From owner-svn-src-all@FreeBSD.ORG Mon Feb 24 13:59:01 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B0E89A04; Mon, 24 Feb 2014 13:59:01 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 988FC1904; Mon, 24 Feb 2014 13:59:01 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1ODx1k2041330; Mon, 24 Feb 2014 13:59:01 GMT (envelope-from erwin@svn.freebsd.org) Received: (from erwin@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1ODwxuS041304; Mon, 24 Feb 2014 13:58:59 GMT (envelope-from erwin@svn.freebsd.org) Message-Id: <201402241358.s1ODwxuS041304@svn.freebsd.org> From: Erwin Lansing Date: Mon, 24 Feb 2014 13:58:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r262445 - in vendor/bind9/dist: . bin/check bin/confgen bin/dig bin/dig/include/dig bin/dnssec bin/named bin/named/include/named bin/named/unix bin/nsupdate bin/rndc doc/arm doc/misc li... X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 13:59:01 -0000 Author: erwin Date: Mon Feb 24 13:58:58 2014 New Revision: 262445 URL: http://svnweb.freebsd.org/changeset/base/262445 Log: Vendor import of BIND 9.9.5 Approved by: delphij (mentor, implicit) Sponsored by: DK Hostmaster A/S Added: vendor/bind9/dist/bin/dnssec/dnssec-importkey.8 vendor/bind9/dist/bin/dnssec/dnssec-importkey.c vendor/bind9/dist/bin/dnssec/dnssec-importkey.docbook vendor/bind9/dist/bin/dnssec/dnssec-importkey.html vendor/bind9/dist/doc/arm/man.dnssec-checkds.html vendor/bind9/dist/doc/arm/man.dnssec-coverage.html vendor/bind9/dist/lib/dns/include/dns/rrl.h vendor/bind9/dist/lib/dns/rrl.c vendor/bind9/dist/lib/isc/include/isc/safe.h vendor/bind9/dist/lib/isc/include/isc/tm.h vendor/bind9/dist/lib/isc/safe.c vendor/bind9/dist/lib/isc/tm.c Modified: vendor/bind9/dist/CHANGES vendor/bind9/dist/COPYRIGHT vendor/bind9/dist/Makefile.in vendor/bind9/dist/README vendor/bind9/dist/bin/check/named-checkconf.8 vendor/bind9/dist/bin/check/named-checkconf.c vendor/bind9/dist/bin/check/named-checkconf.docbook vendor/bind9/dist/bin/check/named-checkconf.html vendor/bind9/dist/bin/confgen/ddns-confgen.c vendor/bind9/dist/bin/confgen/rndc-confgen.c vendor/bind9/dist/bin/dig/dig.1 vendor/bind9/dist/bin/dig/dig.c vendor/bind9/dist/bin/dig/dig.docbook vendor/bind9/dist/bin/dig/dig.html vendor/bind9/dist/bin/dig/dighost.c vendor/bind9/dist/bin/dig/host.c vendor/bind9/dist/bin/dig/include/dig/dig.h vendor/bind9/dist/bin/dig/nslookup.1 vendor/bind9/dist/bin/dig/nslookup.c vendor/bind9/dist/bin/dig/nslookup.docbook vendor/bind9/dist/bin/dig/nslookup.html vendor/bind9/dist/bin/dnssec/Makefile.in vendor/bind9/dist/bin/dnssec/dnssec-keygen.c vendor/bind9/dist/bin/dnssec/dnssec-settime.c vendor/bind9/dist/bin/dnssec/dnssec-signzone.8 vendor/bind9/dist/bin/dnssec/dnssec-signzone.c vendor/bind9/dist/bin/dnssec/dnssec-signzone.docbook vendor/bind9/dist/bin/dnssec/dnssec-signzone.html vendor/bind9/dist/bin/dnssec/dnssectool.c vendor/bind9/dist/bin/named/Makefile.in vendor/bind9/dist/bin/named/bind9.ver3.xsl vendor/bind9/dist/bin/named/bind9.ver3.xsl.h vendor/bind9/dist/bin/named/builtin.c vendor/bind9/dist/bin/named/client.c vendor/bind9/dist/bin/named/config.c vendor/bind9/dist/bin/named/control.c vendor/bind9/dist/bin/named/controlconf.c vendor/bind9/dist/bin/named/include/named/globals.h vendor/bind9/dist/bin/named/include/named/main.h vendor/bind9/dist/bin/named/include/named/query.h vendor/bind9/dist/bin/named/include/named/server.h vendor/bind9/dist/bin/named/interfacemgr.c vendor/bind9/dist/bin/named/logconf.c vendor/bind9/dist/bin/named/lwaddr.c vendor/bind9/dist/bin/named/lwdgnba.c vendor/bind9/dist/bin/named/lwdgrbn.c vendor/bind9/dist/bin/named/main.c vendor/bind9/dist/bin/named/named.conf.5 vendor/bind9/dist/bin/named/named.conf.docbook vendor/bind9/dist/bin/named/named.conf.html vendor/bind9/dist/bin/named/query.c vendor/bind9/dist/bin/named/server.c vendor/bind9/dist/bin/named/statschannel.c vendor/bind9/dist/bin/named/unix/os.c vendor/bind9/dist/bin/named/update.c vendor/bind9/dist/bin/named/zoneconf.c vendor/bind9/dist/bin/nsupdate/Makefile.in vendor/bind9/dist/bin/nsupdate/nsupdate.c vendor/bind9/dist/bin/rndc/rndc.8 vendor/bind9/dist/bin/rndc/rndc.c vendor/bind9/dist/bin/rndc/rndc.docbook vendor/bind9/dist/bin/rndc/rndc.html vendor/bind9/dist/config.guess vendor/bind9/dist/config.h.in vendor/bind9/dist/config.sub vendor/bind9/dist/configure.in vendor/bind9/dist/doc/arm/Bv9ARM-book.xml vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html vendor/bind9/dist/doc/arm/Bv9ARM.html vendor/bind9/dist/doc/arm/Bv9ARM.pdf vendor/bind9/dist/doc/arm/man.arpaname.html vendor/bind9/dist/doc/arm/man.ddns-confgen.html vendor/bind9/dist/doc/arm/man.dig.html vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html vendor/bind9/dist/doc/arm/man.dnssec-keygen.html vendor/bind9/dist/doc/arm/man.dnssec-revoke.html vendor/bind9/dist/doc/arm/man.dnssec-settime.html vendor/bind9/dist/doc/arm/man.dnssec-signzone.html vendor/bind9/dist/doc/arm/man.dnssec-verify.html vendor/bind9/dist/doc/arm/man.genrandom.html vendor/bind9/dist/doc/arm/man.host.html vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html vendor/bind9/dist/doc/arm/man.named-checkconf.html vendor/bind9/dist/doc/arm/man.named-checkzone.html