Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Dec 2012 12:53:51 +0000 (UTC)
From:      Erwin Lansing <erwin@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r243885 - in vendor/bind9/dist: . bin bin/check bin/confgen bin/confgen/unix bin/dig bin/dnssec bin/named bin/named/unix bin/nsupdate bin/rndc bin/tools doc doc/arm doc/misc lib lib/bin...
Message-ID:  <201212051253.qB5CrpN6056783@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: erwin
Date: Wed Dec  5 12:53:50 2012
New Revision: 243885
URL: http://svnweb.freebsd.org/changeset/base/243885

Log:
  Vendor import of Bind 9.8.4
  
  Approved by:	delphij (mentor)
  Sponsored by:	DK Hostmaster A/S

Added:
  vendor/bind9/dist/lib/dns/opensslecdsa_link.c
Modified:
  vendor/bind9/dist/CHANGES
  vendor/bind9/dist/Makefile.in
  vendor/bind9/dist/README
  vendor/bind9/dist/acconfig.h
  vendor/bind9/dist/bin/Makefile.in
  vendor/bind9/dist/bin/check/Makefile.in
  vendor/bind9/dist/bin/check/check-tool.c
  vendor/bind9/dist/bin/confgen/Makefile.in
  vendor/bind9/dist/bin/confgen/unix/Makefile.in
  vendor/bind9/dist/bin/dig/Makefile.in
  vendor/bind9/dist/bin/dig/nslookup.c
  vendor/bind9/dist/bin/dnssec/Makefile.in
  vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.8
  vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.c
  vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.docbook
  vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.html
  vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.8
  vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.c
  vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.docbook
  vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.html
  vendor/bind9/dist/bin/dnssec/dnssec-keygen.8
  vendor/bind9/dist/bin/dnssec/dnssec-keygen.c
  vendor/bind9/dist/bin/dnssec/dnssec-keygen.docbook
  vendor/bind9/dist/bin/dnssec/dnssec-keygen.html
  vendor/bind9/dist/bin/dnssec/dnssec-settime.c
  vendor/bind9/dist/bin/dnssec/dnssec-signzone.c
  vendor/bind9/dist/bin/named/Makefile.in
  vendor/bind9/dist/bin/named/builtin.c
  vendor/bind9/dist/bin/named/config.c
  vendor/bind9/dist/bin/named/controlconf.c
  vendor/bind9/dist/bin/named/convertxsl.pl
  vendor/bind9/dist/bin/named/query.c
  vendor/bind9/dist/bin/named/server.c
  vendor/bind9/dist/bin/named/statschannel.c
  vendor/bind9/dist/bin/named/unix/Makefile.in
  vendor/bind9/dist/bin/nsupdate/Makefile.in
  vendor/bind9/dist/bin/nsupdate/nsupdate.c
  vendor/bind9/dist/bin/rndc/Makefile.in
  vendor/bind9/dist/bin/tools/Makefile.in
  vendor/bind9/dist/config.h.in
  vendor/bind9/dist/configure.in
  vendor/bind9/dist/doc/Makefile.in
  vendor/bind9/dist/doc/arm/Bv9ARM-book.xml
  vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html
  vendor/bind9/dist/doc/arm/Bv9ARM.html
  vendor/bind9/dist/doc/arm/Bv9ARM.pdf
  vendor/bind9/dist/doc/arm/Makefile.in
  vendor/bind9/dist/doc/arm/man.arpaname.html
  vendor/bind9/dist/doc/arm/man.ddns-confgen.html
  vendor/bind9/dist/doc/arm/man.dig.html
  vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html
  vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html
  vendor/bind9/dist/doc/arm/man.dnssec-keygen.html
  vendor/bind9/dist/doc/arm/man.dnssec-revoke.html
  vendor/bind9/dist/doc/arm/man.dnssec-settime.html
  vendor/bind9/dist/doc/arm/man.dnssec-signzone.html
  vendor/bind9/dist/doc/arm/man.genrandom.html
  vendor/bind9/dist/doc/arm/man.host.html
  vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html
  vendor/bind9/dist/doc/arm/man.named-checkconf.html
