From owner-svn-src-all@freebsd.org Wed Jan 20 08:54:39 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EF0AA8948A; Wed, 20 Jan 2016 08:54:39 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 45DBD19FF; Wed, 20 Jan 2016 08:54:39 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u0K8scHg047602; Wed, 20 Jan 2016 08:54:38 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u0K8sZ3B047570; Wed, 20 Jan 2016 08:54:35 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201601200854.u0K8sZ3B047570@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 20 Jan 2016 08:54:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r294405 - in stable/9: contrib/bind9 contrib/bind9/doc/arm contrib/bind9/lib/dns contrib/bind9/lib/dns/rdata/in_1 lib/bind/dns lib/bind/dns/dns X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2016 08:54:39 -0000 Author: delphij Date: Wed Jan 20 08:54:35 2016 New Revision: 294405 URL: https://svnweb.freebsd.org/changeset/base/294405 Log: MFV r294374: BIND 9.9.8-P3. Modified: stable/9/contrib/bind9/CHANGES stable/9/contrib/bind9/README stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html stable/9/contrib/bind9/doc/arm/Bv9ARM.html stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf stable/9/contrib/bind9/doc/arm/man.arpaname.html stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html stable/9/contrib/bind9/doc/arm/man.dig.html stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/9/contrib/bind9/doc/arm/man.dnssec-verify.html stable/9/contrib/bind9/doc/arm/man.genrandom.html stable/9/contrib/bind9/doc/arm/man.host.html stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html stable/9/contrib/bind9/doc/arm/man.named-checkconf.html stable/9/contrib/bind9/doc/arm/man.named-checkzone.html stable/9/contrib/bind9/doc/arm/man.named-journalprint.html stable/9/contrib/bind9/doc/arm/man.named.html stable/9/contrib/bind9/doc/arm/man.nsec3hash.html stable/9/contrib/bind9/doc/arm/man.nsupdate.html stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html stable/9/contrib/bind9/doc/arm/man.rndc.conf.html stable/9/contrib/bind9/doc/arm/man.rndc.html stable/9/contrib/bind9/doc/arm/notes.html stable/9/contrib/bind9/doc/arm/notes.pdf stable/9/contrib/bind9/doc/arm/notes.xml stable/9/contrib/bind9/lib/dns/api stable/9/contrib/bind9/lib/dns/rdata/in_1/apl_42.c stable/9/contrib/bind9/lib/dns/resolver.c stable/9/contrib/bind9/version stable/9/lib/bind/dns/code.h stable/9/lib/bind/dns/dns/enumclass.h stable/9/lib/bind/dns/dns/enumtype.h stable/9/lib/bind/dns/dns/rdatastruct.h Directory Properties: stable/9/contrib/bind9/ (props changed) Modified: stable/9/contrib/bind9/CHANGES ============================================================================== --- stable/9/contrib/bind9/CHANGES Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/CHANGES Wed Jan 20 08:54:35 2016 (r294405) @@ -1,3 +1,12 @@ + --- 9.9.8-P3 released --- + +4288. [bug] Fixed a regression in resolver.c:possibly_mark() + which caused known-bogus servers to be queried + anyway. [RT #41321] + +4285. [security] Specific APL data could trigger a INSIST. + (CVE-2015-8704) [RT #41396] + --- 9.9.8-P2 released --- 4270. [security] Update allowed OpenSSL versions as named is Modified: stable/9/contrib/bind9/README ============================================================================== --- stable/9/contrib/bind9/README Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/README Wed Jan 20 08:54:35 2016 (r294405) @@ -51,6 +51,12 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.9.8-P3 + + BIND 9.9.8-P3 is a security release addressing the flaw described in + CVE-2015-8704. It also fixes a serious regression in authoritative + server selection that was introduced in 9.9.8. + BIND 9.9.8-P2 BIND 9.9.8-P2 is a security release addressing the flaws Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch01.html Wed Jan 20 08:54:35 2016 (r294405) @@ -556,6 +556,6 @@ -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch02.html Wed Jan 20 08:54:35 2016 (r294405) @@ -154,6 +154,6 @@ -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html Wed Jan 20 08:54:35 2016 (r294405) @@ -665,6 +665,6 @@ controls { -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html Wed Jan 20 08:54:35 2016 (r294405) @@ -1935,6 +1935,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html Wed Jan 20 08:54:35 2016 (r294405) @@ -139,6 +139,6 @@ -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html Wed Jan 20 08:54:35 2016 (r294405) @@ -12177,6 +12177,6 @@ HOST-127.EXAMPLE. MX 0 . -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html Wed Jan 20 08:54:35 2016 (r294405) @@ -247,6 +247,6 @@ zone "example.com" { -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html Wed Jan 20 08:54:35 2016 (r294405) @@ -135,6 +135,6 @@ -

