summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES154
-rw-r--r--COPYRIGHT4
-rw-r--r--FAQ76
-rw-r--r--FAQ.xml113
-rw-r--r--README9
-rw-r--r--bin/check/named-checkconf.826
-rw-r--r--bin/check/named-checkconf.docbook14
-rw-r--r--bin/check/named-checkconf.html21
-rw-r--r--bin/check/named-checkzone.840
-rw-r--r--bin/check/named-checkzone.docbook12
-rw-r--r--bin/check/named-checkzone.html19
-rw-r--r--bin/dig/dig.1179
-rw-r--r--bin/dig/dig.c115
-rw-r--r--bin/dig/dig.docbook37
-rw-r--r--bin/dig/dig.html50
-rw-r--r--bin/dig/dighost.c70
-rw-r--r--bin/dig/host.115
-rw-r--r--bin/dig/host.c10
-rw-r--r--bin/dig/host.docbook13
-rw-r--r--bin/dig/host.html18
-rw-r--r--bin/dig/include/dig/dig.h9
-rw-r--r--bin/dig/nslookup.1141
-rw-r--r--bin/dig/nslookup.c9
-rw-r--r--bin/dig/nslookup.docbook21
-rw-r--r--bin/dig/nslookup.html32
-rw-r--r--bin/dnssec/dnssec-keygen.875
-rw-r--r--bin/dnssec/dnssec-keygen.c6
-rw-r--r--bin/dnssec/dnssec-keygen.docbook17
-rw-r--r--bin/dnssec/dnssec-keygen.html28
-rw-r--r--bin/dnssec/dnssec-makekeyset.843
-rw-r--r--bin/dnssec/dnssec-makekeyset.html16
-rw-r--r--bin/dnssec/dnssec-signkey.847
-rw-r--r--bin/dnssec/dnssec-signkey.html16
-rw-r--r--bin/dnssec/dnssec-signzone.881
-rw-r--r--bin/dnssec/dnssec-signzone.docbook21
-rw-r--r--bin/dnssec/dnssec-signzone.html30
-rw-r--r--bin/named/client.c17
-rw-r--r--bin/named/controlconf.c7
-rw-r--r--bin/named/lwdgrbn.c4
-rw-r--r--bin/named/lwresd.893
-rw-r--r--bin/named/lwresd.docbook80
-rw-r--r--bin/named/lwresd.html73
-rw-r--r--bin/named/named.883
-rw-r--r--bin/named/named.conf.532
-rw-r--r--bin/named/named.conf.docbook38
-rw-r--r--bin/named/named.conf.html43
-rw-r--r--bin/named/named.docbook27
-rw-r--r--bin/named/named.html34
-rw-r--r--bin/named/query.c32
-rw-r--r--bin/named/server.c30
-rw-r--r--bin/nsupdate/nsupdate.8121
-rw-r--r--bin/nsupdate/nsupdate.c73
-rw-r--r--bin/nsupdate/nsupdate.docbook50
-rw-r--r--bin/nsupdate/nsupdate.html89
-rw-r--r--bin/rndc/Makefile.in6
-rw-r--r--bin/rndc/rndc-confgen.851
-rw-r--r--bin/rndc/rndc-confgen.docbook9
-rw-r--r--bin/rndc/rndc-confgen.html18
-rw-r--r--bin/rndc/rndc.852
-rw-r--r--bin/rndc/rndc.conf.515
-rw-r--r--bin/rndc/rndc.conf.docbook11
-rw-r--r--bin/rndc/rndc.conf.html20
-rw-r--r--bin/rndc/rndc.docbook36
-rw-r--r--bin/rndc/rndc.html45
-rw-r--r--bin/tests/journalprint.c6
-rw-r--r--bin/tests/names/dns_name_fromwire_8_data4
-rw-r--r--bin/tests/names/dns_name_fromwire_9_data30
-rw-r--r--bin/tests/names/t_names.c13
-rw-r--r--bin/tests/names/wire_test9.data13
-rw-r--r--bin/tests/system/start.sh6
-rw-r--r--bin/tests/system/stop.sh6
-rw-r--r--bin/win32/BINDInstall/BINDInstall.dsp8
-rw-r--r--bin/win32/BINDInstall/BINDInstall.mak12
-rw-r--r--bin/win32/BINDInstall/BINDInstallDlg.cpp30
-rw-r--r--config.h.in11
-rwxr-xr-xconfigure353
-rw-r--r--configure.in14
-rw-r--r--contrib/dbus/dbus_mgr.c15
-rw-r--r--contrib/dbus/dbus_service.c73
-rw-r--r--contrib/dbus/dbus_service.h5
-rw-r--r--contrib/idn/idnkit-1.0-src/patch/bind9/bind-9.2.9-patch1265
-rw-r--r--contrib/sdb/sqlite/README.sdb_sqlite67
-rw-r--r--contrib/sdb/sqlite/sqlitedb.c324
-rw-r--r--contrib/sdb/sqlite/sqlitedb.h25
-rw-r--r--contrib/sdb/sqlite/zone2sqlite.c301
-rw-r--r--contrib/sdb/tcl/tcldb.c6
-rw-r--r--doc/arm/Bv9ARM-book.xml97
-rw-r--r--doc/arm/Bv9ARM.ch01.html62
-rw-r--r--doc/arm/Bv9ARM.ch02.html28
-rw-r--r--doc/arm/Bv9ARM.ch03.html35
-rw-r--r--doc/arm/Bv9ARM.ch04.html88
-rw-r--r--doc/arm/Bv9ARM.ch05.html10
-rw-r--r--doc/arm/Bv9ARM.ch06.html166
-rw-r--r--doc/arm/Bv9ARM.ch07.html20
-rw-r--r--doc/arm/Bv9ARM.ch08.html32
-rw-r--r--doc/arm/Bv9ARM.ch09.html133
-rw-r--r--doc/arm/Bv9ARM.html159
-rwxr-xr-xdoc/arm/Bv9ARM.pdf8193
-rw-r--r--doc/arm/Makefile.in16
-rw-r--r--doc/misc/Makefile.in23
-rw-r--r--doc/rfc/index11
-rw-r--r--doc/rfc/rfc4193.txt899
-rw-r--r--doc/rfc/rfc4255.txt507
-rw-r--r--doc/rfc/rfc4343.txt563
-rw-r--r--doc/rfc/rfc4367.txt955
-rw-r--r--doc/rfc/rfc4398.txt955
-rw-r--r--doc/rfc/rfc4408.txt2691
-rw-r--r--doc/rfc/rfc4431.txt227
-rw-r--r--doc/rfc/rfc4470.txt451
-rw-r--r--doc/rfc/rfc4634.txt6051
-rw-r--r--doc/rfc/rfc4641.txt1963
-rw-r--r--doc/xsl/isc-manpage.xsl.in5
-rw-r--r--lib/bind/api2
-rw-r--r--lib/bind/config.h.in3
-rwxr-xr-xlib/bind/configure411
-rw-r--r--lib/bind/configure.in47
-rw-r--r--lib/bind/dst/hmac_link.c22
-rw-r--r--lib/bind/irs/dns_ho.c6
-rw-r--r--lib/bind/irs/gai_strerror.c4
-rw-r--r--lib/bind/irs/irp_ng.c6
-rw-r--r--lib/bind/irs/irs_data.c6
-rw-r--r--lib/bind/isc/ctl_clnt.c15
-rw-r--r--lib/bind/isc/ctl_srvr.c6
-rw-r--r--lib/bind/make/rules.in6
-rw-r--r--lib/bind/port/aix5/include/sys/cdefs.h10
-rw-r--r--lib/bind/port/sunos/include/paths.h20
-rw-r--r--lib/bind/port_before.h.in10
-rw-r--r--lib/bind/resolv/res_init.c41
-rw-r--r--lib/dns/adb.c6
-rw-r--r--lib/dns/api2
-rw-r--r--lib/dns/dispatch.c511
-rw-r--r--lib/dns/include/dns/db.h6
-rw-r--r--lib/dns/include/dns/dispatch.h11
-rw-r--r--lib/dns/include/dns/validator.h4
-rw-r--r--lib/dns/lookup.c30
-rw-r--r--lib/dns/master.c12
-rw-r--r--lib/dns/message.c14
-rw-r--r--lib/dns/name.c20
-rw-r--r--lib/dns/openssldh_link.c97
-rw-r--r--lib/dns/openssldsa_link.c101
-rw-r--r--lib/dns/rbtdb.c12
-rw-r--r--lib/dns/resolver.c35
-rw-r--r--lib/dns/sdb.c7
-rw-r--r--lib/dns/validator.c4
-rw-r--r--lib/dns/view.c5
-rw-r--r--lib/dns/win32/DLLMain.c6
-rw-r--r--lib/dns/win32/libdns.def1429
-rw-r--r--lib/dns/xfrin.c14
-rw-r--r--lib/dns/zone.c112
-rw-r--r--lib/isc/api2
-rw-r--r--lib/isc/mem.c22
-rw-r--r--lib/isc/unix/entropy.c7
-rw-r--r--lib/isc/unix/socket.c63
-rw-r--r--lib/isc/win32/DLLMain.c8
-rw-r--r--lib/isc/win32/condition.c140
-rw-r--r--lib/isc/win32/include/isc/condition.h15
-rw-r--r--lib/isc/win32/include/isc/ipv6.h6
-rw-r--r--lib/isc/win32/interfaceiter.c8
-rw-r--r--lib/isc/win32/net.c7
-rw-r--r--lib/isc/win32/ntpaths.c7
-rw-r--r--lib/isc/win32/once.c9
-rw-r--r--lib/isc/win32/socket.c43
-rw-r--r--lib/isccc/api2
-rw-r--r--lib/isccc/cc.c19
-rw-r--r--lib/isccc/win32/DLLMain.c6
-rw-r--r--lib/isccfg/win32/DLLMain.c6
-rw-r--r--lib/lwres/context.c26
-rw-r--r--lib/lwres/getipnode.c14
-rw-r--r--lib/lwres/man/lwres.311
-rw-r--r--lib/lwres/man/lwres.docbook9
-rw-r--r--lib/lwres/man/lwres.html18
-rw-r--r--lib/lwres/man/lwres_buffer.313
-rw-r--r--lib/lwres/man/lwres_buffer.docbook9
-rw-r--r--lib/lwres/man/lwres_buffer.html132
-rw-r--r--lib/lwres/man/lwres_config.311
-rw-r--r--lib/lwres/man/lwres_config.docbook9
-rw-r--r--lib/lwres/man/lwres_config.html62
-rw-r--r--lib/lwres/man/lwres_context.311
-rw-r--r--lib/lwres/man/lwres_context.docbook9
-rw-r--r--lib/lwres/man/lwres_context.html63
-rw-r--r--lib/lwres/man/lwres_gabn.313
-rw-r--r--lib/lwres/man/lwres_gabn.docbook9
-rw-r--r--lib/lwres/man/lwres_gabn.html44
-rw-r--r--lib/lwres/man/lwres_gai_strerror.355
-rw-r--r--lib/lwres/man/lwres_gai_strerror.docbook9
-rw-r--r--lib/lwres/man/lwres_gai_strerror.html21
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.329
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.docbook9
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.html31
-rw-r--r--lib/lwres/man/lwres_gethostent.349
-rw-r--r--lib/lwres/man/lwres_gethostent.docbook9
-rw-r--r--lib/lwres/man/lwres_gethostent.html98
-rw-r--r--lib/lwres/man/lwres_getipnode.365
-rw-r--r--lib/lwres/man/lwres_getipnode.docbook9
-rw-r--r--lib/lwres/man/lwres_getipnode.html36
-rw-r--r--lib/lwres/man/lwres_getnameinfo.331
-rw-r--r--lib/lwres/man/lwres_getnameinfo.docbook9
-rw-r--r--lib/lwres/man/lwres_getnameinfo.html21
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.337
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.docbook9
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.html31
-rw-r--r--lib/lwres/man/lwres_gnba.313
-rw-r--r--lib/lwres/man/lwres_gnba.docbook9
-rw-r--r--lib/lwres/man/lwres_gnba.html53
-rw-r--r--lib/lwres/man/lwres_hstrerror.331
-rw-r--r--lib/lwres/man/lwres_hstrerror.docbook9
-rw-r--r--lib/lwres/man/lwres_hstrerror.html32
-rw-r--r--lib/lwres/man/lwres_inetntop.311
-rw-r--r--lib/lwres/man/lwres_inetntop.docbook9
-rw-r--r--lib/lwres/man/lwres_inetntop.html19
-rw-r--r--lib/lwres/man/lwres_noop.313
-rw-r--r--lib/lwres/man/lwres_noop.docbook9
-rw-r--r--lib/lwres/man/lwres_noop.html44
-rw-r--r--lib/lwres/man/lwres_packet.361
-rw-r--r--lib/lwres/man/lwres_packet.docbook9
-rw-r--r--lib/lwres/man/lwres_packet.html22
-rw-r--r--lib/lwres/man/lwres_resutil.313
-rw-r--r--lib/lwres/man/lwres_resutil.docbook9
-rw-r--r--lib/lwres/man/lwres_resutil.html34
-rw-r--r--lib/lwres/win32/DLLMain.c6
-rw-r--r--lib/lwres/win32/include/lwres/platform.h11
-rw-r--r--lib/lwres/win32/liblwres.dsp4
-rw-r--r--lib/lwres/win32/liblwres.mak24
-rw-r--r--lib/lwres/win32/socket.c41
-rw-r--r--make/rules.in6
-rw-r--r--version8
-rw-r--r--win32utils/BuildAll.bat9
-rw-r--r--win32utils/BuildOpenSSL.bat26
-rw-r--r--win32utils/BuildSetup.bat60
-rw-r--r--win32utils/readme1st.txt17
-rw-r--r--win32utils/updateopenssl.pl6
231 files changed, 26861 insertions, 7904 deletions
diff --git a/CHANGES b/CHANGES
index 780a46e7..b46b6cdf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,7 +1,155 @@
+ --- 9.2.9b1 released ---
+
+2208. [port] win32: make sure both build methods produce the
+ same output. [RT #17058]
+
+2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
+
+2203. [security] Query id generation was cryptographically weak.
+ [RT # 16915]
+
+2199. [bug] win32: don't call WSAStartup() while loading dlls.
+ [RT #16911]
+
+2198. [bug] win32: RegCloseKey() could be called when
+ RegOpenKeyEx() failed. [RT #16911]
+
+2197. [bug] Add INSIST to catch negative responses which are
+ not setting the event result code appropriately.
+ [RT #16909]
+
+2196. [port] win32: yield processor while waiting for once to
+ to complete. [RT #16958]
+
+2194. [bug] Close journal before calling 'done' in xfrin.c.
+
+2193. [port] win32: BINDInstall.exe is now linked statically.
+ [RT #16906]
+
+2192. [port] win32: use vcredist_x86.exe to install Visual
+ Studio's redistributable dlls if building with
+ Visual Stdio 2005 or later.
+
+2189. [bug] Handle socket() returning EINTR. [RT #15949]
+
+2186. [port] cygwin: libbind: check for struct sockaddr_storage
+ independently of IPv6. [RT #16482]
+
+2185. [port] sunos: libbind: check for ssize_t, memmove() and
+ memchr(). [RT #16463]
+
+2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
+ could return ISC_R_SUCCESS when they ran out of
+ memory. [RT #16365]
+
+2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
+
+2177. [bug] Array bounds overrun on read (rcodetext). [RT #16798]
+
+2176. [contrib] dbus update to handle race condition during
+ initialisation (Bugzilla 235809). [RT #16842]
+
+2175. [bug] win32: windows broadcast condition variable support
+ was broken. [RT #16592]
+
+2174. [bug] I/O errors should always be fatal when reading
+ master files. [RT #16825]
+
+2173. [port] win32: When compiling with MSVS 2005 SP1 we also
+ need to ship Microsoft.VC80.MFCLOC.
+
+2172. [bug] query_addsoa() was being called with a non zone db.
+ [RT #16834]
+
+2169. [bug] host, nslookup: when reporting NXDOMAIN report the
+ given name and not the last name searched for.
+ [RT #16763]
+
+2168. [bug] nsupdate: in non-interactive mode treat syntax errors
+ as fatal errors. [RT #16785]
+
+2166. [bug] When running in batch mode, dig could misinterpret
+ a server address as a name to be looked up, causing
+ unexpected output. [RT #16743]
+
+2161. [bug] 'rndc flush' could report a false success. [RT #16698]
+
+2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
+ resolver.c:validated() and resolver.c:cache_name().
+ Make lookup.c:lookup_find() robust against
+ event leaks. [RT #16685]
+
+2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
+ [RT #16694]
+
+2151. [bug] Missing newline in usage message for journalprint.
+ [RT #16679]
+
+2147. [bug] libbind: remove potential buffer overflow from
+ hmac_link.c. [RT #16437]
+
+2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
+ SO_BSDCOMPAT" message. [RT #16641]
+
+2143. [bug] We failed to restart the IPv6 client when the
+ kernel failed to return the destination the
+ packet was sent to. [RT #16613]
+
+2142. [bug] Handle master files with a modification time that
+ matches the epoch. [RT# 16612]
+
+2140. [bug] libbind: missing unlock on pthread_key_create()
+ failures. [RT #16654]
+
+2139. [bug] dns_view_find() was being called with wrong type
+ in adb.c. [RT #16670]
+
+2136. [bug] nslookup/host looped if there was no search list
+ and the host didn't exist. [RT #16657]
+
+2132. [bug] Missing unlock on out of memory in
+ dns_dispatchmgr_setudp().
+
+2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
+
+2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
+
+2120. [doc] Fix markup on nsupdate man page. [RT #16556]
+
+2119. [compat] libbind: allow res_init() to succeed enough to
+ return the default domain even if it was unable
+ to allocate memory.
+
+2118. [bug] Handle response with long chains of domain name
+ compression pointers which point to other compression
+ pointers. [RT #16427]
+
+2116. [bug] 'rndc reload' could cause the cache to continually
+ be cleaned. [RT #16401]
+
+2115. [bug] 'rndc reconfig' could trigger a INSIST if the
+ number of masters for a zone was reduced. [RT #16444]
+
+2114. [bug] dig/host/nslookup: searches for names with multiple
+ labels were failing. [RT #16447]
+
+2113. [bug] nsupdate: if a zone is specified it should be used
+ for server discover. [RT# 16455]
+
+2112. [security] Warn if weak RSA exponent is used. [RT #16460]
+
+2111. [bug] Fix a number of errors reported by Coverity.
+ [RT #16507]
+
+2110. [bug] "minimal-response yes;" interacted badly with BIND 8
+ priming queries. [RT #16491]
+
+2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
+
--- 9.2.8 released ---
-2126. [securityt] Serialise validation of type ANY responses. [RT #16555]
+2126. [security] Serialise validation of type ANY responses. [RT #16555]
--- 9.2.7 released ---
@@ -194,7 +342,7 @@
hex strings with comments. [RT #15814]
1974. [doc] List each of the zone types and associated zone
- options seperately in the ARM.
+ options separately in the ARM.
1972. [contrib] DBUS dynamic forwarders integation from
Jason Vas Dias <jvdias@redhat.com>.
@@ -4711,7 +4859,7 @@
and has been removed.
170. [cleanup] Remove inter server consistancy checks from zone,
- these should return as a seperate module in 9.1.
+ these should return as a separate module in 9.1.
dns_zone_checkservers(), dns_zone_checkparents(),
dns_zone_checkchildren(), dns_zone_checkglue().
diff --git a/COPYRIGHT b/COPYRIGHT
index cd033b44..796a9926 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.6.2.6 2006/01/04 00:37:21 marka Exp $
+$Id: COPYRIGHT,v 1.6.2.7 2007/01/08 02:45:02 marka Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
diff --git a/FAQ b/FAQ
index ba87de21..af6c89a4 100644
--- a/FAQ
+++ b/FAQ
@@ -75,12 +75,12 @@ Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar
A: This is often caused by TXT records with missing close quotes. Check that all
TXT records containing quoted strings have both open and close quotes.
-Q: How do I produce a usable core file from a multithreaded named on Linux?
+Q: How do I produce a usable core file from a multi-threaded named on Linux?
-A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
+A: If the Linux kernel is 2.4.7 or newer, multi-threaded core dumps are usable
(that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
- kernel. This patch will cause multithreaded programs to dump the correct
+ kernel. This patch will cause multi-threaded programs to dump the correct
thread.
Q: How do I restrict people from looking up the server version?
@@ -310,7 +310,7 @@ A: These indicate a malformed master zone. You can identify the exact records
named-checkzone example.com tmp
A CNAME record cannot exist with the same name as another record except for the
- DNSSEC records which prove its existance (NSEC).
+ DNSSEC records which prove its existence (NSEC).
RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
should be present; this ensures that the data for a canonical name and its
@@ -385,11 +385,11 @@ Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
A: This error is produced when a line in the master file contains leading white
space (tab/space) but the is no current record owner name to inherit the name
from. Usually this is the result of putting white space before a comment.
- Forgeting the "@" for the SOA record or indenting the master file.
+ Forgetting the "@" for the SOA record or indenting the master file.
Q: Why are my logs in GMT (UTC).
-A: You are running chrooted (-t) and have not supplied local timzone information
+A: You are running chrooted (-t) and have not supplied local timezone information
in the chroot area.
FreeBSD: /etc/localtime
@@ -474,7 +474,7 @@ A: These indicate a filesystem permission error preventing named creating /
masters { 192.168.4.12; };
};
-Q: How do I intergrate BIND 9 and Solaris SMF
+Q: How do I integrate BIND 9 and Solaris SMF
A: Sun has a blog entry describing how to do this.
@@ -487,7 +487,7 @@ A: No. The rules for glue (copies of the *address* records in the parent zones)
You would have to add both the CNAME and address records (A/AAAA) as glue to
the parent zone and have CNAMEs be followed when doing additional section
- processing to make it work. No namesever implementation supports either of
+ processing to make it work. No nameserver implementation supports either of
these requirements.
Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
@@ -495,7 +495,7 @@ Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
using then you have failed to follow RFC 1918 usage rules and are leaking
queries to the Internet. You should establish your own zones for these
- addresses to prevent you quering the Internet's name servers for these
+ addresses to prevent you querying the Internet's name servers for these
addresses. Please see http://as112.net/ for details of the problems you are
causing and the counter measures that have had to be deployed.
@@ -549,7 +549,7 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
Red Hat have adopted the National Security Agency's SELinux security policy (
see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
are more secure than running named in a chroot and make use of the bind-chroot
- environment unecessary .
+ environment unnecessary .
By default, named is not allowed by the SELinux policy to write, create or
delete any files EXCEPT in these directories:
@@ -614,19 +614,19 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
in different locations, you can do so by changing the context of the custom
file locations .
- To create a custom configuration file location, eg. '/root/named.conf', to use
+ To create a custom configuration file location, e.g. '/root/named.conf', to use
with the 'named -c' option, do:
# chcon system_u:object_r:named_conf_t /root/named.conf
- To create a custom modifiable named data location, eg. '/var/log/named' for a
+ To create a custom modifiable named data location, e.g. '/var/log/named' for a
log file, do:
# chcon system_u:object_r:named_cache_t /var/log/named
- To create a custom zone file location, eg. /root/zones/, do:
+ To create a custom zone file location, e.g. /root/zones/, do:
# chcon system_u:object_r:named_zone_t /root/zones/{.,*}
@@ -667,9 +667,55 @@ A: No, so long as the machines internal clock (as reported by "date -u") remains
(which sets the default timezone for the machine) and possibly a directory
which has all the conversion rules for the world (e.g. /usr/share/zoneinfo).
When updating the OS do not forget to update any chroot areas as well. See your
- OS's documetation for more details.
+ OS's documentation for more details.
The local timezone conversion rules can also be done on a individual basis by
- setting the TZ envirionment variable appropriately. See your OS's documentation
+ setting the TZ environment variable appropriately. See your OS's documentation
for more details.
+Q: Why do we get the following warning at run time:
+
+ kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT
+
+A: The early Linux kernels broke sendto() by having it return that a ICMP
+ unreachable had be received for non connected UDP sockets. This made non
+ connected UDP sockets work like connected UDP socket which is fine when you are
+ only talking to one destination. Named however talks to multiple destinations
+ and it caused problems.
+
+ Rather than fix sendto() to just have BSD behaviour they added SO_BSDCOMPAT to
+ turn BSD behaviour on/off on a per socket basis.
+
+ Later they decided to make BSD behaviour the default and to aggressively track
+ down applications that used SO_BSDCOMPAT by issuing a warning. This is the sort
+ of things vendors do in alpha/beta stages of a release so that their code is
+ clean. They then turn the warning *off* for release code.
+
+ We still have customers that have kernels that require SO_BSDCOMPAT to operate.
+ We therefore cannot remove the setsockopt(SO_BSDCOMPAT) call.
+
+ Now most/all portable applications that use SO_BSDCOMPAT use it conditionally
+ manner so just removing SO_BSDCOMPAT from the header file would be safe as long
+ as the binary was not to be moved between systems. BIND's use is conditional.
+
+ In short, the Linux developers should either, remove the #define for
+ SO_BSDCOMPAT, and/or remove the warning.
+
+Q: Isn't "make install" supposed to generate a default named.conf?
+
+A: Short Answer: No.
+
+ Long Answer: There really isn't a default configuration which fits any site
+ perfectly. There are lots of decisions that need to be made and there is no
+ consensus on what the defaults should be. For example FreeBSD uses /etc/namedb
+ as the location where the configuration files for named are stored. Others use
+ /var/named.
+
+ What addresses to listen on? For a laptop on the move a lot you may only want
+ to listen on the loop back interfaces.
+
+ Who do you offer recursive service to? Is there are firewall to consider? If so
+ is it stateless or stateful. Are you directly on the Internet? Are you on a
+ private network? Are you on a NAT'd network? The answers to all these questions
+ change how you configure even a caching name server.
+
diff --git a/FAQ.xml b/FAQ.xml
index 7d73fa1a..77c9e603 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -1,3 +1,4 @@
+<?xml-stylesheet href="common.css" type="text/css"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
@@ -17,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: FAQ.xml,v 1.4.8.5.6.1 2007/01/12 02:28:15 marka Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.8.8 2007/02/05 05:24:11 marka Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
@@ -186,17 +187,17 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
<qandaentry>
<question>
<para>
- How do I produce a usable core file from a multithreaded
+ How do I produce a usable core file from a multi-threaded
named on Linux?
</para>
</question>
<answer>
<para>
- If the Linux kernel is 2.4.7 or newer, multithreaded core
+ If the Linux kernel is 2.4.7 or newer, multi-threaded core
dumps are usable (that is, the correct thread is dumped).
Otherwise, if using a 2.2 kernel, apply the kernel patch
found in contrib/linux/coredump-patch and rebuild the kernel.
- This patch will cause multithreaded programs to dump the
+ This patch will cause multi-threaded programs to dump the
correct thread.
</para>
</answer>
@@ -644,7 +645,7 @@ named-checkzone example.com tmp</programlisting>
</informalexample>
<para>
A CNAME record cannot exist with the same name as another record
- except for the DNSSEC records which prove its existance (NSEC).
+ except for the DNSSEC records which prove its existence (NSEC).
</para>
<para>
RFC 1034, Section 3.6.2: <quote>If a CNAME RR is present at a node,
@@ -768,7 +769,7 @@ Master 10.0.1.1:
contains leading white space (tab/space) but the is no
current record owner name to inherit the name from. Usually
this is the result of putting white space before a comment.
- Forgeting the "@" for the SOA record or indenting the master
+ Forgetting the "@" for the SOA record or indenting the master
file.
</para>
</answer>
@@ -782,7 +783,7 @@ Master 10.0.1.1:
</question>
<answer>
<para>
- You are running chrooted (-t) and have not supplied local timzone
+ You are running chrooted (-t) and have not supplied local timezone
information in the chroot area.
</para>
<simplelist>
@@ -945,7 +946,7 @@ zone "example.net" {
<qandaentry>
<question>
<para>
- How do I intergrate BIND 9 and Solaris SMF
+ How do I integrate BIND 9 and Solaris SMF
</para>
</question>
<answer>
@@ -977,7 +978,7 @@ zone "example.net" {
You would have to add both the CNAME and address records
(A/AAAA) as glue to the parent zone and have CNAMEs be
followed when doing additional section processing to make
- it work. No namesever implementation supports either of
+ it work. No nameserver implementation supports either of
these requirements.
</para>
</answer>
@@ -996,7 +997,7 @@ zone "example.net" {
space you are using then you have failed to follow RFC 1918
usage rules and are leaking queries to the Internet. You
should establish your own zones for these addresses to prevent
- you quering the Internet's name servers for these addresses.
+ you querying the Internet's name servers for these addresses.
Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
for details of the problems you are causing and the counter
measures that have had to be deployed.
@@ -1073,7 +1074,7 @@ empty:
SELinux security policy ( see http://www.nsa.gov/selinux
) and recommendations for BIND security , which are more
secure than running named in a chroot and make use of
- the bind-chroot environment unecessary .
+ the bind-chroot environment unnecessary .
</para>
<para>
@@ -1174,7 +1175,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
<para>
- To create a custom configuration file location, eg.
+ To create a custom configuration file location, e.g.
'/root/named.conf', to use with the 'named -c' option,
do:
<informalexample>
@@ -1185,7 +1186,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
<para>
- To create a custom modifiable named data location, eg.
+ To create a custom modifiable named data location, e.g.
'/var/log/named' for a log file, do:
<informalexample>
<programlisting>
@@ -1195,7 +1196,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
<para>
- To create a custom zone file location, eg. /root/zones/, do:
+ To create a custom zone file location, e.g. /root/zones/, do:
<informalexample>
<programlisting>
# chcon system_u:object_r:named_zone_t /root/zones/{.,*}
@@ -1209,6 +1210,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
</answer>
</qandaentry>
+
<qandaentry>
<question>
<para>
@@ -1239,6 +1241,7 @@ zone "list.dsbl.org" {
</programlisting>
</answer>
</qandaentry>
+
<qandaentry>
<question>
<para>
@@ -1262,15 +1265,93 @@ zone "list.dsbl.org" {
a directory which has all the conversion rules for the
world (e.g. /usr/share/zoneinfo). When updating the OS
do not forget to update any chroot areas as well.
- See your OS's documetation for more details.
+ See your OS's documentation for more details.
</para>
<para>
The local timezone conversion rules can also be done on
- a individual basis by setting the TZ envirionment variable
+ a individual basis by setting the TZ environment variable
appropriately. See your OS's documentation for more
details.
</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why do we get the following warning at run time:
+<programlisting>kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT</programlisting>
+ </para>
+ </question>
+ <answer>
+ <para>
+ The early Linux kernels broke sendto() by having it return
+ that a ICMP unreachable had be received for non connected
+ UDP sockets. This made non connected UDP sockets work like
+ connected UDP socket which is fine when you are only talking
+ to one destination. Named however talks to multiple
+ destinations and it caused problems.
+ </para>
+ <para>
+ Rather than fix sendto() to just have BSD behaviour they added
+ SO_BSDCOMPAT to turn BSD behaviour on/off on a per socket basis.
+ </para>
+ <para>
+ Later they decided to make BSD behaviour the default and
+ to aggressively track down applications that used SO_BSDCOMPAT
+ by issuing a warning. This is the sort of things vendors
+ do in alpha/beta stages of a release so that their code is
+ clean. They then turn the warning *off* for release code.
+ </para>
+ <para>
+ We still have customers that have kernels that require
+ SO_BSDCOMPAT to operate. We therefore cannot remove the
+ setsockopt(SO_BSDCOMPAT) call.
+ </para>
+ <para>
+ Now most/all portable applications that use SO_BSDCOMPAT use it
+ conditionally manner so just removing SO_BSDCOMPAT from the
+ header file would be safe as long as the binary was not to
+ be moved between systems. BIND's use is conditional.
+ </para>
+ <para>
+ In short, the Linux developers should either, remove the #define for
+ SO_BSDCOMPAT, and/or remove the warning.
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Isn't "make install" supposed to generate a default named.conf?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Short Answer: No.
+ </para>
+ <para>
+ Long Answer: There really isn't a default configuration which fits
+ any site perfectly. There are lots of decisions that need to
+ be made and there is no consensus on what the defaults should be.
+ For example FreeBSD uses /etc/namedb as the location where the
+ configuration files for named are stored. Others use /var/named.
+ </para>
+ <para>
+ What addresses to listen on? For a laptop on the move a lot
+ you may only want to listen on the loop back interfaces.
+ </para>
+ <para>
+ Who do you offer recursive service to? Is there are firewall
+ to consider? If so is it stateless or stateful. Are you
+ directly on the Internet? Are you on a private network? Are
+ you on a NAT'd network? The answers
+ to all these questions change how you configure even a
+ caching name server.
+ </para>
+ </answer>
+ </qandaentry>
+
</qandaset>
</article>
diff --git a/README b/README
index efdfceca..effef26c 100644
--- a/README
+++ b/README
@@ -43,10 +43,17 @@ BIND 9
Nominum, Inc.
+BIND 9.2.9
+
+ BIND 9.2.9 is the final maintenance release for BIND 9.2.
+ BIND 9.2.9 contains fixes for a number of bugs in 9.2.8.
+
BIND 9.2.8
- BIND 9.2.8 is a security release.
+
+ BIND 9.2.9 is a security release for BIND 9.2.
BIND 9.2.7
+
BIND 9.2.7 is a maintenance release, containing fixes for
a number of bugs in 9.2.6.
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
index 21b25203..0ea2761f 100644
--- a/bin/check/named-checkconf.8
+++ b/bin/check/named-checkconf.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkconf.8,v 1.11.2.6 2006/06/29 13:02:05 marka Exp $
+.\" $Id: named-checkconf.8,v 1.11.2.10 2007/06/20 02:25:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: named\-checkconf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 14, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -39,20 +39,26 @@ named\-checkconf \- named configuration file syntax checking tool
\fBnamed\-checkconf\fR
checks the syntax, but not the semantics, of a named configuration file.
.SH "OPTIONS"
-.TP 3n
+.PP
\-t \fIdirectory\fR
-chroot to
+.RS 4
+Chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Print the version of the
\fBnamed\-checkconf\fR
program and exit.
-.TP 3n
+.RE
+.PP
filename
+.RS 4
The name of the configuration file to be checked. If not specified, it defaults to
\fI/etc/named.conf\fR.
+.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkconf\fR
@@ -60,9 +66,13 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
+\fBnamed\-checkzone\fR(8),
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br
diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook
index 98f6a42a..a5897711 100644
--- a/bin/check/named-checkconf.docbook
+++ b/bin/check/named-checkconf.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.docbook,v 1.3.2.5 2005/05/12 21:35:05 sra Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.3.2.9 2007/06/19 07:52:23 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -75,7 +76,7 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- chroot to <filename>directory</filename> so that include
+ Chroot to <filename>directory</filename> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
</para>
@@ -121,6 +122,9 @@
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsect1>
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
index 10822b64..0e81f621 100644
--- a/bin/check/named-checkconf.html
+++ b/bin/check/named-checkconf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkconf.html,v 1.5.2.14 2006/06/29 13:02:05 marka Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.5.2.19 2007/06/20 02:25:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
@@ -32,18 +32,18 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549421"></a><h2>DESCRIPTION</h2>
+<a name="id2543363"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-checkconf</strong></span> checks the syntax, but not
the semantics, of a named configuration file.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549434"></a><h2>OPTIONS</h2>
+<a name="id2543376"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
- chroot to <code class="filename">directory</code> so that include
+ Chroot to <code class="filename">directory</code> so that include
directives in the configuration file are processed as if
run by a similarly chrooted named.
</p></dd>
@@ -60,21 +60,22 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549497"></a><h2>RETURN VALUES</h2>
+<a name="id2543438"></a><h2>RETURN VALUES</h2>
<p>
<span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549510"></a><h2>SEE ALSO</h2>
+<a name="id2543451"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549533"></a><h2>AUTHOR</h2>
+<a name="id2543483"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 49768bae..875f834c 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named-checkzone.8,v 1.11.2.7 2006/06/29 13:02:05 marka Exp $
+.\" $Id: named-checkzone.8,v 1.11.2.10 2007/06/20 02:25:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: named\-checkzone
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 13, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,29 +43,43 @@ does when loading a zone. This makes
\fBnamed\-checkzone\fR
useful for checking zone files before configuring them into a name server.
.SH "OPTIONS"
-.TP 3n
+.PP
\-d
+.RS 4
Enable debugging.
-.TP 3n
+.RE
+.PP
\-q
+.RS 4
Quiet mode \- exit code only.
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Print the version of the
\fBnamed\-checkzone\fR
program and exit.
-.TP 3n
+.RE
+.PP
\-j
+.RS 4
When loading the zone file read the journal if it exists.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Specify the class of the zone. If not specified "IN" is assumed.
-.TP 3n
+.RE
+.PP
zonename
+.RS 4
The domain name of the zone being checked.
-.TP 3n
+.RE
+.PP
filename
+.RS 4
The name of the zone file.
+.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkzone\fR
@@ -73,10 +87,14 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
RFC 1035,
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index d57f2ac6..0652ac3a 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.docbook,v 1.3.2.6 2005/05/12 21:35:05 sra Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.3.2.9 2007/06/19 07:52:23 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -161,6 +162,9 @@
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
<citetitle>RFC 1035</citetitle>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 417fda09..8bb2cb5c 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named-checkzone.html,v 1.5.2.14 2006/06/29 13:02:05 marka Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.5.2.18 2007/06/20 02:25:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-checkzone</span> &#8212; zone file validity checking tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549440"></a><h2>DESCRIPTION</h2>
+<a name="id2543381"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
a zone file. It performs the same checks as <span><strong class="command">named</strong></span>
@@ -42,7 +42,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549460"></a><h2>OPTIONS</h2>
+<a name="id2543401"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -76,22 +76,23 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549639"></a><h2>RETURN VALUES</h2>
+<a name="id2543512"></a><h2>RETURN VALUES</h2>
<p>
<span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549652"></a><h2>SEE ALSO</h2>
+<a name="id2543525"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549678"></a><h2>AUTHOR</h2>
+<a name="id2543560"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index 04d4a28c..39bf92da 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.14.2.10 2006/06/29 13:02:05 marka Exp $
+.\" $Id: dig.1,v 1.14.2.17 2007/05/16 06:57:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dig
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -50,7 +50,7 @@ Although
\fBdig\fR
is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
\fB\-h\fR
-option is given. Unlike earlier versions, the BIND9 implementation of
+option is given. Unlike earlier versions, the BIND 9 implementation of
\fBdig\fR
allows multiple lookups to be issued from the command line.
.PP
@@ -65,21 +65,28 @@ It is possible to set per user defaults for
\fBdig\fR
via
\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
+.PP
+The IN and CH class names overlap with the IN and CH top level domains names. Either use the
+\fB\-t\fR
+and
+\fB\-c\fR
+options to specify the type and class or use "IN." and "CH." when looking up these top level domains.
.SH "SIMPLE USAGE"
.PP
A typical invocation of
\fBdig\fR
looks like:
.sp
-.RS 3n
+.RS 4
.nf
dig @server name type
.fi
.RE
.sp
where:
-.TP 3n
+.PP
\fBserver\fR
+.RS 4
is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
\fIserver\fR
argument is a hostname,
@@ -91,11 +98,15 @@ argument is provided,
consults
\fI/etc/resolv.conf\fR
and queries the name servers listed there. The reply from the name server that responds is displayed.
-.TP 3n
+.RE
+.PP
\fBname\fR
+.RS 4
is the name of the resource record that is to be looked up.
-.TP 3n
+.RE
+.PP
\fBtype\fR
+.RS 4
indicates what type of query is required \(em ANY, A, MX, SIG, etc.
\fItype\fR
can be any valid query type. If no
@@ -103,6 +114,7 @@ can be any valid query type. If no
argument is supplied,
\fBdig\fR
will perform a lookup for an A record.
+.RE
.SH "OPTIONS"
.PP
The
@@ -114,14 +126,14 @@ The default query class (IN for internet) is overridden by the
\fB\-c\fR
option.
\fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
+is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
.PP
The
\fB\-f\fR
option makes
\fBdig \fR
operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
\fBdig\fR
using the command\-line interface.
.PP
@@ -136,7 +148,7 @@ will send its queries instead of the standard DNS port number 53. This option wo
The
\fB\-t\fR
option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
\fB\-x\fR
option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
\fItype\fR
@@ -144,7 +156,7 @@ is set to
ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
\fIN\fR.
.PP
-Reverse lookups \- mapping addresses to names \- are simplified by the
+Reverse lookups \(em mapping addresses to names \(em are simplified by the
\fB\-x\fR
option.
\fIaddr\fR
@@ -192,19 +204,26 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k
no
to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
\fB+keyword=value\fR. The query options are:
-.TP 3n
+.PP
\fB+[no]tcp\fR
-Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.TP 3n
+.RS 4
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.RE
+.PP
\fB+[no]vc\fR
+.RS 4
Use [do not use] TCP when querying name servers. This alternate syntax to
\fI+[no]tcp\fR
is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.TP 3n
+.RE
+.PP
\fB+[no]ignore\fR
+.RS 4
Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.TP 3n
+.RE
+.PP
\fB+domain=somename\fR
+.RS 4
Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
\fBdomain\fR
@@ -212,28 +231,40 @@ directive in
\fI/etc/resolv.conf\fR, and enable search list processing as if the
\fI+search\fR
option were given.
-.TP 3n
+.RE
+.PP
\fB+[no]search\fR
+.RS 4
Use [do not use] the search list defined by the searchlist or domain directive in
\fIresolv.conf\fR
(if any). The search list is not used by default.
-.TP 3n
+.RE
+.PP
\fB+[no]defname\fR
+.RS 4
Deprecated, treated as a synonym for
\fI+[no]search\fR
-.TP 3n
+.RE
+.PP
\fB+[no]aaonly\fR
+.RS 4
This option does nothing. It is provided for compatibility with old versions of
\fBdig\fR
where it set an unimplemented resolver flag.
-.TP 3n
+.RE
+.PP
\fB+[no]adflag\fR
+.RS 4
Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
-.TP 3n
+.RE
+.PP
\fB+[no]cdflag\fR
+.RS 4
Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.TP 3n
+.RE
+.PP
\fB+[no]recurse\fR
+.RS 4
Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
\fBdig\fR
normally sends recursive queries. Recursion is automatically disabled when the
@@ -241,69 +272,101 @@ normally sends recursive queries. Recursion is automatically disabled when the
or
\fI+trace\fR
query options are used.
-.TP 3n
+.RE
+.PP
\fB+[no]nssearch\fR
+.RS 4
When this option is set,
\fBdig\fR
attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.TP 3n
+.RE
+.PP
\fB+[no]trace\fR
+.RS 4
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.TP 3n
+.RE
+.PP
\fB+[no]cmd\fR
-toggles the printing of the initial comment in the output identifying the version of
+.RS 4
+Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
and the query options that have been applied. This comment is printed by default.
-.TP 3n
+.RE
+.PP
\fB+[no]short\fR
+.RS 4
Provide a terse answer. The default is to print the answer in a verbose form.
-.TP 3n
+.RE
+.PP
\fB+[no]identify\fR
+.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.TP 3n
+.RE
+.PP
\fB+[no]comments\fR
+.RS 4
Toggle the display of comment lines in the output. The default is to print comments.
-.TP 3n
+.RE
+.PP
\fB+[no]stats\fR
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
-.TP 3n
+.RS 4
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
+.RE
+.PP
\fB+[no]qr\fR
+.RS 4
Print [do not print] the query as it is sent. By default, the query is not printed.
-.TP 3n
+.RE
+.PP
\fB+[no]question\fR
+.RS 4
Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.TP 3n
+.RE
+.PP
\fB+[no]answer\fR
+.RS 4
Display [do not display] the answer section of a reply. The default is to display it.
-.TP 3n
+.RE
+.PP
\fB+[no]authority\fR
+.RS 4
Display [do not display] the authority section of a reply. The default is to display it.
-.TP 3n
+.RE
+.PP
\fB+[no]additional\fR
+.RS 4
Display [do not display] the additional section of a reply. The default is to display it.
-.TP 3n
+.RE
+.PP
\fB+[no]all\fR
+.RS 4
Set or clear all display flags.
-.TP 3n
+.RE
+.PP
\fB+time=T\fR
+.RS 4
Sets the timeout for a query to
\fIT\fR
-seconds. The default time out is 5 seconds. An attempt to set
+seconds. The default timeout is 5 seconds. An attempt to set
\fIT\fR
to less than 1 will result in a query timeout of 1 second being applied.
-.TP 3n
+.RE
+.PP
\fB+tries=T\fR
+.RS 4
Sets the number of times to retry UDP queries to server to
\fIT\fR
instead of the default, 3. If
\fIT\fR
is less than or equal to zero, the number of retries is silently rounded up to 1.
-.TP 3n
+.RE
+.PP
\fB+ndots=D\fR
+.RS 4
Set the number of dots that have to appear in
\fIname\fR
to
@@ -315,25 +378,36 @@ or
\fBdomain\fR
directive in
\fI/etc/resolv.conf\fR.
-.TP 3n
+.RE
+.PP
\fB+bufsize=B\fR
+.RS 4
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
-.TP 3n
+.RE
+.PP
\fB+[no]multiline\fR
+.RS 4
Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
output.
-.TP 3n
+.RE
+.PP
\fB+[no]fail\fR
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
-.TP 3n
+.RS 4
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+.RE
+.PP
\fB+[no]besteffort\fR
+.RS 4
Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.TP 3n
+.RE
+.PP
\fB+[no]dnssec\fR
+.RS 4
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
+.RE
.SH "MULTIPLE QUERIES"
.PP
The BIND 9 implementation of
@@ -350,7 +424,7 @@ A global set of query options, which should be applied to all queries, can also
\fB+[no]cmd\fR
option) can be overridden by a query\-specific set of query options. For example:
.sp
-.RS 3n
+.RS 4
.nf
dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
.fi
@@ -381,8 +455,11 @@ isc.org.
\fBnamed\fR(8),
\fBdnssec\-keygen\fR(8),
RFC1035.
-.SH "BUGS "
+.SH "BUGS"
.PP
There are probably too many query options.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 32229118..95a23fa9 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.157.2.22 2006/07/22 23:52:56 marka Exp $ */
+/* $Id: dig.c,v 1.157.2.24 2007/04/24 23:45:24 tbox Exp $ */
#include <config.h>
#include <stdlib.h>
@@ -538,42 +538,6 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
}
}
-/*
- * Reorder an argument list so that server names all come at the end.
- * This is a bit of a hack, to allow batch-mode processing to properly
- * handle the server options.
- */
-static void
-reorder_args(int argc, char *argv[]) {
- int i, j;
- char *ptr;
- int end;
-
- debug("reorder_args()");
- end = argc - 1;
- while (argv[end][0] == '@') {
- end--;
- if (end == 0)
- return;
- }
- debug("arg[end]=%s", argv[end]);
- for (i = 1; i < end - 1; i++) {
- if (argv[i][0] == '@') {
- debug("arg[%d]=%s", i, argv[i]);
- ptr = argv[i];
- for (j = i + 1; j < end; j++) {
- debug("Moving %s to %d", argv[j], j - 1);
- argv[j - 1] = argv[j];
- }
- debug("moving %s to end, %d", ptr, end - 1);
- argv[end - 1] = ptr;
- end--;
- if (end < 1)
- return;
- }
- }
-}
-
static isc_uint32_t
parse_uint(char *arg, const char *desc, isc_uint32_t max) {
char *endp;
@@ -859,7 +823,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
*/
static isc_boolean_t
dash_option(char *option, char *next, dig_lookup_t **lookup,
- isc_boolean_t *open_type_class)
+ isc_boolean_t *open_type_class, isc_boolean_t *need_clone,
+ int argc, char **argv, isc_boolean_t *firstarg)
{
char cmd, *value, *ptr;
isc_result_t result;
@@ -993,7 +958,9 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
keysecret[sizeof(keysecret)-1]=0;
return (value_from_next);
case 'x':
- *lookup = clone_lookup(default_lookup, ISC_TRUE);
+ if (*need_clone)
+ *lookup = clone_lookup(default_lookup, ISC_TRUE);
+ *need_clone = ISC_TRUE;
if (get_reverse(textname, value, ip6_int, ISC_FALSE)
== ISC_R_SUCCESS)
{
@@ -1008,6 +975,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
if (!(*lookup)->rdclassset)
(*lookup)->rdclass = dns_rdataclass_in;
(*lookup)->new_search = ISC_TRUE;
+ if (*firstarg) {
+ printgreeting(argc, argv, *lookup);
+ *firstarg = ISC_FALSE;
+ }
ISC_LIST_APPEND(lookup_list, *lookup, link);
} else {
fprintf(stderr, "Invalid IP address %s\n", value);
@@ -1091,6 +1062,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
char rcfile[256];
#endif
char *input;
+ int i;
+ isc_boolean_t need_clone = ISC_TRUE;
/*
* The semantics for parsing the args is a bit complex; if
@@ -1134,7 +1107,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
bargv[0] = argv[0];
argv0 = argv[0];
- reorder_args(bargc, (char **)bargv);
+ for(i = 0; i < bargc; i++)
+ debug(".digrc argv %d: %s",
+ i, bargv[i]);
parse_args(ISC_TRUE, ISC_TRUE, bargc,
(char **)bargv);
}
@@ -1143,7 +1118,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
#endif
}
- lookup = default_lookup;
+ if (is_batchfile && !config_only) {
+ /* Processing '-f batchfile'. */
+ lookup = clone_lookup(default_lookup, ISC_TRUE);
+ need_clone = ISC_FALSE;
+ } else
+ lookup = default_lookup;
rc = argc;
rv = argv;
@@ -1159,13 +1139,17 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
} else if (rv[0][0] == '-') {
if (rc <= 1) {
if (dash_option(&rv[0][1], NULL,
- &lookup, &open_type_class)) {
+ &lookup, &open_type_class,
+ &need_clone, argc, argv,
+ &firstarg)) {
rc--;
rv++;
}
} else {
if (dash_option(&rv[0][1], rv[1],
- &lookup, &open_type_class)) {
+ &lookup, &open_type_class,
+ &need_clone, argc, argv,
+ &firstarg)) {
rc--;
rv++;
}
@@ -1232,21 +1216,29 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
continue;
}
}
+
if (!config_only) {
- lookup = clone_lookup(default_lookup,
- ISC_TRUE);
+ if (need_clone)
+ lookup = clone_lookup(default_lookup,
+ ISC_TRUE);
+ need_clone = ISC_TRUE;
strncpy(lookup->textname, rv[0],
sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
lookup->trace_root = ISC_TF(lookup->trace ||
lookup->ns_search_only);
lookup->new_search = ISC_TRUE;
+ if (firstarg) {
+ printgreeting(argc, argv, lookup);
+ firstarg = ISC_FALSE;
+ }
ISC_LIST_APPEND(lookup_list, lookup, link);
debug("looking up %s", lookup->textname);
}
/* XXX Error message */
}
}
+
/*
* If we have a batchfile, seed the lookup list with the
* first entry, then trust the callback in dighost_shutdown
@@ -1281,15 +1273,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
bargv[0] = argv[0];
argv0 = argv[0];
- reorder_args(bargc, (char **)bargv);
+ for(i = 0; i < bargc; i++)
+ debug("batch argv %d: %s", i, bargv[i]);
parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
+ return;
}
+ return;
}
/*
* If no lookup specified, search for root
*/
if ((lookup_list.head == NULL) && !config_only) {
- lookup = clone_lookup(default_lookup, ISC_TRUE);
+ if (need_clone)
+ lookup = clone_lookup(default_lookup, ISC_TRUE);
+ need_clone = ISC_TRUE;
lookup->trace_root = ISC_TF(lookup->trace ||
lookup->ns_search_only);
lookup->new_search = ISC_TRUE;
@@ -1301,10 +1298,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
firstarg = ISC_FALSE;
}
ISC_LIST_APPEND(lookup_list, lookup, link);
- } else if (!config_only && firstarg) {
- printgreeting(argc, argv, lookup);
- firstarg = ISC_FALSE;
}
+ if (!need_clone)
+ destroy_lookup(lookup);
}
/*
@@ -1318,7 +1314,7 @@ dighost_shutdown(void) {
int bargc;
char *bargv[16];
char *input;
-
+ int i;
if (batchname == NULL) {
isc_app_shutdown();
@@ -1346,7 +1342,8 @@ dighost_shutdown(void) {
bargv[0] = argv0;
- reorder_args(bargc, (char **)bargv);
+ for(i = 0; i < bargc; i++)
+ debug("batch argv %d: %s", i, bargv[i]);
parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
start_lookup();
} else {
@@ -1361,7 +1358,6 @@ dighost_shutdown(void) {
int
main(int argc, char **argv) {
isc_result_t result;
- dig_server_t *s, *s2;
ISC_LIST_INIT(lookup_list);
ISC_LIST_INIT(server_list);
@@ -1382,16 +1378,7 @@ main(int argc, char **argv) {
result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
check_result(result, "isc_app_onrun");
isc_app_run();
- s = ISC_LIST_HEAD(default_lookup->my_server_list);
- while (s != NULL) {
- debug("freeing server %p belonging to %p",
- s, default_lookup);
- s2 = s;
- s = ISC_LIST_NEXT(s, link);
- ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link);
- isc_mem_free(mctx, s2);
- }
- isc_mem_free(mctx, default_lookup);
+ destroy_lookup(default_lookup);
if (batchname != NULL) {
if (batchfp != stdin)
fclose(batchfp);
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 15fed4fa..591417c7 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.docbook,v 1.4.2.11 2005/05/12 21:35:06 sra Exp $ -->
+<!-- $Id: dig.docbook,v 1.4.2.18 2007/05/16 02:07:44 marka Exp $ -->
<refentry>
@@ -36,6 +36,8 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -98,7 +100,7 @@ Although <command>dig</command> is normally used with command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <option>-h</option> option is given.
-Unlike earlier versions, the BIND9 implementation of
+Unlike earlier versions, the BIND 9 implementation of
<command>dig</command> allows multiple lookups to be issued from the
command line.
</para>
@@ -120,6 +122,13 @@ It is possible to set per user defaults for <command>dig</command> via
are applied before the command line arguments.
</para>
+ <para>
+ The IN and CH class names overlap with the IN and CH top level
+ domains names. Either use the <option>-t</option> and
+ <option>-c</option> options to specify the type and class or
+ use "IN." and "CH." when looking up these top level domains.
+ </para>
+
</refsect1>
<refsect1>
@@ -175,14 +184,14 @@ one of the host's network interfaces.
<para>
The default query class (IN for internet) is overridden by the
<option>-c</option> option. <parameter>class</parameter> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+class, such as HS for Hesiod records or CH for Chaosnet records.
</para>
<para>
The <option>-f</option> option makes <command>dig </command> operate
in batch mode by reading a list of lookup requests to process from the
file <parameter>filename</parameter>. The file contains a number of
-queries, one per line. Each entry in the file should be organised in
+queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
<command>dig</command> using the command-line interface.
</para>
@@ -199,7 +208,7 @@ on a non-standard port number.
<para>
The <option>-t</option> option sets the query type to
<parameter>type</parameter>. It can be any valid query type which is
-supported in BIND9. The default query type "A", unless the
+supported in BIND 9. The default query type is "A", unless the
<option>-x</option> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
@@ -210,7 +219,7 @@ since the serial number in the zone's SOA record was
</para>
<para>
-Reverse lookups - mapping addresses to names - are simplified by the
+Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
<option>-x</option> option. <parameter>addr</parameter> is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
@@ -272,7 +281,7 @@ The query options are:
<varlistentry><term><option>+[no]tcp</option></term>
<listitem><para>
Use [do not use] TCP when querying name servers. The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+behavior is to use UDP unless an AXFR or IXFR query is requested, in
which case a TCP connection is used.
</para></listitem></varlistentry>
@@ -360,7 +369,7 @@ resolve the lookup.
<varlistentry><term><option>+[no]cmd</option></term>
<listitem><para>
-toggles the printing of the initial comment in the output identifying
+Toggles the printing of the initial comment in the output identifying
the version of <command>dig</command> and the query options that have
been applied. This comment is printed by default.
</para></listitem></varlistentry>
@@ -388,7 +397,7 @@ print comments.
<varlistentry><term><option>+[no]stats</option></term>
<listitem><para>
This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on. The default behaviour is
+was made, the size of the reply and so on. The default behavior is
to print the query statistics.
</para></listitem></varlistentry>
@@ -431,7 +440,7 @@ Set or clear all display flags.
<listitem><para>
Sets the timeout for a query to
-<parameter>T</parameter> seconds. The default time out is 5 seconds.
+<parameter>T</parameter> seconds. The default timeout is 5 seconds.
An attempt to set <parameter>T</parameter> to less than 1 will result
in a query timeout of 1 second being applied.
</para></listitem></varlistentry>
@@ -478,7 +487,7 @@ of the <command>dig</command> output.
<listitem><para>
Do not try the next server if you receive a SERVFAIL. The default is
to not try the next server which is the reverse of normal stub resolver
-behaviour.
+behavior.
</para>
</listitem></varlistentry>
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 34d3a4ff..9f2e995b 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.html,v 1.6.2.15 2006/06/29 13:02:05 marka Exp $ -->
+<!-- $Id: dig.html,v 1.6.2.23 2007/05/16 06:57:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>dig &#8212; DNS lookup utility</p>
@@ -34,7 +34,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549529"></a><h2>DESCRIPTION</h2>
+<a name="id2543474"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -49,7 +49,7 @@ Although <span><strong class="command">dig</strong></span> is normally used with
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <code class="option">-h</code> option is given.
-Unlike earlier versions, the BIND9 implementation of
+Unlike earlier versions, the BIND 9 implementation of
<span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the
command line.
</p>
@@ -67,9 +67,15 @@ It is possible to set per user defaults for <span><strong class="command">dig</s
<code class="filename">${HOME}/.digrc</code>. This file is read and any options in it
are applied before the command line arguments.
</p>
+<p>
+ The IN and CH class names overlap with the IN and CH top level
+ domains names. Either use the <code class="option">-t</code> and
+ <code class="option">-c</code> options to specify the type and class or
+ use "IN." and "CH." when looking up these top level domains.
+ </p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549656"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543542"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -107,7 +113,7 @@ ANY, A, MX, SIG, etc.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549735"></a><h2>OPTIONS</h2>
+<a name="id2543621"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid address on
@@ -116,13 +122,13 @@ one of the host's network interfaces.
<p>
The default query class (IN for internet) is overridden by the
<code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+class, such as HS for Hesiod records or CH for Chaosnet records.
</p>
<p>
The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate
in batch mode by reading a list of lookup requests to process from the
file <em class="parameter"><code>filename</code></em>. The file contains a number of
-queries, one per line. Each entry in the file should be organised in
+queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
<span><strong class="command">dig</strong></span> using the command-line interface.
</p>
@@ -137,7 +143,7 @@ on a non-standard port number.
<p>
The <code class="option">-t</code> option sets the query type to
<em class="parameter"><code>type</code></em>. It can be any valid query type which is
-supported in BIND9. The default query type "A", unless the
+supported in BIND 9. The default query type is "A", unless the
<code class="option">-x</code> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
@@ -147,7 +153,7 @@ since the serial number in the zone's SOA record was
<em class="parameter"><code>N</code></em>.
</p>
<p>
-Reverse lookups - mapping addresses to names - are simplified by the
+Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
@@ -181,7 +187,7 @@ being used. In BIND, this is done by providing appropriate
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549969"></a><h2>QUERY OPTIONS</h2>
+<a name="id2543786"></a><h2>QUERY OPTIONS</h2>
<p>
<span><strong class="command">dig</strong></span> provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -202,7 +208,7 @@ The query options are:
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+behavior is to use UDP unless an AXFR or IXFR query is requested, in
which case a TCP connection is used.
</p></dd>
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
@@ -278,7 +284,7 @@ resolve the lookup.
</p></dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
-toggles the printing of the initial comment in the output identifying
+Toggles the printing of the initial comment in the output identifying
the version of <span><strong class="command">dig</strong></span> and the query options that have
been applied. This comment is printed by default.
</p></dd>
@@ -302,7 +308,7 @@ print comments.
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on. The default behaviour is
+was made, the size of the reply and so on. The default behavior is
to print the query statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
@@ -338,7 +344,7 @@ Set or clear all display flags.
<dd><p>
Sets the timeout for a query to
-<em class="parameter"><code>T</code></em> seconds. The default time out is 5 seconds.
+<em class="parameter"><code>T</code></em> seconds. The default timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result
in a query timeout of 1 second being applied.
</p></dd>
@@ -378,7 +384,7 @@ of the <span><strong class="command">dig</strong></span> output.
<dd><p>
Do not try the next server if you receive a SERVFAIL. The default is
to not try the next server which is the reverse of normal stub resolver
-behaviour.
+behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
@@ -396,7 +402,7 @@ in the OPT record in the additional section of the query.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550535"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2544354"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports
specifying multiple queries on the command line (in addition to
@@ -437,7 +443,7 @@ will not print the initial query when it looks up the NS records for
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550594"></a><h2>FILES</h2>
+<a name="id2544481"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
@@ -446,7 +452,7 @@ will not print the initial query when it looks up the NS records for
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550613"></a><h2>SEE ALSO</h2>
+<a name="id2544500"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -455,7 +461,7 @@ will not print the initial query when it looks up the NS records for
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550651"></a><h2>BUGS </h2>
+<a name="id2544606"></a><h2>BUGS </h2>
<p>
There are probably too many query options.
</p>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 822fde6b..a9ad9c68 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.221.2.34 2006/12/07 01:36:49 marka Exp $ */
+/* $Id: dighost.c,v 1.221.2.38 2007/04/24 07:46:40 each Exp $ */
/*
* Notice to programmers: Do not use this code as an example of how to
@@ -382,12 +382,12 @@ set_nameserver(char *opt) {
flush_server_list();
for (i = 0; i < count; i++) {
- isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
- isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
- srv = make_server(tmp, opt);
- if (srv == NULL)
- fatal("memory allocation failure");
- ISC_LIST_APPEND(server_list, srv, link);
+ isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+ isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+ srv = make_server(tmp, opt);
+ if (srv == NULL)
+ fatal("memory allocation failure");
+ ISC_LIST_APPEND(server_list, srv, link);
}
}
@@ -472,6 +472,8 @@ make_empty_lookup(void) {
looknew->section_authority = ISC_TRUE;
looknew->section_additional = ISC_TRUE;
looknew->new_search = ISC_FALSE;
+ looknew->done_as_is = ISC_FALSE;
+ looknew->need_search = ISC_FALSE;
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
ISC_LIST_INIT(looknew->my_server_list);
@@ -528,6 +530,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew->section_additional = lookold->section_additional;
looknew->retries = lookold->retries;
looknew->tsigctx = NULL;
+ looknew->need_search = lookold->need_search;
+ looknew->done_as_is = lookold->done_as_is;
if (servers)
clone_server_list(lookold->my_server_list,
@@ -941,9 +945,7 @@ clear_query(dig_query_t *query) {
*/
static isc_boolean_t
try_clear_lookup(dig_lookup_t *lookup) {
- dig_server_t *s;
dig_query_t *q;
- void *ptr;
REQUIRE(lookup != NULL);
@@ -965,7 +967,16 @@ try_clear_lookup(dig_lookup_t *lookup) {
* At this point, we know there are no queries on the lookup,
* so can make it go away also.
*/
- debug("cleared");
+ destroy_lookup(lookup);
+ return (ISC_TRUE);
+}
+
+void
+destroy_lookup(dig_lookup_t *lookup) {
+ dig_server_t *s;
+ void *ptr;
+
+ debug("destroy");
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
debug("freeing server %p belonging to %p",
@@ -991,7 +1002,6 @@ try_clear_lookup(dig_lookup_t *lookup) {
dst_context_destroy(&lookup->tsigctx);
isc_mem_free(mctx, lookup);
- return (ISC_TRUE);
}
/*
@@ -1153,6 +1163,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
static isc_boolean_t
next_origin(dns_message_t *msg, dig_query_t *query) {
dig_lookup_t *lookup;
+ dig_searchlist_t *search;
UNUSED(msg);
@@ -1167,13 +1178,22 @@ next_origin(dns_message_t *msg, dig_query_t *query) {
* about finding the next entry.
*/
return (ISC_FALSE);
- if (query->lookup->origin == NULL)
+ if (query->lookup->origin == NULL && !query->lookup->need_search)
/*
* Then we just did rootorg; there's nothing left.
*/
return (ISC_FALSE);
- lookup = requeue_lookup(query->lookup, ISC_TRUE);
- lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link);
+ if (query->lookup->origin == NULL && query->lookup->need_search) {
+ lookup = requeue_lookup(query->lookup, ISC_TRUE);
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ } else {
+ search = ISC_LIST_NEXT(query->lookup->origin, link);
+ if (search == NULL && query->lookup->done_as_is)
+ return (ISC_FALSE);
+ lookup = requeue_lookup(query->lookup, ISC_TRUE);
+ lookup->origin = search;
+ }
cancel_lookup(query->lookup);
return (ISC_TRUE);
}
@@ -1295,12 +1315,17 @@ setup_lookup(dig_lookup_t *lookup) {
* take the first entry in the searchlist iff either usesearch
* is TRUE or we got a domain line in the resolv.conf file.
*/
- /* XXX New search here? */
- if ((count_dots(lookup->textname) >= ndots) || !usesearch)
- lookup->origin = NULL; /* Force abs lookup */
- else if (lookup->origin == NULL && lookup->new_search && usesearch) {
- lookup->origin = ISC_LIST_HEAD(search_list);
+ if (lookup->new_search) {
+ if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
+ lookup->origin = NULL; /* Force abs lookup */
+ lookup->done_as_is = ISC_TRUE;
+ lookup->need_search = usesearch;
+ } else if (lookup->origin == NULL && usesearch) {
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ }
}
+
if (lookup->origin != NULL) {
debug("trying origin %s", lookup->origin->origin);
result = dns_message_gettempname(lookup->sendmsg,
@@ -2299,7 +2324,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
}
- result = dns_message_peekheader(b, &id, &msgflags);
+ result = dns_message_peekheader(b, &id, &msgflags);
if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
match = ISC_FALSE;
if (l->tcp_mode) {
@@ -2486,7 +2511,8 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
if (!l->doing_xfr || l->xfr_q == query) {
- if (msg->rcode != dns_rcode_noerror && l->origin != NULL) {
+ if (msg->rcode != dns_rcode_noerror &&
+ (l->origin != NULL || l->need_search)) {
if (!next_origin(msg, query)) {
printmessage(query, msg, ISC_TRUE);
received(b->used, &sevent->address, query);
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index e7199693..556573fe 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.11.2.6 2006/06/29 13:02:05 marka Exp $
+.\" $Id: host.1,v 1.11.2.9 2007/05/09 03:32:21 marka Exp $
.\"
.hy 0
.ad l
.\" Title: host
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -128,7 +128,7 @@ makes. This should mean that the name server receiving the query will not attemp
\fB\-r\fR
option enables
\fBhost\fR
-to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
.PP
By default
\fBhost\fR
@@ -140,7 +140,7 @@ The
\fB\-t\fR
option is used to select the query type.
\fItype\fR
-can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
\fBhost\fR
automatically selects an appropriate query type. By default it looks for A records, but if the
\fB\-C\fR
@@ -175,4 +175,7 @@ will effectively wait forever for a reply. The time to wait for a response will
\fBdig\fR(1),
\fBnamed\fR(8).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
diff --git a/bin/dig/host.c b/bin/dig/host.c
index 29a20169..c61da3e9 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.76.2.10 2005/07/04 03:22:04 marka Exp $ */
+/* $Id: host.c,v 1.76.2.12 2007/04/24 23:45:24 tbox Exp $ */
#include <config.h>
#include <stdlib.h>
@@ -434,8 +434,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (msg->rcode != 0) {
char namestr[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name, namestr, sizeof(namestr));
- printf("Host %s not found: %d(%s)\n", namestr,
- msg->rcode, rcodetext[msg->rcode]);
+ printf("Host %s not found: %d(%s)\n",
+ (msg->rcode != dns_rcode_nxdomain) ? namestr :
+ query->lookup->textname, msg->rcode,
+ rcodetext[msg->rcode]);
return (ISC_R_SUCCESS);
}
if (!short_form) {
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 2eb8284d..4fbf2d43 100644
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.docbook,v 1.2.2.5 2005/05/12 21:35:06 sra Exp $ -->
+<!-- $Id: host.docbook,v 1.2.2.8 2007/05/09 02:11:44 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -159,7 +160,7 @@ desired &mdash; bit in the query which <command>host</command> makes.
This should mean that the name server receiving the query will not
attempt to resolve <parameter>name</parameter>. The
<option>-r</option> option enables <command>host</command> to mimic
-the behaviour of a name server by making non-recursive queries and
+the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</para>
@@ -173,7 +174,7 @@ require it, such as zone transfer (AXFR) requests.
<para>
The <option>-t</option> option is used to select the query type.
-<parameter>type</parameter> can be any recognised query type: CNAME,
+<parameter>type</parameter> can be any recognized query type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<command>host</command> automatically selects an appropriate query
type. By default it looks for A records, but if the
diff --git a/bin/dig/host.html b/bin/dig/host.html
index fdfeaee6..77070cbd 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.html,v 1.4.2.12 2006/06/29 13:02:05 marka Exp $ -->
+<!-- $Id: host.html,v 1.4.2.16 2007/05/09 03:32:21 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>host &#8212; DNS lookup utility</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549461"></a><h2>DESCRIPTION</h2>
+<a name="id2543402"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
@@ -114,7 +114,7 @@ desired &#8212; bit in the query which <span><strong class="command">host</stron
This should mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>. The
<code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic
-the behaviour of a name server by making non-recursive queries and
+the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
@@ -126,7 +126,7 @@ require it, such as zone transfer (AXFR) requests.
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
-<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME,
+<em class="parameter"><code>type</code></em> can be any recognized query type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span><strong class="command">host</strong></span> automatically selects an appropriate query
type. By default it looks for A records, but if the
@@ -148,13 +148,13 @@ value for an integer quantity.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549846"></a><h2>FILES</h2>
+<a name="id2543651"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549859"></a><h2>SEE ALSO</h2>
+<a name="id2543664"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index b5392252..bdf93e99 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.h,v 1.71.2.15 2006/12/07 01:36:50 marka Exp $ */
+/* $Id: dig.h,v 1.71.2.18 2007/04/24 23:45:25 tbox Exp $ */
#ifndef DIG_H
#define DIG_H
@@ -100,6 +100,8 @@ struct dig_lookup {
section_additional,
servfail_stops,
new_search,
+ need_search,
+ done_as_is,
besteffort,
dnssec;
char textname[MXNAME]; /* Name we're going to be looking up */
@@ -243,6 +245,9 @@ void
setup_lookup(dig_lookup_t *lookup);
void
+destroy_lookup(dig_lookup_t *lookup);
+
+void
do_lookup(dig_lookup_t *lookup);
void
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index b8490466..68a1a1d5 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,13 +12,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.1.4.7 2006/06/29 13:02:05 marka Exp $
+.\" $Id: nslookup.1,v 1.1.4.12 2007/05/16 06:57:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: nslookup
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use
.SH "ARGUMENTS"
.PP
Interactive mode is entered in the following cases:
-.TP 3n
+.TP 4
1.
when no arguments are given (the default name server will be used)
-.TP 3n
+.TP 4
2.
when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
.sp
@@ -54,17 +54,22 @@ when the first argument is a hyphen (\-) and the second argument is the host nam
Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
.PP
Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
+.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
.SH "INTERACTIVE COMMANDS"
-.TP 3n
-host [server]
+.PP
+\fBhost\fR [server]
+.RS 4
Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
.sp
To look up a host not in the current domain, append a period to the name.
-.TP 3n
+.RE
+.PP
\fBserver\fR \fIdomain\fR
-.TP 3n
+.RS 4
+.RE
+.PP
\fBlserver\fR \fIdomain\fR
+.RS 4
Change the default server to
\fIdomain\fR;
\fBlserver\fR
@@ -72,107 +77,158 @@ uses the initial server to look up information about
\fIdomain\fR, while
\fBserver\fR
uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.TP 3n
+.RE
+.PP
\fBroot\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBfinger\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBls\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBview\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBhelp\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fB?\fR
+.RS 4
not implemented
-.TP 3n
+.RE
+.PP
\fBexit\fR
+.RS 4
Exits the program.
-.TP 3n
+.RE
+.PP
\fBset\fR \fIkeyword\fR\fI[=value]\fR
+.RS 4
This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 3n
-.TP 3n
+.RS 4
+.PP
\fBall\fR
+.RS 4
Prints the current values of the frequently used options to
\fBset\fR. Information about the current default server and host is also printed.
-.TP 3n
+.RE
+.PP
\fBclass=\fR\fIvalue\fR
+.RS 4
Change the query class to one of:
-.RS 3n
-.TP 3n
+.RS 4
+.PP
\fBIN\fR
+.RS 4
the Internet class
-.TP 3n
+.RE
+.PP
\fBCH\fR
+.RS 4
the Chaos class
-.TP 3n
+.RE
+.PP
\fBHS\fR
+.RS 4
the Hesiod class
-.TP 3n
+.RE
+.PP
\fBANY\fR
+.RS 4
wildcard
.RE
-.IP "" 3n
+.RE
+.IP "" 4
The class specifies the protocol group of the information.
.sp
(Default = IN; abbreviation = cl)
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBdebug\fR
-Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.RS 4
+Turn on or off the display of the full response packet and any intermediate response packets when searching.
.sp
(Default = nodebug; abbreviation =
[no]deb)
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBd2\fR
-Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.RS 4
+Turn debugging mode on or off. This displays more about what nslookup is doing.
.sp
(Default = nod2)
-.TP 3n
+.RE
+.PP
\fBdomain=\fR\fIname\fR
+.RS 4
Sets the search list to
\fIname\fR.
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBsearch\fR
+.RS 4
If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
.sp
(Default = search)
-.TP 3n
+.RE
+.PP
\fBport=\fR\fIvalue\fR
+.RS 4
Change the default TCP/UDP name server port to
\fIvalue\fR.
.sp
(Default = 53; abbreviation = po)
-.TP 3n
+.RE
+.PP
\fBquerytype=\fR\fIvalue\fR
-.TP 3n
+.RS 4
+.RE
+.PP
\fBtype=\fR\fIvalue\fR
+.RS 4
Change the type of the information query.
.sp
(Default = A; abbreviations = q, ty)
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBrecurse\fR
+.RS 4
Tell the name server to query other servers if it does not have the information.
.sp
(Default = recurse; abbreviation = [no]rec)
-.TP 3n
+.RE
+.PP
\fBretry=\fR\fInumber\fR
+.RS 4
Set the number of retries to number.
-.TP 3n
+.RE
+.PP
\fBtimeout=\fR\fInumber\fR
+.RS 4
Change the initial timeout interval for waiting for a reply to number seconds.
-.TP 3n
+.RE
+.PP
\fB\fI[no]\fR\fR\fBvc\fR
+.RS 4
Always use a virtual circuit when sending requests to the server.
.sp
(Default = novc)
.RE
-.IP "" 3n
+.RE
+.IP "" 4
+.RE
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
@@ -185,4 +241,5 @@ Always use a virtual circuit when sending requests to the server.
.PP
Andrew Cherenson
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index c6bf1117..7bad0f38 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.90.2.13 2006/06/09 23:50:52 marka Exp $ */
+/* $Id: nslookup.c,v 1.90.2.15 2007/04/24 23:45:24 tbox Exp $ */
#include <config.h>
@@ -396,8 +396,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char nametext[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name,
nametext, sizeof(nametext));
- printf("** server can't find %s: %s\n", nametext,
- rcodetext[msg->rcode]);
+ printf("** server can't find %s: %s\n",
+ (msg->rcode != dns_rcode_nxdomain) ? nametext :
+ query->lookup->textname, rcodetext[msg->rcode]);
debug("returning with rcode == 0");
return (ISC_R_SUCCESS);
}
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index 0b8e3abf..ce3b78db 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.docbook,v 1.3.4.7 2006/01/06 00:01:41 marka Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.3.4.12 2007/05/16 02:07:44 marka Exp $ -->
<!--
- Copyright (c) 1985, 1989
@@ -69,6 +69,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -141,7 +142,7 @@ nslookup -query=hinfo -timeout=10
<refsect1>
<title>INTERACTIVE COMMANDS</title>
<variablelist>
-<varlistentry><term>host <optional>server</optional></term>
+<varlistentry><term><constant>host</constant> <optional>server</optional></term>
<listitem><para>
Look up information for host using the current default server or
using server, if specified. If host is an Internet address and
@@ -221,18 +222,16 @@ the lookups. Valid keywords are:
<varlistentry><term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
<listitem><para>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn on or off the display of the full response packet and
+ any intermediate response packets when searching.
</para><para>
(Default = nodebug; abbreviation = <optional>no</optional>deb)
</para></listitem></varlistentry>
<varlistentry><term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term>
<listitem><para>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn debugging mode on or off. This displays more about
+ what nslookup is doing.
</para><para>
(Default = nod2)
</para></listitem></varlistentry>
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index 3141058b..75996403 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nslookup.html,v 1.1.4.13 2006/06/29 13:02:05 marka Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.4.19 2007/05/16 06:57:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482694"></a><div class="titlepage"></div>
+<a name="id2476276"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nslookup &#8212; query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549404"></a><h2>DESCRIPTION</h2>
+<a name="id2543346"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">Nslookup</strong></span>
is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
@@ -43,7 +43,7 @@ domain.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549421"></a><h2>ARGUMENTS</h2>
+<a name="id2543363"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</p>
@@ -75,9 +75,9 @@ nslookup -query=hinfo -timeout=10
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549464"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2543405"></a><h2>INTERACTIVE COMMANDS</h2>
<div class="variablelist"><dl>
-<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
+<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
<dd>
<p>
Look up information for host using the current default server or
@@ -151,9 +151,8 @@ the lookups. Valid keywords are:
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
<dd>
<p>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn on or off the display of the full response packet and
+ any intermediate response packets when searching.
</p>
<p>
(Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
@@ -162,9 +161,8 @@ the lookups. Valid keywords are:
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
<dd>
<p>
- Turn debugging mode on. A lot more information is
- printed about the packet sent to the server and the
- resulting answer.
+ Turn debugging mode on or off. This displays more about
+ what nslookup is doing.
</p>
<p>
(Default = nod2)
@@ -241,13 +239,13 @@ the lookups. Valid keywords are:
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549990"></a><h2>FILES</h2>
+<a name="id2543797"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550003"></a><h2>SEE ALSO</h2>
+<a name="id2543810"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
@@ -255,7 +253,7 @@ the lookups. Valid keywords are:
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550038"></a><h2>Author</h2>
+<a name="id2543845"></a><h2>Author</h2>
<p>
Andrew Cherenson
</p>
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index afa4de42..3b466265 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.19.2.6 2006/06/29 13:02:05 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.19.2.9 2007/05/09 03:32:21 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dnssec\-keygen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -39,39 +39,56 @@ dnssec\-keygen \- DNSSEC key generation tool
\fBdnssec\-keygen\fR
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a \fIalgorithm\fR
+.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
must be one of RSAMD5 or RSA, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
.sp
Note that for DNSSEC, DSA is a mandatory to implement algorithm, and RSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
-.TP 3n
+.RE
+.PP
\-b \fIkeysize\fR
+.RS 4
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
-.TP 3n
+.RE
+.PP
\-n \fInametype\fR
+.RS 4
Specifies the owner type of the key. The value of
\fBnametype\fR
must either be ZONE (for a DNSSEC zone key), HOST or ENTITY (for a key associated with a host), or USER (for a key associated with a user). These values are case insensitive.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.TP 3n
+.RE
+.PP
\-e
+.RS 4
If generating an RSA key, use a large exponent.
-.TP 3n
+.RE
+.PP
\-g \fIgenerator\fR
+.RS 4
If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.TP 3n
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBdnssec\-keygen\fR.
-.TP 3n
+.RE
+.PP
\-p \fIprotocol\fR
+.RS 4
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 2 (email) for keys of type USER and 3 (DNSSEC) for all other key types. Other possible values for this argument are listed in RFC 2535 and its successors.
-.TP 3n
+.RE
+.PP
\-r \fIrandomdev\fR
+.RS 4
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -79,17 +96,24 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-s \fIstrength\fR
+.RS 4
Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.TP 3n
+.RE
+.PP
\-t \fItype\fR
+.RS 4
Indicates the use of the key.
\fBtype\fR
must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.TP 3n
+.RE
+.PP
\-v \fIlevel\fR
+.RS 4
Sets the debugging level.
+.RE
.SH "GENERATED KEYS"
.PP
When
@@ -98,23 +122,21 @@ completes successfully, it prints a string of the form
\fIKnnnn.+aaa+iiiii\fR
to the standard output. This is an identification string for the key it has generated. These strings can be used as arguments to
\fBdnssec\-makekeyset\fR.
-.TP 3n
+.TP 4
\(bu
\fInnnn\fR
is the key name.
-.TP 3n
+.TP 4
\(bu
\fIaaa\fR
is the numeric representation of the algorithm.
-.TP 3n
+.TP 4
\(bu
\fIiiiii\fR
is the key identifier (or footprint).
-.sp
-.RE
.PP
\fBdnssec\-keygen\fR
-creates two file, with names based on the printed string.
+creates two files, with names based on the printed string.
\fIKnnnn.+aaa+iiiii.key\fR
contains the public key, and
\fIKnnnn.+aaa+iiiii.private\fR
@@ -126,13 +148,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o
.PP
The
\fI.private\fR
-file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
+file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
.PP
Both
\fI.key\fR
and
\fI.private\fR
-files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
+files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
.SH "EXAMPLE"
.PP
To generate a 768\-bit DSA key for the domain
@@ -149,7 +171,7 @@ In this example,
creates the files
\fIKexample.com.+003+26160.key\fR
and
-\fIKexample.com.+003+26160.private\fR
+\fIKexample.com.+003+26160.private\fR.
.SH "SEE ALSO"
.PP
\fBdnssec\-makekeyset\fR(8),
@@ -163,4 +185,7 @@ RFC 2539.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 103cc124..924474dc 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -1,6 +1,6 @@
/*
- * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 2000, 2001 Internet Software Consortium.
+ * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 1999-2001 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keygen.c,v 1.48.2.2 2004/03/09 06:09:14 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.48.2.4 2007/01/18 00:06:02 marka Exp $ */
#include <config.h>
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 998a94a5..ea8611cc 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.docbook,v 1.3.2.4 2005/05/12 21:35:07 sra Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.3.2.7 2007/05/09 02:11:44 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -258,7 +259,7 @@
</listitem>
</itemizedlist>
<para>
- <command>dnssec-keygen</command> creates two file, with names based
+ <command>dnssec-keygen</command> creates two files, with names based
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
contains the public key, and
<filename>Knnnn.+aaa+iiiii.private</filename> contains the private
@@ -270,13 +271,13 @@
statement).
</para>
<para>
- The <filename>.private</filename> file contains algorithm specific
+ The <filename>.private</filename> file contains algorithm-specific
fields. For obvious security reasons, this file does not have
general read permission.
</para>
<para>
Both <filename>.key</filename> and <filename>.private</filename>
- files are generated for symmetric encryption algorithm such as
+ files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</para>
</refsect1>
@@ -300,7 +301,7 @@
<para>
In this example, <command>dnssec-keygen</command> creates
the files <filename>Kexample.com.+003+26160.key</filename> and
- <filename>Kexample.com.+003+26160.private</filename>
+ <filename>Kexample.com.+003+26160.private</filename>.
</para>
</refsect1>
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index e0b921f6..11b98646 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.5.2.12 2006/06/29 13:02:05 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.5.2.16 2007/05/09 03:32:21 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549501"></a><h2>DESCRIPTION</h2>
+<a name="id2543443"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC
(Secure DNS), as defined in RFC 2535. It can also generate
@@ -41,7 +41,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549514"></a><h2>OPTIONS</h2>
+<a name="id2543456"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -133,7 +133,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549886"></a><h2>GENERATED KEYS</h2>
+<a name="id2543691"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
@@ -154,7 +154,7 @@
</p></li>
</ul></div>
<p>
- <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based
+ <span><strong class="command">dnssec-keygen</strong></span> creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
<code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private
@@ -166,18 +166,18 @@
statement).
</p>
<p>
- The <code class="filename">.private</code> file contains algorithm specific
+ The <code class="filename">.private</code> file contains algorithm-specific
fields. For obvious security reasons, this file does not have
general read permission.
</p>
<p>
Both <code class="filename">.key</code> and <code class="filename">.private</code>
- files are generated for symmetric encryption algorithm such as
+ files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549978"></a><h2>EXAMPLE</h2>
+<a name="id2543783"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -195,11 +195,11 @@
<p>
In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code> and
- <code class="filename">Kexample.com.+003+26160.private</code>
+ <code class="filename">Kexample.com.+003+26160.private</code>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550024"></a><h2>SEE ALSO</h2>
+<a name="id2543829"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
@@ -211,7 +211,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550076"></a><h2>AUTHOR</h2>
+<a name="id2543881"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/dnssec/dnssec-makekeyset.8 b/bin/dnssec/dnssec-makekeyset.8
index 12e8ffda..903c077e 100644
--- a/bin/dnssec/dnssec-makekeyset.8
+++ b/bin/dnssec/dnssec-makekeyset.8
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-makekeyset.8,v 1.16.2.8 2006/06/29 13:02:05 marka Exp $
+.\" $Id: dnssec-makekeyset.8,v 1.16.2.9 2006/12/12 01:42:53 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dnssec\-makekeyset
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,29 +43,40 @@ generates a key set from one or more keys created by
\fInnnn\fR
is the zone name.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a
+.RS 4
Verify all generated signatures.
-.TP 3n
+.RE
+.PP
\-s \fIstart\-time\fR
+.RS 4
Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
\fBstart\-time\fR
is specified, the current time is used.
-.TP 3n
+.RE
+.PP
\-e \fIend\-time\fR
+.RS 4
Specify the date and time when the generated SIG records expire. As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBend\-time\fR
is specified, 30 days from the start time is used as a default.
-.TP 3n
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBdnssec\-makekeyset\fR.
-.TP 3n
+.RE
+.PP
\-p
+.RS 4
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.TP 3n
+.RE
+.PP
\-r \fIrandomdev\fR
+.RS 4
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -73,18 +84,25 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-t \fIttl\fR
+.RS 4
Specify the TTL (time to live) of the KEY and SIG records. The default is 3600 seconds.
-.TP 3n
+.RE
+.PP
\-v \fIlevel\fR
+.RS 4
Sets the debugging level.
-.TP 3n
+.RE
+.PP
key
+.RS 4
The list of keys to be included in the keyset file. These keys are expressed in the form
\fIKnnnn.+aaa+iiiii\fR
as generated by
\fBdnssec\-keygen\fR.
+.RE
.SH "EXAMPLE"
.PP
The following command generates a keyset containing the DSA key for
@@ -118,3 +136,6 @@ RFC 2535.
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-makekeyset.html b/bin/dnssec/dnssec-makekeyset.html
index 33e2d66e..4ca22cda 100644
--- a/bin/dnssec/dnssec-makekeyset.html
+++ b/bin/dnssec/dnssec-makekeyset.html
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-makekeyset.html,v 1.4.2.14 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: dnssec-makekeyset.html,v 1.4.2.16 2007/01/26 23:26:58 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-makekeyset</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-makekeyset</span> &#8212; DNSSEC zone signing tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-makekeyset</code> [<code class="option">-a</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code><em class="replaceable"><code>ttl</code></em>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {key...}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549465"></a><h2>DESCRIPTION</h2>
+<a name="id2543403"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-makekeyset</strong></span> generates a key set from one
or more keys created by <span><strong class="command">dnssec-keygen</strong></span>. It creates
@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549489"></a><h2>OPTIONS</h2>
+<a name="id2543427"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -111,7 +111,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549804"></a><h2>EXAMPLE</h2>
+<a name="id2543606"></a><h2>EXAMPLE</h2>
<p>
The following command generates a keyset containing the DSA key for
<strong class="userinput"><code>example.com</code></strong> generated in the
@@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549850"></a><h2>SEE ALSO</h2>
+<a name="id2543652"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
@@ -144,7 +144,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549886"></a><h2>AUTHOR</h2>
+<a name="id2543688"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/dnssec/dnssec-signkey.8 b/bin/dnssec/dnssec-signkey.8
index 146338cc..e5f011b2 100644
--- a/bin/dnssec/dnssec-signkey.8
+++ b/bin/dnssec/dnssec-signkey.8
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signkey.8,v 1.18.2.7 2006/06/29 13:02:05 marka Exp $
+.\" $Id: dnssec-signkey.8,v 1.18.2.8 2006/12/12 01:42:53 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dnssec\-signkey
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,32 +43,45 @@ signs a keyset. Typically the keyset will be for a child zone, and will have bee
\fInnnn\fR
is the zone name.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a
+.RS 4
Verify all generated signatures.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Specifies the DNS class of the key sets.
-.TP 3n
+.RE
+.PP
\-s \fIstart\-time\fR
+.RS 4
Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
\fBstart\-time\fR
is specified, the current time is used.
-.TP 3n
+.RE
+.PP
\-e \fIend\-time\fR
+.RS 4
Specify the date and time when the generated SIG records expire. As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBend\-time\fR
is specified, 30 days from the start time is used as a default.
-.TP 3n
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBdnssec\-signkey\fR.
-.TP 3n
+.RE
+.PP
\-p
+.RS 4
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.TP 3n
+.RE
+.PP
\-r \fIrandomdev\fR
+.RS 4
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -76,15 +89,22 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-v \fIlevel\fR
+.RS 4
Sets the debugging level.
-.TP 3n
+.RE
+.PP
keyset
+.RS 4
The file containing the child's keyset.
-.TP 3n
+.RE
+.PP
key
+.RS 4
The keys used to sign the child's keyset.
+.RE
.SH "EXAMPLE"
.PP
The DNS administrator for a DNSSEC\-aware
@@ -118,3 +138,6 @@ keys.
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-signkey.html b/bin/dnssec/dnssec-signkey.html
index 81be9ccb..4f18f70b 100644
--- a/bin/dnssec/dnssec-signkey.html
+++ b/bin/dnssec/dnssec-signkey.html
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signkey.html,v 1.4.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: dnssec-signkey.html,v 1.4.2.15 2007/01/26 23:26:58 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-signkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-signkey</span> &#8212; DNSSEC key set signing tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signkey</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyset} {key...}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549470"></a><h2>DESCRIPTION</h2>
+<a name="id2543409"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-signkey</strong></span> signs a keyset. Typically
the keyset will be for a child zone, and will have been generated
@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549493"></a><h2>OPTIONS</h2>
+<a name="id2543431"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -112,7 +112,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549750"></a><h2>EXAMPLE</h2>
+<a name="id2543620"></a><h2>EXAMPLE</h2>
<p>
The DNS administrator for a DNSSEC-aware <strong class="userinput"><code>.com</code></strong>
zone would use the following command to sign the
@@ -131,7 +131,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549802"></a><h2>SEE ALSO</h2>
+<a name="id2543672"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>,
@@ -139,7 +139,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549841"></a><h2>AUTHOR</h2>
+<a name="id2543710"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index d788ba67..ebf83bc6 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.23.2.9 2006/06/29 13:02:05 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.23.2.12 2007/05/09 03:32:21 marka Exp $
.\"
.hy 0
.ad l
.\" Title: dnssec\-signzone
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,42 +43,57 @@ file from the zone's parent, the parent's signatures will be incorporated into t
\fIsignedkey\fR
file for each child zone.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a
+.RS 4
Verify all generated signatures.
-.TP 3n
+.RE
+.PP
\-c \fIclass\fR
+.RS 4
Specifies the DNS class of the zone.
-.TP 3n
+.RE
+.PP
\-d \fIdirectory\fR
+.RS 4
Look for
\fIsignedkey\fR
files in
\fBdirectory\fR
as the directory
-.TP 3n
+.RE
+.PP
\-s \fIstart\-time\fR
+.RS 4
Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
\fBstart\-time\fR
is specified, the current time is used.
-.TP 3n
+.RE
+.PP
\-e \fIend\-time\fR
+.RS 4
Specify the date and time when the generated SIG records expire. As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBend\-time\fR
is specified, 30 days from the start time is used as a default.
-.TP 3n
+.RE
+.PP
\-f \fIoutput\-file\fR
+.RS 4
The name of the output file containing the signed zone. The default is to append
\fI.signed\fR
-to the input file.
-.TP 3n
+to the input filename.
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBdnssec\-signzone\fR.
-.TP 3n
+.RE
+.PP
\-i \fIinterval\fR
-When a previously signed zone is passed as input, records may be resigned. The
+.RS 4
+When a previously\-signed zone is passed as input, records may be resigned. The
\fBinterval\fR
option specifies the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
.sp
@@ -89,17 +104,25 @@ or
are specified,
\fBdnssec\-signzone\fR
generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing SIG records are due to expire in less than 7.5 days, they would be replaced.
-.TP 3n
+.RE
+.PP
\-n \fIncpus\fR
+.RS 4
Specifies the number of threads to use. By default, one thread is started for each detected CPU.
-.TP 3n
+.RE
+.PP
\-o \fIorigin\fR
+.RS 4
The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-.TP 3n
+.RE
+.PP
\-p
+.RS 4
Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.TP 3n
+.RE
+.PP
\-r \fIrandomdev\fR
+.RS 4
Specifies the source of randomness. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -107,18 +130,27 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-t
+.RS 4
Print statistics at completion.
-.TP 3n
+.RE
+.PP
\-v \fIlevel\fR
+.RS 4
Sets the debugging level.
-.TP 3n
+.RE
+.PP
zonefile
+.RS 4
The file containing the zone to be signed.
-.TP 3n
+.RE
+.PP
key
-The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
+.RS 4
+Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
+.RE
.SH "EXAMPLE"
.PP
The following command signs the
@@ -150,4 +182,7 @@ RFC 2535.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
index f4876f79..e490d90a 100644
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.2.2.8 2005/06/24 00:18:41 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.2.2.11 2007/05/09 02:11:44 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -155,7 +156,7 @@
<para>
The name of the output file containing the signed zone. The
default is to append <filename>.signed</filename> to the
- input file.
+ input filename.
</para>
</listitem>
</varlistentry>
@@ -174,7 +175,7 @@
<term>-i <replaceable class="parameter">interval</replaceable></term>
<listitem>
<para>
- When a previously signed zone is passed as input, records
+ When a previously-signed zone is passed as input, records
may be resigned. The <option>interval</option> option
specifies the cycle interval as an offset from the current
time (in seconds). If a SIG record expires after the
@@ -273,9 +274,11 @@
<term>key</term>
<listitem>
<para>
- The keys used to sign the zone. If no keys are specified, the
- default all zone keys that have private key files in the
- current directory.
+ Specify which keys should be used to sign the zone. If
+ no keys are specified, then the zone will be examined
+ for DNSKEY records at the zone apex. If these are found and
+ there are matching private keys, in the current directory,
+ then these will be used for signing.
</para>
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index 803bb660..100c2b21 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.4.2.14 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.4.2.18 2007/05/09 03:32:21 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-h</code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549515"></a><h2>DESCRIPTION</h2>
+<a name="id2543457"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NXT
and SIG records and produces a signed version of the zone. If there
@@ -45,7 +45,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549534"></a><h2>OPTIONS</h2>
+<a name="id2543476"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -85,7 +85,7 @@
<dd><p>
The name of the output file containing the signed zone. The
default is to append <code class="filename">.signed</code> to the
- input file.
+ input filename.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -95,7 +95,7 @@
<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
<dd>
<p>
- When a previously signed zone is passed as input, records
+ When a previously-signed zone is passed as input, records
may be resigned. The <code class="option">interval</code> option
specifies the cycle interval as an offset from the current
time (in seconds). If a SIG record expires after the
@@ -155,14 +155,16 @@
</p></dd>
<dt><span class="term">key</span></dt>
<dd><p>
- The keys used to sign the zone. If no keys are specified, the
- default all zone keys that have private key files in the
- current directory.
+ Specify which keys should be used to sign the zone. If
+ no keys are specified, then the zone will be examined
+ for DNSKEY records at the zone apex. If these are found and
+ there are matching private keys, in the current directory,
+ then these will be used for signing.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549984"></a><h2>EXAMPLE</h2>
+<a name="id2543858"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
@@ -186,7 +188,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550034"></a><h2>SEE ALSO</h2>
+<a name="id2543908"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
@@ -195,7 +197,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550070"></a><h2>AUTHOR</h2>
+<a name="id2543944"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/named/client.c b/bin/named/client.c
index e2fef584..e91203f5 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.176.2.24 2006/07/22 01:09:04 marka Exp $ */
+/* $Id: client.c,v 1.176.2.28 2007/06/26 04:24:52 marka Exp $ */
#include <config.h>
@@ -1087,7 +1087,7 @@ client_addopt(ns_client_t *client) {
#endif
/*
- * No ENDS options in the default case.
+ * No EDNS options in the default case.
*/
rdata->data = NULL;
rdata->length = 0;
@@ -1284,6 +1284,14 @@ client_request(isc_task_t *task, isc_event_t *event) {
}
/*
+ * Hash the incoming request here as it is after
+ * dns_dispatch_importrecv().
+ */
+ dns_dispatch_hash(&client->now, sizeof(client->now));
+ dns_dispatch_hash(isc_buffer_base(buffer),
+ isc_buffer_usedlength(buffer));
+
+ /*
* It's a request. Parse it.
*/
result = dns_message_parse(client->message, buffer, 0);
@@ -1344,7 +1352,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
}
/*
- * Do we understand this version of ENDS?
+ * Do we understand this version of EDNS?
*
* XXXRTH need library support for this!
*/
@@ -1393,6 +1401,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
"failed to get request's "
"destination: %s",
isc_result_totext(result));
+ ns_client_next(client, ISC_R_SUCCESS);
goto cleanup;
}
} else {
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index ba3b381e..f8d8c800 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: controlconf.c,v 1.28.2.14 2006/03/01 01:34:05 marka Exp $ */
+/* $Id: controlconf.c,v 1.28.2.15 2006/12/07 04:52:57 marka Exp $ */
#include <config.h>
@@ -687,7 +687,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
char *newstr = NULL;
const char *str;
const cfg_obj_t *obj;
- controlkey_t *key = NULL;
+ controlkey_t *key;
for (element = cfg_list_first(keylist);
element != NULL;
@@ -706,7 +706,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
key->secret.length = 0;
ISC_LINK_INIT(key, link);
ISC_LIST_APPEND(*keyids, key, link);
- key = NULL;
newstr = NULL;
}
return (ISC_R_SUCCESS);
@@ -714,8 +713,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
cleanup:
if (newstr != NULL)
isc_mem_free(mctx, newstr);
- if (key != NULL)
- isc_mem_put(mctx, key, sizeof(*key));
free_controlkeylist(keyids, mctx);
return (ISC_R_NOMEMORY);
}
diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c
index 8ba89a21..7f0b043e 100644
--- a/bin/named/lwdgrbn.c
+++ b/bin/named/lwdgrbn.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgrbn.c,v 1.11.2.3 2006/01/04 23:50:16 marka Exp $ */
+/* $Id: lwdgrbn.c,v 1.11.2.4 2006/12/07 04:52:57 marka Exp $ */
#include <config.h>
@@ -183,8 +183,6 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
if (newrdatas != NULL)
isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas));
- if (newlens != NULL)
- isc_mem_put(mctx, newlens, used * sizeof(*oldlens));
return (result);
}
diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
index ad8a9c5c..cd948fcb 100644
--- a/bin/named/lwresd.8
+++ b/bin/named/lwresd.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.13.2.6 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwresd.8,v 1.13.2.10 2007/05/16 06:57:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwresd
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -33,7 +33,7 @@
lwresd \- lightweight resolver daemon
.SH "SYNOPSIS"
.HP 7
-\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
+\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
.SH "DESCRIPTION"
.PP
\fBlwresd\fR
@@ -60,42 +60,79 @@ entries are present, or if forwarding fails,
\fBlwresd\fR
resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
.SH "OPTIONS"
-.TP 3n
+.PP
+\-c \fIconfig\-file\fR
+.RS 4
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/lwresd.conf\fR.
+<term>\-c</term>
+can not be used with
+<term>\-C</term>.
+.RE
+.PP
\-C \fIconfig\-file\fR
+.RS 4
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/resolv.conf\fR.
-.TP 3n
+<term>\-C</term>
+can not be used with
+<term>\-c</term>.
+.RE
+.PP
\-d \fIdebug\-level\fR
+.RS 4
Set the daemon's debug level to
\fIdebug\-level\fR. Debugging traces from
\fBlwresd\fR
become more verbose as the debug level increases.
-.TP 3n
+.RE
+.PP
\-f
+.RS 4
Run the server in the foreground (i.e. do not daemonize).
-.TP 3n
+.RE
+.PP
\-g
+.RS 4
Run the server in the foreground and force all logging to
\fIstderr\fR.
-.TP 3n
+.RE
+.PP
+\-i \fIpid\-file\fR
+.RS 4
+Use
+\fIpid\-file\fR
+as the PID file instead of the default,
+\fI/var/run/lwresd.pid\fR.
+.RE
+.PP
\-n \fI#cpus\fR
+.RS 4
Create
\fI#cpus\fR
worker threads to take advantage of multiple CPUs. If not specified,
\fBlwresd\fR
will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.TP 3n
+.RE
+.PP
\-P \fIport\fR
+.RS 4
Listen for lightweight resolver queries on port
\fIport\fR. If not specified, the default is port 921.
-.TP 3n
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Send DNS lookups to port
\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
-.TP 3n
+.RE
+.PP
\-s
+.RS 4
Write memory usage statistics to
\fIstdout\fR
on exit.
@@ -103,9 +140,11 @@ on exit.
.B "Note:"
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.TP 3n
+.RE
+.PP
\-t \fIdirectory\fR
-\fBchroot()\fR
+.RS 4
+\fBChroot\fR
to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file.
@@ -114,25 +153,34 @@ after processing the command line arguments, but before reading the configuratio
This option should be used in conjunction with the
\fB\-u\fR
option, as chrooting a process running as root doesn't enhance security on most systems; the way
-\fBchroot()\fR
+\fBchroot(2)\fR
is defined allows a process with root privileges to escape a chroot jail.
.RE
-.TP 3n
+.RE
+.PP
\-u \fIuser\fR
-\fBsetuid()\fR
+.RS 4
+\fBSetuid\fR
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Report the version number and exit.
+.RE
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/resolv.conf\fR
+.RS 4
The default configuration file.
-.TP 3n
+.RE
+.PP
\fI/var/run/lwresd.pid\fR
+.RS 4
The default process\-id file.
+.RE
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
@@ -142,4 +190,7 @@ The default process\-id file.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook
index 1494276b..3bdea272 100644
--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.docbook,v 1.6.2.4 2005/05/12 21:35:10 sra Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.6.2.8 2007/05/16 02:07:45 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -52,6 +53,7 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>lwresd</command>
+ <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
<arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
<arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
<arg><option>-f</option></arg>
@@ -108,14 +110,27 @@
<variablelist>
<varlistentry>
+ <term>-c <replaceable class="parameter">config-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/lwresd.conf</filename>.
+ <!-- Should this be an absolute path name? -->
+ <term>-c</term> can not be used with <term>-C</term>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-C <replaceable class="parameter">config-file</replaceable></term>
<listitem>
<para>
- Use <replaceable
- class="parameter">config-file</replaceable> as the
- configuration file instead of the default,
- <filename>/etc/resolv.conf</filename>.
- </para>
+ Use <replaceable class="parameter">config-file</replaceable> as the
+ configuration file instead of the default,
+ <filename>/etc/resolv.conf</filename>.
+ <term>-C</term> can not be used with <term>-c</term>.
+ </para>
</listitem>
</varlistentry>
@@ -127,7 +142,7 @@
class="parameter">debug-level</replaceable>.
Debugging traces from <command>lwresd</command> become
more verbose as the debug level increases.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -136,7 +151,7 @@
<listitem>
<para>
Run the server in the foreground (i.e. do not daemonize).
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -146,11 +161,22 @@
<para>
Run the server in the foreground and force all logging
to <filename>stderr</filename>.
- </para>
+ </para>
</listitem>
</varlistentry>
<varlistentry>
+ <term>-i <replaceable class="parameter">pid-file</replaceable></term>
+ <listitem>
+ <para>
+ Use <replaceable class="parameter">pid-file</replaceable> as the
+ PID file instead of the default,
+ <filename>/var/run/lwresd.pid</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-n <replaceable class="parameter">#cpus</replaceable></term>
<listitem>
<para>
@@ -161,7 +187,7 @@
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -172,7 +198,7 @@
Listen for lightweight resolver queries on port
<replaceable class="parameter">port</replaceable>. If
not specified, the default is port 921.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -186,7 +212,7 @@
way of testing the lightweight resolver daemon with a
name server that listens for queries on a non-standard
port number.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -196,7 +222,7 @@
<para>
Write memory usage statistics to <filename>stdout</filename>
on exit.
- </para>
+ </para>
<note>
<para>
This option is mainly of interest to BIND 9 developers
@@ -210,17 +236,17 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- <function>chroot()</function> to <replaceable
+ <function>Chroot</function> to <replaceable
class="parameter">directory</replaceable> after
processing the command line arguments, but before
reading the configuration file.
- </para>
+ </para>
<warning>
<para>
This option should be used in conjunction with the
<option>-u</option> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <function>chroot()</function> is
+ systems; the way <function>chroot(2)</function> is
defined allows a process with root privileges to
escape a chroot jail.
</para>
@@ -232,11 +258,11 @@
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>
<para>
- <function>setuid()</function> to <replaceable
+ <function>Setuid</function> to <replaceable
class="parameter">user</replaceable> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -245,7 +271,7 @@
<listitem>
<para>
Report the version number and exit.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -263,7 +289,7 @@
<listitem>
<para>
The default configuration file.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -272,7 +298,7 @@
<listitem>
<para>
The default process-id file.
- </para>
+ </para>
</listitem>
</varlistentry>
@@ -286,15 +312,15 @@
<citerefentry>
<refentrytitle>named</refentrytitle>
<manvolnum>8</manvolnum>
- </citerefentry>,
+ </citerefentry>,
<citerefentry>
<refentrytitle>lwres</refentrytitle>
<manvolnum>3</manvolnum>
- </citerefentry>,
+ </citerefentry>,
<citerefentry>
<refentrytitle>resolver</refentrytitle>
<manvolnum>5</manvolnum>
- </citerefentry>.
+ </citerefentry>.
</para>
</refsect1>
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
index ae544a27..40b4cf30 100644
--- a/bin/named/lwresd.html
+++ b/bin/named/lwresd.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,25 +14,25 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.html,v 1.4.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwresd.html,v 1.4.2.17 2007/05/16 06:57:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwresd</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549484"></a><h2>DESCRIPTION</h2>
+<a name="id2543434"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">lwresd</strong></span> is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
@@ -67,29 +67,44 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549533"></a><h2>OPTIONS</h2>
+<a name="id2543483"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/lwresd.conf</code>.
+
+ <font color="red">&lt;term&gt;-c&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-C&lt;/term&gt;</font>.
+ </p></dd>
<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
- Use <em class="replaceable"><code>config-file</code></em> as the
- configuration file instead of the default,
- <code class="filename">/etc/resolv.conf</code>.
- </p></dd>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/resolv.conf</code>.
+ <font color="red">&lt;term&gt;-C&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-c&lt;/term&gt;</font>.
+ </p></dd>
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
Debugging traces from <span><strong class="command">lwresd</strong></span> become
more verbose as the debug level increases.
- </p></dd>
+ </p></dd>
<dt><span class="term">-f</span></dt>
<dd><p>
Run the server in the foreground (i.e. do not daemonize).
- </p></dd>
+ </p></dd>
<dt><span class="term">-g</span></dt>
<dd><p>
Run the server in the foreground and force all logging
to <code class="filename">stderr</code>.
- </p></dd>
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>pid-file</code></em> as the
+ PID file instead of the default,
+ <code class="filename">/var/run/lwresd.pid</code>.
+ </p></dd>
<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
@@ -98,13 +113,13 @@
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
- </p></dd>
+ </p></dd>
<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Listen for lightweight resolver queries on port
<em class="replaceable"><code>port</code></em>. If
not specified, the default is port 921.
- </p></dd>
+ </p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
@@ -112,13 +127,13 @@
way of testing the lightweight resolver daemon with a
name server that listens for queries on a non-standard
port number.
- </p></dd>
+ </p></dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
Write memory usage statistics to <code class="filename">stdout</code>
on exit.
- </p>
+ </p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
@@ -130,17 +145,17 @@
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
- <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after
+ <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after
processing the command line arguments, but before
reading the configuration file.
- </p>
+ </p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option should be used in conjunction with the
<code class="option">-u</code> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <code class="function">chroot()</code> is
+ systems; the way <code class="function">chroot(2)</code> is
defined allows a process with root privileges to
escape a chroot jail.
</p>
@@ -148,31 +163,31 @@
</dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd><p>
- <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing
+ <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
- </p></dd>
+ </p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
Report the version number and exit.
- </p></dd>
+ </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549939"></a><h2>FILES</h2>
+<a name="id2543821"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
The default configuration file.
- </p></dd>
+ </p></dd>
<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
<dd><p>
The default process-id file.
- </p></dd>
+ </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549978"></a><h2>SEE ALSO</h2>
+<a name="id2543861"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
@@ -180,7 +195,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550017"></a><h2>AUTHOR</h2>
+<a name="id2543899"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/named/named.8 b/bin/named/named.8
index c1c87873..88954a16 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.17.2.8 2006/06/29 13:02:06 marka Exp $
+.\" $Id: named.8,v 1.17.2.12 2007/06/20 02:25:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: named
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -44,8 +44,9 @@ When invoked without arguments,
will read the default configuration file
\fI/etc/named.conf\fR, read any initial data, and listen for queries.
.SH "OPTIONS"
-.TP 3n
+.PP
\-c \fIconfig\-file\fR
+.RS 4
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
@@ -54,32 +55,44 @@ as the configuration file instead of the default,
option in the configuration file,
\fIconfig\-file\fR
should be an absolute pathname.
-.TP 3n
+.RE
+.PP
\-d \fIdebug\-level\fR
+.RS 4
Set the daemon's debug level to
\fIdebug\-level\fR. Debugging traces from
\fBnamed\fR
become more verbose as the debug level increases.
-.TP 3n
+.RE
+.PP
\-f
+.RS 4
Run the server in the foreground (i.e. do not daemonize).
-.TP 3n
+.RE
+.PP
\-g
+.RS 4
Run the server in the foreground and force all logging to
\fIstderr\fR.
-.TP 3n
+.RE
+.PP
\-n \fI#cpus\fR
+.RS 4
Create
\fI#cpus\fR
worker threads to take advantage of multiple CPUs. If not specified,
\fBnamed\fR
will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.TP 3n
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Listen for queries on port
\fIport\fR. If not specified, the default is port 53.
-.TP 3n
+.RE
+.PP
\-s
+.RS 4
Write memory usage statistics to
\fIstdout\fR
on exit.
@@ -87,9 +100,11 @@ on exit.
.B "Note:"
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
-.TP 3n
+.RE
+.PP
\-t \fIdirectory\fR
-\fBchroot()\fR
+.RS 4
+\fBChroot\fR
to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file.
@@ -98,12 +113,14 @@ after processing the command line arguments, but before reading the configuratio
This option should be used in conjunction with the
\fB\-u\fR
option, as chrooting a process running as root doesn't enhance security on most systems; the way
-\fBchroot()\fR
+\fBchroot(2)\fR
is defined allows a process with root privileges to escape a chroot jail.
.RE
-.TP 3n
+.RE
+.PP
\-u \fIuser\fR
-\fBsetuid()\fR
+.RS 4
+\fBSetuid\fR
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
@@ -112,19 +129,23 @@ after completing privileged operations, such as creating sockets that listen on
On Linux,
\fBnamed\fR
uses the kernel's capability mechanism to drop all root privileges except the ability to
-\fBbind()\fR
+\fBbind(2)\fR
to a privileged port and set process resource limits. Unfortunately, this means that the
\fB\-u\fR
option only works when
\fBnamed\fR
is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
-\fBsetuid()\fR.
+\fBsetuid(2)\fR.
.RE
-.TP 3n
+.RE
+.PP
\-v
+.RS 4
Report the version number and exit.
-.TP 3n
+.RE
+.PP
\-x \fIcache\-file\fR
+.RS 4
Load data from
\fIcache\-file\fR
into the cache of the default view.
@@ -132,17 +153,22 @@ into the cache of the default view.
.B "Warning:"
This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
.RE
+.RE
.SH "SIGNALS"
.PP
In routine operation, signals should not be used to control the nameserver;
\fBrndc\fR
should be used instead.
-.TP 3n
+.PP
SIGHUP
+.RS 4
Force a reload of the server.
-.TP 3n
+.RE
+.PP
SIGINT, SIGTERM
+.RS 4
Shut down the server.
+.RE
.PP
The result of sending any other signals to the server is undefined.
.SH "CONFIGURATION"
@@ -152,17 +178,23 @@ The
configuration file is too complex to describe in detail here. A complete description is provided in the
BIND 9 Administrator Reference Manual.
.SH "FILES"
-.TP 3n
+.PP
\fI/etc/named.conf\fR
+.RS 4
The default configuration file.
-.TP 3n
+.RE
+.PP
\fI/var/run/named.pid\fR
+.RS 4
The default process\-id file.
+.RE
.SH "SEE ALSO"
.PP
RFC 1033,
RFC 1034,
RFC 1035,
+\fBnamed\-checkconf\fR(8),
+\fBnamed\-checkzone\fR(8),
\fBrndc\fR(8),
\fBlwresd\fR(8),
\fBnamed.conf\fR(5),
@@ -171,4 +203,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 7a867a2c..aec94a4f 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,13 +12,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.6.11 2006/09/13 02:56:02 marka Exp $
+.\" $Id: named.conf.5,v 1.1.6.15 2007/06/20 02:25:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: \fInamed.conf\fR
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Aug 13, 2004
.\" Manual: BIND9
.\" Source: BIND9
@@ -46,14 +46,14 @@ C++ style: // to end of line
Unix style: # to end of line
.SH "ACL"
.sp
-.RS 3n
+.RS 4
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; ... };
.fi
.RE
.SH "KEY"
.sp
-.RS 3n
+.RS 4
.nf
key \fIdomain_name\fR {
algorithm \fIstring\fR;
@@ -63,7 +63,7 @@ key \fIdomain_name\fR {
.RE
.SH "SERVER"
.sp
-.RS 3n
+.RS 4
.nf
server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
bogus \fIboolean\fR;
@@ -83,7 +83,7 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
.RE
.SH "TRUSTED\-KEYS"
.sp
-.RS 3n
+.RS 4
.nf
trusted\-keys {
\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
@@ -92,7 +92,7 @@ trusted\-keys {
.RE
.SH "CONTROLS"
.sp
-.RS 3n
+.RS 4
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
@@ -105,7 +105,7 @@ controls {
.RE
.SH "LOGGING"
.sp
-.RS 3n
+.RS 4
.nf
logging {
channel \fIstring\fR {
@@ -124,7 +124,7 @@ logging {
.RE
.SH "LWRES"
.sp
-.RS 3n
+.RS 4
.nf
lwres {
listen\-on [ port \fIinteger\fR ] {
@@ -138,7 +138,7 @@ lwres {
.RE
.SH "OPTIONS"
.sp
-.RS 3n
+.RS 4
.nf
options {
blackhole { \fIaddress_match_element\fR; ... };
@@ -246,7 +246,7 @@ options {
.RE
.SH "VIEW"
.sp
-.RS 3n
+.RS 4
.nf
view \fIstring\fR \fIoptional_class\fR {
match\-clients { \fIaddress_match_element\fR; ... };
@@ -331,7 +331,7 @@ view \fIstring\fR \fIoptional_class\fR {
.RE
.SH "ZONE"
.sp
-.RS 3n
+.RS 4
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint |
@@ -392,7 +392,9 @@ zone \fIstring\fR \fIoptional_class\fR {
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
\fBrndc\fR(8),
-\fBBIND 9 Administrator Reference Manual\fR().
+BIND 9 Administrator Reference Manual
.SH "COPYRIGHT"
-Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index d365bc4d..1bc8a4d0 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.docbook,v 1.1.6.8 2006/09/13 00:28:07 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.1.6.12 2007/06/19 07:52:23 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -451,20 +452,21 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
</para>
</refsect1>
-<refsect1>
-<title>SEE ALSO</title>
-<para>
-<citerefentry>
-<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-</citerefentry>,
-<citerefentry>
-<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
-</citerefentry>,
-<citerefentry>
-<refentrytitle>BIND 9 Administrator Reference Manual</refentrytitle>
-</citerefentry>.
-</para>
-</refsect1>
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>
+ </para>
+ </refsect1>
</refentry>
<!--
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 37b162ab..1ee06a5b 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.1.6.16 2006/09/13 02:56:02 marka Exp $ -->
+<!-- $Id: named.conf.html,v 1.1.6.21 2007/06/20 02:25:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549388"></a><h2>DESCRIPTION</h2>
+<a name="id2543330"></a><h2>DESCRIPTION</h2>
<p>
<code class="filename">named.conf</code> is the configuration file for
<span><strong class="command">named</strong></span>. Statements are enclosed
@@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549417"></a><h2>ACL</h2>
+<a name="id2543358"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549433"></a><h2>KEY</h2>
+<a name="id2543374"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
@@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549452"></a><h2>SERVER</h2>
+<a name="id2543394"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
@@ -86,7 +86,7 @@ server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="rep
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549510"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2543451"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
@@ -94,7 +94,7 @@ trusted-keys {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549536"></a><h2>CONTROLS</h2>
+<a name="id2543477"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
@@ -106,7 +106,7 @@ controls {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549571"></a><h2>LOGGING</h2>
+<a name="id2543512"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
@@ -124,7 +124,7 @@ logging {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549609"></a><h2>LWRES</h2>
+<a name="id2543550"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
@@ -137,7 +137,7 @@ lwres {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549651"></a><h2>OPTIONS</h2>
+<a name="id2543592"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -252,7 +252,7 @@ options {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550075"></a><h2>VIEW</h2>
+<a name="id2544085"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -349,7 +349,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550548"></a><h2>ZONE</h2>
+<a name="id2544489"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint |<br>
@@ -414,18 +414,19 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550848"></a><h2>FILES</h2>
+<a name="id2544789"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550860"></a><h2>SEE ALSO</h2>
+<a name="id2544802"></a><h2>SEE ALSO</h2>
<p>
-<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
-<span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>.
-</p>
+ <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>
+ </p>
</div>
</div></body>
</html>
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index 19eccef6..3a3486ef 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.docbook,v 1.5.2.6 2006/01/17 23:49:29 marka Exp $ -->
+<!-- $Id: named.docbook,v 1.5.2.10 2007/06/19 07:52:23 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -181,7 +182,7 @@
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
- <function>chroot()</function> to <replaceable
+ <function>Chroot</function> to <replaceable
class="parameter">directory</replaceable> after
processing the command line arguments, but before
reading the configuration file.
@@ -191,7 +192,7 @@
This option should be used in conjunction with the
<option>-u</option> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <function>chroot()</function> is
+ systems; the way <function>chroot(2)</function> is
defined allows a process with root privileges to
escape a chroot jail.
</para>
@@ -203,7 +204,7 @@
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>
<para>
- <function>setuid()</function> to <replaceable
+ <function>Setuid</function> to <replaceable
class="parameter">user</replaceable> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
@@ -212,13 +213,13 @@
<para>
On Linux, <command>named</command> uses the kernel's
capability mechanism to drop all root privileges
- except the ability to <function>bind()</function> to a
+ except the ability to <function>bind(2)</function> to a
privileged port and set process resource limits.
Unfortunately, this means that the <option>-u</option>
option only works when <command>named</command> is run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
- to be retained after <function>setuid()</function>.
+ to be retained after <function>setuid(2)</function>.
</para>
</note>
</listitem>
@@ -335,6 +336,14 @@
<citetitle>RFC 1034</citetitle>,
<citetitle>RFC 1035</citetitle>,
<citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkzone</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>rndc</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>,
diff --git a/bin/named/named.html b/bin/named/named.html
index 1fe72b06..18c37fec 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.html,v 1.4.2.15 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: named.html,v 1.4.2.20 2007/06/20 02:25:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named</span> &#8212; Internet domain name server</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549479"></a><h2>DESCRIPTION</h2>
+<a name="id2543420"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named</strong></span> is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -46,7 +46,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549505"></a><h2>OPTIONS</h2>
+<a name="id2543446"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
@@ -105,7 +105,7 @@
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
- <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after
+ <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after
processing the command line arguments, but before
reading the configuration file.
</p>
@@ -115,7 +115,7 @@
This option should be used in conjunction with the
<code class="option">-u</code> option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way <code class="function">chroot()</code> is
+ systems; the way <code class="function">chroot(2)</code> is
defined allows a process with root privileges to
escape a chroot jail.
</p>
@@ -124,7 +124,7 @@
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
<p>
- <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing
+ <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing
privileged operations, such as creating sockets that
listen on privileged ports.
</p>
@@ -133,13 +133,13 @@
<p>
On Linux, <span><strong class="command">named</strong></span> uses the kernel's
capability mechanism to drop all root privileges
- except the ability to <code class="function">bind()</code> to a
+ except the ability to <code class="function">bind(2)</code> to a
privileged port and set process resource limits.
Unfortunately, this means that the <code class="option">-u</code>
option only works when <span><strong class="command">named</strong></span> is run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
- to be retained after <code class="function">setuid()</code>.
+ to be retained after <code class="function">setuid(2)</code>.
</p>
</div>
</dd>
@@ -165,7 +165,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549949"></a><h2>SIGNALS</h2>
+<a name="id2543754"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -186,7 +186,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549996"></a><h2>CONFIGURATION</h2>
+<a name="id2543801"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is
@@ -195,7 +195,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550013"></a><h2>FILES</h2>
+<a name="id2543818"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -208,11 +208,13 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550053"></a><h2>SEE ALSO</h2>
+<a name="id2543858"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
@@ -220,7 +222,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550105"></a><h2>AUTHOR</h2>
+<a name="id2543929"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/named/query.c b/bin/named/query.c
index 3927d8a5..11ff7323 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.198.2.27 2006/05/18 03:19:09 marka Exp $ */
+/* $Id: query.c,v 1.198.2.30 2007/04/30 23:45:27 tbox Exp $ */
#include <config.h>
@@ -671,7 +671,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options,
ISC_LOG_DEBUG(3),
"%s approved", msg);
}
- } else {
+ } else {
ns_client_aclmsg("query", name,
client->view->rdclass,
msg, sizeof(msg));
@@ -1387,7 +1387,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
* we could raise the priority of glue records.
*/
eresult = query_addadditional(client, name, dns_rdatatype_key);
- } else if (type == dns_rdatatype_srv && trdataset != NULL) {
+ } else if (type == dns_rdatatype_srv && trdataset != NULL) {
/*
* If we're adding SRV records to the additional data
* section, it's helpful if we add the SRV additional data
@@ -3192,6 +3192,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* an error unless we were searching for
* glue. Ugh.
*/
+ if (!is_zone) {
+ authoritative = ISC_FALSE;
+ dns_rdatasetiter_destroy(&rdsiter);
+ if (RECURSIONOK(client)) {
+ result = query_recurse(client,
+ qtype,
+ NULL,
+ NULL);
+ if (result == ISC_R_SUCCESS)
+ client->query.attributes |=
+ NS_QUERYATTR_RECURSING;
+ else
+ QUERY_ERROR(DNS_R_SERVFAIL); }
+ goto addauth;
+ }
/*
* We were searching for SIG records in
* a nonsecure zone. Send a "no error,
@@ -3224,6 +3239,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
sigrdatasetp = &sigrdataset;
else
sigrdatasetp = NULL;
+ /*
+ * BIND 8 priming queries need the additional section.
+ */
+ if (is_zone && qtype == dns_rdatatype_ns &&
+ dns_name_equal(client->query.qname, dns_rootname))
+ client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
+
query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
DNS_SECTION_ANSWER);
/*
@@ -3770,7 +3792,7 @@ synth_finish(ns_client_t *client, isc_result_t result) {
static signed char ascii2hex[256] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1,
-1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
diff --git a/bin/named/server.c b/bin/named/server.c
index 737afbcf..20e7d472 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.339.2.37 2006/03/01 01:34:05 marka Exp $ */
+/* $Id: server.c,v 1.339.2.40 2007/04/03 23:42:54 tbox Exp $ */
#include <config.h>
@@ -239,6 +239,12 @@ configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key,
keystruct.datalen = r.length;
keystruct.data = r.base;
+ if (keystruct.algorithm == DST_ALG_RSAMD5 &&
+ r.length > 1 && r.base[0] == 1 && r.base[1] == 3)
+ cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
+ "trusted key '%s' has a weak exponent",
+ keynamestr);
+
CHECK(dns_rdata_fromstruct(NULL,
keystruct.common.rdclass,
keystruct.common.rdtype,
@@ -3136,7 +3142,8 @@ isc_result_t
ns_server_flushcache(ns_server_t *server, char *args) {
char *ptr, *viewname;
dns_view_t *view;
- isc_boolean_t flushed = ISC_FALSE;
+ isc_boolean_t flushed;
+ isc_boolean_t found;
isc_result_t result;
/* Skip the command name. */
@@ -3149,22 +3156,27 @@ ns_server_flushcache(ns_server_t *server, char *args) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ flushed = ISC_TRUE;
+ found = ISC_FALSE;
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
continue;
+ found = ISC_TRUE;
result = dns_view_flushcache(view);
if (result != ISC_R_SUCCESS)
- goto out;
- flushed = ISC_TRUE;
+ flushed = ISC_FALSE;
}
- if (flushed)
+ if (flushed && found) {
result = ISC_R_SUCCESS;
- else
- result = ISC_R_FAILURE;
- out:
+ } else {
+ if (!found)
+ result = ISC_R_NOTFOUND;
+ else
+ result = ISC_R_FAILURE;
+ }
isc_task_endexclusive(server->task);
return (result);
}
diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8
index 8f686d68..52f8ee87 100644
--- a/bin/nsupdate/nsupdate.8
+++ b/bin/nsupdate/nsupdate.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsupdate.8,v 1.24.2.8 2006/06/29 13:02:06 marka Exp $
+.\" $Id: nsupdate.8,v 1.24.2.12 2007/05/09 03:32:21 marka Exp $
.\"
.hy 0
.ad l
.\" Title: nsupdate
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -55,7 +55,7 @@ operate in debug mode. This provides tracing information about the update reques
.PP
Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845. The signatures rely on a shared secret that should only be known to
\fBnsupdate\fR
-and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable
+and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable
\fBkey\fR
and
\fBserver\fR
@@ -111,8 +111,9 @@ Every update request consists of zero or more prerequisites and zero or more upd
command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
.PP
The command formats and their meaning are as follows:
-.TP 3n
-.HP 7 \fBserver\fR {servername} [port]
+.PP
+\fBserver\fR {servername} [port]
+.RS 4
Sends all dynamic update requests to the name server
\fIservername\fR. When no server statement is provided,
\fBnsupdate\fR
@@ -121,31 +122,39 @@ will send updates to the master server of the correct zone. The MNAME field of t
is the port number on
\fIservername\fR
where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
-.TP 3n
-.HP 6 \fBlocal\fR {address} [port]
+.RE
+.PP
+\fBlocal\fR {address} [port]
+.RS 4
Sends all dynamic update requests using the local
\fIaddress\fR. When no local statement is provided,
\fBnsupdate\fR
will send updates using an address and port chosen by the system.
\fIport\fR
can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
-.TP 3n
-.HP 5 \fBzone\fR {zonename}
+.RE
+.PP
+\fBzone\fR {zonename}
+.RS 4
Specifies that all updates are to be made to the zone
\fIzonename\fR. If no
\fIzone\fR
statement is provided,
\fBnsupdate\fR
will attempt determine the correct zone to update based on the rest of the input.
-.TP 3n
-.HP 6 \fBclass\fR {classname}
+.RE
+.PP
+\fBclass\fR {classname}
+.RS 4
Specify the default class. If no
\fIclass\fR
-is specified the default class is
+is specified, the default class is
\fIIN\fR.
-.TP 3n
-.HP 4 \fBkey\fR {name} {secret}
-Specifies that all updates are to be TSIG signed using the
+.RE
+.PP
+\fBkey\fR {name} {secret}
+.RS 4
+Specifies that all updates are to be TSIG\-signed using the
\fIkeyname\fR
\fIkeysecret\fR
pair. The
@@ -154,17 +163,23 @@ command overrides any key specified on the command line via
\fB\-y\fR
or
\fB\-k\fR.
-.TP 3n
-.HP 16 \fBprereq nxdomain\fR {domain\-name}
+.RE
+.PP
+\fBprereq nxdomain\fR {domain\-name}
+.RS 4
Requires that no resource record of any type exists with name
\fIdomain\-name\fR.
-.TP 3n
-.HP 16 \fBprereq yxdomain\fR {domain\-name}
+.RE
+.PP
+\fBprereq yxdomain\fR {domain\-name}
+.RS 4
Requires that
\fIdomain\-name\fR
exists (has as at least one resource record, of any type).
-.TP 3n
-.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type}
+.RE
+.PP
+\fBprereq nxrrset\fR {domain\-name} [class] {type}
+.RS 4
Requires that no resource record exists of the specified
\fItype\fR,
\fIclass\fR
@@ -172,8 +187,10 @@ and
\fIdomain\-name\fR. If
\fIclass\fR
is omitted, IN (internet) is assumed.
-.TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type}
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type}
+.RS 4
This requires that a resource record of the specified
\fItype\fR,
\fIclass\fR
@@ -182,8 +199,10 @@ and
must exist. If
\fIclass\fR
is omitted, IN (internet) is assumed.
-.TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+.RS 4
The
\fIdata\fR
from each set of prerequisites of this form sharing a common
@@ -196,8 +215,10 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of
\fIdomain\-name\fR. The
\fIdata\fR
are written in the standard text representation of the resource record's RDATA.
-.TP 3n
-.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+.RE
+.PP
+\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+.RS 4
Deletes any resource records named
\fIdomain\-name\fR. If
\fItype\fR
@@ -208,19 +229,26 @@ is provided, only matching resource records will be removed. The internet class
is not supplied. The
\fIttl\fR
is ignored, and is only allowed for compatibility.
-.TP 3n
-.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+.RE
+.PP
+\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+.RS 4
Adds a new resource record with the specified
\fIttl\fR,
\fIclass\fR
and
\fIdata\fR.
-.TP 3n
-.HP 5 \fBshow\fR
+.RE
+.PP
+\fBshow\fR
+.RS 4
Displays the current message, containing all of the prerequisites and updates specified since the last send.
-.TP 3n
-.HP 5 \fBsend\fR
+.RE
+.PP
+\fBsend\fR
+.RS 4
Sends the current message. This is equivalent to entering a blank line.
+.RE
.PP
Lines beginning with a semicolon are comments and are ignored.
.SH "EXAMPLES"
@@ -232,7 +260,7 @@ could be used to insert and delete resource records from the
zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
\fBexample.com\fR.
.sp
-.RS 3n
+.RS 4
.nf
# nsupdate
> update delete oldhost.example.com A
@@ -244,11 +272,11 @@ zone. Notice that the input in each example contains a trailing blank line so th
.PP
Any A records for
\fBoldhost.example.com\fR
-are deleted. and an A record for
+are deleted. And an A record for
\fBnewhost.example.com\fR
-it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds)
+with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds).
.sp
-.RS 3n
+.RS 4
.nf
# nsupdate
> prereq nxdomain nickname.example.com
@@ -261,17 +289,23 @@ it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (8640
The prerequisite condition gets the name server to check that there are no resource records of any type for
\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have SIG, KEY and NXT records.)
.SH "FILES"
-.TP 3n
+.PP
\fB/etc/resolv.conf\fR
+.RS 4
used to identify default name server
-.TP 3n
+.RE
+.PP
\fBK{name}.+157.+{random}.key\fR
+.RS 4
base\-64 encoding of HMAC\-MD5 key created by
\fBdnssec\-keygen\fR(8).
-.TP 3n
+.RE
+.PP
\fBK{name}.+157.+{random}.private\fR
+.RS 4
base\-64 encoding of HMAC\-MD5 key created by
\fBdnssec\-keygen\fR(8).
+.RE
.SH "SEE ALSO"
.PP
\fBRFC2136\fR(),
@@ -286,4 +320,7 @@ base\-64 encoding of HMAC\-MD5 key created by
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 64f64d90..8575eaed 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.103.2.28 2006/06/09 23:50:52 marka Exp $ */
+/* $Id: nsupdate.c,v 1.103.2.31 2007/04/24 23:45:25 tbox Exp $ */
#include <config.h>
@@ -153,6 +153,9 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
static void
ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+static void
+error(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
#define STATUS_MORE (isc_uint16_t)0
#define STATUS_SEND (isc_uint16_t)1
#define STATUS_QUIT (isc_uint16_t)2
@@ -187,6 +190,16 @@ fatal(const char *format, ...) {
}
static void
+error(const char *format, ...) {
+ va_list args;
+
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+}
+
+static void
debug(const char *format, ...) {
va_list args;
@@ -1405,8 +1418,11 @@ user_interaction(void) {
isc_uint16_t result = STATUS_MORE;
ddebug("user_interaction()");
- while ((result == STATUS_MORE) || (result == STATUS_SYNTAX))
+ while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) {
result = get_next_command();
+ if (!interactive && result == STATUS_SYNTAX)
+ fatal("syntax error");
+ }
if (result == STATUS_SEND)
return (ISC_TRUE);
return (ISC_FALSE);
@@ -1640,8 +1656,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
setzoneclass(dns_rdataclass_none);
return;
}
- isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ reqinfo = NULL;
isc_event_free(&event);
reqev = NULL;
@@ -1698,6 +1715,19 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
rcvmsg->rcode != dns_rcode_nxdomain)
fatal("response to SOA query was unsuccessful");
+ if (userzone != NULL && rcvmsg->rcode == dns_rcode_nxdomain) {
+ char namebuf[DNS_NAME_FORMATSIZE];
+ dns_name_format(userzone, namebuf, sizeof(namebuf));
+ error("specified zone '%s' does not exist (NXDOMAIN)",
+ namebuf);
+ dns_message_destroy(&rcvmsg);
+ dns_request_destroy(&request);
+ dns_message_destroy(&soaquery);
+ ddebug("Out of recvsoa");
+ done_update();
+ return;
+ }
+
lookforsoa:
if (pass == 0)
section = DNS_SECTION_ANSWER;
@@ -1852,16 +1882,6 @@ start_update(void) {
ddebug("start_update()");
- result = dns_message_firstname(updatemsg, section);
- if (result == ISC_R_NOMORE) {
- section = DNS_SECTION_PREREQUISITE;
- result = dns_message_firstname(updatemsg, section);
- }
- if (result != ISC_R_SUCCESS) {
- done_update();
- return;
- }
-
if (userzone != NULL && userserver != NULL) {
send_update(userzone, userserver, localaddr);
setzoneclass(dns_rdataclass_none);
@@ -1872,7 +1892,8 @@ start_update(void) {
&soaquery);
check_result(result, "dns_message_create");
- soaquery->flags |= DNS_MESSAGEFLAG_RD;
+ if (userserver == NULL)
+ soaquery->flags |= DNS_MESSAGEFLAG_RD;
result = dns_message_gettempname(soaquery, &name);
check_result(result, "dns_message_gettempname");
@@ -1882,10 +1903,24 @@ start_update(void) {
dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa);
- firstname = NULL;
- dns_message_currentname(updatemsg, section, &firstname);
- dns_name_init(name, NULL);
- dns_name_clone(firstname, name);
+ if (userzone != NULL) {
+ dns_name_init(name, NULL);
+ dns_name_clone(userzone, name);
+ } else {
+ result = dns_message_firstname(updatemsg, section);
+ if (result == ISC_R_NOMORE) {
+ section = DNS_SECTION_PREREQUISITE;
+ result = dns_message_firstname(updatemsg, section);
+ }
+ if (result != ISC_R_SUCCESS) {
+ done_update();
+ return;
+ }
+ firstname = NULL;
+ dns_message_currentname(updatemsg, section, &firstname);
+ dns_name_init(name, NULL);
+ dns_name_clone(firstname, name);
+ }
ISC_LIST_INIT(name->list);
ISC_LIST_APPEND(name->list, rdataset, link);
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
index a3760246..cb65d876 100644
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.docbook,v 1.8.2.9 2005/05/12 21:35:11 sra Exp $ -->
+<!-- $Id: nsupdate.docbook,v 1.8.2.14 2007/05/09 02:11:44 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -34,6 +34,8 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -107,7 +109,7 @@ HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to
ensure they select the appropriate algorithm as well as the key when
authenticating each other.
-For instance suitable
+For instance, suitable
<type>key</type>
and
<type>server</type>
@@ -202,11 +204,9 @@ name server.
The command formats and their meaning are as follows:
<variablelist>
<varlistentry><term>
-<cmdsynopsis>
<command>server</command>
<arg choice="req">servername</arg>
<arg choice="opt">port</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -228,11 +228,9 @@ used.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>local</command>
<arg choice="req">address</arg>
<arg choice="opt">port</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -250,10 +248,8 @@ If no port number is specified, the system will assign one.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>zone</command>
<arg choice="req">zonename</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -269,30 +265,26 @@ will attempt determine the correct zone to update based on the rest of the input
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>class</command>
<arg choice="req">classname</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
Specify the default class.
-If no <parameter>class</parameter> is specified the default class is
+If no <parameter>class</parameter> is specified, the default class is
<parameter>IN</parameter>.
</para>
</listitem>
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>key</command>
<arg choice="req">name</arg>
<arg choice="req">secret</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
-Specifies that all updates are to be TSIG signed using the
+Specifies that all updates are to be TSIG-signed using the
<parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
The <command>key</command> command
overrides any key specified on the command line via
@@ -302,10 +294,8 @@ overrides any key specified on the command line via
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>prereq nxdomain</command>
<arg choice="req">domain-name</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -317,10 +307,8 @@ Requires that no resource record of any type exists with name
<varlistentry><term>
-<cmdsynopsis>
<command>prereq yxdomain</command>
<arg choice="req">domain-name</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -332,12 +320,10 @@ exists (has as at least one resource record, of any type).
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>prereq nxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -355,12 +341,10 @@ is omitted, IN (internet) is assumed.
<varlistentry><term>
-<cmdsynopsis>
<command>prereq yxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -378,13 +362,11 @@ is omitted, IN (internet) is assumed.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>prereq yxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
<arg choice="req" rep="repeat">data</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -412,13 +394,11 @@ RDATA.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>update delete</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">ttl</arg>
<arg choice="opt">class</arg>
<arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -439,14 +419,12 @@ is ignored, and is only allowed for compatibility.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>update add</command>
<arg choice="req">domain-name</arg>
<arg choice="req">ttl</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
<arg choice="req" rep="repeat">data</arg>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -460,9 +438,7 @@ and
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>show</command>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -473,9 +449,7 @@ updates specified since the last send.
</varlistentry>
<varlistentry><term>
-<cmdsynopsis>
<command>send</command>
-</cmdsynopsis>
</term>
<listitem>
<para>
@@ -516,10 +490,10 @@ master name server for
Any A records for
<type>oldhost.example.com</type>
are deleted.
-and an A record for
+And an A record for
<type>newhost.example.com</type>
-it IP address 172.16.1.1 is added.
-The newly-added record has a 1 day TTL (86400 seconds)
+with IP address 172.16.1.1 is added.
+The newly-added record has a 1 day TTL (86400 seconds).
<programlisting>
# nsupdate
> prereq nxdomain nickname.example.com
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 7d5c7b58..e1224a6a 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.html,v 1.9.2.15 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: nsupdate.html,v 1.9.2.20 2007/05/09 03:32:21 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsupdate</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nsupdate &#8212; Dynamic DNS update utility</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549432"></a><h2>DESCRIPTION</h2>
+<a name="id2543377"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
@@ -77,7 +77,7 @@ HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to
ensure they select the appropriate algorithm as well as the key when
authenticating each other.
-For instance suitable
+For instance, suitable
<span class="type">key</span>
and
<span class="type">server</span>
@@ -141,7 +141,7 @@ This may be preferable when a batch of update requests is made.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549633"></a><h2>INPUT FORMAT</h2>
+<a name="id2543509"></a><h2>INPUT FORMAT</h2>
<p>
<span><strong class="command">nsupdate</strong></span>
reads input from
@@ -170,7 +170,9 @@ The command formats and their meaning are as follows:
</p>
<div class="variablelist"><dl>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">server</code> {servername} [port]</p></div>
+<span><strong class="command">server</strong></span>
+ {servername}
+ [port]
</span></dt>
<dd><p>
Sends all dynamic update requests to the name server
@@ -188,7 +190,9 @@ If no port number is specified, the default DNS port number of 53 is
used.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">local</code> {address} [port]</p></div>
+<span><strong class="command">local</strong></span>
+ {address}
+ [port]
</span></dt>
<dd><p>
Sends all dynamic update requests using the local
@@ -202,7 +206,8 @@ can additionally be used to make requests come from a specific port.
If no port number is specified, the system will assign one.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">zone</code> {zonename}</p></div>
+<span><strong class="command">zone</strong></span>
+ {zonename}
</span></dt>
<dd><p>
Specifies that all updates are to be made to the zone
@@ -214,32 +219,37 @@ statement is provided,
will attempt determine the correct zone to update based on the rest of the input.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">class</code> {classname}</p></div>
+<span><strong class="command">class</strong></span>
+ {classname}
</span></dt>
<dd><p>
Specify the default class.
-If no <em class="parameter"><code>class</code></em> is specified the default class is
+If no <em class="parameter"><code>class</code></em> is specified, the default class is
<em class="parameter"><code>IN</code></em>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">key</code> {name} {secret}</p></div>
+<span><strong class="command">key</strong></span>
+ {name}
+ {secret}
</span></dt>
<dd><p>
-Specifies that all updates are to be TSIG signed using the
+Specifies that all updates are to be TSIG-signed using the
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
The <span><strong class="command">key</strong></span> command
overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq nxdomain</code> {domain-name}</p></div>
+<span><strong class="command">prereq nxdomain</strong></span>
+ {domain-name}
</span></dt>
<dd><p>
Requires that no resource record of any type exists with name
<em class="parameter"><code>domain-name</code></em>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq yxdomain</code> {domain-name}</p></div>
+<span><strong class="command">prereq yxdomain</strong></span>
+ {domain-name}
</span></dt>
<dd><p>
Requires that
@@ -247,7 +257,10 @@ Requires that
exists (has as at least one resource record, of any type).
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq nxrrset</code> {domain-name} [class] {type}</p></div>
+<span><strong class="command">prereq nxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
</span></dt>
<dd><p>
Requires that no resource record exists of the specified
@@ -260,7 +273,10 @@ If
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type}</p></div>
+<span><strong class="command">prereq yxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
</span></dt>
<dd><p>
This requires that a resource record of the specified
@@ -274,7 +290,11 @@ If
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type} {data...}</p></div>
+<span><strong class="command">prereq yxrrset</strong></span>
+ {domain-name}
+ [class]
+ {type}
+ {data...}
</span></dt>
<dd><p>
The
@@ -298,7 +318,11 @@ are written in the standard text representation of the resource record's
RDATA.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">update delete</code> {domain-name} [ttl] [class] [type [data...]]</p></div>
+<span><strong class="command">update delete</strong></span>
+ {domain-name}
+ [ttl]
+ [class]
+ [type [data...]]
</span></dt>
<dd><p>
Deletes any resource records named
@@ -315,7 +339,12 @@ is not supplied. The
is ignored, and is only allowed for compatibility.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">update add</code> {domain-name} {ttl} [class] {type} {data...}</p></div>
+<span><strong class="command">update add</strong></span>
+ {domain-name}
+ {ttl}
+ [class]
+ {type}
+ {data...}
</span></dt>
<dd><p>
Adds a new resource record with the specified
@@ -325,14 +354,14 @@ and
<em class="parameter"><code>data</code></em>.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">show</code> </p></div>
+<span><strong class="command">show</strong></span>
</span></dt>
<dd><p>
Displays the current message, containing all of the prerequisites and
updates specified since the last send.
</p></dd>
<dt><span class="term">
-<div class="cmdsynopsis"><p><code class="command">send</code> </p></div>
+<span><strong class="command">send</strong></span>
</span></dt>
<dd><p>
Sends the current message. This is equivalent to entering a blank line.
@@ -345,7 +374,7 @@ Lines beginning with a semicolon are comments and are ignored.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550311"></a><h2>EXAMPLES</h2>
+<a name="id2544142"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -370,10 +399,10 @@ master name server for
Any A records for
<span class="type">oldhost.example.com</span>
are deleted.
-and an A record for
+And an A record for
<span class="type">newhost.example.com</span>
-it IP address 172.16.1.1 is added.
-The newly-added record has a 1 day TTL (86400 seconds)
+with IP address 172.16.1.1 is added.
+The newly-added record has a 1 day TTL (86400 seconds).
</p>
<pre class="programlisting">
# nsupdate
@@ -398,7 +427,7 @@ SIG, KEY and NXT records.)
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550355"></a><h2>FILES</h2>
+<a name="id2544186"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -417,7 +446,7 @@ base-64 encoding of HMAC-MD5 key created by
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2550423"></a><h2>SEE ALSO</h2>
+<a name="id2544323"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
@@ -430,7 +459,7 @@ base-64 encoding of HMAC-MD5 key created by
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550488"></a><h2>BUGS</h2>
+<a name="id2544388"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in
index e0efefd5..0cb920db 100644
--- a/bin/rndc/Makefile.in
+++ b/bin/rndc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.32.2.6 2004/07/20 07:00:12 marka Exp $
+# $Id: Makefile.in,v 1.32.2.8 2007/01/19 00:55:48 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -45,6 +45,8 @@ RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${DNSDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+SRCS= rndc.c rndc-confgen.c
+
SUBDIRS = unix
TARGETS = rndc rndc-confgen
diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8
index 36eb4ae3..7311deaf 100644
--- a/bin/rndc/rndc-confgen.8
+++ b/bin/rndc/rndc-confgen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc-confgen.8,v 1.3.2.12 2006/06/29 13:02:06 marka Exp $
+.\" $Id: rndc-confgen.8,v 1.3.2.14 2007/01/30 00:10:37 marka Exp $
.\"
.hy 0
.ad l
.\" Title: rndc\-confgen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Aug 27, 2001
.\" Manual: BIND9
.\" Source: BIND9
@@ -56,8 +56,9 @@ file and a
\fBcontrols\fR
statement altogether.
.SH "OPTIONS"
-.TP 3n
+.PP
\-a
+.RS 4
Do automatic
\fBrndc\fR
configuration. This creates a file
@@ -88,31 +89,43 @@ to be used as drop\-in replacements for BIND 8 and
\fBndc\fR, with no changes to the existing BIND 8
\fInamed.conf\fR
file.
-.TP 3n
+.RE
+.PP
\-b \fIkeysize\fR
+.RS 4
Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
-.TP 3n
+.RE
+.PP
\-c \fIkeyfile\fR
+.RS 4
Used with the
\fB\-a\fR
option to specify an alternate location for
\fIrndc.key\fR.
-.TP 3n
+.RE
+.PP
\-h
+.RS 4
Prints a short summary of the options and arguments to
\fBrndc\-confgen\fR.
-.TP 3n
+.RE
+.PP
\-k \fIkeyname\fR
+.RS 4
Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
\fBrndc\-key\fR.
-.TP 3n
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Specifies the command channel port where
\fBnamed\fR
listens for connections from
\fBrndc\fR. The default is 953.
-.TP 3n
+.RE
+.PP
\-r \fIrandomfile\fR
+.RS 4
Specifies a source of random data for generating the authorization. If the operating system does not provide a
\fI/dev/random\fR
or equivalent device, the default source of randomness is keyboard input.
@@ -120,14 +133,18 @@ or equivalent device, the default source of randomness is keyboard input.
specifies the name of a character device or file containing random data to be used instead of the default. The special value
\fIkeyboard\fR
indicates that keyboard input should be used.
-.TP 3n
+.RE
+.PP
\-s \fIaddress\fR
+.RS 4
Specifies the IP address where
\fBnamed\fR
listens for command channel connections from
\fBrndc\fR. The default is the loopback address 127.0.0.1.
-.TP 3n
+.RE
+.PP
\-t \fIchrootdir\fR
+.RS 4
Used with the
\fB\-a\fR
option to specify a directory where
@@ -136,8 +153,10 @@ will run chrooted. An additional copy of the
\fIrndc.key\fR
will be written relative to this directory so that it will be found by the chrooted
\fBnamed\fR.
-.TP 3n
+.RE
+.PP
\-u \fIuser\fR
+.RS 4
Used with the
\fB\-a\fR
option to set the owner of the
@@ -145,6 +164,7 @@ option to set the owner of the
file generated. If
\fB\-t\fR
is also specified only the file in the chroot area has its owner changed.
+.RE
.SH "EXAMPLES"
.PP
To allow
@@ -173,4 +193,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001\-2003 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook
index b30f5f66..0b33fb72 100644
--- a/bin/rndc/rndc-confgen.docbook
+++ b/bin/rndc/rndc-confgen.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.docbook,v 1.3.2.5 2005/05/12 21:35:12 sra Exp $ -->
+<!-- $Id: rndc-confgen.docbook,v 1.3.2.7 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html
index cd2def23..46086f71 100644
--- a/bin/rndc/rndc-confgen.html
+++ b/bin/rndc/rndc-confgen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.html,v 1.3.2.18 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: rndc-confgen.html,v 1.3.2.21 2007/01/30 00:10:37 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549479"></a><h2>DESCRIPTION</h2>
+<a name="id2543420"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">rndc-confgen</strong></span> generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@@ -48,7 +48,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549525"></a><h2>OPTIONS</h2>
+<a name="id2543466"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@@ -137,7 +137,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549956"></a><h2>EXAMPLES</h2>
+<a name="id2543761"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@@ -156,7 +156,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550000"></a><h2>SEE ALSO</h2>
+<a name="id2543804"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
@@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550042"></a><h2>AUTHOR</h2>
+<a name="id2543847"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
index 15063aff..87a573af 100644
--- a/bin/rndc/rndc.8
+++ b/bin/rndc/rndc.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.8,v 1.24.2.6 2006/06/29 13:02:06 marka Exp $
+.\" $Id: rndc.8,v 1.24.2.11 2007/06/20 02:25:45 marka Exp $
.\"
.hy 0
.ad l
.\" Title: rndc
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -47,20 +47,22 @@ is invoked with no command line options or arguments, it prints a short summary
communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
\fBrndc\fR
and
-\fBnamed\fR
-named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
+\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
.PP
\fBrndc\fR
reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
.SH "OPTIONS"
-.TP 3n
+.PP
\-c \fIconfig\-file\fR
+.RS 4
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/rndc.conf\fR.
-.TP 3n
+.RE
+.PP
\-k \fIkey\-file\fR
+.RS 4
Use
\fIkey\-file\fR
as the key file instead of the default,
@@ -69,30 +71,41 @@ as the key file instead of the default,
will be used to authenticate commands sent to the server if the
\fIconfig\-file\fR
does not exist.
-.TP 3n
+.RE
+.PP
\-s \fIserver\fR
+.RS 4
\fIserver\fR
is the name or address of the server which matches a server statement in the configuration file for
-\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used.
-.TP 3n
+\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the
+\fBrndc\fR
+configuration file will be used.
+.RE
+.PP
\-p \fIport\fR
+.RS 4
Send commands to TCP port
\fIport\fR
instead of BIND 9's default control channel port, 953.
-.TP 3n
+.RE
+.PP
\-V
+.RS 4
Enable verbose logging.
-.TP 3n
-\-y \fIkeyid\fR
+.RE
+.PP
+\-y \fIkey_id\fR
+.RS 4
Use the key
-\fIkeyid\fR
+\fIkey_id\fR
from the configuration file.
-\fIkeyid\fR
+\fIkey_id\fR
must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no
-\fIkeyid\fR
+\fIkey_id\fR
is specified,
\fBrndc\fR
will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
+.RE
.PP
For the complete set of commands supported by
\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run
@@ -114,11 +127,14 @@ Several error messages could be clearer.
.PP
\fBrndc.conf\fR(5),
\fBnamed\fR(8),
-\fBnamed.conf\fR(5)
+\fBnamed.conf\fR(5),
\fBndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
index 0120fc91..5eb34685 100644
--- a/bin/rndc/rndc.conf.5
+++ b/bin/rndc/rndc.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.conf.5,v 1.21.2.6 2006/06/29 13:02:06 marka Exp $
+.\" $Id: rndc.conf.5,v 1.21.2.9 2007/05/09 03:32:21 marka Exp $
.\"
.hy 0
.ad l
.\" Title: \fIrndc.conf\fR
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -101,7 +101,7 @@ program, also known as
does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
.SH "EXAMPLE"
.sp
-.RS 3n
+.RS 4
.nf
options {
default\-server localhost;
@@ -128,7 +128,7 @@ To generate a random secret with
.PP
A complete
\fIrndc.conf\fR
-file, including the randomly generated key, will be written to the standard output. Commented out
+file, including the randomly generated key, will be written to the standard output. Commented\-out
\fBkey\fR
and
\fBcontrols\fR
@@ -158,4 +158,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook
index 96e3720b..aca6b5bc 100644
--- a/bin/rndc/rndc.conf.docbook
+++ b/bin/rndc/rndc.conf.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.docbook,v 1.4.2.4 2005/05/12 21:35:12 sra Exp $ -->
+<!-- $Id: rndc.conf.docbook,v 1.4.2.7 2007/05/09 02:11:44 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -166,7 +167,7 @@
<para>
A complete <filename>rndc.conf</filename> file, including the
randomly generated key, will be written to the standard
- output. Commented out <option>key</option> and
+ output. Commented-out <option>key</option> and
<option>controls</option> statements for
<filename>named.conf</filename> are also printed.
</para>
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
index 59ca71c3..c2a67e05 100644
--- a/bin/rndc/rndc.conf.html
+++ b/bin/rndc/rndc.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.html,v 1.5.2.14 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: rndc.conf.html,v 1.5.2.18 2007/05/09 03:32:21 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">rndc.conf</code> &#8212; rndc configuration file</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549398"></a><h2>DESCRIPTION</h2>
+<a name="id2543339"></a><h2>DESCRIPTION</h2>
<p>
<code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
@@ -105,7 +105,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549601"></a><h2>EXAMPLE</h2>
+<a name="id2543474"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -139,7 +139,7 @@
<p>
A complete <code class="filename">rndc.conf</code> file, including the
randomly generated key, will be written to the standard
- output. Commented out <code class="option">key</code> and
+ output. Commented-out <code class="option">key</code> and
<code class="option">controls</code> statements for
<code class="filename">named.conf</code> are also printed.
</p>
@@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549730"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2543534"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -161,7 +161,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549750"></a><h2>SEE ALSO</h2>
+<a name="id2543555"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
@@ -170,7 +170,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549793"></a><h2>AUTHOR</h2>
+<a name="id2543597"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index 1e9976aa..c34153d8 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.docbook,v 1.7.2.4 2005/05/12 21:35:12 sra Exp $ -->
+<!-- $Id: rndc.docbook,v 1.7.2.9 2007/06/19 07:52:23 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -77,7 +78,7 @@
<command>rndc</command> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <command>rndc</command> and <command>named</command> named
+ <command>rndc</command> and <command>named</command>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
@@ -124,14 +125,13 @@
<varlistentry>
<term>-s <replaceable class="parameter">server</replaceable></term>
<listitem>
- <para>
- <replaceable class="parameter">server</replaceable> is
- the name or address of the server which matches a
- server statement in the configuration file for
- <command>rndc</command>. If no server is supplied on the
- command line, the host named by the default-server clause
- in the option statement of the configuration file will be
- used.
+ <para><replaceable class="parameter">server</replaceable> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <command>rndc</command>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the options statement of the <command>rndc</command>
+ configuration file will be used.
</para>
</listitem>
</varlistentry>
@@ -157,15 +157,15 @@
</varlistentry>
<varlistentry>
- <term>-y <replaceable class="parameter">keyid</replaceable></term>
+ <term>-y <replaceable class="parameter">key_id</replaceable></term>
<listitem>
<para>
- Use the key <replaceable class="parameter">keyid</replaceable>
+ Use the key <replaceable class="parameter">key_id</replaceable>
from the configuration file.
- <replaceable class="parameter">keyid</replaceable> must be
+ <replaceable class="parameter">key_id</replaceable> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
- If no <replaceable class="parameter">keyid</replaceable>
+ If no <replaceable class="parameter">key_id</replaceable>
is specified, <command>rndc</command> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
@@ -217,7 +217,7 @@
<citerefentry>
<refentrytitle>named.conf</refentrytitle>
<manvolnum>5</manvolnum>
- </citerefentry>
+ </citerefentry>,
<citerefentry>
<refentrytitle>ndc</refentrytitle>
<manvolnum>8</manvolnum>
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index 10673e2d..1817a2d5 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.html,v 1.7.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: rndc.html,v 1.7.2.19 2007/06/20 02:25:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">rndc</span> &#8212; name server control utility</p>
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549451"></a><h2>DESCRIPTION</h2>
+<a name="id2543393"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">rndc</strong></span> controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -46,7 +46,7 @@
<span><strong class="command">rndc</strong></span> communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
+ <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
@@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549492"></a><h2>OPTIONS</h2>
+<a name="id2543433"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
@@ -79,14 +79,13 @@
does not exist.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt>
-<dd><p>
- <em class="replaceable"><code>server</code></em> is
- the name or address of the server which matches a
- server statement in the configuration file for
- <span><strong class="command">rndc</strong></span>. If no server is supplied on the
- command line, the host named by the default-server clause
- in the option statement of the configuration file will be
- used.
+<dd><p><em class="replaceable"><code>server</code></em> is
+ the name or address of the server which matches a
+ server statement in the configuration file for
+ <span><strong class="command">rndc</strong></span>. If no server is supplied on the
+ command line, the host named by the default-server clause
+ in the options statement of the <span><strong class="command">rndc</strong></span>
+ configuration file will be used.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
@@ -98,14 +97,14 @@
<dd><p>
Enable verbose logging.
</p></dd>
-<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
+<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
- Use the key <em class="replaceable"><code>keyid</code></em>
+ Use the key <em class="replaceable"><code>key_id</code></em>
from the configuration file.
- <em class="replaceable"><code>keyid</code></em> must be
+ <em class="replaceable"><code>key_id</code></em> must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
- If no <em class="replaceable"><code>keyid</code></em>
+ If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
@@ -123,7 +122,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549811"></a><h2>LIMITATIONS</h2>
+<a name="id2543619"></a><h2>LIMITATIONS</h2>
<p>
<span><strong class="command">rndc</strong></span> does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@@ -137,17 +136,17 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549840"></a><h2>SEE ALSO</h2>
+<a name="id2543648"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
- <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
+ <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549892"></a><h2>AUTHOR</h2>
+<a name="id2543700"></a><h2>AUTHOR</h2>
<p>
<span class="corpauthor">Internet Systems Consortium</span>
</p>
diff --git a/bin/tests/journalprint.c b/bin/tests/journalprint.c
index 86fcd46c..af3469ff 100644
--- a/bin/tests/journalprint.c
+++ b/bin/tests/journalprint.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: journalprint.c,v 1.3.2.5 2006/08/25 05:25:49 marka Exp $ */
+/* $Id: journalprint.c,v 1.3.2.7 2007/02/27 23:45:21 tbox Exp $ */
#include <config.h>
@@ -33,7 +33,7 @@ main(int argc, char **argv) {
isc_mem_t *mctx = NULL;
if (argc != 2) {
- printf("usage: %s journal", argv[0]);
+ printf("usage: %s journal\n", argv[0]);
return(1);
}
diff --git a/bin/tests/names/dns_name_fromwire_8_data b/bin/tests/names/dns_name_fromwire_8_data
index 744da071..9ddd3f3d 100644
--- a/bin/tests/names/dns_name_fromwire_8_data
+++ b/bin/tests/names/dns_name_fromwire_8_data
@@ -1,5 +1,5 @@
#
-# test data for dns_name_fromwire_8
+# test data for dns_name_fromwire_9
# format:
# <msgfile> <testname_offset> <downcase>
# <dc_method> <exp_name> <exp_result>
@@ -27,4 +27,4 @@
# ISC_R_UNEXPECTEDEND
# DNS_R_TOOMANYHOPS
#
-wire_test8.data 383 1 DNS_COMPRESS_ALL vix.com. DNS_R_TOOMANYHOPS
+wire_test8.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_NOSPACE
diff --git a/bin/tests/names/dns_name_fromwire_9_data b/bin/tests/names/dns_name_fromwire_9_data
deleted file mode 100644
index 47c8a068..00000000
--- a/bin/tests/names/dns_name_fromwire_9_data
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# test data for dns_name_fromwire_9
-# format:
-# <msgfile> <testname_offset> <downcase>
-# <dc_method> <exp_name> <exp_result>
-#
-# where msgfile contains a DNS message in hex form
-#
-# and where testname_offset is the byte offset in this message of
-# the start of a name
-#
-# and where downcase is 1 or 0
-#
-# and where dc_method is one of
-# DNS_COMPRESS_ALL
-# DNS_COMPRESS_GLOBAL14
-# DNS_COMPRESS_NONE
-#
-# and where exp_name is the expected name after any decompression
-# or case conversion
-#
-# and where exp_result may be one of
-# ISC_R_NOSPACE
-# DNS_R_BADLABELTYPE
-# DNS_R_DISALLOWED
-# DNS_R_BADPOINTER
-# ISC_R_UNEXPECTEDEND
-# DNS_R_TOOMANYHOPS
-#
-wire_test9.data 25 1 DNS_COMPRESS_ALL vix.com. ISC_R_NOSPACE
diff --git a/bin/tests/names/t_names.c b/bin/tests/names/t_names.c
index c9f2f15a..d0ae0a9d 100644
--- a/bin/tests/names/t_names.c
+++ b/bin/tests/names/t_names.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: t_names.c,v 1.32.2.5 2006/01/04 23:50:17 marka Exp $ */
+/* $Id: t_names.c,v 1.32.2.6 2006/12/07 13:25:58 marka Exp $ */
#include <config.h>
@@ -2139,10 +2139,6 @@ static const char *a48 =
"returns ISC_R_UNEXPECTEDEND";
static const char *a49 =
- "when there are too many compression pointers, "
- "dns_name_fromwire() returns DNS_R_TOOMANYHOPS";
-
-static const char *a50 =
"when there is not enough space in target, "
"dns_name_fromwire(name, source, dcts, downcase, target) "
"returns ISC_R_NOSPACE";
@@ -2327,11 +2323,8 @@ t_dns_name_fromwire(void) {
t_assert("dns_name_fromwire", 7, T_REQUIRED, a48);
t_dns_name_fromwire_x("dns_name_fromwire_7_data", BUFLEN);
- t_assert("dns_name_fromwire", 8, T_REQUIRED, a49);
- t_dns_name_fromwire_x("dns_name_fromwire_8_data", BUFLEN);
-
- t_assert("dns_name_fromwire", 9, T_REQUIRED, a50);
- t_dns_name_fromwire_x("dns_name_fromwire_9_data", 2);
+ t_assert("dns_name_fromwire", 9, T_REQUIRED, a49);
+ t_dns_name_fromwire_x("dns_name_fromwire_8_data", 2);
}
diff --git a/bin/tests/names/wire_test9.data b/bin/tests/names/wire_test9.data
deleted file mode 100644
index 505134ac..00000000
--- a/bin/tests/names/wire_test9.data
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# a global14 compression pointer
-#
-000a85800001000300000003
-0376697803636f6d0000020001c00c00
-02000100000e10000b05697372763102
-7061c00cc00c0002000100000e100009
-066e732d657874c00cc00c0002000100
-000e10000e036e733104676e61630363
-6f6d00c0250001000100000e100004cc
-98b886c03c0001000100000e100004cc
-98b840c051000100010002a14a0004c6
-97f8f6
diff --git a/bin/tests/system/start.sh b/bin/tests/system/start.sh
index f12ce476..f0ed12b4 100644
--- a/bin/tests/system/start.sh
+++ b/bin/tests/system/start.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2001 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: start.sh,v 1.38.2.1 2004/03/09 06:09:42 marka Exp $
+# $Id: start.sh,v 1.38.2.3 2007/01/18 00:06:02 marka Exp $
. ./conf.sh
$PERL start.pl "$@"
diff --git a/bin/tests/system/stop.sh b/bin/tests/system/stop.sh
index c6318f7b..0fd66049 100644
--- a/bin/tests/system/stop.sh
+++ b/bin/tests/system/stop.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2001 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: stop.sh,v 1.21.2.1 2004/03/09 06:09:43 marka Exp $
+# $Id: stop.sh,v 1.21.2.3 2007/01/18 00:06:02 marka Exp $
. ./conf.sh
$PERL ./stop.pl "$@"
diff --git a/bin/win32/BINDInstall/BINDInstall.dsp b/bin/win32/BINDInstall/BINDInstall.dsp
index 59da2cd4..ed1abbab 100644
--- a/bin/win32/BINDInstall/BINDInstall.dsp
+++ b/bin/win32/BINDInstall/BINDInstall.dsp
@@ -43,11 +43,11 @@ RSC=rc.exe
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /Yu"stdafx.h" /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /Yu"stdafx.h" /FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /c
# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG" /d "_AFXDLL"
+# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
@@ -69,11 +69,11 @@ LINK32=link.exe
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /Yu"stdafx.h" /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /FR /Yu"stdafx.h" /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR /Yu"stdafx.h" /FD /GZ /c
# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG" /d "_AFXDLL"
+# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
diff --git a/bin/win32/BINDInstall/BINDInstall.mak b/bin/win32/BINDInstall/BINDInstall.mak
index 9f105294..330953a0 100644
--- a/bin/win32/BINDInstall/BINDInstall.mak
+++ b/bin/win32/BINDInstall/BINDInstall.mak
@@ -124,7 +124,7 @@ CLEAN :
if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
.c{$(INTDIR)}.obj::
$(CPP) @<<
@@ -159,7 +159,7 @@ CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..
MTL=midl.exe
MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32
RSC=rc.exe
-RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "NDEBUG" /d "_AFXDLL"
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "NDEBUG"
BSC32=bscmake.exe
BSC32_FLAGS=/nologo /o"$(OUTDIR)\BINDInstall.bsc"
BSC32_SBRS= \
@@ -214,7 +214,7 @@ CLEAN :
if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yu"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
.c{$(INTDIR)}.obj::
$(CPP) @<<
@@ -249,7 +249,7 @@ CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include"
MTL=midl.exe
MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32
RSC=rc.exe
-RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "_DEBUG" /d "_AFXDLL"
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\BINDInstall.res" /d "_DEBUG"
BSC32=bscmake.exe
BSC32_FLAGS=/nologo /o"$(OUTDIR)\BINDInstall.bsc"
BSC32_SBRS= \
@@ -345,7 +345,7 @@ SOURCE=.\StdAfx.cpp
!IF "$(CFG)" == "BINDInstall - Win32 Release"
-CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+CPP_SWITCHES=/nologo /MT /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
"$(INTDIR)\StdAfx.obj" "$(INTDIR)\BINDInstall.pch" : $(SOURCE) "$(INTDIR)"
$(CPP) @<<
@@ -355,7 +355,7 @@ CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "..\include" /I "..\..\..\include" /I ".
!ELSEIF "$(CFG)" == "BINDInstall - Win32 Debug"
-CPP_SWITCHES=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_AFXDLL" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
+CPP_SWITCHES=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\include" /I "..\..\..\include" /I "..\..\named\win32\include" /I "..\..\..\lib\isc\win32\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\BINDInstall.pch" /Yc"stdafx.h" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
"$(INTDIR)\StdAfx.obj" "$(INTDIR)\StdAfx.sbr" "$(INTDIR)\BINDInstall.pch" : $(SOURCE) "$(INTDIR)"
$(CPP) @<<
diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp
index cc36f0be..c6fa6b65 100644
--- a/bin/win32/BINDInstall/BINDInstallDlg.cpp
+++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: BINDInstallDlg.cpp,v 1.6.2.17 2006/11/08 02:00:49 marka Exp $ */
+/* $Id: BINDInstallDlg.cpp,v 1.6.2.21 2007/06/27 01:52:19 marka Exp $ */
/*
* Copyright (c) 1999-2000 by Nortel Networks Corporation
@@ -109,23 +109,15 @@ const FileData installFiles[] =
{"msvcrt.dll", FileData::WinSystem, FileData::Critical, TRUE},
# endif
#endif
-#if _MSC_VER >= 1400
- {"mfc80.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"mfc80u.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"mfcm80.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"mfcm80u.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"Microsoft.VC80.MFC.manifest", FileData::BinDir, FileData::Critical, FALSE},
- {"msvcm80.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"msvcp80.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"msvcr80.dll", FileData::BinDir, FileData::Critical, FALSE},
- {"Microsoft.VC80.CRT.manifest", FileData::BinDir, FileData::Critical, FALSE},
-#elif _MSC_VER >= 1310
+#if _MSC_VER < 1400
+#if _MSC_VER >= 1310
{"mfc71.dll", FileData::WinSystem, FileData::Critical, TRUE},
{"msvcr71.dll", FileData::WinSystem, FileData::Critical, TRUE},
-#elif _MSC_VER > 1200
+#elif _MSC_VER > 1200 && _MSC_VER < 1310
{"mfc70.dll", FileData::WinSystem, FileData::Critical, TRUE},
{"msvcr70.dll", FileData::WinSystem, FileData::Critical, TRUE},
#endif
+#endif
{"bindevt.dll", FileData::BinDir, FileData::Normal, FALSE},
{"libisc.dll", FileData::BinDir, FileData::Critical, FALSE},
{"libisccfg.dll", FileData::BinDir, FileData::Critical, FALSE},
@@ -416,6 +408,16 @@ void CBINDInstallDlg::OnInstall()
}
}
+#if _MSC_VER >= 1400
+ /*
+ * Install Visual Studio libraries. As per:
+ * http://blogs.msdn.com/astebner/archive/2006/08/23/715755.aspx
+ *
+ * Vcredist_x86.exe /q:a /c:"msiexec /i vcredist.msi /qn /l*v %temp%\vcredist_x86.log"
+ */
+ /*system(".\\Vcredist_x86.exe /q:a /c:\"msiexec /i vcredist.msi /qn /l*v %temp%\vcredist_x86.log\"");*/
+ system(".\\Vcredist_x86.exe");
+#endif
try
{
CreateDirs();
diff --git a/config.h.in b/config.h.in
index f5d51a06..1185487f 100644
--- a/config.h.in
+++ b/config.h.in
@@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.h.in,v 1.47.2.24 2006/08/10 02:07:08 marka Exp $ */
+/* $Id: config.h.in,v 1.47.2.25 2007/01/08 02:03:17 marka Exp $ */
/***
*** This file is not to be included by any public header files, because
@@ -144,15 +144,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if you cannot bind() before connect() for TCP sockets. */
#undef BROKEN_TCP_BIND_BEFORE_CONNECT
-/* Define if libcrypto has DH_generate_parameters */
-#undef HAVE_DH_GENERATE_PARAMETERS
-
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
-/* Define if libcrypto has DSA_generate_parameters */
-#undef HAVE_DSA_GENERATE_PARAMETERS
-
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
@@ -186,9 +180,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
-/* Define if libcrypto has RSA_generate_key */
-#undef HAVE_RSA_GENERATE_KEY
-
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
diff --git a/configure b/configure
index 024ad0f6..bcede7b5 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.in Revision: 1.294.2.73 .
+# From configure.in Revision: 1.294.2.74 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
@@ -4925,301 +4925,6 @@ fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
- echo "$as_me:$LINENO: checking for DH_generate_parameters" >&5
-echo $ECHO_N "checking for DH_generate_parameters... $ECHO_C" >&6
-if test "${ac_cv_func_DH_generate_parameters+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define DH_generate_parameters to an innocuous variant, in case <limits.h> declares DH_generate_parameters.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define DH_generate_parameters innocuous_DH_generate_parameters
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char DH_generate_parameters (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef DH_generate_parameters
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char DH_generate_parameters ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_DH_generate_parameters) || defined (__stub___DH_generate_parameters)
-choke me
-#else
-char (*f) () = DH_generate_parameters;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != DH_generate_parameters;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_DH_generate_parameters=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_func_DH_generate_parameters=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_DH_generate_parameters" >&5
-echo "${ECHO_T}$ac_cv_func_DH_generate_parameters" >&6
-if test $ac_cv_func_DH_generate_parameters = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DH_GENERATE_PARAMETERS 1
-_ACEOF
-
-fi
-
- echo "$as_me:$LINENO: checking for RSA_generate_key" >&5
-echo $ECHO_N "checking for RSA_generate_key... $ECHO_C" >&6
-if test "${ac_cv_func_RSA_generate_key+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define RSA_generate_key to an innocuous variant, in case <limits.h> declares RSA_generate_key.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define RSA_generate_key innocuous_RSA_generate_key
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char RSA_generate_key (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef RSA_generate_key
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char RSA_generate_key ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_RSA_generate_key) || defined (__stub___RSA_generate_key)
-choke me
-#else
-char (*f) () = RSA_generate_key;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != RSA_generate_key;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_RSA_generate_key=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_func_RSA_generate_key=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_RSA_generate_key" >&5
-echo "${ECHO_T}$ac_cv_func_RSA_generate_key" >&6
-if test $ac_cv_func_RSA_generate_key = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_RSA_GENERATE_KEY 1
-_ACEOF
-
-fi
-
- echo "$as_me:$LINENO: checking for DSA_generate_parameters" >&5
-echo $ECHO_N "checking for DSA_generate_parameters... $ECHO_C" >&6
-if test "${ac_cv_func_DSA_generate_parameters+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define DSA_generate_parameters to an innocuous variant, in case <limits.h> declares DSA_generate_parameters.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define DSA_generate_parameters innocuous_DSA_generate_parameters
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char DSA_generate_parameters (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef DSA_generate_parameters
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char DSA_generate_parameters ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_DSA_generate_parameters) || defined (__stub___DSA_generate_parameters)
-choke me
-#else
-char (*f) () = DSA_generate_parameters;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != DSA_generate_parameters;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_DSA_generate_parameters=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_func_DSA_generate_parameters=no
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_DSA_generate_parameters" >&5
-echo "${ECHO_T}$ac_cv_func_DSA_generate_parameters" >&6
-if test $ac_cv_func_DSA_generate_parameters = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DSA_GENERATE_PARAMETERS 1
-_ACEOF
-
-fi
-
-
# Check whether --enable-openssl-version-check or --disable-openssl-version-check was given.
if test "${enable_openssl_version_check+set}" = set; then
enableval="$enable_openssl_version_check"
@@ -8653,7 +8358,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 8656 "configure"' > conftest.$ac_ext
+ echo '#line 8361 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -9650,7 +9355,7 @@ fi
# Provide some information about the compiler.
-echo "$as_me:9653:" \
+echo "$as_me:9358:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
@@ -10711,11 +10416,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:10714: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10419: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:10718: \$? = $ac_status" >&5
+ echo "$as_me:10423: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -10954,11 +10659,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:10957: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10662: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:10961: \$? = $ac_status" >&5
+ echo "$as_me:10666: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -11014,11 +10719,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11017: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10722: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:11021: \$? = $ac_status" >&5
+ echo "$as_me:10726: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -13199,7 +12904,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13202 "configure"
+#line 12907 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -13297,7 +13002,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13300 "configure"
+#line 13005 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -15494,11 +15199,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15497: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15202: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15501: \$? = $ac_status" >&5
+ echo "$as_me:15206: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -15554,11 +15259,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15557: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15262: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:15561: \$? = $ac_status" >&5
+ echo "$as_me:15266: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -16915,7 +16620,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 16918 "configure"
+#line 16623 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -17013,7 +16718,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 17016 "configure"
+#line 16721 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -17850,11 +17555,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17853: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17558: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:17857: \$? = $ac_status" >&5
+ echo "$as_me:17562: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -17910,11 +17615,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17913: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17618: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:17917: \$? = $ac_status" >&5
+ echo "$as_me:17622: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -19949,11 +19654,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:19952: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:19657: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:19956: \$? = $ac_status" >&5
+ echo "$as_me:19661: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -20192,11 +19897,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:20195: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:19900: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:20199: \$? = $ac_status" >&5
+ echo "$as_me:19904: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -20252,11 +19957,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:20255: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:19960: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:20259: \$? = $ac_status" >&5
+ echo "$as_me:19964: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -22437,7 +22142,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 22440 "configure"
+#line 22145 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -22535,7 +22240,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 22538 "configure"
+#line 22243 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
diff --git a/configure.in b/configure.in
index 90335a55..f8226767 100644
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-AC_REVISION($Revision: 1.294.2.73 $)
+AC_REVISION($Revision: 1.294.2.75 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.13)
@@ -413,16 +413,6 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)],
[AC_MSG_RESULT(assuming it does work on target platform)]
)
- AC_CHECK_FUNC(DH_generate_parameters,
- AC_DEFINE(HAVE_DH_GENERATE_PARAMETERS, 1,
- [Define if libcrypto has DH_generate_parameters]))
- AC_CHECK_FUNC(RSA_generate_key,
- AC_DEFINE(HAVE_RSA_GENERATE_KEY, 1,
- [Define if libcrypto has RSA_generate_key]))
- AC_CHECK_FUNC(DSA_generate_parameters,
- AC_DEFINE(HAVE_DSA_GENERATE_PARAMETERS, 1,
- [Define if libcrypto has DSA_generate_parameters]))
-
AC_ARG_ENABLE(openssl-version-check,
[AC_HELP_STRING([--enable-openssl-version-check],
[Check OpenSSL Version @<:@default=yes@:>@])])
diff --git a/contrib/dbus/dbus_mgr.c b/contrib/dbus/dbus_mgr.c
index 832c0cac..71e1eacd 100644
--- a/contrib/dbus/dbus_mgr.c
+++ b/contrib/dbus/dbus_mgr.c
@@ -4,6 +4,7 @@
* response to D-BUS dhcp events or commands.
*
* Copyright(C) Jason Vas Dias, Red Hat Inc., 2005
+ * Modified by Adam Tkac, Red Hat Inc., 2007
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -281,6 +282,7 @@ static isc_result_t
dbus_mgr_init_dbus(ns_dbus_mgr_t * mgr)
{
char destination[]=DBUSMGR_DESTINATION;
+ isc_result_t result;
if( mgr->sockets != 0L )
{
@@ -296,14 +298,11 @@ dbus_mgr_init_dbus(ns_dbus_mgr_t * mgr)
mgr->dbus = 0L;
}
- mgr->dbus =
- dbus_svc_init
- ( DBUS_PRIVATE_SYSTEM,
- destination,
- dbus_mgr_watch_handler,
- 0L, 0L,
- mgr
- );
+ result = dbus_svc_init(DBUS_PRIVATE_SYSTEM, destination, &mgr->dbus,
+ dbus_mgr_watch_handler, 0L, 0L, mgr);
+
+ if(result != ISC_R_SUCCESS)
+ goto cleanup;
if( mgr->dbus == 0L )
{
diff --git a/contrib/dbus/dbus_service.c b/contrib/dbus/dbus_service.c
index bb9dabaf..0ed903d0 100644
--- a/contrib/dbus/dbus_service.c
+++ b/contrib/dbus/dbus_service.c
@@ -5,6 +5,7 @@
* Provides MINIMAL utilities for construction of D-BUS "Services".
*
* Copyright(C) Jason Vas Dias, Red Hat Inc., 2005
+ * Modified by Adam Tkac, Red Hat Inc., 2007
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -50,6 +51,7 @@ extern void tdestroy (void *__root, __free_fn_t __freefct);
#include <dbus/dbus.h>
#include <named/dbus_service.h>
+#include <isc/result.h>
typedef struct dbcs_s
{
@@ -914,38 +916,39 @@ dbus_svc_quit( DBusConnectionState *cs )
cs->status = SHUTDOWN;
}
-static DBusConnectionState *
+static isc_result_t
connection_setup
-( DBusConnection *connection,
+( DBusConnection *connection,
+ DBUS_SVC *dbus,
dbus_svc_WatchHandler wh,
dbus_svc_ErrorHandler eh,
dbus_svc_ErrorHandler dh,
void *wh_arg
)
{
- DBusConnectionState *cs = dbcs_new( connection );
+ *dbus = dbcs_new( connection );
- if ( cs == 0L )
+ if ( *dbus == 0L )
{
if(eh)(*(eh))("connection_setup: out of memory");
goto fail;
}
- cs->wh = wh;
- cs->wh_arg = wh_arg;
- cs->eh = eh;
- cs->dh = dh;
+ (*dbus)->wh = wh;
+ (*dbus)->wh_arg = wh_arg;
+ (*dbus)->eh = eh;
+ (*dbus)->dh = dh;
if (!dbus_connection_set_watch_functions
- ( cs->connection,
+ ( (*dbus)->connection,
add_watch,
remove_watch,
toggle_watch,
- cs,
+ *dbus,
no_free
)
)
{
- if( cs->eh != 0L ) (*(cs->eh))("connection_setup: dbus_connection_set_watch_functions failed");
+ if( (*dbus)->eh != 0L ) (*((*dbus)->eh))("connection_setup: dbus_connection_set_watch_functions failed");
goto fail;
}
@@ -954,43 +957,44 @@ connection_setup
add_timeout,
remove_timeout,
toggle_timeout,
- cs,
+ *dbus,
no_free
)
)
{
- if( cs->eh != 0L ) (*(cs->eh))("connection_setup: dbus_connection_set_timeout_functions failed");
+ if( (*dbus)->eh != 0L ) (*((*dbus)->eh))("connection_setup: dbus_connection_set_timeout_functions failed");
goto fail;
}
dbus_connection_set_dispatch_status_function
( connection,
dispatch_status,
- cs,
+ *dbus,
no_free
);
if (dbus_connection_get_dispatch_status (connection) != DBUS_DISPATCH_COMPLETE)
dbus_connection_ref(connection);
- return cs;
+ return ISC_R_SUCCESS;
fail:
- if( cs != 0L )
- free(cs);
+ if( *dbus != 0L )
+ free(*dbus);
dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL);
dbus_connection_set_watch_functions (connection, NULL, NULL, NULL, NULL, NULL);
dbus_connection_set_timeout_functions (connection, NULL, NULL, NULL, NULL, NULL);
- return 0L;
+ return ISC_R_FAILURE;
}
-DBusConnectionState *
+isc_result_t
dbus_svc_init
(
dbus_svc_DBUS_TYPE bus,
char *name,
+ DBUS_SVC *dbus,
dbus_svc_WatchHandler wh ,
dbus_svc_ErrorHandler eh ,
dbus_svc_ErrorHandler dh ,
@@ -999,7 +1003,6 @@ dbus_svc_init
{
DBusConnection *connection;
DBusError error;
- DBusConnectionState *cs;
char *session_bus_address=0L;
memset(&error,'\0',sizeof(DBusError));
@@ -1015,7 +1018,7 @@ dbus_svc_init
if ( (connection = dbus_connection_open_private("unix:path=/var/run/dbus/system_bus_socket", &error)) == 0L )
{
if(eh)(*eh)("dbus_svc_init failed: %s %s",error.name, error.message);
- return ( 0L );
+ return ISC_R_FAILURE;
}
if ( ! dbus_bus_register(connection,&error) )
@@ -1023,7 +1026,7 @@ dbus_svc_init
if(eh)(*eh)("dbus_bus_register failed: %s %s", error.name, error.message);
dbus_connection_close(connection);
free(connection);
- return ( 0L );
+ return ISC_R_FAILURE;
}
break;
@@ -1033,13 +1036,13 @@ dbus_svc_init
if ( session_bus_address == 0L )
{
if(eh)(*eh)("dbus_svc_init failed: DBUS_SESSION_BUS_ADDRESS environment variable not set");
- return ( 0L );
+ return ISC_R_FAILURE;
}
if ( (connection = dbus_connection_open_private(session_bus_address, &error)) == 0L )
{
if(eh)(*eh)("dbus_svc_init failed: %s %s",error.name, error.message);
- return ( 0L );
+ return ISC_R_FAILURE;
}
if ( ! dbus_bus_register(connection,&error) )
@@ -1047,7 +1050,7 @@ dbus_svc_init
if(eh)(*eh)("dbus_bus_register failed: %s %s", error.name, error.message);
dbus_connection_close(connection);
free(connection);
- return ( 0L );
+ return ISC_R_FAILURE;
}
break;
@@ -1057,27 +1060,27 @@ dbus_svc_init
if ( (connection = dbus_bus_get (bus, &error)) == 0L )
{
if(eh)(*eh)("dbus_svc_init failed: %s %s",error.name, error.message);
- return ( 0L );
+ return ISC_R_FAILURE;
}
break;
default:
if(eh)(*eh)("dbus_svc_init failed: unknown bus type %d", bus);
- return ( 0L );
+ return ISC_R_FAILURE;
}
dbus_connection_set_exit_on_disconnect(connection, FALSE);
- if ( (cs = connection_setup(connection, wh, eh, dh, wh_arg)) == 0L )
+ if ( (connection_setup(connection, dbus, wh, eh, dh, wh_arg)) != ISC_R_SUCCESS)
{
if(eh)(*eh)("dbus_svc_init failed: connection_setup failed");
- return( 0L );
+ return ISC_R_FAILURE;
}
if( name == 0L )
- return( cs );
+ return ISC_R_SUCCESS;
- cs->unique_name = dbus_bus_get_unique_name(connection);
+ (*dbus)->unique_name = dbus_bus_get_unique_name(connection);
switch
( dbus_bus_request_name
@@ -1102,19 +1105,19 @@ dbus_svc_init
if(eh)(*eh)("dbus_svc_init: dbus_bus_request_name failed: %s %s", error.name, error.message);
goto give_up;
}
- return ( cs );
+ return ISC_R_SUCCESS;
give_up:
dbus_connection_close( connection );
dbus_connection_unref( connection );
- if( cs )
+ if( *dbus )
{
dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL);
dbus_connection_set_watch_functions (connection, NULL, NULL, NULL, NULL, NULL);
dbus_connection_set_timeout_functions (connection, NULL, NULL, NULL, NULL, NULL);
- free(cs);
+ free(*dbus);
}
- return ( 0L );
+ return ISC_R_FAILURE;
}
const char *dbus_svc_unique_name(DBusConnectionState *cs)
diff --git a/contrib/dbus/dbus_service.h b/contrib/dbus/dbus_service.h
index 69e7faca..d8a21f18 100644
--- a/contrib/dbus/dbus_service.h
+++ b/contrib/dbus/dbus_service.h
@@ -3,6 +3,7 @@
* Provides utilities for construction of D-BUS "Services"
*
* Copyright(C) Jason Vas Dias, Red Hat Inc., 2005
+ * Modified by Adam Tkac, Red Hat Inc., 2007
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -22,6 +23,7 @@
#include <stdint.h>
#include <stdarg.h>
+#include <isc/types.h>
typedef struct dbcs_s* DBUS_SVC;
@@ -124,9 +126,10 @@ typedef dbus_svc_HandlerResult
#define SHUTDOWN 255
-extern DBUS_SVC dbus_svc_init
+extern isc_result_t dbus_svc_init
( dbus_svc_DBUS_TYPE bus,
char *name, /* name to register with D-BUS */
+ DBUS_SVC *dbus, /* dbus handle */
dbus_svc_WatchHandler wh, /* optional handler for watch events */
dbus_svc_ErrorHandler eh, /* optional error log message handler */
dbus_svc_ErrorHandler dh, /* optional debug / info log message handler */
diff --git a/contrib/idn/idnkit-1.0-src/patch/bind9/bind-9.2.9-patch b/contrib/idn/idnkit-1.0-src/patch/bind9/bind-9.2.9-patch
new file mode 100644
index 00000000..ca9bc9e4
--- /dev/null
+++ b/contrib/idn/idnkit-1.0-src/patch/bind9/bind-9.2.9-patch
@@ -0,0 +1,1265 @@
+IDN patch for bind-9.2.9
+========================
+
+
+This is a patch file for ISC BIND 9.2.9 to make it work with
+internationalized domain names. With this patch you'll get IDN-aware
+dig/host/nslookup.
+
+To apply this patch, you should go to the top directory of the BIND
+distribution (where you see `README' file), then invoke `patch'
+command like this:
+
+ % patch -p0 < this-file
+
+Then follow the instructions described in `README.idnkit' to compile
+and install.
+
+
+Index: README.idnkit
+--- /dev/null 2007-08-06 14:00:15.000000000 +1000
++++ README.idnkit 2007-08-06 11:54:07.000000000 +1000
+@@ -0,0 +1,113 @@
++
++ BIND-9 IDN patch
++
++ Japan Network Information Center (JPNIC)
++
++
++* What is this patch for?
++
++This patch adds internationalized domain name (IDN) support to BIND-9.
++You'll get internationalized version of dig/host/nslookup commands.
++
++ + internationalized dig/host/nslookup
++ dig/host/nslookup accepts non-ASCII domain names in the local
++ codeset (such as Shift JIS, Big5 or ISO8859-1) determined by
++ the locale information. The domain names are normalized and
++ converted to the encoding on the DNS protocol, and sent to DNS
++ servers. The replies are converted back to the local codeset
++ and displayed.
++
++
++* Compilation & installation
++
++0. Prerequisite
++
++You have to build and install idnkit before building this patched version
++of bind-9.
++
++1. Running configure script
++
++Run `configure' in the top directory. See `README' for the
++configuration options.
++
++This patch adds the following 4 options to `configure'. You should
++at least specify `--with-idn' option to enable IDN support.
++
++ --with-idn[=IDN_PREFIX]
++ To enable IDN support, you have to specify `--with-idn' option.
++ The argument IDN_PREFIX is the install prefix of idnkit. If
++ IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX')
++ is assumed.
++
++ --with-libiconv[=LIBICONV_PREFIX]
++ Specify this option if idnkit you have installed links GNU
++ libiconv. The argument LIBICONV_PREFIX is install prefix of
++ GNU libiconv. If the argument is omitted, PREFIX (derived
++ from `--prefix=PREFIX') is assumed.
++
++ `--with-libiconv' is shorthand option for GNU libiconv.
++
++ --with-libiconv=/usr/local
++
++ This is equivalent to:
++
++ --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv'
++
++ `--with-libiconv' assumes that your C compiler has `-R'
++ option, and that the option adds the specified run-time path
++ to an exacutable binary. If `-R' option of your compiler has
++ different meaning, or your compiler lacks the option, you
++ should use `--with-iconv' option instead. Binary command
++ without run-time path information might be unexecutable.
++ In that case, you would see an error message like:
++
++ error in loading shared libraries: libiconv.so.2: cannot
++ open shared object file
++
++ If both `--with-libiconv' and `--with-iconv' options are
++ specified, `--with-iconv' is prior to `--with-libiconv'.
++
++ --with-iconv=ICONV_LIBSPEC
++ If your libc doens't provide iconv(), you need to specify the
++ library containing iconv() with this option. `ICONV_LIBSPEC'
++ is the argument(s) to `cc' or `ld' to link the library, for
++ example, `--with-iconv="-L/usr/local/lib -liconv"'.
++ You don't need to specify the header file directory for "iconv.h"
++ to the compiler, as it isn't included directly by bind-9 with
++ this patch.
++
++ --with-idnlib=IDN_LIBSPEC
++ With this option, you can explicitly specify the argument(s)
++ to `cc' or `ld' to link the idnkit's library, `libidnkit'. If
++ this option is not specified, `-L${PREFIX}/lib -lidnkit' is
++ assumed, where ${PREFIX} is the installation prefix specified
++ with `--with-idn' option above. You may need to use this
++ option to specify extra argments, for example,
++ `--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
++
++Please consult `README' for other configuration options.
++
++Note that if you want to specify some extra header file directories,
++you should use the environment variable STD_CINCLUDES instead of
++CFLAGS, as described in README.
++
++2. Compilation and installation
++
++After running "configure", just do
++
++ make
++ make install
++
++for compiling and installing.
++
++
++* Contact information
++
++Please see http//www.nic.ad.jp/en/idn/ for the latest news
++about idnkit and this patch.
++
++Bug reports and comments on this kit should be sent to
++mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
++
++
++; $Id: bind-9.2.9-patch,v 1.1.2.2 2007/08/06 04:05:01 marka Exp $
+Index: configure
+===================================================================
+RCS file: /proj/cvs/prod/bind9/configure,v
+retrieving revision 1.284.2.71
+diff -U2 -r1.284.2.71 configure
+--- configure 8 Jan 2007 02:03:17 -0000 1.284.2.71
++++ configure 6 Aug 2007 04:01:56 -0000
+@@ -1,4 +1,4 @@
+ #! /bin/sh
+-# From configure.in Revision: 1.294.2.74 .
++# From configure.in Revision: 1.294.2.75 .
+ # Guess values for system-dependent variables and create Makefiles.
+ # Generated by GNU Autoconf 2.59.
+@@ -466,5 +466,5 @@
+ #endif"
+
+-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH DST_OPENSSL_INC DNS_OPENSSL_LIBS USE_OPENSSL USE_GSSAPI DST_GSSAPI_INC DNS_GSSAPI_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID BUILD_CC BUILD_CFLAGS BUILD_CPPFLAGS BUILD_LDFLAGS BUILD_LIBS ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
++ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS subdirs build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_SOCKADDR_LEN_T ISC_PLATFORM_HAVELONGLONG ISC_PLATFORM_NEEDSYSSELECTH LWRES_PLATFORM_NEEDSYSSELECTH DST_OPENSSL_INC DNS_OPENSSL_LIBS USE_OPENSSL USE_GSSAPI DST_GSSAPI_INC DNS_GSSAPI_LIBS ALWAYS_DEFINES ISC_PLATFORM_USETHREADS ISC_THREAD_DIR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK LIBTOOL_ALLOW_UNDEFINED LIBTOOL_IN_MAIN LIBBIND ISC_PLATFORM_HAVEIPV6 LWRES_PLATFORM_HAVEIPV6 ISC_PLATFORM_NEEDNETINETIN6H LWRES_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H LWRES_PLATFORM_NEEDNETINET6IN6H ISC_PLATFORM_HAVEINADDR6 LWRES_PLATFORM_HAVEINADDR6 ISC_PLATFORM_NEEDIN6ADDRANY LWRES_PLATFORM_NEEDIN6ADDRANY ISC_PLATFORM_NEEDIN6ADDRLOOPBACK LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C LWRES_HAVE_SIN6_SCOPE_ID BUILD_CC BUILD_CFLAGS BUILD_CPPFLAGS BUILD_LDFLAGS BUILD_LIBS ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON ISC_PLATFORM_HAVESALEN LWRES_PLATFORM_HAVESALEN ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_NEEDADDRINFO ISC_LWRES_NEEDRRSETINFO ISC_LWRES_SETHOSTENTINT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_GETNETBYADDRINADDR ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDVSNPRINTF LWRES_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS ISC_PLATFORM_QUADFORMAT LWRES_PLATFORM_QUADFORMAT ISC_PLATFORM_RLIMITTYPE ISC_PLATFORM_USEDECLSPEC LWRES_PLATFORM_USEDECLSPEC ISC_PLATFORM_BRACEPTHREADONCEINIT LATEX PDFLATEX XSLTPROC XMLLINT XSLT_DOCBOOK_STYLE_HTML XSLT_DOCBOOK_STYLE_XHTML XSLT_DOCBOOK_STYLE_MAN XSLT_DOCBOOK_CHUNK_HTML XSLT_DOCBOOK_CHUNK_XHTML XSLT_DB2LATEX_STYLE XSLT_DB2LATEX_ADMONITIONS IDNLIBS BIND9_TOP_BUILDDIR BIND9_ISC_BUILDINCLUDE BIND9_ISCCC_BUILDINCLUDE BIND9_ISCCFG_BUILDINCLUDE BIND9_DNS_BUILDINCLUDE BIND9_LWRES_BUILDINCLUDE BIND9_VERSION LIBOBJS LTLIBOBJS'
+ ac_subst_files='BIND9_INCLUDES BIND9_MAKE_RULES LIBISC_API LIBISCCC_API LIBISCCFG_API LIBDNS_API LIBLWRES_API'
+
+@@ -1050,4 +1050,8 @@
+ include additional configurations [automatic]
+ --with-kame=PATH use Kame IPv6 default path /usr/local/v6
++ --with-idn=MPREFIX enable IDN support using idnkit default PREFIX
++ --with-libiconv=IPREFIX GNU libiconv are in IPREFIX default PREFIX
++ --with-iconv=LIBSPEC specify iconv library default -liconv
++ --with-idnlib=ARG specify libidnkit
+
+ Some influential environment variables:
+@@ -8359,5 +8363,5 @@
+ *-*-irix6*)
+ # Find out which ABI we are using.
+- echo '#line 8361 "configure"' > conftest.$ac_ext
++ echo '#line 8365 "configure"' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+@@ -9356,5 +9360,5 @@
+
+ # Provide some information about the compiler.
+-echo "$as_me:9358:" \
++echo "$as_me:9362:" \
+ "checking for Fortran 77 compiler version" >&5
+ ac_compiler=`set X $ac_compile; echo $2`
+@@ -10417,9 +10421,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:10419: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:10423: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:10423: \$? = $ac_status" >&5
++ echo "$as_me:10427: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -10660,9 +10664,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:10662: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:10666: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:10666: \$? = $ac_status" >&5
++ echo "$as_me:10670: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -10720,9 +10724,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:10722: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:10726: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+- echo "$as_me:10726: \$? = $ac_status" >&5
++ echo "$as_me:10730: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+@@ -12905,5 +12909,5 @@
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 12907 "configure"
++#line 12911 "configure"
+ #include "confdefs.h"
+
+@@ -13003,5 +13007,5 @@
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 13005 "configure"
++#line 13009 "configure"
+ #include "confdefs.h"
+
+@@ -15200,9 +15204,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:15202: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:15206: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:15206: \$? = $ac_status" >&5
++ echo "$as_me:15210: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -15260,9 +15264,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:15262: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:15266: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+- echo "$as_me:15266: \$? = $ac_status" >&5
++ echo "$as_me:15270: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+@@ -16621,5 +16625,5 @@
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 16623 "configure"
++#line 16627 "configure"
+ #include "confdefs.h"
+
+@@ -16719,5 +16723,5 @@
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 16721 "configure"
++#line 16725 "configure"
+ #include "confdefs.h"
+
+@@ -17556,9 +17560,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:17558: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:17562: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:17562: \$? = $ac_status" >&5
++ echo "$as_me:17566: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -17616,9 +17620,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:17618: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:17622: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+- echo "$as_me:17622: \$? = $ac_status" >&5
++ echo "$as_me:17626: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+@@ -19655,9 +19659,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:19657: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:19661: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:19661: \$? = $ac_status" >&5
++ echo "$as_me:19665: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -19898,9 +19902,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:19900: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:19904: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+- echo "$as_me:19904: \$? = $ac_status" >&5
++ echo "$as_me:19908: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+@@ -19958,9 +19962,9 @@
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+- (eval echo "\"\$as_me:19960: $lt_compile\"" >&5)
++ (eval echo "\"\$as_me:19964: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+- echo "$as_me:19964: \$? = $ac_status" >&5
++ echo "$as_me:19968: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+@@ -22143,5 +22147,5 @@
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 22145 "configure"
++#line 22149 "configure"
+ #include "confdefs.h"
+
+@@ -22241,5 +22245,5 @@
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+-#line 22243 "configure"
++#line 22247 "configure"
+ #include "confdefs.h"
+
+@@ -26742,4 +26746,354 @@
+
+ #
++# IDN support
++#
++
++# Check whether --with-idn or --without-idn was given.
++if test "${with_idn+set}" = set; then
++ withval="$with_idn"
++ use_idn="$withval"
++else
++ use_idn="no"
++fi;
++case "$use_idn" in
++yes)
++ if test X$prefix = XNONE ; then
++ idn_path=/usr/local
++ else
++ idn_path=$prefix
++ fi
++ ;;
++no)
++ ;;
++*)
++ idn_path="$use_idn"
++ ;;
++esac
++
++iconvinc=
++iconvlib=
++
++# Check whether --with-libiconv or --without-libiconv was given.
++if test "${with_libiconv+set}" = set; then
++ withval="$with_libiconv"
++ use_libiconv="$withval"
++else
++ use_libiconv="no"
++fi;
++case "$use_libiconv" in
++yes)
++ if test X$prefix = XNONE ; then
++ iconvlib="-L/usr/local/lib -R/usr/local/lib -liconv"
++ else
++ iconvlib="-L$prefix/lib -R$prefix/lib -liconv"
++ fi
++ ;;
++no)
++ iconvlib=
++ ;;
++*)
++ iconvlib="-L$use_libiconv/lib -R$use_libiconv/lib -liconv"
++ ;;
++esac
++
++
++# Check whether --with-iconv or --without-iconv was given.
++if test "${with_iconv+set}" = set; then
++ withval="$with_iconv"
++ iconvlib="$withval"
++fi;
++case "$iconvlib" in
++no)
++ iconvlib=
++ ;;
++yes)
++ iconvlib=-liconv
++ ;;
++esac
++
++
++# Check whether --with-idnlib or --without-idnlib was given.
++if test "${with_idnlib+set}" = set; then
++ withval="$with_idnlib"
++ idnlib="$withval"
++else
++ idnlib="no"
++fi;
++if test "$idnlib" = yes; then
++ { { echo "$as_me:$LINENO: error: You must specify ARG for --with-idnlib." >&5
++echo "$as_me: error: You must specify ARG for --with-idnlib." >&2;}
++ { (exit 1); exit 1; }; }
++fi
++
++IDNLIBS=
++if test "$use_idn" != no; then
++
++cat >>confdefs.h <<\_ACEOF
++#define WITH_IDN 1
++_ACEOF
++
++ STD_CINCLUDES="$STD_CINCLUDES -I$idn_path/include"
++ if test "$idnlib" != no; then
++ IDNLIBS="$idnlib $iconvlib"
++ else
++ IDNLIBS="-L$idn_path/lib -lidnkit $iconvlib"
++ fi
++fi
++
++
++
++for ac_header in locale.h
++do
++as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
++if eval "test \"\${$as_ac_Header+set}\" = set"; then
++ echo "$as_me:$LINENO: checking for $ac_header" >&5
++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
++if eval "test \"\${$as_ac_Header+set}\" = set"; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++fi
++echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
++echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
++else
++ # Is the header compilable?
++echo "$as_me:$LINENO: checking $ac_header usability" >&5
++echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++$ac_includes_default
++#include <$ac_header>
++_ACEOF
++rm -f conftest.$ac_objext
++if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
++ (eval $ac_compile) 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } &&
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; } &&
++ { ac_try='test -s conftest.$ac_objext'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; }; then
++ ac_header_compiler=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ac_header_compiler=no
++fi
++rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
++echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
++echo "${ECHO_T}$ac_header_compiler" >&6
++
++# Is the header present?
++echo "$as_me:$LINENO: checking $ac_header presence" >&5
++echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++#include <$ac_header>
++_ACEOF
++if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
++ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } >/dev/null; then
++ if test -s conftest.err; then
++ ac_cpp_err=$ac_c_preproc_warn_flag
++ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
++ else
++ ac_cpp_err=
++ fi
++else
++ ac_cpp_err=yes
++fi
++if test -z "$ac_cpp_err"; then
++ ac_header_preproc=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ ac_header_preproc=no
++fi
++rm -f conftest.err conftest.$ac_ext
++echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
++echo "${ECHO_T}$ac_header_preproc" >&6
++
++# So? What about this header?
++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
++ yes:no: )
++ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
++echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
++echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
++ ac_header_preproc=yes
++ ;;
++ no:yes:* )
++ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
++echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
++echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
++echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
++echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
++echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
++echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
++ (
++ cat <<\_ASBOX
++## ------------------------------------------ ##
++## Report this to the AC_PACKAGE_NAME lists. ##
++## ------------------------------------------ ##
++_ASBOX
++ ) |
++ sed "s/^/$as_me: WARNING: /" >&2
++ ;;
++esac
++echo "$as_me:$LINENO: checking for $ac_header" >&5
++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
++if eval "test \"\${$as_ac_Header+set}\" = set"; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ eval "$as_ac_Header=\$ac_header_preproc"
++fi
++echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
++echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
++
++fi
++if test `eval echo '${'$as_ac_Header'}'` = yes; then
++ cat >>confdefs.h <<_ACEOF
++#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
++_ACEOF
++
++fi
++
++done
++
++
++for ac_func in setlocale
++do
++as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
++echo "$as_me:$LINENO: checking for $ac_func" >&5
++echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
++if eval "test \"\${$as_ac_var+set}\" = set"; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
++ For example, HP-UX 11i <limits.h> declares gettimeofday. */
++#define $ac_func innocuous_$ac_func
++
++/* System header to define __stub macros and hopefully few prototypes,
++ which can conflict with char $ac_func (); below.
++ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
++ <limits.h> exists even on freestanding compilers. */
++
++#ifdef __STDC__
++# include <limits.h>
++#else
++# include <assert.h>
++#endif
++
++#undef $ac_func
++
++/* Override any gcc2 internal prototype to avoid an error. */
++#ifdef __cplusplus
++extern "C"
++{
++#endif
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char $ac_func ();
++/* The GNU C library defines this for functions which it implements
++ to always fail with ENOSYS. Some functions are actually named
++ something starting with __ and the normal name is an alias. */
++#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
++choke me
++#else
++char (*f) () = $ac_func;
++#endif
++#ifdef __cplusplus
++}
++#endif
++
++int
++main ()
++{
++return f != $ac_func;
++ ;
++ return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext conftest$ac_exeext
++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
++ (eval $ac_link) 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } &&
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; } &&
++ { ac_try='test -s conftest$ac_exeext'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; }; then
++ eval "$as_ac_var=yes"
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++eval "$as_ac_var=no"
++fi
++rm -f conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++fi
++echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
++echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
++if test `eval echo '${'$as_ac_var'}'` = yes; then
++ cat >>confdefs.h <<_ACEOF
++#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
++_ACEOF
++
++fi
++done
++
++
++#
+ # Substitutions
+ #
+@@ -27615,4 +27969,5 @@
+ s,@XSLT_DB2LATEX_STYLE@,$XSLT_DB2LATEX_STYLE,;t t
+ s,@XSLT_DB2LATEX_ADMONITIONS@,$XSLT_DB2LATEX_ADMONITIONS,;t t
++s,@IDNLIBS@,$IDNLIBS,;t t
+ s,@BIND9_TOP_BUILDDIR@,$BIND9_TOP_BUILDDIR,;t t
+ s,@BIND9_ISC_BUILDINCLUDE@,$BIND9_ISC_BUILDINCLUDE,;t t
+Index: configure.in
+===================================================================
+RCS file: /proj/cvs/prod/bind9/configure.in,v
+retrieving revision 1.294.2.75
+diff -U2 -r1.294.2.75 configure.in
+--- configure.in 8 Jan 2007 02:45:02 -0000 1.294.2.75
++++ configure.in 6 Aug 2007 04:01:57 -0000
+@@ -1786,4 +1786,80 @@
+
+ #
++# IDN support
++#
++AC_ARG_WITH(idn,
++ [ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]],
++ use_idn="$withval", use_idn="no")
++case "$use_idn" in
++yes)
++ if test X$prefix = XNONE ; then
++ idn_path=/usr/local
++ else
++ idn_path=$prefix
++ fi
++ ;;
++no)
++ ;;
++*)
++ idn_path="$use_idn"
++ ;;
++esac
++
++iconvinc=
++iconvlib=
++AC_ARG_WITH(libiconv,
++ [ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]],
++ use_libiconv="$withval", use_libiconv="no")
++case "$use_libiconv" in
++yes)
++ if test X$prefix = XNONE ; then
++ iconvlib="-L/usr/local/lib -R/usr/local/lib -liconv"
++ else
++ iconvlib="-L$prefix/lib -R$prefix/lib -liconv"
++ fi
++ ;;
++no)
++ iconvlib=
++ ;;
++*)
++ iconvlib="-L$use_libiconv/lib -R$use_libiconv/lib -liconv"
++ ;;
++esac
++
++AC_ARG_WITH(iconv,
++ [ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]],
++ iconvlib="$withval")
++case "$iconvlib" in
++no)
++ iconvlib=
++ ;;
++yes)
++ iconvlib=-liconv
++ ;;
++esac
++
++AC_ARG_WITH(idnlib,
++ [ --with-idnlib=ARG specify libidnkit],
++ idnlib="$withval", idnlib="no")
++if test "$idnlib" = yes; then
++ AC_MSG_ERROR([You must specify ARG for --with-idnlib.])
++fi
++
++IDNLIBS=
++if test "$use_idn" != no; then
++ AC_DEFINE(WITH_IDN, 1, [define if idnkit support is to be included.])
++ STD_CINCLUDES="$STD_CINCLUDES -I$idn_path/include"
++ if test "$idnlib" != no; then
++ IDNLIBS="$idnlib $iconvlib"
++ else
++ IDNLIBS="-L$idn_path/lib -lidnkit $iconvlib"
++ fi
++fi
++AC_SUBST(IDNLIBS)
++
++AC_CHECK_HEADERS(locale.h)
++AC_CHECK_FUNCS(setlocale)
++
++#
+ # Substitutions
+ #
+Index: config.h.in
+===================================================================
+RCS file: /proj/cvs/prod/bind9/config.h.in,v
+retrieving revision 1.47.2.25
+diff -U2 -r1.47.2.25 config.h.in
+--- config.h.in 8 Jan 2007 02:03:17 -0000 1.47.2.25
++++ config.h.in 6 Aug 2007 04:01:58 -0000
+@@ -17,5 +17,5 @@
+ */
+
+-/* $Id: bind-9.2.9-patch,v 1.1.2.2 2007/08/06 04:05:01 marka Exp $ */
++/* $Id: bind-9.2.9-patch,v 1.1.2.2 2007/08/06 04:05:01 marka Exp $ */
+
+ /***
+@@ -178,7 +178,13 @@
+ #undef HAVE_LINUX_CAPABILITY_H
+
++/* Define to 1 if you have the <locale.h> header file. */
++#undef HAVE_LOCALE_H
++
+ /* Define to 1 if you have the <memory.h> header file. */
+ #undef HAVE_MEMORY_H
+
++/* Define to 1 if you have the `setlocale' function. */
++#undef HAVE_SETLOCALE
++
+ /* Define to 1 if you have the <stdint.h> header file. */
+ #undef HAVE_STDINT_H
+@@ -249,4 +255,7 @@
+ #undef USE_FIONBIO_IOCTL
+
++/* define if idnkit support is to be included. */
++#undef WITH_IDN
++
+ /* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+Index: bin/dig/Makefile.in
+===================================================================
+RCS file: /proj/cvs/prod/bind9/bin/dig/Makefile.in,v
+retrieving revision 1.25.2.4
+diff -U2 -r1.25.2.4 Makefile.in
+--- bin/dig/Makefile.in 18 Aug 2004 23:22:52 -0000 1.25.2.4
++++ bin/dig/Makefile.in 6 Aug 2007 04:01:58 -0000
+@@ -37,5 +37,5 @@
+ DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+-LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
++LIBS = ${DNSLIBS} ${ISCLIBS} @IDNLIBS@ @LIBS@
+
+ SUBDIRS =
+Index: bin/dig/dig.1
+===================================================================
+RCS file: /proj/cvs/prod/bind9/bin/dig/dig.1,v
+retrieving revision 1.14.2.17
+diff -U2 -r1.14.2.17 dig.1
+--- bin/dig/dig.1 16 May 2007 06:57:45 -0000 1.14.2.17
++++ bin/dig/dig.1 6 Aug 2007 04:01:59 -0000
+@@ -445,4 +445,15 @@
+ will not print the initial query when it looks up the NS records for
+ isc.org.
++.SH "IDN SUPPORT"
++.PP
++If
++\fBdig\fR
++has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
++\fBdig\fR
++appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
++\fBIDN_DISABLE\fR
++environment variable. The IDN support is disabled if the the variable is set when
++\fBdig\fR
++runs.
+ .SH "FILES"
+ .PP
+Index: bin/dig/dig.docbook
+===================================================================
+RCS file: /proj/cvs/prod/bind9/bin/dig/dig.docbook,v
+retrieving revision 1.4.2.18
+diff -U2 -r1.4.2.18 dig.docbook
+--- bin/dig/dig.docbook 16 May 2007 02:07:44 -0000 1.4.2.18
++++ bin/dig/dig.docbook 6 Aug 2007 04:01:59 -0000
+@@ -556,4 +556,19 @@
+
+ <refsect1>
++<title>IDN SUPPORT</title>
++<para>
++If <command>dig</command> has been built with IDN (internationalized
++domain name) support, it can accept and display non-ASCII domain names.
++<command>dig</command> appropriately converts character encoding of
++domain name before sending a request to DNS server or displaying a
++reply from the server.
++If you'd like to turn off the IDN support for some reason, defines
++the <envar>IDN_DISABLE</envar> environment variable.
++The IDN support is disabled if the the variable is set when
++<command>dig</command> runs.
++</para>
++</refsect1>
++
++<refsect1>
+ <title>FILES</title>
+ <para>
+Index: bin/dig/dighost.c
+===================================================================
+RCS file: /proj/cvs/prod/bind9/bin/dig/dighost.c,v
+retrieving revision 1.221.2.38
+diff -U2 -r1.221.2.38 dighost.c
+--- bin/dig/dighost.c 24 Apr 2007 07:46:40 -0000 1.221.2.38
++++ bin/dig/dighost.c 6 Aug 2007 04:02:02 -0000
+@@ -33,4 +33,15 @@
+ #include <limits.h>
+
++#ifdef HAVE_LOCALE_H
++#include <locale.h>
++#endif
++
++#ifdef WITH_IDN
++#include <idn/result.h>
++#include <idn/log.h>
++#include <idn/resconf.h>
++#include <idn/api.h>
++#endif
++
+ #include <dns/byaddr.h>
+ #include <dns/fixedname.h>
+@@ -134,4 +145,16 @@
+ dig_lookup_t *current_lookup = NULL;
+
++#ifdef WITH_IDN
++static void initialize_idn(void);
++static isc_result_t output_filter(isc_buffer_t *buffer,
++ unsigned int used_org,
++ isc_boolean_t absolute);
++static idn_result_t append_textname(char *name, const char *origin,
++ size_t namesize);
++static void idn_check_result(idn_result_t r, const char *msg);
++
++#define MAXDLEN 256
++#endif
++
+ /*
+ * Apply and clear locks at the event level in global task.
+@@ -739,4 +762,8 @@
+ }
+
++#ifdef WITH_IDN
++ initialize_idn();
++#endif
++
+ if (keyfile[0] != 0)
+ setup_file_key();
+@@ -1281,4 +1308,12 @@
+ dns_compress_t cctx;
+ char store[MXNAME];
++#ifdef WITH_IDN
++ idn_result_t mr;
++ char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME];
++#endif
++
++#ifdef WITH_IDN
++ dns_name_settotextfilter(output_filter);
++#endif
+
+ REQUIRE(lookup != NULL);
+@@ -1309,4 +1344,15 @@
+ sizeof(lookup->onamespace));
+
++#ifdef WITH_IDN
++ /*
++ * We cannot convert `textname' and `origin' separately.
++ * `textname' doesn't contain TLD, but local mapping needs
++ * TLD.
++ */
++ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
++ utf8_textname, sizeof(utf8_textname));
++ idn_check_result(mr, "convert textname to UTF-8");
++#endif
++
+ /*
+ * If the name has too many dots, force the origin to be NULL
+@@ -1317,4 +1363,14 @@
+ */
+ if (lookup->new_search) {
++#ifdef WITH_IDN
++ if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
++ lookup->origin = NULL; /* Force abs lookup */
++ lookup->done_as_is = ISC_TRUE;
++ lookup->need_search = usesearch;
++ } else if (lookup->origin == NULL && usesearch) {
++ lookup->origin = ISC_LIST_HEAD(search_list);
++ lookup->need_search = ISC_FALSE;
++ }
++#else
+ if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
+ lookup->origin = NULL; /* Force abs lookup */
+@@ -1325,6 +1381,22 @@
+ lookup->need_search = ISC_FALSE;
+ }
++#endif
+ }
+
++#ifdef WITH_IDN
++ if (lookup->origin != NULL) {
++ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP,
++ lookup->origin->origin, utf8_origin,
++ sizeof(utf8_origin));
++ idn_check_result(mr, "convert origin to UTF-8");
++ mr = append_textname(utf8_textname, utf8_origin,
++ sizeof(utf8_textname));
++ idn_check_result(mr, "append origin to textname");
++ }
++ mr = idn_encodename(IDN_LOCALMAP | IDN_NAMEPREP | IDN_ASCCHECK |
++ IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
++ idn_textname, sizeof(idn_textname));
++ idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
++#else
+ if (lookup->origin != NULL) {
+ debug("trying origin %s", lookup->origin->origin);
+@@ -1367,9 +1439,20 @@
+ }
+ dns_message_puttempname(lookup->sendmsg, &lookup->oname);
+- } else {
++ } else
++#endif
++ {
+ debug("using root origin");
+ if (lookup->trace && lookup->trace_root)
+ dns_name_clone(dns_rootname, lookup->name);
+ else {
++#ifdef WITH_IDN
++ len = strlen(idn_textname);
++ isc_buffer_init(&b, idn_textname, len);
++ isc_buffer_add(&b, len);
++ result = dns_name_fromtext(lookup->name, &b,
++ dns_rootname,
++ ISC_FALSE,
++ &lookup->namebuf);
++#else
+ len = strlen(lookup->textname);
+ isc_buffer_init(&b, lookup->textname, len);
+@@ -1379,4 +1462,5 @@
+ ISC_FALSE,
+ &lookup->namebuf);
++#endif
+ }
+ if (result != ISC_R_SUCCESS) {
+@@ -2912,2 +2996,100 @@
+ isc_mem_destroy(&mctx);
+ }
++
++#ifdef WITH_IDN
++static void
++initialize_idn(void) {
++ idn_result_t r;
++
++#ifdef HAVE_SETLOCALE
++ /* Set locale */
++ (void)setlocale(LC_ALL, "");
++#endif
++ /* Create configuration context. */
++ r = idn_nameinit(1);
++ if (r != idn_success)
++ fatal("idn api initialization failed: %s",
++ idn_result_tostring(r));
++
++ /* Set domain name -> text post-conversion filter. */
++ dns_name_settotextfilter(output_filter);
++}
++
++static isc_result_t
++output_filter(isc_buffer_t *buffer, unsigned int used_org,
++ isc_boolean_t absolute)
++{
++ char tmp1[MAXDLEN], tmp2[MAXDLEN];
++ size_t fromlen, tolen;
++ isc_boolean_t end_with_dot;
++
++ /*
++ * Copy contents of 'buffer' to 'tmp1', supply trailing dot
++ * if 'absolute' is true, and terminate with NUL.
++ */
++ fromlen = isc_buffer_usedlength(buffer) - used_org;
++ if (fromlen >= MAXDLEN)
++ return (ISC_R_SUCCESS);
++ memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
++ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
++ if (absolute && !end_with_dot) {
++ fromlen++;
++ if (fromlen >= MAXDLEN)
++ return (ISC_R_SUCCESS);
++ tmp1[fromlen - 1] = '.';
++ }
++ tmp1[fromlen] = '\0';
++
++ /*
++ * Convert contents of 'tmp1' to local encoding.
++ */
++ if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success)
++ return (ISC_R_SUCCESS);
++ strcpy(tmp1, tmp2);
++
++ /*
++ * Copy the converted contents in 'tmp1' back to 'buffer'.
++ * If we have appended trailing dot, remove it.
++ */
++ tolen = strlen(tmp1);
++ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
++ tolen--;
++
++ if (isc_buffer_length(buffer) < used_org + tolen)
++ return (ISC_R_NOSPACE);
++
++ isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org);
++ memcpy(isc_buffer_used(buffer), tmp1, tolen);
++ isc_buffer_add(buffer, tolen);
++
++ return (ISC_R_SUCCESS);
++}
++
++static idn_result_t
++append_textname(char *name, const char *origin, size_t namesize) {
++ size_t namelen = strlen(name);
++ size_t originlen = strlen(origin);
++
++ /* Already absolute? */
++ if (namelen > 0 && name[namelen - 1] == '.')
++ return idn_success;
++
++ /* Append dot and origin */
++
++ if (namelen + 1 + originlen >= namesize)
++ return idn_buffer_overflow;
++
++ name[namelen++] = '.';
++ (void)strcpy(name + namelen, origin);
++ return idn_success;
++}
++
++static void
++idn_check_result(idn_result_t r, const char *msg) {
++ if (r != idn_success) {
++ exitcode = 1;
++ fatal("%s: %s", msg, idn_result_tostring(r));
++ }
++}
++
++#endif /* WITH_IDN */
+Index: bin/dig/host.1
+===================================================================
+RCS file: /proj/cvs/prod/bind9/bin/dig/host.1,v
+retrieving revision 1.11.2.9
+diff -U2 -r1.11.2.9 host.1
+--- bin/dig/host.1 9 May 2007 03:32:21 -0000 1.11.2.9
++++ bin/dig/host.1 6 Aug 2007 04:02:02 -0000
+@@ -168,4 +168,15 @@
+ \fBhost\fR
+ will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
++.SH "IDN SUPPORT"
++.PP
++If
++\fBhost\fR
++has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
++\fBhost\fR
++appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
++\fBIDN_DISABLE\fR
++environment variable. The IDN support is disabled if the the variable is set when
++\fBhost\fR
++runs.
+ .SH "FILES"
+ .PP
+Index: bin/dig/host.docbook
+===================================================================
+RCS file: /proj/cvs/prod/bind9/bin/dig/host.docbook,v
+retrieving revision 1.2.2.8
+diff -U2 -r1.2.2.8 host.docbook
+--- bin/dig/host.docbook 9 May 2007 02:11:44 -0000 1.2.2.8
++++ bin/dig/host.docbook 6 Aug 2007 04:02:03 -0000
+@@ -200,4 +200,19 @@
+
+ <refsect1>
++<title>IDN SUPPORT</title>
++<para>
++If <command>host</command> has been built with IDN (internationalized
++domain name) support, it can accept and display non-ASCII domain names.
++<command>host</command> appropriately converts character encoding of
++domain name before sending a request to DNS server or displaying a
++reply from the server.
++If you'd like to turn off the IDN support for some reason, defines
++the <envar>IDN_DISABLE</envar> environment variable.
++The IDN support is disabled if the the variable is set when
++<command>host</command> runs.
++</para>
++</refsect1>
++
++<refsect1>
+ <title>FILES</title>
+ <para>
+Index: lib/dns/name.c
+===================================================================
+RCS file: /proj/cvs/prod/bind9/lib/dns/name.c,v
+retrieving revision 1.127.2.15
+diff -U2 -r1.127.2.15 name.c
+--- lib/dns/name.c 7 Dec 2006 07:02:47 -0000 1.127.2.15
++++ lib/dns/name.c 6 Aug 2007 04:02:05 -0000
+@@ -199,4 +199,11 @@
+ dns_fullname_hash(dns_name_t *name, isc_boolean_t case_sensitive);
+
++#ifdef WITH_IDN
++/*
++ * dns_name_t to text post-conversion procedure.
++ */
++static dns_name_totextfilter_t totext_filter_proc = NULL;
++#endif
++
+ static void
+ set_offsets(const dns_name_t *name, unsigned char *offsets,
+@@ -1715,4 +1722,7 @@
+ isc_boolean_t saw_root = ISC_FALSE;
+ char num[4];
++#ifdef WITH_IDN
++ unsigned int oused = target->used;
++#endif
+
+ /*
+@@ -1895,4 +1905,8 @@
+ isc_buffer_add(target, tlen - trem);
+
++#ifdef WITH_IDN
++ if (totext_filter_proc != NULL)
++ return ((*totext_filter_proc)(target, oused, saw_root));
++#endif
+ return (ISC_R_SUCCESS);
+ }
+@@ -3361,2 +3375,8 @@
+ }
+
++#ifdef WITH_IDN
++void
++dns_name_settotextfilter(dns_name_totextfilter_t proc) {
++ totext_filter_proc = proc;
++}
++#endif
+Index: lib/dns/include/dns/name.h
+===================================================================
+RCS file: /proj/cvs/prod/bind9/lib/dns/include/dns/name.h,v
+retrieving revision 1.95.2.11
+diff -U2 -r1.95.2.11 name.h
+--- lib/dns/include/dns/name.h 2 Mar 2006 00:37:17 -0000 1.95.2.11
++++ lib/dns/include/dns/name.h 6 Aug 2007 04:02:06 -0000
+@@ -220,4 +220,15 @@
+ #define DNS_NAME_MAXWIRE 255
+
++#ifdef WITH_IDN
++/*
++ * Text output filter procedure.
++ * 'target' is the buffer to be converted. The region to be converted
++ * is from 'buffer'->base + 'used_org' to the end of the used region.
++ */
++typedef isc_result_t (*dns_name_totextfilter_t)(isc_buffer_t *target,
++ unsigned int used_org,
++ isc_boolean_t absolute);
++#endif
++
+ /***
+ *** Initialization
+@@ -1266,4 +1277,12 @@
+ */
+
++#ifdef WITH_IDN
++void
++dns_name_settotextfilter(dns_name_totextfilter_t proc);
++/*
++ * Call 'proc' at the end of dns_name_totext.
++ */
++#endif /* WITH_IDN */
++
+ #define DNS_NAME_FORMATSIZE (DNS_NAME_MAXTEXT + 1)
+ /*
diff --git a/contrib/sdb/sqlite/README.sdb_sqlite b/contrib/sdb/sqlite/README.sdb_sqlite
new file mode 100644
index 00000000..36128e19
--- /dev/null
+++ b/contrib/sdb/sqlite/README.sdb_sqlite
@@ -0,0 +1,67 @@
+ SQLite BIND SDB driver
+
+The SQLite BIND SDB "driver" is intended as an alternative both to the
+pgsqldb and dirdb drivers, for situations that would like the management
+simplicity and convenience of single filesystem files, with the additional
+capability of SQL databases. It is also intended as an alternative to
+the standard dynamic DNS update capability in bind, which effectively
+requires use of DNSSEC keys for authorization and is limited to 'nsupdate'
+for updates. An sqlite database, by contrast, uses and requires only
+normal filesystem permissions, and may be updated however a typical SQLite
+database might be updated, e.g., via a web service with an SQLite backend.
+
+This driver is not considered suitable for very high volume public
+nameserver use, while likely useful for smaller private nameserver
+applications, whether or not in a production environment. It should
+generally be suitable wherever SQLite is preferable over larger database
+engines, and not suitable where SQLite is not preferable.
+
+Usage:
+
+o Use the named_sdb process ( put ENABLE_SDB=yes in /etc/sysconfig/named )
+
+o Edit your named.conf to contain a database zone, eg.:
+
+zone "mydomain.net." IN {
+ type master;
+ database "sqlite /etc/named.d/mydomain.db mydomain";
+ # ^- DB file ^-Table
+};
+
+o Create the database zone table
+ The table must contain the columns "name", "rdtype", and "rdata", and
+ is expected to contain a properly constructed zone. The program
+ "zone2sqlite" creates such a table.