vendor/bind9/dist/doc/arm/man.named-journalprint.html vendor/bind9/dist/doc/arm/man.named.html vendor/bind9/dist/doc/arm/man.nsec3hash.html vendor/bind9/dist/doc/arm/man.nsupdate.html vendor/bind9/dist/doc/arm/man.rndc-confgen.html vendor/bind9/dist/doc/arm/man.rndc.conf.html vendor/bind9/dist/doc/arm/man.rndc.html vendor/bind9/dist/doc/arm/pkcs11.xml vendor/bind9/dist/doc/misc/options vendor/bind9/dist/lib/bind9/api vendor/bind9/dist/lib/bind9/check.c vendor/bind9/dist/lib/dns/Makefile.in vendor/bind9/dist/lib/dns/acache.c vendor/bind9/dist/lib/dns/acl.c vendor/bind9/dist/lib/dns/adb.c vendor/bind9/dist/lib/dns/api vendor/bind9/dist/lib/dns/client.c vendor/bind9/dist/lib/dns/diff.c vendor/bind9/dist/lib/dns/dispatch.c vendor/bind9/dist/lib/dns/dns64.c vendor/bind9/dist/lib/dns/dnssec.c vendor/bind9/dist/lib/dns/dst_api.c vendor/bind9/dist/lib/dns/dst_internal.h vendor/bind9/dist/lib/dns/dst_parse.c vendor/bind9/dist/lib/dns/dst_result.c vendor/bind9/dist/lib/dns/gen.c vendor/bind9/dist/lib/dns/gssapi_link.c vendor/bind9/dist/lib/dns/gssapictx.c vendor/bind9/dist/lib/dns/hmac_link.c vendor/bind9/dist/lib/dns/include/dns/Makefile.in vendor/bind9/dist/lib/dns/include/dns/client.h vendor/bind9/dist/lib/dns/include/dns/dnssec.h vendor/bind9/dist/lib/dns/include/dns/log.h vendor/bind9/dist/lib/dns/include/dns/master.h vendor/bind9/dist/lib/dns/include/dns/masterdump.h vendor/bind9/dist/lib/dns/include/dns/message.h vendor/bind9/dist/lib/dns/include/dns/nsec3.h vendor/bind9/dist/lib/dns/include/dns/rdata.h vendor/bind9/dist/lib/dns/include/dns/view.h vendor/bind9/dist/lib/dns/include/dns/zone.h vendor/bind9/dist/lib/dns/include/dst/dst.h vendor/bind9/dist/lib/dns/include/dst/gssapi.h vendor/bind9/dist/lib/dns/journal.c vendor/bind9/dist/lib/dns/keydata.c vendor/bind9/dist/lib/dns/log.c vendor/bind9/dist/lib/dns/master.c vendor/bind9/dist/lib/dns/masterdump.c vendor/bind9/dist/lib/dns/message.c vendor/bind9/dist/lib/dns/name.c vendor/bind9/dist/lib/dns/nsec.c vendor/bind9/dist/lib/dns/nsec3.c vendor/bind9/dist/lib/dns/openssldh_link.c vendor/bind9/dist/lib/dns/openssldsa_link.c vendor/bind9/dist/lib/dns/opensslecdsa_link.c vendor/bind9/dist/lib/dns/opensslgost_link.c vendor/bind9/dist/lib/dns/opensslrsa_link.c vendor/bind9/dist/lib/dns/portlist.c vendor/bind9/dist/lib/dns/rbt.c vendor/bind9/dist/lib/dns/rbtdb.c vendor/bind9/dist/lib/dns/rcode.c vendor/bind9/dist/lib/dns/rdata.c vendor/bind9/dist/lib/dns/rdata/ch_3/a_1.c vendor/bind9/dist/lib/dns/rdata/generic/afsdb_18.c vendor/bind9/dist/lib/dns/rdata/generic/dnskey_48.c vendor/bind9/dist/lib/dns/rdata/generic/eui48_108.c vendor/bind9/dist/lib/dns/rdata/generic/eui64_109.c vendor/bind9/dist/lib/dns/rdata/generic/hip_55.c vendor/bind9/dist/lib/dns/rdata/generic/ipseckey_45.c vendor/bind9/dist/lib/dns/rdata/generic/isdn_20.c vendor/bind9/dist/lib/dns/rdata/generic/key_25.c vendor/bind9/dist/lib/dns/rdata/generic/keydata_65533.c vendor/bind9/dist/lib/dns/rdata/generic/l32_105.c vendor/bind9/dist/lib/dns/rdata/generic/l64_106.c vendor/bind9/dist/lib/dns/rdata/generic/nid_104.c vendor/bind9/dist/lib/dns/rdata/generic/opt_41.c vendor/bind9/dist/lib/dns/rdata/generic/rrsig_46.c vendor/bind9/dist/lib/dns/rdata/generic/rt_21.c vendor/bind9/dist/lib/dns/rdata/generic/soa_6.c vendor/bind9/dist/lib/dns/rdata/generic/spf_99.c vendor/bind9/dist/lib/dns/rdata/generic/txt_16.c vendor/bind9/dist/lib/dns/rdata/hs_4/a_1.c vendor/bind9/dist/lib/dns/rdata/in_1/a6_38.c vendor/bind9/dist/lib/dns/rdata/in_1/a_1.c vendor/bind9/dist/lib/dns/rdata/in_1/aaaa_28.c vendor/bind9/dist/lib/dns/rdata/in_1/apl_42.c vendor/bind9/dist/lib/dns/rdata/in_1/wks_11.c vendor/bind9/dist/lib/dns/rdataslab.c vendor/bind9/dist/lib/dns/resolver.c vendor/bind9/dist/lib/dns/rootns.c vendor/bind9/dist/lib/dns/rpz.c vendor/bind9/dist/lib/dns/spnego.c vendor/bind9/dist/lib/dns/spnego_asn1.c vendor/bind9/dist/lib/dns/ssu.c vendor/bind9/dist/lib/dns/ssu_external.c vendor/bind9/dist/lib/dns/time.c vendor/bind9/dist/lib/dns/tkey.c vendor/bind9/dist/lib/dns/tsig.c vendor/bind9/dist/lib/dns/ttl.c vendor/bind9/dist/lib/dns/update.c vendor/bind9/dist/lib/dns/validator.c vendor/bind9/dist/lib/dns/view.c vendor/bind9/dist/lib/dns/xfrin.c vendor/bind9/dist/lib/dns/zone.c vendor/bind9/dist/lib/export/isc/Makefile.in vendor/bind9/dist/lib/export/samples/nsprobe.c vendor/bind9/dist/lib/export/samples/sample-request.c vendor/bind9/dist/lib/export/samples/sample-update.c vendor/bind9/dist/lib/export/samples/sample.c vendor/bind9/dist/lib/irs/Makefile.in vendor/bind9/dist/lib/irs/api vendor/bind9/dist/lib/irs/getaddrinfo.c vendor/bind9/dist/lib/irs/include/irs/Makefile.in vendor/bind9/dist/lib/irs/include/irs/resconf.h vendor/bind9/dist/lib/irs/resconf.c vendor/bind9/dist/lib/isc/Makefile.in vendor/bind9/dist/lib/isc/api vendor/bind9/dist/lib/isc/app_api.c vendor/bind9/dist/lib/isc/backtrace.c vendor/bind9/dist/lib/isc/base32.c vendor/bind9/dist/lib/isc/base64.c vendor/bind9/dist/lib/isc/buffer.c vendor/bind9/dist/lib/isc/commandline.c vendor/bind9/dist/lib/isc/hash.c vendor/bind9/dist/lib/isc/heap.c vendor/bind9/dist/lib/isc/hex.c vendor/bind9/dist/lib/isc/hmacmd5.c vendor/bind9/dist/lib/isc/hmacsha.c