Files gone from 8.2.2.p5

4 files changed, 0 insertions, 491 deletions

diff --git a/contrib/bind/doc/secure/copyright.txt b/contrib/bind/doc/secure/copyright.txt
deleted file mode 100644
index cc38356..0000000
--- a/contrib/bind/doc/secure/copyright.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Portions Copyright (c) 1995,1996 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TRUSTED INFORMATION 
- * SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- *
- * Trusted Information Systems, Inc. has received approval from the
- * United States Government for export and reexport of TIS/DNSSEC
- * software from the United States of America under the provisions of
- * the Export Administration Regulations (EAR) General Software Note
- * (GSN) license exception for mass market software.  Under the
- * provisions of this license, this software may be exported or
- * reexported to all destinations except for the embargoed countries of
- * Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.  Any export
- * or reexport of TIS/DNSSEC software to the embargoed countries
- * requires additional, specific licensing approval from the United
- * States Government. 
- */
diff --git a/contrib/bind/doc/secure/install.txt b/contrib/bind/doc/secure/install.txt
deleted file mode 100644
index bb5bc94..0000000
--- a/contrib/bind/doc/secure/install.txt
+++ /dev/null
@@ -1,155 +0,0 @@
-
-INSTALL_SEC
-
-		 Bind with Secure DNS (TIS/DNSSEC)
-			Version 1.3.0 Beta
-			  September 1996
-
-This version has been compiled and tested on SUNOS 4.1.3,
-FreeBSD-2.1.5-REL and Linux 2.0.11.
-There may be still be portability problems. 
-If you have access to other hardware platforms please let us know if
-there are any problems porting and send us patches, to include in
-future releases. 
-
-This version of secure Bind uses RSAREF-2.0 library from RSA,
-First you should get/read the RSAREF FAQ 
-		http://www.consensus.com/rsaref-faq.html
-Then you can copy RSAREF from 
-		ftp://ftp.rsa.com/rsaref/README
-
-You need to read this README file carefully for further instructions.
-
-Installation: (this version is based on 4.9.4-REL-P1). 
-
-1. The tar ball will create a directory sec_bind in the current	directory 
-	untar the archive
-	The content of the sec_bind directory has the same directory 
-	structure as bind distribution with the addition of the directories 
-	dnssec_lib/ and signer/, some named directories have been 
-	deleted from the distribution. 
-
-	dnssec_lib/ contains the library files for signature generation 
-	signer/     contains tools for signing bind boot files and 
-	            generating keys.  
-
-	In addition, there is a new file, "res/res_sign.c", which 
-	contains library routines that are required in the resolver
-	for displaying new RR types. 
-
-	You need to tailor sec_bind/Makefile to your system as you do
-	with bind distributions.  
-
-	The sec_bind distribution expects to find RSAREF in the
-	rsaref/ subdirectory. If you install RSAREF in a different
-	place you can place a pointer to the RSAREF installation
-	directory in place of sec_bind/rsaref. 
-
-	sec_bind/Makefile expects to find the RSAREF library file
-	at  sec_bind/rsaref/lib/rsaref.a. The RSAREF distribution 
-	does not contain that directory. If you are installing RSAREF
-	for the first time create that directory copy the correct
-	Makefile from the appropriate rsaref/install/ subdirectory.  
-	Sec_bind will compile RSAREF for you. 	
-
-	We recommend that you use an ANSI C compliant compiler to
-	compile this distribution. 
-
-2. Follow Bind installation guidelines on your system 
-
-	Set your normal configuration in conf/options.h with the
-	following exceptions/additions:
-		ROUND_ROBIN  must be OFF  (for right now)
-		DNS_SECURITY must be ON 
-		RSAREF       must be ON if you have a copy of RSAREF.
-	This version of sec_bind does not work well without RSAREF. 
-
-3. make
-	If you are going to use make install everything will work right 
-	out of the box. If you are going to run programs out of the
-	sec_bind directory you need to set the DESTEXEC variables
-	accordingly. 
-
-4. Once everything compiles you can run the simple test that is include in
-	the distribution. 