+
+ zone2sqlite usage:
+
+ zone2sqlite origin zonefile dbfile dbtable
+
+ where
+ origin : zone origin, eg "mydomain.net."
+ zonefile : master zone database file, eg. mydomain.net.zone
+ dbfile : name of SQLite database file
+ dbtable : name of table in database
+
+---
+# mydomain.net.zone:
+$TTL 1H
+@ SOA localhost. root.localhost. ( 1
+ 3H
+ 1H
+ 1W
+ 1H )
+ NS localhost.
+host1 A 192.168.2.1
+host2 A 192.168.2.2
+host3 A 192.168.2.3
+host4 A 192.168.2.4
+host5 A 192.168.2.5
+host6 A 192.168.2.6
+host7 A 192.168.2.7
+---
+
+# zone2sqlite mydomain.net. mydomain.net.zone mydomain.net.db mydomain
+
+will create/update the 'mydomain' table in database file 'mydomain.net.db'.
+
diff --git a/contrib/sdb/sqlite/sqlitedb.c b/contrib/sdb/sqlite/sqlitedb.c
new file mode 100644
index 00000000..9eb06e74
--- /dev/null
+++ b/contrib/sdb/sqlite/sqlitedb.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright (C) 2007 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sqlitedb.c,v 1.1.4.1 2007/03/05 05:36:58 marka Exp $ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <sqlite3.h>
+
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/util.h>
+
+#include <dns/sdb.h>
+#include <dns/result.h>
+
+#include <named/globals.h>
+
+#include "sqlitedb.h"
+
+/*
+ * A simple database driver that interfaces to a SQLite database.
+ *
+ * The table must contain the fields "name", "rdtype", and "rdata", and
+ * is expected to contain a properly constructed zone. The program "zonetodb"
+ * creates such a table.
+ */
+
+static dns_sdbimplementation_t *sqlitedb = NULL;
+
+typedef struct _dbinfo {
+ sqlite3 *db;
+ char *filename;
+ char *table;
+} dbinfo_t;
+
+
+static isc_result_t
+db_connect(dbinfo_t *dbi)
+{
+ if (sqlite3_open(dbi->filename, &dbi->db) == SQLITE_OK) {
+ return (ISC_R_SUCCESS);
+ } else {
+ /* a connection is returned even if the open fails */
+ sqlite3_close(dbi->db);
+ dbi->db = NULL;
+ return (ISC_R_FAILURE);
+ }
+}
+
+
+typedef struct _lookup_parm_t {
+ int i;
+ dns_sdblookup_t *lookup;
+ isc_result_t result;
+} lookup_parm_t;
+
+
+static int
+sqlitedb_lookup_cb(void *p, int cc, char **cv, char **cn)
+{
+ lookup_parm_t *parm = p;
+ dns_ttl_t ttl;
+ char *endp;
+
+ /* FIXME - check these(num/names); I'm assuming a mapping for now */
+ char *ttlstr = cv[0];
+ char *type = cv[1];
+ char *data = cv[2];
+
+ UNUSED(cc);
+ UNUSED(cn);
+
+ ttl = strtol(ttlstr, &endp, 10);
+ if (*endp) {
+ parm->result = DNS_R_BADTTL;
+ return 1;
+ }
+
+ parm->result = dns_sdb_putrr(parm->lookup, type, ttl, data);
+
+ if (parm->result != ISC_R_SUCCESS)
+ return 1;
+
+ (parm->i)++;
+
+ return 0;
+}
+
+
+static isc_result_t
+sqlitedb_lookup(const char *zone,
+ const char *name, void *dbdata,
+ dns_sdblookup_t *lookup)
+/*
+ * synchronous absolute name lookup
+ */
+{
+ dbinfo_t *dbi = (dbinfo_t *) dbdata;
+ char *sql;
+ lookup_parm_t parm = { 0, lookup, ISC_R_SUCCESS };
+ char *errmsg = NULL;
+ int result;
+
+ UNUSED(zone);
+
+ sql = sqlite3_mprintf(
+ "SELECT TTL,RDTYPE,RDATA FROM \"%q\" WHERE "
+ "lower(NAME) = lower('%q')",
+ dbi->table, name);
+
+ result = sqlite3_exec(dbi->db, sql,
+ &sqlitedb_lookup_cb, &parm,
+ &errmsg);
+ sqlite3_free(sql);
+
+ if (result != SQLITE_OK)
+ return (ISC_R_FAILURE);
+ if (parm.i == 0)
+ return (ISC_R_NOTFOUND);
+
+ return (ISC_R_SUCCESS);
+}
+
+
+typedef struct _allnodes_parm_t {
+ int i;
+ dns_sdballnodes_t *allnodes;
+ isc_result_t result;
+} allnodes_parm_t;
+
+
+static int
+sqlitedb_allnodes_cb(void *p, int cc, char **cv, char **cn)
+{
+ allnodes_parm_t *parm = p;
+ dns_ttl_t ttl;
+ char *endp;
+
+ /* FIXME - check these(num/names); I'm assuming a mapping for now */
+ char *ttlstr = cv[0];
+ char *name = cv[1];
+ char *type = cv[2];
+ char *data = cv[3];
+
+ UNUSED(cc);
+ UNUSED(cn);
+
+ ttl = strtol(ttlstr, &endp, 10);
+ if (*endp) {
+ parm->result = DNS_R_BADTTL;
+ return 1;
+ }
+
+ parm->result = dns_sdb_putnamedrr(parm->allnodes, name, type, ttl, data);
+
+ if (parm->result != ISC_R_SUCCESS)
+ return 1;
+
+ (parm->i)++;
+
+ return 0;
+}
+
+
+static isc_result_t
+sqlitedb_allnodes(const char *zone,
+ void *dbdata,
+ dns_sdballnodes_t *allnodes)
+{
+ dbinfo_t *dbi = (dbinfo_t *) dbdata;
+ char *sql;
+ allnodes_parm_t parm = { 0, allnodes, ISC_R_SUCCESS };
+ char *errmsg = NULL;
+ int result;
+
+ UNUSED(zone);
+
+ sql = sqlite3_mprintf(
+ "SELECT TTL,NAME,RDTYPE,RDATA FROM \"%q\" ORDER BY NAME",
+ dbi->table);
+
+ result = sqlite3_exec(dbi->db, sql,
+ &sqlitedb_allnodes_cb, &parm,
+ &errmsg);
+ sqlite3_free(sql);
+
+ if (result != SQLITE_OK)
+ return (ISC_R_FAILURE);
+ if (parm.i == 0)
+ return (ISC_R_NOTFOUND);
+
+ return (ISC_R_SUCCESS);
+}
+
+
+static void
+sqlitedb_destroy(const char *zone, void *driverdata, void **dbdata)
+{
+ dbinfo_t *dbi = *dbdata;
+
+ UNUSED(zone);
+ UNUSED(driverdata);
+
+ if (dbi->db != NULL)
+ sqlite3_close(dbi->db);
+ if (dbi->table != NULL)
+ isc_mem_free(ns_g_mctx, dbi->table);
+ if (dbi->filename != NULL)
+ isc_mem_free(ns_g_mctx, dbi->filename);
+
+ isc_mem_put(ns_g_mctx, dbi, sizeof(dbinfo_t));
+}
+
+
+#define STRDUP_OR_FAIL(target, source) \
+ do { \
+ target = isc_mem_strdup(ns_g_mctx, source); \
+ if (target == NULL) { \
+ result = ISC_R_NOMEMORY; \
+ goto cleanup; \
+ } \
+ } while (0);
+
+/*
+ * Create a connection to the database and save any necessary information
+ * in dbdata.
+ *
+ * argv[0] is the name of the database file
+ * argv[1] is the name of the table
+ */
+static isc_result_t
+sqlitedb_create(const char *zone,
+ int argc, char **argv,
+ void *driverdata, void **dbdata)
+{
+ dbinfo_t *dbi;
+ isc_result_t result;
+
+ UNUSED(zone);
+ UNUSED(driverdata);
+
+ if (argc < 2)
+ return (ISC_R_FAILURE);
+
+ dbi = isc_mem_get(ns_g_mctx, sizeof(dbinfo_t));
+ if (dbi == NULL)
+ return (ISC_R_NOMEMORY);
+ dbi->db = NULL;
+ dbi->filename = NULL;
+ dbi->table = NULL;
+
+ STRDUP_OR_FAIL(dbi->filename, argv[0]);
+ STRDUP_OR_FAIL(dbi->table, argv[1]);
+
+ result = db_connect(dbi);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ *dbdata = dbi;
+ return (ISC_R_SUCCESS);
+
+cleanup:
+ sqlitedb_destroy(zone, driverdata, (void **)&dbi);
+ return (result);
+}
+
+
+/*
+ * Since the SQL database corresponds to a zone, the authority data should
+ * be returned by the lookup() function. Therefore the authority() function
+ * is NULL.
+ */
+static dns_sdbmethods_t sqlitedb_methods = {
+ sqlitedb_lookup,
+ NULL, /* authority */
+ sqlitedb_allnodes,
+ sqlitedb_create,
+ sqlitedb_destroy
+};
+
+
+/*
+ * Wrapper around dns_sdb_register().
+ */
+isc_result_t
+sqlitedb_init(void)
+{
+ unsigned int flags;
+ flags = 0;
+ return (dns_sdb_register("sqlite", &sqlitedb_methods, NULL, flags,
+ ns_g_mctx, &sqlitedb));
+}
+
+
+/*
+ * Wrapper around dns_sdb_unregister().
+ */
+void
+sqlitedb_clear(void)
+{
+ if (sqlitedb != NULL)
+ dns_sdb_unregister(&sqlitedb);
+}
diff --git a/contrib/sdb/sqlite/sqlitedb.h b/contrib/sdb/sqlite/sqlitedb.h
new file mode 100644
index 00000000..e08c1ff4
--- /dev/null
+++ b/contrib/sdb/sqlite/sqlitedb.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2000-2002 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: sqlitedb.h,v 1.1.4.1 2007/03/05 05:36:58 marka Exp $ */
+
+#include <isc/types.h>
+
+isc_result_t sqlitedb_init(void);
+
+void sqlitedb_clear(void);
+
diff --git a/contrib/sdb/sqlite/zone2sqlite.c b/contrib/sdb/sqlite/zone2sqlite.c
new file mode 100644
index 00000000..40ff0e6f
--- /dev/null
+++ b/contrib/sdb/sqlite/zone2sqlite.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright (C) 2007 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: zone2sqlite.c,v 1.1.4.1 2007/03/05 05:36:58 marka Exp $ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/buffer.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/result.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+
+#include <sqlite3.h>
+
+#ifndef UNUSED
+#define UNUSED(x) (x) = (x)
+#endif
+
+/*
+ * Generate an SQLite table from a zone.
+ */
+
+typedef struct _dbinfo {
+ sqlite3 *db;
+ char *filename;
+ char *table;
+} dbinfo_t;
+
+dbinfo_t dbi = { NULL, NULL, NULL };
+
+
+static void
+closeandexit(int status)
+{
+ if (dbi.db) {
+ sqlite3_close(dbi.db);
+ dbi.db = NULL;
+ }
+ exit(status);
+}
+
+static void
+check_result(isc_result_t result, const char *message)
+{
+ if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "%s: %s\n", message,
+ isc_result_totext(result));
+ closeandexit(1);
+ }
+}
+
+static isc_result_t
+db_connect(dbinfo_t *dbi)
+{
+ if (sqlite3_open(dbi->filename, &dbi->db) == SQLITE_OK) {
+ return (ISC_R_SUCCESS);
+ } else {
+ /* a connection is returned even if the open fails */
+ sqlite3_close(dbi->db);
+ dbi->db = NULL;
+ return (ISC_R_FAILURE);
+ }
+}
+
+static int
+add_rdata_cb(void *parm, int cc, char **cv, char **cn)
+{
+ UNUSED(parm);
+ UNUSED(cc);
+ UNUSED(cv);
+ UNUSED(cn);
+
+ return 0;
+}
+
+
+static void
+addrdata(dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)
+{
+ unsigned char namearray[DNS_NAME_MAXTEXT + 1];
+ unsigned char typearray[20];
+ unsigned char dataarray[2048];
+ isc_buffer_t b;
+ isc_result_t result;
+ char *sql;
+ char *errmsg = NULL;
+ int res;
+
+ isc_buffer_init(&b, namearray, sizeof(namearray) - 1);
+ result = dns_name_totext(name, ISC_TRUE, &b);
+ check_result(result, "dns_name_totext");
+ namearray[isc_buffer_usedlength(&b)] = 0;
+
+ isc_buffer_init(&b, typearray, sizeof(typearray) - 1);
+ result = dns_rdatatype_totext(rdata->type, &b);
+ check_result(result, "dns_rdatatype_totext");
+ typearray[isc_buffer_usedlength(&b)] = 0;
+
+ isc_buffer_init(&b, dataarray, sizeof(dataarray) - 1);
+ result = dns_rdata_totext(rdata, NULL, &b);
+ check_result(result, "dns_rdata_totext");
+ dataarray[isc_buffer_usedlength(&b)] = 0;
+
+ sql = sqlite3_mprintf(
+ "INSERT INTO %q (NAME, TTL, RDTYPE, RDATA)"
+ " VALUES ('%q', %d, '%q', '%q') ",
+ dbi.table,
+ namearray, ttl, typearray, dataarray);
+ printf("%s\n", sql);
+ res = sqlite3_exec(dbi.db, sql, add_rdata_cb, NULL, &errmsg);
+ sqlite3_free(sql);
+
+ if (result != SQLITE_OK) {
+ fprintf(stderr, "INSERT failed: %s\n", errmsg);
+ closeandexit(1);
+ }
+}
+
+int
+main(int argc, char *argv[])
+{
+ char *sql;
+ int res;
+ char *errmsg = NULL;
+ char *porigin, *zonefile;
+ dns_fixedname_t forigin, fname;
+ dns_name_t *origin, *name;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *dbiter;
+ dns_dbnode_t *node;
+ dns_rdatasetiter_t *rdsiter;
+ dns_rdataset_t rdataset;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_mem_t *mctx = NULL;
+ isc_buffer_t b;
+ isc_result_t result;
+
+ if (argc != 5) {
+ printf("usage: %s <zone> <zonefile> <dbfile> <dbtable>\n", argv[0]);
+ exit(1);
+ }
+
+ porigin = argv[1];
+ zonefile = argv[2];
+
+ dbi.filename = argv[3];
+ dbi.table = argv[4];
+
+ dns_result_register();
+
+ mctx = NULL;
+ result = isc_mem_create(0, 0, &mctx);
+ check_result(result, "isc_mem_create");
+
+ isc_buffer_init(&b, porigin, strlen(porigin));
+ isc_buffer_add(&b, strlen(porigin));
+ dns_fixedname_init(&forigin);
+ origin = dns_fixedname_name(&forigin);
+ result = dns_name_fromtext(origin, &b, dns_rootname, ISC_FALSE, NULL);
+ check_result(result, "dns_name_fromtext");
+
+ db = NULL;
+ result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ check_result(result, "dns_db_create");
+
+ result = dns_db_load(db, zonefile);
+ if (result == DNS_R_SEENINCLUDE)
+ result = ISC_R_SUCCESS;
+ check_result(result, "dns_db_load");
+
+ printf("Connecting to '%s'\n", dbi.filename);
+
+ if ((result = db_connect(&dbi)) != ISC_R_SUCCESS) {
+ fprintf(stderr, "Connection to database '%s' failed\n",
+ dbi.filename);
+ closeandexit(1);
+ }
+
+ sql = sqlite3_mprintf("DROP TABLE %q ", dbi.table);
+ printf("%s\n", sql);
+ res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
+ sqlite3_free(sql);
+#if 0
+ if (res != SQLITE_OK) {
+ fprintf(stderr, "DROP TABLE %s failed: %s\n",
+ dbi.table, errmsg);
+ }
+#endif
+
+#if 0
+ sql = sqlite3_mprintf(sql, "BEGIN TRANSACTION");
+ printf("%s\n", sql);
+ res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
+ sqlite3_free(sql);
+ if (res != SQLITE_OK) {
+ fprintf(stderr, "BEGIN TRANSACTION failed: %s\n", errmsg);
+ closeandexit(1);
+ }
+#endif
+
+ sql = sqlite3_mprintf(
+ "CREATE TABLE %q "
+ "(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT) ",
+ dbi.table);
+ printf("%s\n", sql);
+ res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
+ sqlite3_free(sql);
+ if (res != SQLITE_OK) {
+ fprintf(stderr, "CREATE TABLE %s failed: %s\n",
+ dbi.table, errmsg);
+ closeandexit(1);
+ }
+
+ dbiter = NULL;
+ result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
+ check_result(result, "dns_db_createiterator()");
+
+ result = dns_dbiterator_first(dbiter);
+ check_result(result, "dns_dbiterator_first");
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ dns_rdataset_init(&rdataset);
+ dns_rdata_init(&rdata);
+
+ while (result == ISC_R_SUCCESS) {
+ node = NULL;
+ result = dns_dbiterator_current(dbiter, &node, name);
+ if (result == ISC_R_NOMORE)
+ break;
+ check_result(result, "dns_dbiterator_current");
+
+ rdsiter = NULL;
+ result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
+ check_result(result, "dns_db_allrdatasets");
+
+ result = dns_rdatasetiter_first(rdsiter);
+
+ while (result == ISC_R_SUCCESS) {
+ dns_rdatasetiter_current(rdsiter, &rdataset);
+ result = dns_rdataset_first(&rdataset);
+ check_result(result, "dns_rdataset_first");
+ while (result == ISC_R_SUCCESS) {
+ dns_rdataset_current(&rdataset, &rdata);
+ addrdata(name, rdataset.ttl, &rdata);
+ dns_rdata_reset(&rdata);
+ result = dns_rdataset_next(&rdataset);
+ }
+ dns_rdataset_disassociate(&rdataset);
+ result = dns_rdatasetiter_next(rdsiter);
+ }
+ dns_rdatasetiter_destroy(&rdsiter);
+ dns_db_detachnode(db, &node);
+ result = dns_dbiterator_next(dbiter);
+ }
+
+#if 0
+ sql = sqlite3_mprintf(sql, "COMMIT TRANSACTION ");
+ printf("%s\n", sql);
+ res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
+ sqlite3_free(sql);
+ if (res != SQLITE_OK) {
+ fprintf(stderr, "COMMIT TRANSACTION failed: %s\n", errmsg);
+ closeandexit(1);
+ }
+#endif
+
+ dns_dbiterator_destroy(&dbiter);
+ dns_db_detach(&db);
+ isc_mem_destroy(&mctx);
+
+ closeandexit(0);
+
+ exit(0);
+}
diff --git a/contrib/sdb/tcl/tcldb.c b/contrib/sdb/tcl/tcldb.c
index 1ead6240..afda56bf 100644
--- a/contrib/sdb/tcl/tcldb.c
+++ b/contrib/sdb/tcl/tcldb.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2002 Internet Software Consortium.
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tcldb.c,v 1.7.4.3 2004/03/09 06:10:36 marka Exp $ */
+/* $Id: tcldb.c,v 1.7.4.5 2007/01/18 00:06:02 marka Exp $ */
/*
* A simple database driver that calls a Tcl procedure to define
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 9d080990..d1d23bc7 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.155.2.50 2006/09/13 00:28:07 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.155.2.58 2007/05/16 06:15:11 marka Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
@@ -28,6 +28,7 @@
<year>2004</year>
<year>2005</year>
<year>2006</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -79,8 +80,8 @@
</emphasis>addresses security considerations, and
<emphasis>Section 8</emphasis> contains troubleshooting help. The
main body of the document is followed by several
- <emphasis>Appendices</emphasis> which contain useful reference
- information, such as a <emphasis>Bibliography</emphasis> and
+ <emphasis>appendices</emphasis> which contain useful reference
+ information, such as a <emphasis>bibliography</emphasis> and
historic information related to <acronym>BIND</acronym> and the Domain Name
System.</para>
</sect1>
@@ -148,7 +149,7 @@ describe:</emphasis></para></entry>
</tgroup></informaltable></para></sect1>
<sect1><title>The Domain Name System (<acronym>DNS</acronym>)</title>
<para>The purpose of this document is to explain the installation
-and upkeep of the <acronym>BIND</acronym> software package, and we
+and upkeep of the <acronym>BIND</acronym> (Berkeley Internet Name Domain) software package, and we
begin by reviewing the fundamentals of the Domain Name System
(<acronym>DNS</acronym>) as they relate to <acronym>BIND</acronym>.
</para>
@@ -743,6 +744,11 @@ of a server.</para>
<para>The remote name daemon control
(<command>rndc</command>) program allows the system
administrator to control the operation of a nameserver.
+ In <acronym>BIND</acronym> 9.2, <command>rndc</command>
+ supports all the commands of the BIND 8 <command>ndc</command>
+ utility except <command>ndc start</command> and
+ <command>ndc restart</command>, which were also
+ not supported in <command>ndc</command>'s channel mode.
If you run <command>rndc</command> without any options
it will display a usage message as follows:</para>
<cmdsynopsis label="Usage">
@@ -1075,7 +1081,8 @@ to allow internal networks that are behind filters or in RFC 1918
space (reserved IP space, as documented in RFC 1918) to resolve DNS
on the Internet. Split DNS can also be used to allow mail from outside
back in to the internal network.</para>
-<para>Here is an example of a split DNS setup:</para>
+<sect2>
+<title>Example split DNS setup</title>
<para>Let's say a company named <emphasis>Example, Inc.</emphasis> (example.com)
has several corporate sites that have an internal network with reserved
Internet Protocol (IP) space and an external demilitarized zone (DMZ),
@@ -1245,6 +1252,7 @@ nameserver 172.16.72.2
nameserver 172.16.72.3
nameserver 172.16.72.4
</programlisting>
+ </sect2>
</sect1>
<sect1 id="tsig"><title>TSIG</title>
<para>This is a short guide to setting up Transaction SIGnatures
@@ -1369,7 +1377,7 @@ allow-update { key host1-host2. ;};
outside of the allowed range, the response will be signed with
the TSIG extended error code set to BADTIME, and the time values
will be adjusted so that the response can be successfully
- verified. In any of these cases, the message's rcode is set to
+ verified. In any of these cases, the message's rcode (response code) is set to
NOTAUTH (not authenticated).</para>
</sect2>
@@ -1473,7 +1481,7 @@ allow-update { key host1-host2. ;};
<para>Two output files will be produced:
<filename>Kchild.example.+003+12345.key</filename> and
<filename>Kchild.example.+003+12345.private</filename> (where
- 12345 is an example of a key tag). The key file names contain
+ 12345 is an example of a key tag). The key filenames contain
the key name (<filename>child.example.</filename>), algorithm (3
is DSA, 1 is RSA, etc.), and the key tag (12345 in this case).
The private key (in the <filename>.private</filename> file) is
@@ -1749,7 +1757,7 @@ in <varname>dotted_decimal</varname> notation.</para></entry>
<row rowsep = "0">
<entry colname = "1"><para><varname>ip_port</varname></para></entry>
<entry colname = "2"><para>An IP port <varname>number</varname>.
- <varname>number</varname> is limited to 0 through 65535, with values
+The <varname>number</varname> is limited to 0 through 65535, with values
below 1024 typically restricted to root-owned processes. In some
cases, an asterisk (`*') character can be used as a placeholder to
select a random high-numbered port.</para></entry>
@@ -1885,7 +1893,7 @@ other 1.2.3.* hosts fall through.</para></sect3></sect2>
<title>Comment Syntax</title>
<para>The <acronym>BIND</acronym> 9 comment syntax allows for comments to appear
- anywhere that white space may appear in a <acronym>BIND</acronym> configuration
+ anywhere that whitespace may appear in a <acronym>BIND</acronym> configuration
file. To appeal to programmers of all kinds, they can be written
in C, C++, or shell/perl constructs.</para>
@@ -1899,7 +1907,7 @@ other 1.2.3.* hosts fall through.</para></sect3></sect2>
</sect3>
<sect3>
<title>Definition and Usage</title>
-<para>Comments may appear anywhere that white space may appear in
+<para>Comments may appear anywhere that whitespace may appear in
a <acronym>BIND</acronym> configuration file.</para>
<para>C-style comments start with the two characters /* (slash,
star) and end with */ (star, slash). Because they are completely
@@ -2612,7 +2620,7 @@ statement in the <filename>named.conf</filename> file:</para>
<para>The <command>lwres</command> statement configures the name
server to also act as a light-weight resolver daemon. (See
-<xref linkend="lwresd"/>.) There may be be multiple
+<xref linkend="lwresd"/>.) There may be multiple
<command>lwres</command> statements configuring
lightweight resolver servers with different properties.</para>
@@ -3029,7 +3037,7 @@ in the <command>statistics-file</command>. See also <xref linkend="statsfile"/>
<varlistentry><term><command>use-ixfr</command></term>
<listitem><para><emphasis>This option is obsolete</emphasis>.
-If you need to disable IXFR to a particular server or servers see
+If you need to disable IXFR to a particular server or servers, see
the information on the <command>provide-ixfr</command> option
in <xref linkend="server_statement_definition_and_usage"/>. See also
<xref linkend="incremental_zone_transfers"/>.
@@ -3599,7 +3607,7 @@ that have gone away will be cleaned up.</para>
<listitem><para>Nameserver statistics will be logged
every <command>statistics-interval</command> minutes. The default is
60. If set to 0, no statistics will be logged.</para><note>
-<simpara>Not yet implemented in <acronym>BIND</acronym>9.</simpara></note>
+<simpara>Not yet implemented in <acronym>BIND</acronym> 9.</simpara></note>
</listitem></varlistentry>
</variablelist>
@@ -4306,7 +4314,7 @@ and reloaded from this file on a server restart. Use of a file is
recommended, since it often speeds server startup and eliminates
a needless waste of bandwidth. Note that for large numbers (in the
tens or hundreds of thousands) of zones per server, it is best to
-use a two-level naming scheme for zone file names. For example,
+use a two-level naming scheme for zone filenames. For example,
a slave server for the zone <literal>example.com</literal> might place
the zone contents into a file called
<filename>ex/example.com</filename> where <filename>ex/</filename> is
@@ -4393,7 +4401,7 @@ used to share information about various systems databases, such
as users, groups, printers and so on. The keyword
<literal>HS</literal> is
a synonym for hesiod.</para>
-<para>Another MIT development is CHAOSnet, a LAN protocol created
+<para>Another MIT development is Chaosnet, a LAN protocol created
in the mid-1970s. Zone data for it can be specified with the <literal>CHAOS</literal> class.</para></sect3>
<sect3>
@@ -4918,11 +4926,11 @@ owner domain.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para>NS</para></entry>
-<entry colname = "2"><para>a fully qualified domain name.</para></entry>
+<entry colname = "2"><para>a fully-qualified domain name.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para>PTR</para></entry>
-<entry colname = "2"><para>a fully qualified domain name.</para></entry>
+<entry colname = "2"><para>a fully-qualified domain name.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para>SOA</para></entry>
@@ -5172,7 +5180,7 @@ in the <optional>example.com</optional> domain:</para>
</tgroup></informaltable>
<note>
<para>The <command>$ORIGIN</command> lines in the examples
-are for providing context to the examples only-they do not necessarily
+are for providing context to the examples only &mdash; they do not necessarily
appear in the actual usage. They are only used here to indicate
that the example is relative to the listed origin.</para></note></sect2>
<sect2><title>Other Zone File Directives</title>
@@ -5251,16 +5259,16 @@ or start-stop/step. If the first form is used, then step is set to
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>lhs</command></para></entry>
- <entry colname = "2"><para><command>lhs</command> describes the
+ <entry colname = "2"><para>This describes the
owner name of the resource records to be created. Any single
<command>$</command> (dollar sign) symbols
within the <command>lhs</command> side are replaced by the iterator
value.
-To get a $ in the output you need to escape the <command>$</command>
+To get a $ in the output, you need to escape the <command>$</command>
using a backslash <command>\</command>,
e.g. <command>\$</command>. The <command>$</command> may optionally be followed
by modifiers which change the offset from the interator, field width and base.
-Modifiers are introduced by a <command>{</command> immediately following the
+Modifiers are introduced by a <command>{</command> (left brace) immediately following the
<command>$</command> as <command>${offset[,width[,base]]}</command>.
For example, <command>${-20,3,d}</command> which subtracts 20 from the current value,
prints the result as a decimal in a zero-padded field of width 3. Available
@@ -5280,7 +5288,7 @@ PTR, CNAME, DNAME, A, AAAA and NS.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>rhs</command></para></entry>
- <entry colname = "2"><para>A domain name. It is processed
+ <entry colname = "2"><para><command>rhs</command> is a domain name. It is processed
similarly to lhs.</para></entry>
</row>
</tbody>
@@ -5333,7 +5341,7 @@ unless recursion has been previously disabled.</para>
<para>For more information on how to use ACLs to protect your server,
see the <emphasis>AUSCERT</emphasis> advisory at
<ulink url="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos">ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</ulink></para></sect1>
-<sect1><title><command>chroot</command> and <command>setuid</command> (for
+<sect1><title><command>Chroot</command> and <command>Setuid</command> (for
UNIX servers)</title>
<para>On UNIX servers, it is possible to run <acronym>BIND</acronym> in a <emphasis>chrooted</emphasis> environment
(using the <command>chroot()</command> function) by specifying the "<option>-t</option>"
@@ -5360,7 +5368,7 @@ like <command>directory</command> and <command>pid-file</command> to account
for this.
</para>
<para>
-Unlike with earlier versions of BIND, you will typically
+Unlike with earlier versions of BIND, you typically will
<emphasis>not</emphasis> need to compile <command>named</command>
statically nor install shared libraries under the new root.
However, depending on your operating system, you may need
@@ -5433,12 +5441,12 @@ all.</para>
<sect1>
<title>Incrementing and Changing the Serial Number</title>
- <para>Zone serial numbers are just numbers-they aren't date
+ <para>Zone serial numbers are just numbers &mdash; they aren't date
related. A lot of people set them to a number that represents a
- date, usually of the form YYYYMMDDRR. A number of people have been
- testing these numbers for Y2K compliance and have set the number
- to the year 2000 to see if it will work. They then try to restore
- the old serial number. This will cause problems because serial
+ date, usually of the form YYYYMMDDRR. A number of people
+ tested these numbers for Y2K compliance and set the number
+ to the year 2000 to see if it would work. They then tried to restore
+ the old serial number. This caused problems because serial
numbers are used to indicate that a zone has been updated. If the
serial number on the slave server is lower than the serial number
on the master, the slave server will attempt to update its copy of
@@ -5516,7 +5524,7 @@ employee on loan to the CSRG, worked on <acronym>BIND</acronym> for 2 years, fro
to 1987. Many other people also contributed to <acronym>BIND</acronym> development
during that time: Doug Kingston, Craig Partridge, Smoot Carl-Mitchell,
Mike Muuss, Jim Bloom and Mike Schwartz. <acronym>BIND</acronym> maintenance was subsequently
-handled by Mike Karels and O. Kure.</para>
+handled by Mike Karels and &#216;ivind Kure.</para>
<para><acronym>BIND</acronym> versions 4.9 and 4.9.1 were released by Digital Equipment
Corporation (now Compaq Computer Corporation). Paul Vixie, then
a DEC employee, became <acronym>BIND</acronym>'s primary caretaker. He was assisted
@@ -5524,13 +5532,27 @@ by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew
Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
Wolfhugel, and others.</para>
- <para><acronym>BIND</acronym> version 4.9.2 was sponsored by Vixie Enterprises. Paul
+ <para>In 1994, <acronym>BIND</acronym> version 4.9.2 was sponsored by Vixie Enterprises. Paul
Vixie became <acronym>BIND</acronym>'s principal architect/programmer.</para>
<para><acronym>BIND</acronym> versions from 4.9.3 onward have been developed and maintained
by the Internet Software Consortium with support being provided
-by ISC's sponsors. As co-architects/programmers, Bob Halley and
+by ISC's sponsors.
+ </para>
+ <para>As co-architects/programmers, Bob Halley and
Paul Vixie released the first production-ready version of <acronym>BIND</acronym> version
8 in May 1997.</para>
+ <para>
+ BIND version 9 was released in September 2000 and is a
+ major rewrite of nearly all aspects of the underlying
+ BIND architecture.
+ </para>
+ <para>
+ BIND version 4 is officially deprecated and BIND version
+ 8 development is considered maintenance-only in favor
+ of BIND version 9. No additional development is done
+ on BIND version 4 or BIND version 8 other than for
+ security-related patches.
+ </para>
<para><acronym>BIND</acronym> development work is made possible today by the sponsorship
of several corporations, and by the tireless work efforts of numerous
individuals.</para>
@@ -5551,7 +5573,7 @@ hesiod.</para>
<sect3>
<title>CH = chaos</title>
<para>The <command>chaos</command> class is used to specify zone
-data for the MIT-developed CHAOSnet, a LAN protocol created in the
+data for the MIT-developed Chaosnet, a LAN protocol created in the
mid-1970s.</para>
</sect3>
</sect2>
@@ -5566,7 +5588,8 @@ scalable Internet routing. There are three types of addresses: <emphasis>Unicast
an identifier for a single interface; <emphasis>Anycast</emphasis>,
an identifier for a set of interfaces; and <emphasis>Multicast</emphasis>,
an identifier for a set of interfaces. Here we describe the global
-Unicast address scheme. For more information, see RFC 2374.</para>
+Unicast address scheme. For more information, see RFC 3587,
+"Global Unicast Address Format."</para>
<para>The aggregatable global Unicast address format is as follows:</para>
<informaltable colsep = "0" rowsep = "0"><tgroup cols = "6"
colsep = "0" rowsep = "0" tgroupstyle = "1Level-table">
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index e90dac64..6d540cc9 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch01.html,v 1.12.2.17 2006/07/20 02:33:01 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch01.html,v 1.12.2.21 2007/05/08 02:29:19 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Chapter 1. Introduction </title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<title>Chapter 1. Introduction</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569434">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569460">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569736">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569994">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563876">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564243">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564314">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564572">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570014">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570312">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570396">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570539">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570631">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570689">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2563159">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2563184">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564974">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565117">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565209">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565267">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -67,7 +67,7 @@
hierarchical databases.</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569434"></a>Scope of Document</h2></div></div></div>
+<a name="id2563876"></a>Scope of Document</h2></div></div></div>
<p>The Berkeley Internet Name Domain (<acronym class="acronym">BIND</acronym>) implements a
domain name server for a number of operating systems. This
document provides basic information about the installation and
@@ -78,7 +78,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569460"></a>Organization of This Document</h2></div></div></div>
+<a name="id2564243"></a>Organization of This Document</h2></div></div></div>
<p>In this document, <span class="emphasis"><em>Section 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Section 2</em></span>
describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
@@ -96,14 +96,14 @@
</em></span>addresses security considerations, and
<span class="emphasis"><em>Section 8</em></span> contains troubleshooting help. The
main body of the document is followed by several
- <span class="emphasis"><em>Appendices</em></span> which contain useful reference
- information, such as a <span class="emphasis"><em>Bibliography</em></span> and
+ <span class="emphasis"><em>appendices</em></span> which contain useful reference
+ information, such as a <span class="emphasis"><em>bibliography</em></span> and
historic information related to <acronym class="acronym">BIND</acronym> and the Domain Name
System.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569736"></a>Conventions Used in This Document</h2></div></div></div>
+<a name="id2564314"></a>Conventions Used in This Document</h2></div></div></div>
<p>In this document, we use the following general typographic
conventions:</p>
<div class="informaltable"><table border="1">
@@ -169,15 +169,15 @@ describe:</em></span></p></td>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569994"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
+<a name="id2564572"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>The purpose of this document is to explain the installation
-and upkeep of the <acronym class="acronym">BIND</acronym> software package, and we
+and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet Name Domain) software package, and we
begin by reviewing the fundamentals of the Domain Name System
(<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570014"></a>DNS Fundamentals</h3></div></div></div>
+<a name="id2563159"></a>DNS Fundamentals</h3></div></div></div>
<p>The Domain Name System (DNS) is the hierarchical, distributed
database. It stores information for mapping Internet host names to IP
addresses and vice versa, mail routing information, and other data
@@ -190,7 +190,7 @@ name server and a resolver library.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570312"></a>Domains and Domain Names</h3></div></div></div>
+<a name="id2563184"></a>Domains and Domain Names</h3></div></div></div>
<p>The data stored in the DNS is identified by <span class="emphasis"><em>domain
names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -227,7 +227,7 @@ the DNS protocol, please refer to the standards documents listed in
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570396"></a>Zones</h3></div></div></div>
+<a name="id2564974"></a>Zones</h3></div></div></div>
<p>To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
and a <span class="emphasis"><em>domain</em></span>.</p>
@@ -267,7 +267,7 @@ actually asking for slave service for some collection of zones.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570539"></a>Authoritative Name Servers</h3></div></div></div>
+<a name="id2565117"></a>Authoritative Name Servers</h3></div></div></div>
<p>Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
which contains the complete data for the zone.
@@ -280,7 +280,7 @@ easy to identify when debugging DNS configurations using tools like
<span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570562"></a>The Primary Master</h4></div></div></div>
+<a name="id2565140"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone data is maintained is
called the <span class="emphasis"><em>primary master</em></span> server, or simply the
@@ -291,7 +291,7 @@ the <span class="emphasis"><em>zone file</em></span> or <span class="emphasis"><
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570583"></a>Slave Servers</h4></div></div></div>
+<a name="id2565161"></a>Slave Servers</h4></div></div></div>
<p>The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers) load
the zone contents from another server using a replication process
@@ -302,7 +302,7 @@ may itself act as a master to a subordinate slave server.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570602"></a>Stealth Servers</h4></div></div></div>
+<a name="id2565180"></a>Stealth Servers</h4></div></div></div>
<p>Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
@@ -327,7 +327,7 @@ with the outside world.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570631"></a>Caching Name Servers</h3></div></div></div>
+<a name="id2565209"></a>Caching Name Servers</h3></div></div></div>
<p>The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not capable of
performing the full DNS resolution process by themselves by talking
@@ -346,7 +346,7 @@ Time To Live (TTL) field associated with each resource record.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570663"></a>Forwarding</h4></div></div></div>
+<a name="id2565241"></a>Forwarding</h4></div></div></div>
<p>Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
<span class="emphasis"><em>forward</em></span> some or all of the queries
@@ -369,7 +369,7 @@ of.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570689"></a>Name Servers in Multiple Roles</h3></div></div></div>
+<a name="id2565267"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>The <acronym class="acronym">BIND</acronym> name server can simultaneously act as
a master for some zones, a slave for other zones, and as a caching
(recursive) server for a set of local clients.</p>
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 65d8a03b..51f280de 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch02.html,v 1.10.2.13 2006/06/29 13:02:07 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch02.html,v 1.10.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 2. BIND Resource Requirements</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="prev" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction ">
+<link rel="prev" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction">
<link rel="next" href="Bv9ARM.ch03.html" title="Chapter 3. Nameserver Configuration">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570925">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570950">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570961">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570976">Nameserver Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570984">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565299">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565323">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565402">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565417">Nameserver Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565426">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570925"></a>Hardware requirements</h2></div></div></div>
+<a name="id2565299"></a>Hardware requirements</h2></div></div></div>
<p><acronym class="acronym">DNS</acronym> hardware requirements have traditionally been quite modest.
For many installations, servers that have been pensioned off from
active duty have performed admirably as <acronym class="acronym">DNS</acronym> servers.</p>
@@ -66,7 +66,7 @@ multiprocessor systems for installations that need it.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570950"></a>CPU Requirements</h2></div></div></div>
+<a name="id2565323"></a>CPU Requirements</h2></div></div></div>
<p>CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from i486-class machines
for serving of static zones without caching, to enterprise-class
machines if you intend to process many dynamic updates and DNSSEC
@@ -74,7 +74,7 @@ signed zones, serving many thousands of queries per second.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570961"></a>Memory Requirements</h2></div></div></div>
+<a name="id2565402"></a>Memory Requirements</h2></div></div></div>
<p>The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
option can be used to limit the amount of memory used by the cache,
@@ -89,7 +89,7 @@ be set higher than this stable size.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570976"></a>Nameserver Intensive Environment Issues</h2></div></div></div>
+<a name="id2565417"></a>Nameserver Intensive Environment Issues</h2></div></div></div>
<p>For nameserver intensive environments, there are two alternative
configurations that may be used. The first is where clients and
any second-level internal nameservers query a main nameserver, which
@@ -103,7 +103,7 @@ as none of the nameservers share their cached data.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570984"></a>Supported Operating Systems</h2></div></div></div>
+<a name="id2565426"></a>Supported Operating Systems</h2></div></div></div>
<p>ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on the following operating
systems:</p>
<div class="itemizedlist"><ul type="disc">
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 0f3d9cc5..b5ce5169 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.26.2.19 2006/06/29 13:02:07 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch03.html,v 1.26.2.23 2007/05/08 02:29:19 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 3. Nameserver Configuration</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
@@ -47,15 +47,15 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571149">A Caching-only Nameserver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571162">An Authoritative-only Nameserver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2565591">A Caching-only Nameserver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2565672">An Authoritative-only Nameserver</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2571185">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2565694">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#notify">Notify</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2571575">Nameserver Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2566085">Nameserver Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571580">Tools for Use With the Nameserver Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2574565">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2566090">Tools for Use With the Nameserver Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569165">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -67,7 +67,7 @@ option setting.</p>
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571149"></a>A Caching-only Nameserver</h3></div></div></div>
+<a name="id2565591"></a>A Caching-only Nameserver</h3></div></div></div>
<p>The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All queries
from outside clients are refused.</p>
@@ -91,7 +91,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571162"></a>An Authoritative-only Nameserver</h3></div></div></div>
+<a name="id2565672"></a>An Authoritative-only Nameserver</h3></div></div></div>
<p>This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
and a slave for the subdomain "<code class="filename">eng.example.com</code>".</p>
@@ -133,7 +133,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571185"></a>Load Balancing</h2></div></div></div>
+<a name="id2565694"></a>Load Balancing</h2></div></div></div>
<p>Primitive load balancing can be achieved in <acronym class="acronym">DNS</acronym> using multiple
A records for one name.</p>
<p>For example, if you have three WWW servers with network addresses
@@ -208,10 +208,10 @@ of the time:</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571575"></a>Nameserver Operations</h2></div></div></div>
+<a name="id2566085"></a>Nameserver Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571580"></a>Tools for Use With the Nameserver Daemon</h3></div></div></div>
+<a name="id2566090"></a>Tools for Use With the Nameserver Daemon</h3></div></div></div>
<p>There are several indispensable diagnostic, administrative
and monitoring tools available to the system administrator for controlling
and debugging the nameserver daemon. We describe several in this
@@ -296,6 +296,11 @@ of a server.</p>
<p>The remote name daemon control
(<span><strong class="command">rndc</strong></span>) program allows the system
administrator to control the operation of a nameserver.
+ In <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
+ supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
+ utility except <span><strong class="command">ndc start</strong></span> and
+ <span><strong class="command">ndc restart</strong></span>, which were also
+ not supported in <span><strong class="command">ndc</strong></span>'s channel mode.
If you run <span><strong class="command">rndc</strong></span> without any options
it will display a usage message as follows:</p>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
@@ -451,7 +456,7 @@ a <code class="filename">rndc.key</code> file and not modify
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574565"></a>Signals</h3></div></div></div>
+<a name="id2569165"></a>Signals</h3></div></div></div>
<p>Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
be sent using the <span><strong class="command">kill</strong></span> command.</p>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index aa02f75b..80ccaa2b 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.30.2.24 2006/06/29 13:02:07 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.30.2.29 2007/05/08 02:29:19 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 4. Advanced Concepts</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch03.html" title="Chapter 3. Nameserver Configuration">
@@ -48,30 +48,31 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2574805">Split DNS</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569474">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569491">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575436">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575502">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575511">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575550">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575603">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575646">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569971">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570037">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570045">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570085">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570137">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570181">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2575660">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2575709">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570195">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570312">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575763">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575899">Creating a Keyset</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576006">Signing the Child's Keyset</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576116">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576170">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570365">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570434">Creating a Keyset</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570540">Signing the Child's Keyset</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570650">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570705">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2576195">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570729">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576250">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576264">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570785">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570798">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -150,7 +151,7 @@ of the <span><strong class="command">server</strong></span> statement.</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2574805"></a>Split DNS</h2></div></div></div>
+<a name="id2569474"></a>Split DNS</h2></div></div></div>
<p>Setting up different views, or visibility, of DNS space to
internal and external resolvers is usually referred to as a <span class="emphasis"><em>Split
DNS</em></span> setup. There are several reasons an organization
@@ -166,7 +167,9 @@ to allow internal networks that are behind filters or in RFC 1918
space (reserved IP space, as documented in RFC 1918) to resolve DNS
on the Internet. Split DNS can also be used to allow mail from outside
back in to the internal network.</p>
-<p>Here is an example of a split DNS setup:</p>
+<div class="sect2" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id2569491"></a>Example split DNS setup</h3></div></div></div>
<p>Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span> (example.com)
has several corporate sites that have an internal network with reserved
Internet Protocol (IP) space and an external demilitarized zone (DMZ),
@@ -332,6 +335,7 @@ nameserver 172.16.72.3
nameserver 172.16.72.4
</pre>
</div>
+</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="tsig"></a>TSIG</h2></div></div></div>
@@ -352,13 +356,13 @@ for TSIG.</p>
<code class="option">-y</code> command line options.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575436"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2569971"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
be the same on both hosts.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575452"></a>Automatic Generation</h4></div></div></div>
+<a name="id2569987"></a>Automatic Generation</h4></div></div></div>
<p>The following command will generate a 128-bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
are easier to read. Note that the maximum key length is 512 bits;
@@ -375,7 +379,7 @@ be used as the shared secret.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575486"></a>Manual Generation</h4></div></div></div>
+<a name="id2570021"></a>Manual Generation</h4></div></div></div>
<p>The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
the length is a multiple of 4 and only valid characters are used),
@@ -386,13 +390,13 @@ a similar program to generate base-64 encoded data.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575502"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2570037"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575511"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2570045"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span> are
both servers. The following is added to each server's <code class="filename">named.conf</code> file:</p>
<pre class="programlisting">
@@ -413,7 +417,7 @@ the same key.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575550"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2570085"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
for <span class="emphasis"><em>host1</em></span>, if the IP address of <span class="emphasis"><em>host2</em></span> is
@@ -436,7 +440,7 @@ sign request messages to <span class="emphasis"><em>host1</em></span>.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575603"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2570137"></a>TSIG Key Based Access Control</h3></div></div></div>
<p><acronym class="acronym">BIND</acronym> allows IP addresses and ranges to be specified in ACL
definitions and
<span><strong class="command">allow-{ query | transfer | update }</strong></span> directives.
@@ -454,7 +458,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575646"></a>Errors</h3></div></div></div>
+<a name="id2570181"></a>Errors</h3></div></div></div>
<p>The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG
aware server, a FORMERR (format error) will be returned, since
@@ -471,13 +475,13 @@ allow-update { key host1-host2. ;};
outside of the allowed range, the response will be signed with
the TSIG extended error code set to BADTIME, and the time values
will be adjusted so that the response can be successfully
- verified. In any of these cases, the message's rcode is set to
+ verified. In any of these cases, the message's rcode (response code) is set to
NOTAUTH (not authenticated).</p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2575660"></a>TKEY</h2></div></div></div>
+<a name="id2570195"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span> is a mechanism for automatically
generating a shared secret between two hosts. There are several
"modes" of <span><strong class="command">TKEY</strong></span> that specify how the key is
@@ -503,7 +507,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2575709"></a>SIG(0)</h2></div></div></div>
+<a name="id2570312"></a>SIG(0)</h2></div></div></div>
<p><acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0) transaction
signatures as specified in RFC 2535. SIG(0) uses public/private
keys to authenticate messages. Access control is performed in the
@@ -542,7 +546,7 @@ allow-update { key host1-host2. ;};
zone key of another zone above this one in the DNS tree.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575763"></a>Generating Keys</h3></div></div></div>
+<a name="id2570365"></a>Generating Keys</h3></div></div></div>
<p>The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.</p>
<p>A secure zone must contain one or more zone keys. The
@@ -560,7 +564,7 @@ allow-update { key host1-host2. ;};
<p>Two output files will be produced:
<code class="filename">Kchild.example.+003+12345.key</code> and
<code class="filename">Kchild.example.+003+12345.private</code> (where
- 12345 is an example of a key tag). The key file names contain
+ 12345 is an example of a key tag). The key filenames contain
the key name (<code class="filename">child.example.</code>), algorithm (3
is DSA, 1 is RSA, etc.), and the key tag (12345 in this case).
The private key (in the <code class="filename">.private</code> file) is
@@ -575,7 +579,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575899"></a>Creating a Keyset</h3></div></div></div>
+<a name="id2570434"></a>Creating a Keyset</h3></div></div></div>
<p>The <span><strong class="command">dnssec-makekeyset</strong></span> program is used
to create a key set from one or more keys.</p>
<p>Once the zone keys have been generated, a key set must be
@@ -603,7 +607,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576006"></a>Signing the Child's Keyset</h3></div></div></div>
+<a name="id2570540"></a>Signing the Child's Keyset</h3></div></div></div>
<p>The <span><strong class="command">dnssec-signkey</strong></span> program is used to
sign one child's keyset.</p>
<p>If the <code class="filename">child.example</code> zone has any
@@ -623,7 +627,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576116"></a>Signing the Zone</h3></div></div></div>
+<a name="id2570650"></a>Signing the Zone</h3></div></div></div>
<p>The <span><strong class="command">dnssec-signzone</strong></span> program is used to
sign a zone.</p>
<p>Any <code class="filename">signedkey</code> files corresponding to
@@ -646,7 +650,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576170"></a>Configuring Servers</h3></div></div></div>
+<a name="id2570705"></a>Configuring Servers</h3></div></div></div>
<p>Unlike in <acronym class="acronym">BIND</acronym> 8,
data is not verified on load in <acronym class="acronym">BIND</acronym> 9,
so zone keys for authoritative zones do not need to be specified
@@ -658,7 +662,7 @@ statement, as described later in this document. </p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2576195"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2570729"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p><acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
lookups. It will also use IPv6 addresses to make queries when
@@ -680,7 +684,7 @@ statement, as described later in this document. </p>
see <a href="Bv9ARM.ch09.html#ipv6addresses" title="IPv6 addresses (A6)">the section called &#8220;IPv6 addresses (A6)&#8221;</a>.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576250"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2570785"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>The AAAA record is a parallel to the IPv4 A record. It
specifies the entire address in a single record. For
example,</p>
@@ -691,7 +695,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576264"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2570798"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
<code class="literal">IP6.ARPA.</code> is appended to the resulting name.
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 89f0efcd..10d9a567 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.24.2.18 2006/06/29 13:02:07 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch05.html,v 1.24.2.22 2007/05/08 02:29:19 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 5. The BIND 9 Lightweight Resolver</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced Concepts">
@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2576296">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2570830">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2576296"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2570830"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
server.</p>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 3c274e61..7dc60fa1 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.56.2.39 2006/09/13 02:56:02 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.56.2.45 2007/05/16 06:57:45 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 6. BIND 9 Configuration Reference</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter 5. The BIND 9 Lightweight Resolver">
@@ -48,44 +48,44 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577239">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2571910">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577882"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2572280"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578061"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2572459"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578454"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578469"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578491"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578513"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578644"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578770"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579928"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580001"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580064"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580856"><span><strong class="command">options</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2572988"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573003"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573026"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573047"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573110"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573236"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574326"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574398"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574530"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575390"><span><strong class="command">options</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584568"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584616"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579171"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579219"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584640"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584824"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579242"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579290"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586007"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580473"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2587316">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2581782">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588704">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2583238">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589337">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589443">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589680"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2583872">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584114">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584282"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -145,7 +145,7 @@ in <code class="varname">dotted_decimal</code> notation.</p></td>
<tr>
<td><p><code class="varname">ip_port</code></p></td>
<td><p>An IP port <code class="varname">number</code>.
- <code class="varname">number</code> is limited to 0 through 65535, with values
+The <code class="varname">number</code> is limited to 0 through 65535, with values
below 1024 typically restricted to root-owned processes. In some
cases, an asterisk (`*') character can be used as a placeholder to
select a random high-numbered port.</p></td>
@@ -224,7 +224,7 @@ are restricted to slave and stub zones.</p></td>
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2577125"></a>Syntax</h4></div></div></div>
+<a name="id2571796"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -233,7 +233,7 @@ are restricted to slave and stub zones.</p></td>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2577152"></a>Definition and Usage</h4></div></div></div>
+<a name="id2571822"></a>Definition and Usage</h4></div></div></div>
<p>Address match lists are primarily used to determine access
control for various server operations. They are also used to define
priorities for querying other nameservers and to set the addresses
@@ -288,14 +288,14 @@ other 1.2.3.* hosts fall through.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577239"></a>Comment Syntax</h3></div></div></div>
+<a name="id2571910"></a>Comment Syntax</h3></div></div></div>
<p>The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for comments to appear
- anywhere that white space may appear in a <acronym class="acronym">BIND</acronym> configuration
+ anywhere that whitespace may appear in a <acronym class="acronym">BIND</acronym> configuration
file. To appeal to programmers of all kinds, they can be written
in C, C++, or shell/perl constructs.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2577254"></a>Syntax</h4></div></div></div>
+<a name="id2571925"></a>Syntax</h4></div></div></div>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
<p>
</p>
@@ -308,8 +308,8 @@ other 1.2.3.* hosts fall through.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2569227"></a>Definition and Usage</h4></div></div></div>
-<p>Comments may appear anywhere that white space may appear in
+<a name="id2571954"></a>Definition and Usage</h4></div></div></div>
+<p>Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.</p>
<p>C-style comments start with the two characters /* (slash,
star) and end with */ (star, slash). Because they are completely
@@ -417,7 +417,7 @@ a per-server basis.</p></td>
configuration.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577882"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2572280"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -470,7 +470,7 @@ complete set of local IPv6 addresses for a host.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578061"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2572459"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
inet ( ip_addr | * ) [<span class="optional"> port ip_port </span>] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code> key_list </code></em> };
@@ -569,12 +569,12 @@ statement: <span><strong class="command">controls { };</strong></span>.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578454"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2572988"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578469"></a><span><strong class="command">include</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2573003"></a><span><strong class="command">include</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">include</strong></span> statement inserts the
specified file at the point that the <span><strong class="command">include</strong></span>
statement is encountered. The <span><strong class="command">include</strong></span>
@@ -585,7 +585,7 @@ statement: <span><strong class="command">controls { };</strong></span>.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578491"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2573026"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@@ -594,7 +594,7 @@ statement: <span><strong class="command">controls { };</strong></span>.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578513"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2573047"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG, see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>.</p>
<p>
@@ -622,7 +622,7 @@ string.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578644"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2573110"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
@@ -646,7 +646,7 @@ string.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578770"></a><span><strong class="command">logging</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2573236"></a><span><strong class="command">logging</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">logging</strong></span> statement configures a wide
variety of logging options for the nameserver. Its <span><strong class="command">channel</strong></span> phrase
associates output methods, format options and severity levels with
@@ -669,7 +669,7 @@ channels, or to standard error if the "<code class="option">-g</code>" option
was specified.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2578822"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2573288"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.</p>
<p>Every channel definition must include a destination clause that
@@ -964,7 +964,7 @@ a <span><strong class="command">delegation-only</strong></span> in a hint or stu
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2579928"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574326"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p> This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:</p>
<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
@@ -977,10 +977,10 @@ statement in the <code class="filename">named.conf</code> file:</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2580001"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2574398"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">lwres</strong></span> statement configures the name
server to also act as a light-weight resolver daemon. (See
-<a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called &#8220;Running a Resolver Daemon&#8221;</a>.) There may be be multiple
+<a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called &#8220;Running a Resolver Daemon&#8221;</a>.) There may be multiple
<span><strong class="command">lwres</strong></span> statements configuring
lightweight resolver servers with different properties.</p>
<p>The <span><strong class="command">listen-on</strong></span> statement specifies a list of
@@ -1005,7 +1005,7 @@ exact match lookup before search path elements are appended.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2580064"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574530"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:</p>
<pre class="programlisting">options {
@@ -1104,7 +1104,7 @@ statement in the <code class="filename">named.conf</code> file:</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2580856"></a><span><strong class="command">options</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2575390"></a><span><strong class="command">options</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">options</strong></span> statement sets up global options
to be used by <acronym class="acronym">BIND</acronym>. This statement may appear only
once in a configuration file. If more than one occurrence is found,
@@ -1364,7 +1364,7 @@ in the <span><strong class="command">statistics-file</strong></span>. See also
</p></dd>
<dt><span class="term"><span><strong class="command">use-ixfr</strong></span></span></dt>
<dd><p><span class="emphasis"><em>This option is obsolete</em></span>.
-If you need to disable IXFR to a particular server or servers see
+If you need to disable IXFR to a particular server or servers, see
the information on the <span><strong class="command">provide-ixfr</strong></span> option
in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called &#8220;<span><strong class="command">server</strong></span> Statement Definition and Usage&#8221;</a>. See also
<a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called &#8220;Incremental Zone Transfers (IXFR)&#8221;</a>.
@@ -1459,7 +1459,7 @@ The use of this option for any other purpose is discouraged.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582032"></a>Forwarding</h4></div></div></div>
+<a name="id2576566"></a>Forwarding</h4></div></div></div>
<p>The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
nameservers. It can also be used to allow queries by servers that
@@ -1536,7 +1536,7 @@ from these addresses will not be responded to. The default is <strong class="use
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582274"></a>Interfaces</h4></div></div></div>
+<a name="id2576740"></a>Interfaces</h4></div></div></div>
<p>The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
an optional port, and an <code class="varname">address_match_list</code>.
@@ -1578,7 +1578,7 @@ the server will not listen on any IPv6 address.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582426"></a>Query Address</h4></div></div></div>
+<a name="id2576824"></a>Query Address</h4></div></div></div>
<p>If the server doesn't know the answer to a question, it will
query other nameservers. <span><strong class="command">query-source</strong></span> specifies
the address and port used for such queries. For queries sent over
@@ -1741,7 +1741,7 @@ but applies to notify messages sent to IPv6 addresses.</p></dd>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582966"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2577432"></a>Operating System Resource Limits</h4></div></div></div>
<p>The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
example, <span><strong class="command">1G</strong></span> can be used instead of
@@ -1785,7 +1785,7 @@ may use. The default is <code class="literal">default</code>.</p></dd>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583067"></a>Server Resource Limits</h4></div></div></div>
+<a name="id2577533"></a>Server Resource Limits</h4></div></div></div>
<p>The following options set limits on the server's
resource consumption that are enforced internally by the
server rather than the operating system.</p>
@@ -1818,7 +1818,7 @@ records are purged from the cache only when their TTLs expire.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583137"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2577603"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>The server will remove expired resource records
@@ -1845,7 +1845,7 @@ every <span><strong class="command">statistics-interval</strong></span> minutes.
60. If set to 0, no statistics will be logged.</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
-<p>Not yet implemented in <acronym class="acronym">BIND</acronym>9.</p>
+<p>Not yet implemented in <acronym class="acronym">BIND</acronym> 9.</p>
</div>
</dd>
</dl></div>
@@ -2283,7 +2283,7 @@ supported.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2584568"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2579171"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">trusted-keys {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@@ -2292,7 +2292,7 @@ supported.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2584616"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2579219"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>The <span><strong class="command">trusted-keys</strong></span> statement defines DNSSEC
security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called &#8220;DNSSEC&#8221;</a>. A security root is defined when the public key for a non-authoritative
@@ -2308,7 +2308,7 @@ key data.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2584640"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2579242"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">view <em class="replaceable"><code>view_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
match-clients { <em class="replaceable"><code>address_match_list</code></em> } ;
match-destinations { <em class="replaceable"><code>address_match_list</code></em> } ;
@@ -2321,7 +2321,7 @@ key data.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2584824"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2579290"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">view</strong></span> statement is a powerful new feature
of <acronym class="acronym">BIND</acronym> 9 that lets a name server answer a DNS query differently
depending on who is asking. It is particularly useful for implementing
@@ -2504,10 +2504,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2586007"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2580473"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586013"></a>Zone Types</h4></div></div></div>
+<a name="id2580480"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -2535,7 +2535,7 @@ and reloaded from this file on a server restart. Use of a file is
recommended, since it often speeds server startup and eliminates
a needless waste of bandwidth. Note that for large numbers (in the
tens or hundreds of thousands) of zones per server, it is best to
-use a two-level naming scheme for zone file names. For example,
+use a two-level naming scheme for zone filenames. For example,
a slave server for the zone <code class="literal">example.com</code> might place
the zone contents into a file called
<code class="filename">ex/example.com</code> where <code class="filename">ex/</code> is
@@ -2618,7 +2618,7 @@ from forwarders.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586388"></a>Class</h4></div></div></div>
+<a name="id2580717"></a>Class</h4></div></div></div>
<p>The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
is assumed. This is correct for the vast majority of cases.</p>
@@ -2628,12 +2628,12 @@ used to share information about various systems databases, such
as users, groups, printers and so on. The keyword
<code class="literal">HS</code> is
a synonym for hesiod.</p>
-<p>Another MIT development is CHAOSnet, a LAN protocol created
+<p>Another MIT development is Chaosnet, a LAN protocol created
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586419"></a>Zone Options</h4></div></div></div>
+<a name="id2580748"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>See the description of
@@ -2849,7 +2849,7 @@ SIG, NS, SOA, and NXT. Types may be specified by name, including
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2587316"></a>Zone File</h2></div></div></div>
+<a name="id2581782"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -2859,7 +2859,7 @@ Since the publication of RFC 1034, several new RRs have been identified
and implemented in the DNS. These are also included.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2587334"></a>Resource Records</h4></div></div></div>
+<a name="id2581800"></a>Resource Records</h4></div></div></div>
<p>A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
information associated with a particular name is composed of
@@ -3099,11 +3099,11 @@ owner domain.</p></td>
</tr>
<tr>
<td><p>NS</p></td>
-<td><p>a fully qualified domain name.</p></td>
+<td><p>a fully-qualified domain name.</p></td>
</tr>
<tr>
<td><p>PTR</p></td>
-<td><p>a fully qualified domain name.</p></td>
+<td><p>a fully-qualified domain name.</p></td>
</tr>
<tr>
<td><p>SOA</p></td>
@@ -3134,7 +3134,7 @@ used as "pointers" to other data in the DNS.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588346"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2582812"></a>Textual expression of RRs</h4></div></div></div>
<p>RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form when
stored in a nameserver or resolver. In the examples provided in
@@ -3224,7 +3224,7 @@ each of a different class.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2588704"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2583238"></a>Discussion of MX Records</h3></div></div></div>
<p>As described above, domain servers store information as a
series of resource records, each of which contains a particular
piece of information about a given domain name (which is usually,
@@ -3341,7 +3341,7 @@ can be explicitly specified, for example, <code class="literal">1h30m</code>. </
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589337"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2583872"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
and PTR records. Entries in the in-addr.arpa domain are made in
@@ -3372,14 +3372,14 @@ in the [<span class="optional">example.com</span>] domain:</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>The <span><strong class="command">$ORIGIN</strong></span> lines in the examples
-are for providing context to the examples only-they do not necessarily
+are for providing context to the examples only &#8212; they do not necessarily
appear in the actual usage. They are only used here to indicate
that the example is relative to the listed origin.</p>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589443"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2584114"></a>Other Zone File Directives</h3></div></div></div>
<p>The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format itself
is class independent all records in a Master File must be of the same
@@ -3388,7 +3388,7 @@ class.</p>
and <span><strong class="command">$TTL.</strong></span></p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589462"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2584133"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>Syntax: <span><strong class="command">$ORIGIN
</strong></span><em class="replaceable"><code>domain-name</code></em> [<span class="optional"> <em class="replaceable"><code>comment</code></em></span>]</p>
<p><span><strong class="command">$ORIGIN</strong></span> sets the domain name that will
@@ -3403,7 +3403,7 @@ WWW CNAME MAIN-SERVER</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589586"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2584188"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em> [<span class="optional">
<em class="replaceable"><code>origin</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>comment</code></em> </span>]</p>
@@ -3427,7 +3427,7 @@ This could be construed as a deviation from RFC 1035, a feature, or both.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589649"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2584251"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em> [<span class="optional">
<em class="replaceable"><code>comment</code></em> </span>]</p>
@@ -3438,7 +3438,7 @@ with undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589680"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>.
+<a name="id2584282"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>.
<p>Syntax: <span><strong class="command">$GENERATE</strong></span> <em class="replaceable"><code>range</code></em> <em class="replaceable"><code>lhs</code></em> <em class="replaceable"><code>type</code></em> <em class="replaceable"><code>rhs</code></em> [<span class="optional"> <em class="replaceable"><code>comment</code></em> </span>]</p>
<p><span><strong class="command">$GENERATE</strong></span> is used to create a series of
resource records that only differ from each other by an iterator. <span><strong class="command">$GENERATE</strong></span> can
@@ -3471,16 +3471,16 @@ or start-stop/step. If the first form is used, then step is set to
<tr>
<td><p><span><strong class="command">lhs</strong></span></p></td>
<td>
-<p><span><strong class="command">lhs</strong></span> describes the
+<p>This describes the
owner name of the resource records to be created. Any single
<span><strong class="command">$</strong></span> (dollar sign) symbols
within the <span><strong class="command">lhs</strong></span> side are replaced by the iterator
value.
-To get a $ in the output you need to escape the <span><strong class="command">$</strong></span>
+To get a $ in the output, you need to escape the <span><strong class="command">$</strong></span>
using a backslash <span><strong class="command">\</strong></span>,
e.g. <span><strong class="command">\$</strong></span>. The <span><strong class="command">$</strong></span> may optionally be followed
by modifiers which change the offset from the interator, field width and base.
-Modifiers are introduced by a <span><strong class="command">{</strong></span> immediately following the
+Modifiers are introduced by a <span><strong class="command">{</strong></span> (left brace) immediately following the
<span><strong class="command">$</strong></span> as <span><strong class="command">${offset[,width[,base]]}</strong></span>.
For example, <span><strong class="command">${-20,3,d}</strong></span> which subtracts 20 from the current value,
prints the result as a decimal in a zero-padded field of width 3. Available
@@ -3501,7 +3501,7 @@ PTR, CNAME, DNAME, A, AAAA and NS.</p></td>
</tr>
<tr>
<td><p><span><strong class="command">rhs</strong></span></p></td>
-<td><p>A domain name. It is processed
+<td><p><span><strong class="command">rhs</strong></span> is a domain name. It is processed
similarly to lhs.</p></td>
</tr>
</tbody>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 059269b2..6f01f2a7 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.50.2.30 2006/09/13 02:56:03 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.50.2.34 2007/05/08 02:29:20 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 7. BIND 9 Security Considerations</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Configuration Reference">
@@ -46,11 +46,11 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2589998"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2584602"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span> (for
UNIX servers)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2590211">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2590268">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2584746">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2584804">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -102,7 +102,7 @@ see the <span class="emphasis"><em>AUSCERT</em></span> advisory at
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2589998"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
+<a name="id2584602"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span> (for
UNIX servers)</h2></div></div></div>
<p>On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym> in a <span class="emphasis"><em>chrooted</em></span> environment
(using the <span><strong class="command">chroot()</strong></span> function) by specifying the "<code class="option">-t</code>"
@@ -117,7 +117,7 @@ user 202:</p>
<p><strong class="userinput"><code>/usr/local/bin/named -u 202 -t /var/named</code></strong></p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590211"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2584746"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>In order for a <span><strong class="command">chroot</strong></span> environment to
work properly in a particular directory
(for example, <code class="filename">/var/named</code>),
@@ -129,7 +129,7 @@ like <span><strong class="command">directory</strong></span> and <span><strong c
for this.
</p>
<p>
-Unlike with earlier versions of BIND, you will typically
+Unlike with earlier versions of BIND, you typically will
<span class="emphasis"><em>not</em></span> need to compile <span><strong class="command">named</strong></span>
statically nor install shared libraries under the new root.
However, depending on your operating system, you may need
@@ -142,7 +142,7 @@ to set up things like
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590268"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2584804"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>Prior to running the <span><strong class="command">named</strong></span> daemon, use
the <span><strong class="command">touch</strong></span> utility (to change file access and
modification times) or the <span><strong class="command">chown</strong></span> utility (to
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 058c8d82..1bb7349e 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.50.2.29 2006/09/13 02:56:03 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.50.2.34 2007/05/08 02:29:20 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 8. Troubleshooting</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch07.html" title="Chapter 7. BIND 9 Security Considerations">
@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2590339">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2590344">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2590356">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2590373">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2584874">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2584880">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2584891">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2584908">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2590339"></a>Common Problems</h2></div></div></div>
+<a name="id2584874"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590344"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2584880"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>The best solution to solving installation and
configuration issues is to take preventative measures by setting
up logging files beforehand. The log files provide a
@@ -66,13 +66,13 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2590356"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
-<p>Zone serial numbers are just numbers-they aren't date
+<a name="id2584891"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<p>Zone serial numbers are just numbers &#8212; they aren't date
related. A lot of people set them to a number that represents a
- date, usually of the form YYYYMMDDRR. A number of people have been
- testing these numbers for Y2K compliance and have set the number
- to the year 2000 to see if it will work. They then try to restore
- the old serial number. This will cause problems because serial
+ date, usually of the form YYYYMMDDRR. A number of people
+ tested these numbers for Y2K compliance and set the number
+ to the year 2000 to see if it would work. They then tried to restore
+ the old serial number. This caused problems because serial
numbers are used to indicate that a zone has been updated. If the
serial number on the slave server is lower than the serial number
on the master, the slave server will attempt to update its copy of
@@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2590373"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2584908"></a>Where Can I Get Help?</h2></div></div></div>
<p>The Internet Software Consortium (<acronym class="acronym">ISC</acronym>) offers a wide range
of support and service agreements for <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym> servers. Four
levels of premium support are available and each level includes
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index a494a6fe..aa5a7744 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.50.2.32 2006/09/13 02:56:03 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.50.2.37 2007/05/16 06:57:46 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix A. Appendices</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting">
@@ -43,26 +43,27 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2590503">Acknowledgements</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2590508">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2585038">Acknowledgements</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2585044">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#historical_dns_information">Historical <acronym class="acronym">DNS</acronym> Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#classes_of_resource_records">Classes of Resource Records</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2590708">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2585254">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (A6)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2592942">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2587625">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2590503"></a>Acknowledgements</h2></div></div></div>
+<a name="id2585038"></a>Acknowledgements</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590508"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></h3></div></div></div>
+<a name="id2585044"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
+</h3></div></div></div>
<p>Although the "official" beginning of the Domain Name
System occurred in 1984 with the publication of RFC 920, the
core of the new system was described in 1983 in RFCs 882 and
@@ -97,7 +98,7 @@ employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym>
to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
during that time: Doug Kingston, Craig Partridge, Smoot Carl-Mitchell,
Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
-handled by Mike Karels and O. Kure.</p>
+handled by Mike Karels and Øivind Kure.</p>
<p><acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were released by Digital Equipment
Corporation (now Compaq Computer Corporation). Paul Vixie, then
a DEC employee, became <acronym class="acronym">BIND</acronym>'s primary caretaker. He was assisted
@@ -105,13 +106,27 @@ by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew
Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
Wolfhugel, and others.</p>
-<p><acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by Vixie Enterprises. Paul
+<p>In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by Vixie Enterprises. Paul
Vixie became <acronym class="acronym">BIND</acronym>'s principal architect/programmer.</p>
<p><acronym class="acronym">BIND</acronym> versions from 4.9.3 onward have been developed and maintained
by the Internet Software Consortium with support being provided
-by ISC's sponsors. As co-architects/programmers, Bob Halley and
+by ISC's sponsors.
+ </p>
+<p>As co-architects/programmers, Bob Halley and
Paul Vixie released the first production-ready version of <acronym class="acronym">BIND</acronym> version
8 in May 1997.</p>
+<p>
+ BIND version 9 was released in September 2000 and is a
+ major rewrite of nearly all aspects of the underlying
+ BIND architecture.
+ </p>
+<p>
+ BIND version 4 is officially deprecated and BIND version
+ 8 development is considered maintenance-only in favor
+ of BIND version 9. No additional development is done
+ on BIND version 4 or BIND version 8 other than for
+ security-related patches.
+ </p>
<p><acronym class="acronym">BIND</acronym> development work is made possible today by the sponsorship
of several corporations, and by the tireless work efforts of numerous
individuals.</p>
@@ -125,7 +140,7 @@ individuals.</p>
<a name="classes_of_resource_records"></a>Classes of Resource Records</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2590677"></a>HS = hesiod</h4></div></div></div>
+<a name="id2585223"></a>HS = hesiod</h4></div></div></div>
<p>The [<span class="optional">hesiod</span>] class is an information service
developed by MIT's Project Athena. It is used to share information
about various systems databases, such as users, groups, printers
@@ -134,16 +149,16 @@ hesiod.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2590693"></a>CH = chaos</h4></div></div></div>
+<a name="id2585239"></a>CH = chaos</h4></div></div></div>
<p>The <span><strong class="command">chaos</strong></span> class is used to specify zone
-data for the MIT-developed CHAOSnet, a LAN protocol created in the
+data for the MIT-developed Chaosnet, a LAN protocol created in the
mid-1970s.</p>
</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2590708"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id2585254"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (A6)</h3></div></div></div>
@@ -153,7 +168,8 @@ scalable Internet routing. There are three types of addresses: <span class="emph
an identifier for a single interface; <span class="emphasis"><em>Anycast</em></span>,
an identifier for a set of interfaces; and <span class="emphasis"><em>Multicast</em></span>,
an identifier for a set of interfaces. Here we describe the global
-Unicast address scheme. For more information, see RFC 2374.</p>
+Unicast address scheme. For more information, see RFC 3587,
+"Global Unicast Address Format."</p>
<p>The aggregatable global Unicast address format is as follows:</p>
<div class="informaltable"><table border="1">
<colgroup>
@@ -323,17 +339,17 @@ the number of the RFC). RFCs are also available via the Web at
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2591499"></a>Bibliography</h4></div></div></div>
+<a name="id2586182"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2591510"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2586193"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591533"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2586216"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591557"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
+<a name="id2586240"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -341,22 +357,22 @@ Specification</i>. </span><span class="pubdate">November 1987. </span></p>
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2591594"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym> Specification</i>. </span><span class="pubdate">July 1997. </span></p>
+<a name="id2586277"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym> Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591620"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym> Queries</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2586302"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym> Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591645"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2586328"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591670"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2586353"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591762"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2586376"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591817"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2586432"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
@@ -367,85 +383,85 @@ Specification</i>. </span><span class="pubdate">November 1987. </span></p>
RFCs are undergoing major revision by the IETF.</p>
</div>
<div class="biblioentry">
-<a name="id2591893"></a><p>[<abbr class="abbrev">RFC1886</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP version 6</i>. </span><span class="pubdate">December 1995. </span></p>
+<a name="id2586507"></a><p>[<abbr class="abbrev">RFC1886</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP version 6</i>. </span><span class="pubdate">December 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591931"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2586546"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2591971"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2586585"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym> Implementation</h3>
<div class="biblioentry">
-<a name="id2592007"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
+<a name="id2586621"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592033"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
+<a name="id2586647"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592100"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2586714"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2592141"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2586756"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592199"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2586813"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592236"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2586851"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592272"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the Domain
+<a name="id2586886"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592326"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the Location of
+<a name="id2586940"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592365"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to Distribute MIXER
+<a name="id2586980"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592392"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2587006"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2592426"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
+<a name="id2587041"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592452"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and Support</i>. </span><span class="pubdate">October 1989. </span></p>
+<a name="id2587066"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592475"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2587090"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592497"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2587111"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2592551"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
+<a name="id2587165"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592577"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
+<a name="id2587259"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592603"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2587286"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592640"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2587322"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
@@ -456,28 +472,28 @@ Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998
<acronym class="acronym">DNS</acronym>-related, are not concerned with implementing software.</p>
</div>
<div class="biblioentry">
-<a name="id2592699"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
+<a name="id2587382"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592722"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2587404"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592746"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
+<a name="id2587429"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592771"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2587453"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592793"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2587476"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2592839"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2587522"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RRs</h3>
<div class="biblioentry">
-<a name="id2592870"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2587553"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
</div>
@@ -497,13 +513,14 @@ after which they are deleted unless updated by their authors.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2592942"></a>Other Documents About <acronym class="acronym">BIND</acronym></h3></div></div></div>
+<a name="id2587625"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592952"></a>Bibliography</h4></div></div></div>
+<a name="id2587635"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2592954"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2587637"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index fab5b219..ebf04826 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,14 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.60.2.33 2006/09/13 02:56:03 marka Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.60.2.39 2007/05/16 06:57:47 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>BIND 9 Administrator Reference Manual</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="next" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction ">
+<link rel="next" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
@@ -40,8 +40,8 @@
<div class="titlepage">
<div>
<div><h1 class="title">
-<a name="id2482844"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="copyright">Copyright © 2004-2006 Internet Systems Consortium, Inc. ("ISC")</p></div>
+<a name="id2476355"></a>BIND 9 Administrator Reference Manual</h1></div>
+<div><p class="copyright">Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@@ -51,40 +51,40 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction </a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569434">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569460">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569736">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569994">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563876">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564243">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564314">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564572">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570014">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570312">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570396">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570539">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570631">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570689">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2563159">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2563184">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564974">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565117">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565209">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2565267">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570925">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570950">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570961">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570976">Nameserver Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2570984">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565299">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565323">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565402">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565417">Nameserver Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2565426">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Nameserver Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571149">A Caching-only Nameserver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571162">An Authoritative-only Nameserver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2565591">A Caching-only Nameserver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2565672">An Authoritative-only Nameserver</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2571185">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2565694">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#notify">Notify</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2571575">Nameserver Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2566085">Nameserver Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571580">Tools for Use With the Nameserver Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2574565">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2566090">Tools for Use With the Nameserver Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569165">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced Concepts</a></span></dt>
@@ -92,35 +92,36 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2574805">Split DNS</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569474">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569491">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575436">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575502">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575511">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575550">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575603">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575646">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569971">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570037">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570045">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570085">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570137">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570181">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2575660">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2575709">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570195">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570312">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575763">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2575899">Creating a Keyset</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576006">Signing the Child's Keyset</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576116">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576170">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570365">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570434">Creating a Keyset</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570540">Signing the Child's Keyset</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570650">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570705">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2576195">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570729">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576250">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2576264">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570785">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570798">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2576296">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2570830">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -128,77 +129,77 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577239">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2571910">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577882"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2572280"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578061"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2572459"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578454"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578469"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578491"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578513"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578644"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578770"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579928"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580001"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580064"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580856"><span><strong class="command">options</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2572988"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573003"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573026"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573047"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573110"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573236"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574326"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574398"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574530"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575390"><span><strong class="command">options</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584568"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584616"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579171"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579219"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584640"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584824"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579242"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2579290"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586007"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2580473"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2587316">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2581782">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2588704">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2583238">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589337">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589443">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589680"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2583872">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584114">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2584282"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2589998"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2584602"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span> (for
UNIX servers)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2590211">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2590268">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2584746">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2584804">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2590339">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2590344">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2590356">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2590373">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2584874">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2584880">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2584891">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2584908">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2590503">Acknowledgements</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2590508">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2585038">Acknowledgements</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2585044">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#historical_dns_information">Historical <acronym class="acronym">DNS</acronym> Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#classes_of_resource_records">Classes of Resource Records</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2590708">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2585254">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (A6)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2592942">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2587625">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
</dl>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index eaa8a31e..eef8eefb 100755
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
@@ -222,916 +222,936 @@ endobj
(4.3 Split DNS)
endobj
153 0 obj
-<< /S /GoTo /D (section.4.4) >>
+<< /S /GoTo /D (subsection.4.3.1) >>
endobj
156 0 obj
-(4.4 TSIG)
+(4.3.1 Example split DNS setup)
endobj
157 0 obj
-<< /S /GoTo /D (subsection.4.4.1) >>
+<< /S /GoTo /D (section.4.4) >>
endobj
160 0 obj
-(4.4.1 Generate Shared Keys for Each Pair of Hosts)
+(4.4 TSIG)
endobj
161 0 obj
-<< /S /GoTo /D (subsubsection.4.4.1.1) >>
+<< /S /GoTo /D (subsection.4.4.1) >>
endobj
164 0 obj
-(4.4.1.1 Automatic Generation)
+(4.4.1 Generate Shared Keys for Each Pair of Hosts)
endobj
165 0 obj
-<< /S /GoTo /D (subsubsection.4.4.1.2) >>
+<< /S /GoTo /D (subsubsection.4.4.1.1) >>
endobj
168 0 obj
-(4.4.1.2 Manual Generation)
+(4.4.1.1 Automatic Generation)
endobj
169 0 obj
-<< /S /GoTo /D (subsection.4.4.2) >>
+<< /S /GoTo /D (subsubsection.4.4.1.2) >>
endobj
172 0 obj
-(4.4.2 Copying the Shared Secret to Both Machines)
+(4.4.1.2 Manual Generation)
endobj
173 0 obj
-<< /S /GoTo /D (subsection.4.4.3) >>
+<< /S /GoTo /D (subsection.4.4.2) >>
endobj
176 0 obj
-(4.4.3 Informing the Servers of the Key's Existence)
+(4.4.2 Copying the Shared Secret to Both Machines)
endobj
177 0 obj
-<< /S /GoTo /D (subsection.4.4.4) >>
+<< /S /GoTo /D (subsection.4.4.3) >>
endobj
180 0 obj
-(4.4.4 Instructing the Server to Use the Key)
+(4.4.3 Informing the Servers of the Key's Existence)
endobj
181 0 obj
-<< /S /GoTo /D (subsection.4.4.5) >>
+<< /S /GoTo /D (subsection.4.4.4) >>
endobj
184 0 obj
-(4.4.5 TSIG Key Based Access Control)
+(4.4.4 Instructing the Server to Use the Key)
endobj
185 0 obj
-<< /S /GoTo /D (subsection.4.4.6) >>
+<< /S /GoTo /D (subsection.4.4.5) >>
endobj
188 0 obj
-(4.4.6 Errors)
+(4.4.5 TSIG Key Based Access Control)
endobj
189 0 obj
-<< /S /GoTo /D (section.4.5) >>
+<< /S /GoTo /D (subsection.4.4.6) >>
endobj
192 0 obj
-(4.5 TKEY)
+(4.4.6 Errors)
endobj
193 0 obj
-<< /S /GoTo /D (section.4.6) >>
+<< /S /GoTo /D (section.4.5) >>
endobj
196 0 obj
-(4.6 SIG\(0\))
+(4.5 TKEY)
endobj
197 0 obj
-<< /S /GoTo /D (section.4.7) >>
+<< /S /GoTo /D (section.4.6) >>
endobj
200 0 obj
-(4.7 DNSSEC)
+(4.6 SIG\(0\))
endobj
201 0 obj
-<< /S /GoTo /D (subsection.4.7.1) >>
+<< /S /GoTo /D (section.4.7) >>
endobj
204 0 obj
-(4.7.1 Generating Keys)
+(4.7 DNSSEC)
endobj
205 0 obj
-<< /S /GoTo /D (subsection.4.7.2) >>
+<< /S /GoTo /D (subsection.4.7.1) >>
endobj
208 0 obj
-(4.7.2 Creating a Keyset)
+(4.7.1 Generating Keys)
endobj
209 0 obj
-<< /S /GoTo /D (subsection.4.7.3) >>
+<< /S /GoTo /D (subsection.4.7.2) >>
endobj
212 0 obj
-(4.7.3 Signing the Child's Keyset)
+(4.7.2 Creating a Keyset)
endobj
213 0 obj
-<< /S /GoTo /D (subsection.4.7.4) >>
+<< /S /GoTo /D (subsection.4.7.3) >>
endobj
216 0 obj
-(4.7.4 Signing the Zone)
+(4.7.3 Signing the Child's Keyset)
endobj
217 0 obj
-<< /S /GoTo /D (subsection.4.7.5) >>
+<< /S /GoTo /D (subsection.4.7.4) >>
endobj
220 0 obj
-(4.7.5 Configuring Servers)
+(4.7.4 Signing the Zone)
endobj
221 0 obj
-<< /S /GoTo /D (section.4.8) >>
+<< /S /GoTo /D (subsection.4.7.5) >>
endobj
224 0 obj
-(4.8 IPv6 Support in BIND 9)
+(4.7.5 Configuring Servers)
endobj
225 0 obj
-<< /S /GoTo /D (subsection.4.8.1) >>
+<< /S /GoTo /D (section.4.8) >>
endobj
228 0 obj
-(4.8.1 Address Lookups Using AAAA Records)
+(4.8 IPv6 Support in BIND 9)
endobj
229 0 obj
-<< /S /GoTo /D (subsection.4.8.2) >>
+<< /S /GoTo /D (subsection.4.8.1) >>
endobj
232 0 obj
-(4.8.2 Address to Name Lookups Using Nibble Format)
+(4.8.1 Address Lookups Using AAAA Records)
endobj
233 0 obj
-<< /S /GoTo /D (chapter.5) >>
+<< /S /GoTo /D (subsection.4.8.2) >>
endobj
236 0 obj
-(5 The BIND 9 Lightweight Resolver)
+(4.8.2 Address to Name Lookups Using Nibble Format)
endobj
237 0 obj
-<< /S /GoTo /D (section.5.1) >>
+<< /S /GoTo /D (chapter.5) >>
endobj
240 0 obj
-(5.1 The Lightweight Resolver Library)
+(5 The BIND 9 Lightweight Resolver)
endobj
241 0 obj
-<< /S /GoTo /D (section.5.2) >>
+<< /S /GoTo /D (section.5.1) >>
endobj
244 0 obj
-(5.2 Running a Resolver Daemon)
+(5.1 The Lightweight Resolver Library)
endobj
245 0 obj
-<< /S /GoTo /D (chapter.6) >>
+<< /S /GoTo /D (section.5.2) >>
endobj
248 0 obj
-(6 BIND 9 Configuration Reference)
+(5.2 Running a Resolver Daemon)
endobj
249 0 obj
-<< /S /GoTo /D (section.6.1) >>
+<< /S /GoTo /D (chapter.6) >>
endobj
252 0 obj
-(6.1 Configuration File Elements)
+(6 BIND 9 Configuration Reference)
endobj
253 0 obj
-<< /S /GoTo /D (subsection.6.1.1) >>
+<< /S /GoTo /D (section.6.1) >>
endobj
256 0 obj
-(6.1.1 Address Match Lists)
+(6.1 Configuration File Elements)
endobj
257 0 obj
-<< /S /GoTo /D (subsubsection.6.1.1.1) >>
+<< /S /GoTo /D (subsection.6.1.1) >>
endobj
260 0 obj
-(6.1.1.1 Syntax)
+(6.1.1 Address Match Lists)
endobj
261 0 obj
-<< /S /GoTo /D (subsubsection.6.1.1.2) >>
+<< /S /GoTo /D (subsubsection.6.1.1.1) >>
endobj
264 0 obj
-(6.1.1.2 Definition and Usage)
+(6.1.1.1 Syntax)
endobj
265 0 obj
-<< /S /GoTo /D (subsection.6.1.2) >>
+<< /S /GoTo /D (subsubsection.6.1.1.2) >>
endobj
268 0 obj
-(6.1.2 Comment Syntax)
+(6.1.1.2 Definition and Usage)
endobj
269 0 obj
-<< /S /GoTo /D (subsubsection.6.1.2.1) >>
+<< /S /GoTo /D (subsection.6.1.2) >>
endobj
272 0 obj
-(6.1.2.1 Syntax)
+(6.1.2 Comment Syntax)
endobj
273 0 obj
-<< /S /GoTo /D (subsubsection.6.1.2.2) >>
+<< /S /GoTo /D (subsubsection.6.1.2.1) >>
endobj
276 0 obj
-(6.1.2.2 Definition and Usage)
+(6.1.2.1 Syntax)
endobj
277 0 obj
-<< /S /GoTo /D (section.6.2) >>
+<< /S /GoTo /D (subsubsection.6.1.2.2) >>
endobj
280 0 obj
-(6.2 Configuration File Grammar)
+(6.1.2.2 Definition and Usage)
endobj
281 0 obj
-<< /S /GoTo /D (subsection.6.2.1) >>
+<< /S /GoTo /D (section.6.2) >>
endobj
284 0 obj
-(6.2.1 acl Statement Grammar)
+(6.2 Configuration File Grammar)
endobj
285 0 obj
-<< /S /GoTo /D (subsection.6.2.2) >>
+<< /S /GoTo /D (subsection.6.2.1) >>
endobj
288 0 obj
-(6.2.2 acl Statement Definition and Usage)
+(6.2.1 acl Statement Grammar)
endobj
289 0 obj
-<< /S /GoTo /D (subsection.6.2.3) >>
+<< /S /GoTo /D (subsection.6.2.2) >>
endobj
292 0 obj
-(6.2.3 controls Statement Grammar)
+(6.2.2 acl Statement Definition and Usage)
endobj
293 0 obj
-<< /S /GoTo /D (subsection.6.2.4) >>
+<< /S /GoTo /D (subsection.6.2.3) >>
endobj
296 0 obj
-(6.2.4 controls Statement Definition and Usage)
+(6.2.3 controls Statement Grammar)
endobj
297 0 obj
-<< /S /GoTo /D (subsection.6.2.5) >>
+<< /S /GoTo /D (subsection.6.2.4) >>
endobj
300 0 obj
-(6.2.5 include Statement Grammar)
+(6.2.4 controls Statement Definition and Usage)
endobj
301 0 obj
-<< /S /GoTo /D (subsection.6.2.6) >>
+<< /S /GoTo /D (subsection.6.2.5) >>
endobj
304 0 obj
-(6.2.6 include Statement Definition and Usage)
+(6.2.5 include Statement Grammar)
endobj
305 0 obj
-<< /S /GoTo /D (subsection.6.2.7) >>
+<< /S /GoTo /D (subsection.6.2.6) >>
endobj
308 0 obj
-(6.2.7 key Statement Grammar)
+(6.2.6 include Statement Definition and Usage)
endobj
309 0 obj
-<< /S /GoTo /D (subsection.6.2.8) >>
+<< /S /GoTo /D (subsection.6.2.7) >>
endobj
312 0 obj
-(6.2.8 key Statement Definition and Usage)
+(6.2.7 key Statement Grammar)
endobj
313 0 obj
-<< /S /GoTo /D (subsection.6.2.9) >>
+<< /S /GoTo /D (subsection.6.2.8) >>
endobj
316 0 obj
-(6.2.9 logging Statement Grammar)
+(6.2.8 key Statement Definition and Usage)
endobj
317 0 obj
-<< /S /GoTo /D (subsection.6.2.10) >>
+<< /S /GoTo /D (subsection.6.2.9) >>
endobj
320 0 obj
-(6.2.10 logging Statement Definition and Usage)
+(6.2.9 logging Statement Grammar)
endobj
321 0 obj
-<< /S /GoTo /D (subsubsection.6.2.10.1) >>
+<< /S /GoTo /D (subsection.6.2.10) >>
endobj
324 0 obj
-(6.2.10.1 The channel Phrase)
+(6.2.10 logging Statement Definition and Usage)
endobj
325 0 obj
-<< /S /GoTo /D (subsubsection.6.2.10.2) >>
+<< /S /GoTo /D (subsubsection.6.2.10.1) >>
endobj
328 0 obj
-(6.2.10.2 The category Phrase)
+(6.2.10.1 The channel Phrase)
endobj
329 0 obj
-<< /S /GoTo /D (subsection.6.2.11) >>
+<< /S /GoTo /D (subsubsection.6.2.10.2) >>
endobj
332 0 obj
-(6.2.11 lwres Statement Grammar)
+(6.2.10.2 The category Phrase)
endobj
333 0 obj
-<< /S /GoTo /D (subsection.6.2.12) >>
+<< /S /GoTo /D (subsection.6.2.11) >>
endobj
336 0 obj
-(6.2.12 lwres Statement Definition and Usage)
+(6.2.11 lwres Statement Grammar)
endobj
337 0 obj
-<< /S /GoTo /D (subsection.6.2.13) >>
+<< /S /GoTo /D (subsection.6.2.12) >>
endobj
340 0 obj
-(6.2.13 options Statement Grammar)
+(6.2.12 lwres Statement Definition and Usage)
endobj
341 0 obj
-<< /S /GoTo /D (subsection.6.2.14) >>
+<< /S /GoTo /D (subsection.6.2.13) >>
endobj
344 0 obj
-(6.2.14 options Statement Definition and Usage)
+(6.2.13 options Statement Grammar)
endobj
345 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.1) >>
+<< /S /GoTo /D (subsection.6.2.14) >>
endobj
348 0 obj
-(6.2.14.1 Boolean Options)
+(6.2.14 options Statement Definition and Usage)
endobj
349 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.2) >>
+<< /S /GoTo /D (subsubsection.6.2.14.1) >>
endobj
352 0 obj
-(6.2.14.2 Forwarding)
+(6.2.14.1 Boolean Options)
endobj
353 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.3) >>
+<< /S /GoTo /D (subsubsection.6.2.14.2) >>
endobj
356 0 obj
-(6.2.14.3 Access Control)
+(6.2.14.2 Forwarding)
endobj
357 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.4) >>
+<< /S /GoTo /D (subsubsection.6.2.14.3) >>
endobj
360 0 obj
-(6.2.14.4 Interfaces)
+(6.2.14.3 Access Control)
endobj
361 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.5) >>
+<< /S /GoTo /D (subsubsection.6.2.14.4) >>
endobj
364 0 obj
-(6.2.14.5 Query Address)
+(6.2.14.4 Interfaces)
endobj
365 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.6) >>
+<< /S /GoTo /D (subsubsection.6.2.14.5) >>
endobj
368 0 obj
-(6.2.14.6 Zone Transfers)
+(6.2.14.5 Query Address)
endobj
369 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.7) >>
+<< /S /GoTo /D (subsubsection.6.2.14.6) >>
endobj
372 0 obj
-(6.2.14.7 Operating System Resource Limits)
+(6.2.14.6 Zone Transfers)
endobj
373 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.8) >>
+<< /S /GoTo /D (subsubsection.6.2.14.7) >>
endobj
376 0 obj
-(6.2.14.8 Server Resource Limits)
+(6.2.14.7 Operating System Resource Limits)
endobj
377 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.9) >>
+<< /S /GoTo /D (subsubsection.6.2.14.8) >>
endobj
380 0 obj
-(6.2.14.9 Periodic Task Intervals)
+(6.2.14.8 Server Resource Limits)
endobj
381 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.10) >>
+<< /S /GoTo /D (subsubsection.6.2.14.9) >>
endobj
384 0 obj
-(6.2.14.10 Topology)
+(6.2.14.9 Periodic Task Intervals)
endobj
385 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.11) >>
+<< /S /GoTo /D (subsubsection.6.2.14.10) >>
endobj
388 0 obj
-(6.2.14.11 The sortlist Statement)
+(6.2.14.10 Topology)
endobj
389 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.12) >>
+<< /S /GoTo /D (subsubsection.6.2.14.11) >>
endobj
392 0 obj
-(6.2.14.12 RRset Ordering)
+(6.2.14.11 The sortlist Statement)
endobj
393 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.13) >>
+<< /S /GoTo /D (subsubsection.6.2.14.12) >>
endobj
396 0 obj
-(6.2.14.13 Synthetic IPv6 responses)
+(6.2.14.12 RRset Ordering)
endobj
397 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.14) >>
+<< /S /GoTo /D (subsubsection.6.2.14.13) >>
endobj
400 0 obj
-(6.2.14.14 Tuning)
+(6.2.14.13 Synthetic IPv6 responses)
endobj
401 0 obj
-<< /S /GoTo /D (subsubsection.6.2.14.15) >>
+<< /S /GoTo /D (subsubsection.6.2.14.14) >>
endobj
404 0 obj
-(6.2.14.15 The Statistics File)
+(6.2.14.14 Tuning)
endobj
405 0 obj
-<< /S /GoTo /D (subsection.6.2.15) >>
+<< /S /GoTo /D (subsubsection.6.2.14.15) >>
endobj
408 0 obj
-(6.2.15 server Statement Grammar)
+(6.2.14.15 The Statistics File)
endobj
409 0 obj
-<< /S /GoTo /D (subsection.6.2.16) >>
+<< /S /GoTo /D (subsection.6.2.15) >>
endobj
412 0 obj
-(6.2.16 server Statement Definition and Usage)
+(6.2.15 server Statement Grammar)
endobj
413 0 obj
-<< /S /GoTo /D (subsection.6.2.17) >>
+<< /S /GoTo /D (subsection.6.2.16) >>
endobj
416 0 obj
-(6.2.17 trusted-keys Statement Grammar)
+(6.2.16 server Statement Definition and Usage)
endobj
417 0 obj
-<< /S /GoTo /D (subsection.6.2.18) >>
+<< /S /GoTo /D (subsection.6.2.17) >>
endobj
420 0 obj
-(6.2.18 trusted-keys Statement Definition and Usage)
+(6.2.17 trusted-keys Statement Grammar)
endobj
421 0 obj
-<< /S /GoTo /D (subsection.6.2.19) >>
+<< /S /GoTo /D (subsection.6.2.18) >>
endobj
424 0 obj
-(6.2.19 view Statement Grammar)
+(6.2.18 trusted-keys Statement Definition and Usage)
endobj
425 0 obj
-<< /S /GoTo /D (subsection.6.2.20) >>
+<< /S /GoTo /D (subsection.6.2.19) >>
endobj
428 0 obj
-(6.2.20 view Statement Definition and Usage)
+(6.2.19 view Statement Grammar)
endobj
429 0 obj
-<< /S /GoTo /D (subsection.6.2.21) >>
+<< /S /GoTo /D (subsection.6.2.20) >>
endobj
432 0 obj
-(6.2.21 zone Statement Grammar)
+(6.2.20 view Statement Definition and Usage)
endobj
433 0 obj
-<< /S /GoTo /D (subsection.6.2.22) >>
+<< /S /GoTo /D (subsection.6.2.21) >>
endobj
436 0 obj
-(6.2.22 zone Statement Definition and Usage)
+(6.2.21 zone Statement Grammar)
endobj
437 0 obj
-<< /S /GoTo /D (subsubsection.6.2.22.1) >>
+<< /S /GoTo /D (subsection.6.2.22) >>
endobj
440 0 obj
-(6.2.22.1 Zone Types)
+(6.2.22 zone Statement Definition and Usage)
endobj
441 0 obj
-<< /S /GoTo /D (subsubsection.6.2.22.2) >>
+<< /S /GoTo /D (subsubsection.6.2.22.1) >>
endobj
444 0 obj
-(6.2.22.2 Class)
+(6.2.22.1 Zone Types)
endobj
445 0 obj
-<< /S /GoTo /D (subsubsection.6.2.22.3) >>
+<< /S /GoTo /D (subsubsection.6.2.22.2) >>
endobj
448 0 obj
-(6.2.22.3 Zone Options)
+(6.2.22.2 Class)
endobj
449 0 obj
-<< /S /GoTo /D (subsubsection.6.2.22.4) >>
+<< /S /GoTo /D (subsubsection.6.2.22.3) >>
endobj
452 0 obj
-(6.2.22.4 Dynamic Update Policies)
+(6.2.22.3 Zone Options)
endobj
453 0 obj
-<< /S /GoTo /D (section.6.3) >>
+<< /S /GoTo /D (subsubsection.6.2.22.4) >>
endobj
456 0 obj
-(6.3 Zone File)
+(6.2.22.4 Dynamic Update Policies)
endobj
457 0 obj
-<< /S /GoTo /D (subsection.6.3.1) >>
+<< /S /GoTo /D (section.6.3) >>
endobj
460 0 obj
-(6.3.1 Types of Resource Records and When to Use Them)
+(6.3 Zone File)
endobj
461 0 obj
-<< /S /GoTo /D (subsubsection.6.3.1.1) >>
+<< /S /GoTo /D (subsection.6.3.1) >>
endobj
464 0 obj
-(6.3.1.1 Resource Records)
+(6.3.1 Types of Resource Records and When to Use Them)
endobj
465 0 obj
-<< /S /GoTo /D (subsubsection.6.3.1.2) >>
+<< /S /GoTo /D (subsubsection.6.3.1.1) >>
endobj
468 0 obj
-(6.3.1.2 Textual expression of RRs)
+(6.3.1.1 Resource Records)
endobj
469 0 obj
-<< /S /GoTo /D (subsection.6.3.2) >>
+<< /S /GoTo /D (subsubsection.6.3.1.2) >>
endobj
472 0 obj
-(6.3.2 Discussion of MX Records)
+(6.3.1.2 Textual expression of RRs)
endobj
473 0 obj
-<< /S /GoTo /D (subsection.6.3.3) >>
+<< /S /GoTo /D (subsection.6.3.2) >>
endobj
476 0 obj
-(6.3.3 Setting TTLs)
+(6.3.2 Discussion of MX Records)
endobj
477 0 obj
-<< /S /GoTo /D (subsection.6.3.4) >>
+<< /S /GoTo /D (subsection.6.3.3) >>
endobj
480 0 obj
-(6.3.4 Inverse Mapping in IPv4)
+(6.3.3 Setting TTLs)
endobj
481 0 obj
-<< /S /GoTo /D (subsection.6.3.5) >>
+<< /S /GoTo /D (subsection.6.3.4) >>
endobj
484 0 obj
-(6.3.5 Other Zone File Directives)
+(6.3.4 Inverse Mapping in IPv4)
endobj
485 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.1) >>
+<< /S /GoTo /D (subsection.6.3.5) >>
endobj
488 0 obj
-(6.3.5.1 The \044ORIGIN Directive)
+(6.3.5 Other Zone File Directives)
endobj
489 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.2) >>
+<< /S /GoTo /D (subsubsection.6.3.5.1) >>
endobj
492 0 obj
-(6.3.5.2 The \044INCLUDE Directive)
+(6.3.5.1 The \044ORIGIN Directive)
endobj
493 0 obj
-<< /S /GoTo /D (subsubsection.6.3.5.3) >>
+<< /S /GoTo /D (subsubsection.6.3.5.2) >>
endobj
496 0 obj
-(6.3.5.3 The \044TTL Directive)
+(6.3.5.2 The \044INCLUDE Directive)
endobj
497 0 obj
-<< /S /GoTo /D (subsection.6.3.6) >>
+<< /S /GoTo /D (subsubsection.6.3.5.3) >>
endobj
500 0 obj
-(6.3.6 BIND Master File Extension: the \044GENERATE Directive)
+(6.3.5.3 The \044TTL Directive)
endobj
501 0 obj
-<< /S /GoTo /D (chapter.7) >>
+<< /S /GoTo /D (subsection.6.3.6) >>
endobj
504 0 obj
-(7 BIND 9 Security Considerations)
+(6.3.6 BIND Master File Extension: the \044GENERATE Directive)
endobj
505 0 obj
-<< /S /GoTo /D (section.7.1) >>
+<< /S /GoTo /D (chapter.7) >>
endobj
508 0 obj
-(7.1 Access Control Lists)
+(7 BIND 9 Security Considerations)
endobj
509 0 obj
-<< /S /GoTo /D (section.7.2) >>
+<< /S /GoTo /D (section.7.1) >>
endobj
512 0 obj
-(7.2 chroot and setuid \(for UNIX servers\))
+(7.1 Access Control Lists)
endobj
513 0 obj
-<< /S /GoTo /D (subsection.7.2.1) >>
+<< /S /GoTo /D (section.7.2) >>
endobj
516 0 obj
-(7.2.1 The chroot Environment)
+(7.2 Chroot and Setuid \(for UNIX servers\))
endobj
517 0 obj
-<< /S /GoTo /D (subsection.7.2.2) >>
+<< /S /GoTo /D (subsection.7.2.1) >>
endobj
520 0 obj
-(7.2.2 Using the setuid Function)
+(7.2.1 The chroot Environment)
endobj
521 0 obj
-<< /S /GoTo /D (section.7.3) >>
+<< /S /GoTo /D (subsection.7.2.2) >>
endobj
524 0 obj
-(7.3 Dynamic Update Security)
+(7.2.2 Using the setuid Function)
endobj
525 0 obj
-<< /S /GoTo /D (chapter.8) >>
+<< /S /GoTo /D (section.7.3) >>
endobj
528 0 obj
-(8 Troubleshooting)
+(7.3 Dynamic Update Security)
endobj
529 0 obj
-<< /S /GoTo /D (section.8.1) >>
+<< /S /GoTo /D (chapter.8) >>
endobj
532 0 obj
-(8.1 Common Problems)
+(8 Troubleshooting)
endobj
533 0 obj
-<< /S /GoTo /D (subsection.8.1.1) >>
+<< /S /GoTo /D (section.8.1) >>
endobj
536 0 obj
-(8.1.1 It's not working; how can I figure out what's wrong?)
+(8.1 Common Problems)
endobj
537 0 obj
-<< /S /GoTo /D (section.8.2) >>
+<< /S /GoTo /D (subsection.8.1.1) >>
endobj
540 0 obj
-(8.2 Incrementing and Changing the Serial Number)
+(8.1.1 It's not working; how can I figure out what's wrong?)
endobj
541 0 obj
-<< /S /GoTo /D (section.8.3) >>
+<< /S /GoTo /D (section.8.2) >>
endobj
544 0 obj
-(8.3 Where Can I Get Help?)
+(8.2 Incrementing and Changing the Serial Number)
endobj
545 0 obj
-<< /S /GoTo /D (appendix.A) >>
+<< /S /GoTo /D (section.8.3) >>
endobj
548 0 obj
-(A Appendices)
+(8.3 Where Can I Get Help?)
endobj
549 0 obj
-<< /S /GoTo /D (section.A.1) >>
+<< /S /GoTo /D (appendix.A) >>
endobj
552 0 obj
-(A.1 Acknowledgements)
+(A Appendices)
endobj
553 0 obj
-<< /S /GoTo /D (subsection.A.1.1) >>
+<< /S /GoTo /D (section.A.1) >>
endobj
556 0 obj
-(A.1.1 A Brief History of the DNS and BIND)
+(A.1 Acknowledgements)
endobj
557 0 obj
-<< /S /GoTo /D (section.A.2) >>
+<< /S /GoTo /D (subsection.A.1.1) >>
endobj
560 0 obj
-(A.2 Historical DNS Information)
+(A.1.1 A Brief History of the DNS and BIND)
endobj
561 0 obj
-<< /S /GoTo /D (subsection.A.2.1) >>
+<< /S /GoTo /D (section.A.2) >>
endobj
564 0 obj
-(A.2.1 Classes of Resource Records)
+(A.2 Historical DNS Information)
endobj
565 0 obj
-<< /S /GoTo /D (subsubsection.A.2.1.1) >>
+<< /S /GoTo /D (subsection.A.2.1) >>
endobj
568 0 obj
-(A.2.1.1 HS = hesiod)
+(A.2.1 Classes of Resource Records)
endobj
569 0 obj
-<< /S /GoTo /D (subsubsection.A.2.1.2) >>
+<< /S /GoTo /D (subsubsection.A.2.1.1) >>
endobj
572 0 obj
-(A.2.1.2 CH = chaos)
+(A.2.1.1 HS = hesiod)
endobj
573 0 obj
-<< /S /GoTo /D (section.A.3) >>
+<< /S /GoTo /D (subsubsection.A.2.1.2) >>
endobj
576 0 obj
-(A.3 General DNS Reference Information)
+(A.2.1.2 CH = chaos)
endobj
577 0 obj
-<< /S /GoTo /D (subsection.A.3.1) >>
+<< /S /GoTo /D (section.A.3) >>
endobj
580 0 obj
-(A.3.1 IPv6 addresses \(A6\))
+(A.3 General DNS Reference Information)
endobj
581 0 obj
-<< /S /GoTo /D (section.A.4) >>
+<< /S /GoTo /D (subsection.A.3.1) >>
endobj
584 0 obj
-(A.4 Bibliography \(and Suggested Reading\))
+(A.3.1 IPv6 addresses \(A6\))
endobj
585 0 obj
-<< /S /GoTo /D (subsection.A.4.1) >>
+<< /S /GoTo /D (section.A.4) >>
endobj
588 0 obj
-(A.4.1 Request for Comments \(RFCs\))
+(A.4 Bibliography \(and Suggested Reading\))
endobj
589 0 obj
-<< /S /GoTo /D (subsection.A.4.2) >>
+<< /S /GoTo /D (subsection.A.4.1) >>
endobj
592 0 obj
-(A.4.2 Internet Drafts)
+(A.4.1 Request for Comments \(RFCs\))
endobj
593 0 obj
-<< /S /GoTo /D (subsection.A.4.3) >>
+<< /S /GoTo /D (subsection.A.4.2) >>
endobj
596 0 obj
-(A.4.3 Other Documents About BIND)
+(A.4.2 Internet Drafts)
endobj
597 0 obj
-<< /S /GoTo /D [598 0 R /FitH ] >>
+<< /S /GoTo /D (subsection.A.4.3) >>
+endobj
+600 0 obj
+(A.4.3 Other Documents About BIND)
+endobj
+601 0 obj
+<< /S /GoTo /D [602 0 R /FitH ] >>
endobj
-600 0 obj <<
-/Length 223
+604 0 obj <<
+/Length 221
/Filter /FlateDecode
>>
stream
-xÚÍjÃ0„ï~Š=&PmµÚ][:6$--4‡¢[ÉÁM”ˆp~ž¿rì†B{(:hVû1ƒ†ÀæCà-*ª%…uSXøÌ»§‚FF”Q…9l F/ìÁ8ïQµt?±_8‰`Å>€Q«²yÏbqÿ(¨BG*·@°r–áÆÅÍûdö¼œOS; Ãõ°ivíîxêêÓ¡žÞÒ6u©]§a|­Ûs½Ÿ®âKŽ`  ê®YsÈÚxÁÒ;½F,—Ô|¤ÑÌù»QX[ö&Å"Þ~ó]+öý»¼/g—RÇendstream
+xÚMKA †ïû+rlÁ‰“¯™c‹(èAæ&–v[
+v…íîÿw¶«EЃä’<ÉK^_‚ zI
+!)š'ƒÍ±ò°/³ûŠ¾5AS‘Rü1u’£JÇ1¢YÍ?±_8©b˜À™7Låø„¯su}§ ÉòHö.o_ë‡ç›¥có‹4§Õöx觡o†~n½´»¶o»M;—OM76ïË·üX$ˆ0™ñY‚S
+\T¬#ÛYb5îÇÓ0ïÖWsfïÃt¡ºÍ—W¾½ÃÉ;÷ SQÞendstream
endobj
-598 0 obj <<
+602 0 obj <<
/Type /Page
-/Contents 600 0 R
-/Resources 599 0 R
+/Contents 604 0 R
+/Resources 603 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 609 0 R
+/Parent 613 0 R
>> endobj
-601 0 obj <<
-/D [598 0 R /XYZ 85.0394 794.5015 null]
+605 0 obj <<
+/D [602 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-602 0 obj <<
-/D [598 0 R /XYZ 85.0394 769.5949 null]
+606 0 obj <<
+/D [602 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-599 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R >>
+603 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-612 0 obj <<
-/Length 308
+616 0 obj <<
+/Length 309
/Filter /FlateDecode
>>
stream
-xÚµ’ÁnÂ0 †ï}Š©DŒÄIs»ÒÛØab…q€N¥ÓÄÛÏQ­›vA9ä·üɱÿ˜Ê!Å|4Q…耑X­vªä2úf[`g­W²ÚFÏ\ˆrPHµ!õƒ&ŠÀ:¥GðÖØ„ß•Ùd權½ñª\+2Ò§ ÎXùú4šÖïÇf»ykóçòQ1BÀ(}Eì€UJLf䥴àcPzÀ-eÖ½xdÚ4i‚ ¢çÚ0&ɽôšïÛªÙWm-Ž‡¶Úº`ZïuÓn?v㻂\[ByšqiŒ›/¦é’R'Ù}yv‰¬‘á½WÁ‘üOä¿-=Ñzˆ_±ÔùÇûª¿Yjni)ö>R/M/íUwëuûùÒäTŒªK‹áÒ¿ÓV[†´·ÿÞé/6¯žendstream
+xÚµ’MOÂ@†ïý{¤ æc?Ø«D ^éM<,Èj ÆðïM…VDãÅìaßÉ<™ywÈ 2΃Mˆ’3Ëm†f­¹»Œ>ëœÑàJ¶°(@U‰…±VëSßhÂ
endobj
-611 0 obj <<
+615 0 obj <<
/Type /Page
-/Contents 612 0 R
-/Resources 610 0 R
+/Contents 616 0 R
+/Resources 614 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 609 0 R
+/Parent 613 0 R
>> endobj
-613 0 obj <<
-/D [611 0 R /XYZ 56.6929 794.5015 null]
+617 0 obj <<
+/D [615 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-610 0 obj <<
-/Font << /F43 608 0 R /F14 616 0 R >>
+614 0 obj <<
+/Font << /F43 612 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-619 0 obj <<
+623 0 obj <<
/Length 2200
/Filter /FlateDecode
>>
stream
-xÚÝYKã6¾ûWø¨ÆZ>ÄWn;3›Å‹Yìv9$9¨%¶-Œ,)ztÇùõ[d‘¶lË3ƒ6X4ЦJUd±ê«E›® üѵ)á&[+“¥‚P±.ö+²Þ»¿¯hÐÉOEÆ9<,¼Ý®S¡™Zo擼}XýåûŒ­I¥dbýðt\K*ž™õCùsòn—w£íï6L„Þýúðše©ÒŠ:3KˆT¢½Á‡fìÛr*ƪm‚:_›ÔH&£¶[p×i?ì,L­¥3³}cG|zßîóªÁñÇ|tîÃh÷8þ…òþã=|P'PIÑ6C5Œ¾nŸðsŒó‡fÌÂ6È:[TO‡ ÍÖ»˜Å6c5V(UIuG“‡ÎöèvEij„`1a3œ‘Äm„3šäø¸«lŸ÷wT'Å®*ò¥û¼i Ì*KÞ€€kôǽéït2Õnq7É4ØåOmƒÒÖv›U³ ëLã®í«Ü< ¤}¶A×o.¬7a¦°… ù
-v¶yÆÉÚÆÏ¥ž1¹šW-_Ç3™f\_ÅÁðå80atÌÒ°0%%)!1c>|ÚÀQŽÛ_Ï'²TnŽY®ŽÆ0ã4Fdç1ìBÀg‡¡foàøò¸AëÕ<þmxõ45~ƒþ¨¤”º£ž™Pvð>¯J´EO"K 0$€qÀ7HÄ,_ÈÖÌ"¦{îÁœ{\’ˆöçÍÂY5’ažÜ¡ÈÔuûUKÙz=A—œ-$„«”+«Ö‡Ç$/;èdªb‡fPW®ðÛ·G6…§¼|ΡêÊ£¦¯@ô6t+ 12óvgCN©k„ϲ9ùºr“@¢4ÖwbPêOñÝñÌÅ^ $…íGÞº‡¶s»_f 5—ôšd"n0‚á|‰d¤*9c#ƒ‚ºÚîÆëþš "åÌdK41´õ3¶¤îüV2ô'Šùز⃠lµ.“Sf<»â`g —’Cª"œŽIu]L ÊÃÒU˜Ñw+4¸þ„í‰
-ÇݘšrÁèyÅ49.ÄÂG#ȹ¨»ë(\S ˜ª¥ ÉTj‚³þ9¬g‹ šÿºáoE%4¸y® ˜ô\µ.˜¢š/y¢—<Ñ©V:z2+Kw£ø#Ü[vmëëñ–ÁÀ~Ž·­;‡1IƤNB›*UòØ–ùàJ‚ ƒY Ož˜ä19ó`<X@3``©ø Üuê_»Î6eåNþ…ÂÓ@hÇ]¿ì—¤ŠÀ¸¥=M5Ž¯‰‘ ¸NÊóH̺Ý7Ž¤·'·ˆçÊÝ#—Ž=à£DðëmõXWí¶Ï»Ýaé܃¢ZFù怾
-hÎ77°ÌYãí^ã É¶Aß’Ó 4£Øi*¤ x/)Nè¯.XFp.P!/Êï÷_×bòÐbBGþì·mB?ùã/vUóm½&öÎÑöÔkúÇ—ÐSC¦/ºlD_¸‘dk;T:t˜¼Ý¸6üèþwΫÕߎßÜ M¢¦k*tJ$´rÅ~õÛêç_ɺ\‘õ+’r£Åú šHa¿Ê8 ‰ÐQR¯îWÿú/­¢³öà¦hG`®0Œ >Ÿj÷´¡™„%5=~ugžRî!`Ri²pÏñMS¸£Ä3ï*lœ‰ôôz¾Ä·y}œò nsh3­Ì¹Û?Ý#Þ„Ë0êëM×K!^qƒKæjlÿwpbNzèÒ¿~OÑâ&œþ3üôÕ&_„“k03d›Üñk7ðqç¾qt›q¸ÑVÛ£€%?þûoPs×ãLx­ŽçÚÅ5)f7èû«o¸Ü7ö%@ÀöûóW¡c½èÙ.¿-p3D_FN¨EDÏ"÷}õ»ãX ôûR•ãî6x_Íß?xc¢_‘ ‰˜ä à¥<%œEˆ§cX¥g^7}?³…^/‡Ð-ágîü @?y
+xÚÝYÝã¶÷_áG-pfù)‘y¼»¦¸ ¸¢Ý òæA–¸¶p²äèc7Î_ß!‡Ôʶ|wé-РX`M†äpæ7¿ÚlMá­µ"T¹ÎŒ$Š2µ.+ºÞÁ»¿­XБJ%…€‡…·%4QšgëÍ|‘·«¿|/ùšS’¦\­§½ÒL#¤Y?”?'ïöùq°Ý݆+š°»_~Ài’d:cn…-É Õ~‡fèÚr,†ªm‚ºXbRžFí 悹Nûaoaiºi¶kì€OïÛC^58þ˜‚Îý©ìÇÿ¦Š¾ÿxÌ ²¤h›¾ê‡_·ø9ÄõûS3ä¿adG[T§ Íö»XÅ6C5T(Í’êŽ% Ý$8£;cÄ(Å£Âa§‰;ˆà,Éñq_Ù.ïî˜NŠ}Uä5JyÓ€›3™¼Ðh{ÓÝéd¬Ýæn‘±·%ÊÛ¥­í.ªfö‡}ÛU˜yBIûdƒ®?\Ø!oÂJa+Nò>;ó'ªÇÚÀ¹ë†ƒ¡Ã>wáÊT’Ø×õ å‡üØã(ºT¼ÏA4‹³›X–Þ¶ïmOÀ-ˆ*ª–ù£ZÕÇ•+° jœ ܳ‡ˆ[w~­v<¢¢·›@ÒUÛqð‹¨¥x8©Û|›{«"æ™$B¦< XRÂS˜g@È(¥É}Ñ-®àÁŸïÛbtž[N®Iš™³d É[Û}‚ zš³Ô 1@þ’$Ô§ÃÛ߇|€·SÄzÔÈñ£Œ“@¥ ™E“Þv"Nêqg8­ñ°µA„ ŸGë=¶Yòp€"W"
+ìWi&‚:° Bê˜'^¿«ÅM6ÌS•“!•‚=çDP
+{"œÙÆ©!™’Ù’uü¦u<¨C–À`Ñ°ÆvD´'Š ~ŽhÔýu¬p0ÑÔõËMÓ`
+ÃsÀŒkLò”wU;†y¶yÂÅÚƯ©.y±šg-N¾öƒà)‘B_ùÁMË~àÊè¥~aIF ¥1ŽCÞÚ@)Àí¯×S’h#Ìõ`êУ¥`D%Ï}x ŸCÍß@ùò¸AëÕ<þmxõ86þ€¾T2Æ\©ç&¤¼Ï«ç¢%‘¥@ÀØã$b‰/Dk6#†MxîÁœ{\¨öõf¡ÖŸ{Í»¤ŸGO¨2uÝ>G•íi))…^O±¥
+ȃ̼ÝÙ0£ sðy)›“¯K·Hô„ƒÆúN Rý1¾›j.öb )l7øzëÚ£;ý2#¤ÐP‹”]3Bš¨Œ`„Xb„4RU:c#ƒ‚ºÚí‡gëþš ŠnäMômý„-©«ßYú“ŒûØ¢â lµ.ƒKJ!¯8ØMH—‚C–E2x)“Ùu2([WaEß­°`ú#¶'
+R¥£¤^ݯþù_ΊvÌš„›à<
+k…aõùR›x¦ séD5›¾‘º€³ Lx’n;¾u
+7•Xù®Ü&¸" §×ó-¾ÍêiÉ/˜- m”.§ÏÌþéxñ&\úáT_B¹þ8Uê!9\=(´X›0÷'ü!þgŠ3n‰‘#^¾à‹prm¦D¶É]+,á>ìÝ×!Žn¥€{=åµ<ùñ_ƒšû¶fšÀku¬n_Ô@¤Ý ï/ÀáŠßØç
+B·€ójæþYpÃÝ]KÝ‚ˆŒËùoW¿rOÁ@¨0_k½øCaüýo#q?'.¢G@
+Nå:(¹(ˆ+·ÇŸ_VŠ»ý‡úøendstream
endobj
-618 0 obj <<
+622 0 obj <<
/Type /Page
-/Contents 619 0 R
-/Resources 617 0 R
+/Contents 623 0 R
+/Resources 621 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 609 0 R
+/Parent 613 0 R
>> endobj
-620 0 obj <<
-/D [618 0 R /XYZ 85.0394 794.5015 null]
+624 0 obj <<
+/D [622 0 R /XYZ 85.0394 794.5015 null]
>> endobj
6 0 obj <<
-/D [618 0 R /XYZ 85.0394 769.5949 null]
+/D [622 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-621 0 obj <<
-/D [618 0 R /XYZ 85.0394 582.8476 null]
+625 0 obj <<
+/D [622 0 R /XYZ 85.0394 582.8476 null]
>> endobj
10 0 obj <<
-/D [618 0 R /XYZ 85.0394 512.9824 null]
+/D [622 0 R /XYZ 85.0394 512.9824 null]
>> endobj
-622 0 obj <<
-/D [618 0 R /XYZ 85.0394 474.7837 null]
+626 0 obj <<
+/D [622 0 R /XYZ 85.0394 474.7837 null]
>> endobj
14 0 obj <<
-/D [618 0 R /XYZ 85.0394 399.5462 null]
+/D [622 0 R /XYZ 85.0394 399.5462 null]
>> endobj
-623 0 obj <<
-/D [618 0 R /XYZ 85.0394 363.8828 null]
+627 0 obj <<
+/D [622 0 R /XYZ 85.0394 363.8828 null]
>> endobj
18 0 obj <<
-/D [618 0 R /XYZ 85.0394 223.0066 null]
+/D [622 0 R /XYZ 85.0394 223.0066 null]
>> endobj
-627 0 obj <<
-/D [618 0 R /XYZ 85.0394 190.9009 null]
+631 0 obj <<
+/D [622 0 R /XYZ 85.0394 190.9009 null]
>> endobj
-628 0 obj <<
-/D [618 0 R /XYZ 85.0394 170.4169 null]
+632 0 obj <<
+/D [622 0 R /XYZ 85.0394 170.4169 null]
>> endobj
-629 0 obj <<
-/D [618 0 R /XYZ 85.0394 158.4617 null]
+633 0 obj <<
+/D [622 0 R /XYZ 85.0394 158.4617 null]
>> endobj
-617 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R /F58 635 0 R >>
+621 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-638 0 obj <<
-/Length 3232
+642 0 obj <<
+/Length 3086
/Filter /FlateDecode
>>
stream
-xÚÍZK“Ûƾï¯à‘[%NæÁ#7Ù’âu•WŽ–)Wbû
-mB=£ªÀÌ©Ê&"4Ú8U­soW—e}.ª=ýÜÖÕS^uE]µDH·*^òâS›g4**zfy»=Íà…zGÏΟðÍÝý›~ó_¤ÔûÓ1żþ¥.ó¿^«4ŒE¨$p"
-é$€‹’¨îÅúÔõç˜æżW¸¬AQG¢æD¹ Tç§ðȃ¶iJЬì¢ß ZE(¾- 0½‹ÝvYÖõGzŽTJz2ä²ÞÂåæV-Ÿi¦,fƒsš GiBrœfY›u :›qAc %Å‹Ë’ÇñÙ¡ÄWtÞ¼ç‘Nkó*ci>òcá dÙ†@¬+æ»>ÒóÀ>4ÃåJ‡Fè$±^ç”+º¾¢L~D+Ï°l¡ƒÈËG…
-4NC:¥k½`ÀZhÀT9ke¤â( “Ú`”ðÙã”þÚ±€EH—”Ú€?Ñ(¥‡Ä8AÀ|¤}(·˜û™ ‰>E‘Ñeh™ßŽ´G.œøBÌu³¾ ÂAxR|a`]¢DF3.h)…`à<Wºø„+2, ±XóïÀ嚺‡„q‘mœùx¨|옲*ÚÀƒËî1íh}oF䂸ݧUñ›?>eÆX¢Ž–3ûévËàß]9'ZMO¢¯È¨ÚÆB*Cgvç¤=È‹ ] x¦Ù¡¨Ð¥`ö)'Ú¦Æd·J`¨N–oSwñ`ªª3^DiÙø´lz~]|S.:¸¨…‡ÌèÕèXDX
-nDݼò‘æèu`§,¯—põ¹–Ï©®æ›Ô]\ í(}ˆÎ ô€æxjªÙ@IøM Ãn]w3ºU€P£Ðë÷§ì`:F=Ec…­ îÁÒ?Éäê (»\îTô<‹®Ëù&¥ü~JŒh.‘Œ©àYz]áÔï<P2Pì;:¥àâ|Ç
-0¸Þ¤àà~ —Dá™ÕEàxùzœvéÖ8(,U¹ÏÀuUrÞøEU@¢ñ¹
-$>ó€+ÖÕ¾}5³½ÁH*½„¼ëÌŽ±ê#®—2%ÞÛÓæƒ!dÆ‘ˆ‚à*dÂ圑N!ŽøŠ‚±Öñ Š3
-J?vþˆœÀ ¿?W^yßbÈa[k¾
+xÚÍÙ’ÛÆñ}¿‚Ü*™ƒò&ëˆ×U^9S®ÄöH¹(
+¡vÇCŽ‚ü…*Ý_/Eš¤Q"PÇQ ô“LUYa/dúŸí
+tˆE”ó;Ð>g1vŒZžV«ÈȸחIú²q”¥vfu¶$R×­”r^e¾™-dª´žÿ|«Ä@Eòo»§ ùÆ™2™á==-ÿw(G oñ"0%"càìI Sðúb{‰}tO§ÚÛî¦EÞAÈv°E)K7
+¿úmñ-;bþs±éž—’ýÉÅ%
+¹‹s²»bðƒ&Ô4%HÖ§¾Q
+.; –'H6q¤bø#†•ÓÐ…^è€#IÀRh@U”nJ²³†Iö
+áI ÇT¹‚ëªä ¼
+Žª€(Dð©€ÜšYѱ«køåW¯Éð&#õ[|—Zfzçû¦ô‰¬¶ä²÷ÉØbÚú=J„U”Þ ”óHNPaßkßäÕ”›SF!ÁhÞŒ®¿«ÖÑ´£SVÞ²®å†î[¹‰â=†P€¬àô¬(#f2²&ŽÏ P$uÿòÉ2Œ„#M0‡x;v :U¶§rê*  H'hÝ2KIlP*‚i5„)Ý#Z‚A~aMë(E¹&AÆPj|]}< Ž¾Â¾”&2q"˜b]íÚÇkô¤"pȧNœë(•½Ç \æD{{\}0¸ÌÔF6Žã±€Ç9ÁÄDâ+OàÅ9˜ÐÏ6Že5ÅM<”iÑ^4«¾ˆ¾ê{á›™RƒMþëG˜ˆ«àˆ8.¨[|©å§•„ûj¡eÐç‰÷
+.#„ÎÞبZ˜2×4Š¡~¿€¾¦ÁÇО°Ìð?U Ì@>Ö]˜ð.q°ÍÞ2™N˜v'Ô¾%@Q»îêu]N7à}UÏ`¼‚Œdf.Þ )À¦œŽ#”·m½.8äÂoŒ‹±:ìÙƒ"ÌÈ+Æ‘2Ï+»pg
+ק UYÈ6d¦&³«äÜð•ÖÆy¿Q”T‰Ù‹V_ôG%ȾØU\Ím§«Mîùrîjjø
+ØQìÑ‘ä£;¾êvˆ!æxÀ¦Ø"[­Õšo^¹îä°>ÃESq.I”&JÒŽ©¬CBªjå°öܾ¶„ê|º®þ7ã8£×ýe“ßìG÷ r æ2àšÐæ¯mé{˜ÜYŒµÏp ÅTÜYðI9ýlê šûÿˆÚ¸Ò킃ȨcŠxxÆSá¶Ä ȧ¡ÐôØp—ÁB /³%<Wüh3ñαÛWìŽÀµ<Êx$º‹yÇHÊx“sÿ¶µˆìûJ8ÃiÒ¨½š&$5&˜£Ç>ä|ɺ†±Ò ïÉe9ô˱ Ûïî+¤ËwÑQÚÆÇSGÁ¡èB§œŸñpÕ ç‰K}¯ÀžMîè@¢ÈÙà¹k`¨5
+ûÖîÐõëYÉtÌ©â®+g»aQŸÔo
+?¹®]Ó=÷9ÚDøÏ4¾L̾úEù[ÿgçü¯KP3@þ¯žqŠ)ö‰tOª!¾"<üoÏ5åÿôŠL—endstream
endobj
-637 0 obj <<
+641 0 obj <<
/Type /Page
-/Contents 638 0 R
-/Resources 636 0 R
+/Contents 642 0 R
+/Resources 640 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 609 0 R
-/Annots [ 648 0 R 649 0 R ]
+/Parent 613 0 R
+/Annots [ 652 0 R 653 0 R ]
>> endobj
-648 0 obj <<
+652 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [272.8897 231.1055 329.1084 243.1651]
+/Rect [272.8897 210.0781 329.1084 222.1378]
/Subtype /Link
/A << /S /GoTo /D (types_of_resource_records_and_when_to_use_them) >>
>> endobj
-649 0 obj <<
+653 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [190.6691 203.5826 249.6573 212.9922]
+/Rect [190.6691 182.1322 249.6573 191.5418]
/Subtype /Link
/A << /S /GoTo /D (rfcs) >>
>> endobj
-639 0 obj <<
-/D [637 0 R /XYZ 56.6929 794.5015 null]
->> endobj
643 0 obj <<
-/D [637 0 R /XYZ 56.6929 756.8229 null]
+/D [641 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-644 0 obj <<
-/D [637 0 R /XYZ 56.6929 744.8677 null]
+647 0 obj <<
+/D [641 0 R /XYZ 56.6929 756.8229 null]
+>> endobj
+648 0 obj <<
+/D [641 0 R /XYZ 56.6929 744.8677 null]
>> endobj
22 0 obj <<
-/D [637 0 R /XYZ 56.6929 651.295 null]
+/D [641 0 R /XYZ 56.6929 649.0335 null]
>> endobj
-645 0 obj <<
-/D [637 0 R /XYZ 56.6929 612.4036 null]
+649 0 obj <<
+/D [641 0 R /XYZ 56.6929 609.5205 null]
>> endobj
26 0 obj <<
-/D [637 0 R /XYZ 56.6929 567.3837 null]
+/D [641 0 R /XYZ 56.6929 551.1302 null]
>> endobj
-646 0 obj <<
-/D [637 0 R /XYZ 56.6929 542.6255 null]
+650 0 obj <<
+/D [641 0 R /XYZ 56.6929 525.7505 null]
>> endobj
30 0 obj <<
-/D [637 0 R /XYZ 56.6929 439.9215 null]
+/D [641 0 R /XYZ 56.6929 421.2082 null]
>> endobj
-647 0 obj <<
-/D [637 0 R /XYZ 56.6929 415.1634 null]
+651 0 obj <<
+/D [641 0 R /XYZ 56.6929 395.8284 null]
>> endobj
34 0 obj <<
-/D [637 0 R /XYZ 56.6929 188.7253 null]
+/D [641 0 R /XYZ 56.6929 166.2827 null]
>> endobj
-650 0 obj <<
-/D [637 0 R /XYZ 56.6929 161.3171 null]
+654 0 obj <<
+/D [641 0 R /XYZ 56.6929 138.253 null]
>> endobj
-636 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R /F42 605 0 R >>
+640 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F42 609 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-655 0 obj <<
-/Length 3284
+659 0 obj <<
+/Length 3447
/Filter /FlateDecode
>>
stream
-xÚ¥ZKsÛF¾ëWð¶TÕ™f
->悺¾­ßó=ñä-„¸Éüò~T”¡Òå6¯™tÈ<€­·é¦»†‰9ÿ´eýPÉ›ì¾*:YnúŽUe@Vk¼ ªÒâ_}µ»]Y­—yÕ6<;àƒ3 ù˜Ÿ:5÷ò
-ÿ aR>½xºÕé²h/^‘xÂá„÷FÞKBîD 6=ñÃŽGmqz*N-‡:÷€·0CŠrò‚Q~I!­Øi
-ì(ÏÀ¸kŽåv?¬I6IiùZª…UjùýûoxÄü zçUE®8ƒ
-t6ƒôÎ.žEÛœ˜®ý"´†)ÐPÖ'Y >sú®Ø@1çLä 8
-N]6öÌšbóg&r™¦Öž'O |žöäaýjúÂuO~½/Jð¥Ø²êW±…–êÂù†¼g!éèêB[zOqª Ñ÷zöÖ`Xµš.»–ðz7Ñ‘ŽfÔ ¥12Ô-Æp0“Ú1ß‚ œq‚ü?¨xᇠ¾™iS$ÉU*œ¤ œ~ÆÂ+u)d¤PÆÛæøÂÓ„^’$,ó!IÒ^€ç°Jbº¤¤>¡¨K6ºÎæ1š;<í(
-`S‡¹3k^S Ôd gh&øäIL½Il9©A’oKHá¨âؼ"8žÎŒ»é²2‘.":ï;æR5ù®™MúìXSuÀ—“,ˆòTâ=@< ¸ —»’šU¤o^øwßòZ¶ ÷ÚAJô…úŽìûü(IE õ…w„àPl÷y]n²à‚i’Žƒx@$‡Ã )Ì’y¸Çb솤Ax“ð0Ç“¤ÐËÂëâP3hyÞ”ÚGÐwøó[º±¤½glê"'á…f#ê(õ.´È!z¾ºk¬#§­\e&M "I-FòD<ÉFòÄƉ ‡qv@4%ÀPÌ f’BK@H½ªL)FÒÌÄ¡4
-19C|I@[I2$Yz’ÔÆtŸHë ¶I}Á_¹kÁ š¶-7”.¹¨Äš´Áous2 VÄ)òiÌD€Íß×s`/,†|fx¼#x Ϲàß1J”î°ã—º^vmQIƒÍ¡ Ú³=¦Y…3Ù¾ß߲λâ5ž ½¹<£æpˆ ù¥+òªÛÿÅ óKú[Ú¬*$Œœ˜ è£keÕEr¤OóPqˆc[¾œ… ºö€_ÂÃ.ÄÕ6bº(8²CäÎë°‰
-¢€‘½µ˜ÛbØsÆÞW°9ÀoA]Ùõ4 s!š&
-•æ®n4à ]Kþ_ü,×endstream
+xÚ¥ZKsã6¾ûWè¹jÍàA€äÑÉÌl&U3“+µ•Jr $Úb™"‘´ãüúíHJ¢g’ÚòPh4ýøа^(øÓ‹ÔEÊfñ"ÉâÈ)í›ý•Z<@ß¿¯´Œ¹ ƒn¦£¾[]}ûÎëEeÞøÅê~Â+TšêÅjûëòûnZ½ý|}cœZêèúÆyµ|ÿqõùÓ›Ÿ¿_½ÿôñúFkŸ`_,½«Þòð7Ÿ>ܾÿÈí·„z÷ËÝêínÿ¦œzóñ>úú÷ÕWoWƒÔÓieQä?®~ý]-¶°Á¯Td³Ô-žá‡Št–™Åþ*v6r±µR]Ý]ýg`8饩sšr6\j’UÅvNU.‹¼5–TÕ횶€}™lù¼+7;l¦Ëüx­Ó¥Ð·EU<ä]±å¾®arÓíŠ#“þjê¢EZe—·'“ʦæ!‡¦¬;î*[&íóã#3Í–ë¦#á.¬÷ˆšþöó“ýØÔDÚ8ZÀ|¼ã™<~Ó·-O:QBì#o€ Ï)kž[Á±‹›Ø¤Qâ4hUë(sÎаƒèƒv
+™b?|ó™x®m)ïýi¤˜ñÐ ý(EÜ E¹—¥ºaÉ˵ ­ŸÄ£+Žû²Î«™Ål '«üébÝŽ¢2.Ö
+i—ËÎêff9ï#e‚S¶ýš÷6›Ÿ’( É|ÝTáÃTqÑ`?ÏV¤c›ùZ?F\$Õ[nšc¿7؇Žé|”И$ëGîdÒÃ:É(·\…ù¬Ý¦jdEfáAU²@ƒ¾ìʧb”òÄðØŸžÑ8ÁÛþám_erH~iz&±Áå[&~÷}Ë-
+n„>f@_˜Òd¹ºÎÌ3Eâ <¢~A2Hbœ€”¦*Ž9]‰€L' Ô`ÔHã@ ĺ螛ã#Sïó²êa.N ÜÛŽG’að¸Ù­ôÜp£ÆÓ¨¢é›¹45– ŒDAÚÓ¸ÏE{€Æ—˜dyÏ)t/—ë3ËûERR040F_LÃäÕ>s
+䡈KaÓÂC› ›±O
+4?Ï9…ébP3xþ(5ø‰JýiɇêÔÄ{æL]¤ã$Lhf¢ŽRïÂý8xϹÆ:rÚºÁTf‘ÔÂ!ÍÄ #qâŽAâ?aJ ê3˜$Ë
+R¯*SGJч‘43~h# èæÄDa‘zˆñX7ϵ@¿¹B\ë"“%#'p›í¼+Æ67§kr²'DÙЕט
+–îâA§vi혌œ3…ï¡¿ê®õ’²ÒÌpS´²BÐ ²o‹KÕ˜ ìÔ¥îÄ°qp8±½ŸÎÅÇzŒWÎgAÕòåü݆âò’8¢Œ  ¥+zÀóTK²0$4
+™¢”º=ד¸—¨•$C¥âRºÓ˜Š‰4ž0›äüJ¡4m[®)\$R¥Äœ´Á³º9†SÄ.²iŒD
+•æ.Ê™áÅ.%ÿ|a]"endstream
endobj
-654 0 obj <<
+658 0 obj <<
/Type /Page
-/Contents 655 0 R
-/Resources 653 0 R
+/Contents 659 0 R
+/Resources 657 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 609 0 R
-/Annots [ 658 0 R 659 0 R ]
+/Parent 613 0 R
+/Annots [ 662 0 R 663 0 R ]
>> endobj
-658 0 obj <<
+662 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [519.8432 488.7856 539.579 500.8452]
+/Rect [519.8432 466.9635 539.579 479.0232]
/Subtype /Link
/A << /S /GoTo /D (diagnostic_tools) >>
>> endobj
-659 0 obj <<
+663 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 477.498 133.308 488.8901]
+/Rect [84.0431 455.6759 133.308 467.068]
/Subtype /Link
/A << /S /GoTo /D (diagnostic_tools) >>
>> endobj
-656 0 obj <<
-/D [654 0 R /XYZ 85.0394 794.5015 null]
+660 0 obj <<
+/D [658 0 R /XYZ 85.0394 794.5015 null]
>> endobj
38 0 obj <<
-/D [654 0 R /XYZ 85.0394 599.0929 null]
+/D [658 0 R /XYZ 85.0394 572.6667 null]
>> endobj
-657 0 obj <<
-/D [654 0 R /XYZ 85.0394 568.7172 null]
+661 0 obj <<
+/D [658 0 R /XYZ 85.0394 544.2407 null]
>> endobj
42 0 obj <<
-/D [654 0 R /XYZ 85.0394 457.9037 null]
+/D [658 0 R /XYZ 85.0394 439.1939 null]
>> endobj
-660 0 obj <<
-/D [654 0 R /XYZ 85.0394 429.0681 null]
+664 0 obj <<
+/D [658 0 R /XYZ 85.0394 412.3081 null]
>> endobj
46 0 obj <<
-/D [654 0 R /XYZ 85.0394 352.2747 null]
+/D [658 0 R /XYZ 85.0394 339.9542 null]
>> endobj
-661 0 obj <<
-/D [654 0 R /XYZ 85.0394 326.5176 null]
+665 0 obj <<
+/D [658 0 R /XYZ 85.0394 316.1468 null]
>> endobj
50 0 obj <<
-/D [654 0 R /XYZ 85.0394 247.1936 null]
+/D [658 0 R /XYZ 85.0394 241.2623 null]
>> endobj
-662 0 obj <<
-/D [654 0 R /XYZ 85.0394 221.4964 null]
+666 0 obj <<
+/D [658 0 R /XYZ 85.0394 217.5147 null]
>> endobj
-653 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F57 632 0 R /F56 626 0 R /F42 605 0 R >>
+657 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F42 609 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-666 0 obj <<
+670 0 obj <<
/Length 2399
/Filter /FlateDecode
>>
@@ -1147,39 +1167,39 @@ ke»¿£¯þ×Q ]ïÐ8öÈ&o
cŒDÝ‘–ȨãÐs1)dÏÛhúR½:ä]Õ/ænk®i„)Zˆ²§Ù¼ÖEC™JW=D.ò*.¢qù1ÍËÌ&Öq¶þÀ{I(¼£ÔóóÖ—‰µWìDh¢ˆ 34;²ÜkM‘·Çt!c‘Ë„úâ‚ Ù,+C€ Ï0Ãì@—|¹ÛžVúÏž u)¸›ªmÕñêI•ßtÏ´ú#Eáåè
î¥dÔS¢…u4µ^ëü¦áž/p‰4ƒ#ä¶*yBÑŽð]¿¿nZß;*¦oT×r¬ÛŸ8s<vRg¨Ññ""¢š-眜®…B·s0‚ØacœCäfØQ74jÍœíuúÀöw›ÄŠÂ&±<œí°~¹””Œ{Ù¼æYM¯<}ÎIG)!Íf¹dE "éäf7–öÂ+Fdy‘¹òÙ^‚ÍH±›¥^Vä†(KoÚzXÜWæB®øq”çQ~êýKE_0E~âªÔ®ª«þB@2%4T$‚`ê|7 äK”{4¾tá6ŽÔ0²†
endobj
-665 0 obj <<
+669 0 obj <<
/Type /Page
-/Contents 666 0 R
-/Resources 664 0 R
+/Contents 670 0 R
+/Resources 668 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 609 0 R
+/Parent 613 0 R
>> endobj
-667 0 obj <<
-/D [665 0 R /XYZ 56.6929 794.5015 null]
+671 0 obj <<
+/D [669 0 R /XYZ 56.6929 794.5015 null]
>> endobj
54 0 obj <<
-/D [665 0 R /XYZ 56.6929 769.5949 null]
+/D [669 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-668 0 obj <<
-/D [665 0 R /XYZ 56.6929 749.4437 null]
+672 0 obj <<
+/D [669 0 R /XYZ 56.6929 749.4437 null]
>> endobj
58 0 obj <<
-/D [665 0 R /XYZ 56.6929 609.0996 null]
+/D [669 0 R /XYZ 56.6929 609.0996 null]
>> endobj
-669 0 obj <<
-/D [665 0 R /XYZ 56.6929 584.3177 null]
+673 0 obj <<
+/D [669 0 R /XYZ 56.6929 584.3177 null]
>> endobj
62 0 obj <<
-/D [665 0 R /XYZ 56.6929 437.466 null]
+/D [669 0 R /XYZ 56.6929 437.466 null]
>> endobj
-670 0 obj <<
-/D [665 0 R /XYZ 56.6929 410.2571 null]
+674 0 obj <<
+/D [669 0 R /XYZ 56.6929 410.2571 null]
>> endobj
-664 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R >>
+668 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-673 0 obj <<
+677 0 obj <<
/Length 1940
/Filter /FlateDecode
>>
@@ -1192,51 +1212,51 @@ xÚXK“Û6 ¾çWø¨‰U½e›W»i¦ÓlOM\‹¶8+‰ŽHÙëüú(É¥“éø $@âÁ ãM¿x³ËÃ(­²MYeaÅùfß
pæÈ€^{ÑDˆ²ºvÒÅê8‚‚AøN;›:m¡ˆG–Apv­|éyNT9`Ö¤pÑ÷ir“¨ÈÞ·Š:58 ÂE®i@õÛ -Ma‡goi~v«ÀvâÊJˆÓ ¼Ü·‹ùý‘fx…W籨¯˜1!mZ, ñ¾£r™ˆ8Ë& åZå\•ƒ«”¿•§zûî¾Dã`¤i
ߣúF‚@È <nÛ‘;÷5ØÏÎÉs¬×k æÿ´`o/:þ åoÓÁúŒW´P1ƺ+Äp­‰CìW樂ØügiâßpkÂù%Ûy ý·Äd€³0M¢IšR¾Ülú;ïÛÝþe;€$endstream
endobj
-672 0 obj <<
+676 0 obj <<
/Type /Page
-/Contents 673 0 R
-/Resources 671 0 R
+/Contents 677 0 R
+/Resources 675 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 680 0 R
+/Parent 684 0 R
>> endobj
-674 0 obj <<
-/D [672 0 R /XYZ 85.0394 794.5015 null]
+678 0 obj <<
+/D [676 0 R /XYZ 85.0394 794.5015 null]
>> endobj
66 0 obj <<
-/D [672 0 R /XYZ 85.0394 769.5949 null]
+/D [676 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-675 0 obj <<
-/D [672 0 R /XYZ 85.0394 574.3444 null]
+679 0 obj <<
+/D [676 0 R /XYZ 85.0394 574.3444 null]
>> endobj
70 0 obj <<
-/D [672 0 R /XYZ 85.0394 574.3444 null]
+/D [676 0 R /XYZ 85.0394 574.3444 null]
>> endobj
-676 0 obj <<
-/D [672 0 R /XYZ 85.0394 540.5052 null]
+680 0 obj <<
+/D [676 0 R /XYZ 85.0394 540.5052 null]
>> endobj
74 0 obj <<
-/D [672 0 R /XYZ 85.0394 438.4586 null]
+/D [676 0 R /XYZ 85.0394 438.4586 null]
>> endobj
-677 0 obj <<
-/D [672 0 R /XYZ 85.0394 398.3838 null]
+681 0 obj <<
+/D [676 0 R /XYZ 85.0394 398.3838 null]
>> endobj
78 0 obj <<
-/D [672 0 R /XYZ 85.0394 336.8073 null]
+/D [676 0 R /XYZ 85.0394 336.8073 null]
>> endobj
-678 0 obj <<
-/D [672 0 R /XYZ 85.0394 299.2678 null]
+682 0 obj <<
+/D [676 0 R /XYZ 85.0394 299.2678 null]
>> endobj
82 0 obj <<
-/D [672 0 R /XYZ 85.0394 189.9853 null]
+/D [676 0 R /XYZ 85.0394 189.9853 null]
>> endobj
-679 0 obj <<
-/D [672 0 R /XYZ 85.0394 156.0037 null]
+683 0 obj <<
+/D [676 0 R /XYZ 85.0394 156.0037 null]
>> endobj
-671 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R >>
+675 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-683 0 obj <<
+687 0 obj <<
/Length 845
/Filter /FlateDecode
>>
@@ -1244,27 +1264,27 @@ stream
xÚ¥–]o›0…ïù\©xþÄöî’–µtmš"mjw-¬”¯&dÝþýœƒ“€Ñ4U||œ×F>TÈgˆ$–>—0ˆ˜ÿcéAÿYõ]{¨Ô„FÚªAæ}ø!_áÈÏ~Zc
7ÅËûM>•èÔ¡…»Ê Ê:Ê…­jçU©ºx9M+^g¦¼ŽL?éôy
endobj
-682 0 obj <<
+686 0 obj <<
/Type /Page
-/Contents 683 0 R
-/Resources 681 0 R
+/Contents 687 0 R
+/Resources 685 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 680 0 R
+/Parent 684 0 R
>> endobj
-684 0 obj <<
-/D [682 0 R /XYZ 56.6929 794.5015 null]
+688 0 obj <<
+/D [686 0 R /XYZ 56.6929 794.5015 null]
>> endobj
86 0 obj <<
-/D [682 0 R /XYZ 56.6929 769.5949 null]
+/D [686 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-685 0 obj <<
-/D [682 0 R /XYZ 56.6929 744.7247 null]
+689 0 obj <<
+/D [686 0 R /XYZ 56.6929 744.7247 null]
>> endobj
-681 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F14 616 0 R >>
+685 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-688 0 obj <<
+692 0 obj <<
/Length 1140
/Filter /FlateDecode
>>
@@ -1274,45 +1294,45 @@ xÚÅW;ã6î÷W®ìB4zb«Ë椉+r)¸m'‹Š({³ òß3äP²äÕ]€ Tp8œ÷ ?IlEáa«<!Tñ*+b’P–¬
ÉÚ4Ç`U÷'=^À\­„¦Ãƒþ¤t‡¼‹UdÅ1Û|Ø|£sÖ¸ô\BŒ‘"I¸OHV•UY‹%K0­.‘4\QRZÓÈç:ˆ™6¤´U}¯›#Áb"┇BÆŒ¤´`Þ¯ l1JéægyncO÷¥ !{C‚ž†
·öòÜ(çÇm^óEÛR}Ð’®[HŽ¸Í¡3g²8úekçйXãþO\XÁ Ksºãñ㜙M™=Îíc^x3ì`ÓIð‚äyVÌã¨tbº×ÍNõåÎÍAõ¼vs¨ÑÓ}òé67Å…ìZ]E]‡r­½=Lg2'&ß_z$à0TlTÓM¨öÛ¥t}ý#Wú×YoÕW+Z,Æ})ùlD~2&;ÜGú¿Ò¦ò'óÞö¯­º)?Þç½îÀqGëÏ´x×ûÎ\ý½ðƒˆK§ @xg@„±€þ6û(Ná¸6¦}–å§`
endobj
-687 0 obj <<
+691 0 obj <<
/Type /Page
-/Contents 688 0 R
-/Resources 686 0 R
+/Contents 692 0 R
+/Resources 690 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 680 0 R
+/Parent 684 0 R
>> endobj
-689 0 obj <<
-/D [687 0 R /XYZ 85.0394 794.5015 null]
+693 0 obj <<
+/D [691 0 R /XYZ 85.0394 794.5015 null]
>> endobj
90 0 obj <<
-/D [687 0 R /XYZ 85.0394 769.5949 null]
+/D [691 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-690 0 obj <<
-/D [687 0 R /XYZ 85.0394 575.896 null]
+694 0 obj <<
+/D [691 0 R /XYZ 85.0394 575.896 null]
>> endobj
94 0 obj <<
-/D [687 0 R /XYZ 85.0394 529.2011 null]
+/D [691 0 R /XYZ 85.0394 529.2011 null]
>> endobj
-691 0 obj <<
-/D [687 0 R /XYZ 85.0394 492.9468 null]
+695 0 obj <<
+/D [691 0 R /XYZ 85.0394 492.9468 null]
>> endobj
98 0 obj <<
-/D [687 0 R /XYZ 85.0394 492.9468 null]
+/D [691 0 R /XYZ 85.0394 492.9468 null]
>> endobj
-692 0 obj <<
-/D [687 0 R /XYZ 85.0394 466.0581 null]
+696 0 obj <<
+/D [691 0 R /XYZ 85.0394 466.0581 null]
>> endobj
102 0 obj <<
-/D [687 0 R /XYZ 85.0394 213.2018 null]
+/D [691 0 R /XYZ 85.0394 213.2018 null]
>> endobj
-693 0 obj <<
-/D [687 0 R /XYZ 85.0394 182.4971 null]
+697 0 obj <<
+/D [691 0 R /XYZ 85.0394 182.4971 null]
>> endobj
-686 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F57 632 0 R >>
+690 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-696 0 obj <<
+700 0 obj <<
/Length 2029
/Filter /FlateDecode
>>
@@ -1323,47 +1343,47 @@ xÚÍ]oã6òÝ¿ÂÈËÉÀšË}^ž²ÛM/Å6›óú.(Ú>(¶ +‰®$'M‹ýï7Ã!eÙ–›´àÂÑp83çƒcb„,Ld2
œ`ÜL¥[G²Ùèº5+íyšBB ZYÆÖ—¡+sÓ"'–G·lÁÓJ;»ÌšEßÓ©Bÿªb?:xîÀ(c[A{Ópòô® þm ‰õ¡‰åJ¹×YÛÅ^Ó;×pãš°@ Š£Ôiú¡[``#Æ”®K™-Öi•7%a©2óØ%YZ×Î#Œíæ®Ä%ÚNtBL³•[zû4bÀþ2Óˆâï³^éPZÀ’¿!¡
¼%ÔèŒ*ÛÕ„1Ü`Lî%Ä=El/œ}ð>6©/Xè+G¶¢\X:¾f謰}ì€Ìƒ>¥bë@8cí
endobj
-695 0 obj <<
+699 0 obj <<
/Type /Page
-/Contents 696 0 R
-/Resources 694 0 R
+/Contents 700 0 R
+/Resources 698 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 680 0 R
-/Annots [ 701 0 R ]
+/Parent 684 0 R
+/Annots [ 705 0 R ]
>> endobj
-701 0 obj <<
+705 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 169.1151 126.0739 181.1748]
/Subtype /Link
/A << /S /GoTo /D (rrset_ordering) >>
>> endobj
-697 0 obj <<
-/D [695 0 R /XYZ 56.6929 794.5015 null]
+701 0 obj <<
+/D [699 0 R /XYZ 56.6929 794.5015 null]
>> endobj
106 0 obj <<
-/D [695 0 R /XYZ 56.6929 432.4444 null]
+/D [699 0 R /XYZ 56.6929 432.4444 null]
>> endobj
-698 0 obj <<
-/D [695 0 R /XYZ 56.6929 393.9716 null]
+702 0 obj <<
+/D [699 0 R /XYZ 56.6929 393.9716 null]
>> endobj
-699 0 obj <<
-/D [695 0 R /XYZ 56.6929 337.8523 null]
+703 0 obj <<
+/D [699 0 R /XYZ 56.6929 337.8523 null]
>> endobj
-700 0 obj <<
-/D [695 0 R /XYZ 56.6929 325.8971 null]
+704 0 obj <<
+/D [699 0 R /XYZ 56.6929 325.8971 null]
>> endobj
110 0 obj <<
-/D [695 0 R /XYZ 56.6929 143.0931 null]
+/D [699 0 R /XYZ 56.6929 143.0931 null]
>> endobj
-702 0 obj <<
-/D [695 0 R /XYZ 56.6929 103.9279 null]
+706 0 obj <<
+/D [699 0 R /XYZ 56.6929 103.9279 null]
>> endobj
-694 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R >>
+698 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-706 0 obj <<
+710 0 obj <<
/Length 2769
/Filter /FlateDecode
>>
@@ -1388,97 +1408,91 @@ t
‘ó*8ÔÐsngÐnÜÖ¦è„ý*=v×V„‚ 5=í§§È»lœõ.„Q=7sˆd˜ôµ,:^ã`•Ý•‹
)—Ãíì}dïS‘h„Šw¦Hfƒ±C½àߌ!ØøOSq"@,C‘i¤‹«\ôJrîâ
endobj
-705 0 obj <<
+709 0 obj <<
/Type /Page
-/Contents 706 0 R
-/Resources 704 0 R
+/Contents 710 0 R
+/Resources 708 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 680 0 R
-/Annots [ 708 0 R 709 0 R ]
+/Parent 684 0 R
+/Annots [ 712 0 R 713 0 R ]
>> endobj
-708 0 obj <<
+712 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [100.302 744.0309 168.974 755.9311]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-709 0 obj <<
+713 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [346.8549 744.0309 415.5269 755.9311]
/Subtype /Link
/A << /S /GoTo /D (boolean_options) >>
>> endobj
-707 0 obj <<
-/D [705 0 R /XYZ 85.0394 794.5015 null]
+711 0 obj <<
+/D [709 0 R /XYZ 85.0394 794.5015 null]
>> endobj
114 0 obj <<
-/D [705 0 R /XYZ 85.0394 725.0585 null]
+/D [709 0 R /XYZ 85.0394 725.0585 null]
>> endobj
-710 0 obj <<
-/D [705 0 R /XYZ 85.0394 687.0856 null]
+714 0 obj <<
+/D [709 0 R /XYZ 85.0394 687.0856 null]
>> endobj
118 0 obj <<
-/D [705 0 R /XYZ 85.0394 687.0856 null]
+/D [709 0 R /XYZ 85.0394 687.0856 null]
>> endobj
-711 0 obj <<
-/D [705 0 R /XYZ 85.0394 661.3732 null]
+715 0 obj <<
+/D [709 0 R /XYZ 85.0394 661.3732 null]
>> endobj
122 0 obj <<
-/D [705 0 R /XYZ 85.0394 608.5488 null]
+/D [709 0 R /XYZ 85.0394 608.5488 null]
>> endobj
-663 0 obj <<
-/D [705 0 R /XYZ 85.0394 581.5021 null]
+667 0 obj <<
+/D [709 0 R /XYZ 85.0394 581.5021 null]
>> endobj
-704 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R /F66 714 0 R >>
+708 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R /F66 718 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-719 0 obj <<
-/Length 2598
+723 0 obj <<
+/Length 2786
/Filter /FlateDecode
>>
stream
-xÚÅZK“Ûƾï¯à-ܪp‚ybà›âHκ*’­¥ãTÉ:`,‰(Üýë݃yà5
-8*}ƒc†Q„‰ª°3içôµÅÂ"Œ@ÀŒš#Þ’ DØÐO·X®+ðÎAÛ¸}´ù¥¾”Mümì“–7ûºÐ,¤}eÐŒ‚ "7¤¿)²©[!ˆ%WBR$9öZ+›¶Œ|&Á™XBÚôYL}.1âQÄ;AJ©_jˆÆY•BŒd¥ê*õX´* ŒéT²T>ÿn$ô§M£ ,Dßœƒ¦ÚÂi~Ê’¦:]<~ã ÂmL|6\}<CXÄ¥&|Ì‹L)äáÈB$I Ç™tè˜ÊålíÍ'«%é÷ªÌ¦¹*Á²œ-JwDSñÃL…ÒŠp ÿO&ªÕqœ¨ º}Q¢Æ¶|Ö ÔÇv¬J«Ó4ã25Œª²†jž•É¥móIH¢”¿&à; )hˆ®g ´D
-°à5
-õX,d ¥ò9Îd`úÕ¦Í&ñ%çˆáo&E\מ´!’Rö³f’Ô(â.S»È™rq‘æËcŽ¢0/MãðZó\B`°˜Ç}ªùDvTJâ©L“±Ð0„<âѲPKä:j†Xõ«ÐmÛö$Y·)—ªÆ\·F‚^§1L—zò§ÑÉYè‰ßøòV0nCÀ.m¤ P×@Ö<‡éqQTϵ֦±
-×ÈcKС´6ýaª©f4ntÁ‚ªv Z»é@#­Õ1SX¯]0ãÀ¬ÿ”UúÈlCƒh}gh.ÕYN·r}.}fàxNij
-Ðä;O‚UÂàɦöp¤IÁ-ª4aéåH#cŽÇ«Õ©ñU\
-áL4¼\å÷%óá1,ìßÄÕ>àÚIu8¨~î)àRíÛðK[Á#
-˜%Ä¡‚OÉàåÛ–ÜOè@”»ÐÜ
-GËÑÞ§ÒÑ.=Ñî¨ÚhÏŠ*N'h03P9å:ª©à!Þ„BȘ`Cɵd çöÛ]É¡Aüz¨Ñ¬™l
-( ¯˜©Gµ`&K54D¢œ„˜ÛÈ9„ôÉÃ¥gîÁYr6 gÙØ´xʳgŸ.ìŸÀ#B¡›B”/ÛÒQM9lêP ’xh;ë]ìò§¬ìœ<ïc »Ý‹+>îQ-øØRi?ž²zïsò
- ƒîáB£´Eó¯j­Z
-“ie¨*3¡wÝãÙ7@âД:}©lÒ
-œ ž2Æ•óùE$tnyvô©òËRµ ·‰›zŠ:0bP>–Å:ª©ÜarÁ h»Á¿ªýÞ)o²Á鼃N*â“zhõîDyD0sþkíB¢‰(¸FúTóÆsTj _ÏÙéRTóÅiQrWœ&¢ýÅi {{ØÒïTÙ¡8Ôº¨!dLC¹Po©0Yÿ<¹¡HT"«Ù¸¨+=õéè …ŠùvÒ<œ};y’7ÅEϧ¹NФ1,¥= •iRúæ6ü!c²;]¬>TûËÀvs
-±oS ‘`‘Û@¡*³ÂWr
-9·%§ÿÉSÆ
-c®õj^´•ÅÊ­—ˑѧš G¥–µ‹f62¥v‘1ëŒ\”DÚ”vi¥&ó£¬SØ7:Î$€aŠÜ¢×A ¦A n¹ P6eedé P3 A`Þ]jtÌ\
-endstream
+xÚÅZKsÛF¾ëWðª*œÅ¼€™ÜœÄÎ*Uk'³Ù*Ç€H¬A€&@É̯Oæ×
+ùóM€¨|õ 7ÂR’Õá†qŠ8£Ô®7÷7¿:†½§í«^ká
+y8² „Žã \CFQÄ ©/µO5WG5²ÓŸU™Má*À¸œ-+à¨< á
+ù;
+£¡
+®VÍ1\ÔúUpm­È’íµ†•¾~¬NS4ÇejUe 9=+“K[
+æ¡¥€ù¢¸ï±X€¢¥ºE¬ìÿ¢äÐqX
+n³Á·Ê4ÁúyŸ'{ýæs¦ ïâ¢VaDøº¬£­öG–êuhî}Ñ£ãѲYCÈ·./}SköÉ>.ˬÐÌUšµ1†×wzéRÍ'ÞŠõÙ'È¢8Äøž6h¼­¦Ïy³¯Î-šfÀ©Ž
+¦üææés^˜I'ÍëÞ0¤ÿÛB¦ uVw7qm«t éïæjTDøÎ_Pìú,æ˯£ºZ~¡Ç„á0 /Q©Çb¾
+¼­Ü¯î±rÇ)ªÁJÓåm;ןtݬ±™—» :m ³JB‘åhïSéhžhwTm´gE§“1
+©Þ©õóG»Ók;Ýí‡ÕX/<ž¡ žÖfB¡È¨ë`’°–§ڔВ=ï­¾ §›C@˜U)Ö·EÜ>l›jX-χ­ PÕ¼µ ™jÈp4k ãù!Kâs ›úø©ÊÓñ¶x™e6;Vúö%†y;kTi®|’ôªf“¬ÀIŸÑSƸr_„©–˜]ÁWj_–ªmo›¸©§ýFLD|Y¬£šÊ‚ †h5ÄPðïjÿà”7ÙàÌG_ƒN*â“zhõîœbD0sª`íBÔž˜9«qÆëSÍÏQ©oø|ÎN—¢šON‹’»ä4íONÙÛ[IÖÕn§ÒÅ‘ÖE]:`Ò…:ûÄdýëä~!Q@V«zÆWK™^šðP¨˜oÍËÙ—c‘'yS\ôzšk€&a)ìÎÒt÷¤&¥onÓíÜ™Åàë#5Y¶”ÛPˆ½{9(dÒfÁ“r Ås·Ò?œô¤1h©¥;½²öóðT«ìfƤË
endobj
-718 0 obj <<
+722 0 obj <<
/Type /Page
-/Contents 719 0 R
-/Resources 717 0 R
+/Contents 723 0 R
+/Resources 721 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 680 0 R
+/Parent 684 0 R
>> endobj
-720 0 obj <<
-/D [718 0 R /XYZ 56.6929 794.5015 null]
+724 0 obj <<
+/D [722 0 R /XYZ 56.6929 794.5015 null]
>> endobj
126 0 obj <<
-/D [718 0 R /XYZ 56.6929 769.5949 null]
+/D [722 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-721 0 obj <<
-/D [718 0 R /XYZ 56.6929 752.0363 null]
+725 0 obj <<
+/D [722 0 R /XYZ 56.6929 752.3102 null]
>> endobj
-717 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R /F66 714 0 R /F58 635 0 R /F68 724 0 R >>
+721 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R /F66 718 0 R /F58 639 0 R /F68 728 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-727 0 obj <<
+731 0 obj <<
/Length 3427
/Filter /FlateDecode
>>
@@ -1502,29 +1516,29 @@ V.µÂ³¯·uSîüôŽ)#aOw›Še9¸°â•[Àg"2 Ið¯b„˜¬ à‹ìXRúhõ®ÅœL[Üï¼µ@l”\Û©á]¥Ú2è1
xƒc‹¶°ÐŒ9ü+¾ýÇI „æá)zˆéØQ~2Ã_¦>‡ùtK¤KùîáFäíÕ›ûù¡-_½ÜÞÈ«õOï_?ý¨Ö?µØÕ¾ùùÍ럷öáêÍëõJXû»g¿HÊôç—©’P¨áœßO•\9~nj0Ô$9o¹ ¡Fê{ZÊ##‹çáT8J:ÞgÓŸ*Ô-øeÓw(S_è8X˜e±Ró?¢#Ç9Øz‰¦”¾®¥ìk÷±¼Ðù4óþ%1r@L1u9$K¬š®\¥~Dâ'L|‡ò9¸ä!)™9ÖÖüqº'Q€ÀÐ75Ü¥ÓͧÀìfo|ÃÝÓÂço¦#[ÿ¡¤ÄŠ™àî|·Ô<ã"Ä„±³®”a/mâí÷~ò»”Ñw!¥”½=`}‰Š;MQ¨ >Âgáaçf¼& ¼£/CÁ¯GZÆWo04ýØ™ÜûŸô ÂóˆîàDDæ)¹< ¦~¡'ó V—ø
ÿžÃÿýë½ÃA:€."ý9 ¬Kñ&…’syrÙ”¸Œ0 Ñÿ {$€Áendstream
endobj
-726 0 obj <<
+730 0 obj <<
/Type /Page
-/Contents 727 0 R
-/Resources 725 0 R
+/Contents 731 0 R
+/Resources 729 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 730 0 R
-/Annots [ 729 0 R ]
+/Parent 734 0 R
+/Annots [ 733 0 R ]
>> endobj
-729 0 obj <<
+733 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [120.1376 578.8887 176.3563 588.104]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-728 0 obj <<
-/D [726 0 R /XYZ 85.0394 794.5015 null]
+732 0 obj <<
+/D [730 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-725 0 obj <<
-/Font << /F61 642 0 R /F58 635 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+729 0 obj <<
+/Font << /F61 646 0 R /F58 639 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-734 0 obj <<
+738 0 obj <<
/Length 1223
/Filter /FlateDecode
>>
@@ -1534,33 +1548,33 @@ P^à¦u3y³Ê²${@ZŒò«GÛzcCåjd…‡V‚yž-l6Zr”‹)h?(¢¥‹ðš¤uiŒôÑÅ‹Í,Iúæææ±ÅB9‹h¬D
êtOû.ÔžhñXŽí T?Ѻ–㼧yw ê¡Ä´;z ñ†`H$7œ(ªÈõ¥ïU0RÁïf@á
¦†h#U§`¼Þ/á˃Ix渄‡8ß-áyj»^Ù¥
endobj
-733 0 obj <<
+737 0 obj <<
/Type /Page
-/Contents 734 0 R
-/Resources 732 0 R
+/Contents 738 0 R
+/Resources 736 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 730 0 R
+/Parent 734 0 R
>> endobj
-735 0 obj <<
-/D [733 0 R /XYZ 56.6929 794.5015 null]
+739 0 obj <<
+/D [737 0 R /XYZ 56.6929 794.5015 null]
>> endobj
130 0 obj <<
-/D [733 0 R /XYZ 56.6929 699.7944 null]
+/D [737 0 R /XYZ 56.6929 699.7944 null]
>> endobj
-736 0 obj <<
-/D [733 0 R /XYZ 56.6929 672.4899 null]
+740 0 obj <<
+/D [737 0 R /XYZ 56.6929 672.4899 null]
>> endobj
-737 0 obj <<
-/D [733 0 R /XYZ 56.6929 642.9726 null]
+741 0 obj <<
+/D [737 0 R /XYZ 56.6929 642.9726 null]
>> endobj
-738 0 obj <<
-/D [733 0 R /XYZ 56.6929 631.0174 null]
+742 0 obj <<
+/D [737 0 R /XYZ 56.6929 631.0174 null]
>> endobj
-732 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F57 632 0 R /F42 605 0 R >>
+736 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F57 636 0 R /F42 609 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-741 0 obj <<
+745 0 obj <<
/Length 2206
/Filter /FlateDecode
>>
@@ -1577,224 +1591,226 @@ z™‘g8¾ã•|…ä‘/Ú–ˆ^;Úïrw h¹!pzqx“੤g‹áò‰b÷ÏL<9l‘ï-”x¦d¡¹xMôÛú<¨(ÍÍŸGE“
z(`ÁA|,æ3âÑ„±·þ¿I6AŽ%…
endobj
-740 0 obj <<
+744 0 obj <<
/Type /Page
-/Contents 741 0 R
-/Resources 739 0 R
+/Contents 745 0 R
+/Resources 743 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 730 0 R
+/Parent 734 0 R
>> endobj
-742 0 obj <<
-/D [740 0 R /XYZ 85.0394 794.5015 null]
+746 0 obj <<
+/D [744 0 R /XYZ 85.0394 794.5015 null]
>> endobj
134 0 obj <<
-/D [740 0 R /XYZ 85.0394 769.5949 null]
+/D [744 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-743 0 obj <<
-/D [740 0 R /XYZ 85.0394 567.4944 null]
+747 0 obj <<
+/D [744 0 R /XYZ 85.0394 567.4944 null]
>> endobj
138 0 obj <<
-/D [740 0 R /XYZ 85.0394 567.4944 null]
+/D [744 0 R /XYZ 85.0394 567.4944 null]
>> endobj
-744 0 obj <<
-/D [740 0 R /XYZ 85.0394 528.5092 null]
+748 0 obj <<
+/D [744 0 R /XYZ 85.0394 528.5092 null]
>> endobj
142 0 obj <<
-/D [740 0 R /XYZ 85.0394 387.579 null]
+/D [744 0 R /XYZ 85.0394 387.579 null]
>> endobj
-745 0 obj <<
-/D [740 0 R /XYZ 85.0394 353.3672 null]
+749 0 obj <<
+/D [744 0 R /XYZ 85.0394 353.3672 null]
>> endobj
-739 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F57 632 0 R /F56 626 0 R >>
+743 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F57 636 0 R /F56 630 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-748 0 obj <<
-/Length 3459
+752 0 obj <<
+/Length 3450
/Filter /FlateDecode
>>
stream
-xÚ¥ZYsÛF~ׯà[ -‹¹päM±åS±â•T›TŽª…HÈD™-ÿúô58H(Š“R©f¦çîùúÕ,‚?5sqg:›%™ ]¤Ül±9‹f ï?gJÆÌý ùpÔ7wgÿ~«Yf±ŽgwƒµÒ0JS5»[þØP‡ç°B¼½~usõîêúî<±Áå÷çsí¢à箯¸vwsy}ûæêæ–›¿F.zûÓ›(ÌO£(xõíåû»«î·²êåëÿ+¥‚ËëWW¯¹ëÕPw{þÛÝwgWwÝ=†wU‘ÁKü~öËoÑl Wþî,
-M–ºÙQ¨²LÏ6gÖ™ÐYc<e}v{ößnÁA/MäŠBmb=Á<«gʆÆBç{. ušhϽó¹Šàòo«Å®ØU›¯…suU爻¼jŠ]3Á>àìfOÍæZ&Ih›».•FA »œ«4èwâgÞ)UA+›0}üDHÙÒ亭µÌ-ž™só?qå¡–Ešuþ(›7Åî‘/€[ÕLoYWkY`±Ê«Å’/ó6¿ÀkâÅ”
-3ç}eÕ´EN£² ~À2 VùcY}`o“¶Iƒ–ù‘À…’Âmd
- ’!åSí ø"K‡.ÛBÎ/òPT/ÝÄ0(‰ñÈP dU
-Î:G#a
-2$/ƒ 0Àe»bòþâ1Ç#ß‚~짼È{9J¾”ID9¢¸W\ö.v/‹ ú[ù®üì7ãÂ/ûúÝϸî¯wS"zT0Ú«Ô¦Xô
-ó<rñ Û¼= .Ÿøv®¼ôPŽp×ÅØô9 Ä*ŒëÝwt„PµèL
-ɽ5לÎÁ‡ò©‡=cMC/
-"S€éª\¬d>ƒ‘v’<é§'ÒOh£…Ž¡ÕÙñ6_«¢ûô0©ã¨ôKõ\YÁ të$¨X ÝHÊ Õe«Kýsù^/ê
-]¯{µ•%x‘ɘò¹Ÿÿû¾Ø•ÁŒ)¨›‚R9}O·€èÛdâÆIhâØ+O´“*ìŽ}ªkSÆi¬eøÅÄŠsëT9}d4qeýÏVNBÕGã|ÒG0±¤Š@Ǫ4ë֜ۄ|º¸NC
-3Åðú(zê`‘ Ý_)F©Ö/Y€(þR‘JUgÜý'c¸F³’¯Úû)DÝ‹’•]¼û‰‰'ïŽDòëÙ$@ììLjNLÅ¢5PsËEç/£zFØüÿ__ypÙ)pÙ`[ƒ’$­|k0Öër;ÐåÐ+º|n"çÕ…1’¦µ”YæÌhËò™Ð ¿ia—Û‰÷Dt³¤¨EûðXûÔÔØ0A¥KZkùf‚4
-hL°®ë’ÝÖœyÆ58m©%&Âëòѯás™}·ü\«ÃøZ÷|Pqðã¹sAɱ•ñ‘’?Ç„‰8z‹‹£@«O¬J\9ÈÈúS{7`*ßÔ?›ã˜S6ð!ç(V¤ë”Ć\Jœx”¸§¦Lü8[ûÕäi€ìXH°óìëç~»fðW/fê'4ð/Oð×ÖÿàÏ&øû g~‹£“4´),"‡B¦¨øääþp§Gÿ«ð´endstream
+xÚ¥ZYsÛF~ׯà[ -‹¹p<*¶¼ëT¬x%Õ&•£j!2Q&†
+€¾-v(¶ÐÏùñ°_‹=þÜÙã1K|)f2ìV8i¦{fŠAŠ4~ÐÆ/ÐB$Ÿ@Íxî¡ÄMÐì¶-6Û–;hÜð¹'8À<A.’ª5@ÛeË£¥ô‹OÛu¹([”1ö—eƒèZ¼ã‚7z ojA÷K`Õ
+ÓLy÷oÄýß´ ¨××·_òè¬w·EËX”öòsY>à=ˆYªZ&?–Å¡Á+ˆàä;OkÊûÖ|¢à‚F-ÉGq Ôh¶ù¢à&¢ Ÿ Å®Âà{d,°Q|’yM½fOïÑÓZE¿ûy°an,§L ÁFIcðÉÒqñð.thåïB„‰“§…iÁ™Ø4én¸ÝoѸ*2®Mǵ†¦€Óà JdçySW~[?Yk>äUù¹3æip¨÷ë%¿yÈ+Ùœ?l€x‘8¥l›~û<<‡8Â,ôŒ´Ã.¼ÅIóó™­Ä‹z³!5OØïžÇ8^ƒÆã
+©¸$æÜ¥ÍФ'°Â&ÒƨÅÁ_ÂŽ‹†jî¯Ê¥láw­­Ç¶y\øš#«#¬l¦L¾ïAǼL¢AËKÀ}Ãú\7Ù9Cã--_€šÎãÄîFKy³©7BY÷ì±Ù‰^xB
+bJŒFKJå
+ªâô#±·É0»“Ðı7žè'UØmûÔÖ¦&ŒÓXËô‹ ŽsëT9}ä4‘³þ{œ“Põ‰8ïtL°TØX•fϹMÀ§Ìu؆rÐ_Åýˆ9^–â #–”].©ˆ ÁhÜ#ë .KM
+²*‹FÅ‘Áì0–°ÅÖ[d·Š¶ðÓ[™Ëu˜£t Óø
+¤>(IûE±ãwI$ŒH»ˆwÂïè´ _iý#æä‘)„—êÐp“¸àD Â_OÕ3°ëÒÎŒl§*â:Œ3e¿ˆV•AD©o2á6´py…âSü–Y¸þ«A>T_ÅtÅø8p×2§ÙsèÂ…<XZQ= I,ß…„šò¦˜]Ä‚…}¹ôè{)‰™Ôå6ümhÊ€“Ô­;/H õâì%¹*—yûÐn_à™Â=Ä&íwE"ŸÿpóR#VŸi£èPï~‘XÓD{þäʹ0qÖÇy¸ù$Öj°»ÎÙ1*¿|†ÂkÕKrÀÊ/x ¾ lÆV *òUîÞÀr:ÊM
+Ûš‹Îȃ+–Zr"ü±.=_Æì‡åŸ
+Øæ׺—ƒŠƒŸÏ JέŒÏ”ôø:&\ÄÑ]\%Z}MUòÊA1ÖïÚ‡Sõ¦þÚ眲€O9G¹"}S§úí0åâ¼PòÄ£ší¸Üлø©âß¾&þÌu5Ý¿ýï²þow6Á?êèéÅè¬M
+LdSx*>Ù¹ÿÚéÖÿ–g”<endstream
endobj
-747 0 obj <<
+751 0 obj <<
/Type /Page
-/Contents 748 0 R
-/Resources 746 0 R
+/Contents 752 0 R
+/Resources 750 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 730 0 R
-/Annots [ 751 0 R 752 0 R ]
+/Parent 734 0 R
+/Annots [ 755 0 R 756 0 R ]
>> endobj
-751 0 obj <<
+755 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [487.3921 713.5887 511.2325 725.6484]
+/Rect [487.3921 714.1324 511.2325 726.192]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-752 0 obj <<
+756 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 701.6336 134.4009 713.6932]
+/Rect [55.6967 702.1772 134.4009 714.2368]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-749 0 obj <<
-/D [747 0 R /XYZ 56.6929 794.5015 null]
+753 0 obj <<
+/D [751 0 R /XYZ 56.6929 794.5015 null]
>> endobj
146 0 obj <<
-/D [747 0 R /XYZ 56.6929 769.5949 null]
+/D [751 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-750 0 obj <<
-/D [747 0 R /XYZ 56.6929 746.6471 null]
+754 0 obj <<
+/D [751 0 R /XYZ 56.6929 746.8206 null]
>> endobj
150 0 obj <<
-/D [747 0 R /XYZ 56.6929 598.8682 null]
+/D [751 0 R /XYZ 56.6929 601.0198 null]
>> endobj
-753 0 obj <<
-/D [747 0 R /XYZ 56.6929 562.0611 null]
+757 0 obj <<
+/D [751 0 R /XYZ 56.6929 564.7564 null]
>> endobj
-746 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R >>
+154 0 obj <<
+/D [751 0 R /XYZ 56.6929 410.3779 null]
+>> endobj
+758 0 obj <<
+/D [751 0 R /XYZ 56.6929 382.4543 null]
+>> endobj
+750 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-757 0 obj <<
-/Length 1929
+762 0 obj <<
+/Length 1949
/Filter /FlateDecode
>>
stream
-xÚåYKsÛ6¾ëWhr©Ô a€ H0>¥‰Ó8“ºI¬ét&É–`K E*"eEéä¿wñ"A
-’œtzª=c.ÁÅ>¿]<L†~É3„i “4B 6œ.xxß~ÃX¦Àåúe28{“aŠÒ8Œ‡“[GG˜s2œÌÞž½|úfrñn„ "4XŒGOŸÿ1&„Œž^=»x®?=ûè7“kxÃŒÄÀJ óõ›×—Íôüêzüqòjp1iŒs ˜JË>ÞÄÃøñj€M9ná#’¦áp9ˆE,¢ÔŽäƒëÁÛF óUMõ„QŽODXâ‹K‡‘Ÿ¥ âTÚKPQ¦>\^ƒãÑoê'Áú)¾Ôb]d9AâK¶\åMË%’RÎ^DÔQX¡IPš&©{UnÇ¥lTϳÚRb§©l:+3ºÌ¹¦ÊB>£Ñ˜gù­3ϬØÕóEq§ßE#Ñhcõ[!êm¹þôÞXÜ2ÝdU½(ÍÔyYÕ•&·‹¼™(f*Nœ!(e,TÎÔ%|ÇéèS¡¼jn ý‰f"_Ü‹µ4>5ŸS×@5”Ð". =V®ÇDŠ1"nKC€ÛUW–ôMS+5§\‰u>&£B·ô:ŒŒ×À£XDUæ`TV´èz«‹§‰“¿‰“$uœ$¥â¤(i“|Þýœ–ŌûVÛãZ•‡î²Sm„”†l)*±Ö6Ë[ŠhÛHkQ㉷±^)S#‡®&–*mú£q>(—`$+ª­hÝ‘_vú©mß“hì†D„)†éfÖçÖ˜ÐC›2k |´vÒ`ƒ¶™‰øM6ý¤©rs(âM$;¶‰oØöáЋµn0Ç!´PÇòU;J ‚•Õ$6€VT©ŸÐ’ZŒ[L7€CêƧùBµ‘c"B˜¦#[ÅHNØfÃÅTnvº·±Øém”SD94Z¬|,‹|çé€$E<–½[7‹¹QÙX,£D˜¢0Š¸'¯Çqnpí‚<šèè©RÛä&ÛY^õêP·:S‹ˆûEf³‹i ÍJ¿Ê¨ä`¨j®^
-È-aÜÍ謴0„Ä6°$S·Oª*¹-á½K1'Cæv·Ed+³îÔaÏÀÈL}UòC0=<oÍyp§Ì²Æ|?FB/F÷*ÏîÅ©´Wgû:¼>kZ0hÇ]ß®¶ï‘ÿtGþõÿÑÚíu”
-K¬¦8†ãcšX£¤û[ëænû¦ÿ¸´0&endstream
+xÚåY[oÛ6~÷¯0ú2g¨R$uižº6]StYÛÀ¶ŠÌÄ^eɵä¤îÐÿ¾Ã›DY´vØÓ âåð\?ÒdŒáŒŽ0MÙ8Nâ˜ðq¾áñ-Ìý:"†&°DKõËttú""ã¥Q§7¯á$!ãéìýäÙ˧o¦çïN‚ã C'ðäéó?N!“§—ÏΟë©g¿CûÍô
+z˜“H©!¾zóúbª‰ž_^|œ¾O[å\¦R³Ï£÷ñxv¼aDӄIÓp¼1Ng”Ú‘bt5zÛ2tfÕRŸC8MOÂØãF}á)ŠhH•G^Šõ I&â§Z••ú+¾dËU!t§º1“ús¿(fy¦ÖÍôÈoê¯æ•Wzî‰tÏé ;Jà1¸ʹÿ³$‡¥Ò]ÅŒ25qqyDXs–_‚õW|iĺÌ
+‚Œ†(¯–H êYX¦IÀw¡âzYÝŸ”òI3ÏÛ[ÝÊò\¬Ìè2[ºU•òË&×bž7fÌ|³rÛÌå­î-Ê–£кê^)šûjýé1ôxÔ]gu³¨ÌÒyU7µn‚“Û…b¦Ü¾#¥œkcš
+æq:ùT*« 5· =!Åâ"¬Mítê*¨Vƒp€9K¢ÉE©ÇL$-‹›Ê4ÀìºÏKÚ¦[+µ¦Z‰uqB&[µ·¤Õ!3VJ] aT•–µè[«·në'‰3ã'ÆB·”ŸTKê$¿×¿yU~À8¼Ýh±;T«
+üÐRzÊFç!%![ŠZ¬µÎr@ùÃæg€a©-j-é0øv#Ö !$Ô0HBW Kû”0=il„ eŒde}/:käÌVµêŽFmˆC˜Ê]nV}î” ­2´Ýd2€VÃ^¬ÏÙ½ÉÖá×YþÉ$”Í>‡·ŽìùÙƽ%¢Áçj‰âÒ·ƒbÙÕvØ¿Ji8«V¥¿βµwˆná†Ôu1æÅB”ácB¸…¥Ã[¹H.²¥â*4[“A#'±Ñ„"š@’ÇÊƪ,¶žôGR”DòÜЩbnD¶Kg S2–xÂzå6,(Á“©öžÚh›Â;+ê](ʈÜân‘Ù`"o Ué®ôJŠªÔê¿I¦Þ ›ÃJ€6=+”dµÕG”V¬ájà¡ã eqj|z®ÏŸÇšÃE™ûN!ÎQÈÃÐ,±‡l?«t¸é§3™Ì]ÿe×ö<nª'û*Ä84–N.•*s”N¡™P‡—Ôý&ñ®P‚,bña©-ÕPl²Ú,ê‹}]U&glV¶BÙvÛÞIA #ú*õ›Ýõ¢Ä/"'voÉ4éa•"Êcæp
+ÝbÄ·±,ÓÈ,ùZ•Bç+_9ìoÅG"èRí`Ku4‚¥vˆõF°'ö¿Œ róÙn¹!GÉBI{¡<ÊÒ&€YUy CQÌÒ¡:HKu<‡¤:Üë¤+öá¤ë åSÑì÷‹Ôôˆ¯ª¾²TÇ}uHªã«]±~_¹bÏ¿äó¬¼5æëÊ[§÷fn²ze[ýÓàéås{s‡W¢’ùEŸÛ!h†£¨wì½ìJâ½îßW«=èdá`'KÓc!r¨„ÈRÑ!©NˆvÅúCäŠýÿ,,%@‰ Kµ?‚-ÕÑ”ÚEp ÖÁžØã› "
+yPyˆ À‹Å軕Œâ8  1Åij÷:é½Ú€E1›¨ê¾êí¾ÝÛ tÚK†¼ÆdæÒ㺨Í\6 V;š÷fè¯MÝèÖLÔùzq­*w)꺺²üOÈä²j„e•5¶e•²_uOékøîù­Ž*d åR œí\Eœ©~Ò›Û²Ù^-wnYzp[m £¯-@Ô­CÔíÝ@ìBšAF“1‹0Š¡L•XÕ“ëÛ±n¼sÀÝÒî‚!¸‡|¥#®äÈZEhAÞIûÊ ö—%:¦Á./©€E`‚çIÔGàEïÐÚ¹µ÷¿çÁVÂæ2Ë ý¼gÏÂZwÿ61lÎÁ|²33˜ÊÁwðۙŔ~þc}ööLí³7 ÁbU·U0k±‡Ö¶ZIò–‡û‚Ù»H#„| kjý`2Ó\ån9;@¥îæÆp4NOõ@ܮݺg/÷âÌûÖÖwˆ®<úäZ§o^M³¢¨îƒf•õ„„ãðö\çaXÅj“¼dÛÇã測¬›t‰ÏËz©~Dqe·;Û„£}Ö¢nÖ‹¼Ñ=‡¡|/®ëý¦¯E¾Y×j /åÅÉ^yœ#
endobj
-756 0 obj <<
+761 0 obj <<
/Type /Page
-/Contents 757 0 R
-/Resources 755 0 R
+/Contents 762 0 R
+/Resources 760 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 730 0 R
-/Annots [ 759 0 R ]
+/Parent 734 0 R
+/Annots [ 764 0 R ]
>> endobj
-759 0 obj <<
+764 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [417.8476 480.0764 466.5943 492.136]
+/Rect [417.8476 456.9544 466.5943 469.014]
/Subtype /Link
/A << /S /GoTo /D (sample_configuration) >>
>> endobj
-758 0 obj <<
-/D [756 0 R /XYZ 85.0394 794.5015 null]
+763 0 obj <<
+/D [761 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-755 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R /F56 626 0 R /F14 616 0 R >>
+760 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F57 636 0 R /F56 630 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-762 0 obj <<
-/Length 835
+767 0 obj <<
+/Length 818
/Filter /FlateDecode
>>
stream
-xÚ½W]OÛ0}ϯˆxjâø+i2ž” 41¶F{„Bp¡R—8ºiÿ}v¾š§kW4Ujoœëã{ϵÏu‘ 噎 \ûæȧÀÈ1£Ä€æƒ|÷É@•U;Ym¯aŸºÈôïb× ¦-,@ÏCfp5 €€¡D€ƒÉå—³`haN.&Ò€rÇŸ.ƒñ÷rœV®G'?†¡ÁÑÅñø¤|uüUÚ—Ádxœã  ®
-t›Jt붇ž!À^‹º€ˆ'¤YˆàžÊRVšÔê·[[™r^IJ“(…éò½ZDO7ß«gè8~ï¶ÑÃ[×SžK ¹­TåV)åm.ïØá¿ÜŠúK€ö.Áž-â¬ê2]Äã‘D£¾œ¤|å©äñB2™N5ÀRÆ1¥¨òUŠÅ«&žžg‹0fi«ÛðÖº…¡ëLP¨ ºÞcù®º$ws,̢ǒ—NÄÕý­Û•pß ž8@]»5÷mØlÒ½o÷«ÿ2tˆçáæâÞá<@= R¥RBÞ›Èë¿oCÿ9òq»endstream
+xÚ½WÝOÛ0Ï_ñÔ>ÄõgšÀƒ²&ÆÖh/€P.TJã‡nÚÿ>;NÓ´u*hªÔ^.w¿óýξs‘ Õ¹Ì~ˆC·RÀ bn2q {¯Þ}uPeãͼ¦Õ—ÈéøÈ AècßF ¬
+5é­DØ…iü.¦7ÕémÌîJ,ÞŠX™ÆÏÜNÓúhã}ÖîcM>­$½JD…"ª[!”6ƒêô™Öx¼UEfBJ‰šÍV ’çÏzaZNDv!¾ß7Á–ºÖJ°8I­,¬ö0­D¡V
+ÖV>ÿC°¾ôÿ!Zuöendstream
endobj
-761 0 obj <<
+766 0 obj <<
/Type /Page
-/Contents 762 0 R
-/Resources 760 0 R
+/Contents 767 0 R
+/Resources 765 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 730 0 R
+/Parent 734 0 R
>> endobj
-763 0 obj <<
-/D [761 0 R /XYZ 56.6929 794.5015 null]
+768 0 obj <<
+/D [766 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-760 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R >>
+765 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-766 0 obj <<
-/Length 2327
+771 0 obj <<
+/Length 2344
/Filter /FlateDecode
>>
stream
-xÚ¥ÛvÔ8ò=_Ñî-,Ë™=óÈ’>û<¨ÝJ·Á—Æ—dz¾~«T’ÛÝMΉK¥R©Tw)|áÃ/_Ȉù" I²ÈçÑ"+/üÅæ^_pK³rD«1Õ‹õųßc¾HYñb}7â%™/%_¬·Ÿ¼«7—7ëW—« ò½-WQì{—/ÿµäœ{—ï¯^½¤©«
-yÙ^U;7À“˜ï^ÛÙºúìûÁ®omŒHÄ–@Ù•º(Î0{ÕÍl¡èÐ4 ø{Ÿ°%ì]Ý°Íï§iº²üîôIwO§G¤Ë«¬è·d
-%sfQé¶%D}Gߌ¸©î´f¢m@|ÓG»HU[úöÇäm¾›Zpy·'ˆŒä$O™Lb’'€$‰@Ö¼TM^iØö‡ørJbòbƒ7º2686™ÄîDèŒY–}•gÆ”à#BFÎÕ“Ø*ÍÈ
-,þ®+m™áÑÐIè=” ¼ªîò»£ÉXOç\Œ4$}k_pÓ6¿×„úÞëæH Dt«À1@”ÐçÞGÝÖœ¡¥Yçú
-Êc¾(Ó§:Á¡&ßCﶃh¡¤¸m¿œ‹ˆ„I?™Š÷¨T?ê17ÊxŸ„L ‡J:Z²Îû˜*Ü’ÌTÐjl’&–ÐfÚ]£J:æ(…ÂÅàïsE@綟´\¤,¡w ¶«o3;cÙÇ.ÄrÏ `“Â*ËæøS6˜+-«d'XÎS9 œ"¯l]©˜Q[vêD™é,BÎbaÜö"¯u¥Ô¦ar»W¶•åíPl(æx¥2[<nTÞLË×È8í|W$,ImÖ‚ü­$äu*·8Ö¶üa<‹ˆâ
-ð;+ž%3i¾˜æìœÍFwZWVùñ؇‚” áVµ{–ÏH ®–‚–ÎÍ8ᄽj,GŒ‚9FÐÉ%ÒQ™®Yx—‰©šM% ó+¡¬€ æôüð×Õsr ™ÏÃ3ø¡9ÎÊÈÂpŒáÄ}N®q €v@¨ìM…
-­5—áÉÇ/»ì»º„’Ÿëtبü‡±m°ipSp¢¨lk›±a96~íNî #EÈ(œØâò˜àͱӮÏM½7ï.¯Vï^F4"•!“–¾®gµ{ªM}oŠfœxÖÐ[6s…Ívl‰<õœ8
-€»ÐUn¥è»/U¶*·‘ÅnìE/aÉß|¸]ۣțwæIÏfLº€Àh:åtuJ]`/8ËH* „Üf–·cžð(yâãƒî~¾Hr¸
- púSj
-G‡ÙSp¥hÛ4w…z¸Ö èD& ±=ÛP¶JàfÎáR?鈰±ZÅ!™LWY½uöo»f¸ÊŒƒ†˜Òæ
-jªHDìT¡Ïç2±`)>GøC¶´÷-ç¢Îõ_“³ÁïÈéʳäè.žg·0·Jµ(3êÜó™­x’0.E:õs0ãmªg¯¢«¯¯ÓOê–ýî«àëöò·ß~ÕóÎÔü½F ¤pû/öä¡`øøñSU?ÖשøüPcsUα$ŒÄ\õ lõy§ª^ÿcéÉT$Ošœ7ø¼<˜€œ¢Ü[·Æ…Ì2¸wV™ejú&Àbf5Wƒq8û–t6`Lƒyïì½.ñ.o¯®¯-ccÒÖn<T
-Ü«"ßÎ%ëS
-9]õQµm_’—W7`j¨ÂVwN()}Ñå‡br6éYþ&ˆ¯H=Ò
-fhÃÎܹ…œ
+xÚ¥ÉvÛ8òî¯Ð‘zi!Á5óú 8›;íÄëõ%É"a‰ …‹Ýš¯Ÿ*@‘2Ý™ž‰ß …B¡P; ¾pá/‹"ñQâ³ÀåÁ"-/ÜÅæÞ^pC³²D«1ÕËÍÅó7!_$, ½p±¹ñŠ™Ç|±É>;—ïÖ7›×Ÿ–+/pŸ-WAè:ëW.9çÎúÃåëW4uùà›Í-Œ„ðc µÄ›Û«·Ë¯›ß.^o‘ÆbsW <?.>uHÿÛ…ËD‹¸Œ'‰·(/ü@°ÀÂbŠ‹Û‹?†£Y½tN ˆY{ÑŒ‚hNAÂBá ­‡VÉ&Ý/W¡ë:Œ1<p]qÎ’ ð4I%KÕªæ^5DÆ#ñÁÿÞ?#SrþrÉŸ¿ñ½÷™ðC«ƒq߬s,WÜuOæ€bth .ó]húÍ>oÁ”aèد¤O»¯›ÁÀÙõy¦ÛÕfVu]^íhÐè»Y&®ÓȪ•i—×!AŠJv}³ä±£Ì_ÜÀÕâq9!·²U™ÙåœI«Ò¾É»£‘Ô`_^}xżêæ4Ÿ©6mò-n+xà¤{Yíì
+,þ]WÊ0ã¡ "ßùP±çTu—ßuœÕ?i(v}ÁMÛü^êG¯š#Ò­Ç
+ßJ=è³
+C«í»V}
+üUõ‚\ÀKBærÿ̾xž¯³Ò²0c8qW‡“m *{]!
+4NìqyHðöØ)Ûè&λëõåêúU@#Ò2iék›V³§ÜÖ÷ºj†‘ó{ Íål0-[ŸšN€£v£v& J†3º½§n)~jµ’mnI¨ÏŠM›#3”(ñugˆ;ÝdP¥ü+/ûr؃€BU;mæˆêš%NÀ=#pÞµÿ0ñH¨™"^Œ/Éj€:Ûzj#<.Ë¡óêlÂ9µ¦d\\Ošæ¬OÍJIŸ“a“c;h¼3ˆ§N5…Œ³‚à/t›[IúîK™®Ê,0Ø­¹ëy±Aòwo7fÁ(öæÝyÒµi$6$ЪN8]ž†
+Öh£¡¶žˆM3wjÎKí…é†~söʽ.Úň8u‘ó½ª*‡°˜v@ïßf WWƒëö”WúÝ~ÆŸyì1&¶s,Kr‰_… õ£!HuFV0pļ7½ ¡5}ÇÝR4òXO¤L.|C‘˜zÜÂäßß7â!m$^Ö‡ããG±ñ½ã,f­eëÿË¡ÿ¼†+ÜyÚÿ&vµƒÆæ{,u¬éU(4[²Mëƒ"½à„Ϋ·Œ&ׄЯœÖ%qñ’ëçÔƒy¼ RácÞ–f}þлýK-ÑðmÓÐ…Ýh³™¨}³¹Yr/Ñm#æÆvo Nê°¯+eƪKÙSþ"`øR?sw3þß?œ~ôð#¸ÕÆO¼7d±—v#’'ç’¿<ý?ƒìûendstream
endobj
-765 0 obj <<
+770 0 obj <<
/Type /Page
-/Contents 766 0 R
-/Resources 764 0 R
+/Contents 771 0 R
+/Resources 769 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 774 0 R
-/Annots [ 769 0 R ]
+/Parent 779 0 R
+/Annots [ 774 0 R ]
>> endobj
-769 0 obj <<
+774 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [141.6323 542.135 238.8039 554.1947]
+/Rect [141.6323 523.4685 238.8039 535.5281]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-767 0 obj <<
-/D [765 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-154 0 obj <<
-/D [765 0 R /XYZ 85.0394 714.8115 null]
->> endobj
-768 0 obj <<
-/D [765 0 R /XYZ 85.0394 677.0418 null]
+772 0 obj <<
+/D [770 0 R /XYZ 85.0394 794.5015 null]
>> endobj
158 0 obj <<
-/D [765 0 R /XYZ 85.0394 511.4338 null]
+/D [770 0 R /XYZ 85.0394 692.7058 null]
>> endobj
-770 0 obj <<
-/D [765 0 R /XYZ 85.0394 481.2746 null]
+773 0 obj <<
+/D [770 0 R /XYZ 85.0394 656.0665 null]
>> endobj
162 0 obj <<
-/D [765 0 R /XYZ 85.0394 430.0716 null]
+/D [770 0 R /XYZ 85.0394 494.5719 null]
>> endobj
-771 0 obj <<
-/D [765 0 R /XYZ 85.0394 404.9057 null]
+775 0 obj <<
+/D [770 0 R /XYZ 85.0394 465.5432 null]
>> endobj
166 0 obj <<
-/D [765 0 R /XYZ 85.0394 247.2874 null]
+/D [770 0 R /XYZ 85.0394 416.9144 null]
>> endobj
-772 0 obj <<
-/D [765 0 R /XYZ 85.0394 222.1215 null]
+776 0 obj <<
+/D [770 0 R /XYZ 85.0394 392.879 null]
>> endobj
170 0 obj <<
-/D [765 0 R /XYZ 85.0394 126.7814 null]
+/D [770 0 R /XYZ 85.0394 240.9131 null]
>> endobj
-773 0 obj <<
-/D [765 0 R /XYZ 85.0394 93.9722 null]
+777 0 obj <<
+/D [770 0 R /XYZ 85.0394 216.8777 null]
>> endobj
-764 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R /F58 635 0 R >>
+174 0 obj <<
+/D [770 0 R /XYZ 85.0394 124.8814 null]
+>> endobj
+778 0 obj <<
+/D [770 0 R /XYZ 85.0394 93.2026 null]
+>> endobj
+769 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-777 0 obj <<
+782 0 obj <<
/Length 2387
/Filter /FlateDecode
>>
@@ -1812,149 +1828,151 @@ nŠÓÑt«³’(ÝaaíÊW–L›jÐ9-Ì«¦ÉÖnE±.QK±½'CÑ”&¾ôùyA*_f%6`ëbu?Ê1fƒ¬Ý£4z¯VÑÐ~¹
LY“]p¿Ë! ø8†ŒÇ.,®=†YÄ;Ñ)Ô¾¹(é2,Ô·w™m„`0ƒ.MKn©Ö5Ö ¦`6êÆ!r>,87ÝT–yH:fÌ”æ¸Ë,;T{[JÚq.×ÉuîÕ gqÊãÓœa]{
"<®wTOrÊíá t"Ôi‚Œ(A^ÖuU7Oú¬xL˜ª2‰ëa³ÑG.àÁHçøÐîAèáë wï= ”N8ažYª¡ÊË6ØÑ5ng_ÁEšàS G|ï߇¸5¸ a?±Ž|\iÞë|¥>A@X>ßå¡KågÚêY¤–Œ÷îúçËëkì´g~Ù°eô;ù ¤ÁAoA]¸'Ëv_ÃQˆwƒï*fï×Q€¬î ±‡\Õ"¢ Zç9Ÿ{·³_[IÂEH¡¦î›õE##Á°µ4|·E3B¾FpWNpÕ¼é‚@:|¡
endobj
-776 0 obj <<
+781 0 obj <<
/Type /Page
-/Contents 777 0 R
-/Resources 775 0 R
+/Contents 782 0 R
+/Resources 780 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 774 0 R
-/Annots [ 782 0 R ]
+/Parent 779 0 R
+/Annots [ 787 0 R ]
>> endobj
-782 0 obj <<
+787 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [389.9997 160.4711 458.6717 172.5308]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-778 0 obj <<
-/D [776 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-174 0 obj <<
-/D [776 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-779 0 obj <<
-/D [776 0 R /XYZ 56.6929 749.1477 null]
+783 0 obj <<
+/D [781 0 R /XYZ 56.6929 794.5015 null]
>> endobj
178 0 obj <<
-/D [776 0 R /XYZ 56.6929 562.9559 null]
+/D [781 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-780 0 obj <<
-/D [776 0 R /XYZ 56.6929 534.7243 null]
+784 0 obj <<
+/D [781 0 R /XYZ 56.6929 749.1477 null]
>> endobj
182 0 obj <<
-/D [776 0 R /XYZ 56.6929 329.9686 null]
+/D [781 0 R /XYZ 56.6929 562.9559 null]
>> endobj
-781 0 obj <<
-/D [776 0 R /XYZ 56.6929 301.737 null]
+785 0 obj <<
+/D [781 0 R /XYZ 56.6929 534.7243 null]
>> endobj
186 0 obj <<
-/D [776 0 R /XYZ 56.6929 144.802 null]
+/D [781 0 R /XYZ 56.6929 329.9686 null]
>> endobj
-783 0 obj <<
-/D [776 0 R /XYZ 56.6929 119.5353 null]
+786 0 obj <<
+/D [781 0 R /XYZ 56.6929 301.737 null]
>> endobj
-775 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R /F14 616 0 R >>
+190 0 obj <<
+/D [781 0 R /XYZ 56.6929 144.802 null]
+>> endobj
+788 0 obj <<
+/D [781 0 R /XYZ 56.6929 119.5353 null]
+>> endobj
+780 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-787 0 obj <<
-/Length 3106
+792 0 obj <<
+/Length 3118
/Filter /FlateDecode
>>
stream
-xÚ¥ZKsÛ8¾ûWøº*b@‚à£rrœd’ÙÚLv¬Ý­­É( ²¸¡HF¤ìx~ýö |™OÕ–  ÑèLJ–ƒKÁej|¥³è2É"ߨÀ\nêòÆ~º„gå˜Vc®7ë‹Wïãà2ó³8Œ/×ûÑZ©¯Ò4¸\ï~ón>\^¿ûõjåEþÕÊÄÊ»~û¯« ¼ëO7ïÞòÐÍ/Ðþ¼¾…^˜Å°a^ÿíÝ®~_ÿ|ñnÝ‹4;PåùvñÛïêrÒÿ|¡|¥æò:ʲ,¼<^DFû&ÒÚQÊ‹Û‹ô ŽFiê’ŒN}“†É‚"½¤“ù±5éáãþj¥ÃÔËù³¾ýø¶/ÈOWAêYhíéÞž¸Íô­-îm;šxGÛ¶ù›QÜUvÇíÍ£ðUü=W_«ú¡âY_í#iý%t£Ôë–é¼MÛÔU+K>e) Z·lÚXŸÒÑŠî
-<e¡Y‡¡†³oyU´G¦îÉX€×Çf…ÃØ­ì HÕ°0¹=ˆ«í˜ÜÚ-÷;ßØîÁÚŠ»‡š©‡ºíZôbÁ÷`³’dCWƒ{ÎKº‚•;Éä&¾Àœ#ÜV‹ t»/þ©²Lä§iˆ~ +­|cT$L5aŶ±ÛbÉ*Ò ûSÅé5e*¢-EW4G9 ç-»2"°À7?½e†âØ”ö"ó몔ÍêÊŽEà&Ò±™ºš3ñ,óHs‚ÐEaå½-ö¨Tò—Õ[–Gr0`gÑ&>´„;‹ÞdRïMMq8誘g¸ sûÛ¹è¯YÈpV~/{çLXä*–#㶦/E¤”œ*/»C}¾£(ˆaµ¸‚Ê¥)dððe_ÔKrã0‡ÂTbnê5”àNxZQñ@Ο?àbØ‘)­9ºÏlN‰e:ùs£³p–
-o\c´ãŽDY„s+° æ?¥M½BbÅ:­‡ fž… bOÜÞo;x‡”ZF€€ÊVý5‘ÆD5粓9KþFÆOT<{vˆÝfœ2-Ù,´¤³Ð’¹T-Îx T%Ç¥‹Ø)a$1
-_†8 å’†½
-˜î¦O÷RA#çhô0—åö“jB$Ò6’šI[‰Dpo©çʸúã°Êâ{3à뙞\^dDWŠ ¯ò®³Çfö/ëÁ´Xh¼šÞ“«˜-\ 
-ˆ²íêÓðÛZ{9»­Ð[&m¬°:# {Ã$ê+ÿ;7G¥)·,˜¼+çT;6C8ÌNRÏiÎüƒ—äý jŒ+Ê&v4cú‹ü¶bð‡§ãñ\ ÉÁô?±÷ ÎÛÁ+¬’\}jyƒÚˆ©ÉÇâ‘R_1b€mE¹c¶?¨¤K3EBßÇbQEòÄÉixùN±9hÁs˜™pñ­ðAàƒ”Æ™ˆL“Õ$Ze­€âJ;îndÛA6=žÛŠYèW‘ûC.{êùMÞ_± .{Œæ0˜®¤%9 W¾ˆ­Þs=ôj.mêÈý¬Ú2= G # ®Çtr›(pÑ(.KÄ9yX”í (Ùr5ì~3Á><@Ð]ïÎÃk3ê¿Ey&û½Xü©ÉÙËö;Ú»ÆÏÞecQÊ”/ßÔ÷=~u ¿-æ/Æ6|5x~u,ý‹ƒÆß'ôÒ?$¨>Rÿßÿþ0ü‹G”ø:MÃåÿl€<å§a–8¡Pa0—¼ÿ?‰§¢ÿøœ}endstream
+xÚ¥ZKsÛ8¾ûWè¹*b@‚à£ròØÎijµ™ìX»[[3s $Èâ†"‘²ãùõÛ/ðef<U[>h4€F£Zö
+þüEb<¥Óp§¡g”oÛã…Z<Àؾð¬ÓjÈõÃúâ݇È_¤^Ñb½¬•x*IüÅz÷ëòúãÕçõí/—«À¨eè]®L¤–W7ÿºô}yõéúö†‡®†öçõ=ô‚4JÕóúo·ÿ¹ü}ýÓÅíºi(¶¯4Êóõâ×ßÕbÒÿt¡<&fñåùi,Ž¡Ñž µv”ââþâÝ‚ƒQš:§£Ï$A<£‡PÏéÁ¤^¤Mz¸Û_®t,3þ¬ïï~ÄV¼Ìž²Ó¥Ÿ,-4öôhOÜfúÖæ¶ÌŽ—GÛ4Ùƒ›‘?”vÇíͳð•ü=—_Êê©äY_ì3iý-tÃdÙ,Óy›¦®ÊF–|Ê‹B´n!Ù.´±ò}/5& £=åí¸´/KBCŽ§ÕÒ~km¹#ù€nO´Yuâî¶ÚYfkl+KTüýáêïåõ˜B„oÆ3ÜþHƒÐí4í‰aZƽ¡Ó ›;ž<kÏÝ*‚ƒf(¯Š—»ŠVZY é1+ò]ÖZÔs D)ê…žaŠèÆ6BéôLTŒ6”EäØ@hèCÍ hP³£C±_’žCƒz†=îŠÃˆ”]Ù ZCC·S1´'*îg÷*†Žœ—b¦6?ÊPun›|ç:{þòy‘½(ª':$L:eå©rÌ\ÖDɾrJ†ÖF(Ši”óÝ=ùe©t¨b U ]Q±ïŒ—¨ø J]ßýýö-÷²r7ÙA-°•3éÍ :s$;ˆ@¯»ÿž›¥Á^Sá׈)"…–ÇÆXHÙb@À†[«9o·p?ûsQ<ó:p¡ùoJv‡Æ`’åLÉÊgnàÝðŽ¶_·± 3ˆU¿½\ü›f )kÆ SFMÄ5¬Zñ¹—7ü%5cÕŒßO?¯/ãpyõÏõG&àjä†ØÉÎ QÙæ[pÅ®æ¡
+RO›0nd¢!š~hÐÏö•ysdê
+é puÌP`¾{°¥=©|&7qÇ“»å~ËãÛ>Y[ò`ûT1õP5mƒ—« @¬sh’¬ïàj` ›âÊd|k0çwÔ`]3Dãx©,zIù¢†ïèJ+Ï
+“DVX±©í6ßcB 5ÈþÄT š²Qò†¿¢+ŽšÝÈYÃîŽh"…¼r÷é†òc]Ø#XˆÌ¯ÊB6«J;< PGfì–Î ÒtIº o\¤VË›|J%ŸZ}´Eq$'v]arDKx° [÷C…±9誘§¿ sûë9ï®YÈpVö({gL˜ä*æ£ç¶¢/—NÈ©²¢=Tç”NcèÍ/!Ïrgn
+<|ÙõœÜ8Lrkø­%Àð´¼äŒ?ÀÅ°#SŽ[s˜Øœöc/LuüçFf
+J{…Ä=Š‡ZwYðìÒB–±'noÈ·DJ%#@@e«îŒšÎHc¢šsÑÊœ9 BãÅ*ð_={¨b3
+N)‡–tZ’IhI]ºç<ˆª’ãÒÅ
+4•0
+¬‘y›”½GceÂ9“Ö&å0‰ß2os “†­QGŒ‹¡»-rò>lS…o‡ö;ÑÊe¥ÁÜÞC¦âÇà.Jý%ùµ0}=Û“ì…>‘—Ûâ,; 1 {¢7Y¥c»Êj9~}£b`Ž1ä5 *°ÇP-&ÙáC2¥Ár5Dº~ìÎ(ó‡ï³CF¨Ý!‹
+˜n™…32ñKiŒœÃÁã]–Ûó—¥×¡H?ØHê‚$m)Á½%KWbÀÕŸûUfTÏðýDO./2¢+ÄúWyÛÚc=yÈUoZ, 4ÞïÉUÕf®…‹„372¹
+œ«>ä[Ø0 †ƒÃ[¢YÛ EE&PÞÄt0‘j©®àÙ¾),SÛG† ‰<²G‹ÝÛíù”·ÏLF]°à€šé <$ß}÷€:õà)ïžQ¢SXÖ~“dêÐó“@O*¶là$ô
+Íö”ol31zIœYÏÙyÍÙÕÐœqwIhbø˜nfíõ®ä÷µ€E¹Ê0b2W;p®™q×mÄ<ÛA½ÜÐf}9|8’ Ë겄ÜUÕ© Œ´ÖÖBz3;0•ßéHÜÈzûŠ ƳâØ•{€!-íƒÛ¹U»Z»«Qù\|oXôÆBó3yóÒ1æ2e€/åøðñxû­.
