From 7af0653ebc9d771057a29d92d993cb8e7b78dd35 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Mon, 1 Jul 2002 01:07:56 +0000 Subject: [PATCH] Import of ISC BIND version 8.3.3 --- contrib/bind/CHANGES | 112 +++++++++ contrib/bind/README | 5 + contrib/bind/Version | 2 +- contrib/bind/bin/addr/addr.c | 15 +- contrib/bind/bin/dig/dig.c | 35 ++- contrib/bind/bin/host/host.c | 10 +- contrib/bind/bin/named-xfer/named-xfer.c | 8 +- contrib/bind/bin/named/db_defs.h | 4 +- contrib/bind/bin/named/db_glue.c | 4 +- contrib/bind/bin/named/db_save.c | 4 +- contrib/bind/bin/named/db_tsig.c | 4 +- contrib/bind/bin/named/named.conf | 2 + contrib/bind/bin/named/ns_config.c | 4 +- contrib/bind/bin/named/ns_ctl.c | 102 ++++++++- contrib/bind/bin/named/ns_defs.h | 9 +- contrib/bind/bin/named/ns_forw.c | 12 +- contrib/bind/bin/named/ns_glob.h | 3 +- contrib/bind/bin/named/ns_ixfr.c | 8 +- contrib/bind/bin/named/ns_lexer.c | 3 +- contrib/bind/bin/named/ns_main.c | 58 ++--- contrib/bind/bin/named/ns_maint.c | 13 +- contrib/bind/bin/named/ns_parser.y | 7 +- contrib/bind/bin/named/ns_req.c | 4 +- contrib/bind/bin/named/ns_resp.c | 21 +- contrib/bind/bin/named/ns_signal.c | 4 +- contrib/bind/bin/named/ns_update.c | 8 +- contrib/bind/bin/named/ns_xfr.c | 14 +- contrib/bind/bin/ndc/ndc.c | 186 ++++++++++++++- contrib/bind/bin/nslookup/Makefile | 7 +- contrib/bind/bin/nslookup/commands.l | 28 +-- contrib/bind/bin/nslookup/getinfo.c | 28 +-- contrib/bind/bin/nslookup/main.c | 23 +- contrib/bind/bin/nslookup/send.c | 4 +- contrib/bind/doc/html/server.html | 7 +- contrib/bind/doc/man/dig.1 | 16 +- contrib/bind/doc/man/dnsquery.1 | 8 +- contrib/bind/doc/man/host.1 | 5 +- contrib/bind/doc/man/named.conf.5 | 10 + contrib/bind/doc/misc/rfc2317-notes.txt | 105 +++++++++ contrib/bind/include/arpa/nameser_compat.h | 4 +- contrib/bind/include/isc/list.h | 14 +- contrib/bind/include/resolv.h | 15 +- contrib/bind/lib/irs/dns_ho.c | 70 +++--- contrib/bind/lib/irs/dns_nw.c | 22 +- contrib/bind/lib/irs/gethostent.c | 212 +++++++++++++++--- contrib/bind/lib/nameser/ns_name.c | 4 +- contrib/bind/lib/resolv/res_debug.c | 15 +- contrib/bind/lib/resolv/res_init.c | 32 ++- contrib/bind/lib/resolv/res_private.h | 1 + contrib/bind/port/freebsd/Makefile.set | 5 +- .../bind/port/freebsd/include/port_before.h | 6 + 51 files changed, 1042 insertions(+), 260 deletions(-) create mode 100644 contrib/bind/doc/misc/rfc2317-notes.txt diff --git a/contrib/bind/CHANGES b/contrib/bind/CHANGES index 768e6019b1ba..25ea08f4d5b6 100644 --- a/contrib/bind/CHANGES +++ b/contrib/bind/CHANGES @@ -1,4 +1,116 @@ + --- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002) + +1301. [func] log attempts to exploit #1300. + +1300. [bug] Remote buffer overrun. + +1299. [func] Log to xfer-in when a named-xfer fails and one of + the masters returned REFUSED. + +1298. [bug] named could leak a OPT record when returning a + negative response. + +1297. [func] 'ndc restart' will now attempt to preserve the + arguments named was started with. + Use 'ndc restart --' to clear the arguements. + Use 'ndc restart ' to restart named + with a alternate set of arguements. + +1296. [bug] delay setting need_restart until the response to + ndc exec has been sent. + +1295. [func] new ndc command 'args'. returns the arguements that + named was started with %xx escaped. + +1294. [bug] #1272 broke linkage for those OS's using -lfl (flex). + Move -ll/-lfl to LIBL for all platforms. + + --- 8.3.2-REL released --- (Mon Jun 17 20:24:32 PDT 2002) + +1293. [doc] update man pages for 'dig', 'dnsquery' and 'host' + to reflect IPv6 capabilities (nslookup and nsupdate + were already IPv4/IPv6 agnostic). + +1292. [func] host: the default lookups now also include AAAA + records. + +1291. [func] 'dig -x ' now works. + +1290. [bug] 'dig @server' fail to report the IPv6 address of the + server in error messages. + +1289. [contrib] normalize_zone now handles $TTL. + +1288. [bug] named: -t and -w could not be used together. + +1287. [func] report serial(s) in out going transfer operation. + + --- 8.3.2-RC1 released --- (Thu May 30 23:06:11 PDT 2002) + +1286. [func] libbind: no longer attempts bit string labels for + IPv6 reverse resolution. Try IP6.ARPA then IP6.INT + for nibble style resolution. + +1285. [port] linux: ss_family vs __ss_family in sockaddr_storage. + +1284. [port] freebsd: 5.0 uses gid_t rather that int for + GETGROUPLIST_ARGS + +1283. [port] bsdi: 4.2 also has struct sockaddr_storage. + +1282. [bug] nslookup was using inet_ntoa() to print out a IPv6 + address. + +1281. [bug] escape '(' and ')' when coverting to presentation + form. + +1280. [func] server { edns yes_or_no; } is now supported. + +1279. [bug] nslookup: partial coversion to similar style outputs + for both -type=aaaa and -type=a. + +1278. [bug] free() of non-malloced memory in nslookup. + +1277. [port] cast all instances of yytext in commands.l to (char*) + to silence compilers on OS's where lex declares it + as (unsigned char *). + +1276. [port] hpux 11.22: ansify GetAnswer in getinfo.c to + silence compiler. + +1275. [bug] bad declaration of si in tsig_key_from_addr(). + +1274. [port] hpux 11.22: ansify hexstring() and display() in + addr.c to silence compiler. + +1273. [bug] const pointer conficts in res_debug.c. + +1272. [port] hpux 11.22: don't link against -ll unless required. + +1272. [bug] main_need_num was not last entry in enum. + main_need_tick nolonger required. + +1271. [port] hpux: treat all hpux systems as BIG_ENDIAN, don't + include . + +1270. [port] hpux 11.22 namespace clash DATASIZE -> BIND_DATASIZE. + +1269. [port] hpux 11.11 interface scaning. + +1268. [port] solaris: 64 bit binary compatability. + +1267. [bug] aix4: missing IN6_IS_ADDR_V4COMPAT macro. + +1266. [bug] If you are using TSIG #1261 introduced the potential + of a infinite loop. + +1265. [bug] nslookup failed on platforms that don't have BSD 43 + style sockets. + +1264. [bug] LINK_INIT and UNLINK were not compatible with + C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. + --- 8.3.2-T1B released --- (Tue May 7 18:49:58 PDT 2002) 1263. [bug] gethostans() could get out of sync parsing the diff --git a/contrib/bind/README b/contrib/bind/README index 344a3ef7abac..a8a52ecadfe8 100644 --- a/contrib/bind/README +++ b/contrib/bind/README @@ -10,6 +10,11 @@ artifacts including BIND, INN, and DHCP. Note that BIND 8 is in "end-of-life", having been replaced by BIND 9. See http://www.isc.org/ for more details. +BIND 8.3.3 Highlights + Security Fix libbind. All applications linked against libbind + need to relinked. + 'rndc restart' now preserves named's arguements + BIND 8.3.2 Highlights dig, nslookup, host and nsupdate have improved IPv6 support. diff --git a/contrib/bind/Version b/contrib/bind/Version index 96227ce054ad..e99a6add5fbb 100644 --- a/contrib/bind/Version +++ b/contrib/bind/Version @@ -1 +1 @@ -8.3.2-T1B +8.3.3-REL diff --git a/contrib/bind/bin/addr/addr.c b/contrib/bind/bin/addr/addr.c index a6933918c867..ae48ea52fa00 100644 --- a/contrib/bind/bin/addr/addr.c +++ b/contrib/bind/bin/addr/addr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: addr.c,v 8.8 1999/10/13 16:38:55 vixie Exp $"; +static const char rcsid[] = "$Id: addr.c,v 8.9 2002/05/21 02:26:21 marka Exp $"; #endif /* not lint */ /* @@ -47,11 +47,7 @@ usage() { /* Warning: this scribbles on `dst' even if it's going to return `0'. */ static int -hexstring(src, dst, len) - const char *src; - u_char *dst; - int len; -{ +hexstring(const char *src, u_char *dst, int len) { static const char xdigits[] = "0123456789abcdef"; u_char *ptr = dst, *end = dst + len; u_int val; @@ -100,12 +96,7 @@ hexstring(src, dst, len) } static void -display(input, af, addr, len) - const char *input; - int af; - const u_char *addr; - int len; -{ +display(const char *input, int af, const u_char *addr, int len) { static int before = 0; char p[sizeof "xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255"]; int i; diff --git a/contrib/bind/bin/dig/dig.c b/contrib/bind/bin/dig/dig.c index 20542582f855..5bb6e7aee06c 100644 --- a/contrib/bind/bin/dig/dig.c +++ b/contrib/bind/bin/dig/dig.c @@ -1,5 +1,5 @@ #ifndef lint -static const char rcsid[] = "$Id: dig.c,v 8.54 2002/04/24 00:38:08 marka Exp $"; +static const char rcsid[] = "$Id: dig.c,v 8.57 2002/06/18 02:26:49 marka Exp $"; #endif /* @@ -245,6 +245,7 @@ static int print_axfr(FILE *output, const u_char *msg, static struct timeval difftv(struct timeval, struct timeval); static void prnttime(struct timeval); static void stackarg(char *, char **); +static void reverse6(char *, struct in6_addr *); /* Public. */ @@ -289,6 +290,8 @@ main(int argc, char **argv) { int wait=0, delay; int envset=0, envsave=0; struct __res_state res_x, res_t; + int r; + struct in6_addr in6; ns_tsig_key key; char *keyfile = NULL, *keyname = NULL; @@ -494,6 +497,11 @@ main(int argc, char **argv) { printf("; no arg for -x?\n"); break; } + r = inet_pton(AF_INET6, addrc, &in6); + if (r > 0) { + reverse6(domain, &in6); + break; + } addrend = addrc + strlen(addrc); if (*addrend == '.') *addrend = '\0'; @@ -813,7 +821,7 @@ main(int argc, char **argv) { buf, sizeof(buf)); break; case AF_INET6: - inet_ntop(AF_INET, + inet_ntop(AF_INET6, &u[0].sin6.sin6_addr, buf, sizeof(buf)); break; @@ -1030,7 +1038,7 @@ where: server,\n\ fputs("\ notes: defname and search don't work; use fully-qualified names.\n\ this is DiG version " VSTRING "\n\ - $Id: dig.c,v 8.54 2002/04/24 00:38:08 marka Exp $\n\ + $Id: dig.c,v 8.57 2002/06/18 02:26:49 marka Exp $\n\ ", stderr); } @@ -1775,3 +1783,24 @@ stackarg(char *l, char **y) { } } } + +static void +reverse6(char *domain, struct in6_addr *in6) { + sprintf(domain, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa", + in6->s6_addr[15] & 0x0f, (in6->s6_addr[15] >> 4) & 0x0f, + in6->s6_addr[14] & 0x0f, (in6->s6_addr[14] >> 4) & 0x0f, + in6->s6_addr[13] & 0x0f, (in6->s6_addr[13] >> 4) & 0x0f, + in6->s6_addr[12] & 0x0f, (in6->s6_addr[12] >> 4) & 0x0f, + in6->s6_addr[11] & 0x0f, (in6->s6_addr[11] >> 4) & 0x0f, + in6->s6_addr[10] & 0x0f, (in6->s6_addr[10] >> 4) & 0x0f, + in6->s6_addr[9] & 0x0f, (in6->s6_addr[9] >> 4) & 0x0f, + in6->s6_addr[8] & 0x0f, (in6->s6_addr[8] >> 4) & 0x0f, + in6->s6_addr[7] & 0x0f, (in6->s6_addr[7] >> 4) & 0x0f, + in6->s6_addr[6] & 0x0f, (in6->s6_addr[6] >> 4) & 0x0f, + in6->s6_addr[5] & 0x0f, (in6->s6_addr[5] >> 4) & 0x0f, + in6->s6_addr[4] & 0x0f, (in6->s6_addr[4] >> 4) & 0x0f, + in6->s6_addr[6] & 0x0f, (in6->s6_addr[3] >> 4) & 0x0f, + in6->s6_addr[2] & 0x0f, (in6->s6_addr[2] >> 4) & 0x0f, + in6->s6_addr[1] & 0x0f, (in6->s6_addr[1] >> 4) & 0x0f, + in6->s6_addr[0] & 0x0f, (in6->s6_addr[0] >> 4) & 0x0f); +} diff --git a/contrib/bind/bin/host/host.c b/contrib/bind/bin/host/host.c index 84b36218af0a..5bac200670e5 100644 --- a/contrib/bind/bin/host/host.c +++ b/contrib/bind/bin/host/host.c @@ -1,5 +1,5 @@ #ifndef lint -static const char rcsid[] = "$Id: host.c,v 8.52 2002/04/28 01:34:52 marka Exp $"; +static const char rcsid[] = "$Id: host.c,v 8.53 2002/06/18 02:34:02 marka Exp $"; #endif /* not lint */ /* @@ -675,7 +675,7 @@ gethostinfo(char *name) { static int getdomaininfo(const char *name, const char *domain) { - int val1, val2; + int val1, val2, val3; if (querytype) return (getinfo(name, domain, gettype=querytype)); @@ -683,8 +683,9 @@ getdomaininfo(const char *name, const char *domain) { val1 = getinfo(name, domain, gettype=ns_t_a); if (cname || verbose) return (val1); - val2 = getinfo(name, domain, gettype=ns_t_mx); - return (val1 || val2); + val2 = getinfo(name, domain, gettype=ns_t_aaaa); + val3 = getinfo(name, domain, gettype=ns_t_mx); + return (val1 || val2 || val3); } } @@ -1582,6 +1583,7 @@ static const char * pr_type(int type) { if (!verbose) switch (type) { case ns_t_a: + case ns_t_aaaa: return ("has address"); case ns_t_cname: return ("is a nickname for"); diff --git a/contrib/bind/bin/named-xfer/named-xfer.c b/contrib/bind/bin/named-xfer/named-xfer.c index b18b163a5f40..27d9ac023c2e 100644 --- a/contrib/bind/bin/named-xfer/named-xfer.c +++ b/contrib/bind/bin/named-xfer/named-xfer.c @@ -130,7 +130,7 @@ char copyright[] = #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)named-xfer.c 4.18 (Berkeley) 3/7/91"; -static const char rcsid[] = "$Id: named-xfer.c,v 8.120 2002/01/29 06:54:52 marka Exp $"; +static const char rcsid[] = "$Id: named-xfer.c,v 8.121 2002/06/26 03:27:22 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -750,6 +750,7 @@ main(int argc, char *argv[]) { default: result = XFER_FAIL; /* fall through */ + case XFER_REFUSED: case XFER_TIMEOUT: case XFER_FAIL: (void) unlink(tmpname); @@ -1067,6 +1068,7 @@ getzone(struct zoneinfo *zp, u_int32_t serial_no, int port) { u_int32_t query_serial = serial_no; int first_soa_printed; struct in_addr z_axfr_src; + int refused = 0; #ifdef DEBUG if (debug) { @@ -1630,6 +1632,7 @@ receive: my_addr_text, inet_ntoa(sin.sin_addr), zp->z_origin); + refused = 1; } else { syslog(LOG_INFO, "[%s] record too short from [%s], zone %s\n", @@ -1912,6 +1915,7 @@ axfr_response: my_addr_text, inet_ntoa(sin.sin_addr), zp->z_origin); + refused = 1; } else { syslog(LOG_INFO, "[%s] record too short from [%s], zone %s\n", @@ -1951,6 +1955,8 @@ axfr_response: } if (!error) return (XFER_TIMEOUT); + if (refused) + return (XFER_REFUSED); return (XFER_FAIL); } diff --git a/contrib/bind/bin/named/db_defs.h b/contrib/bind/bin/named/db_defs.h index 72aa19fa1874..68869f023cb7 100644 --- a/contrib/bind/bin/named/db_defs.h +++ b/contrib/bind/bin/named/db_defs.h @@ -1,6 +1,6 @@ /* * from db.h 4.16 (Berkeley) 6/1/90 - * $Id: db_defs.h,v 8.46 2001/11/17 15:16:46 marka Exp $ + * $Id: db_defs.h,v 8.47 2002/05/18 01:02:53 marka Exp $ */ /* @@ -147,7 +147,7 @@ struct databuf { u_int16_t d_nstime; /* NS response time, milliseconds */ u_char d_data[sizeof(void*)]; /* dynamic (padded) */ }; -#define DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) +#define BIND_DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) #ifdef HITCOUNTS extern u_int32_t db_total_hits; diff --git a/contrib/bind/bin/named/db_glue.c b/contrib/bind/bin/named/db_glue.c index e984db11ee4c..2e966f5cea95 100644 --- a/contrib/bind/bin/named/db_glue.c +++ b/contrib/bind/bin/named/db_glue.