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html Wed Jan 20 08:54:35 2016 (r294405) @@ -45,7 +45,7 @@

Table of Contents

-
Release Notes for BIND Version 9.9.8-P2
+
Release Notes for BIND Version 9.9.8-P3
Introduction
Download
@@ -60,7 +60,7 @@

-Release Notes for BIND Version 9.9.8-P2

+Release Notes for BIND Version 9.9.8-P3

Introduction

@@ -68,6 +68,11 @@ This document summarizes changes since BIND 9.9.8:

+ BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704. + It also fixes a serious regression in authoritative server selection + that was introduced in 9.9.8. +

+

BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193 (OpenSSL), CVE-2015-8000 and CVE-2015-8461.

@@ -91,13 +96,13 @@ Security Fixes

  • - Named is potentially vulnerable to the OpenSSL vulnerabilty - described in CVE-2015-3193. + Specific APL data could trigger an INSIST. This flaw + was discovered by Brian Mitchell and is disclosed in + CVE-2015-8704. [RT #41396]

  • - Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] + Named is potentially vulnerable to the OpenSSL vulnerabilty + described in CVE-2015-3193.

  • Insufficient testing when parsing a message allowed @@ -106,6 +111,11 @@ were subsequently cached. This flaw is disclosed in CVE-2015-8000. [RT #40987]

    • +

  • + Incorrect reference counting could result in an INSIST + failure if a socket error occurred while performing a + lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] +

@@ -123,7 +133,11 @@

Bug Fixes

-

  • None

+

  • + Authoritative servers that were marked as bogus (e.g. blackholed + in configuration or with invalid addresses) were being queried + anyway. [RT #41321] +

@@ -163,6 +177,6 @@

-

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch10.html Wed Jan 20 08:54:35 2016 (r294405) @@ -163,6 +163,6 @@
-

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch11.html Wed Jan 20 08:54:35 2016 (r294405) @@ -514,6 +514,6 @@
-

BIND 9.9.8-P2 (Extended Support Version)

+

BIND 9.9.8-P3 (Extended Support Version)

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html ============================================================================== --- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html Wed Jan 20 08:28:32 2016 (r294404) +++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch12.html Wed Jan 20 08:54:35 2016 (r294405) @@ -47,13 +47,13 @@
BIND 9 DNS Library Support
-
Prerequisite
-
Compilation
-
Installation
-
Known Defects/Restrictions
-
The dns.conf File
-
Sample Applications
-
Library References
+
Prerequisite
+
Compilation
+
Installation
+
Known Defects/Restrictions
+
The dns.conf File
+
Sample Applications
+
Library References
@@ -89,7 +89,7 @@

-Prerequisite

+Prerequisite

GNU make is required to build the export libraries (other part of BIND 9 can still be built with other types of make). In the reminder of this document, "make" means GNU make. Note that @@ -98,7 +98,7 @@

-Compilation

+Compilation
 $ ./configure --enable-exportlib [other flags]
 $ make
@@ -113,7 +113,7 @@ $ make
 

 

-Installation

+Installation

 
 $ cd lib/export
 $ make install
@@ -135,7 +135,7 @@ $ make i
 
 

 

-Known Defects/Restrictions

+Known Defects/Restrictions

 
    
 
  • Currently, win32 is not supported for the export
       library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ make
 
    
 
    
-The dns.conf File
    
+The dns.conf File

 
The IRS library supports an "advanced" configuration file
   related to the DNS library for configuration parameters that
   would be beyond the capability of the
@@ -193,14 +193,14 @@ $ make
 

 

-Sample Applications

+Sample Applications

 
Some sample application programs using this API are
   provided for reference. The following is a brief description of
   these applications.
   

 

 

-sample: a simple stub resolver utility

+sample: a simple stub resolver utility

 

   It sends a query of a given name (of a given optional RR type) to a
   specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ make
 

 

-sample-async: a simple stub resolver, working asynchronously

+sample-async: a simple stub resolver, working asynchronously

 

   Similar to "sample", but accepts a list
   of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ make
 

 

-sample-request: a simple DNS transaction client

+sample-request: a simple DNS transaction client

 

   It sends a query to a specified server, and
   prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ make
 

 

-sample-gai: getaddrinfo() and getnameinfo() test code

+sample-gai: getaddrinfo() and getnameinfo() test code

 

   This is a test program
   to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ make
 

 

-sample-update: a simple dynamic update client program

+sample-update: a simple dynamic update client program

 

   It accepts a single update command as a
   command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ sample
 
 

 