+ÕøSÉ»ÿ¥x)úÿ
endobj
-786 0 obj <<
+791 0 obj <<
/Type /Page
-/Contents 787 0 R
-/Resources 785 0 R
+/Contents 792 0 R
+/Resources 790 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 774 0 R
->> endobj
-788 0 obj <<
-/D [786 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-190 0 obj <<
-/D [786 0 R /XYZ 85.0394 665.1229 null]
+/Parent 779 0 R
>> endobj
-789 0 obj <<
-/D [786 0 R /XYZ 85.0394 629.6667 null]
+793 0 obj <<
+/D [791 0 R /XYZ 85.0394 794.5015 null]
>> endobj
194 0 obj <<
-/D [786 0 R /XYZ 85.0394 447.4087 null]
+/D [791 0 R /XYZ 85.0394 664.4553 null]
>> endobj
-790 0 obj <<
-/D [786 0 R /XYZ 85.0394 411.3863 null]
+794 0 obj <<
+/D [791 0 R /XYZ 85.0394 629.6667 null]
>> endobj
198 0 obj <<
-/D [786 0 R /XYZ 85.0394 274.5298 null]
+/D [791 0 R /XYZ 85.0394 447.4087 null]
>> endobj
-791 0 obj <<
-/D [786 0 R /XYZ 85.0394 239.7411 null]
+795 0 obj <<
+/D [791 0 R /XYZ 85.0394 411.3863 null]
>> endobj
-785 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F56 626 0 R /F57 632 0 R >>
+202 0 obj <<
+/D [791 0 R /XYZ 85.0394 274.5298 null]
+>> endobj
+796 0 obj <<
+/D [791 0 R /XYZ 85.0394 239.7411 null]
+>> endobj
+790 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F56 630 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-794 0 obj <<
-/Length 2707
+799 0 obj <<
+/Length 2708
/Filter /FlateDecode
>>
stream
-xÚµ]sÛ¸ñÝ¿B‰<‰X 2}ò9¹»ÜÝ$×Xmgîãa‹‰Ô‰”]õ×w»
- ¹0Ü6ÛmóÂ"ÞWXÌ®ü(4˜4[¬ª.lâ”ç|àx惨6CKÌTd„ôQt½©¶edÿYà-Lnærˆbj´ž×Ì4P-Tª¢\H9>í8D/Rˆa‹‚F'·C¬h„S1‚)'9h$c4=FJ¾ÌA‰Î¼ÀgÝþèbÞz,·¶¥ Ò2B+K#çˆò¸¶åë Õ‰4Žr™xÕý8–ëe«—BªDGx¥&ŒŠ%/Ç랸H¼IúÔä¯J›(åØÖûÝ÷‡êmfB‚8…™Uä6„aÏ«–Æ¢ÆQ̽8¤‹ç*¦ØÀƇ@WÜ¡7`äÖ‚¬}4O7@0FXÞ#¤FÇc¸Š”—{ 8B'ÆdB—
-lWÅfÊÒ§¬#ÍÒrÆé$†9¿›¢7
-)Ôì:ñ‡™öT(EeªÕÓqZN¤‰âbãHË}=ñèD„º·‡
-ùúT>•*.s¨›0WgC ¹ºÁ×s0Eg7Ϻ ¡HG€j¹†É|hÛÛCWY®PY«#$ä@eu‹«n­O¸g;²³»ºIsá±·¾Ò`)€Ûª¹g Í-¦5æ¾gòežô×û²±í¦9nK‚]é³UÝZNØ€­jge9HÀ% |4Bø¡BMl&
-< ½ œÃ†?½{ýÓßÞLUyZGIn|•×vpcXØ «Xƒ,ëí±¤œŸ«' TˆŽoÄó
-Ƈ —GDÎoQ8Ä SŪ,’1ôO¾G“Ü£]ì C+úF Š ÿe«¶+>ÙOO±Íã(1!9~E»¶&Ã;¯’B=ÔúRî–x2C2Í ˜5`ã¶OĨj—}–ù¡^»^Iû¦) m™mYÂí âVÖÖ„óÞ\ºàFš$J’0¾wÔdÜ€Y«-£(¼àþ‡¢nwUÛ¢75#›3áŠrWÕU Ä_Hí̹/²ßB„-†~Ÿö=ø]C(ßW¿*=[eBÃÙª&nPûUÆ+ &}‚|×1ªy¨Ïyq J}Üî Ö®/p ê{%ûì)]#Zu¼}öØŒ5…Óªí÷wm—˜ÿcãn¦]…Ò‚ÈGÏ "îбÚ¦۪톛ô
-Èèæ
-òMÕ0±;©/ïè-åEKäüvʼnd댎¤ž¸ÐÁžÉ$IÐ}ºO‚îrºORRŒ+¹B.q_4om†µ
-šÞ³÷„âéJ²w8ø
-7`'˜YYœø Êú„?΋uó€…g4ÑåJŸ0 êßy¤S8Œ¥ñe–&±G>Ù=ONOéÔ-ÁéçŸ>8Kex©êË?À»¸Ï¾HèâPãÑÁŸí-…Ô‘–á“øïrã·ŠŠZÀ¯Ç9¾£X.ᄳ`¼Ï»Î›$>ó+#ÎÒ^C;»'„R1LйpO‰ˆäxÕ)?«R¨ÂJÖ~M5á8 ˜q÷F8p­Q y1½íEQ®Ng»ûWeÓ?\>Ît»Önï]Ó˜ÄrÎ|NàðȬ”‘¤Àð­ß3öÐnª=Q¹Ç#X@` iÑ•œøÍïÒ¸OÍœm½nJ;Z'Æ ©‚óN˜7¹ò—ÖòŠkùÐðìe¯Ñ>_\j¨-ÿoÕ=Þüt³b$Èš™¯/í¹PVëÎÓ^´}‘n;N¹ˆ”Iӱ߿ƒ«ù“o¡ 6væ ŸB ´øOXÿJ¼7hû¸?7à?3 ³ç¶DGä-?úA09€Éº¢gXŒW“R+„½úA‘Ð<Nx|Ò&üMñŠŸ0R%ÂÈǵñDäÓ‘Ñ&ý
-e%Yxë7"×!Ê è½¹p·Õ½¥IŸO¶Hyë—Û‚ªGÿ$!I{\q.!-Ý)‘¸
-˜Œ:öXgã@â‹
-Ž\蜼KysÅM^ àó¾ñ?yùÇÛ3ß=·ø³®¶/'F5U/Íëç2¹™ò`—€9³MXhVÈ/ÎàS¡m´$dð©½ÜRSÿQÇ! þ×ÿˆ÷ÿû'H³Löv^M%0a¡ð$R>’ÜÿuþXôÞ~Ëendstream
+xÚµ]sÛ¸ñÝ¿B‰<‰P 2}ò9¹»ÜÝ$×Xmgîãa‹‰Ô‰”]õ×w»
+jºåsè”5VºÍrî¹ê†'¼rRÃÍ„ûy Ø¡c=°H[Ç*@Ü^œw8#%HQŸh2T~—vkï@é%á# ;Éòù/LOzšµŠ³MqoG ¨y[ìT‡ÙË ±HÞ…ÊÒyƒÉy+κӞg Åc«Ì±·³_>¼;aŒ*Zå#½"rE]Ò„mf+>éØ«-Ïo‰ þ¸¯»j þÔÔh¹™¿ãΞaô÷»ÛÙº´|@·)MfŸØA*±Ô¹W 4p 8AǨ­õ|}8í;t ý¦ZóÊö®9TÝfG¥EÓãKÄå–Æß”Šw lÑ¡ÕÍOEwñÚí·˜í­<Š»Q
+1lQÐèøv€ Óy’›xÓÙc¤äË”èÌ |öØí.Và­Gjk[Z -ãleiäQ׶|=¡:™F"W±WÝc¾^F‘~)•Žwñ˜KiRat¤x;^÷Äõ@âÓ§Ž Õ‰y¤Æ¶ÞŸ¾?T÷h3D Ôc‰:9 alÆQ@eQ@ÑΦéÛÛˆR<Ï]lðƇ“®¸CoxqY{¿øt[™zHŠ¸Ú ñ)4yŽG¡‰cslœZÔ`µ:2S6>e?ài–Ê^-#tœ œ?MÓŠ‹
+Õz{a¦}ŠP•&úiAœ–ceDCTi¹¯$CID {{¨®OâSIâ2‡Š ³t6Ô«|%K$»ÁHÖmD:PËÕKæƒÚÞºÊr€ÊZ!wç¸ø)«[Üuk}ª=;‘ÝÜUL —{ëk 樭š{fÜb*EcÖ{&Sæqݹ/(Únšã¶¤¹+š`µª[Ë© Uí¬,ç2¸øÝ,Í*ÔÄf¢´SÐÕ€>0üéÝûëŸþöfª¾KçÆ×wm7†% ±Žàe½=–”ísý„JƒøF>o¡`|ØjéqDäÌ&‚ƒ «3¡"èœ|w¦¸;»>ØAoVô-”?ÿË&mW|²Ÿž"›G"6!-~E£¶&Ã;¯B%Ôú"î–h2A2‚„[¯dÔz>¡ªáþG–ù¡^».)ñíR²$4d17&[Y[Ì{sé‚q `â0‰c€ø®1!ãÈêXmDáÏ?u»«Ú-¸©Øœ1W”»ª®Z@îüFjdÎ}‘ý"l1ôû´ïŽÀïùŽÂø]éÙ.Z ÌV5¡pkÚï2^a°è£从AÍC}N‹cPê»' ÞpG°v#P—Ø%Ùg¥t-hÕñôÙcKs¬n(œVm¾k¸äüw›°ìB(”ä@>zñ„ŽÕÝVm7<¤W@F7•õR`Ô°,f7ÐZ.¢ç×)‚jï*ô™
+Ôûz+ñµf‚uê®Ú‡íiÀÞàd㣽ëë»Í(S‘s;…£†v÷ì%¡xº’쾂à ÈI&V'¾ˆr‡>áóbÝ<`á)&úûàQéD;$…ƒX_fiyà“}óäò”NÝÜ‘~þ1àƒó·T…‡
++Y#ùÕ„÷ß4@ÆÝÁÀµ„5¤Åø¶£I(Šsu:;Ý¿'›þÉòq¦Ûµv{ïšÆ8Rs~Ús ‡ç ø `¥"u
+³ñj’ks¯~P$4ÏŸcŸ„þ xÅO©±4êqm<ùa“~…²â,¼rŽ›™'!ÊIè½¹p·Õ½¥EŸOpžkóÖo·)4ý‡„(íqÅuº‚<¶tÿ
+¢„â*`2èØ£$_ÔPpäBçä]Ê›+òb0?ïÿ“7<±=óÝs‹?ëjûrbTSõܼ~.“›)v ˜3Û„uf¥úâ >ÚF[BŸú¿[Ãýh=õïtâý_xÿ 4ËTÿ7÷èUÐd"΀3…’(õˆsÿ§ùcÖÿ  }éendstream
endobj
-793 0 obj <<
+798 0 obj <<
/Type /Page
-/Contents 794 0 R
-/Resources 792 0 R
+/Contents 799 0 R
+/Resources 797 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 774 0 R
->> endobj
-795 0 obj <<
-/D [793 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-202 0 obj <<
-/D [793 0 R /XYZ 56.6929 769.5949 null]
+/Parent 779 0 R
>> endobj
-796 0 obj <<
-/D [793 0 R /XYZ 56.6929 749.0094 null]
+800 0 obj <<
+/D [798 0 R /XYZ 56.6929 794.5015 null]
>> endobj
206 0 obj <<
-/D [793 0 R /XYZ 56.6929 483.1107 null]
+/D [798 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-797 0 obj <<
-/D [793 0 R /XYZ 56.6929 451.796 null]
+801 0 obj <<
+/D [798 0 R /XYZ 56.6929 749.0094 null]
>> endobj
210 0 obj <<
-/D [793 0 R /XYZ 56.6929 202.106 null]
+/D [798 0 R /XYZ 56.6929 483.1107 null]
>> endobj
-798 0 obj <<
-/D [793 0 R /XYZ 56.6929 173.4413 null]
+802 0 obj <<
+/D [798 0 R /XYZ 56.6929 451.796 null]
>> endobj
-792 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R /F58 635 0 R >>
+214 0 obj <<
+/D [798 0 R /XYZ 56.6929 202.106 null]
+>> endobj
+803 0 obj <<
+/D [798 0 R /XYZ 56.6929 173.4413 null]
+>> endobj
+797 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-801 0 obj <<
+806 0 obj <<
/Length 2601
/Filter /FlateDecode
>>
@@ -1967,67 +1985,67 @@ Y²Šnß½¡‰„6“.Õ¤Sÿu¨‹ãdבLÃÍxˆKŸT°C-¾“ÖLpC:]~"Þ”]ÛaÝÁ -C¯d«–`Jy¦7µñšÀÏ&*œÝ
Ž©!.—LÇ‹sÏÝ=ÕjLv~²snte"×–ŠIÉgŠç¸þBÚ=<”ÖÇ£3õ¸GÎP^:WÕóá]düí3}ƒ¿ƒÏØ]jà 4w ž*ÌOÿ`öž|5¢?×ÍW÷èdó¡¿b’ñ3'­ Ú1?³OOô}ÎxõÖ9»ßAÃÂt¥Óž ©¹½eR»‡>Š N>·}wE 9!tEûcÑ+!uøVêI÷‚8³,!x[3¢Úg|Þ©hæR
Ž¸ALô³\½;ºNh†«X;áå¿ìÝLN[_éo@ƒX¨ŒÊ>»eâB`&aú‡‰—3eˆ˜ÒŠ2Ç¿>Þ^¿Ç_Êð™%¼g@Úœmµ· ^á´
endobj
-800 0 obj <<
+805 0 obj <<
/Type /Page
-/Contents 801 0 R
-/Resources 799 0 R
+/Contents 806 0 R
+/Resources 804 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 774 0 R
-/Annots [ 806 0 R 807 0 R 808 0 R ]
+/Parent 779 0 R
+/Annots [ 811 0 R 812 0 R 813 0 R ]
>> endobj
-806 0 obj <<
+811 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [466.9412 221.8939 539.579 233.9535]
/Subtype /Link
/A << /S /GoTo /D (Bv9ARM.ch05) >>
>> endobj
-807 0 obj <<
+812 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [84.0431 209.9387 221.3667 221.9983]
/Subtype /Link
/A << /S /GoTo /D (Bv9ARM.ch05) >>
>> endobj
-808 0 obj <<
+813 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [377.8384 192.5936 436.8266 203.378]
/Subtype /Link
/A << /S /GoTo /D (ipv6addresses) >>
>> endobj
-802 0 obj <<
-/D [800 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-214 0 obj <<
-/D [800 0 R /XYZ 85.0394 716.1148 null]
->> endobj
-803 0 obj <<
-/D [800 0 R /XYZ 85.0394 687.8003 null]
+807 0 obj <<
+/D [805 0 R /XYZ 85.0394 794.5015 null]
>> endobj
218 0 obj <<
-/D [800 0 R /XYZ 85.0394 518.4955 null]
+/D [805 0 R /XYZ 85.0394 716.1148 null]
>> endobj
-804 0 obj <<
-/D [800 0 R /XYZ 85.0394 490.181 null]
+808 0 obj <<
+/D [805 0 R /XYZ 85.0394 687.8003 null]
>> endobj
222 0 obj <<
-/D [800 0 R /XYZ 85.0394 414.0847 null]
+/D [805 0 R /XYZ 85.0394 518.4955 null]
>> endobj
-805 0 obj <<
-/D [800 0 R /XYZ 85.0394 374.8759 null]
+809 0 obj <<
+/D [805 0 R /XYZ 85.0394 490.181 null]
>> endobj
226 0 obj <<
-/D [800 0 R /XYZ 85.0394 176.7921 null]
+/D [805 0 R /XYZ 85.0394 414.0847 null]
>> endobj
-809 0 obj <<
-/D [800 0 R /XYZ 85.0394 147.2024 null]
+810 0 obj <<
+/D [805 0 R /XYZ 85.0394 374.8759 null]
>> endobj
-799 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F57 632 0 R /F42 605 0 R /F58 635 0 R >>
-/ProcSet [ /PDF /Text ]
+230 0 obj <<
+/D [805 0 R /XYZ 85.0394 176.7921 null]
>> endobj
814 0 obj <<
+/D [805 0 R /XYZ 85.0394 147.2024 null]
+>> endobj
+804 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F57 636 0 R /F42 609 0 R /F58 639 0 R >>
+/ProcSet [ /PDF /Text ]
+>> endobj
+819 0 obj <<
/Length 693
/Filter /FlateDecode
>>
@@ -2037,27 +2055,27 @@ xÚ¥TKs›0¾ó+8ô
ƒ ò¯ƒ¿Oa*!&šŽÊ5‘¤s=nÄ€¶q€£ ïí‚^G6–Á綾--"àJ±—•3†žE
„B'6©¾YâMæ‡ö6õ¿3ÕvÈendstream
endobj
-813 0 obj <<
+818 0 obj <<
/Type /Page
-/Contents 814 0 R
-/Resources 812 0 R
+/Contents 819 0 R
+/Resources 817 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 774 0 R
+/Parent 779 0 R
>> endobj
-815 0 obj <<
-/D [813 0 R /XYZ 56.6929 794.5015 null]
+820 0 obj <<
+/D [818 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-230 0 obj <<
-/D [813 0 R /XYZ 56.6929 769.5949 null]
+234 0 obj <<
+/D [818 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-816 0 obj <<
-/D [813 0 R /XYZ 56.6929 749.4437 null]
+821 0 obj <<
+/D [818 0 R /XYZ 56.6929 749.4437 null]
>> endobj
-812 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R >>
+817 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-819 0 obj <<
+824 0 obj <<
/Length 1954
/Filter /FlateDecode
>>
@@ -2069,124 +2087,121 @@ xÚX[ܶ~ϯ˜G/QlI¾=I·=ÈAíöé¤[³#Ä—éÈÎtÿý!EÚkÏzÓ`€1MQER)'»~É®HE¬J½ËK-Ò8I
ÁÆç8–$Ô•À4¿†ŒXò ŠBÈ9ÓP@Ó•@ çúºš²*Ê4vì/´ói«#@o¸â-ãXñŽ}/ì? \Ônx¨(¡­V9ËÿÀ(š2."ñl}`ÏÝÁòÄc“æ{>ó܃àœeÆ!#¬R(Z.ì1^‘éuq§:+æH! &iël‘Õw…Í'Ò±ü0) ~KÔa^‘9ŽÃ8ïX°5¼
›Ùïq¼„j‰  ›ù³k¸`Ä ‰ ³fe訫óØ9(ì$â hñvSÄq"Îã ´i³¶­ná¦HÔy­ê¤™PEšßTB¾ZuŠ2SËùíÊR–P:ã †uø]ùÆ»ÂÖ#Ñ„6ae–2ÌÙ„[”*øÒ
endobj
-818 0 obj <<
+823 0 obj <<
/Type /Page
-/Contents 819 0 R
-/Resources 817 0 R
+/Contents 824 0 R
+/Resources 822 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 823 0 R
->> endobj
-820 0 obj <<
-/D [818 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-234 0 obj <<
-/D [818 0 R /XYZ 85.0394 769.5949 null]
+/Parent 828 0 R
>> endobj
-810 0 obj <<
-/D [818 0 R /XYZ 85.0394 576.7004 null]
+825 0 obj <<
+/D [823 0 R /XYZ 85.0394 794.5015 null]
>> endobj
238 0 obj <<
-/D [818 0 R /XYZ 85.0394 576.7004 null]
+/D [823 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-821 0 obj <<
-/D [818 0 R /XYZ 85.0394 544.8207 null]
+815 0 obj <<
+/D [823 0 R /XYZ 85.0394 576.7004 null]
>> endobj
242 0 obj <<
-/D [818 0 R /XYZ 85.0394 403.9445 null]
+/D [823 0 R /XYZ 85.0394 576.7004 null]
>> endobj
-822 0 obj <<
-/D [818 0 R /XYZ 85.0394 368.2811 null]
+826 0 obj <<
+/D [823 0 R /XYZ 85.0394 544.8207 null]
>> endobj
-817 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F57 632 0 R >>
+246 0 obj <<
+/D [823 0 R /XYZ 85.0394 403.9445 null]
+>> endobj
+827 0 obj <<
+/D [823 0 R /XYZ 85.0394 368.2811 null]
+>> endobj
+822 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-826 0 obj <<
+831 0 obj <<
/Length 69
/Filter /FlateDecode
>>
stream
xÚ3T0
endobj
-825 0 obj <<
+830 0 obj <<
/Type /Page
-/Contents 826 0 R
-/Resources 824 0 R
+/Contents 831 0 R
+/Resources 829 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 823 0 R
+/Parent 828 0 R
>> endobj
-827 0 obj <<
-/D [825 0 R /XYZ 56.6929 794.5015 null]
+832 0 obj <<
+/D [830 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-824 0 obj <<
+829 0 obj <<
/ProcSet [ /PDF ]
>> endobj
-830 0 obj <<
-/Length 3322
+835 0 obj <<
+/Length 3326
/Filter /FlateDecode
>>
stream
-xÚÍÙrãÆñ]_Á·P©ÅìÜÇæÉצì'±õf»* ‰¨%š
-?ž¨–E„(fŽ8Íu¨+£x 5 µóeà=›{˜Ð_6aØbÏì¼ÎW›—ÐÑ”Ûr“ïè¶G°–|ùÛ}&¨ž¯ëçâ3lÖÈù;øæ̼]Z†æƒ—ðx,žä*4ºQyħ~<Ã;ÃmãF#NÅ"upYÍæÍa¹FB¹¹ÏÏeñÜ@St¨C/ Ës"»9ölŠ YׇÍ*´Ÿëý§Ø*Û¸PØ®¸óöPâÌ2‚;.ë<š‡Ô§õØn¶uG+#
-Ü +…F8rh<y{k4±§>T«Ð,#Ó÷Dƒt+5>>—ø‰PÀãýƒýƒM›U‘hÊ“˜¸õƒÁžbБæ i(î·yFu»ë lÖÅf›Ë}¹kƒ°*ÓV¡±Ê ¶Á-ÀÚí¾\¼¯òm±
-\žuCä\Ôu £ãÐôJšõˆJ` a$3<®B:=Ä$Rs“uƒ2I ×"UvŸ1J/(¢å&žåwáð›qÄ-h$'<ÈõfS?wÜPÆÏÃcS6mhyÁ‡g‘ û·CS¬MTÚÖ:2Ër ïÀ¡½ª—\Àþ€øß}÷Ð
-Ý
-u
-›Ô^dÜ“e@Xb˜eCûÛ€:ðj‡œ’Obœ¾Y_xÞ&(ù‚yÿ×èkZ=!â‚Šk¼Í$8ª¨× ~³˜'ˆYäšÎH 6Ds”»:—°âíL§´œpaôÉ Ü­5Ñ  °æW÷Øhû°…ŠÈ?«"6öáÙ¹bçú‰ÿrK“/QîÎ4˜¶ì†ç×Aœ 0
-ì?eçl6&øž£eÜÆ»‘ZbÞÌù>%DeNQ}»}v'ö)w ûÜí‹ÇòËÈN…#×Ù£‹;qÀ'pÐO·jAí+ˆNo·Õqj«æKv¢9ÊÕ˜Ýz5m3ÓB!CŸo}i”59TÆ#.{' Š¹¶ÐPüÍï f}çç@kó4ìŠË¶Bv™ÙwÁïlŠâLB•!^…ðqÿ4 Ÿzɉnü9Î'Œv
-ñù¹X=bpôÁÕ?e/8Å às–"éFM`q­‹FÆ lÏtÝÖÀÊ[X—¬±|ÊÀ*`…°ãU½ÍËêÌp pÿ6iä›ÍV‚—ŽYV4Vü.¹ÏTŠ.fg³¸ÔóߘC
-á2¼6¿úÈNªùóºôyè~.}( >̆žÇAÏÑ@OßþøsèG4Þ…¾G4Ø(¾äÛÑìÏ.Es¿r.G4 ÄLФj·/¤-š–Oâd¯V€]ÓIpæ6í1ÀŸØdЂ|ŠM'Š:µÙœqFMcoȪ=טu€e±,·ùfšcÿÎ&Þ<7Á³—ׂ·²j‹§bß„·Ïùæà9Ú¢Ÿpý\©ÐhŠ]¾ÏÛ4¾®|R Z‹—1fº6)¡è¿É_àÁ’Uˆ¹KŠr1ҠìcBD;¶mIœnèV  À
->E7ìºV’Y#…~U—å¡Ïi·’‡DÏ׃L3.ʃ K¹œn%XVÅA_‡4îvÒЃxEúø½^P]ƒ(訸’ð:¥Î‡£îUœRöaµ°>ÀRr,y ‰4–OjÒþ™¼í˜ÿPÎÑ`7¤™r ¹ã/âµÄyÐÏÓVËã¸7³N‚˜õAŽ`È JÇhf€áEæ¶ìÈ<#‰7ɦËoÈs]V–Yu»½v'öÊ-´F¼j¯ƒàw4Þú#ú@HA8•üv;í NìTHˆˆÝ+7Õí¤<ö8ýVò( ±üZÿ dšqQAe
-®Õ”<j
-®(DçSò˜ÆÝP{ ¯ÉcÃ]½o_%™0”yxg –
-v
-¦QêâÝl§)À½qjÚpÇa7ÔGˆ×ÔD½‹©ú1=!hÐÜÍ«¢ UAØÙìÀ÷ÇkJ/ž<T!á‡Ñke&
-ß[…._ñ(bþ3^ŸaߢÄÈ[XD'ÆáE»Í›O h,(…‡{‡R[n0y9¢þ„·öÊׇ©þ™œ§4á
-èâ-”TϘu„JóvÃØAÌú G\8G »<®|íD ÑT'Ÿf›¿„×`u@ÇÙ4Ø›˜IÃnÌËî6ÅX® %‡!·¥”•yoÇEeŽ——‘Ðñ^†É_b©àCc‘Äî|U0™š¹Þ¢„â߸qu]VêXÐùc´ãoX:`®Ôuж+a¨Vcäq`UJQ2GDè{>F"‰(ÆöHÍ v¥üDˆ.ˆ+b˜ÃuÇÎÅᢧô¡×飜Ô=útÿrlmàC·­Ë6±omÞfÀþȼ ºWZÒ©<S‚0ËÙ¥‹Ý.oÑ ¼]&¤òJ*d€âøÅîI&d̺QOb†ñ›/î€-–#Þj¯ĉ½rgAÄp«—¯rµàI`‚/·‹žoQµáÖ+ÔцF(+ãà~×±Ä6O¥ºùÑ„w<~Ƙ/š6®«Ñ]DÕg@3öê?y,§MŽd¸C¼Î&ï]é6Åò°/Û
-¼Ðòûð¼RäÀ-¡B_.%´åâv´é NÐËà+ÒæJ)IòïhªþõR!¸™Ø½-—õÆ—Èc4À¨£–z %ª¨V]MòÑÌåI”"¨+bÔ1è­„(¥^2͸$DbD-§2;Œ*"4x8W“X»§˜ì•H8Šª®²ªxÊÛò3:ÚJÏÏÀ _US>ù4
-‚¿QÑóïý],ŒÎ—Ëb×æ _I
+xÚÍÙrãÆñ]_Á·P©ÅìÜÇæÉצì'±õf»* ‰¨%š
+Ò +…A8r<y{k4q¦>T«0,£Ð÷Tƒt+Ð5>T>—ø‰Q ãýƒýƒM›U‘iʳ„¸õ`Ï1˜ŽDóD4÷Û¼ PÝîz€ÍºØlâp¹/wmPVezÊ*´#V´6¸X»Ý—‹÷U¾-VAʳdÀÎE]·
+œÅw”gÕì~PÂ
+ÂwpÅaúbˆ*K{Ê„…sqÖu.m œð%B¨™¤’pI?¾|¹9åãŒX-ÜðLâÄYkÇ7›u³>ÊÁ“Z`@"êĘ ;@ƒ¢< ¬ê¸¡È ²XèªáÄZiã×ùjµ/šæ”BKÂP\nʼn„p‚BÂô)#À>-×g$:C´´·¤1aœ RRLHø€H¯ñç§ÅAHu‰ÝM8¡Uª[¡ ÀŸ‹—p`¨÷ɨõN †Â&³÷d0–fÙÐÿ6`¼Ù!§ìS@‡ oÖWž·é#j¾ ÀÞ?BÅ5ÆšVO¨¸°°† âšl3 ªîuÀoVó„1ë£!SÂiÁ†dŽJ7ƒCçV¼‘ ã‘–.ŒyAºµ&šÑüê’
+Ÿ©&CÌÎgq©ç¿°†ÒeøÙ@þê3;©æÏëÒ×a`ú¹ô©0Lú4fb3¾F3yx|ûãÏaÉxæÑýá ø’oG«?»”Íýʹ±,O0A“©Ý¾¶hZr<‰“½Z~M'ÅEœWÄ´'
+‚˜bóïÿùYÆ¡ÿÒWp›8ªã0¤h·—¾Rì_<Ö‡}‹{þg9Vx9מ«Ä­"‚1=ãpDZJöö€0aÌú(GB Ñ …˜¢»n•¤DÑH©_U‡Âãe}èKÚ­ô!ñóõ(ÓõÁ‚‡¥\Nè·<«‹ê /ªC‚»6ô0^Q†>}¯×4× 
+:î£&¼Î¨3ÆᨻB§”}X-쇰”+H"å“–´&o;æ?Tr4ø i¦hnÀù‹x-qžô3É´Õò÷fÑI³>Ê
+dé˜Í (¼(<06‚…g¤£ñ&Ùtõ ynëÀË2«n·×ãÄ^¹Å„ÖˆWíuüŽæûÃøaÄ)§’ßn§Ɖ
+ ±{åF£¹ÔÇž¤ßJ¥!–_«áŸ¡L_\ÔG0™‚k5¥šB(
+Ùù”>&¸êcå5}ìS¸«÷í«ô1ãÔ‚1ǧé}5,~ ›Bãê°]ûÉúÁží¯FòSI˜•“ñº» ¡ýÍ)Ųñ¶ ¹Pìï«a’ÆŸƒœæ¡Þ…«e_~ç|^Åž¦C
+„k0iû¦~ÓèQÂd ©ÿË®\æŸïÀLô{í¾\Š
+¯%È–f“‡Æ¼m³̤jžWå÷Q•%2»ƒ¤ð7¿U˜ò½8ˆ*æ_ãEÎ-JÌ1q„íDñÃ^´Û¼ù†Æ‚Qx¸w¨µå˘#6à?Ayk<HãVÿÌǽ„¿ ºxGA!%Õ3f¡Ò¼ÝEv³>Ê‘àÎø.+_;QC4Õ)ºÙæ/aÇ58°ñÀ6mÄü#ÖÔp+´»M1VuBÍa(m©xeÞÛñ°Q™ã5fdt¼áŸa˜X*øÐY$µ;_U8¢™ë-J(þó®Ø.œë±µ/ÊÇj ¡¡a逹R×QÛ®™¡Z±ÇPþT¬dŽˆÐ÷|ŒE[QŒíÇÐ,ñ²XÊO”èƒ8LÈáºcçâpÑSþÐëüQNêºÿrlmàE·­Ë>±ïmÞæÀþÈ
+!ØC§*"L ý8»tÅÛU0:ÀÛÕDú(¯E$Ž_ñžÔDƼ%ú$a¿ãdÑbcâ­öÚaœØ+wD ·zùRW ž&Är»ùUî¿BGm„3ndèi„™<5íæÇP~ãñ3Æ|û´q]·î"š>–±× Êccm
+$Ã-Æ£u6yïr·)–‡}ÙäWôª'±Þ WÆd_SZpÃì´V%ÀjUå5­ê“x¡MèL¯ j’±OG¾a»)ðjËOìÃóJŸƒ°„
+}¹©Dh0Ж‹Ûñ¦Ã8Ál €·|È›+M%)Jh| ©úqÈ…fâô¶\Öß,óÑ£fØô1Ô¨¢ZuÝÉG7—'UŠ¨®¨Q' ·R¢THx=ÊôÅ%%2#j9UãaT¡!¹Z•À2‚b²× á(ªºÊªâ)oËÏh+=<ƒ0<¼=TMùäË
+ê|QŒ Úç¢ðõ竾w~+¥Ó¼šVPŒ²Zn †)E¬Ì|ïoe:_.‹]›/|O ñ…ðj 9|;–<öþ¯]¼,ŠÔÌž*3*ä<ƒuìö/¾´Ã¿rHM8Õ;äÑÒ_–ºÞ‰¾MF¤„k¬-r"Åø_MeéÏP6ñ¯§ÆûŽ(ÄêÜaO‹òa 9ÛBú«#ª´Üôà40endstream
endobj
-829 0 obj <<
+834 0 obj <<
/Type /Page
-/Contents 830 0 R
-/Resources 828 0 R
+/Contents 835 0 R
+/Resources 833 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 823 0 R
-/Annots [ 836 0 R ]
+/Parent 828 0 R
+/Annots [ 841 0 R ]
>> endobj
-836 0 obj <<
+841 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [356.2946 363.7923 412.5133 376.6291]
/Subtype /Link
/A << /S /GoTo /D (address_match_lists) >>
>> endobj
-831 0 obj <<
-/D [829 0 R /XYZ 85.0394 794.5015 null]
+836 0 obj <<
+/D [834 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-246 0 obj <<
-/D [829 0 R /XYZ 85.0394 769.5949 null]
+250 0 obj <<
+/D [834 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-832 0 obj <<
-/D [829 0 R /XYZ 85.0394 576.7004 null]
+837 0 obj <<
+/D [834 0 R /XYZ 85.0394 576.7004 null]
>> endobj
-250 0 obj <<
-/D [829 0 R /XYZ 85.0394 479.565 null]
+254 0 obj <<
+/D [834 0 R /XYZ 85.0394 479.565 null]
>> endobj
-833 0 obj <<
-/D [829 0 R /XYZ 85.0394 441.8891 null]
+838 0 obj <<
+/D [834 0 R /XYZ 85.0394 441.8891 null]
>> endobj
-834 0 obj <<
-/D [829 0 R /XYZ 85.0394 424.9629 null]
+839 0 obj <<
+/D [834 0 R /XYZ 85.0394 424.9629 null]
>> endobj
-835 0 obj <<
-/D [829 0 R /XYZ 85.0394 413.0077 null]
+840 0 obj <<
+/D [834 0 R /XYZ 85.0394 413.0077 null]
>> endobj
-828 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F57 632 0 R >>
+833 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-840 0 obj <<
+845 0 obj <<
/Length 3238
/Filter /FlateDecode
>>
@@ -2205,89 +2220,87 @@ dùÍOo^¾úî×·/α¼|õÓ›óˆI²|ùêÇ ÛºøñâõÅ›Ë_àázùÍ÷/~¾¼xkÇ”#òõ«7ßÚm?G¨¾½xyñöâÍ7ç¿_þ
¾<ö Šé²ÁéàÑ$q©Z¨Í¸(ÙëšÌwL€…JáÔŽ~ÎÁŽS”@!OCþï˜9ÿ}õ³óã‰_J¸^ý|+¦/(У|üŠG@n’
lîÞÛ! Y|ö¹ Læ±ÂA8æ ‘gbý™˜!Ž˜fV|³x†?†î+[ÓzE€þªÉ³ê¦i;»ŽêÐ 4úñºèÚÑx³à‡‹Á½­›ç¾|ÝŒ'•5
endobj
-839 0 obj <<
+844 0 obj <<
/Type /Page
-/Contents 840 0 R
-/Resources 838 0 R
+/Contents 845 0 R
+/Resources 843 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 823 0 R
->> endobj
-841 0 obj <<
-/D [839 0 R /XYZ 56.6929 794.5015 null]
+/Parent 828 0 R
>> endobj
-254 0 obj <<
-/D [839 0 R /XYZ 56.6929 505.7727 null]
->> endobj
-837 0 obj <<
-/D [839 0 R /XYZ 56.6929 477.4219 null]
+846 0 obj <<
+/D [844 0 R /XYZ 56.6929 794.5015 null]
>> endobj
258 0 obj <<
-/D [839 0 R /XYZ 56.6929 477.4219 null]
+/D [844 0 R /XYZ 56.6929 505.7727 null]
>> endobj
842 0 obj <<
-/D [839 0 R /XYZ 56.6929 448.8438 null]
+/D [844 0 R /XYZ 56.6929 477.4219 null]
>> endobj
262 0 obj <<
-/D [839 0 R /XYZ 56.6929 367.8184 null]
+/D [844 0 R /XYZ 56.6929 477.4219 null]
>> endobj
-843 0 obj <<
-/D [839 0 R /XYZ 56.6929 339.0253 null]
+847 0 obj <<
+/D [844 0 R /XYZ 56.6929 448.8438 null]
>> endobj
-838 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R /F58 635 0 R /F42 605 0 R /F14 616 0 R >>
+266 0 obj <<
+/D [844 0 R /XYZ 56.6929 367.8184 null]
+>> endobj
+848 0 obj <<
+/D [844 0 R /XYZ 56.6929 339.0253 null]
+>> endobj
+843 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F43 612 0 R /F58 639 0 R /F42 609 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-846 0 obj <<
-/Length 2608
+851 0 obj <<
+/Length 2606
/Filter /FlateDecode
>>
stream
-xÚ­YÝsÛ6÷_¡NNŽ-š
-îÇÓOÈ›¡‚³B§o’|Ø-ÁzCr ¨™(§ýR²Òïdžyž.ÞoÊ|HZyq™öP`?DGFüq¹dë“]aÆ9足՛ ý&ˆÂñÛl{­ÆYžîóÓµRjŒÎ¡ô£vpØbR<RîêÌÑÇÌé°@!7(£
-­…t3èÜ
-˜ 9p®<ã%÷"MÕ› È-3U›r__ìÔ¶»ÙÜÖGK0¬æ–5b‘'e¿ƒÃá£g¦Ñø5ÜË´ƒ¼Øq÷$û6RsËmZUÙºp¬lfZó1Û¶ÜéXz+~9¶g+$@WQá[8|ëȧó’ŠeG»ÛþáºÑE}ÐQìŽSk[ 7U‘O‚&h[hW‡=)Dóõ_GZN!Dß{a€}¹mn·¶@#ë8`Ó ƒó&¤À˜¬ ±(Ãñ{Ëè3Ñ€\„ ÚE1 üîûz_ÕgZ˜K«]Ô~‡x4™¯Ë=ó•×!%8.8îT¨¥Å
-Â\Í£Õa^Ùº¯Q
-`Ã× ƒ­4˜É^M¼>¹Ö˜‚äãÄ™åVæçvU6níÂ9»_º¤]aMÇ,‰„Y§Ô.svà"…aùqcEaèج¥ÉA -ðe #ás¢ôø±tÜÓí.·ƒ¾Ê§=A©Xž6åiÏÜéà;LU’ñ7è˜G=e¾x!×3QâÆmš%ØÓí¥ã‰¦{Mk  1'ñUàäܹÎ4Rᮼ‚Àá€yÄ©'IäiÈ
-Ò.r3ß0w{•äãìË‹ çPÓP–£¯$_G%‚ñŽmñÔüÄ›ôªÕ
-ª¿x|XÔ•7]è$8Iœ´Nâ)q“®g„ÑËžqGª„^EX]xQ`BšxEÎ
-‰ÙÑkêsŠ€mÊ ›©Æ©hÖqÜÞ³`Mȇöe:ãw¶~âi†ýøîŽåþm½nn†øo¿Žtœ,…~÷üô?¦ÈæN&*H |¡¹*üÀ™@Ö"ç=@¼«Òµý<DÜ7¡Í%‰àŸ‹m©:±Í8–ÖM}S»"‹cûE1™Ó›ö Òe4à‹æÓÜOªú”ÛKhj+
-m'J †q“:§_Š>$¼ ”B§—.@iól›ñ§ߕƧ2°rkš#ÞJ&¯w#ž ‰¹°Ë‡)?btçMå…ð±s{§Üì r’’<âb‹æð-‡YžÊ³
-FŒ½=äu¶Ë›RÛO[^÷,¯ 2ÖFp?AÙŠóDãÉa´É¡ÊCO¾|œ9Èç)”ÛýæÙÒÉwÉ¿Q­
-ÒL”&Ö…æGY@‡°¯Ûö,[+ì±'ù–{öƒ-œRX”ÉÚº/CÌ“Ÿ†,á6üÆíööCVªËà½Lͺø³Än bØ8K`¶ÈsC™ÄÀ©<?F+»o#ësQÜxF7xŒ …L«ð¿ú: ª­áC¿8lçT*ãÎÙº­šœµp ŸåHå™[—ñ^|žoƒÑŃIZõSR¬$åûñ^úÓÑ„þS8ð¡ß¼DûÉöïÚ òLëáÿ!ãóbDN)¼œkÞüsy©úÿ,3ÞOendstream
+xÚ­YYsÛF~ׯ`*KY"ÌàÜ<9Š”(•Uvmºv«’<€äD
+'óuWì¸qìMæ«ß¦÷?½þ÷üáÍõLî4t®gAèN¿zþgnî}~|úñÝ›×ב??ýúÌÓoÞ<<ß?ÀXÃ~O8¼°áñé—î=üòð¯‡çùÛë?æ?_=ÌÛËô/ì¹oòçÕo¸“Üûç+×ÑILŽ0p/IÔdwåÚ |­íL~õöê?-ÃÞ*mS` c'ˆU4¢A_i0HœP+MüïÖ×3í'ÓCmVÜKkie%].MspóeY4ÕµOËœó¬nn¡ šJy¦(‹Ya6icùíÒf¹Vy^ë3¶t”=[x´ûáÌÞþ•)2S£Úáî3Ïs’ Ptæ† ¢éÓȵž6[CªiVs[”¼LŒQø@wÒ´tšO[ ÏùV¸,ótEB€†UOÃ*ÔŽ$ I„we“­OBÜ7G:¾EB|;Â.t\·%`nL5Ê,p4ìý ¯pÀ«©Ò¢^ƒ‚.Ù…à¾q~‚ßÌ<¸+ †V ·ý
+¬7ÆWƒ˜‰gÅ
+SÌÊ‚gÊ}“Ùþ1³2,ÑEÈMgžö
+óÙÐÓ…åqÜf¨ ì®ÎM 8âÝ6ôbG+p¨CT †`ï˜5¸? e?L5å¾ÌË͉GE¨_—¢IÈDV è²ôÍ¡*jžH¹YTi±4Ìa‘¶”"SÖȆ}Ygl+YA6t¤ÙЄj¿»ÛN/ó²Fka¿´nÄ„¸VžÑ€•0DS ÖB}òEÃDõ¶¬š‹“ºËö[˜æhÆa5Ü2¢FÌrä¦ìwp9|ôtM_ƒ^ÂòâÀêºìÛØ[nÓºÎ6…%e3ÓžÙî°ãAÏ:0Zó˱;Û!!
+…F¤§ž%‘£ ˜6/Ë÷‡=z‚ž®Igžß“§éiô¬1=Ýꄧ ¨Þ†3ž¾«³b3–¢yv)ßÍ|ÃÔ*ÉÇ[Þ—Š çðÂ@¶£¯$_G%üéžmñÒâÄ ÛôŠÕ]
+wªjž¤tZÎo¡ó>+Võm›œ˜ß2•ñyÆö!̤ٙ½¿•öæF8”Õ(Õ[“çw{S‰wÀÝj¨ûâéaÙÔÎH\¡{øàqÒ¹‡ã‰ƒô}"ˆ^ö‰;%p’(º‰|ÐÂ+Z°Úï-Ì·ˆ[¡Ëɶ)7lìµîD«–ºàöž#\B&4r¦Ó›¿“€uGyA0|{ïî˜ïß–ëæfìiÿöëpÇÅRúþÇ=²¹å‡)
+vȾÐÜ~à ë°‰3輫Óù<8ÜwAMň _”\ùô£š,mÚʦ‹ê—dV6nº¯FqŒ“6ŽGŒr?«›Sn?´’ã›õÃDòQ‚§š£|‡XnÓ*]6ò°p÷Šç±ô¨ó´¶ß(fìLÅ>îôÏxuÇ3Ävarm™ CÉûƒ nÓÅñ” ÑÅ´j?£À`"Àxeòl—ñç×–~Ú¥Ò¯¶{Ú+ÞJö
+ ÏHé:*ýS¬ÝÜ´Ñæ'ýhƒ‘8 vŃ}[Âbq–6õpÇøZcÛÇYbg!’‡üzÑ¡SÅÁ²-ÏÎ1–Ž*ÆþÊ~{ªgc~š-)T!¡ "²Ž15>ñ¤Eì4✱âaºä¤‘K´°‡]8ƒ‡gÔXD†œ)ã”$B[ÒÉËM·§Ã]DŽ€ê`ÞʇŠÔ~Gì€ww°p¨ÕG2I€1šÉ¡Ü}´Ð-Øù%˜ôbböWfæ)âalh~” t¹ûÚcÏò´Âœoyd>˜Â
+……˜ìm†<Ä<ùiÌöÀO`ܾ2²òP_ïeRÖÀ·˜öcÃÆZóD^“Ê$NåA(ø1Z›ª‹¬ÏEqëýà16$Žj[Õ;öE¼®nÜâ°[PyŒ'g›B¤j³Õ~¼3f‚2˜>Ë‘Ê366×½ø$ߣ ’´¦¤˜ýK*Êúq^ú£Qþ;8ò· Û¾DûOÈî/Z?rt«ñÿ!ãsb•DV(ÔŽJÎ%oÿ­¼ýÿ6ÃÜ¡endstream
endobj
-845 0 obj <<
+850 0 obj <<
/Type /Page
-/Contents 846 0 R
-/Resources 844 0 R
+/Contents 851 0 R
+/Resources 849 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 823 0 R
->> endobj
-847 0 obj <<
-/D [845 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-266 0 obj <<
-/D [845 0 R /XYZ 85.0394 572.5495 null]
+/Parent 828 0 R
>> endobj
-848 0 obj <<
-/D [845 0 R /XYZ 85.0394 544.6651 null]
+852 0 obj <<
+/D [850 0 R /XYZ 85.0394 794.5015 null]
>> endobj
270 0 obj <<
-/D [845 0 R /XYZ 85.0394 486.6864 null]
+/D [850 0 R /XYZ 85.0394 572.5495 null]
>> endobj
-849 0 obj <<
-/D [845 0 R /XYZ 85.0394 461.3244 null]
+853 0 obj <<
+/D [850 0 R /XYZ 85.0394 544.6651 null]
>> endobj
274 0 obj <<
-/D [845 0 R /XYZ 85.0394 391.3163 null]
+/D [850 0 R /XYZ 85.0394 486.6864 null]
>> endobj
-850 0 obj <<
-/D [845 0 R /XYZ 85.0394 364.709 null]
+854 0 obj <<
+/D [850 0 R /XYZ 85.0394 461.3244 null]
>> endobj
-844 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+278 0 obj <<
+/D [850 0 R /XYZ 85.0394 391.3163 null]
+>> endobj
+855 0 obj <<
+/D [850 0 R /XYZ 85.0394 364.709 null]
+>> endobj
+849 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-854 0 obj <<
+859 0 obj <<
/Length 2182
/Filter /FlateDecode
>>
@@ -2300,14 +2313,14 @@ $ QgÙ—ƒÙÁšV
Í ˜—S ìõM«ÿÇ[›)f¿0ÆI’½o<ϾUð$%Q*
êŽ!~„¡wèyÅ6µöý‹Ÿl!:Üõ8=lJ,íLé@ûb«j_õ®Ø4ż꺒®9ø´¼¯Ë"ÇJÕ¶!뮧é~ý$6xpÏÖvÓp⎚뮟Ytƒ-í¬!—;Y­ °ײ4Ï2«)žBæÝQkדܽ“5í¶kHš;5oáRŒ†ç®Ód¿™îwAÞ»v²}[Çôüâ}c>€üReM„-óýðAƒ£ÉáµV·z(_Ešòá8ÔÇ+w)#AŸÝ¼ûûüêÿš[G¡endstream
endobj
-853 0 obj <<
+858 0 obj <<
/Type /Page
-/Contents 854 0 R
-/Resources 852 0 R
+/Contents 859 0 R
+/Resources 857 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 823 0 R
+/Parent 828 0 R
>> endobj
-851 0 obj <<
+856 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
@@ -2327,39 +2340,39 @@ xÚm”In1 EOPw¨u€$ÅIg0²Êľÿ6¤¤êV5 oʯÅésÀóή¯ƒÖ×O²Î Ž¢‘ÿ¨#h8Çùø:„5?ù
6\>RgÈbÏWÖ¹j[†›
WŒÏ¢®{6;»²þFÃÇñ÷ø]š¨)Õ/Ô¬Mu;pk;Ì©Ëdh<åE–ñ¬AÏw³ð¬±±Nê¦ó¡Ä½t•‹ùD„™Â²]°Ä(‡;„ ·åŽ°Š­r²ÂÙÄLûˆ T¥Í¡誋ŠŽt’¹w_ =Î]ˆ‹=¦uSä÷—ä"ï±yl±‡µÃ-ËkHsŠöreOÚ³êvg›<7ºt,‡Ýe—;ãÒèЭ/I…B÷&ê(ýê³ö󻉨YÙ¹Ç,çkRÔšÚ'^ m" ^˜h±ÎW9AVªy­Â©/fýÆ"•œãûFy-Sng \Çdª¼˜©Æ¥†Í}B©•µŒÎ$âw1.¶&Øíþ²C¶O–ÃVç X×9g¹E{îÇ< •ãóP)!ÍZÜÅŸLÞª~ÑÔ'¯UâXLµüc“ÅXsЖõÚ¯½˜Ó’~òBL–§èªÆ¹O¦ºNZ_[Èü.øšŠû*]3QôçÇñ!Ö-žendstream
endobj
-855 0 obj <<
-/D [853 0 R /XYZ 56.6929 794.5015 null]
+860 0 obj <<
+/D [858 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-278 0 obj <<
-/D [853 0 R /XYZ 56.6929 569.9953 null]
+282 0 obj <<
+/D [858 0 R /XYZ 56.6929 569.9953 null]
>> endobj
-859 0 obj <<
-/D [853 0 R /XYZ 56.6929 538.1512 null]
+864 0 obj <<
+/D [858 0 R /XYZ 56.6929 538.1512 null]
>> endobj
-860 0 obj <<
-/D [853 0 R /XYZ 56.6929 479.3819 null]
+865 0 obj <<
+/D [858 0 R /XYZ 56.6929 479.3819 null]
>> endobj
-861 0 obj <<
-/D [853 0 R /XYZ 56.6929 467.4268 null]
+866 0 obj <<
+/D [858 0 R /XYZ 56.6929 467.4268 null]
>> endobj
-282 0 obj <<
-/D [853 0 R /XYZ 56.6929 226.4738 null]
+286 0 obj <<
+/D [858 0 R /XYZ 56.6929 226.4738 null]
>> endobj
-862 0 obj <<
-/D [853 0 R /XYZ 56.6929 199.8706 null]
+867 0 obj <<
+/D [858 0 R /XYZ 56.6929 199.8706 null]
>> endobj
-286 0 obj <<
-/D [853 0 R /XYZ 56.6929 125.9475 null]
+290 0 obj <<
+/D [858 0 R /XYZ 56.6929 125.9475 null]
>> endobj
-863 0 obj <<
-/D [853 0 R /XYZ 56.6929 93.5699 null]
+868 0 obj <<
+/D [858 0 R /XYZ 56.6929 93.5699 null]
>> endobj
-852 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F57 632 0 R /F84 858 0 R /F42 605 0 R >>
-/XObject << /Im1 851 0 R >>
+857 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F57 636 0 R /F84 863 0 R /F42 609 0 R >>
+/XObject << /Im1 856 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-866 0 obj <<
+871 0 obj <<
/Length 3976
/Filter /FlateDecode
>>
@@ -2386,54 +2399,54 @@ Tå¼üòÅ‘(.ú$§žŒQ²ù3ü€5/'ïDàæ­ÜsÆÀRyñ„sNÏÍCUé†S>å2nÛ¨0äÅ %Ã~NØœž°Ô¹'
o½p‘îqG.Ö¶é‚þ™ îž ÔÐ0uøœˆ6í¾€9ø©ÝC)&”M#Q‰Ó©&;zæôX7ùaÛ†¡—0=­3Ȥ Jpá“4í)«±Š~>™t3òº—1€W½Ô]b!&´ m¹=È”ã1"6=ŽÆ¦4SQ—殌Ÿ-5Ó­§„º|]o©ßý]ð­þ´V&cÂ^³³ðÚk6L¢Nq0&¨ºcErË=}Ó —ëC,Ä“w™NÞÃí—ñNL>ö
‘ß4!Óßc3­Å½/«˜Ñ¹r:­ÀôD†|Ný/F†f™Àò|vöJücÿ3Óý¡Vì–òDp’.F¦p&J%šÓŸkŽYÿ/€HϘendstream
endobj
-865 0 obj <<
+870 0 obj <<
/Type /Page
-/Contents 866 0 R
-/Resources 864 0 R
+/Contents 871 0 R
+/Resources 869 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 873 0 R
-/Annots [ 871 0 R 872 0 R ]
+/Parent 878 0 R
+/Annots [ 876 0 R 877 0 R ]
>> endobj
-871 0 obj <<
+876 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [130.9748 206.9622 330.4015 219.0219]
/Subtype /Link
/A << /S /GoTo /D (rndc) >>
>> endobj
-872 0 obj <<
+877 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [341.9066 206.9622 405.5068 219.0219]
/Subtype /Link
/A << /S /GoTo /D (admin_tools) >>
>> endobj
-867 0 obj <<
-/D [865 0 R /XYZ 85.0394 794.5015 null]
+872 0 obj <<
+/D [870 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-868 0 obj <<
-/D [865 0 R /XYZ 85.0394 726.9349 null]
+873 0 obj <<
+/D [870 0 R /XYZ 85.0394 726.9349 null]
>> endobj
-869 0 obj <<
-/D [865 0 R /XYZ 85.0394 714.9798 null]
+874 0 obj <<
+/D [870 0 R /XYZ 85.0394 714.9798 null]
>> endobj
-290 0 obj <<
-/D [865 0 R /XYZ 85.0394 549.2383 null]
+294 0 obj <<
+/D [870 0 R /XYZ 85.0394 549.2383 null]
>> endobj
-870 0 obj <<
-/D [865 0 R /XYZ 85.0394 523.4408 null]
+875 0 obj <<
+/D [870 0 R /XYZ 85.0394 523.4408 null]
>> endobj
-294 0 obj <<
-/D [865 0 R /XYZ 85.0394 427.4422 null]
+298 0 obj <<
+/D [870 0 R /XYZ 85.0394 427.4422 null]
>> endobj
-731 0 obj <<
-/D [865 0 R /XYZ 85.0394 395.8704 null]
+735 0 obj <<
+/D [870 0 R /XYZ 85.0394 395.8704 null]
>> endobj
-864 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R /F58 635 0 R >>
+869 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-877 0 obj <<
+882 0 obj <<
/Length 2808
/Filter /FlateDecode
>>
@@ -2448,66 +2461,66 @@ V1R
ÔrçA‡#!GâÜnÛ±UøåÙù þ:lNûÞDÿ›§fWïkg ÆUýüÜ'}Ð2~‡Ÿ)Þd°ÇþÜþ_ˆZ“ez¾
„nEØ ˆ0S¨£'œûÿ ˜²þ_è|’endstream
endobj
-876 0 obj <<
+881 0 obj <<
/Type /Page
-/Contents 877 0 R
-/Resources 875 0 R
+/Contents 882 0 R
+/Resources 880 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 873 0 R
-/Annots [ 883 0 R 884 0 R ]
+/Parent 878 0 R
+/Annots [ 888 0 R 889 0 R ]
>> endobj
-883 0 obj <<
+888 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [358.2788 296.3979 407.0255 308.4575]
/Subtype /Link
/A << /S /GoTo /D (tsig) >>
>> endobj
-884 0 obj <<
+889 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [75.273 254.3653 131.4917 266.4249]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-878 0 obj <<
-/D [876 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-298 0 obj <<
-/D [876 0 R /XYZ 56.6929 609.3074 null]
->> endobj
-879 0 obj <<
-/D [876 0 R /XYZ 56.6929 584.6894 null]
+883 0 obj <<
+/D [881 0 R /XYZ 56.6929 794.5015 null]
>> endobj
302 0 obj <<
-/D [876 0 R /XYZ 56.6929 550.0567 null]
+/D [881 0 R /XYZ 56.6929 609.3074 null]
>> endobj
-880 0 obj <<
-/D [876 0 R /XYZ 56.6929 520.7603 null]
+884 0 obj <<
+/D [881 0 R /XYZ 56.6929 584.6894 null]
>> endobj
306 0 obj <<
-/D [876 0 R /XYZ 56.6929 451.5135 null]
+/D [881 0 R /XYZ 56.6929 550.0567 null]
>> endobj
-881 0 obj <<
-/D [876 0 R /XYZ 56.6929 423.9307 null]
+885 0 obj <<
+/D [881 0 R /XYZ 56.6929 520.7603 null]
>> endobj
310 0 obj <<
-/D [876 0 R /XYZ 56.6929 345.538 null]
+/D [881 0 R /XYZ 56.6929 451.5135 null]
>> endobj
-882 0 obj <<
-/D [876 0 R /XYZ 56.6929 315.1458 null]
+886 0 obj <<
+/D [881 0 R /XYZ 56.6929 423.9307 null]
>> endobj
314 0 obj <<
-/D [876 0 R /XYZ 56.6929 143.7116 null]
+/D [881 0 R /XYZ 56.6929 345.538 null]
>> endobj
-885 0 obj <<
-/D [876 0 R /XYZ 56.6929 116.1287 null]
+887 0 obj <<
+/D [881 0 R /XYZ 56.6929 315.1458 null]
>> endobj
-875 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F57 632 0 R /F42 605 0 R /F14 616 0 R /F66 714 0 R >>
+318 0 obj <<
+/D [881 0 R /XYZ 56.6929 143.7116 null]
+>> endobj
+890 0 obj <<
+/D [881 0 R /XYZ 56.6929 116.1287 null]
+>> endobj
+880 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F57 636 0 R /F42 609 0 R /F14 620 0 R /F66 718 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-888 0 obj <<
+893 0 obj <<
/Length 2682
/Filter /FlateDecode
>>
@@ -2520,33 +2533,33 @@ w6ô]˜²ÙÙ4 R×'”zh¸ä
óÊÁm³Åsg°ShZeIx Ô@UItZgÞ=ò ›[Ð57©4–ÙÄ=|êú¯À³}‰L‚
Ùâœòðoî%éÿi%!Éendstream
endobj
-887 0 obj <<
+892 0 obj <<
/Type /Page
-/Contents 888 0 R
-/Resources 886 0 R
+/Contents 893 0 R
+/Resources 891 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 873 0 R
+/Parent 878 0 R
>> endobj
-889 0 obj <<
-/D [887 0 R /XYZ 85.0394 794.5015 null]
+894 0 obj <<
+/D [892 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-318 0 obj <<
-/D [887 0 R /XYZ 85.0394 562.2587 null]
+322 0 obj <<
+/D [892 0 R /XYZ 85.0394 562.2587 null]
>> endobj
-890 0 obj <<
-/D [887 0 R /XYZ 85.0394 530.3529 null]
+895 0 obj <<
+/D [892 0 R /XYZ 85.0394 530.3529 null]
>> endobj
-322 0 obj <<
-/D [887 0 R /XYZ 85.0394 316.5151 null]
+326 0 obj <<
+/D [892 0 R /XYZ 85.0394 316.5151 null]
>> endobj
-891 0 obj <<
-/D [887 0 R /XYZ 85.0394 292.4118 null]
+896 0 obj <<
+/D [892 0 R /XYZ 85.0394 292.4118 null]
>> endobj
-886 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R >>
+891 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-894 0 obj <<
+899 0 obj <<
/Length 3904
/Filter /FlateDecode
>>
@@ -2578,21 +2591,21 @@ t κ©‘Jásþ6±àï&=M?Äl)±}.$¤%]Ý Ë¡Þ󺧪&Z‡’¹m»§‹µË$¸ÿ÷:ADØV è ù¼´ÞùÈÛ§
HLxæDÆžŽäø!<³Ñ>À:Xn–,i@%cXsñêâKxœËò©VKÆ8ÀF¨ #h¿!T
q2:ô,iy|™c:7¾ñÀ^P)¹¦ùÑG,x¹%™€_<jiÏ1Zß¡nÑàh¾ƒ y †.):h£2/Ç<Ñᙬ9È[.ýŒ|s7ÆLM¬‰Äaæð<.yà‡b³tôXÝ„‡nz 7®é€ÎÕ„Gpü)_À¥)Ü•@Wé"ÓjLˆŽW"]1ú}üîˆ(ŸÎ@=‘l}p`Õîï9D¾c ‰B¯Cýb~K›ñ±b`.8™åîT>ñkÄÀh àÆw5¿wä——Ž=êñe&9:ÉOù ¼á£ŸÄ-Š„öç>IFIžŸªù3È:¾lè¼)JÕámò´Ö…LFòy-J²Ô—vö«œúá‹ê ÎL%®ø’­I>³“ØæÜà(¿|WÝ/•‚<i¿ö{ˆ¼ãW]Ûª©ºr´„xFp..öºÉÛN½L×6Ãçä‰wäðÏÔù—_­OOúMž“¯ÒÒÖ«<lÂ@!úÚ|y|Þþ%èÿ~ð‘‚endstream
endobj
-893 0 obj <<
+898 0 obj <<
/Type /Page
-/Contents 894 0 R
-/Resources 892 0 R
+/Contents 899 0 R
+/Resources 897 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 873 0 R
+/Parent 878 0 R
>> endobj
-895 0 obj <<
-/D [893 0 R /XYZ 56.6929 794.5015 null]
+900 0 obj <<
+/D [898 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-892 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+897 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-898 0 obj <<
+903 0 obj <<
/Length 2162
/Filter /FlateDecode
>>
@@ -2606,35 +2619,35 @@ ej{uXš†çíþÀüÏ[S:n/n\€€¹,4„1=Å^ö ³Ðƒj~€”ʪü!Ì
-IBÚ ¨«¼YÒíiq‡DÑÒ»[Óܱ:Р4†÷±Þ„ße¶oÝ 1 ùÐÀ)òzV'»CÓöõcq6(¨?×+Ž-jš@U]q¦¢àP“:u-a±ymA©àT9*pÉpuŸ:w–ØcDAŒ‚®­_h|®»ÀÍ4RÂ5
âÇrÉŒKÒøt~ JKyݵÝV3H_oÅã'CF}kÅp XEe°8ö²ð¾ðjúâö2yÑ.lƒÅ§×`:ù¦ &úv*nOvmk
endobj
-897 0 obj <<
+902 0 obj <<
/Type /Page
-/Contents 898 0 R
-/Resources 896 0 R
+/Contents 903 0 R
+/Resources 901 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 873 0 R
-/Annots [ 900 0 R ]
+/Parent 878 0 R
+/Annots [ 905 0 R ]
>> endobj
-900 0 obj <<
+905 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [173.6261 746.5215 242.2981 755.9311]
/Subtype /Link
/A << /S /GoTo /D (the_category_phrase) >>
>> endobj
-899 0 obj <<
-/D [897 0 R /XYZ 85.0394 794.5015 null]
+904 0 obj <<
+/D [902 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-326 0 obj <<
-/D [897 0 R /XYZ 85.0394 258.809 null]
+330 0 obj <<
+/D [902 0 R /XYZ 85.0394 258.809 null]
>> endobj
-901 0 obj <<
-/D [897 0 R /XYZ 85.0394 232.957 null]
+906 0 obj <<
+/D [902 0 R /XYZ 85.0394 232.957 null]
>> endobj
-896 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+901 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-904 0 obj <<
+909 0 obj <<
/Length 2641
/Filter /FlateDecode
>>
@@ -2654,82 +2667,80 @@ n}/ø&Ù<_ºV6^Eó¯ÚD¾ÐemwD‡B4@y™ÇëT—}÷•­ÜþNN·Óœwo‡ZÉ“c‰û6’^q Œ r@ýóƒYõgpòùc
n{Öð9{TƒÚ°¼ÿaSÈ 1þ‰TÜoí¼ýðÌ=,ÚIq”•Fñê<TJV_¢8.le•UÓ¼­¼ÊñÇÃâ‡âõ?¡2‰¥/ˆœ·‡‚EÀ—|=OøèhÐ;{ìƒÁíkJ/ع:ì2ƒ‘Qo
Ï"ü½×/ ÷·þ_FÝ-endstream
endobj
-903 0 obj <<
+908 0 obj <<
/Type /Page
-/Contents 904 0 R
-/Resources 902 0 R
+/Contents 909 0 R
+/Resources 907 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 873 0 R
+/Parent 878 0 R
>> endobj
-905 0 obj <<
-/D [903 0 R /XYZ 56.6929 794.5015 null]
+910 0 obj <<
+/D [908 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-906 0 obj <<
-/D [903 0 R /XYZ 56.6929 619.3384 null]
+911 0 obj <<
+/D [908 0 R /XYZ 56.6929 619.3384 null]
>> endobj
-907 0 obj <<
-/D [903 0 R /XYZ 56.6929 607.3833 null]
+912 0 obj <<
+/D [908 0 R /XYZ 56.6929 607.3833 null]
>> endobj
-330 0 obj <<
-/D [903 0 R /XYZ 56.6929 154.3198 null]
+334 0 obj <<
+/D [908 0 R /XYZ 56.6929 154.3198 null]
>> endobj
-908 0 obj <<
-/D [903 0 R /XYZ 56.6929 126.2014 null]
+913 0 obj <<
+/D [908 0 R /XYZ 56.6929 126.2014 null]
>> endobj
-902 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R /F42 605 0 R >>
+907 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F43 612 0 R /F42 609 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-911 0 obj <<
+916 0 obj <<
/Length 1949
/Filter /FlateDecode
>>
stream
-xÚ¥XYsä6~÷¯èÇF<tí<MfìY§6ÎÆvž’”‹–ØݬÑIí#»ûß”úR{:™šò ‚
-³Z÷޳Ɯžº¥åJ—u‘‹`ïAÜi}
-БÈÄà@­µ«Mn§Ry—ß"qÏ3GRÑAw:saJÙ<ôù¡)LpŸ2Þ³å(F®¯˜p, mðÁ láI!1ðä22¨T¯4y´îFXؽiŠ)”0û\ððk8‰}¨iü'ÉßÅT+"Ùà±E[öc‹,„'âÙôk—p¤Mí'\n–¸éÎ;äNcÖn{£;Ìë ¦o'GÀÒáЦëuåA\.…Õè8=D8ï<·Í Y\Å¡^Eå¹;~G¼¡Å²Ísäkê¶ï(¬¸Ö¯•Яã7h¯2} xиãl\'m94‚#ȃ6æc.ÇhÞ­ëM‘Ó\e™nP 2ó÷î0æ¸j³R¦b~½$BUÓˆ‡¡™q¬[Gåÿ
-vxRÎHÃÀ¼ét~ Ùy%íD€LTòº4}oU!Dö-Gʳ)
-šÙüÀ‚kOª]ÕÊ0¦ÀÄgNm¯lÎþÖXêKÀ3aèÉèç©ü’ht 4žˆù£©òŽ¦ä
-œm¿8*
-¸Ë–s½TP¥‰‡¼³af…Í”º»6ªo]E”rW²­vêUE<º¥BÚŽZ'òªoÍjåTå ÿL¦ñ€mêåŽS@0ŸK9Qk¹Lì¡p„D6Oªé¶’š’ Í 3‚.òÛT»ka¯O £íµðN÷Ù»Öf–(]N(HC?’Lº
-†)Š~X3´êy9”gœÀ¸»£"kÃ>å”èjñdk'Q‹ºþ²iˆü¨—µãDaÁ¼ÄÅ·êÝLc›y
-Ïþ‰—˜ˆü0„ª3¾Ä„{‰Õ ¶ðÓo±Ï­*KPóÆ“+v¸7C’¸ÑE1˜¯œ ê%–ÛÕ ¼B&ÉPÍ÷`ÙDü,žBì6MG{Ð…`ûçRBŸmÏ(¬Á†­Ðÿœ {àƒo£½R0ú•^é烷³»8¡ç·o(äs?àj‡wòaž›^]5ÞθÁa_÷Ó¯x<Ÿ÷‚ï„7¹É”þ‹~õ†LØ~U8)ø×ð?±ÃdçCþêÕô!2•­µ·4…>Ç®|S6g0“èR—¸+LÖ½«1ùÙæü ñÔ•ö¶ûhË«îêö¡ª'·¨M¿öª—ÝpœÚ༤UQÔXHáéæéÓŸ£&7ªÀ²dÃmç„ÜIî¥ú¢=ãšÃ¯›´„›aí­Š>Ç”µê¼ºÈ½¬0TäÎØRwýÙ~eS[¼R½æ:Ä”© ôÈ^ëúò³l¾2x™ë!¾n[U÷fyèYúù?ôKS˜Ìô“¡0lvŠÉÛæµËŒ‹ ñú×F³sŒƒžÛƒ,iêº8ëø
+xÚ¥XYsä6~÷¯èGuÕJ#’¢Ž§ÉŒ=ëÔŽ³k;OIÊEKìnÖèèHjIö¿/@PêKíé$åj‹A
+¥«¦†ÈÅ°àçP†wZŸtdð ‹æÚ匷S©¼Ëo‘¸ç™#©è ;S˜D{2à‡¦0!ÅbÏ–£d¹¾a±4´!
+ÞË´Â,PÀÂmtHšµ}mÖºíî‚1¡SÀ¼ÌÞΊeîM×ëÚ‡€ï<°ó‰¼ÒëÖ:7¸q›"¶€ÒŠ#B³ Š*
+·ÿŽx¥±Mpä[7mßQ<q®_)' _ÇojÐ^çú@ð q×Ûbð¶Oa ÑAåÁ˜K.w«fS4Vy®×( )ùëFw6è0kÓ1Ê„w½ BÝÐ7C#ãX·Ž*þïðdœ‘†yÓéâ@²óJÚ‰
+Ó…^((ÓÄCÞÇÑ°
+³ÂæNFmUnËÿŽ"ÊÇè@28Öî,P5Íè–ji;*žH­¾5Ë¥ÓVü¹`Q6›ú¸ã,,àQMdA”Ú}árÙ<©r¤[äFÔLh™q,ØßSíN†½UÆÛ“áîów­M®
+or“)ýWýê™°ý¢pR:ñ¯à?±Ã`ç#¾õjz¹ÊWÚ_˜RŸcW±©Ög0“èJW8+LÞ½jmŠ³Íù âkjío×Ñ’WÝ=4íCÝL.Q›~å×/»á8µÀyI«²l°ÂíÍ×/¦?GMaT‰eɆێ¹“Ü õUûÆõ‡ß6i'ÃÊ_–}Ž)+ÕùMYøyi¨È±¤éú³ýʦ–ø•z9þÄuˆ)Sh“ýÖµægÙ6|iðs×C|Û¶ºéÍâгôú=ô˺4¹é'5BaØì“·Ík9aê÷¯kÍÎ1Ún²dÝ4åYÛØöðóÍË¢õUwà\|VmA¬ø]€FM]¾îùaaÚ®¹ØûSÀ„ ð3ìÄ'§p< ÿö×Þí÷³( Dšžøv%B8¶8œÁÎ(ܯH-? ›þ â=Tendstream
endobj
-910 0 obj <<
+915 0 obj <<
/Type /Page
-/Contents 911 0 R
-/Resources 909 0 R
+/Contents 916 0 R
+/Resources 914 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 916 0 R
-/Annots [ 914 0 R ]
+/Parent 921 0 R
+/Annots [ 919 0 R ]
>> endobj
-914 0 obj <<
+919 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 645.8685 133.201 657.9281]
+/Rect [84.0431 645.8685 134.1426 657.9281]
/Subtype /Link
/A << /S /GoTo /D (lwresd) >>
>> endobj
-912 0 obj <<
-/D [910 0 R /XYZ 85.0394 794.5015 null]
+917 0 obj <<
+/D [915 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-334 0 obj <<
-/D [910 0 R /XYZ 85.0394 707.5656 null]
+338 0 obj <<
+/D [915 0 R /XYZ 85.0394 707.5656 null]
>> endobj
-913 0 obj <<
-/D [910 0 R /XYZ 85.0394 676.8153 null]
+918 0 obj <<
+/D [915 0 R /XYZ 85.0394 676.8153 null]
>> endobj
-338 0 obj <<
-/D [910 0 R /XYZ 85.0394 449.6033 null]
+342 0 obj <<
+/D [915 0 R /XYZ 85.0394 449.6033 null]
>> endobj
-915 0 obj <<
-/D [910 0 R /XYZ 85.0394 421.758 null]
+920 0 obj <<
+/D [915 0 R /XYZ 85.0394 421.758 null]
>> endobj
-909 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R >>
+914 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-919 0 obj <<
+924 0 obj <<
/Length 1177
/Filter /FlateDecode
>>
@@ -2740,21 +2751,21 @@ Cl¥#—8¸ŽS¯$£?G4€­§…joü ±ãáž
,l;¦Ü}Ó/ô]‡ˆ?j­yÆç-¯ãB·\â#L Á¦_vƒ\8CÏ÷ÉqwA=ÃiŒ òm¯"å#å^æ´sâ·ömè!wÓ(¥ß›*š§ ðª³MúÀdon*‰>O‹ÇÉ SèˆÒS:Zƒ(á,Óê¤lÕz¶l€FÉI1ÉiR¶P ©f'm´48;M©qؼùLµîç†È0O{o¥”fÏÕº:ú*AªØ‚"ÏÐQÃbßH¯Ùép6ÞÖͦö–¯Ýƒ"Cž»=•O`èû^áŠÒ@¾rdZ aGÌ;$è{oK,DØïR+G€aá"ºÈÇ==£ÍÊ=•‡Ì¤çÝmì°:®<än¾ñ>†ÐÁû}&JôMÇÇ·5óŽÆ¿/%HÄ#Püv²@"3îó»…Z³¨íúž˜jzžÆ’'uczY¼jÚŒGçYˆF3ž=š–cæé-MNv’£R?0ª‡¨”¼
Á%Øp+Æmf!©á:Z¬…Ù¾KÆpeòf'óªMJÅ4ù—Q¥XélG™=뻄 Ž±æ«h zWg5ßR'Äw…0\ZñG`¶†Ç\?÷nÔ Ùšò H! ÅŠâ,Ÿ™Z¹ÈÄ i½–bËã^­^.’™)@éòõ{(/€Hª€ZÓºá¡V¸Í–&£VÅ”64Zf_ÎRk[Óf$:G©°5X©$xÐû?,c“*æ‹ÒÌ]K)R@7z5<vûÚE¢Q¯v™f±ÑŠÙ–×;¶¦zµÈON„£,‰—{kßyŽcÞôŽÓwúb7ߟõìÂ\3‡nŽq\§uŒƒý
endobj
-918 0 obj <<
+923 0 obj <<
/Type /Page
-/Contents 919 0 R
-/Resources 917 0 R
+/Contents 924 0 R
+/Resources 922 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 916 0 R
+/Parent 921 0 R
>> endobj
-920 0 obj <<
-/D [918 0 R /XYZ 56.6929 794.5015 null]
+925 0 obj <<
+/D [923 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-917 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R >>
+922 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-924 0 obj <<
+929 0 obj <<
/Length 2982
/Filter /FlateDecode
>>
@@ -2777,28 +2788,28 @@ lÍÕ™…S™JôvzVHÓÌçR ¯Ÿô _ÿ‹„ ªÏg ~¯ã™¾¼Íã°VèÆ'V¥KrU2¹ÔÁçp!ÀÄ%”:èƒyNÅ
ê@éü âJŠ¿
À£QöáþW*‘l ü1?Ó¢endstream
endobj
-923 0 obj <<
+928 0 obj <<
/Type /Page
-/Contents 924 0 R
-/Resources 922 0 R
+/Contents 929 0 R
+/Resources 927 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 916 0 R
+/Parent 921 0 R
>> endobj
-921 0 obj <<
+926 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/note.pdf)
/PTEX.PageNumber 1
-/PTEX.InfoDict 927 0 R
+/PTEX.InfoDict 932 0 R
/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
/BBox [0.00000000 0.00000000 27.00000000 27.00000000]
/Resources <<
/ProcSet [ /PDF ]
/ExtGState <<
-/R4 928 0 R
+/R4 933 0 R
>>>>
-/Length 929 0 R
+/Length 934 0 R
/Filter /FlateDecode
>>
stream
@@ -2811,12 +2822,12 @@ qª„Ñ«ò^ÿï>‹«>÷— .13×…Óƒ!¶3¢SËAÕ”ih¥Å¨Š^…(€<Îm䦽ªšÛÆlLÊâ³ò7Ù
n*Œ1½÷¨¾x¥Æˆpîâ‹&XîÃœ§³±è\íD¤ßä0}#XŒûž˜‹¸À>#^V°¡|2Îi‰9ÊÎr)`˜¢Xh¡Ò& „hb—H°Œe"Ãê
þrÓGçX5¾ûû8‡´ÕªOª«t–Ô³$Ây°‰—BÒ›ÀÄ5©/¨vp÷o`kA“ôr ±ñœÓ4N.4Žæ
endobj
-927 0 obj
+932 0 obj
<<
/Producer (AFPL Ghostscript 6.50)
>>
endobj
-928 0 obj
+933 0 obj
<<
/Type /ExtGState
/Name /R4
@@ -2826,24 +2837,24 @@ endobj
/SA true
>>
endobj
-929 0 obj
+934 0 obj
1049
endobj
-925 0 obj <<
-/D [923 0 R /XYZ 85.0394 794.5015 null]
+930 0 obj <<
+/D [928 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-342 0 obj <<
-/D [923 0 R /XYZ 85.0394 682.6479 null]
+346 0 obj <<
+/D [928 0 R /XYZ 85.0394 682.6479 null]
>> endobj
-926 0 obj <<
-/D [923 0 R /XYZ 85.0394 651.2667 null]
+931 0 obj <<
+/D [928 0 R /XYZ 85.0394 651.2667 null]
>> endobj
-922 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R /F84 858 0 R >>
-/XObject << /Im2 921 0 R >>
+927 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R /F84 863 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-932 0 obj <<
+937 0 obj <<
/Length 3426
/Filter /FlateDecode
>>
@@ -2860,35 +2871,35 @@ BJ
)_wå!<%ãË–Ë’Åì-)ñß¹EãOÃôPá¼EúȉôÜ5Q"?¦šÈ’¥Eÿ÷o¶?h sâçN:€aà&
/Ê㻥ÀõcÒÿ $*âñendstream
endobj
-931 0 obj <<
+936 0 obj <<
/Type /Page
-/Contents 932 0 R
-/Resources 930 0 R
+/Contents 937 0 R
+/Resources 935 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 916 0 R
-/Annots [ 934 0 R ]
+/Parent 921 0 R
+/Annots [ 939 0 R ]
>> endobj
-934 0 obj <<
+939 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [222.5592 662.5227 296.2125 671.9323]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
-933 0 obj <<
-/D [931 0 R /XYZ 56.6929 794.5015 null]
+938 0 obj <<
+/D [936 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-346 0 obj <<
-/D [931 0 R /XYZ 56.6929 378.3537 null]
+350 0 obj <<
+/D [936 0 R /XYZ 56.6929 378.3537 null]
>> endobj
-716 0 obj <<
-/D [931 0 R /XYZ 56.6929 350.6124 null]
+720 0 obj <<
+/D [936 0 R /XYZ 56.6929 350.6124 null]
>> endobj
-930 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R /F58 635 0 R >>
+935 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-938 0 obj <<
+943 0 obj <<
/Length 3590
/Filter /FlateDecode
>>
@@ -2909,98 +2920,106 @@ z^‰Q@F=€)ç
‚£ó‹@Èõ@‚îÐ÷5ŠÉË{ÉýqYÎ(&K&‘XÕë6»=–€&ä@7`ßÎRB‰
Lx¼êQéø79d.2(|q !ûxX¦¯D¡¤Aˆ‘&oé†W[&јŸ¢‘Æć["Ñéø§`Øf§èî¡fêº0M2+Ìé"êHoÃ寮†á‚>%TJRËXÙAÿ¤_—!DõT6Ñì˜6i¼Ý,œq $ìÁ·¡³‰L37QUÓ]Blzú® úòö¯7¥qI&ü;ÍÇÐwG§'Ûí".ñ·˜úò«]¨—tž«i¡B5å²À2žŽ”6þ‚uÌúÿ/A¬endstream
endobj
-937 0 obj <<
+942 0 obj <<
/Type /Page
-/Contents 938 0 R
-/Resources 936 0 R
+/Contents 943 0 R
+/Resources 941 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 916 0 R
-/Annots [ 940 0 R ]
+/Parent 921 0 R
+/Annots [ 945 0 R ]
>> endobj
-940 0 obj <<
+945 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [182.6146 321.2011 231.8861 333.2607]
/Subtype /Link
/A << /S /GoTo /D (notify) >>
>> endobj
-939 0 obj <<
-/D [937 0 R /XYZ 85.0394 794.5015 null]
+944 0 obj <<
+/D [942 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-936 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F58 635 0 R /F42 605 0 R /F56 626 0 R >>
+941 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F58 639 0 R /F42 609 0 R /F56 630 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-943 0 obj <<
-/Length 3695
+948 0 obj <<
+/Length 3707
/Filter /FlateDecode
>>
stream
-xÚ­]sÛ6òÝ¿BôLÄ
-µk^@͉õx‘›4¡š·ô2À:£…'úOÛ”ó®/úªë«Ew¢™ÄÖˆì<k‚5r6[€Œ8¸Y‘ص`æÎçYê/e7¡‘‘z ç1QÿTÂ@Ù¨+·Ïå–Æûª®yþU¡òhY®ŠÝ¥ˆêž'm]—‹žf½<
-(þЂÎJ%`½ÁÃ)µó¡&•±Ò6{#Ô °Î„5eÄ£€®’ZÈzgwXÛÂ<ÄÔÔ@ƒ4Ú?
-h°Ì9KXgb©ÇƒËe…,õ|µm×ób×?yî¦`'aVjHM™²ç9 X,Ž»'|1æ‘.Ž­+w‚‹¶¡ÀØÖP$fœy(ŸŠçÊ·-÷ª÷¼xÆv‹¡zö-¤•q¢õQ éCp*“hÿT68@¦w'ðš³BË ,wm„Cà äA4ƒj ãÔ(çôCêI´jëºÝêïo¯~ºöû.§ÂÎÂ@A0¬š.XxÿNHÿvô•-päÄÏžÅ+Ä@¼
-pØíÄ¥¥È’Xª³—–Rĉ
-ý5æ(ÒtW’uOyÄíŒ~ãÄß$#¤bæJ'"Âî|Àåe‡[f7¿ãŒ$rËì(! ,BV¸íi"9I ˆÛóÄã.lˆóUãrNðt
-찦0&ºª»­J§â¹­¸82^…-’¢€4¼¯ÚíÔQXwVŽÛ
-od0Ãö
-°nãî
-¸ÛÐ3»ƒ–KlH²§'1›¶ë*w³ˆàòMÙt<åTu† Azªlk‡îÕµõ3ûÛžê9µ»š3¹sŽ}Õ•Áõèy
-=ï¹t*ø§¤n€¼Ši*Ç%R¦¨ØZöÜзz,f¡Ø”ÐÈ)6/î–S2Çb£"þ¨ÍºàAö•Þ:zÁ0äÁôĬ½Ûì‹C
-–>/¯Êí¶¨éÒJIº~ÅY2Ö¶¼íá»3¼8ƒâŽgWDÑõ7U&7UÊHJ˜4ÜpRizzwTŒôÆ+Cç CTš~šEŸ«fQaz“lÑ’äa°ÆÊ
+xÚ­]sÛ6òÝ¿BôLÄâƒ
+kNã¢}pñ0죚;›,3³¹ÍÒظ,ëś虔qfŒBùº4V©4Æ€Ì-É÷9ì!³ØØD" ±Ñ*ìñérnetÿ«èHÎÆÈH“±ÓÊsföu&c‘d™& ÁØßuÏ?ñÝÍZÍ>4p£ÙðRŒx>Äì/å’ÎJ¥A4@}*]ìR«éRMz”ºèõR‰¨à—r½©ŠuQwÅ’'jz²VÂ(‹/˜Ø,V.s³!sÿš¼4Âf ¼ó½Îý5mš«,v.ͼ‚*ãì´10Ó‚ž
+[‹Uf%³g[/´ñO±3ѱHíJE/Oåâ‰ö!i´Ü­7t8ÜrMs]ÃÏ'¦ò7!TÅã
+îCôbS­„ã cÏŠ91LƒSÆfcø¨ IbØ16ÝÏEÌ´mŽ´]C °I2³ÒÆ©Ñ€Óâö‘ÎÝPïü|¸aBïð"EŸAßzW„iÐ+Í!M
+ƒ©åqd=Ô”c#Þœp;Æ™Ø@ÂwÞí ¡N»ª€<88ƒTÄHwþà
+kFäiZõÇؾÕåhë |ßÌ–þ-ŠŽð1&‰ÕQ²*!ýË’7¸ÒC½AÃ1¶óÎ&3.}ÃÙ  Î8›
+'4±WŠ§ü¹ôÕ#nZÑ-Î?áŽÍCù
+H§ba0ëõ¤Ø'JD/OE# hZ0pïHp%jAùÆ‚‚7ôŒ¤l©a)kµ7ú!v­šªj^zìïo¯~ºç.§Ü΂@‰3,ë6î¡°O@ÿõøµTì-päÙÏŽÙ+倽0ßk9¾´ø1ÀC7mK™ŠXé³mK%c¡ûÖ&Æ(’ ôMɪ£8âOF»ñ"‹{É8S2q…gA·Ááò¶}ŸÙ¯ï8"ÉLÆ*=HM
+âóX[Š_ M_\­ùp¿c‚aÚ; _‰1¾`®mÖ¼Ú–Ý.gu£mÞ!f¾+5¡ç»2úr‹M¥wuÔî|“6S”0€ 3ÂvÒ°@¨ŠoQl¦¡ü*8ZßÒ¶E×d¬^„“¡ðbLDÃ(JFÊ­ªž¦bB@må=„²{¦ZÇ}o˜{à5P/DsëfY¢| ~÷í}
+
+z®ó²êɯ‹nêˉ–±6d…hæÊD5v’«ê•‡./TÖ¦l|­–À1’\½#€+Ë9ÈÉè
+þ…Ø'‚…
+Â@~’˜ÀXfTæâ4quÖùkZK¨|¦NI›áy Íš+2Xy)ø“¢ e„©/uóRû"ÅDŸ‹®#' œWà°Ï+ü<hA3õÌ
+¸cÏüº™¤õ=øCÀKNÈß’¯P†&ø ›£O ›<N•B¶©õ ‚—}:¤ÑÛwEí¹ƒoÞŒp°kûu|ŽSM¸v1oj¯C°´ÿ¦¡ …œ¥zyû]:z.‹—A†7¸ÒUué¦CjgŽó6‘ñ7K^šøn*\ìœÖg™ŸÄ©I¯6@Ꮁû?¸)åêõÄ×Y‘‚æÙ}»m±Û¶ô5
+ÔÍ?¦”UÇÒfj¤¬½È‰Û‚ÃÎ…02äÀ¾¼"…€¸ µ£H‹÷Q…ÖpUó8úÑÂK¾­IÑáe ÖŸ?SÊôù7`¹ìõ}ºÜSS'¤µ¼´2x»|éTEÉ¡ZF"' <Çp@Éå`etZÇ@u@Gq"ÑD$(2Å1ʪ­‰³Ã>…}m‘s͗ݵ"Áƒ×+‚¾ØPùà"BRRÓ˜à$‰wP–O?(°: _4-Ò»k™8ÙoôYc_ ûâÐRœ&üSF5e†¼9_ñyB1ìôštœK†¬~…Œ_Ž*Ao ï{í®8]Øáp§ÔQMí4™ìi”œÿÂ\ÝÔs&
+-ï¹ð
+qyUl·yEM+­¨ýŠ«¤,¬iøØ>—ǯ0CØñêŠ0úúf"Ëä¢J[E“†*uGï‹UAyU_ùÂ…€ªŸ¤Ñç²^Áâk´"~X̱‡¼€‰!/h’¹‚µ³Õýöõ埾@”Ý;ß$$û:x?Ab0þU@¢ˆûð¤41¦8SÌSÞoûT(øc—)sÞ©êSNuÞïÝ÷Éç??ÞÜÀ‹ø8G5&?K\(»rßû³Ò«.îez
+ŒMCAÅqå‘…:fú^íô}]
+’éí‹ÚÝLK
+…Ãï÷uQÏû£þ'
endobj
-942 0 obj <<
+947 0 obj <<
/Type /Page
-/Contents 943 0 R
-/Resources 941 0 R
+/Contents 948 0 R
+/Resources 946 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 916 0 R
-/Annots [ 945 0 R 946 0 R 947 0 R 948 0 R 949 0 R ]
+/Parent 921 0 R
+/Annots [ 950 0 R 951 0 R 952 0 R 953 0 R 954 0 R ]
>> endobj
-945 0 obj <<
+950 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [137.8681 615.6107 211.5214 625.0402]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
-946 0 obj <<
+951 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [265.4578 569.7892 326.6578 581.8489]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-947 0 obj <<
+952 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [367.5441 569.7892 416.2908 581.8489]
/Subtype /Link
/A << /S /GoTo /D (incremental_zone_transfers) >>
>> endobj
-948 0 obj <<
+953 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [280.9692 538.553 342.1692 550.6127]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-949 0 obj <<
+954 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [277.6219 507.3168 338.8219 519.3765]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-944 0 obj <<
-/D [942 0 R /XYZ 56.6929 794.5015 null]
+949 0 obj <<
+/D [947 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-941 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F84 858 0 R /F42 605 0 R /F56 626 0 R /F58 635 0 R /F14 616 0 R /F57 632 0 R >>
-/XObject << /Im2 921 0 R >>
+946 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F84 863 0 R /F42 609 0 R /F56 630 0 R /F58 639 0 R /F14 620 0 R /F57 636 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-953 0 obj <<
+958 0 obj <<
/Length 3444
/Filter /FlateDecode
>>
@@ -3022,55 +3041,55 @@ qk/O]A®êm^rÓSÞ”ÿÞpСÓF^Ó>É€xÞÔOˆV¸udUæ†{ÕSèÁÙ‡‹öåjårʘ3ø9=ÞrØ„»¡­^6}
ß Ø+±H]ˆ]/uŠ]ÿ~ŒÔà0¢ÓËê½Ð„úÞŒ#+´„#}O/j­î¢IŽZ«ƒ-Âê`‹°táèž½FõœÈéóëT¦¬¿æD"ÜÆ8ÅD‘ˆñ³©Î1ÆÈ2‘Æ6¼ß\:¼K`é;dH'<“ùPî„Ï>°3Œ»ÌY,¥ „®ÑWY¢Ô²³ªÓÐÄ3ì¬$dœÙ·&ƒ~”F#h禸/«•ôwªËîËd–{ç>%iS/Aÿ¯÷}JOâ¿ÁwI"àØ­®|0vºð½ ¹ûßM¾|}©7Ÿvb8^VëeÆjûoi¬H­îëí¬´vèAw/S5],º†þËdñ®¯µÿVàtÙ‰4í¥ý‹XÄ}ûCô ½À
üsQûŸ?³<}ƒj8Ù§gÎóFÆ"ÕYâBí9{Ñ;6ý?ž×Sendstream
endobj
-952 0 obj <<
+957 0 obj <<
/Type /Page
-/Contents 953 0 R
-/Resources 951 0 R
+/Contents 958 0 R
+/Resources 956 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 960 0 R
-/Annots [ 956 0 R 958 0 R 959 0 R ]
+/Parent 965 0 R
+/Annots [ 961 0 R 963 0 R 964 0 R ]
>> endobj
-956 0 obj <<
+961 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [367.5469 453.6623 428.747 465.5625]
/Subtype /Link
/A << /S /GoTo /D (zone_statement_grammar) >>
>> endobj
-958 0 obj <<
+963 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [483.4431 396.26 539.579 408.3196]
/Subtype /Link
/A << /S /GoTo /D (address_match_lists) >>
>> endobj
-959 0 obj <<
+964 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [120.1376 159.8067 193.791 169.0221]
/Subtype /Link
/A << /S /GoTo /D (synthesis) >>
>> endobj
-954 0 obj <<
-/D [952 0 R /XYZ 85.0394 794.5015 null]
+959 0 obj <<
+/D [957 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-350 0 obj <<
-/D [952 0 R /XYZ 85.0394 682.6783 null]
+354 0 obj <<
+/D [957 0 R /XYZ 85.0394 682.6783 null]
>> endobj
-955 0 obj <<
-/D [952 0 R /XYZ 85.0394 657.8964 null]
+960 0 obj <<
+/D [957 0 R /XYZ 85.0394 657.8964 null]
>> endobj
-354 0 obj <<
-/D [952 0 R /XYZ 85.0394 440.2898 null]
+358 0 obj <<
+/D [957 0 R /XYZ 85.0394 440.2898 null]
>> endobj
-957 0 obj <<
-/D [952 0 R /XYZ 85.0394 417.8192 null]
+962 0 obj <<
+/D [957 0 R /XYZ 85.0394 417.8192 null]
>> endobj
-951 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F58 635 0 R /F57 632 0 R >>
+956 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F58 639 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-965 0 obj <<
+970 0 obj <<
/Length 2351
/Filter /FlateDecode
>>
@@ -3087,34 +3106,34 @@ C¤e²»3Œ9AZJEŠ¿O‰†ÏI²ß¨¢Óvµ»6O×bæ2|}¤j9˜Ü4!Jƒ¹prˆâÌß
pŸÅäH<–õ&†âÙ‰E^:Õ_óî©¿&äaù‹^Q%ƒèòQ;]Ô?Ži)ÜÓ¼Â:
¼b3­Ø¿ƒ¤ÿ€4%ÄëÂT´†.Ë T:8€2L1ãU=ëù¶Òˆo®2F‰<y÷'8`.×|6úÏxRàßB¶dÆàÎÙW0%•Î‰@Ók{M; ø·§žÕ OÖS)ñÍ{Œ½JVö£/¦0É ARæL÷¢ ¹l}:bøÎâk~Û«“Õƒ¿
endobj
-964 0 obj <<
+969 0 obj <<
/Type /Page
-/Contents 965 0 R
-/Resources 963 0 R
+/Contents 970 0 R
+/Resources 968 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 960 0 R
+/Parent 965 0 R
>> endobj
-966 0 obj <<
-/D [964 0 R /XYZ 56.6929 794.5015 null]
+971 0 obj <<
+/D [969 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-358 0 obj <<
-/D [964 0 R /XYZ 56.6929 769.5949 null]
+362 0 obj <<
+/D [969 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-967 0 obj <<
-/D [964 0 R /XYZ 56.6929 751.5879 null]
+972 0 obj <<
+/D [969 0 R /XYZ 56.6929 751.5879 null]
>> endobj
-362 0 obj <<
-/D [964 0 R /XYZ 56.6929 301.5992 null]
+366 0 obj <<
+/D [969 0 R /XYZ 56.6929 301.5992 null]
>> endobj
-968 0 obj <<
-/D [964 0 R /XYZ 56.6929 274.1347 null]
+973 0 obj <<
+/D [969 0 R /XYZ 56.6929 274.1347 null]
>> endobj
-963 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R /F84 858 0 R /F86 971 0 R >>
-/XObject << /Im2 921 0 R >>
+968 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R /F84 863 0 R /F86 976 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-974 0 obj <<
+979 0 obj <<
/Length 2662
/Filter /FlateDecode
>>
@@ -3128,28 +3147,28 @@ xÚÅZÝsÛ6÷_¡·R3ŠÓÄɹsurŽnnîÚ>ÐmqB‘ŽHÅçþõ·‹(R¦äö’¹›Ì˜KpÝÅþöPÄŒÃ?1³šqåÒY
=k9´Î™åîXFQ¡,ž ªGÛýß §&7AeLh军àyOo>´ܤÇ*Ð,B¦¢D×LÈ´’Y©UßOOH€Š,‚<pU>ûxƒÆÙÇkàmð†<6帷äÈAµÎ´CVÑâ7,x!ƒ³¶‚-Åòm¬Z´W@Åì†tŸÝB ÛÅZ—w‡:u\êÖÅ]¾¯CÙ•ÇbûÐ…bÔêW®yJ_LðH£ÝXV9¥¶8 øÅÉzu6ЉóõpÈuºö\¸WÛüß‹XŽÑ½‹®Ü‹²~Va§4éyMz® UF³xPÈìX—«úúßC§±D
úGxÍ2HQZŒŽŠh·‰/0ϸ]u|¾ø¨çáVY Ó–Ûý–^YÄÕ=XÏE<£pú8´jê5£³Õ’lùbëì–“ùGòÓ™Žþ"æ…Ì2à:“Y"×Ñö–tq4J+iÆ8Ç´rN~Ï5¡À(­@êtÓÊPƒ+ôt¡Ò&=¤Ô x4ÂœŸÐÿH¨I™LÓt„ HçoG€‘`´G
endobj
-973 0 obj <<
+978 0 obj <<
/Type /Page
-/Contents 974 0 R
-/Resources 972 0 R
+/Contents 979 0 R
+/Resources 977 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 960 0 R
+/Parent 965 0 R
>> endobj
-975 0 obj <<
-/D [973 0 R /XYZ 85.0394 794.5015 null]
+980 0 obj <<
+/D [978 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-366 0 obj <<
-/D [973 0 R /XYZ 85.0394 545.7078 null]
+370 0 obj <<
+/D [978 0 R /XYZ 85.0394 545.7078 null]
>> endobj
-715 0 obj <<
-/D [973 0 R /XYZ 85.0394 521.7654 null]
+719 0 obj <<
+/D [978 0 R /XYZ 85.0394 521.7654 null]
>> endobj
-972 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F84 858 0 R /F86 971 0 R /F42 605 0 R >>
-/XObject << /Im2 921 0 R >>
+977 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F84 863 0 R /F86 976 0 R /F42 609 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-978 0 obj <<
+983 0 obj <<
/Length 3526
/Filter /FlateDecode
>>
@@ -3174,28 +3193,28 @@ cI=Öîtt®´VøBFáÁrƒ€š!à"5îÕ¥XáûLëj˜熱籉CvnbvNt
!!¥(×›U5ö‰¾9’¶wÀòýØû4¸ WÄB5%ö‚+ëBE*°^ò*¹âû:Eeú|¥(ta¤Sf £a}AôUKÓ²T¨QNMG¥·áŠ?cⶾ-ow#lŸufø¥éˆíŠ>¢ýíZ_ûBî~íÌ;epЙq0 o
nòÓNàgjdëÿó)1­endstream
endobj
-977 0 obj <<
+982 0 obj <<
/Type /Page
-/Contents 978 0 R
-/Resources 976 0 R
+/Contents 983 0 R
+/Resources 981 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 960 0 R
+/Parent 965 0 R
>> endobj
-979 0 obj <<
-/D [977 0 R /XYZ 56.6929 794.5015 null]
+984 0 obj <<
+/D [982 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-370 0 obj <<
-/D [977 0 R /XYZ 56.6929 120.0048 null]
+374 0 obj <<
+/D [982 0 R /XYZ 56.6929 120.0048 null]
>> endobj
-980 0 obj <<
-/D [977 0 R /XYZ 56.6929 93.6379 null]
+985 0 obj <<
+/D [982 0 R /XYZ 56.6929 93.6379 null]
>> endobj
-976 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R /F84 858 0 R >>
-/XObject << /Im2 921 0 R >>
+981 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R /F84 863 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-983 0 obj <<
+988 0 obj <<
/Length 3141
/Filter /FlateDecode
>>
@@ -3216,42 +3235,42 @@ E2¥]Oë³8ŒmÈÔŸO°¼3NÈËaiˆu>,uXÈÅïœËMÑœD%WËœ½L¸Ãš <ŠJÜ1§Æ„crk‡e¡W‡í’rMKúßÄb˜´
ꇿ¤€7´b5Â|:÷5Ûúýç È
¬„˜¤Ý¨„8ï•÷ÜAePÇ_sp5T2 {ÛáÄNM_Aൊ`¿sÍE–õ€âkuŸÄE¥õ@\£¾ø„¦èÑ›¯°ŒTch†W5¡—ð?Jæÿþó­þoÛ2PçÎ4É7ÌA⟘ÂçÌì1çÝßy²þ?U·Ù endstream
endobj
-982 0 obj <<
+987 0 obj <<
/Type /Page
-/Contents 983 0 R
-/Resources 981 0 R
+/Contents 988 0 R
+/Resources 986 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 960 0 R
-/Annots [ 985 0 R ]
+/Parent 965 0 R
+/Annots [ 990 0 R ]
>> endobj
-985 0 obj <<
+990 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [389.4645 743.8714 438.2112 755.9311]
/Subtype /Link
/A << /S /GoTo /D (configuration_file_elements) >>
>> endobj
-984 0 obj <<
-/D [982 0 R /XYZ 85.0394 794.5015 null]
+989 0 obj <<
+/D [987 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-374 0 obj <<
-/D [982 0 R /XYZ 85.0394 485.9834 null]
+378 0 obj <<
+/D [987 0 R /XYZ 85.0394 485.9834 null]
>> endobj
-986 0 obj <<
-/D [982 0 R /XYZ 85.0394 461.5576 null]
+991 0 obj <<
+/D [987 0 R /XYZ 85.0394 461.5576 null]
>> endobj
-378 0 obj <<
-/D [982 0 R /XYZ 85.0394 188.0879 null]
+382 0 obj <<
+/D [987 0 R /XYZ 85.0394 188.0879 null]
>> endobj
-987 0 obj <<
-/D [982 0 R /XYZ 85.0394 163.6621 null]
+992 0 obj <<
+/D [987 0 R /XYZ 85.0394 163.6621 null]
>> endobj
-981 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R >>
+986 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-990 0 obj <<
-/Length 2471
+995 0 obj <<
+/Length 2469
/Filter /FlateDecode
>>
stream
@@ -3262,55 +3281,53 @@ E:"Ç55ÿ¾ 4@‘í$•”ËÐh4û…~À,¡ðÃ’\e¸I
àýi%q®a¹'¶U³ïmÎ%„öìÃ$3/@Œ˜<çwiWå¾vi™VóTQ\I&Ó«B;Û#Zß"€¾€Ñˆ‰¤°íÓTÍ‘‚Â
A„Ö_ )c¬§CÊ€ådƒö dµèž‰)’(m¾ÂÄ€5ÃÅ$¦CTAظ.·v'RØrë"jv¼æ`¬ÛõÚ+æOE¦5)„̃Ÿõ8t@¨SÒœÆjBèƒ/Â,½Ë/x¿žú¬¢Á™|¼
ÓxbJ*‹ÜeyzR¹;È 10€Ó¢æ‰b9Q’aÒ¹Y*¨7/äÁe°ÔûóL±ôþòô¤ Њ(’xËiáó]ò)a„Jc"æ^Öƒ<àåÕ–'oZ( gcÊ^(-ÇžÈQ¸Ï (‚g\·Î
->žsšÚ°¨¶÷µÝÚ&„Y
-÷°Ú2êbnÌ({Gß;‡ÔÿÑîÊfæ;à—Ò•­x¾\¢Š2 )…å…œÖ=Ëíº™I5ø0¾)BrbžulO0S<ul ’‡¯úÌRö‹ÍI®eœ¨RƒůpÈ Ú
-ó “Þ5O É
-È«œEC4KWZXgì»
-‡%œ)›…%è+…"B±£}Ý6Yc×¥¹ W$ïèBd^»ÐìÀ%®#IÞ•]<æêC‡
-¿“SÆ Ì¹R-`lb‚¼X¨¹µçÕ)NFb
-Ç”ÌAØ~ƒÛÈ2Lì—…½€é‚ˆGFa·F¥gTàtÊ& F6=«ŽÑøõàû2<ÁÀxÐ9N–³O¶Œ߆f Š2 Ž¬±è¨“óYtÑpïNúà?ϸ¶êJ+§žW£5ÈßM<rîÙÒ0t>Å7=[Bz‡ÂZ>Û¾qö½í›;qTH ÏÃÌY LöDû¦ÀÞS g‚@-«~Fû4iÁ‹„ùf‡«ŸÖ¾EÂÙ˜òiûf4,ø¾+bK:ÔÂZK#˜Š|¶ž„ZX Ûx³
-̪nlÚoéqöL_86×y€óµÜ(ó=}áóþ9v* ßüÊËcŠ@”`“¶Å¶0Þè
-—Cæû0t_í‘‚iÈß÷mÓy6Cn§Äå›ë¸­›ný+l.à~ >p 1¦º¯§h÷~²˜@­—tAóæ¦óaÜc­ÚÝ_‘a·üz³ý¤ãÓÈøÛ‡×O áõ›®ÅÙðFg†l·,aéV¡þßï\c1y
-ôãI×€Oveê¿ŽÓ¸ç 8XAkØ,-”£ 9˜¡A.`g&8yîö¡Aè¬ ýÄlû
-¤"þ·`·>²v¹Lî_yäL ‹=ÎÑ-äœ)•L”ë®|ë…[»uM7£7Ô;; Ÿ¾ ÓtŒ|°‹Ðe
-Øm—º}7Ä+w»²YOí6—+EN¤³²Ð$zÄÿÿï¨dá^­ùj)4‘ˆD®œ^¤>}Õ§„ Åç˜ÿ?®:Djendstream
+>žsšÚ°¨¶÷µÝÚ&„Y
+ö| Ê™&Ü0>T˜ÌUsP8RJÁÐŒA
+ºoá.<Î\cð\aýçÂ]!ÉTÚBîØá´ß@6îp~g}fvSûi_Öp%e^„4ŒÈ'1L¹ùbÓ¶ $JšQ(ó[?í]òÓ¦ÂíäBžÅÕR6—‘|<
+ÃÒ
+Ž pzL°våÓ•PYv;>!¤ ÈUÄA V Ⱥ¸µ¨L}Üø}gëD2%‡êÈl‚‚èpû§-#¡:æÆŒ‚²w÷ð½s(
+ì«£àŒ}`}Üs£÷y·ìîí¢‚,ì®LrwÚ5P^– ¿¾”Õãk<‹ÅmØ:zŽ#>Uv]µö5•_á°„3e³°}¥PD(v”¨¯Û&kìºôäŠä]ˆÏk ¸Äu$‰À»²‹Ç\•èàúU;Ý·]…5»ÛðJà¡w
+œNÙÄȦgÕ1¿|_†‡:ÇÉröÁÖÑáÛÐrAqCÔ‘5ÃSõs¾/‹.îÝ©Süç×öCÝBiåÔój´ù»‰GÎ=^B†þ§ø¦ÇKHïPXËg›8ξ·‰s'Ž
+‰á‘˜9kÉžhâØ»`*áL¨eÕÏhâ€&-x‘0ßìpõÓš¸H8S>mâŒ&€ßwåClL‡ZX«qiS‘ÏÖÂ’P kÁ"boVYÕMûSú±¹~Ìœ¯åF™ïé Ÿ÷ϱSIøæWÞ¯S¢›´…,¶…ñFwP¸2߇¡Ëøj§ˆ„LCþ¾o›ÎC°r;%.ß\ÀuhíÜtëßú`sÇðó
+õÿ~×à3ˆÉS Oº|²+SÿuœÆ=_ÀÁ
+ZÃfi¡ÉÁœ r;3©ÀÉs· Bgmè'fÛW¸ …ñ»𑵻@øÈerÿÖ#gZXìqŽn!çœH©d¢\wå[/ÜÚ­Chº½¤ØÙýôõ˜¦cäƒ]„.؈7ƒŸpc$1hè@þä5wÀyž‡#JAå,tp·› ðE]íèÁIëÏØVÀn» xÐmìëи!^¹Û•Ízj·¹\)r"…˜•…&Ñ#~ø¿€‡@% ÷vÍŸPK¡‰Ô@$råô"õéÛ>%\(>ÇüÿEkE‰endstream
endobj
-989 0 obj <<
+994 0 obj <<
/Type /Page
-/Contents 990 0 R
-/Resources 988 0 R
+/Contents 995 0 R
+/Resources 993 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 960 0 R
-/Annots [ 994 0 R ]
+/Parent 965 0 R
+/Annots [ 999 0 R ]
>> endobj
-994 0 obj <<
+999 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [221.4501 61.5153 295.9714 73.5749]
/Subtype /Link
/A << /S /GoTo /D (rrset_ordering) >>
>> endobj
-991 0 obj <<
-/D [989 0 R /XYZ 56.6929 794.5015 null]
+996 0 obj <<
+/D [994 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-382 0 obj <<
-/D [989 0 R /XYZ 56.6929 533.7018 null]
+386 0 obj <<
+/D [994 0 R /XYZ 56.6929 533.7018 null]
>> endobj
-992 0 obj <<
-/D [989 0 R /XYZ 56.6929 508.0329 null]
+997 0 obj <<
+/D [994 0 R /XYZ 56.6929 508.0329 null]
>> endobj
-386 0 obj <<
-/D [989 0 R /XYZ 56.6929 131.4617 null]
+390 0 obj <<
+/D [994 0 R /XYZ 56.6929 131.4617 null]
>> endobj
-993 0 obj <<
-/D [989 0 R /XYZ 56.6929 108.2635 null]
+998 0 obj <<
+/D [994 0 R /XYZ 56.6929 108.2635 null]
>> endobj
-988 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F84 858 0 R /F57 632 0 R /F86 971 0 R >>
-/XObject << /Im2 921 0 R >>
+993 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F84 863 0 R /F57 636 0 R /F86 976 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-997 0 obj <<
+1002 0 obj <<
/Length 3045
/Filter /FlateDecode
>>
@@ -3324,42 +3341,42 @@ ESŽ"4Ô<qz €ù¦³õE[R³O€-JWut…6;èQ
‡ÒPU0˜‘ýŒÛŒ>¬öϳÐuJ>[Åñö¾y¨©{ ø(ê)jeÐ ø­µŒ~íàGŠ ÐbÂWNÓ0É-7-v«|€aÀÍyôÇ•:õ:9¬íÚoWË•Ó²1¦vW[6¶AŠN‡hm á«ÊØÊÃ"µžUBù‰çÏ ùGnélÌ-=¸ÆÇ„Çq ãêšFaY¿»r»ûdiD ¤iÏBã#Âcz昙9fΨդ"?¨Ý–{ê®ËA횪°ý ÆÂjȱ——`(þiTLí«àVYô—%JÈ8Ã÷£ÿ"k8¯ð22yù’f®.ña†9ÓÝÃRײ|7ŸàÚÛWˆ) pß¼»xO½M¹÷ÄnJ×A%ìXx¦=F^4¼ˆ_{ü–æÀgà81§mŽÐP}_ ‡äqèïiK•"[æLgY0¦2sö^U9zrì¾­Tã3ËïCë„óŽÛ{7 Fßò4óÿo|ßÉ7ñd¾‰§òMŒùÆÿk¾ñÿßäwòM>™oò©|“ñM|ßÄ÷ñm´šn ‡¤áq±Ú` FGÒîÌ»=9 ²jy×[¥9£äéå>MŽr”Q}C}ZAüt‘3}_ÃÞ-P`Ïå»mSç·Ï?—6¼²]§ó{ø‡Qè’ÆžKUh¨¥.=;$co—$·;ÏØ—La¢+[Ör/µ^´å¶¬ò= ÒCµ'Nˆ‡/ÊE‚éQ ,±Þ3|Oú_3$‘Š³ø‹£â:ãq¥s}6‚¸ú e&Bpq]æùˆ]ýõÁ‡„À'ÿl#¤äEº*¢ÌŽ8†¬Å‘ ÀÏ04M“ð8KÇ°jI|„‘*Q1#.ÿ#{ÙA²‡¡œš‘
endobj
-996 0 obj <<
+1001 0 obj <<
/Type /Page
-/Contents 997 0 R
-/Resources 995 0 R
+/Contents 1002 0 R
+/Resources 1000 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1001 0 R
-/Annots [ 999 0 R 1000 0 R ]
+/Parent 1006 0 R
+/Annots [ 1004 0 R 1005 0 R ]
>> endobj
-999 0 obj <<
+1004 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [238.0484 689.8302 311.8142 701.8898]
/Subtype /Link
/A << /S /GoTo /D (topology) >>
>> endobj
-1000 0 obj <<
+1005 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [353.6787 61.5153 427.332 73.5749]
/Subtype /Link
/A << /S /GoTo /D (the_sortlist_statement) >>
>> endobj
-998 0 obj <<
-/D [996 0 R /XYZ 85.0394 794.5015 null]
+1003 0 obj <<
+/D [1001 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-390 0 obj <<
-/D [996 0 R /XYZ 85.0394 132.7054 null]
+394 0 obj <<
+/D [1001 0 R /XYZ 85.0394 132.7054 null]
>> endobj
-703 0 obj <<
-/D [996 0 R /XYZ 85.0394 104.7571 null]
+707 0 obj <<
+/D [1001 0 R /XYZ 85.0394 104.7571 null]
>> endobj
-995 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+1000 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1004 0 obj <<
+1009 0 obj <<
/Length 3019
/Filter /FlateDecode
>>
@@ -3378,34 +3395,34 @@ xÚÅZmoÛFþî_!ô}¨¶ûNnóÉMœœ‹ÖÍ9:mq %:&J‹ªHÙU÷ßofg—"iÊv›.Ìá¾ÌÎÎÎÎ<3”˜qø/fÆ2ë¤
"Mó¨bl
¥[‡û<–1$¬>#ÇçdļBY3²‚Ø;q©ÓC®÷qÊ@¦._ŸªC`9+žè²¢ÚƒÊ4¹ƒÌÜõ€­ pn„ôõ¦-OLpW .º SK“\EîËâaê+ÒŽ3@þ)€‚ÜkºlIhŸTÀ{¸b_†Ð
endobj
-1003 0 obj <<
+1008 0 obj <<
/Type /Page
-/Contents 1004 0 R
-/Resources 1002 0 R
+/Contents 1009 0 R
+/Resources 1007 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1001 0 R
+/Parent 1006 0 R
>> endobj
-1005 0 obj <<
-/D [1003 0 R /XYZ 56.6929 794.5015 null]
+1010 0 obj <<
+/D [1008 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1006 0 obj <<
-/D [1003 0 R /XYZ 56.6929 667.1591 null]
+1011 0 obj <<
+/D [1008 0 R /XYZ 56.6929 667.1591 null]
>> endobj
-1007 0 obj <<
-/D [1003 0 R /XYZ 56.6929 655.2039 null]
+1012 0 obj <<
+/D [1008 0 R /XYZ 56.6929 655.2039 null]
>> endobj
-394 0 obj <<
-/D [1003 0 R /XYZ 56.6929 286.3754 null]
+398 0 obj <<
+/D [1008 0 R /XYZ 56.6929 286.3754 null]
>> endobj
-962 0 obj <<
-/D [1003 0 R /XYZ 56.6929 260.2665 null]
+967 0 obj <<
+/D [1008 0 R /XYZ 56.6929 260.2665 null]
>> endobj
-1002 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R /F84 858 0 R /F86 971 0 R /F14 616 0 R /F68 724 0 R >>
-/XObject << /Im2 921 0 R >>
+1007 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R /F84 863 0 R /F86 976 0 R /F14 620 0 R /F68 728 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1010 0 obj <<
+1015 0 obj <<
/Length 2789
/Filter /FlateDecode
>>
@@ -3420,42 +3437,42 @@ xÚ­]sÛ6òÝ¿BoGÍ„(>Ià1M^:WçÎqŸÚ>Ðms"‘IÙuýíbŠ”h%v<c‹°Øï]‰‡?±²†qåô*wš.̪Ü
Ü$¿ôxÕAQ_è¾!TGzJ·;GÅ|Oc¢Íż á10*FÓ ö¥Þ¹Ý‹m¥£3'ûl0S€Þ¾Œ›h°+zì/€H¹÷õ=ûmñðÆR Þ¤ó§Z 4–¶ë£5B}2â™Zx‹|Š} ¦îXø[/ÈA?²lªqXu§2íz&8S„m&䄵–¾ž‡æciâaØÁôÐXâäHõŽPG}!x4ÈcþT5Pçß©°Š›R”ó*f#è©®ž ‰ªÜoÛ[ïrÈǨ<ò—G^àžƒØaâ3$B
¥ejb·aÃþ–@HOÿf¶¬Ág»Ç%eÛó¤Õ08aÔ¬?a”—;0ªŸ·¾Æ=ͤùµÜù…ÊÌqБT)(A­šý²eâ/[#­ÓFþ¦½Z9fŒKn¦…,Ÿ÷‰|ÏeÔñIbå;„/'½žyË ‡hµ-¢õù-û¯B³p7ØV†ìíÍ1§ŠáoµìµŸø•aø›ûBpàc‘ö·þ?ü@©s¦ÐÙ/G,ˆ¥Ë#QÈus’Ée™±2_ ýÿ£ |endstream
endobj
-1009 0 obj <<
+1014 0 obj <<
/Type /Page
-/Contents 1010 0 R
-/Resources 1008 0 R
+/Contents 1015 0 R
+/Resources 1013 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1001 0 R
-/Annots [ 1013 0 R ]
+/Parent 1006 0 R
+/Annots [ 1018 0 R ]
>> endobj
-1013 0 obj <<
+1018 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [326.242 251.4486 375.5914 263.5083]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update) >>
>> endobj
-1011 0 obj <<
-/D [1009 0 R /XYZ 85.0394 794.5015 null]
+1016 0 obj <<
+/D [1014 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-398 0 obj <<
-/D [1009 0 R /XYZ 85.0394 648.9507 null]
+402 0 obj <<
+/D [1014 0 R /XYZ 85.0394 648.9507 null]
>> endobj
-1012 0 obj <<
-/D [1009 0 R /XYZ 85.0394 625.2603 null]
+1017 0 obj <<
+/D [1014 0 R /XYZ 85.0394 625.2603 null]
>> endobj
-402 0 obj <<
-/D [1009 0 R /XYZ 85.0394 105.5187 null]
+406 0 obj <<
+/D [1014 0 R /XYZ 85.0394 105.5187 null]
>> endobj
-935 0 obj <<
-/D [1009 0 R /XYZ 85.0394 83.1283 null]
+940 0 obj <<
+/D [1014 0 R /XYZ 85.0394 83.1283 null]
>> endobj
-1008 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F86 971 0 R /F84 858 0 R /F42 605 0 R /F57 632 0 R /F58 635 0 R >>
-/XObject << /Im2 921 0 R >>
+1013 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F86 976 0 R /F84 863 0 R /F42 609 0 R /F57 636 0 R /F58 639 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1016 0 obj <<
+1021 0 obj <<
/Length 2359
/Filter /FlateDecode
>>
@@ -3470,39 +3487,39 @@ M4³ºÔ~ÿä¹…pzzÕ >ÏáÁ›½ ¡4 Ý•‡dY1lFÑ îG4Ë%‰{žžÊOÀ=£4ˆ©ïà Ãÿžû’þÜ^ "A9
1SÀ¨H4aT iê+¦~­ïwõ!eþ—ÿvIØŸ¬Ìî–Mê5
@ )=BíÉU[d¡Ë=–€Z)aü…C“z‹+ˆ´F™®l›]'Ñùí~úö!L ÕrÓ¶÷Ÿ£)”&#f¢ÃÏ*Î |Ö·`ì›h^ûêpDw¦V‡(K¶s|ë²VGbn2ëúQGébÑCkùçƒéÑÁÙ V©^LQÃÎTW†móR¢ƒßL•QqWy^3Û]ÔÔiÀ¡!ƒm«Û£íd-6‹1wD>Š\mÔò‰ÃÇä#˜FÞì!¼í<.$áFò¯=kDørtॠï"TÂ6Îÿp²û|ï‹WeëØÏÁ´Áßüãóú—y©·ÚX®€…·—² (¾sóð+õîÕÿOÀû/endstream
endobj
-1015 0 obj <<
+1020 0 obj <<
/Type /Page
-/Contents 1016 0 R
-/Resources 1014 0 R
+/Contents 1021 0 R
+/Resources 1019 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1001 0 R
+/Parent 1006 0 R
>> endobj
-1017 0 obj <<
-/D [1015 0 R /XYZ 56.6929 794.5015 null]
+1022 0 obj <<
+/D [1020 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1018 0 obj <<
-/D [1015 0 R /XYZ 56.6929 607.3833 null]
+1023 0 obj <<
+/D [1020 0 R /XYZ 56.6929 607.3833 null]
>> endobj
-1019 0 obj <<
-/D [1015 0 R /XYZ 56.6929 595.4281 null]
+1024 0 obj <<
+/D [1020 0 R /XYZ 56.6929 595.4281 null]
>> endobj
-406 0 obj <<
-/D [1015 0 R /XYZ 56.6929 342.1161 null]
+410 0 obj <<
+/D [1020 0 R /XYZ 56.6929 342.1161 null]
>> endobj
-1020 0 obj <<
-/D [1015 0 R /XYZ 56.6929 315.4194 null]
+1025 0 obj <<
+/D [1020 0 R /XYZ 56.6929 315.4194 null]
>> endobj
-410 0 obj <<
-/D [1015 0 R /XYZ 56.6929 169.5524 null]
+414 0 obj <<
+/D [1020 0 R /XYZ 56.6929 169.5524 null]
>> endobj
-950 0 obj <<
-/D [1015 0 R /XYZ 56.6929 137.0813 null]
+955 0 obj <<
+/D [1020 0 R /XYZ 56.6929 137.0813 null]
>> endobj
-1014 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+1019 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1023 0 obj <<
+1028 0 obj <<
/Length 3495
/Filter /FlateDecode
>>
@@ -3524,41 +3541,41 @@ UX9·úQ\…®Aµîû*PV«ºwÚ#ŠqŒbÄÁ"#þã°±M„$r`dù(“,ÇþtI“L¤âö(›id>pjÆ‚8²æžg
ÇüÁ»–Ü£¯È–¡åUéâGDûuA çs–’X­åbG¯UÈJK ñÖ¶ýÀxr’JÓËŸÆpSÎ-9@öÖòšš)Ò’i¹î8Wúûé\ª|0`—o¦ûyÌ÷åÆdøZ€ú ïÔ¥gµG¢éÙ}fnï웃8Ê*3"œ spí
¡ÿ*$K“¡oÈ_t¡¯>¼Þ‡ÉHÖºÞè¥ïî”Æg¸90ŽƒaþÝßä>XLÀÚ#ça]Åid¤Íü¦…ZÿñÞùÖÿ [¨Áqendstream
endobj
-1022 0 obj <<
+1027 0 obj <<
/Type /Page
-/Contents 1023 0 R
-/Resources 1021 0 R
+/Contents 1028 0 R
+/Resources 1026 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1001 0 R
-/Annots [ 1027 0 R ]
+/Parent 1006 0 R
+/Annots [ 1032 0 R ]
>> endobj
-1027 0 obj <<
+1032 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [461.1985 140.8476 510.2452 152.9073]
/Subtype /Link
/A << /S /GoTo /D (DNSSEC) >>
>> endobj
-1024 0 obj <<
-/D [1022 0 R /XYZ 85.0394 794.5015 null]
+1029 0 obj <<
+/D [1027 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-414 0 obj <<
-/D [1022 0 R /XYZ 85.0394 306.4089 null]
+418 0 obj <<
+/D [1027 0 R /XYZ 85.0394 306.4089 null]
>> endobj
-1025 0 obj <<
-/D [1022 0 R /XYZ 85.0394 276.7192 null]
+1030 0 obj <<
+/D [1027 0 R /XYZ 85.0394 276.7192 null]
>> endobj
-418 0 obj <<
-/D [1022 0 R /XYZ 85.0394 193.529 null]
+422 0 obj <<
+/D [1027 0 R /XYZ 85.0394 193.529 null]
>> endobj
-1026 0 obj <<
-/D [1022 0 R /XYZ 85.0394 161.0298 null]
+1031 0 obj <<
+/D [1027 0 R /XYZ 85.0394 161.0298 null]
>> endobj
-1021 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+1026 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1030 0 obj <<
+1035 0 obj <<
/Length 2836
/Filter /FlateDecode
>>
@@ -3573,33 +3590,33 @@ L"¹_&¬Vˆ#o:hP`ÁÖ‹!{A­`j~^LH¢r›«ÓÞÀØgÞÑŸNÎÁï¶3©V#åfƒ6¨Š‚­[÷^iÐÚ;=B:
CÀkFÈ`Õá'àÑV ΂l¤c;ô±úxÛKŸø‚*XÜþ4“Q53´k:Cw¿CR2¯Žåì©•ò$¥MóѶ‡‡ýeËAüš~ä<e*
eóç©éÒôÙ”ÓbýŠßÆv¡úiæPgïŒêŽÈaH@2óGj–½ì•!3‡’x씿8…„-ËQ:.±Ø½uO´¬é$ó 7ý¡˜Ûµ|ÅpxΨÉÿ¿mþ=r‡Õ¨‰MÍh×û‹/BVýbø9Ñ"ËôAûò%M¹õèÆV{ßìV jsq„M¼îöÀ›zµë›í¯á4 gÈ «b_cŸ,e"üï¥åOpù£ g£ã¢¾Ý6ˆ'ßéoLXx·}¨æÜ隘Ä#90\D?X“Ù££áO‹QåqK^µA´tnÿå—X²¬÷<Äès¼kAB°ÎÀVƒØ»ÚÑÇ­Á'[׎ùu
endobj
-1029 0 obj <<
+1034 0 obj <<
/Type /Page
-/Contents 1030 0 R
-/Resources 1028 0 R
+/Contents 1035 0 R
+/Resources 1033 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1001 0 R
+/Parent 1006 0 R
>> endobj
-1031 0 obj <<
-/D [1029 0 R /XYZ 56.6929 794.5015 null]
+1036 0 obj <<
+/D [1034 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-422 0 obj <<
-/D [1029 0 R /XYZ 56.6929 769.5949 null]
+426 0 obj <<
+/D [1034 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1032 0 obj <<
-/D [1029 0 R /XYZ 56.6929 752.2115 null]
+1037 0 obj <<
+/D [1034 0 R /XYZ 56.6929 752.2115 null]
>> endobj
-426 0 obj <<
-/D [1029 0 R /XYZ 56.6929 622.2614 null]
+430 0 obj <<
+/D [1034 0 R /XYZ 56.6929 622.2614 null]
>> endobj
-1033 0 obj <<
-/D [1029 0 R /XYZ 56.6929 591.5303 null]
+1038 0 obj <<
+/D [1034 0 R /XYZ 56.6929 591.5303 null]
>> endobj
-1028 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F57 632 0 R /F43 608 0 R >>
+1033 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F57 636 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1036 0 obj <<
+1041 0 obj <<
/Length 1083
/Filter /FlateDecode
>>
@@ -3610,27 +3627,27 @@ aè9ž5™udÐdMâ/‡§|šŒÆCàûЃC@<ûðÝÅåŸf$4ŸÓ—gçÿŽO†¾{8¹øxi†Ç£³Ñxty:¤ñN-áÀ
Üz]ü§†ùb7 ÷k˜BìøäiÒR'2}ÑòHnÃVgɯÁ-MxÌÕhÒ3¡{[2GßÉt‡ƒ˜êó$ØL§…›Š£;p{'XW›‹@•®—@ ·þYÞV&Ý»o+Ö‹*™Ð[ÖW#tqO–{}VkÁ~uÁêlÓÒîMr“"í¡Hp~m‘€^]$8¿_‘€^Q$8{(Ê’_ntu¶¹W7Ž7”Æ}omýž*È=/c»}K½ù¾ü“B?Èp8íÛŶ=8¡ßU†ŠuËÛûSÓÿ[
•Tendstream
endobj
-1035 0 obj <<
+1040 0 obj <<
/Type /Page
-/Contents 1036 0 R
-/Resources 1034 0 R
+/Contents 1041 0 R
+/Resources 1039 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1038 0 R
+/Parent 1043 0 R
>> endobj
-1037 0 obj <<
-/D [1035 0 R /XYZ 85.0394 794.5015 null]
+1042 0 obj <<
+/D [1040 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-430 0 obj <<
-/D [1035 0 R /XYZ 85.0394 660.4512 null]
+434 0 obj <<
+/D [1040 0 R /XYZ 85.0394 660.4512 null]
>> endobj
-961 0 obj <<
-/D [1035 0 R /XYZ 85.0394 633.1083 null]
+966 0 obj <<
+/D [1040 0 R /XYZ 85.0394 633.1083 null]
>> endobj
-1034 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R >>
+1039 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1041 0 obj <<
+1046 0 obj <<
/Length 897
/Filter /FlateDecode
>>
@@ -3639,157 +3656,164 @@ xÚÕX]sÛ(}ׯУ½3°‚ÉSšu²élÓ]¯÷©Ûñ(6r˜Ê’ r·É_ddY±åÄq=mv2pî=÷.ùýC>e ,üH„
†™?H²8 8Gþ`ü¡Ã †]+!蜽¿:¿¼ø§ÚÂÎàòýU`tÎ/ÿè¹ÞEÿôÝ»Ó~ NQçì÷Ó?½¾›b•Œ7—W¿¹ášBû½ó^¿wuÖë~¼õzƒÚ–¦½( ¥!Ÿ½lÍ~ëNý[û@$ö§^H ¤!!«‘ÔûÛû«ؘ]B[ý‡ˆ Ã-¤QÃœAÊîGT@F0Y:pßu—hæ`ÔWÙ,:Ù|z-µëŸ”VZU
½x¹®ç@
endobj
-1040 0 obj <<
+1045 0 obj <<
/Type /Page
-/Contents 1041 0 R
-/Resources 1039 0 R
+/Contents 1046 0 R
+/Resources 1044 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1038 0 R
+/Parent 1043 0 R
>> endobj
-1042 0 obj <<
-/D [1040 0 R /XYZ 56.6929 794.5015 null]
+1047 0 obj <<
+/D [1045 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1039 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R >>
+1044 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1045 0 obj <<
-/Length 3487
+1050 0 obj <<
+/Length 3486
/Filter /FlateDecode
>>
stream
-xÚ¥Ërã6òî¯ÐQ®Š8xòQ9M&ö¬³›Ivƹl’-R7©ˆ”§*ÿ¾ýIÑôÌd§\.6@èwÒ z‘úHÙÌ-’ÌE^i¿Xï/ÔâúÞ^h³
-ƒVãQßÜ^¼ºŽõ"‹²ØÄ‹Û͈V©4Õ‹Ûâç囼þñöêýåÊxµŒ£Ë•Õò››wß2&ãÏ›Þ]ß¼ýéýëËÄ-oo~xÇè÷W×Wï¯Þ½¹º\éÔk˜o„ ®oþuÅÐÛ÷¯¿ÿþõûË_o¿»¸ºíÏ2>¯VòûÅÏ¿ªEÇþîBE6Kýâ*ÒYfû çmäµ³»øpñïžà¨—¦ÎñÏÛ4ò©Ifè“9ú,Š­±ÄÀ¿¾Æ3¼ºvf¡u”yop¨Z¬\©Ø§4c pI)µü³©Kf‡.ïÊ}YwÜü¶üE)SW]ÕÔŒÉë‚ŸÚü¾ì¶ëeN»Ñ:‘–•þÓ¯t{™©åÓ¡l§ צûÄ-âØG±6éç°Üf6JT2aùÿ7+lOb£ì£Bçy
-h fœ“Zõ‡ZÅNÚæj£#k­_Ä>‰ŒÎ"÷yÛ•Ga¶ O Ê¡hØíyëü²-0àx¹Í[FæüZ¯›Ãj6Œé‰"ïrîÚ4ÇIŸ¨ Ò$m€AÕnǨ»Ðu·#õ@6öj›ì–ÿáx©ÓeóP¢ù©Û6Ç
-°z¨º},-7x
-F·mÙÊ„L
-#÷y!ІmiÏ­Csìæ,Ï[X)öKtå6v¼ D¾éhÒ°ÎkpW
-b›×÷eÁH²Gr4}ìî™Isž‰bÝ<UõýÜžPÑŒç-TŸöw¤r&†e7½l±7 €( @¤°ðE±ã”3±­s¤(4¶æoX³¤‘«à,w—¯æÄÚ"GŒÕË|ÚcƒŠXÑ8ì–F‘*»|  B)X—ÄOEî¿<}¤€$†­]+ãîdXz?ÃÀǪÛÂýü<Fƒ¥~¸y˽¿•O¸-“eË› £rƒ&·+EçÜ`‹*"iEYsï\O¼öHФ0s{ïÞp"Ĉċº!¦ßÀ°\ÉÇHÂ’Iy
-Õñr~ |Œg“ÅžŠ¹à›pkzºcLïÑÏñë-$Ò<ù1Ã:Ñæ4´` R¢©:Љk
-r€,ÿÈ÷‡]‰ª’¥$@@†à„`P‚4“D l6
- fˆås{ìcÃÀ®ì:¶Ëi•9I`"@¨,Xà‚£=}ß´úW ä^'“Ü Ôbª¨±àåŸ ôì[nÜ•[Ö&€A•0±˜E6»'ÆVþ>5'§Ž(íþÉKMH²L‘L. VõjÎîw’ð•øÆ®h­—Q0îÙtœEaj>Ê÷c)m“¿C4Ly1ß׉œWÙ'ò}º¥²˜|wºûœlßÇc²Á©
-ö'÷eðjÈaBIíHゼ99@`.Bpðóóe¦i;\é¡BA˜
-é ^‹ñäpk²ƒl½ÚŒ|Q"˜ŸÍmµ~ _¨°@ ‘óçL™“Þ Âå›ÞÄõ¢Kú¼@Æ…þ^Ú\WQñ¬øûŸ…p=º~\•®ÍT¨7”¸g£Òó=ªàt’‹ €8†Ð4Ál{òBÖ!O‹œ k-™R£99Ëuñô ŒÞ 5¢•À8Þ,¢(Dú>D&oe 7ɦ°Í5'ë9¬»–z0ܶùµÍîÄ·BãYùß﫺4/_4á&¶Q(ª““j}âŒ/„/È+â¸ÉE{ǸêÔ¡êL œM×ûR4ÜÉ<i""]Õ©DH¼Â4­æoΟñzàëRú
-.ÞÑÄ&éP:‰ÁÅÄö\³XØV+N+ ,˜ÿ:Üœëp#N} zãWü°†ºœÒŠaœ‚¬“óWz¡Ä‰”Sh|Dêi‡¯?½J yè
-*°GðY ‰™å<Æ'Ïø~q&£F[ÿº96Sendstream
+xÚ¥ËrÛFò®¯à‘ª
+áyâQ99ŽäUvãdmå²IŠØ
+°z¨º},-7x
+ÚάÖ&Q¦T,t»ªídÁ‡r]¡»a—€n¥0èLX÷Àw:Àwßð6°¥—7?36/
+F·mÙÊ€ 
+
+3·Vðî±'B‚H¼¨bú…
+‘0XaU¯…GÕñ€fƒâš‘$œOYì°.„qE§7DäPí«“ŒÈùSh+¶Ìò°\jò/ÐO;ï0z¬ŠnÍ-å]ƒÏ:%î!v
+9Ç`™"’°+}gK]³áLB9d)±²!ñØW÷[Yœ.»|M1# Q& »FRð‹-ã«š“É "˜ Âk.`Á3;Ð1f|I¿…W“]@š‘B&x®/nÃd&l\ç³Z%g“~–©“M–ÿ>‘:ı¼Ïc}lØ•]Ç6b9a@R“!„Ê‚¥mbÈ’~lZú«2F¯“IÖŠQ•ÓXðïOtö-7îÊ-'9
+Ó0äÅL_'>r^eŸÉôè–ÊbvïÝéîKò|cÓdCpè¿.˜t"†½?öIf ¤ ”J¯ËCÇ„’#?ùŽ">À55i ÑÏFýwPlõèKÁË:Ž1–Í!ê·PU6/ÎGHå–˜aõi±Œ‹¸¤øÀ²d+S Ö= uÓ˨ƒðÂôwò£È‚ÖaÂ:
+Ê(†(
+
+÷ã²i“‡„ï>Ÿÿ‡`Âæˆ)Ìs|ânÌ‘^(KÒb+NŸ¦<KÊN7tIØxRkâ
+)èsIø-—f0å‰n߬dJT^}Uìη4I:9Oç;çúÈXªâýéHJÕ’_Ð’KB¿\ÄÂŒíé€Õ[ËHÎ\}ð
+ˆyéàM ¹hYG‹Æc.ŽŸµè¦f´Ì{•ârb|àÎ
+d#¶üÇŠ…ía$Û»SQΞ¾D[Ï
+mÝs×…CÑ-Ñ3‹Erµ}¨¹£¸ ²uÁGyØŠœ)tïËœ @(1ãóþ™ü¤
+Èn ¹)Ç>(ëý%€T¥ª$g©*¤ƒx!ƃÃ}ž]–RÞÔû¢~G0>›[jü¾JáFΟ3eNz#€Ú–ïx×]ÒçBúûÓ把ÊfÅ78Øÿ,„ëÑÅãʨlta vJܳQéùUpºÉ•@Ch˜`¶={aó§Eö„U– ©ÑÜ9ËEñt“Ÿ
+ŒÞ Õ¡•À8^,¢(Dú>D&o…†›dSØæj“õæ]K%îÙ|È€Úfwâû ñ¨|Nî÷Õ]—€—/Œp “Ø(”  ‚¤$ü®ZŸ8ã á òŠH7¹bïãUàæ©êDtùq6]¥¨ ·qwšÃ‘®Bƒ#$^^ š‚ÆVó7çÏáX=ðE©F}€âçø÷œÚžÕûë7:Óéì:†ˆKäP €ù<1€G†ß©0–]Bl!Nªª–‘RªO«ÍPMr8Ö*‚zñÉj3?ò¹‘*W-¼¸PŠå0mÒWLtxRJMUë|ÇX‘39ã`)À$;î,¨?uÛŸº,^Ös&áþµEª
+ÔÜZO̶.^/pÆׂ\’Ôžóäò. š©tÀuze–ÛjNȹ3wx«x8`†…HTüþçT’é’s"bHAøHW™†¥+?—¹º!\ ,Qĺ˜e\2ÐIzäúû¤X)z T3#ÅQœféIÁ‚gH’ç:‚Ü«ñ3ŸO&;9ˆçLK0‰LôDírèžäç „6³ç¦‹ŒN¾hÅ&Š“ÌŽ.ï-IÃ^–„‡*¸xE›¤Mé$ÛsÍâöZqZ d!WÀáÎ\‡»pꃣÇcü†ß¶À
endobj
-1044 0 obj <<
+1049 0 obj <<
/Type /Page
-/Contents 1045 0 R
-/Resources 1043 0 R
+/Contents 1050 0 R
+/Resources 1048 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1038 0 R
+/Parent 1043 0 R
>> endobj
-1046 0 obj <<
-/D [1044 0 R /XYZ 85.0394 794.5015 null]
+1051 0 obj <<
+/D [1049 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-434 0 obj <<
-/D [1044 0 R /XYZ 85.0394 732.4917 null]
+438 0 obj <<
+/D [1049 0 R /XYZ 85.0394 732.4917 null]
>> endobj
-1047 0 obj <<
-/D [1044 0 R /XYZ 85.0394 702.3779 null]
+1052 0 obj <<
+/D [1049 0 R /XYZ 85.0394 702.3779 null]
>> endobj
-438 0 obj <<
-/D [1044 0 R /XYZ 85.0394 702.3779 null]
+442 0 obj <<
+/D [1049 0 R /XYZ 85.0394 702.3779 null]
>> endobj
-1048 0 obj <<
-/D [1044 0 R /XYZ 85.0394 677.9665 null]
+1053 0 obj <<
+/D [1049 0 R /XYZ 85.0394 677.9665 null]
>> endobj
-1049 0 obj <<
-/D [1044 0 R /XYZ 85.0394 677.9665 null]
+1054 0 obj <<
+/D [1049 0 R /XYZ 85.0394 677.9665 null]
>> endobj
-1050 0 obj <<
-/D [1044 0 R /XYZ 85.0394 666.0113 null]
+1055 0 obj <<
+/D [1049 0 R /XYZ 85.0394 666.0113 null]
>> endobj
-1043 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F42 605 0 R /F43 608 0 R >>
+1048 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1053 0 obj <<
-/Length 3284
+1058 0 obj <<
+/Length 3286
/Filter /FlateDecode
>>
stream
-xÚ­ZÝsã6Ï_á·:3k•_ÉéSº›Ý¦ÓuzI:÷ÑöA±åX­,¹–¼izsÿû)K–bï];›$H‚$ðšOüã“8‰+ìD[ŌǓÅæ‚Mž íÃ÷<³À4ër}ýpñåû„Old‘LV±LČᓇåÓ$Ñ%ŒÀ¦ooçïo>üpwu©Õôáæv~91›¾¿ùwW?^Ý]θ‰ùôí7Wß?\ßQSâÇøúfþŽj,}^ôîúýõÝõüíõåÏß^\?´ké®—3‰ ùíâÇŸÙd Ëþö‚EÒšxò qkÅds¡bÅJÊPS\Ü_ü­°Ó꺎íŸ2JD,'3Ø!¹~}Zš‚Á´žÔ<Ò’M:3° ÎàD œXÓžH¬;'bEdžèØF‰ÒÈ:/Ü•/ß+ÙaÕ:’N–9¦‡uv9“‰˜æeÞäi>­³†j«}w—ÜL«Ê×–é&«³Ý§lWûεï·ÍùOŒ‰lI û:/ŸˆLéó“ÊIæ:üQ•ÖD((ˆ4ã<²q,œl_g%œ²5Ó¥D‚fõt“îššèýö ÈÙ4o|EÕG}kÀÊ8*ú¢àå’èt¬®{6&iKè‰C ñä6Ñx ØTµ¯rãf‹¬ôå"-nÇMwf,uv D 5½ñ|eEßpÚÑÈ,q‡AzA‡$„ì6¬ª‹"­k"oæoˆ›¶jÚ­"ì.4§¾gµÙæE¶œå%U,³Uº/šÐµÛ5\ª°¢·Éaw4’N V¬d2}‹ÒÑ©‚b‚\;âi.ùt–T¸™Sû:ý”UVô}ÜçECòÙV¾zL.?é ( 6Ä­žt-ñOÙ¶´2’€Ÿ`å
-̺Ùû‘QC;/W»´nv—`Ø‹fOÖ3vt¨íˆE€†Å,‹žÐŸÄ <·ßPýüú]ˆ/ÝÞ}
-$(
-ª~ôÜ ‰™6 ä0¤hI<žÎÿñîöãÕÍ<Âbâ–Uæ©ÒÙ&év‹Ç„|4y4Дn³ß#BÌÃh÷ßÜþðÝ»± šß>/w‚ÃgÉ8AÁÍß"KWD¹3ŽH?{Z}4îy…†ÐÀÆRx…^ãŽÄp¼ˆøÍV¸« Ï˸Õø%åðÌ}]ˆ%›®Ï6Ôî €ÜÆ,ÌØ;‰çÔ±,¸¿Š:ƒþsq€C$s.4Â>šé£Ðèÿëá–GFC°2:JâXuCªAh%´‰”Á­‹ Ħ¢ )1›Æ1‹¬Jd›
-øƒˆ“1FždD@Dq›ClÄ-iÜ5Ñ艉ڤ/DT[T²´(|ùÑ3¬ª¢¨žQ-\­oMéã|­³æ|ùq‘y˜-‰ŽóFÍ‚ÓZƒ§cÁ½vƒc.˜ËÈ(Õu8G?!tªl²]™—JGF0}¿!ÅW€±ÊŠ¸¯ùÐâëz¿É–Åp4bÖ¶/ª·³†*(dAxX{Ðø”Ö¾m“þ@J•GEZ{Ôp8Ím{Ì#K’ÅakÖYWË‘K1+­gó''!>ËýõeI¤ VºÇG|¬ÀØ'G_éØ[ÁÒÇ›‡/üßSÃ/n7°â
-v¡LÑÓ+ºiúWF
-¡T
-ðë´ãAÁž"k­êƒgO4ÔÑôý¶z—Wûšêë—ºÉ65µ,Ó&}ÄFïÊà>°_¬}wÏÒ쨕MŸhûm`ßîrT-?rJ±8ŒRÑ·*]$ÈÉ0±æ×ìå™ðuyʲ}s?f*Rhאָô©_ʪ|Ù©é©Ò,ôïiÔUÂSé t¢Ún\Ð-n6øÂøöì ZÒÕj¿»šS¿-mSS-ª‚šÏN#•ÄJÖ
- zV8Ü@ÿ˜…­u‹3 Im’®yßÞƒõd6&IÀIt„qØ¥v¿LèÖar=È
-@ ÎyL÷óaÄ3ͺ\¯{š–ËEUù38ÿ|õr<9¸å
-Ðñäì-×Èô=ÍãBô§¿Ï²#\\fõb—o½! ·×êˆ ÎêxG3#`H£‚Í”Çë&ŽÞwº  ÆÝÓ„ˆ»®kügV<—–¼8,õLR‹$cThqæà[®3‚ GCA¢W•M—PÉeëpP¶Àu8§ßöÙnD×DĤ²§'o¹Ffïëè‡`ª7ý_©lí"Žu 
-ÙFcº&#–À tpR×<ÿ™Çý|]S6ÒŠ‹Ó[ßrd8Úi]äfVŸÓµ× ] \‡cjvpùYe»º èÌãÓó·\#ôÔ ±>9–à¯T·î:Ž&O`õÚÊW5"—HÇÊö–zBãZþ3‹Žûù—èHIíäî·\çŒvRã„.ÍâÓ×åz]ãZ®ÃIí·±dCxƒCe‰:={Ë52}_ß8æÃtþû6ÞÁ8™éó:wá,ÓÓuU7¾6ÄÒT7>dr© ¨¬÷cýî.ù‚ÞÍï©–YS-ÅeP»+MæiŸô€¨7 ¸TÁ¥Ûqœö™×Î*dQ–YéïE‡)ãnÊÂE¿.“„‘.®òõƒÇ»1òÌÁw¸N|àÂh³mUä‹Çx¨c{zú–kdþþÉ+0:-ûôOþpÀ—Š{LÙyüãÜ·§åœàÈEe¿ÎùÔ_mÃŽWÂV§º’žÂ“ÀfiÃqGñ¢g5ÉšHžÞã–ëœ ƒÑNã ³èyÏ©U‡ë„Z®c<™‘=§»%¾N+Ät†1yZ–kD’ž‚éN¡»¬¡‚%²… ´
-þ÷ß—³„aþ«Ì¾"ò?cQ¢Œ´5¡Ï>ì)
-”»÷ºl>V–^lïa\k?[+´ ?$­D/]ë^6…ÒmêÝøÔ»žn³¦O(£Åìô៬ˆ'+ÓÇÂóµS+ÝÝXù 1»;w¸„õ÷ÉâÕCˆ^X3ªÜ“™ç•ý|ˆßÚ´| ;ûÕÙ­u¯)œôwõBo»“oÅžÞ]Xx™C²YSFáHtŽ8 …ùߎX#v„å¶YÊÞ¸"J¥ûÃv–76*l gI'ýƒrïë=es±°¨ö˜”òY˜å~á•CÂ=]KˆÇ{ÊÑäŸ2—Í#ËËEæŸ(×Yç©3«·UYçyAYJ+½Ï†V# 2],²Ú?„.
-%Œ{D .Ðu¢Çž¶»ÅWŽMJÉ. ¢Iî*xáë˜ÿJeX
-Ò´ Bárc3(F h8ý¿ô?Þendstream
+xÚ­ZÝsÛ6÷_¡·Ê3‹/ÀäÉMœÔÆîÙÎÜGÛZ¢,¶©ŠT\÷æþ÷ÛÅ)ÒRîÚ‰3\
+µbA5hQøÍJÔ-8ÝyæVñîg£7¥£À¬›5¹ór¹Mëf{†=ovd=cG‡ÚŽX$hX̲è ýI Êsûñ‚êo®Ð…øÒíÝ`ä•.Ë"Ò²~v t³J¢ÌIÞZoþÙá´<çͪÚj9Zˆ‚­ø}SäsOPrß|µ¾²»'®ÑÉHw0Ë6o^¨XgóÀ¬@‚¢ êGÏݘiBŽ
+°fú 4úÿzA¸å‘Ѭ̄Ž’8VÝjZ m"epëb±©èDBJŒÄ¦qÌ"«ÙƦþ âdŒ‘'ÑP G\ÅfqK÷UM4zb¢Öé Õ•,-
+_~ô ˪(ªgT Wë[Sú8_묄9_~ØDdfE D¢ã¼ÑA³à´‡Ö ÁéX0G¯Ýà‡ æ22JDGÄDuŽÅÑO†*›l[fcÁ¥Ò‘Lïä¤ø
+0VY÷5ßZ|]ïÖÙ"¢΃FÌÚöyµõvÖP…,+ŸÓÚ·­Ó_HB©ò¨1Ok'à⢹mydÉ@²8lÍ*«ój1²`i#f¥õlþä$Äg¹ÿ¢¾,ˆtB#ÁŠãA÷¸öˆûäè+{‹#Xúxýð•òjøÅíV\Â.”)z:pE×M_
+íõõ‘>õKY•/ë•#] Uš…þ=º,Cxjb<8$0äùœÕfí‚~lq³Á÷í*­j°§
+aSªýþò†úmh›šj^Ô4ïxv©$V²¨Xç € Í\ìÌÕô_䜡ˆ˜iAØÛË3½ñÏÁ-÷ï PAÏÞ
+‡ûè³°µpË¿;
+!çŸ/_'ç
+-N|ËuBáh(Hôª²)à*9¡l®#ʸöçôÛ.ێ蚈˜Töøä-×Èì}]ýàLõ¦ÿ+•­]Ä¡®A@!ÛÈcL×dÄ8îŽêšç?±âá¸_®kÊFZqq|ë[®‚ G;®k€ÜÌêSºÖá:¢kkLÍ.?Ël;P7Á
+áƇL.u•õîqíb, ß½À… Ÿû›{ª¥EÖTKqÔ®áJ“yÚ'= @LÂ….Upé6F¦=Bæµs
+Y”EVú{Ñ~ʸ›²pѯË$a¤‹«|ýàñîcŒ<qð®#¸p$ÚlSù|ıêØŸ¾å™¿ò
+ŒN˾
+‹§¾uOàBXç®@#—»‚ÊùصÖÄÝ,Ü«É:d¬m7Á #¦s*¢ýÏ?,jhFÿ4ë†:÷› $Ü‹
+J™ÎW9Å ®sêÛ½;ªó6ê§É‹$Ž”n‘ºÜÀi¦oÅ×ïÿ9þÃ¥ Ø¿+LŸÜ;Š Ï.Ư)z«FŠjp1 _³ÛÐ×ýGº QwÏ?Ö¡7sðS(aÜ#Zp®=ö´Ý-¾r¬SJvaMr÷P‰À _ÏÀütðP*àjSàK R©ûñˆT®bTÎ9«ƒßþ óCå Ü âdŸ4éYÅ¡Y£1·~C£§—^¼jÛåaš"Éž,àØè'
+c¿ß“ rÔÖà¿×Œ?ýÛ¾ý•¦+õxRÞ e
+—›!@10j@áèÿ¥•«endstream
endobj
-1052 0 obj <<
+1057 0 obj <<
/Type /Page
-/Contents 1053 0 R
-/Resources 1051 0 R
+/Contents 1058 0 R
+/Resources 1056 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1038 0 R
-/Annots [ 1057 0 R 1058 0 R 1059 0 R 1060 0 R 1061 0 R ]
+/Parent 1043 0 R
+/Annots [ 1062 0 R 1063 0 R 1064 0 R 1065 0 R 1066 0 R ]
>> endobj
-1057 0 obj <<
+1062 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [284.2769 367.346 352.9489 379.4056]
/Subtype /Link
/A << /S /GoTo /D (access_control) >>
>> endobj
-1058 0 obj <<
+1063 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [282.0654 337.3189 350.7374 349.3786]
/Subtype /Link
/A << /S /GoTo /D (access_control) >>
>> endobj
-1059 0 obj <<
+1064 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [299.7586 307.2919 368.4306 319.3515]
/Subtype /Link
/A << /S /GoTo /D (access_control) >>
>> endobj
-1060 0 obj <<
+1065 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [330.7921 235.2826 399.4641 247.3423]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-1061 0 obj <<
+1066 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [369.8158 115.4527 418.5625 127.5123]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_security) >>
>> endobj
-1054 0 obj <<
-/D [1052 0 R /XYZ 56.6929 794.5015 null]
+1059 0 obj <<
+/D [1057 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-442 0 obj <<
-/D [1052 0 R /XYZ 56.6929 569.0182 null]
+446 0 obj <<
+/D [1057 0 R /XYZ 56.6929 569.0182 null]
>> endobj
-1055 0 obj <<
-/D [1052 0 R /XYZ 56.6929 543.6932 null]
+1060 0 obj <<
+/D [1057 0 R /XYZ 56.6929 543.6932 null]
>> endobj
-446 0 obj <<
-/D [1052 0 R /XYZ 56.6929 423.5151 null]
+450 0 obj <<
+/D [1057 0 R /XYZ 56.6929 423.5151 null]
>> endobj
-1056 0 obj <<
-/D [1052 0 R /XYZ 56.6929 398.6084 null]
+1061 0 obj <<
+/D [1057 0 R /XYZ 56.6929 398.6084 null]
>> endobj
-1051 0 obj <<
-/Font << /F61 642 0 R /F57 632 0 R /F43 608 0 R /F42 605 0 R /F58 635 0 R >>
+1056 0 obj <<
+/Font << /F61 646 0 R /F57 636 0 R /F43 612 0 R /F42 609 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1065 0 obj <<
+1070 0 obj <<
/Length 3259
/Filter /FlateDecode
>>
@@ -3807,64 +3831,64 @@ xÚµZÝoã6Ï_aôå fEJ¤ÈÇí6ÛKqÝíeSÜm[NÔÈ’kÉ›¦ýÍpHZ_–Ûk‹ 0EŽ8úÍpf$¾ˆà/´dQl’Ej
!ÏÊÌK¨&Dé£óy| ]YþšÆÌœFCÆLEZÌ ž v2ºÚÌ¢ÐÑ_P¼ïïGa‚ïÄ!JÎ>‡@uAñnó(„ã0Æãp…ªzªó‘£>¶#ê„%JªyQÕ„,}ÈØÔ]aþ&vU}ð
~a‚ÀmßÔÍéUÝçôMéËS±~¢ÙuV…wuöwsÜíó !>åLGÑ ÕÕm^M¼IY¢•Õ}z2ÆÑðsTH¸e¸c“#a5l˔ӜZÍìܗ̱døùñÄ3‡‡ø?ý•óéð?÷ÔâLÔÓ¤^(ÔUš¡äásè±èÿt&˜endstream
endobj
-1064 0 obj <<
+1069 0 obj <<
/Type /Page
-/Contents 1065 0 R
-/Resources 1063 0 R
+/Contents 1070 0 R
+/Resources 1068 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1038 0 R
-/Annots [ 1067 0 R 1068 0 R 1069 0 R 1070 0 R 1071 0 R 1072 0 R ]
+/Parent 1043 0 R
+/Annots [ 1072 0 R 1073 0 R 1074 0 R 1075 0 R 1076 0 R 1077 0 R ]
>> endobj
-1067 0 obj <<
+1072 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [259.4835 532.6298 328.1555 544.6894]
/Subtype /Link
/A << /S /GoTo /D (boolean_options) >>
>> endobj
-1068 0 obj <<
+1073 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [387.5019 279.1398 456.1739 291.1994]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1069 0 obj <<
+1074 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [381.9629 248.8466 450.6349 260.9062]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1070 0 obj <<
+1075 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [398.5803 218.5535 467.2523 230.6131]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1071 0 obj <<
+1076 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [393.0412 188.2603 461.7132 200.3199]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1072 0 obj <<
+1077 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [255.0796 157.9671 323.7516 170.0268]
/Subtype /Link
/A << /S /GoTo /D (boolean_options) >>
>> endobj
-1066 0 obj <<
-/D [1064 0 R /XYZ 85.0394 794.5015 null]
+1071 0 obj <<
+/D [1069 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1063 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F58 635 0 R /F57 632 0 R >>
+1068 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F58 639 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1075 0 obj <<
+1080 0 obj <<
/Length 2903
/Filter /FlateDecode
>>
@@ -3879,76 +3903,76 @@ d‹¸ª·PÆàÃXô¿cî¹µ'ꀎ#ÁšŠû´8ëFô²"àÁÊyú9Aœ—D§è
ZøCVMj@?~%LuN¼Û˜s|0š~^¦O‘ñu§öLÌo?zÁ?\y’ïÛùüö÷<xw l¸KDÿÔÕu1v–êö÷Ÿ:ï›ßtKHVcAD
¡®nÿ‰—¶â
endobj
-1074 0 obj <<
+1079 0 obj <<
/Type /Page
-/Contents 1075 0 R
-/Resources 1073 0 R
+/Contents 1080 0 R
+/Resources 1078 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1038 0 R
-/Annots [ 1077 0 R 1078 0 R 1079 0 R 1080 0 R 1081 0 R 1082 0 R ]
+/Parent 1043 0 R
+/Annots [ 1082 0 R 1083 0 R 1084 0 R 1085 0 R 1086 0 R 1087 0 R ]
>> endobj
-1077 0 obj <<
+1082 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [352.879 737.8938 426.5323 749.9535]
/Subtype /Link
/A << /S /GoTo /D (tuning) >>
>> endobj
-1078 0 obj <<
+1083 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [307.1508 708.0059 375.8228 720.0656]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1079 0 obj <<
+1084 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [334.8268 678.118 403.4988 690.1776]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1080 0 obj <<
+1085 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [292.0276 648.2301 360.6996 660.2897]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1081 0 obj <<
+1086 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [319.7036 618.3422 388.3756 630.4018]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1082 0 obj <<
+1087 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [460.1655 588.4542 533.2211 600.5139]
/Subtype /Link
/A << /S /GoTo /D (tuning) >>
>> endobj
-1076 0 obj <<
-/D [1074 0 R /XYZ 56.6929 794.5015 null]
+1081 0 obj <<
+/D [1079 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-450 0 obj <<
-/D [1074 0 R /XYZ 56.6929 574.2651 null]
+454 0 obj <<
+/D [1079 0 R /XYZ 56.6929 574.2651 null]
>> endobj
-784 0 obj <<
-/D [1074 0 R /XYZ 56.6929 549.4832 null]
+789 0 obj <<
+/D [1079 0 R /XYZ 56.6929 549.4832 null]
>> endobj
-1083 0 obj <<
-/D [1074 0 R /XYZ 56.6929 251.7198 null]
+1088 0 obj <<
+/D [1079 0 R /XYZ 56.6929 251.7198 null]
>> endobj
-1084 0 obj <<
-/D [1074 0 R /XYZ 56.6929 239.7646 null]
+1089 0 obj <<
+/D [1079 0 R /XYZ 56.6929 239.7646 null]
>> endobj
-1073 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F57 632 0 R >>
+1078 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1087 0 obj <<
+1092 0 obj <<
/Length 3064
/Filter /FlateDecode
>>
@@ -3966,67 +3990,67 @@ G}7=ûö&fƒ”¤1ÓÇ`­„Ð$aƒéâ×áå÷ÓëñùˆGt“óQÓáw·wWHIñqywsûá—ñŹ’Ãéíý’Ç×7×ãë»Ëëó
vÇÑ+Uò¼ÞàEí7 ^w“‹‘Jº¢`©Ûçªþc[ÈýŸl>7Õœ­ØŽ ,àä{Qà6Ne_LJÌiêÄeBRœla¨7'ÀMõ6„¿ôÚF#pŒ»¿9.Á€·/;.¤vDñ$QÂ!žú]ôŠ÷Ïþ
|ûKx©
endobj
-1086 0 obj <<
+1091 0 obj <<
/Type /Page
-/Contents 1087 0 R
-/Resources 1085 0 R
+/Contents 1092 0 R
+/Resources 1090 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1097 0 R
-/Annots [ 1091 0 R 1092 0 R ]
+/Parent 1102 0 R
+/Annots [ 1096 0 R 1097 0 R ]
>> endobj
-1091 0 obj <<
+1096 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [296.3342 570.0778 369.9875 582.1375]
/Subtype /Link
/A << /S /GoTo /D (the_sortlist_statement) >>
>> endobj
-1092 0 obj <<
+1097 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [389.843 570.0778 463.4963 582.1375]
/Subtype /Link
/A << /S /GoTo /D (rrset_ordering) >>
>> endobj
-1088 0 obj <<
-/D [1086 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-454 0 obj <<
-/D [1086 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1089 0 obj <<
-/D [1086 0 R /XYZ 85.0394 748.2826 null]
+1093 0 obj <<
+/D [1091 0 R /XYZ 85.0394 794.5015 null]
>> endobj
458 0 obj <<
-/D [1086 0 R /XYZ 85.0394 748.2826 null]
+/D [1091 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-651 0 obj <<
-/D [1086 0 R /XYZ 85.0394 718.4268 null]
+1094 0 obj <<
+/D [1091 0 R /XYZ 85.0394 748.2826 null]
>> endobj
462 0 obj <<
-/D [1086 0 R /XYZ 85.0394 661.7689 null]
->> endobj
-1090 0 obj <<
-/D [1086 0 R /XYZ 85.0394 639.4577 null]
+/D [1091 0 R /XYZ 85.0394 748.2826 null]
>> endobj
-1093 0 obj <<
-/D [1086 0 R /XYZ 85.0394 553.1414 null]
+655 0 obj <<
+/D [1091 0 R /XYZ 85.0394 718.4268 null]
>> endobj
-1094 0 obj <<
-/D [1086 0 R /XYZ 85.0394 541.1862 null]
+466 0 obj <<
+/D [1091 0 R /XYZ 85.0394 661.7689 null]
>> endobj
1095 0 obj <<
-/D [1086 0 R /XYZ 85.0394 337.1513 null]
+/D [1091 0 R /XYZ 85.0394 639.4577 null]
>> endobj
-1096 0 obj <<
-/D [1086 0 R /XYZ 85.0394 325.1962 null]
+1098 0 obj <<
+/D [1091 0 R /XYZ 85.0394 553.1414 null]
>> endobj
-1085 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R >>
-/ProcSet [ /PDF /Text ]
+1099 0 obj <<
+/D [1091 0 R /XYZ 85.0394 541.1862 null]
>> endobj
1100 0 obj <<
-/Length 3262
+/D [1091 0 R /XYZ 85.0394 337.1513 null]
+>> endobj
+1101 0 obj <<
+/D [1091 0 R /XYZ 85.0394 325.1962 null]
+>> endobj
+1090 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R >>
+/ProcSet [ /PDF /Text ]
+>> endobj
+1105 0 obj <<
+/Length 3263
/Filter /FlateDecode
>>
stream
@@ -4037,46 +4061,48 @@ xÚåksÛÆñ»~¿œ±{×~R)QšÈ.Å6ž&ù
#=ºW…!‰JçÐw‚SfÔbuou³
ãf9jiìßH«É.! ¯\ox]Ã"
Èo]¬Ž/ŠtÂ0
-CU‘fº—ÐÆK#`1˵ԀjTÔ+žÇ ú~ºÌ‚…¤a
-ƒ÷ˬ¢kŠüz‰.çÍtÏZô˜e u"¸RÄŒûlçÝÆ™ÖÁä . H®”±'ܪ,fZ'[÷^Mñ¡Xà“'•!™ªc7ݳþt)­µ¦WM‘ÒòÔÄZ0u¼4ÉM'F¦ëÒ¤kÃ'‚KÆZp÷ñ¡Å§/4Wå¸l1@—é:¨,ÂÙUö >[zt|Å=R¢ÍÃrê`SÇ‹°S<gpláÏœf³—}–ñÆ+báÒ:b1§w8F´¨×‰³%áØN²fB½&¤Ñr.Ë›Õ~ýÄ/õá‹]‡Z’KÿÈ>ƒ³¡ˆÑ›Awš üzˆ±°¯Àá /öü,Â
-ZDxZþ^„c¤*jj½¢¦¤¨ÐüNèÖ«c¨ãSÞI‰U‘}û¶Ø?תÊÖ±AN#¡]݇ì3ÅÂ] ¸ CBfÐ,‹¦¥kæz`í}D¨ñ“'õÒ©ôGþ³S+Zá”÷‘ãÞ àÄ‹ß…øØ]–ïµi€I
->Õûµ5>»8ðB}E/<¶½8ëŒÂ>ö©þú¿+@Ö)ÓCO5|Ø Rî?+ˆÌ9‹…4bêÿa,kTendstream
+CU‘fº—ÐÆK#`1˵ԀjTÔ+žÇ ú~ºÌ‚…¤a
+ºÓ\Pôà×Cd…õwny±çgh (AQœnF”pDl´®å*ïÄpjOŸGÏÎÐÀxiŽsÊ0 }4"0«UráB8üÁ;i˜.š”÷ã
+=PTm:Õ{ ØL‹Œ˜÷ÀN~H2
+Œ4èÔ=<ÈkºÒöoKe<Ÿ;J¸OÖO ²¶tÏzàÕ¨°GÐ „æo Ü`­ÿæ7ϪÆo…”È X/Ñ®(Æ£ÑÒŸ=
+u<+'ž <š×h—î(‘{ti•?!j@“är`Ä7ëYeAt|'ã¨ÃĪõYFÔ
+ l—ðH
endobj
-1099 0 obj <<
+1104 0 obj <<
/Type /Page
-/Contents 1100 0 R
-/Resources 1098 0 R
+/Contents 1105 0 R
+/Resources 1103 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1097 0 R
-/Annots [ 1104 0 R ]
+/Parent 1102 0 R
+/Annots [ 1109 0 R ]
>> endobj
-1104 0 obj <<
+1109 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [370.4473 443.4181 429.4355 457.3658]
/Subtype /Link
/A << /S /GoTo /D (classes_of_resource_records) >>
>> endobj
-1101 0 obj <<
-/D [1099 0 R /XYZ 56.6929 794.5015 null]
+1106 0 obj <<
+/D [1104 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1102 0 obj <<
-/D [1099 0 R /XYZ 56.6929 480.6783 null]
+1107 0 obj <<
+/D [1104 0 R /XYZ 56.6929 480.6783 null]
>> endobj
-1103 0 obj <<
-/D [1099 0 R /XYZ 56.6929 468.7232 null]
+1108 0 obj <<
+/D [1104 0 R /XYZ 56.6929 468.7232 null]
>> endobj
-1105 0 obj <<
-/D [1099 0 R /XYZ 56.6929 396.1951 null]
+1110 0 obj <<
+/D [1104 0 R /XYZ 56.6929 396.1951 null]
>> endobj
-1106 0 obj <<
-/D [1099 0 R /XYZ 56.6929 384.24 null]
+1111 0 obj <<
+/D [1104 0 R /XYZ 56.6929 384.24 null]
>> endobj
-1098 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F56 626 0 R >>
+1103 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F56 630 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1110 0 obj <<
+1115 0 obj <<
/Length 2902
/Filter /FlateDecode
>>
@@ -4093,45 +4119,45 @@ tkÒ0z>v( ¡6Qä­ªîy5¸!Ïñ•;oJOû[+!µJ½ãÓ1òT‘h%‘äá§|{æ¢z@.JW|Êìí+ËpÀ@-a(
v35—ËÙãAŽKúØ_.Ør¸E6…ëQÓ`0&æÛFOâp-ùrvÔß»þ›4‰f4Ü
}JoPä+ û°d:<퀊§çàÈ%%Óh»]Ô®Öí­Ÿ€—a·۵{þÒgðnéNó'~ ¡ U3òsš`òbŽö¥?ÞÙý€É@^‘$'.™CBÁLÙpytu~åsÌúÎh¸endstream
endobj
-1109 0 obj <<
+1114 0 obj <<
/Type /Page
-/Contents 1110 0 R
-/Resources 1108 0 R
+/Contents 1115 0 R
+/Resources 1113 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1097 0 R
+/Parent 1102 0 R
>> endobj
-1111 0 obj <<
-/D [1109 0 R /XYZ 85.0394 794.5015 null]
+1116 0 obj <<
+/D [1114 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-466 0 obj <<
-/D [1109 0 R /XYZ 85.0394 699.7944 null]
+470 0 obj <<
+/D [1114 0 R /XYZ 85.0394 699.7944 null]
>> endobj
-1112 0 obj <<
-/D [1109 0 R /XYZ 85.0394 675.0921 null]
+1117 0 obj <<
+/D [1114 0 R /XYZ 85.0394 675.0921 null]
>> endobj
-1113 0 obj <<
-/D [1109 0 R /XYZ 85.0394 489.5479 null]
+1118 0 obj <<
+/D [1114 0 R /XYZ 85.0394 489.5479 null]
>> endobj
-1114 0 obj <<
-/D [1109 0 R /XYZ 85.0394 477.5928 null]
+1119 0 obj <<
+/D [1114 0 R /XYZ 85.0394 477.5928 null]
>> endobj
-1115 0 obj <<
-/D [1109 0 R /XYZ 85.0394 309.4234 null]
+1120 0 obj <<
+/D [1114 0 R /XYZ 85.0394 309.4234 null]
>> endobj
-1116 0 obj <<
-/D [1109 0 R /XYZ 85.0394 297.4682 null]
+1121 0 obj <<
+/D [1114 0 R /XYZ 85.0394 297.4682 null]
>> endobj
-470 0 obj <<
-/D [1109 0 R /XYZ 85.0394 197.3098 null]
+474 0 obj <<
+/D [1114 0 R /XYZ 85.0394 197.3098 null]
>> endobj
-1117 0 obj <<
-/D [1109 0 R /XYZ 85.0394 172.8568 null]
+1122 0 obj <<
+/D [1114 0 R /XYZ 85.0394 172.8568 null]
>> endobj
-1108 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F57 632 0 R >>
+1113 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1120 0 obj <<
+1125 0 obj <<
/Length 2885
/Filter /FlateDecode
>>
@@ -4149,146 +4175,145 @@ xÚÍZÝsÛ6÷_¡‡>Ð3Šo‚}sS'çNcçÝLç’<ÐmqŽ"u"Çýëo]P”L;ÉÅfô
Ȇs}Ûò÷€ì/w€‡\ö´D„dÒÄJà‚\
²ðB±àà‚øÊMÓ<ý\ÖKf0çsIæ{ª$–fúi¨*K3®_¹±?ñÉgÏúKÿâ´ÿ›—N™rNŽã@Öó¼ÔÓþ€ÿ ETƒ¥ÿ½)ãendstream
endobj
-1119 0 obj <<
+1124 0 obj <<
/Type /Page
-/Contents 1120 0 R
-/Resources 1118 0 R
+/Contents 1125 0 R
+/Resources 1123 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1097 0 R
+/Parent 1102 0 R
>> endobj
-1121 0 obj <<
-/D [1119 0 R /XYZ 56.6929 794.5015 null]
+1126 0 obj <<
+/D [1124 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1122 0 obj <<
-/D [1119 0 R /XYZ 56.6929 679.1143 null]
+1127 0 obj <<
+/D [1124 0 R /XYZ 56.6929 679.1143 null]
>> endobj
-1123 0 obj <<
-/D [1119 0 R /XYZ 56.6929 667.1591 null]
+1128 0 obj <<
+/D [1124 0 R /XYZ 56.6929 667.1591 null]
>> endobj
-474 0 obj <<
-/D [1119 0 R /XYZ 56.6929 513.6923 null]
+478 0 obj <<
+/D [1124 0 R /XYZ 56.6929 513.6923 null]
>> endobj
-1124 0 obj <<
-/D [1119 0 R /XYZ 56.6929 486.3878 null]
+1129 0 obj <<
+/D [1124 0 R /XYZ 56.6929 486.3878 null]
>> endobj
-1125 0 obj <<
-/D [1119 0 R /XYZ 56.6929 444.9153 null]
+1130 0 obj <<
+/D [1124 0 R /XYZ 56.6929 444.9153 null]
>> endobj
-1126 0 obj <<
-/D [1119 0 R /XYZ 56.6929 432.9601 null]
+1131 0 obj <<
+/D [1124 0 R /XYZ 56.6929 432.9601 null]
>> endobj
-478 0 obj <<
-/D [1119 0 R /XYZ 56.6929 264.2455 null]
+482 0 obj <<
+/D [1124 0 R /XYZ 56.6929 264.2455 null]
>> endobj
-1127 0 obj <<
-/D [1119 0 R /XYZ 56.6929 234.2561 null]
+1132 0 obj <<
+/D [1124 0 R /XYZ 56.6929 234.2561 null]
>> endobj
-1128 0 obj <<
-/D [1119 0 R /XYZ 56.6929 144.9629 null]
+1133 0 obj <<
+/D [1124 0 R /XYZ 56.6929 144.9629 null]
>> endobj
-1129 0 obj <<
-/D [1119 0 R /XYZ 56.6929 133.0078 null]
+1134 0 obj <<
+/D [1124 0 R /XYZ 56.6929 133.0078 null]
>> endobj
-1118 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R /F42 605 0 R >>
+1123 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F42 609 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1132 0 obj <<
-/Length 2326
+1137 0 obj <<
+/Length 2328
/Filter /FlateDecode
>>
stream
-xÚ½]oÛ8ò=¿Â÷ 5—ß’‡²©ÓË"MöRïö°Ý>(6“°¥Ô’“ö~ýÍpHYJ”¤wmÂ9Î ç“b’ÆU®'i®™áÂL–›>¹†µ7"àÌ"Ò¬õóâà§c+&9Ë­´“ÅUVÆx–‰Ébõ!9úÇᯋùÅt& O,›ÎŒåÉÏ'g¯i&§áèüìøäÍo‡ÓT'‹“ó3š¾˜Ï/ægGóéL(m$PÄçgsB:>9O?.~9˜/:–ûb ®ßO>òÉ
-¤ûå€3•gfrœ‰<—“Í6Š­TœY¼;øgG°·ê·Ž©©Ã™éŒI4¾æX!Yž=~,å+–YPæ“´hZŒ;†¤ö·h­dZhÙÝ¢V!XnŒÄkÌ9KlO•b§àÏPÁ1gÆjx‚3£$0î1Χ3+’ü—É£ë
-ëµ»?ÍKŒ
-`hYûqÕ¡¬çŽßìš@ì2ÌÔŽï¦Ø¸/¬ò”Jµrœ8Ü41F·¸Z®w«=Á°z‘RF–Z1>6‚áSBAx¯FHi–gBEB'gG§¿½žP2àD©ÜS"}U«’R3¥²4Ò\,NI3i!•åHA¹ R±÷&‚G,¢.£PCGxÙÞ}©Úâó_GøR†aGsŽµ”sΪÞe5«ðjnáfµŽña„šbJ¤QoËz³A›¹)Á2­"¡#ìÏD®¤×thOÏ\~Ê nˆ÷иÖÛ•ˆæ*‚hC^
-¦+bäè¾$¯Áâ)O¡'̚ƢúBÀ®ú™ªÄ(B8ò¡¿APBApáÜ‚vþ;D?¼Y$HdÛ´d9Q”A¸ Ò$4ù0Œ>¢âB˜nh,ü²JJH_å²lǼJ€¥`F#"ú¸¶À„Œwõ7€$°ÇHá¢:@Ùzö3 ¥,”ñÑÿþ>ÂÕ€óL¦M™!÷y—»-©¡¼9K÷.ú´ yIZ§Ê½ ¾ëNï¤á`UþÞ”_¸8òøæÖ-{F²¿íÍX´³9in_fŒDÈÈmáÅ¿ÞmºPÆ|Ñó†¯Í|8»lêõ®uläFA
-|1„×[,\Gè
-µc¶Gz*í¾loF3 Ü¢êBÕ׆4Há·‡xëaˆ;ª²Sà}Ù¸Õéó)A¤pûؽÿw<Eá±Ï ežJS0Mþ RRPÐY¼“¹êh:0éWº"àP¤
-–vÎÿ\ ñFëhWuµt²Ø‡Z–A79Ì…}C¢fÊ7®ê·+ÅŠ=õòòA˜€Nõ{¼A)%tÊ_ßsÇO5ÈÂXfEf^x“
-Ñ‚J¾Ó#D(–‚oÿW°>ågžÁ0"AËLBù&Z§yh¢uÆ{1§¡%rg‚á ;xWÀÙÞà M47õn½"L,Ñqn뚶޺0[\ùfŠjäN)ɬÙ{=
+xÚ½]oÛ8ò=¿Â÷ 5—ß’‹²©ÓË"MöRïv±m›IØRjÉM{¿þf8¤,%JÒ»¶‡
+Þœ¥{}Ü„¼¤­SåÞPßu§wÒp°*oJ‰/\y|së–=#ÙÇßöf,ÚÙœ‰4·Ï3 F"dä¶ðâ_ï6](c¾h‡yÃ×f>œ]6õz×:6r£ €eKáQï›Yˆ]ŽŠ#^ÎÆòÛÛ·oÁü1ʾÆÞ+øõáÉÙìÍüâhæF£[ÿ¼È3¤ÚòS±îdƒ[xÈó½½p<›ÿyøú·Ó9;:͈éÀŠr2D|x'|,†Ë1<æ“Ä kw Ô^VEk¸‚LûH7P
+–vÎÿT ñFëhWuµt²Ø‡Z–A79Ì…}C¢fÊ7®ê·+ÅŠ=öòA˜€Nõ{<‰A)%tÊ_ßsÇ5ÈÂXfEfžy“
+Ñ‚J¾Ó›D(–‚oÿG±>å'^Å0"AËLBù&Z§yh¢uÆ{1§¡%rg‚á ;xWÀÙÞà M47õn½"L,Ñqn뚶޺0[\ùfŠjäYN)ɬÙ{=
endobj
-1131 0 obj <<
+1136 0 obj <<
/Type /Page
-/Contents 1132 0 R
-/Resources 1130 0 R
+/Contents 1137 0 R
+/Resources 1135 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1097 0 R
+/Parent 1102 0 R
>> endobj
-1133 0 obj <<
-/D [1131 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-482 0 obj <<
-/D [1131 0 R /XYZ 85.0394 641.1347 null]
->> endobj
-1134 0 obj <<
-/D [1131 0 R /XYZ 85.0394 617.8999 null]
+1138 0 obj <<
+/D [1136 0 R /XYZ 85.0394 794.5015 null]
>> endobj
486 0 obj <<
-/D [1131 0 R /XYZ 85.0394 552.2511 null]
+/D [1136 0 R /XYZ 85.0394 641.1347 null]
>> endobj
-1135 0 obj <<
-/D [1131 0 R /XYZ 85.0394 527.2608 null]
+1139 0 obj <<
+/D [1136 0 R /XYZ 85.0394 617.8999 null]
>> endobj
490 0 obj <<
-/D [1131 0 R /XYZ 85.0394 385.255 null]
+/D [1136 0 R /XYZ 85.0394 552.2511 null]
>> endobj
-1139 0 obj <<
-/D [1131 0 R /XYZ 85.0394 358.9197 null]
+1140 0 obj <<
+/D [1136 0 R /XYZ 85.0394 527.2608 null]
>> endobj
494 0 obj <<
-/D [1131 0 R /XYZ 85.0394 135.339 null]
+/D [1136 0 R /XYZ 85.0394 385.255 null]
>> endobj
-1140 0 obj <<
-/D [1131 0 R /XYZ 85.0394 112.6153 null]
+1144 0 obj <<
+/D [1136 0 R /XYZ 85.0394 358.9197 null]
>> endobj
-1130 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F84 858 0 R /F86 971 0 R /F42 605 0 R /F66 714 0 R /F11 1138 0 R /F57 632 0 R >>
-/XObject << /Im2 921 0 R >>
+498 0 obj <<
+/D [1136 0 R /XYZ 85.0394 135.339 null]
+>> endobj
+1145 0 obj <<
+/D [1136 0 R /XYZ 85.0394 112.6153 null]
+>> endobj
+1135 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F84 863 0 R /F86 976 0 R /F42 609 0 R /F66 718 0 R /F11 1143 0 R /F57 636 0 R >>
+/XObject << /Im2 926 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1143 0 obj <<
-/Length 2570
+1148 0 obj <<
+/Length 2580
/Filter /FlateDecode
>>
stream
-xÚÅËrÛ8òî¯ÐÁ¹ÊBð @rnGÉz*q²Žvkj39P"m³–"5"ÇóõÓ$J‚dg}Xû
-ZÏhh‹UY¸MÍÙ6k;™„€Vçs·¥{È:·¹®žh–—wrg•~ßÙÍ‚ÐÙüÁí
-ï<ëP¥
-&Ħ äl
-Æù=+«lVùÄÓEÜaSMZîůþíl©yÈå)ø’ÞÂòPSñ$–ÛP-a18 yGÈãcÈ!9‹Ò­¦pk¦UÚÇíÈpŽ¬Z1¡ù^ä4yK?J¸—TŸ ü>‡RÈ_pò‚E‘ô©Ìïᘠ¤?äÎæöp¥õrI
-0kFÊúXm#È‹»Œô
-~l½?þŽ1M\Ť~ÒøÕVêíœ_ò°B 6m¤—øðŽX·Ì ÷N³g’G|3–¡iz:WÓïþ‰hX7M²YÛTëαÎpa½oê!¡ÆàI/4ßÊ Ði€%÷NÏ@¶un#ü²ŽþlLÎ}þ QC+‘îÚ=yd%±™ºÌºrVVe÷DK˜àÒ¬ÈVUY8Hìaã+ä¼Eœ0¹5ÑóP„ŠI¨Fz„ Ö¶+±Üé/îë’º„°–9°²ÎË‘'H0­“½Î܈°AXÛ ÑöŸm\¹–ùnƒnÓJ'/v¼ ìZ¯,Þ¶¡T˜~©ŸÀéw«!a±æéÉzH² Y6åŸë;Œ1ë1D&ŠB6l)ákøB-i\r V+9ø€ø[ú² ¸þyz{I˶tI«o7ód8¾ õÆðçÄ[»nëÍ—ãrë3äu<îòî:?¡
-nÇQ±aÖ“B>uRl1”æ‰{»
-¿ ìIÍõ’›Eæõ‚íC_»žªïµ’l›yѶ¾Ý– ˆô+›ãR÷Õ?èœ`x”×qgËðíàÿ£CˆŽ|Z„ñÂIœö_"^$%¸À(Ĭ;a yj+Tx‘”PèØh×ß †¦” §Çßáv“$ûçkî^AèMpGàÎ=n_ ÿθg_âPE²•›Ù±ï?ÛÀÉÀÝ®¿¨# 3L'ü[&fˆÙ¡ŸõÜÀ<M©ÐS/<kv/}XÞ>®G1v‡dXBIºKÙg[spsÿ}xõ¿lç¡nendstream
+xÚÅYKsÛ8¾ûWèà]e!x97#g=5q²Žvkj39P"e³–"5"Çóë· R”)žÍV­}
+÷ûÇÅç/|”Áé~¹àL%±=ÃÎD’ÈÑê"ÔŠéP©n¤¼øtñ÷žáà«ê“àLªHzäJŸœtÂ"%••Óålö+žhÕ€VF,a7Ü ;Ëç\VyF?‹Ê‰ãö†:Rñ˜9nr$K´–ÈnÜñ+Í„à¦×Q
+á|(ú÷iÓ槱¢Ì©7ýÖæUSÔÕOWc%xÐ>¹—ï¦÷SPP"ƒ™ÓóÛb“/Úâkî9‡½„, Eh·ÀˆÛ§—ªM¿ýÔo}G
+ÆáNû‹Yê(PGŠq®:êMZ=º]–ON„íËÚ m`èx èFF¡ãðÙ³†bJ˜n‰E½ZåUëaC%ÝÏÑ@1‹ãh4†%JšSGÜãIft¤†–!u°m¬Q@¯­±‚ÅæJÄAž¶9§Ô4ù¦ÈݤzI-Q6õÖv91 ÑEmÛÌMiŸÒÖM®ÊêeÅI–Öhà÷ÒΨWÄ&OOnØŒ#™»©iEm—¶°¸9ó‰ª;õ¸7ê׈
+‚@$:,p1EÁ<ÇÖ8™áÊ Û<m
+<öó
+÷äh­¹ãp“· õPzøéHNø‘ÿØÔÙ[ÇÍv½®7­ã¸Sç ‡“¿æ›ÆzœÞdïôY^æi .ÙG‡f±)æg¢ƒ0Î{oÊ´iʼq3ïîÇ“·oØäá#
+sÒñëp*Ñfß‘÷ÌöÃÃÝ»;ˆÏÎ0˜J6à;±<ì¬c bàÀyb,jî?QûiúðÏéÃ%›þ6yÿñ×é+ág%¤¡î%57÷“÷îã%ãþÐD'Š÷‚.jñkZ¢—S©¿/ À±|‡'%Ïða>Fò,#qŽÑ@2D÷]í‘Èå+™Ê×1¥2æ?€4¯=‚£<±Þ.Ä‘OFa¢!%©ä5xA%ŠnðÂ7«Û·y9Ž´>½šÇ—ëv3öY»3Ãd`âÐF@4IlFal˜6Z òå±c˜ô@qtöd=#Š)¢b#*¶ue;†2 ´Ï5u–õfÕ`ð !àµé¦7m½v³6ÔîÆß
+ÄHGF¼H@7þ˜M õ4Œa‘aÊȿ³ŸrÊÐ$Ø’áÑy;ÓhŠ¬¥yù¬ sU—Öš^4^?W'p¬JWÝàò€êÛàçãœ-8eghçŽh‡ 2oHšTˆb4(½¨ËÜ[4ˆ5Ž“¼úÍt¤cGð;×<«Ë2Ýt|+h÷<h^VóºlèÓsÑ>Ù?^[„
+Ýæ­Ã$˜!ʨiü1o©“Rsé&WÔöÜêm»ÞZσ¹/õ–F«œ°•rØJ®é:ßM>–Ì!ñÈ%fpðcoQ¿ÀP&vÐÌÓÅ¿€PO4j™ÁTÀýQÔ™qå« À#DÇÉÙ#ó0ƒ²Í0“‡ÌÂ3¶·ÖÙ¡çòÉòfÂù9^V,Á*}!iÔkĈiYºßÖ ]‚)×ÏV?rg3N’0<
+ †.ïÓ.@F©úî®}<gŠaõ>B’°VˆÁ:¢Ș‚櫬»¸²5˜\1#¼÷"ð[k:˜õj¶Å¼(‹ö…†!S/O7e‘;J¼UÃ+3_P0elú”çËyB1 …ÌP¨Àµi ,±Û•UA÷‹0–:²¢ÊŠÎh!=iÀ ³2ž:u7×F—î²}ÿj¯—Ŷӥä DûÁªoWJJ¼Ï½±ñìfœ,$#HX‰6g+Iƒ·+£©ÖÀÛüï•’4xa ]Qj²¹Lõ&_è.‡ÜͬU|@þ }éóŽœ=\Ó°½xº¦Ñ·}?&×Þ’þœv+gí÷ŸÎ¨m “ñàÀmç/˜‚›qRm—¸>¯¶ˆCÜ0äïøô2†Úôä# ÔP Ѓ×/çY½J; È`«ö;w=ÛQ“¶ëEÞ4]`iŠ
+·^ÍÊó¸)9Ä}é^÷üu¦HD—äô“Þ>–²Oz]rÌ܃
+=/î)Ü™Çî!3ïž,<Îf@k"éÆõ,’Ô¦rry7ëOºÜÔ„A»gQ’éqàí¤¡4ÃÇcÏ«1}×_ûF½{§ Þ7I¿†zMºMÙàèhçÝcöñÖÿÖ´!endstream
endobj
-1142 0 obj <<
+1147 0 obj <<
/Type /Page
-/Contents 1143 0 R
-/Resources 1141 0 R
+/Contents 1148 0 R
+/Resources 1146 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1097 0 R
+/Parent 1102 0 R
>> endobj
-1144 0 obj <<
-/D [1142 0 R /XYZ 56.6929 794.5015 null]
+1149 0 obj <<
+/D [1147 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-498 0 obj <<
-/D [1142 0 R /XYZ 56.6929 743.3113 null]
+502 0 obj <<
+/D [1147 0 R /XYZ 56.6929 743.3113 null]
>> endobj
-1145 0 obj <<
-/D [1142 0 R /XYZ 56.6929 716.1502 null]
+1150 0 obj <<
+/D [1147 0 R /XYZ 56.6929 716.1502 null]
>> endobj
-1146 0 obj <<
-/D [1142 0 R /XYZ 56.6929 508.2976 null]
+1151 0 obj <<
+/D [1147 0 R /XYZ 56.6929 508.2976 null]
>> endobj
-1147 0 obj <<
-/D [1142 0 R /XYZ 56.6929 496.3424 null]
+1152 0 obj <<
+/D [1147 0 R /XYZ 56.6929 496.3424 null]
>> endobj
-1141 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F66 714 0 R /F57 632 0 R /F14 616 0 R >>
+1146 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F66 718 0 R /F57 636 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1150 0 obj <<
+1155 0 obj <<
/Length 1552
/Filter /FlateDecode
>>
@@ -4300,773 +4325,769 @@ xÚ•XYoÜ6~ß_!øI d¹"u'EÇIZ§AÑÆÎS’­–»+X+*:ì¸Eÿ{g8¤ör†¡!9üf8g¸Üñà;IÈ<? œ8 Xèñ
¬AH¢að›«ý^Ux6­ck5)* ªÔF‡›Öüæ„d¹ÕÏž†ÿÒÇcúo™¼ 1?‹óõgà)Ëí1ù–i„Ãué).Žx”Ðdd&ÿ{1ÏRh#žè´nck+Íž—§Èê‹´´–¦{æÌb#3c3¼Ít,ôû•l~``+ïľ_™þ;Xk˜à£#Ÿä~M-–ÁB»|"±I¥FÓ|Tÿµ´ªC%1YïŸ ð ¥eÿqן‚\Lg:šþQ•uaîévñCSwµÙ·ÏZ¨ª“~Ûöûå1üwL:öGV=žû{ç›ì›‡ ïVGºÏý¡QAš.cíIìNp
µÐxû< œÀ‰¡f½¡{xO£e(W8è«’*à©0 œÚefm%eE¢l+ôN}‹wN¯‹v1iº$úY©¡.í 5ÞÜÝ«CÍpuBG¾×/Z¦¯°u†›:#lƒÎm“S´Äm êdÞÑ‚-€Ü=íÄ`©•F2ZhÜÛønQ/°ë凛«×ïçð,¸êlb–B9¶Ýíú¾hUóH‚¡é œ÷ò`ª8H̆_cöúvxV†ðd‹b/Ó qzzÒêc©?Žž¡vÃâh‡~…žTۮΉ®~NQ@CÁS÷$e–K``Yßæ²é˜j¶@/ë~µ4SK{Üåå»Å|béHS´[Ó#ôødˆXÆ¡ÁkFh5¿Ì>~öœ5ðíÌc~š„Î <8ÂÙϼ’ÄŽËÙÍìïÃÁ¼Åp|n<X@g˜ð\k5VüÇ)?RnôàxΞø÷ þz.Îþ$à‡ `˜’fYúmá8ú|l ÒØ¡°(Å”ý¥b,îDLhendstream
endobj
-1149 0 obj <<
+1154 0 obj <<
/Type /Page
-/Contents 1150 0 R
-/Resources 1148 0 R
+/Contents 1155 0 R
+/Resources 1153 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1156 0 R
-/Annots [ 1154 0 R 1155 0 R ]
+/Parent 1161 0 R
+/Annots [ 1159 0 R 1160 0 R ]
>> endobj
-1154 0 obj <<
+1159 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
/Rect [513.6761 73.4705 539.579 85.5301]
/Subtype/Link/A<</Type/Action/S/URI/URI(ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos)>>
>> endobj
-1155 0 obj <<
+1160 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
/Rect [84.0431 62.7606 448.7754 72.9224]
/Subtype/Link/A<</Type/Action/S/URI/URI(ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos)>>
>> endobj
-1151 0 obj <<
-/D [1149 0 R /XYZ 85.0394 794.5015 null]
+1156 0 obj <<
+/D [1154 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-502 0 obj <<
-/D [1149 0 R /XYZ 85.0394 769.5949 null]
+506 0 obj <<
+/D [1154 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1152 0 obj <<
-/D [1149 0 R /XYZ 85.0394 570.0146 null]
+1157 0 obj <<
+/D [1154 0 R /XYZ 85.0394 570.0146 null]
>> endobj
-506 0 obj <<
-/D [1149 0 R /XYZ 85.0394 570.0146 null]
+510 0 obj <<
+/D [1154 0 R /XYZ 85.0394 570.0146 null]
>> endobj
-1153 0 obj <<
-/D [1149 0 R /XYZ 85.0394 536.782 null]
+1158 0 obj <<
+/D [1154 0 R /XYZ 85.0394 536.782 null]
>> endobj
-1148 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R /F11 1138 0 R >>
+1153 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F11 1143 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1159 0 obj <<
-/Length 3218
+1164 0 obj <<
+/Length 3217
/Filter /FlateDecode
>>
stream
-xÚ¥ZKsã6¾ûWè¶t•Eƒ
-€-d®_E(>|úr»”¡ð¾~|ü7ž¾Ü†¡÷χ/OÀÜ ›{÷yõÀ¼± ÚÞw°KIÝÔï¿~y\ýLoßúøôøþáË»ÛX{«GxÃÝ<¬Žõ…
-ýýæ—ßÄbêÿéFø*MÂÅ^„¤©\ìot¨üP+å(åÍÓÍ?£¯vêì=”É™‹Ôrh_iø8¾É0õeKw“·Ë@á廦®;:jVmhК®/xŒú}®›Ký¶¦y1MkukoH«Ñ ‰ÅR&~§Ê.÷©‚IIè¦'‘›~o©öŠŽ¨EK|‡ºm‹uiˆÚÕDmn¯¯ˆÆ—Ô‚eg´0ÛSû±p6G½ Žk63{V‘¦±c6ÕKAìÕÞT­ºèÛ¢ÚòÆv†åÈ‘œ@D~¢‡ ãÌWt¥_F"eöç¾Ê»¢®,³]t}ÂI‹¥JS_ ©Ë ðÓ0¤›l&/žOvOJ)»'HïW)5«$­ ?‘qÄ«-»™ ‘øÀùʱ¢ën ½&L¼Õ/ ʳŠ¾ïLy Q±?î^ ÚSÛ™=ñ·&;Ñ—5?e–ó!$ß®•Ä²³ó¡Z0ÓuýÇ;àb™H?†C9ÅP°:îŠ|G¶z,Ê’Fe±/ØØ­¢p°ÉöÙÖëŠGÅ3ûÄØÜùSKϼvÇÜ­ÙØЈ–F—*™Pœ«jX'jíõ­yîq'ZyÏ&ëz;ÛÐGkÇš/ ì,0•¯åÓ{ýLOv˜d·ž úZ¥Õ±¥Öôh¼Ì&3ûš‰‹ÉèQÕÕ¡)^ŠÒlÉcìéFÆjÎQbÆÚ$»P½ì9˜}B•Ö¡3+ñÚ$!1hœ#~
-ð;_¢+°“kzf›ÿômw±ÞKVö¦V³Ú " +Q8UA¥ÖŽof4ºvžŽ)#§°^¶Ük…@Õ¸qbTœÁŸ©¯ÎJ;›%)bÎC?J¢‹—åyÝW8ä†Ôr¶
-bÑA4 q_+>¦@±"/-<“5eAð'@Ó²V4›
-PÑ’îhh¿1`Rw:6ËӺװý4pû¯f#N
-ñ¸¸’zCy®Ç»7]Nè +ösnš(tSw`€M)?ˆ£ä¸JÿëÌ^ú¸ò| |nŠº»‘œâm¤ÏÂåTø
-£¿âR©s<ªOî¨@üEëÍË 0ïÐz¨
-,LpGÊwYµ5Žn#¨¥C|4mKtê˜
-dʳŽË4ÐÜæÐ  J05¥Ã©§XEªðÕúr¯NXUç®Gaý;¸Îù@*<HE씼–¥0œ’5Ú÷nK[Š*Ö…áS±áž|²G§XËë¸ÊH9–U¼8­Šû:@96Eg0r‰ÐûXw†Ô ?‚ÓIXG†³õ¹|­£µ/’0|ÛÐä¹s9Â(½%é³FÀÙò“\FBq>T’@µZåЫ$5·ÐRR³ÓøkCŸ2êu1úµ_
-kY2(ëa@I¢íš"ï\q±S©8™*ëP7];ífŒÿºŸA‚±VäfÆe+€¾ŒTÂÁEqhy9÷›¬ãež\¯çÍá;ö*(.ò\/+ÞÆÉGjÏòqüœålìøÖîê¾ÜÐxÍSIO%sØþžn©Ã=VDP
-N8£ü„(ŸŒRF»‚oÁ’Ë®ÈÑfÉT1˜ÔÞ¦æ÷AX ,-‘ÖYKÐS‘O¥®‡„ÇÏDÈ6¾sžDH×õp€cWVU|‡¿Lå\>f#Íá1
-’$rQþOnÙ%çþ¤‚ BýI$ïM·«7¼ ¦CËtí7 @rÌÍy–»­‰Å}˜^®èŠ€Xø*
-“Ë`ÅóúÁ#ïë{TmˆEkþPR2lËdma¡#ŒŸ©üÞZkÅ軲­YÝu7l5s"ž'›é
-§›6¼ŒÕ/õ½²ƒWoF¥#åŒß¸™åÀ>S Q8ãõ¼)
-–Zttâ‘~Ý2™<'õšQ2òÿ!Ž¡EòÕnèÃûOÌ‘u(‡¿¶ý
-⌨‘ûé&@²’¢!¿0ÿr.Z°•0 Oí
-Û˜‡¬!Qð†yÚ''áÜ œ•Ü-iwK
-Ûp‡eiàÏsi”×UëQ¬Áw@—¨
-õ%W;w¬p½õÿ 0 Nendstream
+xÚ¥ËrÛ8òî¯Ðmé*‹&ðµ·LâÌxI6Vvwj2ˆ‚%n(RÇÍ×o7ºA‘2½NÕÚ‚Fèw7.øQìÇ™ÈI¦ü(£E¾¿
+[˜ûù*dœ¥CZŽ±~Z]ݾÃEæg±ˆ«Ç­ÔÒ4\¬6¿{‰/üë?V¿Þ¾Ï‚®üHH 8oùüñ㊰&Uê«0Œöæû9J±/d¨çánõåþÝ©Ð"ÆúDÁûŸ¯—"
+¼/îÿM£‡»Ï×Qäýóîó`„×°@ÁáÞ|ZÝ1nâ_7ï§{8‹…dnéÛ/ŸïW¿ÑÛÛîßÝ}~s(ouox¢«»ÕÀÓ1ßÃ@"Cÿ¼úý`±öÿzø2K£Å^?Ì2±Ø_©Hú‘’ÒAÊ«‡« G³vé¬Ã
+B¯ö¦êhäEßÕ–¶3LGŒè„Aì§j0ˆÜ2W¾À+™ú"2F쫼+êÊ"ÛM×'\´XÊ,óU Ôb†~E$Éö`òâñdÏ$¥´g‚ð¾
+¡˜%Éh·$ðS‘ļ۲›9‘}!Kº>àÁÐj¢Ô[íPX¸Q®+šß™ò@£b Þ=´§¶3{ÂoMÞ7Ew¢™5?¥Îù‚¥k)1m}¾T jº®¿ß¸ .–©ð¸”c 9«ã®Èw¤«Ç¢,iTû‚•Ý2
+½×[7®+lcuç©–žyí®¹/Z³±®5”.“"%?WÕ°.TÊë[óØãI”ôîz»ÚФÕcÅD
+³ÇA exÿºÎ„ÇkûíÖ´,]ºjE¦Šbl'âœÞÌ‚Îw9îLå`y[IQMML}ÎÄ!`%¡Dï³i'ÊO’ uº“X¼_ŒÓfVÄø´ÖOó]ï%O‚*î­÷Æ—²¨Œ‚·Zó[-˜Žž»–Ì h(ù÷ʢ̉×æ A%ý@ŽÞí“nn+½Ÿuà [Sõí>ö†»¹±*?ß Â]”¦nù°Éb©„€ š%î“"ÝÌÕˆ*a:Ö‚&J"ñwVøt´léÖM$yÛ·ÍmY纼]_}Cø“°O Ç€ŽžÏx$ùm|•‘†A2$f!ô•ókù(²ßa4ãH6­•Ÿ¡"#µ{Ð %¯¶ê·Á+{6 @øœÆÄ „•0|Ua@äŸÅX¤Ž¬ÆíŽuó ìd¦)O4WTî$„ ›®ÈûRóI7DÕä]ÝœeÈbð…MçfÆaIÐ’tȬœúH?Ž"5 2/)±Èü4M²‘ÃBEN„wªAàR¥“pTTYå†'(% zŒ§*!›‡÷g ³«všGE•—ýÆ´Œ aãÔí(¨Â;›>ÃÛé–dO>êžòÞsT£›»»Lì‰ý }j–A¶Vس€òÙÈ §ÂÑ5ϱÒ˜$ÍÂñ1ö(q~³àý(Å ÐÉS:G`·7E6| QJ=àf
+²–ßðP(œg
+7#LôŠ3ùgæË3ÓÅfIŒ˜3ÇÈÓøÂÇé<¯ûŠÇùƒ"µ­Â\tO]Ü—Š¯©B`l‡™—
+<£›² ô'Ä4¦e®(V€¢&ÝÐÐÎu§Cβ<9z ¨™ì^Áñ³Ð¿šõ8!à$C8aAMʉ(‰+ʤ pîÁÿ´tðh2²÷¶ÓÝøä•elST0E·
+—B詬'ÆÒðõöHg ˜e©÷K}DëÇŠY›&àŦÚP6ø6áÀq¦‰îÎN¥MÀ û Õ9$€îõ‰°™
+ä_´ß<}H£!Í;;´*À™à ‚ŠçDûn¨”B›&¸+å;]mƒ[jáàMÛœ:&
+a¤Þõ‰ZcÂÙò“\FBq>T’
+. ª(ÝÏd—çMƒsuy}°Ñ§sMz0Óž_È¡1ÏôÔߣۑUŸÖ–æ.(ê7ú7ô !A
+‚ÚØG‚óì›9Ñ [à ½=%3rõù]+xËËY3ºeX»\bfî
+RŒ1-xS‚‹'ç ÃÐÕaƒNb5“g«ÌbéZ0Ħå¡.‹ü4_4F‰Œ/¹e k3tŒ7®Ë©T µÿ´qòPï-*hjÑÑcÌôë–Ád9°×¢Éþ?†É¢ÝÐÄ»Œ¡;M#ŠÀ‘ǯm¿†‚X4vŸ~aL–]R<ÄÆ_Îy &"SNè3»…Ä6æA7D
+Þ0Nûd$›S%'%å¤$± wX–„x^K£¼®:Ø| ¾Cv‰  e|[Ü»§$¥”]º¦
endobj
-1158 0 obj <<
+1163 0 obj <<
/Type /Page
-/Contents 1159 0 R
-/Resources 1157 0 R
+/Contents 1164 0 R
+/Resources 1162 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1156 0 R
+/Parent 1161 0 R
>> endobj
-1160 0 obj <<
-/D [1158 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-510 0 obj <<
-/D [1158 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1164 0 obj <<
-/D [1158 0 R /XYZ 56.6929 747.0488 null]
+1165 0 obj <<
+/D [1163 0 R /XYZ 56.6929 794.5015 null]
>> endobj
514 0 obj <<
-/D [1158 0 R /XYZ 56.6929 613.0366 null]
+/D [1163 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1165 0 obj <<
-/D [1158 0 R /XYZ 56.6929 586.6546 null]
+1169 0 obj <<
+/D [1163 0 R /XYZ 56.6929 747.0488 null]
>> endobj
518 0 obj <<
-/D [1158 0 R /XYZ 56.6929 473.2336 null]
+/D [1163 0 R /XYZ 56.6929 613.0366 null]
>> endobj
-1166 0 obj <<
-/D [1158 0 R /XYZ 56.6929 445.9291 null]
+1170 0 obj <<
+/D [1163 0 R /XYZ 56.6929 586.6546 null]
>> endobj
522 0 obj <<
-/D [1158 0 R /XYZ 56.6929 376.148 null]
+/D [1163 0 R /XYZ 56.6929 473.2336 null]
>> endobj
-1062 0 obj <<
-/D [1158 0 R /XYZ 56.6929 340.4845 null]
+1171 0 obj <<
+/D [1163 0 R /XYZ 56.6929 445.9291 null]
>> endobj
-1157 0 obj <<
-/Font << /F61 642 0 R /F90 1163 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R /F57 632 0 R /F66 714 0 R /F58 635 0 R >>
+526 0 obj <<
+/D [1163 0 R /XYZ 56.6929 376.148 null]
+>> endobj
+1067 0 obj <<
+/D [1163 0 R /XYZ 56.6929 340.4845 null]
+>> endobj
+1162 0 obj <<
+/Font << /F61 646 0 R /F90 1168 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R /F57 636 0 R /F66 718 0 R /F58 639 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1169 0 obj <<
-/Length 1975
+1174 0 obj <<
+/Length 1967
/Filter /FlateDecode
>>
stream
-xÚ¥Û’«Æñý|…ÞÌVY,Ã'ÇÞÛ—].Ÿ­J99y@0’È#à eýõéžîĉS•Ý5}Ÿ¾MƒØð/6yâQo²"ö“@$›ª{l@ûö`ž8‰ü$Ž"xX¡n“(÷“<Ì6Û¥’¯_Þ=~‡›0ðÓ4L6/{g+Ír¿ˆâbóRÿÃ{:–'-‡‡m˜^þðÏ—¿’Xìgy&P,
-"p>¹UàT<ëÏ’ÄII¯45¼‚7 §£ºP•lí™~>Ax˜IOj²ÒÇòJíePýáKö,Ú~‘†);á)bS@Ž )Š…·“£&hTí¤<$>iå°g –yhz`^Ù¶åÌYö5•êÙ˵ÇIŽ¾Ö­ËWöâ4<ˆÜ“gÙk=3¶“å8…%wox4<Œ‹9f”Ú$tf™7ð7õZu88$úÕ¢¤ìä^‘Ö#øîƒæ" €°ÜLƪsS3[IøQ‘ƒ£ÕžðǦ×lÎÄqMv;Ž R4$H”m
-¡LF35{þÕ$}iÚ–08™q:Äf:¼9ËýZ‹ê‚Œ À/gK+פAήUµ5¶fæÃd±‡Y)R0‹#IìU€£¦‹ÆIÿN.È÷ªYY9»”ÙÙâ<ÏaNÕM……ÿ预YÒÏo¦û:–#\
-À™+¡Ó/Õñé­ê³SGñYŽN¸¼ûÑ éYhíŸ#:GÑmH'9ðära¯cûÅ“n~‘. Pp7tÙ”`è7u”²®‰Š8‹ó(3"| ’ üŠ [âV£$ÄÜïf|Gö’Qe}ÃÉ]&ì6!0C¯Lç=
-,ý&k«­“«¡Ño„ 3°MB˜ ~½ïy£*`´öÛýÔ×Fkû˜Ä·:=ÏÀü+¼¼iLb”æP²$ƒ¯ÁA‰~C÷Sœ
+xÚ¥]ã¶ñý~…ߢb­¨o¥EÓd¯I¶A‚ ·@öú K´­®$:ewóë3ÃR²­4z÷°Ãùæ|q,± à¿Øä‰DE¼ÉŠØO‘lªî]°9
+¶Í-3J.´‚J’œüÀ<…º™ W߈L¥Yp°Àj$‘Ÿáßwß½ÿã>‘¾ ?ìÍB<Ÿïƒª`x˜Ê$µ£\Šk·À΃NN½ŸÃo ¨Twj›²¯$yœ$,Äè#“¬;©nˆo²dRµwÍ4Jfjö¤»aÕ5µµ‡W¸}Rä8 Þœöž¡¡‘µÓºÒ£œ­\­å‚c €B3aÎ5
+H¾O{`8"0Œ#Ùª’{>Ëþ ³“†N‡{¬£\z2«3—ã0¯›Š
+ÚxjÊ ÅÖòö+5N¶ÒQÙÛ‘[ÛFÈ ï™G ¶Õ9ȹ¢2oƒ¬zlËó,s¶|Íh'óÅ¢ÀÛ;ák+¥+CäÑÊݺrÔ”†OoÆ‘uAëNÓ¦åUj-»“¾ž¡‚Ís¥No<¨÷7V0¶¾s,ƒ5ö"tìƒ{×r{Ñ|Î<™Ã™§œWz™ò9ZyºàJ(Ku|{«úìÔQˆgÖą㆞é~tBzZ{ªçˆÎQt»ÐI<”\ÇëØþ_ñ¤7^¤‹U'é販4Á'RG)ëš¡ˆ³8Ò8#ÂÇ Â¡"±p·%!æNÇ #û~¨²¾áäFvo˜¡W&Žó‹ &~‚ûfuÜ)ÚAl{ùH²
+ˆ^^Ãære†ä+÷EÄsÙì+¤Yó‘Å]Í-ÌñfЛšˆt){F5úšy'ÙÅÁ™21[}éçî<”Mÿ¿­,¯,?¥Ý±Ÿn6ð¯%Wé7²=}þÇ{ U[Á ÖS„2ïƒÚëË<šó¤úQ º™::cQ=xârT8pïi°´+
+þUƒ`Ù÷ºÊÖ<¢Ì–ˆš¨4¾ÝÆùŽK!”׳fíÈü×^Ù[ÚZÁ™¦ºþ!dÚH„…wóbÙïÔr&¦ê¦Ñ<Ø)&ÚÞ6o’ró&Îs³Îdø»\—•&þý+hòiOå¯ B,æ¨ò“$ÍÀôáÏÈòîo/îãM0Hã|#¢ÐÏ’œ>ðõuc¡oç=N`»0ßz’la÷N/-gM«Õg ··þÀL÷ ‘×þÜ|prLw>\ÝýNúð—•a/àù(DÁ1²?7cÃæ÷(5Mƒ©…å8÷E&âëÚ¾È/?Ôf«\ÉJ’øI&~/'"†7,)
+Ý$©ÛKnÃŽ¶ù·NÛïQâã×Ì5-Ëvæ¡™K'àòó°È¬"t%-n­¹Ï¢÷æ~6\›Çendstream
endobj
-1168 0 obj <<
+1173 0 obj <<
/Type /Page
-/Contents 1169 0 R
-/Resources 1167 0 R
+/Contents 1174 0 R
+/Resources 1172 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1156 0 R
-/Annots [ 1176 0 R 1177 0 R ]
+/Parent 1161 0 R
+/Annots [ 1181 0 R 1182 0 R ]
>> endobj
-1176 0 obj <<
+1181 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
/Rect [348.3486 128.9523 463.9152 141.0119]
/Subtype/Link/A<</Type/Action/S/URI/URI(mailto:info@isc.org)>>
>> endobj
-1177 0 obj <<
+1182 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
/Rect [147.3629 116.9971 364.5484 129.0567]
/Subtype/Link/A<</Type/Action/S/URI/URI(http://www.isc.org/services/support/)>>
>> endobj
-1170 0 obj <<
-/D [1168 0 R /XYZ 85.0394 794.5015 null]
->> endobj
-526 0 obj <<
-/D [1168 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1171 0 obj <<
-/D [1168 0 R /XYZ 85.0394 576.7004 null]
+1175 0 obj <<
+/D [1173 0 R /XYZ 85.0394 794.5015 null]
>> endobj
530 0 obj <<
-/D [1168 0 R /XYZ 85.0394 576.7004 null]
+/D [1173 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1172 0 obj <<
-/D [1168 0 R /XYZ 85.0394 548.3785 null]
+1176 0 obj <<
+/D [1173 0 R /XYZ 85.0394 576.7004 null]
>> endobj
534 0 obj <<
-/D [1168 0 R /XYZ 85.0394 548.3785 null]
+/D [1173 0 R /XYZ 85.0394 576.7004 null]
>> endobj
-1173 0 obj <<
-/D [1168 0 R /XYZ 85.0394 518.5228 null]
+1177 0 obj <<
+/D [1173 0 R /XYZ 85.0394 548.3785 null]
>> endobj
538 0 obj <<
-/D [1168 0 R /XYZ 85.0394 460.6968 null]
+/D [1173 0 R /XYZ 85.0394 548.3785 null]
>> endobj
-1174 0 obj <<
-/D [1168 0 R /XYZ 85.0394 425.0333 null]
+1178 0 obj <<
+/D [1173 0 R /XYZ 85.0394 518.5228 null]
>> endobj
542 0 obj <<
-/D [1168 0 R /XYZ 85.0394 260.2468 null]
+/D [1173 0 R /XYZ 85.0394 460.6968 null]
>> endobj
-1175 0 obj <<
-/D [1168 0 R /XYZ 85.0394 224.698 null]
+1179 0 obj <<
+/D [1173 0 R /XYZ 85.0394 425.0333 null]
>> endobj
-1167 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R /F11 1138 0 R /F57 632 0 R >>
-/ProcSet [ /PDF /Text ]
+546 0 obj <<
+/D [1173 0 R /XYZ 85.0394 260.2468 null]
>> endobj
1180 0 obj <<
+/D [1173 0 R /XYZ 85.0394 224.698 null]
+>> endobj
+1172 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R /F11 1143 0 R /F57 636 0 R >>
+/ProcSet [ /PDF /Text ]
+>> endobj
+1185 0 obj <<
/Length 69
/Filter /FlateDecode
>>
stream
xÚ3T0
endobj
-1179 0 obj <<
+1184 0 obj <<
/Type /Page
-/Contents 1180 0 R
-/Resources 1178 0 R
+/Contents 1185 0 R
+/Resources 1183 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1156 0 R
+/Parent 1161 0 R
>> endobj
-1181 0 obj <<
-/D [1179 0 R /XYZ 56.6929 794.5015 null]
+1186 0 obj <<
+/D [1184 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1178 0 obj <<
+1183 0 obj <<
/ProcSet [ /PDF ]
>> endobj
-1184 0 obj <<
-/Length 2580
+1189 0 obj <<
+/Length 2594
/Filter /FlateDecode
>>
stream
-xÚ}Y[sÛ:~ï¯È[•™Ú•DÉ’ö-qzI{’ÍÄ鞙ݳ´ÄØÜJ¢ªK\Ÿ_¿
-ñ¶—§vº®u½#Šµfª~c*©kßËŠ©›c׫ŠUò|h[Ü@¡½"õœ|¥¼ÑA÷¯íj†m©sÙkS[ÃñTäWòäãÇ5:!ò²ÐG#öTä冶ř`GŽláÕê@”ÎY ăìˆX¨.oõÖÚ tk3ÁfA#¢´€UÒ4$G)by¹¡ï}´¦˜j\%bk ©
-Û¨‘¶êÕµò¯3¢9Eœ¶W²Â ˆí3ÃBb zè¬ôØ q± ‘©°+æ¹?L*Qâî+áâX
-S«sä”e³§áZVÍV•%õU½ÌWñ›¡.ec ì¥Á'Þéž õ½?Ý`$‘5·;cZ+¨£æ¨q‰@I̧Ž:8=˜0cx?ë„€"0uKr¢Åâ"’Bš!!çôt»¡„ºã(¦í‰’`'AU”õ‘˜ ñe›>@–eÇZ¹©¡xnªn÷} Â&…;mö°Š¡ånì4ÑhÕÿû#Ò@ÊÏ…â+¨ÁK³FXNòZ©acâ·`FAˆ
-oSÓk-Ûrq§{hÒË’5ïôwEÜ»aè:Vú¢+"^—ÆðZ-U6ù’¯ÿœµ
-Ó¿¼XT¸Hâ´„*7l;õc
-|ÕYìƒÇç£Ùª½–®¼åŸL½*-D€øµä½ÓàÖ.µÕ½S¹n£ŽRùþT p½šß®6²XÖ'æ‘ Xï9öõl3ÙÙû‡µ…šÞŠ
-ÁoºÂWUYjË ±–õ{SÄ~ö“Í3rÏê{õ±ˆÈVºE¯jêG€üu€8Œµ êFËŒÏ߬ð»M0Éçl…ÚÌz7†¹¿©ƒžÇõ¾ÅoXƒàßíÑÊçý°Så»W·Î‚b÷7wM¤‰»k8IíÅ
-iH ¼É:3~gBžmÓIJùÖtÈÊNÁ¦‹$.ûs:ä4ÐA»Îu#Kšº¦eþ¹ÐCÑ~ÏÚêr™ÿ×àè9˜MªMÙó b˜š+wAó½|Q$´Uöñ4®ŠEÈñ08ëÕPãHtªœ085û8Ûœ·  
- 5@oeõæÃÓø‡÷çßóÅ쟜Èâ$Cw˜~aþj™†YâBó“àõnã_1~Ýîÿ®pÏendstream
+xÚ}Y[sÛ:~ï¯È[•™ÚÕÕ’ö-qÒ6íI&§{fv»´DÛ<‘HU—¸>¿~º8Õît:"A€qù
+¡A íæA€€~V5Q\óhêæÖ¯Š| ñà?]96`™½èyÎQrÔÌøàX«¶•V§{Ù‹)T›ƒ  “αu)QÚƒh‰Vš\ažõ¼Œ°`jɹFÊÇNn²Žà„ ‘•†¨® \Tòi%¹Þ¼Ê=v¶¢#fn€Ž \† …ÈôiŠêÉL®\Î, zn‚‰/°`1d|Jß,ÖFg²Â£qCk|™*T«dó åluº}ôûö3!C‡Ý•U!'Qø)o
+ƒM%3k_>§Â,™:ìL¼O“`д°.¬xÞ©«ú“•x—¢˜3ø
+‹qÀ`qFÖ5q DÆžs/l
+Âò#^f„OX»¯*§Å'µßx©UÌ)ÄÑ{ˆM³AÃM ¥È%Ñì]€BYa»
+ë$±¬¹ÝÂZB5'ɈKTJ‚àu꨽ñÁ„ÃçY#xôi¿%:P,."ɧù qæ“ì†>êb„£ˆŽ'JŒTUQè-,@´^ISÙð²(–ÊŒ†â¹í¨º¥Ü÷ «î´ÙB°”w57pC§‰z@«þ8‘B~.¨¾¼45ÂrW Û~ jä„ØIàlJcZZZ‹ºXÜ«šô¢`É{õ"iõ¾ëš†…¾ª’ˆ×…1<¤V ‘Mv€àkÿc­üd&ÈÞX¤F\$qXB•ë¶üÙ=
+~3à˜¢‡Ï-éD}ãX/š7éAà*ˆ[ž~ëˆo7û˜I×<a.SN@ÚÆRð±Ã VÂŒµ¶W·Ò5&DzžéÛ„H-*jsìWËJüÇjgÌ9Ù…ˆà:¹ ˆ¡,ÀKTýR6"‹ßšV}l¯†ƒ>-㤇Í°·ÁqoG?jà$c´â…à•Ïÿ‚Ô!àað.lÚù§Œ5V9UÐèª(ÁV…@xƒ>™­¬ÑjÉʹ-þfêUa‘دÿ.ÑöÜÉÚ­¶ªíE®ëÓ #evKî§ù {du ˜…O¤ÀúÀ¾×‹¹\llb‰¡Þ·¤zð‡*ñqUÊ®úXÒÚƒ)rZ~ö—›8òÀâŸ:‹
+°pãÈÀo§h|®#•Í» QwAb"?kÆs¯åÝy›âŽ1“„_àé½`KA¶Äÿ/¢ ØŽûø©“ê* Þ”'à°GÀÊFVеom+Sßu]b 8’â=ÑKñ—©§»âËOÒš½,hhµlG±¢à ›Š9~2pR0âï0öùû͆\qÂi´ÜY
+Nëû»ÛçáýŸ‚h‰œ˜ûÓDϲyèïÓ_àwµLü4î7B­bïíiÃ_9~?î¿ÆÄÐendstream
endobj
-1183 0 obj <<
+1188 0 obj <<
/Type /Page
-/Contents 1184 0 R
-/Resources 1182 0 R
+/Contents 1189 0 R
+/Resources 1187 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1156 0 R
->> endobj
-1185 0 obj <<
-/D [1183 0 R /XYZ 85.0394 794.5015 null]
+/Parent 1161 0 R
>> endobj
-546 0 obj <<
-/D [1183 0 R /XYZ 85.0394 769.5949 null]
->> endobj
-1186 0 obj <<
-/D [1183 0 R /XYZ 85.0394 573.5449 null]
+1190 0 obj <<
+/D [1188 0 R /XYZ 85.0394 794.5015 null]
>> endobj
550 0 obj <<
-/D [1183 0 R /XYZ 85.0394 573.5449 null]
+/D [1188 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1187 0 obj <<
-/D [1183 0 R /XYZ 85.0394 539.0037 null]
+1191 0 obj <<
+/D [1188 0 R /XYZ 85.0394 576.5762 null]
>> endobj
554 0 obj <<
-/D [1183 0 R /XYZ 85.0394 539.0037 null]
+/D [1188 0 R /XYZ 85.0394 576.5762 null]
>> endobj
-1188 0 obj <<
-/D [1183 0 R /XYZ 85.0394 510.2426 null]
+1192 0 obj <<
+/D [1188 0 R /XYZ 85.0394 544.2616 null]
>> endobj
-1182 0 obj <<
-/Font << /F42 605 0 R /F43 608 0 R >>
+558 0 obj <<
+/D [1188 0 R /XYZ 85.0394 544.2616 null]
+>> endobj
+1193 0 obj <<
+/D [1188 0 R /XYZ 85.0394 517.7268 null]
+>> endobj
+1187 0 obj <<
+/Font << /F42 609 0 R /F43 612 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1191 0 obj <<
-/Length 2679
+1196 0 obj <<
+/Length 2518
/Filter /FlateDecode
>>
stream
-xÚÍZYsÛÈ~ׯà[È*sv.̱›l£c­-[V$¥6U^?€ $"K\”Ìüúô\à€‡$ÇtÅå’1gOÏ×=Ý==$= ÿH/Hhª{Rs”`’ô²ù î=@ß/'ĆAÃxÔßïN~¸¤§‘Tôîî#Z
-a¥Hïnò±?B €îÿr~u~3z7Ò÷Ï®n]áæüâüæüêôÜU/¯.>ܼ $ïß]~¸ •ÔIt}}~uvù/7fdbZOÏoŸî~=9¿k9ŽwE03ìþyòñîM`s¿ž`Ä´JzOPÁˆhM{óž0”pÆBËìäöä-Á¨×NÝ‹Áˆ2A÷ÀÄipÄ8tÆ8%Q%©Ç‰†öÞuS-‹,mAuYÞWËyÚUi6ìȤ“ĒŽ!ÃHH¢AD<ÉÓYZ×yíÈT÷ù¼®VË,µ¬ZNê–ðF¬@—r¤9áº-å·ž·¿¹Ï4¯‹j≰ÃD,S¤ÿÑÍøäj™áÓq¿¨]SZºomÞ6Ôùò±È<™Iþ˜ÏªE>q“Çk×üþòî/žÎõr@T¿úwž5®aÔLó2U’˜ö/}cXuU;R¤ßT~¹ij)äfsf;-ò°sTã~:®V)’þcº,ªUíÚëuÝäóÚõLÒ&§ —7°†%VÙÔO÷#€¥ëÅý·Õ" _,‹²~?¥œ¸9uå¾U {ãŒ8¬MËùú©²T&ûÅì¶äÎí´Þ#EÂÆ„ÂX»k¯P©ûÔë²*×sW<b@{jCÆ!­½0êÎÂéÛŽzeÓ´ª_§]»ë‡¢cþ)*‘&Z†QN!)—n·\yÕ0-F5LK½È³â~íÿS•¹k6âum hj¬( s$ýa¤·¦ùôíèÃm™7oÜðÔ}Þ®\÷©@SeÕÌueN'Ó&·"í ¹DXP¶­ž>·<æÅd›ÄõF.‘}49˜2Á‚!a^¿äe¾Ü1K7ù}¾ÌË`H¾ÔJ±Ö–\^?
-¯Q“É2ßX¬ßq‚Gþ'/ËÞQÒ±èxB
-
-&’®á‚CÃ8˜AئÁq¼ÉO{¸T1Å‚M•ëCL2Ç#&™`Î;Áj]&M‹U³xàLjÁ |¦êŸŒ‡V§vÙ#*AŒÑ`Þ¯fÍA5â’°cpèà+H"·IàÛh`£DpVŸüw’×Ù²ç[–çaVƒ
-Ñy¯MÞdÓ|žû5.‚;™Wñb‘ß}ãgå!ž¹8uÊ$GíaëΨÚÄ véç[óãg_Ì©ãÁs|bÛ7›UOîxì‹P91òÓ¯
-Qƒ¤:醨ÿÛ¬ÀGd`ràæa å‹aF—ÔæšÀ1\
-mx[4ù®”†{#D<ñçà âóûS˜Œï“I('Rõ @R=¥Ú«ÿÛ£”½p¨@Š2ö2ÔÑ.Žõ&_óÿð®”B¯±8·",»‰£…p\3bŠ$|¿gRgpg“Š9ú[Ëo¡«à¶Å€¨1 TbñªdNô ±Ø?ë[DaOƽ!F’@)sÿмG5Cà[ª5Ä&¥À11¡e½¹$Qnôúóæê‰1 wÏX‘¹Ò’õb&¾n_A
-b?ž‹Ü Ê狽€”2 wÂ)y‹™·­Ãw&}ᓲQíÒ`Ûfâ |gG…見îÈ“àЦ‰;‘6"Ó0»…í&7IK{×Sd÷«fßjVu~¬ˆï¬„#ε~¬Ì>.²í­2ID ÚUþ¹9’¢¶’ï9N×\½€‡˜\ù„W7¸W‚¶È™XèHÈEl}¿Ø1Œ¸®¼€ƒ0›
-ç .¯îÎo.ÌcÓ¨}€:3WQ¶Ñ¿ç"ŸƒxE¬ ¯×2ßÂy-Ì
-ÑjQ7>¹>ß™´t-•ÿ^Þ^Õ6siSnž¨ |Öõa:[Û ÂvdÕÒ§óR3ñ|Ù´î† f²Ù|C%Lx»•æ/óæ©Zþ±/3ÈÍñ ÔyæŽ?ÈÙ%s±OЙ†NvË4,ÓòÁ¤á ˆ:$ÎáŠËÈî
-f¦¾$œ$Aœ©X8fÖS”•ÎÖÕʵg©ç¹^]RÛò¦Õ 8£FX÷çî%-ÞWÎ]J}h,
+xÚÍZ[sÛ¸~÷¯Ð[©™J\ˆK·Ýob'ÞI´®­N;“ä&a›]‰Ô’”½ê¯ïHQ6{ïÔÉ$$€ƒƒï\ŠNbøK'‰$Ò03QF$¦É$[Å“è{wDØY7h6õãâèϧ’N 1’ÉÉâzÀK“Xk:Y䟢cÂÉ8ÄÑ»“ùÉÅñ‡éŒ%qôv~‰/'§''ó7'Ø<›Ÿþ|ññxªD´8ûy>ie’èøüüdþöì_8æØ1ŒãŽúæärúeñÓÑÉ¢—x¸+s'î¯GŸ¾Ä“6÷ÓQL¸ÑÉä1¡Æ°ÉêH$œ$‚óŽ²<º<ú{ÏpÐ많¢Dc¸d#0 >SbˆäŒ{˜~<›¿Î8gÑ­›¢*±!܃GEƒÍêzJuô9ŽYV¤Ë婹]׎n³´µ9ÒÒ2¼tŒù>cÝM½³Ëj½²e‹„n¥¬*›"·È7G«´([[¦efgqØöŒRb’„ù=T¥“ˆQ%>¯Ó»ªÆWž<Èã(½<®a@§Ìèh^a;Íó¢…Þt‰í=AýMè¨J‹œ;VVAŽúШ‘i4¸ª½µ5¾¶·i‰o×U 56ÛÔE»!XKT‚ëY§mvkÒ³VÄp¦
+g
+¦–»MÑ,ÆLfO8fâ(½ª6Îê îÒº@£
+$ŠªýÄ°“Ûå)¢÷½qȤ÷³Sn›¬.®BËG×}³¬®\qÄÎ |c`M8²seç^V¶ª†‹ ò®Û.½ +^œ¾Á1<Ñê»1gú̘xÄqQ¦ǟņâ8©_ˆ¸Iceï¢ ­é &j{ã²û2Po­“>\7JÈ.Áö}Ëeu¾6v,
+N­ @|çίu§! *ÍÍ¡yD!C­T$ i y *œöwÌw|㦀·ñêå`‚“T_…‰NŒâx2?=wÞ9gñá8dn8¸Q‘èèâäÒy“’Ñ|Øk°èrHQÒÕÎ]@èé‡
+ùz‘„¤eóî’ƒï‚LB(Ä„AÚˆ»šõ¯#ÁÊH
+~
+î.ÆÅ3-]qË÷/ùJÛúž#—ŒÂ¹G
endobj
-1190 0 obj <<
+1195 0 obj <<
/Type /Page
-/Contents 1191 0 R
-/Resources 1189 0 R
+/Contents 1196 0 R
+/Resources 1194 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1156 0 R
+/Parent 1161 0 R
>> endobj
-1192 0 obj <<
-/D [1190 0 R /XYZ 56.6929 794.5015 null]
->> endobj
-558 0 obj <<
-/D [1190 0 R /XYZ 56.6929 769.5949 null]
->> endobj
-1193 0 obj <<
-/D [1190 0 R /XYZ 56.6929 748.2826 null]
+1197 0 obj <<
+/D [1195 0 R /XYZ 56.6929 794.5015 null]
>> endobj
562 0 obj <<
-/D [1190 0 R /XYZ 56.6929 748.2826 null]
+/D [1195 0 R /XYZ 56.6929 689.3212 null]
>> endobj
-1107 0 obj <<
-/D [1190 0 R /XYZ 56.6929 721.3917 null]
+1198 0 obj <<
+/D [1195 0 R /XYZ 56.6929 654.5655 null]
>> endobj
566 0 obj <<
-/D [1190 0 R /XYZ 56.6929 721.3917 null]
+/D [1195 0 R /XYZ 56.6929 654.5655 null]
>> endobj
-1194 0 obj <<
-/D [1190 0 R /XYZ 56.6929 696.4862 null]
+1112 0 obj <<
+/D [1195 0 R /XYZ 56.6929 627.6746 null]
>> endobj
570 0 obj <<
-/D [1190 0 R /XYZ 56.6929 636.8275 null]
+/D [1195 0 R /XYZ 56.6929 627.6746 null]
>> endobj
-1195 0 obj <<
-/D [1190 0 R /XYZ 56.6929 614.5163 null]
+1199 0 obj <<
+/D [1195 0 R /XYZ 56.6929 602.7691 null]
>> endobj
574 0 obj <<
-/D [1190 0 R /XYZ 56.6929 568.2948 null]
+/D [1195 0 R /XYZ 56.6929 543.1105 null]
>> endobj
-1196 0 obj <<
-/D [1190 0 R /XYZ 56.6929 533.5391 null]
+1200 0 obj <<
+/D [1195 0 R /XYZ 56.6929 520.7993 null]
>> endobj
578 0 obj <<
-/D [1190 0 R /XYZ 56.6929 533.5391 null]
+/D [1195 0 R /XYZ 56.6929 474.5778 null]
>> endobj
-811 0 obj <<
-/D [1190 0 R /XYZ 56.6929 505.6201 null]
+1201 0 obj <<
+/D [1195 0 R /XYZ 56.6929 439.8221 null]
>> endobj
-1197 0 obj <<
-/D [1190 0 R /XYZ 56.6929 432.3229 null]
+582 0 obj <<
+/D [1195 0 R /XYZ 56.6929 439.8221 null]
>> endobj
-1198 0 obj <<
-/D [1190 0 R /XYZ 56.6929 420.3678 null]
+816 0 obj <<
+/D [1195 0 R /XYZ 56.6929 411.9031 null]
>> endobj
-1199 0 obj <<
-/D [1190 0 R /XYZ 56.6929 314.6243 null]
+1202 0 obj <<
+/D [1195 0 R /XYZ 56.6929 326.6507 null]
>> endobj
-1200 0 obj <<
-/D [1190 0 R /XYZ 56.6929 302.6691 null]
+1203 0 obj <<
+/D [1195 0 R /XYZ 56.6929 314.6956 null]
>> endobj
-1201 0 obj <<
-/D [1190 0 R /XYZ 56.6929 95.9842 null]
+1204 0 obj <<
+/D [1195 0 R /XYZ 56.6929 208.9521 null]
>> endobj
-1202 0 obj <<
-/D [1190 0 R /XYZ 56.6929 84.0291 null]
+1205 0 obj <<
+/D [1195 0 R /XYZ 56.6929 196.9969 null]
>> endobj
-1189 0 obj <<
-/Font << /F61 642 0 R /F42 605 0 R /F43 608 0 R /F56 626 0 R /F11 1138 0 R >>
+1194 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F42 609 0 R /F56 630 0 R /F11 1143 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1205 0 obj <<
-/Length 2845
+1208 0 obj <<
+/Length 2983
/Filter /FlateDecode
>>
stream
-xÚ­Z[oãº~ϯð[à˜I]ƒ¢@®ÛìÙͦ±·íéî•mÙ"K>ºÄñþúÎpHY²eç-ò`^†3ä|s#>°á—Ù2t~è0×æî`º:³ ˜ûpÆ5ÍÐ ÛT×㳋{BzÂŒç-^³ƒ€ƳoÖÕÓÓÝãíÃ?χµ­+v>tmÛŒÞÜ·¾℃Sžm]?\zøòáùê鯿Ѣï¶k_=ÞRgôõÇ»ÑøNwŸï®n?
-Ù(Ö‘}Šu8¾§
-
-Ne@°ªUÀ„ÖD/©³ä÷ZÓçië„–¶,8»]ë‹žÑÀ`ŠVi$G&š3ö¸,+w(1
-:[AØ£r,
-_|Q6ëˆZÏM¶”h€‘ò÷öºe¤Hg›hg,~[žrdn}¹¿¿¿Ã_5$_mí3ÞÛ‚ßÙBz6Ô›îÈ0ßå›XI…tW&‹Láæ©e“±)O˜(¢R·Q’m• #e^§3*éˆ8¯MóÕ:…€¯ÀÔânÆTÖɘ=Á¥9Œ”µ)’ªBÆ؉J:CµU›€K½”Ô.cðoð¯™^«b>.ˆh`
-ž›"ÒÓ1çÒ8š©à‡?)zäš!êA &R%‹FT’WòõFónt¦¸sAz
-š Oöîy-{—¶d r6…{y{{ëq
-î³PŠ@Ó°ê­""λD›Dôçý× GÚ, PH7`$½$ÐôËÀ´~ݽ&4+†í%ê5Áõ[‚9ãm4šPºÇ(ÎBÇ º€–ð!‡¬øbï\†L÷D:ø’÷>•4TÃ6™ÚoWQÜpéÓ»Í×3*E“Ú47”(% ¤pN")8³ÛpÄ*Yra,^XY½š`EmåçíI0 ÆšY³jí<;)æiÉ!å¾FI©¤†Ún[üþvOôº>“‚« Û?fS®0/töq9aSÍŠCŒ:6uÈY•Ì™‘#$ó\×éš‘6¸¸š³¼X\óé¡-…À™KàrXÈý°ß– Õ°MÖcKÜŽÙ’Ï|'0šìMßCÖ!áßMãÏñ<.b(
-ÊcÙØc.•.)ÞÏÊco—øœÈß9ý,Û¦:þzØP¡äo`Ü–Î}»àD¡à§E7T‡²Ý¶q×Esp»ÂoóUdŠ¥Çhež&à
-ç›ô·6%HSøÜGÓ$Mª¤Qm7èÚP‡ø&êêZî霋Ðb§û ‹hCÕhÞ<óט<{`$>;ŠÌ¹x‘Õ D U ÷"§D·Ù—}‘¶ðwyÀ«Ö<º®ëà²_õõÅQ÷¤&2uÁ¡Îÿ":Ì‘.? Q›ê8D •(ôOøÌIÉ;„D÷#Ô‘ý²ƒ®÷óº¢ûNƒæ!º åh ׄUŸ³¸p p°‹ÇÖþTÇE2[Äzüc”Õø¼nTï±¾Ð6bjàt"ÜS‘ÃeÍ\UÞw\‚8Žÿt-ªÐªÆ»Âð„wÝÂn_öìÚ²)å|å@Æ5/þcõÝ¢ˆ²rnìÛ
-ÏçÜÛ¡ C‡ri£€“#=>^æ«’Þ,aô7ý5QM=Ç/ËŠ>ÊéiºþÂÔGú0lw*Üë¼Îfíuab8€}<y.”•ïd¯Íq¨5Íé€Gú„ÐÐ{Rûqn‰½I£bïÙ³û jåþ`!Á]Ù>XQÇÉžYÓ ßëº\Rë.ýi²Xnÿ€ö¥Ëð"ì&ÛýÏÿJ°Òñ™ ‚#…bózSxd_\ëdÀÜ@ø=[ÿTíRáendstream
+xÚÅZ[oëÆ~÷¯Ð[)àh½^¢€Ï9¶ë4q\ÛiZ$JI´DŠTDʶòë;³3K‘å´
+?p/³3³3³3ß®¬FþÔ(„4‰?Š_R£ÙêLŽ0ws¦˜fâˆ&]ªOgçס%" u8zzîðŠ…Œc5zšÿä]Þß_Ý}¾ýçx¢é]Šñ$Ò~ºzO¢0Á §Bé}¼ýøíí÷7—÷ý-úYòòî3u¸¹¹z|ºâîÃÕåçÛ» Qã_ž¾9»zjÕînMIƒ:ÿzöÓ/r4‡~s&…Iâ`ô
+)T’èÑêÌŒ|cÜHqöxö÷–agÖ.2U`bÄ:°•o†l$"4ÚX[¥õx¢’Ø«·Ó2kš¼\P?-é{{ÿâSë\…ØH< {­6_h4/›ŠçµßeUƒmub¼§e†V:¿ÂŽ.Ú„Œd
+—!‡gQM¤m™ÏÒº9Š@˜Ue×Míä_æ4•"2±?