  vendor/bind9/dist/doc/arm/man.named-checkzone.html
  vendor/bind9/dist/doc/arm/man.named-journalprint.html
  vendor/bind9/dist/doc/arm/man.named.html
  vendor/bind9/dist/doc/arm/man.nsec3hash.html
  vendor/bind9/dist/doc/arm/man.nsupdate.html
  vendor/bind9/dist/doc/arm/man.rndc-confgen.html
  vendor/bind9/dist/doc/arm/man.rndc.conf.html
  vendor/bind9/dist/doc/arm/man.rndc.html
  vendor/bind9/dist/doc/misc/Makefile.in
  vendor/bind9/dist/doc/misc/format-options.pl
  vendor/bind9/dist/doc/misc/options
  vendor/bind9/dist/doc/misc/sort-options.pl
  vendor/bind9/dist/isc-config.sh.in
  vendor/bind9/dist/lib/Makefile.in
  vendor/bind9/dist/lib/bind9/Makefile.in
  vendor/bind9/dist/lib/bind9/api
  vendor/bind9/dist/lib/bind9/check.c
  vendor/bind9/dist/lib/bind9/include/Makefile.in
  vendor/bind9/dist/lib/bind9/include/bind9/Makefile.in
  vendor/bind9/dist/lib/dns/Makefile.in
  vendor/bind9/dist/lib/dns/adb.c
  vendor/bind9/dist/lib/dns/api
  vendor/bind9/dist/lib/dns/db.c
  vendor/bind9/dist/lib/dns/dnssec.c
  vendor/bind9/dist/lib/dns/ds.c
  vendor/bind9/dist/lib/dns/dst_api.c
  vendor/bind9/dist/lib/dns/dst_internal.h
  vendor/bind9/dist/lib/dns/dst_openssl.h
  vendor/bind9/dist/lib/dns/dst_parse.c
  vendor/bind9/dist/lib/dns/dst_parse.h
  vendor/bind9/dist/lib/dns/dst_result.c
  vendor/bind9/dist/lib/dns/include/Makefile.in
  vendor/bind9/dist/lib/dns/include/dns/db.h
  vendor/bind9/dist/lib/dns/include/dns/dnssec.h
  vendor/bind9/dist/lib/dns/include/dns/ds.h
  vendor/bind9/dist/lib/dns/include/dns/iptable.h
  vendor/bind9/dist/lib/dns/include/dns/keyvalues.h
  vendor/bind9/dist/lib/dns/include/dns/log.h
  vendor/bind9/dist/lib/dns/include/dns/rdataset.h
  vendor/bind9/dist/lib/dns/include/dns/rpz.h
  vendor/bind9/dist/lib/dns/include/dns/stats.h
  vendor/bind9/dist/lib/dns/include/dns/view.h
  vendor/bind9/dist/lib/dns/include/dns/zone.h
  vendor/bind9/dist/lib/dns/include/dst/Makefile.in
  vendor/bind9/dist/lib/dns/include/dst/dst.h
  vendor/bind9/dist/lib/dns/include/dst/result.h
  vendor/bind9/dist/lib/dns/log.c
  vendor/bind9/dist/lib/dns/master.c
  vendor/bind9/dist/lib/dns/masterdump.c
  vendor/bind9/dist/lib/dns/openssl_link.c
  vendor/bind9/dist/lib/dns/openssldh_link.c
  vendor/bind9/dist/lib/dns/openssldsa_link.c
  vendor/bind9/dist/lib/dns/opensslgost_link.c
  vendor/bind9/dist/lib/dns/opensslrsa_link.c
  vendor/bind9/dist/lib/dns/rbtdb.c
  vendor/bind9/dist/lib/dns/rcode.c
  vendor/bind9/dist/lib/dns/rdata.c
  vendor/bind9/dist/lib/dns/rdata/generic/dlv_32769.c
  vendor/bind9/dist/lib/dns/rdata/generic/ds_43.c
  vendor/bind9/dist/lib/dns/rdataset.c
  vendor/bind9/dist/lib/dns/resolver.c
  vendor/bind9/dist/lib/dns/rpz.c
  vendor/bind9/dist/lib/dns/spnego_asn1.pl
  vendor/bind9/dist/lib/dns/validator.c
  vendor/bind9/dist/lib/dns/view.c
  vendor/bind9/dist/lib/dns/zone.c
  vendor/bind9/dist/lib/export/Makefile.in
  vendor/bind9/dist/lib/export/dns/Makefile.in
  vendor/bind9/dist/lib/export/dns/include/Makefile.in
  vendor/bind9/dist/lib/export/dns/include/dns/Makefile.in
  vendor/bind9/dist/lib/export/dns/include/dst/Makefile.in
  vendor/bind9/dist/lib/export/irs/include/irs/Makefile.in
  vendor/bind9/dist/lib/export/isc/Makefile.in
  vendor/bind9/dist/lib/export/isc/include/isc/Makefile.in
  vendor/bind9/dist/lib/export/isc/nls/Makefile.in
  vendor/bind9/dist/lib/export/isc/nothreads/Makefile.in
  vendor/bind9/dist/lib/export/isc/nothreads/include/isc/Makefile.in
  vendor/bind9/dist/lib/export/isc/pthreads/Makefile.in
