Module Name: src
Committed By: christos
Date: Thu Feb 9 00:23:27 UTC 2017
Modified Files:
src/external/bsd/bind/dist: CHANGES README srcid version
src/external/bsd/bind/dist/bin/named: query.c
src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html
Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html
Bv9ARM.pdf man.arpaname.html man.ddns-confgen.html man.delv.html
man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html
man.dnssec-dsfromkey.html man.dnssec-importkey.html
man.dnssec-keyfromlabel.html man.dnssec-keygen.html
man.dnssec-revoke.html man.dnssec-settime.html
man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html
man.host.html man.isc-hmac-fixup.html man.named-checkconf.html
man.named-checkzone.html man.named-journalprint.html
man.named-rrchecker.html man.named.html man.nsec3hash.html
man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html
man.rndc.html
src/external/bsd/bind/dist/lib/dns: api message.c rdataset.c resolver.c
Log Message:
Merge 9.10.4-P6
4558. [bug] Synthesised CNAME before matching DNAME was still
being cached when it should have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/external/bsd/bind/dist/CHANGES
cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/README
cvs rdiff -u -r1.18 -r1.19 src/external/bsd/bind/dist/srcid
cvs rdiff -u -r1.22 -r1.23 src/external/bsd/bind/dist/version
cvs rdiff -u -r1.22 -r1.23 src/external/bsd/bind/dist/bin/named/query.c
cvs rdiff -u -r1.12 -r1.13 \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \
src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \
src/external/bsd/bind/dist/doc/arm/man.arpaname.html \
src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \
src/external/bsd/bind/dist/doc/arm/man.delv.html \
src/external/bsd/bind/dist/doc/arm/man.dig.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \
src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html \
src/external/bsd/bind/dist/doc/arm/man.genrandom.html \
src/external/bsd/bind/dist/doc/arm/man.host.html \
src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html \
src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \
src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \
src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \
src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html \
src/external/bsd/bind/dist/doc/arm/man.named.html \
src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html \
src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \
src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \
src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \
src/external/bsd/bind/dist/doc/arm/man.rndc.html
cvs rdiff -u -r1.17 -r1.18 src/external/bsd/bind/dist/doc/arm/Bv9ARM.pdf
cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/lib/dns/api
cvs rdiff -u -r1.21 -r1.22 src/external/bsd/bind/dist/lib/dns/message.c
cvs rdiff -u -r1.8 -r1.9 src/external/bsd/bind/dist/lib/dns/rdataset.c
cvs rdiff -u -r1.28 -r1.29 src/external/bsd/bind/dist/lib/dns/resolver.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/bind/dist/CHANGES
diff -u src/external/bsd/bind/dist/CHANGES:1.24 src/external/bsd/bind/dist/CHANGES:1.25
--- src/external/bsd/bind/dist/CHANGES:1.24 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/CHANGES Wed Feb 8 19:23:26 2017
@@ -1,3 +1,11 @@
+ --- 9.10.4-P6 released ---
+
+4558. [bug] Synthesised CNAME before matching DNAME was still
+ being cached when it should have been. [RT #44318]
+
+4557. [security] Combining dns64 and rpz can result in dereferencing
+ a NULL pointer (read). (CVE-2017-3135) [RT#44434]
+
--- 9.10.4-P5 released ---
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
Index: src/external/bsd/bind/dist/README
diff -u src/external/bsd/bind/dist/README:1.12 src/external/bsd/bind/dist/README:1.13
--- src/external/bsd/bind/dist/README:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/README Wed Feb 8 19:23:26 2017
@@ -51,6 +51,12 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.10.4-P6
+
+ This version contains a fix for CVE-2017-3135, and a bug fix
+ for a regression in CNAME/DNAME caching that was introduced
+ in an earlier security release.
