Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind Merge changes.
details: https://anonhg.NetBSD.org/src/rev/9cfcbea2fd8e
branches: trunk
changeset: 756861:9cfcbea2fd8e
user: christos <christos%NetBSD.org@localhost>
date: Fri Aug 06 10:58:03 2010 +0000
description:
Merge changes.
diffstat:
external/bsd/bind/Makefile.inc | 16 +-
external/bsd/bind/dist/README.dnssec | 186 -
external/bsd/bind/dist/README.libdns | 275 -
external/bsd/bind/dist/README.pkcs11 | 309 -
external/bsd/bind/dist/README.rfc5011 | 56 -
external/bsd/bind/dist/bin/dig/dighost.c | 41 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keyfromlabel.c | 43 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c | 68 +-
external/bsd/bind/dist/bin/dnssec/dnssec-signzone.c | 161 +-
external/bsd/bind/dist/bin/named/main.c | 10 +-
external/bsd/bind/dist/bin/named/named.conf.5 | 9 +-
external/bsd/bind/dist/bin/named/named.conf.docbook | 6 +-
external/bsd/bind/dist/bin/named/named.conf.html | 35 +-
external/bsd/bind/dist/bin/named/server.c | 790 +++-
external/bsd/bind/dist/bin/tests/system/autosign/ns3/multiple.example.db.in | 34 -
external/bsd/bind/dist/binclude4netbsd | 24 +-
external/bsd/bind/dist/bind2netbsd | 6 +-
external/bsd/bind/dist/contrib/zkt/dnssec-signer.c | 915 ----
external/bsd/bind/dist/contrib/zkt/doc/KeyRollover.ps | 304 -
external/bsd/bind/dist/contrib/zkt/doc/draft-gudmundsson-life-of-dnskey-00.txt | 616 --
external/bsd/bind/dist/contrib/zkt/doc/draft-ietf-dnsop-rfc4641bis-01.txt | 2128 ----------
external/bsd/bind/dist/contrib/zkt/doc/rfc4641.txt | 1963 ---------
external/bsd/bind/dist/contrib/zkt/examples/dnssec-signer.sh | 12 -
external/bsd/bind/dist/contrib/zkt/examples/dnssec-zkt.sh | 12 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dist.sh | 70 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dnssec-signer.sh | 14 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dnssec.conf | 43 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private | 7 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/dnskey.db | 35 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/dnssec.conf | 5 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net. | 18 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/zone.db | 115 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned | 221 -
external/bsd/bind/dist/contrib/zkt/examples/flat/dyn.example.net/zone.org | 30 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+24545.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+24545.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+33840.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+33840.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+34925.depreciated | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+34925.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+48089.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+48089.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/dnskey.db | 45 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/dsset-example.net. | 4 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/kexample.net.+005+01764.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/kexample.net.+005+01764.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/keyset-example.net. | 19 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/zone.db | 43 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/zone.db.signed | 165 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/dsset-example.net. | 4 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. | 18 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/keyset-example.net. | 19 -
external/bsd/bind/dist/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. | 8 -
external/bsd/bind/dist/contrib/zkt/examples/flat/named.conf | 109 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+14600.depreciated | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+14600.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+32345.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+32345.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+48516.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+48516.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/dnskey.db | 29 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/dnssec.conf | 15 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net. | 8 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/maxhexsalt | 1 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1 | 1 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/zone.db | 25 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/zone.db.signed | 109 -
