From owner-svn-src-stable@FreeBSD.ORG  Thu Nov  4 21:48:40 2010
Return-Path: <owner-svn-src-stable@FreeBSD.ORG>
Delivered-To: svn-src-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 23B8C1065673;
	Thu,  4 Nov 2010 21:48:40 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 0D5D58FC08;
	Thu,  4 Nov 2010 21:48:40 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oA4LmdrN074154;
	Thu, 4 Nov 2010 21:48:39 GMT (envelope-from dougb@svn.freebsd.org)
Received: (from dougb@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id oA4Lmdjt074118;
	Thu, 4 Nov 2010 21:48:39 GMT (envelope-from dougb@svn.freebsd.org)
Message-Id: <201011042148.oA4Lmdjt074118@svn.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Thu, 4 Nov 2010 21:48:39 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r214811 - in stable/8/contrib/bind9: . bin/dnssec
	bin/named bin/named/include/named bin/nsupdate doc/arm
	lib/dns lib/dns/include/dns lib/isc lib/isc/include/isc
	lib/lwres/man
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
	<svn-src-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>, 
	<mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
	<mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2010 21:48:40 -0000

Author: dougb
Date: Thu Nov  4 21:48:39 2010
New Revision: 214811
URL: http://svn.freebsd.org/changeset/base/214811

Log:
  Update to 9.6-ESV-R2, the latest from ISC.
  
  This version contains bug fixes that are relevant to any
  caching/resolving name server; as well as DNSSEC-related
  fixes.

Modified:
  stable/8/contrib/bind9/CHANGES
  stable/8/contrib/bind9/README
  stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.html
  stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html
  stable/8/contrib/bind9/bin/named/include/named/globals.h
  stable/8/contrib/bind9/bin/named/main.c
  stable/8/contrib/bind9/bin/named/query.c
  stable/8/contrib/bind9/bin/named/server.c
  stable/8/contrib/bind9/bin/nsupdate/nsupdate.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.html
  stable/8/contrib/bind9/doc/arm/Bv9ARM.pdf
  stable/8/contrib/bind9/doc/arm/isc-logo.eps
  stable/8/contrib/bind9/doc/arm/isc-logo.pdf
  stable/8/contrib/bind9/doc/arm/man.dig.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html
  stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html
  stable/8/contrib/bind9/doc/arm/man.host.html
  stable/8/contrib/bind9/doc/arm/man.named-checkconf.html
  stable/8/contrib/bind9/doc/arm/man.named-checkzone.html
  stable/8/contrib/bind9/doc/arm/man.named.html
  stable/8/contrib/bind9/doc/arm/man.nsupdate.html
  stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html
  stable/8/contrib/bind9/doc/arm/man.rndc.conf.html
  stable/8/contrib/bind9/doc/arm/man.rndc.html
  stable/8/contrib/bind9/lib/dns/adb.c
  stable/8/contrib/bind9/lib/dns/api
  stable/8/contrib/bind9/lib/dns/include/dns/diff.h
  stable/8/contrib/bind9/lib/dns/include/dns/ncache.h
  stable/8/contrib/bind9/lib/dns/include/dns/rdataset.h
  stable/8/contrib/bind9/lib/dns/include/dns/resolver.h
  stable/8/contrib/bind9/lib/dns/include/dns/result.h
  stable/8/contrib/bind9/lib/dns/include/dns/types.h
  stable/8/contrib/bind9/lib/dns/include/dns/validator.h
  stable/8/contrib/bind9/lib/dns/ncache.c
  stable/8/contrib/bind9/lib/dns/rbtdb.c
  stable/8/contrib/bind9/lib/dns/rdatalist.c
  stable/8/contrib/bind9/lib/dns/rdataset.c
  stable/8/contrib/bind9/lib/dns/rdataslab.c
  stable/8/contrib/bind9/lib/dns/resolver.c
  stable/8/contrib/bind9/lib/dns/result.c
  stable/8/contrib/bind9/lib/dns/sdb.c
  stable/8/contrib/bind9/lib/dns/sdlz.c
  stable/8/contrib/bind9/lib/dns/validator.c
  stable/8/contrib/bind9/lib/dns/view.c
  stable/8/contrib/bind9/lib/isc/api
  stable/8/contrib/bind9/lib/isc/include/isc/mem.h
  stable/8/contrib/bind9/lib/isc/mem.c
  stable/8/contrib/bind9/lib/lwres/man/lwres.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_buffer.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_config.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_context.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gabn.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gethostent.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getipnode.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_gnba.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_hstrerror.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_inetntop.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_noop.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_packet.html
  stable/8/contrib/bind9/lib/lwres/man/lwres_resutil.html
  stable/8/contrib/bind9/version
Directory Properties:
  stable/8/contrib/bind9/   (props changed)