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)db_glue.c 4.4 (Berkeley) 6/1/90"; -static const char rcsid[] = "$Id: db_glue.c,v 8.46 2001/11/25 23:52:19 marka Exp $"; +static const char rcsid[] = "$Id: db_glue.c,v 8.47 2002/05/18 01:02:54 marka Exp $"; #endif /* not lint */ /* @@ -441,7 +441,7 @@ nhash(const char *name) { static void db_freedata(struct databuf *dp) { - int bytes = DATASIZE(dp->d_size); + int bytes = BIND_DATASIZE(dp->d_size); if (dp->d_rcnt != 0) panic("db_freedata: d_rcnt != 0", NULL); diff --git a/contrib/bind/bin/named/db_save.c b/contrib/bind/bin/named/db_save.c index 2153e04a327a..a8f4d2a0db84 100644 --- a/contrib/bind/bin/named/db_save.c +++ b/contrib/bind/bin/named/db_save.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)db_save.c 4.16 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: db_save.c,v 8.29 2001/04/25 13:53:09 marka Exp $"; +static const char rcsid[] = "$Id: db_save.c,v 8.30 2002/05/18 01:02:56 marka Exp $"; #endif /* not lint */ /* @@ -137,7 +137,7 @@ savedata(class, type, ttl, data, size) int size; { struct databuf *dp; - int bytes = DATASIZE(size); + int bytes = BIND_DATASIZE(size); dp = (struct databuf *)memget(bytes); if (dp == NULL) diff --git a/contrib/bind/bin/named/db_tsig.c b/contrib/bind/bin/named/db_tsig.c index 5f7b670e56f5..9bdba0eaefaa 100644 --- a/contrib/bind/bin/named/db_tsig.c +++ b/contrib/bind/bin/named/db_tsig.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: db_tsig.c,v 8.7 2001/06/18 14:42:59 marka Exp $"; +static const char rcsid[] = "$Id: db_tsig.c,v 8.8 2002/05/21 02:34:32 marka Exp $"; #endif /* not lint */ /* @@ -129,7 +129,7 @@ tsig_alg_value(char *name) { DST_KEY * tsig_key_from_addr(struct in_addr addr) { - server_info si = si = find_server(addr); + server_info si = find_server(addr); if (si == NULL || si->key_list == NULL || si->key_list->first == NULL) return(NULL); return(si->key_list->first->key); diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf index d0d2996aac5e..7d8169588744 100644 --- a/contrib/bind/bin/named/named.conf +++ b/contrib/bind/bin/named/named.conf @@ -267,6 +267,8 @@ zone "non-default-acl.demo.zone" { acl key_acl { key sample_key; }; // a request signed with sample_key server 1.2.3.4 { + edns no; // if no, we won't send ends queries + // to this server bogus no; // if yes, we won't query or listen // to this server transfer-format one-answer; // set transfer format for this diff --git a/contrib/bind/bin/named/ns_config.c b/contrib/bind/bin/named/ns_config.c index 1680d91543bc..ad4de85d92f1 100644 --- a/contrib/bind/bin/named/ns_config.c +++ b/contrib/bind/bin/named/ns_config.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_config.c,v 8.134 2002/04/25 05:27:04 marka Exp $"; +static const char rcsid[] = "$Id: ns_config.c,v 8.135 2002/05/24 03:04:59 marka Exp $"; #endif /* not lint */ /* @@ -2549,6 +2549,7 @@ new_server(struct in_addr address) { si->flags |= SERVER_INFO_SUPPORT_IXFR; else si->flags &= ~SERVER_INFO_SUPPORT_IXFR; + si->flags |= SERVER_INFO_EDNS; return (si); } @@ -2649,6 +2650,7 @@ set_server_option(server_config sc, int bool_opt, int value) { switch (bool_opt) { case SERVER_INFO_BOGUS: case SERVER_INFO_SUPPORT_IXFR: + case SERVER_INFO_EDNS: if (value) si->flags |= bool_opt; else diff --git a/contrib/bind/bin/named/ns_ctl.c b/contrib/bind/bin/named/ns_ctl.c index ee77634d6569..c8fc907153d7 100644 --- a/contrib/bind/bin/named/ns_ctl.c +++ b/contrib/bind/bin/named/ns_ctl.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ctl.c,v 8.46 2001/12/19 11:53:48 marka Exp $"; +static const char rcsid[] = "$Id: ns_ctl.c,v 8.47 2002/06/24 07:11:07 marka Exp $"; #endif /* not lint */ /* @@ -112,6 +112,8 @@ static void verb_stop(struct ctl_sctx *, struct ctl_sess *, static void verb_exec(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); +static void exec_closure(struct ctl_sctx *, struct ctl_sess *, + void *); static void verb_reload(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); @@ -141,6 +143,9 @@ static void verb_help(struct ctl_sctx *, struct ctl_sess *, static void verb_quit(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); +static void verb_args(struct ctl_sctx *, struct ctl_sess *, + const struct ctl_verb *, + const char *, u_int, const void *, void *); /* Private data. */ @@ -162,6 +167,7 @@ static struct ctl_verb verbs[] = { { "qrylog", verb_querylog, "qrylog"}, { "help", verb_help, "help"}, { "quit", verb_quit, "quit"}, + { "args", verb_args, "args"}, { NULL, NULL, NULL} }; @@ -794,13 +800,25 @@ verb_exec(struct ctl_sctx *ctl, struct ctl_sess *sess, saved_argv[0], save); ctl_response(sess, 502, save, 0, NULL, NULL, NULL, NULL, 0); + } else if (user_name != NULL || group_name != NULL) { + ctl_response(sess, 502, + "can't exec as user or group was specified", + 0, NULL, NULL, NULL, NULL, 0); } else { - ns_need(main_need_restart); ctl_response(sess, 250, "Restart initiated.", 0, NULL, - NULL, NULL, NULL, 0); + exec_closure, NULL, NULL, 0); } } +static void +exec_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { + + UNUSED(sctx); + UNUSED(sess); + UNUSED(uap); + ns_need(main_need_restart); +} + static void verb_reload(struct ctl_sctx *ctl, struct ctl_sess *sess, const struct ctl_verb *verb, const char *rest, @@ -1049,3 +1067,81 @@ verb_quit(struct ctl_sctx *ctl, struct ctl_sess *sess, ctl_response(sess, 221, "End of control session.", CTL_EXIT, NULL, NULL, NULL, NULL, 0); } + +static char hex[] = "0123456789abcdef"; + +struct pvt_args { + int argc; + char text[MAX_STR_LEN]; +}; + +static void +args_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { + struct pvt_args *pvt = ctl_getcsctx(sess); + + UNUSED(sctx); + UNUSED(uap); + + memput(pvt, sizeof *pvt); + ctl_setcsctx(sess, NULL); +} + +static void +verb_args(struct ctl_sctx *ctl, struct ctl_sess *sess, + const struct ctl_verb *verb, const char *rest, + u_int respflags, const void *respctx, void *uctx) +{ + struct pvt_args *pvt = ctl_getcsctx(sess); + char *cp, *tp; + + UNUSED(ctl); + UNUSED(verb); + UNUSED(rest); + UNUSED(respflags); + UNUSED(respctx); + UNUSED(uctx); + + if (pvt == NULL) { + unsigned int i = 0; + pvt = memget(sizeof *pvt); + if (pvt == NULL) { + ctl_response(sess, 505, "(out of memory)", + 0, NULL, NULL, NULL, NULL, 0); + return; + } + pvt->argc = 0; + ctl_setcsctx(sess, pvt); + + /* Send the arguement count. */ + while (saved_argv[i] != NULL) + i++; + sprintf(pvt->text, "%u", i); + ctl_response(sess, 250, pvt->text, CTL_MORE, + NULL, args_closure, NULL, NULL, 0); + return; + } + + /* + * Percent escape arguement. + */ + cp = saved_argv[pvt->argc++]; + tp = pvt->text; + while (cp && *cp != NULL) + if (*cp == '%' || *cp == ' ' || + !isprint((unsigned char)*cp)) { + if (tp >= pvt->text + sizeof(pvt->text) - 4) + break; + *tp++ = '%'; + *tp++ = hex[(*cp>>4)&0xf]; + *tp++ = hex[(*cp++)&0xf]; + } else { + if (tp >= pvt->text + sizeof(pvt->text) - 2) + break; + *tp++ = *cp++; + } + *tp = '\0'; + + ctl_response(sess, 250, pvt->text, + saved_argv[pvt->argc] == NULL ? 0 : CTL_MORE, + NULL, args_closure, NULL, NULL, 0); +} diff --git a/contrib/bind/bin/named/ns_defs.h b/contrib/bind/bin/named/ns_defs.h index 347455011b0c..f8bb976a2faf 100644 --- a/contrib/bind/bin/named/ns_defs.h +++ b/contrib/bind/bin/named/ns_defs.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_defs.h,v 8.118 2002/04/25 05:27:06 marka Exp $ + * $Id: ns_defs.h,v 8.121 2002/06/26 03:27:19 marka Exp $ */ /* @@ -172,9 +172,8 @@ typedef enum need { main_need_restart, /* exec() needed. */ main_need_reap, /* need to reap dead children. */ main_need_noexpired, /* ns_reconfig() needed w/ noexpired set. */ - main_need_num, /* number of needs, used for array bound. */ - main_need_tick, /* tick every second to poll for cleanup (NT) */ - main_need_tryxfer /* attemt to start a zone transfer. */ + main_need_tryxfer, /* attemt to start a zone transfer. */ + main_need_num /* MUST BE LAST. */ } main_need; /* What global options are set? */ @@ -438,6 +437,7 @@ enum zonetype { z_nil, z_master, z_slave, z_hint, z_stub, z_forward, #define XFER_SUCCESSAXFR 4 /* named-xfr recived a xfr */ #define XFER_SUCCESSIXFR 5 /* named-xfr recived a ixfr */ #define XFER_SUCCESSAXFRIXFRFILE 6 /* named-xfr received AXFR for IXFR */ +#define XFER_REFUSED 7 /* one master returned REFUSED */ #define XFER_ISAXFR -1 /* the last XFR is AXFR */ #define XFER_ISIXFR -2 /* the last XFR is IXFR */ #define XFER_ISAXFRIXFR -3 /* the last XFR is AXFR but we must create IXFR base */ @@ -835,6 +835,7 @@ typedef struct server_config { #define SERVER_INFO_BOGUS 0x01 #define SERVER_INFO_SUPPORT_IXFR 0x02 +#define SERVER_INFO_EDNS 0x04 typedef struct server_info { struct in_addr address; diff --git a/contrib/bind/bin/named/ns_forw.c b/contrib/bind/bin/named/ns_forw.c index 494a96a8177c..746257b0f33a 100644 --- a/contrib/bind/bin/named/ns_forw.c +++ b/contrib/bind/bin/named/ns_forw.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_forw.c 4.32 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_forw.c,v 8.90 2002/02/22 05:12:35 marka Exp $"; +static const char rcsid[] = "$Id: ns_forw.c,v 8.91 2002/05/24 03:04:57 marka Exp $"; #endif /* not lint */ /* @@ -612,6 +612,11 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, qs->nsdata = dp; qs->forwarder = 0; qs->noedns = dp->d_noedns; + if (!qs->noedns) { + server_info si = find_server(nsa); + if (si && (si->flags & SERVER_INFO_EDNS) == 0) + qs->noedns = 1; + } qs->nretry = 0; /* * If this A RR has no RTT, initialize its RTT to a @@ -1285,6 +1290,11 @@ nsfwdadd(struct qinfo *qp, struct fwdinfo *fwd) { qs->nsdata = fwd->fwddata->nsdata; qs->forwarder = 1; qs->noedns = fwd->fwddata->nsdata->d_noedns; + if (!qs->noedns) { + server_info si = find_server(qs->ns_addr.sin_addr); + if (si && (si->flags & SERVER_INFO_EDNS) == 0) + qs->noedns = 1; + } qs->nretry = 0; n++; nextfwd: diff --git a/contrib/bind/bin/named/ns_glob.h b/contrib/bind/bin/named/ns_glob.h index 7f382d5ee499..8f052f5d83a3 100644 --- a/contrib/bind/bin/named/ns_glob.h +++ b/contrib/bind/bin/named/ns_glob.