diff --git a/contrib/bind/CHANGES b/contrib/bind/CHANGES index 768e6019b1ba..25ea08f4d5b6 100644 --- a/contrib/bind/CHANGES +++ b/contrib/bind/CHANGES @@ -1,4 +1,116 @@ + --- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002) + +1301. [func] log attempts to exploit #1300. + +1300. [bug] Remote buffer overrun. + +1299. [func] Log to xfer-in when a named-xfer fails and one of + the masters returned REFUSED. + +1298. [bug] named could leak a OPT record when returning a + negative response. + +1297. [func] 'ndc restart' will now attempt to preserve the + arguments named was started with. + Use 'ndc restart --' to clear the arguements. + Use 'ndc restart ' to restart named + with a alternate set of arguements. + +1296. [bug] delay setting need_restart until the response to + ndc exec has been sent. + +1295. [func] new ndc command 'args'. returns the arguements that + named was started with %xx escaped. + +1294. [bug] #1272 broke linkage for those OS's using -lfl (flex). + Move -ll/-lfl to LIBL for all platforms. + + --- 8.3.2-REL released --- (Mon Jun 17 20:24:32 PDT 2002) + +1293. [doc] update man pages for 'dig', 'dnsquery' and 'host' + to reflect IPv6 capabilities (nslookup and nsupdate + were already IPv4/IPv6 agnostic). + +1292. [func] host: the default lookups now also include AAAA + records. + +1291. [func] 'dig -x ' now works. + +1290. [bug] 'dig @server' fail to report the IPv6 address of the + server in error messages. + +1289. [contrib] normalize_zone now handles $TTL. + +1288. [bug] named: -t and -w could not be used together. + +1287. [func] report serial(s) in out going transfer operation. + + --- 8.3.2-RC1 released --- (Thu May 30 23:06:11 PDT 2002) + +1286. [func] libbind: no longer attempts bit string labels for + IPv6 reverse resolution. Try IP6.ARPA then IP6.INT + for nibble style resolution. + +1285. [port] linux: ss_family vs __ss_family in sockaddr_storage. + +1284. [port] freebsd: 5.0 uses gid_t rather that int for + GETGROUPLIST_ARGS + +1283. [port] bsdi: 4.2 also has struct sockaddr_storage. + +1282. [bug] nslookup was using inet_ntoa() to print out a IPv6 + address. + +1281. [bug] escape '(' and ')' when coverting to presentation + form. + +1280. [func] server { edns yes_or_no; } is now supported. + +1279. [bug] nslookup: partial coversion to similar style outputs + for both -type=aaaa and -type=a. + +1278. [bug] free() of non-malloced memory in nslookup. + +1277. [port] cast all instances of yytext in commands.l to (char*) + to silence compilers on OS's where lex declares it + as (unsigned char *). + +1276. [port] hpux 11.22: ansify GetAnswer in getinfo.c to + silence compiler. + +1275. [bug] bad declaration of si in tsig_key_from_addr(). + +1274. [port] hpux 11.22: ansify hexstring() and display() in + addr.c to silence compiler. + +1273. [bug] const pointer conficts in res_debug.c. + +1272. [port] hpux 11.22: don't link against -ll unless required. + +1272. [bug] main_need_num was not last entry in enum. + main_need_tick nolonger required. + +1271. [port] hpux: treat all hpux systems as BIG_ENDIAN, don't + include . + +1270. [port] hpux 11.22 namespace clash DATASIZE -> BIND_DATASIZE. + +1269. [port] hpux 11.11 interface scaning. + +1268. [port] solaris: 64 bit binary compatability. + +1267. [bug] aix4: missing IN6_IS_ADDR_V4COMPAT macro. + +1266. [bug] If you are using TSIG #1261 introduced the potential + of a infinite loop. + +1265. [bug] nslookup failed on platforms that don't have BSD 43 + style sockets. + +1264. [bug] LINK_INIT and UNLINK were not compatible with + C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. + --- 8.3.2-T1B released --- (Tue May 7 18:49:58 PDT 2002) 1263. [bug] gethostans() could get out of sync parsing the diff --git a/contrib/bind/README b/contrib/bind/README index 344a3ef7abac..a8a52ecadfe8 100644 --- a/contrib/bind/README +++ b/contrib/bind/README @@ -10,6 +10,11 @@ artifacts including BIND, INN, and DHCP. Note that BIND 8 is in "end-of-life", having been replaced by BIND 9. See http://www.isc.org/ for more details. +BIND 8.3.3 Highlights + Security Fix libbind. All applications linked against libbind + need to relinked. + 'rndc restart' now preserves named's arguements + BIND 8.3.2 Highlights dig, nslookup, host and nsupdate have improved IPv6 support. diff --git a/contrib/bind/Version b/contrib/bind/Version index 96227ce054ad..e99a6add5fbb 100644 --- a/contrib/bind/Version +++ b/contrib/bind/Version @@ -1 +1 @@ -8.3.2-T1B +8.3.3-REL diff --git a/contrib/bind/bin/addr/addr.c b/contrib/bind/bin/addr/addr.c index a6933918c867..ae48ea52fa00 100644 --- a/contrib/bind/bin/addr/addr.c +++ b/contrib/bind/bin/addr/addr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: addr.c,v 8.8 1999/10/13 16:38:55 vixie Exp $"; +static const char rcsid[] = "$Id: addr.c,v 8.9 2002/05/21 02:26:21 marka Exp $"; #endif /* not lint */ /* @@ -47,11 +47,7 @@ usage() { /* Warning: this scribbles on `dst' even if it's going to return `0'. */ static int -hexstring(src, dst, len) - const char *src; - u_char *dst; - int len; -{ +hexstring(const char *src, u_char *dst, int len) { static const char xdigits[] = "0123456789abcdef"; u_char *ptr = dst, *end = dst + len; u_int val; @@ -100,12 +96,7 @@ hexstring(src, dst, len) } static void -display(input, af, addr, len) - const char *input; - int af; - const u_char *addr; - int len; -{ +display(const char *input, int af, const u_char *addr, int len) { static int before = 0; char p[sizeof "xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255"]; int i; diff --git a/contrib/bind/bin/dig/dig.c b/contrib/bind/bin/dig/dig.c index 20542582f855..5bb6e7aee06c 100644 --- a/contrib/bind/bin/dig/dig.c +++ b/contrib/bind/bin/dig/dig.c @@ -1,5 +1,5 @@ #ifndef lint -static const char rcsid[] = "$Id: dig.c,v 8.54 2002/04/24 00:38:08 marka Exp $"; +static const char rcsid[] = "$Id: dig.c,v 8.57 2002/06/18 02:26:49 marka Exp $"; #endif /* @@ -245,6 +245,7 @@ static int print_axfr(FILE *output, const u_char *msg, static struct timeval difftv(struct timeval, struct timeval); static void prnttime(struct timeval); static void stackarg(char *, char **); +static void reverse6(char *, struct in6_addr *); /* Public. */ @@ -289,6 +290,8 @@ main(int argc, char **argv) { int wait=0, delay; int envset=0, envsave=0; struct __res_state res_x, res_t; + int r; + struct in6_addr in6; ns_tsig_key key; char *keyfile = NULL, *keyname = NULL; @@ -494,6 +497,11 @@ main(int argc, char **argv) { printf("; no arg for -x?\n"); break; } + r = inet_pton(AF_INET6, addrc, &in6); + if (r > 0) { + reverse6(domain, &in6); + break; + } addrend = addrc + strlen(addrc); if (*addrend == '.') *addrend = '\0'; @@ -813,7 +821,7 @@ main(int argc, char **argv) { buf, sizeof(buf)); break; case AF_INET6: - inet_ntop(AF_INET, + inet_ntop(AF_INET6, &u[0].sin6.sin6_addr, buf, sizeof(buf)); break; @@ -1030,7 +1038,7 @@ where: server,\n\ fputs("\ notes: defname and search don't work; use fully-qualified names.\n\ this is DiG version " VSTRING "\n\ - $Id: dig.c,v 8.54 2002/04/24 00:38:08 marka Exp $\n\ + $Id: dig.c,v 8.57 2002/06/18 02:26:49 marka Exp $\n\ ", stderr); } @@ -1775,3 +1783,24 @@ stackarg(char *l, char **y) { } } } + +static void +reverse6(char *domain, struct in6_addr *in6) { + sprintf(domain, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa", + in6->s6_addr[15] & 0x0f, (in6->s6_addr[15] >> 4) & 0x0f, + in6->s6_addr[14] & 0x0f, (in6->s6_addr[14] >> 4) & 0x0f, + in6->s6_addr[13] & 0x0f, (in6->s6_addr[13] >> 4) & 0x0f, + in6->s6_addr[12] & 0x0f, (in6->s6_addr[12] >> 4) & 0x0f, + in6->s6_addr[11] & 0x0f, (in6->s6_addr[11] >> 4) & 0x0f, + in6->s6_addr[10] & 0x0f, (in6->s6_addr[10] >> 4) & 0x0f, + in6->s6_addr[9] & 0x0f, (in6->s6_addr[9] >> 4) & 0x0f, + in6->s6_addr[8] & 0x0f, (in6->s6_addr[8] >> 4) & 0x0f, + in6->s6_addr[7] & 0x0f, (in6->s6_addr[7] >> 4) & 0x0f, + in6->s6_addr[6] & 0x0f, (in6->s6_addr[6] >> 4) & 0x0f, + in6->s6_addr[5] & 0x0f, (in6->s6_addr[5] >> 4) & 0x0f, + in6->s6_addr[4] & 0x0f, (in6->s6_addr[4] >> 4) & 0x0f, + in6->s6_addr[6] & 0x0f, (in6->s6_addr[3] >> 4) & 0x0f, + in6->s6_addr[2] & 0x0f, (in6->s6_addr[2] >> 4) & 0x0f, + in6->s6_addr[1] & 0x0f, (in6->s6_addr[1] >> 4) & 0x0f, + in6->s6_addr[0] & 0x0f, (in6->s6_addr[0] >> 4) & 0x0f); +} diff --git a/contrib/bind/bin/host/host.c b/contrib/bind/bin/host/host.c index 84b36218af0a..5bac200670e5 100644 --- a/contrib/bind/bin/host/host.c +++ b/contrib/bind/bin/host/host.c @@ -1,5 +1,5 @@ #ifndef lint -static const char rcsid[] = "$Id: host.c,v 8.52 2002/04/28 01:34:52 marka Exp $"; +static const char rcsid[] = "$Id: host.c,v 8.53 2002/06/18 02:34:02 marka Exp $"; #endif /* not lint */ /* @@ -675,7 +675,7 @@ gethostinfo(char *name) { static int getdomaininfo(const char *name, const char *domain) { - int val1, val2; + int val1, val2, val3; if (querytype) return (getinfo(name, domain, gettype=querytype)); @@ -683,8 +683,9 @@ getdomaininfo(const char *name, const char *domain) { val1 = getinfo(name, domain, gettype=ns_t_a); if (cname || verbose) return (val1); - val2 = getinfo(name, domain, gettype=ns_t_mx); - return (val1 || val2); + val2 = getinfo(name, domain, gettype=ns_t_aaaa); + val3 = getinfo(name, domain, gettype=ns_t_mx); + return (val1 || val2 || val3); } } @@ -1582,6 +1583,7 @@ static const char * pr_type(int type) { if (!verbose) switch (type) { case ns_t_a: + case ns_t_aaaa: return ("has address"); case ns_t_cname: return ("is a nickname for"); diff --git a/contrib/bind/bin/named/db_defs.h b/contrib/bind/bin/named/db_defs.h index 72aa19fa1874..68869f023cb7 100644 --- a/contrib/bind/bin/named/db_defs.h +++ b/contrib/bind/bin/named/db_defs.h @@ -1,6 +1,6 @@ /* * from db.h 4.16 (Berkeley) 6/1/90 - * $Id: db_defs.h,v 8.46 2001/11/17 15:16:46 marka Exp $ + * $Id: db_defs.h,v 8.47 2002/05/18 01:02:53 marka Exp $ */ /* @@ -147,7 +147,7 @@ struct databuf { u_int16_t d_nstime; /* NS response time, milliseconds */ u_char d_data[sizeof(void*)]; /* dynamic (padded) */ }; -#define DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) +#define BIND_DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) #ifdef HITCOUNTS extern u_int32_t db_total_hits; diff --git a/contrib/bind/bin/named/db_glue.c b/contrib/bind/bin/named/db_glue.c index e984db11ee4c..2e966f5cea95 100644 --- a/contrib/bind/bin/named/db_glue.c +++ b/contrib/bind/bin/named/db_glue.