external/bsd/bind/dist/contrib/zkt/examples/flat/zkt.log | 1031 ----
external/bsd/bind/dist/contrib/zkt/examples/flat/zone.conf | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+55529.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+55529.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db | 33 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de. | 4 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de. | 19 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de. | 7 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+11091.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+11091.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+38598.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+38598.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+60332.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+60332.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+24426.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+24426.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+26451.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+26451.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+37547.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+37547.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+57863.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+57863.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. | 8 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db | 65 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf | 17 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. | 8 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. | 29 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+31785.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+31785.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+56595.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+56595.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. | 7 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db | 25 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed | 215 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/zone.db | 38 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed | 124 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/zone.soa | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/keyset-example.de. | 19 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/dnssec.conf | 40 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/named.conf | 102 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/zone.conf | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/dnssec-extern.conf | 39 -
external/bsd/bind/dist/contrib/zkt/examples/views/dnssec-intern.conf | 39 -
external/bsd/bind/dist/contrib/zkt/examples/views/dnssec-signer-extern | 7 -
external/bsd/bind/dist/contrib/zkt/examples/views/dnssec-signer-intern | 7 -
external/bsd/bind/dist/contrib/zkt/examples/views/dnssec-zkt-extern | 7 -
external/bsd/bind/dist/contrib/zkt/examples/views/dnssec-zkt-intern | 7 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key | 1 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key | 4 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/dnskey.db | 36 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/dsset-example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/keyset-example.net. | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/zone.db | 33 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/example.net/zone.db.signed | 114 -
external/bsd/bind/dist/contrib/zkt/examples/views/extern/zkt-ext.log | 51 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key | 1 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key | 1 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/dnskey.db | 36 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/dsset-example.net. | 2 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/keyset-example.net. | 10 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/zone.db | 33 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/example.net/zone.db.signed | 114 -
external/bsd/bind/dist/contrib/zkt/examples/views/intern/zkt-int.log | 192 -
external/bsd/bind/dist/contrib/zkt/examples/views/named.conf | 97 -
external/bsd/bind/dist/contrib/zkt/examples/views/named.log | 17 -
external/bsd/bind/dist/contrib/zkt/examples/views/root.hint | 45 -
external/bsd/bind/dist/contrib/zkt/examples/views/viewtest.sh | 20 -
external/bsd/bind/dist/contrib/zkt/man/dnssec-signer.8 | 436 --
external/bsd/bind/dist/contrib/zkt/man/dnssec-signer.8.html | 439 --
external/bsd/bind/dist/contrib/zkt/man/dnssec-signer.8.pdf | Bin
external/bsd/bind/dist/contrib/zkt/man/dnssec-zkt.8.html | 539 --
