-	zi->magic = 0;
+	li->magic = 0;
 
-	isc_mempool_put(adb->zimp, zi);
+	isc_mempool_put(adb->limp, li);
 }
 
 static inline dns_adbentry_t *
@@ -1378,7 +1381,7 @@ new_adbentry(dns_adb_t *adb) {
 	isc_random_get(&r);
 	e->srtt = (r & 0x1f) + 1;
 	e->expires = 0;
-	ISC_LIST_INIT(e->zoneinfo);
+	ISC_LIST_INIT(e->lameinfo);
 	ISC_LINK_INIT(e, plink);
 
 	return (e);
@@ -1387,7 +1390,7 @@ new_adbentry(dns_adb_t *adb) {
 static inline void
 free_adbentry(dns_adb_t *adb, dns_adbentry_t **entry) {
 	dns_adbentry_t *e;
-	dns_adbzoneinfo_t *zi;
+	dns_adblameinfo_t *li;
 
 	INSIST(entry != NULL && DNS_ADBENTRY_VALID(*entry));
 	e = *entry;
@@ -1399,11 +1402,11 @@ free_adbentry(dns_adb_t *adb, dns_adbentry_t **entry) {
 
 	e->magic = 0;
 
-	zi = ISC_LIST_HEAD(e->zoneinfo);
-	while (zi != NULL) {
-		ISC_LIST_UNLINK(e->zoneinfo, zi, plink);
-		free_adbzoneinfo(adb, &zi);
-		zi = ISC_LIST_HEAD(e->zoneinfo);
+	li = ISC_LIST_HEAD(e->lameinfo);
+	while (li != NULL) {
+		ISC_LIST_UNLINK(e->lameinfo, li, plink);
+		free_adblameinfo(adb, &li);
+		li = ISC_LIST_HEAD(e->lameinfo);
 	}
 
 	isc_mempool_put(adb->emp, e);
@@ -1650,45 +1653,47 @@ find_entry_and_lock(dns_adb_t *adb, isc_sockaddr_t *addr, int *bucketp) {
  * Entry bucket MUST be locked!
  */
 static isc_boolean_t
-entry_is_bad_for_zone(dns_adb_t *adb, dns_adbentry_t *entry, dns_name_t *zone,
-		      isc_stdtime_t now)
+entry_is_lame(dns_adb_t *adb, dns_adbentry_t *entry, dns_name_t *qname,
+	      dns_rdatatype_t qtype, isc_stdtime_t now)
 {
-	dns_adbzoneinfo_t *zi, *next_zi;
+	dns_adblameinfo_t *li, *next_li;
 	isc_boolean_t is_bad;
 
 	is_bad = ISC_FALSE;
 
-	zi = ISC_LIST_HEAD(entry->zoneinfo);
-	if (zi == NULL)
+	li = ISC_LIST_HEAD(entry->lameinfo);
+	if (li == NULL)
 		return (ISC_FALSE);
-	while (zi != NULL) {
-		next_zi = ISC_LIST_NEXT(zi, plink);
+	while (li != NULL) {
+		next_li = ISC_LIST_NEXT(li, plink);
 
 		/*
 		 * Has the entry expired?
 		 */
-		if (zi->lame_timer < now) {
-			ISC_LIST_UNLINK(entry->zoneinfo, zi, plink);
-			free_adbzoneinfo(adb, &zi);
+		if (li->lame_timer < now) {
+			ISC_LIST_UNLINK(entry->lameinfo, li, plink);
+			free_adblameinfo(adb, &li);
 		}
 
 		/*
 		 * Order tests from least to most expensive.
 		 */
-		if (zi != NULL && !is_bad) {
-			if (dns_name_equal(zone, &zi->zone))
+		if (li != NULL && !is_bad) {
+			if (li->qtype == qtype &&
+			    dns_name_equal(qname, &li->qname))
 				is_bad = ISC_TRUE;
 		}
 