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)db_glue.c 4.4 (Berkeley) 6/1/90"; -static const char rcsid[] = "$Id: db_glue.c,v 8.46 2001/11/25 23:52:19 marka Exp $"; +static const char rcsid[] = "$Id: db_glue.c,v 8.47 2002/05/18 01:02:54 marka Exp $"; #endif /* not lint */ /* @@ -441,7 +441,7 @@ nhash(const char *name) { static void db_freedata(struct databuf *dp) { - int bytes = DATASIZE(dp->d_size); + int bytes = BIND_DATASIZE(dp->d_size); if (dp->d_rcnt != 0) panic("db_freedata: d_rcnt != 0", NULL); diff --git a/contrib/bind/bin/named/db_save.c b/contrib/bind/bin/named/db_save.c index 2153e04a327a..a8f4d2a0db84 100644 --- a/contrib/bind/bin/named/db_save.c +++ b/contrib/bind/bin/named/db_save.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)db_save.c 4.16 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: db_save.c,v 8.29 2001/04/25 13:53:09 marka Exp $"; +static const char rcsid[] = "$Id: db_save.c,v 8.30 2002/05/18 01:02:56 marka Exp $"; #endif /* not lint */ /* @@ -137,7 +137,7 @@ savedata(class, type, ttl, data, size) int size; { struct databuf *dp; - int bytes = DATASIZE(size); + int bytes = BIND_DATASIZE(size); dp = (struct databuf *)memget(bytes); if (dp == NULL) diff --git a/contrib/bind/bin/named/db_tsig.c b/contrib/bind/bin/named/db_tsig.c index 5f7b670e56f5..9bdba0eaefaa 100644 --- a/contrib/bind/bin/named/db_tsig.c +++ b/contrib/bind/bin/named/db_tsig.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: db_tsig.c,v 8.7 2001/06/18 14:42:59 marka Exp $"; +static const char rcsid[] = "$Id: db_tsig.c,v 8.8 2002/05/21 02:34:32 marka Exp $"; #endif /* not lint */ /* @@ -129,7 +129,7 @@ tsig_alg_value(char *name) { DST_KEY * tsig_key_from_addr(struct in_addr addr) { - server_info si = si = find_server(addr); + server_info si = find_server(addr); if (si == NULL || si->key_list == NULL || si->key_list->first == NULL) return(NULL); return(si->key_list->first->key); diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf index d0d2996aac5e..7d8169588744 100644 --- a/contrib/bind/bin/named/named.conf +++ b/contrib/bind/bin/named/named.conf @@ -267,6 +267,8 @@ zone "non-default-acl.demo.zone" { acl key_acl { key sample_key; }; // a request signed with sample_key server 1.2.3.4 { + edns no; // if no, we won't send ends queries + // to this server bogus no; // if yes, we won't query or listen // to this server transfer-format one-answer; // set transfer format for this diff --git a/contrib/bind/bin/named/ns_config.c b/contrib/bind/bin/named/ns_config.c index 1680d91543bc..ad4de85d92f1 100644 --- a/contrib/bind/bin/named/ns_config.c +++ b/contrib/bind/bin/named/ns_config.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_config.c,v 8.134 2002/04/25 05:27:04 marka Exp $"; +static const char rcsid[] = "$Id: ns_config.c,v 8.135 2002/05/24 03:04:59 marka Exp $"; #endif /* not lint */ /* @@ -2549,6 +2549,7 @@ new_server(struct in_addr address) { si->flags |= SERVER_INFO_SUPPORT_IXFR; else si->flags &= ~SERVER_INFO_SUPPORT_IXFR; + si->flags |= SERVER_INFO_EDNS; return (si); } @@ -2649,6 +2650,7 @@ set_server_option(server_config sc, int bool_opt, int value) { switch (bool_opt) { case SERVER_INFO_BOGUS: case SERVER_INFO_SUPPORT_IXFR: + case SERVER_INFO_EDNS: if (value) si->flags |= bool_opt; else diff --git a/contrib/bind/bin/named/ns_ctl.c b/contrib/bind/bin/named/ns_ctl.c index ee77634d6569..c8fc907153d7 100644 --- a/contrib/bind/bin/named/ns_ctl.c +++ b/contrib/bind/bin/named/ns_ctl.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ctl.c,v 8.46 2001/12/19 11:53:48 marka Exp $"; +static const char rcsid[] = "$Id: ns_ctl.c,v 8.47 2002/06/24 07:11:07 marka Exp $"; #endif /* not lint */ /* @@ -112,6 +112,8 @@ static void verb_stop(struct ctl_sctx *, struct ctl_sess *, static void verb_exec(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); +static void exec_closure(struct ctl_sctx *, struct ctl_sess *, + void *); static void verb_reload(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); @@ -141,6 +143,9 @@ static void verb_help(struct ctl_sctx *, struct ctl_sess *, static void verb_quit(struct ctl_sctx *, struct ctl_sess *, const struct ctl_verb *, const char *, u_int, const void *, void *); +static void verb_args(struct ctl_sctx *, struct ctl_sess *, + const struct ctl_verb *, + const char *, u_int, const void *, void *); /* Private data. */ @@ -162,6 +167,7 @@ static struct ctl_verb verbs[] = { { "qrylog", verb_querylog, "qrylog"}, { "help", verb_help, "help"}, { "quit", verb_quit, "quit"}, + { "args", verb_args, "args"}, { NULL, NULL, NULL} }; @@ -794,13 +800,25 @@ verb_exec(struct ctl_sctx *ctl, struct ctl_sess *sess, saved_argv[0], save); ctl_response(sess, 502, save, 0, NULL, NULL, NULL, NULL, 0); + } else if (user_name != NULL || group_name != NULL) { + ctl_response(sess, 502, + "can't exec as user or group was specified", + 0, NULL, NULL, NULL, NULL, 0); } else { - ns_need(main_need_restart); ctl_response(sess, 250, "Restart initiated.", 0, NULL, - NULL, NULL, NULL, 0); + exec_closure, NULL, NULL, 0); } } +static void +exec_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { + + UNUSED(sctx); + UNUSED(sess); + UNUSED(uap); + ns_need(main_need_restart); +} + static void verb_reload(struct ctl_sctx *ctl, struct ctl_sess *sess, const struct ctl_verb *verb, const char *rest, @@ -1049,3 +1067,81 @@ verb_quit(struct ctl_sctx *ctl, struct ctl_sess *sess, ctl_response(sess, 221, "End of control session.", CTL_EXIT, NULL, NULL, NULL, NULL, 0); } + +static char hex[] = "0123456789abcdef"; + +struct pvt_args { + int argc; + char text[MAX_STR_LEN]; +}; + +static void +args_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { + struct pvt_args *pvt = ctl_getcsctx(sess); + + UNUSED(sctx); + UNUSED(uap); + + memput(pvt, sizeof *pvt); + ctl_setcsctx(sess, NULL); +} + +static void +verb_args(struct ctl_sctx *ctl, struct ctl_sess *sess, + const struct ctl_verb *verb, const char *rest, + u_int respflags, const void *respctx, void *uctx) +{ + struct pvt_args *pvt = ctl_getcsctx(sess); + char *cp, *tp; + + UNUSED(ctl); + UNUSED(verb); + UNUSED(rest); + UNUSED(respflags); + UNUSED(respctx); + UNUSED(uctx); + + if (pvt == NULL) { + unsigned int i = 0; + pvt = memget(sizeof *pvt); + if (pvt == NULL) { + ctl_response(sess, 505, "(out of memory)", + 0, NULL, NULL, NULL, NULL, 0); + return; + } + pvt->argc = 0; + ctl_setcsctx(sess, pvt); + + /* Send the arguement count. */ + while (saved_argv[i] != NULL) + i++; + sprintf(pvt->text, "%u", i); + ctl_response(sess, 250, pvt->text, CTL_MORE, + NULL, args_closure, NULL, NULL, 0); + return; + } + + /* + * Percent escape arguement. + */ + cp = saved_argv[pvt->argc++]; + tp = pvt->text; + while (cp && *cp != NULL) + if (*cp == '%' || *cp == ' ' || + !isprint((unsigned char)*cp)) { + if (tp >= pvt->text + sizeof(pvt->text) - 4) + break; + *tp++ = '%'; + *tp++ = hex[(*cp>>4)&0xf]; + *tp++ = hex[(*cp++)&0xf]; + } else { + if (tp >= pvt->text + sizeof(pvt->text) - 2) + break; + *tp++ = *cp++; + } + *tp = '\0'; + + ctl_response(sess, 250, pvt->text, + saved_argv[pvt->argc] == NULL ? 0 : CTL_MORE, + NULL, args_closure, NULL, NULL, 0); +} diff --git a/contrib/bind/bin/named/ns_defs.h b/contrib/bind/bin/named/ns_defs.h index 347455011b0c..f8bb976a2faf 100644 --- a/contrib/bind/bin/named/ns_defs.h +++ b/contrib/bind/bin/named/ns_defs.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_defs.h,v 8.118 2002/04/25 05:27:06 marka Exp $ + * $Id: ns_defs.h,v 8.121 2002/06/26 03:27:19 marka Exp $ */ /* @@ -172,9 +172,8 @@ typedef enum need { main_need_restart, /* exec() needed. */ main_need_reap, /* need to reap dead children. */ main_need_noexpired, /* ns_reconfig() needed w/ noexpired set. */ - main_need_num, /* number of needs, used for array bound. */ - main_need_tick, /* tick every second to poll for cleanup (NT) */ - main_need_tryxfer /* attemt to start a zone transfer. */ + main_need_tryxfer, /* attemt to start a zone transfer. */ + main_need_num /* MUST BE LAST. */ } main_need; /* What global options are set? */ @@ -438,6 +437,7 @@ enum zonetype { z_nil, z_master, z_slave, z_hint, z_stub, z_forward, #define XFER_SUCCESSAXFR 4 /* named-xfr recived a xfr */ #define XFER_SUCCESSIXFR 5 /* named-xfr recived a ixfr */ #define XFER_SUCCESSAXFRIXFRFILE 6 /* named-xfr received AXFR for IXFR */ +#define XFER_REFUSED 7 /* one master returned REFUSED */ #define XFER_ISAXFR -1 /* the last XFR is AXFR */ #define XFER_ISIXFR -2 /* the last XFR is IXFR */ #define XFER_ISAXFRIXFR -3 /* the last XFR is AXFR but we must create IXFR base */ @@ -835,6 +835,7 @@ typedef struct server_config { #define SERVER_INFO_BOGUS 0x01 #define SERVER_INFO_SUPPORT_IXFR 0x02 +#define SERVER_INFO_EDNS 0x04 typedef struct server_info { struct in_addr address; diff --git a/contrib/bind/bin/named/ns_forw.c b/contrib/bind/bin/named/ns_forw.c index 494a96a8177c..746257b0f33a 100644 --- a/contrib/bind/bin/named/ns_forw.c +++ b/contrib/bind/bin/named/ns_forw.