+c_„‰ù]YM-”øý¬öß­rŠtÂऴN/nºÝg5i75 #-=œ3µ”›Ba´O.5ã‰o‚ÈSØHbß‹áU!XÏבðcP +çÓ]%"?Œ÷éê4G(E›¯Y#ô… “ÐZãú2_˜DÞÓ·—|b°R†ZA©„bk|å{w¹“&ÚËþ£,´/›ÿˆU ŸL”b¡eÔ«ßGuÜÈPÄ:2"W¨Gï–ñP‡QB .10upB„>º¿˜¤®«Í*åñ{ÊXaßlõ°ËlòY)5°PÎÒ†ÊPIÉ–œàoJŸ}¶I¼Úlö² –G“´Y¹h–̘ÒŒV\ç ÙìÖK½ze€êó@-]¹Lþ’nvc°¾·Ïȱ0à
+»RΧ.&Ñ<œ\iàÛì%ãìy¹X˜EÚTg,[tê=8ÈÚëŽ}û‰}Wm]!¯Ö“b/çöžù¦³/ÓªdFT7ãÈÞJÌ)«³Í ”˽jÄÐt¤œê‘«0t—½54䶃ý­•gi(i6
+™0gÚXßã²²Þ»ÀŠ±®“Ö…† ƒj°«Âl‰3U"²¿©ÛuDÍsÓ`D7‡ÎºejIç¯é>X¢®<{•÷³Öþõõõ~ínÏjGÏ"ýš
+QO…c8 Ð`¹£ÀzW½f„Áá”/JëO.”mŦ:ᲈ-ÝÎdH¶³!Œ<–Õ¶˜s©¤-â</šU«u ;[A¨esTƇRÖ«˜C%ÕmƘØ{ÝäMƒŒ±ƒW#ÜÑ«*ŽMáH}©©]gp¾á|Íy­Íù¸ ¥œÜòâDÎ)8WdéÜ&?¤ø²GÅ ÑV0‘ZY4b‹¼•ÏŠV+Ttn¹+›A¶–½¥`’ì‚ŸtPVI€?ói|¡á›\¤RBëu{¾xÎbu¡§F¼J°áÄ›^¹(£ëlÆþw¹
+ÉÚH’"ÿ’;š°§(±7µ†î H@‰½H‚™µ l­‰V‘ŠÒwâJ+m¶„ì:kxñ2}áÙ¼œÛ¹Å0žpÓpÁa³#æ§Í=﨨…¶f¯lüî0(o^méå
+÷H4¢ykˆH©>‘Æ&ýùè‰ÄH‘Ä(ð½Aâ{ƒ}H é/#×úÛþ1¡]1é.±¯ AÔ|Ìh­ÑZ‚_Êý@$½§'z)ŸàO,ÅçGï‡&ÆñHk)d"õà-Õ¤Kfõíêˆjð—!»K¡3)†Ôk{Cp¥±Ñþ»žÔ
+,$ÃÎïFiñÚ+·«)"zlÛsÞ„
+®"Žet*¦‹0ñýòNLµ+Ž}Ô‹©cÎ27TF¾6" ÖzaÄ—5Ï¢Ú,Î7ϳãXJ€³2ÁHƒü†’#št¨"éש@ŠDäÇÎŒƒµ{¢ 4 \áû5ü!{Î6Y9#°=TŠC|E%É”íçõ©ß•ôQ‘ðýŸK»T§ß[*”üD£’ÆÿåÈÚ¡D«÷E·TDz{?ù©
endobj
-1204 0 obj <<
+1207 0 obj <<
/Type /Page
-/Contents 1205 0 R
-/Resources 1203 0 R
+/Contents 1208 0 R
+/Resources 1206 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1231 0 R
-/Annots [ 1208 0 R 1209 0 R 1210 0 R 1211 0 R ]
+/Parent 1227 0 R
+/Annots [ 1213 0 R 1214 0 R 1215 0 R 1216 0 R ]
>> endobj
-1208 0 obj <<
+1213 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [429.9899 355.0226 539.579 367.0822]
+/Rect [429.9899 228.2397 539.579 240.2993]
/Subtype/Link/A<</Type/Action/S/URI/URI(ftp://www.isi.edu/in-notes/)>>
>> endobj
-1209 0 obj <<
+1214 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [84.0431 343.735 140.332 355.1271]
+/Rect [84.0431 216.9521 140.332 228.3441]
/Subtype/Link/A<</Type/Action/S/URI/URI(ftp://www.isi.edu/in-notes/)>>
>> endobj
-1210 0 obj <<
+1215 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [507.6985 343.735 539.579 355.1271]
+/Rect [507.6985 216.9521 539.579 228.3441]
/Subtype/Link/A<</Type/Action/S/URI/URI(http://www.ietf.org/rfc/)>>
>> endobj
-1211 0 obj <<
+1216 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [84.0431 332.3576 199.6097 342.5194]
+/Rect [84.0431 205.5747 199.6097 215.7365]
/Subtype/Link/A<</Type/Action/S/URI/URI(http://www.ietf.org/rfc/)>>
>> endobj
-1206 0 obj <<
-/D [1204 0 R /XYZ 85.0394 794.5015 null]
+1209 0 obj <<
+/D [1207 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-582 0 obj <<
-/D [1204 0 R /XYZ 85.0394 473.0754 null]
+1210 0 obj <<
+/D [1207 0 R /XYZ 85.0394 697.047 null]
>> endobj
-1207 0 obj <<
-/D [1204 0 R /XYZ 85.0394 436.7899 null]
+1211 0 obj <<
+/D [1207 0 R /XYZ 85.0394 685.0919 null]
>> endobj
586 0 obj <<
-/D [1204 0 R /XYZ 85.0394 436.7899 null]
->> endobj
-652 0 obj <<
-/D [1204 0 R /XYZ 85.0394 409.9656 null]
+/D [1207 0 R /XYZ 85.0394 346.1071 null]
>> endobj
1212 0 obj <<
-/D [1204 0 R /XYZ 85.0394 282.0345 null]
+/D [1207 0 R /XYZ 85.0394 309.8908 null]
>> endobj
-1213 0 obj <<
-/D [1204 0 R /XYZ 85.0394 282.0345 null]
->> endobj
-1214 0 obj <<
-/D [1204 0 R /XYZ 85.0394 249.2885 null]
->> endobj
-1215 0 obj <<
-/D [1204 0 R /XYZ 85.0394 249.2885 null]
+590 0 obj <<
+/D [1207 0 R /XYZ 85.0394 309.8908 null]
>> endobj
-1216 0 obj <<
-/D [1204 0 R /XYZ 85.0394 249.2885 null]
+656 0 obj <<
+/D [1207 0 R /XYZ 85.0394 283.1356 null]
>> endobj
1217 0 obj <<
-/D [1204 0 R /XYZ 85.0394 243.1026 null]
+/D [1207 0 R /XYZ 85.0394 155.4311 null]
>> endobj
1218 0 obj <<
-/D [1204 0 R /XYZ 85.0394 228.338 null]
+/D [1207 0 R /XYZ 85.0394 155.4311 null]
>> endobj
1219 0 obj <<
-/D [1204 0 R /XYZ 85.0394 224.7464 null]
+/D [1207 0 R /XYZ 85.0394 122.8426 null]
>> endobj
1220 0 obj <<
-/D [1204 0 R /XYZ 85.0394 209.9818 null]
+/D [1207 0 R /XYZ 85.0394 122.8426 null]
>> endobj
1221 0 obj <<
-/D [1204 0 R /XYZ 85.0394 206.3902 null]
+/D [1207 0 R /XYZ 85.0394 122.8426 null]
>> endobj
1222 0 obj <<
-/D [1204 0 R /XYZ 85.0394 147.6165 null]
->> endobj
-754 0 obj <<
-/D [1204 0 R /XYZ 85.0394 147.6165 null]
+/D [1207 0 R /XYZ 85.0394 116.7037 null]
>> endobj
1223 0 obj <<
-/D [1204 0 R /XYZ 85.0394 147.6165 null]
+/D [1207 0 R /XYZ 85.0394 101.9392 null]
>> endobj
1224 0 obj <<
-/D [1204 0 R /XYZ 85.0394 144.2998 null]
+/D [1207 0 R /XYZ 85.0394 98.3946 null]
>> endobj
1225 0 obj <<
-/D [1204 0 R /XYZ 85.0394 129.5353 null]
+/D [1207 0 R /XYZ 85.0394 83.6301 null]
>> endobj
1226 0 obj <<
-/D [1204 0 R /XYZ 85.0394 125.9437 null]
->> endobj
-1227 0 obj <<
-/D [1204 0 R /XYZ 85.0394 111.1791 null]
->> endobj
-1228 0 obj <<
-/D [1204 0 R /XYZ 85.0394 107.5875 null]
->> endobj
-1229 0 obj <<
-/D [1204 0 R /XYZ 85.0394 80.8677 null]
->> endobj
-1230 0 obj <<
-/D [1204 0 R /XYZ 85.0394 77.2761 null]
+/D [1207 0 R /XYZ 85.0394 80.0855 null]
>> endobj
-1203 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F42 605 0 R /F66 714 0 R /F11 1138 0 R /F57 632 0 R /F56 626 0 R >>
+1206 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F56 630 0 R /F42 609 0 R /F66 718 0 R /F11 1143 0 R /F57 636 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1234 0 obj <<
-/Length 2748
+1230 0 obj <<
+/Length 2762
/Filter /FlateDecode
>>
stream
-xÚ¥ZÉrÛ¸Ýû+´”ªÚxÁq)˲ã$VÜ’ÒݯÒYÐl³B‘jNÜ_ÿ.ˆ BI½ò®pHœ;á‚xâÀžø
-b7ž„±‡|û“Ýá™<ÃÜí2—RèR—ºÚ^üç&À“ÅL¶OÚZr¢O¶û/Ó9òÐ Vp¦WwWï>Ý®çïþ;»t}gú·ã;óÕ5ïl>ßÞ.7ۥ讗óë»Õ-ˆàÙeÄÎtþð°\]ßýÅççlUG.–›Ù×íû‹åV=¶þjØ!ì™ÿ¹øòÕ™ìá ß_8ˆÄ‘?ùá8v'‡ Ï'È÷‘#ÙÅæâwµ 6ÛþÔ´UJæ’x(ü3êÇ( .QêÓ†J)¶¡_Ö7 —8Ñ×áûb×h?œè‹ž@+©Sl?а±"ß ûØ+úœÔé+å,’ÝKš?óNñÄÿ_¯6¼ñ{CË”Vì)¯…IŒ°¸ð@lÑ߸ü=Äæûr†£)ý^É™¤ؽð.0¡Q²= øœkR–m—RjÛ#Ï·l» ZÛö!¶yÛuì Ýñ-©aˆ?ý@ßxc;ÃOË$¯’]9 ¦ó¦~¡yî9æOŸŠ’78?Ð`Æ·ÝÜq ;%Éu ±¯“?z˜a7ž"ÞùcæûÓôGJÛÉxúIŒß6ûC“﫪ÈÛ™hz-f–IU_2°É¥ZÿcûÐ`0Yò
-ÖIûÊ{ÑKò=o\ 5ùs»Sše €5Çi5å7\Çqx+w¢ž`û!>rp¶°eq,** 65 %å¾’Ý4Ëxós¾§¥ÐsúJ³âx€ÓÅ ˆQg\€.5®‹JJê"Ž¢`\­Ð.ž`u±‡­ì{ù£¦y
-&¶©.øÿª9‹²æ»þÿ•–×Eè&Ÿ¸(tðï6‚ìíKq¨äÏ•*,Äì»&­é!ùM³£‡GI8 ÔY>F‘O¼3iR‚¤”rN`qVh !¶™ ûº8$)l•ç:ÓUr ¬…§›·
-öˆ‚;iÊ´~ã3Z"¨ƒŽ/ ­9·?sf;Ã|Æ“FËqZ¢Xc!ä?$ÍÓ!ÉÅ*IÊ7îp<y
-p‚mT€öÒZ×Ól”õZBŠÇŒ‘ÎZÓÒfDôb#‹¢ä
-$26öç ¬0­_ôÞžfbõkzÌŠ7ùû–„öŠ§ú;O½(2¨ |’ îTÊÉt‰¸A«Ù^|¿M^ùˈýiWº³&£æîa|.³Ó¥,lK)mK4µBkl±ÍlëØ‹âpà)–™Ù‰ö·“KNjQV\†A˜Ø4ÏϼÁžß¤?Œ9·KBƘèéœ×¢Ø"šz2Í{øj¬œ‰Á…\Ѧuâ<“ëöhîÒDfÕIþoú<Ìãdh¿‡äŠ*ì_Ó|9wfÕ¥,!¥”FÄ‘kÑ´¦Cl³FèØ85%ÂÝ®š.‘™ƒ7x9PÈêMÞÝñÑ%}ï¾–Þ=ûw°ùr檩^¤—ož›ªV»˜Ý<DÂÀë§ÏkZM¹ÁiMwE)€¶38¸¿¹Jš8ô<x÷ð\
-¦Ks¨¤‡8"ãZ¡;O°ö°Wô;¼>&¤¡±^‹ú·ã¸yZå[Ž§m¢‡é6ºa§Ä×XB2Í|ÁKRÖ­
-ûb÷-9ÒºL+aáê‘z>´RgÔJ=ì"KÓt) ÃRJ1:¿m…Öb›Ö±U¦²Ṳ́Ú3#h =C0Ò ØaÆ}{•GÛ{ IÕUNlvQdpìMF¼¥7Ê9½ˆ•]jœ%ÕFC V莇l#=ì9ÓåpzO“öê¢ÐcËGž»TßL˜üX¨šHÜå |PÁ4µò†Ê¾aRdß0*²oCFä`‰D¯f‚yÜd‹%¯i%Æ:›ƒ ­ŽÂS'¹LÏâ¶,F¢a½“A6Ý}KóJåUòpÕ÷çF½<ä^tF/4)‹^H©îì[¢¨ZÓ‹!¶Y/tlÐ ¨ÜL öZÿËZí`Í‘îÒ§·V3X¿¥œIv*†YU³§åkº£•)vaâj¬`˜¹böËÛ&{,®Šæ ¥ŽÍ(`½–Æ~.íš'Y¡§vV xíÒo;«š”…U)ÕŽK\µBk¬±Í¬êØŸ¹%ÃN¾ q—×´ÌYe”õ8ál¾i±ì±©…øýÝ_Ë5o.
-nÿ¹øímV<²Ì‹µçû½tâwÉñÈÀ FïÅÈÞ–{_O´ e¢Þ©ÄúõÎb·{I‹£/sÊatŽÝNÈB®Ò¸µ\-Øp5jÀff5`;³¦«`·— $œ~ÎSFX¹Û³27˨(?ÓF8{"½8Œ)/N”'V/NàÁüÞQ)æá—-–ä)Íøâ°» á¹ÅO{$CtjëÔ’å&§ƒrŠ‰b7ôPì`;ÅšÐ8ÅRHQ §¸qŠm¸ÅC`#Å:0¿³hëÆ»—$–õ-šµwJ²¸«x(g¥åÚˆLEJÎO#‡ŸyÝ‹‹Ã|i¬œ{çáàš@e}*üª'SnhŒM [á¹g,V—²ð)¥ºsŽƒ-„Ú 5F‡ØfJuìî. ßû“«À­¿å·®xY vO+nÙGOl„\'ˆú÷j èÞæ´„Å£6‡A|Îèt©q–”TÇ’k‰šV莥l#K=ì5ý§Iy4cE¥j`\]
-î6ÂmÐáCl3á:¶*¸ë×M×IðÖMšÉ[Šœ%–ÏM©¹>­
-oJCBäžg SW”–ÚUõÏ—º#‚\Ø1;šÐ8R¨«scË Ý†Ûñ06Ò YP)ËßÝEÿ/sábðQ䚯;¯’R¿q¸¡å,šþd½$ðqñ¹O¤ŒíƒV¦«”`Çö¹À(¨þ±@uäS…z²ß‹2­Ùíà AXƒ‹: T´dŸt˜Ê!8„l ìíWj›V7´KÑÃGìÓ;Ã.9Ê5þß_j5ë¦cFš]Ø/‚EÄC±½½“'Ç]×ðèÿ&çˆ_endstream
+xÚ¥ZËrã6Ýû+´”ªÆ ð¹T[jGî´Ú‘ìI2^Ðm±L‘
+îv¾~.ž)šÔ”&KòÜ'„&.ü¡‰8AŒãI{Žï"²;^¹“˜»½BBæZ
+]ëR®~ú IìÄ&ÏÚZ‘ãFš<ì¿NçŽçÌ`wúaõá—Õ—ÛÍüþç?f×Øw§º¾;_/øÍöñöv¹}XŠÛÍr¾X­oAͮà v§óûûåz±úÏÏ骮½Yngßî®–êµõOC.¡ïü×Õ×oîd_xwå:$ŽüÉw¸qÇxr¼ò|âø!r$¿Ú^ýªÔfÙ£FU!×Á$À]yx‚û>î)Ë€`”u_•§²N÷B#MRì“j_~¡~t4MŠ¿1‘&¥è{|Ý|¼ø߆ÈcPÚ¡•Ô9¶h؇ŽÃ>öªØU3MÓcZ4IÎUñŸ²HùÕà !4­’¢~N+>”üÿbÍöÀà‘‡D¼]þ_\ö³Ãÿ94‰š·/mÝðkøøÀU;
+Ï ÑµkRµK)MíEí6hMíCl³Úuì¹ÐKº;$EVùís)t|Ï8)'¡ uÙdº.Þ%MV
+ý—ÏC²n`­—´6°‚á]ƒ÷I¹Ÿ!O3ÿžùþ4û‘¥ÿ”ž
+Þ`ÏÇ?f?ÌM:aŒô‚‡x¬sHùÔY Ò<íÎá«Ý—°r.oÄà:m™çiœ\·ç·{Ý‹ERü½ ó8Ú?Cr¥Šã¶#H šŒ.øMh|?H¡®óáñí`ÃívÃظtà-ÔK²É·n»f~àpL!Ÿ7ùuÜ­w^Ȫªu v½²µu“Î<
+(ȯïà7i]¶ÕN„¥Mº+«½lNÆîôý”Žvl qŒýKôiRþ¤”"EÄB  Zcpˆm¦PÇ^§ßáóÆ ›HiC¢Èš±LËõœ€=@³Ìé#­s¾ÆÒhêIÕ04ýEL1KF* còZÖbv#fóL¶‹òÍ
+>ª€Ÿ›`Ñ9¦*ï†I‘wÃèh瘸Ó^K Â*‹˜t±ä-«ÅXgs¸×MæI“\¦—4=Ðèè èJ†×l÷šµÊ¨dYuùt
+èªÓ‚ð¶?Òºhô¦w¢
+è©…ðÜâÑÉX‡ZÉÓ`kc‹öBÝøÒ¡º.e!YJ)–¡„³°lƒÖhb›yÖ±ù™ëïØQ¸ìÖæìLI6wõB¸÷NøLMJßÁd¤š7½è8ÌšÆÚYô|0Ç*÷SAX½™rFcœBd÷Ht!Ö¥,œJ©®Úq-ç²VhÓ!¶™S»; (våþì(p6ßËêµk^ÖíiíÁZæÈrñ,ÌFvƒÈú í¦WÉœ·0£xÔò"5n|!QÖ„Æ9’BEØ8m¸CC`#A:ð&ý«Íº_Õ³ê(;E)k)q-µvÊ3ýW-]óFœñ˜ûLq/&²ú¦JÀa›MÐBGà;Ôô.œ KÛù¹#M˜7ûbÛÏÆAõ³óêÈɹB½ÜÅß6U»kz­¥mÍGšû¾„dð›®;a
+]ÏxŽ>^3‚Û£?ï3hÁUŽòÿþ¡Ö¶ éï{°™FFŽÁ"â¥èw†Þٛ˟ž¿ú3Εendstream
endobj
-1233 0 obj <<
+1229 0 obj <<
/Type /Page
-/Contents 1234 0 R
-/Resources 1232 0 R
+/Contents 1230 0 R
+/Resources 1228 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1231 0 R
+/Parent 1227 0 R
+>> endobj
+1231 0 obj <<
+/D [1229 0 R /XYZ 56.6929 794.5015 null]
+>> endobj
+1232 0 obj <<
+/D [1229 0 R /XYZ 56.6929 749.4802 null]
+>> endobj
+759 0 obj <<
+/D [1229 0 R /XYZ 56.6929 749.4802 null]
+>> endobj
+1233 0 obj <<
+/D [1229 0 R /XYZ 56.6929 749.4802 null]
+>> endobj
+1234 0 obj <<
+/D [1229 0 R /XYZ 56.6929 746.461 null]
>> endobj
1235 0 obj <<
-/D [1233 0 R /XYZ 56.6929 794.5015 null]
+/D [1229 0 R /XYZ 56.6929 731.6964 null]
>> endobj
1236 0 obj <<
-/D [1233 0 R /XYZ 56.6929 769.5949 null]
+/D [1229 0 R /XYZ 56.6929 728.4022 null]
>> endobj
1237 0 obj <<
-/D [1233 0 R /XYZ 56.6929 771.5874 null]
+/D [1229 0 R /XYZ 56.6929 713.6376 null]
>> endobj
1238 0 obj <<
-/D [1233 0 R /XYZ 56.6929 756.8827 null]
+/D [1229 0 R /XYZ 56.6929 710.3435 null]
>> endobj
1239 0 obj <<
-/D [1233 0 R /XYZ 56.6929 753.6547 null]
+/D [1229 0 R /XYZ 56.6929 683.6237 null]
>> endobj
1240 0 obj <<
-/D [1233 0 R /XYZ 56.6929 684.6346 null]
+/D [1229 0 R /XYZ 56.6929 680.3295 null]
>> endobj
1241 0 obj <<
-/D [1233 0 R /XYZ 56.6929 684.6346 null]
+/D [1229 0 R /XYZ 56.6929 665.565 null]
>> endobj
1242 0 obj <<
-/D [1233 0 R /XYZ 56.6929 684.6346 null]
+/D [1229 0 R /XYZ 56.6929 662.2708 null]
>> endobj
1243 0 obj <<
-/D [1233 0 R /XYZ 56.6929 681.7414 null]
+/D [1229 0 R /XYZ 56.6929 647.5661 null]
>> endobj
1244 0 obj <<
-/D [1233 0 R /XYZ 56.6929 667.0366 null]
+/D [1229 0 R /XYZ 56.6929 644.212 null]
>> endobj
1245 0 obj <<
-/D [1233 0 R /XYZ 56.6929 663.8086 null]
+/D [1229 0 R /XYZ 56.6929 574.6175 null]
>> endobj
1246 0 obj <<
-/D [1233 0 R /XYZ 56.6929 639.7389 null]
+/D [1229 0 R /XYZ 56.6929 574.6175 null]
>> endobj
1247 0 obj <<
-/D [1233 0 R /XYZ 56.6929 633.9207 null]
+/D [1229 0 R /XYZ 56.6929 574.6175 null]
>> endobj
1248 0 obj <<
-/D [1233 0 R /XYZ 56.6929 576.8557 null]
+/D [1229 0 R /XYZ 56.6929 571.5983 null]
>> endobj
1249 0 obj <<
-/D [1233 0 R /XYZ 56.6929 576.8557 null]
+/D [1229 0 R /XYZ 56.6929 556.8936 null]
>> endobj
1250 0 obj <<
-/D [1233 0 R /XYZ 56.6929 576.8557 null]
+/D [1229 0 R /XYZ 56.6929 553.5395 null]
>> endobj
1251 0 obj <<
-/D [1233 0 R /XYZ 56.6929 573.9625 null]
+/D [1229 0 R /XYZ 56.6929 529.4698 null]
>> endobj
1252 0 obj <<
-/D [1233 0 R /XYZ 56.6929 548.518 null]
+/D [1229 0 R /XYZ 56.6929 523.5256 null]
>> endobj
1253 0 obj <<
-/D [1233 0 R /XYZ 56.6929 544.0746 null]
+/D [1229 0 R /XYZ 56.6929 465.8862 null]
>> endobj
1254 0 obj <<
-/D [1233 0 R /XYZ 56.6929 517.3549 null]
+/D [1229 0 R /XYZ 56.6929 465.8862 null]
>> endobj
1255 0 obj <<
-/D [1233 0 R /XYZ 56.6929 514.1867 null]
+/D [1229 0 R /XYZ 56.6929 465.8862 null]
>> endobj
1256 0 obj <<
-/D [1233 0 R /XYZ 56.6929 457.0262 null]
+/D [1229 0 R /XYZ 56.6929 462.867 null]
>> endobj
1257 0 obj <<
-/D [1233 0 R /XYZ 56.6929 457.0262 null]
+/D [1229 0 R /XYZ 56.6929 437.4225 null]
>> endobj
1258 0 obj <<
-/D [1233 0 R /XYZ 56.6929 457.0262 null]
+/D [1229 0 R /XYZ 56.6929 432.8531 null]
>> endobj
1259 0 obj <<
-/D [1233 0 R /XYZ 56.6929 454.2286 null]
+/D [1229 0 R /XYZ 56.6929 406.1333 null]
>> endobj
1260 0 obj <<
-/D [1233 0 R /XYZ 56.6929 430.1588 null]
+/D [1229 0 R /XYZ 56.6929 402.8392 null]
>> endobj
1261 0 obj <<
-/D [1233 0 R /XYZ 56.6929 424.3406 null]
+/D [1229 0 R /XYZ 56.6929 345.1042 null]
>> endobj
1262 0 obj <<
-/D [1233 0 R /XYZ 56.6929 409.5761 null]
+/D [1229 0 R /XYZ 56.6929 345.1042 null]
>> endobj
1263 0 obj <<
-/D [1233 0 R /XYZ 56.6929 406.4079 null]
+/D [1229 0 R /XYZ 56.6929 345.1042 null]
>> endobj
1264 0 obj <<
-/D [1233 0 R /XYZ 56.6929 379.6881 null]
+/D [1229 0 R /XYZ 56.6929 342.1806 null]
>> endobj
1265 0 obj <<
-/D [1233 0 R /XYZ 56.6929 376.52 null]
+/D [1229 0 R /XYZ 56.6929 318.1109 null]
>> endobj
1266 0 obj <<
-/D [1233 0 R /XYZ 56.6929 352.4503 null]
+/D [1229 0 R /XYZ 56.6929 312.1667 null]
>> endobj
1267 0 obj <<
-/D [1233 0 R /XYZ 56.6929 346.632 null]
+/D [1229 0 R /XYZ 56.6929 297.4021 null]
>> endobj
1268 0 obj <<
-/D [1233 0 R /XYZ 56.6929 319.9123 null]
+/D [1229 0 R /XYZ 56.6929 294.1079 null]
>> endobj
1269 0 obj <<
-/D [1233 0 R /XYZ 56.6929 316.7441 null]
+/D [1229 0 R /XYZ 56.6929 267.3882 null]
>> endobj
1270 0 obj <<
-/D [1233 0 R /XYZ 56.6929 290.0244 null]
+/D [1229 0 R /XYZ 56.6929 264.094 null]
>> endobj
1271 0 obj <<
-/D [1233 0 R /XYZ 56.6929 286.8562 null]
+/D [1229 0 R /XYZ 56.6929 240.0243 null]
>> endobj
1272 0 obj <<
-/D [1233 0 R /XYZ 56.6929 232.6605 null]
+/D [1229 0 R /XYZ 56.6929 234.0801 null]
>> endobj
1273 0 obj <<
-/D [1233 0 R /XYZ 56.6929 232.6605 null]
+/D [1229 0 R /XYZ 56.6929 207.3603 null]
>> endobj
1274 0 obj <<
-/D [1233 0 R /XYZ 56.6929 232.6605 null]
+/D [1229 0 R /XYZ 56.6929 204.0661 null]
>> endobj
1275 0 obj <<
-/D [1233 0 R /XYZ 56.6929 226.898 null]
+/D [1229 0 R /XYZ 56.6929 177.3464 null]
>> endobj
1276 0 obj <<
-/D [1233 0 R /XYZ 56.6929 212.1335 null]
+/D [1229 0 R /XYZ 56.6929 174.0522 null]
>> endobj
1277 0 obj <<
-/D [1233 0 R /XYZ 56.6929 208.9653 null]
+/D [1229 0 R /XYZ 56.6929 119.2821 null]
>> endobj
1278 0 obj <<
-/D [1233 0 R /XYZ 56.6929 194.2606 null]
+/D [1229 0 R /XYZ 56.6929 119.2821 null]
>> endobj
1279 0 obj <<
-/D [1233 0 R /XYZ 56.6929 191.0325 null]
+/D [1229 0 R /XYZ 56.6929 119.2821 null]
>> endobj
1280 0 obj <<
-/D [1233 0 R /XYZ 56.6929 176.3278 null]
+/D [1229 0 R /XYZ 56.6929 113.3936 null]
>> endobj
1281 0 obj <<
-/D [1233 0 R /XYZ 56.6929 173.0998 null]
+/D [1229 0 R /XYZ 56.6929 98.6291 null]
>> endobj
1282 0 obj <<
-/D [1233 0 R /XYZ 56.6929 116.0348 null]
+/D [1229 0 R /XYZ 56.6929 95.3349 null]
>> endobj
1283 0 obj <<
-/D [1233 0 R /XYZ 56.6929 116.0348 null]
+/D [1229 0 R /XYZ 56.6929 80.6302 null]
>> endobj
1284 0 obj <<
-/D [1233 0 R /XYZ 56.6929 116.0348 null]
+/D [1229 0 R /XYZ 56.6929 77.2761 null]
>> endobj
-1285 0 obj <<
-/D [1233 0 R /XYZ 56.6929 113.1416 null]
->> endobj
-1286 0 obj <<
-/D [1233 0 R /XYZ 56.6929 98.4369 null]
+1228 0 obj <<
+/Font << /F61 646 0 R /F42 609 0 R /F43 612 0 R /F56 630 0 R >>
+/ProcSet [ /PDF /Text ]
>> endobj
1287 0 obj <<
-/D [1233 0 R /XYZ 56.6929 95.2089 null]
+/Length 2217
+/Filter /FlateDecode
+>>
+stream
+xÚ¥Y[sâ8~çWð¶¦jÐJ–å˼‘@Òô¦IÒ3»ÕÝÆ(àjc3¶Iwæ×ÏÑŶpl³S[<X—st¤ó›cø‘±Ï¦3ö1LØ8:Žðxs÷#¢i¦ÑÔ¤ºyýóÎ%ã
+rÂè
+ØJó° Uë.N4:·Yúc{VjÒxæ
+³¼è2ßCŽ C¦pæ çyÉ¡ž{ŒÊlËóIŠzÁð rïJ@3©À¨¨j0b€1$Ú
+±™Aõ¡³”«¬°<T¬pºiΓ°ä•Ä»ÛÞ” A2†º¡éGZÓÔñ¢z?ÐBœ[R»a6Ä~.¤CPìX  Ñ`Ö<;†qª•×‰ÑÍ[E>O!V¦'ÊLFF®æfù6.sÛÔl^K˜•ÐÙžKÞB!«a3‚RXSÀ.VYgO·áù¨Ç?…ob ÀUsMk°y0Ã1¡犟Dèi¢>Ðøäøµ÷
+nèÉb¾÷<ÛçáéGRC0ò0N]ù¶„)±n‘b¼ ÕÍ™'‰ž‘µ¾ µat8'r=ºÑôO Ë”×7f˜RXÂÜ\Ó@ŠÝeiü‹öëJ¾ökõ„ÚS°¼3&ÔHriKâaÕžL ÆØZ‚áä)× ž‡/e—c¨F8Ä‘+\>«¸ íȇÙ弯r2¬êgÑQ¯ àÓàQƒâf¥0þ]…íjNB_Y¿‹ùKÉ‹J?ÎsÍÎ š
++¾+â;U¼G4ë˜=p-ñ¥6õû–LžgñêòHêÊãn=¯îÐ8iˆqªî0X”á^æh‹SÎåIv烹±–•÷Š§ISëK0FáY˜¥pmÑMÅ{]C{ŹW+£#,TCF5ZÕËg ©KX _EOÞ’ÞUqÈΉ•REcËÕ÷s¦¢ ʨ
+cQ¬‡©)1Õ‹A5s”žæ]â Ýsª_Ž}eÇi×Á ÿÆru‚­í›ú*‹€ÆJÊ$„€—WaY“hâÆ¡ój>as…êÊíÂW¡‘A’tjJ)‡ðU/ªO¿ð¶§zÒZá[Ä?U㘥åAó‚½W[ü¡çÐeˆzÇÌܱ|ì¡_Ç÷Ze¢}Ú5—ú­f…EbÀ|Yóštðû @uP0Ÿ ¼Då¹ÍÎ:VÜ,Wóf]`vÜz]Œ¢²ñš¿ð\¸Qo
+"Pq2÷Ê Aô> Ûc~½”L@¤?õ ‰l2O[fwâ1eª¼WzåQØ5•dîØ…Xê›÷$ày
+ωbš%Û¸üób%&Þ£ï2îÅC|\DT§§7ùd$ÍI<2ÇñÅßQ««]¤äCänäOmä¹7žt_1a]ùJeìWéO”-j?¾ ‹2;e2Š@p½ýªfÿ±æq’TLÈòZ·ª_fE‘E1ØpÑ[¥‚‘Š?Ï:°Âµ9ÿßÿã™å.¢~ß+&Å.”{ 8½)qµwÎ( àÛ^ÇÖÿ!Ýendstream
+endobj
+1286 0 obj <<
+/Type /Page
+/Contents 1287 0 R
+/Resources 1285 0 R
+/MediaBox [0 0 595.2756 841.8898]
+/Parent 1227 0 R
>> endobj
1288 0 obj <<
-/D [1233 0 R /XYZ 56.6929 80.4443 null]
+/D [1286 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1289 0 obj <<
-/D [1233 0 R /XYZ 56.6929 77.2761 null]
+/D [1286 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1232 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F56 626 0 R /F42 605 0 R >>
-/ProcSet [ /PDF /Text ]
+1290 0 obj <<
+/D [1286 0 R /XYZ 85.0394 771.5874 null]
>> endobj
-1292 0 obj <<
-/Length 1872
-/Filter /FlateDecode
->>
-stream
-xÚ¥XKsÛ6¾ëWèVj&D‚à£7Ù’]§©íJNÓN’EÁ'¡’”S÷×wñ I$Ý™ŽÄc»Øo_cø‘qĦ±?c1LØ8Ýðx{·#bh܆ȵ©®žF?Þd£8ð‚ñÓ³uV„p‘ñÓú³3}|œßÏîþ˜¸ÃÎM\†q³z=_NÜ0ˆå†/·ì\Ý]}¸{¸]LþS3}Á Oïgz²üx{;_>ÍÍt1ŸÎîîo„L¾>½ÍŸZµí«L¥Î>Åã5Üðý#Glü&‘8öÆ»‘Ï(b>¥ÍJ>ZŽ~k´vk—©Z—ú(
-àŒaƒ²Ô£­A}ÚeІJôóâæÚóHüõü¾„aÅÛ‡^ˆn©.e³À’MCQHÙ©ð×vÏú;»_dó,©x¥'Ï¢Ôƒ{^å7/_²”WHj~vUD(ô|””rÞiŽ_‘þþœì²¼…ž%ÅÚ€o¶?MBß)³Í¶6|i-VÜè
-˜!Ñ–¡Ïe÷ÚÞÚsyØïEYŸ™ûƒHL.¹Jò¤H{ì Õ#ˆd©±íý$óœ±ùU™Uicôé¾ÌòÖâ¬ßâ”¢È ¢7,nQ X¼¡:%X|H´eñsÙ=·…Oeù&ÉÓVÙ…Ÿ›¤¥œT%-]¶r‘&uµ¥…˜‚ð`
-2øª.^îŸJžÐúq^vÙTF\õMßè>å`YŸÀî–ël‰O­it@|9ª„¡Ã+èÎS½ëG¬í¾~YÀ`o\ Ûe…~!ÀbU'UK`,o!9×ü…çb/ï1qîšè¥9½µ—dL“ƒtKÚrZˆÚˆ§×Ðn¯97úéTàd€…¨¬Rs~ºÍ tIŒšlª·Ò«¦ª¶â›U%UV\ÿ:m€PeUXK3³ä+û(‰…9 º™Š´ð_˜
-¨h†i*vn>P3u:ÁÎêUµGÀ` -ež@Â+›¤nI ñÑ aòz>és•ž*uá«Q„Ì H«
-I:½¥ƒmòbIô'Ïžyêé™òVøVÙßz°E½5¼àïŠß!õl».j4f¶Æ0Ys™úM~oM&Çûõñ™¿2¬pHf¸Ï<«37àˤ@MR°ÿL°ð’çJL®¸º»ŸÏf?hÏÅ(&±:vÁŸy)è·QÐɇ¦u¸ÙT—%ˆÐy!‹Ž‡©Dú«Ï Ôcõ¹Û]}NÄêêÏ{W8°Mek@Fì×ð<&‡\3MóUVÿsrs®Ë,ý¦²P|È’‹ÈuÿªþJRNEÂ1ßä_~k¥R-ò÷Q¾ë¡0ˆÃ±kÑ}Á„uUA¬¨)‚²yÑú,ù*©j±*—@Š½žþ¤w~Xð,Ï›?4˜”ž¥Ý¦‹™V•H3ð䪷WW•Pv …[§þßÿ•ÝÍ¢žž—â
-(D^Ø¡ú¿B³\«endstream
-endobj
1291 0 obj <<
-/Type /Page
-/Contents 1292 0 R
-/Resources 1290 0 R
-/MediaBox [0 0 595.2756 841.8898]
-/Parent 1231 0 R
+/D [1286 0 R /XYZ 85.0394 714.4286 null]
+>> endobj
+1292 0 obj <<
+/D [1286 0 R /XYZ 85.0394 714.4286 null]
>> endobj
1293 0 obj <<
-/D [1291 0 R /XYZ 85.0394 794.5015 null]
+/D [1286 0 R /XYZ 85.0394 714.4286 null]
>> endobj
1294 0 obj <<
-/D [1291 0 R /XYZ 85.0394 769.5949 null]
+/D [1286 0 R /XYZ 85.0394 711.5354 null]
>> endobj
1295 0 obj <<
-/D [1291 0 R /XYZ 85.0394 771.5874 null]
+/D [1286 0 R /XYZ 85.0394 696.8307 null]
>> endobj
1296 0 obj <<
-/D [1291 0 R /XYZ 85.0394 717.2979 null]
+/D [1286 0 R /XYZ 85.0394 693.6027 null]
>> endobj
1297 0 obj <<
-/D [1291 0 R /XYZ 85.0394 717.2979 null]
+/D [1286 0 R /XYZ 85.0394 678.8381 null]
>> endobj
1298 0 obj <<
-/D [1291 0 R /XYZ 85.0394 717.2979 null]
+/D [1286 0 R /XYZ 85.0394 675.6699 null]
>> endobj
1299 0 obj <<
-/D [1291 0 R /XYZ 85.0394 711.5354 null]
+/D [1286 0 R /XYZ 85.0394 660.9053 null]
>> endobj
1300 0 obj <<
-/D [1291 0 R /XYZ 85.0394 687.4657 null]
+/D [1286 0 R /XYZ 85.0394 657.7372 null]
>> endobj
1301 0 obj <<
-/D [1291 0 R /XYZ 85.0394 681.6475 null]
+/D [1286 0 R /XYZ 85.0394 603.4476 null]
>> endobj
1302 0 obj <<
-/D [1291 0 R /XYZ 85.0394 666.9428 null]
+/D [1286 0 R /XYZ 85.0394 603.4476 null]
>> endobj
1303 0 obj <<
-/D [1291 0 R /XYZ 85.0394 663.7147 null]
+/D [1286 0 R /XYZ 85.0394 603.4476 null]
>> endobj
1304 0 obj <<
-/D [1291 0 R /XYZ 85.0394 648.9502 null]
+/D [1286 0 R /XYZ 85.0394 597.6851 null]
>> endobj
1305 0 obj <<
-/D [1291 0 R /XYZ 85.0394 645.782 null]
+/D [1286 0 R /XYZ 85.0394 573.6154 null]
>> endobj
1306 0 obj <<
-/D [1291 0 R /XYZ 85.0394 631.0174 null]
+/D [1286 0 R /XYZ 85.0394 567.7972 null]
>> endobj
1307 0 obj <<
-/D [1291 0 R /XYZ 85.0394 627.8492 null]
+/D [1286 0 R /XYZ 85.0394 553.0925 null]
>> endobj
1308 0 obj <<
-/D [1291 0 R /XYZ 85.0394 603.7795 null]
+/D [1286 0 R /XYZ 85.0394 549.8645 null]
>> endobj
1309 0 obj <<
-/D [1291 0 R /XYZ 85.0394 597.9613 null]
+/D [1286 0 R /XYZ 85.0394 535.0999 null]
>> endobj
1310 0 obj <<
-/D [1291 0 R /XYZ 85.0394 540.8025 null]
+/D [1286 0 R /XYZ 85.0394 531.9317 null]
>> endobj
1311 0 obj <<
-/D [1291 0 R /XYZ 85.0394 540.8025 null]
+/D [1286 0 R /XYZ 85.0394 517.1671 null]
>> endobj
1312 0 obj <<
-/D [1291 0 R /XYZ 85.0394 540.8025 null]
+/D [1286 0 R /XYZ 85.0394 513.999 null]
>> endobj
1313 0 obj <<
-/D [1291 0 R /XYZ 85.0394 537.9093 null]
->> endobj
-590 0 obj <<
-/D [1291 0 R /XYZ 85.0394 498.6542 null]
+/D [1286 0 R /XYZ 85.0394 489.9292 null]
>> endobj
1314 0 obj <<
-/D [1291 0 R /XYZ 85.0394 471.6646 null]
->> endobj
-594 0 obj <<
-/D [1291 0 R /XYZ 85.0394 388.1315 null]
+/D [1286 0 R /XYZ 85.0394 484.111 null]
>> endobj
1315 0 obj <<
-/D [1291 0 R /XYZ 85.0394 363.7919 null]
+/D [1286 0 R /XYZ 85.0394 426.9522 null]
>> endobj
1316 0 obj <<
-/D [1291 0 R /XYZ 85.0394 329.092 null]
+/D [1286 0 R /XYZ 85.0394 426.9522 null]
>> endobj
1317 0 obj <<
-/D [1291 0 R /XYZ 85.0394 329.092 null]
+/D [1286 0 R /XYZ 85.0394 426.9522 null]
>> endobj
1318 0 obj <<
-/D [1291 0 R /XYZ 85.0394 329.092 null]
+/D [1286 0 R /XYZ 85.0394 424.059 null]
+>> endobj
+594 0 obj <<
+/D [1286 0 R /XYZ 85.0394 384.8039 null]
>> endobj
1319 0 obj <<
-/D [1291 0 R /XYZ 85.0394 329.092 null]
+/D [1286 0 R /XYZ 85.0394 357.8143 null]
>> endobj
-1290 0 obj <<
-/Font << /F61 642 0 R /F43 608 0 R /F56 626 0 R /F42 605 0 R /F14 616 0 R >>
+598 0 obj <<
+/D [1286 0 R /XYZ 85.0394 274.2812 null]
+>> endobj
+1320 0 obj <<
+/D [1286 0 R /XYZ 85.0394 249.9416 null]
+>> endobj
+1321 0 obj <<
+/D [1286 0 R /XYZ 85.0394 215.2417 null]
+>> endobj
+1322 0 obj <<
+/D [1286 0 R /XYZ 85.0394 215.2417 null]
+>> endobj
+1323 0 obj <<
+/D [1286 0 R /XYZ 85.0394 215.2417 null]
+>> endobj
+1324 0 obj <<
+/D [1286 0 R /XYZ 85.0394 215.2417 null]
+>> endobj
+1285 0 obj <<
+/Font << /F61 646 0 R /F43 612 0 R /F56 630 0 R /F42 609 0 R /F14 620 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-874 0 obj
-[598 0 R /Fit]
+879 0 obj
+[602 0 R /Fit]
endobj
-1320 0 obj <<
+1325 0 obj <<
/Type /Encoding
/Differences [ 0 /.notdef 1/dotaccent/fi/fl/fraction/hungarumlaut/Lslash/lslash/ogonek/ring 10/.notdef 11/breve/minus 13/.notdef 14/Zcaron/zcaron/caron/dotlessi/dotlessj/ff/ffi/ffl/notequal/infinity/lessequal/greaterequal/partialdiff/summation/product/pi/grave/quotesingle/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 127/.notdef 128/Euro/integral/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE/Omega/radical/approxequal 144/.notdef 147/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe/Delta/lozenge/Ydieresis 160/.notdef 161/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]
>> endobj
-1162 0 obj <<
+1167 0 obj <<
/Length1 1628
/Length2 8040
/Length3 532
@@ -5076,7 +5097,7 @@ endobj
stream
xÚíte\Ôí¶6Ò ˆtÃÐÝÝÝÝ¡Ä0 00Ì ÝÝÝÝ’‚R"‚´t ÒÈ‹>ïÞûüž³?³?½¿w¾Ìÿ^×Z׺î7¶‡Œ5Ü
¬‡¹rðpr‹ t´P(ÐWç…C­fL9g0ЇÉ]Á¢
-Äü{fXE
+Äü{fXE
0Üú÷äè¹aÖÃöOÃoäæìüØã?ûÿxýœÿŒ=ì a.ÌÁAb¡ö™9Y® Ä£ò/z{xÂœ*Þè—ÖÁ»2#×Dj,ïêÃ8›ÇEµyÍî;Ýoª²n öA™ºÓÁß‹(üèX>ã.3v±ms™W`gÅúϨ¯"›
rn­êèš—ß¡RŽwð9£_²Ò¹Ð_8=óe4%v>oFÀk(Ù?`LÙ½¼`êú4ð±ûåÃ&9[~ƒ˜;26cLà«|r)Sƒj…×Íl(ßÛ
b¬Å7ÎßÊçÏVð™h9Žù,¢I‚°RÊ• e®äß·RÆ%=²ìÙ êt›œ(†Ì%³LÇî)®Ž>1Ù¥‘„µ…^Ñ2¼éˆO£Ý %õ‰>•pjÕr{2–ÂwÍ<–g¬™-j—!3cäáakIè,AŒ$ÁLˆÇÆ‹J¯³nöùU»Ïm›Þ‰D3
@@ -5099,83 +5120,86 @@ $OíœàÅ€DÈ
t‡Í=žÝbóÆÃwî6ß"£“˵?”JËOP2RÐ oQo+†â1)©w†¦ÜèådîI½ÈZ¿VÍ­(e÷åû È"QÔüFØs(úF$'‘qL ®/¶!õÔ ¤HvkÖ‰Œh¼È‰¬ê؉á¶o?Ùa:Šÿ±qêcŒ° gã!_QÇ~ÏWê¡1üaœ¯UÝGmã§Yñmn%ìRãr9÷¬ß0qˆ5†/‚E…(êÚ“†,W‚˜$Ù½ï¶åçLxËÎÔ|ú奕£w†Z|ÂV€ãž÷,éOd
ÞyŠGÝ ŽÎ¨Ý3lÍ4©¿Î\×T2Zª½Ag—.7Ù#ÏPæï™v¼eŦQLÞ»±Oþ¼Ô\’ ¬ÿĵJÅñ¾(š3Ç].Å*,MÎ>ÛBx(ÃSÃó|D³uû‚Þ¡ï†{:Ò‘Á¨2G9¡Cê{É•<|?ÒK áéá@F)Ø,êw÷ó?È ¸¢Ëa„Çh%Ù±o^Œñ{‹6™Ý @¥-«ä%Å~jÉwXjz1îi´·î¬%uÕ3^¿±g¸`d+ÎK[ŽDe—„]âò†YèÖýÇ?Ï>£³HjË,èkѸÍhÔ8Š” ™v_Å [ªJÖ®²9m=·âú?\‹k>¼à¬‡¤*³Ñ³ž,Y ê<‹ý¹uÓ Z/ZV$S·é#ƒmNOš¨5M@¿§rãÝ0Hõ7¬&7[àçŽAØñêOõƧÈêÚ5±pE6~d»Ž^.x¨T1¬µ¤$£Í7¿ÿ4òÆêüj§‹G1¬èípoóÌ3³QýÐZ:œNÍÆéç,0½‹Š‡Zg‹ðâ£à)‹Q©¯³‹X""œÛÆ0ÏÁ¾äBvFA‚)Y9(ÎYÖý…ì¬S…|¸Ôü¾“qbæÇN.LÔX§…_ï‚¿œ%%½¥åŒìé|°D>W²7}C–Í#—ZR¸­$º`bÛGο…a¿9gÝS%\”Á/œîñhC|?s§ Ø…šg¯ÎÙÈ)ª¬m}ÐvÖËk†Ÿ.bÉ&O
üõí+uqfº`Îa‡„°£â,I§ã¯½/‘˜÷ÇÝ›Á¤'P6ߢH‚Ú?÷›½šÙ¹˜Žà9¦ŠmHr7:pMRYŸ#£ 'æW¥¿ðKCß|-¡mWÝ躖nᲶË0–«ÞÐ3äÛÙ=j’¸Ë-,n–³e±€¢üb½iÙ;‘˜Hâ°l<)žL.ßÐYÖÿ°Ú·)wL=(‚Œ£± L|)=å'ÀÆ-Å@²öò¾µ<ÃNrä³6îµEôʃ3±d¶kÓ»¬ÿ‹%ôµøü·(kD~ô(¬_yñ‡Í; ¯åä²fùOî{&*‰äyÒ¯9ÛB±T¨d>è.<Sâ¢éX3p7«Á~ª"럽Ÿ“lË´ÍÔDQÿfŒ°Ì
-*s"}Y ;Ò‰¢ú{YÌÝÇí]p¶Òݯ€Ž¶Xo³êÙ}
+*s"}Y ;Ò‰¢ú{YÌÝÇí]p¶Òݯ€Ž¶Xo³êÙ}
endobj
-1163 0 obj <<
+1168 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 67
/LastChar 85
-/Widths 1321 0 R
-/BaseFont /NLPTOS+URWPalladioL-Bold-Slant_167
-/FontDescriptor 1161 0 R
+/Widths 1326 0 R
+/BaseFont /QATDOB+URWPalladioL-Bold-Slant_167
+/FontDescriptor 1166 0 R
>> endobj
-1161 0 obj <<
+1166 0 obj <<
/Ascent 708
/CapHeight 672
/Descent -266
-/FontName /NLPTOS+URWPalladioL-Bold-Slant_167
+/FontName /QATDOB+URWPalladioL-Bold-Slant_167
/ItalicAngle -9
/StemV 123
/XHeight 471
/FontBBox [-152 -301 1000 935]
/Flags 4
/CharSet (/C/D/E/H/I/O/R/S/T/U)
-/FontFile 1162 0 R
+/FontFile 1167 0 R
>> endobj
-1321 0 obj
+1326 0 obj
[722 833 611 0 0 833 389 0 0 0 0 0 833 0 0 722 611 667 778 ]
endobj
-1137 0 obj <<
+1142 0 obj <<
/Length1 771
/Length2 1151
/Length3 532
-/Length 1711
+/Length 1712
/Filter /FlateDecode
>>
stream
-xÚíRiTSבª¡¬2©¤j=,Œy5„„!d–Abî ¹%¹—^n i
-ˆÃ2ÁÐ  G ð«5*À]Ø|!o…ǧÐ@ –¡Ã‘4%<é“$>©a‘ËP •JXMÖËT
-“#0¡c‘JÖNÞÈkáLÏ‚!&…Ã"'À8 A)¬IMTþÒd¼MeÁx&)
-xLɤR$„¡*€`…µ#»Á¤–BÖôâÁ•jL=Y~Ê©¿äejD¥û©34Œ)Á8:¿'…!D£žž•2"¡i*08+™ì•op$3ÑÂPBÈ•@!SeÂS8ŒBÓ•þMé`EÆ…K#Â<ÿÚ©d„ A‰h] Ø°§bÎ1iŽhA"›ÉfsH"¹ßž’§5£r BÐ4ÀåyŽËtrˆÈˆô€ ¬°–TÌb¢A^¤3¹@á”Éõb–
-ÎÌœDß
-.`pyd+öJoÀç±sÿD”kpF‰©ñ! z+ÒSÖÂrŠù&÷ÙòñÞSÛjóÄÕ]Gmé™ ‡·tœÛzÒèÃîóqº†7ý ð«ãVÇ‘c¥#a_± ¯ŸzJ”cÒG±¶ö:šì]è•û¢f='¥Ì¸TÞÞöžúÀö»æÅ–Œ&Ï?º?½“uζ>ü‡_E)šY{óÆËÇyé;ûÍv_BîC¥”äòÓá{àØÿÞ)¾2q?«ÆÌ5—æ'í{êüÊLm»Ý“~ËÞ(0”Km®}_ÌaÓµŠN
-gúbs|™`u”pöB¯k±F`õ¾¯›1Þ¯¥9LúËìÁnº`ÐÍøn¤ ·44N3ºàh¥“¼vÊ7¤†j 7´­kUû¡
-- ‘Né ]\ßNFÓÚÚÔñ—´_—ì˜ù$ùùó¾g¯ ÔÖr½›•ëñqžÞûý³<<‡élªíÕÏLn 2åw ‘hŸÝ*C»úßþ9-cR/¸žïrãÈgîf.åžp\½·â_Òuž_7›v'‰µV‚„‹è‡U¾ØjØÏM LìK=}ÓóR]ãùê çºÂ™É¦æààê%ͳ±ÞÁ€ùn~Î }æ:ˆ’,Ñ@¹Ó|¡G[|_y6lj71¾è˜Ðë@Ï Ÿ¡JcLM#‡½åÙm^¾“y?z¹Þû›sau©º.ﺦïç-Û Eç0"÷¦« «Ý¦Ö=ÌÙsTÐðcS‘sö‰¨ù;E9^ ê=Â6>]No§­¿\÷ˆp(Žx^•ÊÄüÏ´¶¡8j9>®Ïâžùh=Ï')íUßáµkô»6>xtså¢íë)B»ÞA5CüiiÞë-£½!;GqsG¢½{Ôxûû~D0¸ùìAG»oüWKýZ©õçÿ3¶*’ÁuTDëÙªÏ"ë ÔR¥®s¡A.–K²4³«Iêü­ä‰+jjÉ0l &h‡^ž¨.eåYzWôr#ÂǪ„hÔRÉ)Õr«·gŽ=.uµ<Å7¸Êo¬Ø ùߪŒX7Z9á{§{B“ï|y¤¨ó§Ó+¤
-éëĨ=©óÙ:m×¼ìæî²Ú@†Ç–Óé?ç~qÊдÉj¾F}c­ìØvÍùJh¬½š³9N å>;ßY`ónnÑj*õÔ°´~L»¯>´ÌÒdÇÅì˜÷ Mw<b]ËÄ¥¯¬bë‡:¬Ë“q…NMò¦Ãî U%öƪñ²èyû­”Í«‡¥õÇwÙmçTæ”tÏ-l™µpǦ]-ËŠªürß9~AVìÙ`^¿ÿœoÝ+ (%÷ÄP±¸æ@Ú]qohÎ3ÿïÞƒÞ± ]ò8¨ð¹EÙwÚ»¢D2|¹Kt³m7­®[Õ\SV¸[:·Öiý;!‡:. ¯:øîê(éà}Ò>N]F¼x•xr¹Ë׺ÔbNPáaHkx6„nÅ‚ì×ô59µû3óóEeÝ×wŽ(S;¯•çÿ„ÆD5R'Ú«÷ÍáÄä³üÚgá‹6³î}p%áÓoRkøƒcçÅ­ÉW{?ÜÁaNfÑ“‹2bUožyÓìˆCÕÔºöß\”ÿøŸ( WÁ2œÀÔ2<ò?DŒ¬endstream
+xÚíRkTSW‘ª¡¬òRIÕzX%2yj   B,žò˜{CnIH@Ä•TeYÄF—<EE©°ªÔJ-±
+SÀiaËqªUð5¬««ôç̯YsΟ³¿ý½¿óMóˆ’1D¶ÅP‚Áar„ X*•pØ€<³Ù-‡å‚¡!rŽ@àVkÕ€»°ùBÞ
+!O¡`,C#i*xÓ'I| ÒÀ8¢£@*'T°†¬¡« S 0¡g‘Z ÖMÞÈëàLÏ‚!&…â ÀF8 A)¬IMT‰þ[Òf¼KeÁx&)
+xMɤR$„¡j=€`%…µ#»Á¤–ÿ†¬éÅCµjõ¹f²ü”SÉË5ˆZÿ;Ódh R ‚qt:5~+N
+CˆV3=+!äjD!BÓÔ0`pV2Ù+ßâHf(¢ƒ¡(„P¨€R®Î„§p…¦+!ý›ÒÁŠ”Šc¥QÞ¿íT2JŽ D´>ì?ØS1ç˜4 Gt ‘Íd³9$‘ÜïNÉÓš‰Q!hàò|€Çåz
+9DdÄ@PÖXG*f1QŒ ¯
+rKÃã$1£ ŽUº(j¨ýÃj¨¶pCÛúVM
+ ïsXel×ü=p §eL
+â7òÝnýÂÓ¥܎köUüMºÞûÛfóž$±ÎFp ýx êÑ¿.µpSBƒûRÏFßò¾\×x¡:ĵ®pf²¹94´zIól¬w0h¾G€ëB¿¹N¢$k4Pí²\ìÑ?PËqáMŒ/:.ô9ØóÒoè§ÒsÓÈŸEyöC[¤ïb>ˆ^nðýÕî|D]ª¾Ë·î¤ùÇyËöAÑ9ŒµûÒ×FÔn×è æì=&hxı«È9÷TÔüƒ²/õ^›ž-§·Ó6\©{L8G½¨Jeâ g[ÛPµž7dqÏ~²ç—”öº'àȺC5†Ý›>¾µrÑŽ ¡Ã@ï €š!þ¼4ïÍÖÑÞ0­ƒ³¸¹#Ñ‚Þ;fºóc?"Ürî³ÖÓ?þ›¥­Ôú ÿ[µ–ÁuVFØêï"Û ÔR¥©s£AnÖËAò4/‹»Yêú½ä©;jnÉ0n%h‡_¬.eåY{Wòñ "Ǫ„¨l©ä´z¹ÍŒ;3Çž”º[Ÿá›^ ç7Vì‚oWF­­œð¿Û=¡Íw½2RÔùË™R¥ôM¢loê|e¶^×5/»¹»lS….˜áµõÌ'†/¹_66m¶™‡¯‘DAßÙª:¶_w½ë¨ál‰è¸ÏÆwؽŸ[´šJý 5.­Óí¯/³öÝy);æÃBó]¯X÷2qékÛ„Øú¡Ûò¤Ã\¡K“¢©Á¸çbU‰ãDZê`¼,º@Ñ~;eËêai}ã‰Ý;8‡T9%Ýs [f-ܹùg·Ç˲d•_¯8Ï/ÈŠ=Êëœó½çâb¥äž*×L»'î ÏyøÃÐ{ö!£KžÄ5¾°ªúÎøV”H†¯t‰nµí¡Õu«›kÊ
+÷HçÖºlx/ÌépÇá5'ÿÝ%¼ÏÚǩˈ—¯O-wûVŸZÌ é1>
+k̆Ð#­Xˆãš¾&—ö@f~¾¨,¨ûÆ®UJcçõòü_ÐY#u¢½zÿNL>+ }¾X`7ëþGW>ÿ.µ†?8vAÜš|­÷Ëѵ;ù/-É,zr1CN¬êáͳl|šu¸ šZ7Àþåÿþ'
+(Ô°'0O§üê«Œ¡endstream
endobj
-1138 0 obj <<
+1143 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1322 0 R
+/Encoding 1327 0 R
/FirstChar 60
/LastChar 62
-/Widths 1323 0 R
-/BaseFont /QWLMPK+CMMI10
-/FontDescriptor 1136 0 R
+/Widths 1328 0 R
+/BaseFont /LMEVMP+CMMI10
+/FontDescriptor 1141 0 R
>> endobj
-1136 0 obj <<
+1141 0 obj <<
/Ascent 694
/CapHeight 683
/Descent -194
-/FontName /QWLMPK+CMMI10
+/FontName /LMEVMP+CMMI10
/ItalicAngle -14.04
/StemV 72
/XHeight 431
/FontBBox [-32 -250 1048 750]
/Flags 4
/CharSet (/less/greater)
-/FontFile 1137 0 R
+/FontFile 1142 0 R
>> endobj
-1323 0 obj
+1328 0 obj
[778 0 778 ]
endobj
-1322 0 obj <<
+1327 0 obj <<
/Type /Encoding
/Differences [ 0 /.notdef 60/less 61/.notdef 62/greater 63/.notdef]
>> endobj
-970 0 obj <<
+975 0 obj <<
/Length1 1608
/Length2 7158
/Length3 532
@@ -5183,150 +5207,134 @@ endobj
/Filter /FlateDecode
>>
stream
-xÚíwgPTݶ-’$)¹ɱ‰’sRrƒ(Qèn ¡é†î&JÎ’³$%JÎ*9J’“d‰‚dúÝsέï_÷ž_¯Þ®ÚU{Í9טcÎ1תÚì,z ~EÒª†D`øBR
-j…!*V¨À
-¨@Á
-°Á¡
-· 
-ßäcnrÛÂD‚¿Eaƒ
-!¡¿Œ0´Ì
-уaÀv
-C@o´üÓF
-xZjkW≔_F5wÞViÐ-¹Ìð\J¨OÝ.ýòZm§
-$à”=+*Z‹ Ú<LÃ,ŠdÚö:I~¾i~z-?
-$è z²Oξ<ª)y÷±Ãq*u§ LöǶ²Ö¬†ó—¥‚m$dãÚ,–mehßa‘4|RÃu6…>ƒùê=Ò³ûü:ŸŸ+æL= « ÊLu…WV/7æDîŸôÓÐu‰’Ä_ùž¸ Õ°
-ô–ûvÙOP5%n{[ŒX>#¯±ñŽ~Àƒ¨m¿xxÕx8Xá]o“3Kê§b›uëÉim1Gþk%Ãù•N熮ò„V/ËŽ¿}Êh°ê&Þ­˜xÓðp€¾)Æîˆ+‰ƃk ÀíÇ´nFŒ´'‘p¢À~çcܬICJuä>%Ü…ÉgSÕØL¯Êã!2ä‘€çÕ–Úé@6=R5…²[Wï´L ÷bW^®Œ,AÓ%qL±Þ‰~Úm,¶º“ëèúãò¤áÒðøÛÊgFbq§zùd•’ 5.U,JÙŽ 7ý‹ÑÃ^p·/~—S×µšxVÚ¼Ÿ@TNåv72û×»?¬ö@Š 9íÛ¥‰,"­Ãn*ýy$•úœ„*¼q;xp_Îô¤>G
-`w“V`ŠjFTÌv* Çxí–s·´~â×KµfaÒ±žëßdÜ nsÑ{a»rÀõ”åè Ì~m]Eá´=SlÂ~,¼*[o/Oi[è<ˆH‚7GMÛ6ÃnOgNd˜ÍÉE±ÂâÓ­yè)ÍOç·Â‰ÈÏ©~=*S¸[+4i׳æÇ_ö‚ÐL¡=#S'ú±ˆ6]§RJÐ'Õ²ÄóWßîKf­±·ˆb×—
-ÒI“¶7‰|bSØVÔèÐPÀ\wÆýd”j•
-ÓP·@×ʣd&¡lSÃ}Í®(ûœ†äÚC,G‘%B^ûþåC|vŠõ¢ù×)rN^Àðk6öÈÌ‘Þ‰òï ßN±’÷늭(ôÎ8BƼZ¸´Ó_ä^ßk`ÑÉÐÆ5ëùÞšR¬º–Æ#L‰|“tŸ‘ˆ¸¦µnÆ¥®‡-JDVz1föÊRóDòš"iÊךúUßøÿs,…<´ ¿BîüñÀçÓ”¢Òœ§WÆ»)´5§6m?P±ß8¥TY²Ö½ì peÖGŸÍ$ª×ˆ¶ØÔøõ=¤öñNìëV&B†‘tÇ-_^w¨‘×D›ÚwëŲ÷|ÚkÛÞ¨–Z¸ª¸Ç`í€õ~x¤àœKΘ†£úDñÄë´žÖŸz ãýžý1P•¸÷”P˜¢ìíngäy·òÅsÔ'«>Ù§ë "A`Ö[8Ô‘ûšT©SÈ.Í…ôó‹õ‹ŒD&q®D .áKÿ¬µ—…óÏ€Z55Fº,ô½ù+ e‘üt„Å“ ‘ÇWÓQ+T}’4¡YpäsÁÃœw ¶ß7Ÿ!iâÎöqŠZ̯XX—
-øSŸ[ ±œ5¸ÍîÝÝØ»„§É%»GJU÷>Õ¹êhé[e(õ‰nËw%8£|cûÿI¥²©ô\°ûøÚsÍHg*1ÎL6c›9ë™øCÙð,UŒÇž?ži¬[ɹÓ7’Ïö\!¨7ŽkªµRuêíñÚºnC1cþìŸ!åslõñ‚ZŠ«©ðÈ€ä‘ß´±LÏ vûë{¿w}@`/þ´}ÉÞR—^á⤭¢¯9$iß̲Çvxqç´š(.RfâÏ94ê•ôÒL‡ðK"TÛ
-Ä!Twœ>[ÏUQKÄÆß/¶{[}ß»SËqÂæA¡u©PÓ‚KInd8Ø­×Eý£¯ñá4XA½4uÝô»q¢KêbƒòAnþéú»zQX(]Q·ý) c¨ý%t*µ>ç„15CºÈ™‡èÉ4ØÁÚ_¦‘¨¹¹Ïé ¾!3ìð4×bÁñyLÈ:]íâg¢žs»_„r*¿NÒ»
-E{zOn‡­°â:”8Yzb*ª|ÏóZº]ÚL®uõ–LBÕK*&ŒÈØâc’¿,ÓšDöûÎqp9­jÉ™q×bgÏ<~±Ñ‚¾ý=ìG¯¢ßÐhêšWœC¹ø¶©ÏvŒ\ÿODsoòâÕigÀ é¨*éü{%Vÿ «Ưx‰H‚
-2'ªÇ1 ¿Xéuƒ¥7Ò£‡Š >óÒC–ˆý˜‚èù”ä ^É=s2G· ¤RuJÚ¡çV1ŠÕ”If„s¼[óòÛž3ÆhwµÔ&œ ‘Ïö‘õû–¯UVª6“†OpŸÕõ.ú}T(’^wôˆT"X.£ÿþ=ûý0%ñN5û˜+vâå"[UàJÅ0{ºÖ817™ºm¿12xô‡$}hïë4õäÚ+7o5¼fúÖm(³ÌxßëLŽ†9B*«TK¸­ZWé9.ÇJ
-ψdËyÅýÀäÑ¥ìvÙ©N”hÆiÀw:gu¹é,ø Å<‰P hù|KuùâqÑ:EÔÔÝ×_¾_í: &FÂ(L•ì%Cƒ;</.‡VÌ‚´Yv)ŽÚø¥×Ïèe€Fm½ÓµîZ~wÓ뼓†¾Å>· íÏC¿Ë—³„¢-¯Çq^)œ7ê‰YGxŸ×”ZEÀ–Ž½‡^Íâ‹Ñ…ÿ| Ÿ°yT.^3ãNÑâã¥d]/H^ͽ¹(Ob­‹OŽ3(wà®D'Å9õ!$é ‹N7;RÜæ½`8Üû›HãJ» þά‰ ¬˜„O×xÙš©f>£yÁ…Q‘¬áO<ð®¬D¼Þ«ØÙ_Y榆0Qûƒº5wI×·C#¿µ'Æwhø6œÉ,É›ð«sà}á0؇«‹÷{AÚ©–¯»´Ÿ–Ž´÷»wåp”;Ÿ1‘{ílOTLJ2%÷^~è]{|wkúc­Ðä<IIá[qÛU…£rg½D*ªd›± Åtü´•¾9؆‰O²Å_-ºˆØuU‹ÄZ“gÓ«_ë2ùº¶
-Ì}ca'ôw}d@U!w™8dçCèáó¨ToSŠÛè‹G2 êh’3ˆvX.¶†ÉzP¡ÍÓM­ËÜÖðÅ}æ{º\ïpV¡!g¯©îàa1„Qk,ƒ÷2MÔ²^æèßõ]r 2[¸§½b'E$Ûßoƒ&xrv)øU¼¬¯Ó
-?µ·§rqÛ>€ñæ[q“>ƒ‚Îñ­@O ˜„^"ÉC¦K¿¬q{³¼|ö2r9/ÑåÍOîX ø\ö“Σ˜‡`ël†Å-pçX9‡S€²¢ð‹zäŒôGv7|¬Ùð öûð ]…Üèœ
-+Û€\ó—«< 5ƒÿ
-ók“ÀÛOyõ[)ÜUv<gpch†Ûæ-†Ÿòy%…1i¹=¤[å÷ÓæþáØÏaƒ%1 °UÉß« îâÄÞ îšù|ü!°¤-—áâ»ÿv¸û—ú•‚N<UqõÈÓ©~å±ÏÃÎ{÷Ý<×—ï%”ë®òé2 J;µsDÄÒWü¡­Ãš·õÓÊ{hɲ=§§¶si³tðÅ$´®{,D¿®ÐÑ#­Ì]dÓŸË^[}ü¬L<½y̬óúý'¦k#Ë=õÆð}뢓{¡÷ËèvdýˆÍ¥ ˜ïmøFXÉŠEîr¥~Ód4¸-Óyž½éd"aAmâ¦
-ªÅ]·H 
-¤ËÍÍ
-‰Ìø*'wH`”¹g½±<”0N8=-d bš&NüøО´­–·ï‹]‹ðëGNäõ£ë’S{´äÐÃݯš •Ð‹{¹û¤<l+/ ™é,¨ˆ#}›ü¢wLqZæå~²ÜÁ}Ú|j}öÝ/GåÿurÚÍkbû@מšY© ;ÈSÛGó͹_MÝ\§ú¬¢Å/GŠ“\'4T74ÝÞ¡ÂNWu—p§ÿ¶8müÔÐAÜËdßÖêé><u&“ù|É|SFÛ`2£~h¹jÔœ¼œûhŽ&ßÙˆÿ€â%,ÅkaÄÌî¼O)9G«ýR±|ÃTN+CÀŽpô^lZµì:Y„U‚äd9ܤ‰bë8Zñabñ—L$¹ŠýÈU;ººYyÓ齧¯ÞvNNªïs=[y8 9m!Ôýþ…ìj¥)"ãN@ìþLG[à µd ±Çí^ºvÞunâ%ؼéM ”ÆDú•!½­}fUçÃ&‚h¿9ÏŠ¬E>Ž>ÿeàFC½è­|‡ó:ÿ¦7gýnäÇ4å§ÓÏÊ6B˜Ðø¬§21„*SÄ
-'_¢ù¨§{ÊÝ>¤7l!«š `“ÛÐœ|¥YÒQ⊙;=Ä-ëéIJ¢VQ\è[|+{±¢q¥Í;:aª±Yq(Fºò4KÕ¬„ú ŒÜIE!Xe$R»ÙÝýŒ­âµO¨’•K"!q]G¸Ú[€Ý•ï+öj¾WáVˆ
-ÀÜB²?Ö['Õq¥nõæ'éyàÁrÙ¤Éí8þq£ÈªÀ_(ÊøŠFÉ!Æ#æ
-,:–Œir¥ÊR%½U–_.SUÈß>XÑc9œ¾ŒÐÊ×;¢—ꎨ.’Œ^&`ÿΣ£’˜aó%—Êðã»Oe`:çQøáñžœë£ú;Áñ͸Ž¢+¿äBΓɮ¢Ä–5D:d6Þz¸êß+Tcˆ]p–Ú'Pxárg
-Hß÷û
-H5àPó‘žÔðu๋2éÝÓvQL0;uRFòÏŒ çùrb4ÈBt¶dà”Þ±¸÷‡»Õ‚4©…·óS?^?Ý'e›„ˆ±ï‡X†Nfli¸üJ!:-¡ô“G%*§qw½»d„\º+£i–4Æä¨sD8Ó•ýufô’‡î¤µíN7¸“÷Y8sS 8«ùTí¨íâZ…ҡͨs9]nÈq÷=S‚ŸžÍw¸5]WÂxF–Àq* ýVØyŸ4,±_”;¥^]Þ^±tÆ£ L³r\Kƒ‡ÓŒâV^eY5J¿\½œ¡¤ˆlWNô|#ó|4pÂÃl)¼”ö©gók„kçþ–£†Óò2‚ûƒ~ÊïYã:”¿~5UÿUû½02G¡®nÞ5tû=Ùìòعzïºad†6t],b–”KSãw
-z#ÿƒH,…&³RwI7Æ4ðë< _óèçŽè$5XpµùêÞ’sÙÿ4#S´¸3¥Ñ´5mдâY¿,ŽVHd:!ÝçfOVòò`ÎKtÎ3ô©]Æ÷ü€ÔPJè‚1ù\úšhÌ/˜¢ŽäU{„p«’k“"™m›=Kí]ÑlèZ
-õræ-÷ë›ûð˜X‹§¡y¸0ð–ÓF:=ñJfð]ƒ/N=XgþèòÔówƒIEù¥T^1DZl?{qc¯•ˆžiuó
-^ dú¿‘^«¨I_¨ªÉIâùÈ(Á¦ÈéZØtEÀU­òE»'‹|ÄmˆöW‰¡×f{!Ÿ0`¼e…£ìž›ñ6˜Lƒ«ºXd<@æÝ[¾R¹èÕåÚ>¾ò]G‡ž-7[°ìÓ*û4û¦+×`§ï¼‹Üt…Bkh„Ô¬ÝÞÝ ¥
-;5"ø/–ZJ;nülØö ç•Xà;⾟6Å'<Ïøü99U'úˆÁíò¹XnÛââÝ—קj’~‰s]„w!RY£ˆ›ÿ¬áç6—}ÌX¿â+¸^œÊñª6ߊOKoûqÒàD¥c …Ê)ê™xñ0sJÎE ¦æ2Œ?iÂÆ÷£µG¥j*3Ù%põŸfo†%±¾ÿ ú©Šw-›ƒ½$ô¿|ˆþ?Àÿ
-…A:Z¡ˆþEvdendstream
+xÚíwgPTݶ-’$)¹ɱ‰’sRšŒ(Qèn ¡é†î&JÎ’³$%JÎ*9J’“d‰‚dúÝsέï_÷ž_¯Þ®ÚU{Í9טcÎ1תÚì,ºüŠ¤5T ‰Àð„¤
+Ðu±†ÃÀ
+†Ýlƒºƒ¡N¿]|
+¹é €!ÀpÈo7väBN(äM„ãïL‰Æ Á(˜p“UWEí/ž;+ÌïÜhØ€´¹‰„ Á.¿Kú㻹ñb¬`4
+CÑè˜ìßÝùW€ÿV½•“ÜãÏn䟨r€aÐP¸
+vʯ2ÌËñ+E6û&‡-I?¿( ¨”ºjðøòÝérõÏZO œ³9º“ÍàÍÆÝšswžãƒïZ€ E>iÊ–qä‹Ýq­E\q¡'k_ûõô-Þ]à1~AìþâöcsÍñ£zpìtÇœTMý‘¼‹¢<÷ûGÜæ¯cÎŽÞî®ÎæýÛ­«ô¼™Ñ„ìÒ®¸¤~Ιôò&FÅ/^Y¿Æu”Æ·„´q‰ÌOíÓÔ,Š
+V2ñ>”[ ´ûå
+œ ×Å$=®é—-#ŒU§z’ˆ¶v[õ—ç,þ‡}âP=—ëdãã+{µ:ômäë[Tdi «ài¡¦r`ëûùg'êì°p†—Sï”:*‚*>º¾›XaÚï-úIöΊûDÇ1i2‘¯`¨Á
+¼ú·E+¥
+…Ì̼wìèÒ{EN\¸zSy±íª¥ä2}¥§À}ú øèOiøÀ9ÍXCFï,£ÏÐùQ ï½Ûm¤ÌqÜôýìZJf8¼ÒÔ·Ig¨®¿VMíäqšÜúL?Ѭ”|ŸáñSW۹위ÛWPôÅy:¥[
+býl„`çó¸þ->ØпÿÓ­¬ñmQf÷©i@´?$ÈçpЙ_§ŒÑ\ñ™‚ýpŽ©D|‚
+d¦g¹)§ø³æáÇ·Ì&ðOQÔÛœK,oWo Œ2é~è!‹;µ|tEà©Ùa›ùuŠ±ý[Xþôåb„x §Ët¦‚¡¾Ë(ŸÍÐÚ–µ“|bYé+«Uâèj#}©@‘Áµ²T‘#; ©ø2ï³’L¥M…ÛÄ}œÍ.jS}>¨¹~Õ™I틉È$N,;×9Û_Ѳ
+(cð× û\í¥”xÜ’§ÙökW`¿„ËÓ×'ZÓ|3Ws}óª—ê8ãS úÒ|#‡Œ4 «M6>¨, åxý—†¸ìËŸê+eÝ–}`±š»˜þÓ]ûýZ9;ê´Ã$Ë™‰…Ä&ö¤Ë,"ñ¬c*Ã6fìD›óÙM³:*O6µ€Á‡ùÃe5¢U™Ý·Ædý‚·¶0ÙZ"}= m, ~|áêìÜ“{æ ó#Wžè9Ð}†g4ap®]é#×3ýé;ÙíýãLOÇÉ?eUúלwiØ•!y\—ÈøïfƒIv£ìHÒUŸŸF· -~IdóXÜ.¬HƒR‡ÊÓ2‡ÃÞj]E7ÈÞ~ÁÕk¬·ú0-+ÝkX˜ˆŒ²õd•Í‡¼*µ»,3/T&UCIuûĺ5ÊïNš:ÜIs%+±Æ®œõÆóawŒTT ª|ç™”`ñdw}Æôƒ#XV5&6yã1qqÔÐK®¤M¬*Ð[îÛe?AÕ”¸ím1bùŒ¼Æ>Æ;z¢¶ýâáUãá`½ „w½MÎ,}¨7žŠmÖ­'_¤A<bŽü×J†ó+Î ]å/­^–û”Ñ`!d
+í™ÚÑE@XtJ)AŸTËÏ_}»/™u´ÆÞ"Š]_(H'MÚÞ$ò‰Ma[Q£?@CsÝ÷“QªU*LCÝ g\*’™„²M ÷5»¢ìs’k±E–yíø—ñõÙ)Ö‹æ_§È9yïÙØ#3Gz'Ê¿3|;ÅJÞ¯+¶¢ÐU8_àójá¥7¾È½¾×**À¢Â5ëùÞšR¬º–Æ#L‰|“tŸ‘ˆ¸¦µnÆ¥®‹-JDVz1föÊRóDòš"iÊךúUßøÿs,…<´ ¿BîüñÀçÓ”¢Òœ§WÆ»)´5§6m?P±ß8¥TY²Ö½ì peÖGŸÍ$ª×ˆ¶ØÔøõ<¤öñNìëV&B†‘tÇ-_^w¨‘×D›ÚwëƲ÷|ÚkÛÞ¨–Z¸ª¸Ç`í€õ~x¤àœKΘ†£úDñÄë´žÖŸz ãýžý1ƒ*qï)  0EÙÛÝÎÈónå‹ç©OV}²?N×éG€YwnáPGîkR¥N!»4ÒKÌ/Ö/2B™´Ç¹1¸„/ý³Ö^Î?jÕÔé °Ð÷æ¯,‹ä§k$,ž<¾šŽZ¡ê“¤y Í‚#Ÿ æ¼H°}èøž¸ù yLw¶SÔböxźTÀŸú¤ØZˆå¬ÁmvïîÆÞ%<M.Ù=úPªº÷©öUGKß*C©Ot[¾+ÁåÛvøM*•M¥ç‚ÝÇמknDÚS‰qf²ÛÌ^ÍÄʆg©b<öüñLcÝJξ‘|¶ç
+A½q\S­µ*¨Soé¸y ÅŒù³†”ϱÕÇ j)
+x¬¦À#’G|ÓÆ2=W,Øí¯ïýÜõ1
+'mµ}Íá Iûf–}8¶Ã‹;§ÕDq‘2ΡQ¯¤›f:„_¡ÚV ¡ºãôÙz®ŠZ: 6þ~±Ý£ØêûÞ˜ZŽ6Ü
+­K…š\Jr#»ÀÁnÝ.ê}ý‹§Á
+ꥩë¦ß˸]
+T”‡róO×ßÕ‹ÂB銺íO{@ЗЩÔúœÆÔ é"g¢'Ó`k™F¢ææ>§7ø†Ì°ÃÓ\‹Çç1!ët´‹Ÿ‰zÎMîf|Ê©ü:Iï*íé=¹¶ÂŠëPâ@d鉩¨ò=Ï?jévi3¹ÖÑ]2 U/©˜0"c‹Iþ²LkÙï;ÇÁå´ª%gÆ]Gˆ=óøÅF
+ûö÷°Y¼Š~C£©k^qåâÛ¦r<Û1rYüg<ͽɋW§ƒ¤£ª¤óï•Xý/¬f¿â%" *Èœ¨Ç,üb¥× –ÞH*&ø4Î Hg Y"ö_`
+¢çS’3üx%÷XhÌÉÝ6JÕ)i‡ž[Å(VS&™NÌñnÍËo{zÌ£ÝõÕR›p^ˆ|¶¬ß·|­²‚PµÑ˜4|‚û¬®wÑï£B‘ôº£G¤ŠÁrý÷ïÙï‡)‰wªÙÇ\±w(ÙªW’(†Ùӵƙˆ¹ÉÔmû‘Á£?$é³ Vñ¾NSO®½ró6 †×Lߺ e–ï{ÉÑ0GH@c•ÊbI·Uë(=ÇåãX  ôÉAná^ Ï,*J t(6ó>×
+äÃ?NÍÎ0´?j·Å±ãN?Ø®šWg
+ˆU(–îÙ×ù`Ì™F²)‰õd§;:îBB¯pkdÚ‹þ‘ì=r£¢æÜÖ¨]Yy£\ ÌþxÊù²L×{ñg˜Aʬ_‰[Ö—p½ á)óÌc¶>”"j5,ëjm.ùÁìÊâšB•‹³Úp_2Ü/œyqŠÝ6KjÙño ¯~]Ú…gD²å¼â~`òèR
+vȓT;
+J4ã4à;³ºÜt|†bžD¨´|¾¥ºˆ|ñ¸h"jj‹îë/ß/ƒv£a ¦Jö’¡Áž— —C+f @,»GmüÒëgô2@£Ž¶ÞéZw-¿»éuÞICßbŸ[‹öç¡ßåËYBÑ–×ã8¯ÎuEõ¬#¼ÏkÊ­"`ËÇÞC¯fñÅèÂ>†OØ<*¯Žq§hññR²®$¯æÞ\”Î'±¿ÖÁ'Ç™”;pW¢“âœú’tÐE§“)nó^0îýM¤ñ ¥Ý„gÖ‰ÄVL§Æk¼lÍT3ŸÑ¼à¨HÖð'xWV"^ïUì쯬GsSC˜¨Îý º5wI×·C#¿µ'Æwhø6œÉ,É›ð«sà}á0؇«‹÷{úA TË×]  §¥#íýî]9åÎgŒ@ä^;ÛÇ“’LɽןDz×ßÝšþX+ô
+~/ëÀ«Åt# Ô^ÎI<ê«X¡k~‘€ÕÅlè!­/ŸXùÝdXH6¢v0
+ŸµÈ ?¢>P#…\«^íV<òÛeû#ŒPWÂXmÑØWmÕUåÔC©noZæY…øm:ê( ]+â<K
+~öY^¤IŠa=}&œ1v]¯bCÍê(ºcT®‹c(`ãîM×ÙF!Ìõ„·çäHÖ¯±NÅY˜ÍžL¥è53™ ñ'rzN[-Xù?TfX.RâdB"ÛbÒ~joOå.â¶}
+;]Õ]ÂþÛâ´ñSCq/“}[«w¤ûðÔ™Læó%óMmƒÉŒúi åªQs"ðrî£9š|g#þŠ—°¯…3»ò>¥ä­öKÅò SM8­ ;ÂÑ[x±EhÕ²ëdfT F“åp“>&fˆ­ãhŇAŠaÄ_2‘ä*ö#WípèêfåM§÷ž¾zÛ99©¾Ïõlåá€ä´…P÷ûwJ°«•¦ˆŒ;±û3m /Ô’-Ä·{éØy×¹‰—`ó¦7U4PéU†ô¶ö™U›t¢ýæ<+²ù8úü— Qô¢k´ò=Îëü›Þœõ»‘Ó”ŸN?+ÛaBãS°žjÈÄèªL+œ|‰æ£
+4žî}(wûÞ°…¬j&€yLnCszð•fIG‰+fîô·¬§ËfˆZEq¡oñ­ìŊƈwtÂT3b³âPŒtåi–ªY õA¹“ŠB$°Ê:H¤v³»û[Å…kŸP%+—D6B⺎p1´·
+8¸øÜ]Ë|e¥sòɺ”}!SfÒÀK¢7:Ó0œÏ+ZDñÁCÒô‡ oA{&,Qæªê¹¬{Ä¢ãñòë
+$‚tòÔ‹%‰åóJ¯`s`ß[,¡y[öÔ›_RR{™g.,Y$6üù8 0ý#
+¾™¾s­ÍvKÜÊ<Š¥+KÚéÏT
+„Í—\*Ãï>•¾éœGá‡Ç{r®êïÇ7_à:Š®ü’ 9O&»Š[ÖpéÙxëáªw¯P!vÁYjŸ@á…Ëô†š¢á}ÿ7ÜùÛ!>åžñOÜ(érmî&Õ>´´›×²s5)PrZXq P>ú…Zëõ>,dV¥Àuw¦8§%ÄJ¬aV$NÇ›ñ;´rä8ÇygKÙœ‚³úˆÁ¼/oÓ‰F@¢6#^Ëzúk3t©ê¾göh£¦W¤
+ÕÀ²û>…+û6DʺbTÄRŠôóÑÉð¾O\á9;u°ü5Ö¼@㌜“Ï‹Õ¯yB–%qs´ðpsR¹ØÇ왤ºÖ©g<O 7cµ¢›;H$ð°cy±^º§‰-n*a[ºDvª‘¼ìeƒtç%hw¾ï÷jÀ¡æ#=©áë>ÀseÒ½rQL0;uRFòÏŒ çùrb4ÈB´·dà”Þ±¸÷‡»Õ‚4©…·óS?^?Ý'e›„ˆ±ï‡X†NÌØÒpù•B´[B'è'JTNãîzwɹtWFÓ,iŒÉQçˆp¦+ûkÏ>è%ÝIkÛnp'ï3²,pæ¦pVó©ÚQÛ%ĵ
+¥C›Qçr:Üãî{¦2?=›ïpkº®„ñŒ>,ã.T@û­°ó>iXb5>¾(wJ½º<¼½béŒ%F˜f帖§Å/¬½Ê²j”~¹z9CI9Ø®œèùFæùhà„‡ÙRx)íSÏæ×× Îý,G §åe÷ý”ß³Æu(ý$jªþ«ö{adŽB]ݼkèö{6²Ùå±sõÞuÃÈ ÏàºXÄ,9(—.¦Æ1î
+î#[úyfž}¸çÉ«"ó°åÉÏÅ”«C9öM¹/Ý,!^AlM»ÝA„EÀ÷ˤB‡$Ï»}ߘBº_U -yúͼŸˆ´L¿À9º†Ò£é•ïeZVâUPî›(°€ÃS~1§ßÎüÜéÂʹ×*üt¬~ðiêÉJL#6‡¡Å«®¬W#J;ËW;žžæ
+;5"ø/–Z
+7~6lû†óJ,ðqßO›âžg|þœœªýGÄàvù\,·mqñnƒËëS5I¿Ä¹.»©¬ÑÄÍÖðs›Ë>f¬_ñÜ /NåxU›oaŧ‰¥·ý8ip¢Ò¶„BåuM¼x˜9%ç"SsÆ‚4aãûÑΠQ©šÊLv \½Å§ÙÇ›aI¬ïÅüTÅ»–ÍÁ^ ú_>Dÿàÿ
endobj
-971 0 obj <<
+976 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 36
/LastChar 121
-/Widths 1324 0 R
-/BaseFont /PBHPRJ+NimbusSanL-Bold
-/FontDescriptor 969 0 R
+/Widths 1329 0 R
+/BaseFont /BMQMAT+NimbusSanL-Bold
+/FontDescriptor 974 0 R
>> endobj
-969 0 obj <<
+974 0 obj <<
/Ascent 722
/CapHeight 722
/Descent -217
-/FontName /PBHPRJ+NimbusSanL-Bold
+/FontName /BMQMAT+NimbusSanL-Bold
/ItalicAngle 0
/StemV 141
/XHeight 532
/FontBBox [-173 -307 1003 949]
/Flags 4
/CharSet (/dollar/hyphen/six/C/D/E/G/I/L/N/O/R/U/a/c/d/e/f/g/h/i/l/n/o/p/q/r/s/t/u/v/w/y)
-/FontFile 970 0 R
+/FontFile 975 0 R
>> endobj
-1324 0 obj
+1329 0 obj
[556 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 556 0 0 0 0 0 0 0 0 0 0 0 0 722 722 667 0 778 0 278 0 0 611 0 722 778 0 0 722 0 0 722 0 0 0 0 0 0 0 0 0 0 0 556 0 556 611 556 333 611 611 278 0 0 278 0 611 611 611 611 389 556 333 611 556 778 0 556 ]
endobj
-857 0 obj <<
+862 0 obj <<
/Length1 1166
-/Length2 7988
+/Length2 8033
/Length3 544
-/Length 8804
+/Length 8848
/Filter /FlateDecode
>>
stream
-xÚízeT\[Ö-à<8…´€àîNp NP8EáÜ=@Ð ÁÝÝ‚;@€ Á-èãÞþn÷ëÛý~½o¼ªgï9×™k­¹×9cÔEG¥ªÁ*r0Ë8ØÃX9Ø€
-
-†¡¶ûgJÊÁÜÅlÓpqt´…€Aê`g¨9ØY
-°³;Z˜‚Ÿ16g 6{0ŒýÍs¡Òö I»?œÑþðL
-›?7åÁþwßlìÜì½þ¶€Øƒþl äâÈ®eqrËKýOð3„ö/Ì p9ü@N
-ýpS;ˆ­Ç¹áï:àLÿÿAGfj 1··´ý§Mgˆ;¤
-™[ýc\þrôçsVup†üñ$X9¸9þÆiZAÌmìÁÎÎÏgñ'¶ý-¥´½¹bo Ѐ=O¥)ôOàÚÜ
-}¶çÏz¾÷¯½ä¹@0ØlŽ¶4ï`.d]ÔvS%Nêƺ=ÎÕË£uõäBù-ÚöÅ&|
-‘M1éÛœK¾™Rª£V"ï”^„Ä‘JGóºÙðK´³!ãâãÂË…“²Õ
-©`œ 0Nž{I⣈R²÷$=䎩J¯ôèD$¿âj„8ø‘ßèïì:½C"¥(Í+G}·;ÿ†Ÿð6à蜭¯š
-K ²aÁj§>j©ÙÆ)±¿(Ú
-·‚Kœ¼Ù8T!Dƒõ¿é\@×Rw|u²¥D­SgY>7§zEÑ«àŠÏ•¸^«¬Õ ª‹1¦œ²'l¶T#ÙÐ|Ûx­Õ~¦#¿ÙûM=Rßâ³Ò.äî~ )ßQÅÉí:a×AÞu(àœ¢Oø0Ó®¥<ÇWU—q•­ÜˆÌt­ØjŽfðiY½ïÔÕìq?Ý“50{»+2Ã%M¹ÍŽÊQ d[ÆÔQ{ãå«1ÆÞ(Ù^²ë+wµ  ]<¤,kÍ ²|uÕ|)ÿ¶•ÀÒhzÅ–à•ú™§aê–";ˆÿ<Yyø& £TÿÇ020Éä$¥$´
-©=ÐSC!‹&6ÕN)Äú®ÔTßþS šö7ʅݼŒ>5Yº´A ]b–"öj6ÔsÔkí¸—<2ÄK¬4VçÒn”/&¦qyZÔ¯Ux&“è2VrÉMËs›%ŠÃmPˆ§1ô¶Ä‚Éš³Â‡BïͲüÂ.UÞwë,’·9BRý¤ .ï‰ ÐËè
-Î÷׿Àv+mpÚ2'Œ›2#×l?úÒ…ýÕQa·Ÿ“ök†¯bW›SÌFÿ"ÿ3ô¢0eÄx#[ð£„,Û²«ðׇQí§uAžÍL „Ÿ"7&vg&‚5KCNÜžèA­ÍIk7¯K|¦Ö-^¦Ñ”…@9¼àWqãÛ’u]é{¼û©M#c¨÷}ÓzF‡³2ÃGð8·>m8ã!™Z¾%0ßš
-–Ú1ÖŽažaMŒëñœ‚<Wš+)­¿O–%2Š‡ÌÞˆ£kbô¥•¬
-ÐÿBXTól”MÛl݈VpàR'}°ä ðÁ‹y§TJøÆ–Ps—cߥ˹u£ƒ¸°Ü®@`}ð2Ïä‹`­ºÕX®‹ôÒ\¶ÃIy²BÝ àŠ?½2ƒe$  Ђ$cpc
-\‡XØw‹ëBcÐsW#Ì3× ÷#;Mb¾{ Ö¯î#õÎß;¾ö!É*.GtÀØ$©çÎe¿>à‚ù»ª÷æm)?ðu9V,\ö!ôç»Pù
-î$;›Ü|TíLœ‹ÂË7ªŽ>MÒrC¦oDaSâú-•e7“}¦Õð÷d´~ŒÎOüõ8Ù«Sìæo\¢žß²w…úÒ§¾ô†%ç·½*Â÷ôq¿Ÿn#¦æƒ½.õØà%8ˆ4“¬áÎx®8Jdp@ô¬S}¦§Šôðþd½d©Á›=z¸É–b†ÒîÀ/|t?&dÝø%=ÕU¤U™?iúÆ÷†œôÇ-Üe©­g÷·­§ –>ã2î«_I¨!i7V b¤±i3?%7— „~tfÉè[› µ»oß“>8‹Š4£Èât2Cæì&£²Ëø¥¡#?ôv©ÀKW™²LŸúuŒîkŠ
-<¹©¿JÃŽ¤;}@`§«“‰ÍEÓ:¤½
-ÒÜŒ’1vóÊ¡1eV^OÂYê%0@[ƒB{ì4c5@€jö0ÏF«ÆñÇKÞœ˜¸×Ôæ…[üˆÇ×ðž¿_x.8QâQªIPҺ̟ä÷s;F+\Ž‚
-ÑfÑ"â`XÉiW•§8‘;‘7ªbÓ zv¦õ<…
-™<}¯ÿºËf‘ð‚ù”?ÚR&¡+znE¡S±e{}ëPçøÃœ›Ó)mD¯p,ˆ€ËoZ›¬ÙX*µ‡êxÿg=þq
-ˆ»Ëñs˜œBÉuꘇ¤é”Q³>[|ã äHÕÌáù©CGV+½æÎÍWêè@¢ÕÉÿÂØáHÔ G˜Zð,5˜ðz«h\å×MÛº@ ·èEl=xÅÚfwú
-ј®t/D`’ÔÛFÉV£¢¥¹œÒ¶‘ú ’‹·/¤‡lãíÖ|Õ‚Ðxw|xRë›è{Ú§öýÞ¯ç"C¤õÖÜÐöË~[žÉ’ȾÓ+ìˆà th‹UdóÝ  «BA³…Ç}ɪ¢Ï ÄòÙ¶>¿)J¨!udf-Ø@ä“ñ
-áèvô°^u¤õ!ñ›ˆiŽÛ£±róµØŠõTÞCJÃà÷ŒIY3Ùø{銩‰ºO~øCâôVk² á´dVïð¼ü0îå_) °ŽsÞ½`ÜmÙÔWØy\©†k]O„™Ñ;ní‡:îƒÙI¿u9«-Rð:«%pD3{"ÑéEÏeaÐé#“%Õzø1\Ã]Xdi½{
-êùŒøº ‚\ĉY©
-5Išã× –MC±A¼« K>Î@”®/ä|á”»Ý
-Ór)l‰A”h¬¨ ½ksØ]$¦·Tyž„hàQzŒô»¦öŒ«KÜcÎÕ#õª>ÿCîŽxÛQ÷ÄBæ»óWš{éð”:ZLû”jÔ¶Áýžè_ÆÅŠ-ä\™‘•i R!iòß6F¦-»^~tWZk=ôÁ÷lt¶ :[LÙÞÝOÖÈ#Z‘øZsÆ»’ŠÿùŒõÉgø+ï„·”£J$ÿéçqïó9@·ãÝT°b€9¼ v£è…;cbn¢ygu
-
-õüçÛ×4y‚βQðôĤÃy}EÉcµ ¾>óåØô±k/#-ƒ§û¬ˆ;¯ÈUï'lBêy­èËH”f¶8«øä^‰ˆ›W_»íõ݈U‰Ã%ž¤ jø ã^)Ü"fïd&A÷{Øç'Ë@ËWï yó[Êo;pq/eR̲W=ë>ôêGôF«é ZéÉNÕ(H7EVy÷duñKÄò¼¦%),À1!R)-Çô|Èþ}êmb\%‚ó[—-ºŒqùþ·üQ¥¸Håñn†ŽPµH)6‡ÆÛIº™P¨XüúÔ{õ˜Tjd.Z¦ú,LCëèö‹1qJ™Ú{T\!l¤ÝµÔŒÛÏeWÐJ_&ðYµcòhrüÙ6ÂÞO¹É†Ó%³eVÇbÚò»“·ÚÃñi¿/0×Ë;›FÇ\&ñ”‹Æ«×øî'º<áuûbm-à””éÒ¹_ÐZ•!½ó?ÞŠÞ{Ÿâôæ(µ…b¨(”;e­i½P@·«†ÊjIÊöîqS<î%TXpèrÞa6ôÊ2&[†;<>Bä‚53èv>Ð*GûxVWIÿ½¨d<ÄhýE±$AÞñ_ľmüxÙs³>i;ø((ƒn ‚TIÞ1§ eº·ã½.¸3Òçû½å}Êh87ˆúzÈ>§‰7o›[‹äÚôª E’Óö±Í"¦œ™*º–f‰O—¦Lütw¼]\
-²·êcŒ-ÂE§ááév¥[QÓ¯$YãÚó³âðîI˜.Jтܸ|Ô÷Ó¼ù_4ææ˜+°%^ Žr˜Ã!M·SŒhÙaœ‰Ps©J·u*ë© a0mzõE.÷y7ä]–>Š±u.›Ü×L,IDˆ^¹ÈôŠ7…Œæ|·¥-»Ûµë4`i («q½üÍ× >$¡4Œðb¿V‡€xØ»$ÓU¿™k[æ>¸†
-Á¬ä¹]õa]“D÷v*£5µÓE"ÑÖSû8±§?kô=óQÇ`co¡YM2i åŽMÎE€uv~6÷iždƒ¯9FE[xAnYÔ‹ÞFZMÃÔCø§ïƒUqÅÂ4Ïo¢­ßQu¡ØïQ|G·M>lë2à¤iSz±²Æ0B5¡+ßÈ€ƒa@™§­aýaŽRœa#8¡Y…À)¿ƒ¡†µ”„Ûë„ sêÉp«EM}:YVMxϸ
-³\8žÔ×wR454?!r Ë­µ^âÌäªl¾¶hÔ>]¿U)øh;öv&­½˜¼}¾?ùÀÊøµ|¨\­+Mq+zÍ—uR<¦lãÀ&ocšF–A9»vx¬3HÖ=é¸[Ÿ=ç)¤ÝòSß7ïóùUÊråÙIôýÇìõîŸÆG£]œÄÄ-á#Ë{;|ýÚ˜ç
-N16ȉÓQ†ÊÙY kÆ$Ìl9Ò.bŒÂβMÁŸï^ÃÙí0Þ}à^Ctnkۯȱ±…øGD2ƒ‡îö‡1:(YIð—íåo¾…Ú&á¨ÞŠÝ,{ œÇƃ`—3L‡7)IA‘W)öþLS¹
-Øk^uj’FSrÊí=Im›c™<W{Wl ‘Å$ÁkúHyO?È×äàz--&=¤ñÌ5®WÜKxÌfx'ïÆ/e'ÈÁ)(åÐ ºÙW& š†FÍßkEZß´F”ªÚÄž²K1”¸h‰­Ïl~˜¡*3ëp­1¹Ã#QñûÄ`‹†}døƒxµŠpøz')ÛóˆÅä|Þ‰‚'ÿëÅ]Ù0G›³S‰D8#AœQJúxÖ;‹„ÁÆŠ~±x䬯òô´~7ºë.®Ñ»apÃf¯J{rÞfžnŒV.’¨
-¸ ÈlR‹.ç$º eà™WåÑ9áä[ÒWÒ]Ñ“ ‡r«ÓÝmLRMo›E*ÃYäѼpˆÇø-Z=Žï² ’­ÜÿÀñ7&V)Œ+7¡â?n`˜›zÑZÅoÅ2‚å }Ú+NXã7D•îÞôIª»‰ÎhâÊ Á¨ˆIá³”ù¤(ÉBb«§ý)V{uä{±Dßí\¯jV;ÀÓžÕiŒÅБâÅöÒ›ñ#Óœ¿à1ª/ûyÙ,„qÒú¥÷#_€Ü€•‰^‰¸£m¼HÝ¢È
-ã}Ôd¨¡Â<‰ØËüAr²…kË˪=T¹á‚jÛ–|0Q¿I+×$¶&yáGØ6аU+ý¢ù‚ÔRâáK _Ã?<°1™¶Î^ÓŠ¨·Â¡é3˜«Áûaê$ƒ¨}ÃòüÅùˆªÊ¬šßÏ#ÞO¿¬Æø¡LD0?䘻1Õs‚1Ïð/õc½šéiØÞ#uŸE¥»)·ZÕ£{U¾¥¹‰’Wµµ™YúñÎúÔË®½¦¶?•\ ›à¹BJ…ÁŸýzà<z½èÊQv6R¦CV]rĆºv_çëkðݶ/÷#{°¹X‘€øÝÅ’˜ußž›Qµ¿÷ÌزǴjºñEp±Ãvj¬VâüÉš–¨Å0¢Œbã}»(ÏQ•»cT˜WçÜÐúŒ§“N8!%8½
-Ñ|÷»´çPð¶IþE7×KÊwñ2Êß›>äÛ]UhFˆx)ž–‡f“S—RF¢[ ©CÖÝEUDùDj¿'Ù#7†ï#"ñClàÐsg…Þ?¥› óñÁP0µîÑTwL9…³û-ÁòFÕÇÅ÷Ôç
-õˆeò´ª
-Áí!Ù‚m vžÊÜ1|úNÄîîÙüé ÉÔÝ¢Å,(7Çy$‰ÝS]æYÁÒ?À’/8#ÙÏÌñ¹Š6žvvdR6&Ûÿµít¤»Ò%šï=dË]¾¥-,¾µ‹XmI·§—ð`dã I¦&@ÎÕ cÿ.i¥gYñ‚OËà û%UîË´7’¤¯ý'ÉkÕåue¬£r‚÷Ç)ÚJ~\ë³³sqŒLÏ{KKQøvOÈÄï.BRœ,£­6ëM‹ñŒ¦ÒOÔéìœjªjL/I¯üi¯IRÒÜÛÉ4Þx¸’ô»¨t.ô›7É w^ÑØ=ˆˆêÞ®'ÔMò(¾ËqçAÏnû˜Õ<&hŠ\©Å{¡gz :-Õ« ‰+ï—Û¿hů–Ë’¹u¡ ½[ð®Ù©m8:y‹pU72_ò-|g$e™.¤Fo Â¯êŠ~8¼´ˆgjtÆ:ºHNÆÉ䓸j2›¬¡gŒ·WEhíŒh×zSL7qòÃËÍ”¾GEYA|µ,ƒ Ø'Ù×È*f²¦=ÇЋu¹¡Bn½x)þ“sìbµ¥¥¤Ü/©¹Q
-|X‘Å눈qñã³L¤®&<…+÷+Sùb µÇ[ñnX‘¥BFú³×ßhKmÊ»‹Q½WíÉ/>i§¿RPßUܤè3¬oÄFÊúÑv~=M‰h^"vÝ_ÝÍ^ÕçÞU°nëRarïŒAV0Ç`ɨ'lµÍv»\Åÿ‚„GÑ^ÔŒKVP×çl"ûXykÛ¸ͳÞíCÂÛßyæ æªùE»xj'ï ™îò
-Ùèâäá òtÞê!H3j.þj5°ˆìÎV†É8Ý}sa½††^+Ô8Ñ (lAÏ\øŠ6T‘]vF¼Úºè×ô˜q.‡”ý²n¶Úƒ^kT~§jßë•›¦9ÓÆƱ÷³’£mÌcØ$iq\¥@”±>OÝ:^ß!î&ʇfx?J…Eôá­~šµ
-s°3…Ú yAÁÎ0èÿòAû_–Ÿ|üendstream
+xÚízUX\[Ö-‚Ü­‚ww·à\ (¤€¢p÷à$¸ îîÜÝ-¸$x€p9§ÿÓ}ûtߧûv¿[õ°×cî1çkîïۛ歪³¸…ƒPÆ efga
+}á5­]
+Ù;xTP Ä~¡¤Ì]ì`¨†‹££h¡tvp˜
+´spü#Ó‹„, „¼mñG¬ª¥©´úG»
+…€Üúl,llì
+ S÷ïôPNnqÊÛ±Mææû$йýfCeQ 5f$º%¼c¿¬K[-U 9æs+p:®0õç"¬÷룖Úm}±û‹£­Q!q+ØDÉ;ß*„¨p!þw‹¨âZꎻŠ”:uVåssª7ä½
+®¸œ‰›µJZ]‘u1ÆS`üf+5â-M®Æ[­öŸ:âñ;½«ê‘ úŸ•v!w÷_ ò}U¬¼® Vć"Ž)Ú„€™`-…à%®ªºŒ«låVd¦«hÅn d$ƒOËúL¿óƒfûQY3®‘NiÚÈ=VdöúX6–et5®/_Ù¬ ‰’í¥¾r7
+£XÞw7.~ß)ÉO}œIž°¯ªnÔ«¸Ÿ¼šX¦y&o{`ä*´ <éRëÌëÄâEdqŸÂA^"º×ísy¥–l4:e[EÜ°ùH$`6O …,ªØT{ÅP›‡2OT=pZ)Šö*ÅÂA~FŸš,ÍçA8´DLŬÕ,È—È·Úqð<2DKÌTÖ—Òn¯&¦±yZÔo•y&Þ'Ñd¬ä“™–'æ5K”„Û"M£é6g… {4{Êòûx­¬ß­³HlÜæJô“ ¼[pÑ'2@-¤)º<Ú,,‚TÚbµ dN7eFnnïýö¥ùx/úAD™<'í× [Ū6÷>µP"þ{ØÕ—<¤aãq´lÁO²ì,ËBÌÂcO#ÚÏ›‚<+>š™p>Ån ¬Î xëV†Ø=уZ;“x6n^׸X ­»¼ #) Ar8[!qã{’u]é[‡¼G©MãÈ}ÓºF'³2CgE°X¿|Ú°ÆC3µ:Ñ|J¡¾5Lµ£ÌC<CšhÛ›ñ‚<7š+)­÷Ë%ßÌèÅ‘B4Ñ‹ú>—®°õÆ© %Žhzé[È­"wúýœªF*;a¨ØE@'dh¯ÅDx·÷-èàŠ9n>íl´8•,ë[ÒØV¨’¯ð
+ùhÈ·'d~ºñKzª«5H«2¦iúÆ÷†^ôÇ-<d©mf„ô·­³M,å¬r÷Õ‡¯$Ô·+ÒQÙ¶™ÿ 3— ‚|r‹fÊè[Ÿ ¶lß“þ)ðs4*ÒŒ<‹ÃÉ ‘{h°›ô­åhÆÀ©†^Œü7®¥"¯J_eqiQ) b>WàÈM=ù…Vv$=è‚: \Ll¯ª6AíUp æf¤ŒÑ; ‡Æ|*¤Yy] g)x¶@ L ríÑkogOòmµj·áyscâ(Í¿ìò¿>¿…õ¼å¹àlDC¡&AAí~f0QÐÏí­p›¢Î¢~…f-§]UžâDjìDÖ¨ŠI5èÙù¹ç9LÈäy£~l'–Å2!€œQEÂm%“Ð=·¢Ðù¾eos÷Dç<`ÎÍéuD¯p¬áœCJmÒfc©Ôž·çGßëqÏßÌiÖס óÕò0®« }‡ißAÕ^Œe®+Í{poŠk„°\?é…ß/ ÕŽ”ADsåðDÆ|!OºEËqsœÂÈtê¿IÓ(!gåXnD²ã³§jæò|CCZ+½îÎÍWæè@¬ÕÉÿÊØáLÔ K˜Rðgj[Ánñ¸òé]Û¦@ ·è yl=pÅÆö`úæµ1MÙa¨À$‰·­¢FEKs9…]#e!‚‹·/¨‡t‹kw¾jAh¼;><©•>ú‘ú¹ý¨wìRä[ ‰F½ 7¤ýºßŽgrÀBQäÈ 3"dÒb] ÚQ™£‚!fV(j¶ôx,]{ïsñdÊñ£®¶ŸßÅ׺6³l ôÉÀ€;û5rR¯:Üú”¸*bšëßöÛX©ùVlÅf*ÿ)¥ap#cRÖLööQºbj¢.Í÷[‘ø­õºlC85©5Ú
+{Õp­Û‰f´Ž»GaŽG@:V’Õ.gµEr^gõ1<G³gb^Ô<&æa‘>¢QY­§Àí¡î/ÅV6Ç
+Ž”ðv1ζi±'÷ªCêjRáo‰ZÙèú?—gÅ!yzÐ8½ŽOlt"¶ƒ ÇgA9d2³^žñS-ÅE_ºêVY¸
+D¼ áHwb<,É6o[£Æ>c“ŸÙ!4¡kµ~mÞ/þ%}²˜1H2Ýjë/³ë›/¶Îf™ÔtÌXÃøsXOr7}åjêïDS±ßwÀc=Zöí(°ÒÊ9=ùûQ’i#÷ øt°{9ðüî;÷e×¹+¼Sš¯!Ž0Ûç.,,Yÿ¥Â¼|7îfÔ·ÎôU4Í54‘¶ä0ÍG
+p0©@Ô€ô«‡Vý°­|S6~L¶þñ ­ý¸VM‹KøŠãÚñR¹ “åÊê¬<·êíxÓKÅÞÅ.•KãÕá— #¼!{5©"m(³ µ ø—Çù鉺£D :¾W$ƒÌN‡S=ºYsuág=„ 32+•–«æ`-4‡°È—T¬¹%õ¬Ë'C ÌxƒÈíÍn´ý¾Ymªg"Žæ¤—œ[wa0¿Ý]tkÌ—îþÇ‹°”^¹@zŠ£ß—"ÉÌdØ¡¦ÁÅÃ&¾ßÆçšpÜíý´óØù!n(¤ëó gÜÃrY`/|ÓÙL ì:8o½T ùFÌF²
+q% -7Ø?›ž «$©O\W©œoE/4©ïH¿ hJœšÇOçq¾Þâ_9ä¾›Æ Ìh&"m敬 ïm&ËLñŽvIªtâú–1Ÿû±®Ÿ¶~’dßR­L"·0ÛƒÖÖGß²ô¬¶¼¥œ~Y‘"ƒãw»ƒ&5²®ÄKj¾c¨·_$gÐÊi1òûÝ
+¯;眷J3ñšÈWÚßxTÌÒ4Q><ŒääW/•Ä™sä'q‘ÜCxûŒÌÞS¼‚ߟÖÏQUeï¢ÐsˆÀEÌ4'Ïá¡ÞsšÔYêR£ñ“ÛܪMܯ€</Ã<%Õ»t0<b'–«‡Øö ûç/*Ï>m_ v´Ÿ)Å+8M¦ÿ0…˜ˆÙ0†3$'=¦ç¨jÕIýþâ†cPãâèá`YLh:çe|ÊF%‘}E±»µclî=|<79
+{/}ºo'uä.ÙQ;Ù?€i½†p{ë|ÕSÈ‚%¦ÌOó8¨*
+ ”y ?¹úD‘´§‡·£«¹×Q¹‰hPe¤Í2ÙŒ¯†€H‡¥â²V ä øÛÝÉ­š²Ü¶œUñ“÷Ù¶ç~~4uúï_E@™4c/Q¯¦ìⵋ Y™âþm– "²ü)ø%m=Ÿc½â$ãoÕVk2ébÄ7öä— æ|h‚WÐ&^®7Dg—¤â{Uˆ9^ÖËše^Ô\áÅÁ{RÁh¶—YrºI€óí›æáKDÂ^±”ÎàŠ½d3y”ðoÙdx Qsi˜LM”úk¢a¬•‚„]XÏ’WA7o›BÖW-©ïÐO²í-Á0²Sú¹;³Å“àZâži½Ìµ”5³ƒ,ÚÃM¸Â:CΔÔ:Rš™Øò§¥äõT|tª®\ÁR0­A ù€ ?¶(2/^¤”é`ÏxþØnJ‚æ!¯"´àËR'­Žr©9íªu¾ºÀ\fÔH¥NQüY}YrRÕ×[m[ú>»ú¿~@è²N”Q)ljXlþ‰ûý`c0ÊÔéîà _àÎÉSÁ„K zŽÏ¤ô“¤ýŠQ5®M¿¤×„!uV»‰×ëþcf¸Ôø9Fš÷Õwº¦”Mi¼Z
+ï‘KËh¾ìG£`öúXwô¶Ræo¸(öYÃäD‚x¸Š¸a¯Û×5ÏJNôÈY|ø¾Oi³¿­Ô%¶±®õìÞ»µˆ¢}J2;„6\Çû8::r;Ï yÄG«;6À‡é—|~‡ Ÿ!¿#f¸Ê|î;Ê·Lw÷6Ý22¡¯Ê•ÕLñãblx£¹æÁS±2†Ÿ['“v—ôP\¶ÒýÕ0A"ÙÐZ„ÿÓëûóÙ¾†¯W€›‰:öùχšs0çÀÆ‚ dGöÌèñd MOmˆ:9"Ó¨Þ¥‡°Y¡A0H›‘è1Û9ðÙLPÇ›lh3V<uÕÝ^•Ÿ:öáÌ&Æ^`¦écóºÁÛw*=>M§-ïîÍ¡?iOä°ÌWj«„øÔà”"†9˄ôu˜&r'o] ‹/šîyqû>Ìz4ú•Ñ±T Ømõ+:l¦àpm¸¶Æ/° }ïÏ.òü^‡\¹@”JR–â9õñÄÚCê{Ï´Â&¯oîr'r‚Úæ5sÇc7+FlH%И§§Ý:œÂÓV„‰ÝH*¦bjŒ“F¾( &p*¢$N’€…›mø ¦_n«„´#Ýí¤Ø¦È½-^pn¯Æÿ²8Œo‹¨¨³…ƒOr
+¿@a"y^fJoþiÓù°ûSòE±cÉs6áŠhf- áL<“×)eø#ÂlãŸþ+ì¸×˜ýs˽¶9îÌŸ42½ã)5t°€›`ýpüYeÚ2êÁÃô¯Elh1v"„xnÓ¯Jë$0=>Ù1+#wû&RÌ€IñW¹rd”Þ êΠè^½Ówô9«=þhóËd"·¶"ÇqÓÕ u$õ duã:pO®+ÛÅñX–Gï%4í£ÑŸ:¾¥Kˆ­ŒÕûÓû]à챜ÕÖåQ#ñ»%7׎€'Úzô™æ¼Ž<_MNXÿ2ÓÙ»jþTÖDj Ë1K¥®%Ö—·UWB˜Ü]îáY.;y )ï})6ĶÐrsí”M¹kIY™Y—ñ[L›
+¤ÖS è Pù6lêÙqZ|칋Hªb¡aáæ¡*Ýmæ•Ù¼g•Ã”¬Ü»8õ ­5ªœ8$¥Ü}½X9šzÍð(žo\:ö ¤wŠ[Sq®-Ñ?˜
+,‰è.ÆU7F’«Ï´^ |­ðìëáÿM¤‹ŠM'©Jqb©úÍ”¯¢Y³‹^ðùvÔ}r…ûIöUb§Ã‚÷çRŠõµBÔFÞƒKÑ4‰´t
+k2]Ÿá‹Zš¨ïîæè259 ‘¾[kUs v÷^‰1ôø¦û³«éûP¡ðœW>¤óe:smŒþõ#÷C8]¦åieuº˜Õü9
+Ýìsû‚[VqàÂï®ëLzTŠ­õÁêIëÆÔÝñ¨~÷WdAZeÊñúÙ0“]oy•ŠwâƒØ܆dúÖ<»eÇR¯¢Óz>’¿Ñ>Ýa=F´ÿdêCÆ"fÝ*šýZaå‚ tƒÀaضsF”a|H[bÁV¯a€40ýVF':CÑnsò^¯™É'ñWÒOŒS^ßpí~h!wŽ!¿Š÷»Ö‘¸9à!÷&&»Û\Ë3Ilj®Ö*ùw<a°@ã?Ã/e/{æ,¯i’Þ{MeÁs‹ èñÍšnaÛç _Déù_%o~J(ê(¦GbRBÎáËýþkÔ‰Ïx[Ù4uL©MŠÀä°Í™Fžø¥»/³WZu&é  ¼r=rÆôr[; a£˜—’l®jŸtÙF‰{^º¶`ÁÔ_
+‘H—µÁaSh^™JRèáJÕ¥ÖpÕ®¢Q!‹ƒÜ€3„ª<¹Ž†ÍØQáá)Ê´cû3$‚$²o‡êXê`Sê!•Ïõ¹x;‚DÇL= à8LQ¶Øî—Ã%$¹yŠÒ­o+è¢p7(š°b\ˆíkè®uL[± rr_èŽ&P‹.jÿá#Ž~+gŸ2;9úŽ×„=ŽtŽ>d)¿ BƒµP³o7Ö ò®>´Dÿ{…3Ð-Aàq‡~úÁïêWÔŠ_<ïúø™Ñu&ò·“ …™Zâ~¥’ë&[ä[ð.¤|G˜ ‰Éâ¿‘FÔMö& ssoMïœR/[‚1V§T¥{ >Â7ëb`âŽÚ»[‹ÄBÒ<c¯©KI;Út²ÊŽpUR:O>á Yèˈץ;•¬û: ÖÆt^Û›M®Üq0f'Ä|j¡jf«£²’ºXÌg†ó‹Ä'>oeàLôí8N§2–©êÔêwmL+Ùâ¾¼9À]ÓñHlS¤”Ô^ 7hdÚ†išÌO ¸6H¨PÑ1×w ÒT¾ù©½3©t/ê&h¹ŠiffPï
+Æ÷J}¯ÕHXÖ¢J¬heŒñº/½u•f¼ET©q‡?G@á¨<íì¬Zð7±nvZ*….6kï19˜"­r™õXS?ëî¬)«Ág¬'Œ÷¸ØvðM¹÷*kòM|ýmë`#åÐú²Æ›31Ï€7mï¾¼¯k`óçÎÊ¡ÛMªžŸCY¯n@QÕò‘»Êq°0R*á;漧hnIÜ©ªÞ´'¼¹Bõà°e€i- C>òޡÙ¦üÍäüA²õWšSuúÛv¥ÑŠ_—\T>t8[jÁ£e·š½‹¿ÔniQZÀo»çµÒfzªwλ½Ï~†\£Á Mfþ4@ô¯™:Ìw3âÓh,FŒ{n©¨ãåàø±c.¢Ó´Æ °ˆË:Ž>üè¢(´4³ŠuÁ"Û}SüÅÊj›Y¡Ðm:ú–%]ì·{Äw'¡a[ýÐ;b³ o½Ñ^š©:ÎÔ§†LšŠ¾•S)Ló¦å¯V¥¼X8M9ÛE<ć~bÔm¬Ê<áe˜<€çI}xøÓVîH¢9´Â¼~°@ÎìfÛë%²/v»6<1-ô£Þ=þ.Q¤€íK^,1ƒ U½5 Ýå¶í$xtžœ¶~£@Pžâl‘¬‰N›^r0õ{¬Ayy¬‹rÚõçÇÔ]š|ZÍ\®'d Îy8£6̃íÿò‡òÿþŸ0·šB ö¦[/Ðê
endobj
-858 0 obj <<
+863 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 2
-/LastChar 148
-/Widths 1325 0 R
-/BaseFont /APXATC+NimbusSanL-Regu
-/FontDescriptor 856 0 R
+/LastChar 151
+/Widths 1330 0 R
+/BaseFont /PQATHD+NimbusSanL-Regu
+/FontDescriptor 861 0 R
>> endobj
-856 0 obj <<
+861 0 obj <<
/Ascent 712
/CapHeight 712
/Descent -213
-/FontName /APXATC+NimbusSanL-Regu
+/FontName /PQATHD+NimbusSanL-Regu
/ItalicAngle 0
/StemV 85
/XHeight 523
/FontBBox [-174 -285 1001 953]
/Flags 4
-/CharSet (/fi/quoteright/parenleft/parenright/comma/hyphen/period/zero/one/two/three/five/nine/colon/semicolon/A/B/C/D/F/G/I/N/P/R/S/T/U/W/quoteleft/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/quotedblright)
-/FontFile 857 0 R
+/CharSet (/fi/quoteright/parenleft/parenright/comma/hyphen/period/zero/one/two/three/five/nine/colon/semicolon/A/B/C/D/F/G/I/N/P/R/S/T/U/W/quoteleft/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/quotedblright/emdash)
+/FontFile 862 0 R
>> endobj
-1325 0 obj
-[500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 222 333 333 0 0 278 333 278 0 556 556 556 556 0 556 0 0 0 556 278 278 0 0 0 0 0 667 667 722 722 0 611 778 0 278 0 0 0 0 722 0 667 0 722 667 611 722 0 944 0 0 0 0 0 0 0 0 222 556 556 500 556 556 278 556 556 222 0 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 ]
+1330 0 obj
+[500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 222 333 333 0 0 278 333 278 0 556 556 556 556 0 556 0 0 0 556 278 278 0 0 0 0 0 667 667 722 722 0 611 778 0 278 0 0 0 0 722 0 667 0 722 667 611 722 0 944 0 0 0 0 0 0 0 0 222 556 556 500 556 556 278 556 556 222 0 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 1000 ]
endobj
-723 0 obj <<
+727 0 obj <<
/Length1 1624
/Length2 6416
/Length3 532
@@ -5339,7 +5347,7 @@ xÚíteT”ÿÖ6ˆJHKK Ý0„Hw+%Ò Ã
†ÀÑn€-€ýu
h
óø7VW4‚üéo²¿cÐM9àv7-á
-zcþ {f;—ÿá_nó÷Øoõ'rA=}5íÇê¼ÿn·þÑÔ½™Ì3$ðÜi!lþyøÍ£¨ˆpxñ‹ ø…‰ÄE
+zcþ {f;—ÿá_nó÷Øoõ'rA-M­g††¼ÿn·þÑÔ½™Ì3$ðÜi!lþyøÍ£¨ˆpxñ‹ ø…‰ÄE
Œ°ù=3úÜæfÌþ)ø ƒ]P¨›îþ¹ù7Iÿãügà!w˜`þ,ìš‘†©¢ÎîU6ëîÂéAÕ>ËÏó¯@tø¥†¯I”Y]U†Ô½“üõÖcfùsS“gk°“
ÆÙ‘ 9Ê¥÷aåîÊ#[æhyÄ»(hQD”v`íõyúÉêmS1 áÖú¨ÞS‹Â«» ïZDPxŸÏ¹ýY]óü)ØÎÄ¾à”š”­¤uXäU¯÷8wÏÏ8{‡úû:¾ÜéÚ|Àûê>»”ëm"Ž(çWäL ʼ"ØdU†FÈî™'*¼cYô"òp•ÀfZÕË9%›,a„U$ÇG®ÝÇ•%5ÖájTp‚ŶF
2õŸñV
@@ -5361,95 +5369,111 @@ JnbÊÄ它+·Â`$úÑØViá'Ã'»²g+€³nÑ©ÏÌÓ$v=Ëm¤ôÜc{d¥ÍñU
¹-gðÊ°Gülèëê)0â*þÞRþØònTõœõ}J|¹W`‹ÇUc0æû$TÇÓžŒ$,îD‰[£¶%L‚ßúüä1ûÊ”*’Z”…Fßϲ®á±a|Ó
qj‹ÂkZŒMšpïq­¤«ÚêNg¿W¡•hœ;bÇ+R­¿ÞO+þ‚¡šá Ô4Íó §Â—aâtÞ™Ÿ+ÎÞ¿N*~˜%'ðÁΙ¶&[ˆbÁÏ6–G6wÜàÛÔ?áúœan@ÿym˘Û€’Œ—îzÑË¢z~D’åì’ÈÙõ¦·ãËó0šÄ&²ž›‘Éý˦È%£.F%â~*ð(
pì4`Ð"6H#ƒéíû)?/ïCC ¾)¨ç]‡œèJõr~[Ejq/?Vö(M, ‰šÜ d{sSø¬ÍrsÃ@‘:ò´
-Y6ë-¸ëdgéÓ÷ÝÆ#ç»u~7½ü¶§…YÒô3‰laï—œ§~ž&Ìú®—š‘µ2mzm)!ÙÒÃ+qt—j¹»p¬íi¹¤z%Öj"ï«õñAøÊBo³$?hù2XèÔvožÒ¾Lÿ Ø(¾S®éÃÖ³'›#m0zmâ <ÀM¸ÎUi¯jí2h¸ŽYVUU¥da{
+Y6ë-¸ëdgéÓ÷ÝÆ#ç»u~7½ü¶§…YÒô3‰laï—œ§~ž&Ìú®—š‘µ2mzm)!ÙÒÃ+qt—j¹»p¬íi¹¤z%Öj"ï«õñAøÊBo³$?hù2XèÔvožÒ¾Lÿ Ø(¾S®éÃÖ³'›#m0zmâ <ÀM¸ÎUi¯jí2h¸ŽYVUU¥da{
+endstream
endobj
-724 0 obj <<
+728 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 97
/LastChar 122
-/Widths 1326 0 R
-/BaseFont /QSGNKH+NimbusMonL-BoldObli
-/FontDescriptor 722 0 R
+/Widths 1331 0 R
+/BaseFont /MJMTVV+NimbusMonL-BoldObli
+/FontDescriptor 726 0 R
>> endobj
-722 0 obj <<
+726 0 obj <<
/Ascent 624
/CapHeight 552
/Descent -126
-/FontName /QSGNKH+NimbusMonL-BoldObli
+/FontName /MJMTVV+NimbusMonL-BoldObli
/ItalicAngle -12
/StemV 103
/XHeight 439
/FontBBox [-61 -278 840 871]
/Flags 4
/CharSet (/a/c/d/e/h/i/l/m/n/o/r/s/t/v/w/z)
-/FontFile 723 0 R
+/FontFile 727 0 R
>> endobj
-1326 0 obj
+1331 0 obj
[600 0 600 600 600 0 0 600 600 0 0 600 600 600 600 0 0 600 600 600 0 600 600 0 0 600 ]
endobj
-713 0 obj <<
+717 0 obj <<
/Length1 1630
/Length2 7779
/Length3 532
-/Length 8653
+/Length 8652
/Filter /FlateDecode
>>
stream
-xÚíwePœÝ².î<XÜ îîî—t˜Á5w‚ n$¸‚%¸'‚Cp¹$ßÙ{ŸúîþuÎþuëNÕL½«Ÿî§»×ÓkÕ;ÌôºÜrö¶ ew/n>^q€6ØÍÖ¦åá®É­rôÖ±u
-(è蚪i«
-Ðõ~hÅ  ¶¹Ã@ì
-rBí]A0ØÍ÷ïÝùWŸ€ÿÖ=qõûíñÇëŸ5€½` W>þ‡œv^¹Áî8O‹š»ƒ€÷/»½7ä˜úgƒØ~Ï ûC@{wW?€=È究‡×CJ
-»R®E3Ý‘làJÍ
-cŠöî«x—xââµJCvnƹ9 a—ôtif¤´¨Þç¥ØõŒÇŠÅêºÈ´ØA\ùC>;Ÿ>lŠÙîÞÁiCYŽ.¤‘4¡©…¬JˆÜõJ4È tîmw‹eÓãM΀u`ÇnŽþkèH¼Z-ýÔ²¾òØ‚ÙNFŒr1&–]úä®·OP"k{gË©Ãçtç¿žìE<éÙ€
-gºs»~“©¹€8Æ஺|ÿHV!Í)/Ìü¨/Ó£ã@~\Z`ÌؼöÎlSo-ZÈÉKF—úÎBü.æT¦ ¸Ú
-°ãRÛp¤Ivviâ=Å*))¹H$zdHÁ¤Reü¶9G«bð´ƒÈÓ¤øº
-K«tªe‚c‹"î^´JÓÈËví4õ¿I{\¬F†R´”‹g8°¬%ã„œ¬ûcT»;±&³R_¦¶‹{¿9ƒó(¥žÃI[“ â‡T%žZÙÉ¿G^ŽàšE–ôÖÖ’§U®“ÝìÃ;üé–+’ˆ):®Ð©/b¾z¼ß‡ A{äoקŠÊRDC§Ö8°ÜÆRÉÃ3U4nâ
-E-~æ¦Èv· ŽC4‚Jç쨺ùâ<´õid#ïøîä%¸’Í©1yrÀ4À†zñBÉöÜÓ¤³£Z¼9ãÕ7˜MyÏ'ü±†û‘†ƒÍ€ÏoûdVô]-Åä}Rj»{'cQˆp—ðöëóÉç «
-Tç¢DoznÍÑÖj̺…}ÉJyì«<ð:ž³ˆ7€Âºc9:ª^âÐ¥¹IúeÔߦV¿lNrU-Kî•5Ú7”#ò˜(JVòâͲ" t#+^N9W°"’u¿Ðеh•É ü£Ú3›Dð >×>p±è@Ü°ªéÄ8Ë)„,zU ‰§–K¶È."‡K#I]C­vúUzÛ7¬¦)užr2Íj—ÚËhîaŽ)z*§ 7±_‘²lÚ Yï|ÿZÆã[¸ÞoÀ3]ñÀé åZFÙ#pŸ0Ý%ä Q5yŸÊmÇë„@NjÎè?8©1÷ƒ<3c¢ÎO¾Æ@ûã¨<Ù¼µ˜vfs %<L8½»r€Ü6·?èY;<1O¼-¥ú^[­ÿê²é»éÄ«L꣚ )(ÊÑì;Ñ¥–‰žI¹6ƒgw×öÖ.Ao#º =ËØO«ð5cè³wŠ3ñ2™õ%«åUÎF¶Aì¨rãBX™þ‹mµxc– ߟßkL«¡Ë|MÊ%Ö×î].†£r¨‰ü¨‚ÝYûï ÄfÂ20§L¾È¹¯1ó0æPôWö[i 
-ÝÄuGÔ)1ù¦3¶RW#ÂÖNYÊ?£q$M„fBÑ$÷bqÓ7yŽ¾ñ)‚±ôœ£Íúòq¥i{F¹Ù*®!þŽ¦S5º3ý ïý±ÜJwî„kÑ”)ÇÊ¿÷«¶•b9_—ŽW‹²Íãùc}f#´²T4žãcOœ«Ûe>þ2£:)€6¨‘d¬²ýxfó5éÛä,¶Ï¾ºEØ”p~¬åÝG¸öTGQŸ;ë>/,>ËÿÕBøôâ§Ä§®·q7=q&m7Åçòe»Ï÷ÈÞ¹“Î œu’1Ž¶ÛLfN%¬¹R×—´è©}U5B
-œ(œ¯Kûñš_…ÔÛ´dAG;1#ž$ÔËÀ!°C©¬ò¬=‹%…¿ b©£üKq/¡Þv£÷W-¬¼ƒkƒ>¶»T„@¯¦ý÷ÃýL›QôX´s ¥Á‘É]Ò%ÇÅ93ÜÐ@´‰É|k¾:ƒÃt—#&kû3es—Zâ.šý O™åz‚m¡Wœ¥îé¢jUËï¤ûHÞ8xi½Y› .yy?›`d%´êPšš¯SzÕÏuœþâ^h‹.Þ…yæRqK]hHñX JÿˆÌìÍ H;‘ÃTª.Î(ÛŒTØ2; „¢ŸIhƒ=¡ÇèIwÛ )²öU-3^ó3Æí‚÷xg¨hѽ²ò&üë²ïgU/Üå-"¥ö6øÃH]ÇÛ+2ª¥ä×öû2ßùJ'ÒCoBñ£l4£%FªÜ1±®´° ÃVûbþ WõïÎG@ôÈ{1ü£Çæè)¿êÍ"^þhzgå×½ýG=p–:Ž†¬RG!ó饱2Èòføk™37¿r¢˜Ãê‡&i‚·l»ý>íýiLÁo®âõ_ô±ok¿@ß [ÊÒÛ`“Pc@_-—ÎWzÇÎ\–¿vApÃIŠ¡ÒEk G®ˆXèÖÙb‰ÖÛ•GíEPc³êÚ
-tž ‘pIº¥/ûmw
-¶J¹”®¬ü­Ázñð£ËHVÂ4ô©zR2Š·÷_Áý ¾ê#^ØW´ÝTšÚD¡BÞÔii¾âä“[UšÞxX?)IHnÌEè)Ç%<ê´©Ë·—æ3,9ëk˜9 ×À¾nÓHc—rZÖ~QvïÀm3³¾Om†oO ]~³'¥p°d#Æ©èŽSî™Á"}¬£eŠº«ø&FV¿4ïP¼&áýû¸Çó¨
-Y°¥å*„æ•Î/Ë\‚TM1¡e›Gê¡z{ýý
-±öìxuŸ=§æwÇzÙ}k^ e¶¼äõlfq:~ý©K)«÷Ð1„r3•ä¥d}µöK Û›9Ò¸ªQ‰çÙÙ¼´O·u“í)„—ÕRi
-¨‰ÎƒP.H©Í‡oíb@$„(-¥6)¹åõ7µC6úÚ¾Wa;‚ž8AES-®¾•Ë»-_RD´2?›+uÃ-çL<-½Ú5gñ&#HIº´
-^*É=ð py–ë9>’¤†¢¤ƒÐÛàƒ£oX8Îr†?-°UJéèô™—â!ñ§m¾§h`f©°\¹b•’wîòX†Ï<Š"Ä£ù–$(IWÚŽÇ3uPjü).ïU¸Ök‡;“äwŸNvGcâ–1R_nÜ+t"uèéæ;éÁnÈJÙ}ˆãU·¸ÈVq|HÂtkÆò?o±iåõÞŽ ¥j†nR~˜?<UZ{Å@¾H©#s´‹°ÝàKJG¹ã=©(™lwRk÷*ŠÀØÉçrÐÅŸG«Ú}àìq$¨£¢˜FÁg]ä÷òº„3r¨kï÷§b¢Ùk—@fæNiUë4ÍžÇc¿.©þp¸Ÿè¼»™:Gs-sÛsxÿ¥&ñ"Ž{äã-½KOûÛ
-LöËB<pkR[…˲³mLEãЗ®«®ù‹pAÙmÞÇbhü“¿à0±`×9IÊâgÛÆB±
-h¬!O•æp'H3Ÿ%­žý(Ã`º!Å'æòf«d›BÄO
-£Ô}1ƒÎ&Ÿinö4°¼GÆpÙ {œlû2þ2â¹ÐðîGµ€òú8nÒ¥|°ηƒPÒÜÊèiˆÁoµšf§¥NIzWÇx" Ü>²ÞÏŒ±Üi%A¥úƒB-}ï'5"3!ç„v€ׄŒ´u«ë_;üw(ù;¢ÀxCæZ³~™ÚG>-°õìÕ Ô]·D“§(¨k@ñ»*쮓Ío¡'†>¼’ÍÊF±½±yåWÁÚ‘N¡ucÇÈáóôžílFL 3H"9šã¸ Å؃}&ãïã¸ò+p\dPµ™]SW¨ŸX£…k‘ÇoÙ¿„ãq )àü’°Ãs¡i´©Ð=‚·p³Ü¡Ã¾P½…{MÚ6iÔ,¨eú}%¯Vµ4Ã~[Ȳӡ}³} £ü¾£›"&øÎÔÃÏÄOØòØ=™—rA‡ž°s4É]Èìè%ÚT\*ü•Ð•ù¼Auõ1ç)5E‹'MPf¥›ŸÆ’ùf½ÏØJ†jõ‹oŠé@.<ÓÒtøßõLmKN¿1=ŠÉ£&Þbh쪊ÿ¡¡=ÙÏéyÊ­g#`qTÁóÚ4D‹:Ø°‡TÐ
-ÒØÔ*JN÷eg%³{f.þ^íÓ'NßÕQÏÔB_{¨ ƒ²Öƈ´B
-Ä O"‘0Q*Û°Œ(‡–±å݇{úÂ3¡c‹ h×øÉ6HÂçk? ¯ú²Íhüî‰lßê]ÊÁËð(ç”´bl¤°iäZ£ïŸ½ž4¼|O€JˆjT-À`¾Bu}ãâ @_‘MËÙÖ¶+Ä/ý‘0“ÍQOó¬©[¤3¡ËÅß_U—çØ8L†ºäx¾íúìÍg”Ìï}Ƴ'c¸§¨-ßàÙwrÏ}Q%ž8÷¸—G;.qyòWïz´sñßa']m` V ~Dßpó±hø-ô@z_EV;¼Øx?êè„ñ²‹‰[>>©J•G‰G"%soˆ-À­¦‰é9ï’*†×c_o…µ}:]æ¹öÀŸÕÄš©H‘§ðt~cÞÊ_JµÊB«z²
-5]˼¬<~Ì<:ŽKrêàjvJå‘#z§b•{ppÎjDöMôL…:£ØÈ–Ä|¸ñGvOØí¦N¿†Ë~îö«°*§¶Á aæUã[Òœ__È1ËÂ_F ó¤G#œ>cS¬?æ=Oï¬.y¯4·YP½¡*[-—³ÓdNWî` Kh%2{%² xY®H6.æœÑÈ®?$?òc®)hpóB'«02]ëãGè’}EϱAlÁ‚év_‘л«Ñ
+xÚíwePœÝ².î<XÜ îîî—l† \Cp×`Á‚[ .A†` .Á à\.ÉwöÞ§¾»³ݺS5Sïê§ûéîõôZõ3½®·œ=Ĥ q÷äæãáhƒÝl½àZwMn}£—Ž­+ð
+(è蚪i«
+ÐõzhÅ  ¶¹ÃAì
+uõý ùãõÏÀžp«ÿCN;χ܎`wœ§¿‡EÍÝàãýËnïýæ ‚ýÙ ¶ß3ÃþPÐâîê °9à<Õ†x>¤°ýÏTæùωüø?"ðDÞÿ¸×è¿âÿíyþ;µ²—««6Ðía
+º]}ÿMàßAû_|‡Õ<›"çîø 7?ï_f0\ì²×{Ú9€®{öÇnän‚¹‚ÝAÚþÙÖ‡ ^Þ¿a†N`;÷ß"ýÜíÿ^þƒ\Š*oªf¦ ÊùïnØ?žº“àiè þ+±ÄþŸ‹ß<òò€·0€›_@ ""åã ø7ÿÐðýk­ô„}
+`¼Äq²A˜ºsÖ‘­xEö¶ÒÇ¥ŠL²­å¹šÜ+šö¯%°üÁÖ’&jÓò7àÏ¿Z3‹†‹²Ÿ6V"ˆI…ÉáÚE$©×1Íxꇶ.…Q¿ªïôa§ÉÜ”Ï
+Êl4¦?cßpèNlùé6˜@t+o…¦å¶€cÀ/w2=MÂ%K‘­õõüûv ‘òO®¢/Òµ¬‘Iõݾ[ ŸpÁ“ë'oÞÎ|ÅF?éÅ&ÞÃg¥;[ö¿Œ¾°ÀPãûŒù1÷|äþ=³´-‹•H æQk&tìã$<>ÏhݦY«†)ÛùÎÇ¿Ñ5ž‡éÛYlÅž»JL‘úÓ†x,LˆÑ¨ÍŽ¬Ø—)HEhP|pë _$[äë"6*!¶(•´£\ªOÈM«®ÚÈùnÙ
+gšs»~“©¹€8Æ஺|ÿHf!Í)/Üü¨/ÒÀq ?.-0Hbl^{g¶©7Œ%ää)£Kýg!ns*ÃÜ kØq©m8Ò$9 »4 ñžÎâ–””\$=2¤`R©2~Ûœ£U1xÚAäaR|]…¥‚U:Õ2Á±E›í^´JÕÈËrí4õ»I}\¬F†R´”‹c8°¬%ã„ž¬ûžcT»;±&±R_¦´‹{½9ƒó(¥œg“>¶&Ä®J8?´² ”?~¼Î5‹ ,ñï­)¬%O­\'»ÙÏîð£[®H$¦è¸B§¾ˆþ
+y¿Ÿ-@ë‘¿\Ÿ
+-*K ™Z7âÀrK!ËPѸ‰„œ="Rù‰aÉû6ì–4EFƒh˜ˆ{K
+Ð_®PÔâ÷fnJÖ1€nwËà8DÑ!¨tÎŽÊa›/ÎCZŸF4òŽïN^‚+Ùœ“&Lým¨/”lÏ=L:;ªÅ›Ó_}ƒÛ”÷|RÀk±i8Øôÿü¶O¶aEÏÑÕRLÞG!¹¶[±w2…w o¿Ž1Ÿ|ž°ª@u.Rô¦çÖm­Æ¬[؇¬”Ǿ
+‚×ñœE¼™
+§K€v”keÀ}Ât—/XÕäIöT†h;æX'zªPsFÿÁI݈¹ÿ«ô™u~Ò5Ú·hGåÉæ­ÅœÐ3›)áaÂéÝ•䶹ýAÚ© ‰yâm)ÕÇÙµÕú¯.›¾›þH¸Ê >ª™‚¡;]j™è™4k`3xvwmoíø6¼»Ð£Œ á´
+_3š>k§( /ƒ Y_²Z^åldÄŽ*7.„•á·ØV‹7fÉðýù½Æ´ºÌ×”È\b}]àÞå‚`Ú(·šøÁº!øصßBl&4sÊä‹l Ûø3c¾¡aEe¿•Æ€À¡ÐmAlwx¢“Oc+u5Â!tí”q¡ü3
+GÒDh&Mr/7m“ç(þŸò!KÏ9ʬ/ï0Wš¶g”›­âêçh:U£;ÓòÚË­t玿Mžr¬ 7ð}¿`[)–óuéxµÈ?sÐ<Ž?Æ{6\+SEã9>öĹº]Æã/3ú¨“hƒ‰Æ*Ûg6_“¾M@Îdøì£[„M™Íõ±¼ûמê(òs§cÝç…åÃgùï¿ZŸ^ü”øÔõ6ö¦'Ö¤í&¼ø\¾l÷ùÙ;wÒÃ9³N2ÆÑv;ÉìÑ©„5WÊú’=µÏ¢ªF0€[ï ¨S \=ú&‹â©GW¦$¾%“W/'ù°2î7¡É¦/GBÏ'8± z ˆÑÞ8·3û{hÌà¦Möa
+¾Þ¦>lÜ<íYá¥GX.Ùœ€ë­{Ã/>êM¤/¸™§tãº?¦M\'o-dW£ð«VÆ…n¯*i–\fýF}Ò
+¤e+GÖë¯:§Ô!© [aR 9fdƒh#!æ±r•9üBr^f›äÙbtŒ=§°LPAÕlGQâtR´æ‰-2ù6‰0£“˜o0¢Ä¨„Ý¢Ü$8¾´û‘ÚI„•Â.ÛÌA5GÜU°À‘ÇkÅ‚žD4W¼ù®ph3lƒ‹œd걶r6äOÅK:ò*¼ÀÆåŽ;t“C<¸b@'Àà‹6»hàOú‰åìB냺a2Q·1Þ·ƒ”ˆ"1Ìú¬Èx¨(×Ç›‹Ôý]ò`obG´Çã=>Zy4Ÿìíæ)Û±ŒÆø8“ªÓÊgç“GeîÊ‚ Š?60ô=!Ò[ž‰Â„‹“rÔä¼XqV¢ä÷tv^dŸ:¨*{ ¿®ÍN B~}ÌNÀ;)I¬Nƒc0Q8_1–úã5¿: ©—iɃŽvB8FPv¢P/w<‡¼ÿ¥²Ê³öL–dþ‚Š¥Žò/Ž„zÛ^_µ°òt® úØîR½šöß÷3lFÑcÐÎ1”ƒ7F&wI—çtÌpCÐ&&ó­ùê Ó\ZŒ˜¬íÏ–Í]j‰»hhö=d–ë ¶…^q–º§‰ªU-¿“bì#yàà¥õbm>6¸äåýl‚}ߪCij¾NéY?×qú‹{¡-ªxîy˜KHÅ-x¡!Åw`-(ý#"£7Ã?õDS©º8½l3BaËì0
+^²íöû´÷[¤Ñ¼4ºˆ×ÑǼ­ý{|7l)[HoïMBuŒ{U´\:_é3sPþÚMÀu '1šJu®% ¹"|¡Xg‹%ZoW¹Nͪk+Ðy&DÂ%é–¶ì»ÝÌ×—oÂœ+Ø*åR6º²>ò³ëÅe]F°® ¡OÕ“’Q¼½ÿ
+î_ðQñľ¢õï¦ÒlÔ&
+ò¢NMõ'ŸÜªÒôÂÃúIIBrcv—¹-BO¹8.©Ó¦.ß^šO·ä¬¯aæ0\û¸M#]ÊiYûFÚ½·ÍÌú<µ¾=vùΞ”^dƒ%1.HEwœ˜rÏ éc-«xTÐ]Å712û¥y‡â4 ïßÇ>žG`˜¨_›¶s¸6­ö S„.á`?bE=}Î/=M³‹¦¿€Jÿªî9ÆäœÀƒ ¦âÂ苉{Ñ#EÝÖ÷àmù–ñ=]fï+±"ÿ–CúZµ«†åÝÇTªØȉG=ÉfÕÓNk¼ó3Ùx¢fÛû?ÆK£ÇœÙhÉÝ”‚°¾¿ºÑ³–Š1$à`²ÍnUh+jXwqæF0ˆ¼›²–'·½LÐts:)x¤oV뀢
+Ìg÷¸²¶_-j۽̆¦g•d=‹?zAØ36}\’Šµ5»T7“;’Á£Š*½|Ní½–†à ò-jSYÓYxxéš‹îûKI”쯙wOkÏ…ºÕtÐL¬.8r‚¶åIj•Œ·ƒ“7’¥÷ËÙÕ˜™ ÃÈÀ§ì²¶`¼1pÜ
+ÞÏ!Úì:Ý€É!íýŒœ;–ïÙvŒµ ‡J‚•¨ûBkŽ‹8Ö(HÛp šú”¡î³2e^›‚;û˜ä1ƒBwmC³'?EbáýJ•@:“¸?þ7¹–äfz—¬zk&Û—Eòìx‡ŸHWßuJ6̸m~_Å•×ô_À‡²“ÐX£ùOÚ¾Az2Æç,~Õr‹m•A54J "å’\ÜZL½eÆ𸭡ðíØh(¤*9»Ïë”ߪ8gµ½£GzçäHtèÛJñH¯/X¤ÐPk‹ãÉ žms•ò·²—WÚ :A—¦©f]´ô¿-Tg›bEÉÓÔ6Š9Q4´^T>– iæ‰*S¹xŸõêÃ×ëØ*6>h ðôm˜ÎèÓÏñ²u;?ÍÕmæ“‚]¸*ýƵ.KfŠC¦ÇDª°ȶ “f½A·2Ÿo‡ÈM«HÔš v-5
+¹:±»Z—‚~~™
+Vœ^&4/Kè%aØ
+Sq°ž:ä…Ï ¥ÙŸ¿m<±ü§8’ÖXl—qeØûv)
+‰uµâ>¬\&rêƒ_À&ÈŒ-Çœ[ƒJ°?LM+bKÒ-¬¹àn²jò 㶊°Òr,Å|²SneóS›œ{ dàðTÂ)h¦Å~$\f<JëY£¿‘cpxož&œCÜO—¥+°·uÌü ?…,ØÒrLóJç—e.AŠ¦˜Ð²Í#õ½½þ~…{v<ŽºÏSó»c½ì>5¯„2Z^òz4³8¿
+ŠúÔ¥”Ù‚{èL¹™BòR²¾Zû%‰íMð ‰éG\ÕÈ„ó¬¬F^Ú§[„ºIö”ÂËj)4€q'VãM·çnó]oß%SXèü M¼•– ¦·8Þ‹DÝ4V§…q6ubhM1(n^ò\˜ñaB'3¥ºš9q³C0S:’bÐL¼‘é¡‚3¨­Ø¯‰OϯvxµU2Òê_ÜéÇݲ×õ=±H•”C[÷?˜rÀ(w:‹ÀML˜“´rQ•Ú48lE¨éÃjhò‰l_ÓÓaÔÕÒÇl¶z£¨Š f æ¢Yì% ˆøwÝ ‡Zñ“W§¬éj§‹A².1ƒ:îÎÂ/úK_.C…²ðÜß‘…ìg\úš¬Ž]´«‹M#·
+FÞ*L¾q]j ™¡_"ÁHGÖF)ÜjJûÁj¡myð¹êŒ^BÓ{Æ WÑp£Â¿fÝå\­>XZòÉ)wŠÕµúÏþgê ªÐ'_”.­?˜¡{`ã%g'¼Þ”)–y¡ù ñ„ˈªõÛÏ¡Ù^5åuÚ“˜GrMÄ2Ðk¬ªa©¹²”f/®æ\r®¢5œÉ_ñÚ:µ-NØ<;§ÕºŽNqDëmO&É‘Œ
+{æô¡ÌÝxÈG¤¸ki•zÁ;þª ]…þ_QËâO—Ž
+>ë"Gçe6#‡ºö~š!&š½v tVaî”&@µNóÐìyÜ8öë’ê‡û Îk1[°è©s4×2·=‡÷_j.b¹G>ÞÒ»ô´¿õWHP€DFàÐGuðP£v=M)žî_yNwë¯'tXC:f–sÑ”Ü,þÕçðe"J’·x[W½(äƒ íÉÅÜLTG;ó…ƒùÂMŽqIÖÆÜà[¡ó ÿ¡
+ŒS0hn¡5ë—©}äÝ_ÏZÝAÝuK0yŠ‚º†¿«Âî:ÙürbèÍ+Ù¬lÓ“W~¤áR7vŒ6ÿAï9ÑØÎf$Á”0ƒ$’£9Ž R´í1Ø{2î>–+¿ÇEU›‰@Ñ5%a…úÉ5
+Q˜yöð-û—0<$œ_vx.46ºGÙ-Ü,wèð/To³='m›4j–ýÕ2|¿’×N«Zša¿-dÙéоپ†S~ßÑM |g
+ñ5ñ¶<vObÄ¥\С'ìMôBò;z‰Ç†6—
+e!te>oP]}ÌyJMÑÁâA˜ŽYé櫱d~…Yï=¶’®Zý⛃b Ïô‡4þw=SÛÅ’ÓoL¢ó(¤‰·»ªâ~h(dMösGxœrëÙßXUð¼6 Ö¢2ì!´‚66µŠ’Ó}ÙYÉèž™‹»Wûô‰ÓguÔ£õ€ÐÇæ ¬µ1"íÀ€d´ÊF¯3 fþåð Å``T ‰•Z»7ÝùÉPx³CÚBîª>^û²Päñ ô›!$ûÄñµtëÈ3X™þs£luB†MÏìè,„<<|ŒÁ½¿1ð‹”qè¯à[ŽèYj‰ägcÍ°$8dW_SS†y×leðú®gÕ—øL`¾ÒípŸ)+8Ó>ášå#™nà'aå[zÆÔ\€ñ3ÿ~è{Ó…cœC%ÎIžc½-ãÐÒPtâ샽C?Cúy-Ö&(QhO¥áÒ7&tŽA
+Ìã½çëD|†ÝÆl]HÓ!:±Ëõm’tnÒsªFÇÆ©WCp6«#•…Ù!7Ÿ¾p4‰ìU¯HtçS6h¾§.p¶ÉWEI‰›>9ß
+F®5úþÙkàIÃË÷¨D¨vuQ æ+T×7.ªþôY´œmm»BüÒ 3Øõ4_Á˜ºE:ãº\üýUuyŽÃd¨KŽçÛ®ÏÞ|FÉøŽðÖg<{2†{ŠÚ¢ñ-*ûNî¹1ªÄç÷òðbÂ%.þê]¯v.~a;줫Í Ô*Aèn>– ¿…Hï«hÂk‡ûïG0^v1qËÇ%V©ò(ñH$gì ±ù»Õ41=Gã]RÅÂð|ìã姰֣O§Ë<×ð³B¬™‚qšÎoÌ[ùëQ©¶BYHUOf¡¦k™§äÇÜÉ£ãØD§®Va§9¢w*V¹ç¬FdßDÏT¨Ó‹lİdõ„Þnêôk¸ìçn¿
+­r
+îa f^õ6¾%ÍÙùõ…³,ìe82OZÂé36ÅúcÞó´Îê’÷JsÛÕú!²ÕriÑ;Mæ$qÙÊ dñ­Df¯Döb
+Ç·ì™eB˜|Øò„ùûárJ¾áZù ÚOz0$b/Hõ¢¼ÄxA(ŽÉψbŸnYEýüªþĽíœtA@ÃdW6ñ‡LÖþ¼ó†Þ+b‰ÄthˆÁžHk×se7% í “ 2e3xäÓÔÈ$?“æƒÅKã׺·Ã!‚8Î)ƒ
+¾˜»ix½'/F¦—Ÿ}ÊH’A¶$p cê £±«‹X\¼DB˜u4c*HÝ}¼YRkÍgƒ˜#A)“®Á¦ÅÅßyÿ—œÿOðÿ+ó„¸a.8ÿ\,¦âendstream
endobj
-714 0 obj <<
+718 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 45
/LastChar 122
-/Widths 1327 0 R
-/BaseFont /GOVIVN+NimbusMonL-ReguObli
-/FontDescriptor 712 0 R
+/Widths 1332 0 R
+/BaseFont /BYIZCH+NimbusMonL-ReguObli
+/FontDescriptor 716 0 R
>> endobj
-712 0 obj <<
+716 0 obj <<
/Ascent 625
/CapHeight 557
/Descent -147
-/FontName /GOVIVN+NimbusMonL-ReguObli
+/FontName /BYIZCH+NimbusMonL-ReguObli
/ItalicAngle -12
/StemV 43
/XHeight 426
/FontBBox [-61 -237 774 811]
/Flags 4
/CharSet (/hyphen/a/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/x/y/z)
-/FontFile 713 0 R
+/FontFile 717 0 R
>> endobj
-1327 0 obj
+1332 0 obj
[600 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 600 0 600 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 0 600 600 600 ]
endobj
-641 0 obj <<
+645 0 obj <<
/Length1 1630
/Length2 15731
/Length3 532
@@ -5459,7 +5483,7 @@ endobj
stream
xÚí¹UT¤]“%Œ»kቻ;îîîNâZ¸»»;…»»»;…»Z¸ÃÔûõt÷¬ž¹šé«ýy“ω±#Nì8çY¹’œXQ…^ÈÔÞØLÜÞÎ…ž™‰ ¦¬¡hdccd
´—¥W¶·5ü5³Ã‘“‹8™¹
-rp²ÿëaûûK¦hïìâlâtpüͪ(*þouºX¹ü“ÛøØ›ÿõ4µ7qýgKÿÂþÒüE]Œ€vÎ
+rp²ÿëaûûK¦hïìâlâtpüͪ(*þouºX¹ü“ÛøØ›ÿõ4µ7qýgKÿÂþÒüE]Œ€vÎ
±ªVõ¶ý^Nc_ñõiܬ槕Q¿ÑŠÔ+«ñïPYŸÌôZ#Ûõ½¼6SºßS7Cç0ÂþD¶X>ªO¯Æ¶aÕl¾JüÁøÒŠuwßùöüh¨ÁŽ7n- ª}»›ËÏì¯ò[ùwµ gïèÕËä‡× †¸ºŽïÛ­IZR » ˜Yâu#1¯› t,’‹¤×CMMW•M¬îÓ–$IÁ]•Ð}}™ß×(+X{—üÓHï=s]Ô½í<›Øáb57U‘Ct¸¹# ¹@ ²KCúFúØì¸5Ö0ë
ƒŽÊ©ˆtÝÊNõ‹æíùu§TþÝ4F¯ä‚™ϸý§:Ù0Ìîz2.‡8Á¤¥"ð@b¹ð:Í(o`Ô¿kM.Z’#ï£2GYŠnplwÌÙm݆øf[8³")Ý-Ì>ØÐÀ"¤¹ú,ï6çš#±VEÿú4Í ÙTÙ ƒ˜êççX}×¹F; yh ȱ½ýx˜!:Á<œ?-p©yó>sd³aEG2 ‰iħØä¢_,Ì:ý¡ÒI“
È ú€èç“.ª¡Ü^ó!Ozü(~”@½ð¤Ê¨JïŽ ÷(ù)I¡É’!Ë[í¿7O’0 ™(Öê/Êó#?ŸòtssÕï“wÏgWWÂù;í
@@ -5531,35 +5555,35 @@ PпÜ ¼ST
ªjDÒG@œ=ù¢0Vþ23qð8@R‚¢Sx†€ÀˆQšk>Ö˜IÛ»åÆnÕ@ Šœ+7ƒ¥ #xA&
V°î2»“u=œÕÏ"¨¡ ¥}ŨRpÔG0Ò|Ëÿ°Á÷v¯×ã#Ði¹j3ÍTâè(3Z÷†]ö‰6$áHý.ù2rä"Šñ.Q}Œ[ô(~áa¼ô|·g7LÜëèi GÕzBƒ¤ìò°ôÉy,<ri5¢Ó<øQ°–"ß@X1páJ9¥œÜ{5ÖXOù!Òâ™DŒŸ-ƒÞÒ{ßî|¥Þ‹|õÈ”…;°ßUÃF rEþ÷÷>£–¢€%ÝÞû.îcäG3*Ùºr¢ê.ûÝS²Z°¶¯Üi𥰛‰àò"ë8׊Ê[¬oœæiªÈtB!N²Ma3_#”Ö‘3?z25Q«û%Tb÷‹ºðƒS‰\ ”Ë`DðÌø¹Õ"†Ò»K$šù‘ W»P-$Ô"taâ5í.§œi"2a îÎEg|鞢³‹O-,Œ'²Æ¤ùp|’Ì”‹Ò7rž´­‘€µ‘‹Üä!ðvƒŸÖß0ÕBöy\åqýXkÊ€XƒÆ;my»”(~aŸ›{á|±ob’ØÏÖ­Ùxœ=†¤…` Ö罦(h ö˜85]‰„C¬…ù×UÎu×ÞÃ4
 ?0
-tâï¯tãq·˜þ?pÿ?Áÿ'LlÌŒœ\ìmœ¬áþ‰Îendstream
+tâï¯tãq·˜þ?pÿ?Áÿ'LlÌŒœ\ìmœ¬áþöJ®endstream
endobj
-642 0 obj <<
+646 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 40
/LastChar 90
-/Widths 1328 0 R
-/BaseFont /RFOZXE+URWPalladioL-Roma-Slant_167
-/FontDescriptor 640 0 R
+/Widths 1333 0 R
+/BaseFont /QBHJJO+URWPalladioL-Roma-Slant_167
+/FontDescriptor 644 0 R
>> endobj
-640 0 obj <<
+644 0 obj <<
/Ascent 715
/CapHeight 680
/Descent -282
-/FontName /RFOZXE+URWPalladioL-Roma-Slant_167
+/FontName /QBHJJO+URWPalladioL-Roma-Slant_167
/ItalicAngle -9
/StemV 84
/XHeight 469
/FontBBox [-166 -283 1021 943]
/Flags 4
/CharSet (/parenleft/parenright/period/one/two/three/four/five/six/seven/eight/nine/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/X/Y/Z)
-/FontFile 641 0 R
+/FontFile 645 0 R
>> endobj
-1328 0 obj
+1333 0 obj
[333 333 0 0 0 0 250 0 0 500 500 500 500 500 500 500 500 500 0 0 0 0 0 0 0 778 611 709 774 611 556 763 832 337 0 726 611 946 831 786 604 786 668 525 613 778 722 0 667 667 667 ]
endobj
-634 0 obj <<
+638 0 obj <<
/Length1 1606
/Length2 15571
/Length3 532
@@ -5568,7 +5592,7 @@ endobj
>>
stream
xÚí´cpæ_·-[;OlÛ¶mÛ¶mÛ¶m³cÛIÇf'é$·ÿï{öÙ§ö=ŸÎÙŸnݧê©úM¬1Çœc®EJ¨ L+hbod*foçBËHÇÀ³´5ru–µ·“¡²·1üu²Â’
-;™ºXÚÛ‰º˜rÔMM
+;™ºXÚÛ‰º˜rÔMM
@%yq@ð3NoŠGëAjBn(¾¸$K>{}!ù9>6Ú>xŒCMÊíOà˜‡Ã¯¥ZíIµr’59mƒ.pÉ`Þ?&Éñ„ζÁÁ½S=æî{ƒñp&§ ;n¯8Fèzeíä4˜¼0€=’Ô}ØbFÖKøPÛý‰*ž|ë*u¡»ÉŒtÆëQg¶Ú0+é›;X ì3|ú˳_~
¹Í4“Ü'c¤@t¨OŽ4!õ¹ÈƉ}dX~«;OÖôZUžé•‘»œ†–óŒ“S#a,ì×sæyó`~esx¿L»UŸ/³Ì²£@M¦Zrª§ ºýðŠ1áÛÓ'Lš‰8®ÏŒë’ºðFÿŒxÙµÉ3F9ÄÌ"Ù– ÄÍ¡” š(-«Ç9ñI,jÚ8:‰?±…]˜Ÿšcì=áJ-10Zˆ˜á°È"™5aŠœ¸ÈŽY×`ã¶(A'F(o(kI Õ¿O›yælàTŒJö?Ó ‹6òc€÷܃떡Í|fÅ1Ú!a¹P»á´&ä Žt¹” Œ~CIôÖìqoÔcpÞ£b XY¤שŽ'D쓯íð„nëó ÝN”Îë·>ÙK_ï%…‡Œ±™‘¸¯";ÀFßQpÈ“•"¨ÕŒFGáÑu|°¤ξ,~å/_%Ûè I öUøÁ2!Äü$|Æ#ö½2Óë{ZöãC^|´l´YAßúëSE¿Xü䨺®B³jötâ*‰õdȇ÷ùÔc>,üæ)7º`Ì'Žª°sSíû.rœ.ßË»"9ÉÊ­ñòw̆d”%1w Ü-®D*’Ëo¦lS‡µ;|‹:û7ê3ýOE|m²UúU?¾ÒMÑr(!¥-€Ùü³´ü»åš„¸»ßò}"‘ŠL _‡°‘Fô¨—†…óOUØ?4o#›d(Ðù“ªdR'õÓåôëQjœtD5tS¿¡Ççà|¤v¾eW¥Ó-œž³ûKDñA ¾îúlÙ.ÎdÀ| ‰çZºøªRG¥8LÎj9eN»ÂðeðóÚ·¬ªçc“K<:…
1±€ÈÔhC 'zšŸõR##¢á݃×nXxþ»\p„ ¢Y5¸g þ*iê¿HfròÿLìlÄDÁ}ë«°>î$âà5`瀙¨B:úü©Ï\d½GÓã•OVçy»žˆâŒq¿13’…‘ƒË+”/ÓUYÐ!©«Ù7G’J‰Š’µ/µ‹E[½u=èšãwlâ/ZDvØ×+‡¬Uõ8× ðòÊNx7RÕºÉ`¾µ™XÌT˹j#R“ÛGt/ eÊKÎõÊí.U;’ÊÌi½ÚT19òŸJ*|ÌŽ{ë
@@ -5628,35 +5652,35 @@ wK–‡É‡ðWçŒÈ°ÃY.YR¤þõúXyÑ9}÷7
é&È×EGÐ×¼ÌþáEÖöyä^ÜãY;.O4³BVÀ_â¤*ðú®-IP S¯Õï|œúš¢žÙ£D•IšTUÔ4ÐùŒ†âÅjá’g¼ŠPÓÎyÜ"ïš…(ð
µx Fäüñ²fL6ë·:Ùºù$ ˆ©ŠIi´Nl@“'ÉYPÁìpW“Š)È%çäéÄX«w”£—û­¾[œlÌg.~ɰر;+»/yäáEèY7)5’Ùäs+¹š”ëÍÊ·"õâ,ëgßáNÊšŒ8¸iƒC1ºÁÊX×!êïŠ&‰!-ýå÷ÓbH³ÚSÂDÔíT"2'ŽXêEñ=ísk-*iæú7eÚÊ>«DÁwOmJ96!>bˆ,Ïä‡?¸Y7š“'»
õqå$J*ˆ×èã3²û…s-dÞ,ªUÄrÿ£øc-þ—n,ì ýXêŸ]90ÜÎ+â1éW,‹Òç©"={LSœý©ÙDY$ šHʾ&Œ9êe+Ð툂4wP$öXyßÝ›@4}{¡+/@Œ÷Ðþ È
-•”P'DÔ$*) Â|%“<ð +ÐVƒ–8'A^PD ÿ—?˜ÿàÿ
+•”P'DÔ$*) Â|%“<ð +ÐVƒ–8'A^PD ÿ—?˜ÿàÿ
endobj
-635 0 obj <<
+639 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 34
/LastChar 125
-/Widths 1329 0 R
-/BaseFont /EVBJGP+NimbusMonL-Bold
-/FontDescriptor 633 0 R
+/Widths 1334 0 R
+/BaseFont /XPNGRD+NimbusMonL-Bold
+/FontDescriptor 637 0 R
>> endobj
-633 0 obj <<
+637 0 obj <<
/Ascent 624
/CapHeight 552
/Descent -126
-/FontName /EVBJGP+NimbusMonL-Bold
+/FontName /XPNGRD+NimbusMonL-Bold
/ItalicAngle 0
/StemV 101
/XHeight 439
/FontBBox [-43 -278 681 871]
/Flags 4
/CharSet (/quotedbl/plus/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/semicolon/A/B/D/E/F/G/H/K/M/N/O/S/T/W/Z/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/braceright)
-/FontFile 634 0 R
+/FontFile 638 0 R
>> endobj
-1329 0 obj
+1334 0 obj
[600 0 0 0 0 0 0 0 0 600 0 600 600 600 600 600 600 600 600 600 600 600 600 0 0 600 0 0 0 0 0 600 600 0 600 600 600 600 600 0 0 600 0 600 600 600 0 0 0 600 600 0 0 600 0 0 600 600 0 600 0 0 0 600 600 600 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 ]
endobj
-631 0 obj <<
+635 0 obj <<
/Length1 1612
/Length2 18107
/Length3 532
@@ -5665,7 +5689,7 @@ endobj
>>
stream
xÚ¬·ct¦]Ó-štØ1:ÖÛêضíÜqrÇ6:¶ŽÑÛ¶m£c[§Ÿ÷Ý{{¼gŸ?û|?®1®UUkÖ¬šµÖ‹œXQ…^Èd Ù9Ó330qä-m]œä@v²ôÊ@sÀ_#;9¹ˆ#ÐÈÙd'jä äh
-´ÙÛíœÿBü_oTÎ@€™¥  ¢ ¨%%/ ’WH
+´ÙÛíœÿBü_oTÎ@€™¥  ¢ ¨%%/ ’WH
®;-¸9"LOlñøþ¤(™è›‹¿üfg†"©jĮތòBô€Úbš ‹©Jÿøq²9ˆ³<®aÁGL…žýÍ1¢€’tgÆ€æéŠdªjÍ!b‚è`{*³Ñ>vçîóƒË|û·UBtOrÀ'v‡”ѳªã8~»%¼È&#Xúå9VÔÅn ͉ $xܹ†ÌK+t†õÆ”S39 h–‚Ñ_0t.Äý×®)Vü6]æ‘£ô)—ô Ú¶‡QU<ñQ`ÛfyÜd!ÄI{—9Í°Êz=,_*#”„-wS¨F‘ýþj‰Á#i‹³g¾}Õ.bê%aòàáøˆ¥3Òä°UI«QÕ>›‹¼µÚê©u?ïA°¤†æ6'¡wd^χö%c?E!Osõ±ëÍ“F€àí Á¹¬ +ËÐÝSa[?ò‹LdH²'Ä™ÊÔË(*¯¿ãÄ^ǹ„æ–1©´±ó¾¬þ²;l… !j_lŒ‰ƒBQÖ©k‘7s|Éõ«:¢­…eá0O ÙËÛôOfC–ôBÙßÕÐÒe/ÅO?žRà²ÜÇ®¸¢u¾,ùÊ«.ì4ð”’áâ·×6ŠmãT*´Õs Óî”ì
³@bSiyäÚK`G¡á›ÿ Agýª¬×‘ Íàì1 ÜSW©Îƒóy l3>ÛúŒ#ž Þë˜øw3Ëȱ¬@"%ÓZÏ æ&k]}Ö­¦Ç4¶ò´!oaQ™ý\–«Wløeû ð–§j&!”Eö¼
e˜žPŠ†ºTŽ”oRÈJt¿¿˜òä:7iûCì~7„D|?·
@@ -5730,35 +5754,35 @@ Bc 0¶Ï‘±Ç¸T÷sÒþÑÔq†ª´˜öߣèéPf> Ã5·<)L†Ùl_Úºjn&ý”CŒ×„m.ô²ü
ŒnÂïqÝ“äZÆM"%3wöšžk×éÔ´—~«û>W–ûÄÇbèþ!ÿ¾@¾Þ§.8pO§’]éDÜÄùû/ÏÇ­ƒzöb7žpÜü¶ny"KÌD¶<£1#3—±òðó€Ô5ï©ø¸2@Jh(C¨ô,ð0¨ŒK 
O\‰Ù)¬U°Î®ø+²d€,…•ÅáxÝ2mïË¿¯5Äž&‘=+3–ˆõn&•çV8h·~êåwŸÚ²ÿˆTÖÿþϨLÚ~
üù %:à`¨_¿.77•‘CÉÒâÐ_™í¡Ðà04~39jbÑ®ü›&Fï©°ío®GãV&mdRç–Èë
-H?›qtÄ'Ê—¸õ7RïàýZ$?¤FÝîc?e IŸöãõ}unw°¿ìpd3<ŽéæË\ðþLøkÝ|hÛð‡œ}26šËèm’¤¹Cíê®—ìõª³¸µ¨Ã;á]Ëý@ˇ^¼ÌÒûNÕ—ª#]c—ø¿(
+H?›qtÄ'Ê—¸õ7RïàýZ$?¤FÝîc?e IŸöãõ}unw°¿ìpd3<ŽéæË\ðþLøkÝ|hÛð‡œ}26šËèm’¤¹Cíê®—ìõª³¸µ¨Ã;á]Ëý@ˇ^¼ÌÒûNÕ—ª#]c—ø¿(
endobj
-632 0 obj <<
+636 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 33
/LastChar 125
-/Widths 1330 0 R
-/BaseFont /YIVQGJ+NimbusMonL-Regu
-/FontDescriptor 630 0 R
+/Widths 1335 0 R
+/BaseFont /OPCZXK+NimbusMonL-Regu
+/FontDescriptor 634 0 R
>> endobj
-630 0 obj <<
+634 0 obj <<
/Ascent 625
/CapHeight 557
/Descent -147
-/FontName /YIVQGJ+NimbusMonL-Regu
+/FontName /OPCZXK+NimbusMonL-Regu
/ItalicAngle 0
/StemV 41
/XHeight 426
/FontBBox [-12 -237 650 811]
/Flags 4
/CharSet (/exclam/quotedbl/numbersign/dollar/percent/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/at/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/R/S/T/U/V/W/X/Y/Z/bracketleft/bracketright/underscore/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright)
-/FontFile 631 0 R
+/FontFile 635 0 R
>> endobj
-1330 0 obj
+1335 0 obj
[600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 0 600 0 0 600 600 600 600 600 600 600 600 600 600 0 600 600 600 600 600 600 0 600 600 600 600 600 600 600 600 600 600 0 600 0 600 0 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 ]
endobj
-625 0 obj <<
+629 0 obj <<
/Length1 1620
/Length2 19156
/Length3 532
@@ -5768,7 +5792,7 @@ endobj
stream
xÚ¬zSx¥]·eœTlcÇv%©Ø¶íìضmÛ¨Šm£b£bÛ6»¾ÿïÓ§ŸÓ}Õ}.ö~Þ5Çœcb¬µö¾xɉ”éM쌀bv¶ÎôÌ L\
´¶³·Ú:ÿ¥øTÎæ@€©…5 ,¯ ))' —SˆmŽ›Pp1²¶0ÈXm€Ô
-Ë(gçü7%€êÿMe†ÿ>‘ÿ$þoø¿EÞÿ?qÿ«FÿÛ!þÿ=Ïÿ•ZÌÅÚZÎÐø¯ ÀÜ1
+Ë(gçü7%€êÿMe†ÿ>‘ÿ$þoø¿EÞÿ?qÿ«FÿÛ!þÿ=Ïÿ•ZÌÅÚZÎÐø¯ ÀÜ1
Hk
\P3ÏØ©®â%ª«Q¶°sy1*õŸƒð3›Wž®õ;7 K³y²mÇZÉh\HÐçãîäÑ|Àÿ´_˜D®á!)?¬oöër$q0>°±ÏO„<X)
@@ -5851,215 +5875,221 @@ lÅŸœ$f_dq_“ÉñøC–C'O§_œ„Í¢z™À7Í°5åAƒí`EûKࣃ„>­Ò„rÖ:«Í·ä—ˆ•Ö’"îJìK4åäNÏ
@¤õÃo_U¡;¤¢æªe?Z*½¿ÚOæËͦcZ¢6zÓ*î
€mK1”£»ãß:¹<f:µ¦V.sF»øÎN®õÎîÅEQ‡gŒ‹uà,¥vz­!ìuS,ñš#\¥€ª6KѯAÃIá)è˜SX1ïŒ~†‰<& ;Ã] zÜ)ZP=ëN¾Ðºg¼)Qµ°}¼>Õ˜z_#å *’Ðs,b½“o&‰ð]ÎÎì†Ò¬¦{˜±ãxÂZ©–\å.ÉÉq™5í—]Í_ãÓ~w X~˜½UÖ"bg¬%Ì—ÊÉbÙ¶Õ¾VÂ3a¾$þ—ì!íL;ENLãÖ[µô(ÁzŠþÐÞ :\¦oŽìÿÞÉðdþÌn¤j’Pïn‰“Ì{:}*PDvŸw*[ð@9‚
Ô0a¸­¦û[ßÅräÛ%Ó\qŸž]£÷Àëð|O-FêkÞ‹³€'‰Qö.ÊÂTqëÚĵ¦Îš)RžcÀ¾ôßØDã“V¶¢Ååž5yÔL ùR„wOƒùͳ¬¯ãƲ¹ûx¥óuj2a™ dêMèaÁxö³]&e9õ};ªÄqÜm–íʳì $j´’V¢_yŸ¹6€W 3‚èíRõѹc§EsšN1}œÇ‹”Çžácž!\°­1£,,ᄬ¨\XMÔ›ÖÁ€DÊŸ&ë«~9F=Þ'KJk®
-ÀÝÏói<ÐÿiŒö?A;ªÂendstream
+ÀÝÏói<ÐÿiŒö?!`ª¤endstream
endobj
-626 0 obj <<
+630 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 2
/LastChar 151
-/Widths 1331 0 R
-/BaseFont /NYRYKI+URWPalladioL-Ital
-/FontDescriptor 624 0 R
+/Widths 1336 0 R
+/BaseFont /DANEYW+URWPalladioL-Ital
+/FontDescriptor 628 0 R
>> endobj
-624 0 obj <<
+628 0 obj <<
/Ascent 722
/CapHeight 693
/Descent -261
-/FontName /NYRYKI+URWPalladioL-Ital
+/FontName /DANEYW+URWPalladioL-Ital
/ItalicAngle -9.5
/StemV 78
/XHeight 482
/FontBBox [-170 -305 1010 941]
/Flags 4
/CharSet (/fi/parenleft/parenright/comma/hyphen/period/one/two/three/four/five/six/seven/eight/colon/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/W/X/Z/a/b/c/d/e/f/g/h/i/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/emdash)
-/FontFile 625 0 R
+/FontFile 629 0 R
>> endobj
-1331 0 obj
+1336 0 obj
[528 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 333 0 0 250 333 250 0 0 500 500 500 500 500 500 500 500 0 250 0 0 0 0 0 0 722 611 667 778 611 556 722 778 333 0 667 556 944 778 778 611 778 667 556 611 778 0 944 722 0 667 0 0 0 0 0 0 444 463 407 500 389 278 500 500 278 0 444 278 778 556 444 500 463 389 389 333 556 500 722 500 500 444 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ]
endobj
-615 0 obj <<
+619 0 obj <<
/Length1 862
/Length2 1251
/Length3 532
-/Length 1861
+/Length 1860
/Filter /FlateDecode
>>
stream
xÚíUkTgnõJÀ+Å€€¸
-æ2%(Ë© É„’ L P. (‚€`P¡r¨´RZ/Àåb°¢à©¡ 7‚ V®º¢î
-°ÀL~`Ùˆ °aŽä†`{Á˜“ÿ†©åÍ%|¾$Xh¿˜Ò_xHÀãG¾U ‚0‰FW„ £ÂåR_xÉœ+ÌæIËY¦âóXŽÂ`> @"ÙšºDðDÎ<)Ìöà‰Y\€ñEð" ÙË­`ñ-!íÛí·ÛÇÉêí\Iˆ'ï ƒò{õb ¾¯±”Pžð'Édbﻯ€e›í²6O P¨¶
-³p½ÝË>)$¯:¹"v÷¹ÛßDÒzÑV©îÕlö«Íç±c¼©g=M‚Å¥£ÅÊ+ÇåøP…þ>–ýI]ô²A†[ú—Ó%º®¤•ûeÅS›ˆ=ÞøÈÄ4Ùª×Væ£Ly¸Ï©‚¯•†ô&ôá™o¶líÞצs–­b:×87Ø­½ÞÒë„¥éFZïyÍ7à#wnž¬Ë»¾5qëž Ó/rN3Wp´ƒ¦¡ÙG¸
-VÝèìï«Æ3çÄ2'™iz¹ÁW`9ޮʲy½¬N¯§æŒLÞ§c¬Ù¯ÌŠÒS˜È*Å<ÎiíÙÌô
-
-Î:äÿðÁý¿ÁÿDìê†P1"€ÐPÜ¿
+æ2@ ŠM厊T†dBI& (—
+A@0¨P¹TZ)­`r1±¢à©¡ 7‚ V®º¢î
+ߢÒAÆnú>_«·s]$=!®@´?*ÈïÕ‹5ø¾ÆRB¹ €L$“ALˆ½ï¾—m¶[ÀDX\A@¡ÚŠBQ8ìaˆ®€K
+‚±Ìá?Ad
+†¡æÁì?ÃÖoᥡ¿Çm1BßXÀ ò !gþkpt:"‰!P삽-ö# h ØÙQcÿMÈ£(,-žM,þw5›‹ †%0×Û0’CókR*ãvŸ»ýýG$­mUê^Íÿº¸.+Ö‡zÖË$DT6Z¢¼r\†SèÁt8©‹^6ÈtÏørºT÷•ôâ
+ÿìj3±Ç•”.]õÚÊ|”!‹ð=UøµÒÖŒ><óÍ–­½Ó[âÛtβTôCçšæ»µ×[zŸ°4Ýh×{^sàà ø¨Ç›'ëâó¯ogNܺçÊðÄ ]ÒÍlGíàihö.©PXy8µÞU)ê³æ×zd4Hž§™¦š=“ûTHfÒã c~¿®‰¿“6–Y2󕇮٘~mà¶,ùº’”•°§ÉØÕ¨í¡5çåÆ6+wé'!äAëGê ÚCø¹L}£ÒÜX÷¼
++¬Í3Þõ$:⻆ísð™±Ä}5§>-kiw7èº;îö:g½(ÒrïÐH§¸‰¯ÌJë8ÇÇHøáq›ŽîÛ{Ê&ð?Ð1øö+¯ÀZ\¦äòZ#³uxðصpŠ–©´ËÎÈüKß—Œ•«…¥„¥Æ’hýGÁê]à}ÕxæáÜ8Æ$#]//äj"Œ#'ØW[¶¬—ÖëõÔž‘ÊútŒ5û•ÙÑz
+i•(ˆË>­=›•‘éèîå¿O#þpK~r Gà3µºïyåÓrä̶±M‰c~êÆqù‹Á «)á¸6íbW™ª¡y|±ÑÑf¦PÓ©âÌZCä¶ß û_ØßÅ)JÉáDO¥ýÍôEüà“ß­/%üc94¡ÜÜ›3?âfp¢œóLéQïPSnlBìµ·Kî Ä9¢Òävåª'øÖA‡öÞ§GÄg‰3ñÔÐõ¨^vÐNLä«9®›(¯²ºÃ&ÂrÿY¥˜ȨŸzf‚«z7oÛ5ù±ö¥Bï‘“Û~TS,Åòok÷³‚îO×Øð&Ë÷Y]?ï“°èÎú«_FäÏVSyHûd—p4I¾çÿñ·¡²ÉˆµWoʮʈ.ù„¼ÿf±-UqôÁ¤òZÕõ1qã s)Iy‹r ñt6+ ,ßïÂj(æe•Å£ê榞úùÔ Aá«p订úSÚ<Ê~ê2^é0YU@ûÜgï¯ñTû„Óó_N’Þ$u?ר—KŒÊýèÕ©SÓ¥Zò7›=³Û‡<õ¤sV–tJÍ*ñÞn¿³ßpÛ.öÜùß%ö­kÆýI1ö:Þ!MÎ8Ëužüt§eçkNÁÓc1©²áb:>iMÀ=Õ
+•ú”Q8íž,°rŒX_”~þW÷EÊÔ”ùÈMCך*wøæ3Z|ZØ[7Ûü2ÉBõMVµ§éJã’¾W¥U
endobj
-616 0 obj <<
+620 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1332 0 R
+/Encoding 1337 0 R
/FirstChar 13
/LastChar 110
-/Widths 1333 0 R
-/BaseFont /JEXEVC+CMSY10
-/FontDescriptor 614 0 R
+/Widths 1338 0 R
+/BaseFont /YIEBKV+CMSY10
+/FontDescriptor 618 0 R
>> endobj
-614 0 obj <<
+618 0 obj <<
/Ascent 750
/CapHeight 683
/Descent -194
-/FontName /JEXEVC+CMSY10
+/FontName /YIEBKV+CMSY10
/ItalicAngle -14.035
/StemV 85
/XHeight 431
/FontBBox [-29 -960 1116 775]
/Flags 4
/CharSet (/circlecopyrt/bullet/braceleft/braceright/bar/backslash)
-/FontFile 615 0 R
+/FontFile 619 0 R
>> endobj
-1333 0 obj
+1338 0 obj
[1000 0 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 500 500 0 0 278 0 0 0 500 ]
endobj
-1332 0 obj <<
+1337 0 obj <<
/Type /Encoding
/Differences [ 0 /.notdef 13/circlecopyrt 14/.notdef 15/bullet 16/.notdef 102/braceleft/braceright 104/.notdef 106/bar 107/.notdef 110/backslash 111/.notdef]
>> endobj
-607 0 obj <<
+611 0 obj <<
/Length1 1616
-/Length2 24837
+/Length2 25067
/Length3 532
-/Length 25741
+/Length 25956
/Filter /FlateDecode
>>
stream
-xÚ¬¸c”$Z°%\]¶Í,Ûv—m›Y¶­.Û¶m»»lwÙÕeÛõõ½oÞ¼Yoæ×|ó#×ÊgÇŽØqb­LrbEz!S{c ¸½ =3@MYCÑÈÆÆÈÔÒ^–^ÙÞÖð×ÌKN.â4r±´·5rò
-%É‘÷Q•£,ň;0º3êì¾fC|³%œQ™”îflh`ÒRsšÆ‚w›sÅ‘X§¢uü-Í ÙTÙ ˜ªès´¡ûÌN£Ð2¸iɱ½õx!:Î<”?%x¡yƒMŸ9¼Ñ¸¬#ØÌ4ìÛfÙì¢_"Ì:õ¡ÒE“
-Èüñþ“_º¸–rkÕ—<éñ£äQåÜ‹*£:½'&ܳ´H’B“%C–·&`wŽ$a"Q´-@”Ç-?ŸòxccÅÿ“w×wGW™v™4;ÌRC“  ¨Ž\]“.ü\°ß5_Ë*Ù7†·w¡.r.†把zÙf’9p¥
-d­cu!2?Ü1=ú뛇‹Wûµ·,ÿô‹§…)ÝÐÌŸ$Ê-Æ6†˜þÙÞ¦ÿDÊ|(ØufË«‰4ú]á4Ê®ò\¸†ÑóÆ°íkÑ$i@–WÏ_ÏíÕµB¿„G5µ2c?L?~pÉ÷’¬Ÿ¸¿áQÂl4^”ê[‘^W¢ ú'iM¼¶ˆ€UxìÑ[Ü1­.yM<
-Ó åóÃ2ËÖw`ýM\RôEmg!OÐÒ 4¬¹¿ûWåî}œ/ã _y8™J­rãŒ8…!ŠÜ!†FȆ7´–úÓ[ä]ì[½+ŒxE™ðŒ¢såSv“n¸_¿”ô‘Ü@ÄO~ |
-‚Ê;Õlm=, j¿LDšOùsMŠ ¨¾Ižºà å÷4ë¹™ }Ô‹ÌÐK¸ªÈ/|õ5àš?*ÏüŽP„ˆò‡øNf`ÈzøÄc*m¹Ü4WŒ&©ê¥‚ð[¼"1o8®ã€N>ˆœùU9´Ð˜Þ3q?`¹L¨r]aôòx¸4rÔx ª7Á¯’;ð> w:[êRôæ¾Þ ¬¥ Êwøâ²®½.ü+Õ*6Òâ8vO~‘ºî´ü‹\)šý¨ª±O‘:‡in#@LØžpÖÄÓqÂ×–ÄòÃ~¥5Œ´jñ—'1îú{ßâoÞkžçâa ¶æfˆBž¤ü~Äz4ÓÝå¹ÌŠG¡„Á"\a éõ×m0Ž õ&_t¤ ôuhEÂÜeò+<H280ù¬Ñ–¿ýf"÷Â0½0É™Q
-‘oÕ øÁ¢°œˆÈ×Z[Æä8+'ŽÐzÀMSi.Á·íª‘=/;¡ –ý>vF;³Cþú¾¬¥ pØ<+‘³˜Ù‚âž ÿn‰±ÀæÝP…øUßÂgÓìËy…?08 &š\.Ü„<ƒñ¹¥
-–ò•Ñ«^?­¹­Î/«Â/­O¶ZA¡Ã¡Ï¶X£±°´¤÷sÐQÂs–Õy3)¤dRG}žðBBiBó)Æ-[tÙ!E æuqUC€ž]µL
- [ð< ƒN%’Q}Í9SäÔû44Mô{OyäÓqŠuèK$'¬è»Õówf€Å2©©"“tú¬WÏÁ3 ¢Õúú¾²ª·AÕlÀü
-BÌ“5Á@HžªœŒZeS¾ü3M©'|ù½:# Hã^nJ! ïiÍòŸ0´å†§êž©Ï÷(ïùñ’ªZÛ%£“¦;ԛˢ÷¹}Ë·_¢”â!Ðá{/°àB9¼–ñ¢=ðº3úc>Ö0ü þ-ôm&f8ô”¤
- ôï*$©ëçB¬òFu¥‰g0ÛõêàSúuž¸üŒ@ãѬZ$%£cK²Ž¬ J ¾q>Ò¥Pà‡M—”~ ³l–—ŠÙMcƒ#lBÖæyÿ–ŽEeg?o´LÜLÆ4 d)Š©Q=šÈMðA'/UšÇýmtݱ"K'K— ²#ÿút=¬iÀÌ=²ª³8ƱpÜ™rƦýÈXmÊ‘$ÝÅmÜöC|ÈëxzN$B0q‚"OYø°{g8é”fÄBÚ<»A†m°<5–‰65¡Á!Š¤Šç‡—É“ªÜsM'œ^æR‹ù)½ë”X£ŠÃ*U>f˜rØ §¬Ò^)¤¿ÀϨáêPJË÷àg°Ät›1ìk´ –0û'u_ææðV£çAýÆúëKibÈHùCT´gÌ8þ/Iƶ1äœ{[н‘4)‡Ô®J3¿zŒ´Ri9ž±¬ØùðR^ 
-þ:³þH¶e?™†¯êÔÇ«E«‡>½Æúó%䵊ˆÍQX™­öÝq´¯›0tß ¿°Â!}i
-*ÛâþÓ%º¿y
-üöí;zËßý3=!_7âñQð
-Ë J3Š¥¿”;±MGæk ¨Wïòüªá!è`… û>áÄ<Ùã³HAIŠ~Jb[Wñ&Á†q¨=,M*¡€°`•g«‹pÀ꼆Âœ´†:>ߢ2còþ]Ž’û’+M+~O/ySóBJ.+Îy•GxUiTø}™¢y2œƒºÚkñ„ØqQÆY›.³HX¯ñ¤-*Ie·²Å, ýÊÁødߨS¹hç$CYw
-ªjzF£9$Ù¦‰hâ#–øbwóóÔúU½5»?-lat¢”M…º‘¢a+Rœrœ-‹=ÌH'ô¯ã#Ãù•:V¦Mœ¸h”ãDf¨6™ÇÔû/SL0ÊžŸ»G˜E´iÅì³åÁ— ‰È×µ[oR–u5ÞÒ:w˜‘±óçmH¢"ÝijrР…x§— ¼?&Sœš¾\”
-Z§ Àp?µbt ¬Ûï„Þ
-Ñ Œoà¢Í ã_ø­|ÐÎËd=y¹±ÏD¸ÒÜ~ÀÚæ*†×)¦WÌÔê|¿–G ö“M$ƒÅ$v_ä§×Ù 9Ü×AèŠ'áxÞRq)+W¡æ|Šô™ˆ•ß–QñJd—SùZ‡öÓ ï7Q&…HC*Ðp¶‘]÷MÆ”(ð´ž7<ÿÒGÿÖ4}ºvá1nñX!ñ”•ëJH:¬z—{掌O!|Olúgï"…êÔ2Ki!ÉfÏš3Îmq;²n=Ê7ý—®Š`ê%$Æ“N9~؉îM³]SiCSwkÂðtZzè™QN€Øgg¥Ô þ•}ãñËÄC·`©hwN;²Õ˜?§ÒP—þås»\ç‰Fkëu¡Pëx.„=¦Uà^9§è÷rkaYC!{!2¿ã™š2ÜÒ&3Ê_Çs°“šçÏÛ:m¾ ªš­¹­Öª¤â1MRÞ1o²m
-+ý ö¤ €é»>«]`¤æ-¼ÏOÐ3òUõ®H=ÔèªÃEoEتþ¦?:•ï圩5s–°œªÊMßE(_fVö¼`×»Ð0Ñ:‚º}7“–Gˆýv Üþ@DÒ)¯fõ  ZhV;q0 u–¸ÈO/)érÜzFiŠA¯ç öBKÓÛŸäèq¤¢õ”ZþþñTǯ)I?á & Š_aÒÈý“eNÆ4ŒBpÊúTG@~ÎHT!¦1°5ëXhìíüˆvÒ@µ%_èò×2Œ-Öm>²ÿÚvîY°ÆÕÇ€oî’?<ÉTW¦þg~ƒ«¦ïT-3:5 ãã`–Øò¼ãÉ!5
-âO[uiñX­ÔQÛ†CÙ ‘{Áçk†™çƒo[¦Ý^:—É|+œ3^t…—vœ¢ËE2zö»þ‰Î ‹ ö=I-¯ò‘γºéjãˆaÝãTï ?Û§¥«7ç­,Ÿ»ao¦À(ãM3Úì1Û?GºÝÓ;ˆ+¬ÛÄ?áï”l#mz7ò¨­JÄSÔv£0¸–©š&^÷ªEZíŽË„·~îëÎÕgënÏSKú‰pGdÿšrK€†BWáÀ˜ŒF‡=¤-¨¶!\DÇ37Å¡ó-=›‹;¥¢m¢‚ &í¹„^·°›ûAâ4Â?¢éIΛô¡ûýžå@~Lî2‘ž­o¥RBEߘ7õ–¼ÖkÜ!%=•j‹ª:EìÖÄ•eC·'Ì÷ª&}%ÖyÕajû· Ö!¬ Ó´G—Û¾¤»÷B²Üèܹ:&É œ+5Õ¬†Y È ðüOr:•ãâSzâ-“„ŒIÃ<Yœucb:ç¤/ô–VB«´ÎONó6fÏf6på|ý°æB]™ŒyÝ<èFj2ê¤)&–A^ÖâFè c3{ìˆWïç ¼®¬<7Vêjë7ê²#È\µ¹ŸN¸ >Ã)“)/sQ Î|g·Xd—Q‘4÷ˆkP”1%ßc Åóó÷4¦Çê£Ò¦”4ôŽÆ_§Óô]Ñf1ìÖ¨ê×’]ĨHã8
-AI<4áœà‹n<øéÐÙ,¦ÿ Ä„N!ȼ„z”¤ƒM³Kù^0¡•æQˆÇw%ÛžšØNqR˜Ò:—7(úÁÁÝŸÆ‚ÂëN«(zZ¨,ü#ú±V²?’ó?;„`x ÍëDØÔVí/gÄáŸÁ8FfŽ·Î”e’¸-ÐxFç‘ôBúWƒ¯ñ—([C†~+Uú=Þ5v%¥qY;ƒo¤ÃÄ#¦@Ø]å|›¦œÝÒpG}i|Ý#qÕ¹¿dbû[øY2XUÄ@´i îSù,ÈþZ1GAFŒ'·šng-¥™â&ïðŒË»BˆÔŸ~›¢ak øIYÊÜÞ{$Š>R¾$tžÿëS©>"Æ5*™Ã’/ÓûÆ ÅïŠ,ŠXù
-Í •˜meÙaÖx7Š¾»<æM×c&Ä}Á ŒuËŒßáZ®º…÷ûîpò{Xæ–oÅ×E)¨®ZîÕã—:ž}O5¢
-ÖŒIt§;ØâÖ‡Ï ¾í¦øm±¸'ôSv–»K’tb¯c×–{xU–àݹÔˆQÅñÃmÅÀ,Ýl¹NÝÑ=À
-»T
-¯ÇK_Ê|ÛV@†@¥ãMìJÀá–G2<Bò/wº™—?›=Yº¨,:7 ·ŽÃx µ>ˆRñ·Ý‚WÑ!Iå㾑5¢0”i‚¦ûNNñ;æsè4‚
-­.ßådtÓAõr(õshrÈ’xJ¢=`’ø$?kg4/3ÜŒ(QÊýlµ_kDL`ÖôOÆÐ\OŽ=’ÂâTâJ½_IAôÒüÝ\ÕvvŸ‡\á0à›LêaQk¡ü£Ü(ç·ðÐ
-­G4t“»-8Ìž¸-¬M¼‹Ñ12­S¦ä#¼2jJ^¢Œñ=ÒÖÀëÅ÷?i-ð¹‰|v:´¼CËKIR .½i_ï–ú£´t~^ÚˆÖç{X˜ZMz[œÿ]ECœ FŒ³¨ˆG=2#~Y^‚½Èq} \fh†­ÒˆL.Õ>.sˆÕ¯• aÚÎ1Bs†ü”`½Í›4´Rû¬l!2—6þ=€#E¼þjCðPÖÖÛNyŠT.×{kD¬d<Ü&
-Z\ÊæL£&†8ÏDØS°uc¾ôû2»RŽŠú©Åœ”ñÈŠÓÓbGÑá%-èZö‰0“2…Ü/3§«0y›Ë¹n¾½!¼HÚrš[÷ŒÛɚ߆SºÔ´®ÁÄuª.†|& ׬Ã{½E¼W½†µªê­£­£Uj|YO¢íJÂÞôù|mˆšñÊ$ºW¸oý¼îòëù5ã%E¹"Ä.òíb¶g:jµ'Ÿ$JDŒUyi¨J@PNN·&E¤¨¦‡Û"¢V ¢ôBäɵ„Ù!ŒÄšqÛ7-'¾›ÍG‚g] ™QIÕA©D^Y§DÀ;›cŠ`ZºõÈœHÀ3æK¬ÕNÕðBmäÇêdç$&]!ç²áÁ&/{_F'ŒÙ9ëìÎÀó:F +Ö“Óø¢åöë,¡•¬Îü€–N0ÍŒ%½\Ú8lXjÝÈŸŽ²ˆƒUÁ‰~Õw¾™üY¾\|¿¶$Léêlßöµë{±½†A¹0ùÝ@ZA “Oí°IÞ$؈€D䥩 ÁŒ·Òê&Äè¯ SHÁ†ÎJ¾Æuò,DÊ•r]Œ*ºÀ`½CY.ÿÔH ̵sõ K=ŠVý64®.x‚–qà^“5CÈŠ¨$‡=Új©¾Nl&Ÿ€BŸÒ"gÇú1l·1M-«.£ŠlãÖe–Z1Äï5¥ Êǹ›8$-ǵÉm¿ô²ÅÅvû+gô©ê™&ÏßâÕ-ι!3'ýˆò)¿PŠ€”$•â
-Â_+?씕ðM&¯
-ToûŽ‘EZ—ÆDŠA  /Çac@ZrT."¬<q©[ë´öÌ<@®ÎÓ\1b`2S À
-óqSìt5ĺàÂrnÒ
-óý/5ŽêÚ”Rq²¿íÄö‹Éºf )àÚˆ{wÎGhóÅ+'.‚½ ,4Ï2/Oj
-Ø'š$ˆe8îH¦V]Bx¦>WŽ„‰týÿð`¢c¡ ›Ífn!…Ù?oS ©¼+½÷QŽIÐßuU%øð,~ÿ KÌÅ* ŠÎŠ/²ÉÞ‰±ÈÊŽ^<‘•¿@·Ó¿r+:“ÀQ
-Â6sõÛíÏçî}%7ˆDIŸ9m¶zÚþ
-&´›]AQ²ïµ„5»#Ñ,[y½w–ëw…ëìu"Â!Oé,Ö.¨·––™eÛûqÝ?hÚ…îiyõGÈÌeµ7š#<
-㲇Dïô|¥õÍÛC|±Høìò—0省#O‚âäÎN†ÙœþÛ$¬Ô![EÃÖg  P>ìÀ¯!__ · zåK¥—Áíõ,Þ<ƒ}«ÜƒýÇNÉvδ 5ïÙ¤ÚD+Š‰ëT–eÉé:j!ÚžÊóÚ8(ô+ÜÅÝõWQ«VqT$Ä|
-%ÃJ ƒ.-Ý·kj´äàf®_²ŠìueYJ<\_xZ+¼Ÿ.B”õ]B9‚ï—ÔLè¹8ï÷_Ô‹üûÂßnÓ™27Õs®ì/%}Ú‚<:*¶Ò;°ÌÝxW²¤áÍ)ôÀ8Ó\ú­%WgU´ÏU~„æ¬üumñOý˜;ßòßðofç™–3|tUš-ºz ëömà<j/$½•‘Wâ÷$Œî[Oà…êH¨ùqž9R¡ ÍrÕû=]”~ÕÌ=ô£DPª¾µ8Ù÷=ù0}¶T¢ˆ|íŠæ< ‡é!‹GÚ²6p5 Ã_´rRm‰ð§ñòßïB/^N¶”Ðv°Ùy£;h줆o|e¿4Wå›\b&î6—cÖ~üâ¬+YïzVˆ©:üc“@Sþ®Á$Ëâœã7\Ôƒ‡©î)Ò+·[ªÄ¯¨[àC™”0‚ŒÀ@\n£8ÙhûC¤­b¸×± 8T¬Þ€pJÈý){]€X†oäÃ^ ß¾¹Ëá•^©„Ίœ ¹>߃ˆC”^˜/>šøâ"ãòÍLävª¡Ý¿üUw/Ÿ>žQUöÎNÞ;’báóö/G*Ç…xÓgƒ² Ÿi|”çs5"Ë BÌD{PL¡¹Ú-¸c+ÈdîM0KÐ{îJ*/Ý£
-
-‚¥{•óöþ{k·DcªÕÌ_QH²”æÆ Zõ‰œw.[ÚøRcE2ÞÙˆÕFŒš³¨Lò+1TÙ`pC,ÆŽCEéWYQÙtÿ/¤V„¢B²üácFïß.y;a«OPihc`¯ù¨Œ4 }àqo¾½Ÿ!¯Ê-‡‡˜²ì5Wæ˜ãLiø—çRBlÕýw„N: QÌø½y×aŽ¥{Þ¯–)å+½Ò»³©â Lðç9ÚêzªŠ×gÖ W2dˆé :½ü½E¼RK¡ ôäå”Ê™‹õÒìÌ'%Ðnß&HÁÝ`›¿žù7<ÍmZ½·ç±¥£JĈ•4j0'«¼6 ßá”–ý:ªn`DâþA4ØÙ­Ûˆw¢ÏÛ焺Ê&´ÇÈTEú茴uý±3ÏNÜÉãrÇêçM‰ÓŠ_ÔîZ Ec$q0 ¯bx
-Üò·5bž‘ä×-.bÿ}+ÞkfÈß[mÇŒéü¬ö”È–Œ\ÖÒƒ·eÁIvP•áéA˜e ©ù¹ÇxÐéÝYÙ =¹dò”
-a÷ô¥&<—·¸îfóz1™À>w}œ©ÌÀ2.ƳôkþïêÑd^iÕµõÄØèÂ'ºaÐù\*9.D%sÇÆâSÛª]L(g%Ý.ç‹·'iÃWKè L\ò¼Ì¹õ“ï쯿5©¾êöË~ô2b½·J–ñ
-:2Ÿ–;}ò¨v>
-Îúl–>~í:Úòj§Ï]ÙŒÔiТÝÓ÷œÚÌ£ `¡ÿÊì'ãÖ°wCðצÔÌ©Õ#Ô‰]µÑ^ u×B5Â… K.äYãürONfØ„x¸\ŸM`¿‘®F™3¹7ÉÏ
-ÿ2è7Áx—âÑ;‚üÆ ª%„
-äÏÌq^ANwˆ~Àëi‡¢< 0剹ìR[!‹R5úV/Ö à¯¯ˆý^Á¦’~¡a¡ãÓ€ž3]Ë›qz=’¨‡Ü}˜i] .ŽŽEtzÒ<¡SÛG“bV1š0ÞuSÛ»³>È UÈ{þÌ] êáìö /:5«wxZA¤ç;$µ3ô5]ND7s†
-….`“´á‰d»:°¡yß!èkù”í¹RÕçT§LƒA‹Ê²F›âAŠ fî(z¨° +ž'Üù˜;à“S×®Ü{Žo±Lê.ö© ò ±MßïW
-zª+]_Lš'¹AÀ¤;Ø{Q)°Ã^âæ>Äöù·Ÿh•ëýA<ó/üØÚúÅ!'e’5›¤ªÊû09Ù)fÔÈ&hocRáí¥™ ß¾Ç*Ók R „óÂf½a¦Rè6è–
-ß¼U7ßo׿+t-ã¬+Èí¸Ä–߱Š¤lûxR 6°ü.¬òˆ6Wøß$¤/BávJ6R'¶C1LR«³ò&QÉ%ñ|'˜^EÖº0\¤ÛñÒ©lY@.Yš:Ó\ÜÅ6• J¯Cd»D/Yß8 ûfç\:úܸ,‘rßÎY”A)pÙ<)](ßÊ?ë¸ztéPB•¦íá¤X`²Å7˜ûÚpAu°E4œŽY}=Ñl\œm?úÏõ8ä^ÈÏ%.J¾ùx—ZoËÖHvß5ùL‘T‰¼ÙÄJs3Å/XúýYÇ.º.K*©Å0’+Dc¢Y!ASßx5·§Ë'½Áíg8ŽŠöxHlu¯ýè·ì…Œâªª/æÎõ’âÎë •¼ú‰ÙêQme:î"+4Nb<õâ9›àA’ž'LC!»h•´4}ñ8Ü5Gx–K(Zˆæ’©<ZÉñ®.x9ðï(b:ëÍ/ÇΤåx‘EÖy±Be•Y6Wù1™C¨¾3_'¤VÐñV”z¾Ø¾u-.Fû³_ 7cÏâ’ù„çƒÑäŽCWã$¦D÷Å·Q}b[^4¸ñHá/æ9Ë×° UàW
-ðë|Š$ñ0ÐÁÔ€µN ݔ֨}BO0˜ˆîÜ«„ Ò°f~-ìæ3ü”>hFªb~pkؾqUô3qå|âÂÚÌyI–£½¥”nÉÍ•>Á}gCíú?ÁnvýêÖßÁè&êùaL·cÈŸz¦Ž‚dæNˆ|&TÀenø‚êÒÆYä¸Öñ2=ÅÊ»Œ‡†¦—ÕýØ—ä´!U{îÞ‡d°C^RT#aŽ«>
-["‰èLMøĈñ¤»UUáPÛF@Zÿjý34éB-]i›ÓqE ø;óÆ Ÿ¹š¶»„¼ó9ƒãUrŽo„·…üéìã#nŠHÛïÌãO>QP3LPPôÈÅbÔ'ø`Í™ÊA‰ÖÇÅ|1î:âžæ“µó#–ýlöõ½†÷k¹ÌçÃ18ÒáîÞ¿¢ eGV(»™xõsÐC¿š‡þftZËb]ÊþY]ˆ–žFrƒf·Œø ±ñ;\Mþ5ÆŸñ{Ó 3¡ 6?©ïÃ6¿s§ídäR*EßmGE2.ãXÇ„NÈ!¬3©«á1qª
-lÔÍRã/l‹à*¯iuh/oJÃ%`ÁƒgiÖ³:æ SŽ\í³sž†QòÃ1
-DÿH¬0Rù3*ô"âŸDÔåWƒ-N/ÒäªÆ©KƒöŽ¤Öšcð  á2›•FAá6oÝp°2ÏÑ(°ïXYÝàÛãáXœ"eœÃIL…¾²ŸiÇkX«d~
-îýª
-åóÉüçr’9²ü LÚ+ç`ô÷aeQ@žJºvgKf²Úå’– s _zþ‡¡¾¤!,ºè¹ ":?‡Óô£Y¾éçMðçø :äaV°Ǥ|—²
-[»¹®™/&’¹¯1¢óÖB×r†äç:Üѱ(¯rÃ^¸Z ¦ZÅÞO°gwÚ4;;å±Á˜yŽ³êí•ã,f«"©)6jË¥«?ÔBSâž¹=}›•,*î>Ûû̽óÄNdwŠÖ=Ž{­Ïá³\5§Qò‹ÿÐѤ]կخö1ò4ÉíÉaÖ}Ó#xî{~é5ÏÃÁp<mT Œü3p„VÏ0ý}VÎh¯“ã„V7aÜõÀrü;Nˆi½™†i…¨ž=#= î™Âiö€ƒ¡%¨:ùBùôdDÑ•Æ:L~zA4ê^å}µø&ùÕ4.¯? ‹­} Æ4¯«éZêS0Q²Òg܉ÅůI4‡a5"&Ü!\_ügúTžÛ¾ªRΟƒ}Èêƒì"cz¨Öë3ç©Ž)Qž«Þµ-p¤þ Ë.4zµŸ\8ô÷3ÊDÄÇ«U¬Kª“€|cM¸¼ÂIçëuÀ!N’&æž
-¹¹°ëÒ%J¦Á¢ÂpË1<cßè“þ„”ŽÐ‘VÙ¸ÿ” ¬Sìôôìªy•¸DÕí&=oÃe÷£kž¶ZôªTðä½ÊÁ¶?‚B¯#ü³=Êö‹˜«àâÈãæ+8V]x›uŒ¬ç/F!`À„EöZÖg ƒ¡‹n³° œ¦0®ÛÓ}ÿˆ3ýñ;Ý\[ƒü z¶8=q>­ãiçЧø0Ò’éyGi@`ô˜þe?¦®#c)ïÑ“Aâ|“ÔŠôGj–.A}ß«ˆM{U– ƒÚ@¯ŸîÍðÔ§¬¥öX¸Ù˜›Ëö¼Í*e2)¿Yž2ìÝ„€¡Èʯ(2ÞïW|^½Ô%ó©Æ.Œ%ü¹Q3´ú½&Ñ=ÏØ9Ö!nÏ⥂øï?–”à²Èa{™hÛC6—€””vìºs”¢5´ÛGá¥>·°mWÒÒß"¶Ê¸~õóC€Ì®ÿ˜3wHüZÝ“ QÏ8f^YÀ}Á¸[`šm+ŠþV"Û!Á ’X ºú¥þâžááŽNærÿV{?ôwþC{êÌf†ÛµÊ¬5‡ÀÇ×®íª1Ý5ËÉ!Iï]a>íÂÞ¢ýC¬r‹&‚ød'üáj!”!‰0ê÷Àn—ë;J.hªµE¯N;k’Ù„TFÉv…sú®`Êx–ˆS2fÎîó¯ ߟ°•ü‰ñô\‹ À7ÉÁ™aãSÁyÁáç™ASV £;`”ºIA†¬¬ìÉ^2·“™Åß
-‘À.~‹ÈI=d_Ÿ–ñS”Ü!e7<sol\‚N7ÅV£
-ª¼P*•4R„—ÖÛ¥ÞòÞ¼÷˜üþõ»Éô]ò ›fIE€Ng„‚Îñ²/÷}!­ªúÎÙ$…X¡þt³Î›Ã'П¹Ñøy[J©F0J‰]PJðà—S<¸Ã%>8„\éÇD=ŒÌ^-ȹ)‰É2éË:«›ˆF"OY)†AËg_ÏÐ<4‹œ(¨Çáùã{Gigò9f@í»SwÈ®Zæ¶uzh‹O;ÅÌvYcí™òü/„'qS±õo†d"çÒÂg›1 Úû§ý½wÀ$u8ÿ“¦ÊsE[ÅzÊ¢#í˜ åÅHc!8bìÚŠ÷‹W‚mB¶OÍfmÇÅ“í‰oñßýýºoÕóšöüŽ¢ô½LÂÅ~½2_.‹Ä/Ù#<á¤Ð&ª7
-ù¥Âìb ìVÁGëE!Cÿ»JæýóÊ Î¨…8ØüCâlh ÖÇ`–Q‘Ž‘æ~jöPÃF±ô}¦ õ\•œá]Û•Û,b%3R^è#í{mVº²å„|ûж-6µ¹ãU]l­æ»‡ãsóÈê~\¤Â´‰Sdú&U0ÕĤòCŽ‘ݳAÎÛ¯è¨\ÛØ1¿ˆ Ý/=tìÈRÏÑYû¹\[†!…™Ì ç¶ô
-ˆMTd#ðúJ<™hÕY3Ãä$±L#wNX!^B…`ïUký*¾a(äíœ_+74=¶‰|A€ :΃ƒÈ²Ïh'ŠÁËO‡>ä¾`ÜPTø$œc?7Ñ•@ Ž.`Þh®Èå«à“¯äØeõBôPÃ?ñ>®o¿# •ý6YâÔÏÉW9¶8ª´!Èl$»tA’ÇíTŸqfVÚ8„!šm}.Tˆô6•*Ñ,G¬¹îä®pÚ3)›R•€ìB‡Ù€‘
-øäªë¨§¬|°ñŽ=;ôn’9¿x¿!=|°í I˜%F÷£Ýo³[0£„ߪù [þÐØM¼Ì&»r\:ÂaZu«2˜$+Ö௎VgM<XÉ»*ˆ·[⌬þ§¦O"¥
-z€ô9ÖZdÈIÿ¬Î_òNÎq(ö†Èøœ£d?%¤2óx[¥°0÷‚—&œÎOfiZÚ UŽŒs'óÉí'L/Š¼,™7h˜^(»ì'€áPomå"͘Îæ™PÕoñÌð‡Ír(ï­…†}&³é¡*K.ݱ
-Ãܼ¦³ÂX«…¦~!æ÷T¯2é×U÷-aõââá·» µé{‰ò²ïëp4³-úÍ67Ue›_·ÑŽjOÇÅ8t^®ÌHã•@Èà¾þ! пi¨J·,=
-ÜläóŒWÓíåÕ›cªX”»÷Œ7sÛí‹Î¶úÛ9„"´‚¢„ÃØòñEÉ ÕTÒx–x¹åIíªß™)dð6üjË¡ÕÓ+4[À+Šóh}…ø±ü„hß%0Ýa ‰Ý±¼ÖŽG³{DEÓUÀpårm‚¶¾E;žçy6˜@D5xH…ÓXó¹„~ŒvC__Xíë ]W3Î1Lykgx Á÷¨.ڱЈY¿³ÝßVZu<8… ”ÌÜwTG'TÔÖÍÕOîõßiVfîb˜â²ö=Br°^㟂”3qZé),ßQ? .f*¹Óà‚µ¸)ÕÕîò²9b„äÏA2 ÈT°Ñ›‘Ìù0°>H¿¡ô»º#Ì•mÈþ\JoKÚûS<¿ç]SU6¾nÔlãÁ
-ÍNÚ:´(¥®yÇf” ìõW ¯ï8Ýö Ì Î±±XƒPíMmšÎŒ}»‰P²J[dÉϧtŒ=¸‘õ(‹ZUz¨Ú–™•9+‚ÒªŽãwk“JTS¢ò€s°S"¬xQß„ËûÈ8j±ïu,²OdqÓCÛm.e/ö§,²HD…·Ê0¤‹Õ«š³"òñGug‰òZ¦ya’íæ¾>“*(å÷’DëoÿMwtîý槴-Ó†·Îß²L©=*Å0C«N€ eÀ¬DUûÆêË–y¯›Ñµâ²)Jå»)ýÜåu‡ãɦ!°H‰œãZ…Pç»ËÜð™.ÆGÛ¼ígì‰þô+´Ç|§°«0ꢑLxò,ìÇñ7Áâ°€ÔÌ[ç¸*²ÏùcÃypW_%Z™¥ËS$åaÏú%¿½ß¢,-.´ëK´z6± A¾¹XTjÿž|ÏøYF“x§D\B¡-Ãlé[D¨¦8³;â
-±Ñ¿¨|<¥°K±¨‚±Mù§Ø-±Ö!E^s-Eñ›ˆàBR­™Ÿr í{M(ô”j#&çaáý­L3[ÿŠ8ÆZµB &åH²1}óW¯.þÂP­ÖÖQ˜ ; "ãÐh7ŠiËñ­QH½Ž2cfäÂ<f\Ä8Y4|
-ãtûü#4†ªj‰Œõ<*G_<ï®®þçv—΄ÈN€©øXü"f ³îqsNtqa‚ÝHÎ-Cë›K‹Xg¯¹øà¢h”6蘷¨J~òo¯4¿[ׂšN@ã ~ÆF÷‹
-‡RW üˆPÓþ¢à"päÂÆ‹T¼PLFEÞ㇋SS£ohlùòîÊ`ÉH̵iG&q:ª íÏþ8ùûn+ÿŠÌú÷M'B{ˆ¹Úg˱l£è
-e“
-•±ª”$ÝoòþË*“©»¿Rƒ/ð´ ‰ýüm/ˆr}ªi@¹šïz
-LY|˜ç=
-KâO@,¿œ4¶öQ:Ó~±ùÚGºÿqzé~ˆÞë”a落† °Ð89ñÆ+.¹¿­¶‚&q@¼1õqþמ9;mûÈ„&囜jhâx³8´F)p iË$¨F$Ýf4%ȳ– ;we,TF<éSè¡Œ•£¦}¤Š4Êé59EdäŸZ¤È…Q—#ü d¤KÚ%üKv£3È7õxw84xš&ôÀ`7>É »uE`©ü‚¥°.ÿŽ2%]ü[Ó+!£û| – ¢ò%…
-©tB§|ñËþ[41—Q矌|Ùʇ8ì8W7³5ÅŸ˜y‡h
-¤ð}äÕñÆ|´²Éäl á"Z:ð©.Æó‹‘µ´
-
-VñèïÀXæ³­O™Hj32‰•¼•a£ˆd·W·0íò_fL{,y>Ùæó«áb÷-Ã$ãv'™‘ ~‹ì¤5D‡¡Ö+<Õj†²^W_4N£ÆŸs‰©ˆÈé¾z‚Õì"}‰°
-‘ ž¼{;Â'èÀÌm¾êï
-¥ÎyÀÞþµ½­cºùÈÆ Ðøæ
-Ê­ÛäŠ&î£^“˜þ ø÷AÀ—Jí¾7Tx<¼™©{'þ7?ÃÝ쮲­\¸XLDlö\•ß²È¨ÊÉ0¥Aú­‘}%’° ð,Cô8Þªd3'eïî­\dݱŽ@{–«¨çëc7—Fgb 8R¿Öï“q;‡u'L…\X€½/ôØPèu»v‡Ûý"m_ñ»âc¿íÀœ›p¢õçäÌ}âY éÓV´ZbCNÎ…¦Èí“xñ¤ÞvͬnÌËÍ®•˜ü«›¼=8µ”b{øR/ »ÿ° jx¯­;èpKÞùûçá¼õÅß‘Š‚Hÿwîw^ýÃsµ³Áº&ã²3H-&º=ÌAIû ×:lòïEÝFDYK±›•i¶ô
-¯¶ØÒ†¹ZŸúä½ð‹¾S§Ä|JõB¬Q;d*bHQ~ÛuäÖvAìÖ*ç¡jÐKdè‹ôž #ÂúÊÝÚåWt‚OÑW‰;b/LКï|¥+fª¡4¢¸dô€íBNÞ¼‰Zp„EÓk
-‰†ÿµ }²‰Q¥if;ôÚƒÀ9òÑâÐå‘aà‰%;[ Š¼L
-g/£oR#5ð•mZL2¬*ç¶ôåÊx-L7]b–zå3).•ÆïuNÁ@Jþ½¼Âûí¿ÉÚ­|ñ²ïä`”guŠ½Áû…S´HæÅñ‡!RÙKO[´×)ÿ'žÇDÝ
-sÛ꨹ðarÖ%u$jõ¦ çÅ­vSY×ë³q}‡˜Ë;è&ðóóR£d2 ¸éEÏÛWþë“É5IeìãuÒ¦l)ầΤE“~z‘/.¬·qÑ?aí#bQáMÞŠSÕ¨ÏÌ­´Ìw §‹™‡žm
-d{ƒ­àk(ÛL_¨¯¡UØãÆ8•ƒÃª %¬šÞêkúºå X8@f
-¿^²Ôøàà Šè{q%C³î¸ZrzvzÕ J¥NÇõ0Ô––…M‘ÉUµ ¹Quš£f¿$ÕxÞ'8íGÙY÷T7×Ô£R^<`¹]Ô)UÁÿÔ»šÅ
-|û€4Lb°d7(èwا;ý¦@,kf·FxœWøP9ÕÈ3ë.&°ÒÓ±ÌZ p1—"Ñ›Ñ^pèÜ°²F¾•Bø/\ôû$´Ÿ?µúlw
-÷9+kÑ;3Á“Å«ÓçÛ
- ”¯¥BUŸY «ÓÚÉñÝÊÁò|²Ÿ}TÏBÜ
-ý%»}M®]Ú
-¶æg³FÓaÿ©Ä)_•dú„%ìyO,ñ`PÓ¿îlQ›X¼±õO…µiC®D†ZõňPÚgçÊŽ—¿\йTyÌn leóQïàô­/{õ]…
-{rŠH mÛ9dÊ{õ‘ž_À?^­Ÿ§ša酾хëmÿ«X@EŠÇ/\¤#¤D ë¸Öìù-Ý*óù)}óŒn³÷ÁæJ®«%RÕpÏî&HÖîäÖ‚—FéÒrYP{l1\¤n£hbCòvËñ„OœW
-N‡~nÓ$¬å_å6ÄŽ¨YÎt»âXêrN¦“ìpÖ;‚ßü.Vß¿Öoáÿ7CÏ׌Zß¾‰`ŠÅAÈ`Pµ¸VV"òÞ†âMÁ®} …Ø ¬Tu³ÜËnÕž@‹yø„S×å†R*ŸTÿe;ÃRÓ°|K5Õûä—mÔΩyêÛ€`ö`$‚Fv “x3Q†îF=(æå ŒÓe #w‘!ŠÍ-þ¶²·ý£7W,Ž íÆ*
-"yc„öF¹pÙ†'B_Ó·å~£&Â/ s,Ty ш´Žò¹×Q(­1îoŸPÕ\CÔ‡6oò «yu¬Aô*µJ£&™•)×Fl"nYbï™AîÜõßy˜¡«ó£<á@Fµnvú»K8lb]j¼AÝÏ)ଓîyƒ#£nêãÝýXþ¬:¶_« â¯:°<ì¥z5ãÀ+‡µ¨Éº>G#R„Xkÿ0M݆
-‘ÈE¤=Eâ™Þið’ñRÆ“M™uÉóÍÙ¸åK ;ío…"z¯éfà˜ß¨—Ýä|÷—ç;JbÚ˯U8/'†LuÙbœýÍrÏ,‹ æ ä›Ä§Ì8:©$=ŽCnÎf6ÁõDŠÀ=& ?"³eà9¢×`×ØæN.©>”Ô8jà /‰üž[`E6%·z¡S¤“á‘©¬ãDB?æÂù4zéIqrÜÅ>«h¹³zfÆ=A°šô&¡âev©:—õY L˜Þ|˜–øéJÆI¼‘|MõäH=pÓòï ¿¶ãëèúÓM5—§ÂÁÔiøhd˜J„ 2kÆžžê Þ¥˜»“¯ÓÿU2¾íeloh¾^£F?馛ÿ]GÆ0SƒÌÉIEËàú˜Ö W[M#-^ô)‹Õ
-ãn ÅOÂ_KÊ8ù˜å8ûó˜£vleFä­cš1`m1ŠüÔ_*:~Ï\ ·»DØ-áX”*^]ÞŽñûœêðítœw¼Lïasª+ç¿ŒèBRJÚ¨Ñâ®×}=*«b*Teb|,Ü—Ë
-£9ªåJdŽ²k¬û¡!î—yOßËHg´¤½ð>pèÓrR¡”|fwÐÜ)‰ß©éËÈíª6ÞÛÀ“Ç*i}J.âÙ¨œE‡ÆöqÿŒ0ÿ|Ñö*–fÕ$% þ¶6É™ÑÖZùQX;]Ÿu¬ïë:«\Ò†¡é±CµÐBkÕÔÊÝTÕ¡Á™•ŠG’ót¾€‘4Þ¨4ìöš¦Á½œ€w?Ìá›Bx[R eßÏA‹üúG4)óÖm½ïËä£ÄW®¡„»{&8V^›v”TxBÓ‹‹"[“¡XÀ¸”Tò€Öiøð;ÅÈçæ=Ú‰]r–R Ô³{6ð¤Ã‘¹„5šöÞæÜ(Fƒu«ú¸ìtÈæõí’ŒÏý
-W4ŸÞç†(œ$<ç,èT-Ikñ¬qS\øïˆÁÀÌê™â Tb©¯ £¾¹†¢Eâd¹u’\ hajˆ±èÀöµÕß½ÏK œK§é.à*wã7E]Š½Ú–…:Ê‘«â­ß¥¿áØÒc¸ûŽEýª’|¸$\Š\Š?‚¿µj*ˆM?žãY‰þôÁ„ÖæÖ0EØéòRçl¾¢Øÿ›…r‰od:‰Æçu&Ù¤CÑ*¥Í¯Ý%|У
-zêÁ iR®ƒ}¹ŸÄ¤Ý4l@ˆÐ'j$Sî ÁBÐj=–aðâ\ÜE%ŠóÅÌáSÞЬ"²Ü#¥N™C~=18ÚëP=‡bÛ Ñ+gmC¼0‰f}³éPÐL ×öÀ¦&òùy,?*p">Îtª$]$2Tk!𠟬¨ <|þœýÿÒÿ€ÿ
-ÀÜ`êêîä`êj‡ôá÷åendstream
+xÚ¬ºc”¤]°%\]v—,Û¶mÛvuÙ¶mÛ¶m£ËU]¶í¯ß÷Î;ëÎüšo~äZωˆ³cGìsb­'3Iä•hŒí MDílhhé9*ŠjòÖÖÆvÒ4Šv6€¿fh!' ;[a'N€š‰1@ØÄÀÈ`ààà€&ÙÙ»;X˜™;ÈÿbPPQQÿ—埀¡ûzþît´0³þ}p1±¶³·1±uú ñ½QÉÄàdn0µ°6ÉÉkHÈŠÈÅdU
+üPˆŸìá}ŒRbQ»š€ê
+ÏÎIOžŸÈ†ÆGG†{oÁú°©rb¡H¸\@áH#ý~å`óiªTˆTµª¶íõj±úˆ®JÊ9ag6?¯ŒúŽV¤\YŽsƒOdú1ìÓhŒl×÷rYOis'¤l†Ì¡„ÞD´˜?©N¯Æ´¡ÕlὉݠ|kĸ»í`¼<髱`[‰ÿмû“ÃËà§tªxZÍÏÖ;zõ:ùé9¨&ªªåó~'`”šXÃâ
+ÅIÕÓ¥¹ªývç ã'Á„€[ý„9]òrpÈN67W}¿¸v½ÿb‰9rS­e…Z¢ª3cþ4ÑC¨ªN|Éßï\¨aïŽÇÈÝ»Tº E uFB¾j5ʘö»–ƒP¦êìËM{ÁoÇ ‰ïeŸä¨ÇÁË°
+SÚíëš„âEÎÍ6
+ÞJúì—ÓU>‹Aì„v<Dp8c±>OÔ-kýsU;dT˜¥wb/ŠJ»Zm +SØ1Δ?¸™É
+ÜÚ&ë4i¡‘éÁ¾šq±‹¼ƒÆ"ÓãˆÊ<kvoI]¯kŸ™~,g³€&udc ^£ïTÿ9a/g¦$^.·5§i¹â-Ÿ¥ß[Çx:(‚qK;Øz|\Ž¸e¼6X*ÐÍ­¯®i¤h­OsÛâ°O45Tá—raâ4ñT_f)¦!Øøpg‡æëgÆcþ®#snu„Áïr‡1¥—‚uÔîwÚosàðFÉ =ÂÐÜ:ž:ÎUšelòéÕY󸚉ƒ+ŽÜ×$í¸‡„ýM·bƒI”Âïò´Úê`9åÃÄu1КBP
+31îgµ¬éIM¬O”ñs¼˜Ù?$oûš‘r¢~çþMsbÙK͈®iA°¨~Ìžõ•ðßuÍÜÖÑMÞl×(qƒCS ÂIe‚³˜`_ÛZ! Éßé=ªuá83êKQÊa<ÒŠa@<’ºÄkå¤Z¬ºÌKÕj‹ËË:ýxÎðbîsLŽ[‰ÁÅSZª x—b
+“êÏÑ.YÂ+öÉ
+PoKkj¼4,Ê¥È|— ™¨ÔJtªëŽBgžg!©ÂüµœeÏ'ÉV!¯­àlЖ/ü
+'Äí™Õ¨dbÜÜDË!ZA[NÉ}b¦YŒ¯åsÁê†xÇnLM ¾ÍíKŠ¾Ž>žÈXt©æN¸ZxåÓc:”[ C¼Ê”Oû;(nÚã…rZN›ÄÇr¾ui:èÝr’€ÙeGQÔÁØkbÅô-»ÑñšäcqêcÒ»
+<½#Dq%s¶yVv£ge™—êŒa…f³3çi‘DûK$TòZ´PÅÐY6i…½p_ÞþÈ‘ª2‹ „4ëqŒätÆP»gUo†¦°ƒ—!Ýnºº›+\IðÙ#$ä´XžoqºÖq„ìà½E¡T û”hö
+SŸ:ÔÔj"IL0Îñ̘…°'.^&C†"ëL-¥ºÔ)ÌÄ8>€eE½ÞµO"“?Š,+$ŸúlXô”Qìç PgÏV¾ß󯾺ý/†YeŸms8q Ø›ŒºcéæýhJìÊ3/fnš´j«¯×à·J|æ_²&uWY*¯QíÇûÚñÃ÷°]Àa°‹«¬’WÆÀ|1Í®ýNQ}Mƒ wïü(ÍçÏ̘lí¨ÛXþ4=40åºîr*ôä5±·ŸNÓË›šŸ½%:€šÒaªÛk‰”ŒåŒÐ¦¶šu]Œ1õHsȤ$±˜ÌœI–¹6ܽãshÊFâ`äb›Ü”ÞówbÎkŽì}
+iÓT+'d•ÇÒ)Ý’”£&u:Z¡ºIÚ³¦°8¹íê6ƒ8ä{+ݳ]ƒVÅ’­ƒYíyH°Fˆñ9¥ú°LD«:¼‘—
+°Ï®€¸§RÏŒ_/‹kÔãPYqwËÒÕ\j¾\h~ ïbH“³Yàý|Yæ 1D!Ø«Ûæl®ú~ñ¶Â)µ•fFã¡zÁ×à9N2òò¬YPd,´|úÀ£ñÁI
+ª\0TѸ@‹,æ‚rßyäF${ºÓ«±OmVÎgJ¶”KšãOT=µoòaiË)¨­"Vj÷ÛRÓºÔµ… EÐöüD€)þ¥¼0˜ë ÷h>Úg0§c\/ñâI`½Þ:f×|ô"÷…7+JTn³jÅCšظ}>nˌ֗F´–žUÛ½À{2„á-L”™~Ü+¥òE©´;úйÇcªËo=h›ù°jbù´òÙ-þYä ébhô!×%­?ÁGûZHƒq„¬/ÛJN¥eJlÏ^“1²;#RJ ,2Jß>êCa}F*#D`©ÈÃùjŽÖÒîÀIhb%¼îV“úBCߺ(?gÎÖ/Ý&ÌŸÊÅž3sœñˆF”ïsÎÂpHŒ÷.“ÉÏ,2Å.!Á%ZïY±Åº,íDÔnDz§ h+ñ¥\£>k•á„žjß6Ù6–Ô8tµÄ̤&¢„œ´bú‰|uTè@ é^[Û5œ¼N>vñ•we·!XŽû²) wê^½´É¤²ªµ42Ý´Lä€Ù¡Yú ó—Y Jë Ø ûNdLªKqHÍ*~ŸÌCO©_¼ìhµz/*«·ä´X)‰F_6JxF¿K·Ê­öñÚÑfî{-wM"TШ`½úÏIÖT;# t¢*–<åµ +ûÓµ*>&ËØRªç- Ù”ù…È^çxW÷< 7:‘Q!·tyo%®Œâûûû쀹‚EP+®eöò ™«W9°æÓw;ÉÎ,+h³Þ¹Gª‹@näòòõ@JÒØfë°¦ t—Xü|®ÃæQ§„÷áUÆ)7jàègœW…2ö!囶:Óâ•…1–‹nðoÉ<¿8¦šÒSnθz²eŽqYˆè»±™á+†röÒãž¿â Kúi¬-UןWï¬î=]ÀBANmM·Gwh’3«­!²²ðëôˆñ'|¿”ª¤hŒFÊç˜Mý‘t€ÚèßK³íìËÁƒmã.­«$îU¶Yê‚+[6á•B)»Ý|ßÇzµ¥z»îÄæ7ÙÇ9í4• øPÞ® 8òàþ¶ɪ­K‹—.èÛi²8ãôV;´6ù¯Ñ®×´v‚r«VÑ/Ø{9›ëžÍÜE
+ËbÑd•]¹¥HTŽøòÆÉ×£½ª!¡Û“RÁíßcûÚóuYÚ; â>BáYÓ.ñ°(J¬¨SQ(ÐGTŃUÖxK(Øú¢Æ˜ÔÞ%çó±gäTmÏäÐADÝWæ¶ó„£ô°£êî$1‰ŸÚüŒ²ã2‡Šø:TÞ
+ñ¡¤½"žŸè²èoÝ0Gd4äÊ­ŒÊª¤1“ïäõ]îPü•¸º
+LÙö²ÊƒŒz‚ˆvï“LÃè“Æ©ONw½‰÷Ä9Q9óµôâ˜×*Ê™õs&B§P&G ‡Iiä¿–žÓîè½À¤Œêˆc­Òئ¼¹!·5â[$µúÙÌZÜ›˜@_q´öOAš
+´á€fÓ´s!(ˆ)§é‡¸˜Š  Mí0Âß<_°7;3s]˜(ª¬Þ)JÁsTæû°€½F’§Ò“_íç#¹ÏïЉ¯"#(à×!È¢‹ù£ê%ˆæ5äí©ÍŒ×E¦N+¨éœ N¼ÍüJÕuFžCµ]'¯kXOr^!'Še-
+“»;Ȳœ=mÉl
+RÜÍrgøê3†¿¥ 6ìL ¾–:5â沸ÃcÃ+©@¨¢®Á¢zª?%ÉȾªŒ¼—0;¿üä耳ªò÷‘ë{ÙnHc\æüxôG­qž+ÛG?—Í×ØUϽÞm“G@ëÌÎ
+!¾o]rþÍÄk$­ƒ´Úˆ&VL¿ëŒŒ5úl׿å2•¸((ùp~·¦³t¢ :š3 ¶±/e…)ÁÌ
+¼ìÇRi¯z¾àuÙ1^Ïм(ÿ¬&‘ »L.~Yú³d'S¡ÅŸÀíDäNMI@k=ÒÆz+Ħ2”iÇáÁi´OŸ«Ž„º|¥XÖl³JÅz´”J{–ýj<bBzRÔië¾=0(ØMÚäçÜ€wÀ‹2ËÔkèULyHZ9+}ò¥<w„Œ‡öH#}Þ cÓ˜Ø ÖwØš{ä~˜ÂQeZSgØ“›èŠGŽ¥FY¨2Ðç¥ÑÚ½©e¼ì®Š˜Õ YHÝ
+oGÀåÂíìd’PLB¢£‡ŽPçîªÊà¬Ìî—µ/Í9[¥† %®—ÝßW´æ†ÇñÑô,±ÌZZLy )5œRb;vbçÐæöF+Ã"¬°‚®5»>|ÅrÞ%>‚‘8É+©;r`HÔ\ ñ˜²? Oà<‹Eü· ²çs§Ë—…¦aV1 ¨DV‘J¾6Û°JZ„)¬"·Ò¤úRÔü$¤¿£¿†ÏÂÉ‘kaòœ^€Æ¶ì•¯†ã™¾†§†-¦ÅÚüÖÀ Nó2ÿŒåf„Yà'È‘»ž¯õiŒŠðΦO"›˜éÈ°Dþ;»VíÛW¾2{EñUv¡šÛç$‘;ò;d–J9*l З}’cûâÇJ:. 'IÃ">|–ðsü¬ãxAäpñ#ùÌdFÓL †šžs;ýsùU#\°Âká/mÈ ‘ç1MO=ò=ÓÒ*íÂK›_JX ÒyNìhõ‹û¨Søù¬Vzí¼-Á×ôûéáz¢˜šVNÜ‹ºó˜»¨2¨¯ˆ¯{ÄÆ1vˆä‹?™Î¸°Ü!Ç`®ÁÞä±Úgôöz<ÂÒœ5H¯e¸§üÞ}{ÐûëÕ%F½¬ÈêÄÐ’Ô  ¬FÕ´“ºÌYåpMŸ9Ì­Œ<‹PP3¬à’§eÃ=Ò«‹_# qÜR×AkùD÷¿¨Ìq8ð½þ´kx†”•¦,^yR½Ý/÷EþÔÐ꿲®5Yøífnl9)Pài~ñw ³ÅÐ=Í!ÁwKúd¢zð‘ö”#ÄöòƳ›Ú#ë·H›Ó;Uy9 ÎãV½mVÔ‡j:>F Ìëóô„?6mQRIì01K]Yû²vŽå±ÿôU郆0µÜuÈ’¦°3:?XÁ£'ac58P ›kÀËÆ*¶‡¹‹%2G6ùŠ=ÏÏå`#WŒÝ#[ÿ¨XnôÞÒ&$ZcÖàEä½Oa â¯/aKœ6™ßûÈùÍÒãžú…n…pRÄ—Š+kmÁu¢t½Ó âsüü½i6ºÑ÷DtôHaš¸Ç-Ùá.bï½Ì&ôf+üàâ—@¨ˆK
+†r<›Òâä4€›¬Å@;ß–/r¶Ì7êÃfA-&Qí›BT8ú¹«î¶Ì”Ô7ºìŠ Ÿc®Qw¤]“X¬„J™”—·Þ•ÚÔP.Œ¥Œ¸l—üÅpý3úÜh/ù$Àê0öUÃEhºó¤clúTmùyÖAr[êø½6cܦ×~Nw²ïe
+«»9ÌÃkDÑÁJ.…ž‹ìC ­èv¼S³ãº˜½TÁ87Äô’è”íŠeµŠy]8²X§qg$[ŽÍðy}Т¿EZl•õ/UFצ:¦Ð¨ ØVô¶¸XzÓÃÙ Lÿ0¢Bÿ|Ù@mfBv˜XG…·ØÙfšÃ³”ÖZÔÐ
+¢œõ £‘I½…M©:l/ ?Xã›ìSîvåžÍ›ãÎÁñiM„CD“¬Êòòn[¿yÙ §’ •Ýõ§âCå5ú‚Ò BäJ„óK@8Uø”ˆã»E}/©j„ú0ç+¦í¨ànØ É„'[-ÓF­¤öÒ9’f÷m÷BŠÀEE‹W¹PM·Ð!ífòÒmEfïäóÂmž0ÙK¥·¢ Ì&L´ß£ª’èí
+xu‚9þªËÁpW×°ì4(Ï2lYa¬çŸ,¯.‰W<ÉÙÂ$l>©IjÐÉÙí«˜Õ%¯£Ÿ:‡S5ç½à
+=~‚ŽjÎVºŒˆ·tÇ¢h©ÕØ3u¯º¾HuF†ÊHÁu(ÈÃJ¶ÕVé„ õ˾M-Èó½R;®mUHÁÌúñ'¦ODÚ9YËZÔ³c!\“;N1žh äÝDÏ\ý<ãê´0îâv¥/`¸6ël‘¥Ä[HGÊÁnŠ½Ô¯þM9&*‚G*^o¹rF+á>ÇÌ«ÜKž¶!TÌœCE Þúf-ï)Qñô&ùkT4ð®m«ã³!I AÕƒýÄ?Ä¥7 nuPnbîR&D3¬„G
+QÐú
+qÆ~΄‚ô<¥Ên˜;eÞE@|DxÛ³r AA¢¤yãÃ&µK’6Ìuy¡†’Î'Ÿe²QŒ@ŠõžpÚ~Í)˜ëqúkõX_Û÷[ q$Ètá+cÇàg¨ÝË)/~б҇ÂG/Ù¸ÍÃqg9~¼/
+ÑÒ(+Nu üšW6eÿ·Ýh|7%ÊÏ3™a¶âõqh½¦£.!£*άhz¦@ÏY\@À}³0p…дå­á—Î&æ›Z_õÉi »û”ÒtüªüD1=mÒ¹”ÍNòâ‘þÞ»GŠ÷1{« ‰K³Xæ?9¸Â“mÀÏD#â]ì}ê°ù‰ì#à[—
+o¯–ͳݣҙ¤`l0CàÎ(ÂŽ%üSCo¤J˧x7^§ÆJƒa”ùL#pXuAëÞŸ_éB ‘_HöÎI¯ÖÅûµOñžŒ×À=Ç\èfy€õSUÚP^[—i?ËÀÊäŠ3Ó;Æ>ý¤Åå/íø“›mÆ´†á¢ œ5ÚïcÑ÷C핺o@7„aÙˆd0ldÛ1*t  åùÉåq‰.«j¤úÆ·£HŒ×´V‹xøvw‹±nÉí¨@.éäeó_©dR6hõ¶žXtºfŸ­ñcª81‡ èxXup\ <” m‡Í¼8‹œÆ[ïÜAXAžZ|)W“Ã<βCŽ}´_Ÿ¯—¿–PÓT÷tu W„y?®~£¡uÅÔw}Ÿ‘±þ˜?¡€È0ß«JJuRÃtµ%K½!fi’ˆ‚_/¿K<¾
+{B1?6¸T"¾yyÕyvÃÃÊR>FÓåE`FÛÞ-’[Kü`«Â m‚áþð`Zê£&‡¸iÍ6ð¼ÍÐ tRf¾h¶OX¤Š'ÞÔ[ÛÙ{Ö ø“ú¶åíÑà¯ý¨_†ÓЇØ'”ÃÝÄÞg»¿³÷5œT/)yî°ÕânÓ?„g;·Š0ª`×cmzO¨^ºúöç(Óç ÓÍ×ã€I’Ö}ÛQ¤™_g%)5ǼÿxÓ7dÜŽŽânqˆ)`ê´ÖÅæ¢GñF¬6È‚íçmŸãT`»u6J+kŽ¦‡+Ö3ê~ªdô›™Ò]þAO†ðq†4Â…“”ÈH®è$#c*ÿ1^ïÉ’^‹ÍR¹aéc‚ç'JžÂF°úÝŽH18lVÙë`¨çòö«;nQRGí\vß]"zÊ°¼~Ë *œ‰@ôàÀ°··¹K
+ª`Ί‹šXN”ÀU?Ž¢®ºëÈ5ËXrB0n9½âà!§æ®»u*PSçoiyµÚÒLNöolU®/'²ºNl¾+
+z·ô̇oŠ%ž}Áwiô[ªÙ׶K¸ðWâ^­níåÛiíèf.\«™C0 f¤: l©N}Vâk¿3 Ê[‹æ+>C²W97û&Î_lûnú6±pÎÈè?9+Ì^?…ö z×û±·ÝIÉ*ð¸ãEu…nÄsA´Ç×ñ^dŒ–kC2^FvBó§ Ó¬Yƒ¸†|óIÔµ%y$¥Í•Èƒ’¬¿BPÞƒúuÓ?fÒrJZÔø¯e¢ú
+WL©,ãõ®<ò ¼z8ØAÚBgåŽýAf!Òç.P£MX“mtŠž¼ßZ‰^`«-Þè|‘ ª<:´N†„£,ûP£—ærÌö)ìÆFSuê‘Ù-Qà‘×®
+õó"KŒŸIF€£%(³–_@k°„j-éù•_"R§‡7D.àúœµÁK`RŠcàÅRÛ¶µËê‘V¡€Â‚¾±Ð ‰ŸV':–ðê$íôÃDgènº¾Í·ìM‡k/‡&ŽNYúÞVÖ3‚tӾݭæ;["Û‰`Ëk•¬‡~bŒók-<ÓLÄHsH‡X®¡Ê%¨};É„ÞÌ“Äo·ç™HV²[]û:ûýã÷ön±Út‹©¯¼€ x-0å­ ¤ò3(×|–¤á#¸Úª$xœ£“µ[=~©øwBˆ¢ÞЦîx´-«’Â@iaéLßÀÏÁ¸ÂD⼑:Ï߇W\Ð&pþkÏ©Èã oyŸHt”õ½ ±ïÞ=_ÁoŠÍGGéhÒ,Õ×fhƒnáô©8WÌU}÷x¸Z´‘ 8=¹7¡á¿Jö<ÕÞ,’ËV{$wçüSDãéa/²5Uu”åoέ€¯¥ˆáÓhµzxzô
+¹$–CêiHÊÈÒ36—Ôêü$ÃYN‹!]~L&¸@7}?¾ð,"lº›É[·x&ì,`HÊG‹(¨U£MUzl‚ `–” WÕÓ ýäÄêhŽÒnÀ>Õåêu@ZcØ££¯$Ezúeaãøg” ƒÓé4–ÉÇ“ ³§°Í¹‚:ÚîXì`
+VÉ
+þÌdÛ×Æ€afTœG»¨Yô÷–h©>OO•-šsЋÊssBis7R4̶9ñAeº»^¦ l„jÄ×ÝA‡gGE½æÔ²Ñs
+˜íó·ŠàLlîÒ†‹æÛåT<ËplìÍI†"-ã„çòÀÂßѣΰڢm㎺ىƒK«õµ\|R€DìŠ1Ì­ú¾]³_"ÊD´ÿ(XÆgGØŠ£8ß쟰ì~•}ç#ÛÑWwgTuÝå“õÁçaÀô`$å=pl6#röìVåx”ùÕ$3ròÖy¼íÑF“³º¡U¯Aµ‡-ë>½X@DDGÈè#æP³›póU!SÏ®ÑÁÓŠY³Ö\$rÕ@2À‹ M*à\gûvMJ¢Ý{¼Ú˜‹g¹•¬Bœ7z0ÊË ûøÖë3BýàÔ9ÿÁ¬)€dÂ#š‘í¸Šæ’ùŽ
+Ó.ÕA9tægÌ}Íשº,„+©lñ£*O¤ ÀSWÃ_ά”v©f®åU’=˜UÕ~r3š ƒÐuãŸaU*Š‚ŽvÚ4©]ÓK™
+dZ¾p?Ñy[Ów÷gcˆ¢€ë¢ÄEâ™öäî;*%³kƒ`FN¨›œÂò†™:;¼‹!]‘T›°ETÿL¸Så_ß´oð½rÆüR¡ìu¦UʇJ«AnQ-ˆAú(Áµs5\ÐÐÍìB{ÊôÊ®mSì¹À1_!ò
+ò\Rðo·»=ÔÛ¹øÑ\ñ¹ÑpèžwéÃÜÚ'
+>%•¤ÞÄ+QYÖ‹
+ÏÆB:«B<Iuëk'I¯·ôΣH£†DjÈÆùn5s0˜L½I½\ðî ¯¼õq·aø‹_®sÅ$Ö꩜Ė]dyé=t°P‚Ö¦—3YoÝçÒ2Ëp•ç]Lò2–ÎïOñfÊäNªQJUfî‰8¶÷$ý›°‰¯6;ÑNœd
+sy¦ ;«4e­qVðÒ+³R
+3Sùohšý¹_rÔÝìäK¡„×ð†øs|ÆÞq*.ÏWÏ:C;Ž0¬åmqઋºQïY‹éE•³äßö ů7—n«¹u“§FÒUcšj+ÖÔ…–Èlت›EóÖAø»ŸÑôl£”R“‘uEc±ÖÁ2^¹AP5OçÂQ‰ç‹vv"ÂÊ€ò#Šhm4½ž8•aG¤ZåÆ”VdZ_çEg #yÏ~Ÿ…[BÆY’éxcx×6;ìÏ}ÓÞŽ¿ˆŠçáâ] E‘ü2¾ž@%4öÇ(ò¿‹ìíÙö ÄŠcýö:i– ¶r½X z ¼{VÉy9Ï$»e0¬i)½É£µ'M JñëVé@ÕNn‰ÜÇs
+ïÊù´Œ( mâÑÀh:§ÄIî…¤#/ⵂî@TF9UŒÇ!Å»¥
+dÈM´ë)é sIjªð
+ê=nÓí¹ÝõÁ­Ýø
+›¹Ë×±BnWMõ¦Í;öy‹{?%Zt±þï,OOÑ^:=–çð0Ì+¤‚¹§jÀøñó52…°~©³ákq  «Èo‰ø]&ÒWú]½ÃˆÈ¿Ä#aË®5 T=®w),Ûv£íÊpÿS¿ÊN-x¿Î”"AWœ_ÉB  ÐbÙº4;²4þJqT7ÈÔ% :L’ö·Šð¾îd˃´™àøÓƒ"e×Gò%H·Պ ‹†Èœ@(<[69j8åjYY0ܺé—Ú·V÷I´XÃL]ÒêpRîúÁ°П£n³k†Çµ=4Q)óë'eb”ÕEOþçÓÎÃijW$Ä,= B‘Å)HS†b@‚ÕIw´«–¨;œÙ\ͨn³]]CþÃzÃÅH4¯9¦d˜«çï¡~¬ˆÊ \ES ·Â>VjPÈ7³ßtë™LËYýUå€(É™Ÿ.à /,±ƒ¿Á6‡©È¾EûÒñ7ž2ÀãYc`ó`y?îð8vØLE,§öÞµ—'a±Ó·OjA;9ëŸ"ñ¢m€n Ü'ùAx:¦–ýÚB|Ãu3ù â×IÀ†d”zó—kƒÆ+ÞµN®W:Ëèµ
+]q»Ü0€aTiä1£Ê
+éáIÆ©¿l’ÿè^’ù¢Š6DŸŽ)SóÌà˜«fPˆðx‚Ö7#ø³ì r þ0iåMo›Íƒ(©²aúJ¯­=±¥úô’ÖD›Y‹\-¿`‡«v$H‘óx̤÷DQUïÇÓÑ&H¬<Y¬ýit¹®¢qû[h‹x^2Öš5^.=D²—Ó…¯•D3Ù!©Ô7¶iÀØï£z²B¿\Ä45ŒŽæŒ$•«e >†TBî´¼O}]q}hà kxtLV‡EÈ'â<ãÀ—-З¸
+B;Èý5§ÚV1Áhº&”’n­²R²¨â’ûÂáîݤ`^~ÿõÔÖkæ™+r*ý§pÃí¤çÄê6ÓYM~1¯èš2õºnÕf­—Ž³QfO­ö‡ îKïËkY.&꯳yÿˆÃÁct:Úþ9ƒ½Ö@0.¼Ø›Á•¸Ì`ã:S5ãFRaKl;:VBJís¹³¬o
+…Èäk¾xG%ô_>„!ÅžÅï­ŽB…±ÐfLeŠ “½6Ÿ—‘Û²6Û‡ûÃ.Zñ"#…qCâŸCšé¨èbù';¦Èd߆[]¯
+C!1Yé­—j´“¯~æXØü€6Ë”#WkÉ5·6ƒì"ïRø‰ŠX£‘RIÌöê°šdÒÁ4%ì$ƒ‡þJæ{ 1ßC:²}«–1_Ž9y÷†¹o™ò¥ŠT<C=”t%ë·ç}ì²Ha²üÝ ç¬uhÿë5¾_+Œ¿žòÚÞ`F›mmàZãrã¶ù¤³TÆŸÍÙ£»óZ @|D%Ûw5õl-58kûÉÞͶrí‹æÉȀġô–ûn±áI¬‘YÄ.·äÈ"R½¨³® ®c41V8;Mmà[Ë¢ò·ÝHu0”àPMĦ‹Â‘.;¢¯|í/âcbÇóŽ—GÛR>BŒÛb}7krê«<Hú€·Ïg†Îq¯Kîý \—|XY¿k˜ôÆñÚ.ŠÖ§ rõy£çu‚dàmríÝ‚KWe >À¡꓃ BÓwè‰)YXP›Ålè•1«€KD~RSœûÅ™e@eœM=¤®%Õ3– Cw^yQ ä7ô£¿˜ e*²»ž¬js»¯ù‘1'¡Û~POœÓü T™æ·UFaØ­ŸsA?Áè¼³Þïê/Ã×›Ý/ˆ' xû:ï+#™>ãàiýƒžþˆ¶ âh1CJi•ÅĨ 0+íˆ ªä›Ò¼fÓjæ®3„&:b^¿’ž¾>œ ÒGßzHűI ŠÍ2ú©x.ñ)ZÝcÃÔ>hˆj'jV¹þl o>AÇzÄÂ_qÎ¥“2ô¨à
+K[¯:€¬ '™Êd8Û~›¾Q‡p=Ï|ùÀ™I%¼…„ݽ‰ñ0cz®þª¨î\:
+¤… dÑ}©;ÏW¦ÞÕRõð„C#”ZÒ¦™Kí¨yWòIô‚Ÿ+2–`Lú,ÇÇUyY³ór"šV†K§ -J˜]È·y[{Ò5Å¥Ã3ÿ|êšœ¯ ¿”ôc‹QDf*dq„îôîoèÛhá”`…"iJ)׶ë ä²›óI çî%¬aÚõ»ÄÌð§óxv° i¤e¥¬u$ÕÃ&#ã°˜DËrŽÐ 5JÁ¦‡\K
+7שª'# *Ü䉰,êàZyN·[‘=IŸˆ´ñkZM_vGðÛ}r»QuAüN,]/,ò®Å§þÞe•e iÁ@5¸.µÚŸUÍ…¾¡@£VÍÓØòšDºµóŸ¡¿Þ0“­ùyp›»6QL+PfŠ!ÖUDøàu¬OD`k~5 f•ê6úøß8LÀÚ@k×·‘HÊ>†¡d ÓWRJëð¾ð·eÕøɇ½K¾N·¼Rä»Â± c‰[{2WÇuà f’úMËù¶[ ©r{ûõ=˜¶¸)l-êÇN—:RFún˜{{ÓÈ…uw78§žv¹å·HÄêîØÂ"W˜sDØ’5Öu|ÕRÅè Â6ªK7l »Û¡7K¢Uå3ãÖ~Œvª9ŸÐyè¤ßê*¦K¡E]Øš=I±G±–Åê§d¸H šÀ;g4RÌ9É Ü_›okF+ñÔ]–é:Ž3ƒ…ƒÚP„ÛFc@ ÂÜbBà„²û9o¢Éu›hÒº½†îÒ®(Oq3æ± jn„†ùT:Óml­:¼ùR¢64 <¿n’9VC:Í/§ú&¦S˜†#ë¥ÆØ;"rÏëyBçøH*þ—_L:T5â‘h˜‡Ò‚$'tâ^søG Qòô¥Ô>Åãe>†›aä¯U#(mÛV©¿•îž$ ž 3•ï|ŒV¿+]éãŸØê©Q ßÑõ”HûðçNÖ;žò%#˜ªã|žÿçÿgÙp!–ášsÄ
+pŸF’=6ÅÛ!#ï—@rD,‚3ÏqýS=H>éç”E@EŠo6ÓµõoF—´É{ÆfS·þe¼…tUý‚ €½T3d:Ãs2tâÅ¥ù£—3'‘Ÿ¼þïœ5åºf‘Š Òžû8ž}a¥vàGaÒìš&öðÑŸóó§Tï7f`¸4œîŒDùñ5`+°@$1þš`zõwúŠ</ØŠbwÆ©=²4»*¿Ÿéð7Áãï] &ƒâFã—Ö¢«šºÕ._åÊ xô*hÃ0è=­®Û¿ Wµ*²4º³ ïù5¦1·AQ«qe NUÝÆpW¼ ïºíÃ
+j³
+g +šËœ—al>#wÐ}<Y™ª9N,
+Æ×øvœ±ü!–BEý
+  ývÖ²~*OO[ƒSÑšž"<&VÏç…%z-+—ÌU BLœöÙLŽ´¯€2ÉÎ:rê¢ëˆDÚ©¢‹|c`pƒ ÆjöÎßpBÏ™pf†²+ 0•øúœ~ÜšNf—B”Ͻ3%ŸØú‘6`q¸z|uéñì÷äŠ õ½;\ü­ã™äÏoŽuÙþ©[@mûäJ ¾ŒÖ›§ßõôyПݜ؟5ôŒäçä q·ãÆ€1cá
+I^Ò€d;¾‡ ñáÇéÈ qC(¼€˜‹ˆ‡œ=TI'’ÀÞ ‘8Û IN…wJÏb.1–·º‰M¨– ùpDü¨!,
+PœQV­•ªªˆVÒ÷ו …Bu„ïGMO[ãî.o!€å ‹}ºð oštÁt†–n~È"8ng¨Z¬¿£ëz12 جL›Î£„iuGèËk…¿,ß[× à§ káÃíθu üZ‡V”WSŠ-èÂKhÔ‡ªbpcìPõÁÍE]Ûg…„” (‰(VH9H#»yªYíäÅÄfg½ùÆ#§®QýÒ.:ÊÎYÖJC–‰™I±I,$„E©Ý÷Ò† þtò
+%^ÔÖ‹•AÖkaÍdG¨H¼`MWÅHâðkÂ1ñëXv¨€®|͹ )Ñ«-òð¥JÂŒí– /tvFGò_Ò¢|óøõ3Cxž™eàM”OÚƒnrsi2u_ð9âs„Ë;æqœœ*PC¹þ¾çõG÷o{$Ü\–@%á  9CÝSUC ¡XÜë¢8ŒäÇqbÿ_;óØ (
+ý=®êÛëë2\DåycxÈ¡,ä²@Ž¡z' ±aT‹ê~ñÓ—5ÅZüwÍ&!(ö(§ôªvXñZ0f O™<1µ(!ˆ’v5X¾—Å|ôqÿ*àée’‰+]ñG߆Ž_-fW¿®<5[’S‘1*u nœ7ï%Ë_X–Π.ÄD(ã‘ ¬À“Í~Í=}³‘|ÁiÃKð¥vK`vÚç%(ódX“ˆ‚jjF’ûdéei×=†UôH³i@¯¬n‡ñ€-Abñ;†¢{î䘦 ÏU_"’®ÎŽEâFò#ôk@ÕÀd㞸þ;»ŸUÁ„éhÝ/vó1/Ž+U±dê›â¸9!Í`/˜`QÒ¦‘“ä“'Øvååaph¡ ]¿ ­õiº˜=& ”œnÍUÉ=áÏ© ‰ȧ%tÔ·eŽi¬×•W ž~
+ƒkkºjñ;Náæ¸TÞI'¹³Ïëi«ý’t+¶îÿÕaV®0.@:›qL#²n|… ,t/Þ*.cL¢ÓV4+–~ÖÛ—bžÞ˜íð’-Ž&-Ö6ÇoÜiÞR´’¹u“œžèÖGTWž†sû!®Ö<î+`hàÖiá:?êgǵ#Çé2d3–gÓyž u'&_ß }Ù6õäjè†[Óy¹wƒ@lii%í¤-Á>¡xKäÔ×P[–§#wƒÚcÖ 6¤>’Fï“´ÄÃXBdÚú Ͻ¸ð‰
+…òW·5Ë€7ö`4 N¤ä‡¬m|*5»‚ù–­ÄךðK)î‡Â—äÔhx : ZÑ¿3øÜÊ«1x[³ÒC)°bãèÎñöïg¯m™6v*7–@›xÓÜŽ 电B¤‡ îSž×¹`%lì ¿1µüÀ”¤Òè›óˆ´lzñ¿ÙŒÎ¾ô‚øRÒÚ® èZf a?ÙcÎ:F}"´zKÍ®°hÿ'Ãï\ßRCÍœþDÑ—ÉV†‰?Ò)³1OrÕϼíù’6^䤨.šhíéê2"ß%ÀŒJÛ.üf!”¤µz…§¸J Dn.ɤSÅtXP ÛØëxi9é¡!]o/ÿ>w®4˜úny¸< c‡†)¦ˆQþõŠ ÅòåÓ¯gRLfyb½Ú©9K-Pq<e×uê(ãþDÙ9Ò\-Öù¬‰tÜäüøaB¬w]áɵ8,$J¤Û¾Õп¯ !XAJGÍÌA)ª“uRAØlκoÑ3á•FþnVN,ÙÓrtÈNyTAV ÉÒxµ¥˜1,®×¡  ˆÿŒÕ¡¥_¥úÞï"JÌ
+üÖÕ}­Ôhñ«<Ìû©…ª‹([–!Çø>}<ÓÑ1K×hW_ÏRxL‚Ñœ=fYá§Ðò´¾C “kØqýéGìÊô;šdN„ÄÓÿæ]2˪XÌ<AIÀÊ7óÖI¼c±x÷‰Q‡=Oî$¢Œµw'ž–w³K–ƒ`­ŸIùQê—âySj5ím=r¶œ³#_¶’$4ßÙ^k5ÕwÔȤW¨=΋8©!æ©|hu£U\ë¢9pQáT¬ñTß+’Ö«9u5q“"¦ÙÀNÌ
+ dyéS²Š‡¶…ÀÔÙýëJ”KÏ{¹P †R~X ÅlÔM®#Í© î"ë"§Qéú§á;×°Rlô}¾ý¼$ Gûêâ׉/^Fz¸¨ËH2Œ˜#ÚåŽ …ùA¦ÛœOl›ò¼@ß->*Œ¦ïÚ+™ßtoõRÅ™ŒTÌQJÕ¶ì6ɲr9R"})BG¢øÔˬÅ$2³1³Ølç-Ñ^è(¡ÅhÓ¡Œ[+Ù;ß3ü9D´8åME:‘®d!V` ~/«9Õ}Ÿ› ŠÖ×ø2¯_Û9LXñ¯e_àqž‹»¸ò÷Tú7éñõû·XȆ„S–¼!â ¦’8° TeðA^ ¼±BòIJj>êŠg¢¤¡ÙøµÿZîôì´ |7œ2aMû©0žuB`A0Il}¨2qGÇäïjéØ*O‰Ä oÂö®5xKJ—\z»“‘¾;iñ½Åg59(H=ç›zlð>QñC=µ–Œè/Ê]h•ìý½g½°g–'ì®Ë¡Ï«Rñ:ºïˆMúóRZÏUû"+è¹[Ö7-cqrç,/ÚÝ5«ë©¤¾
+£l×±©^‹Á6Š¹ü°ï.˧•¾§ê#°Ûþ¡ÿ‚# ¶•jGÇ£:–¢<"˜ÝsTò¦šâ|¤©$,P&ê)œ/ñŸ¡¢‘ÍÃŒ|šÐ@J÷: NwE¬·6$ò ŒjM$>pW¹Ñ£F“!ã|g´âà‘âz¤¿†6Ї¶ÐœFbº?uqÖ(KÔ?@˜ÍŠ-®šŒ?œpª¡/ÜqTæaéµç%båUÀ#®páWÍÒ”8Þh~fë噇Ãgr£p÷!öžPÕZ›Õ°b­Ûg áKQðÐjÞ…:ã5ÙïâL+Ö#„÷ÀŠÍœ+?"XnâTÓ½A’χòp´ºYs•ŸÆÒ-^Œu衘ØRõ‚>x6^êÙ¢W»ŸóìîÝêì}ˆý¯Û{õx¤CÅ;›¦k«¤}½FëûTi½qO ¦*zŸ_¦¯à=û7«‡Ÿ› ‚™üÃÕm•Ó|bñ+ó4ªEx3ÈFz¥U8~ÆW9{â:PÍvzðLp¡ª¶Bä`Rt;ÒíˆU$òÔ{\iFÇ3Q‚á—*@VUÀ’ ûÿbPÏ0´Ë@<̹Þ¦€îkó«HTbëÔú-‚Ï…h„ýÈ_ß±ÊìQ2G K-c›>©n¶³›ûlb£©‚Mý×›8`’±{p>eóßá©JŒYJèü›~uä[ÐG”åÇOTǤùÇ®Ö÷«Ç1å\`ɵÖïZ|¤$úÖ"ôܯ4ÇžAÏJóþ¬†”u©×çfäì „ÁÐWc »…~b­5È“d•ÁdÕ3+úò
+Ú%þt?þ•Û.“±‡»Âé8N©ÏT•d$ìý+Â@#IÁkè7‘K—h®äç‘òý“:fz£QôºZW{Žf—óœè/–×tíPy™“vfÝíùWϸi‰¥š‡ãÍí5Òí"?EîÜÃ"ÁMŽÎÇe#ø3ˆ¼as6ƒc Oaîç ¢NDêö«OPÑ8=Å
+ªèQ½usaø°Œ ]šç ƒ ,õoRðcã=Í’âÖ1Ì9†’!šâóï¸vÍú±V„˜sm)
+¨ T
+¦±8ÐÄ|ôˇóîH§ÀÇvyàùßQ{EÞ²ì+ÐtBØ/®_Ó"<âýeù1ñÀúÏŸ0•ˆoþíÕ¡”©È+T¡ÌÄwÄ^]{~$]…”öR{¸JóÚÛUJZC:êR»®D÷¿¡èÙó?ÛäÌnùOx8ºø_ =´‡²gÀ›¿ÀÇi—úþ€²Ðï9GD®J"Dÿ{8À±ê]à×^â°|†*²t,„¾®LAƒŒ,”ÕƒˆWxµž­QøúéÓ˜‘wð?þõ„ p¯ §q%\¶ÄÕ–ÑB4^xmú ÛIÚ7E-Z^{08šJj\„ L=ÝÉVZf|ÐPÐ=C‚¨¨
+Tà«·ó5‰Ÿ=`¾’½L4柪xà,ä«4 p(s«M(–:`G¤äÁÓHäMMZå#&æË<’®>_T×Wá¹ÂÛl‰ÄñX$+¼[;Ew'|e•™—šÁûGž)’á *¿$Áˆ¯kO»–v9°]ë _~'F\ÞZ†Rˆ\,›JæNo d˺O5VŠ‹nîe¯ötƒ–¹ã Kæ/[ıϵæ¨Â¢²FÁË-®Ot\k)e0§&~?eÕj[¦·7ÂNȵ°Ã ‡öeqŸ"eÁhþóH¸ßèú+îÙéÍ»}—å²Ï^¶cýzŸNIÏrø6LÆI:ú¾¡kOgºãº+idŽ©|(ê($èNÆ zëöèù™ »ö3®0}ÉñÊF¯\ß3~©ïº÷‡J·2C$ùŒ»¡><:ÃJòUÒgÖ[
+Î8B˜­7Ïß½f|"hªû›
+…šZlOå ÒvµžIœá‚y!S36ª69ÔzíìIÙ>ê"ÿÉ©¿æ,Ì\:ú•¥káýl3ŠèFøÂeÛøp«äÍyRb|*ÅŒdoƒÒX0æ
+¢*J ½úBÌÈâí¿YiŽˆÇäN¼õ…7DèÒõÊTÏÔ+~D=LD›ØáŠïò
+\€‚îC+§MYK %ŠT‰Ì³†õìªYžÈ  œË‚ÃZ®ÄC¤¦NE3ÚóJŽ@óÔaYµÃ¼€ß:ìô¶-})„e"vr8ŽSE[1¶EʯO¯®È t4„ß*VMëðF†oNéyͺ©P4·åõþ‡à½Øð*¨J\ÛΚֲë6CF ¼q&ˆB\³A×ÿGO@[œ,Äeñ«Ogñâýû+†g}(/»éÐT!!äžxÓ*´–cl²d£­ÚK\C}½ɪSãÌM1¶¡^: ¾ë™xxév²à|»ERJ9¨ƒ,:˜ƒ™íÕÜ9 M1²XBÞú&l£@mŠ?œ/§t mŠù<š@ÞNA*õ5¬kütLò‘G?c?üxÑ2—…þ†QáþÃ+X4-8¬ƒ´›1,©'}úMµÜ•wçojxê¯YÓÄ6ƒÂ¦Aê/ëæ)׌C"C1d´\ ³0Ñ…L$œèÒAº$ÞÜr†5<¹z½ ¡Îó*n“¡b2“]»z˜˜·àuOR»ë1¼-K7Ö™
+H: ¬£ÝÌÅ>´óó™UXg¸X˯¶Ñ®J!dµ‹‡ÍƒDR%9Í#²Fix384{'a­]EAíÖ
+ÖuŠ»çGù›ý;è~ôs‘ðîsýSÀ¹ò5•»‡9H3z‰ºl®…úÜË¿ X¢¾£á•ÙÞšÜt­¥µQúh*NÌ=>ÐÏg˜ñ;âœVÂ!WœãFÂB|œOþàÞ1øÑívm†m¤Bññ¢çI~/ ¡=åŽ.¾ÙÇ
+#‘nGvL‡F²ÂðÖêÛ‰·ÜÓ¼ô¡GŠ+®²DCL×dQë (d\õzºŒF£$Z÷c2ë(K§?Dü,{þ^-ÎáÂņ*OQÛ:*žì-ƒ˜ áÉ ¿H¶H6¨ :_Iä"±÷”• P“4õÅ)‰“…‘àCÁñæ_ó¶]ví(¦
+¸º # 7e B[†âUÚóžî¬jÕ=ýáÃr¶uœÝ^¢$C›ý‹R Ñœ8º˜GHH¡¹*0û'žtø¦7WëqO~ìÍgqÛÊðI½±Ó4¿&Ï*NÈ} Ûé÷Ûµ±rØ(›©×{Ë>Kš¥æž‰çÃ͉DÉ
+æ@š{fˆp§Ý|Ów\T˜¿Çl½‹,Ï5 ‰¦Ñžô·A»BU‡žîýdº C€Ä&­‰ Tå©U牺E—X³FN(”•Áþ‚èé[â´±Ÿ0ÓïÓGÁV7PN M4Û)ï® L{fÅïd¸ƒ: #{ܹo×UÉ"ÊŠ´ÙË;‰By\ØsJýϽ6¡ãÌ¿6p·ƒTÝѹ©‰ß–8Å4¥g·n¤O÷“ ±Ìt)w;»´,#SŒÇ’~Ûä8ùŽ‡ÚôÔ‘¹-´UÊœ©McfSà¼ÜnN_Q’K–`9þ…Ó;mß%P60çdXÕ}ù¢¾ùˆš ГؙšÜS¥@¶±ûO’øNåÕÈ»LÛÄ캥ÞçÏÐÀnø:“u9ßK¼<]ýC‰Xª7˜’®Lî5º"Åê^b0ä”Yƒ°¤Ü€Fê‘\¿îZ«ya½W¥¡nK£Û}®ÏLc–´˜÷Ÿð„/jÂ!‰÷“{tOêö¹ÀÝŠr䨂á  «l+~ yË?âp„Ÿdѧ¯®—IØÛ[\.†yO™ß÷þ©îV5ćÉ·gʘ0$:k]ŸÏ
+Ú_ùzŽz¤ ÿãoíjØdN¢ÌpÄËŠÙ}V{»1Åú$4÷W¨>·XžX)ħO¿A¥Î‡eH €_£§HRù”£ÈäâœWŒè8Sx +«b r´½45Ž¡å;ß6Bl_r=7õo²hÑë?=¨þÙÒlW_ûÄAí}ÒE˜c//ͯ*Ú§”Öï~W™áïÆ›#~+(²äXsU§,
+%ó–¡>2 €ÈšJvkƒ·”U·,9£æôåZ8|vz=M"¿kë57Ý@ïÝâPãýp,膳MAGtÝ$j¬mWí{x9”Ò*S%e\1âŽÒƬü>å"Ï÷ªQ¢²‹6ò‹1Y5Â5M=6;Â#Ú!×zï3qÈ‹âØøóZÁZ¸á$²Åc ÏC>«x ËÿŠQhh2
+3ÔGÔÀp¢m‰-§ÉK’>Í_ëMÒÄûá䘄#–xªyë%¶`7Y­šÚ6‹È/gôbxˆH‘¯Ò=Yž·uë7¼»~4ñÏÉ# «Ò KÝÜË#æד<Ò¿f:»}Ó¶…>f½ïÇy’‹RzD‡OJvº´›«YK™ٵŵÓ1¿òaïGá•fF âwëÅYi5ð‚hç¸ÿ<‰ ×<Ü)c¢FRÿ6½šAžüføgFíNa¶¼Áð¨!mxÃ7ïa9`¾6ZŸ7ÿóé±Úh¡A$xMË
+Ê?kwÉu/Ülí«þ¸¾~Øz.!ȵª¼eìžOrÊè¦ ~u4ëÅh¨éUEªkj´(W<?cB¬ÞΗâ;Ëp-V-ìF±ÂÞT‹ý
+ˆnU£
+Þ•…«-~X«Bi’7°ü'²xýzß‚A¨û;{ØÄ«ƒ´k¨<dùM©¦A›=Tx,!S[¯· ZÜ
+¾)Š£f&oN¢ˆ¾ˆW-ÏZH Lk-–Vú½øCÁ¾›Õ L˜`Ww²Å˜|ŸðäÓÚHSjE¹ZS8Ù)`„vx‚?Ò#…µâ×ÑÖýù6¬Œ $,TÝUoH¢ÉæYìú}çj¬O#]'N^S­’ÑÒMv²F²‰æ/ÎlÏ|¦›
+ÉŠŒ~è²ý+ÉÓXÑökè/j„Jɾ$‰¹
+Èé ¡HÑìn–y+°,žrËŸÃÕÿ¡æ D «¥ºñnæ]B°’97‘¡­õÄ2;mÞñŽgJ–kfØï–ë²vMQªTX— „¡'ÛIl¡Âw®†ª"KõŠ»× X|EE‹ Ò¶I¾zeËÈó ç(¿Õ|ÚZSÕóƧÂèÎáðÝl†6lkßá’îXDÎ6¹0«4qi°Qî´e¢óvU!m¬mž¥áÿÚ¶ºþ3áÕBô|eôØÐ8 Š‰Ï p©*i«z
+²æY%U3Z£</ÎÇ(%*%\2ßà¯K< ¶‘Øž™>¸¿~ÜšCÒø(ìhYélÇ9(|êíãyèÜâ5l3Ê©±qÙÊe‡úÔaó5°ôCÖ`ìÎÛØ-ú^˜—yiùß³Ÿ98+/=Ê“ŠÛ¯Øp¸f‡6wÉ5ë.jô»ÇE²zHŸÝ¾¯Ž(L¸1D5¬lSÛá¡ÇÔÇx
+ð•p@E­'‘C÷®¤¸3äÃ.#IÖä<\úÿÅ°ñï¯i¨>=8ƒQ
+ùÃýÐb‰œEãbÐñ‹Ù>æò°§­p{ qçf_FòèòOƒB^/ÿÉÒCÈUUÖÊÈh¯x){ÞXŠ]¸ˆê\ ¬ËZC“8¥ï*RJ=ê_õõ-áY´x =¿öçÞäÇ8f“Ù4Ã_!¹0'¯Ø˜Òœj]laEqn%÷>+,ßïÇãL˜}lŠ-ƒÊAI›€£|q é† ‚¼©D¶ÿ%Àÿÿ'3#'{[#'kÀÿ
endobj
-608 0 obj <<
+612 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 2
-/LastChar 151
-/Widths 1334 0 R
-/BaseFont /KULSME+URWPalladioL-Roma
-/FontDescriptor 606 0 R
+/LastChar 216
+/Widths 1339 0 R
+/BaseFont /DLEZXP+URWPalladioL-Roma
+/FontDescriptor 610 0 R
>> endobj
-606 0 obj <<
+610 0 obj <<
/Ascent 715
/CapHeight 680
/Descent -282
-/FontName /KULSME+URWPalladioL-Roma
+/FontName /DLEZXP+URWPalladioL-Roma
/ItalicAngle 0
/StemV 84
/XHeight 469
/FontBBox [-166 -283 1021 943]
/Flags 4
-/CharSet (/fi/fl/exclam/dollar/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/bracketright/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/circumflex/quotedblleft/quotedblright/emdash)
-/FontFile 607 0 R
+/CharSet (/fi/fl/exclam/dollar/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/bracketright/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/circumflex/quotedblleft/quotedblright/emdash/Oslash)
+/FontFile 611 0 R
>> endobj
-1334 0 obj
-[605 608 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 0 500 0 0 278 333 333 389 606 250 333 250 606 500 500 500 500 500 500 500 500 500 500 250 250 0 606 0 444 747 778 611 709 774 611 556 763 832 337 333 726 611 946 831 786 604 786 668 525 613 778 722 1000 667 667 667 333 0 333 0 0 278 500 553 444 611 479 333 556 582 291 234 556 291 883 582 546 601 560 395 424 326 603 565 834 516 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 500 500 0 0 1000 ]
+1339 0 obj
+[605 608 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 0 500 0 0 278 333 333 389 606 250 333 250 606 500 500 500 500 500 500 500 500 500 500 250 250 0 606 0 444 747 778 611 709 774 611 556 763 832 337 333 726 611 946 831 786 604 786 668 525 613 778 722 1000 667 667 667 333 0 333 0 0 278 500 553 444 611 479 333 556 582 291 234 556 291 883 582 546 601 560 395 424 326 603 565 834 516 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 500 500 0 0 1000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 833 ]
endobj
-604 0 obj <<
+608 0 obj <<
/Length1 1614
/Length2 23636
/Length3 532
@@ -6067,7 +6097,7 @@ endobj
/Filter /FlateDecode
>>
stream
-xÚ¬´ct¦[´%VìTŒ76ß bÛ¶mÛ¬ŠmÛ¶SqR±mÛÆWçܾ}{Üî_ýõgŒg/Ì5ךko2"y%:c;CQ;[g:&zFN€Š¢š¼µµ±…4 µ1௙–ŒLÈÑÄÀÙÂÎVØÀÙ„ fb 6103˜888`É
+xÚ¬´ct¦[´%VìTŒ76ß bÛ¶mÛ¬ŠmÛ¶SqR±mÛÆWçܾ}{Üî_ýõgŒg/Ì5ךko2"y%:c;CQ;[g:&zFN€Š¢š¼µµ±…4 µ1௙–ŒLÈÑÄÀÙÂÎVØÀÙ„ fb 6103˜888`É
:ÿ¦ÐüÈ­?š¼dOQ7ÿVK U ¸¹S=ýˆ»ü Ã^‹ Y¶>Grù‚£d„)Óâ~à|¿¥n¾`Ãc™·)áâ6‡.k¨A«!]Ýõ€=Úa
¦ë;”K–’+M̦ŽöæOloôRŒÃxcב›nÊ÷‰E·yöì¬ä2÷‹2O$2–bPoÑk#OóÐ)ä³%Õ°¹±y?‚E»@y¶žƒtù"ùë÷Q÷«}NC&ýjŸ/Ü3sÑ2?ávƒä­ë“ò
$>–S²²ðNùMZ,T±‰p_š·ïI­"h|\9¢3Á†¥ßNÑÎØ›õº
@@ -6162,948 +6192,956 @@ G½n=Ênz5Ù‹ðþÑÂpAëỂm[˜á£D‡ÍTñž7µ™i=ê?5T×?+Á¾¢èÞÍÏðÃú룈É?m
­\^Élxχ¾PÙ´[äS®ãEhsŽаÂÜ]5:zÕÐSSœUÌï^F€kv»¥’ ã{'˜áÿ¸´–1¼Mwô‡êýê'‡u-ËÅ1sÜQ& ö¦X£…#!z×è‡_QËsŠÑ•ÜÕ_‚ÜS8^íÞÙLóŪUµwg$T´8ý™Gÿ¥`ïç4ß$.¢ŽüpdÞé5¸á-pÏÎH¦å’àRm…ìÝÒ€”S±
Ô¢æ–[¶Ø„K'ÓÉåv;ôs'ˆdž“¯¯uè÷–WhU/RŽ¨ËöÓ¯%ØãkûŸ-ò„Ï
däœ|UNò©‡Ñùƒ,Ÿj˶ÙײèËæ‚, Lyªpò9\ åk„9ð/U ow âB+Dž^ÇC…óíò–ý•H½‰½ÍYáˆR]SžÈt¦¢z—Ðݶ”ö¸2¤õ·´ä¦ƒ¡áÉÜ’ë
-‹@jv!Ò³Á“ì[È.8°î§*[®yåZøóA’3®ž ® 0þ—mÅ2›¯Íµ7k_°±­¯çÿg¨ÿü¯
+‹@jv!Ò³Á“ì[È.8°î§*[®yåZøóA’3®ž ® 0þ—mÅ2›¯Íµ7k_°±­¯çÿg¨ÿü¯
endobj
-605 0 obj <<
+609 0 obj <<
/Type /Font
/Subtype /Type1
-/Encoding 1320 0 R
+/Encoding 1325 0 R
/FirstChar 2
/LastChar 151
-/Widths 1335 0 R
-/BaseFont /NNVQTK+URWPalladioL-Bold
-/FontDescriptor 603 0 R
+/Widths 1340 0 R
+/BaseFont /EGARIM+URWPalladioL-Bold
+/FontDescriptor 607 0 R
>> endobj
-603 0 obj <<
+607 0 obj <<
/Ascent 708
/CapHeight 672
/Descent -266
-/FontName /NNVQTK+URWPalladioL-Bold
+/FontName /EGARIM+URWPalladioL-Bold
/ItalicAngle 0
/StemV 123
/XHeight 471
/FontBBox [-152 -301 1000 935]
/Flags 4
/CharSet (/fi/exclam/dollar/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/equal/question/at/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/W/X/Y/Z/bracketleft/bracketright/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/emdash)
-/FontFile 604 0 R
+/FontFile 608 0 R
>> endobj
-1335 0 obj
+1340 0 obj
[611 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 0 0 500 0 0 278 333 333 444 606 250 333 250 296 500 500 500 500 500 500 500 500 500 500 250 250 0 606 0 444 747 778 667 722 833 611 556 833 833 389 0 778 611 1000 833 833 611 833 722 611 667 778 0 1000 667 667 667 333 0 333 0 0 0 500 611 444 611 500 389 556 611 333 333 611 333 889 611 556 611 611 389 444 333 611 556 833 500 556 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1000 ]
endobj
-609 0 obj <<
+613 0 obj <<
/Type /Pages
/Count 6
-/Parent 1336 0 R
-/Kids [598 0 R 611 0 R 618 0 R 637 0 R 654 0 R 665 0 R]
+/Parent 1341 0 R
+/Kids [602 0 R 615 0 R 622 0 R 641 0 R 658 0 R 669 0 R]
>> endobj
-680 0 obj <<
+684 0 obj <<
/Type /Pages
/Count 6
-/Parent 1336 0 R
-/Kids [672 0 R 682 0 R 687 0 R 695 0 R 705 0 R 718 0 R]
+/Parent 1341 0 R
+/Kids [676 0 R 686 0 R 691 0 R 699 0 R 709 0 R 722 0 R]
>> endobj
-730 0 obj <<
+734 0 obj <<
/Type /Pages
/Count 6
-/Parent 1336 0 R
-/Kids [726 0 R 733 0 R 740 0 R 747 0 R 756 0 R 761 0 R]
+/Parent 1341 0 R
+/Kids [730 0 R 737 0 R 744 0 R 751 0 R 761 0 R 766 0 R]
>> endobj
-774 0 obj <<
+779 0 obj <<
/Type /Pages
/Count 6
-/Parent 1336 0 R
-/Kids [765 0 R 776 0 R 786 0 R 793 0 R 800 0 R 813 0 R]
+/Parent 1341 0 R
+/Kids [770 0 R 781 0 R 791 0 R 798 0 R 805 0 R 818 0 R]
>> endobj
-823 0 obj <<
+828 0 obj <<
/Type /Pages
/Count 6
-/Parent 1336 0 R
-/Kids [818 0 R 825 0 R 829 0 R 839 0 R 845 0 R 853 0 R]
+/Parent 1341 0 R
+/Kids [823 0 R 830 0 R 834 0 R 844 0 R 850 0 R 858 0 R]
>> endobj
-873 0 obj <<
+878 0 obj <<
/Type /Pages
/Count 6
-/Parent 1336 0 R
-/Kids [865 0 R 876 0 R 887 0 R 893 0 R 897 0 R 903 0 R]
+/Parent 1341 0 R
+/Kids [870 0 R 881 0 R 892 0 R 898 0 R 902 0 R 908 0 R]
>> endobj
-916 0 obj <<
+921 0 obj <<
/Type /Pages
/Count 6
-/Parent 1337 0 R
-/Kids [910 0 R 918 0 R 923 0 R 931 0 R 937 0 R 942 0 R]
+/Parent 1342 0 R
+/Kids [915 0 R 923 0 R 928 0 R 936 0 R 942 0 R 947 0 R]
>> endobj
-960 0 obj <<
+965 0 obj <<
/Type /Pages
/Count 6
-/Parent 1337 0 R
-/Kids [952 0 R 964 0 R 973 0 R 977 0 R 982 0 R 989 0 R]
+/Parent 1342 0 R
+/Kids [957 0 R 969 0 R 978 0 R 982 0 R 987 0 R 994 0 R]
>> endobj
-1001 0 obj <<
+1006 0 obj <<
/Type /Pages
/Count 6
-/Parent 1337 0 R
-/Kids [996 0 R 1003 0 R 1009 0 R 1015 0 R 1022 0 R 1029 0 R]
+/Parent 1342 0 R
+/Kids [1001 0 R 1008 0 R 1014 0 R 1020 0 R 1027 0 R 1034 0 R]
>> endobj
-1038 0 obj <<
+1043 0 obj <<
/Type /Pages
/Count 6
-/Parent 1337 0 R
-/Kids [1035 0 R 1040 0 R 1044 0 R 1052 0 R 1064 0 R 1074 0 R]
+/Parent 1342 0 R
+/Kids [1040 0 R 1045 0 R 1049 0 R 1057 0 R 1069 0 R 1079 0 R]
>> endobj
-1097 0 obj <<
+1102 0 obj <<
/Type /Pages
/Count 6
-/Parent 1337 0 R
-/Kids [1086 0 R 1099 0 R 1109 0 R 1119 0 R 1131 0 R 1142 0 R]
+/Parent 1342 0 R
+/Kids [1091 0 R 1104 0 R 1114 0 R 1124 0 R 1136 0 R 1147 0 R]
>> endobj
-1156 0 obj <<
+1161 0 obj <<
/Type /Pages
/Count 6
-/Parent 1337 0 R
-/Kids [1149 0 R 1158 0 R 1168 0 R 1179 0 R 1183 0 R 1190 0 R]
+/Parent 1342 0 R
+/Kids [1154 0 R 1163 0 R 1173 0 R 1184 0 R 1188 0 R 1195 0 R]
>> endobj
-1231 0 obj <<
+1227 0 obj <<
/Type /Pages
/Count 3
-/Parent 1338 0 R
-/Kids [1204 0 R 1233 0 R 1291 0 R]
+/Parent 1343 0 R
+/Kids [1207 0 R 1229 0 R 1286 0 R]
>> endobj
-1336 0 obj <<
+1341 0 obj <<
/Type /Pages
/Count 36
-/Parent 1339 0 R
-/Kids [609 0 R 680 0 R 730 0 R 774 0 R 823 0 R 873 0 R]
+/Parent 1344 0 R
+/Kids [613 0 R 684 0 R 734 0 R 779 0 R 828 0 R 878 0 R]
>> endobj
-1337 0 obj <<
+1342 0 obj <<
/Type /Pages
/Count 36
-/Parent 1339 0 R
-/Kids [916 0 R 960 0 R 1001 0 R 1038 0 R 1097 0 R 1156 0 R]
+/Parent 1344 0 R
+/Kids [921 0 R 965 0 R 1006 0 R 1043 0 R 1102 0 R 1161 0 R]
>> endobj
-1338 0 obj <<
+1343 0 obj <<
/Type /Pages
/Count 3
-/Parent 1339 0 R
-/Kids [1231 0 R]
+/Parent 1344 0 R
+/Kids [1227 0 R]
>> endobj
-1339 0 obj <<
+1344 0 obj <<
/Type /Pages
/Count 75
-/Kids [1336 0 R 1337 0 R 1338 0 R]
+/Kids [1341 0 R 1342 0 R 1343 0 R]
>> endobj
-1340 0 obj <<
+1345 0 obj <<
/Type /Outlines
/First 7 0 R
-/Last 547 0 R
+/Last 551 0 R
/Count 9
>> endobj
+599 0 obj <<
+/Title 600 0 R
+/A 597 0 R
+/Parent 587 0 R
+/Prev 595 0 R
+>> endobj
595 0 obj <<
/Title 596 0 R
/A 593 0 R
-/Parent 583 0 R
+/Parent 587 0 R
/Prev 591 0 R
+/Next 599 0 R
>> endobj
591 0 obj <<
/Title 592 0 R
/A 589 0 R
-/Parent 583 0 R
-/Prev 587 0 R
+/Parent 587 0 R
/Next 595 0 R
>> endobj
587 0 obj <<
/Title 588 0 R
/A 585 0 R
-/Parent 583 0 R
-/Next 591 0 R
+/Parent 551 0 R
+/Prev 579 0 R
+/First 591 0 R
+/Last 599 0 R
+/Count -3
>> endobj
583 0 obj <<
/Title 584 0 R
/A 581 0 R
-/Parent 547 0 R
-/Prev 575 0 R
-/First 587 0 R
-/Last 595 0 R
-/Count -3
+/Parent 579 0 R
>> endobj
579 0 obj <<
/Title 580 0 R
/A 577 0 R
-/Parent 575 0 R
+/Parent 551 0 R
+/Prev 563 0 R
+/Next 587 0 R
+/First 583 0 R
+/Last 583 0 R
+/Count -1
>> endobj
575 0 obj <<
/Title 576 0 R
/A 573 0 R
-/Parent 547 0 R
-/Prev 559 0 R
-/Next 583 0 R
-/First 579 0 R
-/Last 579 0 R
-/Count -1
+/Parent 567 0 R
+/Prev 571 0 R
>> endobj
571 0 obj <<
/Title 572 0 R
/A 569 0 R
-/Parent 563 0 R
-/Prev 567 0 R
+/Parent 567 0 R
+/Next 575 0 R
>> endobj
567 0 obj <<
/Title 568 0 R
/A 565 0 R
/Parent 563 0 R
-/Next 571 0 R
+/First 571 0 R
+/Last 575 0 R
+/Count -2
>> endobj
563 0 obj <<
/Title 564 0 R
/A 561 0 R
-/Parent 559 0 R
+/Parent 551 0 R
+/Prev 555 0 R
+/Next 579 0 R
/First 567 0 R
-/Last 571 0 R
-/Count -2
+/Last 567 0 R
+/Count -1
>> endobj
559 0 obj <<
/Title 560 0 R
/A 557 0 R
-/Parent 547 0 R
-/Prev 551 0 R
-/Next 575 0 R
-/First 563 0 R
-/Last 563 0 R
-/Count -1
+/Parent 555 0 R
>> endobj
555 0 obj <<
/Title 556 0 R
/A 553 0 R
/Parent 551 0 R
+/Next 563 0 R
+/First 559 0 R
+/Last 559 0 R
+/Count -1
>> endobj
551 0 obj <<
/Title 552 0 R
/A 549 0 R
-/Parent 547 0 R
-/Next 559 0 R
+/Parent 1345 0 R
+/Prev 531 0 R
/First 555 0 R
-/Last 555 0 R
-/Count -1
+/Last 587 0 R
+/Count -4
>> endobj
547 0 obj <<
/Title 548 0 R
/A 545 0 R
-/Parent 1340 0 R
-/Prev 527 0 R
-/First 551 0 R
-/Last 583 0 R
-/Count -4
+/Parent 531 0 R
+/Prev 543 0 R
>> endobj
543 0 obj <<
/Title 544 0 R
/A 541 0 R
-/Parent 527 0 R
-/Prev 539 0 R
+/Parent 531 0 R
+/Prev 535 0 R
+/Next 547 0 R
>> endobj
539 0 obj <<
/Title 540 0 R
/A 537 0 R
-/Parent 527 0 R
-/Prev 531 0 R
-/Next 543 0 R
+/Parent 535 0 R
>> endobj
535 0 obj <<
/Title 536 0 R
/A 533 0 R
/Parent 531 0 R
+/Next 543 0 R
+/First 539 0 R
+/Last 539 0 R
+/Count -1
>> endobj
531 0 obj <<
/Title 532 0 R
/A 529 0 R
-/Parent 527 0 R
-/Next 539 0 R
+/Parent 1345 0 R
+/Prev 507 0 R
+/Next 551 0 R
/First 535 0 R
-/Last 535 0 R
-/Count -1
+/Last 547 0 R
+/Count -3
>> endobj
527 0 obj <<
/Title 528 0 R
/A 525 0 R
-/Parent 1340 0 R
-/Prev 503 0 R
-/Next 547 0 R
-/First 531 0 R
-/Last 543 0 R
-/Count -3
+/Parent 507 0 R
+/Prev 515 0 R
>> endobj
523 0 obj <<
/Title 524 0 R
/A 521 0 R
-/Parent 503 0 R
-/Prev 511 0 R
+/Parent 515 0 R
+/Prev 519 0 R
>> endobj
519 0 obj <<
/Title 520 0 R
/A 517 0 R
-/Parent 511 0 R
-/Prev 515 0 R
+/Parent 515 0 R
+/Next 523 0 R
>> endobj
515 0 obj <<
/Title 516 0 R
/A 513 0 R
-/Parent 511 0 R
-/Next 519 0 R
+/Parent 507 0 R
+/Prev 511 0 R
+/Next 527 0 R
+/First 519 0 R
+/Last 523 0 R
+/Count -2
>> endobj
511 0 obj <<
/Title 512 0 R
/A 509 0 R
-/Parent 503 0 R
-/Prev 507 0 R
-/Next 523 0 R
-/First 515 0 R
-/Last 519 0 R
-/Count -2
+/Parent 507 0 R
+/Next 515 0 R
>> endobj
507 0 obj <<
/Title 508 0 R
/A 505 0 R
-/Parent 503 0 R
-/Next 511 0 R
+/Parent 1345 0 R
+/Prev 251 0 R
+/Next 531 0 R
+/First 511 0 R
+/Last 527 0 R
+/Count -3
>> endobj
503 0 obj <<
/Title 504 0 R
/A 501 0 R
-/Parent 1340 0 R
-/Prev 247 0 R
-/Next 527 0 R
-/First 507 0 R
-/Last 523 0 R
-/Count -3
+/Parent 459 0 R
+/Prev 487 0 R
>> endobj
499 0 obj <<
/Title 500 0 R
/A 497 0 R
-/Parent 455 0 R
-/Prev 483 0 R
+/Parent 487 0 R
+/Prev 495 0 R
>> endobj
495 0 obj <<
/Title 496 0 R
/A 493 0 R
-/Parent 483 0 R
+/Parent 487 0 R
/Prev 491 0 R
+/Next 499 0 R
>> endobj
491 0 obj <<
/Title 492 0 R
/A 489 0 R
-/Parent 483 0 R
-/Prev 487 0 R
+/Parent 487 0 R
/Next 495 0 R
>> endobj
487 0 obj <<
/Title 488 0 R
/A 485 0 R
-/Parent 483 0 R
-/Next 491 0 R
+/Parent 459 0 R
+/Prev 483 0 R
+/Next 503 0 R
+/First 491 0 R
+/Last 499 0 R
+/Count -3
>> endobj
483 0 obj <<
/Title 484 0 R
/A 481 0 R
-/Parent 455 0 R
+/Parent 459 0 R
/Prev 479 0 R
-/Next 499 0 R
-/First 487 0 R
-/Last 495 0 R
-/Count -3
+/Next 487 0 R
>> endobj
479 0 obj <<
/Title 480 0 R
/A 477 0 R
-/Parent 455 0 R
+/Parent 459 0 R
/Prev 475 0 R
/Next 483 0 R
>> endobj
475 0 obj <<
/Title 476 0 R
/A 473 0 R
-/Parent 455 0 R
-/Prev 471 0 R
+/Parent 459 0 R
+/Prev 463 0 R
/Next 479 0 R
>> endobj
471 0 obj <<
/Title 472 0 R
/A 469 0 R
-/Parent 455 0 R
-/Prev 459 0 R
-/Next 475 0 R
+/Parent 463 0 R
+/Prev 467 0 R
>> endobj
467 0 obj <<
/Title 468 0 R
/A 465 0 R
-/Parent 459 0 R
-/Prev 463 0 R
+/Parent 463 0 R
+/Next 471 0 R
>> endobj
463 0 obj <<
/Title 464 0 R
/A 461 0 R
/Parent 459 0 R
-/Next 467 0 R
+/Next 475 0 R
+/First 467 0 R
+/Last 471 0 R
+/Count -2
>> endobj
459 0 obj <<
/Title 460 0 R
/A 457 0 R
-/Parent 455 0 R
-/Next 471 0 R
+/Parent 251 0 R
+/Prev 283 0 R
/First 463 0 R
-/Last 467 0 R
-/Count -2
+/Last 503 0 R
+/Count -6
>> endobj
455 0 obj <<
/Title 456 0 R
/A 453 0 R
-/Parent 247 0 R
-/Prev 279 0 R
-/First 459 0 R
-/Last 499 0 R
-/Count -6
+/Parent 439 0 R
+/Prev 451 0 R
>> endobj
451 0 obj <<
/Title 452 0 R
/A 449 0 R
-/Parent 435 0 R
+/Parent 439 0 R
/Prev 447 0 R
+/Next 455 0 R
>> endobj
447 0 obj <<
/Title 448 0 R
/A 445 0 R
-/Parent 435 0 R
+/Parent 439 0 R
/Prev 443 0 R
/Next 451 0 R
>> endobj
443 0 obj <<
/Title 444 0 R
/A 441 0 R
-/Parent 435 0 R
-/Prev 439 0 R
+/Parent 439 0 R
/Next 447 0 R
>> endobj
439 0 obj <<
/Title 440 0 R
/A 437 0 R
-/Parent 435 0 R
-/Next 443 0 R
+/Parent 283 0 R
+/Prev 435 0 R
+/First 443 0 R
+/Last 455 0 R
+/Count -4
>> endobj
435 0 obj <<
/Title 436 0 R
/A 433 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 431 0 R
-/First 439 0 R
-/Last 451 0 R
-/Count -4
+/Next 439 0 R
>> endobj
431 0 obj <<
/Title 432 0 R
/A 429 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 427 0 R
/Next 435 0 R
>> endobj
427 0 obj <<
/Title 428 0 R
/A 425 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 423 0 R
/Next 431 0 R
>> endobj
423 0 obj <<
/Title 424 0 R
/A 421 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 419 0 R
/Next 427 0 R
>> endobj
419 0 obj <<
/Title 420 0 R
/A 417 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 415 0 R
/Next 423 0 R
>> endobj
415 0 obj <<
/Title 416 0 R
/A 413 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 411 0 R
/Next 419 0 R
>> endobj
411 0 obj <<
/Title 412 0 R
/A 409 0 R
-/Parent 279 0 R
-/Prev 407 0 R
+/Parent 283 0 R
+/Prev 347 0 R
/Next 415 0 R
>> endobj
407 0 obj <<
/Title 408 0 R
/A 405 0 R
-/Parent 279 0 R
-/Prev 343 0 R
-/Next 411 0 R
+/Parent 347 0 R
+/Prev 403 0 R
>> endobj
403 0 obj <<
/Title 404 0 R
/A 401 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 399 0 R
+/Next 407 0 R
>> endobj
399 0 obj <<
/Title 400 0 R
/A 397 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 395 0 R
/Next 403 0 R
>> endobj
395 0 obj <<
/Title 396 0 R
/A 393 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 391 0 R
/Next 399 0 R
>> endobj
391 0 obj <<
/Title 392 0 R
/A 389 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 387 0 R
/Next 395 0 R
>> endobj
387 0 obj <<
/Title 388 0 R
/A 385 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 383 0 R
/Next 391 0 R
>> endobj
383 0 obj <<
/Title 384 0 R
/A 381 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 379 0 R
/Next 387 0 R
>> endobj
379 0 obj <<
/Title 380 0 R
/A 377 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 375 0 R
/Next 383 0 R
>> endobj
375 0 obj <<
/Title 376 0 R
/A 373 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 371 0 R
/Next 379 0 R
>> endobj
371 0 obj <<
/Title 372 0 R
/A 369 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 367 0 R
/Next 375 0 R
>> endobj
367 0 obj <<
/Title 368 0 R
/A 365 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 363 0 R
/Next 371 0 R
>> endobj
363 0 obj <<
/Title 364 0 R
/A 361 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 359 0 R
/Next 367 0 R
>> endobj
359 0 obj <<
/Title 360 0 R
/A 357 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 355 0 R
/Next 363 0 R
>> endobj
355 0 obj <<
/Title 356 0 R
/A 353 0 R
-/Parent 343 0 R
+/Parent 347 0 R
/Prev 351 0 R
/Next 359 0 R
>> endobj
351 0 obj <<
/Title 352 0 R
/A 349 0 R
-/Parent 343 0 R
-/Prev 347 0 R
+/Parent 347 0 R
/Next 355 0 R
>> endobj
347 0 obj <<
/Title 348 0 R
/A 345 0 R
-/Parent 343 0 R
-/Next 351 0 R
+/Parent 283 0 R
+/Prev 343 0 R
+/Next 411 0 R
+/First 351 0 R
+/Last 407 0 R
+/Count -15
>> endobj
343 0 obj <<
/Title 344 0 R
/A 341 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 339 0 R
-/Next 407 0 R
-/First 347 0 R
-/Last 403 0 R
-/Count -15
+/Next 347 0 R
>> endobj
339 0 obj <<
/Title 340 0 R
/A 337 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 335 0 R
/Next 343 0 R
>> endobj
335 0 obj <<
/Title 336 0 R
/A 333 0 R
-/Parent 279 0 R
-/Prev 331 0 R
+/Parent 283 0 R
+/Prev 323 0 R
/Next 339 0 R
>> endobj
331 0 obj <<
/Title 332 0 R
/A 329 0 R
-/Parent 279 0 R
-/Prev 319 0 R
-/Next 335 0 R
+/Parent 323 0 R
+/Prev 327 0 R
>> endobj
327 0 obj <<
/Title 328 0 R
/A 325 0 R
-/Parent 319 0 R
-/Prev 323 0 R
+/Parent 323 0 R
+/Next 331 0 R
>> endobj
323 0 obj <<
/Title 324 0 R
/A 321 0 R
-/Parent 319 0 R
-/Next 327 0 R
+/Parent 283 0 R
+/Prev 319 0 R
+/Next 335 0 R
+/First 327 0 R
+/Last 331 0 R
+/Count -2
>> endobj
319 0 obj <<
/Title 320 0 R
/A 317 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 315 0 R
-/Next 331 0 R
-/First 323 0 R
-/Last 327 0 R
-/Count -2
+/Next 323 0 R
>> endobj
315 0 obj <<
/Title 316 0 R
/A 313 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 311 0 R
/Next 319 0 R
>> endobj
311 0 obj <<
/Title 312 0 R
/A 309 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 307 0 R
/Next 315 0 R
>> endobj
307 0 obj <<
/Title 308 0 R
/A 305 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 303 0 R
/Next 311 0 R
>> endobj
303 0 obj <<
/Title 304 0 R
/A 301 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 299 0 R
/Next 307 0 R
>> endobj
299 0 obj <<
/Title 300 0 R
/A 297 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 295 0 R
/Next 303 0 R
>> endobj
295 0 obj <<
/Title 296 0 R
/A 293 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 291 0 R
/Next 299 0 R
>> endobj
291 0 obj <<
/Title 292 0 R
/A 289 0 R
-/Parent 279 0 R
+/Parent 283 0 R
/Prev 287 0 R
/Next 295 0 R
>> endobj
287 0 obj <<
/Title 288 0 R
/A 285 0 R
-/Parent 279 0 R
-/Prev 283 0 R
+/Parent 283 0 R
/Next 291 0 R
>> endobj
283 0 obj <<
/Title 284 0 R
/A 281 0 R
-/Parent 279 0 R
-/Next 287 0 R
+/Parent 251 0 R
+/Prev 255 0 R
+/Next 459 0 R
+/First 287 0 R
+/Last 439 0 R
+/Count -22
>> endobj
279 0 obj <<
/Title 280 0 R
/A 277 0 R
-/Parent 247 0 R
-/Prev 251 0 R
-/Next 455 0 R
-/First 283 0 R
-/Last 435 0 R
-/Count -22
+/Parent 271 0 R
+/Prev 275 0 R
>> endobj
275 0 obj <<
/Title 276 0 R
/A 273 0 R
-/Parent 267 0 R
-/Prev 271 0 R
+/Parent 271 0 R
+/Next 279 0 R
>> endobj
271 0 obj <<
/Title 272 0 R
/A 269 0 R
-/Parent 267 0 R
-/Next 275 0 R
+/Parent 255 0 R
+/Prev 259 0 R
+/First 275 0 R
+/Last 279 0 R
+/Count -2
>> endobj
267 0 obj <<
/Title 268 0 R
/A 265 0 R
-/Parent 251 0 R
-/Prev 255 0 R
-/First 271 0 R
-/Last 275 0 R
-/Count -2
+/Parent 259 0 R
+/Prev 263 0 R
>> endobj
263 0 obj <<
/Title 264 0 R
/A 261 0 R
-/Parent 255 0 R
-/Prev 259 0 R
+/Parent 259 0 R
+/Next 267 0 R
>> endobj
259 0 obj <<
/Title 260 0 R
/A 257 0 R
/Parent 255 0 R
-/Next 263 0 R
+/Next 271 0 R
+/First 263 0 R
+/Last 267 0 R
+/Count -2
>> endobj
255 0 obj <<
/Title 256 0 R
/A 253 0 R
/Parent 251 0 R
-/Next 267 0 R
+/Next 283 0 R
/First 259 0 R
-/Last 263 0 R
+/Last 271 0 R
/Count -2
>> endobj
251 0 obj <<
/Title 252 0 R
/A 249 0 R
-/Parent 247 0 R
-/Next 279 0 R
+/Parent 1345 0 R
+/Prev 239 0 R
+/Next 507 0 R
/First 255 0 R
-/Last 267 0 R
-/Count -2
+/Last 459 0 R
+/Count -3
>> endobj
247 0 obj <<
/Title 248 0 R
/A 245 0 R
-/Parent 1340 0 R
-/Prev 235 0 R
-/Next 503 0 R
-/First 251 0 R
-/Last 455 0 R
-/Count -3
+/Parent 239 0 R
+/Prev 243 0 R
>> endobj
243 0 obj <<
/Title 244 0 R
/A 241 0 R
-/Parent 235 0 R
-/Prev 239 0 R
+/Parent 239 0 R
+/Next 247 0 R
>> endobj
239 0 obj <<
/Title 240 0 R
/A 237 0 R
-/Parent 235 0 R
-/Next 243 0 R
+/Parent 1345 0 R
+/Prev 135 0 R
+/Next 251 0 R
+/First 243 0 R
+/Last 247 0 R
+/Count -2
>> endobj
235 0 obj <<
/Title 236 0 R
/A 233 0 R
-/Parent 1340 0 R
-/Prev 135 0 R
-/Next 247 0 R
-/First 239 0 R
-/Last 243 0 R
-/Count -2
+/Parent 227 0 R
+/Prev 231 0 R
>> endobj
231 0 obj <<
/Title 232 0 R
/A 229 0 R
-/Parent 223 0 R
-/Prev 227 0 R
+/Parent 227 0 R
+/Next 235 0 R
>> endobj
227 0 obj <<
/Title 228 0 R
/A 225 0 R
-/Parent 223 0 R
-/Next 231 0 R
+/Parent 135 0 R
+/Prev 203 0 R
+/First 231 0 R
+/Last 235 0 R
+/Count -2
>> endobj
223 0 obj <<
/Title 224 0 R
/A 221 0 R
-/Parent 135 0 R
-/Prev 199 0 R
-/First 227 0 R
-/Last 231 0 R
-/Count -2
+/Parent 203 0 R
+/Prev 219 0 R
>> endobj
219 0 obj <<
/Title 220 0 R
/A 217 0 R
-/Parent 199 0 R
+/Parent 203 0 R
/Prev 215 0 R
+/Next 223 0 R
>> endobj
215 0 obj <<
/Title 216 0 R
/A 213 0 R
-/Parent 199 0 R
+/Parent 203 0 R
/Prev 211 0 R
/Next 219 0 R
>> endobj
211 0 obj <<
/Title 212 0 R
/A 209 0 R
-/Parent 199 0 R
+/Parent 203 0 R
/Prev 207 0 R
/Next 215 0 R
>> endobj
207 0 obj <<
/Title 208 0 R
/A 205 0 R
-/Parent 199 0 R
-/Prev 203 0 R
+/Parent 203 0 R
/Next 211 0 R
>> endobj
203 0 obj <<
/Title 204 0 R
/A 201 0 R
-/Parent 199 0 R
-/Next 207 0 R
+/Parent 135 0 R
+/Prev 199 0 R
+/Next 227 0 R
+/First 207 0 R
+/Last 223 0 R
+/Count -5
>> endobj
199 0 obj <<
/Title 200 0 R
/A 197 0 R
/Parent 135 0 R
/Prev 195 0 R
-/Next 223 0 R
-/First 203 0 R
-/Last 219 0 R
-/Count -5
+/Next 203 0 R
>> endobj
195 0 obj <<
/Title 196 0 R
/A 193 0 R
/Parent 135 0 R
-/Prev 191 0 R
+/Prev 159 0 R
/Next 199 0 R
>> endobj
191 0 obj <<
/Title 192 0 R
/A 189 0 R
-/Parent 135 0 R
-/Prev 155 0 R
-/Next 195 0 R
+/Parent 159 0 R
+/Prev 187 0 R
>> endobj
187 0 obj <<
/Title 188 0 R
/A 185 0 R
-/Parent 155 0 R
+/Parent 159 0 R
/Prev 183 0 R
+/Next 191 0 R
>> endobj
183 0 obj <<
/Title 184 0 R
/A 181 0 R
-/Parent 155 0 R
+/Parent 159 0 R
/Prev 179 0 R
/Next 187 0 R
>> endobj
179 0 obj <<
/Title 180 0 R
/A 177 0 R
-/Parent 155 0 R
+/Parent 159 0 R
/Prev 175 0 R
/Next 183 0 R
>> endobj
175 0 obj <<
/Title 176 0 R
/A 173 0 R
-/Parent 155 0 R
-/Prev 171 0 R
+/Parent 159 0 R
+/Prev 163 0 R
/Next 179 0 R
>> endobj
171 0 obj <<
/Title 172 0 R
/A 169 0 R
-/Parent 155 0 R
-/Prev 159 0 R
-/Next 175 0 R
+/Parent 163 0 R
+/Prev 167 0 R
>> endobj
167 0 obj <<
/Title 168 0 R
/A 165 0 R
-/Parent 159 0 R
-/Prev 163 0 R
+/Parent 163 0 R
+/Next 171 0 R
>> endobj
163 0 obj <<
/Title 164 0 R
/A 161 0 R
/Parent 159 0 R
-/Next 167 0 R
+/Next 175 0 R
+/First 167 0 R
+/Last 171 0 R
+/Count -2
>> endobj
159 0 obj <<
/Title 160 0 R
/A 157 0 R
-/Parent 155 0 R
-/Next 171 0 R
+/Parent 135 0 R
+/Prev 151 0 R
+/Next 195 0 R
/First 163 0 R
-/Last 167 0 R
-/Count -2
+/Last 191 0 R
+/Count -6
>> endobj
155 0 obj <<
/Title 156 0 R
/A 153 0 R
-/Parent 135 0 R
-/Prev 151 0 R
-/Next 191 0 R
-/First 159 0 R
-/Last 187 0 R
-/Count -6
+/Parent 151 0 R
>> endobj
151 0 obj <<
/Title 152 0 R
/A 149 0 R
/Parent 135 0 R
/Prev 147 0 R
-/Next 155 0 R