Modified: stable/8/contrib/bind9/CHANGES
==============================================================================
--- stable/8/contrib/bind9/CHANGES	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/CHANGES	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,9 +1,48 @@
-	--- 9.6.2-P2 released ---
+	--- 9.6-ESV-R2 released ---
+
+2939.	[func]		Check that named successfully skips NSEC3 records
+			that fail to match the NSEC3PARAM record currently
+			in use. [RT# 21868]
+
+2937.	[bug]		Worked around an apparent race condition in over
+			memory conditions.  Without this fix a DNS cache DB or
+			ADB could incorrectly stay in an over memory state,
+			effectively refusing further caching, which
+			subsequently made a BIND 9 caching server unworkable.
+			This fix prevents this problem from happening by
+			polling the state of the memory context, rather than
+			making a copy of the state, which appeared to cause
+			a race.  This is a "workaround" in that it doesn't
+			solve the possible race per se, but several experiments
+			proved this change solves the symptom.  Also, the
+			polling overhead hasn't been reported to be an issue.
+			This bug should only affect a caching server that
+			specifies a finite max-cache-size.  It's also quite
+			likely that the bug happens only when enabling threads,
+			but it's not confirmed yet. [RT #21818]
+
+2925.	[bug]		Named failed to accept uncachable negative responses
+			from insecure zones. [RT# 21555]
+
+2921.	[bug]		The resolver could attempt to destroy a fetch context
+			too soon.  [RT #19878]
+
+2900.	[bug]		The placeholder negative caching element was not
+			properly constructed triggering a INSIST in 
+			dns_ncache_towire(). [RT #21346]
+			
+2890.	[bug]		Handle the introduction of new trusted-keys and
+			DS, DLV RRsets better. [RT #21097]
+
+2869.	[bug]		Fix arguments to dns_keytable_findnextkeynode() call.
+			[RT #20877]
+
+	--- 9.6-ESV-R1 released ---
 
 2876.	[bug]		Named could return SERVFAIL for negative responses
 			from unsigned zones. [RT #21131]
 
-	--- 9.6.2-P1 released ---
+	--- 9.6-ESV released ---
 
 2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]
 

Modified: stable/8/contrib/bind9/README
==============================================================================
--- stable/8/contrib/bind9/README	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/README	Thu Nov  4 21:48:39 2010	(r214811)
@@ -42,6 +42,12 @@ BIND 9
 		Stichting NLnet - NLnet Foundation
 		Nominum, Inc.
 
+BIND 9.6-ESV (Extended Support Version)
+
+	BIND 9.6-ESV will be supported until March 31, 2013, at
+	which time you will need to upgrade to the current release
+	of BIND.
+
 BIND 9.6.2
 
 	BIND 9.6.2 is a maintenance release, fixing bugs in 9.6.1.