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_glob.h,v 8.57 2001/11/12 21:22:26 marka Exp $ + * $Id: ns_glob.h,v 8.58 2002/06/05 04:53:50 marka Exp $ */ /* @@ -336,6 +336,7 @@ DECL char * user_name INIT(NULL); DECL gid_t group_id; DECL char * group_name INIT(NULL); DECL char * chroot_dir INIT(NULL); +DECL char * working_dir INIT(NULL); DECL int loading INIT(0); diff --git a/contrib/bind/bin/named/ns_ixfr.c b/contrib/bind/bin/named/ns_ixfr.c index f14019e776f0..0492bc0e20bf 100644 --- a/contrib/bind/bin/named/ns_ixfr.c +++ b/contrib/bind/bin/named/ns_ixfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ixfr.c,v 8.31 2002/01/02 05:15:20 marka Exp $"; +static const char rcsid[] = "$Id: ns_ixfr.c,v 8.32 2002/05/18 01:02:57 marka Exp $"; #endif /* not lint */ /* @@ -201,10 +201,10 @@ sx_send_ixfr(struct qstream *qsp) { ns_panic(ns_log_update, 1, "sx_send_ixfr: unable to locate soa"); } - old_soadp = memget(DATASIZE(soa_dp->d_size)); + old_soadp = memget(BIND_DATASIZE(soa_dp->d_size)); if (old_soadp == NULL) ns_panic(ns_log_update, 1, "sx_send_ixfr: out of memory"); - memcpy(old_soadp, soa_dp, DATASIZE(soa_dp->d_size)); + memcpy(old_soadp, soa_dp, BIND_DATASIZE(soa_dp->d_size)); again: switch (qsp->xfr.state) { @@ -383,7 +383,7 @@ sx_send_ixfr(struct qstream *qsp) { qsp->xfr.top.ixfr = NULL; } cleanup: - memput(old_soadp, DATASIZE(old_soadp->d_size)); + memput(old_soadp, BIND_DATASIZE(old_soadp->d_size)); } diff --git a/contrib/bind/bin/named/ns_lexer.c b/contrib/bind/bin/named/ns_lexer.c index b10219ada4f1..b8271625d717 100644 --- a/contrib/bind/bin/named/ns_lexer.c +++ b/contrib/bind/bin/named/ns_lexer.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_lexer.c,v 8.30 2002/04/25 05:27:08 marka Exp $"; +static const char rcsid[] = "$Id: ns_lexer.c,v 8.31 2002/05/24 03:05:03 marka Exp $"; #endif /* not lint */ /* @@ -251,6 +251,7 @@ static struct keyword keywords[] = { {"directory", T_DIRECTORY}, {"dump-file", T_DUMP_FILE}, {"dynamic", T_DYNAMIC}, + {"edns", T_EDNS}, {"explicit", T_EXPLICIT}, {"fail", T_FAIL}, {"fake-iquery", T_FAKE_IQUERY}, diff --git a/contrib/bind/bin/named/ns_main.c b/contrib/bind/bin/named/ns_main.c index d8393879448c..f12f2852f089 100644 --- a/contrib/bind/bin/named/ns_main.c +++ b/contrib/bind/bin/named/ns_main.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_main.c,v 8.157 2002/04/13 23:26:16 marka Exp $"; +static const char rcsid[] = "$Id: ns_main.c,v 8.160 2002/06/24 07:06:55 marka Exp $"; #endif /* not lint */ /* @@ -99,8 +99,10 @@ char copyright[] = #ifdef SVR4 /* XXX */ # include #else +#ifndef __hpux # include #endif +#endif #include #include @@ -174,7 +176,7 @@ static u_int16_t nsid_c1, nsid_c2, nsid_c3; static u_int16_t nsid_state2; static int nsid_algorithm; -static int needs = 0, needs_exit = 0; +static int needs = 0, needs_exit = 0, needs_restart = 0; static handler handlers[main_need_num]; static void savedg_waitfunc(evContext, void*, const void*); static void need_waitfunc(evContext, void *, const void *); @@ -309,14 +311,7 @@ main(int argc, char *argv[]) { break; case 'w': - if (chdir(optarg) < 0) { - syslog(LOG_CRIT, bad_directory, optarg, - strerror(errno)); - fprintf(stderr, bad_directory, optarg, - strerror(errno)); - fputc('\n', stderr); - exit(1); - } + working_dir = savestr(optarg, 1); break; #ifdef QRYLOG case 'q': @@ -434,6 +429,19 @@ main(int argc, char *argv[]) { chroot_dir = freestr(chroot_dir); #endif } + /* + * Set working directory. + */ + if (working_dir != NULL) { + if (chdir(working_dir) < 0) { + syslog(LOG_CRIT, bad_directory, working_dir, + strerror(errno)); + fprintf(stderr, bad_directory, working_dir, + strerror(errno)); + fputc('\n', stderr); + exit(1); + } + } /* Establish global event context. */ evCreate(&ev); @@ -550,7 +558,10 @@ main(int argc, char *argv[]) { else INSIST_ERR(errno == EINTR); } - ns_info(ns_log_default, "named shutting down"); + if (needs_restart) + ns_info(ns_log_default, "named restarting"); + else + ns_info(ns_log_default, "named shutting down"); #ifdef BIND_UPDATE dynamic_about_to_exit(); #endif @@ -563,8 +574,11 @@ main(int argc, char *argv[]) { else shutdown_configuration(); - /* Cleanup for system-dependent stuff */ - custom_shutdown(); + if (needs_restart) + execvp(saved_argv[0], saved_argv); + else + /* Cleanup for system-dependent stuff */ + custom_shutdown(); return (0); } @@ -2746,6 +2760,9 @@ deallocate_everything(void) { if (chroot_dir != NULL) freestr(chroot_dir); chroot_dir = NULL; + if (working_dir != NULL) + freestr(working_dir); + working_dir = NULL; if (nsid_pool != NULL) memput(nsid_pool, 0x10000 * (sizeof(u_int16_t))); nsid_pool = NULL; @@ -2764,19 +2781,8 @@ deallocate_everything(void) { static void ns_restart(void) { - ns_info(ns_log_default, "named restarting"); -#ifdef BIND_UPDATE - dynamic_about_to_exit(); -#endif - if (server_options && server_options->pid_filename) - (void)unlink(server_options->pid_filename); - ns_logstats(ev, NULL, evNowTime(), evConsTime(0, 0)); - if (NS_OPTION_P(OPTION_DEALLOC_ON_EXIT)) - deallocate_everything(); - else - shutdown_configuration(); - execvp(saved_argv[0], saved_argv); - abort(); + needs_restart = 1; + needs_exit = 1; } static void diff --git a/contrib/bind/bin/named/ns_maint.c b/contrib/bind/bin/named/ns_maint.c index 82df685c7ed4..be4b6f9c53ef 100644 --- a/contrib/bind/bin/named/ns_maint.c +++ b/contrib/bind/bin/named/ns_maint.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: ns_maint.c,v 8.135 2002/04/25 05:27:10 marka Exp $"; +static const char rcsid[] = "$Id: ns_maint.c,v 8.136 2002/06/26 03:27:20 marka Exp $"; #endif /* not lint */ /* @@ -1681,6 +1681,17 @@ endxfer() { sched_zone_maint(zp); break; + case XFER_REFUSED: + if (!(zp->z_flags & Z_SYSLOGGED)) { + zp->z_flags |= Z_SYSLOGGED; + ns_error(ns_log_xfer_in, + "zoneref: Masters for slave zone \"%s\" REFUSED transfer", + zp->z_origin); + } + ns_retrytime(zp, tt.tv_sec); + sched_zone_maint(zp); + break; + default: if (!(zp->z_flags & Z_SYSLOGGED)) { zp->z_flags |= Z_SYSLOGGED; diff --git a/contrib/bind/bin/named/ns_parser.y b/contrib/bind/bin/named/ns_parser.y index 8e6296232dcb..79f34b1adaab 100644 --- a/contrib/bind/bin/named/ns_parser.y +++ b/contrib/bind/bin/named/ns_parser.y @@ -1,6 +1,6 @@ %{ #if !defined(lint) && !defined(SABER) -static char rcsid[] = "$Id: ns_parser.y,v 8.79 2002/04/25 05:27:13 marka Exp $"; +static char rcsid[] = "$Id: ns_parser.y,v 8.80 2002/05/24 03:05:01 marka Exp $"; #endif /* not lint */ /* @@ -191,6 +191,7 @@ int yyparse(); %token T_TRANSFERS %token T_KEYS %token T_SUPPORT_IXFR +%token T_EDNS /* Items used for "zone" statements: */ %token T_ZONE @@ -1268,6 +1269,10 @@ server_info: T_BOGUS yea_or_nay set_server_transfer_format(current_server, $2); } | T_KEYS '{' key_list '}' + | T_EDNS yea_or_nay + { + set_server_option(current_server, SERVER_INFO_EDNS, $2); + } | error ; diff --git a/contrib/bind/bin/named/ns_req.c b/contrib/bind/bin/named/ns_req.c index 1a1d756b1884..6aca04a73e97 100644 --- a/contrib/bind/bin/named/ns_req.c +++ b/contrib/bind/bin/named/ns_req.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_req.c 4.47 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_req.c,v 8.168 2002/04/30 03:43:52 marka Exp $"; +static const char rcsid[] = "$Id: ns_req.c,v 8.169 2002/05/12 23:41:52 marka Exp $"; #endif /* not lint */ /* @@ -560,6 +560,8 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, hp->arcount = htons(0); cp = msg + HFIXEDSZ; cp += ns_skiprr(cp, msg + msglen, ns_s_qd, ntohs(hp->qdcount)); + ns_name_rollback(cp, (const u_char **)dnptrs, + (const u_char **)dnptrs_end); if (opt > 0) { n = ns_add_opt(msg, cp, buflen_orig, 0, rcode, EDNS_MESSAGE_SZ, 0, NULL, 0); diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c index 5be0038fd0b2..91a38694ef4a 100644 --- a/contrib/bind/bin/named/ns_resp.c +++ b/contrib/bind/bin/named/ns_resp.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_resp.c,v 8.176 2002/04/17 07:10:10 marka Exp $"; +static const char rcsid[] = "$Id: ns_resp.c,v 8.178 2002/06/27 03:09:19 marka Exp $"; #endif /* not lint */ /* @@ -288,7 +288,6 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) struct namebuf *np; struct fwdinfo *fwd; struct databuf *dp; - int forcecmsg = 0; char *tname = NULL; int sendto_errno = 0; int has_tsig, oldqlen = 0; @@ -298,6 +297,7 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) u_char sig[TSIG_SIG_SIZE]; time_t tsig_time; DST_KEY *key; + int expect_cname; nameserIncr(from.sin_addr, nssRcvdR); nsp[0] = NULL; @@ -924,6 +924,7 @@ tcp_retry: } else flushset = NULL; + expect_cname = 1; for (i = 0; i < count; i++) { struct databuf *dp; int type; @@ -955,6 +956,19 @@ tcp_retry: type = dp->d_type; if (i < ancount) { /* Answer section. */ + /* + * Check for attempts to overflow the buffer in + * getnameanswer. + */ + if (type == ns_t_cname && !expect_cname) { + ns_warning(ns_log_security, + "late CNAME in answer section for %s %s from %s", + *qname ? qname : ".", p_type(qtype), + sin_ntoa(from)); + + } else if (type != ns_t_cname && type != ns_t_dname && + type != ns_t_sig) + expect_cname = 0; if (externalcname || ns_samename(name, aname) != 1) { if (!externalcname) ns_info(ns_log_resp_checks, @@ -1220,12 +1234,11 @@ tcp_retry: cache_n_resp(msg, msglen, from, qp->q_name, qp->q_class, qp->q_type); - if (!qp->q_cmsglen) { + if (!qp->q_cmsglen && validanswer) { ns_debug(ns_log_default, 3, "resp: leaving NO: auth = %d", hp->aa); goto return_msg; } - forcecmsg = 1; } /* diff --git a/contrib/bind/bin/named/ns_signal.c b/contrib/bind/bin/named/ns_signal.c index 0820bfae9c34..a8a957d57757 100644 --- a/contrib/bind/bin/named/ns_signal.c +++ b/contrib/bind/bin/named/ns_signal.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_signal.c,v 8.14 2001/06/18 14:43:25 marka Exp $"; +static const char rcsid[] = "$Id: ns_signal.c,v 8.15 2002/05/18 01:39:15 marka Exp $"; #endif /* not lint */ /* @@ -87,8 +87,10 @@ static const char rcsid[] = "$Id: ns_signal.c,v 8.14 2001/06/18 14:43:25 marka E #ifdef SVR4 /* XXX */ # include #else +#ifndef __hpux # include #endif +#endif #include #include diff --git a/contrib/bind/bin/named/ns_update.c b/contrib/bind/bin/named/ns_update.c index 774bd2c96567..b2b5b9680ded 100644 --- a/contrib/bind/bin/named/ns_update.c +++ b/contrib/bind/bin/named/ns_update.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_update.c,v 8.103 2002/01/03 00:25:02 marka Exp $"; +static const char rcsid[] = "$Id: ns_update.c,v 8.104 2002/05/18 01:02:59 marka Exp $"; #endif /* not lint */ /* @@ -3010,9 +3010,9 @@ incr_serial(struct zoneinfo *zp) { return (-1); dp = findzonesoa(zp); if (dp) { - olddp = memget(DATASIZE(dp->d_size)); + olddp = memget(BIND_DATASIZE(dp->d_size)); if (olddp != NULL) { - memcpy(olddp, dp, DATASIZE(dp->d_size)); + memcpy(olddp, dp, BIND_DATASIZE(dp->d_size)); cp = findsoaserial(olddp->d_data); PUTLONG(old_serial, cp); fprintf(ifp, "update: {delete} %s. %u %s %s ", @@ -3021,7 +3021,7 @@ incr_serial(struct zoneinfo *zp) { p_type(dp->d_type)); (void) rdata_dump(olddp, ifp); fprintf(ifp, "\n"); - memput(olddp, DATASIZE(dp->d_size)); + memput(olddp, BIND_DATASIZE(dp->d_size)); } fprintf(ifp, "update: {add} %s. %u %s %s ", zp->z_origin, dp->d_ttl, diff --git a/contrib/bind/bin/named/ns_xfr.c b/contrib/bind/bin/named/ns_xfr.c index d7a850579070..7b1c99b1353c 100644 --- a/contrib/bind/bin/named/ns_xfr.c +++ b/contrib/bind/bin/named/ns_xfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_xfr.c,v 8.68 2002/04/11 05:19:06 marka Exp $"; +static const char rcsid[] = "$Id: ns_xfr.c,v 8.69 2002/06/05 03:53:49 marka Exp $"; #endif /* not lint */ /* @@ -82,15 +82,21 @@ ns_xfr(struct qstream *qsp, struct namebuf *znp, ns_deltalist *changes; switch (type) { - case ns_t_axfr: /*FALLTHROUGH*/ case ns_t_ixfr: + ns_info(ns_log_xfer_out, + "zone transfer (%s) of \"%s\" (%s) to %s serial %u -> %u", + p_type(type), zones[zone].z_origin, p_class(class), + sin_ntoa(qsp->s_from), serial_ixfr, + zones[zone].z_serial); + break; + case ns_t_axfr: /*FALLTHROUGH*/ #ifdef BIND_ZXFR case ns_t_zxfr: #endif ns_info(ns_log_xfer_out, - "zone transfer (%s) of \"%s\" (%s) to %s", + "zone transfer (%s) of \"%s\" (%s) to %s serial %u", p_type(type), zones[zone].z_origin, p_class(class), - sin_ntoa(qsp->s_from)); + sin_ntoa(qsp->s_from), zones[zone].z_serial); break; default: ns_warning(ns_log_xfer_out, diff --git a/contrib/bind/bin/ndc/ndc.c b/contrib/bind/bin/ndc/ndc.c index aa0e4a373046..d0770429261d 100644 --- a/contrib/bind/bin/ndc/ndc.c +++ b/contrib/bind/bin/ndc/ndc.