external/bsd/bind/dist/doc/draft/draft-ietf-6man-text-addr-representation-01.txt | 785 ---
external/bsd/bind/dist/doc/draft/draft-ietf-behave-dns64-01.txt | 1624 -------
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-axfr-clarify-11.txt | 1058 ----
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dns-tcp-requirements-01.txt | 448 --
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt | 672 ---
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-gost-05.txt | 448 --
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt | 953 ----
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc3597-bis-00.txt | 395 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-default-local-zones-09.txt | 729 ---
external/bsd/bind/dist/lib/dns/include/dns/name.h | 27 +-
external/bsd/bind/dist/lib/dns/include/dns/zone.h | 6 +-
external/bsd/bind/dist/lib/dns/keytable.c | 44 +-
external/bsd/bind/dist/lib/dns/message.c | 98 +-
external/bsd/bind/dist/lib/dns/rbtdb.c | 157 +-
external/bsd/bind/dist/lib/dns/resolver.c | 620 ++-
external/bsd/bind/dist/lib/isc/include/isc/mem.h | 8 +-
external/bsd/bind/dist/lib/isc/include/isc/util.h | 16 +-
external/bsd/bind/dist/lib/isc/unix/socket.c | 48 +-
external/bsd/bind/include/config.h | 24 +-
external/bsd/bind/include/dns/code.h | 2 +-
external/bsd/bind/include/dns/enumtype.h | 2 +-
external/bsd/bind/include/dns/rdatastruct.h | 2 +-
external/bsd/bind/include/isc/platform.h | 12 +-
206 files changed, 1822 insertions(+), 20231 deletions(-)
diffs (truncated from 24538 to 300 lines):
diff -r 544a84297a6b -r 9cfcbea2fd8e external/bsd/bind/Makefile.inc
--- a/external/bsd/bind/Makefile.inc Fri Aug 06 10:46:48 2010 +0000
+++ b/external/bsd/bind/Makefile.inc Fri Aug 06 10:58:03 2010 +0000
@@ -1,8 +1,10 @@
-# $NetBSD: Makefile.inc,v 1.4 2009/10/25 00:18:38 christos Exp $
+# $NetBSD: Makefile.inc,v 1.5 2010/08/06 10:58:03 christos Exp $
.if !defined(BIND9_MAKEFILE_INC)
BIND9_MAKEFILE_INC=yes
+#NAMED_DEBUG=1
+
USE_FORT?= yes # network client/server
WARNS?= 1
@@ -11,12 +13,12 @@
.if ${MKCRYPTO} == "no"
NAMED_USE_OPENSSL?=no
+.else
+NAMED_USE_OPENSSL?=yes
.endif
NAMED_USE_PTHREADS?=yes
-NAMED_USE_OPENSSL?=yes
-
IDIST= ${NETBSDSRCDIR}/external/bsd/bind/dist
BIND_SRCDIR= ${NETBSDSRCDIR}/external/bsd/bind
BIND_HTMLDIR= /usr/share/doc/html/bind9
@@ -49,11 +51,19 @@
COPTS+= -Wno-pointer-sign
.endif
+.if defined(NAMED_DEBUG)
+DBG=-g3 -gstabs
+.endif
+
.if !defined(LIB) || empty(LIB)
# NOTE: the order of these libraries is important...
+.if defined(NAMED_DEBUG)
+LDADD+= -lbind9_g -ldns_g -llwres_g -lisccfg_g -lisccc_g -lisc_g
+.else
LDADD+= -lbind9 -ldns -llwres -lisccfg -lisccc -lisc
DPADD+= ${LIBBIND9} ${LIBDNS} ${LIBLWRES}
DPADD+= ${LIBISCCFG} ${LIBISCCC} ${LIBISC}
+.endif
.else
CPPFLAGS+= -DLIBINTERFACE=${LIBINTERFACE} \
-DLIBREVISION=${LIBREVISION} -DLIBAGE=${LIBAGE}
diff -r 544a84297a6b -r 9cfcbea2fd8e external/bsd/bind/dist/README.dnssec
--- a/external/bsd/bind/dist/README.dnssec Fri Aug 06 10:46:48 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,186 +0,0 @@
-
- DNSSEC and Dynamic Zones
-
-As of BIND 9.7.0 it is possible to change a dynamic zone from
-insecure to secure and back again. A secure zone can use either
-NSEC or NSEC3 chains.
-
- Converting from insecure to secure
-
-Changing a zone from insecure to secure can be done in two ways:
-using a dynamic DNS update, or the "auto-dnssec" zone option.
-
-For either method, you need to configure named so that it can see
-the K* files which contain the public and private parts of the keys
-that will be used to sign the zone. These files will have been
-generated by dnssec-keygen. You can do this by placing them in
-the key-directory, as specified in named.conf:
-
- zone example.net {
- type master;
- update-policy local;
- file "dynamic/example.net/example.net";
- key-directory "dynamic/example.net";
- };
-
-If one KSK and one ZSK DNSKEY key have been generated, this configuration
-will cause all records in the zone to be signed with the ZSK, and the
-DNSKEY RRset to be signed with the KSK as well. An NSEC chain will be
-generated as part of the initial signing process.
-
- Dynamic DNS update method
-
-To insert the keys via dynamic update:
-
- % nsupdate
- > ttl 3600
- > update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
- > update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
- > send
-
-While the update request will complete almost immediately, the zone
-will not be completely signed until named has had time to walk the
-zone and generate the NSEC and RRSIG records. The NSEC record at the
-apex will be added last, to signal that there is a complete NSEC chain.