Modified: stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
==============================================================================
--- stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008, 2010  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-dsfromkey.html,v 1.5 2008/11/08 01:11:47 tbox Exp $ -->
+<!-- $Id: dnssec-dsfromkey.html,v 1.5.110.2 2010/03/03 23:32:17 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -33,14 +33,14 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543424"></a><h2>DESCRIPTION</h2>
+<a name="id2543421"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-dsfromkey</strong></span>
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543435"></a><h2>OPTIONS</h2>
+<a name="id2543433"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-1</span></dt>
 <dd><p>
@@ -81,7 +81,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543563"></a><h2>EXAMPLE</h2>
+<a name="id2543561"></a><h2>EXAMPLE</h2>
 <p>
       To build the SHA-256 DS RR from the
       <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -96,7 +96,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543593"></a><h2>FILES</h2>
+<a name="id2543591"></a><h2>FILES</h2>
 <p>
       The keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -110,13 +110,13 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543628"></a><h2>CAVEAT</h2>
+<a name="id2543626"></a><h2>CAVEAT</h2>
 <p>
       A keyfile error can give a "file not found" even if the file exists.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543638"></a><h2>SEE ALSO</h2>
+<a name="id2543636"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -125,7 +125,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543674"></a><h2>AUTHOR</h2>
+<a name="id2543672"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
==============================================================================
--- stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3 2010/01/16 01:55:32 tbox Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3.4.1 2010/03/03 22:19:19 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543416"></a><h2>DESCRIPTION</h2>
+<a name="id2543414"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keyfromlabel</strong></span>
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -39,7 +39,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543428"></a><h2>OPTIONS</h2>
+<a name="id2543426"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -120,7 +120,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543632"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2543629"></a><h2>GENERATED KEY FILES</h2>
 <p>
       When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
       successfully,
@@ -161,7 +161,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543704"></a><h2>SEE ALSO</h2>
+<a name="id2543702"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -169,7 +169,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543737"></a><h2>AUTHOR</h2>
+<a name="id2543735"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.html
==============================================================================
--- stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.32.44.4 2010/01/16 01:55:32 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.32.44.4.4.1 2010/03/03 22:19:19 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em
 ></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543483"></a><h2>DESCRIPTION</h2>
+<a name="id2543481"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -45,7 +45,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543501"></a><h2>OPTIONS</h2>
+<a name="id2543499"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -155,7 +155,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543836"></a><h2>GENERATED KEYS</h2>
+<a name="id2543834"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -201,7 +201,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543918"></a><h2>EXAMPLE</h2>
+<a name="id2543916"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -222,7 +222,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544030"></a><h2>SEE ALSO</h2>
+<a name="id2544028"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2539</em>,
@@ -231,7 +231,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544061"></a><h2>AUTHOR</h2>
+<a name="id2544059"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html
==============================================================================
--- stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-signzone.html,v 1.33.44.8 2009/11/07 01:56:11 tbox Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.33.44.8.10.1 2010/03/03 22:19:19 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-seria
 l-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543558"></a><h2>DESCRIPTION</h2>
+<a name="id2543556"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543576"></a><h2>OPTIONS</h2>
+<a name="id2543574"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -273,7 +273,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544503"></a><h2>EXAMPLE</h2>
+<a name="id2544433"></a><h2>EXAMPLE</h2>
 <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
       zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -302,7 +302,7 @@ db.example.com.signed
 %</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544554"></a><h2>KNOWN BUGS</h2>
+<a name="id2544552"></a><h2>KNOWN BUGS</h2>
 <p>
         <span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
         sign a zone partially, using only a subset of the DNSSEC keys
@@ -327,14 +327,14 @@ db.example.com.signed
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544716"></a><h2>SEE ALSO</h2>
+<a name="id2544714"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 4033</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544741"></a><h2>AUTHOR</h2>
+<a name="id2544739"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: stable/8/contrib/bind9/bin/named/include/named/globals.h
==============================================================================
--- stable/8/contrib/bind9/bin/named/include/named/globals.h	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/named/include/named/globals.h	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.80 2008/11/16 22:49:18 marka Exp $ */
+/* $Id: globals.h,v 1.80.84.2 2010/06/26 23:46:15 tbox Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@@ -132,6 +132,7 @@ EXTERN int			ns_g_listen		INIT(3);
 EXTERN isc_time_t		ns_g_boottime;
 EXTERN isc_boolean_t		ns_g_memstatistics	INIT(ISC_FALSE);
 EXTERN isc_boolean_t		ns_g_clienttest		INIT(ISC_FALSE);
+EXTERN isc_boolean_t		ns_g_nosoa		INIT(ISC_FALSE);
 
