Update Bind to 9.9.3-P2

Notable new features: * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] * The new "inline-signing" option, in combination with the "auto-dnssec" option that was introduced in BIND 9.7, allows named to sign zones completely transparently. Approved by: delphij (mentor) MFC after: 3 days Sponsored by: DK Hostmaster A/S
author: erwin <erwin@FreeBSD.org> 2013-08-22 08:15:03 +0000
committer: erwin <erwin@FreeBSD.org> 2013-08-22 08:15:03 +0000
commit: 6a288ef517fece2ca5a21d081efd7b4a81da0053 (patch)
tree: 37271fd86c9be9a6bab12a7aebd85ccfbb8a7b62 /lib
parent: 0b46e38a09fbccfdfd7bca0f387c66b2c64fa5b6 (diff)
parent: f32b4abce98c97ee6e51b7aa8f8fde6e4cab7f28 (diff)
download: FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.zip
FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.tar.gz
5 files changed, 74 insertions, 88 deletions
diff --git a/lib/bind/config.h b/lib/bind/config.h
index d743db2..d720a77 100644
--- a/lib/bind/config.h
+++ b/lib/bind/config.h
@@ -288,6 +288,9 @@ int sigwait(const unsigned int *set, int *sig);
 
 /* Define if your OpenSSL version supports GOST. */
 /* #undef HAVE_OPENSSL_GOST */
+
+/* Define to 1 if you have the `readline' function. */
+#define HAVE_READLINE 1
  
 /* Define to 1 if you have the <regex.h> header file. */
 #define HAVE_REGEX_H 1
@@ -361,6 +364,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <unistd.h> header file. */
 #define HAVE_UNISTD_H 1
 
+/* Define to 1 if you have the `usleep' function. */
+#define HAVE_USLEEP 1
+
 /* return type of gai_strerror */
 #define IRS_GAISTRERROR_RETURN_T const char *
 
@@ -384,6 +390,9 @@ int sigwait(const unsigned int *set, int *sig);
    */
 /* #undef NEED_SECURE_DIRECTORY */
 
+/* Use the new XML schema for statistics */
+/* #undef NEWSTATS */
+
 /* Define to the address where bug reports for this package should be sent. */
 #define PACKAGE_BUGREPORT ""
 
diff --git a/lib/bind/dns/Makefile b/lib/bind/dns/Makefile
index 89dfd40..01925b7 100644
--- a/lib/bind/dns/Makefile
+++ b/lib/bind/dns/Makefile
@@ -13,7 +13,7 @@ LIB=		dns
 
 .PATH:		${SRCDIR}
 SRCS+=		acache.c acl.c adb.c byaddr.c \
-		cache.c callbacks.c compress.c \
+		cache.c callbacks.c clientinfo.c compress.c \
 		db.c dbiterator.c dbtable.c diff.c dispatch.c \
 		dlz.c dns64.c dnssec.c ds.c \
 		dst_api.c dst_lib.c dst_parse.c dst_result.c \
@@ -33,7 +33,7 @@ SRCS+=		acache.c acl.c adb.c byaddr.c \
 		resolver.c result.c rootns.c rpz.c rriterator.c \
 		sdb.c sdlz.c soa.c ssu.c ssu_external.c \
 		stats.c tcpmsg.c time.c timer.c tkey.c \
-		tsec.c tsig.c ttl.c validator.c \
+		tsec.c tsig.c ttl.c update.c validator.c \
 		version.c view.c xfrin.c zone.c zonekey.c zt.c
 
