Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind merge 9.7.0rc1
details: https://anonhg.NetBSD.org/src/rev/1fe34976c3af
branches: trunk
changeset: 750339:1fe34976c3af
user: christos <christos%NetBSD.org@localhost>
date: Sat Dec 26 23:08:21 2009 +0000
description:
merge 9.7.0rc1
diffstat:
external/bsd/bind/dist/NSEC3-NOTES | 148 -
external/bsd/bind/dist/README.idnkit | 112 -
external/bsd/bind/dist/bin/dig/dighost.c | 14 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keyfromlabel.c | 34 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c | 107 +-
external/bsd/bind/dist/bin/dnssec/dnssec-signzone.c | 4 +-
external/bsd/bind/dist/bin/named/named.conf.5 | 16 +-
external/bsd/bind/dist/bin/named/named.conf.docbook | 14 +-
external/bsd/bind/dist/bin/named/named.conf.html | 14 +-
external/bsd/bind/dist/bin/named/server.c | 71 +-
external/bsd/bind/dist/bin/pkcs11/openssl-0.9.8k-patch | 14312 ----------
external/bsd/bind/dist/bin/tools/journalprint.8 | 62 -
external/bsd/bind/dist/bin/tools/journalprint.c | 88 -
external/bsd/bind/dist/bin/tools/journalprint.docbook | 101 -
external/bsd/bind/dist/bin/tools/journalprint.html | 74 -
external/bsd/bind/dist/doc/draft/draft-baba-dnsext-acl-reqts-01.txt | 336 -
external/bsd/bind/dist/doc/draft/draft-daigle-napstr-04.txt | 1232 -
external/bsd/bind/dist/doc/draft/draft-danisch-dns-rr-smtp-03.txt | 1960 -
external/bsd/bind/dist/doc/draft/draft-dnsext-opcode-discover-02.txt | 241 -
external/bsd/bind/dist/doc/draft/draft-dolmatov-dnsext-dnssec-gost-00.txt | 370 -
external/bsd/bind/dist/doc/draft/draft-durand-dnsop-dynreverse-00.txt | 240 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-2929bis-01.txt | 928 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dns-name-p-s-00.txt | 1397 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dns-tcp-requirements-00.txt | 448 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnsproxy-05.txt | 728 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-2535typecode-change-06.txt | 442 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-experiments-03.txt | 840 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-online-signing-02.txt | 616 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-opt-in-07.txt | 896 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-rsasha256-13.txt | 560 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-trans-02.txt | 839 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-ds-sha256-05.txt | 504 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-forgery-resilience-02.txt | 17 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-keyrr-key-signing-flag-12.txt | 560 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-mdns-46.txt | 1801 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-nsid-01.txt | 840 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt | 464 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-07.txt | 580 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc2671bis-edns0-01.txt | 480 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-17.txt | 953 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-signed-nonexistence-requirements-01.txt | 755 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-tkey-renewal-mode-05.txt | 1292 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-trustupdate-threshold-00.txt | 1501 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-trustupdate-timers-05.txt | 729 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-wcard-clarify-10.txt | 1063 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-default-local-zones-05.txt | 672 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-ipv6-dns-configuration-06.txt | 1848 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-ipv6-dns-issues-11.txt | 1682 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-ipv6-transport-guidelines-01.txt | 300 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-key-rollover-requirements-02.txt | 389 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-serverid-06.txt | 618 -
external/bsd/bind/dist/doc/draft/draft-ietf-enum-e164-gstn-np-05.txt | 1588 -
external/bsd/bind/dist/doc/draft/draft-ietf-ipv6-node-requirements-08.txt | 1200 -