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_forw.c 4.32 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_forw.c,v 8.90 2002/02/22 05:12:35 marka Exp $"; +static const char rcsid[] = "$Id: ns_forw.c,v 8.91 2002/05/24 03:04:57 marka Exp $"; #endif /* not lint */ /* @@ -612,6 +612,11 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, qs->nsdata = dp; qs->forwarder = 0; qs->noedns = dp->d_noedns; + if (!qs->noedns) { + server_info si = find_server(nsa); + if (si && (si->flags & SERVER_INFO_EDNS) == 0) + qs->noedns = 1; + } qs->nretry = 0; /* * If this A RR has no RTT, initialize its RTT to a @@ -1285,6 +1290,11 @@ nsfwdadd(struct qinfo *qp, struct fwdinfo *fwd) { qs->nsdata = fwd->fwddata->nsdata; qs->forwarder = 1; qs->noedns = fwd->fwddata->nsdata->d_noedns; + if (!qs->noedns) { + server_info si = find_server(qs->ns_addr.sin_addr); + if (si && (si->flags & SERVER_INFO_EDNS) == 0) + qs->noedns = 1; + } qs->nretry = 0; n++; nextfwd: diff --git a/contrib/bind/bin/named/ns_glob.h b/contrib/bind/bin/named/ns_glob.h index 7f382d5ee499..8f052f5d83a3 100644 --- a/contrib/bind/bin/named/ns_glob.h +++ b/contrib/bind/bin/named/ns_glob.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_glob.h,v 8.57 2001/11/12 21:22:26 marka Exp $ + * $Id: ns_glob.h,v 8.58 2002/06/05 04:53:50 marka Exp $ */ /* @@ -336,6 +336,7 @@ DECL char * user_name INIT(NULL); DECL gid_t group_id; DECL char * group_name INIT(NULL); DECL char * chroot_dir INIT(NULL); +DECL char * working_dir INIT(NULL); DECL int loading INIT(0); diff --git a/contrib/bind/bin/named/ns_ixfr.c b/contrib/bind/bin/named/ns_ixfr.c index f14019e776f0..0492bc0e20bf 100644 --- a/contrib/bind/bin/named/ns_ixfr.c +++ b/contrib/bind/bin/named/ns_ixfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ixfr.c,v 8.31 2002/01/02 05:15:20 marka Exp $"; +static const char rcsid[] = "$Id: ns_ixfr.c,v 8.32 2002/05/18 01:02:57 marka Exp $"; #endif /* not lint */ /* @@ -201,10 +201,10 @@ sx_send_ixfr(struct qstream *qsp) { ns_panic(ns_log_update, 1, "sx_send_ixfr: unable to locate soa"); } - old_soadp = memget(DATASIZE(soa_dp->d_size)); + old_soadp = memget(BIND_DATASIZE(soa_dp->d_size)); if (old_soadp == NULL) ns_panic(ns_log_update, 1, "sx_send_ixfr: out of memory"); - memcpy(old_soadp, soa_dp, DATASIZE(soa_dp->d_size)); + memcpy(old_soadp, soa_dp, BIND_DATASIZE(soa_dp->d_size)); again: switch (qsp->xfr.state) { @@ -383,7 +383,7 @@ sx_send_ixfr(struct qstream *qsp) { qsp->xfr.top.ixfr = NULL; } cleanup: - memput(old_soadp, DATASIZE(old_soadp->d_size)); + memput(old_soadp, BIND_DATASIZE(old_soadp->d_size)); } diff --git a/contrib/bind/bin/named/ns_lexer.c b/contrib/bind/bin/named/ns_lexer.c index b10219ada4f1..b8271625d717 100644 --- a/contrib/bind/bin/named/ns_lexer.c +++ b/contrib/bind/bin/named/ns_lexer.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_lexer.c,v 8.30 2002/04/25 05:27:08 marka Exp $"; +static const char rcsid[] = "$Id: ns_lexer.c,v 8.31 2002/05/24 03:05:03 marka Exp $"; #endif /* not lint */ /* @@ -251,6 +251,7 @@ static struct keyword keywords[] = { {"directory", T_DIRECTORY}, {"dump-file", T_DUMP_FILE}, {"dynamic", T_DYNAMIC}, + {"edns", T_EDNS}, {"explicit", T_EXPLICIT}, {"fail", T_FAIL}, {"fake-iquery", T_FAKE_IQUERY}, diff --git a/contrib/bind/bin/named/ns_main.c b/contrib/bind/bin/named/ns_main.c index d8393879448c..f12f2852f089 100644 --- a/contrib/bind/bin/named/ns_main.c +++ b/contrib/bind/bin/named/ns_main.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_main.c,v 8.157 2002/04/13 23:26:16 marka Exp $"; +static const char rcsid[] = "$Id: ns_main.c,v 8.160 2002/06/24 07:06:55 marka Exp $"; #endif /* not lint */ /* @@ -99,8 +99,10 @@ char copyright[] = #ifdef SVR4 /* XXX */ # include #else +#ifndef __hpux # include #endif +#endif #include #include @@ -174,7 +176,7 @@ static u_int16_t nsid_c1, nsid_c2, nsid_c3; static u_int16_t nsid_state2; static int nsid_algorithm; -static int needs = 0, needs_exit = 0; +static int needs = 0, needs_exit = 0, needs_restart = 0; static handler handlers[main_need_num]; static void savedg_waitfunc(evContext, void*, const void*); static void need_waitfunc(evContext, void *, const void *); @@ -309,14 +311,7 @@ main(int argc, char *argv[]) { break; case 'w': - if (chdir(optarg) < 0) { - syslog(LOG_CRIT, bad_directory, optarg, - strerror(errno)); - fprintf(stderr, bad_directory, optarg, - strerror(errno)); - fputc('\n', stderr); - exit(1); - } + working_dir = savestr(optarg, 1); break; #ifdef QRYLOG case 'q': @@ -434,6 +429,19 @@ main(int argc, char *argv[]) { chroot_dir = freestr(chroot_dir); #endif } + /* + * Set working directory. + */ + if (working_dir != NULL) { + if (chdir(working_dir) < 0) { + syslog(LOG_CRIT, bad_directory, working_dir, + strerror(errno)); + fprintf(stderr, bad_directory, working_dir, + strerror(errno)); + fputc('\n', stderr); + exit(1); + } + } /* Establish global event context. */ evCreate(&ev); @@ -550,7 +558,10 @@ main(int argc, char *argv[]) { else INSIST_ERR(errno == EINTR); } - ns_info(ns_log_default, "named shutting down"); + if (needs_restart) + ns_info(ns_log_default, "named restarting"); + else + ns_info(ns_log_default, "named shutting down"); #ifdef BIND_UPDATE dynamic_about_to_exit(); #endif @@ -563,8 +574,11 @@ main(int argc, char *argv[]) { else shutdown_configuration(); - /* Cleanup for system-dependent stuff */ - custom_shutdown(); + if (needs_restart) + execvp(saved_argv[0], saved_argv); + else + /* Cleanup for system-dependent stuff */ + custom_shutdown(); return (0); } @@ -2746,6 +2760,9 @@ deallocate_everything(void) { if (chroot_dir != NULL) freestr(chroot_dir); chroot_dir = NULL; + if (working_dir != NULL) + freestr(working_dir); + working_dir = NULL; if (nsid_pool != NULL) memput(nsid_pool, 0x10000 * (sizeof(u_int16_t))); nsid_pool = NULL; @@ -2764,19 +2781,8 @@ deallocate_everything(void) { static void ns_restart(void) { - ns_info(ns_log_default, "named restarting"); -#ifdef BIND_UPDATE - dynamic_about_to_exit(); -#endif - if (server_options && server_options->pid_filename) - (void)unlink(server_options->pid_filename); - ns_logstats(ev, NULL, evNowTime(), evConsTime(0, 0)); - if (NS_OPTION_P(OPTION_DEALLOC_ON_EXIT)) - deallocate_everything(); - else - shutdown_configuration(); - execvp(saved_argv[0], saved_argv); - abort(); + needs_restart = 1; + needs_exit = 1; } static void diff --git a/contrib/bind/bin/named/ns_maint.c b/contrib/bind/bin/named/ns_maint.c index 82df685c7ed4..be4b6f9c53ef 100644 --- a/contrib/bind/bin/named/ns_maint.c +++ b/contrib/bind/bin/named/ns_maint.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: ns_maint.c,v 8.135 2002/04/25 05:27:10 marka Exp $"; +static const char rcsid[] = "$Id: ns_maint.c,v 8.136 2002/06/26 03:27:20 marka Exp $"; #endif /* not lint */ /* @@ -1681,6 +1681,17 @@ endxfer() { sched_zone_maint(zp); break; + case XFER_REFUSED: + if (!(zp->z_flags & Z_SYSLOGGED)) { + zp->z_flags |= Z_SYSLOGGED; + ns_error(ns_log_xfer_in, + "zoneref: Masters for slave zone \"%s\" REFUSED transfer", + zp->z_origin); + } + ns_retrytime(zp, tt.tv_sec); + sched_zone_maint(zp); + break; + default: if (!(zp->z_flags & Z_SYSLOGGED)) { zp->z_flags |= Z_SYSLOGGED; diff --git a/contrib/bind/bin/named/ns_parser.y b/contrib/bind/bin/named/ns_parser.y index 8e6296232dcb..79f34b1adaab 100644 --- a/contrib/bind/bin/named/ns_parser.y +++ b/contrib/bind/bin/named/ns_parser.y @@ -1,6 +1,6 @@ %{ #if !defined(lint) && !defined(SABER) -static char rcsid[] = "$Id: ns_parser.y,v 8.79 2002/04/25 05:27:13 marka Exp $"; +static char rcsid[] = "$Id: ns_parser.y,v 8.80 2002/05/24 03:05:01 marka Exp $"; #endif /* not lint */ /* @@ -191,6 +191,7 @@ int yyparse(); %token T_TRANSFERS %token T_KEYS %token T_SUPPORT_IXFR +%token T_EDNS /* Items used for "zone" statements: */ %token T_ZONE @@ -1268,6 +1269,10 @@ server_info: T_BOGUS yea_or_nay set_server_transfer_format(current_server, $2); } | T_KEYS '{' key_list '}' + | T_EDNS yea_or_nay + { + set_server_option(current_server, SERVER_INFO_EDNS, $2); + } | error ; diff --git a/contrib/bind/bin/named/ns_req.c b/contrib/bind/bin/named/ns_req.c index 1a1d756b1884..6aca04a73e97 100644 --- a/contrib/bind/bin/named/ns_req.c +++ b/contrib/bind/bin/named/ns_req.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_req.c 4.47 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_req.c,v 8.168 2002/04/30 03:43:52 marka Exp $"; +static const char rcsid[] = "$Id: ns_req.c,v 8.169 2002/05/12 23:41:52 marka Exp $"; #endif /* not lint */ /* @@ -560,6 +560,8 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, hp->arcount = htons(0); cp = msg + HFIXEDSZ; cp += ns_skiprr(cp, msg + msglen, ns_s_qd, ntohs(hp->qdcount)); + ns_name_rollback(cp, (const u_char **)dnptrs, + (const u_char **)dnptrs_end); if (opt > 0) { n = ns_add_opt(msg, cp, buflen_orig, 0, rcode, EDNS_MESSAGE_SZ, 0, NULL, 0); diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c index 5be0038fd0b2..91a38694ef4a 100644 --- a/contrib/bind/bin/named/ns_resp.c +++ b/contrib/bind/bin/named/ns_resp.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_resp.c,v 8.176 2002/04/17 07:10:10 marka Exp $"; +static const char rcsid[] = "$Id: ns_resp.c,v 8.178 2002/06/27 03:09:19 marka Exp $"; #endif /* not lint */ /* @@ -288,7 +288,6 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) struct namebuf *np; struct fwdinfo *fwd; struct databuf *dp; - int forcecmsg = 0; char *tname = NULL; int sendto_errno = 0; int has_tsig, oldqlen = 0; @@ -298,6 +297,7 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) u_char sig[TSIG_SIG_SIZE]; time_t tsig_time; DST_KEY *key; + int expect_cname; nameserIncr(from.sin_addr, nssRcvdR); nsp[0] = NULL; @@ -924,6 +924,7 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) } else flushset = NULL; + expect_cname = 1; for (i = 0; i < count; i++) { struct databuf *dp; int type; @@ -955,6 +956,19 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) type = dp->d_type; if (i < ancount) { /* Answer section. */ + /* + * Check for attempts to overflow the buffer in + * getnameanswer. + */ + if (type == ns_t_cname && !expect_cname) { + ns_warning(ns_log_security, + "late CNAME in answer section for %s %s from %s", + *qname ? qname : ".", p_type(qtype), + sin_ntoa(from)); + + } else if (type != ns_t_cname && type != ns_t_dname && + type != ns_t_sig) + expect_cname = 0; if (externalcname || ns_samename(name, aname) != 1) { if (!externalcname) ns_info(ns_log_resp_checks, @@ -1220,12 +1234,11 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) cache_n_resp(msg, msglen, from, qp->q_name, qp->q_class, qp->q_type); - if (!qp->q_cmsglen) { + if (!qp->q_cmsglen && validanswer) { ns_debug(ns_log_default, 3, "resp: leaving NO: auth = %d", hp->aa); goto return_msg; } - forcecmsg = 1; } /* diff --git a/contrib/bind/bin/named/ns_signal.c b/contrib/bind/bin/named/ns_signal.c index 0820bfae9c34..a8a957d57757 100644 --- a/contrib/bind/bin/named/ns_signal.c +++ b/contrib/bind/bin/named/ns_signal.