+
BIND 9.10.4-P5
This version contains fixes for CVE-2016-9131, CVE-2016-9147,
Index: src/external/bsd/bind/dist/srcid
diff -u src/external/bsd/bind/dist/srcid:1.18 src/external/bsd/bind/dist/srcid:1.19
--- src/external/bsd/bind/dist/srcid:1.18 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/srcid Wed Feb 8 19:23:26 2017
@@ -1 +1 @@
-SRCID=2b12043
+SRCID=a6837d0
Index: src/external/bsd/bind/dist/version
diff -u src/external/bsd/bind/dist/version:1.22 src/external/bsd/bind/dist/version:1.23
--- src/external/bsd/bind/dist/version:1.22 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/version Wed Feb 8 19:23:26 2017
@@ -7,5 +7,5 @@ MAJORVER=9
MINORVER=10
PATCHVER=4
RELEASETYPE=-P
-RELEASEVER=5
+RELEASEVER=6
EXTENSIONS=
Index: src/external/bsd/bind/dist/bin/named/query.c
diff -u src/external/bsd/bind/dist/bin/named/query.c:1.22 src/external/bsd/bind/dist/bin/named/query.c:1.23
--- src/external/bsd/bind/dist/bin/named/query.c:1.22 Thu May 26 12:49:56 2016
+++ src/external/bsd/bind/dist/bin/named/query.c Wed Feb 8 19:23:26 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.22 2016/05/26 16:49:56 christos Exp $ */
+/* $NetBSD: query.c,v 1.23 2017/02/09 00:23:26 christos Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -6245,7 +6245,7 @@ query_find(ns_client_t *client, dns_fetc
dns_rpz_st_t *rpz_st;
isc_boolean_t resuming;
int line = -1;
- isc_boolean_t dns64_exclude, dns64;
+ isc_boolean_t dns64_exclude, dns64, rpz;
isc_boolean_t nxrewrite = ISC_FALSE;
isc_boolean_t redirected = ISC_FALSE;
dns_clientinfomethods_t cm;
@@ -6258,6 +6258,7 @@ query_find(ns_client_t *client, dns_fetc
char mbuf[BUFSIZ];
char qbuf[DNS_NAME_FORMATSIZE];
#endif
+ dns_name_t *rpzqname;
CTRACE(ISC_LOG_DEBUG(3), "query_find");
@@ -6283,7 +6284,7 @@ query_find(ns_client_t *client, dns_fetc
zone = NULL;
need_wildcardproof = ISC_FALSE;
empty_wild = ISC_FALSE;
- dns64_exclude = dns64 = ISC_FALSE;
+ dns64_exclude = dns64 = rpz = ISC_FALSE;
options = 0;
resuming = ISC_FALSE;
is_zone = ISC_FALSE;
@@ -6473,6 +6474,7 @@ query_find(ns_client_t *client, dns_fetc
authoritative = ISC_FALSE;
version = NULL;
need_wildcardproof = ISC_FALSE;
+ rpz = ISC_FALSE;
if (client->view->checknames &&
!dns_rdata_checkowner(client->query.qname,
@@ -6614,11 +6616,29 @@ query_find(ns_client_t *client, dns_fetc
}
/*
- * Now look for an answer in the database.
+ * Now look for an answer in the database. If this is a dns64
+ * AAAA lookup on a rpz database adjust the qname.
*/
- result = dns_db_findext(db, client->query.qname, version, type,
+ if (dns64 && rpz)
+ rpzqname = client->query.rpz_st->p_name;
+ else
+ rpzqname = client->query.qname;
+
+ result = dns_db_findext(db, rpzqname, version, type,
client->query.dboptions, client->now,
&node, fname, &cm, &ci, rdataset, sigrdataset);
+ /*
+ * Fixup fname and sigrdataset.