-		zi = next_zi;
+		li = next_li;
 	}
 
 	return (is_bad);
 }
 
 static void
-copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *zone,
-		    dns_adbname_t *name, isc_stdtime_t now)
+copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *qname,
+		    dns_rdatatype_t qtype, dns_adbname_t *name,
+		    isc_stdtime_t now)
 {
 	dns_adbnamehook_t *namehook;
 	dns_adbaddrinfo_t *addrinfo;
@@ -1705,7 +1710,7 @@ copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *zone,
 			LOCK(&adb->entrylocks[bucket]);
 
 			if (!FIND_RETURNLAME(find)
-			    && entry_is_bad_for_zone(adb, entry, zone, now)) {
+			    && entry_is_lame(adb, entry, qname, qtype, now)) {
 				find->options |= DNS_ADBFIND_LAMEPRUNED;
 				goto nextv4;
 			}
@@ -1734,7 +1739,7 @@ copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *zone,
 			bucket = entry->lock_bucket;
 			LOCK(&adb->entrylocks[bucket]);
 
-			if (entry_is_bad_for_zone(adb, entry, zone, now))
+			if (entry_is_lame(adb, entry, qname, qtype, now))
 				goto nextv6;
 			addrinfo = new_adbaddrinfo(adb, entry, find->port);
 			if (addrinfo == NULL) {
@@ -1974,7 +1979,7 @@ destroy(dns_adb_t *adb) {
 
 	isc_mempool_destroy(&adb->nmp);
 	isc_mempool_destroy(&adb->nhmp);
-	isc_mempool_destroy(&adb->zimp);
+	isc_mempool_destroy(&adb->limp);
 	isc_mempool_destroy(&adb->emp);
 	isc_mempool_destroy(&adb->ahmp);
 	isc_mempool_destroy(&adb->aimp);
@@ -2022,7 +2027,7 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr,
 	adb->irefcnt = 0;
 	adb->nmp = NULL;
 	adb->nhmp = NULL;
-	adb->zimp = NULL;
+	adb->limp = NULL;
 	adb->emp = NULL;
 	adb->ahmp = NULL;
 	adb->aimp = NULL;
@@ -2094,7 +2099,7 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr,
 
 	MPINIT(dns_adbname_t, adb->nmp, "adbname");
 	MPINIT(dns_adbnamehook_t, adb->nhmp, "adbnamehook");
-	MPINIT(dns_adbzoneinfo_t, adb->zimp, "adbzoneinfo");
+	MPINIT(dns_adblameinfo_t, adb->limp, "adblameinfo");
 	MPINIT(dns_adbentry_t, adb->emp, "adbentry");
 	MPINIT(dns_adbfind_t, adb->ahmp, "adbfind");
 	MPINIT(dns_adbaddrinfo_t, adb->aimp, "adbaddrinfo");
@@ -2147,8 +2152,8 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr,
 		isc_mempool_destroy(&adb->nmp);
 	if (adb->nhmp != NULL)
 		isc_mempool_destroy(&adb->nhmp);
-	if (adb->zimp != NULL)
-		isc_mempool_destroy(&adb->zimp);
+	if (adb->limp != NULL)
+		isc_mempool_destroy(&adb->limp);
 	if (adb->emp != NULL)
 		isc_mempool_destroy(&adb->emp);
 	if (adb->ahmp != NULL)
@@ -2268,8 +2273,9 @@ dns_adb_shutdown(dns_adb_t *adb) {
 
 isc_result_t
 dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
-		   void *arg, dns_name_t *name, dns_name_t *zone,
-		   unsigned int options, isc_stdtime_t now, dns_name_t *target,
+		   void *arg, dns_name_t *name, dns_name_t *qname,
+		   dns_rdatatype_t qtype, unsigned int options,
+		   isc_stdtime_t now, dns_name_t *target,
 		   in_port_t port, dns_adbfind_t **findp)
 {
 	dns_adbfind_t *find;
@@ -2286,7 +2292,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
 		REQUIRE(action != NULL);
 	}
 	REQUIRE(name != NULL);
-	REQUIRE(zone != NULL);
+	REQUIRE(qname != NULL);
 	REQUIRE(findp != NULL && *findp == NULL);
 	REQUIRE(target == NULL || dns_name_hasbuffer(target));
 