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_signal.c,v 8.14 2001/06/18 14:43:25 marka Exp $"; +static const char rcsid[] = "$Id: ns_signal.c,v 8.15 2002/05/18 01:39:15 marka Exp $"; #endif /* not lint */ /* @@ -87,8 +87,10 @@ static const char rcsid[] = "$Id: ns_signal.c,v 8.14 2001/06/18 14:43:25 marka E #ifdef SVR4 /* XXX */ # include #else +#ifndef __hpux # include #endif +#endif #include #include diff --git a/contrib/bind/bin/named/ns_update.c b/contrib/bind/bin/named/ns_update.c index 774bd2c96567..b2b5b9680ded 100644 --- a/contrib/bind/bin/named/ns_update.c +++ b/contrib/bind/bin/named/ns_update.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_update.c,v 8.103 2002/01/03 00:25:02 marka Exp $"; +static const char rcsid[] = "$Id: ns_update.c,v 8.104 2002/05/18 01:02:59 marka Exp $"; #endif /* not lint */ /* @@ -3010,9 +3010,9 @@ incr_serial(struct zoneinfo *zp) { return (-1); dp = findzonesoa(zp); if (dp) { - olddp = memget(DATASIZE(dp->d_size)); + olddp = memget(BIND_DATASIZE(dp->d_size)); if (olddp != NULL) { - memcpy(olddp, dp, DATASIZE(dp->d_size)); + memcpy(olddp, dp, BIND_DATASIZE(dp->d_size)); cp = findsoaserial(olddp->d_data); PUTLONG(old_serial, cp); fprintf(ifp, "update: {delete} %s. %u %s %s ", @@ -3021,7 +3021,7 @@ incr_serial(struct zoneinfo *zp) { p_type(dp->d_type)); (void) rdata_dump(olddp, ifp); fprintf(ifp, "\n"); - memput(olddp, DATASIZE(dp->d_size)); + memput(olddp, BIND_DATASIZE(dp->d_size)); } fprintf(ifp, "update: {add} %s. %u %s %s ", zp->z_origin, dp->d_ttl, diff --git a/contrib/bind/bin/named/ns_xfr.c b/contrib/bind/bin/named/ns_xfr.c index d7a850579070..7b1c99b1353c 100644 --- a/contrib/bind/bin/named/ns_xfr.c +++ b/contrib/bind/bin/named/ns_xfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_xfr.c,v 8.68 2002/04/11 05:19:06 marka Exp $"; +static const char rcsid[] = "$Id: ns_xfr.c,v 8.69 2002/06/05 03:53:49 marka Exp $"; #endif /* not lint */ /* @@ -82,15 +82,21 @@ ns_xfr(struct qstream *qsp, struct namebuf *znp, ns_deltalist *changes; switch (type) { - case ns_t_axfr: /*FALLTHROUGH*/ case ns_t_ixfr: + ns_info(ns_log_xfer_out, + "zone transfer (%s) of \"%s\" (%s) to %s serial %u -> %u", + p_type(type), zones[zone].z_origin, p_class(class), + sin_ntoa(qsp->s_from), serial_ixfr, + zones[zone].z_serial); + break; + case ns_t_axfr: /*FALLTHROUGH*/ #ifdef BIND_ZXFR case ns_t_zxfr: #endif ns_info(ns_log_xfer_out, - "zone transfer (%s) of \"%s\" (%s) to %s", + "zone transfer (%s) of \"%s\" (%s) to %s serial %u", p_type(type), zones[zone].z_origin, p_class(class), - sin_ntoa(qsp->s_from)); + sin_ntoa(qsp->s_from), zones[zone].z_serial); break; default: ns_warning(ns_log_xfer_out, diff --git a/contrib/bind/bin/ndc/ndc.c b/contrib/bind/bin/ndc/ndc.c index aa0e4a373046..d0770429261d 100644 --- a/contrib/bind/bin/ndc/ndc.c +++ b/contrib/bind/bin/ndc/ndc.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ndc.c,v 1.21 2001/12/19 23:16:23 marka Exp $"; +static const char rcsid[] = "$Id: ndc.c,v 1.22 2002/06/24 07:28:55 marka Exp $"; #endif /* not lint */ /* @@ -250,6 +250,179 @@ slashhelp(void) { "toggle silence (suppresses nonfatal errors)"); } +struct argv { + int argc; + char **argv; + int error; +}; + +static char hexdigits[] = "0123456789abcdef"; + +static void +getargs_closure(void *arg, const char *msg, int flags) { + struct argv *argv = arg; + int len; + int i; + const char *cp, *cp2; + char *tp, c; + + UNUSED(flags); + + if (argv->error) + return; + + if (argv->argc == -1) { + i = atoi(msg + 4); + if (i < 1) { + argv->error = 1; + return; + } + argv->argc = i; + argv->argv = calloc((i+1), sizeof(char*)); + return; + } + len = 0; + cp = msg + 4; + while (*cp != NULL) { + c = *cp; + if (c == '%') { + cp2 = strchr(hexdigits, cp[1]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c = (cp2-hexdigits) << 4; + cp2 = strchr(hexdigits, cp[2]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c += (cp2-hexdigits); + cp += 2; + } + if (!isalnum((unsigned)c)) { + switch (c) { + case '+': case '-': case '=': case '/': case '.': + break; + default: + len++; + } + } + len++; + cp++; + } + i = 0; + while (argv->argv[i] != NULL) + i++; + if (i >= argv->argc) { + argv->error = 1; + return; + } + argv->argv[i] = malloc(len + 1); + if (argv->argv[i] == NULL) { + argv->error = 1; + return; + } + cp = msg + 4; + tp = argv->argv[i]; + while (*cp != NULL) { + c = *cp; + if (c == '%') { + cp2 = strchr(hexdigits, cp[1]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c = (cp2-hexdigits) << 4; + cp2 = strchr(hexdigits, cp[2]); + if (cp2 == NULL) { + argv->error = 1; + return; + } + c += (cp2-hexdigits); + cp += 2; + } + if (!isalnum((unsigned)c)) { + switch (c) { + case '+': case '-': case '=': case '/': case '.': + break; + default: + *tp = '\\'; + } + } + *tp++ = c; + cp++; + } +} + +static int +get_args(char **restp) { + struct argv argv; + int len, i; + char *rest, *p; + int result = 1; + + argv.argc = -1; + argv.argv = NULL; + argv.error = 0; + + channel_loop("args", 1, getargs_closure, &argv); + if (argv.error) { + result = 0; + goto err; + } + len = 0; + for (i = 1 ; i < argv.argc && argv.argv[i] != NULL; i++) + len += strlen(argv.argv[i]) + 1; + rest = malloc(len); + if (rest == NULL) { + result = 0; + goto err; + } + p = rest; + for (i = 1 ; i < argv.argc && argv.argv[i] != NULL; i++) { + strcpy(p, argv.argv[i]); + p += strlen(argv.argv[i]); + *p++ = ' '; + } + if (p != rest) + p[-1] = '\0'; + *restp = rest; + + err: + if (argv.argv) { + for (i = 0 ; i < argv.argc && argv.argv[i] != NULL; i++) + free(argv.argv[i]); + free(argv.argv); + } + return (result); +} + +static void +exec_closure(void *arg, const char *msg, int flags) { + int *result = arg; + UNUSED(flags); + if (atoi(msg) == 250) + *result = 1; +} + +static int +try_exec(int local_quiet) { + int good = 0; + pid_t pid; + + channel_loop("exec", 1, exec_closure, &good); + + if (good) { + sleep(3); + if (!running(0, &pid)) + error("name server has not restarted (yet?)"); + else if (!local_quiet) + result("new pid is %ld", (long)pid); + } + return (good); +} + static int builtincmd(void) { static const char spaces[] = " \t"; @@ -257,14 +430,18 @@ builtincmd(void) { pid_t pid; int save_quiet = quiet; int len; + int freerest = 0; quiet = 1; len = strcspn(cmd, spaces); rest = cmd + len; - if (*rest != '\0') { - rest++; + if (*rest != '\0') rest += strspn(rest, spaces); + if (*rest == '\0' && !strncasecmp(cmd, "restart", len)) { + if (try_exec(save_quiet)) + return (1); + freerest = get_args(&rest); } syscmd = malloc(strlen(named_path) + sizeof " " + strlen(rest)); if (syscmd == NULL) @@ -274,6 +451,8 @@ builtincmd(void) { strcat(syscmd, " "); strcat(syscmd, rest); } + if (freerest) + free(rest); if (strncasecmp(cmd, "start", len) == 0) { if (running(debug, &pid)) error("name server already running? (pid %ld)", @@ -417,6 +596,7 @@ channel_loop(const char *cmdtext, int show, closure cl, void *ua) { a.cl = cl; a.ua = ua; logger_show = show; + trace("command '%s'", cmdtext); ctl = ctl_client(ev, client_addr, impute_addrlen(client_addr), (struct sockaddr *)&server, impute_addrlen((struct sockaddr *)&server), diff --git a/contrib/bind/bin/nslookup/Makefile b/contrib/bind/bin/nslookup/Makefile index 6680bc6d0418..27073c15623b 100644 --- a/contrib/bind/bin/nslookup/Makefile +++ b/contrib/bind/bin/nslookup/Makefile @@ -13,7 +13,7 @@ ## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ## SOFTWARE. -# $Id: Makefile,v 8.27 2001/01/31 08:44:43 marka Exp $ +# $Id: Makefile,v 8.28 2002/05/21 00:44:59 marka Exp $ DESTDIR= CC= cc @@ -31,7 +31,8 @@ A=a O=o EXE= LEX = lex -I -SYSLIBS = -ll -lutil +SYSLIBS =-lutil +LIBL=-ll DESTBIN = /usr/local/bin DESTSBIN = /usr/local/sbin DESTEXEC = /usr/local/libexec @@ -56,7 +57,7 @@ all: ${PROG}${EXE} ${PROG}${EXE}: ${OBJS} ${LIBBIND} Makefile ${CC} ${CDEBUG} ${LDFLAGS} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} \ - ${LIBBIND} ${SYSLIBS} + ${LIBBIND} ${LIBL} ${SYSLIBS} .c.${O}: ${CC} ${CPPFLAGS} ${CFLAGS} ${BOUNDS} -c $*.c diff --git a/contrib/bind/bin/nslookup/send.c b/contrib/bind/bin/nslookup/send.c index de60d21aba7f..738f66add051 100644 --- a/contrib/bind/bin/nslookup/send.c +++ b/contrib/bind/bin/nslookup/send.c @@ -53,7 +53,7 @@ #ifndef lint static const char sccsid[] = "@(#)send.c 5.18 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: send.c,v 8.13 2002/04/09 05:55:23 marka Exp $"; +static const char rcsid[] = "$Id: send.c,v 8.14 2002/05/10 04:35:09 marka Exp $"; #endif /* not lint */ /* @@ -291,7 +291,7 @@ SendRequest(union res_sockaddr_union *nsAddrPtr, const u_char *buf, } #else /* BSD */ if (sendto(s, (const char *)buf, buflen, 0, - (struct sockaddr *) &nsAddrPtr, + (struct sockaddr *) nsAddrPtr, clen) != buflen) { if (res.options & RES_DEBUG) perror("sendto"); diff --git a/contrib/bind/doc/html/server.html b/contrib/bind/doc/html/server.html index b7fea338cff3..5dea79436af4 100644 --- a/contrib/bind/doc/html/server.html +++ b/contrib/bind/doc/html/server.html @@ -13,6 +13,7 @@ 
 server ip_addr {
+  [ edns yes_or_no; ]
   [ bogus yes_or_no; ]
   [ support-ixfr yes_or_no; ]
   [ transfers number; ]
@@ -28,6 +29,10 @@ server ip_addr {
 