vendor/bind9/dist/lib/isc/httpd.c vendor/bind9/dist/lib/isc/include/isc/Makefile.in vendor/bind9/dist/lib/isc/include/isc/app.h vendor/bind9/dist/lib/isc/include/isc/buffer.h vendor/bind9/dist/lib/isc/include/isc/file.h vendor/bind9/dist/lib/isc/include/isc/hash.h vendor/bind9/dist/lib/isc/include/isc/httpd.h vendor/bind9/dist/lib/isc/include/isc/namespace.h vendor/bind9/dist/lib/isc/include/isc/platform.h.in vendor/bind9/dist/lib/isc/include/isc/radix.h vendor/bind9/dist/lib/isc/include/isc/socket.h vendor/bind9/dist/lib/isc/include/isc/stdio.h vendor/bind9/dist/lib/isc/include/isc/string.h vendor/bind9/dist/lib/isc/include/isc/types.h vendor/bind9/dist/lib/isc/inet_aton.c vendor/bind9/dist/lib/isc/inet_pton.c vendor/bind9/dist/lib/isc/lex.c vendor/bind9/dist/lib/isc/log.c vendor/bind9/dist/lib/isc/md5.c vendor/bind9/dist/lib/isc/mem.c vendor/bind9/dist/lib/isc/netaddr.c vendor/bind9/dist/lib/isc/nothreads/include/isc/thread.h vendor/bind9/dist/lib/isc/pthreads/include/isc/thread.h vendor/bind9/dist/lib/isc/pthreads/thread.c vendor/bind9/dist/lib/isc/radix.c vendor/bind9/dist/lib/isc/random.c vendor/bind9/dist/lib/isc/sha1.c vendor/bind9/dist/lib/isc/sha2.c vendor/bind9/dist/lib/isc/sockaddr.c vendor/bind9/dist/lib/isc/stats.c vendor/bind9/dist/lib/isc/string.c vendor/bind9/dist/lib/isc/strtoul.c vendor/bind9/dist/lib/isc/unix/app.c vendor/bind9/dist/lib/isc/unix/file.c vendor/bind9/dist/lib/isc/unix/ifiter_getifaddrs.c vendor/bind9/dist/lib/isc/unix/ifiter_ioctl.c vendor/bind9/dist/lib/isc/unix/ifiter_sysctl.c vendor/bind9/dist/lib/isc/unix/include/isc/Makefile.in vendor/bind9/dist/lib/isc/unix/include/isc/time.h vendor/bind9/dist/lib/isc/unix/interfaceiter.c vendor/bind9/dist/lib/isc/unix/socket.c vendor/bind9/dist/lib/isc/unix/stdio.c vendor/bind9/dist/lib/isc/unix/time.c vendor/bind9/dist/lib/isccc/api vendor/bind9/dist/lib/isccc/base64.c vendor/bind9/dist/lib/isccc/cc.c vendor/bind9/dist/lib/isccc/include/isccc/util.h vendor/bind9/dist/lib/isccc/sexpr.c vendor/bind9/dist/lib/isccfg/api vendor/bind9/dist/lib/isccfg/include/isccfg/cfg.h vendor/bind9/dist/lib/isccfg/include/isccfg/grammar.h vendor/bind9/dist/lib/isccfg/namedconf.c vendor/bind9/dist/lib/isccfg/parser.c vendor/bind9/dist/lib/lwres/api vendor/bind9/dist/lib/lwres/context.c vendor/bind9/dist/lib/lwres/getaddrinfo.c vendor/bind9/dist/lib/lwres/gethost.c vendor/bind9/dist/lib/lwres/getipnode.c vendor/bind9/dist/lib/lwres/getrrset.c vendor/bind9/dist/lib/lwres/herror.c vendor/bind9/dist/lib/lwres/lwbuffer.c vendor/bind9/dist/lib/lwres/lwconfig.c vendor/bind9/dist/lib/lwres/lwinetaton.c vendor/bind9/dist/lib/lwres/lwinetpton.c vendor/bind9/dist/lib/lwres/lwres_gabn.c vendor/bind9/dist/lib/lwres/lwres_gnba.c vendor/bind9/dist/lib/lwres/lwres_grbn.c vendor/bind9/dist/lib/lwres/lwres_noop.c vendor/bind9/dist/lib/lwres/lwresutil.c vendor/bind9/dist/lib/lwres/strtoul.c vendor/bind9/dist/make/mkdep.in vendor/bind9/dist/version Modified: vendor/bind9/dist/CHANGES ============================================================================== --- vendor/bind9/dist/CHANGES Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/CHANGES Mon Feb 24 13:58:58 2014 (r262445) @@ -1,13 +1,395 @@ - --- 9.9.3-P2 released --- + --- 9.9.5 released --- + + --- 9.9.5rc2 released --- + +3710. [bug] Address double dns_zone_detach when switching to + using automatic empty zones from regular zones. + [RT #35177] + +3709. [port] Use built-in versions of strptime() and timegm() + on all platforms to avoid portability issues. + [RT #35183] + +3708. [bug] Address a portentry locking issue in dispatch.c. + [RT #35128] + +3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND + on a missing resolv.conf file and initializes the + structure as if it had been configured with: + + nameserver ::1 + nameserver 127.0.0.1 + + Note: Callers will need to be updated to treat + ISC_R_FILENOTFOUND as a qualified success or else + they will leak memory. The following code fragment + will work with both old and new versions without + changing the behaviour of the existing code. + + resconf = NULL; + result = irs_resconf_load(mctx, "/etc/resolv.conf", + &resconf); + if (result != ISC_SUCCESS) { + if (resconf != NULL) + irs_resconf_destroy(&resconf); + .... + } + + [RT #35194] + +3706. [contrib] queryperf: Fixed a possible integer overflow when + printing results. [RT #35182] + +3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185] + + --- 9.9.5rc1 released --- + +3701. [func] named-checkconf can now obscure shared secrets + when printing by specifying '-x'. [RT #34465] + +3699. [bug] Improvements to statistics channel XSL stylesheet: + the stylesheet can now be cached by the browser; + section headers are omitted from the stats display + when there is no data in those sections to be + displayed; counters are now right-justified for + easier readability. (Only available with + configure --enable-newstats.) [RT #35117] + +3698. [cleanup] Replaced all uses of memcpy() with memmove(). + [RT #35120] + +3697. [bug] Handle "." as a search list element when IDN support + is enabled. [RT #35133] + +3696. [bug] dig failed to handle AXFR style IXFR responses which + span multiple