  vendor/bind9/dist/lib/export/isc/pthreads/include/isc/Makefile.in
  vendor/bind9/dist/lib/export/isc/unix/Makefile.in
  vendor/bind9/dist/lib/export/isc/unix/include/isc/Makefile.in
  vendor/bind9/dist/lib/export/isccfg/include/isccfg/Makefile.in
  vendor/bind9/dist/lib/export/samples/Makefile-postinstall.in
  vendor/bind9/dist/lib/export/samples/Makefile.in
  vendor/bind9/dist/lib/irs/Makefile.in
  vendor/bind9/dist/lib/irs/include/Makefile.in
  vendor/bind9/dist/lib/irs/include/irs/Makefile.in
  vendor/bind9/dist/lib/isc/alpha/Makefile.in
  vendor/bind9/dist/lib/isc/alpha/include/Makefile.in
  vendor/bind9/dist/lib/isc/alpha/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/api
  vendor/bind9/dist/lib/isc/ia64/Makefile.in
  vendor/bind9/dist/lib/isc/ia64/include/Makefile.in
  vendor/bind9/dist/lib/isc/ia64/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/ia64/include/isc/atomic.h
  vendor/bind9/dist/lib/isc/include/Makefile.in
  vendor/bind9/dist/lib/isc/include/isc/file.h
  vendor/bind9/dist/lib/isc/include/isc/namespace.h
  vendor/bind9/dist/lib/isc/include/isc/task.h
  vendor/bind9/dist/lib/isc/mem.c
  vendor/bind9/dist/lib/isc/mips/Makefile.in
  vendor/bind9/dist/lib/isc/mips/include/Makefile.in
  vendor/bind9/dist/lib/isc/mips/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/nls/Makefile.in
  vendor/bind9/dist/lib/isc/noatomic/Makefile.in
  vendor/bind9/dist/lib/isc/noatomic/include/Makefile.in
  vendor/bind9/dist/lib/isc/noatomic/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/nothreads/Makefile.in
  vendor/bind9/dist/lib/isc/nothreads/include/Makefile.in
  vendor/bind9/dist/lib/isc/nothreads/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/powerpc/Makefile.in
  vendor/bind9/dist/lib/isc/powerpc/include/Makefile.in
  vendor/bind9/dist/lib/isc/powerpc/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/pthreads/Makefile.in
  vendor/bind9/dist/lib/isc/pthreads/condition.c
  vendor/bind9/dist/lib/isc/pthreads/include/Makefile.in
  vendor/bind9/dist/lib/isc/pthreads/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/sparc64/Makefile.in
  vendor/bind9/dist/lib/isc/sparc64/include/Makefile.in
  vendor/bind9/dist/lib/isc/sparc64/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/task.c
  vendor/bind9/dist/lib/isc/task_api.c
  vendor/bind9/dist/lib/isc/unix/Makefile.in
  vendor/bind9/dist/lib/isc/unix/file.c
  vendor/bind9/dist/lib/isc/unix/include/Makefile.in
  vendor/bind9/dist/lib/isc/unix/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/x86_32/Makefile.in
  vendor/bind9/dist/lib/isc/x86_32/include/Makefile.in
  vendor/bind9/dist/lib/isc/x86_32/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/x86_64/Makefile.in
  vendor/bind9/dist/lib/isc/x86_64/include/Makefile.in
  vendor/bind9/dist/lib/isc/x86_64/include/isc/Makefile.in
  vendor/bind9/dist/lib/isccc/api
  vendor/bind9/dist/lib/isccc/cc.c
  vendor/bind9/dist/lib/isccc/include/Makefile.in
  vendor/bind9/dist/lib/isccc/include/isccc/Makefile.in
  vendor/bind9/dist/lib/isccfg/api
  vendor/bind9/dist/lib/isccfg/include/Makefile.in
  vendor/bind9/dist/lib/isccfg/include/isccfg/Makefile.in
  vendor/bind9/dist/lib/isccfg/namedconf.c
  vendor/bind9/dist/lib/lwres/Makefile.in
  vendor/bind9/dist/lib/lwres/api
  vendor/bind9/dist/lib/lwres/getaddrinfo.c
  vendor/bind9/dist/lib/lwres/include/Makefile.in
  vendor/bind9/dist/lib/lwres/include/lwres/Makefile.in
  vendor/bind9/dist/lib/lwres/man/Makefile.in
  vendor/bind9/dist/make/rules.in
  vendor/bind9/dist/version