-
-If you wish to sign using NSEC3 instead of NSEC, you should add an
-NSEC3PARAM record to the initial update request. If you wish the
-NSEC3 chain to have the OPTOUT bit set, set it in the flags field
-of the NSEC3PARAM record.
-
- % nsupdate
- > ttl 3600
- > update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
- > update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
- > update add example.net NSEC3PARAM 1 1 100 1234567890
- > send
-
-Again, this update request will complete almost immediately; however,
-the record won't show up until named has had a chance to build/remove
-the relevant chain. A private type record will be created to record
-the state of the operation (see below for more details), and will be
-removed once the operation completes.
-
-While the initial signing and NSEC/NSEC3 chain generation is happening,
-other updates are possible as well.
-
- Fully automatic zone signing
-
-To enable automatic signing, add the "auto-dnssec" option to the zone
-statement in named.conf. "auto-dnssec" has two possible arguments:
-"allow" or "maintain".
-
-With "auto-dnssec allow", named can search the key directory for keys
-matching the zone, insert them into the zone, and use them to sign the
-zone. It will do so only when it receives an "rndc sign <zonename>"
-command.
-
-"auto-dnssec maintain" includes the above functionality, but will also
-automatically adjust the zone's DNSKEY records on schedule according to the
-keys' timing metadata (see the man pages for dnssec-keygen and
-dnssec-settime for more information). If keys are present in the key
-directory the first time the zone is loaded, it will be signed
-immediately, without waiting for an "rndc sign" command. (This
-command can still be used for unscheduled key changes, however.)
-
-Using the "auto-dnssec" option requires the zone to be configured to
-allow dynamic updates, by adding an "allow-update" or "update-policy"
-statement to the zone configuration. If this has not been done, the
-configuration will fail.
-
- Private-type records
-
-The state of the signing process is signaled by private-type records
-(with a default type value of 65534). When signing is complete, these
-records will have a nonzero value for the final octet (for those records
-which have a nonzero initial octet).
-
-The private type record format:
-If the first octet is non-zero then the record indicates that the zone needs
-to be signed with the key matching the record, or that all signatures that
-match the record should be removed.
-
- algorithm (octet 1)
- key id in network order (octet 2 and 3)
- removal flag (octet 4)
- complete flag (octet 5)
-
-Only records flagged as "complete" can be removed via dynamic update.
-Attempts to remove other private type records will be silently ignored.
-
-If the first octet is zero (this is a reserved algorithm number
-that should never appear in a DNSKEY record) then the record indicates
-changes to the NSEC3 chains are in progress. The rest of the record
-contains an NSEC3PARAM record. The flag field tells what operation
-to perform based on the flag bits.
-
- 0x01 OPTOUT
- 0x80 CREATE
- 0x40 REMOVE
- 0x20 NONSEC
-
- DNSKEY rollovers via UPDATE
-
-It is possible to perform key rollovers via dynamic update. You need
-to add the K* files for the new keys so that named can find them. You
-can then add the new DNSKEY RRs via dynamic update. Named will then cause
-the zone to be signed with the new keys. When the signing is
-complete the private type records will be updated so that the last
-octet is non zero.
-
-If this is for a KSK you need to inform the parent and any trust
-anchor repositories of the new KSK.
-
-You should then wait for the maximum TTL in the zone before removing the
-old DNSKEY. If it is a KSK that is being updated, you also need to wait
-for the DS RRset in the parent to be updated and its TTL to expire.
-This ensures that all clients will be able to verify at least one
-signature when you remove the old DNSKEY.
-
-The old DNSKEY can be removed via UPDATE. Take care to specify
-the correct key. Named will clean out any signatures generated by
-the old key after the update completes.
-
- NSEC3PARAM rollovers via UPDATE
-
-Add the new NSEC3PARAM record via dynamic update. When the new NSEC3 chain
-has been generated, the NSEC3PARAM flag field will be zero. At this
-point you can remove the old NSEC3PARAM record. The old chain will
-be removed after the update request completes.