+ */
+ if (dns64 && rpz) {
+ isc_result_t rresult;
+
+ rresult = dns_name_copy(client->query.qname, fname, NULL);
+ RUNTIME_CHECK(rresult == ISC_R_SUCCESS);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ }
if (!is_zone)
dns_cache_updatestats(client->view->cache, result);
@@ -6848,10 +6868,12 @@ query_find(ns_client_t *client, dns_fetc
case DNS_RPZ_POLICY_NXDOMAIN:
result = DNS_R_NXDOMAIN;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_NODATA:
result = DNS_R_NXRRSET;
nxrewrite = ISC_TRUE;
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_RECORD:
result = rpz_st->m.result;
@@ -6871,6 +6893,7 @@ query_find(ns_client_t *client, dns_fetc
rdataset->ttl = ISC_MIN(rdataset->ttl,
rpz_st->m.ttl);
}
+ rpz = ISC_TRUE;
break;
case DNS_RPZ_POLICY_WILDCNAME:
result = dns_rdataset_first(rdataset);
@@ -6913,7 +6936,6 @@ query_find(ns_client_t *client, dns_fetc
NS_CLIENTATTR_WANTAD);
client->message->flags &= ~DNS_MESSAGEFLAG_AD;
query_putrdataset(client, &sigrdataset);
- rpz_st->q.is_zone = is_zone;
is_zone = ISC_TRUE;
rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
rpz_st->m.type, zone, rpz_st->p_name);
@@ -7297,15 +7319,6 @@ query_find(ns_client_t *client, dns_fetc
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -7620,15 +7633,6 @@ query_find(ns_client_t *client, dns_fetc
sigrdataset = NULL;
fname = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64 = ISC_TRUE;
goto db_find;
}
@@ -8162,15 +8166,6 @@ query_find(ns_client_t *client, dns_fetc
rdataset = NULL;
sigrdataset = NULL;
type = qtype = dns_rdatatype_a;
- rpz_st = client->query.rpz_st;
- if (rpz_st != NULL) {
- /*
- * Arrange for RPZ rewriting of any A records.
- */
- if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
- is_zone = rpz_st->q.is_zone;
- rpz_st_clear(client);
- }
dns64_exclude = dns64 = ISC_TRUE;
goto db_find;
}
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.13
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Wed Feb 8 19:23:26 2017
@@ -2326,6 +2326,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.13
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Wed Feb 8 19:23:26 2017
@@ -12845,6 +12845,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.13
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Wed Feb 8 19:23:27 2017
@@ -248,6 +248,6 @@ zone "example.com" {
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.13
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Wed Feb 8 19:23:27 2017
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.13
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Wed Feb 8 19:23:27 2017
@@ -44,7 +44,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P6</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,8 +68,13 @@
This document summarizes changes since BIND 9.10.4:
</p>
<p>
+ BIND 9.10.4-P6 addresses the security issue described in
+ CVE-2017-3135, and fixes a regression introduced in a prior
+ security release.
+ </p>
+<p>
BIND 9.10.4-P5 addresses the security issues described in
- CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
+ CVE-2016-9131, CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778.
</p>
<p>
BIND 9.10.4-P4 addresses the security issue described in
@@ -107,24 +112,33 @@
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
- Named could mishandle authority sections that were missing
- RRSIGs triggering an assertion failure. This flaw is
- disclosed in CVE-2016-9444. [RT # 43632]
+ If a server is configured with a response policy zone (RPZ)
+ that rewrites an answer with local data, and is also configured
+ for DNS64 address mapping, a NULL pointer can be read
+ triggering a server crash. This flaw is disclosed in
+ CVE-2017-3135. [RT #44434]
+ </p></li>
+<li class="listitem"><p>
+ <span class="command"><strong>named</strong></span> could mishandle authority sections
+ with missing RRSIGs, triggering an assertion failure. This
+ flaw is disclosed in CVE-2016-9444. [RT #43632]
</p></li>
<li class="listitem"><p>
- Named mishandled some responses where covering RRSIG
- records are returned without the requested data
- resulting in a assertion failure. This flaw is disclosed in
- CVE-2016-9147. [RT #43548]
+ <span class="command"><strong>named</strong></span> mishandled some responses where
+ covering RRSIG records were returned without the requested
+ data, resulting in an assertion failure. This flaw is
+ disclosed in CVE-2016-9147. [RT #43548]
</p></li>
<li class="listitem"><p>
- Named incorrectly tried to cache TKEY records which could
- trigger a assertion failure when there was a class mismatch.