The server statement defines the characteristics to be
 associated with a remote name server.

 
+
If you discover that a server does not support EDNS you can prevent
+named making EDNS queries to it by specifying edns no;.
+The default value of edns is yes.
+
 
If you discover that a server is giving out bad data, marking it as
 bogus will prevent further queries to it.  The default value of
 bogus is no.  Marking a server as bogus
@@ -69,7 +74,7 @@ required to be signed by this key.
 
 

 

-Last Updated: $Id: server.html,v 1.12 2001/08/10 05:12:29 marka Exp $
+Last Updated: $Id: server.html,v 1.13 2002/05/24 03:04:51 marka Exp $
 

 
 
diff --git a/contrib/bind/doc/man/dnsquery.1 b/contrib/bind/doc/man/dnsquery.1
index bc0307f5b890..b6588c636744 100644
--- a/contrib/bind/doc/man/dnsquery.1
+++ b/contrib/bind/doc/man/dnsquery.1
@@ -1,4 +1,4 @@
-.\" $Id: dnsquery.1,v 8.4 2001/08/08 07:49:58 marka Exp $
+.\" $Id: dnsquery.1,v 8.5 2002/06/18 02:04:54 marka Exp $
 .\"
 .\"Copyright (c) 1995,1996,1999 by Internet Software Consortium
 .\"
@@ -49,8 +49,10 @@ are treated without case-sensitivity.
 .Bl -tag -width Fl
 .It Fl n Ar nameserver
 The nameserver to be used in the query.  Nameservers can appear as either 
-Internet addresses of the form 
-.Ar w.x.y.z 
+Internet addresses of the form
+.Ar ( w.x.y.z
+or
+.Ar xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx )
 or can appear as domain names.
 (Default: as specified in 
 .Pa /etc/resolv.conf . ) 
diff --git a/contrib/bind/doc/man/named.conf.5 b/contrib/bind/doc/man/named.conf.5
index df07b1acea89..532af69e8f8d 100644
--- a/contrib/bind/doc/man/named.conf.5
+++ b/contrib/bind/doc/man/named.conf.5
@@ -1895,6 +1895,7 @@ Any number of trusted keys can be specified.
 .Ss Syntax
 .Bd -literal
 server \fIip_addr\fR {
+  [ edns \fIyes_or_no\fR; ]
   [ bogus \fIyes_or_no\fR; ]
   [ support-ixfr \fIyes_or_no\fR; ]
   [ transfers \fInumber\fR; ]
@@ -1906,6 +1907,15 @@ server \fIip_addr\fR {
 The server statement defines the characteristics to be
 associated with a remote name server.
 .Pp
+If you discover that a server does not support EDNS you can prevent
+named making EDNS queries to it by specifying
+.Ic edns
+.Ic no; .       
+The default value of 
+.Ic edns
+is 
+.Ic yes .
+.Pp
 If you discover that a server is giving out bad data, marking it as
 .Ic bogus
 will prevent further queries to it.  The default value of
diff --git a/contrib/bind/doc/misc/rfc2317-notes.txt b/contrib/bind/doc/misc/rfc2317-notes.txt
new file mode 100644
index 000000000000..0b62d2a9a1fe
--- /dev/null
+++ b/contrib/bind/doc/misc/rfc2317-notes.txt
@@ -0,0 +1,105 @@
+Message-Id: <200005230246.WAA03750@hrothgar.gw.com>
+To: ...
+Subject: Notes on RFC-2317
+Date: Mon, 22 May 2000 22:46:55 -0400
+From: Kimmo Suominen 
+
+Hi!
+
+I wrote down some notes on RFC-2317.  I've had discussions with all of
+you regarding classless IN-ADDR.ARPA delegations, and I would very much
+appreciate any comments you may have.  Please feel free to forward this
+to other parties as you see necessary or appropriate.
+
+The goal of these notes is to try and clarify the reasoning behind the
+recommendations I've been making on implementing RFC-2317 delegations.
+In particular the following issues keep coming up with again and again
+with each vendor:
+
+    - why use "-" instead of "/"
+    - why use particular NS records
+    - why delegate within IN-ADDR.ARPA
+
+I am hoping that the these notes could eventually be used to convince
+ISPs to provide an efficient and smooth implementation of RFC-2317 with
+the least amount of headache for the end-user.
+
+Regards,
++ Kim
+
+
+
+NOTES ON IMPLEMENTING CLASSLESS IN-ADDR.ARPA DELEGATION PER RFC-2317
+
+1.  Selecting the CNAME target zone
+
+    RFC-2317 shows an example case where the target zone is a delegated
+    sub-zone of the IN-ADDR.ARPA zone for the natural class C network.
+    This will allow for the NS records for the zone can be independently
+    selected (see benefits described below).  An example of such a zone
+    would be 0-28.150.80.204.IN-ADDR.ARPA.
+
+    Now pay careful attention to the last paragraph of RFC-2317.  There
+    are broken resolver implementations that apply the "valid host name"
+    restrictions on the CNAME target (it should only be applied to the
+    PTR target name).  To avoid problems with such implementations it
+    is best to use a character that is allowed in a hostname.  I prefer
+    using a hyphen, as I did in the example above.
+
+    Some ISPs may at first refuse to delegate these zones (without any
+    explanation).  Approach such ISPs with the reasoning in here first,
+    but if that fails consider using your "forward" zone as a fallback.
+
+    There is nothing magic about the IN-ADDR.ARPA zone for RFC-2317
+    delegations.  You will have to sacrifice the optimization provided
+    by a correct IN-ADDR.ARPA delegation, but you will still retain
+    the ease of local administration for all name changes.
+
+    I recommend using a dedicated subdomain for the PTR records, e.g. if
+    your "forward" domain is "HOME.GW.COM" use "REV.HOME.GW.COM" for the
+    PTR records.
+
+2.  Selecting the NS records
+
+    The NS records for the delegated zone should include all the NS
+    records of the parent zone, in addition to any NS records pointing
+    to the public name servers the delegate may want to use.  Having the
+    name servers of the parent zone secondary the delegated zone allows
+    them to have the necessary authoritative data to return the CNAME
+    target in the additional records of a response to a PTR record query
+    (minimizing the number of queries needed to resolve an address).
+
+    This can be achieved using any zone (i.e. even a subdomain of your
+    "forward" domain), of course.  However, having the ISP delegate an
+    IN-ADDR.ARPA zone for your PTR records rather than you delegating a
+    zone to your ISP maintains the logical "owner" and "delegate" roles.
+
+    If the primary server for the delegated zone is not permanently on
+    the Internet (e.g. a dial-on-demand connection) then you would not
+    want to advertise it in the NS records.  It would just be a stealth
+    server which the advertised secondaries poll for updates.
+
+3.  Example delegation
+
+    To delegate our example zone 0-28.150.80.204.IN-ADDR.ARPA first look
+    at the NS records of the parent zone 150.80.204.IN-ADDR.ARPA.  Let's
+    say they are the following:
+
+        $ORIGIN 150.80.204.IN-ADDR.ARPA.
+        @    IN NS GRENDEL.GW.COM.
+             IN NS PYRY.GW.COM.
+
+    To delegate 204.80.150.0/28 to SRV.HOME.GW.COM you would then insert
+    these records in the parent zone data:
+
+        $ORIGIN 150.80.204.IN-ADDR.ARPA.
+        0-28 IN NS SRV.HOME.GW.COM.
+             IN NS GRENDEL.GW.COM.
+             IN NS PYRY.GW.COM.
+        $GENERATE 0-15 $ IN CNAME $.0-28.150.80.204.IN-ADDR.ARPA.
+
+    The necessary modifications to /etc/named.conf will be left as an
+    exercise to the reader.
+
+Kimmo Suominen
+Global Wire Oy
diff --git a/contrib/bind/include/arpa/nameser_compat.h b/contrib/bind/include/arpa/nameser_compat.h
index a32485ad96a9..cbceb6ed2421 100644
--- a/contrib/bind/include/arpa/nameser_compat.h
+++ b/contrib/bind/include/arpa/nameser_compat.h
@@ -32,7 +32,7 @@
 
 /*
  *      from nameser.h	8.1 (Berkeley) 6/2/93
- *	$Id: nameser_compat.h,v 8.13 2001/09/24 02:20:25 marka Exp $
+ *	$Id: nameser_compat.h,v 8.14 2002/05/18 01:39:11 marka Exp $
  */
 
 #ifndef _ARPA_NAMESER_COMPAT_
@@ -64,7 +64,7 @@
     defined(apollo) || defined(__convex__) || defined(_CRAY) || \
     defined(__hppa) || defined(__hp9000) || \
     defined(__hp9000s300) || defined(__hp9000s700) || \
-    defined(__hp3000s900) || defined(MPE) || \
+    defined(__hp3000s900) || defined(__hpux) || defined(MPE) || \
     defined (BIT_ZERO_ON_LEFT) || defined(m68k) || \
     (defined(__Lynx__) && \
      (defined(__68k__) || defined(__sparc__) || defined(__powerpc__)))
diff --git a/contrib/bind/include/isc/list.h b/contrib/bind/include/isc/list.h
index 21dd565df560..0aa6f7da9581 100644
--- a/contrib/bind/include/isc/list.h
+++ b/contrib/bind/include/isc/list.h
@@ -24,11 +24,13 @@
 	do { (list).head = NULL; (list).tail = NULL; } while (0)
 
 #define LINK(type) struct { type *prev, *next; }
-#define INIT_LINK(elt, link) \
+#define INIT_LINK_TYPE(elt, link, type) \
 	do { \
-		(elt)->link.prev = (void *)(-1); \
-		(elt)->link.next = (void *)(-1); \
+		(elt)->link.prev = (type *)(-1); \
+		(elt)->link.next = (type *)(-1); \
 	} while (0)
+#define INIT_LINK(elt, link) \
+	INIT_LINK_TYPE(elt, link, void)
 #define LINKED(elt, link) ((void *)((elt)->link.prev) != (void *)(-1))
 
 #define HEAD(list) ((list).head)
@@ -59,7 +61,7 @@
 		(list).tail = (elt); \
 	} while (0)
 
-#define UNLINK(list, elt, link) \
+#define UNLINK_TYPE(list, elt, link, type) \
 	do { \
 		INSIST(LINKED(elt, link));\
 		if ((elt)->link.next != NULL) \
@@ -70,8 +72,10 @@
 			(elt)->link.prev->link.next = (elt)->link.next; \
 		else \
 			(list).head = (elt)->link.next; \
-		INIT_LINK(elt, link); \
+		INIT_LINK_TYPE(elt, link, type); \
 	} while (0)
+#define UNLINK(list, elt, link) \
+	UNLINK_TYPE(list, elt, link, void)
 
 #define PREV(elt, link) ((elt)->link.prev)
 #define NEXT(elt, link) ((elt)->link.next)
diff --git a/contrib/bind/include/resolv.h b/contrib/bind/include/resolv.h
index ff3c01f6c068..5497f304f502 100644
--- a/contrib/bind/include/resolv.h
+++ b/contrib/bind/include/resolv.h
@@ -50,7 +50,7 @@
 