 CFLAGS+=	-I${SRCDIR}/include/dst -I${SRCDIR}/include -I${SRCDIR}
@@ -52,6 +52,7 @@ DNSINCS=	${SRCDIR}/include/dns/acache.h \
 		${SRCDIR}/include/dns/cache.h \
 		${SRCDIR}/include/dns/callbacks.h \
 		${SRCDIR}/include/dns/cert.h \
+		${SRCDIR}/include/dns/clientinfo.h \
 		${SRCDIR}/include/dns/compress.h \
 		${SRCDIR}/include/dns/db.h \
 		${SRCDIR}/include/dns/dbiterator.h \
@@ -111,6 +112,7 @@ DNSINCS=	${SRCDIR}/include/dns/acache.h \
 		${SRCDIR}/include/dns/tsig.h \
 		${SRCDIR}/include/dns/ttl.h \
 		${SRCDIR}/include/dns/types.h \
+		${SRCDIR}/include/dns/update.h \
 		${SRCDIR}/include/dns/validator.h \
 		${SRCDIR}/include/dns/version.h \
 		${SRCDIR}/include/dns/view.h \
diff --git a/lib/bind/dns/code.h b/lib/bind/dns/code.h
index b8a5ae3..4626017 100644
--- a/lib/bind/dns/code.h
+++ b/lib/bind/dns/code.h
@@ -67,7 +67,7 @@
 #include "rdata/generic/loc_29.c"
 #include "rdata/generic/nxt_30.c"
 #include "rdata/in_1/srv_33.c"
-#include "rdata/in_1/naptr_35.c"
+#include "rdata/generic/naptr_35.c"
 #include "rdata/in_1/kx_36.c"
 #include "rdata/generic/cert_37.c"
 #include "rdata/in_1/a6_38.c"
@@ -164,11 +164,7 @@
 		default: result = DNS_R_UNKNOWN; break; \
 		} \
 		break; \
-	case 35: switch (rdclass) { \
-		case 1: result = fromtext_in_naptr(rdclass, type, lexer, origin, options, target, callbacks); break; \
-		default: result = DNS_R_UNKNOWN; break; \
-		} \
-		break; \
+	case 35: result = fromtext_naptr(rdclass, type, lexer, origin, options, target, callbacks); break; \
 	case 36: switch (rdclass) { \
 		case 1: result = fromtext_in_kx(rdclass, type, lexer, origin, options, target, callbacks); break; \
 		default: result = DNS_R_UNKNOWN; break; \
@@ -285,11 +281,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata->rdclass) { \
-		case 1: result = totext_in_naptr(rdata, tctx, target); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = totext_naptr(rdata, tctx, target); break; \
 	case 36: switch (rdata->rdclass) { \
 		case 1: result = totext_in_kx(rdata, tctx, target); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -406,11 +398,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdclass) { \
-		case 1: result = fromwire_in_naptr(rdclass, type, source, dctx, options, target); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = fromwire_naptr(rdclass, type, source, dctx, options, target); break; \
 	case 36: switch (rdclass) { \
 		case 1: result = fromwire_in_kx(rdclass, type, source, dctx, options, target); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -527,11 +515,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata->rdclass) { \
-		case 1: result = towire_in_naptr(rdata, cctx, target); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = towire_naptr(rdata, cctx, target); break; \
 	case 36: switch (rdata->rdclass) { \
 		case 1: result = towire_in_kx(rdata, cctx, target); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -648,11 +632,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata1->rdclass) { \
-		case 1: result = compare_in_naptr(rdata1, rdata2); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = compare_naptr(rdata1, rdata2); break; \
 	case 36: switch (rdata1->rdclass) { \
 		case 1: result = compare_in_kx(rdata1, rdata2); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -769,11 +749,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata1->rdclass) { \
-		case 1: result = casecompare_in_naptr(rdata1, rdata2); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = casecompare_naptr(rdata1, rdata2); break; \
 	case 36: switch (rdata1->rdclass) { \
 		case 1: result = casecompare_in_kx(rdata1, rdata2); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -890,11 +866,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdclass) { \
-		case 1: result = fromstruct_in_naptr(rdclass, type, source, target); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = fromstruct_naptr(rdclass, type, source, target); break; \
 	case 36: switch (rdclass) { \
 		case 1: result = fromstruct_in_kx(rdclass, type, source, target); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -1011,11 +983,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata->rdclass) { \
-		case 1: result = tostruct_in_naptr(rdata, target, mctx); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = tostruct_naptr(rdata, target, mctx); break; \
 	case 36: switch (rdata->rdclass) { \
 		case 1: result = tostruct_in_kx(rdata, target, mctx); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -1132,11 +1100,7 @@
 		default: break; \
 		} \
 		break; \
-	case 35: switch (common->rdclass) { \
-		case 1: freestruct_in_naptr(source); break; \
-		default: break; \
-		} \
-		break; \
+	case 35: freestruct_naptr(source); break; \
 	case 36: switch (common->rdclass) { \
 		case 1: freestruct_in_kx(source); break; \
 		default: break; \
@@ -1253,11 +1217,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata->rdclass) { \
-		case 1: result = additionaldata_in_naptr(rdata, add, arg); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = additionaldata_naptr(rdata, add, arg); break; \
 	case 36: switch (rdata->rdclass) { \
 		case 1: result = additionaldata_in_kx(rdata, add, arg); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -1374,11 +1334,7 @@
 		default: use_default = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata->rdclass) { \
-		case 1: result = digest_in_naptr(rdata, digest, arg); break; \
-		default: use_default = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = digest_naptr(rdata, digest, arg); break; \
 	case 36: switch (rdata->rdclass) { \
 		case 1: result = digest_in_kx(rdata, digest, arg); break; \
 		default: use_default = ISC_TRUE; break; \
@@ -1495,11 +1451,7 @@
 		default: result = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdclass) { \
-		case 1: result = checkowner_in_naptr(name, rdclass, type, wildcard); break; \
-		default: result = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = checkowner_naptr(name, rdclass, type, wildcard); break; \
 	case 36: switch (rdclass) { \
 		case 1: result = checkowner_in_kx(name, rdclass, type, wildcard); break; \
 		default: result = ISC_TRUE; break; \
@@ -1616,11 +1568,7 @@
 		default: result = ISC_TRUE; break; \
 		} \
 		break; \
-	case 35: switch (rdata->rdclass) { \
-		case 1: result = checknames_in_naptr(rdata, owner, bad); break; \
-		default: result = ISC_TRUE; break; \
-		} \
-		break; \
+	case 35: result = checknames_naptr(rdata, owner, bad); break; \
 	case 36: switch (rdata->rdclass) { \
 		case 1: result = checknames_in_kx(rdata, owner, bad); break; \
 		default: result = ISC_TRUE; break; \
diff --git a/lib/bind/dns/dns/rdatastruct.h b/lib/bind/dns/dns/rdatastruct.h
index a05face..3828c8e 100644
--- a/lib/bind/dns/dns/rdatastruct.h
+++ b/lib/bind/dns/dns/rdatastruct.h
@@ -1178,7 +1178,7 @@ typedef struct dns_rdata_in_srv {
 