messages. [RT #35137] + +3695. [bug] Address a possible race in dispatch.c. [RT #35107] + +3694. [bug] Warn when a key-directory is configured for a zone, + but does not exist or is not a directory. [RT #35108] + +3693. [security] memcpy was incorrectly called with overlapping + ranges resulting in malformed names being generated + on some platforms. This could cause INSIST failures + when serving NSEC3 signed zones (CVE-2014-0591). + [RT #35120] + +3692. [bug] Two calls to dns_db_getoriginnode were fatal if there + was no data at the node. [RT #35080] + +3690. [bug] Iterative responses could be missed when the source + port for an upstream query was the same as the + listener port (53). [RT #34925] + +3689. [bug] Fixed a bug causing an insecure delegation from one + static-stub zone to another to fail with a broken + trust chain. [RT #35081] + + --- 9.9.5b1 released --- + +3688. [bug] loadnode could return a freed node on out of memory. + [RT #35106] + +3687. [bug] Address null pointer dereference in zone_xfrdone. + [RT #35042] + +3686. [func] "dnssec-signzone -Q" drops signatures from keys + that are still published but no longer active. + [RT #34990] + +3685. [bug] "rndc refresh" didn't work correctly with slave + zones using inline-signing. [RT #35105] + +3683. [cleanup] Add a more detailed "not found" message to rndc + commands which specify a zone name. [RT #35059] + +3682. [bug] Correct the behavior of rndc retransfer to allow + inline-signing slave zones to retain NSEC3 parameters + instead of reverting to NSEC. [RT #34745] + +3681. [port] Update the Windows build system to support feature + selection and WIN64 builds. This is a work in + progress. [RT #34160] + +3679. [bug] dig could fail to clean up TCP sockets still + waiting on connect(). [RT #35074] + +3678. [port] Update config.guess and config.sub. [RT #35060] + +3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple + times. [RT #35073] + +3676. [bug] "named-checkconf -z" now checks zones of type + hint and redirect as well as master. [RT #35046] + +3675. [misc] Provide a place for third parties to add version + information for their extensions in the version + file by setting the EXTENSIONS variable. + +3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026] + +3672. [func] Local address can now be specified when using + dns_client API. [RT #34811] + +3671. [bug] Don't allow dnssec-importkey overwrite a existing + non-imported private key. + +3670. [bug] Address read after free in server side of + lwres_getrrsetbyname. [RT #29075] + +3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001] + +3668. [bug] Fix cast in lex.c which could see 0xff treated as eof. + [RT #34993] + +3667. [test] dig: add support to keep the TCP socket open between + successive queries (+[no]keepopen). [RT #34918] + +3665. [bug] Failure to release lock on error in receive_secure_db. + [RT #34944] + +3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list + locking and other bugs. [RT #34855] + +3663. [bug] Address bugs in dns_rdata_fromstruct and + dns_rdata_tostruct for WKS and ISDN types. [RT #34910] + +3662. [bug] 'host' could die if a UDP query timed out. [RT #34870] + +3661. [bug] Address lock order reversal deadlock with inline zones. + [RT #34856] + +3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config". + [RT #23825] + +3659. [port] solaris: don't add explict dependancies/rules for + python programs as make won't use the implicit rules. + [RT #34835] + +3658. [port] linux: Address platform specific compilation issue + when libcap-devel is installed. [RT #34838] + +3657. [port] Some readline clones don't accept NULL pointers when + calling add_history. [RT #34842] + +3656. [security] Treat an all zero netmask as invalid when generating + the localnets acl. (The prior behavior could + allow unexpected matches when using some versions + of Winsock: CVE-2013-6320.) [RT #34687] + +3655. [cleanup] Simplify TCP message processing when requesting a + zone transfer. [RT #34825] + +3654. [bug] Address race condition with manual notify requests. + [RT #34806] + +3653. [func] Create delegations for all "children" of empty zones + except "forward first". [RT #34826] + +3651. [tuning] Adjust when a master server is deemed unreachable. + [RT #27075] + +3650. [tuning] Use separate rate limiting queues for refresh and + notify requests. [RT #30589] + +3649. [cleanup] Include a comment in .nzf files, giving the name of + the associated view. [RT #34765] + +3648. [test] Updated the ATF test framework to version 0.17. + [RT #25627] + +3647. [bug] Address a race condition when shutting down a zone. + [RT #34750] + +3646. [bug] Journal filename string could be set incorrectly, + causing garbage in log messages. [RT #34738] + +3645. [protocol] Use case sensitive compression when responding to + queries. [RT #34737] + +3644. [protocol] Check that EDNS subnet client options are well formed. + [RT #34718] + +3642. [func] Allow externally generated DNSKEY to be imported + into the DNSKEY management framework. A new tool + dnssec-importkey is used to do this. [RT #34698] + +3641. [bug] Handle changes to sig-validity-interval settings + better. [RT #34625] + +3640. [bug] ndots was not being checked when searching. Only + continue searching on NXDOMAIN responses. Add the + ability to specify ndots to nslookup. [RT #34711] + +3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used + in a key zone. [RT #34238] + + --- 9.9.4 released --- + +3643. [doc] Clarify RRL "slip" documentation. + +3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is + encountered. [RT #34668] + + --- 9.9.4rc2 released --- + +3637. [bug] 'allow-query-on' was checking the source address + rather than the destination address. [RT #34590] + +3636. [bug] Automatic empty zones now behave better with + forward only "zones" beneath them. [RT #34583] + +3635. [bug] Signatures were not being removed from a zone with + only KSK keys for a algorithm. [RT #34439] + +3634. [func] Report build-id in rndc status. Report build-id + when building from a git repository. [RT #20422] + +3633. [cleanup] Refactor OPT processing in named to make it easier + to support new EDNS options. [RT #34414] + +3632. [bug] Signature from newly inactive keys were not being + removed. [RT #32178] + +3631. [bug] Remove spurious warning about missing signatures when + qtype is SIG. [RT #34600] + +3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033] + +3627. [bug] RPZ changes were not effective on slaves. [RT #34450] + +3625. [bug] Don't send notify messages to machines outside of the + test setup. + +3623. [bug] zone-statistics was only effective in new statistics. + [RT #34466] + + --- 9.9.4rc1 released --- 3621. [security] Incorrect bounds checking on private type 'keydata' can lead to a remotely triggerable REQUIRE failure (CVE-2013-4854). [RT #34238] - --- 9.9.3-P1 released --- +3617. [bug] Named was failing to answer queries during + "rndc reload" [RT #34098] + +3616. [bug] Change #3613 was incomplete. [RT #34177] + +3615. [cleanup] "configure" now finishes by printing a summary + of optional BIND features and whether they are + active or inactive. ("configure --enable-full-report" + increases the verbosity of the summary.) [RT #31777] + +3614. [port] Check for . [RT #34162] + +3613. [bug] named could crash when deleting inline-signing + zones with "rndc delzone". [RT #34066] + +3611. [bug] Improved resistance to a theoretical authentication + attack based on differential timing. [RT #33939] + +3610. [cleanup] win32: Some executables had been omitted from the + installer. [RT #34116] + +3608. [port] win32: added todos.pl script to ensure all text files + the win32 build depends on are converted to DOS + newline format. [RT #22067] + +3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error + message. [RT #34045] + + --- 9.9.4b1 released --- + +3605. [port] win32: Addressed several compatibility issues + with newer versions of Visual Studio. [RT #33916] + +3603. [bug] Install . [RT #33956] + +3601. [bug] Added to PKCS#11 openssl patches a value len + attribute in DH derive key. [RT #33928] + +3600. [cleanup] dig: Fixed a typo in the warning output when receiving + an oversized response. [RT #33910] + +3599. [tuning] Check for pointer equivalence in name comparisons. + [RT #18125] + +3596. [port] Updated win32 build documentation, added + dnssec-verify. [RT #22067] + +3594. [maint] Update config.guess and config.sub. [RT #33816] + +3592. [doc] Moved documentation of rndc command options to the + rndc man page. [RT #33506] + +3590. [bug] When using RRL on recursive servers, defer + rate-limiting until after recursion is complete; + also, use correct rcode for slipped NXDOMAIN + responses. [RT #33604] + +3588. [bug] dig: addressed a memory leak in the sigchase code + that could cause a shutdown crash. [RT #33733] + +3587. [func] 'named -g' now checks the logging configuration but + does not use it. [RT #33473] + +3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706] 3584. [security] Caching data from an incompletely signed zone could - trigger an assertion failure in resolver.c [RT #33690] + trigger an assertion failure in resolver.c + (CVE-2013-3919). [RT #33690] + +3583. [bug] Address memory leak in GSS-API processing [RT #33574] + +3582. [bug] Silence false positive warning regarding missing file + directive for inline slave zones. [RT #33662] + +3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029] + +3580. [bug] Addressed a possible race in acache.c [RT #33602] + +3579. [maint] Updates to PKCS#11 openssl patches, supporting + versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463] + +3578. [bug] 'rndc -c file' now fails if 'file' does not exist. + [RT #33571] + +3577. [bug] Handle zero TTL values better. [RT #33411] + +3576. [bug] Address a shutdown race when validating. [RT #33573] + +3575. [func] Changed the logging category for RRL events from + 'queries' to 'query-errors'. [RT #33540] + +3574. [doc] The 'hostname' keyword was missing from server-id + description in the named.conf man page. [RT #33476] + +3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled + zone names containing punctuation marks and other + nonstandard characters. [RT #33419] + +3571. [bug] Address race condition in dns_client_startresolve(). + [RT #33234] + +3566. [func] Log when forwarding updates to