 #undef EXTERN
 #undef INIT

Modified: stable/8/contrib/bind9/bin/named/main.c
==============================================================================
--- stable/8/contrib/bind9/bin/named/main.c	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/named/main.c	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.166.34.3 2009/04/03 20:18:59 marka Exp $ */
+/* $Id: main.c,v 1.166.34.3.24.3 2010/09/06 03:58:32 marka Exp $ */
 
 /*! \file */
 
@@ -446,13 +446,15 @@ parse_command_line(int argc, char *argv[
 			/* XXXJAB should we make a copy? */
 			ns_g_chrootdir = isc_commandline_argument;
 			break;
-		case 'T':
+		case 'T':	/* NOT DOCUMENTED */
 			/*
 			 * clienttest: make clients single shot with their
 			 * 	       own memory context.
 			 */
 			if (strcmp(isc_commandline_argument, "clienttest") == 0)
 				ns_g_clienttest = ISC_TRUE;
+			else if (!strcmp(isc_commandline_argument, "nosoa"))
+				ns_g_nosoa = ISC_TRUE;
 			else
 				fprintf(stderr, "unknown -T flag '%s\n",
 					isc_commandline_argument);

Modified: stable/8/contrib/bind9/bin/named/query.c
==============================================================================
--- stable/8/contrib/bind9/bin/named/query.c	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/named/query.c	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.313.20.16 2009/12/30 08:34:29 jinmei Exp $ */
+/* $Id: query.c,v 1.313.20.16.10.2 2010/06/26 23:46:14 tbox Exp $ */
 
 /*! \file */
 
@@ -56,6 +56,7 @@
 #include <dns/zt.h>
 
 #include <named/client.h>
+#include <named/globals.h>
 #include <named/log.h>
 #include <named/server.h>
 #include <named/sortlist.h>
@@ -2038,7 +2039,7 @@ query_addrrset(ns_client_t *client, dns_
 
 static inline isc_result_t
 query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
-	     isc_boolean_t zero_ttl)
+	     isc_boolean_t zero_ttl, isc_boolean_t isassociated)
 {
 	dns_name_t *name;
 	dns_dbnode_t *node;
@@ -2056,6 +2057,12 @@ query_addsoa(ns_client_t *client, dns_db
 	node = NULL;
 
 	/*
+	 * Don't add the SOA record for test which set "-T nosoa".
+	 */
+	if (ns_g_nosoa && (!WANTDNSSEC(client) || !isassociated))
+		return (ISC_R_SUCCESS);
+
+	/*
 	 * Get resources and make 'name' be the database origin.
 	 */
 	result = dns_message_gettempname(client->message, &name);
@@ -4324,7 +4331,8 @@ query_find(ns_client_t *client, dns_fetc
 		/*
 		 * Add SOA.
 		 */
-		result = query_addsoa(client, db, version, ISC_FALSE);
+		result = query_addsoa(client, db, version, ISC_FALSE,
+				      dns_rdataset_isassociated(rdataset));
 		if (result != ISC_R_SUCCESS) {
 			QUERY_ERROR(result);
 			goto cleanup;
@@ -4372,9 +4380,11 @@ query_find(ns_client_t *client, dns_fetc
 		    zone != NULL &&
 #endif
 		    dns_zone_getzeronosoattl(zone))
-			result = query_addsoa(client, db, version, ISC_TRUE);
+			result = query_addsoa(client, db, version, ISC_TRUE,
+					  dns_rdataset_isassociated(rdataset));
 		else
-			result = query_addsoa(client, db, version, ISC_FALSE);
+			result = query_addsoa(client, db, version, ISC_FALSE,
+					  dns_rdataset_isassociated(rdataset));
 		if (result != ISC_R_SUCCESS) {
 			QUERY_ERROR(result);
 			goto cleanup;
@@ -4742,7 +4752,7 @@ query_find(ns_client_t *client, dns_fetc
 				 * Add SOA.
 				 */
 				result = query_addsoa(client, db, version,
-						      ISC_FALSE);
+						      ISC_FALSE, ISC_FALSE);
 				if (result == ISC_R_SUCCESS)
 					result = ISC_R_NOMORE;
 			} else {