 /*
  *	@(#)resolv.h	8.1 (Berkeley) 6/2/93
- *	$Id: resolv.h,v 8.45 2002/04/12 06:27:48 marka Exp $
+ *	$Id: resolv.h,v 8.48 2002/05/31 06:05:29 marka Exp $
  */
 
 #ifndef _RESOLV_H_
@@ -156,7 +156,11 @@ struct __res_state_ext;
 struct __res_state {
 	int	retrans;	 	/* retransmition time interval */
 	int	retry;			/* number of times to retransmit */
+#ifdef sun
+	u_int	options;		/* option flags - see below. */
+#else
 	u_long	options;		/* option flags - see below. */
+#endif
 	int	nscount;		/* number of name servers */
 	struct sockaddr_in
 		nsaddr_list[MAXNS];	/* address of name server */
@@ -164,7 +168,11 @@ struct __res_state {
 	u_short	id;			/* current message id */
 	char	*dnsrch[MAXDNSRCH+1];	/* components of domain to search */
 	char	defdname[256];		/* default domain (deprecated) */
+#ifdef sun
+	u_int	pfcode;			/* RES_PRF_ flags - see below. */
+#else
 	u_long	pfcode;			/* RES_PRF_ flags - see below. */
+#endif
 	unsigned ndots:4;		/* threshold for initial abs. query */
 	unsigned nsort:4;		/* number of elements in sort_list[] */
 	char	unused[3];
@@ -177,9 +185,10 @@ struct __res_state {
 	int	res_h_errno;		/* last one set for this context */
 	int	_vcsock;		/* PRIVATE: for res_send VC i/o */
 	u_int	_flags;			/* PRIVATE: see below */
+	u_int	_pad;			/* make _u 64 bit aligned */
 	union {
 		/* On an 32-bit arch this means 512b total. */
-		char	pad[72 - 3*sizeof (int) - 2*sizeof (void *)];
+		char	pad[72 - 4*sizeof (int) - 2*sizeof (void *)];
 		struct {
 			u_int16_t		nscount;
 			u_int16_t		nstimes[MAXNS];	/* ms. */
@@ -245,6 +254,7 @@ union res_sockaddr_union {
 #define RES_USE_DNAME	0x10000000	/* use DNAME */
 #define RES_USE_A6	0x20000000	/* use A6 */
 #define RES_USE_EDNS0	0x40000000	/* use EDNS0 if configured */
+#define RES_NO_NIBBLE2	0x80000000	/* disable alternate nibble lookup */
 
 #define RES_DEFAULT	(RES_RECURSE | RES_DEFNAMES | RES_DNSRCH)
 
@@ -460,6 +470,7 @@ const char *	res_protocolname __P((int num));
 void		res_destroyprotolist __P((void));
 void		res_buildprotolist __P((void));
 const char *	res_get_nibblesuffix __P((res_state));
+const char *	res_get_nibblesuffix2 __P((res_state));
 const char *	res_get_bitstringsuffix __P((res_state));
 void		res_ndestroy __P((res_state));
 u_int16_t	res_nametoclass __P((const char *buf, int *success));
diff --git a/contrib/bind/lib/irs/dns_ho.c b/contrib/bind/lib/irs/dns_ho.c
index 7d64e5332bb0..6c0a6e7373fe 100644
--- a/contrib/bind/lib/irs/dns_ho.c
+++ b/contrib/bind/lib/irs/dns_ho.c
@@ -52,7 +52,7 @@
 /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: dns_ho.c,v 1.35 2002/05/08 01:49:27 marka Exp $";
+static const char rcsid[] = "$Id: dns_ho.c,v 1.39 2002/06/27 03:56:32 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /* Imports. */
@@ -74,6 +74,7 @@ static const char rcsid[] = "$Id: dns_ho.c,v 1.35 2002/05/08 01:49:27 marka Exp
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -161,7 +162,7 @@ static struct addrinfo * ho_addrinfo(struct irs_ho *this, const char *name,
 				     const struct addrinfo *pai);
 
 static void		map_v4v6_hostent(struct hostent *hp, char **bp,
-					 int *len);
+					 char *ep);
 static void		addrsort(res_state, char **, int);
 static struct hostent *	gethostans(struct irs_ho *this,
 				   const u_char *ansbuf, int anslen,
@@ -404,15 +405,12 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af)
 		q->answer = q->qbuf.buf;
 		q->anslen = sizeof(q->qbuf);
 		q->next = q2;
-		if ((pvt->res->options & RES_NO_BITSTRING) != 0)
-			q->action = RESTGT_IGNORE;
-		else
-			q->action = RESTGT_DOALWAYS;
+		q->action = RESTGT_DOALWAYS;
 		q2->qclass = C_IN;
 		q2->qtype = T_PTR;
 		q2->answer = q2->qbuf.buf;
 		q2->anslen = sizeof(q2->qbuf);
-		if ((pvt->res->options & RES_NO_NIBBLE) != 0)
+		if ((pvt->res->options & RES_NO_NIBBLE2) != 0)
 			q2->action = RESTGT_IGNORE;
 		else
 			q2->action = RESTGT_AFTERFAILURE;
@@ -441,11 +439,12 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af)
 	case AF_INET6:
 		if (q->action != RESTGT_IGNORE) {
 			qp = q->qname;
-			qp += SPRINTF((qp, "\\[x"));
-			for (n = 0; n < IN6ADDRSZ; n++)
-				qp += SPRINTF((qp, "%02x", uaddr[n]));
-			SPRINTF((qp, "/128].%s",
-				 res_get_bitstringsuffix(pvt->res)));
+			for (n = IN6ADDRSZ - 1; n >= 0; n--) {
+				qp += SPRINTF((qp, "%x.%x.",
+					       uaddr[n] & 0xf,
+					       (uaddr[n] >> 4) & 0xf));
+			}
+			strcpy(qp, res_get_nibblesuffix(pvt->res));
 		}
 		if (q2->action != RESTGT_IGNORE) {
 			qp = q2->qname;
@@ -454,7 +453,7 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af)
 					       uaddr[n] & 0xf,
 					       (uaddr[n] >> 4) & 0xf));
 			}
-			strcpy(qp, res_get_nibblesuffix(pvt->res));
+			strcpy(qp, res_get_nibblesuffix2(pvt->res));
 		}
 		break;
 	default:
@@ -1081,7 +1080,7 @@ gethostans(struct irs_ho *this,
 	   struct addrinfo **ret_aip, const struct addrinfo *pai)
 {
 	struct pvt *pvt = (struct pvt *)this->private;
-	int type, class, buflen, ancount, qdcount, n, haveanswer, had_error;
+	int type, class, ancount, qdcount, n, haveanswer, had_error;
 	int error = NETDB_SUCCESS, arcount;
 	int (*name_ok)(const char *);
 	const HEADER *hp;
@@ -1090,7 +1089,7 @@ gethostans(struct irs_ho *this,
 	const u_char *cp;
 	const char *tname;
 	const char *hname;
-	char *bp, **ap, **hap;
+	char *bp, *ep, **ap, **hap;
 	char tbuf[MAXDNAME+1];
 	struct addrinfo sentinel, *cur, ai;
 	const u_char *arp = NULL;
@@ -1133,13 +1132,13 @@ gethostans(struct irs_ho *this,
 	qdcount = ntohs(hp->qdcount);
 	arcount = ntohs(hp->arcount);
 	bp = pvt->hostbuf;
-	buflen = sizeof pvt->hostbuf;
+	ep = pvt->hostbuf + sizeof(pvt->hostbuf);
 	cp = ansbuf + HFIXEDSZ;
 	if (qdcount != 1) {
 		RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 		return (NULL);
 	}
-	n = dn_expand(ansbuf, eom, cp, bp, buflen);
+	n = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 	if (n < 0 || !maybe_ok(pvt->res, bp, name_ok)) {
 		RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 		return (NULL);
@@ -1163,7 +1162,6 @@ gethostans(struct irs_ho *this,
 		pvt->host.h_name = bp;
 		hname = bp;
 		bp += n;
-		buflen -= n;
 		/* The qname can be abbreviated, but hname is now absolute. */
 		qname = pvt->host.h_name;
 	}
@@ -1176,7 +1174,7 @@ gethostans(struct irs_ho *this,
 	haveanswer = 0;
 	had_error = 0;
 	while (ancount-- > 0 && cp < eom && !had_error) {
-		n = dn_expand(ansbuf, eom, cp, bp, buflen);
+		n = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 		if (n < 0 || !maybe_ok(pvt->res, bp, name_ok)) {
 			had_error++;
 			continue;
@@ -1197,6 +1195,15 @@ gethostans(struct irs_ho *this,
 		eor = cp + n;
 		if ((qtype == T_A || qtype == T_AAAA || qtype == ns_t_a6 ||
 		     qtype == T_ANY) && type == T_CNAME) {
+			if (haveanswer) {
+				int level = LOG_CRIT;
+#ifdef LOG_SECURITY
+				level |= LOG_SECURITY;
+#endif
+				syslog(level,
+ "gethostans: possible attempt to exploit buffer overflow while looking up %s",
+					*qname ? qname : ".");
+			}
 			n = dn_expand(ansbuf, eor, cp, tbuf, sizeof tbuf);
 			if (n < 0 || !maybe_ok(pvt->res, tbuf, name_ok)) {
 				had_error++;
@@ -1209,10 +1216,9 @@ gethostans(struct irs_ho *this,
 			*ap++ = bp;
 			n = strlen(bp) + 1;	/* for the \0 */
 			bp += n;
-			buflen -= n;
 			/* Get canonical name. */
 			n = strlen(tbuf) + 1;	/* for the \0 */
-			if (n > buflen || n > MAXHOSTNAMELEN) {
+			if (n > (ep - bp) || n > MAXHOSTNAMELEN) {
 				had_error++;
 				continue;
 			}
@@ -1220,7 +1226,6 @@ gethostans(struct irs_ho *this,
 			pvt->host.h_name = bp;
 			hname = bp;
 			bp += n;
-			buflen -= n;
 			continue;
 		}
 		if (type == ns_t_dname) {
@@ -1256,7 +1261,7 @@ gethostans(struct irs_ho *this,
 			cp += n;
 
 			n = strlen(t) + 1; /* for the \0 */
-			if (n > buflen) {
+			if (n > (ep - bp)) {
 				had_error++;
 				continue;
 			}
@@ -1266,7 +1271,6 @@ gethostans(struct irs_ho *this,
 			else
 				hname = bp;
 			bp += n;
-			buflen -= n;
 
 			continue;
 		}
@@ -1292,14 +1296,13 @@ gethostans(struct irs_ho *this,
 			}
 			/* Get canonical name. */
 			n = strlen(tbuf) + 1;	/* for the \0 */
-			if (n > buflen) {
+			if (n > (ep - bp)) {
 				had_error++;
 				continue;
 			}
 			strcpy(bp, tbuf);
 			tname = bp;
 			bp += n;
-			buflen -= n;
 			continue;
 		}
 		if (qtype == T_ANY) {
@@ -1323,7 +1326,7 @@ gethostans(struct irs_ho *this,
 				cp += n;
 				continue;
 			}
-			n = dn_expand(ansbuf, eor, cp, bp, buflen);
+			n = dn_expand(ansbuf, eor, cp, bp, ep - bp);
 			if (n < 0 || !maybe_hnok(pvt->res, bp) ||
 			    n >= MAXHOSTNAMELEN) {
 				had_error++;
@@ -1341,7 +1344,6 @@ gethostans(struct irs_ho *this,
 			if (n != -1) {
 				n = strlen(bp) + 1;	/* for the \0 */
 				bp += n;
-				buflen -= n;
 			}
 			break;
 		case ns_t_a6: {
@@ -1441,7 +1443,6 @@ gethostans(struct irs_ho *this,
 				pvt->host.h_name = bp;
 				hname = bp;
 				bp += nn;
-				buflen -= nn;
 			}
 			/* Ensure alignment. */
 			bp = (char *)(((u_long)bp + (sizeof(align) - 1)) &
@@ -1495,15 +1496,14 @@ gethostans(struct irs_ho *this,
 					 haveanswer);
 			if (pvt->host.h_name == NULL) {
 				n = strlen(qname) + 1;	/* for the \0 */
-				if (n > buflen || n >= MAXHOSTNAMELEN)
+				if (n > (ep - bp) || n >= MAXHOSTNAMELEN)
 					goto no_recovery;
 				strcpy(bp, qname);
 				pvt->host.h_name = bp;
 				bp += n;
-				buflen -= n;
 			}
 			if (pvt->res->options & RES_USE_INET6)
-				map_v4v6_hostent(&pvt->host, &bp, &buflen);
+				map_v4v6_hostent(&pvt->host, &bp, ep);
 			RES_SET_H_ERRNO(pvt->res, NETDB_SUCCESS);
 			return (&pvt->host);
 		} else {
@@ -1577,7 +1577,7 @@ add_hostent(struct pvt *pvt, char *bp, char **hap, struct addrinfo *ai)
 }
 
 static void
-map_v4v6_hostent(struct hostent *hp, char **bpp, int *lenp) {
+map_v4v6_hostent(struct hostent *hp, char **bpp, char *ep) {
 	char **ap;
 
 	if (hp->h_addrtype != AF_INET || hp->h_length != INADDRSZ)
@@ -1590,17 +1590,15 @@ map_v4v6_hostent(struct hostent *hp, char **bpp, int *lenp) {
 		if (i != 0)
 			i = sizeof(align) - i;
 