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ndc.c,v 1.21 2001/12/19 23:16:23 marka Exp $"; +static const char rcsid[] = "$Id: ndc.c,v 1.22 2002/06/24 07:28:55 marka Exp $"; #endif /* not lint */ /* @@ -250,6 +250,179 @@ slashhelp(void) { "toggle silence (suppresses nonfatal errors)"); } +struct argv { + int argc; + char **argv; + int error; +}; + +static char hexdigits[] = "0123456789abcdef"; + +static void +getargs_closure(void *arg, const char *msg, int flags) { + struct argv *argv = arg; + int len; + int i; + const char *cp, *cp2; + char *tp, c; + + UNUSED(flags); + + if (argv->error) + return; + + if (argv->argc == -1) { + i = atoi(msg + 4); + if (i < 1) { + argv->error = 1; + return; + } + argv->argc = i; + argv->argv = calloc((i+1), sizeof(char*)); + return; + } + len = 0; + cp = msg + 4; + while (*cp != NULL) { + c = *cp; + if (c == '%') { + cp2 = strchr(hexdigits, cp[1]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c = (cp2-hexdigits) << 4; + cp2 = strchr(hexdigits, cp[2]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c += (cp2-hexdigits); + cp += 2; + } + if (!isalnum((unsigned)c)) { + switch (c) { + case '+': case '-': case '=': case '/': case '.': + break; + default: + len++; + } + } + len++; + cp++; + } + i = 0; + while (argv->argv[i] != NULL) + i++; + if (i >= argv->argc) { + argv->error = 1; + return; + } + argv->argv[i] = malloc(len + 1); + if (argv->argv[i] == NULL) { + argv->error = 1; + return; + } + cp = msg + 4; + tp = argv->argv[i]; + while (*cp != NULL) { + c = *cp; + if (c == '%') { + cp2 = strchr(hexdigits, cp[1]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c = (cp2-hexdigits) << 4; + cp2 = strchr(hexdigits, cp[2]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c += (cp2-hexdigits); + cp += 2; + } + if (!isalnum((unsigned)c)) { + switch (c) { + case '+': case '-': case '=': case '/': case '.': + break; + default: + *tp = '\\'; + } + } + *tp++ = c; + cp++; + } +} + +static int +get_args(char **restp) { + struct argv argv; + int len, i; + char *rest, *p; + int result = 1; + + argv.argc = -1; + argv.argv = NULL; + argv.error = 0; + + channel_loop("args", 1, getargs_closure, &argv); + if (argv.error) { + result = 0; + goto err; + } + len = 0; + for (i = 1 ; i < argv.argc && argv.argv[i] != NULL; i++) + len += strlen(argv.argv[i]) + 1; + rest = malloc(len); + if (rest == NULL) { + result = 0; + goto err; + } + p = rest; + for (i = 1 ; i < argv.argc && argv.argv[i] != NULL; i++) { + strcpy(p, argv.argv[i]); + p += strlen(argv.argv[i]); + *p++ = ' '; + } + if (p != rest) + p[-1] = '\0'; + *restp = rest; + + err: + if (argv.argv) { + for (i = 0 ; i < argv.argc && argv.argv[i] != NULL; i++) + free(argv.argv[i]); + free(argv.argv); + } + return (result); +} + +static void +exec_closure(void *arg, const char *msg, int flags) { + int *result = arg; + UNUSED(flags); + if (atoi(msg) == 250) + *result = 1; +} + +static int +try_exec(int local_quiet) { + int good = 0; + pid_t pid; + + channel_loop("exec", 1, exec_closure, &good); + + if (good) { + sleep(3); + if (!running(0, &pid)) + error("name server has not restarted (yet?)"); + else if (!local_quiet) + result("new pid is %ld", (long)pid); + } + return (good); +} + static int builtincmd(void) { static const char spaces[] = " \t"; @@ -257,14 +430,18 @@ builtincmd(void) { pid_t pid; int save_quiet = quiet; int len; + int freerest = 0; quiet = 1; len = strcspn(cmd, spaces); rest = cmd + len; - if (*rest != '\0') { - rest++; + if (*rest != '\0') rest += strspn(rest, spaces); + if (*rest == '\0' && !strncasecmp(cmd, "restart", len)) { + if (try_exec(save_quiet)) + return (1); + freerest = get_args(&rest); } syscmd = malloc(strlen(named_path) + sizeof " " + strlen(rest)); if (syscmd == NULL) @@ -274,6 +451,8 @@ builtincmd(void) { strcat(syscmd, " "); strcat(syscmd, rest); } + if (freerest) + free(rest); if (strncasecmp(cmd, "start", len) == 0) { if (running(debug, &pid)) error("name server already running? (pid %ld)", @@ -417,6 +596,7 @@ channel_loop(const char *cmdtext, int show, closure cl, void *ua) { a.cl = cl; a.ua = ua; logger_show = show; + trace("command '%s'", cmdtext); ctl = ctl_client(ev, client_addr, impute_addrlen(client_addr), (struct sockaddr *)&server, impute_addrlen((struct sockaddr *)&server), diff --git a/contrib/bind/bin/nslookup/Makefile b/contrib/bind/bin/nslookup/Makefile index 6680bc6d0418..27073c15623b 100644 --- a/contrib/bind/bin/nslookup/Makefile +++ b/contrib/bind/bin/nslookup/Makefile @@ -13,7 +13,7 @@ ## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ## SOFTWARE. -# $Id: Makefile,v 8.27 2001/01/31 08:44:43 marka Exp $ +# $Id: Makefile,v 8.28 2002/05/21 00:44:59 marka Exp $ DESTDIR= CC= cc @@ -31,7 +31,8 @@ A=a O=o EXE= LEX = lex -I -SYSLIBS = -ll -lutil +SYSLIBS =-lutil +LIBL=-ll DESTBIN = /usr/local/bin DESTSBIN = /usr/local/sbin DESTEXEC = /usr/local/libexec @@ -56,7 +57,7 @@ all: ${PROG}${EXE} ${PROG}${EXE}: ${OBJS} ${LIBBIND} Makefile ${CC} ${CDEBUG} ${LDFLAGS} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} \ - ${LIBBIND} ${SYSLIBS} + ${LIBBIND} ${LIBL} ${SYSLIBS} .c.${O}: ${CC} ${CPPFLAGS} ${CFLAGS} ${BOUNDS} -c $*.c diff --git a/contrib/bind/bin/nslookup/commands.l b/contrib/bind/bin/nslookup/commands.l index f086118756dd..7abf7d34d709 100644 --- a/contrib/bind/bin/nslookup/commands.l +++ b/contrib/bind/bin/nslookup/commands.l @@ -117,11 +117,11 @@ NAME [:A-Za-z0-9.*=_/-] * 1 == use original server to find * the new one. */ - SetDefaultServer(yytext, 0); + SetDefaultServer((char*)yytext, 0); return(1); } ^{WS}*lserver{WS}+{LET}{NAME}*{WS}*$ { - SetDefaultServer(yytext, 1); + SetDefaultServer((char*)yytext, 1); return(1); } ^{WS}*exit{WS}*$ { @@ -137,11 +137,11 @@ NAME [:A-Za-z0-9.*=_/-] * 0 == output to stdout * 1 == output to file */ - Finger(yytext, 1); + Finger((char*)yytext, 1); return(1); } ^{WS}*finger({WS}+{LET}{NAME}*)?{WS}*$ { - Finger(yytext, 0); + Finger((char*)yytext, 0); return(1); } ^{WS}*ls{WS}+(("-a"|"-d"|"-h"|"-m"|"-s"){WS}+)?{LET}{NAME}*{WS}+>>?{WS}+{NAME}+{WS}*$ { @@ -150,11 +150,11 @@ NAME [:A-Za-z0-9.*=_/-] * 0 == output to stdout * 1 == output to file */ - ListHosts(yytext, 1); + ListHosts((char*)yytext, 1); return(1); } ^{WS}*ls{WS}+(("-a"|"-d"|"-h"|"-m"|"-s"){WS}+)?{LET}{NAME}*{WS}*$ { - ListHosts(yytext, 0); + ListHosts((char*)yytext, 0); return(1); } ^{WS}*ls{WS}+-t{WS}+({LET}{NAME}*{WS}+)?{LET}{NAME}*{WS}+>>?{WS}+{NAME}+{WS}*$ { @@ -163,15 +163,15 @@ NAME [:A-Za-z0-9.*=_/-] * 0 == output to stdout * 1 == output to file */ - ListHostsByType(yytext, 1); + ListHostsByType((char*)yytext, 1); return(1); } ^{WS}*ls{WS}+-t{WS}+({LET}{NAME}*{WS}+)?{LET}{NAME}*{WS}*$ { - ListHostsByType(yytext, 0); + ListHostsByType((char*)yytext, 0); return(1); } ^{WS}*set{WS}+{NAME}+{WS}*$ { - SetOption(yytext); + SetOption((char*)yytext); return(1); } ^{WS}*help{WS}*$ { @@ -189,11 +189,11 @@ NAME [:A-Za-z0-9.*=_/-] * 0 == output to stdout * 1 == output to file */ - LookupHost(yytext, 1); + LookupHost((char*)yytext, 1); return(1); } ^{WS}*{FLET}{NAME}*{WS}*$ { - LookupHost(yytext, 0); + LookupHost((char*)yytext, 0); return(1); } ^{WS}*{FLET}{NAME}*{WS}+{LET}{NAME}*{WS}+>>?{WS}*{NAME}+{WS}*$ { @@ -201,11 +201,11 @@ NAME [:A-Za-z0-9.*=_/-] * 0 == output to stdout * 1 == output to file */ - LookupHostWithServer(yytext, 1); + LookupHostWithServer((char*)yytext, 1); return(1); } ^{WS}*{FLET}{NAME}*{WS}+{LET}{NAME}*{WS}*$ { - LookupHostWithServer(yytext, 0); + LookupHostWithServer((char*)yytext, 0); return(1); } ^{WS}*\n { @@ -213,7 +213,7 @@ NAME [:A-Za-z0-9.*=_/-] } ^.*\n { printf("Unrecognized command: %s", - yytext); + (char*)yytext); return(1); } \n { ; } diff --git a/contrib/bind/bin/nslookup/getinfo.c b/contrib/bind/bin/nslookup/getinfo.c index e4fbb514b5a0..7189a8526aa6 100644 --- a/contrib/bind/bin/nslookup/getinfo.c +++ b/contrib/bind/bin/nslookup/getinfo.c @@ -53,7 +53,7 @@ #ifndef lint static const char sccsid[] = "@(#)getinfo.c 5.26 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: getinfo.c,v 8.23 2002/04/29 01:11:52 marka Exp $"; +static const char rcsid[] = "$Id: getinfo.c,v 8.27 2002/05/22 04:06:57 marka Exp $"; #endif /* not lint */ /* @@ -141,16 +141,9 @@ typedef union { */ static int -GetAnswer(nsAddrPtr, queryType, msg, msglen, iquery, hostPtr, isServer, - merge) - union res_sockaddr_union *nsAddrPtr; - char *msg; - int queryType; - int msglen; - Boolean iquery; - register HostInfo *hostPtr; - Boolean isServer; - Boolean merge; +GetAnswer(union res_sockaddr_union *nsAddrPtr, int queryType, + char *msg, int msglen, Boolean iquery, HostInfo *hostPtr, + Boolean isServer, Boolean merge) { register HEADER *headerPtr; register const u_char *cp; @@ -360,7 +353,8 @@ GetAnswer(nsAddrPtr, queryType, msg, msglen, iquery, hostPtr, isServer, } } - if ((queryType == T_A || queryType == T_PTR) && haveAnswer) { + if ((queryType == T_A || queryType == T_AAAA || queryType == T_PTR) && + haveAnswer) { /* * Go through the alias and address lists and return them @@ -386,10 +380,8 @@ GetAnswer(nsAddrPtr, queryType, msg, msglen, iquery, hostPtr, isServer, for (l = 0; l < k; l++) if (!strcasecmp(hostPtr->aliases[l], host_aliases[i])) break; - if (l < k) { - free(host_aliases[i]); + if (l < k) continue; - } hostPtr->aliases[k] = Calloc(1, host_aliases_len[i]); memcpy(hostPtr->aliases[k], host_aliases[i], host_aliases_len[i]); @@ -419,10 +411,8 @@ GetAnswer(nsAddrPtr, queryType, msg, msglen, iquery, hostPtr, isServer, !memcmp(hostPtr->addrList[l]->addr, addr_list[i], addr_len[i])) break; - if (l < k) { - free(addr_list[i]); + if (l < k) continue; - } hostPtr->addrList[k] = (AddrInfo*)Calloc(1, sizeof(AddrInfo)); hostPtr->addrList[k]->addr = Calloc(1, addr_len[i]); hostPtr->addrList[k]->addrType = addr_type[i]; @@ -544,7 +534,7 @@ GetAnswer(nsAddrPtr, queryType, msg, msglen, iquery, hostPtr, isServer, */ cp = res_skip((u_char*)&answer, 3, eom); - if (queryType != T_A) { + if (queryType != T_A && queryType != T_AAAA) { /* * If we don't need to save the record, just print it. */ diff --git a/contrib/bind/bin/nslookup/main.c b/contrib/bind/bin/nslookup/main.c index 38e1014c05f0..e992bb068213 100644 --- a/contrib/bind/bin/nslookup/main.c +++ b/contrib/bind/bin/nslookup/main.c @@ -77,7 +77,7 @@ char copyright[] = #ifndef lint static const char sccsid[] = "@(#)main.c 5.42 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: main.c,v 8.22 2002/04/12 03:03:49 marka Exp $"; +static const char rcsid[] = "$Id: main.c,v 8.24 2002/05/26 03:12:20 marka Exp $"; #endif /* not lint */ /* @@ -340,10 +340,21 @@ main(int argc, char **argv) { } else { result = GetHostInfoByAddr(&u[i], &u[i], defaultPtr); if (result != SUCCESS) { + char t[80]; + switch (u[i].sin.sin_family) { + case AF_INET: + inet_ntop(AF_INET, &u[i].sin.sin_addr, t, sizeof(t)); + break; + case AF_INET6: + inet_ntop(AF_INET6, &u[i].sin6.sin6_addr, t, sizeof(t)); + break; + default: + strcpy(t, ""); + break; + } fprintf(stderr, - "*** Can't find server name for address %s: %s\n", - inet_ntoa(res.nsaddr_list[i].sin_addr), - DecodeError(result)); + "*** Can't find server name for address %s: %s\n", + t, DecodeError(result)); } else { defaultAddr = u[i]; break; @@ -697,7 +708,7 @@ DoLookup(host, servPtr, serverName) * RFC1123 says we "SHOULD check the string syntactically for a * dotted-decimal number before looking it up [...]" (p. 13). */ - if (queryType == T_A && IsAddr(host, &addr)) { + if ((queryType == T_A || queryType == T_AAAA) && IsAddr(host, &addr)) { result = GetHostInfoByAddr(&servAddr, &addr, &curHostInfo); } else { if (queryType == T_PTR) { @@ -715,7 +726,7 @@ DoLookup(host, servPtr, serverName) * There's no need to print anything for other query types * because the info has already been printed. */ - if (queryType == T_A) { + if (queryType == T_A || queryType == T_AAAA) { curHostValid = TRUE; PrintHostInfo(filePtr, "Name:", &curHostInfo); } diff --git a/contrib/bind/bin/nslookup/send.c b/contrib/bind/bin/nslookup/send.c index de60d21aba7f..738f66add051 100644 --- a/contrib/bind/bin/nslookup/send.c +++ b/contrib/bind/bin/nslookup/send.c @@ -53,7 +53,7 @@ #ifndef lint static const char sccsid[] = "@(#)send.c 5.18 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: send.c,v 8.13 2002/04/09 05:55:23 marka Exp $"; +static const char rcsid[] = "$Id: send.c,v 8.14 2002/05/10 04:35:09 marka Exp $"; #endif /* not lint */ /* @@ -291,7 +291,7 @@ SendRequest(union res_sockaddr_union *nsAddrPtr, const u_char *buf, } #else /* BSD */ if (sendto(s, (const char *)buf, buflen, 0, - (struct sockaddr *) &nsAddrPtr, + (struct sockaddr *) nsAddrPtr, clen) != buflen) { if (res.options & RES_DEBUG) perror("sendto"); diff --git a/contrib/bind/doc/html/server.html b/contrib/bind/doc/html/server.html index b7fea338cff3..5dea79436af4 100644 --- a/contrib/bind/doc/html/server.html +++ b/contrib/bind/doc/html/server.html @@ -13,6 +13,7 @@ 
 server ip_addr {
+  [ edns yes_or_no; ]
   [ bogus yes_or_no; ]
   [ support-ixfr yes_or_no; ]
   [ transfers number; ]
@@ -28,6 +29,10 @@ server ip_addr {
 