Modified: stable/8/contrib/bind9/bin/named/server.c
==============================================================================
--- stable/8/contrib/bind9/bin/named/server.c	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/named/server.c	Thu Nov  4 21:48:39 2010	(r214811)
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.520.12.11.8.2 2010/02/25 10:57:11 tbox Exp $ */
+/* $Id: server.c,v 1.520.12.11.10.1 2010/03/03 22:06:36 marka Exp $ */
 
 /*! \file */
 

Modified: stable/8/contrib/bind9/bin/nsupdate/nsupdate.html
==============================================================================
--- stable/8/contrib/bind9/bin/nsupdate/nsupdate.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/bin/nsupdate/nsupdate.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nsupdate.html,v 1.40.48.3 2009/07/11 01:55:21 tbox Exp $ -->
+<!-- $Id: nsupdate.html,v 1.40.48.3.10.1 2010/03/03 22:19:19 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543449"></a><h2>DESCRIPTION</h2>
+<a name="id2543447"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -169,7 +169,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543726"></a><h2>INPUT FORMAT</h2>
+<a name="id2543724"></a><h2>INPUT FORMAT</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       reads input from
       <em class="parameter"><code>filename</code></em>
@@ -433,7 +433,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544567"></a><h2>EXAMPLES</h2>
+<a name="id2544565"></a><h2>EXAMPLES</h2>
 <p>
       The examples below show how
       <span><strong class="command">nsupdate</strong></span>
@@ -487,7 +487,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544611"></a><h2>FILES</h2>
+<a name="id2544609"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
 <dd><p>
@@ -506,7 +506,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544680"></a><h2>SEE ALSO</h2>
+<a name="id2544678"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
       <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
       <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@@ -519,7 +519,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2542156"></a><h2>BUGS</h2>
+<a name="id2542154"></a><h2>BUGS</h2>
 <p>
       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml
==============================================================================
--- stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml	Thu Nov  4 21:48:39 2010	(r214811)
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.24.2.1 2010/02/25 05:39:32 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.380.14.24.4.1 2010/03/03 22:06:36 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <title>BIND 9 Administrator Reference Manual</title>
 

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.18.2.1 2010/02/25 12:16:44 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.201.14.18.4.1 2010/03/03 22:06:37 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.13.2.1 2010/02/25 12:16:47 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.178.14.13.4.1 2010/03/03 22:06:37 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.13.2.1 2010/02/25 12:16:47 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.178.14.13.4.1 2010/03/03 22:06:37 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.14.2.1 2010/02/25 12:16:47 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.180.16.14.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/Bv9ARM.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/Bv9ARM.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: Bv9ARM.html,v 1.193.14.14.2.1 2010/02/25 12:16:48 tbox Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.193.14.14.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/Bv9ARM.pdf
==============================================================================
Binary file (source and/or target). No diff available.

Modified: stable/8/contrib/bind9/doc/arm/isc-logo.eps
==============================================================================
Binary file (source and/or target). No diff available.

Modified: stable/8/contrib/bind9/doc/arm/isc-logo.pdf
==============================================================================
Binary file (source and/or target). No diff available.