Modified: vendor/bind9/dist/CHANGES
==============================================================================
--- vendor/bind9/dist/CHANGES	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/CHANGES	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,15 +1,76 @@
-	--- 9.8.3-P4 released ---
+	--- 9.8.4 released ---
 
 3383.	[security]	A certain combination of records in the RBT could
                         cause named to hang while populating the additional
                         section of a response. [RT #31090]
 
-	--- 9.8.3-P3 released ---
+3373.	[bug]		win32: open raw files in binary mode. [RT #30944]
 
 3364.	[security]	Named could die on specially crafted record.
 			[RT #30416]
 
-	--- 9.8.3-P2 released ---
+	--- 9.8.4rc1 released ---
+
+3369.	[bug]		nsupdate terminated unexpectedly in interactive mode
+			if built with readline support. [RT #29550]
+
+3368.	[bug]		<dns/iptable.h> and <dns/zone.h> were not C++ safe.
+
+3367.	[bug]		dns_dnsseckey_create() result was not being checked.
+			[RT #30685]
+
+3366.	[bug]		Fixed Read-After-Write dependency violation for IA64
+			atomic operations. [RT #25181]
+
+3365.	[bug]		Removed spurious newlines from log messages in
+			zone.c [RT #30675]
+
+3363.	[bug]		Need to allow "forward" and "fowarders" options
+			in static-stub zones; this had been overlooked.
+			[RT #30482]
+
+3362.	[bug]		Setting some option values to 0 in named.conf
+			could trigger an assertion failure on startup.
+			[RT #27730]
+
+3360.	[bug]		'host -w' could die.  [RT #18723]
+
+3359.	[bug]		An improperly-formed TSIG secret could cause a
+			memory leak. [RT #30607]
+
+3357.	[port]		Add support for libxml2-2.8.x [RT #30440]
+
+3356.	[bug]		Cap the TTL of signed RRsets when RRSIGs are
+			approaching their expiry, so they don't remain
+			in caches after expiry. [RT #26429]
+
+	--- 9.8.4b1 released ---
+
+3354.	[func]		Improve OpenSSL error logging. [RT #29932]
+
+3353.	[bug]		Use a single task for task exclusive operations.
+			[RT #29872]
+
+3352.	[bug]		Ensure that learned server attributes timeout of the
+			adb cache. [RT #29856]
+
+3351.	[bug]		isc_mem_put and isc_mem_putanddetach didn't report
+			caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
+			memory debugging flags are set. [RT #30243]
+
+3350.	[bug]		Memory read overrun in isc___mem_reallocate if
+			ISC_MEM_DEBUGCTX memory debugging flag is set.
+			[RT #30240]
+
+3348.	[bug]		Prevent RRSIG data from being cached if a negative
+			record matching the covering type exists at a higher
+			trust level. Such data already can't be retrieved from
+			the cache since change 3218 -- this prevents it
+			being inserted into the cache as well. [RT #26809]
+
+3347.	[bug]		dnssec-settime: Issue a warning when writing a new
+			private key file would cause a change in the
+			permissions of the existing file. [RT #27724]
 
 3346.	[security]	Bad-cache data could be used before it was
 			initialized, causing an assert. [RT #30025]
@@ -18,11 +79,47 @@
 			resulting in excessive cpu usage in some cases.
 			[RT #29952]
 
-	--- 9.8.3-P1 released ---
+3337.	[bug]		Change #3294 broke support for the multiple keys
+			in controls. [RT #29694]
+
+3335.	[func]		nslookup: return a nonzero exit code when unable
+			to get an answer. [RT #29492]
+
+3333.	[bug]		Setting resolver-query-timeout too low can cause
+			named to not recover if it loses connectivity.
+			[RT #29623]
+
+3332.	[bug]		Re-use cached DS rrsets if possible. [RT #29446]
 
 3331.	[security]	dns_rdataslab_fromrdataset could produce bad
 			rdataslabs. [RT #29644]
-			
+
+3330.	[func]		Fix missing signatures on NOERROR results despite
+			RPZ rewriting.  Also
+			 - add optional "recursive-only yes|no" to the
+			   response-policy statement
+			 - add optional "max-policy-ttl" to the response-policy
+			    statement to limit the false data that
+			    "recursive-only no" can introduce into
+			    resolvers' caches
+			 - add a RPZ performance test to bin/tests/system/rpz
+			     when queryperf is available.
+			 - the encoding of PASSTHRU action to "rpz-passthru".
+			     (The old encoding is still accepted.)
+		       [RT #26172]
+
+
+3329.	[bug]		Handle RRSIG signer-name case consistently: We
+			generate RRSIG records with the signer-name in
+			lower case.  We accept them with any case, but if
+			they fail to validate, we try again in lower case.
+			[RT #27451]
+
+3328.	[bug]		Fixed inconsistent data checking in dst_parse.c.
+			[RT #29401]
+
+3317.	[func]		Add ECDSA support (RFC 6605). [RT #21918]
+
 	--- 9.8.3 released ---
 
 3318.	[tuning]	Reduce the amount of work performed while holding a

Modified: vendor/bind9/dist/Makefile.in
==============================================================================
--- vendor/bind9/dist/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/README
==============================================================================
--- vendor/bind9/dist/README	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/README	Wed Dec  5 12:53:50 2012	(r243885)
@@ -51,6 +51,11 @@ BIND 9
         For up-to-date release notes and errata, see
         http://www.isc.org/software/bind9/releasenotes
 
+BIND 9.8.4
+
+        BIND 9.8.4 includes several bug fixes and patches security
+        flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
+
 BIND 9.8.3
 
 	BIND 9.8.3 is a maintenance release.

