Update to BIND 9.4.2-P2 and adapt our dynamic select changes. OK deraadt@

9 files changed, 259 insertions, 148 deletions

diff --git a/usr.sbin/bind/bin/dig/dighost.c b/usr.sbin/bind/bin/dig/dighost.c
index 072a1912293..d51be17e36d 100644
--- a/usr.sbin/bind/bin/dig/dighost.c
+++ b/usr.sbin/bind/bin/dig/dighost.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: dighost.c,v 1.259.18.43 2007/08/28 07:19:55 tbox Exp $ */
+/* $ISC: dighost.c,v 1.259.18.43.10.3 2008/07/23 23:16:43 marka Exp $ */
 
 /*! \file
  *  \note
@@ -2213,14 +2213,15 @@ send_tcp_connect(dig_query_t *query) {
 	sockcount++;
 	debug("sockcount=%d", sockcount);
 	if (specified_source)
-		result = isc_socket_bind(query->sock, &bind_address);
+		result = isc_socket_bind(query->sock, &bind_address,
+					 ISC_SOCKET_REUSEADDRESS);
 	else {
 		if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
 		    have_ipv4)
 			isc_sockaddr_any(&bind_any);
 		else
 			isc_sockaddr_any6(&bind_any);
-		result = isc_socket_bind(query->sock, &bind_any);
+		result = isc_socket_bind(query->sock, &bind_any, 0);
 	}
 	check_result(result, "isc_socket_bind");
 	bringup_timer(query, TCP_TIMEOUT);
@@ -2267,11 +2268,12 @@ send_udp(dig_query_t *query) {
 		sockcount++;
 		debug("sockcount=%d", sockcount);
 		if (specified_source) {
-			result = isc_socket_bind(query->sock, &bind_address);
+			result = isc_socket_bind(query->sock, &bind_address,
+						 ISC_SOCKET_REUSEADDRESS);
 		} else {
 			isc_sockaddr_anyofpf(&bind_any,
 					isc_sockaddr_pf(&query->sockaddr));
-			result = isc_socket_bind(query->sock, &bind_any);
+			result = isc_socket_bind(query->sock, &bind_any, 0);
 		}
 		check_result(result, "isc_socket_bind");
 
diff --git a/usr.sbin/bind/bin/named/client.c b/usr.sbin/bind/bin/named/client.c
index 8b33a90ec55..fea48e5acef 100644
--- a/usr.sbin/bind/bin/named/client.c
+++ b/usr.sbin/bind/bin/named/client.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: client.c,v 1.219.18.28.10.1 2008/05/22 21:28:04 each Exp $ */
+/* $ISC: client.c,v 1.219.18.28.10.2 2008/07/23 07:28:54 tbox Exp $ */
 
 #include <config.h>
 
diff --git a/usr.sbin/bind/bin/named/config.c b/usr.sbin/bind/bin/named/config.c
index 26eb791b0a7..28f5e74ce34 100644
--- a/usr.sbin/bind/bin/named/config.c
+++ b/usr.sbin/bind/bin/named/config.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: config.c,v 1.47.18.32 2007/09/13 05:04:01 each Exp $ */
+/* $ISC: config.c,v 1.47.18.32.10.3 2008/07/23 23:48:17 tbox Exp $ */
 
 /*! \file */
 
@@ -52,7 +52,7 @@ options {\n\
 #ifndef WIN32
 "	coresize default;\n\
 	datasize default;\n\
-	files default;\n\
+	files unlimited;\n\
 	stacksize default;\n"
 #endif
 "	deallocate-on-exit true;\n\
@@ -99,6 +99,7 @@ options {\n\
 	use-ixfr true;\n\
 	edns-udp-size 4096;\n\
 	max-udp-size 4096;\n\
+	reserved-sockets 512;\n\
 \n\
 	/* view */\n\
 	allow-notify {none;};\n\
diff --git a/usr.sbin/bind/bin/named/controlconf.c b/usr.sbin/bind/bin/named/controlconf.c
index 68f9a1eecfa..4001a8b19da 100644
--- a/usr.sbin/bind/bin/named/controlconf.c
+++ b/usr.sbin/bind/bin/named/controlconf.c
@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: controlconf.c,v 1.40.18.10 2006/12/07 04:53:02 marka Exp $ */
+/* $ISC: controlconf.c,v 1.40.18.10.40.3 2008/07/23 23:16:43 marka Exp $ */
 