The server statement defines the characteristics to be
 associated with a remote name server.

 
+
If you discover that a server does not support EDNS you can prevent
+named making EDNS queries to it by specifying edns no;.
+The default value of edns is yes.
+
 
If you discover that a server is giving out bad data, marking it as
 bogus will prevent further queries to it.  The default value of
 bogus is no.  Marking a server as bogus
@@ -69,7 +74,7 @@ required to be signed by this key.
 
 

 

-Last Updated: $Id: server.html,v 1.12 2001/08/10 05:12:29 marka Exp $
+Last Updated: $Id: server.html,v 1.13 2002/05/24 03:04:51 marka Exp $
 

 
 
diff --git a/contrib/bind/doc/man/dig.1 b/contrib/bind/doc/man/dig.1
index ae4c3f2b22b7..67995591452c 100644
--- a/contrib/bind/doc/man/dig.1
+++ b/contrib/bind/doc/man/dig.1
@@ -1,4 +1,4 @@
-.\" $Id: dig.1,v 8.8 2001/09/24 15:21:29 marka Exp $
+.\" $Id: dig.1,v 8.9 2002/06/18 01:53:43 marka Exp $
 .\"
 .\" ++Copyright++ 1993
 .\" -
@@ -95,7 +95,7 @@ will take the form:
 where:
 .Bl -tag -width Fl
 .It Ar server
-may be either a domain name or a dot-notation
+may be either a domain name or a raw (IPv4 / IPv6)
 Internet address. If this optional field is omitted, 
 .Ic dig
 will attempt to use the default name server for your machine.
@@ -145,7 +145,7 @@ See the
 .Fl x 
 option (documented in the
 .Sx OTHER OPTIONS 
-subsection of this section) for convenient way to specify inverse address
+subsection of this section) for convenient way to specify reverse address
 query.
 .It Ar query-type
 is the type of information (DNS query type) that
@@ -240,9 +240,15 @@ available (although not guaranteed to be useful):
 .It Fl x Ar dot-notation-address
 Convenient form to specify inverse address mapping.
 Instead of 
-.Dq Ic dig 32.0.9.128.in-addr.arpa , 
+.Dq Ic dig 32.0.9.28.in-addr.arpa , 
 one can simply 
-.Dq Ic dig -x 128.9.0.32 .
+.Dq Ic dig -x 28.9.0.32 .
+.It Fl x Ar IPv6-address
+Convenient form to specify inverse address mapping.
+Instead of 
+.Dq Ic dig 1.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa ,
+one can simply 
+.Dq Ic dig -x ::1 .
 .It Fl f Ar file
 File for 
 .Ic dig
diff --git a/contrib/bind/doc/man/dnsquery.1 b/contrib/bind/doc/man/dnsquery.1
index bc0307f5b890..b6588c636744 100644
--- a/contrib/bind/doc/man/dnsquery.1
+++ b/contrib/bind/doc/man/dnsquery.1
@@ -1,4 +1,4 @@
-.\" $Id: dnsquery.1,v 8.4 2001/08/08 07:49:58 marka Exp $
+.\" $Id: dnsquery.1,v 8.5 2002/06/18 02:04:54 marka Exp $
 .\"
 .\"Copyright (c) 1995,1996,1999 by Internet Software Consortium
 .\"
@@ -49,8 +49,10 @@ are treated without case-sensitivity.
 .Bl -tag -width Fl
 .It Fl n Ar nameserver
 The nameserver to be used in the query.  Nameservers can appear as either 
-Internet addresses of the form 
-.Ar w.x.y.z 
+Internet addresses of the form
+.Ar ( w.x.y.z
+or
+.Ar xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx )
 or can appear as domain names.
 (Default: as specified in 
 .Pa /etc/resolv.conf . ) 
diff --git a/contrib/bind/doc/man/host.1 b/contrib/bind/doc/man/host.1
index 90b5e84ea3d0..858bd6e7b863 100644
--- a/contrib/bind/doc/man/host.1
+++ b/contrib/bind/doc/man/host.1
@@ -50,7 +50,7 @@
 .\" SOFTWARE.
 .\" -
 .\" --Copyright--
-.\" $Id: host.1,v 8.6 2001/08/10 00:14:47 cyarnell Exp $
+.\" $Id: host.1,v 8.7 2002/06/18 02:39:26 marka Exp $
 .Dd December 15, 1994
 .Dt HOST @CMD_EXT_U@
 .Os BSD 4
@@ -84,7 +84,7 @@ by the domain server.
 The arguments can be either host names or host numbers.  The program
 first attempts to interpret them as host numbers.  If this fails,
 it will treat them as host names.  A host number consists of
-first decimal numbers separated by dots, e.g. 128.6.4.194
+IPv4 dotted decimal quad (127.0.0.1) or IPv6 raw address (::1).
 A host name consists of names separated by dots, e.g. topaz.rutgers.edu.  
 Unless the name ends in a dot, the local domain
 is automatically tacked on the end.  Thus, a Rutgers user can say
@@ -192,6 +192,7 @@ to be looked up.  The arguments are defined in the man page for
 .Xr @INDOT@named @SYS_OPS_EXT@ .
 Currently-supported types include: 
 .Dq Cm a , 
+.Dq Cm aaaa , 
 .Dq Cm ns , 
 .Dq Cm md , 
 .Dq Cm mf , 
diff --git a/contrib/bind/doc/man/named.conf.5 b/contrib/bind/doc/man/named.conf.5
index df07b1acea89..532af69e8f8d 100644
--- a/contrib/bind/doc/man/named.conf.5
+++ b/contrib/bind/doc/man/named.conf.5
@@ -1895,6 +1895,7 @@ Any number of trusted keys can be specified.
 .Ss Syntax
 .Bd -literal
 server \fIip_addr\fR {
+  [ edns \fIyes_or_no\fR; ]
   [ bogus \fIyes_or_no\fR; ]
   [ support-ixfr \fIyes_or_no\fR; ]
   [ transfers \fInumber\fR; ]
@@ -1906,6 +1907,15 @@ server \fIip_addr\fR {
 The server statement defines the characteristics to be
 associated with a remote name server.
 .Pp
+If you discover that a server does not support EDNS you can prevent
+named making EDNS queries to it by specifying
+.Ic edns
+.Ic no; .       
+The default value of 
+.Ic edns
+is 
+.Ic yes .
+.Pp
 If you discover that a server is giving out bad data, marking it as
 .Ic bogus
 will prevent further queries to it.  The default value of
diff --git a/contrib/bind/doc/misc/rfc2317-notes.txt b/contrib/bind/doc/misc/rfc2317-notes.txt
new file mode 100644
index 000000000000..0b62d2a9a1fe
--- /dev/null
+++ b/contrib/bind/doc/misc/rfc2317-notes.txt
@@ -0,0 +1,105 @@
+Message-Id: <200005230246.WAA03750@hrothgar.gw.com>
+To: ...
+Subject: Notes on RFC-2317
+Date: Mon, 22 May 2000 22:46:55 -0400
+From: Kimmo Suominen 
+
+Hi!
+
+I wrote down some notes on RFC-2317.  I've had discussions with all of
+you regarding classless IN-ADDR.ARPA delegations, and I would very much
+appreciate any comments you may have.  Please feel free to forward this
+to other parties as you see necessary or appropriate.
+
+The goal of these notes is to try and clarify the reasoning behind the
+recommendations I've been making on implementing RFC-2317 delegations.
+In particular the following issues keep coming up with again and again
+with each vendor:
+
+    - why use "-" instead of "/"
+    - why use particular NS records
+    - why delegate within IN-ADDR.ARPA
+
+I am hoping that the these notes could eventually be used to convince
+ISPs to provide an efficient and smooth implementation of RFC-2317 with
+the least amount of headache for the end-user.
+
+Regards,
++ Kim
+
+
+
+NOTES ON IMPLEMENTING CLASSLESS IN-ADDR.ARPA DELEGATION PER RFC-2317
+
+1.  Selecting the CNAME target zone
+
+    RFC-2317 shows an example case where the target zone is a delegated
+    sub-zone of the IN-ADDR.ARPA zone for the natural class C network.
+    This will allow for the NS records for the zone can be independently
+    selected (see benefits described below).  An example of such a zone
+    would be 0-28.150.80.204.IN-ADDR.ARPA.
+
+    Now pay careful attention to the last paragraph of RFC-2317.  There
+    are broken resolver implementations that apply the "valid host name"
+    restrictions on the CNAME target (it should only be applied to the
+    PTR target name).  To avoid problems with such implementations it
+    is best to use a character that is allowed in a hostname.  I prefer
+    using a hyphen, as I did in the example above.
+
+    Some ISPs may at first refuse to delegate these zones (without any
+    explanation).  Approach such ISPs with the reasoning in here first,
+    but if that fails consider using your "forward" zone as a fallback.
+
+    There is nothing magic about the IN-ADDR.ARPA zone for RFC-2317
+    delegations.  You will have to sacrifice the optimization provided
+    by a correct IN-ADDR.ARPA delegation, but you will still retain
+    the ease of local administration for all name changes.
+
+    I recommend using a dedicated subdomain for the PTR records, e.g. if
+    your "forward" domain is "HOME.GW.COM" use "REV.HOME.GW.COM" for the
+    PTR records.
+
+2.  Selecting the NS records
+
+    The NS records for the delegated zone should include all the NS
+    records of the parent zone, in addition to any NS records pointing
+    to the public name servers the delegate may want to use.  Having the
+    name servers of the parent zone secondary the delegated zone allows
+    them to have the necessary authoritative data to return the CNAME
+    target in the additional records of a response to a PTR record query
+    (minimizing the number of queries needed to resolve an address).
+
+    This can be achieved using any zone (i.e. even a subdomain of your
+    "forward" domain), of course.  However, having the ISP delegate an
+    IN-ADDR.ARPA zone for your PTR records rather than you delegating a
+    zone to your ISP maintains the logical "owner" and "delegate" roles.
+
+    If the primary server for the delegated zone is not permanently on
+    the Internet (e.g. a dial-on-demand connection) then you would not
+    want to advertise it in the NS records.  It would just be a stealth
+    server which the advertised secondaries poll for updates.
+
+3.  Example delegation
+
+    To delegate our example zone 0-28.150.80.204.IN-ADDR.ARPA first look
+    at the NS records of the parent zone 150.80.204.IN-ADDR.ARPA.  Let's
+    say they are the following:
+
+        $ORIGIN 150.80.204.IN-ADDR.ARPA.
+        @    IN NS GRENDEL.GW.COM.
+             IN NS PYRY.GW.COM.
+
+    To delegate 204.80.150.0/28 to SRV.HOME.GW.COM you would then insert
+    these records in the parent zone data:
+
+        $ORIGIN 150.80.204.IN-ADDR.ARPA.
+        0-28 IN NS SRV.HOME.GW.COM.
+             IN NS GRENDEL.GW.COM.
+             IN NS PYRY.GW.COM.
+        $GENERATE 0-15 $ IN CNAME $.0-28.150.80.204.IN-ADDR.ARPA.
+
+    The necessary modifications to /etc/named.conf will be left as an
+    exercise to the reader.
+
+Kimmo Suominen
+Global Wire Oy
diff --git a/contrib/bind/include/arpa/nameser_compat.h b/contrib/bind/include/arpa/nameser_compat.h
index a32485ad96a9..cbceb6ed2421 100644
--- a/contrib/bind/include/arpa/nameser_compat.h
+++ b/contrib/bind/include/arpa/nameser_compat.h
@@ -32,7 +32,7 @@
 