-	
-	First you need to edit the file signer/simple_test/test.boot to
-	set directory directive to the full path of the directory this
-	file is in.
-
-	Now the signer program can be run to sign the simple_test data.
-	The signed zone will be	written to /tmp
-		% cd sec_bind/signer
-		% make test
-	The passwords for the keys in the distribution are:
-		Key:			Password:
-		foo.bar			foo.bar
-		mobile.foo.bar		mobile
-		fix.foo.bar		fix.foo.bar
-		sub.foo.bar		sub.foo.bar
-		some.bar		some.bar
-
-	Notice the differences between simple_test/test.boot and
-	/tmp/test.boot. The pubkey directive are required for correct
-	behavior of new named.  	
-
-	To check the if named can read the new zone files and verify
-	the signatures run following commands 
-		% cd ../named
-		% make test
-
-	Exit/error code 66 indicates that program completed normally
-	in "load-only" mode (new -l flag).  
-
-	If you want to load up named run same command as make test does 
-	without -l flag. (the -d 3 flag is to make sure the process
-	does not do a fork). 
-		% ./named -p 12345 -b /tmp/test.boot  -d 3
-	
-		% cd ../tools
-		% ./dig @localhost snore.foo.bar. -p 12345
-	This should return an A record + SIG(A) record 
-		% ./dig @localhost no_such_name.foo.bar. -p 12345
-	This should return a NXT record +SIG(NXT) for *.foo.bar.
-
-	You can also test against our nameserver for zone sd-bogus.tis.com
-		the host is uranus.hq.tis.com(192.94.214.95)
-		% ./dig @uranus.hq.tis.com sd-bogus.tis.com. soa 
-	will return the SOA and SIG(SOA) + KEY
-		% ./dig @uranus.hq.tis.com sd-bogus.tis.com. mb    
-	will return NXT   for sd-bogus.tis.com
-		% ./dig @uranus.hq.tis.com foo.sd-bogus.tis.com. ns 
-	will NS +KEY for foo.sd-bog.tis.com. 
-
-5. Converting your setup to secure DNS zones. 
-	need to create a key for your zone.
-	If you have a copy of the last release of sec_bind the key file 
-	format has changed and you need to regenerate all your keys, Sorry.
-	The new format for private key files is portable between
-	different architectures and operating systems, the encryption
-	of the key file is compatible with the des program.
-	
-	To generate key use sec_bind/signer/key_gen.  To generate zone key
-	for name you.bar, with 512 bit modulus and exponent of 3, 
-	execute following command
-
-		% cd signer
-		% ./key_gen -z -g 512 you.bar
-
-	key_gen will ask for an encryption password for the private
-	key file, if you do not want to encrypt the key hit <Return>.
-	The program will output resource record suitable for zone file.
-	key_gen creates two files you.bar.priv and foo.bar.public. 
-
-	If you want, at any time, to display the public key for foo.bar
-	run key_gen without the -g flag or cat file foo.bar.public. 
-	key_gen without any flags will print out the usage information.  
-	key_gen has extensive error checking on flags.
-
-	To modify the flags field for an existing key run key_gen with
-	the new flags but without the -g flag. 
-	
-	Note: The key above is suitable for signing records but not for
-	encrypting data.
-
-6. Send problems, fixes and suggestions to dns-security@tis.com. 
diff --git a/contrib/bind/doc/secure/readme.txt b/contrib/bind/doc/secure/readme.txt
deleted file mode 100644
index d7b422a..0000000
--- a/contrib/bind/doc/secure/readme.txt
+++ /dev/null
@@ -1,93 +0,0 @@
-
-			Secure DNS (TIS/DNSSEC)
-			    September 1996
-
-Copyright (C) 1995,1996 Trusted Information Systems, Incorporated
-
-Trusted Information Systems, Inc. has received approval from the
-United States Government for export and reexport of TIS/DNSSEC
-software from the United States of America under the provisions of
-the Export Administration Regulations (EAR) General Software Note
-(GSN) license exception for mass market software.  Under the
-provisions of this license, this software may be exported or
-reexported to all destinations except for the embargoed countries of
-Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.  Any export
-or reexport of TIS/DNSSEC software to the embargoed countries
-requires additional, specific licensing approval from the United
-States Government.