 /*! \file */
 
@@ -1151,8 +1151,8 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 					   type, &listener->sock);
 
 	if (result == ISC_R_SUCCESS)
-		result = isc_socket_bind(listener->sock,
-					 &listener->address);
+		result = isc_socket_bind(listener->sock, &listener->address,
+					 ISC_SOCKET_REUSEADDRESS);
 
 	if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
 		listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,
diff --git a/usr.sbin/bind/bin/named/interfacemgr.c b/usr.sbin/bind/bin/named/interfacemgr.c
index 7686f06a840..46699cbcfc5 100644
--- a/usr.sbin/bind/bin/named/interfacemgr.c
+++ b/usr.sbin/bind/bin/named/interfacemgr.c
@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: interfacemgr.c,v 1.76.18.8 2006/07/20 01:10:30 marka Exp $ */
+/* $ISC: interfacemgr.c,v 1.76.18.8.44.3 2008/07/23 23:16:43 marka Exp $ */
 
 /*! \file */
 
@@ -306,7 +306,8 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
 #ifndef ISC_ALLOW_MAPPED
 	isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE);
 #endif
-	result = isc_socket_bind(ifp->tcpsocket, &ifp->addr);
+	result = isc_socket_bind(ifp->tcpsocket, &ifp->addr,
+				 ISC_SOCKET_REUSEADDRESS);
 	if (result != ISC_R_SUCCESS) {
 		isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
 				 "binding TCP socket: %s",
diff --git a/usr.sbin/bind/bin/named/lwresd.c b/usr.sbin/bind/bin/named/lwresd.c
index a27b2890c2d..6f991030802 100644
--- a/usr.sbin/bind/bin/named/lwresd.c
+++ b/usr.sbin/bind/bin/named/lwresd.c
@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: lwresd.c,v 1.46.18.7 2006/03/02 00:37:21 marka Exp $ */
+/* $ISC: lwresd.c,v 1.46.18.7.52.3 2008/07/23 23:16:43 marka Exp $ */
 
 /*! \file 
  * \brief
@@ -576,7 +576,8 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
 		return (result);
 	}
 
-	result = isc_socket_bind(sock, &listener->address);
+	result = isc_socket_bind(sock, &listener->address,
+				 ISC_SOCKET_REUSEADDRESS);
 	if (result != ISC_R_SUCCESS) {
 		char socktext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(&listener->address, socktext,
diff --git a/usr.sbin/bind/bin/named/named.conf.docbook b/usr.sbin/bind/bin/named/named.conf.docbook
index 51c8b9b0461..924c67018c1 100644
--- a/usr.sbin/bind/bin/named/named.conf.docbook
+++ b/usr.sbin/bind/bin/named/named.conf.docbook
@@ -1,8 +1,10 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -15,8 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: named.conf.docbook,v 1.1.4.1 2004/08/20 22:02:38 marka Exp $ -->
-
+<!-- $ISC: named.conf.docbook,v 1.1.2.29.12.2 2008/07/23 23:48:17 tbox Exp $ -->
 <refentry>
   <refentryinfo>
     <date>Aug 13, 2004</date>
@@ -33,6 +34,17 @@
     <refpurpose>configuration file for named</refpurpose>
   </refnamediv>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <year>2007</year>
+      <year>2008</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+  </docinfo>
+
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>named.conf</command>
@@ -41,58 +53,60 @@
 
   <refsect1>
     <title>DESCRIPTION</title>
-    <para>
-	<filename>named.conf</filename> is the configuration file for
-	<command>named</command>.  Statements are enclosed
-	in braces and terminated with a semi-colon.  Clauses in
-	the statements are also semi-colon terminated.  The usual
-	comment styles are supported:
+    <para><filename>named.conf</filename> is the configuration file
+      for
+      <command>named</command>.  Statements are enclosed
+      in braces and terminated with a semi-colon.  Clauses in
+      the statements are also semi-colon terminated.  The usual
+      comment styles are supported:
     </para>
     <para>
-	C style: /* */
+      C style: /* */
     </para>
     <para>
-	C++ style: // to end of line
+      C++ style: // to end of line
     </para>
     <para>
-	Unix style: # to end of line
+      Unix style: # to end of line
     </para>
   </refsect1>
 