Modified: stable/8/contrib/bind9/doc/arm/man.dig.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.dig.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.dig.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.dig.html,v 1.93.14.15.2.1 2010/02/25 12:16:48 tbox Exp $ -->
+<!-- $Id: man.dig.html,v 1.93.14.15.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.dnssec-dsfromkey.html,v 1.6.14.14.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.dnssec-dsfromkey.html,v 1.6.14.14.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.dnssec-keyfromlabel.html,v 1.31.14.17.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.dnssec-keyfromlabel.html,v 1.31.14.17.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.dnssec-keygen.html,v 1.97.14.17.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.dnssec-keygen.html,v 1.97.14.17.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.dnssec-signzone.html,v 1.94.14.23.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.dnssec-signzone.html,v 1.94.14.23.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.host.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.host.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.host.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.host.html,v 1.93.14.15.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.host.html,v 1.93.14.15.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.named-checkconf.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.named-checkconf.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.named-checkconf.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.named-checkconf.html,v 1.92.14.20.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.named-checkconf.html,v 1.92.14.20.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.named-checkzone.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.named-checkzone.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.named-checkzone.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.named-checkzone.html,v 1.98.14.20.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.named-checkzone.html,v 1.98.14.20.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.named.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.named.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.named.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.named.html,v 1.99.14.20.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.named.html,v 1.99.14.20.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.nsupdate.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.nsupdate.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.nsupdate.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.nsupdate.html,v 1.22.14.21.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.nsupdate.html,v 1.22.14.21.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.rndc-confgen.html,v 1.102.14.21.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.rndc-confgen.html,v 1.102.14.21.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.rndc.conf.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.rndc.conf.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.rndc.conf.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.rndc.conf.html,v 1.103.14.21.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.rndc.conf.html,v 1.103.14.21.4.1 2010/03/03 22:06:38 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/doc/arm/man.rndc.html
==============================================================================
--- stable/8/contrib/bind9/doc/arm/man.rndc.html	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/doc/arm/man.rndc.html	Thu Nov  4 21:48:39 2010	(r214811)
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.rndc.html,v 1.101.14.21.2.1 2010/02/25 12:16:49 tbox Exp $ -->
+<!-- $Id: man.rndc.html,v 1.101.14.21.4.1 2010/03/03 22:06:39 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

Modified: stable/8/contrib/bind9/lib/dns/adb.c
==============================================================================
--- stable/8/contrib/bind9/lib/dns/adb.c	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/lib/dns/adb.c	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: adb.c,v 1.243.42.4 2009/02/03 22:34:28 jinmei Exp $ */
+/* $Id: adb.c,v 1.243.42.4.24.2 2010/08/12 23:46:24 tbox Exp $ */
 
 /*! \file
  *
@@ -118,7 +118,6 @@ struct dns_adb {
 
 	isc_taskmgr_t                  *taskmgr;
 	isc_task_t                     *task;
-	isc_boolean_t                   overmem;
 
 	isc_interval_t                  tick_interval;
 	int                             next_cleanbucket;
@@ -294,8 +293,8 @@ static inline void inc_adb_irefcnt(dns_a
 static inline void inc_adb_erefcnt(dns_adb_t *);
 static inline void inc_entry_refcnt(dns_adb_t *, dns_adbentry_t *,
 				    isc_boolean_t);
-static inline isc_boolean_t dec_entry_refcnt(dns_adb_t *, dns_adbentry_t *,
-					     isc_boolean_t);
+static inline isc_boolean_t dec_entry_refcnt(dns_adb_t *, isc_boolean_t,
+					     dns_adbentry_t *, isc_boolean_t);
 static inline void violate_locking_hierarchy(isc_mutex_t *, isc_mutex_t *);
 static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *);
 static void clean_target(dns_adb_t *, dns_name_t *);
@@ -777,7 +776,7 @@ link_entry(dns_adb_t *adb, int bucket, d
 	int i;
 	dns_adbentry_t *e;
 
-	if (adb->overmem) {
+	if (isc_mem_isovermem(adb->mctx)) {
 		for (i = 0; i < 2; i++) {
 			e = ISC_LIST_TAIL(adb->entries[bucket]);
 			if (e == NULL)
@@ -943,6 +942,7 @@ clean_namehooks(dns_adb_t *adb, dns_adbn
 	dns_adbnamehook_t *namehook;
 	int addr_bucket;
 	isc_boolean_t result = ISC_FALSE;
+	isc_boolean_t overmem = isc_mem_isovermem(adb->mctx);
 
 	addr_bucket = DNS_ADB_INVALIDBUCKET;
 	namehook = ISC_LIST_HEAD(*namehooks);
@@ -963,7 +963,8 @@ clean_namehooks(dns_adb_t *adb, dns_adbn
 				LOCK(&adb->entrylocks[addr_bucket]);
 			}
 
-			result = dec_entry_refcnt(adb, entry, ISC_FALSE);
+			result = dec_entry_refcnt(adb, overmem, entry,
+						  ISC_FALSE);
 		}
 