- This flaw is disclosed in CVE-2016-9131. [RT #43522]
+ <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
+ records which could trigger an assertion failure when there was
+ a class mismatch. This flaw is disclosed in CVE-2016-9131.
+ [RT #43522]
</p></li>
<li class="listitem"><p>
It was possible to trigger assertions when processing
- a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
+ responses containing answers of type DNAME. This flaw is
+ disclosed in CVE-2016-8864. [RT #43465]
</p></li>
<li class="listitem"><p>
It was possible to trigger a assertion when rendering a
@@ -132,11 +146,13 @@
disclosed in CVE-2016-2776. [RT #43139]
</p></li>
<li class="listitem"><p>
- getrrsetbyname with a non absolute name could trigger an
- infinite recursion bug in lwresd and named with lwres
- configured if when combined with a search list entry the
- resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
+ Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non
+ absolute name could trigger an infinite recursion bug in
+ <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
+ <span class="command"><strong>lwres</strong></span> configured if, when combined with
+ a search list entry from <code class="filename">resolv.conf</code>,
+ the resulting name is too long. This flaw is disclosed in
+ CVE-2016-2775. [RT #42694]
</p></li>
</ul></div>
</div>
@@ -166,8 +182,19 @@
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
+ A synthesized CNAME record appearing in a response before the
+ associated DNAME could be cached, when it should not have been.
+ This was a regression introduced while addressing CVE-2016-8864.
+ [RT #44318]
+ </p></li>
+<li class="listitem"><p>
+ Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
+ Windows builds: some Visual Studio compilers generate code that
+ crashes when the "%z" printf() format specifier is used. [RT #42380]
+ </p></li>
+<li class="listitem"><p>
ECS clients with the option set to 0.0.0.0/0/0 or ::/0/0
- where incorrectly getting a FORMERR response.
+ were incorrectly getting a FORMERR response.
</p></li>
<li class="listitem"><p>
Windows installs were failing due to triggering UAC without
@@ -218,6 +245,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.html
diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.13
--- src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html Wed Feb 8 19:23:27 2017
@@ -40,7 +40,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.4-P5</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.4-P6</p></div>
<div><p class="copyright">Copyright � 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright � 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -239,7 +239,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -385,6 +385,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.arpaname.html
diff -u src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.12 src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.arpaname.html Wed Feb 8 19:23:27 2017
@@ -81,6 +81,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html
diff -u src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.12 src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Wed Feb 8 19:23:27 2017
@@ -185,6 +185,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.delv.html
diff -u src/external/bsd/bind/dist/doc/arm/man.delv.html:1.12 src/external/bsd/bind/dist/doc/arm/man.delv.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.delv.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.delv.html Wed Feb 8 19:23:27 2017
@@ -498,6 +498,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dig.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dig.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dig.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dig.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dig.html Wed Feb 8 19:23:27 2017