Modified: vendor/bind9/dist/acconfig.h
==============================================================================
--- vendor/bind9/dist/acconfig.h	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/acconfig.h	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -138,6 +138,9 @@ int sigwait(const unsigned int *set, int
 /* Define if OpenSSL includes DSA support */
 #undef HAVE_OPENSSL_DSA
 
+/* Define if OpenSSL includes ECDSA support */
+#undef HAVE_OPENSSL_ECDSA
+
 /* Define to the length type used by the socket API (socklen_t, size_t, int). */
 #undef ISC_SOCKADDR_LEN_T
 

Modified: vendor/bind9/dist/bin/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/bin/check/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/check/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/check/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/bin/check/check-tool.c
==============================================================================
--- vendor/bind9/dist/bin/check/check-tool.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/check/check-tool.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -639,6 +639,9 @@ dump_zone(const char *zonename, dns_zone
 {
 	isc_result_t result;
 	FILE *output = stdout;
+	const char *flags;
+
+	flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
 
 	if (debug) {
 		if (filename != NULL && strcmp(filename, "-") != 0)
@@ -649,7 +652,7 @@ dump_zone(const char *zonename, dns_zone
 	}
 
 	if (filename != NULL && strcmp(filename, "-") != 0) {
-		result = isc_stdio_open(filename, "w+", &output);
+		result = isc_stdio_open(filename, flags, &output);
 
 		if (result != ISC_R_SUCCESS) {
 			fprintf(stderr, "could not open output "

Modified: vendor/bind9/dist/bin/confgen/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/confgen/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/confgen/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above

Modified: vendor/bind9/dist/bin/confgen/unix/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/confgen/unix/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/confgen/unix/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above

Modified: vendor/bind9/dist/bin/dig/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/dig/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dig/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/bin/dig/nslookup.c
==============================================================================
--- vendor/bind9/dist/bin/dig/nslookup.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dig/nslookup.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -57,6 +57,7 @@ static isc_boolean_t in_use = ISC_FALSE;
 static char defclass[MXRD] = "IN";
 static char deftype[MXRD] = "A";
 static isc_event_t *global_event = NULL;
+static int query_error = 1, print_error = 0;
 
 static char domainopt[DNS_NAME_MAXTEXT];
 
@@ -406,6 +407,9 @@ isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
+	/* I've we've gotten this far, we've reached a server. */
+	query_error = 0;
+
 	debug("printmessage()");
 
 	isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
@@ -433,6 +437,9 @@ printmessage(dig_query_t *query, dns_mes
 		       (msg->rcode != dns_rcode_nxdomain) ? nametext :
 		       query->lookup->textname, rcode_totext(msg->rcode));
 		debug("returning with rcode == 0");
+
+		/* the lookup failed */
+		print_error |= 1;
 		return (ISC_R_SUCCESS);
 	}
 
@@ -887,5 +894,5 @@ main(int argc, char **argv) {
 	destroy_libs();
 	isc_app_finish();
 
-	return (0);
+	return (query_error | print_error);
 }

Modified: vendor/bind9/dist/bin/dnssec/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/dnssec/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007-2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.8
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.8	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.8	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -55,7 +55,7 @@ Use SHA\-256 as the digest algorithm.
 .RS 4
 Select the digest algorithm. The value of
 \fBalgorithm\fR
-must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
+must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
 .RE
 .PP
 \-K \fIdirectory\fR
@@ -139,5 +139,5 @@ RFC 4509.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
 .br

Modified: vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.c
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -296,7 +296,7 @@ usage(void) {
 	fprintf(stderr, "    -K <directory>: directory in which to find "
 			"key file or keyset file\n");
 	fprintf(stderr, "    -a algorithm: digest algorithm "
-			"(SHA-1, SHA-256 or GOST)\n");
+			"(SHA-1, SHA-256, GOST or SHA-384)\n");
 	fprintf(stderr, "    -1: use SHA-1\n");
 	fprintf(stderr, "    -2: use SHA-256\n");
 	fprintf(stderr, "    -l: add lookaside zone and print DLV records\n");
@@ -415,6 +415,9 @@ main(int argc, char **argv) {
 		else if (strcasecmp(algname, "GOST") == 0)
 			dtype = DNS_DSDIGEST_GOST;
 #endif
+		else if (strcasecmp(algname, "SHA384") == 0 ||
+			 strcasecmp(algname, "SHA-384") == 0)
+			dtype = DNS_DSDIGEST_SHA384;
 		else
 			fatal("unknown algorithm %s", algname);
 	}

Modified: vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.docbook
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.docbook	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.docbook	Wed Dec  5 12:53:50 2012	(r243885)
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
                [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2008-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2010, 2012  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -39,6 +39,7 @@
       <year>2008</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2012</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -107,7 +108,8 @@
           <para>
             Select the digest algorithm. The value of
             <option>algorithm</option> must be one of SHA-1 (SHA1),
-            SHA-256 (SHA256) or GOST. These values are case insensitive.
+            SHA-256 (SHA256), GOST or SHA-384 (SHA384).
+            These values are case insensitive.
           </para>
         </listitem>
       </varlistentry>