 #endif /* IN_1_SRV_33_H */
 /*
- * Copyright (C) 2004, 2005, 2007, 2012  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -1194,15 +1194,15 @@ typedef struct dns_rdata_in_srv {
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-#ifndef IN_1_NAPTR_35_H
-#define IN_1_NAPTR_35_H 1
+#ifndef GENERIC_NAPTR_35_H
+#define GENERIC_NAPTR_35_H 1
 
 /* $Id$ */
 
 /*!
  *  \brief Per RFC2915 */
 
-typedef struct dns_rdata_in_naptr {
+typedef struct dns_rdata_naptr {
 	dns_rdatacommon_t	common;
 	isc_mem_t		*mctx;
 	isc_uint16_t		order;
@@ -1214,9 +1214,9 @@ typedef struct dns_rdata_in_naptr {
 	char			*regexp;
 	isc_uint8_t		regexp_len;
 	dns_name_t		replacement;
-} dns_rdata_in_naptr_t;
+} dns_rdata_naptr_t;
 
-#endif /* IN_1_NAPTR_35_H */
+#endif /* GENERIC_NAPTR_35_H */
 /*
  * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
@@ -1709,7 +1709,7 @@ typedef struct dns_rdata_in_dhcid {
 
 #endif /* IN_1_DHCID_49_H */
 /*
- * Copyright (C) 2008, 2012  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -1756,7 +1756,16 @@ typedef struct dns_rdata_nsec3 {
 #define DNS_NSEC3FLAG_OPTOUT 0x01U
 
 /*%
- * Non-standard, NSEC3PARAM only.
+ * The following flags are used in the private-type record (implemented in
+ * lib/dns/private.c) which is used to store NSEC3PARAM data during the
+ * time when it is not legal to have an actual NSEC3PARAM record in the
+ * zone.  They are defined here because the private-type record uses the
+ * same flags field for the OPTOUT flag above and for the private flags
+ * below.  XXX: This should be considered for refactoring.
+ */
+
+/*%
+ * Non-standard, private type only.
  *
  * Create a corresponding NSEC3 chain.
  * Once the NSEC3 chain is complete this flag will be removed to signal
@@ -1765,13 +1774,14 @@ typedef struct dns_rdata_nsec3 {
  * This flag is automatically set when a NSEC3PARAM record is added to
  * the zone via UPDATE.
  *
- * NSEC3PARAM records with this flag set are supposed to be ignored by
- * RFC 5155 compliant nameservers.
+ * NSEC3PARAM records containing this flag should never be published,
+ * but if they are, they should be ignored by RFC 5155 compliant
+ * nameservers.
  */
 #define DNS_NSEC3FLAG_CREATE 0x80U
 