@@ -2514,7 +2520,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
 	 * Run through the name and copy out the bits we are
 	 * interested in.
 	 */
-	copy_namehook_lists(adb, find, zone, adbname, now);
+	copy_namehook_lists(adb, find, qname, qtype, adbname, now);
 
  post_copy:
 	if (NAME_FETCH_V4(adbname))
@@ -2830,8 +2836,9 @@ dump_entry(FILE *f, dns_adbentry_t *entry, isc_boolean_t debug,
 	   isc_stdtime_t now)
 {
 	char addrbuf[ISC_NETADDR_FORMATSIZE];
+	char typebuf[DNS_RDATATYPE_FORMATSIZE];
 	isc_netaddr_t netaddr;
-	dns_adbzoneinfo_t *zi;
+	dns_adblameinfo_t *li;
 
 	isc_netaddr_fromsockaddr(&netaddr, &entry->sockaddr);
 	isc_netaddr_format(&netaddr, addrbuf, sizeof(addrbuf));
@@ -2844,12 +2851,14 @@ dump_entry(FILE *f, dns_adbentry_t *entry, isc_boolean_t debug,
 	if (entry->expires != 0)
 		fprintf(f, " [ttl %d]", entry->expires - now);
 	fprintf(f, "\n");
-	for (zi = ISC_LIST_HEAD(entry->zoneinfo);
-	     zi != NULL;
-	     zi = ISC_LIST_NEXT(zi, plink)) {
+	for (li = ISC_LIST_HEAD(entry->lameinfo);
+	     li != NULL;
+	     li = ISC_LIST_NEXT(li, plink)) {
 		fprintf(f, ";\t\t");
-		print_dns_name(f, &zi->zone);
-		fprintf(f, " [lame TTL %d]\n", zi->lame_timer - now);
+		print_dns_name(f, &li->qname);
+		dns_rdatatype_format(li->qtype, typebuf, sizeof(typebuf));
+		fprintf(f, " %s [lame TTL %d]\n", typebuf,
+			li->lame_timer - now);
 	}
 }
 
@@ -3336,36 +3345,37 @@ fetch_name(dns_adbname_t *adbname,
  * since these can be extracted from the find itself.
  */
 isc_result_t
-dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *zone,
-		 isc_stdtime_t expire_time)
+dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *qname,
+		 dns_rdatatype_t qtype, isc_stdtime_t expire_time)
 {
-	dns_adbzoneinfo_t *zi;
+	dns_adblameinfo_t *li;
 	int bucket;
 	isc_result_t result = ISC_R_SUCCESS;
 
 	REQUIRE(DNS_ADB_VALID(adb));
 	REQUIRE(DNS_ADBADDRINFO_VALID(addr));
-	REQUIRE(zone != NULL);
+	REQUIRE(qname != NULL);
 
 	bucket = addr->entry->lock_bucket;
 	LOCK(&adb->entrylocks[bucket]);
-	zi = ISC_LIST_HEAD(addr->entry->zoneinfo);
-	while (zi != NULL && !dns_name_equal(zone, &zi->zone))
-		zi = ISC_LIST_NEXT(zi, plink);
-	if (zi != NULL) {
-		if (expire_time > zi->lame_timer)
-			zi->lame_timer = expire_time;
+	li = ISC_LIST_HEAD(addr->entry->lameinfo);
+	while (li != NULL && li->qtype != qtype &&
+	       !dns_name_equal(qname, &li->qname))
+		li = ISC_LIST_NEXT(li, plink);
+	if (li != NULL) {
+		if (expire_time > li->lame_timer)
+			li->lame_timer = expire_time;
 		goto unlock;
 	}
-	zi = new_adbzoneinfo(adb, zone);
-	if (zi == NULL) {
+	li = new_adblameinfo(adb, qname, qtype);
+	if (li == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto unlock;
 	}
 
-	zi->lame_timer = expire_time;
+	li->lame_timer = expire_time;
 
-	ISC_LIST_PREPEND(addr->entry->zoneinfo, zi, plink);
+	ISC_LIST_PREPEND(addr->entry->lameinfo, li, plink);
  unlock:
 	UNLOCK(&adb->entrylocks[bucket]);
 
diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h
index 17e250034d..635b1ac8ab 100644
--- a/lib/dns/include/dns/adb.h
+++ b/lib/dns/include/dns/adb.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: adb.h,v 1.78 2005/04/29 00:22:54 marka Exp $ */
+/* $Id: adb.h,v 1.79 2005/06/23 04:22:02 marka Exp $ */
 