+/Next 159 0 R
+/First 155 0 R
+/Last 155 0 R
+/Count -1
>> endobj
147 0 obj <<
/Title 148 0 R
@@ -7129,11 +7167,11 @@ endobj
135 0 obj <<
/Title 136 0 R
/A 133 0 R
-/Parent 1340 0 R
+/Parent 1345 0 R
/Prev 91 0 R
-/Next 235 0 R
+/Next 239 0 R
/First 139 0 R
-/Last 223 0 R
+/Last 227 0 R
/Count -8
>> endobj
131 0 obj <<
@@ -7210,7 +7248,7 @@ endobj
91 0 obj <<
/Title 92 0 R
/A 89 0 R
-/Parent 1340 0 R
+/Parent 1345 0 R
/Prev 67 0 R
/Next 135 0 R
/First 95 0 R
@@ -7253,7 +7291,7 @@ endobj
67 0 obj <<
/Title 68 0 R
/A 65 0 R
-/Parent 1340 0 R
+/Parent 1345 0 R
/Prev 7 0 R
/Next 91 0 R
/First 71 0 R
@@ -7362,1390 +7400,1395 @@ endobj
7 0 obj <<
/Title 8 0 R
/A 5 0 R
-/Parent 1340 0 R
+/Parent 1345 0 R
/Next 67 0 R
/First 11 0 R
/Last 23 0 R
/Count -4
>> endobj
-1341 0 obj <<
-/Names [(Access_Control_Lists) 1153 0 R (Bv9ARM.ch01) 621 0 R (Bv9ARM.ch02) 675 0 R (Bv9ARM.ch03) 690 0 R (Bv9ARM.ch04) 743 0 R (Bv9ARM.ch05) 810 0 R (Bv9ARM.ch06) 832 0 R (Bv9ARM.ch07) 1152 0 R (Bv9ARM.ch08) 1171 0 R (Bv9ARM.ch09) 1186 0 R (Configuration_File_Grammar) 859 0 R (DNSSEC) 791 0 R (Doc-Start) 602 0 R (Setting_TTLs) 1124 0 R (access_control) 957 0 R (acl) 863 0 R (address_match_lists) 837 0 R (admin_tools) 721 0 R (appendix.A) 546 0 R (bibliography) 1207 0 R (boolean_options) 716 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 134 0 R (chapter.5) 234 0 R (chapter.6) 246 0 R (chapter.7) 502 0 R (chapter.8) 526 0 R (cite.RFC1034) 1217 0 R (cite.RFC1035) 1219 0 R (cite.RFC1101) 1275 0 R (cite.RFC1123) 1277 0 R (cite.RFC1183) 1259 0 R (cite.RFC1464) 1299 0 R (cite.RFC1535) 1251 0 R (cite.RFC1536) 1253 0 R (cite.RFC1537) 1285 0 R (cite.RFC1591) 1279 0 R (cite.RFC1706) 1261 0 R (cite.RFC1712) 1313 0 R (cite.RFC1713) 1301 0 R (cite.RFC1794) 1303 0 R (cite.RFC1876) 1263 0 R (cite.RFC1886) 1243 0 R (cite.RFC1912) 1287 0 R (cite.RFC1982) 1255 0 R (cite.RFC1995) 1224 0 R (cite.RFC1996) 1226 0 R (cite.RFC2010) 1289 0 R (cite.RFC2052) 1265 0 R (cite.RFC2065) 1245 0 R (cite.RFC2136) 1228 0 R (cite.RFC2137) 1247 0 R (cite.RFC2163) 1267 0 R (cite.RFC2168) 1269 0 R (cite.RFC2181) 1230 0 R (cite.RFC2219) 1295 0 R (cite.RFC2230) 1271 0 R (cite.RFC2240) 1305 0 R (cite.RFC2308) 1237 0 R (cite.RFC2317) 1281 0 R (cite.RFC2345) 1307 0 R (cite.RFC2352) 1309 0 R (cite.RFC2845) 1239 0 R (cite.RFC974) 1221 0 R (cite.id2490545) 1318 0 R (classes_of_resource_records) 1107 0 R (configuration_file_elements) 833 0 R (controls_statement_definition_and_usage) 731 0 R (diagnostic_tools) 663 0 R (dynamic_update) 744 0 R (dynamic_update_policies) 784 0 R (dynamic_update_security) 1062 0 R (historical_dns_information) 1193 0 R (id2465089) 623 0 R (id2465144) 622 0 R (id2466440) 627 0 R (id2466449) 628 0 R (id2467101) 692 0 R (id2467114) 693 0 R (id2467137) 698 0 R (id2467154) 699 0 R (id2467443) 643 0 R (id2467586) 645 0 R (id2467606) 646 0 R (id2467630) 647 0 R (id2467988) 650 0 R (id2468062) 657 0 R (id2468085) 660 0 R (id2468106) 661 0 R (id2468125) 662 0 R (id2468154) 668 0 R (id2468323) 669 0 R (id2468348) 670 0 R (id2468380) 676 0 R (id2468473) 677 0 R (id2468484) 678 0 R (id2468498) 679 0 R (id2468506) 685 0 R (id2469165) 710 0 R (id2469171) 711 0 R (id2472087) 736 0 R (id2472099) 737 0 R (id2472464) 753 0 R (id2472890) 770 0 R (id2472974) 771 0 R (id2473009) 772 0 R (id2473025) 773 0 R (id2473033) 779 0 R (id2473073) 780 0 R (id2473125) 781 0 R (id2473169) 783 0 R (id2473182) 789 0 R (id2473232) 790 0 R (id2473353) 796 0 R (id2473421) 797 0 R (id2473528) 798 0 R (id2473570) 803 0 R (id2473692) 804 0 R (id2473785) 805 0 R (id2473841) 809 0 R (id2473991) 816 0 R (id2474023) 821 0 R (id2474162) 834 0 R (id2474715) 842 0 R (id2474742) 843 0 R (id2474829) 848 0 R (id2474844) 849 0 R (id2474873) 850 0 R (id2475085) 860 0 R (id2475336) 862 0 R (id2475378) 868 0 R (id2475515) 870 0 R (id2475840) 879 0 R (id2475854) 880 0 R (id2475877) 881 0 R (id2475898) 882 0 R (id2475961) 885 0 R (id2476087) 890 0 R (id2476208) 891 0 R (id2476969) 906 0 R (id2477450) 908 0 R (id2477523) 913 0 R (id2477586) 915 0 R (id2478446) 926 0 R (id2479485) 955 0 R (id2479796) 967 0 R (id2479880) 968 0 R (id2480352) 980 0 R (id2480521) 986 0 R (id2480590) 987 0 R (id2480929) 1006 0 R (id2481522) 1018 0 R (id2482022) 1025 0 R (id2482070) 1026 0 R (id2482093) 1032 0 R (id2482210) 1033 0 R (id2483461) 1047 0 R (id2483467) 1048 0 R (id2483472) 1049 0 R (id2483773) 1055 0 R (id2483804) 1056 0 R (id2484512) 1083 0 R (id2484701) 1089 0 R (id2484720) 1090 0 R (id2484741) 1093 0 R (id2484881) 1095 0 R (id2485520) 1102 0 R (id2485603) 1105 0 R (id2485800) 1112 0 R (id2485821) 1113 0 R (id2486042) 1115 0 R (id2486157) 1117 0 R (id2486176) 1122 0 R (id2486685) 1125 0 R (id2486791) 1127 0 R (id2486805) 1128 0 R (id2486897) 1134 0 R (id2486916) 1135 0 R (id2486971) 1139 0 R (id2487034) 1140 0 R (id2487065) 1145 0 R (id2487117) 1146 0 R (id2487452) 1164 0 R (id2487596) 1165 0 R (id2487722) 1166 0 R (id2487793) 1172 0 R (id2487798) 1173 0 R (id2487810) 1174 0 R (id2487827) 1175 0 R (id2487889) 1187 0 R (id2487894) 1188 0 R (id2488131) 1194 0 R (id2488147) 1195 0 R (id2488162) 1196 0 R (id2488200) 1197 0 R (id2488512) 1199 0 R (id2488738) 1201 0 R (id2488953) 1213 0 R (id2488955) 1215 0 R (id2488964) 1220 0 R (id2488987) 1216 0 R (id2489011) 1218 0 R (id2489048) 1229 0 R (id2489074) 1236 0 R (id2489099) 1223 0 R (id2489124) 1225 0 R (id2489147) 1227 0 R (id2489203) 1238 0 R (id2489264) 1241 0 R (id2489278) 1242 0 R (id2489317) 1244 0 R (id2489356) 1246 0 R (id2489384) 1249 0 R (id2489393) 1250 0 R (id2489418) 1252 0 R (id2489485) 1254 0 R (id2489522) 1257 0 R (id2489527) 1258 0 R (id2489585) 1260 0 R (id2489622) 1268 0 R (id2489657) 1262 0 R (id2489712) 1264 0 R (id2489751) 1266 0 R (id2489778) 1270 0 R (id2489804) 1273 0 R (id2489812) 1274 0 R (id2489837) 1276 0 R (id2489861) 1278 0 R (id2489882) 1280 0 R (id2489997) 1283 0 R (id2490005) 1284 0 R (id2490030) 1286 0 R (id2490057) 1288 0 R (id2490093) 1294 0 R (id2490133) 1297 0 R (id2490153) 1298 0 R (id2490244) 1300 0 R (id2490268) 1302 0 R (id2490293) 1304 0 R (id2490384) 1306 0 R (id2490429) 1308 0 R (id2490454) 1311 0 R (id2490460) 1312 0 R (id2490533) 1315 0 R (id2490542) 1317 0 R (id2490545) 1319 0 R (incremental_zone_transfers) 750 0 R (internet_drafts) 1314 0 R (ipv6addresses) 811 0 R (journal) 745 0 R (lwresd) 822 0 R (notify) 702 0 R (page.1) 601 0 R (page.10) 697 0 R (page.11) 707 0 R (page.12) 720 0 R (page.13) 728 0 R (page.14) 735 0 R (page.15) 742 0 R (page.16) 749 0 R (page.17) 758 0 R (page.18) 763 0 R (page.19) 767 0 R (page.2) 613 0 R (page.20) 778 0 R (page.21) 788 0 R (page.22) 795 0 R (page.23) 802 0 R (page.24) 815 0 R (page.25) 820 0 R (page.26) 827 0 R (page.27) 831 0 R (page.28) 841 0 R (page.29) 847 0 R (page.3) 620 0 R (page.30) 855 0 R (page.31) 867 0 R (page.32) 878 0 R (page.33) 889 0 R (page.34) 895 0 R (page.35) 899 0 R (page.36) 905 0 R (page.37) 912 0 R (page.38) 920 0 R (page.39) 925 0 R (page.4) 639 0 R (page.40) 933 0 R (page.41) 939 0 R (page.42) 944 0 R (page.43) 954 0 R (page.44) 966 0 R (page.45) 975 0 R (page.46) 979 0 R (page.47) 984 0 R (page.48) 991 0 R (page.49) 998 0 R (page.5) 656 0 R (page.50) 1005 0 R (page.51) 1011 0 R (page.52) 1017 0 R (page.53) 1024 0 R (page.54) 1031 0 R (page.55) 1037 0 R (page.56) 1042 0 R (page.57) 1046 0 R (page.58) 1054 0 R (page.59) 1066 0 R (page.6) 667 0 R (page.60) 1076 0 R (page.61) 1088 0 R (page.62) 1101 0 R (page.63) 1111 0 R (page.64) 1121 0 R (page.65) 1133 0 R (page.66) 1144 0 R (page.67) 1151 0 R (page.68) 1160 0 R (page.69) 1170 0 R (page.7) 674 0 R (page.70) 1181 0 R (page.71) 1185 0 R (page.72) 1192 0 R (page.73) 1206 0 R (page.74) 1235 0 R (page.75) 1293 0 R (page.8) 684 0 R (page.9) 689 0 R (proposed_standards) 754 0 R (rfcs) 652 0 R (rndc) 874 0 R (rrset_ordering) 703 0 R (sample_configuration) 691 0 R (section*.1) 1212 0 R (section*.10) 1310 0 R (section*.11) 1316 0 R (section*.2) 1214 0 R (section*.3) 1222 0 R (section*.4) 1240 0 R (section*.5) 1248 0 R (section*.6) 1256 0 R (section*.7) 1272 0 R (section*.8) 1282 0 R (section*.9) 1296 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.3.4) 114 0 R (section.4.1) 138 0 R (section.4.2) 146 0 R (section.4.3) 150 0 R (section.4.4) 154 0 R (section.4.5) 190 0 R (section.4.6) 194 0 R (section.4.7) 198 0 R (section.4.8) 222 0 R (section.5.1) 238 0 R (section.5.2) 242 0 R (section.6.1) 250 0 R (section.6.2) 278 0 R (section.6.3) 454 0 R (section.7.1) 506 0 R (section.7.2) 510 0 R (section.7.3) 522 0 R (section.8.1) 530 0 R (section.8.2) 538 0 R (section.8.3) 542 0 R (section.A.1) 550 0 R (section.A.2) 558 0 R (section.A.3) 574 0 R (section.A.4) 582 0 R (server_statement_definition_and_usage) 950 0 R (server_statement_grammar) 1020 0 R (statsfile) 935 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.4.1) 118 0 R (subsection.3.4.2) 130 0 R (subsection.4.1.1) 142 0 R (subsection.4.4.1) 158 0 R (subsection.4.4.2) 170 0 R (subsection.4.4.3) 174 0 R (subsection.4.4.4) 178 0 R (subsection.4.4.5) 182 0 R (subsection.4.4.6) 186 0 R (subsection.4.7.1) 202 0 R (subsection.4.7.2) 206 0 R (subsection.4.7.3) 210 0 R (subsection.4.7.4) 214 0 R (subsection.4.7.5) 218 0 R (subsection.4.8.1) 226 0 R (subsection.4.8.2) 230 0 R (subsection.6.1.1) 254 0 R (subsection.6.1.2) 266 0 R (subsection.6.2.1) 282 0 R (subsection.6.2.10) 318 0 R (subsection.6.2.11) 330 0 R (subsection.6.2.12) 334 0 R (subsection.6.2.13) 338 0 R (subsection.6.2.14) 342 0 R (subsection.6.2.15) 406 0 R (subsection.6.2.16) 410 0 R (subsection.6.2.17) 414 0 R (subsection.6.2.18) 418 0 R (subsection.6.2.19) 422 0 R (subsection.6.2.2) 286 0 R (subsection.6.2.20) 426 0 R (subsection.6.2.21) 430 0 R (subsection.6.2.22) 434 0 R (subsection.6.2.3) 290 0 R (subsection.6.2.4) 294 0 R (subsection.6.2.5) 298 0 R (subsection.6.2.6) 302 0 R (subsection.6.2.7) 306 0 R (subsection.6.2.8) 310 0 R (subsection.6.2.9) 314 0 R (subsection.6.3.1) 458 0 R (subsection.6.3.2) 470 0 R (subsection.6.3.3) 474 0 R (subsection.6.3.4) 478 0 R (subsection.6.3.5) 482 0 R (subsection.6.3.6) 498 0 R (subsection.7.2.1) 514 0 R (subsection.7.2.2) 518 0 R (subsection.8.1.1) 534 0 R (subsection.A.1.1) 554 0 R (subsection.A.2.1) 562 0 R (subsection.A.3.1) 578 0 R (subsection.A.4.1) 586 0 R (subsection.A.4.2) 590 0 R (subsection.A.4.3) 594 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.4.1.1) 122 0 R (subsubsection.3.4.1.2) 126 0 R (subsubsection.4.4.1.1) 162 0 R (subsubsection.4.4.1.2) 166 0 R (subsubsection.6.1.1.1) 258 0 R (subsubsection.6.1.1.2) 262 0 R (subsubsection.6.1.2.1) 270 0 R (subsubsection.6.1.2.2) 274 0 R (subsubsection.6.2.10.1) 322 0 R (subsubsection.6.2.10.2) 326 0 R (subsubsection.6.2.14.1) 346 0 R (subsubsection.6.2.14.10) 382 0 R (subsubsection.6.2.14.11) 386 0 R (subsubsection.6.2.14.12) 390 0 R (subsubsection.6.2.14.13) 394 0 R (subsubsection.6.2.14.14) 398 0 R (subsubsection.6.2.14.15) 402 0 R (subsubsection.6.2.14.2) 350 0 R (subsubsection.6.2.14.3) 354 0 R (subsubsection.6.2.14.4) 358 0 R (subsubsection.6.2.14.5) 362 0 R (subsubsection.6.2.14.6) 366 0 R (subsubsection.6.2.14.7) 370 0 R (subsubsection.6.2.14.8) 374 0 R (subsubsection.6.2.14.9) 378 0 R (subsubsection.6.2.22.1) 438 0 R (subsubsection.6.2.22.2) 442 0 R (subsubsection.6.2.22.3) 446 0 R (subsubsection.6.2.22.4) 450 0 R (subsubsection.6.3.1.1) 462 0 R (subsubsection.6.3.1.2) 466 0 R (subsubsection.6.3.5.1) 486 0 R (subsubsection.6.3.5.2) 490 0 R (subsubsection.6.3.5.3) 494 0 R (subsubsection.A.2.1.1) 566 0 R (subsubsection.A.2.1.2) 570 0 R (synthesis) 962 0 R (table.1.1) 629 0 R (table.1.2) 644 0 R (table.3.1) 700 0 R (table.3.2) 738 0 R (table.6.1) 835 0 R (table.6.10) 1096 0 R (table.6.11) 1103 0 R (table.6.12) 1106 0 R (table.6.13) 1114 0 R (table.6.14) 1116 0 R (table.6.15) 1123 0 R (table.6.16) 1126 0 R (table.6.17) 1129 0 R (table.6.18) 1147 0 R (table.6.2) 861 0 R (table.6.3) 869 0 R (table.6.4) 907 0 R (table.6.5) 1007 0 R (table.6.6) 1019 0 R (table.6.7) 1050 0 R (table.6.8) 1084 0 R (table.6.9) 1094 0 R (table.A.1) 1198 0 R (table.A.2) 1200 0 R (table.A.3) 1202 0 R (the_category_phrase) 901 0 R (the_sortlist_statement) 993 0 R (topology) 992 0 R (tsig) 768 0 R (tuning) 1012 0 R (types_of_resource_records_and_when_to_use_them) 651 0 R (zone_statement_grammar) 961 0 R (zone_transfers) 715 0 R]
+1346 0 obj <<
+/Names [(Access_Control_Lists) 1158 0 R (Bv9ARM.ch01) 625 0 R (Bv9ARM.ch02) 679 0 R (Bv9ARM.ch03) 694 0 R (Bv9ARM.ch04) 747 0 R (Bv9ARM.ch05) 815 0 R (Bv9ARM.ch06) 837 0 R (Bv9ARM.ch07) 1157 0 R (Bv9ARM.ch08) 1176 0 R (Bv9ARM.ch09) 1191 0 R (Configuration_File_Grammar) 864 0 R (DNSSEC) 796 0 R (Doc-Start) 606 0 R (Setting_TTLs) 1129 0 R (access_control) 962 0 R (acl) 868 0 R (address_match_lists) 842 0 R (admin_tools) 725 0 R (appendix.A) 550 0 R (bibliography) 1212 0 R (boolean_options) 720 0 R (chapter.1) 6 0 R (chapter.2) 66 0 R (chapter.3) 90 0 R (chapter.4) 134 0 R (chapter.5) 238 0 R (chapter.6) 250 0 R (chapter.7) 506 0 R (chapter.8) 530 0 R (cite.RFC1034) 1222 0 R (cite.RFC1035) 1224 0 R (cite.RFC1101) 1280 0 R (cite.RFC1123) 1282 0 R (cite.RFC1183) 1264 0 R (cite.RFC1464) 1304 0 R (cite.RFC1535) 1256 0 R (cite.RFC1536) 1258 0 R (cite.RFC1537) 1294 0 R (cite.RFC1591) 1284 0 R (cite.RFC1706) 1266 0 R (cite.RFC1712) 1318 0 R (cite.RFC1713) 1306 0 R (cite.RFC1794) 1308 0 R (cite.RFC1876) 1268 0 R (cite.RFC1886) 1248 0 R (cite.RFC1912) 1296 0 R (cite.RFC1982) 1260 0 R (cite.RFC1995) 1234 0 R (cite.RFC1996) 1236 0 R (cite.RFC2010) 1298 0 R (cite.RFC2052) 1270 0 R (cite.RFC2065) 1250 0 R (cite.RFC2136) 1238 0 R (cite.RFC2137) 1252 0 R (cite.RFC2163) 1272 0 R (cite.RFC2168) 1274 0 R (cite.RFC2181) 1240 0 R (cite.RFC2219) 1300 0 R (cite.RFC2230) 1276 0 R (cite.RFC2240) 1310 0 R (cite.RFC2308) 1242 0 R (cite.RFC2317) 1290 0 R (cite.RFC2345) 1312 0 R (cite.RFC2352) 1314 0 R (cite.RFC2845) 1244 0 R (cite.RFC974) 1226 0 R (cite.id2490365) 1323 0 R (classes_of_resource_records) 1112 0 R (configuration_file_elements) 838 0 R (controls_statement_definition_and_usage) 735 0 R (diagnostic_tools) 667 0 R (dynamic_update) 748 0 R (dynamic_update_policies) 789 0 R (dynamic_update_security) 1067 0 R (historical_dns_information) 1198 0 R (id2464552) 626 0 R (id2464616) 627 0 R (id2465937) 649 0 R (id2465957) 650 0 R (id2465981) 651 0 R (id2466966) 631 0 R (id2466974) 632 0 R (id2467159) 696 0 R (id2467172) 697 0 R (id2467194) 702 0 R (id2467211) 703 0 R (id2467296) 647 0 R (id2467772) 654 0 R (id2467847) 661 0 R (id2467869) 664 0 R (id2467891) 665 0 R (id2467910) 666 0 R (id2467939) 672 0 R (id2467971) 673 0 R (id2468133) 674 0 R (id2468165) 680 0 R (id2468258) 681 0 R (id2468268) 682 0 R (id2468282) 683 0 R (id2468291) 689 0 R (id2468950) 714 0 R (id2468955) 715 0 R (id2471826) 740 0 R (id2471837) 741 0 R (id2472270) 757 0 R (id2472288) 758 0 R (id2472768) 775 0 R (id2472784) 776 0 R (id2472818) 777 0 R (id2472834) 778 0 R (id2472842) 784 0 R (id2472882) 785 0 R (id2472934) 786 0 R (id2472978) 788 0 R (id2472992) 794 0 R (id2473177) 795 0 R (id2473230) 801 0 R (id2473299) 802 0 R (id2473405) 803 0 R (id2473515) 808 0 R (id2473570) 809 0 R (id2473594) 810 0 R (id2473718) 814 0 R (id2473732) 821 0 R (id2473764) 826 0 R (id2473971) 839 0 R (id2474524) 847 0 R (id2474551) 848 0 R (id2474707) 853 0 R (id2474722) 854 0 R (id2474750) 855 0 R (id2474963) 865 0 R (id2475213) 867 0 R (id2475255) 873 0 R (id2475393) 875 0 R (id2475717) 884 0 R (id2475732) 885 0 R (id2475754) 886 0 R (id2475776) 887 0 R (id2475838) 890 0 R (id2475964) 895 0 R (id2476017) 896 0 R (id2476642) 911 0 R (id2477123) 913 0 R (id2477264) 918 0 R (id2477326) 920 0 R (id2478256) 931 0 R (id2479226) 960 0 R (id2479605) 972 0 R (id2479689) 973 0 R (id2480161) 985 0 R (id2480262) 991 0 R (id2480331) 992 0 R (id2480874) 1011 0 R (id2481399) 1023 0 R (id2481899) 1030 0 R (id2481947) 1031 0 R (id2482039) 1037 0 R (id2482087) 1038 0 R (id2483202) 1052 0 R (id2483208) 1053 0 R (id2483212) 1054 0 R (id2483514) 1060 0 R (id2483613) 1061 0 R (id2484389) 1088 0 R (id2484579) 1094 0 R (id2484597) 1095 0 R (id2484618) 1098 0 R (id2484758) 1100 0 R (id2485397) 1107 0 R (id2485480) 1110 0 R (id2485677) 1117 0 R (id2485699) 1118 0 R (id2485988) 1120 0 R (id2486103) 1122 0 R (id2486121) 1127 0 R (id2486426) 1130 0 R (id2486532) 1132 0 R (id2486614) 1133 0 R (id2486706) 1139 0 R (id2486725) 1140 0 R (id2486780) 1144 0 R (id2486843) 1145 0 R (id2486874) 1150 0 R (id2486926) 1151 0 R (id2487194) 1169 0 R (id2487406) 1170 0 R (id2487601) 1171 0 R (id2487671) 1177 0 R (id2487676) 1178 0 R (id2487688) 1179 0 R (id2487705) 1180 0 R (id2487767) 1192 0 R (id2487772) 1193 0 R (id2487883) 1199 0 R (id2487899) 1200 0 R (id2487982) 1201 0 R (id2488021) 1202 0 R (id2488332) 1204 0 R (id2488558) 1210 0 R (id2488842) 1218 0 R (id2488844) 1220 0 R (id2488853) 1225 0 R (id2488876) 1221 0 R (id2488900) 1223 0 R (id2488937) 1239 0 R (id2488963) 1241 0 R (id2488988) 1233 0 R (id2489013) 1235 0 R (id2489036) 1237 0 R (id2489092) 1243 0 R (id2489153) 1246 0 R (id2489168) 1247 0 R (id2489206) 1249 0 R (id2489245) 1251 0 R (id2489273) 1254 0 R (id2489282) 1255 0 R (id2489307) 1257 0 R (id2489374) 1259 0 R (id2489411) 1262 0 R (id2489416) 1263 0 R (id2489474) 1265 0 R (id2489511) 1273 0 R (id2489546) 1267 0 R (id2489601) 1269 0 R (id2489640) 1271 0 R (id2489667) 1275 0 R (id2489693) 1278 0 R (id2489701) 1279 0 R (id2489726) 1281 0 R (id2489750) 1283 0 R (id2489771) 1289 0 R (id2489818) 1292 0 R (id2489826) 1293 0 R (id2489851) 1295 0 R (id2489878) 1297 0 R (id2489982) 1299 0 R (id2490022) 1302 0 R (id2490042) 1303 0 R (id2490065) 1305 0 R (id2490089) 1307 0 R (id2490182) 1309 0 R (id2490204) 1311 0 R (id2490250) 1313 0 R (id2490275) 1316 0 R (id2490281) 1317 0 R (id2490354) 1320 0 R (id2490363) 1322 0 R (id2490365) 1324 0 R (incremental_zone_transfers) 754 0 R (internet_drafts) 1319 0 R (ipv6addresses) 816 0 R (journal) 749 0 R (lwresd) 827 0 R (notify) 706 0 R (page.1) 605 0 R (page.10) 701 0 R (page.11) 711 0 R (page.12) 724 0 R (page.13) 732 0 R (page.14) 739 0 R (page.15) 746 0 R (page.16) 753 0 R (page.17) 763 0 R (page.18) 768 0 R (page.19) 772 0 R (page.2) 617 0 R (page.20) 783 0 R (page.21) 793 0 R (page.22) 800 0 R (page.23) 807 0 R (page.24) 820 0 R (page.25) 825 0 R (page.26) 832 0 R (page.27) 836 0 R (page.28) 846 0 R (page.29) 852 0 R (page.3) 624 0 R (page.30) 860 0 R (page.31) 872 0 R (page.32) 883 0 R (page.33) 894 0 R (page.34) 900 0 R (page.35) 904 0 R (page.36) 910 0 R (page.37) 917 0 R (page.38) 925 0 R (page.39) 930 0 R (page.4) 643 0 R (page.40) 938 0 R (page.41) 944 0 R (page.42) 949 0 R (page.43) 959 0 R (page.44) 971 0 R (page.45) 980 0 R (page.46) 984 0 R (page.47) 989 0 R (page.48) 996 0 R (page.49) 1003 0 R (page.5) 660 0 R (page.50) 1010 0 R (page.51) 1016 0 R (page.52) 1022 0 R (page.53) 1029 0 R (page.54) 1036 0 R (page.55) 1042 0 R (page.56) 1047 0 R (page.57) 1051 0 R (page.58) 1059 0 R (page.59) 1071 0 R (page.6) 671 0 R (page.60) 1081 0 R (page.61) 1093 0 R (page.62) 1106 0 R (page.63) 1116 0 R (page.64) 1126 0 R (page.65) 1138 0 R (page.66) 1149 0 R (page.67) 1156 0 R (page.68) 1165 0 R (page.69) 1175 0 R (page.7) 678 0 R (page.70) 1186 0 R (page.71) 1190 0 R (page.72) 1197 0 R (page.73) 1209 0 R (page.74) 1231 0 R (page.75) 1288 0 R (page.8) 688 0 R (page.9) 693 0 R (proposed_standards) 759 0 R (rfcs) 656 0 R (rndc) 879 0 R (rrset_ordering) 707 0 R (sample_configuration) 695 0 R (section*.1) 1217 0 R (section*.10) 1315 0 R (section*.11) 1321 0 R (section*.2) 1219 0 R (section*.3) 1232 0 R (section*.4) 1245 0 R (section*.5) 1253 0 R (section*.6) 1261 0 R (section*.7) 1277 0 R (section*.8) 1291 0 R (section*.9) 1301 0 R (section.1.1) 10 0 R (section.1.2) 14 0 R (section.1.3) 18 0 R (section.1.4) 22 0 R (section.2.1) 70 0 R (section.2.2) 74 0 R (section.2.3) 78 0 R (section.2.4) 82 0 R (section.2.5) 86 0 R (section.3.1) 94 0 R (section.3.2) 106 0 R (section.3.3) 110 0 R (section.3.4) 114 0 R (section.4.1) 138 0 R (section.4.2) 146 0 R (section.4.3) 150 0 R (section.4.4) 158 0 R (section.4.5) 194 0 R (section.4.6) 198 0 R (section.4.7) 202 0 R (section.4.8) 226 0 R (section.5.1) 242 0 R (section.5.2) 246 0 R (section.6.1) 254 0 R (section.6.2) 282 0 R (section.6.3) 458 0 R (section.7.1) 510 0 R (section.7.2) 514 0 R (section.7.3) 526 0 R (section.8.1) 534 0 R (section.8.2) 542 0 R (section.8.3) 546 0 R (section.A.1) 554 0 R (section.A.2) 562 0 R (section.A.3) 578 0 R (section.A.4) 586 0 R (server_statement_definition_and_usage) 955 0 R (server_statement_grammar) 1025 0 R (statsfile) 940 0 R (subsection.1.4.1) 26 0 R (subsection.1.4.2) 30 0 R (subsection.1.4.3) 34 0 R (subsection.1.4.4) 38 0 R (subsection.1.4.5) 54 0 R (subsection.1.4.6) 62 0 R (subsection.3.1.1) 98 0 R (subsection.3.1.2) 102 0 R (subsection.3.4.1) 118 0 R (subsection.3.4.2) 130 0 R (subsection.4.1.1) 142 0 R (subsection.4.3.1) 154 0 R (subsection.4.4.1) 162 0 R (subsection.4.4.2) 174 0 R (subsection.4.4.3) 178 0 R (subsection.4.4.4) 182 0 R (subsection.4.4.5) 186 0 R (subsection.4.4.6) 190 0 R (subsection.4.7.1) 206 0 R (subsection.4.7.2) 210 0 R (subsection.4.7.3) 214 0 R (subsection.4.7.4) 218 0 R (subsection.4.7.5) 222 0 R (subsection.4.8.1) 230 0 R (subsection.4.8.2) 234 0 R (subsection.6.1.1) 258 0 R (subsection.6.1.2) 270 0 R (subsection.6.2.1) 286 0 R (subsection.6.2.10) 322 0 R (subsection.6.2.11) 334 0 R (subsection.6.2.12) 338 0 R (subsection.6.2.13) 342 0 R (subsection.6.2.14) 346 0 R (subsection.6.2.15) 410 0 R (subsection.6.2.16) 414 0 R (subsection.6.2.17) 418 0 R (subsection.6.2.18) 422 0 R (subsection.6.2.19) 426 0 R (subsection.6.2.2) 290 0 R (subsection.6.2.20) 430 0 R (subsection.6.2.21) 434 0 R (subsection.6.2.22) 438 0 R (subsection.6.2.3) 294 0 R (subsection.6.2.4) 298 0 R (subsection.6.2.5) 302 0 R (subsection.6.2.6) 306 0 R (subsection.6.2.7) 310 0 R (subsection.6.2.8) 314 0 R (subsection.6.2.9) 318 0 R (subsection.6.3.1) 462 0 R (subsection.6.3.2) 474 0 R (subsection.6.3.3) 478 0 R (subsection.6.3.4) 482 0 R (subsection.6.3.5) 486 0 R (subsection.6.3.6) 502 0 R (subsection.7.2.1) 518 0 R (subsection.7.2.2) 522 0 R (subsection.8.1.1) 538 0 R (subsection.A.1.1) 558 0 R (subsection.A.2.1) 566 0 R (subsection.A.3.1) 582 0 R (subsection.A.4.1) 590 0 R (subsection.A.4.2) 594 0 R (subsection.A.4.3) 598 0 R (subsubsection.1.4.4.1) 42 0 R (subsubsection.1.4.4.2) 46 0 R (subsubsection.1.4.4.3) 50 0 R (subsubsection.1.4.5.1) 58 0 R (subsubsection.3.4.1.1) 122 0 R (subsubsection.3.4.1.2) 126 0 R (subsubsection.4.4.1.1) 166 0 R (subsubsection.4.4.1.2) 170 0 R (subsubsection.6.1.1.1) 262 0 R (subsubsection.6.1.1.2) 266 0 R (subsubsection.6.1.2.1) 274 0 R (subsubsection.6.1.2.2) 278 0 R (subsubsection.6.2.10.1) 326 0 R (subsubsection.6.2.10.2) 330 0 R (subsubsection.6.2.14.1) 350 0 R (subsubsection.6.2.14.10) 386 0 R (subsubsection.6.2.14.11) 390 0 R (subsubsection.6.2.14.12) 394 0 R (subsubsection.6.2.14.13) 398 0 R (subsubsection.6.2.14.14) 402 0 R (subsubsection.6.2.14.15) 406 0 R (subsubsection.6.2.14.2) 354 0 R (subsubsection.6.2.14.3) 358 0 R (subsubsection.6.2.14.4) 362 0 R (subsubsection.6.2.14.5) 366 0 R (subsubsection.6.2.14.6) 370 0 R (subsubsection.6.2.14.7) 374 0 R (subsubsection.6.2.14.8) 378 0 R (subsubsection.6.2.14.9) 382 0 R (subsubsection.6.2.22.1) 442 0 R (subsubsection.6.2.22.2) 446 0 R (subsubsection.6.2.22.3) 450 0 R (subsubsection.6.2.22.4) 454 0 R (subsubsection.6.3.1.1) 466 0 R (subsubsection.6.3.1.2) 470 0 R (subsubsection.6.3.5.1) 490 0 R (subsubsection.6.3.5.2) 494 0 R (subsubsection.6.3.5.3) 498 0 R (subsubsection.A.2.1.1) 570 0 R (subsubsection.A.2.1.2) 574 0 R (synthesis) 967 0 R (table.1.1) 633 0 R (table.1.2) 648 0 R (table.3.1) 704 0 R (table.3.2) 742 0 R (table.6.1) 840 0 R (table.6.10) 1101 0 R (table.6.11) 1108 0 R (table.6.12) 1111 0 R (table.6.13) 1119 0 R (table.6.14) 1121 0 R (table.6.15) 1128 0 R (table.6.16) 1131 0 R (table.6.17) 1134 0 R (table.6.18) 1152 0 R (table.6.2) 866 0 R (table.6.3) 874 0 R (table.6.4) 912 0 R (table.6.5) 1012 0 R (table.6.6) 1024 0 R (table.6.7) 1055 0 R (table.6.8) 1089 0 R (table.6.9) 1099 0 R (table.A.1) 1203 0 R (table.A.2) 1205 0 R (table.A.3) 1211 0 R (the_category_phrase) 906 0 R (the_sortlist_statement) 998 0 R (topology) 997 0 R (tsig) 773 0 R (tuning) 1017 0 R (types_of_resource_records_and_when_to_use_them) 655 0 R (zone_statement_grammar) 966 0 R (zone_transfers) 719 0 R]
/Limits [(Access_Control_Lists) (zone_transfers)]
>> endobj
-1342 0 obj <<
-/Kids [1341 0 R]
+1347 0 obj <<
+/Kids [1346 0 R]
>> endobj
-1343 0 obj <<
-/Dests 1342 0 R
+1348 0 obj <<
+/Dests 1347 0 R
>> endobj
-1344 0 obj <<
+1349 0 obj <<
/Type /Catalog
-/Pages 1339 0 R
-/Outlines 1340 0 R
-/Names 1343 0 R
+/Pages 1344 0 R
+/Outlines 1345 0 R
+/Names 1348 0 R
/PageMode /UseOutlines
-/OpenAction 597 0 R
+/OpenAction 601 0 R
>> endobj
-1345 0 obj <<
+1350 0 obj <<
/Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfeTeX-1.21a)/Keywords()
-/CreationDate (D:20061128141343+11'00')
+/CreationDate (D:20070806120531+10'00')
/PTEX.Fullbanner (This is pdfeTeX, Version 3.141592-1.21a-2.2 (Web2C 7.5.4) kpathsea version 3.5.4)
>> endobj
xref
-0 1346
+0 1351
0000000001 65535 f
0000000002 00000 f
0000000003 00000 f
0000000004 00000 f
0000000000 00000 f
0000000009 00000 n
-0000019002 00000 n
-0000470336 00000 n
+0000019104 00000 n
+0000471694 00000 n
0000000054 00000 n
0000000086 00000 n
-0000019126 00000 n
-0000470264 00000 n
+0000019228 00000 n
+0000471622 00000 n
0000000133 00000 n
0000000173 00000 n
-0000019251 00000 n
-0000470178 00000 n
+0000019353 00000 n
+0000471536 00000 n
0000000221 00000 n
0000000273 00000 n
-0000019376 00000 n
-0000470092 00000 n
+0000019478 00000 n
+0000471450 00000 n
0000000321 00000 n
0000000377 00000 n
-0000023746 00000 n
-0000469982 00000 n
+0000023702 00000 n
+0000471340 00000 n
0000000425 00000 n
0000000478 00000 n
-0000023870 00000 n
-0000469908 00000 n
+0000023827 00000 n
+0000471266 00000 n
0000000531 00000 n
0000000572 00000 n
-0000023995 00000 n
-0000469821 00000 n
+0000023952 00000 n
+0000471179 00000 n
0000000625 00000 n
0000000674 00000 n
-0000024120 00000 n
-0000469734 00000 n
+0000024077 00000 n
+0000471092 00000 n
0000000727 00000 n
0000000757 00000 n
-0000028268 00000 n
-0000469610 00000 n
+0000028387 00000 n
+0000470968 00000 n
0000000810 00000 n
0000000861 00000 n
-0000028393 00000 n
-0000469536 00000 n
+0000028512 00000 n
+0000470894 00000 n
0000000919 00000 n
0000000964 00000 n
-0000028518 00000 n
-0000469449 00000 n
+0000028637 00000 n
+0000470807 00000 n
0000001022 00000 n
0000001062 00000 n
-0000028643 00000 n
-0000469375 00000 n
+0000028762 00000 n
+0000470733 00000 n
0000001120 00000 n
0000001162 00000 n
-0000031556 00000 n
-0000469251 00000 n
+0000031675 00000 n
+0000470609 00000 n
0000001215 00000 n
0000001260 00000 n
-0000031681 00000 n
-0000469190 00000 n
+0000031800 00000 n
+0000470548 00000 n
0000001318 00000 n
0000001355 00000 n
-0000031806 00000 n
-0000469116 00000 n
+0000031925 00000 n
+0000470474 00000 n
0000001408 00000 n
0000001463 00000 n
-0000034246 00000 n
-0000468991 00000 n
+0000034365 00000 n
+0000470349 00000 n
0000001509 00000 n
0000001556 00000 n
-0000034371 00000 n
-0000468917 00000 n
+0000034490 00000 n
+0000470275 00000 n
0000001604 00000 n
0000001648 00000 n
-0000034496 00000 n
-0000468830 00000 n
+0000034615 00000 n
+0000470188 00000 n
0000001696 00000 n
0000001735 00000 n
-0000034621 00000 n
-0000468743 00000 n
+0000034740 00000 n
+0000470101 00000 n
0000001783 00000 n
0000001825 00000 n
-0000034746 00000 n
-0000468656 00000 n
+0000034865 00000 n
+0000470014 00000 n
0000001873 00000 n
0000001935 00000 n
-0000036066 00000 n
-0000468582 00000 n
+0000036185 00000 n
+0000469940 00000 n
0000001983 00000 n
0000002033 00000 n
-0000037707 00000 n
-0000468454 00000 n
+0000037826 00000 n
+0000469812 00000 n
0000002079 00000 n
0000002124 00000 n
-0000037831 00000 n
-0000468341 00000 n
+0000037950 00000 n
+0000469699 00000 n
0000002172 00000 n
0000002216 00000 n
-0000037956 00000 n
-0000468265 00000 n
+0000038075 00000 n
+0000469623 00000 n
0000002269 00000 n
0000002320 00000 n
-0000038081 00000 n
-0000468188 00000 n
+0000038200 00000 n
+0000469546 00000 n
0000002374 00000 n
0000002432 00000 n
-0000040779 00000 n
-0000468097 00000 n
+0000040898 00000 n
+0000469455 00000 n
0000002481 00000 n
0000002519 00000 n
-0000041031 00000 n
-0000468005 00000 n
+0000041150 00000 n
+0000469363 00000 n
0000002568 00000 n
0000002598 00000 n
-0000044651 00000 n
-0000467888 00000 n
+0000044770 00000 n
+0000469246 00000 n
0000002647 00000 n
0000002692 00000 n
-0000044777 00000 n
-0000467770 00000 n
+0000044896 00000 n
+0000469128 00000 n
0000002746 00000 n
0000002812 00000 n
-0000044903 00000 n
-0000467691 00000 n
+0000045022 00000 n
+0000469049 00000 n
0000002871 00000 n
0000002915 00000 n
-0000048016 00000 n
-0000467612 00000 n
+0000048323 00000 n
+0000468970 00000 n
0000002974 00000 n
0000003022 00000 n
-0000053801 00000 n
-0000467533 00000 n
+0000054108 00000 n
+0000468891 00000 n
0000003076 00000 n
0000003109 00000 n
-0000056635 00000 n
-0000467401 00000 n
+0000056942 00000 n
+0000468759 00000 n
0000003156 00000 n
0000003195 00000 n
-0000056761 00000 n
-0000467283 00000 n
+0000057068 00000 n
+0000468641 00000 n
0000003244 00000 n
0000003282 00000 n
-0000056887 00000 n
-0000467218 00000 n
+0000057194 00000 n
+0000468576 00000 n
0000003336 00000 n
0000003378 00000 n
-0000061204 00000 n
-0000467125 00000 n
+0000061501 00000 n
+0000468483 00000 n
0000003427 00000 n
0000003486 00000 n
-0000061330 00000 n
-0000467032 00000 n
+0000061627 00000 n
+0000468351 00000 n
0000003535 00000 n
0000003568 00000 n
-0000068058 00000 n
-0000466900 00000 n
-0000003617 00000 n
-0000003645 00000 n
-0000068184 00000 n
-0000466782 00000 n
-0000003699 00000 n
-0000003768 00000 n
-0000068310 00000 n
-0000466703 00000 n
-0000003827 00000 n
-0000003875 00000 n
-0000068436 00000 n
-0000466624 00000 n
-0000003934 00000 n
-0000003979 00000 n
-0000068562 00000 n
-0000466531 00000 n
-0000004033 00000 n
-0000004101 00000 n
-0000071666 00000 n
-0000466438 00000 n
-0000004155 00000 n
-0000004225 00000 n
-0000071792 00000 n
-0000466345 00000 n
-0000004279 00000 n
-0000004342 00000 n
-0000071918 00000 n
-0000466252 00000 n
-0000004396 00000 n
-0000004451 00000 n
-0000072043 00000 n
-0000466173 00000 n
-0000004505 00000 n
-0000004537 00000 n
-0000075676 00000 n
-0000466080 00000 n
-0000004586 00000 n
-0000004614 00000 n
-0000075802 00000 n
-0000465987 00000 n
-0000004663 00000 n
-0000004695 00000 n
-0000075928 00000 n
-0000465855 00000 n
-0000004744 00000 n
-0000004774 00000 n
-0000079150 00000 n
-0000465776 00000 n
-0000004828 00000 n
-0000004869 00000 n
-0000079276 00000 n
-0000465683 00000 n
-0000004923 00000 n
-0000004966 00000 n
-0000079401 00000 n
-0000465590 00000 n
-0000005020 00000 n
-0000005072 00000 n
-0000083025 00000 n
-0000465497 00000 n
-0000005126 00000 n
-0000005168 00000 n
-0000083151 00000 n
-0000465418 00000 n
-0000005222 00000 n
-0000005267 00000 n
-0000083276 00000 n
-0000465300 00000 n
-0000005316 00000 n
-0000005362 00000 n
-0000083402 00000 n
-0000465221 00000 n
-0000005416 00000 n
-0000005476 00000 n
-0000084610 00000 n
-0000465142 00000 n
-0000005530 00000 n
-0000005599 00000 n
-0000087066 00000 n
-0000465009 00000 n
-0000005646 00000 n
-0000005699 00000 n
-0000087192 00000 n
-0000464930 00000 n
-0000005748 00000 n
-0000005804 00000 n
-0000087318 00000 n
-0000464851 00000 n
-0000005853 00000 n
-0000005902 00000 n
-0000091690 00000 n
+0000061753 00000 n
+0000468286 00000 n
+0000003622 00000 n
+0000003671 00000 n
+0000068502 00000 n
+0000468154 00000 n
+0000003720 00000 n
+0000003748 00000 n
+0000068628 00000 n
+0000468036 00000 n
+0000003802 00000 n
+0000003871 00000 n
+0000068754 00000 n
+0000467957 00000 n
+0000003930 00000 n
+0000003978 00000 n
+0000068879 00000 n
+0000467878 00000 n
+0000004037 00000 n
+0000004082 00000 n
+0000069005 00000 n
+0000467785 00000 n
+0000004136 00000 n
+0000004204 00000 n
+0000072109 00000 n
+0000467692 00000 n
+0000004258 00000 n
+0000004328 00000 n
+0000072235 00000 n
+0000467599 00000 n
+0000004382 00000 n
+0000004445 00000 n
+0000072361 00000 n
+0000467506 00000 n
+0000004499 00000 n
+0000004554 00000 n
+0000072486 00000 n
+0000467427 00000 n
+0000004608 00000 n
+0000004640 00000 n
+0000076131 00000 n
+0000467334 00000 n
+0000004689 00000 n
+0000004717 00000 n
+0000076257 00000 n
+0000467241 00000 n
+0000004766 00000 n
+0000004798 00000 n
+0000076383 00000 n
+0000467109 00000 n
+0000004847 00000 n
+0000004877 00000 n
+0000079606 00000 n
+0000467030 00000 n
+0000004931 00000 n
+0000004972 00000 n
+0000079732 00000 n
+0000466937 00000 n
+0000005026 00000 n
+0000005069 00000 n
+0000079857 00000 n
+0000466844 00000 n
+0000005123 00000 n
+0000005175 00000 n
+0000083481 00000 n
+0000466751 00000 n
+0000005229 00000 n
+0000005271 00000 n
+0000083607 00000 n
+0000466672 00000 n
+0000005325 00000 n
+0000005370 00000 n
+0000083732 00000 n
+0000466554 00000 n
+0000005419 00000 n
+0000005465 00000 n
+0000083858 00000 n
+0000466475 00000 n
+0000005519 00000 n
+0000005579 00000 n
+0000085066 00000 n
+0000466396 00000 n
+0000005633 00000 n
+0000005702 00000 n
+0000087522 00000 n
+0000466263 00000 n
+0000005749 00000 n
+0000005802 00000 n
+0000087648 00000 n
+0000466184 00000 n
+0000005851 00000 n
+0000005907 00000 n
+0000087774 00000 n
+0000466105 00000 n
+0000005956 00000 n
+0000006005 00000 n
+0000092150 00000 n
+0000465972 00000 n
+0000006052 00000 n
+0000006104 00000 n
+0000092276 00000 n
+0000465854 00000 n
+0000006153 00000 n
+0000006204 00000 n
+0000096128 00000 n
+0000465736 00000 n
+0000006258 00000 n
+0000006303 00000 n
+0000096254 00000 n
+0000465657 00000 n
+0000006362 00000 n
+0000006396 00000 n
+0000096380 00000 n
+0000465578 00000 n
+0000006455 00000 n
+0000006503 00000 n
+0000099514 00000 n
+0000465460 00000 n
+0000006557 00000 n
+0000006597 00000 n
+0000099640 00000 n
+0000465381 00000 n
+0000006656 00000 n
+0000006690 00000 n
+0000099766 00000 n
+0000465302 00000 n
+0000006749 00000 n
+0000006797 00000 n
+0000103374 00000 n
+0000465169 00000 n
+0000006846 00000 n
+0000006896 00000 n
+0000103626 00000 n
+0000465090 00000 n
+0000006950 00000 n
+0000006997 00000 n
+0000103752 00000 n
+0000464997 00000 n
+0000007051 00000 n
+0000007111 00000 n
+0000108733 00000 n
+0000464904 00000 n
+0000007165 00000 n
+0000007217 00000 n
+0000108859 00000 n
+0000464811 00000 n
+0000007271 00000 n
+0000007336 00000 n
+0000112545 00000 n
0000464718 00000 n
-0000005949 00000 n
-0000006001 00000 n
-0000091816 00000 n
-0000464600 00000 n
-0000006050 00000 n
-0000006101 00000 n
-0000095668 00000 n
-0000464482 00000 n
-0000006155 00000 n
-0000006200 00000 n
-0000095794 00000 n
-0000464403 00000 n
-0000006259 00000 n
-0000006293 00000 n
-0000095920 00000 n
-0000464324 00000 n
-0000006352 00000 n
-0000006400 00000 n
-0000099056 00000 n
-0000464206 00000 n
-0000006454 00000 n
-0000006494 00000 n
-0000099182 00000 n
-0000464127 00000 n
-0000006553 00000 n
-0000006587 00000 n
-0000099308 00000 n
-0000464048 00000 n
-0000006646 00000 n
-0000006694 00000 n
-0000102916 00000 n
-0000463915 00000 n
-0000006743 00000 n
-0000006793 00000 n
-0000103168 00000 n
-0000463836 00000 n
-0000006847 00000 n
-0000006894 00000 n
-0000103294 00000 n
-0000463743 00000 n
-0000006948 00000 n
-0000007008 00000 n
-0000108275 00000 n
-0000463650 00000 n
-0000007062 00000 n
-0000007114 00000 n
-0000108401 00000 n
-0000463557 00000 n
-0000007168 00000 n
-0000007233 00000 n
-0000112087 00000 n
-0000463464 00000 n
-0000007287 00000 n
-0000007338 00000 n
-0000112213 00000 n
-0000463371 00000 n
-0000007392 00000 n
-0000007456 00000 n
-0000112339 00000 n
-0000463278 00000 n
-0000007510 00000 n
-0000007557 00000 n
-0000112465 00000 n
-0000463185 00000 n
-0000007611 00000 n
-0000007671 00000 n
-0000112590 00000 n
-0000463092 00000 n
-0000007725 00000 n
-0000007776 00000 n
-0000115800 00000 n
-0000462960 00000 n
-0000007831 00000 n
-0000007896 00000 n
-0000115926 00000 n
-0000462881 00000 n
-0000007956 00000 n
-0000008003 00000 n
-0000123069 00000 n
-0000462802 00000 n
-0000008063 00000 n
-0000008111 00000 n
-0000126336 00000 n
-0000462709 00000 n
+0000007390 00000 n
+0000007441 00000 n
+0000112671 00000 n
+0000464625 00000 n
+0000007495 00000 n
+0000007559 00000 n
+0000112797 00000 n
+0000464532 00000 n
+0000007613 00000 n
+0000007660 00000 n
+0000112923 00000 n
+0000464439 00000 n
+0000007714 00000 n
+0000007774 00000 n
+0000113048 00000 n
+0000464346 00000 n
+0000007828 00000 n
+0000007879 00000 n
+0000116258 00000 n
+0000464214 00000 n
+0000007934 00000 n
+0000007999 00000 n
+0000116384 00000 n
+0000464135 00000 n
+0000008059 00000 n
+0000008106 00000 n
+0000123527 00000 n
+0000464056 00000 n
0000008166 00000 n
-0000008216 00000 n
-0000128958 00000 n
-0000462616 00000 n
-0000008271 00000 n
-0000008334 00000 n
-0000129084 00000 n
-0000462523 00000 n
-0000008389 00000 n
-0000008441 00000 n
-0000135743 00000 n
-0000462390 00000 n
-0000008496 00000 n
-0000008561 00000 n
-0000139901 00000 n
-0000462311 00000 n
-0000008621 00000 n
-0000008665 00000 n
-0000153617 00000 n
-0000462218 00000 n
-0000008725 00000 n
-0000008764 00000 n
-0000153743 00000 n
-0000462125 00000 n
-0000008824 00000 n
+0000008214 00000 n
+0000126794 00000 n
+0000463963 00000 n
+0000008269 00000 n
+0000008319 00000 n
+0000129417 00000 n
+0000463870 00000 n
+0000008374 00000 n
+0000008437 00000 n
+0000129543 00000 n
+0000463777 00000 n
+0000008492 00000 n
+0000008544 00000 n
+0000136202 00000 n
+0000463644 00000 n
+0000008599 00000 n
+0000008664 00000 n
+0000140360 00000 n
+0000463565 00000 n
+0000008724 00000 n
+0000008768 00000 n
+0000154088 00000 n
+0000463472 00000 n
+0000008828 00000 n
0000008867 00000 n
-0000156609 00000 n
-0000462032 00000 n
+0000154214 00000 n
+0000463379 00000 n
0000008927 00000 n
-0000008966 00000 n
-0000156735 00000 n
-0000461939 00000 n
-0000009026 00000 n
-0000009068 00000 n
-0000159953 00000 n
-0000461846 00000 n
-0000009128 00000 n
+0000008970 00000 n
+0000157080 00000 n
+0000463286 00000 n
+0000009030 00000 n
+0000009069 00000 n
+0000157206 00000 n
+0000463193 00000 n
+0000009129 00000 n
0000009171 00000 n
-0000164022 00000 n
-0000461753 00000 n
+0000160424 00000 n
+0000463100 00000 n
0000009231 00000 n
-0000009292 00000 n
-0000167899 00000 n
-0000461660 00000 n
-0000009352 00000 n
-0000009403 00000 n
-0000168025 00000 n
-0000461567 00000 n
-0000009463 00000 n
-0000009515 00000 n
-0000171177 00000 n
-0000461474 00000 n
-0000009576 00000 n
-0000009614 00000 n
-0000171303 00000 n
-0000461381 00000 n
-0000009675 00000 n
-0000009727 00000 n
-0000175256 00000 n
-0000461288 00000 n
-0000009788 00000 n
-0000009832 00000 n
-0000178914 00000 n
-0000461195 00000 n
-0000009893 00000 n
-0000009947 00000 n
-0000182477 00000 n
-0000461102 00000 n
-0000010008 00000 n
-0000010044 00000 n
-0000182606 00000 n
-0000461023 00000 n
-0000010105 00000 n
-0000010154 00000 n
-0000185673 00000 n
-0000460930 00000 n
-0000010209 00000 n
-0000010260 00000 n
-0000185802 00000 n
-0000460837 00000 n
-0000010315 00000 n
-0000010379 00000 n
-0000189984 00000 n
-0000460744 00000 n
-0000010434 00000 n
-0000010491 00000 n
-0000190113 00000 n
-0000460651 00000 n
-0000010546 00000 n
-0000010616 00000 n
-0000193461 00000 n
-0000460558 00000 n
-0000010671 00000 n
-0000010720 00000 n
-0000193590 00000 n
-0000460465 00000 n
-0000010775 00000 n
-0000010837 00000 n
-0000195186 00000 n
-0000460372 00000 n
-0000010892 00000 n
-0000010941 00000 n
-0000200453 00000 n
-0000460254 00000 n
-0000010996 00000 n
-0000011058 00000 n
-0000200582 00000 n
-0000460175 00000 n
-0000011118 00000 n
-0000011157 00000 n
-0000205393 00000 n
-0000460082 00000 n
-0000011217 00000 n
-0000011251 00000 n
-0000205522 00000 n
-0000459989 00000 n
-0000011311 00000 n
-0000011352 00000 n
-0000214667 00000 n
-0000459910 00000 n
-0000011412 00000 n
-0000011464 00000 n
-0000218734 00000 n
-0000459792 00000 n
-0000011513 00000 n
-0000011546 00000 n
-0000218863 00000 n
-0000459674 00000 n
-0000011600 00000 n
-0000011672 00000 n
-0000218991 00000 n
-0000459595 00000 n
-0000011731 00000 n
+0000009274 00000 n
+0000164493 00000 n
+0000463007 00000 n
+0000009334 00000 n
+0000009395 00000 n
+0000168370 00000 n
+0000462914 00000 n
+0000009455 00000 n
+0000009506 00000 n
+0000168496 00000 n
+0000462821 00000 n
+0000009566 00000 n
+0000009618 00000 n
+0000171646 00000 n
+0000462728 00000 n
+0000009679 00000 n
+0000009717 00000 n
+0000171772 00000 n
+0000462635 00000 n
+0000009778 00000 n
+0000009830 00000 n
+0000175733 00000 n
+0000462542 00000 n
+0000009891 00000 n
+0000009935 00000 n
+0000179394 00000 n
+0000462449 00000 n
+0000009996 00000 n
+0000010050 00000 n
+0000182957 00000 n
+0000462356 00000 n
+0000010111 00000 n
+0000010147 00000 n
+0000183086 00000 n
+0000462277 00000 n
+0000010208 00000 n
+0000010257 00000 n
+0000186153 00000 n
+0000462184 00000 n
+0000010312 00000 n
+0000010363 00000 n
+0000186282 00000 n
+0000462091 00000 n
+0000010418 00000 n
+0000010482 00000 n
+0000190464 00000 n
+0000461998 00000 n
+0000010537 00000 n
+0000010594 00000 n
+0000190593 00000 n
+0000461905 00000 n
+0000010649 00000 n
+0000010719 00000 n
+0000193941 00000 n
+0000461812 00000 n
+0000010774 00000 n
+0000010823 00000 n
+0000194070 00000 n
+0000461719 00000 n
+0000010878 00000 n
+0000010940 00000 n
+0000195666 00000 n
+0000461626 00000 n
+0000010995 00000 n
+0000011044 00000 n
+0000200932 00000 n
+0000461508 00000 n
+0000011099 00000 n
+0000011161 00000 n
+0000201061 00000 n
+0000461429 00000 n
+0000011221 00000 n
+0000011260 00000 n
+0000205874 00000 n
+0000461336 00000 n
+0000011320 00000 n
+0000011354 00000 n
+0000206003 00000 n
+0000461243 00000 n
+0000011414 00000 n
+0000011455 00000 n
+0000215148 00000 n
+0000461164 00000 n
+0000011515 00000 n
+0000011567 00000 n
+0000219215 00000 n
+0000461046 00000 n
+0000011616 00000 n
+0000011649 00000 n
+0000219344 00000 n
+0000460928 00000 n
+0000011703 00000 n
0000011775 00000 n
-0000226753 00000 n
-0000459516 00000 n
+0000219472 00000 n
+0000460849 00000 n
0000011834 00000 n
-0000011887 00000 n
-0000227142 00000 n
-0000459423 00000 n
-0000011941 00000 n
-0000011991 00000 n
-0000230670 00000 n
-0000459330 00000 n
-0000012045 00000 n
-0000012083 00000 n
-0000230929 00000 n
-0000459237 00000 n
-0000012137 00000 n
+0000011878 00000 n
+0000227235 00000 n
+0000460770 00000 n
+0000011937 00000 n
+0000011990 00000 n
+0000227624 00000 n
+0000460677 00000 n
+0000012044 00000 n
+0000012094 00000 n
+0000231152 00000 n
+0000460584 00000 n
+0000012148 00000 n
0000012186 00000 n
-0000233911 00000 n
-0000459105 00000 n
+0000231411 00000 n
+0000460491 00000 n
0000012240 00000 n
-0000012292 00000 n
-0000234040 00000 n
-0000459026 00000 n
-0000012351 00000 n
-0000012403 00000 n
-0000234169 00000 n
-0000458933 00000 n
-0000012462 00000 n
-0000012515 00000 n
-0000234297 00000 n
-0000458854 00000 n
-0000012574 00000 n
-0000012623 00000 n
-0000237460 00000 n
-0000458775 00000 n
+0000012289 00000 n
+0000234395 00000 n
+0000460359 00000 n
+0000012343 00000 n
+0000012395 00000 n
+0000234524 00000 n
+0000460280 00000 n
+0000012454 00000 n
+0000012506 00000 n
+0000234653 00000 n
+0000460187 00000 n
+0000012565 00000 n
+0000012618 00000 n
+0000234781 00000 n
+0000460108 00000 n
0000012677 00000 n
-0000012757 00000 n
-0000240141 00000 n
-0000458642 00000 n
-0000012804 00000 n
-0000012856 00000 n
-0000240270 00000 n
-0000458563 00000 n
-0000012905 00000 n
-0000012949 00000 n
-0000244014 00000 n
-0000458431 00000 n
-0000012998 00000 n
-0000013060 00000 n
-0000244143 00000 n
-0000458352 00000 n
-0000013114 00000 n
-0000013162 00000 n
-0000244272 00000 n
-0000458273 00000 n
-0000013216 00000 n
-0000013267 00000 n
-0000244401 00000 n
-0000458194 00000 n
-0000013316 00000 n
-0000013363 00000 n
-0000247332 00000 n
-0000458061 00000 n
-0000013410 00000 n
-0000013447 00000 n
-0000247461 00000 n
-0000457943 00000 n
-0000013496 00000 n
-0000013535 00000 n
-0000247590 00000 n
-0000457878 00000 n
-0000013589 00000 n
-0000013667 00000 n
-0000247719 00000 n
-0000457785 00000 n
-0000013716 00000 n
-0000013783 00000 n
-0000247848 00000 n
-0000457706 00000 n
-0000013832 00000 n
-0000013877 00000 n
-0000251324 00000 n
-0000457587 00000 n
-0000013925 00000 n
-0000013957 00000 n
-0000251453 00000 n
-0000457469 00000 n
-0000014006 00000 n
-0000014046 00000 n
-0000251582 00000 n
-0000457404 00000 n
-0000014100 00000 n
-0000014161 00000 n
-0000254748 00000 n
-0000457272 00000 n
-0000014210 00000 n
-0000014260 00000 n
-0000254877 00000 n
-0000457168 00000 n
-0000014314 00000 n
-0000014367 00000 n
-0000255006 00000 n
-0000457089 00000 n
-0000014426 00000 n
-0000014465 00000 n
-0000255135 00000 n
-0000457010 00000 n
-0000014524 00000 n
-0000014562 00000 n
-0000255264 00000 n
-0000456878 00000 n
-0000014611 00000 n
-0000014668 00000 n
-0000255393 00000 n
-0000456813 00000 n
-0000014722 00000 n
-0000014769 00000 n
-0000259907 00000 n
-0000456695 00000 n
-0000014818 00000 n
-0000014880 00000 n
-0000260036 00000 n
-0000456616 00000 n
-0000014934 00000 n
-0000014989 00000 n
-0000271688 00000 n
-0000456523 00000 n
-0000015043 00000 n
-0000015084 00000 n
-0000271817 00000 n
-0000456444 00000 n
-0000015138 00000 n
-0000015190 00000 n
-0000015546 00000 n
-0000015794 00000 n
-0000015243 00000 n
-0000015668 00000 n
-0000015731 00000 n
-0000453423 00000 n
-0000428591 00000 n
-0000453249 00000 n
-0000427526 00000 n
-0000401489 00000 n
-0000427352 00000 n
-0000454421 00000 n
-0000016452 00000 n
-0000016267 00000 n
-0000015879 00000 n
-0000016389 00000 n
-0000400804 00000 n
-0000398659 00000 n
-0000400640 00000 n
-0000019627 00000 n
-0000018817 00000 n
-0000016537 00000 n
-0000018939 00000 n
-0000019063 00000 n
-0000019188 00000 n
-0000019313 00000 n
-0000397805 00000 n
-0000377447 00000 n
-0000397631 00000 n
-0000019438 00000 n
-0000019501 00000 n
-0000019564 00000 n
-0000376518 00000 n
-0000357190 00000 n
-0000376345 00000 n
-0000356447 00000 n
-0000339723 00000 n
-0000356274 00000 n
-0000024245 00000 n
-0000023063 00000 n
-0000019751 00000 n
-0000023557 00000 n
-0000339188 00000 n
-0000322271 00000 n
-0000339004 00000 n
-0000023620 00000 n
-0000023683 00000 n
-0000023807 00000 n
-0000023932 00000 n
-0000024057 00000 n
-0000023213 00000 n
-0000023406 00000 n
-0000024182 00000 n
-0000218927 00000 n
-0000260100 00000 n
-0000028768 00000 n
-0000027733 00000 n
-0000024369 00000 n
-0000028205 00000 n
-0000028330 00000 n
-0000027883 00000 n
-0000028045 00000 n
-0000028455 00000 n
-0000028580 00000 n
-0000028705 00000 n
-0000044966 00000 n
-0000031930 00000 n
-0000031371 00000 n
-0000028892 00000 n
-0000031493 00000 n
-0000031618 00000 n
-0000031743 00000 n
-0000031867 00000 n
-0000034871 00000 n
-0000034061 00000 n
-0000032041 00000 n
-0000034183 00000 n
-0000034308 00000 n
-0000034433 00000 n
-0000034558 00000 n
-0000034683 00000 n
-0000034808 00000 n
-0000454539 00000 n
-0000036191 00000 n
-0000035881 00000 n
-0000034956 00000 n
-0000036003 00000 n
-0000036128 00000 n
-0000038207 00000 n
-0000037522 00000 n
-0000036302 00000 n
-0000037644 00000 n
-0000037769 00000 n
-0000037893 00000 n
-0000038018 00000 n
-0000038144 00000 n
-0000041157 00000 n
-0000040414 00000 n
-0000038305 00000 n
-0000040716 00000 n
-0000040842 00000 n
-0000040905 00000 n
-0000040968 00000 n
-0000040556 00000 n
-0000041094 00000 n
-0000175319 00000 n
-0000045029 00000 n
-0000044117 00000 n
-0000041268 00000 n
-0000044588 00000 n
-0000044267 00000 n
-0000044426 00000 n
-0000044714 00000 n
-0000044840 00000 n
-0000321783 00000 n
-0000312832 00000 n
-0000321606 00000 n
-0000160016 00000 n
-0000139964 00000 n
-0000048142 00000 n
-0000047831 00000 n
-0000045153 00000 n
-0000047953 00000 n
-0000048079 00000 n
-0000312484 00000 n
-0000304913 00000 n
-0000312307 00000 n
-0000052189 00000 n
-0000051799 00000 n
-0000048292 00000 n
-0000052126 00000 n
-0000051941 00000 n
-0000454657 00000 n
-0000108464 00000 n
-0000054053 00000 n
-0000053616 00000 n
-0000052313 00000 n
-0000053738 00000 n
-0000053864 00000 n
-0000053927 00000 n
-0000053990 00000 n
-0000057012 00000 n
-0000056450 00000 n
-0000054164 00000 n
-0000056572 00000 n
-0000056698 00000 n
-0000056824 00000 n
-0000056949 00000 n
-0000061456 00000 n
-0000060662 00000 n
-0000057123 00000 n
-0000061141 00000 n
-0000061267 00000 n
-0000060812 00000 n
-0000060977 00000 n
-0000061393 00000 n
-0000260878 00000 n
-0000063960 00000 n
-0000063589 00000 n
-0000061580 00000 n
-0000063897 00000 n
-0000063731 00000 n
-0000065184 00000 n
-0000064999 00000 n
-0000064084 00000 n
-0000065121 00000 n
-0000068687 00000 n
-0000067689 00000 n
-0000065282 00000 n
-0000067995 00000 n
-0000068121 00000 n
-0000067831 00000 n
-0000068247 00000 n
-0000068373 00000 n
-0000068499 00000 n
-0000068625 00000 n
-0000454775 00000 n
-0000072168 00000 n
-0000071291 00000 n
-0000068824 00000 n
-0000071603 00000 n
-0000071729 00000 n
-0000071855 00000 n
-0000071981 00000 n
-0000071433 00000 n
-0000072105 00000 n
-0000214731 00000 n
-0000076054 00000 n
-0000075491 00000 n
-0000072305 00000 n
-0000075613 00000 n
-0000075739 00000 n
-0000075865 00000 n
-0000075991 00000 n
-0000079526 00000 n
-0000078965 00000 n
-0000076178 00000 n
-0000079087 00000 n
-0000079213 00000 n
-0000079339 00000 n
-0000079463 00000 n
-0000083528 00000 n
-0000082331 00000 n
-0000079650 00000 n
-0000082962 00000 n
-0000083088 00000 n
-0000083214 00000 n
-0000083339 00000 n
-0000082489 00000 n
-0000082646 00000 n
-0000082803 00000 n
-0000083465 00000 n
-0000087129 00000 n
-0000255457 00000 n
-0000084736 00000 n
-0000084425 00000 n
-0000083652 00000 n
-0000084547 00000 n
-0000084673 00000 n
-0000087444 00000 n
-0000086881 00000 n
-0000084847 00000 n
-0000087003 00000 n
-0000087255 00000 n
-0000087381 00000 n
-0000454893 00000 n
-0000087876 00000 n
-0000087691 00000 n
-0000087542 00000 n
-0000087813 00000 n
-0000092067 00000 n
-0000091319 00000 n
-0000087917 00000 n
-0000091627 00000 n
-0000091753 00000 n
-0000091878 00000 n
-0000091941 00000 n
-0000092004 00000 n
-0000091461 00000 n
-0000095731 00000 n
-0000096046 00000 n
-0000095483 00000 n
-0000092165 00000 n
-0000095605 00000 n
-0000095857 00000 n
-0000095983 00000 n
-0000099433 00000 n
-0000098871 00000 n
-0000096183 00000 n
-0000098993 00000 n
-0000099119 00000 n
-0000099245 00000 n
-0000099371 00000 n
-0000101928 00000 n
-0000103419 00000 n
-0000101806 00000 n
-0000099544 00000 n
-0000102853 00000 n
-0000304078 00000 n
-0000294981 00000 n
-0000303906 00000 n
-0000102979 00000 n
-0000103042 00000 n
-0000103105 00000 n
-0000103231 00000 n
-0000103357 00000 n
-0000108527 00000 n
-0000107627 00000 n
-0000103571 00000 n
-0000108086 00000 n
-0000108149 00000 n
-0000108212 00000 n
-0000108338 00000 n
-0000107777 00000 n
-0000107928 00000 n
-0000455011 00000 n
-0000272327 00000 n
-0000112716 00000 n
-0000111539 00000 n
-0000108651 00000 n
-0000112024 00000 n
-0000112150 00000 n
-0000112276 00000 n
-0000112402 00000 n
-0000112527 00000 n
-0000111689 00000 n
-0000111840 00000 n
-0000112653 00000 n
-0000116052 00000 n
-0000115615 00000 n
-0000112853 00000 n
-0000115737 00000 n
-0000115863 00000 n
-0000115989 00000 n
-0000120345 00000 n
-0000120160 00000 n
-0000116176 00000 n
-0000120282 00000 n
-0000123193 00000 n
-0000122698 00000 n
-0000120456 00000 n
-0000123006 00000 n
-0000122840 00000 n
-0000123131 00000 n
-0000126462 00000 n
-0000126025 00000 n
-0000123304 00000 n
-0000126147 00000 n
-0000126210 00000 n
-0000126273 00000 n
-0000126399 00000 n
-0000129209 00000 n
-0000128602 00000 n
-0000126573 00000 n
-0000128895 00000 n
-0000129021 00000 n
-0000128744 00000 n
-0000129147 00000 n
-0000455129 00000 n
-0000130762 00000 n
-0000130577 00000 n
-0000129320 00000 n
-0000130699 00000 n
-0000134044 00000 n
-0000135869 00000 n
-0000133922 00000 n
-0000130860 00000 n
-0000135680 00000 n
-0000135806 00000 n
-0000135512 00000 n
-0000135569 00000 n
-0000135658 00000 n
-0000140027 00000 n
-0000139540 00000 n
-0000136034 00000 n
-0000139838 00000 n
-0000139682 00000 n
-0000182670 00000 n
-0000144179 00000 n
-0000143821 00000 n
-0000140151 00000 n
-0000144116 00000 n
-0000143963 00000 n
-0000149195 00000 n
-0000148078 00000 n
-0000144303 00000 n
-0000149132 00000 n
-0000148252 00000 n
-0000148408 00000 n
-0000148592 00000 n
-0000148765 00000 n
-0000148948 00000 n
-0000185866 00000 n
-0000153869 00000 n
-0000152910 00000 n
-0000149386 00000 n
-0000153554 00000 n
-0000153680 00000 n
-0000153068 00000 n
-0000153806 00000 n
-0000153236 00000 n
-0000153399 00000 n
-0000455247 00000 n
-0000195250 00000 n
-0000178978 00000 n
-0000156861 00000 n
-0000156424 00000 n
-0000153993 00000 n
-0000156546 00000 n
-0000156672 00000 n
-0000156798 00000 n
-0000294437 00000 n
-0000286134 00000 n
-0000294264 00000 n
-0000160079 00000 n
-0000159768 00000 n
-0000157026 00000 n
-0000159890 00000 n
-0000164147 00000 n
-0000163837 00000 n
-0000160231 00000 n
-0000163959 00000 n
-0000164085 00000 n
-0000168151 00000 n
-0000167520 00000 n
-0000164299 00000 n
-0000167836 00000 n
-0000167662 00000 n
-0000167962 00000 n
-0000168088 00000 n
-0000171429 00000 n
-0000170813 00000 n
-0000168262 00000 n
-0000171114 00000 n
-0000171240 00000 n
-0000171366 00000 n
-0000170955 00000 n
-0000175382 00000 n
-0000174719 00000 n
-0000171594 00000 n
-0000175193 00000 n
-0000174871 00000 n
-0000175026 00000 n
-0000455365 00000 n
-0000179042 00000 n
-0000178593 00000 n
-0000175493 00000 n
-0000178719 00000 n
-0000178784 00000 n
-0000178849 00000 n
-0000182733 00000 n
-0000182104 00000 n
-0000179234 00000 n
-0000182412 00000 n
-0000182541 00000 n
-0000182251 00000 n
-0000185930 00000 n
-0000185352 00000 n
-0000182912 00000 n
-0000185478 00000 n
-0000185543 00000 n
-0000185608 00000 n
-0000185737 00000 n
-0000190241 00000 n
-0000189618 00000 n
-0000186042 00000 n
-0000189919 00000 n
-0000190048 00000 n
-0000190176 00000 n
-0000189765 00000 n
-0000193719 00000 n
-0000193270 00000 n
-0000190353 00000 n
-0000193396 00000 n
-0000193525 00000 n
-0000193654 00000 n
-0000195314 00000 n
-0000194995 00000 n
-0000193831 00000 n
-0000195121 00000 n
-0000455489 00000 n
-0000196595 00000 n
-0000196404 00000 n
-0000195426 00000 n
-0000196530 00000 n
-0000200841 00000 n
-0000200262 00000 n
-0000196694 00000 n
-0000200388 00000 n
-0000200517 00000 n
-0000200646 00000 n
-0000200711 00000 n
-0000200776 00000 n
-0000205651 00000 n
-0000204318 00000 n
-0000200953 00000 n
-0000205328 00000 n
-0000205457 00000 n
-0000205586 00000 n
-0000204501 00000 n
-0000204662 00000 n
-0000204824 00000 n
-0000204986 00000 n
-0000205157 00000 n
-0000244464 00000 n
-0000210347 00000 n
-0000209116 00000 n
-0000205776 00000 n
-0000210282 00000 n
-0000209308 00000 n
-0000209471 00000 n
-0000209633 00000 n
-0000209795 00000 n
-0000209957 00000 n
-0000210119 00000 n
-0000214925 00000 n
-0000213456 00000 n
-0000210472 00000 n
-0000214602 00000 n
-0000213648 00000 n
-0000213801 00000 n
-0000213963 00000 n
-0000214124 00000 n
-0000214286 00000 n
-0000214448 00000 n
-0000214795 00000 n
-0000214860 00000 n
-0000219380 00000 n
-0000218182 00000 n
-0000215037 00000 n
-0000218669 00000 n
-0000218798 00000 n
-0000219055 00000 n
-0000218338 00000 n
-0000218508 00000 n
-0000219120 00000 n
-0000219185 00000 n
-0000219250 00000 n
-0000219315 00000 n
-0000455614 00000 n
-0000223480 00000 n
-0000222835 00000 n
-0000219492 00000 n
-0000223157 00000 n
-0000223222 00000 n
-0000223287 00000 n
-0000222982 00000 n
-0000223352 00000 n
-0000223417 00000 n
-0000254941 00000 n
-0000227271 00000 n
-0000226562 00000 n
-0000223579 00000 n
-0000226688 00000 n
-0000226817 00000 n
-0000226882 00000 n
-0000226947 00000 n
-0000227012 00000 n
-0000227077 00000 n
-0000227206 00000 n
-0000231188 00000 n
-0000230349 00000 n
-0000227383 00000 n
-0000230475 00000 n
-0000230540 00000 n
-0000230605 00000 n
-0000230734 00000 n
-0000230799 00000 n
-0000230864 00000 n
-0000230993 00000 n
-0000231058 00000 n
-0000231123 00000 n
-0000234425 00000 n
-0000233720 00000 n
-0000231313 00000 n
-0000233846 00000 n
-0000233975 00000 n
-0000234104 00000 n
-0000285779 00000 n
-0000283782 00000 n
-0000285614 00000 n
-0000234232 00000 n
-0000234360 00000 n
-0000237719 00000 n
-0000237269 00000 n
-0000234618 00000 n
-0000237395 00000 n
-0000237524 00000 n
-0000237589 00000 n
-0000237654 00000 n
-0000240398 00000 n
-0000239490 00000 n
-0000237857 00000 n
-0000240076 00000 n
-0000240205 00000 n
-0000240334 00000 n
-0000239646 00000 n
-0000239861 00000 n
-0000455739 00000 n
-0000244529 00000 n
-0000243823 00000 n
-0000240524 00000 n
-0000243949 00000 n
-0000283461 00000 n
-0000274248 00000 n
-0000283275 00000 n
-0000244078 00000 n
-0000244207 00000 n
-0000244336 00000 n
-0000247976 00000 n
-0000246750 00000 n
-0000244694 00000 n
-0000247267 00000 n
-0000247396 00000 n
-0000247525 00000 n
-0000247654 00000 n
-0000247783 00000 n
-0000247912 00000 n
-0000246906 00000 n
-0000247078 00000 n
-0000248430 00000 n
-0000248239 00000 n
-0000248089 00000 n
-0000248365 00000 n
-0000251711 00000 n
-0000251133 00000 n
-0000248472 00000 n
-0000251259 00000 n
-0000251388 00000 n
-0000251517 00000 n
-0000251646 00000 n
-0000255909 00000 n
-0000254557 00000 n
-0000251797 00000 n
-0000254683 00000 n
-0000254812 00000 n
-0000255070 00000 n
-0000255199 00000 n
-0000255328 00000 n
-0000255521 00000 n
-0000255586 00000 n
-0000255651 00000 n
-0000255716 00000 n
-0000255781 00000 n
-0000255845 00000 n
-0000261460 00000 n
-0000258961 00000 n
-0000256035 00000 n
-0000259842 00000 n
-0000259971 00000 n
-0000259135 00000 n
-0000259314 00000 n
-0000259491 00000 n
-0000259666 00000 n
-0000260164 00000 n
-0000260229 00000 n
-0000260294 00000 n
-0000260359 00000 n
-0000260424 00000 n
-0000260489 00000 n
-0000260554 00000 n
-0000260618 00000 n
-0000260683 00000 n
-0000260748 00000 n
-0000260813 00000 n
-0000260942 00000 n
-0000261007 00000 n
-0000261072 00000 n
-0000261137 00000 n
-0000261202 00000 n
-0000261267 00000 n
-0000261332 00000 n
-0000261396 00000 n
-0000455864 00000 n
-0000268133 00000 n
-0000264441 00000 n
-0000261612 00000 n
-0000264567 00000 n
-0000264632 00000 n
-0000264697 00000 n
-0000264762 00000 n
-0000264827 00000 n
-0000264892 00000 n
-0000264957 00000 n
-0000265022 00000 n
-0000265087 00000 n
-0000265152 00000 n
-0000265217 00000 n
-0000265282 00000 n
-0000265347 00000 n
-0000265412 00000 n
-0000265477 00000 n
-0000265542 00000 n
-0000265607 00000 n
-0000265672 00000 n
-0000265736 00000 n
-0000265801 00000 n
-0000265866 00000 n
-0000265931 00000 n
-0000265996 00000 n
-0000266061 00000 n
-0000266126 00000 n
-0000266191 00000 n
-0000266256 00000 n
-0000266321 00000 n
-0000266386 00000 n
-0000266451 00000 n
-0000266516 00000 n
-0000266579 00000 n
-0000266644 00000 n
-0000266708 00000 n
-0000266773 00000 n
-0000266838 00000 n
-0000266903 00000 n
-0000266968 00000 n
-0000267033 00000 n
-0000267098 00000 n
-0000267163 00000 n
-0000267227 00000 n
-0000267292 00000 n
-0000267357 00000 n
-0000267422 00000 n
-0000267487 00000 n
-0000267552 00000 n
-0000267617 00000 n
-0000267682 00000 n
-0000267747 00000 n
-0000267812 00000 n
-0000267877 00000 n
-0000267941 00000 n
-0000268005 00000 n
-0000268069 00000 n
-0000272202 00000 n
-0000270198 00000 n
-0000268245 00000 n
-0000270324 00000 n
-0000270389 00000 n
-0000270454 00000 n
-0000270519 00000 n
-0000270584 00000 n
-0000270649 00000 n
-0000270714 00000 n
-0000270779 00000 n
-0000270844 00000 n
-0000270909 00000 n
-0000270974 00000 n
-0000271039 00000 n
-0000271104 00000 n
-0000271168 00000 n
-0000271233 00000 n
-0000271298 00000 n
-0000271363 00000 n
-0000271428 00000 n
-0000271493 00000 n
-0000271558 00000 n
-0000271623 00000 n
-0000271752 00000 n
-0000271881 00000 n
-0000271946 00000 n
-0000272010 00000 n
-0000272074 00000 n
-0000272138 00000 n
-0000272359 00000 n
-0000283703 00000 n
-0000286026 00000 n
-0000285995 00000 n
-0000294722 00000 n
-0000304486 00000 n
-0000312727 00000 n
-0000322046 00000 n
-0000339528 00000 n
-0000356867 00000 n
-0000377072 00000 n
-0000398209 00000 n
-0000401291 00000 n
-0000401061 00000 n
-0000428094 00000 n
-0000453937 00000 n
-0000455962 00000 n
-0000456082 00000 n
-0000456206 00000 n
-0000456286 00000 n
-0000456368 00000 n
-0000470446 00000 n
-0000482471 00000 n
-0000482512 00000 n
-0000482552 00000 n
-0000482686 00000 n
+0000012726 00000 n
+0000237954 00000 n
+0000460029 00000 n
+0000012780 00000 n
+0000012860 00000 n
+0000240635 00000 n
+0000459896 00000 n
+0000012907 00000 n
+0000012959 00000 n
+0000240764 00000 n
+0000459817 00000 n
+0000013008 00000 n
+0000013052 00000 n
+0000244507 00000 n
+0000459685 00000 n
+0000013101 00000 n
+0000013163 00000 n
+0000244636 00000 n
+0000459606 00000 n
+0000013217 00000 n
+0000013265 00000 n
+0000244765 00000 n
+0000459527 00000 n
+0000013319 00000 n
+0000013370 00000 n
+0000244894 00000 n
+0000459448 00000 n
+0000013419 00000 n
+0000013466 00000 n
+0000247817 00000 n
+0000459315 00000 n
+0000013513 00000 n
+0000013550 00000 n
+0000247946 00000 n
+0000459197 00000 n
+0000013599 00000 n
+0000013638 00000 n
+0000248075 00000 n
+0000459132 00000 n
+0000013692 00000 n
+0000013770 00000 n
+0000248204 00000 n
+0000459039 00000 n
+0000013819 00000 n
+0000013886 00000 n
+0000248333 00000 n
+0000458960 00000 n
+0000013935 00000 n
+0000013980 00000 n
+0000251823 00000 n
+0000458841 00000 n
+0000014028 00000 n
+0000014060 00000 n
+0000251952 00000 n
+0000458723 00000 n
+0000014109 00000 n
+0000014149 00000 n
+0000252081 00000 n
+0000458658 00000 n
+0000014203 00000 n
+0000014264 00000 n
+0000255086 00000 n
+0000458526 00000 n
+0000014313 00000 n
+0000014363 00000 n
+0000255215 00000 n
+0000458422 00000 n
+0000014417 00000 n
+0000014470 00000 n
+0000255344 00000 n
+0000458343 00000 n
+0000014529 00000 n
+0000014568 00000 n
+0000255473 00000 n
+0000458264 00000 n
+0000014627 00000 n
+0000014665 00000 n
+0000255602 00000 n
+0000458132 00000 n
+0000014714 00000 n
+0000014771 00000 n
+0000255731 00000 n
+0000458067 00000 n
+0000014825 00000 n
+0000014872 00000 n
+0000260386 00000 n
+0000457949 00000 n
+0000014921 00000 n
+0000014983 00000 n
+0000260515 00000 n
+0000457870 00000 n
+0000015037 00000 n
+0000015092 00000 n
+0000272524 00000 n
+0000457777 00000 n
+0000015146 00000 n
+0000015187 00000 n
+0000272653 00000 n
+0000457698 00000 n
+0000015241 00000 n
+0000015293 00000 n
+0000015647 00000 n
+0000015895 00000 n
+0000015346 00000 n
+0000015769 00000 n
+0000015832 00000 n
+0000454676 00000 n
+0000429844 00000 n
+0000454502 00000 n
+0000428640 00000 n
+0000402388 00000 n
+0000428466 00000 n
+0000455674 00000 n
+0000016554 00000 n
+0000016369 00000 n
+0000015980 00000 n
+0000016491 00000 n
+0000401703 00000 n
+0000399559 00000 n
+0000401539 00000 n
+0000019729 00000 n
+0000018919 00000 n
+0000016639 00000 n
+0000019041 00000 n
+0000019165 00000 n
+0000019290 00000 n
+0000019415 00000 n
+0000398705 00000 n
+0000378347 00000 n
+0000398531 00000 n
+0000019540 00000 n
+0000019603 00000 n
+0000019666 00000 n
+0000377418 00000 n
+0000358090 00000 n
+0000377245 00000 n
+0000357347 00000 n
+0000340623 00000 n
+0000357174 00000 n
+0000024201 00000 n
+0000023019 00000 n
+0000019853 00000 n
+0000023513 00000 n
+0000340088 00000 n
+0000323171 00000 n
+0000339904 00000 n
+0000023576 00000 n
+0000023639 00000 n
+0000023764 00000 n
+0000023889 00000 n
+0000024014 00000 n
+0000023169 00000 n
+0000023362 00000 n
+0000024139 00000 n
+0000219408 00000 n
+0000260579 00000 n
+0000028887 00000 n
+0000027852 00000 n
+0000024325 00000 n
+0000028324 00000 n
+0000028449 00000 n
+0000028002 00000 n
+0000028164 00000 n
+0000028574 00000 n
+0000028699 00000 n
+0000028824 00000 n
+0000045085 00000 n
+0000032049 00000 n
+0000031490 00000 n
+0000029011 00000 n
+0000031612 00000 n
+0000031737 00000 n
+0000031862 00000 n
+0000031986 00000 n
+0000034990 00000 n
+0000034180 00000 n
+0000032160 00000 n
+0000034302 00000 n
+0000034427 00000 n
+0000034552 00000 n
+0000034677 00000 n
+0000034802 00000 n
+0000034927 00000 n
+0000455792 00000 n
+0000036310 00000 n
+0000036000 00000 n
+0000035075 00000 n
+0000036122 00000 n
+0000036247 00000 n
+0000038326 00000 n
+0000037641 00000 n
+0000036421 00000 n
+0000037763 00000 n
+0000037888 00000 n
+0000038012 00000 n
+0000038137 00000 n
+0000038263 00000 n
+0000041276 00000 n
+0000040533 00000 n
+0000038424 00000 n
+0000040835 00000 n
+0000040961 00000 n
+0000041024 00000 n
+0000041087 00000 n
+0000040675 00000 n
+0000041213 00000 n
+0000175797 00000 n
+0000045148 00000 n
+0000044236 00000 n
+0000041387 00000 n
+0000044707 00000 n
+0000044386 00000 n
+0000044545 00000 n
+0000044833 00000 n
+0000044959 00000 n
+0000322683 00000 n
+0000313733 00000 n
+0000322506 00000 n
+0000160487 00000 n
+0000140423 00000 n
+0000048449 00000 n
+0000048138 00000 n
+0000045272 00000 n
+0000048260 00000 n
+0000048386 00000 n
+0000313385 00000 n
+0000305814 00000 n
+0000313208 00000 n
+0000052496 00000 n
+0000052106 00000 n
+0000048599 00000 n
+0000052433 00000 n
+0000052248 00000 n
+0000455910 00000 n
+0000108922 00000 n
+0000054360 00000 n
+0000053923 00000 n
+0000052620 00000 n
+0000054045 00000 n
+0000054171 00000 n
+0000054234 00000 n
+0000054297 00000 n
+0000057319 00000 n
+0000056757 00000 n
+0000054471 00000 n
+0000056879 00000 n
+0000057005 00000 n
+0000057131 00000 n
+0000057256 00000 n
+0000061879 00000 n
+0000060960 00000 n
+0000057430 00000 n
+0000061438 00000 n
+0000061564 00000 n
+0000061110 00000 n
+0000061274 00000 n
+0000061690 00000 n
+0000061816 00000 n
+0000264541 00000 n
+0000064403 00000 n
+0000064032 00000 n
+0000062003 00000 n
+0000064340 00000 n
+0000064174 00000 n
+0000065610 00000 n
+0000065425 00000 n
+0000064527 00000 n
+0000065547 00000 n
+0000069130 00000 n
+0000068132 00000 n
+0000065708 00000 n
+0000068439 00000 n
+0000068565 00000 n
+0000068274 00000 n
+0000068691 00000 n
+0000068817 00000 n
+0000068942 00000 n
+0000069068 00000 n
+0000456028 00000 n
+0000072611 00000 n
+0000071734 00000 n
+0000069267 00000 n
+0000072046 00000 n
+0000072172 00000 n
+0000072298 00000 n
+0000072424 00000 n
+0000071876 00000 n
+0000072548 00000 n
+0000215212 00000 n
+0000076509 00000 n
+0000075946 00000 n
+0000072748 00000 n
+0000076068 00000 n
+0000076194 00000 n
+0000076320 00000 n
+0000076446 00000 n
+0000079982 00000 n
+0000079421 00000 n
+0000076633 00000 n
+0000079543 00000 n
+0000079669 00000 n
+0000079795 00000 n
+0000079919 00000 n
+0000083984 00000 n
+0000082787 00000 n
+0000080106 00000 n
+0000083418 00000 n
+0000083544 00000 n
+0000083670 00000 n
+0000083795 00000 n
+0000082945 00000 n
+0000083102 00000 n
+0000083259 00000 n
+0000083921 00000 n
+0000087585 00000 n
+0000255795 00000 n
+0000085192 00000 n
+0000084881 00000 n
+0000084108 00000 n
+0000085003 00000 n
+0000085129 00000 n
+0000087900 00000 n
+0000087337 00000 n
+0000085303 00000 n
+0000087459 00000 n
+0000087711 00000 n
+0000087837 00000 n
+0000456146 00000 n
+0000088332 00000 n
+0000088147 00000 n
+0000087998 00000 n
+0000088269 00000 n
+0000092527 00000 n
+0000091779 00000 n
+0000088373 00000 n
+0000092087 00000 n
+0000092213 00000 n
+0000092338 00000 n
+0000092401 00000 n
+0000092464 00000 n
+0000091921 00000 n
+0000096191 00000 n
+0000096506 00000 n
+0000095943 00000 n
+0000092625 00000 n
+0000096065 00000 n
+0000096317 00000 n
+0000096443 00000 n
+0000099891 00000 n
+0000099329 00000 n
+0000096643 00000 n
+0000099451 00000 n
+0000099577 00000 n
+0000099703 00000 n
+0000099829 00000 n
+0000102386 00000 n
+0000103877 00000 n
+0000102264 00000 n
+0000100002 00000 n
+0000103311 00000 n
+0000304963 00000 n
+0000295822 00000 n
+0000304791 00000 n
+0000103437 00000 n
+0000103500 00000 n
+0000103563 00000 n
+0000103689 00000 n
+0000103815 00000 n
+0000108985 00000 n
+0000108085 00000 n
+0000104029 00000 n
+0000108544 00000 n
+0000108607 00000 n
+0000108670 00000 n
+0000108796 00000 n
+0000108235 00000 n
+0000108386 00000 n
+0000456264 00000 n
+0000273167 00000 n
+0000113174 00000 n
+0000111997 00000 n
+0000109109 00000 n
+0000112482 00000 n
+0000112608 00000 n
+0000112734 00000 n
+0000112860 00000 n
+0000112985 00000 n
+0000112147 00000 n
+0000112298 00000 n
+0000113111 00000 n
+0000116510 00000 n
+0000116073 00000 n
+0000113311 00000 n
+0000116195 00000 n
+0000116321 00000 n
+0000116447 00000 n
+0000120803 00000 n
+0000120618 00000 n
+0000116634 00000 n
+0000120740 00000 n
+0000123651 00000 n
+0000123156 00000 n
+0000120914 00000 n
+0000123464 00000 n
+0000123298 00000 n
+0000123589 00000 n
+0000126920 00000 n
+0000126483 00000 n
+0000123762 00000 n
+0000126605 00000 n
+0000126668 00000 n
+0000126731 00000 n
+0000126857 00000 n
+0000129668 00000 n
+0000129060 00000 n
+0000127031 00000 n
+0000129354 00000 n
+0000129480 00000 n
+0000129202 00000 n
+0000129606 00000 n
+0000456382 00000 n
+0000131221 00000 n
+0000131036 00000 n
+0000129779 00000 n
+0000131158 00000 n
+0000134503 00000 n
+0000136328 00000 n
+0000134381 00000 n
+0000131319 00000 n
+0000136139 00000 n
+0000136265 00000 n
+0000135971 00000 n
+0000136028 00000 n
+0000136117 00000 n
+0000140486 00000 n
+0000139999 00000 n
+0000136493 00000 n
+0000140297 00000 n
+0000140141 00000 n
+0000183150 00000 n
+0000144638 00000 n
+0000144280 00000 n
+0000140610 00000 n
+0000144575 00000 n
+0000144422 00000 n
+0000149666 00000 n
+0000148549 00000 n
+0000144762 00000 n
+0000149603 00000 n
+0000148723 00000 n
+0000148879 00000 n
+0000149063 00000 n
+0000149236 00000 n
+0000149419 00000 n
+0000186346 00000 n
+0000154340 00000 n
+0000153381 00000 n
+0000149857 00000 n
+0000154025 00000 n
+0000154151 00000 n
+0000153539 00000 n
+0000154277 00000 n
+0000153707 00000 n
+0000153870 00000 n
+0000456500 00000 n
+0000195730 00000 n
+0000179458 00000 n
+0000157332 00000 n
+0000156895 00000 n
+0000154464 00000 n
+0000157017 00000 n
+0000157143 00000 n
+0000157269 00000 n
+0000295278 00000 n
+0000286975 00000 n
+0000295105 00000 n
+0000160550 00000 n
+0000160239 00000 n
+0000157497 00000 n
+0000160361 00000 n
+0000164618 00000 n
+0000164308 00000 n
+0000160702 00000 n
+0000164430 00000 n
+0000164556 00000 n
+0000168622 00000 n
+0000167991 00000 n
+0000164770 00000 n
+0000168307 00000 n
+0000168133 00000 n
+0000168433 00000 n
+0000168559 00000 n
+0000171898 00000 n
+0000171282 00000 n
+0000168733 00000 n
+0000171583 00000 n
+0000171709 00000 n
+0000171835 00000 n
+0000171424 00000 n
+0000175861 00000 n
+0000175189 00000 n
+0000172063 00000 n
+0000175668 00000 n
+0000175345 00000 n
+0000175501 00000 n
+0000456618 00000 n
+0000179522 00000 n
+0000179073 00000 n
+0000175973 00000 n
+0000179199 00000 n
+0000179264 00000 n
+0000179329 00000 n
+0000183213 00000 n
+0000182584 00000 n
+0000179714 00000 n
+0000182892 00000 n
+0000183021 00000 n
+0000182731 00000 n
+0000186410 00000 n
+0000185832 00000 n
+0000183392 00000 n
+0000185958 00000 n
+0000186023 00000 n
+0000186088 00000 n
+0000186217 00000 n
+0000190721 00000 n
+0000190098 00000 n
+0000186522 00000 n
+0000190399 00000 n
+0000190528 00000 n
+0000190656 00000 n
+0000190245 00000 n
+0000194199 00000 n
+0000193750 00000 n
+0000190833 00000 n
+0000193876 00000 n
+0000194005 00000 n
+0000194134 00000 n
+0000195794 00000 n
+0000195475 00000 n
+0000194311 00000 n
+0000195601 00000 n
+0000456743 00000 n
+0000197075 00000 n
+0000196884 00000 n
+0000195906 00000 n
+0000197010 00000 n
+0000201320 00000 n
+0000200741 00000 n
+0000197174 00000 n
+0000200867 00000 n
+0000200996 00000 n
+0000201125 00000 n
+0000201190 00000 n
+0000201255 00000 n
+0000206132 00000 n
+0000204799 00000 n
+0000201432 00000 n
+0000205809 00000 n
+0000205938 00000 n
+0000206067 00000 n
+0000204982 00000 n
+0000205143 00000 n
+0000205305 00000 n
+0000205467 00000 n
+0000205638 00000 n
+0000244957 00000 n
+0000210828 00000 n
+0000209597 00000 n
+0000206257 00000 n
+0000210763 00000 n
+0000209789 00000 n
+0000209952 00000 n
+0000210114 00000 n
+0000210276 00000 n
+0000210438 00000 n
+0000210600 00000 n
+0000215406 00000 n
+0000213937 00000 n
+0000210953 00000 n
+0000215083 00000 n
+0000214129 00000 n
+0000214282 00000 n
+0000214444 00000 n
+0000214605 00000 n
+0000214767 00000 n
+0000214929 00000 n
+0000215276 00000 n
+0000215341 00000 n
+0000219861 00000 n
+0000218663 00000 n
+0000215518 00000 n
+0000219150 00000 n
+0000219279 00000 n
+0000219536 00000 n
+0000218819 00000 n
+0000218989 00000 n
+0000219601 00000 n
+0000219666 00000 n
+0000219731 00000 n
+0000219796 00000 n
+0000456868 00000 n
+0000223962 00000 n
+0000223317 00000 n
+0000219973 00000 n
+0000223639 00000 n
+0000223704 00000 n
+0000223769 00000 n
+0000223464 00000 n
+0000223834 00000 n
+0000223899 00000 n
+0000255279 00000 n
+0000227753 00000 n
+0000227044 00000 n
+0000224061 00000 n
+0000227170 00000 n
+0000227299 00000 n
+0000227364 00000 n
+0000227429 00000 n
+0000227494 00000 n
+0000227559 00000 n
+0000227688 00000 n
+0000231670 00000 n
+0000230831 00000 n
+0000227865 00000 n
+0000230957 00000 n
+0000231022 00000 n
+0000231087 00000 n
+0000231216 00000 n
+0000231281 00000 n
+0000231346 00000 n
+0000231475 00000 n
+0000231540 00000 n
+0000231605 00000 n
+0000234909 00000 n
+0000234204 00000 n
+0000231795 00000 n
+0000234330 00000 n
+0000234459 00000 n
+0000234588 00000 n
+0000286620 00000 n
+0000284622 00000 n
+0000286455 00000 n
+0000234716 00000 n
+0000234844 00000 n
+0000238213 00000 n
+0000237763 00000 n
+0000235102 00000 n
+0000237889 00000 n
+0000238018 00000 n
+0000238083 00000 n
+0000238148 00000 n
+0000240892 00000 n
+0000239984 00000 n
+0000238351 00000 n
+0000240570 00000 n
+0000240699 00000 n
+0000240828 00000 n
+0000240140 00000 n
+0000240355 00000 n
+0000456993 00000 n
+0000245022 00000 n
+0000244316 00000 n
+0000241018 00000 n
+0000244442 00000 n
+0000284301 00000 n
+0000275088 00000 n
+0000284115 00000 n
+0000244571 00000 n
+0000244700 00000 n
+0000244829 00000 n
+0000248461 00000 n
+0000247235 00000 n
+0000245187 00000 n
+0000247752 00000 n
+0000247881 00000 n
+0000248010 00000 n
+0000248139 00000 n
+0000248268 00000 n
+0000248397 00000 n
+0000247391 00000 n
+0000247563 00000 n
+0000248915 00000 n
+0000248724 00000 n
+0000248574 00000 n
+0000248850 00000 n
+0000252210 00000 n
+0000251632 00000 n
+0000248957 00000 n
+0000251758 00000 n
+0000251887 00000 n
+0000252016 00000 n
+0000252145 00000 n
+0000256119 00000 n
+0000254895 00000 n
+0000252296 00000 n
+0000255021 00000 n
+0000255150 00000 n
+0000255408 00000 n
+0000255537 00000 n
+0000255666 00000 n
+0000255859 00000 n
+0000255924 00000 n
+0000255989 00000 n
+0000256054 00000 n
+0000261290 00000 n
+0000259309 00000 n
+0000256245 00000 n
+0000260192 00000 n
+0000260257 00000 n
+0000260321 00000 n
+0000260450 00000 n
+0000259483 00000 n
+0000259662 00000 n
+0000259840 00000 n
+0000260016 00000 n
+0000260643 00000 n
+0000260708 00000 n
+0000260773 00000 n
+0000260838 00000 n
+0000260903 00000 n
+0000260968 00000 n
+0000261033 00000 n
+0000261098 00000 n
+0000261162 00000 n
+0000261226 00000 n
+0000457118 00000 n
+0000267976 00000 n
+0000264285 00000 n
+0000261442 00000 n
+0000264411 00000 n
+0000264476 00000 n
+0000264605 00000 n
+0000264670 00000 n
+0000264734 00000 n
+0000264799 00000 n
+0000264864 00000 n
+0000264929 00000 n
+0000264994 00000 n
+0000265059 00000 n
+0000265124 00000 n
+0000265188 00000 n
+0000265253 00000 n
+0000265318 00000 n
+0000265382 00000 n
+0000265447 00000 n
+0000265512 00000 n
+0000265577 00000 n
+0000265642 00000 n
+0000265707 00000 n
+0000265772 00000 n
+0000265837 00000 n
+0000265902 00000 n
+0000265967 00000 n
+0000266032 00000 n
+0000266097 00000 n
+0000266161 00000 n
+0000266226 00000 n
+0000266291 00000 n
+0000266356 00000 n
+0000266421 00000 n
+0000266486 00000 n
+0000266551 00000 n
+0000266616 00000 n
+0000266681 00000 n
+0000266746 00000 n
+0000266811 00000 n
+0000266876 00000 n
+0000266941 00000 n
+0000267006 00000 n
+0000267070 00000 n
+0000267135 00000 n
+0000267200 00000 n
+0000267265 00000 n
+0000267330 00000 n
+0000267395 00000 n
+0000267460 00000 n
+0000267525 00000 n
+0000267590 00000 n
+0000267655 00000 n
+0000267720 00000 n
+0000267784 00000 n
+0000267848 00000 n
+0000267912 00000 n
+0000273042 00000 n
+0000270386 00000 n
+0000268088 00000 n
+0000270512 00000 n
+0000270577 00000 n
+0000270642 00000 n
+0000270707 00000 n
+0000270772 00000 n
+0000270837 00000 n
+0000270902 00000 n
+0000270967 00000 n
+0000271032 00000 n
+0000271097 00000 n
+0000271162 00000 n
+0000271227 00000 n
+0000271292 00000 n
+0000271357 00000 n
+0000271422 00000 n
+0000271487 00000 n
+0000271552 00000 n
+0000271617 00000 n
+0000271682 00000 n
+0000271747 00000 n
+0000271812 00000 n
+0000271877 00000 n
+0000271942 00000 n
+0000272007 00000 n
+0000272072 00000 n
+0000272136 00000 n
+0000272201 00000 n
+0000272265 00000 n
+0000272330 00000 n
+0000272395 00000 n
+0000272460 00000 n
+0000272588 00000 n
+0000272717 00000 n
+0000272782 00000 n
+0000272847 00000 n
+0000272912 00000 n
+0000272977 00000 n
+0000273199 00000 n
+0000284543 00000 n
+0000286867 00000 n
+0000286836 00000 n
+0000295563 00000 n
+0000305378 00000 n
+0000313628 00000 n
+0000322946 00000 n
+0000340428 00000 n
+0000357767 00000 n
+0000377972 00000 n
+0000399109 00000 n
+0000402190 00000 n
+0000401960 00000 n
+0000429215 00000 n
+0000455190 00000 n
+0000457216 00000 n
+0000457336 00000 n
+0000457460 00000 n
+0000457540 00000 n
+0000457622 00000 n
+0000471804 00000 n
+0000483877 00000 n
+0000483918 00000 n
+0000483958 00000 n
+0000484092 00000 n
trailer
<<
-/Size 1346
-/Root 1344 0 R
-/Info 1345 0 R
-/ID [<73DCA9199455A6A38FCB9E4820896090> <73DCA9199455A6A38FCB9E4820896090>]
+/Size 1351
+/Root 1349 0 R
+/Info 1350 0 R
+/ID [<074F60B6803A3962AEA60A9080600248> <074F60B6803A3962AEA60A9080600248>]
>>
startxref
-482950
+484356
%%EOF
diff --git a/doc/arm/Makefile.in b/doc/arm/Makefile.in
index f5dcb040..019ed09a 100644
--- a/doc/arm/Makefile.in
+++ b/doc/arm/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001, 2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.8.2.5 2005/05/13 01:21:57 marka Exp $
+# $Id: Makefile.in,v 1.8.2.7 2007/02/07 23:57:56 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -52,12 +52,12 @@ Bv9ARM.tex: Bv9ARM-book.xml
Bv9ARM.dvi: Bv9ARM.tex
rm -f Bv9ARM-book.aux Bv9ARM-book.dvi Bv9ARM-book.log
- ${LATEX} '\batchmode\input Bv9ARM.tex' || rm -f $@
- ${LATEX} '\batchmode\input Bv9ARM.tex' || rm -f $@
- ${LATEX} '\batchmode\input Bv9ARM.tex' || rm -f $@
+ ${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@; exit 1)
+ ${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@; exit 1)
+ ${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@; exit 1)
Bv9ARM.pdf: Bv9ARM.tex
rm -f Bv9ARM-book.aux Bv9ARM-book.pdf Bv9ARM-book.log
- ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || rm -f $@
- ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || rm -f $@
- ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || rm -f $@
+ ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@; exit 1)
+ ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@; exit 1)
+ ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@; exit 1)
diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in
index 6103c576..7dc0ecdd 100644
--- a/doc/misc/Makefile.in
+++ b/doc/misc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.1.2.1 2004/03/09 06:10:40 marka Exp $
+# $Id: Makefile.in,v 1.1.2.3 2007/01/30 23:52:52 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -30,7 +30,18 @@ doc man:: ${MANOBJS}
docclean manclean maintainer-clean::
rm -f options
-options:
- ../../bin/tests/cfg_test --named --grammar | \
- ${PERL} ${srcdir}/format-options.pl >options || \
- rm -f options
+# Do not make options depend on ../../bin/tests/cfg_test, doing so
+# will cause excessively clever versions of make to attempt to build
+# that program right here, right now, if it is missing, which will
+# cause make doc to bomb.
+
+CFG_TEST = ../../bin/tests/cfg_test
+
+options: FORCE
+ if test -x ${CFG_TEST} && \
+ ${CFG_TEST} --named --grammar | \
+ ${PERL} ${srcdir}/format-options.pl >$@.new ; then \
+ mv -f $@.new $@ ; \
+ else \
+ rm -f $@.new ; \
+ fi
diff --git a/doc/rfc/index b/doc/rfc/index
index 5c588db9..990d4a90 100644
--- a/doc/rfc/index
+++ b/doc/rfc/index
@@ -101,3 +101,14 @@
4035: Protocol Modifications for the DNS Security Extensions
4074: Common Misbehavior Against DNS Queries for IPv6 Addresses
4159: Deprecation of "ip6.int"
+4193: Unique Local IPv6 Unicast Addresses
+4255: Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
+4343: Domain Name System (DNS) Case Insensitivity Clarification
+4367: What's in a Name: False Assumptions about DNS Names
+4398: Storing Certificates in the Domain Name System (DNS)
+4431: The DNSSEC Lookaside Validation (DLV) DNS Resource Record
+4408: Sender Policy Framework (SPF) for Authorizing Use of Domains
+ in E-Mail, Version 1
+4470: Minimally Covering NSEC Records and DNSSEC On-line Signing
+4634: US Secure Hash Algorithms (SHA and HMAC-SHA)
+4641: DNSSEC Operational Practices
diff --git a/doc/rfc/rfc4193.txt b/doc/rfc/rfc4193.txt
new file mode 100644
index 00000000..17e2c0b4
--- /dev/null
+++ b/doc/rfc/rfc4193.txt
@@ -0,0 +1,899 @@
+
+
+
+
+
+
+Network Working Group R. Hinden
+Request for Comments: 4193 Nokia
+Category: Standards Track B. Haberman
+ JHU-APL
+ October 2005
+
+
+ Unique Local IPv6 Unicast Addresses
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2005).
+
+Abstract
+
+ This document defines an IPv6 unicast address format that is globally
+ unique and is intended for local communications, usually inside of a
+ site. These addresses are not expected to be routable on the global
+ Internet.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. Acknowledgements ................................................3
+ 3. Local IPv6 Unicast Addresses ....................................3
+ 3.1. Format .....................................................3
+ 3.1.1. Background ..........................................4
+ 3.2. Global ID ..................................................4
+ 3.2.1. Locally Assigned Global IDs .........................5
+ 3.2.2. Sample Code for Pseudo-Random Global ID Algorithm ...5
+ 3.2.3. Analysis of the Uniqueness of Global IDs ............6
+ 3.3. Scope Definition ...........................................6
+ 4. Operational Guidelines ..........................................7
+ 4.1. Routing ....................................................7
+ 4.2. Renumbering and Site Merging ...............................7
+ 4.3. Site Border Router and Firewall Packet Filtering ...........8
+ 4.4. DNS Issues .................................................8
+ 4.5. Application and Higher Level Protocol Issues ...............9
+ 4.6. Use of Local IPv6 Addresses for Local Communication ........9
+ 4.7. Use of Local IPv6 Addresses with VPNs .....................10
+
+
+
+Hinden & Haberman Standards Track [Page 1]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ 5. Global Routing Considerations ..................................11
+ 5.1. From the Standpoint of the Internet .......................11
+ 5.2. From the Standpoint of a Site .............................11
+ 6. Advantages and Disadvantages ...................................12
+ 6.1. Advantages ................................................12
+ 6.2. Disadvantages .............................................13
+ 7. Security Considerations ........................................13
+ 8. IANA Considerations ............................................13
+ 9. References .....................................................13
+ 9.1. Normative References ......................................13
+ 9.2. Informative References ....................................14
+
+1. Introduction
+
+ This document defines an IPv6 unicast address format that is globally
+ unique and is intended for local communications [IPV6]. These
+ addresses are called Unique Local IPv6 Unicast Addresses and are
+ abbreviated in this document as Local IPv6 addresses. They are not
+ expected to be routable on the global Internet. They are routable
+ inside of a more limited area such as a site. They may also be
+ routed between a limited set of sites.
+
+ Local IPv6 unicast addresses have the following characteristics:
+
+ - Globally unique prefix (with high probability of uniqueness).
+
+ - Well-known prefix to allow for easy filtering at site
+ boundaries.
+
+ - Allow sites to be combined or privately interconnected without
+ creating any address conflicts or requiring renumbering of
+ interfaces that use these prefixes.
+
+ - Internet Service Provider independent and can be used for
+ communications inside of a site without having any permanent or
+ intermittent Internet connectivity.
+
+ - If accidentally leaked outside of a site via routing or DNS,
+ there is no conflict with any other addresses.
+
+ - In practice, applications may treat these addresses like global
+ scoped addresses.
+
+ This document defines the format of Local IPv6 addresses, how to
+ allocate them, and usage considerations including routing, site
+ border routers, DNS, application support, VPN usage, and guidelines
+ for how to use for local communication inside a site.
+
+
+
+
+Hinden & Haberman Standards Track [Page 2]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+2. Acknowledgements
+
+ The underlying idea of creating Local IPv6 addresses described in
+ this document has been proposed a number of times by a variety of
+ people. The authors of this document do not claim exclusive credit.
+ Credit goes to Brian Carpenter, Christian Huitema, Aidan Williams,
+ Andrew White, Charlie Perkins, and many others. The authors would
+ also like to thank Brian Carpenter, Charlie Perkins, Harald
+ Alvestrand, Keith Moore, Margaret Wasserman, Shannon Behrens, Alan
+ Beard, Hans Kruse, Geoff Huston, Pekka Savola, Christian Huitema, Tim
+ Chown, Steve Bellovin, Alex Zinin, Tony Hain, Bill Fenner, Sam
+ Hartman, and Elwyn Davies for their comments and suggestions on this
+ document.
+
+3. Local IPv6 Unicast Addresses
+
+3.1. Format
+
+ The Local IPv6 addresses are created using a pseudo-randomly
+ allocated global ID. They have the following format:
+
+ | 7 bits |1| 40 bits | 16 bits | 64 bits |
+ +--------+-+------------+-----------+----------------------------+
+ | Prefix |L| Global ID | Subnet ID | Interface ID |
+ +--------+-+------------+-----------+----------------------------+
+
+ Where:
+
+ Prefix FC00::/7 prefix to identify Local IPv6 unicast
+ addresses.
+
+ L Set to 1 if the prefix is locally assigned.
+ Set to 0 may be defined in the future. See
+ Section 3.2 for additional information.
+
+ Global ID 40-bit global identifier used to create a
+ globally unique prefix. See Section 3.2 for
+ additional information.
+
+ Subnet ID 16-bit Subnet ID is an identifier of a subnet
+ within the site.
+
+ Interface ID 64-bit Interface ID as defined in [ADDARCH].
+
+
+
+
+Hinden & Haberman Standards Track [Page 3]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+3.1.1. Background
+
+ There were a range of choices available when choosing the size of the
+ prefix and Global ID field length. There is a direct tradeoff
+ between having a Global ID field large enough to support foreseeable
+ future growth and not using too much of the IPv6 address space
+ needlessly. A reasonable way of evaluating a specific field length
+ is to compare it to a projected 2050 world population of 9.3 billion
+ [POPUL] and the number of resulting /48 prefixes per person. A range
+ of prefix choices is shown in the following table:
+
+ Prefix Global ID Number of Prefixes % of IPv6
+ Length /48 Prefixes per Person Address Space
+
+ /11 37 137,438,953,472 15 0.049%
+ /10 38 274,877,906,944 30 0.098%
+ /9 39 549,755,813,888 59 0.195%
+ /8 40 1,099,511,627,776 118 0.391%
+ /7 41 2,199,023,255,552 236 0.781%
+ /6 42 4,398,046,511,104 473 1.563%
+
+ A very high utilization ratio of these allocations can be assumed
+ because the Global ID field does not require internal structure, and
+ there is no reason to be able to aggregate the prefixes.
+
+ The authors believe that a /7 prefix resulting in a 41-bit Global ID
+ space (including the L bit) is a good choice. It provides for a
+ large number of assignments (i.e., 2.2 trillion) and at the same time
+ uses less than .8% of the total IPv6 address space. It is unlikely
+ that this space will be exhausted. If more than this were to be
+ needed, then additional IPv6 address space could be allocated for
+ this purpose.
+
+3.2. Global ID
+
+ The allocation of Global IDs is pseudo-random [RANDOM]. They MUST
+ NOT be assigned sequentially or with well-known numbers. This is to
+ ensure that there is not any relationship between allocations and to
+ help clarify that these prefixes are not intended to be routed
+ globally. Specifically, these prefixes are not designed to
+ aggregate.
+
+ This document defines a specific local method to allocate Global IDs,
+ indicated by setting the L bit to 1. Another method, indicated by
+ clearing the L bit, may be defined later. Apart from the allocation
+ method, all Local IPv6 addresses behave and are treated identically.
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 4]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ The local assignments are self-generated and do not need any central
+ coordination or assignment, but have an extremely high probability of
+ being unique.
+
+3.2.1. Locally Assigned Global IDs
+
+ Locally assigned Global IDs MUST be generated with a pseudo-random
+ algorithm consistent with [RANDOM]. Section 3.2.2 describes a
+ suggested algorithm. It is important that all sites generating
+ Global IDs use a functionally similar algorithm to ensure there is a
+ high probability of uniqueness.
+
+ The use of a pseudo-random algorithm to generate Global IDs in the
+ locally assigned prefix gives an assurance that any network numbered
+ using such a prefix is highly unlikely to have that address space
+ clash with any other network that has another locally assigned prefix
+ allocated to it. This is a particularly useful property when
+ considering a number of scenarios including networks that merge,
+ overlapping VPN address space, or hosts mobile between such networks.
+
+3.2.2. Sample Code for Pseudo-Random Global ID Algorithm
+
+ The algorithm described below is intended to be used for locally
+ assigned Global IDs. In each case the resulting global ID will be
+ used in the appropriate prefix as defined in Section 3.2.
+
+ 1) Obtain the current time of day in 64-bit NTP format [NTP].
+
+ 2) Obtain an EUI-64 identifier from the system running this
+ algorithm. If an EUI-64 does not exist, one can be created from
+ a 48-bit MAC address as specified in [ADDARCH]. If an EUI-64
+ cannot be obtained or created, a suitably unique identifier,
+ local to the node, should be used (e.g., system serial number).
+
+ 3) Concatenate the time of day with the system-specific identifier
+ in order to create a key.
+
+ 4) Compute an SHA-1 digest on the key as specified in [FIPS, SHA1];
+ the resulting value is 160 bits.
+
+ 5) Use the least significant 40 bits as the Global ID.
+
+ 6) Concatenate FC00::/7, the L bit set to 1, and the 40-bit Global
+ ID to create a Local IPv6 address prefix.
+
+ This algorithm will result in a Global ID that is reasonably unique
+ and can be used to create a locally assigned Local IPv6 address
+ prefix.
+
+
+
+Hinden & Haberman Standards Track [Page 5]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+3.2.3. Analysis of the Uniqueness of Global IDs
+
+ The selection of a pseudo random Global ID is similar to the
+ selection of an SSRC identifier in RTP/RTCP defined in Section 8.1 of
+ [RTP]. This analysis is adapted from that document.
+
+ Since Global IDs are chosen randomly (and independently), it is
+ possible that separate networks have chosen the same Global ID. For
+ any given network, with one or more random Global IDs, that has
+ inter-connections to other such networks, having a total of N such
+ IDs, the probability that two or more of these IDs will collide can
+ be approximated using the formula:
+
+ P = 1 - exp(-N**2 / 2**(L+1))
+
+ where P is the probability of collision, N is the number of
+ interconnected Global IDs, and L is the length of the Global ID.
+
+ The following table shows the probability of a collision for a range
+ of connections using a 40-bit Global ID field.
+
+ Connections Probability of Collision
+
+ 2 1.81*10^-12
+ 10 4.54*10^-11
+ 100 4.54*10^-09
+ 1000 4.54*10^-07
+ 10000 4.54*10^-05
+
+ Based on this analysis, the uniqueness of locally generated Global
+ IDs is adequate for sites planning a small to moderate amount of
+ inter-site communication using locally generated Global IDs.
+
+3.3. Scope Definition
+
+ By default, the scope of these addresses is global. That is, they
+ are not limited by ambiguity like the site-local addresses defined in
+ [ADDARCH]. Rather, these prefixes are globally unique, and as such,
+ their applicability is greater than site-local addresses. Their
+ limitation is in the routability of the prefixes, which is limited to
+ a site and any explicit routing agreements with other sites to
+ propagate them (also see Section 4.1). Also, unlike site-locals, a
+ site may have more than one of these prefixes and use them at the
+ same time.
+
+
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 6]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+4. Operational Guidelines
+
+ The guidelines in this section do not require any change to the
+ normal routing and forwarding functionality in an IPv6 host or
+ router. These are configuration and operational usage guidelines.
+
+4.1. Routing
+
+ Local IPv6 addresses are designed to be routed inside of a site in
+ the same manner as other types of unicast addresses. They can be
+ carried in any IPv6 routing protocol without any change.
+
+ It is expected that they would share the same Subnet IDs with
+ provider-based global unicast addresses, if they were being used
+ concurrently [GLOBAL].
+
+ The default behavior of exterior routing protocol sessions between
+ administrative routing regions must be to ignore receipt of and not
+ advertise prefixes in the FC00::/7 block. A network operator may
+ specifically configure prefixes longer than FC00::/7 for inter-site
+ communication.
+
+ If BGP is being used at the site border with an ISP, the default BGP
+ configuration must filter out any Local IPv6 address prefixes, both
+ incoming and outgoing. It must be set both to keep any Local IPv6
+ address prefixes from being advertised outside of the site as well as
+ to keep these prefixes from being learned from another site. The
+ exception to this is if there are specific /48 or longer routes
+ created for one or more Local IPv6 prefixes.
+
+ For link-state IGPs, it is suggested that a site utilizing IPv6 local
+ address prefixes be contained within one IGP domain or area. By
+ containing an IPv6 local address prefix to a single link-state area
+ or domain, the distribution of prefixes can be controlled.
+
+4.2. Renumbering and Site Merging
+
+ The use of Local IPv6 addresses in a site results in making
+ communication that uses these addresses independent of renumbering a
+ site's provider-based global addresses.
+
+ When merging multiple sites, the addresses created with these
+ prefixes are unlikely to need to be renumbered because all of the
+ addresses have a high probability of being unique. Routes for each
+ specific prefix would have to be configured to allow routing to work
+ correctly between the formerly separate sites.
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 7]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+4.3. Site Border Router and Firewall Packet Filtering
+
+ While no serious harm will be done if packets with these addresses
+ are sent outside of a site via a default route, it is recommended
+ that routers be configured by default to keep any packets with Local
+ IPv6 addresses from leaking outside of the site and to keep any site
+ prefixes from being advertised outside of their site.
+
+ Site border routers and firewalls should be configured to not forward
+ any packets with Local IPv6 source or destination addresses outside
+ of the site, unless they have been explicitly configured with routing
+ information about specific /48 or longer Local IPv6 prefixes. This
+ will ensure that packets with Local IPv6 destination addresses will
+ not be forwarded outside of the site via a default route. The
+ default behavior of these devices should be to install a "reject"
+ route for these prefixes. Site border routers should respond with
+ the appropriate ICMPv6 Destination Unreachable message to inform the
+ source that the packet was not forwarded. [ICMPV6]. This feedback is
+ important to avoid transport protocol timeouts.
+
+ Routers that maintain peering arrangements between Autonomous Systems
+ throughout the Internet should obey the recommendations for site
+ border routers, unless configured otherwise.
+
+4.4. DNS Issues
+
+ At the present time, AAAA and PTR records for locally assigned local
+ IPv6 addresses are not recommended to be installed in the global DNS.
+
+ For background on this recommendation, one of the concerns about
+ adding AAAA and PTR records to the global DNS for locally assigned
+ Local IPv6 addresses stems from the lack of complete assurance that
+ the prefixes are unique. There is a small possibility that the same
+ locally assigned IPv6 Local addresses will be used by two different
+ organizations both claiming to be authoritative with different
+ contents. In this scenario, it is likely there will be a connection
+ attempt to the closest host with the corresponding locally assigned
+ IPv6 Local address. This may result in connection timeouts,
+ connection failures indicated by ICMP Destination Unreachable
+ messages, or successful connections to the wrong host. Due to this
+ concern, adding AAAA records for these addresses to the global DNS is
+ thought to be unwise.
+
+ Reverse (address-to-name) queries for locally assigned IPv6 Local
+ addresses MUST NOT be sent to name servers for the global DNS, due to
+ the load that such queries would create for the authoritative name
+ servers for the ip6.arpa zone. This form of query load is not
+ specific to locally assigned Local IPv6 addresses; any current form
+
+
+
+Hinden & Haberman Standards Track [Page 8]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ of local addressing creates additional load of this kind, due to
+ reverse queries leaking out of the site. However, since allowing
+ such queries to escape from the site serves no useful purpose, there
+ is no good reason to make the existing load problems worse.
+
+ The recommended way to avoid sending such queries to nameservers for
+ the global DNS is for recursive name server implementations to act as
+ if they were authoritative for an empty d.f.ip6.arpa zone and return
+ RCODE 3 for any such query. Implementations that choose this
+ strategy should allow it to be overridden, but returning an RCODE 3
+ response for such queries should be the default, both because this
+ will reduce the query load problem and also because, if the site
+ administrator has not set up the reverse tree corresponding to the
+ locally assigned IPv6 Local addresses in use, returning RCODE 3 is in
+ fact the correct answer.
+
+4.5. Application and Higher Level Protocol Issues
+
+ Application and other higher level protocols can treat Local IPv6
+ addresses in the same manner as other types of global unicast
+ addresses. No special handling is required. This type of address
+ may not be reachable, but that is no different from other types of
+ IPv6 global unicast address. Applications need to be able to handle
+ multiple addresses that may or may not be reachable at any point in
+ time. In most cases, this complexity should be hidden in APIs.
+
+ From a host's perspective, the difference between Local IPv6 and
+ other types of global unicast addresses shows up as different
+ reachability and could be handled by default in that way. In some
+ cases, it is better for nodes and applications to treat them
+ differently from global unicast addresses. A starting point might be
+ to give them preference over global unicast, but fall back to global
+ unicast if a particular destination is found to be unreachable. Much
+ of this behavior can be controlled by how they are allocated to nodes
+ and put into the DNS. However, it is useful if a host can have both
+ types of addresses and use them appropriately.
+
+ Note that the address selection mechanisms of [ADDSEL], and in
+ particular the policy override mechanism replacing default address
+ selection, are expected to be used on a site where Local IPv6
+ addresses are configured.
+
+4.6. Use of Local IPv6 Addresses for Local Communication
+
+ Local IPv6 addresses, like global scope unicast addresses, are only
+ assigned to nodes if their use has been enabled (via IPv6 address
+ autoconfiguration [ADDAUTO], DHCPv6 [DHCP6], or manually). They are
+
+
+
+
+Hinden & Haberman Standards Track [Page 9]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ not created automatically in the way that IPv6 link-local addresses
+ are and will not appear or be used unless they are purposely
+ configured.
+
+ In order for hosts to autoconfigure Local IPv6 addresses, routers
+ have to be configured to advertise Local IPv6 /64 prefixes in router
+ advertisements, or a DHCPv6 server must have been configured to
+ assign them. In order for a node to learn the Local IPv6 address of
+ another node, the Local IPv6 address must have been installed in a
+ naming system (e.g., DNS, proprietary naming system, etc.) For these
+ reasons, controlling their usage in a site is straightforward.
+
+ To limit the use of Local IPv6 addresses the following guidelines
+ apply:
+
+ - Nodes that are to only be reachable inside of a site: The local
+ DNS should be configured to only include the Local IPv6
+ addresses of these nodes. Nodes with only Local IPv6 addresses
+ must not be installed in the global DNS.
+
+ - Nodes that are to be limited to only communicate with other
+ nodes in the site: These nodes should be set to only
+ autoconfigure Local IPv6 addresses via [ADDAUTO] or to only
+ receive Local IPv6 addresses via [DHCP6]. Note: For the case
+ where both global and Local IPv6 prefixes are being advertised
+ on a subnet, this will require a switch in the devices to only
+ autoconfigure Local IPv6 addresses.
+
+ - Nodes that are to be reachable from inside of the site and from
+ outside of the site: The DNS should be configured to include
+ the global addresses of these nodes. The local DNS may be
+ configured to also include the Local IPv6 addresses of these
+ nodes.
+
+ - Nodes that can communicate with other nodes inside of the site
+ and outside of the site: These nodes should autoconfigure global
+ addresses via [ADDAUTO] or receive global address via [DHCP6].
+ They may also obtain Local IPv6 addresses via the same
+ mechanisms.
+
+4.7. Use of Local IPv6 Addresses with VPNs
+
+ Local IPv6 addresses can be used for inter-site Virtual Private
+ Networks (VPN) if appropriate routes are set up. Because the
+ addresses are unique, these VPNs will work reliably and without the
+ need for translation. They have the additional property that they
+ will continue to work if the individual sites are renumbered or
+ merged.
+
+
+
+Hinden & Haberman Standards Track [Page 10]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+5. Global Routing Considerations
+
+ Section 4.1 provides operational guidelines that forbid default
+ routing of local addresses between sites. Concerns were raised to
+ the IPv6 working group and to the IETF as a whole that sites may
+ attempt to use local addresses as globally routed provider-
+ independent addresses. This section describes why using local
+ addresses as globally-routed provider-independent addresses is
+ unadvisable.
+
+5.1. From the Standpoint of the Internet
+
+ There is a mismatch between the structure of IPv6 local addresses and
+ the normal IPv6 wide area routing model. The /48 prefix of an IPv6
+ local addresses fits nowhere in the normal hierarchy of IPv6 unicast
+ addresses. Normal IPv6 unicast addresses can be routed
+ hierarchically down to physical subnet (link) level and only have to
+ be flat-routed on the physical subnet. IPv6 local addresses would
+ have to be flat-routed even over the wide area Internet.
+
+ Thus, packets whose destination address is an IPv6 local address
+ could be routed over the wide area only if the corresponding /48
+ prefix were carried by the wide area routing protocol in use, such as
+ BGP. This contravenes the operational assumption that long prefixes
+ will be aggregated into many fewer short prefixes, to limit the table
+ size and convergence time of the routing protocol. If a network uses
+ both normal IPv6 addresses [ADDARCH] and IPv6 local addresses, these
+ types of addresses will certainly not aggregate with each other,
+ since they differ from the most significant bit onwards. Neither
+ will IPv6 local addresses aggregate with each other, due to their
+ random bit patterns. This means that there would be a very
+ significant operational penalty for attempting to use IPv6 local
+ address prefixes generically with currently known wide area routing
+ technology.
+
+5.2. From the Standpoint of a Site
+
+ There are a number of design factors in IPv6 local addresses that
+ reduce the likelihood that IPv6 local addresses will be used as
+ arbitrary global unicast addresses. These include:
+
+ - The default rules to filter packets and routes make it very
+ difficult to use IPv6 local addresses for arbitrary use across
+ the Internet. For a site to use them as general purpose unicast
+ addresses, it would have to make sure that the default rules
+ were not being used by all other sites and intermediate ISPs
+ used for their current and future communication.
+
+
+
+
+Hinden & Haberman Standards Track [Page 11]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ - They are not mathematically guaranteed to be unique and are not
+ registered in public databases. Collisions, while highly
+ unlikely, are possible and a collision can compromise the
+ integrity of the communications. The lack of public
+ registration creates operational problems.
+
+ - The addresses are allocated randomly. If a site had multiple
+ prefixes that it wanted to be used globally, the cost of
+ advertising them would be very high because they could not be
+ aggregated.
+
+ - They have a long prefix (i.e., /48) so a single local address
+ prefix doesn't provide enough address space to be used
+ exclusively by the largest organizations.
+
+6. Advantages and Disadvantages
+
+6.1. Advantages
+
+ This approach has the following advantages:
+
+ - Provides Local IPv6 prefixes that can be used independently of
+ any provider-based IPv6 unicast address allocations. This is
+ useful for sites not always connected to the Internet or sites
+ that wish to have a distinct prefix that can be used to localize
+ traffic inside of the site.
+
+ - Applications can treat these addresses in an identical manner as
+ any other type of global IPv6 unicast addresses.
+
+ - Sites can be merged without any renumbering of the Local IPv6
+ addresses.
+
+ - Sites can change their provider-based IPv6 unicast address
+ without disrupting any communication that uses Local IPv6
+ addresses.
+
+ - Well-known prefix that allows for easy filtering at site
+ boundary.
+
+ - Can be used for inter-site VPNs.
+
+ - If accidently leaked outside of a site via routing or DNS, there
+ is no conflict with any other addresses.
+
+
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 12]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+6.2. Disadvantages
+
+ This approach has the following disadvantages:
+
+ - Not possible to route Local IPv6 prefixes on the global Internet
+ with current routing technology. Consequentially, it is
+ necessary to have the default behavior of site border routers to
+ filter these addresses.
+
+ - There is a very low probability of non-unique locally assigned
+ Global IDs being generated by the algorithm in Section 3.2.3.
+ This risk can be ignored for all practical purposes, but it
+ leads to a theoretical risk of clashing address prefixes.
+
+7. Security Considerations
+
+ Local IPv6 addresses do not provide any inherent security to the
+ nodes that use them. They may be used with filters at site
+ boundaries to keep Local IPv6 traffic inside of the site, but this is
+ no more or less secure than filtering any other type of global IPv6
+ unicast addresses.
+
+ Local IPv6 addresses do allow for address-based security mechanisms,
+ including IPsec, across end to end VPN connections.
+
+8. IANA Considerations
+
+ The IANA has assigned the FC00::/7 prefix to "Unique Local Unicast".
+
+9. References
+
+9.1. Normative References
+
+ [ADDARCH] Hinden, R. and S. Deering, "Internet Protocol Version 6
+ (IPv6) Addressing Architecture", RFC 3513, April 2003.
+
+ [FIPS] "Federal Information Processing Standards Publication",
+ (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995.
+
+ [GLOBAL] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global
+ Unicast Address Format", RFC 3587, August 2003.
+
+ [ICMPV6] Conta, A. and S. Deering, "Internet Control Message
+ Protocol (ICMPv6) for the Internet Protocol Version 6
+ (IPv6) Specification", RFC 2463, December 1998.
+
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 13]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+ [IPV6] Deering, S. and R. Hinden, "Internet Protocol, Version 6
+ (IPv6) Specification", RFC 2460, December 1998.
+
+ [NTP] Mills, D., "Network Time Protocol (Version 3)
+ Specification, Implementation and Analysis", RFC 1305,
+ March 1992.
+
+ [RANDOM] Eastlake, D., 3rd, Schiller, J., and S. Crocker,
+ "Randomness Requirements for Security", BCP 106, RFC 4086,
+ June 2005.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [SHA1] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1
+ (SHA1)", RFC 3174, September 2001.
+
+9.2. Informative References
+
+ [ADDAUTO] Thomson, S. and T. Narten, "IPv6 Stateless Address
+ Autoconfiguration", RFC 2462, December 1998.
+
+ [ADDSEL] Draves, R., "Default Address Selection for Internet
+ Protocol version 6 (IPv6)", RFC 3484, February 2003.
+
+ [DHCP6] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and
+ M. Carney, "Dynamic Host Configuration Protocol for IPv6
+ (DHCPv6)", RFC 3315, July 2003.
+
+ [POPUL] Population Reference Bureau, "World Population Data Sheet
+ of the Population Reference Bureau 2002", August 2002.
+
+ [RTP] Schulzrinne, H., Casner, S., Frederick, R., and V.
+ Jacobson, "RTP: A Transport Protocol for Real-Time
+ Applications", STD 64, RFC 3550, July 2003.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 14]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+Authors' Addresses
+
+ Robert M. Hinden
+ Nokia
+ 313 Fairchild Drive
+ Mountain View, CA 94043
+ USA
+
+ Phone: +1 650 625-2004
+ EMail: bob.hinden@nokia.com
+
+
+ Brian Haberman
+ Johns Hopkins University
+ Applied Physics Lab
+ 11100 Johns Hopkins Road
+ Laurel, MD 20723
+ USA
+
+ Phone: +1 443 778 1319
+ EMail: brian@innovationslab.net
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 15]
+
+RFC 4193 Unique Local IPv6 Unicast Addresses October 2005
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+Hinden & Haberman Standards Track [Page 16]
+
diff --git a/doc/rfc/rfc4255.txt b/doc/rfc/rfc4255.txt
new file mode 100644
index 00000000..f350b7af
--- /dev/null
+++ b/doc/rfc/rfc4255.txt
@@ -0,0 +1,507 @@
+
+
+
+
+
+
+Network Working Group J. Schlyter
+Request for Comments: 4255 OpenSSH
+Category: Standards Track W. Griffin
+ SPARTA
+ January 2006
+
+
+ Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ This document describes a method of verifying Secure Shell (SSH) host
+ keys using Domain Name System Security (DNSSEC). The document
+ defines a new DNS resource record that contains a standard SSH key
+ fingerprint.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. SSH Host Key Verification .......................................2
+ 2.1. Method .....................................................2
+ 2.2. Implementation Notes .......................................2
+ 2.3. Fingerprint Matching .......................................3
+ 2.4. Authentication .............................................3
+ 3. The SSHFP Resource Record .......................................3
+ 3.1. The SSHFP RDATA Format .....................................4
+ 3.1.1. Algorithm Number Specification ......................4
+ 3.1.2. Fingerprint Type Specification ......................4
+ 3.1.3. Fingerprint .........................................5
+ 3.2. Presentation Format of the SSHFP RR ........................5
+ 4. Security Considerations .........................................5
+ 5. IANA Considerations .............................................6
+ 6. Normative References ............................................7
+ 7. Informational References ........................................7
+ 8. Acknowledgements ................................................8
+
+
+
+
+Schlyter & Griffin Standards Track [Page 1]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+1. Introduction
+
+ The SSH [6] protocol provides secure remote login and other secure
+ network services over an insecure network. The security of the
+ connection relies on the server authenticating itself to the client
+ as well as the user authenticating itself to the server.
+
+ If a connection is established to a server whose public key is not
+ already known to the client, a fingerprint of the key is presented to
+ the user for verification. If the user decides that the fingerprint
+ is correct and accepts the key, the key is saved locally and used for
+ verification for all following connections. While some security-
+ conscious users verify the fingerprint out-of-band before accepting
+ the key, many users blindly accept the presented key.
+
+ The method described here can provide out-of-band verification by
+ looking up a fingerprint of the server public key in the DNS [1][2]
+ and using DNSSEC [5] to verify the lookup.
+
+ In order to distribute the fingerprint using DNS, this document
+ defines a new DNS resource record, "SSHFP", to carry the fingerprint.
+
+ Basic understanding of the DNS system [1][2] and the DNS security
+ extensions [5] is assumed by this document.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [3].
+
+2. SSH Host Key Verification
+
+2.1. Method
+
+ Upon connection to an SSH server, the SSH client MAY look up the
+ SSHFP resource record(s) for the host it is connecting to. If the
+ algorithm and fingerprint of the key received from the SSH server
+ match the algorithm and fingerprint of one of the SSHFP resource
+ record(s) returned from DNS, the client MAY accept the identity of
+ the server.
+
+2.2. Implementation Notes
+
+ Client implementors SHOULD provide a configurable policy used to
+ select the order of methods used to verify a host key. This document
+ defines one method: Fingerprint storage in DNS. Another method
+ defined in the SSH Architecture [6] uses local files to store keys
+ for comparison. Other methods that could be defined in the future
+ might include storing fingerprints in LDAP or other databases. A
+
+
+
+Schlyter & Griffin Standards Track [Page 2]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+ configurable policy will allow administrators to determine which
+ methods they want to use and in what order the methods should be
+ prioritized. This will allow administrators to determine how much
+ trust they want to place in the different methods.
+
+ One specific scenario for having a configurable policy is where
+ clients do not use fully qualified host names to connect to servers.
+ In this scenario, the implementation SHOULD verify the host key
+ against a local database before verifying the key via the fingerprint
+ returned from DNS. This would help prevent an attacker from
+ injecting a DNS search path into the local resolver and forcing the
+ client to connect to a different host.
+
+2.3. Fingerprint Matching
+
+ The public key and the SSHFP resource record are matched together by
+ comparing algorithm number and fingerprint.
+
+ The public key algorithm and the SSHFP algorithm number MUST
+ match.
+
+ A message digest of the public key, using the message digest
+ algorithm specified in the SSHFP fingerprint type, MUST match the
+ SSHFP fingerprint.
+
+2.4. Authentication
+
+ A public key verified using this method MUST NOT be trusted if the
+ SSHFP resource record (RR) used for verification was not
+ authenticated by a trusted SIG RR.
+
+ Clients that do validate the DNSSEC signatures themselves SHOULD use
+ standard DNSSEC validation procedures.
+
+ Clients that do not validate the DNSSEC signatures themselves MUST
+ use a secure transport (e.g., TSIG [9], SIG(0) [10], or IPsec [8])
+ between themselves and the entity performing the signature
+ validation.
+
+3. The SSHFP Resource Record
+
+ The SSHFP resource record (RR) is used to store a fingerprint of an
+ SSH public host key that is associated with a Domain Name System
+ (DNS) name.
+
+ The RR type code for the SSHFP RR is 44.
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 3]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+3.1. The SSHFP RDATA Format
+
+ The RDATA for a SSHFP RR consists of an algorithm number, fingerprint
+ type and the fingerprint of the public host key.
+
+ 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | algorithm | fp type | /
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
+ / /
+ / fingerprint /
+ / /
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+3.1.1. Algorithm Number Specification
+
+ This algorithm number octet describes the algorithm of the public
+ key. The following values are assigned:
+
+ Value Algorithm name
+ ----- --------------
+ 0 reserved
+ 1 RSA
+ 2 DSS
+
+ Reserving other types requires IETF consensus [4].
+
+3.1.2. Fingerprint Type Specification
+
+ The fingerprint type octet describes the message-digest algorithm
+ used to calculate the fingerprint of the public key. The following
+ values are assigned:
+
+ Value Fingerprint type
+ ----- ----------------
+ 0 reserved
+ 1 SHA-1
+
+ Reserving other types requires IETF consensus [4].
+
+ For interoperability reasons, as few fingerprint types as possible
+ should be reserved. The only reason to reserve additional types is
+ to increase security.
+
+
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 4]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+3.1.3. Fingerprint
+
+ The fingerprint is calculated over the public key blob as described
+ in [7].
+
+ The message-digest algorithm is presumed to produce an opaque octet
+ string output, which is placed as-is in the RDATA fingerprint field.
+
+3.2. Presentation Format of the SSHFP RR
+
+ The RDATA of the presentation format of the SSHFP resource record
+ consists of two numbers (algorithm and fingerprint type) followed by
+ the fingerprint itself, presented in hex, e.g.:
+
+ host.example. SSHFP 2 1 123456789abcdef67890123456789abcdef67890
+
+ The use of mnemonics instead of numbers is not allowed.
+
+4. Security Considerations
+
+ Currently, the amount of trust a user can realistically place in a
+ server key is proportional to the amount of attention paid to
+ verifying that the public key presented actually corresponds to the
+ private key of the server. If a user accepts a key without verifying
+ the fingerprint with something learned through a secured channel, the
+ connection is vulnerable to a man-in-the-middle attack.
+
+ The overall security of using SSHFP for SSH host key verification is
+ dependent on the security policies of the SSH host administrator and
+ DNS zone administrator (in transferring the fingerprint), detailed
+ aspects of how verification is done in the SSH implementation, and in
+ the client's diligence in accessing the DNS in a secure manner.
+
+ One such aspect is in which order fingerprints are looked up (e.g.,
+ first checking local file and then SSHFP). We note that, in addition
+ to protecting the first-time transfer of host keys, SSHFP can
+ optionally be used for stronger host key protection.
+
+ If SSHFP is checked first, new SSH host keys may be distributed by
+ replacing the corresponding SSHFP in DNS.
+
+ If SSH host key verification can be configured to require SSHFP,
+ SSH host key revocation can be implemented by removing the
+ corresponding SSHFP from DNS.
+
+
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 5]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+ As stated in Section 2.2, we recommend that SSH implementors provide
+ a policy mechanism to control the order of methods used for host key
+ verification. One specific scenario for having a configurable policy
+ is where clients use unqualified host names to connect to servers.
+ In this case, we recommend that SSH implementations check the host
+ key against a local database before verifying the key via the
+ fingerprint returned from DNS. This would help prevent an attacker
+ from injecting a DNS search path into the local resolver and forcing
+ the client to connect to a different host.
+
+ A different approach to solve the DNS search path issue would be for
+ clients to use a trusted DNS search path, i.e., one not acquired
+ through DHCP or other autoconfiguration mechanisms. Since there is
+ no way with current DNS lookup APIs to tell whether a search path is
+ from a trusted source, the entire client system would need to be
+ configured with this trusted DNS search path.