 /*%
- * Non-standard, NSEC3PARAM only.
+ * Non-standard, private type only.
  *
  * The corresponding NSEC3 set is to be removed once the NSEC chain
  * has been generated.
@@ -1779,24 +1789,39 @@ typedef struct dns_rdata_nsec3 {
  * This flag is automatically set when the last active NSEC3PARAM record
  * is removed from the zone via UPDATE.
  *
- * NSEC3PARAM records with this flag set are supposed to be ignored by
- * RFC 5155 compliant nameservers.
+ * NSEC3PARAM records containing this flag should never be published,
+ * but if they are, they should be ignored by RFC 5155 compliant
+ * nameservers.
  */
 #define DNS_NSEC3FLAG_REMOVE 0x40U
 
 /*%
- * Non-standard, NSEC3PARAM only.
+ * Non-standard, private type only.
  *
- * Used to identify NSEC3PARAM records added in this UPDATE request.
+ * When set with the CREATE flag, a corresponding NSEC3 chain will be
+ * created when the zone becomes capable of supporting one (i.e., when it
+ * has a DNSKEY RRset containing at least one NSEC3-capable algorithm).
+ * Without this flag, NSEC3 chain creation would be attempted immediately,
+ * fail, and the private type record would be removed.  With it, the NSEC3
+ * parameters are stored until they can be used.  When the zone has the
+ * necessary prerequisites for NSEC3, then the INITIAL flag can be cleared,
+ * and the record will be cleaned up normally.
+ *
+ * NSEC3PARAM records containing this flag should never be published, but
+ * if they are, they should be ignored by RFC 5155 compliant nameservers.
  */
-#define DNS_NSEC3FLAG_UPDATE 0x20U
+#define DNS_NSEC3FLAG_INITIAL 0x20U
 
 /*%
- * Non-standard, NSEC3PARAM only.
+ * Non-standard, private type only.
  *
  * Prevent the creation of a NSEC chain before the last NSEC3 chain
  * is removed.  This will normally only be set when the zone is
  * transitioning from secure with NSEC3 chains to insecure.
+ *
+ * NSEC3PARAM records containing this flag should never be published,
+ * but if they are, they should be ignored by RFC 5155 compliant
+ * nameservers.
  */
 #define DNS_NSEC3FLAG_NONSEC 0x10U
 
@@ -2244,7 +2269,7 @@ typedef struct dns_rdata_any_tsig {
 
 #endif /* ANY_255_TSIG_250_H */
 /*
- * Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -2262,7 +2287,7 @@ typedef struct dns_rdata_any_tsig {
 #ifndef GENERIC_URI_256_H
 #define GENERIC_URI_256_H 1
 
-/* $Id: uri_256.h,v 1.2 2011/03/03 14:10:27 fdupont Exp $ */
+/* $Id$ */
 
 typedef struct dns_rdata_uri {
 	dns_rdatacommon_t	common;
diff --git a/lib/bind/isc/Makefile b/lib/bind/isc/Makefile
index 1852472..773666e 100644
--- a/lib/bind/isc/Makefile
+++ b/lib/bind/isc/Makefile
@@ -37,7 +37,7 @@ SRCS+=		inet_pton.c \
 		lex.c lfsr.c lib.c log.c \
 		md5.c mem.c mutexblock.c \
 		netaddr.c netscope.c ondestroy.c \
-		parseint.c portset.c \
+		parseint.c pool.c portset.c \
 		print.c \
 		quota.c radix.c random.c \
 		ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
@@ -99,8 +99,10 @@ INCS=		${SRCDIR}/include/isc/app.h \
 		${SRCDIR}/include/isc/ondestroy.h \
 		${SRCDIR}/include/isc/os.h \
 		${SRCDIR}/include/isc/parseint.h \
+		${SRCDIR}/include/isc/pool.h \
 		${SRCDIR}/include/isc/portset.h \
 		${SRCDIR}/include/isc/print.h \
+		${SRCDIR}/include/isc/queue.h \
 		${SRCDIR}/include/isc/quota.h \
 		${SRCDIR}/include/isc/radix.h \
 		${SRCDIR}/include/isc/random.h \
author	erwin <erwin@FreeBSD.org>	2013-08-22 08:15:03 +0000
committer	erwin <erwin@FreeBSD.org>	2013-08-22 08:15:03 +0000
commit	6a288ef517fece2ca5a21d081efd7b4a81da0053 (patch)
tree	37271fd86c9be9a6bab12a7aebd85ccfbb8a7b62 /lib
parent	0b46e38a09fbccfdfd7bca0f387c66b2c64fa5b6 (diff)
parent	f32b4abce98c97ee6e51b7aa8f8fde6e4cab7f28 (diff)
download	FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.zip FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.tar.gz