-
-Trusted Information Systems, Inc., is pleased to
-provide a reference implementation of the secure Domain Name System
-(TIS/DNSSEC).  In order to foster acceptance of secure DNS and provide
-the community with a usable, working version of this technology,
-TIS/DNSSEC is being made available for broad use on the following basis.
-
-- Trusted Information Systems makes no representation about the
-  suitability of this software for any purpose.  It is provided "as is"
-  without express or implied warranty.
-
-- TIS/DNSSEC is distributed in source code form, with all modules written
-  in the C programming language.  It runs on many UNIX derived platforms
-  and is integrated with the Bind implementation of the DNS protocol.
-
-- This beta version of TIS/DNSSEC may be used, copied, and modified for
-  testing and evaluation purposes without fee during the beta test
-  period, provided that this notice appears in supporting documentation
-  and is retained in all software modules in which it appears.  Any other
-  use requires specific, written prior permission from Trusted Information
-  Systems.
-
-TIS maintains the email distribution list dns-security@tis.com for
-discussion of secure DNS.  To join, send email to
-	dns-security-request@tis.com.
-
-TIS/DNSSEC technical questions and bug reports should be addressed to
-	dns-security@tis.com. 
-
-To reach the maintainers of TIS/DNSSEC send mail to
-	tisdnssec-support@tis.com
-
-TIS/DNSSEC is a product of Trusted Information Systems, Inc.
-
-This is an beta version of Bind with secure DNS extensions it uses 
-RSAREF which you must obtain separately.
-
-Implemented and tested in this version:
-	Portable key storage format. 
-	Improved authentication API 
-	Support for using different authentication packages.
-	All Security RRs including KEY SIG, NXT, and support for wild cards
-	tool for generating KEYs 
-	tool for signing RRs in boot files
-	verification of RRs on load 
-	verification of RRs over the wire
-	transmission of SIG RRs
-	returns NXT when name and/or type does not exist
-	storage of NXT, KEY, and SIG RRs with CNAME RR
-	AD/ID bits added to header and setting of these bits
-	key storage and retrieval
-	dig and nslookup can display new header bits and RRs
-	AXFR signature RR
-	keyfile directive 
-	$SIGNER directive (to turn on and off signing)
-	adding KEY to answers with NS or SOA
-	SOA sequence numbers are now set each time zone is signed
-	SIG AXFR ignores label count of names
-	generation and inclusion of .PARENT files
-	Returns only one NXT at delegation points unless two are required
-	Expired SIG records are now returned in response to query
-	
-Implemented but not fully tested:
-
-Known bugs:
-	
-Not implemented:
-	ROUND_ROBIN behaviour 
-	zone transfer in SIG(AXFR) sort order. 
-	transaction SIGs
-	verification in resolver. (stub resolvers must trust local servers
-		resolver library is to low level to implement security)
-	knowing when to trust the AD bit in responses
-
-Read files INSTALL_SEC and USAGE_SEC for installation and user
-instructions, respectively.
diff --git a/contrib/bind/doc/secure/usage.txt b/contrib/bind/doc/secure/usage.txt
deleted file mode 100644
index aa8eebc..0000000
--- a/contrib/bind/doc/secure/usage.txt
+++ /dev/null
@@ -1,215 +0,0 @@
-
-			   USAGE_SEC
-			Secure DNS (TIS/DNSSEC)
-			   September 1996
-
-This is the usage documentation for TIS' Secure DNS (TIS/DNSSEC) version
-BETA-1.3.  This looks like a standard named distribution, with
-the following exceptions
-
-	this version is coded against BIND-4.9.4-P1
-
-	there are three new directories in this distribution
-		dnssec_lib
-		signer
-		rsaref
-		
-
-	rsaref/ is place holder directory for RSAREF distribution.
-	You must get RSAREF on your own. 
-
-	signer/  contains two applications needed by DNSSEC: 
-		signer:  tool to sign zones
-		key_gen: tool to generate keys
-	dnssec_lib/ contains common library routines that are used by
-		named, key_gen and signer. 