-		if (*lenp < (i + IN6ADDRSZ)) {
+		if ((ep - *bpp) < (i + IN6ADDRSZ)) {
 			/* Out of memory.  Truncate address list here. */
 			*ap = NULL;
 			return;
 		}
 		*bpp += i;
-		*lenp -= i;
 		map_v4v6_address(*ap, *bpp);
 		*ap = *bpp;
 		*bpp += IN6ADDRSZ;
-		*lenp -= IN6ADDRSZ;
 	}
 }
 
diff --git a/contrib/bind/lib/irs/dns_nw.c b/contrib/bind/lib/irs/dns_nw.c
index fbc613f24016..f39a59a05a2c 100644
--- a/contrib/bind/lib/irs/dns_nw.c
+++ b/contrib/bind/lib/irs/dns_nw.c
@@ -16,7 +16,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: dns_nw.c,v 1.22 2002/02/27 03:50:10 marka Exp $";
+static const char rcsid[] = "$Id: dns_nw.c,v 1.23 2002/06/26 07:42:06 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /* Imports. */
@@ -299,8 +299,8 @@ get1101answer(struct irs_nw *this,
 	      int af, const char *name, const u_char *addr, int addrlen)
 {
 	struct pvt *pvt = (struct pvt *)this->private;
-	int type, class, buflen, ancount, qdcount, haveanswer;
-	char *bp, **ap;
+	int type, class, ancount, qdcount, haveanswer;
+	char *bp, *ep, **ap;
 	u_char *cp, *eom;
 	HEADER *hp;
 
@@ -332,7 +332,7 @@ get1101answer(struct irs_nw *this,
 
 	/* Prepare a return structure. */
 	bp = pvt->buf;
-	buflen = sizeof pvt->buf;
+	ep = pvt->buf + sizeof(pvt->buf);
 	pvt->net.n_name = NULL;
 	pvt->net.n_aliases = pvt->ali;
 	pvt->net.n_addrtype = af;
@@ -345,20 +345,19 @@ get1101answer(struct irs_nw *this,
 		if (name != NULL) {
 			int n = strlen(name) + 1;
 
-			if (n > buflen) {
+			if (n > (ep - bp)) {
 				RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 				return (NULL);
 			}
 			pvt->net.n_name = strcpy(bp, name);
 			bp += n;
-			buflen -= n;
 		}
 		break;
 	case by_addr:
 		if (addr != NULL && addrlen != 0) {
 			int n = addrlen / 8 + ((addrlen % 8) != 0);
 
-			if (INADDRSZ > buflen) {
+			if (INADDRSZ > (ep - bp)) {
 				RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 				return (NULL);
 			}
@@ -366,7 +365,6 @@ get1101answer(struct irs_nw *this,
 			memcpy(bp, addr, n);
 			pvt->net.n_addr = bp;
 			bp += INADDRSZ;
-			buflen -= INADDRSZ;
 		}
 		break;
 	default:
@@ -377,7 +375,7 @@ get1101answer(struct irs_nw *this,
 	ap = pvt->ali;
 	haveanswer = 0;
 	while (--ancount >= 0 && cp < eom) {
-		int n = dn_expand(ansbuf, eom, cp, bp, buflen);
+		int n = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 
 		cp += n;		/* Owner */
 		if (n < 0 || !maybe_dnok(pvt->res, bp) ||
@@ -392,7 +390,7 @@ get1101answer(struct irs_nw *this,
 		if (class == C_IN && type == T_PTR) {
 			int nn;
 
-			nn = dn_expand(ansbuf, eom, cp, bp, buflen);
+			nn = dn_expand(ansbuf, eom, cp, bp, ep - bp);
 			if (nn < 0 || !maybe_hnok(pvt->res, bp) || nn != n) {
 				RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 				return (NULL);
@@ -408,7 +406,6 @@ get1101answer(struct irs_nw *this,
 					*ap++ = bp;
 				nn = strlen(bp) + 1;
 				bp += nn;
-				buflen -= nn;
 				haveanswer++;
 				break;
 			    }
@@ -419,7 +416,7 @@ get1101answer(struct irs_nw *this,
 				    sscanf(bp, "%u.%u.%u.%u.in-addr.arpa",
 					   &b1, &b2, &b3, &b4) != 4)
 					break;
-				if (buflen < INADDRSZ) {
+				if ((ep - bp) < INADDRSZ) {
 					RES_SET_H_ERRNO(pvt->res, NO_RECOVERY);
 					return (NULL);
 				}
@@ -428,7 +425,6 @@ get1101answer(struct irs_nw *this,
 				*bp++ = b3;
 				*bp++ = b2;
 				*bp++ = b1;
-				buflen -= INADDRSZ;
 				pvt->net.n_length = INADDRSZ * 8;
 				haveanswer++;
 			    }
diff --git a/contrib/bind/lib/irs/gethostent.c b/contrib/bind/lib/irs/gethostent.c
index 586fa492a372..8e7e7179f66b 100644
--- a/contrib/bind/lib/irs/gethostent.c
+++ b/contrib/bind/lib/irs/gethostent.c
@@ -16,7 +16,7 @@
  */
 
 #if !defined(LINT) && !defined(CODECENTER)
-static const char rcsid[] = "$Id: gethostent.c,v 1.29 2001/05/29 05:48:44 marka Exp $";
+static const char rcsid[] = "$Id: gethostent.c,v 1.32 2002/05/27 06:50:55 marka Exp $";
 #endif
 
 /* Imports */
@@ -458,34 +458,34 @@ freehostent(struct hostent *he) {
  *	-1 on failure.
  */
 
-static int
-scan_interfaces(int *have_v4, int *have_v6) {
-#ifndef SIOCGLIFCONF
-/* map new to old */
-#define SIOCGLIFCONF SIOCGIFCONF
-#define lifc_len ifc_len
-#define lifc_buf ifc_buf
-	struct ifconf lifc;
+#if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \
+    !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) 
+
+#ifdef __hpux
+#define lifc_len iflc_len
+#define lifc_buf iflc_buf
+#define lifc_req iflc_req
+#define LIFCONF if_laddrconf
 #else
 #define SETFAMILYFLAGS
-	struct lifconf lifc;
+#define LIFCONF lifconf
 #endif
-
-#ifndef SIOCGLIFADDR
-/* map new to old */
-#define SIOCGLIFADDR SIOCGIFADDR
-#endif
-
-#ifndef SIOCGLIFFLAGS
-#define SIOCGLIFFLAGS SIOCGIFFLAGS
-#define lifr_addr ifr_addr
-#define lifr_name ifr_name
-#define lifr_flags ifr_flags
+ 
+#ifdef __hpux
+#define lifr_addr iflr_addr
+#define lifr_name iflr_name
+#define lifr_dstaddr iflr_dstaddr
+#define lifr_flags iflr_flags
 #define ss_family sa_family
-	struct ifreq lifreq;
+#define LIFREQ if_laddrreq
 #else
-	struct lifreq lifreq;
+#define LIFREQ lifreq
 #endif
+
+static int
+scan_interfaces6(int *have_v4, int *have_v6) {
+	struct LIFCONF lifc;
+	struct LIFREQ lifreq;
 	struct in_addr in4;
 	struct in6_addr in6;
 	char *buf = NULL, *cp, *cplim;
@@ -496,7 +496,7 @@ scan_interfaces(int *have_v4, int *have_v6) {
 	*have_v4 = *have_v6 = 0;
 
 	/* Get interface list from system. */
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) == -1)
 		goto err_ret;
 
 	/*
@@ -508,20 +508,11 @@ scan_interfaces(int *have_v4, int *have_v6) {
 		if (buf == NULL)
 			goto err_ret;
 #ifdef SETFAMILYFLAGS
-		lifc.lifc_family = AF_UNSPEC;
+		lifc.lifc_family = AF_UNSPEC;	/* request all families */
 		lifc.lifc_flags = 0;
 #endif
 		lifc.lifc_len = bufsiz;
 		lifc.lifc_buf = buf;
-#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF
-		/*
-		 * This is a fix for IRIX OS in which the call to ioctl with
-		 * the flag SIOCGIFCONF may not return an entry for all the
-		 * interfaces like most flavors of Unix.
-		 */
-		if (emul_ioctl(&lifc) >= 0)
-			break;
-#else
 		if ((n = ioctl(s, SIOCGLIFCONF, (char *)&lifc)) != -1) {
 			/*
 			 * Some OS's just return what will fit rather
@@ -534,7 +525,6 @@ scan_interfaces(int *have_v4, int *have_v6) {
 			if (lifc.lifc_len + 2 * sizeof(lifreq) < bufsiz)
 				break;
 		}
-#endif
 		if ((n == -1) && errno != EINVAL)
 			goto err_ret;
 
@@ -620,6 +610,158 @@ scan_interfaces(int *have_v4, int *have_v6) {
 	return (-1);
 }
 