@@ -809,6 +809,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html Wed Feb 8 19:23:27 2017
@@ -112,6 +112,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html Wed Feb 8 19:23:27 2017
@@ -219,6 +219,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html Wed Feb 8 19:23:27 2017
@@ -213,6 +213,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html Wed Feb 8 19:23:27 2017
@@ -177,6 +177,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html Wed Feb 8 19:23:27 2017
@@ -381,6 +381,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html Wed Feb 8 19:23:27 2017
@@ -455,6 +455,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html Wed Feb 8 19:23:27 2017
@@ -134,6 +134,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html Wed Feb 8 19:23:27 2017
@@ -264,6 +264,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html Wed Feb 8 19:23:27 2017
@@ -564,6 +564,6 @@ db.example.com.signed
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html
diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html Wed Feb 8 19:23:27 2017
@@ -164,6 +164,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.genrandom.html
diff -u src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.12 src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.genrandom.html Wed Feb 8 19:23:27 2017
@@ -102,6 +102,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.host.html
diff -u src/external/bsd/bind/dist/doc/arm/man.host.html:1.12 src/external/bsd/bind/dist/doc/arm/man.host.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.host.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.host.html Wed Feb 8 19:23:27 2017
@@ -247,6 +247,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html
diff -u src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.12 src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html Wed Feb 8 19:23:27 2017
@@ -112,6 +112,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html Wed Feb 8 19:23:27 2017
@@ -151,6 +151,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html Wed Feb 8 19:23:27 2017
@@ -338,6 +338,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html Wed Feb 8 19:23:27 2017
@@ -102,6 +102,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html Wed Feb 8 19:23:27 2017
@@ -104,6 +104,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.named.html
diff -u src/external/bsd/bind/dist/doc/arm/man.named.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.named.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.named.html Wed Feb 8 19:23:27 2017
@@ -369,6 +369,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html
diff -u src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.12 src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html Wed Feb 8 19:23:27 2017
@@ -103,6 +103,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.nsupdate.html
diff -u src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.12 src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html Wed Feb 8 19:23:27 2017
@@ -663,6 +663,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html
diff -u src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.12 src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html Wed Feb 8 19:23:27 2017
@@ -223,6 +223,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html
diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.12 src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html Wed Feb 8 19:23:27 2017
@@ -246,6 +246,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/man.rndc.html
diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.12 src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.13
--- src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/doc/arm/man.rndc.html Wed Feb 8 19:23:27 2017
@@ -621,6 +621,6 @@