external/bsd/bind/dist/doc/draft/draft-ietf-secsh-dns-05.txt | 614 -
external/bsd/bind/dist/doc/draft/draft-ihren-dnsext-threshold-validation-00.txt | 519 -
external/bsd/bind/dist/doc/draft/draft-park-ipv6-extensions-dns-pnp-00.txt | 1830 -
external/bsd/bind/dist/lib/dns/include/dns/rbt.h | 19 +-
external/bsd/bind/dist/lib/dns/include/dns/zone.h | 29 +-
external/bsd/bind/dist/lib/dns/keytable.c | 41 +-
external/bsd/bind/dist/lib/dns/message.c | 53 +-
external/bsd/bind/dist/lib/dns/rbtdb.c | 457 +-
external/bsd/bind/dist/lib/dns/resolver.c | 342 +-
external/bsd/bind/dist/lib/isc/include/isc/types.h | 5 +-
external/bsd/bind/dist/lib/isc/unix/app.c | 18 +-
external/bsd/bind/dist/lib/isc/unix/socket.c | 31 +-
external/bsd/bind/include/config.h | 30 +-
external/bsd/bind/include/dns/code.h | 113 +
external/bsd/bind/include/lwres/netdb.h | 2 +-
external/bsd/bind/include/lwres/platform.h | 2 +-
external/bsd/bind/lib/libbind9/shlib_version | 4 +-
external/bsd/bind/lib/libdns/shlib_version | 4 +-
external/bsd/bind/lib/libisc/shlib_version | 4 +-
external/bsd/bind/lib/libisccc/shlib_version | 4 +-
external/bsd/bind/lib/libisccfg/shlib_version | 4 +-
external/bsd/bind/lib/liblwres/shlib_version | 4 +-
75 files changed, 1128 insertions(+), 50081 deletions(-)
diffs (truncated from 52896 to 300 lines):
diff -r 913746230a78 -r 1fe34976c3af external/bsd/bind/dist/NSEC3-NOTES
--- a/external/bsd/bind/dist/NSEC3-NOTES Sat Dec 26 22:18:13 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,148 +0,0 @@
-
- DNSSEC and UPDATE
-
- Converting from insecure to secure
-
-As of BIND 9.6.0 it is possible to move a zone between being insecure
-to secure and back again. A secure zone can be using NSEC or NSEC3.
-
-To move a zone from insecure to secure you need to configure named
-so that it can see the K* files which contain the public and private
-parts of the keys that will be used to sign the zone. These files
-will have been generated by dnssec-keygen. You can do this by
-placing them in the key-directory as specified in named.conf.
-
- zone example.net {
- type master;
- allow-update { .... };
- file "dynamic/example.net/example.net";
- key-directory "dynamic/example.net";
- };
-
-Assuming one KSK and one ZSK DNSKEY key have been generated. Then
-this will cause the zone to be signed with the ZSK and the DNSKEY
-RRset to be signed with the KSK DNSKEY. A NSEC chain will also be
-generated as part of the initial signing process.
-
- % nsupdate
- > ttl 3600
- > update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
- > update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
- > send
-
-While the update request will complete almost immediately the zone
-will not be completely signed until named has had time to walk the
-zone and generate the NSEC and RRSIG records. The NSEC record at the
-apex will be added last to signal that there is a complete NSEC chain.
-Additionally when the zone is fully signed the private type (default
-TYPE65534) records will have a non zero value for the final octet for
-those record with a none zero initial octet.
-
-The private type record format:
-If the first octet is non-zero then the record indicates that the zone needs
-to be signed with the key matching the record or that all signatures that
-match the record should be removed.
-
- algorithm (octet 1)
- key id in network order (octet 2 and 3)
- removal flag (octet 4)
- complete flag (octet 5)
-
-Only records with the complete flag set can be removed via nsupdate.
-Attempts to remove other private type records will be silently ignored.
-
-If the first octet is zero (this is a reserved algorithm number
-that should never appear in a DNSKEY record) then the record indicates
-changes to the NSEC3 chains are in progress. The rest of the record
-contains a NSEC3PARAM record. The flag field tells what operation
-to perform based on the flag bits.
-
- 0x01 OPTOUT
- 0x80 CREATE
- 0x40 REMOVE
- 0x20 NONSEC
-
-If you wish to go straight to a secure zone using NSEC3 you should
-also add a NSECPARAM record to the update request with the flags
-field set to indicate whether the NSEC3 chain will have the OPTOUT
-bit set or not.