Modified: vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.html
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.html	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-dsfromkey.html	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -32,14 +32,14 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543465"></a><h2>DESCRIPTION</h2>
+<a name="id2543468"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-dsfromkey</strong></span>
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543477"></a><h2>OPTIONS</h2>
+<a name="id2543480"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-1</span></dt>
 <dd><p>
@@ -54,7 +54,8 @@
 <dd><p>
             Select the digest algorithm. The value of
             <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
-            SHA-256 (SHA256) or GOST. These values are case insensitive.
+            SHA-256 (SHA256), GOST or SHA-384 (SHA384).
+            These values are case insensitive.
           </p></dd>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
@@ -100,7 +101,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543664"></a><h2>EXAMPLE</h2>
+<a name="id2543667"></a><h2>EXAMPLE</h2>
 <p>
       To build the SHA-256 DS RR from the
       <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -115,7 +116,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543693"></a><h2>FILES</h2>
+<a name="id2543697"></a><h2>FILES</h2>
 <p>
       The keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -129,13 +130,13 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543729"></a><h2>CAVEAT</h2>
+<a name="id2543732"></a><h2>CAVEAT</h2>
 <p>
       A keyfile error can give a "file not found" even if the file exists.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543738"></a><h2>SEE ALSO</h2>
+<a name="id2543741"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -145,7 +146,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543778"></a><h2>AUTHOR</h2>
+<a name="id2543781"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.8
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.8	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.8	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -47,7 +47,7 @@ of the key is specified on the command l
 .RS 4
 Selects the cryptographic algorithm. The value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. These values are case insensitive.
 .sp
 If no algorithm is specified, then RSASHA1 will be used by default, unless the
 \fB\-3\fR
@@ -215,5 +215,5 @@ RFC 4034.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
 .br

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.c
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -55,7 +55,8 @@ int verbose;
 
 static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
 			  " NSEC3DSA | NSEC3RSASHA1 |"
-			  " RSASHA256 | RSASHA512 | ECCGOST";
+			  " RSASHA256 | RSASHA512 | ECCGOST |"
+			  " ECDSAP256SHA256 | ECDSAP384SHA384";
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(void) ISC_PLATFORM_NORETURN_POST;
@@ -369,7 +370,8 @@ main(int argc, char **argv) {
 	if (use_nsec3 &&
 	    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
 	    alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
-	    alg != DST_ALG_ECCGOST) {
+	    alg != DST_ALG_ECCGOST &&
+	    alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
 		fatal("%s is incompatible with NSEC3; "
 		      "do not use the -3 option", algname);
 	}

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.docbook
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.docbook	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.docbook	Wed Dec  5 12:53:50 2012	(r243885)
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -40,6 +40,7 @@
       <year>2009</year>
       <year>2010</year>
       <year>2011</year>
+      <year>2012</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -94,7 +95,8 @@
 	  <para>
 	    Selects the cryptographic algorithm.  The value of
             <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+	    ECDSAP256SHA256 or ECDSAP384SHA384.
 	    These values are case insensitive.
 	  </para>
           <para>

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.html
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.html	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.html	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code cl
 ass="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543495"></a><h2>DESCRIPTION</h2>
+<a name="id2543498"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keyfromlabel</strong></span>
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -44,14 +44,15 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543513"></a><h2>OPTIONS</h2>
+<a name="id2543516"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
 	    Selects the cryptographic algorithm.  The value of
             <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+	    ECDSAP256SHA256 or ECDSAP384SHA384.
 	    These values are case insensitive.
 	  </p>
 <p>
@@ -163,7 +164,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543877"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -210,7 +211,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544043"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
 <p>
       When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
       successfully,
@@ -249,7 +250,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544116"></a><h2>SEE ALSO</h2>
+<a name="id2544119"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -257,7 +258,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544149"></a><h2>AUTHOR</h2>
+<a name="id2544152"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keygen.8
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keygen.8	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keygen.8	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -48,7 +48,7 @@ of the key is specified on the command l
 .RS 4
 Selects the cryptographic algorithm. For DNSSEC keys, the value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
 .sp
 If no algorithm is specified, then RSASHA1 will be used by default, unless the
 \fB\-3\fR
@@ -63,7 +63,7 @@ Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 th
 .PP
 \-b \fIkeysize\fR
 .RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. Elliptic curve algorithms don't need this parameter.
 .sp
 The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with
 \fB\-f KSK\fR). However, if an algorithm is explicitly specified with the
@@ -81,7 +81,7 @@ must either be ZONE (for a DNSSEC zone k
 .PP
 \-3
 .RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms are NSEC3\-capable.
+Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384 algorithms are NSEC3\-capable.
 .RE
 .PP
 \-C
@@ -298,7 +298,7 @@ RFC 4034.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keygen.c
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keygen.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keygen.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
  * Portions Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -85,6 +85,7 @@ usage(void) {
 	fprintf(stderr, "        RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
 				" | NSEC3DSA |\n");
 	fprintf(stderr, "        RSASHA256 | RSASHA512 | ECCGOST |\n");
+	fprintf(stderr, "        ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
 	fprintf(stderr, "        DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
 				"HMAC-SHA256 | \n");
 	fprintf(stderr, "        HMAC-SHA384 | HMAC-SHA512\n");
@@ -102,6 +103,8 @@ usage(void) {
 	fprintf(stderr, "        NSEC3DSA:\t[512..1024] and divisible "
 				"by 64\n");
 	fprintf(stderr, "        ECCGOST:\tignored\n");
+	fprintf(stderr, "        ECDSAP256SHA256:\tignored\n");
+	fprintf(stderr, "        ECDSAP384SHA384:\tignored\n");
 	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
 	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
 	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
@@ -549,7 +552,8 @@ main(int argc, char **argv) {
 		if (use_nsec3 &&
 		    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
 		    alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512 &&
-		    alg != DST_ALG_ECCGOST) {
+		    alg != DST_ALG_ECCGOST &&
+		    alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
 			fatal("%s is incompatible with NSEC3; "
 			      "do not use the -3 option", algname);
 		}
@@ -579,9 +583,11 @@ main(int argc, char **argv) {
 					size = 1024;
 				if (verbose > 0)
 					fprintf(stderr, "key size not "
-							"specified; defaulting "
-							"to %d\n", size);
-			} else if (alg != DST_ALG_ECCGOST)
+							"specified; defaulting"
+							" to %d\n", size);
+			} else if (alg != DST_ALG_ECCGOST &&
+				   alg != DST_ALG_ECDSA256 &&
+				   alg != DST_ALG_ECDSA384)
 				fatal("key size not specified (-b option)");
 		}
 