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P6</p>
</body>
</html>
Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.pdf
Binary files are different
Index: src/external/bsd/bind/dist/lib/dns/api
diff -u src/external/bsd/bind/dist/lib/dns/api:1.12 src/external/bsd/bind/dist/lib/dns/api:1.13
--- src/external/bsd/bind/dist/lib/dns/api:1.12 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/lib/dns/api Wed Feb 8 19:23:27 2017
@@ -6,5 +6,5 @@
# 9.9-sub: 130-139, 150-159
# 9.10: 140-149, 160-169
LIBINTERFACE = 165
-LIBREVISION = 4
+LIBREVISION = 5
LIBAGE = 0
Index: src/external/bsd/bind/dist/lib/dns/message.c
diff -u src/external/bsd/bind/dist/lib/dns/message.c:1.21 src/external/bsd/bind/dist/lib/dns/message.c:1.22
--- src/external/bsd/bind/dist/lib/dns/message.c:1.21 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/lib/dns/message.c Wed Feb 8 19:23:27 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: message.c,v 1.21 2017/01/12 08:21:32 spz Exp $ */
+/* $NetBSD: message.c,v 1.22 2017/02/09 00:23:27 christos Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -1221,8 +1221,8 @@ getsection(isc_buffer_t *source, dns_mes
{
isc_region_t r;
unsigned int count, rdatalen;
- dns_name_t *name;
- dns_name_t *name2;
+ dns_name_t *name = NULL;
+ dns_name_t *name2 = NULL;
dns_offsets_t *offsets;
dns_rdataset_t *rdataset = NULL;
dns_rdatalist_t *rdatalist;
@@ -1232,7 +1232,7 @@ getsection(isc_buffer_t *source, dns_mes
dns_rdata_t *rdata;
dns_ttl_t ttl;
dns_namelist_t *section;
- isc_boolean_t free_name, free_rdataset;
+ isc_boolean_t free_name = ISC_FALSE, free_rdataset = ISC_FALSE;
isc_boolean_t preserve_order, best_effort, seen_problem;
isc_boolean_t issigzero;
Index: src/external/bsd/bind/dist/lib/dns/rdataset.c
diff -u src/external/bsd/bind/dist/lib/dns/rdataset.c:1.8 src/external/bsd/bind/dist/lib/dns/rdataset.c:1.9
--- src/external/bsd/bind/dist/lib/dns/rdataset.c:1.8 Wed Jul 8 13:28:59 2015
+++ src/external/bsd/bind/dist/lib/dns/rdataset.c Wed Feb 8 19:23:27 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: rdataset.c,v 1.8 2015/07/08 17:28:59 christos Exp $ */
+/* $NetBSD: rdataset.c,v 1.9 2017/02/09 00:23:27 christos Exp $ */
/*
* Copyright (C) 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
@@ -340,6 +340,7 @@ towiresorted(dns_rdataset_t *rdataset, c
*/
REQUIRE(DNS_RDATASET_VALID(rdataset));
+ REQUIRE(rdataset->methods != NULL);
REQUIRE(countp != NULL);
REQUIRE((order == NULL) == (order_arg == NULL));
REQUIRE(cctx != NULL && cctx->mctx != NULL);
Index: src/external/bsd/bind/dist/lib/dns/resolver.c
diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.28 src/external/bsd/bind/dist/lib/dns/resolver.c:1.29
--- src/external/bsd/bind/dist/lib/dns/resolver.c:1.28 Thu Jan 12 03:21:32 2017
+++ src/external/bsd/bind/dist/lib/dns/resolver.c Wed Feb 8 19:23:27 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: resolver.c,v 1.28 2017/01/12 08:21:32 spz Exp $ */
+/* $NetBSD: resolver.c,v 1.29 2017/02/09 00:23:27 christos Exp $ */
/*
* Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
@@ -6101,9 +6101,13 @@ cname_target(dns_rdataset_t *rdataset, d
return (ISC_R_SUCCESS);
}
+/*%
+ * Construct the synthesised CNAME from the existing QNAME and
+ * the DNAME RR and store it in 'target'.
+ */
static inline isc_result_t
dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
- unsigned int nlabels, dns_fixedname_t *fixeddname)
+ unsigned int nlabels, dns_name_t *target)
{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -6123,14 +6127,33 @@ dname_target(dns_rdataset_t *rdataset, d
dns_fixedname_init(&prefix);
dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
- dns_fixedname_init(fixeddname);
result = dns_name_concatenate(dns_fixedname_name(&prefix),
- &dname.dname,
- dns_fixedname_name(fixeddname), NULL);
+ &dname.dname, target, NULL);