-		This is where most of the DNSSEC work is done. 
-
-Before compiling you need to do your standard configurations for named
-and the edits explained in INSTALL_SEC.  This version has been tested
-on SUNOS4.1.3. This version includes portability fixes from previous
-beta releases for Linux, Solaris-2.4, HPUX-9 and FreeBSD.
-
-CHANGES TO BIND
-
-res/
-
-	There are minor changes to the files in the res directory.  Most of
-	the changes have to do with displaying NXT
-	records. There are also some changes related to translating
-	domain names into uncompressed lower case names upon request.
-
-tools/
-	Minor changes to recognize NXT records and display them.
-
-named/
-	Added code to read and write new record types. 
-	Added code to do signature validation on read. 
-	Added code to return appropriate SIG records.
-	Added security flags to databuf and zoneinfo structures. 
-	Names can now have CNAME record and security RR's. 
-	Records are stored and transmitted in DNS SEC sort order.
-
-conf/
-
-	Turned off ROUND_ROBIN option and installed new sorting required
-	for signature verification. 
-
-signer/
-	NXT record generation.
-	Key generation
-	Signing of zones
-	Converting data records to format required for signatures.
-
-dnssec_lib/
-	Interfacing with Crypto library.
-	Verifying signatures, 
-	preparing data for signing and verification
-
-The role of <zone>.PARENT files:
-
-DNSSEC specification requires change who is authorative for certain
-resource records. In order to support certification hierarchy each
-zone KEY RR must be signed by parent zone. The parent signed KEY RR
-must be distributed by the zone itself as it is the most authorative
-for its own records. 
-
-To facilitate this TIS/DNSSEC signer program creates a <name>.PARENT
-file for every name in a zone that has a NS record. This file contains
-the KEY records stored under this name and 
-NXT record and corresponding SIG records. If no KEY record is found
-for a name with a NS record a NULL-KEY record is generated to indicate
-that the child is INSECURE. 
-
-Each <zone>.PARENT file must be sent via an out of band mechanism to
-the appropriate primary for the zone, for inclusion.  signer program
-adds an $INCLUDE <zone>.PARENT command at the end of each zone file,
-if no file exists an warning message is printed.
-
-Potential PROBLEM: It is likely that the parent and child are on a
-different signing schedule. If new <zone>.PARENT file is put on the
-primary, due to the fact that the zone data changed but the SOA did
-not, it may take a long time for new records to propagate to the
-secondaries.  This is only a problem if zone has added/deleted a KEY
-or if the the signatures will expire in the near future. To overcome
-this problem, resign your zone when any of above conditions is true.
-DNS NOTIFY and/or DNS DYNUPDATE may fix this problem in the future.
-
-TIS/DNSSEC SOA serial numbers. To facilitate prompt distribution of
-zone data to secondaries, signer takes over the management of SOA
-serial numbers. Each time signer signs a zone it sets the serial
-number to a value reflecting the time the zone was signed, in standard
-Unix time seconds since 1970/1/1 0:0:0 GMT.
-
-How to configure a secure zone. 
-	Create a directory <zone> to contain your zone files.
-	Create a output directory <outdir> for the signer output.
-	Put in <zone> a boot file that includes the files from that zone.
-	Create a KEY for the zone by running key_gen, Name the key <domain>.
-
-	Run signer on your zone writing to the output directory <outdir>. 
-	Signer will rewrite the boot file to include new directive 
-		"pubkey" of the key used to sign the file. If there where
-		any pubkey declarations in the input boot file they will be
-		deleted. 
-	Signer generates files that correspond to the load files specified.
-
-	In case of load file that $INCLUDEs another load file, signer will 
-		merge them to the output file. 
-	You will notice that the output files are significantly larger. 
-	The output files will be in a different order than the input files,
-		all records are sorted into DNSSEC sort order. 
-	NXT and SIG records have been added. 
-
-	If there are any NS records for a name other than the zone name of
-		each input file you will see messages that NULL KEY records 
-		have been created, if this is not correct behavior, add 
-		the correct KEY RRs.