 #ifndef DNS_ADB_H
 #define DNS_ADB_H 1
@@ -50,9 +50,9 @@
  * Records are stored internally until a timer expires. The timer is the
  * smaller of the TTL or signature validity period.
  *
- * Lameness is stored per-zone, and this data hangs off each address field.
- * When an address is marked lame for a given zone the address will not
- * be returned to a caller.
+ * Lameness is stored per  tuple, and this data hangs off each
+ * address field.  When an address is marked lame for a given tuple the address
+ * will not be returned to a caller.
  *
  *
  * MP:
@@ -330,8 +330,9 @@ dns_adb_shutdown(dns_adb_t *adb);
 
 isc_result_t
 dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
-		   void *arg, dns_name_t *name, dns_name_t *zone,
-		   unsigned int options, isc_stdtime_t now, dns_name_t *target,
+		   void *arg, dns_name_t *name, dns_name_t *qname,
+		   dns_rdatatype_t qtype, unsigned int options,
+		   isc_stdtime_t now, dns_name_t *target,
 		   in_port_t port, dns_adbfind_t **find);
 /*%<
  * Main interface for clients. The adb will look up the name given in
@@ -385,7 +386,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
  *
  *\li	*name is a valid dns_name_t.
  *
- *\li	zone != NULL and *zone be a valid dns_name_t.
+ *\li	qname != NULL and *qname be a valid dns_name_t.
  *
  *\li	target == NULL or target is a valid name with a buffer.
  *
@@ -487,10 +488,10 @@ dns_adb_dumpfind(dns_adbfind_t *find, FILE *f);
  */
 
 isc_result_t
-dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *zone,
-		 isc_stdtime_t expire_time);
+dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *qname,
+		 dns_rdatatype_t type, isc_stdtime_t expire_time);
 /*%<
- * Mark the given address as lame for the zone "zone".  expire_time should
+ * Mark the given address as lame for the .  expire_time should
  * be set to the time when the entry should expire.  That is, if it is to
  * expire 10 minutes in the future, it should set it to (now + 10 * 60).
  *
@@ -500,7 +501,7 @@ dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *zone,
  *
  *\li	addr be valid.
  *
- *\li	zone be the zone used in the dns_adb_createfind() call.
+ *\li	qname be the qname used in the dns_adb_createfind() call.
  *
  * Returns:
  *
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 5027cc9615..7fa3fe0adc 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.311 2005/06/17 01:58:22 marka Exp $ */
+/* $Id: resolver.c,v 1.312 2005/06/23 04:22:01 marka Exp $ */
 
 /*! \file */
 
@@ -1757,7 +1757,7 @@ sort_finds(fetchctx_t *fctx) {
 static void
 findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
 	 unsigned int options, unsigned int flags, isc_stdtime_t now,
-	 isc_boolean_t *pruned, isc_boolean_t *need_alternate)
+	 isc_boolean_t *need_alternate)
 {
 	dns_adbaddrinfo_t *ai;
 	dns_adbfind_t *find;
@@ -1786,7 +1786,8 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
 	result = dns_adb_createfind(fctx->adb,
 				    res->buckets[fctx->bucketnum].task,
 				    fctx_finddone, fctx, name,
-				    &fctx->domain, options, now, NULL,
+				    &fctx->name, fctx->type,
+				    options, now, NULL,
 				    res->view->dstport, &find);
 	if (result != ISC_R_SUCCESS) {
 		if (result == DNS_R_ALIAS) {
@@ -1849,18 +1850,6 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
 			     (res->dispatchv6 == NULL &&
 			      find->result_v4 == DNS_R_NXRRSET)))
 				*need_alternate = ISC_TRUE;
-			/*
-			 * And ADB isn't going to send us any events
-			 * either.  This find loses.
-			 */
-			if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0) {
-				/*
-				 * The ADB pruned lame servers for
-				 * this name.  Remember that in case
-				 * we get desperate later on.
-				 */
-				*pruned = ISC_TRUE;
-			}
 			dns_adb_destroyfind(&find);
 		}
 	}
@@ -1875,7 +1864,7 @@ fctx_getaddresses(fetchctx_t *fctx) {
 	unsigned int stdoptions;
 	isc_sockaddr_t *sa;
 	dns_adbaddrinfo_t *ai;
-	isc_boolean_t pruned, all_bad;
+	isc_boolean_t all_bad;
 	dns_rdata_ns_t ns;
 	isc_boolean_t need_alternate = ISC_FALSE;
 	isc_boolean_t unshared;
@@ -1892,7 +1881,6 @@ fctx_getaddresses(fetchctx_t *fctx) {
 	}
 