 		/*
@@ -1235,7 +1236,9 @@ inc_entry_refcnt(dns_adb_t *adb, dns_adb
 }
 
 static inline isc_boolean_t
-dec_entry_refcnt(dns_adb_t *adb, dns_adbentry_t *entry, isc_boolean_t lock) {
+dec_entry_refcnt(dns_adb_t *adb, isc_boolean_t overmem, dns_adbentry_t *entry,
+		 isc_boolean_t lock)
+{
 	int bucket;
 	isc_boolean_t destroy_entry;
 	isc_boolean_t result = ISC_FALSE;
@@ -1250,7 +1253,7 @@ dec_entry_refcnt(dns_adb_t *adb, dns_adb
 
 	destroy_entry = ISC_FALSE;
 	if (entry->refcnt == 0 &&
-	    (adb->entry_sd[bucket] || entry->expires == 0 || adb->overmem ||
+	    (adb->entry_sd[bucket] || entry->expires == 0 || overmem ||
 	     (entry->flags & ENTRY_IS_DEAD) != 0)) {
 		destroy_entry = ISC_TRUE;
 		result = unlink_entry(adb, entry);
@@ -1852,7 +1855,7 @@ check_stale_name(dns_adb_t *adb, int buc
 	int victims, max_victims;
 	isc_boolean_t result;
 	dns_adbname_t *victim, *next_victim;
-	isc_boolean_t overmem = adb->overmem;
+	isc_boolean_t overmem = isc_mem_isovermem(adb->mctx);
 	int scans = 0;
 
 	INSIST(bucket != DNS_ADB_INVALIDBUCKET);
@@ -2049,7 +2052,6 @@ dns_adb_create(isc_mem_t *mem, dns_view_
 		       adb, NULL, NULL);
 	adb->cevent_sent = ISC_FALSE;
 	adb->shutting_down = ISC_FALSE;
-	adb->overmem = ISC_FALSE;
 	ISC_LIST_INIT(adb->whenshutdown);
 
 	isc_mem_attach(mem, &adb->mctx);
@@ -2616,6 +2618,7 @@ dns_adb_destroyfind(dns_adbfind_t **find
 	dns_adbaddrinfo_t *ai;
 	int bucket;
 	dns_adb_t *adb;
+	isc_boolean_t overmem;
 
 	REQUIRE(findp != NULL && DNS_ADBFIND_VALID(*findp));
 	find = *findp;
@@ -2640,13 +2643,14 @@ dns_adb_destroyfind(dns_adbfind_t **find
 	 * Return the find to the memory pool, and decrement the adb's
 	 * reference count.
 	 */
+	overmem = isc_mem_isovermem(adb->mctx);
 	ai = ISC_LIST_HEAD(find->list);
 	while (ai != NULL) {
 		ISC_LIST_UNLINK(find->list, ai, publink);
 		entry = ai->entry;
 		ai->entry = NULL;
 		INSIST(DNS_ADBENTRY_VALID(entry));
-		RUNTIME_CHECK(dec_entry_refcnt(adb, entry, ISC_TRUE) ==
+		RUNTIME_CHECK(dec_entry_refcnt(adb, overmem, entry, ISC_TRUE) ==
 			      ISC_FALSE);
 		free_adbaddrinfo(adb, &ai);
 		ai = ISC_LIST_HEAD(find->list);
@@ -3509,6 +3513,7 @@ dns_adb_freeaddrinfo(dns_adb_t *adb, dns
 	int bucket;
 	isc_stdtime_t now;
 	isc_boolean_t want_check_exit = ISC_FALSE;
+	isc_boolean_t overmem;
 
 	REQUIRE(DNS_ADB_VALID(adb));
 	REQUIRE(addrp != NULL);
@@ -3520,13 +3525,14 @@ dns_adb_freeaddrinfo(dns_adb_t *adb, dns
 	isc_stdtime_get(&now);
 