dns_rdata_freestruct(&dname);
return (result);
}
+/*%
+ * Check if it was possible to construct 'qname' from 'lastcname'
+ * and 'rdataset'.
+ */
+static inline isc_result_t
+fromdname(dns_rdataset_t *rdataset, dns_name_t *lastcname,
+ unsigned int nlabels, const dns_name_t *qname)
+{
+ dns_fixedname_t fixed;
+ isc_result_t result;
+ dns_name_t *target;
+
+ dns_fixedname_init(&fixed);
+ target = dns_fixedname_name(&fixed);
+ result = dname_target(rdataset, lastcname, nlabels, target);
+ if (result != ISC_R_SUCCESS || !dns_name_equal(qname, target))
+ return (ISC_R_NOTFOUND);
+
+ return (ISC_R_SUCCESS);
+}
+
static isc_boolean_t
is_answeraddress_allowed(dns_view_t *view, dns_name_t *name,
dns_rdataset_t *rdataset)
@@ -6747,12 +6770,12 @@ answer_response(fetchctx_t *fctx) {
isc_result_t result;
dns_message_t *message;
dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
- dns_name_t *cname = NULL;
+ dns_name_t *cname = NULL, *lastcname = NULL;
dns_rdataset_t *rdataset, *ns_rdataset;
- isc_boolean_t done, external, chaining, aa, found, want_chaining;
+ isc_boolean_t done, external, aa, found, want_chaining;
isc_boolean_t have_answer, found_cname, found_dname, found_type;
isc_boolean_t wanted_chaining;
- unsigned int aflag;
+ unsigned int aflag, chaining;
dns_rdatatype_t type;
dns_fixedname_t fdname, fqname;
dns_view_t *view;
@@ -6770,9 +6793,9 @@ answer_response(fetchctx_t *fctx) {
found_cname = ISC_FALSE;
found_dname = ISC_FALSE;
found_type = ISC_FALSE;
- chaining = ISC_FALSE;
have_answer = ISC_FALSE;
want_chaining = ISC_FALSE;
+ chaining = 0;
POST(want_chaining);
if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
aa = ISC_TRUE;
@@ -6783,14 +6806,15 @@ answer_response(fetchctx_t *fctx) {
view = fctx->res->view;
result = dns_message_firstname(message, DNS_SECTION_ANSWER);
while (!done && result == ISC_R_SUCCESS) {
- dns_namereln_t namereln;
- int order;
- unsigned int nlabels;
+ dns_namereln_t namereln, lastreln;
+ int order, lastorder;
+ unsigned int nlabels, lastnlabels;
name = NULL;
dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
+
if (namereln == dns_namereln_equal) {
wanted_chaining = ISC_FALSE;
for (rdataset = ISC_LIST_HEAD(name->list);
@@ -6896,6 +6920,7 @@ answer_response(fetchctx_t *fctx) {
&fctx->domain)) {
return (DNS_R_SERVFAIL);
}
+ lastcname = name;
} else if (rdataset->type == dns_rdatatype_rrsig
&& rdataset->covers ==
dns_rdatatype_cname
@@ -6919,7 +6944,7 @@ answer_response(fetchctx_t *fctx) {
rdataset->attributes |=
DNS_RDATASETATTR_CACHE;
rdataset->trust = dns_trust_answer;
- if (!chaining) {
+ if (chaining == 0) {
/*
* This data is "the" answer
* to our question only if
@@ -6996,10 +7021,21 @@ answer_response(fetchctx_t *fctx) {
* cause us to ignore the signatures of
* CNAMEs.
*/
- if (wanted_chaining)
- chaining = ISC_TRUE;
+ if (wanted_chaining && chaining < 2U)
+ chaining++;
} else {
dns_rdataset_t *dnameset = NULL;
+ isc_boolean_t synthcname = ISC_FALSE;
+
+ if (lastcname != NULL) {
+ lastreln = dns_name_fullcompare(lastcname,
+ name,
+ &lastorder,
+ &lastnlabels);
+ if (lastreln == dns_namereln_subdomain &&
+ lastnlabels == dns_name_countlabels(name))
+ synthcname = ISC_TRUE;
+ }
/*
* Look for a DNAME (or its SIG). Anything else is
@@ -7028,7 +7064,7 @@ answer_response(fetchctx_t *fctx) {
* If we're not chaining, then the DNAME and
* its signature should not be external.
*/
- if (!chaining && external) {
+ if (chaining == 0 && external) {
char qbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
@@ -7046,16 +7082,9 @@ answer_response(fetchctx_t *fctx) {
/*
* If DNAME + synthetic CNAME then the
* namereln is dns_namereln_subdomain.
- *
- * If synthetic CNAME + DNAME then the
- * namereln is dns_namereln_commonancestor
- * and the number of label must match the
- * DNAME. This order is not RFC compliant.