 	res = fctx->res;
-	pruned = ISC_FALSE;
 	stdoptions = 0;		/* Keep compiler happy. */
 	unshared = ISC_TF((fctx->options | DNS_FETCHOPT_UNSHARED) != 0);
 
@@ -1985,7 +1973,6 @@ fctx_getaddresses(fetchctx_t *fctx) {
 		stdoptions |= DNS_ADBFIND_INET6;
 	isc_stdtime_get(&now);
 
- restart:
 	INSIST(ISC_LIST_EMPTY(fctx->finds));
 	INSIST(ISC_LIST_EMPTY(fctx->altfinds));
 
@@ -2002,7 +1989,7 @@ fctx_getaddresses(fetchctx_t *fctx) {
 			continue;
 
 		findname(fctx, &ns.name, 0, stdoptions, 0, now,
-			 &pruned, &need_alternate);
+			 &need_alternate);
 		dns_rdata_reset(&rdata);
 		dns_rdata_freestruct(&ns);
 	}
@@ -2022,7 +2009,7 @@ fctx_getaddresses(fetchctx_t *fctx) {
 			if (!a->isaddress) {
 				findname(fctx, &a->_u._n.name, a->_u._n.port,
 					 stdoptions, FCTX_ADDRINFO_FORWARDER,
-					 now, &pruned, NULL);
+					 now, NULL);
 				continue;
 			}
 			if (isc_sockaddr_pf(&a->_u.addr) != family)
@@ -2065,18 +2052,6 @@ fctx_getaddresses(fetchctx_t *fctx) {
 			 * yet.   Tell the caller to wait for an answer.
 			 */
 			result = DNS_R_WAIT;
-		} else if (pruned) {
-			/*
-			 * Some addresses were removed by lame pruning.
-			 * Turn pruning off and try again.
-			 */
-			FCTXTRACE("restarting with returnlame");
-			INSIST((stdoptions & DNS_ADBFIND_RETURNLAME) == 0);
-			stdoptions |= DNS_ADBFIND_RETURNLAME;
-			pruned = ISC_FALSE;
-			fctx_cleanupaltfinds(fctx);
-			fctx_cleanupfinds(fctx);
-			goto restart;
 		} else {
 			/*
 			 * We've lost completely.  We don't know any
@@ -5344,7 +5319,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 	    is_lame(fctx)) {
 		log_lame(fctx, query->addrinfo);
 		result = dns_adb_marklame(fctx->adb, query->addrinfo,
-					  &fctx->domain,
+					  &fctx->domain, fctx->type,
 					  now + fctx->res->lame_ttl);
 		if (result != ISC_R_SUCCESS)
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 10fd2d5292..81c405281c 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.440 2005/06/20 01:03:53 marka Exp $ */
+/* $Id: zone.c,v 1.441 2005/06/23 04:22:02 marka Exp $ */
 
 /*! \file */
 
@@ -3386,7 +3386,7 @@ notify_find_address(dns_notify_t *notify) {
 	result = dns_adb_createfind(notify->zone->view->adb,
 				    notify->zone->task,
 				    process_adb_event, notify,
-				    ¬ify->ns, dns_rootname,
+				    ¬ify->ns, dns_rootname, 0,
 				    options, 0, NULL,
 				    notify->zone->view->dstport,
 				    ¬ify->find);

From 8087418873219326179e43d16066320a911fb31f Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 23 Jun 2005 06:12:56 +0000
Subject: [PATCH 147/148] handle isc_mem_create() failure gracefully

---
 lib/dns/resolver.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 7fa3fe0adc..94d4f5ccbc 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.312 2005/06/23 04:22:01 marka Exp $ */
+/* $Id: resolver.c,v 1.313 2005/06/23 06:12:56 marka Exp $ */
 