 /*
  *      from nameser.h	8.1 (Berkeley) 6/2/93
- *	$Id: nameser_compat.h,v 8.13 2001/09/24 02:20:25 marka Exp $
+ *	$Id: nameser_compat.h,v 8.14 2002/05/18 01:39:11 marka Exp $
  */
 
 #ifndef _ARPA_NAMESER_COMPAT_
@@ -64,7 +64,7 @@
     defined(apollo) || defined(__convex__) || defined(_CRAY) || \
     defined(__hppa) || defined(__hp9000) || \
     defined(__hp9000s300) || defined(__hp9000s700) || \
-    defined(__hp3000s900) || defined(MPE) || \
+    defined(__hp3000s900) || defined(__hpux) || defined(MPE) || \
     defined (BIT_ZERO_ON_LEFT) || defined(m68k) || \
     (defined(__Lynx__) && \
      (defined(__68k__) || defined(__sparc__) || defined(__powerpc__)))
diff --git a/contrib/bind/include/isc/list.h b/contrib/bind/include/isc/list.h
index 21dd565df560..0aa6f7da9581 100644
--- a/contrib/bind/include/isc/list.h
+++ b/contrib/bind/include/isc/list.h
@@ -24,11 +24,13 @@
 	do { (list).head = NULL; (list).tail = NULL; } while (0)
 
 #define LINK(type) struct { type *prev, *next; }
-#define INIT_LINK(elt, link) \
+#define INIT_LINK_TYPE(elt, link, type) \
 	do { \
-		(elt)->link.prev = (void *)(-1); \
-		(elt)->link.next = (void *)(-1); \
+		(elt)->link.prev = (type *)(-1); \
+		(elt)->link.next = (type *)(-1); \
 	} while (0)
+#define INIT_LINK(elt, link) \
+	INIT_LINK_TYPE(elt, link, void)
 #define LINKED(elt, link) ((void *)((elt)->link.prev) != (void *)(-1))
 
 #define HEAD(list) ((list).head)
@@ -59,7 +61,7 @@
 		(list).tail = (elt); \
 	} while (0)
 
-#define UNLINK(list, elt, link) \
+#define UNLINK_TYPE(list, elt, link, type) \
 	do { \
 		INSIST(LINKED(elt, link));\
 		if ((elt)->link.next != NULL) \
@@ -70,8 +72,10 @@
 			(elt)->link.prev->link.next = (elt)->link.next; \
 		else \
 			(list).head = (elt)->link.next; \
-		INIT_LINK(elt, link); \
+		INIT_LINK_TYPE(elt, link, type); \
 	} while (0)
+#define UNLINK(list, elt, link) \
+	UNLINK_TYPE(list, elt, link, void)
 
 #define PREV(elt, link) ((elt)->link.prev)
 #define NEXT(elt, link) ((elt)->link.next)
diff --git a/contrib/bind/include/resolv.h b/contrib/bind/include/resolv.h
index ff3c01f6c068..5497f304f502 100644
--- a/contrib/bind/include/resolv.h
+++ b/contrib/bind/include/resolv.h
@@ -50,7 +50,7 @@
 
 /*
  *	@(#)resolv.h	8.1 (Berkeley) 6/2/93
- *	$Id: resolv.h,v 8.45 2002/04/12 06:27:48 marka Exp $
+ *	$Id: resolv.h,v 8.48 2002/05/31 06:05:29 marka Exp $
  */
 
 #ifndef _RESOLV_H_
@@ -156,7 +156,11 @@ struct __res_state_ext;
 struct __res_state {
 	int	retrans;	 	/* retransmition time interval */
 	int	retry;			/* number of times to retransmit */
+#ifdef sun
+	u_int	options;		/* option flags - see below. */
+#else
 	u_long	options;		/* option flags - see below. */
+#endif
 	int	nscount;		/* number of name servers */
 	struct sockaddr_in
 		nsaddr_list[MAXNS];	/* address of name server */
@@ -164,7 +168,11 @@ struct __res_state {
 	u_short	id;			/* current message id */
 	char	*dnsrch[MAXDNSRCH+1];	/* components of domain to search */
 	char	defdname[256];		/* default domain (deprecated) */
+#ifdef sun
+	u_int	pfcode;			/* RES_PRF_ flags - see below. */
+#else
 	u_long	pfcode;			/* RES_PRF_ flags - see below. */
+#endif
 	unsigned ndots:4;		/* threshold for initial abs. query */
 	unsigned nsort:4;		/* number of elements in sort_list[] */
 	char	unused[3];
@@ -177,9 +185,10 @@ struct __res_state {
 	int	res_h_errno;		/* last one set for this context */
 	int	_vcsock;		/* PRIVATE: for res_send VC i/o */
 	u_int	_flags;			/* PRIVATE: see below */
+	u_int	_pad;			/* make _u 64 bit aligned */
 	union {
 		/* On an 32-bit arch this means 512b total. */
-		char	pad[72 - 3*sizeof (int) - 2*sizeof (void *)];
+		char	pad[72 - 4*sizeof (int) - 2*sizeof (void *)];
 		struct {
 			u_int16_t		nscount;
 			u_int16_t		nstimes[MAXNS];	/* ms. */
@@ -245,6 +254,7 @@ union res_sockaddr_union {
 #define RES_USE_DNAME	0x10000000	/* use DNAME */
 #define RES_USE_A6	0x20000000	/* use A6 */
 #define RES_USE_EDNS0	0x40000000	/* use EDNS0 if configured */
+#define RES_NO_NIBBLE2	0x80000000	/* disable alternate nibble lookup */
 
 #define RES_DEFAULT	(RES_RECURSE | RES_DEFNAMES | RES_DNSRCH)
 
@@ -460,6 +470,7 @@ const char *	res_protocolname __P((int num));
 void		res_destroyprotolist __P((void));
 void		res_buildprotolist __P((void));
 const char *	res_get_nibblesuffix __P((res_state));
+const char *	res_get_nibblesuffix2 __P((res_state));
 const char *	res_get_bitstringsuffix __P((res_state));
 void		res_ndestroy __P((res_state));
 u_int16_t	res_nametoclass __P((const char *buf, int *success));
diff --git a/contrib/bind/lib/irs/dns_ho.c b/contrib/bind/lib/irs/dns_ho.c
index 7d64e5332bb0..6c0a6e7373fe 100644
--- a/contrib/bind/lib/irs/dns_ho.c
+++ b/contrib/bind/lib/irs/dns_ho.c
@@ -52,7 +52,7 @@
 /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: dns_ho.c,v 1.35 2002/05/08 01:49:27 marka Exp $";
+static const char rcsid[] = "$Id: dns_ho.c,v 1.39 2002/06/27 03:56:32 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /* Imports. */
@@ -74,6 +74,7 @@ static const char rcsid[] = "$Id: dns_ho.c,v 1.35 2002/05/08 01:49:27 marka Exp
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -161,7 +162,7 @@ static struct addrinfo * ho_addrinfo(struct irs_ho *this, const char *name,
 				     const struct addrinfo *pai);
 
 static void		map_v4v6_hostent(struct hostent *hp, char **bp,
-					 int *len);
+					 char *ep);
 static void		addrsort(res_state, char **, int);
 static struct hostent *	gethostans(struct irs_ho *this,
 				   const u_char *ansbuf, int anslen,
@@ -404,15 +405,12 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af)
 		q->answer = q->qbuf.buf;
 		q->anslen = sizeof(q->qbuf);
 		q->next = q2;
-		if ((pvt->res->options & RES_NO_BITSTRING) != 0)
-			q->action = RESTGT_IGNORE;
-		else
-			q->action = RESTGT_DOALWAYS;
+		q->action = RESTGT_DOALWAYS;
 		q2->qclass = C_IN;
 		q2->qtype = T_PTR;
 		q2->answer = q2->qbuf.buf;
 		q2->anslen = sizeof(q2->qbuf);
-		if ((pvt->res->options & RES_NO_NIBBLE) != 0)
+		if ((pvt->res->options & RES_NO_NIBBLE2) != 0)
 			q2->action = RESTGT_IGNORE;
 		else
 			q2->action = RESTGT_AFTERFAILURE;
@@ -441,11 +439,12 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af)
 	case AF_INET6:
 		if (q->action != RESTGT_IGNORE) {
 			qp = q->qname;
-			qp += SPRINTF((qp, "\\[x"));
-			for (n = 0; n < IN6ADDRSZ; n++)
-				qp += SPRINTF((qp, "%02x", uaddr[n]));
-			SPRINTF((qp, "/128].%s",
-				 res_get_bitstringsuffix(pvt->res)));
+			for (n = IN6ADDRSZ - 1; n >= 0; n--) {
+				qp += SPRINTF((qp, "%x.%x.",
+					       uaddr[n] & 0xf,
+					       (uaddr[n] >> 4) & 0xf));
+			}
+			strcpy(qp, res_get_nibblesuffix(pvt->res));
 		}
 		if (q2->action != RESTGT_IGNORE) {
 			qp = q2->qname;
@@ -454,7 +453,7 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af)
 					       uaddr[n] & 0xf,
 					       (uaddr[n] >> 4) & 0xf));
 			}
-			strcpy(qp, res_get_nibblesuffix(pvt->res));
+			strcpy(qp, res_get_nibblesuffix2(pvt->res));
 		}
 		break;
 	default:
@@ -1081,7 +1080,7 @@ gethostans(struct irs_ho *this,
 	   struct addrinfo **ret_aip, const struct addrinfo *pai)
 {
 	struct pvt *pvt = (struct pvt *)this->private;
-	int type, class, buflen, ancount, qdcount, n, haveanswer, had_error;
+	int type, class, ancount, qdcount, n, haveanswer, had_error;
 	int error = NETDB_SUCCESS, arcount;
 	int (*name_ok)(const char *);
 	const HEADER *hp;
@@ -1090,7 +1089,7 @@ gethostans(struct irs_ho *this,
 	const u_char *cp;
 	const char *tname;
 	const char *hname;
-	char *bp, **ap, **hap;
+	char *bp, *ep, **ap, **hap;
 	char tbuf[MAXDNAME+1];
 	struct addrinfo sentinel, *cur, ai;
 	const u_char *arp = NULL;
@@ -1133,13 +1132,13 @@ gethostans(struct irs_ho *this,
 	qdcount = ntohs(hp->qdcount);
 	arcount = ntohs(hp->arcount);
 	bp = pvt->hostbuf;
-	buflen = sizeof pvt->hostbuf;
+	ep = pvt->hostbuf + sizeof(pvt->hostbuf);
 	cp = ansbuf + HFIXEDSZ;
 	if (qdcount != 1) {
 		RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 		return (NULL);
 	}
-	n = dn_expand(ansbuf, eom, cp, bp, buflen);
+	n = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 	if (n < 0 || !maybe_ok(pvt->res, bp, name_ok)) {
 		RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 		return (NULL);
@@ -1163,7 +1162,6 @@ gethostans(struct irs_ho *this,
 		pvt->host.h_name = bp;
 		hname = bp;
 		bp += n;
-		buflen -= n;
 		/* The qname can be abbreviated, but hname is now absolute. */
 		qname = pvt->host.h_name;
 	}
@@ -1176,7 +1174,7 @@ gethostans(struct irs_ho *this,
 	haveanswer = 0;
 	had_error = 0;
 	while (ancount-- > 0 && cp < eom && !had_error) {
-		n = dn_expand(ansbuf, eom, cp, bp, buflen);
+		n = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 		if (n < 0 || !maybe_ok(pvt->res, bp, name_ok)) {
 			had_error++;
 			continue;
@@ -1197,6 +1195,15 @@ gethostans(struct irs_ho *this,
 		eor = cp + n;
 		if ((qtype == T_A || qtype == T_AAAA || qtype == ns_t_a6 ||
 		     qtype == T_ANY) && type == T_CNAME) {
+			if (haveanswer) {
+				int level = LOG_CRIT;
+#ifdef LOG_SECURITY
+				level |= LOG_SECURITY;
+#endif
+				syslog(level,
+ "gethostans: possible attempt to exploit buffer overflow while looking up %s",
+					*qname ? qname : ".");
+			}
 			n = dn_expand(ansbuf, eor, cp, tbuf, sizeof tbuf);
 			if (n < 0 || !maybe_ok(pvt->res, tbuf, name_ok)) {
 				had_error++;
@@ -1209,10 +1216,9 @@ gethostans(struct irs_ho *this,
 			*ap++ = bp;
 			n = strlen(bp) + 1;	/* for the \0 */
 			bp += n;
-			buflen -= n;
 			/* Get canonical name. */
 			n = strlen(tbuf) + 1;	/* for the \0 */
-			if (n > buflen || n > MAXHOSTNAMELEN) {
+			if (n > (ep - bp) || n > MAXHOSTNAMELEN) {
 				had_error++;
 				continue;
 			}
@@ -1220,7 +1226,6 @@ gethostans(struct irs_ho *this,
 			pvt->host.h_name = bp;
 			hname = bp;
 			bp += n;
-			buflen -= n;
 			continue;
 		}
 		if (type == ns_t_dname) {
@@ -1256,7 +1261,7 @@ gethostans(struct irs_ho *this,
 			cp += n;
 