+
+ Another dependency is on the implementation of DNSSEC itself. As
+ stated in Section 2.4, we mandate the use of secure methods for
+ lookup and that SSHFP RRs are authenticated by trusted SIG RRs. This
+ is especially important if SSHFP is to be used as a basis for host
+ key rollover and/or revocation, as described above.
+
+ Since DNSSEC only protects the integrity of the host key fingerprint
+ after it is signed by the DNS zone administrator, the fingerprint
+ must be transferred securely from the SSH host administrator to the
+ DNS zone administrator. This could be done manually between the
+ administrators or automatically using secure DNS dynamic update [11]
+ between the SSH server and the nameserver. We note that this is no
+ different from other key enrollment situations, e.g., a client
+ sending a certificate request to a certificate authority for signing.
+
+5. IANA Considerations
+
+ IANA has allocated the RR type code 44 for SSHFP from the standard RR
+ type space.
+
+ IANA has opened a new registry for the SSHFP RR type for public key
+ algorithms. The defined types are:
+
+ 0 is reserved
+ 1 is RSA
+ 2 is DSA
+
+ Adding new reservations requires IETF consensus [4].
+
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 6]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+ IANA has opened a new registry for the SSHFP RR type for fingerprint
+ types. The defined types are:
+
+ 0 is reserved
+ 1 is SHA-1
+
+ Adding new reservations requires IETF consensus [4].
+
+6. Normative References
+
+ [1] Mockapetris, P., "Domain names - concepts and facilities", STD
+ 13, RFC 1034, November 1987.
+
+ [2] Mockapetris, P., "Domain names - implementation and
+ specification", STD 13, RFC 1035, November 1987.
+
+ [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
+ Considerations Section in RFCs", BCP 26, RFC 2434, October
+ 1998.
+
+ [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "DNS Security Introduction and Requirements", RFC 4033, March
+ 2005.
+
+ Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Resource Records for the DNS Security Extensions", RFC 4034,
+ March 2005.
+
+ Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Protocol Modifications for the DNS Security Extensions", RFC
+ 4035, March 2005.
+
+ [6] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
+ Protocol Architecture", RFC 4251, January 2006.
+
+ [7] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
+ Transport Layer Protocol", RFC 4253, January 2006.
+
+7. Informational References
+
+ [8] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security Document
+ Roadmap", RFC 2411, November 1998.
+
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 7]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+ [9] Vixie, P., Gudmundsson, O., Eastlake 3rd, D., and B.
+ Wellington, "Secret Key Transaction Authentication for DNS
+ (TSIG)", RFC 2845, May 2000.
+
+ [10] Eastlake 3rd, D., "DNS Request and Transaction Signatures
+ ( SIG(0)s )", RFC 2931, September 2000.
+
+ [11] Wellington, B., "Secure Domain Name System (DNS) Dynamic
+ Update", RFC 3007, November 2000.
+
+8. Acknowledgements
+
+ The authors gratefully acknowledge, in no particular order, the
+ contributions of the following persons:
+
+ Martin Fredriksson
+
+ Olafur Gudmundsson
+
+ Edward Lewis
+
+ Bill Sommerfeld
+
+Authors' Addresses
+
+ Jakob Schlyter
+ OpenSSH
+ 812 23rd Avenue SE
+ Calgary, Alberta T2G 1N8
+ Canada
+
+ EMail: jakob@openssh.com
+ URI: http://www.openssh.com/
+
+
+ Wesley Griffin
+ SPARTA
+ 7075 Samuel Morse Drive
+ Columbia, MD 21046
+ USA
+
+ EMail: wgriffin@sparta.com
+ URI: http://www.sparta.com/
+
+
+
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 8]
+
+RFC 4255 DNS and SSH Fingerprints January 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Schlyter & Griffin Standards Track [Page 9]
+
diff --git a/doc/rfc/rfc4343.txt b/doc/rfc/rfc4343.txt
new file mode 100644
index 00000000..621420a4
--- /dev/null
+++ b/doc/rfc/rfc4343.txt
@@ -0,0 +1,563 @@
+
+
+
+
+
+
+Network Working Group D. Eastlake 3rd
+Request for Comments: 4343 Motorola Laboratories
+Updates: 1034, 1035, 2181 January 2006
+Category: Standards Track
+
+
+ Domain Name System (DNS) Case Insensitivity Clarification
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ Domain Name System (DNS) names are "case insensitive". This document
+ explains exactly what that means and provides a clear specification
+ of the rules. This clarification updates RFCs 1034, 1035, and 2181.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. Case Insensitivity of DNS Labels ................................2
+ 2.1. Escaping Unusual DNS Label Octets ..........................2
+ 2.2. Example Labels with Escapes ................................3
+ 3. Name Lookup, Label Types, and CLASS .............................3
+ 3.1. Original DNS Label Types ...................................4
+ 3.2. Extended Label Type Case Insensitivity Considerations ......4
+ 3.3. CLASS Case Insensitivity Considerations ....................4
+ 4. Case on Input and Output ........................................5
+ 4.1. DNS Output Case Preservation ...............................5
+ 4.2. DNS Input Case Preservation ................................5
+ 5. Internationalized Domain Names ..................................6
+ 6. Security Considerations .........................................6
+ 7. Acknowledgements ................................................7
+ Normative References................................................7
+ Informative References..............................................8
+
+
+
+
+
+
+
+Eastlake 3rd Standards Track [Page 1]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+1. Introduction
+
+ The Domain Name System (DNS) is the global hierarchical replicated
+ distributed database system for Internet addressing, mail proxy, and
+ other information. Each node in the DNS tree has a name consisting
+ of zero or more labels [STD13, RFC1591, RFC2606] that are treated in
+ a case insensitive fashion. This document clarifies the meaning of
+ "case insensitive" for the DNS. This clarification updates RFCs
+ 1034, 1035 [STD13], and [RFC2181].
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+2. Case Insensitivity of DNS Labels
+
+ DNS was specified in the era of [ASCII]. DNS names were expected to
+ look like most host names or Internet email address right halves (the
+ part after the at-sign, "@") or to be numeric, as in the in-addr.arpa
+ part of the DNS name space. For example,
+
+ foo.example.net.
+ aol.com.
+ www.gnu.ai.mit.edu.
+ or 69.2.0.192.in-addr.arpa.
+
+ Case-varied alternatives to the above [RFC3092] would be DNS names
+ like
+
+ Foo.ExamplE.net.
+ AOL.COM.
+ WWW.gnu.AI.mit.EDU.
+ or 69.2.0.192.in-ADDR.ARPA.
+
+ However, the individual octets of which DNS names consist are not
+ limited to valid ASCII character codes. They are 8-bit bytes, and
+ all values are allowed. Many applications, however, interpret them
+ as ASCII characters.
+
+2.1. Escaping Unusual DNS Label Octets
+
+ In Master Files [STD13] and other human-readable and -writable ASCII
+ contexts, an escape is needed for the byte value for period (0x2E,
+ ".") and all octet values outside of the inclusive range from 0x21
+ ("!") to 0x7E ("~"). That is to say, 0x2E and all octet values in
+ the two inclusive ranges from 0x00 to 0x20 and from 0x7F to 0xFF.
+
+
+
+
+
+Eastlake 3rd Standards Track [Page 2]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+ One typographic convention for octets that do not correspond to an
+ ASCII printing graphic is to use a back-slash followed by the value
+ of the octet as an unsigned integer represented by exactly three
+ decimal digits.
+
+ The same convention can be used for printing ASCII characters so that
+ they will be treated as a normal label character. This includes the
+ back-slash character used in this convention itself, which can be
+ expressed as \092 or \\, and the special label separator period
+ ("."), which can be expressed as and \046 or \. It is advisable to
+ avoid using a backslash to quote an immediately following non-
+ printing ASCII character code to avoid implementation difficulties.
+
+ A back-slash followed by only one or two decimal digits is undefined.
+ A back-slash followed by four decimal digits produces two octets, the
+ first octet having the value of the first three digits considered as
+ a decimal number, and the second octet being the character code for
+ the fourth decimal digit.
+
+2.2. Example Labels with Escapes
+
+ The first example below shows embedded spaces and a period (".")
+ within a label. The second one shows a 5-octet label where the
+ second octet has all bits zero, the third is a backslash, and the
+ fourth octet has all bits one.
+
+ Donald\032E\.\032Eastlake\0323rd.example.
+ and a\000\\\255z.example.
+
+3. Name Lookup, Label Types, and CLASS
+
+ According to the original DNS design decision, comparisons on name
+ lookup for DNS queries should be case insensitive [STD13]. That is
+ to say, a lookup string octet with a value in the inclusive range
+ from 0x41 to 0x5A, the uppercase ASCII letters, MUST match the
+ identical value and also match the corresponding value in the
+ inclusive range from 0x61 to 0x7A, the lowercase ASCII letters. A
+ lookup string octet with a lowercase ASCII letter value MUST
+ similarly match the identical value and also match the corresponding
+ value in the uppercase ASCII letter range.
+
+ (Historical note: The terms "uppercase" and "lowercase" were invented
+ after movable type. The terms originally referred to the two font
+ trays for storing, in partitioned areas, the different physical type
+ elements. Before movable type, the nearest equivalent terms were
+ "majuscule" and "minuscule".)
+
+
+
+
+
+Eastlake 3rd Standards Track [Page 3]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+ One way to implement this rule would be to subtract 0x20 from all
+ octets in the inclusive range from 0x61 to 0x7A before comparing
+ octets. Such an operation is commonly known as "case folding", but
+ implementation via case folding is not required. Note that the DNS
+ case insensitivity does NOT correspond to the case folding specified
+ in [ISO-8859-1] or [ISO-8859-2]. For example, the octets 0xDD (\221)
+ and 0xFD (\253) do NOT match, although in other contexts, where they
+ are interpreted as the upper- and lower-case version of "Y" with an
+ acute accent, they might.
+
+3.1. Original DNS Label Types
+
+ DNS labels in wire-encoded names have a type associated with them.
+ The original DNS standard [STD13] had only two types: ASCII labels,
+ with a length from zero to 63 octets, and indirect (or compression)
+ labels, which consist of an offset pointer to a name location
+ elsewhere in the wire encoding on a DNS message. (The ASCII label of
+ length zero is reserved for use as the name of the root node of the
+ name tree.) ASCII labels follow the ASCII case conventions described
+ herein and, as stated above, can actually contain arbitrary byte
+ values. Indirect labels are, in effect, replaced by the name to
+ which they point, which is then treated with the case insensitivity
+ rules in this document.
+
+3.2. Extended Label Type Case Insensitivity Considerations
+
+ DNS was extended by [RFC2671] so that additional label type numbers
+ would be available. (The only such type defined so far is the BINARY
+ type [RFC2673], which is now Experimental [RFC3363].)
+
+ The ASCII case insensitivity conventions only apply to ASCII labels;
+ that is to say, label type 0x0, whether appearing directly or invoked
+ by indirect labels.
+
+3.3. CLASS Case Insensitivity Considerations
+
+ As described in [STD13] and [RFC2929], DNS has an additional axis for
+ data location called CLASS. The only CLASS in global use at this
+ time is the "IN" (Internet) CLASS.
+
+ The handling of DNS label case is not CLASS dependent. With the
+ original design of DNS, it was intended that a recursive DNS resolver
+ be able to handle new CLASSes that were unknown at the time of its
+ implementation. This requires uniform handling of label case
+ insensitivity. Should it become desirable, for example, to allocate
+ a CLASS with "case sensitive ASCII labels", it would be necessary to
+ allocate a new label type for these labels.
+
+
+
+
+Eastlake 3rd Standards Track [Page 4]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+4. Case on Input and Output
+
+ While ASCII label comparisons are case insensitive, [STD13] says case
+ MUST be preserved on output and preserved when convenient on input.
+ However, this means less than it would appear, since the preservation
+ of case on output is NOT required when output is optimized by the use
+ of indirect labels, as explained below.
+
+4.1. DNS Output Case Preservation
+
+ [STD13] views the DNS namespace as a node tree. ASCII output is as
+ if a name were marshaled by taking the label on the node whose name
+ is to be output, converting it to a typographically encoded ASCII
+ string, walking up the tree outputting each label encountered, and
+ preceding all labels but the first with a period ("."). Wire output
+ follows the same sequence, but each label is wire encoded, and no
+ periods are inserted. No "case conversion" or "case folding" is done
+ during such output operations, thus "preserving" case. However, to
+ optimize output, indirect labels may be used to point to names
+ elsewhere in the DNS answer. In determining whether the name to be
+ pointed to (for example, the QNAME) is the "same" as the remainder of
+ the name being optimized, the case insensitive comparison specified
+ above is done. Thus, such optimization may easily destroy the output
+ preservation of case. This type of optimization is commonly called
+ "name compression".
+
+4.2. DNS Input Case Preservation
+
+ Originally, DNS data came from an ASCII Master File as defined in
+ [STD13] or a zone transfer. DNS Dynamic update and incremental zone
+ transfers [RFC1995] have been added as a source of DNS data [RFC2136,
+ RFC3007]. When a node in the DNS name tree is created by any of such
+ inputs, no case conversion is done. Thus, the case of ASCII labels
+ is preserved if they are for nodes being created. However, when a
+ name label is input for a node that already exists in DNS data being
+ held, the situation is more complex. Implementations are free to
+ retain the case first loaded for such a label, to allow new input to
+ override the old case, or even to maintain separate copies preserving
+ the input case.
+
+ For example, if data with owner name "foo.bar.example" [RFC3092] is
+ loaded and then later data with owner name "xyz.BAR.example" is
+ input, the name of the label on the "bar.example" node (i.e., "bar")
+ might or might not be changed to "BAR" in the DNS stored data. Thus,
+ later retrieval of data stored under "xyz.bar.example" in this case
+ can use "xyz.BAR.example" in all returned data, use "xyz.bar.example"
+ in all returned data, or even, when more than one RR is being
+ returned, use a mixture of these two capitalizations. This last case
+
+
+
+Eastlake 3rd Standards Track [Page 5]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+ is unlikely, as optimization of answer length through indirect labels
+ tends to cause only one copy of the name tail ("bar.example" or
+ "BAR.example") to be used for all returned RRs. Note that none of
+ this has any effect on the number or completeness of the RR set
+ returned, only on the case of the names in the RR set returned.
+
+ The same considerations apply when inputting multiple data records
+ with owner names differing only in case. For example, if an "A"
+ record is the first resource record stored under owner name
+ "xyz.BAR.example" and then a second "A" record is stored under
+ "XYZ.BAR.example", the second MAY be stored with the first (lower
+ case initial label) name, the second MAY override the first so that
+ only an uppercase initial label is retained, or both capitalizations
+ MAY be kept in the DNS stored data. In any case, a retrieval with
+ either capitalization will retrieve all RRs with either
+ capitalization.
+
+ Note that the order of insertion into a server database of the DNS
+ name tree nodes that appear in a Master File is not defined so that
+ the results of inconsistent capitalization in a Master File are
+ unpredictable output capitalization.
+
+5. Internationalized Domain Names
+
+ A scheme has been adopted for "internationalized domain names" and
+ "internationalized labels" as described in [RFC3490, RFC3454,
+ RFC3491, and RFC3492]. It makes most of [UNICODE] available through
+ a separate application level transformation from internationalized
+ domain name to DNS domain name and from DNS domain name to
+ internationalized domain name. Any case insensitivity that
+ internationalized domain names and labels have varies depending on
+ the script and is handled entirely as part of the transformation
+ described in [RFC3454] and [RFC3491], which should be seen for
+ further details. This is not a part of the DNS as standardized in
+ STD 13.
+
+6. Security Considerations
+
+ The equivalence of certain DNS label types with case differences, as
+ clarified in this document, can lead to security problems. For
+ example, a user could be confused by believing that two domain names
+ differing only in case were actually different names.
+
+ Furthermore, a domain name may be used in contexts other than the
+ DNS. It could be used as a case sensitive index into some database
+ or file system. Or it could be interpreted as binary data by some
+ integrity or authentication code system. These problems can usually
+ be handled by using a standardized or "canonical" form of the DNS
+
+
+
+Eastlake 3rd Standards Track [Page 6]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+ ASCII type labels; that is, always mapping the ASCII letter value
+ octets in ASCII labels to some specific pre-chosen case, either
+ uppercase or lower case. An example of a canonical form for domain
+ names (and also a canonical ordering for them) appears in Section 6
+ of [RFC4034]. See also [RFC3597].
+
+ Finally, a non-DNS name may be stored into DNS with the false
+ expectation that case will always be preserved. For example,
+ although this would be quite rare, on a system with case sensitive
+ email address local parts, an attempt to store two Responsible Person
+ (RP) [RFC1183] records that differed only in case would probably
+ produce unexpected results that might have security implications.
+ That is because the entire email address, including the possibly case
+ sensitive local or left-hand part, is encoded into a DNS name in a
+ readable fashion where the case of some letters might be changed on
+ output as described above.
+
+7. Acknowledgements
+
+ The contributions to this document by Rob Austein, Olafur
+ Gudmundsson, Daniel J. Anderson, Alan Barrett, Marc Blanchet, Dana,
+ Andreas Gustafsson, Andrew Main, Thomas Narten, and Scott Seligman
+ are gratefully acknowledged.
+
+Normative References
+
+ [ASCII] ANSI, "USA Standard Code for Information Interchange",
+ X3.4, American National Standards Institute: New York,
+ 1968.
+
+ [RFC1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
+ August 1996.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
+ "Dynamic Updates in the Domain Name System (DNS
+ UPDATE)", RFC 2136, April 1997.
+
+ [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
+ Specification", RFC 2181, July 1997.
+
+ [RFC3007] Wellington, B., "Secure Domain Name System (DNS) Dynamic
+ Update", RFC 3007, November 2000.
+
+
+
+
+
+
+Eastlake 3rd Standards Track [Page 7]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+ [RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record
+ (RR) Types", RFC 3597, September 2003.
+
+ [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
+ Rose, "Resource Records for the DNS Security
+ Extensions", RFC 4034, March 2005.
+
+ [STD13] Mockapetris, P., "Domain names - concepts and
+ facilities", STD 13, RFC 1034, November 1987.
+
+ Mockapetris, P., "Domain names - implementation and
+ specification", STD 13, RFC 1035, November 1987.
+
+Informative References
+
+ [ISO-8859-1] International Standards Organization, Standard for
+ Character Encodings, Latin-1.
+
+ [ISO-8859-2] International Standards Organization, Standard for
+ Character Encodings, Latin-2.
+
+ [RFC1183] Everhart, C., Mamakos, L., Ullmann, R., and P.
+ Mockapetris, "New DNS RR Definitions", RFC 1183, October
+ 1990.
+
+ [RFC1591] Postel, J., "Domain Name System Structure and
+ Delegation", RFC 1591, March 1994.
+
+ [RFC2606] Eastlake 3rd, D. and A. Panitz, "Reserved Top Level DNS
+ Names", BCP 32, RFC 2606, June 1999.
+
+ [RFC2929] Eastlake 3rd, D., Brunner-Williams, E., and B. Manning,
+ "Domain Name System (DNS) IANA Considerations", BCP 42,
+ RFC 2929, September 2000.
+
+ [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC
+ 2671, August 1999.
+
+ [RFC2673] Crawford, M., "Binary Labels in the Domain Name System",
+ RFC 2673, August 1999.
+
+ [RFC3092] Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology
+ of "Foo"", RFC 3092, 1 April 2001.
+
+ [RFC3363] Bush, R., Durand, A., Fink, B., Gudmundsson, O., and T.
+ Hain, "Representing Internet Protocol version 6 (IPv6)
+ Addresses in the Domain Name System (DNS)", RFC 3363,
+ August 2002.
+
+
+
+Eastlake 3rd Standards Track [Page 8]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+ [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of
+ Internationalized Strings ("stringprep")", RFC 3454,
+ December 2002.
+
+ [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
+ "Internationalizing Domain Names in Applications
+ (IDNA)", RFC 3490, March 2003.
+
+ [RFC3491] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
+ Profile for Internationalized Domain Names (IDN)", RFC
+ 3491, March 2003.
+
+ [RFC3492] Costello, A., "Punycode: A Bootstring encoding of
+ Unicode for Internationalized Domain Names in
+ Applications (IDNA)", RFC 3492, March 2003.
+
+ [UNICODE] The Unicode Consortium, "The Unicode Standard",
+ <http://www.unicode.org/unicode/standard/standard.html>.
+
+Author's Address
+
+ Donald E. Eastlake 3rd
+ Motorola Laboratories
+ 155 Beaver Street
+ Milford, MA 01757 USA
+
+ Phone: +1 508-786-7554 (w)
+ EMail: Donald.Eastlake@motorola.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd Standards Track [Page 9]
+
+RFC 4343 DNS Case Insensitivity Clarification January 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Eastlake 3rd Standards Track [Page 10]
+
diff --git a/doc/rfc/rfc4367.txt b/doc/rfc/rfc4367.txt
new file mode 100644
index 00000000..f066b646
--- /dev/null
+++ b/doc/rfc/rfc4367.txt
@@ -0,0 +1,955 @@
+
+
+
+
+
+
+Network Working Group J. Rosenberg, Ed.
+Request for Comments: 4367 IAB
+Category: Informational February 2006
+
+
+ What's in a Name: False Assumptions about DNS Names
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ The Domain Name System (DNS) provides an essential service on the
+ Internet, mapping structured names to a variety of data, usually IP
+ addresses. These names appear in email addresses, Uniform Resource
+ Identifiers (URIs), and other application-layer identifiers that are
+ often rendered to human users. Because of this, there has been a
+ strong demand to acquire names that have significance to people,
+ through equivalence to registered trademarks, company names, types of
+ services, and so on. There is a danger in this trend; the humans and
+ automata that consume and use such names will associate specific
+ semantics with some names and thereby make assumptions about the
+ services that are, or should be, provided by the hosts associated
+ with the names. Those assumptions can often be false, resulting in a
+ variety of failure conditions. This document discusses this problem
+ in more detail and makes recommendations on how it can be avoided.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rosenberg Informational [Page 1]
+
+RFC 4367 Name Assumptions February 2006
+
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 2. Target Audience .................................................4
+ 3. Modeling Usage of the DNS .......................................4
+ 4. Possible Assumptions ............................................5
+ 4.1. By the User ................................................5
+ 4.2. By the Client ..............................................6
+ 4.3. By the Server ..............................................7
+ 5. Consequences of False Assumptions ...............................8
+ 6. Reasons Why the Assumptions Can Be False ........................9
+ 6.1. Evolution ..................................................9
+ 6.2. Leakage ...................................................10
+ 6.3. Sub-Delegation ............................................10
+ 6.4. Mobility ..................................................12
+ 6.5. Human Error ...............................................12
+ 7. Recommendations ................................................12
+ 8. A Note on RFC 2219 and RFC 2782 ................................13
+ 9. Security Considerations ........................................14
+ 10. Acknowledgements ..............................................14
+ 11. IAB Members ...................................................14
+ 12. Informative References ........................................15
+
+1. Introduction
+
+ The Domain Name System (DNS) [1] provides an essential service on the
+ Internet, mapping structured names to a variety of different types of
+ data. Most often it is used to obtain the IP address of a host
+ associated with that name [2] [1] [3]. However, it can be used to
+ obtain other information, and proposals have been made for nearly
+ everything, including geographic information [4].
+
+ Domain names are most often used in identifiers used by application
+ protocols. The most well known include email addresses and URIs,
+ such as the HTTP URL [5], Real Time Streaming Protocol (RTSP) URL
+ [6], and SIP URI [7]. These identifiers are ubiquitous, appearing on
+ business cards, web pages, street signs, and so on. Because of this,
+ there has been a strong demand to acquire domain names that have
+ significance to people through equivalence to registered trademarks,
+ company names, types of services, and so on. Such identifiers serve
+ many business purposes, including extension of brand, advertising,
+ and so on.
+
+ People often make assumptions about the type of service that is or
+ should be provided by a host associated with that name, based on
+ their expectations and understanding of what the name implies. This,
+ in turn, triggers attempts by organizations to register domain names
+ based on that presumed user expectation. Examples of this are the
+
+
+
+Rosenberg Informational [Page 2]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ various proposals for a Top-Level Domain (TLD) that could be
+ associated with adult content [8], the requests for creation of TLDs
+ associated with mobile devices and services, and even phishing
+ attacks.
+
+ When these assumptions are codified into the behavior of an
+ automaton, such as an application client or server, as a result of
+ implementor choice, management directive, or domain owner policy, the
+ overall system can fail in various ways. This document describes a
+ number of typical ways in which these assumptions can be codified,
+ how they can be wrong, the consequences of those mistakes, and the
+ recommended ways in which they can be avoided.
+
+ Section 4 describes some of the possible assumptions that clients,
+ servers, and people can make about a domain name. In this context,
+ an "assumption" is defined as any behavior that is expected when
+ accessing a service at a domain name, even though the behavior is not
+ explicitly codified in protocol specifications. Frequently, these
+ assumptions involve ignoring parts of a specification based on an
+ assumption that the client or server is deployed in an environment
+ that is more rigid than the specification allows. Section 5
+ overviews some of the consequences of these false assumptions.
+ Generally speaking, these consequences can include a variety of
+ different interoperability failures, user experience failures, and
+ system failures. Section 6 discusses why these assumptions can be
+ false from the very beginning or become false at some point in the
+ future. Most commonly, they become false because the environment
+ changes in unexpected ways over time, and what was a valid assumption
+ before, no longer is. Other times, the assumptions prove wrong
+ because they were based on the belief that a specific community of
+ clients and servers was participating, and an element outside of that
+ community began participating.
+
+ Section 7 then provides some recommendations. These recommendations
+ encapsulate some of the engineering mantras that have been at the
+ root of Internet protocol design for decades. These include:
+
+ Follow the specifications.
+
+ Use the capability negotiation techniques provided in the
+ protocols.
+
+ Be liberal in what you accept, and conservative in what you send.
+ [18]
+
+ Overall, automata should not change their behavior within a protocol
+ based on the domain name, or some component of the domain name, of
+ the host they are communicating with.
+
+
+
+Rosenberg Informational [Page 3]
+
+RFC 4367 Name Assumptions February 2006
+
+
+2. Target Audience
+
+ This document has several audiences. Firstly, it is aimed at
+ implementors who ultimately develop the software that make the false
+ assumptions that are the subject of this document. The
+ recommendations described here are meant to reinforce the engineering
+ guidelines that are often understood by implementors, but frequently
+ forgotten as deadlines near and pressures mount.
+
+ The document is also aimed at technology managers, who often develop
+ the requirements that lead to these false assumptions. For them,
+ this document serves as a vehicle for emphasizing the importance of
+ not taking shortcuts in the scope of applicability of a project.
+
+ Finally, this document is aimed at domain name policy makers and
+ administrators. For them, it points out the perils in establishing
+ domain policies that get codified into the operation of applications
+ running within that domain.
+
+3. Modeling Usage of the DNS
+
+
+ +--------+
+ | |
+ | |
+ | DNS |
+ |Service |
+ | |
+ +--------+
+ ^ |
+ | |
+ | |
+ | |
+ /--\ | |
+ | | | V
+ | | +--------+ +--------+
+ \--/ | | | |
+ | | | | |
+ ---+--- | Client |-------------------->| Server |
+ | | | | |
+ | | | | |
+ /\ +--------+ +--------+
+ / \
+ / \
+
+ User
+ Figure 1
+
+
+
+
+Rosenberg Informational [Page 4]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ Figure 1 shows a simple conceptual model of how the DNS is used by
+ applications. A user of the application obtains an identifier for
+ particular content or service it wishes to obtain. This identifier
+ is often a URL or URI that contains a domain name. The user enters
+ this identifier into its client application (for example, by typing
+ in the URL in a web browser window). The client is the automaton (a
+ software and/or hardware system) that contacts a server for that
+ application in order to provide service to the user. To do that, it
+ contacts a DNS server to resolve the domain name in the identifier to
+ an IP address. It then contacts the server at that IP address. This
+ simple model applies to application protocols such as HTTP [5], SIP
+ [7], RTSP [6], and SMTP [9].
+
+ >From this model, it is clear that three entities in the system can
+ potentially make false assumptions about the service provided by the
+ server. The human user may form expectations relating to the content
+ of the service based on a parsing of the host name from which the
+ content originated. The server might assume that the client
+ connecting to it supports protocols that it does not, can process
+ content that it cannot, or has capabilities that it does not.
+ Similarly, the client might assume that the server supports
+ protocols, content, or capabilities that it does not. Furthermore,
+ applications can potentially contain a multiplicity of humans,
+ clients, and servers, all of which can independently make these false
+ assumptions.
+
+4. Possible Assumptions
+
+ For each of the three elements, there are many types of false
+ assumptions that can be made.
+
+4.1. By the User
+
+ The set of possible assumptions here is nearly boundless. Users
+ might assume that an HTTP URL that looks like a company name maps to
+ a server run by that company. They might assume that an email from a
+ email address in the .gov TLD is actually from a government employee.
+ They might assume that the content obtained from a web server within
+ a TLD labeled as containing adult materials (for example, .sex)
+ actually contains adult content [8]. These assumptions are
+ unavoidable, may all be false, and are not the focus of this
+ document.
+
+
+
+
+
+
+
+
+
+Rosenberg Informational [Page 5]
+
+RFC 4367 Name Assumptions February 2006
+
+
+4.2. By the Client
+
+ Even though the client is an automaton, it can make some of the same
+ assumptions that a human user might make. For example, many clients
+ assume that any host with a hostname that begins with "www" is a web
+ server, even though this assumption may be false.
+
+ In addition, the client concerns itself with the protocols needed to
+ communicate with the server. As a result, it might make assumptions
+ about the operation of the protocols for communicating with the
+ server. These assumptions manifest themselves in an implementation
+ when a standardized protocol negotiation technique defined by the
+ protocol is ignored, and instead, some kind of rule is coded into the
+ software that comes to its own conclusion about what the negotiation
+ would have determined. The result is often a loss of
+ interoperability, degradation in reliability, and worsening of user
+ experience.
+
+ Authentication Algorithm: Though a protocol might support a
+ multiplicity of authentication techniques, a client might assume
+ that a server always supports one that is only optional according
+ to the protocol. For example, a SIP client contacting a SIP
+ server in a domain that is apparently used to identify mobile
+ devices (for example, www.example.cellular) might assume that the
+ server supports the optional Authentication and Key Agreement
+ (AKA) digest technique [10], just because of the domain name that
+ was used to access the server. As another example, a web client
+ might assume that a server with the name https.example.com
+ supports HTTP over Transport Layer Security (TLS) [16].
+
+ Data Formats: Though a protocol might allow a multiplicity of data
+ formats to be sent from the server to the client, the client might
+ assume a specific one, rather than using the content labeling and
+ negotiation capabilities of the underlying protocol. For example,
+ an RTSP client might assume that all audio content delivered to it
+ from media.example.cellular uses a low-bandwidth codec. As
+ another example, a mail client might assume that the contents of
+ messages it retrieves from a mail server at mail.example.cellular
+ are always text, instead of checking the MIME headers [11] in the
+ message in order to determine the actual content type.
+
+ Protocol Extensions: A client may attempt an operation on the server
+ that requires the server to support an optional protocol
+ extension. However, rather than implementing the necessary
+ fallback logic, the client may falsely assume that the extension
+ is supported. As an example, a SIP client that requires reliable
+ provisional responses to its request (RFC 3262 [17]) might assume
+ that this extension is supported on servers in the domain
+
+
+
+Rosenberg Informational [Page 6]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ sip.example.telecom. Furthermore, the client would not implement
+ the fallback behavior defined in RFC 3262, since it would assume
+ that all servers it will communicate with are in this domain and
+ that all therefore support this extension. However, if the
+ assumptions prove wrong, the client is unable to make any phone
+ calls.
+
+ Languages: A client may support facilities for processing text
+ content differently depending on the language of the text. Rather
+ than determining the language from markers in the message from the
+ server, the client might assume a language based on the domain
+ name. This assumption can easily be wrong. For example, a client
+ might assume that any text in a web page retrieved from a server
+ within the .de country code TLD (ccTLD) is in German, and attempt
+ a translation to Finnish. This would fail dramatically if the
+ text was actually in French. Unfortunately, this client behavior
+ is sometimes exhibited because the server has not properly labeled
+ the language of the content in the first place, often because the
+ server assumed such a labeling was not needed. This is an example
+ of how these false assumptions can create vicious cycles.
+
+4.3. By the Server
+
+ The server, like the client, is an automaton. Let us consider one
+ servicing a particular domain -- www.company.cellular, for example.
+ It might assume that all clients connecting to this domain support
+ particular capabilities, rather than using the underlying protocol to
+ make this determination. Some examples include:
+
+ Authentication Algorithm: The server can assume that a client
+ supports a particular, optional, authentication technique, and it
+ therefore does not support the mandatory one.
+
+ Language: The server can serve content in a particular language,
+ based on an assumption that clients accessing the domain speak a
+ particular language, or based on an assumption that clients coming
+ from a particular IP address speak a certain language.
+
+ Data Formats: The server can assume that the client supports a
+ particular set of MIME types and is only capable of sending ones
+ within that set. When it generates content in a protocol
+ response, it ignores any content negotiation headers that were
+ present in the request. For example, a web server might ignore
+ the Accept HTTP header field and send a specific image format.
+
+
+
+
+
+
+
+Rosenberg Informational [Page 7]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ Protocol Extensions: The server might assume that the client supports
+ a particular optional protocol extension, and so it does not
+ support the fallback behavior necessary in the case where the
+ client does not.
+
+ Client Characteristics: The server might assume certain things about
+ the physical characteristics of its clients, such as memory
+ footprint, processing power, screen sizes, screen colors, pointing
+ devices, and so on. Based on these assumptions, it might choose
+ specific behaviors when processing a request. For example, a web
+ server might always assume that clients connect through cell
+ phones, and therefore return content that lacks images and is
+ tuned for such devices.
+
+5. Consequences of False Assumptions
+
+ There are numerous negative outcomes that can arise from the various
+ false assumptions that users, servers, and clients can make. These
+ include:
+
+ Interoperability Failure: In these cases, the client or server
+ assumed some kind of protocol operation, and this assumption was
+ wrong. The result is that the two are unable to communicate, and
+ the user receives some kind of an error. This represents a total
+ interoperability failure, manifesting itself as a lack of service
+ to users of the system. Unfortunately, this kind of failure
+ persists. Repeated attempts over time by the client to access the
+ service will fail. Only a change in the server or client software
+ can fix this problem.
+
+ System Failure: In these cases, the client or server misinterpreted a
+ protocol operation, and this misinterpretation was serious enough
+ to uncover a bug in the implementation. The bug causes a system
+ crash or some kind of outage, either transient or permanent (until
+ user reset). If this failure occurs in a server, not only will
+ the connecting client lose service, but other clients attempting
+ to connect will not get service. As an example, if a web server
+ assumes that content passed to it from a client (created, for
+ example, by a digital camera) is of a particular content type, and
+ it always passes image content to a codec for decompression prior
+ to storage, the codec might crash when it unexpectedly receives an
+ image compressed in a different format. Of course, it might crash
+ even if the Content-Type was correct, but the compressed bitstream
+ was invalid. False assumptions merely introduce additional
+ failure cases.
+
+
+
+
+
+
+Rosenberg Informational [Page 8]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ Poor User Experience: In these cases, the client and server
+ communicate, but the user receives a diminished user experience.
+ For example, if a client on a PC connects to a web site that
+ provides content for mobile devices, the content may be
+ underwhelming when viewed on the PC. Or, a client accessing a
+ streaming media service may receive content of very low bitrate,
+ even though the client supported better codecs. Indeed, if a user
+ wishes to access content from both a cellular device and a PC
+ using a shared address book (that is, an address book shared
+ across multiple devices), the user would need two entries in that
+ address book, and would need to use the right one from the right
+ device. This is a poor user experience.
+
+ Degraded Security: In these cases, a weaker security mechanism is
+ used than the one that ought to have been used. As an example, a
+ server in a domain might assume that it is only contacted by
+ clients with a limited set of authentication algorithms, even
+ though the clients have been recently upgraded to support a
+ stronger set.
+
+6. Reasons Why the Assumptions Can Be False
+
+ Assumptions made by clients and servers about the operation of
+ protocols when contacting a particular domain are brittle, and can be
+ wrong for many reasons. On the server side, many of the assumptions
+ are based on the notion that a domain name will only be given to, or
+ used by, a restricted set of clients. If the holder of the domain
+ name assumes something about those clients, and can assume that only
+ those clients use the domain name, then it can configure or program
+ the server to operate specifically for those clients. Both parts of
+ this assumption can be wrong, as discussed in more detail below.
+
+ On the client side, the notion is similar, being based on the
+ assumption that a server within a particular domain will provide a
+ specific type of service. Sub-delegation and evolution, both
+ discussed below, can make these assumptions wrong.
+
+6.1. Evolution
+
+ The Internet and the devices that access it are constantly evolving,
+ often at a rapid pace. Unfortunately, there is a tendency to build
+ for the here and now, and then worry about the future at a later
+ time. Many of the assumptions above are predicated on
+ characteristics of today's clients and servers. Support for specific
+ protocols, authentication techniques, or content are based on today's
+ standards and today's devices. Even though they may, for the most
+ part, be true, they won't always be. An excellent example is mobile
+ devices. A server servicing a domain accessed by mobile devices
+
+
+
+Rosenberg Informational [Page 9]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ might try to make assumptions about the protocols, protocol
+ extensions, security mechanisms, screen sizes, or processor power of
+ such devices. However, all of these characteristics can and will
+ change over time.
+
+ When they do change, the change is usually evolutionary. The result
+ is that the assumptions remain valid in some cases, but not in
+ others. It is difficult to fix such systems, since it requires the
+ server to detect what type of client is connecting, and what its
+ capabilities are. Unless the system is built and deployed with these
+ capability negotiation techniques built in to begin with, such
+ detection can be extremely difficult. In fact, fixing it will often
+ require the addition of such capability negotiation features that, if
+ they had been in place and used to begin with, would have avoided the
+ problem altogether.
+
+6.2. Leakage
+
+ Servers also make assumptions because of the belief that they will
+ only be accessed by specific clients, and in particular, those that
+ are configured or provisioned to use the domain name. In essence,
+ there is an assumption of community -- that a specific community
+ knows and uses the domain name, while others outside of the community
+ do not.
+
+ The problem is that this notion of community is a false one. The
+ Internet is global. The DNS is global. There is no technical
+ barrier that separates those inside of the community from those
+ outside. The ease with which information propagates across the
+ Internet makes it extremely likely that such domain names will
+ eventually find their way into clients outside of the presumed
+ community. The ubiquitous presence of domain names in various URI
+ formats, coupled with the ease of conveyance of URIs, makes such
+ leakage merely a matter of time. Furthermore, since the DNS is
+ global, and since it can only have one root [12], it becomes possible
+ for clients outside of the community to search and find and use such
+ "special" domain names.
+
+ Indeed, this leakage is a strength of the Internet architecture, not
+ a weakness. It enables global access to services from any client
+ with a connection to the Internet. That, in turn, allows for rapid
+ growth in the number of customers for any particular service.
+
+6.3. Sub-Delegation
+
+ Clients and users make assumptions about domains because of the
+ notion that there is some kind of centralized control that can
+ enforce those assumptions. However, the DNS is not centralized; it
+
+
+
+Rosenberg Informational [Page 10]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ is distributed. If a domain doesn't delegate its sub-domains and has
+ its records within a single zone, it is possible to maintain a
+ centralized policy about operation of its domain. However, once a
+ domain gets sufficiently large that the domain administrators begin
+ to delegate sub-domains to other authorities, it becomes increasingly
+ difficult to maintain any kind of central control on the nature of
+ the service provided in each sub-domain.
+
+ Similarly, the usage of domain names with human semantic connotation
+ tends to lead to a registration of multiple domains in which a
+ particular service is to run. As an example, a service provider with
+ the name "example" might register and set up its services in
+ "example.com", "example.net", and generally example.foo for each foo
+ that is a valid TLD. This, like sub-delegation, results in a growth
+ in the number of domains over which it is difficult to maintain
+ centralized control.
+
+ Not that it is not possible, since there are many examples of
+ successful administration of policies across sub-domains many levels
+ deep. However, it takes an increasing amount of effort to ensure
+ this result, as it requires human intervention and the creation of
+ process and procedure. Automated validation of adherence to policies
+ is very difficult to do, as there is no way to automatically verify
+ many policies that might be put into place.
+
+ A less costly process for providing centralized management of
+ policies is to just hope that any centralized policies are being
+ followed, and then wait for complaints or perform random audits.
+ Those approaches have many problems.
+
+ The invalidation of assumptions due to sub-delegation is discussed in
+ further detail in Section 4.1.3 of [8] and in Section 3.3 of [20].
+
+ As a result of the fragility of policy continuity across sub-
+ delegations, if a client or user assumes some kind of property
+ associated with a TLD (such as ".wifi"), it becomes increasingly more
+ likely with the number of sub-domains that this property will not
+ exist in a server identified by a particular name. For example, in
+ "store.chain.company.provider.wifi", there may be four levels of
+ delegation from ".wifi", making it quite likely that, unless the
+ holder of ".wifi" is working diligently, the properties that the
+ holder of ".wifi" wishes to enforce are not present. These
+ properties may not be present due to human error or due to a willful
+ decision not to adhere to them.
+
+
+
+
+
+
+
+Rosenberg Informational [Page 11]
+
+RFC 4367 Name Assumptions February 2006
+
+
+6.4. Mobility
+
+ One of the primary value propositions of a hostname as an identifier
+ is its persistence. A client can change IP addresses, yet still
+ retain a persistent identifier used by other hosts to reach it.
+ Because their value derives from their persistence, hostnames tend to
+ move with a host not just as it changes IP addresses, but as it
+ changes access network providers and technologies. For this reason,
+ assumptions made about a host based on the presumed access network
+ corresponding to that hostname tend to be wrong over time. As an
+ example, a PC might normally be connected to its broadband provider,
+ and through dynamic DNS have a hostname within the domain of that
+ provider. However, one cannot assume that any host within that
+ network has access over a broadband link; the user could connect
+ their PC over a low-bandwidth wireless access network and still
+ retain its domain name.
+
+6.5. Human Error
+
+ Of course, human error can be the source of errors in any system, and
+ the same is true here. There are many examples relevant to the
+ problem under discussion.
+
+ A client implementation may make the assumption that, just because a
+ DNS SRV record exists for a particular protocol in a particular
+ domain, indicating that the service is available on some port, that
+ the service is, in fact, running there. This assumption could be
+ wrong because the SRV records haven't been updated by the system
+ administrators to reflect the services currently running. As another
+ example, a client might assume that a particular domain policy
+ applies to all sub-domains. However, a system administrator might
+ have omitted to apply the policy to servers running in one of those
+ sub-domains.
+
+7. Recommendations
+
+ Based on these problems, the clear conclusion is that clients,
+ servers, and users should not make assumptions on the nature of the
+ service provided to, or by, a domain. More specifically, however,
+ the following can be said:
+
+ Follow the specifications: When specifications define mandatory
+ baseline procedures and formats, those should be implemented and
+ supported, even if the expectation is that optional procedures
+ will most often be used. For example, if a specification mandates
+ a particular baseline authentication technique, but allows others
+ to be negotiated and used, implementations need to implement the
+ baseline authentication algorithm even if the other ones are used
+
+
+
+Rosenberg Informational [Page 12]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ most of the time. Put more simply, the behavior of the protocol
+ machinery should never change based on the domain name of the
+ host.
+
+ Use capability negotiation: Many protocols are engineered with
+ capability negotiation mechanisms. For example, a content
+ negotiation framework has been defined for protocols using MIME
+ content [13] [14] [15]. SIP allows for clients to negotiate the
+ media types used in the multimedia session, as well as protocol
+ parameters. HTTP allows for clients to negotiate the media types
+ returned in requests for content. When such features are
+ available in a protocol, client and servers should make use of
+ them rather than making assumptions about supported capabilities.
+ A corollary is that protocol designers should include such
+ mechanisms when evolution is expected in the usage of the
+ protocol.
+
+ "Be liberal in what you accept, and conservative in what you send"
+ [18]: This axiom of Internet protocol design is applicable here
+ as well. Implementations should be prepared for the full breadth
+ of what a protocol allows another entity to send, rather than be
+ limiting in what it is willing to receive.
+
+ To summarize -- there is never a need to make assumptions. Rather
+ than doing so, utilize the specifications and the negotiation
+ capabilities they provide, and the overall system will be robust and
+ interoperable.
+
+8. A Note on RFC 2219 and RFC 2782
+
+ Based on the definition of an assumption given here, the behavior
+ hinted at by records in the DNS also represents an assumption. RFC
+ 2219 [19] defines well-known aliases that can be used to construct
+ domain names for reaching various well-known services in a domain.
+ This approach was later followed by the definition of a new resource
+ record, the SRV record [2], which specifies that a particular service
+ is running on a server in a domain. Although both of these
+ mechanisms are useful as a hint that a particular service is running
+ in a domain, both of them represent assumptions that may be false.
+ However, they differ in the set of reasons why those assumptions
+ might be false.
+
+ A client that assumes that "ftp.example.com" is an FTP server may be
+ wrong because the presumed naming convention in RFC 2219 was not
+ known by, or not followed by, the owner of domain.com. With RFC
+ 2782, an SRV record for a particular service would be present only by
+ explicit choice of the domain administrator, and thus a client that
+
+
+
+
+Rosenberg Informational [Page 13]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ assumes that the corresponding host provides this service would be
+ wrong only because of human error in configuration. In this case,
+ the assumption is less likely to be wrong, but it certainly can be.
+
+ The only way to determine with certainty that a service is running on
+ a host is to initiate a connection to the port for that service, and
+ check. Implementations need to be careful not to codify any
+ behaviors that cause failures should the information provided in the
+ record actually be false. This borders on common sense for robust
+ implementations, but it is valuable to raise this point explicitly.
+
+9. Security Considerations
+
+ One of the assumptions that can be made by clients or servers is the
+ availability and usage (or lack thereof) of certain security
+ protocols and algorithms. For example, a client accessing a service
+ in a particular domain might assume a specific authentication
+ algorithm or hash function in the application protocol. It is
+ possible that, over time, weaknesses are found in such a technique,
+ requiring usage of a different mechanism. Similarly, a system might
+ start with an insecure mechanism, and then decide later on to use a
+ secure one. In either case, assumptions made on security properties
+ can result in interoperability failures, or worse yet, providing
+ service in an insecure way, even though the client asked for, and
+ thought it would get, secure service. These kinds of assumptions are
+ fundamentally unsound even if the records themselves are secured with
+ DNSSEC.
+
+10. Acknowledgements
+
+ The IAB would like to thank John Klensin, Keith Moore and Peter Koch
+ for their comments.
+
+11. IAB Members
+
+ Internet Architecture Board members at the time of writing of this
+ document are:
+
+ Bernard Aboba
+
+ Loa Andersson
+
+ Brian Carpenter
+
+ Leslie Daigle
+
+ Patrik Faltstrom
+
+
+
+
+Rosenberg Informational [Page 14]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ Bob Hinden
+
+ Kurtis Lindqvist
+
+ David Meyer
+
+ Pekka Nikander
+
+ Eric Rescorla
+
+ Pete Resnick
+
+ Jonathan Rosenberg
+
+12. Informative References
+
+ [1] Mockapetris, P., "Domain names - concepts and facilities",
+ STD 13, RFC 1034, November 1987.
+
+ [2] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
+ specifying the location of services (DNS SRV)", RFC 2782,
+ February 2000.
+
+ [3] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part
+ Three: The Domain Name System (DNS) Database", RFC 3403,
+ October 2002.
+
+ [4] Davis, C., Vixie, P., Goodwin, T., and I. Dickinson, "A Means
+ for Expressing Location Information in the Domain Name System",
+ RFC 1876, January 1996.
+
+ [5] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
+ Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
+ HTTP/1.1", RFC 2616, June 1999.
+
+ [6] Schulzrinne, H., Rao, A., and R. Lanphier, "Real Time Streaming
+ Protocol (RTSP)", RFC 2326, April 1998.
+
+ [7] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
+ Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
+ Session Initiation Protocol", RFC 3261, June 2002.
+
+ [8] Eastlake, D., ".sex Considered Dangerous", RFC 3675,
+ February 2004.
+
+ [9] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
+ April 2001.
+
+
+
+
+Rosenberg Informational [Page 15]
+
+RFC 4367 Name Assumptions February 2006
+
+
+ [10] Niemi, A., Arkko, J., and V. Torvinen, "Hypertext Transfer
+ Protocol (HTTP) Digest Authentication Using Authentication and
+ Key Agreement (AKA)", RFC 3310, September 2002.
+
+ [11] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
+ Extensions (MIME) Part One: Format of Internet Message Bodies",
+ RFC 2045, November 1996.
+
+ [12] Internet Architecture Board, "IAB Technical Comment on the
+ Unique DNS Root", RFC 2826, May 2000.
+
+ [13] Klyne, G., "Indicating Media Features for MIME Content",
+ RFC 2912, September 2000.
+
+ [14] Klyne, G., "A Syntax for Describing Media Feature Sets",
+ RFC 2533, March 1999.
+
+ [15] Klyne, G., "Protocol-independent Content Negotiation
+ Framework", RFC 2703, September 1999.
+
+ [16] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
+
+ [17] Rosenberg, J. and H. Schulzrinne, "Reliability of Provisional
+ Responses in Session Initiation Protocol (SIP)", RFC 3262,
+ June 2002.
+
+ [18] Braden, R., "Requirements for Internet Hosts - Communication
+ Layers", STD 3, RFC 1122, October 1989.
+
+ [19] Hamilton, M. and R. Wright, "Use of DNS Aliases for Network
+ Services", BCP 17, RFC 2219, October 1997.
+
+ [20] Faltstrom, P., "Design Choices When Expanding DNS", Work in
+ Progress, June 2005.
+
+Author's Address
+
+ Jonathan Rosenberg, Editor
+ IAB
+ 600 Lanidex Plaza
+ Parsippany, NJ 07054
+ US
+
+ Phone: +1 973 952-5000
+ EMail: jdrosen@cisco.com
+ URI: http://www.jdrosen.net
+
+
+
+
+
+Rosenberg Informational [Page 16]
+
+RFC 4367 Name Assumptions February 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Rosenberg Informational [Page 17]
+
diff --git a/doc/rfc/rfc4398.txt b/doc/rfc/rfc4398.txt
new file mode 100644
index 00000000..6437436e
--- /dev/null
+++ b/doc/rfc/rfc4398.txt
@@ -0,0 +1,955 @@
+
+
+
+
+
+
+Network Working Group S. Josefsson
+Request for Comments: 4398 March 2006
+Obsoletes: 2538
+Category: Standards Track
+
+
+ Storing Certificates in the Domain Name System (DNS)
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ Cryptographic public keys are frequently published, and their
+ authenticity is demonstrated by certificates. A CERT resource record
+ (RR) is defined so that such certificates and related certificate
+ revocation lists can be stored in the Domain Name System (DNS).
+
+ This document obsoletes RFC 2538.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 1]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+Table of Contents
+
+ 1. Introduction ....................................................3
+ 2. The CERT Resource Record ........................................3
+ 2.1. Certificate Type Values ....................................4
+ 2.2. Text Representation of CERT RRs ............................6
+ 2.3. X.509 OIDs .................................................6
+ 3. Appropriate Owner Names for CERT RRs ............................7
+ 3.1. Content-Based X.509 CERT RR Names ..........................8
+ 3.2. Purpose-Based X.509 CERT RR Names ..........................9
+ 3.3. Content-Based OpenPGP CERT RR Names ........................9
+ 3.4. Purpose-Based OpenPGP CERT RR Names .......................10
+ 3.5. Owner Names for IPKIX, ISPKI, IPGP, and IACPKIX ...........10
+ 4. Performance Considerations .....................................11
+ 5. Contributors ...................................................11
+ 6. Acknowledgements ...............................................11
+ 7. Security Considerations ........................................12
+ 8. IANA Considerations ............................................12
+ 9. Changes since RFC 2538 .........................................13
+ 10. References ....................................................14
+ 10.1. Normative References .....................................14
+ 10.2. Informative References ...................................15
+ Appendix A. Copying Conditions ...................................16
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 2]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+1. Introduction
+
+ Public keys are frequently published in the form of a certificate,
+ and their authenticity is commonly demonstrated by certificates and
+ related certificate revocation lists (CRLs). A certificate is a
+ binding, through a cryptographic digital signature, of a public key,
+ a validity interval and/or conditions, and identity, authorization,
+ or other information. A certificate revocation list is a list of
+ certificates that are revoked, and of incidental information, all
+ signed by the signer (issuer) of the revoked certificates. Examples
+ are X.509 certificates/CRLs in the X.500 directory system or OpenPGP
+ certificates/revocations used by OpenPGP software.
+
+ Section 2 specifies a CERT resource record (RR) for the storage of
+ certificates in the Domain Name System [1] [2].
+
+ Section 3 discusses appropriate owner names for CERT RRs.
+
+ Sections 4, 7, and 8 cover performance, security, and IANA
+ considerations, respectively.
+
+ Section 9 explains the changes in this document compared to RFC 2538.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [3].
+
+2. The CERT Resource Record
+
+ The CERT resource record (RR) has the structure given below. Its RR
+ type code is 37.
+
+ 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | type | key tag |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | algorithm | /
+ +---------------+ certificate or CRL /
+ / /
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
+
+ The type field is the certificate type as defined in Section 2.1
+ below.
+
+ The key tag field is the 16-bit value computed for the key embedded
+ in the certificate, using the RRSIG Key Tag algorithm described in
+ Appendix B of [12]. This field is used as an efficiency measure to
+
+
+
+Josefsson Standards Track [Page 3]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ pick which CERT RRs may be applicable to a particular key. The key
+ tag can be calculated for the key in question, and then only CERT RRs
+ with the same key tag need to be examined. Note that two different
+ keys can have the same key tag. However, the key MUST be transformed
+ to the format it would have as the public key portion of a DNSKEY RR
+ before the key tag is computed. This is only possible if the key is
+ applicable to an algorithm and complies to limits (such as key size)
+ defined for DNS security. If it is not, the algorithm field MUST be
+ zero and the tag field is meaningless and SHOULD be zero.
+
+ The algorithm field has the same meaning as the algorithm field in
+ DNSKEY and RRSIG RRs [12], except that a zero algorithm field
+ indicates that the algorithm is unknown to a secure DNS, which may
+ simply be the result of the algorithm not having been standardized
+ for DNSSEC [11].
+
+2.1. Certificate Type Values
+
+ The following values are defined or reserved:
+
+ Value Mnemonic Certificate Type
+ ----- -------- ----------------
+ 0 Reserved
+ 1 PKIX X.509 as per PKIX
+ 2 SPKI SPKI certificate
+ 3 PGP OpenPGP packet
+ 4 IPKIX The URL of an X.509 data object
+ 5 ISPKI The URL of an SPKI certificate
+ 6 IPGP The fingerprint and URL of an OpenPGP packet
+ 7 ACPKIX Attribute Certificate
+ 8 IACPKIX The URL of an Attribute Certificate
+ 9-252 Available for IANA assignment
+ 253 URI URI private
+ 254 OID OID private
+ 255 Reserved
+ 256-65279 Available for IANA assignment
+ 65280-65534 Experimental
+ 65535 Reserved
+
+ These values represent the initial content of the IANA registry; see
+ Section 8.
+
+ The PKIX type is reserved to indicate an X.509 certificate conforming
+ to the profile defined by the IETF PKIX working group [8]. The
+ certificate section will start with a one-octet unsigned OID length
+ and then an X.500 OID indicating the nature of the remainder of the
+
+
+
+
+
+Josefsson Standards Track [Page 4]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ certificate section (see Section 2.3, below). (NOTE: X.509
+ certificates do not include their X.500 directory-type-designating
+ OID as a prefix.)
+
+ The SPKI and ISPKI types are reserved to indicate the SPKI
+ certificate format [15], for use when the SPKI documents are moved
+ from experimental status. The format for these two CERT RR types
+ will need to be specified later.
+
+ The PGP type indicates an OpenPGP packet as described in [5] and its
+ extensions and successors. This is used to transfer public key
+ material and revocation signatures. The data is binary and MUST NOT
+ be encoded into an ASCII armor. An implementation SHOULD process
+ transferable public keys as described in Section 10.1 of [5], but it
+ MAY handle additional OpenPGP packets.
+
+ The ACPKIX type indicates an Attribute Certificate format [9].
+
+ The IPKIX and IACPKIX types indicate a URL that will serve the
+ content that would have been in the "certificate, CRL, or URL" field
+ of the corresponding type (PKIX or ACPKIX, respectively).
+
+ The IPGP type contains both an OpenPGP fingerprint for the key in
+ question, as well as a URL. The certificate portion of the IPGP CERT
+ RR is defined as a one-octet fingerprint length, followed by the
+ OpenPGP fingerprint, followed by the URL. The OpenPGP fingerprint is
+ calculated as defined in RFC 2440 [5]. A zero-length fingerprint or
+ a zero-length URL are legal, and indicate URL-only IPGP data or
+ fingerprint-only IPGP data, respectively. A zero-length fingerprint
+ and a zero-length URL are meaningless and invalid.
+
+ The IPKIX, ISPKI, IPGP, and IACPKIX types are known as "indirect".
+ These types MUST be used when the content is too large to fit in the
+ CERT RR and MAY be used at the implementer's discretion. They SHOULD
+ NOT be used where the DNS message is 512 octets or smaller and could
+ thus be expected to fit a UDP packet.
+
+ The URI private type indicates a certificate format defined by an
+ absolute URI. The certificate portion of the CERT RR MUST begin with
+ a null-terminated URI [10], and the data after the null is the
+ private format certificate itself. The URI SHOULD be such that a
+ retrieval from it will lead to documentation on the format of the
+ certificate. Recognition of private certificate types need not be
+ based on URI equality but can use various forms of pattern matching
+ so that, for example, subtype or version information can also be
+ encoded into the URI.
+
+
+
+
+
+Josefsson Standards Track [Page 5]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ The OID private type indicates a private format certificate specified
+ by an ISO OID prefix. The certificate section will start with a
+ one-octet unsigned OID length and then a BER-encoded OID indicating
+ the nature of the remainder of the certificate section. This can be
+ an X.509 certificate format or some other format. X.509 certificates
+ that conform to the IETF PKIX profile SHOULD be indicated by the PKIX
+ type, not the OID private type. Recognition of private certificate
+ types need not be based on OID equality but can use various forms of
+ pattern matching such as OID prefix.
+
+2.2. Text Representation of CERT RRs
+
+ The RDATA portion of a CERT RR has the type field as an unsigned
+ decimal integer or as a mnemonic symbol as listed in Section 2.1,
+ above.
+
+ The key tag field is represented as an unsigned decimal integer.
+
+ The algorithm field is represented as an unsigned decimal integer or
+ a mnemonic symbol as listed in [12].
+
+ The certificate/CRL portion is represented in base 64 [16] and may be
+ divided into any number of white-space-separated substrings, down to
+ single base-64 digits, which are concatenated to obtain the full
+ signature. These substrings can span lines using the standard
+ parenthesis.
+
+ Note that the certificate/CRL portion may have internal sub-fields,
+ but these do not appear in the master file representation. For
+ example, with type 254, there will be an OID size, an OID, and then
+ the certificate/CRL proper. However, only a single logical base-64
+ string will appear in the text representation.
+
+2.3. X.509 OIDs
+
+ OIDs have been defined in connection with the X.500 directory for
+ user certificates, certification authority certificates, revocations
+ of certification authority, and revocations of user certificates.
+ The following table lists the OIDs, their BER encoding, and their
+ length-prefixed hex format for use in CERT RRs:
+
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 6]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ id-at-userCertificate
+ = { joint-iso-ccitt(2) ds(5) at(4) 36 }
+ == 0x 03 55 04 24
+ id-at-cACertificate
+ = { joint-iso-ccitt(2) ds(5) at(4) 37 }
+ == 0x 03 55 04 25
+ id-at-authorityRevocationList
+ = { joint-iso-ccitt(2) ds(5) at(4) 38 }
+ == 0x 03 55 04 26
+ id-at-certificateRevocationList
+ = { joint-iso-ccitt(2) ds(5) at(4) 39 }
+ == 0x 03 55 04 27
+
+3. Appropriate Owner Names for CERT RRs
+
+ It is recommended that certificate CERT RRs be stored under a domain
+ name related to their subject, i.e., the name of the entity intended
+ to control the private key corresponding to the public key being
+ certified. It is recommended that certificate revocation list CERT
+ RRs be stored under a domain name related to their issuer.
+
+ Following some of the guidelines below may result in DNS names with
+ characters that require DNS quoting as per Section 5.1 of RFC 1035
+ [2].
+
+ The choice of name under which CERT RRs are stored is important to
+ clients that perform CERT queries. In some situations, the clients
+ may not know all information about the CERT RR object it wishes to
+ retrieve. For example, a client may not know the subject name of an
+ X.509 certificate, or the email address of the owner of an OpenPGP
+ key. Further, the client might only know the hostname of a service
+ that uses X.509 certificates or the Key ID of an OpenPGP key.
+
+ Therefore, two owner name guidelines are defined: content-based owner
+ names and purpose-based owner names. A content-based owner name is
+ derived from the content of the CERT RR data; for example, the
+ Subject field in an X.509 certificate or the User ID field in OpenPGP
+ keys. A purpose-based owner name is a name that a client retrieving
+ CERT RRs ought to know already; for example, the host name of an
+ X.509 protected service or the Key ID of an OpenPGP key. The
+ content-based and purpose-based owner name may be the same; for
+ example, when a client looks up a key based on the From: address of
+ an incoming email.
+
+ Implementations SHOULD use the purpose-based owner name guidelines
+ described in this document and MAY use CNAME RRs at content-based
+ owner names (or other names), pointing to the purpose-based owner
+ name.
+
+
+
+Josefsson Standards Track [Page 7]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ Note that this section describes an application-based mapping from
+ the name space used in a certificate to the name space used by DNS.
+ The DNS does not infer any relationship amongst CERT resource records
+ based on similarities or differences of the DNS owner name(s) of CERT
+ resource records. For example, if multiple labels are used when
+ mapping from a CERT identifier to a domain name, then care must be
+ taken in understanding wildcard record synthesis.
+
+3.1. Content-Based X.509 CERT RR Names
+
+ Some X.509 versions, such as the PKIX profile of X.509 [8], permit
+ multiple names to be associated with subjects and issuers under
+ "Subject Alternative Name" and "Issuer Alternative Name". For
+ example, the PKIX profile has such Alternate Names with an ASN.1
+ specification as follows:
+
+ GeneralName ::= CHOICE {
+ otherName [0] OtherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ORAddress,
+ directoryName [4] Name,
+ ediPartyName [5] EDIPartyName,
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER }
+
+ The recommended locations of CERT storage are as follows, in priority
+ order:
+
+ 1. If a domain name is included in the identification in the
+ certificate or CRL, that ought to be used.
+ 2. If a domain name is not included but an IP address is included,
+ then the translation of that IP address into the appropriate
+ inverse domain name ought to be used.
+ 3. If neither of the above is used, but a URI containing a domain
+ name is present, that domain name ought to be used.
+ 4. If none of the above is included but a character string name is
+ included, then it ought to be treated as described below for
+ OpenPGP names.
+ 5. If none of the above apply, then the distinguished name (DN)
+ ought to be mapped into a domain name as specified in [4].
+
+ Example 1: An X.509v3 certificate is issued to /CN=John Doe /DC=Doe/
+ DC=com/DC=xy/O=Doe Inc/C=XY/ with Subject Alternative Names of (a)
+ string "John (the Man) Doe", (b) domain name john-doe.com, and (c)
+ URI <https://www.secure.john-doe.com:8080/>. The storage locations
+ recommended, in priority order, would be
+
+
+
+Josefsson Standards Track [Page 8]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ 1. john-doe.com,
+ 2. www.secure.john-doe.com, and
+ 3. Doe.com.xy.
+
+ Example 2: An X.509v3 certificate is issued to /CN=James Hacker/
+ L=Basingstoke/O=Widget Inc/C=GB/ with Subject Alternate names of (a)
+ domain name widget.foo.example, (b) IPv4 address 10.251.13.201, and
+ (c) string "James Hacker <hacker@mail.widget.foo.example>". The
+ storage locations recommended, in priority order, would be
+
+ 1. widget.foo.example,
+ 2. 201.13.251.10.in-addr.arpa, and
+ 3. hacker.mail.widget.foo.example.
+
+3.2. Purpose-Based X.509 CERT RR Names
+
+ Due to the difficulty for clients that do not already possess a
+ certificate to reconstruct the content-based owner name,
+ purpose-based owner names are recommended in this section.
+ Recommendations for purpose-based owner names vary per scenario. The
+ following table summarizes the purpose-based X.509 CERT RR owner name
+ guidelines for use with S/MIME [17], SSL/TLS [13], and IPsec [14]:
+
+ Scenario Owner name
+ ------------------ ----------------------------------------------
+ S/MIME Certificate Standard translation of an RFC 2822 email
+ address. Example: An S/MIME certificate for
+ "postmaster@example.org" will use a standard
+ hostname translation of the owner name,
+ "postmaster.example.org".
+
+ TLS Certificate Hostname of the TLS server.
+
+ IPsec Certificate Hostname of the IPsec machine and/or, for IPv4
+ or IPv6 addresses, the fully qualified domain
+ name in the appropriate reverse domain.
+
+ An alternate approach for IPsec is to store raw public keys [18].
+
+3.3. Content-Based OpenPGP CERT RR Names
+
+ OpenPGP signed keys (certificates) use a general character string
+ User ID [5]. However, it is recommended by OpenPGP that such names
+ include the RFC 2822 [7] email address of the party, as in "Leslie
+ Example <Leslie@host.example>". If such a format is used, the CERT
+ ought to be under the standard translation of the email address into
+
+
+
+
+
+Josefsson Standards Track [Page 9]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ a domain name, which would be leslie.host.example in this case. If
+ no RFC 2822 name can be extracted from the string name, no specific
+ domain name is recommended.
+
+ If a user has more than one email address, the CNAME type can be used
+ to reduce the amount of data stored in the DNS. For example:
+
+ $ORIGIN example.org.
+ smith IN CERT PGP 0 0 <OpenPGP binary>
+ john.smith IN CNAME smith
+ js IN CNAME smith
+
+3.4. Purpose-Based OpenPGP CERT RR Names
+
+ Applications that receive an OpenPGP packet containing encrypted or
+ signed data but do not know the email address of the sender will have
+ difficulties constructing the correct owner name and cannot use the
+ content-based owner name guidelines. However, these clients commonly
+ know the key fingerprint or the Key ID. The key ID is found in
+ OpenPGP packets, and the key fingerprint is commonly found in
+ auxiliary data that may be available. In this case, use of an owner
+ name identical to the key fingerprint and the key ID expressed in
+ hexadecimal [16] is recommended. For example:
+
+ $ORIGIN example.org.
+ 0424D4EE81A0E3D119C6F835EDA21E94B565716F IN CERT PGP ...
+ F835EDA21E94B565716F IN CERT PGP ...
+ B565716F IN CERT PGP ...
+
+ If the same key material is stored for several owner names, the use
+ of CNAME may help avoid data duplication. Note that CNAME is not
+ always applicable, because it maps one owner name to the other for
+ all purposes, which may be sub-optimal when two keys with the same
+ Key ID are stored.
+
+3.5. Owner Names for IPKIX, ISPKI, IPGP, and IACPKIX
+
+ These types are stored under the same owner names, both purpose- and
+ content-based, as the PKIX, SPKI, PGP, and ACPKIX types.
+
+
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 10]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+4. Performance Considerations
+
+ The Domain Name System (DNS) protocol was designed for small
+ transfers, typically below 512 octets. While larger transfers will
+ perform correctly and work is underway to make larger transfers more
+ efficient, it is still advisable at this time that every reasonable
+ effort be made to minimize the size of certificates stored within the
+ DNS. Steps that can be taken may include using the fewest possible
+ optional or extension fields and using short field values for
+ necessary variable-length fields.
+
+ The RDATA field in the DNS protocol may only hold data of size 65535
+ octets (64kb) or less. This means that each CERT RR MUST NOT contain
+ more than 64kb of payload, even if the corresponding certificate or
+ certificate revocation list is larger. This document addresses this
+ by defining "indirect" data types for each normal type.
+
+ Deploying CERT RRs to support digitally signed email changes the
+ access patterns of DNS lookups from per-domain to per-user. If
+ digitally signed email and a key/certificate lookup based on CERT RRs
+ are deployed on a wide scale, this may lead to an increased DNS load,
+ with potential performance and cache effectiveness consequences.
+ Whether or not this load increase will be noticeable is not known.
+
+5. Contributors
+
+ The majority of this document is copied verbatim from RFC 2538, by
+ Donald Eastlake 3rd and Olafur Gudmundsson.
+
+6. Acknowledgements
+
+ Thanks to David Shaw and Michael Graff for their contributions to
+ earlier works that motivated, and served as inspiration for, this
+ document.
+
+ This document was improved by suggestions and comments from Olivier
+ Dubuisson, Scott Hollenbeck, Russ Housley, Peter Koch, Olaf M.
+ Kolkman, Ben Laurie, Edward Lewis, John Loughney, Allison Mankin,
+ Douglas Otis, Marcos Sanz, Pekka Savola, Jason Sloderbeck, Samuel
+ Weiler, and Florian Weimer. No doubt the list is incomplete. We
+ apologize to anyone we left out.
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 11]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+7. Security Considerations
+
+ By definition, certificates contain their own authenticating
+ signatures. Thus, it is reasonable to store certificates in
+ non-secure DNS zones or to retrieve certificates from DNS with DNS
+ security checking not implemented or deferred for efficiency. The
+ results may be trusted if the certificate chain is verified back to a
+ known trusted key and this conforms with the user's security policy.
+
+ Alternatively, if certificates are retrieved from a secure DNS zone
+ with DNS security checking enabled and are verified by DNS security,
+ the key within the retrieved certificate may be trusted without
+ verifying the certificate chain if this conforms with the user's
+ security policy.
+
+ If an organization chooses to issue certificates for its employees,
+ placing CERT RRs in the DNS by owner name, and if DNSSEC (with NSEC)
+ is in use, it is possible for someone to enumerate all employees of
+ the organization. This is usually not considered desirable, for the
+ same reason that enterprise phone listings are not often publicly
+ published and are even marked confidential.
+
+ Using the URI type introduces another level of indirection that may
+ open a new vulnerability. One method of securing that indirection is
+ to include a hash of the certificate in the URI itself.
+
+ If DNSSEC is used, then the non-existence of a CERT RR and,
+ consequently, certificates or revocation lists can be securely
+ asserted. Without DNSSEC, this is not possible.
+
+8. IANA Considerations
+
+ The IANA has created a new registry for CERT RR: certificate types.
+ The initial contents of this registry is:
+
+ Decimal Type Meaning Reference
+ ------- ---- ------- ---------
+ 0 Reserved RFC 4398
+ 1 PKIX X.509 as per PKIX RFC 4398
+ 2 SPKI SPKI certificate RFC 4398
+ 3 PGP OpenPGP packet RFC 4398
+ 4 IPKIX The URL of an X.509 data object RFC 4398
+ 5 ISPKI The URL of an SPKI certificate RFC 4398
+ 6 IPGP The fingerprint and URL RFC 4398
+ of an OpenPGP packet
+ 7 ACPKIX Attribute Certificate RFC 4398
+ 8 IACPKIX The URL of an Attribute RFC 4398
+ Certificate
+
+
+
+Josefsson Standards Track [Page 12]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ 9-252 Available for IANA assignment
+ by IETF Standards action
+ 253 URI URI private RFC 4398
+ 254 OID OID private RFC 4398
+ 255 Reserved RFC 4398
+ 256-65279 Available for IANA assignment
+ by IETF Consensus
+ 65280-65534 Experimental RFC 4398
+ 65535 Reserved RFC 4398
+
+ Certificate types 0x0000 through 0x00FF and 0xFF00 through 0xFFFF can
+ only be assigned by an IETF standards action [6]. This document
+ assigns 0x0001 through 0x0008 and 0x00FD and 0x00FE. Certificate
+ types 0x0100 through 0xFEFF are assigned through IETF Consensus [6]
+ based on RFC documentation of the certificate type. The availability
+ of private types under 0x00FD and 0x00FE ought to satisfy most
+ requirements for proprietary or private types.
+
+ The CERT RR reuses the DNS Security Algorithm Numbers registry. In
+ particular, the CERT RR requires that algorithm number 0 remain
+ reserved, as described in Section 2. The IANA will reference the
+ CERT RR as a user of this registry and value 0, in particular.
+
+9. Changes since RFC 2538
+
+ 1. Editorial changes to conform with new document requirements,
+ including splitting reference section into two parts and
+ updating the references to point at latest versions, and to add
+ some additional references.
+ 2. Improve terminology. For example replace "PGP" with "OpenPGP",
+ to align with RFC 2440.
+ 3. In Section 2.1, clarify that OpenPGP public key data are binary,
+ not the ASCII armored format, and reference 10.1 in RFC 2440 on
+ how to deal with OpenPGP keys, and acknowledge that
+ implementations may handle additional packet types.
+ 4. Clarify that integers in the representation format are decimal.
+ 5. Replace KEY/SIG with DNSKEY/RRSIG etc, to align with DNSSECbis
+ terminology. Improve reference for Key Tag Algorithm
+ calculations.
+ 6. Add examples that suggest use of CNAME to reduce bandwidth.
+ 7. In Section 3, appended the last paragraphs that discuss
+ "content-based" vs "purpose-based" owner names. Add Section 3.2
+ for purpose-based X.509 CERT owner names, and Section 3.4 for
+ purpose-based OpenPGP CERT owner names.
+ 8. Added size considerations.
+ 9. The SPKI types has been reserved, until RFC 2692/2693 is moved
+ from the experimental status.
+ 10. Added indirect types IPKIX, ISPKI, IPGP, and IACPKIX.
+
+
+
+Josefsson Standards Track [Page 13]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+ 11. An IANA registry of CERT type values was created.
+
+10. References
+
+10.1. Normative References
+
+ [1] Mockapetris, P., "Domain names - concepts and facilities",
+ STD 13, RFC 1034, November 1987.
+
+ [2] Mockapetris, P., "Domain names - implementation and
+ specification", STD 13, RFC 1035, November 1987.
+
+ [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [4] Kille, S., Wahl, M., Grimstad, A., Huber, R., and S. Sataluri,
+ "Using Domains in LDAP/X.500 Distinguished Names", RFC 2247,
+ January 1998.
+
+ [5] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer,
+ "OpenPGP Message Format", RFC 2440, November 1998.
+
+ [6] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
+ Considerations Section in RFCs", BCP 26, RFC 2434,
+ October 1998.
+
+ [7] Resnick, P., "Internet Message Format", RFC 2822, April 2001.
+
+ [8] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509
+ Public Key Infrastructure Certificate and Certificate
+ Revocation List (CRL) Profile", RFC 3280, April 2002.
+
+ [9] Farrell, S. and R. Housley, "An Internet Attribute Certificate
+ Profile for Authorization", RFC 3281, April 2002.
+
+ [10] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
+ Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986,
+ January 2005.
+
+ [11] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "DNS Security Introduction and Requirements", RFC 4033,
+ March 2005.
+
+ [12] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Resource Records for the DNS Security Extensions", RFC 4034,
+ March 2005.
+
+
+
+
+
+Josefsson Standards Track [Page 14]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+10.2. Informative References
+
+ [13] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
+ RFC 2246, January 1999.
+
+ [14] Kent, S. and K. Seo, "Security Architecture for the Internet
+ Protocol", RFC 4301, December 2005.
+
+ [15] Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B.,
+ and T. Ylonen, "SPKI Certificate Theory", RFC 2693,
+ September 1999.
+
+ [16] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings",
+ RFC 3548, July 2003.
+
+ [17] Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
+ (S/MIME) Version 3.1 Message Specification", RFC 3851,
+ July 2004.
+
+ [18] Richardson, M., "A Method for Storing IPsec Keying Material in
+ DNS", RFC 4025, March 2005.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 15]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+Appendix A. Copying Conditions
+
+ Regarding the portion of this document that was written by Simon
+ Josefsson ("the author", for the remainder of this section), the
+ author makes no guarantees and is not responsible for any damage
+ resulting from its use. The author grants irrevocable permission to
+ anyone to use, modify, and distribute it in any way that does not
+ diminish the rights of anyone else to use, modify, and distribute it,
+ provided that redistributed derivative works do not contain
+ misleading author or version information. Derivative works need not
+ be licensed under similar terms.
+
+Author's Address
+
+ Simon Josefsson
+
+ EMail: simon@josefsson.org
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 16]
+
+RFC 4398 Storing Certificates in the DNS February 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Josefsson Standards Track [Page 17]
+
diff --git a/doc/rfc/rfc4408.txt b/doc/rfc/rfc4408.txt
new file mode 100644
index 00000000..bc1b3f53
--- /dev/null
+++ b/doc/rfc/rfc4408.txt
@@ -0,0 +1,2691 @@
+
+
+
+
+
+
+Network Working Group M. Wong
+Request for Comments: 4408 W. Schlitt
+Category: Experimental April 2006
+
+
+ Sender Policy Framework (SPF) for
+ Authorizing Use of Domains in E-Mail, Version 1
+
+Status of This Memo
+
+ This memo defines an Experimental Protocol for the Internet
+ community. It does not specify an Internet standard of any kind.
+ Discussion and suggestions for improvement are requested.
+ Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+IESG Note
+
+ The following documents (RFC 4405, RFC 4406, RFC 4407, and RFC 4408)
+ are published simultaneously as Experimental RFCs, although there is
+ no general technical consensus and efforts to reconcile the two
+ approaches have failed. As such, these documents have not received
+ full IETF review and are published "AS-IS" to document the different
+ approaches as they were considered in the MARID working group.
+
+ The IESG takes no position about which approach is to be preferred
+ and cautions the reader that there are serious open issues for each
+ approach and concerns about using them in tandem. The IESG believes
+ that documenting the different approaches does less harm than not
+ documenting them.
+
+ Note that the Sender ID experiment may use DNS records that may have
+ been created for the current SPF experiment or earlier versions in
+ this set of experiments. Depending on the content of the record,
+ this may mean that Sender-ID heuristics would be applied incorrectly
+ to a message. Depending on the actions associated by the recipient
+ with those heuristics, the message may not be delivered or may be
+ discarded on receipt.
+
+ Participants relying on Sender ID experiment DNS records are warned
+ that they may lose valid messages in this set of circumstances.
+ aParticipants publishing SPF experiment DNS records should consider
+ the advice given in section 3.4 of RFC 4406 and may wish to publish
+ both v=spf1 and spf2.0 records to avoid the conflict.
+
+
+
+
+Wong & Schlitt Experimental [Page 1]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Participants in the Sender-ID experiment need to be aware that the
+ way Resent-* header fields are used will result in failure to receive
+ legitimate email when interacting with standards-compliant systems
+ (specifically automatic forwarders which comply with the standards by
+ not adding Resent-* headers, and systems which comply with RFC 822
+ but have not yet implemented RFC 2822 Resent-* semantics). It would
+ be inappropriate to advance Sender-ID on the standards track without
+ resolving this interoperability problem.
+
+ The community is invited to observe the success or failure of the two
+ approaches during the two years following publication, in order that
+ a community consensus can be reached in the future.
+
+Abstract
+
+ E-mail on the Internet can be forged in a number of ways. In
+ particular, existing protocols place no restriction on what a sending
+ host can use as the reverse-path of a message or the domain given on
+ the SMTP HELO/EHLO commands. This document describes version 1 of
+ the Sender Policy Framework (SPF) protocol, whereby a domain may
+ explicitly authorize the hosts that are allowed to use its domain
+ name, and a receiving host may check such authorization.
+
+Table of Contents
+
+ 1. Introduction ....................................................4
+ 1.1. Protocol Status ............................................4
+ 1.2. Terminology ................................................5
+ 2. Operation .......................................................5
+ 2.1. The HELO Identity ..........................................5
+ 2.2. The MAIL FROM Identity .....................................5
+ 2.3. Publishing Authorization ...................................6
+ 2.4. Checking Authorization .....................................6
+ 2.5. Interpreting the Result ....................................7
+ 2.5.1. None ................................................8
+ 2.5.2. Neutral .............................................8
+ 2.5.3. Pass ................................................8
+ 2.5.4. Fail ................................................8
+ 2.5.5. SoftFail ............................................9
+ 2.5.6. TempError ...........................................9
+ 2.5.7. PermError ...........................................9
+ 3. SPF Records .....................................................9
+ 3.1. Publishing ................................................10
+ 3.1.1. DNS Resource Record Types ..........................10
+ 3.1.2. Multiple DNS Records ...............................11
+ 3.1.3. Multiple Strings in a Single DNS record ............11
+ 3.1.4. Record Size ........................................11
+ 3.1.5. Wildcard Records ...................................11
+
+
+
+Wong & Schlitt Experimental [Page 2]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ 4. The check_host() Function ......................................12
+ 4.1. Arguments .................................................12
+ 4.2. Results ...................................................13
+ 4.3. Initial Processing ........................................13
+ 4.4. Record Lookup .............................................13
+ 4.5. Selecting Records .........................................13
+ 4.6. Record Evaluation .........................................14
+ 4.6.1. Term Evaluation ....................................14
+ 4.6.2. Mechanisms .........................................15
+ 4.6.3. Modifiers ..........................................15
+ 4.7. Default Result ............................................16
+ 4.8. Domain Specification ......................................16
+ 5. Mechanism Definitions ..........................................16
+ 5.1. "all" .....................................................17
+ 5.2. "include" .................................................18
+ 5.3. "a" .......................................................19
+ 5.4. "mx" ......................................................20
+ 5.5. "ptr" .....................................................20
+ 5.6. "ip4" and "ip6" ...........................................21
+ 5.7. "exists" ..................................................22
+ 6. Modifier Definitions ...........................................22
+ 6.1. redirect: Redirected Query ................................23
+ 6.2. exp: Explanation ..........................................23
+ 7. The Received-SPF Header Field ..................................25
+ 8. Macros .........................................................27
+ 8.1. Macro Definitions .........................................27
+ 8.2. Expansion Examples ........................................30
+ 9. Implications ...................................................31
+ 9.1. Sending Domains ...........................................31
+ 9.2. Mailing Lists .............................................32
+ 9.3. Forwarding Services and Aliases ...........................32
+ 9.4. Mail Services .............................................34
+ 9.5. MTA Relays ................................................34
+ 10. Security Considerations .......................................35
+ 10.1. Processing Limits ........................................35
+ 10.2. SPF-Authorized E-Mail May Contain Other False
+ Identities ...............................................37
+ 10.3. Spoofed DNS and IP Data ..................................37
+ 10.4. Cross-User Forgery .......................................37
+ 10.5. Untrusted Information Sources ............................38
+ 10.6. Privacy Exposure .........................................38
+ 11. Contributors and Acknowledgements .............................38
+ 12. IANA Considerations ...........................................39
+ 12.1. The SPF DNS Record Type ..................................39
+ 12.2. The Received-SPF Mail Header Field .......................39
+ 13. References ....................................................39
+ 13.1. Normative References .....................................39
+ 13.2. Informative References ...................................40
+
+
+
+Wong & Schlitt Experimental [Page 3]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Appendix A. Collected ABNF .......................................42
+ Appendix B. Extended Examples ....................................44
+ B.1. Simple Examples ..........................................44
+ B.2. Multiple Domain Example ..................................45
+ B.3. DNSBL Style Example ......................................46
+ B.4. Multiple Requirements Example ............................46
+
+1. Introduction
+
+ The current E-Mail infrastructure has the property that any host
+ injecting mail into the mail system can identify itself as any domain
+ name it wants. Hosts can do this at a variety of levels: in
+ particular, the session, the envelope, and the mail headers.
+ Although this feature is desirable in some circumstances, it is a
+ major obstacle to reducing Unsolicited Bulk E-Mail (UBE, aka spam).
+ Furthermore, many domain name holders are understandably concerned
+ about the ease with which other entities may make use of their domain
+ names, often with malicious intent.
+
+ This document defines a protocol by which domain owners may authorize
+ hosts to use their domain name in the "MAIL FROM" or "HELO" identity.
+ Compliant domain holders publish Sender Policy Framework (SPF)
+ records specifying which hosts are permitted to use their names, and
+ compliant mail receivers use the published SPF records to test the
+ authorization of sending Mail Transfer Agents (MTAs) using a given
+ "HELO" or "MAIL FROM" identity during a mail transaction.
+
+ An additional benefit to mail receivers is that after the use of an
+ identity is verified, local policy decisions about the mail can be
+ made based on the sender's domain, rather than the host's IP address.
+ This is advantageous because reputation of domain names is likely to
+ be more accurate than reputation of host IP addresses. Furthermore,
+ if a claimed identity fails verification, local policy can take
+ stronger action against such E-Mail, such as rejecting it.
+
+1.1. Protocol Status
+
+ SPF has been in development since the summer of 2003 and has seen
+ deployment beyond the developers beginning in December 2003. The
+ design of SPF slowly evolved until the spring of 2004 and has since
+ stabilized. There have been quite a number of forms of SPF, some
+ written up as documents, some submitted as Internet Drafts, and many
+ discussed and debated in development forums.
+
+ The goal of this document is to clearly document the protocol defined
+ by earlier draft specifications of SPF as used in existing
+ implementations. This conception of SPF is sometimes called "SPF
+ Classic". It is understood that particular implementations and
+
+
+
+Wong & Schlitt Experimental [Page 4]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ deployments may differ from, and build upon, this work. It is hoped
+ that we have nonetheless captured the common understanding of SPF
+ version 1.
+
+1.2. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+ This document is concerned with the portion of a mail message
+ commonly called "envelope sender", "return path", "reverse path",
+ "bounce address", "2821 FROM", or "MAIL FROM". Since these terms are
+ either not well defined or often used casually, this document defines
+ the "MAIL FROM" identity in Section 2.2. Note that other terms that
+ may superficially look like the common terms, such as "reverse-path",
+ are used only with the defined meanings from normative documents.
+
+2. Operation
+
+2.1. The HELO Identity
+
+ The "HELO" identity derives from either the SMTP HELO or EHLO command
+ (see [RFC2821]). These commands supply the SMTP client (sending
+ host) for the SMTP session. Note that requirements for the domain
+ presented in the EHLO or HELO command are not always clear to the
+ sending party, and SPF clients must be prepared for the "HELO"
+ identity to be malformed or an IP address literal. At the time of
+ this writing, many legitimate E-Mails are delivered with invalid HELO
+ domains.
+
+ It is RECOMMENDED that SPF clients not only check the "MAIL FROM"
+ identity, but also separately check the "HELO" identity by applying
+ the check_host() function (Section 4) to the "HELO" identity as the
+ <sender>.
+
+2.2. The MAIL FROM Identity
+
+ The "MAIL FROM" identity derives from the SMTP MAIL command (see
+ [RFC2821]). This command supplies the "reverse-path" for a message,
+ which generally consists of the sender mailbox, and is the mailbox to
+ which notification messages are to be sent if there are problems
+ delivering the message.
+
+ [RFC2821] allows the reverse-path to be null (see Section 4.5.5 in
+ RFC 2821). In this case, there is no explicit sender mailbox, and
+ such a message can be assumed to be a notification message from the
+ mail system itself. When the reverse-path is null, this document
+
+
+
+Wong & Schlitt Experimental [Page 5]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ defines the "MAIL FROM" identity to be the mailbox composed of the
+ localpart "postmaster" and the "HELO" identity (which may or may not
+ have been checked separately before).
+
+ SPF clients MUST check the "MAIL FROM" identity. SPF clients check
+ the "MAIL FROM" identity by applying the check_host() function to the
+ "MAIL FROM" identity as the <sender>.
+
+2.3. Publishing Authorization
+
+ An SPF-compliant domain MUST publish a valid SPF record as described
+ in Section 3. This record authorizes the use of the domain name in
+ the "HELO" and "MAIL FROM" identities by the MTAs it specifies.
+
+ If domain owners choose to publish SPF records, it is RECOMMENDED
+ that they end in "-all", or redirect to other records that do, so
+ that a definitive determination of authorization can be made.
+
+ Domain holders may publish SPF records that explicitly authorize no
+ hosts if mail should never originate using that domain.
+
+ When changing SPF records, care must be taken to ensure that there is
+ a transition period so that the old policy remains valid until all
+ legitimate E-Mail has been checked.
+
+2.4. Checking Authorization
+
+ A mail receiver can perform a set of SPF checks for each mail message
+ it receives. An SPF check tests the authorization of a client host
+ to emit mail with a given identity. Typically, such checks are done
+ by a receiving MTA, but can be performed elsewhere in the mail
+ processing chain so long as the required information is available and
+ reliable. At least the "MAIL FROM" identity MUST be checked, but it
+ is RECOMMENDED that the "HELO" identity also be checked beforehand.
+
+ Without explicit approval of the domain owner, checking other
+ identities against SPF version 1 records is NOT RECOMMENDED because
+ there are cases that are known to give incorrect results. For
+ example, almost all mailing lists rewrite the "MAIL FROM" identity
+ (see Section 9.2), but some do not change any other identities in the
+ message. The scenario described in Section 9.3, sub-section 1.2, is
+ another example. Documents that define other identities should
+ define the method for explicit approval.
+
+ It is possible that mail receivers will use the SPF check as part of
+ a larger set of tests on incoming mail. The results of other tests
+ may influence whether or not a particular SPF check is performed.
+ For example, finding the sending host's IP address on a local white
+
+
+
+Wong & Schlitt Experimental [Page 6]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ list may cause all other tests to be skipped and all mail from that
+ host to be accepted.
+
+ When a mail receiver decides to perform an SPF check, it MUST use a
+ correctly-implemented check_host() function (Section 4) evaluated
+ with the correct parameters. Although the test as a whole is
+ optional, once it has been decided to perform a test it must be
+ performed as specified so that the correct semantics are preserved
+ between publisher and receiver.
+
+ To make the test, the mail receiver MUST evaluate the check_host()
+ function with the arguments set as follows:
+
+ <ip> - the IP address of the SMTP client that is emitting the
+ mail, either IPv4 or IPv6.
+
+ <domain> - the domain portion of the "MAIL FROM" or "HELO" identity.
+
+ <sender> - the "MAIL FROM" or "HELO" identity.
+
+ Note that the <domain> argument may not be a well-formed domain name.
+ For example, if the reverse-path was null, then the EHLO/HELO domain
+ is used, with its associated problems (see Section 2.1). In these
+ cases, check_host() is defined in Section 4.3 to return a "None"
+ result.
+
+ Although invalid, malformed, or non-existent domains cause SPF checks
+ to return "None" because no SPF record can be found, it has long been
+ the policy of many MTAs to reject E-Mail from such domains,
+ especially in the case of invalid "MAIL FROM". In order to prevent
+ the circumvention of SPF records, rejecting E-Mail from invalid
+ domains should be considered.
+
+ Implementations must take care to correctly extract the <domain> from
+ the data given with the SMTP MAIL FROM command as many MTAs will
+ still accept such things as source routes (see [RFC2821], Appendix
+ C), the %-hack (see [RFC1123]), and bang paths (see [RFC1983]).
+ These archaic features have been maliciously used to bypass security
+ systems.
+
+2.5. Interpreting the Result
+
+ This section describes how software that performs the authorization
+ should interpret the results of the check_host() function. The
+ authorization check SHOULD be performed during the processing of the
+ SMTP transaction that sends the mail. This allows errors to be
+ returned directly to the sending MTA by way of SMTP replies.
+
+
+
+
+Wong & Schlitt Experimental [Page 7]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Performing the authorization after the SMTP transaction has finished
+ may cause problems, such as the following: (1) It may be difficult to
+ accurately extract the required information from potentially
+ deceptive headers; (2) legitimate E-Mail may fail because the
+ sender's policy may have since changed.
+
+ Generating non-delivery notifications to forged identities that have
+ failed the authorization check is generally abusive and against the
+ explicit wishes of the identity owner.
+
+2.5.1. None
+
+ A result of "None" means that no records were published by the domain
+ or that no checkable sender domain could be determined from the given
+ identity. The checking software cannot ascertain whether or not the
+ client host is authorized.
+
+2.5.2. Neutral
+
+ The domain owner has explicitly stated that he cannot or does not
+ want to assert whether or not the IP address is authorized. A
+ "Neutral" result MUST be treated exactly like the "None" result; the
+ distinction exists only for informational purposes. Treating
+ "Neutral" more harshly than "None" would discourage domain owners
+ from testing the use of SPF records (see Section 9.1).
+
+2.5.3. Pass
+
+ A "Pass" result means that the client is authorized to inject mail
+ with the given identity. The domain can now, in the sense of
+ reputation, be considered responsible for sending the message.
+ Further policy checks can now proceed with confidence in the
+ legitimate use of the identity.
+
+2.5.4. Fail
+
+ A "Fail" result is an explicit statement that the client is not
+ authorized to use the domain in the given identity. The checking
+ software can choose to mark the mail based on this or to reject the
+ mail outright.
+
+ If the checking software chooses to reject the mail during the SMTP
+ transaction, then it SHOULD use an SMTP reply code of 550 (see
+ [RFC2821]) and, if supported, the 5.7.1 Delivery Status Notification
+ (DSN) code (see [RFC3464]), in addition to an appropriate reply text.
+ The check_host() function may return either a default explanation
+ string or one from the domain that published the SPF records (see
+ Section 6.2). If the information does not originate with the
+
+
+
+Wong & Schlitt Experimental [Page 8]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ checking software, it should be made clear that the text is provided
+ by the sender's domain. For example:
+
+ 550-5.7.1 SPF MAIL FROM check failed:
+ 550-5.7.1 The domain example.com explains:
+ 550 5.7.1 Please see http://www.example.com/mailpolicy.html
+
+2.5.5. SoftFail
+
+ A "SoftFail" result should be treated as somewhere between a "Fail"
+ and a "Neutral". The domain believes the host is not authorized but
+ is not willing to make that strong of a statement. Receiving
+ software SHOULD NOT reject the message based solely on this result,
+ but MAY subject the message to closer scrutiny than normal.
+
+ The domain owner wants to discourage the use of this host and thus
+ desires limited feedback when a "SoftFail" result occurs. For
+ example, the recipient's Mail User Agent (MUA) could highlight the
+ "SoftFail" status, or the receiving MTA could give the sender a
+ message using a technique called "greylisting" whereby the MTA can
+ issue an SMTP reply code of 451 (4.3.0 DSN code) with a note the
+ first time the message is received, but accept it the second time.
+
+2.5.6. TempError
+
+ A "TempError" result means that the SPF client encountered a
+ transient error while performing the check. Checking software can
+ choose to accept or temporarily reject the message. If the message
+ is rejected during the SMTP transaction for this reason, the software
+ SHOULD use an SMTP reply code of 451 and, if supported, the 4.4.3 DSN
+ code.
+
+2.5.7. PermError
+
+ A "PermError" result means that the domain's published records could
+ not be correctly interpreted. This signals an error condition that
+ requires manual intervention to be resolved, as opposed to the
+ TempError result. Be aware that if the domain owner uses macros
+ (Section 8), it is possible that this result is due to the checked
+ identities having an unexpected format.
+
+3. SPF Records
+
+ An SPF record is a DNS Resource Record (RR) that declares which hosts
+ are, and are not, authorized to use a domain name for the "HELO" and
+ "MAIL FROM" identities. Loosely, the record partitions all hosts
+ into permitted and not-permitted sets (though some hosts might fall
+ into neither category).
+
+
+
+Wong & Schlitt Experimental [Page 9]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ The SPF record is a single string of text. An example record is the
+ following:
+
+ v=spf1 +mx a:colo.example.com/28 -all
+
+ This record has a version of "spf1" and three directives: "+mx",
+ "a:colo.example.com/28" (the + is implied), and "-all".
+
+3.1. Publishing
+
+ Domain owners wishing to be SPF compliant must publish SPF records
+ for the hosts that are used in the "MAIL FROM" and "HELO" identities.
+ The SPF records are placed in the DNS tree at the host name it
+ pertains to, not a subdomain under it, such as is done with SRV
+ records. This is the same whether the TXT or SPF RR type (see
+ Section 3.1.1) is used.
+
+ The example above in Section 3 might be published via these lines in
+ a domain zone file:
+
+ example.com. TXT "v=spf1 +mx a:colo.example.com/28 -all"
+ smtp-out.example.com. TXT "v=spf1 a -all"
+
+ When publishing via TXT records, beware of other TXT records
+ published there for other purposes. They may cause problems with
+ size limits (see Section 3.1.4).
+
+3.1.1. DNS Resource Record Types
+
+ This document defines a new DNS RR of type SPF, code 99. The format
+ of this type is identical to the TXT RR [RFC1035]. For either type,
+ the character content of the record is encoded as [US-ASCII].
+
+ It is recognized that the current practice (using a TXT record) is
+ not optimal, but it is necessary because there are a number of DNS
+ server and resolver implementations in common use that cannot handle
+ the new RR type. The two-record-type scheme provides a forward path
+ to the better solution of using an RR type reserved for this purpose.
+
+ An SPF-compliant domain name SHOULD have SPF records of both RR
+ types. A compliant domain name MUST have a record of at least one
+ type. If a domain has records of both types, they MUST have
+ identical content. For example, instead of publishing just one
+ record as in Section 3.1 above, it is better to publish:
+
+ example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
+ example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"
+
+
+
+
+Wong & Schlitt Experimental [Page 10]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Example RRs in this document are shown with the TXT record type;
+ however, they could be published with the SPF type or with both
+ types.
+
+3.1.2. Multiple DNS Records
+
+ A domain name MUST NOT have multiple records that would cause an
+ authorization check to select more than one record. See Section 4.5
+ for the selection rules.
+
+3.1.3. Multiple Strings in a Single DNS record
+
+ As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS
+ record (either TXT or SPF RR types) can be composed of more than one
+ string. If a published record contains multiple strings, then the
+ record MUST be treated as if those strings are concatenated together
+ without adding spaces. For example:
+
+ IN TXT "v=spf1 .... first" "second string..."
+
+ MUST be treated as equivalent to
+
+ IN TXT "v=spf1 .... firstsecond string..."
+
+ SPF or TXT records containing multiple strings are useful in
+ constructing records that would exceed the 255-byte maximum length of
+ a string within a single TXT or SPF RR record.
+
+3.1.4. Record Size
+
+ The published SPF record for a given domain name SHOULD remain small
+ enough that the results of a query for it will fit within 512 octets.
+ This will keep even older DNS implementations from falling over to
+ TCP. Since the answer size is dependent on many things outside the
+ scope of this document, it is only possible to give this guideline:
+ If the combined length of the DNS name and the text of all the
+ records of a given type (TXT or SPF) is under 450 characters, then
+ DNS answers should fit in UDP packets. Note that when computing the
+ sizes for queries of the TXT format, one must take into account any
+ other TXT records published at the domain name. Records that are too
+ long to fit in a single UDP packet MAY be silently ignored by SPF
+ clients.
+
+3.1.5. Wildcard Records
+
+ Use of wildcard records for publishing is not recommended. Care must
+ be taken if wildcard records are used. If a domain publishes
+ wildcard MX records, it may want to publish wildcard declarations,
+
+
+
+Wong & Schlitt Experimental [Page 11]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ subject to the same requirements and problems. In particular, the
+ declaration must be repeated for any host that has any RR records at
+ all, and for subdomains thereof. For example, the example given in
+ [RFC1034], Section 4.3.3, could be extended with the following:
+
+ X.COM. MX 10 A.X.COM
+ X.COM. TXT "v=spf1 a:A.X.COM -all"
+
+ *.X.COM. MX 10 A.X.COM
+ *.X.COM. TXT "v=spf1 a:A.X.COM -all"
+
+ A.X.COM. A 1.2.3.4
+ A.X.COM. MX 10 A.X.COM
+ A.X.COM. TXT "v=spf1 a:A.X.COM -all"
+
+ *.A.X.COM. MX 10 A.X.COM
+ *.A.X.COM. TXT "v=spf1 a:A.X.COM -all"
+
+ Notice that SPF records must be repeated twice for every name within
+ the domain: once for the name, and once with a wildcard to cover the
+ tree under the name.
+
+ Use of wildcards is discouraged in general as they cause every name
+ under the domain to exist and queries against arbitrary names will
+ never return RCODE 3 (Name Error).
+
+4. The check_host() Function
+
+ The check_host() function fetches SPF records, parses them, and
+ interprets them to determine whether a particular host is or is not
+ permitted to send mail with a given identity. Mail receivers that
+ perform this check MUST correctly evaluate the check_host() function
+ as described here.
+
+ Implementations MAY use a different algorithm than the canonical
+ algorithm defined here, so long as the results are the same in all
+ cases.
+
+4.1. Arguments
+
+ The check_host() function takes these arguments:
+
+ <ip> - the IP address of the SMTP client that is emitting the
+ mail, either IPv4 or IPv6.
+
+ <domain> - the domain that provides the sought-after authorization
+ information; initially, the domain portion of the "MAIL
+ FROM" or "HELO" identity.
+
+
+
+Wong & Schlitt Experimental [Page 12]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ <sender> - the "MAIL FROM" or "HELO" identity.
+
+ The domain portion of <sender> will usually be the same as the
+ <domain> argument when check_host() is initially evaluated. However,
+ this will generally not be true for recursive evaluations (see
+ Section 5.2 below).
+
+ Actual implementations of the check_host() function may need
+ additional arguments.
+
+4.2. Results
+
+ The function check_host() can return one of several results described
+ in Section 2.5. Based on the result, the action to be taken is
+ determined by the local policies of the receiver.
+
+4.3. Initial Processing
+
+ If the <domain> is malformed (label longer than 63 characters, zero-
+ length label not at the end, etc.) or is not a fully qualified domain
+ name, or if the DNS lookup returns "domain does not exist" (RCODE 3),
+ check_host() immediately returns the result "None".
+
+ If the <sender> has no localpart, substitute the string "postmaster"
+ for the localpart.
+
+4.4. Record Lookup
+
+ In accordance with how the records are published (see Section 3.1
+ above), a DNS query needs to be made for the <domain> name, querying
+ for either RR type TXT, SPF, or both. If both SPF and TXT RRs are
+ looked up, the queries MAY be done in parallel.
+
+ If all DNS lookups that are made return a server failure (RCODE 2),
+ or other error (RCODE other than 0 or 3), or time out, then
+ check_host() exits immediately with the result "TempError".
+
+4.5. Selecting Records
+
+ Records begin with a version section:
+
+ record = version terms *SP
+ version = "v=spf1"
+
+ Starting with the set of records that were returned by the lookup,
+ record selection proceeds in two steps:
+
+
+
+
+
+Wong & Schlitt Experimental [Page 13]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ 1. Records that do not begin with a version section of exactly
+ "v=spf1" are discarded. Note that the version section is
+ terminated either by an SP character or the end of the record. A
+ record with a version section of "v=spf10" does not match and must
+ be discarded.
+
+ 2. If any records of type SPF are in the set, then all records of
+ type TXT are discarded.
+
+ After the above steps, there should be exactly one record remaining
+ and evaluation can proceed. If there are two or more records
+ remaining, then check_host() exits immediately with the result of
+ "PermError".
+
+ If no matching records are returned, an SPF client MUST assume that
+ the domain makes no SPF declarations. SPF processing MUST stop and
+ return "None".
+
+4.6. Record Evaluation
+
+ After one SPF record has been selected, the check_host() function
+ parses and interprets it to find a result for the current test. If
+ there are any syntax errors, check_host() returns immediately with
+ the result "PermError".
+
+ Implementations MAY choose to parse the entire record first and
+ return "PermError" if the record is not syntactically well formed.
+ However, in all cases, any syntax errors anywhere in the record MUST
+ be detected.
+
+4.6.1. Term Evaluation
+
+ There are two types of terms: mechanisms and modifiers. A record
+ contains an ordered list of these as specified in the following
+ Augmented Backus-Naur Form (ABNF).
+
+ terms = *( 1*SP ( directive / modifier ) )
+
+ directive = [ qualifier ] mechanism
+ qualifier = "+" / "-" / "?" / "~"
+ mechanism = ( all / include
+ / A / MX / PTR / IP4 / IP6 / exists )
+ modifier = redirect / explanation / unknown-modifier
+ unknown-modifier = name "=" macro-string
+
+ name = ALPHA *( ALPHA / DIGIT / "-" / "_" / "." )
+
+ Most mechanisms allow a ":" or "/" character after the name.
+
+
+
+Wong & Schlitt Experimental [Page 14]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Modifiers always contain an equals ('=') character immediately after
+ the name, and before any ":" or "/" characters that may be part of
+ the macro-string.
+
+ Terms that do not contain any of "=", ":", or "/" are mechanisms, as
+ defined in Section 5.
+
+ As per the definition of the ABNF notation in [RFC4234], mechanism
+ and modifier names are case-insensitive.
+
+4.6.2. Mechanisms
+
+ Each mechanism is considered in turn from left to right. If there
+ are no more mechanisms, the result is specified in Section 4.7.
+
+ When a mechanism is evaluated, one of three things can happen: it can
+ match, not match, or throw an exception.
+
+ If it matches, processing ends and the qualifier value is returned as
+ the result of that record. If it does not match, processing
+ continues with the next mechanism. If it throws an exception,
+ mechanism processing ends and the exception value is returned.
+
+ The possible qualifiers, and the results they return are as follows:
+
+ "+" Pass
+ "-" Fail
+ "~" SoftFail
+ "?" Neutral
+
+ The qualifier is optional and defaults to "+".
+
+ When a mechanism matches and the qualifier is "-", then a "Fail"
+ result is returned and the explanation string is computed as
+ described in Section 6.2.
+
+ The specific mechanisms are described in Section 5.
+
+4.6.3. Modifiers
+
+ Modifiers are not mechanisms: they do not return match or not-match.
+ Instead they provide additional information. Although modifiers do
+ not directly affect the evaluation of the record, the "redirect"
+ modifier has an effect after all the mechanisms have been evaluated.
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 15]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+4.7. Default Result
+
+ If none of the mechanisms match and there is no "redirect" modifier,
+ then the check_host() returns a result of "Neutral", just as if
+ "?all" were specified as the last directive. If there is a
+ "redirect" modifier, check_host() proceeds as defined in Section 6.1.
+
+ Note that records SHOULD always use either a "redirect" modifier or
+ an "all" mechanism to explicitly terminate processing.
+
+ For example:
+
+ v=spf1 +mx -all
+ or
+ v=spf1 +mx redirect=_spf.example.com
+
+4.8. Domain Specification
+
+ Several of these mechanisms and modifiers have a <domain-spec>
+ section. The <domain-spec> string is macro expanded (see Section 8).
+ The resulting string is the common presentation form of a fully-
+ qualified DNS name: a series of labels separated by periods. This
+ domain is called the <target-name> in the rest of this document.
+
+ Note: The result of the macro expansion is not subject to any further
+ escaping. Hence, this facility cannot produce all characters that
+ are legal in a DNS label (e.g., the control characters). However,
+ this facility is powerful enough to express legal host names and
+ common utility labels (such as "_spf") that are used in DNS.
+
+ For several mechanisms, the <domain-spec> is optional. If it is not
+ provided, the <domain> is used as the <target-name>.
+
+5. Mechanism Definitions
+
+ This section defines two types of mechanisms.
+
+ Basic mechanisms contribute to the language framework. They do not
+ specify a particular type of authorization scheme.
+
+ all
+ include
+
+ Designated sender mechanisms are used to designate a set of <ip>
+ addresses as being permitted or not permitted to use the <domain> for
+ sending mail.
+
+
+
+
+
+Wong & Schlitt Experimental [Page 16]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ a
+ mx
+ ptr
+ ip4
+ ip6
+ exists
+
+ The following conventions apply to all mechanisms that perform a
+ comparison between <ip> and an IP address at any point:
+
+ If no CIDR-length is given in the directive, then <ip> and the IP
+ address are compared for equality. (Here, CIDR is Classless Inter-
+ Domain Routing.)
+
+ If a CIDR-length is specified, then only the specified number of
+ high-order bits of <ip> and the IP address are compared for equality.
+
+ When any mechanism fetches host addresses to compare with <ip>, when
+ <ip> is an IPv4 address, A records are fetched, when <ip> is an IPv6
+ address, AAAA records are fetched. Even if the SMTP connection is
+ via IPv6, an IPv4-mapped IPv6 IP address (see [RFC3513], Section
+ 2.5.5) MUST still be considered an IPv4 address.
+
+ Several mechanisms rely on information fetched from DNS. For these
+ DNS queries, except where noted, if the DNS server returns an error
+ (RCODE other than 0 or 3) or the query times out, the mechanism
+ throws the exception "TempError". If the server returns "domain does
+ not exist" (RCODE 3), then evaluation of the mechanism continues as
+ if the server returned no error (RCODE 0) and zero answer records.
+
+5.1. "all"
+
+ all = "all"
+
+ The "all" mechanism is a test that always matches. It is used as the
+ rightmost mechanism in a record to provide an explicit default.
+
+ For example:
+
+ v=spf1 a mx -all
+
+ Mechanisms after "all" will never be tested. Any "redirect" modifier
+ (Section 6.1) has no effect when there is an "all" mechanism.
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 17]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+5.2. "include"
+
+ include = "include" ":" domain-spec
+
+ The "include" mechanism triggers a recursive evaluation of
+ check_host(). The domain-spec is expanded as per Section 8. Then
+ check_host() is evaluated with the resulting string as the <domain>.
+ The <ip> and <sender> arguments remain the same as in the current
+ evaluation of check_host().
+
+ In hindsight, the name "include" was poorly chosen. Only the
+ evaluated result of the referenced SPF record is used, rather than
+ acting as if the referenced SPF record was literally included in the
+ first. For example, evaluating a "-all" directive in the referenced
+ record does not terminate the overall processing and does not
+ necessarily result in an overall "Fail". (Better names for this
+ mechanism would have been "if-pass", "on-pass", etc.)
+
+ The "include" mechanism makes it possible for one domain to designate
+ multiple administratively-independent domains. For example, a vanity
+ domain "example.net" might send mail using the servers of
+ administratively-independent domains example.com and example.org.
+
+ Example.net could say
+
+ IN TXT "v=spf1 include:example.com include:example.org -all"
+
+ This would direct check_host() to, in effect, check the records of
+ example.com and example.org for a "Pass" result. Only if the host
+ were not permitted for either of those domains would the result be
+ "Fail".
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 18]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Whether this mechanism matches, does not match, or throws an
+ exception depends on the result of the recursive evaluation of
+ check_host():
+
+ +---------------------------------+---------------------------------+
+ | A recursive check_host() result | Causes the "include" mechanism |
+ | of: | to: |
+ +---------------------------------+---------------------------------+
+ | Pass | match |
+ | | |
+ | Fail | not match |
+ | | |
+ | SoftFail | not match |
+ | | |
+ | Neutral | not match |
+ | | |
+ | TempError | throw TempError |
+ | | |
+ | PermError | throw PermError |
+ | | |
+ | None | throw PermError |
+ +---------------------------------+---------------------------------+
+
+ The "include" mechanism is intended for crossing administrative
+ boundaries. Although it is possible to use includes to consolidate
+ multiple domains that share the same set of designated hosts, domains
+ are encouraged to use redirects where possible, and to minimize the
+ number of includes within a single administrative domain. For
+ example, if example.com and example.org were managed by the same
+ entity, and if the permitted set of hosts for both domains was
+ "mx:example.com", it would be possible for example.org to specify
+ "include:example.com", but it would be preferable to specify
+ "redirect=example.com" or even "mx:example.com".
+
+5.3. "a"
+
+ This mechanism matches if <ip> is one of the <target-name>'s IP
+ addresses.
+
+ A = "a" [ ":" domain-spec ] [ dual-cidr-length ]
+
+ An address lookup is done on the <target-name>. The <ip> is compared
+ to the returned address(es). If any address matches, the mechanism
+ matches.
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 19]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+5.4. "mx"
+
+ This mechanism matches if <ip> is one of the MX hosts for a domain
+ name.
+
+ MX = "mx" [ ":" domain-spec ] [ dual-cidr-length ]
+
+ check_host() first performs an MX lookup on the <target-name>. Then
+ it performs an address lookup on each MX name returned. The <ip> is
+ compared to each returned IP address. To prevent Denial of Service
+ (DoS) attacks, more than 10 MX names MUST NOT be looked up during the
+ evaluation of an "mx" mechanism (see Section 10). If any address
+ matches, the mechanism matches.
+
+ Note regarding implicit MXs: If the <target-name> has no MX records,
+ check_host() MUST NOT pretend the target is its single MX, and MUST
+ NOT default to an A lookup on the <target-name> directly. This
+ behavior breaks with the legacy "implicit MX" rule. See [RFC2821],
+ Section 5. If such behavior is desired, the publisher should specify
+ an "a" directive.
+
+5.5. "ptr"
+
+ This mechanism tests whether the DNS reverse-mapping for <ip> exists
+ and correctly points to a domain name within a particular domain.
+
+ PTR = "ptr" [ ":" domain-spec ]
+
+ First, the <ip>'s name is looked up using this procedure: perform a
+ DNS reverse-mapping for <ip>, looking up the corresponding PTR record
+ in "in-addr.arpa." if the address is an IPv4 one and in "ip6.arpa."
+ if it is an IPv6 address. For each record returned, validate the
+ domain name by looking up its IP address. To prevent DoS attacks,
+ more than 10 PTR names MUST NOT be looked up during the evaluation of
+ a "ptr" mechanism (see Section 10). If <ip> is among the returned IP
+ addresses, then that domain name is validated. In pseudocode:
+
+ sending-domain_names := ptr_lookup(sending-host_IP); if more than 10
+ sending-domain_names are found, use at most 10. for each name in
+ (sending-domain_names) {
+ IP_addresses := a_lookup(name);
+ if the sending-domain_IP is one of the IP_addresses {
+ validated-sending-domain_names += name;
+ } }
+
+ Check all validated domain names to see if they end in the
+ <target-name> domain. If any do, this mechanism matches. If no
+ validated domain name can be found, or if none of the validated
+
+
+
+Wong & Schlitt Experimental [Page 20]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ domain names end in the <target-name>, this mechanism fails to match.
+ If a DNS error occurs while doing the PTR RR lookup, then this
+ mechanism fails to match. If a DNS error occurs while doing an A RR
+ lookup, then that domain name is skipped and the search continues.
+
+ Pseudocode:
+
+ for each name in (validated-sending-domain_names) {
+ if name ends in <domain-spec>, return match.
+ if name is <domain-spec>, return match.
+ }
+ return no-match.
+
+ This mechanism matches if the <target-name> is either an ancestor of
+ a validated domain name or if the <target-name> and a validated
+ domain name are the same. For example: "mail.example.com" is within
+ the domain "example.com", but "mail.bad-example.com" is not.
+
+ Note: Use of this mechanism is discouraged because it is slow, it is
+ not as reliable as other mechanisms in cases of DNS errors, and it
+ places a large burden on the arpa name servers. If used, proper PTR
+ records must be in place for the domain's hosts and the "ptr"
+ mechanism should be one of the last mechanisms checked.
+
+5.6. "ip4" and "ip6"
+
+ These mechanisms test whether <ip> is contained within a given IP
+ network.
+
+ IP4 = "ip4" ":" ip4-network [ ip4-cidr-length ]
+ IP6 = "ip6" ":" ip6-network [ ip6-cidr-length ]
+
+ ip4-cidr-length = "/" 1*DIGIT
+ ip6-cidr-length = "/" 1*DIGIT
+ dual-cidr-length = [ ip4-cidr-length ] [ "/" ip6-cidr-length ]
+
+ ip4-network = qnum "." qnum "." qnum "." qnum
+ qnum = DIGIT ; 0-9
+ / %x31-39 DIGIT ; 10-99
+ / "1" 2DIGIT ; 100-199
+ / "2" %x30-34 DIGIT ; 200-249
+ / "25" %x30-35 ; 250-255
+ ; as per conventional dotted quad notation. e.g., 192.0.2.0
+ ip6-network = <as per [RFC 3513], section 2.2>
+ ; e.g., 2001:DB8::CD30
+
+ The <ip> is compared to the given network. If CIDR-length high-order
+ bits match, the mechanism matches.
+
+
+
+Wong & Schlitt Experimental [Page 21]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ If ip4-cidr-length is omitted, it is taken to be "/32". If
+ ip6-cidr-length is omitted, it is taken to be "/128". It is not
+ permitted to omit parts of the IP address instead of using CIDR
+ notations. That is, use 192.0.2.0/24 instead of 192.0.2.
+
+5.7. "exists"
+
+ This mechanism is used to construct an arbitrary domain name that is
+ used for a DNS A record query. It allows for complicated schemes
+ involving arbitrary parts of the mail envelope to determine what is
+ permitted.
+
+ exists = "exists" ":" domain-spec
+
+ The domain-spec is expanded as per Section 8. The resulting domain
+ name is used for a DNS A RR lookup. If any A record is returned,
+ this mechanism matches. The lookup type is A even when the
+ connection type is IPv6.
+
+ Domains can use this mechanism to specify arbitrarily complex
+ queries. For example, suppose example.com publishes the record:
+
+ v=spf1 exists:%{ir}.%{l1r+-}._spf.%{d} -all
+
+ The <target-name> might expand to
+ "1.2.0.192.someuser._spf.example.com". This makes fine-grained
+ decisions possible at the level of the user and client IP address.
+
+ This mechanism enables queries that mimic the style of tests that
+ existing anti-spam DNS blacklists (DNSBL) use.
+
+6. Modifier Definitions
+
+ Modifiers are name/value pairs that provide additional information.
+ Modifiers always have an "=" separating the name and the value.
+
+ The modifiers defined in this document ("redirect" and "exp") MAY
+ appear anywhere in the record, but SHOULD appear at the end, after
+ all mechanisms. Ordering of these two modifiers does not matter.
+ These two modifiers MUST NOT appear in a record more than once each.
+ If they do, then check_host() exits with a result of "PermError".
+
+ Unrecognized modifiers MUST be ignored no matter where in a record,
+ or how often. This allows implementations of this document to
+ gracefully handle records with modifiers that are defined in other
+ specifications.
+
+
+
+
+
+Wong & Schlitt Experimental [Page 22]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+6.1. redirect: Redirected Query
+
+ If all mechanisms fail to match, and a "redirect" modifier is
+ present, then processing proceeds as follows:
+
+ redirect = "redirect" "=" domain-spec
+
+ The domain-spec portion of the redirect section is expanded as per
+ the macro rules in Section 8. Then check_host() is evaluated with
+ the resulting string as the <domain>. The <ip> and <sender>
+ arguments remain the same as current evaluation of check_host().
+
+ The result of this new evaluation of check_host() is then considered
+ the result of the current evaluation with the exception that if no
+ SPF record is found, or if the target-name is malformed, the result
+ is a "PermError" rather than "None".
+
+ Note that the newly-queried domain may itself specify redirect
+ processing.
+
+ This facility is intended for use by organizations that wish to apply
+ the same record to multiple domains. For example:
+
+ la.example.com. TXT "v=spf1 redirect=_spf.example.com"
+ ny.example.com. TXT "v=spf1 redirect=_spf.example.com"
+ sf.example.com. TXT "v=spf1 redirect=_spf.example.com"
+ _spf.example.com. TXT "v=spf1 mx:example.com -all"
+
+ In this example, mail from any of the three domains is described by
+ the same record. This can be an administrative advantage.
+
+ Note: In general, the domain "A" cannot reliably use a redirect to
+ another domain "B" not under the same administrative control. Since
+ the <sender> stays the same, there is no guarantee that the record at
+ domain "B" will correctly work for mailboxes in domain "A",
+ especially if domain "B" uses mechanisms involving localparts. An
+ "include" directive may be more appropriate.
+
+ For clarity, it is RECOMMENDED that any "redirect" modifier appear as
+ the very last term in a record.
+
+6.2. exp: Explanation
+
+ explanation = "exp" "=" domain-spec
+
+ If check_host() results in a "Fail" due to a mechanism match (such as
+ "-all"), and the "exp" modifier is present, then the explanation
+ string returned is computed as described below. If no "exp" modifier
+
+
+
+Wong & Schlitt Experimental [Page 23]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ is present, then either a default explanation string or an empty
+ explanation string may be returned.
+
+ The <domain-spec> is macro expanded (see Section 8) and becomes the
+ <target-name>. The DNS TXT record for the <target-name> is fetched.
+
+ If <domain-spec> is empty, or there are any DNS processing errors
+ (any RCODE other than 0), or if no records are returned, or if more
+ than one record is returned, or if there are syntax errors in the
+ explanation string, then proceed as if no exp modifier was given.
+
+ The fetched TXT record's strings are concatenated with no spaces, and
+ then treated as an <explain-string>, which is macro-expanded. This
+ final result is the explanation string. Implementations MAY limit
+ the length of the resulting explanation string to allow for other
+ protocol constraints and/or reasonable processing limits. Since the
+ explanation string is intended for an SMTP response and [RFC2821]
+ Section 2.4 says that responses are in [US-ASCII], the explanation
+ string is also limited to US-ASCII.
+
+ Software evaluating check_host() can use this string to communicate
+ information from the publishing domain in the form of a short message
+ or URL. Software SHOULD make it clear that the explanation string
+ comes from a third party. For example, it can prepend the macro
+ string "%{o} explains: " to the explanation, such as shown in Section
+ 2.5.4.
+
+ Suppose example.com has this record:
+
+ v=spf1 mx -all exp=explain._spf.%{d}
+
+ Here are some examples of possible explanation TXT records at
+ explain._spf.example.com:
+
+ "Mail from example.com should only be sent by its own servers."
+ -- a simple, constant message
+
+ "%{i} is not one of %{d}'s designated mail servers."
+ -- a message with a little more information, including the IP
+ address that failed the check
+
+ "See http://%{d}/why.html?s=%{S}&i=%{I}"
+ -- a complicated example that constructs a URL with the
+ arguments to check_host() so that a web page can be
+ generated with detailed, custom instructions
+
+ Note: During recursion into an "include" mechanism, an exp= modifier
+ from the <target-name> MUST NOT be used. In contrast, when executing
+
+
+
+Wong & Schlitt Experimental [Page 24]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ a "redirect" modifier, an exp= modifier from the original domain MUST
+ NOT be used.
+
+7. The Received-SPF Header Field
+
+ It is RECOMMENDED that SMTP receivers record the result of SPF
+ processing in the message header. If an SMTP receiver chooses to do
+ so, it SHOULD use the "Received-SPF" header field defined here for
+ each identity that was checked. This information is intended for the
+ recipient. (Information intended for the sender is described in
+ Section 6.2, Explanation.)
+
+ The Received-SPF header field is a trace field (see [RFC2822] Section
+ 3.6.7) and SHOULD be prepended to the existing header, above the
+ Received: field that is generated by the SMTP receiver. It MUST
+ appear above all other Received-SPF fields in the message. The
+ header field has the following format:
+
+ header-field = "Received-SPF:" [CFWS] result FWS [comment FWS]
+ [ key-value-list ] CRLF
+
+ result = "Pass" / "Fail" / "SoftFail" / "Neutral" /
+ "None" / "TempError" / "PermError"
+
+ key-value-list = key-value-pair *( ";" [CFWS] key-value-pair )
+ [";"]
+
+ key-value-pair = key [CFWS] "=" ( dot-atom / quoted-string )
+
+ key = "client-ip" / "envelope-from" / "helo" /
+ "problem" / "receiver" / "identity" /
+ mechanism / "x-" name / name
+
+ identity = "mailfrom" ; for the "MAIL FROM" identity
+ / "helo" ; for the "HELO" identity
+ / name ; other identities
+
+ dot-atom = <unquoted word as per [RFC2822]>
+ quoted-string = <quoted string as per [RFC2822]>
+ comment = <comment string as per [RFC2822]>
+ CFWS = <comment or folding white space as per [RFC2822]>
+ FWS = <folding white space as per [RFC2822]>
+ CRLF = <standard end-of-line token as per [RFC2822]>
+
+ The header field SHOULD include a "(...)" style <comment> after the
+ result, conveying supporting information for the result, such as
+ <ip>, <sender>, and <domain>.
+
+
+
+
+Wong & Schlitt Experimental [Page 25]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ The following key-value pairs are designed for later machine parsing.
+ SPF clients SHOULD give enough information so that the SPF results
+ can be verified. That is, at least "client-ip", "helo", and, if the
+ "MAIL FROM" identity was checked, "envelope-from".
+
+ client-ip the IP address of the SMTP client
+
+ envelope-from the envelope sender mailbox
+
+ helo the host name given in the HELO or EHLO command
+
+ mechanism the mechanism that matched (if no mechanisms matched,
+ substitute the word "default")
+
+ problem if an error was returned, details about the error
+
+ receiver the host name of the SPF client
+
+ identity the identity that was checked; see the <identity> ABNF
+ rule
+
+ Other keys may be defined by SPF clients. Until a new key name
+ becomes widely accepted, new key names should start with "x-".
+
+ SPF clients MUST make sure that the Received-SPF header field does
+ not contain invalid characters, is not excessively long, and does not
+ contain malicious data that has been provided by the sender.
+
+ Examples of various header styles that could be generated are the
+ following:
+
+ Received-SPF: Pass (mybox.example.org: domain of
+ myname@example.com designates 192.0.2.1 as permitted sender)
+ receiver=mybox.example.org; client-ip=192.0.2.1;
+ envelope-from=<myname@example.com>; helo=foo.example.com;
+
+ Received-SPF: Fail (mybox.example.org: domain of
+ myname@example.com does not designate
+ 192.0.2.1 as permitted sender)
+ identity=mailfrom; client-ip=192.0.2.1;
+ envelope-from=<myname@example.com>;
+
+
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 26]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+8. Macros
+
+8.1. Macro Definitions
+
+ Many mechanisms and modifiers perform macro expansion on part of the
+ term.
+
+ domain-spec = macro-string domain-end
+ domain-end = ( "." toplabel [ "." ] ) / macro-expand
+
+ toplabel = ( *alphanum ALPHA *alphanum ) /
+ ( 1*alphanum "-" *( alphanum / "-" ) alphanum )
+ ; LDH rule plus additional TLD restrictions
+ ; (see [RFC3696], Section 2)
+ alphanum = ALPHA / DIGIT
+
+ explain-string = *( macro-string / SP )
+
+ macro-string = *( macro-expand / macro-literal )
+ macro-expand = ( "%{" macro-letter transformers *delimiter "}" )
+ / "%%" / "%_" / "%-"
+ macro-literal = %x21-24 / %x26-7E
+ ; visible characters except "%"
+ macro-letter = "s" / "l" / "o" / "d" / "i" / "p" / "h" /
+ "c" / "r" / "t"
+ transformers = *DIGIT [ "r" ]
+ delimiter = "." / "-" / "+" / "," / "/" / "_" / "="
+
+ A literal "%" is expressed by "%%".
+
+ "%_" expands to a single " " space.
+ "%-" expands to a URL-encoded space, viz., "%20".
+
+ The following macro letters are expanded in term arguments:
+
+ s = <sender>
+ l = local-part of <sender>
+ o = domain of <sender>
+ d = <domain>
+ i = <ip>
+ p = the validated domain name of <ip>
+ v = the string "in-addr" if <ip> is ipv4, or "ip6" if <ip> is ipv6
+ h = HELO/EHLO domain
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 27]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ The following macro letters are allowed only in "exp" text:
+
+ c = SMTP client IP (easily readable format)
+ r = domain name of host performing the check
+ t = current timestamp
+
+ A '%' character not followed by a '{', '%', '-', or '_' character is
+ a syntax error. So
+
+ -exists:%(ir).sbl.spamhaus.example.org
+
+ is incorrect and will cause check_host() to return a "PermError".
+ Instead, say
+
+ -exists:%{ir}.sbl.spamhaus.example.org
+
+ Optional transformers are the following:
+
+ *DIGIT = zero or more digits
+ 'r' = reverse value, splitting on dots by default
+
+ If transformers or delimiters are provided, the replacement value for
+ a macro letter is split into parts. After performing any reversal
+ operation and/or removal of left-hand parts, the parts are rejoined
+ using "." and not the original splitting characters.
+
+ By default, strings are split on "." (dots). Note that no special
+ treatment is given to leading, trailing, or consecutive delimiters,
+ and so the list of parts may contain empty strings. Older
+ implementations of SPF prohibit trailing dots in domain names, so
+ trailing dots should not be published by domain owners, although they
+ must be accepted by implementations conforming to this document.
+ Macros may specify delimiter characters that are used instead of ".".
+
+ The 'r' transformer indicates a reversal operation: if the client IP
+ address were 192.0.2.1, the macro %{i} would expand to "192.0.2.1"
+ and the macro %{ir} would expand to "1.2.0.192".
+
+ The DIGIT transformer indicates the number of right-hand parts to
+ use, after optional reversal. If a DIGIT is specified, the value
+ MUST be nonzero. If no DIGITs are specified, or if the value
+ specifies more parts than are available, all the available parts are
+ used. If the DIGIT was 5, and only 3 parts were available, the macro
+ interpreter would pretend the DIGIT was 3. Implementations MUST
+ support at least a value of 128, as that is the maximum number of
+ labels in a domain name.
+
+
+
+
+
+Wong & Schlitt Experimental [Page 28]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ The "s" macro expands to the <sender> argument. It is an E-Mail
+ address with a localpart, an "@" character, and a domain. The "l"
+ macro expands to just the localpart. The "o" macro expands to just
+ the domain part. Note that these values remain the same during
+ recursive and chained evaluations due to "include" and/or "redirect".
+ Note also that if the original <sender> had no localpart, the
+ localpart was set to "postmaster" in initial processing (see Section
+ 4.3).
+
+ For IPv4 addresses, both the "i" and "c" macros expand to the
+ standard dotted-quad format.
+
+ For IPv6 addresses, the "i" macro expands to a dot-format address; it
+ is intended for use in %{ir}. The "c" macro may expand to any of the
+ hexadecimal colon-format addresses specified in [RFC3513], Section
+ 2.2. It is intended for humans to read.
+
+ The "p" macro expands to the validated domain name of <ip>. The
+ procedure for finding the validated domain name is defined in Section
+ 5.5. If the <domain> is present in the list of validated domains, it
+ SHOULD be used. Otherwise, if a subdomain of the <domain> is
+ present, it SHOULD be used. Otherwise, any name from the list may be
+ used. If there are no validated domain names or if a DNS error
+ occurs, the string "unknown" is used.
+
+ The "r" macro expands to the name of the receiving MTA. This SHOULD
+ be a fully qualified domain name, but if one does not exist (as when
+ the checking is done by a MUA) or if policy restrictions dictate
+ otherwise, the word "unknown" SHOULD be substituted. The domain name
+ may be different from the name found in the MX record that the client
+ MTA used to locate the receiving MTA.
+
+ The "t" macro expands to the decimal representation of the
+ approximate number of seconds since the Epoch (Midnight, January 1,
+ 1970, UTC). This is the same value as is returned by the POSIX
+ time() function in most standards-compliant libraries.
+
+ When the result of macro expansion is used in a domain name query, if
+ the expanded domain name exceeds 253 characters (the maximum length
+ of a domain name), the left side is truncated to fit, by removing
+ successive domain labels until the total length does not exceed 253
+ characters.
+
+ Uppercased macros expand exactly as their lowercased equivalents, and
+ are then URL escaped. URL escaping must be performed for characters
+ not in the "uric" set, which is defined in [RFC3986].
+
+
+
+
+
+Wong & Schlitt Experimental [Page 29]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Note: Care must be taken so that macro expansion for legitimate
+ E-Mail does not exceed the 63-character limit on DNS labels. The
+ localpart of E-Mail addresses, in particular, can have more than 63
+ characters between dots.
+
+ Note: Domains should avoid using the "s", "l", "o", or "h" macros in
+ conjunction with any mechanism directive. Although these macros are
+ powerful and allow per-user records to be published, they severely
+ limit the ability of implementations to cache results of check_host()
+ and they reduce the effectiveness of DNS caches.
+
+ Implementations should be aware that if no directive processed during
+ the evaluation of check_host() contains an "s", "l", "o", or "h"
+ macro, then the results of the evaluation can be cached on the basis
+ of <domain> and <ip> alone for as long as the shortest Time To Live
+ (TTL) of all the DNS records involved.
+
+8.2. Expansion Examples
+
+ The <sender> is strong-bad@email.example.com.
+ The IPv4 SMTP client IP is 192.0.2.3.
+ The IPv6 SMTP client IP is 2001:DB8::CB01.
+ The PTR domain name of the client IP is mx.example.org.
+
+ macro expansion
+ ------- ----------------------------
+ %{s} strong-bad@email.example.com
+ %{o} email.example.com
+ %{d} email.example.com
+ %{d4} email.example.com
+ %{d3} email.example.com
+ %{d2} example.com
+ %{d1} com
+ %{dr} com.example.email
+ %{d2r} example.email
+ %{l} strong-bad
+ %{l-} strong.bad
+ %{lr} strong-bad
+ %{lr-} bad.strong
+ %{l1r-} strong
+
+
+
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 30]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ macro-string expansion
+ --------------------------------------------------------------------
+ %{ir}.%{v}._spf.%{d2} 3.2.0.192.in-addr._spf.example.com
+ %{lr-}.lp._spf.%{d2} bad.strong.lp._spf.example.com
+
+ %{lr-}.lp.%{ir}.%{v}._spf.%{d2}
+ bad.strong.lp.3.2.0.192.in-addr._spf.example.com
+
+ %{ir}.%{v}.%{l1r-}.lp._spf.%{d2}
+ 3.2.0.192.in-addr.strong.lp._spf.example.com
+
+ %{d2}.trusted-domains.example.net
+ example.com.trusted-domains.example.net
+
+ IPv6:
+ %{ir}.%{v}._spf.%{d2} 1.0.B.C.0.0.0.0.
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.ip6._spf.example.com
+
+9. Implications
+
+ This section outlines the major implications that adoption of this
+ document will have on various entities involved in Internet E-Mail.
+ It is intended to make clear to the reader where this document
+ knowingly affects the operation of such entities. This section is
+ not a "how-to" manual, or a "best practices" document, and it is not
+ a comprehensive list of what such entities should do in light of this
+ document.
+
+ This section is non-normative.
+
+9.1. Sending Domains
+
+ Domains that wish to be compliant with this specification will need
+ to determine the list of hosts that they allow to use their domain
+ name in the "HELO" and "MAIL FROM" identities. It is recognized that
+ forming such a list is not just a simple technical exercise, but
+ involves policy decisions with both technical and administrative
+ considerations.
+
+ It can be helpful to publish records that include a "tracking
+ exists:" mechanism. By looking at the name server logs, a rough list
+ may then be generated. For example:
+
+ v=spf1 exists:_h.%{h}._l.%{l}._o.%{o}._i.%{i}._spf.%{d} ?all
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 31]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+9.2. Mailing Lists
+
+ Mailing lists must be aware of how they re-inject mail that is sent
+ to the list. Mailing lists MUST comply with the requirements in
+ [RFC2821], Section 3.10, and [RFC1123], Section 5.3.6, that say that
+ the reverse-path MUST be changed to be the mailbox of a person or
+ other entity who administers the list. Whereas the reasons for
+ changing the reverse-path are many and long-standing, SPF adds
+ enforcement to this requirement.
+
+ In practice, almost all mailing list software in use already complies
+ with this requirement. Mailing lists that do not comply may or may
+ not encounter problems depending on how access to the list is
+ restricted. Such lists that are entirely internal to a domain (only
+ people in the domain can send to or receive from the list) are not
+ affected.
+
+9.3. Forwarding Services and Aliases
+
+ Forwarding services take mail that is received at a mailbox and
+ direct it to some external mailbox. At the time of this writing, the
+ near-universal practice of such services is to use the original "MAIL
+ FROM" of a message when re-injecting it for delivery to the external
+ mailbox. [RFC1123] and [RFC2821] describe this action as an "alias"
+ rather than a "mail list". This means that the external mailbox's
+ MTA sees all such mail in a connection from a host of the forwarding
+ service, and so the "MAIL FROM" identity will not, in general, pass
+ authorization.
+
+ There are three places that techniques can be used to ameliorate this
+ problem.
+
+ 1. The beginning, when E-Mail is first sent.
+
+ 1. "Neutral" results could be given for IP addresses that may be
+ forwarders, instead of "Fail" results. For example:
+
+ "v=spf1 mx -exists:%{ir}.sbl.spamhaus.example.org ?all"
+
+ This would cause a lookup on an anti-spam DNS blacklist
+ (DNSBL) and cause a result of "Fail" only for E-Mail coming
+ from listed sources. All other E-Mail, including E-Mail sent
+ through forwarders, would receive a "Neutral" result. By
+ checking the DNSBL after the known good sources, problems with
+ incorrect listing on the DNSBL are greatly reduced.
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 32]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ 2. The "MAIL FROM" identity could have additional information in
+ the localpart that cryptographically identifies the mail as
+ coming from an authorized source. In this case, such an SPF
+ record could be used:
+
+ "v=spf1 mx exists:%{l}._spf_verify.%{d} -all"
+
+ Then, a specialized DNS server can be set up to serve the
+ _spf_verify subdomain that validates the localpart. Although
+ this requires an extra DNS lookup, this happens only when the
+ E-Mail would otherwise be rejected as not coming from a known
+ good source.
+
+ Note that due to the 63-character limit for domain labels,
+ this approach only works reliably if the localpart signature
+ scheme is guaranteed either to only produce localparts with a
+ maximum of 63 characters or to gracefully handle truncated
+ localparts.
+
+ 3. Similarly, a specialized DNS server could be set up that will
+ rate-limit the E-Mail coming from unexpected IP addresses.
+
+ "v=spf1 mx exists:%{ir}._spf_rate.%{d} -all"
+
+ 4. SPF allows the creation of per-user policies for special
+ cases. For example, the following SPF record and appropriate
+ wildcard DNS records can be used:
+
+ "v=spf1 mx redirect=%{l1r+}._at_.%{o}._spf.%{d}"
+
+ 2. The middle, when E-Mail is forwarded.
+
+ 1. Forwarding services can solve the problem by rewriting the
+ "MAIL FROM" to be in their own domain. This means that mail
+ bounced from the external mailbox will have to be re-bounced
+ by the forwarding service. Various schemes to do this exist
+ though they vary widely in complexity and resource
+ requirements on the part of the forwarding service.
+
+ 2. Several popular MTAs can be forced from "alias" semantics to
+ "mailing list" semantics by configuring an additional alias
+ with "owner-" prepended to the original alias name (e.g., an
+ alias of "friends: george@example.com, fred@example.org" would
+ need another alias of the form "owner-friends: localowner").
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 33]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ 3. The end, when E-Mail is received.
+
+ 1. If the owner of the external mailbox wishes to trust the
+ forwarding service, he can direct the external mailbox's MTA
+ to skip SPF tests when the client host belongs to the
+ forwarding service.
+
+ 2. Tests against other identities, such as the "HELO" identity,
+ may be used to override a failed test against the "MAIL FROM"
+ identity.
+
+ 3. For larger domains, it may not be possible to have a complete
+ or accurate list of forwarding services used by the owners of
+ the domain's mailboxes. In such cases, whitelists of
+ generally-recognized forwarding services could be employed.
+
+9.4. Mail Services
+
+ Service providers that offer mail services to third-party domains,
+ such as sending of bulk mail, may want to adjust their setup in light
+ of the authorization check described in this document. If the "MAIL
+ FROM" identity used for such E-Mail uses the domain of the service
+ provider, then the provider needs only to ensure that its sending
+ host is authorized by its own SPF record, if any.
+
+ If the "MAIL FROM" identity does not use the mail service provider's
+ domain, then extra care must be taken. The SPF record format has
+ several options for the third-party domain to authorize the service
+ provider's MTAs to send mail on its behalf. For mail service
+ providers, such as ISPs, that have a wide variety of customers using
+ the same MTA, steps should be taken to prevent cross-customer forgery
+ (see Section 10.4).
+
+9.5. MTA Relays
+
+ The authorization check generally precludes the use of arbitrary MTA
+ relays between sender and receiver of an E-Mail message.
+
+ Within an organization, MTA relays can be effectively deployed.
+ However, for purposes of this document, such relays are effectively
+ transparent. The SPF authorization check is a check between border
+ MTAs of different domains.
+
+ For mail senders, this means that published SPF records must
+ authorize any MTAs that actually send across the Internet. Usually,
+ these are just the border MTAs as internal MTAs simply forward mail
+ to these MTAs for delivery.
+
+
+
+
+Wong & Schlitt Experimental [Page 34]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ Mail receivers will generally want to perform the authorization check
+ at the border MTAs, specifically including all secondary MXs. This
+ allows mail that fails to be rejected during the SMTP session rather
+ than bounced. Internal MTAs then do not perform the authorization
+ test. To perform the authorization test other than at the border,
+ the host that first transferred the message to the organization must
+ be determined, which can be difficult to extract from the message
+ header. Testing other than at the border is not recommended.
+
+10. Security Considerations
+
+10.1. Processing Limits
+
+ As with most aspects of E-Mail, there are a number of ways that
+ malicious parties could use the protocol as an avenue for a
+ Denial-of-Service (DoS) attack. The processing limits outlined here
+ are designed to prevent attacks such as the following:
+
+ o A malicious party could create an SPF record with many references
+ to a victim's domain and send many E-Mails to different SPF
+ clients; those SPF clients would then create a DoS attack. In
+ effect, the SPF clients are being used to amplify the attacker's
+ bandwidth by using fewer bytes in the SMTP session than are used
+ by the DNS queries. Using SPF clients also allows the attacker to
+ hide the true source of the attack.
+
+ o Whereas implementations of check_host() are supposed to limit the
+ number of DNS lookups, malicious domains could publish records
+ that exceed these limits in an attempt to waste computation effort
+ at their targets when they send them mail. Malicious domains
+ could also design SPF records that cause particular
+ implementations to use excessive memory or CPU usage, or to
+ trigger bugs.
+
+ o Malicious parties could send a large volume of mail purporting to
+ come from the intended target to a wide variety of legitimate mail
+ hosts. These legitimate machines would then present a DNS load on
+ the target as they fetched the relevant records.
+
+ Of these, the case of a third party referenced in the SPF record is
+ the easiest for a DoS attack to effectively exploit. As a result,
+ limits that may seem reasonable for an individual mail server can
+ still allow an unreasonable amount of bandwidth amplification.
+ Therefore, the processing limits need to be quite low.
+
+ SPF implementations MUST limit the number of mechanisms and modifiers
+ that do DNS lookups to at most 10 per SPF check, including any
+ lookups caused by the use of the "include" mechanism or the
+
+
+
+Wong & Schlitt Experimental [Page 35]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ "redirect" modifier. If this number is exceeded during a check, a
+ PermError MUST be returned. The "include", "a", "mx", "ptr", and
+ "exists" mechanisms as well as the "redirect" modifier do count
+ against this limit. The "all", "ip4", and "ip6" mechanisms do not
+ require DNS lookups and therefore do not count against this limit.
+ The "exp" modifier does not count against this limit because the DNS
+ lookup to fetch the explanation string occurs after the SPF record
+ has been evaluated.
+
+ When evaluating the "mx" and "ptr" mechanisms, or the %{p} macro,
+ there MUST be a limit of no more than 10 MX or PTR RRs looked up and
+ checked.
+
+ SPF implementations SHOULD limit the total amount of data obtained
+ from the DNS queries. For example, when DNS over TCP or EDNS0 are
+ available, there may need to be an explicit limit to how much data
+ will be accepted to prevent excessive bandwidth usage or memory usage
+ and DoS attacks.
+
+ MTAs or other processors MAY also impose a limit on the maximum
+ amount of elapsed time to evaluate check_host(). Such a limit SHOULD
+ allow at least 20 seconds. If such a limit is exceeded, the result
+ of authorization SHOULD be "TempError".
+
+ Domains publishing records SHOULD try to keep the number of "include"
+ mechanisms and chained "redirect" modifiers to a minimum. Domains
+ SHOULD also try to minimize the amount of other DNS information
+ needed to evaluate a record. This can be done by choosing directives
+ that require less DNS information and placing lower-cost mechanisms
+ earlier in the SPF record.
+
+ For example, consider a domain set up as follows:
+
+ example.com. IN MX 10 mx.example.com.
+ mx.example.com. IN A 192.0.2.1
+ a.example.com. IN TXT "v=spf1 mx:example.com -all"
+ b.example.com. IN TXT "v=spf1 a:mx.example.com -all"
+ c.example.com. IN TXT "v=spf1 ip4:192.0.2.1 -all"
+
+ Evaluating check_host() for the domain "a.example.com" requires the
+ MX records for "example.com", and then the A records for the listed
+ hosts. Evaluating for "b.example.com" requires only the A records.
+ Evaluating for "c.example.com" requires none.
+
+ However, there may be administrative considerations: using "a" over
+ "ip4" allows hosts to be renumbered easily. Using "mx" over "a"
+ allows the set of mail hosts to be changed easily.
+
+
+
+
+Wong & Schlitt Experimental [Page 36]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+10.2. SPF-Authorized E-Mail May Contain Other False Identities
+
+ The "MAIL FROM" and "HELO" identity authorizations must not be
+ construed to provide more assurance than they do. It is entirely
+ possible for a malicious sender to inject a message using his own
+ domain in the identities used by SPF, to have that domain's SPF
+ record authorize the sending host, and yet the message can easily
+ list other identities in its header. Unless the user or the MUA
+ takes care to note that the authorized identity does not match the
+ other more commonly-presented identities (such as the From: header
+ field), the user may be lulled into a false sense of security.
+
+10.3. Spoofed DNS and IP Data
+
+ There are two aspects of this protocol that malicious parties could
+ exploit to undermine the validity of the check_host() function:
+
+ o The evaluation of check_host() relies heavily on DNS. A malicious
+ attacker could attack the DNS infrastructure and cause
+ check_host() to see spoofed DNS data, and then return incorrect
+ results. This could include returning "Pass" for an <ip> value
+ where the actual domain's record would evaluate to "Fail". See
+ [RFC3833] for a description of DNS weaknesses.
+
+ o The client IP address, <ip>, is assumed to be correct. A
+ malicious attacker could spoof TCP sequence numbers to make mail
+ appear to come from a permitted host for a domain that the
+ attacker is impersonating.
+
+10.4. Cross-User Forgery
+
+ By definition, SPF policies just map domain names to sets of
+ authorized MTAs, not whole E-Mail addresses to sets of authorized
+ users. Although the "l" macro (Section 8) provides a limited way to
+ define individual sets of authorized MTAs for specific E-Mail
+ addresses, it is generally impossible to verify, through SPF, the use
+ of specific E-Mail addresses by individual users of the same MTA.
+
+ It is up to mail services and their MTAs to directly prevent
+ cross-user forgery: based on SMTP AUTH ([RFC2554]), users should be
+ restricted to using only those E-Mail addresses that are actually
+ under their control (see [RFC4409], Section 6.1). Another means to
+ verify the identity of individual users is message cryptography such
+ as PGP ([RFC2440]) or S/MIME ([RFC3851]).
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 37]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+10.5. Untrusted Information Sources
+
+ SPF uses information supplied by third parties, such as the "HELO"
+ domain name, the "MAIL FROM" address, and SPF records. This
+ information is then passed to the receiver in the Received-SPF: trace
+ fields and possibly returned to the client MTA in the form of an SMTP
+ rejection message. This information must be checked for invalid
+ characters and excessively long lines.
+
+ When the authorization check fails, an explanation string may be
+ included in the reject response. Both the sender and the rejecting
+ receiver need to be aware that the explanation was determined by the
+ publisher of the SPF record checked and, in general, not the
+ receiver. The explanation may contain malicious URLs, or it may be
+ offensive or misleading.
+
+ This is probably less of a concern than it may initially seem since
+ such messages are returned to the sender, and the explanation strings
+ come from the sender policy published by the domain in the identity
+ claimed by that very sender. As long as the DSN is not redirected to
+ someone other than the actual sender, the only people who see
+ malicious explanation strings are people whose messages claim to be
+ from domains that publish such strings in their SPF records. In
+ practice, DSNs can be misdirected, such as when an MTA accepts an
+ E-Mail and then later generates a DSN to a forged address, or when an
+ E-Mail forwarder does not direct the DSN back to the original sender.
+
+10.6. Privacy Exposure
+
+ Checking SPF records causes DNS queries to be sent to the domain
+ owner. These DNS queries, especially if they are caused by the
+ "exists" mechanism, can contain information about who is sending
+ E-Mail and likely to which MTA the E-Mail is being sent. This can
+ introduce some privacy concerns, which may be more or less of an
+ issue depending on local laws and the relationship between the domain
+ owner and the person sending the E-Mail.
+
+11. Contributors and Acknowledgements
+
+ This document is largely based on the work of Meng Weng Wong and Mark
+ Lentczner. Although, as this section acknowledges, many people have
+ contributed to this document, a very large portion of the writing and
+ editing are due to Meng and Mark.
+
+ This design owes a debt of parentage to [RMX] by Hadmut Danisch and
+ to [DMP] by Gordon Fecyk. The idea of using a DNS record to check
+ the legitimacy of an E-Mail address traces its ancestry further back
+ through messages on the namedroppers mailing list by Paul Vixie
+
+
+
+Wong & Schlitt Experimental [Page 38]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ [Vixie] (based on suggestion by Jim Miller) and by David Green
+ [Green].
+
+ Philip Gladstone contributed the concept of macros to the
+ specification, multiplying the expressiveness of the language and
+ making per-user and per-IP lookups possible.
+
+ The authors would also like to thank the literally hundreds of
+ individuals who have participated in the development of this design.
+ They are far too numerous to name, but they include the following:
+
+ The folks on the spf-discuss mailing list.
+ The folks on the SPAM-L mailing list.
+ The folks on the IRTF ASRG mailing list.
+ The folks on the IETF MARID mailing list.
+ The folks on #perl.
+
+12. IANA Considerations
+
+12.1. The SPF DNS Record Type
+
+ The IANA has assigned a new Resource Record Type and Qtype from the
+ DNS Parameters Registry for the SPF RR type with code 99.
+
+12.2. The Received-SPF Mail Header Field
+
+ Per [RFC3864], the "Received-SPF:" header field is added to the IANA
+ Permanent Message Header Field Registry. The following is the
+ registration template:
+
+ Header field name: Received-SPF
+ Applicable protocol: mail ([RFC2822])
+ Status: Experimental
+ Author/Change controller: IETF
+ Specification document(s): RFC 4408
+ Related information:
+ Requesting SPF Council review of any proposed changes and
+ additions to this field are recommended. For information about
+ the SPF Council see http://www.openspf.org/Council
+
+13. References
+
+13.1. Normative References
+
+ [RFC1035] Mockapetris, P., "Domain names - implementation and
+ specification", STD 13, RFC 1035, November 1987.
+
+
+
+
+
+Wong & Schlitt Experimental [Page 39]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ [RFC1123] Braden, R., "Requirements for Internet Hosts - Application
+ and Support", STD 3, RFC 1123, October 1989.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
+ April 2001.
+
+ [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April
+ 2001.
+
+ [RFC3464] Moore, K. and G. Vaudreuil, "An Extensible Message Format
+ for Delivery Status Notifications", RFC 3464, January
+ 2003.
+
+ [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
+ (IPv6) Addressing Architecture", RFC 3513, April 2003.
+
+ [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
+ Procedures for Message Header Fields", BCP 90, RFC 3864,
+ September 2004.
+
+ [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
+ Resource Identifier (URI): Generic Syntax", STD 66, RFC
+ 3986, January 2005.
+
+ [RFC4234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
+ Specifications: ABNF", RFC 4234, October 2005.
+
+ [US-ASCII] American National Standards Institute (formerly United
+ States of America Standards Institute), "USA Code for
+ Information Interchange, X3.4", 1968.
+
+ ANSI X3.4-1968 has been replaced by newer versions with slight
+ modifications, but the 1968 version remains definitive for
+ the Internet.
+
+13.2 Informative References
+
+ [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
+ STD 13, RFC 1034, November 1987.
+
+ [RFC1983] Malkin, G., "Internet Users' Glossary", RFC 1983, August
+ 1996.
+
+ [RFC2440] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer,
+ "OpenPGP Message Format", RFC 2440, November 1998.
+
+
+
+Wong & Schlitt Experimental [Page 40]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ [RFC2554] Myers, J., "SMTP Service Extension for Authentication",
+ RFC 2554, March 1999.
+
+ [RFC3696] Klensin, J., "Application Techniques for Checking and
+ Transformation of Names", RFC 3696, February 2004.
+
+ [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain
+ Name System (DNS)", RFC 3833, August 2004.
+
+ [RFC3851] Ramsdell, B., "Secure/Multipurpose Internet Mail
+ Extensions (S/MIME) Version 3.1 Message Specification",
+ RFC 3851, July 2004.
+
+ [RFC4409] Gellens, R. and J. Klensin, "Message Submission for Mail",
+ RFC 4409, April 2006.
+
+ [RMX] Danish, H., "The RMX DNS RR Type for light weight sender
+ authentication", Work In Progress
+
+ [DMP] Fecyk, G., "Designated Mailers Protocol", Work In Progress
+
+ [Vixie] Vixie, P., "Repudiating MAIL FROM", 2002.
+
+ [Green] Green, D., "Domain-Authorized SMTP Mail", 2002.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 41]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+Appendix A. Collected ABNF
+
+ This section is normative and any discrepancies with the ABNF
+ fragments in the preceding text are to be resolved in favor of this
+ grammar.
+
+ See [RFC4234] for ABNF notation. Please note that as per this ABNF
+ definition, literal text strings (those in quotes) are case-
+ insensitive. Hence, "mx" matches "mx", "MX", "mX", and "Mx".
+
+ record = version terms *SP
+ version = "v=spf1"
+
+ terms = *( 1*SP ( directive / modifier ) )
+
+ directive = [ qualifier ] mechanism
+ qualifier = "+" / "-" / "?" / "~"
+ mechanism = ( all / include
+ / A / MX / PTR / IP4 / IP6 / exists )
+
+ all = "all"
+ include = "include" ":" domain-spec
+ A = "a" [ ":" domain-spec ] [ dual-cidr-length ]
+ MX = "mx" [ ":" domain-spec ] [ dual-cidr-length ]
+ PTR = "ptr" [ ":" domain-spec ]
+ IP4 = "ip4" ":" ip4-network [ ip4-cidr-length ]
+ IP6 = "ip6" ":" ip6-network [ ip6-cidr-length ]
+ exists = "exists" ":" domain-spec
+
+ modifier = redirect / explanation / unknown-modifier
+ redirect = "redirect" "=" domain-spec
+ explanation = "exp" "=" domain-spec
+ unknown-modifier = name "=" macro-string
+
+ ip4-cidr-length = "/" 1*DIGIT
+ ip6-cidr-length = "/" 1*DIGIT
+ dual-cidr-length = [ ip4-cidr-length ] [ "/" ip6-cidr-length ]
+
+ ip4-network = qnum "." qnum "." qnum "." qnum
+ qnum = DIGIT ; 0-9
+ / %x31-39 DIGIT ; 10-99
+ / "1" 2DIGIT ; 100-199
+ / "2" %x30-34 DIGIT ; 200-249
+ / "25" %x30-35 ; 250-255
+ ; conventional dotted quad notation. e.g., 192.0.2.0
+ ip6-network = <as per [RFC 3513], section 2.2>
+ ; e.g., 2001:DB8::CD30
+
+
+
+
+Wong & Schlitt Experimental [Page 42]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ domain-spec = macro-string domain-end
+ domain-end = ( "." toplabel [ "." ] ) / macro-expand
+ toplabel = ( *alphanum ALPHA *alphanum ) /
+ ( 1*alphanum "-" *( alphanum / "-" ) alphanum )
+ ; LDH rule plus additional TLD restrictions
+ ; (see [RFC3696], Section 2)
+
+ alphanum = ALPHA / DIGIT
+
+ explain-string = *( macro-string / SP )
+
+ macro-string = *( macro-expand / macro-literal )
+ macro-expand = ( "%{" macro-letter transformers *delimiter "}" )
+ / "%%" / "%_" / "%-"
+ macro-literal = %x21-24 / %x26-7E
+ ; visible characters except "%"
+ macro-letter = "s" / "l" / "o" / "d" / "i" / "p" / "h" /
+ "c" / "r" / "t"
+ transformers = *DIGIT [ "r" ]
+ delimiter = "." / "-" / "+" / "," / "/" / "_" / "="
+
+ name = ALPHA *( ALPHA / DIGIT / "-" / "_" / "." )
+
+ header-field = "Received-SPF:" [CFWS] result FWS [comment FWS]
+ [ key-value-list ] CRLF
+
+ result = "Pass" / "Fail" / "SoftFail" / "Neutral" /
+ "None" / "TempError" / "PermError"
+
+ key-value-list = key-value-pair *( ";" [CFWS] key-value-pair )
+ [";"]
+
+ key-value-pair = key [CFWS] "=" ( dot-atom / quoted-string )
+
+ key = "client-ip" / "envelope-from" / "helo" /
+ "problem" / "receiver" / "identity" /
+ mechanism / "x-" name / name
+
+ identity = "mailfrom" ; for the "MAIL FROM" identity
+ / "helo" ; for the "HELO" identity
+ / name ; other identities
+
+ dot-atom = <unquoted word as per [RFC2822]>
+ quoted-string = <quoted string as per [RFC2822]>
+ comment = <comment string as per [RFC2822]>
+ CFWS = <comment or folding white space as per [RFC2822]>
+ FWS = <folding white space as per [RFC2822]>
+ CRLF = <standard end-of-line token as per [RFC2822]>
+
+
+
+Wong & Schlitt Experimental [Page 43]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+Appendix B. Extended Examples
+
+ These examples are based on the following DNS setup:
+
+ ; A domain with two mail servers, two hosts
+ ; and two servers at the domain name
+ $ORIGIN example.com.
+ @ MX 10 mail-a
+ MX 20 mail-b
+ A 192.0.2.10
+ A 192.0.2.11
+ amy A 192.0.2.65
+ bob A 192.0.2.66
+ mail-a A 192.0.2.129
+ mail-b A 192.0.2.130
+ www CNAME example.com.
+
+ ; A related domain
+ $ORIGIN example.org.
+ @ MX 10 mail-c
+ mail-c A 192.0.2.140
+
+ ; The reverse IP for those addresses
+ $ORIGIN 2.0.192.in-addr.arpa.
+ 10 PTR example.com.
+ 11 PTR example.com.
+ 65 PTR amy.example.com.
+ 66 PTR bob.example.com.
+ 129 PTR mail-a.example.com.
+ 130 PTR mail-b.example.com.
+ 140 PTR mail-c.example.org.
+
+ ; A rogue reverse IP domain that claims to be
+ ; something it's not
+ $ORIGIN 0.0.10.in-addr.arpa.
+ 4 PTR bob.example.com.
+
+B.1. Simple Examples
+
+ These examples show various possible published records for
+ example.com and which values if <ip> would cause check_host() to
+ return "Pass". Note that <domain> is "example.com".
+
+ v=spf1 +all
+ -- any <ip> passes
+
+ v=spf1 a -all
+ -- hosts 192.0.2.10 and 192.0.2.11 pass
+
+
+
+Wong & Schlitt Experimental [Page 44]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+ v=spf1 a:example.org -all
+ -- no sending hosts pass since example.org has no A records
+
+ v=spf1 mx -all
+ -- sending hosts 192.0.2.129 and 192.0.2.130 pass
+
+ v=spf1 mx:example.org -all
+ -- sending host 192.0.2.140 passes
+
+ v=spf1 mx mx:example.org -all
+ -- sending hosts 192.0.2.129, 192.0.2.130, and 192.0.2.140 pass
+
+ v=spf1 mx/30 mx:example.org/30 -all
+ -- any sending host in 192.0.2.128/30 or 192.0.2.140/30 passes
+
+ v=spf1 ptr -all
+ -- sending host 192.0.2.65 passes (reverse DNS is valid and is in
+ example.com)
+ -- sending host 192.0.2.140 fails (reverse DNS is valid, but not
+ in example.com)
+ -- sending host 10.0.0.4 fails (reverse IP is not valid)
+
+ v=spf1 ip4:192.0.2.128/28 -all
+ -- sending host 192.0.2.65 fails
+ -- sending host 192.0.2.129 passes
+
+B.2. Multiple Domain Example
+
+ These examples show the effect of related records:
+
+ example.org: "v=spf1 include:example.com include:example.net -all"
+
+ This record would be used if mail from example.org actually came
+ through servers at example.com and example.net. Example.org's
+ designated servers are the union of example.com's and example.net's
+ designated servers.
+
+ la.example.org: "v=spf1 redirect=example.org"
+ ny.example.org: "v=spf1 redirect=example.org"
+ sf.example.org: "v=spf1 redirect=example.org"
+
+ These records allow a set of domains that all use the same mail
+ system to make use of that mail system's record. In this way, only
+ the mail system's record needs to be updated when the mail setup
+ changes. These domains' records never have to change.
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 45]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+B.3. DNSBL Style Example
+
+ Imagine that, in addition to the domain records listed above, there
+ are these:
+
+ $ORIGIN _spf.example.com. mary.mobile-users A
+ 127.0.0.2 fred.mobile-users A 127.0.0.2
+ 15.15.168.192.joel.remote-users A 127.0.0.2
+ 16.15.168.192.joel.remote-users A 127.0.0.2
+
+ The following records describe users at example.com who mail from
+ arbitrary servers, or who mail from personal servers.
+
+ example.com:
+
+ v=spf1 mx
+ include:mobile-users._spf.%{d}
+ include:remote-users._spf.%{d}
+ -all
+
+ mobile-users._spf.example.com:
+
+ v=spf1 exists:%{l1r+}.%{d}
+
+ remote-users._spf.example.com:
+
+ v=spf1 exists:%{ir}.%{l1r+}.%{d}
+
+B.4. Multiple Requirements Example
+
+ Say that your sender policy requires both that the IP address is
+ within a certain range and that the reverse DNS for the IP matches.
+ This can be done several ways, including the following:
+
+ example.com. SPF ( "v=spf1 "
+ "-include:ip4._spf.%{d} "
+ "-include:ptr._spf.%{d} "
+ "+all" )
+ ip4._spf.example.com. SPF "v=spf1 -ip4:192.0.2.0/24 +all"
+ ptr._spf.example.com. SPF "v=spf1 -ptr +all"
+
+ This example shows how the "-include" mechanism can be useful, how an
+ SPF record that ends in "+all" can be very restrictive, and the use
+ of De Morgan's Law.
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 46]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+Authors' Addresses
+
+ Meng Weng Wong
+ Singapore
+
+ EMail: mengwong+spf@pobox.com
+
+
+ Wayne Schlitt
+ 4615 Meredeth #9
+ Lincoln Nebraska, NE 68506
+ United States of America
+
+ EMail: wayne@schlitt.net
+ URI: http://www.schlitt.net/spf/
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 47]
+
+RFC 4408 Sender Policy Framework (SPF) April 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Wong & Schlitt Experimental [Page 48]
+
diff --git a/doc/rfc/rfc4431.txt b/doc/rfc/rfc4431.txt
new file mode 100644
index 00000000..8b388722
--- /dev/null
+++ b/doc/rfc/rfc4431.txt
@@ -0,0 +1,227 @@
+
+
+
+
+
+
+Network Working Group M. Andrews
+Request for Comments: 4431 Internet Systems Consortium
+Category: Informational S. Weiler
+ SPARTA, Inc.
+ February 2006
+
+
+ The DNSSEC Lookaside Validation (DLV) DNS Resource Record
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ This document defines a new DNS resource record, called the DNSSEC
+ Lookaside Validation (DLV) RR, for publishing DNSSEC trust anchors
+ outside of the DNS delegation chain.
+
+1. Introduction
+
+ DNSSEC [1] [2] [3] authenticates DNS data by building public-key
+ signature chains along the DNS delegation chain from a trust anchor,
+ ideally a trust anchor for the DNS root.
+
+ This document defines a new resource record for publishing such trust
+ anchors outside of the DNS's normal delegation chain. Use of these
+ records by DNSSEC validators is outside the scope of this document,
+ but it is expected that these records will help resolvers validate
+ DNSSEC-signed data from zones whose ancestors either aren't signed or
+ refuse to publish delegation signer (DS) records for their children.
+
+2. DLV Resource Record
+
+ The DLV resource record has exactly the same wire and presentation
+ formats as the DS resource record, defined in RFC 4034, Section 5.
+ It uses the same IANA-assigned values in the algorithm and digest
+ type fields as the DS record. (Those IANA registries are known as
+ the "DNS Security Algorithm Numbers" and "DS RR Type Algorithm
+ Numbers" registries.)
+
+
+
+
+
+Andrews & Weiler Informational [Page 1]
+
+RFC 4431 DLV Resource Record February 2006
+
+
+ The DLV record is a normal DNS record type without any special
+ processing requirements. In particular, the DLV record does not
+ inherit any of the special processing or handling requirements of the
+ DS record type (described in Section 3.1.4.1 of RFC 4035). Unlike
+ the DS record, the DLV record may not appear on the parent's side of
+ a zone cut. A DLV record may, however, appear at the apex of a zone.
+
+3. Security Considerations
+
+ For authoritative servers and resolvers that do not attempt to use
+ DLV RRs as part of DNSSEC validation, there are no particular
+ security concerns -- DLV RRs are just like any other DNS data.
+
+ Software using DLV RRs as part of DNSSEC validation will almost
+ certainly want to impose constraints on their use, but those
+ constraints are best left to be described by the documents that more
+ fully describe the particulars of how the records are used. At a
+ minimum, it would be unwise to use the records without some sort of
+ cryptographic authentication. More likely than not, DNSSEC itself
+ will be used to authenticate the DLV RRs. Depending on how a DLV RR
+ is used, failure to properly authenticate it could lead to
+ significant additional security problems including failure to detect
+ spoofed DNS data.
+
+ RFC 4034, Section 8, describes security considerations specific to
+ the DS RR. Those considerations are equally applicable to DLV RRs.
+ Of particular note, the key tag field is used to help select DNSKEY
+ RRs efficiently, but it does not uniquely identify a single DNSKEY
+ RR. It is possible for two distinct DNSKEY RRs to have the same
+ owner name, the same algorithm type, and the same key tag. An
+ implementation that uses only the key tag to select a DNSKEY RR might
+ select the wrong public key in some circumstances.
+
+ For further discussion of the security implications of DNSSEC, see
+ RFC 4033, RFC 4034, and RFC 4035.
+
+4. IANA Considerations
+
+ IANA has assigned DNS type code 32769 to the DLV resource record from
+ the Specification Required portion of the DNS Resource Record Type
+ registry, as defined in [4].
+
+ The DLV resource record reuses the same algorithm and digest type
+ registries already used for the DS resource record, currently known
+ as the "DNS Security Algorithm Numbers" and "DS RR Type Algorithm
+ Numbers" registries.
+
+
+
+
+
+Andrews & Weiler Informational [Page 2]
+
+RFC 4431 DLV Resource Record February 2006
+
+
+5. Normative References
+
+ [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "DNS Security Introduction and Requirements", RFC 4033,
+ March 2005.
+
+ [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Resource Records for the DNS Security Extensions", RFC 4034,
+ March 2005.
+
+ [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Protocol Modifications for the DNS Security Extensions",
+ RFC 4035, March 2005.
+
+ [4] Eastlake, D., Brunner-Williams, E., and B. Manning, "Domain Name
+ System (DNS) IANA Considerations", BCP 42, RFC 2929,
+ September 2000.
+
+Authors' Addresses
+
+ Mark Andrews
+ Internet Systems Consortium
+ 950 Charter St.
+ Redwood City, CA 94063
+ US
+
+ EMail: Mark_Andrews@isc.org
+
+
+ Samuel Weiler
+ SPARTA, Inc.
+ 7075 Samuel Morse Drive
+ Columbia, Maryland 21046
+ US
+
+ EMail: weiler@tislabs.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Andrews & Weiler Informational [Page 3]
+
+RFC 4431 DLV Resource Record February 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Andrews & Weiler Informational [Page 4]
+
diff --git a/doc/rfc/rfc4470.txt b/doc/rfc/rfc4470.txt
new file mode 100644
index 00000000..ac12d65c
--- /dev/null
+++ b/doc/rfc/rfc4470.txt
@@ -0,0 +1,451 @@
+
+
+
+
+
+
+Network Working Group S. Weiler
+Request for Comments: 4470 SPARTA, Inc.
+Updates: 4035, 4034 J. Ihren
+Category: Standards Track Autonomica AB
+ April 2006
+
+
+ Minimally Covering NSEC Records and DNSSEC On-line Signing
+
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ This document describes how to construct DNSSEC NSEC resource records
+ that cover a smaller range of names than called for by RFC 4034. By
+ generating and signing these records on demand, authoritative name
+ servers can effectively stop the disclosure of zone contents
+ otherwise made possible by walking the chain of NSEC records in a
+ signed zone.
+
+Table of Contents
+
+ 1. Introduction ....................................................1
+ 2. Applicability of This Technique .................................2
+ 3. Minimally Covering NSEC Records .................................2
+ 4. Better Epsilon Functions ........................................4
+ 5. Security Considerations .........................................5
+ 6. Acknowledgements ................................................6
+ 7. Normative References ............................................6
+
+1. Introduction
+
+ With DNSSEC [1], an NSEC record lists the next instantiated name in
+ its zone, proving that no names exist in the "span" between the
+ NSEC's owner name and the name in the "next name" field. In this
+ document, an NSEC record is said to "cover" the names between its
+ owner name and next name.
+
+
+
+Weiler & Ihren Standards Track [Page 1]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+ Through repeated queries that return NSEC records, it is possible to
+ retrieve all of the names in the zone, a process commonly called
+ "walking" the zone. Some zone owners have policies forbidding zone
+ transfers by arbitrary clients; this side effect of the NSEC
+ architecture subverts those policies.
+
+ This document presents a way to prevent zone walking by constructing
+ NSEC records that cover fewer names. These records can make zone
+ walking take approximately as many queries as simply asking for all
+ possible names in a zone, making zone walking impractical. Some of
+ these records must be created and signed on demand, which requires
+ on-line private keys. Anyone contemplating use of this technique is
+ strongly encouraged to review the discussion of the risks of on-line
+ signing in Section 5.
+
+1.2. Keywords
+
+ The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [4].
+
+2. Applicability of This Technique
+
+ The technique presented here may be useful to a zone owner that wants
+ to use DNSSEC, is concerned about exposure of its zone contents via
+ zone walking, and is willing to bear the costs of on-line signing.
+
+ As discussed in Section 5, on-line signing has several security
+ risks, including an increased likelihood of private keys being
+ disclosed and an increased risk of denial of service attack. Anyone
+ contemplating use of this technique is strongly encouraged to review
+ the discussion of the risks of on-line signing in Section 5.
+
+ Furthermore, at the time this document was published, the DNSEXT
+ working group was actively working on a mechanism to prevent zone
+ walking that does not require on-line signing (tentatively called
+ NSEC3). The new mechanism is likely to expose slightly more
+ information about the zone than this technique (e.g., the number of
+ instantiated names), but it may be preferable to this technique.
+
+3. Minimally Covering NSEC Records
+
+ This mechanism involves changes to NSEC records for instantiated
+ names, which can still be generated and signed in advance, as well as
+ the on-demand generation and signing of new NSEC records whenever a
+ name must be proven not to exist.
+
+
+
+
+
+Weiler & Ihren Standards Track [Page 2]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+ In the "next name" field of instantiated names' NSEC records, rather
+ than list the next instantiated name in the zone, list any name that
+ falls lexically after the NSEC's owner name and before the next
+ instantiated name in the zone, according to the ordering function in
+ RFC 4034 [2] Section 6.1. This relaxes the requirement in Section
+ 4.1.1 of RFC 4034 that the "next name" field contains the next owner
+ name in the zone. This change is expected to be fully compatible
+ with all existing DNSSEC validators. These NSEC records are returned
+ whenever proving something specifically about the owner name (e.g.,
+ that no resource records of a given type appear at that name).
+
+ Whenever an NSEC record is needed to prove the non-existence of a
+ name, a new NSEC record is dynamically produced and signed. The new
+ NSEC record has an owner name lexically before the QNAME but
+ lexically following any existing name and a "next name" lexically
+ following the QNAME but before any existing name.
+
+ The generated NSEC record's type bitmap MUST have the RRSIG and NSEC
+ bits set and SHOULD NOT have any other bits set. This relaxes the
+ requirement in Section 2.3 of RFC4035 that NSEC RRs not appear at
+ names that did not exist before the zone was signed.
+
+ The functions to generate the lexically following and proceeding
+ names need not be perfect or consistent, but the generated NSEC
+ records must not cover any existing names. Furthermore, this
+ technique works best when the generated NSEC records cover as few
+ names as possible. In this document, the functions that generate the
+ nearby names are called "epsilon" functions, a reference to the
+ mathematical convention of using the greek letter epsilon to
+ represent small deviations.
+
+ An NSEC record denying the existence of a wildcard may be generated
+ in the same way. Since the NSEC record covering a non-existent
+ wildcard is likely to be used in response to many queries,
+ authoritative name servers using the techniques described here may
+ want to pregenerate or cache that record and its corresponding RRSIG.
+
+ For example, a query for an A record at the non-instantiated name
+ example.com might produce the following two NSEC records, the first
+ denying the existence of the name example.com and the second denying
+ the existence of a wildcard:
+
+ exampld.com 3600 IN NSEC example-.com ( RRSIG NSEC )
+
+ \).com 3600 IN NSEC +.com ( RRSIG NSEC )
+
+
+
+
+
+
+Weiler & Ihren Standards Track [Page 3]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+ Before answering a query with these records, an authoritative server
+ must test for the existence of names between these endpoints. If the
+ generated NSEC would cover existing names (e.g., exampldd.com or
+ *bizarre.example.com), a better epsilon function may be used or the
+ covered name closest to the QNAME could be used as the NSEC owner
+ name or next name, as appropriate. If an existing name is used as
+ the NSEC owner name, that name's real NSEC record MUST be returned.
+ Using the same example, assuming an exampldd.com delegation exists,
+ this record might be returned from the parent:
+
+ exampldd.com 3600 IN NSEC example-.com ( NS DS RRSIG NSEC )
+
+ Like every authoritative record in the zone, each generated NSEC
+ record MUST have corresponding RRSIGs generated using each algorithm
+ (but not necessarily each DNSKEY) in the zone's DNSKEY RRset, as
+ described in RFC 4035 [3] Section 2.2. To minimize the number of
+ signatures that must be generated, a zone may wish to limit the
+ number of algorithms in its DNSKEY RRset.
+
+4. Better Epsilon Functions
+
+ Section 6.1 of RFC 4034 defines a strict ordering of DNS names.
+ Working backward from that definition, it should be possible to
+ define epsilon functions that generate the immediately following and
+ preceding names, respectively. This document does not define such
+ functions. Instead, this section presents functions that come
+ reasonably close to the perfect ones. As described above, an
+ authoritative server should still ensure than no generated NSEC
+ covers any existing name.
+
+ To increment a name, add a leading label with a single null (zero-
+ value) octet.
+
+ To decrement a name, decrement the last character of the leftmost
+ label, then fill that label to a length of 63 octets with octets of
+ value 255. To decrement a null (zero-value) octet, remove the octet
+ -- if an empty label is left, remove the label. Defining this
+ function numerically: fill the leftmost label to its maximum length
+ with zeros (numeric, not ASCII zeros) and subtract one.
+
+ In response to a query for the non-existent name foo.example.com,
+ these functions produce NSEC records of the following:
+
+
+
+
+
+
+
+
+
+Weiler & Ihren Standards Track [Page 4]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+ fon\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255.example.com 3600 IN NSEC \000.foo.example.com ( NSEC RRSIG )
+
+ \)\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
+ \255\255.example.com 3600 IN NSEC \000.*.example.com ( NSEC RRSIG )
+
+ The first of these NSEC RRs proves that no exact match for
+ foo.example.com exists, and the second proves that there is no
+ wildcard in example.com.
+
+ Both of these functions are imperfect: they do not take into account
+ constraints on number of labels in a name nor total length of a name.
+ As noted in the previous section, though, this technique does not
+ depend on the use of perfect epsilon functions: it is sufficient to
+ test whether any instantiated names fall into the span covered by the
+ generated NSEC and, if so, substitute those instantiated owner names
+ for the NSEC owner name or next name, as appropriate.
+
+5. Security Considerations
+
+ This approach requires on-demand generation of RRSIG records. This
+ creates several new vulnerabilities.
+
+ First, on-demand signing requires that a zone's authoritative servers
+ have access to its private keys. Storing private keys on well-known
+ Internet-accessible servers may make them more vulnerable to
+ unintended disclosure.
+
+ Second, since generation of digital signatures tends to be
+ computationally demanding, the requirement for on-demand signing
+ makes authoritative servers vulnerable to a denial of service attack.
+
+ Last, if the epsilon functions are predictable, on-demand signing may
+ enable a chosen-plaintext attack on a zone's private keys. Zones
+ using this approach should attempt to use cryptographic algorithms
+ that are resistant to chosen-plaintext attacks. It is worth noting
+ that although DNSSEC has a "mandatory to implement" algorithm, that
+ is a requirement on resolvers and validators -- there is no
+ requirement that a zone be signed with any given algorithm.
+
+ The success of using minimally covering NSEC records to prevent zone
+ walking depends greatly on the quality of the epsilon functions
+
+
+
+Weiler & Ihren Standards Track [Page 5]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+ chosen. An increment function that chooses a name obviously derived
+ from the next instantiated name may be easily reverse engineered,
+ destroying the value of this technique. An increment function that
+ always returns a name close to the next instantiated name is likewise
+ a poor choice. Good choices of epsilon functions are the ones that
+ produce the immediately following and preceding names, respectively,
+ though zone administrators may wish to use less perfect functions
+ that return more human-friendly names than the functions described in
+ Section 4 above.
+
+ Another obvious but misguided concern is the danger from synthesized
+ NSEC records being replayed. It is possible for an attacker to
+ replay an old but still validly signed NSEC record after a new name
+ has been added in the span covered by that NSEC, incorrectly proving
+ that there is no record at that name. This danger exists with DNSSEC
+ as defined in [3]. The techniques described here actually decrease
+ the danger, since the span covered by any NSEC record is smaller than
+ before. Choosing better epsilon functions will further reduce this
+ danger.
+
+6. Acknowledgements
+
+ Many individuals contributed to this design. They include, in
+ addition to the authors of this document, Olaf Kolkman, Ed Lewis,
+ Peter Koch, Matt Larson, David Blacka, Suzanne Woolf, Jaap Akkerhuis,
+ Jakob Schlyter, Bill Manning, and Joao Damas.
+
+ In addition, the editors would like to thank Ed Lewis, Scott Rose,
+ and David Blacka for their careful review of the document.
+
+7. Normative References
+
+ [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "DNS Security Introduction and Requirements", RFC 4033, March
+ 2005.
+
+ [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Resource Records for the DNS Security Extensions", RFC 4034,
+ March 2005.
+
+ [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Protocol Modifications for the DNS Security Extensions", RFC
+ 4035, March 2005.
+
+ [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+
+
+
+
+Weiler & Ihren Standards Track [Page 6]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+Authors' Addresses
+
+ Samuel Weiler
+ SPARTA, Inc.
+ 7075 Samuel Morse Drive
+ Columbia, Maryland 21046
+ US
+
+ EMail: weiler@tislabs.com
+
+
+ Johan Ihren
+ Autonomica AB
+ Bellmansgatan 30
+ Stockholm SE-118 47
+ Sweden
+
+ EMail: johani@autonomica.se
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Weiler & Ihren Standards Track [Page 7]
+
+RFC 4470 NSEC Epsilon April 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Weiler & Ihren Standards Track [Page 8]
+
diff --git a/doc/rfc/rfc4634.txt b/doc/rfc/rfc4634.txt
new file mode 100644
index 00000000..b672df8a
--- /dev/null
+++ b/doc/rfc/rfc4634.txt
@@ -0,0 +1,6051 @@
+
+
+
+
+
+
+Network Working Group D. Eastlake 3rd
+Request for Comments: 4634 Motorola Labs
+Updates: 3174 T. Hansen
+Category: Informational AT&T Labs
+ July 2006
+
+
+ US Secure Hash Algorithms (SHA and HMAC-SHA)
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ The United States of America has adopted a suite of Secure Hash
+ Algorithms (SHAs), including four beyond SHA-1, as part of a Federal
+ Information Processing Standard (FIPS), specifically SHA-224 (RFC
+ 3874), SHA-256, SHA-384, and SHA-512. The purpose of this document
+ is to make source code performing these hash functions conveniently
+ available to the Internet community. The sample code supports input
+ strings of arbitrary bit length. SHA-1's sample code from RFC 3174
+ has also been updated to handle input strings of arbitrary bit
+ length. Most of the text herein was adapted by the authors from FIPS
+ 180-2.
+
+ Code to perform SHA-based HMACs, with arbitrary bit length text, is
+ also included.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 1]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+Table of Contents
+
+ 1. Overview of Contents ............................................3
+ 1.1. License ....................................................4
+ 2. Notation for Bit Strings and Integers ...........................4
+ 3. Operations on Words .............................................5
+ 4. Message Padding and Parsing .....................................6
+ 4.1. SHA-224 and SHA-256 ........................................7
+ 4.2. SHA-384 and SHA-512 ........................................8
+ 5. Functions and Constants Used ....................................9
+ 5.1. SHA-224 and SHA-256 ........................................9
+ 5.2. SHA-384 and SHA-512 .......................................10
+ 6. Computing the Message Digest ...................................11
+ 6.1. SHA-224 and SHA-256 Initialization ........................11
+ 6.2. SHA-224 and SHA-256 Processing ............................11
+ 6.3. SHA-384 and SHA-512 Initialization ........................13
+ 6.4. SHA-384 and SHA-512 Processing ............................14
+ 7. SHA-Based HMACs ................................................15
+ 8. C Code for SHAs ................................................15
+ 8.1. The .h File ...............................................18
+ 8.2. The SHA Code ..............................................24
+ 8.2.1. sha1.c .............................................24
+ 8.2.2. sha224-256.c .......................................33
+ 8.2.3. sha384-512.c .......................................45
+ 8.2.4. usha.c .............................................67
+ 8.2.5. sha-private.h ......................................72
+ 8.3. The HMAC Code .............................................73
+ 8.4. The Test Driver ...........................................78
+ 9. Security Considerations .......................................106
+ 10. Normative References .........................................106
+ 11. Informative References .......................................106
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 2]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+1. Overview of Contents
+
+ NOTE: Much of the text below is taken from [FIPS180-2] and assertions
+ therein of the security of the algorithms described are made by the
+ US Government, the author of [FIPS180-2], and not by the authors of
+ this document.
+
+ The text below specifies Secure Hash Algorithms, SHA-224 [RFC3874],
+ SHA-256, SHA-384, and SHA-512, for computing a condensed
+ representation of a message or a data file. (SHA-1 is specified in
+ [RFC3174].) When a message of any length < 2^64 bits (for SHA-224
+ and SHA-256) or < 2^128 bits (for SHA-384 and SHA-512) is input to
+ one of these algorithms, the result is an output called a message
+ digest. The message digests range in length from 224 to 512 bits,
+ depending on the algorithm. Secure hash algorithms are typically
+ used with other cryptographic algorithms, such as digital signature
+ algorithms and keyed hash authentication codes, or in the generation
+ of random numbers [RFC4086].
+
+ The four algorithms specified in this document are called secure
+ because it is computationally infeasible to (1) find a message that
+ corresponds to a given message digest, or (2) find two different
+ messages that produce the same message digest. Any change to a
+ message in transit will, with very high probability, result in a
+ different message digest. This will result in a verification failure
+ when the secure hash algorithm is used with a digital signature
+ algorithm or a keyed-hash message authentication algorithm.
+
+ The code provided herein supports input strings of arbitrary bit
+ length. SHA-1's sample code from [RFC3174] has also been updated to
+ handle input strings of arbitrary bit length. See Section 1.1 for
+ license information for this code.
+
+ Section 2 below defines the terminology and functions used as
+ building blocks to form these algorithms. Section 3 describes the
+ fundamental operations on words from which these algorithms are
+ built. Section 4 describes how messages are padded up to an integral
+ multiple of the required block size and then parsed into blocks.
+ Section 5 defines the constants and the composite functions used to
+ specify these algorithms. Section 6 gives the actual specification
+ for the SHA-224, SHA-256, SHA-384, and SHA-512 functions. Section 7
+ provides pointers to the specification of HMAC keyed message
+ authentication codes based on the SHA algorithms. Section 8 gives
+ sample code for the SHA algorithms and Section 9 code for SHA-based
+ HMACs. The SHA-based HMACs will accept arbitrary bit length text.
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 3]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+1.1. License
+
+ Permission is granted for all uses, commercial and non-commercial, of
+ the sample code found in Section 8. Royalty free license to use,
+ copy, modify and distribute the software found in Section 8 is
+ granted, provided that this document is identified in all material
+ mentioning or referencing this software, and provided that
+ redistributed derivative works do not contain misleading author or
+ version information.
+
+ The authors make no representations concerning either the
+ merchantability of this software or the suitability of this software
+ for any particular purpose. It is provided "as is" without express
+ or implied warranty of any kind.
+
+2. Notation for Bit Strings and Integers
+
+ The following terminology related to bit strings and integers will be
+ used:
+
+ a. A hex digit is an element of the set {0, 1, ... , 9, A, ... ,
+ F}. A hex digit is the representation of a 4-bit string.
+ Examples: 7 = 0111, A = 1010.
+
+ b. A word equals a 32-bit or 64-bit string, which may be
+ represented as a sequence of 8 or 16 hex digits, respectively.
+ To convert a word to hex digits, each 4-bit string is converted
+ to its hex equivalent as described in (a) above. Example:
+
+ 1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23.
+
+ Throughout this document, the "big-endian" convention is used
+ when expressing both 32-bit and 64-bit words, so that within
+ each word the most significant bit is shown in the left-most bit
+ position.
+
+ c. An integer may be represented as a word or pair of words.
+
+ An integer between 0 and 2^32 - 1 inclusive may be represented
+ as a 32-bit word. The least significant four bits of the
+ integer are represented by the right-most hex digit of the word
+ representation. Example: the integer 291 = 2^8+2^5+2^1+2^0 =
+ 256+32+2+1 is represented by the hex word 00000123.
+
+ The same holds true for an integer between 0 and 2^64-1
+ inclusive, which may be represented as a 64-bit word.
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 4]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ If Z is an integer, 0 <= z < 2^64, then z = (2^32)x + y where 0
+ <= x < 2^32 and 0 <= y < 2^32. Since x and y can be represented
+ as words X and Y, respectively, z can be represented as the pair
+ of words (X,Y).
+
+ d. block = 512-bit or 1024-bit string. A block (e.g., B) may be
+ represented as a sequence of 32-bit or 64-bit words.
+
+3. Operations on Words
+
+ The following logical operators will be applied to words in all four
+ hash operations specified herein. SHA-224 and SHA-256 operate on
+ 32-bit words, while SHA-384 and SHA-512 operate on 64-bit words.
+
+ In the operations below, x<<n is obtained as follows: discard the
+ left-most n bits of x and then pad the result with n zeroed bits on
+ the right (the result will still be the same number of bits).
+
+ a. Bitwise logical word operations
+
+ X AND Y = bitwise logical "and" of X and Y.
+
+ X OR Y = bitwise logical "inclusive-or" of X and Y.
+
+ X XOR Y = bitwise logical "exclusive-or" of X and Y.
+
+ NOT X = bitwise logical "complement" of X.
+
+ Example:
+ 01101100101110011101001001111011
+ XOR 01100101110000010110100110110111
+ --------------------------------
+ = 00001001011110001011101111001100
+
+ b. The operation X + Y is defined as follows: words X and Y
+ represent w-bit integers x and y, where 0 <= x < 2^w and
+ 0 <= y < 2^w. For positive integers n and m, let
+
+ n mod m
+
+ be the remainder upon dividing n by m. Compute
+
+ z = (x + y) mod 2^w.
+
+ Then 0 <= z < 2^w. Convert z to a word, Z, and define Z = X +
+ Y.
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 5]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ c. The right shift operation SHR^n(x), where x is a w-bit word and
+ n is an integer with 0 <= n < w, is defined by
+
+ SHR^n(x) = x>>n
+
+ d. The rotate right (circular right shift) operation ROTR^n(x),
+ where x is a w-bit word and n is an integer with 0 <= n < w, is
+ defined by
+
+ ROTR^n(x) = (x>>n) OR (x<<(w-n))
+
+ e. The rotate left (circular left shift) operation ROTL^n(x), where
+ x is a w-bit word and n is an integer with 0 <= n < w, is
+ defined by
+
+ ROTL^n(X) = (x<<n) OR (x>>w-n)
+
+ Note the following equivalence relationships, where w is fixed
+ in each relationship:
+
+ ROTL^n(x) = ROTR^(w-x)(x)
+
+ ROTR^n(x) = ROTL^(w-n)(x)
+
+4. Message Padding and Parsing
+
+ The hash functions specified herein are used to compute a message
+ digest for a message or data file that is provided as input. The
+ message or data file should be considered to be a bit string. The
+ length of the message is the number of bits in the message (the empty
+ message has length 0). If the number of bits in a message is a
+ multiple of 8, for compactness we can represent the message in hex.
+ The purpose of message padding is to make the total length of a
+ padded message a multiple of 512 for SHA-224 and SHA-256 or a
+ multiple of 1024 for SHA-384 and SHA-512.
+
+ The following specifies how this padding shall be performed. As a
+ summary, a "1" followed by a number of "0"s followed by a 64-bit or
+ 128-bit integer are appended to the end of the message to produce a
+ padded message of length 512*n or 1024*n. The minimum number of "0"s
+ necessary to meet this criterion is used. The appended integer is
+ the length of the original message. The padded message is then
+ processed by the hash function as n 512-bit or 1024-bit blocks.
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 6]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+4.1. SHA-224 and SHA-256
+
+ Suppose a message has length L < 2^64. Before it is input to the
+ hash function, the message is padded on the right as follows:
+
+ a. "1" is appended. Example: if the original message is
+ "01010000", this is padded to "010100001".
+
+ b. K "0"s are appended where K is the smallest, non-negative
+ solution to the equation
+
+ L + 1 + K = 448 (mod 512)
+
+ c. Then append the 64-bit block that is L in binary representation.
+ After appending this block, the length of the message will be a
+ multiple of 512 bits.
+
+ Example: Suppose the original message is the bit string
+
+ 01100001 01100010 01100011 01100100 01100101
+
+ After step (a), this gives
+
+ 01100001 01100010 01100011 01100100 01100101 1
+
+ Since L = 40, the number of bits in the above is 41 and K = 407
+ "0"s are appended, making the total now 448. This gives the
+ following in hex:
+
+ 61626364 65800000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000
+
+ The 64-bit representation of L = 40 is hex 00000000 00000028.
+ Hence the final padded message is the following hex:
+
+ 61626364 65800000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000028
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 7]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+4.2. SHA-384 and SHA-512
+
+ Suppose a message has length L < 2^128. Before it is input to the
+ hash function, the message is padded on the right as follows:
+
+ a. "1" is appended. Example: if the original message is
+ "01010000", this is padded to "010100001".
+
+ b. K "0"s are appended where K is the smallest, non-negative
+ solution to the equation
+
+ L + 1 + K = 896 (mod 1024)
+
+ c. Then append the 128-bit block that is L in binary
+ representation. After appending this block, the length of the
+ message will be a multiple of 1024 bits.
+
+ Example: Suppose the original message is the bit string
+
+ 01100001 01100010 01100011 01100100 01100101
+
+ After step (a) this gives
+
+ 01100001 01100010 01100011 01100100 01100101 1
+
+ Since L = 40, the number of bits in the above is 41 and K = 855
+ "0"s are appended, making the total now 896. This gives the
+ following in hex:
+
+ 61626364 65800000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+
+ The 128-bit representation of L = 40 is hex 00000000 00000000
+ 00000000 00000028. Hence the final padded message is the
+ following hex:
+
+ 61626364 65800000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 8]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000000
+ 00000000 00000000 00000000 00000028
+
+5. Functions and Constants Used
+
+ The following subsections give the six logical functions and the
+ table of constants used in each of the hash functions.
+
+5.1. SHA-224 and SHA-256
+
+ SHA-224 and SHA-256 use six logical functions, where each function
+ operates on 32-bit words, which are represented as x, y, and z. The
+ result of each function is a new 32-bit word.
+
+ CH( x, y, z) = (x AND y) XOR ( (NOT x) AND z)
+
+ MAJ( x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
+
+ BSIG0(x) = ROTR^2(x) XOR ROTR^13(x) XOR ROTR^22(x)
+
+ BSIG1(x) = ROTR^6(x) XOR ROTR^11(x) XOR ROTR^25(x)
+
+ SSIG0(x) = ROTR^7(x) XOR ROTR^18(x) XOR SHR^3(x)
+
+ SSIG1(x) = ROTR^17(x) XOR ROTR^19(x) XOR SHR^10(x)
+
+ SHA-224 and SHA-256 use the same sequence of sixty-four constant
+ 32-bit words, K0, K1, ..., K63. These words represent the first
+ thirty-two bits of the fractional parts of the cube roots of the
+ first sixty-four prime numbers. In hex, these constant words are as
+ follows (from left to right):
+
+ 428a2f98 71374491 b5c0fbcf e9b5dba5
+ 3956c25b 59f111f1 923f82a4 ab1c5ed5
+ d807aa98 12835b01 243185be 550c7dc3
+ 72be5d74 80deb1fe 9bdc06a7 c19bf174
+ e49b69c1 efbe4786 0fc19dc6 240ca1cc
+ 2de92c6f 4a7484aa 5cb0a9dc 76f988da
+ 983e5152 a831c66d b00327c8 bf597fc7
+ c6e00bf3 d5a79147 06ca6351 14292967
+ 27b70a85 2e1b2138 4d2c6dfc 53380d13
+ 650a7354 766a0abb 81c2c92e 92722c85
+ a2bfe8a1 a81a664b c24b8b70 c76c51a3
+ d192e819 d6990624 f40e3585 106aa070
+ 19a4c116 1e376c08 2748774c 34b0bcb5
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 9]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ 391c0cb3 4ed8aa4a 5b9cca4f 682e6ff3
+ 748f82ee 78a5636f 84c87814 8cc70208
+ 90befffa a4506ceb bef9a3f7 c67178f2
+
+5.2. SHA-384 and SHA-512
+
+ SHA-384 and SHA-512 each use six logical functions, where each
+ function operates on 64-bit words, which are represented as x, y, and
+ z. The result of each function is a new 64-bit word.
+
+ CH( x, y, z) = (x AND y) XOR ( (NOT x) AND z)
+
+ MAJ( x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
+
+ BSIG0(x) = ROTR^28(x) XOR ROTR^34(x) XOR ROTR^39(x)
+
+ BSIG1(x) = ROTR^14(x) XOR ROTR^18(x) XOR ROTR^41(x)
+
+ SSIG0(x) = ROTR^1(x) XOR ROTR^8(x) XOR SHR^7(x)
+
+ SSIG1(x) = ROTR^19(x) XOR ROTR^61(x) XOR SHR^6(x)
+
+ SHA-384 and SHA-512 use the same sequence of eighty constant 64-bit
+ words, K0, K1, ... K79. These words represent the first sixty-four
+ bits of the fractional parts of the cube roots of the first eighty
+ prime numbers. In hex, these constant words are as follows (from
+ left to right):
+
+ 428a2f98d728ae22 7137449123ef65cd b5c0fbcfec4d3b2f e9b5dba58189dbbc
+ 3956c25bf348b538 59f111f1b605d019 923f82a4af194f9b ab1c5ed5da6d8118
+ d807aa98a3030242 12835b0145706fbe 243185be4ee4b28c 550c7dc3d5ffb4e2
+ 72be5d74f27b896f 80deb1fe3b1696b1 9bdc06a725c71235 c19bf174cf692694
+ e49b69c19ef14ad2 efbe4786384f25e3 0fc19dc68b8cd5b5 240ca1cc77ac9c65
+ 2de92c6f592b0275 4a7484aa6ea6e483 5cb0a9dcbd41fbd4 76f988da831153b5
+ 983e5152ee66dfab a831c66d2db43210 b00327c898fb213f bf597fc7beef0ee4
+ c6e00bf33da88fc2 d5a79147930aa725 06ca6351e003826f 142929670a0e6e70
+ 27b70a8546d22ffc 2e1b21385c26c926 4d2c6dfc5ac42aed 53380d139d95b3df
+ 650a73548baf63de 766a0abb3c77b2a8 81c2c92e47edaee6 92722c851482353b
+ a2bfe8a14cf10364 a81a664bbc423001 c24b8b70d0f89791 c76c51a30654be30
+ d192e819d6ef5218 d69906245565a910 f40e35855771202a 106aa07032bbd1b8
+ 19a4c116b8d2d0c8 1e376c085141ab53 2748774cdf8eeb99 34b0bcb5e19b48a8
+ 391c0cb3c5c95a63 4ed8aa4ae3418acb 5b9cca4f7763e373 682e6ff3d6b2b8a3
+ 748f82ee5defb2fc 78a5636f43172f60 84c87814a1f0ab72 8cc702081a6439ec
+ 90befffa23631e28 a4506cebde82bde9 bef9a3f7b2c67915 c67178f2e372532b
+ ca273eceea26619c d186b8c721c0c207 eada7dd6cde0eb1e f57d4f7fee6ed178
+ 06f067aa72176fba 0a637dc5a2c898a6 113f9804bef90dae 1b710b35131c471b
+ 28db77f523047d84 32caab7b40c72493 3c9ebe0a15c9bebc 431d67c49c100d4c
+ 4cc5d4becb3e42b6 597f299cfc657e2a 5fcb6fab3ad6faec 6c44198c4a475817
+
+
+
+Eastlake 3rd & Hansen Informational [Page 10]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+6. Computing the Message Digest
+
+ The output of each of the secure hash functions, after being applied
+ to a message of N blocks, is the hash quantity H(N). For SHA-224 and
+ SHA-256, H(i) can be considered to be eight 32-bit words, H(i)0,
+ H(i)1, ... H(i)7. For SHA-384 and SHA-512, it can be considered to
+ be eight 64-bit words, H(i)0, H(i)1, ..., H(i)7.
+
+ As described below, the hash words are initialized, modified as each
+ message block is processed, and finally concatenated after processing
+ the last block to yield the output. For SHA-256 and SHA-512, all of
+ the H(N) variables are concatenated while the SHA-224 and SHA-384
+ hashes are produced by omitting some from the final concatenation.
+
+6.1. SHA-224 and SHA-256 Initialization
+
+ For SHA-224, the initial hash value, H(0), consists of the following
+ 32-bit words in hex:
+
+ H(0)0 = c1059ed8
+ H(0)1 = 367cd507
+ H(0)2 = 3070dd17
+ H(0)3 = f70e5939
+ H(0)4 = ffc00b31
+ H(0)5 = 68581511
+ H(0)6 = 64f98fa7
+ H(0)7 = befa4fa4
+
+ For SHA-256, the initial hash value, H(0), consists of the following
+ eight 32-bit words, in hex. These words were obtained by taking the
+ first thirty-two bits of the fractional parts of the square roots of
+ the first eight prime numbers.
+
+ H(0)0 = 6a09e667
+ H(0)1 = bb67ae85
+ H(0)2 = 3c6ef372
+ H(0)3 = a54ff53a
+ H(0)4 = 510e527f
+ H(0)5 = 9b05688c
+ H(0)6 = 1f83d9ab
+ H(0)7 = 5be0cd19
+
+6.2. SHA-224 and SHA-256 Processing
+
+ SHA-224 and SHA-256 perform identical processing on messages blocks
+ and differ only in how H(0) is initialized and how they produce their
+ final output. They may be used to hash a message, M, having a length
+ of L bits, where 0 <= L < 2^64. The algorithm uses (1) a message
+
+
+
+Eastlake 3rd & Hansen Informational [Page 11]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ schedule of sixty-four 32-bit words, (2) eight working variables of
+ 32 bits each, and (3) a hash value of eight 32-bit words.
+
+ The words of the message schedule are labeled W0, W1, ..., W63. The
+ eight working variables are labeled a, b, c, d, e, f, g, and h. The
+ words of the hash value are labeled H(i)0, H(i)1, ..., H(i)7, which
+ will hold the initial hash value, H(0), replaced by each successive
+ intermediate hash value (after each message block is processed),
+ H(i), and ending with the final hash value, H(N), after all N blocks
+ are processed. They also use two temporary words, T1 and T2.
+
+ The input message is padded as described in Section 4.1 above then
+ parsed into 512-bit blocks, which are considered to be composed of 16
+ 32-bit words M(i)0, M(i)1, ..., M(i)15. The following computations
+ are then performed for each of the N message blocks. All addition is
+ performed modulo 2^32.
+
+ For i = 1 to N
+
+ 1. Prepare the message schedule W:
+ For t = 0 to 15
+ Wt = M(i)t
+ For t = 16 to 63
+ Wt = SSIG1(W(t-2)) + W(t-7) + SSIG0(t-15) + W(t-16)
+
+ 2. Initialize the working variables:
+ a = H(i-1)0
+ b = H(i-1)1
+ c = H(i-1)2
+ d = H(i-1)3
+ e = H(i-1)4
+ f = H(i-1)5
+ g = H(i-1)6
+ h = H(i-1)7
+
+ 3. Perform the main hash computation:
+ For t = 0 to 63
+ T1 = h + BSIG1(e) + CH(e,f,g) + Kt + Wt
+ T2 = BSIG0(a) + MAJ(a,b,c)
+ h = g
+ g = f
+ f = e
+ e = d + T1
+ d = c
+ c = b
+ b = a
+ a = T1 + T2
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 12]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ 4. Compute the intermediate hash value H(i):
+ H(i)0 = a + H(i-1)0
+ H(i)1 = b + H(i-1)1
+ H(i)2 = c + H(i-1)2
+ H(i)3 = d + H(i-1)3
+ H(i)4 = e + H(i-1)4
+ H(i)5 = f + H(i-1)5
+ H(i)6 = g + H(i-1)6
+ H(i)7 = h + H(i-1)7
+
+ After the above computations have been sequentially performed for all
+ of the blocks in the message, the final output is calculated. For
+ SHA-256, this is the concatenation of all of H(N)0, H(N)1, through
+ H(N)7. For SHA-224, this is the concatenation of H(N)0, H(N)1,
+ through H(N)6.
+
+6.3. SHA-384 and SHA-512 Initialization
+
+ For SHA-384, the initial hash value, H(0), consists of the following
+ eight 64-bit words, in hex. These words were obtained by taking the
+ first sixty-four bits of the fractional parts of the square roots of
+ the ninth through sixteenth prime numbers.
+
+ H(0)0 = cbbb9d5dc1059ed8
+ H(0)1 = 629a292a367cd507
+ H(0)2 = 9159015a3070dd17
+ H(0)3 = 152fecd8f70e5939
+ H(0)4 = 67332667ffc00b31
+ H(0)5 = 8eb44a8768581511
+ H(0)6 = db0c2e0d64f98fa7
+ H(0)7 = 47b5481dbefa4fa4
+
+ For SHA-512, the initial hash value, H(0), consists of the following
+ eight 64-bit words, in hex. These words were obtained by taking the
+ first sixty-four bits of the fractional parts of the square roots of
+ the first eight prime numbers.
+
+ H(0)0 = 6a09e667f3bcc908
+ H(0)1 = bb67ae8584caa73b
+ H(0)2 = 3c6ef372fe94f82b
+ H(0)3 = a54ff53a5f1d36f1
+ H(0)4 = 510e527fade682d1
+ H(0)5 = 9b05688c2b3e6c1f
+ H(0)6 = 1f83d9abfb41bd6b
+ H(0)7 = 5be0cd19137e2179
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 13]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+6.4. SHA-384 and SHA-512 Processing
+
+ SHA-384 and SHA-512 perform identical processing on message blocks
+ and differ only in how H(0) is initialized and how they produce their
+ final output. They may be used to hash a message, M, having a length
+ of L bits, where 0 <= L < 2^128. The algorithm uses (1) a message
+ schedule of eighty 64-bit words, (2) eight working variables of 64
+ bits each, and (3) a hash value of eight 64-bit words.
+
+ The words of the message schedule are labeled W0, W1, ..., W79. The
+ eight working variables are labeled a, b, c, d, e, f, g, and h. The
+ words of the hash value are labeled H(i)0, H(i)1, ..., H(i)7, which
+ will hold the initial hash value, H(0), replaced by each successive
+ intermediate hash value (after each message block is processed),
+ H(i), and ending with the final hash value, H(N) after all N blocks
+ are processed.
+
+ The input message is padded as described in Section 4.2 above, then
+ parsed into 1024-bit blocks, which are considered to be composed of
+ 16 64-bit words M(i)0, M(i)1, ..., M(i)15. The following
+ computations are then performed for each of the N message blocks.
+ All addition is performed modulo 2^64.
+
+ For i = 1 to N
+
+ 1. Prepare the message schedule W:
+ For t = 0 to 15
+ Wt = M(i)t
+ For t = 16 to 79
+ Wt = SSIG1(W(t-2)) + W(t-7) + SSIG0(t-15) + W(t-16)
+
+ 2. Initialize the working variables:
+ a = H(i-1)0
+ b = H(i-1)1
+ c = H(i-1)2
+ d = H(i-1)3
+ e = H(i-1)4
+ f = H(i-1)5
+ g = H(i-1)6
+ h = H(i-1)7
+
+ 3. Perform the main hash computation:
+ For t = 0 to 79
+ T1 = h + BSIG1(e) + CH(e,f,g) + Kt + Wt
+ T2 = BSIG0(a) + MAJ(a,b,c)
+ h = g
+ g = f
+ f = e
+
+
+
+Eastlake 3rd & Hansen Informational [Page 14]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ e = d + T1
+ d = c
+ c = b
+ b = a
+ a = T1 + T2
+
+ 4. Compute the intermediate hash value H(i):
+ H(i)0 = a + H(i-1)0
+ H(i)1 = b + H(i-1)1
+ H(i)2 = c + H(i-1)2
+ H(i)3 = d + H(i-1)3
+ H(i)4 = e + H(i-1)4
+ H(i)5 = f + H(i-1)5
+ H(i)6 = g + H(i-1)6
+ H(i)7 = h + H(i-1)7
+
+ After the above computations have been sequentially performed for all
+ of the blocks in the message, the final output is calculated. For
+ SHA-512, this is the concatenation of all of H(N)0, H(N)1, through
+ H(N)7. For SHA-384, this is the concatenation of H(N)0, H(N)1,
+ through H(N)5.
+
+7. SHA-Based HMACs
+
+ HMAC is a method for computing a keyed MAC (message authentication
+ code) using a hash function as described in [RFC2104]. It uses a key
+ to mix in with the input text to produce the final hash.
+
+ Sample code is also provided, in Section 8.3 below, to perform HMAC
+ based on any of the SHA algorithms described herein. The sample code
+ found in [RFC2104] was written in terms of a specified text size.
+ Since SHA is defined in terms of an arbitrary number of bits, the
+ sample HMAC code has been written to allow the text input to HMAC to
+ have an arbitrary number of octets and bits. A fixed-length
+ interface is also provided.
+
+8. C Code for SHAs
+
+ Below is a demonstration implementation of these secure hash
+ functions in C. Section 8.1 contains the header file sha.h, which
+ declares all constants, structures, and functions used by the sha and
+ hmac functions. Section 8.2 contains the C code for sha1.c,
+ sha224-256.c, sha384-512.c, and usha.c along with sha-private.h,
+ which provides some declarations common to all the sha functions.
+ Section 8.3 contains the C code for the hmac functions. Section 8.4
+ contains a test driver to exercise the code.
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 15]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ For each of the digest length $$$, there is the following set of
+ constants, a structure, and functions:
+
+ Constants:
+ SHA$$$HashSize number of octets in the hash
+ SHA$$$HashSizeBits number of bits in the hash
+ SHA$$$_Message_Block_Size
+ number of octets used in the intermediate
+ message blocks
+ shaSuccess = 0 constant returned by each function on success
+ shaNull = 1 constant returned by each function when
+ presented with a null pointer parameter
+ shaInputTooLong = 2 constant returned by each function when the
+ input data is too long
+ shaStateError constant returned by each function when
+ SHA$$$Input is called after SHA$$$FinalBits or
+ SHA$$$Result.
+
+ Structure:
+ typedef SHA$$$Context
+ an opaque structure holding the complete state
+ for producing the hash
+
+ Functions:
+ int SHA$$$Reset(SHA$$$Context *);
+ Reset the hash context state
+ int SHA$$$Input(SHA$$$Context *, const uint8_t *octets,
+ unsigned int bytecount);
+ Incorporate bytecount octets into the hash.
+ int SHA$$$FinalBits(SHA$$$Context *, const uint8_t octet,
+ unsigned int bitcount);
+ Incorporate bitcount bits into the hash. The bits are in
+ the upper portion of the octet. SHA$$$Input() cannot be
+ called after this.
+ int SHA$$$Result(SHA$$$Context *,
+ uint8_t Message_Digest[SHA$$$HashSize]);
+ Do the final calculations on the hash and copy the value
+ into Message_Digest.
+
+ In addition, functions with the prefix USHA are provided that take a
+ SHAversion value (SHA$$$) to select the SHA function suite. They add
+ the following constants, structure, and functions:
+
+ Constants:
+ shaBadParam constant returned by USHA functions when
+ presented with a bad SHAversion (SHA$$$)
+ parameter
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 16]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ SHA$$$ SHAversion enumeration values, used by usha
+ and hmac functions to select the SHA function
+ suite
+
+ Structure:
+ typedef USHAContext
+ an opaque structure holding the complete state
+ for producing the hash
+
+ Functions:
+ int USHAReset(USHAContext *, SHAversion whichSha);
+ Reset the hash context state.
+ int USHAInput(USHAContext *,
+ const uint8_t *bytes, unsigned int bytecount);
+ Incorporate bytecount octets into the hash.
+ int USHAFinalBits(USHAContext *,
+ const uint8_t bits, unsigned int bitcount);
+ Incorporate bitcount bits into the hash.
+ int USHAResult(USHAContext *,
+ uint8_t Message_Digest[USHAMaxHashSize]);
+ Do the final calculations on the hash and copy the value
+ into Message_Digest. Octets in Message_Digest beyond
+ USHAHashSize(whichSha) are left untouched.
+ int USHAHashSize(enum SHAversion whichSha);
+ The number of octets in the given hash.
+ int USHAHashSizeBits(enum SHAversion whichSha);
+ The number of bits in the given hash.
+ int USHABlockSize(enum SHAversion whichSha);
+ The internal block size for the given hash.
+
+ The hmac functions follow the same pattern to allow any length of
+ text input to be used.
+
+ Structure:
+ typedef HMACContext an opaque structure holding the complete state
+ for producing the hash
+
+ Functions:
+ int hmacReset(HMACContext *ctx, enum SHAversion whichSha,
+ const unsigned char *key, int key_len);
+ Reset the hash context state.
+ int hmacInput(HMACContext *ctx, const unsigned char *text,
+ int text_len);
+ Incorporate text_len octets into the hash.
+ int hmacFinalBits(HMACContext *ctx, const uint8_t bits,
+ unsigned int bitcount);
+ Incorporate bitcount bits into the hash.
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 17]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ int hmacResult(HMACContext *ctx,
+ uint8_t Message_Digest[USHAMaxHashSize]);
+ Do the final calculations on the hash and copy the value
+ into Message_Digest. Octets in Message_Digest beyond
+ USHAHashSize(whichSha) are left untouched.
+
+ In addition, a combined interface is provided, similar to that shown
+ in RFC 2104, that allows a fixed-length text input to be used.
+
+ int hmac(SHAversion whichSha,
+ const unsigned char *text, int text_len,
+ const unsigned char *key, int key_len,
+ uint8_t Message_Digest[USHAMaxHashSize]);
+ Calculate the given digest for the given text and key, and
+ return the resulting hash. Octets in Message_Digest beyond
+ USHAHashSize(whichSha) are left untouched.
+
+8.1. The .h File
+
+/**************************** sha.h ****************************/
+/******************* See RFC 4634 for details ******************/
+#ifndef _SHA_H_
+#define _SHA_H_
+
+/*
+ * Description:
+ * This file implements the Secure Hash Signature Standard
+ * algorithms as defined in the National Institute of Standards
+ * and Technology Federal Information Processing Standards
+ * Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2
+ * published on August 1, 2002, and the FIPS PUB 180-2 Change
+ * Notice published on February 28, 2004.
+ *
+ * A combined document showing all algorithms is available at
+ * http://csrc.nist.gov/publications/fips/
+ * fips180-2/fips180-2withchangenotice.pdf
+ *
+ * The five hashes are defined in these sizes:
+ * SHA-1 20 byte / 160 bit
+ * SHA-224 28 byte / 224 bit
+ * SHA-256 32 byte / 256 bit
+ * SHA-384 48 byte / 384 bit
+ * SHA-512 64 byte / 512 bit
+ */
+
+#include <stdint.h>
+/*
+ * If you do not have the ISO standard stdint.h header file, then you
+
+
+
+Eastlake 3rd & Hansen Informational [Page 18]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * must typedef the following:
+ * name meaning
+ * uint64_t unsigned 64 bit integer
+ * uint32_t unsigned 32 bit integer
+ * uint8_t unsigned 8 bit integer (i.e., unsigned char)
+ * int_least16_t integer of >= 16 bits
+ *
+ */
+
+#ifndef _SHA_enum_
+#define _SHA_enum_
+/*
+ * All SHA functions return one of these values.
+ */
+enum {
+ shaSuccess = 0,
+ shaNull, /* Null pointer parameter */
+ shaInputTooLong, /* input data too long */
+ shaStateError, /* called Input after FinalBits or Result */
+ shaBadParam /* passed a bad parameter */
+};
+#endif /* _SHA_enum_ */
+
+/*
+ * These constants hold size information for each of the SHA
+ * hashing operations
+ */
+enum {
+ SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64,
+ SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128,
+ SHA512_Message_Block_Size = 128,
+ USHA_Max_Message_Block_Size = SHA512_Message_Block_Size,
+
+ SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32,
+ SHA384HashSize = 48, SHA512HashSize = 64,
+ USHAMaxHashSize = SHA512HashSize,
+
+ SHA1HashSizeBits = 160, SHA224HashSizeBits = 224,
+ SHA256HashSizeBits = 256, SHA384HashSizeBits = 384,
+ SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits
+};
+
+/*
+ * These constants are used in the USHA (unified sha) functions.
+ */
+typedef enum SHAversion {
+ SHA1, SHA224, SHA256, SHA384, SHA512
+} SHAversion;
+
+
+
+Eastlake 3rd & Hansen Informational [Page 19]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/*
+ * This structure will hold context information for the SHA-1
+ * hashing operation.
+ */
+typedef struct SHA1Context {
+ uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
+
+ uint32_t Length_Low; /* Message length in bits */
+ uint32_t Length_High; /* Message length in bits */
+
+ int_least16_t Message_Block_Index; /* Message_Block array index */
+ /* 512-bit message blocks */
+ uint8_t Message_Block[SHA1_Message_Block_Size];
+
+ int Computed; /* Is the digest computed? */
+ int Corrupted; /* Is the digest corrupted? */
+} SHA1Context;
+
+/*
+ * This structure will hold context information for the SHA-256
+ * hashing operation.
+ */
+typedef struct SHA256Context {
+ uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */
+
+ uint32_t Length_Low; /* Message length in bits */
+ uint32_t Length_High; /* Message length in bits */
+
+ int_least16_t Message_Block_Index; /* Message_Block array index */
+ /* 512-bit message blocks */
+ uint8_t Message_Block[SHA256_Message_Block_Size];
+
+ int Computed; /* Is the digest computed? */
+ int Corrupted; /* Is the digest corrupted? */
+} SHA256Context;
+
+/*
+ * This structure will hold context information for the SHA-512
+ * hashing operation.
+ */
+typedef struct SHA512Context {
+#ifdef USE_32BIT_ONLY
+ uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */
+ uint32_t Length[4]; /* Message length in bits */
+#else /* !USE_32BIT_ONLY */
+ uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */
+ uint64_t Length_Low, Length_High; /* Message length in bits */
+#endif /* USE_32BIT_ONLY */
+
+
+
+Eastlake 3rd & Hansen Informational [Page 20]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ int_least16_t Message_Block_Index; /* Message_Block array index */
+ /* 1024-bit message blocks */
+ uint8_t Message_Block[SHA512_Message_Block_Size];
+
+ int Computed; /* Is the digest computed?*/
+ int Corrupted; /* Is the digest corrupted? */
+} SHA512Context;
+
+/*
+ * This structure will hold context information for the SHA-224
+ * hashing operation. It uses the SHA-256 structure for computation.
+ */
+typedef struct SHA256Context SHA224Context;
+
+/*
+ * This structure will hold context information for the SHA-384
+ * hashing operation. It uses the SHA-512 structure for computation.
+ */
+typedef struct SHA512Context SHA384Context;
+
+/*
+ * This structure holds context information for all SHA
+ * hashing operations.
+ */
+typedef struct USHAContext {
+ int whichSha; /* which SHA is being used */
+ union {
+ SHA1Context sha1Context;
+ SHA224Context sha224Context; SHA256Context sha256Context;
+ SHA384Context sha384Context; SHA512Context sha512Context;
+ } ctx;
+} USHAContext;
+
+/*
+ * This structure will hold context information for the HMAC
+ * keyed hashing operation.
+ */
+typedef struct HMACContext {
+ int whichSha; /* which SHA is being used */
+ int hashSize; /* hash size of SHA being used */
+ int blockSize; /* block size of SHA being used */
+ USHAContext shaContext; /* SHA context */
+ unsigned char k_opad[USHA_Max_Message_Block_Size];
+ /* outer padding - key XORd with opad */
+} HMACContext;
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 21]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/*
+ * Function Prototypes
+ */
+
+/* SHA-1 */
+extern int SHA1Reset(SHA1Context *);
+extern int SHA1Input(SHA1Context *, const uint8_t *bytes,
+ unsigned int bytecount);
+extern int SHA1FinalBits(SHA1Context *, const uint8_t bits,
+ unsigned int bitcount);
+extern int SHA1Result(SHA1Context *,
+ uint8_t Message_Digest[SHA1HashSize]);
+
+/* SHA-224 */
+extern int SHA224Reset(SHA224Context *);
+extern int SHA224Input(SHA224Context *, const uint8_t *bytes,
+ unsigned int bytecount);
+extern int SHA224FinalBits(SHA224Context *, const uint8_t bits,
+ unsigned int bitcount);
+extern int SHA224Result(SHA224Context *,
+ uint8_t Message_Digest[SHA224HashSize]);
+
+/* SHA-256 */
+extern int SHA256Reset(SHA256Context *);
+extern int SHA256Input(SHA256Context *, const uint8_t *bytes,
+ unsigned int bytecount);
+extern int SHA256FinalBits(SHA256Context *, const uint8_t bits,
+ unsigned int bitcount);
+extern int SHA256Result(SHA256Context *,
+ uint8_t Message_Digest[SHA256HashSize]);
+
+/* SHA-384 */
+extern int SHA384Reset(SHA384Context *);
+extern int SHA384Input(SHA384Context *, const uint8_t *bytes,
+ unsigned int bytecount);
+extern int SHA384FinalBits(SHA384Context *, const uint8_t bits,
+ unsigned int bitcount);
+extern int SHA384Result(SHA384Context *,
+ uint8_t Message_Digest[SHA384HashSize]);
+
+/* SHA-512 */
+extern int SHA512Reset(SHA512Context *);
+extern int SHA512Input(SHA512Context *, const uint8_t *bytes,
+ unsigned int bytecount);
+extern int SHA512FinalBits(SHA512Context *, const uint8_t bits,
+ unsigned int bitcount);
+extern int SHA512Result(SHA512Context *,
+ uint8_t Message_Digest[SHA512HashSize]);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 22]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/* Unified SHA functions, chosen by whichSha */
+extern int USHAReset(USHAContext *, SHAversion whichSha);
+extern int USHAInput(USHAContext *,
+ const uint8_t *bytes, unsigned int bytecount);
+extern int USHAFinalBits(USHAContext *,
+ const uint8_t bits, unsigned int bitcount);
+extern int USHAResult(USHAContext *,
+ uint8_t Message_Digest[USHAMaxHashSize]);
+extern int USHABlockSize(enum SHAversion whichSha);
+extern int USHAHashSize(enum SHAversion whichSha);
+extern int USHAHashSizeBits(enum SHAversion whichSha);
+
+/*
+ * HMAC Keyed-Hashing for Message Authentication, RFC2104,
+ * for all SHAs.
+ * This interface allows a fixed-length text input to be used.
+ */
+extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */
+ const unsigned char *text, /* pointer to data stream */
+ int text_len, /* length of data stream */
+ const unsigned char *key, /* pointer to authentication key */
+ int key_len, /* length of authentication key */
+ uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */
+
+/*
+ * HMAC Keyed-Hashing for Message Authentication, RFC2104,
+ * for all SHAs.
+ * This interface allows any length of text input to be used.
+ */
+extern int hmacReset(HMACContext *ctx, enum SHAversion whichSha,
+ const unsigned char *key, int key_len);
+extern int hmacInput(HMACContext *ctx, const unsigned char *text,
+ int text_len);
+
+extern int hmacFinalBits(HMACContext *ctx, const uint8_t bits,
+ unsigned int bitcount);
+extern int hmacResult(HMACContext *ctx,
+ uint8_t digest[USHAMaxHashSize]);
+
+#endif /* _SHA_H_ */
+
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 23]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+8.2. The SHA Code
+
+ This code is primarily intended as expository and could be optimized
+ further. For example, the assignment rotations through the variables
+ a, b, ..., h could be treated as a cycle and the loop unrolled,
+ rather than doing the explicit copying.
+
+ Note that there are alternative representations of the Ch() and Maj()
+ functions controlled by an ifdef.
+
+8.2.1. sha1.c
+
+/**************************** sha1.c ****************************/
+/******************** See RFC 4634 for details ******************/
+/*
+ * Description:
+ * This file implements the Secure Hash Signature Standard
+ * algorithms as defined in the National Institute of Standards
+ * and Technology Federal Information Processing Standards
+ * Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2
+ * published on August 1, 2002, and the FIPS PUB 180-2 Change
+ * Notice published on February 28, 2004.
+ *
+ * A combined document showing all algorithms is available at
+ * http://csrc.nist.gov/publications/fips/
+ * fips180-2/fips180-2withchangenotice.pdf
+ *
+ * The SHA-1 algorithm produces a 160-bit message digest for a
+ * given data stream. It should take about 2**n steps to find a
+ * message with the same digest as a given message and
+ * 2**(n/2) to find any two messages with the same digest,
+ * when n is the digest size in bits. Therefore, this
+ * algorithm can serve as a means of providing a
+ * "fingerprint" for a message.
+ *
+ * Portability Issues:
+ * SHA-1 is defined in terms of 32-bit "words". This code
+ * uses <stdint.h> (included via "sha.h") to define 32 and 8
+ * bit unsigned integer types. If your C compiler does not
+ * support 32 bit unsigned integers, this code is not
+ * appropriate.
+ *
+ * Caveats:
+ * SHA-1 is designed to work with messages less than 2^64 bits
+ * long. This implementation uses SHA1Input() to hash the bits
+ * that are a multiple of the size of an 8-bit character, and then
+ * uses SHA1FinalBits() to hash the final few bits of the input.
+ */
+
+
+
+Eastlake 3rd & Hansen Informational [Page 24]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+#include "sha.h"
+#include "sha-private.h"
+
+/*
+ * Define the SHA1 circular left shift macro
+ */
+#define SHA1_ROTL(bits,word) \
+ (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/*
+ * add "length" to the length
+ */
+static uint32_t addTemp;
+#define SHA1AddLength(context, length) \
+ (addTemp = (context)->Length_Low, \
+ (context)->Corrupted = \
+ (((context)->Length_Low += (length)) < addTemp) && \
+ (++(context)->Length_High == 0) ? 1 : 0)
+
+/* Local Function Prototypes */
+static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte);
+static void SHA1PadMessage(SHA1Context *, uint8_t Pad_Byte);
+static void SHA1ProcessMessageBlock(SHA1Context *);
+
+/*
+ * SHA1Reset
+ *
+ * Description:
+ * This function will initialize the SHA1Context in preparation
+ * for computing a new SHA1 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Reset(SHA1Context *context)
+{
+ if (!context)
+ return shaNull;
+
+ context->Length_Low = 0;
+ context->Length_High = 0;
+ context->Message_Block_Index = 0;
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 25]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ /* Initial Hash Values: FIPS-180-2 section 5.3.1 */
+ context->Intermediate_Hash[0] = 0x67452301;
+ context->Intermediate_Hash[1] = 0xEFCDAB89;
+ context->Intermediate_Hash[2] = 0x98BADCFE;
+ context->Intermediate_Hash[3] = 0x10325476;
+ context->Intermediate_Hash[4] = 0xC3D2E1F0;
+
+ context->Computed = 0;
+ context->Corrupted = 0;
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Input(SHA1Context *context,
+ const uint8_t *message_array, unsigned length)
+{
+ if (!length)
+ return shaSuccess;
+
+ if (!context || !message_array)
+ return shaNull;
+
+ if (context->Computed) {
+ context->Corrupted = shaStateError;
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+
+
+
+Eastlake 3rd & Hansen Informational [Page 26]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ return context->Corrupted;
+
+ while (length-- && !context->Corrupted) {
+ context->Message_Block[context->Message_Block_Index++] =
+ (*message_array & 0xFF);
+
+ if (!SHA1AddLength(context, 8) &&
+ (context->Message_Block_Index == SHA1_Message_Block_Size))
+ SHA1ProcessMessageBlock(context);
+
+ message_array++;
+ }
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1FinalBits
+ *
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA1FinalBits(SHA1Context *context, const uint8_t message_bits,
+ unsigned int length)
+{
+ uint8_t masks[8] = {
+ /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
+ /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
+ /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
+ /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
+ };
+ uint8_t markbit[8] = {
+ /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
+ /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
+ /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
+
+
+
+Eastlake 3rd & Hansen Informational [Page 27]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
+ };
+
+ if (!length)
+ return shaSuccess;
+
+ if (!context)
+ return shaNull;
+
+ if (context->Computed || (length >= 8) || (length == 0)) {
+ context->Corrupted = shaStateError;
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ SHA1AddLength(context, length);
+ SHA1Finalize(context,
+ (uint8_t) ((message_bits & masks[length]) | markbit[length]));
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Result
+ *
+ * Description:
+ * This function will return the 160-bit message digest into the
+ * Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 19th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA-1 hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA1Result(SHA1Context *context,
+ uint8_t Message_Digest[SHA1HashSize])
+{
+ int i;
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 28]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ if (!context || !Message_Digest)
+ return shaNull;
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ if (!context->Computed)
+ SHA1Finalize(context, 0x80);
+
+ for (i = 0; i < SHA1HashSize; ++i)
+ Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2]
+ >> 8 * ( 3 - ( i & 0x03 ) ));
+
+ return shaSuccess;
+}
+
+/*
+ * SHA1Finalize
+ *
+ * Description:
+ * This helper function finishes off the digest calculations.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * Pad_Byte: [in]
+ * The last byte to add to the digest before the 0-padding
+ * and length. This will contain the last bits of the message
+ * followed by another single bit. If the message was an
+ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte)
+{
+ int i;
+ SHA1PadMessage(context, Pad_Byte);
+ /* message may be sensitive, clear it out */
+ for (i = 0; i < SHA1_Message_Block_Size; ++i)
+ context->Message_Block[i] = 0;
+ context->Length_Low = 0; /* and clear length */
+ context->Length_High = 0;
+ context->Computed = 1;
+}
+
+/*
+
+
+
+Eastlake 3rd & Hansen Informational [Page 29]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * SHA1PadMessage
+ *
+ * Description:
+ * According to the standard, the message must be padded to an
+ * even 512 bits. The first padding bit must be a '1'. The last
+ * 64 bits represent the length of the original message. All bits
+ * in between should be 0. This helper function will pad the
+ * message according to those rules by filling the Message_Block
+ * array accordingly. When it returns, it can be assumed that the
+ * message digest has been computed.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to pad
+ * Pad_Byte: [in]
+ * The last byte to add to the digest before the 0-padding
+ * and length. This will contain the last bits of the message
+ * followed by another single bit. If the message was an
+ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
+ *
+ * Returns:
+ * Nothing.
