correct indentation; no functional change
ok tb@

Rewrite parse_netprefix to no longer use isc_sockaddr_fromin{,6}.
Since this was the last user of those functions we can delete them.
OK otto

Fix EDNS Client Subnet option (+subnet=)

This got broken when we introduced ecs_plen so that we can use
natural socket types.

Fix IPv6 link-local address handling for nameservers to talk to as
well as address to bind to.
Reported by Jordan Geoghegan (jordan AT geoghegan.ca), thanks!
Debugged by & initial fix by otto
Input & OK otto

We have sockaddr_storage these days, get rid of isc_sockaddr_t.
OK beck, "beautiful" deraadt

The various sockaddr structures have length fields these days.
OK beck

we no longer need isc_netaddr_t
OK beck, deraadt (who also OK'ed the previous two diffs)

rewrite generating of IPv6 reverse names, lets us get rid of byaddr.
OK beck

Fix botched conversion. This was not converted from parse_uint() which
took a maxlength of 10 but isc_parse_uint32 which took a base of 10
and unlimited lenght. Use a maxval of 128 for prefix lengths instead.

Mechanically replace isc_boolean_t with int.
OK deraadt

Bunch of dead stores and otherwise unused stuff lets us get rid of
unix/net.{c.h}. We need to sprinkle in a few #includes that net.h
dragged in.
OK deraadt

Rewrite isc_time_microdiff() as uelapsed() and put it directly
into dig sources, lets us get rid of unix/time.{c,h}
OK deraadt

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Rewrite parse_netprefix to no longer use isc_sockaddr_fromin{,6}.
Since this was the last user of those functions we can delete them.
OK otto

Fix EDNS Client Subnet option (+subnet=)

This got broken when we introduced ecs_plen so that we can use
natural socket types.

Fix IPv6 link-local address handling for nameservers to talk to as
well as address to bind to.
Reported by Jordan Geoghegan (jordan AT geoghegan.ca), thanks!
Debugged by & initial fix by otto
Input & OK otto

We have sockaddr_storage these days, get rid of isc_sockaddr_t.
OK beck, "beautiful" deraadt

The various sockaddr structures have length fields these days.
OK beck

we no longer need isc_netaddr_t
OK beck, deraadt (who also OK'ed the previous two diffs)

rewrite generating of IPv6 reverse names, lets us get rid of byaddr.
OK beck

Fix botched conversion. This was not converted from parse_uint() which
took a maxlength of 10 but isc_parse_uint32 which took a base of 10
and unlimited lenght. Use a maxval of 128 for prefix lengths instead.

Mechanically replace isc_boolean_t with int.
OK deraadt

Bunch of dead stores and otherwise unused stuff lets us get rid of
unix/net.{c.h}. We need to sprinkle in a few #includes that net.h
dragged in.
OK deraadt

Rewrite isc_time_microdiff() as uelapsed() and put it directly
into dig sources, lets us get rid of unix/time.{c,h}
OK deraadt

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Fix EDNS Client Subnet option (+subnet=)

This got broken when we introduced ecs_plen so that we can use
natural socket types.

Fix IPv6 link-local address handling for nameservers to talk to as
well as address to bind to.
Reported by Jordan Geoghegan (jordan AT geoghegan.ca), thanks!
Debugged by & initial fix by otto
Input & OK otto

We have sockaddr_storage these days, get rid of isc_sockaddr_t.
OK beck, "beautiful" deraadt

The various sockaddr structures have length fields these days.
OK beck

we no longer need isc_netaddr_t
OK beck, deraadt (who also OK'ed the previous two diffs)

rewrite generating of IPv6 reverse names, lets us get rid of byaddr.
OK beck

Fix botched conversion. This was not converted from parse_uint() which
took a maxlength of 10 but isc_parse_uint32 which took a base of 10
and unlimited lenght. Use a maxval of 128 for prefix lengths instead.

Mechanically replace isc_boolean_t with int.
OK deraadt

Bunch of dead stores and otherwise unused stuff lets us get rid of
unix/net.{c.h}. We need to sprinkle in a few #includes that net.h
dragged in.
OK deraadt

Rewrite isc_time_microdiff() as uelapsed() and put it directly
into dig sources, lets us get rid of unix/time.{c,h}
OK deraadt

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

We have sockaddr_storage these days, get rid of isc_sockaddr_t.
OK beck, "beautiful" deraadt

The various sockaddr structures have length fields these days.
OK beck

we no longer need isc_netaddr_t
OK beck, deraadt (who also OK'ed the previous two diffs)

rewrite generating of IPv6 reverse names, lets us get rid of byaddr.
OK beck

Fix botched conversion. This was not converted from parse_uint() which
took a maxlength of 10 but isc_parse_uint32 which took a base of 10
and unlimited lenght. Use a maxval of 128 for prefix lengths instead.