 			n = strlen(t) + 1; /* for the \0 */
-			if (n > buflen) {
+			if (n > (ep - bp)) {
 				had_error++;
 				continue;
 			}
@@ -1266,7 +1271,6 @@ gethostans(struct irs_ho *this,
 			else
 				hname = bp;
 			bp += n;
-			buflen -= n;
 
 			continue;
 		}
@@ -1292,14 +1296,13 @@ gethostans(struct irs_ho *this,
 			}
 			/* Get canonical name. */
 			n = strlen(tbuf) + 1;	/* for the \0 */
-			if (n > buflen) {
+			if (n > (ep - bp)) {
 				had_error++;
 				continue;
 			}
 			strcpy(bp, tbuf);
 			tname = bp;
 			bp += n;
-			buflen -= n;
 			continue;
 		}
 		if (qtype == T_ANY) {
@@ -1323,7 +1326,7 @@ gethostans(struct irs_ho *this,
 				cp += n;
 				continue;
 			}
-			n = dn_expand(ansbuf, eor, cp, bp, buflen);
+			n = dn_expand(ansbuf, eor, cp, bp, ep - bp);
 			if (n < 0 || !maybe_hnok(pvt->res, bp) ||
 			    n >= MAXHOSTNAMELEN) {
 				had_error++;
@@ -1341,7 +1344,6 @@ gethostans(struct irs_ho *this,
 			if (n != -1) {
 				n = strlen(bp) + 1;	/* for the \0 */
 				bp += n;
-				buflen -= n;
 			}
 			break;
 		case ns_t_a6: {
@@ -1441,7 +1443,6 @@ gethostans(struct irs_ho *this,
 				pvt->host.h_name = bp;
 				hname = bp;
 				bp += nn;
-				buflen -= nn;
 			}
 			/* Ensure alignment. */
 			bp = (char *)(((u_long)bp + (sizeof(align) - 1)) &
@@ -1495,15 +1496,14 @@ gethostans(struct irs_ho *this,
 					 haveanswer);
 			if (pvt->host.h_name == NULL) {
 				n = strlen(qname) + 1;	/* for the \0 */
-				if (n > buflen || n >= MAXHOSTNAMELEN)
+				if (n > (ep - bp) || n >= MAXHOSTNAMELEN)
 					goto no_recovery;
 				strcpy(bp, qname);
 				pvt->host.h_name = bp;
 				bp += n;
-				buflen -= n;
 			}
 			if (pvt->res->options & RES_USE_INET6)
-				map_v4v6_hostent(&pvt->host, &bp, &buflen);
+				map_v4v6_hostent(&pvt->host, &bp, ep);
 			RES_SET_H_ERRNO(pvt->res, NETDB_SUCCESS);
 			return (&pvt->host);
 		} else {
@@ -1577,7 +1577,7 @@ add_hostent(struct pvt *pvt, char *bp, char **hap, struct addrinfo *ai)
 }
 
 static void
-map_v4v6_hostent(struct hostent *hp, char **bpp, int *lenp) {
+map_v4v6_hostent(struct hostent *hp, char **bpp, char *ep) {
 	char **ap;
 
 	if (hp->h_addrtype != AF_INET || hp->h_length != INADDRSZ)
@@ -1590,17 +1590,15 @@ map_v4v6_hostent(struct hostent *hp, char **bpp, int *lenp) {
 		if (i != 0)
 			i = sizeof(align) - i;
 
-		if (*lenp < (i + IN6ADDRSZ)) {
+		if ((ep - *bpp) < (i + IN6ADDRSZ)) {
 			/* Out of memory.  Truncate address list here. */
 			*ap = NULL;
 			return;
 		}
 		*bpp += i;
-		*lenp -= i;
 		map_v4v6_address(*ap, *bpp);
 		*ap = *bpp;
 		*bpp += IN6ADDRSZ;
-		*lenp -= IN6ADDRSZ;
 	}
 }
 
diff --git a/contrib/bind/lib/irs/dns_nw.c b/contrib/bind/lib/irs/dns_nw.c
index fbc613f24016..f39a59a05a2c 100644
--- a/contrib/bind/lib/irs/dns_nw.c
+++ b/contrib/bind/lib/irs/dns_nw.c
@@ -16,7 +16,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: dns_nw.c,v 1.22 2002/02/27 03:50:10 marka Exp $";
+static const char rcsid[] = "$Id: dns_nw.c,v 1.23 2002/06/26 07:42:06 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /* Imports. */
@@ -299,8 +299,8 @@ get1101answer(struct irs_nw *this,
 	      int af, const char *name, const u_char *addr, int addrlen)
 {
 	struct pvt *pvt = (struct pvt *)this->private;
-	int type, class, buflen, ancount, qdcount, haveanswer;
-	char *bp, **ap;
+	int type, class, ancount, qdcount, haveanswer;
+	char *bp, *ep, **ap;
 	u_char *cp, *eom;
 	HEADER *hp;
 
@@ -332,7 +332,7 @@ get1101answer(struct irs_nw *this,
 
 	/* Prepare a return structure. */
 	bp = pvt->buf;
-	buflen = sizeof pvt->buf;
+	ep = pvt->buf + sizeof(pvt->buf);
 	pvt->net.n_name = NULL;
 	pvt->net.n_aliases = pvt->ali;
 	pvt->net.n_addrtype = af;
@@ -345,20 +345,19 @@ get1101answer(struct irs_nw *this,
 		if (name != NULL) {
 			int n = strlen(name) + 1;
 
-			if (n > buflen) {
+			if (n > (ep - bp)) {
 				RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 				return (NULL);
 			}
 			pvt->net.n_name = strcpy(bp, name);
 			bp += n;
-			buflen -= n;
 		}
 		break;
 	case by_addr:
 		if (addr != NULL && addrlen != 0) {
 			int n = addrlen / 8 + ((addrlen % 8) != 0);
 
-			if (INADDRSZ > buflen) {
+			if (INADDRSZ > (ep - bp)) {
 				RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 				return (NULL);
 			}
@@ -366,7 +365,6 @@ get1101answer(struct irs_nw *this,
 			memcpy(bp, addr, n);
 			pvt->net.n_addr = bp;
 			bp += INADDRSZ;
-			buflen -= INADDRSZ;
 		}
 		break;
 	default:
@@ -377,7 +375,7 @@ get1101answer(struct irs_nw *this,
 	ap = pvt->ali;
 	haveanswer = 0;
 	while (--ancount >= 0 && cp < eom) {
-		int n = dn_expand(ansbuf, eom, cp, bp, buflen);
+		int n = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 
 		cp += n;		/* Owner */
 		if (n < 0 || !maybe_dnok(pvt->res, bp) ||
@@ -392,7 +390,7 @@ get1101answer(struct irs_nw *this,
 		if (class == C_IN && type == T_PTR) {
 			int nn;
 
-			nn = dn_expand(ansbuf, eom, cp, bp, buflen);
+			nn = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 			if (nn < 0 || !maybe_hnok(pvt->res, bp) || nn != n) {
 				RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 				return (NULL);
@@ -408,7 +406,6 @@ get1101answer(struct irs_nw *this,
 					*ap++ = bp;
 				nn = strlen(bp) + 1;
 				bp += nn;
-				buflen -= nn;
 				haveanswer++;
 				break;
 			    }
@@ -419,7 +416,7 @@ get1101answer(struct irs_nw *this,
 				    sscanf(bp, "%u.%u.%u.%u.in-addr.arpa",
 					   &b1, &b2, &b3, &b4) != 4)
 					break;
-				if (buflen < INADDRSZ) {
+				if ((ep - bp) < INADDRSZ) {
 					RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 					return (NULL);
 				}
@@ -428,7 +425,6 @@ get1101answer(struct irs_nw *this,
 				*bp++ = b3;
 				*bp++ = b2;
 				*bp++ = b1;
-				buflen -= INADDRSZ;
 				pvt->net.n_length = INADDRSZ * 8;
 				haveanswer++;
 			    }
diff --git a/contrib/bind/lib/irs/gethostent.c b/contrib/bind/lib/irs/gethostent.c
index 586fa492a372..8e7e7179f66b 100644
--- a/contrib/bind/lib/irs/gethostent.c
+++ b/contrib/bind/lib/irs/gethostent.c
@@ -16,7 +16,7 @@
  */
 
 #if !defined(LINT) && !defined(CODECENTER)
-static const char rcsid[] = "$Id: gethostent.c,v 1.29 2001/05/29 05:48:44 marka Exp $";
+static const char rcsid[] = "$Id: gethostent.c,v 1.32 2002/05/27 06:50:55 marka Exp $";
 #endif
 
 /* Imports */
@@ -458,34 +458,34 @@ freehostent(struct hostent *he) {
  *	-1 on failure.
  */
 
-static int
-scan_interfaces(int *have_v4, int *have_v6) {
-#ifndef SIOCGLIFCONF
-/* map new to old */
-#define SIOCGLIFCONF SIOCGIFCONF
-#define lifc_len ifc_len
-#define lifc_buf ifc_buf
-	struct ifconf lifc;
+#if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \
+    !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) 
+
+#ifdef __hpux
+#define lifc_len iflc_len
+#define lifc_buf iflc_buf
+#define lifc_req iflc_req
+#define LIFCONF if_laddrconf
 #else
 #define SETFAMILYFLAGS
-	struct lifconf lifc;
+#define LIFCONF lifconf
 #endif
-
-#ifndef SIOCGLIFADDR
-/* map new to old */
-#define SIOCGLIFADDR SIOCGIFADDR
-#endif
-
-#ifndef SIOCGLIFFLAGS
-#define SIOCGLIFFLAGS SIOCGIFFLAGS
-#define lifr_addr ifr_addr
-#define lifr_name ifr_name
-#define lifr_flags ifr_flags
+ 
+#ifdef __hpux
+#define lifr_addr iflr_addr
+#define lifr_name iflr_name
+#define lifr_dstaddr iflr_dstaddr
+#define lifr_flags iflr_flags
 #define ss_family sa_family
-	struct ifreq lifreq;
+#define LIFREQ if_laddrreq
 #else
-	struct lifreq lifreq;
+#define LIFREQ lifreq
 #endif
+
+static int
+scan_interfaces6(int *have_v4, int *have_v6) {
+	struct LIFCONF lifc;
+	struct LIFREQ lifreq;
 	struct in_addr in4;
 	struct in6_addr in6;
 	char *buf = NULL, *cp, *cplim;
@@ -496,7 +496,7 @@ scan_interfaces(int *have_v4, int *have_v6) {
 	*have_v4 = *have_v6 = 0;
 
 	/* Get interface list from system. */
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) == -1)
 		goto err_ret;
 
 	/*
@@ -508,20 +508,11 @@ scan_interfaces(int *have_v4, int *have_v6) {
 		if (buf == NULL)
 			goto err_ret;
 #ifdef SETFAMILYFLAGS
-		lifc.lifc_family = AF_UNSPEC;
+		lifc.lifc_family = AF_UNSPEC;	/* request all families */
 		lifc.lifc_flags = 0;
 #endif
 		lifc.lifc_len = bufsiz;
 		lifc.lifc_buf = buf;
-#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF
-		/*
-		 * This is a fix for IRIX OS in which the call to ioctl with
-		 * the flag SIOCGIFCONF may not return an entry for all the
-		 * interfaces like most flavors of Unix.
-		 */
-		if (emul_ioctl(&lifc) >= 0)
-			break;
-#else
 		if ((n = ioctl(s, SIOCGLIFCONF, (char *)&lifc)) != -1) {
 			/*
 			 * Some OS's just return what will fit rather
@@ -534,7 +525,6 @@ scan_interfaces(int *have_v4, int *have_v6) {
 			if (lifc.lifc_len + 2 * sizeof(lifreq) < bufsiz)
 				break;
 		}
-#endif
 		if ((n == -1) && errno != EINVAL)
 			goto err_ret;
 
@@ -620,6 +610,158 @@ scan_interfaces(int *have_v4, int *have_v6) {
 	return (-1);
 }
 