-<refsect1>
-<title>ACL</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>ACL</title>
+    <literallayout>
 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
 
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>KEY</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>KEY</title>
+    <literallayout>
 key <replaceable>domain_name</replaceable> {
 	algorithm <replaceable>string</replaceable>;
 	secret <replaceable>string</replaceable>;
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>MASTERS</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>MASTERS</title>
+    <literallayout>
 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
 	( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
 	<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>SERVER</title>
-<LITERALLAYOUT>
-server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) {
+  <refsect1>
+    <title>SERVER</title>
+    <literallayout>
+server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
 	bogus <replaceable>boolean</replaceable>;
 	edns <replaceable>boolean</replaceable>;
+	edns-udp-size <replaceable>integer</replaceable>;
+	max-udp-size <replaceable>integer</replaceable>;
 	provide-ixfr <replaceable>boolean</replaceable>;
 	request-ixfr <replaceable>boolean</replaceable>;
 	keys <replaceable>server_key</replaceable>;
@@ -105,21 +119,21 @@ server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</re
 
 	support-ixfr <replaceable>boolean</replaceable>; // obsolete
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>TRUSTED-KEYS</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>TRUSTED-KEYS</title>
+    <literallayout>
 trusted-keys {
 	<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>CONTROLS</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>CONTROLS</title>
+    <literallayout>
 controls {
 	inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
 		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
@@ -127,12 +141,12 @@ controls {
 		<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
 	unix <replaceable>unsupported</replaceable>; // not implemented
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>LOGGING</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>LOGGING</title>
+    <literallayout>
 logging {
 	channel <replaceable>string</replaceable> {
 		file <replaceable>log_file</replaceable>;
@@ -146,12 +160,12 @@ logging {
 	};
 	category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>LWRES</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>LWRES</title>
+    <literallayout>
 lwres {
 	listen-on <optional> port <replaceable>integer</replaceable> </optional> {
 		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
@@ -160,12 +174,12 @@ lwres {
 	search { <replaceable>string</replaceable>; ... };
 	ndots <replaceable>integer</replaceable>;
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>OPTIONS</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>OPTIONS</title>
+    <literallayout>
 options {
 	avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
 	avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
@@ -177,6 +191,7 @@ options {
 	files <replaceable>size</replaceable>;
 	heartbeat-interval <replaceable>integer</replaceable>;
 	host-statistics <replaceable>boolean</replaceable>; // not implemented
+	host-statistics-max <replaceable>number</replaceable>; // not implemented
 	hostname ( <replaceable>quoted_string</replaceable> | none );
 	interface-interval <replaceable>integer</replaceable>;
 	listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
@@ -187,6 +202,7 @@ options {
 	port <replaceable>integer</replaceable>;
 	querylog <replaceable>boolean</replaceable>;
 	recursing-file <replaceable>quoted_string</replaceable>;
+	reserved-sockets <replaceable>integer</replaceable>;
 	random-device <replaceable>quoted_string</replaceable>;
 	recursive-clients <replaceable>integer</replaceable>;
 	serial-query-rate <replaceable>integer</replaceable>;
@@ -219,8 +235,8 @@ options {
 	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
 	additional-from-auth <replaceable>boolean</replaceable>;
 	additional-from-cache <replaceable>boolean</replaceable>;
-	query-source <replaceable>querysource4</replaceable>;
-	query-source-v6 <replaceable>querysource6</replaceable>;
+	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	cleaning-interval <replaceable>integer</replaceable>;
 	min-roots <replaceable>integer</replaceable>; // not implemented
 	lame-ttl <replaceable>integer</replaceable>;
@@ -228,33 +244,53 @@ options {
 	max-cache-ttl <replaceable>integer</replaceable>;
 	transfer-format ( many-answers | one-answer );
 	max-cache-size <replaceable>size_no_default</replaceable>;
+	max-acache-size <replaceable>size_no_default</replaceable>;
+	clients-per-query <replaceable>number</replaceable>;
+	max-clients-per-query <replaceable>number</replaceable>;
 	check-names ( master | slave | response )
 		( fail | warn | ignore );
-	cache-file <replaceable>quoted_string</replaceable>;
+	check-mx ( fail | warn | ignore );
+	check-integrity <replaceable>boolean</replaceable>;
+	check-mx-cname ( fail | warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
+	cache-file <replaceable>quoted_string</replaceable>; // test option
 	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
 	preferred-glue <replaceable>string</replaceable>;
 	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
 		( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
 		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
 		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
-	}
+	};
 	edns-udp-size <replaceable>integer</replaceable>;
+	max-udp-size <replaceable>integer</replaceable>;
 	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
 	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
 	dnssec-enable <replaceable>boolean</replaceable>;
+	dnssec-validation <replaceable>boolean</replaceable>;
 	dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
 	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+	dnssec-accept-expired <replaceable>boolean</replaceable>;
+
+	empty-server <replaceable>string</replaceable>;
+	empty-contact <replaceable>string</replaceable>;
+	empty-zones-enable <replaceable>boolean</replaceable>;
+	disable-empty-zone <replaceable>string</replaceable>;
 