master. [RT #33240] + +3554. [bug] RRL failed to correctly rate-limit upward + referrals and failed to count dropped error + responses in the statistics. [RT #33225] + +3545. [bug] RRL slip behavior was incorrect when set to 1. + [RT #33111] + +3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit + so that all dns_rrl_rtype_t enum values fit regardless + of whether it is teated as signed or unsigned by + the compiler. [RT #32792] + +3494. [func] DNS RRL: Blunt the impact of DNS reflection and + amplification attacks by rate-limiting substantially- + identical responses. To enable, use "configure + --enable-rrl". [RT #28130] --- 9.9.3 released --- Modified: vendor/bind9/dist/COPYRIGHT ============================================================================== --- vendor/bind9/dist/COPYRIGHT Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/COPYRIGHT Mon Feb 24 13:58:58 2014 (r262445) @@ -1,4 +1,4 @@ -Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any @@ -13,8 +13,6 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.19 2012/01/03 23:46:59 tbox Exp $ - Portions of this code release fall under one or more of the following Copyright notices. Please see individual source files for details. @@ -99,11 +97,7 @@ are met: 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by the University of - California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors +3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -516,3 +510,29 @@ STRICT LIABILITY, OR TORT (INCLUDING NEG ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +----------------------------------------------------------------------------- + +Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + Modified: vendor/bind9/dist/Makefile.in ============================================================================== --- vendor/bind9/dist/Makefile.in Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/Makefile.in Mon Feb 24 13:58:58 2014 (r262445) @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -54,7 +54,11 @@ installdirs: install:: isc-config.sh installdirs ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir} + rm -f ${DESTDIR}${bindir}/bind9-config + @LN@ ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1 + rm -f ${DESTDIR}${mandir}/man1/bind9-config.1 + @LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1 ${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir} tags: @@ -86,5 +90,8 @@ FAQ: FAQ.xml LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp mv $@.tmp $@ +unit:: + sh ${top_srcdir}/unit/unittest.sh + clean:: rm -f FAQ.tmp Modified: vendor/bind9/dist/README ============================================================================== --- vendor/bind9/dist/README Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/README Mon Feb 24 13:58:58 2014 (r262445) @@ -48,8 +48,34 @@ BIND 9 For a detailed list of user-visible changes from previous releases, see the CHANGES file. - For up-to-date release notes and errata, see - http://www.isc.org/software/bind9/releasenotes + For up-to-date release notes and errata, see + http://www.isc.org/software/bind9/releasenotes + +BIND 9.9.5 + + BIND 9.9.5 is a maintenance release, and patches the security + flaws described in CVE-2013-6320 and CVE-2014-0591. It also + includes the following functional enhancements: + + - "named" now preserves the capitalization of names when + responding to queries. + - new "dnssec-importkey" command allows the use of offline + DNSSEC keys with automatic DNSKEY management. + - When re-signing a zone, the new "dnssec-signzone -Q" option + drops signatures from keys that are still published but are + no longer active. + - "named-checkconf -px" will print the contents of configuration + files with the shared secrets obscured, making it easier to + share configuration (e.g. when submitting a bug report) + without revealing private information. + +BIND 9.9.4 + + BIND 9.9.4 is a maintenance release, and patches the security + flaws described in CVE-2013-3919 and CVE-2013-4854. It also + introduces DNS Response Rate Limiting (DNS RRL) as a + compile-time option. To use this feature, configure with + the "--enable-rrl" option. BIND 9.9.3 @@ -70,45 +96,45 @@ BIND 9.9.0 BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier releases. New features include: - - Inline signing, allowing automatic DNSSEC signing of - master zones without modification of the zonefile, or - "bump in the wire" signing in slaves. - - NXDOMAIN redirection. - - New 'rndc flushtree' command clears all data under a given - name from the DNS cache. - - New 'rndc sync' command dumps pending changes in a dynamic - zone to disk without a freeze/thaw cycle. - - New 'rndc signing' command displays or clears signing status - records in 'auto-dnssec' zones. - - NSEC3 parameters for 'auto-dnssec' zones can now be set prior - to signing, eliminating the need to initially sign with NSEC. - - Startup time improvements on large authoritative servers. - - Slave zones are now saved in raw format by default. - - Several improvements to response policy zones (RPZ). - - Improved hardware scalability by using multiple threads - to listen for queries and using finer-grained client locking - - The 'also-notify' option now takes the same syntax as - 'masters', so it can used named masterlists and TSIG keys. - - 'dnssec-signzone -D' writes an output file containing only DNSSEC - data, which can be included by the primary zone file. - - 'dnssec-signzone -R' forces removal of signatures that are - not expired but were created by a key which no longer exists. - - 'dnssec-signzone -X' allows a separate expiration date to - be specified for DNSKEY signatures from other signatures. - - New '-L' option to dnssec-keygen, dnssec-settime, and - dnssec-keyfromlabel sets the default TTL for the key. - - dnssec-dsfromkey now supports reading from standard input, - to make it easier to convert DNSKEY to DS. - - RFC 1918 reverse zones have been added to the empty-zones - table per RFC 6303. - - Dynamic updates can now optionally set the zone's SOA serial - number to the current UNIX time. - - DLZ modules can now retrieve the source IP address of - the querying client. - - 'request-ixfr' option can now be set at the per-zone level. - - 'dig +rrcomments' turns on comments about DNSKEY records, - indicating their key ID, algorithm and function - - Simplified nsupdate syntax and added readline support + - Inline signing, allowing automatic DNSSEC signing of + master zones without modification of the zonefile, or + "bump in the wire" signing in slaves. + - NXDOMAIN redirection. + - New 'rndc flushtree' command clears all data under a given + name from the DNS cache. + - New 'rndc sync' command dumps pending changes in a dynamic + zone to disk without a freeze/thaw cycle. + - New 'rndc signing' command displays or clears signing status + records in 'auto-dnssec' zones. + - NSEC3 parameters for 'auto-dnssec' zones can now be set prior + to signing, eliminating the need to initially sign with NSEC. + - Startup time improvements on large authoritative servers. + - Slave zones are now saved in raw format by default. + - Several improvements to response policy zones (RPZ). + - Improved hardware scalability by using multiple threads + to listen for queries and using finer-grained client locking + - The 'also-notify' option now takes the same syntax as + 'masters', so it can used named masterlists and TSIG keys. + - 'dnssec-signzone -D' writes an output file containing only DNSSEC + data, which can be included by the primary zone file. + - 'dnssec-signzone -R' forces removal of signatures that are + not expired but were created by a key which no longer exists. + - 'dnssec-signzone -X' allows a separate expiration date to + be specified for DNSKEY signatures from other signatures. + - New '-L' option to dnssec-keygen, dnssec-settime, and + dnssec-keyfromlabel sets the default TTL for the key. + - dnssec-dsfromkey now supports reading from standard input, + to make it easier to convert DNSKEY to DS. + - RFC 1918 reverse zones have been added to the empty-zones + table per RFC 6303. + - Dynamic updates can now optionally set the zone's SOA serial + number to the current UNIX time. + - DLZ modules can now retrieve the source IP address of + the querying client. + - 'request-ixfr' option can now be set at the per-zone level. + - 'dig +rrcomments' turns on comments about DNSKEY records, + indicating their key ID, algorithm and function + - Simplified nsupdate syntax and added readline support Building @@ -128,9 +154,9 @@ Building Ubuntu 7.04, 7.10 Windows XP/2003/2008 - NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of - Windows, including Windows NT and Windows 2000, are no longer - supported. + NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of + Windows, including Windows NT and Windows 2000, are no longer + supported. We have recent reports from the user community that a supported version of BIND will build and run on the following systems: @@ -231,10 +257,10 @@ Building on the configure command line. The default is operating system dependent. - Support for the "fixed" rrset-order option can be enabled - or disabled by specifying "--enable-fixed-rrset" or - "--disable-fixed-rrset" on the configure command line. - The default is "disabled", to reduce memory footprint. + Support for the "fixed" rrset-order option can be enabled + or disabled by specifying "--enable-fixed-rrset" or + "--disable-fixed-rrset" on the configure command line. + The default is "disabled", to reduce memory footprint. If your operating system has integrated support for IPv6, it will be used automatically. If you have installed KAME IPv6 @@ -305,8 +331,8 @@ Documentation Frequently asked questions and their answers can be found in FAQ. - Additional information on various subjects can be found - in the other README files. + Additional information on various subjects can be found + in the other README files. Change Log @@ -337,10 +363,10 @@ Change Log [protocol] Updates to the DNS protocol such as new RR types - [test] Changes to the automatic tests, not - affecting server functionality + [test] Changes to the automatic tests, not + affecting server functionality - [cleanup] Minor corrections and refactoring + [cleanup] Minor corrections and refactoring [doc] Documentation Modified: vendor/bind9/dist/bin/check/named-checkconf.8 ============================================================================== --- vendor/bind9/dist/bin/check/named-checkconf.8 Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/bin/check/named-checkconf.8 Mon Feb 24 13:58:58 2014 (r262445) @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -33,7 +33,7 @@ named\-checkconf \- named configuration file syntax checking tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR] +\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR] .SH "DESCRIPTION" .PP \fBnamed\-checkconf\fR @@ -84,6 +84,14 @@ Print out the and included files in canonical form if no errors were detected. .RE .PP +\-x +.RS 4 +When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks ('?'). This allows the contents of +\fInamed.conf\fR +and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data. This option cannot be used without +\fB\-p\fR. +.RE +.PP \-z .RS 4 Perform a test load of all master zones found in @@ -113,7 +121,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br Modified: vendor/bind9/dist/bin/check/named-checkconf.c ============================================================================== --- vendor/bind9/dist/bin/check/named-checkconf.c Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/bin/check/named-checkconf.c Mon Feb 24 13:58:58 2014 (r262445) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -39,10 +39,13 @@ #include +#include #include #include #include +#include #include +#include #include #include "check-tool.h" @@ -151,6 +154,30 @@ config_get(const cfg_obj_t **maps, const } } +static isc_result_t +configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) { + isc_result_t result; + dns_db_t *db = NULL; + dns_rdataclass_t rdclass; + isc_textregion_t r; + + if (zfile == NULL) + return (ISC_R_FAILURE); + + DE_CONST(zclass, r.base); + r.length = strlen(zclass); + result = dns_rdataclass_fromtext(&rdclass, &r); + if (result != ISC_R_SUCCESS) + return (result); + + result = dns_rootns_create(mctx, rdclass, zfile, &db); + if (result != ISC_R_SUCCESS) + return (result); + + dns_db_detach(&db); + return (ISC_R_SUCCESS); +} + /*% configure the zone */ static isc_result_t configure_zone(const char *vclass, const char *view, @@ -161,7 +188,7 @@ configure_zone(const char *vclass, const isc_result_t result; const char *zclass; const char *zname; - const char *zfile; + const char *zfile = NULL; const cfg_obj_t *maps[4]; const cfg_obj_t *zoptions = NULL; const cfg_obj_t *classobj = NULL; @@ -195,15 +222,28 @@ configure_zone(const char *vclass, const cfg_map_get(zoptions, "type", &typeobj); if (typeobj == NULL) return (ISC_R_FAILURE); - if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) + + cfg_map_get(zoptions, "file", &fileobj); + if (fileobj != NULL) + zfile = cfg_obj_asstring(fileobj); + + /* + * Check hints files for hint zones. + * Skip loading checks for any type other than + * master and redirect + */ + if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0) + return (configure_hint(zfile, zclass, mctx)); + else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) && + (strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0)) return (ISC_R_SUCCESS); + + if (zfile == NULL) + return (ISC_R_FAILURE); + cfg_map_get(zoptions, "database", &dbobj); if (dbobj != NULL) return (ISC_R_SUCCESS); - cfg_map_get(zoptions, "file", &fileobj); - if (fileobj == NULL) - return (ISC_R_FAILURE); - zfile = cfg_obj_asstring(fileobj); obj = NULL; if (get_maps(maps, "check-dup-records", &obj)) { @@ -341,7 +381,7 @@ configure_zone(const char *vclass, const if (result != ISC_R_SUCCESS) fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass, dns_result_totext(result)); - return(result); + return (result); } /*% configure a view */ @@ -442,10 +482,11 @@ main(int argc, char **argv) { isc_entropy_t *ectx = NULL; isc_boolean_t load_zones = ISC_FALSE; isc_boolean_t print = ISC_FALSE; + unsigned int flags = 0; isc_commandline_errprint = ISC_FALSE; - while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) { + while ((c = isc_commandline_parse(argc, argv, "dhjt:pvxz")) != EOF) { switch (c) { case 'd': debug++; @@ -472,6 +513,10 @@ main(int argc, char **argv) { printf(VERSION "\n"); exit(0); + case 'x': + flags |= CFG_PRINTER_XKEY; + break; + case 'z': load_zones = ISC_TRUE; docheckmx = ISC_FALSE; @@ -494,6 +539,11 @@ main(int argc, char **argv) { } } + if (((flags & CFG_PRINTER_XKEY) != 0) && !print) { + fprintf(stderr, "%s: -x cannot be used without -p\n", program); + exit(1); + } + if (isc_commandline_index + 1 < argc) usage(); if (argv[isc_commandline_index] != NULL) @@ -534,7 +584,7 @@ main(int argc, char **argv) { } if (print && exit_status == 0) - cfg_print(config, output, NULL); + cfg_printx(config, flags, output, NULL); cfg_obj_destroy(parser, &config); cfg_parser_destroy(&parser); Modified: vendor/bind9/dist/bin/check/named-checkconf.docbook ============================================================================== --- vendor/bind9/dist/bin/check/named-checkconf.docbook Mon Feb 24 13:58:01 2014 (r262444) +++ vendor/bind9/dist/bin/check/named-checkconf.docbook Mon Feb 24 13:58:58 2014 (r262445) @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>