-nsprobe: domain/name server checker in terms of RFC 4074

+nsprobe: domain/name server checker in terms of RFC 4074

 

   It checks a set
   of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ sample
 
 

 

-Library References

+Library References

 
As of this writing, there is no formal "manual" of the
   libraries, except this document, header files (some of them
   provide pretty detailed explanations), and sample application
@@ -540,6 +540,6 @@ $ sample
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/Bv9ARM.ch13.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -140,6 +140,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/Bv9ARM.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/Bv9ARM.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -41,7 +41,7 @@
 

 

 BIND 9 Administrator Reference Manual

-
BIND Version 9.9.8-P2

+
BIND Version 9.9.8-P3

 
Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")

 
Copyright © 2000-2003 Internet Software Consortium.

 

@@ -234,7 +234,7 @@
 
 
A. Release Notes

 

-
Release Notes for BIND Version 9.9.8-P2

+
Release Notes for BIND Version 9.9.8-P3

 

 
Introduction

 
Download

@@ -262,13 +262,13 @@
 

 
BIND 9 DNS Library Support

 

-
Prerequisite

-
Compilation

-
Installation

-
Known Defects/Restrictions

-
The dns.conf File

-
Sample Applications

-
Library References

+
Prerequisite

+
Compilation

+
Installation

+
Known Defects/Restrictions

+
The dns.conf File

+
Sample Applications

+
Library References

 

 

 
I. Manual pages

@@ -365,6 +365,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf
==============================================================================
Binary file (source and/or target). No diff available.

Modified: stable/9/contrib/bind9/doc/arm/man.arpaname.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.arpaname.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.arpaname.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,20 +50,20 @@
 
arpaname  {ipaddress ...}

 
 

-
DESCRIPTION

+
DESCRIPTION

 

       arpaname translates IP addresses (IPv4 and
       IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
     

 

 

-
SEE ALSO

+
SEE ALSO

 

       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -87,6 +87,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@
 
ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -77,7 +77,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -144,7 +144,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
nsupdate(1),
       named.conf(5),
       named(8),
@@ -152,7 +152,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -176,6 +176,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dig.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dig.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dig.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -99,7 +99,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -152,7 +152,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -280,7 +280,7 @@
 

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -649,7 +649,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -695,7 +695,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -709,14 +709,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -724,7 +724,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

@@ -747,6 +747,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
 
 
 

-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -51,7 +51,7 @@
 
dnssec-dsfromkey  [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-checkds
       verifies the correctness of Delegation Signer (DS) or DNSSEC
       Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f file

 

@@ -88,14 +88,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-dsfromkey(8),
       dnssec-keygen(8),
       dnssec-signzone(8),
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -118,6 +118,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@
 
dnssec-coverage  [-K directory] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [zone]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-coverage
       verifies that the DNSSEC keys for a given zone or a set of zones
       have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f file

 

@@ -168,7 +168,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 

       dnssec-checkds(8),
       dnssec-dsfromkey(8),
@@ -177,7 +177,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -201,6 +201,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -52,14 +52,14 @@
 
dnssec-dsfromkey  [-h] [-V]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-1

 

@@ -150,7 +150,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -165,7 +165,7 @@
     

 

 

-
FILES

+
FILES

 

       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -179,13 +179,13 @@
     

 

 

-
CAVEAT

+
CAVEAT

 

       A keyfile error can give a "file not found" even if the file exists.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -195,7 +195,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -219,6 +219,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-V] [-y] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       generates a key pair of files that referencing a key object stored
       in a cryptographic hardware service module (HSM).  The private key
@@ -66,7 +66,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -209,7 +209,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -281,7 +281,7 @@
 

 
 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -320,7 +320,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -328,7 +328,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -352,6 +352,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@
 
dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v 
 level] [-V] [-z] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -280,7 +280,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -354,7 +354,7 @@
 

 
 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -400,7 +400,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -421,7 +421,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -430,7 +430,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -454,6 +454,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@
 
dnssec-revoke  [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -100,14 +100,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -131,6 +131,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@
 
dnssec-settime  [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-V] [-v level] [-E engine] {keyfile}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -76,7 +76,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f

 

@@ -124,7 +124,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -203,7 +203,7 @@
 

 
 

-
PRINTING OPTIONS

+
PRINTING OPTIONS

 

       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -229,7 +229,7 @@
 

 
 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -237,7 +237,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -261,6 +261,6 @@
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+
BIND 9.9.8-P3 (Extended Support Version)

 
 

Modified: stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html
==============================================================================
--- stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html	Wed Jan 20 08:28:32 2016	(r294404)
+++ stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html	Wed Jan 20 08:54:35 2016	(r294405)
@@ -50,7 +50,7 @@

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***