 	*addrp = NULL;
+	overmem = isc_mem_isovermem(adb->mctx);
 
 	bucket = addr->entry->lock_bucket;
 	LOCK(&adb->entrylocks[bucket]);
 
 	entry->expires = now + ADB_ENTRY_WINDOW;
 
-	want_check_exit = dec_entry_refcnt(adb, entry, ISC_FALSE);
+	want_check_exit = dec_entry_refcnt(adb, overmem, entry, ISC_FALSE);
 
 	UNLOCK(&adb->entrylocks[bucket]);
 
@@ -3591,6 +3597,14 @@ dns_adb_flushname(dns_adb_t *adb, dns_na
 
 static void
 water(void *arg, int mark) {
+	/*
+	 * We're going to change the way to handle overmem condition: use
+	 * isc_mem_isovermem() instead of storing the state via this callback,
+	 * since the latter way tends to cause race conditions.
+	 * To minimize the change, and in case we re-enable the callback
+	 * approach, however, keep this function at the moment.
+	 */
+
 	dns_adb_t *adb = arg;
 	isc_boolean_t overmem = ISC_TF(mark == ISC_MEM_HIWATER);
 
@@ -3598,17 +3612,6 @@ water(void *arg, int mark) {
 
 	DP(ISC_LOG_DEBUG(1),
 	   "adb reached %s water mark", overmem ? "high" : "low");
-
-	/*
-	 * We can't use adb->lock as there is potential for water
-	 * to be called when adb->lock is held.
-	 */
-	LOCK(&adb->overmemlock);
-	if (adb->overmem != overmem) {
-		adb->overmem = overmem;
-		isc_mem_waterack(adb->mctx, mark);
-	}
-	UNLOCK(&adb->overmemlock);
 }
 
 void

Modified: stable/8/contrib/bind9/lib/dns/api
==============================================================================
--- stable/8/contrib/bind9/lib/dns/api	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/lib/dns/api	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,3 +1,3 @@
-LIBINTERFACE = 56
-LIBREVISION = 1
-LIBAGE = 1
+LIBINTERFACE = 57
+LIBREVISION = 0
+LIBAGE = 2

Modified: stable/8/contrib/bind9/lib/dns/include/dns/diff.h
==============================================================================
--- stable/8/contrib/bind9/lib/dns/include/dns/diff.h	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/lib/dns/include/dns/diff.h	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: diff.h,v 1.15.120.2 2009/01/18 23:47:41 tbox Exp $ */
+/* $Id: diff.h,v 1.15.120.2.24.2 2010/06/04 23:49:23 tbox Exp $ */
 
 #ifndef DNS_DIFF_H
 #define DNS_DIFF_H 1
@@ -70,7 +70,7 @@ typedef enum {
 	DNS_DIFFOP_DEL = 1,		/*%< Delete an RR. */
 	DNS_DIFFOP_EXISTS = 2,		/*%< Assert RR existence. */
 	DNS_DIFFOP_ADDRESIGN = 4,	/*%< ADD + RESIGN. */
-	DNS_DIFFOP_DELRESIGN = 5,	/*%< DEL + RESIGN. */
+	DNS_DIFFOP_DELRESIGN = 5	/*%< DEL + RESIGN. */
 } dns_diffop_t;
 
 typedef struct dns_difftuple dns_difftuple_t;

Modified: stable/8/contrib/bind9/lib/dns/include/dns/ncache.h
==============================================================================
--- stable/8/contrib/bind9/lib/dns/include/dns/ncache.h	Thu Nov  4 21:47:28 2010	(r214810)
+++ stable/8/contrib/bind9/lib/dns/include/dns/ncache.h	Thu Nov  4 21:48:39 2010	(r214811)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ncache.h,v 1.25.48.2 2009/12/30 23:47:31 tbox Exp $ */
+/* $Id: ncache.h,v 1.25.48.2.10.2 2010/05/14 23:48:44 tbox Exp $ */
 
 #ifndef DNS_NCACHE_H
 #define DNS_NCACHE_H 1
@@ -161,6 +161,13 @@ dns_ncache_getrdataset(dns_rdataset_t *n
  *
  */
 
+isc_result_t
+dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***