-
- % nsupdate
- > ttl 3600
- > update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
- > update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
- > update add example.net NSEC3PARAM 1 1 100 1234567890
- > send
-
-Again the update request will complete almost immediately however
-the record won't show up or be deleted until named has had a chance
-to build/remove the relevent chain. A private type record will be
-created to record the operatation and will be removed once the
-operation completes.
-
-While the initial signing and NSEC/NSEC3 chain generation is happening
-other updates are possible.
-
- DNSKEY roll overs via UPDATE
-
-It is possible to perform key rollovers via update. You need to
-add the K* files for the new keys so that named can find them. You
-can then add the new DNSKEY RRs via update. Named will then cause
-the zone to be signed with the new keys. When the signing is
-complete the private type records will be updated so that the last
-octet is non zero.
-
-If this is for a KSK you need to inform the parent and any trust
-anchor repositories of the new KSK.
-
-You should then wait for the maximum TLL in the zone before removing the
-old DNSKEY. If it is a KSK that is being updated you also need to wait
-for the DS RRset in the parent to be updated and its TTL to expire.
-This ensures that all clients will be able to verify at least a signature
-when you remove the old DNSKEY.
-
-The old DNSKEY can be removed via UPDATE. Take care to specify
-the correct key. Named will clean out any signatures generated by
-the old key after the update completes.
-
- NSEC3PARAM rollovers via UPDATE.
-
-Add the new NSEC3PARAM record via update. When the new NSEC3 chain
-has been generated the NSEC3PARAM flag field will be zero. At this
-point you can remove the old NSEC3PARAM record. The old chain will
-be removed after the update request completes.
-
- Converting from NSEC to NSEC3
-
-To do this you just need to add a NSEC3PARAM record. When the
-conversion is complete the NSEC chain will have been removed and
-the NSEC3PARAM record will have a zero flag field. The NSEC3 chain
-will be generated before the NSEC chain is destroyed.
-
- Converting from NSEC3 to NSEC
-
-To do this remove all NSEC3PARAM records with a zero flag field. The
-NSEC chain will be generated before the NSEC3 chain is removed.
-
- Converting from secure to insecure
-
-To do this remove all the DNSKEY records. Any NSEC or NSEC3 chains
-will be removed as well as associated NSEC3PARAM records. This will
-take place after the update requests completes. This requires
-secure-to-insecure to be set in named.conf.
-
- Periodic re-signing.
-
-Named will periodically re-sign RRsets which have not been re-signed
-as a result of some update action. The signature lifetimes will
-be adjusted so as to spread the re-sign load over time rather than
-all at once.
-
- NSEC3 and OPTOUT
-
-Named only supports creating new NSEC3 chains where all the NSEC3
-records in the zone have the same OPTOUT state. Named supports
-UPDATES to zones where the NSEC3 records in the chain have mixed
-OPTOUT state. Named does not support changing the OPTOUT state of
-an individual NSEC3 record, the entire chain needs to be changed if
-the OPTOUT state of an individual NSEC3 needs to be changed.
diff -r 913746230a78 -r 1fe34976c3af external/bsd/bind/dist/README.idnkit
--- a/external/bsd/bind/dist/README.idnkit Sat Dec 26 22:18:13 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,112 +0,0 @@
-
- BIND-9 IDN patch
-
- Japan Network Information Center (JPNIC)
-
-
-* What is this patch for?
-
-This patch adds internationalized domain name (IDN) support to BIND-9.
-You'll get internationalized version of dig/host/nslookup commands.
-
- + internationalized dig/host/nslookup
- dig/host/nslookup accepts non-ASCII domain names in the local
- codeset (such as Shift JIS, Big5 or ISO8859-1) determined by
- the locale information. The domain names are normalized and
- converted to the encoding on the DNS protocol, and sent to DNS
- servers. The replies are converted back to the local codeset
- and displayed.
-
-
-* Compilation & installation
-
-0. Prerequisite
-
-You have to build and install idnkit before building this patched version
-of bind-9.
-
-1. Running configure script
-
-Run `configure' in the top directory. See `README' for the
-configuration options.
-
-This patch adds the following 4 options to `configure'. You should
-at least specify `--with-idn' option to enable IDN support.
-
- --with-idn[=IDN_PREFIX]
- To enable IDN support, you have to specify `--with-idn' option.