 /*! \file */
 
@@ -5767,7 +5767,11 @@ dns_resolver_create(dns_view_t *view,
 		}
 		res->buckets[i].mctx = NULL;
 		result = isc_mem_create(0, 0, &res->buckets[i].mctx);
-		INSIST(result == ISC_R_SUCCESS); /* XXXJT: need care */
+		if (result != ISC_R_SUCCESS) {
+			isc_task_detach(&res->buckets[i].task);
+			DESTROYLOCK(&res->buckets[i].lock);
+			goto cleanup_buckets;
+		}
 		snprintf(name, sizeof(name), "res%u", i);
 		isc_task_setname(res->buckets[i].task, name, res);
 		ISC_LIST_INIT(res->buckets[i].fctxs);
@@ -5844,6 +5848,7 @@ dns_resolver_create(dns_view_t *view,
 
  cleanup_buckets:
 	for (i = 0; i < buckets_created; i++) {
+		isc_mem_detach(&res->buckets[i].mctx);
 		DESTROYLOCK(&res->buckets[i].lock);
 		isc_task_shutdown(res->buckets[i].task);
 		isc_task_detach(&res->buckets[i].task);

From 2bef3713093349af52ba61eaab07adf3207da873 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 23 Jun 2005 06:52:23 +0000
Subject: [PATCH 148/148] 1890.   [func]          Add a system test for
 named-checkconf. [RT #14931]

---
 CHANGES                              |  2 +
 bin/check/named-checkconf.c          |  8 +---
 bin/tests/system/checkconf/bad.conf  | 52 ++++++++++++++++++++++++++
 bin/tests/system/checkconf/good.conf | 56 ++++++++++++++++++++++++++++
 bin/tests/system/checkconf/tests.sh  | 37 ++++++++++++++++++
 bin/tests/system/conf.sh.in          |  9 +++--
 util/copyrights                      |  3 ++
 7 files changed, 156 insertions(+), 11 deletions(-)
 create mode 100644 bin/tests/system/checkconf/bad.conf
 create mode 100644 bin/tests/system/checkconf/good.conf
 create mode 100644 bin/tests/system/checkconf/tests.sh

diff --git a/CHANGES b/CHANGES
index 9680945764..57c1d5592e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1890.	[func]		Add a system test for named-checkconf. [RT #14931]
+
 1889.	[func]		The lame cache is now done on a 
 			basis as some servers only appear to be lame for
 			certain query types.  [RT #14916]
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index 7f137a3f92..54789e4272 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.34 2005/06/20 01:03:48 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.35 2005/06/23 06:52:22 marka Exp $ */
 
 /*! \file */
 
@@ -400,10 +400,6 @@ main(int argc, char **argv) {
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
 		      == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS); 
-	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
-		      == ISC_R_SUCCESS);
-
 	dns_result_register();
 
 	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
@@ -430,8 +426,6 @@ main(int argc, char **argv) {
 
 	cfg_parser_destroy(&parser);
 
-	isc_hash_destroy();
-
 	isc_log_destroy(&logc);
 