 	dialup <replaceable>dialuptype</replaceable>;
 	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
 
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
+	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+	update-check-ksk <replaceable>boolean</replaceable>;
 
+	masterfile-format ( text | raw );
 	notify <replaceable>notifytype</replaceable>;
 	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	notify-delay <replaceable>seconds</replaceable>;
 	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
 		<optional> port <replaceable>integer</replaceable> </optional>; ... };
 	allow-notify { <replaceable>address_match_element</replaceable>; ... };
@@ -289,6 +325,8 @@ options {
 
 	zone-statistics <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
+	zero-no-soa-ttl <replaceable>boolean</replaceable>;
+	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
 
 	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
 	deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
@@ -303,12 +341,12 @@ options {
 	treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
 	use-id-pool <replaceable>boolean</replaceable>; // obsolete
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>VIEW</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>VIEW</title>
+    <literallayout>
 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
 	match-clients { <replaceable>address_match_element</replaceable>; ... };
 	match-destinations { <replaceable>address_match_element</replaceable>; ... };
@@ -323,7 +361,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 		...
 	};
 
-	server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) {
+	server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
 		...
 	};
 
@@ -346,8 +384,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
 	additional-from-auth <replaceable>boolean</replaceable>;
 	additional-from-cache <replaceable>boolean</replaceable>;
-	query-source <replaceable>querysource4</replaceable>;
-	query-source-v6 <replaceable>querysource6</replaceable>;
+	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	cleaning-interval <replaceable>integer</replaceable>;
 	min-roots <replaceable>integer</replaceable>; // not implemented
 	lame-ttl <replaceable>integer</replaceable>;
@@ -355,9 +393,16 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	max-cache-ttl <replaceable>integer</replaceable>;
 	transfer-format ( many-answers | one-answer );
 	max-cache-size <replaceable>size_no_default</replaceable>;
+	max-acache-size <replaceable>size_no_default</replaceable>;
+	clients-per-query <replaceable>number</replaceable>;
+	max-clients-per-query <replaceable>number</replaceable>;
 	check-names ( master | slave | response )
 		( fail | warn | ignore );
-	cache-file <replaceable>quoted_string</replaceable>;
+	check-mx ( fail | warn | ignore );
+	check-integrity <replaceable>boolean</replaceable>;
+	check-mx-cname ( fail | warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
+	cache-file <replaceable>quoted_string</replaceable>; // test option
 	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
 	preferred-glue <replaceable>string</replaceable>;
 	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
@@ -366,22 +411,35 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
 	};
 	edns-udp-size <replaceable>integer</replaceable>;
+	max-udp-size <replaceable>integer</replaceable>;
 	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
 	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
 	dnssec-enable <replaceable>boolean</replaceable>;
+	dnssec-validation <replaceable>boolean</replaceable>;
 	dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
-
 	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+	dnssec-accept-expired <replaceable>boolean</replaceable>;
+
+	empty-server <replaceable>string</replaceable>;
+	empty-contact <replaceable>string</replaceable>;
+	empty-zones-enable <replaceable>boolean</replaceable>;
+	disable-empty-zone <replaceable>string</replaceable>;
+
 	dialup <replaceable>dialuptype</replaceable>;
 	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
 