+ */
+static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte)
+{
+ /*
+ * Check to see if the current message block is too small to hold
+ * the initial padding bits and length. If so, we will pad the
+ * block, process it, and then continue padding into a second
+ * block.
+ */
+ if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
+ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+ while (context->Message_Block_Index < SHA1_Message_Block_Size)
+ context->Message_Block[context->Message_Block_Index++] = 0;
+
+ SHA1ProcessMessageBlock(context);
+ } else
+ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+
+ while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8))
+ context->Message_Block[context->Message_Block_Index++] = 0;
+
+ /*
+ * Store the message length as the last 8 octets
+ */
+ context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
+ context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 30]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
+ context->Message_Block[59] = (uint8_t) (context->Length_High);
+ context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
+ context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
+ context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
+ context->Message_Block[63] = (uint8_t) (context->Length_Low);
+
+ SHA1ProcessMessageBlock(context);
+}
+
+/*
+ * SHA1ProcessMessageBlock
+ *
+ * Description:
+ * This helper function will process the next 512 bits of the
+ * message stored in the Message_Block array.
+ *
+ * Parameters:
+ * None.
+ *
+ * Returns:
+ * Nothing.
+ *
+ * Comments:
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the
+ * names used in the publication.
+ */
+static void SHA1ProcessMessageBlock(SHA1Context *context)
+{
+ /* Constants defined in FIPS-180-2, section 4.2.1 */
+ const uint32_t K[4] = {
+ 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
+ };
+ int t; /* Loop counter */
+ uint32_t temp; /* Temporary word value */
+ uint32_t W[80]; /* Word sequence */
+ uint32_t A, B, C, D, E; /* Word buffers */
+
+ /*
+ * Initialize the first 16 words in the array W
+ */
+ for (t = 0; t < 16; t++) {
+ W[t] = ((uint32_t)context->Message_Block[t * 4]) << 24;
+ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16;
+ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8;
+ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]);
+ }
+
+
+
+Eastlake 3rd & Hansen Informational [Page 31]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ for (t = 16; t < 80; t++)
+ W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+
+ A = context->Intermediate_Hash[0];
+ B = context->Intermediate_Hash[1];
+ C = context->Intermediate_Hash[2];
+ D = context->Intermediate_Hash[3];
+ E = context->Intermediate_Hash[4];
+
+ for (t = 0; t < 20; t++) {
+ temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
+ E = D;
+ D = C;
+ C = SHA1_ROTL(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for (t = 20; t < 40; t++) {
+ temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
+ E = D;
+ D = C;
+ C = SHA1_ROTL(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for (t = 40; t < 60; t++) {
+ temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
+ E = D;
+ D = C;
+ C = SHA1_ROTL(30,B);
+ B = A;
+ A = temp;
+ }
+
+ for (t = 60; t < 80; t++) {
+ temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
+ E = D;
+ D = C;
+ C = SHA1_ROTL(30,B);
+ B = A;
+ A = temp;
+ }
+
+ context->Intermediate_Hash[0] += A;
+ context->Intermediate_Hash[1] += B;
+ context->Intermediate_Hash[2] += C;
+
+
+
+Eastlake 3rd & Hansen Informational [Page 32]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ context->Intermediate_Hash[3] += D;
+ context->Intermediate_Hash[4] += E;
+
+ context->Message_Block_Index = 0;
+}
+
+8.2.2. sha224-256.c
+
+/*************************** sha224-256.c ***************************/
+/********************* See RFC 4634 for details *********************/
+/*
+ * Description:
+ * This file implements the Secure Hash Signature Standard
+ * algorithms as defined in the National Institute of Standards
+ * and Technology Federal Information Processing Standards
+ * Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2
+ * published on August 1, 2002, and the FIPS PUB 180-2 Change
+ * Notice published on February 28, 2004.
+ *
+ * A combined document showing all algorithms is available at
+ * http://csrc.nist.gov/publications/fips/
+ * fips180-2/fips180-2withchangenotice.pdf
+ *
+ * The SHA-224 and SHA-256 algorithms produce 224-bit and 256-bit
+ * message digests for a given data stream. It should take about
+ * 2**n steps to find a message with the same digest as a given
+ * message and 2**(n/2) to find any two messages with the same
+ * digest, when n is the digest size in bits. Therefore, this
+ * algorithm can serve as a means of providing a
+ * "fingerprint" for a message.
+ *
+ * Portability Issues:
+ * SHA-224 and SHA-256 are defined in terms of 32-bit "words".
+ * This code uses <stdint.h> (included via "sha.h") to define 32
+ * and 8 bit unsigned integer types. If your C compiler does not
+ * support 32 bit unsigned integers, this code is not
+ * appropriate.
+ *
+ * Caveats:
+ * SHA-224 and SHA-256 are designed to work with messages less
+ * than 2^64 bits long. This implementation uses SHA224/256Input()
+ * to hash the bits that are a multiple of the size of an 8-bit
+ * character, and then uses SHA224/256FinalBits() to hash the
+ * final few bits of the input.
+ */
+
+#include "sha.h"
+#include "sha-private.h"
+
+
+
+Eastlake 3rd & Hansen Informational [Page 33]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/* Define the SHA shift, rotate left and rotate right macro */
+#define SHA256_SHR(bits,word) ((word) >> (bits))
+#define SHA256_ROTL(bits,word) \
+ (((word) << (bits)) | ((word) >> (32-(bits))))
+#define SHA256_ROTR(bits,word) \
+ (((word) >> (bits)) | ((word) << (32-(bits))))
+
+/* Define the SHA SIGMA and sigma macros */
+#define SHA256_SIGMA0(word) \
+ (SHA256_ROTR( 2,word) ^ SHA256_ROTR(13,word) ^ SHA256_ROTR(22,word))
+#define SHA256_SIGMA1(word) \
+ (SHA256_ROTR( 6,word) ^ SHA256_ROTR(11,word) ^ SHA256_ROTR(25,word))
+#define SHA256_sigma0(word) \
+ (SHA256_ROTR( 7,word) ^ SHA256_ROTR(18,word) ^ SHA256_SHR( 3,word))
+#define SHA256_sigma1(word) \
+ (SHA256_ROTR(17,word) ^ SHA256_ROTR(19,word) ^ SHA256_SHR(10,word))
+
+/*
+ * add "length" to the length
+ */
+static uint32_t addTemp;
+#define SHA224_256AddLength(context, length) \
+ (addTemp = (context)->Length_Low, (context)->Corrupted = \
+ (((context)->Length_Low += (length)) < addTemp) && \
+ (++(context)->Length_High == 0) ? 1 : 0)
+
+/* Local Function Prototypes */
+static void SHA224_256Finalize(SHA256Context *context,
+ uint8_t Pad_Byte);
+static void SHA224_256PadMessage(SHA256Context *context,
+ uint8_t Pad_Byte);
+static void SHA224_256ProcessMessageBlock(SHA256Context *context);
+static int SHA224_256Reset(SHA256Context *context, uint32_t *H0);
+static int SHA224_256ResultN(SHA256Context *context,
+ uint8_t Message_Digest[], int HashSize);
+
+/* Initial Hash Values: FIPS-180-2 Change Notice 1 */
+static uint32_t SHA224_H0[SHA256HashSize/4] = {
+ 0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939,
+ 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4
+};
+
+/* Initial Hash Values: FIPS-180-2 section 5.3.2 */
+static uint32_t SHA256_H0[SHA256HashSize/4] = {
+ 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
+ 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19
+};
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 34]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/*
+ * SHA224Reset
+ *
+ * Description:
+ * This function will initialize the SHA384Context in preparation
+ * for computing a new SHA224 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA224Reset(SHA224Context *context)
+{
+ return SHA224_256Reset(context, SHA224_H0);
+}
+
+/*
+ * SHA224Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA224Input(SHA224Context *context, const uint8_t *message_array,
+ unsigned int length)
+{
+ return SHA256Input(context, message_array, length);
+}
+
+/*
+ * SHA224FinalBits
+ *
+
+
+
+Eastlake 3rd & Hansen Informational [Page 35]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA224FinalBits( SHA224Context *context,
+ const uint8_t message_bits, unsigned int length)
+{
+ return SHA256FinalBits(context, message_bits, length);
+}
+
+/*
+ * SHA224Result
+ *
+ * Description:
+ * This function will return the 224-bit message
+ * digest into the Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 28th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA224Result(SHA224Context *context,
+ uint8_t Message_Digest[SHA224HashSize])
+{
+ return SHA224_256ResultN(context, Message_Digest, SHA224HashSize);
+}
+
+/*
+ * SHA256Reset
+
+
+
+Eastlake 3rd & Hansen Informational [Page 36]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ *
+ * Description:
+ * This function will initialize the SHA256Context in preparation
+ * for computing a new SHA256 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA256Reset(SHA256Context *context)
+{
+ return SHA224_256Reset(context, SHA256_H0);
+}
+
+/*
+ * SHA256Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA256Input(SHA256Context *context, const uint8_t *message_array,
+ unsigned int length)
+{
+ if (!length)
+ return shaSuccess;
+
+ if (!context || !message_array)
+ return shaNull;
+
+ if (context->Computed) {
+ context->Corrupted = shaStateError;
+ return shaStateError;
+
+
+
+Eastlake 3rd & Hansen Informational [Page 37]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ }
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ while (length-- && !context->Corrupted) {
+ context->Message_Block[context->Message_Block_Index++] =
+ (*message_array & 0xFF);
+
+ if (!SHA224_256AddLength(context, 8) &&
+ (context->Message_Block_Index == SHA256_Message_Block_Size))
+ SHA224_256ProcessMessageBlock(context);
+
+ message_array++;
+ }
+
+ return shaSuccess;
+
+}
+
+/*
+ * SHA256FinalBits
+ *
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA256FinalBits(SHA256Context *context,
+ const uint8_t message_bits, unsigned int length)
+{
+ uint8_t masks[8] = {
+ /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
+ /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
+ /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
+ /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
+ };
+
+
+
+Eastlake 3rd & Hansen Informational [Page 38]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ uint8_t markbit[8] = {
+ /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
+ /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
+ /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
+ /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
+ };
+
+ if (!length)
+ return shaSuccess;
+
+ if (!context)
+ return shaNull;
+
+ if ((context->Computed) || (length >= 8) || (length == 0)) {
+ context->Corrupted = shaStateError;
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ SHA224_256AddLength(context, length);
+ SHA224_256Finalize(context, (uint8_t)
+ ((message_bits & masks[length]) | markbit[length]));
+
+ return shaSuccess;
+}
+
+/*
+ * SHA256Result
+ *
+ * Description:
+ * This function will return the 256-bit message
+ * digest into the Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 32nd element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int SHA256Result(SHA256Context *context, uint8_t Message_Digest[])
+{
+
+
+
+Eastlake 3rd & Hansen Informational [Page 39]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ return SHA224_256ResultN(context, Message_Digest, SHA256HashSize);
+}
+
+/*
+ * SHA224_256Finalize
+ *
+ * Description:
+ * This helper function finishes off the digest calculations.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * Pad_Byte: [in]
+ * The last byte to add to the digest before the 0-padding
+ * and length. This will contain the last bits of the message
+ * followed by another single bit. If the message was an
+ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+static void SHA224_256Finalize(SHA256Context *context,
+ uint8_t Pad_Byte)
+{
+ int i;
+ SHA224_256PadMessage(context, Pad_Byte);
+ /* message may be sensitive, so clear it out */
+ for (i = 0; i < SHA256_Message_Block_Size; ++i)
+ context->Message_Block[i] = 0;
+ context->Length_Low = 0; /* and clear length */
+ context->Length_High = 0;
+ context->Computed = 1;
+}
+
+/*
+ * SHA224_256PadMessage
+ *
+ * Description:
+ * According to the standard, the message must be padded to an
+ * even 512 bits. The first padding bit must be a '1'. The
+ * last 64 bits represent the length of the original message.
+ * All bits in between should be 0. This helper function will pad
+ * the message according to those rules by filling the
+ * Message_Block array accordingly. When it returns, it can be
+ * assumed that the message digest has been computed.
+ *
+ * Parameters:
+ * context: [in/out]
+
+
+
+Eastlake 3rd & Hansen Informational [Page 40]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * The context to pad
+ * Pad_Byte: [in]
+ * The last byte to add to the digest before the 0-padding
+ * and length. This will contain the last bits of the message
+ * followed by another single bit. If the message was an
+ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
+ *
+ * Returns:
+ * Nothing.
+ */
+static void SHA224_256PadMessage(SHA256Context *context,
+ uint8_t Pad_Byte)
+{
+ /*
+ * Check to see if the current message block is too small to hold
+ * the initial padding bits and length. If so, we will pad the
+ * block, process it, and then continue padding into a second
+ * block.
+ */
+ if (context->Message_Block_Index >= (SHA256_Message_Block_Size-8)) {
+ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+ while (context->Message_Block_Index < SHA256_Message_Block_Size)
+ context->Message_Block[context->Message_Block_Index++] = 0;
+ SHA224_256ProcessMessageBlock(context);
+ } else
+ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+
+ while (context->Message_Block_Index < (SHA256_Message_Block_Size-8))
+ context->Message_Block[context->Message_Block_Index++] = 0;
+
+ /*
+ * Store the message length as the last 8 octets
+ */
+ context->Message_Block[56] = (uint8_t)(context->Length_High >> 24);
+ context->Message_Block[57] = (uint8_t)(context->Length_High >> 16);
+ context->Message_Block[58] = (uint8_t)(context->Length_High >> 8);
+ context->Message_Block[59] = (uint8_t)(context->Length_High);
+ context->Message_Block[60] = (uint8_t)(context->Length_Low >> 24);
+ context->Message_Block[61] = (uint8_t)(context->Length_Low >> 16);
+ context->Message_Block[62] = (uint8_t)(context->Length_Low >> 8);
+ context->Message_Block[63] = (uint8_t)(context->Length_Low);
+
+ SHA224_256ProcessMessageBlock(context);
+}
+
+/*
+ * SHA224_256ProcessMessageBlock
+ *
+
+
+
+Eastlake 3rd & Hansen Informational [Page 41]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * Description:
+ * This function will process the next 512 bits of the message
+ * stored in the Message_Block array.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ *
+ * Returns:
+ * Nothing.
+ *
+ * Comments:
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the
+ * names used in the publication.
+ */
+static void SHA224_256ProcessMessageBlock(SHA256Context *context)
+{
+ /* Constants defined in FIPS-180-2, section 4.2.2 */
+ static const uint32_t K[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b,
+ 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01,
+ 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
+ 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152,
+ 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
+ 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc,
+ 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819,
+ 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08,
+ 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f,
+ 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+ int t, t4; /* Loop counter */
+ uint32_t temp1, temp2; /* Temporary word value */
+ uint32_t W[64]; /* Word sequence */
+ uint32_t A, B, C, D, E, F, G, H; /* Word buffers */
+
+ /*
+ * Initialize the first 16 words in the array W
+ */
+ for (t = t4 = 0; t < 16; t++, t4 += 4)
+ W[t] = (((uint32_t)context->Message_Block[t4]) << 24) |
+ (((uint32_t)context->Message_Block[t4 + 1]) << 16) |
+ (((uint32_t)context->Message_Block[t4 + 2]) << 8) |
+ (((uint32_t)context->Message_Block[t4 + 3]));
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 42]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ for (t = 16; t < 64; t++)
+ W[t] = SHA256_sigma1(W[t-2]) + W[t-7] +
+ SHA256_sigma0(W[t-15]) + W[t-16];
+
+ A = context->Intermediate_Hash[0];
+ B = context->Intermediate_Hash[1];
+ C = context->Intermediate_Hash[2];
+ D = context->Intermediate_Hash[3];
+ E = context->Intermediate_Hash[4];
+ F = context->Intermediate_Hash[5];
+ G = context->Intermediate_Hash[6];
+ H = context->Intermediate_Hash[7];
+
+ for (t = 0; t < 64; t++) {
+ temp1 = H + SHA256_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
+ temp2 = SHA256_SIGMA0(A) + SHA_Maj(A,B,C);
+ H = G;
+ G = F;
+ F = E;
+ E = D + temp1;
+ D = C;
+ C = B;
+ B = A;
+ A = temp1 + temp2;
+ }
+
+ context->Intermediate_Hash[0] += A;
+ context->Intermediate_Hash[1] += B;
+ context->Intermediate_Hash[2] += C;
+ context->Intermediate_Hash[3] += D;
+ context->Intermediate_Hash[4] += E;
+ context->Intermediate_Hash[5] += F;
+ context->Intermediate_Hash[6] += G;
+ context->Intermediate_Hash[7] += H;
+
+ context->Message_Block_Index = 0;
+}
+
+/*
+ * SHA224_256Reset
+ *
+ * Description:
+ * This helper function will initialize the SHA256Context in
+ * preparation for computing a new SHA256 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+
+
+
+Eastlake 3rd & Hansen Informational [Page 43]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * H0
+ * The initial hash value to use.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+static int SHA224_256Reset(SHA256Context *context, uint32_t *H0)
+{
+ if (!context)
+ return shaNull;
+
+ context->Length_Low = 0;
+ context->Length_High = 0;
+ context->Message_Block_Index = 0;
+
+ context->Intermediate_Hash[0] = H0[0];
+ context->Intermediate_Hash[1] = H0[1];
+ context->Intermediate_Hash[2] = H0[2];
+ context->Intermediate_Hash[3] = H0[3];
+ context->Intermediate_Hash[4] = H0[4];
+ context->Intermediate_Hash[5] = H0[5];
+ context->Intermediate_Hash[6] = H0[6];
+ context->Intermediate_Hash[7] = H0[7];
+
+ context->Computed = 0;
+ context->Corrupted = 0;
+
+ return shaSuccess;
+}
+
+/*
+ * SHA224_256ResultN
+ *
+ * Description:
+ * This helper function will return the 224-bit or 256-bit message
+ * digest into the Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 28th/32nd element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ * HashSize: [in]
+ * The size of the hash, either 28 or 32.
+ *
+ * Returns:
+
+
+
+Eastlake 3rd & Hansen Informational [Page 44]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * sha Error Code.
+ */
+static int SHA224_256ResultN(SHA256Context *context,
+ uint8_t Message_Digest[], int HashSize)
+{
+ int i;
+
+ if (!context || !Message_Digest)
+ return shaNull;
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ if (!context->Computed)
+ SHA224_256Finalize(context, 0x80);
+
+ for (i = 0; i < HashSize; ++i)
+ Message_Digest[i] = (uint8_t)
+ (context->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) ));
+
+ return shaSuccess;
+}
+
+8.2.3. sha384-512.c
+
+/*************************** sha384-512.c ***************************/
+/********************* See RFC 4634 for details *********************/
+/*
+ * Description:
+ * This file implements the Secure Hash Signature Standard
+ * algorithms as defined in the National Institute of Standards
+ * and Technology Federal Information Processing Standards
+ * Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2
+ * published on August 1, 2002, and the FIPS PUB 180-2 Change
+ * Notice published on February 28, 2004.
+ *
+ * A combined document showing all algorithms is available at
+ * http://csrc.nist.gov/publications/fips/
+ * fips180-2/fips180-2withchangenotice.pdf
+ *
+ * The SHA-384 and SHA-512 algorithms produce 384-bit and 512-bit
+ * message digests for a given data stream. It should take about
+ * 2**n steps to find a message with the same digest as a given
+ * message and 2**(n/2) to find any two messages with the same
+ * digest, when n is the digest size in bits. Therefore, this
+ * algorithm can serve as a means of providing a
+ * "fingerprint" for a message.
+ *
+
+
+
+Eastlake 3rd & Hansen Informational [Page 45]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * Portability Issues:
+ * SHA-384 and SHA-512 are defined in terms of 64-bit "words",
+ * but if USE_32BIT_ONLY is #defined, this code is implemented in
+ * terms of 32-bit "words". This code uses <stdint.h> (included
+ * via "sha.h") to define the 64, 32 and 8 bit unsigned integer
+ * types. If your C compiler does not support 64 bit unsigned
+ * integers, and you do not #define USE_32BIT_ONLY, this code is
+ * not appropriate.
+ *
+ * Caveats:
+ * SHA-384 and SHA-512 are designed to work with messages less
+ * than 2^128 bits long. This implementation uses
+ * SHA384/512Input() to hash the bits that are a multiple of the
+ * size of an 8-bit character, and then uses SHA384/256FinalBits()
+ * to hash the final few bits of the input.
+ *
+ */
+
+#include "sha.h"
+#include "sha-private.h"
+
+#ifdef USE_32BIT_ONLY
+/*
+ * Define 64-bit arithmetic in terms of 32-bit arithmetic.
+ * Each 64-bit number is represented in a 2-word array.
+ * All macros are defined such that the result is the last parameter.
+ */
+
+/*
+ * Define shift, rotate left and rotate right functions
+ */
+#define SHA512_SHR(bits, word, ret) ( \
+ /* (((uint64_t)((word))) >> (bits)) */ \
+ (ret)[0] = (((bits) < 32) && ((bits) >= 0)) ? \
+ ((word)[0] >> (bits)) : 0, \
+ (ret)[1] = ((bits) > 32) ? ((word)[0] >> ((bits) - 32)) : \
+ ((bits) == 32) ? (word)[0] : \
+ ((bits) >= 0) ? \
+ (((word)[0] << (32 - (bits))) | \
+ ((word)[1] >> (bits))) : 0 )
+
+#define SHA512_SHL(bits, word, ret) ( \
+ /* (((uint64_t)(word)) << (bits)) */ \
+ (ret)[0] = ((bits) > 32) ? ((word)[1] << ((bits) - 32)) : \
+ ((bits) == 32) ? (word)[1] : \
+ ((bits) >= 0) ? \
+ (((word)[0] << (bits)) | \
+ ((word)[1] >> (32 - (bits)))) : \
+
+
+
+Eastlake 3rd & Hansen Informational [Page 46]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ 0, \
+ (ret)[1] = (((bits) < 32) && ((bits) >= 0)) ? \
+ ((word)[1] << (bits)) : 0 )
+
+/*
+ * Define 64-bit OR
+ */
+#define SHA512_OR(word1, word2, ret) ( \
+ (ret)[0] = (word1)[0] | (word2)[0], \
+ (ret)[1] = (word1)[1] | (word2)[1] )
+
+/*
+ * Define 64-bit XOR
+ */
+#define SHA512_XOR(word1, word2, ret) ( \
+ (ret)[0] = (word1)[0] ^ (word2)[0], \
+ (ret)[1] = (word1)[1] ^ (word2)[1] )
+
+/*
+ * Define 64-bit AND
+ */
+#define SHA512_AND(word1, word2, ret) ( \
+ (ret)[0] = (word1)[0] & (word2)[0], \
+ (ret)[1] = (word1)[1] & (word2)[1] )
+
+/*
+ * Define 64-bit TILDA
+ */
+#define SHA512_TILDA(word, ret) \
+ ( (ret)[0] = ~(word)[0], (ret)[1] = ~(word)[1] )
+
+/*
+ * Define 64-bit ADD
+ */
+#define SHA512_ADD(word1, word2, ret) ( \
+ (ret)[1] = (word1)[1], (ret)[1] += (word2)[1], \
+ (ret)[0] = (word1)[0] + (word2)[0] + ((ret)[1] < (word1)[1]) )
+
+/*
+ * Add the 4word value in word2 to word1.
+ */
+static uint32_t ADDTO4_temp, ADDTO4_temp2;
+#define SHA512_ADDTO4(word1, word2) ( \
+ ADDTO4_temp = (word1)[3], \
+ (word1)[3] += (word2)[3], \
+ ADDTO4_temp2 = (word1)[2], \
+ (word1)[2] += (word2)[2] + ((word1)[3] < ADDTO4_temp), \
+ ADDTO4_temp = (word1)[1], \
+
+
+
+Eastlake 3rd & Hansen Informational [Page 47]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ (word1)[1] += (word2)[1] + ((word1)[2] < ADDTO4_temp2), \
+ (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO4_temp) )
+
+/*
+ * Add the 2word value in word2 to word1.
+ */
+static uint32_t ADDTO2_temp;
+#define SHA512_ADDTO2(word1, word2) ( \
+ ADDTO2_temp = (word1)[1], \
+ (word1)[1] += (word2)[1], \
+ (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO2_temp) )
+
+/*
+ * SHA rotate ((word >> bits) | (word << (64-bits)))
+ */
+static uint32_t ROTR_temp1[2], ROTR_temp2[2];
+#define SHA512_ROTR(bits, word, ret) ( \
+ SHA512_SHR((bits), (word), ROTR_temp1), \
+ SHA512_SHL(64-(bits), (word), ROTR_temp2), \
+ SHA512_OR(ROTR_temp1, ROTR_temp2, (ret)) )
+
+/*
+ * Define the SHA SIGMA and sigma macros
+ * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
+ */
+static uint32_t SIGMA0_temp1[2], SIGMA0_temp2[2],
+ SIGMA0_temp3[2], SIGMA0_temp4[2];
+#define SHA512_SIGMA0(word, ret) ( \
+ SHA512_ROTR(28, (word), SIGMA0_temp1), \
+ SHA512_ROTR(34, (word), SIGMA0_temp2), \
+ SHA512_ROTR(39, (word), SIGMA0_temp3), \
+ SHA512_XOR(SIGMA0_temp2, SIGMA0_temp3, SIGMA0_temp4), \
+ SHA512_XOR(SIGMA0_temp1, SIGMA0_temp4, (ret)) )
+
+/*
+ * SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word)
+ */
+static uint32_t SIGMA1_temp1[2], SIGMA1_temp2[2],
+ SIGMA1_temp3[2], SIGMA1_temp4[2];
+#define SHA512_SIGMA1(word, ret) ( \
+ SHA512_ROTR(14, (word), SIGMA1_temp1), \
+ SHA512_ROTR(18, (word), SIGMA1_temp2), \
+ SHA512_ROTR(41, (word), SIGMA1_temp3), \
+ SHA512_XOR(SIGMA1_temp2, SIGMA1_temp3, SIGMA1_temp4), \
+ SHA512_XOR(SIGMA1_temp1, SIGMA1_temp4, (ret)) )
+
+/*
+ * (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
+
+
+
+Eastlake 3rd & Hansen Informational [Page 48]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ */
+static uint32_t sigma0_temp1[2], sigma0_temp2[2],
+ sigma0_temp3[2], sigma0_temp4[2];
+#define SHA512_sigma0(word, ret) ( \
+ SHA512_ROTR( 1, (word), sigma0_temp1), \
+ SHA512_ROTR( 8, (word), sigma0_temp2), \
+ SHA512_SHR( 7, (word), sigma0_temp3), \
+ SHA512_XOR(sigma0_temp2, sigma0_temp3, sigma0_temp4), \
+ SHA512_XOR(sigma0_temp1, sigma0_temp4, (ret)) )
+
+/*
+ * (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
+ */
+static uint32_t sigma1_temp1[2], sigma1_temp2[2],
+ sigma1_temp3[2], sigma1_temp4[2];
+#define SHA512_sigma1(word, ret) ( \
+ SHA512_ROTR(19, (word), sigma1_temp1), \
+ SHA512_ROTR(61, (word), sigma1_temp2), \
+ SHA512_SHR( 6, (word), sigma1_temp3), \
+ SHA512_XOR(sigma1_temp2, sigma1_temp3, sigma1_temp4), \
+ SHA512_XOR(sigma1_temp1, sigma1_temp4, (ret)) )
+
+#undef SHA_Ch
+#undef SHA_Maj
+
+#ifndef USE_MODIFIED_MACROS
+/*
+ * These definitions are the ones used in FIPS-180-2, section 4.1.3
+ * Ch(x,y,z) ((x & y) ^ (~x & z))
+ */
+static uint32_t Ch_temp1[2], Ch_temp2[2], Ch_temp3[2];
+#define SHA_Ch(x, y, z, ret) ( \
+ SHA512_AND(x, y, Ch_temp1), \
+ SHA512_TILDA(x, Ch_temp2), \
+ SHA512_AND(Ch_temp2, z, Ch_temp3), \
+ SHA512_XOR(Ch_temp1, Ch_temp3, (ret)) )
+/*
+ * Maj(x,y,z) (((x)&(y)) ^ ((x)&(z)) ^ ((y)&(z)))
+ */
+static uint32_t Maj_temp1[2], Maj_temp2[2],
+ Maj_temp3[2], Maj_temp4[2];
+#define SHA_Maj(x, y, z, ret) ( \
+ SHA512_AND(x, y, Maj_temp1), \
+ SHA512_AND(x, z, Maj_temp2), \
+ SHA512_AND(y, z, Maj_temp3), \
+ SHA512_XOR(Maj_temp2, Maj_temp3, Maj_temp4), \
+ SHA512_XOR(Maj_temp1, Maj_temp4, (ret)) )
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 49]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+#else /* !USE_32BIT_ONLY */
+/*
+ * These definitions are potentially faster equivalents for the ones
+ * used in FIPS-180-2, section 4.1.3.
+ * ((x & y) ^ (~x & z)) becomes
+ * ((x & (y ^ z)) ^ z)
+ */
+#define SHA_Ch(x, y, z, ret) ( \
+ (ret)[0] = (((x)[0] & ((y)[0] ^ (z)[0])) ^ (z)[0]), \
+ (ret)[1] = (((x)[1] & ((y)[1] ^ (z)[1])) ^ (z)[1]) )
+
+/*
+ * ((x & y) ^ (x & z) ^ (y & z)) becomes
+ * ((x & (y | z)) | (y & z))
+ */
+#define SHA_Maj(x, y, z, ret) ( \
+ ret[0] = (((x)[0] & ((y)[0] | (z)[0])) | ((y)[0] & (z)[0])), \
+ ret[1] = (((x)[1] & ((y)[1] | (z)[1])) | ((y)[1] & (z)[1])) )
+#endif /* USE_MODIFIED_MACROS */
+
+/*
+ * add "length" to the length
+ */
+static uint32_t addTemp[4] = { 0, 0, 0, 0 };
+#define SHA384_512AddLength(context, length) ( \
+ addTemp[3] = (length), SHA512_ADDTO4((context)->Length, addTemp), \
+ (context)->Corrupted = (((context)->Length[3] == 0) && \
+ ((context)->Length[2] == 0) && ((context)->Length[1] == 0) && \
+ ((context)->Length[0] < 8)) ? 1 : 0 )
+
+/* Local Function Prototypes */
+static void SHA384_512Finalize(SHA512Context *context,
+ uint8_t Pad_Byte);
+static void SHA384_512PadMessage(SHA512Context *context,
+ uint8_t Pad_Byte);
+static void SHA384_512ProcessMessageBlock(SHA512Context *context);
+static int SHA384_512Reset(SHA512Context *context, uint32_t H0[]);
+static int SHA384_512ResultN( SHA512Context *context,
+ uint8_t Message_Digest[], int HashSize);
+
+/* Initial Hash Values: FIPS-180-2 sections 5.3.3 and 5.3.4 */
+static uint32_t SHA384_H0[SHA512HashSize/4] = {
+ 0xCBBB9D5D, 0xC1059ED8, 0x629A292A, 0x367CD507, 0x9159015A,
+ 0x3070DD17, 0x152FECD8, 0xF70E5939, 0x67332667, 0xFFC00B31,
+ 0x8EB44A87, 0x68581511, 0xDB0C2E0D, 0x64F98FA7, 0x47B5481D,
+ 0xBEFA4FA4
+};
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 50]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+static uint32_t SHA512_H0[SHA512HashSize/4] = {
+ 0x6A09E667, 0xF3BCC908, 0xBB67AE85, 0x84CAA73B, 0x3C6EF372,
+ 0xFE94F82B, 0xA54FF53A, 0x5F1D36F1, 0x510E527F, 0xADE682D1,
+ 0x9B05688C, 0x2B3E6C1F, 0x1F83D9AB, 0xFB41BD6B, 0x5BE0CD19,
+ 0x137E2179
+};
+
+#else /* !USE_32BIT_ONLY */
+
+/* Define the SHA shift, rotate left and rotate right macro */
+#define SHA512_SHR(bits,word) (((uint64_t)(word)) >> (bits))
+#define SHA512_ROTR(bits,word) ((((uint64_t)(word)) >> (bits)) | \
+ (((uint64_t)(word)) << (64-(bits))))
+
+/* Define the SHA SIGMA and sigma macros */
+#define SHA512_SIGMA0(word) \
+ (SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word))
+#define SHA512_SIGMA1(word) \
+ (SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word))
+#define SHA512_sigma0(word) \
+ (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
+#define SHA512_sigma1(word) \
+ (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
+
+/*
+ * add "length" to the length
+ */
+static uint64_t addTemp;
+#define SHA384_512AddLength(context, length) \
+ (addTemp = context->Length_Low, context->Corrupted = \
+ ((context->Length_Low += length) < addTemp) && \
+ (++context->Length_High == 0) ? 1 : 0)
+
+/* Local Function Prototypes */
+static void SHA384_512Finalize(SHA512Context *context,
+ uint8_t Pad_Byte);
+static void SHA384_512PadMessage(SHA512Context *context,
+ uint8_t Pad_Byte);
+static void SHA384_512ProcessMessageBlock(SHA512Context *context);
+static int SHA384_512Reset(SHA512Context *context, uint64_t H0[]);
+static int SHA384_512ResultN(SHA512Context *context,
+ uint8_t Message_Digest[], int HashSize);
+
+/* Initial Hash Values: FIPS-180-2 sections 5.3.3 and 5.3.4 */
+static uint64_t SHA384_H0[] = {
+ 0xCBBB9D5DC1059ED8ll, 0x629A292A367CD507ll, 0x9159015A3070DD17ll,
+ 0x152FECD8F70E5939ll, 0x67332667FFC00B31ll, 0x8EB44A8768581511ll,
+ 0xDB0C2E0D64F98FA7ll, 0x47B5481DBEFA4FA4ll
+
+
+
+Eastlake 3rd & Hansen Informational [Page 51]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+};
+static uint64_t SHA512_H0[] = {
+ 0x6A09E667F3BCC908ll, 0xBB67AE8584CAA73Bll, 0x3C6EF372FE94F82Bll,
+ 0xA54FF53A5F1D36F1ll, 0x510E527FADE682D1ll, 0x9B05688C2B3E6C1Fll,
+ 0x1F83D9ABFB41BD6Bll, 0x5BE0CD19137E2179ll
+};
+
+#endif /* USE_32BIT_ONLY */
+
+/*
+ * SHA384Reset
+ *
+ * Description:
+ * This function will initialize the SHA384Context in preparation
+ * for computing a new SHA384 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA384Reset(SHA384Context *context)
+{
+ return SHA384_512Reset(context, SHA384_H0);
+}
+
+/*
+ * SHA384Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+
+
+
+Eastlake 3rd & Hansen Informational [Page 52]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ */
+int SHA384Input(SHA384Context *context,
+ const uint8_t *message_array, unsigned int length)
+{
+ return SHA512Input(context, message_array, length);
+}
+
+/*
+ * SHA384FinalBits
+ *
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA384FinalBits(SHA384Context *context,
+ const uint8_t message_bits, unsigned int length)
+{
+ return SHA512FinalBits(context, message_bits, length);
+}
+
+/*
+ * SHA384Result
+ *
+ * Description:
+ * This function will return the 384-bit message
+ * digest into the Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 48th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+
+
+
+Eastlake 3rd & Hansen Informational [Page 53]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA384Result(SHA384Context *context,
+ uint8_t Message_Digest[SHA384HashSize])
+{
+ return SHA384_512ResultN(context, Message_Digest, SHA384HashSize);
+}
+
+/*
+ * SHA512Reset
+ *
+ * Description:
+ * This function will initialize the SHA512Context in preparation
+ * for computing a new SHA512 message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA512Reset(SHA512Context *context)
+{
+ return SHA384_512Reset(context, SHA512_H0);
+}
+
+/*
+ * SHA512Input
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+
+
+
+Eastlake 3rd & Hansen Informational [Page 54]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ *
+ */
+int SHA512Input(SHA512Context *context,
+ const uint8_t *message_array,
+ unsigned int length)
+{
+ if (!length)
+ return shaSuccess;
+
+ if (!context || !message_array)
+ return shaNull;
+
+ if (context->Computed) {
+ context->Corrupted = shaStateError;
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ while (length-- && !context->Corrupted) {
+ context->Message_Block[context->Message_Block_Index++] =
+ (*message_array & 0xFF);
+
+ if (!SHA384_512AddLength(context, 8) &&
+ (context->Message_Block_Index == SHA512_Message_Block_Size))
+ SHA384_512ProcessMessageBlock(context);
+
+ message_array++;
+ }
+
+ return shaSuccess;
+}
+
+/*
+ * SHA512FinalBits
+ *
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+
+
+
+Eastlake 3rd & Hansen Informational [Page 55]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int SHA512FinalBits(SHA512Context *context,
+ const uint8_t message_bits, unsigned int length)
+{
+ uint8_t masks[8] = {
+ /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
+ /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
+ /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
+ /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
+ };
+ uint8_t markbit[8] = {
+ /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
+ /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
+ /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
+ /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
+ };
+
+ if (!length)
+ return shaSuccess;
+
+ if (!context)
+ return shaNull;
+
+ if ((context->Computed) || (length >= 8) || (length == 0)) {
+ context->Corrupted = shaStateError;
+ return shaStateError;
+ }
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ SHA384_512AddLength(context, length);
+ SHA384_512Finalize(context, (uint8_t)
+ ((message_bits & masks[length]) | markbit[length]));
+
+ return shaSuccess;
+}
+
+/*
+ * SHA384_512Finalize
+ *
+ * Description:
+ * This helper function finishes off the digest calculations.
+
+
+
+Eastlake 3rd & Hansen Informational [Page 56]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * Pad_Byte: [in]
+ * The last byte to add to the digest before the 0-padding
+ * and length. This will contain the last bits of the message
+ * followed by another single bit. If the message was an
+ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+static void SHA384_512Finalize(SHA512Context *context,
+ uint8_t Pad_Byte)
+{
+ int_least16_t i;
+ SHA384_512PadMessage(context, Pad_Byte);
+ /* message may be sensitive, clear it out */
+ for (i = 0; i < SHA512_Message_Block_Size; ++i)
+ context->Message_Block[i] = 0;
+#ifdef USE_32BIT_ONLY /* and clear length */
+ context->Length[0] = context->Length[1] = 0;
+ context->Length[2] = context->Length[3] = 0;
+#else /* !USE_32BIT_ONLY */
+ context->Length_Low = 0;
+ context->Length_High = 0;
+#endif /* USE_32BIT_ONLY */
+ context->Computed = 1;
+}
+
+/*
+ * SHA512Result
+ *
+ * Description:
+ * This function will return the 512-bit message
+ * digest into the Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 64th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+
+
+
+Eastlake 3rd & Hansen Informational [Page 57]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * sha Error Code.
+ *
+ */
+int SHA512Result(SHA512Context *context,
+ uint8_t Message_Digest[SHA512HashSize])
+{
+ return SHA384_512ResultN(context, Message_Digest, SHA512HashSize);
+}
+
+/*
+ * SHA384_512PadMessage
+ *
+ * Description:
+ * According to the standard, the message must be padded to an
+ * even 1024 bits. The first padding bit must be a '1'. The
+ * last 128 bits represent the length of the original message.
+ * All bits in between should be 0. This helper function will
+ * pad the message according to those rules by filling the
+ * Message_Block array accordingly. When it returns, it can be
+ * assumed that the message digest has been computed.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to pad
+ * Pad_Byte: [in]
+ * The last byte to add to the digest before the 0-padding
+ * and length. This will contain the last bits of the message
+ * followed by another single bit. If the message was an
+ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
+ *
+ * Returns:
+ * Nothing.
+ *
+ */
+static void SHA384_512PadMessage(SHA512Context *context,
+ uint8_t Pad_Byte)
+{
+ /*
+ * Check to see if the current message block is too small to hold
+ * the initial padding bits and length. If so, we will pad the
+ * block, process it, and then continue padding into a second
+ * block.
+ */
+ if (context->Message_Block_Index >= (SHA512_Message_Block_Size-16)) {
+ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+ while (context->Message_Block_Index < SHA512_Message_Block_Size)
+ context->Message_Block[context->Message_Block_Index++] = 0;
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 58]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ SHA384_512ProcessMessageBlock(context);
+ } else
+ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+
+ while (context->Message_Block_Index < (SHA512_Message_Block_Size-16))
+ context->Message_Block[context->Message_Block_Index++] = 0;
+
+ /*
+ * Store the message length as the last 16 octets
+ */
+#ifdef USE_32BIT_ONLY
+ context->Message_Block[112] = (uint8_t)(context->Length[0] >> 24);
+ context->Message_Block[113] = (uint8_t)(context->Length[0] >> 16);
+ context->Message_Block[114] = (uint8_t)(context->Length[0] >> 8);
+ context->Message_Block[115] = (uint8_t)(context->Length[0]);
+ context->Message_Block[116] = (uint8_t)(context->Length[1] >> 24);
+ context->Message_Block[117] = (uint8_t)(context->Length[1] >> 16);
+ context->Message_Block[118] = (uint8_t)(context->Length[1] >> 8);
+ context->Message_Block[119] = (uint8_t)(context->Length[1]);
+
+ context->Message_Block[120] = (uint8_t)(context->Length[2] >> 24);
+ context->Message_Block[121] = (uint8_t)(context->Length[2] >> 16);
+ context->Message_Block[122] = (uint8_t)(context->Length[2] >> 8);
+ context->Message_Block[123] = (uint8_t)(context->Length[2]);
+ context->Message_Block[124] = (uint8_t)(context->Length[3] >> 24);
+ context->Message_Block[125] = (uint8_t)(context->Length[3] >> 16);
+ context->Message_Block[126] = (uint8_t)(context->Length[3] >> 8);
+ context->Message_Block[127] = (uint8_t)(context->Length[3]);
+#else /* !USE_32BIT_ONLY */
+ context->Message_Block[112] = (uint8_t)(context->Length_High >> 56);
+ context->Message_Block[113] = (uint8_t)(context->Length_High >> 48);
+ context->Message_Block[114] = (uint8_t)(context->Length_High >> 40);
+ context->Message_Block[115] = (uint8_t)(context->Length_High >> 32);
+ context->Message_Block[116] = (uint8_t)(context->Length_High >> 24);
+ context->Message_Block[117] = (uint8_t)(context->Length_High >> 16);
+ context->Message_Block[118] = (uint8_t)(context->Length_High >> 8);
+ context->Message_Block[119] = (uint8_t)(context->Length_High);
+
+ context->Message_Block[120] = (uint8_t)(context->Length_Low >> 56);
+ context->Message_Block[121] = (uint8_t)(context->Length_Low >> 48);
+ context->Message_Block[122] = (uint8_t)(context->Length_Low >> 40);
+ context->Message_Block[123] = (uint8_t)(context->Length_Low >> 32);
+ context->Message_Block[124] = (uint8_t)(context->Length_Low >> 24);
+ context->Message_Block[125] = (uint8_t)(context->Length_Low >> 16);
+ context->Message_Block[126] = (uint8_t)(context->Length_Low >> 8);
+ context->Message_Block[127] = (uint8_t)(context->Length_Low);
+#endif /* USE_32BIT_ONLY */
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 59]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ SHA384_512ProcessMessageBlock(context);
+}
+
+/*
+ * SHA384_512ProcessMessageBlock
+ *
+ * Description:
+ * This helper function will process the next 1024 bits of the
+ * message stored in the Message_Block array.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ *
+ * Returns:
+ * Nothing.
+ *
+ * Comments:
+ * Many of the variable names in this code, especially the
+ * single character names, were used because those were the
+ * names used in the publication.
+ *
+ *
+ */
+static void SHA384_512ProcessMessageBlock(SHA512Context *context)
+{
+ /* Constants defined in FIPS-180-2, section 4.2.3 */
+#ifdef USE_32BIT_ONLY
+ static const uint32_t K[80*2] = {
+ 0x428A2F98, 0xD728AE22, 0x71374491, 0x23EF65CD, 0xB5C0FBCF,
+ 0xEC4D3B2F, 0xE9B5DBA5, 0x8189DBBC, 0x3956C25B, 0xF348B538,
+ 0x59F111F1, 0xB605D019, 0x923F82A4, 0xAF194F9B, 0xAB1C5ED5,
+ 0xDA6D8118, 0xD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE,
+ 0x243185BE, 0x4EE4B28C, 0x550C7DC3, 0xD5FFB4E2, 0x72BE5D74,
+ 0xF27B896F, 0x80DEB1FE, 0x3B1696B1, 0x9BDC06A7, 0x25C71235,
+ 0xC19BF174, 0xCF692694, 0xE49B69C1, 0x9EF14AD2, 0xEFBE4786,
+ 0x384F25E3, 0x0FC19DC6, 0x8B8CD5B5, 0x240CA1CC, 0x77AC9C65,
+ 0x2DE92C6F, 0x592B0275, 0x4A7484AA, 0x6EA6E483, 0x5CB0A9DC,
+ 0xBD41FBD4, 0x76F988DA, 0x831153B5, 0x983E5152, 0xEE66DFAB,
+ 0xA831C66D, 0x2DB43210, 0xB00327C8, 0x98FB213F, 0xBF597FC7,
+ 0xBEEF0EE4, 0xC6E00BF3, 0x3DA88FC2, 0xD5A79147, 0x930AA725,
+ 0x06CA6351, 0xE003826F, 0x14292967, 0x0A0E6E70, 0x27B70A85,
+ 0x46D22FFC, 0x2E1B2138, 0x5C26C926, 0x4D2C6DFC, 0x5AC42AED,
+ 0x53380D13, 0x9D95B3DF, 0x650A7354, 0x8BAF63DE, 0x766A0ABB,
+ 0x3C77B2A8, 0x81C2C92E, 0x47EDAEE6, 0x92722C85, 0x1482353B,
+ 0xA2BFE8A1, 0x4CF10364, 0xA81A664B, 0xBC423001, 0xC24B8B70,
+ 0xD0F89791, 0xC76C51A3, 0x0654BE30, 0xD192E819, 0xD6EF5218,
+ 0xD6990624, 0x5565A910, 0xF40E3585, 0x5771202A, 0x106AA070,
+
+
+
+Eastlake 3rd & Hansen Informational [Page 60]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ 0x32BBD1B8, 0x19A4C116, 0xB8D2D0C8, 0x1E376C08, 0x5141AB53,
+ 0x2748774C, 0xDF8EEB99, 0x34B0BCB5, 0xE19B48A8, 0x391C0CB3,
+ 0xC5C95A63, 0x4ED8AA4A, 0xE3418ACB, 0x5B9CCA4F, 0x7763E373,
+ 0x682E6FF3, 0xD6B2B8A3, 0x748F82EE, 0x5DEFB2FC, 0x78A5636F,
+ 0x43172F60, 0x84C87814, 0xA1F0AB72, 0x8CC70208, 0x1A6439EC,
+ 0x90BEFFFA, 0x23631E28, 0xA4506CEB, 0xDE82BDE9, 0xBEF9A3F7,
+ 0xB2C67915, 0xC67178F2, 0xE372532B, 0xCA273ECE, 0xEA26619C,
+ 0xD186B8C7, 0x21C0C207, 0xEADA7DD6, 0xCDE0EB1E, 0xF57D4F7F,
+ 0xEE6ED178, 0x06F067AA, 0x72176FBA, 0x0A637DC5, 0xA2C898A6,
+ 0x113F9804, 0xBEF90DAE, 0x1B710B35, 0x131C471B, 0x28DB77F5,
+ 0x23047D84, 0x32CAAB7B, 0x40C72493, 0x3C9EBE0A, 0x15C9BEBC,
+ 0x431D67C4, 0x9C100D4C, 0x4CC5D4BE, 0xCB3E42B6, 0x597F299C,
+ 0xFC657E2A, 0x5FCB6FAB, 0x3AD6FAEC, 0x6C44198C, 0x4A475817
+ };
+ int t, t2, t8; /* Loop counter */
+ uint32_t temp1[2], temp2[2], /* Temporary word values */
+ temp3[2], temp4[2], temp5[2];
+ uint32_t W[2*80]; /* Word sequence */
+ uint32_t A[2], B[2], C[2], D[2], /* Word buffers */
+ E[2], F[2], G[2], H[2];
+
+ /* Initialize the first 16 words in the array W */
+ for (t = t2 = t8 = 0; t < 16; t++, t8 += 8) {
+ W[t2++] = ((((uint32_t)context->Message_Block[t8 ])) << 24) |
+ ((((uint32_t)context->Message_Block[t8 + 1])) << 16) |
+ ((((uint32_t)context->Message_Block[t8 + 2])) << 8) |
+ ((((uint32_t)context->Message_Block[t8 + 3])));
+ W[t2++] = ((((uint32_t)context->Message_Block[t8 + 4])) << 24) |
+ ((((uint32_t)context->Message_Block[t8 + 5])) << 16) |
+ ((((uint32_t)context->Message_Block[t8 + 6])) << 8) |
+ ((((uint32_t)context->Message_Block[t8 + 7])));
+ }
+
+ for (t = 16; t < 80; t++, t2 += 2) {
+ /* W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
+ SHA512_sigma0(W[t-15]) + W[t-16]; */
+ uint32_t *Wt2 = &W[t2-2*2];
+ uint32_t *Wt7 = &W[t2-7*2];
+ uint32_t *Wt15 = &W[t2-15*2];
+ uint32_t *Wt16 = &W[t2-16*2];
+ SHA512_sigma1(Wt2, temp1);
+ SHA512_ADD(temp1, Wt7, temp2);
+ SHA512_sigma0(Wt15, temp1);
+ SHA512_ADD(temp1, Wt16, temp3);
+ SHA512_ADD(temp2, temp3, &W[t2]);
+ }
+
+ A[0] = context->Intermediate_Hash[0];
+
+
+
+Eastlake 3rd & Hansen Informational [Page 61]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ A[1] = context->Intermediate_Hash[1];
+ B[0] = context->Intermediate_Hash[2];
+ B[1] = context->Intermediate_Hash[3];
+ C[0] = context->Intermediate_Hash[4];
+ C[1] = context->Intermediate_Hash[5];
+ D[0] = context->Intermediate_Hash[6];
+ D[1] = context->Intermediate_Hash[7];
+ E[0] = context->Intermediate_Hash[8];
+ E[1] = context->Intermediate_Hash[9];
+ F[0] = context->Intermediate_Hash[10];
+ F[1] = context->Intermediate_Hash[11];
+ G[0] = context->Intermediate_Hash[12];
+ G[1] = context->Intermediate_Hash[13];
+ H[0] = context->Intermediate_Hash[14];
+ H[1] = context->Intermediate_Hash[15];
+
+ for (t = t2 = 0; t < 80; t++, t2 += 2) {
+ /*
+ * temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
+ */
+ SHA512_SIGMA1(E,temp1);
+ SHA512_ADD(H, temp1, temp2);
+ SHA_Ch(E,F,G,temp3);
+ SHA512_ADD(temp2, temp3, temp4);
+ SHA512_ADD(&K[t2], &W[t2], temp5);
+ SHA512_ADD(temp4, temp5, temp1);
+ /*
+ * temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
+ */
+ SHA512_SIGMA0(A,temp3);
+ SHA_Maj(A,B,C,temp4);
+ SHA512_ADD(temp3, temp4, temp2);
+ H[0] = G[0]; H[1] = G[1];
+ G[0] = F[0]; G[1] = F[1];
+ F[0] = E[0]; F[1] = E[1];
+ SHA512_ADD(D, temp1, E);
+ D[0] = C[0]; D[1] = C[1];
+ C[0] = B[0]; C[1] = B[1];
+ B[0] = A[0]; B[1] = A[1];
+ SHA512_ADD(temp1, temp2, A);
+ }
+
+ SHA512_ADDTO2(&context->Intermediate_Hash[0], A);
+ SHA512_ADDTO2(&context->Intermediate_Hash[2], B);
+ SHA512_ADDTO2(&context->Intermediate_Hash[4], C);
+ SHA512_ADDTO2(&context->Intermediate_Hash[6], D);
+ SHA512_ADDTO2(&context->Intermediate_Hash[8], E);
+ SHA512_ADDTO2(&context->Intermediate_Hash[10], F);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 62]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ SHA512_ADDTO2(&context->Intermediate_Hash[12], G);
+ SHA512_ADDTO2(&context->Intermediate_Hash[14], H);
+
+#else /* !USE_32BIT_ONLY */
+ static const uint64_t K[80] = {
+ 0x428A2F98D728AE22ll, 0x7137449123EF65CDll, 0xB5C0FBCFEC4D3B2Fll,
+ 0xE9B5DBA58189DBBCll, 0x3956C25BF348B538ll, 0x59F111F1B605D019ll,
+ 0x923F82A4AF194F9Bll, 0xAB1C5ED5DA6D8118ll, 0xD807AA98A3030242ll,
+ 0x12835B0145706FBEll, 0x243185BE4EE4B28Cll, 0x550C7DC3D5FFB4E2ll,
+ 0x72BE5D74F27B896Fll, 0x80DEB1FE3B1696B1ll, 0x9BDC06A725C71235ll,
+ 0xC19BF174CF692694ll, 0xE49B69C19EF14AD2ll, 0xEFBE4786384F25E3ll,
+ 0x0FC19DC68B8CD5B5ll, 0x240CA1CC77AC9C65ll, 0x2DE92C6F592B0275ll,
+ 0x4A7484AA6EA6E483ll, 0x5CB0A9DCBD41FBD4ll, 0x76F988DA831153B5ll,
+ 0x983E5152EE66DFABll, 0xA831C66D2DB43210ll, 0xB00327C898FB213Fll,
+ 0xBF597FC7BEEF0EE4ll, 0xC6E00BF33DA88FC2ll, 0xD5A79147930AA725ll,
+ 0x06CA6351E003826Fll, 0x142929670A0E6E70ll, 0x27B70A8546D22FFCll,
+ 0x2E1B21385C26C926ll, 0x4D2C6DFC5AC42AEDll, 0x53380D139D95B3DFll,
+ 0x650A73548BAF63DEll, 0x766A0ABB3C77B2A8ll, 0x81C2C92E47EDAEE6ll,
+ 0x92722C851482353Bll, 0xA2BFE8A14CF10364ll, 0xA81A664BBC423001ll,
+ 0xC24B8B70D0F89791ll, 0xC76C51A30654BE30ll, 0xD192E819D6EF5218ll,
+ 0xD69906245565A910ll, 0xF40E35855771202All, 0x106AA07032BBD1B8ll,
+ 0x19A4C116B8D2D0C8ll, 0x1E376C085141AB53ll, 0x2748774CDF8EEB99ll,
+ 0x34B0BCB5E19B48A8ll, 0x391C0CB3C5C95A63ll, 0x4ED8AA4AE3418ACBll,
+ 0x5B9CCA4F7763E373ll, 0x682E6FF3D6B2B8A3ll, 0x748F82EE5DEFB2FCll,
+ 0x78A5636F43172F60ll, 0x84C87814A1F0AB72ll, 0x8CC702081A6439ECll,
+ 0x90BEFFFA23631E28ll, 0xA4506CEBDE82BDE9ll, 0xBEF9A3F7B2C67915ll,
+ 0xC67178F2E372532Bll, 0xCA273ECEEA26619Cll, 0xD186B8C721C0C207ll,
+ 0xEADA7DD6CDE0EB1Ell, 0xF57D4F7FEE6ED178ll, 0x06F067AA72176FBAll,
+ 0x0A637DC5A2C898A6ll, 0x113F9804BEF90DAEll, 0x1B710B35131C471Bll,
+ 0x28DB77F523047D84ll, 0x32CAAB7B40C72493ll, 0x3C9EBE0A15C9BEBCll,
+ 0x431D67C49C100D4Cll, 0x4CC5D4BECB3E42B6ll, 0x597F299CFC657E2All,
+ 0x5FCB6FAB3AD6FAECll, 0x6C44198C4A475817ll
+ };
+ int t, t8; /* Loop counter */
+ uint64_t temp1, temp2; /* Temporary word value */
+ uint64_t W[80]; /* Word sequence */
+ uint64_t A, B, C, D, E, F, G, H; /* Word buffers */
+
+ /*
+ * Initialize the first 16 words in the array W
+ */
+ for (t = t8 = 0; t < 16; t++, t8 += 8)
+ W[t] = ((uint64_t)(context->Message_Block[t8 ]) << 56) |
+ ((uint64_t)(context->Message_Block[t8 + 1]) << 48) |
+ ((uint64_t)(context->Message_Block[t8 + 2]) << 40) |
+ ((uint64_t)(context->Message_Block[t8 + 3]) << 32) |
+ ((uint64_t)(context->Message_Block[t8 + 4]) << 24) |
+ ((uint64_t)(context->Message_Block[t8 + 5]) << 16) |
+
+
+
+Eastlake 3rd & Hansen Informational [Page 63]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ ((uint64_t)(context->Message_Block[t8 + 6]) << 8) |
+ ((uint64_t)(context->Message_Block[t8 + 7]));
+
+ for (t = 16; t < 80; t++)
+ W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
+ SHA512_sigma0(W[t-15]) + W[t-16];
+
+ A = context->Intermediate_Hash[0];
+ B = context->Intermediate_Hash[1];
+ C = context->Intermediate_Hash[2];
+ D = context->Intermediate_Hash[3];
+ E = context->Intermediate_Hash[4];
+ F = context->Intermediate_Hash[5];
+ G = context->Intermediate_Hash[6];
+ H = context->Intermediate_Hash[7];
+
+ for (t = 0; t < 80; t++) {
+ temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
+ temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
+ H = G;
+ G = F;
+ F = E;
+ E = D + temp1;
+ D = C;
+ C = B;
+ B = A;
+ A = temp1 + temp2;
+ }
+
+ context->Intermediate_Hash[0] += A;
+ context->Intermediate_Hash[1] += B;
+ context->Intermediate_Hash[2] += C;
+ context->Intermediate_Hash[3] += D;
+ context->Intermediate_Hash[4] += E;
+ context->Intermediate_Hash[5] += F;
+ context->Intermediate_Hash[6] += G;
+ context->Intermediate_Hash[7] += H;
+#endif /* USE_32BIT_ONLY */
+
+ context->Message_Block_Index = 0;
+}
+
+/*
+ * SHA384_512Reset
+ *
+ * Description:
+ * This helper function will initialize the SHA512Context in
+ * preparation for computing a new SHA384 or SHA512 message
+
+
+
+Eastlake 3rd & Hansen Informational [Page 64]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ * H0
+ * The initial hash value to use.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+#ifdef USE_32BIT_ONLY
+static int SHA384_512Reset(SHA512Context *context, uint32_t H0[])
+#else /* !USE_32BIT_ONLY */
+static int SHA384_512Reset(SHA512Context *context, uint64_t H0[])
+#endif /* USE_32BIT_ONLY */
+{
+ int i;
+ if (!context)
+ return shaNull;
+
+ context->Message_Block_Index = 0;
+
+#ifdef USE_32BIT_ONLY
+ context->Length[0] = context->Length[1] = 0;
+ context->Length[2] = context->Length[3] = 0;
+
+ for (i = 0; i < SHA512HashSize/4; i++)
+ context->Intermediate_Hash[i] = H0[i];
+#else /* !USE_32BIT_ONLY */
+ context->Length_High = context->Length_Low = 0;
+
+ for (i = 0; i < SHA512HashSize/8; i++)
+ context->Intermediate_Hash[i] = H0[i];
+#endif /* USE_32BIT_ONLY */
+
+ context->Computed = 0;
+ context->Corrupted = 0;
+
+ return shaSuccess;
+}
+
+/*
+ * SHA384_512ResultN
+ *
+ * Description:
+ * This helper function will return the 384-bit or 512-bit message
+
+
+
+Eastlake 3rd & Hansen Informational [Page 65]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * digest into the Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 48th/64th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ * HashSize: [in]
+ * The size of the hash, either 48 or 64.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+static int SHA384_512ResultN(SHA512Context *context,
+ uint8_t Message_Digest[], int HashSize)
+{
+ int i;
+
+#ifdef USE_32BIT_ONLY
+ int i2;
+#endif /* USE_32BIT_ONLY */
+
+ if (!context || !Message_Digest)
+ return shaNull;
+
+ if (context->Corrupted)
+ return context->Corrupted;
+
+ if (!context->Computed)
+ SHA384_512Finalize(context, 0x80);
+
+#ifdef USE_32BIT_ONLY
+ for (i = i2 = 0; i < HashSize; ) {
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
+ Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
+ }
+#else /* !USE_32BIT_ONLY */
+ for (i = 0; i < HashSize; ++i)
+ Message_Digest[i] = (uint8_t)
+
+
+
+Eastlake 3rd & Hansen Informational [Page 66]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ (context->Intermediate_Hash[i>>3] >> 8 * ( 7 - ( i % 8 ) ));
+#endif /* USE_32BIT_ONLY */
+
+ return shaSuccess;
+}
+
+8.2.4. usha.c
+
+/**************************** usha.c ****************************/
+/******************** See RFC 4634 for details ******************/
+/*
+ * Description:
+ * This file implements a unified interface to the SHA algorithms.
+ */
+
+#include "sha.h"
+
+/*
+ * USHAReset
+ *
+ * Description:
+ * This function will initialize the SHA Context in preparation
+ * for computing a new SHA message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ * whichSha: [in]
+ * Selects which SHA reset to call
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int USHAReset(USHAContext *ctx, enum SHAversion whichSha)
+{
+ if (ctx) {
+ ctx->whichSha = whichSha;
+ switch (whichSha) {
+ case SHA1: return SHA1Reset((SHA1Context*)&ctx->ctx);
+ case SHA224: return SHA224Reset((SHA224Context*)&ctx->ctx);
+ case SHA256: return SHA256Reset((SHA256Context*)&ctx->ctx);
+ case SHA384: return SHA384Reset((SHA384Context*)&ctx->ctx);
+ case SHA512: return SHA512Reset((SHA512Context*)&ctx->ctx);
+ default: return shaBadParam;
+ }
+ } else {
+ return shaNull;
+
+
+
+Eastlake 3rd & Hansen Informational [Page 67]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ }
+}
+
+/*
+ * USHAInput
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int USHAInput(USHAContext *ctx,
+ const uint8_t *bytes, unsigned int bytecount)
+{
+ if (ctx) {
+ switch (ctx->whichSha) {
+ case SHA1:
+ return SHA1Input((SHA1Context*)&ctx->ctx, bytes, bytecount);
+ case SHA224:
+ return SHA224Input((SHA224Context*)&ctx->ctx, bytes,
+ bytecount);
+ case SHA256:
+ return SHA256Input((SHA256Context*)&ctx->ctx, bytes,
+ bytecount);
+ case SHA384:
+ return SHA384Input((SHA384Context*)&ctx->ctx, bytes,
+ bytecount);
+ case SHA512:
+ return SHA512Input((SHA512Context*)&ctx->ctx, bytes,
+ bytecount);
+ default: return shaBadParam;
+ }
+ } else {
+ return shaNull;
+ }
+}
+
+
+
+Eastlake 3rd & Hansen Informational [Page 68]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/*
+ * USHAFinalBits
+ *
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The SHA context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int USHAFinalBits(USHAContext *ctx,
+ const uint8_t bits, unsigned int bitcount)
+{
+ if (ctx) {
+ switch (ctx->whichSha) {
+ case SHA1:
+ return SHA1FinalBits((SHA1Context*)&ctx->ctx, bits, bitcount);
+ case SHA224:
+ return SHA224FinalBits((SHA224Context*)&ctx->ctx, bits,
+ bitcount);
+ case SHA256:
+ return SHA256FinalBits((SHA256Context*)&ctx->ctx, bits,
+ bitcount);
+ case SHA384:
+ return SHA384FinalBits((SHA384Context*)&ctx->ctx, bits,
+ bitcount);
+ case SHA512:
+ return SHA512FinalBits((SHA512Context*)&ctx->ctx, bits,
+ bitcount);
+ default: return shaBadParam;
+ }
+ } else {
+ return shaNull;
+ }
+}
+
+/*
+ * USHAResult
+ *
+
+
+
+Eastlake 3rd & Hansen Informational [Page 69]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * Description:
+ * This function will return the 160-bit message digest into the
+ * Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the 19th element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the SHA-1 hash.
+ * Message_Digest: [out]
+ * Where the digest is returned.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int USHAResult(USHAContext *ctx,
+ uint8_t Message_Digest[USHAMaxHashSize])
+{
+ if (ctx) {
+ switch (ctx->whichSha) {
+ case SHA1:
+ return SHA1Result((SHA1Context*)&ctx->ctx, Message_Digest);
+ case SHA224:
+ return SHA224Result((SHA224Context*)&ctx->ctx, Message_Digest);
+ case SHA256:
+ return SHA256Result((SHA256Context*)&ctx->ctx, Message_Digest);
+ case SHA384:
+ return SHA384Result((SHA384Context*)&ctx->ctx, Message_Digest);
+ case SHA512:
+ return SHA512Result((SHA512Context*)&ctx->ctx, Message_Digest);
+ default: return shaBadParam;
+ }
+ } else {
+ return shaNull;
+ }
+}
+
+/*
+ * USHABlockSize
+ *
+ * Description:
+ * This function will return the blocksize for the given SHA
+ * algorithm.
+ *
+ * Parameters:
+ * whichSha:
+ * which SHA algorithm to query
+
+
+
+Eastlake 3rd & Hansen Informational [Page 70]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ *
+ * Returns:
+ * block size
+ *
+ */
+int USHABlockSize(enum SHAversion whichSha)
+{
+ switch (whichSha) {
+ case SHA1: return SHA1_Message_Block_Size;
+ case SHA224: return SHA224_Message_Block_Size;
+ case SHA256: return SHA256_Message_Block_Size;
+ case SHA384: return SHA384_Message_Block_Size;
+ default:
+ case SHA512: return SHA512_Message_Block_Size;
+ }
+}
+
+/*
+ * USHAHashSize
+ *
+ * Description:
+ * This function will return the hashsize for the given SHA
+ * algorithm.
+ *
+ * Parameters:
+ * whichSha:
+ * which SHA algorithm to query
+ *
+ * Returns:
+ * hash size
+ *
+ */
+int USHAHashSize(enum SHAversion whichSha)
+{
+ switch (whichSha) {
+ case SHA1: return SHA1HashSize;
+ case SHA224: return SHA224HashSize;
+ case SHA256: return SHA256HashSize;
+ case SHA384: return SHA384HashSize;
+ default:
+ case SHA512: return SHA512HashSize;
+ }
+}
+
+/*
+ * USHAHashSizeBits
+ *
+ * Description:
+
+
+
+Eastlake 3rd & Hansen Informational [Page 71]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * This function will return the hashsize for the given SHA
+ * algorithm, expressed in bits.
+ *
+ * Parameters:
+ * whichSha:
+ * which SHA algorithm to query
+ *
+ * Returns:
+ * hash size in bits
+ *
+ */
+int USHAHashSizeBits(enum SHAversion whichSha)
+{
+ switch (whichSha) {
+ case SHA1: return SHA1HashSizeBits;
+ case SHA224: return SHA224HashSizeBits;
+ case SHA256: return SHA256HashSizeBits;
+ case SHA384: return SHA384HashSizeBits;
+ default:
+ case SHA512: return SHA512HashSizeBits;
+ }
+}
+
+8.2.5. sha-private.h
+
+/*************************** sha-private.h ***************************/
+/********************** See RFC 4634 for details *********************/
+#ifndef _SHA_PRIVATE__H
+#define _SHA_PRIVATE__H
+/*
+ * These definitions are defined in FIPS-180-2, section 4.1.
+ * Ch() and Maj() are defined identically in sections 4.1.1,
+ * 4.1.2 and 4.1.3.
+ *
+ * The definitions used in FIPS-180-2 are as follows:
+ */
+
+#ifndef USE_MODIFIED_MACROS
+#define SHA_Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define SHA_Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#else /* USE_MODIFIED_MACROS */
+/*
+ * The following definitions are equivalent and potentially faster.
+ */
+
+#define SHA_Ch(x, y, z) (((x) & ((y) ^ (z))) ^ (z))
+#define SHA_Maj(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
+
+
+
+Eastlake 3rd & Hansen Informational [Page 72]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+#endif /* USE_MODIFIED_MACROS */
+
+#define SHA_Parity(x, y, z) ((x) ^ (y) ^ (z))
+
+#endif /* _SHA_PRIVATE__H */
+
+8.3 The HMAC Code
+
+/**************************** hmac.c ****************************/
+/******************** See RFC 4634 for details ******************/
+/*
+ * Description:
+ * This file implements the HMAC algorithm (Keyed-Hashing for
+ * Message Authentication, RFC2104), expressed in terms of the
+ * various SHA algorithms.
+ */
+
+#include "sha.h"
+
+/*
+ * hmac
+ *
+ * Description:
+ * This function will compute an HMAC message digest.
+ *
+ * Parameters:
+ * whichSha: [in]
+ * One of SHA1, SHA224, SHA256, SHA384, SHA512
+ * key: [in]
+ * The secret shared key.
+ * key_len: [in]
+ * The length of the secret shared key.
+ * message_array: [in]
+ * An array of characters representing the message.
+ * length: [in]
+ * The length of the message in message_array
+ * digest: [out]
+ * Where the digest is returned.
+ * NOTE: The length of the digest is determined by
+ * the value of whichSha.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int hmac(SHAversion whichSha, const unsigned char *text, int text_len,
+ const unsigned char *key, int key_len,
+ uint8_t digest[USHAMaxHashSize])
+
+
+
+Eastlake 3rd & Hansen Informational [Page 73]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+{
+ HMACContext ctx;
+ return hmacReset(&ctx, whichSha, key, key_len) ||
+ hmacInput(&ctx, text, text_len) ||
+ hmacResult(&ctx, digest);
+}
+
+/*
+ * hmacReset
+ *
+ * Description:
+ * This function will initialize the hmacContext in preparation
+ * for computing a new HMAC message digest.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to reset.
+ * whichSha: [in]
+ * One of SHA1, SHA224, SHA256, SHA384, SHA512
+ * key: [in]
+ * The secret shared key.
+ * key_len: [in]
+ * The length of the secret shared key.
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int hmacReset(HMACContext *ctx, enum SHAversion whichSha,
+ const unsigned char *key, int key_len)
+{
+ int i, blocksize, hashsize;
+
+ /* inner padding - key XORd with ipad */
+ unsigned char k_ipad[USHA_Max_Message_Block_Size];
+
+ /* temporary buffer when keylen > blocksize */
+ unsigned char tempkey[USHAMaxHashSize];
+
+ if (!ctx) return shaNull;
+
+ blocksize = ctx->blockSize = USHABlockSize(whichSha);
+ hashsize = ctx->hashSize = USHAHashSize(whichSha);
+
+ ctx->whichSha = whichSha;
+
+ /*
+ * If key is longer than the hash blocksize,
+
+
+
+Eastlake 3rd & Hansen Informational [Page 74]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * reset it to key = HASH(key).
+ */
+ if (key_len > blocksize) {
+ USHAContext tctx;
+ int err = USHAReset(&tctx, whichSha) ||
+ USHAInput(&tctx, key, key_len) ||
+ USHAResult(&tctx, tempkey);
+ if (err != shaSuccess) return err;
+
+ key = tempkey;
+ key_len = hashsize;
+ }
+
+ /*
+ * The HMAC transform looks like:
+ *
+ * SHA(K XOR opad, SHA(K XOR ipad, text))
+ *
+ * where K is an n byte key.
+ * ipad is the byte 0x36 repeated blocksize times
+ * opad is the byte 0x5c repeated blocksize times
+ * and text is the data being protected.
+ */
+
+ /* store key into the pads, XOR'd with ipad and opad values */
+ for (i = 0; i < key_len; i++) {
+ k_ipad[i] = key[i] ^ 0x36;
+ ctx->k_opad[i] = key[i] ^ 0x5c;
+ }
+ /* remaining pad bytes are '\0' XOR'd with ipad and opad values */
+ for ( ; i < blocksize; i++) {
+ k_ipad[i] = 0x36;
+ ctx->k_opad[i] = 0x5c;
+ }
+
+ /* perform inner hash */
+ /* init context for 1st pass */
+ return USHAReset(&ctx->shaContext, whichSha) ||
+ /* and start with inner pad */
+ USHAInput(&ctx->shaContext, k_ipad, blocksize);
+}
+
+/*
+ * hmacInput
+ *
+ * Description:
+ * This function accepts an array of octets as the next portion
+ * of the message.
+
+
+
+Eastlake 3rd & Hansen Informational [Page 75]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ *
+ * Parameters:
+ * context: [in/out]
+ * The HMAC context to update
+ * message_array: [in]
+ * An array of characters representing the next portion of
+ * the message.
+ * length: [in]
+ * The length of the message in message_array
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int hmacInput(HMACContext *ctx, const unsigned char *text,
+ int text_len)
+{
+ if (!ctx) return shaNull;
+ /* then text of datagram */
+ return USHAInput(&ctx->shaContext, text, text_len);
+}
+
+/*
+ * HMACFinalBits
+ *
+ * Description:
+ * This function will add in any final bits of the message.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The HMAC context to update
+ * message_bits: [in]
+ * The final bits of the message, in the upper portion of the
+ * byte. (Use 0b###00000 instead of 0b00000### to input the
+ * three bits ###.)
+ * length: [in]
+ * The number of bits in message_bits, between 1 and 7.
+ *
+ * Returns:
+ * sha Error Code.
+ */
+int hmacFinalBits(HMACContext *ctx,
+ const uint8_t bits,
+ unsigned int bitcount)
+{
+ if (!ctx) return shaNull;
+ /* then final bits of datagram */
+ return USHAFinalBits(&ctx->shaContext, bits, bitcount);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 76]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+}
+
+/*
+ * HMACResult
+ *
+ * Description:
+ * This function will return the N-byte message digest into the
+ * Message_Digest array provided by the caller.
+ * NOTE: The first octet of hash is stored in the 0th element,
+ * the last octet of hash in the Nth element.
+ *
+ * Parameters:
+ * context: [in/out]
+ * The context to use to calculate the HMAC hash.
+ * digest: [out]
+ * Where the digest is returned.
+ * NOTE 2: The length of the hash is determined by the value of
+ * whichSha that was passed to hmacReset().
+ *
+ * Returns:
+ * sha Error Code.
+ *
+ */
+int hmacResult(HMACContext *ctx, uint8_t *digest)
+{
+ if (!ctx) return shaNull;
+
+ /* finish up 1st pass */
+ /* (Use digest here as a temporary buffer.) */
+ return USHAResult(&ctx->shaContext, digest) ||
+
+ /* perform outer SHA */
+ /* init context for 2nd pass */
+ USHAReset(&ctx->shaContext, ctx->whichSha) ||
+
+ /* start with outer pad */
+ USHAInput(&ctx->shaContext, ctx->k_opad, ctx->blockSize) ||
+
+ /* then results of 1st hash */
+ USHAInput(&ctx->shaContext, digest, ctx->hashSize) ||
+
+ /* finish up 2nd pass */
+ USHAResult(&ctx->shaContext, digest);
+}
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 77]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+8.4. The Test Driver
+
+ The following code is a main program test driver to exercise the code
+ in sha1.c, sha224-256.c, and sha384-512.c. The test driver can also
+ be used as a stand-alone program for generating the hashes.
+
+ See also [RFC2202], [RFC4231], and [SHAVS].
+
+/**************************** shatest.c ****************************/
+/********************* See RFC 4634 for details ********************/
+/*
+ * Description:
+ * This file will exercise the SHA code performing
+ * the three tests documented in FIPS PUB 180-2
+ * (http://csrc.nist.gov/publications/fips/
+ * fips180-2/fips180-2withchangenotice.pdf)
+ * one that calls SHAInput with an exact multiple of 512 bits
+ * the seven tests documented for each algorithm in
+ * "The Secure Hash Algorithm Validation System (SHAVS)",
+ * three of which are bit-level tests
+ * (http://csrc.nist.gov/cryptval/shs/SHAVS.pdf)
+ *
+ * This file will exercise the HMAC SHA1 code performing
+ * the seven tests documented in RFCs 2202 and 4231.
+ *
+ * To run the tests and just see PASSED/FAILED, use the -p option.
+ *
+ * Other options exercise:
+ * hashing an arbitrary string
+ * hashing a file's contents
+ * a few error test checks
+ * printing the results in raw format
+ *
+ * Portability Issues:
+ * None.
+ *
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include "sha.h"
+
+static int xgetopt(int argc, char **argv, const char *optstring);
+extern char *xoptarg;
+static int scasecmp(const char *s1, const char *s2);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 78]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/*
+ * Define patterns for testing
+ */
+#define TEST1 "abc"
+#define TEST2_1 \
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+#define TEST2_2a \
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+#define TEST2_2b \
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+#define TEST2_2 TEST2_2a TEST2_2b
+#define TEST3 "a" /* times 1000000 */
+#define TEST4a "01234567012345670123456701234567"
+#define TEST4b "01234567012345670123456701234567"
+ /* an exact multiple of 512 bits */
+#define TEST4 TEST4a TEST4b /* times 10 */
+
+#define TEST7_1 \
+ "\x49\xb2\xae\xc2\x59\x4b\xbe\x3a\x3b\x11\x75\x42\xd9\x4a\xc8"
+#define TEST8_1 \
+ "\x9a\x7d\xfd\xf1\xec\xea\xd0\x6e\xd6\x46\xaa\x55\xfe\x75\x71\x46"
+#define TEST9_1 \
+ "\x65\xf9\x32\x99\x5b\xa4\xce\x2c\xb1\xb4\xa2\xe7\x1a\xe7\x02\x20" \
+ "\xaa\xce\xc8\x96\x2d\xd4\x49\x9c\xbd\x7c\x88\x7a\x94\xea\xaa\x10" \
+ "\x1e\xa5\xaa\xbc\x52\x9b\x4e\x7e\x43\x66\x5a\x5a\xf2\xcd\x03\xfe" \
+ "\x67\x8e\xa6\xa5\x00\x5b\xba\x3b\x08\x22\x04\xc2\x8b\x91\x09\xf4" \
+ "\x69\xda\xc9\x2a\xaa\xb3\xaa\x7c\x11\xa1\xb3\x2a"
+#define TEST10_1 \
+ "\xf7\x8f\x92\x14\x1b\xcd\x17\x0a\xe8\x9b\x4f\xba\x15\xa1\xd5\x9f" \
+ "\x3f\xd8\x4d\x22\x3c\x92\x51\xbd\xac\xbb\xae\x61\xd0\x5e\xd1\x15" \
+ "\xa0\x6a\x7c\xe1\x17\xb7\xbe\xea\xd2\x44\x21\xde\xd9\xc3\x25\x92" \
+ "\xbd\x57\xed\xea\xe3\x9c\x39\xfa\x1f\xe8\x94\x6a\x84\xd0\xcf\x1f" \
+ "\x7b\xee\xad\x17\x13\xe2\xe0\x95\x98\x97\x34\x7f\x67\xc8\x0b\x04" \
+ "\x00\xc2\x09\x81\x5d\x6b\x10\xa6\x83\x83\x6f\xd5\x56\x2a\x56\xca" \
+ "\xb1\xa2\x8e\x81\xb6\x57\x66\x54\x63\x1c\xf1\x65\x66\xb8\x6e\x3b" \
+ "\x33\xa1\x08\xb0\x53\x07\xc0\x0a\xff\x14\xa7\x68\xed\x73\x50\x60" \
+ "\x6a\x0f\x85\xe6\xa9\x1d\x39\x6f\x5b\x5c\xbe\x57\x7f\x9b\x38\x80" \
+ "\x7c\x7d\x52\x3d\x6d\x79\x2f\x6e\xbc\x24\xa4\xec\xf2\xb3\xa4\x27" \
+ "\xcd\xbb\xfb"
+#define TEST7_224 \
+ "\xf0\x70\x06\xf2\x5a\x0b\xea\x68\xcd\x76\xa2\x95\x87\xc2\x8d"
+#define TEST8_224 \
+ "\x18\x80\x40\x05\xdd\x4f\xbd\x15\x56\x29\x9d\x6f\x9d\x93\xdf\x62"
+#define TEST9_224 \
+ "\xa2\xbe\x6e\x46\x32\x81\x09\x02\x94\xd9\xce\x94\x82\x65\x69\x42" \
+ "\x3a\x3a\x30\x5e\xd5\xe2\x11\x6c\xd4\xa4\xc9\x87\xfc\x06\x57\x00" \
+ "\x64\x91\xb1\x49\xcc\xd4\xb5\x11\x30\xac\x62\xb1\x9d\xc2\x48\xc7" \
+ "\x44\x54\x3d\x20\xcd\x39\x52\xdc\xed\x1f\x06\xcc\x3b\x18\xb9\x1f" \
+
+
+
+Eastlake 3rd & Hansen Informational [Page 79]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "\x3f\x55\x63\x3e\xcc\x30\x85\xf4\x90\x70\x60\xd2"
+#define TEST10_224 \
+ "\x55\xb2\x10\x07\x9c\x61\xb5\x3a\xdd\x52\x06\x22\xd1\xac\x97\xd5" \
+ "\xcd\xbe\x8c\xb3\x3a\xa0\xae\x34\x45\x17\xbe\xe4\xd7\xba\x09\xab" \
+ "\xc8\x53\x3c\x52\x50\x88\x7a\x43\xbe\xbb\xac\x90\x6c\x2e\x18\x37" \
+ "\xf2\x6b\x36\xa5\x9a\xe3\xbe\x78\x14\xd5\x06\x89\x6b\x71\x8b\x2a" \
+ "\x38\x3e\xcd\xac\x16\xb9\x61\x25\x55\x3f\x41\x6f\xf3\x2c\x66\x74" \
+ "\xc7\x45\x99\xa9\x00\x53\x86\xd9\xce\x11\x12\x24\x5f\x48\xee\x47" \
+ "\x0d\x39\x6c\x1e\xd6\x3b\x92\x67\x0c\xa5\x6e\xc8\x4d\xee\xa8\x14" \
+ "\xb6\x13\x5e\xca\x54\x39\x2b\xde\xdb\x94\x89\xbc\x9b\x87\x5a\x8b" \
+ "\xaf\x0d\xc1\xae\x78\x57\x36\x91\x4a\xb7\xda\xa2\x64\xbc\x07\x9d" \
+ "\x26\x9f\x2c\x0d\x7e\xdd\xd8\x10\xa4\x26\x14\x5a\x07\x76\xf6\x7c" \
+ "\x87\x82\x73"
+#define TEST7_256 \
+ "\xbe\x27\x46\xc6\xdb\x52\x76\x5f\xdb\x2f\x88\x70\x0f\x9a\x73"
+#define TEST8_256 \
+ "\xe3\xd7\x25\x70\xdc\xdd\x78\x7c\xe3\x88\x7a\xb2\xcd\x68\x46\x52"
+#define TEST9_256 \
+ "\x3e\x74\x03\x71\xc8\x10\xc2\xb9\x9f\xc0\x4e\x80\x49\x07\xef\x7c" \
+ "\xf2\x6b\xe2\x8b\x57\xcb\x58\xa3\xe2\xf3\xc0\x07\x16\x6e\x49\xc1" \
+ "\x2e\x9b\xa3\x4c\x01\x04\x06\x91\x29\xea\x76\x15\x64\x25\x45\x70" \
+ "\x3a\x2b\xd9\x01\xe1\x6e\xb0\xe0\x5d\xeb\xa0\x14\xeb\xff\x64\x06" \
+ "\xa0\x7d\x54\x36\x4e\xff\x74\x2d\xa7\x79\xb0\xb3"
+#define TEST10_256 \
+ "\x83\x26\x75\x4e\x22\x77\x37\x2f\x4f\xc1\x2b\x20\x52\x7a\xfe\xf0" \
+ "\x4d\x8a\x05\x69\x71\xb1\x1a\xd5\x71\x23\xa7\xc1\x37\x76\x00\x00" \
+ "\xd7\xbe\xf6\xf3\xc1\xf7\xa9\x08\x3a\xa3\x9d\x81\x0d\xb3\x10\x77" \
+ "\x7d\xab\x8b\x1e\x7f\x02\xb8\x4a\x26\xc7\x73\x32\x5f\x8b\x23\x74" \
+ "\xde\x7a\x4b\x5a\x58\xcb\x5c\x5c\xf3\x5b\xce\xe6\xfb\x94\x6e\x5b" \
+ "\xd6\x94\xfa\x59\x3a\x8b\xeb\x3f\x9d\x65\x92\xec\xed\xaa\x66\xca" \
+ "\x82\xa2\x9d\x0c\x51\xbc\xf9\x33\x62\x30\xe5\xd7\x84\xe4\xc0\xa4" \
+ "\x3f\x8d\x79\xa3\x0a\x16\x5c\xba\xbe\x45\x2b\x77\x4b\x9c\x71\x09" \
+ "\xa9\x7d\x13\x8f\x12\x92\x28\x96\x6f\x6c\x0a\xdc\x10\x6a\xad\x5a" \
+ "\x9f\xdd\x30\x82\x57\x69\xb2\xc6\x71\xaf\x67\x59\xdf\x28\xeb\x39" \
+ "\x3d\x54\xd6"
+#define TEST7_384 \
+ "\x8b\xc5\x00\xc7\x7c\xee\xd9\x87\x9d\xa9\x89\x10\x7c\xe0\xaa"
+#define TEST8_384 \
+ "\xa4\x1c\x49\x77\x79\xc0\x37\x5f\xf1\x0a\x7f\x4e\x08\x59\x17\x39"
+#define TEST9_384 \
+ "\x68\xf5\x01\x79\x2d\xea\x97\x96\x76\x70\x22\xd9\x3d\xa7\x16\x79" \
+ "\x30\x99\x20\xfa\x10\x12\xae\xa3\x57\xb2\xb1\x33\x1d\x40\xa1\xd0" \
+ "\x3c\x41\xc2\x40\xb3\xc9\xa7\x5b\x48\x92\xf4\xc0\x72\x4b\x68\xc8" \
+ "\x75\x32\x1a\xb8\xcf\xe5\x02\x3b\xd3\x75\xbc\x0f\x94\xbd\x89\xfe" \
+ "\x04\xf2\x97\x10\x5d\x7b\x82\xff\xc0\x02\x1a\xeb\x1c\xcb\x67\x4f" \
+ "\x52\x44\xea\x34\x97\xde\x26\xa4\x19\x1c\x5f\x62\xe5\xe9\xa2\xd8" \
+ "\x08\x2f\x05\x51\xf4\xa5\x30\x68\x26\xe9\x1c\xc0\x06\xce\x1b\xf6" \
+ "\x0f\xf7\x19\xd4\x2f\xa5\x21\xc8\x71\xcd\x23\x94\xd9\x6e\xf4\x46" \
+
+
+
+Eastlake 3rd & Hansen Informational [Page 80]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "\x8f\x21\x96\x6b\x41\xf2\xba\x80\xc2\x6e\x83\xa9"
+#define TEST10_384 \
+ "\x39\x96\x69\xe2\x8f\x6b\x9c\x6d\xbc\xbb\x69\x12\xec\x10\xff\xcf" \
+ "\x74\x79\x03\x49\xb7\xdc\x8f\xbe\x4a\x8e\x7b\x3b\x56\x21\xdb\x0f" \
+ "\x3e\x7d\xc8\x7f\x82\x32\x64\xbb\xe4\x0d\x18\x11\xc9\xea\x20\x61" \
+ "\xe1\xc8\x4a\xd1\x0a\x23\xfa\xc1\x72\x7e\x72\x02\xfc\x3f\x50\x42" \
+ "\xe6\xbf\x58\xcb\xa8\xa2\x74\x6e\x1f\x64\xf9\xb9\xea\x35\x2c\x71" \
+ "\x15\x07\x05\x3c\xf4\xe5\x33\x9d\x52\x86\x5f\x25\xcc\x22\xb5\xe8" \
+ "\x77\x84\xa1\x2f\xc9\x61\xd6\x6c\xb6\xe8\x95\x73\x19\x9a\x2c\xe6" \
+ "\x56\x5c\xbd\xf1\x3d\xca\x40\x38\x32\xcf\xcb\x0e\x8b\x72\x11\xe8" \
+ "\x3a\xf3\x2a\x11\xac\x17\x92\x9f\xf1\xc0\x73\xa5\x1c\xc0\x27\xaa" \
+ "\xed\xef\xf8\x5a\xad\x7c\x2b\x7c\x5a\x80\x3e\x24\x04\xd9\x6d\x2a" \
+ "\x77\x35\x7b\xda\x1a\x6d\xae\xed\x17\x15\x1c\xb9\xbc\x51\x25\xa4" \
+ "\x22\xe9\x41\xde\x0c\xa0\xfc\x50\x11\xc2\x3e\xcf\xfe\xfd\xd0\x96" \
+ "\x76\x71\x1c\xf3\xdb\x0a\x34\x40\x72\x0e\x16\x15\xc1\xf2\x2f\xbc" \
+ "\x3c\x72\x1d\xe5\x21\xe1\xb9\x9b\xa1\xbd\x55\x77\x40\x86\x42\x14" \
+ "\x7e\xd0\x96"
+#define TEST7_512 \
+ "\x08\xec\xb5\x2e\xba\xe1\xf7\x42\x2d\xb6\x2b\xcd\x54\x26\x70"
+#define TEST8_512 \
+ "\x8d\x4e\x3c\x0e\x38\x89\x19\x14\x91\x81\x6e\x9d\x98\xbf\xf0\xa0"
+#define TEST9_512 \
+ "\x3a\xdd\xec\x85\x59\x32\x16\xd1\x61\x9a\xa0\x2d\x97\x56\x97\x0b" \
+ "\xfc\x70\xac\xe2\x74\x4f\x7c\x6b\x27\x88\x15\x10\x28\xf7\xb6\xa2" \
+ "\x55\x0f\xd7\x4a\x7e\x6e\x69\xc2\xc9\xb4\x5f\xc4\x54\x96\x6d\xc3" \
+ "\x1d\x2e\x10\xda\x1f\x95\xce\x02\xbe\xb4\xbf\x87\x65\x57\x4c\xbd" \
+ "\x6e\x83\x37\xef\x42\x0a\xdc\x98\xc1\x5c\xb6\xd5\xe4\xa0\x24\x1b" \
+ "\xa0\x04\x6d\x25\x0e\x51\x02\x31\xca\xc2\x04\x6c\x99\x16\x06\xab" \
+ "\x4e\xe4\x14\x5b\xee\x2f\xf4\xbb\x12\x3a\xab\x49\x8d\x9d\x44\x79" \
+ "\x4f\x99\xcc\xad\x89\xa9\xa1\x62\x12\x59\xed\xa7\x0a\x5b\x6d\xd4" \
+ "\xbd\xd8\x77\x78\xc9\x04\x3b\x93\x84\xf5\x49\x06"
+#define TEST10_512 \
+ "\xa5\x5f\x20\xc4\x11\xaa\xd1\x32\x80\x7a\x50\x2d\x65\x82\x4e\x31" \
+ "\xa2\x30\x54\x32\xaa\x3d\x06\xd3\xe2\x82\xa8\xd8\x4e\x0d\xe1\xde" \
+ "\x69\x74\xbf\x49\x54\x69\xfc\x7f\x33\x8f\x80\x54\xd5\x8c\x26\xc4" \
+ "\x93\x60\xc3\xe8\x7a\xf5\x65\x23\xac\xf6\xd8\x9d\x03\xe5\x6f\xf2" \
+ "\xf8\x68\x00\x2b\xc3\xe4\x31\xed\xc4\x4d\xf2\xf0\x22\x3d\x4b\xb3" \
+ "\xb2\x43\x58\x6e\x1a\x7d\x92\x49\x36\x69\x4f\xcb\xba\xf8\x8d\x95" \
+ "\x19\xe4\xeb\x50\xa6\x44\xf8\xe4\xf9\x5e\xb0\xea\x95\xbc\x44\x65" \
+ "\xc8\x82\x1a\xac\xd2\xfe\x15\xab\x49\x81\x16\x4b\xbb\x6d\xc3\x2f" \
+ "\x96\x90\x87\xa1\x45\xb0\xd9\xcc\x9c\x67\xc2\x2b\x76\x32\x99\x41" \
+ "\x9c\xc4\x12\x8b\xe9\xa0\x77\xb3\xac\xe6\x34\x06\x4e\x6d\x99\x28" \
+ "\x35\x13\xdc\x06\xe7\x51\x5d\x0d\x73\x13\x2e\x9a\x0d\xc6\xd3\xb1" \
+ "\xf8\xb2\x46\xf1\xa9\x8a\x3f\xc7\x29\x41\xb1\xe3\xbb\x20\x98\xe8" \
+ "\xbf\x16\xf2\x68\xd6\x4f\x0b\x0f\x47\x07\xfe\x1e\xa1\xa1\x79\x1b" \
+ "\xa2\xf3\xc0\xc7\x58\xe5\xf5\x51\x86\x3a\x96\xc9\x49\xad\x47\xd7" \
+ "\xfb\x40\xd2"
+#define SHA1_SEED "\xd0\x56\x9c\xb3\x66\x5a\x8a\x43\xeb\x6e\xa2\x3d" \
+
+
+
+Eastlake 3rd & Hansen Informational [Page 81]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "\x75\xa3\xc4\xd2\x05\x4a\x0d\x7d"
+#define SHA224_SEED "\xd0\x56\x9c\xb3\x66\x5a\x8a\x43\xeb\x6e\xa2" \
+ "\x3d\x75\xa3\xc4\xd2\x05\x4a\x0d\x7d\x66\xa9\xca\x99\xc9\xce\xb0" \
+ "\x27"
+#define SHA256_SEED "\xf4\x1e\xce\x26\x13\xe4\x57\x39\x15\x69\x6b" \
+ "\x5a\xdc\xd5\x1c\xa3\x28\xbe\x3b\xf5\x66\xa9\xca\x99\xc9\xce\xb0" \
+ "\x27\x9c\x1c\xb0\xa7"
+#define SHA384_SEED "\x82\x40\xbc\x51\xe4\xec\x7e\xf7\x6d\x18\xe3" \
+ "\x52\x04\xa1\x9f\x51\xa5\x21\x3a\x73\xa8\x1d\x6f\x94\x46\x80\xd3" \
+ "\x07\x59\x48\xb7\xe4\x63\x80\x4e\xa3\xd2\x6e\x13\xea\x82\x0d\x65" \
+ "\xa4\x84\xbe\x74\x53"
+#define SHA512_SEED "\x47\x3f\xf1\xb9\xb3\xff\xdf\xa1\x26\x69\x9a" \
+ "\xc7\xef\x9e\x8e\x78\x77\x73\x09\x58\x24\xc6\x42\x55\x7c\x13\x99" \
+ "\xd9\x8e\x42\x20\x44\x8d\xc3\x5b\x99\xbf\xdd\x44\x77\x95\x43\x92" \
+ "\x4c\x1c\xe9\x3b\xc5\x94\x15\x38\x89\x5d\xb9\x88\x26\x1b\x00\x77" \
+ "\x4b\x12\x27\x20\x39"
+
+#define TESTCOUNT 10
+#define HASHCOUNT 5
+#define RANDOMCOUNT 4
+#define HMACTESTCOUNT 7
+
+#define PRINTNONE 0
+#define PRINTTEXT 1
+#define PRINTRAW 2
+#define PRINTHEX 3
+#define PRINTBASE64 4
+
+#define PRINTPASSFAIL 1
+#define PRINTFAIL 2
+
+#define length(x) (sizeof(x)-1)
+
+/* Test arrays for hashes. */
+struct hash {
+ const char *name;
+ SHAversion whichSha;
+ int hashsize;
+ struct {
+ const char *testarray;
+ int length;
+ long repeatcount;
+ int extrabits;
+ int numberExtrabits;
+ const char *resultarray;
+ } tests[TESTCOUNT];
+ const char *randomtest;
+ const char *randomresults[RANDOMCOUNT];
+
+
+
+Eastlake 3rd & Hansen Informational [Page 82]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+} hashes[HASHCOUNT] = {
+ { "SHA1", SHA1, SHA1HashSize,
+ {
+ /* 1 */ { TEST1, length(TEST1), 1, 0, 0,
+ "A9993E364706816ABA3E25717850C26C9CD0D89D" },
+ /* 2 */ { TEST2_1, length(TEST2_1), 1, 0, 0,
+ "84983E441C3BD26EBAAE4AA1F95129E5E54670F1" },
+ /* 3 */ { TEST3, length(TEST3), 1000000, 0, 0,
+ "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" },
+ /* 4 */ { TEST4, length(TEST4), 10, 0, 0,
+ "DEA356A2CDDD90C7A7ECEDC5EBB563934F460452" },
+ /* 5 */ { "", 0, 0, 0x98, 5,
+ "29826B003B906E660EFF4027CE98AF3531AC75BA" },
+ /* 6 */ { "\x5e", 1, 1, 0, 0,
+ "5E6F80A34A9798CAFC6A5DB96CC57BA4C4DB59C2" },
+ /* 7 */ { TEST7_1, length(TEST7_1), 1, 0x80, 3,
+ "6239781E03729919C01955B3FFA8ACB60B988340" },
+ /* 8 */ { TEST8_1, length(TEST8_1), 1, 0, 0,
+ "82ABFF6605DBE1C17DEF12A394FA22A82B544A35" },
+ /* 9 */ { TEST9_1, length(TEST9_1), 1, 0xE0, 3,
+ "8C5B2A5DDAE5A97FC7F9D85661C672ADBF7933D4" },
+ /* 10 */ { TEST10_1, length(TEST10_1), 1, 0, 0,
+ "CB0082C8F197D260991BA6A460E76E202BAD27B3" }
+ }, SHA1_SEED, { "E216836819477C7F78E0D843FE4FF1B6D6C14CD4",
+ "A2DBC7A5B1C6C0A8BCB7AAA41252A6A7D0690DBC",
+ "DB1F9050BB863DFEF4CE37186044E2EEB17EE013",
+ "127FDEDF43D372A51D5747C48FBFFE38EF6CDF7B"
+ } },
+ { "SHA224", SHA224, SHA224HashSize,
+ {
+ /* 1 */ { TEST1, length(TEST1), 1, 0, 0,
+ "23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7" },
+ /* 2 */ { TEST2_1, length(TEST2_1), 1, 0, 0,
+ "75388B16512776CC5DBA5DA1FD890150B0C6455CB4F58B1952522525" },
+ /* 3 */ { TEST3, length(TEST3), 1000000, 0, 0,
+ "20794655980C91D8BBB4C1EA97618A4BF03F42581948B2EE4EE7AD67" },
+ /* 4 */ { TEST4, length(TEST4), 10, 0, 0,
+ "567F69F168CD7844E65259CE658FE7AADFA25216E68ECA0EB7AB8262" },
+ /* 5 */ { "", 0, 0, 0x68, 5,
+ "E3B048552C3C387BCAB37F6EB06BB79B96A4AEE5FF27F51531A9551C" },
+ /* 6 */ { "\x07", 1, 1, 0, 0,
+ "00ECD5F138422B8AD74C9799FD826C531BAD2FCABC7450BEE2AA8C2A" },
+ /* 7 */ { TEST7_224, length(TEST7_224), 1, 0xA0, 3,
+ "1B01DB6CB4A9E43DED1516BEB3DB0B87B6D1EA43187462C608137150" },
+ /* 8 */ { TEST8_224, length(TEST8_224), 1, 0, 0,
+ "DF90D78AA78821C99B40BA4C966921ACCD8FFB1E98AC388E56191DB1" },
+ /* 9 */ { TEST9_224, length(TEST9_224), 1, 0xE0, 3,
+ "54BEA6EAB8195A2EB0A7906A4B4A876666300EEFBD1F3B8474F9CD57" },
+
+
+
+Eastlake 3rd & Hansen Informational [Page 83]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ /* 10 */ { TEST10_224, length(TEST10_224), 1, 0, 0,
+ "0B31894EC8937AD9B91BDFBCBA294D9ADEFAA18E09305E9F20D5C3A4" }
+ }, SHA224_SEED, { "100966A5B4FDE0B42E2A6C5953D4D7F41BA7CF79FD"
+ "2DF431416734BE", "1DCA396B0C417715DEFAAE9641E10A2E99D55A"
+ "BCB8A00061EB3BE8BD", "1864E627BDB2319973CD5ED7D68DA71D8B"
+ "F0F983D8D9AB32C34ADB34", "A2406481FC1BCAF24DD08E6752E844"
+ "709563FB916227FED598EB621F"
+ } },
+ { "SHA256", SHA256, SHA256HashSize,
+ {
+ /* 1 */ { TEST1, length(TEST1), 1, 0, 0, "BA7816BF8F01CFEA4141"
+ "40DE5DAE2223B00361A396177A9CB410FF61F20015AD" },
+ /* 2 */ { TEST2_1, length(TEST2_1), 1, 0, 0, "248D6A61D20638B8"
+ "E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1" },
+ /* 3 */ { TEST3, length(TEST3), 1000000, 0, 0, "CDC76E5C9914FB92"
+ "81A1C7E284D73E67F1809A48A497200E046D39CCC7112CD0" },
+ /* 4 */ { TEST4, length(TEST4), 10, 0, 0, "594847328451BDFA"
+ "85056225462CC1D867D877FB388DF0CE35F25AB5562BFBB5" },
+ /* 5 */ { "", 0, 0, 0x68, 5, "D6D3E02A31A84A8CAA9718ED6C2057BE"
+ "09DB45E7823EB5079CE7A573A3760F95" },
+ /* 6 */ { "\x19", 1, 1, 0, 0, "68AA2E2EE5DFF96E3355E6C7EE373E3D"
+ "6A4E17F75F9518D843709C0C9BC3E3D4" },
+ /* 7 */ { TEST7_256, length(TEST7_256), 1, 0x60, 3, "77EC1DC8"
+ "9C821FF2A1279089FA091B35B8CD960BCAF7DE01C6A7680756BEB972" },
+ /* 8 */ { TEST8_256, length(TEST8_256), 1, 0, 0, "175EE69B02BA"
+ "9B58E2B0A5FD13819CEA573F3940A94F825128CF4209BEABB4E8" },
+ /* 9 */ { TEST9_256, length(TEST9_256), 1, 0xA0, 3, "3E9AD646"
+ "8BBBAD2AC3C2CDC292E018BA5FD70B960CF1679777FCE708FDB066E9" },
+ /* 10 */ { TEST10_256, length(TEST10_256), 1, 0, 0, "97DBCA7D"
+ "F46D62C8A422C941DD7E835B8AD3361763F7E9B2D95F4F0DA6E1CCBC" },
+ }, SHA256_SEED, { "83D28614D49C3ADC1D6FC05DB5F48037C056F8D2A4CE44"
+ "EC6457DEA5DD797CD1", "99DBE3127EF2E93DD9322D6A07909EB33B6399"
+ "5E529B3F954B8581621BB74D39", "8D4BE295BB64661CA3C7EFD129A2F7"
+ "25B33072DBDDE32385B9A87B9AF88EA76F", "40AF5D3F9716B040DF9408"
+ "E31536B70FF906EC51B00447CA97D7DD97C12411F4"
+ } },
+ { "SHA384", SHA384, SHA384HashSize,
+ {
+ /* 1 */ { TEST1, length(TEST1), 1, 0, 0,
+ "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED163"
+ "1A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7" },
+ /* 2 */ { TEST2_2, length(TEST2_2), 1, 0, 0,
+ "09330C33F71147E83D192FC782CD1B4753111B173B3B05D2"
+ "2FA08086E3B0F712FCC7C71A557E2DB966C3E9FA91746039" },
+ /* 3 */ { TEST3, length(TEST3), 1000000, 0, 0,
+ "9D0E1809716474CB086E834E310A4A1CED149E9C00F24852"
+ "7972CEC5704C2A5B07B8B3DC38ECC4EBAE97DDD87F3D8985" },
+ /* 4 */ { TEST4, length(TEST4), 10, 0, 0,
+
+
+
+Eastlake 3rd & Hansen Informational [Page 84]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "2FC64A4F500DDB6828F6A3430B8DD72A368EB7F3A8322A70"
+ "BC84275B9C0B3AB00D27A5CC3C2D224AA6B61A0D79FB4596" },
+ /* 5 */ { "", 0, 0, 0x10, 5,
+ "8D17BE79E32B6718E07D8A603EB84BA0478F7FCFD1BB9399"
+ "5F7D1149E09143AC1FFCFC56820E469F3878D957A15A3FE4" },
+ /* 6 */ { "\xb9", 1, 1, 0, 0,
+ "BC8089A19007C0B14195F4ECC74094FEC64F01F90929282C"
+ "2FB392881578208AD466828B1C6C283D2722CF0AD1AB6938" },
+ /* 7 */ { TEST7_384, length(TEST7_384), 1, 0xA0, 3,
+ "D8C43B38E12E7C42A7C9B810299FD6A770BEF30920F17532"
+ "A898DE62C7A07E4293449C0B5FA70109F0783211CFC4BCE3" },
+ /* 8 */ { TEST8_384, length(TEST8_384), 1, 0, 0,
+ "C9A68443A005812256B8EC76B00516F0DBB74FAB26D66591"
+ "3F194B6FFB0E91EA9967566B58109CBC675CC208E4C823F7" },
+ /* 9 */ { TEST9_384, length(TEST9_384), 1, 0xE0, 3,
+ "5860E8DE91C21578BB4174D227898A98E0B45C4C760F0095"
+ "49495614DAEDC0775D92D11D9F8CE9B064EEAC8DAFC3A297" },
+ /* 10 */ { TEST10_384, length(TEST10_384), 1, 0, 0,
+ "4F440DB1E6EDD2899FA335F09515AA025EE177A79F4B4AAF"
+ "38E42B5C4DE660F5DE8FB2A5B2FBD2A3CBFFD20CFF1288C0" }
+ }, SHA384_SEED, { "CE44D7D63AE0C91482998CF662A51EC80BF6FC68661A3C"
+ "57F87566112BD635A743EA904DEB7D7A42AC808CABE697F38F", "F9C6D2"
+ "61881FEE41ACD39E67AA8D0BAD507C7363EB67E2B81F45759F9C0FD7B503"
+ "DF1A0B9E80BDE7BC333D75B804197D", "D96512D8C9F4A7A4967A366C01"
+ "C6FD97384225B58343A88264847C18E4EF8AB7AEE4765FFBC3E30BD485D3"
+ "638A01418F", "0CA76BD0813AF1509E170907A96005938BC985628290B2"
+ "5FEF73CF6FAD68DDBA0AC8920C94E0541607B0915A7B4457F7"
+ } },
+ { "SHA512", SHA512, SHA512HashSize,
+ {
+ /* 1 */ { TEST1, length(TEST1), 1, 0, 0,
+ "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA2"
+ "0A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD"
+ "454D4423643CE80E2A9AC94FA54CA49F" },
+ /* 2 */ { TEST2_2, length(TEST2_2), 1, 0, 0,
+ "8E959B75DAE313DA8CF4F72814FC143F8F7779C6EB9F7FA1"
+ "7299AEADB6889018501D289E4900F7E4331B99DEC4B5433A"
+ "C7D329EEB6DD26545E96E55B874BE909" },
+ /* 3 */ { TEST3, length(TEST3), 1000000, 0, 0,
+ "E718483D0CE769644E2E42C7BC15B4638E1F98B13B204428"
+ "5632A803AFA973EBDE0FF244877EA60A4CB0432CE577C31B"
+ "EB009C5C2C49AA2E4EADB217AD8CC09B" },
+ /* 4 */ { TEST4, length(TEST4), 10, 0, 0,
+ "89D05BA632C699C31231DED4FFC127D5A894DAD412C0E024"
+ "DB872D1ABD2BA8141A0F85072A9BE1E2AA04CF33C765CB51"
+ "0813A39CD5A84C4ACAA64D3F3FB7BAE9" },
+ /* 5 */ { "", 0, 0, 0xB0, 5,
+ "D4EE29A9E90985446B913CF1D1376C836F4BE2C1CF3CADA0"
+
+
+
+Eastlake 3rd & Hansen Informational [Page 85]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "720A6BF4857D886A7ECB3C4E4C0FA8C7F95214E41DC1B0D2"
+ "1B22A84CC03BF8CE4845F34DD5BDBAD4" },
+ /* 6 */ { "\xD0", 1, 1, 0, 0,
+ "9992202938E882E73E20F6B69E68A0A7149090423D93C81B"
+ "AB3F21678D4ACEEEE50E4E8CAFADA4C85A54EA8306826C4A"
+ "D6E74CECE9631BFA8A549B4AB3FBBA15" },
+ /* 7 */ { TEST7_512, length(TEST7_512), 1, 0x80, 3,
+ "ED8DC78E8B01B69750053DBB7A0A9EDA0FB9E9D292B1ED71"
+ "5E80A7FE290A4E16664FD913E85854400C5AF05E6DAD316B"
+ "7359B43E64F8BEC3C1F237119986BBB6" },
+ /* 8 */ { TEST8_512, length(TEST8_512), 1, 0, 0,
+ "CB0B67A4B8712CD73C9AABC0B199E9269B20844AFB75ACBD"
+ "D1C153C9828924C3DDEDAAFE669C5FDD0BC66F630F677398"
+ "8213EB1B16F517AD0DE4B2F0C95C90F8" },
+ /* 9 */ { TEST9_512, length(TEST9_512), 1, 0x80, 3,
+ "32BA76FC30EAA0208AEB50FFB5AF1864FDBF17902A4DC0A6"
+ "82C61FCEA6D92B783267B21080301837F59DE79C6B337DB2"
+ "526F8A0A510E5E53CAFED4355FE7C2F1" },
+ /* 10 */ { TEST10_512, length(TEST10_512), 1, 0, 0,
+ "C665BEFB36DA189D78822D10528CBF3B12B3EEF726039909"
+ "C1A16A270D48719377966B957A878E720584779A62825C18"
+ "DA26415E49A7176A894E7510FD1451F5" }
+ }, SHA512_SEED, { "2FBB1E7E00F746BA514FBC8C421F36792EC0E11FF5EFC3"
+ "78E1AB0C079AA5F0F66A1E3EDBAEB4F9984BE14437123038A452004A5576"
+ "8C1FD8EED49E4A21BEDCD0", "25CBE5A4F2C7B1D7EF07011705D50C62C5"
+ "000594243EAFD1241FC9F3D22B58184AE2FEE38E171CF8129E29459C9BC2"
+ "EF461AF5708887315F15419D8D17FE7949", "5B8B1F2687555CE2D7182B"
+ "92E5C3F6C36547DA1C13DBB9EA4F73EA4CBBAF89411527906D35B1B06C1B"
+ "6A8007D05EC66DF0A406066829EAB618BDE3976515AAFC", "46E36B007D"
+ "19876CDB0B29AD074FE3C08CDD174D42169D6ABE5A1414B6E79707DF5877"
+ "6A98091CF431854147BB6D3C66D43BFBC108FD715BDE6AA127C2B0E79F"
+ }
+ }
+};
+
+/* Test arrays for HMAC. */
+struct hmachash {
+ const char *keyarray[5];
+ int keylength[5];
+ const char *dataarray[5];
+ int datalength[5];
+ const char *resultarray[5];
+ int resultlength[5];
+} hmachashes[HMACTESTCOUNT] = {
+ { /* 1 */ {
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b"
+ }, { 20 }, {
+
+
+
+Eastlake 3rd & Hansen Informational [Page 86]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "\x48\x69\x20\x54\x68\x65\x72\x65" /* "Hi There" */
+ }, { 8 }, {
+ /* HMAC-SHA-1 */
+ "B617318655057264E28BC0B6FB378C8EF146BE00",
+ /* HMAC-SHA-224 */
+ "896FB1128ABBDF196832107CD49DF33F47B4B1169912BA4F53684B22",
+ /* HMAC-SHA-256 */
+ "B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32"
+ "CFF7",
+ /* HMAC-SHA-384 */
+ "AFD03944D84895626B0825F4AB46907F15F9DADBE4101EC682AA034C7CEB"
+ "C59CFAEA9EA9076EDE7F4AF152E8B2FA9CB6",
+ /* HMAC-SHA-512 */
+ "87AA7CDEA5EF619D4FF0B4241A1D6CB02379F4E2CE4EC2787AD0B30545E1"
+ "7CDEDAA833B7D6B8A702038B274EAEA3F4E4BE9D914EEB61F1702E696C20"
+ "3A126854"
+ }, { SHA1HashSize, SHA224HashSize, SHA256HashSize,
+ SHA384HashSize, SHA512HashSize }
+ },
+ { /* 2 */ {
+ "\x4a\x65\x66\x65" /* "Jefe" */
+ }, { 4 }, {
+ "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74"
+ "\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f"
+ /* "what do ya want for nothing?" */
+ }, { 28 }, {
+ /* HMAC-SHA-1 */
+ "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79",
+ /* HMAC-SHA-224 */
+ "A30E01098BC6DBBF45690F3A7E9E6D0F8BBEA2A39E6148008FD05E44",
+ /* HMAC-SHA-256 */
+ "5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC"
+ "3843",
+ /* HMAC-SHA-384 */
+ "AF45D2E376484031617F78D2B58A6B1B9C7EF464F5A01B47E42EC3736322"
+ "445E8E2240CA5E69E2C78B3239ECFAB21649",
+ /* HMAC-SHA-512 */
+ "164B7A7BFCF819E2E395FBE73B56E0A387BD64222E831FD610270CD7EA25"
+ "05549758BF75C05A994A6D034F65F8F0E6FDCAEAB1A34D4A6B4B636E070A"
+ "38BCE737"
+ }, { SHA1HashSize, SHA224HashSize, SHA256HashSize,
+ SHA384HashSize, SHA512HashSize }
+ },
+ { /* 3 */
+ {
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa"
+ }, { 20 }, {
+
+
+
+Eastlake 3rd & Hansen Informational [Page 87]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd"
+ }, { 50 }, {
+ /* HMAC-SHA-1 */
+ "125D7342B9AC11CD91A39AF48AA17B4F63F175D3",
+ /* HMAC-SHA-224 */
+ "7FB3CB3588C6C1F6FFA9694D7D6AD2649365B0C1F65D69D1EC8333EA",
+ /* HMAC-SHA-256 */
+ "773EA91E36800E46854DB8EBD09181A72959098B3EF8C122D9635514CED5"
+ "65FE",
+ /* HMAC-SHA-384 */
+ "88062608D3E6AD8A0AA2ACE014C8A86F0AA635D947AC9FEBE83EF4E55966"
+ "144B2A5AB39DC13814B94E3AB6E101A34F27",
+ /* HMAC-SHA-512 */
+ "FA73B0089D56A284EFB0F0756C890BE9B1B5DBDD8EE81A3655F83E33B227"
+ "9D39BF3E848279A722C806B485A47E67C807B946A337BEE8942674278859"
+ "E13292FB"
+ }, { SHA1HashSize, SHA224HashSize, SHA256HashSize,
+ SHA384HashSize, SHA512HashSize }
+ },
+ { /* 4 */ {
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19"
+ }, { 25 }, {
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd"
+ }, { 50 }, {
+ /* HMAC-SHA-1 */
+ "4C9007F4026250C6BC8414F9BF50C86C2D7235DA",
+ /* HMAC-SHA-224 */
+ "6C11506874013CAC6A2ABC1BB382627CEC6A90D86EFC012DE7AFEC5A",
+ /* HMAC-SHA-256 */
+ "82558A389A443C0EA4CC819899F2083A85F0FAA3E578F8077A2E3FF46729"
+ "665B",
+ /* HMAC-SHA-384 */
+ "3E8A69B7783C25851933AB6290AF6CA77A9981480850009CC5577C6E1F57"
+ "3B4E6801DD23C4A7D679CCF8A386C674CFFB",
+ /* HMAC-SHA-512 */
+ "B0BA465637458C6990E5A8C5F61D4AF7E576D97FF94B872DE76F8050361E"
+ "E3DBA91CA5C11AA25EB4D679275CC5788063A5F19741120C4F2DE2ADEBEB"
+ "10A298DD"
+ }, { SHA1HashSize, SHA224HashSize, SHA256HashSize,
+ SHA384HashSize, SHA512HashSize }
+ },
+
+
+
+Eastlake 3rd & Hansen Informational [Page 88]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ { /* 5 */ {
+ "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
+ "\x0c\x0c\x0c\x0c\x0c"
+ }, { 20 }, {
+ "Test With Truncation"
+ }, { 20 }, {
+ /* HMAC-SHA-1 */
+ "4C1A03424B55E07FE7F27BE1",
+ /* HMAC-SHA-224 */
+ "0E2AEA68A90C8D37C988BCDB9FCA6FA8",
+ /* HMAC-SHA-256 */
+ "A3B6167473100EE06E0C796C2955552B",
+ /* HMAC-SHA-384 */
+ "3ABF34C3503B2A23A46EFC619BAEF897",
+ /* HMAC-SHA-512 */
+ "415FAD6271580A531D4179BC891D87A6"
+ }, { 12, 16, 16, 16, 16 }
+ },
+ { /* 6 */ {
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ }, { 80, 131 }, {
+ "Test Using Larger Than Block-Size Key - Hash Key First"
+ }, { 54 }, {
+ /* HMAC-SHA-1 */
+ "AA4AE5E15272D00E95705637CE8A3B55ED402112",
+ /* HMAC-SHA-224 */
+ "95E9A0DB962095ADAEBE9B2D6F0DBCE2D499F112F2D2B7273FA6870E",
+ /* HMAC-SHA-256 */
+ "60E431591EE0B67F0D8A26AACBF5B77F8E0BC6213728C5140546040F0EE3"
+ "7F54",
+ /* HMAC-SHA-384 */
+ "4ECE084485813E9088D2C63A041BC5B44F9EF1012A2B588F3CD11F05033A"
+ "C4C60C2EF6AB4030FE8296248DF163F44952",
+ /* HMAC-SHA-512 */
+ "80B24263C7C1A3EBB71493C1DD7BE8B49B46D1F41B4AEEC1121B013783F8"
+ "F3526B56D037E05F2598BD0FD2215D6A1E5295E64F73F63F0AEC8B915A98"
+ "5D786598"
+ }, { SHA1HashSize, SHA224HashSize, SHA256HashSize,
+ SHA384HashSize, SHA512HashSize }
+ },
+
+
+
+Eastlake 3rd & Hansen Informational [Page 89]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ { /* 7 */ {
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ }, { 80, 131 }, {
+ "Test Using Larger Than Block-Size Key and "
+ "Larger Than One Block-Size Data",
+ "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20"
+ "\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20"
+ "\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65"
+ "\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67"
+ "\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73"
+ "\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b"
+ "\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20"
+ "\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62"
+ "\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68"
+ "\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68"
+ "\x6d\x2e"
+ /* "This is a test using a larger than block-size key and a "
+ "larger than block-size data. The key needs to be hashed "
+ "before being used by the HMAC algorithm." */
+ }, { 73, 152 }, {
+ /* HMAC-SHA-1 */
+ "E8E99D0F45237D786D6BBAA7965C7808BBFF1A91",
+ /* HMAC-SHA-224 */
+ "3A854166AC5D9F023F54D517D0B39DBD946770DB9C2B95C9F6F565D1",
+ /* HMAC-SHA-256 */
+ "9B09FFA71B942FCB27635FBCD5B0E944BFDC63644F0713938A7F51535C3A"
+ "35E2",
+ /* HMAC-SHA-384 */
+ "6617178E941F020D351E2F254E8FD32C602420FEB0B8FB9ADCCEBB82461E"
+ "99C5A678CC31E799176D3860E6110C46523E",
+ /* HMAC-SHA-512 */
+ "E37B6A775DC87DBAA4DFA9F96E5E3FFDDEBD71F8867289865DF5A32D20CD"
+ "C944B6022CAC3C4982B10D5EEB55C3E4DE15134676FB6DE0446065C97440"
+ "FA8C6A58"
+ }, { SHA1HashSize, SHA224HashSize, SHA256HashSize,
+ SHA384HashSize, SHA512HashSize }
+ }
+};
+
+/*
+
+
+
+Eastlake 3rd & Hansen Informational [Page 90]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * Check the hash value against the expected string, expressed in hex
+ */
+static const char hexdigits[] = "0123456789ABCDEF";
+int checkmatch(const unsigned char *hashvalue,
+ const char *hexstr, int hashsize)
+{
+ int i;
+ for (i = 0; i < hashsize; ++i) {
+ if (*hexstr++ != hexdigits[(hashvalue[i] >> 4) & 0xF])
+ return 0;
+ if (*hexstr++ != hexdigits[hashvalue[i] & 0xF]) return 0;
+ }
+ return 1;
+}
+
+/*
+ * Print the string, converting non-printable characters to "."
+ */
+void printstr(const char *str, int len)
+{
+ for ( ; len-- > 0; str++)
+ putchar(isprint((unsigned char)*str) ? *str : '.');
+}
+
+/*
+ * Print the string, converting non-printable characters to hex "## ".
+ */
+void printxstr(const char *str, int len)
+{
+ for ( ; len-- > 0; str++)
+ printf("%c%c ", hexdigits[(*str >> 4) & 0xF],
+ hexdigits[*str & 0xF]);
+}
+
+/*
+ * Print a usage message.
+ */
+void usage(const char *argv0)
+{
+ fprintf(stderr,
+ "Usage:\n"
+ "Common options: [-h hash] [-w|-x] [-H]\n"
+ "Standard tests:\n"
+ "\t%s [-m] [-l loopcount] [-t test#] [-e]\n"
+ "\t\t[-r randomseed] [-R randomloop-count] "
+ "[-p] [-P|-X]\n"
+ "Hash a string:\n"
+ "\t%s [-S expectedresult] -s hashstr [-k key]\n"
+
+
+
+Eastlake 3rd & Hansen Informational [Page 91]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ "Hash a file:\n"
+ "\t%s [-S expectedresult] -f file [-k key]\n"
+ "Hash a file, ignoring whitespace:\n"
+ "\t%s [-S expectedresult] -F file [-k key]\n"
+ "Additional bits to add in: [-B bitcount -b bits]\n"
+ "-h\thash to test: "
+ "0|SHA1, 1|SHA224, 2|SHA256, 3|SHA384, 4|SHA512\n"
+ "-m\tperform hmac test\n"
+ "-k\tkey for hmac test\n"
+ "-t\ttest case to run, 1-10\n"
+ "-l\thow many times to run the test\n"
+ "-e\ttest error returns\n"
+ "-p\tdo not print results\n"
+ "-P\tdo not print PASSED/FAILED\n"
+ "-X\tprint FAILED, but not PASSED\n"
+ "-r\tseed for random test\n"
+ "-R\thow many times to run random test\n"
+ "-s\tstring to hash\n"
+ "-S\texpected result of hashed string, in hex\n"
+ "-w\toutput hash in raw format\n"
+ "-x\toutput hash in hex format\n"
+ "-B\t# extra bits to add in after string or file input\n"
+ "-b\textra bits to add (high order bits of #, 0# or 0x#)\n"
+ "-H\tinput hashstr or randomseed is in hex\n"
+ , argv0, argv0, argv0, argv0);
+ exit(1);
+}
+
+/*
+ * Print the results and PASS/FAIL.
+ */
+void printResult(uint8_t *Message_Digest, int hashsize,
+ const char *hashname, const char *testtype, const char *testname,
+ const char *resultarray, int printResults, int printPassFail)
+{
+ int i, k;
+ if (printResults == PRINTTEXT) {
+ putchar('\t');
+ for (i = 0; i < hashsize ; ++i) {
+ putchar(hexdigits[(Message_Digest[i] >> 4) & 0xF]);
+ putchar(hexdigits[Message_Digest[i] & 0xF]);
+ putchar(' ');
+ }
+ putchar('\n');
+ } else if (printResults == PRINTRAW) {
+ fwrite(Message_Digest, 1, hashsize, stdout);
+ } else if (printResults == PRINTHEX) {
+ for (i = 0; i < hashsize ; ++i) {
+
+
+
+Eastlake 3rd & Hansen Informational [Page 92]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ putchar(hexdigits[(Message_Digest[i] >> 4) & 0xF]);
+ putchar(hexdigits[Message_Digest[i] & 0xF]);
+ }
+ putchar('\n');
+ }
+
+ if (printResults && resultarray) {
+ printf(" Should match:\n\t");
+ for (i = 0, k = 0; i < hashsize; i++, k += 2) {
+ putchar(resultarray[k]);
+ putchar(resultarray[k+1]);
+ putchar(' ');
+ }
+ putchar('\n');
+ }
+
+ if (printPassFail && resultarray) {
+ int ret = checkmatch(Message_Digest, resultarray, hashsize);
+ if ((printPassFail == PRINTPASSFAIL) || !ret)
+ printf("%s %s %s: %s\n", hashname, testtype, testname,
+ ret ? "PASSED" : "FAILED");
+ }
+}
+
+/*
+ * Exercise a hash series of functions. The input is the testarray,
+ * repeated repeatcount times, followed by the extrabits. If the
+ * result is known, it is in resultarray in uppercase hex.
+ */
+int hash(int testno, int loopno, int hashno,
+ const char *testarray, int length, long repeatcount,
+ int numberExtrabits, int extrabits, const unsigned char *keyarray,
+ int keylen, const char *resultarray, int hashsize, int printResults,
+ int printPassFail)
+{
+ USHAContext sha;
+ HMACContext hmac;
+ int err, i;
+ uint8_t Message_Digest[USHAMaxHashSize];
+ char buf[20];
+
+ if (printResults == PRINTTEXT) {
+ printf("\nTest %d: Iteration %d, Repeat %ld\n\t'", testno+1,
+ loopno, repeatcount);
+ printstr(testarray, length);
+ printf("'\n\t'");
+ printxstr(testarray, length);
+ printf("'\n");
+
+
+
+Eastlake 3rd & Hansen Informational [Page 93]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ printf(" Length=%d bytes (%d bits), ", length, length * 8);
+ printf("ExtraBits %d: %2.2x\n", numberExtrabits, extrabits);
+ }
+
+ memset(&sha, '\343', sizeof(sha)); /* force bad data into struct */
+ memset(&hmac, '\343', sizeof(hmac));
+ err = keyarray ? hmacReset(&hmac, hashes[hashno].whichSha,
+ keyarray, keylen) :
+ USHAReset(&sha, hashes[hashno].whichSha);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hash(): %sReset Error %d.\n",
+ keyarray ? "hmac" : "sha", err);
+ return err;
+ }
+
+ for (i = 0; i < repeatcount; ++i) {
+ err = keyarray ? hmacInput(&hmac, (const uint8_t *) testarray,
+ length) :
+ USHAInput(&sha, (const uint8_t *) testarray,
+ length);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hash(): %sInput Error %d.\n",
+ keyarray ? "hmac" : "sha", err);
+ return err;
+ }
+ }
+
+ if (numberExtrabits > 0) {
+ err = keyarray ? hmacFinalBits(&hmac, (uint8_t) extrabits,
+ numberExtrabits) :
+ USHAFinalBits(&sha, (uint8_t) extrabits,
+ numberExtrabits);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hash(): %sFinalBits Error %d.\n",
+ keyarray ? "hmac" : "sha", err);
+ return err;
+ }
+ }
+
+ err = keyarray ? hmacResult(&hmac, Message_Digest) :
+ USHAResult(&sha, Message_Digest);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hash(): %s Result Error %d, could not "
+ "compute message digest.\n", keyarray ? "hmac" : "sha", err);
+ return err;
+ }
+
+ sprintf(buf, "%d", testno+1);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 94]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ printResult(Message_Digest, hashsize, hashes[hashno].name,
+ keyarray ? "hmac standard test" : "sha standard test", buf,
+ resultarray, printResults, printPassFail);
+
+ return err;
+}
+
+/*
+ * Exercise a hash series of functions. The input is a filename.
+ * If the result is known, it is in resultarray in uppercase hex.
+ */
+int hashfile(int hashno, const char *hashfilename, int bits,
+ int bitcount, int skipSpaces, const unsigned char *keyarray,
+ int keylen, const char *resultarray, int hashsize,
+ int printResults, int printPassFail)
+{
+ USHAContext sha;
+ HMACContext hmac;
+ int err, nread, c;
+ unsigned char buf[4096];
+ uint8_t Message_Digest[USHAMaxHashSize];
+ unsigned char cc;
+ FILE *hashfp = (strcmp(hashfilename, "-") == 0) ? stdin :
+ fopen(hashfilename, "r");
+
+ if (!hashfp) {
+ fprintf(stderr, "cannot open file '%s'\n", hashfilename);
+ return shaStateError;
+ }
+
+ memset(&sha, '\343', sizeof(sha)); /* force bad data into struct */
+ memset(&hmac, '\343', sizeof(hmac));
+ err = keyarray ? hmacReset(&hmac, hashes[hashno].whichSha,
+ keyarray, keylen) :
+ USHAReset(&sha, hashes[hashno].whichSha);
+
+ if (err != shaSuccess) {
+ fprintf(stderr, "hashfile(): %sReset Error %d.\n",
+ keyarray ? "hmac" : "sha", err);
+ return err;
+ }
+
+ if (skipSpaces)
+ while ((c = getc(hashfp)) != EOF) {
+ if (!isspace(c)) {
+ cc = (unsigned char)c;
+ err = keyarray ? hmacInput(&hmac, &cc, 1) :
+ USHAInput(&sha, &cc, 1);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 95]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ if (err != shaSuccess) {
+ fprintf(stderr, "hashfile(): %sInput Error %d.\n",
+ keyarray ? "hmac" : "sha", err);
+ if (hashfp != stdin) fclose(hashfp);
+ return err;
+ }
+ }
+ }
+ else
+ while ((nread = fread(buf, 1, sizeof(buf), hashfp)) > 0) {
+ err = keyarray ? hmacInput(&hmac, buf, nread) :
+ USHAInput(&sha, buf, nread);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hashfile(): %s Error %d.\n",
+ keyarray ? "hmacInput" : "shaInput", err);
+ if (hashfp != stdin) fclose(hashfp);
+ return err;
+ }
+ }
+
+ if (bitcount > 0)
+ err = keyarray ? hmacFinalBits(&hmac, bits, bitcount) :
+ USHAFinalBits(&sha, bits, bitcount);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hashfile(): %s Error %d.\n",
+ keyarray ? "hmacResult" : "shaResult", err);
+ if (hashfp != stdin) fclose(hashfp);
+ return err;
+ }
+
+ err = keyarray ? hmacResult(&hmac, Message_Digest) :
+ USHAResult(&sha, Message_Digest);
+ if (err != shaSuccess) {
+ fprintf(stderr, "hashfile(): %s Error %d.\n",
+ keyarray ? "hmacResult" : "shaResult", err);
+ if (hashfp != stdin) fclose(hashfp);
+ return err;
+ }
+
+ printResult(Message_Digest, hashsize, hashes[hashno].name, "file",
+ hashfilename, resultarray, printResults, printPassFail);
+
+ if (hashfp != stdin) fclose(hashfp);
+ return err;
+}
+
+/*
+ * Exercise a hash series of functions through multiple permutations.
+
+
+
+Eastlake 3rd & Hansen Informational [Page 96]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ * The input is an initial seed. That seed is replicated 3 times.
+ * For 1000 rounds, the previous three results are used as the input.
+ * This result is then checked, and used to seed the next cycle.
+ * If the result is known, it is in resultarrays in uppercase hex.
+ */
+void randomtest(int hashno, const char *seed, int hashsize,
+ const char **resultarrays, int randomcount,
+ int printResults, int printPassFail)
+{
+ int i, j; char buf[20];
+ unsigned char SEED[USHAMaxHashSize], MD[1003][USHAMaxHashSize];
+
+ /* INPUT: Seed - A random seed n bits long */
+ memcpy(SEED, seed, hashsize);
+ if (printResults == PRINTTEXT) {
+ printf("%s random test seed= '", hashes[hashno].name);
+ printxstr(seed, hashsize);
+ printf("'\n");
+ }
+
+ for (j = 0; j < randomcount; j++) {
+ /* MD0 = MD1 = MD2 = Seed; */
+ memcpy(MD[0], SEED, hashsize);
+ memcpy(MD[1], SEED, hashsize);
+ memcpy(MD[2], SEED, hashsize);
+ for (i=3; i<1003; i++) {
+ /* Mi = MDi-3 || MDi-2 || MDi-1; */
+ USHAContext Mi;
+ memset(&Mi, '\343', sizeof(Mi)); /* force bad data into struct */
+ USHAReset(&Mi, hashes[hashno].whichSha);
+ USHAInput(&Mi, MD[i-3], hashsize);
+ USHAInput(&Mi, MD[i-2], hashsize);
+ USHAInput(&Mi, MD[i-1], hashsize);
+ /* MDi = SHA(Mi); */
+ USHAResult(&Mi, MD[i]);
+ }
+
+ /* MDj = Seed = MDi; */
+ memcpy(SEED, MD[i-1], hashsize);
+
+ /* OUTPUT: MDj */
+ sprintf(buf, "%d", j);
+ printResult(SEED, hashsize, hashes[hashno].name, "random test",
+ buf, resultarrays ? resultarrays[j] : 0, printResults,
+ (j < RANDOMCOUNT) ? printPassFail : 0);
+ }
+}
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 97]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+/*
+ * Look up a hash name.
+ */
+int findhash(const char *argv0, const char *opt)
+{
+ int i;
+ const char *names[HASHCOUNT][2] = {
+ { "0", "sha1" }, { "1", "sha224" }, { "2", "sha256" },
+ { "3", "sha384" }, { "4", "sha512" }
+ };
+
+ for (i = 0; i < HASHCOUNT; i++)
+ if ((strcmp(opt, names[i][0]) == 0) ||
+ (scasecmp(opt, names[i][1]) == 0))
+ return i;
+
+ fprintf(stderr, "%s: Unknown hash name: '%s'\n", argv0, opt);
+ usage(argv0);
+ return 0;
+}
+
+/*
+ * Run some tests that should invoke errors.
+ */
+void testErrors(int hashnolow, int hashnohigh, int printResults,
+ int printPassFail)
+{
+ USHAContext usha;
+ uint8_t Message_Digest[USHAMaxHashSize];
+ int hashno, err;
+
+ for (hashno = hashnolow; hashno <= hashnohigh; hashno++) {
+ memset(&usha, '\343', sizeof(usha)); /* force bad data */
+ USHAReset(&usha, hashno);
+ USHAResult(&usha, Message_Digest);
+ err = USHAInput(&usha, (const unsigned char *)"foo", 3);
+ if (printResults == PRINTTEXT)
+ printf ("\nError %d. Should be %d.\n", err, shaStateError);
+ if ((printPassFail == PRINTPASSFAIL) ||
+ ((printPassFail == PRINTFAIL) && (err != shaStateError)))
+ printf("%s se: %s\n", hashes[hashno].name,
+ (err == shaStateError) ? "PASSED" : "FAILED");
+
+ err = USHAFinalBits(&usha, 0x80, 3);
+ if (printResults == PRINTTEXT)
+ printf ("\nError %d. Should be %d.\n", err, shaStateError);
+ if ((printPassFail == PRINTPASSFAIL) ||
+ ((printPassFail == PRINTFAIL) && (err != shaStateError)))
+
+
+
+Eastlake 3rd & Hansen Informational [Page 98]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ printf("%s se: %s\n", hashes[hashno].name,
+ (err == shaStateError) ? "PASSED" : "FAILED");
+
+ err = USHAReset(0, hashes[hashno].whichSha);
+ if (printResults == PRINTTEXT)
+ printf("\nError %d. Should be %d.\n", err, shaNull);
+ if ((printPassFail == PRINTPASSFAIL) ||
+ ((printPassFail == PRINTFAIL) && (err != shaNull)))
+ printf("%s usha null: %s\n", hashes[hashno].name,
+ (err == shaNull) ? "PASSED" : "FAILED");
+
+ switch (hashno) {
+ case SHA1: err = SHA1Reset(0); break;
+ case SHA224: err = SHA224Reset(0); break;
+ case SHA256: err = SHA256Reset(0); break;
+ case SHA384: err = SHA384Reset(0); break;
+ case SHA512: err = SHA512Reset(0); break;
+ }
+ if (printResults == PRINTTEXT)
+ printf("\nError %d. Should be %d.\n", err, shaNull);
+ if ((printPassFail == PRINTPASSFAIL) ||
+ ((printPassFail == PRINTFAIL) && (err != shaNull)))
+ printf("%s sha null: %s\n", hashes[hashno].name,
+ (err == shaNull) ? "PASSED" : "FAILED");
+ }
+}
+
+/* replace a hex string in place with its value */
+int unhexStr(char *hexstr)
+{
+ char *o = hexstr;
+ int len = 0, nibble1 = 0, nibble2 = 0;
+ if (!hexstr) return 0;
+ for ( ; *hexstr; hexstr++) {
+ if (isalpha((int)(unsigned char)(*hexstr))) {
+ nibble1 = tolower(*hexstr) - 'a' + 10;
+ } else if (isdigit((int)(unsigned char)(*hexstr))) {
+ nibble1 = *hexstr - '0';
+ } else {
+ printf("\nError: bad hex character '%c'\n", *hexstr);
+ }
+ if (!*++hexstr) break;
+ if (isalpha((int)(unsigned char)(*hexstr))) {
+ nibble2 = tolower(*hexstr) - 'a' + 10;
+ } else if (isdigit((int)(unsigned char)(*hexstr))) {
+ nibble2 = *hexstr - '0';
+ } else {
+ printf("\nError: bad hex character '%c'\n", *hexstr);
+
+
+
+Eastlake 3rd & Hansen Informational [Page 99]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ }
+ *o++ = (char)((nibble1 << 4) | nibble2);
+ len++;
+ }
+ return len;
+}
+
+int main(int argc, char **argv)
+{
+ int i, err;
+ int loopno, loopnohigh = 1;
+ int hashno, hashnolow = 0, hashnohigh = HASHCOUNT - 1;
+ int testno, testnolow = 0, testnohigh;
+ int ntestnohigh = 0;
+ int printResults = PRINTTEXT;
+ int printPassFail = 1;
+ int checkErrors = 0;
+ char *hashstr = 0;
+ int hashlen = 0;
+ const char *resultstr = 0;
+ char *randomseedstr = 0;
+ int runHmacTests = 0;
+ char *hmacKey = 0;
+ int hmaclen = 0;
+ int randomcount = RANDOMCOUNT;
+ const char *hashfilename = 0;
+ const char *hashFilename = 0;
+ int extrabits = 0, numberExtrabits = 0;
+ int strIsHex = 0;
+
+ while ((i = xgetopt(argc, argv, "b:B:ef:F:h:Hk:l:mpPr:R:s:S:t:wxX"))
+ != -1)
+ switch (i) {
+ case 'b': extrabits = strtol(xoptarg, 0, 0); break;
+ case 'B': numberExtrabits = atoi(xoptarg); break;
+ case 'e': checkErrors = 1; break;
+ case 'f': hashfilename = xoptarg; break;
+ case 'F': hashFilename = xoptarg; break;
+ case 'h': hashnolow = hashnohigh = findhash(argv[0], xoptarg);
+ break;
+ case 'H': strIsHex = 1; break;
+ case 'k': hmacKey = xoptarg; hmaclen = strlen(xoptarg); break;
+ case 'l': loopnohigh = atoi(xoptarg); break;
+ case 'm': runHmacTests = 1; break;
+ case 'P': printPassFail = 0; break;
+ case 'p': printResults = PRINTNONE; break;
+ case 'R': randomcount = atoi(xoptarg); break;
+ case 'r': randomseedstr = xoptarg; break;
+
+
+
+Eastlake 3rd & Hansen Informational [Page 100]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ case 's': hashstr = xoptarg; hashlen = strlen(hashstr); break;
+ case 'S': resultstr = xoptarg; break;
+ case 't': testnolow = ntestnohigh = atoi(xoptarg) - 1; break;
+ case 'w': printResults = PRINTRAW; break;
+ case 'x': printResults = PRINTHEX; break;
+ case 'X': printPassFail = 2; break;
+ default: usage(argv[0]);
+ }
+
+ if (strIsHex) {
+ hashlen = unhexStr(hashstr);
+ unhexStr(randomseedstr);
+ hmaclen = unhexStr(hmacKey);
+ }
+ testnohigh = (ntestnohigh != 0) ? ntestnohigh:
+ runHmacTests ? (HMACTESTCOUNT-1) : (TESTCOUNT-1);
+ if ((testnolow < 0) ||
+ (testnohigh >= (runHmacTests ? HMACTESTCOUNT : TESTCOUNT)) ||
+ (hashnolow < 0) || (hashnohigh >= HASHCOUNT) ||
+ (hashstr && (testnolow == testnohigh)) ||
+ (randomcount < 0) ||
+ (resultstr && (!hashstr && !hashfilename && !hashFilename)) ||
+ ((runHmacTests || hmacKey) && randomseedstr) ||
+ (hashfilename && hashFilename))
+ usage(argv[0]);
+
+ /*
+ * Perform SHA/HMAC tests
+ */
+ for (hashno = hashnolow; hashno <= hashnohigh; ++hashno) {
+ if (printResults == PRINTTEXT)
+ printf("Hash %s\n", hashes[hashno].name);
+ err = shaSuccess;
+
+ for (loopno = 1; (loopno <= loopnohigh) && (err == shaSuccess);
+ ++loopno) {
+ if (hashstr)
+ err = hash(0, loopno, hashno, hashstr, hashlen, 1,
+ numberExtrabits, extrabits, (const unsigned char *)hmacKey,
+ hmaclen, resultstr, hashes[hashno].hashsize, printResults,
+ printPassFail);
+
+ else if (randomseedstr)
+ randomtest(hashno, randomseedstr, hashes[hashno].hashsize, 0,
+ randomcount, printResults, printPassFail);
+
+ else if (hashfilename)
+ err = hashfile(hashno, hashfilename, extrabits,
+
+
+
+Eastlake 3rd & Hansen Informational [Page 101]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ numberExtrabits, 0,
+ (const unsigned char *)hmacKey, hmaclen,
+ resultstr, hashes[hashno].hashsize,
+ printResults, printPassFail);
+
+ else if (hashFilename)
+ err = hashfile(hashno, hashFilename, extrabits,
+ numberExtrabits, 1,
+ (const unsigned char *)hmacKey, hmaclen,
+ resultstr, hashes[hashno].hashsize,
+ printResults, printPassFail);
+
+ else /* standard tests */ {
+ for (testno = testnolow;
+ (testno <= testnohigh) && (err == shaSuccess); ++testno) {
+ if (runHmacTests) {
+ err = hash(testno, loopno, hashno,
+ hmachashes[testno].dataarray[hashno] ?
+ hmachashes[testno].dataarray[hashno] :
+ hmachashes[testno].dataarray[1] ?
+ hmachashes[testno].dataarray[1] :
+ hmachashes[testno].dataarray[0],
+ hmachashes[testno].datalength[hashno] ?
+ hmachashes[testno].datalength[hashno] :
+ hmachashes[testno].datalength[1] ?
+ hmachashes[testno].datalength[1] :
+ hmachashes[testno].datalength[0],
+ 1, 0, 0,
+ (const unsigned char *)(
+ hmachashes[testno].keyarray[hashno] ?
+ hmachashes[testno].keyarray[hashno] :
+ hmachashes[testno].keyarray[1] ?
+ hmachashes[testno].keyarray[1] :
+ hmachashes[testno].keyarray[0]),
+ hmachashes[testno].keylength[hashno] ?
+ hmachashes[testno].keylength[hashno] :
+ hmachashes[testno].keylength[1] ?
+ hmachashes[testno].keylength[1] :
+ hmachashes[testno].keylength[0],
+ hmachashes[testno].resultarray[hashno],
+ hmachashes[testno].resultlength[hashno],
+ printResults, printPassFail);
+ } else {
+ err = hash(testno, loopno, hashno,
+ hashes[hashno].tests[testno].testarray,
+ hashes[hashno].tests[testno].length,
+ hashes[hashno].tests[testno].repeatcount,
+ hashes[hashno].tests[testno].numberExtrabits,
+
+
+
+Eastlake 3rd & Hansen Informational [Page 102]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ hashes[hashno].tests[testno].extrabits, 0, 0,
+ hashes[hashno].tests[testno].resultarray,
+ hashes[hashno].hashsize,
+ printResults, printPassFail);
+ }
+ }
+
+ if (!runHmacTests) {
+ randomtest(hashno, hashes[hashno].randomtest,
+ hashes[hashno].hashsize, hashes[hashno].randomresults,
+ RANDOMCOUNT, printResults, printPassFail);
+ }
+ }
+ }
+ }
+
+ /* Test some error returns */
+ if (checkErrors) {
+ testErrors(hashnolow, hashnohigh, printResults, printPassFail);
+ }
+
+ return 0;
+}
+
+/*
+ * Compare two strings, case independently.
+ * Equivalent to strcasecmp() found on some systems.
+ */
+int scasecmp(const char *s1, const char *s2)
+{
+ for (;;) {
+ char u1 = tolower(*s1++);
+ char u2 = tolower(*s2++);
+ if (u1 != u2)
+ return u1 - u2;
+ if (u1 == '\0')
+ return 0;
+ }
+}
+
+/*
+ * This is a copy of getopt provided for those systems that do not
+ * have it. The name was changed to xgetopt to not conflict on those
+ * systems that do have it. Similarly, optarg, optind and opterr
+ * were renamed to xoptarg, xoptind and xopterr.
+ *
+ * Copyright 1990, 1991, 1992 by the Massachusetts Institute of
+ * Technology and UniSoft Group Limited.
+
+
+
+Eastlake 3rd & Hansen Informational [Page 103]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appear in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the names of MIT and UniSoft not
+ * be used in advertising or publicity pertaining to distribution of
+ * the software without specific, written prior permission. MIT and
+ * UniSoft make no representations about the suitability of this
+ * software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * $XConsortium: getopt.c,v 1.2 92/07/01 11:59:04 rws Exp $
+ * NB: Reformatted to match above style.
+ */
+
+char *xoptarg;
+int xoptind = 1;
+int xopterr = 1;
+
+static int xgetopt(int argc, char **argv, const char *optstring)
+{
+ static int avplace;
+ char *ap;
+ char *cp;
+ int c;
+
+ if (xoptind >= argc)
+ return EOF;
+
+ ap = argv[xoptind] + avplace;
+
+ /* At beginning of arg but not an option */
+ if (avplace == 0) {
+ if (ap[0] != '-')
+ return EOF;
+ else if (ap[1] == '-') {
+ /* Special end of options option */
+ xoptind++;
+ return EOF;
+ } else if (ap[1] == '\0')
+ return EOF; /* single '-' is not allowed */
+ }
+
+ /* Get next letter */
+ avplace++;
+ c = *++ap;
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 104]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+ cp = strchr(optstring, c);
+ if (cp == NULL || c == ':') {
+ if (xopterr)
+ fprintf(stderr, "Unrecognised option -- %c\n", c);
+ return '?';
+ }
+
+ if (cp[1] == ':') {
+ /* There should be an option arg */
+ avplace = 0;
+ if (ap[1] == '\0') {
+ /* It is a separate arg */
+ if (++xoptind >= argc) {
+ if (xopterr)
+ fprintf(stderr, "Option requires an argument\n");
+ return '?';
+ }
+ xoptarg = argv[xoptind++];
+ } else {
+ /* is attached to option letter */
+ xoptarg = ap + 1;
+ ++xoptind;
+ }
+ } else {
+ /* If we are out of letters then go to next arg */
+ if (ap[1] == '\0') {
+ ++xoptind;
+ avplace = 0;
+ }
+
+ xoptarg = NULL;
+ }
+ return c;
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 105]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+9. Security Considerations
+
+ This document is intended to provides the Internet community
+ convenient access to source code that implements the United States of
+ America Federal Information Processing Standard Secure Hash
+ Algorithms (SHAs) [FIPS180-2] and HMACs based upon these one-way hash
+ functions. See license in Section 1.1. No independent assertion of
+ the security of this hash function by the authors for any particular
+ use is intended.
+
+10. Normative References
+
+ [FIPS180-2] "Secure Hash Standard", United States of America,
+ National Institute of Standards and Technology, Federal
+ Information Processing Standard (FIPS) 180-2,
+ http://csrc.nist.gov/publications/fips/fips180-2/
+ fips180-2withchangenotice.pdf.
+
+ [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
+ Hashing for Message Authentication", RFC 2104, February
+ 1997.
+
+11. Informative References
+
+ [RFC2202] Cheng, P. and R. Glenn, "Test Cases for HMAC-MD5 and
+ HMAC-SHA-1", RFC 2202, September 1997.
+
+ [RFC3174] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm
+ 1 (SHA1)", RFC 3174, September 2001.
+
+ [RFC3874] Housley, R., "A 224-bit One-way Hash Function: SHA-224",
+ RFC 3874, September 2004.
+
+ [RFC4086] Eastlake, D., 3rd, Schiller, J., and S. Crocker,
+ "Randomness Requirements for Security", BCP 106, RFC
+ 4086, June 2005.
+
+ [RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA-
+ 224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", RFC
+ 4231, December 2005.
+
+ [SHAVS] "The Secure Hash Algorithm Validation System (SHAVS)",
+ http://csrc.nist.gov/cryptval/shs/SHAVS.pdf.
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 106]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+Authors' Addresses
+
+ Donald E. Eastlake, 3rd
+ Motorola Laboratories
+ 155 Beaver Street
+ Milford, MA 01757 USA
+
+ Phone: +1-508-786-7554 (w)
+ EMail: donald.eastlake@motorola.com
+
+
+ Tony Hansen
+ AT&T Laboratories
+ 200 Laurel Ave.
+ Middletown, NJ 07748 USA
+
+ Phone: +1-732-420-8934 (w)
+ EMail: tony+shs@maillennium.att.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 107]
+
+RFC 4634 SHAs and HMAC-SHAs July 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Eastlake 3rd & Hansen Informational [Page 108]
+
diff --git a/doc/rfc/rfc4641.txt b/doc/rfc/rfc4641.txt
new file mode 100644
index 00000000..0a013bcb
--- /dev/null
+++ b/doc/rfc/rfc4641.txt
@@ -0,0 +1,1963 @@
+
+
+
+
+
+
+Network Working Group O. Kolkman
+Request for Comments: 4641 R. Gieben
+Obsoletes: 2541 NLnet Labs
+Category: Informational September 2006
+
+
+ DNSSEC Operational Practices
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2006).
+
+Abstract
+
+ This document describes a set of practices for operating the DNS with
+ security extensions (DNSSEC). The target audience is zone
+ administrators deploying DNSSEC.
+
+ The document discusses operational aspects of using keys and
+ signatures in the DNS. It discusses issues of key generation, key
+ storage, signature generation, key rollover, and related policies.
+
+ This document obsoletes RFC 2541, as it covers more operational
+ ground and gives more up-to-date requirements with respect to key
+ sizes and the new DNSSEC specification.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 1]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+Table of Contents
+
+ 1. Introduction ....................................................3
+ 1.1. The Use of the Term 'key' ..................................4
+ 1.2. Time Definitions ...........................................4
+ 2. Keeping the Chain of Trust Intact ...............................5
+ 3. Keys Generation and Storage .....................................6
+ 3.1. Zone and Key Signing Keys ..................................6
+ 3.1.1. Motivations for the KSK and ZSK Separation ..........6
+ 3.1.2. KSKs for High-Level Zones ...........................7
+ 3.2. Key Generation .............................................8
+ 3.3. Key Effectivity Period .....................................8
+ 3.4. Key Algorithm ..............................................9
+ 3.5. Key Sizes ..................................................9
+ 3.6. Private Key Storage .......................................11
+ 4. Signature Generation, Key Rollover, and Related Policies .......12
+ 4.1. Time in DNSSEC ............................................12
+ 4.1.1. Time Considerations ................................12
+ 4.2. Key Rollovers .............................................14
+ 4.2.1. Zone Signing Key Rollovers .........................14
+ 4.2.1.1. Pre-Publish Key Rollover ..................15
+ 4.2.1.2. Double Signature Zone Signing Key
+ Rollover ..................................17
+ 4.2.1.3. Pros and Cons of the Schemes ..............18
+ 4.2.2. Key Signing Key Rollovers ..........................18
+ 4.2.3. Difference Between ZSK and KSK Rollovers ...........20
+ 4.2.4. Automated Key Rollovers ............................21
+ 4.3. Planning for Emergency Key Rollover .......................21
+ 4.3.1. KSK Compromise .....................................22
+ 4.3.1.1. Keeping the Chain of Trust Intact .........22
+ 4.3.1.2. Breaking the Chain of Trust ...............23
+ 4.3.2. ZSK Compromise .....................................23
+ 4.3.3. Compromises of Keys Anchored in Resolvers ..........24
+ 4.4. Parental Policies .........................................24
+ 4.4.1. Initial Key Exchanges and Parental Policies
+ Considerations .....................................24
+ 4.4.2. Storing Keys or Hashes? ............................25
+ 4.4.3. Security Lameness ..................................25
+ 4.4.4. DS Signature Validity Period .......................26
+ 5. Security Considerations ........................................26
+ 6. Acknowledgments ................................................26
+ 7. References .....................................................27
+ 7.1. Normative References ......................................27
+ 7.2. Informative References ....................................28
+ Appendix A. Terminology ...........................................30
+ Appendix B. Zone Signing Key Rollover How-To ......................31
+ Appendix C. Typographic Conventions ...............................32
+
+
+
+
+Kolkman & Gieben Informational [Page 2]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+1. Introduction
+
+ This document describes how to run a DNS Security (DNSSEC)-enabled
+ environment. It is intended for operators who have knowledge of the
+ DNS (see RFC 1034 [1] and RFC 1035 [2]) and want to deploy DNSSEC.
+ See RFC 4033 [4] for an introduction to DNSSEC, RFC 4034 [5] for the
+ newly introduced Resource Records (RRs), and RFC 4035 [6] for the
+ protocol changes.
+
+ During workshops and early operational deployment tests, operators
+ and system administrators have gained experience about operating the
+ DNS with security extensions (DNSSEC). This document translates
+ these experiences into a set of practices for zone administrators.
+ At the time of writing, there exists very little experience with
+ DNSSEC in production environments; this document should therefore
+ explicitly not be seen as representing 'Best Current Practices'.
+
+ The procedures herein are focused on the maintenance of signed zones
+ (i.e., signing and publishing zones on authoritative servers). It is
+ intended that maintenance of zones such as re-signing or key
+ rollovers be transparent to any verifying clients on the Internet.
+
+ The structure of this document is as follows. In Section 2, we
+ discuss the importance of keeping the "chain of trust" intact.
+ Aspects of key generation and storage of private keys are discussed
+ in Section 3; the focus in this section is mainly on the private part
+ of the key(s). Section 4 describes considerations concerning the
+ public part of the keys. Since these public keys appear in the DNS
+ one has to take into account all kinds of timing issues, which are
+ discussed in Section 4.1. Section 4.2 and Section 4.3 deal with the
+ rollover, or supercession, of keys. Finally, Section 4.4 discusses
+ considerations on how parents deal with their children's public keys
+ in order to maintain chains of trust.
+
+ The typographic conventions used in this document are explained in
+ Appendix C.
+
+ Since this is a document with operational suggestions and there are
+ no protocol specifications, the RFC 2119 [7] language does not apply.
+
+ This document obsoletes RFC 2541 [12] to reflect the evolution of the
+ underlying DNSSEC protocol since then. Changes in the choice of
+ cryptographic algorithms, DNS record types and type names, and the
+ parent-child key and signature exchange demanded a major rewrite and
+ additional information and explanation.
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 3]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+1.1. The Use of the Term 'key'
+
+ It is assumed that the reader is familiar with the concept of
+ asymmetric keys on which DNSSEC is based (public key cryptography
+ [17]). Therefore, this document will use the term 'key' rather
+ loosely. Where it is written that 'a key is used to sign data' it is
+ assumed that the reader understands that it is the private part of
+ the key pair that is used for signing. It is also assumed that the
+ reader understands that the public part of the key pair is published
+ in the DNSKEY Resource Record and that it is the public part that is
+ used in key exchanges.
+
+1.2. Time Definitions
+
+ In this document, we will be using a number of time-related terms.
+ The following definitions apply:
+
+ o "Signature validity period" The period that a signature is valid.
+ It starts at the time specified in the signature inception field
+ of the RRSIG RR and ends at the time specified in the expiration
+ field of the RRSIG RR.
+
+ o "Signature publication period" Time after which a signature (made
+ with a specific key) is replaced with a new signature (made with
+ the same key). This replacement takes place by publishing the
+ relevant RRSIG in the master zone file. After one stops
+ publishing an RRSIG in a zone, it may take a while before the
+ RRSIG has expired from caches and has actually been removed from
+ the DNS.
+
+ o "Key effectivity period" The period during which a key pair is
+ expected to be effective. This period is defined as the time
+ between the first inception time stamp and the last expiration
+ date of any signature made with this key, regardless of any
+ discontinuity in the use of the key. The key effectivity period
+ can span multiple signature validity periods.
+
+ o "Maximum/Minimum Zone Time to Live (TTL)" The maximum or minimum
+ value of the TTLs from the complete set of RRs in a zone. Note
+ that the minimum TTL is not the same as the MINIMUM field in the
+ SOA RR. See [11] for more information.
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 4]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+2. Keeping the Chain of Trust Intact
+
+ Maintaining a valid chain of trust is important because broken chains
+ of trust will result in data being marked as Bogus (as defined in [4]
+ Section 5), which may cause entire (sub)domains to become invisible
+ to verifying clients. The administrators of secured zones have to
+ realize that their zone is, to verifying clients, part of a chain of
+ trust.
+
+ As mentioned in the introduction, the procedures herein are intended
+ to ensure that maintenance of zones, such as re-signing or key
+ rollovers, will be transparent to the verifying clients on the
+ Internet.
+
+ Administrators of secured zones will have to keep in mind that data
+ published on an authoritative primary server will not be immediately
+ seen by verifying clients; it may take some time for the data to be
+ transferred to other secondary authoritative nameservers and clients
+ may be fetching data from caching non-authoritative servers. In this
+ light, note that the time for a zone transfer from master to slave is
+ negligible when using NOTIFY [9] and incremental transfer (IXFR) [8].
+ It increases when full zone transfers (AXFR) are used in combination
+ with NOTIFY. It increases even more if you rely on full zone
+ transfers based on only the SOA timing parameters for refresh.
+
+ For the verifying clients, it is important that data from secured
+ zones can be used to build chains of trust regardless of whether the
+ data came directly from an authoritative server, a caching
+ nameserver, or some middle box. Only by carefully using the
+ available timing parameters can a zone administrator ensure that the
+ data necessary for verification can be obtained.
+
+ The responsibility for maintaining the chain of trust is shared by
+ administrators of secured zones in the chain of trust. This is most
+ obvious in the case of a 'key compromise' when a trade-off between
+ maintaining a valid chain of trust and replacing the compromised keys
+ as soon as possible must be made. Then zone administrators will have
+ to make a trade-off, between keeping the chain of trust intact --
+ thereby allowing for attacks with the compromised key -- or
+ deliberately breaking the chain of trust and making secured
+ subdomains invisible to security-aware resolvers. Also see Section
+ 4.3.
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 5]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+3. Keys Generation and Storage
+
+ This section describes a number of considerations with respect to the
+ security of keys. It deals with the generation, effectivity period,
+ size, and storage of private keys.
+
+3.1. Zone and Key Signing Keys
+
+ The DNSSEC validation protocol does not distinguish between different
+ types of DNSKEYs. All DNSKEYs can be used during the validation. In
+ practice, operators use Key Signing and Zone Signing Keys and use the
+ so-called Secure Entry Point (SEP) [3] flag to distinguish between
+ them during operations. The dynamics and considerations are
+ discussed below.
+
+ To make zone re-signing and key rollover procedures easier to
+ implement, it is possible to use one or more keys as Key Signing Keys
+ (KSKs). These keys will only sign the apex DNSKEY RRSet in a zone.
+ Other keys can be used to sign all the RRSets in a zone and are
+ referred to as Zone Signing Keys (ZSKs). In this document, we assume
+ that KSKs are the subset of keys that are used for key exchanges with
+ the parent and potentially for configuration as trusted anchors --
+ the SEP keys. In this document, we assume a one-to-one mapping
+ between KSK and SEP keys and we assume the SEP flag to be set on all
+ KSKs.
+
+3.1.1. Motivations for the KSK and ZSK Separation
+
+ Differentiating between the KSK and ZSK functions has several
+ advantages:
+
+ o No parent/child interaction is required when ZSKs are updated.
+
+ o The KSK can be made stronger (i.e., using more bits in the key
+ material). This has little operational impact since it is only
+ used to sign a small fraction of the zone data. Also, the KSK is
+ only used to verify the zone's key set, not for other RRSets in
+ the zone.
+
+ o As the KSK is only used to sign a key set, which is most probably
+ updated less frequently than other data in the zone, it can be
+ stored separately from and in a safer location than the ZSK.
+
+ o A KSK can have a longer key effectivity period.
+
+ For almost any method of key management and zone signing, the KSK is
+ used less frequently than the ZSK. Once a key set is signed with the
+ KSK, all the keys in the key set can be used as ZSKs. If a ZSK is
+
+
+
+Kolkman & Gieben Informational [Page 6]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ compromised, it can be simply dropped from the key set. The new key
+ set is then re-signed with the KSK.
+
+ Given the assumption that for KSKs the SEP flag is set, the KSK can
+ be distinguished from a ZSK by examining the flag field in the DNSKEY
+ RR. If the flag field is an odd number it is a KSK. If it is an
+ even number it is a ZSK.
+
+ The Zone Signing Key can be used to sign all the data in a zone on a
+ regular basis. When a Zone Signing Key is to be rolled, no
+ interaction with the parent is needed. This allows for signature
+ validity periods on the order of days.
+
+ The Key Signing Key is only to be used to sign the DNSKEY RRs in a
+ zone. If a Key Signing Key is to be rolled over, there will be
+ interactions with parties other than the zone administrator. These
+ can include the registry of the parent zone or administrators of
+ verifying resolvers that have the particular key configured as secure
+ entry points. Hence, the key effectivity period of these keys can
+ and should be made much longer. Although, given a long enough key,
+ the key effectivity period can be on the order of years, we suggest
+ planning for a key effectivity on the order of a few months so that a
+ key rollover remains an operational routine.
+
+3.1.2. KSKs for High-Level Zones
+
+ Higher-level zones are generally more sensitive than lower-level
+ zones. Anyone controlling or breaking the security of a zone thereby
+ obtains authority over all of its subdomains (except in the case of
+ resolvers that have locally configured the public key of a subdomain,
+ in which case this, and only this, subdomain wouldn't be affected by
+ the compromise of the parent zone). Therefore, extra care should be
+ taken with high-level zones, and strong keys should be used.
+
+ The root zone is the most critical of all zones. Someone controlling
+ or compromising the security of the root zone would control the
+ entire DNS namespace of all resolvers using that root zone (except in
+ the case of resolvers that have locally configured the public key of
+ a subdomain). Therefore, the utmost care must be taken in the
+ securing of the root zone. The strongest and most carefully handled
+ keys should be used. The root zone private key should always be kept
+ off-line.
+
+ Many resolvers will start at a root server for their access to and
+ authentication of DNS data. Securely updating the trust anchors in
+ an enormous population of resolvers around the world will be
+ extremely difficult.
+
+
+
+
+Kolkman & Gieben Informational [Page 7]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+3.2. Key Generation
+
+ Careful generation of all keys is a sometimes overlooked but
+ absolutely essential element in any cryptographically secure system.
+ The strongest algorithms used with the longest keys are still of no
+ use if an adversary can guess enough to lower the size of the likely
+ key space so that it can be exhaustively searched. Technical
+ suggestions for the generation of random keys will be found in RFC
+ 4086 [14]. One should carefully assess if the random number
+ generator used during key generation adheres to these suggestions.
+
+ Keys with a long effectivity period are particularly sensitive as
+ they will represent a more valuable target and be subject to attack
+ for a longer time than short-period keys. It is strongly recommended
+ that long-term key generation occur off-line in a manner isolated
+ from the network via an air gap or, at a minimum, high-level secure
+ hardware.
+
+3.3. Key Effectivity Period
+
+ For various reasons, keys in DNSSEC need to be changed once in a
+ while. The longer a key is in use, the greater the probability that
+ it will have been compromised through carelessness, accident,
+ espionage, or cryptanalysis. Furthermore, when key rollovers are too
+ rare an event, they will not become part of the operational habit and
+ there is risk that nobody on-site will remember the procedure for
+ rollover when the need is there.
+
+ From a purely operational perspective, a reasonable key effectivity
+ period for Key Signing Keys is 13 months, with the intent to replace
+ them after 12 months. An intended key effectivity period of a month
+ is reasonable for Zone Signing Keys.
+
+ For key sizes that match these effectivity periods, see Section 3.5.
+
+ As argued in Section 3.1.2, securely updating trust anchors will be
+ extremely difficult. On the other hand, the "operational habit"
+ argument does also apply to trust anchor reconfiguration. If a short
+ key effectivity period is used and the trust anchor configuration has
+ to be revisited on a regular basis, the odds that the configuration
+ tends to be forgotten is smaller. The trade-off is against a system
+ that is so dynamic that administrators of the validating clients will
+ not be able to follow the modifications.
+
+ Key effectivity periods can be made very short, as in a few minutes.
+ But when replacing keys one has to take the considerations from
+ Section 4.1 and Section 4.2 into account.
+
+
+
+
+Kolkman & Gieben Informational [Page 8]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+3.4. Key Algorithm
+
+ There are currently three different types of algorithms that can be
+ used in DNSSEC: RSA, DSA, and elliptic curve cryptography. The
+ latter is fairly new and has yet to be standardized for usage in
+ DNSSEC.
+
+ RSA has been developed in an open and transparent manner. As the
+ patent on RSA expired in 2000, its use is now also free.
+
+ DSA has been developed by the National Institute of Standards and
+ Technology (NIST). The creation of signatures takes roughly the same
+ time as with RSA, but is 10 to 40 times as slow for verification
+ [17].
+
+ We suggest the use of RSA/SHA-1 as the preferred algorithm for the
+ key. The current known attacks on RSA can be defeated by making your
+ key longer. As the MD5 hashing algorithm is showing cracks, we
+ recommend the usage of SHA-1.
+
+ At the time of publication, it is known that the SHA-1 hash has
+ cryptanalysis issues. There is work in progress on addressing these
+ issues. We recommend the use of public key algorithms based on
+ hashes stronger than SHA-1 (e.g., SHA-256), as soon as these
+ algorithms are available in protocol specifications (see [19] and
+ [20]) and implementations.
+
+3.5. Key Sizes
+
+ When choosing key sizes, zone administrators will need to take into
+ account how long a key will be used, how much data will be signed
+ during the key publication period (see Section 8.10 of [17]), and,
+ optionally, how large the key size of the parent is. As the chain of
+ trust really is "a chain", there is not much sense in making one of
+ the keys in the chain several times larger then the others. As
+ always, it's the weakest link that defines the strength of the entire
+ chain. Also see Section 3.1.1 for a discussion of how keys serving
+ different roles (ZSK vs. KSK) may need different key sizes.
+
+ Generating a key of the correct size is a difficult problem; RFC 3766
+ [13] tries to deal with that problem. The first part of the
+ selection procedure in Section 1 of the RFC states:
+
+ 1. Determine the attack resistance necessary to satisfy the
+ security requirements of the application. Do this by
+ estimating the minimum number of computer operations that the
+ attacker will be forced to do in order to compromise the
+
+
+
+
+Kolkman & Gieben Informational [Page 9]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ security of the system and then take the logarithm base two of
+ that number. Call that logarithm value "n".
+
+ A 1996 report recommended 90 bits as a good all-around choice
+ for system security. The 90 bit number should be increased by
+ about 2/3 bit/year, or about 96 bits in 2005.
+
+ [13] goes on to explain how this number "n" can be used to calculate
+ the key sizes in public key cryptography. This culminated in the
+ table given below (slightly modified for our purpose):
+
+ +-------------+-----------+--------------+
+ | System | | |
+ | requirement | Symmetric | RSA or DSA |
+ | for attack | key size | modulus size |
+ | resistance | (bits) | (bits) |
+ | (bits) | | |
+ +-------------+-----------+--------------+
+ | 70 | 70 | 947 |
+ | 80 | 80 | 1228 |
+ | 90 | 90 | 1553 |
+ | 100 | 100 | 1926 |
+ | 150 | 150 | 4575 |
+ | 200 | 200 | 8719 |
+ | 250 | 250 | 14596 |
+ +-------------+-----------+--------------+
+
+ The key sizes given are rather large. This is because these keys are
+ resilient against a trillionaire attacker. Assuming this rich
+ attacker will not attack your key and that the key is rolled over
+ once a year, we come to the following recommendations about KSK
+ sizes: 1024 bits for low-value domains, 1300 bits for medium-value
+ domains, and 2048 bits for high-value domains.
+
+ Whether a domain is of low, medium, or high value depends solely on
+ the views of the zone owner. One could, for instance, view leaf
+ nodes in the DNS as of low value, and top-level domains (TLDs) or the
+ root zone of high value. The suggested key sizes should be safe for
+ the next 5 years.
+
+ As ZSKs can be rolled over more easily (and thus more often), the key
+ sizes can be made smaller. But as said in the introduction of this
+ paragraph, making the ZSKs' key sizes too small (in relation to the
+ KSKs' sizes) doesn't make much sense. Try to limit the difference in
+ size to about 100 bits.
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 10]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ Note that nobody can see into the future and that these key sizes are
+ only provided here as a guide. Further information can be found in
+ [16] and Section 7.5 of [17]. It should be noted though that [16] is
+ already considered overly optimistic about what key sizes are
+ considered safe.
+
+ One final note concerning key sizes. Larger keys will increase the
+ sizes of the RRSIG and DNSKEY records and will therefore increase the
+ chance of DNS UDP packet overflow. Also, the time it takes to
+ validate and create RRSIGs increases with larger keys, so don't
+ needlessly double your key sizes.
+
+3.6. Private Key Storage
+
+ It is recommended that, where possible, zone private keys and the
+ zone file master copy that is to be signed be kept and used in off-
+ line, non-network-connected, physically secure machines only.
+ Periodically, an application can be run to add authentication to a
+ zone by adding RRSIG and NSEC RRs. Then the augmented file can be
+ transferred.
+
+ When relying on dynamic update to manage a signed zone [10], be aware
+ that at least one private key of the zone will have to reside on the
+ master server. This key is only as secure as the amount of exposure
+ the server receives to unknown clients and the security of the host.
+ Although not mandatory, one could administer the DNS in the following
+ way. The master that processes the dynamic updates is unavailable
+ from generic hosts on the Internet, it is not listed in the NS RR
+ set, although its name appears in the SOA RRs MNAME field. The
+ nameservers in the NS RRSet are able to receive zone updates through
+ NOTIFY, IXFR, AXFR, or an out-of-band distribution mechanism. This
+ approach is known as the "hidden master" setup.
+
+ The ideal situation is to have a one-way information flow to the
+ network to avoid the possibility of tampering from the network.
+ Keeping the zone master file on-line on the network and simply
+ cycling it through an off-line signer does not do this. The on-line
+ version could still be tampered with if the host it resides on is
+ compromised. For maximum security, the master copy of the zone file
+ should be off-net and should not be updated based on an unsecured
+ network mediated communication.
+
+ In general, keeping a zone file off-line will not be practical and
+ the machines on which zone files are maintained will be connected to
+ a network. Operators are advised to take security measures to shield
+ unauthorized access to the master copy.
+
+
+
+
+
+Kolkman & Gieben Informational [Page 11]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ For dynamically updated secured zones [10], both the master copy and
+ the private key that is used to update signatures on updated RRs will
+ need to be on-line.
+
+4. Signature Generation, Key Rollover, and Related Policies
+
+4.1. Time in DNSSEC
+
+ Without DNSSEC, all times in the DNS are relative. The SOA fields
+ REFRESH, RETRY, and EXPIRATION are timers used to determine the time
+ elapsed after a slave server synchronized with a master server. The
+ Time to Live (TTL) value and the SOA RR minimum TTL parameter [11]
+ are used to determine how long a forwarder should cache data after it
+ has been fetched from an authoritative server. By using a signature
+ validity period, DNSSEC introduces the notion of an absolute time in
+ the DNS. Signatures in DNSSEC have an expiration date after which
+ the signature is marked as invalid and the signed data is to be
+ considered Bogus.
+
+4.1.1. Time Considerations
+
+ Because of the expiration of signatures, one should consider the
+ following:
+
+ o We suggest the Maximum Zone TTL of your zone data to be a fraction
+ of your signature validity period.
+
+ If the TTL would be of similar order as the signature validity
+ period, then all RRSets fetched during the validity period
+ would be cached until the signature expiration time. Section
+ 7.1 of [4] suggests that "the resolver may use the time
+ remaining before expiration of the signature validity period of
+ a signed RRSet as an upper bound for the TTL". As a result,
+ query load on authoritative servers would peak at signature
+ expiration time, as this is also the time at which records
+ simultaneously expire from caches.
+
+ To avoid query load peaks, we suggest the TTL on all the RRs in
+ your zone to be at least a few times smaller than your
+ signature validity period.
+
+ o We suggest the signature publication period to end at least one
+ Maximum Zone TTL duration before the end of the signature validity
+ period.
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 12]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ Re-signing a zone shortly before the end of the signature
+ validity period may cause simultaneous expiration of data from
+ caches. This in turn may lead to peaks in the load on
+ authoritative servers.
+
+ o We suggest the Minimum Zone TTL to be long enough to both fetch
+ and verify all the RRs in the trust chain. In workshop
+ environments, it has been demonstrated [18] that a low TTL (under
+ 5 to 10 minutes) caused disruptions because of the following two
+ problems:
+
+ 1. During validation, some data may expire before the
+ validation is complete. The validator should be able to
+ keep all data until it is completed. This applies to all
+ RRs needed to complete the chain of trust: DSes, DNSKEYs,
+ RRSIGs, and the final answers, i.e., the RRSet that is
+ returned for the initial query.
+
+ 2. Frequent verification causes load on recursive nameservers.
+ Data at delegation points, DSes, DNSKEYs, and RRSIGs
+ benefit from caching. The TTL on those should be
+ relatively long.
+
+ o Slave servers will need to be able to fetch newly signed zones
+ well before the RRSIGs in the zone served by the slave server pass
+ their signature expiration time.
+
+ When a slave server is out of sync with its master and data in
+ a zone is signed by expired signatures, it may be better for
+ the slave server not to give out any answer.
+
+ Normally, a slave server that is not able to contact a master
+ server for an extended period will expire a zone. When that
+ happens, the server will respond differently to queries for
+ that zone. Some servers issue SERVFAIL, whereas others turn
+ off the 'AA' bit in the answers. The time of expiration is set
+ in the SOA record and is relative to the last successful
+ refresh between the master and the slave servers. There exists
+ no coupling between the signature expiration of RRSIGs in the
+ zone and the expire parameter in the SOA.
+
+ If the server serves a DNSSEC zone, then it may well happen
+ that the signatures expire well before the SOA expiration timer
+ counts down to zero. It is not possible to completely prevent
+ this from happening by tweaking the SOA parameters. However,
+ the effects can be minimized where the SOA expiration time is
+ equal to or shorter than the signature validity period. The
+ consequence of an authoritative server not being able to update
+
+
+
+Kolkman & Gieben Informational [Page 13]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ a zone, whilst that zone includes expired signatures, is that
+ non-secure resolvers will continue to be able to resolve data
+ served by the particular slave servers while security-aware
+ resolvers will experience problems because of answers being
+ marked as Bogus.
+
+ We suggest the SOA expiration timer being approximately one
+ third or one fourth of the signature validity period. It will
+ allow problems with transfers from the master server to be
+ noticed before the actual signature times out. We also suggest
+ that operators of nameservers that supply secondary services
+ develop 'watch dogs' to spot upcoming signature expirations in
+ zones they slave, and take appropriate action.
+
+ When determining the value for the expiration parameter one has
+ to take the following into account: What are the chances that
+ all my secondaries expire the zone? How quickly can I reach an
+ administrator of secondary servers to load a valid zone? These
+ questions are not DNSSEC specific but may influence the choice
+ of your signature validity intervals.
+
+4.2. Key Rollovers
+
+ A DNSSEC key cannot be used forever (see Section 3.3). So key
+ rollovers -- or supercessions, as they are sometimes called -- are a
+ fact of life when using DNSSEC. Zone administrators who are in the
+ process of rolling their keys have to take into account that data
+ published in previous versions of their zone still lives in caches.
+ When deploying DNSSEC, this becomes an important consideration;
+ ignoring data that may be in caches may lead to loss of service for
+ clients.
+
+ The most pressing example of this occurs when zone material signed
+ with an old key is being validated by a resolver that does not have
+ the old zone key cached. If the old key is no longer present in the
+ current zone, this validation fails, marking the data "Bogus".
+ Alternatively, an attempt could be made to validate data that is
+ signed with a new key against an old key that lives in a local cache,
+ also resulting in data being marked "Bogus".
+
+4.2.1. Zone Signing Key Rollovers
+
+ For "Zone Signing Key rollovers", there are two ways to make sure
+ that during the rollover data still cached can be verified with the
+ new key sets or newly generated signatures can be verified with the
+ keys still in caches. One schema, described in Section 4.2.1.2, uses
+
+
+
+
+
+Kolkman & Gieben Informational [Page 14]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ double signatures; the other uses key pre-publication (Section
+ 4.2.1.1). The pros, cons, and recommendations are described in
+ Section 4.2.1.3.
+
+4.2.1.1. Pre-Publish Key Rollover
+
+ This section shows how to perform a ZSK rollover without the need to
+ sign all the data in a zone twice -- the "pre-publish key rollover".
+ This method has advantages in the case of a key compromise. If the
+ old key is compromised, the new key has already been distributed in
+ the DNS. The zone administrator is then able to quickly switch to
+ the new key and remove the compromised key from the zone. Another
+ major advantage is that the zone size does not double, as is the case
+ with the double signature ZSK rollover. A small "how-to" for this
+ kind of rollover can be found in Appendix B.
+
+ Pre-publish key rollover involves four stages as follows:
+
+ ----------------------------------------------------------------
+ initial new DNSKEY new RRSIGs DNSKEY removal
+ ----------------------------------------------------------------
+ SOA0 SOA1 SOA2 SOA3
+ RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2) RRSIG11(SOA3)
+
+ DNSKEY1 DNSKEY1 DNSKEY1 DNSKEY1
+ DNSKEY10 DNSKEY10 DNSKEY10 DNSKEY11
+ DNSKEY11 DNSKEY11
+ RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY) RRSIG1 (DNSKEY)
+ RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY)
+ ----------------------------------------------------------------
+
+ Pre-Publish Key Rollover
+
+ initial: Initial version of the zone: DNSKEY 1 is the Key Signing
+ Key. DNSKEY 10 is used to sign all the data of the zone, the Zone
+ Signing Key.
+
+ new DNSKEY: DNSKEY 11 is introduced into the key set. Note that no
+ signatures are generated with this key yet, but this does not
+ secure against brute force attacks on the public key. The minimum
+ duration of this pre-roll phase is the time it takes for the data
+ to propagate to the authoritative servers plus TTL value of the
+ key set.
+
+ new RRSIGs: At the "new RRSIGs" stage (SOA serial 2), DNSKEY 11 is
+ used to sign the data in the zone exclusively (i.e., all the
+ signatures from DNSKEY 10 are removed from the zone). DNSKEY 10
+ remains published in the key set. This way data that was loaded
+
+
+
+Kolkman & Gieben Informational [Page 15]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ into caches from version 1 of the zone can still be verified with
+ key sets fetched from version 2 of the zone. The minimum time
+ that the key set including DNSKEY 10 is to be published is the
+ time that it takes for zone data from the previous version of the
+ zone to expire from old caches, i.e., the time it takes for this
+ zone to propagate to all authoritative servers plus the Maximum
+ Zone TTL value of any of the data in the previous version of the
+ zone.
+
+ DNSKEY removal: DNSKEY 10 is removed from the zone. The key set, now
+ only containing DNSKEY 1 and DNSKEY 11, is re-signed with the
+ DNSKEY 1.
+
+ The above scheme can be simplified by always publishing the "future"
+ key immediately after the rollover. The scheme would look as follows
+ (we show two rollovers); the future key is introduced in "new DNSKEY"
+ as DNSKEY 12 and again a newer one, numbered 13, in "new DNSKEY
+ (II)":
+
+ ----------------------------------------------------------------
+ initial new RRSIGs new DNSKEY
+ ----------------------------------------------------------------
+ SOA0 SOA1 SOA2
+ RRSIG10(SOA0) RRSIG11(SOA1) RRSIG11(SOA2)
+
+ DNSKEY1 DNSKEY1 DNSKEY1
+ DNSKEY10 DNSKEY10 DNSKEY11
+ DNSKEY11 DNSKEY11 DNSKEY12
+ RRSIG1(DNSKEY) RRSIG1 (DNSKEY) RRSIG1(DNSKEY)
+ RRSIG10(DNSKEY) RRSIG11(DNSKEY) RRSIG11(DNSKEY)
+ ----------------------------------------------------------------
+
+ ----------------------------------------------------------------
+ new RRSIGs (II) new DNSKEY (II)
+ ----------------------------------------------------------------
+ SOA3 SOA4
+ RRSIG12(SOA3) RRSIG12(SOA4)
+
+ DNSKEY1 DNSKEY1
+ DNSKEY11 DNSKEY12
+ DNSKEY12 DNSKEY13
+ RRSIG1(DNSKEY) RRSIG1(DNSKEY)
+ RRSIG12(DNSKEY) RRSIG12(DNSKEY)
+ ----------------------------------------------------------------
+
+ Pre-Publish Key Rollover, Showing Two Rollovers
+
+
+
+
+
+Kolkman & Gieben Informational [Page 16]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ Note that the key introduced in the "new DNSKEY" phase is not used
+ for production yet; the private key can thus be stored in a
+ physically secure manner and does not need to be 'fetched' every time
+ a zone needs to be signed.
+
+4.2.1.2. Double Signature Zone Signing Key Rollover
+
+ This section shows how to perform a ZSK key rollover using the double
+ zone data signature scheme, aptly named "double signature rollover".
+
+ During the "new DNSKEY" stage the new version of the zone file will
+ need to propagate to all authoritative servers and the data that
+ exists in (distant) caches will need to expire, requiring at least
+ the Maximum Zone TTL.
+
+ Double signature ZSK rollover involves three stages as follows:
+
+ ----------------------------------------------------------------
+ initial new DNSKEY DNSKEY removal
+ ----------------------------------------------------------------
+ SOA0 SOA1 SOA2
+ RRSIG10(SOA0) RRSIG10(SOA1) RRSIG11(SOA2)
+ RRSIG11(SOA1)
+
+ DNSKEY1 DNSKEY1 DNSKEY1
+ DNSKEY10 DNSKEY10 DNSKEY11
+ DNSKEY11
+ RRSIG1(DNSKEY) RRSIG1(DNSKEY) RRSIG1(DNSKEY)
+ RRSIG10(DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY)
+ RRSIG11(DNSKEY)
+ ----------------------------------------------------------------
+
+ Double Signature Zone Signing Key Rollover
+
+ initial: Initial Version of the zone: DNSKEY 1 is the Key Signing
+ Key. DNSKEY 10 is used to sign all the data of the zone, the Zone
+ Signing Key.
+
+ new DNSKEY: At the "New DNSKEY" stage (SOA serial 1) DNSKEY 11 is
+ introduced into the key set and all the data in the zone is signed
+ with DNSKEY 10 and DNSKEY 11. The rollover period will need to
+ continue until all data from version 0 of the zone has expired
+ from remote caches. This will take at least the Maximum Zone TTL
+ of version 0 of the zone.
+
+ DNSKEY removal: DNSKEY 10 is removed from the zone. All the
+ signatures from DNSKEY 10 are removed from the zone. The key set,
+ now only containing DNSKEY 11, is re-signed with DNSKEY 1.
+
+
+
+Kolkman & Gieben Informational [Page 17]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ At every instance, RRSIGs from the previous version of the zone can
+ be verified with the DNSKEY RRSet from the current version and the
+ other way around. The data from the current version can be verified
+ with the data from the previous version of the zone. The duration of
+ the "new DNSKEY" phase and the period between rollovers should be at
+ least the Maximum Zone TTL.
+
+ Making sure that the "new DNSKEY" phase lasts until the signature
+ expiration time of the data in initial version of the zone is
+ recommended. This way all caches are cleared of the old signatures.
+ However, this duration could be considerably longer than the Maximum
+ Zone TTL, making the rollover a lengthy procedure.
+
+ Note that in this example we assumed that the zone was not modified
+ during the rollover. New data can be introduced in the zone as long
+ as it is signed with both keys.
+
+4.2.1.3. Pros and Cons of the Schemes
+
+ Pre-publish key rollover: This rollover does not involve signing the
+ zone data twice. Instead, before the actual rollover, the new key
+ is published in the key set and thus is available for
+ cryptanalysis attacks. A small disadvantage is that this process
+ requires four steps. Also the pre-publish scheme involves more
+ parental work when used for KSK rollovers as explained in Section
+ 4.2.3.
+
+ Double signature ZSK rollover: The drawback of this signing scheme is
+ that during the rollover the number of signatures in your zone
+ doubles; this may be prohibitive if you have very big zones. An
+ advantage is that it only requires three steps.
+
+4.2.2. Key Signing Key Rollovers
+
+ For the rollover of a Key Signing Key, the same considerations as for
+ the rollover of a Zone Signing Key apply. However, we can use a
+ double signature scheme to guarantee that old data (only the apex key
+ set) in caches can be verified with a new key set and vice versa.
+ Since only the key set is signed with a KSK, zone size considerations
+ do not apply.
+
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 18]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ --------------------------------------------------------------------
+ initial new DNSKEY DS change DNSKEY removal
+ --------------------------------------------------------------------
+ Parent:
+ SOA0 --------> SOA1 -------->
+ RRSIGpar(SOA0) --------> RRSIGpar(SOA1) -------->
+ DS1 --------> DS2 -------->
+ RRSIGpar(DS) --------> RRSIGpar(DS) -------->
+
+
+ Child:
+ SOA0 SOA1 --------> SOA2
+ RRSIG10(SOA0) RRSIG10(SOA1) --------> RRSIG10(SOA2)
+ -------->
+ DNSKEY1 DNSKEY1 --------> DNSKEY2
+ DNSKEY2 -------->
+ DNSKEY10 DNSKEY10 --------> DNSKEY10
+ RRSIG1 (DNSKEY) RRSIG1 (DNSKEY) --------> RRSIG2 (DNSKEY)
+ RRSIG2 (DNSKEY) -------->
+ RRSIG10(DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY)
+ --------------------------------------------------------------------
+
+ Stages of Deployment for a Double Signature Key Signing Key Rollover
+
+ initial: Initial version of the zone. The parental DS points to
+ DNSKEY1. Before the rollover starts, the child will have to
+ verify what the TTL is of the DS RR that points to DNSKEY1 -- it
+ is needed during the rollover and we refer to the value as TTL_DS.
+
+ new DNSKEY: During the "new DNSKEY" phase, the zone administrator
+ generates a second KSK, DNSKEY2. The key is provided to the
+ parent, and the child will have to wait until a new DS RR has been
+ generated that points to DNSKEY2. After that DS RR has been
+ published on all servers authoritative for the parent's zone, the
+ zone administrator has to wait at least TTL_DS to make sure that
+ the old DS RR has expired from caches.
+
+ DS change: The parent replaces DS1 with DS2.
+
+ DNSKEY removal: DNSKEY1 has been removed.
+
+ The scenario above puts the responsibility for maintaining a valid
+ chain of trust with the child. It also is based on the premise that
+ the parent only has one DS RR (per algorithm) per zone. An
+ alternative mechanism has been considered. Using an established
+ trust relation, the interaction can be performed in-band, and the
+ removal of the keys by the child can possibly be signaled by the
+ parent. In this mechanism, there are periods where there are two DS
+
+
+
+Kolkman & Gieben Informational [Page 19]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ RRs at the parent. Since at the moment of writing the protocol for
+ this interaction has not been developed, further discussion is out of
+ scope for this document.
+
+4.2.3. Difference Between ZSK and KSK Rollovers
+
+ Note that KSK rollovers and ZSK rollovers are different in the sense
+ that a KSK rollover requires interaction with the parent (and
+ possibly replacing of trust anchors) and the ensuing delay while
+ waiting for it.
+
+ A zone key rollover can be handled in two different ways: pre-publish
+ (Section 4.2.1.1) and double signature (Section 4.2.1.2).
+
+ As the KSK is used to validate the key set and because the KSK is not
+ changed during a ZSK rollover, a cache is able to validate the new
+ key set of the zone. The pre-publish method would also work for a
+ KSK rollover. The records that are to be pre-published are the
+ parental DS RRs. The pre-publish method has some drawbacks for KSKs.
+ We first describe the rollover scheme and then indicate these
+ drawbacks.
+
+ --------------------------------------------------------------------
+ initial new DS new DNSKEY DS/DNSKEY removal
+ --------------------------------------------------------------------
+ Parent:
+ SOA0 SOA1 --------> SOA2
+ RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2)
+ DS1 DS1 --------> DS2
+ DS2 -------->
+ RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS)
+
+
+ Child:
+ SOA0 --------> SOA1 SOA1
+ RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1)
+ -------->
+ DNSKEY1 --------> DNSKEY2 DNSKEY2
+ -------->
+ DNSKEY10 --------> DNSKEY10 DNSKEY10
+ RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY)
+ RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY)
+ --------------------------------------------------------------------
+
+ Stages of Deployment for a Pre-Publish Key Signing Key Rollover
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 20]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ When the child zone wants to roll, it notifies the parent during the
+ "new DS" phase and submits the new key (or the corresponding DS) to
+ the parent. The parent publishes DS1 and DS2, pointing to DNSKEY1
+ and DNSKEY2, respectively. During the rollover ("new DNSKEY" phase),
+ which can take place as soon as the new DS set propagated through the
+ DNS, the child replaces DNSKEY1 with DNSKEY2. Immediately after that
+ ("DS/DNSKEY removal" phase), it can notify the parent that the old DS
+ record can be deleted.
+
+ The drawbacks of this scheme are that during the "new DS" phase the
+ parent cannot verify the match between the DS2 RR and DNSKEY2 using
+ the DNS -- as DNSKEY2 is not yet published. Besides, we introduce a
+ "security lame" key (see Section 4.4.3). Finally, the child-parent
+ interaction consists of two steps. The "double signature" method
+ only needs one interaction.
+
+4.2.4. Automated Key Rollovers
+
+ As keys must be renewed periodically, there is some motivation to
+ automate the rollover process. Consider the following:
+
+ o ZSK rollovers are easy to automate as only the child zone is
+ involved.
+
+ o A KSK rollover needs interaction between parent and child. Data
+ exchange is needed to provide the new keys to the parent;
+ consequently, this data must be authenticated and integrity must
+ be guaranteed in order to avoid attacks on the rollover.
+
+4.3. Planning for Emergency Key Rollover
+
+ This section deals with preparation for a possible key compromise.
+ Our advice is to have a documented procedure ready for when a key
+ compromise is suspected or confirmed.
+
+ When the private material of one of your keys is compromised it can
+ be used for as long as a valid trust chain exists. A trust chain
+ remains intact for
+
+ o as long as a signature over the compromised key in the trust chain
+ is valid,
+
+ o as long as a parental DS RR (and signature) points to the
+ compromised key,
+
+ o as long as the key is anchored in a resolver and is used as a
+ starting point for validation (this is generally the hardest to
+ update).
+
+
+
+Kolkman & Gieben Informational [Page 21]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ While a trust chain to your compromised key exists, your namespace is
+ vulnerable to abuse by anyone who has obtained illegitimate
+ possession of the key. Zone operators have to make a trade-off if
+ the abuse of the compromised key is worse than having data in caches
+ that cannot be validated. If the zone operator chooses to break the
+ trust chain to the compromised key, data in caches signed with this
+ key cannot be validated. However, if the zone administrator chooses
+ to take the path of a regular rollover, the malicious key holder can
+ spoof data so that it appears to be valid.
+
+4.3.1. KSK Compromise
+
+ A zone containing a DNSKEY RRSet with a compromised KSK is vulnerable
+ as long as the compromised KSK is configured as trust anchor or a
+ parental DS points to it.
+
+ A compromised KSK can be used to sign the key set of an attacker's
+ zone. That zone could be used to poison the DNS.
+
+ Therefore, when the KSK has been compromised, the trust anchor or the
+ parental DS should be replaced as soon as possible. It is local
+ policy whether to break the trust chain during the emergency
+ rollover. The trust chain would be broken when the compromised KSK
+ is removed from the child's zone while the parent still has a DS
+ pointing to the compromised KSK (the assumption is that there is only
+ one DS at the parent. If there are multiple DSes this does not apply
+ -- however the chain of trust of this particular key is broken).
+
+ Note that an attacker's zone still uses the compromised KSK and the
+ presence of a parental DS would cause the data in this zone to appear
+ as valid. Removing the compromised key would cause the attacker's
+ zone to appear as valid and the child's zone as Bogus. Therefore, we
+ advise not to remove the KSK before the parent has a DS to a new KSK
+ in place.
+
+4.3.1.1. Keeping the Chain of Trust Intact
+
+ If we follow this advice, the timing of the replacement of the KSK is
+ somewhat critical. The goal is to remove the compromised KSK as soon
+ as the new DS RR is available at the parent. And also make sure that
+ the signature made with a new KSK over the key set with the
+ compromised KSK in it expires just after the new DS appears at the
+ parent, thus removing the old cruft in one swoop.
+
+ The procedure is as follows:
+
+ 1. Introduce a new KSK into the key set, keep the compromised KSK in
+ the key set.
+
+
+
+Kolkman & Gieben Informational [Page 22]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ 2. Sign the key set, with a short validity period. The validity
+ period should expire shortly after the DS is expected to appear
+ in the parent and the old DSes have expired from caches.
+
+ 3. Upload the DS for this new key to the parent.
+
+ 4. Follow the procedure of the regular KSK rollover: Wait for the DS
+ to appear in the authoritative servers and then wait as long as
+ the TTL of the old DS RRs. If necessary re-sign the DNSKEY RRSet
+ and modify/extend the expiration time.
+
+ 5. Remove the compromised DNSKEY RR from the zone and re-sign the
+ key set using your "normal" validity interval.
+
+ An additional danger of a key compromise is that the compromised key
+ could be used to facilitate a legitimate DNSKEY/DS rollover and/or
+ nameserver changes at the parent. When that happens, the domain may
+ be in dispute. An authenticated out-of-band and secure notify
+ mechanism to contact a parent is needed in this case.
+
+ Note that this is only a problem when the DNSKEY and or DS records
+ are used for authentication at the parent.
+
+4.3.1.2. Breaking the Chain of Trust
+
+ There are two methods to break the chain of trust. The first method
+ causes the child zone to appear 'Bogus' to validating resolvers. The
+ other causes the child zone to appear 'insecure'. These are
+ described below.
+
+ In the method that causes the child zone to appear 'Bogus' to
+ validating resolvers, the child zone replaces the current KSK with a
+ new one and re-signs the key set. Next it sends the DS of the new
+ key to the parent. Only after the parent has placed the new DS in
+ the zone is the child's chain of trust repaired.
+
+ An alternative method of breaking the chain of trust is by removing
+ the DS RRs from the parent zone altogether. As a result, the child
+ zone would become insecure.
+
+4.3.2. ZSK Compromise
+
+ Primarily because there is no parental interaction required when a
+ ZSK is compromised, the situation is less severe than with a KSK
+ compromise. The zone must still be re-signed with a new ZSK as soon
+ as possible. As this is a local operation and requires no
+ communication between the parent and child, this can be achieved
+ fairly quickly. However, one has to take into account that just as
+
+
+
+Kolkman & Gieben Informational [Page 23]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ with a normal rollover the immediate disappearance of the old
+ compromised key may lead to verification problems. Also note that as
+ long as the RRSIG over the compromised ZSK is not expired the zone
+ may be still at risk.
+
+4.3.3. Compromises of Keys Anchored in Resolvers
+
+ A key can also be pre-configured in resolvers. For instance, if
+ DNSSEC is successfully deployed the root key may be pre-configured in
+ most security aware resolvers.
+
+ If trust-anchor keys are compromised, the resolvers using these keys
+ should be notified of this fact. Zone administrators may consider
+ setting up a mailing list to communicate the fact that a SEP key is
+ about to be rolled over. This communication will of course need to
+ be authenticated, e.g., by using digital signatures.
+
+ End-users faced with the task of updating an anchored key should
+ always validate the new key. New keys should be authenticated out-
+ of-band, for example, through the use of an announcement website that
+ is secured using secure sockets (TLS) [21].
+
+4.4. Parental Policies
+
+4.4.1. Initial Key Exchanges and Parental Policies Considerations
+
+ The initial key exchange is always subject to the policies set by the
+ parent. When designing a key exchange policy one should take into
+ account that the authentication and authorization mechanisms used
+ during a key exchange should be as strong as the authentication and
+ authorization mechanisms used for the exchange of delegation
+ information between parent and child. That is, there is no implicit
+ need in DNSSEC to make the authentication process stronger than it
+ was in DNS.
+
+ Using the DNS itself as the source for the actual DNSKEY material,
+ with an out-of-band check on the validity of the DNSKEY, has the
+ benefit that it reduces the chances of user error. A DNSKEY query
+ tool can make use of the SEP bit [3] to select the proper key from a
+ DNSSEC key set, thereby reducing the chance that the wrong DNSKEY is
+ sent. It can validate the self-signature over a key; thereby
+ verifying the ownership of the private key material. Fetching the
+ DNSKEY from the DNS ensures that the chain of trust remains intact
+ once the parent publishes the DS RR indicating the child is secure.
+
+ Note: the out-of-band verification is still needed when the key
+ material is fetched via the DNS. The parent can never be sure
+ whether or not the DNSKEY RRs have been spoofed.
+
+
+
+Kolkman & Gieben Informational [Page 24]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+4.4.2. Storing Keys or Hashes?
+
+ When designing a registry system one should consider which of the
+ DNSKEYs and/or the corresponding DSes to store. Since a child zone
+ might wish to have a DS published using a message digest algorithm
+ not yet understood by the registry, the registry can't count on being
+ able to generate the DS record from a raw DNSKEY. Thus, we recommend
+ that registry systems at least support storing DS records.
+
+ It may also be useful to store DNSKEYs, since having them may help
+ during troubleshooting and, as long as the child's chosen message
+ digest is supported, the overhead of generating DS records from them
+ is minimal. Having an out-of-band mechanism, such as a registry
+ directory (e.g., Whois), to find out which keys are used to generate
+ DS Resource Records for specific owners and/or zones may also help
+ with troubleshooting.
+
+ The storage considerations also relate to the design of the customer
+ interface and the method by which data is transferred between
+ registrant and registry; Will the child zone administrator be able to
+ upload DS RRs with unknown hash algorithms or does the interface only
+ allow DNSKEYs? In the registry-registrar model, one can use the
+ DNSSEC extensions to the Extensible Provisioning Protocol (EPP) [15],
+ which allows transfer of DS RRs and optionally DNSKEY RRs.
+
+4.4.3. Security Lameness
+
+ Security lameness is defined as what happens when a parent has a DS
+ RR pointing to a non-existing DNSKEY RR. When this happens, the
+ child's zone may be marked "Bogus" by verifying DNS clients.
+
+ As part of a comprehensive delegation check, the parent could, at key
+ exchange time, verify that the child's key is actually configured in
+ the DNS. However, if a parent does not understand the hashing
+ algorithm used by child, the parental checks are limited to only
+ comparing the key id.
+
+ Child zones should be very careful in removing DNSKEY material,
+ specifically SEP keys, for which a DS RR exists.
+
+ Once a zone is "security lame", a fix (e.g., removing a DS RR) will
+ take time to propagate through the DNS.
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 25]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+4.4.4. DS Signature Validity Period
+
+ Since the DS can be replayed as long as it has a valid signature, a
+ short signature validity period over the DS minimizes the time a
+ child is vulnerable in the case of a compromise of the child's
+ KSK(s). A signature validity period that is too short introduces the
+ possibility that a zone is marked "Bogus" in case of a configuration
+ error in the signer. There may not be enough time to fix the
+ problems before signatures expire. Something as mundane as operator
+ unavailability during weekends shows the need for DS signature
+ validity periods longer than 2 days. We recommend an absolute
+ minimum for a DS signature validity period of a few days.
+
+ The maximum signature validity period of the DS record depends on how
+ long child zones are willing to be vulnerable after a key compromise.
+ On the other hand, shortening the DS signature validity interval
+ increases the operational risk for the parent. Therefore, the parent
+ may have policy to use a signature validity interval that is
+ considerably longer than the child would hope for.
+
+ A compromise between the operational constraints of the parent and
+ minimizing damage for the child may result in a DS signature validity
+ period somewhere between a week and months.
+
+ In addition to the signature validity period, which sets a lower
+ bound on the number of times the zone owner will need to sign the
+ zone data and which sets an upper bound to the time a child is
+ vulnerable after key compromise, there is the TTL value on the DS
+ RRs. Shortening the TTL means that the authoritative servers will
+ see more queries. But on the other hand, a short TTL lowers the
+ persistence of DS RRSets in caches thereby increasing the speed with
+ which updated DS RRSets propagate through the DNS.
+
+5. Security Considerations
+
+ DNSSEC adds data integrity to the DNS. This document tries to assess
+ the operational considerations to maintain a stable and secure DNSSEC
+ service. Not taking into account the 'data propagation' properties
+ in the DNS will cause validation failures and may make secured zones
+ unavailable to security-aware resolvers.
+
+6. Acknowledgments
+
+ Most of the ideas in this document were the result of collective
+ efforts during workshops, discussions, and tryouts.
+
+ At the risk of forgetting individuals who were the original
+ contributors of the ideas, we would like to acknowledge people who
+
+
+
+Kolkman & Gieben Informational [Page 26]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ were actively involved in the compilation of this document. In
+ random order: Rip Loomis, Olafur Gudmundsson, Wesley Griffin, Michael
+ Richardson, Scott Rose, Rick van Rein, Tim McGinnis, Gilles Guette
+ Olivier Courtay, Sam Weiler, Jelte Jansen, Niall O'Reilly, Holger
+ Zuleger, Ed Lewis, Hilarie Orman, Marcos Sanz, and Peter Koch.
+
+ Some material in this document has been copied from RFC 2541 [12].
+
+ Mike StJohns designed the key exchange between parent and child
+ mentioned in the last paragraph of Section 4.2.2
+
+ Section 4.2.4 was supplied by G. Guette and O. Courtay.
+
+ Emma Bretherick, Adrian Bedford, and Lindy Foster corrected many of
+ the spelling and style issues.
+
+ Kolkman and Gieben take the blame for introducing all miscakes (sic).
+
+ While working on this document, Kolkman was employed by the RIPE NCC
+ and Gieben was employed by NLnet Labs.
+
+7. References
+
+7.1. Normative References
+
+ [1] Mockapetris, P., "Domain names - concepts and facilities", STD
+ 13, RFC 1034, November 1987.
+
+ [2] Mockapetris, P., "Domain names - implementation and
+ specification", STD 13, RFC 1035, November 1987.
+
+ [3] Kolkman, O., Schlyter, J., and E. Lewis, "Domain Name System
+ KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP)
+ Flag", RFC 3757, May 2004.
+
+ [4] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "DNS Security Introduction and Requirements", RFC 4033, March
+ 2005.
+
+ [5] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Resource Records for the DNS Security Extensions", RFC 4034,
+ March 2005.
+
+ [6] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
+ "Protocol Modifications for the DNS Security Extensions", RFC
+ 4035, March 2005.
+
+
+
+
+
+Kolkman & Gieben Informational [Page 27]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+7.2. Informative References
+
+ [7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [8] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, August
+ 1996.
+
+ [9] Vixie, P., "A Mechanism for Prompt Notification of Zone Changes
+ (DNS NOTIFY)", RFC 1996, August 1996.
+
+ [10] Wellington, B., "Secure Domain Name System (DNS) Dynamic
+ Update", RFC 3007, November 2000.
+
+ [11] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)",
+ RFC 2308, March 1998.
+
+ [12] Eastlake, D., "DNS Security Operational Considerations", RFC
+ 2541, March 1999.
+
+ [13] Orman, H. and P. Hoffman, "Determining Strengths For Public
+ Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766,
+ April 2004.
+
+ [14] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
+ Requirements for Security", BCP 106, RFC 4086, June 2005.
+
+ [15] Hollenbeck, S., "Domain Name System (DNS) Security Extensions
+ Mapping for the Extensible Provisioning Protocol (EPP)", RFC
+ 4310, December 2005.
+
+ [16] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key
+ Sizes", The Journal of Cryptology 14 (255-293), 2001.
+
+ [17] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and
+ Source Code in C", ISBN (hardcover) 0-471-12845-7, ISBN
+ (paperback) 0-471-59756-2, Published by John Wiley & Sons Inc.,
+ 1996.
+
+ [18] Rose, S., "NIST DNSSEC workshop notes", June 2001.
+
+ [19] Jansen, J., "Use of RSA/SHA-256 DNSKEY and RRSIG Resource
+ Records in DNSSEC", Work in Progress, January 2006.
+
+ [20] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS)
+ Resource Records (RRs)", RFC 4509, May 2006.
+
+
+
+
+
+Kolkman & Gieben Informational [Page 28]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ [21] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and
+ T. Wright, "Transport Layer Security (TLS) Extensions", RFC
+ 4366, April 2006.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 29]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+Appendix A. Terminology
+
+ In this document, there is some jargon used that is defined in other
+ documents. In most cases, we have not copied the text from the
+ documents defining the terms but have given a more elaborate
+ explanation of the meaning. Note that these explanations should not
+ be seen as authoritative.
+
+ Anchored key: A DNSKEY configured in resolvers around the globe.
+ This key is hard to update, hence the term anchored.
+
+ Bogus: Also see Section 5 of [4]. An RRSet in DNSSEC is marked
+ "Bogus" when a signature of an RRSet does not validate against a
+ DNSKEY.
+
+ Key Signing Key or KSK: A Key Signing Key (KSK) is a key that is used
+ exclusively for signing the apex key set. The fact that a key is
+ a KSK is only relevant to the signing tool.
+
+ Key size: The term 'key size' can be substituted by 'modulus size'
+ throughout the document. It is mathematically more correct to use
+ modulus size, but as this is a document directed at operators we
+ feel more at ease with the term key size.
+
+ Private and public keys: DNSSEC secures the DNS through the use of
+ public key cryptography. Public key cryptography is based on the
+ existence of two (mathematically related) keys, a public key and a
+ private key. The public keys are published in the DNS by use of
+ the DNSKEY Resource Record (DNSKEY RR). Private keys should
+ remain private.
+
+ Key rollover: A key rollover (also called key supercession in some
+ environments) is the act of replacing one key pair with another at
+ the end of a key effectivity period.
+
+ Secure Entry Point (SEP) key: A KSK that has a parental DS record
+ pointing to it or is configured as a trust anchor. Although not
+ required by the protocol, we recommend that the SEP flag [3] is
+ set on these keys.
+
+ Self-signature: This only applies to signatures over DNSKEYs; a
+ signature made with DNSKEY x, over DNSKEY x is called a self-
+ signature. Note: without further information, self-signatures
+ convey no trust. They are useful to check the authenticity of the
+ DNSKEY, i.e., they can be used as a hash.
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 30]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ Singing the zone file: The term used for the event where an
+ administrator joyfully signs its zone file while producing melodic
+ sound patterns.
+
+ Signer: The system that has access to the private key material and
+ signs the Resource Record sets in a zone. A signer may be
+ configured to sign only parts of the zone, e.g., only those RRSets
+ for which existing signatures are about to expire.
+
+ Zone Signing Key (ZSK): A key that is used for signing all data in a
+ zone. The fact that a key is a ZSK is only relevant to the
+ signing tool.
+
+ Zone administrator: The 'role' that is responsible for signing a zone
+ and publishing it on the primary authoritative server.
+
+Appendix B. Zone Signing Key Rollover How-To
+
+ Using the pre-published signature scheme and the most conservative
+ method to assure oneself that data does not live in caches, here
+ follows the "how-to".
+
+ Step 0: The preparation: Create two keys and publish both in your key
+ set. Mark one of the keys "active" and the other "published".
+ Use the "active" key for signing your zone data. Store the
+ private part of the "published" key, preferably off-line. The
+ protocol does not provide for attributes to mark a key as active
+ or published. This is something you have to do on your own,
+ through the use of a notebook or key management tool.
+
+ Step 1: Determine expiration: At the beginning of the rollover make a
+ note of the highest expiration time of signatures in your zone
+ file created with the current key marked as active. Wait until
+ the expiration time marked in Step 1 has passed.
+
+ Step 2: Then start using the key that was marked "published" to sign
+ your data (i.e., mark it "active"). Stop using the key that was
+ marked "active"; mark it "rolled".
+
+ Step 3: It is safe to engage in a new rollover (Step 1) after at
+ least one signature validity period.
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 31]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+Appendix C. Typographic Conventions
+
+ The following typographic conventions are used in this document:
+
+ Key notation: A key is denoted by DNSKEYx, where x is a number or an
+ identifier, x could be thought of as the key id.
+
+ RRSet notations: RRs are only denoted by the type. All other
+ information -- owner, class, rdata, and TTL--is left out. Thus:
+ "example.com 3600 IN A 192.0.2.1" is reduced to "A". RRSets are a
+ list of RRs. A example of this would be "A1, A2", specifying the
+ RRSet containing two "A" records. This could again be abbreviated to
+ just "A".
+
+ Signature notation: Signatures are denoted as RRSIGx(RRSet), which
+ means that RRSet is signed with DNSKEYx.
+
+ Zone representation: Using the above notation we have simplified the
+ representation of a signed zone by leaving out all unnecessary
+ details such as the names and by representing all data by "SOAx"
+
+ SOA representation: SOAs are represented as SOAx, where x is the
+ serial number.
+
+ Using this notation the following signed zone:
+
+ example.net. 86400 IN SOA ns.example.net. bert.example.net. (
+ 2006022100 ; serial
+ 86400 ; refresh ( 24 hours)
+ 7200 ; retry ( 2 hours)
+ 3600000 ; expire (1000 hours)
+ 28800 ) ; minimum ( 8 hours)
+ 86400 RRSIG SOA 5 2 86400 20130522213204 (
+ 20130422213204 14 example.net.
+ cmL62SI6iAX46xGNQAdQ... )
+ 86400 NS a.iana-servers.net.
+ 86400 NS b.iana-servers.net.
+ 86400 RRSIG NS 5 2 86400 20130507213204 (
+ 20130407213204 14 example.net.
+ SO5epiJei19AjXoUpFnQ ... )
+ 86400 DNSKEY 256 3 5 (
+ EtRB9MP5/AvOuVO0I8XDxy0... ) ; id = 14
+ 86400 DNSKEY 257 3 5 (
+ gsPW/Yy19GzYIY+Gnr8HABU... ) ; id = 15
+ 86400 RRSIG DNSKEY 5 2 86400 20130522213204 (
+ 20130422213204 14 example.net.
+ J4zCe8QX4tXVGjV4e1r9... )
+
+
+
+
+Kolkman & Gieben Informational [Page 32]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+ 86400 RRSIG DNSKEY 5 2 86400 20130522213204 (
+ 20130422213204 15 example.net.
+ keVDCOpsSeDReyV6O... )
+ 86400 RRSIG NSEC 5 2 86400 20130507213204 (
+ 20130407213204 14 example.net.
+ obj3HEp1GjnmhRjX... )
+ a.example.net. 86400 IN TXT "A label"
+ 86400 RRSIG TXT 5 3 86400 20130507213204 (
+ 20130407213204 14 example.net.
+ IkDMlRdYLmXH7QJnuF3v... )
+ 86400 NSEC b.example.com. TXT RRSIG NSEC
+ 86400 RRSIG NSEC 5 3 86400 20130507213204 (
+ 20130407213204 14 example.net.
+ bZMjoZ3bHjnEz0nIsPMM... )
+ ...
+
+ is reduced to the following representation:
+
+ SOA2006022100
+ RRSIG14(SOA2006022100)
+ DNSKEY14
+ DNSKEY15
+
+ RRSIG14(KEY)
+ RRSIG15(KEY)
+
+ The rest of the zone data has the same signature as the SOA record,
+ i.e., an RRSIG created with DNSKEY 14.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 33]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+Authors' Addresses
+
+ Olaf M. Kolkman
+ NLnet Labs
+ Kruislaan 419
+ Amsterdam 1098 VA
+ The Netherlands
+
+ EMail: olaf@nlnetlabs.nl
+ URI: http://www.nlnetlabs.nl
+
+
+ R. (Miek) Gieben
+
+ EMail: miek@miek.nl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 34]
+
+RFC 4641 DNSSEC Operational Practices September 2006
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2006).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+Kolkman & Gieben Informational [Page 35]
+
diff --git a/doc/xsl/isc-manpage.xsl.in b/doc/xsl/isc-manpage.xsl.in
index e540e942..20fc1d0a 100644
--- a/doc/xsl/isc-manpage.xsl.in
+++ b/doc/xsl/isc-manpage.xsl.in
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: isc-manpage.xsl.in,v 1.4.2.3 2005/09/12 00:07:03 marka Exp $ -->
+<!-- $Id: isc-manpage.xsl.in,v 1.4.2.5 2007/01/27 00:22:46 marka Exp $ -->
<!-- ISC customizations for Docbook-XSL manual page generator. -->
@@ -52,6 +52,7 @@
- disable chunking, and suppress output of .so files.
-->
<xsl:template name="write.text.chunk">
+ <xsl:param name="content"/>
<xsl:if test="substring($content, 1, 4) != '.so ' or
substring-after($content, '&#10;') != ''">
<xsl:call-template name="isc.no.blanks">
diff --git a/lib/bind/api b/lib/bind/api
index 8632b125..d4b1ecd3 100644
--- a/lib/bind/api
+++ b/lib/bind/api
@@ -1,3 +1,3 @@
LIBINTERFACE = 4
-LIBREVISION = 7
+LIBREVISION = 9
LIBAGE = 0
diff --git a/lib/bind/config.h.in b/lib/bind/config.h.in
index c4d88d34..69ea2854 100644
--- a/lib/bind/config.h.in
+++ b/lib/bind/config.h.in
@@ -11,6 +11,8 @@
#undef POSIX_GETPWNAM_R
#undef POSIX_GETGRGID_R
#undef POSIX_GETGRNAM_R
+#undef HAVE_MEMMOVE
+#undef HAVE_MEMCHR
#undef NEED_SETGROUPENT
#undef NEED_GETGROUPLIST
@@ -38,6 +40,7 @@
#undef HAS_PW_CLASS
+#undef ssize_t
#undef uintptr_t
/* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
diff --git a/lib/bind/configure b/lib/bind/configure
index 2956b2c3..002120e5 100755
--- a/lib/bind/configure
+++ b/lib/bind/configure
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.in Revision: 1.83.2.36 .
+# From configure.in Revision: 1.83.2.40 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
@@ -464,7 +464,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_PLATFORM_NEEDSYSSELECTH WANT_IRS_GR WANT_IRS_GR_OBJS WANT_IRS_PW WANT_IRS_PW_OBJS WANT_IRS_NIS WANT_IRS_NIS_OBJS WANT_IRS_NISGR_OBJS WANT_IRS_NISPW_OBJS WANT_IRS_DBPW_OBJS ALWAYS_DEFINES DO_PTHREADS WANT_IRS_THREADSGR_OBJS WANT_IRS_THREADSPW_OBJS WANT_IRS_THREADS_OBJS WANT_THREADS_OBJS USE_IFNAMELINKID ISC_THREAD_DIR DAEMON_OBJS NEED_DAEMON STRSEP_OBJS NEED_STRSEP NEED_STRERROR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK HAS_INET6_STRUCTS ISC_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H HAS_IN_ADDR6 NEED_IN6ADDR_ANY ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C HAVE_SIN6_SCOPE_ID HAVE_SOCKADDR_STORAGE ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON HAVE_SA_LEN HAVE_MINIMUM_IFREQ BSD_COMP SOLARIS_BITTYPES USE_FIONBIO_IOCTL PORT_NONBLOCK PORT_DIR USE_POLL HAVE_MD5 SOLARIS2 PORT_INCLUDE ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_LWRES_ENDHOSTENTINT ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO NEED_PSELECT NEED_GETTIMEOFDAY HAVE_STRNDUP ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS USE_SYSERROR_LIST ISC_PLATFORM_QUADFORMAT ISC_SOCKLEN_T GETGROUPLIST_ARGS NET_R_ARGS NET_R_BAD NET_R_COPY NET_R_COPY_ARGS NET_R_OK NET_R_SETANSWER NET_R_RETURN GETNETBYADDR_ADDR_T NETENT_DATA NET_R_ENT_ARGS NET_R_SET_RESULT NET_R_SET_RETURN NET_R_END_RESULT NET_R_END_RETURN GROUP_R_ARGS GROUP_R_BAD GROUP_R_OK GROUP_R_RETURN GROUP_R_END_RESULT GROUP_R_END_RETURN GROUP_R_ENT_ARGS GROUP_R_SET_RESULT GROUP_R_SET_RETURN HOST_R_ARGS HOST_R_BAD HOST_R_COPY HOST_R_COPY_ARGS HOST_R_ERRNO HOST_R_OK HOST_R_RETURN HOST_R_SETANSWER HOSTENT_DATA HOST_R_END_RESULT HOST_R_END_RETURN HOST_R_ENT_ARGS HOST_R_SET_RESULT HOST_R_SET_RETURN SETPWENT_VOID SETGRENT_VOID NGR_R_ARGS NGR_R_BAD NGR_R_COPY NGR_R_COPY_ARGS NGR_R_OK NGR_R_RETURN NGR_R_PRIVATE NGR_R_END_RESULT NGR_R_END_RETURN NGR_R_ENT_ARGS NGR_R_SET_RESULT NGR_R_SET_RETURN PROTO_R_ARGS PROTO_R_BAD PROTO_R_COPY PROTO_R_COPY_ARGS PROTO_R_OK PROTO_R_SETANSWER PROTO_R_RETURN PROTOENT_DATA PROTO_R_END_RESULT PROTO_R_END_RETURN PROTO_R_ENT_ARGS PROTO_R_ENT_UNUSED PROTO_R_SET_RESULT PROTO_R_SET_RETURN PASS_R_ARGS PASS_R_BAD PASS_R_COPY PASS_R_COPY_ARGS PASS_R_OK PASS_R_RETURN PASS_R_END_RESULT PASS_R_END_RETURN PASS_R_ENT_ARGS PASS_R_SET_RESULT PASS_R_SET_RETURN SERV_R_ARGS SERV_R_BAD SERV_R_COPY SERV_R_COPY_ARGS SERV_R_OK SERV_R_SETANSWER SERV_R_RETURN SERVENT_DATA SERV_R_END_RESULT SERV_R_END_RETURN SERV_R_ENT_ARGS SERV_R_ENT_UNUSED SERV_R_SET_RESULT SERV_R_SET_RETURN SETNETGRENT_ARGS INNETGR_ARGS BIND9_TOP_BUILDDIR BIND9_VERSION LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os SET_MAKE RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA STD_CINCLUDES STD_CDEFINES STD_CWARNINGS CCOPT AR ARFLAGS LN ETAGS PERL CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP ISC_PLATFORM_NEEDSYSSELECTH WANT_IRS_GR WANT_IRS_GR_OBJS WANT_IRS_PW WANT_IRS_PW_OBJS WANT_IRS_NIS WANT_IRS_NIS_OBJS WANT_IRS_NISGR_OBJS WANT_IRS_NISPW_OBJS WANT_IRS_DBPW_OBJS ALWAYS_DEFINES DO_PTHREADS WANT_IRS_THREADSGR_OBJS WANT_IRS_THREADSPW_OBJS WANT_IRS_THREADS_OBJS WANT_THREADS_OBJS USE_IFNAMELINKID ISC_THREAD_DIR DAEMON_OBJS NEED_DAEMON STRSEP_OBJS NEED_STRSEP NEED_STRERROR MKDEPCC MKDEPCFLAGS MKDEPPROG IRIX_DNSSEC_WARNINGS_HACK purify_path PURIFY LN_S ECHO ac_ct_AR STRIP ac_ct_STRIP CXX CXXFLAGS ac_ct_CXX CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL O A SA LIBTOOL_MKDEP_SED LIBTOOL_MODE_COMPILE LIBTOOL_MODE_INSTALL LIBTOOL_MODE_LINK HAS_INET6_STRUCTS ISC_PLATFORM_NEEDNETINETIN6H ISC_PLATFORM_NEEDNETINET6IN6H HAS_IN_ADDR6 NEED_IN6ADDR_ANY ISC_PLATFORM_HAVEIN6PKTINFO ISC_PLATFORM_FIXIN6ISADDR ISC_IPV6_H ISC_IPV6_O ISC_ISCIPV6_O ISC_IPV6_C HAVE_SIN6_SCOPE_ID HAVE_SOCKADDR_STORAGE ISC_PLATFORM_NEEDNTOP ISC_PLATFORM_NEEDPTON ISC_PLATFORM_NEEDATON HAVE_SA_LEN HAVE_MINIMUM_IFREQ BSD_COMP SOLARIS_BITTYPES USE_FIONBIO_IOCTL PORT_NONBLOCK PORT_DIR USE_POLL HAVE_MD5 SOLARIS2 PORT_INCLUDE ISC_PLATFORM_MSGHDRFLAVOR ISC_PLATFORM_NEEDPORTT ISC_PLATFORM_NEEDTIMESPEC ISC_LWRES_ENDHOSTENTINT ISC_LWRES_SETNETENTINT ISC_LWRES_ENDNETENTINT ISC_LWRES_GETHOSTBYADDRVOID ISC_LWRES_NEEDHERRNO ISC_LWRES_GETIPNODEPROTO ISC_LWRES_GETADDRINFOPROTO ISC_LWRES_GETNAMEINFOPROTO NEED_PSELECT NEED_GETTIMEOFDAY HAVE_STRNDUP ISC_PLATFORM_NEEDSTRSEP ISC_PLATFORM_NEEDVSNPRINTF ISC_EXTRA_OBJS ISC_EXTRA_SRCS USE_SYSERROR_LIST ISC_PLATFORM_QUADFORMAT ISC_SOCKLEN_T GETGROUPLIST_ARGS NET_R_ARGS NET_R_BAD NET_R_COPY NET_R_COPY_ARGS NET_R_OK NET_R_SETANSWER NET_R_RETURN GETNETBYADDR_ADDR_T NETENT_DATA NET_R_ENT_ARGS NET_R_SET_RESULT NET_R_SET_RETURN NET_R_END_RESULT NET_R_END_RETURN GROUP_R_ARGS GROUP_R_BAD GROUP_R_OK GROUP_R_RETURN GROUP_R_END_RESULT GROUP_R_END_RETURN GROUP_R_ENT_ARGS GROUP_R_SET_RESULT GROUP_R_SET_RETURN HOST_R_ARGS HOST_R_BAD HOST_R_COPY HOST_R_COPY_ARGS HOST_R_ERRNO HOST_R_OK HOST_R_RETURN HOST_R_SETANSWER HOSTENT_DATA HOST_R_END_RESULT HOST_R_END_RETURN HOST_R_ENT_ARGS HOST_R_SET_RESULT HOST_R_SET_RETURN SETPWENT_VOID SETGRENT_VOID NGR_R_ARGS NGR_R_BAD NGR_R_COPY NGR_R_COPY_ARGS NGR_R_OK NGR_R_RETURN NGR_R_PRIVATE NGR_R_END_RESULT NGR_R_END_RETURN NGR_R_ENT_ARGS NGR_R_SET_RESULT NGR_R_SET_RETURN PROTO_R_ARGS PROTO_R_BAD PROTO_R_COPY PROTO_R_COPY_ARGS PROTO_R_OK PROTO_R_SETANSWER PROTO_R_RETURN PROTOENT_DATA PROTO_R_END_RESULT PROTO_R_END_RETURN PROTO_R_ENT_ARGS PROTO_R_ENT_UNUSED PROTO_R_SET_RESULT PROTO_R_SET_RETURN PASS_R_ARGS PASS_R_BAD PASS_R_COPY PASS_R_COPY_ARGS PASS_R_OK PASS_R_RETURN PASS_R_END_RESULT PASS_R_END_RETURN PASS_R_ENT_ARGS PASS_R_SET_RESULT PASS_R_SET_RETURN SERV_R_ARGS SERV_R_BAD SERV_R_COPY SERV_R_COPY_ARGS SERV_R_OK SERV_R_SETANSWER SERV_R_RETURN SERVENT_DATA SERV_R_END_RESULT SERV_R_END_RETURN SERV_R_ENT_ARGS SERV_R_ENT_UNUSED SERV_R_SET_RESULT SERV_R_SET_RETURN SETNETGRENT_ARGS INNETGR_ARGS BIND9_TOP_BUILDDIR BIND9_VERSION LIBOBJS LTLIBOBJS'
ac_subst_files='BIND9_INCLUDES BIND9_MAKE_RULES LIBBIND_API'
# Initialize some variables set by options.
@@ -3867,6 +3867,72 @@ _ACEOF
fi
+echo "$as_me:$LINENO: checking for ssize_t" >&5
+echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
+if test "${ac_cv_type_ssize_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+if ((ssize_t *) 0)
+ return 0;
+if (sizeof (ssize_t))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_ssize_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_ssize_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
+echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
+if test $ac_cv_type_ssize_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define ssize_t signed
+_ACEOF
+
+fi
+
echo "$as_me:$LINENO: checking for uintptr_t" >&5
echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6
if test "${ac_cv_type_uintptr_t+set}" = set; then
@@ -6340,6 +6406,200 @@ _ACEOF
fi
+echo "$as_me:$LINENO: checking for memmove" >&5
+echo $ECHO_N "checking for memmove... $ECHO_C" >&6
+if test "${ac_cv_func_memmove+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define memmove to an innocuous variant, in case <limits.h> declares memmove.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define memmove innocuous_memmove
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char memmove (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef memmove
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char memmove ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_memmove) || defined (__stub___memmove)
+choke me
+#else
+char (*f) () = memmove;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != memmove;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_memmove=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_memmove=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_memmove" >&5
+echo "${ECHO_T}$ac_cv_func_memmove" >&6
+if test $ac_cv_func_memmove = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_MEMMOVE 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for memchr" >&5
+echo $ECHO_N "checking for memchr... $ECHO_C" >&6
+if test "${ac_cv_func_memchr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define memchr to an innocuous variant, in case <limits.h> declares memchr.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define memchr innocuous_memchr
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char memchr (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef memchr
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char memchr ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_memchr) || defined (__stub___memchr)
+choke me
+#else
+char (*f) () = memchr;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != memchr;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_memchr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_memchr=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_memchr" >&5
+echo "${ECHO_T}$ac_cv_func_memchr" >&6
+if test $ac_cv_func_memchr = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_MEMCHR 1
+_ACEOF
+
+fi
+
echo "$as_me:$LINENO: checking for if_nametoindex" >&5
echo $ECHO_N "checking for if_nametoindex... $ECHO_C" >&6
@@ -8126,7 +8386,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 8129 "configure"' > conftest.$ac_ext
+ echo '#line 8389 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -9123,7 +9383,7 @@ fi
# Provide some information about the compiler.
-echo "$as_me:9126:" \
+echo "$as_me:9386:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
@@ -10184,11 +10444,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:10187: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10447: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:10191: \$? = $ac_status" >&5
+ echo "$as_me:10451: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -10427,11 +10687,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:10430: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10690: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:10434: \$? = $ac_status" >&5
+ echo "$as_me:10694: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -10487,11 +10747,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:10490: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:10750: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:10494: \$? = $ac_status" >&5
+ echo "$as_me:10754: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -12672,7 +12932,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 12675 "configure"
+#line 12935 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -12770,7 +13030,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 12773 "configure"
+#line 13033 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -14967,11 +15227,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14970: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15230: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:14974: \$? = $ac_status" >&5
+ echo "$as_me:15234: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -15027,11 +15287,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15030: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15290: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:15034: \$? = $ac_status" >&5
+ echo "$as_me:15294: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -16388,7 +16648,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 16391 "configure"
+#line 16651 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -16486,7 +16746,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 16489 "configure"
+#line 16749 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -17323,11 +17583,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17326: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17586: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:17330: \$? = $ac_status" >&5
+ echo "$as_me:17590: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -17383,11 +17643,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17386: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17646: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:17390: \$? = $ac_status" >&5
+ echo "$as_me:17650: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -19422,11 +19682,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:19425: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:19685: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:19429: \$? = $ac_status" >&5
+ echo "$as_me:19689: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -19665,11 +19925,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:19668: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:19928: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:19672: \$? = $ac_status" >&5
+ echo "$as_me:19932: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
@@ -19725,11 +19985,11 @@ else
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:19728: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:19988: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:19732: \$? = $ac_status" >&5
+ echo "$as_me:19992: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -21910,7 +22170,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 21913 "configure"
+#line 22173 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -22008,7 +22268,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 22011 "configure"
+#line 22271 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -23473,10 +23733,22 @@ echo "${ECHO_T}no -- disabling runtime ipv6 support" >&6
ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO"
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+ no)
+ HAS_INET6_STRUCTS="#undef HAS_INET6_STRUCTS"
+ NEED_IN6ADDR_ANY="#undef NEED_IN6ADDR_ANY"
+ ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO"
+ HAVE_SIN6_SCOPE_ID="#define HAVE_SIN6_SCOPE_ID 1"
+ ISC_IPV6_H="ipv6.h"
+ ISC_IPV6_O="ipv6.$O"
+ ISC_ISCIPV6_O="unix/ipv6.$O"
+ ISC_IPV6_C="ipv6.c"
+ ;;
+esac
- echo "$as_me:$LINENO: checking for sockaddr_storage" >&5
+echo "$as_me:$LINENO: checking for sockaddr_storage" >&5
echo $ECHO_N "checking for sockaddr_storage... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
+cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
@@ -23486,8 +23758,6 @@ cat >>conftest.$ac_ext <<_ACEOF
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
-$isc_netinetin6_hack
-$isc_netinet6in6_hack
int
main ()
@@ -23521,29 +23791,16 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(exit $ac_status); }; }; then
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
- HAVE_SOCKADDR_STORAGE="#define HAVE_SOCKADDR_STORAGE 1"
+ HAVE_SOCKADDR_STORAGE="#define HAVE_SOCKADDR_STORAGE 1"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
- HAVE_SOCKADDR_STORAGE="#undef HAVE_SOCKADDR_STORAGE"
+ HAVE_SOCKADDR_STORAGE="#undef HAVE_SOCKADDR_STORAGE"
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- ;;
- no)
- HAS_INET6_STRUCTS="#undef HAS_INET6_STRUCTS"
- NEED_IN6ADDR_ANY="#undef NEED_IN6ADDR_ANY"
- ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO"
- HAVE_SIN6_SCOPE_ID="#define HAVE_SIN6_SCOPE_ID 1"
- HAVE_SOCKADDR_STORAGE="#undef HAVE_SOCKADDR_STORAGE"
- ISC_IPV6_H="ipv6.h"
- ISC_IPV6_O="ipv6.$O"
- ISC_ISCIPV6_O="unix/ipv6.$O"
- ISC_IPV6_C="ipv6.c"
- ;;
-esac
@@ -24022,6 +24279,61 @@ fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: checking for struct timespec" >&5
+echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <time.h>
+int
+main ()
+{
+struct timespec ts = { 0, 0 }; return (0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ ISC_PLATFORM_NEEDTIMESPEC="#undef ISC_PLATFORM_NEEDTIMESPEC"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+ ISC_PLATFORM_NEEDTIMESPEC="#define ISC_PLATFORM_NEEDTIMESPEC 1"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+
#
# Check for addrinfo
#
@@ -32893,6 +33205,7 @@ s,@SOLARIS2@,$SOLARIS2,;t t
s,@PORT_INCLUDE@,$PORT_INCLUDE,;t t
s,@ISC_PLATFORM_MSGHDRFLAVOR@,$ISC_PLATFORM_MSGHDRFLAVOR,;t t
s,@ISC_PLATFORM_NEEDPORTT@,$ISC_PLATFORM_NEEDPORTT,;t t
+s,@ISC_PLATFORM_NEEDTIMESPEC@,$ISC_PLATFORM_NEEDTIMESPEC,;t t
s,@ISC_LWRES_ENDHOSTENTINT@,$ISC_LWRES_ENDHOSTENTINT,;t t
s,@ISC_LWRES_SETNETENTINT@,$ISC_LWRES_SETNETENTINT,;t t
s,@ISC_LWRES_ENDNETENTINT@,$ISC_LWRES_ENDNETENTINT,;t t
diff --git a/lib/bind/configure.in b/lib/bind/configure.in
index 778f020d..ada926ca 100644
--- a/lib/bind/configure.in
+++ b/lib/bind/configure.in
@@ -1,5 +1,5 @@
-# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2001 Internet Software Consortium.
+# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-AC_REVISION($Revision: 1.83.2.36 $)
+AC_REVISION($Revision: 1.83.2.40 $)
AC_INIT(resolv/herror.c)
AC_PREREQ(2.13)
@@ -174,6 +174,7 @@ AC_CHECK_HEADERS(fcntl.h db.h paths.h sys/time.h unistd.h sys/sockio.h sys/selec
AC_C_CONST
AC_C_INLINE
AC_TYPE_SIZE_T
+AC_CHECK_TYPE(ssize_t,signed)
AC_CHECK_TYPE(uintptr_t,unsigned long)
AC_HEADER_TIME
#
@@ -458,6 +459,8 @@ AC_SUBST(WANT_IRS_THREADS_OBJS)
AC_SUBST(WANT_THREADS_OBJS)
AC_CHECK_FUNC(strlcat, AC_DEFINE(HAVE_STRLCAT))
+AC_CHECK_FUNC(memmove, AC_DEFINE(HAVE_MEMMOVE))
+AC_CHECK_FUNC(memchr, AC_DEFINE(HAVE_MEMCHR))
AC_CHECK_FUNC(if_nametoindex,
[USE_IFNAMELINKID="#define USE_IFNAMELINKID 1"],
@@ -879,27 +882,12 @@ $isc_netinet6in6_hack
ISC_PLATFORM_HAVEIN6PKTINFO="#define ISC_PLATFORM_HAVEIN6PKTINFO 1"],
[AC_MSG_RESULT(no -- disabling runtime ipv6 support)
ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO"])
-
- AC_MSG_CHECKING(for sockaddr_storage)
- AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-$isc_netinetin6_hack
-$isc_netinet6in6_hack
-],
- [struct sockaddr_storage xyzzy; return (0);],
- [AC_MSG_RESULT(yes)
- HAVE_SOCKADDR_STORAGE="#define HAVE_SOCKADDR_STORAGE 1"],
- [AC_MSG_RESULT(no)
- HAVE_SOCKADDR_STORAGE="#undef HAVE_SOCKADDR_STORAGE"])
;;
no)
HAS_INET6_STRUCTS="#undef HAS_INET6_STRUCTS"
NEED_IN6ADDR_ANY="#undef NEED_IN6ADDR_ANY"
ISC_PLATFORM_HAVEIN6PKTINFO="#undef ISC_PLATFORM_HAVEIN6PKTINFO"
HAVE_SIN6_SCOPE_ID="#define HAVE_SIN6_SCOPE_ID 1"
- HAVE_SOCKADDR_STORAGE="#undef HAVE_SOCKADDR_STORAGE"
ISC_IPV6_H="ipv6.h"
ISC_IPV6_O="ipv6.$O"
ISC_ISCIPV6_O="unix/ipv6.$O"
@@ -907,6 +895,18 @@ $isc_netinet6in6_hack
;;
esac
+AC_MSG_CHECKING(for sockaddr_storage)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+],
+[struct sockaddr_storage xyzzy; return (0);],
+ [AC_MSG_RESULT(yes)
+ HAVE_SOCKADDR_STORAGE="#define HAVE_SOCKADDR_STORAGE 1"],
+ [AC_MSG_RESULT(no)
+ HAVE_SOCKADDR_STORAGE="#undef HAVE_SOCKADDR_STORAGE"])
+
AC_SUBST(HAS_INET6_STRUCTS)
AC_SUBST(ISC_PLATFORM_NEEDNETINETIN6H)
AC_SUBST(ISC_PLATFORM_NEEDNETINET6IN6H)
@@ -1117,6 +1117,17 @@ AC_TRY_COMPILE([
ISC_PLATFORM_NEEDPORTT="#define ISC_PLATFORM_NEEDPORTT 1"])
AC_SUBST(ISC_PLATFORM_NEEDPORTT)
+AC_MSG_CHECKING(for struct timespec)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <time.h>],
+[struct timespec ts = { 0, 0 }; return (0);],
+ [AC_MSG_RESULT(yes)
+ ISC_PLATFORM_NEEDTIMESPEC="#undef ISC_PLATFORM_NEEDTIMESPEC"],
+ [AC_MSG_RESULT(no)
+ ISC_PLATFORM_NEEDTIMESPEC="#define ISC_PLATFORM_NEEDTIMESPEC 1"])
+AC_SUBST(ISC_PLATFORM_NEEDTIMESPEC)
+
#
# Check for addrinfo
#
diff --git a/lib/bind/dst/hmac_link.c b/lib/bind/dst/hmac_link.c
index 300b3b4d..0b523280 100644
--- a/lib/bind/dst/hmac_link.c
+++ b/lib/bind/dst/hmac_link.c
@@ -1,6 +1,6 @@
#ifdef HMAC_MD5
#ifndef LINT
-static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_link.c,v 1.2.2.3 2006/03/10 00:18:22 marka Exp $";
+static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_link.c,v 1.2.2.4 2007/02/26 02:00:13 marka Exp $";
#endif
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
@@ -276,13 +276,18 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
const int buff_len)
{
char *bp;
- int len, b_len, i, key_len;
+ int len, i, key_len;
u_char key[HMAC_LEN];
HMAC_Key *hkey;
if (dkey == NULL || dkey->dk_KEY_struct == NULL)
return (0);
- if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
+ /*
+ * Using snprintf() would be so much simpler here.
+ */
+ if (buff == NULL ||
+ buff_len <= (int)(strlen(key_file_fmt_str) +
+ strlen(KEY_FILE_FORMAT) + 4))
return (-1); /* no OR not enough space in output area */
hkey = (HMAC_Key *) dkey->dk_KEY_struct;
@@ -291,7 +296,6 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
bp = buff + strlen(buff);
- b_len = buff_len - (bp - buff);
memset(key, 0, HMAC_LEN);
for (i = 0; i < HMAC_LEN; i++)
@@ -301,19 +305,21 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
break;
key_len = i + 1;
+ if (buff_len - (bp - buff) < 6)
+ return (-1);
strcat(bp, "Key: ");
bp += strlen("Key: ");
- b_len = buff_len - (bp - buff);
- len = b64_ntop(key, key_len, bp, b_len);
+ len = b64_ntop(key, key_len, bp, buff_len - (bp - buff));
if (len < 0)
return (-1);
bp += len;
+ if (buff_len - (bp - buff) < 2)
+ return (-1);
*(bp++) = '\n';
*bp = '\0';
- b_len = buff_len - (bp - buff);
- return (buff_len - b_len);
+ return (bp - buff);
}
diff --git a/lib/bind/irs/dns_ho.c b/lib/bind/irs/dns_ho.c
index 1896b54d..423a70c8 100644
--- a/lib/bind/irs/dns_ho.c
+++ b/lib/bind/irs/dns_ho.c
@@ -52,7 +52,7 @@
/* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */
#if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: dns_ho.c,v 1.5.2.15 2006/03/10 00:18:22 marka Exp $";
+static const char rcsid[] = "$Id: dns_ho.c,v 1.5.2.16 2006/12/07 04:00:29 marka Exp $";
#endif /* LIBC_SCCS and not lint */
/* Imports. */
@@ -941,7 +941,7 @@ gethostans(struct irs_ho *this,
bp = (char *)(((u_long)bp + (sizeof(align) - 1)) &
~(sizeof(align) - 1));
/* Avoid overflows. */
- if (bp + n >= &pvt->hostbuf[sizeof pvt->hostbuf]) {
+ if (bp + n > &pvt->hostbuf[sizeof(pvt->hostbuf) - 1]) {
had_error++;
continue;
}
@@ -1051,7 +1051,7 @@ add_hostent(struct pvt *pvt, char *bp, char **hap, struct addrinfo *ai)
bp = (char *)(((u_long)bp + (sizeof(align) - 1)) &
~(sizeof(align) - 1));
/* Avoid overflows. */
- if (bp + addrlen >= &pvt->hostbuf[sizeof pvt->hostbuf])
+ if (bp + addrlen > &pvt->hostbuf[sizeof(pvt->hostbuf) - 1])
return(-1);
if (hap >= &pvt->h_addr_ptrs[MAXADDRS-1])
return(0); /* fail, but not treat it as an error. */
diff --git a/lib/bind/irs/gai_strerror.c b/lib/bind/irs/gai_strerror.c
index 0492f8f4..06eeeb36 100644
--- a/lib/bind/irs/gai_strerror.c
+++ b/lib/bind/irs/gai_strerror.c
@@ -69,8 +69,10 @@ gai_strerror(int ecode) {
if (pthread_mutex_lock(&lock) != 0)
goto unknown;
if (!once) {
- if (pthread_key_create(&key, free) != 0)
+ if (pthread_key_create(&key, free) != 0) {
+ pthread_mutex_unlock(&lock);
goto unknown;
+ }
once = 1;
}
if (pthread_mutex_unlock(&lock) != 0)
diff --git a/lib/bind/irs/irp_ng.c b/lib/bind/irs/irp_ng.c
index 6906f1d2..d12a0a74 100644
--- a/lib/bind/irs/irp_ng.c
+++ b/lib/bind/irs/irp_ng.c
@@ -16,7 +16,7 @@
*/
#if !defined(LINT) && !defined(CODECENTER)
-static const char rcsid[] = "$Id: irp_ng.c,v 1.1.2.1 2004/03/09 09:17:31 marka Exp $";
+static const char rcsid[] = "$Id: irp_ng.c,v 1.1.2.2 2006/12/07 04:52:57 marka Exp $";
#endif
/* Imports */
@@ -239,14 +239,14 @@ ng_test(struct irs_ng *this, const char *name,
}
if (irs_irp_send_command(pvt->girpdata, "innetgr %s", body) == 0) {
- memput(body, bodylen);
-
code = irs_irp_read_response(pvt->girpdata, text, sizeof text);
if (code == IRPD_GETNETGR_MATCHES) {
rval = 1;
}
}
+ memput(body, bodylen);
+
return (rval);
}
diff --git a/lib/bind/irs/irs_data.c b/lib/bind/irs/irs_data.c
index e65e6258..47963f1e 100644
--- a/lib/bind/irs/irs_data.c
+++ b/lib/bind/irs/irs_data.c
@@ -16,7 +16,7 @@
*/
#if !defined(LINT) && !defined(CODECENTER)
-static const char rcsid[] = "$Id: irs_data.c,v 1.3.2.6 2006/03/10 00:18:22 marka Exp $";
+static const char rcsid[] = "$Id: irs_data.c,v 1.3.2.7 2007/02/26 00:05:23 marka Exp $";
#endif
#include "port_before.h"
@@ -131,8 +131,10 @@ net_data_init(const char *conf_file) {
if (pthread_mutex_lock(&keylock) != 0)
return (NULL);
if (!once) {
- if (pthread_key_create(&key, net_data_destroy) != 0)
+ if (pthread_key_create(&key, net_data_destroy) != 0) {
+ pthread_mutex_unlock(&keylock);
return (NULL);
+ }
once = 1;
}
if (pthread_mutex_unlock(&keylock) != 0)
diff --git a/lib/bind/isc/ctl_clnt.c b/lib/bind/isc/ctl_clnt.c
index 1d3980c2..32b7710f 100644
--- a/lib/bind/isc/ctl_clnt.c
+++ b/lib/bind/isc/ctl_clnt.c
@@ -1,5 +1,5 @@
#if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "$Id: ctl_clnt.c,v 1.4.2.4 2004/03/17 01:15:48 marka Exp $";
+static const char rcsid[] = "$Id: ctl_clnt.c,v 1.4.2.5 2007/05/18 06:25:47 marka Exp $";
#endif /* not lint */
/*
@@ -114,6 +114,19 @@ static void touch_timer(struct ctl_cctx *);
static void timer(evContext, void *,
struct timespec, struct timespec);
+#ifndef HAVE_MEMCHR
+static void *
+memchr(const void *b, int c, size_t len) {
+ const unsigned char *p = b;
+ size_t i;
+
+ for (i = 0; i < len; i++, p++)
+ if (*p == (unsigned char)c)
+ return ((void *)p);
+ return (NULL);
+}
+#endif
+
/* Private data. */
static const char * const state_names[] = {
diff --git a/lib/bind/isc/ctl_srvr.c b/lib/bind/isc/ctl_srvr.c
index 91b9e9ae..377065b1 100644
--- a/lib/bind/isc/ctl_srvr.c
+++ b/lib/bind/isc/ctl_srvr.c
@@ -1,5 +1,5 @@
#if !defined(lint) && !defined(SABER)
-static const char rcsid[] = "$Id: ctl_srvr.c,v 1.3.2.4 2004/03/17 01:15:48 marka Exp $";
+static const char rcsid[] = "$Id: ctl_srvr.c,v 1.3.2.5 2006/12/07 04:52:57 marka Exp $";
#endif /* not lint */
/*
@@ -564,7 +564,7 @@ static void
ctl_readable(evContext lev, void *uap, int fd, int evmask) {
static const char me[] = "ctl_readable";
struct ctl_sess *sess = uap;
- struct ctl_sctx *ctx = sess->ctx;
+ struct ctl_sctx *ctx;
char *eos, tmp[MAX_NTOP];
ssize_t n;
@@ -572,6 +572,8 @@ ctl_readable(evContext lev, void *uap, int fd, int evmask) {
REQUIRE(fd >= 0);
REQUIRE(evmask == EV_READ);
REQUIRE(sess->state == reading || sess->state == reading_data);
+
+ ctx = sess->ctx;
evTouchIdleTimer(lev, sess->rdtiID);
if (!allocated_p(sess->inbuf) &&
ctl_bufget(&sess->inbuf, ctx->logger) < 0) {
diff --git a/lib/bind/make/rules.in b/lib/bind/make/rules.in
index 73b5abd2..12e94599 100644
--- a/lib/bind/make/rules.in
+++ b/lib/bind/make/rules.in
@@ -1,5 +1,5 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2001 Internet Software Consortium.
+# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2001-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: rules.in,v 1.3.2.7 2004/10/20 00:14:53 marka Exp $
+# $Id: rules.in,v 1.3.2.9 2007/01/18 00:06:02 marka Exp $
###
### Common Makefile rules for BIND 9.
diff --git a/lib/bind/port/aix5/include/sys/cdefs.h b/lib/bind/port/aix5/include/sys/cdefs.h
index bb555dca..69cbb61d 100644
--- a/lib/bind/port/aix5/include/sys/cdefs.h
+++ b/lib/bind/port/aix5/include/sys/cdefs.h
@@ -55,7 +55,7 @@
/*
* @(#)cdefs.h 8.1 (Berkeley) 6/2/93
- * $Id: cdefs.h,v 1.1.6.2 2004/11/30 01:16:00 marka Exp $
+ * $Id: cdefs.h,v 1.1.6.3 2006/12/07 04:00:29 marka Exp $
*/
#ifndef _CDEFS_H_
@@ -105,10 +105,18 @@
#define __STRING(x) "x"
#ifndef __GNUC__
+#ifndef __const
#define __const /* delete pseudo-ANSI C keywords */
+#endif
+#ifndef __inline
#define __inline
+#endif
+#ifndef __signed
#define __signed
+#endif
+#ifndef __volatile
#define __volatile
+#endif
/*
* In non-ANSI C environments, new programs will want ANSI-only C keywords
* deleted from the program and old programs will want them left alone.
diff --git a/lib/bind/port/sunos/include/paths.h b/lib/bind/port/sunos/include/paths.h
new file mode 100644
index 00000000..28936030
--- /dev/null
+++ b/lib/bind/port/sunos/include/paths.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: paths.h,v 1.1.2.2 2007/05/16 23:45:25 tbox Exp $ */
+
+#define _PATH_DEVNULL "/dev/null"
+
diff --git a/lib/bind/port_before.h.in b/lib/bind/port_before.h.in
index 320fff19..0b00821b 100644
--- a/lib/bind/port_before.h.in
+++ b/lib/bind/port_before.h.in
@@ -12,6 +12,16 @@ struct timezone; /* silence warning */
#endif
#include <limits.h>
+#ifdef ISC_PLATFORM_NEEDTIMESPEC
+#include <time.h> /* For time_t */
+struct timespec {
+ time_t tv_sec; /* seconds */
+ long tv_nsec; /* nanoseconds */
+};
+#endif
+#ifndef HAVE_MEMMOVE
+#define memmove(a,b,c) bcopy(b,a,c)
+#endif
@WANT_IRS_GR@
@WANT_IRS_NIS@
diff --git a/lib/bind/resolv/res_init.c b/lib/bind/resolv/res_init.c
index d3bb71f5..639f2776 100644
--- a/lib/bind/resolv/res_init.c
+++ b/lib/bind/resolv/res_init.c
@@ -70,7 +70,7 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93";
-static const char rcsid[] = "$Id: res_init.c,v 1.9.2.11 2006/08/30 23:23:14 marka Exp $";
+static const char rcsid[] = "$Id: res_init.c,v 1.9.2.13 2007/07/09 01:54:50 marka Exp $";
#endif /* LIBC_SCCS and not lint */
#include "port_before.h"
@@ -166,7 +166,9 @@ __res_vinit(res_state statp, int preinit) {
#endif
int dots;
union res_sockaddr_union u[2];
+ int maxns = MAXNS;
+ RES_SET_H_ERRNO(statp, 0);
if (statp->_u._ext.ext != NULL)
res_ndestroy(statp);
@@ -216,8 +218,22 @@ __res_vinit(res_state statp, int preinit) {
statp->_u._ext.ext->nsaddrs[0].sin = statp->nsaddr;
strcpy(statp->_u._ext.ext->nsuffix, "ip6.arpa");
strcpy(statp->_u._ext.ext->nsuffix2, "ip6.int");
- } else
- return (-1);
+ } else {
+ /*
+ * Historically res_init() rarely, if at all, failed.
+ * Examples and applications exist which do not check
+ * our return code. Furthermore several applications
+ * simply call us to get the systems domainname. So
+ * rather then immediately fail here we store the
+ * failure, which is returned later, in h_errno. And
+ * prevent the collection of 'nameserver' information
+ * by setting maxns to 0. Thus applications that fail
+ * to check our return code wont be able to make
+ * queries anyhow.
+ */
+ RES_SET_H_ERRNO(statp, NETDB_INTERNAL);
+ maxns = 0;
+ }
#ifdef RESOLVSORT
statp->nsort = 0;
#endif
@@ -238,9 +254,9 @@ __res_vinit(res_state statp, int preinit) {
buf[0] = '.';
cp = strchr(buf, '.');
cp = (cp == NULL) ? buf : (cp + 1);
- if (strlen(cp) >= sizeof(statp->defdname))
- goto freedata;
- strcpy(statp->defdname, cp);
+ strncpy(statp->defdname, cp,
+ sizeof(statp->defdname) - 1);
+ statp->defdname[sizeof(statp->defdname) - 1] = '\0';
}
}
#endif /* SOLARIS2 */
@@ -346,7 +362,7 @@ __res_vinit(res_state statp, int preinit) {
continue;
}
/* read nameservers to query */
- if (MATCH(buf, "nameserver") && nserv < MAXNS) {
+ if (MATCH(buf, "nameserver") && nserv < maxns) {
struct addrinfo hints, *ai;
char sbuf[NI_MAXSERV];
const size_t minsiz =
@@ -482,16 +498,7 @@ __res_vinit(res_state statp, int preinit) {
if ((cp = getenv("RES_OPTIONS")) != NULL)
res_setoptions(statp, cp, "env");
statp->options |= RES_INIT;
- return (0);
-
-#ifdef SOLARIS2
- freedata:
- if (statp->_u._ext.ext != NULL) {
- free(statp->_u._ext.ext);
- statp->_u._ext.ext = NULL;
- }
- return (-1);
-#endif
+ return (statp->res_h_errno);
}
static void
diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index 720c803c..0638dddd 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: adb.c,v 1.181.2.24 2006/01/04 23:50:17 marka Exp $ */
+/* $Id: adb.c,v 1.181.2.26 2007/02/26 23:45:24 tbox Exp $ */
/*
* Implementation notes
@@ -3181,7 +3181,7 @@ dbfind_name(dns_adbname_t *adbname, isc_stdtime_t now, dns_rdatatype_t rdtype)
adbname->fetch6_err = FIND_ERR_UNEXPECTED;
result = dns_view_find(adb->view, &adbname->name, rdtype, now,
- NAME_GLUEOK(adbname),
+ NAME_GLUEOK(adbname) ? DNS_DBFIND_GLUEOK : 0,
ISC_TF(NAME_HINTOK(adbname)),
NULL, NULL, fname, &rdataset, NULL);
diff --git a/lib/dns/api b/lib/dns/api
index f2bcfbf5..901d1f20 100644
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -1,3 +1,3 @@
LIBINTERFACE = 19
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 3
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 5e87f56c..d3c690b9 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,19 +15,21 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dispatch.c,v 1.101.2.14 2006/01/06 00:01:41 marka Exp $ */
+/* $Id: dispatch.c,v 1.101.2.21 2007/06/27 04:21:27 marka Exp $ */
#include <config.h>
#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
#include <isc/entropy.h>
-#include <isc/lfsr.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/print.h>
#include <isc/string.h>
#include <isc/task.h>
+#include <isc/time.h>
#include <isc/util.h>
#include <dns/acl.h>
@@ -40,13 +42,22 @@
typedef ISC_LIST(dns_dispentry_t) dns_displist_t;
+typedef struct dns_nsid {
+ isc_uint16_t nsid_state;
+ isc_uint16_t *nsid_vtable;
+ isc_uint16_t *nsid_pool;
+ isc_uint16_t nsid_a1, nsid_a2, nsid_a3;
+ isc_uint16_t nsid_c1, nsid_c2, nsid_c3;
+ isc_uint16_t nsid_state2;
+ isc_boolean_t nsid_usepool;
+} dns_nsid_t;
+
typedef struct dns_qid {
unsigned int magic;
unsigned int qid_nbuckets; /* hash table size */
unsigned int qid_increment; /* id increment on collision */
isc_mutex_t lock;
- isc_lfsr_t qid_lfsr1; /* state generator info */
- isc_lfsr_t qid_lfsr2; /* state generator info */
+ dns_nsid_t nsid;
dns_displist_t *qid_table; /* the table itself */
} dns_qid_t;
@@ -154,7 +165,7 @@ static void destroy_disp(isc_task_t *task, isc_event_t *event);
static void udp_recv(isc_task_t *, isc_event_t *);
static void tcp_recv(isc_task_t *, isc_event_t *);
static void startrecv(dns_dispatch_t *);
-static dns_messageid_t dns_randomid(dns_qid_t *);
+static dns_messageid_t dns_randomid(dns_nsid_t *);
static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t);
static void free_buffer(dns_dispatch_t *disp, void *buf, unsigned int len);
static void *allocate_udp_buffer(dns_dispatch_t *disp);
@@ -175,8 +186,12 @@ static isc_result_t dispatch_createudp(dns_dispatchmgr_t *mgr,
static isc_boolean_t destroy_mgr_ok(dns_dispatchmgr_t *mgr);
static void destroy_mgr(dns_dispatchmgr_t **mgrp);
static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
- unsigned int increment, dns_qid_t **qidp);
+ unsigned int increment, isc_boolean_t usepool,
+ dns_qid_t **qidp);
static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
+static isc_uint16_t nsid_next(dns_nsid_t *nsid);
+static isc_result_t nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool);
+static void nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid);
#define LVL(x) ISC_LOG_DEBUG(x)
@@ -256,38 +271,16 @@ request_log(dns_dispatch_t *disp, dns_dispentry_t *resp,
}
}
-static void
-reseed_lfsr(isc_lfsr_t *lfsr, void *arg)
-{
- dns_dispatchmgr_t *mgr = arg;
- isc_result_t result;
- isc_uint32_t val;
-
- REQUIRE(VALID_DISPATCHMGR(mgr));
-
- if (mgr->entropy != NULL) {
- result = isc_entropy_getdata(mgr->entropy, &val, sizeof val,
- NULL, 0);
- INSIST(result == ISC_R_SUCCESS);
- lfsr->count = (val & 0x1f) + 32;
- lfsr->state = val;
- return;
- }
-
- lfsr->count = (random() & 0x1f) + 32; /* From 32 to 63 states */
- lfsr->state = random();
-}
-
/*
* Return an unpredictable message ID.
*/
static dns_messageid_t
-dns_randomid(dns_qid_t *qid) {
- isc_uint32_t id;
+dns_randomid(dns_nsid_t *nsid) {
+ isc_uint16_t id;
- id = isc_lfsr_generate32(&qid->qid_lfsr1, &qid->qid_lfsr2);
+ id = nsid_next(nsid);
- return (dns_messageid_t)(id & 0xFFFF);
+ return ((dns_messageid_t)id);
}
/*
@@ -627,6 +620,9 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) {
goto restart;
}
+ dns_dispatch_hash(&ev->timestamp, sizeof(&ev->timestamp));
+ dns_dispatch_hash(ev->region.base, ev->region.length);
+
/* response */
bucket = dns_hash(qid, &ev->address, id);
LOCK(&qid->lock);
@@ -853,6 +849,8 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) {
goto restart;
}
+ dns_dispatch_hash(tcpmsg->buffer.base, tcpmsg->buffer.length);
+
/*
* Response.
*/
@@ -1203,6 +1201,7 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
if (isc_mempool_create(mgr->mctx, buffersize,
&mgr->bpool) != ISC_R_SUCCESS) {
+ UNLOCK(&mgr->buffer_lock);
return (ISC_R_NOMEMORY);
}
@@ -1210,7 +1209,7 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock);
- result = qid_allocate(mgr, buckets, increment, &mgr->qid);
+ result = qid_allocate(mgr, buckets, increment, ISC_TRUE, &mgr->qid);
if (result != ISC_R_SUCCESS)
goto cleanup;
@@ -1309,7 +1308,7 @@ dispatch_find(dns_dispatchmgr_t *mgr, isc_sockaddr_t *local,
static isc_result_t
qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
- unsigned int increment, dns_qid_t **qidp)
+ unsigned int increment, isc_boolean_t usepool, dns_qid_t **qidp)
{
dns_qid_t *qid;
unsigned int i;
@@ -1330,8 +1329,16 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
return (ISC_R_NOMEMORY);
}
+ if (nsid_init(mgr->mctx, &qid->nsid, usepool) != ISC_R_SUCCESS) {
+ isc_mem_put(mgr->mctx, qid->qid_table,
+ buckets * sizeof(dns_displist_t));
+ isc_mem_put(mgr->mctx, qid, sizeof(*qid));
+ return (ISC_R_NOMEMORY);
+ }
+
if (isc_mutex_init(&qid->lock) != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_mutex_init failed");
+ nsid_destroy(mgr->mctx, &qid->nsid);
isc_mem_put(mgr->mctx, qid->qid_table,
buckets * sizeof(dns_displist_t));
isc_mem_put(mgr->mctx, qid, sizeof(*qid));
@@ -1344,21 +1351,6 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
qid->qid_nbuckets = buckets;
qid->qid_increment = increment;
qid->magic = QID_MAGIC;
-
- /*
- * Initialize to a 32-bit LFSR. Both of these are from Applied
- * Cryptography.
- *
- * lfsr1:
- * x^32 + x^7 + x^5 + x^3 + x^2 + x + 1
- *
- * lfsr2:
- * x^32 + x^7 + x^6 + x^2 + 1
- */
- isc_lfsr_init(&qid->qid_lfsr1, 0, 32, 0x80000057U,
- 0, reseed_lfsr, mgr);
- isc_lfsr_init(&qid->qid_lfsr2, 0, 32, 0x80000062U,
- 0, reseed_lfsr, mgr);
*qidp = qid;
return (ISC_R_SUCCESS);
}
@@ -1374,6 +1366,7 @@ qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp) {
*qidp = NULL;
qid->magic = 0;
+ nsid_destroy(mctx, &qid->nsid);
isc_mem_put(mctx, qid->qid_table,
qid->qid_nbuckets * sizeof(dns_displist_t));
DESTROYLOCK(&qid->lock);
@@ -1517,7 +1510,7 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
return (result);
}
- result = qid_allocate(mgr, buckets, increment, &disp->qid);
+ result = qid_allocate(mgr, buckets, increment, ISC_FALSE, &disp->qid);
if (result != ISC_R_SUCCESS)
goto deallocate_dispatch;
@@ -1534,8 +1527,10 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
DNS_EVENT_DISPATCHCONTROL,
destroy_disp, disp,
sizeof(isc_event_t));
- if (disp->ctlevent == NULL)
+ if (disp->ctlevent == NULL) {
+ result = ISC_R_NOMEMORY;
goto kill_task;
+ }
isc_task_setname(disp->task, "tcpdispatch", disp);
@@ -1685,8 +1680,10 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr,
DNS_EVENT_DISPATCHCONTROL,
destroy_disp, disp,
sizeof(isc_event_t));
- if (disp->ctlevent == NULL)
+ if (disp->ctlevent == NULL) {
+ result = ISC_R_NOMEMORY;
goto kill_task;
+ }
isc_task_setname(disp->task, "udpdispatch", disp);
@@ -1804,7 +1801,7 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest,
*/
qid = DNS_QID(disp);
LOCK(&qid->lock);
- id = dns_randomid(qid);
+ id = dns_randomid(&qid->nsid);
bucket = dns_hash(qid, dest, id);
ok = ISC_FALSE;
for (i = 0 ; i < 64 ; i++) {
@@ -2147,3 +2144,409 @@ dns_dispatchmgr_dump(dns_dispatchmgr_t *mgr) {
}
}
#endif
+
+/*
+ * Allow the user to pick one of two ID randomization algorithms.
+ *
+ * The first algorithm is an adaptation of the sequence shuffling
+ * algorithm discovered by Carter Bays and S. D. Durham [ACM Trans. Math.
+ * Software 2 (1976), 59-64], as documented as Algorithm B in Chapter
+ * 3.2.2 in Volume 2 of Knuth's "The Art of Computer Programming". We use
+ * a randomly selected linear congruential random number generator with a
+ * modulus of 2^16, whose increment is a randomly picked odd number, and
+ * whose multiplier is picked from a set which meets the following
+ * criteria:
+ * Is of the form 8*n+5, which ensures "high potency" according to
+ * principle iii in the summary chapter 3.6. This form also has a
+ * gcd(a-1,m) of 4 which is good according to principle iv.
+ *
+ * Is between 0.01 and 0.99 times the modulus as specified by
+ * principle iv.
+ *
+ * Passes the spectral test "with flying colors" (ut >= 1) in
+ * dimensions 2 through 6 as calculated by Algorithm S in Chapter
+ * 3.3.4 and the ratings calculated by formula 35 in section E.
+ *
+ * Of the multipliers that pass this test, pick the set that is
+ * best according to the theoretical bounds of the serial
+ * correlation test. This was calculated using a simplified
+ * version of Knuth's Theorem K in Chapter 3.3.3.
+ *
+ * These criteria may not be important for this use, but we might as well
+ * pick from the best generators since there are so many possible ones and
+ * we don't have that many random bits to do the picking.
+ *
+ * We use a modulus of 2^16 instead of something bigger so that we will
+ * tend to cycle through all the possible IDs before repeating any,
+ * however the shuffling will perturb this somewhat. Theoretically there
+ * is no minimimum interval between two uses of the same ID, but in
+ * practice it seems to be >64000.
+ *
+ * Our adaptatation of Algorithm B mixes the hash state which has
+ * captured various random events into the shuffler to perturb the
+ * sequence.
+ *
+ * One disadvantage of this algorithm is that if the generator parameters
+ * were to be guessed, it would be possible to mount a limited brute force
+ * attack on the ID space since the IDs are only shuffled within a limited
+ * range.
+ *
+ * The second algorithm uses the same random number generator to populate
+ * a pool of 65536 IDs. The hash state is used to pick an ID from a window
+ * of 4096 IDs in this pool, then the chosen ID is swapped with the ID
+ * at the beginning of the window and the window position is advanced.
+ * This means that the interval between uses of the ID will be no less
+ * than 65536-4096. The ID sequence in the pool will become more random
+ * over time.
+ *
+ * For both algorithms, two more linear congruential random number generators
+ * are selected. The ID from the first part of algorithm is used to seed
+ * the first of these generators, and its output is used to seed the second.
+ * The strategy is use these generators as 1 to 1 hashes to obfuscate the
+ * properties of the generator used in the first part of either algorithm.
+ *
+ * The first algorithm may be suitable for use in a client resolver since
+ * its memory requirements are fairly low and it's pretty random out of
+ * the box. It is somewhat succeptible to a limited brute force attack,
+ * so the second algorithm is probably preferable for a longer running
+ * program that issues a large number of queries and has time to randomize
+ * the pool.
+ */
+
+#define NSID_SHUFFLE_TABLE_SIZE 100 /* Suggested by Knuth */
+/*
+ * Pick one of the next 4096 IDs in the pool.
+ * There is a tradeoff here between randomness and how often and ID is reused.
+ */
+#define NSID_LOOKAHEAD 4096 /* Must be a power of 2 */
+#define NSID_SHUFFLE_ONLY 1 /* algorithm 1 */
+#define NSID_USE_POOL 2 /* algorithm 2 */
+#define NSID_HASHSHIFT 3
+#define NSID_HASHROTATE(v) \
+ (((v) << NSID_HASHSHIFT) | ((v) >> ((sizeof(v) * 8) - NSID_HASHSHIFT)))
+
+static isc_uint32_t nsid_hash_state;
+
+/*
+ * Keep a running hash of various bits of data that we'll use to
+ * stir the ID pool or perturb the ID generator
+ */
+static void
+nsid_hash(void *data, size_t len) {
+ unsigned char *p = data;
+ /*
+ * Hash function similar to the one we use for hashing names.
+ * We don't fold case or toss the upper bit here, though.
+ * This hash doesn't do much interesting when fed binary zeros,
+ * so there may be a better hash function.
+ * This function doesn't need to be very strong since we're
+ * only using it to stir the pool, but it should be reasonably
+ * fast.
+ */
+ /*
+ * We don't care about locking access to nsid_hash_state.
+ * In fact races make the result even more non deteministic.
+ */
+ while (len-- > 0U) {
+ nsid_hash_state = NSID_HASHROTATE(nsid_hash_state);
+ nsid_hash_state += *p++;
+ }
+}
+
+/*
+ * Table of good linear congruential multipliers for modulus 2^16
+ * in order of increasing serial correlation bounds (so trim from
+ * the end).
+ */
+static const isc_uint16_t nsid_multiplier_table[] = {
+ 17565, 25013, 11733, 19877, 23989, 23997, 24997, 25421,
+ 26781, 27413, 35901, 35917, 35973, 36229, 38317, 38437,
+ 39941, 40493, 41853, 46317, 50581, 51429, 53453, 53805,
+ 11317, 11789, 12045, 12413, 14277, 14821, 14917, 18989,
+ 19821, 23005, 23533, 23573, 23693, 27549, 27709, 28461,
+ 29365, 35605, 37693, 37757, 38309, 41285, 45261, 47061,
+ 47269, 48133, 48597, 50277, 50717, 50757, 50805, 51341,
+ 51413, 51581, 51597, 53445, 11493, 14229, 20365, 20653,
+ 23485, 25541, 27429, 29421, 30173, 35445, 35653, 36789,
+ 36797, 37109, 37157, 37669, 38661, 39773, 40397, 41837,
+ 41877, 45293, 47277, 47845, 49853, 51085, 51349, 54085,
+ 56933, 8877, 8973, 9885, 11365, 11813, 13581, 13589,
+ 13613, 14109, 14317, 15765, 15789, 16925, 17069, 17205,
+ 17621, 17941, 19077, 19381, 20245, 22845, 23733, 24869,
+ 25453, 27213, 28381, 28965, 29245, 29997, 30733, 30901,
+ 34877, 35485, 35613, 36133, 36661, 36917, 38597, 40285,
+ 40693, 41413, 41541, 41637, 42053, 42349, 45245, 45469,
+ 46493, 48205, 48613, 50861, 51861, 52877, 53933, 54397,
+ 55669, 56453, 56965, 58021, 7757, 7781, 8333, 9661,
+ 12229, 14373, 14453, 17549, 18141, 19085, 20773, 23701,
+ 24205, 24333, 25261, 25317, 27181, 30117, 30477, 34757,
+ 34885, 35565, 35885, 36541, 37957, 39733, 39813, 41157,
+ 41893, 42317, 46621, 48117, 48181, 49525, 55261, 55389,
+ 56845, 7045, 7749, 7965, 8469, 9133, 9549, 9789,
+ 10173, 11181, 11285, 12253, 13453, 13533, 13757, 14477,
+ 15053, 16901, 17213, 17269, 17525, 17629, 18605, 19013,
+ 19829, 19933, 20069, 20093, 23261, 23333, 24949, 25309,
+ 27613, 28453, 28709, 29301, 29541, 34165, 34413, 37301,
+ 37773, 38045, 38405, 41077, 41781, 41925, 42717, 44437,
+ 44525, 44613, 45933, 45941, 47077, 50077, 50893, 52117,
+ 5293, 55069, 55989, 58125, 59205, 6869, 14685, 15453,
+ 16821, 17045, 17613, 18437, 21029, 22773, 22909, 25445,
+ 25757, 26541, 30709, 30909, 31093, 31149, 37069, 37725,
+ 37925, 38949, 39637, 39701, 40765, 40861, 42965, 44813,
+ 45077, 45733, 47045, 50093, 52861, 52957, 54181, 56325,
+ 56365, 56381, 56877, 57013, 5741, 58101, 58669, 8613,
+ 10045, 10261, 10653, 10733, 11461, 12261, 14069, 15877,
+ 17757, 21165, 23885, 24701, 26429, 26645, 27925, 28765,
+ 29197, 30189, 31293, 39781, 39909, 40365, 41229, 41453,
+ 41653, 42165, 42365, 47421, 48029, 48085, 52773, 5573,
+ 57037, 57637, 58341, 58357, 58901, 6357, 7789, 9093,
+ 10125, 10709, 10765, 11957, 12469, 13437, 13509, 14773,
+ 15437, 15773, 17813, 18829, 19565, 20237, 23461, 23685,
+ 23725, 23941, 24877, 25461, 26405, 29509, 30285, 35181,
+ 37229, 37893, 38565, 40293, 44189, 44581, 45701, 47381,
+ 47589, 48557, 4941, 51069, 5165, 52797, 53149, 5341,
+ 56301, 56765, 58581, 59493, 59677, 6085, 6349, 8293,
+ 8501, 8517, 11597, 11709, 12589, 12693, 13517, 14909,
+ 17397, 18085, 21101, 21269, 22717, 25237, 25661, 29189,
+ 30101, 31397, 33933, 34213, 34661, 35533, 36493, 37309,
+ 40037, 4189, 42909, 44309, 44357, 44389, 4541, 45461,
+ 46445, 48237, 54149, 55301, 55853, 56621, 56717, 56901,
+ 5813, 58437, 12493, 15365, 15989, 17829, 18229, 19341,
+ 21013, 21357, 22925, 24885, 26053, 27581, 28221, 28485,
+ 30605, 30613, 30789, 35437, 36285, 37189, 3941, 41797,
+ 4269, 42901, 43293, 44645, 45221, 46893, 4893, 50301,
+ 50325, 5189, 52109, 53517, 54053, 54485, 5525, 55949,
+ 56973, 59069, 59421, 60733, 61253, 6421, 6701, 6709,
+ 7101, 8669, 15797, 19221, 19837, 20133, 20957, 21293,
+ 21461, 22461, 29085, 29861, 30869, 34973, 36469, 37565,
+ 38125, 38829, 39469, 40061, 40117, 44093, 47429, 48341,
+ 50597, 51757, 5541, 57629, 58405, 59621, 59693, 59701,
+ 61837, 7061, 10421, 11949, 15405, 20861, 25397, 25509,
+ 25893, 26037, 28629, 28869, 29605, 30213, 34205, 35637,
+ 36365, 37285, 3773, 39117, 4021, 41061, 42653, 44509,
+ 4461, 44829, 4725, 5125, 52269, 56469, 59085, 5917,
+ 60973, 8349, 17725, 18637, 19773, 20293, 21453, 22533,
+ 24285, 26333, 26997, 31501, 34541, 34805, 37509, 38477,
+ 41333, 44125, 46285, 46997, 47637, 48173, 4925, 50253,
+ 50381, 50917, 51205, 51325, 52165, 52229, 5253, 5269,
+ 53509, 56253, 56341, 5821, 58373, 60301, 61653, 61973,
+ 62373, 8397, 11981, 14341, 14509, 15077, 22261, 22429,
+ 24261, 28165, 28685, 30661, 34021, 34445, 39149, 3917,
+ 43013, 43317, 44053, 44101, 4533, 49541, 49981, 5277,
+ 54477, 56357, 57261, 57765, 58573, 59061, 60197, 61197,
+ 62189, 7725, 8477, 9565, 10229, 11437, 14613, 14709,
+ 16813, 20029, 20677, 31445, 3165, 31957, 3229, 33541,
+ 36645, 3805, 38973, 3965, 4029, 44293, 44557, 46245,
+ 48917, 4909, 51749, 53709, 55733, 56445, 5925, 6093,
+ 61053, 62637, 8661, 9109, 10821, 11389, 13813, 14325,
+ 15501, 16149, 18845, 22669, 26437, 29869, 31837, 33709,
+ 33973, 34173, 3677, 3877, 3981, 39885, 42117, 4421,
+ 44221, 44245, 44693, 46157, 47309, 5005, 51461, 52037,
+ 55333, 55693, 56277, 58949, 6205, 62141, 62469, 6293,
+ 10101, 12509, 14029, 17997, 20469, 21149, 25221, 27109,
+ 2773, 2877, 29405, 31493, 31645, 4077, 42005, 42077,
+ 42469, 42501, 44013, 48653, 49349, 4997, 50101, 55405,
+ 56957, 58037, 59429, 60749, 61797, 62381, 62837, 6605,
+ 10541, 23981, 24533, 2701, 27333, 27341, 31197, 33805,
+ 3621, 37381, 3749, 3829, 38533, 42613, 44381, 45901,
+ 48517, 51269, 57725, 59461, 60045, 62029, 13805, 14013,
+ 15461, 16069, 16157, 18573, 2309, 23501, 28645, 3077,
+ 31541, 36357, 36877, 3789, 39429, 39805, 47685, 47949,
+ 49413, 5485, 56757, 57549, 57805, 58317, 59549, 62213,
+ 62613, 62853, 62933, 8909, 12941, 16677, 20333, 21541,
+ 24429, 26077, 26421, 2885, 31269, 33381, 3661, 40925,
+ 42925, 45173, 4525, 4709, 53133, 55941, 57413, 57797,
+ 62125, 62237, 62733, 6773, 12317, 13197, 16533, 16933,
+ 18245, 2213, 2477, 29757, 33293, 35517, 40133, 40749,
+ 4661, 49941, 62757, 7853, 8149, 8573, 11029, 13421,
+ 21549, 22709, 22725, 24629, 2469, 26125, 2669, 34253,
+ 36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
+ 60997, 61189, 61981, 62605, 62821, 7077, 7525, 8781,
+ 10861, 15277, 2205, 22077, 28517, 28949, 32109, 33493,
+ 4661, 49941, 62757, 7853, 8149, 8573, 11029, 13421,
+ 21549, 22709, 22725, 24629, 2469, 26125, 2669, 34253,
+ 36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
+ 60997, 61189, 61981, 62605, 62821, 7077, 7525, 8781,
+ 10861, 15277, 2205, 22077, 28517, 28949, 32109, 33493,
+ 3685, 39197, 39869, 42621, 44997, 48565, 5221, 57381,
+ 61749, 62317, 63245, 63381, 23149, 2549, 28661, 31653,
+ 33885, 36341, 37053, 39517, 42805, 45853, 48997, 59349,
+ 60053, 62509, 63069, 6525, 1893, 20181, 2365, 24893,
+ 27397, 31357, 32277, 33357, 34437, 36677, 37661, 43469,
+ 43917, 50997, 53869, 5653, 13221, 16741, 17893, 2157,
+ 28653, 31789, 35301, 35821, 61613, 62245, 12405, 14517,
+ 17453, 18421, 3149, 3205, 40341, 4109, 43941, 46869,
+ 48837, 50621, 57405, 60509, 62877, 8157, 12933, 12957,
+ 16501, 19533, 3461, 36829, 52357, 58189, 58293, 63053,
+ 17109, 1933, 32157, 37701, 59005, 61621, 13029, 15085,
+ 16493, 32317, 35093, 5061, 51557, 62221, 20765, 24613,
+ 2629, 30861, 33197, 33749, 35365, 37933, 40317, 48045,
+ 56229, 61157, 63797, 7917, 17965, 1917, 1973, 20301,
+ 2253, 33157, 58629, 59861, 61085, 63909, 8141, 9221,
+ 14757, 1581, 21637, 26557, 33869, 34285, 35733, 40933,
+ 42517, 43501, 53653, 61885, 63805, 7141, 21653, 54973,
+ 31189, 60061, 60341, 63357, 16045, 2053, 26069, 33997,
+ 43901, 54565, 63837, 8949, 17909, 18693, 32349, 33125,
+ 37293, 48821, 49053, 51309, 64037, 7117, 1445, 20405,
+ 23085, 26269, 26293, 27349, 32381, 33141, 34525, 36461,
+ 37581, 43525, 4357, 43877, 5069, 55197, 63965, 9845,
+ 12093, 2197, 2229, 32165, 33469, 40981, 42397, 8749,
+ 10853, 1453, 18069, 21693, 30573, 36261, 37421, 42533
+};
+
+#define NSID_MULT_TABLE_SIZE \
+ ((sizeof nsid_multiplier_table)/(sizeof nsid_multiplier_table[0]))
+#define NSID_RANGE_MASK (NSID_LOOKAHEAD - 1)
+#define NSID_POOL_MASK 0xFFFF /* used to wrap the pool index */
+#define NSID_SHUFFLE_ONLY 1
+#define NSID_USE_POOL 2
+
+static isc_uint16_t
+nsid_next(dns_nsid_t *nsid) {
+ isc_uint16_t id, compressed_hash;
+ isc_uint16_t j;
+
+ compressed_hash = ((nsid_hash_state >> 16) ^
+ (nsid_hash_state)) & 0xFFFF;
+
+ if (nsid->nsid_usepool) {
+ isc_uint16_t pick;
+
+ pick = compressed_hash & NSID_RANGE_MASK;
+ pick = (nsid->nsid_state + pick) & NSID_POOL_MASK;
+ id = nsid->nsid_pool[pick];
+ if (pick != 0) {
+ /* Swap two IDs to stir the pool */
+ nsid->nsid_pool[pick] =
+ nsid->nsid_pool[nsid->nsid_state];
+ nsid->nsid_pool[nsid->nsid_state] = id;
+ }
+
+ /* increment the base pointer into the pool */
+ if (nsid->nsid_state == 65535)
+ nsid->nsid_state = 0;
+ else
+ nsid->nsid_state++;
+ } else {
+ /*
+ * This is the original Algorithm B
+ * j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * nsid_state2) >> 16;
+ *
+ * We'll perturb it with some random stuff ...
+ */
+ j = ((isc_uint32_t) NSID_SHUFFLE_TABLE_SIZE *
+ (nsid->nsid_state2 ^ compressed_hash)) >> 16;
+ nsid->nsid_state2 = id = nsid->nsid_vtable[j];
+ nsid->nsid_state = (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
+ nsid->nsid_c1) & 0xFFFF;
+ nsid->nsid_vtable[j] = nsid->nsid_state;
+ }
+
+ /* Now lets obfuscate ... */
+ id = (((isc_uint32_t) nsid->nsid_a2 * id) + nsid->nsid_c2) & 0xFFFF;
+ id = (((isc_uint32_t) nsid->nsid_a3 * id) + nsid->nsid_c3) & 0xFFFF;
+
+ return (id);
+}
+
+static isc_result_t
+nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool) {
+ isc_time_t now;
+ pid_t mypid;
+ isc_uint16_t a1ndx, a2ndx, a3ndx, c1ndx, c2ndx, c3ndx;
+ int i;
+
+ isc_time_now(&now);
+ mypid = getpid();
+
+ /* Initialize the state */
+ memset(nsid, 0, sizeof(*nsid));
+ nsid_hash(&now, sizeof now);
+ nsid_hash(&mypid, sizeof mypid);
+
+ /*
+ * Select our random number generators and initial seed.
+ * We could really use more random bits at this point,
+ * but we'll try to make a silk purse out of a sows ear ...
+ */
+ /* generator 1 */
+ a1ndx = ((isc_uint32_t) NSID_MULT_TABLE_SIZE *
+ (nsid_hash_state & 0xFFFF)) >> 16;
+ nsid->nsid_a1 = nsid_multiplier_table[a1ndx];
+ c1ndx = (nsid_hash_state >> 9) & 0x7FFF;
+ nsid->nsid_c1 = 2 * c1ndx + 1;
+
+ /* generator 2, distinct from 1 */
+ a2ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 1) *
+ ((nsid_hash_state >> 10) & 0xFFFF)) >> 16;
+ if (a2ndx >= a1ndx)
+ a2ndx++;
+ nsid->nsid_a2 = nsid_multiplier_table[a2ndx];
+ c2ndx = nsid_hash_state % 32767;
+ if (c2ndx >= c1ndx)
+ c2ndx++;
+ nsid->nsid_c2 = 2*c2ndx + 1;
+
+ /* generator 3, distinct from 1 and 2 */
+ a3ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 2) *
+ ((nsid_hash_state >> 20) & 0xFFFF)) >> 16;
+ if (a3ndx >= a1ndx || a3ndx >= a2ndx)
+ a3ndx++;
+ if (a3ndx >= a1ndx && a3ndx >= a2ndx)
+ a3ndx++;
+ nsid->nsid_a3 = nsid_multiplier_table[a3ndx];
+ c3ndx = nsid_hash_state % 32766;
+ if (c3ndx >= c1ndx || c3ndx >= c2ndx)
+ c3ndx++;
+ if (c3ndx >= c1ndx && c3ndx >= c2ndx)
+ c3ndx++;
+ nsid->nsid_c3 = 2*c3ndx + 1;
+
+ nsid->nsid_state =
+ ((nsid_hash_state >> 16) ^ (nsid_hash_state)) & 0xFFFF;
+
+ nsid->nsid_usepool = usepool;
+ if (nsid->nsid_usepool) {
+ nsid->nsid_pool = isc_mem_get(mctx, 0x10000 * sizeof(isc_uint16_t));
+ if (nsid->nsid_pool == NULL)
+ return (ISC_R_NOMEMORY);
+ for (i = 0; ; i++) {
+ nsid->nsid_pool[i] = nsid->nsid_state;
+ nsid->nsid_state =
+ (((u_long) nsid->nsid_a1 * nsid->nsid_state) +
+ nsid->nsid_c1) & 0xFFFF;
+ if (i == 0xFFFF)
+ break;
+ }
+ } else {
+ nsid->nsid_vtable = isc_mem_get(mctx, NSID_SHUFFLE_TABLE_SIZE *
+ (sizeof(isc_uint16_t)) );
+ if (nsid->nsid_vtable == NULL)
+ return (ISC_R_NOMEMORY);
+
+ for (i = 0; i < NSID_SHUFFLE_TABLE_SIZE; i++) {
+ nsid->nsid_vtable[i] = nsid->nsid_state;
+ nsid->nsid_state =
+ (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
+ nsid->nsid_c1) & 0xFFFF;
+ }
+ nsid->nsid_state2 = nsid->nsid_state;
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static void
+nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid) {
+ if (nsid->nsid_usepool)
+ isc_mem_put(mctx, nsid->nsid_pool,
+ 0x10000 * sizeof(isc_uint16_t));
+ else
+ isc_mem_put(mctx, nsid->nsid_vtable,
+ NSID_SHUFFLE_TABLE_SIZE * (sizeof(isc_uint16_t)) );
+ memset(nsid, 0, sizeof(*nsid));
+}
+
+void
+dns_dispatch_hash(void *data, size_t len) {
+ nsid_hash(data, len);
+}
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index 89c45734..2ed6c8dd 100644
--- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: db.h,v 1.67.2.4 2004/03/09 06:11:14 marka Exp $ */
+/* $Id: db.h,v 1.67.2.6 2007/03/06 02:10:58 tbox Exp $ */
#ifndef DNS_DB_H
#define DNS_DB_H 1
@@ -825,7 +825,7 @@ dns_db_attachnode(dns_db_t *db, dns_dbnode_t *source, dns_dbnode_t **targetp);
*
* 'source' is a valid node.
*
- * 'targetp' points to a NULL dns_node_t *.
+ * 'targetp' points to a NULL dns_dbnode_t *.
*
* Ensures:
*
diff --git a/lib/dns/include/dns/dispatch.h b/lib/dns/include/dns/dispatch.h
index 87f90460..74b95f89 100644
--- a/lib/dns/include/dns/dispatch.h
+++ b/lib/dns/include/dns/dispatch.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dispatch.h,v 1.45.2.3 2004/03/09 06:11:15 marka Exp $ */
+/* $Id: dispatch.h,v 1.45.2.5 2007/06/26 23:45:22 tbox Exp $ */
#ifndef DNS_DISPATCH_H
#define DNS_DISPATCH_H 1
@@ -415,6 +415,13 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event);
* event != NULL
*/
+void
+dns_dispatch_hash(void *data, size_t len);
+/*%<
+ * Feed 'data' to the dispatch query id generator where 'len' is the size
+ * of 'data'.
+ */
+
ISC_LANG_ENDDECLS
#endif /* DNS_DISPATCH_H */
diff --git a/lib/dns/include/dns/validator.h b/lib/dns/include/dns/validator.h
index 5e173f1a..3af3deac 100644
--- a/lib/dns/include/dns/validator.h
+++ b/lib/dns/include/dns/validator.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.h,v 1.18.2.1.24.1 2007/01/11 04:58:37 marka Exp $ */
+/* $Id: validator.h,v 1.18.2.3 2007/01/08 02:45:02 marka Exp $ */
#ifndef DNS_VALIDATOR_H
#define DNS_VALIDATOR_H 1
diff --git a/lib/dns/lookup.c b/lib/dns/lookup.c
index 56df98ac..70aad6b3 100644
--- a/lib/dns/lookup.c
+++ b/lib/dns/lookup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lookup.c,v 1.9.2.5 2006/01/04 23:50:17 marka Exp $ */
+/* $Id: lookup.c,v 1.9.2.7 2007/03/06 02:10:58 tbox Exp $ */
#include <config.h>
@@ -179,7 +179,7 @@ static void
lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
isc_result_t result;
isc_boolean_t want_restart;
- isc_boolean_t send_event = ISC_FALSE;
+ isc_boolean_t send_event;
dns_name_t *name, *fname, *prefix;
dns_fixedname_t foundname, fixed;
dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -199,6 +199,7 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
do {
lookup->restarts++;
want_restart = ISC_FALSE;
+ send_event = ISC_TRUE;
if (event == NULL && !lookup->canceled) {
dns_fixedname_init(&foundname);
@@ -206,6 +207,15 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
INSIST(!dns_rdataset_isassociated(&lookup->rdataset));
INSIST(!dns_rdataset_isassociated
(&lookup->sigrdataset));
+ /*
+ * If we have restarted then clear the old node. */
+ if (lookup->event->node != NULL) {
+ INSIST(lookup->event->db != NULL);
+ dns_db_detachnode(lookup->event->db,
+ &lookup->event->node);
+ }
+ if (lookup->event->db != NULL)
+ dns_db_detach(&lookup->event->db);
result = view_find(lookup, fname);
if (result == ISC_R_NOTFOUND) {
/*
@@ -220,8 +230,8 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
if (lookup->event->db != NULL)
dns_db_detach(&lookup->event->db);
result = start_fetch(lookup);
- if (result != ISC_R_SUCCESS)
- send_event = ISC_TRUE;
+ if (result == ISC_R_SUCCESS)
+ send_event = ISC_FALSE;
goto done;
}
} else if (event != NULL) {
@@ -242,7 +252,6 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
switch (result) {
case ISC_R_SUCCESS:
result = build_event(lookup);
- send_event = ISC_TRUE;
if (event == NULL)
break;
if (event->db != NULL)
@@ -267,8 +276,10 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
break;
result = dns_name_copy(&cname.cname, name, NULL);
dns_rdata_freestruct(&cname);
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
want_restart = ISC_TRUE;
+ send_event = ISC_FALSE;
+ }
break;
case DNS_R_DNAME:
namereln = dns_name_fullcompare(name, fname, &order,
@@ -299,8 +310,10 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) {
result = dns_name_concatenate(prefix, &dname.dname,
name, NULL);
dns_rdata_freestruct(&dname);
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
want_restart = ISC_TRUE;
+ send_event = ISC_FALSE;
+ }
break;
default:
send_event = ISC_TRUE;
@@ -371,7 +384,6 @@ levent_destroy(isc_event_t *event) {
isc_mem_put(mctx, event, event->ev_size);
}
-
isc_result_t
dns_lookup_create(isc_mem_t *mctx, dns_name_t *name, dns_rdatatype_t type,
dns_view_t *view, unsigned int options, isc_task_t *task,
diff --git a/lib/dns/master.c b/lib/dns/master.c
index 01cae359..1e3aae63 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: master.c,v 1.122.2.9 2004/03/09 06:11:03 marka Exp $ */
+/* $Id: master.c,v 1.122.2.14 2007/05/16 07:00:23 marka Exp $ */
#include <config.h>
@@ -242,7 +242,8 @@ loadctx_destroy(dns_loadctx_t *lctx);
#define MANYERRS(lctx, result) \
((result != ISC_R_SUCCESS) && \
- ((lctx)->options & DNS_MASTER_MANYERRORS) != 0)
+ (result != ISC_R_IOERROR) && \
+ ((lctx)->options & DNS_MASTER_MANYERRORS) != 0)
#define SETRESULT(lctx, r) \
do { \
@@ -1040,7 +1041,8 @@ load(dns_loadctx_t *lctx) {
isc_mem_free(mctx, gtype);
if (rhs != NULL)
isc_mem_free(mctx, rhs);
- /* range */
+ range = lhs = gtype = rhs = NULL;
+ /* RANGE */
GETTOKEN(lctx->lex, 0, &token, ISC_FALSE);
range = isc_mem_strdup(mctx,
token.value.as_pointer);
@@ -1242,7 +1244,7 @@ load(dns_loadctx_t *lctx) {
} else {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"%s:%lu: isc_lex_gettoken() returned "
- "unexpeced token type (%d)",
+ "unexpected token type (%d)",
source, line, token.type);
result = ISC_R_UNEXPECTED;
if (MANYERRS(lctx, result)) {
diff --git a/lib/dns/message.c b/lib/dns/message.c
index a19014df..9724d18b 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: message.c,v 1.194.2.20 2006/03/01 01:34:05 marka Exp $ */
+/* $Id: message.c,v 1.194.2.22 2007/05/15 23:45:26 tbox Exp $ */
/***
*** Imports
@@ -2939,8 +2939,7 @@ dns_message_sectiontotext(dns_message_t *msg, dns_section_t section,
ADD_STRING(target, ";; ");
if (msg->opcode != dns_opcode_update) {
ADD_STRING(target, sectiontext[section]);
- }
- else {
+ } else {
ADD_STRING(target, updsectiontext[section]);
}
ADD_STRING(target, " SECTION:\n");
@@ -3062,7 +3061,12 @@ dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
ADD_STRING(target, ";; ->>HEADER<<- opcode: ");
ADD_STRING(target, opcodetext[msg->opcode]);
ADD_STRING(target, ", status: ");
- ADD_STRING(target, rcodetext[msg->rcode]);
+ if (msg->rcode < (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
+ ADD_STRING(target, rcodetext[msg->rcode]);
+ } else {
+ snprintf(buf, sizeof(buf), "%4u", msg->rcode);
+ ADD_STRING(target, buf);
+ }
ADD_STRING(target, ", id: ");
sprintf(buf, "%6u", msg->id);
ADD_STRING(target, buf);
diff --git a/lib/dns/name.c b/lib/dns/name.c
index 99694492..2f868fb3 100644
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: name.c,v 1.127.2.14 2006/03/02 00:37:17 marka Exp $ */
+/* $Id: name.c,v 1.127.2.15 2006/12/07 07:02:47 marka Exp $ */
#include <config.h>
@@ -2347,17 +2347,19 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
{
unsigned char *cdata, *ndata;
unsigned int cused; /* Bytes of compressed name data used */
- unsigned int hops, nused, labels, n, nmax;
+ unsigned int nused, labels, n, nmax;
unsigned int current, new_current, biggest_pointer;
isc_boolean_t saw_bitstring, done;
fw_state state = fw_start;
unsigned int c;
unsigned char *offsets;
dns_offsets_t odata;
+ isc_boolean_t seen_pointer;
/*
* Copy the possibly-compressed name at source into target,
- * decompressing it.
+ * decompressing it. Loop prevention is performed by checking
+ * the new pointer against biggest_pointer.
*/
REQUIRE(VALID_NAME(name));
@@ -2389,12 +2391,12 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
* Set up.
*/
labels = 0;
- hops = 0;
saw_bitstring = ISC_FALSE;
done = ISC_FALSE;
ndata = isc_buffer_used(target);
nused = 0;
+ seen_pointer = ISC_FALSE;
/*
* Find the maximum number of uncompressed target name
@@ -2420,7 +2422,7 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
while (current < source->active && !done) {
c = *cdata++;
current++;
- if (hops == 0)
+ if (!seen_pointer)
cused++;
switch (state) {
@@ -2498,11 +2500,8 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
return (DNS_R_BADPOINTER);
biggest_pointer = new_current;
current = new_current;
- cdata = (unsigned char *)source->base +
- current;
- hops++;
- if (hops > DNS_POINTER_MAXHOPS)
- return (DNS_R_TOOMANYHOPS);
+ cdata = (unsigned char *)source->base + current;
+ seen_pointer = ISC_TRUE;
state = fw_start;
break;
default:
@@ -2541,7 +2540,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
* big enough buffer.
*/
return (ISC_R_NOSPACE);
-
}
isc_result_t
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index 6f3257a8..f49f20c4 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2001 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
@@ -18,7 +18,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.1.2.3 2006/03/02 00:37:17 marka Exp $
+ * $Id: openssldh_link.c,v 1.1.2.7 2007/01/08 05:57:37 marka Exp $
*/
#ifdef OPENSSL
@@ -127,81 +127,11 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_TRUE);
}
-#ifndef HAVE_DH_GENERATE_PARAMETERS
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-static DH *
-DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int,int,void *), void *cb_arg)
-{
- BN_GENCB cb;
- DH *dh = NULL;
-
- dh = DH_new();
- if (dh != NULL) {
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if (DH_generate_parameters_ex(dh, prime_len, generator, &cb))
- return (dh);
- DH_free(dh);
- }
- return (NULL);
-}
-#endif
-
static isc_result_t
openssldh_generate(dst_key_t *key, int generator) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ BN_GENCB cb;
+#endif
DH *dh = NULL;
if (generator == 0) {
@@ -219,9 +149,24 @@ openssldh_generate(dst_key_t *key, int generator) {
generator = 2;
}
- if (generator != 0)
+ if (generator != 0) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ dh = DH_new();
+ if (dh == NULL)
+ return (DST_R_OPENSSLFAILURE);
+
+ BN_GENCB_set_old(&cb, NULL, NULL);
+
+ if (!DH_generate_parameters_ex(dh, key->key_size, generator,
+ &cb)) {
+ DH_free(dh);
+ return (DST_R_OPENSSLFAILURE);
+ }
+#else
dh = DH_generate_parameters(key->key_size, generator,
NULL, NULL);
+#endif
+ }
if (dh == NULL)
return (DST_R_OPENSSLFAILURE);
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c
index 94c885ef..d14523ae 100644
--- a/lib/dns/openssldsa_link.c
+++ b/lib/dns/openssldsa_link.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2001 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: openssldsa_link.c,v 1.1.2.3 2006/03/02 00:37:17 marka Exp $ */
+/* $Id: openssldsa_link.c,v 1.1.2.8 2007/01/08 05:57:37 marka Exp $ */
#ifdef OPENSSL
@@ -168,85 +168,11 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
return (ISC_TRUE);
}
-#ifndef HAVE_DSA_GENERATE_PARAMETERS
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-static DSA *
-DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *),
- void *cb_arg)
-{
- BN_GENCB cb;
- DSA *dsa;
-
- dsa = DSA_new();
- if (dsa != NULL) {
-
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if (DSA_generate_parameters_ex(dsa, bits, seed_in, seed_len,
- counter_ret, h_ret, &cb))
- return (dsa);
- DSA_free(dsa);
- }
- return (NULL);
-}
-#endif
-
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ BN_GENCB cb;
+#endif
DSA *dsa;
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_result_t result;
@@ -258,12 +184,27 @@ openssldsa_generate(dst_key_t *key, int unused) {
if (result != ISC_R_SUCCESS)
return (result);
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ dsa = DSA_new();
+ if (dsa == NULL)
+ return (DST_R_OPENSSLFAILURE);
+
+ BN_GENCB_set_old(&cb, NULL, NULL);
+
+ if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
+ ISC_SHA1_DIGESTLENGTH, NULL, NULL,
+ &cb)) {
+ DSA_free(dsa);
+ return (DST_R_OPENSSLFAILURE);
+ }
+#else
dsa = DSA_generate_parameters(key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
NULL, NULL);
if (dsa == NULL)
return (DST_R_OPENSSLFAILURE);
+#endif
if (DSA_generate_key(dsa) == 0) {
DSA_free(dsa);
@@ -284,7 +225,7 @@ openssldsa_isprivate(const dst_key_t *key) {
static isc_boolean_t
openssldsa_issymmetric(void) {
- return (ISC_FALSE);
+ return (ISC_FALSE);
}
static void
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index cdb12259..b8297e07 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.168.2.26 2006/03/02 23:16:56 marka Exp $ */
+/* $Id: rbtdb.c,v 1.168.2.28 2007/02/06 00:01:22 marka Exp $ */
/*
* Principal Author: Bob Halley
@@ -69,6 +69,14 @@
#ifdef DNS_RBTDB_VERSION64
typedef isc_uint64_t rbtdb_serial_t;
+/*%
+ * Make casting easier in symbolic debuggers by using different names
+ * for the 64 bit version.
+ */
+#define dns_rbtdb_t dns_rbtdb64_t
+#define rdatasetheader_t rdatasetheader64_t
+#define rbtdb_version_t rbtdb_version64_t
+#define rbtdb_search_t rbtdb_search64_t
#else
typedef isc_uint32_t rbtdb_serial_t;
#endif
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index b87d3183..c00dc159 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resolver.c,v 1.218.2.46.6.1 2007/01/11 04:58:37 marka Exp $ */
+/* $Id: resolver.c,v 1.218.2.50 2007/06/18 02:46:22 marka Exp $ */
#include <config.h>
@@ -218,7 +218,7 @@ struct fetchctx {
#define ADDRWAIT(f) (((f)->attributes & FCTX_ATTR_ADDRWAIT) != \
0)
#define SHUTTINGDOWN(f) (((f)->attributes & FCTX_ATTR_SHUTTINGDOWN) \
- != 0)
+ != 0)
#define WANTCACHE(f) (((f)->attributes & FCTX_ATTR_WANTCACHE) != 0)
#define WANTNCACHE(f) (((f)->attributes & FCTX_ATTR_WANTNCACHE) != 0)
#define NEEDEDNS0(f) (((f)->attributes & FCTX_ATTR_NEEDEDNS0) != 0)
@@ -283,6 +283,8 @@ struct dns_resolver {
#define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
+#define dns_db_transfernode(a,b,c) do { (*c) = (*b); (*b) = NULL; } while (0)
+
static void destroy(dns_resolver_t *res);
static void empty_bucket(dns_resolver_t *res);
static isc_result_t resquery_send(resquery_t *query);
@@ -495,7 +497,7 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
dns_adbaddrinfo_t *addrinfo;
factor = DNS_ADB_RTTADJAGE;
- for (find = ISC_LIST_HEAD(fctx->finds);
+ for (find = ISC_LIST_HEAD(fctx->finds);
find != NULL;
find = ISC_LIST_NEXT(find, publink))
for (addrinfo = ISC_LIST_HEAD(find->list);
@@ -626,6 +628,15 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result) {
dns_rdataset_isassociated(event->rdataset) ||
fctx->type == dns_rdatatype_any ||
fctx->type == dns_rdatatype_sig);
+
+ /*
+ * Negative results must be indicated in event->result.
+ */
+ if (dns_rdataset_isassociated(event->rdataset) &&
+ event->rdataset->type == dns_rdatatype_none) {
+ INSIST(event->result == DNS_R_NCACHENXDOMAIN ||
+ event->result == DNS_R_NCACHENXRRSET);
+ }
isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
}
@@ -2498,7 +2509,7 @@ is_lame(fetchctx_t *fctx) {
if (rdataset->type != dns_rdatatype_ns)
continue;
namereln = dns_name_fullcompare(name, &fctx->domain,
- &order, &labels, &bits);
+ &order, &labels, &bits);
if (namereln == dns_namereln_equal &&
(message->flags & DNS_MESSAGEFLAG_AA) != 0)
return (ISC_FALSE);
@@ -2828,6 +2839,7 @@ validated(isc_task_t *task, isc_event_t *event) {
* If we only deferred the destroy because we wanted to cache
* the data, destroy now.
*/
+ dns_db_detachnode(fctx->cache, &node);
if (SHUTTINGDOWN(fctx))
maybe_destroy(fctx);
@@ -2843,6 +2855,7 @@ validated(isc_task_t *task, isc_event_t *event) {
* more rdatasets that still need to
* be validated.
*/
+ dns_db_detachnode(fctx->cache, &node);
dns_validator_send(ISC_LIST_HEAD(fctx->validators));
goto cleanup_event;
}
@@ -2862,8 +2875,7 @@ validated(isc_task_t *task, isc_event_t *event) {
dns_name_copy(vevent->name,
dns_fixedname_name(&hevent->foundname), NULL);
dns_db_attach(fctx->cache, &hevent->db);
- hevent->node = node;
- node = NULL;
+ dns_db_transfernode(fctx->cache, &node, &hevent->node);
clone_results(fctx);
}
@@ -2874,6 +2886,7 @@ validated(isc_task_t *task, isc_event_t *event) {
fctx_done(fctx, result);
cleanup_event:
+ INSIST(node == NULL);
isc_event_free(&event);
}
@@ -3115,7 +3128,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
}
if (rdataset->trust == dns_trust_glue &&
(rdataset->type == dns_rdatatype_ns ||
- (rdataset->type == dns_rdatatype_sig &&
+ (rdataset->type == dns_rdatatype_sig &&
rdataset->covers == dns_rdatatype_ns))) {
/*
* If the trust level is 'dns_trust_glue'
@@ -3180,8 +3193,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
if (event != NULL) {
event->result = eresult;
dns_db_attach(fctx->cache, adbp);
- *anodep = node;
- node = NULL;
+ dns_db_transfernode(fctx->cache, &node, anodep);
clone_results(fctx);
}
}
@@ -3412,8 +3424,7 @@ ncache_message(fetchctx_t *fctx, dns_rdatatype_t covers, isc_stdtime_t now) {
if (event != NULL) {
event->result = eresult;
dns_db_attach(fctx->cache, adbp);
- *anodep = node;
- node = NULL;
+ dns_db_transfernode(fctx->cache, &node, anodep);
clone_results(fctx);
}
}
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
index c810cd42..32941823 100644
--- a/lib/dns/sdb.c
+++ b/lib/dns/sdb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sdb.c,v 1.35.2.6 2004/07/22 04:04:41 marka Exp $ */
+/* $Id: sdb.c,v 1.35.2.8 2006/12/07 23:57:55 marka Exp $ */
#include <config.h>
@@ -875,7 +875,8 @@ find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
xresult = dns_name_copy(xname, foundname, NULL);
if (xresult != ISC_R_SUCCESS) {
- destroynode(node);
+ if (node != NULL)
+ destroynode(node);
if (dns_rdataset_isassociated(rdataset))
dns_rdataset_disassociate(rdataset);
return (DNS_R_BADDB);
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 508da312..ba007a0e 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.91.2.12.6.1 2007/01/11 04:58:37 marka Exp $ */
+/* $Id: validator.c,v 1.91.2.14 2007/01/08 02:45:02 marka Exp $ */
#include <config.h>
diff --git a/lib/dns/view.c b/lib/dns/view.c
index 1a2798bd..33842f72 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: view.c,v 1.103.2.10 2004/03/09 06:11:10 marka Exp $ */
+/* $Id: view.c,v 1.103.2.12 2007/03/06 02:10:58 tbox Exp $ */
#include <config.h>
@@ -660,6 +660,7 @@ dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
REQUIRE(view->frozen);
REQUIRE(type != dns_rdatatype_sig);
REQUIRE(rdataset != NULL); /* XXXBEW - remove this */
+ REQUIRE(nodep == NULL || *nodep == NULL);
/*
* Initialize.
diff --git a/lib/dns/win32/DLLMain.c b/lib/dns/win32/DLLMain.c
index aa05e28f..01663ce7 100644
--- a/lib/dns/win32/DLLMain.c
+++ b/lib/dns/win32/DLLMain.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,13 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: DLLMain.c,v 1.3.2.1 2004/03/09 06:11:43 marka Exp $ */
+/* $Id: DLLMain.c,v 1.3.2.3 2007/06/18 23:45:27 tbox Exp $ */
#include <windows.h>
#include <signal.h>
-BOOL InitSockets(void);
-
/*
* Called when we enter the DLL
*/
diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def
index f712810a..f9b8022e 100644
--- a/lib/dns/win32/libdns.def
+++ b/lib/dns/win32/libdns.def
@@ -1,724 +1,705 @@
-LIBRARY libdns
-
-; Exported Functions
-EXPORTS
-
-dns_a6_init
-dns_a6_reset
-dns_a6_invalidate
-dns_a6_copy
-dns_a6_foreach
-dns_acl_create
-dns_acl_appendelement
-dns_acl_any
-dns_acl_none
-dns_acl_attach
-dns_acl_detach
-dns_aclelement_equal
-dns_acl_equal
-dns_acl_isinsecure
-dns_aclenv_init
-dns_aclenv_copy
-dns_aclenv_destroy
-dns_acl_match
-dns_aclelement_match
-dns_adb_create
-dns_adb_attach
-dns_adb_detach
-dns_adb_whenshutdown
-dns_adb_shutdown
-dns_adb_createfind
-dns_adb_cancelfind
-dns_adb_destroyfind
-dns_adb_dump
-dns_adb_dumpfind
-dns_adb_marklame
-dns_adb_adjustsrtt
-dns_adb_changeflags
-dns_adb_findaddrinfo
-dns_adb_freeaddrinfo
-dns_adb_flush
-dns_byaddr_create
-dns_byaddr_cancel
-dns_byaddr_destroy
-dns_byaddr_createptrname
-dns_byaddr_createptrname2
-dns_cache_create
-dns_cache_attach
-dns_cache_detach
-dns_cache_attachdb
-dns_cache_setfilename
-dns_cache_load
-dns_cache_dump
-dns_cache_clean
-dns_cache_setcleaninginterval
-dns_cache_setcachesize
-dns_cache_flush
-dns_rdatacallbacks_init
-dns_rdatacallbacks_init_stdio
-dns_cert_fromtext
-dns_cert_totext
-dns_compress_init
-dns_compress_invalidate
-dns_compress_setmethods
-dns_compress_getmethods
-dns_compress_getedns
-dns_compress_findglobal
-dns_compress_add
-dns_compress_rollback
-dns_decompress_init
-dns_decompress_invalidate
-dns_decompress_setmethods
-dns_decompress_getmethods
-dns_decompress_edns
-dns_decompress_type
-dns_db_create
-dns_db_attach
-dns_db_detach
-dns_db_ondestroy
-dns_db_iscache
-dns_db_iszone
-dns_db_isstub
-dns_db_issecure
-dns_db_origin
-dns_db_class
-dns_db_beginload
-dns_db_endload
-dns_db_load
-dns_db_dump
-dns_db_currentversion
-dns_db_newversion
-dns_db_attachversion
-dns_db_closeversion
-dns_db_findnode
-dns_db_find
-dns_db_findzonecut
-dns_db_attachnode
-dns_db_detachnode
-dns_db_expirenode
-dns_db_printnode
-dns_db_createiterator
-dns_db_findrdataset
-dns_db_allrdatasets
-dns_db_addrdataset
-dns_db_subtractrdataset
-dns_db_deleterdataset
-dns_db_getsoaserial
-dns_db_overmem
-dns_db_nodecount
-dns_db_ispersistent
-dns_db_register
-dns_db_unregister
-dns_dbiterator_destroy
-dns_dbiterator_first
-dns_dbiterator_last
-dns_dbiterator_seek
-dns_dbiterator_prev
-dns_dbiterator_next
-dns_dbiterator_current
-dns_dbiterator_pause
-dns_dbiterator_origin
-dns_dbiterator_setcleanmode
-dns_dbtable_create
-dns_dbtable_attach
-dns_dbtable_detach
-dns_dbtable_add
-dns_dbtable_remove
-dns_dbtable_adddefault
-dns_dbtable_getdefault
-dns_dbtable_removedefault
-dns_dbtable_find
-
-dns_difftuple_create
-dns_difftuple_free
-dns_difftuple_copy
-dns_diff_init
-dns_diff_clear
-dns_diff_append
-dns_diff_appendminimal
-dns_diff_sort
-dns_diff_apply
-dns_diff_load
-dns_diff_print
-dns_dispatchmgr_create
-dns_dispatchmgr_destroy
-dns_dispatchmgr_setblackhole
-dns_dispatchmgr_getblackhole
-dns_dispatch_getudp
-dns_dispatch_createtcp
-dns_dispatch_attach
-dns_dispatch_detach
-dns_dispatch_starttcp
-dns_dispatch_addresponse
-dns_dispatch_removeresponse
-dns_dispatch_getsocket
-dns_dispatch_getlocaladdress
-dns_dispatch_cancel
-dns_dispatch_changeattributes
-dns_dispatch_importrecv
-dns_dnssec_keyfromrdata
-dns_dnssec_sign
-dns_dnssec_verify
-dns_dnssec_findzonekeys
-dns_dnssec_signmessage
-dns_dnssec_verifymessage
-dns_fwdtable_create
-dns_fwdtable_add
-dns_fwdtable_find
-dns_fwdtable_destroy
-dns_db_createsoatuple
-dns_journal_open
-dns_journal_destroy
-dns_journal_begin_transaction
-dns_journal_writediff
-dns_journal_commit
-dns_journal_writediff
-dns_journal_write_transaction
-dns_diff_sort
-dns_journal_writediff
-dns_journal_first_serial
-dns_journal_last_serial
-dns_journal_iter_init
-dns_journal_first_rr
-dns_journal_next_rr
-dns_journal_iter_init
-dns_journal_current_rr
-dns_journal_rollforward
-dns_journal_print
-dns_db_diff
-dns_keyflags_fromtext
-dns_keytable_create
-dns_keytable_attach
-dns_keytable_detach
-dns_keytable_add
-dns_keytable_findkeynode
-dns_keytable_findnextkeynode
-dns_keytable_finddeepestmatch
-dns_keytable_detachkeynode
-dns_keytable_issecuredomain
-dns_keynode_key
-dns_lib_initmsgcat
-dns_log_init
-dns_log_setcontext
-dns_lookup_create
-dns_lookup_cancel
-dns_lookup_destroy
-dns_master_loadfile
-dns_master_loadstream
-dns_master_loadbuffer
-dns_master_loadfileinc
-dns_master_loadstreaminc
-dns_master_loadbufferinc
-dns_loadctx_detach
-dns_loadctx_attach
-dns_loadctx_cancel
-dns_master_dumptostream
-dns_master_dump
-dns_master_rdatasettotext
-dns_master_questiontotext
-dns_rdataset_towire
-dns_master_dumpnodetostream
-dns_master_dumpnode
-dns_message_gettempname
-dns_message_create
-dns_message_reset
-dns_message_destroy
-dns_message_sectiontotext
-dns_message_pseudosectiontotext
-dns_message_totext
-dns_message_parse
-dns_message_firstname
-dns_message_renderbegin
-dns_message_renderend
-dns_message_renderchangebuffer
-dns_message_renderend
-dns_message_renderreserve
-dns_message_renderrelease
-dns_message_rendersection
-dns_message_renderheader
-dns_message_renderend
-dns_message_renderend
-dns_message_renderreset
-dns_message_firstname
-dns_message_nextname
-dns_message_currentname
-dns_message_find
-dns_message_findname
-dns_message_findtype
-dns_message_movename
-dns_message_addname
-dns_message_gettempname
-dns_message_gettempoffsets
-dns_message_gettemprdata
-dns_message_gettemprdataset
-dns_message_gettemprdatalist
-dns_message_puttempname
-dns_message_puttemprdata
-dns_message_puttemprdataset
-dns_message_puttemprdatalist
-dns_message_peekheader
-dns_message_reply
-dns_message_getopt
-dns_message_setopt
-dns_message_gettsig
-dns_message_settsigkey
-dns_message_gettsigkey
-dns_message_setquerytsig
-dns_message_getquerytsig
-dns_message_getsig0
-dns_message_setsig0key
-dns_message_getsig0key
-dns_message_takebuffer
-dns_message_signer
-dns_message_checksig
-dns_message_getrawmessage
-dns_message_setsortorder
-dns_message_rendersection
-dns_message_settimeadjust
-dns_message_gettimeadjust
-dns_label_type
-dns_label_countbits
-dns_label_getbit
-dns_name_init
-dns_name_reset
-dns_name_invalidate
-dns_name_setbuffer
-dns_name_hasbuffer
-dns_name_isabsolute
-dns_name_iswildcard
-dns_name_requiresedns
-dns_name_hash
-dns_name_fullcompare
-dns_name_compare
-dns_name_equal
-dns_name_rdatacompare
-dns_name_issubdomain
-dns_name_matcheswildcard
-dns_name_depth
-dns_name_countlabels
-dns_name_getlabel
-dns_name_getlabelsequence
-dns_name_clone
-dns_name_fromregion
-dns_name_toregion
-dns_name_fromwire
-dns_name_towire
-dns_name_fromtext
-dns_name_totext
-dns_name_tofilenametext
-dns_name_downcase
-dns_name_concatenate
-dns_name_split
-dns_name_splitatdepth
-dns_name_dup
-dns_name_dupwithoffsets
-dns_name_free
-dns_name_digest
-dns_name_dynamic
-dns_name_print
-dns_name_format
-dns_name_copy
-dns_ncache_add
-dns_ncache_towire
-dns_nxt_buildrdata
-dns_nxt_build
-dns_nxt_typepresent
-dns_soa_getserial
-dns_soa_setserial
-dns_soa_getminimum
-dns_peerlist_new
-dns_peerlist_attach
-dns_peerlist_detach
-dns_peerlist_addpeer
-dns_peerlist_peerbyaddr
-dns_peerlist_currpeer
-dns_peer_new
-dns_peer_attach
-dns_peer_detach
-dns_peer_setbogus
-dns_peer_getbogus
-
-
-dns_peer_setrequestixfr
-dns_peer_getrequestixfr
-dns_peer_setprovideixfr
-dns_peer_getprovideixfr
-dns_peer_setsupportedns
-dns_peer_getsupportedns
-dns_peer_settransfers
-dns_peer_gettransfers
-dns_peer_settransferformat
-dns_peer_gettransferformat
-dns_peer_setkeybycharp
-dns_peer_getkey
-dns_peer_setkey
-dns_name_concatenate
-dns_name_totext
-dns_rbt_create
-dns_rbt_addname
-dns_rbt_addnode
-dns_rbt_findname
-dns_rbt_findnode
-dns_rbt_deletename
-dns_rbt_deletenode
-dns_rbt_namefromnode
-dns_rbt_fullnamefromnode
-dns_rbt_formatnodename
-dns_rbt_nodecount
-dns_rbt_destroy
-dns_rbt_printall
-dns_rbtnodechain_init
-dns_rbtnodechain_reset
-dns_rbtnodechain_invalidate
-dns_rbtnodechain_current
-dns_rbtnodechain_first
-dns_rbtnodechain_last
-dns_rbtnodechain_prev
-dns_rbtnodechain_next
-dns_rcode_fromtext
-dns_rcode_totext
-dns_tsigrcode_fromtext
-dns_tsigrcode_totext
-dns_rdata_init
-dns_rdata_reset
-dns_rdata_clone
-dns_rdata_compare
-dns_rdata_fromregion
-dns_rdata_toregion
-dns_rdata_fromwire
-dns_rdata_towire
-dns_rdata_fromtext
-
-dns_rdata_totext
-dns_rdata_tofmttext
-dns_rdata_fromstruct
-dns_rdata_tostruct
-dns_rdata_freestruct
-dns_rdatatype_ismeta
-dns_rdatatype_issingleton
-dns_rdataclass_ismeta
-dns_rdatatype_isdnssec
-dns_rdatatype_iszonecutauth
-dns_rdatatype_isknown
-dns_rdata_additionaldata
-dns_rdata_digest
-dns_rdatatype_questiononly
-dns_rdatatype_notquestion
-dns_rdatatype_attributes
-dns_rdata_covers
-dns_rdataclass_fromtext
-dns_rdataclass_totext
-dns_rdataclass_format
-dns_rdatalist_init
-dns_rdatalist_tordataset
-dns_rdataset_init
-dns_rdataset_invalidate
-dns_rdataset_disassociate
-dns_rdataset_isassociated
-dns_rdataset_makequestion
-dns_rdataset_clone
-dns_rdataset_count
-dns_rdataset_first
-dns_rdataset_next
-dns_rdataset_current
-dns_rdataset_totext
-dns_rdataset_towire
-dns_rdataset_towiresorted
-dns_rdataset_additionaldata
-dns_rdatasetiter_destroy
-dns_rdatasetiter_first
-dns_rdatasetiter_next
-dns_rdatasetiter_current
-dns_rdataslab_fromrdataset
-dns_rdataslab_size
-dns_rdataslab_merge
-dns_rdataslab_subtract
-dns_rdataslab_equal
-dns_rdatatype_fromtext
-dns_rdatatype_totext
-dns_rdatatype_format
-dns_requestmgr_create
-dns_requestmgr_whenshutdown
-dns_requestmgr_shutdown
-dns_requestmgr_attach
-dns_requestmgr_detach
-dns_request_create
-dns_request_createvia
-dns_request_createraw
-dns_request_cancel
-dns_request_getresponse
-dns_request_usedtcp
-dns_request_destroy
-dns_resolver_createfetch
-dns_resolver_create
-dns_resolver_freeze
-dns_resolver_prime
-dns_resolver_whenshutdown
-dns_resolver_shutdown
-dns_resolver_attach
-dns_resolver_detach
-dns_resolver_createfetch
-dns_resolver_cancelfetch
-dns_resolver_destroyfetch
-dns_resolver_dispatchmgr
-dns_resolver_dispatchv4
-dns_resolver_dispatchv6
-dns_resolver_socketmgr
-dns_resolver_taskmgr
-dns_resolver_getlamettl
-dns_resolver_setlamettl
-dns_result_totext
-dns_result_register
-dns_result_torcode
-dns_rootns_create
-dns_sdb_register
-dns_sdb_unregister
-dns_sdb_putrr
-dns_sdb_putnamedrr
-dns_sdb_putsoa
-dns_secalg_fromtext
-dns_secalg_totext
-dns_secproto_fromtext
-dns_secproto_totext
-dns_ssutable_create
-dns_ssutable_attach
-dns_ssutable_detach
-dns_ssutable_addrule
-dns_ssutable_checkrules
-dns_stats_alloccounters
-dns_stats_freecounters
-dns_tcpmsg_init
-dns_tcpmsg_setmaxsize
-dns_tcpmsg_readmessage
-dns_tcpmsg_cancelread
-dns_tcpmsg_keepbuffer
-dns_tcpmsg_invalidate
-dns_time64_fromtext
-dns_time32_fromtext
-dns_time64_totext
-dns_time32_totext
-dns_timer_setidle
-dns_tkeyctx_create
-dns_tkeyctx_destroy
-dns_tkey_processquery
-dns_tkey_builddhquery
-dns_tkey_buildgssquery
-dns_tkey_builddeletequery
-dns_tkey_processdhresponse
-dns_tkey_processgssresponse
-dns_tkey_processdeleteresponse
-dns_tsigkey_create
-dns_tsigkey_createfromkey
-dns_tsigkey_attach
-dns_tsigkey_detach
-dns_tsigkey_setdeleted
-dns_tsig_sign
-dns_tsig_verify
-dns_tsigkey_find
-dns_tsigkeyring_create
-dns_tsigkeyring_destroy
-dns_ttl_totext
-dns_counter_fromtext
-dns_ttl_fromtext
-dns_validator_create
-dns_validator_cancel
-dns_validator_destroy
-dns_view_create
-dns_view_attach
-dns_view_detach
-dns_view_flushanddetach
-dns_view_weakattach
-dns_view_weakdetach
-dns_view_createresolver
-dns_view_setcache
-dns_view_sethints
-dns_view_setkeyring
-dns_view_setdstport
-dns_view_addzone
-dns_view_freeze
-dns_view_find
-dns_view_simplefind
-dns_view_findzonecut
-dns_viewlist_find
-dns_view_findzone
-dns_view_load
-dns_view_loadnew
-dns_view_gettsig
-dns_view_getpeertsig
-dns_view_checksig
-dns_view_dialup
-dns_view_dumpdbtostream
-dns_view_flushcache
-dns_view_isdelegationonly
-dns_view_adddelegationonly
-dns_view_excludedelegationonly
-dns_view_setrootdelonly
-dns_view_getrootdelonly
-dns_xfrin_create
-dns_xfrin_shutdown
-dns_xfrin_detach
-dns_xfrin_attach
-dns_zone_create
-dns_zone_setclass
-dns_zone_getclass
-dns_zone_settype
-dns_zone_setview
-dns_zone_getview
-dns_zone_setorigin
-dns_zone_getorigin
-dns_zone_setfile
-dns_zone_getfile
-dns_zone_load
-dns_zone_attach
-dns_zone_detach
-dns_zone_iattach
-dns_zone_idetach
-dns_zone_setflag
-dns_zone_getdb
-dns_zone_setdbtype
-dns_zone_markdirty
-dns_zone_expire
-dns_zone_refresh
-dns_zone_flush
-dns_zone_dump
-dns_zone_dumptostream
-dns_zone_maintenance
-dns_zone_setmasters
-dns_zone_setmasterswithkeys
-dns_zone_setmasters
-dns_zone_setalsonotify
-dns_zone_unload
-dns_zone_setoption
-
-dns_zone_getoptions
-dns_zone_setminrefreshtime
-dns_zone_setmaxrefreshtime
-dns_zone_setminretrytime
-dns_zone_setmaxretrytime
-dns_zone_setxfrsource4
-dns_zone_getxfrsource4
-dns_zone_setxfrsource6
-dns_zone_getxfrsource6
-dns_zone_setnotifysrc4
-dns_zone_getnotifysrc4
-dns_zone_setnotifysrc6
-dns_zone_getnotifysrc6
-dns_zone_setnotifyacl
-dns_zone_setqueryacl
-dns_zone_setupdateacl
-dns_zone_setforwardacl
-dns_zone_setxfracl
-dns_zone_getnotifyacl
-dns_zone_getqueryacl
-dns_zone_getupdateacl
-dns_zone_getforwardacl
-dns_zone_getxfracl
-dns_zone_clearupdateacl
-dns_zone_clearforwardacl
-dns_zone_clearnotifyacl
-dns_zone_clearqueryacl
-dns_zone_clearxfracl
-dns_zone_setchecknames
-dns_zone_getchecknames
-dns_zone_setjournalsize
-dns_zone_getjournalsize
-dns_zone_notifyreceive
-dns_zone_setmaxxfrin
-dns_zone_getmaxxfrin
-dns_zone_setmaxxfrout
-dns_zone_getmaxxfrout
-dns_zone_setjournal
-dns_zone_getjournal
-dns_zone_gettype
-dns_zone_settask
-dns_zone_gettask
-dns_zone_notify
-dns_zone_replacedb
-dns_zone_getidlein
-dns_zone_setidlein
-dns_zone_getidleout
-dns_zone_setidleout
-dns_zone_getssutable
-dns_zone_setssutable
-dns_zone_getmctx
-dns_zone_getmgr
-dns_zone_setsigvalidityinterval
-dns_zone_getsigvalidityinterval
-dns_zone_setnotifytype
-dns_zone_forwardupdate
-dns_zone_next
-dns_zone_first
-dns_zonemgr_create
-dns_zonemgr_managezone
-dns_zonemgr_forcemaint
-dns_zonemgr_shutdown
-dns_zonemgr_attach
-dns_zonemgr_detach
-dns_zonemgr_releasezone
-dns_zonemgr_settransfersin
-dns_zonemgr_getttransfersin
-dns_zonemgr_settransfersperns
-dns_zonemgr_getttransfersperns
-dns_zonemgr_setiolimit
-dns_zonemgr_getiolimit
-dns_zonemgr_setserialqueryrate
-dns_zonemgr_getserialqueryrate
-dns_zonemgr_getcount
-dns_zone_forcereload
-dns_zone_isforced
-dns_zone_setstatistics
-dns_zone_getstatscounters
-dns_zone_dialup
-dns_zone_setdialup
-dns_zone_log
-dns_zonekey_iszonekey
-dns_zt_create
-dns_zt_mount
-dns_zt_unmount
-dns_zt_find
-dns_zt_detach
-dns_zt_flushanddetach
-dns_zt_attach
-dns_zt_load
-dns_zt_apply
-dst_lib_init
-dst_lib_destroy
-dst_algorithm_supported
-dst_context_create
-dst_context_destroy
-dst_context_adddata
-dst_context_sign
-dst_context_verify
-dst_key_computesecret
-dst_key_fromfile
-dst_key_fromnamedfile
-dst_key_tofile
-dst_key_fromdns
-dst_key_todns
-dst_key_frombuffer
-dst_key_tobuffer
-dst_key_fromgssapi
-dst_key_generate
-dst_key_compare
-dst_key_paramcompare
-dst_key_free
-dst_key_name
-dst_key_size
-dst_key_proto
-dst_key_alg
-dst_key_flags
-dst_key_id
-dst_key_class
-dst_key_isprivate
-dst_key_iszonekey
-dst_key_isnullkey
-dst_key_buildfilename
-dst_key_sigsize
-dst_key_secretsize
-dst_region_computeid
-dst_gssapi_acquirecred
-dst_gssapi_initctx
-dst_gssapi_acceptctx
-dst_lib_initmsgcat
-dst_result_totext
-dst_result_register
+LIBRARY libdns
+
+; Exported Functions
+EXPORTS
+
+dns_a6_copy
+dns_a6_foreach
+dns_a6_init
+dns_a6_invalidate
+dns_a6_reset
+dns_acl_any
+dns_acl_appendelement
+dns_acl_attach
+dns_acl_create
+dns_acl_detach
+dns_acl_equal
+dns_acl_isinsecure
+dns_acl_match
+dns_acl_none
+dns_aclelement_equal
+dns_aclelement_match
+dns_aclenv_copy
+dns_aclenv_destroy
+dns_aclenv_init
+dns_adb_adjustsrtt
+dns_adb_attach
+dns_adb_cancelfind
+dns_adb_changeflags
+dns_adb_create
+dns_adb_createfind
+dns_adb_destroyfind
+dns_adb_detach
+dns_adb_dump
+dns_adb_dumpfind
+dns_adb_findaddrinfo
+dns_adb_flush
+dns_adb_freeaddrinfo
+dns_adb_marklame
+dns_adb_shutdown
+dns_adb_whenshutdown
+dns_byaddr_cancel
+dns_byaddr_create
+dns_byaddr_createptrname
+dns_byaddr_createptrname2
+dns_byaddr_destroy
+dns_cache_attach
+dns_cache_attachdb
+dns_cache_clean
+dns_cache_create
+dns_cache_detach
+dns_cache_dump
+dns_cache_flush
+dns_cache_load
+dns_cache_setcachesize
+dns_cache_setcleaninginterval
+dns_cache_setfilename
+dns_cert_fromtext
+dns_cert_totext
+dns_compress_add
+dns_compress_findglobal
+dns_compress_getedns
+dns_compress_getmethods
+dns_compress_init
+dns_compress_invalidate
+dns_compress_rollback
+dns_compress_setmethods
+dns_counter_fromtext
+dns_db_addrdataset
+dns_db_allrdatasets
+dns_db_attach
+dns_db_attachnode
+dns_db_attachversion
+dns_db_beginload
+dns_db_class
+dns_db_closeversion
+dns_db_create
+dns_db_createiterator
+dns_db_createsoatuple
+dns_db_currentversion
+dns_db_deleterdataset
+dns_db_detach
+dns_db_detachnode
+dns_db_diff
+dns_db_dump
+dns_db_endload
+dns_db_expirenode
+dns_db_find
+dns_db_findnode
+dns_db_findrdataset
+dns_db_findzonecut
+dns_db_getsoaserial
+dns_db_iscache
+dns_db_ispersistent
+dns_db_issecure
+dns_db_isstub
+dns_db_iszone
+dns_db_load
+dns_db_newversion
+dns_db_nodecount
+dns_db_ondestroy
+dns_db_origin
+dns_db_overmem
+dns_db_printnode
+dns_db_register
+dns_db_subtractrdataset
+dns_db_unregister
+dns_dbiterator_current
+dns_dbiterator_destroy
+dns_dbiterator_first
+dns_dbiterator_last
+dns_dbiterator_next
+dns_dbiterator_origin
+dns_dbiterator_pause
+dns_dbiterator_prev
+dns_dbiterator_seek
+dns_dbiterator_setcleanmode
+dns_dbtable_add
+dns_dbtable_adddefault
+dns_dbtable_attach
+dns_dbtable_create
+dns_dbtable_detach
+dns_dbtable_find
+dns_dbtable_getdefault
+dns_dbtable_remove
+dns_dbtable_removedefault
+dns_decompress_edns
+dns_decompress_getmethods
+dns_decompress_init
+dns_decompress_invalidate
+dns_decompress_setmethods
+dns_decompress_type
+dns_diff_append
+dns_diff_appendminimal
+dns_diff_apply
+dns_diff_clear
+dns_diff_init
+dns_diff_load
+dns_diff_print
+dns_diff_sort
+dns_difftuple_copy
+dns_difftuple_create
+dns_difftuple_free
+dns_dispatch_addresponse
+dns_dispatch_attach
+dns_dispatch_cancel
+dns_dispatch_changeattributes
+dns_dispatch_createtcp
+dns_dispatch_detach
+dns_dispatch_getlocaladdress
+dns_dispatch_getsocket
+dns_dispatch_getudp
+dns_dispatch_hash
+dns_dispatch_importrecv
+dns_dispatch_removeresponse
+dns_dispatch_starttcp
+dns_dispatchmgr_create
+dns_dispatchmgr_destroy
+dns_dispatchmgr_getblackhole
+dns_dispatchmgr_setblackhole
+dns_dnssec_findzonekeys
+dns_dnssec_keyfromrdata
+dns_dnssec_sign
+dns_dnssec_signmessage
+dns_dnssec_verify
+dns_dnssec_verifymessage
+dns_fwdtable_add
+dns_fwdtable_create
+dns_fwdtable_destroy
+dns_fwdtable_find
+dns_journal_begin_transaction
+dns_journal_commit
+dns_journal_current_rr
+dns_journal_destroy
+dns_journal_first_rr
+dns_journal_first_serial
+dns_journal_iter_init
+dns_journal_last_serial
+dns_journal_next_rr
+dns_journal_open
+dns_journal_print
+dns_journal_rollforward
+dns_journal_write_transaction
+dns_journal_writediff
+dns_keyflags_fromtext
+dns_keynode_key
+dns_keytable_add
+dns_keytable_attach
+dns_keytable_create
+dns_keytable_detach
+dns_keytable_detachkeynode
+dns_keytable_finddeepestmatch
+dns_keytable_findkeynode
+dns_keytable_findnextkeynode
+dns_keytable_issecuredomain
+dns_label_countbits
+dns_label_getbit
+dns_label_type
+dns_lib_initmsgcat
+dns_loadctx_attach
+dns_loadctx_cancel
+dns_loadctx_detach
+dns_log_init
+dns_log_setcontext
+dns_lookup_cancel
+dns_lookup_create
+dns_lookup_destroy
+dns_master_dump
+dns_master_dumpnode
+dns_master_dumpnodetostream
+dns_master_dumptostream
+dns_master_loadbuffer
+dns_master_loadbufferinc
+dns_master_loadfile
+dns_master_loadfileinc
+dns_master_loadstream
+dns_master_loadstreaminc
+dns_master_questiontotext
+dns_master_rdatasettotext
+dns_message_addname
+dns_message_checksig
+dns_message_create
+dns_message_currentname
+dns_message_destroy
+dns_message_find
+dns_message_findname
+dns_message_findtype
+dns_message_firstname
+dns_message_getopt
+dns_message_getquerytsig
+dns_message_getrawmessage
+dns_message_getsig0
+dns_message_getsig0key
+dns_message_gettempname
+dns_message_gettempoffsets
+dns_message_gettemprdata
+dns_message_gettemprdatalist
+dns_message_gettemprdataset
+dns_message_gettimeadjust
+dns_message_gettsig
+dns_message_gettsigkey
+dns_message_movename
+dns_message_nextname
+dns_message_parse
+dns_message_peekheader
+dns_message_pseudosectiontotext
+dns_message_puttempname
+dns_message_puttemprdata
+dns_message_puttemprdatalist
+dns_message_puttemprdataset
+dns_message_renderbegin
+dns_message_renderchangebuffer
+dns_message_renderend
+dns_message_renderheader
+dns_message_renderrelease
+dns_message_renderreserve
+dns_message_renderreset
+dns_message_rendersection
+dns_message_reply
+dns_message_reset
+dns_message_sectiontotext
+dns_message_setopt
+dns_message_setquerytsig
+dns_message_setsig0key
+dns_message_setsortorder
+dns_message_settimeadjust
+dns_message_settsigkey
+dns_message_signer
+dns_message_takebuffer
+dns_message_totext
+dns_name_clone
+dns_name_compare
+dns_name_concatenate
+dns_name_copy
+dns_name_countlabels
+dns_name_depth
+dns_name_digest
+dns_name_downcase
+dns_name_dup
+dns_name_dupwithoffsets
+dns_name_dynamic
+dns_name_equal
+dns_name_format
+dns_name_free
+dns_name_fromregion
+dns_name_fromtext
+dns_name_fromwire
+dns_name_fullcompare
+dns_name_getlabel
+dns_name_getlabelsequence
+dns_name_hasbuffer
+dns_name_hash
+dns_name_init
+dns_name_invalidate
+dns_name_isabsolute
+dns_name_issubdomain
+dns_name_iswildcard
+dns_name_matcheswildcard
+dns_name_print
+dns_name_rdatacompare
+dns_name_requiresedns
+dns_name_reset
+dns_name_setbuffer
+dns_name_split
+dns_name_splitatdepth
+dns_name_tofilenametext
+dns_name_toregion
+dns_name_totext
+dns_name_towire
+dns_ncache_add
+dns_ncache_towire
+dns_nxt_build
+dns_nxt_buildrdata
+dns_nxt_typepresent
+dns_peer_attach
+dns_peer_detach
+dns_peer_getbogus
+dns_peer_getkey
+dns_peer_getprovideixfr
+dns_peer_getrequestixfr
+dns_peer_getsupportedns
+dns_peer_gettransferformat
+dns_peer_gettransfers
+dns_peer_new
+dns_peer_setbogus
+dns_peer_setkey
+dns_peer_setkeybycharp
+dns_peer_setprovideixfr
+dns_peer_setrequestixfr
+dns_peer_setsupportedns
+dns_peer_settransferformat
+dns_peer_settransfers
+dns_peerlist_addpeer
+dns_peerlist_attach
+dns_peerlist_currpeer
+dns_peerlist_detach
+dns_peerlist_new
+dns_peerlist_peerbyaddr
+dns_rbt_addname
+dns_rbt_addnode
+dns_rbt_create
+dns_rbt_deletename
+dns_rbt_deletenode
+dns_rbt_destroy
+dns_rbt_findname
+dns_rbt_findnode
+dns_rbt_formatnodename
+dns_rbt_fullnamefromnode
+dns_rbt_namefromnode
+dns_rbt_nodecount
+dns_rbt_printall
+dns_rbtnodechain_current
+dns_rbtnodechain_first
+dns_rbtnodechain_init
+dns_rbtnodechain_invalidate
+dns_rbtnodechain_last
+dns_rbtnodechain_next
+dns_rbtnodechain_prev
+dns_rbtnodechain_reset
+dns_rcode_fromtext
+dns_rcode_totext
+dns_rdata_additionaldata
+dns_rdata_clone
+dns_rdata_compare
+dns_rdata_covers
+dns_rdata_digest
+dns_rdata_freestruct
+dns_rdata_fromregion
+dns_rdata_fromstruct
+dns_rdata_fromtext
+dns_rdata_fromwire
+dns_rdata_init
+dns_rdata_reset
+dns_rdata_tofmttext
+dns_rdata_toregion
+dns_rdata_tostruct
+dns_rdata_totext
+dns_rdata_towire
+dns_rdatacallbacks_init
+dns_rdatacallbacks_init_stdio
+dns_rdataclass_format
+dns_rdataclass_fromtext
+dns_rdataclass_ismeta
+dns_rdataclass_totext
+dns_rdatalist_init
+dns_rdatalist_tordataset
+dns_rdataset_additionaldata
+dns_rdataset_clone
+dns_rdataset_count
+dns_rdataset_current
+dns_rdataset_disassociate
+dns_rdataset_first
+dns_rdataset_init
+dns_rdataset_invalidate
+dns_rdataset_isassociated
+dns_rdataset_makequestion
+dns_rdataset_next
+dns_rdataset_totext
+dns_rdataset_towire
+dns_rdataset_towiresorted
+dns_rdatasetiter_current
+dns_rdatasetiter_destroy
+dns_rdatasetiter_first
+dns_rdatasetiter_next
+dns_rdataslab_equal
+dns_rdataslab_fromrdataset
+dns_rdataslab_merge
+dns_rdataslab_size
+dns_rdataslab_subtract
+dns_rdatatype_attributes
+dns_rdatatype_format
+dns_rdatatype_fromtext
+dns_rdatatype_isdnssec
+dns_rdatatype_isknown
+dns_rdatatype_ismeta
+dns_rdatatype_issingleton
+dns_rdatatype_iszonecutauth
+dns_rdatatype_notquestion
+dns_rdatatype_questiononly
+dns_rdatatype_totext
+dns_request_cancel
+dns_request_create
+dns_request_createraw
+dns_request_createvia
+dns_request_destroy
+dns_request_getresponse
+dns_request_usedtcp
+dns_requestmgr_attach
+dns_requestmgr_create
+dns_requestmgr_detach
+dns_requestmgr_shutdown
+dns_requestmgr_whenshutdown
+dns_resolver_attach
+dns_resolver_cancelfetch
+dns_resolver_create
+dns_resolver_createfetch
+dns_resolver_destroyfetch
+dns_resolver_detach
+dns_resolver_dispatchmgr
+dns_resolver_dispatchv4
+dns_resolver_dispatchv6
+dns_resolver_freeze
+dns_resolver_getlamettl
+dns_resolver_prime
+dns_resolver_setlamettl
+dns_resolver_shutdown
+dns_resolver_socketmgr
+dns_resolver_taskmgr
+dns_resolver_whenshutdown
+dns_result_register
+dns_result_torcode
+dns_result_totext
+dns_rootns_create
+dns_sdb_putnamedrr
+dns_sdb_putrr
+dns_sdb_putsoa
+dns_sdb_register
+dns_sdb_unregister
+dns_secalg_fromtext
+dns_secalg_totext
+dns_secproto_fromtext
+dns_secproto_totext
+dns_soa_getminimum
+dns_soa_getserial
+dns_soa_setserial
+dns_ssutable_addrule
+dns_ssutable_attach
+dns_ssutable_checkrules
+dns_ssutable_create
+dns_ssutable_detach
+dns_stats_alloccounters
+dns_stats_freecounters
+dns_tcpmsg_cancelread
+dns_tcpmsg_init
+dns_tcpmsg_invalidate
+dns_tcpmsg_keepbuffer
+dns_tcpmsg_readmessage
+dns_tcpmsg_setmaxsize
+dns_time32_fromtext
+dns_time32_totext
+dns_time64_fromtext
+dns_time64_totext
+dns_timer_setidle
+dns_tkey_builddeletequery
+dns_tkey_builddhquery
+dns_tkey_buildgssquery
+dns_tkey_processdeleteresponse
+dns_tkey_processdhresponse
+dns_tkey_processgssresponse
+dns_tkey_processquery
+dns_tkeyctx_create
+dns_tkeyctx_destroy
+dns_tsig_sign
+dns_tsig_verify
+dns_tsigkey_attach
+dns_tsigkey_create
+dns_tsigkey_createfromkey
+dns_tsigkey_detach
+dns_tsigkey_find
+dns_tsigkey_setdeleted
+dns_tsigkeyring_create
+dns_tsigkeyring_destroy
+dns_tsigrcode_fromtext
+dns_tsigrcode_totext
+dns_ttl_fromtext
+dns_ttl_totext
+dns_validator_cancel
+dns_validator_create
+dns_validator_destroy
+dns_view_adddelegationonly
+dns_view_addzone
+dns_view_attach
+dns_view_checksig
+dns_view_create
+dns_view_createresolver
+dns_view_detach
+dns_view_dialup
+dns_view_dumpdbtostream
+dns_view_excludedelegationonly
+dns_view_find
+dns_view_findzone
+dns_view_findzonecut
+dns_view_flushanddetach
+dns_view_flushcache
+dns_view_freeze
+dns_view_getpeertsig
+dns_view_getrootdelonly
+dns_view_gettsig
+dns_view_isdelegationonly
+dns_view_load
+dns_view_loadnew
+dns_view_setcache
+dns_view_setdstport
+dns_view_sethints
+dns_view_setkeyring
+dns_view_setrootdelonly
+dns_view_simplefind
+dns_view_weakattach
+dns_view_weakdetach
+dns_viewlist_find
+dns_xfrin_attach
+dns_xfrin_create
+dns_xfrin_detach
+dns_xfrin_shutdown
+dns_zone_attach
+dns_zone_clearforwardacl
+dns_zone_clearnotifyacl
+dns_zone_clearqueryacl
+dns_zone_clearupdateacl
+dns_zone_clearxfracl
+dns_zone_create
+dns_zone_detach
+dns_zone_dialup
+dns_zone_dump
+dns_zone_dumptostream
+dns_zone_expire
+dns_zone_first
+dns_zone_flush
+dns_zone_forcereload
+dns_zone_forwardupdate
+dns_zone_getchecknames
+dns_zone_getclass
+dns_zone_getdb
+dns_zone_getfile
+dns_zone_getforwardacl
+dns_zone_getidlein
+dns_zone_getidleout
+dns_zone_getjournal
+dns_zone_getjournalsize
+dns_zone_getmaxxfrin
+dns_zone_getmaxxfrout
+dns_zone_getmctx
+dns_zone_getmgr
+dns_zone_getnotifyacl
+dns_zone_getnotifysrc4
+dns_zone_getnotifysrc6
+dns_zone_getoptions
+dns_zone_getorigin
+dns_zone_getqueryacl
+dns_zone_getsigvalidityinterval
+dns_zone_getssutable
+dns_zone_getstatscounters
+dns_zone_gettask
+dns_zone_gettype
+dns_zone_getupdateacl
+dns_zone_getview
+dns_zone_getxfracl
+dns_zone_getxfrsource4
+dns_zone_getxfrsource6
+dns_zone_iattach
+dns_zone_idetach
+dns_zone_isforced
+dns_zone_load
+dns_zone_log
+dns_zone_maintenance
+dns_zone_markdirty
+dns_zone_next
+dns_zone_notify
+dns_zone_notifyreceive
+dns_zone_refresh
+dns_zone_replacedb
+dns_zone_setalsonotify
+dns_zone_setchecknames
+dns_zone_setclass
+dns_zone_setdbtype
+dns_zone_setdialup
+dns_zone_setfile
+dns_zone_setflag
+dns_zone_setforwardacl
+dns_zone_setidlein
+dns_zone_setidleout
+dns_zone_setjournal
+dns_zone_setjournalsize
+dns_zone_setmasters
+dns_zone_setmasterswithkeys
+dns_zone_setmaxrefreshtime
+dns_zone_setmaxretrytime
+dns_zone_setmaxxfrin
+dns_zone_setmaxxfrout
+dns_zone_setminrefreshtime
+dns_zone_setminretrytime
+dns_zone_setnotifyacl
+dns_zone_setnotifysrc4
+dns_zone_setnotifysrc6
+dns_zone_setnotifytype
+dns_zone_setoption
+dns_zone_setorigin
+dns_zone_setqueryacl
+dns_zone_setsigvalidityinterval
+dns_zone_setssutable
+dns_zone_setstatistics
+dns_zone_settask
+dns_zone_settype
+dns_zone_setupdateacl
+dns_zone_setview
+dns_zone_setxfracl
+dns_zone_setxfrsource4
+dns_zone_setxfrsource6
+dns_zone_unload
+dns_zonekey_iszonekey
+dns_zonemgr_attach
+dns_zonemgr_create
+dns_zonemgr_detach
+dns_zonemgr_forcemaint
+dns_zonemgr_getcount
+dns_zonemgr_getiolimit
+dns_zonemgr_getserialqueryrate
+dns_zonemgr_getttransfersin
+dns_zonemgr_getttransfersperns
+dns_zonemgr_managezone
+dns_zonemgr_releasezone
+dns_zonemgr_setiolimit
+dns_zonemgr_setserialqueryrate
+dns_zonemgr_settransfersin
+dns_zonemgr_settransfersperns
+dns_zonemgr_shutdown
+dns_zt_apply
+dns_zt_attach
+dns_zt_create
+dns_zt_detach
+dns_zt_find
+dns_zt_flushanddetach
+dns_zt_load
+dns_zt_mount
+dns_zt_unmount
+dst_algorithm_supported
+dst_context_adddata
+dst_context_create
+dst_context_destroy
+dst_context_sign
+dst_context_verify
+dst_gssapi_acceptctx
+dst_gssapi_acquirecred
+dst_gssapi_initctx
+dst_key_alg
+dst_key_buildfilename
+dst_key_class
+dst_key_compare
+dst_key_computesecret
+dst_key_flags
+dst_key_free
+dst_key_frombuffer
+dst_key_fromdns
+dst_key_fromfile
+dst_key_fromgssapi
+dst_key_fromnamedfile
+dst_key_generate
+dst_key_id
+dst_key_isnullkey
+dst_key_isprivate
+dst_key_iszonekey
+dst_key_name
+dst_key_paramcompare
+dst_key_proto
+dst_key_secretsize
+dst_key_sigsize
+dst_key_size
+dst_key_tobuffer
+dst_key_todns
+dst_key_tofile
+dst_lib_destroy
+dst_lib_init
+dst_lib_initmsgcat
+dst_region_computeid
+dst_result_register
+dst_result_totext
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index fe5841f4..45797615 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xfrin.c,v 1.124.2.13 2006/01/04 23:50:17 marka Exp $ */
+/* $Id: xfrin.c,v 1.124.2.16 2007/05/24 02:57:42 marka Exp $ */
#include <config.h>
@@ -673,6 +673,11 @@ xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg) {
result = DNS_R_BADIXFR;
}
xfrin_cancelio(xfr);
+ /*
+ * Close the journal.
+ */
+ if (xfr->ixfr.journal != NULL)
+ dns_journal_destroy(&xfr->ixfr.journal);
if (xfr->done != NULL) {
(xfr->done)(xfr->zone, result);
xfr->done = NULL;
@@ -1244,6 +1249,11 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
CHECK(xfrin_send_request(xfr));
} else if (xfr->state == XFRST_END) {
/*
+ * Close the journal.
+ */
+ if (xfr->ixfr.journal != NULL)
+ dns_journal_destroy(&xfr->ixfr.journal);
+ /*
* Inform the caller we succeeded.
*/
if (xfr->done != NULL) {
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index cee46e15..c7fe4911 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zone.c,v 1.333.2.44 2006/05/18 02:30:20 marka Exp $ */
+/* $Id: zone.c,v 1.333.2.48 2007/02/26 23:45:24 tbox Exp $ */
#include <config.h>
@@ -945,6 +945,7 @@ zone_load(dns_zone_t *zone, unsigned int flags) {
result = isc_file_getmodtime(zone->masterfile,
&filetime);
if (result == ISC_R_SUCCESS &&
+ DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) &&
isc_time_compare(&filetime, &zone->loadtime) <= 0) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"skipping load: master file older "
@@ -1158,6 +1159,59 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
return (result);
}
+/*
+ * OpenSSL verification of RSA keys with exponent 3 is known to be
+ * broken prior OpenSSL 0.9.8c/0.9.7k. Look for such keys and warn
+ * if they are in use.
+ */
+static void
+zone_check_keys(dns_zone_t *zone, dns_db_t *db) {
+ dns_dbnode_t *node = NULL;
+ dns_dbversion_t *version = NULL;
+ dns_rdata_key_t key;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdataset_t rdataset;
+ isc_result_t result;
+
+ result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ dns_db_currentversion(db, &version);
+ dns_rdataset_init(&rdataset);
+ result = dns_db_findrdataset(db, node, version, dns_rdatatype_key,
+ dns_rdatatype_none, 0, &rdataset, NULL);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ for (result = dns_rdataset_first(&rdataset);
+ result == ISC_R_SUCCESS;
+ result = dns_rdataset_next(&rdataset))
+ {
+ dns_rdataset_current(&rdataset, &rdata);
+ result = dns_rdata_tostruct(&rdata, &key, NULL);
+ INSIST(result == ISC_R_SUCCESS);
+
+ if (key.algorithm == DST_ALG_RSAMD5 && key.datalen > 1 &&
+ key.data[0] == 1 && key.data[1] == 3)
+ {
+ dns_zone_log(zone, ISC_LOG_WARNING,
+ "weak RSAMD5 (%u) key found "
+ "(exponent=3)", key.algorithm);
+ break;
+ }
+ dns_rdata_reset(&rdata);
+ }
+ dns_rdataset_disassociate(&rdataset);
+
+ cleanup:
+ if (node != NULL)
+ dns_db_detachnode(db, &node);
+ if (version != NULL)
+ dns_db_closeversion(db, &version, ISC_FALSE);
+
+}
+
static isc_result_t
zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
isc_result_t result)
@@ -1322,6 +1376,12 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
}
+ /*
+ * Check for weak KEY's.
+ */
+ if (zone->type == dns_zone_master)
+ zone_check_keys(zone, db);
+
#if 0
/* destroy notification example. */
{
@@ -1815,6 +1875,37 @@ dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters,
return (result);
}
+static isc_boolean_t
+same_masters(const isc_sockaddr_t *old, const isc_sockaddr_t *new,
+ isc_uint32_t count)
+{
+ unsigned int i;
+
+ for (i = 0; i < count; i++)
+ if (!isc_sockaddr_equal(&old[i], &new[i]))
+ return (ISC_FALSE);
+ return (ISC_TRUE);
+}
+
+static isc_boolean_t
+same_keynames(dns_name_t **old, dns_name_t **new, isc_uint32_t count) {
+ unsigned int i;
+
+ if (old == NULL && new == NULL)
+ return (ISC_TRUE);
+ if (old == NULL || new == NULL)
+ return (ISC_FALSE);
+
+ for (i = 0; i < count; i++) {
+ if (old[i] == NULL && new[i] == NULL)
+ continue;
+ if (old[i] == NULL || new[i] == NULL ||
+ !dns_name_equal(old[i], new[i]))
+ return (ISC_FALSE);
+ }
+ return (ISC_TRUE);
+}
+
isc_result_t
dns_zone_setmasterswithkeys(dns_zone_t *zone,
const isc_sockaddr_t *masters,
@@ -1833,6 +1924,19 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone,
}
LOCK_ZONE(zone);
+ /*
+ * The refresh code assumes that 'masters' wouldn't change under it.
+ * If it will change then kill off any current refresh in progress
+ * and update the masters info. If it won't change then we can just
+ * unlock and exit.
+ */
+ if (count != zone->masterscnt ||
+ !same_masters(zone->masters, masters, count) ||
+ !same_keynames(zone->masterkeynames, keynames, count)) {
+ if (zone->request != NULL)
+ dns_request_cancel(zone->request);
+ } else
+ goto unlock;
if (zone->masters != NULL) {
isc_mem_put(zone->mctx, zone->masters,
zone->masterscnt * sizeof *new);
@@ -3736,7 +3840,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(keyname, namebuf, sizeof(namebuf));
dns_zone_log(zone, ISC_LOG_ERROR,
- "unable to find key: %s", namebuf);
+ "unable to find key: %s", namebuf);
}
}
if (key == NULL)
@@ -3789,7 +3893,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) {
if (message != NULL)
dns_message_destroy(&message);
unlock:
- if (key != NULL)
+ if (key != NULL)
dns_tsigkey_detach(&key);
UNLOCK_ZONE(zone);
return;
diff --git a/lib/isc/api b/lib/isc/api
index 5db2c05f..c5bcb934 100644
--- a/lib/isc/api
+++ b/lib/isc/api
@@ -1,3 +1,3 @@
LIBINTERFACE = 9
-LIBREVISION = 1
+LIBREVISION = 2
LIBAGE = 2
diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index cf4c5ecb..612df43a 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1997-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: mem.c,v 1.98.2.11 2005/03/16 00:57:43 marka Exp $ */
+/* $Id: mem.c,v 1.98.2.14 2006/12/08 05:03:13 marka Exp $ */
#include <config.h>
@@ -297,7 +297,7 @@ delete_trace_entry(isc_mem_t *mctx, const void *ptr, unsigned int size,
static inline size_t
rmsize(size_t size) {
/*
- * round down to ALIGNMENT_SIZE
+ * round down to ALIGNMENT_SIZE
*/
return (size & (~(ALIGNMENT_SIZE - 1)));
}
@@ -1310,19 +1310,30 @@ isc_mem_inuse(isc_mem_t *ctx) {
void
isc_mem_setwater(isc_mem_t *ctx, isc_mem_water_t water, void *water_arg,
- size_t hiwater, size_t lowater)
+ size_t hiwater, size_t lowater)
{
+ isc_boolean_t callwater = ISC_FALSE;
+ isc_mem_water_t oldwater;
+ void *oldwater_arg;
+
REQUIRE(VALID_CONTEXT(ctx));
REQUIRE(hiwater >= lowater);
LOCK(&ctx->lock);
+ oldwater = ctx->water;
+ oldwater_arg = ctx->water_arg;
if (water == NULL) {
+ callwater = ctx->hi_called;
ctx->water = NULL;
ctx->water_arg = NULL;
ctx->hi_water = 0;
ctx->lo_water = 0;
ctx->hi_called = ISC_FALSE;
} else {
+ if (ctx->hi_called &&
+ (ctx->water != water || ctx->water_arg != water_arg ||
+ ctx->inuse < lowater || lowater == 0U))
+ callwater = ISC_TRUE;
ctx->water = water;
ctx->water_arg = water_arg;
ctx->hi_water = hiwater;
@@ -1330,6 +1341,9 @@ isc_mem_setwater(isc_mem_t *ctx, isc_mem_water_t water, void *water_arg,
ctx->hi_called = ISC_FALSE;
}
UNLOCK(&ctx->lock);
+
+ if (callwater && oldwater != NULL)
+ (oldwater)(oldwater_arg, ISC_MEM_LOWATER);
}
/*
diff --git a/lib/isc/unix/entropy.c b/lib/isc/unix/entropy.c
index 9c52b4dc..a2a9ba90 100644
--- a/lib/isc/unix/entropy.c
+++ b/lib/isc/unix/entropy.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: entropy.c,v 1.60.2.6 2005/07/12 05:47:53 marka Exp $ */
+/* $Id: entropy.c,v 1.60.2.8 2006/12/07 23:57:55 marka Exp $ */
/*
* This is the system depenedent part of the ISC entropy API.
@@ -349,9 +349,6 @@ isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) {
close(fd);
errout:
- if (source != NULL)
- isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t));
-
UNLOCK(&ent->lock);
return (ret);
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index eafcedd6..459103b0 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: socket.c,v 1.207.2.41 2006/05/19 02:54:38 marka Exp $ */
+/* $Id: socket.c,v 1.207.2.45 2007/05/21 01:57:16 marka Exp $ */
#include <config.h>
@@ -42,6 +42,7 @@
#include <isc/msgs.h>
#include <isc/mutex.h>
#include <isc/net.h>
+#include <isc/once.h>
#include <isc/platform.h>
#include <isc/print.h>
#include <isc/region.h>
@@ -57,6 +58,10 @@
#include "socket_p.h"
#endif /* ISC_PLATFORM_USETHREADS */
+#if defined(SO_BSDCOMPAT) && defined(__linux__)
+#include <sys/utsname.h>
+#endif
+
/*
* Some systems define the socket length argument as an int, some as size_t,
* some as socklen_t. This is here so it can be easily changed if needed.
@@ -1368,7 +1373,45 @@ free_socket(isc_socket_t **socketp) {
*socketp = NULL;
}
+#ifdef SO_BSDCOMPAT
/*
+ * This really should not be necessary to do. Having to workout
+ * which kernel version we are on at run time so that we don't cause
+ * the kernel to issue a warning about us using a deprecated socket option.
+ * Such warnings should *never* be on by default in production kernels.
+ *
+ * We can't do this a build time because executables are moved between
+ * machines and hence kernels.
+ *
+ * We can't just not set SO_BSDCOMAT because some kernels require it.
+ */
+
+static isc_once_t bsdcompat_once = ISC_ONCE_INIT;
+isc_boolean_t bsdcompat = ISC_TRUE;
+
+static void
+clear_bsdcompat(void) {
+#ifdef __linux__
+ struct utsname buf;
+ char *endp;
+ long int major;
+ long int minor;
+
+ uname(&buf); /* Can only fail if buf is bad in Linux. */
+
+ /* Paranoia in parsing can be increased, but we trust uname(). */
+ major = strtol(buf.release, &endp, 10);
+ if (*endp == '.') {
+ minor = strtol(endp+1, &endp, 10);
+ if ((major > 2) || ((major == 2) && (minor >= 4))) {
+ bsdcompat = ISC_FALSE;
+ }
+ }
+#endif /* __linux __ */
+}
+#endif
+
+/*%
* Create a new 'type' socket managed by 'manager'. Events
* will be posted to 'task' and when dispatched 'action' will be
* called with 'arg' as the arg value. The new socket is returned
@@ -1385,6 +1428,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
#endif
char strbuf[ISC_STRERRORSIZE];
const char *err = "socket";
+ int try = 0;
REQUIRE(VALID_MANAGER(manager));
REQUIRE(socketp != NULL && *socketp == NULL);
@@ -1394,6 +1438,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
return (ret);
sock->pf = pf;
+ again:
switch (type) {
case isc_sockettype_udp:
sock->fd = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
@@ -1402,6 +1447,8 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);
break;
}
+ if (sock->fd == -1 && errno == EINTR && try++ < 42)
+ goto again;
#ifdef F_DUPFD
/*
@@ -1468,8 +1515,10 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
}
#ifdef SO_BSDCOMPAT
- if (setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT,
- (void *)&on, sizeof(on)) < 0) {
+ RUNTIME_CHECK(isc_once_do(&bsdcompat_once,
+ clear_bsdcompat) == ISC_R_SUCCESS);
+ if (bsdcompat && setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT,
+ (void *)&on, sizeof(on)) < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf));
UNEXPECTED_ERROR(__FILE__, __LINE__,
"setsockopt(%d, SO_BSDCOMPAT) %s: %s",
@@ -1513,7 +1562,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
}
#ifdef ISC_PLATFORM_HAVEIN6PKTINFO
#ifdef IPV6_RECVPKTINFO
- /* 2292bis */
+ /* RFC 3542 */
if ((pf == AF_INET6)
&& (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
(void *)&on, sizeof(on)) < 0)) {
@@ -1528,7 +1577,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
strbuf);
}
#else
- /* 2292 */
+ /* RFC 2292 */
if ((pf == AF_INET6)
&& (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_PKTINFO,
(void *)&on, sizeof(on)) < 0)) {
@@ -1544,7 +1593,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
}
#endif /* IPV6_RECVPKTINFO */
#endif /* ISC_PLATFORM_HAVEIN6PKTINFO */
-#ifdef IPV6_USE_MIN_MTU /*2292bis, not too common yet*/
+#ifdef IPV6_USE_MIN_MTU /* RFC 3542, not too common yet*/
/* use minimum MTU */
if (pf == AF_INET6) {
(void)setsockopt(sock->fd, IPPROTO_IPV6,
diff --git a/lib/isc/win32/DLLMain.c b/lib/isc/win32/DLLMain.c
index 1009912e..3baeb21b 100644
--- a/lib/isc/win32/DLLMain.c
+++ b/lib/isc/win32/DLLMain.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,13 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: DLLMain.c,v 1.3.2.2 2004/03/09 06:12:16 marka Exp $ */
+/* $Id: DLLMain.c,v 1.3.2.4 2007/06/18 23:45:27 tbox Exp $ */
#include <windows.h>
#include <stdio.h>
-BOOL InitSockets(void);
-
/*
* Called when we enter the DLL
*/
@@ -35,8 +33,6 @@ __declspec(dllexport) BOOL WINAPI DllMain(HINSTANCE hinstDLL,
* initialization or a call to LoadLibrary.
*/
case DLL_PROCESS_ATTACH:
- if (!InitSockets())
- return (FALSE);
break;
/* The attached process creates a new thread. */
diff --git a/lib/isc/win32/condition.c b/lib/isc/win32/condition.c
index 60ad2aa1..c73242f0 100644
--- a/lib/isc/win32/condition.c
+++ b/lib/isc/win32/condition.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,13 +15,14 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: condition.c,v 1.17.2.3 2006/02/13 23:50:51 marka Exp $ */
+/* $Id: condition.c,v 1.17.2.5 2007/05/10 23:45:26 tbox Exp $ */
#include <config.h>
#include <isc/condition.h>
#include <isc/assertions.h>
#include <isc/util.h>
+#include <isc/thread.h>
#include <isc/time.h>
#define LSIGNAL 0
@@ -34,23 +35,92 @@ isc_condition_init(isc_condition_t *cond) {
REQUIRE(cond != NULL);
cond->waiters = 0;
+ /*
+ * This handle is shared across all threads
+ */
h = CreateEvent(NULL, FALSE, FALSE, NULL);
if (h == NULL) {
/* XXX */
return (ISC_R_UNEXPECTED);
}
cond->events[LSIGNAL] = h;
- h = CreateEvent(NULL, TRUE, FALSE, NULL);
- if (h == NULL) {
- (void)CloseHandle(cond->events[LSIGNAL]);
- /* XXX */
+
+ /*
+ * The threadlist will hold the actual events needed
+ * for the wait condition
+ */
+ ISC_LIST_INIT(cond->threadlist);
+
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Add the thread to the threadlist along with the required events
+ */
+static isc_result_t
+register_thread(unsigned long thrd, isc_condition_t *gblcond,
+ isc_condition_thread_t **localcond)
+{
+ HANDLE hc;
+ isc_condition_thread_t *newthread;
+
+ REQUIRE(localcond != NULL && *localcond == NULL);
+
+ newthread = malloc(sizeof(isc_condition_thread_t));
+ if (newthread == NULL)
+ return (ISC_R_NOMEMORY);
+
+ /*
+ * Create the thread-specific handle
+ */
+ hc = CreateEvent(NULL, FALSE, FALSE, NULL);
+ if (hc == NULL) {
+ free(newthread);
return (ISC_R_UNEXPECTED);
}
- cond->events[LBROADCAST] = h;
+ /*
+ * Add the thread ID and handles to list of threads for broadcast
+ */
+ newthread->handle[LSIGNAL] = gblcond->events[LSIGNAL];
+ newthread->handle[LBROADCAST] = hc;
+ newthread->th = thrd;
+
+ /*
+ * The thread is holding the manager lock so this is safe
+ */
+ ISC_LIST_APPEND(gblcond->threadlist, newthread, link);
+ *localcond = newthread;
return (ISC_R_SUCCESS);
}
+static isc_result_t
+find_thread_condition(unsigned long thrd, isc_condition_t *cond,
+ isc_condition_thread_t **threadcondp)
+{
+ isc_condition_thread_t *threadcond;
+
+ REQUIRE(threadcondp != NULL && *threadcondp == NULL);
+
+ /*
+ * Look for the thread ID.
+ */
+ for (threadcond = ISC_LIST_HEAD(cond->threadlist);
+ threadcond != NULL;
+ threadcond = ISC_LIST_NEXT(threadcond, link)) {
+
+ if (threadcond->th == thrd) {
+ *threadcondp = threadcond;
+ return (ISC_R_SUCCESS);
+ }
+ }
+
+ /*
+ * Not found, so add it.
+ */
+ return (register_thread(thrd, cond, threadcondp));
+}
+
isc_result_t
isc_condition_signal(isc_condition_t *cond) {
@@ -60,8 +130,7 @@ isc_condition_signal(isc_condition_t *cond) {
*/
REQUIRE(cond != NULL);
- if (cond->waiters > 0 &&
- !SetEvent(cond->events[LSIGNAL])) {
+ if (!SetEvent(cond->events[LSIGNAL])) {
/* XXX */
return (ISC_R_UNEXPECTED);
}
@@ -72,29 +141,54 @@ isc_condition_signal(isc_condition_t *cond) {
isc_result_t
isc_condition_broadcast(isc_condition_t *cond) {
+ isc_condition_thread_t *threadcond;
+ isc_boolean_t failed = ISC_FALSE;
+
/*
* Unlike pthreads, the caller MUST hold the lock associated with
* the condition variable when calling us.
*/
REQUIRE(cond != NULL);
- if (cond->waiters > 0 &&
- !SetEvent(cond->events[LBROADCAST])) {
- /* XXX */
- return (ISC_R_UNEXPECTED);
+ /*
+ * Notify every thread registered for this
+ */
+ for (threadcond = ISC_LIST_HEAD(cond->threadlist);
+ threadcond != NULL;
+ threadcond = ISC_LIST_NEXT(threadcond, link)) {
+
+ if (!SetEvent(threadcond->handle[LBROADCAST]))
+ failed = ISC_TRUE;
}
+ if (failed)
+ return (ISC_R_UNEXPECTED);
+
return (ISC_R_SUCCESS);
}
isc_result_t
isc_condition_destroy(isc_condition_t *cond) {
+ isc_condition_thread_t *next, *threadcond;
+
REQUIRE(cond != NULL);
REQUIRE(cond->waiters == 0);
(void)CloseHandle(cond->events[LSIGNAL]);
- (void)CloseHandle(cond->events[LBROADCAST]);
+
+ /*
+ * Delete the threadlist
+ */
+ threadcond = ISC_LIST_HEAD(cond->threadlist);
+
+ while (threadcond != NULL) {
+ next = ISC_LIST_NEXT(threadcond, link);
+ DEQUEUE(cond->threadlist, threadcond, link);
+ (void) CloseHandle(threadcond->handle[LBROADCAST]);
+ free(threadcond);
+ threadcond = next;
+ }
return (ISC_R_SUCCESS);
}
@@ -111,22 +205,26 @@ isc_condition_destroy(isc_condition_t *cond) {
static isc_result_t
wait(isc_condition_t *cond, isc_mutex_t *mutex, DWORD milliseconds) {
DWORD result;
+ isc_result_t tresult;
+ isc_condition_thread_t *threadcond = NULL;
+
+ /*
+ * Get the thread events needed for the wait
+ */
+ tresult = find_thread_condition(isc_thread_self(), cond, &threadcond);
+ if (tresult != ISC_R_SUCCESS)
+ return (tresult);
cond->waiters++;
LeaveCriticalSection(mutex);
- result = WaitForMultipleObjects(2, cond->events, FALSE, milliseconds);
+ result = WaitForMultipleObjects(2, threadcond->handle, FALSE,
+ milliseconds);
EnterCriticalSection(mutex);
cond->waiters--;
if (result == WAIT_FAILED) {
/* XXX */
return (ISC_R_UNEXPECTED);
}
- if (cond->waiters == 0 &&
- !ResetEvent(cond->events[LBROADCAST])) {
- /* XXX */
- return (ISC_R_UNEXPECTED);
- }
-
if (result == WAIT_TIMEOUT)
return (ISC_R_TIMEDOUT);
diff --git a/lib/isc/win32/include/isc/condition.h b/lib/isc/win32/include/isc/condition.h
index ca4d0579..1ba384c4 100644
--- a/lib/isc/win32/include/isc/condition.h
+++ b/lib/isc/win32/include/isc/condition.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: condition.h,v 1.13.2.1 2004/03/09 06:12:22 marka Exp $ */
+/* $Id: condition.h,v 1.13.2.3 2007/05/10 23:45:26 tbox Exp $ */
#ifndef ISC_CONDITION_H
#define ISC_CONDITION_H 1
@@ -24,11 +24,22 @@
#include <isc/lang.h>
#include <isc/mutex.h>
+#include <isc/thread.h>
#include <isc/types.h>
+typedef struct isc_condition_thread isc_condition_thread_t;
+
+struct isc_condition_thread {
+ unsigned long th;
+ HANDLE handle[2];
+ ISC_LINK(isc_condition_thread_t) link;
+
+};
+
typedef struct isc_condition {
HANDLE events[2];
unsigned int waiters;
+ ISC_LIST(isc_condition_thread_t) threadlist;
} isc_condition_t;
ISC_LANG_BEGINDECLS
diff --git a/lib/isc/win32/include/isc/ipv6.h b/lib/isc/win32/include/isc/ipv6.h
index 692b613a..b98a9008 100644
--- a/lib/isc/win32/include/isc/ipv6.h
+++ b/lib/isc/win32/include/isc/ipv6.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ipv6.h,v 1.9.2.5 2005/02/09 05:11:52 marka Exp $ */
+/* $Id: ipv6.h,v 1.9.2.7 2007/01/18 00:06:02 marka Exp $ */
#ifndef ISC_IPV6_H
#define ISC_IPV6_H 1
diff --git a/lib/isc/win32/interfaceiter.c b/lib/isc/win32/interfaceiter.c
index 550ba719..7383d4e2 100644
--- a/lib/isc/win32/interfaceiter.c
+++ b/lib/isc/win32/interfaceiter.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfaceiter.c,v 1.4.2.1 2004/03/09 06:12:18 marka Exp $ */
+/* $Id: interfaceiter.c,v 1.4.2.3 2007/06/18 23:45:27 tbox Exp $ */
/*
* Note that this code will need to be revisited to support IPv6 Interfaces.
@@ -39,6 +39,8 @@
#include <isc/util.h>
#include "errno2result.h"
+void InitSockets(void);
+
/* Common utility functions */
/*
@@ -114,6 +116,8 @@ isc_interfaceiter_create(isc_mem_t *mctx, isc_interfaceiter_t **iterp) {
if (iter == NULL)
return (ISC_R_NOMEMORY);
+ InitSockets();
+
iter->mctx = mctx;
iter->buf = NULL;
diff --git a/lib/isc/win32/net.c b/lib/isc/win32/net.c
index 6abe5cfb..666b8a00 100644
--- a/lib/isc/win32/net.c
+++ b/lib/isc/win32/net.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: net.c,v 1.3.2.3 2004/03/09 06:12:18 marka Exp $ */
+/* $Id: net.c,v 1.3.2.5 2007/06/18 23:45:27 tbox Exp $ */
#include <config.h>
@@ -37,6 +37,8 @@ static isc_once_t once = ISC_ONCE_INIT;
static isc_result_t ipv4_result = ISC_R_NOTFOUND;
static isc_result_t ipv6_result = ISC_R_NOTFOUND;
+void InitSockets(void);
+
static isc_result_t
try_proto(int domain) {
SOCKET s;
@@ -112,6 +114,7 @@ try_proto(int domain) {
static void
initialize_action(void) {
+ InitSockets();
ipv4_result = try_proto(PF_INET);
#ifdef ISC_PLATFORM_HAVEIPV6
#ifdef WANT_IPV6
diff --git a/lib/isc/win32/ntpaths.c b/lib/isc/win32/ntpaths.c
index 5489e0aa..f834844b 100644
--- a/lib/isc/win32/ntpaths.c
+++ b/lib/isc/win32/ntpaths.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ntpaths.c,v 1.6.2.3 2004/03/09 06:12:19 marka Exp $ */
+/* $Id: ntpaths.c,v 1.6.2.5 2007/06/18 23:45:27 tbox Exp $ */
/*
* This module fetches the required path information that is specific
@@ -63,9 +63,8 @@ isc_ntpaths_init() {
if (RegQueryValueEx(hKey, "InstallDir", NULL, NULL,
(LPBYTE)namedBase, &baseLen) != ERROR_SUCCESS)
keyFound = FALSE;
+ RegCloseKey(hKey);
}
-
- RegCloseKey(hKey);
GetSystemDirectory(systemDir, MAX_PATH);
diff --git a/lib/isc/win32/once.c b/lib/isc/win32/once.c
index 69102825..c8147d66 100644
--- a/lib/isc/win32/once.c
+++ b/lib/isc/win32/once.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: once.c,v 1.9.2.1 2004/03/09 06:12:19 marka Exp $ */
+/* $Id: once.c,v 1.9.2.3 2007/06/18 23:45:27 tbox Exp $ */
/* Principal Authors: DCL */
@@ -41,8 +41,11 @@ isc_once_do(isc_once_t *controller, void(*function)(void)) {
} else {
while (controller->status == ISC_ONCE_INIT_NEEDED) {
/*
- * Spin wait.
+ * Sleep(0) indicates that this thread
+ * should be suspended to allow other
+ * waiting threads to execute.
*/
+ Sleep(0);
}
}
}
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index b6fae8b3..72f7a796 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: socket.c,v 1.5.2.30 2006/08/04 03:03:19 marka Exp $ */
+/* $Id: socket.c,v 1.5.2.33 2007/06/18 03:30:31 marka Exp $ */
/* This code has been rewritten to take advantage of Windows Sockets
* I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -77,6 +77,7 @@
#include <isc/msgs.h>
#include <isc/mutex.h>
#include <isc/net.h>
+#include <isc/once.h>
#include <isc/os.h>
#include <isc/platform.h>
#include <isc/print.h>
@@ -899,10 +900,11 @@ socket_close(isc_socket_t *sock) {
}
}
-/*
- * Initialize socket services
- */
-BOOL InitSockets() {
+static isc_once_t initialise_once = ISC_ONCE_INIT;
+static isc_boolean_t initialised = ISC_FALSE;
+
+static void
+initialise(void) {
WORD wVersionRequested;
WSADATA wsaData;
int err;
@@ -911,11 +913,26 @@ BOOL InitSockets() {
wVersionRequested = MAKEWORD(2, 0);
err = WSAStartup(wVersionRequested, &wsaData);
- if ( err != 0 ) {
- /* Tell the user that we could not find a usable Winsock DLL */
- return(FALSE);
- }
- return(TRUE);
+ if (err != 0) {
+ char strbuf[ISC_STRERRORSIZE];
+ isc__strerror(err, strbuf, sizeof(strbuf));
+ FATAL_ERROR(__FILE__, __LINE__, "WSAStartup() %s: %s",
+ isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
+ ISC_MSG_FAILED, "failed"),
+ strbuf);
+ } else
+ initialised = ISC_TRUE;
+}
+
+/*
+ * Initialize socket services
+ */
+void
+InitSockets(void) {
+ RUNTIME_CHECK(isc_once_do(&initialise_once,
+ initialise) == ISC_R_SUCCESS);
+ if (!initialised)
+ exit(1);
}
int
@@ -1843,7 +1860,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
isc_socket_t **socketp) {
isc_socket_t *sock = NULL;
isc_result_t result;
-#if defined(USE_CMSG) || defined(SO_BSDCOMPAT)
+#if defined(USE_CMSG)
int on = 1;
#endif
int socket_errno;
@@ -2746,6 +2763,8 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
if (manager == NULL)
return (ISC_R_NOMEMORY);
+ InitSockets();
+
manager->magic = SOCKET_MANAGER_MAGIC;
manager->mctx = NULL;
ISC_LIST_INIT(manager->socklist);
diff --git a/lib/isccc/api b/lib/isccc/api
index 13178156..c4ea7bd8 100644
--- a/lib/isccc/api
+++ b/lib/isccc/api
@@ -1,3 +1,3 @@
LIBINTERFACE = 1
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 1
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
index d3b1dace..2ae3024b 100644
--- a/lib/isccc/cc.c
+++ b/lib/isccc/cc.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2001-2003 Internet Software Consortium.
* Portions Copyright (C) 2001 Nominum, Inc.
*
@@ -16,7 +16,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cc.c,v 1.4.2.5 2004/03/09 06:12:25 marka Exp $ */
+/* $Id: cc.c,v 1.4.2.7 2006/12/07 23:57:56 marka Exp $ */
#include <config.h>
@@ -464,12 +464,21 @@ createmessage(isc_uint32_t version, const char *from, const char *to,
result = ISC_R_NOMEMORY;
_ctrl = isccc_alist_create();
+ if (_ctrl == NULL)
+ goto bad;
+ if (isccc_alist_define(alist, "_ctrl", _ctrl) == NULL) {
+ isccc_sexpr_free(&_ctrl);
+ goto bad;
+ }
+
_data = isccc_alist_create();
- if (_ctrl == NULL || _data == NULL)
+ if (_data == NULL)
goto bad;
- if (isccc_alist_define(alist, "_ctrl", _ctrl) == NULL ||
- isccc_alist_define(alist, "_data", _data) == NULL)
+ if (isccc_alist_define(alist, "_data", _data) == NULL) {
+ isccc_sexpr_free(&_data);
goto bad;
+ }
+
if (isccc_cc_defineuint32(_ctrl, "_ser", serial) == NULL ||
isccc_cc_defineuint32(_ctrl, "_tim", now) == NULL ||
(want_expires &&
diff --git a/lib/isccc/win32/DLLMain.c b/lib/isccc/win32/DLLMain.c
index 1d8d11d3..e4789dfc 100644
--- a/lib/isccc/win32/DLLMain.c
+++ b/lib/isccc/win32/DLLMain.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,13 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: DLLMain.c,v 1.3.2.1 2004/03/09 06:12:29 marka Exp $ */
+/* $Id: DLLMain.c,v 1.3.2.3 2007/06/18 23:45:27 tbox Exp $ */
#include <windows.h>
#include <signal.h>
-BOOL InitSockets(void);
-
/*
* Called when we enter the DLL
*/
diff --git a/lib/isccfg/win32/DLLMain.c b/lib/isccfg/win32/DLLMain.c
index 3ada9977..3ce348e7 100644
--- a/lib/isccfg/win32/DLLMain.c
+++ b/lib/isccfg/win32/DLLMain.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,13 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: DLLMain.c,v 1.3.2.1 2004/03/09 06:12:32 marka Exp $ */
+/* $Id: DLLMain.c,v 1.3.2.3 2007/06/18 23:45:27 tbox Exp $ */
#include <windows.h>
#include <signal.h>
-BOOL InitSockets(void);
-
/*
* Called when we enter the DLL
*/
diff --git a/lib/lwres/context.c b/lib/lwres/context.c
index f80f294f..b2c84f03 100644
--- a/lib/lwres/context.c
+++ b/lib/lwres/context.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: context.c,v 1.41.2.4 2004/09/17 05:57:20 marka Exp $ */
+/* $Id: context.c,v 1.41.2.6 2007/06/18 23:45:27 tbox Exp $ */
#include <config.h>
@@ -128,6 +128,9 @@ lwres_context_destroy(lwres_context_t **contextp) {
*contextp = NULL;
if (ctx->sock != -1) {
+#ifdef WIN32
+ DestroySockets();
+#endif
close(ctx->sock);
ctx->sock = -1;
}
@@ -231,19 +234,34 @@ context_connect(lwres_context_t *ctx) {
} else
return (LWRES_R_IOERROR);
+#ifdef WIN32
+ InitSockets();
+#endif
+
s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
- if (s < 0)
+ if (s < 0) {
+#ifdef WIN32
+ DestroySockets();
+#endif
return (LWRES_R_IOERROR);
+ }
ret = connect(s, sa, salen);
if (ret != 0) {
+#ifdef WIN32
+ DestroySockets();
+#endif
close(s);
return (LWRES_R_IOERROR);
}
MAKE_NONBLOCKING(s, ret);
- if (ret < 0)
+ if (ret < 0) {
+#ifdef WIN32
+ DestroySockets();
+#endif
return (LWRES_R_IOERROR);
+ }
ctx->sock = s;
diff --git a/lib/lwres/getipnode.c b/lib/lwres/getipnode.c
index fc5f6114..4fd66676 100644
--- a/lib/lwres/getipnode.c
+++ b/lib/lwres/getipnode.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: getipnode.c,v 1.30.2.8 2005/04/28 23:59:13 marka Exp $ */
+/* $Id: getipnode.c,v 1.30.2.10 2007/06/18 23:45:27 tbox Exp $ */
#include <config.h>
@@ -399,6 +399,9 @@ scan_interfaces(int *have_v4, int *have_v6) {
static int bufsiz = 4095;
int s, cpsize, n;
+#ifdef WIN32
+ InitSockets();
+#endif
/*
* Set to zero. Used as loop terminators below.
*/
@@ -519,13 +522,20 @@ scan_interfaces(int *have_v4, int *have_v6) {
}
if (buf != NULL)
free(buf);
+#ifdef WIN32
+ DestroySockets();
+#endif
close(s);
return (0);
+
err_ret:
if (buf != NULL)
free(buf);
if (s != -1)
close(s);
+#ifdef WIN32
+ DestroySockets();
+#endif
return (-1);
#endif
}
diff --git a/lib/lwres/man/lwres.3 b/lib/lwres/man/lwres.3
index d5faa77e..ee115b40 100644
--- a/lib/lwres/man/lwres.3
+++ b/lib/lwres/man/lwres.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres.3,v 1.15.2.6 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres.3,v 1.15.2.8 2007/01/30 00:10:37 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -159,4 +159,7 @@ bit should be set.
\fBresolver\fR(5),
\fBlwresd\fR(8).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres.docbook b/lib/lwres/man/lwres.docbook
index ab1ddf33..c388c3ab 100644
--- a/lib/lwres/man/lwres.docbook
+++ b/lib/lwres/man/lwres.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres.docbook,v 1.3.2.3 2005/05/12 21:35:20 sra Exp $ -->
+<!-- $Id: lwres.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres.html b/lib/lwres/man/lwres.html
index e490dd1e..20c0e667 100644
--- a/lib/lwres/man/lwres.html
+++ b/lib/lwres/man/lwres.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres.html,v 1.4.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres.html,v 1.4.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres &#8212; introduction to the lightweight resolver library</p>
@@ -32,7 +32,7 @@
<div class="funcsynopsis"><pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549397"></a><h2>DESCRIPTION</h2>
+<a name="id2543338"></a><h2>DESCRIPTION</h2>
<p>
The BIND 9 lightweight resolver library is a simple, name service
independent stub resolver library. It provides hostname-to-address
@@ -47,7 +47,7 @@ UDP-based protocol.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549410"></a><h2>OVERVIEW</h2>
+<a name="id2543351"></a><h2>OVERVIEW</h2>
<p>
The lwresd library implements multiple name service APIs.
The standard
@@ -101,7 +101,7 @@ and servers is outlined in the following sections.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549474"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2>
+<a name="id2543415"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2>
<p>
When a client program wishes to make an lwres request using the
native low-level API, it typically performs the following
@@ -147,7 +147,7 @@ packet specific information contained in the body.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549689"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2>
+<a name="id2543494"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2>
<p>
When implementing the server side of the lightweight resolver
protocol using the lwres library, a sequence of actions like the
@@ -188,7 +188,7 @@ set.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549774"></a><h2>SEE ALSO</h2>
+<a name="id2543579"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres_gethostent</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_buffer.3 b/lib/lwres/man/lwres_buffer.3
index b4369762..78208eac 100644
--- a/lib/lwres/man/lwres_buffer.3
+++ b/lib/lwres/man/lwres_buffer.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_buffer.3,v 1.12.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_buffer.3,v 1.12.2.9 2007/01/30 00:10:37 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_buffer
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -93,7 +93,7 @@ The
is an (optional) subregion of the remaining region. It extends from the current offset to an offset in the remaining region. Initially, the active region is empty. If the current offset advances beyond the chosen offset, the active region will also be empty.
.PP
.sp
-.RS 3n
+.RS 4
.nf
/\-\-\-\-\-\-\-\-\-\-\-\-entire length\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\\\\
/\-\-\-\-\- used region \-\-\-\-\-\\\\/\-\- available \-\-\\\\
@@ -217,4 +217,7 @@ bytes of memory from
to
\fIbase\fR.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_buffer.docbook b/lib/lwres/man/lwres_buffer.docbook
index 953e47f3..7ca4e1de 100644
--- a/lib/lwres/man/lwres_buffer.docbook
+++ b/lib/lwres/man/lwres_buffer.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_buffer.docbook,v 1.3.2.3 2005/05/12 21:35:20 sra Exp $ -->
+<!-- $Id: lwres_buffer.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -35,6 +35,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_buffer.html b/lib/lwres/man/lwres_buffer.html
index 96fe755b..fd1abe5d 100644
--- a/lib/lwres/man/lwres_buffer.html
+++ b/lib/lwres/man/lwres_buffer.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_buffer.html,v 1.4.2.11 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_buffer.html,v 1.4.2.14 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_buffer</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem &#8212; lightweight resolver buffer management</p>
@@ -49,31 +49,18 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_invalidate</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -85,11 +72,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -105,47 +87,26 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_clear</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+</tr></table>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_first</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -157,11 +118,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -177,31 +133,18 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
lwres_uint8_t
<b class="fsfunc">lwres_buffer_getuint8</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -213,31 +156,18 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
lwres_uint16_t
<b class="fsfunc">lwres_buffer_getuint16</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -249,31 +179,18 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
lwres_uint32_t
<b class="fsfunc">lwres_buffer_getuint32</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -285,11 +202,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -310,11 +222,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -335,11 +242,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -347,7 +249,7 @@ void
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549674"></a><h2>DESCRIPTION</h2>
+<a name="id2543616"></a><h2>DESCRIPTION</h2>
<p>
These functions provide bounds checked access to a region of memory
where data is being read or written.
diff --git a/lib/lwres/man/lwres_config.3 b/lib/lwres/man/lwres_config.3
index fedfb704..a19fd358 100644
--- a/lib/lwres/man/lwres_config.3
+++ b/lib/lwres/man/lwres_config.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_config.3,v 1.12.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_config.3,v 1.12.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_config
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -100,4 +100,7 @@ unless an error occurred when converting the network addresses to a numeric host
.PP
\fI/etc/resolv.conf\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_config.docbook b/lib/lwres/man/lwres_config.docbook
index d9db42a5..f4cbb8bf 100644
--- a/lib/lwres/man/lwres_config.docbook
+++ b/lib/lwres/man/lwres_config.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_config.docbook,v 1.2.2.3 2005/05/12 21:35:20 sra Exp $ -->
+<!-- $Id: lwres_config.docbook,v 1.2.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_config.html b/lib/lwres/man/lwres_config.html
index 29528ef3..12432c3c 100644
--- a/lib/lwres/man/lwres_config.html
+++ b/lib/lwres/man/lwres_config.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_config.html,v 1.4.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_config.html,v 1.4.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_config</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get &#8212; lightweight resolver configuration</p>
@@ -31,38 +31,22 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_conf_init</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+</tr></table>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_conf_clear</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -74,11 +58,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -94,35 +73,22 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
<td><code class="funcdef">
lwres_conf_t *
<b class="fsfunc">lwres_conf_get</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549475"></a><h2>DESCRIPTION</h2>
+<a name="id2543416"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_conf_init()</code>
creates an empty
@@ -159,7 +125,7 @@ to the
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549546"></a><h2>RETURN VALUES</h2>
+<a name="id2543488"></a><h2>RETURN VALUES</h2>
<p>
<code class="function">lwres_conf_parse()</code>
returns
@@ -184,14 +150,14 @@ If this happens, the function returns
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549586"></a><h2>SEE ALSO</h2>
+<a name="id2543527"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">stdio</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549612"></a><h2>FILES</h2>
+<a name="id2543554"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/resolv.conf</code>
</p>
diff --git a/lib/lwres/man/lwres_context.3 b/lib/lwres/man/lwres_context.3
index 305e66f7..ccf09015 100644
--- a/lib/lwres/man/lwres_context.3
+++ b/lib/lwres/man/lwres_context.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_context.3,v 1.13.2.8 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_context.3,v 1.13.2.10 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_context
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -163,4 +163,7 @@ times out waiting for a response.
\fBmalloc\fR(3),
\fBfree\fR(3 ).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_context.docbook b/lib/lwres/man/lwres_context.docbook
index a302dd09..b70ee91c 100644
--- a/lib/lwres/man/lwres_context.docbook
+++ b/lib/lwres/man/lwres_context.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_context.docbook,v 1.3.2.5 2005/05/12 21:35:21 sra Exp $ -->
+<!-- $Id: lwres_context.docbook,v 1.3.2.7 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_context.html b/lib/lwres/man/lwres_context.html
index 81588c32..05783def 100644
--- a/lib/lwres/man/lwres_context.html
+++ b/lib/lwres/man/lwres_context.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_context.html,v 1.5.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_context.html,v 1.5.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_context</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv &#8212; lightweight resolver context management</p>
@@ -52,31 +52,18 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_context_destroy</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -88,31 +75,18 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
lwres_uint32_t
<b class="fsfunc">lwres_context_nextserial</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -129,11 +103,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -149,11 +118,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -189,11 +153,6 @@ void *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -201,7 +160,7 @@ void *
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549540"></a><h2>DESCRIPTION</h2>
+<a name="id2543481"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_context_create()</code>
creates a
@@ -331,7 +290,7 @@ returned in
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549789"></a><h2>RETURN VALUES</h2>
+<a name="id2543662"></a><h2>RETURN VALUES</h2>
<p>
<code class="function">lwres_context_create()</code>
returns
@@ -362,7 +321,7 @@ times out waiting for a response.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549841"></a><h2>SEE ALSO</h2>
+<a name="id2543714"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres_conf_init</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_gabn.3 b/lib/lwres/man/lwres_gabn.3
index 713c7325..59138897 100644
--- a/lib/lwres/man/lwres_gabn.3
+++ b/lib/lwres/man/lwres_gabn.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gabn.3,v 1.13.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_gabn.3,v 1.13.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_gabn
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -60,7 +60,7 @@ There are four main functions for the getaddrbyname opcode. One render function
These structures are defined in
\fI<lwres/lwres.h>\fR. They are shown below.
.sp
-.RS 3n
+.RS 4
.nf
#define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U
typedef struct lwres_addr lwres_addr_t;
@@ -171,4 +171,7 @@ indicate that the packet is not a response to an earlier query.
.PP
\fBlwres_packet\fR(3 )
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_gabn.docbook b/lib/lwres/man/lwres_gabn.docbook
index da34c7da..40b97484 100644
--- a/lib/lwres/man/lwres_gabn.docbook
+++ b/lib/lwres/man/lwres_gabn.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gabn.docbook,v 1.3.2.3 2005/05/12 21:35:21 sra Exp $ -->
+<!-- $Id: lwres_gabn.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_gabn.html b/lib/lwres/man/lwres_gabn.html
index 993ea37c..65abeb47 100644
--- a/lib/lwres/man/lwres_gabn.html
+++ b/lib/lwres/man/lwres_gabn.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gabn.html,v 1.6.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_gabn.html,v 1.6.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gabn</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free &#8212; lightweight resolver getaddrbyname message handling</p>
@@ -52,11 +52,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -82,11 +77,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -112,11 +102,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -142,11 +127,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -162,11 +142,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -182,11 +157,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -194,7 +164,7 @@ void
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549528"></a><h2>DESCRIPTION</h2>
+<a name="id2543469"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver name-to-address lookup request and
@@ -309,7 +279,7 @@ structures is also discarded.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549720"></a><h2>RETURN VALUES</h2>
+<a name="id2543593"></a><h2>RETURN VALUES</h2>
<p>
The getaddrbyname opcode functions
<code class="function">lwres_gabnrequest_render()</code>,
@@ -347,7 +317,7 @@ indicate that the packet is not a response to an earlier query.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549853"></a><h2>SEE ALSO</h2>
+<a name="id2543658"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3
)</span>
diff --git a/lib/lwres/man/lwres_gai_strerror.3 b/lib/lwres/man/lwres_gai_strerror.3
index fbc103c1..7fa24c49 100644
--- a/lib/lwres/man/lwres_gai_strerror.3
+++ b/lib/lwres/man/lwres_gai_strerror.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gai_strerror.3,v 1.13.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_gai_strerror.3,v 1.13.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_gai_strerror
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,43 +43,65 @@ gai_strerror \- print suitable error string
returns an error message corresponding to an error code returned by
\fBgetaddrinfo()\fR. The following error codes and their meaning are defined in
\fIinclude/lwres/netdb.h\fR.
-.TP 3n
+.PP
\fBEAI_ADDRFAMILY\fR
+.RS 4
address family for hostname not supported
-.TP 3n
+.RE
+.PP
\fBEAI_AGAIN\fR
+.RS 4
temporary failure in name resolution
-.TP 3n
+.RE
+.PP
\fBEAI_BADFLAGS\fR
+.RS 4
invalid value for
\fBai_flags\fR
-.TP 3n
+.RE
+.PP
\fBEAI_FAIL\fR
+.RS 4
non\-recoverable failure in name resolution
-.TP 3n
+.RE
+.PP
\fBEAI_FAMILY\fR
+.RS 4
\fBai_family\fR
not supported
-.TP 3n
+.RE
+.PP
\fBEAI_MEMORY\fR
+.RS 4
memory allocation failure
-.TP 3n
+.RE
+.PP
\fBEAI_NODATA\fR
+.RS 4
no address associated with hostname
-.TP 3n
+.RE
+.PP
\fBEAI_NONAME\fR
+.RS 4
hostname or servname not provided, or not known
-.TP 3n
+.RE
+.PP
\fBEAI_SERVICE\fR
+.RS 4
servname not supported for
\fBai_socktype\fR
-.TP 3n
+.RE
+.PP
\fBEAI_SOCKTYPE\fR
+.RS 4
\fBai_socktype\fR
not supported
-.TP 3n
+.RE
+.PP
\fBEAI_SYSTEM\fR
+.RS 4
system error returned in errno
+.RE
The message
invalid error code
is returned if
@@ -101,4 +123,7 @@ used by
\fBgetaddrinfo\fR(3),
\fBRFC2133\fR().
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_gai_strerror.docbook b/lib/lwres/man/lwres_gai_strerror.docbook
index 8df42bd5..1c1ec4c4 100644
--- a/lib/lwres/man/lwres_gai_strerror.docbook
+++ b/lib/lwres/man/lwres_gai_strerror.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gai_strerror.docbook,v 1.3.2.3 2005/05/12 21:35:21 sra Exp $ -->
+<!-- $Id: lwres_gai_strerror.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_gai_strerror.html b/lib/lwres/man/lwres_gai_strerror.html
index 3308153d..eaa46b6a 100644
--- a/lib/lwres/man/lwres_gai_strerror.html
+++ b/lib/lwres/man/lwres_gai_strerror.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gai_strerror.html,v 1.5.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_gai_strerror.html,v 1.5.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gai_strerror</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>gai_strerror &#8212; print suitable error string</p>
@@ -31,13 +31,18 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<p><code class="funcdef">
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<td><code class="funcdef">
char *
-<b class="fsfunc">gai_strerror</b>(</code>int ecode<code>)</code>;</p>
+<b class="fsfunc">gai_strerror</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549408"></a><h2>DESCRIPTION</h2>
+<a name="id2543349"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_gai_strerror()</code>
returns an error message corresponding to an error code returned by
@@ -109,7 +114,7 @@ used by
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549605"></a><h2>SEE ALSO</h2>
+<a name="id2543546"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">strerror</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_getaddrinfo.3 b/lib/lwres/man/lwres_getaddrinfo.3
index 7e8bd3b1..4a88912b 100644
--- a/lib/lwres/man/lwres_getaddrinfo.3
+++ b/lib/lwres/man/lwres_getaddrinfo.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getaddrinfo.3,v 1.16.2.8 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_getaddrinfo.3,v 1.16.2.10 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_getaddrinfo
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -43,7 +43,7 @@ lwres_getaddrinfo, lwres_freeaddrinfo \- socket address structure to host and se
If the operating system does not provide a
\fBstruct addrinfo\fR, the following structure is used:
.sp
-.RS 3n
+.RS 4
.nf
struct addrinfo {
int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
@@ -82,14 +82,17 @@ is either a decimal port number or a service name as listed in
is an optional pointer to a
\fBstruct addrinfo\fR. This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use. The caller can supply the following structure elements in
\fI*hints\fR:
-.TP 3n
+.PP
\fBai_family\fR
+.RS 4
The protocol family that should be used. When
\fBai_family\fR
is set to
\fBPF_UNSPEC\fR, it means the caller will accept any protocol family supported by the operating system.
-.TP 3n
+.RE
+.PP
\fBai_socktype\fR
+.RS 4
denotes the type of socket \(em
\fBSOCK_STREAM\fR,
\fBSOCK_DGRAM\fR
@@ -98,13 +101,17 @@ or
\(em that is wanted. When
\fBai_socktype\fR
is zero the caller will accept any socket type.
-.TP 3n
+.RE
+.PP
\fBai_protocol\fR
+.RS 4
indicates which transport protocol is wanted: IPPROTO_UDP or IPPROTO_TCP. If
\fBai_protocol\fR
is zero the caller will accept any protocol.
-.TP 3n
+.RE
+.PP
\fBai_flags\fR
+.RS 4
Flag bits. If the
\fBAI_CANONNAME\fR
bit is set, a successful call to
@@ -150,6 +157,7 @@ is set to
it indicates that
\fIhostname\fR
should be treated as a numeric string defining an IPv4 or IPv6 address and no name resolution should be attempted.
+.RE
.PP
All other elements of the
\fBstruct addrinfo\fR
@@ -232,4 +240,7 @@ returns
\fBsendmsg\fR(2),
\fBsocket\fR(2).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_getaddrinfo.docbook b/lib/lwres/man/lwres_getaddrinfo.docbook
index 9b5a4efc..1b4f0cfe 100644
--- a/lib/lwres/man/lwres_getaddrinfo.docbook
+++ b/lib/lwres/man/lwres_getaddrinfo.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getaddrinfo.docbook,v 1.5.2.4 2005/05/12 21:35:21 sra Exp $ -->
+<!-- $Id: lwres_getaddrinfo.docbook,v 1.5.2.6 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_getaddrinfo.html b/lib/lwres/man/lwres_getaddrinfo.html
index e8927453..dc9f543f 100644
--- a/lib/lwres/man/lwres_getaddrinfo.html
+++ b/lib/lwres/man/lwres_getaddrinfo.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getaddrinfo.html,v 1.8.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_getaddrinfo.html,v 1.8.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getaddrinfo</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getaddrinfo, lwres_freeaddrinfo &#8212; socket address structure to host and service name</p>
@@ -52,31 +52,18 @@ int
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_freeaddrinfo</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
</div>
<p>
If the operating system does not provide a
@@ -100,7 +87,7 @@ struct addrinfo {
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549448"></a><h2>DESCRIPTION</h2>
+<a name="id2543389"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_getaddrinfo()</code>
is used to get a list of IP addresses and port numbers for host
@@ -297,7 +284,7 @@ created by a call to
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549874"></a><h2>RETURN VALUES</h2>
+<a name="id2543747"></a><h2>RETURN VALUES</h2>
<p>
<code class="function">lwres_getaddrinfo()</code>
returns zero on success or one of the error codes listed in
@@ -317,7 +304,7 @@ returns
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549912"></a><h2>SEE ALSO</h2>
+<a name="id2543785"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_gethostent.3 b/lib/lwres/man/lwres_gethostent.3
index b276e29c..55b40367 100644
--- a/lib/lwres/man/lwres_gethostent.3
+++ b/lib/lwres/man/lwres_gethostent.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gethostent.3,v 1.16.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_gethostent.3,v 1.16.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_gethostent
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -66,7 +66,7 @@ functions provided by most operating systems. They use a
which is usually defined in
\fI<namedb.h>\fR.
.sp
-.RS 3n
+.RS 4
.nf
struct hostent {
char *h_name; /* official name of host */
@@ -81,26 +81,36 @@ struct hostent {
.sp
.PP
The members of this structure are:
-.TP 3n
+.PP
\fBh_name\fR
+.RS 4
The official (canonical) name of the host.
-.TP 3n
+.RE
+.PP
\fBh_aliases\fR
+.RS 4
A NULL\-terminated array of alternate names (nicknames) for the host.
-.TP 3n
+.RE
+.PP
\fBh_addrtype\fR
+.RS 4
The type of address being returned \(em
\fBPF_INET\fR
or
\fBPF_INET6\fR.
-.TP 3n
+.RE
+.PP
\fBh_length\fR
+.RS 4
The length of the address in bytes.
-.TP 3n
+.RE
+.PP
\fBh_addr_list\fR
+.RS 4
A
\fBNULL\fR
terminated array of network addresses for the host. Host addresses are returned in network byte order.
+.RE
.PP
For backward compatibility with very old software,
\fBh_addr\fR
@@ -222,18 +232,26 @@ return NULL to indicate an error. In this case the global variable
\fBlwres_h_errno\fR
will contain one of the following error codes defined in
\fI<lwres/netdb.h>\fR:
-.TP 3n
+.PP
\fBHOST_NOT_FOUND\fR
+.RS 4
The host or address was not found.
-.TP 3n
+.RE
+.PP
\fBTRY_AGAIN\fR
+.RS 4
A recoverable error occurred, e.g., a timeout. Retrying the lookup may succeed.
-.TP 3n
+.RE
+.PP
\fBNO_RECOVERY\fR
+.RS 4
A non\-recoverable error occurred.
-.TP 3n
+.RE
+.PP
\fBNO_DATA\fR
+.RS 4
The name exists, but has no address information associated with it (or vice versa in the case of a reverse lookup). The code NO_ADDRESS is accepted as a synonym for NO_DATA for backwards compatibility.
+.RE
.PP
\fBlwres_hstrerror\fR(3 )
translates these error codes to suitable error messages.
@@ -292,4 +310,7 @@ The resolver daemon does not currently support any non\-DNS name services such a
or
\fBNIS\fR, consequently the above functions don't, either.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_gethostent.docbook b/lib/lwres/man/lwres_gethostent.docbook
index ecbc2e85..835cdd43 100644
--- a/lib/lwres/man/lwres_gethostent.docbook
+++ b/lib/lwres/man/lwres_gethostent.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gethostent.docbook,v 1.5.2.3 2005/05/13 01:21:58 marka Exp $ -->
+<!-- $Id: lwres_gethostent.docbook,v 1.5.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_gethostent.html b/lib/lwres/man/lwres_gethostent.html
index 756d0a2c..0ccba972 100644
--- a/lib/lwres/man/lwres_gethostent.html
+++ b/lib/lwres/man/lwres_gethostent.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gethostent.html,v 1.8.2.11 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_gethostent.html,v 1.8.2.14 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gethostent</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r &#8212; lightweight resolver get network host entry</p>
@@ -31,22 +31,14 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostbyname</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -58,11 +50,6 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -83,24 +70,34 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<p><code class="funcdef">
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<td><code class="funcdef">
struct hostent *
-<b class="fsfunc">lwres_gethostent</b>(</code>void<code>)</code>;</p>
-<p><code class="funcdef">
+<b class="fsfunc">lwres_gethostent</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<td><code class="funcdef">
void
-<b class="fsfunc">lwres_sethostent</b>(</code>int stayopen<code>)</code>;</p>
-<p><code class="funcdef">
+<b class="fsfunc">lwres_sethostent</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<td><code class="funcdef">
void
-<b class="fsfunc">lwres_endhostent</b>(</code>void<code>)</code>;</p>
+<b class="fsfunc">lwres_endhostent</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
<tr>
<td><code class="funcdef">
@@ -127,11 +124,6 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -172,11 +164,6 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -202,25 +189,30 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<p><code class="funcdef">
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<td><code class="funcdef">
void
-<b class="fsfunc">lwres_sethostent_r</b>(</code>int stayopen<code>)</code>;</p>
-<p><code class="funcdef">
+<b class="fsfunc">lwres_sethostent_r</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<td><code class="funcdef">
void
-<b class="fsfunc">lwres_endhostent_r</b>(</code>void<code>)</code>;</p>
+<b class="fsfunc">lwres_endhostent_r</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549606"></a><h2>DESCRIPTION</h2>
+<a name="id2543547"></a><h2>DESCRIPTION</h2>
<p>
These functions provide hostname-to-address and
address-to-hostname lookups by means of the lightweight resolver.
@@ -357,7 +349,7 @@ calls to <code class="function">lwres_gethostbyaddr_r()</code> return
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550013"></a><h2>RETURN VALUES</h2>
+<a name="id2543886"></a><h2>RETURN VALUES</h2>
<p>
The functions
<code class="function">lwres_gethostbyname()</code>,
@@ -424,7 +416,7 @@ hostent</span>. If <em class="parameter"><code>buf</code></em> was too small, b
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550173"></a><h2>SEE ALSO</h2>
+<a name="id2544046"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">gethostent</span>(3)</span>,
@@ -435,7 +427,7 @@ hostent</span>. If <em class="parameter"><code>buf</code></em> was too small, b
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2550209"></a><h2>BUGS</h2>
+<a name="id2544082"></a><h2>BUGS</h2>
<p>
<code class="function">lwres_gethostbyname()</code>,
<code class="function">lwres_gethostbyname2()</code>,
diff --git a/lib/lwres/man/lwres_getipnode.3 b/lib/lwres/man/lwres_getipnode.3
index 222cd92b..947f20f0 100644
--- a/lib/lwres/man/lwres_getipnode.3
+++ b/lib/lwres/man/lwres_getipnode.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getipnode.3,v 1.13.2.8 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_getipnode.3,v 1.13.2.10 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_getipnode
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -50,7 +50,7 @@ They use a
which is defined in
\fInamedb.h\fR:
.sp
-.RS 3n
+.RS 4
.nf
struct hostent {
char *h_name; /* official name of host */
@@ -65,26 +65,36 @@ struct hostent {
.sp
.PP
The members of this structure are:
-.TP 3n
+.PP
\fBh_name\fR
+.RS 4
The official (canonical) name of the host.
-.TP 3n
+.RE
+.PP
\fBh_aliases\fR
+.RS 4
A NULL\-terminated array of alternate names (nicknames) for the host.
-.TP 3n
+.RE
+.PP
\fBh_addrtype\fR
+.RS 4
The type of address being returned \- usually
\fBPF_INET\fR
or
\fBPF_INET6\fR.
-.TP 3n
+.RE
+.PP
\fBh_length\fR
+.RS 4
The length of the address in bytes.
-.TP 3n
+.RE
+.PP
\fBh_addr_list\fR
+.RS 4
A
\fBNULL\fR
terminated array of network addresses for the host. Host addresses are returned in network byte order.
+.RE
.PP
\fBlwres_getipnodebyname()\fR
looks up addresses of protocol family
@@ -93,26 +103,34 @@ for the hostname
\fIname\fR. The
\fIflags\fR
parameter contains ORed flag bits to specify the types of addresses that are searched for, and the types of addresses that are returned. The flag bits are:
-.TP 3n
+.PP
\fBAI_V4MAPPED\fR
+.RS 4
This is used with an
\fIaf\fR
of AF_INET6, and causes IPv4 addresses to be returned as IPv4\-mapped IPv6 addresses.
-.TP 3n
+.RE
+.PP
\fBAI_ALL\fR
+.RS 4
This is used with an
\fIaf\fR
of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped IPv6 addresses.
-.TP 3n
+.RE
+.PP
\fBAI_ADDRCONFIG\fR
+.RS 4
Only return an IPv6 or IPv4 address if here is an active network interface of that type. This is not currently implemented in the BIND 9 lightweight resolver, and the flag is ignored.
-.TP 3n
+.RE
+.PP
\fBAI_DEFAULT\fR
+.RS 4
This default sets the
\fBAI_V4MAPPED\fR
and
\fBAI_ADDRCONFIG\fR
flag bits.
+.RE
.PP
\fBlwres_getipnodebyaddr()\fR
performs a reverse lookup of address
@@ -150,18 +168,26 @@ to an appropriate error code and the function returns a
\fBNULL\fR
pointer. The error codes and their meanings are defined in
\fI<lwres/netdb.h>\fR:
-.TP 3n
+.PP
\fBHOST_NOT_FOUND\fR
+.RS 4
No such host is known.
-.TP 3n
+.RE
+.PP
\fBNO_ADDRESS\fR
+.RS 4
The server recognised the request and the name but no address is available. Another type of request to the name server for the domain might return an answer.
-.TP 3n
+.RE
+.PP
\fBTRY_AGAIN\fR
+.RS 4
A temporary and possibly transient error occurred, such as a failure of a server to respond. The request may succeed if retried.
-.TP 3n
+.RE
+.PP
\fBNO_RECOVERY\fR
+.RS 4
An unexpected failure occurred, and retrying the request is pointless.
+.RE
.PP
\fBlwres_hstrerror\fR(3 )
translates these error codes to suitable error messages.
@@ -174,4 +200,7 @@ translates these error codes to suitable error messages.
\fBlwres_getnameinfo\fR(3),
\fBlwres_hstrerror\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_getipnode.docbook b/lib/lwres/man/lwres_getipnode.docbook
index 8896f1f2..343826ce 100644
--- a/lib/lwres/man/lwres_getipnode.docbook
+++ b/lib/lwres/man/lwres_getipnode.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getipnode.docbook,v 1.4.2.5 2005/05/12 21:35:22 sra Exp $ -->
+<!-- $Id: lwres_getipnode.docbook,v 1.4.2.7 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_getipnode.html b/lib/lwres/man/lwres_getipnode.html
index 9b162872..1f7fa642 100644
--- a/lib/lwres/man/lwres_getipnode.html
+++ b/lib/lwres/man/lwres_getipnode.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getipnode.html,v 1.7.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_getipnode.html,v 1.7.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getipnode</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent &#8212; lightweight resolver nodename / address translation API</p>
@@ -52,11 +52,6 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -82,35 +77,22 @@ struct hostent *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_freehostent</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549461"></a><h2>DESCRIPTION</h2>
+<a name="id2543402"></a><h2>DESCRIPTION</h2>
<p>
These functions perform thread safe, protocol independent
nodename-to-address and address-to-nodename
@@ -251,7 +233,7 @@ structure itself.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549832"></a><h2>RETURN VALUES</h2>
+<a name="id2543637"></a><h2>RETURN VALUES</h2>
<p>
If an error occurs,
<code class="function">lwres_getipnodebyname()</code>
@@ -297,7 +279,7 @@ translates these error codes to suitable error messages.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549923"></a><h2>SEE ALSO</h2>
+<a name="id2543728"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">RFC2553</span></span>,
diff --git a/lib/lwres/man/lwres_getnameinfo.3 b/lib/lwres/man/lwres_getnameinfo.3
index 7b24ff02..1f970d02 100644
--- a/lib/lwres/man/lwres_getnameinfo.3
+++ b/lib/lwres/man/lwres_getnameinfo.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getnameinfo.3,v 1.15.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_getnameinfo.3,v 1.15.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_getnameinfo
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -68,21 +68,31 @@ bytes long. The maximum length of the service name is
The
\fIflags\fR
argument sets the following bits:
-.TP 3n
+.PP
\fBNI_NOFQDN\fR
+.RS 4
A fully qualified domain name is not required for local hosts. The local part of the fully qualified domain name is returned instead.
-.TP 3n
+.RE
+.PP
\fBNI_NUMERICHOST\fR
+.RS 4
Return the address in numeric form, as if calling inet_ntop(), instead of a host name.
-.TP 3n
+.RE
+.PP
\fBNI_NAMEREQD\fR
+.RS 4
A name is required. If the hostname cannot be found in the DNS and this flag is set, a non\-zero error code is returned. If the hostname is not found and the flag is not set, the address is returned in numeric form.
-.TP 3n
+.RE
+.PP
\fBNI_NUMERICSERV\fR
+.RS 4
The service name is returned as a digit string representing the port number.
-.TP 3n
+.RE
+.PP
\fBNI_DGRAM\fR
+.RS 4
Specifies that the service being looked up is a datagram service, and causes getservbyport() to be called with a second argument of "udp" instead of its default of "tcp". This is required for the few ports (512\-514) that have different services for UDP and TCP.
+.RE
.SH "RETURN VALUES"
.PP
\fBlwres_getnameinfo()\fR
@@ -101,4 +111,7 @@ RFC2133 fails to define what the nonzero return values of
\fBgetnameinfo\fR(3)
are.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_getnameinfo.docbook b/lib/lwres/man/lwres_getnameinfo.docbook
index 9de82fb3..09c44f0c 100644
--- a/lib/lwres/man/lwres_getnameinfo.docbook
+++ b/lib/lwres/man/lwres_getnameinfo.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getnameinfo.docbook,v 1.3.2.3 2005/05/12 21:35:23 sra Exp $ -->
+<!-- $Id: lwres_getnameinfo.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_getnameinfo.html b/lib/lwres/man/lwres_getnameinfo.html
index 2dad0d25..4b58f8fd 100644
--- a/lib/lwres/man/lwres_getnameinfo.html
+++ b/lib/lwres/man/lwres_getnameinfo.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getnameinfo.html,v 1.5.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_getnameinfo.html,v 1.5.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getnameinfo</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getnameinfo &#8212; lightweight resolver socket address structure to hostname and service name</p>
@@ -67,11 +67,6 @@ int
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -79,7 +74,7 @@ int
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549427"></a><h2>DESCRIPTION</h2>
+<a name="id2543368"></a><h2>DESCRIPTION</h2>
<p> This function is equivalent to the <span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span> function defined in RFC2133.
<code class="function">lwres_getnameinfo()</code> returns the hostname for the
<span class="type">struct sockaddr</span> <em class="parameter"><code>sa</code></em> which is
@@ -130,14 +125,14 @@ TCP.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549553"></a><h2>RETURN VALUES</h2>
+<a name="id2543494"></a><h2>RETURN VALUES</h2>
<p>
<code class="function">lwres_getnameinfo()</code>
returns 0 on success or a non-zero error code if an error occurs.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549634"></a><h2>SEE ALSO</h2>
+<a name="id2543507"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">RFC2133</span></span>,
<span class="citerefentry"><span class="refentrytitle">getservbyport</span>(3)</span>,
@@ -148,7 +143,7 @@ returns 0 on success or a non-zero error code if an error occurs.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549692"></a><h2>BUGS</h2>
+<a name="id2543565"></a><h2>BUGS</h2>
<p>
RFC2133 fails to define what the nonzero return values of
<span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span>
diff --git a/lib/lwres/man/lwres_getrrsetbyname.3 b/lib/lwres/man/lwres_getrrsetbyname.3
index b8d71cdf..114aff62 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.3
+++ b/lib/lwres/man/lwres_getrrsetbyname.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_getrrsetbyname
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Oct 18, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -42,7 +42,7 @@ lwres_getrrsetbyname, lwres_freerrset \- retrieve DNS records
.PP
The following structures are used:
.sp
-.RS 3n
+.RS 4
.nf
struct rdatainfo {
unsigned int rdi_length; /* length of data */
@@ -120,24 +120,39 @@ created by a call to
.PP
\fBlwres_getrrsetbyname()\fR
returns zero on success, and one of the following error codes if an error occurred:
-.TP 3n
+.PP
\fBERRSET_NONAME\fR
+.RS 4
the name does not exist
-.TP 3n
+.RE
+.PP
\fBERRSET_NODATA\fR
+.RS 4
the name exists, but does not have data of the desired type
-.TP 3n
+.RE
+.PP
\fBERRSET_NOMEMORY\fR
+.RS 4
memory could not be allocated
-.TP 3n
+.RE
+.PP
\fBERRSET_INVAL\fR
+.RS 4
a parameter is invalid
-.TP 3n
+.RE
+.PP
\fBERRSET_FAIL\fR
+.RS 4
other failure
-.TP 3n
+.RE
+.PP
+.RS 4
+.RE
.SH "SEE ALSO"
.PP
\fBlwres\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_getrrsetbyname.docbook b/lib/lwres/man/lwres_getrrsetbyname.docbook
index 6c496bef..53b2a692 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.docbook
+++ b/lib/lwres/man/lwres_getrrsetbyname.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getrrsetbyname.docbook,v 1.3.2.3 2005/05/12 21:35:23 sra Exp $ -->
+<!-- $Id: lwres_getrrsetbyname.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
<refentryinfo>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_getrrsetbyname.html b/lib/lwres/man/lwres_getrrsetbyname.html
index dbaa1378..77036c5a 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.html
+++ b/lib/lwres/man/lwres_getrrsetbyname.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_getrrsetbyname.html,v 1.5.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_getrrsetbyname.html,v 1.5.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getrrsetbyname</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getrrsetbyname, lwres_freerrset &#8212; retrieve DNS records</p>
@@ -57,31 +57,18 @@ int
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
-<tr>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_freerrset</b>(</code></td>
<td> </td>
<td>
<code>)</code>;</td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
-<td>
-<code>)</code>;</td>
-</tr>
-</table>
+</tr></table>
</div>
<p>
The following structures are used:
@@ -108,7 +95,7 @@ struct rrsetinfo {
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549443"></a><h2>DESCRIPTION</h2>
+<a name="id2543384"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_getrrsetbyname()</code>
gets a set of resource records associated with a
@@ -185,7 +172,7 @@ created by a call to
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549623"></a><h2>RETURN VALUES</h2>
+<a name="id2543496"></a><h2>RETURN VALUES</h2>
<p>
<code class="function">lwres_getrrsetbyname()</code>
returns zero on success, and one of the following error
@@ -221,7 +208,7 @@ other failure
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549697"></a><h2>SEE ALSO</h2>
+<a name="id2543570"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>.
</p>
diff --git a/lib/lwres/man/lwres_gnba.3 b/lib/lwres/man/lwres_gnba.3
index 5490d3f8..32f10be2 100644
--- a/lib/lwres/man/lwres_gnba.3
+++ b/lib/lwres/man/lwres_gnba.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_gnba.3,v 1.13.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_gnba.3,v 1.13.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_gnba
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -60,7 +60,7 @@ to the canonical format. This is complemented by a parse function which converts
These structures are defined in
\fIlwres/lwres.h\fR. They are shown below.
.sp
-.RS 3n
+.RS 4
.nf
#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U
typedef struct {
@@ -165,4 +165,7 @@ indicate that the packet is not a response to an earlier query.
.PP
\fBlwres_packet\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_gnba.docbook b/lib/lwres/man/lwres_gnba.docbook
index e90718d5..4c8d6758 100644
--- a/lib/lwres/man/lwres_gnba.docbook
+++ b/lib/lwres/man/lwres_gnba.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gnba.docbook,v 1.4.2.3 2005/05/12 21:35:23 sra Exp $ -->
+<!-- $Id: lwres_gnba.docbook,v 1.4.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_gnba.html b/lib/lwres/man/lwres_gnba.html
index 221277f9..363b0fa2 100644
--- a/lib/lwres/man/lwres_gnba.html
+++ b/lib/lwres/man/lwres_gnba.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_gnba.html,v 1.6.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_gnba.html,v 1.6.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gnba</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free &#8212; lightweight resolver getnamebyaddress message handling</p>
@@ -39,31 +39,25 @@
lwres_result_t
<b class="fsfunc">lwres_gnbarequest_render</b>
(</code></td>
-<td> </td>
+<td>lwres_context_t * </td>
<td>
<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td> </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
+<td>lwres_gnbarequest_t * </td>
<td>
<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td> </td>
+<td>lwres_lwpacket_t * </td>
<td>
<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td> </td>
+<td>lwres_buffer_t * </td>
<td>
<var class="pdparam">b</var><code>)</code>;</td>
</tr>
@@ -90,11 +84,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -120,11 +109,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -150,11 +134,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -171,11 +150,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -191,11 +165,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -203,7 +172,7 @@ void
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549540"></a><h2>DESCRIPTION</h2>
+<a name="id2543481"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver address-to-name lookup request and
@@ -308,7 +277,7 @@ structures is also discarded.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549733"></a><h2>RETURN VALUES</h2>
+<a name="id2543606"></a><h2>RETURN VALUES</h2>
<p>
The getnamebyaddr opcode functions
<code class="function">lwres_gnbarequest_render()</code>,
@@ -346,7 +315,7 @@ indicate that the packet is not a response to an earlier query.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549866"></a><h2>SEE ALSO</h2>
+<a name="id2543671"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>.
</p>
diff --git a/lib/lwres/man/lwres_hstrerror.3 b/lib/lwres/man/lwres_hstrerror.3
index e875c446..8ac6f423 100644
--- a/lib/lwres/man/lwres_hstrerror.3
+++ b/lib/lwres/man/lwres_hstrerror.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_hstrerror.3,v 1.13.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_hstrerror.3,v 1.13.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_hstrerror
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -54,21 +54,31 @@ for the error code stored in the global variable
\fBlwres_hstrerror()\fR
returns an appropriate string for the error code gievn by
\fIerr\fR. The values of the error codes and messages are as follows:
-.TP 3n
+.PP
\fBNETDB_SUCCESS\fR
+.RS 4
Resolver Error 0 (no error)
-.TP 3n
+.RE
+.PP
\fBHOST_NOT_FOUND\fR
+.RS 4
Unknown host
-.TP 3n
+.RE
+.PP
\fBTRY_AGAIN\fR
+.RS 4
Host name lookup failure
-.TP 3n
+.RE
+.PP
\fBNO_RECOVERY\fR
+.RS 4
Unknown server error
-.TP 3n
+.RE
+.PP
\fBNO_DATA\fR
+.RS 4
No address associated with name
+.RE
.SH "RETURN VALUES"
.PP
The string
@@ -83,4 +93,7 @@ is not a valid error code.
\fBherror\fR(3),
\fBlwres_hstrerror\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_hstrerror.docbook b/lib/lwres/man/lwres_hstrerror.docbook
index b6d619ed..99709135 100644
--- a/lib/lwres/man/lwres_hstrerror.docbook
+++ b/lib/lwres/man/lwres_hstrerror.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_hstrerror.docbook,v 1.4.2.3 2005/05/12 21:35:23 sra Exp $ -->
+<!-- $Id: lwres_hstrerror.docbook,v 1.4.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_hstrerror.html b/lib/lwres/man/lwres_hstrerror.html
index 4890e30f..e136aab4 100644
--- a/lib/lwres/man/lwres_hstrerror.html
+++ b/lib/lwres/man/lwres_hstrerror.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_hstrerror.html,v 1.5.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_hstrerror.html,v 1.5.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_hstrerror</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_herror, lwres_hstrerror &#8212; lightweight resolver error message generation</p>
@@ -31,16 +31,26 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<p><code class="funcdef">
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<td><code class="funcdef">
void
-<b class="fsfunc">lwres_herror</b>(</code>const char *s<code>)</code>;</p>
-<p><code class="funcdef">
+<b class="fsfunc">lwres_herror</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
+<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<td><code class="funcdef">
const char *
-<b class="fsfunc">lwres_hstrerror</b>(</code>int err<code>)</code>;</p>
+<b class="fsfunc">lwres_hstrerror</b>(</code></td>
+<td> </td>
+<td>
+<code>)</code>;</td>
+</tr></table>
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549424"></a><h2>DESCRIPTION</h2>
+<a name="id2543365"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_herror()</code> prints the string
<em class="parameter"><code>s</code></em> on <span class="type">stderr</span> followed by the string
@@ -79,7 +89,7 @@ the error codes and messages are as follows:
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549536"></a><h2>RETURN VALUES</h2>
+<a name="id2543477"></a><h2>RETURN VALUES</h2>
<p>
The string <span class="errorname">Unknown resolver error</span> is returned by
<code class="function">lwres_hstrerror()</code>
@@ -89,7 +99,7 @@ is not a valid error code.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549555"></a><h2>SEE ALSO</h2>
+<a name="id2543496"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">herror</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_inetntop.3 b/lib/lwres/man/lwres_inetntop.3
index f6114697..87a9b911 100644
--- a/lib/lwres/man/lwres_inetntop.3
+++ b/lib/lwres/man/lwres_inetntop.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_inetntop.3,v 1.12.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_inetntop.3,v 1.12.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_inetntop
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -71,4 +71,7 @@ is not supported.
\fBinet_ntop\fR(3),
\fBerrno\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_inetntop.docbook b/lib/lwres/man/lwres_inetntop.docbook
index 6149770d..716640cf 100644
--- a/lib/lwres/man/lwres_inetntop.docbook
+++ b/lib/lwres/man/lwres_inetntop.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_inetntop.docbook,v 1.3.2.3 2005/05/12 21:35:24 sra Exp $ -->
+<!-- $Id: lwres_inetntop.docbook,v 1.3.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_inetntop.html b/lib/lwres/man/lwres_inetntop.html
index 70f143ff..8f08a549 100644
--- a/lib/lwres/man/lwres_inetntop.html
+++ b/lib/lwres/man/lwres_inetntop.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_inetntop.html,v 1.5.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_inetntop.html,v 1.5.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_inetntop</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_net_ntop &#8212; lightweight resolver IP address presentation</p>
@@ -52,11 +52,6 @@ const char *
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -64,7 +59,7 @@ const char *
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549419"></a><h2>DESCRIPTION</h2>
+<a name="id2543361"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_net_ntop()</code> converts an IP address of
protocol family <em class="parameter"><code>af</code></em> &#8212; IPv4 or IPv6 &#8212;
@@ -80,7 +75,7 @@ ASCII representation of the address.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549452"></a><h2>RETURN VALUES</h2>
+<a name="id2543394"></a><h2>RETURN VALUES</h2>
<p>
If successful, the function returns <em class="parameter"><code>dst</code></em>:
a pointer to a string containing the presentation format of the
@@ -92,7 +87,7 @@ supported.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549483"></a><h2>SEE ALSO</h2>
+<a name="id2543425"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">RFC1884</span></span>,
<span class="citerefentry"><span class="refentrytitle">inet_ntop</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_noop.3 b/lib/lwres/man/lwres_noop.3
index 9f6219f7..bb3b427f 100644
--- a/lib/lwres/man/lwres_noop.3
+++ b/lib/lwres/man/lwres_noop.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_noop.3,v 1.14.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_noop.3,v 1.14.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_noop
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -64,7 +64,7 @@ to the canonical format. This is complemented by a parse function which converts
These structures are defined in
\fIlwres/lwres.h\fR. They are shown below.
.sp
-.RS 3n
+.RS 4
.nf
#define LWRES_OPCODE_NOOP 0x00000000U
typedef struct {
@@ -164,4 +164,7 @@ indicate that the packet is not a response to an earlier query.
.PP
\fBlwres_packet\fR(3 )
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_noop.docbook b/lib/lwres/man/lwres_noop.docbook
index 07810f8f..5f60bf16 100644
--- a/lib/lwres/man/lwres_noop.docbook
+++ b/lib/lwres/man/lwres_noop.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_noop.docbook,v 1.4.2.3 2005/05/12 21:35:24 sra Exp $ -->
+<!-- $Id: lwres_noop.docbook,v 1.4.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_noop.html b/lib/lwres/man/lwres_noop.html
index 03ce8edf..1391b783 100644
--- a/lib/lwres/man/lwres_noop.html
+++ b/lib/lwres/man/lwres_noop.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_noop.html,v 1.7.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_noop.html,v 1.7.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_noop</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free &#8212; lightweight resolver no-op message handling</p>
@@ -53,11 +53,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -83,11 +78,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -113,11 +103,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -143,11 +128,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -163,11 +143,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -183,11 +158,6 @@ void
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -195,7 +165,7 @@ void
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549528"></a><h2>DESCRIPTION</h2>
+<a name="id2543469"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver no-op request and response messages.
@@ -276,7 +246,7 @@ structures referenced via <em class="parameter"><code>structp</code></em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549797"></a><h2>RETURN VALUES</h2>
+<a name="id2543602"></a><h2>RETURN VALUES</h2>
<p>
The no-op opcode functions
<code class="function">lwres_nooprequest_render()</code>,
@@ -315,7 +285,7 @@ indicate that the packet is not a response to an earlier query.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549861"></a><h2>SEE ALSO</h2>
+<a name="id2543666"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3
)</span>
diff --git a/lib/lwres/man/lwres_packet.3 b/lib/lwres/man/lwres_packet.3
index 4f60f4d8..ebaa00a8 100644
--- a/lib/lwres/man/lwres_packet.3
+++ b/lib/lwres/man/lwres_packet.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_packet.3,v 1.15.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_packet.3,v 1.15.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_packet
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -46,7 +46,7 @@ These functions rely on a
which is defined in
\fIlwres/lwpacket.h\fR.
.sp
-.RS 3n
+.RS 4
.nf
typedef struct lwres_lwpacket lwres_lwpacket_t;
struct lwres_lwpacket {
@@ -65,45 +65,69 @@ struct lwres_lwpacket {
.sp
.PP
The elements of this structure are:
-.TP 3n
+.PP
\fBlength\fR
+.RS 4
the overall packet length, including the entire packet header. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
-.TP 3n
+.RE
+.PP
\fBversion\fR
+.RS 4
the header format. There is currently only one format,
\fBLWRES_LWPACKETVERSION_0\fR. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
-.TP 3n
+.RE
+.PP
\fBpktflags\fR
+.RS 4
library\-defined flags for this packet: for instance whether the packet is a request or a reply. Flag values can be set, but not defined by the caller. This field is filled in by the application wit the exception of the LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the lwres_gabn_*() and lwres_gnba_*() calls.
-.TP 3n
+.RE
+.PP
\fBserial\fR
+.RS 4
is set by the requestor and is returned in all replies. If two or more packets from the same source have the same serial number and are from the same source, they are assumed to be duplicates and the latter ones may be dropped. This field must be set by the application.
-.TP 3n
+.RE
+.PP
\fBopcode\fR
+.RS 4
indicates the operation. Opcodes between 0x00000000 and 0x03ffffff are reserved for use by the lightweight resolver library. Opcodes between 0x04000000 and 0xffffffff are application defined. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
-.TP 3n
+.RE
+.PP
\fBresult\fR
+.RS 4
is only valid for replies. Results between 0x04000000 and 0xffffffff are application defined. Results between 0x00000000 and 0x03ffffff are reserved for library use. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
-.TP 3n
+.RE
+.PP
\fBrecvlength\fR
+.RS 4
is the maximum buffer size that the receiver can handle on requests and the size of the buffer needed to satisfy a request when the buffer is too large for replies. This field is supplied by the application.
-.TP 3n
+.RE
+.PP
\fBauthtype\fR
+.RS 4
defines the packet level authentication that is used. Authorisation types between 0x1000 and 0xffff are application defined and types between 0x0000 and 0x0fff are reserved for library use. Currently these are not used and must be zero.
-.TP 3n
+.RE
+.PP
\fBauthlen\fR
+.RS 4
gives the length of the authentication data. Since packet authentication is currently not used, this must be zero.
+.RE
.PP
The following opcodes are currently defined:
-.TP 3n
+.PP
\fBNOOP\fR
+.RS 4
Success is always returned and the packet contents are echoed. The lwres_noop_*() functions should be used for this type.
-.TP 3n
+.RE
+.PP
\fBGETADDRSBYNAME\fR
+.RS 4
returns all known addresses for a given name. The lwres_gabn_*() functions should be used for this type.
-.TP 3n
+.RE
+.PP
\fBGETNAMEBYADDR\fR
+.RS 4
return the hostname for the given address. The lwres_gnba_*() functions should be used for this type.
+.RE
.PP
\fBlwres_lwpacket_renderheader()\fR
transfers the contents of lightweight resolver packet structure
@@ -134,4 +158,7 @@ and lightweight resolver packet
both functions return
\fBLWRES_R_UNEXPECTEDEND\fR.
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_packet.docbook b/lib/lwres/man/lwres_packet.docbook
index e6f2c409..847775c9 100644
--- a/lib/lwres/man/lwres_packet.docbook
+++ b/lib/lwres/man/lwres_packet.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_packet.docbook,v 1.6.2.3 2005/05/12 21:35:24 sra Exp $ -->
+<!-- $Id: lwres_packet.docbook,v 1.6.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_packet.html b/lib/lwres/man/lwres_packet.html
index 87c23522..d16b36f8 100644
--- a/lib/lwres/man/lwres_packet.html
+++ b/lib/lwres/man/lwres_packet.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_packet.html,v 1.8.2.13 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_packet.html,v 1.8.2.16 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_packet</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_lwpacket_renderheader, lwres_lwpacket_parseheader &#8212; lightweight resolver packet handling functions</p>
@@ -42,11 +42,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -62,11 +57,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -74,7 +64,7 @@ lwres_result_t
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549430"></a><h2>DESCRIPTION</h2>
+<a name="id2543371"></a><h2>DESCRIPTION</h2>
<p>
These functions rely on a
<span class="type">struct lwres_lwpacket</span>
@@ -212,7 +202,7 @@ buffer <em class="parameter"><code>*b</code></em> to resolver packet
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549769"></a><h2>RETURN VALUES</h2>
+<a name="id2543642"></a><h2>RETURN VALUES</h2>
<p> Successful calls to
<code class="function">lwres_lwpacket_renderheader()</code> and
<code class="function">lwres_lwpacket_parseheader()</code> return
diff --git a/lib/lwres/man/lwres_resutil.3 b/lib/lwres/man/lwres_resutil.3
index f9ac7a48..ed28499c 100644
--- a/lib/lwres/man/lwres_resutil.3
+++ b/lib/lwres/man/lwres_resutil.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwres_resutil.3,v 1.14.2.7 2006/06/29 13:02:06 marka Exp $
+.\" $Id: lwres_resutil.3,v 1.14.2.9 2007/01/30 00:10:38 marka Exp $
.\"
.hy 0
.ad l
.\" Title: lwres_resutil
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: Jun 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
@@ -74,7 +74,7 @@ use the
\fBlwres_gnbaresponse_t\fR
structure defined below:
.sp
-.RS 3n
+.RS 4
.nf
typedef struct {
lwres_uint32_t flags;
@@ -164,4 +164,7 @@ if the buffers used for sending queries and receiving replies are too small.
\fBlwres_buffer\fR(3),
\fBlwres_gabn\fR(3).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
diff --git a/lib/lwres/man/lwres_resutil.docbook b/lib/lwres/man/lwres_resutil.docbook
index 9a68c323..3b5fb1da 100644
--- a/lib/lwres/man/lwres_resutil.docbook
+++ b/lib/lwres/man/lwres_resutil.docbook
@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_resutil.docbook,v 1.5.2.3 2005/05/12 21:35:24 sra Exp $ -->
+<!-- $Id: lwres_resutil.docbook,v 1.5.2.5 2007/01/29 23:57:17 marka Exp $ -->
<refentry>
@@ -36,6 +36,7 @@
<copyright>
<year>2004</year>
<year>2005</year>
+ <year>2007</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/lib/lwres/man/lwres_resutil.html b/lib/lwres/man/lwres_resutil.html
index 568c5f0e..9604fa4e 100644
--- a/lib/lwres/man/lwres_resutil.html
+++ b/lib/lwres/man/lwres_resutil.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,15 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwres_resutil.html,v 1.8.2.12 2006/06/29 13:02:06 marka Exp $ -->
+<!-- $Id: lwres_resutil.html,v 1.8.2.15 2007/01/30 00:10:38 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_resutil</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2482688"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr &#8212; lightweight resolver utility functions</p>
@@ -47,11 +47,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -67,11 +62,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -97,11 +87,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -132,11 +117,6 @@ lwres_result_t
<tr>
<td> </td>
<td> </td>
-<td>, </td>
-</tr>
-<tr>
-<td> </td>
-<td> </td>
<td>
<code>)</code>;</td>
</tr>
@@ -144,7 +124,7 @@ lwres_result_t
</div>
</div>
<div class="refsect1" lang="en">
-<a name="id2549485"></a><h2>DESCRIPTION</h2>
+<a name="id2543427"></a><h2>DESCRIPTION</h2>
<p>
<code class="function">lwres_string_parse()</code> retrieves a DNS-encoded
string starting the current pointer of lightweight resolver buffer
@@ -220,7 +200,7 @@ is made available through <em class="parameter"><code>*structp</code></em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549693"></a><h2>RETURN VALUES</h2>
+<a name="id2543566"></a><h2>RETURN VALUES</h2>
<p>
Successful calls to
<code class="function">lwres_string_parse()</code>
@@ -264,7 +244,7 @@ small.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2549763"></a><h2>SEE ALSO</h2>
+<a name="id2543636"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">lwres_buffer</span>(3)</span>,
diff --git a/lib/lwres/win32/DLLMain.c b/lib/lwres/win32/DLLMain.c
index 0519bcae..a5596a5f 100644
--- a/lib/lwres/win32/DLLMain.c
+++ b/lib/lwres/win32/DLLMain.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,13 +15,11 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: DLLMain.c,v 1.2.2.1 2004/03/09 06:12:42 marka Exp $ */
+/* $Id: DLLMain.c,v 1.2.2.3 2007/06/18 23:45:28 tbox Exp $ */
#include <windows.h>
#include <signal.h>
-BOOL InitSockets(void);
-
/*
* Called when we enter the DLL
*/
diff --git a/lib/lwres/win32/include/lwres/platform.h b/lib/lwres/win32/include/lwres/platform.h
index 89539afc..b87a2196 100644
--- a/lib/lwres/win32/include/lwres/platform.h
+++ b/lib/lwres/win32/include/lwres/platform.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: platform.h,v 1.4.2.1 2004/03/09 06:12:44 marka Exp $ */
+/* $Id: platform.h,v 1.4.2.3 2007/06/18 23:45:28 tbox Exp $ */
#ifndef LWRES_PLATFORM_H
#define LWRES_PLATFORM_H 1
@@ -92,4 +92,11 @@ do { \
#undef close
#define close closesocket
+/*
+ * Internal to liblwres.
+ */
+void InitSockets(void);
+
+void DestroySockets(void);
+
#endif /* LWRES_PLATFORM_H */
diff --git a/lib/lwres/win32/liblwres.dsp b/lib/lwres/win32/liblwres.dsp
index 28ca2ee2..363e3095 100644
--- a/lib/lwres/win32/liblwres.dsp
+++ b/lib/lwres/win32/liblwres.dsp
@@ -174,6 +174,10 @@ SOURCE=..\lwresutil.c
# End Source File
# Begin Source File
+SOURCE=.\socket.c
+# End Source File
+# Begin Source File
+
SOURCE=.\version.c
# End Source File
# End Group
diff --git a/lib/lwres/win32/liblwres.mak b/lib/lwres/win32/liblwres.mak
index 3616cea6..0e4c8ecc 100644
--- a/lib/lwres/win32/liblwres.mak
+++ b/lib/lwres/win32/liblwres.mak
@@ -129,7 +129,9 @@ CLEAN :
-@erase "$(INTDIR)\lwres_grbn.obj"
-@erase "$(INTDIR)\lwres_noop.obj"
-@erase "$(INTDIR)\lwresutil.obj"
+ -@erase "$(INTDIR)\socket.obj"
-@erase "$(INTDIR)\vc60.idb"
+ -@erase "$(INTDIR)\socket.obj"
-@erase "$(INTDIR)\version.obj"
-@erase "$(OUTDIR)\liblwres.exp"
-@erase "$(OUTDIR)\liblwres.lib"
@@ -204,6 +206,7 @@ LINK32_OBJS= \
"$(INTDIR)\lwres_grbn.obj" \
"$(INTDIR)\lwres_noop.obj" \
"$(INTDIR)\lwresutil.obj" \
+ "$(INTDIR)\socket.obj" \
"$(INTDIR)\version.obj"
"..\..\..\Build\Release\liblwres.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
@@ -264,8 +267,12 @@ CLEAN :
-@erase "$(INTDIR)\lwres_noop.sbr"
-@erase "$(INTDIR)\lwresutil.obj"
-@erase "$(INTDIR)\lwresutil.sbr"
+ -@erase "$(INTDIR)\socket.obj"
+ -@erase "$(INTDIR)\socket.sbr"
-@erase "$(INTDIR)\vc60.idb"
-@erase "$(INTDIR)\vc60.pdb"
+ -@erase "$(INTDIR)\socket.obj"
+ -@erase "$(INTDIR)\socket.sbr"
-@erase "$(INTDIR)\version.obj"
-@erase "$(INTDIR)\version.sbr"
-@erase "$(OUTDIR)\liblwres.bsc"
@@ -370,6 +377,7 @@ LINK32_OBJS= \
"$(INTDIR)\lwres_grbn.obj" \
"$(INTDIR)\lwres_noop.obj" \
"$(INTDIR)\lwresutil.obj" \
+ "$(INTDIR)\socket.obj" \
"$(INTDIR)\version.obj"
"..\..\..\Build\Debug\liblwres.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
@@ -749,6 +757,22 @@ SOURCE=..\lwresutil.c
!ENDIF
+SOURCE=.\socket.c
+
+!IF "$(CFG)" == "liblwres - Win32 Release"
+
+
+"$(INTDIR)\socket.obj" : $(SOURCE) "$(INTDIR)"
+
+
+!ELSEIF "$(CFG)" == "liblwres - Win32 Debug"
+
+
+"$(INTDIR)\socket.obj" "$(INTDIR)\socket.sbr" : $(SOURCE) "$(INTDIR)"
+
+
+!ENDIF
+
SOURCE=.\version.c
!IF "$(CFG)" == "liblwres - Win32 Release"
diff --git a/lib/lwres/win32/socket.c b/lib/lwres/win32/socket.c
new file mode 100644
index 00000000..fdcd6d63
--- /dev/null
+++ b/lib/lwres/win32/socket.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: socket.c,v 1.3.10.2 2007/08/06 07:23:12 tbox Exp $ */
+
+#include <stdio.h>
+#include <lwres/platform.h>
+#include <Winsock2.h>
+
+void
+InitSockets(void) {
+ WORD wVersionRequested;
+ WSADATA wsaData;
+ int err;
+
+ wVersionRequested = MAKEWORD(2, 0);
+
+ err = WSAStartup( wVersionRequested, &wsaData );
+ if (err != 0) {
+ fprintf(stderr, "WSAStartup() failed: %d\n", err);
+ exit(1);
+ }
+}
+
+void
+DestroySockets(void) {
+ WSACleanup();
+}
diff --git a/make/rules.in b/make/rules.in
index e9da3063..abb41039 100644
--- a/make/rules.in
+++ b/make/rules.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: rules.in,v 1.40.2.15 2006/01/06 00:01:41 marka Exp $
+# $Id: rules.in,v 1.40.2.17 2007/01/29 23:57:17 marka Exp $
###
### Common Makefile rules for BIND 9.
@@ -190,7 +190,7 @@ INSTALL_DATA = @INSTALL_DATA@
### not to exist when not generating documentation.
###
-XSLTPROC = @XSLTPROC@ --novalid
+XSLTPROC = @XSLTPROC@ --novalid --xinclude --nonet
PERL = @PERL@
LATEX = @LATEX@
PDFLATEX = @PDFLATEX@
diff --git a/version b/version
index d15aeb45..b2fd4c53 100644
--- a/version
+++ b/version
@@ -1,10 +1,10 @@
-# $Id: version,v 1.26.2.47.4.1 2007/01/11 04:59:36 marka Exp $
+# $Id: version,v 1.26.2.49 2007/08/06 01:43:11 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
#
MAJORVER=9
MINORVER=2
-PATCHVER=8
-RELEASETYPE=
-RELEASEVER=
+PATCHVER=9
+RELEASETYPE=b
+RELEASEVER=1
diff --git a/win32utils/BuildAll.bat b/win32utils/BuildAll.bat
index d993668d..5d7ef04e 100644
--- a/win32utils/BuildAll.bat
+++ b/win32utils/BuildAll.bat
@@ -30,9 +30,6 @@ rem a future release of BIND 9 for Windows NT/2000/XP.
echo Setting up the BIND files required for the build
-rem Get and update for the latest build of the openssl library
-perl updateopenssl.pl
-
rem Setup the files
call BuildSetup.bat
@@ -75,32 +72,27 @@ cd bin
cd named\win32
nmake /nologo -f named.mak CFG="named - Win32 Release" NO_EXTERNAL_DEPS="1"
-copy ..\named.html ..\..\..\Build\Release
cd ..\..
cd rndc\win32
nmake /nologo -f rndc.mak CFG="rndc - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo -f confgen.mak CFG="rndcconfgen - Win32 Release" NO_EXTERNAL_DEPS="1"
-copy ..\*.html ..\..\..\Build\Release
cd ..\..
cd dig\win32
nmake /nologo -f dig.mak CFG="dig - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo /nologo -f host.mak CFG="host - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo -f nslookup.mak CFG="nslookup - Win32 Release" NO_EXTERNAL_DEPS="1"
-copy ..\*.html ..\..\..\Build\Release
cd ..\..
cd nsupdate\win32
nmake /nologo -f nsupdate.mak CFG="nsupdate - Win32 Release" NO_EXTERNAL_DEPS="1"
-copy ..\*.html ..\..\..\Build\Release
cd ..\..
cd check\win32
nmake /nologo -f namedcheckconf.mak CFG="namedcheckconf - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo -f namedcheckzone.mak CFG="namedcheckzone - Win32 Release" NO_EXTERNAL_DEPS="1"
-copy ..\*.html ..\..\..\Build\Release
cd ..\..
cd dnssec\win32
@@ -108,7 +100,6 @@ nmake /nologo -f keygen.mak CFG="keygen - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo -f makekeyset.mak CFG="makekeyset - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo -f signkey.mak CFG="signkey - Win32 Release" NO_EXTERNAL_DEPS="1"
nmake /nologo -f signzone.mak CFG="signzone - Win32 Release" NO_EXTERNAL_DEPS="1"
-copy ..\*.html ..\..\..\Build\Release
cd ..\..
rem This is the BIND 9 Installer
diff --git a/win32utils/BuildOpenSSL.bat b/win32utils/BuildOpenSSL.bat
new file mode 100644
index 00000000..7d597f32
--- /dev/null
+++ b/win32utils/BuildOpenSSL.bat
@@ -0,0 +1,26 @@
+echo off
+rem
+rem Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC")
+rem
+rem Permission to use, copy, modify, and distribute this software for any
+rem purpose with or without fee is hereby granted, provided that the above
+rem copyright notice and this permission notice appear in all copies.
+rem
+rem THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+rem REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+rem AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+rem INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+rem LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+rem OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+rem PERFORMANCE OF THIS SOFTWARE.
+
+rem BuildOpenSSL.bat
+rem This script copys the OpenSSL dlls into place.
+rem This script may be modified by updateopenssl.pl.
+
+echo Copying the OpenSSL DLL.
+
+copy ..\..\openssl-0.9.8d\out32dll\libeay32.dll ..\Build\Release\
+copy ..\..\openssl-0.9.8d\out32dll\libeay32.dll ..\Build\Debug\
+
+rem Done
diff --git a/win32utils/BuildSetup.bat b/win32utils/BuildSetup.bat
index 1de614a4..66ef08af 100644
--- a/win32utils/BuildSetup.bat
+++ b/win32utils/BuildSetup.bat
@@ -19,6 +19,9 @@ rem BuildSetup.bat
rem This script sets up the files necessary ready to build BIND 9.
rem This requires perl to be installed on the system.
+rem Get and update for the latest build of the openssl library
+perl updateopenssl.pl
+
rem Set up the configuration file
cd ..
copy config.h.win32 config.h
@@ -31,10 +34,6 @@ rem Generate header files for lib/dns
call dnsheadergen.bat
-echo Ensure that the OpenSSL sources are at the same level in
-echo the directory tree and is named openssl-0.9.6k-x or libdns
-echo will not build.
-
rem Make sure that the Build directories are there.
if NOT Exist ..\Build mkdir ..\Build
@@ -52,9 +51,56 @@ copy ..\doc\arm\Bv9ARM.pdf ..\Build\Release
copy ..\CHANGES ..\Build\Release
copy ..\FAQ ..\Build\Release
-echo Copying the OpenSSL DLL.
+echo Copying the standalone manual pages.
+
+copy ..\bin\named\named.html ..\Build\Release
+copy ..\bin\rndc\*.html ..\Build\Release
+copy ..\bin\dig\*.html ..\Build\Release
+copy ..\bin\nsupdate\*.html ..\Build\Release
+copy ..\bin\check\*.html ..\Build\Release
+copy ..\bin\dnssec\*.html ..\Build\Release
+
+echo Copying the migration notes.
+
+copy ..\doc\misc\migration ..\Build\Release
+copy ..\doc\misc\migration-4to9 ..\Build\Release
+
+call BuildOpenSSL.bat
+
+rem
+rem set vcredist here so that it is correctly expanded in the if body
+rem
+set vcredist=BootStrapper\Packages\vcredist_x86\vcredist_x86.exe
+
+if Defined FrameworkSDKDir (
+
+rem
+rem vcredist_x86.exe path relative to FrameworkSDKDir
+rem
+
+if Exist "%FrameworkSDKDir%\%vcredist%" (
+
+echo Copying Visual C x86 Redistributable Installer
+
+rem
+rem Use /Y so we allways have the current version of the installer.
+rem
+
+copy /Y "%FrameworkSDKDir%\%vcredist%" ..\Build\Release\
+copy /Y "%FrameworkSDKDir%\%vcredist%" ..\Build\Debug\
+
+) else (
+ echo "**** %FrameworkSDKDir%\%vcredist% not found ****"
+)
+) else (
+ echo "**** Warning FrameworkSDKDir not defined ****"
+ echo "**** Run vsvars32.bat ****"
+)
+
+echo Running Message Compiler
-copy ..\..\openssl-0.9.8d\out32dll\libeay32.dll ..\Build\Release\
-copy ..\..\openssl-0.9.8d\out32dll\libeay32.dll ..\Build\Debug
+cd ..\lib\win32\bindevt
+mc bindevt.mc
+cd ..\..\..\win32utils
rem Done
diff --git a/win32utils/readme1st.txt b/win32utils/readme1st.txt
index 8835af63..771d6dbe 100644
--- a/win32utils/readme1st.txt
+++ b/win32utils/readme1st.txt
@@ -1,12 +1,12 @@
-Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001, 2003 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-$Id: readme1st.txt,v 1.7.2.7 2004/03/09 06:12:48 marka Exp $
+$Id: readme1st.txt,v 1.7.2.9 2007/05/02 23:45:26 tbox Exp $
- Release of BIND 9.2 for Window NT/2000
+ Release of BIND 9.2 for Window 2000
-This is a maintenance release of BIND 9.2 for Window NT/2000. Only
+This is a maintenance release of BIND 9.2 for Window 2000. Only
IPv4 stacks are supported on the box running this version of BIND.
IPv6 stacks will be supported in a future release.
@@ -23,6 +23,15 @@ Unpack the kit into any convenient directory and run the BINDInstall
program. This will install the named and associated programs into
the correct directories and set up the required registry keys.
+It is important that on Windows the directory directive is used in
+the options section to tell BIND where to find the files used in
+named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
+
+e.g.
+ options {
+ directory "C:\WINDOWS\system32\dns\etc";
+ };
+
Controlling BIND
Windows NT/2000 uses the same rndc program as is used on Unix
diff --git a/win32utils/updateopenssl.pl b/win32utils/updateopenssl.pl
index cdfd0117..f5d4d1b4 100644
--- a/win32utils/updateopenssl.pl
+++ b/win32utils/updateopenssl.pl
@@ -1,6 +1,6 @@
#!/usr/bin/perl
#
-# Copyright (C) 2006 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: updateopenssl.pl,v 1.3.8.3 2006/10/11 03:38:25 marka Exp $
+# $Id: updateopenssl.pl,v 1.3.8.5 2007/08/06 07:23:12 tbox Exp $
# updateopenssl.pl
# This script locates the latest version of OpenSSL in the grandparent
@@ -25,7 +25,7 @@ $path = "..\\..\\";
# List of files that need to be updated with the actual version of the
# openssl directory
-@filelist = ("BuildSetup.bat",
+@filelist = ("BuildOpenSSL.bat",
"../lib/dns/win32/libdns.mak",
"../lib/dns/win32/libdns.dsp");
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-05 09:11:10 +0000