+#endif
+
+static int
+scan_interfaces(int *have_v4, int *have_v6) {
+	struct ifconf ifc;
+	union {
+		char _pad[256];		/* leave space for IPv6 addresses */
+		struct ifreq ifreq;
+	} u;
+	struct in_addr in4;
+	struct in6_addr in6;
+	char *buf = NULL, *cp, *cplim;
+	static unsigned int bufsiz = 4095;
+	int s, n;
+	size_t cpsize;
+
+#if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \
+    !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) 
+	/*
+	 * Try to scan the interfaces using IPv6 ioctls().
+	 */
+	if (!scan_interfaces6(have_v4, have_v6))
+		return (0);
+#endif
+
+	/* Set to zero.  Used as loop terminators below. */
+	*have_v4 = *have_v6 = 0;
+
+	/* Get interface list from system. */
+	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+		goto err_ret;
+
+	/*
+	 * Grow buffer until large enough to contain all interface
+	 * descriptions.
+	 */
+	for (;;) {
+		buf = memget(bufsiz);
+		if (buf == NULL)
+			goto err_ret;
+		ifc.ifc_len = bufsiz;
+		ifc.ifc_buf = buf;
+#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF
+		/*
+		 * This is a fix for IRIX OS in which the call to ioctl with
+		 * the flag SIOCGIFCONF may not return an entry for all the
+		 * interfaces like most flavors of Unix.
+		 */
+		if (emul_ioctl(&ifc) >= 0)
+			break;
+#else
+		if ((n = ioctl(s, SIOCGIFCONF, (char *)&ifc)) != -1) {
+			/*
+			 * Some OS's just return what will fit rather
+			 * than set EINVAL if the buffer is too small
+			 * to fit all the interfaces in.  If 
+			 * ifc.ifc_len is too near to the end of the
+			 * buffer we will grow it just in case and
+			 * retry.
+			 */
+			if (ifc.ifc_len + 2 * sizeof(u.ifreq) < bufsiz)
+				break;
+		}
+#endif
+		if ((n == -1) && errno != EINVAL)
+			goto err_ret;
+
+		if (bufsiz > 1000000)
+			goto err_ret;
+
+		memput(buf, bufsiz);
+		bufsiz += 4096;
+	}
+
+	/* Parse system's interface list. */
+	cplim = buf + ifc.ifc_len;    /* skip over if's with big ifr_addr's */
+	for (cp = buf;
+	     (*have_v4 == 0 || *have_v6 == 0) && cp < cplim;
+	     cp += cpsize) {
+		memcpy(&u.ifreq, cp, sizeof u.ifreq);
+#ifdef HAVE_SA_LEN
+#ifdef FIX_ZERO_SA_LEN
+		if (u.ifreq.ifr_addr.sa_len == 0)
+			u.ifreq.ifr_addr.sa_len = 16;
+#endif
+#ifdef HAVE_MINIMUM_IFREQ
+		cpsize = sizeof u.ifreq;
+		if (u.ifreq.ifr_addr.sa_len > sizeof (struct sockaddr))
+			cpsize += (int)u.ifreq.ifr_addr.sa_len -
+				(int)(sizeof (struct sockaddr));
+#else
+		cpsize = sizeof u.ifreq.ifr_name + u.ifreq.ifr_addr.sa_len;
+#endif /* HAVE_MINIMUM_IFREQ */
+		if (cpsize > sizeof u.ifreq && cpsize <= sizeof u)
+			memcpy(&u.ifreq, cp, cpsize);
+#elif defined SIOCGIFCONF_ADDR
+		cpsize = sizeof u.ifreq;
+#else
+		cpsize = sizeof u.ifreq.ifr_name;
+		/* XXX maybe this should be a hard error? */
+		if (ioctl(s, SIOCGIFADDR, (char *)&u.ifreq) < 0)
+			continue;
+#endif
+		switch (u.ifreq.ifr_addr.sa_family) {
+		case AF_INET:
+			if (*have_v4 == 0) {
+				memcpy(&in4,
+				       &((struct sockaddr_in *)
+				       &u.ifreq.ifr_addr)->sin_addr,
+				       sizeof in4);
+				if (in4.s_addr == INADDR_ANY)
+					break;
+				n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq);
+				if (n < 0)
+					break;
+				if ((u.ifreq.ifr_flags & IFF_UP) == 0)
+					break;
+				*have_v4 = 1;
+			} 
+			break;
+		case AF_INET6:
+			if (*have_v6 == 0) {
+				memcpy(&in6,
+				       &((struct sockaddr_in6 *)
+				       &u.ifreq.ifr_addr)->sin6_addr,
+				       sizeof in6);
+				if (memcmp(&in6, &in6addr_any, sizeof in6) == 0)
+					break;
+				n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq);
+				if (n < 0)
+					break;
+				if ((u.ifreq.ifr_flags & IFF_UP) == 0)
+					break;
+				*have_v6 = 1;
+			}
+			break;
+		}
+	}
+	if (buf != NULL)
+		memput(buf, bufsiz);
+	close(s);
+	/* printf("scan interface -> 4=%d 6=%d\n", *have_v4, *have_v6); */
+	return (0);
+ err_ret:
+	if (buf != NULL)
+		memput(buf, bufsiz);
+	if (s != -1)
+		close(s);
+	/* printf("scan interface -> 4=%d 6=%d\n", *have_v4, *have_v6); */
+	return (-1);
+}
+
 static struct hostent *
 copyandmerge(struct hostent *he1, struct hostent *he2, int af, int *error_num) {
 	struct hostent *he = NULL;
diff --git a/contrib/bind/lib/nameser/ns_name.c b/contrib/bind/lib/nameser/ns_name.c
index cf371b660126..96c41e873659 100644
--- a/contrib/bind/lib/nameser/ns_name.c
+++ b/contrib/bind/lib/nameser/ns_name.c
@@ -16,7 +16,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: ns_name.c,v 8.17 2001/10/03 14:34:32 marka Exp $";
+static const char rcsid[] = "$Id: ns_name.c,v 8.18 2002/05/24 05:10:40 marka Exp $";
 #endif
 
 #include "port_before.h"
@@ -681,6 +681,8 @@ special(int ch) {
 	case 0x2E: /* '.' */
 	case 0x3B: /* ';' */
 	case 0x5C: /* '\\' */
+	case 0x28: /* '(' */
+	case 0x29: /* ')' */
 	/* Special modifiers in zone files. */
 	case 0x40: /* '@' */
 	case 0x24: /* '$' */
diff --git a/contrib/bind/lib/resolv/res_debug.c b/contrib/bind/lib/resolv/res_debug.c
index 9b61e11b450f..f2c0689f90f9 100644
--- a/contrib/bind/lib/resolv/res_debug.c
+++ b/contrib/bind/lib/resolv/res_debug.c
@@ -95,7 +95,7 @@
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_debug.c	8.1 (Berkeley) 6/4/93";
-static const char rcsid[] = "$Id: res_debug.c,v 8.45 2001/12/19 12:05:56 marka Exp $";
+static const char rcsid[] = "$Id: res_debug.c,v 8.46 2002/05/21 01:57:45 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include "port_before.h"
@@ -683,12 +683,10 @@ precsize_ntoa(prec)
 
 /* converts ascii size/precision X * 10**Y(cm) to 0xXY.  moves pointer. */
 static u_int8_t
-precsize_aton(strptr)
-	char **strptr;
-{
+precsize_aton(const char **strptr) {
 	unsigned int mval = 0, cmval = 0;
 	u_int8_t retval = 0;
-	char *cp;
+	const char *cp;
 	int exponent;
 	int mantissa;
 
@@ -725,11 +723,8 @@ precsize_aton(strptr)
 
 /* converts ascii lat/lon to unsigned encoded 32-bit number.  moves pointer. */
 static u_int32_t
-latlon2ul(latlonstrptr,which)
-	char **latlonstrptr;
-	int *which;
-{
-	char *cp;
+latlon2ul(const char **latlonstrptr, int *which) {
+	const char *cp;
 	u_int32_t retval;
 	int deg = 0, min = 0, secs = 0, secsfrac = 0;
 
diff --git a/contrib/bind/lib/resolv/res_init.c b/contrib/bind/lib/resolv/res_init.c
index 8dc72f4682ff..9f99d14fbc9f 100644
--- a/contrib/bind/lib/resolv/res_init.c
+++ b/contrib/bind/lib/resolv/res_init.c
@@ -70,7 +70,7 @@
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_init.c	8.1 (Berkeley) 6/7/93";
-static const char rcsid[] = "$Id: res_init.c,v 8.28 2002/01/30 01:07:35 marka Exp $";
+static const char rcsid[] = "$Id: res_init.c,v 8.29 2002/05/31 06:05:31 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include "port_before.h"
@@ -194,7 +194,8 @@ __res_vinit(res_state statp, int preinit) {
 	if (statp->_u._ext.ext != NULL) {
 	        memset(statp->_u._ext.ext, 0, sizeof(*statp->_u._ext.ext));
 		statp->_u._ext.ext->nsaddrs[0].sin = statp->nsaddr;
-		strcpy(statp->_u._ext.ext->nsuffix, "ip6.int");
+		strcpy(statp->_u._ext.ext->nsuffix, "ip6.arpa");
+		strcpy(statp->_u._ext.ext->nsuffix2, "ip6.int");
 		strcpy(statp->_u._ext.ext->bsuffix, "ip6.arpa");
 	}
 #ifdef RESOLVSORT
@@ -520,6 +521,14 @@ res_setoptions(res_state statp, const char *options, const char *source)
 			strncpy(ext->nsuffix, cp, i);
 			ext->nsuffix[i] = '\0';
 		}
+		else if (!strncmp(cp, "nibble2:", sizeof("nibble2:") - 1)) {
+			if (ext == NULL)
+				goto skip;
+			cp += sizeof("nibble2:") - 1;
+			i = MIN(strcspn(cp, " \t"), sizeof(ext->nsuffix2) - 1);
+			strncpy(ext->nsuffix2, cp, i);
+			ext->nsuffix2[i] = '\0';
+		}
 		else if (!strncmp(cp, "bitstring:", sizeof("bitstring:") - 1)) {
 			if (ext == NULL)
 				goto skip;
@@ -530,16 +539,12 @@ res_setoptions(res_state statp, const char *options, const char *source)
 		}
 		else if (!strncmp(cp, "v6revmode:", sizeof("v6revmode:") - 1)) {
 			cp += sizeof("v6revmode:") - 1;
-			if (!strncmp(cp, "nibble", sizeof("nibble") - 1)) {
-				statp->options &= ~RES_NO_NIBBLE;
-				statp->options |= RES_NO_BITSTRING;
-			} else if (!strncmp(cp, "bitstring",
-				    sizeof("bitstring") - 1)) {
-				statp->options |= RES_NO_NIBBLE;
-				statp->options &= ~RES_NO_BITSTRING;
+			/* "nibble" and "bitstring" used to be valid */
+			if (!strncmp(cp, "single", sizeof("single") - 1)) {
+				statp->options |= RES_NO_NIBBLE2;
 			} else if (!strncmp(cp, "both", sizeof("both") - 1)) {
 				statp->options &=
-					 ~(RES_NO_NIBBLE|RES_NO_BITSTRING);
+					 ~RES_NO_NIBBLE2;
 			}
 		}
 		else {
@@ -613,6 +618,13 @@ const char *
 res_get_nibblesuffix(res_state statp) {
 	if (statp->_u._ext.ext)
 		return (statp->_u._ext.ext->nsuffix);
+	return ("ip6.arpa");
+}
+
+const char *
+res_get_nibblesuffix2(res_state statp) {
+	if (statp->_u._ext.ext)
+		return (statp->_u._ext.ext->nsuffix2);
 	return ("ip6.int");
 }
 
diff --git a/contrib/bind/lib/resolv/res_private.h b/contrib/bind/lib/resolv/res_private.h
index 2c7fa5e2a8ec..ec9b384b9116 100644
--- a/contrib/bind/lib/resolv/res_private.h
+++ b/contrib/bind/lib/resolv/res_private.h
@@ -12,6 +12,7 @@ struct __res_state_ext {
 	} sort_list[MAXRESOLVSORT];
 	char nsuffix[64];
 	char bsuffix[64];
+	char nsuffix2[64];
 };
 
 extern int
diff --git a/contrib/bind/port/freebsd/Makefile.set b/contrib/bind/port/freebsd/Makefile.set
index acf7a563053f..0cf3c39104f6 100644
--- a/contrib/bind/port/freebsd/Makefile.set
+++ b/contrib/bind/port/freebsd/Makefile.set
@@ -1,5 +1,5 @@
 'CC=cc'
-'CDEBUG=-O2 -g -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -DMEMCLUSTER_RECORD=1'
+'CDEBUG=-O2 -g -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat'
 'DESTBIN=/usr/bin'
 'DESTSBIN=/usr/sbin'
 'DESTEXEC=/usr/libexec'
@@ -9,7 +9,8 @@
 'DESTRUN=/var/run'
 'LEX=lex -I'
 'YACC=yacc -d'
-'SYSLIBS=-ll -lutil'
+'SYSLIBS=-lutil'
+'LIBL=-ll'
 'INSTALL=install'
 'MANDIR=cat'
 'MANROFF=(tbl|nroff -man)'
diff --git a/contrib/bind/port/freebsd/include/port_before.h b/contrib/bind/port/freebsd/include/port_before.h
index fe20b2a689bc..5da974b1e3e9 100644
--- a/contrib/bind/port/freebsd/include/port_before.h
+++ b/contrib/bind/port/freebsd/include/port_before.h
@@ -15,6 +15,7 @@
 #define SETPWENT_VOID
 #endif
 
+#include 
 #include 
 
 #define GROUP_R_RETURN struct group *
@@ -26,8 +27,13 @@
 #define GROUP_R_ENT_ARGS void
 #define GROUP_R_OK gptr
 #define GROUP_R_BAD NULL
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 500030
+#define GETGROUPLIST_ARGS const char *name, gid_t basegid, gid_t *groups, \
+			  int *ngroups
+#else
 #define GETGROUPLIST_ARGS const char *name, int basegid, int *groups, \
 			  int *ngroups
+#endif
 
 #define HOST_R_RETURN struct hostent *
 #define HOST_R_SET_RETURN void