*/
-
if (namereln != dns_namereln_subdomain &&
- (namereln != dns_namereln_commonancestor ||
- nlabels != dns_name_countlabels(name)))
+ !synthcname)
{
char qbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
@@ -7075,8 +7104,19 @@ answer_response(fetchctx_t *fctx) {
want_chaining = ISC_TRUE;
POST(want_chaining);
aflag = DNS_RDATASETATTR_ANSWER;
- result = dname_target(rdataset, qname,
- nlabels, &fdname);
+ dns_fixedname_init(&fdname);
+ dname = dns_fixedname_name(&fdname);
+ if (synthcname) {
+ result = fromdname(rdataset,
+ lastcname,
+ lastnlabels,
+ qname);
+ } else {
+ result = dname_target(rdataset,
+ qname,
+ nlabels,
+ dname);
+ }
if (result == ISC_R_NOSPACE) {
/*
* We can't construct the
@@ -7090,8 +7130,8 @@ answer_response(fetchctx_t *fctx) {
else
dnameset = rdataset;
- dname = dns_fixedname_name(&fdname);
- if (!is_answertarget_allowed(view,
+ if (!synthcname &&
+ !is_answertarget_allowed(view,
qname, rdataset->type,
dname, &fctx->domain))
{
@@ -7112,7 +7152,13 @@ answer_response(fetchctx_t *fctx) {
name->attributes |= DNS_NAMEATTR_CACHE;
rdataset->attributes |= DNS_RDATASETATTR_CACHE;
rdataset->trust = dns_trust_answer;
- if (!chaining) {
+ /*
+ * If we are not chaining or the first CNAME
+ * is a synthesised CNAME before the DNAME.
+ */
+ if ((chaining == 0) ||
+ (chaining == 1U && synthcname))
+ {
/*
* This data is "the" answer to
* our question only if we're
@@ -7122,9 +7168,12 @@ answer_response(fetchctx_t *fctx) {
if (aflag == DNS_RDATASETATTR_ANSWER) {
have_answer = ISC_TRUE;
found_dname = ISC_TRUE;
- if (cname != NULL)
+ if (cname != NULL &&
+ synthcname)
+ {
cname->attributes &=
~DNS_NAMEATTR_ANSWER;
+ }
name->attributes |=
DNS_NAMEATTR_ANSWER;
}
@@ -7142,26 +7191,35 @@ answer_response(fetchctx_t *fctx) {
* DNAME chaining.
*/
if (dnameset != NULL) {
- /*
- * Copy the dname into the qname fixed name.
- *
- * Although we check for failure of the copy
- * operation, in practice it should never fail
- * since we already know that the result fits
- * in a fixedname.
- */
- dns_fixedname_init(&fqname);
- qname = dns_fixedname_name(&fqname);
- result = dns_name_copy(dname, qname, NULL);
- if (result != ISC_R_SUCCESS)
- return (result);
+ if (!synthcname) {
+ /*
+ * Copy the dname into the qname fixed
+ * name.
+ *
+ * Although we check for failure of the
+ * copy operation, in practice it
+ * should never fail since we already
+ * know that the result fits in a
+ * fixedname.
+ */
+ dns_fixedname_init(&fqname);
+ qname = dns_fixedname_name(&fqname);
+ result = dns_name_copy(dname, qname,
+ NULL);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+ }
wanted_chaining = ISC_TRUE;
name->attributes |= DNS_NAMEATTR_CHAINING;
dnameset->attributes |=
DNS_RDATASETATTR_CHAINING;
}
- if (wanted_chaining)
- chaining = ISC_TRUE;
+ /*
+ * Ensure that we can't ever get chaining == 1
+ * above if we have processed a DNAME.
+ */
+ if (wanted_chaining && chaining < 2U)
+ chaining += 2;
}
result = dns_message_nextname(message, DNS_SECTION_ANSWER);
}
@@ -7186,7 +7244,7 @@ answer_response(fetchctx_t *fctx) {
/*
* Did chaining end before we got the final answer?
*/
- if (chaining) {
+ if (chaining != 0) {
/*
* Yes. This may be a negative reply, so hand off
* authority section processing to the noanswer code.
@@ -7235,7 +7293,7 @@ answer_response(fetchctx_t *fctx) {
DNS_NAMEATTR_CACHE;
rdataset->attributes |=
DNS_RDATASETATTR_CACHE;
- if (aa && !chaining)
+ if (aa && chaining == 0)
rdataset->trust =
dns_trust_authauthority;
else