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
+	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+	update-check-ksk <replaceable>boolean</replaceable>;
 
+	masterfile-format ( text | raw );
 	notify <replaceable>notifytype</replaceable>;
 	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	notify-delay <replaceable>seconds</replaceable>;
 	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
 		<optional> port <replaceable>integer</replaceable> </optional>; ... };
 	allow-notify { <replaceable>address_match_element</replaceable>; ... };
@@ -416,18 +474,20 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 
 	zone-statistics <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
+	zero-no-soa-ttl <replaceable>boolean</replaceable>;
+	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
 
 	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
 	fetch-glue <replaceable>boolean</replaceable>; // obsolete
 	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
 	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
 };
-</LITERALLAYOUT>
-</refsect1>
+</literallayout>
+  </refsect1>
 
-<refsect1>
-<title>ZONE</title>
-<LITERALLAYOUT>
+  <refsect1>
+    <title>ZONE</title>
+    <literallayout>
 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
 	type ( master | slave | stub | hint |
 		forward | delegation-only );
@@ -442,8 +502,14 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	database <replaceable>string</replaceable>;
 	delegation-only <replaceable>boolean</replaceable>;
 	check-names ( fail | warn | ignore );
+	check-mx ( fail | warn | ignore );
+	check-integrity <replaceable>boolean</replaceable>;
+	check-mx-cname ( fail | warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
 	dialup <replaceable>dialuptype</replaceable>;
 	ixfr-from-differences <replaceable>boolean</replaceable>;
+	journal <replaceable>quoted_string</replaceable>;
+	zero-no-soa-ttl <replaceable>boolean</replaceable>;
 
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
@@ -454,10 +520,13 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 		( name | subdomain | wildcard | self ) <replaceable>string</replaceable>
 		<replaceable>rrtypelist</replaceable>; ...
 	};
+	update-check-ksk <replaceable>boolean</replaceable>;
 
+	masterfile-format ( text | raw );
 	notify <replaceable>notifytype</replaceable>;
 	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	notify-delay <replaceable>seconds</replaceable>;
 	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
 		<optional> port <replaceable>integer</replaceable> </optional>; ... };
 	allow-notify { <replaceable>address_match_element</replaceable>; ... };
@@ -499,33 +568,31 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
 	pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
 };
-</LITERALLAYOUT>
-</refsect1>
-
-<refsect1>
-<title>FILES</title>
-<para>
-<filename>/etc/named.conf</filename>
-</para>
-</refsect1>
-
-<refsect1>
-<title>SEE ALSO</title>
-<para>
-<citerefentry>
-<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-</citerefentry>,
-<citerefentry>
-<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
-</citerefentry>,
-<citerefentry>
-<refentrytitle>BIND 9 Adminstrators Reference Manual</refentrytitle>
-</citerefentry>.
-</para>
-</refsect1>
-
-</refentry>
-<!--
+</literallayout>
+  </refsect1>
+
+  <refsect1>
+    <title>FILES</title>
+    <para><filename>/etc/named.conf</filename>
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para><citerefentry>
+        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+    </para>
+  </refsect1>
+
+</refentry><!--
  - Local variables:
  - mode: sgml
  - End:
diff --git a/usr.sbin/bind/bin/named/server.c b/usr.sbin/bind/bin/named/server.c
index fb4e1c0895d..57c30619d73 100644
--- a/usr.sbin/bind/bin/named/server.c
+++ b/usr.sbin/bind/bin/named/server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: server.c,v 1.419.18.57.10.1 2008/05/22 21:28:04 each Exp $ */
+/* $ISC: server.c,v 1.419.18.57.10.3 2008/07/23 12:04:32 marka Exp $ */
 