+#endif
+
+static int
+scan_interfaces(int *have_v4, int *have_v6) {
+	struct ifconf ifc;
+	union {
+		char _pad[256];		/* leave space for IPv6 addresses */
+		struct ifreq ifreq;
+	} u;
+	struct in_addr in4;
+	struct in6_addr in6;
+	char *buf = NULL, *cp, *cplim;
+	static unsigned int bufsiz = 4095;
+	int s, n;
+	size_t cpsize;
+
+#if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \
+    !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) 
+	/*
+	 * Try to scan the interfaces using IPv6 ioctls().
+	 */
+	if (!scan_interfaces6(have_v4, have_v6))
+		return (0);
+#endif
+
+	/* Set to zero.  Used as loop terminators below. */
+	*have_v4 = *have_v6 = 0;
+
+	/* Get interface list from system. */
+	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+		goto err_ret;
+
+	/*
+	 * Grow buffer until large enough to contain all interface
+	 * descriptions.
+	 */
+	for (;;) {
+		buf = memget(bufsiz);
+		if (buf == NULL)
+			goto err_ret;
+		ifc.ifc_len = bufsiz;
+		ifc.ifc_buf = buf;
+#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF
+		/*
+		 * This is a fix for IRIX OS in which the call to ioctl with
+		 * the flag SIOCGIFCONF may not return an entry for all the
+		 * interfaces like most flavors of Unix.
+		 */
+		if (emul_ioctl(&ifc) >= 0)
+			break;
+#else
+		if ((n = ioctl(s, SIOCGIFCONF, (char *)&ifc)) != -1) {
+			/*
+			 * Some OS's just return what will fit rather
+			 * than set EINVAL if the buffer is too small
+			 * to fit all the interfaces in.  If 
+			 * ifc.ifc_len is too near to the end of the
+			 * buffer we will grow it just in case and
+			 * retry.
+			 */
+			if (ifc.ifc_len + 2 * sizeof(u.ifreq) < bufsiz)
+				break;
+		}
+#endif
+		if ((n == -1) && errno != EINVAL)
+			goto err_ret;
+
+		if (bufsiz > 1000000)
+			goto err_ret;
+
+		memput(buf, bufsiz);
+		bufsiz += 4096;
+	}
+
+	/* Parse system's interface list. */
+	cplim = buf + ifc.ifc_len;    /* skip over if's with big ifr_addr's */
+	for (cp = buf;
+	     (*have_v4 == 0 || *have_v6 == 0) && cp < cplim;
+	     cp += cpsize) {
+		memcpy(&u.ifreq, cp, sizeof u.ifreq);
+#ifdef HAVE_SA_LEN
+#ifdef FIX_ZERO_SA_LEN
+		if (u.ifreq.ifr_addr.sa_len == 0)
+			u.ifreq.ifr_addr.sa_len = 16;
+#endif
+#ifdef HAVE_MINIMUM_IFREQ
+		cpsize = sizeof u.ifreq;
+		if (u.ifreq.ifr_addr.sa_len > sizeof (struct sockaddr))
+			cpsize += (int)u.ifreq.ifr_addr.sa_len -
+				(int)(sizeof (struct sockaddr));
+#else
+		cpsize = sizeof u.ifreq.ifr_name + u.ifreq.ifr_addr.sa_len;
+#endif /* HAVE_MINIMUM_IFREQ */
+		if (cpsize > sizeof u.ifreq && cpsize <= sizeof u)
+			memcpy(&u.ifreq, cp, cpsize);
+#elif defined SIOCGIFCONF_ADDR
+		cpsize = sizeof u.ifreq;
+#else
+		cpsize = sizeof u.ifreq.ifr_name;
+		/* XXX maybe this should be a hard error? */
+		if (ioctl(s, SIOCGIFADDR, (char *)&u.ifreq) < 0)
+			continue;
+#endif
+		switch (u.ifreq.ifr_addr.sa_family) {
+		case AF_INET:
+			if (*have_v4 == 0) {
+				memcpy(&in4,
+				       &((struct sockaddr_in *)
+				       &u.ifreq.ifr_addr)->sin_addr,
+				       sizeof in4);
+				if (in4.s_addr == INADDR_ANY)
+					break;
+				n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq);
+				if (n < 0)
+					break;
+				if ((u.ifreq.ifr_flags & IFF_UP) == 0)
+					break;
+				*have_v4 = 1;
+			} 
+			break;
+		case AF_INET6:
+			if (*have_v6 == 0) {
+				memcpy(&in6,
+				       &((struct sockaddr_in6 *)
+				       &u.ifreq.ifr_addr)->sin6_addr,
+				       sizeof in6);
+				if (memcmp(&in6, &in6addr_any, sizeof in6) == 0)
+					break;
+				n = ioctl(s, SIOCGIFFLAGS, (char *)&u.ifreq);
+				if (n < 0)
+					break;
+				if ((u.ifreq.ifr_flags & IFF_UP) == 0)
+					break;
+				*have_v6 = 1;
+			}
+			break;
+		}
+	}
+	if (buf != NULL)
+		memput(buf, bufsiz);
+	close(s);
+	/* printf("scan interface -> 4=%d 6=%d\n", *have_v4, *have_v6); */
+	return (0);
+ err_ret:
+	if (buf != NULL)
+		memput(buf, bufsiz);
+	if (s != -1)
+		close(s);
+	/* printf("scan interface -> 4=%d 6=%d\n", *have_v4, *have_v6); */
+	return (-1);
+}
+
 static struct hostent *
 copyandmerge(struct hostent *he1, struct hostent *he2, int af, int *error_num) {
 	struct hostent *he = NULL;
diff --git a/contrib/bind/lib/nameser/ns_name.c b/contrib/bind/lib/nameser/ns_name.c
index cf371b660126..96c41e873659 100644
--- a/contrib/bind/lib/nameser/ns_name.c
+++ b/contrib/bind/lib/nameser/ns_name.c
@@ -16,7 +16,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: ns_name.c,v 8.17 2001/10/03 14:34:32 marka Exp $";
+static const char rcsid[] = "$Id: ns_name.c,v 8.18 2002/05/24 05:10:40 marka Exp $";
 #endif
 
 #include "port_before.h"
@@ -681,6 +681,8 @@ special(int ch) {
 	case 0x2E: /* '.' */
 	case 0x3B: /* ';' */
 	case 0x5C: /* '\\' */
+	case 0x28: /* '(' */
+	case 0x29: /* ')' */
 	/* Special modifiers in zone files. */
 	case 0x40: /* '@' */
 	case 0x24: /* '$' */
diff --git a/contrib/bind/lib/resolv/res_debug.c b/contrib/bind/lib/resolv/res_debug.c
index 9b61e11b450f..f2c0689f90f9 100644
--- a/contrib/bind/lib/resolv/res_debug.c
+++ b/contrib/bind/lib/resolv/res_debug.c
@@ -95,7 +95,7 @@
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_debug.c	8.1 (Berkeley) 6/4/93";
-static const char rcsid[] = "$Id: res_debug.c,v 8.45 2001/12/19 12:05:56 marka Exp $";
+static const char rcsid[] = "$Id: res_debug.c,v 8.46 2002/05/21 01:57:45 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include "port_before.h"
@@ -683,12 +683,10 @@ precsize_ntoa(prec)
 
 /* converts ascii size/precision X * 10**Y(cm) to 0xXY.  moves pointer. */
 static u_int8_t
-precsize_aton(strptr)
-	char **strptr;
-{
+precsize_aton(const char **strptr) {
 	unsigned int mval = 0, cmval = 0;
 	u_int8_t retval = 0;
-	char *cp;
+	const char *cp;
 	int exponent;
 	int mantissa;
 
@@ -725,11 +723,8 @@ precsize_aton(strptr)
 
 /* converts ascii lat/lon to unsigned encoded 32-bit number.  moves pointer. */
 static u_int32_t
-latlon2ul(latlonstrptr,which)
-	char **latlonstrptr;
-	int *which;
-{
-	char *cp;
+latlon2ul(const char **latlonstrptr, int *which) {
+	const char *cp;
 	u_int32_t retval;
 	int deg = 0, min = 0, secs = 0, secsfrac = 0;
 
diff --git a/contrib/bind/lib/resolv/res_init.c b/contrib/bind/lib/resolv/res_init.c
index 8dc72f4682ff..9f99d14fbc9f 100644
--- a/contrib/bind/lib/resolv/res_init.c
+++ b/contrib/bind/lib/resolv/res_init.c
@@ -70,7 +70,7 @@
 
 #if defined(LIBC_SCCS) && !defined(lint)
 static const char sccsid[] = "@(#)res_init.c	8.1 (Berkeley) 6/7/93";
-static const char rcsid[] = "$Id: res_init.c,v 8.28 2002/01/30 01:07:35 marka Exp $";
+static const char rcsid[] = "$Id: res_init.c,v 8.29 2002/05/31 06:05:31 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include "port_before.h"
@@ -194,7 +194,8 @@ __res_vinit(res_state statp, int preinit) {
 	if (statp->_u._ext.ext != NULL) {
 	        memset(statp->_u._ext.ext, 0, sizeof(*statp->_u._ext.ext));
 		statp->_u._ext.ext->nsaddrs[0].sin = statp->nsaddr;
-		strcpy(statp->_u._ext.ext->nsuffix, "ip6.int");
+		strcpy(statp->_u._ext.ext->nsuffix, "ip6.arpa");
+		strcpy(statp->_u._ext.ext->nsuffix2, "ip6.int");
 		strcpy(statp->_u._ext.ext->bsuffix, "ip6.arpa");
 	}
 #ifdef RESOLVSORT
@@ -520,6 +521,14 @@ res_setoptions(res_state statp, const char *options, const char *source)
 			strncpy(ext->nsuffix, cp, i);
 			ext->nsuffix[i] = '\0';
 		}
+		else if (!strncmp(cp, "nibble2:", sizeof("nibble2:") - 1)) {
+			if (ext == NULL)
+				goto skip;
+			cp += sizeof("nibble2:") - 1;
+			i = MIN(strcspn(cp, " \t"), sizeof(ext->nsuffix2) - 1);
+			strncpy(ext->nsuffix2, cp, i);
+			ext->nsuffix2[i] = '\0';
+		}
 		else if (!strncmp(cp, "bitstring:", sizeof("bitstring:") - 1)) {
 			if (ext == NULL)
 				goto skip;
@@ -530,16 +539,12 @@ res_setoptions(res_state statp, const char *options, const char *source)
 		}
 		else if (!strncmp(cp, "v6revmode:", sizeof("v6revmode:") - 1)) {
 			cp += sizeof("v6revmode:") - 1;
-			if (!strncmp(cp, "nibble", sizeof("nibble") - 1)) {
-				statp->options &= ~RES_NO_NIBBLE;
-				statp->options |= RES_NO_BITSTRING;
-			} else if (!strncmp(cp, "bitstring",
-				    sizeof("bitstring") - 1)) {
-				statp->options |= RES_NO_NIBBLE;
-				statp->options &= ~RES_NO_BITSTRING;
+			/* "nibble" and "bitstring" used to be valid */
+			if (!strncmp(cp, "single", sizeof("single") - 1)) {
+				statp->options |= RES_NO_NIBBLE2;
 			} else if (!strncmp(cp, "both", sizeof("both") - 1)) {
 				statp->options &=
-					 ~(RES_NO_NIBBLE|RES_NO_BITSTRING);
+					 ~RES_NO_NIBBLE2;
 			}
 		}
 		else {
@@ -613,6 +618,13 @@ const char *
 res_get_nibblesuffix(res_state statp) {
 	if (statp->_u._ext.ext)
 		return (statp->_u._ext.ext->nsuffix);
+	return ("ip6.arpa");
+}
+
+const char *
+res_get_nibblesuffix2(res_state statp) {
+	if (statp->_u._ext.ext)
+		return (statp->_u._ext.ext->nsuffix2);
 	return ("ip6.int");
 }
 
diff --git a/contrib/bind/lib/resolv/res_private.h b/contrib/bind/lib/resolv/res_private.h
index 2c7fa5e2a8ec..ec9b384b9116 100644
--- a/contrib/bind/lib/resolv/res_private.h
+++ b/contrib/bind/lib/resolv/res_private.h
@@ -12,6 +12,7 @@ struct __res_state_ext {
 	} sort_list[MAXRESOLVSORT];
 	char nsuffix[64];
 	char bsuffix[64];
+	char nsuffix2[64];
 };
 
 extern int
diff --git a/contrib/bind/port/freebsd/Makefile.set b/contrib/bind/port/freebsd/Makefile.set
index acf7a563053f..0cf3c39104f6 100644
--- a/contrib/bind/port/freebsd/Makefile.set
+++ b/contrib/bind/port/freebsd/Makefile.set
@@ -1,5 +1,5 @@
 'CC=cc'
-'CDEBUG=-O2 -g -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -DMEMCLUSTER_RECORD=1'
+'CDEBUG=-O2 -g -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat'
 'DESTBIN=/usr/bin'
 'DESTSBIN=/usr/sbin'
 'DESTEXEC=/usr/libexec'
@@ -9,7 +9,8 @@
 'DESTRUN=/var/run'
 'LEX=lex -I'
 'YACC=yacc -d'
-'SYSLIBS=-ll -lutil'
+'SYSLIBS=-lutil'
+'LIBL=-ll'
 'INSTALL=install'
 'MANDIR=cat'
 'MANROFF=(tbl|nroff -man)'