- The argument IDN_PREFIX is the install prefix of idnkit. If
- IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX')
- is assumed.
-
- --with-libiconv[=LIBICONV_PREFIX]
- Specify this option if idnkit you have installed links GNU
- libiconv. The argument LIBICONV_PREFIX is install prefix of
- GNU libiconv. If the argument is omitted, PREFIX (derived
- from `--prefix=PREFIX') is assumed.
-
- `--with-libiconv' is shorthand option for GNU libiconv.
-
- --with-libiconv=/usr/local
-
- This is equivalent to:
-
- --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv'
-
- `--with-libiconv' assumes that your C compiler has `-R'
- option, and that the option adds the specified run-time path
- to an executable binary. If `-R' option of your compiler has
- different meaning, or your compiler lacks the option, you
- should use `--with-iconv' option instead. Binary command
- without run-time path information might be unexecutable.
- In that case, you would see an error message like:
-
- error in loading shared libraries: libiconv.so.2: cannot
- open shared object file
-
- If both `--with-libiconv' and `--with-iconv' options are
- specified, `--with-iconv' is prior to `--with-libiconv'.
-
- --with-iconv=ICONV_LIBSPEC
- If your libc doesn't provide iconv(), you need to specify the
- library containing iconv() with this option. `ICONV_LIBSPEC'
- is the argument(s) to `cc' or `ld' to link the library, for
- example, `--with-iconv="-L/usr/local/lib -liconv"'.
- You don't need to specify the header file directory for "iconv.h"
- to the compiler, as it isn't included directly by bind-9 with
- this patch.
-
- --with-idnlib=IDN_LIBSPEC
- With this option, you can explicitly specify the argument(s)
- to `cc' or `ld' to link the idnkit's library, `libidnkit'. If
- this option is not specified, `-L${PREFIX}/lib -lidnkit' is
- assumed, where ${PREFIX} is the installation prefix specified
- with `--with-idn' option above. You may need to use this
- option to specify extra arguments, for example,
- `--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
-
-Please consult `README' for other configuration options.
-
-Note that if you want to specify some extra header file directories,
-you should use the environment variable STD_CINCLUDES instead of
-CFLAGS, as described in README.
-
-2. Compilation and installation
-
-After running "configure", just do
-
- make
- make install
-
-for compiling and installing.
-
-
-* Contact information
-
-Please see http//www.nic.ad.jp/en/idn/ for the latest news
-about idnkit and this patch.
-
-Bug reports and comments on this kit should be sent to
-mdnkit-bugs%nic.ad.jp@localhost and idn-cmt%nic.ad.jp@localhost, respectively.
-
-; Id: README.idnkit,v 1.3 2009/01/17 09:43:50 fdupont Exp
diff -r 913746230a78 -r 1fe34976c3af external/bsd/bind/dist/bin/dig/dighost.c
--- a/external/bsd/bind/dist/bin/dig/dighost.c Sat Dec 26 22:18:13 2009 +0000
+++ b/external/bsd/bind/dist/bin/dig/dighost.c Sat Dec 26 23:08:21 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dighost.c,v 1.3 2009/10/25 00:14:31 christos Exp $ */
+/* $NetBSD: dighost.c,v 1.4 2009/12/26 23:08:21 christos Exp $ */
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: dighost.c,v 1.326 2009/09/15 23:48:09 tbox Exp */
+/* Id: dighost.c,v 1.328 2009/11/10 17:27:40 each Exp */
/*! \file
* \note
@@ -2584,11 +2584,9 @@
if (!l->tcp_mode)
send_udp(ISC_LIST_NEXT(cq, link));
else {
- isc_socket_cancel(query->sock, NULL,
- ISC_SOCKCANCEL_ALL);
- isc_socket_detach(&query->sock);
- sockcount--;
- debug("sockcount=%d", sockcount);
+ if (query->sock != NULL)
+ isc_socket_cancel(query->sock, NULL,
+ ISC_SOCKCANCEL_ALL);
send_tcp_connect(ISC_LIST_NEXT(cq, link));
}
Home |
Main Index |
Thread Index |
Old Index