 	isc_hash_destroy();
diff --git a/bin/tests/system/checkconf/bad.conf b/bin/tests/system/checkconf/bad.conf
new file mode 100644
index 0000000000..c3592e84a7
--- /dev/null
+++ b/bin/tests/system/checkconf/bad.conf
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: bad.conf,v 1.2 2005/06/23 06:52:23 marka Exp $ */
+
+options {
+	avoid-v4-udp-ports { 100; }
+	avoid-v6-udp-ports { 100; };
+	blackhole { 10.0.0.0/8; };
+	coresize 1G;
+	datasize 100M;
+	deallocate-on-exit yes;
+	directory ".";
+	dump-file "named_dumpdb";
+	fake-iquery yes;
+	files 1000;
+	has-old-clients no;
+	heartbeat-interval 30;
+	host-statistics yes;
+	host-statistics-max 100;
+	hostname none;
+	interface-interval 30;
+	listen-on port 90 { any; };
+	listen-on port 100 { 127.0.0.1; };
+	listen-on-v6 port 53 { none; };
+	match-mapped-addresses yes;
+	memstatistics-file "named.memstats";
+	multiple-cnames no;
+	named-xfer "this is no longer needed";
+	pid-file none;
+	port 5300;
+	querylog yes;
+	recursing-file "named.recursing";
+	random-device "/dev/random";
+	recursive-clients 3000;
+	serial-queries 10;
+	serial-query-rate 100;
+	server-id none;
+};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
new file mode 100644
index 0000000000..aeb30bc4db
--- /dev/null
+++ b/bin/tests/system/checkconf/good.conf
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: good.conf,v 1.2 2005/06/23 06:52:23 marka Exp $ */
+
+/*
+ * This is just a random selection of configuration options.
+ */
+
+options {
+	avoid-v4-udp-ports { 100; };
+	avoid-v6-udp-ports { 100; };
+	blackhole { 10.0.0.0/8; };
+	coresize 1G;
+	datasize 100M;
+	deallocate-on-exit yes;
+	directory ".";
+	dump-file "named_dumpdb";
+	fake-iquery yes;
+	files 1000;
+	has-old-clients no;
+	heartbeat-interval 30;
+	host-statistics yes;
+	host-statistics-max 100;
+	hostname none;
+	interface-interval 30;
+	listen-on port 90 { any; };
+	listen-on port 100 { 127.0.0.1; };
+	listen-on-v6 port 53 { none; };
+	match-mapped-addresses yes;
+	memstatistics-file "named.memstats";
+	multiple-cnames no;
+	named-xfer "this is no longer needed";
+	pid-file none;
+	port 5300;
+	querylog yes;
+	recursing-file "named.recursing";
+	random-device "/dev/random";
+	recursive-clients 3000;
+	serial-queries 10;
+	serial-query-rate 100;
+	server-id none;
+};
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
new file mode 100644
index 0000000000..b5ebe0891c
--- /dev/null
+++ b/bin/tests/system/checkconf/tests.sh
@@ -0,0 +1,37 @@
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.1 2005/06/23 06:52:23 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I: checking that named-checkconf handles a known good config"
+
+ret=0
+$CHECKCONF good.conf > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: checking that named-checkconf handles a known bad config"
+
+ret=1
+$CHECKCONF bad.conf > /dev/null 2>&1 || ret=0
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 08f5c9a27f..45b1737699 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.30 2005/06/22 00:10:30 marka Exp $
+# $Id: conf.sh.in,v 1.31 2005/06/23 06:52:22 marka Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -38,13 +38,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
 KEYGEN=$TOP/bin/dnssec/dnssec-keygen
 SIGNER=$TOP/bin/dnssec/dnssec-signzone
 CHECKZONE=$TOP/bin/check/named-checkzone
+CHECKCONF=$TOP/bin/check/named-checkconf
 
 # The "stress" test is not run by default since it creates enough
 # load on the machine to make it unusable to other users.
 # v6synth
-SUBDIRS="cacheclean checknames dnssec forward glue ixfr limits lwresd \
-    masterfile masterformat notify nsupdate resolver sortlist stub tkey \
-    unknown upforwd views xfer xferquota zonechecks"
+SUBDIRS="cacheclean checkconf checknames dnssec forward glue ixfr limits \ 
+    lwresd masterfile masterformat notify nsupdate resolver sortlist stub \     
+    tkey unknown upforwd views xfer xferquota zonechecks"
 
 # PERL will be an empty string if no perl interpreter was found.
 PERL=@PERL@
diff --git a/util/copyrights b/util/copyrights
index 9a418d0637..652a879037 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -421,6 +421,9 @@
 ./bin/tests/system/cacheclean/ns2/.cvsignore	X	2001
 ./bin/tests/system/cacheclean/ns2/named.conf	CONF-C	2001,2004
 ./bin/tests/system/cacheclean/tests.sh		SH	2001,2004
+./bin/tests/system/checkconf/bad.conf		CONF-C	2005
+./bin/tests/system/checkconf/good.conf		CONF-C	2005
+./bin/tests/system/checkconf/tests.sh		SH	2005
 ./bin/tests/system/checknames/clean.sh		SH	2004
 ./bin/tests/system/checknames/ns1/fail.example.db.in	ZONE	2004
 ./bin/tests/system/checknames/ns1/fail.update.db.in	ZONE	2004