-	For each domain name that has a NS record but is not a zone name 
-		of load file you will see a file named  <name>.PARENT, 
-		this file contains the KEY record for that name and an 
-		NXT record + 2 SIG records. 
-	This file needs to be sent to the nameserver that is primary for that
-		zone. There are two reasons for this: 
-		1. To support Certification Hierarchy, each zone key is 
-	        signed by the parent zone key. 
-		2. Zone is the most trustworthy source for itself unless 
-		these records are loaded into the primary server for
-		the zone, the records may not get propagated.
-
-how to run SEC_NAMED:
-
-Included in the distribution there is a small test setup:
-
-# run signer 
-./signer boot-f simple_test/test.boot [out-dir /tmp] 
-# or 
-make test
-# This takes few minutes to run depending on your machine and the size
-# of the key selected 
-# all output files will be stored in /tmp unless out-dir is specified
-
-# 
-# Now we are ready to run named 
-cd ../named
-./named -p 12345 -b /tmp/test.boot.save [-d x] 
-
-# 
-# you can now check for data in the data base
-# using the new dig. 
-#
-cd ../tools
-./dig @yourhost snore.foo.bar. any in -p 12345 
-
-#
-# Output from new dig will be something like this
-#
-; <<>> DiG 2.1 <<>> @dnssrv snore.foo.bar. any in -p 
-; (1 server found)
-;; res options: init recurs defnam dnsrch
-;; got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
-;; flags: qr rd ra; Ques: 1, Ans: 11, Auth: 0, Addit: 1
-;; QUESTIONS:
-;;      snore.foo.bar, type = ANY, class = IN
-
-;; ANSWERS:
-snore.foo.bar.  259200  A       10.17.3.20
-snore.foo.bar.  259200  SIG     A (
-                 1 3; alg labels
-        259200  ; TTL
-        19950506200636  ; Signature expiration
-        19950406200659  ; time signed 
-        47437   ; Key foot print
-        foo.bar.        ; Signers name  
-                FsqeW3hstM8Q6v8PMCGPsVMfO6dEpHjFgKm2dJRaofFtCQ/CT9O6Vo7J5zgkV+5ciWQwuZwvzW071jnZ1i27Ip/8vqdKGHC63tjWkCHSZV0=
-        ) ; END Signature
-snore.foo.bar.  259200  MX      96 who.foo.bar.
-snore.foo.bar.  259200  MX      100 foo.bar.
-snore.foo.bar.  259200  MX      120 xxx.foo.bar.
-snore.foo.bar.  259200  MX      130 maGellan.foo.bar.
-snore.foo.bar.  259200  MX      140 bozo.foo.bar.
-snore.foo.bar.  259200  SIG     MX (
-                 1 3; alg labels
-        259200  ; TTL
-        19950506200636  ; Signature expiration
-        19950406200659  ; time signed 
-        47437   ; Key foot print
-        foo.bar.        ; Signers name
-                EV0cJqF3pUOgktggTrFf55YGwQFbUqPJAMTnAkHK3+Z/Ya6GgwwNOGRzq/FYm5P4E+yIj6WUYFh9Ex5eX5TwiIsjM/hy173lSa3qm/ljDk8=
-        ) ; END Signature
-snore.foo.bar.  259200  NXT     xxx.foo.bar.
-snore.foo.bar.  259200  SIG     NXT (
-                 1 3; alg labels
-        259200  ; TTL
-        19950506200636  ; Signature expiration
-        19950406200659  ; time signed 
-        47437   ; Key foot print
-        foo.bar.        ; Signers name
-                eJUHVm5Q5qYQYFVOW0L5Of67HQvQ9+7T7sQqHv7ayTT2sMnXudxviYv43vALMMwBcJFXFEhLhwYwN7pUDssD/w5si/6JJQTi1o30S8si3zE=
-        ) ; END Signature
-
-;; Total query time: 195 msec
-;; FROM: dnssrv to SERVER: dnssrv  10.17.3.1
-;; WHEN: Thu Apr  6 16:20:32 1995
-;; MSG SIZE  sent: 31  rcvd: 662