@@ -710,6 +716,8 @@ main(int argc, char **argv) {
 			fatal("invalid DSS key size: %d", size);
 		break;
 	case DST_ALG_ECCGOST:
+	case DST_ALG_ECDSA256:
+	case DST_ALG_ECDSA384:
 		break;
 	case DST_ALG_HMACMD5:
 		options |= DST_TYPE_KEY;
@@ -775,7 +783,8 @@ main(int argc, char **argv) {
 
 	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
 	      alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
-	      alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST) &&
+	      alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
+	      alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
 	    rsa_exp != 0)
 		fatal("specified RSA exponent for a non-RSA key");
 
@@ -849,6 +858,8 @@ main(int argc, char **argv) {
 	case DNS_KEYALG_DSA:
 	case DNS_KEYALG_NSEC3DSA:
 	case DST_ALG_ECCGOST:
+	case DST_ALG_ECDSA256:
+	case DST_ALG_ECDSA384:
 		show_progress = ISC_TRUE;
 		/* fall through */
 

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keygen.docbook
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keygen.docbook	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keygen.docbook	Wed Dec  5 12:53:50 2012	(r243885)
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010, 2012  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -43,6 +43,7 @@
       <year>2008</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2012</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -114,7 +115,8 @@
           <para>
             Selects the cryptographic algorithm.  For DNSSEC keys, the value
             of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+	    ECDSAP256SHA256 or ECDSAP384SHA384.
 	    For TSIG/TKEY, the value must
             be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
             HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
@@ -148,7 +150,8 @@
             between 512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
             bits and an exact multiple of 64.  HMAC keys must be
-            between 1 and 512 bits.
+            between 1 and 512 bits. Elliptic curve algorithms don't need
+            this parameter.
           </para>
           <para>
             The key size does not need to be specified if using a default
@@ -184,7 +187,8 @@
 	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
             If this option is used and no algorithm is explicitly
             set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
+            default. Note that RSASHA256, RSASHA512, ECCGOST,
+	    ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
 	    are NSEC3-capable.
           </para>
         </listitem>

Modified: vendor/bind9/dist/bin/dnssec/dnssec-keygen.html
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-keygen.html	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-keygen.html	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code
  class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="
 option">-z</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543579"></a><h2>DESCRIPTION</h2>
+<a name="id2543582"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -46,14 +46,15 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543597"></a><h2>OPTIONS</h2>
+<a name="id2543601"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
             Selects the cryptographic algorithm.  For DNSSEC keys, the value
             of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+	    ECDSAP256SHA256 or ECDSAP384SHA384.
 	    For TSIG/TKEY, the value must
             be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
             HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
@@ -84,7 +85,8 @@
             between 512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
             bits and an exact multiple of 64.  HMAC keys must be
-            between 1 and 512 bits.
+            between 1 and 512 bits. Elliptic curve algorithms don't need
+            this parameter.
           </p>
 <p>
             The key size does not need to be specified if using a default
@@ -111,7 +113,8 @@
 	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
             If this option is used and no algorithm is explicitly
             set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
+            default. Note that RSASHA256, RSASHA512, ECCGOST,
+	    ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
 	    are NSEC3-capable.
           </p></dd>
 <dt><span class="term">-C</span></dt>
@@ -248,7 +251,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544166"></a><h2>TIMING OPTIONS</h2>
+<a name="id2544169"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -319,7 +322,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544356"></a><h2>GENERATED KEYS</h2>
+<a name="id2544359"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -365,7 +368,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544506"></a><h2>EXAMPLE</h2>
+<a name="id2544441"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -386,7 +389,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544550"></a><h2>SEE ALSO</h2>
+<a name="id2544485"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2539</em>,
@@ -395,7 +398,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544581"></a><h2>AUTHOR</h2>
+<a name="id2544584"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