-
- Converting from NSEC to NSEC3
-
-To do this, you just need to add an NSEC3PARAM record. When the
-conversion is complete, the NSEC chain will have been removed and
-the NSEC3PARAM record will have a zero flag field. The NSEC3 chain
-will be generated before the NSEC chain is destroyed.
-
- Converting from NSEC3 to NSEC
-
-To do this, remove all NSEC3PARAM records with a zero flag field. The
-NSEC chain will be generated before the NSEC3 chain is removed.
-
- Converting from secure to insecure
-
-To do this, remove all the DNSKEY records. Any NSEC or NSEC3 chains
-will be removed as well, along with associated NSEC3PARAM records.
-This will take place after the update request completes. This
-requires the "dnssec-secure-to-insecure" option to be set to "yes"
-in named.conf.
-
- Periodic re-signing
-
-In any secure zone which supports dynamic updates, named will
-periodically re-sign RRsets which have not been re-signed as
-a result of some update action. The signature lifetimes will
-be adjusted so as to spread the re-sign load over time rather than
-all at once.
-
- NSEC3 and OPTOUT
-
-Named only supports creating new NSEC3 chains where all the NSEC3
-records in the zone have the same OPTOUT state. Named supports
-UPDATES to zones where the NSEC3 records in the chain have mixed
-OPTOUT state. Named does not support changing the OPTOUT state of
-an individual NSEC3 record, the entire chain needs to be changed if
-the OPTOUT state of an individual NSEC3 needs to be changed.
diff -r 544a84297a6b -r 9cfcbea2fd8e external/bsd/bind/dist/README.libdns
--- a/external/bsd/bind/dist/README.libdns Fri Aug 06 10:46:48 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,275 +0,0 @@
-
- BIND-9 DNS Library Support
-
-This version of BIND9 "exports" its internal libraries so that they
-can be used by third-party applications more easily (we call them
-"export" libraries in this document). In addition to all major
-DNS-related APIs BIND9 is currently using, the export libraries
-provide the following features:
-
-- The newly created "DNS client" module. This is a higher level API
- that provides an interface to name resolution, single DNS
- transaction with a particular server, and dynamic update. Regarding
- name resolution, it supports advanced features such as DNSSEC
- validation and caching. This module supports both synchronous and
- asynchronous mode.
-- The new "IRS" (Information Retrieval System) library. It provides
- an interface to parse the traditional resolv.conf file and more
- advanced, DNS-specific configuration file for the rest of this
- package (see the description for the dns.conf file below).
-- As part of the IRS library, newly implemented standard address-name
- mapping functions, getaddrinfo() and getnameinfo(), are provided.
- They use the DNSSEC-aware validating resolver backend, and could use
- other advanced features of the BIND9 libraries such as caching. The
- getaddrinfo() function resolves both A and AAAA RRs concurrently
- (when the address family is unspecified).
-- An experimental framework to support other event libraries than
- BIND9's internal event task system.
-
-* Prerequisite
-
-GNU make is required to build the export libraries (other part of
-BIND9 can still be built with other types of make). In the reminder
-of this document, "make" means GNU make. Note that in some platforms
-you may need to invoke a different command name than "make"
-(e.g. "gmake") to indicate it's GNU make.
-
-* Compilation
-
-1. ./configure --enable-exportlib [other flags]
-2. make
-
-This will create (in addition to usual BIND9 programs) and a separate
-set of libraries under the lib/export directory. For example,
-lib/export/dns/libdns.a is the archive file of the export version of
-the BIND9 DNS library.
-
-Sample application programs using the libraries will also be built
-under the lib/export/samples directory (see below).
-
-* Installation
-
-1. cd lib/export
-2. make install (root privilege is normally required)
- (make install at the top directory will do the same)
-
-This will install library object files under the directory specified
Home |
Main Index |
Thread Index |
Old Index