 /*! \file */
 
@@ -2696,27 +2696,29 @@ static isc_result_t
 load_configuration(const char *filename, ns_server_t *server,
 		   isc_boolean_t first_time)
 {
-	isc_result_t result;
-	isc_interval_t interval;
-	cfg_parser_t *parser = NULL;
+	cfg_aclconfctx_t aclconfctx;
 	cfg_obj_t *config;
-	const cfg_obj_t *options;
-	const cfg_obj_t *views;
+	cfg_parser_t *parser = NULL;
+	const cfg_listelt_t *element;
+	const cfg_obj_t *builtin_views;
+	const cfg_obj_t *maps[3];
 	const cfg_obj_t *obj;
+	const cfg_obj_t *options;
 	const cfg_obj_t *v4ports, *v6ports;
-	const cfg_obj_t *maps[3];
-	const cfg_obj_t *builtin_views;
-	const cfg_listelt_t *element;
+	const cfg_obj_t *views;
 	dns_view_t *view = NULL;
 	dns_view_t *view_next;
-	dns_viewlist_t viewlist;
 	dns_viewlist_t tmpviewlist;
-	cfg_aclconfctx_t aclconfctx;
-	isc_uint32_t interface_interval;
-	isc_uint32_t heartbeat_interval;
-	isc_uint32_t udpsize;
+	dns_viewlist_t viewlist;
 	in_port_t listen_port;
 	int i;
+	isc_interval_t interval;
+	isc_resourcevalue_t files;
+	isc_result_t result;
+	isc_uint32_t heartbeat_interval;
+	isc_uint32_t interface_interval;
+	isc_uint32_t reserved;
+	isc_uint32_t udpsize;
 
 	cfg_aclconfctx_init(&aclconfctx);
 	ISC_LIST_INIT(viewlist);
@@ -2797,6 +2799,43 @@ load_configuration(const char *filename, ns_server_t *server,
 	set_limits(maps);
 
 	/*
+	 * Sanity check on "files" limit.
+	 */
+	result = isc_resource_curlimit(isc_resource_openfiles, &files);
+	if (result == ISC_R_SUCCESS && files < FD_SETSIZE) {
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+			      "the 'files' limit (%" ISC_PRINT_QUADFORMAT "u) "
+			      "is less than FD_SETSIZE (%d), increase "
+			      "'files' in named.conf or recompile with a "
+			      "smaller FD_SETSIZE.", files, FD_SETSIZE);
+		if (files > FD_SETSIZE)
+			files = FD_SETSIZE;
+	} else
+		files = FD_SETSIZE;
+
+	/*
+	 * Set the number of socket reserved for TCP, stdio etc.
+	 */
+	obj = NULL;
+	result = ns_config_get(maps, "reserved-sockets", &obj);
+	INSIST(result == ISC_R_SUCCESS);
+	reserved = cfg_obj_asuint32(obj);
+	if (files < 128U)			/* Prevent underflow. */
+		reserved = 0;
+	else if (reserved > files - 128U)	/* Mimimum UDP space. */
+		reserved = files - 128;
+	if (reserved < 128U)			/* Mimimum TCP/stdio space. */
+		reserved = 128;
+	if (reserved + 128U > files) {
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+                              NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+			      "less than 128 UDP sockets available after "
+			      "applying 'reserved-sockets' and 'files'");
+	}
+	isc__socketmgr_setreserved(ns_g_socketmgr, reserved);
+	
+	/*
 	 * Configure various server options.
 	 */
 	configure_server_quota(maps, "transfers-out", &server->xfroutquota);
diff --git a/usr.sbin/bind/bin/rndc/rndc.c b/usr.sbin/bind/bin/rndc/rndc.c
index 6bb87e66f93..79f711b9d41 100644
--- a/usr.sbin/bind/bin/rndc/rndc.c
+++ b/usr.sbin/bind/bin/rndc/rndc.c
@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: rndc.c,v 1.96.18.17 2006/08/04 03:03:41 marka Exp $ */
+/* $ISC: rndc.c,v 1.96.18.17.42.3 2008/07/23 23:16:43 marka Exp $ */
 
 /*! \file */
 
@@ -400,10 +400,10 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
 	DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
 	switch (isc_sockaddr_pf(addr)) {
 	case AF_INET:
-		DO("bind socket", isc_socket_bind(sock, &local4));
+		DO("bind socket", isc_socket_bind(sock, &local4, 0));
 		break;
 	case AF_INET6:
-		DO("bind socket", isc_socket_bind(sock, &local6));
+		DO("bind socket", isc_socket_bind(sock, &local6, 0));
 		break;
 	default:
 		break;