Mechanically replace isc_boolean_t with int.
OK deraadt

Bunch of dead stores and otherwise unused stuff lets us get rid of
unix/net.{c.h}. We need to sprinkle in a few #includes that net.h
dragged in.
OK deraadt

Rewrite isc_time_microdiff() as uelapsed() and put it directly
into dig sources, lets us get rid of unix/time.{c,h}
OK deraadt

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

We have sockaddr_storage these days, get rid of isc_sockaddr_t.
OK beck, "beautiful" deraadt

The various sockaddr structures have length fields these days.
OK beck

we no longer need isc_netaddr_t
OK beck, deraadt (who also OK'ed the previous two diffs)

rewrite generating of IPv6 reverse names, lets us get rid of byaddr.
OK beck

Fix botched conversion. This was not converted from parse_uint() which
took a maxlength of 10 but isc_parse_uint32 which took a base of 10
and unlimited lenght. Use a maxval of 128 for prefix lengths instead.

Mechanically replace isc_boolean_t with int.
OK deraadt

Bunch of dead stores and otherwise unused stuff lets us get rid of
unix/net.{c.h}. We need to sprinkle in a few #includes that net.h
dragged in.
OK deraadt

Rewrite isc_time_microdiff() as uelapsed() and put it directly
into dig sources, lets us get rid of unix/time.{c,h}
OK deraadt

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Mechanically replace isc_boolean_t with int.
OK deraadt

Bunch of dead stores and otherwise unused stuff lets us get rid of
unix/net.{c.h}. We need to sprinkle in a few #includes that net.h
dragged in.
OK deraadt

Rewrite isc_time_microdiff() as uelapsed() and put it directly
into dig sources, lets us get rid of unix/time.{c,h}
OK deraadt

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Get rid of isc_parse_uint32() and replace it with strtonum.
While here use the standard strtonum error messages.

input & OK beck, OK kn

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

use timingsafe_bcmp and get rid of now unused safe.c

traditional nslookup would not fatal if the server name was undiscoverable.
change lower level code to return an error, and bump the fatal for host(1)
upwards, then tweak nslookup to work nicely

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

reduce multiple newlines

Stop generating rdatastruct.h and put the dns_rdata_* structs for
cname, ns, soa, and tsig directly into rdata.h

We only need to create cname, ns, soa and tsig structs.
OK jsg

We only need to fill a wire format buffer from soa and tsig structs.
OK jsg

We only need to free cname, ns, soa and tsig structs.
OK jsg

remove some uneeded includes

We are always preserving the order of records.
This lets us remove compare_* and casecompare_* functions from
RR types.
OK jung

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

rmeove more unused functions and code

ok florian

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

We are not passing options to the message renderer.
OK millert

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

set function parameter list to void

ok millert florian

Read CLOCK_MONOTONIC when we need timestamps to compare and use
time(3) for the wall clock.
prodding & OK jung

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Remove support for reading tsig keys from dnssec key pair.
This was accidentally broken some time ago.
Arguably this was the least useful way of providing tsig keys to
dig. ISC also removed generating tsig keys from dnssec-keygen in 9.13.
To read the key from disk using the -k option it has to be provided as
as a session key:
key "keyname" {
algorithm hmac-sha256;
secret "[...]";
};
OK millert

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

simplify signal setup and remove block/unblock/is_running/reload

with input from florian

ok millert florian

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

clock_gettime cannot fail if called correctly; unravel TIME_NOW
indirections.
(I'm not convinced that we always want to read CLOCK_REALTIME, in fact
we probably want to almost always read CLOCK_MONOTONIC.)
OK millert

Reduce interval indirection by setting struct members directly and
using macros from sys/time.h
OK millert

Replace isc_time_t and interval_t with struct timespec.
Input & OK millert

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Now we are only using one timer type (once) and expires is always NULL
so remove those struct members.
OK millert

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

get path to resolv.conf from resolv.h

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

+trace has the RD bit cleared however it asks the nameserver from
/etc/resolv.conf for a list of root name servers.
Arguably corectly configured recursive nameservers should REFUSE to
answer this question to prevent cache snooping.
Upstream fixed this after the license change by sending the first
query with RD set.
We go a different route, built in a list of root name servers and ask
them. Otherwise known as a priming query. This way +trace does not depend
on any localy configured nameserver in /etc/resolv.conf

"I have no other quibbles" deraadt@
input & OK sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

remove uneeded #include lines

ok florian@

Replace SIZE defines with sizeof.
While here replace memmove with memcpy, the arguments do not overlap.
OK millert, deraadt

Remove #if 0 that has been there since the initial import in 2003.

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen

Move dig(1) and needed DNS libraries into it's own source directory in
usr.bin/dig.

From the beginning when we started to remove unneeded nameserver code,
it was our goal to extract dig functionality from the bind sources,
for everyone's benefit as this is easier to reason about.

In total we removed about 2/3 or over 300.000 lines of code.

We kept the lib/ subdirectory layout but moved the content of bin/ to
the top from the old bind source directory.

Previous sources and history can be found in the src/usr.sbin/bind
Attic.

With & OK deraadt
Proposed directory layout sounds good to sthen