Modified: vendor/bind9/dist/bin/dnssec/dnssec-settime.c
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-settime.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-settime.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -38,6 +38,7 @@
 
 #include <dns/keyvalues.h>
 #include <dns/result.h>
+#include <dns/log.h>
 
 #include <dst/dst.h>
 
@@ -151,6 +152,7 @@ main(int argc, char **argv) {
 	isc_boolean_t	force = ISC_FALSE;
 	isc_boolean_t   epoch = ISC_FALSE;
 	isc_boolean_t   changed = ISC_FALSE;
+	isc_log_t       *log = NULL;
 
 	if (argc == 1)
 		usage();
@@ -159,6 +161,8 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("Out of memory");
 
+	setup_logging(verbose, mctx, &log);
+
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;
@@ -578,6 +582,7 @@ main(int argc, char **argv) {
 	cleanup_entropy(&ectx);
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
+	cleanup_logging(&log);
 	isc_mem_free(mctx, directory);
 	isc_mem_destroy(&mctx);
 

Modified: vendor/bind9/dist/bin/dnssec/dnssec-signzone.c
==============================================================================
--- vendor/bind9/dist/bin/dnssec/dnssec-signzone.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/dnssec/dnssec-signzone.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -3893,7 +3893,10 @@ main(int argc, char *argv[]) {
 	check_result(result, "isc_file_mktemplate");
 
 	fp = NULL;
-	result = isc_file_openunique(tempfile, &fp);
+	if (outputformat == dns_masterformat_text)
+		result = isc_file_openunique(tempfile, &fp);
+	else
+		result = isc_file_bopenunique(tempfile, &fp);
 	if (result != ISC_R_SUCCESS)
 		fatal("failed to open temporary output file: %s",
 		      isc_result_totext(result));

Modified: vendor/bind9/dist/bin/named/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/named/Makefile.in	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/named/Makefile.in	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/bin/named/builtin.c
==============================================================================
--- vendor/bind9/dist/bin/named/builtin.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/named/builtin.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -99,9 +99,9 @@ static size_t
 dns64_rdata(unsigned char *v, size_t start, unsigned char *rdata) {
 	size_t i, j = 0;
 
-	for (i = 0; i < 4; i++) {
+	for (i = 0; i < 4U; i++) {
 		unsigned char c = v[start++];
-		if (start == 7)
+		if (start == 7U)
 			start++;
 		if (c > 99) {
 			rdata[j++] = 3;
@@ -164,7 +164,7 @@ dns64_cname(const dns_name_t *zone, cons
 	i = (nlen % 4) == 2U ? 1 : 0;
 	j = nlen;
 	memset(v, 0, sizeof(v));
-	while (j != 0) {
+	while (j != 0U) {
 		INSIST((i/2) < sizeof(v));
 		if (ndata[0] != 1)
 			return (ISC_R_NOTFOUND);

Modified: vendor/bind9/dist/bin/named/config.c
==============================================================================
--- vendor/bind9/dist/bin/named/config.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/named/config.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -89,7 +89,7 @@ options {\n\
 #endif
 "\
 	recursive-clients 1000;\n\
-	resolver-query-timeout 30;\n\
+	resolver-query-timeout 10;\n\
 	rrset-order {type NS order random; order cyclic; };\n\
 	serial-queries 20;\n\
 	serial-query-rate 20;\n\

Modified: vendor/bind9/dist/bin/named/controlconf.c
==============================================================================
--- vendor/bind9/dist/bin/named/controlconf.c	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/named/controlconf.c	Wed Dec  5 12:53:50 2012	(r243885)
@@ -373,8 +373,10 @@ control_recvmessage(isc_task_t *task, is
 		if (result == ISC_R_SUCCESS)
 			break;
 		isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
-		log_invalid(&conn->ccmsg, result);
-		goto cleanup;
+		if (result != ISCCC_R_BADAUTH) {
+			log_invalid(&conn->ccmsg, result);
+			goto cleanup;
+		}
 	}
 
 	if (key == NULL) {

Modified: vendor/bind9/dist/bin/named/convertxsl.pl
==============================================================================
--- vendor/bind9/dist/bin/named/convertxsl.pl	Wed Dec  5 12:51:25 2012	(r243884)
+++ vendor/bind9/dist/bin/named/convertxsl.pl	Wed Dec  5 12:53:50 2012	(r243885)
@@ -1,6 +1,6 @@
 #!/usr/bin/env perl
 #
-# Copyright (C) 2006-2008  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2006-2008, 2012  Internet Systems Consortium, Inc. ("ISC")

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212051253.qB5CrpN6056783>